RubyGems - authentication-zero - Versions diffs - 2.16.0 → 2.16.2 - Mend

authentication-zero 2.16.0 → 2.16.2

Files changed (13) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c00816db2934b9b60ab46d76d5126467640cb19474fa92714b8fa9100e37c1e0
-  data.tar.gz: 5890c1b1239b2a7ae7071b8a53c2ab1d9e9c51fcefc963d02ac7fe63034cbd9a
+  metadata.gz: fa899dd7d78a0c135998ca417f8adb5c412b1f7fb5cc3fb84839d8992dc5dd1c
+  data.tar.gz: af3d846901b8810cb49bb4be027f5c107514bd8f03c4ecda80947ffe5bb4847d
 SHA512:
-  metadata.gz: '09f46b7b85266413e2cdec433fad41bcaab8cd17c085242e2073f96718db5a62f6057f9a09f2cbf2ee03021768fd2dae20fca6078afc03a74b563c0545761862'
-  data.tar.gz: 0cc1918f61712a284e46079c64954c0b944d785fa8bc70ebda8bfd2698cccde74863e7140123ebb1fdfce81d02d4ac94a9ea3dec5fdedef9c547c1fec92eb0b8
+  metadata.gz: 1f83cb1e7672a469ac38fade46e2feeb1200366fd6d8b57efdc0f6d871099a3cb18f3bd35421bb721c9c367cc21061fbc79055c8481e2c8c30765123e8b3dfa8
+  data.tar.gz: 4516a0ae989e67eb5d9dc23ec72965107031fa7d6a52f0a0c392225c816b1e9daac3d07168e9be135c84940d684fd393a6d31e191cdffcac8b682b61251187d6

data/Gemfile.lock CHANGED Viewed

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    authentication-zero (2.16.0)
+    authentication-zero (2.16.2)
 GEM
   remote: https://rubygems.org/

data/README.md CHANGED Viewed

@@ -24,7 +24,6 @@ The purpose of authentication zero is to generate a pre-built authentication sys
 - Manage multiple sessions & devices
 - Activity log (--trackable)
 - Log out
-- [API documentation](https://github.com/lazaronixon/authentication-zero/blob/master/authentication-zero-api.md)
 ## Security and best practices
@@ -40,8 +39,6 @@ The purpose of authentication zero is to generate a pre-built authentication sys
 ## Installation
-Add this lines to your application's Gemfile:
 ```
 $ bundle add authentication-zero
 ```
@@ -52,10 +49,6 @@ $ bundle add authentication-zero
 $ rails generate authentication
 ```
-```
-$ bundle install
-```
 ## Development
 To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).

data/lib/authentication_zero/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module AuthenticationZero
-  VERSION = "2.16.0"
+  VERSION = "2.16.2"
 end

data/lib/generators/authentication/authentication_generator.rb CHANGED Viewed

@@ -15,9 +15,12 @@ class AuthenticationGenerator < Rails::Generators::Base
   source_root File.expand_path("templates", __dir__)
   def add_gems
-    uncomment_lines "Gemfile", /"bcrypt"/
-    uncomment_lines "Gemfile", /"redis"/  if redis?
-    uncomment_lines "Gemfile", /"kredis"/ if redis?
+    gem "bcrypt", "~> 3.1.7", comment: "Use Active Model has_secure_password [https://guides.rubyonrails.org/active_model_basics.html#securepassword]"
+    if redis?
+      gem "redis", ">= 4.0.1", comment: "Use Redis adapter to run additional authentication features"
+      gem "kredis", comment: "Use Kredis to get higher-level data types in Redis [https://github.com/rails/kredis]"
+    end
     if options.pwned?
       gem "pwned", comment: "Use Pwned to check if a password has been found in any of the huge data breaches [https://github.com/philnash/pwned]"

data/lib/generators/authentication/templates/controllers/api/identity/email_verifications_controller.rb.tt CHANGED Viewed

@@ -4,8 +4,7 @@ class Identity::EmailVerificationsController < ApplicationController
   before_action :set_user, only: :edit
   def edit
-    @user.update! verified: true
-    head :no_content
+    @user.update!(verified: true); head(:no_content)
   end
   def create
@@ -27,5 +26,5 @@ class Identity::EmailVerificationsController < ApplicationController
     rescue
       render json: { error: "That email verification link is invalid" }, status: :bad_request
     <%- end -%>
-  end
+    end
 end

data/lib/generators/authentication/templates/controllers/html/application_controller.rb.tt CHANGED Viewed

@@ -3,7 +3,11 @@ class ApplicationController < ActionController::Base
   before_action :authenticate
   <%- if options.sudoable? %>
   def require_sudo
+    <%- if omniauthable? -%>
+    unless Current.session.sudo? || Current.session.user.provider.present?
+    <%- else -%>
     unless Current.session.sudo?
+    <%- end -%>
       redirect_to new_sessions_sudo_path(proceed_to_url: request.url)
     end
   end

data/lib/generators/authentication/templates/controllers/html/sessions/sudos_controller.rb.tt CHANGED Viewed

@@ -5,11 +5,7 @@ class Sessions::SudosController < ApplicationController
   def create
     session = Current.session
-    <%- if omniauthable? -%>
-    if session.user.authenticate(params[:password]) || session.user.provider
-    <%- else -%>
     if session.user.authenticate(params[:password])
-    <%- end -%>
       session.sudo.mark; redirect_to(params[:proceed_to_url])
     else
       redirect_to new_sessions_sudo_path(proceed_to_url: params[:proceed_to_url]), alert: "The password you entered is incorrect"

data/lib/generators/authentication/templates/erb/home/index.html.erb.tt CHANGED Viewed

@@ -14,19 +14,17 @@
   <div>
     <%%= link_to "Devices & Sessions", sessions_path %>
   </div>
-  <%- if options.trackable? -%>
+  <%- if options.trackable? %>
   <div>
-    <%# link_to "Activity Log", authentications_events_path %>
+    <%%= link_to "Activity Log", authentications_events_path %>
   </div>
   <%- end -%>
-  <%- if two_factor? -%>
+  <%- if two_factor? %>
   <div>
-    <%# link_to "Two-Factor Authentication", new_two_factor_authentication_totp_path %>
+    <%%= link_to "Two-Factor Authentication", new_two_factor_authentication_totp_path %>
   </div>
   <%- end -%>
   <br>
   <%%= button_to "Log out", Current.session, method: :delete %>

data/lib/generators/authentication/templates/erb/sessions/new.html.erb.tt CHANGED Viewed

@@ -18,8 +18,7 @@
     <%%= form.submit "Sign in" %>
   </div>
 <%% end %>
-<%- if omniauthable? -%>
+<%- if omniauthable? %>
 <div>
   <%%= button_to "Sign in with OmniAuth", "/auth/developer", "data-turbo" => false %>
 </div>

data/lib/generators/authentication/templates/models/user.rb.tt CHANGED Viewed

@@ -18,11 +18,11 @@ class User < ApplicationRecord
   validates :password, not_pwned: { message: "might easily be guessed" }
   <%- end -%>
-  before_validation do
-    self.email = email.try(:downcase).try(:strip)
+  before_validation if: -> { email.present? } do
+    self.email = email.downcase.strip
   end
-  before_validation if: :email_changed? do
+  before_validation if: :email_changed?, unless: :new_record? do
     self.verified = false
   end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: authentication-zero
 version: !ruby/object:Gem::Version
-  version: 2.16.0
+  version: 2.16.2
 platform: ruby
 authors:
 - Nixon
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-12-21 00:00:00.000000000 Z
+date: 2022-12-30 00:00:00.000000000 Z
 dependencies: []
 description:
 email:
@@ -29,7 +29,6 @@ files:
 - LICENSE.txt
 - README.md
 - Rakefile
-- authentication-zero-api.md
 - authentication-zero.gemspec
 - lib/authentication-zero.rb
 - lib/authentication_zero.rb

data/authentication-zero-api.md DELETED Viewed

@@ -1,192 +0,0 @@
-# Authentication Zero API
-This document describe the api endpoints available in authentication-zero.
-## Making a request
-To make a sign in request for example, append sign_in to the base URL to form something like http://localhost:3000/sign_in, also notice you have to include the Content-Type header and the JSON data: In cURL, it looks like this:
-``` shell
-curl -H "Authorization: Bearer $ACCESS_TOKEN" \
-  -H 'Content-Type: application/json' \
-  -H 'User-Agent: MyApp (yourname@example.com)' \
-  -d '{ "email": "lazaronixon@hotmail.com", "password": "secret", "password_confirmation": "secret" }' \
-  http://localhost:3000/sign_in
-```
-## API endpoints
-- [Sign up](#sign-up)
-- [Sign in](#sign-in)
-- [Get your sessions](#get-your-sessions)
-- [Get a session](#get-a-session)
-- [Destroy a session](#destroy-a-session)
-- [Update your password](#update-your-password)
-- [Update your email](#update-your-email)
-- [Send verification email](#send-verification-email)
-- [Verify email](#verify-email)
-- [Send password reset email](#send-password-reset-email)
-- [Reset password](#reset-password)
-## Registrations
-### Sign up
-* `POST /sign_up` creates a user on database.
-###### Example JSON Request
-``` json
-{
-  "email": "lazaronixon@hotmail.com",
-  "password": "Secret1*2*3*4*5*6",
-  "password_confirmation": "Secret1*2*3*4*5*6"
-}
-```
-This endpoint will return `201 Created` with the current JSON representation of the user if the creation was a success.
-## Sessions
-### Sign in
-* `POST /sign_in` creates a session on database.
-###### Example JSON Request
-``` json
-{
-  "email": "lazaronixon@hotmail.com",
-  "password": "Secret1*2*3*4*5*6"
-}
-```
-This endpoint will return `201 Created` with the current JSON representation of the session if the creation was a success, also you will receive a `X-Session-Token` that you will use as your authorization token.
-### Get your sessions
-* `GET /sessions` will return a list of sessions.
-###### Example JSON Response
-``` json
-[
-  {
-    "id": 2,
-    "user_id": 1,
-    "user_agent": "insomnia/2022.1.0",
-    "ip_address": "127.0.0.1",
-    "created_at": "2022-03-04T17:20:33.632Z",
-    "updated_at": "2022-03-04T17:20:33.632Z"
-  },
-  {
-    "id": 1,
-    "user_id": 1,
-    "user_agent": "insomnia/2022.1.0",
-    "ip_address": "127.0.0.1",
-    "created_at": "2022-03-04T17:14:03.386Z",
-    "updated_at": "2022-03-04T17:14:03.386Z"
-  }
-]
-```
-### Get a session
-* `GET /sessions/1` will return the session with an ID of 1.
-###### Example JSON Response
-``` json
-{
-  "id": 1,
-  "user_id": 1,
-  "user_agent": "insomnia/2022.1.0",
-  "ip_address": "127.0.0.1",
-  "created_at": "2022-03-04T17:14:03.386Z",
-  "updated_at": "2022-03-04T17:14:03.386Z"
-}
-```
-### Destroy a session
-* `DELETE /sessions/1` will destroy the session with an ID of 1.
-Returns `204 No Content` if successful.
-## Password
-### Update your password
-* `PUT /password` allows changing your password.
-###### Example JSON Request
-``` json
-{
-  "current_password": "Secret1*2*3*4*5*6",
-  "password": "NewPassword12$34$56$7",
-  "password_confirmation": "NewPassword12$34$56$7"
-}
-```
-This endpoint will return 200 OK with the current JSON representation of the user if the update was a success.
-## Email
-### Update your email
-* `PUT /identity/email` allows changing your email. **(requires sudo)**.
-###### Example JSON Request
-``` json
-{
-  "current_password": "Secret1*2*3*4*5*6",
-  "email": "new_email@hey.com"
-}
-```
-This endpoint will return 200 OK with the current JSON representation of the user if the update was a success.
-## Email verification
-### Send verification email
-* `POST /identity/email_verification` sends an email verification with the instructions and link to proceed with the verification.
-Returns `204 No Content` if successful.
-### Verify email
-* `GET /identity/email_verification` verify your email using a temporary token.
-**Required parameters:** `email` and `token`.
-Example: `/identity/email_verification?email=lazaronixon@hotmail.com&token=eyJfcmFpbHMiOnsibWVzc2FnZSI6Ik1nPT0iLCJleHAiOm51bGwsInB1ciI6InNlc3Npb24ifX0=--1a277b4a5576c6e371144a22476979a18d3e45fb8515a79e815cd4b95eb5fb6b`
-Returns `204 No Content` if successful.
-## Password reset
-### Send password reset email
-* `POST /identity/password_reset` sends a password reset email with the instructions and link to proceed reset.
-Returns `204 No Content` if successful.
-### Reset password
-* `PUT /identity/password_reset` allows changing your password through a email token.
-##### Example JSON Request
-``` json
-{
-  "password": "NewPassword12$34$56$7",
-  "password_confirmation": "NewPassword12$34$56$7",
-  "token": "eyJfcmFpbHMiOnsibWVzc2FnZSI6Ik1nPT0iLCJleHAiOm51bGwsInB1ciI6InNlc3Npb24ifX0=--1a277b4a5576c6e371144a22476979a18d3e45fb8515a79e815cd4b95eb5fb6b",
-}
-```
-This endpoint will return 200 OK with the current JSON representation of the user if the update was a success.