authentication-zero 2.16.16 → 2.16.18

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 99df48ab46b9859695eadb1675580d523f1953a3f211b648b3c752e22598557a
4
- data.tar.gz: c9fa8cfc8785c16a3329737b89c43ded33f74b79857e52a32f5e1b00872e388f
3
+ metadata.gz: ae2a40d4e3930043e09c68b96f68f4fc07431f2ed3eb5a7b0fdf58cef8f6f144
4
+ data.tar.gz: 61fed59ae5047fb60a26c6ba8267211bb0b928e3a787682942bfd3912b1ea4f8
5
5
  SHA512:
6
- metadata.gz: 72daf22b87d0960c34885348cdf1c24ae3d67dbc9e34c816ac0d1592fd9e46299776b624383d4d318034edfbcedfa5e894fa65495188afe94aee6b011d3b4281
7
- data.tar.gz: 219aa2ebe407eacf4344c462e20aad1abea1389b96b629f6313486821d07f04ea3682e789accaef04fb2bf60365cacb229fddbbafbf8c6e2bb8172ab18195ec7
6
+ metadata.gz: 12b1614899d5aa9b0628bf70031857695e5800f40559b68eeff7957e7e1540afd93a8b9d574c86d6b57ae5e3369060dc141d1ed53964a0935eed60286a2b1949
7
+ data.tar.gz: 2abb77f18952aa72b08d8a59b701ce71087246669735b6ec045a69a9a8000cd4773d3f7a69d0743401b7848b8a3509a23be3be7f7a7a34772dc13fedd0bfbaae
data/CHANGELOG.md CHANGED
@@ -1,6 +1,12 @@
1
+ ## Authentication Zero 2.16.18 ##
2
+
3
+ * Use session to store the token for the 2fa challenge
4
+
1
5
  ## Authentication Zero 2.16.16 ##
2
6
 
3
7
  * Add recovery codes to two factor auth
8
+ * Removed code-verifiable strategy
9
+ * Respond password reset edit api with no_content
4
10
 
5
11
  ## Authentication Zero 2.16.15 ##
6
12
 
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- authentication-zero (2.16.16)
4
+ authentication-zero (2.16.18)
5
5
 
6
6
  GEM
7
7
  remote: https://rubygems.org/
@@ -1,3 +1,3 @@
1
1
  module AuthenticationZero
2
- VERSION = "2.16.16"
2
+ VERSION = "2.16.18"
3
3
  end
@@ -62,6 +62,7 @@ class AuthenticationGenerator < Rails::Generators::Base
62
62
  migration_template "migrations/create_password_reset_tokens_migration.rb", "#{db_migrate_path}/create_password_reset_tokens.rb"
63
63
  migration_template "migrations/create_sign_in_tokens_migration.rb", "#{db_migrate_path}/create_sign_in_tokens_migration.rb" if passwordless?
64
64
  migration_template "migrations/create_events_migration.rb", "#{db_migrate_path}/create_events.rb" if options.trackable?
65
+ migration_template "migrations/create_recovery_codes_migration.rb", "#{db_migrate_path}/create_recovery_codes.rb" if two_factor?
65
66
  end
66
67
 
67
68
  def create_models
@@ -72,6 +73,7 @@ class AuthenticationGenerator < Rails::Generators::Base
72
73
  template "models/sign_in_token.rb", "app/models/sign_in_token.rb" if passwordless?
73
74
  template "models/current.rb", "app/models/current.rb"
74
75
  template "models/event.rb", "app/models/event.rb" if options.trackable?
76
+ template "models/recovery_code.rb", "app/models/recovery_code.rb" if two_factor?
75
77
  end
76
78
 
77
79
  def create_fixture_file
@@ -17,8 +17,8 @@ class SessionsController < ApplicationController
17
17
  if user && user.authenticate(params[:password])
18
18
  <%- if two_factor? -%>
19
19
  if user.otp_secret.present?
20
- signed_id = user.signed_id(purpose: :authentication_challenge, expires_in: 20.minutes)
21
- redirect_to new_two_factor_authentication_challenge_path(token: signed_id)
20
+ session[:challenge_token] = user.signed_id(purpose: :authentication_challenge, expires_in: 20.minutes)
21
+ redirect_to new_two_factor_authentication_challenge_path
22
22
  else
23
23
  @session = user.sessions.create!
24
24
  cookies.signed.permanent[:session_token] = { value: @session.id, httponly: true }
@@ -16,7 +16,7 @@ class TwoFactorAuthentication::ChallengesController < ApplicationController
16
16
 
17
17
  private
18
18
  def set_user
19
- @user = User.find_signed!(params[:token], purpose: :authentication_challenge)
19
+ @user = User.find_signed!(session[:challenge_token], purpose: :authentication_challenge)
20
20
  rescue StandardError
21
21
  redirect_to sign_in_path, alert: "That's taking too long. Please re-enter your password and try again"
22
22
  end
@@ -47,6 +47,6 @@ class TwoFactorAuthentication::ChallengesController < ApplicationController
47
47
  end
48
48
 
49
49
  def redirect_to_authentication_challenge
50
- redirect_to new_two_factor_authentication_challenge_path(token: params[:token], scheme_type: params[:scheme_type]), alert: "That code didn't work. Please try again"
50
+ redirect_to new_two_factor_authentication_challenge_path(scheme_type: params[:scheme_type]), alert: "That code didn't work. Please try again"
51
51
  end
52
52
  end
@@ -1,5 +1,4 @@
1
1
  <%%= form_with(url: two_factor_authentication_challenge_path) do |form| %>
2
- <%%= form.hidden_field :token, value: params[:token] %>
3
2
  <%%= form.hidden_field :scheme_type, value: "recovery_codes" %>
4
3
 
5
4
  <div>
@@ -1,5 +1,4 @@
1
1
  <%%= form_with(url: two_factor_authentication_challenge_path) do |form| %>
2
- <%%= form.hidden_field :token, value: params[:token] %>
3
2
  <%%= form.hidden_field :scheme_type, value: "totp" %>
4
3
 
5
4
  <div>
@@ -16,5 +15,5 @@
16
15
 
17
16
  <div>
18
17
  <p><strong>Don't have your phone?</strong></p>
19
- <%%= link_to "Use a recovery code to access your account.", new_two_factor_authentication_challenge_path(token: params[:token], scheme_type: "recovery_codes") %>
18
+ <%%= link_to "Use a recovery code to access your account.", new_two_factor_authentication_challenge_path(scheme_type: "recovery_codes") %>
20
19
  </div>
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: authentication-zero
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.16.16
4
+ version: 2.16.18
5
5
  platform: ruby
6
6
  authors:
7
7
  - Nixon