action_auth 0.3.0 → 1.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +38 -19
- data/app/controllers/action_auth/registrations_controller.rb +1 -1
- data/app/controllers/action_auth/sessions_controller.rb +3 -3
- data/app/controllers/action_auth/webauthn_credential_authentications_controller.rb +3 -3
- data/app/controllers/action_auth/webauthn_credentials_controller.rb +3 -3
- data/app/models/action_auth/current.rb +1 -5
- data/app/models/action_auth/session.rb +3 -1
- data/app/models/action_auth/user.rb +8 -6
- data/app/models/action_auth/webauthn_credential.rb +2 -0
- data/app/views/action_auth/sessions/index.html.erb +1 -1
- data/db/migrate/20231107165548_create_action_auth_users.rb +2 -2
- data/db/migrate/20231107170349_create_action_auth_sessions.rb +2 -2
- data/db/migrate/20240111125859_add_webauthn_credentials.rb +2 -2
- data/db/migrate/20240111142545_add_webauthn_id_to_users.rb +1 -1
- data/lib/action_auth/version.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 24c21d0f3f0275043c101a941be6587f6ab14dcd56be5951e410a15c66d2ce59
|
|
4
|
+
data.tar.gz: 0406533a71d0411f164c20dc805e1f9e43988ffd7d979dc9ece4f8a20050bf30
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 415a5088415bdc54b813b8a199486e733442b6346ec9ba30b2995bf9428983478aa86e8406adb2cf18bf7271669dad2f0de50f9658dbe0627d4b61b6423ee66f
|
|
7
|
+
data.tar.gz: 795b6cc968062e90034ddfb08ad4f251a69b7bd5a50b580d706f98fa99c71276da291ef0bce15964153593a05aef4e5f3b171d2e5e980928754d6800b2324dea
|
data/README.md
CHANGED
|
@@ -22,6 +22,43 @@ user experience akin to that offered by the well-regarded Devise gem.
|
|
|
22
22
|
7. [License](#license)
|
|
23
23
|
8. [Credits](#credits)
|
|
24
24
|
|
|
25
|
+
## Breaking Changes
|
|
26
|
+
|
|
27
|
+
With the release of v1.0.0, there are some breaking changes that have been introduced. The
|
|
28
|
+
biggest change is that the `ActionAuth::User` model now uses the table name of `users` instead
|
|
29
|
+
of `action_auth_users`. This was done to make it easier to integrate with your application
|
|
30
|
+
without having to worry about the table name. If you have an existing application that is
|
|
31
|
+
using ActionAuth, you will need to rename the table to `users` with a migration like
|
|
32
|
+
|
|
33
|
+
```ruby
|
|
34
|
+
rename_table :action_auth_users, :users
|
|
35
|
+
```
|
|
36
|
+
|
|
37
|
+
Coming from `v0.3.0` to `v1.0.0`, you will need to create a migration to rename the table and foreign keys.
|
|
38
|
+
|
|
39
|
+
```ruby
|
|
40
|
+
class UpgradeActionAuth < ActiveRecord::Migration[7.1]
|
|
41
|
+
def change
|
|
42
|
+
rename_table :action_auth_users, :users
|
|
43
|
+
|
|
44
|
+
rename_table :action_auth_sessions, :sessions
|
|
45
|
+
rename_column :sessions, :action_auth_user_id, :user_id
|
|
46
|
+
|
|
47
|
+
rename_table :action_auth_webauthn_credentials, :webauthn_credentials
|
|
48
|
+
rename_column :webauthn_credentials, :action_auth_user_id, :user_id
|
|
49
|
+
end
|
|
50
|
+
end
|
|
51
|
+
```
|
|
52
|
+
|
|
53
|
+
You will then need to undo the migrations where the foreign keys were added in cases where `foreign_key: true` was
|
|
54
|
+
changed to `foreign_key: { to_table: 'action_auth_users' }`. You can do this for each table with a migration like:
|
|
55
|
+
|
|
56
|
+
```ruby
|
|
57
|
+
add_foreign_key :user_settings, :users, column: :user_id unless foreign_key_exists?(:user_settings, :users)
|
|
58
|
+
add_foreign_key :profiles, :users, column: :user_id unless foreign_key_exists?(:profiles, :users)
|
|
59
|
+
add_foreign_key :nfcs, :users, column: :user_id unless foreign_key_exists?(:nfcs, :users)
|
|
60
|
+
```
|
|
61
|
+
|
|
25
62
|
## Installation
|
|
26
63
|
Add this line to your application's Gemfile:
|
|
27
64
|
|
|
@@ -242,30 +279,12 @@ end
|
|
|
242
279
|
|
|
243
280
|
#### Generating an association
|
|
244
281
|
|
|
245
|
-
|
|
246
|
-
`action_auth_user:belongs_to`. However, when the foreign key is generated, it will look for the users table
|
|
247
|
-
instead of the action_auth_users table. To get around this, we'll need to modify the migration.
|
|
282
|
+
We are using `user:belongs_to` instead of `action_auth_user:belongs_to`.
|
|
248
283
|
|
|
249
284
|
```bash
|
|
250
285
|
bin/rails g scaffold posts user:belongs_to title
|
|
251
286
|
```
|
|
252
287
|
|
|
253
|
-
We can update the `foreign_key` from `true` to `{ to_table: :action_auth_users }` to get around this.
|
|
254
|
-
|
|
255
|
-
```ruby
|
|
256
|
-
# db/migrate/XXXXXXXXXXX_create_posts.rb
|
|
257
|
-
class CreatePosts < ActiveRecord::Migration[7.1]
|
|
258
|
-
def change
|
|
259
|
-
create_table :posts do |t|
|
|
260
|
-
t.belongs_to :user, null: false, foreign_key: { to_table: :action_auth_users }
|
|
261
|
-
t.string :title
|
|
262
|
-
|
|
263
|
-
t.timestamps
|
|
264
|
-
end
|
|
265
|
-
end
|
|
266
|
-
end
|
|
267
|
-
```
|
|
268
|
-
|
|
269
288
|
And the post model doesn't need anything special to ActionAuth.
|
|
270
289
|
|
|
271
290
|
```ruby
|
|
@@ -12,7 +12,7 @@ module ActionAuth
|
|
|
12
12
|
send_email_verification
|
|
13
13
|
redirect_to sign_in_path, notice: "Welcome! You have signed up successfully. Please check your email to verify your account."
|
|
14
14
|
else
|
|
15
|
-
session_record = @user.
|
|
15
|
+
session_record = @user.sessions.create!
|
|
16
16
|
cookies.signed.permanent[:session_token] = { value: session_record.id, httponly: true }
|
|
17
17
|
|
|
18
18
|
redirect_to sign_in_path, notice: "Welcome! You have signed up successfully"
|
|
@@ -5,7 +5,7 @@ module ActionAuth
|
|
|
5
5
|
|
|
6
6
|
def index
|
|
7
7
|
@action_auth_wide = true
|
|
8
|
-
@sessions = Current.user.
|
|
8
|
+
@sessions = Current.user.sessions.order(created_at: :desc)
|
|
9
9
|
end
|
|
10
10
|
|
|
11
11
|
def new
|
|
@@ -18,7 +18,7 @@ module ActionAuth
|
|
|
18
18
|
redirect_to new_webauthn_credential_authentications_path
|
|
19
19
|
else
|
|
20
20
|
return if check_if_email_is_verified(user)
|
|
21
|
-
@session = user.
|
|
21
|
+
@session = user.sessions.create
|
|
22
22
|
cookies.signed.permanent[:session_token] = { value: @session.id, httponly: true }
|
|
23
23
|
redirect_to main_app.root_path, notice: "Signed in successfully"
|
|
24
24
|
end
|
|
@@ -28,7 +28,7 @@ module ActionAuth
|
|
|
28
28
|
end
|
|
29
29
|
|
|
30
30
|
def destroy
|
|
31
|
-
session = Current.user.
|
|
31
|
+
session = Current.user.sessions.find(params[:id])
|
|
32
32
|
session.destroy
|
|
33
33
|
redirect_to main_app.root_path, notice: "That session has been logged out"
|
|
34
34
|
end
|
|
@@ -4,7 +4,7 @@ class ActionAuth::WebauthnCredentialAuthenticationsController < ApplicationContr
|
|
|
4
4
|
layout "action_auth/application"
|
|
5
5
|
|
|
6
6
|
def new
|
|
7
|
-
get_options = WebAuthn::Credential.options_for_get(allow: user.
|
|
7
|
+
get_options = WebAuthn::Credential.options_for_get(allow: user.webauthn_credentials.pluck(:external_id))
|
|
8
8
|
session[:current_challenge] = get_options.challenge
|
|
9
9
|
@options = get_options
|
|
10
10
|
end
|
|
@@ -12,7 +12,7 @@ class ActionAuth::WebauthnCredentialAuthenticationsController < ApplicationContr
|
|
|
12
12
|
def create
|
|
13
13
|
webauthn_credential = WebAuthn::Credential.from_get(params)
|
|
14
14
|
|
|
15
|
-
credential = user.
|
|
15
|
+
credential = user.webauthn_credentials.find_by(external_id: webauthn_credential.id)
|
|
16
16
|
|
|
17
17
|
begin
|
|
18
18
|
webauthn_credential.verify(
|
|
@@ -23,7 +23,7 @@ class ActionAuth::WebauthnCredentialAuthenticationsController < ApplicationContr
|
|
|
23
23
|
|
|
24
24
|
credential.update!(sign_count: webauthn_credential.sign_count)
|
|
25
25
|
session.delete(:webauthn_user_id)
|
|
26
|
-
session = user.
|
|
26
|
+
session = user.sessions.create
|
|
27
27
|
cookies.signed.permanent[:session_token] = { value: session.id, httponly: true }
|
|
28
28
|
render json: { status: "ok" }, status: :ok
|
|
29
29
|
rescue WebAuthn::Error => e
|
|
@@ -15,7 +15,7 @@ class ActionAuth::WebauthnCredentialsController < ApplicationController
|
|
|
15
15
|
id: current_user.webauthn_id,
|
|
16
16
|
name: current_user.email
|
|
17
17
|
},
|
|
18
|
-
exclude: current_user.
|
|
18
|
+
exclude: current_user.webauthn_credentials.pluck(:external_id)
|
|
19
19
|
)
|
|
20
20
|
|
|
21
21
|
session[:current_challenge] = create_options.challenge
|
|
@@ -34,7 +34,7 @@ class ActionAuth::WebauthnCredentialsController < ApplicationController
|
|
|
34
34
|
begin
|
|
35
35
|
webauthn_credential.verify(session[:current_challenge])
|
|
36
36
|
|
|
37
|
-
credential = current_user.
|
|
37
|
+
credential = current_user.webauthn_credentials.build(
|
|
38
38
|
external_id: webauthn_credential.id,
|
|
39
39
|
nickname: params[:credential_nickname],
|
|
40
40
|
public_key: webauthn_credential.public_key,
|
|
@@ -53,7 +53,7 @@ class ActionAuth::WebauthnCredentialsController < ApplicationController
|
|
|
53
53
|
end
|
|
54
54
|
|
|
55
55
|
def destroy
|
|
56
|
-
current_user.
|
|
56
|
+
current_user.webauthn_credentials.destroy(params[:id])
|
|
57
57
|
|
|
58
58
|
redirect_to sessions_path
|
|
59
59
|
end
|
|
@@ -1,6 +1,8 @@
|
|
|
1
1
|
module ActionAuth
|
|
2
2
|
class Session < ApplicationRecord
|
|
3
|
-
|
|
3
|
+
self.table_name = "sessions"
|
|
4
|
+
|
|
5
|
+
belongs_to :user, class_name: "ActionAuth::User", foreign_key: "user_id"
|
|
4
6
|
|
|
5
7
|
before_create do
|
|
6
8
|
self.user_agent = Current.user_agent
|
|
@@ -1,13 +1,15 @@
|
|
|
1
1
|
module ActionAuth
|
|
2
2
|
class User < ApplicationRecord
|
|
3
|
+
self.table_name = "users"
|
|
4
|
+
|
|
3
5
|
has_secure_password
|
|
4
6
|
|
|
5
|
-
has_many :
|
|
6
|
-
class_name: "ActionAuth::Session", foreign_key: "
|
|
7
|
+
has_many :sessions, dependent: :destroy,
|
|
8
|
+
class_name: "ActionAuth::Session", foreign_key: "user_id"
|
|
7
9
|
|
|
8
10
|
if ActionAuth.configuration.webauthn_enabled?
|
|
9
|
-
has_many :
|
|
10
|
-
class_name: "ActionAuth::WebauthnCredential", foreign_key: "
|
|
11
|
+
has_many :webauthn_credentials, dependent: :destroy,
|
|
12
|
+
class_name: "ActionAuth::WebauthnCredential", foreign_key: "user_id"
|
|
11
13
|
end
|
|
12
14
|
|
|
13
15
|
generates_token_for :email_verification, expires_in: 2.days do
|
|
@@ -28,12 +30,12 @@ module ActionAuth
|
|
|
28
30
|
end
|
|
29
31
|
|
|
30
32
|
after_update if: :password_digest_previously_changed? do
|
|
31
|
-
|
|
33
|
+
sessions.where.not(id: Current.session).delete_all
|
|
32
34
|
end
|
|
33
35
|
|
|
34
36
|
def second_factor_enabled?
|
|
35
37
|
return false unless ActionAuth.configuration.webauthn_enabled?
|
|
36
|
-
|
|
38
|
+
webauthn_credentials.any?
|
|
37
39
|
end
|
|
38
40
|
end
|
|
39
41
|
end
|
|
@@ -41,7 +41,7 @@
|
|
|
41
41
|
</tr>
|
|
42
42
|
</thead>
|
|
43
43
|
<tbody>
|
|
44
|
-
<% current_user.
|
|
44
|
+
<% current_user.webauthn_credentials.each do |credential| %>
|
|
45
45
|
<%= content_tag :tr, id: dom_id(credential) do %>
|
|
46
46
|
<td><%= credential.nickname %></td>
|
|
47
47
|
<td nowrap><%= credential.created_at.strftime('%B %d, %Y') %></td>
|
|
@@ -1,12 +1,12 @@
|
|
|
1
1
|
class CreateActionAuthUsers < ActiveRecord::Migration[7.1]
|
|
2
2
|
def change
|
|
3
|
-
create_table :
|
|
3
|
+
create_table :users do |t|
|
|
4
4
|
t.string :email
|
|
5
5
|
t.string :password_digest
|
|
6
6
|
t.boolean :verified
|
|
7
7
|
|
|
8
8
|
t.timestamps
|
|
9
9
|
end
|
|
10
|
-
add_index :
|
|
10
|
+
add_index :users, :email, unique: true
|
|
11
11
|
end
|
|
12
12
|
end
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
class CreateActionAuthSessions < ActiveRecord::Migration[7.1]
|
|
2
2
|
def change
|
|
3
|
-
create_table :
|
|
4
|
-
t.references :
|
|
3
|
+
create_table :sessions do |t|
|
|
4
|
+
t.references :user, null: false, foreign_key: true
|
|
5
5
|
t.string :user_agent
|
|
6
6
|
t.string :ip_address
|
|
7
7
|
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
class AddWebauthnCredentials < ActiveRecord::Migration[7.1]
|
|
2
2
|
def change
|
|
3
|
-
create_table :
|
|
3
|
+
create_table :webauthn_credentials do |t|
|
|
4
4
|
t.string :external_id, null: false
|
|
5
5
|
t.string :public_key, null: false
|
|
6
6
|
t.string :nickname, null: false
|
|
@@ -8,7 +8,7 @@ class AddWebauthnCredentials < ActiveRecord::Migration[7.1]
|
|
|
8
8
|
|
|
9
9
|
t.index :external_id, unique: true
|
|
10
10
|
|
|
11
|
-
t.references :
|
|
11
|
+
t.references :user, foreign_key: true
|
|
12
12
|
|
|
13
13
|
t.timestamps
|
|
14
14
|
end
|
data/lib/action_auth/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: action_auth
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 1.0.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dave Kimura
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-
|
|
11
|
+
date: 2024-08-06 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rails
|
|
@@ -120,7 +120,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
120
120
|
- !ruby/object:Gem::Version
|
|
121
121
|
version: '0'
|
|
122
122
|
requirements: []
|
|
123
|
-
rubygems_version: 3.5.
|
|
123
|
+
rubygems_version: 3.5.16
|
|
124
124
|
signing_key:
|
|
125
125
|
specification_version: 4
|
|
126
126
|
summary: A simple Rails engine for authorization.
|