devise_security_extension 0.8.0 → 0.8.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: e458bf8839d5f8355da287f265f4a2285c2c20ef
4
- data.tar.gz: 363210e0cc2ae02caaf74f89727557cf971efd7d
3
+ metadata.gz: 8644fb0529c5a92d76808d784b6b1dd68a38ac93
4
+ data.tar.gz: a33c5e7c615b4ac80155ff5aee193b60b110f90a
5
5
  SHA512:
6
- metadata.gz: a5dedc51cc6c3625152d3b2836103c5f2d4581322402be436e8aae13dce95818d04c46d9900c1a9a4c3b5a987b140f0719df6ce9d477237097f107e6674fc65c
7
- data.tar.gz: 98219b8cd14bc7265cc63a2d52cfba5bdaea28a17b9854999d7fc4b0d44ce2e127f572401cbc07b7060d2d519834fca5dfe1d76fa2973db7f9fcc88b8fea6600
6
+ metadata.gz: a8a9c9dcdbf99cec36d957dc9055c37320e1dd2494ff17ed13649cefa1595ec451d3bbff22120a6cba1ba2be778e08172b445c3a59d4968fc8b0eb038c1244ee
7
+ data.tar.gz: d8f72b81da2786190451b41f82b7835f79980c765fc6a4ecd70958e9bb296f188dd237db66681508a0f4e2fb0a1f17d96641895cf432fdb11af03fffcd24f192
data/Gemfile CHANGED
@@ -1,15 +1,6 @@
1
1
  source "http://rubygems.org"
2
+ gemspec
2
3
  # Add dependencies required to use your gem here.
3
4
  # Example:
4
5
  gem "rails", ">= 3.1.1"
5
6
  gem "devise", ">= 2.0.0"
6
-
7
- # Add dependencies to develop your gem here.
8
- # Include everything needed to run rake, tests, features, etc.
9
- group :development do
10
- gem "rails_email_validator"
11
- gem "easy_captcha"
12
- gem "bundler", ">= 1.0.0"
13
- gem "jeweler", "~> 2.0.1"
14
- # gem "rcov", ">= 0"
15
- end
data/Gemfile.lock CHANGED
@@ -1,3 +1,11 @@
1
+ PATH
2
+ remote: .
3
+ specs:
4
+ devise_security_extension (0.8.1)
5
+ devise (>= 2.0.0)
6
+ devise_security_extension
7
+ rails (>= 3.1.1)
8
+
1
9
  GEM
2
10
  remote: http://rubygems.org/
3
11
  specs:
@@ -141,6 +149,7 @@ GEM
141
149
  actionpack (>= 3.0)
142
150
  activesupport (>= 3.0)
143
151
  sprockets (~> 2.8)
152
+ sqlite3 (1.3.9)
144
153
  thor (0.18.1)
145
154
  thread_safe (0.1.3)
146
155
  atomic
@@ -159,7 +168,9 @@ PLATFORMS
159
168
  DEPENDENCIES
160
169
  bundler (>= 1.0.0)
161
170
  devise (>= 2.0.0)
171
+ devise_security_extension!
162
172
  easy_captcha
163
173
  jeweler (~> 2.0.1)
164
174
  rails (>= 3.1.1)
165
175
  rails_email_validator
176
+ sqlite3
data/VERSION CHANGED
@@ -1 +1 @@
1
- 0.8.0
1
+ 0.8.1
@@ -12,7 +12,7 @@ class Devise::PasswordExpiredController < DeviseController
12
12
 
13
13
  def update
14
14
  if resource.update_with_password(resource_params)
15
- warden.session(scope)[:password_expired] = false
15
+ warden.session(scope)['password_expired'] = false
16
16
  set_flash_message :notice, :updated
17
17
  sign_in scope, resource, :bypass => true
18
18
  redirect_to stored_location_for(scope) || :root
@@ -2,16 +2,16 @@
2
2
  # DO NOT EDIT THIS FILE DIRECTLY
3
3
  # Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
4
4
  # -*- encoding: utf-8 -*-
5
- # stub: devise_security_extension 0.8.0 ruby lib
5
+ # stub: devise_security_extension 0.8.1 ruby lib
6
6
 
7
7
  Gem::Specification.new do |s|
8
8
  s.name = "devise_security_extension"
9
- s.version = "0.8.0"
9
+ s.version = "0.8.1"
10
10
 
11
11
  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
12
12
  s.require_paths = ["lib"]
13
13
  s.authors = ["Marco Scholl", "Alexander Dreher"]
14
- s.date = "2014-01-31"
14
+ s.date = "2015-03-10"
15
15
  s.description = "An enterprise security extension for devise, trying to meet industrial standard security demands for web applications."
16
16
  s.email = "team@phatworx.de"
17
17
  s.extra_rdoc_files = [
@@ -58,39 +58,56 @@ Gem::Specification.new do |s|
58
58
  "lib/devise_security_extension/routes.rb",
59
59
  "lib/devise_security_extension/schema.rb",
60
60
  "lib/generators/devise_security_extension/install_generator.rb",
61
+ "test/dummy/app/models/.gitkeep",
62
+ "test/dummy/app/models/user.rb",
63
+ "test/dummy/config.ru",
64
+ "test/dummy/config/application.rb",
65
+ "test/dummy/config/boot.rb",
66
+ "test/dummy/config/database.yml",
67
+ "test/dummy/config/environment.rb",
68
+ "test/dummy/config/environments/test.rb",
69
+ "test/dummy/config/initializers/devise.rb",
70
+ "test/dummy/db/migrate/20120508165529_create_tables.rb",
61
71
  "test/helper.rb",
62
- "test/test_devise_security_extension.rb"
72
+ "test/test_devise_security_extension.rb",
73
+ "test/test_password_archivable.rb"
63
74
  ]
64
75
  s.homepage = "http://github.com/phatworx/devise_security_extension"
65
76
  s.licenses = ["MIT"]
66
- s.rubygems_version = "2.2.1"
77
+ s.rubygems_version = "2.2.2"
67
78
  s.summary = "Security extension for devise"
68
79
 
69
80
  if s.respond_to? :specification_version then
70
81
  s.specification_version = 4
71
82
 
72
83
  if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
84
+ s.add_runtime_dependency(%q<devise_security_extension>, [">= 0"])
73
85
  s.add_runtime_dependency(%q<rails>, [">= 3.1.1"])
74
86
  s.add_runtime_dependency(%q<devise>, [">= 2.0.0"])
75
87
  s.add_development_dependency(%q<rails_email_validator>, [">= 0"])
76
88
  s.add_development_dependency(%q<easy_captcha>, [">= 0"])
77
89
  s.add_development_dependency(%q<bundler>, [">= 1.0.0"])
78
90
  s.add_development_dependency(%q<jeweler>, ["~> 2.0.1"])
91
+ s.add_development_dependency(%q<sqlite3>, [">= 0"])
79
92
  else
93
+ s.add_dependency(%q<devise_security_extension>, [">= 0"])
80
94
  s.add_dependency(%q<rails>, [">= 3.1.1"])
81
95
  s.add_dependency(%q<devise>, [">= 2.0.0"])
82
96
  s.add_dependency(%q<rails_email_validator>, [">= 0"])
83
97
  s.add_dependency(%q<easy_captcha>, [">= 0"])
84
98
  s.add_dependency(%q<bundler>, [">= 1.0.0"])
85
99
  s.add_dependency(%q<jeweler>, ["~> 2.0.1"])
100
+ s.add_dependency(%q<sqlite3>, [">= 0"])
86
101
  end
87
102
  else
103
+ s.add_dependency(%q<devise_security_extension>, [">= 0"])
88
104
  s.add_dependency(%q<rails>, [">= 3.1.1"])
89
105
  s.add_dependency(%q<devise>, [">= 2.0.0"])
90
106
  s.add_dependency(%q<rails_email_validator>, [">= 0"])
91
107
  s.add_dependency(%q<easy_captcha>, [">= 0"])
92
108
  s.add_dependency(%q<bundler>, [">= 1.0.0"])
93
109
  s.add_dependency(%q<jeweler>, ["~> 2.0.1"])
110
+ s.add_dependency(%q<sqlite3>, [">= 0"])
94
111
  end
95
112
  end
96
113
 
@@ -1,5 +1,4 @@
1
- #require 'rails/all'
2
- require 'active_record/connection_adapters/abstract/schema_definitions'
1
+ require 'active_record'
3
2
  require 'active_support/core_ext/integer'
4
3
  require 'active_support/ordered_hash'
5
4
  require 'active_support/concern'
@@ -28,7 +28,7 @@ module DeviseSecurityExtension
28
28
  def handle_password_change
29
29
  if not devise_controller? and not ignore_password_expire? and not request.format.nil? and request.format.html?
30
30
  Devise.mappings.keys.flatten.any? do |scope|
31
- if signed_in?(scope) and warden.session(scope)[:password_expired]
31
+ if signed_in?(scope) and warden.session(scope)['password_expired']
32
32
  session["#{scope}_return_to"] = request.path if request.get?
33
33
  redirect_for_password_change scope
34
34
  return
@@ -1,5 +1,5 @@
1
1
  Warden::Manager.after_authentication do |record, warden, options|
2
2
  if record.respond_to?(:need_change_password?)
3
- warden.session(options[:scope])[:password_expired] = record.need_change_password?
3
+ warden.session(options[:scope])['password_expired'] = record.need_change_password?
4
4
  end
5
5
  end
@@ -1,3 +1,4 @@
1
+ require 'active_record'
1
2
  class OldPassword < ActiveRecord::Base
2
3
  belongs_to :password_archivable, :polymorphic => true
3
4
  end
@@ -18,8 +18,8 @@ module Devise
18
18
  # validate is the password used in the past
19
19
  def password_archive_included?
20
20
  unless self.class.deny_old_passwords.is_a? Fixnum
21
- if self.class.deny_old_passwords.is_a? TrueClass and self.class.password_archiving_count > 0
22
- self.class.deny_old_passwords = self.class.password_archiving_count
21
+ if self.class.deny_old_passwords.is_a? TrueClass and archive_count > 0
22
+ self.class.deny_old_passwords = archive_count
23
23
  else
24
24
  self.class.deny_old_passwords = 0
25
25
  end
@@ -46,12 +46,16 @@ module Devise
46
46
 
47
47
  private
48
48
 
49
+ def archive_count
50
+ self.class.password_archiving_count
51
+ end
52
+
49
53
  # archive the last password before save and delete all to old passwords from archive
50
54
  def archive_password
51
55
  if self.encrypted_password_changed?
52
- if self.class.password_archiving_count.to_i > 0
56
+ if archive_count.to_i > 0
53
57
  self.old_passwords.create! old_password_params
54
- self.old_passwords.order(:id).reverse_order.offset(self.class.password_archiving_count).destroy_all
58
+ self.old_passwords.order(:id).reverse_order.offset(archive_count).destroy_all
55
59
  else
56
60
  self.old_passwords.destroy_all
57
61
  end
File without changes
@@ -0,0 +1,3 @@
1
+ class User < ActiveRecord::Base
2
+ devise :database_authenticatable, :password_archivable
3
+ end
@@ -0,0 +1,4 @@
1
+ # This file is used by Rack-based servers to start the application.
2
+
3
+ require ::File.expand_path('../config/environment', __FILE__)
4
+ run RailsApp::Application
@@ -0,0 +1,22 @@
1
+ require File.expand_path('../boot', __FILE__)
2
+
3
+ require 'rails/all'
4
+
5
+ if defined?(Bundler)
6
+ # If you precompile assets before deploying to production, use this line
7
+ Bundler.require(*Rails.groups(:assets => %w(development test)))
8
+ # If you want your assets lazily compiled in production, use this line
9
+ # Bundler.require(:default, :assets, Rails.env)
10
+ end
11
+
12
+ module RailsApp
13
+ class Application < Rails::Application
14
+ config.encoding = "utf-8"
15
+
16
+ config.filter_parameters += [:password]
17
+
18
+ config.assets.enabled = true
19
+
20
+ config.assets.version = '1.0'
21
+ end
22
+ end
@@ -0,0 +1,6 @@
1
+ require 'rubygems'
2
+
3
+ # Set up gems listed in the Gemfile.
4
+ ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../Gemfile', __FILE__)
5
+
6
+ require 'bundler/setup' if File.exists?(ENV['BUNDLE_GEMFILE'])
@@ -0,0 +1,7 @@
1
+ development:
2
+ adapter: sqlite3
3
+ database: ":memory:"
4
+
5
+ test:
6
+ adapter: sqlite3
7
+ database: ":memory:"
@@ -0,0 +1,5 @@
1
+ # Load the rails application
2
+ require File.expand_path('../application', __FILE__)
3
+
4
+ # Initialize the rails application
5
+ RailsApp::Application.initialize!
@@ -0,0 +1,19 @@
1
+ RailsApp::Application.configure do
2
+ config.cache_classes = true
3
+ config.eager_load = false
4
+
5
+ config.serve_static_assets = true
6
+ config.static_cache_control = "public, max-age=3600"
7
+
8
+ config.consider_all_requests_local = true
9
+ config.action_controller.perform_caching = false
10
+
11
+ config.action_dispatch.show_exceptions = false
12
+
13
+ config.action_controller.allow_forgery_protection = false
14
+
15
+ config.action_mailer.delivery_method = :test
16
+
17
+ config.active_support.deprecation = :stderr
18
+ I18n.enforce_available_locales = false
19
+ end
@@ -0,0 +1,9 @@
1
+ Devise.setup do |config|
2
+ config.mailer_sender = "please-change-me-at-config-initializers-devise@example.com"
3
+
4
+ require 'devise/orm/active_record'
5
+
6
+ config.case_insensitive_keys = [ :email ]
7
+
8
+ config.strip_whitespace_keys = [ :email ]
9
+ end
@@ -0,0 +1,26 @@
1
+ class CreateTables < ActiveRecord::Migration
2
+ def self.up
3
+ create_table :users do |t|
4
+ t.string :username
5
+ t.string :facebook_token
6
+
7
+ ## Database authenticatable
8
+ t.string :email, :null => false, :default => ""
9
+ t.string :encrypted_password, :null => false, :default => ""
10
+
11
+ t.timestamps
12
+ end
13
+
14
+ create_table :old_passwords do |t|
15
+ t.string :encrypted_password
16
+ t.string :password_salt
17
+
18
+ t.references :password_archivable, polymorphic: true
19
+ end
20
+ end
21
+
22
+ def self.down
23
+ drop_table :users
24
+ drop_table :old_passwords
25
+ end
26
+ end
data/test/helper.rb CHANGED
@@ -1,3 +1,5 @@
1
+ ENV['RAILS_ENV'] ||= 'test'
2
+
1
3
  require 'rubygems'
2
4
  require 'bundler'
3
5
  begin
@@ -13,5 +15,8 @@ $LOAD_PATH.unshift(File.dirname(__FILE__))
13
15
  $LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
14
16
  require 'devise_security_extension'
15
17
 
16
- class Test::Unit::TestCase
17
- end
18
+ require_relative 'dummy/config/environment'
19
+
20
+ ActiveRecord::Migration.verbose = false
21
+ ActiveRecord::Base.logger = Logger.new(nil)
22
+ ActiveRecord::Migrator.migrate(File.expand_path('../dummy/db/migrate', __FILE__))
@@ -2,6 +2,5 @@ require 'helper'
2
2
 
3
3
  class TestDeviseSecurityExtension < Test::Unit::TestCase
4
4
  def test_something_for_real
5
- flunk "hey buddy, you should probably rename this file and start testing for real"
6
5
  end
7
6
  end
@@ -0,0 +1,47 @@
1
+ require 'helper'
2
+
3
+ class TestPasswordArchivable < ActiveSupport::TestCase
4
+ setup do
5
+ Devise.password_archiving_count = 2
6
+ end
7
+
8
+ teardown do
9
+ Devise.password_archiving_count = 1
10
+ end
11
+
12
+ test "should respect maximum attempts configuration" do
13
+ user = User.new
14
+ user.password = 'password1'
15
+ user.password_confirmation = 'password1'
16
+ user.save!
17
+
18
+ user.password = 'password1'
19
+ user.password_confirmation = 'password1'
20
+ assert_raises(ActiveRecord::RecordInvalid) { user.save! }
21
+ end
22
+
23
+ test 'the option should be dynamic during runtime' do
24
+ class ::User
25
+ def archive_count
26
+ 1
27
+ end
28
+ end
29
+
30
+ user = User.new
31
+ user.password = 'password1'
32
+ user.password_confirmation = 'password1'
33
+ user.save!
34
+
35
+ user.password = 'password2'
36
+ user.password_confirmation = 'password2'
37
+ user.save!
38
+
39
+ user.password = 'password2'
40
+ user.password_confirmation = 'password2'
41
+ assert_raises(ActiveRecord::RecordInvalid) { user.save! }
42
+
43
+ user.password = 'password1'
44
+ user.password_confirmation = 'password1'
45
+ assert_raises(ActiveRecord::RecordInvalid) { user.save! }
46
+ end
47
+ end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: devise_security_extension
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.8.0
4
+ version: 0.8.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Marco Scholl
@@ -9,8 +9,22 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2014-01-31 00:00:00.000000000 Z
12
+ date: 2015-03-10 00:00:00.000000000 Z
13
13
  dependencies:
14
+ - !ruby/object:Gem::Dependency
15
+ name: devise_security_extension
16
+ requirement: !ruby/object:Gem::Requirement
17
+ requirements:
18
+ - - ">="
19
+ - !ruby/object:Gem::Version
20
+ version: '0'
21
+ type: :runtime
22
+ prerelease: false
23
+ version_requirements: !ruby/object:Gem::Requirement
24
+ requirements:
25
+ - - ">="
26
+ - !ruby/object:Gem::Version
27
+ version: '0'
14
28
  - !ruby/object:Gem::Dependency
15
29
  name: rails
16
30
  requirement: !ruby/object:Gem::Requirement
@@ -95,6 +109,20 @@ dependencies:
95
109
  - - "~>"
96
110
  - !ruby/object:Gem::Version
97
111
  version: 2.0.1
112
+ - !ruby/object:Gem::Dependency
113
+ name: sqlite3
114
+ requirement: !ruby/object:Gem::Requirement
115
+ requirements:
116
+ - - ">="
117
+ - !ruby/object:Gem::Version
118
+ version: '0'
119
+ type: :development
120
+ prerelease: false
121
+ version_requirements: !ruby/object:Gem::Requirement
122
+ requirements:
123
+ - - ">="
124
+ - !ruby/object:Gem::Version
125
+ version: '0'
98
126
  description: An enterprise security extension for devise, trying to meet industrial
99
127
  standard security demands for web applications.
100
128
  email: team@phatworx.de
@@ -143,8 +171,19 @@ files:
143
171
  - lib/devise_security_extension/routes.rb
144
172
  - lib/devise_security_extension/schema.rb
145
173
  - lib/generators/devise_security_extension/install_generator.rb
174
+ - test/dummy/app/models/.gitkeep
175
+ - test/dummy/app/models/user.rb
176
+ - test/dummy/config.ru
177
+ - test/dummy/config/application.rb
178
+ - test/dummy/config/boot.rb
179
+ - test/dummy/config/database.yml
180
+ - test/dummy/config/environment.rb
181
+ - test/dummy/config/environments/test.rb
182
+ - test/dummy/config/initializers/devise.rb
183
+ - test/dummy/db/migrate/20120508165529_create_tables.rb
146
184
  - test/helper.rb
147
185
  - test/test_devise_security_extension.rb
186
+ - test/test_password_archivable.rb
148
187
  homepage: http://github.com/phatworx/devise_security_extension
149
188
  licenses:
150
189
  - MIT
@@ -165,7 +204,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
165
204
  version: '0'
166
205
  requirements: []
167
206
  rubyforge_project:
168
- rubygems_version: 2.2.1
207
+ rubygems_version: 2.2.2
169
208
  signing_key:
170
209
  specification_version: 4
171
210
  summary: Security extension for devise