authentication-zero 2.11.0 → 2.12.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +4 -0
- data/Gemfile.lock +1 -1
- data/README.md +3 -1
- data/lib/authentication_zero/version.rb +1 -1
- data/lib/generators/authentication/USAGE +1 -1
- data/lib/generators/authentication/authentication_generator.rb +20 -15
- data/lib/generators/authentication/templates/controllers/api/authentications/events_controller.rb.tt +1 -1
- data/lib/generators/authentication/templates/controllers/api/identity/email_verifications_controller.rb.tt +16 -6
- data/lib/generators/authentication/templates/controllers/api/identity/emails_controller.rb.tt +15 -8
- data/lib/generators/authentication/templates/controllers/api/identity/password_resets_controller.rb.tt +9 -9
- data/lib/generators/authentication/templates/controllers/api/passwords_controller.rb.tt +8 -8
- data/lib/generators/authentication/templates/controllers/api/registrations_controller.rb.tt +5 -5
- data/lib/generators/authentication/templates/controllers/api/sessions/sudos_controller.rb.tt +2 -2
- data/lib/generators/authentication/templates/controllers/api/sessions_controller.rb.tt +5 -5
- data/lib/generators/authentication/templates/controllers/html/authentications/events_controller.rb.tt +1 -1
- data/lib/generators/authentication/templates/controllers/html/identity/email_verifications_controller.rb.tt +5 -5
- data/lib/generators/authentication/templates/controllers/html/identity/emails_controller.rb.tt +13 -6
- data/lib/generators/authentication/templates/controllers/html/identity/password_resets_controller.rb.tt +7 -7
- data/lib/generators/authentication/templates/controllers/html/passwords_controller.rb.tt +6 -6
- data/lib/generators/authentication/templates/controllers/html/registrations_controller.rb.tt +5 -5
- data/lib/generators/authentication/templates/controllers/html/sessions/omniauth_controller.rb.tt +4 -4
- data/lib/generators/authentication/templates/controllers/html/sessions/sudos_controller.rb.tt +3 -3
- data/lib/generators/authentication/templates/controllers/html/sessions_controller.rb.tt +9 -9
- data/lib/generators/authentication/templates/controllers/html/two_factor_authentication/challenges_controller.rb.tt +5 -5
- data/lib/generators/authentication/templates/controllers/html/two_factor_authentication/totps_controller.rb.tt +13 -6
- data/lib/generators/authentication/templates/erb/authentications/events/{index.html.erb → index.html.erb.tt} +8 -8
- data/lib/generators/authentication/templates/erb/identity/emails/edit.html.erb.tt +6 -4
- data/lib/generators/authentication/templates/erb/identity/password_resets/edit.html.erb.tt +3 -3
- data/lib/generators/authentication/templates/erb/passwords/edit.html.erb.tt +3 -3
- data/lib/generators/authentication/templates/erb/registrations/new.html.erb.tt +3 -3
- data/lib/generators/authentication/templates/erb/session_mailer/signed_in_notification.html.erb.tt +1 -1
- data/lib/generators/authentication/templates/erb/session_mailer/signed_in_notification.text.erb.tt +1 -1
- data/lib/generators/authentication/templates/erb/sessions/new.html.erb.tt +3 -2
- data/lib/generators/authentication/templates/erb/two_factor_authentication/totps/new.html.erb.tt +2 -0
- data/lib/generators/authentication/templates/erb/user_mailer/email_verify_confirmation.html.erb.tt +15 -0
- data/lib/generators/authentication/templates/erb/user_mailer/email_verify_confirmation.text.erb.tt +13 -0
- data/lib/generators/authentication/templates/erb/{identity_mailer → user_mailer}/password_reset_provision.html.erb.tt +1 -1
- data/lib/generators/authentication/templates/erb/{identity_mailer → user_mailer}/password_reset_provision.text.erb.tt +1 -1
- data/lib/generators/authentication/templates/mailers/session_mailer.rb.tt +1 -1
- data/lib/generators/authentication/templates/mailers/user_mailer.rb.tt +19 -0
- data/lib/generators/authentication/templates/migrations/create_events_migration.rb.tt +1 -1
- data/lib/generators/authentication/templates/migrations/create_sessions_migration.rb.tt +1 -1
- data/lib/generators/authentication/templates/migrations/{create_table_migration.rb.tt → create_users_migration.rb.tt} +3 -3
- data/lib/generators/authentication/templates/models/current.rb.tt +2 -2
- data/lib/generators/authentication/templates/models/event.rb.tt +1 -1
- data/lib/generators/authentication/templates/models/session.rb.tt +5 -5
- data/lib/generators/authentication/templates/models/{model.rb.tt → user.rb.tt} +5 -2
- data/lib/generators/authentication/templates/test_unit/application_system_test_case.rb.tt +3 -3
- data/lib/generators/authentication/templates/test_unit/controllers/api/identity/email_verifications_controller_test.rb.tt +9 -9
- data/lib/generators/authentication/templates/test_unit/controllers/api/identity/emails_controller_test.rb.tt +1 -1
- data/lib/generators/authentication/templates/test_unit/controllers/api/identity/password_resets_controller_test.rb.tt +7 -7
- data/lib/generators/authentication/templates/test_unit/controllers/api/passwords_controller_test.rb.tt +1 -1
- data/lib/generators/authentication/templates/test_unit/controllers/api/registrations_controller_test.rb.tt +1 -1
- data/lib/generators/authentication/templates/test_unit/controllers/api/sessions_controller_test.rb.tt +6 -6
- data/lib/generators/authentication/templates/test_unit/controllers/html/identity/email_verifications_controller_test.rb.tt +9 -9
- data/lib/generators/authentication/templates/test_unit/controllers/html/identity/emails_controller_test.rb.tt +1 -1
- data/lib/generators/authentication/templates/test_unit/controllers/html/identity/password_resets_controller_test.rb.tt +7 -7
- data/lib/generators/authentication/templates/test_unit/controllers/html/passwords_controller_test.rb.tt +1 -1
- data/lib/generators/authentication/templates/test_unit/controllers/html/registrations_controller_test.rb.tt +1 -1
- data/lib/generators/authentication/templates/test_unit/controllers/html/sessions_controller_test.rb.tt +8 -8
- data/lib/generators/authentication/templates/test_unit/system/identity/emails_test.rb.tt +2 -2
- data/lib/generators/authentication/templates/test_unit/system/identity/password_resets_test.rb.tt +3 -3
- data/lib/generators/authentication/templates/test_unit/system/passwords_test.rb.tt +1 -1
- data/lib/generators/authentication/templates/test_unit/system/sessions_test.rb.tt +4 -4
- data/lib/generators/authentication/templates/test_unit/test_helper.rb.tt +4 -4
- data/lib/generators/authentication/templates/test_unit/{fixtures.yml.tt → users.yml.tt} +0 -0
- metadata +11 -11
- data/lib/generators/authentication/templates/erb/identity_mailer/email_verify_confirmation.html.erb.tt +0 -11
- data/lib/generators/authentication/templates/erb/identity_mailer/email_verify_confirmation.text.erb.tt +0 -9
- data/lib/generators/authentication/templates/mailers/identity_mailer.rb.tt +0 -15
|
@@ -1,16 +1,16 @@
|
|
|
1
1
|
class TwoFactorAuthentication::ChallengesController < ApplicationController
|
|
2
2
|
skip_before_action :authenticate
|
|
3
3
|
|
|
4
|
-
before_action :
|
|
4
|
+
before_action :set_user
|
|
5
5
|
|
|
6
6
|
def new
|
|
7
7
|
end
|
|
8
8
|
|
|
9
9
|
def create
|
|
10
|
-
@totp = ROTP::TOTP.new(
|
|
10
|
+
@totp = ROTP::TOTP.new(@user.otp_secret, issuer: "YourAppName")
|
|
11
11
|
|
|
12
12
|
if @totp.verify(params[:code], drift_behind: 15)
|
|
13
|
-
session =
|
|
13
|
+
session = @user.sessions.create!
|
|
14
14
|
cookies.signed.permanent[:session_token] = { value: session.id, httponly: true }
|
|
15
15
|
|
|
16
16
|
redirect_to root_path, notice: "Signed in successfully"
|
|
@@ -20,8 +20,8 @@ class TwoFactorAuthentication::ChallengesController < ApplicationController
|
|
|
20
20
|
end
|
|
21
21
|
|
|
22
22
|
private
|
|
23
|
-
def
|
|
24
|
-
|
|
23
|
+
def set_user
|
|
24
|
+
@user = User.find_signed!(params[:token], purpose: :authentication_challenge)
|
|
25
25
|
rescue
|
|
26
26
|
redirect_to sign_in_path, alert: "That's taking too long. Please re-enter your password and try again"
|
|
27
27
|
end
|
|
@@ -1,24 +1,31 @@
|
|
|
1
1
|
class TwoFactorAuthentication::TotpsController < ApplicationController
|
|
2
|
-
|
|
2
|
+
<%- if options.sudoable? -%>
|
|
3
|
+
before_action :require_sudo
|
|
4
|
+
<%- end -%>
|
|
5
|
+
before_action :set_user
|
|
3
6
|
before_action :set_totp
|
|
4
7
|
|
|
5
8
|
def new
|
|
6
|
-
@qr_code = RQRCode::QRCode.new(@totp.provisioning_uri(
|
|
9
|
+
@qr_code = RQRCode::QRCode.new(@totp.provisioning_uri(@user.email))
|
|
7
10
|
end
|
|
8
11
|
|
|
9
12
|
def create
|
|
10
|
-
|
|
13
|
+
<%- unless options.sudoable? -%>
|
|
14
|
+
if !@user.authenticate(params[:current_password])
|
|
11
15
|
redirect_to two_factor_authentication_totp_path, alert: "The password you entered is incorrect"
|
|
12
16
|
elsif @totp.verify(params[:code], drift_behind: 15)
|
|
13
|
-
|
|
17
|
+
<%- else -%>
|
|
18
|
+
if @totp.verify(params[:code], drift_behind: 15)
|
|
19
|
+
<%- end -%>
|
|
20
|
+
@user.update! otp_secret: params[:secret]
|
|
14
21
|
redirect_to root_path, notice: "2FA is enabled on your account"
|
|
15
22
|
else
|
|
16
23
|
redirect_to two_factor_authentication_totp_path, alert: "That code didn't work. Please try again"
|
|
17
24
|
end
|
|
18
25
|
end
|
|
19
26
|
|
|
20
|
-
def
|
|
21
|
-
|
|
27
|
+
def set_user
|
|
28
|
+
@user = Current.user
|
|
22
29
|
end
|
|
23
30
|
|
|
24
31
|
def set_totp
|
|
@@ -1,33 +1,33 @@
|
|
|
1
1
|
<h1>Activity Log</h1>
|
|
2
2
|
|
|
3
3
|
<div id="sessions">
|
|
4
|
-
|
|
5
|
-
<div id="
|
|
4
|
+
<%% @events.each do |event| %>
|
|
5
|
+
<div id="<%%= dom_id event %>">
|
|
6
6
|
<p>
|
|
7
7
|
<strong>User Agent:</strong>
|
|
8
|
-
|
|
8
|
+
<%%= event.user_agent %>
|
|
9
9
|
</p>
|
|
10
10
|
|
|
11
11
|
<p>
|
|
12
12
|
<strong>Action:</strong>
|
|
13
|
-
|
|
13
|
+
<%%= event.action %>
|
|
14
14
|
</p>
|
|
15
15
|
|
|
16
16
|
<p>
|
|
17
17
|
<strong>Ip Address:</strong>
|
|
18
|
-
|
|
18
|
+
<%%= event.ip_address %>
|
|
19
19
|
</p>
|
|
20
20
|
|
|
21
21
|
<p>
|
|
22
22
|
<strong>Created at:</strong>
|
|
23
|
-
|
|
23
|
+
<%%= event.created_at %>
|
|
24
24
|
</p>
|
|
25
25
|
</div>
|
|
26
|
-
|
|
26
|
+
<%% end %>
|
|
27
27
|
</div>
|
|
28
28
|
|
|
29
29
|
<br>
|
|
30
30
|
|
|
31
31
|
<div>
|
|
32
|
-
|
|
32
|
+
<%%= link_to "Back", root_path %>
|
|
33
33
|
</div>
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
<p style="color: red"><%%= alert %></p>
|
|
2
2
|
|
|
3
|
-
<%% if Current
|
|
3
|
+
<%% if Current.user.verified? %>
|
|
4
4
|
<h1>Change your email</h1>
|
|
5
5
|
<%% else %>
|
|
6
6
|
<h1>Verify your email</h1>
|
|
@@ -9,22 +9,24 @@
|
|
|
9
9
|
<%% end %>
|
|
10
10
|
|
|
11
11
|
<%%= form_with(url: identity_email_path, method: :patch) do |form| %>
|
|
12
|
-
<%% if
|
|
12
|
+
<%% if @user.errors.any? %>
|
|
13
13
|
<div style="color: red">
|
|
14
|
-
<h2><%%= pluralize(
|
|
14
|
+
<h2><%%= pluralize(@user.errors.count, "error") %> prohibited this user from being saved:</h2>
|
|
15
15
|
|
|
16
16
|
<ul>
|
|
17
|
-
<%%
|
|
17
|
+
<%% @user.errors.each do |error| %>
|
|
18
18
|
<li><%%= error.full_message %></li>
|
|
19
19
|
<%% end %>
|
|
20
20
|
</ul>
|
|
21
21
|
</div>
|
|
22
22
|
<%% end %>
|
|
23
23
|
|
|
24
|
+
<%- unless options.sudoable? -%>
|
|
24
25
|
<div>
|
|
25
26
|
<%%= form.label :current_password, style: "display: block" %>
|
|
26
27
|
<%%= form.password_field :current_password, required: true, autofocus: true, autocomplete: "current-password" %>
|
|
27
28
|
</div>
|
|
29
|
+
<%- end -%>
|
|
28
30
|
|
|
29
31
|
<div>
|
|
30
32
|
<%%= form.label :email, "New email", style: "display: block" %>
|
|
@@ -1,12 +1,12 @@
|
|
|
1
1
|
<h1>Reset your password</h1>
|
|
2
2
|
|
|
3
3
|
<%%= form_with(url: identity_password_reset_path, method: :patch) do |form| %>
|
|
4
|
-
<%% if
|
|
4
|
+
<%% if @user.errors.any? %>
|
|
5
5
|
<div style="color: red">
|
|
6
|
-
<h2><%%= pluralize(
|
|
6
|
+
<h2><%%= pluralize(@user.errors.count, "error") %> prohibited this user from being saved:</h2>
|
|
7
7
|
|
|
8
8
|
<ul>
|
|
9
|
-
<%%
|
|
9
|
+
<%% @user.errors.each do |error| %>
|
|
10
10
|
<li><%%= error.full_message %></li>
|
|
11
11
|
<%% end %>
|
|
12
12
|
</ul>
|
|
@@ -3,12 +3,12 @@
|
|
|
3
3
|
<h1>Change your password</h1>
|
|
4
4
|
|
|
5
5
|
<%%= form_with(url: password_path, method: :patch) do |form| %>
|
|
6
|
-
<%% if
|
|
6
|
+
<%% if @user.errors.any? %>
|
|
7
7
|
<div style="color: red">
|
|
8
|
-
<h2><%%= pluralize(
|
|
8
|
+
<h2><%%= pluralize(@user.errors.count, "error") %> prohibited this user from being saved:</h2>
|
|
9
9
|
|
|
10
10
|
<ul>
|
|
11
|
-
<%%
|
|
11
|
+
<%% @user.errors.each do |error| %>
|
|
12
12
|
<li><%%= error.full_message %></li>
|
|
13
13
|
<%% end %>
|
|
14
14
|
</ul>
|
|
@@ -1,12 +1,12 @@
|
|
|
1
1
|
<h1>Sign up</h1>
|
|
2
2
|
|
|
3
3
|
<%%= form_with(url: sign_up_path) do |form| %>
|
|
4
|
-
<%% if
|
|
4
|
+
<%% if @user.errors.any? %>
|
|
5
5
|
<div style="color: red">
|
|
6
|
-
<h2><%%= pluralize(
|
|
6
|
+
<h2><%%= pluralize(@user.errors.count, "error") %> prohibited this user from being saved:</h2>
|
|
7
7
|
|
|
8
8
|
<ul>
|
|
9
|
-
<%%
|
|
9
|
+
<%% @user.errors.each do |error| %>
|
|
10
10
|
<li><%%= error.full_message %></li>
|
|
11
11
|
<%% end %>
|
|
12
12
|
</ul>
|
|
@@ -18,11 +18,12 @@
|
|
|
18
18
|
<%%= form.submit "Sign in" %>
|
|
19
19
|
</div>
|
|
20
20
|
<%% end %>
|
|
21
|
-
|
|
21
|
+
|
|
22
|
+
<%- if omniauthable? -%>
|
|
22
23
|
<div>
|
|
23
24
|
<%%= button_to "Sign in with OmniAuth", "/auth/developer", "data-turbo" => false %>
|
|
24
25
|
</div>
|
|
25
|
-
|
|
26
|
+
<%- end -%>
|
|
26
27
|
|
|
27
28
|
<br>
|
|
28
29
|
|
data/lib/generators/authentication/templates/erb/two_factor_authentication/totps/new.html.erb.tt
CHANGED
|
@@ -17,10 +17,12 @@
|
|
|
17
17
|
<%%= form_with(url: two_factor_authentication_totp_path) do |form| %>
|
|
18
18
|
<%%= form.hidden_field :secret, value: @totp.secret %>
|
|
19
19
|
|
|
20
|
+
<%- unless options.sudoable? -%>
|
|
20
21
|
<div>
|
|
21
22
|
<%%= form.label :current_password, style: "display: block" %>
|
|
22
23
|
<%%= form.password_field :current_password, required: true, autofocus: true, autocomplete: "current-password" %>
|
|
23
24
|
</div>
|
|
25
|
+
<%- end -%>
|
|
24
26
|
|
|
25
27
|
<div>
|
|
26
28
|
<%%= form.label :code, "After scanning with your camera, the app will generate a six-digit code. Enter it here:", style: "display: block" %>
|
data/lib/generators/authentication/templates/erb/user_mailer/email_verify_confirmation.html.erb.tt
ADDED
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
<p>Hey there,</p>
|
|
2
|
+
|
|
3
|
+
<p>This is to confirm that <%%= @user.email %> is the email you want to use on your account. If you ever lose your password, that's where we'll email a reset link.</p>
|
|
4
|
+
|
|
5
|
+
<p><strong>You must <%= code_verifiable? ? "put the code" : "hit the link" %> below to confirm that you received this email.</strong></p>
|
|
6
|
+
|
|
7
|
+
<%- if code_verifiable? -%>
|
|
8
|
+
<strong><%%= @user.verification_code.value %></strong>
|
|
9
|
+
<%- else -%>
|
|
10
|
+
<%%= link_to "Yes, use this email for my account", edit_identity_email_verification_url(token: @signed_id, email: @user.email) %>
|
|
11
|
+
<%- end -%>
|
|
12
|
+
|
|
13
|
+
<hr>
|
|
14
|
+
|
|
15
|
+
<p>Have questions or need help? Just reply to this email and our support team will help you sort it out.</p>
|
data/lib/generators/authentication/templates/erb/user_mailer/email_verify_confirmation.text.erb.tt
ADDED
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
Hey there,
|
|
2
|
+
|
|
3
|
+
This is to confirm that <%%= @user.email %> is the email you want to use on your account. If you ever lose your password, that's where we'll email a reset link.
|
|
4
|
+
|
|
5
|
+
You must <%= code_verifiable? ? "put the code" : "hit the link" %> below to confirm that you received this email.
|
|
6
|
+
|
|
7
|
+
<%- if code_verifiable? -%>
|
|
8
|
+
<%%= @user.verification_code.value %>
|
|
9
|
+
<%- else -%>
|
|
10
|
+
[Yes, use this email for my account]<%%= edit_identity_email_verification_url(token: @signed_id, email: @user.email) %>
|
|
11
|
+
<%- end -%>
|
|
12
|
+
|
|
13
|
+
Have questions or need help? Just reply to this email and our support team will help you sort it out.
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
<p>Hey there,</p>
|
|
2
2
|
|
|
3
|
-
<p>Can't remember your password for <strong><%%=
|
|
3
|
+
<p>Can't remember your password for <strong><%%= @user.email %></strong>? That's OK, it happens. Just hit the link below to set a new one.</p>
|
|
4
4
|
|
|
5
5
|
<p><%%= link_to "Reset my password", edit_identity_password_reset_url(token: @signed_id) %></p>
|
|
6
6
|
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Hey there,
|
|
2
2
|
|
|
3
|
-
Can't remember your password for <%%=
|
|
3
|
+
Can't remember your password for <%%= @user.email %>? That's OK, it happens. Just hit the link below to set a new one.
|
|
4
4
|
|
|
5
5
|
[Reset my password]<%%= edit_identity_password_reset_url(token: @signed_id) %>
|
|
6
6
|
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
class SessionMailer < ApplicationMailer
|
|
2
2
|
def signed_in_notification
|
|
3
3
|
@session = params[:session]
|
|
4
|
-
mail to: @session
|
|
4
|
+
mail to: @session.user.email, subject: "New sign-in to your account"
|
|
5
5
|
end
|
|
6
6
|
end
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
class UserMailer < ApplicationMailer
|
|
2
|
+
def password_reset_provision
|
|
3
|
+
@user = params[:user]
|
|
4
|
+
@signed_id = @user.signed_id(purpose: :password_reset, expires_in: 20.minutes)
|
|
5
|
+
|
|
6
|
+
mail to: @user.email, subject: "Reset your password"
|
|
7
|
+
end
|
|
8
|
+
|
|
9
|
+
def email_verify_confirmation
|
|
10
|
+
@user = params[:user]
|
|
11
|
+
<%- if code_verifiable? -%>
|
|
12
|
+
@user.verification_code.value = rand.to_s[2..7]
|
|
13
|
+
<%- else -%>
|
|
14
|
+
@signed_id = @user.signed_id(purpose: @user.email, expires_in: 2.days)
|
|
15
|
+
<%- end -%>
|
|
16
|
+
|
|
17
|
+
mail to: @user.email, subject: "Verify your email"
|
|
18
|
+
end
|
|
19
|
+
end
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
class <%= migration_class_name %> < ActiveRecord::Migration[<%= ActiveRecord::Migration.current_version %>]
|
|
2
2
|
def change
|
|
3
3
|
create_table :events do |t|
|
|
4
|
-
t.references
|
|
4
|
+
t.references :user, null: false, foreign_key: true
|
|
5
5
|
t.string :action, null: false
|
|
6
6
|
t.string :user_agent
|
|
7
7
|
t.string :ip_address
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
class <%= migration_class_name %> < ActiveRecord::Migration[<%= ActiveRecord::Migration.current_version %>]
|
|
2
2
|
def change
|
|
3
3
|
create_table :sessions do |t|
|
|
4
|
-
t.references
|
|
4
|
+
t.references :user, null: false, foreign_key: true
|
|
5
5
|
t.string :user_agent
|
|
6
6
|
t.string :ip_address
|
|
7
7
|
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
class <%= migration_class_name %> < ActiveRecord::Migration[<%= ActiveRecord::Migration.current_version %>]
|
|
2
2
|
def change
|
|
3
|
-
create_table
|
|
3
|
+
create_table :users do |t|
|
|
4
4
|
t.string :email, null: false
|
|
5
5
|
t.string :password_digest, null: false
|
|
6
6
|
|
|
@@ -16,9 +16,9 @@ class <%= migration_class_name %> < ActiveRecord::Migration[<%= ActiveRecord::Mi
|
|
|
16
16
|
t.timestamps
|
|
17
17
|
end
|
|
18
18
|
|
|
19
|
-
add_index
|
|
19
|
+
add_index :users, :email, unique: true
|
|
20
20
|
<%- if omniauthable? -%>
|
|
21
|
-
add_index
|
|
21
|
+
add_index :users, [:provider, :uid], unique: true
|
|
22
22
|
<%- end -%>
|
|
23
23
|
end
|
|
24
24
|
end
|
|
@@ -1,8 +1,8 @@
|
|
|
1
1
|
class Current < ActiveSupport::CurrentAttributes
|
|
2
|
-
attribute :session,
|
|
2
|
+
attribute :session, :user
|
|
3
3
|
attribute :user_agent, :ip_address
|
|
4
4
|
|
|
5
5
|
def session=(session)
|
|
6
|
-
super; self
|
|
6
|
+
super; self.user = session.user
|
|
7
7
|
end
|
|
8
8
|
end
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
class Session < ApplicationRecord
|
|
2
|
-
belongs_to
|
|
2
|
+
belongs_to :user
|
|
3
3
|
<%- if options.sudoable? %>
|
|
4
|
-
kredis_flag :sudo
|
|
4
|
+
kredis_flag :sudo, expires_in: 30.minutes
|
|
5
5
|
<%- end -%>
|
|
6
6
|
|
|
7
7
|
before_create do
|
|
@@ -10,7 +10,7 @@ class Session < ApplicationRecord
|
|
|
10
10
|
end
|
|
11
11
|
<%- if options.sudoable? %>
|
|
12
12
|
after_create_commit do
|
|
13
|
-
self.sudo.mark
|
|
13
|
+
self.sudo.mark
|
|
14
14
|
end
|
|
15
15
|
<%- end -%>
|
|
16
16
|
|
|
@@ -19,11 +19,11 @@ class Session < ApplicationRecord
|
|
|
19
19
|
end
|
|
20
20
|
<%- if options.trackable? %>
|
|
21
21
|
after_create do
|
|
22
|
-
|
|
22
|
+
user.events.create! action: "signed_in"
|
|
23
23
|
end
|
|
24
24
|
|
|
25
25
|
after_destroy do
|
|
26
|
-
|
|
26
|
+
user.events.create! action: "signed_out"
|
|
27
27
|
end
|
|
28
28
|
<%- end -%>
|
|
29
29
|
end
|
|
@@ -1,10 +1,13 @@
|
|
|
1
|
-
class
|
|
1
|
+
class User < ApplicationRecord
|
|
2
2
|
has_secure_password
|
|
3
3
|
|
|
4
4
|
has_many :sessions, dependent: :destroy
|
|
5
5
|
<%- if options.trackable? -%>
|
|
6
6
|
has_many :events, dependent: :destroy
|
|
7
7
|
<%- end -%>
|
|
8
|
+
<%- if code_verifiable? %>
|
|
9
|
+
kredis_string :verification_code, expires_in: 2.days
|
|
10
|
+
<%- end -%>
|
|
8
11
|
|
|
9
12
|
validates :email, presence: true, uniqueness: true
|
|
10
13
|
validates_format_of :email, with: /\A[^@\s]+@[^@\s]+\z/
|
|
@@ -28,7 +31,7 @@ class <%= class_name %> < ApplicationRecord
|
|
|
28
31
|
end
|
|
29
32
|
|
|
30
33
|
after_save_commit if: :email_previously_changed? do
|
|
31
|
-
|
|
34
|
+
UserMailer.with(user: self).email_verify_confirmation.deliver_later
|
|
32
35
|
end
|
|
33
36
|
<%- if options.trackable? %>
|
|
34
37
|
after_save_commit if: :email_previously_changed? do
|
|
@@ -3,13 +3,13 @@ require "test_helper"
|
|
|
3
3
|
class ApplicationSystemTestCase < ActionDispatch::SystemTestCase
|
|
4
4
|
driven_by :selenium, using: :chrome, screen_size: [1400, 1400]
|
|
5
5
|
|
|
6
|
-
def sign_in_as(
|
|
6
|
+
def sign_in_as(user)
|
|
7
7
|
visit sign_in_url
|
|
8
|
-
fill_in :email, with:
|
|
8
|
+
fill_in :email, with: user.email
|
|
9
9
|
fill_in :password, with: "Secret1*3*5*"
|
|
10
10
|
click_on "Sign in"
|
|
11
11
|
|
|
12
12
|
assert_current_path root_url
|
|
13
|
-
|
|
13
|
+
user
|
|
14
14
|
end
|
|
15
15
|
end
|
|
@@ -2,11 +2,11 @@ require "test_helper"
|
|
|
2
2
|
|
|
3
3
|
class Identity::EmailVerificationsControllerTest < ActionDispatch::IntegrationTest
|
|
4
4
|
setup do
|
|
5
|
-
|
|
6
|
-
@sid =
|
|
7
|
-
@sid_exp =
|
|
5
|
+
@user, @token = sign_in_as(users(:lazaro_nixon))
|
|
6
|
+
@sid = @user.signed_id(purpose: @user.email, expires_in: 20.minutes)
|
|
7
|
+
@sid_exp = @user.signed_id(purpose: @user.email, expires_in: 0.minutes)
|
|
8
8
|
|
|
9
|
-
|
|
9
|
+
@user.update! verified: false
|
|
10
10
|
end
|
|
11
11
|
|
|
12
12
|
def default_headers
|
|
@@ -14,7 +14,7 @@ class Identity::EmailVerificationsControllerTest < ActionDispatch::IntegrationTe
|
|
|
14
14
|
end
|
|
15
15
|
|
|
16
16
|
test "should send a verification email" do
|
|
17
|
-
assert_enqueued_email_with
|
|
17
|
+
assert_enqueued_email_with UserMailer, :email_verify_confirmation, args: { user: @user } do
|
|
18
18
|
post identity_email_verification_url, headers: default_headers
|
|
19
19
|
end
|
|
20
20
|
|
|
@@ -22,21 +22,21 @@ class Identity::EmailVerificationsControllerTest < ActionDispatch::IntegrationTe
|
|
|
22
22
|
end
|
|
23
23
|
|
|
24
24
|
test "should verify email" do
|
|
25
|
-
get edit_identity_email_verification_url, params: { token: @sid, email:
|
|
25
|
+
get edit_identity_email_verification_url, params: { token: @sid, email: @user.email }, headers: default_headers
|
|
26
26
|
assert_response :no_content
|
|
27
27
|
end
|
|
28
28
|
|
|
29
29
|
test "should not verify email with expired token" do
|
|
30
|
-
get edit_identity_email_verification_url, params: { token: @sid_exp, email:
|
|
30
|
+
get edit_identity_email_verification_url, params: { token: @sid_exp, email: @user.email }, headers: default_headers
|
|
31
31
|
|
|
32
32
|
assert_response :bad_request
|
|
33
33
|
assert_equal "That email verification link is invalid", response.parsed_body["error"]
|
|
34
34
|
end
|
|
35
35
|
|
|
36
36
|
test "should not verify email with previous token" do
|
|
37
|
-
|
|
37
|
+
@user.update! email: "other_email@hey.com"
|
|
38
38
|
|
|
39
|
-
get edit_identity_email_verification_url, params: { token: @sid, email:
|
|
39
|
+
get edit_identity_email_verification_url, params: { token: @sid, email: @user.email_previously_was }, headers: default_headers
|
|
40
40
|
|
|
41
41
|
assert_response :bad_request
|
|
42
42
|
assert_equal "That email verification link is invalid", response.parsed_body["error"]
|
|
@@ -2,7 +2,7 @@ require "test_helper"
|
|
|
2
2
|
|
|
3
3
|
class Identity::EmailsControllerTest < ActionDispatch::IntegrationTest
|
|
4
4
|
setup do
|
|
5
|
-
|
|
5
|
+
@user, @token = sign_in_as(users(:lazaro_nixon))
|
|
6
6
|
end
|
|
7
7
|
|
|
8
8
|
def default_headers
|
|
@@ -2,14 +2,14 @@ require "test_helper"
|
|
|
2
2
|
|
|
3
3
|
class Identity::PasswordResetsControllerTest < ActionDispatch::IntegrationTest
|
|
4
4
|
setup do
|
|
5
|
-
|
|
6
|
-
@sid =
|
|
7
|
-
@sid_exp =
|
|
5
|
+
@user = users(:lazaro_nixon)
|
|
6
|
+
@sid = @user.signed_id(purpose: :password_reset, expires_in: 20.minutes)
|
|
7
|
+
@sid_exp = @user.signed_id(purpose: :password_reset, expires_in: 0.minutes)
|
|
8
8
|
end
|
|
9
9
|
|
|
10
10
|
test "should send a password reset email" do
|
|
11
|
-
assert_enqueued_email_with
|
|
12
|
-
post identity_password_reset_url, params: { email:
|
|
11
|
+
assert_enqueued_email_with UserMailer, :password_reset_provision, args: { user: @user } do
|
|
12
|
+
post identity_password_reset_url, params: { email: @user.email }
|
|
13
13
|
end
|
|
14
14
|
|
|
15
15
|
assert_response :no_content
|
|
@@ -25,10 +25,10 @@ class Identity::PasswordResetsControllerTest < ActionDispatch::IntegrationTest
|
|
|
25
25
|
end
|
|
26
26
|
|
|
27
27
|
test "should not send a password reset email to a unverified email" do
|
|
28
|
-
|
|
28
|
+
@user.update! verified: false
|
|
29
29
|
|
|
30
30
|
assert_no_enqueued_emails do
|
|
31
|
-
post identity_password_reset_url, params: { email:
|
|
31
|
+
post identity_password_reset_url, params: { email: @user.email }
|
|
32
32
|
end
|
|
33
33
|
|
|
34
34
|
assert_response :not_found
|
|
@@ -2,7 +2,7 @@ require "test_helper"
|
|
|
2
2
|
|
|
3
3
|
class RegistrationsControllerTest < ActionDispatch::IntegrationTest
|
|
4
4
|
test "should sign up" do
|
|
5
|
-
assert_difference("
|
|
5
|
+
assert_difference("User.count") do
|
|
6
6
|
post sign_up_url, params: { email: "lazaronixon@hey.com", password: "Secret1*3*5*", password_confirmation: "Secret1*3*5*" }
|
|
7
7
|
end
|
|
8
8
|
|
|
@@ -2,7 +2,7 @@ require "test_helper"
|
|
|
2
2
|
|
|
3
3
|
class SessionsControllerTest < ActionDispatch::IntegrationTest
|
|
4
4
|
setup do
|
|
5
|
-
|
|
5
|
+
@user, @token = sign_in_as(users(:lazaro_nixon))
|
|
6
6
|
end
|
|
7
7
|
|
|
8
8
|
def default_headers
|
|
@@ -15,24 +15,24 @@ class SessionsControllerTest < ActionDispatch::IntegrationTest
|
|
|
15
15
|
end
|
|
16
16
|
|
|
17
17
|
test "should show session" do
|
|
18
|
-
get session_url(
|
|
18
|
+
get session_url(@user.sessions.last), headers: default_headers
|
|
19
19
|
assert_response :success
|
|
20
20
|
end
|
|
21
21
|
|
|
22
22
|
test "should sign in" do
|
|
23
|
-
post sign_in_url, params: { email:
|
|
23
|
+
post sign_in_url, params: { email: @user.email, password: "Secret1*3*5*" }
|
|
24
24
|
|
|
25
|
-
assert_enqueued_email_with SessionMailer, :signed_in_notification, args: { session:
|
|
25
|
+
assert_enqueued_email_with SessionMailer, :signed_in_notification, args: { session: @user.sessions.last }
|
|
26
26
|
assert_response :created
|
|
27
27
|
end
|
|
28
28
|
|
|
29
29
|
test "should not sign in with wrong credentials" do
|
|
30
|
-
post sign_in_url, params: { email:
|
|
30
|
+
post sign_in_url, params: { email: @user.email, password: "SecretWrong1*3" }
|
|
31
31
|
assert_response :unauthorized
|
|
32
32
|
end
|
|
33
33
|
|
|
34
34
|
test "should sign out" do
|
|
35
|
-
delete session_url(
|
|
35
|
+
delete session_url(@user.sessions.last), headers: default_headers
|
|
36
36
|
assert_response :no_content
|
|
37
37
|
end
|
|
38
38
|
end
|