action_auth 1.6.0 → 1.7.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +64 -5
- data/app/assets/stylesheets/action_auth/application.css +4 -0
- data/app/controllers/action_auth/sessions_controller.rb +3 -1
- data/app/controllers/action_auth/sms_auths/requests_controller.rb +31 -0
- data/app/controllers/action_auth/sms_auths/sign_ins_controller.rb +27 -0
- data/app/models/action_auth/user.rb +9 -1
- data/app/views/action_auth/registrations/new.html.erb +3 -0
- data/app/views/action_auth/sessions/new.html.erb +4 -0
- data/app/views/action_auth/sms_auths/requests/new.html.erb +26 -0
- data/app/views/action_auth/sms_auths/sign_ins/show.html.erb +14 -0
- data/config/routes.rb +7 -0
- data/db/migrate/20241020172209_add_phone_number_to_users.rb +7 -0
- data/lib/action_auth/configuration.rb +11 -0
- data/lib/action_auth/version.rb +1 -1
- data/lib/tasks/action_auth_tasks.rake +8 -0
- metadata +8 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 4db64b547fb30476de8606114e4a02fd4286c3f1535936847cb253dbe7122cae
|
4
|
+
data.tar.gz: 6c6db33a1cd8355ad9f53c22ff6a0e7cefe78f5e79e841694200921724619286
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 850b5731eeb33e46df11d2570df24955f7cabeab7ff31f4df0a87539af781b6f396f656baaa1404720c540d299375eeac2ba349e80d5d7767d08678b21e34091
|
7
|
+
data.tar.gz: 8024b8c5fb627c3aadf80d60f7b99860ca6b9a9ed168d6edcc7e3871d0e9ae8ca223a4efe1fbddebade7a3090a2c9daafc19736b6b934eb6ed66d247961e350c
|
data/README.md
CHANGED
@@ -16,12 +16,15 @@ user experience akin to that offered by the well-regarded Devise gem.
|
|
16
16
|
- [Helper Methods](#helper-methods)
|
17
17
|
- [Restricting and Changing Routes](#restricting-and-changing-routes)
|
18
18
|
5. [Have I Been Pwned](#have-i-been-pwned)
|
19
|
-
6. [
|
20
|
-
7. [
|
21
|
-
8.
|
19
|
+
6. [Magic Links](#magic-links)
|
20
|
+
7. [SMS Authentication](#sms-authentication)
|
21
|
+
8. [Account Deletion](#account-deletion)
|
22
|
+
9. [WebAuthn](#webauthn)
|
23
|
+
10. [Within Your Application](#within-your-application)
|
24
|
+
11. Customizing
|
22
25
|
- [Sign In Page](https://github.com/kobaltz/action_auth/wiki/Overriding-Sign-In-page-view)
|
23
|
-
|
24
|
-
|
26
|
+
12. [License](#license)
|
27
|
+
13. [Credits](#credits)
|
25
28
|
|
26
29
|
## Breaking Changes
|
27
30
|
|
@@ -121,10 +124,19 @@ ActionAuth.configure do |config|
|
|
121
124
|
config.magic_link_enabled = true
|
122
125
|
config.passkey_only = true # Allows sign in with only a passkey
|
123
126
|
config.pwned_enabled = true # defined?(Pwned)
|
127
|
+
config.sms_auth_enabled = false
|
124
128
|
config.verify_email_on_sign_in = true
|
125
129
|
config.webauthn_enabled = true # defined?(WebAuthn)
|
126
130
|
config.webauthn_origin = "http://localhost:3000" # or "https://example.com"
|
127
131
|
config.webauthn_rp_name = Rails.application.class.to_s.deconstantize
|
132
|
+
|
133
|
+
config.insert_cookie_domain = false
|
134
|
+
end
|
135
|
+
|
136
|
+
Rails.application.config.after_initialize do
|
137
|
+
ActionAuth.configure do |config|
|
138
|
+
config.sms_send_class = SmsSender
|
139
|
+
end
|
128
140
|
end
|
129
141
|
```
|
130
142
|
|
@@ -152,6 +164,8 @@ These are the planned features for ActionAuth. The ones that are checked off are
|
|
152
164
|
|
153
165
|
⏳ - OAuth with Google, Facebook, Github, Twitter, etc.
|
154
166
|
|
167
|
+
✅ - SMS Authentication
|
168
|
+
|
155
169
|
✅ - Have I Been Pwned Integration
|
156
170
|
|
157
171
|
✅ - Account Deletion
|
@@ -245,6 +259,50 @@ an email to the user with a link that will log them in. This is a great way to a
|
|
245
259
|
without having to remember a password. This is especially useful for users who may not have a password
|
246
260
|
manager or have a hard time remembering passwords.
|
247
261
|
|
262
|
+
## SMS Authentication
|
263
|
+
|
264
|
+
SMS Authentication is disabled by default. The purpose of this is to allow users to authenticate
|
265
|
+
with a phone number. This is useful and specific to applications that may require a phone number
|
266
|
+
instead of an email address for authentication. The basic workflow for this is to register a phone
|
267
|
+
number, and then send a code to the phone number. The user will then enter the code to authenticate.
|
268
|
+
|
269
|
+
No password or email is required for this. I do not recommend enabling this feature for most applications.
|
270
|
+
|
271
|
+
You must set up your own SMS Provider. This is not included in the gem. You will need to configure the
|
272
|
+
`sms_send_class` to send the SMS code. This will expect a class method called `send_code` that will take in the parameters
|
273
|
+
`phone_number` and `code`.
|
274
|
+
|
275
|
+
```ruby
|
276
|
+
require 'twilio-ruby'
|
277
|
+
|
278
|
+
class SmsSender
|
279
|
+
def self.send_code(phone_number, code)
|
280
|
+
account_sid = ENV['TWILIO_ACCOUNT_SID']
|
281
|
+
auth_token = ENV['TWILIO_AUTH_TOKEN']
|
282
|
+
from_number = ENV['TWILIO_PHONE_NUMBER']
|
283
|
+
|
284
|
+
client = Twilio::REST::Client.new(account_sid, auth_token)
|
285
|
+
|
286
|
+
client.messages.create(
|
287
|
+
from: from_number,
|
288
|
+
to: phone_number,
|
289
|
+
body: "Your verification code is #{code}"
|
290
|
+
)
|
291
|
+
end
|
292
|
+
end
|
293
|
+
```
|
294
|
+
|
295
|
+
Since this file could live in the `app/models` or elsewhere, we will need to set its configuration after the Rails
|
296
|
+
application has been loaded. This can be done in an initializer.
|
297
|
+
|
298
|
+
```ruby
|
299
|
+
Rails.application.config.after_initialize do
|
300
|
+
ActionAuth.configure do |config|
|
301
|
+
config.sms_send_class = SmsSender
|
302
|
+
end
|
303
|
+
end
|
304
|
+
```
|
305
|
+
|
248
306
|
## Account Deletion
|
249
307
|
|
250
308
|
Account deletion is a feature that is enabled by default. When a user deletes their account, the account
|
@@ -260,6 +318,7 @@ will want to style this to fit your application and have some kind of confirmati
|
|
260
318
|
<%= button_to "Delete Account", action_auth.users_path, method: :delete %>
|
261
319
|
</p>
|
262
320
|
```
|
321
|
+
|
263
322
|
## WebAuthn
|
264
323
|
|
265
324
|
ActionAuth's approach for WebAuthn is simplicity. It is used as a multifactor authentication step,
|
@@ -54,6 +54,8 @@ body {
|
|
54
54
|
|
55
55
|
input[type="text"],
|
56
56
|
input[type="email"],
|
57
|
+
input[type="number"],
|
58
|
+
input[type="tel"],
|
57
59
|
input[type="password"] {
|
58
60
|
-webkit-text-size-adjust: 100%;
|
59
61
|
-webkit-tap-highlight-color: rgba(0, 0, 0, 0);
|
@@ -186,6 +188,8 @@ input[type="password"] {
|
|
186
188
|
|
187
189
|
input[type="text"],
|
188
190
|
input[type="email"],
|
191
|
+
input[type="number"],
|
192
|
+
input[type="tel"],
|
189
193
|
input[type="password"] {
|
190
194
|
color: #d5c4a1;
|
191
195
|
background-color: #282828;
|
@@ -19,7 +19,9 @@ module ActionAuth
|
|
19
19
|
else
|
20
20
|
return if check_if_email_is_verified(user)
|
21
21
|
@session = user.sessions.create
|
22
|
-
|
22
|
+
session_token_hash = { value: @session.id, httponly: true }
|
23
|
+
session_token_hash[:domain] = :all if ActionAuth.configuration.insert_cookie_domain
|
24
|
+
cookies.signed.permanent[:session_token] = session_token_hash
|
23
25
|
redirect_to main_app.root_path, notice: "Signed in successfully"
|
24
26
|
end
|
25
27
|
else
|
@@ -0,0 +1,31 @@
|
|
1
|
+
module ActionAuth
|
2
|
+
class SmsAuths::RequestsController < ApplicationController
|
3
|
+
def new
|
4
|
+
end
|
5
|
+
|
6
|
+
def create
|
7
|
+
@user = User.find_or_initialize_by(phone_number: params[:phone_number])
|
8
|
+
if @user.new_record?
|
9
|
+
password = SecureRandom.hex(32)
|
10
|
+
|
11
|
+
@user.email = "#{SecureRandom.hex(32)}@smsauth"
|
12
|
+
@user.password = password
|
13
|
+
@user.password_confirmation = password
|
14
|
+
@user.verified = false
|
15
|
+
|
16
|
+
@user.save!
|
17
|
+
end
|
18
|
+
|
19
|
+
code = rand(100_000..999_999)
|
20
|
+
@user.update!(sms_code: code, sms_code_sent_at: Time.current)
|
21
|
+
cookies.signed[:sms_auth_phone_number] = { value: @user.phone_number, httponly: true }
|
22
|
+
|
23
|
+
if defined?(ActionAuth.configuration.sms_send_class) &&
|
24
|
+
ActionAuth.configuration.sms_send_class.respond_to?(:send_code)
|
25
|
+
ActionAuth.configuration.sms_send_class.send_code(@user.phone_number, code)
|
26
|
+
end
|
27
|
+
|
28
|
+
redirect_to sms_auths_sign_ins_path, notice: "Check your phone for a SMS Code."
|
29
|
+
end
|
30
|
+
end
|
31
|
+
end
|
@@ -0,0 +1,27 @@
|
|
1
|
+
module ActionAuth
|
2
|
+
class SmsAuths::SignInsController < ApplicationController
|
3
|
+
def show
|
4
|
+
@user = ActionAuth::User.find_by(phone_number: params[:phone_number])
|
5
|
+
end
|
6
|
+
|
7
|
+
def create
|
8
|
+
user = ActionAuth::User.find_by(
|
9
|
+
phone_number: cookies.signed[:sms_auth_phone_number],
|
10
|
+
sms_code: params[:sms_code],
|
11
|
+
sms_code_sent_at: 5.minutes.ago..Time.current
|
12
|
+
)
|
13
|
+
if user
|
14
|
+
@session = user.sessions.create
|
15
|
+
cookies.signed.permanent[:session_token] = { value: @session.id, httponly: true }
|
16
|
+
user.update(
|
17
|
+
verified: true,
|
18
|
+
sms_code: nil,
|
19
|
+
sms_code_sent_at: nil
|
20
|
+
)
|
21
|
+
redirect_to main_app.root_path, notice: "Signed In"
|
22
|
+
else
|
23
|
+
redirect_to sign_in_path, alert: "Authentication failed, please try again."
|
24
|
+
end
|
25
|
+
end
|
26
|
+
end
|
27
|
+
end
|
@@ -26,7 +26,15 @@ module ActionAuth
|
|
26
26
|
|
27
27
|
validates :email, presence: true, uniqueness: true, format: { with: URI::MailTo::EMAIL_REGEXP }
|
28
28
|
validates :password, allow_nil: true, length: { minimum: 12 }
|
29
|
-
|
29
|
+
validates :phone_number,
|
30
|
+
allow_nil: true,
|
31
|
+
uniqueness: true,
|
32
|
+
format: {
|
33
|
+
with: /\A\+\d+\z/,
|
34
|
+
message: "must be a valid international phone number with digits only after the country code"
|
35
|
+
}
|
36
|
+
|
37
|
+
normalizes :phone_number, with: -> phone_number { phone_number.gsub(/[^+\d]/, '') }
|
30
38
|
normalizes :email, with: -> email { email.strip.downcase }
|
31
39
|
|
32
40
|
before_validation if: :email_changed?, on: :update do
|
@@ -39,6 +39,9 @@
|
|
39
39
|
<% if ActionAuth.configuration.magic_link_enabled? %>
|
40
40
|
<%= link_to "Magic Link", new_magics_requests_path %> |
|
41
41
|
<% end %>
|
42
|
+
<% if ActionAuth.configuration.sms_auth_enabled? %>
|
43
|
+
<%= link_to "SMS Auth", new_sms_auths_requests_path %> |
|
44
|
+
<% end %>
|
42
45
|
<% if ActionAuth.configuration.passkey_only? %>
|
43
46
|
<%= link_to "Passkey", new_sessions_passkey_path %> |
|
44
47
|
<% end %>
|
@@ -20,6 +20,10 @@
|
|
20
20
|
<span class="mx-3">or</span>
|
21
21
|
<%= link_to "Magic Link", new_magics_requests_path %>
|
22
22
|
<% end %>
|
23
|
+
<% if ActionAuth.configuration.sms_auth_enabled? %>
|
24
|
+
<span class="mx-3">or</span>
|
25
|
+
<%= link_to "SMS Auth", new_sms_auths_requests_path %> |
|
26
|
+
<% end %>
|
23
27
|
<% if ActionAuth.configuration.passkey_only? %>
|
24
28
|
<span class="mx-3">or</span>
|
25
29
|
<%= link_to "Passkey", new_sessions_passkey_path %>
|
@@ -0,0 +1,26 @@
|
|
1
|
+
<h1>Request SMS Code</h1>
|
2
|
+
|
3
|
+
<%= form_with(url: sms_auths_requests_path) do |form| %>
|
4
|
+
<div class="mb-3">
|
5
|
+
<%= form.label :phone_number, style: "display: block" %>
|
6
|
+
<%= form.telephone_field :phone_number, required: true, autofocus: true, autocomplete: "mobile" %>
|
7
|
+
</div>
|
8
|
+
|
9
|
+
<div class="mb-3">
|
10
|
+
<%= form.submit "Request SMS Code", class: "btn btn-primary" %>
|
11
|
+
<span class="mx-3">or</span>
|
12
|
+
<%= link_to "Sign In", sign_in_path %>
|
13
|
+
<% if ActionAuth.configuration.passkey_only? %>
|
14
|
+
<span class="mx-3">or</span>
|
15
|
+
<%= link_to "Passkey", new_sessions_passkey_path %>
|
16
|
+
<% end %>
|
17
|
+
</div>
|
18
|
+
<% end %>
|
19
|
+
|
20
|
+
<div class="mb-3">
|
21
|
+
<%= link_to "Sign Up", sign_up_path %> |
|
22
|
+
<%= link_to "Reset Password", new_identity_password_reset_path %>
|
23
|
+
<% if ActionAuth.configuration.verify_email_on_sign_in %>
|
24
|
+
| <%= link_to "Verify Email", identity_email_verification_path %>
|
25
|
+
<% end %>
|
26
|
+
</div>
|
@@ -0,0 +1,14 @@
|
|
1
|
+
<h1>Verify SMS Code</h1>
|
2
|
+
|
3
|
+
<%= form_with(url: sms_auths_sign_ins_path) do |form| %>
|
4
|
+
<%= form.hidden_field :phone_number, value: cookies.signed[:sms_auth_phone_number] %>
|
5
|
+
<div class="mb-3">
|
6
|
+
<%= form.label :sms_code, style: "display: block" %>
|
7
|
+
<%= form.number_field :sms_code, required: true, autofocus: true, autocomplete: "one-time-code" %>
|
8
|
+
</div>
|
9
|
+
|
10
|
+
<div class="mb-3">
|
11
|
+
<%= form.submit "Sign In", class: "btn btn-primary" %>
|
12
|
+
</div>
|
13
|
+
<% end %>
|
14
|
+
|
data/config/routes.rb
CHANGED
@@ -35,4 +35,11 @@ ActionAuth::Engine.routes.draw do
|
|
35
35
|
resource :requests, only: [:new, :create]
|
36
36
|
end
|
37
37
|
end
|
38
|
+
|
39
|
+
if ActionAuth.configuration.sms_auth_enabled?
|
40
|
+
namespace :sms_auths do
|
41
|
+
resource :sign_ins, only: [:show, :create]
|
42
|
+
resource :requests, only: [:new, :create]
|
43
|
+
end
|
44
|
+
end
|
38
45
|
end
|
@@ -6,11 +6,14 @@ module ActionAuth
|
|
6
6
|
attr_accessor :magic_link_enabled
|
7
7
|
attr_accessor :passkey_only
|
8
8
|
attr_accessor :pwned_enabled
|
9
|
+
attr_accessor :sms_auth_enabled
|
10
|
+
attr_accessor :sms_send_class
|
9
11
|
attr_accessor :verify_email_on_sign_in
|
10
12
|
attr_accessor :webauthn_enabled
|
11
13
|
attr_accessor :webauthn_origin
|
12
14
|
attr_accessor :webauthn_rp_name
|
13
15
|
|
16
|
+
attr_accessor :insert_cookie_domain
|
14
17
|
|
15
18
|
def initialize
|
16
19
|
@allow_user_deletion = true
|
@@ -18,10 +21,14 @@ module ActionAuth
|
|
18
21
|
@magic_link_enabled = true
|
19
22
|
@passkey_only = true
|
20
23
|
@pwned_enabled = defined?(Pwned)
|
24
|
+
@sms_auth_enabled = false
|
25
|
+
@sms_send_class = nil
|
21
26
|
@verify_email_on_sign_in = true
|
22
27
|
@webauthn_enabled = defined?(WebAuthn)
|
23
28
|
@webauthn_origin = "http://localhost:3000"
|
24
29
|
@webauthn_rp_name = Rails.application.class.to_s.deconstantize
|
30
|
+
|
31
|
+
@insert_cookie_domain = false
|
25
32
|
end
|
26
33
|
|
27
34
|
def allow_user_deletion?
|
@@ -32,6 +39,10 @@ module ActionAuth
|
|
32
39
|
@magic_link_enabled == true
|
33
40
|
end
|
34
41
|
|
42
|
+
def sms_auth_enabled?
|
43
|
+
@sms_auth_enabled == true
|
44
|
+
end
|
45
|
+
|
35
46
|
def passkey_only?
|
36
47
|
webauthn_enabled? && @passkey_only == true
|
37
48
|
end
|
data/lib/action_auth/version.rb
CHANGED
@@ -13,10 +13,18 @@ namespace :action_auth do
|
|
13
13
|
# config.magic_link_enabled = true
|
14
14
|
# config.passkey_only = true # Allows sign in with only a passkey
|
15
15
|
# config.pwned_enabled = true # defined?(Pwned)
|
16
|
+
# config.sms_auth_enabled = false
|
16
17
|
# config.verify_email_on_sign_in = true
|
17
18
|
# config.webauthn_enabled = true # defined?(WebAuthn)
|
18
19
|
# config.webauthn_origin = "http://localhost:3000" # or "https://example.com"
|
19
20
|
# config.webauthn_rp_name = Rails.application.class.to_s.deconstantize
|
21
|
+
# config.insert_cookie_domain = false
|
22
|
+
# end
|
23
|
+
#
|
24
|
+
# Rails.application.config.after_initialize do
|
25
|
+
# ActionAuth.configure do |config|
|
26
|
+
# config.sms_send_class = SmsSender
|
27
|
+
# end
|
20
28
|
# end
|
21
29
|
RUBY
|
22
30
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: action_auth
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.7.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dave Kimura
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2024-
|
11
|
+
date: 2024-12-05 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rails
|
@@ -62,6 +62,8 @@ files:
|
|
62
62
|
- app/controllers/action_auth/registrations_controller.rb
|
63
63
|
- app/controllers/action_auth/sessions/passkeys_controller.rb
|
64
64
|
- app/controllers/action_auth/sessions_controller.rb
|
65
|
+
- app/controllers/action_auth/sms_auths/requests_controller.rb
|
66
|
+
- app/controllers/action_auth/sms_auths/sign_ins_controller.rb
|
65
67
|
- app/controllers/action_auth/users_controller.rb
|
66
68
|
- app/controllers/action_auth/webauthn_credential_authentications_controller.rb
|
67
69
|
- app/controllers/action_auth/webauthn_credentials_controller.rb
|
@@ -83,6 +85,8 @@ files:
|
|
83
85
|
- app/views/action_auth/sessions/index.html.erb
|
84
86
|
- app/views/action_auth/sessions/new.html.erb
|
85
87
|
- app/views/action_auth/sessions/passkeys/new.html.erb
|
88
|
+
- app/views/action_auth/sms_auths/requests/new.html.erb
|
89
|
+
- app/views/action_auth/sms_auths/sign_ins/show.html.erb
|
86
90
|
- app/views/action_auth/user_mailer/email_verification.html.erb
|
87
91
|
- app/views/action_auth/user_mailer/email_verification.text.erb
|
88
92
|
- app/views/action_auth/user_mailer/magic_link.html.erb
|
@@ -99,6 +103,7 @@ files:
|
|
99
103
|
- db/migrate/20240111125859_add_webauthn_credentials.rb
|
100
104
|
- db/migrate/20240111142545_add_webauthn_id_to_users.rb
|
101
105
|
- db/migrate/20240818032321_add_type_to_webauthn_credentials.rb
|
106
|
+
- db/migrate/20241020172209_add_phone_number_to_users.rb
|
102
107
|
- lib/action_auth.rb
|
103
108
|
- lib/action_auth/configuration.rb
|
104
109
|
- lib/action_auth/controllers/helpers.rb
|
@@ -128,7 +133,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
128
133
|
- !ruby/object:Gem::Version
|
129
134
|
version: '0'
|
130
135
|
requirements: []
|
131
|
-
rubygems_version: 3.5.
|
136
|
+
rubygems_version: 3.5.22
|
132
137
|
signing_key:
|
133
138
|
specification_version: 4
|
134
139
|
summary: A simple Rails engine for authorization.
|