RubyGems - authentication-zero - Versions diffs - 2.3.4 → 2.4.0 - Mend

authentication-zero 2.3.4 → 2.4.0

Files changed (19) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 70f497dd8ed75e1f18c31ef969a0813537d5f80ac72b178fef396347840fd752
-  data.tar.gz: 5d8ab5264ece31d0fe9b14865353bae79d603fac87fcf9417c0dfa58b7c67361
+  metadata.gz: 3aaf162f00b6413821ae603869fb83f1cf577f956490821ffa051a6bf3b314ce
+  data.tar.gz: 9d4d1efd1aeddc346f39d4aec8752ec3f4a693e12908ec7c6ebc4cdcc0888684
 SHA512:
-  metadata.gz: 3d7ed564b16eba4c19fd2a107b8b8e5e256a2b8d7203130c0b1c4c6dac802503bef8c5a98fac02053a20660ab11f5cc2b39f0fc0d46d2fbe8720cd385573adf5
-  data.tar.gz: f9214fcb6e2653acd3dc4687992142848cd1e6a71cb050a1fa1ea02d2f57ec672b346d4ab234027bb37b170a20cdbce4d8d63adac81894b4b06519fefab1a060
+  metadata.gz: 112be1974500241c1e8a78411ba1b1846a7de6ab6a04c81b76963ded1b5150a7f7a12097ba06202210c73446c8404939718d9e7f14d93be3d96a9995235cd56e
+  data.tar.gz: d0d7c2965efdc83e16fcc068c1a1069269a60d68adafc0714291f310e726d90a698f0105752607a747894b683d7e544481b56cad3dee949ca52262f0c34e1250

data/CHANGELOG.md CHANGED Viewed

@@ -1,4 +1,8 @@
-## Rails 2.3.0 (February 26, 2022) ##
+## Authentication Zero 2.4.0 (February 28, 2022) ##
+* Implemented lockable
+## Authentication Zero 2.3.0 (February 26, 2022) ##
 * Implemented sudo
 * Destroy sessions after change password

data/Gemfile.lock CHANGED Viewed

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    authentication-zero (2.3.4)
+    authentication-zero (2.4.0)
 GEM
   remote: https://rubygems.org/

data/README.md CHANGED Viewed

@@ -8,13 +8,14 @@ The purpose of authentication zero is to generate a pre-built authentication sys
 - **Inspired by hey.com**
 - Sign up
 - Email and password validations
-- Authentication by cookie (html)
-- Authentication by token (api)
+- Authentication by cookie
+- Authentication by token (--api)
 - Ask password before sensitive data changes, aka: sudo
 - Reset the user password and send reset instructions
 - Reset the user password only from verified emails
-- Send e-mail verification when your email has been changed
-- Send email when someone has logged into your account
+- Lock sending reset password email after many attempts (--lockable)
+- Send e-mail notification when your email has been changed
+- Send e-mail notification when someone has logged into your account
 - Manage multiple sessions & devices
 - Cancel my account
 - Log out
@@ -93,6 +94,10 @@ $ rails generate authentication user
 Then run `bundle install` again!
+#### --lockable
+Run `rails kredis:install`, to add a default configuration at `config/redis/shared.yml`.
 ## Development
 To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).

data/lib/authentication_zero/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module AuthenticationZero
-  VERSION = "2.3.4"
+  VERSION = "2.4.0"
 end

data/lib/generators/authentication/authentication_generator.rb CHANGED Viewed

@@ -5,18 +5,24 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
   class_option :api, type: :boolean, desc: "Generates API authentication"
+  class_option :lockable, type: :boolean, desc: "Generates password reset locking"
+  class_option :skip_routes, type: :boolean
   class_option :migration, type: :boolean, default: true
   class_option :test_framework, type: :string, desc: "Test framework to be invoked"
   class_option :fixture, type: :boolean, default: true
   class_option :system_tests, type: :string, desc: "Skip system test files"
-  class_option :skip_routes, type: :boolean, default: false
+  class_option :skip_routes, type: :boolean
   source_root File.expand_path("templates", __dir__)
   def add_bcrypt
-    uncomment_lines "Gemfile", /bcrypt/
+    uncomment_lines "Gemfile", /"bcrypt"/
+    uncomment_lines "Gemfile", /"redis"/  if options.lockable
+    uncomment_lines "Gemfile", /"kredis"/ if options.lockable
   end
   def create_migrations
@@ -30,6 +36,7 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
     template "models/model.rb", "app/models/#{file_name}.rb"
     template "models/session.rb", "app/models/session.rb"
     template "models/current.rb", "app/models/current.rb"
+    template "models/locking.rb", "app/models/locking.rb" if options.lockable
   end
   hook_for :fixture_replacement
@@ -55,7 +62,7 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
       end
       def require_sudo
-        if Time.current > 30.minutes.after(Current.session.sudo_at)
+        if Current.session.sudo_at < 30.minutes.ago
           render json: { error: "Enter your password to continue" }, status: :forbidden
         end
       end
@@ -73,7 +80,7 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
       end
       def require_sudo
-        if Time.current > 30.minutes.after(Current.session.sudo_at)
+        if Current.session.sudo_at < 30.minutes.ago
           redirect_to new_sudo_path(proceed_to_url: request.url)
         end
       end

data/lib/generators/authentication/templates/controllers/api/password_resets_controller.rb.tt CHANGED Viewed

@@ -1,11 +1,14 @@
 class PasswordResetsController < ApplicationController
   skip_before_action :authenticate
+<% if options.lockable? -%>
+  before_action :require_locking, only: :create
+<% end -%>
   before_action :set_<%= singular_table_name %>, only: :update
   def create
-    if <%= singular_table_name %> = <%= class_name %>.find_by(email: params[:email], verified: true)
-      IdentityMailer.with(<%= singular_table_name %>: <%= singular_table_name %>).password_reset_provision.deliver_later
+    if @<%= singular_table_name %> = <%= class_name %>.find_by(email: params[:email], verified: true)
+      IdentityMailer.with(<%= singular_table_name %>: @<%= singular_table_name %>).password_reset_provision.deliver_later
     else
       render json: { error: "You can't reset your password until you verify your email" }, status: :not_found
     end
@@ -29,4 +32,11 @@ class PasswordResetsController < ApplicationController
     def <%= "#{singular_table_name}_params" %>
       params.permit(:password, :password_confirmation)
     end
+<% if options.lockable? %>
+    def require_locking
+      Locking.lock_on("password_reset_lock_#{request.remote_ip}", wait: 1.hour, attempts: 10) do
+        render json: { error: "You've exceeded the maximum number of attempts" }, status: :too_many_requests
+      end
+    end
+<% end -%>
 end

data/lib/generators/authentication/templates/controllers/api/registrations_controller.rb.tt CHANGED Viewed

@@ -2,12 +2,12 @@ class RegistrationsController < ApplicationController
   skip_before_action :authenticate, only: :create
   def create
-    <%= singular_table_name %> = <%= class_name %>.new(<%= "#{singular_table_name}_params" %>)
+    @<%= singular_table_name %> = <%= class_name %>.new(<%= "#{singular_table_name}_params" %>)
-    if <%= singular_table_name %>.save
-      render json: <%= singular_table_name %>, status: :created
+    if @<%= singular_table_name %>.save
+      render json: @<%= singular_table_name %>, status: :created
     else
-      render json: <%= singular_table_name %>.errors, status: :unprocessable_entity
+      render json: @<%= singular_table_name %>.errors, status: :unprocessable_entity
     end
   end

data/lib/generators/authentication/templates/controllers/api/sessions_controller.rb.tt CHANGED Viewed

@@ -12,13 +12,13 @@ class SessionsController < ApplicationController
   end
   def create
-    <%= singular_table_name %> = <%= class_name %>.find_by_email(params[:email])
+    <%= singular_table_name %> = <%= class_name %>.find_by(email: params[:email])
     if <%= singular_table_name %> && <%= singular_table_name %>.authenticate(params[:password])
-      session = <%= singular_table_name %>.sessions.create!(session_params)
-      response.set_header("X-Session-Token", session.signed_id)
+      @session = <%= singular_table_name %>.sessions.create!(session_params)
+      response.set_header("X-Session-Token", @session.signed_id)
-      render json: session, status: :created
+      render json: @session, status: :created
     else
       render json: { error: "That email or password is incorrect" }, status: :unauthorized
     end

data/lib/generators/authentication/templates/controllers/html/password_resets_controller.rb.tt CHANGED Viewed

@@ -1,6 +1,9 @@
 class PasswordResetsController < ApplicationController
   skip_before_action :authenticate
+<% if options.lockable? -%>
+  before_action :require_locking, only: :create
+<% end -%>
   before_action :set_<%= singular_table_name %>, only: %i[ edit update ]
   def new
@@ -10,8 +13,8 @@ class PasswordResetsController < ApplicationController
   end
   def create
-    if <%= singular_table_name %> = <%= class_name %>.find_by(email: params[:email], verified: true)
-      IdentityMailer.with(<%= singular_table_name %>: <%= singular_table_name %>).password_reset_provision.deliver_later
+    if @<%= singular_table_name %> = <%= class_name %>.find_by(email: params[:email], verified: true)
+      IdentityMailer.with(<%= singular_table_name %>: @<%= singular_table_name %>).password_reset_provision.deliver_later
       redirect_to sign_in_path, notice: "Check your email for reset instructions"
     else
       redirect_to new_password_reset_path, alert: "You can't reset your password until you verify your email"
@@ -36,4 +39,11 @@ class PasswordResetsController < ApplicationController
     def <%= "#{singular_table_name}_params" %>
       params.require(:<%= singular_table_name %>).permit(:password, :password_confirmation)
     end
+<% if options.lockable? %>
+    def require_locking
+      Locking.lock_on("password_reset_lock_#{request.remote_ip}", wait: 1.hour, attempts: 10) do
+        redirect_to new_password_reset_path, alert: "You've exceeded the maximum number of attempts"
+      end
+    end
+<% end -%>
 end

data/lib/generators/authentication/templates/controllers/html/registrations_controller.rb.tt CHANGED Viewed

@@ -6,10 +6,10 @@ class RegistrationsController < ApplicationController
   end
   def create
-    <%= singular_table_name %> = <%= class_name %>.new(<%= "#{singular_table_name}_params" %>)
+    @<%= singular_table_name %> = <%= class_name %>.new(<%= "#{singular_table_name}_params" %>)
-    if <%= singular_table_name %>.save
-      session = <%= singular_table_name %>.sessions.create!(session_params)
+    if @<%= singular_table_name %>.save
+      session = @<%= singular_table_name %>.sessions.create!(session_params)
       cookies.signed.permanent[:session_token] = { value: session.id, httponly: true }
       redirect_to root_path, notice: "Welcome! You have signed up successfully"

data/lib/generators/authentication/templates/controllers/html/sessions_controller.rb.tt CHANGED Viewed

@@ -12,11 +12,11 @@ class SessionsController < ApplicationController
   end
   def create
-    <%= singular_table_name %> = <%= class_name %>.find_by_email(params[:email])
+    <%= singular_table_name %> = <%= class_name %>.find_by(email: params[:email])
     if <%= singular_table_name %> && <%= singular_table_name %>.authenticate(params[:password])
-      session = <%= singular_table_name %>.sessions.create!(session_params)
-      cookies.signed.permanent[:session_token] = { value: session.id, httponly: true }
+      @session = <%= singular_table_name %>.sessions.create!(session_params)
+      cookies.signed.permanent[:session_token] = { value: @session.id, httponly: true }
       redirect_to root_path, notice: "Signed in successfully"
     else

data/lib/generators/authentication/templates/mailers/identity_mailer.rb.tt CHANGED Viewed

@@ -8,7 +8,7 @@ class IdentityMailer < ApplicationMailer
   def email_verify_confirmation
     @<%= singular_table_name %> = params[:<%= singular_table_name %>]
-    @signed_id = @<%= singular_table_name %>.signed_id(purpose: @<%= singular_table_name %>.email, expires_in: 20.minutes)
+    @signed_id = @<%= singular_table_name %>.signed_id(purpose: @<%= singular_table_name %>.email, expires_in: 3.days)
     mail to: @<%= singular_table_name %>.email, subject: "Verify your email"
   end

data/lib/generators/authentication/templates/migrations/create_sessions_migration.rb.tt CHANGED Viewed

@@ -1,7 +1,7 @@
 class <%= migration_class_name %> < ActiveRecord::Migration[<%= ActiveRecord::Migration.current_version %>]
   def change
     create_table :sessions do |t|
-      t.references :user, null: false, foreign_key: true
+      t.references :<%= singular_table_name %>, null: false, foreign_key: true
       t.string :user_agent, null: false
       t.string :ip_address, null: false

data/lib/generators/authentication/templates/models/locking.rb.tt ADDED Viewed

@@ -0,0 +1,10 @@
+class Locking
+  def self.lock_on(key, wait:, attempts:, &block)
+    counter = Kredis.counter(key, expires_in: wait)
+    counter.increment
+    if counter.value > attempts
+      yield
+    end
+  end
+end

data/lib/generators/authentication/templates/test_unit/controllers/api/password_resets_controller_test.rb.tt CHANGED Viewed

@@ -6,6 +6,9 @@ class PasswordResetsControllerTest < ActionDispatch::IntegrationTest
     @sid = @<%= singular_table_name %>.signed_id(purpose: :password_reset, expires_in: 20.minutes)
     @sid_exp = @<%= singular_table_name %>.signed_id(purpose: :password_reset, expires_in: 0.minutes)
   end
+<% if options.lockable? %>
+  teardown { Kredis.clear_all }
+<% end -%>
   test "should send a password reset email" do
     assert_enqueued_email_with IdentityMailer, :password_reset_provision, args: { <%= singular_table_name %>: @<%= singular_table_name %> } do

data/lib/generators/authentication/templates/test_unit/controllers/html/password_resets_controller_test.rb.tt CHANGED Viewed

@@ -6,6 +6,9 @@ class PasswordResetsControllerTest < ActionDispatch::IntegrationTest
     @sid = @<%= singular_table_name %>.signed_id(purpose: :password_reset, expires_in: 20.minutes)
     @sid_exp = @<%= singular_table_name %>.signed_id(purpose: :password_reset, expires_in: 0.minutes)
   end
+<% if options.lockable? %>
+  teardown { Kredis.clear_all }
+<% end -%>
   test "should get new" do
     get new_password_reset_url

data/lib/generators/authentication/templates/test_unit/system/password_resets_test.rb.tt CHANGED Viewed

@@ -5,6 +5,9 @@ class PasswordResetsTest < ApplicationSystemTestCase
     @<%= singular_table_name %> = <%= table_name %>(:lazaro_nixon)
     @sid = @<%= singular_table_name %>.signed_id(purpose: :password_reset, expires_in: 20.minutes)
   end
+<% if options.lockable? %>
+  teardown { Kredis.clear_all }
+<% end -%>
   test "sending a password reset email" do
     visit sign_in_url

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: authentication-zero
 version: !ruby/object:Gem::Version
-  version: 2.3.4
+  version: 2.4.0
 platform: ruby
 authors:
 - Nixon
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-02-26 00:00:00.000000000 Z
+date: 2022-02-28 00:00:00.000000000 Z
 dependencies: []
 description:
 email:
@@ -64,6 +64,7 @@ files:
 - lib/generators/authentication/templates/migrations/create_sessions_migration.rb.tt
 - lib/generators/authentication/templates/migrations/create_table_migration.rb.tt
 - lib/generators/authentication/templates/models/current.rb.tt
+- lib/generators/authentication/templates/models/locking.rb.tt
 - lib/generators/authentication/templates/models/model.rb.tt
 - lib/generators/authentication/templates/models/session.rb.tt
 - lib/generators/authentication/templates/test_unit/controllers/api/email_verifications_controller_test.rb.tt