quo_vadis 2.2.5 → 2.2.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +6 -0
  3. data/README.md +2 -0
  4. data/app/models/quo_vadis/password.rb +15 -10
  5. data/lib/quo_vadis/version.rb +1 -1
  6. data/lib/quo_vadis.rb +1 -1
  7. data/test/models/account_test.rb +2 -2
  8. data/test/models/model_test.rb +1 -1
  9. metadata +3 -7
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: d6a07996a9ca5d95f789060694cf9a1be4d2bc7c8e585f7a60c1e3c883eec1e7
4
- data.tar.gz: 350e447a8897c4af8b0bad19971b23bc7d551ca348d4cb1ae0d6ff713f928883
3
+ metadata.gz: 793c8183dd6e61c69255ca9e13a9726949591cbc4e3dda9890fb213848819dea
4
+ data.tar.gz: a01e34b058359d91dac594c617a2c55550f16f2e607a9b254f2087eab9eadc10
5
5
  SHA512:
6
- metadata.gz: 8461e1e31a53a02073b281d99028b0b25839764746d986e7e3325b5c5e8763d4b34cc48b1ae69064405022341fb76101488dc11f3229e8d0d3afcf236beb02fc
7
- data.tar.gz: 508ebf170a8abe591c8217a68390b9e11ec0204b86412e87b86ead2e84b3e0fcab2886aa22897a2d4266d43370cc42c25938a4e92c3073bf042d695278dff761
6
+ metadata.gz: b5c29de9d14f2d2d14e4fcefa04379b0135c5720b27df6d3762c30503e121cb811f1e0248a76d589580931f953367c04f810d286df15204abe2c52b2df1c82cb
7
+ data.tar.gz: 9afd5eb09d2b91db1a5c3023e2c2b4fccd545231b39188fa95acebab677549dc642a657797b8c2e59b83b00595ce21083ffeadf0be2f4c17aa09e64496a9a672
data/CHANGELOG.md CHANGED
@@ -4,6 +4,12 @@
4
4
  ## HEAD
5
5
 
6
6
 
7
+ ## 2.2.6 (17 November 2025)
8
+
9
+ * Make permitting of password updates explicit.
10
+ * Feature-detect method rather than module for normalisation.
11
+
12
+
7
13
  ## 2.2.5 (14 April 2025)
8
14
 
9
15
  * Normalise identifier value for lookup.
data/README.md CHANGED
@@ -59,6 +59,8 @@ Finally, copy the example views across:
59
59
  rails generate quo_vadis:install
60
60
  ```
61
61
 
62
+ You may find that you need to eager load your code in development so that your model's / models' `#authenticates` call(s) executes straightaway. This method registers your model(s) with QuoVadis, which needs to happen before you can do any authentication-related things such as reset your password.
63
+
62
64
 
63
65
  ## Usage
64
66
 
data/app/models/quo_vadis/password.rb CHANGED
@@ -7,12 +7,14 @@ module QuoVadis
7
7
  has_secure_password
8
8
 
9
9
  validates_length_of :password, minimum: QuoVadis.password_minimum_length, allow_blank: true
10
- validate :password_updated_legitimately, on: :update
10
+ validate :permitted_update, on: :update
11
11
 
12
12
  attr_accessor :new_password
13
13
 
14
14
 
15
15
  def change(current_plaintext, new_plaintext, new_plaintext_confirmation)
16
+ permit_password_update
17
+
16
18
  unless authenticate current_plaintext
17
19
  errors.add :password, :incorrect
18
20
  return false
@@ -38,6 +40,8 @@ module QuoVadis
38
40
 
39
41
 
40
42
  def reset(new_plaintext, new_plaintext_confirmation)
43
+ permit_password_update
44
+
41
45
  # has_secure_password ignores empty passwords ("") on update so reject them here.
42
46
  if new_plaintext.empty?
43
47
  errors.add :password, :blank
@@ -56,18 +60,19 @@ module QuoVadis
56
60
 
57
61
  private
58
62
 
59
- def password_updated_legitimately
60
- return unless password_digest_changed?
63
+ def permit_password_update
64
+ @permit_password_update = true
65
+ end
61
66
 
62
- unless change_or_reset_called?
63
- errors.add :password, 'must be updated via #change or #reset'
64
- end
67
+ def permit_password_update?
68
+ @permit_password_update
65
69
  end
66
70
 
67
- def change_or_reset_called?
68
- caller_locations.any? { |loc|
69
- ['change', 'reset'].include?(loc.label) && Pathname.new(loc.path).basename.to_s == 'password.rb'
70
- }
71
+ def permitted_update
72
+ return unless password_digest_changed?
73
+ return if permit_password_update?
74
+
75
+ errors.add :password, 'must be updated via #change or #reset'
71
76
  end
72
77
  end
73
78
  end
data/lib/quo_vadis/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module QuoVadis
4
- VERSION = '2.2.5'
4
+ VERSION = '2.2.6'
5
5
  end
data/lib/quo_vadis.rb CHANGED
@@ -53,7 +53,7 @@ module QuoVadis
53
53
  identifier = detect_identifier params.keys
54
54
  value = params[identifier]
55
55
 
56
- return value unless defined?(ActiveRecord::Normalization)
56
+ return value unless ApplicationRecord.respond_to? :normalize_value_for
57
57
 
58
58
  klass = model_of(identifier.to_sym).constantize
59
59
  klass.normalize_value_for(identifier.to_sym, value)
data/test/models/account_test.rb CHANGED
@@ -17,7 +17,7 @@ class AccountTest < ActiveSupport::TestCase
17
17
  p = Person.create! username: 'bob', email: 'bob@example.com', password: 'secretsecret'
18
18
  assert_enqueued_email_with QuoVadis::Mailer,
19
19
  :identifier_change_notification,
20
- args: {email: 'bob@example.com', identifier: 'username', ip: nil, timestamp: Time.now} do
20
+ params: {email: 'bob@example.com', identifier: 'username', ip: nil, timestamp: Time.now} do
21
21
  assert_enqueued_emails 1 do
22
22
  p.update username: 'robert@example.com'
23
23
  end
@@ -30,7 +30,7 @@ class AccountTest < ActiveSupport::TestCase
30
30
  u = User.create! name: 'bob', email: 'bob@example.com', password: '123456789abc'
31
31
  assert_enqueued_email_with QuoVadis::Mailer,
32
32
  :email_change_notification,
33
- args: {email: 'bob@example.com', ip: nil, timestamp: Time.now} do
33
+ params: {email: 'bob@example.com', ip: nil, timestamp: Time.now} do
34
34
  assert_enqueued_emails 1 do
35
35
  u.update email: 'robert@example.com'
36
36
  end
data/test/models/model_test.rb CHANGED
@@ -63,7 +63,7 @@ class ModelTest < ActiveSupport::TestCase
63
63
  u = User.create! name: 'bob', email: 'bob@example.com', password: '123456789abc'
64
64
  assert_enqueued_email_with QuoVadis::Mailer,
65
65
  :email_change_notification,
66
- args: {email: 'bob@example.com', ip: nil, timestamp: Time.now} do
66
+ params: {email: 'bob@example.com', ip: nil, timestamp: Time.now} do
67
67
  u.update email: 'robert@example.com'
68
68
  end
69
69
  end
metadata CHANGED
@@ -1,14 +1,13 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: quo_vadis
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.2.5
4
+ version: 2.2.6
5
5
  platform: ruby
6
6
  authors:
7
7
  - Andy Stewart
8
- autorequire:
9
8
  bindir: bin
10
9
  cert_chain: []
11
- date: 2025-04-14 00:00:00.000000000 Z
10
+ date: 1980-01-02 00:00:00.000000000 Z
12
11
  dependencies:
13
12
  - !ruby/object:Gem::Dependency
14
13
  name: rails
@@ -66,7 +65,6 @@ dependencies:
66
65
  - - "~>"
67
66
  - !ruby/object:Gem::Version
68
67
  version: '2.0'
69
- description:
70
68
  email:
71
69
  - boss@airbladesoftware.com
72
70
  executables: []
@@ -206,7 +204,6 @@ homepage: https://github.com/airblade/quo_vadis
206
204
  licenses:
207
205
  - MIT
208
206
  metadata: {}
209
- post_install_message:
210
207
  rdoc_options: []
211
208
  require_paths:
212
209
  - lib
@@ -221,8 +218,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
221
218
  - !ruby/object:Gem::Version
222
219
  version: '0'
223
220
  requirements: []
224
- rubygems_version: 3.5.11
225
- signing_key:
221
+ rubygems_version: 3.7.2
226
222
  specification_version: 4
227
223
  summary: Multifactor authentication for Rails.
228
224
  test_files: []