action_auth 0.3.0 → 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +38 -19
- data/app/controllers/action_auth/registrations_controller.rb +1 -1
- data/app/controllers/action_auth/sessions_controller.rb +3 -3
- data/app/controllers/action_auth/webauthn_credential_authentications_controller.rb +3 -3
- data/app/controllers/action_auth/webauthn_credentials_controller.rb +3 -3
- data/app/models/action_auth/current.rb +1 -5
- data/app/models/action_auth/session.rb +3 -1
- data/app/models/action_auth/user.rb +8 -6
- data/app/models/action_auth/webauthn_credential.rb +2 -0
- data/app/views/action_auth/sessions/index.html.erb +1 -1
- data/db/migrate/20231107165548_create_action_auth_users.rb +2 -2
- data/db/migrate/20231107170349_create_action_auth_sessions.rb +2 -2
- data/db/migrate/20240111125859_add_webauthn_credentials.rb +2 -2
- data/db/migrate/20240111142545_add_webauthn_id_to_users.rb +1 -1
- data/lib/action_auth/version.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 24c21d0f3f0275043c101a941be6587f6ab14dcd56be5951e410a15c66d2ce59
|
|
4
|
+
data.tar.gz: 0406533a71d0411f164c20dc805e1f9e43988ffd7d979dc9ece4f8a20050bf30
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 415a5088415bdc54b813b8a199486e733442b6346ec9ba30b2995bf9428983478aa86e8406adb2cf18bf7271669dad2f0de50f9658dbe0627d4b61b6423ee66f
|
|
7
|
+
data.tar.gz: 795b6cc968062e90034ddfb08ad4f251a69b7bd5a50b580d706f98fa99c71276da291ef0bce15964153593a05aef4e5f3b171d2e5e980928754d6800b2324dea
|
data/README.md
CHANGED
|
@@ -22,6 +22,43 @@ user experience akin to that offered by the well-regarded Devise gem.
|
|
|
22
22
|
7. [License](#license)
|
|
23
23
|
8. [Credits](#credits)
|
|
24
24
|
|
|
25
|
+
## Breaking Changes
|
|
26
|
+
|
|
27
|
+
With the release of v1.0.0, there are some breaking changes that have been introduced. The
|
|
28
|
+
biggest change is that the `ActionAuth::User` model now uses the table name of `users` instead
|
|
29
|
+
of `action_auth_users`. This was done to make it easier to integrate with your application
|
|
30
|
+
without having to worry about the table name. If you have an existing application that is
|
|
31
|
+
using ActionAuth, you will need to rename the table to `users` with a migration like
|
|
32
|
+
|
|
33
|
+
```ruby
|
|
34
|
+
rename_table :action_auth_users, :users
|
|
35
|
+
```
|
|
36
|
+
|
|
37
|
+
Coming from `v0.3.0` to `v1.0.0`, you will need to create a migration to rename the table and foreign keys.
|
|
38
|
+
|
|
39
|
+
```ruby
|
|
40
|
+
class UpgradeActionAuth < ActiveRecord::Migration[7.1]
|
|
41
|
+
def change
|
|
42
|
+
rename_table :action_auth_users, :users
|
|
43
|
+
|
|
44
|
+
rename_table :action_auth_sessions, :sessions
|
|
45
|
+
rename_column :sessions, :action_auth_user_id, :user_id
|
|
46
|
+
|
|
47
|
+
rename_table :action_auth_webauthn_credentials, :webauthn_credentials
|
|
48
|
+
rename_column :webauthn_credentials, :action_auth_user_id, :user_id
|
|
49
|
+
end
|
|
50
|
+
end
|
|
51
|
+
```
|
|
52
|
+
|
|
53
|
+
You will then need to undo the migrations where the foreign keys were added in cases where `foreign_key: true` was
|
|
54
|
+
changed to `foreign_key: { to_table: 'action_auth_users' }`. You can do this for each table with a migration like:
|
|
55
|
+
|
|
56
|
+
```ruby
|
|
57
|
+
add_foreign_key :user_settings, :users, column: :user_id unless foreign_key_exists?(:user_settings, :users)
|
|
58
|
+
add_foreign_key :profiles, :users, column: :user_id unless foreign_key_exists?(:profiles, :users)
|
|
59
|
+
add_foreign_key :nfcs, :users, column: :user_id unless foreign_key_exists?(:nfcs, :users)
|
|
60
|
+
```
|
|
61
|
+
|
|
25
62
|
## Installation
|
|
26
63
|
Add this line to your application's Gemfile:
|
|
27
64
|
|
|
@@ -242,30 +279,12 @@ end
|
|
|
242
279
|
|
|
243
280
|
#### Generating an association
|
|
244
281
|
|
|
245
|
-
|
|
246
|
-
`action_auth_user:belongs_to`. However, when the foreign key is generated, it will look for the users table
|
|
247
|
-
instead of the action_auth_users table. To get around this, we'll need to modify the migration.
|
|
282
|
+
We are using `user:belongs_to` instead of `action_auth_user:belongs_to`.
|
|
248
283
|
|
|
249
284
|
```bash
|
|
250
285
|
bin/rails g scaffold posts user:belongs_to title
|
|
251
286
|
```
|
|
252
287
|
|
|
253
|
-
We can update the `foreign_key` from `true` to `{ to_table: :action_auth_users }` to get around this.
|
|
254
|
-
|
|
255
|
-
```ruby
|
|
256
|
-
# db/migrate/XXXXXXXXXXX_create_posts.rb
|
|
257
|
-
class CreatePosts < ActiveRecord::Migration[7.1]
|
|
258
|
-
def change
|
|
259
|
-
create_table :posts do |t|
|
|
260
|
-
t.belongs_to :user, null: false, foreign_key: { to_table: :action_auth_users }
|
|
261
|
-
t.string :title
|
|
262
|
-
|
|
263
|
-
t.timestamps
|
|
264
|
-
end
|
|
265
|
-
end
|
|
266
|
-
end
|
|
267
|
-
```
|
|
268
|
-
|
|
269
288
|
And the post model doesn't need anything special to ActionAuth.
|
|
270
289
|
|
|
271
290
|
```ruby
|
|
@@ -12,7 +12,7 @@ module ActionAuth
|
|
|
12
12
|
send_email_verification
|
|
13
13
|
redirect_to sign_in_path, notice: "Welcome! You have signed up successfully. Please check your email to verify your account."
|
|
14
14
|
else
|
|
15
|
-
session_record = @user.
|
|
15
|
+
session_record = @user.sessions.create!
|
|
16
16
|
cookies.signed.permanent[:session_token] = { value: session_record.id, httponly: true }
|
|
17
17
|
|
|
18
18
|
redirect_to sign_in_path, notice: "Welcome! You have signed up successfully"
|
|
@@ -5,7 +5,7 @@ module ActionAuth
|
|
|
5
5
|
|
|
6
6
|
def index
|
|
7
7
|
@action_auth_wide = true
|
|
8
|
-
@sessions = Current.user.
|
|
8
|
+
@sessions = Current.user.sessions.order(created_at: :desc)
|
|
9
9
|
end
|
|
10
10
|
|
|
11
11
|
def new
|
|
@@ -18,7 +18,7 @@ module ActionAuth
|
|
|
18
18
|
redirect_to new_webauthn_credential_authentications_path
|
|
19
19
|
else
|
|
20
20
|
return if check_if_email_is_verified(user)
|
|
21
|
-
@session = user.
|
|
21
|
+
@session = user.sessions.create
|
|
22
22
|
cookies.signed.permanent[:session_token] = { value: @session.id, httponly: true }
|
|
23
23
|
redirect_to main_app.root_path, notice: "Signed in successfully"
|
|
24
24
|
end
|
|
@@ -28,7 +28,7 @@ module ActionAuth
|
|
|
28
28
|
end
|
|
29
29
|
|
|
30
30
|
def destroy
|
|
31
|
-
session = Current.user.
|
|
31
|
+
session = Current.user.sessions.find(params[:id])
|
|
32
32
|
session.destroy
|
|
33
33
|
redirect_to main_app.root_path, notice: "That session has been logged out"
|
|
34
34
|
end
|
|
@@ -4,7 +4,7 @@ class ActionAuth::WebauthnCredentialAuthenticationsController < ApplicationContr
|
|
|
4
4
|
layout "action_auth/application"
|
|
5
5
|
|
|
6
6
|
def new
|
|
7
|
-
get_options = WebAuthn::Credential.options_for_get(allow: user.
|
|
7
|
+
get_options = WebAuthn::Credential.options_for_get(allow: user.webauthn_credentials.pluck(:external_id))
|
|
8
8
|
session[:current_challenge] = get_options.challenge
|
|
9
9
|
@options = get_options
|
|
10
10
|
end
|
|
@@ -12,7 +12,7 @@ class ActionAuth::WebauthnCredentialAuthenticationsController < ApplicationContr
|
|
|
12
12
|
def create
|
|
13
13
|
webauthn_credential = WebAuthn::Credential.from_get(params)
|
|
14
14
|
|
|
15
|
-
credential = user.
|
|
15
|
+
credential = user.webauthn_credentials.find_by(external_id: webauthn_credential.id)
|
|
16
16
|
|
|
17
17
|
begin
|
|
18
18
|
webauthn_credential.verify(
|
|
@@ -23,7 +23,7 @@ class ActionAuth::WebauthnCredentialAuthenticationsController < ApplicationContr
|
|
|
23
23
|
|
|
24
24
|
credential.update!(sign_count: webauthn_credential.sign_count)
|
|
25
25
|
session.delete(:webauthn_user_id)
|
|
26
|
-
session = user.
|
|
26
|
+
session = user.sessions.create
|
|
27
27
|
cookies.signed.permanent[:session_token] = { value: session.id, httponly: true }
|
|
28
28
|
render json: { status: "ok" }, status: :ok
|
|
29
29
|
rescue WebAuthn::Error => e
|
|
@@ -15,7 +15,7 @@ class ActionAuth::WebauthnCredentialsController < ApplicationController
|
|
|
15
15
|
id: current_user.webauthn_id,
|
|
16
16
|
name: current_user.email
|
|
17
17
|
},
|
|
18
|
-
exclude: current_user.
|
|
18
|
+
exclude: current_user.webauthn_credentials.pluck(:external_id)
|
|
19
19
|
)
|
|
20
20
|
|
|
21
21
|
session[:current_challenge] = create_options.challenge
|
|
@@ -34,7 +34,7 @@ class ActionAuth::WebauthnCredentialsController < ApplicationController
|
|
|
34
34
|
begin
|
|
35
35
|
webauthn_credential.verify(session[:current_challenge])
|
|
36
36
|
|
|
37
|
-
credential = current_user.
|
|
37
|
+
credential = current_user.webauthn_credentials.build(
|
|
38
38
|
external_id: webauthn_credential.id,
|
|
39
39
|
nickname: params[:credential_nickname],
|
|
40
40
|
public_key: webauthn_credential.public_key,
|
|
@@ -53,7 +53,7 @@ class ActionAuth::WebauthnCredentialsController < ApplicationController
|
|
|
53
53
|
end
|
|
54
54
|
|
|
55
55
|
def destroy
|
|
56
|
-
current_user.
|
|
56
|
+
current_user.webauthn_credentials.destroy(params[:id])
|
|
57
57
|
|
|
58
58
|
redirect_to sessions_path
|
|
59
59
|
end
|
|
@@ -1,6 +1,8 @@
|
|
|
1
1
|
module ActionAuth
|
|
2
2
|
class Session < ApplicationRecord
|
|
3
|
-
|
|
3
|
+
self.table_name = "sessions"
|
|
4
|
+
|
|
5
|
+
belongs_to :user, class_name: "ActionAuth::User", foreign_key: "user_id"
|
|
4
6
|
|
|
5
7
|
before_create do
|
|
6
8
|
self.user_agent = Current.user_agent
|
|
@@ -1,13 +1,15 @@
|
|
|
1
1
|
module ActionAuth
|
|
2
2
|
class User < ApplicationRecord
|
|
3
|
+
self.table_name = "users"
|
|
4
|
+
|
|
3
5
|
has_secure_password
|
|
4
6
|
|
|
5
|
-
has_many :
|
|
6
|
-
class_name: "ActionAuth::Session", foreign_key: "
|
|
7
|
+
has_many :sessions, dependent: :destroy,
|
|
8
|
+
class_name: "ActionAuth::Session", foreign_key: "user_id"
|
|
7
9
|
|
|
8
10
|
if ActionAuth.configuration.webauthn_enabled?
|
|
9
|
-
has_many :
|
|
10
|
-
class_name: "ActionAuth::WebauthnCredential", foreign_key: "
|
|
11
|
+
has_many :webauthn_credentials, dependent: :destroy,
|
|
12
|
+
class_name: "ActionAuth::WebauthnCredential", foreign_key: "user_id"
|
|
11
13
|
end
|
|
12
14
|
|
|
13
15
|
generates_token_for :email_verification, expires_in: 2.days do
|
|
@@ -28,12 +30,12 @@ module ActionAuth
|
|
|
28
30
|
end
|
|
29
31
|
|
|
30
32
|
after_update if: :password_digest_previously_changed? do
|
|
31
|
-
|
|
33
|
+
sessions.where.not(id: Current.session).delete_all
|
|
32
34
|
end
|
|
33
35
|
|
|
34
36
|
def second_factor_enabled?
|
|
35
37
|
return false unless ActionAuth.configuration.webauthn_enabled?
|
|
36
|
-
|
|
38
|
+
webauthn_credentials.any?
|
|
37
39
|
end
|
|
38
40
|
end
|
|
39
41
|
end
|
|
@@ -41,7 +41,7 @@
|
|
|
41
41
|
</tr>
|
|
42
42
|
</thead>
|
|
43
43
|
<tbody>
|
|
44
|
-
<% current_user.
|
|
44
|
+
<% current_user.webauthn_credentials.each do |credential| %>
|
|
45
45
|
<%= content_tag :tr, id: dom_id(credential) do %>
|
|
46
46
|
<td><%= credential.nickname %></td>
|
|
47
47
|
<td nowrap><%= credential.created_at.strftime('%B %d, %Y') %></td>
|
|
@@ -1,12 +1,12 @@
|
|
|
1
1
|
class CreateActionAuthUsers < ActiveRecord::Migration[7.1]
|
|
2
2
|
def change
|
|
3
|
-
create_table :
|
|
3
|
+
create_table :users do |t|
|
|
4
4
|
t.string :email
|
|
5
5
|
t.string :password_digest
|
|
6
6
|
t.boolean :verified
|
|
7
7
|
|
|
8
8
|
t.timestamps
|
|
9
9
|
end
|
|
10
|
-
add_index :
|
|
10
|
+
add_index :users, :email, unique: true
|
|
11
11
|
end
|
|
12
12
|
end
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
class CreateActionAuthSessions < ActiveRecord::Migration[7.1]
|
|
2
2
|
def change
|
|
3
|
-
create_table :
|
|
4
|
-
t.references :
|
|
3
|
+
create_table :sessions do |t|
|
|
4
|
+
t.references :user, null: false, foreign_key: true
|
|
5
5
|
t.string :user_agent
|
|
6
6
|
t.string :ip_address
|
|
7
7
|
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
class AddWebauthnCredentials < ActiveRecord::Migration[7.1]
|
|
2
2
|
def change
|
|
3
|
-
create_table :
|
|
3
|
+
create_table :webauthn_credentials do |t|
|
|
4
4
|
t.string :external_id, null: false
|
|
5
5
|
t.string :public_key, null: false
|
|
6
6
|
t.string :nickname, null: false
|
|
@@ -8,7 +8,7 @@ class AddWebauthnCredentials < ActiveRecord::Migration[7.1]
|
|
|
8
8
|
|
|
9
9
|
t.index :external_id, unique: true
|
|
10
10
|
|
|
11
|
-
t.references :
|
|
11
|
+
t.references :user, foreign_key: true
|
|
12
12
|
|
|
13
13
|
t.timestamps
|
|
14
14
|
end
|
data/lib/action_auth/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: action_auth
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 1.0.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dave Kimura
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-
|
|
11
|
+
date: 2024-08-06 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rails
|
|
@@ -120,7 +120,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
120
120
|
- !ruby/object:Gem::Version
|
|
121
121
|
version: '0'
|
|
122
122
|
requirements: []
|
|
123
|
-
rubygems_version: 3.5.
|
|
123
|
+
rubygems_version: 3.5.16
|
|
124
124
|
signing_key:
|
|
125
125
|
specification_version: 4
|
|
126
126
|
summary: A simple Rails engine for authorization.
|