authentication-zero 2.16.2 → 2.16.4

Sign up to get free protection for your applications and to get access to all the features.
Files changed (9) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +21 -0
  3. data/Gemfile.lock +1 -1
  4. data/README.md +17 -13
  5. data/lib/authentication_zero/version.rb +1 -1
  6. data/lib/generators/authentication/templates/controllers/api/sessions_controller.rb.tt +3 -0
  7. data/lib/generators/authentication/templates/controllers/html/sessions_controller.rb.tt +3 -0
  8. data/lib/generators/authentication/templates/models/user.rb.tt +0 -1
  9. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: fa899dd7d78a0c135998ca417f8adb5c412b1f7fb5cc3fb84839d8992dc5dd1c
4
- data.tar.gz: af3d846901b8810cb49bb4be027f5c107514bd8f03c4ecda80947ffe5bb4847d
3
+ metadata.gz: 32a85d186a97bb53ee18ac30be1acdd6eb64716c7ed30fd0cfe4d52afca0d990
4
+ data.tar.gz: b155fd90fe8df3d548cd6cfa5c2b3cbf7bea30ffa23db6c3381a68b1b1d0c3ed
5
5
  SHA512:
6
- metadata.gz: 1f83cb1e7672a469ac38fade46e2feeb1200366fd6d8b57efdc0f6d871099a3cb18f3bd35421bb721c9c367cc21061fbc79055c8481e2c8c30765123e8b3dfa8
7
- data.tar.gz: 4516a0ae989e67eb5d9dc23ec72965107031fa7d6a52f0a0c392225c816b1e9daac3d07168e9be135c84940d684fd393a6d31e191cdffcac8b682b61251187d6
6
+ metadata.gz: 5c0d67ddd39e6698f383ec398d32e3f7884776adb42a9d2724498007458760e9558310fab74609c151ce6eae633d83a55be366f978d457efe5ae433118a236e5
7
+ data.tar.gz: b710950c1407acdf4a689a7e5858aafd344248f8f5917af5207db04b4d24828499fd4f1a61d54a7463b69b3866aeed499b900eff86e28072c613c871c6c97e24
data/CHANGELOG.md CHANGED
@@ -1,3 +1,24 @@
1
+ ## Authentication Zero 2.16.4 (February 11, 2023) ##
2
+
3
+ * Increase attemps for lockable sign-in
4
+
5
+ ## Authentication Zero 2.16.3 (December 30, 2022) ##
6
+
7
+ * Require lock for sign in when lockable
8
+
9
+ ## Authentication Zero 2.16.2 (December 21, 2022) ##
10
+
11
+ * Remove api documentation and reference for api docs from README
12
+ * Remove bundle install instruction
13
+ * Dont require sudo for omniauth users
14
+ * Add gems instead of uncomment gemfile lines
15
+ * Fix home view
16
+
17
+ ## Authentication Zero 2.16.1 (December 20, 2022) ##
18
+
19
+ * Safe navigation for email normalization
20
+ * Fix omniauth not verifying user
21
+
1
22
  ## Authentication Zero 2.16.0 (May 2, 2022) ##
2
23
 
3
24
  * Generate home controller
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- authentication-zero (2.16.2)
4
+ authentication-zero (2.16.4)
5
5
 
6
6
  GEM
7
7
  remote: https://rubygems.org/
data/README.md CHANGED
@@ -2,6 +2,22 @@
2
2
 
3
3
  The purpose of authentication zero is to generate a pre-built authentication system into a rails application (web or api-only) that follows both security and rails best practices. By generating code into the user's application instead of using a library, the user has complete freedom to modify the authentication system so it works best with their app.
4
4
 
5
+ ## Installation
6
+
7
+ ```
8
+ $ bundle add authentication-zero
9
+ ```
10
+
11
+ ## Usage
12
+
13
+ ```
14
+ $ rails generate authentication
15
+ ```
16
+
17
+ ## Developer responsibilities
18
+
19
+ Since Authentication Zero generates this code into your application instead of building these modules into the gem itself, you now have complete freedom to modify the authentication system, so it works best with your use case. The one caveat with using a generated authentication system is it will not be updated after it's been generated. Therefore, as improvements are made to the output of `rails generate authentication`, it becomes your responsibility to determine if these changes need to be ported into your application. Security-related and other important improvements will be explicitly and clearly marked in the `CHANGELOG.md` file and upgrade notes.
20
+
5
21
  ## Features
6
22
 
7
23
  - **Simplest code ever (~200 lines of code)**
@@ -18,7 +34,7 @@ The purpose of authentication zero is to generate a pre-built authentication sys
18
34
  - Ask password before sensitive data changes, aka: sudo (--sudoable)
19
35
  - Reset the user password and send reset instructions
20
36
  - Reset the user password only from verified emails
21
- - Lock sending reset password email after many attempts (--lockable)
37
+ - Lock mechanism for resetting password and sign-in (--lockable)
22
38
  - Send e-mail confirmation when your email has been changed
23
39
  - Send e-mail notification when someone has logged into your account
24
40
  - Manage multiple sessions & devices
@@ -37,18 +53,6 @@ The purpose of authentication zero is to generate a pre-built authentication sys
37
53
  - [Functional Tests](https://guides.rubyonrails.org/testing.html#functional-tests-for-your-controllers): In Rails, testing the various actions of a controller is a form of writing functional tests.
38
54
  - [System Testing](https://guides.rubyonrails.org/testing.html#system-testing): System tests allow you to test user interactions with your application, running tests in either a real or a headless browser.
39
55
 
40
- ## Installation
41
-
42
- ```
43
- $ bundle add authentication-zero
44
- ```
45
-
46
- ## Usage
47
-
48
- ```
49
- $ rails generate authentication
50
- ```
51
-
52
56
  ## Development
53
57
 
54
58
  To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
data/lib/authentication_zero/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module AuthenticationZero
2
- VERSION = "2.16.2"
2
+ VERSION = "2.16.4"
3
3
  end
data/lib/generators/authentication/templates/controllers/api/sessions_controller.rb.tt CHANGED
@@ -1,6 +1,9 @@
1
1
  class SessionsController < ApplicationController
2
2
  skip_before_action :authenticate, only: :create
3
3
 
4
+ <%- if options.lockable? -%>
5
+ before_action :require_lock, attempts: 20, only: :create
6
+ <%- end -%>
4
7
  before_action :set_session, only: %i[ show destroy ]
5
8
 
6
9
  def index
data/lib/generators/authentication/templates/controllers/html/sessions_controller.rb.tt CHANGED
@@ -1,6 +1,9 @@
1
1
  class SessionsController < ApplicationController
2
2
  skip_before_action :authenticate, only: %i[ new create ]
3
3
 
4
+ <%- if options.lockable? -%>
5
+ before_action :require_lock, attempts: 20, only: :create
6
+ <%- end -%>
4
7
  before_action :set_session, only: :destroy
5
8
 
6
9
  def index
data/lib/generators/authentication/templates/models/user.rb.tt CHANGED
@@ -29,7 +29,6 @@ class User < ApplicationRecord
29
29
  after_update if: :password_digest_previously_changed? do
30
30
  sessions.where.not(id: Current.session).destroy_all
31
31
  end
32
-
33
32
  <%- if options.trackable? %>
34
33
  after_update if: :email_previously_changed? do
35
34
  events.create! action: "email_verification_requested"
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: authentication-zero
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.16.2
4
+ version: 2.16.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - Nixon
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-12-30 00:00:00.000000000 Z
11
+ date: 2023-02-11 00:00:00.000000000 Z
12
12
  dependencies: []
13
13
  description:
14
14
  email: