authentication-zero 2.3.6 → 2.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3cd20da7b0f56b6c19dcc3133bd3423222705fd77b64b6754284b2d0a34b795d
-  data.tar.gz: a4fecf9bdff5dc659b584326323ac6b53840d4bc9e0e0096f957d68d34ce521b
+  metadata.gz: 3aaf162f00b6413821ae603869fb83f1cf577f956490821ffa051a6bf3b314ce
+  data.tar.gz: 9d4d1efd1aeddc346f39d4aec8752ec3f4a693e12908ec7c6ebc4cdcc0888684
 SHA512:
-  metadata.gz: 9b16ae0a95f453247ea61761bd50bac1abb196980ec8ec56cae879e58239b3f80ffcbb43cde1de81ac4bd50efecaaada6416890a9a04090c3c558c3ffa28870d
-  data.tar.gz: 4563fc71ef94b056bd823dca4dee733d0a337796b995d886e9eeca5cd82706deb43e108857dd70e1bedf1b29a67c0eb1dd08ef2f9fc231a1c0ef51f3c74f17e8
+  metadata.gz: 112be1974500241c1e8a78411ba1b1846a7de6ab6a04c81b76963ded1b5150a7f7a12097ba06202210c73446c8404939718d9e7f14d93be3d96a9995235cd56e
+  data.tar.gz: d0d7c2965efdc83e16fcc068c1a1069269a60d68adafc0714291f310e726d90a698f0105752607a747894b683d7e544481b56cad3dee949ca52262f0c34e1250

data/CHANGELOG.md

@@ -1,4 +1,8 @@
-## Rails 2.3.0 (February 26, 2022) ##
+## Authentication Zero 2.4.0 (February 28, 2022) ##
+
+* Implemented lockable
+
+## Authentication Zero 2.3.0 (February 26, 2022) ##
 
 * Implemented sudo
 * Destroy sessions after change password

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    authentication-zero (2.3.6)
+    authentication-zero (2.4.0)
 
 GEM
   remote: https://rubygems.org/

data/README.md

@@ -8,13 +8,14 @@ The purpose of authentication zero is to generate a pre-built authentication sys
 - **Inspired by hey.com**
 - Sign up
 - Email and password validations
-- Authentication by cookie (html)
-- Authentication by token (api)
+- Authentication by cookie
+- Authentication by token (--api)
 - Ask password before sensitive data changes, aka: sudo
 - Reset the user password and send reset instructions
 - Reset the user password only from verified emails
-- Send e-mail verification when your email has been changed
-- Send email when someone has logged into your account
+- Lock sending reset password email after many attempts (--lockable)
+- Send e-mail notification when your email has been changed
+- Send e-mail notification when someone has logged into your account
 - Manage multiple sessions & devices
 - Cancel my account
 - Log out
@@ -93,6 +94,10 @@ $ rails generate authentication user
 
 Then run `bundle install` again!
 
+#### --lockable
+
+Run `rails kredis:install`, to add a default configuration at `config/redis/shared.yml`.
+
 ## Development
 
 To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).

data/lib/authentication_zero/version.rb

@@ -1,3 +1,3 @@
 module AuthenticationZero
-  VERSION = "2.3.6"
+  VERSION = "2.4.0"
 end

data/lib/generators/authentication/authentication_generator.rb

@@ -5,18 +5,24 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
 
   class_option :api, type: :boolean, desc: "Generates API authentication"
 
+  class_option :lockable, type: :boolean, desc: "Generates password reset locking"
+
+  class_option :skip_routes, type: :boolean
+
   class_option :migration, type: :boolean, default: true
   class_option :test_framework, type: :string, desc: "Test framework to be invoked"
 
   class_option :fixture, type: :boolean, default: true
   class_option :system_tests, type: :string, desc: "Skip system test files"
 
-  class_option :skip_routes, type: :boolean, default: false
+  class_option :skip_routes, type: :boolean
 
   source_root File.expand_path("templates", __dir__)
 
   def add_bcrypt
-    uncomment_lines "Gemfile", /bcrypt/
+    uncomment_lines "Gemfile", /"bcrypt"/
+    uncomment_lines "Gemfile", /"redis"/  if options.lockable
+    uncomment_lines "Gemfile", /"kredis"/ if options.lockable
   end
 
   def create_migrations
@@ -30,6 +36,7 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
     template "models/model.rb", "app/models/#{file_name}.rb"
     template "models/session.rb", "app/models/session.rb"
     template "models/current.rb", "app/models/current.rb"
+    template "models/locking.rb", "app/models/locking.rb" if options.lockable
   end
 
   hook_for :fixture_replacement

data/lib/generators/authentication/templates/controllers/api/password_resets_controller.rb.tt

@@ -1,6 +1,9 @@
 class PasswordResetsController < ApplicationController
   skip_before_action :authenticate
 
+<% if options.lockable? -%>
+  before_action :require_locking, only: :create
+<% end -%>
   before_action :set_<%= singular_table_name %>, only: :update
 
   def create
@@ -29,4 +32,11 @@ class PasswordResetsController < ApplicationController
     def <%= "#{singular_table_name}_params" %>
       params.permit(:password, :password_confirmation)
     end
+<% if options.lockable? %>
+    def require_locking
+      Locking.lock_on("password_reset_lock_#{request.remote_ip}", wait: 1.hour, attempts: 10) do
+        render json: { error: "You've exceeded the maximum number of attempts" }, status: :too_many_requests
+      end
+    end
+<% end -%>
 end

data/lib/generators/authentication/templates/controllers/api/sessions_controller.rb.tt

@@ -12,7 +12,7 @@ class SessionsController < ApplicationController
   end
 
   def create
-    <%= singular_table_name %> = <%= class_name %>.find_by_email(params[:email])
+    <%= singular_table_name %> = <%= class_name %>.find_by(email: params[:email])
 
     if <%= singular_table_name %> && <%= singular_table_name %>.authenticate(params[:password])
       @session = <%= singular_table_name %>.sessions.create!(session_params)

data/lib/generators/authentication/templates/controllers/html/password_resets_controller.rb.tt

@@ -1,6 +1,9 @@
 class PasswordResetsController < ApplicationController
   skip_before_action :authenticate
 
+<% if options.lockable? -%>
+  before_action :require_locking, only: :create
+<% end -%>
   before_action :set_<%= singular_table_name %>, only: %i[ edit update ]
 
   def new
@@ -36,4 +39,11 @@ class PasswordResetsController < ApplicationController
     def <%= "#{singular_table_name}_params" %>
       params.require(:<%= singular_table_name %>).permit(:password, :password_confirmation)
     end
+<% if options.lockable? %>
+    def require_locking
+      Locking.lock_on("password_reset_lock_#{request.remote_ip}", wait: 1.hour, attempts: 10) do
+        redirect_to new_password_reset_path, alert: "You've exceeded the maximum number of attempts"
+      end
+    end
+<% end -%>
 end

data/lib/generators/authentication/templates/controllers/html/sessions_controller.rb.tt

@@ -12,7 +12,7 @@ class SessionsController < ApplicationController
   end
 
   def create
-    <%= singular_table_name %> = <%= class_name %>.find_by_email(params[:email])
+    <%= singular_table_name %> = <%= class_name %>.find_by(email: params[:email])
 
     if <%= singular_table_name %> && <%= singular_table_name %>.authenticate(params[:password])
       @session = <%= singular_table_name %>.sessions.create!(session_params)

data/lib/generators/authentication/templates/models/locking.rb.tt

@@ -0,0 +1,10 @@
+class Locking
+  def self.lock_on(key, wait:, attempts:, &block)
+    counter = Kredis.counter(key, expires_in: wait)
+    counter.increment
+
+    if counter.value > attempts
+      yield
+    end
+  end
+end

data/lib/generators/authentication/templates/test_unit/controllers/api/password_resets_controller_test.rb.tt

@@ -6,6 +6,9 @@ class PasswordResetsControllerTest < ActionDispatch::IntegrationTest
     @sid = @<%= singular_table_name %>.signed_id(purpose: :password_reset, expires_in: 20.minutes)
     @sid_exp = @<%= singular_table_name %>.signed_id(purpose: :password_reset, expires_in: 0.minutes)
   end
+<% if options.lockable? %>
+  teardown { Kredis.clear_all }
+<% end -%>
 
   test "should send a password reset email" do
     assert_enqueued_email_with IdentityMailer, :password_reset_provision, args: { <%= singular_table_name %>: @<%= singular_table_name %> } do

data/lib/generators/authentication/templates/test_unit/controllers/html/password_resets_controller_test.rb.tt

@@ -6,6 +6,9 @@ class PasswordResetsControllerTest < ActionDispatch::IntegrationTest
     @sid = @<%= singular_table_name %>.signed_id(purpose: :password_reset, expires_in: 20.minutes)
     @sid_exp = @<%= singular_table_name %>.signed_id(purpose: :password_reset, expires_in: 0.minutes)
   end
+<% if options.lockable? %>
+  teardown { Kredis.clear_all }
+<% end -%>
 
   test "should get new" do
     get new_password_reset_url

data/lib/generators/authentication/templates/test_unit/system/password_resets_test.rb.tt

@@ -5,6 +5,9 @@ class PasswordResetsTest < ApplicationSystemTestCase
     @<%= singular_table_name %> = <%= table_name %>(:lazaro_nixon)
     @sid = @<%= singular_table_name %>.signed_id(purpose: :password_reset, expires_in: 20.minutes)
   end
+<% if options.lockable? %>
+  teardown { Kredis.clear_all }
+<% end -%>
 
   test "sending a password reset email" do
     visit sign_in_url

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: authentication-zero
 version: !ruby/object:Gem::Version
-  version: 2.3.6
+  version: 2.4.0
 platform: ruby
 authors:
 - Nixon
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-02-27 00:00:00.000000000 Z
+date: 2022-02-28 00:00:00.000000000 Z
 dependencies: []
 description:
 email:
@@ -64,6 +64,7 @@ files:
 - lib/generators/authentication/templates/migrations/create_sessions_migration.rb.tt
 - lib/generators/authentication/templates/migrations/create_table_migration.rb.tt
 - lib/generators/authentication/templates/models/current.rb.tt
+- lib/generators/authentication/templates/models/locking.rb.tt
 - lib/generators/authentication/templates/models/model.rb.tt
 - lib/generators/authentication/templates/models/session.rb.tt
 - lib/generators/authentication/templates/test_unit/controllers/api/email_verifications_controller_test.rb.tt