auth_activity 0.1.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 6a54b8f73dcb2fc1e97da5d32d41b62b52ed0b9c75c0ecfce1e76259a925bfc2
+  data.tar.gz: 36060c0d21776ffa7f27a75ccc6d728ad8718590c91f0e836877230c3e6ecd6b
+SHA512:
+  metadata.gz: 830350b87dc0d2f14f335eb556b4d41fc9d81c964d0d3700ac508c491875fcd0cbf0e11dc9ec5b17ce59177d45343b070da4fbd198535007cdfd21b8b3730d35
+  data.tar.gz: 0fae43ad38fcfc7abff573402614f7141a67cfa1f546aa9864c43b61d1fe08d2c99b0f2c6eba05b1441d65dc7cace1c381276fac4165162b78966ce7b0b863c4

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright 2018 Joshua Jansen
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,30 @@
+# AuthActivity
+Short description and motivation.
+
+## Usage
+How to use my plugin.
+
+## Installation
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'auth_activity'
+```
+
+And then execute:
+```bash
+$ bundle
+$ rails auth_activity:install:migrations
+$ rails db:migrate
+```
+
+Or install it yourself as:
+```bash
+$ gem install auth_activity
+```
+
+## Contributing
+Contribution directions go here.
+
+## License
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/Rakefile

@@ -0,0 +1,32 @@
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+
+require 'rdoc/task'
+
+RDoc::Task.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'AuthActivity'
+  rdoc.options << '--line-numbers'
+  rdoc.rdoc_files.include('README.md')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+APP_RAKEFILE = File.expand_path("test/dummy/Rakefile", __dir__)
+load 'rails/tasks/engine.rake'
+
+load 'rails/tasks/statistics.rake'
+
+require 'bundler/gem_tasks'
+
+require 'rake/testtask'
+
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'test'
+  t.pattern = 'test/**/*_test.rb'
+  t.verbose = false
+end
+
+task default: :test

data/app/assets/config/auth_activity_manifest.js

@@ -0,0 +1,2 @@
+//= link_directory ../javascripts/auth_activity .js
+//= link_directory ../stylesheets/auth_activity .css

data/app/assets/javascripts/auth_activity/application.js

@@ -0,0 +1,15 @@
+// This is a manifest file that'll be compiled into application.js, which will include all the files
+// listed below.
+//
+// Any JavaScript/Coffee file within this directory, lib/assets/javascripts, vendor/assets/javascripts,
+// or any plugin's vendor/assets/javascripts directory can be referenced here using a relative path.
+//
+// It's not advisable to add code directly here, but if you do, it'll appear at the bottom of the
+// compiled file. JavaScript code in this file should be added after the last require_* statement.
+//
+// Read Sprockets README (https://github.com/rails/sprockets#sprockets-directives) for details
+// about supported directives.
+//
+//= require rails-ujs
+//= require activestorage
+//= require_tree .

data/app/assets/stylesheets/auth_activity/application.css

@@ -0,0 +1,15 @@
+/*
+ * This is a manifest file that'll be compiled into application.css, which will include all the files
+ * listed below.
+ *
+ * Any CSS and SCSS file within this directory, lib/assets/stylesheets, vendor/assets/stylesheets,
+ * or any plugin's vendor/assets/stylesheets directory can be referenced here using a relative path.
+ *
+ * You're free to add application-wide styles to this file and they'll appear at the bottom of the
+ * compiled file so the styles you add here take precedence over styles defined in any other CSS/SCSS
+ * files in this directory. Styles in this file should be added after the last require_* statement.
+ * It is generally better to create a new file per style scope.
+ *
+ *= require_tree .
+ *= require_self
+ */

data/app/controllers/auth_activity/application_controller.rb

@@ -0,0 +1,5 @@
+module AuthActivity
+  class ApplicationController < ActionController::Base
+    protect_from_forgery with: :exception
+  end
+end

data/app/controllers/concerns/auth_activity/auth_logger.rb

@@ -0,0 +1,66 @@
+module AuthActivity
+  module AuthLogger
+    extend ActiveSupport::Concern
+
+    included do
+      after_action :log_login_attempt
+      after_action :log_password_request
+      around_action :log_logout_action
+    end
+
+    private
+
+    def user
+      return current_user if signed_in?
+      return if email.blank?
+
+      ::User.find_by(email: email)
+    end
+
+    def email
+      params.dig(:session, :email) || params.dig(:password, :email) || current_user&.email
+    end
+
+    def login_attempt?
+      controller_name == "sessions" && action_name == "create"
+    end
+
+    def password_request_attempt?
+      controller_name == "passwords" && action_name == "create"
+    end
+
+    def logout_action?
+      controller_name == "sessions" && action_name == "destroy"
+    end
+
+    def log_login_attempt
+      return unless login_attempt?
+
+      if signed_in?
+        AuthEvent.succesful_login.create(user: user, metadata: { email: email })
+      else
+        AuthEvent.failed_login.create(user: user, metadata: { email: email })
+      end
+    end
+
+    def log_password_request
+      return unless password_request_attempt?
+
+      if user.present?
+        AuthEvent.succesful_password_request.create(user: user, metadata: { email: email })
+      else
+        AuthEvent.failed_password_request.create(metadata: { email: email })
+      end
+    end
+
+    def log_logout_action
+      if user.present? && logout_action?
+        user = current_user
+        yield
+        AuthEvent.logout.create(user: user, metadata: { email: user.email })
+      else
+        yield
+      end
+    end
+  end
+end

data/app/models/auth_activity/application_record.rb

@@ -0,0 +1,5 @@
+module AuthActivity
+  class ApplicationRecord < ActiveRecord::Base
+    self.abstract_class = true
+  end
+end

data/app/models/auth_activity/auth_event.rb

@@ -0,0 +1,16 @@
+module AuthActivity
+  class AuthEvent < ApplicationRecord
+    belongs_to :user, optional: true
+
+    enum action_type: {
+      failed_login: 0,
+      succesful_login: 1,
+      attributes_changed: 2,
+      failed_password_request: 3,
+      succesful_password_request: 4,
+      user_created: 5,
+      user_destroyed: 6,
+      logout: 7      
+    }
+  end
+end

data/app/models/concerns/auth_activity/user.rb

@@ -0,0 +1,44 @@
+module AuthActivity::User
+  AUTH_ATTRIBUTES = %w[email encrypted_password]
+  FILTER_ATTRIBUTES = %w[encrypted_password]
+  extend ActiveSupport::Concern
+
+  included do
+    after_update :log_changed
+    after_create :log_created
+    after_destroy :log_destroyed
+  end
+
+  private
+
+  def log_created
+    AuthActivity::AuthEvent.user_created.create!(user: self)
+  end
+
+  def log_changed
+    return unless changed_auth_attributes.any?
+    AuthActivity::AuthEvent.attributes_changed.create!(user: self, metadata: { attributes_changed: filtered_auth_changes } )
+  end
+
+  def log_destroyed
+    AuthActivity::AuthEvent.user_destroyed.create!(user: self)
+  end
+
+  def changed_auth_attributes
+    saved_changes.keys & AUTH_ATTRIBUTES
+  end
+
+  def filtered_auth_changes
+    auth_changes.update(auth_changes) do |k,v|
+      if k.in? FILTER_ATTRIBUTES
+        return { k => ["[filtered]", "[filtered]"] }
+      else
+        { k => v }
+      end
+    end
+  end
+
+  def auth_changes
+    saved_changes.select { |k,v| k.in?(changed_auth_attributes) }
+  end
+end

data/app/views/layouts/auth_activity/application.html.erb

@@ -0,0 +1,16 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>Auth activity</title>
+  <%= csrf_meta_tags %>
+  <%= csp_meta_tag %>
+
+  <%= stylesheet_link_tag    "auth_activity/application", media: "all" %>
+  <%= javascript_include_tag "auth_activity/application" %>
+</head>
+<body>
+
+<%= yield %>
+
+</body>
+</html>

data/config/routes.rb

@@ -0,0 +1,2 @@
+AuthActivity::Engine.routes.draw do
+end

data/db/migrate/20180914084603_create_auth_activity_auth_events.rb

@@ -0,0 +1,11 @@
+class CreateAuthActivityAuthEvents < ActiveRecord::Migration[5.2]
+  def change
+    create_table :auth_activity_auth_events do |t|
+      t.integer :user_id
+      t.integer :action_type
+      t.json :metadata, default: {}
+
+      t.timestamps
+    end
+  end
+end

data/lib/auth_activity.rb

@@ -0,0 +1,4 @@
+require "auth_activity/engine"
+
+module AuthActivity
+end

data/lib/auth_activity/engine.rb

@@ -0,0 +1,5 @@
+module AuthActivity
+  class Engine < ::Rails::Engine
+    isolate_namespace AuthActivity
+  end
+end

data/lib/auth_activity/version.rb

@@ -0,0 +1,3 @@
+module AuthActivity
+  VERSION = '0.1.1'
+end

data/lib/tasks/auth_activity_tasks.rake

@@ -0,0 +1,4 @@
+# desc "Explaining what the task does"
+# task :auth_activity do
+#   # Task goes here
+# end

metadata

@@ -0,0 +1,106 @@
+--- !ruby/object:Gem::Specification
+name: auth_activity
+version: !ruby/object:Gem::Version
+  version: 0.1.1
+platform: ruby
+authors:
+- Michiel Sikkes
+- Joshua Jansen
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2018-09-14 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.2'
+- !ruby/object:Gem::Dependency
+  name: pg
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.1'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.1'
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.16'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.16'
+description: Automatic authorisation auditing for your Rails app
+email:
+- michiel.sikkes@gmail.com
+- joshuajansen88@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- MIT-LICENSE
+- README.md
+- Rakefile
+- app/assets/config/auth_activity_manifest.js
+- app/assets/javascripts/auth_activity/application.js
+- app/assets/stylesheets/auth_activity/application.css
+- app/controllers/auth_activity/application_controller.rb
+- app/controllers/concerns/auth_activity/auth_logger.rb
+- app/models/auth_activity/application_record.rb
+- app/models/auth_activity/auth_event.rb
+- app/models/concerns/auth_activity/user.rb
+- app/views/layouts/auth_activity/application.html.erb
+- config/routes.rb
+- db/migrate/20180914084603_create_auth_activity_auth_events.rb
+- lib/auth_activity.rb
+- lib/auth_activity/engine.rb
+- lib/auth_activity/version.rb
+- lib/tasks/auth_activity_tasks.rake
+homepage: https://firmhouse.com
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.7.6
+signing_key: 
+specification_version: 4
+summary: Authorisation auditing
+test_files: []