devel/rubygem-devise: switch to Rails 4 and fix fallout
Remove support of Rails 3 since we are obsoleting this version from the
ports-tree. This fixes the fallout-message to ruby@.
Also DEPRECATE rubygem-devise-rails4 in favor of rubygem-devise
and adjust dependencies of security/rubygem-devise-two-factor and
Approved by: pi (mentor)
security/rubygem-devise-two-factor: Update from 2.1.0 to 3.0.0
- Adds support for Devise 4.
- Relax dependencies to allow attr_encrypted 3.x.
- Blocks the use of attr_encrypted 2.x. There was a significant
vulnerability in the encryption implementation in attr_encrypted 2.x,
and that version of the gem should not be used.
- Use 192 bits, not 1024, as a secret key length. RFC 4226 recommends a
minimum length of 128 bits and a recommended length of 160 bits.
Google Authenticator doesn't accept 160 bit keys.
Approved by: swills (mentor)