RubyGems - authentication-zero - Versions diffs - 2.16.1 → 2.16.2 - Mend

authentication-zero 2.16.1 → 2.16.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (13) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7dd52b852437d965454115d4fbb2d80f6b97f04dbe0d77e8a4524a4fb6052a89
-  data.tar.gz: 297f4bc57d8612d77c89eae113b558014f9b3b174eeebd13c2c6d73d78d7cad5
+  metadata.gz: fa899dd7d78a0c135998ca417f8adb5c412b1f7fb5cc3fb84839d8992dc5dd1c
+  data.tar.gz: af3d846901b8810cb49bb4be027f5c107514bd8f03c4ecda80947ffe5bb4847d
 SHA512:
-  metadata.gz: e43b09a82b8a63605a3c7ddb2d139890c5bd5153db25b8c5a535f570cf796a12f1e2520add1231bf72d95b4821871c0da72adc21e6a09b4597e5e9e65db9407f
-  data.tar.gz: d2d50163045d57ee8b87a0277b0f023d4d35d603637bc94bcae7c78f914afde8131ba725095627256fe93f77ca5484adb8b2247cf238b80bc3e57175db625b38
+  metadata.gz: 1f83cb1e7672a469ac38fade46e2feeb1200366fd6d8b57efdc0f6d871099a3cb18f3bd35421bb721c9c367cc21061fbc79055c8481e2c8c30765123e8b3dfa8
+  data.tar.gz: 4516a0ae989e67eb5d9dc23ec72965107031fa7d6a52f0a0c392225c816b1e9daac3d07168e9be135c84940d684fd393a6d31e191cdffcac8b682b61251187d6

data/Gemfile.lock CHANGED Viewed

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    authentication-zero (2.16.1)
+    authentication-zero (2.16.2)
 GEM
   remote: https://rubygems.org/

data/README.md CHANGED Viewed

@@ -24,7 +24,6 @@ The purpose of authentication zero is to generate a pre-built authentication sys
 - Manage multiple sessions & devices
 - Activity log (--trackable)
 - Log out
-- [API documentation](https://github.com/lazaronixon/authentication-zero/blob/master/authentication-zero-api.md)
 ## Security and best practices
@@ -48,7 +47,6 @@ $ bundle add authentication-zero
 ```
 $ rails generate authentication
-$ bundle install
 ```
 ## Development

data/lib/authentication_zero/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module AuthenticationZero
-  VERSION = "2.16.1"
+  VERSION = "2.16.2"
 end

data/lib/generators/authentication/authentication_generator.rb CHANGED Viewed

@@ -15,9 +15,12 @@ class AuthenticationGenerator < Rails::Generators::Base
   source_root File.expand_path("templates", __dir__)
   def add_gems
-    uncomment_lines "Gemfile", /"bcrypt"/
-    uncomment_lines "Gemfile", /"redis"/  if redis?
-    uncomment_lines "Gemfile", /"kredis"/ if redis?
+    gem "bcrypt", "~> 3.1.7", comment: "Use Active Model has_secure_password [https://guides.rubyonrails.org/active_model_basics.html#securepassword]"
+    if redis?
+      gem "redis", ">= 4.0.1", comment: "Use Redis adapter to run additional authentication features"
+      gem "kredis", comment: "Use Kredis to get higher-level data types in Redis [https://github.com/rails/kredis]"
+    end
     if options.pwned?
       gem "pwned", comment: "Use Pwned to check if a password has been found in any of the huge data breaches [https://github.com/philnash/pwned]"

data/lib/generators/authentication/templates/controllers/api/identity/email_verifications_controller.rb.tt CHANGED Viewed

@@ -26,5 +26,5 @@ class Identity::EmailVerificationsController < ApplicationController
     rescue
       render json: { error: "That email verification link is invalid" }, status: :bad_request
     <%- end -%>
-  end
+    end
 end

data/lib/generators/authentication/templates/controllers/html/application_controller.rb.tt CHANGED Viewed

@@ -3,7 +3,11 @@ class ApplicationController < ActionController::Base
   before_action :authenticate
   <%- if options.sudoable? %>
   def require_sudo
+    <%- if omniauthable? -%>
+    unless Current.session.sudo? || Current.session.user.provider.present?
+    <%- else -%>
     unless Current.session.sudo?
+    <%- end -%>
       redirect_to new_sessions_sudo_path(proceed_to_url: request.url)
     end
   end

data/lib/generators/authentication/templates/controllers/html/sessions/sudos_controller.rb.tt CHANGED Viewed

@@ -5,11 +5,7 @@ class Sessions::SudosController < ApplicationController
   def create
     session = Current.session
-    <%- if omniauthable? -%>
-    if session.user.authenticate(params[:password]) || session.user.provider
-    <%- else -%>
     if session.user.authenticate(params[:password])
-    <%- end -%>
       session.sudo.mark; redirect_to(params[:proceed_to_url])
     else
       redirect_to new_sessions_sudo_path(proceed_to_url: params[:proceed_to_url]), alert: "The password you entered is incorrect"

data/lib/generators/authentication/templates/erb/home/index.html.erb.tt CHANGED Viewed

@@ -14,19 +14,17 @@
   <div>
     <%%= link_to "Devices & Sessions", sessions_path %>
   </div>
-  <%- if options.trackable? -%>
+  <%- if options.trackable? %>
   <div>
-    <%# link_to "Activity Log", authentications_events_path %>
+    <%%= link_to "Activity Log", authentications_events_path %>
   </div>
   <%- end -%>
-  <%- if two_factor? -%>
+  <%- if two_factor? %>
   <div>
-    <%# link_to "Two-Factor Authentication", new_two_factor_authentication_totp_path %>
+    <%%= link_to "Two-Factor Authentication", new_two_factor_authentication_totp_path %>
   </div>
   <%- end -%>
   <br>
   <%%= button_to "Log out", Current.session, method: :delete %>

data/lib/generators/authentication/templates/erb/sessions/new.html.erb.tt CHANGED Viewed

@@ -18,8 +18,7 @@
     <%%= form.submit "Sign in" %>
   </div>
 <%% end %>
-<%- if omniauthable? -%>
+<%- if omniauthable? %>
 <div>
   <%%= button_to "Sign in with OmniAuth", "/auth/developer", "data-turbo" => false %>
 </div>

data/lib/generators/authentication/templates/models/user.rb.tt CHANGED Viewed

@@ -18,11 +18,11 @@ class User < ApplicationRecord
   validates :password, not_pwned: { message: "might easily be guessed" }
   <%- end -%>
-  before_validation do
-    self.email = email&.downcase&.strip
+  before_validation if: -> { email.present? } do
+    self.email = email.downcase.strip
   end
-  before_validation if: -> { email_changed? && persisted? } do
+  before_validation if: :email_changed?, unless: :new_record? do
     self.verified = false
   end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: authentication-zero
 version: !ruby/object:Gem::Version
-  version: 2.16.1
+  version: 2.16.2
 platform: ruby
 authors:
 - Nixon
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-12-21 00:00:00.000000000 Z
+date: 2022-12-30 00:00:00.000000000 Z
 dependencies: []
 description:
 email:
@@ -29,7 +29,6 @@ files:
 - LICENSE.txt
 - README.md
 - Rakefile
-- authentication-zero-api.md
 - authentication-zero.gemspec
 - lib/authentication-zero.rb
 - lib/authentication_zero.rb

data/authentication-zero-api.md DELETED Viewed

@@ -1,192 +0,0 @@
-# Authentication Zero API
-This document describe the api endpoints available in authentication-zero.
-## Making a request
-To make a sign in request for example, append sign_in to the base URL to form something like http://localhost:3000/sign_in, also notice you have to include the Content-Type header and the JSON data: In cURL, it looks like this:
-``` shell
-curl -H "Authorization: Bearer $ACCESS_TOKEN" \
-  -H 'Content-Type: application/json' \
-  -H 'User-Agent: MyApp (yourname@example.com)' \
-  -d '{ "email": "lazaronixon@hotmail.com", "password": "secret", "password_confirmation": "secret" }' \
-  http://localhost:3000/sign_in
-```
-## API endpoints
-- [Sign up](#sign-up)
-- [Sign in](#sign-in)
-- [Get your sessions](#get-your-sessions)
-- [Get a session](#get-a-session)
-- [Destroy a session](#destroy-a-session)
-- [Update your password](#update-your-password)
-- [Update your email](#update-your-email)
-- [Send verification email](#send-verification-email)
-- [Verify email](#verify-email)
-- [Send password reset email](#send-password-reset-email)
-- [Reset password](#reset-password)
-## Registrations
-### Sign up
-* `POST /sign_up` creates a user on database.
-###### Example JSON Request
-``` json
-{
-  "email": "lazaronixon@hotmail.com",
-  "password": "Secret1*2*3*4*5*6",
-  "password_confirmation": "Secret1*2*3*4*5*6"
-}
-```
-This endpoint will return `201 Created` with the current JSON representation of the user if the creation was a success.
-## Sessions
-### Sign in
-* `POST /sign_in` creates a session on database.
-###### Example JSON Request
-``` json
-{
-  "email": "lazaronixon@hotmail.com",
-  "password": "Secret1*2*3*4*5*6"
-}
-```
-This endpoint will return `201 Created` with the current JSON representation of the session if the creation was a success, also you will receive a `X-Session-Token` that you will use as your authorization token.
-### Get your sessions
-* `GET /sessions` will return a list of sessions.
-###### Example JSON Response
-``` json
-[
-  {
-    "id": 2,
-    "user_id": 1,
-    "user_agent": "insomnia/2022.1.0",
-    "ip_address": "127.0.0.1",
-    "created_at": "2022-03-04T17:20:33.632Z",
-    "updated_at": "2022-03-04T17:20:33.632Z"
-  },
-  {
-    "id": 1,
-    "user_id": 1,
-    "user_agent": "insomnia/2022.1.0",
-    "ip_address": "127.0.0.1",
-    "created_at": "2022-03-04T17:14:03.386Z",
-    "updated_at": "2022-03-04T17:14:03.386Z"
-  }
-]
-```
-### Get a session
-* `GET /sessions/1` will return the session with an ID of 1.
-###### Example JSON Response
-``` json
-{
-  "id": 1,
-  "user_id": 1,
-  "user_agent": "insomnia/2022.1.0",
-  "ip_address": "127.0.0.1",
-  "created_at": "2022-03-04T17:14:03.386Z",
-  "updated_at": "2022-03-04T17:14:03.386Z"
-}
-```
-### Destroy a session
-* `DELETE /sessions/1` will destroy the session with an ID of 1.
-Returns `204 No Content` if successful.
-## Password
-### Update your password
-* `PUT /password` allows changing your password.
-###### Example JSON Request
-``` json
-{
-  "current_password": "Secret1*2*3*4*5*6",
-  "password": "NewPassword12$34$56$7",
-  "password_confirmation": "NewPassword12$34$56$7"
-}
-```
-This endpoint will return 200 OK with the current JSON representation of the user if the update was a success.
-## Email
-### Update your email
-* `PUT /identity/email` allows changing your email. **(requires sudo)**.
-###### Example JSON Request
-``` json
-{
-  "current_password": "Secret1*2*3*4*5*6",
-  "email": "new_email@hey.com"
-}
-```
-This endpoint will return 200 OK with the current JSON representation of the user if the update was a success.
-## Email verification
-### Send verification email
-* `POST /identity/email_verification` sends an email verification with the instructions and link to proceed with the verification.
-Returns `204 No Content` if successful.
-### Verify email
-* `GET /identity/email_verification` verify your email using a temporary token.
-**Required parameters:** `email` and `token`.
-Example: `/identity/email_verification?email=lazaronixon@hotmail.com&token=eyJfcmFpbHMiOnsibWVzc2FnZSI6Ik1nPT0iLCJleHAiOm51bGwsInB1ciI6InNlc3Npb24ifX0=--1a277b4a5576c6e371144a22476979a18d3e45fb8515a79e815cd4b95eb5fb6b`
-Returns `204 No Content` if successful.
-## Password reset
-### Send password reset email
-* `POST /identity/password_reset` sends a password reset email with the instructions and link to proceed reset.
-Returns `204 No Content` if successful.
-### Reset password
-* `PUT /identity/password_reset` allows changing your password through a email token.
-##### Example JSON Request
-``` json
-{
-  "password": "NewPassword12$34$56$7",
-  "password_confirmation": "NewPassword12$34$56$7",
-  "token": "eyJfcmFpbHMiOnsibWVzc2FnZSI6Ik1nPT0iLCJleHAiOm51bGwsInB1ciI6InNlc3Npb24ifX0=--1a277b4a5576c6e371144a22476979a18d3e45fb8515a79e815cd4b95eb5fb6b",
-}
-```
-This endpoint will return 200 OK with the current JSON representation of the user if the update was a success.