authentication-zero 0.0.19 → 0.0.20

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (10) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile.lock +1 -1
  3. data/README.md +5 -10
  4. data/lib/authentication_zero/version.rb +1 -1
  5. data/lib/generators/authentication/authentication_generator.rb +2 -2
  6. data/lib/generators/authentication/templates/controllers/api/sessions_controller.rb.tt +1 -1
  7. data/lib/generators/authentication/templates/controllers/html/registrations_controller.rb.tt +1 -1
  8. data/lib/generators/authentication/templates/controllers/html/sessions_controller.rb.tt +2 -2
  9. data/lib/generators/authentication/templates/models/resource.rb.tt +11 -2
  10. metadata +1 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 4b1eabca1df60e043a1cc139cee3426a19c4a2bb494fcd2ceeb68875baecc126
4
- data.tar.gz: ca697e2d442e566a3f3b5fe051ca03840756185edd963679636ad76eaac4f972
3
+ metadata.gz: 17eaa95bd573232e512f8294bc79a5921d38cc85e7601efcea5cdb4227bb93ed
4
+ data.tar.gz: bef3e4a664a160fa730acd33be0228182ba893c312fd62f331d9459a8d13fe48
5
5
  SHA512:
6
- metadata.gz: 9cc259932fe245e5031f48aafa8407ed190f04e56a884eef339cfe04b1f21394dcede01d945f601193783caca66d83404f58817ca50d375d52816061cc05b4f5
7
- data.tar.gz: 97b372c3e3598d391d254c6b01819a17100475d108fc10f04b2c2d7d4074feb5a00c4703aebe031ccd0800df43344cee7a8c88601d24c0aceeb7150aeed48997
6
+ metadata.gz: 0d7dae9a8c8f8375ac33f52cb6a0f63d1fb60c5ea7d131d18a41a5dde31690554418994fcec85f958af43c57175643dab340db561835565bea6bbcdd4bf13254
7
+ data.tar.gz: 30d9f0e001f5430f5d6c87452ea395eeb1943479c3ce4b516f7b0e576ad784708a5b73fc9ef3e6069db241f9f5987a4661ec73ff3823ecec596f8100e70d168f
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- authentication-zero (0.0.19)
4
+ authentication-zero (0.0.20)
5
5
 
6
6
  GEM
7
7
  remote: https://rubygems.org/
data/README.md CHANGED
@@ -19,13 +19,13 @@ The purpose of authentication zero is to generate a pre-built authentication sys
19
19
 
20
20
  - [has_secure_password](https://api.rubyonrails.org/classes/ActiveModel/SecurePassword/ClassMethods.html#method-i-has_secure_password): Adds methods to set and authenticate against a BCrypt password.
21
21
  - [has_secure_token](https://api.rubyonrails.org/classes/ActiveRecord/SecureToken/ClassMethods.html#method-i-has_secure_token): Adds methods to generate unique tokens.
22
- - [encrypts](https://guides.rubyonrails.org/active_record_encryption.html) Encrypts the session_token on database so if an attacker gained access to your database, a snapshot of it, or your application logs, they wouldn't be able to make sense of the encrypted information.
23
- - [httponly cookies](https://api.rubyonrails.org/classes/ActionDispatch/Cookies.html): A cookie with the httponly attribute is inaccessible to the JavaScript, this precaution helps mitigate cross-site scripting (XSS) attacks.
24
22
  - [signed_id](https://api.rubyonrails.org/classes/ActiveRecord/SignedId.html): Returns a signed id that is tamper proof, so it's safe to send in an email or otherwise share with the outside world.
25
- - [Current Attributes](https://api.rubyonrails.org/classes/ActiveSupport/CurrentAttributes.html): Abstract super class that provides a thread-isolated attributes singleton, which resets automatically before and after each request.
26
- - [Log Filtering](https://guides.rubyonrails.org/action_controller_overview.html#log-filtering): Parameters 'token' and 'password' are marked [FILTERED] in the log.
23
+ - [signed cookies](https://api.rubyonrails.org/classes/ActionDispatch/Cookies.html): Returns a jar that'll automatically generate a signed representation of cookie value and verify it when reading from the cookie again.
24
+ - [httponly cookies](https://api.rubyonrails.org/classes/ActionDispatch/Cookies.html): A cookie with the httponly attribute is inaccessible to the JavaScript, this precaution helps mitigate cross-site scripting (XSS) attacks.
25
+ - [Current attributes](https://api.rubyonrails.org/classes/ActiveSupport/CurrentAttributes.html): Abstract super class that provides a thread-isolated attributes singleton, which resets automatically before and after each request.
27
26
  - [Callbacks](https://api.rubyonrails.org/classes/ActiveRecord/Callbacks.html): We use callbacks to send emails after changing an email or password.
28
- - [Action Mailer](https://api.rubyonrails.org/classes/ActionMailer/Base.html): Action Mailer allows you to send email from your application using a mailer model and views.
27
+ - [Action mailer](https://api.rubyonrails.org/classes/ActionMailer/Base.html): Action Mailer allows you to send email from your application using a mailer model and views.
28
+ - [Log filtering](https://guides.rubyonrails.org/action_controller_overview.html#log-filtering): Parameters 'token' and 'password' are marked [FILTERED] in the log.
29
29
 
30
30
  ## Installation
31
31
 
@@ -38,11 +38,6 @@ gem "authentication-zero"
38
38
 
39
39
  Then run `bundle install`
40
40
 
41
- You'll need to set up active record encryption, run the command below and follow the instructions.
42
- ```
43
- $ rails db:encryption:init
44
- ```
45
-
46
41
  You'll need to set the root path in your routes.rb, for this example let's use the following:
47
42
 
48
43
  ```ruby
data/lib/authentication_zero/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module AuthenticationZero
2
- VERSION = "0.0.19"
2
+ VERSION = "0.0.20"
3
3
  end
data/lib/generators/authentication/authentication_generator.rb CHANGED
@@ -59,7 +59,7 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
59
59
 
60
60
  private
61
61
  def authenticate
62
- if #{singular_table_name} = authenticate_with_http_token { |t, _| #{class_name}.find_by_session_token(t) }
62
+ if #{singular_table_name} = authenticate_with_http_token { |t, _| #{class_name}.find_signed_session_token(t) }
63
63
  Current.#{singular_table_name} = #{singular_table_name}
64
64
  else
65
65
  request_http_token_authentication
@@ -73,7 +73,7 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
73
73
 
74
74
  private
75
75
  def authenticate
76
- if #{singular_table_name} = #{class_name}.find_by_session_token(cookies[:session_token])
76
+ if #{singular_table_name} = #{class_name}.find_by_session_token(cookies.signed[:session_token])
77
77
  Current.#{singular_table_name} = #{singular_table_name}
78
78
  else
79
79
  redirect_to sign_in_path, alert: "You need to sign in or sign up before continuing"
data/lib/generators/authentication/templates/controllers/api/sessions_controller.rb.tt CHANGED
@@ -5,7 +5,7 @@ class SessionsController < ApplicationController
5
5
  @<%= singular_table_name %> = <%= class_name %>.find_by_email(params[:email])
6
6
 
7
7
  if @<%= singular_table_name %>.try(:authenticate, params[:password])
8
- render json: { session_token: @<%= singular_table_name %>.session_token }
8
+ render json: { session_token: @<%= singular_table_name %>.signed_session_token }
9
9
  else
10
10
  render json: { error: "Invalid email or password" }, status: :unauthorized
11
11
  end
data/lib/generators/authentication/templates/controllers/html/registrations_controller.rb.tt CHANGED
@@ -9,7 +9,7 @@ class RegistrationsController < ApplicationController
9
9
  @<%= singular_table_name %> = <%= class_name %>.new(<%= "#{singular_table_name}_params" %>)
10
10
 
11
11
  if @<%= singular_table_name %>.save
12
- cookies[:session_token] = { value: @<%= singular_table_name %>.session_token, httponly: true }
12
+ cookies.signed[:session_token] = { value: @<%= singular_table_name %>.session_token, httponly: true }
13
13
  redirect_to root_path, notice: "Welcome! You have signed up successfully"
14
14
  else
15
15
  render :new, status: :unprocessable_entity
data/lib/generators/authentication/templates/controllers/html/sessions_controller.rb.tt CHANGED
@@ -10,9 +10,9 @@ class SessionsController < ApplicationController
10
10
 
11
11
  if @<%= singular_table_name %>.try(:authenticate, params[:password])
12
12
  if params[:remember_me] == "1"
13
- cookies.permanent[:session_token] = { value: @<%= singular_table_name %>.session_token, httponly: true }
13
+ cookies.signed.permanent[:session_token] = { value: @<%= singular_table_name %>.session_token, httponly: true }
14
14
  else
15
- cookies[:session_token] = { value: @<%= singular_table_name %>.session_token, httponly: true }
15
+ cookies.signed[:session_token] = { value: @<%= singular_table_name %>.session_token, httponly: true }
16
16
  end
17
17
 
18
18
  redirect_to root_path, notice: "Signed in successfully"
data/lib/generators/authentication/templates/models/resource.rb.tt CHANGED
@@ -2,8 +2,6 @@ class <%= class_name %> < ApplicationRecord
2
2
  has_secure_password :password
3
3
  has_secure_token :session_token
4
4
 
5
- encrypts :session_token, deterministic: true
6
-
7
5
  validates :email, presence: true, uniqueness: true
8
6
  validates :email, format: { with: /\A[^@\s]+@[^@\s]+\z/ }
9
7
  validates_length_of :password, minimum: 8, allow_blank: true
@@ -23,4 +21,15 @@ class <%= class_name %> < ApplicationRecord
23
21
  PasswordMailer.with(<%= singular_table_name %>: self).changed.deliver_later
24
22
  end
25
23
  end
24
+ <% if options.api? %>
25
+ def signed_session_token
26
+ self.class.signed_id_verifier.generate(session_token)
27
+ end
28
+
29
+ def self.find_signed_session_token(signed_session_token)
30
+ if session_token = signed_id_verifier.verified(signed_session_token)
31
+ find_by_session_token(session_token)
32
+ end
33
+ end
34
+ <% end -%>
26
35
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: authentication-zero
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.19
4
+ version: 0.0.20
5
5
  platform: ruby
6
6
  authors:
7
7
  - Nixon