├── test ├── rails_app │ ├── app │ │ ├── models │ │ │ ├── .gitkeep │ │ │ ├── admin.rb │ │ │ └── user.rb │ │ └── controllers │ │ │ └── application_controller.rb │ ├── config │ │ ├── database.yml │ │ ├── environment.rb │ │ ├── boot.rb │ │ ├── initializers │ │ │ └── devise.rb │ │ ├── environments │ │ │ ├── development.rb │ │ │ ├── test.rb │ │ │ └── production.rb │ │ └── application.rb │ ├── config.ru │ ├── Rakefile │ ├── .gitignore │ └── db │ │ └── migrate │ │ └── 20120508165529_create_tables.rb ├── support │ ├── assertions.rb │ ├── factories.rb │ └── swappers.rb ├── test_helper.rb └── devise │ └── encryptable │ ├── encryptors_test.rb │ └── encryptable_test.rb ├── lib ├── devise-encryptable.rb └── devise │ └── encryptable │ ├── version.rb │ ├── encryptors │ ├── clearance_sha1.rb │ ├── authlogic_sha512.rb │ ├── base.rb │ ├── sha1.rb │ ├── sha512.rb │ └── restful_authentication_sha1.rb │ ├── encryptable.rb │ └── model.rb ├── gemfiles ├── Gemfile-rails-7-1 ├── Gemfile-rails-7-2 ├── Gemfile-rails-8-0 ├── Gemfile-rails-7-0 └── Gemfile-rails-main ├── Gemfile ├── .gitignore ├── Rakefile ├── Changelog.md ├── devise-encryptable.gemspec ├── README.md ├── MIT-LICENSE ├── .github └── workflows │ └── test.yml └── Gemfile.lock /test/rails_app/app/models/.gitkeep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /lib/devise-encryptable.rb: -------------------------------------------------------------------------------- 1 | require "devise/encryptable/encryptable" -------------------------------------------------------------------------------- /lib/devise/encryptable/version.rb: -------------------------------------------------------------------------------- 1 | module Devise 2 | module Encryptable 3 | VERSION = "0.2.0" 4 | end 5 | end 6 | -------------------------------------------------------------------------------- /test/rails_app/app/models/admin.rb: -------------------------------------------------------------------------------- 1 | class Admin < ActiveRecord::Base 2 | devise :database_authenticatable, :encryptable 3 | end 4 | -------------------------------------------------------------------------------- /test/rails_app/app/models/user.rb: -------------------------------------------------------------------------------- 1 | class User < ActiveRecord::Base 2 | devise :database_authenticatable, :encryptable 3 | end 4 | -------------------------------------------------------------------------------- /test/rails_app/app/controllers/application_controller.rb: -------------------------------------------------------------------------------- 1 | class ApplicationController < ActionController::Base 2 | protect_from_forgery 3 | end 4 | -------------------------------------------------------------------------------- /test/rails_app/config/database.yml: -------------------------------------------------------------------------------- 1 | development: 2 | adapter: sqlite3 3 | database: ":memory:" 4 | 5 | test: 6 | adapter: sqlite3 7 | database: ":memory:" -------------------------------------------------------------------------------- /test/rails_app/config.ru: -------------------------------------------------------------------------------- 1 | # This file is used by Rack-based servers to start the application. 2 | 3 | require ::File.expand_path('../config/environment', __FILE__) 4 | run RailsApp::Application 5 | -------------------------------------------------------------------------------- /test/rails_app/config/environment.rb: -------------------------------------------------------------------------------- 1 | # Load the rails application 2 | require File.expand_path('../application', __FILE__) 3 | 4 | # Initialize the rails application 5 | RailsApp::Application.initialize! 6 | -------------------------------------------------------------------------------- /gemfiles/Gemfile-rails-7-1: -------------------------------------------------------------------------------- 1 | source 'https://rubygems.org' 2 | 3 | gem 'devise-encryptable', path: '..' 4 | 5 | gem 'devise', '~> 4.8' 6 | gem 'rails', '~> 7.1.0' 7 | gem 'sqlite3' 8 | 9 | gem 'mocha', require: false 10 | -------------------------------------------------------------------------------- /gemfiles/Gemfile-rails-7-2: -------------------------------------------------------------------------------- 1 | source 'https://rubygems.org' 2 | 3 | gem 'devise-encryptable', path: '..' 4 | 5 | gem 'devise', '~> 4.8' 6 | gem 'rails', '~> 7.2.0' 7 | gem 'sqlite3' 8 | 9 | gem 'mocha', require: false 10 | -------------------------------------------------------------------------------- /gemfiles/Gemfile-rails-8-0: -------------------------------------------------------------------------------- 1 | source 'https://rubygems.org' 2 | 3 | gem 'devise-encryptable', path: '..' 4 | 5 | gem 'devise', '~> 4.8' 6 | gem 'rails', '~> 8.0.0' 7 | gem 'sqlite3' 8 | 9 | gem 'mocha', require: false 10 | -------------------------------------------------------------------------------- /Gemfile: -------------------------------------------------------------------------------- 1 | source 'https://rubygems.org' 2 | 3 | gemspec 4 | 5 | gem 'devise', '~> 5.0.0.beta', github: 'heartcombo/devise', branch: 'main' 6 | gem 'rails', '~> 8.1.0' 7 | gem 'sqlite3' 8 | 9 | gem 'mocha', require: false 10 | -------------------------------------------------------------------------------- /gemfiles/Gemfile-rails-7-0: -------------------------------------------------------------------------------- 1 | source 'https://rubygems.org' 2 | 3 | gem 'devise-encryptable', path: '..' 4 | 5 | gem 'devise', '~> 4.8' 6 | gem 'rails', '~> 7.0.0' 7 | gem 'sqlite3', '~> 1.4' 8 | 9 | gem 'mocha', require: false 10 | -------------------------------------------------------------------------------- /test/rails_app/config/boot.rb: -------------------------------------------------------------------------------- 1 | require 'rubygems' 2 | 3 | # Set up gems listed in the Gemfile. 4 | ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../Gemfile', __FILE__) 5 | 6 | require 'bundler/setup' if File.exist?(ENV['BUNDLE_GEMFILE']) 7 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | *.gem 2 | *.rbc 3 | .bundle 4 | .config 5 | .yardoc 6 | InstalledFiles 7 | _yardoc 8 | coverage 9 | doc/ 10 | lib/bundler/man 11 | pkg 12 | rdoc 13 | spec/reports 14 | test/tmp 15 | test/version_tmp 16 | tmp 17 | *.sqlite 18 | gemfiles/*.lock 19 | -------------------------------------------------------------------------------- /gemfiles/Gemfile-rails-main: -------------------------------------------------------------------------------- 1 | source 'https://rubygems.org' 2 | 3 | gem 'devise-encryptable', path: '..' 4 | 5 | gem 'devise', github: 'heartcombo/devise', branch: 'main' 6 | gem 'rails', github: 'rails/rails', branch: 'main' 7 | gem 'sqlite3' 8 | 9 | gem 'mocha', require: false 10 | -------------------------------------------------------------------------------- /test/rails_app/Rakefile: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env rake 2 | # Add your own tasks in files placed in lib/tasks ending in .rake, 3 | # for example lib/tasks/capistrano.rake, and they will automatically be available to Rake. 4 | 5 | require File.expand_path('../config/application', __FILE__) 6 | 7 | RailsApp::Application.load_tasks 8 | -------------------------------------------------------------------------------- /Rakefile: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env rake 2 | require "bundler/gem_tasks" 3 | require 'rake/testtask' 4 | 5 | desc 'Default: run unit tests.' 6 | task :default => :test 7 | 8 | desc 'Run unit tests.' 9 | Rake::TestTask.new(:test) do |t| 10 | t.libs << 'lib' 11 | t.libs << 'test' 12 | t.pattern = 'test/**/*_test.rb' 13 | t.verbose = true 14 | end -------------------------------------------------------------------------------- /test/support/assertions.rb: -------------------------------------------------------------------------------- 1 | module Support 2 | module Assertions 3 | def assert_same_content(result, expected) 4 | assert expected.size == result.size, "the arrays doesn't have the same size" 5 | expected.each do |element| 6 | assert result.include?(element), "The array doesn't include '#{element}'." 7 | end 8 | end 9 | 10 | def assert_not(assertion) 11 | assert !assertion 12 | end 13 | end 14 | end -------------------------------------------------------------------------------- /test/rails_app/config/initializers/devise.rb: -------------------------------------------------------------------------------- 1 | Devise.setup do |config| 2 | config.mailer_sender = "please-change-me-at-config-initializers-devise@example.com" 3 | 4 | require 'devise/orm/active_record' 5 | 6 | config.case_insensitive_keys = [ :email ] 7 | 8 | config.strip_whitespace_keys = [ :email ] 9 | config.skip_session_storage = [:http_auth] 10 | 11 | config.stretches = Rails.env.test? ? 1 : 10 12 | 13 | config.encryptor = :sha512 14 | end 15 | -------------------------------------------------------------------------------- /test/rails_app/.gitignore: -------------------------------------------------------------------------------- 1 | # See http://help.github.com/ignore-files/ for more about ignoring files. 2 | # 3 | # If you find yourself ignoring temporary files generated by your text editor 4 | # or operating system, you probably want to add a global ignore instead: 5 | # git config --global core.excludesfile ~/.gitignore_global 6 | 7 | # Ignore bundler config 8 | /.bundle 9 | 10 | # Ignore the default SQLite database. 11 | /db/*.sqlite3 12 | 13 | # Ignore all logfiles and tempfiles. 14 | /log/*.log 15 | /tmp 16 | -------------------------------------------------------------------------------- /Changelog.md: -------------------------------------------------------------------------------- 1 | ### Unreleased 2 | 3 | * Support Rails 7 - 8.1, drop support < 7 4 | * Support Ruby 2.7 - 3.4, drop support < 2.7 5 | * Switch license from Apache-2.0 to MIT, matching Devise 6 | 7 | ### 0.2.0 8 | 9 | * Updated to Rails 4+. 10 | * Dropped compatibility with Rails 3.1 and Ruby 1.8. 11 | 12 | ### 0.1.2 13 | 14 | * Devise dependency locked at `2.1.x`. 15 | 16 | ### 0.1.1 17 | 18 | * Initial support for Devise `2.1.0.rc`. 19 | 20 | ### 0.1.0 21 | 22 | * Added the encryptable module and the encryptors from Devise. 23 | -------------------------------------------------------------------------------- /test/support/factories.rb: -------------------------------------------------------------------------------- 1 | module Support 2 | module Factories 3 | def generate_unique_email 4 | @@email_count ||= 0 5 | @@email_count += 1 6 | "test#{@@email_count}@example.com" 7 | end 8 | 9 | def valid_attributes(attributes={}) 10 | { :username => "usertest", 11 | :email => generate_unique_email, 12 | :password => '123456', 13 | :password_confirmation => '123456' }.update(attributes) 14 | end 15 | 16 | def create_admin(attributes={}) 17 | valid_attributes = valid_attributes(attributes) 18 | valid_attributes.delete(:username) 19 | Admin.create!(valid_attributes) 20 | end 21 | end 22 | end -------------------------------------------------------------------------------- /lib/devise/encryptable/encryptors/clearance_sha1.rb: -------------------------------------------------------------------------------- 1 | require "digest/sha1" 2 | 3 | module Devise 4 | module Encryptable 5 | module Encryptors 6 | # = ClearanceSha1 7 | # Simulates Clearance's default encryption mechanism. 8 | # Warning: it uses Devise's pepper to port the concept of REST_AUTH_SITE_KEY 9 | # Warning: it uses Devise's stretches configuration to port the concept of REST_AUTH_DIGEST_STRETCHES 10 | class ClearanceSha1 < Base 11 | # Generates a default password digest based on salt, pepper and the 12 | # incoming password. 13 | def self.digest(password, stretches, salt, pepper) 14 | Digest::SHA1.hexdigest("--#{salt}--#{password}--") 15 | end 16 | end 17 | end 18 | end 19 | end -------------------------------------------------------------------------------- /test/support/swappers.rb: -------------------------------------------------------------------------------- 1 | module Support 2 | module Swappers 3 | def swap_with_encryptor(klass, encryptor, options={}) 4 | klass.instance_variable_set(:@encryptor_class, nil) 5 | 6 | swap klass, options.merge(:encryptor => encryptor) do 7 | begin 8 | yield 9 | ensure 10 | klass.instance_variable_set(:@encryptor_class, nil) 11 | end 12 | end 13 | end 14 | 15 | def swap(object, new_values) 16 | old_values = {} 17 | new_values.each do |key, value| 18 | old_values[key] = object.send key 19 | object.send :"#{key}=", value 20 | end 21 | yield 22 | ensure 23 | old_values.each do |key, value| 24 | object.send :"#{key}=", value 25 | end 26 | end 27 | end 28 | end -------------------------------------------------------------------------------- /lib/devise/encryptable/encryptors/authlogic_sha512.rb: -------------------------------------------------------------------------------- 1 | require "digest/sha2" 2 | 3 | module Devise 4 | module Encryptable 5 | module Encryptors 6 | # = AuthlogicSha512 7 | # Simulates Authlogic's default encryption mechanism. 8 | # Warning: it uses Devise's stretches configuration to port Authlogic's one. Should be set to 20 in the initializer to simulate 9 | # the default behavior. 10 | class AuthlogicSha512 < Base 11 | # Generates a default password digest based on salt, pepper and the 12 | # incoming password. 13 | def self.digest(password, stretches, salt, pepper) 14 | digest = [password, salt].flatten.join('') 15 | stretches.times { digest = Digest::SHA512.hexdigest(digest) } 16 | digest 17 | end 18 | end 19 | end 20 | end 21 | end -------------------------------------------------------------------------------- /devise-encryptable.gemspec: -------------------------------------------------------------------------------- 1 | # -*- encoding: utf-8 -*- 2 | require File.expand_path('../lib/devise/encryptable/version', __FILE__) 3 | 4 | Gem::Specification.new do |gem| 5 | gem.authors = ['Carlos Antonio da Silva', 'José Valim', 'Rodrigo Flores'] 6 | gem.email = 'heartcombo.oss@gmail.com' 7 | gem.description = 'Encryption solution for salted-encryptors on Devise' 8 | gem.summary = 'Encryption solution for salted-encryptors on Devise' 9 | gem.homepage = 'https://github.com/heartcombo/devise-encryptable' 10 | gem.license = 'MIT' 11 | 12 | gem.files = Dir['Changelog.md', 'MIT-LICENSE', 'README.md', 'lib/**/*'] 13 | gem.test_files = Dir['test/**/*.rb'] 14 | gem.name = 'devise-encryptable' 15 | gem.require_paths = ['lib'] 16 | gem.version = Devise::Encryptable::VERSION 17 | 18 | gem.add_dependency 'devise', '>= 2.1.0' 19 | end 20 | -------------------------------------------------------------------------------- /test/test_helper.rb: -------------------------------------------------------------------------------- 1 | ENV["RAILS_ENV"] = "test" 2 | require "devise" 3 | require "devise/version" 4 | require "active_support/core_ext/module/attribute_accessors" 5 | 6 | require "devise/encryptable/encryptable" 7 | 8 | require "rails_app/config/environment" 9 | require "rails/test_help" 10 | require "mocha/minitest" 11 | 12 | require 'support/assertions' 13 | require 'support/factories' 14 | require 'support/swappers' 15 | 16 | if ActiveSupport.respond_to?(:test_order) 17 | ActiveSupport.test_order = :random 18 | end 19 | 20 | ActiveRecord::Migration.verbose = false 21 | ActiveRecord::Base.logger = Logger.new(nil) 22 | 23 | migrate_path = File.expand_path("rails_app/db/migrate/", __dir__) 24 | if Rails.version.start_with? '7.0' 25 | ActiveRecord::MigrationContext.new(migrate_path, ActiveRecord::SchemaMigration).migrate 26 | else 27 | ActiveRecord::MigrationContext.new(migrate_path).migrate 28 | end 29 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Devise Encryptable 2 | 3 | Use alternative (and even your own!) encryptors with Devise. 4 | 5 | ## Usage 6 | 7 | Add it to your Gemfile 8 | 9 | ```ruby 10 | gem "devise-encryptable" 11 | ``` 12 | 13 | Add the `encryptable` module to your model: 14 | 15 | ```ruby 16 | class User < ActiveRecord::Base 17 | devise :database_authenticatable, :encryptable 18 | end 19 | ``` 20 | 21 | And add the `password_salt` field to the database through a migration: 22 | 23 | 24 | ```ruby 25 | class DeviseCreateUsers < ActiveRecord::Migration 26 | def change 27 | add_column :users, :password_salt, :string 28 | end 29 | end 30 | ``` 31 | 32 | And you're ready to go! 33 | 34 | ## Contributing 35 | 36 | * Fork it 37 | * Write your changes 38 | * Commit 39 | * Send a pull request 40 | 41 | ## License 42 | 43 | MIT License. 44 | Copyright 2020-2025 Rafael França, Carlos Antonio da Silva. 45 | Copyright 2012-2019 Plataformatec. 46 | -------------------------------------------------------------------------------- /lib/devise/encryptable/encryptors/base.rb: -------------------------------------------------------------------------------- 1 | module Devise 2 | # Implements a way of adding different encryptions. 3 | # The class should implement a self.digest method that taks the following params: 4 | # - password 5 | # - stretches: the number of times the encryption will be applied 6 | # - salt: the password salt as defined by devise 7 | # - pepper: Devise config option 8 | # 9 | module Encryptable 10 | module Encryptors 11 | class Base 12 | def self.digest(password, stretches, salt, pepper) 13 | raise NotImplementedError 14 | end 15 | 16 | def self.salt(stretches) 17 | Devise.friendly_token[0,20] 18 | end 19 | 20 | def self.compare(encrypted_password, password, stretches, salt, pepper) 21 | Devise.secure_compare(encrypted_password, digest(password, stretches, salt, pepper)) 22 | end 23 | end 24 | end 25 | end 26 | end 27 | -------------------------------------------------------------------------------- /lib/devise/encryptable/encryptors/sha1.rb: -------------------------------------------------------------------------------- 1 | require "digest/sha1" 2 | 3 | module Devise 4 | module Encryptable 5 | module Encryptors 6 | # = Sha1 7 | # Uses the Sha1 hash algorithm to encrypt passwords. 8 | class Sha1 < Base 9 | # Generates a default password digest based on stretches, salt, pepper and the 10 | # incoming password. 11 | def self.digest(password, stretches, salt, pepper) 12 | digest = pepper 13 | stretches.times { digest = self.secure_digest(salt, digest, password, pepper) } 14 | digest 15 | end 16 | 17 | private 18 | 19 | # Generate a SHA1 digest joining args. Generated token is something like 20 | # --arg1--arg2--arg3--argN-- 21 | def self.secure_digest(*tokens) 22 | ::Digest::SHA1.hexdigest(+'--' << tokens.flatten.join('--') << '--') 23 | end 24 | end 25 | end 26 | end 27 | end 28 | -------------------------------------------------------------------------------- /lib/devise/encryptable/encryptors/sha512.rb: -------------------------------------------------------------------------------- 1 | require "digest/sha2" 2 | 3 | module Devise 4 | module Encryptable 5 | module Encryptors 6 | # = Sha512 7 | # Uses the Sha512 hash algorithm to encrypt passwords. 8 | class Sha512 < Base 9 | # Generates a default password digest based on salt, pepper and the 10 | # incoming password. 11 | def self.digest(password, stretches, salt, pepper) 12 | digest = pepper 13 | stretches.times { digest = self.secure_digest(salt, digest, password, pepper) } 14 | digest 15 | end 16 | 17 | private 18 | 19 | # Generate a Sha512 digest joining args. Generated token is something like 20 | # --arg1--arg2--arg3--argN-- 21 | def self.secure_digest(*tokens) 22 | ::Digest::SHA512.hexdigest(+'--' << tokens.flatten.join('--') << '--') 23 | end 24 | end 25 | end 26 | end 27 | end 28 | -------------------------------------------------------------------------------- /lib/devise/encryptable/encryptors/restful_authentication_sha1.rb: -------------------------------------------------------------------------------- 1 | require "digest/sha1" 2 | 3 | module Devise 4 | module Encryptable 5 | module Encryptors 6 | # = RestfulAuthenticationSha1 7 | # Simulates Restful Authentication's default encryption mechanism. 8 | # Warning: it uses Devise's pepper to port the concept of REST_AUTH_SITE_KEY 9 | # Warning: it uses Devise's stretches configuration to port the concept of REST_AUTH_DIGEST_STRETCHES. Should be set to 10 in 10 | # the initializer to simulate the default behavior. 11 | class RestfulAuthenticationSha1 < Base 12 | 13 | # Generates a default password digest based on salt, pepper and the 14 | # incoming password. 15 | def self.digest(password, stretches, salt, pepper) 16 | digest = pepper 17 | stretches.times { digest = Digest::SHA1.hexdigest([digest, salt, password, pepper].flatten.join('--')) } 18 | digest 19 | end 20 | 21 | end 22 | end 23 | end 24 | end 25 | -------------------------------------------------------------------------------- /lib/devise/encryptable/encryptable.rb: -------------------------------------------------------------------------------- 1 | module Devise 2 | 3 | # Declare encryptors length which are used in migrations. 4 | ENCRYPTORS_LENGTH = { 5 | :sha1 => 40, 6 | :sha512 => 128, 7 | :clearance_sha1 => 40, 8 | :restful_authentication_sha1 => 40, 9 | :authlogic_sha512 => 128 10 | } 11 | 12 | # Used to define the password encryption algorithm. 13 | mattr_accessor :encryptor 14 | @@encryptor = nil 15 | 16 | module Encryptable 17 | module Encryptors 18 | autoload :AuthlogicSha512, 'devise/encryptable/encryptors/authlogic_sha512' 19 | autoload :Base, 'devise/encryptable/encryptors/base' 20 | autoload :ClearanceSha1, 'devise/encryptable/encryptors/clearance_sha1' 21 | autoload :RestfulAuthenticationSha1, 'devise/encryptable/encryptors/restful_authentication_sha1' 22 | autoload :Sha1, 'devise/encryptable/encryptors/sha1' 23 | autoload :Sha512, 'devise/encryptable/encryptors/sha512' 24 | end 25 | end 26 | end 27 | 28 | Devise.add_module(:encryptable, :model => 'devise/encryptable/model') -------------------------------------------------------------------------------- /test/rails_app/config/environments/development.rb: -------------------------------------------------------------------------------- 1 | RailsApp::Application.configure do 2 | # Settings specified here will take precedence over those in config/application.rb 3 | 4 | # In the development environment your application's code is reloaded on 5 | # every request. This slows down response time but is perfect for development 6 | # since you don't have to restart the web server when you make code changes. 7 | config.cache_classes = false 8 | config.eager_load = false 9 | 10 | # Show full error reports and disable caching 11 | config.consider_all_requests_local = true 12 | config.action_controller.perform_caching = false 13 | 14 | # Don't care if the mailer can't send 15 | config.action_mailer.raise_delivery_errors = false 16 | 17 | # Print deprecation notices to the Rails logger 18 | config.active_support.deprecation = :log 19 | 20 | # Only use best-standards-support built into browsers 21 | config.action_dispatch.best_standards_support = :builtin 22 | 23 | # Do not compress assets 24 | config.assets.compress = false 25 | 26 | # Expands the lines which load the assets 27 | config.assets.debug = true 28 | end 29 | -------------------------------------------------------------------------------- /MIT-LICENSE: -------------------------------------------------------------------------------- 1 | Copyright (c) 2020-2025 Rafael França, Carlos Antonio da Silva 2 | Copyright (c) 2012-2019 Plataformatec 3 | 4 | Permission is hereby granted, free of charge, to any person obtaining 5 | a copy of this software and associated documentation files (the 6 | "Software"), to deal in the Software without restriction, including 7 | without limitation the rights to use, copy, modify, merge, publish, 8 | distribute, sublicense, and/or sell copies of the Software, and to 9 | permit persons to whom the Software is furnished to do so, subject to 10 | the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be 13 | included in all copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 16 | EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 17 | MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 18 | NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE 19 | LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 20 | OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION 21 | WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 22 | -------------------------------------------------------------------------------- /test/rails_app/config/environments/test.rb: -------------------------------------------------------------------------------- 1 | RailsApp::Application.configure do 2 | # Settings specified here will take precedence over those in config/application.rb 3 | 4 | # The test environment is used exclusively to run your application's 5 | # test suite. You never need to work with it otherwise. Remember that 6 | # your test database is "scratch space" for the test suite and is wiped 7 | # and recreated between test runs. Don't rely on the data there! 8 | config.cache_classes = true 9 | config.eager_load = false 10 | 11 | # Configure static asset server for tests with Cache-Control for performance 12 | if Rails.version >= "5" 13 | config.public_file_server.enabled = true 14 | config.public_file_server.headers = {'Cache-Control' => 'public, max-age=3600'} 15 | else 16 | config.serve_static_files = true 17 | config.static_cache_control = "public, max-age=3600" 18 | end 19 | 20 | # Show full error reports and disable caching 21 | config.consider_all_requests_local = true 22 | config.action_controller.perform_caching = false 23 | 24 | # Raise exceptions instead of rendering exception templates 25 | config.action_dispatch.show_exceptions = false 26 | 27 | # Disable request forgery protection in test environment 28 | config.action_controller.allow_forgery_protection = false 29 | 30 | # Tell Action Mailer not to deliver emails to the real world. 31 | # The :test delivery method accumulates sent emails in the 32 | # ActionMailer::Base.deliveries array. 33 | config.action_mailer.delivery_method = :test 34 | 35 | # Print deprecation notices to the stderr 36 | config.active_support.deprecation = :stderr 37 | end 38 | -------------------------------------------------------------------------------- /.github/workflows/test.yml: -------------------------------------------------------------------------------- 1 | name: Test 2 | on: [push, pull_request] 3 | jobs: 4 | test: 5 | strategy: 6 | fail-fast: false 7 | matrix: 8 | gemfile: 9 | - Gemfile 10 | - gemfiles/Gemfile-rails-main 11 | - gemfiles/Gemfile-rails-8-0 12 | - gemfiles/Gemfile-rails-7-2 13 | - gemfiles/Gemfile-rails-7-1 14 | - gemfiles/Gemfile-rails-7-0 15 | ruby: 16 | - '3.4' 17 | - '3.3' 18 | - '3.2' 19 | - '3.1' 20 | - '3.0' 21 | - '2.7' 22 | exclude: 23 | - gemfile: Gemfile 24 | ruby: '3.1' 25 | - gemfile: Gemfile 26 | ruby: '3.0' 27 | - gemfile: Gemfile 28 | ruby: '2.7' 29 | - gemfile: gemfiles/Gemfile-rails-main 30 | ruby: '3.1' 31 | - gemfile: gemfiles/Gemfile-rails-main 32 | ruby: '3.0' 33 | - gemfile: gemfiles/Gemfile-rails-main 34 | ruby: '2.7' 35 | - gemfile: gemfiles/Gemfile-rails-8-0 36 | ruby: '3.1' 37 | - gemfile: gemfiles/Gemfile-rails-8-0 38 | ruby: '3.0' 39 | - gemfile: gemfiles/Gemfile-rails-8-0 40 | ruby: '2.7' 41 | - gemfile: gemfiles/Gemfile-rails-7-2 42 | ruby: '3.0' 43 | - gemfile: gemfiles/Gemfile-rails-7-2 44 | ruby: '2.7' 45 | runs-on: ubuntu-latest 46 | env: # $BUNDLE_GEMFILE must be set at the job level, so it is set for all steps 47 | BUNDLE_GEMFILE: ${{ matrix.gemfile }} 48 | steps: 49 | - uses: actions/checkout@v5 50 | - uses: ruby/setup-ruby@v1 51 | with: 52 | ruby-version: ${{ matrix.ruby }} 53 | bundler-cache: true # runs bundle install and caches installed gems automatically 54 | - run: bundle exec rake 55 | -------------------------------------------------------------------------------- /test/devise/encryptable/encryptors_test.rb: -------------------------------------------------------------------------------- 1 | require "test_helper" 2 | 3 | class Encryptors < ActiveSupport::TestCase 4 | include Support::Swappers 5 | 6 | test 'should match a password created by authlogic' do 7 | authlogic = "b623c3bc9c775b0eb8edb218a382453396fec4146422853e66ecc4b6bc32d7162ee42074dcb5f180a770dc38b5df15812f09bbf497a4a1b95fe5e7d2b8eb7eb4" 8 | encryptor = Devise::Encryptable::Encryptors::AuthlogicSha512.digest('123mudar', 20, 'usZK_z_EAaF61Gwkw-ed', '') 9 | assert_equal authlogic, encryptor 10 | end 11 | 12 | test 'should match a password created by restful_authentication' do 13 | restful_authentication = "93110f71309ce91366375ea44e2a6f5cc73fa8d4" 14 | encryptor = Devise::Encryptable::Encryptors::RestfulAuthenticationSha1.digest('123mudar', 10, '48901d2b247a54088acb7f8ea3e695e50fe6791b', 'fee9a51ec0a28d11be380ca6dee6b4b760c1a3bf') 15 | assert_equal restful_authentication, encryptor 16 | end 17 | 18 | test 'should match a password created by clearance' do 19 | clearance = "0f40bbae18ddefd7066276c3ef209d40729b0378" 20 | encryptor = Devise::Encryptable::Encryptors::ClearanceSha1.digest('123mudar', nil, '65c58472c207c829f28c68619d3e3aefed18ab3f', nil) 21 | assert_equal clearance, encryptor 22 | end 23 | 24 | test 'digest should raise NotImplementedError if not implemented in subclass' do 25 | c = Class.new(Devise::Encryptable::Encryptors::Base) 26 | assert_raise(NotImplementedError) do 27 | c.digest('quux', 10, 'foo', 'bar') 28 | end 29 | end 30 | 31 | Devise::ENCRYPTORS_LENGTH.each do |key, value| 32 | test "should have length #{value} for #{key.inspect}" do 33 | swap Devise, :encryptor => key do 34 | encryptor = Devise::Encryptable::Encryptors.const_get(key.to_s.classify) 35 | assert_equal value, encryptor.digest('a', 4, encryptor.salt(4), nil).size 36 | end 37 | end 38 | end 39 | end 40 | -------------------------------------------------------------------------------- /test/rails_app/config/application.rb: -------------------------------------------------------------------------------- 1 | require File.expand_path('../boot', __FILE__) 2 | 3 | require "action_controller/railtie" 4 | require "action_mailer/railtie" 5 | require "active_record/railtie" 6 | require "rails/test_unit/railtie" 7 | 8 | Bundler.require :default 9 | 10 | module RailsApp 11 | class Application < Rails::Application 12 | # Settings in config/environments/* take precedence over those specified here. 13 | # Application configuration should go into files in config/initializers 14 | # -- all .rb files in that directory are automatically loaded. 15 | 16 | # Custom directories with classes and modules you want to be autoloadable. 17 | # config.autoload_paths += %W(#{config.root}/extras) 18 | 19 | # Only load the plugins named here, in the order given (default is alphabetical). 20 | # :all can be used as a placeholder for all plugins not explicitly named. 21 | # config.plugins = [ :exception_notification, :ssl_requirement, :all ] 22 | 23 | # Activate observers that should always be running. 24 | # config.active_record.observers = :cacher, :garbage_collector, :forum_observer 25 | 26 | # Set Time.zone default to the specified zone and make Active Record auto-convert to this zone. 27 | # Run "rake -D time" for a list of tasks for finding time zone names. Default is UTC. 28 | # config.time_zone = 'Central Time (US & Canada)' 29 | 30 | # The default locale is :en and all translations from config/locales/*.rb,yml are auto loaded. 31 | # config.i18n.load_path += Dir[Rails.root.join('my', 'locales', '*.{rb,yml}').to_s] 32 | # config.i18n.default_locale = :de 33 | 34 | # Configure the default encoding used in templates for Ruby 1.9. 35 | config.encoding = "utf-8" 36 | 37 | # Configure sensitive parameters which will be filtered from the log file. 38 | config.filter_parameters += [:password] 39 | 40 | # Use SQL instead of Active Record's schema dumper when creating the database. 41 | # This is necessary if your schema can't be completely dumped by the schema dumper, 42 | # like if you have constraints or database-specific column types 43 | # config.active_record.schema_format = :sql 44 | end 45 | end 46 | -------------------------------------------------------------------------------- /test/rails_app/db/migrate/20120508165529_create_tables.rb: -------------------------------------------------------------------------------- 1 | class CreateTables < ActiveRecord::Migration[7.0] 2 | def up 3 | create_table :users do |t| 4 | t.string :username 5 | t.string :facebook_token 6 | 7 | ## Database authenticatable 8 | t.string :email, :null => false, :default => "" 9 | t.string :encrypted_password, :null => false, :default => "" 10 | 11 | ## Recoverable 12 | t.string :reset_password_token 13 | t.datetime :reset_password_sent_at 14 | 15 | ## Rememberable 16 | t.datetime :remember_created_at 17 | 18 | ## Trackable 19 | t.integer :sign_in_count, :default => 0 20 | t.datetime :current_sign_in_at 21 | t.datetime :last_sign_in_at 22 | t.string :current_sign_in_ip 23 | t.string :last_sign_in_ip 24 | 25 | ## Encryptable 26 | # t.string :password_salt 27 | 28 | ## Confirmable 29 | t.string :confirmation_token 30 | t.datetime :confirmed_at 31 | t.datetime :confirmation_sent_at 32 | # t.string :unconfirmed_email # Only if using reconfirmable 33 | 34 | ## Lockable 35 | t.integer :failed_attempts, :default => 0 # Only if lock strategy is :failed_attempts 36 | t.string :unlock_token # Only if unlock strategy is :email or :both 37 | t.datetime :locked_at 38 | 39 | ## Token authenticatable 40 | t.string :authentication_token 41 | 42 | t.timestamps :null => false 43 | end 44 | 45 | create_table :admins do |t| 46 | ## Database authenticatable 47 | t.string :email, :null => true 48 | t.string :encrypted_password, :null => true 49 | 50 | ## Recoverable 51 | t.string :reset_password_token 52 | t.datetime :reset_password_sent_at 53 | 54 | ## Rememberable 55 | t.datetime :remember_created_at 56 | 57 | ## Confirmable 58 | t.string :confirmation_token 59 | t.datetime :confirmed_at 60 | t.datetime :confirmation_sent_at 61 | t.string :unconfirmed_email # Only if using reconfirmable 62 | 63 | ## Encryptable 64 | t.string :password_salt 65 | 66 | ## Lockable 67 | t.datetime :locked_at 68 | 69 | t.timestamps :null => false 70 | end 71 | end 72 | 73 | def down 74 | drop_table :users 75 | drop_table :admins 76 | end 77 | end 78 | -------------------------------------------------------------------------------- /test/devise/encryptable/encryptable_test.rb: -------------------------------------------------------------------------------- 1 | require "test_helper" 2 | 3 | class EncryptableTest < ActiveSupport::TestCase 4 | include Support::Assertions 5 | include Support::Factories 6 | include Support::Swappers 7 | 8 | def encrypt_password(admin, pepper=Admin.pepper, stretches=Admin.stretches, encryptor=Admin.encryptor_class) 9 | encryptor.digest('123456', stretches, admin.password_salt, pepper) 10 | end 11 | 12 | test 'should generate salt while setting password' do 13 | assert create_admin.password_salt.present? 14 | end 15 | 16 | test 'should not change password salt when updating' do 17 | admin = create_admin 18 | salt = admin.password_salt 19 | admin.expects(:password_salt=).never 20 | admin.save! 21 | assert_equal salt, admin.password_salt 22 | end 23 | 24 | test 'should generate a base64 hash using SecureRandom for password salt' do 25 | swap_with_encryptor Admin, :sha1 do 26 | # Devise 3.1+ uses a different method to generate friendly tokens, 27 | # when we drop support for Devise 2 we can remove this hack. 28 | # https://github.com/heartcombo/devise/commit/4048545151fe467c9d8c8c6fce164788bb36e25f. 29 | expected_method = Devise::VERSION >= '3.1.0' ? :urlsafe_base64 : :base64 30 | 31 | SecureRandom.expects(expected_method).with(15).returns('01lI').once 32 | salt = create_admin.password_salt 33 | assert_not_equal '01lI', salt 34 | assert_equal 4, salt.size 35 | end 36 | end 37 | 38 | test 'should not generate salt if password is blank' do 39 | assert create_admin(:password => nil).password_salt.blank? 40 | assert create_admin(:password => '').password_salt.blank? 41 | end 42 | 43 | test 'should encrypt password again if password has changed' do 44 | admin = create_admin 45 | encrypted_password = admin.encrypted_password 46 | admin.password = admin.password_confirmation = 'new_password' 47 | admin.save! 48 | assert_not_equal encrypted_password, admin.encrypted_password 49 | end 50 | 51 | test 'should respect encryptor configuration' do 52 | swap_with_encryptor Admin, :sha512 do 53 | admin = create_admin 54 | assert_equal admin.encrypted_password, encrypt_password(admin, Admin.pepper, Admin.stretches, Devise::Encryptable::Encryptors::Sha512) 55 | end 56 | end 57 | 58 | test 'should not validate password when salt is nil' do 59 | admin = create_admin 60 | admin.password_salt = nil 61 | admin.save 62 | assert_not admin.valid_password?('123456') 63 | end 64 | 65 | test 'required_fields should contain the fields that Devise uses' do 66 | assert_same_content Devise::Models::Encryptable.required_fields(Admin), [ 67 | :password_salt 68 | ] 69 | end 70 | end 71 | -------------------------------------------------------------------------------- /test/rails_app/config/environments/production.rb: -------------------------------------------------------------------------------- 1 | RailsApp::Application.configure do 2 | # Settings specified here will take precedence over those in config/application.rb 3 | 4 | # Code is not reloaded between requests 5 | config.cache_classes = true 6 | 7 | # Full error reports are disabled and caching is turned on 8 | config.consider_all_requests_local = false 9 | config.action_controller.perform_caching = true 10 | 11 | # Disable Rails's static asset server (Apache or nginx will already do this) 12 | config.serve_static_assets = false 13 | 14 | # Compress JavaScripts and CSS 15 | config.assets.compress = true 16 | 17 | # Don't fallback to assets pipeline if a precompiled asset is missed 18 | config.assets.compile = false 19 | 20 | # Generate digests for assets URLs 21 | config.assets.digest = true 22 | 23 | # Defaults to Rails.root.join("public/assets") 24 | # config.assets.manifest = YOUR_PATH 25 | 26 | # Specifies the header that your server uses for sending files 27 | # config.action_dispatch.x_sendfile_header = "X-Sendfile" # for apache 28 | # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for nginx 29 | 30 | # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies. 31 | # config.force_ssl = true 32 | 33 | # See everything in the log (default is :info) 34 | # config.log_level = :debug 35 | 36 | # Prepend all log lines with the following tags 37 | # config.log_tags = [ :subdomain, :uuid ] 38 | 39 | # Use a different logger for distributed setups 40 | # config.logger = ActiveSupport::TaggedLogging.new(SyslogLogger.new) 41 | 42 | # Use a different cache store in production 43 | # config.cache_store = :mem_cache_store 44 | 45 | # Enable serving of images, stylesheets, and JavaScripts from an asset server 46 | # config.action_controller.asset_host = "http://assets.example.com" 47 | 48 | # Precompile additional assets (application.js, application.css, and all non-JS/CSS are already added) 49 | # config.assets.precompile += %w( search.js ) 50 | 51 | # Disable delivery errors, bad email addresses will be ignored 52 | # config.action_mailer.raise_delivery_errors = false 53 | 54 | # Enable threaded mode 55 | # config.threadsafe! 56 | 57 | # Enable locale fallbacks for I18n (makes lookups for any locale fall back to 58 | # the I18n.default_locale when a translation can not be found) 59 | config.i18n.fallbacks = true 60 | 61 | # Send deprecation notices to registered listeners 62 | config.active_support.deprecation = :notify 63 | 64 | # Log the query plan for queries taking more than this (works 65 | # with SQLite, MySQL, and PostgreSQL) 66 | # config.active_record.auto_explain_threshold_in_seconds = 0.5 67 | end 68 | -------------------------------------------------------------------------------- /lib/devise/encryptable/model.rb: -------------------------------------------------------------------------------- 1 | require 'devise/strategies/database_authenticatable' 2 | 3 | module Devise 4 | module Models 5 | # Encryptable module adds support to several encryptors wrapping 6 | # them in a salt and pepper mechanism to increase security. 7 | # 8 | # == Options 9 | # 10 | # Encryptable adds the following options to devise_for: 11 | # 12 | # * +pepper+: a random string used to provide a more secure hash. 13 | # 14 | # * +encryptor+: the encryptor going to be used. By default is nil. 15 | # 16 | # == Examples 17 | # 18 | # User.find(1).valid_password?('password123') # returns true/false 19 | # 20 | module Encryptable 21 | extend ActiveSupport::Concern 22 | 23 | included do 24 | attr_reader :password, :current_password 25 | attr_accessor :password_confirmation 26 | end 27 | 28 | def self.required_fields(klass) 29 | [:password_salt] 30 | end 31 | 32 | # Generates password salt when setting the password. 33 | def password=(new_password) 34 | self.password_salt = self.class.password_salt if new_password.present? 35 | super 36 | end 37 | 38 | # Validates the password considering the salt. 39 | def valid_password?(password) 40 | return false if encrypted_password.blank? 41 | encryptor_class.compare(encrypted_password, password, self.class.stretches, authenticatable_salt, self.class.pepper) 42 | end 43 | 44 | # Overrides authenticatable salt to use the new password_salt 45 | # column. authenticatable_salt is used by `valid_password?` 46 | # and by other modules whenever there is a need for a random 47 | # token based on the user password. 48 | def authenticatable_salt 49 | self.password_salt 50 | end 51 | 52 | protected 53 | 54 | # Digests the password using the configured encryptor. 55 | def password_digest(password) 56 | if password_salt.present? 57 | encryptor_class.digest(password, self.class.stretches, authenticatable_salt, self.class.pepper) 58 | end 59 | end 60 | 61 | def encryptor_class 62 | self.class.encryptor_class 63 | end 64 | 65 | module ClassMethods 66 | Devise::Models.config(self, :encryptor) 67 | 68 | # Returns the class for the configured encryptor. 69 | def encryptor_class 70 | @encryptor_class ||= case encryptor 71 | when :bcrypt 72 | raise "In order to use bcrypt as encryptor, simply remove :encryptable from your devise model" 73 | when nil 74 | raise "You need to give an :encryptor as option in order to use :encryptable" 75 | else 76 | Devise::Encryptable::Encryptors.const_get(encryptor.to_s.classify) 77 | end 78 | end 79 | 80 | def password_salt 81 | self.encryptor_class.salt(self.stretches) 82 | end 83 | end 84 | end 85 | end 86 | end -------------------------------------------------------------------------------- /Gemfile.lock: -------------------------------------------------------------------------------- 1 | GIT 2 | remote: https://github.com/heartcombo/devise.git 3 | revision: 141ef373396a4c19a619a24647bc323dc853c6ac 4 | branch: main 5 | specs: 6 | devise (5.0.0.beta) 7 | bcrypt (~> 3.0) 8 | orm_adapter (~> 0.1) 9 | railties (>= 6.0.0) 10 | responders 11 | warden (~> 1.2.3) 12 | 13 | PATH 14 | remote: . 15 | specs: 16 | devise-encryptable (0.2.0) 17 | devise (>= 2.1.0) 18 | 19 | GEM 20 | remote: https://rubygems.org/ 21 | specs: 22 | action_text-trix (2.1.15) 23 | railties 24 | actioncable (8.1.1) 25 | actionpack (= 8.1.1) 26 | activesupport (= 8.1.1) 27 | nio4r (~> 2.0) 28 | websocket-driver (>= 0.6.1) 29 | zeitwerk (~> 2.6) 30 | actionmailbox (8.1.1) 31 | actionpack (= 8.1.1) 32 | activejob (= 8.1.1) 33 | activerecord (= 8.1.1) 34 | activestorage (= 8.1.1) 35 | activesupport (= 8.1.1) 36 | mail (>= 2.8.0) 37 | actionmailer (8.1.1) 38 | actionpack (= 8.1.1) 39 | actionview (= 8.1.1) 40 | activejob (= 8.1.1) 41 | activesupport (= 8.1.1) 42 | mail (>= 2.8.0) 43 | rails-dom-testing (~> 2.2) 44 | actionpack (8.1.1) 45 | actionview (= 8.1.1) 46 | activesupport (= 8.1.1) 47 | nokogiri (>= 1.8.5) 48 | rack (>= 2.2.4) 49 | rack-session (>= 1.0.1) 50 | rack-test (>= 0.6.3) 51 | rails-dom-testing (~> 2.2) 52 | rails-html-sanitizer (~> 1.6) 53 | useragent (~> 0.16) 54 | actiontext (8.1.1) 55 | action_text-trix (~> 2.1.15) 56 | actionpack (= 8.1.1) 57 | activerecord (= 8.1.1) 58 | activestorage (= 8.1.1) 59 | activesupport (= 8.1.1) 60 | globalid (>= 0.6.0) 61 | nokogiri (>= 1.8.5) 62 | actionview (8.1.1) 63 | activesupport (= 8.1.1) 64 | builder (~> 3.1) 65 | erubi (~> 1.11) 66 | rails-dom-testing (~> 2.2) 67 | rails-html-sanitizer (~> 1.6) 68 | activejob (8.1.1) 69 | activesupport (= 8.1.1) 70 | globalid (>= 0.3.6) 71 | activemodel (8.1.1) 72 | activesupport (= 8.1.1) 73 | activerecord (8.1.1) 74 | activemodel (= 8.1.1) 75 | activesupport (= 8.1.1) 76 | timeout (>= 0.4.0) 77 | activestorage (8.1.1) 78 | actionpack (= 8.1.1) 79 | activejob (= 8.1.1) 80 | activerecord (= 8.1.1) 81 | activesupport (= 8.1.1) 82 | marcel (~> 1.0) 83 | activesupport (8.1.1) 84 | base64 85 | bigdecimal 86 | concurrent-ruby (~> 1.0, >= 1.3.1) 87 | connection_pool (>= 2.2.5) 88 | drb 89 | i18n (>= 1.6, < 2) 90 | json 91 | logger (>= 1.4.2) 92 | minitest (>= 5.1) 93 | securerandom (>= 0.3) 94 | tzinfo (~> 2.0, >= 2.0.5) 95 | uri (>= 0.13.1) 96 | base64 (0.3.0) 97 | bcrypt (3.1.20) 98 | bigdecimal (3.3.1) 99 | builder (3.3.0) 100 | concurrent-ruby (1.3.5) 101 | connection_pool (2.5.4) 102 | crass (1.0.6) 103 | date (3.5.0) 104 | drb (2.2.3) 105 | erb (6.0.0) 106 | erubi (1.13.1) 107 | globalid (1.3.0) 108 | activesupport (>= 6.1) 109 | i18n (1.14.7) 110 | concurrent-ruby (~> 1.0) 111 | io-console (0.8.1) 112 | irb (1.15.3) 113 | pp (>= 0.6.0) 114 | rdoc (>= 4.0.0) 115 | reline (>= 0.4.2) 116 | json (2.16.0) 117 | logger (1.7.0) 118 | loofah (2.24.1) 119 | crass (~> 1.0.2) 120 | nokogiri (>= 1.12.0) 121 | mail (2.9.0) 122 | logger 123 | mini_mime (>= 0.1.1) 124 | net-imap 125 | net-pop 126 | net-smtp 127 | marcel (1.1.0) 128 | mini_mime (1.1.5) 129 | mini_portile2 (2.8.9) 130 | minitest (5.26.1) 131 | mocha (2.7.1) 132 | ruby2_keywords (>= 0.0.5) 133 | net-imap (0.5.12) 134 | date 135 | net-protocol 136 | net-pop (0.1.2) 137 | net-protocol 138 | net-protocol (0.2.2) 139 | timeout 140 | net-smtp (0.5.1) 141 | net-protocol 142 | nio4r (2.7.5) 143 | nokogiri (1.18.10) 144 | mini_portile2 (~> 2.8.2) 145 | racc (~> 1.4) 146 | orm_adapter (0.5.0) 147 | pp (0.6.3) 148 | prettyprint 149 | prettyprint (0.2.0) 150 | psych (5.2.6) 151 | date 152 | stringio 153 | racc (1.8.1) 154 | rack (3.2.4) 155 | rack-session (2.1.1) 156 | base64 (>= 0.1.0) 157 | rack (>= 3.0.0) 158 | rack-test (2.2.0) 159 | rack (>= 1.3) 160 | rackup (2.2.1) 161 | rack (>= 3) 162 | rails (8.1.1) 163 | actioncable (= 8.1.1) 164 | actionmailbox (= 8.1.1) 165 | actionmailer (= 8.1.1) 166 | actionpack (= 8.1.1) 167 | actiontext (= 8.1.1) 168 | actionview (= 8.1.1) 169 | activejob (= 8.1.1) 170 | activemodel (= 8.1.1) 171 | activerecord (= 8.1.1) 172 | activestorage (= 8.1.1) 173 | activesupport (= 8.1.1) 174 | bundler (>= 1.15.0) 175 | railties (= 8.1.1) 176 | rails-dom-testing (2.3.0) 177 | activesupport (>= 5.0.0) 178 | minitest 179 | nokogiri (>= 1.6) 180 | rails-html-sanitizer (1.6.2) 181 | loofah (~> 2.21) 182 | nokogiri (>= 1.15.7, != 1.16.7, != 1.16.6, != 1.16.5, != 1.16.4, != 1.16.3, != 1.16.2, != 1.16.1, != 1.16.0.rc1, != 1.16.0) 183 | railties (8.1.1) 184 | actionpack (= 8.1.1) 185 | activesupport (= 8.1.1) 186 | irb (~> 1.13) 187 | rackup (>= 1.0.0) 188 | rake (>= 12.2) 189 | thor (~> 1.0, >= 1.2.2) 190 | tsort (>= 0.2) 191 | zeitwerk (~> 2.6) 192 | rake (13.3.1) 193 | rdoc (6.15.1) 194 | erb 195 | psych (>= 4.0.0) 196 | tsort 197 | reline (0.6.3) 198 | io-console (~> 0.5) 199 | responders (3.2.0) 200 | actionpack (>= 7.0) 201 | railties (>= 7.0) 202 | ruby2_keywords (0.0.5) 203 | securerandom (0.4.1) 204 | sqlite3 (2.7.4) 205 | mini_portile2 (~> 2.8.0) 206 | stringio (3.1.8) 207 | thor (1.4.0) 208 | timeout (0.4.4) 209 | tsort (0.2.0) 210 | tzinfo (2.0.6) 211 | concurrent-ruby (~> 1.0) 212 | uri (1.1.1) 213 | useragent (0.16.11) 214 | warden (1.2.9) 215 | rack (>= 2.0.9) 216 | websocket-driver (0.8.0) 217 | base64 218 | websocket-extensions (>= 0.1.0) 219 | websocket-extensions (0.1.5) 220 | zeitwerk (2.7.3) 221 | 222 | PLATFORMS 223 | ruby 224 | 225 | DEPENDENCIES 226 | devise (~> 5.0.0.beta)! 227 | devise-encryptable! 228 | mocha 229 | rails (~> 8.1.0) 230 | sqlite3 231 | 232 | BUNDLED WITH 233 | 2.7.2 234 | --------------------------------------------------------------------------------