action_auth 0.2.8 → 0.2.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +96 -4
- data/app/controllers/action_auth/sessions_controller.rb +1 -1
- data/app/models/action_auth/user.rb +1 -1
- data/app/views/action_auth/identity/password_resets/new.html.erb +5 -3
- data/app/views/action_auth/registrations/new.html.erb +4 -2
- data/app/views/action_auth/sessions/index.html.erb +3 -3
- data/app/views/action_auth/sessions/new.html.erb +4 -2
- data/app/views/layouts/action_auth/application.html.erb +3 -2
- data/config/routes.rb +1 -1
- data/lib/action_auth/version.rb +1 -1
- data/lib/action_auth.rb +6 -3
- metadata +3 -4
- data/app/views/layouts/action_auth/application-full-width.html.erb +0 -20
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 66dba288eaf6e2910d810a8109c454756234feadc58f817347e61112383c5bd8
|
|
4
|
+
data.tar.gz: c90e89c2ea39cac613776d91a3d0b827b393e7e7632c71d2380705949b591606
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: ea654d512bb836d4a4f148fc8a4ac21770b9654bd4f465fde624d654d1fe53e6c776f0046b0a24f5e407a849b1ed07adadd3be6a4d94a3f95092067a1b63dd66
|
|
7
|
+
data.tar.gz: 4f56bf4c79c9adc8229d474c2b55ad3848e72f68c765ce0806e441415d0961838101a96b5732dc55f7d0fdd5b921e62e64813ded0b58990cb8c81e8e3cb6d5b5
|
data/README.md
CHANGED
|
@@ -7,6 +7,21 @@ user experience akin to that offered by the well-regarded Devise gem.
|
|
|
7
7
|
|
|
8
8
|
[](https://github.com/kobaltz/action_auth/actions/workflows/test.yml)
|
|
9
9
|
|
|
10
|
+
## Table of Contents
|
|
11
|
+
1. [Introduction](#introduction)
|
|
12
|
+
2. [Installation](#installation)
|
|
13
|
+
3. [Features](#features)
|
|
14
|
+
4. [Usage](#usage)
|
|
15
|
+
- [Routes](#routes)
|
|
16
|
+
- [Helper Methods](#helper-methods)
|
|
17
|
+
- [Restricting and Changing Routes](#restricting-and-changing-routes)
|
|
18
|
+
5. [WebAuthn](#webauthn)
|
|
19
|
+
6. [Within Your Application](#within-your-application)
|
|
20
|
+
7. Customizing
|
|
21
|
+
- [Sign In Page](https://github.com/kobaltz/action_auth/wiki/Overriding-Sign-In-page-view)
|
|
22
|
+
7. [License](#license)
|
|
23
|
+
8. [Credits](#credits)
|
|
24
|
+
|
|
10
25
|
## Installation
|
|
11
26
|
Add this line to your application's Gemfile:
|
|
12
27
|
|
|
@@ -33,6 +48,13 @@ In your view layout
|
|
|
33
48
|
<% end %>
|
|
34
49
|
```
|
|
35
50
|
|
|
51
|
+
If you're using something like importmaps and plain css, then you may need to add the lines below to your `app/assets/config/manifest.js` file.
|
|
52
|
+
|
|
53
|
+
```javascript
|
|
54
|
+
//= link action_auth/application.css
|
|
55
|
+
//= link action_auth/application.js
|
|
56
|
+
```
|
|
57
|
+
|
|
36
58
|
See [WebAuthn](#webauthn) for additional configuration steps if you want to enable WebAuthn.
|
|
37
59
|
In your `config/initializers/action_auth.rb` file, you can add the following configuration
|
|
38
60
|
settings.
|
|
@@ -114,8 +136,10 @@ can create a constraint to restrict access to these routes.
|
|
|
114
136
|
end
|
|
115
137
|
|
|
116
138
|
def self.current_user(request)
|
|
117
|
-
|
|
118
|
-
|
|
139
|
+
session_token = request.cookie_jar.signed[:session_token]
|
|
140
|
+
session = ActionAuth::Session.find_by(id: session_token)
|
|
141
|
+
return nil unless session.present?
|
|
142
|
+
session.action_auth_user&.becomes(User)
|
|
119
143
|
end
|
|
120
144
|
end
|
|
121
145
|
|
|
@@ -150,7 +174,7 @@ they can add a Passkey to their account. The Passkey could be an iCloud Keychain
|
|
|
150
174
|
key like a Yubikey, or a mobile device. If enabled and configured, the user will be prompted to use
|
|
151
175
|
their Passkey after they log in.
|
|
152
176
|
|
|
153
|
-
|
|
177
|
+
#### Configuration
|
|
154
178
|
|
|
155
179
|
The migrations are already copied over to your application when you run
|
|
156
180
|
`bin/rails action_auth:install:migrations`. There are only two steps that you have to take to enable
|
|
@@ -185,6 +209,74 @@ Here's a view of the experience with WebAuthn
|
|
|
185
209
|
|
|
186
210
|
|
|
187
211
|
|
|
212
|
+
## Within Your Application
|
|
213
|
+
|
|
214
|
+
It can be cumbersome to have to reference ActionAuth::User within the application as well as in the
|
|
215
|
+
relationships between models. Luckily, we can use ActiveSupport::CurrentAttributes to make this
|
|
216
|
+
process easier as well as inheritance of our models.
|
|
217
|
+
|
|
218
|
+
#### Setting up the User model
|
|
219
|
+
|
|
220
|
+
```ruby
|
|
221
|
+
# app/models/user.rb
|
|
222
|
+
class User < ActionAuth::User
|
|
223
|
+
has_many :posts, dependent: :destroy
|
|
224
|
+
end
|
|
225
|
+
```
|
|
226
|
+
|
|
227
|
+
#### Setting up the Current model
|
|
228
|
+
|
|
229
|
+
We can set the user to become a User record instead of an ActionAuth::User record. This will then allow `Current.user.posts` to work.
|
|
230
|
+
|
|
231
|
+
```ruby
|
|
232
|
+
# app/models/current.rb
|
|
233
|
+
class Current < ActiveSupport::CurrentAttributes
|
|
234
|
+
def user
|
|
235
|
+
return unless ActionAuth::Current.user
|
|
236
|
+
ActionAuth::Current.user.becomes(User)
|
|
237
|
+
end
|
|
238
|
+
end
|
|
239
|
+
```
|
|
240
|
+
|
|
241
|
+
#### Generating an association
|
|
242
|
+
|
|
243
|
+
There's one little gotcha when generating the associations. We are using `user:belongs_to` instead of
|
|
244
|
+
`action_auth_user:belongs_to`. However, when the foreign key is generated, it will look for the users table
|
|
245
|
+
instead of the action_auth_users table. To get around this, we'll need to modify the migration.
|
|
246
|
+
|
|
247
|
+
```bash
|
|
248
|
+
bin/rails g scaffold posts user:belongs_to title
|
|
249
|
+
```
|
|
250
|
+
|
|
251
|
+
We can update the `foreign_key` from `true` to `{ to_table: :action_auth_users }` to get around this.
|
|
252
|
+
|
|
253
|
+
```ruby
|
|
254
|
+
# db/migrate/XXXXXXXXXXX_create_posts.rb
|
|
255
|
+
class CreatePosts < ActiveRecord::Migration[7.1]
|
|
256
|
+
def change
|
|
257
|
+
create_table :posts do |t|
|
|
258
|
+
t.belongs_to :user, null: false, foreign_key: { to_table: :action_auth_users }
|
|
259
|
+
t.string :title
|
|
260
|
+
|
|
261
|
+
t.timestamps
|
|
262
|
+
end
|
|
263
|
+
end
|
|
264
|
+
end
|
|
265
|
+
```
|
|
266
|
+
|
|
267
|
+
And the post model doesn't need anything special to ActionAuth.
|
|
268
|
+
|
|
269
|
+
```ruby
|
|
270
|
+
# app/models/post.rb
|
|
271
|
+
class Post < ApplicationRecord
|
|
272
|
+
belongs_to :user
|
|
273
|
+
end
|
|
274
|
+
```
|
|
275
|
+
|
|
276
|
+
#### Using the Current model
|
|
277
|
+
|
|
278
|
+
Now, you'll be able to do things like `Current.user` and `Current.user.posts` within your application. However, I recommend that you still use
|
|
279
|
+
the helpers around `user_signed_in?` to verify that the `ActionAuth::Current.user` is not nil (or nil if they are signed out). This will help ensure that any thread safety issues are avoided.
|
|
188
280
|
|
|
189
281
|
## License
|
|
190
282
|
The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
|
|
@@ -193,5 +285,5 @@ The gem is available as open source under the terms of the [MIT License](https:/
|
|
|
193
285
|
## Credits
|
|
194
286
|
|
|
195
287
|
❤️ Heavily inspired by [Drifting Ruby #300](https://www.driftingruby.com/episodes/authentication-from-scratch)
|
|
196
|
-
and [Authentication Zero](https://github.com/lazaronixon/authentication-zero) and
|
|
288
|
+
and [Authentication Zero](https://github.com/lazaronixon/authentication-zero) and
|
|
197
289
|
[cedarcode](https://www.cedarcode.com/).
|
|
@@ -2,9 +2,9 @@ module ActionAuth
|
|
|
2
2
|
class SessionsController < ApplicationController
|
|
3
3
|
before_action :set_current_request_details
|
|
4
4
|
before_action :authenticate_user!, only: [:index, :destroy]
|
|
5
|
-
layout "action_auth/application-full-width", only: :index
|
|
6
5
|
|
|
7
6
|
def index
|
|
7
|
+
@action_auth_wide = true
|
|
8
8
|
@sessions = Current.user.action_auth_sessions.order(created_at: :desc)
|
|
9
9
|
end
|
|
10
10
|
|
|
@@ -5,7 +5,7 @@ module ActionAuth
|
|
|
5
5
|
has_many :action_auth_sessions, dependent: :destroy,
|
|
6
6
|
class_name: "ActionAuth::Session", foreign_key: "action_auth_user_id"
|
|
7
7
|
|
|
8
|
-
if ActionAuth.configuration
|
|
8
|
+
if ActionAuth.configuration.webauthn_enabled?
|
|
9
9
|
has_many :action_auth_webauthn_credentials, dependent: :destroy,
|
|
10
10
|
class_name: "ActionAuth::WebauthnCredential", foreign_key: "action_auth_user_id"
|
|
11
11
|
end
|
|
@@ -13,7 +13,9 @@
|
|
|
13
13
|
<% end %>
|
|
14
14
|
|
|
15
15
|
<div class="mb-3">
|
|
16
|
-
<%= link_to "Sign In", sign_in_path %>
|
|
17
|
-
<%= link_to "Sign Up", sign_up_path %>
|
|
18
|
-
|
|
16
|
+
<%= link_to "Sign In", sign_in_path %>
|
|
17
|
+
| <%= link_to "Sign Up", sign_up_path %>
|
|
18
|
+
<% if ActionAuth.configuration.verify_email_on_sign_in %>
|
|
19
|
+
| <%= link_to "Verify Email", identity_email_verification_path %>
|
|
20
|
+
<% end %>
|
|
19
21
|
</div>
|
|
@@ -36,6 +36,8 @@
|
|
|
36
36
|
|
|
37
37
|
<div class="mb-3">
|
|
38
38
|
<%= link_to "Sign In", sign_in_path %> |
|
|
39
|
-
<%= link_to "Reset Password", new_identity_password_reset_path %>
|
|
40
|
-
|
|
39
|
+
<%= link_to "Reset Password", new_identity_password_reset_path %>
|
|
40
|
+
<% if ActionAuth.configuration.verify_email_on_sign_in %>
|
|
41
|
+
| <%= link_to "Verify Email", identity_email_verification_path %>
|
|
42
|
+
<% end %>
|
|
41
43
|
</div>
|
|
@@ -21,15 +21,15 @@
|
|
|
21
21
|
<%= content_tag :tr, id: dom_id(session) do %>
|
|
22
22
|
<td><%= session.user_agent %></td>
|
|
23
23
|
<td nowrap><%= session.ip_address %></td>
|
|
24
|
-
<td
|
|
25
|
-
<td
|
|
24
|
+
<td><%= session.created_at %></td>
|
|
25
|
+
<td><%= button_to "Log out", session, method: :delete, class: "btn btn-primary" %></td>
|
|
26
26
|
<% end %>
|
|
27
27
|
<% end %>
|
|
28
28
|
</tbody>
|
|
29
29
|
</table>
|
|
30
30
|
</div>
|
|
31
31
|
|
|
32
|
-
<% if ActionAuth.configuration
|
|
32
|
+
<% if ActionAuth.configuration.webauthn_enabled? %>
|
|
33
33
|
<% if current_user.second_factor_enabled? %>
|
|
34
34
|
<h3>Your Security Keys:</h3>
|
|
35
35
|
<table class="action-auth--table">
|
|
@@ -21,6 +21,8 @@
|
|
|
21
21
|
|
|
22
22
|
<div class="mb-3">
|
|
23
23
|
<%= link_to "Sign Up", sign_up_path %> |
|
|
24
|
-
<%= link_to "Reset Password", new_identity_password_reset_path %>
|
|
25
|
-
|
|
24
|
+
<%= link_to "Reset Password", new_identity_password_reset_path %>
|
|
25
|
+
<% if ActionAuth.configuration.verify_email_on_sign_in %>
|
|
26
|
+
| <%= link_to "Verify Email", identity_email_verification_path %>
|
|
27
|
+
<% end %>
|
|
26
28
|
</div>
|
|
@@ -2,18 +2,19 @@
|
|
|
2
2
|
<html>
|
|
3
3
|
<head>
|
|
4
4
|
<title>Action Auth</title>
|
|
5
|
+
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
|
5
6
|
<%= csrf_meta_tags %>
|
|
6
7
|
<%= csp_meta_tag %>
|
|
7
8
|
<%= stylesheet_link_tag "action_auth/application", media: "all" %>
|
|
8
9
|
<%= javascript_include_tag "action_auth/application", "data-turbo-track": "reload", type: "module" %>
|
|
9
|
-
<% if ActionAuth.configuration
|
|
10
|
+
<% if ActionAuth.configuration.webauthn_enabled? %>
|
|
10
11
|
<%= tag :meta, name: :webauthn_auth_url, content: action_auth.webauthn_credential_authentications_url %>
|
|
11
12
|
<%= tag :meta, name: :webauthn_cred_url, content: action_auth.webauthn_credentials_url %>
|
|
12
13
|
<%= tag :meta, name: :webauthn_redirect_url, content: action_auth.sessions_url %>
|
|
13
14
|
<% end %>
|
|
14
15
|
</head>
|
|
15
16
|
<body class="bg-light">
|
|
16
|
-
<div class="container bg-white border pb-3">
|
|
17
|
+
<div class="<%= defined?(@action_auth_wide) ? 'container-fluid' : 'container' %> bg-white border pb-3">
|
|
17
18
|
<%= yield %>
|
|
18
19
|
</div>
|
|
19
20
|
<div class="action-auth--text-center">
|
data/config/routes.rb
CHANGED
|
@@ -11,7 +11,7 @@ ActionAuth::Engine.routes.draw do
|
|
|
11
11
|
resource :password_reset, only: [:new, :edit, :create, :update]
|
|
12
12
|
end
|
|
13
13
|
|
|
14
|
-
if ActionAuth.configuration
|
|
14
|
+
if ActionAuth.configuration.webauthn_enabled?
|
|
15
15
|
resources :webauthn_credentials, only: [:new, :create, :destroy] do
|
|
16
16
|
post :options, on: :collection, as: 'options_for'
|
|
17
17
|
end
|
data/lib/action_auth/version.rb
CHANGED
data/lib/action_auth.rb
CHANGED
|
@@ -4,11 +4,14 @@ require "action_auth/configuration"
|
|
|
4
4
|
|
|
5
5
|
module ActionAuth
|
|
6
6
|
class << self
|
|
7
|
-
|
|
7
|
+
attr_writer :configuration
|
|
8
|
+
|
|
9
|
+
def configuration
|
|
10
|
+
@configuration ||= Configuration.new
|
|
11
|
+
end
|
|
8
12
|
|
|
9
13
|
def configure
|
|
10
|
-
|
|
11
|
-
yield(configuration)
|
|
14
|
+
yield(configuration) if block_given?
|
|
12
15
|
configure_webauthn
|
|
13
16
|
end
|
|
14
17
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: action_auth
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.2.
|
|
4
|
+
version: 0.2.10
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dave Kimura
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-01-
|
|
11
|
+
date: 2024-01-18 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rails
|
|
@@ -83,7 +83,6 @@ files:
|
|
|
83
83
|
- app/views/action_auth/user_mailer/password_reset.text.erb
|
|
84
84
|
- app/views/action_auth/webauthn_credential_authentications/new.html.erb
|
|
85
85
|
- app/views/action_auth/webauthn_credentials/new.html.erb
|
|
86
|
-
- app/views/layouts/action_auth/application-full-width.html.erb
|
|
87
86
|
- app/views/layouts/action_auth/application.html.erb
|
|
88
87
|
- app/views/layouts/action_auth/mailer.html.erb
|
|
89
88
|
- app/views/layouts/action_auth/mailer.text.erb
|
|
@@ -121,7 +120,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
121
120
|
- !ruby/object:Gem::Version
|
|
122
121
|
version: '0'
|
|
123
122
|
requirements: []
|
|
124
|
-
rubygems_version: 3.5.
|
|
123
|
+
rubygems_version: 3.5.4
|
|
125
124
|
signing_key:
|
|
126
125
|
specification_version: 4
|
|
127
126
|
summary: A simple Rails engine for authorization.
|
|
@@ -1,20 +0,0 @@
|
|
|
1
|
-
<!DOCTYPE html>
|
|
2
|
-
<html>
|
|
3
|
-
<head>
|
|
4
|
-
<title>Action Auth</title>
|
|
5
|
-
<%= csrf_meta_tags %>
|
|
6
|
-
<%= csp_meta_tag %>
|
|
7
|
-
<%= stylesheet_link_tag "action_auth/application", media: "all" %>
|
|
8
|
-
<%= javascript_include_tag "action_auth/application", "data-turbo-track": "reload", type: "module" %>
|
|
9
|
-
<% if ActionAuth.configuration&.webauthn_enabled? %>
|
|
10
|
-
<%= tag :meta, name: :webauthn_auth_url, content: action_auth.webauthn_credential_authentications_url %>
|
|
11
|
-
<%= tag :meta, name: :webauthn_cred_url, content: action_auth.webauthn_credentials_url %>
|
|
12
|
-
<%= tag :meta, name: :webauthn_redirect_url, content: action_auth.sessions_url %>
|
|
13
|
-
<% end %>
|
|
14
|
-
</head>
|
|
15
|
-
<body class="bg-light">
|
|
16
|
-
<div class="container-fluid bg-white border pb-3">
|
|
17
|
-
<%= yield %>
|
|
18
|
-
</div>
|
|
19
|
-
</body>
|
|
20
|
-
</html>
|