action_auth 0.2.8 → 0.2.10
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +96 -4
- data/app/controllers/action_auth/sessions_controller.rb +1 -1
- data/app/models/action_auth/user.rb +1 -1
- data/app/views/action_auth/identity/password_resets/new.html.erb +5 -3
- data/app/views/action_auth/registrations/new.html.erb +4 -2
- data/app/views/action_auth/sessions/index.html.erb +3 -3
- data/app/views/action_auth/sessions/new.html.erb +4 -2
- data/app/views/layouts/action_auth/application.html.erb +3 -2
- data/config/routes.rb +1 -1
- data/lib/action_auth/version.rb +1 -1
- data/lib/action_auth.rb +6 -3
- metadata +3 -4
- data/app/views/layouts/action_auth/application-full-width.html.erb +0 -20
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 66dba288eaf6e2910d810a8109c454756234feadc58f817347e61112383c5bd8
|
|
4
|
+
data.tar.gz: c90e89c2ea39cac613776d91a3d0b827b393e7e7632c71d2380705949b591606
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: ea654d512bb836d4a4f148fc8a4ac21770b9654bd4f465fde624d654d1fe53e6c776f0046b0a24f5e407a849b1ed07adadd3be6a4d94a3f95092067a1b63dd66
|
|
7
|
+
data.tar.gz: 4f56bf4c79c9adc8229d474c2b55ad3848e72f68c765ce0806e441415d0961838101a96b5732dc55f7d0fdd5b921e62e64813ded0b58990cb8c81e8e3cb6d5b5
|
data/README.md
CHANGED
|
@@ -7,6 +7,21 @@ user experience akin to that offered by the well-regarded Devise gem.
|
|
|
7
7
|
|
|
8
8
|
[](https://github.com/kobaltz/action_auth/actions/workflows/test.yml)
|
|
9
9
|
|
|
10
|
+
## Table of Contents
|
|
11
|
+
1. [Introduction](#introduction)
|
|
12
|
+
2. [Installation](#installation)
|
|
13
|
+
3. [Features](#features)
|
|
14
|
+
4. [Usage](#usage)
|
|
15
|
+
- [Routes](#routes)
|
|
16
|
+
- [Helper Methods](#helper-methods)
|
|
17
|
+
- [Restricting and Changing Routes](#restricting-and-changing-routes)
|
|
18
|
+
5. [WebAuthn](#webauthn)
|
|
19
|
+
6. [Within Your Application](#within-your-application)
|
|
20
|
+
7. Customizing
|
|
21
|
+
- [Sign In Page](https://github.com/kobaltz/action_auth/wiki/Overriding-Sign-In-page-view)
|
|
22
|
+
7. [License](#license)
|
|
23
|
+
8. [Credits](#credits)
|
|
24
|
+
|
|
10
25
|
## Installation
|
|
11
26
|
Add this line to your application's Gemfile:
|
|
12
27
|
|
|
@@ -33,6 +48,13 @@ In your view layout
|
|
|
33
48
|
<% end %>
|
|
34
49
|
```
|
|
35
50
|
|
|
51
|
+
If you're using something like importmaps and plain css, then you may need to add the lines below to your `app/assets/config/manifest.js` file.
|
|
52
|
+
|
|
53
|
+
```javascript
|
|
54
|
+
//= link action_auth/application.css
|
|
55
|
+
//= link action_auth/application.js
|
|
56
|
+
```
|
|
57
|
+
|
|
36
58
|
See [WebAuthn](#webauthn) for additional configuration steps if you want to enable WebAuthn.
|
|
37
59
|
In your `config/initializers/action_auth.rb` file, you can add the following configuration
|
|
38
60
|
settings.
|
|
@@ -114,8 +136,10 @@ can create a constraint to restrict access to these routes.
|
|
|
114
136
|
end
|
|
115
137
|
|
|
116
138
|
def self.current_user(request)
|
|
117
|
-
|
|
118
|
-
|
|
139
|
+
session_token = request.cookie_jar.signed[:session_token]
|
|
140
|
+
session = ActionAuth::Session.find_by(id: session_token)
|
|
141
|
+
return nil unless session.present?
|
|
142
|
+
session.action_auth_user&.becomes(User)
|
|
119
143
|
end
|
|
120
144
|
end
|
|
121
145
|
|
|
@@ -150,7 +174,7 @@ they can add a Passkey to their account. The Passkey could be an iCloud Keychain
|
|
|
150
174
|
key like a Yubikey, or a mobile device. If enabled and configured, the user will be prompted to use
|
|
151
175
|
their Passkey after they log in.
|
|
152
176
|
|
|
153
|
-
|
|
177
|
+
#### Configuration
|
|
154
178
|
|
|
155
179
|
The migrations are already copied over to your application when you run
|
|
156
180
|
`bin/rails action_auth:install:migrations`. There are only two steps that you have to take to enable
|
|
@@ -185,6 +209,74 @@ Here's a view of the experience with WebAuthn
|
|
|
185
209
|
|
|
186
210
|
|
|
187
211
|
|
|
212
|
+
## Within Your Application
|
|
213
|
+
|
|
214
|
+
It can be cumbersome to have to reference ActionAuth::User within the application as well as in the
|
|
215
|
+
relationships between models. Luckily, we can use ActiveSupport::CurrentAttributes to make this
|
|
216
|
+
process easier as well as inheritance of our models.
|
|
217
|
+
|
|
218
|
+
#### Setting up the User model
|
|
219
|
+
|
|
220
|
+
```ruby
|
|
221
|
+
# app/models/user.rb
|
|
222
|
+
class User < ActionAuth::User
|
|
223
|
+
has_many :posts, dependent: :destroy
|
|
224
|
+
end
|
|
225
|
+
```
|
|
226
|
+
|
|
227
|
+
#### Setting up the Current model
|
|
228
|
+
|
|
229
|
+
We can set the user to become a User record instead of an ActionAuth::User record. This will then allow `Current.user.posts` to work.
|
|
230
|
+
|
|
231
|
+
```ruby
|
|
232
|
+
# app/models/current.rb
|
|
233
|
+
class Current < ActiveSupport::CurrentAttributes
|
|
234
|
+
def user
|
|
235
|
+
return unless ActionAuth::Current.user
|
|
236
|
+
ActionAuth::Current.user.becomes(User)
|
|
237
|
+
end
|
|
238
|
+
end
|
|
239
|
+
```
|
|
240
|
+
|
|
241
|
+
#### Generating an association
|
|
242
|
+
|
|
243
|
+
There's one little gotcha when generating the associations. We are using `user:belongs_to` instead of
|
|
244
|
+
`action_auth_user:belongs_to`. However, when the foreign key is generated, it will look for the users table
|
|
245
|
+
instead of the action_auth_users table. To get around this, we'll need to modify the migration.
|
|
246
|
+
|
|
247
|
+
```bash
|
|
248
|
+
bin/rails g scaffold posts user:belongs_to title
|
|
249
|
+
```
|
|
250
|
+
|
|
251
|
+
We can update the `foreign_key` from `true` to `{ to_table: :action_auth_users }` to get around this.
|
|
252
|
+
|
|
253
|
+
```ruby
|
|
254
|
+
# db/migrate/XXXXXXXXXXX_create_posts.rb
|
|
255
|
+
class CreatePosts < ActiveRecord::Migration[7.1]
|
|
256
|
+
def change
|
|
257
|
+
create_table :posts do |t|
|
|
258
|
+
t.belongs_to :user, null: false, foreign_key: { to_table: :action_auth_users }
|
|
259
|
+
t.string :title
|
|
260
|
+
|
|
261
|
+
t.timestamps
|
|
262
|
+
end
|
|
263
|
+
end
|
|
264
|
+
end
|
|
265
|
+
```
|
|
266
|
+
|
|
267
|
+
And the post model doesn't need anything special to ActionAuth.
|
|
268
|
+
|
|
269
|
+
```ruby
|
|
270
|
+
# app/models/post.rb
|
|
271
|
+
class Post < ApplicationRecord
|
|
272
|
+
belongs_to :user
|
|
273
|
+
end
|
|
274
|
+
```
|
|
275
|
+
|
|
276
|
+
#### Using the Current model
|
|
277
|
+
|
|
278
|
+
Now, you'll be able to do things like `Current.user` and `Current.user.posts` within your application. However, I recommend that you still use
|
|
279
|
+
the helpers around `user_signed_in?` to verify that the `ActionAuth::Current.user` is not nil (or nil if they are signed out). This will help ensure that any thread safety issues are avoided.
|
|
188
280
|
|
|
189
281
|
## License
|
|
190
282
|
The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
|
|
@@ -193,5 +285,5 @@ The gem is available as open source under the terms of the [MIT License](https:/
|
|
|
193
285
|
## Credits
|
|
194
286
|
|
|
195
287
|
❤️ Heavily inspired by [Drifting Ruby #300](https://www.driftingruby.com/episodes/authentication-from-scratch)
|
|
196
|
-
and [Authentication Zero](https://github.com/lazaronixon/authentication-zero) and
|
|
288
|
+
and [Authentication Zero](https://github.com/lazaronixon/authentication-zero) and
|
|
197
289
|
[cedarcode](https://www.cedarcode.com/).
|
|
@@ -2,9 +2,9 @@ module ActionAuth
|
|
|
2
2
|
class SessionsController < ApplicationController
|
|
3
3
|
before_action :set_current_request_details
|
|
4
4
|
before_action :authenticate_user!, only: [:index, :destroy]
|
|
5
|
-
layout "action_auth/application-full-width", only: :index
|
|
6
5
|
|
|
7
6
|
def index
|
|
7
|
+
@action_auth_wide = true
|
|
8
8
|
@sessions = Current.user.action_auth_sessions.order(created_at: :desc)
|
|
9
9
|
end
|
|
10
10
|
|
|
@@ -5,7 +5,7 @@ module ActionAuth
|
|
|
5
5
|
has_many :action_auth_sessions, dependent: :destroy,
|
|
6
6
|
class_name: "ActionAuth::Session", foreign_key: "action_auth_user_id"
|
|
7
7
|
|
|
8
|
-
if ActionAuth.configuration
|
|
8
|
+
if ActionAuth.configuration.webauthn_enabled?
|
|
9
9
|
has_many :action_auth_webauthn_credentials, dependent: :destroy,
|
|
10
10
|
class_name: "ActionAuth::WebauthnCredential", foreign_key: "action_auth_user_id"
|
|
11
11
|
end
|
|
@@ -13,7 +13,9 @@
|
|
|
13
13
|
<% end %>
|
|
14
14
|
|
|
15
15
|
<div class="mb-3">
|
|
16
|
-
<%= link_to "Sign In", sign_in_path %>
|
|
17
|
-
<%= link_to "Sign Up", sign_up_path %>
|
|
18
|
-
|
|
16
|
+
<%= link_to "Sign In", sign_in_path %>
|
|
17
|
+
| <%= link_to "Sign Up", sign_up_path %>
|
|
18
|
+
<% if ActionAuth.configuration.verify_email_on_sign_in %>
|
|
19
|
+
| <%= link_to "Verify Email", identity_email_verification_path %>
|
|
20
|
+
<% end %>
|
|
19
21
|
</div>
|
|
@@ -36,6 +36,8 @@
|
|
|
36
36
|
|
|
37
37
|
<div class="mb-3">
|
|
38
38
|
<%= link_to "Sign In", sign_in_path %> |
|
|
39
|
-
<%= link_to "Reset Password", new_identity_password_reset_path %>
|
|
40
|
-
|
|
39
|
+
<%= link_to "Reset Password", new_identity_password_reset_path %>
|
|
40
|
+
<% if ActionAuth.configuration.verify_email_on_sign_in %>
|
|
41
|
+
| <%= link_to "Verify Email", identity_email_verification_path %>
|
|
42
|
+
<% end %>
|
|
41
43
|
</div>
|
|
@@ -21,15 +21,15 @@
|
|
|
21
21
|
<%= content_tag :tr, id: dom_id(session) do %>
|
|
22
22
|
<td><%= session.user_agent %></td>
|
|
23
23
|
<td nowrap><%= session.ip_address %></td>
|
|
24
|
-
<td
|
|
25
|
-
<td
|
|
24
|
+
<td><%= session.created_at %></td>
|
|
25
|
+
<td><%= button_to "Log out", session, method: :delete, class: "btn btn-primary" %></td>
|
|
26
26
|
<% end %>
|
|
27
27
|
<% end %>
|
|
28
28
|
</tbody>
|
|
29
29
|
</table>
|
|
30
30
|
</div>
|
|
31
31
|
|
|
32
|
-
<% if ActionAuth.configuration
|
|
32
|
+
<% if ActionAuth.configuration.webauthn_enabled? %>
|
|
33
33
|
<% if current_user.second_factor_enabled? %>
|
|
34
34
|
<h3>Your Security Keys:</h3>
|
|
35
35
|
<table class="action-auth--table">
|
|
@@ -21,6 +21,8 @@
|
|
|
21
21
|
|
|
22
22
|
<div class="mb-3">
|
|
23
23
|
<%= link_to "Sign Up", sign_up_path %> |
|
|
24
|
-
<%= link_to "Reset Password", new_identity_password_reset_path %>
|
|
25
|
-
|
|
24
|
+
<%= link_to "Reset Password", new_identity_password_reset_path %>
|
|
25
|
+
<% if ActionAuth.configuration.verify_email_on_sign_in %>
|
|
26
|
+
| <%= link_to "Verify Email", identity_email_verification_path %>
|
|
27
|
+
<% end %>
|
|
26
28
|
</div>
|
|
@@ -2,18 +2,19 @@
|
|
|
2
2
|
<html>
|
|
3
3
|
<head>
|
|
4
4
|
<title>Action Auth</title>
|
|
5
|
+
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
|
5
6
|
<%= csrf_meta_tags %>
|
|
6
7
|
<%= csp_meta_tag %>
|
|
7
8
|
<%= stylesheet_link_tag "action_auth/application", media: "all" %>
|
|
8
9
|
<%= javascript_include_tag "action_auth/application", "data-turbo-track": "reload", type: "module" %>
|
|
9
|
-
<% if ActionAuth.configuration
|
|
10
|
+
<% if ActionAuth.configuration.webauthn_enabled? %>
|
|
10
11
|
<%= tag :meta, name: :webauthn_auth_url, content: action_auth.webauthn_credential_authentications_url %>
|
|
11
12
|
<%= tag :meta, name: :webauthn_cred_url, content: action_auth.webauthn_credentials_url %>
|
|
12
13
|
<%= tag :meta, name: :webauthn_redirect_url, content: action_auth.sessions_url %>
|
|
13
14
|
<% end %>
|
|
14
15
|
</head>
|
|
15
16
|
<body class="bg-light">
|
|
16
|
-
<div class="container bg-white border pb-3">
|
|
17
|
+
<div class="<%= defined?(@action_auth_wide) ? 'container-fluid' : 'container' %> bg-white border pb-3">
|
|
17
18
|
<%= yield %>
|
|
18
19
|
</div>
|
|
19
20
|
<div class="action-auth--text-center">
|
data/config/routes.rb
CHANGED
|
@@ -11,7 +11,7 @@ ActionAuth::Engine.routes.draw do
|
|
|
11
11
|
resource :password_reset, only: [:new, :edit, :create, :update]
|
|
12
12
|
end
|
|
13
13
|
|
|
14
|
-
if ActionAuth.configuration
|
|
14
|
+
if ActionAuth.configuration.webauthn_enabled?
|
|
15
15
|
resources :webauthn_credentials, only: [:new, :create, :destroy] do
|
|
16
16
|
post :options, on: :collection, as: 'options_for'
|
|
17
17
|
end
|
data/lib/action_auth/version.rb
CHANGED
data/lib/action_auth.rb
CHANGED
|
@@ -4,11 +4,14 @@ require "action_auth/configuration"
|
|
|
4
4
|
|
|
5
5
|
module ActionAuth
|
|
6
6
|
class << self
|
|
7
|
-
|
|
7
|
+
attr_writer :configuration
|
|
8
|
+
|
|
9
|
+
def configuration
|
|
10
|
+
@configuration ||= Configuration.new
|
|
11
|
+
end
|
|
8
12
|
|
|
9
13
|
def configure
|
|
10
|
-
|
|
11
|
-
yield(configuration)
|
|
14
|
+
yield(configuration) if block_given?
|
|
12
15
|
configure_webauthn
|
|
13
16
|
end
|
|
14
17
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: action_auth
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.2.
|
|
4
|
+
version: 0.2.10
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dave Kimura
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-01-
|
|
11
|
+
date: 2024-01-18 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rails
|
|
@@ -83,7 +83,6 @@ files:
|
|
|
83
83
|
- app/views/action_auth/user_mailer/password_reset.text.erb
|
|
84
84
|
- app/views/action_auth/webauthn_credential_authentications/new.html.erb
|
|
85
85
|
- app/views/action_auth/webauthn_credentials/new.html.erb
|
|
86
|
-
- app/views/layouts/action_auth/application-full-width.html.erb
|
|
87
86
|
- app/views/layouts/action_auth/application.html.erb
|
|
88
87
|
- app/views/layouts/action_auth/mailer.html.erb
|
|
89
88
|
- app/views/layouts/action_auth/mailer.text.erb
|
|
@@ -121,7 +120,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
121
120
|
- !ruby/object:Gem::Version
|
|
122
121
|
version: '0'
|
|
123
122
|
requirements: []
|
|
124
|
-
rubygems_version: 3.5.
|
|
123
|
+
rubygems_version: 3.5.4
|
|
125
124
|
signing_key:
|
|
126
125
|
specification_version: 4
|
|
127
126
|
summary: A simple Rails engine for authorization.
|
|
@@ -1,20 +0,0 @@
|
|
|
1
|
-
<!DOCTYPE html>
|
|
2
|
-
<html>
|
|
3
|
-
<head>
|
|
4
|
-
<title>Action Auth</title>
|
|
5
|
-
<%= csrf_meta_tags %>
|
|
6
|
-
<%= csp_meta_tag %>
|
|
7
|
-
<%= stylesheet_link_tag "action_auth/application", media: "all" %>
|
|
8
|
-
<%= javascript_include_tag "action_auth/application", "data-turbo-track": "reload", type: "module" %>
|
|
9
|
-
<% if ActionAuth.configuration&.webauthn_enabled? %>
|
|
10
|
-
<%= tag :meta, name: :webauthn_auth_url, content: action_auth.webauthn_credential_authentications_url %>
|
|
11
|
-
<%= tag :meta, name: :webauthn_cred_url, content: action_auth.webauthn_credentials_url %>
|
|
12
|
-
<%= tag :meta, name: :webauthn_redirect_url, content: action_auth.sessions_url %>
|
|
13
|
-
<% end %>
|
|
14
|
-
</head>
|
|
15
|
-
<body class="bg-light">
|
|
16
|
-
<div class="container-fluid bg-white border pb-3">
|
|
17
|
-
<%= yield %>
|
|
18
|
-
</div>
|
|
19
|
-
</body>
|
|
20
|
-
</html>
|