action_auth 1.2.0 → 1.4.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +23 -11
- data/app/controllers/action_auth/identity/password_resets_controller.rb +11 -0
- data/app/controllers/action_auth/passwords_controller.rb +11 -0
- data/app/controllers/action_auth/registrations_controller.rb +20 -5
- data/app/views/action_auth/identity/password_resets/edit.html.erb +3 -3
- data/lib/action_auth/configuration.rb +7 -2
- data/lib/action_auth/version.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 1370e1eb71e677f2fc9be43d6cf7cb96940f3b59916615c06bc0af02c6231fff
|
|
4
|
+
data.tar.gz: 10332892a9e4379fa282688161fcc9127a4ffb97da386b5858d612f460d50073
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: f59840cc7ab77c07e19e6a181bdc8705d1fdbd9cc643a78fe270175bee205ce1f35c404577c49a2ffe2e638780caa00ed3c18c6d1016763d772039521d37213f
|
|
7
|
+
data.tar.gz: b5f26e0a11f7e241d3697d6933ef8ff6047b433c407f1878705fef608ca85415645ba0ea932dba0eaad8860e7ef041766511750eeebca7e1366fb672981bab38
|
data/README.md
CHANGED
|
@@ -15,12 +15,13 @@ user experience akin to that offered by the well-regarded Devise gem.
|
|
|
15
15
|
- [Routes](#routes)
|
|
16
16
|
- [Helper Methods](#helper-methods)
|
|
17
17
|
- [Restricting and Changing Routes](#restricting-and-changing-routes)
|
|
18
|
-
5. [
|
|
19
|
-
6. [
|
|
20
|
-
7.
|
|
18
|
+
5. [Have I Been Pwned](#have-i-been-pwned)
|
|
19
|
+
6. [WebAuthn](#webauthn)
|
|
20
|
+
7. [Within Your Application](#within-your-application)
|
|
21
|
+
8. Customizing
|
|
21
22
|
- [Sign In Page](https://github.com/kobaltz/action_auth/wiki/Overriding-Sign-In-page-view)
|
|
22
|
-
|
|
23
|
-
|
|
23
|
+
9. [License](#license)
|
|
24
|
+
10. [Credits](#credits)
|
|
24
25
|
|
|
25
26
|
## Breaking Changes
|
|
26
27
|
|
|
@@ -130,6 +131,8 @@ These are the planned features for ActionAuth. The ones that are checked off are
|
|
|
130
131
|
|
|
131
132
|
⏳ - OAuth with Google, Facebook, Github, Twitter, etc.
|
|
132
133
|
|
|
134
|
+
✅ - Have I Been Pwned Integration
|
|
135
|
+
|
|
133
136
|
✅ - Account Deletion
|
|
134
137
|
|
|
135
138
|
⏳ - Account Lockout
|
|
@@ -206,13 +209,15 @@ versus a user that is not logged in.
|
|
|
206
209
|
end
|
|
207
210
|
root to: 'welcome#index'
|
|
208
211
|
|
|
209
|
-
##
|
|
212
|
+
## Have I Been Pwned
|
|
210
213
|
|
|
211
|
-
|
|
212
|
-
|
|
213
|
-
|
|
214
|
-
|
|
215
|
-
|
|
214
|
+
[Have I Been Pwned](https://haveibeenpwned.com/) is a way that youre able to check if a password has been compromised in a data breach. This is a great way to ensure that your users are using secure passwords.
|
|
215
|
+
|
|
216
|
+
Add the `pwned` gem to your Gemfile. That's all you'll have to do to enable this functionality.
|
|
217
|
+
|
|
218
|
+
```ruby
|
|
219
|
+
bundle add pwned
|
|
220
|
+
```
|
|
216
221
|
|
|
217
222
|
## Magic Links
|
|
218
223
|
|
|
@@ -236,6 +241,13 @@ will want to style this to fit your application and have some kind of confirmati
|
|
|
236
241
|
<%= button_to "Delete Account", action_auth.users_path, method: :delete %>
|
|
237
242
|
</p>
|
|
238
243
|
```
|
|
244
|
+
## WebAuthn
|
|
245
|
+
|
|
246
|
+
ActionAuth's approach for WebAuthn is simplicity. It is used as a multifactor authentication step,
|
|
247
|
+
so users will still need to register their email address and password. Once the user is registered,
|
|
248
|
+
they can add a Passkey to their account. The Passkey could be an iCloud Keychain, a hardware security
|
|
249
|
+
key like a Yubikey, or a mobile device. If enabled and configured, the user will be prompted to use
|
|
250
|
+
their Passkey after they log in.
|
|
239
251
|
|
|
240
252
|
#### Configuration
|
|
241
253
|
|
|
@@ -2,6 +2,7 @@ module ActionAuth
|
|
|
2
2
|
module Identity
|
|
3
3
|
class PasswordResetsController < ApplicationController
|
|
4
4
|
before_action :set_user, only: %i[ edit update ]
|
|
5
|
+
before_action :validate_pwned_password, only: :update
|
|
5
6
|
|
|
6
7
|
def new
|
|
7
8
|
end
|
|
@@ -41,6 +42,16 @@ module ActionAuth
|
|
|
41
42
|
def send_password_reset_email
|
|
42
43
|
UserMailer.with(user: @user).password_reset.deliver_later
|
|
43
44
|
end
|
|
45
|
+
|
|
46
|
+
def validate_pwned_password
|
|
47
|
+
return unless ActionAuth.configuration.pwned_enabled?
|
|
48
|
+
|
|
49
|
+
pwned = Pwned::Password.new(params[:password])
|
|
50
|
+
if pwned.pwned?
|
|
51
|
+
@user.errors.add(:password, "has been pwned #{pwned.pwned_count} times. Please choose a different password.")
|
|
52
|
+
render :edit, status: :unprocessable_entity
|
|
53
|
+
end
|
|
54
|
+
end
|
|
44
55
|
end
|
|
45
56
|
end
|
|
46
57
|
end
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
module ActionAuth
|
|
2
2
|
class PasswordsController < ApplicationController
|
|
3
3
|
before_action :set_user
|
|
4
|
+
before_action :validate_pwned_password, only: :update
|
|
4
5
|
|
|
5
6
|
def edit
|
|
6
7
|
end
|
|
@@ -22,5 +23,15 @@ module ActionAuth
|
|
|
22
23
|
def user_params
|
|
23
24
|
params.permit(:password, :password_confirmation, :password_challenge).with_defaults(password_challenge: "")
|
|
24
25
|
end
|
|
26
|
+
|
|
27
|
+
def validate_pwned_password
|
|
28
|
+
return unless ActionAuth.configuration.pwned_enabled?
|
|
29
|
+
|
|
30
|
+
pwned = Pwned::Password.new(params[:password])
|
|
31
|
+
if pwned.pwned?
|
|
32
|
+
@user.errors.add(:password, "has been pwned #{pwned.pwned_count} times. Please choose a different password.")
|
|
33
|
+
render :new, status: :unprocessable_entity
|
|
34
|
+
end
|
|
35
|
+
end
|
|
25
36
|
end
|
|
26
37
|
end
|
|
@@ -1,5 +1,7 @@
|
|
|
1
1
|
module ActionAuth
|
|
2
2
|
class RegistrationsController < ApplicationController
|
|
3
|
+
before_action :validate_pwned_password, only: :create
|
|
4
|
+
|
|
3
5
|
def new
|
|
4
6
|
@user = User.new
|
|
5
7
|
end
|
|
@@ -23,12 +25,25 @@ module ActionAuth
|
|
|
23
25
|
end
|
|
24
26
|
|
|
25
27
|
private
|
|
26
|
-
def user_params
|
|
27
|
-
params.permit(:email, :password, :password_confirmation)
|
|
28
|
-
end
|
|
29
28
|
|
|
30
|
-
|
|
31
|
-
|
|
29
|
+
def user_params
|
|
30
|
+
params.permit(:email, :password, :password_confirmation)
|
|
31
|
+
end
|
|
32
|
+
|
|
33
|
+
def send_email_verification
|
|
34
|
+
UserMailer.with(user: @user).email_verification.deliver_later
|
|
35
|
+
end
|
|
36
|
+
|
|
37
|
+
def validate_pwned_password
|
|
38
|
+
return unless ActionAuth.configuration.pwned_enabled?
|
|
39
|
+
|
|
40
|
+
pwned = Pwned::Password.new(params[:password])
|
|
41
|
+
|
|
42
|
+
if pwned.pwned?
|
|
43
|
+
@user = User.new(email: params[:email])
|
|
44
|
+
@user.errors.add(:password, "has been pwned #{pwned.pwned_count} times. Please choose a different password.")
|
|
45
|
+
render :new, status: :unprocessable_entity
|
|
32
46
|
end
|
|
47
|
+
end
|
|
33
48
|
end
|
|
34
49
|
end
|
|
@@ -15,18 +15,18 @@
|
|
|
15
15
|
|
|
16
16
|
<%= form.hidden_field :sid, value: params[:sid] %>
|
|
17
17
|
|
|
18
|
-
<div>
|
|
18
|
+
<div class="mb-3">
|
|
19
19
|
<%= form.label :password, "New password", style: "display: block" %>
|
|
20
20
|
<%= form.password_field :password, required: true, autofocus: true, autocomplete: "new-password" %>
|
|
21
21
|
<div>12 characters minimum.</div>
|
|
22
22
|
</div>
|
|
23
23
|
|
|
24
|
-
<div>
|
|
24
|
+
<div class="mb-3">
|
|
25
25
|
<%= form.label :password_confirmation, "Confirm new password", style: "display: block" %>
|
|
26
26
|
<%= form.password_field :password_confirmation, required: true, autocomplete: "new-password" %>
|
|
27
27
|
</div>
|
|
28
28
|
|
|
29
29
|
<div>
|
|
30
|
-
<%= form.submit "Save changes" %>
|
|
30
|
+
<%= form.submit "Save changes", class: "btn btn-primary" %>
|
|
31
31
|
</div>
|
|
32
32
|
<% end %>
|
|
@@ -14,6 +14,7 @@ module ActionAuth
|
|
|
14
14
|
@allow_user_deletion = true
|
|
15
15
|
@default_from_email = "from@example.com"
|
|
16
16
|
@magic_link_enabled = true
|
|
17
|
+
@pwned_enabled = defined?(Pwned)
|
|
17
18
|
@verify_email_on_sign_in = true
|
|
18
19
|
@webauthn_enabled = defined?(WebAuthn)
|
|
19
20
|
@webauthn_origin = "http://localhost:3000"
|
|
@@ -21,16 +22,20 @@ module ActionAuth
|
|
|
21
22
|
end
|
|
22
23
|
|
|
23
24
|
def allow_user_deletion?
|
|
24
|
-
@allow_user_deletion
|
|
25
|
+
@allow_user_deletion == true
|
|
25
26
|
end
|
|
26
27
|
|
|
27
28
|
def magic_link_enabled?
|
|
28
|
-
@magic_link_enabled
|
|
29
|
+
@magic_link_enabled == true
|
|
29
30
|
end
|
|
30
31
|
|
|
31
32
|
def webauthn_enabled?
|
|
32
33
|
@webauthn_enabled.respond_to?(:call) ? @webauthn_enabled.call : @webauthn_enabled
|
|
33
34
|
end
|
|
34
35
|
|
|
36
|
+
def pwned_enabled?
|
|
37
|
+
@pwned_enabled.respond_to?(:call) ? @pwned_enabled.call : @pwned_enabled
|
|
38
|
+
end
|
|
39
|
+
|
|
35
40
|
end
|
|
36
41
|
end
|
data/lib/action_auth/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: action_auth
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.4.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dave Kimura
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-08-
|
|
11
|
+
date: 2024-08-14 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rails
|
|
@@ -125,7 +125,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
125
125
|
- !ruby/object:Gem::Version
|
|
126
126
|
version: '0'
|
|
127
127
|
requirements: []
|
|
128
|
-
rubygems_version: 3.5.
|
|
128
|
+
rubygems_version: 3.5.17
|
|
129
129
|
signing_key:
|
|
130
130
|
specification_version: 4
|
|
131
131
|
summary: A simple Rails engine for authorization.
|