Skip to content
/ devise_password_history Public
forked from glafir/devise_password_history

Extension for Devise to support password history and validations thereof.

License

MIT license
0 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

luceracloud/devise_password_history

BranchesTags
 
 

Repository files navigation

FORKED VERSION FOR lcp-app-sdndb TO ALLOW US TO BUILD FIXED VERSION

0.3.1.lucera

To build

➜  devise_password_history git:(master) ✗ rake build
devise_password_history 0.3.1.lucera built to pkg/devise_password_history-0.3.1.lucera.gem.

And upload to Nexus

➜  devise_password_history git:(master) ✗ gem nexus --backtrace --url https://repo.prd.lucera.com/repository/gem-lucera/ pkg/devise_password_history-0.3.1.lucera.gem
Uploading 1 gem to Nexus...
Created devise_password_history-0.3.1.lucera.gem

DevisePasswordHistory

This extension provides password history support for Devise, which allows you to prevent users from re-using the same password they've used in the past (the actual limit is configurable).

Installation

Add this line to your application's Gemfile:

gem 'devise_password_history'

And then execute:

$ bundle

Or install it yourself as:

$ gem install devise_password_history

Usage

After installation, you need to "install" the extension into your app via the following command:

$ bundle exec rails g devise_password_history:install

That generator will do three things:

  1. Modifies the config/initializers/devise.rb file with two new config options:
    • config.deny_old_passwords: turns the validations on/off
    • config.password_history_count: the threshold of how many passwords to store
    • config.password_age: ability to force password expiration (ex: 90.days)
  2. Creates an OldPassword polymorphic model in app/models
  3. Creates the migration for the old_passwords table

So once you run the generator, you just need to:

$ bundle exec rake db:migrate

Now the extension has been installed. To use it, you tell devise like with any of the other extensions:

class User < ActiveRecord::Base
  devise :database_authenticatable, :password_history
end

Notes on Password Age/Expiration

By default, the password_age is set to nil (which turns this feature off). If you want to use it, set it to how often you want passwords to expire, an example might be 90.days.

If a password has expired, the user will be redirected to a update_password_path route, which defaults to edit_admin_user_path(current_user). You can override this in ApplicationController as needed.

class ApplicationController
  # ...

protected
  def update_password_path
    your_custom_route_goes_here_path
  end
end

Additionally, the filter that runs to check expired passwords is check_password_expiration. To prevent this filter from running on the controller that does the password updates, you should skip_before_filter :check_password_expiration.

Contributing

  1. Fork it
  2. Create your feature branch (git checkout -b my-new-feature)
  3. Commit your changes (git commit -am 'Add some feature')
  4. Push to the branch (git push origin my-new-feature)
  5. Create new Pull Request

About

Extension for Devise to support password history and validations thereof.

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Ruby 100.0%