Merge branch 'master' into dependabot/bundler/rubocop-tw-0.81.0

.gitignore

@@ -48,3 +48,5 @@ bin/*
 gemfiles/*.lock
 
 vendor/
+
+.byebug_history

Gemfile

@@ -4,7 +4,7 @@ source 'https://rubygems.org'
 gemspec
 
 # Oldest Rails version getting security patches is 5.2
-gem 'railties', '~> 5.2.0'
+gem 'railties', '~> 5.2.4'
 gem 'minitest-rails', '~> 5.2.0'
 
 group :active_record do

Gemfile.lock

@@ -7,48 +7,48 @@ PATH
 GEM
   remote: https://rubygems.org/
   specs:
-    actioncable (5.2.4.4)
-      actionpack (= 5.2.4.4)
+    actioncable (5.2.4.5)
+      actionpack (= 5.2.4.5)
       nio4r (~> 2.0)
       websocket-driver (>= 0.6.1)
-    actionmailer (5.2.4.4)
-      actionpack (= 5.2.4.4)
-      actionview (= 5.2.4.4)
-      activejob (= 5.2.4.4)
+    actionmailer (5.2.4.5)
+      actionpack (= 5.2.4.5)
+      actionview (= 5.2.4.5)
+      activejob (= 5.2.4.5)
       mail (~> 2.5, >= 2.5.4)
       rails-dom-testing (~> 2.0)
-    actionpack (5.2.4.4)
-      actionview (= 5.2.4.4)
-      activesupport (= 5.2.4.4)
+    actionpack (5.2.4.5)
+      actionview (= 5.2.4.5)
+      activesupport (= 5.2.4.5)
       rack (~> 2.0, >= 2.0.8)
       rack-test (>= 0.6.3)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.0, >= 1.0.2)
-    actionview (5.2.4.4)
-      activesupport (= 5.2.4.4)
+    actionview (5.2.4.5)
+      activesupport (= 5.2.4.5)
       builder (~> 3.1)
       erubi (~> 1.4)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.0, >= 1.0.3)
-    activejob (5.2.4.4)
-      activesupport (= 5.2.4.4)
+    activejob (5.2.4.5)
+      activesupport (= 5.2.4.5)
       globalid (>= 0.3.6)
-    activemodel (5.2.4.4)
-      activesupport (= 5.2.4.4)
-    activerecord (5.2.4.4)
-      activemodel (= 5.2.4.4)
-      activesupport (= 5.2.4.4)
+    activemodel (5.2.4.5)
+      activesupport (= 5.2.4.5)
+    activerecord (5.2.4.5)
+      activemodel (= 5.2.4.5)
+      activesupport (= 5.2.4.5)
       arel (>= 9.0)
-    activestorage (5.2.4.4)
-      actionpack (= 5.2.4.4)
-      activerecord (= 5.2.4.4)
+    activestorage (5.2.4.5)
+      actionpack (= 5.2.4.5)
+      activerecord (= 5.2.4.5)
       marcel (~> 0.3.1)
-    activesupport (5.2.4.4)
+    activesupport (5.2.4.5)
       concurrent-ruby (~> 1.0, >= 1.0.2)
       i18n (>= 0.7, < 2)
       minitest (~> 5.1)
       tzinfo (~> 1.1)
-    appraisal (2.3.0)
+    appraisal (2.4.0)
       bundler
       rake
       thor (>= 0.14.0)
@@ -57,13 +57,13 @@ GEM
     backport (1.1.2)
     bcrypt (3.1.16)
     benchmark (0.1.0)
-    bson (4.11.1)
+    bson (4.12.0)
     builder (3.2.4)
     byebug (11.1.3)
     coderay (1.1.3)
-    concurrent-ruby (1.1.7)
+    concurrent-ruby (1.1.8)
     crass (1.0.6)
-    database_cleaner (1.8.5)
+    database_cleaner (1.99.0)
     devise (4.7.3)
       bcrypt (~> 3.0)
       orm_adapter (~> 0.1)
@@ -80,15 +80,15 @@ GEM
       rspec-rails (>= 2.8.1)
       simplecov (>= 0.3.8)
       yard (>= 0.7.0)
-    erubi (1.9.0)
+    erubi (1.10.0)
     globalid (0.4.2)
       activesupport (>= 4.2.0)
     hashie (4.1.0)
-    i18n (1.8.5)
+    i18n (1.8.9)
       concurrent-ruby (~> 1.0)
     interception (0.5)
     jaro_winkler (1.5.4)
-    loofah (2.7.0)
+    loofah (2.9.0)
       crass (~> 1.0.2)
       nokogiri (>= 1.5.9)
     m (1.5.1)
@@ -102,19 +102,20 @@ GEM
     method_source (1.0.0)
     mimemagic (0.3.5)
     mini_mime (1.0.2)
-    mini_portile2 (2.4.0)
-    minitest (5.14.2)
+    mini_portile2 (2.5.0)
+    minitest (5.14.4)
     minitest-rails (5.2.0)
       minitest (~> 5.10)
       railties (~> 5.2.0)
-    mongo (2.13.1)
+    mongo (2.14.0)
       bson (>= 4.8.2, < 5.0.0)
-    mongoid (7.1.5)
-      activemodel (>= 5.1, < 6.1)
-      mongo (>= 2.7.0, < 3.0.0)
-    nio4r (2.5.3)
-    nokogiri (1.10.10)
-      mini_portile2 (~> 2.4.0)
+    mongoid (7.2.1)
+      activemodel (>= 5.1, < 6.2)
+      mongo (>= 2.10.5, < 3.0.0)
+    nio4r (2.5.5)
+    nokogiri (1.11.1)
+      mini_portile2 (~> 2.5.0)
+      racc (~> 1.4)
     omniauth (1.9.1)
       hashie (>= 3.4.6)
       rack (>= 1.6.2, < 3)
@@ -131,21 +132,22 @@ GEM
     pry-rescue (1.5.2)
       interception (>= 0.5)
       pry (>= 0.12.0)
+    racc (1.5.2)
     rack (2.2.3)
     rack-test (1.1.0)
       rack (>= 1.0, < 3)
-    rails (5.2.4.4)
-      actioncable (= 5.2.4.4)
-      actionmailer (= 5.2.4.4)
-      actionpack (= 5.2.4.4)
-      actionview (= 5.2.4.4)
-      activejob (= 5.2.4.4)
-      activemodel (= 5.2.4.4)
-      activerecord (= 5.2.4.4)
-      activestorage (= 5.2.4.4)
-      activesupport (= 5.2.4.4)
+    rails (5.2.4.5)
+      actioncable (= 5.2.4.5)
+      actionmailer (= 5.2.4.5)
+      actionpack (= 5.2.4.5)
+      actionview (= 5.2.4.5)
+      activejob (= 5.2.4.5)
+      activemodel (= 5.2.4.5)
+      activerecord (= 5.2.4.5)
+      activestorage (= 5.2.4.5)
+      activesupport (= 5.2.4.5)
       bundler (>= 1.3.0)
-      railties (= 5.2.4.4)
+      railties (= 5.2.4.5)
       sprockets-rails (>= 2.0.0)
     rails-controller-testing (1.0.4)
       actionpack (>= 5.0.1.x)
@@ -158,38 +160,38 @@ GEM
       loofah (~> 2.3)
     rails_email_validator (0.1.4)
       activemodel (>= 3.0.0)
-    railties (5.2.4.4)
-      actionpack (= 5.2.4.4)
-      activesupport (= 5.2.4.4)
+    railties (5.2.4.5)
+      actionpack (= 5.2.4.5)
+      activesupport (= 5.2.4.5)
       method_source
       rake (>= 0.8.7)
       thor (>= 0.19.0, < 2.0)
     rainbow (3.0.0)
-    rake (13.0.1)
-    responders (2.4.1)
-      actionpack (>= 4.2.0, < 6.0)
-      railties (>= 4.2.0, < 6.0)
+    rake (13.0.3)
+    responders (3.0.1)
+      actionpack (>= 5.0)
+      railties (>= 5.0)
     reverse_markdown (2.0.0)
       nokogiri
     rexml (3.2.4)
     rmagick (4.1.2)
-    rspec-core (3.9.2)
-      rspec-support (~> 3.9.3)
-    rspec-expectations (3.9.2)
+    rspec-core (3.10.1)
+      rspec-support (~> 3.10.0)
+    rspec-expectations (3.10.1)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.9.0)
-    rspec-mocks (3.9.1)
+      rspec-support (~> 3.10.0)
+    rspec-mocks (3.10.2)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.9.0)
-    rspec-rails (4.0.1)
+      rspec-support (~> 3.10.0)
+    rspec-rails (4.0.2)
       actionpack (>= 4.2)
       activesupport (>= 4.2)
       railties (>= 4.2)
-      rspec-core (~> 3.9)
-      rspec-expectations (~> 3.9)
-      rspec-mocks (~> 3.9)
-      rspec-support (~> 3.9)
-    rspec-support (3.9.2)
+      rspec-core (~> 3.10)
+      rspec-expectations (~> 3.10)
+      rspec-mocks (~> 3.10)
+      rspec-support (~> 3.10)
+    rspec-support (3.10.2)
     rubocop (0.83.0)
       parallel (~> 1.10)
       parser (>= 2.7.0.1)
@@ -229,10 +231,10 @@ GEM
       activesupport (>= 4.0)
       sprockets (>= 3.0.0)
     sqlite3 (1.3.13)
-    thor (1.0.1)
+    thor (1.1.0)
     thread_safe (0.3.6)
     tilt (2.0.10)
-    tzinfo (1.2.8)
+    tzinfo (1.2.9)
       thread_safe (~> 0.1)
     unicode-display_width (1.7.0)
     warden (1.2.8)
@@ -249,18 +251,19 @@ PLATFORMS
 DEPENDENCIES
   appraisal
   bundler
-  database_cleaner
+  database_cleaner (< 2.0.0)
   devise-security!
   easy_captcha
   m
   minitest
   minitest-rails (~> 5.2.0)
   mongoid
-  omniauth
+  omniauth (< 2.0.0)
   pry-byebug
   pry-rescue
   rails-controller-testing (<= 1.0.4)
   rails_email_validator
+  railties (~> 5.2.4)
   rubocop (~> 0.83.0)
   rubocop-rails
   simplecov-lcov

README.md

@@ -124,6 +124,9 @@ Devise.setup do |config|
   # ==> Configuration for :expirable
   # Time period for account expiry from last_activity_at
   # config.expire_after = 90.days
+
+  # Allow passwords to be equal to email (false, true)
+  # config.allow_passwords_equal_to_email = false
 end
 ```
 
@@ -231,6 +234,16 @@ create_table :the_resources do |t|
 end
 ```
 
+#### Bypassing session limitable
+
+Sometimes it's useful to impersonate a user without authentication (e.g. [administrator impersonating a user](https://github.com/plataformatec/devise/wiki/How-To:-Sign-in-as-another-user-if-you-are-an-admin)), in this case the `session_limitable` strategy will log out the user, and if the user logs in while the administrator is still logged in, the administrator will be logged out.
+
+For such cases the following can be used:
+
+```ruby
+sign_in(User.find(params[:id]), scope: :user, skip_session_limitable: true)
+```
+
 ### Expirable
 
 ```ruby

app/controllers/devise/password_expired_controller.rb

@@ -42,11 +42,7 @@ def skip_password_change
   def resource_params
     permitted_params = [:current_password, :password, :password_confirmation]
 
-    if params.respond_to?(:permit)
-      params.require(resource_name).permit(*permitted_params)
-    else
-      params[scope].slice(*permitted_params)
-    end
+    params.require(resource_name).permit(*permitted_params)
   end
 
   def scope

config/locales/by.yml

@@ -3,6 +3,7 @@ by:
     messages:
       taken_in_past: 'ужо раней выкарыстоўваўся.'
       equal_to_current_password: 'павінен адрознівацца ад сучаснага пароля.'
+      equal_to_email: 'павінна адрознівацца ад электроннай пошты.'
       password_complexity:
         digit:
           one: 'павінен утрымліваць хоць адну лічбу'

config/locales/cs.yml

@@ -3,6 +3,7 @@ cs:
     messages:
       taken_in_past: bylo již použito v minulosti.
       equal_to_current_password: se musí lišit od aktuálního hesla.
+      equal_to_email: musí být jiný než e-mail.
       password_complexity:
         digit:
           one: musí obsahovat alespoň jednu číslici

config/locales/de.yml

@@ -3,6 +3,7 @@ de:
     messages:
       taken_in_past: 'wurde bereits in der Vergangenheit verwendet.'
       equal_to_current_password: 'darf nicht dem aktuellen Passwort entsprechen.'
+      equal_to_email: 'darf nicht dem E-mail entsprechen.'
       password_complexity:
         digit:
           one: muss mindestens eine Ziffer enthalten

config/locales/en.yml

@@ -3,6 +3,7 @@ en:
     messages:
       taken_in_past: 'was used previously.'
       equal_to_current_password: 'must be different than the current password.'
+      equal_to_email: 'must be different than the email.'
       password_complexity:
         digit:
           one: must contain at least one digit

config/locales/es.yml

@@ -3,6 +3,7 @@ es:
     messages:
       taken_in_past: 'la contraseña fue usada previamente, por favor elige otra.'
       equal_to_current_password: 'tiene que ser diferente a la contraseña actual.'
+      equal_to_email: 'tiene que ser diferente al email'
       password_complexity:
         digit:
           one: tiene que contener al menos un dígito

config/locales/fa.yml

@@ -3,6 +3,7 @@ fa:
     messages:
       taken_in_past: 'قبلا استفاده شده است'
       equal_to_current_password: 'باید متفاوت با رمز عبور فعلی باشد'
+      equal_to_email: 'باید متفاوت از ایمیل باشد'
       password_complexity:
         digit:
           one: باید حداقل یک رقم داشته باشد

config/locales/fr.yml

@@ -3,6 +3,7 @@ fr:
     messages:
       taken_in_past: a été utilisé trop récemment. Veuillez en choisir un autre
       equal_to_current_password: doit être différent de l'actuel
+      equal_to_email: doit être différent de l'e-mail
       password_complexity:
         digit:
           one: doit contenir au moins un chiffre

config/locales/hi.yml

@@ -4,6 +4,7 @@ hi:
     messages:
       taken_in_past: यह पासवर्ड, आपके द्वारा पूर्व मे प्रयोग किया जा चुका है  
       equal_to_current_password: नया पासवर्ड, वर्तमान पासवर्ड से भिन्न होना चाहिए 
+      equal_to_email: ईमेल से अलग होना चाहिए
       password_complexity:
         digit:
           one: एक अंक होना चाहिए 

config/locales/it.yml

@@ -3,6 +3,7 @@ it:
     messages:
       taken_in_past: "è stata gia' utilizzata in passato!"
       equal_to_current_password: " deve essere differente dalla password corrente!"
+      equal_to_email: "deve essere differente dall'email"
       password_complexity:
         digit:
           one: deve contenere almeno una cifra

config/locales/ja.yml

@@ -3,6 +3,7 @@ ja:
     messages:
       taken_in_past: 'は既に使われています。'
       equal_to_current_password: 'は現在のパスワードと異なるものである必要があります。'
+      equal_to_email: 'メールとは異なる必要があります'
       password_complexity:
         digit:
           one: は最低1つの数字を含む必要があります。