vizjerai-devise_security_extension 0.3.2

data/.document

@@ -0,0 +1,5 @@
+lib/**/*.rb
+bin/*
+- 
+features/**/*.feature
+LICENSE.txt

data/Gemfile

@@ -0,0 +1,14 @@
+source "http://rubygems.org"
+# Add dependencies required to use your gem here.
+# Example:
+gem "rails"
+gem "devise"
+gem "rails_email_validator"
+
+# Add dependencies to develop your gem here.
+# Include everything needed to run rake, tests, features, etc.
+group :development do
+  gem "bundler", "~> 1.0.0"
+  gem "jeweler", "~> 1.5.2"
+  gem "rcov", ">= 0"
+end

data/Gemfile.lock

@@ -0,0 +1,91 @@
+GEM
+  remote: http://rubygems.org/
+  specs:
+    abstract (1.0.0)
+    actionmailer (3.0.3)
+      actionpack (= 3.0.3)
+      mail (~> 2.2.9)
+    actionpack (3.0.3)
+      activemodel (= 3.0.3)
+      activesupport (= 3.0.3)
+      builder (~> 2.1.2)
+      erubis (~> 2.6.6)
+      i18n (~> 0.4)
+      rack (~> 1.2.1)
+      rack-mount (~> 0.6.13)
+      rack-test (~> 0.5.6)
+      tzinfo (~> 0.3.23)
+    activemodel (3.0.3)
+      activesupport (= 3.0.3)
+      builder (~> 2.1.2)
+      i18n (~> 0.4)
+    activerecord (3.0.3)
+      activemodel (= 3.0.3)
+      activesupport (= 3.0.3)
+      arel (~> 2.0.2)
+      tzinfo (~> 0.3.23)
+    activeresource (3.0.3)
+      activemodel (= 3.0.3)
+      activesupport (= 3.0.3)
+    activesupport (3.0.3)
+    arel (2.0.7)
+    bcrypt-ruby (2.1.4)
+    builder (2.1.2)
+    devise (1.1.5)
+      bcrypt-ruby (~> 2.1.2)
+      warden (~> 1.0.2)
+    erubis (2.6.6)
+      abstract (>= 1.0.0)
+    git (1.2.5)
+    i18n (0.5.0)
+    jeweler (1.5.2)
+      bundler (~> 1.0.0)
+      git (>= 1.2.5)
+      rake
+    mail (2.2.15)
+      activesupport (>= 2.3.6)
+      i18n (>= 0.4.0)
+      mime-types (~> 1.16)
+      treetop (~> 1.4.8)
+    mime-types (1.16)
+    polyglot (0.3.1)
+    rack (1.2.1)
+    rack-mount (0.6.13)
+      rack (>= 1.0.0)
+    rack-test (0.5.7)
+      rack (>= 1.0)
+    rails (3.0.3)
+      actionmailer (= 3.0.3)
+      actionpack (= 3.0.3)
+      activerecord (= 3.0.3)
+      activeresource (= 3.0.3)
+      activesupport (= 3.0.3)
+      bundler (~> 1.0)
+      railties (= 3.0.3)
+    rails_email_validator (0.1.1)
+      activemodel (>= 3.0.0)
+      activemodel (>= 3.0.0)
+    railties (3.0.3)
+      actionpack (= 3.0.3)
+      activesupport (= 3.0.3)
+      rake (>= 0.8.7)
+      thor (~> 0.14.4)
+    rake (0.8.7)
+    rcov (0.9.9)
+    thor (0.14.6)
+    treetop (1.4.9)
+      polyglot (>= 0.3.1)
+    tzinfo (0.3.24)
+    warden (1.0.3)
+      rack (>= 1.0.0)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  bundler (~> 1.0.0)
+  devise
+  jeweler (~> 1.5.2)
+  rails
+  rails_email_validator
+  rcov

data/LICENSE.txt

@@ -0,0 +1,20 @@
+Copyright (c) 2011 Marco Scholl
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.rdoc

@@ -0,0 +1,90 @@
+= devise_security_extension
+
+an security extension for devise
+
+== Installation
+add to Gemfile
+  gem 'devise_security_extension'
+
+after bundle execute
+  rails g devise_security_extension:install
+
+== Configuration
+
+  Devise.setup do |config|
+    # Should the password expire (e.g 3.months)
+    # config.expire_password_after = 3.months
+
+    # Need 1 char of A-Z, a-z and 0-9
+    # config.password_regex = /(?=.*\d)(?=.*[a-z])(?=.*[A-Z])/
+
+    # How often save old passwords in archive
+    # config.password_archiving_count = 5
+
+    # Deny old password (true, false, count)
+    # config.deny_old_passwords = true
+
+== Model modules
+
+ * :password_expirable - activate that passwords will expire
+ * :secure_validatable - better way to validate model. don't use with :validatable!!!
+ * :password_archivable - save password in old_passwords for history checks
+
+== Schema
+
+=== Password expirable
+
+  create_table :the_resources do |t|
+    t.password_expirable
+  end
+
+=== Password archive
+
+  create_table :old_passwords do |t|
+    t.password_archivable
+  end
+  add_index :old_passwords, [:password_archivable_type, :password_archivable_id], :name => :index_password_archivable
+
+== Requirements
+
+* devise (https://github.com/plataformatec/devise)
+* Rails 3 (http://github.com/rails/rails)
+
+== Features
+
+ * expire passwords (update password with current password)
+ * strong password validation
+ * save old passwords for check new passwords
+
+== Todo
+
+ * easy_captcha for registration
+ * easy_captcha for password forgotten
+ * easy_captcha for unlock instructions
+ * disable inactive users after time
+
+== History
+ * 0.1 expire passwords
+ * 0.2 strong password validation
+ * 0.3 password archivable with validation
+
+== Maintainers
+
+* Team Phatworx (http://github.com/phatworx)
+* Marco Scholl (http://github.com/traxanos)
+
+== Contributing to devise_security_extension
+ 
+* Check out the latest master to make sure the feature hasn't been implemented or the bug hasn't been fixed yet
+* Check out the issue tracker to make sure someone already hasn't requested it and/or contributed it
+* Fork the project
+* Start a feature/bugfix branch
+* Commit and push until you are happy with your contribution
+* Make sure to add tests for it. This is important so I don't break it in a future version unintentionally.
+* Please try not to mess with the Rakefile, version, or history. If you want to have your own version, or is otherwise necessary, that is fine, but please isolate to its own commit so I can cherry-pick around it.
+
+== Copyright
+
+Copyright (c) 2011 Marco Scholl. See LICENSE.txt for
+further details.
+

data/Rakefile

@@ -0,0 +1,49 @@
+require 'rubygems'
+require 'bundler'
+begin
+  Bundler.setup(:default, :development)
+rescue Bundler::BundlerError => e
+  $stderr.puts e.message
+  $stderr.puts "Run `bundle install` to install missing gems"
+  exit e.status_code
+end
+require 'rake'
+
+require 'jeweler'
+Jeweler::Tasks.new do |gem|
+  # gem is a Gem::Specification... see http://docs.rubygems.org/read/chapter/20 for more options
+  gem.name = "vizjerai-devise_security_extension"
+  gem.homepage = "http://github.com/phatworx/devise_security_extension"
+  gem.license = "MIT"
+  gem.summary = %Q{an security extension for devise}
+  gem.description = %Q{a gem for extend devise for more password security}
+  gem.email = "team@phatworx.de"
+  gem.authors = ["Marco Scholl"]
+end
+Jeweler::RubygemsDotOrgTasks.new
+
+require 'rake/testtask'
+Rake::TestTask.new(:test) do |test|
+  test.libs << 'lib' << 'test'
+  test.pattern = 'test/**/test_*.rb'
+  test.verbose = true
+end
+
+require 'rcov/rcovtask'
+Rcov::RcovTask.new do |test|
+  test.libs << 'test'
+  test.pattern = 'test/**/test_*.rb'
+  test.verbose = true
+end
+
+task :default => :test
+
+require 'rake/rdoctask'
+Rake::RDocTask.new do |rdoc|
+  version = File.exist?('VERSION') ? File.read('VERSION') : ""
+
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title = "devise_security_extension #{version}"
+  rdoc.rdoc_files.include('README*')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end

data/VERSION

@@ -0,0 +1 @@
+0.3.2

data/app/controllers/devise/password_expired_controller.rb

@@ -0,0 +1,35 @@
+class Devise::PasswordExpiredController < ApplicationController
+  skip_before_filter :handle_password_change
+  prepend_before_filter :authenticate_scope!, :only => [:show, :update]
+  include Devise::Controllers::InternalHelpers
+
+  def show
+    if resource.need_change_password?
+      render_with_scope :show
+    else
+      redirect_to :root
+    end
+  end
+
+  def update
+    if resource.update_with_password(params[resource_name])
+      warden.session(scope)[:password_expired] = false
+      set_flash_message :notice, :updated
+      redirect_to stored_location_for(scope) || :root
+    else
+      clean_up_passwords(resource)
+      render_with_scope :show
+    end
+  end
+
+  private
+
+  def scope
+    resource_name.to_sym
+  end
+
+  def authenticate_scope!
+    send(:"authenticate_#{resource_name}!")
+    self.resource = send("current_#{resource_name}")
+  end
+end

data/app/views/devise/password_expired/show.html.erb

@@ -0,0 +1,16 @@
+<h2>Renew your password</h2>
+
+<%= form_for(resource, :as => resource_name, :url => [resource_name, :password_expired], :html => { :method => :put }) do |f| %>
+  <%= devise_error_messages! %>
+
+  <p><%= f.label :current_password, "Current password" %><br />
+  <%= f.password_field :current_password %></p>
+
+  <p><%= f.label :password, "New password" %><br />
+  <%= f.password_field :password %></p>
+
+  <p><%= f.label :password_confirmation, "Confirm new password" %><br />
+  <%= f.password_field :password_confirmation %></p>
+
+  <p><%= f.submit "Change my password" %></p>
+<% end %>

data/config/locales/de.yml

@@ -0,0 +1,8 @@
+de:
+  errors:
+    messages:
+      taken_in_past: Ihr Passwort kann nicht wiederholt werden.
+  devise:
+    password_expired:
+      updated: "Das neue Passwort wurde übernommen"
+      change_required: Ihr Passwort ist abgelaufen. Bitte vergeben sie ein neues Passwort!

data/config/locales/en.yml

@@ -0,0 +1,8 @@
+en:
+  errors:
+    messages:
+      taken_in_past: Your password cannot be repeated.
+  devise:
+    password_expired:
+      updated: Your new password is saved
+      change_required: Your password is expired. Please renew your password!

data/lib/devise_security_extension/controllers/helpers.rb

@@ -0,0 +1,44 @@
+module DeviseSecurityExtension
+  module Controllers # :nodoc:
+    module Helpers # :nodoc:
+      extend ActiveSupport::Concern
+
+      included do
+        before_filter :handle_password_change
+      end
+
+
+      # controller instance methods
+      module InstanceMethods
+        private
+
+        # lookup if an password change needed
+        def handle_password_change
+          Devise.mappings.keys.flatten.any? do |scope|
+            if signed_in? scope
+              if warden.session(scope)[:password_expired]
+                session["#{scope}_return_to"] = request.path if request.get?
+                redirect_for_password_change scope
+                break
+              end
+            end
+          end
+        end
+
+        # redirect for password update with alert message
+        def redirect_for_password_change(scope)
+          redirect_to change_password_required_path_for(scope), :alert => I18n.t('change_required', {:scope => 'devise.password_expired'})
+        end
+
+        # path for change password
+        def change_password_required_path_for(resource_or_scope = nil)
+          scope       = Devise::Mapping.find_scope!(resource_or_scope)
+          change_path = "#{scope}_password_expired_path"
+          send(change_path)
+        end
+
+      end
+    end
+  end
+
+end

data/lib/devise_security_extension/hooks/password_expirable.rb

@@ -0,0 +1,3 @@
+Warden::Manager.after_authentication do |record, warden, options|
+  warden.session(options[:scope])[:password_expired] = record.need_change_password?
+end

data/lib/devise_security_extension/models/old_password.rb

@@ -0,0 +1,3 @@
+class OldPassword < ActiveRecord::Base
+  belongs_to :password_archivable, :polymorphic => true
+end

data/lib/devise_security_extension/models/password_archivable.rb

@@ -0,0 +1,67 @@
+module Devise # :nodoc:
+  module Models # :nodoc:
+
+    # PasswordArchivable
+    module PasswordArchivable
+
+      def self.included(base) # :nodoc:
+        base.extend ClassMethods
+
+        base.class_eval do
+          include InstanceMethods
+          has_many :old_passwords, :as => :password_archivable, :class_name => "OldPassword"
+          before_update :archive_password
+          validate :validate_password_archive
+        end
+      end
+
+      module InstanceMethods # :nodoc:
+
+        def validate_password_archive
+          self.errors.add(:password, :taken_in_past) if password_archive_included?
+        end
+
+        # validate is the password used in the past
+        def password_archive_included?
+          unless self.class.deny_old_passwords.is_a? Fixnum
+            if self.class.deny_old_passwords.is_a? TrueClass and self.class.password_archiving_count > 0
+              self.class.deny_old_passwords = self.class.password_archiving_count
+            else
+              self.class.deny_old_passwords = 0
+            end
+          end
+
+          if self.class.deny_old_passwords > 0 and not self.password.nil?
+            self.old_passwords.order('created_at DESC').limit(self.class.deny_old_passwords).limit(self.class.deny_old_passwords).each do |old_password|
+              dummy                    = self.class.new
+              dummy.encrypted_password = old_password.encrypted_password
+              dummy.password_salt      = old_password.password_salt
+              return true if dummy.valid_password?(self.password)
+            end
+          end
+
+          false
+        end
+
+        private
+
+        # archive the last password before save and delete all to old passwords from archive
+        def archive_password
+          if self.encrypted_password_changed?
+            if self.class.password_archiving_count.to_i > 0
+              self.old_passwords.create! :encrypted_password => self.encrypted_password_change.first, :password_salt => self.password_salt_change.first
+              self.old_passwords.order('created_at DESC').offset(self.class.password_archiving_count).destroy_all
+            else
+              self.old_passwords.destroy_all
+            end
+          end
+        end
+      end
+
+      module ClassMethods #:nodoc:
+        ::Devise::Models.config(self, :password_archiving_count, :deny_old_passwords)
+      end
+    end
+  end
+
+end

data/lib/devise_security_extension/models/password_expirable.rb

@@ -0,0 +1,63 @@
+require 'devise_security_extension/hooks/password_expirable'
+
+module Devise # :nodoc:
+  module Models # :nodoc:
+
+    # PasswordExpirable takes care of change password after
+    module PasswordExpirable
+
+      def self.included(base) # :nodoc:
+        base.extend ClassMethods
+
+        base.class_eval do
+          before_save :update_password_changed
+          include InstanceMethods
+        end
+      end
+
+      module InstanceMethods # :nodoc:
+
+        # is an password change required?
+        def need_change_password?
+          if self.class.expire_password_after.is_a? Fixnum
+            self.password_changed_at.nil? or self.password_changed_at < self.class.expire_password_after.ago
+          else
+            false
+          end
+        end
+
+        # set a fake datetime so a password change is needed and save the record
+        def need_change_password!
+          if self.class.expire_password_after.is_a? Fixnum
+            need_change_password
+            self.save(:validate => false)
+          end
+        end
+
+        # set a fake datetime so a password change is needed
+        def need_change_password
+          if self.class.expire_password_after.is_a? Fixnum
+            self.password_changed_at = self.class.expire_password_after.ago
+          end
+
+          # is date not set it will set default to need set new password next login
+          need_change_password if self.password_changed_at.nil?
+
+          self.password_changed_at
+        end
+
+        private
+
+        # is password changed then update password_cahanged_at
+        def update_password_changed
+          self.password_changed_at = Time.now if (self.new_record? or self.encrypted_password_changed?) and not self.password_changed_at_changed?
+        end
+      end
+
+      module ClassMethods #:nodoc:
+        ::Devise::Models.config(self, :expire_password_after)
+      end
+    end
+  end
+
+end

data/lib/devise_security_extension/models/password_validatable.rb

@@ -0,0 +1,32 @@
+module Devise # :nodoc:
+  module Models # :nodoc:
+
+    # PasswordValidatable takes care of password validation for the password_regex
+    module PasswordValidatable
+
+      def self.include(base) # :nodoc:
+        base.extend ClassMethods
+        assert_password_validations_api!(base)
+
+        base.class_eval do
+          # validates password
+          validates :password, :format => password_regex, :if => :password_required?
+        end
+      end
+
+      def self.assert_password_validations_api!(base) # :nodoc:
+        raise "Could not use PasswordValidatable on #{base}" unless base.respond_to?(:validates)
+      end
+
+      protected
+
+      def password_required?
+        !persisted? || !password.nil? || !password_confirmation.nil?
+      end
+
+      module ClassMethods # :nodoc:
+        ::Devise::Models.config(self, :password_regex)
+      end
+    end
+  end
+end

data/lib/devise_security_extension/models/secure_validatable.rb

@@ -0,0 +1,55 @@
+module Devise
+  module Models
+    # SecureValidatable creates better validations with more validation for security
+    #
+    # == Options
+    #
+    # SecureValidatable adds the following options to devise_for:
+    #
+    #   * +email_regexp+: the regular expression used to validate e-mails;
+    #   * +password_length+: a range expressing password length. Defaults from devise
+    #   * +password_regex+: need strong password. Defaults to /(?=.*\d)(?=.*[a-z])(?=.*[A-Z])/
+    #
+    module SecureValidatable
+
+      def self.included(base)
+        base.extend ClassMethods
+        assert_secure_validations_api!(base)
+
+        base.class_eval do
+
+          # uniq login
+          validates authentication_keys[0], :uniqueness => {:scope => authentication_keys[1..-1]}#, :case_sensitive => case_insensitive_keys.exclude?(authentication_keys[0])
+
+          # validates email
+          validates :email, :presence => true, :if => :email_required?
+          validates :email, :email => true # use rails_email_validator
+
+          # validates password
+          validates :password, :presence => true, :length => password_length, :format => password_regex, :confirmation => true, :if => :password_required?
+        end
+      end
+
+      def self.assert_secure_validations_api!(base) #:nodoc:
+        raise "Could not use SecureValidatable on #{base}" unless base.respond_to?(:validates)
+      end
+
+      protected
+
+      # Checks whether a password is needed or not. For validations only.
+      # Passwords are always required if it's a new record, or if the password
+      # or confirmation are being set somewhere.
+      def password_required?
+        !persisted? || !password.nil? || !password_confirmation.nil?
+      end
+
+      def email_required?
+        true
+      end
+
+      module ClassMethods
+        Devise::Models.config(self, :password_regex, :password_length)
+      end
+    end
+  end
+end

data/lib/devise_security_extension/orm/active_record.rb

@@ -0,0 +1,20 @@
+module DeviseSecurityExtension
+  module Orm
+    # This module contains some helpers and handle schema (migrations):
+    #
+    #   create_table :accounts do |t|
+    #     t.password_expirable
+    #   end
+    #
+    module ActiveRecord
+      module Schema
+        include DeviseSecurityExtension::Schema
+
+
+      end
+    end
+  end
+end
+
+ActiveRecord::ConnectionAdapters::Table.send :include, DeviseSecurityExtension::Orm::ActiveRecord::Schema
+ActiveRecord::ConnectionAdapters::TableDefinition.send :include, DeviseSecurityExtension::Orm::ActiveRecord::Schema

data/lib/devise_security_extension/rails.rb

@@ -0,0 +1,7 @@
+module DeviseSecurityExtension
+  class Engine < ::Rails::Engine # :nodoc:
+    ActiveSupport.on_load(:action_controller) do
+      include DeviseSecurityExtension::Controllers::Helpers
+    end
+  end
+end

data/lib/devise_security_extension/routes.rb

@@ -0,0 +1,13 @@
+module ActionDispatch::Routing # :nodoc:
+  class Mapper # :nodoc:
+
+    protected
+
+    # route for handle expired passwords
+    def devise_password_expired(mapping, controllers)
+      resource :password_expired, :only => [:show, :update], :path => mapping.path_names[:password_expired], :controller => controllers[:password_expired]
+    end
+
+  end
+end
+

data/lib/devise_security_extension/schema.rb

@@ -0,0 +1,40 @@
+module DeviseSecurityExtension
+  # add schema helper for migrations
+  module Schema
+    # Add password_changed_at columns in the resource's database table.
+    #
+    # Examples
+    #
+    # # For a new resource migration:
+    # create_table :the_resources do |t|
+    #   t.password_expirable
+    # ...
+    # end
+    #
+    # # or if the resource's table already exists, define a migration and put this in:
+    # change_table :the_resources do |t|
+    #   t.datetime :password_changed_at
+    # end
+    #
+    def password_expirable
+      apply_devise_schema :password_changed_at, DateTime
+    end
+
+    # Add password_archivable columns
+    #
+    # Examples
+    #
+    # create_table :old_passwords do
+    #   t.password_archivable
+    # end
+    # add_index :old_passwords, [:password_archivable_type, :password_archivable_id], :name => :index_password_archivable
+    #
+    def password_archivable
+      apply_devise_schema :encrypted_password, String, :limit => 128, :null => false
+      apply_devise_schema :password_salt, String, :null => false
+      apply_devise_schema :password_archivable_id, Integer, :null => false
+      apply_devise_schema :password_archivable_type, String, :null => false
+      apply_devise_schema :created_at, DateTime
+    end
+  end
+end

data/lib/devise_security_extension.rb

@@ -0,0 +1,44 @@
+#require 'rails/all'
+require 'active_record/connection_adapters/abstract/schema_definitions'
+require 'active_support/core_ext/integer'
+require 'active_support/ordered_hash'
+require 'active_support/concern'
+require 'devise'
+
+module Devise # :nodoc:
+
+  # Should the password expire (e.g 3.months)
+  mattr_accessor :expire_password_after
+  @@expire_password_after = 3.months
+
+  # Validate password for strongness
+  mattr_accessor :password_regex
+  @@password_regex = /(?=.*\d)(?=.*[a-z])(?=.*[A-Z])/
+
+  # How often save old passwords in archive
+  mattr_accessor :password_archiving_count
+  @@password_archiving_count = 5
+
+  # Deny old password (true, false, count)
+  mattr_accessor :deny_old_passwords
+  @@deny_old_passwords = true
+end
+
+# an security extension for devise
+module DeviseSecurityExtension
+  autoload :Schema, 'devise_security_extension/schema'
+
+  module Controllers # :nodoc:
+    autoload :Helpers, 'devise_security_extension/controllers/helpers'
+  end
+end
+
+Devise.add_module :password_expirable, :controller => :password_expirable, :model => 'devise_security_extension/models/password_expirable', :route => :password_expired
+Devise.add_module :secure_validatable, :model => 'devise_security_extension/models/secure_validatable'
+Devise.add_module :password_archivable, :model => 'devise_security_extension/models/password_archivable'
+Devise.add_module :password_validatable, :model => 'devise_security_extension/models/password_validatable'
+
+require 'devise_security_extension/routes'
+require 'devise_security_extension/rails'
+require 'devise_security_extension/orm/active_record'
+require 'devise_security_extension/models/old_password'

data/lib/generators/devise_security_extension/install_generator.rb

@@ -0,0 +1,28 @@
+module DeviseSecurityExtension
+  module Generators # :nodoc:
+    # Install Generator
+    class InstallGenerator < Rails::Generators::Base
+      source_root File.expand_path("../../templates", __FILE__)
+
+      desc "Install the devise security extension"
+
+      def add_configs
+        inject_into_file "config/initializers/devise.rb", "\n  # ==> Security Extension\n  # Configure security extension for devise\n\n" +
+        "  # Should the password expire (e.g 3.months)\n" +
+        "  # config.expire_password_after = false\n\n" +
+        "  # Need 1 char of A-Z, a-z and 0-9\n" +
+        "  # config.password_regex = /(?=.*\\d)(?=.*[a-z])(?=.*[A-Z])/\n\n" +
+        "  # How often save old passwords in archive\n" +
+        "  # config.password_archiving_count = 5\n\n" +
+        "  # Deny old password (true, false, count)\n" +
+        "  # config.deny_old_passwords = true" +
+        "\n", :before => /end[ |\n|]+\Z/
+      end
+
+      def copy_locale
+        copy_file "../../../config/locales/en.yml", "config/locales/devise.security_extension.en.yml"
+        copy_file "../../../config/locales/de.yml", "config/locales/devise.security_extension.de.yml"
+      end
+    end
+  end
+end

data/test/helper.rb

@@ -0,0 +1,17 @@
+require 'rubygems'
+require 'bundler'
+begin
+  Bundler.setup(:default, :development)
+rescue Bundler::BundlerError => e
+  $stderr.puts e.message
+  $stderr.puts "Run `bundle install` to install missing gems"
+  exit e.status_code
+end
+require 'test/unit'
+
+$LOAD_PATH.unshift(File.dirname(__FILE__))
+$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
+require 'devise_security_extension'
+
+class Test::Unit::TestCase
+end

data/test/test_devise_security_extension.rb

@@ -0,0 +1,7 @@
+require 'helper'
+
+class TestDeviseSecurityExtension < Test::Unit::TestCase
+  def test_something_for_real
+    flunk "hey buddy, you should probably rename this file and start testing for real"
+  end
+end

data/vizjerai-devise_security_extension.gemspec

@@ -0,0 +1,85 @@
+# Generated by jeweler
+# DO NOT EDIT THIS FILE DIRECTLY
+# Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
+# -*- encoding: utf-8 -*-
+
+Gem::Specification.new do |s|
+  s.name = %q{vizjerai-devise_security_extension}
+  s.version = "0.3.2"
+
+  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
+  s.authors = ["Marco Scholl"]
+  s.date = %q{2011-03-07}
+  s.description = %q{a gem for extend devise for more password security}
+  s.email = %q{team@phatworx.de}
+  s.extra_rdoc_files = [
+    "LICENSE.txt",
+    "README.rdoc"
+  ]
+  s.files = [
+    ".document",
+    "Gemfile",
+    "Gemfile.lock",
+    "LICENSE.txt",
+    "README.rdoc",
+    "Rakefile",
+    "VERSION",
+    "app/controllers/devise/password_expired_controller.rb",
+    "app/views/devise/password_expired/show.html.erb",
+    "config/locales/de.yml",
+    "config/locales/en.yml",
+    "devise_security_extension.gemspec",
+    "lib/devise_security_extension.rb",
+    "lib/devise_security_extension/controllers/helpers.rb",
+    "lib/devise_security_extension/hooks/password_expirable.rb",
+    "lib/devise_security_extension/models/old_password.rb",
+    "lib/devise_security_extension/models/password_archivable.rb",
+    "lib/devise_security_extension/models/password_expirable.rb",
+    "lib/devise_security_extension/models/password_validatable.rb",
+    "lib/devise_security_extension/models/secure_validatable.rb",
+    "lib/devise_security_extension/orm/active_record.rb",
+    "lib/devise_security_extension/rails.rb",
+    "lib/devise_security_extension/routes.rb",
+    "lib/devise_security_extension/schema.rb",
+    "lib/generators/devise_security_extension/install_generator.rb",
+    "test/helper.rb",
+    "test/test_devise_security_extension.rb"
+  ]
+  s.homepage = %q{http://github.com/phatworx/devise_security_extension}
+  s.licenses = ["MIT"]
+  s.require_paths = ["lib"]
+  s.rubygems_version = %q{1.5.2}
+  s.summary = %q{an security extension for devise}
+  s.test_files = [
+    "test/helper.rb",
+    "test/test_devise_security_extension.rb"
+  ]
+
+  if s.respond_to? :specification_version then
+    s.specification_version = 3
+
+    if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
+      s.add_runtime_dependency(%q<rails>, [">= 0"])
+      s.add_runtime_dependency(%q<devise>, [">= 0"])
+      s.add_runtime_dependency(%q<rails_email_validator>, [">= 0"])
+      s.add_development_dependency(%q<bundler>, ["~> 1.0.0"])
+      s.add_development_dependency(%q<jeweler>, ["~> 1.5.2"])
+      s.add_development_dependency(%q<rcov>, [">= 0"])
+    else
+      s.add_dependency(%q<rails>, [">= 0"])
+      s.add_dependency(%q<devise>, [">= 0"])
+      s.add_dependency(%q<rails_email_validator>, [">= 0"])
+      s.add_dependency(%q<bundler>, ["~> 1.0.0"])
+      s.add_dependency(%q<jeweler>, ["~> 1.5.2"])
+      s.add_dependency(%q<rcov>, [">= 0"])
+    end
+  else
+    s.add_dependency(%q<rails>, [">= 0"])
+    s.add_dependency(%q<devise>, [">= 0"])
+    s.add_dependency(%q<rails_email_validator>, [">= 0"])
+    s.add_dependency(%q<bundler>, ["~> 1.0.0"])
+    s.add_dependency(%q<jeweler>, ["~> 1.5.2"])
+    s.add_dependency(%q<rcov>, [">= 0"])
+  end
+end
+

metadata

@@ -0,0 +1,182 @@
+--- !ruby/object:Gem::Specification 
+name: vizjerai-devise_security_extension
+version: !ruby/object:Gem::Version 
+  hash: 23
+  prerelease: 
+  segments: 
+  - 0
+  - 3
+  - 2
+  version: 0.3.2
+platform: ruby
+authors: 
+- Marco Scholl
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2011-03-07 00:00:00 -06:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  type: :runtime
+  requirement: &id001 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 3
+        segments: 
+        - 0
+        version: "0"
+  name: rails
+  version_requirements: *id001
+  prerelease: false
+- !ruby/object:Gem::Dependency 
+  type: :runtime
+  requirement: &id002 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 3
+        segments: 
+        - 0
+        version: "0"
+  name: devise
+  version_requirements: *id002
+  prerelease: false
+- !ruby/object:Gem::Dependency 
+  type: :runtime
+  requirement: &id003 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 3
+        segments: 
+        - 0
+        version: "0"
+  name: rails_email_validator
+  version_requirements: *id003
+  prerelease: false
+- !ruby/object:Gem::Dependency 
+  type: :development
+  requirement: &id004 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        hash: 23
+        segments: 
+        - 1
+        - 0
+        - 0
+        version: 1.0.0
+  name: bundler
+  version_requirements: *id004
+  prerelease: false
+- !ruby/object:Gem::Dependency 
+  type: :development
+  requirement: &id005 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        hash: 7
+        segments: 
+        - 1
+        - 5
+        - 2
+        version: 1.5.2
+  name: jeweler
+  version_requirements: *id005
+  prerelease: false
+- !ruby/object:Gem::Dependency 
+  type: :development
+  requirement: &id006 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 3
+        segments: 
+        - 0
+        version: "0"
+  name: rcov
+  version_requirements: *id006
+  prerelease: false
+description: a gem for extend devise for more password security
+email: team@phatworx.de
+executables: []
+
+extensions: []
+
+extra_rdoc_files: 
+- LICENSE.txt
+- README.rdoc
+files: 
+- .document
+- Gemfile
+- Gemfile.lock
+- LICENSE.txt
+- README.rdoc
+- Rakefile
+- VERSION
+- app/controllers/devise/password_expired_controller.rb
+- app/views/devise/password_expired/show.html.erb
+- config/locales/de.yml
+- config/locales/en.yml
+- lib/devise_security_extension.rb
+- lib/devise_security_extension/controllers/helpers.rb
+- lib/devise_security_extension/hooks/password_expirable.rb
+- lib/devise_security_extension/models/old_password.rb
+- lib/devise_security_extension/models/password_archivable.rb
+- lib/devise_security_extension/models/password_expirable.rb
+- lib/devise_security_extension/models/password_validatable.rb
+- lib/devise_security_extension/models/secure_validatable.rb
+- lib/devise_security_extension/orm/active_record.rb
+- lib/devise_security_extension/rails.rb
+- lib/devise_security_extension/routes.rb
+- lib/devise_security_extension/schema.rb
+- lib/generators/devise_security_extension/install_generator.rb
+- test/helper.rb
+- test/test_devise_security_extension.rb
+- vizjerai-devise_security_extension.gemspec
+has_rdoc: true
+homepage: http://github.com/phatworx/devise_security_extension
+licenses: 
+- MIT
+post_install_message: 
+rdoc_options: []
+
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+requirements: []
+
+rubyforge_project: 
+rubygems_version: 1.5.2
+signing_key: 
+specification_version: 3
+summary: an security extension for devise
+test_files: 
+- test/helper.rb
+- test/test_devise_security_extension.rb