Secure password extension

Identity Manager 8.1.2 – Secure Password Extension Administration Guide

Secure password extension

Secure Password Extension

It is very common for business users to forget their password and be unable to log in to the system.

One Identity Manager allows users to securely and conveniently reset their network passwords, or manage their passwords in multiple enterprise systems, before even logging in to the system.

To enable users to access the Password Reset Portal from the Windows login screen, One Identity Manager implements Secure Password Extension.

Secure Password Extension is an application that provides one-click access to the complete functionality of the Password Reset Portal from the Windows login screen.

Secure Password Extension is included on the installation CD and is deployed through a group policy.

For information on how to deploy and configure Secure Password Extension on end-user workstations in the managed domain, see Deploying and configuring Secure Password Extension.

Secure Password Extension supports the authentication model in the following systems:

  • Windows 7
  • Windows 8
  • Windows 8.1
  • Windows 10

On workstations running Windows 7, Secure Password Extension adds the Forgot My Password link to the Windows login screen. In Windows 8, 8.1 and 10, Secure Password Extension adds an icon under the login options to the user tile on the login screen. By clicking these buttons and links, users open the Password Reset Portal.

When users connect to the Password Reset Portal from the Windows login screen, anonymous access is enabled and the functionality of Microsoft Internet Explorer is restricted, thereby preventing the actions that may pose a security threat. Once users open the Password Reset Portal home page from the Windows login screen, they cannot access any other website, or open a new browser window or a context menu.

For Secure Password Extension to function properly, you must specify the corresponding URL to the Password Reset Portal in the supplied administrative template prm_gina.adm or prm_gina.admx located in the \Password Manager\Setup\Administrative Template\ folder of the installation CD and apply the template to selected users. For more information, see Configuring Secure Password Extension.

Deploying and configuring Secure Password Extension

This section describes the prerequisites and steps for deploying and configuring Secure Password Extension to provide access to the Password Reset Portal from the Windows login screen on end-user computers.

Detailed information about this topic

To ensure that forwarding to the Password Reset Portal works correctly, you must configure the Password Reset Portal (server-sided configuration).

To configure the forwarding to the Password Reset Portal

  1. Start Internet Information Services Manager.

  2. Navigate to the Password Reset Portal entry.

  3. Right-click the Password Reset Portal entry and in the context menu, click Explore.

  4. In the Explorer window, create the subfolder EntryPoint.

  5. Open the subfolder EntryPoint and create the web.config file.

  6. Edit the web.config file and insert the following content:

  7. Save the file changes.

Secure Password Extension is deployed on client computers through a group policy.

You can create a new group policy object (GPO) or use an existing one to assign the installation package with Secure Password Extension for installing it on the destination computers.

Secure Password Extension is then installed on computers to which the GPO applies. Depending on the operating system running on the destination computers, you must apply one of the following installation packages included on the installation CD:

  • SecurePasswordExtension_x86.msi – Installs Secure Password Extension on computers running x86 versions of operating systems.
  • SecurePasswordExtension_x64.msi – Installs Secure Password Extension on computers running x64 versions of operating systems.

You can modify the behavior and on-screen appearance of Secure Password Extension components by configuring the settings of an administrative template, and then applying the template to the target computers through a group policy.

The administrative template is available in two formats: prm_gina.adm and prm_gina.admx.

The prm_gina.adm administrative template file is located in the Modules\ADS\dvd\AddOn\SecurePasswordExtension\Administrative Template folder of the installation CD. Before using the file, copy it from the installation CD. The recommended target location is the \inf subfolder of the Windows folder on a domain controller.

The prm_gina.admx administrative template file is located in the Modules\ADS\dvd\AddOn\SecurePasswordExtension\Administrative Template folder of the installation CD. This administrative template is designed to be used with Windows Server 2008 R2 or later operating systems.

Before using this administrative template, copy the prm_gina.admx and prm_gina.adml files from the installation CD to the following locations: %systemroot%\policyDefinitions (for the prm_gina.admx file) and %systemroot%\policyDefinitions\En-US (for the prm_gina.adml file).

Follow these steps to configure and deploy the Secure Password Extension on end-user computers.

To deploy and configure Secure Password Extension

  1. Copy the required installation package (SecurePasswordExtension_x86.msi or SecurePasswordExtension_x64.msi) from the installation CD to a network share accessible from all domain controllers where you want to install Secure Password Extension. The MSI packages are located in the Modules\ADS\dvd\AddOn\SecurePasswordExtension folder of the installation CD.

  2. Create a GPO and link it to all computers, sites, domains, or organizational units where you want to use Secure Password Extension. You may also choose an existing GPO to use with Secure Password Extension.

  3. Open the GPO in the Group Policy Management Editor, and perform the following actions:

    1. Expand Computer ConfigurationPolicies | Software Settings.
    2. Right-click Software installation and select New | Package.
    3. Browse for the MSI package you have copied in step 1, and click Open.
    4. In the Deploy Software window, select a deployment method and click OK.
    5. (Optional) Verify and configure the properties of the installation.

    Related topics

    • Uninstalling Secure Password Extension

Источник: https://support.oneidentity.com/technical-documents/identity-manager/8.1.2/secure-password-extension-administration-guide

10 лучших менеджеров паролей по версии Лайфхакера

Secure password extension

Пароли должны быть сложными и разными. Но чтобы следовать этому правилу, необходимо использовать менеджер паролей. Все данные для авторизации на различных сервисах будут храниться в нём. Это позволит генерировать какие угодно сложные ключи. Лайфхакер собрал топ хранилищ паролей, которые помогут защитить ваши аккаунты.

1. LastPass

Платформы: Web, Android, iOS, macOS, Windows.

При установке на компьютер появляется предложение добавить расширение для хранения паролей в браузере. Для смартфонов и планшетов есть клиенты в магазинах приложений.

Данные шифруются и дешифруются на уровне устройств. Доступа к главному паролю и ключам для дешифровки нет даже у самого LastPass. Вы можете делиться паролями с коллегами и близкими, выбирая, увидят ли они код или просто получат доступ к сервису на определённое время. LastPass сам авторизует пользователя на сайтах с сохранёнными паролями.

Разработчик: LastPass

Цена: Бесплатно

2. Dashlane

Платформы: Web, Android, iOS, macOS, Windows.

После установки Dashlane проверит базу и при обнаружении слабых, повторяющихся или повреждённых паролей предложит заменить их. Если сайт, которым вы пользуетесь, будет взломан, менеджер предупредит об этом. Кроме того, в Dashlane можно хранить данные банковских карт и счетов, а также чеки на покупки в интернет-магазинах.

3. 1Password

Платформы: Android, iOS, macOS, Windows.

Умеет работать без подключения к сети и синхронизировать хранилище через сетевые папки, Wi-Fi или «облака» (Dropbox и iCloud). Вы можете настроить доступ для других пользователей или указать доверенные контакты.

Менеджер работает на Windows и macOS. Имеет расширения для популярных браузеров: Firefox, Opera, Chrome и Safari. Мобильные приложения доступны после покупки лицензии. Однако у них есть пробный период на 30 дней.

4. RoboForm

Платформы: Android, iOS, macOS, Windows, Linux.

Roboform не только сохранит пароли, но и обезопасит вас от фишинговых атак. Приложение запоминает, как выглядит правильная ссылка на сервис. И предупреждает об опасности при вводе данных для авторизации или оплаты. RoboForm можно бесплатно установить на мобильные устройства. Но синхронизация с компьютером возможна только после оплаты подписки.

5. KeePass

Платформы: Android, iOS, macOS, Windows, Linux.

Бесплатный менеджер паролей с открытым исходным кодом. Несмотря на устаревший внешний вид, предлагает высокий уровень безопасности. Приложение имеет портативную версию, которую можно загружать с флешки без установки на компьютер.

У KeePass нет синхронизации. Вы можете переносить базу данных на флешке или использовать облачное хранилище для получения доступа к паролям на разных устройствах. Если хранить в «облаке» портативную версию приложения и базу данных, то никакая другая синхронизация не понадобится.

Разработчик: Brian Pellin

Цена: Бесплатно

Разработчик: gkardava

Цена: Бесплатно

6. Sticky Password

Платформы: Android, iOS, macOS, Windows.

Менеджер от разработчиков антивируса AVG, который умеет захватывать данные даже со старых форм и управлять паролями приложений. Поддерживает прямую синхронизацию по  Wi-Fi. Не предоставляет доступ к паролям онлайн, что повышает уровень безопасности.

7. oneSafe

Платформы: Android, iOS, macOS, Windows.

У этого приложения функциональность чуть шире, чем у других менеджеров паролей. OneSafe предлагает закрыть доступ к файлам на компьютере и делать резервные копии на съёмные носители. Функция Decoy  Safe поможет создать фейковые аккаунты, чтобы даже в случае взлома приложения злоумышленники не получили верные данные.

Разработчик: Lunabee Pte Ltd

Цена: Бесплатно

8. SafeInCloud

Платформы: Android, iOS, macOS, Windows.

Менеджер хранит пароли в «облаке», предлагая синхронизацию между Windows, Mac, Android и iOS через Яндекс.Диск, Google Drive, OneDrive и Dropbox. Для создания безопасных паролей в приложение встроен генератор. Есть интеграция со всеми популярными браузерами и функция автозаполнения полей, которая позволяет избежать необходимости копировать пароли из менеджера.

SafeInCloud Password Manager

Цена: 0

9. Splikity

Платформы: Android, iOS, Web.

Хорошо выполняет свои функции, но не предлагает ничего нового. Работает на компьютере и мобильных устройствах. Поддерживает интеграцию с популярными браузерами и автоматическую синхронизацию. Из конкурентных преимуществ можно выделить простой интерфейс, который делает Splikity хорошим выбором для тех, кто раньше не пользовался менеджерами паролей.

Разработчик: splikity.com

Цена: 0

10. Enpass

Платформы: Android, iOS, macOS, Windows.

Enpass предлагает две опции хранения данных: локально на компьютере и удалённо в «облаке». По умолчанию пароли хранятся локально. Но при включении синхронизации данные передаются в зашифрованном виде через Dropbox, Google Drive, OneDrive и другие хранилища.

В связке с Enpass поставляется генератор паролей, в котором можно самостоятельно выбирать параметры формирования кода (длину и использование определённых символов). Генератор встроен в окно добавления паролей, что позволяет быстро создавать сложные ключи для разных аккаунтов.

Что выбрать: локальное или облачное хранение

Менеджеры паролей могут хранить данные локально на компьютере или удалённо в «облаке». Достоинства облачного хранения и синхронизации очевидны: пароли доступны на всех устройствах, на которых установлен менеджер. Риск заключается в том, что если облачный сервис будет скомпрометирован, пароли окажутся в руках злоумышленников.

Надо решить, что важнее: максимальная защищённость от потери данных или удобство использования.

Локальное хранение безопаснее, но отсутствие синхронизации между устройствами может доставить много неудобств. Например, вы сохраните пароль от аккаунта на компьютере, а при попытке авторизоваться с телефона не сможете вспомнить ключ.

Недоверие к менеджерам паролей вызывает и сам факт нахождения всех ключей в одном месте. Но для большинства пользователей преимущества безопасности, которые дают сложные пароли, перевешивают этот недостаток.

Источник: https://Lifehacker.ru/10-luchshix-xranilishh-parolej/

Strong Random Password Generator

Secure password extension

Your New Password:

Remember your password:

Remember your password with the first character of each word in this sentence.

To prevent your passwords from being hacked by social engineering, brute force or dictionary attack method, and keep your online accounts safe, you should notice that:

1. Do not use the same password, security question and answer for multiple important accounts.

2. Use a password that has at least 16 characters, use at least one number, one uppercase letter, one lowercase letter and one special symbol.

3. Do not use the names of your families, friends or pets in your passwords.

4. Do not use postcodes, house numbers, phone numbers, birthdates, ID card numbers, social security numbers, and so on in your passwords.

5. Do not use any dictionary word in your passwords. Examples of strong passwords: ePYHc~dS*)8$+V-' , qzRtC{6rXN3N\RgL , zbfUMZPE6`FC%)sZ. Examples of weak passwords: qwert12345, Gbt3fC79ZmMEFUFJ, 1234567890, 987654321, nortonpassword.

6. Do not use two or more similar passwords which most of their characters are same, for example, ilovefreshflowersMac, ilovefreshflowersDropBox, since if one of these passwords is stolen, then it means that all of these passwords are stolen.

7. Do not use something that can be cloned( but you can't change ) as your passwords, such as your fingerprints.

8. Do not let your Web browsers( FireFox, Chrome, Safari, Opera, IE, Microsoft Edge ) to store your passwords, since all passwords saved in Web browsers can be revealed easily.

9. Do not log in to important accounts on the computers of others, or when connected to a public Wi-Fi hotspot, Tor, free VPN or web proxy.

10. Do not send sensitive information online via unencrypted( e.g. HTTP or FTP ) connections, because messages in these connections can be sniffed with very little effort. You should use encrypted connections such as HTTPS, SFTP, FTPS, SMTPS, IPSec whenever possible.

11. When travelling, you can encrypt your Internet connections before they leave your laptop, tablet, mobile phone or router. For example, you can set up a private VPN( with MS-CHAP v2 or stronger protocols ) on your own server( home computer, dedicated server or VPS ) and connect to it.

Alternatively, you can set up an encrypted SSH tunnel between your computer and your own server and configure Chrome or FireFox to use socks proxy. Then even if somebody captures your data as it is transmitted between your device( e.g.

laptop, iPhone, iPad ) and your server with a packet sniffer, they'll won't be able to steal your data and passwords from the encrypted streaming data.

12. How secure is my password? Perhaps you believe that your passwords are very strong, difficult to hack. But if a hacker has stolen your username and the MD5 hash value of your password from a company's server, and the rainbow table of the hacker contains this MD5 hash, then your password will be cracked quickly.

     To check the strength of your passwords and know whether they're inside the popular rainbow tables, you can convert your passwords to MD5 hashes on a MD5 hash generator, then decrypt your passwords by submitting these hashes to an online MD5 decryption service.

For instance, your password is “0123456789A”, using the brute-force method, it may take a computer almost one year to crack your password, but if you decrypt it by submitting its MD5 hash( C8E7279CD035B23BB9C0F1F954DFF5B3 ) to a MD5 decryption website, how long will it take to crack it? You can perform the test yourself.

13. It's recommended to change your passwords every 10 weeks.

14. It's recommended that you remember a few master passwords, store other passwords in a plain text file and encrypt this file with 7-Zip, GPG or a disk encryption software such as BitLocker, or manage your passwords with a password management software.

15. Encrypt and backup your passwords to different locations, then if you lost access to your computer or account, you can retrieve your passwords back quickly.

16. Turn on 2-step authentication whenever possible.

17. Do not store your critical passwords in the cloud.

18. Access important websites( e.g. Paypal ) from bookmarks directly, otherwise please check its domain name carefully, it's a good idea to check the popularity of a website with Alexa toolbar to ensure that it's not a phishing site before entering your password.

19. Protect your computer with firewall and antivirus software, block all incoming connections and all unnecessary outgoing connections with the firewall. Download software from reputable sites only, and verify the MD5 / SHA1 / SHA256 checksum or GPG signature of the installation package whenever possible.

20. Keep the operating systems( e.g. Windows 7, Windows 10, Mac OS X, iOS, Linux ) and Web browsers( e.g. FireFox, Chrome, IE, Microsoft Edge ) of your devices( e.g. Windows PC, Mac PC, iPhone, iPad, Android tablet ) up-to-date by installing the latest security update.

21. If there are important files on your computer, and it can be accessed by others, check if there are hardware keyloggers( e.g. wireless keyboard sniffer ), software keyloggers and hidden cameras when you feel it's necessary.

22.

If there are WIFI routers in your home, then it's possible to know the passwords you typed( in your neighbor's house ) by detecting the gestures of your fingers and hands, since the WIFI signal they received will change when you move your fingers and hands. You can use an on-screen keyboard to type your passwords in such cases, it would be more secure if this virtual keyboard( or soft keyboard ) changes layouts every time.

23. Lock your computer and mobile phone when you leave them.

24. Encrypt the entire hard drive with LUKS or similar tools before putting important files on it, and destroy the hard drive of your old devices physically if it's necessary.

25. Access important websites in private or incognito mode, or use one Web browser to access important websites, use another one to access other sites. Or access unimportant websites and install new software inside a virtual machine created with VMware, VirtualBox or Parallels.

26. Use at least 3 different email addresses, use the first one to receive emails from important sites and Apps, such as Paypal and Amazon, use the second one to receive emails from unimportant sites and Apps, use the third one( from a different email provider, such as Outlook and GMail ) to receive your password-reset email when the first one( e.g. Yahoo Mail ) is hacked.

27. Use at least 2 differnet phone numbers, do NOT tell others the phone number which you use to receive text messages of the verification codes.

28. Do not click the link in an email or SMS message, do not reset your passwords by clicking them, except that you know these messages are not fake.

29. Do not tell your passwords to anybody in the email.

30. It's possible that one of the software or App you downloaded or updated has been modified by hackers, you can avoid this problem by not installing this software or App at the first time, except that it's published to fix security holes. You can use Web based apps instead, which are more secure and portable.

31. Be careful when using online paste tools and screen capture tools, do not let them to upload your passwords to the cloud.

32. If you're a webmaster, do not store the users passwords, security questions and answers as plain text in the database, you should store the salted ( SHA1, SHA256 or SHA512 )hash values of of these strings instead. It's recommended to generate a unique random salt string for each user.

In addition, it's a good idea to log the user's device information( e.g. OS version, screen resolution, etc.

) and save the salted hash values of them, then when he/she try to login with the correct password but his/her device information does NOT match the previous saved one, let this user to verify his/her identity by entering another verification code sent via SMS or email.

33. If you are a software developer, you should publish the update package signed with a private key using GnuPG, and verify the signature of it with the public key published previously.

34. To keep your online business safe, you should register a domain name of your own, and set up an email account with this domain name, then you'll not lose your email account and all your contacts, since your can host your mail server anywhere, your email account can't be disabled by the email provider.

35. If an online shopping site only allows to make payment with credit cards, then you should use a virtual credit card instead.

36. Close your web browser when you leave your computer, otherwise the cookies can be intercepted with a small USB device easily, making it possible to bypass two-step verification and log into your account with stolen cookies on other computers.

37. Distrust and remove bad SSL certificates from your Web browser, otherwise you will NOT be able to ensure the confidentiality and integrity of the HTTPS connections which use these certificates.

38. Encrypt the entire system partition, otherwise please disable the pagefile and hibernation functions, since it's possible to find your important documents in the pagefile.sys and hiberfil.sys files.

39. To prevent brute force login attacks to your dedicated servers, VPS servers or cloud servers, you can install an intrusion detection and prevention software such as LFD( Login Failure Daemon ) or Fail2Ban.

This online app is designed for: generar contraseña, generateur mot de passe, générateur de mot de passe, generateur de mot de passe, générateur mot de passe, パスワード生成, パスワード作成, パスワード 自動生成, パスワード ランダム

Copyright © 2012 – 2021 PasswordsGenerator.net, Password Generator Plus, Name Generator, QR Code Generator, Character Count, Base64 Decode, Text Editor, Convert Case, MD5 Hash Generator, SHA256 Generator Online, パスワード生成, Gerador de Senhas, rенератор паролей, Generador De Contraseñas . All Rights Reserved.

We do not store any passwords.

Источник: https://passwordsgenerator.net/

ValiMail/devise-secure_password

Secure password extension

The Devise Secure Password Extension is a user account password policy enforcement gem that can beadded to a Rails project to enforce password policies. The gem is implemented as an extension to the Railsdevise authentication solution gem and requires that devise is installedas well.

Overview

The Devise Secure Password Extension is composed of the following modules:

  • password_has_required_content: require that passwords consist of a specific number (configurable) of letters,numbers, and special characters (symbols)
  • password_disallows_frequent_reuse: prevent the reuse of a number (configurable) of previous passwords when a userchanges their password
  • password_disallows_frequent_changes: prevent the user from changing their password more than once within a timeduration (configurable)
  • password_requires_regular_updates: require that a user change their password following a time duration(configurable)

Compatibility

The goal of this project is to provide compatibility for officially supported stable releases of Rubyand Ruby on Rails. More specifically, the following releasesare currently supported by the Devise Secure Password Extension:

  • Ruby on Rails: 5.2.Z, 5.1.Z (current and previous stable release)
  • Ruby: 2.5.1, 2.4.4 (current and previous stable release)

Installation

Add this line to your application's Gemfile:

gem 'devise', '~> 4.2'gem 'devise-secure_password', '~> 1.0.5'

And then execute:

Or install it yourself as:

prompt> gem install devise-secure_password

Finally, run the generator:

prompt> rails generate devise:secure_password:install

Configuration

The Devise Secure Password Extension exposes configuration parameters as outlined below. Commented out configurationparameters reflect the default settings.

Devise.setup do |config| # ==> Configuration for the Devise Secure Password extension # Module: password_has_required_content # # Configure password content requirements including the number of uppercase, # lowercase, number, and special characters that are required. To configure the # minimum and maximum length refer to the Devise config.password_length # standard configuration parameter. # The number of uppercase letters (latin A-Z) required in a password: # config.password_required_uppercase_count = 1 # The number of lowercase letters (latin A-Z) required in a password: # config.password_required_lowercase_count = 1 # The number of numbers (0-9) required in a password: # config.password_required_number_count = 1 # The number of special characters (!@#$%&*()_+-=[]{}|') required in a password: # config.password_required_special_character_count = 1 # ==> Configuration for the Devise Secure Password extension # Module: password_disallows_frequent_reuse # # The number of previously used passwords that can not be reused: # config.password_previously_used_count = 8 # ==> Configuration for the Devise Secure Password extension # Module: password_disallows_frequent_changes # *Requires* password_disallows_frequent_reuse # # The minimum time that must pass between password changes: # config.password_minimum_age = 1.days # ==> Configuration for the Devise Secure Password extension # Module: password_requires_regular_updates # *Requires* password_disallows_frequent_reuse # # The maximum allowed age of a password: # config.password_maximum_age = 180.daysend

NOTE: Password policy defaults have been selected as a middle-of-the-road combination publishedrecommendations by Microsoft andCarnegie Mellon University. It is up toYOU to verify the default settings and make adjustments where necessary.

Enable the Devise Secure Password Extension enforcement in your Devise model(s):

devise :password_has_required_content, :password_disallows_frequent_reuse, :password_disallows_frequent_changes, :password_requires_regular_updatesUsually, you would append these after your selection of Devise modules. So your configuration will more ly look the following:
class User < ApplicationRecord # Include default devise modules. Others available are: # :confirmable, :lockable, :timeoutable and :omniauthable devise :database_authenticatable, :registerable, :recoverable, :rememberable, :trackable, :validatable, :password_has_required_content, :password_disallows_frequent_reuse, :password_disallows_frequent_changes, :password_requires_regular_updates ... end

NOTE: Both :password_disallows_frequent_changes and :password_requires_regular_updates are dependent upon theprevious passwords memorization implemented by the :password_disallows_frequent_reuse module.

Database migration

The following database migration needs to be applied:

prompt> rails generate migration create_previous_passwords salt:string encrypted_password:string user:references

Edit the resulting file to disallow null values for the hash,add indexes for both hash and user_id fields, and to alsoadd the timestamp (created_at, updated_at) fields:

class CreatePreviousPasswords < ActiveRecord::Migration[5.1] def change create_table :previous_passwords do |t| t.string :salt, null: false t.string :encrypted_password, null: false t.references :user, foreign_key: true t.timestamps end add_index :previous_passwords, :encrypted_password add_index :previous_passwords, [:user_id, :created_at] endend

And then:

prompt> bundle exec rake db:migrate

Displaying errors

You will ly want to display errors, produced as a result of secure password enforcement violations, to your users.Errors are available via the User.errors array and via the devise_error_messages! method. An example usage followsand is taken from the default password edit.html.erb page:

Running Tests

This document assumes that you already have a functioning ruby install.

Default Rails target

The Devise Secure Password Extension provides compatibility for officially supported stable releases of Ruby onRails. To configure and test the default target (the most-recent supported Rails release):

prompt> bundleprompt> bundle exec rake

Selecting an alternate Rails target

To determine the Ruby on Rails versions supported by this release, run the following commands:

prompt> gem install flay ruby2ruby rubocop rspecprompt> rake test:spec:targets Available Rails targets: 5.1, 5.2

Reconfigure the project by specifying the correct Gemfile when running bundler, followed by running tests:

prompt> BUNDLE_GEMFILE=gemfiles/rails_5_2.gemfile bundleprompt> BUNDLE_GEMFILE=gemfiles/rails_5_2.gemfile bundle exec rake

The only time you need to define the BUNDLE_GEMFILE environment variable is when testing a non-default target.

Testing with code coverage (SimpleCov)

SimpleCov tests are enabled by defining the test:spec:coverage rake task:

prompt> bundle exec rake test:spec:coverage

A brief summary will be output at the end of the run but a more extensive eport will be saved in the coveragedirectory (under the top-level project directory).

Testing with headless Chrome

You will need to install the ChromeDriver >= v2.3.4for testing.

prompt> brew install chromedriver

NOTE: ChromeDriver< 2.33 has a bug for testing clickable targets; therefore, install >= 2.3.4.

You can always install ChromeDriver by downloading and thenunpacking into the /usr/local/bin directory.

Automated screenshots on failure

The capybara-screenshot gem supports automated screenshotcaptures on failing tests but this will only take place for tests that have JavaScript enabled. You can temporarilymodify an example by setting js: true as in the following example:

context 'when minimum age enforcement is enabled', js: true do…end

Do not submit pull requests with this setting enabled where it wasn't enabled previously.

Testing inside the spec/rails-app-X_y_z

To debug from inside of the dummy rails-app you will need to first install the rails bin stubs and then perform a dbmigration:

prompt> cd spec/rails-app-X_y_zprompt> rake app:update:binprompt> RAILS_ENV=development bundle exec rake db:migrate

Remember, the dummy app is not meant to be a full featured rails app: there is just enough functionality to test thegem feature set.

Running benchmarks

Available benchmarks can be run as follows:

prompt> bundle exec rake test:benchmark

Benchmarks are run within an RSpec context but are not run along with other tests as benchmarks merely seek to measureperformance and not enforce set performance targets.

Screenshots

Failing tests that invoke the JavaScript driver will result in both the failing html along with a screenshot of thepage output to be saved in the spec/rails-app-X_y_z/tmp/capybara snapshot directory.

NOTE: On circleci the snapshots will be captured as artifacts.

The snapshot directory will be pruned automatically between runs.

Docker

This repository includes a Dockerfile to facilitate testing in andusing Docker.

To start the container simply build and launch the image:

prompt> docker build -t secure-password-dev .prompt> docker run -it –rm secure-password-dev /bin/bash

The above docker run command will start the container, connect you to the command line within the project homedirectory where you can issue the tests as documented in the Running Tests section above. When you exitthe shell, the container will be removed.

Running tests in a Docker container

The Docker container is derived from the latest circleci/ruby image. It iscritical that you update the bundler inside of the Docker image as the circleci user (i.e. the default user) beforeinitiating any development work including tests.

prompt> gem update bundler

Updating test.sqlite3.db

To update or generate a db/test/sqlite3.db database file:

prompt> cd spec/rails-app-X_y_zprompt> bundle installprompt> rake app:update:binprompt> RAILS_ENV=test bundle exec rake db:migrate

Contributing

Bug reports and pull requests are welcome on GitHub at https://github.com/valimail/devise-secure_password. This projectis intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to theContributor Covenant code of conduct.

Basic guidelines for contributors

1 Fork it

2 Create your feature branch (git checkout -b my-new-feature)

3 Commit your changes (git commit -am 'Add some feature')

4 Push to the branch (git push origin my-new-feature)

5 Create new Pull Request

NOTE: Contributions should always be the master branch. You may be asked to rebaseyour contributions on the tip of the master branch, this is normal and is to be expected if the master branch hasmoved ahead since your pull request was opened, discussed, and accepted.

License

The Devise Secure Password Extension gem is available as open source under the terms of the MIT License.

Code of Conduct

Everyone interacting in the Devise Secure Password Extension project’s codebases and issue trackers is expected tofollow the code of conduct.

Источник: https://github.com/ValiMail/devise-secure_password

Поделиться:
Нет комментариев

    Добавить комментарий

    Ваш e-mail не будет опубликован. Все поля обязательны для заполнения.