action_auth 1.2.0 → 1.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +23 -11
- data/app/controllers/action_auth/identity/password_resets_controller.rb +11 -0
- data/app/controllers/action_auth/passwords_controller.rb +11 -0
- data/app/controllers/action_auth/registrations_controller.rb +20 -5
- data/app/views/action_auth/identity/password_resets/edit.html.erb +3 -3
- data/lib/action_auth/configuration.rb +7 -2
- data/lib/action_auth/version.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: c9adce01d4651e8af6f14f8738bb4f762512485d75640d9fd1993ef68fa6c37a
|
4
|
+
data.tar.gz: 9b0c5e31a61b57efef137cb9429de5015390da6a01ce6ce1bad200a3b881ccbb
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 132b6dad72a8a2d4531febde70f32cb3e793ab98a23d48567a9ec7c2e62655737e9c5c608f302e011c10018e787422c2d4205a1739feea3aeb7849e82ea19c82
|
7
|
+
data.tar.gz: a4fed6bd6daf8ae5c2de6cdf3e4b46090a349a4426155d368d9ec94713e0b2e00288c4c199724253a9f96ac2722c0647e3382a2c1b0b23bdb196756a4d7b00c0
|
data/README.md
CHANGED
@@ -15,12 +15,13 @@ user experience akin to that offered by the well-regarded Devise gem.
|
|
15
15
|
- [Routes](#routes)
|
16
16
|
- [Helper Methods](#helper-methods)
|
17
17
|
- [Restricting and Changing Routes](#restricting-and-changing-routes)
|
18
|
-
5. [
|
19
|
-
6. [
|
20
|
-
7.
|
18
|
+
5. [Have I Been Pwned](#have-i-been-pwned)
|
19
|
+
6. [WebAuthn](#webauthn)
|
20
|
+
7. [Within Your Application](#within-your-application)
|
21
|
+
8. Customizing
|
21
22
|
- [Sign In Page](https://github.com/kobaltz/action_auth/wiki/Overriding-Sign-In-page-view)
|
22
|
-
|
23
|
-
|
23
|
+
9. [License](#license)
|
24
|
+
10. [Credits](#credits)
|
24
25
|
|
25
26
|
## Breaking Changes
|
26
27
|
|
@@ -130,6 +131,8 @@ These are the planned features for ActionAuth. The ones that are checked off are
|
|
130
131
|
|
131
132
|
⏳ - OAuth with Google, Facebook, Github, Twitter, etc.
|
132
133
|
|
134
|
+
✅ - Have I Been Pwned Integration
|
135
|
+
|
133
136
|
✅ - Account Deletion
|
134
137
|
|
135
138
|
⏳ - Account Lockout
|
@@ -206,13 +209,15 @@ versus a user that is not logged in.
|
|
206
209
|
end
|
207
210
|
root to: 'welcome#index'
|
208
211
|
|
209
|
-
##
|
212
|
+
## Have I Been Pwned
|
210
213
|
|
211
|
-
|
212
|
-
|
213
|
-
|
214
|
-
|
215
|
-
|
214
|
+
[Have I Been Pwned](https://haveibeenpwned.com/) is a way that youre able to check if a password has been compromised in a data breach. This is a great way to ensure that your users are using secure passwords.
|
215
|
+
|
216
|
+
Add the `pwned` gem to your Gemfile. That's all you'll have to do to enable this functionality.
|
217
|
+
|
218
|
+
```ruby
|
219
|
+
bundle add pwned
|
220
|
+
```
|
216
221
|
|
217
222
|
## Magic Links
|
218
223
|
|
@@ -236,6 +241,13 @@ will want to style this to fit your application and have some kind of confirmati
|
|
236
241
|
<%= button_to "Delete Account", action_auth.users_path, method: :delete %>
|
237
242
|
</p>
|
238
243
|
```
|
244
|
+
## WebAuthn
|
245
|
+
|
246
|
+
ActionAuth's approach for WebAuthn is simplicity. It is used as a multifactor authentication step,
|
247
|
+
so users will still need to register their email address and password. Once the user is registered,
|
248
|
+
they can add a Passkey to their account. The Passkey could be an iCloud Keychain, a hardware security
|
249
|
+
key like a Yubikey, or a mobile device. If enabled and configured, the user will be prompted to use
|
250
|
+
their Passkey after they log in.
|
239
251
|
|
240
252
|
#### Configuration
|
241
253
|
|
@@ -2,6 +2,7 @@ module ActionAuth
|
|
2
2
|
module Identity
|
3
3
|
class PasswordResetsController < ApplicationController
|
4
4
|
before_action :set_user, only: %i[ edit update ]
|
5
|
+
before_action :validate_pwned_password, only: :update
|
5
6
|
|
6
7
|
def new
|
7
8
|
end
|
@@ -41,6 +42,16 @@ module ActionAuth
|
|
41
42
|
def send_password_reset_email
|
42
43
|
UserMailer.with(user: @user).password_reset.deliver_later
|
43
44
|
end
|
45
|
+
|
46
|
+
def validate_pwned_password
|
47
|
+
return unless ActionAuth.configuration.pwned_enabled?
|
48
|
+
|
49
|
+
pwned = Pwned::Password.new(params[:password])
|
50
|
+
if pwned.pwned?
|
51
|
+
@user.errors.add(:password, "has been pwned #{pwned.pwned_count} times. Please choose a different password.")
|
52
|
+
render :edit, status: :unprocessable_entity
|
53
|
+
end
|
54
|
+
end
|
44
55
|
end
|
45
56
|
end
|
46
57
|
end
|
@@ -1,6 +1,7 @@
|
|
1
1
|
module ActionAuth
|
2
2
|
class PasswordsController < ApplicationController
|
3
3
|
before_action :set_user
|
4
|
+
before_action :validate_pwned_password, only: :update
|
4
5
|
|
5
6
|
def edit
|
6
7
|
end
|
@@ -22,5 +23,15 @@ module ActionAuth
|
|
22
23
|
def user_params
|
23
24
|
params.permit(:password, :password_confirmation, :password_challenge).with_defaults(password_challenge: "")
|
24
25
|
end
|
26
|
+
|
27
|
+
def validate_pwned_password
|
28
|
+
return unless ActionAuth.configuration.pwned_enabled?
|
29
|
+
|
30
|
+
pwned = Pwned::Password.new(params[:password])
|
31
|
+
if pwned.pwned?
|
32
|
+
@user.errors.add(:password, "has been pwned #{pwned.pwned_count} times. Please choose a different password.")
|
33
|
+
render :new, status: :unprocessable_entity
|
34
|
+
end
|
35
|
+
end
|
25
36
|
end
|
26
37
|
end
|
@@ -1,5 +1,7 @@
|
|
1
1
|
module ActionAuth
|
2
2
|
class RegistrationsController < ApplicationController
|
3
|
+
before_action :validate_pwned_password, only: :create
|
4
|
+
|
3
5
|
def new
|
4
6
|
@user = User.new
|
5
7
|
end
|
@@ -23,12 +25,25 @@ module ActionAuth
|
|
23
25
|
end
|
24
26
|
|
25
27
|
private
|
26
|
-
def user_params
|
27
|
-
params.permit(:email, :password, :password_confirmation)
|
28
|
-
end
|
29
28
|
|
30
|
-
|
31
|
-
|
29
|
+
def user_params
|
30
|
+
params.permit(:email, :password, :password_confirmation)
|
31
|
+
end
|
32
|
+
|
33
|
+
def send_email_verification
|
34
|
+
UserMailer.with(user: @user).email_verification.deliver_later
|
35
|
+
end
|
36
|
+
|
37
|
+
def validate_pwned_password
|
38
|
+
return unless ActionAuth.configuration.pwned_enabled?
|
39
|
+
|
40
|
+
pwned = Pwned::Password.new(params[:password])
|
41
|
+
|
42
|
+
if pwned.pwned?
|
43
|
+
@user = User.new(email: params[:email])
|
44
|
+
@user.errors.add(:password, "has been pwned #{pwned.pwned_count} times. Please choose a different password.")
|
45
|
+
render :new, status: :unprocessable_entity
|
32
46
|
end
|
47
|
+
end
|
33
48
|
end
|
34
49
|
end
|
@@ -15,18 +15,18 @@
|
|
15
15
|
|
16
16
|
<%= form.hidden_field :sid, value: params[:sid] %>
|
17
17
|
|
18
|
-
<div>
|
18
|
+
<div class="mb-3">
|
19
19
|
<%= form.label :password, "New password", style: "display: block" %>
|
20
20
|
<%= form.password_field :password, required: true, autofocus: true, autocomplete: "new-password" %>
|
21
21
|
<div>12 characters minimum.</div>
|
22
22
|
</div>
|
23
23
|
|
24
|
-
<div>
|
24
|
+
<div class="mb-3">
|
25
25
|
<%= form.label :password_confirmation, "Confirm new password", style: "display: block" %>
|
26
26
|
<%= form.password_field :password_confirmation, required: true, autocomplete: "new-password" %>
|
27
27
|
</div>
|
28
28
|
|
29
29
|
<div>
|
30
|
-
<%= form.submit "Save changes" %>
|
30
|
+
<%= form.submit "Save changes", class: "btn btn-primary" %>
|
31
31
|
</div>
|
32
32
|
<% end %>
|
@@ -14,6 +14,7 @@ module ActionAuth
|
|
14
14
|
@allow_user_deletion = true
|
15
15
|
@default_from_email = "from@example.com"
|
16
16
|
@magic_link_enabled = true
|
17
|
+
@pwned_enabled = defined?(Pwned)
|
17
18
|
@verify_email_on_sign_in = true
|
18
19
|
@webauthn_enabled = defined?(WebAuthn)
|
19
20
|
@webauthn_origin = "http://localhost:3000"
|
@@ -21,16 +22,20 @@ module ActionAuth
|
|
21
22
|
end
|
22
23
|
|
23
24
|
def allow_user_deletion?
|
24
|
-
@allow_user_deletion
|
25
|
+
@allow_user_deletion == true
|
25
26
|
end
|
26
27
|
|
27
28
|
def magic_link_enabled?
|
28
|
-
@magic_link_enabled
|
29
|
+
@magic_link_enabled == true
|
29
30
|
end
|
30
31
|
|
31
32
|
def webauthn_enabled?
|
32
33
|
@webauthn_enabled.respond_to?(:call) ? @webauthn_enabled.call : @webauthn_enabled
|
33
34
|
end
|
34
35
|
|
36
|
+
def pwned_enabled?
|
37
|
+
@pwned_enabled.respond_to?(:call) ? @pwned_enabled.call : @pwned_enabled
|
38
|
+
end
|
39
|
+
|
35
40
|
end
|
36
41
|
end
|
data/lib/action_auth/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: action_auth
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.3.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dave Kimura
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2024-08-
|
11
|
+
date: 2024-08-13 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rails
|
@@ -125,7 +125,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
125
125
|
- !ruby/object:Gem::Version
|
126
126
|
version: '0'
|
127
127
|
requirements: []
|
128
|
-
rubygems_version: 3.5.
|
128
|
+
rubygems_version: 3.5.17
|
129
129
|
signing_key:
|
130
130
|
specification_version: 4
|
131
131
|
summary: A simple Rails engine for authorization.
|