action_auth 1.7.0 → 1.7.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +12 -6
  3. data/app/controllers/action_auth/sessions_controller.rb +3 -1
  4. data/lib/action_auth/configuration.rb +3 -0
  5. data/lib/action_auth/version.rb +1 -1
  6. data/lib/tasks/action_auth_tasks.rake +1 -0
  7. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 2fa128174c9685bef3e348f40b7bfd48c28e26c23ba7c51d3e7088ce039d939a
4
- data.tar.gz: d92884ccd4e77112736f5f6fd9753def05508d1eb0135cb103af6b7c9a392c62
3
+ metadata.gz: 4db64b547fb30476de8606114e4a02fd4286c3f1535936847cb253dbe7122cae
4
+ data.tar.gz: 6c6db33a1cd8355ad9f53c22ff6a0e7cefe78f5e79e841694200921724619286
5
5
  SHA512:
6
- metadata.gz: 23bbbe3ed9ae95fadef0eb10c1890d9ec865fff976b3c4837551b0803fcd722b49ecf5bd90ef9778b7f2851b2987ebcee8fdac1b80eb91125fdaaec0e87734a4
7
- data.tar.gz: 777fabf39c4cc37dda6d487dd2514c46c8ff1a12a63890914e3fe2680d1c23a7542bcb3c9947aeb44c37a93f3206c1cd45a812335194c9b445c8348e81ddaebb
6
+ metadata.gz: 850b5731eeb33e46df11d2570df24955f7cabeab7ff31f4df0a87539af781b6f396f656baaa1404720c540d299375eeac2ba349e80d5d7767d08678b21e34091
7
+ data.tar.gz: 8024b8c5fb627c3aadf80d60f7b99860ca6b9a9ed168d6edcc7e3871d0e9ae8ca223a4efe1fbddebade7a3090a2c9daafc19736b6b934eb6ed66d247961e350c
data/README.md CHANGED
@@ -16,12 +16,15 @@ user experience akin to that offered by the well-regarded Devise gem.
16
16
  - [Helper Methods](#helper-methods)
17
17
  - [Restricting and Changing Routes](#restricting-and-changing-routes)
18
18
  5. [Have I Been Pwned](#have-i-been-pwned)
19
- 6. [WebAuthn](#webauthn)
20
- 7. [Within Your Application](#within-your-application)
21
- 8. Customizing
19
+ 6. [Magic Links](#magic-links)
20
+ 7. [SMS Authentication](#sms-authentication)
21
+ 8. [Account Deletion](#account-deletion)
22
+ 9. [WebAuthn](#webauthn)
23
+ 10. [Within Your Application](#within-your-application)
24
+ 11. Customizing
22
25
  - [Sign In Page](https://github.com/kobaltz/action_auth/wiki/Overriding-Sign-In-page-view)
23
- 9. [License](#license)
24
- 10. [Credits](#credits)
26
+ 12. [License](#license)
27
+ 13. [Credits](#credits)
25
28
 
26
29
  ## Breaking Changes
27
30
 
@@ -126,6 +129,8 @@ ActionAuth.configure do |config|
126
129
  config.webauthn_enabled = true # defined?(WebAuthn)
127
130
  config.webauthn_origin = "http://localhost:3000" # or "https://example.com"
128
131
  config.webauthn_rp_name = Rails.application.class.to_s.deconstantize
132
+
133
+ config.insert_cookie_domain = false
129
134
  end
130
135
 
131
136
  Rails.application.config.after_initialize do
@@ -254,7 +259,7 @@ an email to the user with a link that will log them in. This is a great way to a
254
259
  without having to remember a password. This is especially useful for users who may not have a password
255
260
  manager or have a hard time remembering passwords.
256
261
 
257
- ### SMS Authentication
262
+ ## SMS Authentication
258
263
 
259
264
  SMS Authentication is disabled by default. The purpose of this is to allow users to authenticate
260
265
  with a phone number. This is useful and specific to applications that may require a phone number
@@ -313,6 +318,7 @@ will want to style this to fit your application and have some kind of confirmati
313
318
  <%= button_to "Delete Account", action_auth.users_path, method: :delete %>
314
319
  </p>
315
320
  ```
321
+
316
322
  ## WebAuthn
317
323
 
318
324
  ActionAuth's approach for WebAuthn is simplicity. It is used as a multifactor authentication step,
data/app/controllers/action_auth/sessions_controller.rb CHANGED
@@ -19,7 +19,9 @@ module ActionAuth
19
19
  else
20
20
  return if check_if_email_is_verified(user)
21
21
  @session = user.sessions.create
22
- cookies.signed.permanent[:session_token] = { value: @session.id, httponly: true }
22
+ session_token_hash = { value: @session.id, httponly: true }
23
+ session_token_hash[:domain] = :all if ActionAuth.configuration.insert_cookie_domain
24
+ cookies.signed.permanent[:session_token] = session_token_hash
23
25
  redirect_to main_app.root_path, notice: "Signed in successfully"
24
26
  end
25
27
  else
data/lib/action_auth/configuration.rb CHANGED
@@ -13,6 +13,7 @@ module ActionAuth
13
13
  attr_accessor :webauthn_origin
14
14
  attr_accessor :webauthn_rp_name
15
15
 
16
+ attr_accessor :insert_cookie_domain
16
17
 
17
18
  def initialize
18
19
  @allow_user_deletion = true
@@ -26,6 +27,8 @@ module ActionAuth
26
27
  @webauthn_enabled = defined?(WebAuthn)
27
28
  @webauthn_origin = "http://localhost:3000"
28
29
  @webauthn_rp_name = Rails.application.class.to_s.deconstantize
30
+
31
+ @insert_cookie_domain = false
29
32
  end
30
33
 
31
34
  def allow_user_deletion?
data/lib/action_auth/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module ActionAuth
2
- VERSION = "1.7.0"
2
+ VERSION = "1.7.1"
3
3
  end
data/lib/tasks/action_auth_tasks.rake CHANGED
@@ -18,6 +18,7 @@ namespace :action_auth do
18
18
  # config.webauthn_enabled = true # defined?(WebAuthn)
19
19
  # config.webauthn_origin = "http://localhost:3000" # or "https://example.com"
20
20
  # config.webauthn_rp_name = Rails.application.class.to_s.deconstantize
21
+ # config.insert_cookie_domain = false
21
22
  # end
22
23
  #
23
24
  # Rails.application.config.after_initialize do
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: action_auth
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.7.0
4
+ version: 1.7.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dave Kimura
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-10-24 00:00:00.000000000 Z
11
+ date: 2024-12-05 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rails