authentication-zero 2.11.2 → 2.12.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +4 -0
- data/Gemfile.lock +1 -1
- data/README.md +1 -1
- data/authentication-zero-api.md +1 -16
- data/lib/authentication_zero/version.rb +1 -1
- data/lib/generators/authentication/USAGE +1 -1
- data/lib/generators/authentication/authentication_generator.rb +6 -6
- data/lib/generators/authentication/templates/controllers/api/authentications/events_controller.rb.tt +1 -1
- data/lib/generators/authentication/templates/controllers/api/identity/email_verifications_controller.rb.tt +9 -7
- data/lib/generators/authentication/templates/controllers/api/identity/emails_controller.rb.tt +15 -8
- data/lib/generators/authentication/templates/controllers/api/identity/password_resets_controller.rb.tt +9 -9
- data/lib/generators/authentication/templates/controllers/api/passwords_controller.rb.tt +8 -8
- data/lib/generators/authentication/templates/controllers/api/registrations_controller.rb.tt +8 -5
- data/lib/generators/authentication/templates/controllers/api/sessions/sudos_controller.rb.tt +1 -1
- data/lib/generators/authentication/templates/controllers/api/sessions_controller.rb.tt +6 -6
- data/lib/generators/authentication/templates/controllers/html/authentications/events_controller.rb.tt +1 -1
- data/lib/generators/authentication/templates/controllers/html/identity/email_verifications_controller.rb.tt +5 -5
- data/lib/generators/authentication/templates/controllers/html/identity/emails_controller.rb.tt +13 -6
- data/lib/generators/authentication/templates/controllers/html/identity/password_resets_controller.rb.tt +7 -7
- data/lib/generators/authentication/templates/controllers/html/passwords_controller.rb.tt +6 -6
- data/lib/generators/authentication/templates/controllers/html/registrations_controller.rb.tt +5 -5
- data/lib/generators/authentication/templates/controllers/html/sessions/omniauth_controller.rb.tt +4 -4
- data/lib/generators/authentication/templates/controllers/html/sessions/sudos_controller.rb.tt +2 -2
- data/lib/generators/authentication/templates/controllers/html/sessions_controller.rb.tt +9 -9
- data/lib/generators/authentication/templates/controllers/html/two_factor_authentication/challenges_controller.rb.tt +5 -5
- data/lib/generators/authentication/templates/controllers/html/two_factor_authentication/totps_controller.rb.tt +13 -6
- data/lib/generators/authentication/templates/erb/authentications/events/{index.html.erb → index.html.erb.tt} +8 -8
- data/lib/generators/authentication/templates/erb/identity/emails/edit.html.erb.tt +6 -4
- data/lib/generators/authentication/templates/erb/identity/password_resets/edit.html.erb.tt +3 -3
- data/lib/generators/authentication/templates/erb/passwords/edit.html.erb.tt +3 -3
- data/lib/generators/authentication/templates/erb/registrations/new.html.erb.tt +3 -3
- data/lib/generators/authentication/templates/erb/session_mailer/signed_in_notification.html.erb.tt +1 -1
- data/lib/generators/authentication/templates/erb/session_mailer/signed_in_notification.text.erb.tt +1 -1
- data/lib/generators/authentication/templates/erb/sessions/new.html.erb.tt +3 -2
- data/lib/generators/authentication/templates/erb/two_factor_authentication/totps/new.html.erb.tt +2 -0
- data/lib/generators/authentication/templates/erb/{identity_mailer → user_mailer}/email_verify_confirmation.html.erb.tt +2 -2
- data/lib/generators/authentication/templates/erb/{identity_mailer → user_mailer}/email_verify_confirmation.text.erb.tt +2 -2
- data/lib/generators/authentication/templates/erb/{identity_mailer → user_mailer}/password_reset_provision.html.erb.tt +1 -1
- data/lib/generators/authentication/templates/erb/{identity_mailer → user_mailer}/password_reset_provision.text.erb.tt +1 -1
- data/lib/generators/authentication/templates/mailers/session_mailer.rb.tt +1 -1
- data/lib/generators/authentication/templates/mailers/user_mailer.rb.tt +19 -0
- data/lib/generators/authentication/templates/migrations/create_events_migration.rb.tt +1 -1
- data/lib/generators/authentication/templates/migrations/create_sessions_migration.rb.tt +1 -1
- data/lib/generators/authentication/templates/migrations/{create_table_migration.rb.tt → create_users_migration.rb.tt} +3 -3
- data/lib/generators/authentication/templates/models/current.rb.tt +2 -2
- data/lib/generators/authentication/templates/models/event.rb.tt +1 -1
- data/lib/generators/authentication/templates/models/session.rb.tt +3 -3
- data/lib/generators/authentication/templates/models/{model.rb.tt → user.rb.tt} +2 -2
- data/lib/generators/authentication/templates/test_unit/application_system_test_case.rb.tt +3 -3
- data/lib/generators/authentication/templates/test_unit/controllers/api/identity/email_verifications_controller_test.rb.tt +9 -9
- data/lib/generators/authentication/templates/test_unit/controllers/api/identity/emails_controller_test.rb.tt +1 -1
- data/lib/generators/authentication/templates/test_unit/controllers/api/identity/password_resets_controller_test.rb.tt +7 -7
- data/lib/generators/authentication/templates/test_unit/controllers/api/passwords_controller_test.rb.tt +1 -1
- data/lib/generators/authentication/templates/test_unit/controllers/api/registrations_controller_test.rb.tt +1 -1
- data/lib/generators/authentication/templates/test_unit/controllers/api/sessions_controller_test.rb.tt +6 -6
- data/lib/generators/authentication/templates/test_unit/controllers/html/identity/email_verifications_controller_test.rb.tt +9 -9
- data/lib/generators/authentication/templates/test_unit/controllers/html/identity/emails_controller_test.rb.tt +1 -1
- data/lib/generators/authentication/templates/test_unit/controllers/html/identity/password_resets_controller_test.rb.tt +7 -7
- data/lib/generators/authentication/templates/test_unit/controllers/html/passwords_controller_test.rb.tt +1 -1
- data/lib/generators/authentication/templates/test_unit/controllers/html/registrations_controller_test.rb.tt +1 -1
- data/lib/generators/authentication/templates/test_unit/controllers/html/sessions_controller_test.rb.tt +8 -8
- data/lib/generators/authentication/templates/test_unit/system/identity/emails_test.rb.tt +2 -2
- data/lib/generators/authentication/templates/test_unit/system/identity/password_resets_test.rb.tt +3 -3
- data/lib/generators/authentication/templates/test_unit/system/passwords_test.rb.tt +1 -1
- data/lib/generators/authentication/templates/test_unit/system/sessions_test.rb.tt +4 -4
- data/lib/generators/authentication/templates/test_unit/test_helper.rb.tt +4 -4
- data/lib/generators/authentication/templates/test_unit/{fixtures.yml.tt → users.yml.tt} +0 -0
- metadata +11 -11
- data/lib/generators/authentication/templates/mailers/identity_mailer.rb.tt +0 -19
|
@@ -1,16 +1,16 @@
|
|
|
1
1
|
class TwoFactorAuthentication::ChallengesController < ApplicationController
|
|
2
2
|
skip_before_action :authenticate
|
|
3
3
|
|
|
4
|
-
before_action :
|
|
4
|
+
before_action :set_user
|
|
5
5
|
|
|
6
6
|
def new
|
|
7
7
|
end
|
|
8
8
|
|
|
9
9
|
def create
|
|
10
|
-
@totp = ROTP::TOTP.new(
|
|
10
|
+
@totp = ROTP::TOTP.new(@user.otp_secret, issuer: "YourAppName")
|
|
11
11
|
|
|
12
12
|
if @totp.verify(params[:code], drift_behind: 15)
|
|
13
|
-
session =
|
|
13
|
+
session = @user.sessions.create!
|
|
14
14
|
cookies.signed.permanent[:session_token] = { value: session.id, httponly: true }
|
|
15
15
|
|
|
16
16
|
redirect_to root_path, notice: "Signed in successfully"
|
|
@@ -20,8 +20,8 @@ class TwoFactorAuthentication::ChallengesController < ApplicationController
|
|
|
20
20
|
end
|
|
21
21
|
|
|
22
22
|
private
|
|
23
|
-
def
|
|
24
|
-
|
|
23
|
+
def set_user
|
|
24
|
+
@user = User.find_signed!(params[:token], purpose: :authentication_challenge)
|
|
25
25
|
rescue
|
|
26
26
|
redirect_to sign_in_path, alert: "That's taking too long. Please re-enter your password and try again"
|
|
27
27
|
end
|
|
@@ -1,24 +1,31 @@
|
|
|
1
1
|
class TwoFactorAuthentication::TotpsController < ApplicationController
|
|
2
|
-
|
|
2
|
+
<%- if options.sudoable? -%>
|
|
3
|
+
before_action :require_sudo
|
|
4
|
+
<%- end -%>
|
|
5
|
+
before_action :set_user
|
|
3
6
|
before_action :set_totp
|
|
4
7
|
|
|
5
8
|
def new
|
|
6
|
-
@qr_code = RQRCode::QRCode.new(@totp.provisioning_uri(
|
|
9
|
+
@qr_code = RQRCode::QRCode.new(@totp.provisioning_uri(@user.email))
|
|
7
10
|
end
|
|
8
11
|
|
|
9
12
|
def create
|
|
10
|
-
|
|
13
|
+
<%- unless options.sudoable? -%>
|
|
14
|
+
if !@user.authenticate(params[:current_password])
|
|
11
15
|
redirect_to two_factor_authentication_totp_path, alert: "The password you entered is incorrect"
|
|
12
16
|
elsif @totp.verify(params[:code], drift_behind: 15)
|
|
13
|
-
|
|
17
|
+
<%- else -%>
|
|
18
|
+
if @totp.verify(params[:code], drift_behind: 15)
|
|
19
|
+
<%- end -%>
|
|
20
|
+
@user.update! otp_secret: params[:secret]
|
|
14
21
|
redirect_to root_path, notice: "2FA is enabled on your account"
|
|
15
22
|
else
|
|
16
23
|
redirect_to two_factor_authentication_totp_path, alert: "That code didn't work. Please try again"
|
|
17
24
|
end
|
|
18
25
|
end
|
|
19
26
|
|
|
20
|
-
def
|
|
21
|
-
|
|
27
|
+
def set_user
|
|
28
|
+
@user = Current.user
|
|
22
29
|
end
|
|
23
30
|
|
|
24
31
|
def set_totp
|
|
@@ -1,33 +1,33 @@
|
|
|
1
1
|
<h1>Activity Log</h1>
|
|
2
2
|
|
|
3
3
|
<div id="sessions">
|
|
4
|
-
|
|
5
|
-
<div id="
|
|
4
|
+
<%% @events.each do |event| %>
|
|
5
|
+
<div id="<%%= dom_id event %>">
|
|
6
6
|
<p>
|
|
7
7
|
<strong>User Agent:</strong>
|
|
8
|
-
|
|
8
|
+
<%%= event.user_agent %>
|
|
9
9
|
</p>
|
|
10
10
|
|
|
11
11
|
<p>
|
|
12
12
|
<strong>Action:</strong>
|
|
13
|
-
|
|
13
|
+
<%%= event.action %>
|
|
14
14
|
</p>
|
|
15
15
|
|
|
16
16
|
<p>
|
|
17
17
|
<strong>Ip Address:</strong>
|
|
18
|
-
|
|
18
|
+
<%%= event.ip_address %>
|
|
19
19
|
</p>
|
|
20
20
|
|
|
21
21
|
<p>
|
|
22
22
|
<strong>Created at:</strong>
|
|
23
|
-
|
|
23
|
+
<%%= event.created_at %>
|
|
24
24
|
</p>
|
|
25
25
|
</div>
|
|
26
|
-
|
|
26
|
+
<%% end %>
|
|
27
27
|
</div>
|
|
28
28
|
|
|
29
29
|
<br>
|
|
30
30
|
|
|
31
31
|
<div>
|
|
32
|
-
|
|
32
|
+
<%%= link_to "Back", root_path %>
|
|
33
33
|
</div>
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
<p style="color: red"><%%= alert %></p>
|
|
2
2
|
|
|
3
|
-
<%% if Current
|
|
3
|
+
<%% if Current.user.verified? %>
|
|
4
4
|
<h1>Change your email</h1>
|
|
5
5
|
<%% else %>
|
|
6
6
|
<h1>Verify your email</h1>
|
|
@@ -9,22 +9,24 @@
|
|
|
9
9
|
<%% end %>
|
|
10
10
|
|
|
11
11
|
<%%= form_with(url: identity_email_path, method: :patch) do |form| %>
|
|
12
|
-
<%% if
|
|
12
|
+
<%% if @user.errors.any? %>
|
|
13
13
|
<div style="color: red">
|
|
14
|
-
<h2><%%= pluralize(
|
|
14
|
+
<h2><%%= pluralize(@user.errors.count, "error") %> prohibited this user from being saved:</h2>
|
|
15
15
|
|
|
16
16
|
<ul>
|
|
17
|
-
<%%
|
|
17
|
+
<%% @user.errors.each do |error| %>
|
|
18
18
|
<li><%%= error.full_message %></li>
|
|
19
19
|
<%% end %>
|
|
20
20
|
</ul>
|
|
21
21
|
</div>
|
|
22
22
|
<%% end %>
|
|
23
23
|
|
|
24
|
+
<%- unless options.sudoable? -%>
|
|
24
25
|
<div>
|
|
25
26
|
<%%= form.label :current_password, style: "display: block" %>
|
|
26
27
|
<%%= form.password_field :current_password, required: true, autofocus: true, autocomplete: "current-password" %>
|
|
27
28
|
</div>
|
|
29
|
+
<%- end -%>
|
|
28
30
|
|
|
29
31
|
<div>
|
|
30
32
|
<%%= form.label :email, "New email", style: "display: block" %>
|
|
@@ -1,12 +1,12 @@
|
|
|
1
1
|
<h1>Reset your password</h1>
|
|
2
2
|
|
|
3
3
|
<%%= form_with(url: identity_password_reset_path, method: :patch) do |form| %>
|
|
4
|
-
<%% if
|
|
4
|
+
<%% if @user.errors.any? %>
|
|
5
5
|
<div style="color: red">
|
|
6
|
-
<h2><%%= pluralize(
|
|
6
|
+
<h2><%%= pluralize(@user.errors.count, "error") %> prohibited this user from being saved:</h2>
|
|
7
7
|
|
|
8
8
|
<ul>
|
|
9
|
-
<%%
|
|
9
|
+
<%% @user.errors.each do |error| %>
|
|
10
10
|
<li><%%= error.full_message %></li>
|
|
11
11
|
<%% end %>
|
|
12
12
|
</ul>
|
|
@@ -3,12 +3,12 @@
|
|
|
3
3
|
<h1>Change your password</h1>
|
|
4
4
|
|
|
5
5
|
<%%= form_with(url: password_path, method: :patch) do |form| %>
|
|
6
|
-
<%% if
|
|
6
|
+
<%% if @user.errors.any? %>
|
|
7
7
|
<div style="color: red">
|
|
8
|
-
<h2><%%= pluralize(
|
|
8
|
+
<h2><%%= pluralize(@user.errors.count, "error") %> prohibited this user from being saved:</h2>
|
|
9
9
|
|
|
10
10
|
<ul>
|
|
11
|
-
<%%
|
|
11
|
+
<%% @user.errors.each do |error| %>
|
|
12
12
|
<li><%%= error.full_message %></li>
|
|
13
13
|
<%% end %>
|
|
14
14
|
</ul>
|
|
@@ -1,12 +1,12 @@
|
|
|
1
1
|
<h1>Sign up</h1>
|
|
2
2
|
|
|
3
3
|
<%%= form_with(url: sign_up_path) do |form| %>
|
|
4
|
-
<%% if
|
|
4
|
+
<%% if @user.errors.any? %>
|
|
5
5
|
<div style="color: red">
|
|
6
|
-
<h2><%%= pluralize(
|
|
6
|
+
<h2><%%= pluralize(@user.errors.count, "error") %> prohibited this user from being saved:</h2>
|
|
7
7
|
|
|
8
8
|
<ul>
|
|
9
|
-
<%%
|
|
9
|
+
<%% @user.errors.each do |error| %>
|
|
10
10
|
<li><%%= error.full_message %></li>
|
|
11
11
|
<%% end %>
|
|
12
12
|
</ul>
|
|
@@ -18,11 +18,12 @@
|
|
|
18
18
|
<%%= form.submit "Sign in" %>
|
|
19
19
|
</div>
|
|
20
20
|
<%% end %>
|
|
21
|
-
|
|
21
|
+
|
|
22
|
+
<%- if omniauthable? -%>
|
|
22
23
|
<div>
|
|
23
24
|
<%%= button_to "Sign in with OmniAuth", "/auth/developer", "data-turbo" => false %>
|
|
24
25
|
</div>
|
|
25
|
-
|
|
26
|
+
<%- end -%>
|
|
26
27
|
|
|
27
28
|
<br>
|
|
28
29
|
|
data/lib/generators/authentication/templates/erb/two_factor_authentication/totps/new.html.erb.tt
CHANGED
|
@@ -17,10 +17,12 @@
|
|
|
17
17
|
<%%= form_with(url: two_factor_authentication_totp_path) do |form| %>
|
|
18
18
|
<%%= form.hidden_field :secret, value: @totp.secret %>
|
|
19
19
|
|
|
20
|
+
<%- unless options.sudoable? -%>
|
|
20
21
|
<div>
|
|
21
22
|
<%%= form.label :current_password, style: "display: block" %>
|
|
22
23
|
<%%= form.password_field :current_password, required: true, autofocus: true, autocomplete: "current-password" %>
|
|
23
24
|
</div>
|
|
25
|
+
<%- end -%>
|
|
24
26
|
|
|
25
27
|
<div>
|
|
26
28
|
<%%= form.label :code, "After scanning with your camera, the app will generate a six-digit code. Enter it here:", style: "display: block" %>
|
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
<p>Hey there,</p>
|
|
2
2
|
|
|
3
|
-
<p>This is to confirm that <%%=
|
|
3
|
+
<p>This is to confirm that <%%= @user.email %> is the email you want to use on your account. If you ever lose your password, that's where we'll email a reset link.</p>
|
|
4
4
|
|
|
5
5
|
<p><strong>You must <%= code_verifiable? ? "put the code" : "hit the link" %> below to confirm that you received this email.</strong></p>
|
|
6
6
|
|
|
7
7
|
<%- if code_verifiable? -%>
|
|
8
8
|
<strong><%%= @user.verification_code.value %></strong>
|
|
9
9
|
<%- else -%>
|
|
10
|
-
<%%= link_to "Yes, use this email for my account", edit_identity_email_verification_url(token: @signed_id, email:
|
|
10
|
+
<%%= link_to "Yes, use this email for my account", edit_identity_email_verification_url(token: @signed_id, email: @user.email) %>
|
|
11
11
|
<%- end -%>
|
|
12
12
|
|
|
13
13
|
<hr>
|
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
Hey there,
|
|
2
2
|
|
|
3
|
-
This is to confirm that <%%=
|
|
3
|
+
This is to confirm that <%%= @user.email %> is the email you want to use on your account. If you ever lose your password, that's where we'll email a reset link.
|
|
4
4
|
|
|
5
5
|
You must <%= code_verifiable? ? "put the code" : "hit the link" %> below to confirm that you received this email.
|
|
6
6
|
|
|
7
7
|
<%- if code_verifiable? -%>
|
|
8
8
|
<%%= @user.verification_code.value %>
|
|
9
9
|
<%- else -%>
|
|
10
|
-
[Yes, use this email for my account]<%%= edit_identity_email_verification_url(token: @signed_id, email:
|
|
10
|
+
[Yes, use this email for my account]<%%= edit_identity_email_verification_url(token: @signed_id, email: @user.email) %>
|
|
11
11
|
<%- end -%>
|
|
12
12
|
|
|
13
13
|
Have questions or need help? Just reply to this email and our support team will help you sort it out.
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
<p>Hey there,</p>
|
|
2
2
|
|
|
3
|
-
<p>Can't remember your password for <strong><%%=
|
|
3
|
+
<p>Can't remember your password for <strong><%%= @user.email %></strong>? That's OK, it happens. Just hit the link below to set a new one.</p>
|
|
4
4
|
|
|
5
5
|
<p><%%= link_to "Reset my password", edit_identity_password_reset_url(token: @signed_id) %></p>
|
|
6
6
|
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Hey there,
|
|
2
2
|
|
|
3
|
-
Can't remember your password for <%%=
|
|
3
|
+
Can't remember your password for <%%= @user.email %>? That's OK, it happens. Just hit the link below to set a new one.
|
|
4
4
|
|
|
5
5
|
[Reset my password]<%%= edit_identity_password_reset_url(token: @signed_id) %>
|
|
6
6
|
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
class SessionMailer < ApplicationMailer
|
|
2
2
|
def signed_in_notification
|
|
3
3
|
@session = params[:session]
|
|
4
|
-
mail to: @session
|
|
4
|
+
mail to: @session.user.email, subject: "New sign-in to your account"
|
|
5
5
|
end
|
|
6
6
|
end
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
class UserMailer < ApplicationMailer
|
|
2
|
+
def password_reset_provision
|
|
3
|
+
@user = params[:user]
|
|
4
|
+
@signed_id = @user.signed_id(purpose: :password_reset, expires_in: 20.minutes)
|
|
5
|
+
|
|
6
|
+
mail to: @user.email, subject: "Reset your password"
|
|
7
|
+
end
|
|
8
|
+
|
|
9
|
+
def email_verify_confirmation
|
|
10
|
+
@user = params[:user]
|
|
11
|
+
<%- if code_verifiable? -%>
|
|
12
|
+
@user.verification_code.value = rand.to_s[2..7]
|
|
13
|
+
<%- else -%>
|
|
14
|
+
@signed_id = @user.signed_id(purpose: @user.email, expires_in: 2.days)
|
|
15
|
+
<%- end -%>
|
|
16
|
+
|
|
17
|
+
mail to: @user.email, subject: "Verify your email"
|
|
18
|
+
end
|
|
19
|
+
end
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
class <%= migration_class_name %> < ActiveRecord::Migration[<%= ActiveRecord::Migration.current_version %>]
|
|
2
2
|
def change
|
|
3
3
|
create_table :events do |t|
|
|
4
|
-
t.references
|
|
4
|
+
t.references :user, null: false, foreign_key: true
|
|
5
5
|
t.string :action, null: false
|
|
6
6
|
t.string :user_agent
|
|
7
7
|
t.string :ip_address
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
class <%= migration_class_name %> < ActiveRecord::Migration[<%= ActiveRecord::Migration.current_version %>]
|
|
2
2
|
def change
|
|
3
3
|
create_table :sessions do |t|
|
|
4
|
-
t.references
|
|
4
|
+
t.references :user, null: false, foreign_key: true
|
|
5
5
|
t.string :user_agent
|
|
6
6
|
t.string :ip_address
|
|
7
7
|
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
class <%= migration_class_name %> < ActiveRecord::Migration[<%= ActiveRecord::Migration.current_version %>]
|
|
2
2
|
def change
|
|
3
|
-
create_table
|
|
3
|
+
create_table :users do |t|
|
|
4
4
|
t.string :email, null: false
|
|
5
5
|
t.string :password_digest, null: false
|
|
6
6
|
|
|
@@ -16,9 +16,9 @@ class <%= migration_class_name %> < ActiveRecord::Migration[<%= ActiveRecord::Mi
|
|
|
16
16
|
t.timestamps
|
|
17
17
|
end
|
|
18
18
|
|
|
19
|
-
add_index
|
|
19
|
+
add_index :users, :email, unique: true
|
|
20
20
|
<%- if omniauthable? -%>
|
|
21
|
-
add_index
|
|
21
|
+
add_index :users, [:provider, :uid], unique: true
|
|
22
22
|
<%- end -%>
|
|
23
23
|
end
|
|
24
24
|
end
|
|
@@ -1,8 +1,8 @@
|
|
|
1
1
|
class Current < ActiveSupport::CurrentAttributes
|
|
2
|
-
attribute :session,
|
|
2
|
+
attribute :session, :user
|
|
3
3
|
attribute :user_agent, :ip_address
|
|
4
4
|
|
|
5
5
|
def session=(session)
|
|
6
|
-
super; self
|
|
6
|
+
super; self.user = session.user
|
|
7
7
|
end
|
|
8
8
|
end
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
class Session < ApplicationRecord
|
|
2
|
-
belongs_to
|
|
2
|
+
belongs_to :user
|
|
3
3
|
<%- if options.sudoable? %>
|
|
4
4
|
kredis_flag :sudo, expires_in: 30.minutes
|
|
5
5
|
<%- end -%>
|
|
@@ -19,11 +19,11 @@ class Session < ApplicationRecord
|
|
|
19
19
|
end
|
|
20
20
|
<%- if options.trackable? %>
|
|
21
21
|
after_create do
|
|
22
|
-
|
|
22
|
+
user.events.create! action: "signed_in"
|
|
23
23
|
end
|
|
24
24
|
|
|
25
25
|
after_destroy do
|
|
26
|
-
|
|
26
|
+
user.events.create! action: "signed_out"
|
|
27
27
|
end
|
|
28
28
|
<%- end -%>
|
|
29
29
|
end
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
class
|
|
1
|
+
class User < ApplicationRecord
|
|
2
2
|
has_secure_password
|
|
3
3
|
|
|
4
4
|
has_many :sessions, dependent: :destroy
|
|
@@ -31,7 +31,7 @@ class <%= class_name %> < ApplicationRecord
|
|
|
31
31
|
end
|
|
32
32
|
|
|
33
33
|
after_save_commit if: :email_previously_changed? do
|
|
34
|
-
|
|
34
|
+
UserMailer.with(user: self).email_verify_confirmation.deliver_later
|
|
35
35
|
end
|
|
36
36
|
<%- if options.trackable? %>
|
|
37
37
|
after_save_commit if: :email_previously_changed? do
|
|
@@ -3,13 +3,13 @@ require "test_helper"
|
|
|
3
3
|
class ApplicationSystemTestCase < ActionDispatch::SystemTestCase
|
|
4
4
|
driven_by :selenium, using: :chrome, screen_size: [1400, 1400]
|
|
5
5
|
|
|
6
|
-
def sign_in_as(
|
|
6
|
+
def sign_in_as(user)
|
|
7
7
|
visit sign_in_url
|
|
8
|
-
fill_in :email, with:
|
|
8
|
+
fill_in :email, with: user.email
|
|
9
9
|
fill_in :password, with: "Secret1*3*5*"
|
|
10
10
|
click_on "Sign in"
|
|
11
11
|
|
|
12
12
|
assert_current_path root_url
|
|
13
|
-
|
|
13
|
+
user
|
|
14
14
|
end
|
|
15
15
|
end
|
|
@@ -2,11 +2,11 @@ require "test_helper"
|
|
|
2
2
|
|
|
3
3
|
class Identity::EmailVerificationsControllerTest < ActionDispatch::IntegrationTest
|
|
4
4
|
setup do
|
|
5
|
-
|
|
6
|
-
@sid =
|
|
7
|
-
@sid_exp =
|
|
5
|
+
@user, @token = sign_in_as(users(:lazaro_nixon))
|
|
6
|
+
@sid = @user.signed_id(purpose: @user.email, expires_in: 20.minutes)
|
|
7
|
+
@sid_exp = @user.signed_id(purpose: @user.email, expires_in: 0.minutes)
|
|
8
8
|
|
|
9
|
-
|
|
9
|
+
@user.update! verified: false
|
|
10
10
|
end
|
|
11
11
|
|
|
12
12
|
def default_headers
|
|
@@ -14,7 +14,7 @@ class Identity::EmailVerificationsControllerTest < ActionDispatch::IntegrationTe
|
|
|
14
14
|
end
|
|
15
15
|
|
|
16
16
|
test "should send a verification email" do
|
|
17
|
-
assert_enqueued_email_with
|
|
17
|
+
assert_enqueued_email_with UserMailer, :email_verify_confirmation, args: { user: @user } do
|
|
18
18
|
post identity_email_verification_url, headers: default_headers
|
|
19
19
|
end
|
|
20
20
|
|
|
@@ -22,21 +22,21 @@ class Identity::EmailVerificationsControllerTest < ActionDispatch::IntegrationTe
|
|
|
22
22
|
end
|
|
23
23
|
|
|
24
24
|
test "should verify email" do
|
|
25
|
-
get edit_identity_email_verification_url, params: { token: @sid, email:
|
|
25
|
+
get edit_identity_email_verification_url, params: { token: @sid, email: @user.email }, headers: default_headers
|
|
26
26
|
assert_response :no_content
|
|
27
27
|
end
|
|
28
28
|
|
|
29
29
|
test "should not verify email with expired token" do
|
|
30
|
-
get edit_identity_email_verification_url, params: { token: @sid_exp, email:
|
|
30
|
+
get edit_identity_email_verification_url, params: { token: @sid_exp, email: @user.email }, headers: default_headers
|
|
31
31
|
|
|
32
32
|
assert_response :bad_request
|
|
33
33
|
assert_equal "That email verification link is invalid", response.parsed_body["error"]
|
|
34
34
|
end
|
|
35
35
|
|
|
36
36
|
test "should not verify email with previous token" do
|
|
37
|
-
|
|
37
|
+
@user.update! email: "other_email@hey.com"
|
|
38
38
|
|
|
39
|
-
get edit_identity_email_verification_url, params: { token: @sid, email:
|
|
39
|
+
get edit_identity_email_verification_url, params: { token: @sid, email: @user.email_previously_was }, headers: default_headers
|
|
40
40
|
|
|
41
41
|
assert_response :bad_request
|
|
42
42
|
assert_equal "That email verification link is invalid", response.parsed_body["error"]
|
|
@@ -2,7 +2,7 @@ require "test_helper"
|
|
|
2
2
|
|
|
3
3
|
class Identity::EmailsControllerTest < ActionDispatch::IntegrationTest
|
|
4
4
|
setup do
|
|
5
|
-
|
|
5
|
+
@user, @token = sign_in_as(users(:lazaro_nixon))
|
|
6
6
|
end
|
|
7
7
|
|
|
8
8
|
def default_headers
|
|
@@ -2,14 +2,14 @@ require "test_helper"
|
|
|
2
2
|
|
|
3
3
|
class Identity::PasswordResetsControllerTest < ActionDispatch::IntegrationTest
|
|
4
4
|
setup do
|
|
5
|
-
|
|
6
|
-
@sid =
|
|
7
|
-
@sid_exp =
|
|
5
|
+
@user = users(:lazaro_nixon)
|
|
6
|
+
@sid = @user.signed_id(purpose: :password_reset, expires_in: 20.minutes)
|
|
7
|
+
@sid_exp = @user.signed_id(purpose: :password_reset, expires_in: 0.minutes)
|
|
8
8
|
end
|
|
9
9
|
|
|
10
10
|
test "should send a password reset email" do
|
|
11
|
-
assert_enqueued_email_with
|
|
12
|
-
post identity_password_reset_url, params: { email:
|
|
11
|
+
assert_enqueued_email_with UserMailer, :password_reset_provision, args: { user: @user } do
|
|
12
|
+
post identity_password_reset_url, params: { email: @user.email }
|
|
13
13
|
end
|
|
14
14
|
|
|
15
15
|
assert_response :no_content
|
|
@@ -25,10 +25,10 @@ class Identity::PasswordResetsControllerTest < ActionDispatch::IntegrationTest
|
|
|
25
25
|
end
|
|
26
26
|
|
|
27
27
|
test "should not send a password reset email to a unverified email" do
|
|
28
|
-
|
|
28
|
+
@user.update! verified: false
|
|
29
29
|
|
|
30
30
|
assert_no_enqueued_emails do
|
|
31
|
-
post identity_password_reset_url, params: { email:
|
|
31
|
+
post identity_password_reset_url, params: { email: @user.email }
|
|
32
32
|
end
|
|
33
33
|
|
|
34
34
|
assert_response :not_found
|
|
@@ -2,7 +2,7 @@ require "test_helper"
|
|
|
2
2
|
|
|
3
3
|
class RegistrationsControllerTest < ActionDispatch::IntegrationTest
|
|
4
4
|
test "should sign up" do
|
|
5
|
-
assert_difference("
|
|
5
|
+
assert_difference("User.count") do
|
|
6
6
|
post sign_up_url, params: { email: "lazaronixon@hey.com", password: "Secret1*3*5*", password_confirmation: "Secret1*3*5*" }
|
|
7
7
|
end
|
|
8
8
|
|
|
@@ -2,7 +2,7 @@ require "test_helper"
|
|
|
2
2
|
|
|
3
3
|
class SessionsControllerTest < ActionDispatch::IntegrationTest
|
|
4
4
|
setup do
|
|
5
|
-
|
|
5
|
+
@user, @token = sign_in_as(users(:lazaro_nixon))
|
|
6
6
|
end
|
|
7
7
|
|
|
8
8
|
def default_headers
|
|
@@ -15,24 +15,24 @@ class SessionsControllerTest < ActionDispatch::IntegrationTest
|
|
|
15
15
|
end
|
|
16
16
|
|
|
17
17
|
test "should show session" do
|
|
18
|
-
get session_url(
|
|
18
|
+
get session_url(@user.sessions.last), headers: default_headers
|
|
19
19
|
assert_response :success
|
|
20
20
|
end
|
|
21
21
|
|
|
22
22
|
test "should sign in" do
|
|
23
|
-
post sign_in_url, params: { email:
|
|
23
|
+
post sign_in_url, params: { email: @user.email, password: "Secret1*3*5*" }
|
|
24
24
|
|
|
25
|
-
assert_enqueued_email_with SessionMailer, :signed_in_notification, args: { session:
|
|
25
|
+
assert_enqueued_email_with SessionMailer, :signed_in_notification, args: { session: @user.sessions.last }
|
|
26
26
|
assert_response :created
|
|
27
27
|
end
|
|
28
28
|
|
|
29
29
|
test "should not sign in with wrong credentials" do
|
|
30
|
-
post sign_in_url, params: { email:
|
|
30
|
+
post sign_in_url, params: { email: @user.email, password: "SecretWrong1*3" }
|
|
31
31
|
assert_response :unauthorized
|
|
32
32
|
end
|
|
33
33
|
|
|
34
34
|
test "should sign out" do
|
|
35
|
-
delete session_url(
|
|
35
|
+
delete session_url(@user.sessions.last), headers: default_headers
|
|
36
36
|
assert_response :no_content
|
|
37
37
|
end
|
|
38
38
|
end
|