devise_zxcvbn 4.4.1 → 6.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/.github/workflows/gem-push.yml +31 -0
- data/.github/workflows/ruby.yml +35 -0
- data/.gitignore +1 -0
- data/CHANGELOG.md +8 -0
- data/README.md +63 -26
- data/devise_zxcvbn.gemspec +3 -2
- data/lib/devise_zxcvbn/errors/devise_zxcvbn_error.rb +2 -0
- data/lib/devise_zxcvbn/model.rb +32 -17
- data/lib/devise_zxcvbn/version.rb +1 -1
- data/spec/devise_zxcvbn/devise_zxcbn_spec.rb +0 -1
- data/spec/devise_zxcvbn/errors/devise_zxcvbn_error.rb +2 -0
- data/spec/devise_zxcvbn/model_spec.rb +113 -26
- data/spec/spec_helper.rb +2 -87
- metadata +28 -10
- data/circle.yml +0 -9
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
|
-
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: d9199b7dc373b012f84a98f47e9c70ebc0e229a7749d70c1d72c73aef57f4b81
|
4
|
+
data.tar.gz: 9b914ad4c1fefca97261f09625ca4ec891a46808bbcaf24ae83bb9b5a848f5e5
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 0645cd5046baf76e3f88f2ca2d60c67823b083a2cc38c17d31c674d2e77578a807cdc810fcb7d8ce7f7d73b3df644ec679a4a1d5676d86f3a751cf79a8351c3a
|
7
|
+
data.tar.gz: 662aec05fc6ff3349cd75b1b63361f61add2eba284454a9c0f75d27d14e9bf7b984665375fc51eb7a1a956a32c05a1cf0a88a25f9a654c19704b488b928b8c58
|
@@ -0,0 +1,31 @@
|
|
1
|
+
name: Ruby Gem
|
2
|
+
|
3
|
+
on:
|
4
|
+
push:
|
5
|
+
branches: [ master ]
|
6
|
+
|
7
|
+
jobs:
|
8
|
+
build:
|
9
|
+
name: Build + Publish
|
10
|
+
runs-on: ubuntu-latest
|
11
|
+
permissions:
|
12
|
+
contents: read
|
13
|
+
packages: write
|
14
|
+
|
15
|
+
steps:
|
16
|
+
- uses: actions/checkout@v2
|
17
|
+
- name: Set up Ruby 2.6
|
18
|
+
uses: actions/setup-ruby@v1
|
19
|
+
with:
|
20
|
+
ruby-version: 2.6.x
|
21
|
+
|
22
|
+
- name: Publish to RubyGems
|
23
|
+
run: |
|
24
|
+
mkdir -p $HOME/.gem
|
25
|
+
touch $HOME/.gem/credentials
|
26
|
+
chmod 0600 $HOME/.gem/credentials
|
27
|
+
printf -- "---\n:rubygems_api_key: ${GEM_HOST_API_KEY}\n" > $HOME/.gem/credentials
|
28
|
+
gem build *.gemspec
|
29
|
+
gem push *.gem
|
30
|
+
env:
|
31
|
+
GEM_HOST_API_KEY: "${{secrets.RUBYGEMS_AUTH_TOKEN}}"
|
@@ -0,0 +1,35 @@
|
|
1
|
+
# This workflow uses actions that are not certified by GitHub.
|
2
|
+
# They are provided by a third-party and are governed by
|
3
|
+
# separate terms of service, privacy policy, and support
|
4
|
+
# documentation.
|
5
|
+
# This workflow will download a prebuilt Ruby version, install dependencies and run tests with Rake
|
6
|
+
# For more information see: https://github.com/marketplace/actions/setup-ruby-jruby-and-truffleruby
|
7
|
+
|
8
|
+
name: Ruby
|
9
|
+
|
10
|
+
on:
|
11
|
+
push:
|
12
|
+
branches: [ master ]
|
13
|
+
pull_request:
|
14
|
+
branches: [ master ]
|
15
|
+
|
16
|
+
jobs:
|
17
|
+
test:
|
18
|
+
|
19
|
+
runs-on: ubuntu-latest
|
20
|
+
strategy:
|
21
|
+
matrix:
|
22
|
+
ruby-version: ['2.6', '2.7', '3.0']
|
23
|
+
|
24
|
+
steps:
|
25
|
+
- uses: actions/checkout@v2
|
26
|
+
- name: Set up Ruby
|
27
|
+
# To automatically get bug fixes and new Ruby versions for ruby/setup-ruby,
|
28
|
+
# change this to (see https://github.com/ruby/setup-ruby#versioning):
|
29
|
+
# uses: ruby/setup-ruby@v1
|
30
|
+
uses: ruby/setup-ruby@473e4d8fe5dd94ee328fdfca9f8c9c7afc9dae5e
|
31
|
+
with:
|
32
|
+
ruby-version: ${{ matrix.ruby-version }}
|
33
|
+
bundler-cache: true # runs 'bundle install' and caches installed gems automatically
|
34
|
+
- name: Run tests
|
35
|
+
run: RAILS_ENV=test bundle exec rspec -r rspec_junit_formatter --format RspecJunitFormatter
|
data/.gitignore
CHANGED
data/CHANGELOG.md
ADDED
@@ -0,0 +1,8 @@
|
|
1
|
+
## 6.0 - 2021-12-17
|
2
|
+
|
3
|
+
- Switching to [zxcvbn-rb](https://github.com/formigarafa/zxcvbn-rb) so that we do not need to run execjs but still keep compatability with Dropbox's zxcvbn.js.
|
4
|
+
`zxcvbn-rb` is not the same as `zxcvbn-ruby` (which produces different scores which is why we originally used `zxcvbn-js`).
|
5
|
+
|
6
|
+
## 5.2 - 2021-12-17
|
7
|
+
|
8
|
+
- Fix Ruby 3.0 compatability
|
data/README.md
CHANGED
@@ -1,10 +1,10 @@
|
|
1
1
|
# devise_zxcvbn
|
2
2
|
|
3
|
-
[![Gem Version](https://badge.fury.io/rb/devise_zxcvbn.
|
4
|
-
[![
|
3
|
+
[![Gem Version](https://badge.fury.io/rb/devise_zxcvbn.svg)](http://badge.fury.io/rb/devise_zxcvbn)
|
4
|
+
[![Ruby](https://github.com/bitzesty/devise_zxcvbn/actions/workflows/ruby.yml/badge.svg?branch=master)](https://github.com/bitzesty/devise_zxcvbn/actions/workflows/ruby.yml)
|
5
5
|
[![Code Climate](https://codeclimate.com/github/bitzesty/devise_zxcvbn/badges/gpa.svg)](https://codeclimate.com/github/bitzesty/devise_zxcvbn)
|
6
6
|
|
7
|
-
Plugin for [devise](https://github.com/plataformatec/devise) to reject weak passwords, using [zxcvbn-
|
7
|
+
Plugin for [devise](https://github.com/plataformatec/devise) to reject weak passwords, using [zxcvbn-rb](https://github.com/formigarafa/zxcvbn-rb) which is a ruby port of [zxcvbn: realistic password strength estimation](https://tech.dropbox.com/2012/04/zxcvbn-realistic-password-strength-estimation/).
|
8
8
|
|
9
9
|
The user's password will be rejected if the score is below 4 by default. It also uses the email as user input to zxcvbn, to reject passwords containing parts of the email (if using zxcvbn.js on the frontend you should also do this to get the same score).
|
10
10
|
|
@@ -14,50 +14,87 @@ The scores 0, 1, 2, 3 or 4 are given when the estimated crack time (seconds) is
|
|
14
14
|
|
15
15
|
Add this line to your application's Gemfile:
|
16
16
|
|
17
|
-
|
18
|
-
|
17
|
+
```ruby
|
18
|
+
gem 'devise_zxcvbn'
|
19
|
+
```
|
19
20
|
|
20
21
|
## Configuration
|
21
22
|
|
22
|
-
|
23
|
-
|
23
|
+
```ruby
|
24
|
+
class User < ActiveRecord::Base
|
25
|
+
devise :zxcvbnable
|
26
|
+
|
27
|
+
# Optionally add more weak words to check against:
|
28
|
+
def weak_words
|
29
|
+
['mysitename', self.name, self.username]
|
30
|
+
end
|
31
|
+
end
|
32
|
+
```
|
33
|
+
|
34
|
+
## Available methods for devise resources
|
35
|
+
|
36
|
+
```ruby
|
37
|
+
class User < ApplicationRecord
|
38
|
+
devise :zxcvbnable
|
39
|
+
end
|
24
40
|
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
41
|
+
user = User.new.tap do |user|
|
42
|
+
user.email = "example@example.com"
|
43
|
+
user.password = "123456789"
|
44
|
+
end
|
45
|
+
|
46
|
+
user.password_score => #<OpenStruct password="123456789", guesses=6, guesses_log10=0.7781512503836435, sequence=[{"pattern"=>"dictionary", "i"=>0, "j"=>8, "token"=>"123456789", "matched_word"=>"123456789", "rank"=>5, "dictionary_name"=>"passwords", "reversed"=>false, "l33t"=>false, "base_guesses"=>5, "uppercase_variations"=>1, "l33t_variations"=>1, "guesses"=>5, "guesses_log10"=>0.6989700043360187}], calc_time=15, crack_times_seconds={"online_throttling_100_per_hour"=>216, "online_no_throttling_10_per_second"=>0.6, "offline_slow_hashing_1e4_per_second"=>0.0006, "offline_fast_hashing_1e10_per_second"=>6.0e-10}, crack_times_display={"online_throttling_100_per_hour"=>"4 minutes", "online_no_throttling_10_per_second"=>"less than a second", "offline_slow_hashing_1e4_per_second"=>"less than a second", "offline_fast_hashing_1e10_per_second"=>"less than a second"}, score=0, feedback={"warning"=>"This is a top-10 common password", "suggestions"=>["Add another word or two. Uncommon words are better."]}>
|
47
|
+
# returns a simple OpenStruct object so than you could send another messages to get more info
|
48
|
+
|
49
|
+
user.password_weak? => true/false # returns a boolean result of checking of weakness of your set password
|
50
|
+
```
|
30
51
|
|
31
52
|
### Default parameters
|
32
53
|
|
33
54
|
_A score of less than 3 is not recommended._
|
34
55
|
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
56
|
+
```ruby
|
57
|
+
# config/initializers/devise.rb
|
58
|
+
Devise.setup do |config|
|
59
|
+
config.min_password_score = 4
|
60
|
+
end
|
61
|
+
```
|
39
62
|
|
40
63
|
### Error Message
|
41
64
|
|
42
65
|
The default error message:
|
43
66
|
|
44
|
-
|
67
|
+
```yml
|
68
|
+
"not strong enough. It scored %{score}. It must score at least %{min_password_score}."
|
69
|
+
```
|
45
70
|
|
46
71
|
You can customize this error message modifying the `devise` YAML file.
|
47
72
|
|
48
|
-
The `
|
73
|
+
The `crack_time_display`, `feedback`, `score` and `min_password_score` variables are passed through if you need them.
|
74
|
+
|
75
|
+
```yml
|
76
|
+
# config/locales/devise.en.yml
|
77
|
+
en:
|
78
|
+
errors:
|
79
|
+
messages:
|
80
|
+
weak_password: "not strong enough. Consider adding a number, symbols or more letters to make it stronger."
|
81
|
+
```
|
82
|
+
|
83
|
+
### Skipping password complexity validation
|
49
84
|
|
50
|
-
|
51
|
-
en:
|
52
|
-
errors:
|
53
|
-
messages:
|
54
|
-
weak_password: "not strong enough. Consider adding a number, symbols or more letters to make it stronger."
|
85
|
+
To turn off password complexity validation for certain conditions, you could implement a concern (or similar) that overloads `skip_password_complexity?`:
|
55
86
|
|
87
|
+
```ruby
|
88
|
+
def skip_password_complexity?
|
89
|
+
true
|
90
|
+
end
|
91
|
+
```
|
56
92
|
|
57
93
|
## Contributing
|
58
94
|
|
59
95
|
1. Fork it
|
60
96
|
2. Create your feature branch (`git checkout -b my-new-feature`)
|
61
|
-
3.
|
62
|
-
4.
|
63
|
-
5.
|
97
|
+
3. Add test coverage for the feature, We use rspec for this purpose
|
98
|
+
4. Commit your changes (`git commit -am 'Add some feature'`)
|
99
|
+
5. Push to the branch (`git push origin my-new-feature`)
|
100
|
+
6. Create new Pull Request
|
data/devise_zxcvbn.gemspec
CHANGED
@@ -19,11 +19,12 @@ Gem::Specification.new do |spec|
|
|
19
19
|
spec.require_paths = ["lib"]
|
20
20
|
|
21
21
|
spec.add_development_dependency "activemodel"
|
22
|
-
spec.add_development_dependency "bundler", "~>
|
22
|
+
spec.add_development_dependency "bundler", "~> 2.2.33"
|
23
23
|
spec.add_development_dependency "rake"
|
24
24
|
spec.add_development_dependency "rspec"
|
25
25
|
spec.add_development_dependency "rspec_junit_formatter"
|
26
|
+
spec.add_development_dependency "byebug"
|
26
27
|
|
27
28
|
spec.add_runtime_dependency "devise"
|
28
|
-
spec.add_runtime_dependency("zxcvbn
|
29
|
+
spec.add_runtime_dependency("zxcvbn", "~> 0.1.7")
|
29
30
|
end
|
data/lib/devise_zxcvbn/model.rb
CHANGED
@@ -1,4 +1,6 @@
|
|
1
|
-
require
|
1
|
+
require "devise_zxcvbn/email_tokeniser"
|
2
|
+
require "devise_zxcvbn/errors/devise_zxcvbn_error"
|
3
|
+
require "ostruct"
|
2
4
|
|
3
5
|
module Devise
|
4
6
|
module Models
|
@@ -9,18 +11,28 @@ module Devise
|
|
9
11
|
delegate :zxcvbn_tester, to: "self.class"
|
10
12
|
|
11
13
|
included do
|
12
|
-
validate :
|
14
|
+
validate :strong_password, unless: :skip_password_complexity?
|
13
15
|
end
|
14
16
|
|
15
17
|
def password_score
|
16
|
-
@
|
18
|
+
@password_score = self.class.password_score(self)
|
19
|
+
end
|
20
|
+
|
21
|
+
def password_weak?
|
22
|
+
password_score.score < min_password_score
|
23
|
+
end
|
24
|
+
|
25
|
+
protected
|
26
|
+
|
27
|
+
def skip_password_complexity?
|
28
|
+
!password_required?
|
17
29
|
end
|
18
30
|
|
19
31
|
private
|
20
32
|
|
21
|
-
def
|
22
|
-
if errors.messages.blank? &&
|
23
|
-
errors.add :password, :weak_password, i18n_variables
|
33
|
+
def strong_password
|
34
|
+
if errors.messages.blank? && password_weak?
|
35
|
+
errors.add :password, :weak_password, **i18n_variables
|
24
36
|
end
|
25
37
|
end
|
26
38
|
|
@@ -28,28 +40,30 @@ module Devise
|
|
28
40
|
{
|
29
41
|
feedback: zxcvbn_feedback,
|
30
42
|
crack_time_display: time_to_crack,
|
31
|
-
score:
|
43
|
+
score: password_score.score,
|
32
44
|
min_password_score: min_password_score
|
33
45
|
}
|
34
46
|
end
|
35
47
|
|
36
48
|
def zxcvbn_feedback
|
37
|
-
feedback =
|
38
|
-
return
|
49
|
+
feedback = password_score.feedback.values.flatten.reject(&:empty?)
|
50
|
+
return "Add another word or two. Uncommon words are better." if feedback.empty?
|
39
51
|
|
40
|
-
feedback.join(
|
52
|
+
feedback.join(". ").gsub(/\.\s*\./, ".")
|
41
53
|
end
|
42
54
|
|
43
55
|
def time_to_crack
|
44
|
-
|
56
|
+
password_score.crack_times_display["offline_fast_hashing_1e10_per_second"]
|
45
57
|
end
|
46
58
|
|
47
|
-
|
59
|
+
class_methods do
|
48
60
|
Devise::Models.config(self, :min_password_score)
|
49
61
|
Devise::Models.config(self, :zxcvbn_tester)
|
50
62
|
|
51
|
-
def password_score(user, arg_email=nil)
|
52
|
-
password
|
63
|
+
def password_score(user, arg_email = nil)
|
64
|
+
return raise DeviseZxcvbnError, "the object must respond to password" unless user.respond_to?(:password)
|
65
|
+
|
66
|
+
password = user.password.to_s
|
53
67
|
|
54
68
|
zxcvbn_weak_words = []
|
55
69
|
|
@@ -58,14 +72,15 @@ module Devise
|
|
58
72
|
end
|
59
73
|
|
60
74
|
# User method results are saved locally to prevent repeat calls that might be expensive
|
61
|
-
if user.respond_to?
|
75
|
+
if user.respond_to?(:email)
|
62
76
|
local_email = user.email
|
63
77
|
zxcvbn_weak_words += [local_email, *DeviseZxcvbn::EmailTokeniser.split(local_email)]
|
64
78
|
end
|
65
79
|
|
66
|
-
if user.respond_to?
|
80
|
+
if user.respond_to?(:weak_words)
|
81
|
+
return raise DeviseZxcvbnError, "weak_words must return an Array" unless user.weak_words.is_a?(Array)
|
82
|
+
|
67
83
|
local_weak_words = user.weak_words
|
68
|
-
raise "weak_words must return an Array" unless (local_weak_words.is_a? Array)
|
69
84
|
zxcvbn_weak_words += local_weak_words
|
70
85
|
end
|
71
86
|
|
@@ -1,43 +1,130 @@
|
|
1
|
-
require
|
2
|
-
require
|
3
|
-
require
|
4
|
-
require
|
1
|
+
require 'active_model'
|
2
|
+
require 'devise'
|
3
|
+
require 'devise_zxcvbn'
|
4
|
+
require 'devise_zxcvbn/model'
|
5
5
|
|
6
6
|
describe Devise::Models::Zxcvbnable do
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
7
|
+
ValidDummyClass = Struct.new(:password, :skip_password_complexity, keyword_init: true) do
|
8
|
+
include ActiveModel::Validations
|
9
|
+
include Devise::Models::Zxcvbnable
|
10
|
+
|
11
|
+
def skip_password_complexity?
|
12
|
+
skip_password_complexity
|
12
13
|
end
|
13
14
|
end
|
14
15
|
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
16
|
+
let(:skip_password_complexity) { false }
|
17
|
+
|
18
|
+
describe '#password_score' do
|
19
|
+
context 'when password is strong' do
|
20
|
+
let(:user) { ValidDummyClass.new(password: 'Jm1C4C3aaDzC1aRW', skip_password_complexity: skip_password_complexity) }
|
21
|
+
|
22
|
+
it 'returns the score equal 4' do
|
23
|
+
password_score = user.password_score
|
24
|
+
|
25
|
+
expect(password_score.score).to eq(4)
|
26
|
+
expect(password_score.crack_times_display['offline_fast_hashing_1e10_per_second']).to eq('12 days')
|
27
|
+
end
|
28
|
+
end
|
29
|
+
|
30
|
+
context 'when password is weak' do
|
31
|
+
let(:user) { ValidDummyClass.new(password: '12345678', skip_password_complexity: skip_password_complexity) }
|
32
|
+
|
33
|
+
it 'returns the weak score' do
|
34
|
+
password_score = user.password_score
|
35
|
+
|
36
|
+
expect(password_score.score).to eq(0)
|
37
|
+
expect(password_score.crack_times_display['offline_fast_hashing_1e10_per_second']).to eq('less than a second')
|
38
|
+
end
|
20
39
|
end
|
40
|
+
end
|
41
|
+
|
42
|
+
describe '#password_weak?' do
|
43
|
+
let(:user) { ValidDummyClass.new(password: 'Jm1C4C3aaDzC1aRW', skip_password_complexity: skip_password_complexity) }
|
21
44
|
|
22
|
-
it
|
23
|
-
user
|
24
|
-
expect(user).to be_valid
|
25
|
-
expect(user.errors[:password]).to be_empty
|
45
|
+
it 'returns false for the call of the method' do
|
46
|
+
expect(user.password_weak?).to be_falsey
|
26
47
|
end
|
27
48
|
end
|
28
49
|
|
29
|
-
|
30
|
-
|
31
|
-
|
50
|
+
describe 'validations' do
|
51
|
+
subject { resource.validate; resource }
|
52
|
+
|
53
|
+
let(:resource) { ValidDummyClass.new(password: password, skip_password_complexity: skip_password_complexity) }
|
54
|
+
|
55
|
+
context 'when password complexity check is required' do
|
56
|
+
context 'when password is strong' do
|
57
|
+
let(:password) { 'Jm1C4C3aaDzC1aRW' }
|
32
58
|
|
33
|
-
|
59
|
+
it 'expects the model to be valid' do
|
60
|
+
expect(subject).to be_valid
|
61
|
+
end
|
34
62
|
|
35
|
-
|
36
|
-
|
63
|
+
it 'returns empty validation messages' do
|
64
|
+
expect(subject.errors[:password]).to be_empty
|
65
|
+
end
|
66
|
+
end
|
67
|
+
|
68
|
+
context 'when password is weak' do
|
69
|
+
let(:password) { '12345678' }
|
70
|
+
|
71
|
+
it 'expects the model to be invalid' do
|
72
|
+
expect(subject).to be_invalid
|
73
|
+
end
|
74
|
+
|
75
|
+
it 'returns validation message' do
|
76
|
+
expect(subject.errors[:password])
|
77
|
+
.to eq(['not strong enough. It scored 0. It must score at least 4.'])
|
78
|
+
end
|
79
|
+
end
|
80
|
+
end
|
81
|
+
|
82
|
+
context 'when password complexity check is not required' do
|
83
|
+
let(:skip_password_complexity) { true }
|
84
|
+
|
85
|
+
context 'when password score is strong' do
|
86
|
+
let(:password) { 'Jm1C4C3aaDzC1aRW' }
|
87
|
+
|
88
|
+
it 'expects the model to be valid' do
|
89
|
+
expect(subject).to be_valid
|
90
|
+
end
|
91
|
+
end
|
92
|
+
|
93
|
+
context 'when password score is weak' do
|
94
|
+
let(:password) { '12345678' }
|
95
|
+
|
96
|
+
it 'expects the model to be valid' do
|
97
|
+
expect(subject).to be_valid
|
98
|
+
end
|
99
|
+
end
|
100
|
+
end
|
101
|
+
end
|
102
|
+
|
103
|
+
describe 'exceptions raises' do
|
104
|
+
context 'when password method is not given for instance' do
|
105
|
+
class InvalidPasswordDummyClass < ValidDummyClass
|
106
|
+
undef_method :password
|
107
|
+
end
|
108
|
+
|
109
|
+
let(:user) { InvalidPasswordDummyClass.new }
|
110
|
+
|
111
|
+
it 'raises exception regarding absence password method' do
|
112
|
+
expect { user.password_score }.to raise_error(DeviseZxcvbnError, 'the object must respond to password')
|
113
|
+
end
|
37
114
|
end
|
38
115
|
|
39
|
-
|
40
|
-
|
116
|
+
context 'when weak_words method returns not Array' do
|
117
|
+
class InvalidWeakWordsDummyClass < ValidDummyClass
|
118
|
+
def weak_words
|
119
|
+
String.new()
|
120
|
+
end
|
121
|
+
end
|
122
|
+
|
123
|
+
let(:user) { InvalidWeakWordsDummyClass.new }
|
124
|
+
|
125
|
+
it 'raises exception regarding type of weak_words method' do
|
126
|
+
expect { user.password_score }.to raise_error(DeviseZxcvbnError, 'weak_words must return an Array')
|
127
|
+
end
|
41
128
|
end
|
42
129
|
end
|
43
130
|
end
|
data/spec/spec_helper.rb
CHANGED
@@ -1,96 +1,11 @@
|
|
1
|
-
|
2
|
-
|
3
|
-
# The generated `.rspec` file contains `--require spec_helper` which will cause
|
4
|
-
# this file to always be loaded, without a need to explicitly require it in any
|
5
|
-
# files.
|
6
|
-
#
|
7
|
-
# Given that it is always loaded, you are encouraged to keep this file as
|
8
|
-
# light-weight as possible. Requiring heavyweight dependencies from this file
|
9
|
-
# will add to the boot time of your test suite on EVERY test run, even for an
|
10
|
-
# individual file that may not need all of that loaded. Instead, consider making
|
11
|
-
# a separate helper file that requires the additional dependencies and performs
|
12
|
-
# the additional setup, and require it from the spec files that actually need
|
13
|
-
# it.
|
14
|
-
#
|
15
|
-
# The `.rspec` file also contains a few flags that are not defaults but that
|
16
|
-
# users commonly want.
|
17
|
-
#
|
18
|
-
# See http://rubydoc.info/gems/rspec-core/RSpec/Core/Configuration
|
1
|
+
require 'byebug'
|
2
|
+
|
19
3
|
RSpec.configure do |config|
|
20
|
-
# rspec-expectations config goes here. You can use an alternate
|
21
|
-
# assertion/expectation library such as wrong or the stdlib/minitest
|
22
|
-
# assertions if you prefer.
|
23
4
|
config.expect_with :rspec do |expectations|
|
24
|
-
# This option will default to `true` in RSpec 4. It makes the `description`
|
25
|
-
# and `failure_message` of custom matchers include text for helper methods
|
26
|
-
# defined using `chain`, e.g.:
|
27
|
-
# be_bigger_than(2).and_smaller_than(4).description
|
28
|
-
# # => "be bigger than 2 and smaller than 4"
|
29
|
-
# ...rather than:
|
30
|
-
# # => "be bigger than 2"
|
31
5
|
expectations.include_chain_clauses_in_custom_matcher_descriptions = true
|
32
6
|
end
|
33
7
|
|
34
|
-
# rspec-mocks config goes here. You can use an alternate test double
|
35
|
-
# library (such as bogus or mocha) by changing the `mock_with` option here.
|
36
8
|
config.mock_with :rspec do |mocks|
|
37
|
-
# Prevents you from mocking or stubbing a method that does not exist on
|
38
|
-
# a real object. This is generally recommended, and will default to
|
39
|
-
# `true` in RSpec 4.
|
40
9
|
mocks.verify_partial_doubles = true
|
41
10
|
end
|
42
|
-
|
43
|
-
# The settings below are suggested to provide a good initial experience
|
44
|
-
# with RSpec, but feel free to customize to your heart's content.
|
45
|
-
=begin
|
46
|
-
# These two settings work together to allow you to limit a spec run
|
47
|
-
# to individual examples or groups you care about by tagging them with
|
48
|
-
# `:focus` metadata. When nothing is tagged with `:focus`, all examples
|
49
|
-
# get run.
|
50
|
-
config.filter_run :focus
|
51
|
-
config.run_all_when_everything_filtered = true
|
52
|
-
|
53
|
-
# Allows RSpec to persist some state between runs in order to support
|
54
|
-
# the `--only-failures` and `--next-failure` CLI options. We recommend
|
55
|
-
# you configure your source control system to ignore this file.
|
56
|
-
config.example_status_persistence_file_path = "spec/examples.txt"
|
57
|
-
|
58
|
-
# Limits the available syntax to the non-monkey patched syntax that is
|
59
|
-
# recommended. For more details, see:
|
60
|
-
# - http://rspec.info/blog/2012/06/rspecs-new-expectation-syntax/
|
61
|
-
# - http://www.teaisaweso.me/blog/2013/05/27/rspecs-new-message-expectation-syntax/
|
62
|
-
# - http://rspec.info/blog/2014/05/notable-changes-in-rspec-3/#zero-monkey-patching-mode
|
63
|
-
config.disable_monkey_patching!
|
64
|
-
|
65
|
-
# This setting enables warnings. It's recommended, but in some cases may
|
66
|
-
# be too noisy due to issues in dependencies.
|
67
|
-
config.warnings = true
|
68
|
-
|
69
|
-
# Many RSpec users commonly either run the entire suite or an individual
|
70
|
-
# file, and it's useful to allow more verbose output when running an
|
71
|
-
# individual spec file.
|
72
|
-
if config.files_to_run.one?
|
73
|
-
# Use the documentation formatter for detailed output,
|
74
|
-
# unless a formatter has already been configured
|
75
|
-
# (e.g. via a command-line flag).
|
76
|
-
config.default_formatter = 'doc'
|
77
|
-
end
|
78
|
-
|
79
|
-
# Print the 10 slowest examples and example groups at the
|
80
|
-
# end of the spec run, to help surface which specs are running
|
81
|
-
# particularly slow.
|
82
|
-
config.profile_examples = 10
|
83
|
-
|
84
|
-
# Run specs in random order to surface order dependencies. If you find an
|
85
|
-
# order dependency and want to debug it, you can fix the order by providing
|
86
|
-
# the seed, which is printed after each run.
|
87
|
-
# --seed 1234
|
88
|
-
config.order = :random
|
89
|
-
|
90
|
-
# Seed global randomization in this process using the `--seed` CLI option.
|
91
|
-
# Setting this allows you to use `--seed` to deterministically reproduce
|
92
|
-
# test failures related to randomization by passing the same `--seed` value
|
93
|
-
# as the one that triggered the failure.
|
94
|
-
Kernel.srand config.seed
|
95
|
-
=end
|
96
11
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: devise_zxcvbn
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
4
|
+
version: 6.0.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Bit Zesty
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2021-12-17 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: activemodel
|
@@ -30,14 +30,14 @@ dependencies:
|
|
30
30
|
requirements:
|
31
31
|
- - "~>"
|
32
32
|
- !ruby/object:Gem::Version
|
33
|
-
version:
|
33
|
+
version: 2.2.33
|
34
34
|
type: :development
|
35
35
|
prerelease: false
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
37
37
|
requirements:
|
38
38
|
- - "~>"
|
39
39
|
- !ruby/object:Gem::Version
|
40
|
-
version:
|
40
|
+
version: 2.2.33
|
41
41
|
- !ruby/object:Gem::Dependency
|
42
42
|
name: rake
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
@@ -80,6 +80,20 @@ dependencies:
|
|
80
80
|
- - ">="
|
81
81
|
- !ruby/object:Gem::Version
|
82
82
|
version: '0'
|
83
|
+
- !ruby/object:Gem::Dependency
|
84
|
+
name: byebug
|
85
|
+
requirement: !ruby/object:Gem::Requirement
|
86
|
+
requirements:
|
87
|
+
- - ">="
|
88
|
+
- !ruby/object:Gem::Version
|
89
|
+
version: '0'
|
90
|
+
type: :development
|
91
|
+
prerelease: false
|
92
|
+
version_requirements: !ruby/object:Gem::Requirement
|
93
|
+
requirements:
|
94
|
+
- - ">="
|
95
|
+
- !ruby/object:Gem::Version
|
96
|
+
version: '0'
|
83
97
|
- !ruby/object:Gem::Dependency
|
84
98
|
name: devise
|
85
99
|
requirement: !ruby/object:Gem::Requirement
|
@@ -95,19 +109,19 @@ dependencies:
|
|
95
109
|
- !ruby/object:Gem::Version
|
96
110
|
version: '0'
|
97
111
|
- !ruby/object:Gem::Dependency
|
98
|
-
name: zxcvbn
|
112
|
+
name: zxcvbn
|
99
113
|
requirement: !ruby/object:Gem::Requirement
|
100
114
|
requirements:
|
101
115
|
- - "~>"
|
102
116
|
- !ruby/object:Gem::Version
|
103
|
-
version:
|
117
|
+
version: 0.1.7
|
104
118
|
type: :runtime
|
105
119
|
prerelease: false
|
106
120
|
version_requirements: !ruby/object:Gem::Requirement
|
107
121
|
requirements:
|
108
122
|
- - "~>"
|
109
123
|
- !ruby/object:Gem::Version
|
110
|
-
version:
|
124
|
+
version: 0.1.7
|
111
125
|
description: 'This gems works with devise to provide backend password strength checking
|
112
126
|
via zxcvbn-js to reject weak passwords '
|
113
127
|
email:
|
@@ -116,21 +130,25 @@ executables: []
|
|
116
130
|
extensions: []
|
117
131
|
extra_rdoc_files: []
|
118
132
|
files:
|
133
|
+
- ".github/workflows/gem-push.yml"
|
134
|
+
- ".github/workflows/ruby.yml"
|
119
135
|
- ".gitignore"
|
120
136
|
- ".rspec"
|
137
|
+
- CHANGELOG.md
|
121
138
|
- Gemfile
|
122
139
|
- LICENSE.txt
|
123
140
|
- README.md
|
124
141
|
- Rakefile
|
125
|
-
- circle.yml
|
126
142
|
- devise_zxcvbn.gemspec
|
127
143
|
- lib/devise_zxcvbn.rb
|
128
144
|
- lib/devise_zxcvbn/email_tokeniser.rb
|
145
|
+
- lib/devise_zxcvbn/errors/devise_zxcvbn_error.rb
|
129
146
|
- lib/devise_zxcvbn/locales/en.yml
|
130
147
|
- lib/devise_zxcvbn/model.rb
|
131
148
|
- lib/devise_zxcvbn/version.rb
|
132
149
|
- spec/devise_zxcvbn/devise_zxcbn_spec.rb
|
133
150
|
- spec/devise_zxcvbn/email_tokeniser_spec.rb
|
151
|
+
- spec/devise_zxcvbn/errors/devise_zxcvbn_error.rb
|
134
152
|
- spec/devise_zxcvbn/model_spec.rb
|
135
153
|
- spec/spec_helper.rb
|
136
154
|
homepage: https://github.com/bitzesty/devise_zxcvbn
|
@@ -152,13 +170,13 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
152
170
|
- !ruby/object:Gem::Version
|
153
171
|
version: '0'
|
154
172
|
requirements: []
|
155
|
-
|
156
|
-
rubygems_version: 2.4.5.1
|
173
|
+
rubygems_version: 3.0.3.1
|
157
174
|
signing_key:
|
158
175
|
specification_version: 4
|
159
176
|
summary: Devise plugin to reject weak passwords
|
160
177
|
test_files:
|
161
178
|
- spec/devise_zxcvbn/devise_zxcbn_spec.rb
|
162
179
|
- spec/devise_zxcvbn/email_tokeniser_spec.rb
|
180
|
+
- spec/devise_zxcvbn/errors/devise_zxcvbn_error.rb
|
163
181
|
- spec/devise_zxcvbn/model_spec.rb
|
164
182
|
- spec/spec_helper.rb
|