action_auth 1.7.0 → 1.7.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2fa128174c9685bef3e348f40b7bfd48c28e26c23ba7c51d3e7088ce039d939a
-  data.tar.gz: d92884ccd4e77112736f5f6fd9753def05508d1eb0135cb103af6b7c9a392c62
+  metadata.gz: 846bfde761f3244d5de683c23fcd43d49d68c97716c77f67e728a32d4109f940
+  data.tar.gz: 2469883be6f32b6a788dddf7fe5ac1711bc7617b21d1d7cba10e434ef52b000a
 SHA512:
-  metadata.gz: 23bbbe3ed9ae95fadef0eb10c1890d9ec865fff976b3c4837551b0803fcd722b49ecf5bd90ef9778b7f2851b2987ebcee8fdac1b80eb91125fdaaec0e87734a4
-  data.tar.gz: 777fabf39c4cc37dda6d487dd2514c46c8ff1a12a63890914e3fe2680d1c23a7542bcb3c9947aeb44c37a93f3206c1cd45a812335194c9b445c8348e81ddaebb
+  metadata.gz: 3be75f50cd128fe1d12cac42c54d668ed79c23043da74419264d0097f17ca8a774357e3aa31bcfaa3feb5d5a3cefe76d77067dd1d137a531a3c500c3c7ce2d04
+  data.tar.gz: 4d16ef0e1ca005bf3a5f10f4ff49c2fbe9ebaa135d48221e5ebd5f428cde5a2486b38cc68d48147e93b6b0595c3a408009af750a1f366af543cab867440ea553

data/README.md

@@ -16,12 +16,15 @@ user experience akin to that offered by the well-regarded Devise gem.
    - [Helper Methods](#helper-methods)
    - [Restricting and Changing Routes](#restricting-and-changing-routes)
 5. [Have I Been Pwned](#have-i-been-pwned)
-6. [WebAuthn](#webauthn)
-7. [Within Your Application](#within-your-application)
-8. Customizing
+6. [Magic Links](#magic-links)
+7. [SMS Authentication](#sms-authentication)
+8. [Account Deletion](#account-deletion)
+9. [WebAuthn](#webauthn)
+10. [Within Your Application](#within-your-application)
+11. Customizing
    - [Sign In Page](https://github.com/kobaltz/action_auth/wiki/Overriding-Sign-In-page-view)
-9. [License](#license)
-10. [Credits](#credits)
+12. [License](#license)
+13. [Credits](#credits)
 
 ## Breaking Changes
 
@@ -126,6 +129,8 @@ ActionAuth.configure do |config|
   config.webauthn_enabled = true # defined?(WebAuthn)
   config.webauthn_origin = "http://localhost:3000" # or "https://example.com"
   config.webauthn_rp_name = Rails.application.class.to_s.deconstantize
+
+  config.insert_cookie_domain = false
 end
 
 Rails.application.config.after_initialize do
@@ -254,7 +259,7 @@ an email to the user with a link that will log them in. This is a great way to a
 without having to remember a password. This is especially useful for users who may not have a password
 manager or have a hard time remembering passwords.
 
-### SMS Authentication
+## SMS Authentication
 
 SMS Authentication is disabled by default. The purpose of this is to allow users to authenticate
 with a phone number. This is useful and specific to applications that may require a phone number
@@ -313,6 +318,7 @@ will want to style this to fit your application and have some kind of confirmati
   <%= button_to "Delete Account", action_auth.users_path, method: :delete %>
 </p>
 ```
+
 ## WebAuthn
 
 ActionAuth's approach for WebAuthn is simplicity. It is used as a multifactor authentication step,

data/app/controllers/action_auth/sessions_controller.rb

@@ -19,7 +19,9 @@ module ActionAuth
         else
           return if check_if_email_is_verified(user)
           @session = user.sessions.create
-          cookies.signed.permanent[:session_token] = { value: @session.id, httponly: true }
+          session_token_hash = { value: @session.id, httponly: true }
+          session_token_hash[:domain] = :all if ActionAuth.configuration.insert_cookie_domain
+          cookies.signed.permanent[:session_token] = session_token_hash
           redirect_to main_app.root_path, notice: "Signed in successfully"
         end
       else
@@ -30,6 +32,8 @@ module ActionAuth
     def destroy
       session = Current.user.sessions.find(params[:id])
       session.destroy
+      cookies.delete(:session_token)
+      response.headers["Clear-Site-Data"] = '"cache","storage"'
       redirect_to main_app.root_path, notice: "That session has been logged out"
     end
 

data/lib/action_auth/configuration.rb

@@ -13,6 +13,7 @@ module ActionAuth
     attr_accessor :webauthn_origin
     attr_accessor :webauthn_rp_name
 
+    attr_accessor :insert_cookie_domain
 
     def initialize
       @allow_user_deletion = true
@@ -26,6 +27,8 @@ module ActionAuth
       @webauthn_enabled = defined?(WebAuthn)
       @webauthn_origin = "http://localhost:3000"
       @webauthn_rp_name = Rails.application.class.to_s.deconstantize
+
+      @insert_cookie_domain = false
     end
 
     def allow_user_deletion?

data/lib/action_auth/version.rb

@@ -1,3 +1,3 @@
 module ActionAuth
-  VERSION = "1.7.0"
+  VERSION = "1.7.2"
 end

data/lib/tasks/action_auth_tasks.rake

@@ -18,6 +18,7 @@ namespace :action_auth do
           #   config.webauthn_enabled = true # defined?(WebAuthn)
           #   config.webauthn_origin = "http://localhost:3000" # or "https://example.com"
           #   config.webauthn_rp_name = Rails.application.class.to_s.deconstantize
+          #   config.insert_cookie_domain = false
           # end
           #
           # Rails.application.config.after_initialize do

metadata

@@ -1,14 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: action_auth
 version: !ruby/object:Gem::Version
-  version: 1.7.0
+  version: 1.7.2
 platform: ruby
 authors:
 - Dave Kimura
-autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-10-24 00:00:00.000000000 Z
+date: 2025-01-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -118,7 +117,6 @@ metadata:
   homepage_uri: https://www.github.com/kobaltz/action_auth
   source_code_uri: https://www.github.com/kobaltz/action_auth
   changelog_uri: https://www.github.com/kobaltz/action_auth/CHANGELOG.md
-post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -133,8 +131,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.5.22
-signing_key:
+rubygems_version: 3.6.2
 specification_version: 4
 summary: A simple Rails engine for authorization.
 test_files: []