RubyGems - authentication-zero - Versions diffs - 2.15.0 → 2.15.3 - Mend

authentication-zero 2.15.0 → 2.15.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (17) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b086e42bab2e46a441d48eb06fc05594fd19295df27243089d21923fe590e115
-  data.tar.gz: f67c8a55537acc984e41dca2b1671c75671b8eb0da735981e352689ac0e0c5e6
+  metadata.gz: 6fb0a9a6a553fede5d9554fed3c4d616b61e75c5e503fde621785003f0911fd4
+  data.tar.gz: 1f0d80023ec24a5b7395fe5e6b60efe3b437111f757205c98a569e66dcdbc0a3
 SHA512:
-  metadata.gz: c65376ea0a5fc58acd2af6f4059f4ecfa6c95017c1c66bab97a9e83f3f37b02faee13a7dcde14a5bd2de3c43af5f0f71c28ff7740b026b45b8d4fd2eb6ca467c
-  data.tar.gz: 74921b1b883f2d211579bca5c1d412f36cb2e7e9fc5a77699608d467ec93ba22235c5f4e8a0c1b10bf95ee240ea12b4e1f73cc66bc710977ab37d4daa85b900d
+  metadata.gz: 0e5041cf30bce8ebc6ad319c51b803d6af97055c59e4e7d74d56cb3abdb8d3555fce1b96f03b11cdfd7bb63022b20d50ae55774cbd84a921165f4bc2bb8b4c60
+  data.tar.gz: 8a26de6eedb1d793e3c58eb0f9f8d0289e1903e641ba538e30de3f43d6f8325e7386430808a56b857e6a9bb3bee261e731da2a180380d300165077a13d2be2f1

data/Gemfile.lock CHANGED Viewed

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    authentication-zero (2.15.0)
+    authentication-zero (2.15.3)
 GEM
   remote: https://rubygems.org/

data/README.md CHANGED Viewed

@@ -19,7 +19,7 @@ The purpose of authentication zero is to generate a pre-built authentication sys
 - Reset the user password and send reset instructions
 - Reset the user password only from verified emails
 - Lock sending reset password email after many attempts (--lockable)
-- Rate limiting for your app, 1000 reqs/hour (--ratelimit)
+- Rate limiting for your app, 1000 reqs/minute (--ratelimit)
 - Send e-mail confirmation when your email has been changed
 - Send e-mail notification when someone has logged into your account
 - Manage multiple sessions & devices

data/lib/authentication_zero/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module AuthenticationZero
-  VERSION = "2.15.0"
+  VERSION = "2.15.3"
 end

data/lib/generators/authentication/templates/controllers/api/identity/emails_controller.rb.tt CHANGED Viewed

@@ -5,14 +5,8 @@ class Identity::EmailsController < ApplicationController
   before_action :set_user
   def update
-    <%- unless options.sudoable? -%>
-    if !@user.authenticate(params[:current_password])
-      render json: { error: "The password you entered is incorrect" }, status: :bad_request
-    elsif @user.update(user_params)
-    <%- else -%>
     if @user.update(user_params)
-    <%- end -%>
-      render json: @user
+      render_show
     else
       render json: @user.errors, status: :unprocessable_entity
     end
@@ -26,4 +20,16 @@ class Identity::EmailsController < ApplicationController
     def user_params
       params.permit(:email)
     end
+    def render_show
+      if @user.email_previously_changed?
+        resend_email_verification; render(json: @user)
+      else
+        render json: @user
+      end
+    end
+    def resend_email_verification
+      UserMailer.with(user: @user).email_verification.deliver_later
+    end
 end

data/lib/generators/authentication/templates/controllers/api/identity/password_resets_controller.rb.tt CHANGED Viewed

@@ -2,7 +2,7 @@ class Identity::PasswordResetsController < ApplicationController
   skip_before_action :authenticate
   before_action :set_user, only: :update
-  <%- if options.lockable? %>
+  <%- if options.lockable? -%>
   before_action :require_lock, only: :create
   <%- end -%>

data/lib/generators/authentication/templates/controllers/api/registrations_controller.rb.tt CHANGED Viewed

@@ -5,6 +5,7 @@ class RegistrationsController < ApplicationController
     @user = User.new(user_params)
     if @user.save
+      send_email_verification
       render json: @user, status: :created
     else
       render json: @user.errors, status: :unprocessable_entity
@@ -15,4 +16,8 @@ class RegistrationsController < ApplicationController
     def user_params
       params.permit(:email, :password, :password_confirmation)
     end
+    def send_email_verification
+      UserMailer.with(user: @user).email_verification.deliver_later
+    end
 end

data/lib/generators/authentication/templates/controllers/html/identity/emails_controller.rb.tt CHANGED Viewed

@@ -8,14 +8,8 @@ class Identity::EmailsController < ApplicationController
   end
   def update
-    <%- unless options.sudoable? -%>
-    if !@user.authenticate(params[:current_password])
-      redirect_to edit_identity_email_path, alert: "The password you entered is incorrect"
-    elsif @user.update(user_params)
-    <%- else -%>
     if @user.update(user_params)
-    <%- end -%>
-      redirect_to root_path, notice: "Your email has been changed"
+      redirect_to_root
     else
       render :edit, status: :unprocessable_entity
     end
@@ -29,4 +23,17 @@ class Identity::EmailsController < ApplicationController
     def user_params
       params.permit(:email)
     end
+    def redirect_to_root
+      if @user.email_previously_changed?
+        resend_email_verification
+        redirect_to root_path, notice: "Your email has been changed"
+      else
+        redirect_to root_path
+      end
+    end
+    def resend_email_verification
+      UserMailer.with(user: @user).email_verification.deliver_later
+    end
 end

data/lib/generators/authentication/templates/controllers/html/identity/password_resets_controller.rb.tt CHANGED Viewed

@@ -2,7 +2,7 @@ class Identity::PasswordResetsController < ApplicationController
   skip_before_action :authenticate
   before_action :set_user, only: %i[ edit update ]
-  <%- if options.lockable? %>
+  <%- if options.lockable? -%>
   before_action :require_lock, only: :create
   <%- end -%>
@@ -23,7 +23,7 @@ class Identity::PasswordResetsController < ApplicationController
   def update
     if @user.update(user_params)
-      @token.destroy; redirect_to sign_in_path, notice: "Your password was reset successfully. Please sign in"
+      @token.destroy; redirect_to(sign_in_path, notice: "Your password was reset successfully. Please sign in")
     else
       render :edit, status: :unprocessable_entity
     end

data/lib/generators/authentication/templates/controllers/html/registrations_controller.rb.tt CHANGED Viewed

@@ -12,6 +12,7 @@ class RegistrationsController < ApplicationController
       session = @user.sessions.create!
       cookies.signed.permanent[:session_token] = { value: session.id, httponly: true }
+      send_email_verification
       redirect_to root_path, notice: "Welcome! You have signed up successfully"
     else
       render :new, status: :unprocessable_entity
@@ -22,4 +23,8 @@ class RegistrationsController < ApplicationController
     def user_params
       params.permit(:email, :password, :password_confirmation)
     end
+    def send_email_verification
+      UserMailer.with(user: @user).email_verification.deliver_later
+    end
 end

data/lib/generators/authentication/templates/controllers/html/two_factor_authentication/totps_controller.rb.tt CHANGED Viewed

@@ -10,13 +10,7 @@ class TwoFactorAuthentication::TotpsController < ApplicationController
   end
   def create
-    <%- unless options.sudoable? -%>
-    if !@user.authenticate(params[:current_password])
-      redirect_to two_factor_authentication_totp_path, alert: "The password you entered is incorrect"
-    elsif @totp.verify(params[:code], drift_behind: 15)
-    <%- else -%>
     if @totp.verify(params[:code], drift_behind: 15)
-    <%- end -%>
       @user.update! otp_secret: params[:secret]
       redirect_to root_path, notice: "2FA is enabled on your account"
     else

data/lib/generators/authentication/templates/erb/identity/emails/edit.html.erb.tt CHANGED Viewed

@@ -21,13 +21,6 @@
     </div>
   <%% end %>
-  <%- unless options.sudoable? -%>
-  <div>
-    <%%= form.label :current_password, style: "display: block" %>
-    <%%= form.password_field :current_password, required: true, autofocus: true, autocomplete: "current-password" %>
-  </div>
-  <%- end -%>
   <div>
     <%%= form.label :email, "New email", style: "display: block" %>
     <%%= form.email_field :email %>

data/lib/generators/authentication/templates/erb/two_factor_authentication/totps/new.html.erb.tt CHANGED Viewed

@@ -17,13 +17,6 @@
 <%%= form_with(url: two_factor_authentication_totp_path) do |form| %>
   <%%= form.hidden_field :secret, value: @totp.secret %>
-  <%- unless options.sudoable? -%>
-  <div>
-    <%%= form.label :current_password, style: "display: block" %>
-    <%%= form.password_field :current_password, required: true, autofocus: true, autocomplete: "current-password" %>
-  </div>
-  <%- end -%>
   <div>
     <%%= form.label :code, "After scanning with your camera, the app will generate a six-digit code. Enter it here:", style: "display: block" %>
     <%%= form.text_field :code, autofocus: true, required: true, autocomplete: :off %>

data/lib/generators/authentication/templates/models/user.rb.tt CHANGED Viewed

@@ -30,11 +30,8 @@ class User < ApplicationRecord
     sessions.where.not(id: Current.session).destroy_all
   end
-  after_save_commit if: :email_previously_changed? do
-    UserMailer.with(user: self).email_verification.deliver_later
-  end
   <%- if options.trackable? %>
-  after_save_commit if: :email_previously_changed? do
+  after_update if: :email_previously_changed? do
     events.create! action: "email_verification_requested"
   end

data/lib/generators/authentication/templates/test_unit/controllers/api/identity/emails_controller_test.rb.tt CHANGED Viewed

@@ -10,14 +10,7 @@ class Identity::EmailsControllerTest < ActionDispatch::IntegrationTest
   end
   test "should update email" do
-    patch identity_email_url, params: { email: "new_email@hey.com", current_password: "Secret1*3*5*" }, headers: default_headers
+    patch identity_email_url, params: { email: "new_email@hey.com" }, headers: default_headers
     assert_response :success
   end
-  test "should not update email with wrong current password" do
-    patch identity_email_url, params: { email: "new_email@hey.com", current_password: "SecretWrong1*3" }, headers: default_headers
-    assert_response :bad_request
-    assert_equal "The password you entered is incorrect", response.parsed_body["error"]
-  end
 end

data/lib/generators/authentication/templates/test_unit/controllers/html/identity/emails_controller_test.rb.tt CHANGED Viewed

@@ -11,14 +11,7 @@ class Identity::EmailsControllerTest < ActionDispatch::IntegrationTest
   end
   test "should update email" do
-    patch identity_email_url, params: { email: "new_email@hey.com", current_password: "Secret1*3*5*" }
+    patch identity_email_url, params: { email: "new_email@hey.com" }
     assert_redirected_to root_url
   end
-  test "should not update email with wrong current password" do
-    patch identity_email_url, params: { email: "new_email@hey.com", current_password: "SecretWrong1*3" }
-    assert_redirected_to edit_identity_email_url
-    assert_equal "The password you entered is incorrect", flash[:alert]
-  end
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: authentication-zero
 version: !ruby/object:Gem::Version
-  version: 2.15.0
+  version: 2.15.3
 platform: ruby
 authors:
 - Nixon
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-05-03 00:00:00.000000000 Z
+date: 2022-07-14 00:00:00.000000000 Z
 dependencies: []
 description:
 email: