devise_security_extension 0.8.0 → 0.8.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile +1 -10
- data/Gemfile.lock +11 -0
- data/VERSION +1 -1
- data/app/controllers/devise/password_expired_controller.rb +1 -1
- data/devise_security_extension.gemspec +22 -5
- data/lib/devise_security_extension.rb +1 -2
- data/lib/devise_security_extension/controllers/helpers.rb +1 -1
- data/lib/devise_security_extension/hooks/password_expirable.rb +1 -1
- data/lib/devise_security_extension/models/old_password.rb +1 -0
- data/lib/devise_security_extension/models/password_archivable.rb +8 -4
- data/test/dummy/app/models/.gitkeep +0 -0
- data/test/dummy/app/models/user.rb +3 -0
- data/test/dummy/config.ru +4 -0
- data/test/dummy/config/application.rb +22 -0
- data/test/dummy/config/boot.rb +6 -0
- data/test/dummy/config/database.yml +7 -0
- data/test/dummy/config/environment.rb +5 -0
- data/test/dummy/config/environments/test.rb +19 -0
- data/test/dummy/config/initializers/devise.rb +9 -0
- data/test/dummy/db/migrate/20120508165529_create_tables.rb +26 -0
- data/test/helper.rb +7 -2
- data/test/test_devise_security_extension.rb +0 -1
- data/test/test_password_archivable.rb +47 -0
- metadata +42 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 8644fb0529c5a92d76808d784b6b1dd68a38ac93
|
4
|
+
data.tar.gz: a33c5e7c615b4ac80155ff5aee193b60b110f90a
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: a8a9c9dcdbf99cec36d957dc9055c37320e1dd2494ff17ed13649cefa1595ec451d3bbff22120a6cba1ba2be778e08172b445c3a59d4968fc8b0eb038c1244ee
|
7
|
+
data.tar.gz: d8f72b81da2786190451b41f82b7835f79980c765fc6a4ecd70958e9bb296f188dd237db66681508a0f4e2fb0a1f17d96641895cf432fdb11af03fffcd24f192
|
data/Gemfile
CHANGED
@@ -1,15 +1,6 @@
|
|
1
1
|
source "http://rubygems.org"
|
2
|
+
gemspec
|
2
3
|
# Add dependencies required to use your gem here.
|
3
4
|
# Example:
|
4
5
|
gem "rails", ">= 3.1.1"
|
5
6
|
gem "devise", ">= 2.0.0"
|
6
|
-
|
7
|
-
# Add dependencies to develop your gem here.
|
8
|
-
# Include everything needed to run rake, tests, features, etc.
|
9
|
-
group :development do
|
10
|
-
gem "rails_email_validator"
|
11
|
-
gem "easy_captcha"
|
12
|
-
gem "bundler", ">= 1.0.0"
|
13
|
-
gem "jeweler", "~> 2.0.1"
|
14
|
-
# gem "rcov", ">= 0"
|
15
|
-
end
|
data/Gemfile.lock
CHANGED
@@ -1,3 +1,11 @@
|
|
1
|
+
PATH
|
2
|
+
remote: .
|
3
|
+
specs:
|
4
|
+
devise_security_extension (0.8.1)
|
5
|
+
devise (>= 2.0.0)
|
6
|
+
devise_security_extension
|
7
|
+
rails (>= 3.1.1)
|
8
|
+
|
1
9
|
GEM
|
2
10
|
remote: http://rubygems.org/
|
3
11
|
specs:
|
@@ -141,6 +149,7 @@ GEM
|
|
141
149
|
actionpack (>= 3.0)
|
142
150
|
activesupport (>= 3.0)
|
143
151
|
sprockets (~> 2.8)
|
152
|
+
sqlite3 (1.3.9)
|
144
153
|
thor (0.18.1)
|
145
154
|
thread_safe (0.1.3)
|
146
155
|
atomic
|
@@ -159,7 +168,9 @@ PLATFORMS
|
|
159
168
|
DEPENDENCIES
|
160
169
|
bundler (>= 1.0.0)
|
161
170
|
devise (>= 2.0.0)
|
171
|
+
devise_security_extension!
|
162
172
|
easy_captcha
|
163
173
|
jeweler (~> 2.0.1)
|
164
174
|
rails (>= 3.1.1)
|
165
175
|
rails_email_validator
|
176
|
+
sqlite3
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
0.8.
|
1
|
+
0.8.1
|
@@ -12,7 +12,7 @@ class Devise::PasswordExpiredController < DeviseController
|
|
12
12
|
|
13
13
|
def update
|
14
14
|
if resource.update_with_password(resource_params)
|
15
|
-
warden.session(scope)[
|
15
|
+
warden.session(scope)['password_expired'] = false
|
16
16
|
set_flash_message :notice, :updated
|
17
17
|
sign_in scope, resource, :bypass => true
|
18
18
|
redirect_to stored_location_for(scope) || :root
|
@@ -2,16 +2,16 @@
|
|
2
2
|
# DO NOT EDIT THIS FILE DIRECTLY
|
3
3
|
# Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
|
4
4
|
# -*- encoding: utf-8 -*-
|
5
|
-
# stub: devise_security_extension 0.8.
|
5
|
+
# stub: devise_security_extension 0.8.1 ruby lib
|
6
6
|
|
7
7
|
Gem::Specification.new do |s|
|
8
8
|
s.name = "devise_security_extension"
|
9
|
-
s.version = "0.8.
|
9
|
+
s.version = "0.8.1"
|
10
10
|
|
11
11
|
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
12
12
|
s.require_paths = ["lib"]
|
13
13
|
s.authors = ["Marco Scholl", "Alexander Dreher"]
|
14
|
-
s.date = "
|
14
|
+
s.date = "2015-03-10"
|
15
15
|
s.description = "An enterprise security extension for devise, trying to meet industrial standard security demands for web applications."
|
16
16
|
s.email = "team@phatworx.de"
|
17
17
|
s.extra_rdoc_files = [
|
@@ -58,39 +58,56 @@ Gem::Specification.new do |s|
|
|
58
58
|
"lib/devise_security_extension/routes.rb",
|
59
59
|
"lib/devise_security_extension/schema.rb",
|
60
60
|
"lib/generators/devise_security_extension/install_generator.rb",
|
61
|
+
"test/dummy/app/models/.gitkeep",
|
62
|
+
"test/dummy/app/models/user.rb",
|
63
|
+
"test/dummy/config.ru",
|
64
|
+
"test/dummy/config/application.rb",
|
65
|
+
"test/dummy/config/boot.rb",
|
66
|
+
"test/dummy/config/database.yml",
|
67
|
+
"test/dummy/config/environment.rb",
|
68
|
+
"test/dummy/config/environments/test.rb",
|
69
|
+
"test/dummy/config/initializers/devise.rb",
|
70
|
+
"test/dummy/db/migrate/20120508165529_create_tables.rb",
|
61
71
|
"test/helper.rb",
|
62
|
-
"test/test_devise_security_extension.rb"
|
72
|
+
"test/test_devise_security_extension.rb",
|
73
|
+
"test/test_password_archivable.rb"
|
63
74
|
]
|
64
75
|
s.homepage = "http://github.com/phatworx/devise_security_extension"
|
65
76
|
s.licenses = ["MIT"]
|
66
|
-
s.rubygems_version = "2.2.
|
77
|
+
s.rubygems_version = "2.2.2"
|
67
78
|
s.summary = "Security extension for devise"
|
68
79
|
|
69
80
|
if s.respond_to? :specification_version then
|
70
81
|
s.specification_version = 4
|
71
82
|
|
72
83
|
if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
|
84
|
+
s.add_runtime_dependency(%q<devise_security_extension>, [">= 0"])
|
73
85
|
s.add_runtime_dependency(%q<rails>, [">= 3.1.1"])
|
74
86
|
s.add_runtime_dependency(%q<devise>, [">= 2.0.0"])
|
75
87
|
s.add_development_dependency(%q<rails_email_validator>, [">= 0"])
|
76
88
|
s.add_development_dependency(%q<easy_captcha>, [">= 0"])
|
77
89
|
s.add_development_dependency(%q<bundler>, [">= 1.0.0"])
|
78
90
|
s.add_development_dependency(%q<jeweler>, ["~> 2.0.1"])
|
91
|
+
s.add_development_dependency(%q<sqlite3>, [">= 0"])
|
79
92
|
else
|
93
|
+
s.add_dependency(%q<devise_security_extension>, [">= 0"])
|
80
94
|
s.add_dependency(%q<rails>, [">= 3.1.1"])
|
81
95
|
s.add_dependency(%q<devise>, [">= 2.0.0"])
|
82
96
|
s.add_dependency(%q<rails_email_validator>, [">= 0"])
|
83
97
|
s.add_dependency(%q<easy_captcha>, [">= 0"])
|
84
98
|
s.add_dependency(%q<bundler>, [">= 1.0.0"])
|
85
99
|
s.add_dependency(%q<jeweler>, ["~> 2.0.1"])
|
100
|
+
s.add_dependency(%q<sqlite3>, [">= 0"])
|
86
101
|
end
|
87
102
|
else
|
103
|
+
s.add_dependency(%q<devise_security_extension>, [">= 0"])
|
88
104
|
s.add_dependency(%q<rails>, [">= 3.1.1"])
|
89
105
|
s.add_dependency(%q<devise>, [">= 2.0.0"])
|
90
106
|
s.add_dependency(%q<rails_email_validator>, [">= 0"])
|
91
107
|
s.add_dependency(%q<easy_captcha>, [">= 0"])
|
92
108
|
s.add_dependency(%q<bundler>, [">= 1.0.0"])
|
93
109
|
s.add_dependency(%q<jeweler>, ["~> 2.0.1"])
|
110
|
+
s.add_dependency(%q<sqlite3>, [">= 0"])
|
94
111
|
end
|
95
112
|
end
|
96
113
|
|
@@ -28,7 +28,7 @@ module DeviseSecurityExtension
|
|
28
28
|
def handle_password_change
|
29
29
|
if not devise_controller? and not ignore_password_expire? and not request.format.nil? and request.format.html?
|
30
30
|
Devise.mappings.keys.flatten.any? do |scope|
|
31
|
-
if signed_in?(scope) and warden.session(scope)[
|
31
|
+
if signed_in?(scope) and warden.session(scope)['password_expired']
|
32
32
|
session["#{scope}_return_to"] = request.path if request.get?
|
33
33
|
redirect_for_password_change scope
|
34
34
|
return
|
@@ -1,5 +1,5 @@
|
|
1
1
|
Warden::Manager.after_authentication do |record, warden, options|
|
2
2
|
if record.respond_to?(:need_change_password?)
|
3
|
-
warden.session(options[:scope])[
|
3
|
+
warden.session(options[:scope])['password_expired'] = record.need_change_password?
|
4
4
|
end
|
5
5
|
end
|
@@ -18,8 +18,8 @@ module Devise
|
|
18
18
|
# validate is the password used in the past
|
19
19
|
def password_archive_included?
|
20
20
|
unless self.class.deny_old_passwords.is_a? Fixnum
|
21
|
-
if self.class.deny_old_passwords.is_a? TrueClass and
|
22
|
-
self.class.deny_old_passwords =
|
21
|
+
if self.class.deny_old_passwords.is_a? TrueClass and archive_count > 0
|
22
|
+
self.class.deny_old_passwords = archive_count
|
23
23
|
else
|
24
24
|
self.class.deny_old_passwords = 0
|
25
25
|
end
|
@@ -46,12 +46,16 @@ module Devise
|
|
46
46
|
|
47
47
|
private
|
48
48
|
|
49
|
+
def archive_count
|
50
|
+
self.class.password_archiving_count
|
51
|
+
end
|
52
|
+
|
49
53
|
# archive the last password before save and delete all to old passwords from archive
|
50
54
|
def archive_password
|
51
55
|
if self.encrypted_password_changed?
|
52
|
-
if
|
56
|
+
if archive_count.to_i > 0
|
53
57
|
self.old_passwords.create! old_password_params
|
54
|
-
self.old_passwords.order(:id).reverse_order.offset(
|
58
|
+
self.old_passwords.order(:id).reverse_order.offset(archive_count).destroy_all
|
55
59
|
else
|
56
60
|
self.old_passwords.destroy_all
|
57
61
|
end
|
File without changes
|
@@ -0,0 +1,22 @@
|
|
1
|
+
require File.expand_path('../boot', __FILE__)
|
2
|
+
|
3
|
+
require 'rails/all'
|
4
|
+
|
5
|
+
if defined?(Bundler)
|
6
|
+
# If you precompile assets before deploying to production, use this line
|
7
|
+
Bundler.require(*Rails.groups(:assets => %w(development test)))
|
8
|
+
# If you want your assets lazily compiled in production, use this line
|
9
|
+
# Bundler.require(:default, :assets, Rails.env)
|
10
|
+
end
|
11
|
+
|
12
|
+
module RailsApp
|
13
|
+
class Application < Rails::Application
|
14
|
+
config.encoding = "utf-8"
|
15
|
+
|
16
|
+
config.filter_parameters += [:password]
|
17
|
+
|
18
|
+
config.assets.enabled = true
|
19
|
+
|
20
|
+
config.assets.version = '1.0'
|
21
|
+
end
|
22
|
+
end
|
@@ -0,0 +1,19 @@
|
|
1
|
+
RailsApp::Application.configure do
|
2
|
+
config.cache_classes = true
|
3
|
+
config.eager_load = false
|
4
|
+
|
5
|
+
config.serve_static_assets = true
|
6
|
+
config.static_cache_control = "public, max-age=3600"
|
7
|
+
|
8
|
+
config.consider_all_requests_local = true
|
9
|
+
config.action_controller.perform_caching = false
|
10
|
+
|
11
|
+
config.action_dispatch.show_exceptions = false
|
12
|
+
|
13
|
+
config.action_controller.allow_forgery_protection = false
|
14
|
+
|
15
|
+
config.action_mailer.delivery_method = :test
|
16
|
+
|
17
|
+
config.active_support.deprecation = :stderr
|
18
|
+
I18n.enforce_available_locales = false
|
19
|
+
end
|
@@ -0,0 +1,26 @@
|
|
1
|
+
class CreateTables < ActiveRecord::Migration
|
2
|
+
def self.up
|
3
|
+
create_table :users do |t|
|
4
|
+
t.string :username
|
5
|
+
t.string :facebook_token
|
6
|
+
|
7
|
+
## Database authenticatable
|
8
|
+
t.string :email, :null => false, :default => ""
|
9
|
+
t.string :encrypted_password, :null => false, :default => ""
|
10
|
+
|
11
|
+
t.timestamps
|
12
|
+
end
|
13
|
+
|
14
|
+
create_table :old_passwords do |t|
|
15
|
+
t.string :encrypted_password
|
16
|
+
t.string :password_salt
|
17
|
+
|
18
|
+
t.references :password_archivable, polymorphic: true
|
19
|
+
end
|
20
|
+
end
|
21
|
+
|
22
|
+
def self.down
|
23
|
+
drop_table :users
|
24
|
+
drop_table :old_passwords
|
25
|
+
end
|
26
|
+
end
|
data/test/helper.rb
CHANGED
@@ -1,3 +1,5 @@
|
|
1
|
+
ENV['RAILS_ENV'] ||= 'test'
|
2
|
+
|
1
3
|
require 'rubygems'
|
2
4
|
require 'bundler'
|
3
5
|
begin
|
@@ -13,5 +15,8 @@ $LOAD_PATH.unshift(File.dirname(__FILE__))
|
|
13
15
|
$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
|
14
16
|
require 'devise_security_extension'
|
15
17
|
|
16
|
-
|
17
|
-
|
18
|
+
require_relative 'dummy/config/environment'
|
19
|
+
|
20
|
+
ActiveRecord::Migration.verbose = false
|
21
|
+
ActiveRecord::Base.logger = Logger.new(nil)
|
22
|
+
ActiveRecord::Migrator.migrate(File.expand_path('../dummy/db/migrate', __FILE__))
|
@@ -0,0 +1,47 @@
|
|
1
|
+
require 'helper'
|
2
|
+
|
3
|
+
class TestPasswordArchivable < ActiveSupport::TestCase
|
4
|
+
setup do
|
5
|
+
Devise.password_archiving_count = 2
|
6
|
+
end
|
7
|
+
|
8
|
+
teardown do
|
9
|
+
Devise.password_archiving_count = 1
|
10
|
+
end
|
11
|
+
|
12
|
+
test "should respect maximum attempts configuration" do
|
13
|
+
user = User.new
|
14
|
+
user.password = 'password1'
|
15
|
+
user.password_confirmation = 'password1'
|
16
|
+
user.save!
|
17
|
+
|
18
|
+
user.password = 'password1'
|
19
|
+
user.password_confirmation = 'password1'
|
20
|
+
assert_raises(ActiveRecord::RecordInvalid) { user.save! }
|
21
|
+
end
|
22
|
+
|
23
|
+
test 'the option should be dynamic during runtime' do
|
24
|
+
class ::User
|
25
|
+
def archive_count
|
26
|
+
1
|
27
|
+
end
|
28
|
+
end
|
29
|
+
|
30
|
+
user = User.new
|
31
|
+
user.password = 'password1'
|
32
|
+
user.password_confirmation = 'password1'
|
33
|
+
user.save!
|
34
|
+
|
35
|
+
user.password = 'password2'
|
36
|
+
user.password_confirmation = 'password2'
|
37
|
+
user.save!
|
38
|
+
|
39
|
+
user.password = 'password2'
|
40
|
+
user.password_confirmation = 'password2'
|
41
|
+
assert_raises(ActiveRecord::RecordInvalid) { user.save! }
|
42
|
+
|
43
|
+
user.password = 'password1'
|
44
|
+
user.password_confirmation = 'password1'
|
45
|
+
assert_raises(ActiveRecord::RecordInvalid) { user.save! }
|
46
|
+
end
|
47
|
+
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: devise_security_extension
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.8.
|
4
|
+
version: 0.8.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Marco Scholl
|
@@ -9,8 +9,22 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date:
|
12
|
+
date: 2015-03-10 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
|
+
- !ruby/object:Gem::Dependency
|
15
|
+
name: devise_security_extension
|
16
|
+
requirement: !ruby/object:Gem::Requirement
|
17
|
+
requirements:
|
18
|
+
- - ">="
|
19
|
+
- !ruby/object:Gem::Version
|
20
|
+
version: '0'
|
21
|
+
type: :runtime
|
22
|
+
prerelease: false
|
23
|
+
version_requirements: !ruby/object:Gem::Requirement
|
24
|
+
requirements:
|
25
|
+
- - ">="
|
26
|
+
- !ruby/object:Gem::Version
|
27
|
+
version: '0'
|
14
28
|
- !ruby/object:Gem::Dependency
|
15
29
|
name: rails
|
16
30
|
requirement: !ruby/object:Gem::Requirement
|
@@ -95,6 +109,20 @@ dependencies:
|
|
95
109
|
- - "~>"
|
96
110
|
- !ruby/object:Gem::Version
|
97
111
|
version: 2.0.1
|
112
|
+
- !ruby/object:Gem::Dependency
|
113
|
+
name: sqlite3
|
114
|
+
requirement: !ruby/object:Gem::Requirement
|
115
|
+
requirements:
|
116
|
+
- - ">="
|
117
|
+
- !ruby/object:Gem::Version
|
118
|
+
version: '0'
|
119
|
+
type: :development
|
120
|
+
prerelease: false
|
121
|
+
version_requirements: !ruby/object:Gem::Requirement
|
122
|
+
requirements:
|
123
|
+
- - ">="
|
124
|
+
- !ruby/object:Gem::Version
|
125
|
+
version: '0'
|
98
126
|
description: An enterprise security extension for devise, trying to meet industrial
|
99
127
|
standard security demands for web applications.
|
100
128
|
email: team@phatworx.de
|
@@ -143,8 +171,19 @@ files:
|
|
143
171
|
- lib/devise_security_extension/routes.rb
|
144
172
|
- lib/devise_security_extension/schema.rb
|
145
173
|
- lib/generators/devise_security_extension/install_generator.rb
|
174
|
+
- test/dummy/app/models/.gitkeep
|
175
|
+
- test/dummy/app/models/user.rb
|
176
|
+
- test/dummy/config.ru
|
177
|
+
- test/dummy/config/application.rb
|
178
|
+
- test/dummy/config/boot.rb
|
179
|
+
- test/dummy/config/database.yml
|
180
|
+
- test/dummy/config/environment.rb
|
181
|
+
- test/dummy/config/environments/test.rb
|
182
|
+
- test/dummy/config/initializers/devise.rb
|
183
|
+
- test/dummy/db/migrate/20120508165529_create_tables.rb
|
146
184
|
- test/helper.rb
|
147
185
|
- test/test_devise_security_extension.rb
|
186
|
+
- test/test_password_archivable.rb
|
148
187
|
homepage: http://github.com/phatworx/devise_security_extension
|
149
188
|
licenses:
|
150
189
|
- MIT
|
@@ -165,7 +204,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
165
204
|
version: '0'
|
166
205
|
requirements: []
|
167
206
|
rubyforge_project:
|
168
|
-
rubygems_version: 2.2.
|
207
|
+
rubygems_version: 2.2.2
|
169
208
|
signing_key:
|
170
209
|
specification_version: 4
|
171
210
|
summary: Security extension for devise
|