devise_security_extension 0.8.0 → 0.8.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: e458bf8839d5f8355da287f265f4a2285c2c20ef
-  data.tar.gz: 363210e0cc2ae02caaf74f89727557cf971efd7d
+  metadata.gz: 8644fb0529c5a92d76808d784b6b1dd68a38ac93
+  data.tar.gz: a33c5e7c615b4ac80155ff5aee193b60b110f90a
 SHA512:
-  metadata.gz: a5dedc51cc6c3625152d3b2836103c5f2d4581322402be436e8aae13dce95818d04c46d9900c1a9a4c3b5a987b140f0719df6ce9d477237097f107e6674fc65c
-  data.tar.gz: 98219b8cd14bc7265cc63a2d52cfba5bdaea28a17b9854999d7fc4b0d44ce2e127f572401cbc07b7060d2d519834fca5dfe1d76fa2973db7f9fcc88b8fea6600
+  metadata.gz: a8a9c9dcdbf99cec36d957dc9055c37320e1dd2494ff17ed13649cefa1595ec451d3bbff22120a6cba1ba2be778e08172b445c3a59d4968fc8b0eb038c1244ee
+  data.tar.gz: d8f72b81da2786190451b41f82b7835f79980c765fc6a4ecd70958e9bb296f188dd237db66681508a0f4e2fb0a1f17d96641895cf432fdb11af03fffcd24f192

data/Gemfile

@@ -1,15 +1,6 @@
 source "http://rubygems.org"
+gemspec
 # Add dependencies required to use your gem here.
 # Example:
 gem "rails", ">= 3.1.1"
 gem "devise", ">= 2.0.0"
-
-# Add dependencies to develop your gem here.
-# Include everything needed to run rake, tests, features, etc.
-group :development do
-  gem "rails_email_validator"
-  gem "easy_captcha"
-  gem "bundler", ">= 1.0.0"
-  gem "jeweler", "~> 2.0.1"
-#  gem "rcov", ">= 0"
-end

data/Gemfile.lock

@@ -1,3 +1,11 @@
+PATH
+  remote: .
+  specs:
+    devise_security_extension (0.8.1)
+      devise (>= 2.0.0)
+      devise_security_extension
+      rails (>= 3.1.1)
+
 GEM
   remote: http://rubygems.org/
   specs:
@@ -141,6 +149,7 @@ GEM
       actionpack (>= 3.0)
       activesupport (>= 3.0)
       sprockets (~> 2.8)
+    sqlite3 (1.3.9)
     thor (0.18.1)
     thread_safe (0.1.3)
       atomic
@@ -159,7 +168,9 @@ PLATFORMS
 DEPENDENCIES
   bundler (>= 1.0.0)
   devise (>= 2.0.0)
+  devise_security_extension!
   easy_captcha
   jeweler (~> 2.0.1)
   rails (>= 3.1.1)
   rails_email_validator
+  sqlite3

data/VERSION

@@ -1 +1 @@
-0.8.0
+0.8.1

data/app/controllers/devise/password_expired_controller.rb

@@ -12,7 +12,7 @@ class Devise::PasswordExpiredController < DeviseController
 
   def update
     if resource.update_with_password(resource_params)
-      warden.session(scope)[:password_expired] = false
+      warden.session(scope)['password_expired'] = false
       set_flash_message :notice, :updated
       sign_in scope, resource, :bypass => true
       redirect_to stored_location_for(scope) || :root

data/devise_security_extension.gemspec

@@ -2,16 +2,16 @@
 # DO NOT EDIT THIS FILE DIRECTLY
 # Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
 # -*- encoding: utf-8 -*-
-# stub: devise_security_extension 0.8.0 ruby lib
+# stub: devise_security_extension 0.8.1 ruby lib
 
 Gem::Specification.new do |s|
   s.name = "devise_security_extension"
-  s.version = "0.8.0"
+  s.version = "0.8.1"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.require_paths = ["lib"]
   s.authors = ["Marco Scholl", "Alexander Dreher"]
-  s.date = "2014-01-31"
+  s.date = "2015-03-10"
   s.description = "An enterprise security extension for devise, trying to meet industrial standard security demands for web applications."
   s.email = "team@phatworx.de"
   s.extra_rdoc_files = [
@@ -58,39 +58,56 @@ Gem::Specification.new do |s|
     "lib/devise_security_extension/routes.rb",
     "lib/devise_security_extension/schema.rb",
     "lib/generators/devise_security_extension/install_generator.rb",
+    "test/dummy/app/models/.gitkeep",
+    "test/dummy/app/models/user.rb",
+    "test/dummy/config.ru",
+    "test/dummy/config/application.rb",
+    "test/dummy/config/boot.rb",
+    "test/dummy/config/database.yml",
+    "test/dummy/config/environment.rb",
+    "test/dummy/config/environments/test.rb",
+    "test/dummy/config/initializers/devise.rb",
+    "test/dummy/db/migrate/20120508165529_create_tables.rb",
     "test/helper.rb",
-    "test/test_devise_security_extension.rb"
+    "test/test_devise_security_extension.rb",
+    "test/test_password_archivable.rb"
   ]
   s.homepage = "http://github.com/phatworx/devise_security_extension"
   s.licenses = ["MIT"]
-  s.rubygems_version = "2.2.1"
+  s.rubygems_version = "2.2.2"
   s.summary = "Security extension for devise"
 
   if s.respond_to? :specification_version then
     s.specification_version = 4
 
     if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
+      s.add_runtime_dependency(%q<devise_security_extension>, [">= 0"])
       s.add_runtime_dependency(%q<rails>, [">= 3.1.1"])
       s.add_runtime_dependency(%q<devise>, [">= 2.0.0"])
       s.add_development_dependency(%q<rails_email_validator>, [">= 0"])
       s.add_development_dependency(%q<easy_captcha>, [">= 0"])
       s.add_development_dependency(%q<bundler>, [">= 1.0.0"])
       s.add_development_dependency(%q<jeweler>, ["~> 2.0.1"])
+      s.add_development_dependency(%q<sqlite3>, [">= 0"])
     else
+      s.add_dependency(%q<devise_security_extension>, [">= 0"])
       s.add_dependency(%q<rails>, [">= 3.1.1"])
       s.add_dependency(%q<devise>, [">= 2.0.0"])
       s.add_dependency(%q<rails_email_validator>, [">= 0"])
       s.add_dependency(%q<easy_captcha>, [">= 0"])
       s.add_dependency(%q<bundler>, [">= 1.0.0"])
       s.add_dependency(%q<jeweler>, ["~> 2.0.1"])
+      s.add_dependency(%q<sqlite3>, [">= 0"])
     end
   else
+    s.add_dependency(%q<devise_security_extension>, [">= 0"])
     s.add_dependency(%q<rails>, [">= 3.1.1"])
     s.add_dependency(%q<devise>, [">= 2.0.0"])
     s.add_dependency(%q<rails_email_validator>, [">= 0"])
     s.add_dependency(%q<easy_captcha>, [">= 0"])
     s.add_dependency(%q<bundler>, [">= 1.0.0"])
     s.add_dependency(%q<jeweler>, ["~> 2.0.1"])
+    s.add_dependency(%q<sqlite3>, [">= 0"])
   end
 end
 

data/lib/devise_security_extension.rb

@@ -1,5 +1,4 @@
-#require 'rails/all'
-require 'active_record/connection_adapters/abstract/schema_definitions'
+require 'active_record'
 require 'active_support/core_ext/integer'
 require 'active_support/ordered_hash'
 require 'active_support/concern'

data/lib/devise_security_extension/controllers/helpers.rb

@@ -28,7 +28,7 @@ module DeviseSecurityExtension
         def handle_password_change
           if not devise_controller? and not ignore_password_expire? and not request.format.nil? and request.format.html?
             Devise.mappings.keys.flatten.any? do |scope|
-              if signed_in?(scope) and warden.session(scope)[:password_expired]
+              if signed_in?(scope) and warden.session(scope)['password_expired']
                 session["#{scope}_return_to"] = request.path if request.get?
                 redirect_for_password_change scope
                 return

data/lib/devise_security_extension/hooks/password_expirable.rb

@@ -1,5 +1,5 @@
 Warden::Manager.after_authentication do |record, warden, options|
   if record.respond_to?(:need_change_password?)
-    warden.session(options[:scope])[:password_expired] = record.need_change_password?
+    warden.session(options[:scope])['password_expired'] = record.need_change_password?
   end
 end

data/lib/devise_security_extension/models/old_password.rb

@@ -1,3 +1,4 @@
+require 'active_record'
 class OldPassword < ActiveRecord::Base
   belongs_to :password_archivable, :polymorphic => true
 end

data/lib/devise_security_extension/models/password_archivable.rb

@@ -18,8 +18,8 @@ module Devise
       # validate is the password used in the past
       def password_archive_included?
         unless self.class.deny_old_passwords.is_a? Fixnum
-          if self.class.deny_old_passwords.is_a? TrueClass and self.class.password_archiving_count > 0
-            self.class.deny_old_passwords = self.class.password_archiving_count
+          if self.class.deny_old_passwords.is_a? TrueClass and archive_count > 0
+            self.class.deny_old_passwords = archive_count
           else
             self.class.deny_old_passwords = 0
           end
@@ -46,12 +46,16 @@ module Devise
 
       private
 
+      def archive_count
+        self.class.password_archiving_count
+      end
+
       # archive the last password before save and delete all to old passwords from archive
       def archive_password
         if self.encrypted_password_changed?
-          if self.class.password_archiving_count.to_i > 0
+          if archive_count.to_i > 0
             self.old_passwords.create! old_password_params
-            self.old_passwords.order(:id).reverse_order.offset(self.class.password_archiving_count).destroy_all
+            self.old_passwords.order(:id).reverse_order.offset(archive_count).destroy_all
           else
             self.old_passwords.destroy_all
           end

data/test/dummy/app/models/user.rb

@@ -0,0 +1,3 @@
+class User < ActiveRecord::Base
+  devise :database_authenticatable, :password_archivable
+end

data/test/dummy/config.ru

@@ -0,0 +1,4 @@
+# This file is used by Rack-based servers to start the application.
+
+require ::File.expand_path('../config/environment',  __FILE__)
+run RailsApp::Application

data/test/dummy/config/application.rb

@@ -0,0 +1,22 @@
+require File.expand_path('../boot', __FILE__)
+
+require 'rails/all'
+
+if defined?(Bundler)
+  # If you precompile assets before deploying to production, use this line
+  Bundler.require(*Rails.groups(:assets => %w(development test)))
+  # If you want your assets lazily compiled in production, use this line
+  # Bundler.require(:default, :assets, Rails.env)
+end
+
+module RailsApp
+  class Application < Rails::Application
+    config.encoding = "utf-8"
+
+    config.filter_parameters += [:password]
+
+    config.assets.enabled = true
+
+    config.assets.version = '1.0'
+  end
+end

data/test/dummy/config/boot.rb

@@ -0,0 +1,6 @@
+require 'rubygems'
+
+# Set up gems listed in the Gemfile.
+ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../Gemfile', __FILE__)
+
+require 'bundler/setup' if File.exists?(ENV['BUNDLE_GEMFILE'])

data/test/dummy/config/database.yml

@@ -0,0 +1,7 @@
+development:
+  adapter: sqlite3
+  database: ":memory:"
+
+test:
+  adapter: sqlite3
+  database: ":memory:"

data/test/dummy/config/environment.rb

@@ -0,0 +1,5 @@
+# Load the rails application
+require File.expand_path('../application', __FILE__)
+
+# Initialize the rails application
+RailsApp::Application.initialize!

data/test/dummy/config/environments/test.rb

@@ -0,0 +1,19 @@
+RailsApp::Application.configure do
+  config.cache_classes = true
+  config.eager_load = false
+
+  config.serve_static_assets = true
+  config.static_cache_control = "public, max-age=3600"
+
+  config.consider_all_requests_local       = true
+  config.action_controller.perform_caching = false
+
+  config.action_dispatch.show_exceptions = false
+
+  config.action_controller.allow_forgery_protection    = false
+
+  config.action_mailer.delivery_method = :test
+
+  config.active_support.deprecation = :stderr
+  I18n.enforce_available_locales = false
+end

data/test/dummy/config/initializers/devise.rb

@@ -0,0 +1,9 @@
+Devise.setup do |config|
+  config.mailer_sender = "please-change-me-at-config-initializers-devise@example.com"
+
+  require 'devise/orm/active_record'
+
+  config.case_insensitive_keys = [ :email ]
+
+  config.strip_whitespace_keys = [ :email ]
+end

data/test/dummy/db/migrate/20120508165529_create_tables.rb

@@ -0,0 +1,26 @@
+class CreateTables < ActiveRecord::Migration
+  def self.up
+    create_table :users do |t|
+      t.string :username
+      t.string :facebook_token
+
+      ## Database authenticatable
+      t.string :email,              :null => false, :default => ""
+      t.string :encrypted_password, :null => false, :default => ""
+
+      t.timestamps
+    end
+
+    create_table :old_passwords do |t|
+      t.string :encrypted_password
+      t.string :password_salt
+
+      t.references :password_archivable, polymorphic: true
+    end
+  end
+
+  def self.down
+    drop_table :users
+    drop_table :old_passwords
+  end
+end

data/test/helper.rb

@@ -1,3 +1,5 @@
+ENV['RAILS_ENV'] ||= 'test'
+
 require 'rubygems'
 require 'bundler'
 begin
@@ -13,5 +15,8 @@ $LOAD_PATH.unshift(File.dirname(__FILE__))
 $LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
 require 'devise_security_extension'
 
-class Test::Unit::TestCase
-end
+require_relative 'dummy/config/environment'
+
+ActiveRecord::Migration.verbose = false
+ActiveRecord::Base.logger = Logger.new(nil)
+ActiveRecord::Migrator.migrate(File.expand_path('../dummy/db/migrate', __FILE__))

data/test/test_devise_security_extension.rb

@@ -2,6 +2,5 @@ require 'helper'
 
 class TestDeviseSecurityExtension < Test::Unit::TestCase
   def test_something_for_real
-    flunk "hey buddy, you should probably rename this file and start testing for real"
   end
 end

data/test/test_password_archivable.rb

@@ -0,0 +1,47 @@
+require 'helper'
+
+class TestPasswordArchivable < ActiveSupport::TestCase
+  setup do
+    Devise.password_archiving_count = 2
+  end
+
+  teardown do
+    Devise.password_archiving_count = 1
+  end
+
+  test "should respect maximum attempts configuration" do
+    user = User.new
+    user.password = 'password1'
+    user.password_confirmation = 'password1'
+    user.save!
+
+    user.password = 'password1'
+    user.password_confirmation = 'password1'
+    assert_raises(ActiveRecord::RecordInvalid) { user.save! }
+  end
+
+  test 'the option should be dynamic during runtime' do
+    class ::User
+      def archive_count
+        1
+      end
+    end
+
+    user = User.new
+    user.password = 'password1'
+    user.password_confirmation = 'password1'
+    user.save!
+
+    user.password = 'password2'
+    user.password_confirmation = 'password2'
+    user.save!
+
+    user.password = 'password2'
+    user.password_confirmation = 'password2'
+    assert_raises(ActiveRecord::RecordInvalid) { user.save! }
+
+    user.password = 'password1'
+    user.password_confirmation = 'password1'
+    assert_raises(ActiveRecord::RecordInvalid) { user.save! }
+  end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: devise_security_extension
 version: !ruby/object:Gem::Version
-  version: 0.8.0
+  version: 0.8.1
 platform: ruby
 authors:
 - Marco Scholl
@@ -9,8 +9,22 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-01-31 00:00:00.000000000 Z
+date: 2015-03-10 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: devise_security_extension
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rails
   requirement: !ruby/object:Gem::Requirement
@@ -95,6 +109,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: 2.0.1
+- !ruby/object:Gem::Dependency
+  name: sqlite3
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 description: An enterprise security extension for devise, trying to meet industrial
   standard security demands for web applications.
 email: team@phatworx.de
@@ -143,8 +171,19 @@ files:
 - lib/devise_security_extension/routes.rb
 - lib/devise_security_extension/schema.rb
 - lib/generators/devise_security_extension/install_generator.rb
+- test/dummy/app/models/.gitkeep
+- test/dummy/app/models/user.rb
+- test/dummy/config.ru
+- test/dummy/config/application.rb
+- test/dummy/config/boot.rb
+- test/dummy/config/database.yml
+- test/dummy/config/environment.rb
+- test/dummy/config/environments/test.rb
+- test/dummy/config/initializers/devise.rb
+- test/dummy/db/migrate/20120508165529_create_tables.rb
 - test/helper.rb
 - test/test_devise_security_extension.rb
+- test/test_password_archivable.rb
 homepage: http://github.com/phatworx/devise_security_extension
 licenses:
 - MIT
@@ -165,7 +204,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.2.1
+rubygems_version: 2.2.2
 signing_key: 
 specification_version: 4
 summary: Security extension for devise