authentication-zero 2.16.5 → 2.16.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +6 -0
- data/Gemfile.lock +1 -1
- data/README.md +0 -1
- data/lib/authentication_zero/version.rb +1 -1
- data/lib/generators/authentication/authentication_generator.rb +10 -10
- data/lib/generators/authentication/templates/controllers/api/application_controller.rb.tt +0 -7
- data/lib/generators/authentication/templates/controllers/api/identity/emails_controller.rb.tt +3 -4
- data/lib/generators/authentication/templates/controllers/html/application_controller.rb.tt +0 -11
- data/lib/generators/authentication/templates/controllers/html/identity/emails_controller.rb.tt +3 -4
- data/lib/generators/authentication/templates/controllers/html/two_factor_authentication/totps_controller.rb.tt +3 -4
- data/lib/generators/authentication/templates/erb/identity/emails/edit.html.erb.tt +6 -1
- data/lib/generators/authentication/templates/erb/identity/password_resets/new.html.erb.tt +1 -1
- data/lib/generators/authentication/templates/erb/registrations/new.html.erb.tt +1 -1
- data/lib/generators/authentication/templates/erb/sessions/new.html.erb.tt +2 -2
- data/lib/generators/authentication/templates/erb/sessions/passwordlesses/new.html.erb.tt +1 -1
- data/lib/generators/authentication/templates/erb/two_factor_authentication/totps/new.html.erb.tt +6 -1
- data/lib/generators/authentication/templates/mailers/user_mailer.rb.tt +1 -1
- data/lib/generators/authentication/templates/models/session.rb.tt +0 -8
- data/lib/generators/authentication/templates/models/user.rb.tt +1 -1
- data/lib/generators/authentication/templates/test_unit/controllers/api/identity/emails_controller_test.rb.tt +8 -1
- data/lib/generators/authentication/templates/test_unit/controllers/html/identity/emails_controller_test.rb.tt +8 -1
- data/lib/generators/authentication/templates/test_unit/controllers/html/identity/password_resets_controller_test.rb.tt +1 -1
- data/lib/generators/authentication/templates/test_unit/system/identity/emails_test.rb.tt +1 -0
- metadata +2 -6
- data/lib/generators/authentication/templates/controllers/api/sessions/passwordlesses_controller.rb.tt +0 -34
- data/lib/generators/authentication/templates/controllers/api/sessions/sudos_controller.rb.tt +0 -11
- data/lib/generators/authentication/templates/controllers/html/sessions/sudos_controller.rb.tt +0 -14
- data/lib/generators/authentication/templates/erb/sessions/sudos/new.html.erb.tt +0 -28
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 2759ec10946a7ca08a682e430a1035c2c6903bcde53cf65b1dd75abeb12e5fd5
|
|
4
|
+
data.tar.gz: 56097dbc2b99da7c03ffa308a5d69980c63583d0832d7219c77f19a62e6a8671
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 3b8a831fbe073cd0770f28c10f22a265fc2af63d520436c11df99da104f20097fbfaf1379025658729295e61485a400f801e01a2b9d596bd242ceac02995e9fb
|
|
7
|
+
data.tar.gz: 373df629f7a95f12aa0842063ca87b704f68b4dae5edf3a38d37627f5ea50ee5c54d2380479f9959357e34457cfc7efa6c72cd7919757a4d75801b0061ebc623
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,9 @@
|
|
|
1
|
+
## Authentication Zero 2.16.6 ##
|
|
2
|
+
|
|
3
|
+
* Remove passwordless from api template
|
|
4
|
+
* Remove sudoable, I want to make things simple for new users,
|
|
5
|
+
and it will became even simpler with the new rails 7.1 "password challenge api"
|
|
6
|
+
|
|
1
7
|
## Authentication Zero 2.16.5 ##
|
|
2
8
|
|
|
3
9
|
* Revoke all password reset tokens (security enhancement)
|
data/Gemfile.lock
CHANGED
data/README.md
CHANGED
|
@@ -32,7 +32,6 @@ Since Authentication Zero generates this code into your application instead of b
|
|
|
32
32
|
- Social Login with OmniAuth (--omniauthable)
|
|
33
33
|
- Verify email using a link with token
|
|
34
34
|
- Verify email using a six random digits code for api (--code-verifiable)
|
|
35
|
-
- Ask password before sensitive data changes, aka: sudo (--sudoable)
|
|
36
35
|
- Reset the user password and send reset instructions
|
|
37
36
|
- Reset the user password only from verified emails
|
|
38
37
|
- Lock mechanism for resetting password and sign-in (--lockable)
|
|
@@ -6,7 +6,6 @@ class AuthenticationGenerator < Rails::Generators::Base
|
|
|
6
6
|
class_option :api, type: :boolean, desc: "Generates API authentication"
|
|
7
7
|
class_option :pwned, type: :boolean, desc: "Add pwned password validation"
|
|
8
8
|
class_option :code_verifiable, type: :boolean, desc: "Add email verification using a code for api"
|
|
9
|
-
class_option :sudoable, type: :boolean, desc: "Add password request before sensitive data changes"
|
|
10
9
|
class_option :lockable, type: :boolean, desc: "Add password reset locking"
|
|
11
10
|
class_option :passwordless, type: :boolean, desc: "Add passwordless sign"
|
|
12
11
|
class_option :omniauthable, type: :boolean, desc: "Add social login support"
|
|
@@ -53,7 +52,7 @@ class AuthenticationGenerator < Rails::Generators::Base
|
|
|
53
52
|
migration_template "migrations/create_sessions_migration.rb", "#{db_migrate_path}/create_sessions.rb"
|
|
54
53
|
migration_template "migrations/create_email_verification_tokens_migration.rb", "#{db_migrate_path}/create_email_verification_tokens.rb"
|
|
55
54
|
migration_template "migrations/create_password_reset_tokens_migration.rb", "#{db_migrate_path}/create_password_reset_tokens.rb"
|
|
56
|
-
migration_template "migrations/create_sign_in_tokens_migration.rb", "#{db_migrate_path}/create_sign_in_tokens_migration.rb" if
|
|
55
|
+
migration_template "migrations/create_sign_in_tokens_migration.rb", "#{db_migrate_path}/create_sign_in_tokens_migration.rb" if passwordless?
|
|
57
56
|
migration_template "migrations/create_events_migration.rb", "#{db_migrate_path}/create_events.rb" if options.trackable?
|
|
58
57
|
end
|
|
59
58
|
|
|
@@ -62,7 +61,7 @@ class AuthenticationGenerator < Rails::Generators::Base
|
|
|
62
61
|
template "models/session.rb", "app/models/session.rb"
|
|
63
62
|
template "models/email_verification_token.rb", "app/models/email_verification_token.rb"
|
|
64
63
|
template "models/password_reset_token.rb", "app/models/password_reset_token.rb"
|
|
65
|
-
template "models/sign_in_token.rb", "app/models/sign_in_token.rb" if
|
|
64
|
+
template "models/sign_in_token.rb", "app/models/sign_in_token.rb" if passwordless?
|
|
66
65
|
template "models/current.rb", "app/models/current.rb"
|
|
67
66
|
template "models/event.rb", "app/models/event.rb" if options.trackable?
|
|
68
67
|
end
|
|
@@ -80,9 +79,8 @@ class AuthenticationGenerator < Rails::Generators::Base
|
|
|
80
79
|
template "controllers/#{format_folder}/passwords_controller.rb", "app/controllers/passwords_controller.rb"
|
|
81
80
|
template "controllers/#{format_folder}/registrations_controller.rb", "app/controllers/registrations_controller.rb"
|
|
82
81
|
template "controllers/#{format_folder}/home_controller.rb", "app/controllers/home_controller.rb" unless options.api?
|
|
83
|
-
template "controllers/#{format_folder}/sessions/sudos_controller.rb", "app/controllers/sessions/sudos_controller.rb" if options.sudoable?
|
|
84
82
|
template "controllers/#{format_folder}/sessions/omniauth_controller.rb", "app/controllers/sessions/omniauth_controller.rb" if omniauthable?
|
|
85
|
-
template "controllers/#{format_folder}/sessions/passwordlesses_controller.rb", "app/controllers/sessions/passwordlesses_controller.rb" if
|
|
83
|
+
template "controllers/#{format_folder}/sessions/passwordlesses_controller.rb", "app/controllers/sessions/passwordlesses_controller.rb" if passwordless?
|
|
86
84
|
template "controllers/#{format_folder}/authentications/events_controller.rb", "app/controllers/authentications/events_controller.rb" if options.trackable?
|
|
87
85
|
end
|
|
88
86
|
|
|
@@ -103,8 +101,7 @@ class AuthenticationGenerator < Rails::Generators::Base
|
|
|
103
101
|
template "erb/sessions/index.html.erb", "app/views/sessions/index.html.erb"
|
|
104
102
|
template "erb/sessions/new.html.erb", "app/views/sessions/new.html.erb"
|
|
105
103
|
|
|
106
|
-
directory "erb/sessions/
|
|
107
|
-
directory "erb/sessions/passwordlesses", "app/views/sessions/passwordlesses" if options.passwordless?
|
|
104
|
+
directory "erb/sessions/passwordlesses", "app/views/sessions/passwordlesses" if passwordless?
|
|
108
105
|
|
|
109
106
|
directory "erb/two_factor_authentication", "app/views/two_factor_authentication" if two_factor?
|
|
110
107
|
directory "erb/authentications/events", "app/views/authentications/events" if options.trackable?
|
|
@@ -118,7 +115,7 @@ class AuthenticationGenerator < Rails::Generators::Base
|
|
|
118
115
|
def add_routes
|
|
119
116
|
route "root 'home#index'" unless options.api?
|
|
120
117
|
|
|
121
|
-
if
|
|
118
|
+
if passwordless?
|
|
122
119
|
route "resource :passwordless, only: [:new, :edit, :create]", namespace: :sessions
|
|
123
120
|
end
|
|
124
121
|
|
|
@@ -140,7 +137,6 @@ class AuthenticationGenerator < Rails::Generators::Base
|
|
|
140
137
|
route "resource :password_reset, only: [:new, :edit, :create, :update]", namespace: :identity
|
|
141
138
|
route "resource :email_verification, only: [:edit, :create]", namespace: :identity
|
|
142
139
|
route "resource :email, only: [:edit, :update]", namespace: :identity
|
|
143
|
-
route "resource :sudo, only: [:new, :create]", namespace: :sessions if options.sudoable?
|
|
144
140
|
route "resource :password, only: [:edit, :update]"
|
|
145
141
|
route "resources :sessions, only: [:index, :show, :destroy]"
|
|
146
142
|
route "post 'sign_up', to: 'registrations#create'"
|
|
@@ -166,6 +162,10 @@ class AuthenticationGenerator < Rails::Generators::Base
|
|
|
166
162
|
options.omniauthable? && !options.api?
|
|
167
163
|
end
|
|
168
164
|
|
|
165
|
+
def passwordless?
|
|
166
|
+
options.passwordless? && !options.api?
|
|
167
|
+
end
|
|
168
|
+
|
|
169
169
|
def two_factor?
|
|
170
170
|
options.two_factor? && !options.api?
|
|
171
171
|
end
|
|
@@ -175,6 +175,6 @@ class AuthenticationGenerator < Rails::Generators::Base
|
|
|
175
175
|
end
|
|
176
176
|
|
|
177
177
|
def redis?
|
|
178
|
-
options.lockable? ||
|
|
178
|
+
options.lockable? || code_verifiable?
|
|
179
179
|
end
|
|
180
180
|
end
|
|
@@ -3,13 +3,6 @@ class ApplicationController < ActionController::API
|
|
|
3
3
|
|
|
4
4
|
before_action :set_current_request_details
|
|
5
5
|
before_action :authenticate
|
|
6
|
-
<%- if options.sudoable? %>
|
|
7
|
-
def require_sudo
|
|
8
|
-
unless Current.session.sudo?
|
|
9
|
-
render json: { error: "Enter your password to continue" }, status: :forbidden
|
|
10
|
-
end
|
|
11
|
-
end
|
|
12
|
-
<%- end -%>
|
|
13
6
|
<%- if options.lockable? %>
|
|
14
7
|
def require_lock(wait: 1.hour, attempts: 10)
|
|
15
8
|
counter = Kredis.counter("require_lock:#{request.remote_ip}:#{params[:controller]}:#{params[:action]}", expires_in: wait)
|
data/lib/generators/authentication/templates/controllers/api/identity/emails_controller.rb.tt
CHANGED
|
@@ -1,11 +1,10 @@
|
|
|
1
1
|
class Identity::EmailsController < ApplicationController
|
|
2
|
-
<%- if options.sudoable? -%>
|
|
3
|
-
before_action :require_sudo
|
|
4
|
-
<%- end -%>
|
|
5
2
|
before_action :set_user
|
|
6
3
|
|
|
7
4
|
def update
|
|
8
|
-
|
|
5
|
+
if !@user.authenticate(params[:current_password])
|
|
6
|
+
render json: { error: "The password you entered is incorrect" }, status: :bad_request
|
|
7
|
+
elsif @user.update(user_params)
|
|
9
8
|
render_show
|
|
10
9
|
else
|
|
11
10
|
render json: @user.errors, status: :unprocessable_entity
|
|
@@ -1,17 +1,6 @@
|
|
|
1
1
|
class ApplicationController < ActionController::Base
|
|
2
2
|
before_action :set_current_request_details
|
|
3
3
|
before_action :authenticate
|
|
4
|
-
<%- if options.sudoable? %>
|
|
5
|
-
def require_sudo
|
|
6
|
-
<%- if omniauthable? -%>
|
|
7
|
-
unless Current.session.sudo? || Current.session.user.provider.present?
|
|
8
|
-
<%- else -%>
|
|
9
|
-
unless Current.session.sudo?
|
|
10
|
-
<%- end -%>
|
|
11
|
-
redirect_to new_sessions_sudo_path(proceed_to_url: request.url)
|
|
12
|
-
end
|
|
13
|
-
end
|
|
14
|
-
<%- end -%>
|
|
15
4
|
<%- if options.lockable? %>
|
|
16
5
|
def require_lock(wait: 1.hour, attempts: 10)
|
|
17
6
|
counter = Kredis.counter("require_lock:#{request.remote_ip}:#{params[:controller]}:#{params[:action]}", expires_in: wait)
|
data/lib/generators/authentication/templates/controllers/html/identity/emails_controller.rb.tt
CHANGED
|
@@ -1,14 +1,13 @@
|
|
|
1
1
|
class Identity::EmailsController < ApplicationController
|
|
2
|
-
<%- if options.sudoable? -%>
|
|
3
|
-
before_action :require_sudo
|
|
4
|
-
<%- end -%>
|
|
5
2
|
before_action :set_user
|
|
6
3
|
|
|
7
4
|
def edit
|
|
8
5
|
end
|
|
9
6
|
|
|
10
7
|
def update
|
|
11
|
-
|
|
8
|
+
if !@user.authenticate(params[:current_password])
|
|
9
|
+
redirect_to edit_identity_email_path, alert: "The password you entered is incorrect"
|
|
10
|
+
elsif @user.update(user_params)
|
|
12
11
|
redirect_to_root
|
|
13
12
|
else
|
|
14
13
|
render :edit, status: :unprocessable_entity
|
|
@@ -1,7 +1,4 @@
|
|
|
1
1
|
class TwoFactorAuthentication::TotpsController < ApplicationController
|
|
2
|
-
<%- if options.sudoable? -%>
|
|
3
|
-
before_action :require_sudo
|
|
4
|
-
<%- end -%>
|
|
5
2
|
before_action :set_user
|
|
6
3
|
before_action :set_totp
|
|
7
4
|
|
|
@@ -10,7 +7,9 @@ class TwoFactorAuthentication::TotpsController < ApplicationController
|
|
|
10
7
|
end
|
|
11
8
|
|
|
12
9
|
def create
|
|
13
|
-
if
|
|
10
|
+
if !@user.authenticate(params[:current_password])
|
|
11
|
+
redirect_to two_factor_authentication_totp_path, alert: "The password you entered is incorrect"
|
|
12
|
+
elsif @totp.verify(params[:code], drift_behind: 15)
|
|
14
13
|
@user.update! otp_secret: params[:secret]
|
|
15
14
|
redirect_to root_path, notice: "2FA is enabled on your account"
|
|
16
15
|
else
|
|
@@ -23,7 +23,12 @@
|
|
|
23
23
|
|
|
24
24
|
<div>
|
|
25
25
|
<%%= form.label :email, "New email", style: "display: block" %>
|
|
26
|
-
<%%= form.email_field :email %>
|
|
26
|
+
<%%= form.email_field :email, required: true, autofocus: true %>
|
|
27
|
+
</div>
|
|
28
|
+
|
|
29
|
+
<div>
|
|
30
|
+
<%%= form.label :current_password, style: "display: block" %>
|
|
31
|
+
<%%= form.password_field :current_password, required: true, autocomplete: "current-password" %>
|
|
27
32
|
</div>
|
|
28
33
|
|
|
29
34
|
<div>
|
|
@@ -5,7 +5,7 @@
|
|
|
5
5
|
<%%= form_with(url: identity_password_reset_path) do |form| %>
|
|
6
6
|
<div>
|
|
7
7
|
<%%= form.label :email, style: "display: block" %>
|
|
8
|
-
<%%= form.email_field :email,
|
|
8
|
+
<%%= form.email_field :email, required: true, autofocus: true %>
|
|
9
9
|
</div>
|
|
10
10
|
|
|
11
11
|
<div>
|
|
@@ -6,7 +6,7 @@
|
|
|
6
6
|
<%%= form_with(url: sign_in_path) do |form| %>
|
|
7
7
|
<div>
|
|
8
8
|
<%%= form.label :email, style: "display: block" %>
|
|
9
|
-
<%%= form.email_field :email, value: params[:email_hint],
|
|
9
|
+
<%%= form.email_field :email, value: params[:email_hint], required: true, autofocus: true, autocomplete: "email" %>
|
|
10
10
|
</div>
|
|
11
11
|
|
|
12
12
|
<div>
|
|
@@ -21,7 +21,7 @@
|
|
|
21
21
|
|
|
22
22
|
<br>
|
|
23
23
|
|
|
24
|
-
<%- if
|
|
24
|
+
<%- if passwordless? %>
|
|
25
25
|
<div>
|
|
26
26
|
<%%= link_to "Sign in without password", new_sessions_passwordless_path %>
|
|
27
27
|
</div>
|
|
@@ -5,7 +5,7 @@
|
|
|
5
5
|
<%%= form_with(url: sessions_passwordless_path) do |form| %>
|
|
6
6
|
<div>
|
|
7
7
|
<%%= form.label :email, style: "display: block" %>
|
|
8
|
-
<%%= form.email_field :email,
|
|
8
|
+
<%%= form.email_field :email, required: true, autofocus: true%>
|
|
9
9
|
</div>
|
|
10
10
|
|
|
11
11
|
<div>
|
data/lib/generators/authentication/templates/erb/two_factor_authentication/totps/new.html.erb.tt
CHANGED
|
@@ -19,7 +19,12 @@
|
|
|
19
19
|
|
|
20
20
|
<div>
|
|
21
21
|
<%%= form.label :code, "After scanning with your camera, the app will generate a six-digit code. Enter it here:", style: "display: block" %>
|
|
22
|
-
<%%= form.text_field :code,
|
|
22
|
+
<%%= form.text_field :code, required: true, autofocus: true, autocomplete: :off %>
|
|
23
|
+
</div>
|
|
24
|
+
|
|
25
|
+
<div>
|
|
26
|
+
<%%= form.label :current_password, style: "display: block" %>
|
|
27
|
+
<%%= form.password_field :current_password, required: true, autocomplete: "current-password" %>
|
|
23
28
|
</div>
|
|
24
29
|
|
|
25
30
|
<div>
|
|
@@ -16,7 +16,7 @@ class UserMailer < ApplicationMailer
|
|
|
16
16
|
|
|
17
17
|
mail to: @user.email, subject: "Verify your email"
|
|
18
18
|
end
|
|
19
|
-
<%- if
|
|
19
|
+
<%- if passwordless? %>
|
|
20
20
|
def passwordless
|
|
21
21
|
@user = params[:user]
|
|
22
22
|
@signed_id = @user.sign_in_tokens.create.signed_id(expires_in: 1.day)
|
|
@@ -1,18 +1,10 @@
|
|
|
1
1
|
class Session < ApplicationRecord
|
|
2
2
|
belongs_to :user
|
|
3
|
-
<%- if options.sudoable? %>
|
|
4
|
-
kredis_flag :sudo, expires_in: 30.minutes
|
|
5
|
-
<%- end -%>
|
|
6
3
|
|
|
7
4
|
before_create do
|
|
8
5
|
self.user_agent = Current.user_agent
|
|
9
6
|
self.ip_address = Current.ip_address
|
|
10
7
|
end
|
|
11
|
-
<%- if options.sudoable? %>
|
|
12
|
-
after_create_commit do
|
|
13
|
-
self.sudo.mark
|
|
14
|
-
end
|
|
15
|
-
<%- end -%>
|
|
16
8
|
|
|
17
9
|
after_create_commit do
|
|
18
10
|
SessionMailer.with(session: self).signed_in_notification.deliver_later
|
|
@@ -3,7 +3,7 @@ class User < ApplicationRecord
|
|
|
3
3
|
|
|
4
4
|
has_many :email_verification_tokens, dependent: :destroy
|
|
5
5
|
has_many :password_reset_tokens, dependent: :destroy
|
|
6
|
-
<%- if
|
|
6
|
+
<%- if passwordless? -%>
|
|
7
7
|
has_many :sign_in_tokens, dependent: :destroy
|
|
8
8
|
<%- end -%>
|
|
9
9
|
|
|
@@ -10,7 +10,14 @@ class Identity::EmailsControllerTest < ActionDispatch::IntegrationTest
|
|
|
10
10
|
end
|
|
11
11
|
|
|
12
12
|
test "should update email" do
|
|
13
|
-
patch identity_email_url, params: { email: "new_email@hey.com" }, headers: default_headers
|
|
13
|
+
patch identity_email_url, params: { email: "new_email@hey.com", current_password: "Secret1*3*5*" }, headers: default_headers
|
|
14
14
|
assert_response :success
|
|
15
15
|
end
|
|
16
|
+
|
|
17
|
+
test "should not update email with wrong current password" do
|
|
18
|
+
patch identity_email_url, params: { email: "new_email@hey.com", current_password: "SecretWrong1*3" }, headers: default_headers
|
|
19
|
+
|
|
20
|
+
assert_response :bad_request
|
|
21
|
+
assert_equal "The password you entered is incorrect", response.parsed_body["error"]
|
|
22
|
+
end
|
|
16
23
|
end
|
|
@@ -11,7 +11,14 @@ class Identity::EmailsControllerTest < ActionDispatch::IntegrationTest
|
|
|
11
11
|
end
|
|
12
12
|
|
|
13
13
|
test "should update email" do
|
|
14
|
-
patch identity_email_url, params: { email: "new_email@hey.com" }
|
|
14
|
+
patch identity_email_url, params: { email: "new_email@hey.com", current_password: "Secret1*3*5*" }
|
|
15
15
|
assert_redirected_to root_url
|
|
16
16
|
end
|
|
17
|
+
|
|
18
|
+
test "should not update email with wrong current password" do
|
|
19
|
+
patch identity_email_url, params: { email: "new_email@hey.com", current_password: "SecretWrong1*3" }
|
|
20
|
+
|
|
21
|
+
assert_redirected_to edit_identity_email_url
|
|
22
|
+
assert_equal "The password you entered is incorrect", flash[:alert]
|
|
23
|
+
end
|
|
17
24
|
end
|
|
@@ -55,7 +55,7 @@ class Identity::PasswordResetsControllerTest < ActionDispatch::IntegrationTest
|
|
|
55
55
|
test "should not update password with expired token" do
|
|
56
56
|
sid_exp = @user.password_reset_tokens.create.signed_id(expires_in: 0.minutes)
|
|
57
57
|
|
|
58
|
-
patch identity_password_reset_url, params: { sid:
|
|
58
|
+
patch identity_password_reset_url, params: { sid: sid_exp, password: "Secret6*4*2*", password_confirmation: "Secret6*4*2*" }
|
|
59
59
|
assert_redirected_to new_identity_password_reset_url
|
|
60
60
|
assert_equal "That password reset link is invalid", flash[:alert]
|
|
61
61
|
end
|
|
@@ -9,6 +9,7 @@ class Identity::EmailsTest < ApplicationSystemTestCase
|
|
|
9
9
|
click_on "Change email address"
|
|
10
10
|
|
|
11
11
|
fill_in "New email", with: "new_email@hey.com"
|
|
12
|
+
fill_in "Current password", with: "Secret1*3*5*"
|
|
12
13
|
click_on "Save changes"
|
|
13
14
|
|
|
14
15
|
assert_text "Your email has been changed"
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: authentication-zero
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.16.
|
|
4
|
+
version: 2.16.7
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Nixon
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2023-02-
|
|
11
|
+
date: 2023-02-15 00:00:00.000000000 Z
|
|
12
12
|
dependencies: []
|
|
13
13
|
description:
|
|
14
14
|
email:
|
|
@@ -44,8 +44,6 @@ files:
|
|
|
44
44
|
- lib/generators/authentication/templates/controllers/api/identity/password_resets_controller.rb.tt
|
|
45
45
|
- lib/generators/authentication/templates/controllers/api/passwords_controller.rb.tt
|
|
46
46
|
- lib/generators/authentication/templates/controllers/api/registrations_controller.rb.tt
|
|
47
|
-
- lib/generators/authentication/templates/controllers/api/sessions/passwordlesses_controller.rb.tt
|
|
48
|
-
- lib/generators/authentication/templates/controllers/api/sessions/sudos_controller.rb.tt
|
|
49
47
|
- lib/generators/authentication/templates/controllers/api/sessions_controller.rb.tt
|
|
50
48
|
- lib/generators/authentication/templates/controllers/html/application_controller.rb.tt
|
|
51
49
|
- lib/generators/authentication/templates/controllers/html/authentications/events_controller.rb.tt
|
|
@@ -57,7 +55,6 @@ files:
|
|
|
57
55
|
- lib/generators/authentication/templates/controllers/html/registrations_controller.rb.tt
|
|
58
56
|
- lib/generators/authentication/templates/controllers/html/sessions/omniauth_controller.rb.tt
|
|
59
57
|
- lib/generators/authentication/templates/controllers/html/sessions/passwordlesses_controller.rb.tt
|
|
60
|
-
- lib/generators/authentication/templates/controllers/html/sessions/sudos_controller.rb.tt
|
|
61
58
|
- lib/generators/authentication/templates/controllers/html/sessions_controller.rb.tt
|
|
62
59
|
- lib/generators/authentication/templates/controllers/html/two_factor_authentication/challenges_controller.rb.tt
|
|
63
60
|
- lib/generators/authentication/templates/controllers/html/two_factor_authentication/totps_controller.rb.tt
|
|
@@ -72,7 +69,6 @@ files:
|
|
|
72
69
|
- lib/generators/authentication/templates/erb/sessions/index.html.erb.tt
|
|
73
70
|
- lib/generators/authentication/templates/erb/sessions/new.html.erb.tt
|
|
74
71
|
- lib/generators/authentication/templates/erb/sessions/passwordlesses/new.html.erb.tt
|
|
75
|
-
- lib/generators/authentication/templates/erb/sessions/sudos/new.html.erb.tt
|
|
76
72
|
- lib/generators/authentication/templates/erb/two_factor_authentication/challenges/new.html.erb.tt
|
|
77
73
|
- lib/generators/authentication/templates/erb/two_factor_authentication/totps/new.html.erb.tt
|
|
78
74
|
- lib/generators/authentication/templates/erb/user_mailer/email_verification.html.erb.tt
|
|
@@ -1,34 +0,0 @@
|
|
|
1
|
-
class Sessions::PasswordlessesController < ApplicationController
|
|
2
|
-
skip_before_action :authenticate
|
|
3
|
-
|
|
4
|
-
<%- if options.lockable? -%>
|
|
5
|
-
before_action :require_lock, only: :create
|
|
6
|
-
<%- end -%>
|
|
7
|
-
before_action :set_user, only: :edit
|
|
8
|
-
|
|
9
|
-
def edit
|
|
10
|
-
@session = @user.sessions.create!
|
|
11
|
-
response.set_header "X-Session-Token", @session.signed_id
|
|
12
|
-
|
|
13
|
-
revoke_tokens; render(json: @session, status: :created)
|
|
14
|
-
end
|
|
15
|
-
|
|
16
|
-
def create
|
|
17
|
-
if @user = User.find_by(email: params[:email], verified: true)
|
|
18
|
-
UserMailer.with(user: @user).passwordless.deliver_later
|
|
19
|
-
else
|
|
20
|
-
render json: { error: "You can't sign in until you verify your email" }, status: :bad_request
|
|
21
|
-
end
|
|
22
|
-
end
|
|
23
|
-
|
|
24
|
-
private
|
|
25
|
-
def set_user
|
|
26
|
-
@token = SignInToken.find_signed!(params[:sid]); @user = @token.user
|
|
27
|
-
rescue
|
|
28
|
-
render json: { error: "That sign in link is invalid" }, status: :bad_request
|
|
29
|
-
end
|
|
30
|
-
|
|
31
|
-
def revoke_tokens
|
|
32
|
-
@user.sign_in_tokens.delete_all
|
|
33
|
-
end
|
|
34
|
-
end
|
data/lib/generators/authentication/templates/controllers/api/sessions/sudos_controller.rb.tt
DELETED
|
@@ -1,11 +0,0 @@
|
|
|
1
|
-
class Sessions::SudosController < ApplicationController
|
|
2
|
-
def create
|
|
3
|
-
session = Current.session
|
|
4
|
-
|
|
5
|
-
if session.user.authenticate(params[:password])
|
|
6
|
-
session.sudo.mark
|
|
7
|
-
else
|
|
8
|
-
render json: { error: "The password you entered is incorrect" }, status: :bad_request
|
|
9
|
-
end
|
|
10
|
-
end
|
|
11
|
-
end
|
data/lib/generators/authentication/templates/controllers/html/sessions/sudos_controller.rb.tt
DELETED
|
@@ -1,14 +0,0 @@
|
|
|
1
|
-
class Sessions::SudosController < ApplicationController
|
|
2
|
-
def new
|
|
3
|
-
end
|
|
4
|
-
|
|
5
|
-
def create
|
|
6
|
-
session = Current.session
|
|
7
|
-
|
|
8
|
-
if session.user.authenticate(params[:password])
|
|
9
|
-
session.sudo.mark; redirect_to(params[:proceed_to_url])
|
|
10
|
-
else
|
|
11
|
-
redirect_to new_sessions_sudo_path(proceed_to_url: params[:proceed_to_url]), alert: "The password you entered is incorrect"
|
|
12
|
-
end
|
|
13
|
-
end
|
|
14
|
-
end
|
|
@@ -1,28 +0,0 @@
|
|
|
1
|
-
<p style="color: red"><%%= alert %></p>
|
|
2
|
-
|
|
3
|
-
<h1>Enter your password to continue</h1>
|
|
4
|
-
|
|
5
|
-
<%%= form_with(url: sessions_sudo_path) do |form| %>
|
|
6
|
-
|
|
7
|
-
<%%= form.hidden_field :proceed_to_url, value: params[:proceed_to_url] %>
|
|
8
|
-
|
|
9
|
-
<div>
|
|
10
|
-
<%%= form.password_field :password, required: true, autofocus: true, autocomplete: "current-password" %>
|
|
11
|
-
</div>
|
|
12
|
-
|
|
13
|
-
<div>
|
|
14
|
-
<%%= form.submit "Continue" %>
|
|
15
|
-
</div>
|
|
16
|
-
<%% end %>
|
|
17
|
-
|
|
18
|
-
<br>
|
|
19
|
-
|
|
20
|
-
<p>
|
|
21
|
-
<strong>Why are you asking me to do this?</strong><br>
|
|
22
|
-
To better protect your account, we'll occasionally ask you to confirm your password before performing sensitive actions.
|
|
23
|
-
</p>
|
|
24
|
-
|
|
25
|
-
<p>
|
|
26
|
-
<strong>Forgot your password?</strong><br>
|
|
27
|
-
We'll help you <%%= link_to "reset it", new_identity_password_reset_path %> so you can continue.
|
|
28
|
-
</p>
|