Fix for Devise 4.9.1 (devise-security#414)

Devise removed the `activerecord51?` method, so we no longer use it. Also start testing against modern Ruby and Rails versions. Co-authored-by: Kevin Olbrich <[email protected]>
olivier-thatch · Apr 14, 2023 · a3ddb92 · a3ddb92
1 parent 4585316
commit a3ddb92
Show file tree

Hide file tree

Showing 6 changed files with 50 additions and 8 deletions.
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -38,11 +38,11 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v1
+      uses: github/codeql-action/init@v2
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -53,7 +53,7 @@ jobs:
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v1
+      uses: github/codeql-action/autobuild@v2
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 https://git.io/JvXDl
@@ -67,4 +67,4 @@ jobs:
     #   make release
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v1
+      uses: github/codeql-action/analyze@v2
diff --git a/.github/workflows/test_suite.yml b/.github/workflows/test_suite.yml
@@ -12,8 +12,8 @@ jobs:
       fail-fast: false
       matrix:
         orm: [active_record, mongoid]
-        rails: ["5.2", "6.0", "6.1"]
-        ruby: ["2.7", "3.0", head]
+        rails: ["5.2", "6.0", "6.1", "7.0"]
+        ruby: ["2.7", "3.0", "3.1", "3.2", head]
         exclude:
           - orm: mongoid
             rails: 6.0
@@ -23,6 +23,10 @@ jobs:
             ruby: head
           - rails: 5.2
             ruby: 3.0
+          - rails: 5.2
+            ruby: 3.1
+          - rails: 5.2
+            ruby: 3.2
           - rails: 5.2
             ruby: head
     steps:

diff --git a/Appraisals b/Appraisals
@@ -24,3 +24,14 @@ appraise 'rails-6.1' do
   # Taken from https://github.com/rails/rails/pull/42366
   gem 'net-smtp', require: false
 end
+
+appraise 'rails-7.0' do
+  gem 'railties', '~> 7.0.0'
+  gem 'minitest-rails', '~> 7.0.0'
+  gem 'sprockets-rails', require: 'sprockets/rails'
+
+  # net-smtp, net-imap and net-pop were removed from default gems in Ruby 3.1, but is used by the `mail` gem.
+  # So we need to add them as dependencies until `mail` is fixed: https://github.com/mikel/mail/pull/1439
+  # Taken from https://github.com/rails/rails/pull/42366
+  gem 'net-smtp', require: false
+end
diff --git a/README.md b/README.md
@@ -1,6 +1,6 @@
 # Devise Security
 
-[![Build Status](https://travis-ci.org/devise-security/devise-security.svg?branch=master)](https://travis-ci.org/devise-security/devise-security)
+[![Build Status](https://github.com/devise-security/devise-security/actions/workflows/test_suite.yml/badge.svg?branch=master)](https://github.com/devise-security/devise-security/actions/workflows/test_suite.yml)
 [![Coverage Status](https://coveralls.io/repos/github/devise-security/devise-security/badge.svg?branch=master)](https://coveralls.io/github/devise-security/devise-security?branch=master)
 [![Maintainability](https://api.codeclimate.com/v1/badges/ace7cd003a0db8bffa5a/maintainability)](https://codeclimate.com/github/devise-security/devise-security/maintainability)
 

diff --git a/gemfiles/rails_7.0.gemfile b/gemfiles/rails_7.0.gemfile
@@ -0,0 +1,26 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org"
+
+gem "minitest-rails", "~> 7.0.0"
+gem "railties", "~> 7.0.0"
+gem "sprockets-rails", require: "sprockets/railtie"
+gem "net-smtp", require: false
+
+group :active_record do
+  gem "sqlite3"
+end
+
+group :mongoid do
+  gem "mongoid", "~> 7.3"
+
+  group :test do
+    gem "database_cleaner-mongoid", "~> 2.0"
+  end
+end
+
+group :test do
+  gem "rails-controller-testing"
+end
+
+gemspec path: "../"
diff --git a/lib/devise-security/models/compatibility/active_record_patch.rb b/lib/devise-security/models/compatibility/active_record_patch.rb
@@ -7,7 +7,8 @@ class NotPersistedError < ActiveRecord::ActiveRecordError; end
 
       module ActiveRecordPatch
         extend ActiveSupport::Concern
-        unless Devise.activerecord51?
+
+        unless defined?(ActiveRecord) && ActiveRecord.gem_version >= Gem::Version.new("5.1.x")
           # When the record was saved, was the +encrypted_password+ changed?
           # @return [Boolean]
           def saved_change_to_encrypted_password?