RubyGems - authentication-zero - Versions diffs - 2.15.7 → 2.15.9 - Mend

authentication-zero 2.15.7 → 2.15.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 01c7b52ff1b2e13b2156ce3cbb1be0818ceeec438f81731043a021c108f7857c
-  data.tar.gz: e6737c19691028d086f970f7e0d78d9e9554de1a78270a3a4c4e4e1fb560d9f5
+  metadata.gz: e959a5939ebd1d19a595eae73929c52047f6f3bc079ba45181a2379d4bb2e55e
+  data.tar.gz: 89356eadb9e0f95816b355a6578e93bf7587c1ed745f31b721de61d8913aae12
 SHA512:
-  metadata.gz: ba47e6108df6c2becd72a35c2d5c88a1c7f40e9342c1cf8dbe5555ad103e39602b955f0aba86930943d0450b07cd59bf1a6d2b3c9717405fe784ecb97835c13d
-  data.tar.gz: 429c2c959760ec9b154cd4bc96def21d00db21d7490e01f768608a423b81af66e1a79165220b084a691437f67e404fe14a6f275ded7628bd790096576d293fb2
+  metadata.gz: c7d25d5fa55f9d179254d8b993820ecfd62c087e8230ba4f2606e592d8f3ec33d22adf755e6287d6192fd90a431f5f7c035200495c88117ddcf1ae2433288a55
+  data.tar.gz: 42b27a7a6002cc1ea59d0bb0bd87f207a9835bdc245413bc6d795265d471b61a463c8dd2588612ce35a904152e5aee2b63afaba297a381bdc369a38d19e0a5e0

data/Gemfile.lock CHANGED Viewed

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    authentication-zero (2.15.7)
+    authentication-zero (2.15.9)
 GEM
   remote: https://rubygems.org/

data/README.md CHANGED Viewed

@@ -19,7 +19,6 @@ The purpose of authentication zero is to generate a pre-built authentication sys
 - Reset the user password and send reset instructions
 - Reset the user password only from verified emails
 - Lock sending reset password email after many attempts (--lockable)
-- Rate limiting for your app, 1000 reqs/minute (--ratelimit)
 - Send e-mail confirmation when your email has been changed
 - Send e-mail notification when someone has logged into your account
 - Manage multiple sessions & devices

data/lib/authentication_zero/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module AuthenticationZero
-  VERSION = "2.15.7"
+  VERSION = "2.15.9"
 end

data/lib/generators/authentication/authentication_generator.rb CHANGED Viewed

@@ -3,15 +3,14 @@ require "rails/generators/active_record"
 class AuthenticationGenerator < Rails::Generators::Base
   include ActiveRecord::Generators::Migration
-  class_option :api,              type: :boolean, desc: "Generates API authentication"
-  class_option :pwned,            type: :boolean, desc: "Add pwned password validation"
-  class_option :code_verifiable,  type: :boolean, desc: "Add email verification using a code for api"
-  class_option :sudoable,         type: :boolean, desc: "Add password request before sensitive data changes"
-  class_option :lockable,         type: :boolean, desc: "Add password reset locking"
-  class_option :ratelimit,        type: :boolean, desc: "Add request rate limiting"
-  class_option :omniauthable,     type: :boolean, desc: "Add social login support"
-  class_option :trackable,        type: :boolean, desc: "Add activity log support"
-  class_option :two_factor,       type: :boolean, desc: "Add two factor authentication"
+  class_option :api,             type: :boolean, desc: "Generates API authentication"
+  class_option :pwned,           type: :boolean, desc: "Add pwned password validation"
+  class_option :code_verifiable, type: :boolean, desc: "Add email verification using a code for api"
+  class_option :sudoable,        type: :boolean, desc: "Add password request before sensitive data changes"
+  class_option :lockable,        type: :boolean, desc: "Add password reset locking"
+  class_option :omniauthable,    type: :boolean, desc: "Add social login support"
+  class_option :trackable,       type: :boolean, desc: "Add activity log support"
+  class_option :two_factor,      type: :boolean, desc: "Add two factor authentication"
   source_root File.expand_path("templates", __dir__)
@@ -24,10 +23,6 @@ class AuthenticationGenerator < Rails::Generators::Base
       gem "pwned", comment: "Use Pwned to check if a password has been found in any of the huge data breaches [https://github.com/philnash/pwned]"
     end
-    if options.ratelimit?
-      gem "rack-ratelimit", group: :production, comment: "Use Rack::Ratelimit to rate limit requests [https://github.com/jeremy/rack-ratelimit]"
-    end
     if omniauthable?
       gem "omniauth", comment: "Use OmniAuth to support multi-provider authentication [https://github.com/omniauth/omniauth]"
       gem "omniauth-rails_csrf_protection", comment: "Provides a mitigation against CVE-2015-9284 [https://github.com/cookpad/omniauth-rails_csrf_protection]"
@@ -44,15 +39,6 @@ class AuthenticationGenerator < Rails::Generators::Base
     copy_file "config/initializers/omniauth.rb", "config/initializers/omniauth.rb" if omniauthable?
   end
-  def add_environment_configurations
-    ratelimit_code = <<~CODE
-      # Rate limit general requests by IP address in a rate of 1000 requests per minute
-      config.middleware.use(Rack::Ratelimit, name: "General", rate: [1000, 1.minute], redis: Redis.new, logger: Rails.logger) { |env| ActionDispatch::Request.new(env).ip }
-    CODE
-    environment ratelimit_code, env: "production" if options.ratelimit?
-  end
   def create_migrations
     migration_template "migrations/create_users_migration.rb", "#{db_migrate_path}/create_users.rb"
     migration_template "migrations/create_sessions_migration.rb", "#{db_migrate_path}/create_sessions.rb"

data/lib/generators/authentication/templates/erb/identity/password_resets/edit.html.erb.tt CHANGED Viewed

@@ -13,7 +13,7 @@
     </div>
   <%% end %>
-  <%%= form.hidden_field :token, value: params[:token] %>
+  <%%= form.hidden_field :sid, value: params[:sid] %>
   <div>
     <%%= form.label :password, "New password", style: "display: block" %>

data/lib/generators/authentication/templates/test_unit/system/identity/emails_test.rb.tt CHANGED Viewed

@@ -8,7 +8,6 @@ class Identity::EmailsTest < ApplicationSystemTestCase
   test "updating the email" do
     click_on "Change email address"
-    fill_in "Current password", with: "Secret1*3*5*"
     fill_in "New email", with: "new_email@hey.com"
     click_on "Save changes"

data/lib/generators/authentication/templates/test_unit/system/identity/password_resets_test.rb.tt CHANGED Viewed

@@ -3,7 +3,7 @@ require "application_system_test_case"
 class Identity::PasswordResetsTest < ApplicationSystemTestCase
   setup do
     @user = users(:lazaro_nixon)
-    @sid = @user.signed_id(purpose: :password_reset, expires_in: 20.minutes)
+    @sid = @user.password_reset_tokens.create.signed_id(expires_in: 20.minutes)
   end
   test "sending a password reset email" do
@@ -17,7 +17,7 @@ class Identity::PasswordResetsTest < ApplicationSystemTestCase
   end
   test "updating password" do
-    visit edit_identity_password_reset_url(token: @sid)
+    visit edit_identity_password_reset_url(sid: @sid)
     fill_in "New password", with: "Secret6*4*2*"
     fill_in "Confirm new password", with: "Secret6*4*2*"

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: authentication-zero
 version: !ruby/object:Gem::Version
-  version: 2.15.7
+  version: 2.15.9
 platform: ruby
 authors:
 - Nixon
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-08-24 00:00:00.000000000 Z
+date: 2022-11-11 00:00:00.000000000 Z
 dependencies: []
 description:
 email: