phatworx · doberg · Mar 15, 2017
diff --git a/.rubocop.yml b/.rubocop.yml
@@ -10,9 +10,7 @@ AllCops:
     - 'bin/**/*'
     - 'vendor/bundle/**/*'
     - 'spec/support/**/*' # rspec support helpers have a strange api
-
-Rails:
-  Enabled: true
+  RunRailsCops: true
 
 # We don't care about method length, since we check method cyclomatic
 # complexity.
@@ -21,9 +19,7 @@ Metrics/MethodLength:
 
 # Trailing commas make for clearer diffs because the last line won't appear
 # to have been changed, as it would if it lacked a comma and had one added.
-Style/TrailingCommaInLiteral:
-  EnforcedStyleForMultiline: comma
-Style/TrailingCommaInArguments:
+Style/TrailingComma:
   EnforcedStyleForMultiline: comma
 
 # Cop supports --auto-correct.

diff --git a/Gemfile.lock b/Gemfile.lock
@@ -1,59 +1,55 @@
 PATH
   remote: .
   specs:
-    devise_security_extension (0.10.0)
-      devise (>= 3.0.0, < 5.0)
-      railties (>= 3.2.6, < 6.0)
+    devise_security_extension (0.11.0)
+      devise (>= 4.2.0, < 4.3)
+      railties (>= 5.0.0.1, < 5.1)
 
 GEM
   remote: https://rubygems.org/
   specs:
-    actionmailer (4.2.6)
-      actionpack (= 4.2.6)
-      actionview (= 4.2.6)
-      activejob (= 4.2.6)
+    actioncable (5.0.0.1)
+      actionpack (= 5.0.0.1)
+      nio4r (~> 1.2)
+      websocket-driver (~> 0.6.1)
+    actionmailer (5.0.0.1)
+      actionpack (= 5.0.0.1)
+      actionview (= 5.0.0.1)
+      activejob (= 5.0.0.1)
       mail (~> 2.5, >= 2.5.4)
-      rails-dom-testing (~> 1.0, >= 1.0.5)
-    actionpack (4.2.6)
-      actionview (= 4.2.6)
-      activesupport (= 4.2.6)
-      rack (~> 1.6)
-      rack-test (~> 0.6.2)
-      rails-dom-testing (~> 1.0, >= 1.0.5)
+      rails-dom-testing (~> 2.0)
+    actionpack (5.0.0.1)
+      actionview (= 5.0.0.1)
+      activesupport (= 5.0.0.1)
+      rack (~> 2.0)
+      rack-test (~> 0.6.3)
+      rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.0, >= 1.0.2)
-    actionview (4.2.6)
-      activesupport (= 4.2.6)
+    actionview (5.0.0.1)
+      activesupport (= 5.0.0.1)
       builder (~> 3.1)
       erubis (~> 2.7.0)
-      rails-dom-testing (~> 1.0, >= 1.0.5)
+      rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.0, >= 1.0.2)
-    activejob (4.2.6)
-      activesupport (= 4.2.6)
-      globalid (>= 0.3.0)
-    activemodel (4.2.6)
-      activesupport (= 4.2.6)
-      builder (~> 3.1)
-    activerecord (4.2.6)
-      activemodel (= 4.2.6)
-      activesupport (= 4.2.6)
-      arel (~> 6.0)
-    activesupport (4.2.6)
+    activejob (5.0.0.1)
+      activesupport (= 5.0.0.1)
+      globalid (>= 0.3.6)
+    activemodel (5.0.0.1)
+      activesupport (= 5.0.0.1)
+    activerecord (5.0.0.1)
+      activemodel (= 5.0.0.1)
+      activesupport (= 5.0.0.1)
+      arel (~> 7.0)
+    activesupport (5.0.0.1)
+      concurrent-ruby (~> 1.0, >= 1.0.2)
       i18n (~> 0.7)
-      json (~> 1.7, >= 1.7.7)
       minitest (~> 5.1)
-      thread_safe (~> 0.3, >= 0.3.4)
       tzinfo (~> 1.1)
-    arel (6.0.3)
+    arel (7.1.4)
     ast (2.3.0)
     bcrypt (3.1.11)
     builder (3.2.2)
     concurrent-ruby (1.0.2)
-    coveralls (0.8.13)
-      json (~> 1.8)
-      simplecov (~> 0.11.0)
-      term-ansicolor (~> 1.3)
-      thor (~> 0.19.1)
-      tins (~> 1.6.0)
     devise (4.2.0)
       bcrypt (~> 3.0)
       orm_adapter (~> 0.1)
@@ -70,122 +66,120 @@ GEM
       simplecov (>= 0.3.8)
       yard (>= 0.7.0)
     erubis (2.7.0)
-    globalid (0.3.6)
+    globalid (0.3.7)
       activesupport (>= 4.1.0)
     i18n (0.7.0)
-    json (1.8.3)
+    json (2.0.2)
     loofah (2.0.3)
       nokogiri (>= 1.5.9)
     mail (2.6.4)
       mime-types (>= 1.16, < 4)
+    method_source (0.8.2)
     mime-types (3.1)
       mime-types-data (~> 3.2015)
     mime-types-data (3.2016.0521)
     mini_portile2 (2.1.0)
-    minitest (5.9.0)
-    nokogiri (1.6.8)
+    minitest (5.9.1)
+    nio4r (1.2.1)
+    nokogiri (1.6.8.1)
       mini_portile2 (~> 2.1.0)
-      pkg-config (~> 1.1.7)
     orm_adapter (0.5.0)
-    parser (2.3.1.2)
+    parser (2.3.2.0)
       ast (~> 2.2)
-    pkg-config (1.1.7)
     powerpack (0.1.1)
-    rack (1.6.4)
+    rack (2.0.1)
     rack-test (0.6.3)
       rack (>= 1.0)
-    rails (4.2.6)
-      actionmailer (= 4.2.6)
-      actionpack (= 4.2.6)
-      actionview (= 4.2.6)
-      activejob (= 4.2.6)
-      activemodel (= 4.2.6)
-      activerecord (= 4.2.6)
-      activesupport (= 4.2.6)
+    rails (5.0.0.1)
+      actioncable (= 5.0.0.1)
+      actionmailer (= 5.0.0.1)
+      actionpack (= 5.0.0.1)
+      actionview (= 5.0.0.1)
+      activejob (= 5.0.0.1)
+      activemodel (= 5.0.0.1)
+      activerecord (= 5.0.0.1)
+      activesupport (= 5.0.0.1)
       bundler (>= 1.3.0, < 2.0)
-      railties (= 4.2.6)
-      sprockets-rails
-    rails-deprecated_sanitizer (1.0.3)
-      activesupport (>= 4.2.0.alpha)
-    rails-dom-testing (1.0.7)
-      activesupport (>= 4.2.0.beta, < 5.0)
+      railties (= 5.0.0.1)
+      sprockets-rails (>= 2.0.0)
+    rails-dom-testing (2.0.1)
+      activesupport (>= 4.2.0, < 6.0)
       nokogiri (~> 1.6.0)
-      rails-deprecated_sanitizer (>= 1.0.1)
     rails-html-sanitizer (1.0.3)
       loofah (~> 2.0)
     rails_email_validator (0.1.4)
       activemodel (>= 3.0.0)
-    railties (4.2.6)
-      actionpack (= 4.2.6)
-      activesupport (= 4.2.6)
+    railties (5.0.0.1)
+      actionpack (= 5.0.0.1)
+      activesupport (= 5.0.0.1)
+      method_source
       rake (>= 0.8.7)
       thor (>= 0.18.1, < 2.0)
     rainbow (2.1.0)
-    rake (11.2.2)
-    responders (2.2.0)
+    rake (11.3.0)
+    responders (2.3.0)
       railties (>= 4.2.0, < 5.1)
-    rmagick (2.15.4)
-    rspec-core (3.4.4)
-      rspec-support (~> 3.4.0)
-    rspec-expectations (3.4.0)
+    rmagick (2.16.0)
+    rspec-core (3.5.4)
+      rspec-support (~> 3.5.0)
+    rspec-expectations (3.5.0)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.4.0)
-    rspec-mocks (3.4.1)
+      rspec-support (~> 3.5.0)
+    rspec-mocks (3.5.0)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.4.0)
-    rspec-rails (3.4.2)
-      actionpack (>= 3.0, < 4.3)
-      activesupport (>= 3.0, < 4.3)
-      railties (>= 3.0, < 4.3)
-      rspec-core (~> 3.4.0)
-      rspec-expectations (~> 3.4.0)
-      rspec-mocks (~> 3.4.0)
-      rspec-support (~> 3.4.0)
-    rspec-support (3.4.1)
-    rubocop (0.40.0)
-      parser (>= 2.3.1.0, < 3.0)
+      rspec-support (~> 3.5.0)
+    rspec-rails (3.5.2)
+      actionpack (>= 3.0)
+      activesupport (>= 3.0)
+      railties (>= 3.0)
+      rspec-core (~> 3.5.0)
+      rspec-expectations (~> 3.5.0)
+      rspec-mocks (~> 3.5.0)
+      rspec-support (~> 3.5.0)
+    rspec-support (3.5.0)
+    rubocop (0.45.0)
+      parser (>= 2.3.1.1, < 3.0)
       powerpack (~> 0.1)
       rainbow (>= 1.99.1, < 3.0)
       ruby-progressbar (~> 1.7)
       unicode-display_width (~> 1.0, >= 1.0.1)
     ruby-progressbar (1.8.1)
-    simplecov (0.11.2)
+    simplecov (0.12.0)
       docile (~> 1.1.0)
-      json (~> 1.8)
+      json (>= 1.8, < 3)
       simplecov-html (~> 0.10.0)
     simplecov-html (0.10.0)
-    sprockets (3.6.0)
+    sprockets (3.7.0)
       concurrent-ruby (~> 1.0)
       rack (> 1, < 3)
-    sprockets-rails (3.0.4)
+    sprockets-rails (3.2.0)
       actionpack (>= 4.0)
       activesupport (>= 4.0)
       sprockets (>= 3.0.0)
-    sqlite3 (1.3.11)
-    term-ansicolor (1.3.2)
-      tins (~> 1.0)
+    sqlite3 (1.3.12)
     thor (0.19.1)
     thread_safe (0.3.5)
-    tins (1.6.0)
     tzinfo (1.2.2)
       thread_safe (~> 0.1)
-    unicode-display_width (1.0.5)
+    unicode-display_width (1.1.1)
     warden (1.2.6)
       rack (>= 1.0)
-    yard (0.8.7.6)
+    websocket-driver (0.6.4)
+      websocket-extensions (>= 0.1.0)
+    websocket-extensions (0.1.2)
+    yard (0.9.5)
 
 PLATFORMS
   ruby
 
 DEPENDENCIES
-  bundler (>= 1.3.0, < 2.0)
-  coveralls
+  bundler (>= 1.3, < 2.0)
   devise_security_extension!
   easy_captcha (~> 0)
-  minitest
+  minitest (~> 5.9, >= 5.9.1)
   rails_email_validator (~> 0)
   rubocop (~> 0)
-  sqlite3 (~> 1.3.10)
+  sqlite3 (~> 1.3, >= 1.3.10)
 
 BUNDLED WITH
-   1.12.5
+   1.13.6
diff --git a/README.md b/README.md
@@ -1,12 +1,10 @@
 # Devise Security Extension
 
-[![Build Status](https://travis-ci.org/phatworx/devise_security_extension.svg?branch=master)](https://travis-ci.org/phatworx/devise_security_extension)
-
 An enterprise security extension for [Devise](https://github.com/plataformatec/devise), trying to meet industrial standard security demands for web applications.
 
 It is composed of 7 additional Devise modules:
 
-* `:password_expirable` - passwords will expire after a configured time (and will need an update). You will most likely want to use `:password_expirable` together with the `:password_archivable` module to [prevent the current expired password being reused](https://github.com/phatworx/devise_security_extension/issues/175) immediately as the new password.
+* `:password_expirable` - passwords will expire after a configured time (and will need an update)
 * `:secure_validatable` - better way to validate a model (email, stronger password validation). Don't use with Devise `:validatable` module!
 * `:password_archivable` - save used passwords in an `old_passwords` table for history checks (don't be able to use a formerly used password)
 * `:session_limitable` - ensures, that there is only one session usable per account at once
@@ -242,6 +240,7 @@ end
 * 0.6 expirable module
 * 0.7 security questionable module for recover and unlock
 * 0.8 Support for Rails 4 (+ variety of patches)
+* 0.11 Support for Rails 5
 
 ## Maintainers
 
@@ -251,6 +250,10 @@ end
 * Marco Scholl (https://github.com/traxanos)
 * Thomas Powell (https://github.com/stringsn88keys)
 
+## Contributors
+
+* Danial Oberg (https://github.com/incredible0n3)
+
 ## Contributing to devise_security_extension
 
 * Check out the latest master to make sure the feature hasn't been implemented or the bug hasn't been fixed yet

diff --git a/app/controllers/devise/paranoid_verification_code_controller.rb b/app/controllers/devise/paranoid_verification_code_controller.rb
@@ -14,7 +14,7 @@ def update
     if resource.verify_code(resource_params[:paranoid_verification_code])
       warden.session(scope)['paranoid_verify'] = false
       set_flash_message :notice, :updated
-      bypass_sign_in resource, scope: scope
+      sign_in scope, resource, :bypass => true
       redirect_to stored_location_for(scope) || :root
     else
       respond_with(resource, action: :show)

diff --git a/app/controllers/devise/password_expired_controller.rb b/app/controllers/devise/password_expired_controller.rb
@@ -12,7 +12,7 @@ def update
     if resource.update_with_password(resource_params)
       warden.session(scope)['password_expired'] = false
       set_flash_message :notice, :updated
-      bypass_sign_in resource, scope: scope
+      sign_in scope, resource, :bypass => true
       redirect_to stored_location_for(scope) || :root
     else
       clean_up_passwords(resource)

diff --git a/devise_security_extension.gemspec b/devise_security_extension.gemspec
@@ -15,18 +15,17 @@ Gem::Specification.new do |s|
 
   s.rubyforge_project = 'devise_security_extension'
 
-  s.files         = `git ls-files`.split("\n")
-  s.test_files    = `git ls-files -- test/*`.split("\n")
+  s.files         = Dir["{lib,app,config}/**/*", "[A-Z]*"] - ["Gemfile.lock"]
+  s.test_files    = Dir["{test}/**/*", "[A-Z]*"]
   s.require_paths = ['lib']
-  s.required_ruby_version = '>= 2.1.0'
+  s.required_ruby_version = '>= 2.3.2'
 
-  s.add_runtime_dependency 'railties', '>= 3.2.6', '< 6.0'
-  s.add_runtime_dependency 'devise', '>= 3.0.0', '< 5.0'
-  s.add_development_dependency 'bundler', '>= 1.3.0', '< 2.0'
-  s.add_development_dependency 'sqlite3', '~> 1.3.10'
+  s.add_runtime_dependency 'railties', '>= 5.0.0.1', '< 5.1'
+  s.add_runtime_dependency 'devise', '>= 4.2.0', '< 4.3'
+  s.add_development_dependency 'bundler', '>= 1.3', '< 2.0'
+  s.add_development_dependency 'sqlite3', '~> 1.3', '>= 1.3.10'
   s.add_development_dependency 'rubocop', '~> 0'
-  s.add_development_dependency 'minitest'
+  s.add_development_dependency 'minitest','~> 5.9', '>= 5.9.1'
   s.add_development_dependency 'easy_captcha', '~> 0'
   s.add_development_dependency 'rails_email_validator', '~> 0'
-  s.add_development_dependency 'coveralls'
 end
diff --git a/lib/devise_security_extension/controllers/helpers.rb b/lib/devise_security_extension/controllers/helpers.rb
@@ -34,7 +34,7 @@ def handle_password_change
               if signed_in?(scope) and warden.session(scope)['password_expired']
                 # re-check to avoid infinite loop if date changed after login attempt
                 if send(:"current_#{scope}").try(:need_change_password?)
-                  store_location_for(scope, request.original_fullpath) if request.get?
+                  session["#{scope}_return_to"] = request.original_fullpath if request.get?
                   redirect_for_password_change scope
                   return
                 else
@@ -52,7 +52,7 @@ def handle_paranoid_verification
           if !devise_controller? && !request.format.nil? && request.format.html?
             Devise.mappings.keys.flatten.any? do |scope|
               if signed_in?(scope) && warden.session(scope)['paranoid_verify']
-                store_location_for(scope, request.original_fullpath) if request.get?
+                session["#{scope}_return_to"] = request.original_fullpath if request.get?
                 redirect_for_paranoid_verification scope
                 return
               end