RubyGems - authentication-zero - Versions diffs - 2.5.0 → 2.7.0 - Mend

authentication-zero 2.5.0 → 2.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (15) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 33059916bc171e1b5b356d42cec0cda9187fccae24dcf672f64d92a5c1c361ae
-  data.tar.gz: 7a03af810846d29d4256569d7551640a169d4da5fdd47a3c3495c4e8c99af1b7
+  metadata.gz: 60cf049a1db63ab5db00eae68715cb06a09e9a7901453050c44193ea0fa2c3ef
+  data.tar.gz: 0e4373e8deb0556129a6aa8dc07222dcff48f5e79c156120c9e1fc90ac9444a5
 SHA512:
-  metadata.gz: ee18e7ebff72bfe5f640aa0ceb9ecf34d1ceb05b17b98d537a119ff3ec152c12106455fb43704a97ea2723dd1bac39c8c109c9c5522118f9976dc37aa0b17b63
-  data.tar.gz: 0c63115b52b3a748f379922ca5eda6a0bfca9ecbf3960385a8441feb2e02d9cb43483250cfe0a739b7d14d29371a1ccc29065c51543ea56f6b115c4aab4afaf4
+  metadata.gz: 9168e4d6d3aa6873a56dab1cdb2b53f1640f71de184b73041430c4ee64e804eacc4e853ddc768d7be8189db41f4bdc69f66c3be61bc903adff40fbb491a38dad
+  data.tar.gz: 5f96ab18052f21ac747ed35edd5c9f2afec612c423bac8626a8eaf05970e78d782af567b3d9c831787ecb2d77c9eb823e604cb7b639a560df630aeac6193ac5e

data/CHANGELOG.md CHANGED Viewed

@@ -1,3 +1,11 @@
+## Authentication Zero 2.7.0 (March 2, 2022) ##
+* Implemented omniauth
+## Authentication Zero 2.6.0 (March 1, 2022) ##
+* Implemented ratelimit
 ## Authentication Zero 2.5.0 (February 28, 2022) ##
 * Implemented pwned

data/Gemfile.lock CHANGED Viewed

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    authentication-zero (2.5.0)
+    authentication-zero (2.7.0)
 GEM
   remote: https://rubygems.org/

data/README.md CHANGED Viewed

@@ -11,11 +11,13 @@ The purpose of authentication zero is to generate a pre-built authentication sys
 - Checks if a password has been found in any data breach (--pwned)
 - Authentication by cookie
 - Authentication by token (--api)
+- Social Login with OmniAuth (--omniauth)
 - Ask password before sensitive data changes, aka: sudo
 - Reset the user password and send reset instructions
 - Reset the user password only from verified emails
 - Lock sending reset password email after many attempts (--lockable)
-- Send e-mail notification when your email has been changed
+- Rate limiting for your app, 1000 reqs/hour (--ratelimit)
+- Send e-mail confirmation when your email has been changed
 - Send e-mail notification when someone has logged into your account
 - Manage multiple sessions & devices
 - Cancel my account
@@ -95,10 +97,6 @@ $ rails generate authentication user
 Then run `bundle install` again!
-#### --lockable (optional)
-Run `rails kredis:install`, to add a default configuration at `config/redis/shared.yml`.
 ## Development
 To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).

data/lib/authentication_zero/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module AuthenticationZero
-  VERSION = "2.5.0"
+  VERSION = "2.7.0"
 end

data/lib/generators/authentication/authentication_generator.rb CHANGED Viewed

@@ -3,49 +3,62 @@ require "rails/generators/active_record"
 class AuthenticationGenerator < Rails::Generators::NamedBase
   include ActiveRecord::Generators::Migration
-  class_option :api, type: :boolean, desc: "Generates API authentication"
+  class_option :api,       type: :boolean, desc: "Generates API authentication"
+  class_option :pwned,     type: :boolean, desc: "Add pwned password validation"
+  class_option :lockable,  type: :boolean, desc: "Add password reset locking"
+  class_option :ratelimit, type: :boolean, desc: "Add request rate limiting"
+  class_option :omniauth,  type: :boolean, desc: "Add social login support"
-  class_option :lockable, type: :boolean, desc: "Add password reset locking"
+  source_root File.expand_path("templates", __dir__)
-  class_option :pwned, type: :boolean, desc: "Add pwned password validation"
+  def add_gems
+    uncomment_lines "Gemfile", /"bcrypt"/
+    uncomment_lines "Gemfile", /"redis"/  if options.lockable?
+    uncomment_lines "Gemfile", /"kredis"/ if options.lockable?
-  class_option :migration, type: :boolean, default: true
-  class_option :test_framework, type: :string, desc: "Test framework to be invoked"
+    if options.pwned?
+      gem "pwned", comment: "Use Pwned to check if a password has been found in any of the huge data breaches [https://github.com/philnash/pwned]"
+    end
-  class_option :fixture, type: :boolean, default: true
-  class_option :system_tests, type: :string, desc: "Skip system test files"
+    if options.ratelimit?
+      gem "rack-ratelimit", group: :production, comment: "Use Rack::Ratelimit to rate limit requests [https://github.com/jeremy/rack-ratelimit]"
+    end
-  class_option :skip_routes, type: :boolean
+    if omniauth?
+      gem "omniauth", comment: "Use OmniAuth to support multi-provider authentication [https://github.com/omniauth/omniauth]"
+      gem "omniauth-rails_csrf_protection", comment: "Provides a mitigation against CVE-2015-9284 [https://github.com/cookpad/omniauth-rails_csrf_protection]"
+    end
+  end
-  source_root File.expand_path("templates", __dir__)
+  def create_configuration_files
+     copy_file "config/redis/shared.yml", "config/redis/shared.yml" if options.lockable?
+     copy_file "config/initializers/omniauth.rb", "config/initializers/omniauth.rb" if omniauth?
+  end
-  def add_gems
-    uncomment_lines "Gemfile", /"bcrypt"/
-    uncomment_lines "Gemfile", /"redis"/  if options.lockable
-    uncomment_lines "Gemfile", /"kredis"/ if options.lockable
-    gem "pwned", comment: "Use pwned to check if a password has been found in any of the huge data breaches [https://github.com/philnash/pwned]" if options.pwned
+  def add_environment_configurations
+     ratelimit_code = <<~CODE
+      # Rate limit general requests by IP address in a rate of 1000 requests per hour
+      config.middleware.use(Rack::Ratelimit, name: "General", rate: [1000, 1.hour], redis: Redis.new, logger: Rails.logger) { |env| ActionDispatch::Request.new(env).ip }
+    CODE
+    environment ratelimit_code, env: "production" if options.ratelimit?
   end
   def create_migrations
-    if options.migration
-      migration_template "migrations/create_table_migration.rb", "#{db_migrate_path}/create_#{table_name}.rb"
-      migration_template "migrations/create_sessions_migration.rb", "#{db_migrate_path}/create_sessions.rb"
-    end
+    migration_template "migrations/create_table_migration.rb", "#{db_migrate_path}/create_#{table_name}.rb"
+    migration_template "migrations/create_sessions_migration.rb", "#{db_migrate_path}/create_sessions.rb"
+    migration_template "migrations/add_omniauth_migration.rb", "#{db_migrate_path}/add_omniauth_to_#{table_name}.rb" if omniauth?
   end
   def create_models
     template "models/model.rb", "app/models/#{file_name}.rb"
     template "models/session.rb", "app/models/session.rb"
     template "models/current.rb", "app/models/current.rb"
-    template "models/locking.rb", "app/models/locking.rb" if options.lockable
+    template "models/locking.rb", "app/models/locking.rb" if options.lockable?
   end
-  hook_for :fixture_replacement
   def create_fixture_file
-    if options.fixture && options.fixture_replacement.nil?
-      template "#{test_framework}/fixtures.yml", "test/fixtures/#{fixture_file_name}.yml"
-    end
+    template "test_unit/fixtures.yml", "test/fixtures/#{fixture_file_name}.yml"
   end
   def add_application_controller_methods
@@ -93,10 +106,11 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
   def create_controllers
     directory "controllers/#{format_folder}", "app/controllers"
+    directory "controllers/omniauth", "app/controllers" if omniauth?
   end
   def create_views
-    if options.api
+    if options.api?
       directory "erb/identity_mailer", "app/views/identity_mailer"
       directory "erb/session_mailer", "app/views/session_mailer"
     else
@@ -109,40 +123,36 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
   end
   def add_routes
-    unless options.skip_routes
-      route "resource :sudo, only: [:new, :create]"
-      route "resource :registration, only: :destroy"
-      route "resource :password_reset, only: [:new, :edit, :create, :update]"
-      route "resource :password, only: [:edit, :update]"
-      route "resource :email_verification, only: [:edit, :create]"
-      route "resource :email, only: [:edit, :update]"
-      route "resources :sessions, only: [:index, :show, :destroy]"
-      route "post 'sign_up', to: 'registrations#create'"
-      route "get 'sign_up', to: 'registrations#new'" unless options.api?
-      route "post 'sign_in', to: 'sessions#create'"
-      route "get 'sign_in', to: 'sessions#new'" unless options.api?
+    if omniauth?
+      route "post '/auth/:provider/callback', to: 'omniauth_sessions#create'"
+      route "get '/auth/:provider/callback', to: 'omniauth_sessions#create'"
+      route "get '/auth/failure', to: 'omniauth_sessions#failure'"
     end
+    route "resource :sudo, only: [:new, :create]"
+    route "resource :registration, only: :destroy"
+    route "resource :password_reset, only: [:new, :edit, :create, :update]"
+    route "resource :password, only: [:edit, :update]"
+    route "resource :email_verification, only: [:edit, :create]"
+    route "resource :email, only: [:edit, :update]"
+    route "resources :sessions, only: [:index, :show, :destroy]"
+    route "post 'sign_up', to: 'registrations#create'"
+    route "get 'sign_up', to: 'registrations#new'" unless options.api?
+    route "post 'sign_in', to: 'sessions#create'"
+    route "get 'sign_in', to: 'sessions#new'" unless options.api?
   end
   def create_test_files
-    directory "#{test_framework}/controllers/#{format_folder}", "test/controllers"
-    directory "#{system_tests}/system", "test/system" if system_tests?
+    directory "test_unit/controllers/#{format_folder}", "test/controllers"
+    directory "test_unit/system", "test/system" unless options.api?
   end
   private
     def format_folder
-      options.api ? "api" : "html"
-    end
-    def test_framework
-      options.test_framework
-    end
-    def system_tests
-      options.system_tests
+      options.api? ? "api" : "html"
     end
-    def system_tests?
-      !options.api? && options.system_tests
+    def omniauth?
+      options.omniauth? && !options.api?
     end
 end

data/lib/generators/authentication/templates/config/initializers/omniauth.rb ADDED Viewed

@@ -0,0 +1,3 @@
+Rails.application.config.middleware.use OmniAuth::Builder do
+  provider :developer unless Rails.env.production? # You should replace it with your provider
+end

data/lib/generators/authentication/templates/config/redis/shared.yml ADDED Viewed

@@ -0,0 +1,15 @@
+production: &production
+  url: <%= ENV.fetch("REDIS_URL", "redis://127.0.0.1:6379/0") %>
+  timeout: 1
+development: &development
+  url: <%= ENV.fetch("REDIS_URL", "redis://127.0.0.1:6379/0") %>
+  timeout: 1
+  # You can also specify host, port, and db instead of url
+  # host: <%= ENV.fetch("REDIS_SHARED_HOST", "127.0.0.1") %>
+  # port: <%= ENV.fetch("REDIS_SHARED_PORT", "6379") %>
+  # db: <%= ENV.fetch("REDIS_SHARED_DB", "11") %>
+test:
+  <<: *development

data/lib/generators/authentication/templates/controllers/html/sessions_controller.rb.tt CHANGED Viewed

@@ -25,8 +25,7 @@ class SessionsController < ApplicationController
   end
   def destroy
-    @session.destroy
-    redirect_to sessions_path, notice: "That session has been logged out"
+    @session.destroy; redirect_to(sessions_path, notice: "That session has been logged out")
   end
   private

data/lib/generators/authentication/templates/controllers/html/sudos_controller.rb.tt CHANGED Viewed

@@ -5,7 +5,11 @@ class SudosController < ApplicationController
   def create
     session = Current.session
+<% if options.omniauth? -%>
+    if session.<%= singular_table_name %>.authenticate(params[:password]) || session.<%= singular_table_name %>.provider
+<% else -%>
     if session.<%= singular_table_name %>.authenticate(params[:password])
+<% end -%>
       session.update!(sudo_at: Time.current); redirect_to(params[:proceed_to_url])
     else
       redirect_to new_sudo_path(proceed_to_url: params[:proceed_to_url]), alert: "The password you entered is incorrect"

data/lib/generators/authentication/templates/controllers/omniauth/omniauth_sessions_controller.rb.tt ADDED Viewed

@@ -0,0 +1,38 @@
+class OmniauthSessionsController < ApplicationController
+  skip_before_action :verify_authenticity_token
+  skip_before_action :authenticate
+  def create
+    @<%= singular_table_name %> = <%= class_name %>.where(omniauth_params).first_or_initialize(<%= "#{singular_table_name}_params" %>)
+    if @<%= singular_table_name %>.save
+      session = @<%= singular_table_name %>.sessions.create!(session_params)
+      cookies.signed.permanent[:session_token] = { value: session.id, httponly: true }
+      redirect_to root_path, notice: "Signed in successfully"
+    else
+      redirect_to sign_in_path, alert: "Authentication failed"
+    end
+  end
+  def failure
+    redirect_to sign_in_path, alert: params[:message]
+  end
+  private
+    def omniauth_params
+      { provider: omniauth.provider, uid: omniauth.uid }
+    end
+    def <%= "#{singular_table_name}_params" %>
+      { email: omniauth.info.email, password: SecureRandom::base58, verified: true }
+    end
+    def session_params
+      { user_agent: request.user_agent, ip_address: request.remote_ip, sudo_at: Time.current }
+    end
+    def omniauth
+      request.env["omniauth.auth"]
+    end
+end

data/lib/generators/authentication/templates/erb/sessions/new.html.erb.tt CHANGED Viewed

@@ -18,6 +18,11 @@
     <%%= form.submit "Sign in" %>
   </div>
 <%% end %>
+<% if options.omniauth? %>
+<div>
+  <%%= button_to "Sign in with OmniAuth", "/auth/developer", "data-turbo" => false %>
+</div>
+<% end -%>
 <br>

data/lib/generators/authentication/templates/mailers/identity_mailer.rb.tt CHANGED Viewed

@@ -8,7 +8,7 @@ class IdentityMailer < ApplicationMailer
   def email_verify_confirmation
     @<%= singular_table_name %> = params[:<%= singular_table_name %>]
-    @signed_id = @<%= singular_table_name %>.signed_id(purpose: @<%= singular_table_name %>.email, expires_in: 3.days)
+    @signed_id = @<%= singular_table_name %>.signed_id(purpose: @<%= singular_table_name %>.email, expires_in: 2.days)
     mail to: @<%= singular_table_name %>.email, subject: "Verify your email"
   end

data/lib/generators/authentication/templates/migrations/add_omniauth_migration.rb.tt ADDED Viewed

@@ -0,0 +1,8 @@
+class <%= migration_class_name %> < ActiveRecord::Migration[<%= ActiveRecord::Migration.current_version %>]
+  def change
+    add_column :<%= table_name %>, :provider, :string
+    add_column :<%= table_name %>, :uid, :string
+  end
+  add_index :<%= table_name %>, [:provider, :uid], unique: true
+end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: authentication-zero
 version: !ruby/object:Gem::Version
-  version: 2.5.0
+  version: 2.7.0
 platform: ruby
 authors:
 - Nixon
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-02-28 00:00:00.000000000 Z
+date: 2022-03-02 00:00:00.000000000 Z
 dependencies: []
 description:
 email:
@@ -32,6 +32,8 @@ files:
 - lib/authentication_zero/version.rb
 - lib/generators/authentication/USAGE
 - lib/generators/authentication/authentication_generator.rb
+- lib/generators/authentication/templates/config/initializers/omniauth.rb
+- lib/generators/authentication/templates/config/redis/shared.yml
 - lib/generators/authentication/templates/controllers/api/email_verifications_controller.rb.tt
 - lib/generators/authentication/templates/controllers/api/emails_controller.rb.tt
 - lib/generators/authentication/templates/controllers/api/password_resets_controller.rb.tt
@@ -46,6 +48,7 @@ files:
 - lib/generators/authentication/templates/controllers/html/registrations_controller.rb.tt
 - lib/generators/authentication/templates/controllers/html/sessions_controller.rb.tt
 - lib/generators/authentication/templates/controllers/html/sudos_controller.rb.tt
+- lib/generators/authentication/templates/controllers/omniauth/omniauth_sessions_controller.rb.tt
 - lib/generators/authentication/templates/erb/emails/edit.html.erb.tt
 - lib/generators/authentication/templates/erb/identity_mailer/email_verify_confirmation.html.erb.tt
 - lib/generators/authentication/templates/erb/identity_mailer/email_verify_confirmation.text.erb.tt
@@ -62,6 +65,7 @@ files:
 - lib/generators/authentication/templates/erb/sudos/new.html.erb.tt
 - lib/generators/authentication/templates/mailers/identity_mailer.rb.tt
 - lib/generators/authentication/templates/mailers/session_mailer.rb.tt
+- lib/generators/authentication/templates/migrations/add_omniauth_migration.rb.tt
 - lib/generators/authentication/templates/migrations/create_sessions_migration.rb.tt
 - lib/generators/authentication/templates/migrations/create_table_migration.rb.tt
 - lib/generators/authentication/templates/models/current.rb.tt