authentication-zero 2.16.28 → 2.16.30
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +8 -0
- data/Gemfile.lock +1 -1
- data/README.md +18 -3
- data/lib/authentication_zero/version.rb +1 -1
- data/lib/generators/authentication/authentication_generator.rb +19 -5
- data/lib/generators/authentication/templates/controllers/api/application_controller.rb.tt +2 -2
- data/lib/generators/authentication/templates/controllers/html/application_controller.rb.tt +2 -2
- data/lib/generators/authentication/templates/controllers/html/masquerades_controller.rb.tt +2 -2
- data/lib/generators/authentication/templates/controllers/html/registrations_controller.rb.tt +2 -2
- data/lib/generators/authentication/templates/controllers/html/sessions/omniauth_controller.rb.tt +2 -2
- data/lib/generators/authentication/templates/controllers/html/sessions/passwordlesses_controller.rb.tt +2 -2
- data/lib/generators/authentication/templates/controllers/html/sessions/sudos_controller.rb.tt +3 -3
- data/lib/generators/authentication/templates/controllers/html/sessions_controller.rb.tt +0 -1
- data/lib/generators/authentication/templates/controllers/html/two_factor_authentication/challenge/recovery_codes_controller.rb.tt +2 -2
- data/lib/generators/authentication/templates/controllers/html/two_factor_authentication/challenge/security_keys_controller.rb.tt +2 -2
- data/lib/generators/authentication/templates/controllers/html/two_factor_authentication/challenge/totps_controller.rb.tt +2 -2
- data/lib/generators/authentication/templates/lib/account_middleware.rb +30 -0
- data/lib/generators/authentication/templates/migrations/create_accounts_migration.rb.tt +5 -0
- data/lib/generators/authentication/templates/models/account.rb.tt +2 -0
- data/lib/generators/authentication/templates/models/concerns/account_scoped.rb +11 -0
- data/lib/generators/authentication/templates/models/current.rb.tt +3 -0
- metadata +6 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 4d24c61ab47e57ff3f4e61f6871063cc0eddd0bae159bad0a6033c13b6d11d27
|
4
|
+
data.tar.gz: 5603c75ec12c501b2e4de8165c79fa98011a1509ad9728911a71a2ea5f1ed823
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: ef99f6854ac55716a68f6439c14f33d9ad073c87374a2aa5434377d0fdefda107e6311692362c00e0ca9cb6a9b6b304f10a0ffd33b2373b27af0e3a1d32d8584
|
7
|
+
data.tar.gz: d0d7a47777f70acb660bf9c8865967d6eda63147f764ab15abd3e0f41d119a31ed51553fe2ce132a56c7b3abf0221e82d7f22b4814d54214aae90db332fc71ea
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,11 @@
|
|
1
|
+
## Authentication Zero 2.16.30 ##
|
2
|
+
|
3
|
+
* Add multi-tenant artifacts that you can use. (--tenantable)
|
4
|
+
|
5
|
+
## Authentication Zero 2.16.29 ##
|
6
|
+
|
7
|
+
* Replaced session with session_record, it has a conflict on rails 7.1 (bug-fix)
|
8
|
+
|
1
9
|
## Authentication Zero 2.16.25 ##
|
2
10
|
|
3
11
|
* Add new option to refresh otp secret
|
data/Gemfile.lock
CHANGED
data/README.md
CHANGED
@@ -45,8 +45,8 @@ Since Authentication Zero generates this code into your application instead of b
|
|
45
45
|
- Social login with omni auth (--omniauthable)
|
46
46
|
- Passwordless authentication (--passwordless)
|
47
47
|
- Send invitations (--invitable)
|
48
|
-
- "Sign-in as" button
|
49
|
-
|
48
|
+
- "Sign-in as" button (--masqueradable)
|
49
|
+
- Multi-tentant application (--tenantable)
|
50
50
|
|
51
51
|
## Generated code
|
52
52
|
|
@@ -59,7 +59,22 @@ Since Authentication Zero generates this code into your application instead of b
|
|
59
59
|
- [log filtering](https://guides.rubyonrails.org/action_controller_overview.html#log-filtering): Parameters 'token' and 'password' are marked [FILTERED] in the log.
|
60
60
|
- [functional tests](https://guides.rubyonrails.org/testing.html#functional-tests-for-your-controllers): In Rails, testing the various actions of a controller is a form of writing functional tests.
|
61
61
|
- [system testing](https://guides.rubyonrails.org/testing.html#system-testing): System tests allow you to test user interactions with your application, running tests in either a real or a headless browser.
|
62
|
-
|
62
|
+
|
63
|
+
### Sudoable
|
64
|
+
|
65
|
+
Use `before_action :require_sudo` in controllers with sensitive information, it will ask for your password on the first access or after 30 minutes.
|
66
|
+
|
67
|
+
### Tenantable
|
68
|
+
|
69
|
+
Some artifacts are generated in the application, which makes it possible to implement row-level multitenancy applications. You should follow some steps to make it work.
|
70
|
+
|
71
|
+
- Add `account_id` to each scoped table, ex. `rails g migration projects account:references`.
|
72
|
+
- Add `include AccountScoped` to scoped models. It set up the relationship with the account and default scope using the current account.
|
73
|
+
- The `Current.account` is set according to the url ex: `http://mywebsite.com/1234/projects`.
|
74
|
+
- You should customize the sign-in flow yourself, it means:
|
75
|
+
- Add the `account_id` column and scope your user model.
|
76
|
+
- Assign the account when the user is created.
|
77
|
+
- After sign-in redirect to the correct url, including the `account_id`.
|
63
78
|
|
64
79
|
## Development
|
65
80
|
|
@@ -15,6 +15,7 @@ class AuthenticationGenerator < Rails::Generators::Base
|
|
15
15
|
class_option :webauthn, type: :boolean, desc: "Add two factor authentication using a hardware security key"
|
16
16
|
class_option :invitable, type: :boolean, desc: "Add sending invitations"
|
17
17
|
class_option :masqueradable, type: :boolean, desc: "Add sign-in as button functionallity"
|
18
|
+
class_option :tenantable, type: :boolean, desc: "Add artifacts to implement a row-level tenant app"
|
18
19
|
|
19
20
|
source_root File.expand_path("templates", __dir__)
|
20
21
|
|
@@ -53,15 +54,25 @@ class AuthenticationGenerator < Rails::Generators::Base
|
|
53
54
|
application "config.action_mailer.default_url_options = { host: \"localhost\", port: 3000 }", env: "development"
|
54
55
|
application "config.action_mailer.default_url_options = { host: \"localhost\", port: 3000 }", env: "test"
|
55
56
|
environment ratelimit_block, env: "production" if options.ratelimit?
|
57
|
+
|
58
|
+
if options.tenantable?
|
59
|
+
prepend_to_file "config/application.rb", "require_relative \"../lib/account_middleware\"\n"
|
60
|
+
application "config.middleware.use AccountMiddleware"
|
61
|
+
end
|
56
62
|
end
|
57
63
|
|
58
64
|
def create_configuration_files
|
59
|
-
copy_file "config/redis/shared.yml"
|
60
|
-
copy_file "config/initializers/omniauth.rb"
|
61
|
-
copy_file "config/initializers/webauthn.rb"
|
65
|
+
copy_file "config/redis/shared.yml" if redis?
|
66
|
+
copy_file "config/initializers/omniauth.rb" if omniauthable?
|
67
|
+
copy_file "config/initializers/webauthn.rb" if webauthn?
|
68
|
+
end
|
69
|
+
|
70
|
+
def create_lib_files
|
71
|
+
copy_file "lib/account_middleware.rb" if options.tenantable?
|
62
72
|
end
|
63
73
|
|
64
74
|
def create_migrations
|
75
|
+
migration_template "migrations/create_accounts_migration.rb", "#{db_migrate_path}/create_accounts_migration.rb" if options.tenantable?
|
65
76
|
migration_template "migrations/create_users_migration.rb", "#{db_migrate_path}/create_users.rb"
|
66
77
|
migration_template "migrations/create_sessions_migration.rb", "#{db_migrate_path}/create_sessions.rb"
|
67
78
|
migration_template "migrations/create_password_reset_tokens_migration.rb", "#{db_migrate_path}/create_password_reset_tokens.rb"
|
@@ -73,6 +84,9 @@ class AuthenticationGenerator < Rails::Generators::Base
|
|
73
84
|
end
|
74
85
|
|
75
86
|
def create_models
|
87
|
+
copy_file "models/concerns/account_scoped.rb", "app/models/concerns/account_scoped.rb" if options.tenantable?
|
88
|
+
|
89
|
+
template "models/account.rb", "app/models/account.rb" if options.tenantable?
|
76
90
|
template "models/current.rb", "app/models/current.rb"
|
77
91
|
template "models/email_verification_token.rb", "app/models/email_verification_token.rb"
|
78
92
|
template "models/event.rb", "app/models/event.rb" if options.trackable?
|
@@ -218,8 +232,8 @@ class AuthenticationGenerator < Rails::Generators::Base
|
|
218
232
|
directory "test_unit/controllers/#{format}", "test/controllers"
|
219
233
|
directory "test_unit/mailers/", "test/mailers"
|
220
234
|
directory "test_unit/system", "test/system" unless options.api?
|
221
|
-
template
|
222
|
-
template
|
235
|
+
template "test_unit/test_helper.rb", "test/test_helper.rb", force: true
|
236
|
+
template "test_unit/application_system_test_case.rb", "test/application_system_test_case.rb", force: true unless options.api?
|
223
237
|
end
|
224
238
|
|
225
239
|
private
|
@@ -6,8 +6,8 @@ class ApplicationController < ActionController::API
|
|
6
6
|
|
7
7
|
private
|
8
8
|
def authenticate
|
9
|
-
if
|
10
|
-
Current.session =
|
9
|
+
if session_record = authenticate_with_http_token { |token, _| Session.find_signed(token) }
|
10
|
+
Current.session = session_record
|
11
11
|
else
|
12
12
|
request_http_token_authentication
|
13
13
|
end
|
@@ -4,8 +4,8 @@ class ApplicationController < ActionController::Base
|
|
4
4
|
|
5
5
|
private
|
6
6
|
def authenticate
|
7
|
-
if
|
8
|
-
Current.session =
|
7
|
+
if session_record = Session.find_by_id(cookies.signed[:session_token])
|
8
|
+
Current.session = session_record
|
9
9
|
else
|
10
10
|
redirect_to sign_in_path
|
11
11
|
end
|
@@ -3,8 +3,8 @@ class MasqueradesController < ApplicationController
|
|
3
3
|
before_action :set_user
|
4
4
|
|
5
5
|
def create
|
6
|
-
|
7
|
-
cookies.signed.permanent[:session_token] = { value:
|
6
|
+
session_record = @user.sessions.create!
|
7
|
+
cookies.signed.permanent[:session_token] = { value: session_record.id, httponly: true }
|
8
8
|
|
9
9
|
redirect_to root_path, notice: "Signed in successfully"
|
10
10
|
end
|
data/lib/generators/authentication/templates/controllers/html/registrations_controller.rb.tt
CHANGED
@@ -9,8 +9,8 @@ class RegistrationsController < ApplicationController
|
|
9
9
|
@user = User.new(user_params)
|
10
10
|
|
11
11
|
if @user.save
|
12
|
-
|
13
|
-
cookies.signed.permanent[:session_token] = { value:
|
12
|
+
session_record = @user.sessions.create!
|
13
|
+
cookies.signed.permanent[:session_token] = { value: session_record.id, httponly: true }
|
14
14
|
|
15
15
|
send_email_verification
|
16
16
|
redirect_to root_path, notice: "Welcome! You have signed up successfully"
|
data/lib/generators/authentication/templates/controllers/html/sessions/omniauth_controller.rb.tt
CHANGED
@@ -6,8 +6,8 @@ class Sessions::OmniauthController < ApplicationController
|
|
6
6
|
@user = User.create_with(user_params).find_or_initialize_by(omniauth_params)
|
7
7
|
|
8
8
|
if @user.save
|
9
|
-
|
10
|
-
cookies.signed.permanent[:session_token] = { value:
|
9
|
+
session_record = @user.sessions.create!
|
10
|
+
cookies.signed.permanent[:session_token] = { value: session_record.id, httponly: true }
|
11
11
|
|
12
12
|
redirect_to root_path, notice: "Signed in successfully"
|
13
13
|
else
|
@@ -10,8 +10,8 @@ class Sessions::PasswordlessesController < ApplicationController
|
|
10
10
|
end
|
11
11
|
|
12
12
|
def edit
|
13
|
-
|
14
|
-
cookies.signed.permanent[:session_token] = { value:
|
13
|
+
session_record = @user.sessions.create!
|
14
|
+
cookies.signed.permanent[:session_token] = { value: session_record.id, httponly: true }
|
15
15
|
|
16
16
|
revoke_tokens; redirect_to(root_path, notice: "Signed in successfully")
|
17
17
|
end
|
data/lib/generators/authentication/templates/controllers/html/sessions/sudos_controller.rb.tt
CHANGED
@@ -3,10 +3,10 @@ class Sessions::SudosController < ApplicationController
|
|
3
3
|
end
|
4
4
|
|
5
5
|
def create
|
6
|
-
|
6
|
+
session_record = Current.session
|
7
7
|
|
8
|
-
if
|
9
|
-
|
8
|
+
if session_record.user.authenticate(params[:password])
|
9
|
+
session_record.sudo.mark; redirect_to(params[:proceed_to_url])
|
10
10
|
else
|
11
11
|
redirect_to new_sessions_sudo_path(proceed_to_url: params[:proceed_to_url]), alert: "The password you entered is incorrect"
|
12
12
|
end
|
@@ -22,8 +22,8 @@ class TwoFactorAuthentication::Challenge::RecoveryCodesController < ApplicationC
|
|
22
22
|
end
|
23
23
|
|
24
24
|
def sign_in_and_redirect_to_root
|
25
|
-
|
26
|
-
cookies.signed.permanent[:session_token] = { value:
|
25
|
+
session_record = @user.sessions.create!
|
26
|
+
cookies.signed.permanent[:session_token] = { value: session_record.id, httponly: true }
|
27
27
|
|
28
28
|
redirect_to root_path, notice: "Signed in successfully"
|
29
29
|
end
|
@@ -26,8 +26,8 @@ class TwoFactorAuthentication::Challenge::SecurityKeysController < ApplicationCo
|
|
26
26
|
end
|
27
27
|
|
28
28
|
def sign_in_and_redirect_to_root
|
29
|
-
|
30
|
-
cookies.signed.permanent[:session_token] = { value:
|
29
|
+
session_record = @user.sessions.create!
|
30
|
+
cookies.signed.permanent[:session_token] = { value: session_record.id, httponly: true }
|
31
31
|
|
32
32
|
render json: { status: "ok", location: root_url }, status: :created
|
33
33
|
end
|
@@ -24,8 +24,8 @@ class TwoFactorAuthentication::Challenge::TotpsController < ApplicationControlle
|
|
24
24
|
end
|
25
25
|
|
26
26
|
def sign_in_and_redirect_to_root
|
27
|
-
|
28
|
-
cookies.signed.permanent[:session_token] = { value:
|
27
|
+
session_record = @user.sessions.create!
|
28
|
+
cookies.signed.permanent[:session_token] = { value: session_record.id, httponly: true }
|
29
29
|
|
30
30
|
redirect_to root_path, notice: "Signed in successfully"
|
31
31
|
end
|
@@ -0,0 +1,30 @@
|
|
1
|
+
class AccountMiddleware
|
2
|
+
def initialize(app)
|
3
|
+
@app = app
|
4
|
+
end
|
5
|
+
|
6
|
+
def call(env)
|
7
|
+
request = ActionDispatch::Request.new(env)
|
8
|
+
|
9
|
+
_, account_id, request_path = request.path.split("/", 3)
|
10
|
+
|
11
|
+
if is_number?(account_id)
|
12
|
+
set_current_account(account_id)
|
13
|
+
|
14
|
+
request.script_name = "/#{account_id}"
|
15
|
+
request.path_info = "/#{request_path}"
|
16
|
+
@app.call(request.env)
|
17
|
+
else
|
18
|
+
@app.call(request.env)
|
19
|
+
end
|
20
|
+
end
|
21
|
+
|
22
|
+
private
|
23
|
+
def is_number?(value)
|
24
|
+
Integer(value, exception: false)
|
25
|
+
end
|
26
|
+
|
27
|
+
def set_current_account(account_id)
|
28
|
+
Current.account = Account.find(account_id)
|
29
|
+
end
|
30
|
+
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: authentication-zero
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.16.
|
4
|
+
version: 2.16.30
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Nixon
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2023-
|
11
|
+
date: 2023-06-01 00:00:00.000000000 Z
|
12
12
|
dependencies: []
|
13
13
|
description:
|
14
14
|
email:
|
@@ -95,7 +95,9 @@ files:
|
|
95
95
|
- lib/generators/authentication/templates/erb/user_mailer/password_reset.html.erb.tt
|
96
96
|
- lib/generators/authentication/templates/erb/user_mailer/passwordless.html.erb.tt
|
97
97
|
- lib/generators/authentication/templates/javascript/controllers/application.js
|
98
|
+
- lib/generators/authentication/templates/lib/account_middleware.rb
|
98
99
|
- lib/generators/authentication/templates/mailers/user_mailer.rb.tt
|
100
|
+
- lib/generators/authentication/templates/migrations/create_accounts_migration.rb.tt
|
99
101
|
- lib/generators/authentication/templates/migrations/create_email_verification_tokens_migration.rb.tt
|
100
102
|
- lib/generators/authentication/templates/migrations/create_events_migration.rb.tt
|
101
103
|
- lib/generators/authentication/templates/migrations/create_password_reset_tokens_migration.rb.tt
|
@@ -104,6 +106,8 @@ files:
|
|
104
106
|
- lib/generators/authentication/templates/migrations/create_sessions_migration.rb.tt
|
105
107
|
- lib/generators/authentication/templates/migrations/create_sign_in_tokens_migration.rb.tt
|
106
108
|
- lib/generators/authentication/templates/migrations/create_users_migration.rb.tt
|
109
|
+
- lib/generators/authentication/templates/models/account.rb.tt
|
110
|
+
- lib/generators/authentication/templates/models/concerns/account_scoped.rb
|
107
111
|
- lib/generators/authentication/templates/models/current.rb.tt
|
108
112
|
- lib/generators/authentication/templates/models/email_verification_token.rb.tt
|
109
113
|
- lib/generators/authentication/templates/models/event.rb.tt
|