RubyGems - authentication-zero - Versions diffs - 2.14.0 → 2.15.2 - Mend

authentication-zero 2.14.0 → 2.15.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (16) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6a0e9d758b6d4e0b0c40fbda4a80145e842d11a5cf0b4ec06491bcef39eeae7d
-  data.tar.gz: 5701d90d2ca54430f67984367d2e0fd26e2fbe137a4d2d1e3261173c62072724
+  metadata.gz: 57381cfe8cb5f43de1b8d8946ef872528166b9d5919d3fa612d811aded172697
+  data.tar.gz: 98b95b24b18b7f5f8113194712261ac840405fd5df47ffd1a51e7df45e9242b8
 SHA512:
-  metadata.gz: 4fcdd24221c895d34988aa6be949a9dd5ba7be283df6e48acb0431bad502c6dd8212617e766d7f547c90135ea19f4956d97369621efb5409c6907afe3d7ab65c
-  data.tar.gz: 93308abcdfa186d607fec5b920bae4e87c1a1f92638b74d012a7d6e3e7914339efb9c8bdb9e41e7ac36531ef082535a3933d5b7a0ebcd02ae0c56f28cb926d18
+  metadata.gz: a9537217a53d7700bdb232779bb4d1c7706d045646648ec6788b9cb11e32da79b18f127d9d9f998239b7fcc74aa9c76e321d564e443b7a772c7c4cde4e30dfc3
+  data.tar.gz: 759a0cbab559acb22c223c990a0d169420c1f0b7f1c75606737ef6703fcf4008221073f5817fdf215b1c139522e45f4bf9381fa84a5b3fbff23ff3209e3c75b9

data/Gemfile.lock CHANGED Viewed

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    authentication-zero (2.14.0)
+    authentication-zero (2.15.2)
 GEM
   remote: https://rubygems.org/

data/README.md CHANGED Viewed

@@ -19,7 +19,7 @@ The purpose of authentication zero is to generate a pre-built authentication sys
 - Reset the user password and send reset instructions
 - Reset the user password only from verified emails
 - Lock sending reset password email after many attempts (--lockable)
-- Rate limiting for your app, 1000 reqs/hour (--ratelimit)
+- Rate limiting for your app, 1000 reqs/minute (--ratelimit)
 - Send e-mail confirmation when your email has been changed
 - Send e-mail notification when someone has logged into your account
 - Manage multiple sessions & devices

data/lib/authentication_zero/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module AuthenticationZero
-  VERSION = "2.14.0"
+  VERSION = "2.15.2"
 end

data/lib/generators/authentication/templates/controllers/api/identity/emails_controller.rb.tt CHANGED Viewed

@@ -5,13 +5,7 @@ class Identity::EmailsController < ApplicationController
   before_action :set_user
   def update
-    <%- unless options.sudoable? -%>
-    if !@user.authenticate(params[:current_password])
-      render json: { error: "The password you entered is incorrect" }, status: :bad_request
-    elsif @user.update(user_params)
-    <%- else -%>
     if @user.update(user_params)
-    <%- end -%>
       render json: @user
     else
       render json: @user.errors, status: :unprocessable_entity

data/lib/generators/authentication/templates/controllers/api/identity/password_resets_controller.rb.tt CHANGED Viewed

@@ -2,7 +2,7 @@ class Identity::PasswordResetsController < ApplicationController
   skip_before_action :authenticate
   before_action :set_user, only: :update
-  <%- if options.lockable? %>
+  <%- if options.lockable? -%>
   before_action :require_lock, only: :create
   <%- end -%>

data/lib/generators/authentication/templates/controllers/html/application_controller.rb.tt CHANGED Viewed

@@ -14,7 +14,7 @@ class ApplicationController < ActionController::Base
     counter.increment
     if counter.value > attempts
-      redirect_to new_identity_password_reset_path, alert: "You've exceeded the maximum number of attempts"
+      redirect_to root_path, alert: "You've exceeded the maximum number of attempts"
     end
   end
   <%- end -%>

data/lib/generators/authentication/templates/controllers/html/identity/emails_controller.rb.tt CHANGED Viewed

@@ -8,13 +8,7 @@ class Identity::EmailsController < ApplicationController
   end
   def update
-    <%- unless options.sudoable? -%>
-    if !@user.authenticate(params[:current_password])
-      redirect_to edit_identity_email_path, alert: "The password you entered is incorrect"
-    elsif @user.update(user_params)
-    <%- else -%>
     if @user.update(user_params)
-    <%- end -%>
       redirect_to root_path, notice: "Your email has been changed"
     else
       render :edit, status: :unprocessable_entity

data/lib/generators/authentication/templates/controllers/html/identity/password_resets_controller.rb.tt CHANGED Viewed

@@ -2,7 +2,7 @@ class Identity::PasswordResetsController < ApplicationController
   skip_before_action :authenticate
   before_action :set_user, only: %i[ edit update ]
-  <%- if options.lockable? %>
+  <%- if options.lockable? -%>
   before_action :require_lock, only: :create
   <%- end -%>
@@ -23,7 +23,7 @@ class Identity::PasswordResetsController < ApplicationController
   def update
     if @user.update(user_params)
-      @token.destroy; redirect_to sign_in_path, notice: "Your password was reset successfully. Please sign in"
+      @token.destroy; redirect_to(sign_in_path, notice: "Your password was reset successfully. Please sign in")
     else
       render :edit, status: :unprocessable_entity
     end

data/lib/generators/authentication/templates/controllers/html/two_factor_authentication/totps_controller.rb.tt CHANGED Viewed

@@ -10,13 +10,7 @@ class TwoFactorAuthentication::TotpsController < ApplicationController
   end
   def create
-    <%- unless options.sudoable? -%>
-    if !@user.authenticate(params[:current_password])
-      redirect_to two_factor_authentication_totp_path, alert: "The password you entered is incorrect"
-    elsif @totp.verify(params[:code], drift_behind: 15)
-    <%- else -%>
     if @totp.verify(params[:code], drift_behind: 15)
-    <%- end -%>
       @user.update! otp_secret: params[:secret]
       redirect_to root_path, notice: "2FA is enabled on your account"
     else

data/lib/generators/authentication/templates/erb/identity/emails/edit.html.erb.tt CHANGED Viewed

@@ -21,13 +21,6 @@
     </div>
   <%% end %>
-  <%- unless options.sudoable? -%>
-  <div>
-    <%%= form.label :current_password, style: "display: block" %>
-    <%%= form.password_field :current_password, required: true, autofocus: true, autocomplete: "current-password" %>
-  </div>
-  <%- end -%>
   <div>
     <%%= form.label :email, "New email", style: "display: block" %>
     <%%= form.email_field :email %>

data/lib/generators/authentication/templates/erb/two_factor_authentication/totps/new.html.erb.tt CHANGED Viewed

@@ -17,13 +17,6 @@
 <%%= form_with(url: two_factor_authentication_totp_path) do |form| %>
   <%%= form.hidden_field :secret, value: @totp.secret %>
-  <%- unless options.sudoable? -%>
-  <div>
-    <%%= form.label :current_password, style: "display: block" %>
-    <%%= form.password_field :current_password, required: true, autofocus: true, autocomplete: "current-password" %>
-  </div>
-  <%- end -%>
   <div>
     <%%= form.label :code, "After scanning with your camera, the app will generate a six-digit code. Enter it here:", style: "display: block" %>
     <%%= form.text_field :code, autofocus: true, required: true, autocomplete: :off %>

data/lib/generators/authentication/templates/models/user.rb.tt CHANGED Viewed

@@ -26,15 +26,19 @@ class User < ApplicationRecord
     self.verified = false
   end
+  after_create_commit do
+    UserMailer.with(user: self).email_verification.deliver_later
+  end
   after_update if: :password_digest_previously_changed? do
     sessions.where.not(id: Current.session).destroy_all
   end
-  after_save_commit if: :email_previously_changed? do
+  after_update if: :email_previously_changed? do
     UserMailer.with(user: self).email_verification.deliver_later
   end
   <%- if options.trackable? %>
-  after_save_commit if: :email_previously_changed? do
+  after_update if: :email_previously_changed? do
     events.create! action: "email_verification_requested"
   end

data/lib/generators/authentication/templates/test_unit/controllers/api/identity/emails_controller_test.rb.tt CHANGED Viewed

@@ -10,14 +10,7 @@ class Identity::EmailsControllerTest < ActionDispatch::IntegrationTest
   end
   test "should update email" do
-    patch identity_email_url, params: { email: "new_email@hey.com", current_password: "Secret1*3*5*" }, headers: default_headers
+    patch identity_email_url, params: { email: "new_email@hey.com" }, headers: default_headers
     assert_response :success
   end
-  test "should not update email with wrong current password" do
-    patch identity_email_url, params: { email: "new_email@hey.com", current_password: "SecretWrong1*3" }, headers: default_headers
-    assert_response :bad_request
-    assert_equal "The password you entered is incorrect", response.parsed_body["error"]
-  end
 end

data/lib/generators/authentication/templates/test_unit/controllers/html/identity/emails_controller_test.rb.tt CHANGED Viewed

@@ -11,14 +11,7 @@ class Identity::EmailsControllerTest < ActionDispatch::IntegrationTest
   end
   test "should update email" do
-    patch identity_email_url, params: { email: "new_email@hey.com", current_password: "Secret1*3*5*" }
+    patch identity_email_url, params: { email: "new_email@hey.com" }
     assert_redirected_to root_url
   end
-  test "should not update email with wrong current password" do
-    patch identity_email_url, params: { email: "new_email@hey.com", current_password: "SecretWrong1*3" }
-    assert_redirected_to edit_identity_email_url
-    assert_equal "The password you entered is incorrect", flash[:alert]
-  end
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: authentication-zero
 version: !ruby/object:Gem::Version
-  version: 2.14.0
+  version: 2.15.2
 platform: ruby
 authors:
 - Nixon
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-05-03 00:00:00.000000000 Z
+date: 2022-06-03 00:00:00.000000000 Z
 dependencies: []
 description:
 email: