authentication-zero 2.5.1 → 2.8.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +12 -0
- data/Gemfile.lock +1 -1
- data/README.md +4 -2
- data/lib/authentication_zero/version.rb +1 -1
- data/lib/generators/authentication/authentication_generator.rb +60 -54
- data/lib/generators/authentication/templates/config/initializers/omniauth.rb +3 -0
- data/lib/generators/authentication/templates/controllers/api/{email_verifications_controller.rb.tt → identity/email_verifications_controller.rb.tt} +1 -1
- data/lib/generators/authentication/templates/controllers/api/{emails_controller.rb.tt → identity/emails_controller.rb.tt} +1 -1
- data/lib/generators/authentication/templates/controllers/api/{password_resets_controller.rb.tt → identity/password_resets_controller.rb.tt} +1 -1
- data/lib/generators/authentication/templates/controllers/api/{sudos_controller.rb.tt → sessions/sudos_controller.rb.tt} +1 -1
- data/lib/generators/authentication/templates/controllers/html/{email_verifications_controller.rb.tt → identity/email_verifications_controller.rb.tt} +3 -3
- data/lib/generators/authentication/templates/controllers/html/{emails_controller.rb.tt → identity/emails_controller.rb.tt} +1 -1
- data/lib/generators/authentication/templates/controllers/html/{password_resets_controller.rb.tt → identity/password_resets_controller.rb.tt} +4 -4
- data/lib/generators/authentication/templates/controllers/html/sessions/sudos_controller.rb.tt +18 -0
- data/lib/generators/authentication/templates/controllers/html/sessions_controller.rb.tt +1 -2
- data/lib/generators/authentication/templates/controllers/omniauth_controller.rb.tt +38 -0
- data/lib/generators/authentication/templates/erb/{emails → identity/emails}/edit.html.erb.tt +2 -2
- data/lib/generators/authentication/templates/erb/{password_resets → identity/password_resets}/edit.html.erb.tt +1 -1
- data/lib/generators/authentication/templates/erb/{password_resets → identity/password_resets}/new.html.erb.tt +1 -1
- data/lib/generators/authentication/templates/erb/identity_mailer/email_verify_confirmation.html.erb.tt +1 -1
- data/lib/generators/authentication/templates/erb/identity_mailer/email_verify_confirmation.text.erb.tt +1 -1
- data/lib/generators/authentication/templates/erb/identity_mailer/password_reset_provision.html.erb.tt +1 -1
- data/lib/generators/authentication/templates/erb/identity_mailer/password_reset_provision.text.erb.tt +1 -1
- data/lib/generators/authentication/templates/erb/session_mailer/signed_in_notification.html.erb.tt +1 -1
- data/lib/generators/authentication/templates/erb/session_mailer/signed_in_notification.text.erb.tt +1 -1
- data/lib/generators/authentication/templates/erb/sessions/new.html.erb.tt +6 -1
- data/lib/generators/authentication/templates/erb/{sudos → sessions/sudos}/new.html.erb.tt +2 -2
- data/lib/generators/authentication/templates/mailers/identity_mailer.rb.tt +1 -1
- data/lib/generators/authentication/templates/migrations/add_omniauth_migration.rb.tt +8 -0
- data/lib/generators/authentication/templates/test_unit/controllers/api/{email_verifications_controller_test.rb.tt → identity/email_verifications_controller_test.rb.tt} +5 -5
- data/lib/generators/authentication/templates/test_unit/controllers/api/{emails_controller_test.rb.tt → identity/emails_controller_test.rb.tt} +3 -3
- data/lib/generators/authentication/templates/test_unit/controllers/api/{password_resets_controller_test.rb.tt → identity/password_resets_controller_test.rb.tt} +6 -6
- data/lib/generators/authentication/templates/test_unit/controllers/api/{sudos_controller_test.rb.tt → sessions/sudos_controller_test.rb.tt} +3 -3
- data/lib/generators/authentication/templates/test_unit/controllers/html/{email_verifications_controller_test.rb.tt → identity/email_verifications_controller_test.rb.tt} +9 -9
- data/lib/generators/authentication/templates/test_unit/controllers/html/{emails_controller_test.rb.tt → identity/emails_controller_test.rb.tt} +8 -8
- data/lib/generators/authentication/templates/test_unit/controllers/html/{password_resets_controller_test.rb.tt → identity/password_resets_controller_test.rb.tt} +13 -13
- data/lib/generators/authentication/templates/test_unit/controllers/html/passwords_controller_test.rb.tt +2 -2
- data/lib/generators/authentication/templates/test_unit/controllers/html/registrations_controller_test.rb.tt +1 -1
- data/lib/generators/authentication/templates/test_unit/controllers/html/{sudos_controller_test.rb.tt → sessions/sudos_controller_test.rb.tt} +5 -5
- data/lib/generators/authentication/templates/test_unit/controllers/html/sessions_controller_test.rb.tt +3 -3
- data/lib/generators/authentication/templates/test_unit/system/{emails_test.rb.tt → identity/emails_test.rb.tt} +2 -2
- data/lib/generators/authentication/templates/test_unit/system/{password_resets_test.rb.tt → identity/password_resets_test.rb.tt} +2 -2
- data/lib/generators/authentication/templates/test_unit/system/passwords_test.rb.tt +1 -1
- data/lib/generators/authentication/templates/test_unit/system/registrations_test.rb.tt +1 -1
- data/lib/generators/authentication/templates/test_unit/system/{sudos_test.rb.tt → sessions/sudos_test.rb.tt} +3 -3
- data/lib/generators/authentication/templates/test_unit/system/sessions_test.rb.tt +1 -1
- metadata +28 -25
- data/lib/generators/authentication/templates/controllers/html/sudos_controller.rb.tt +0 -14
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 2c14a071b3c939bbcbe5b14fb0ef71b3ba79651a8a50f91dbe4a4cb566ddd2e1
|
4
|
+
data.tar.gz: 543198b65f48bbc852ac4d084d14bef31a17f92e4c9780180f429b55baafea1b
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 1ae13f8453c42b2eb949683e28363b84b4bd84b4394f8871d9e351c442c64941270a41a3f75f74d1ed387c595ce84e6852b03b937e0427101d8788fe64f02144
|
7
|
+
data.tar.gz: bc7a6f40765bf0bd8caa091d64616f01df272575ae3010ae91fa799a7f189b1e33bd7bafedfe2eebf0e405c1755074d3b28cdb1df0d806649ef76969ebaccf52
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,15 @@
|
|
1
|
+
## Authentication Zero 2.8.0 (March 2, 2022) ##
|
2
|
+
|
3
|
+
* Organize controllers in identity and sessions namespaces
|
4
|
+
|
5
|
+
## Authentication Zero 2.7.0 (March 2, 2022) ##
|
6
|
+
|
7
|
+
* Implemented omniauth
|
8
|
+
|
9
|
+
## Authentication Zero 2.6.0 (March 1, 2022) ##
|
10
|
+
|
11
|
+
* Implemented ratelimit
|
12
|
+
|
1
13
|
## Authentication Zero 2.5.0 (February 28, 2022) ##
|
2
14
|
|
3
15
|
* Implemented pwned
|
data/Gemfile.lock
CHANGED
data/README.md
CHANGED
@@ -11,11 +11,13 @@ The purpose of authentication zero is to generate a pre-built authentication sys
|
|
11
11
|
- Checks if a password has been found in any data breach (--pwned)
|
12
12
|
- Authentication by cookie
|
13
13
|
- Authentication by token (--api)
|
14
|
+
- Social Login with OmniAuth (--omniauth)
|
14
15
|
- Ask password before sensitive data changes, aka: sudo
|
15
16
|
- Reset the user password and send reset instructions
|
16
17
|
- Reset the user password only from verified emails
|
17
18
|
- Lock sending reset password email after many attempts (--lockable)
|
18
|
-
-
|
19
|
+
- Rate limiting for your app, 1000 reqs/hour (--ratelimit)
|
20
|
+
- Send e-mail confirmation when your email has been changed
|
19
21
|
- Send e-mail notification when someone has logged into your account
|
20
22
|
- Manage multiple sessions & devices
|
21
23
|
- Cancel my account
|
@@ -65,7 +67,7 @@ Add these lines to your `app/views/home/index.html.erb`:
|
|
65
67
|
</div>
|
66
68
|
|
67
69
|
<div>
|
68
|
-
<%= link_to "Change email address",
|
70
|
+
<%= link_to "Change email address", edit_identity_email_path %>
|
69
71
|
</div>
|
70
72
|
|
71
73
|
<div>
|
@@ -3,53 +3,62 @@ require "rails/generators/active_record"
|
|
3
3
|
class AuthenticationGenerator < Rails::Generators::NamedBase
|
4
4
|
include ActiveRecord::Generators::Migration
|
5
5
|
|
6
|
-
class_option :api,
|
6
|
+
class_option :api, type: :boolean, desc: "Generates API authentication"
|
7
|
+
class_option :pwned, type: :boolean, desc: "Add pwned password validation"
|
8
|
+
class_option :lockable, type: :boolean, desc: "Add password reset locking"
|
9
|
+
class_option :ratelimit, type: :boolean, desc: "Add request rate limiting"
|
10
|
+
class_option :omniauth, type: :boolean, desc: "Add social login support"
|
7
11
|
|
8
|
-
|
9
|
-
|
10
|
-
class_option :pwned, type: :boolean, desc: "Add pwned password validation"
|
12
|
+
source_root File.expand_path("templates", __dir__)
|
11
13
|
|
12
|
-
|
13
|
-
|
14
|
+
def add_gems
|
15
|
+
uncomment_lines "Gemfile", /"bcrypt"/
|
16
|
+
uncomment_lines "Gemfile", /"redis"/ if options.lockable?
|
17
|
+
uncomment_lines "Gemfile", /"kredis"/ if options.lockable?
|
14
18
|
|
15
|
-
|
16
|
-
|
19
|
+
if options.pwned?
|
20
|
+
gem "pwned", comment: "Use Pwned to check if a password has been found in any of the huge data breaches [https://github.com/philnash/pwned]"
|
21
|
+
end
|
17
22
|
|
18
|
-
|
23
|
+
if options.ratelimit?
|
24
|
+
gem "rack-ratelimit", group: :production, comment: "Use Rack::Ratelimit to rate limit requests [https://github.com/jeremy/rack-ratelimit]"
|
25
|
+
end
|
19
26
|
|
20
|
-
|
27
|
+
if omniauth?
|
28
|
+
gem "omniauth", comment: "Use OmniAuth to support multi-provider authentication [https://github.com/omniauth/omniauth]"
|
29
|
+
gem "omniauth-rails_csrf_protection", comment: "Provides a mitigation against CVE-2015-9284 [https://github.com/cookpad/omniauth-rails_csrf_protection]"
|
30
|
+
end
|
31
|
+
end
|
21
32
|
|
22
|
-
def
|
23
|
-
|
24
|
-
|
25
|
-
uncomment_lines "Gemfile", /"kredis"/ if options.lockable
|
26
|
-
gem "pwned", comment: "Use pwned to check if a password has been found in any of the huge data breaches [https://github.com/philnash/pwned]" if options.pwned
|
33
|
+
def create_configuration_files
|
34
|
+
copy_file "config/redis/shared.yml", "config/redis/shared.yml" if options.lockable?
|
35
|
+
copy_file "config/initializers/omniauth.rb", "config/initializers/omniauth.rb" if omniauth?
|
27
36
|
end
|
28
37
|
|
29
|
-
def
|
30
|
-
|
38
|
+
def add_environment_configurations
|
39
|
+
ratelimit_code = <<~CODE
|
40
|
+
# Rate limit general requests by IP address in a rate of 1000 requests per hour
|
41
|
+
config.middleware.use(Rack::Ratelimit, name: "General", rate: [1000, 1.hour], redis: Redis.new, logger: Rails.logger) { |env| ActionDispatch::Request.new(env).ip }
|
42
|
+
CODE
|
43
|
+
|
44
|
+
environment ratelimit_code, env: "production" if options.ratelimit?
|
31
45
|
end
|
32
46
|
|
33
47
|
def create_migrations
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
end
|
48
|
+
migration_template "migrations/create_table_migration.rb", "#{db_migrate_path}/create_#{table_name}.rb"
|
49
|
+
migration_template "migrations/create_sessions_migration.rb", "#{db_migrate_path}/create_sessions.rb"
|
50
|
+
migration_template "migrations/add_omniauth_migration.rb", "#{db_migrate_path}/add_omniauth_to_#{table_name}.rb" if omniauth?
|
38
51
|
end
|
39
52
|
|
40
53
|
def create_models
|
41
54
|
template "models/model.rb", "app/models/#{file_name}.rb"
|
42
55
|
template "models/session.rb", "app/models/session.rb"
|
43
56
|
template "models/current.rb", "app/models/current.rb"
|
44
|
-
template "models/locking.rb", "app/models/locking.rb" if options.lockable
|
57
|
+
template "models/locking.rb", "app/models/locking.rb" if options.lockable?
|
45
58
|
end
|
46
59
|
|
47
|
-
hook_for :fixture_replacement
|
48
|
-
|
49
60
|
def create_fixture_file
|
50
|
-
|
51
|
-
template "#{test_framework}/fixtures.yml", "test/fixtures/#{fixture_file_name}.yml"
|
52
|
-
end
|
61
|
+
template "test_unit/fixtures.yml", "test/fixtures/#{fixture_file_name}.yml"
|
53
62
|
end
|
54
63
|
|
55
64
|
def add_application_controller_methods
|
@@ -86,7 +95,7 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
|
|
86
95
|
|
87
96
|
def require_sudo
|
88
97
|
if Current.session.sudo_at < 30.minutes.ago
|
89
|
-
redirect_to
|
98
|
+
redirect_to new_sessions_sudo_path(proceed_to_url: request.url)
|
90
99
|
end
|
91
100
|
end
|
92
101
|
CODE
|
@@ -97,10 +106,11 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
|
|
97
106
|
|
98
107
|
def create_controllers
|
99
108
|
directory "controllers/#{format_folder}", "app/controllers"
|
109
|
+
template "controllers/omniauth_controller.rb", "app/controllers/sessions/omniauth_controller.rb" if omniauth?
|
100
110
|
end
|
101
111
|
|
102
112
|
def create_views
|
103
|
-
if options.api
|
113
|
+
if options.api?
|
104
114
|
directory "erb/identity_mailer", "app/views/identity_mailer"
|
105
115
|
directory "erb/session_mailer", "app/views/session_mailer"
|
106
116
|
else
|
@@ -113,40 +123,36 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
|
|
113
123
|
end
|
114
124
|
|
115
125
|
def add_routes
|
116
|
-
|
117
|
-
route "
|
118
|
-
route "
|
119
|
-
route "
|
120
|
-
route "resource :password, only: [:edit, :update]"
|
121
|
-
route "resource :email_verification, only: [:edit, :create]"
|
122
|
-
route "resource :email, only: [:edit, :update]"
|
123
|
-
route "resources :sessions, only: [:index, :show, :destroy]"
|
124
|
-
route "post 'sign_up', to: 'registrations#create'"
|
125
|
-
route "get 'sign_up', to: 'registrations#new'" unless options.api?
|
126
|
-
route "post 'sign_in', to: 'sessions#create'"
|
127
|
-
route "get 'sign_in', to: 'sessions#new'" unless options.api?
|
126
|
+
if omniauth?
|
127
|
+
route "post '/auth/:provider/callback', to: 'sessions/omniauth#create'"
|
128
|
+
route "get '/auth/:provider/callback', to: 'sessions/omniauth#create'"
|
129
|
+
route "get '/auth/failure', to: 'sessions/omniauth#failure'"
|
128
130
|
end
|
131
|
+
|
132
|
+
route "resource :password_reset, only: [:new, :edit, :create, :update]", namespace: :identity
|
133
|
+
route "resource :email_verification, only: [:edit, :create]", namespace: :identity
|
134
|
+
route "resource :email, only: [:edit, :update]", namespace: :identity
|
135
|
+
route "resource :sudo, only: [:new, :create]", namespace: :sessions
|
136
|
+
route "resources :sessions, only: [:index, :show, :destroy]"
|
137
|
+
route "resource :password, only: [:edit, :update]"
|
138
|
+
route "resource :registration, only: :destroy"
|
139
|
+
route "post 'sign_up', to: 'registrations#create'"
|
140
|
+
route "get 'sign_up', to: 'registrations#new'" unless options.api?
|
141
|
+
route "post 'sign_in', to: 'sessions#create'"
|
142
|
+
route "get 'sign_in', to: 'sessions#new'" unless options.api?
|
129
143
|
end
|
130
144
|
|
131
145
|
def create_test_files
|
132
|
-
directory "
|
133
|
-
directory "
|
146
|
+
directory "test_unit/controllers/#{format_folder}", "test/controllers"
|
147
|
+
directory "test_unit/system", "test/system" unless options.api?
|
134
148
|
end
|
135
149
|
|
136
150
|
private
|
137
151
|
def format_folder
|
138
|
-
options.api ? "api" : "html"
|
139
|
-
end
|
140
|
-
|
141
|
-
def test_framework
|
142
|
-
options.test_framework
|
143
|
-
end
|
144
|
-
|
145
|
-
def system_tests
|
146
|
-
options.system_tests
|
152
|
+
options.api? ? "api" : "html"
|
147
153
|
end
|
148
154
|
|
149
|
-
def
|
150
|
-
|
155
|
+
def omniauth?
|
156
|
+
options.omniauth? && !options.api?
|
151
157
|
end
|
152
158
|
end
|
@@ -1,6 +1,6 @@
|
|
1
|
-
class EmailVerificationsController < ApplicationController
|
1
|
+
class Identity::EmailVerificationsController < ApplicationController
|
2
2
|
skip_before_action :authenticate, only: :edit
|
3
|
-
|
3
|
+
|
4
4
|
before_action :set_<%= singular_table_name %>, only: :edit
|
5
5
|
|
6
6
|
def edit
|
@@ -17,6 +17,6 @@ class EmailVerificationsController < ApplicationController
|
|
17
17
|
def set_<%= singular_table_name %>
|
18
18
|
@<%= singular_table_name %> = <%= class_name %>.where(email: params[:email]).find_signed!(params[:token], purpose: params[:email])
|
19
19
|
rescue
|
20
|
-
redirect_to
|
20
|
+
redirect_to edit_identity_email_path, alert: "That email verification link is invalid"
|
21
21
|
end
|
22
22
|
end
|
@@ -1,4 +1,4 @@
|
|
1
|
-
class PasswordResetsController < ApplicationController
|
1
|
+
class Identity::PasswordResetsController < ApplicationController
|
2
2
|
skip_before_action :authenticate
|
3
3
|
|
4
4
|
<% if options.lockable? -%>
|
@@ -17,7 +17,7 @@ class PasswordResetsController < ApplicationController
|
|
17
17
|
IdentityMailer.with(<%= singular_table_name %>: @<%= singular_table_name %>).password_reset_provision.deliver_later
|
18
18
|
redirect_to sign_in_path, notice: "Check your email for reset instructions"
|
19
19
|
else
|
20
|
-
redirect_to
|
20
|
+
redirect_to new_identity_password_reset_path, alert: "You can't reset your password until you verify your email"
|
21
21
|
end
|
22
22
|
end
|
23
23
|
|
@@ -33,7 +33,7 @@ class PasswordResetsController < ApplicationController
|
|
33
33
|
def set_<%= singular_table_name %>
|
34
34
|
@<%= singular_table_name %> = <%= class_name %>.find_signed!(params[:token], purpose: :password_reset)
|
35
35
|
rescue
|
36
|
-
redirect_to
|
36
|
+
redirect_to new_identity_password_reset_path, alert: "That password reset link is invalid"
|
37
37
|
end
|
38
38
|
|
39
39
|
def <%= "#{singular_table_name}_params" %>
|
@@ -42,7 +42,7 @@ class PasswordResetsController < ApplicationController
|
|
42
42
|
<% if options.lockable? %>
|
43
43
|
def require_locking
|
44
44
|
Locking.lock_on("password_reset_lock:#{request.remote_ip}", wait: 1.hour, attempts: 10) do
|
45
|
-
redirect_to
|
45
|
+
redirect_to new_identity_password_reset_path, alert: "You've exceeded the maximum number of attempts"
|
46
46
|
end
|
47
47
|
end
|
48
48
|
<% end -%>
|
@@ -0,0 +1,18 @@
|
|
1
|
+
class Sessions::SudosController < ApplicationController
|
2
|
+
def new
|
3
|
+
end
|
4
|
+
|
5
|
+
def create
|
6
|
+
session = Current.session
|
7
|
+
|
8
|
+
<% if options.omniauth? -%>
|
9
|
+
if session.<%= singular_table_name %>.authenticate(params[:password]) || session.<%= singular_table_name %>.provider
|
10
|
+
<% else -%>
|
11
|
+
if session.<%= singular_table_name %>.authenticate(params[:password])
|
12
|
+
<% end -%>
|
13
|
+
session.update!(sudo_at: Time.current); redirect_to(params[:proceed_to_url])
|
14
|
+
else
|
15
|
+
redirect_to new_sessions_sudo_path(proceed_to_url: params[:proceed_to_url]), alert: "The password you entered is incorrect"
|
16
|
+
end
|
17
|
+
end
|
18
|
+
end
|
@@ -25,8 +25,7 @@ class SessionsController < ApplicationController
|
|
25
25
|
end
|
26
26
|
|
27
27
|
def destroy
|
28
|
-
@session.destroy
|
29
|
-
redirect_to sessions_path, notice: "That session has been logged out"
|
28
|
+
@session.destroy; redirect_to(sessions_path, notice: "That session has been logged out")
|
30
29
|
end
|
31
30
|
|
32
31
|
private
|
@@ -0,0 +1,38 @@
|
|
1
|
+
class Sessions::OmniauthController < ApplicationController
|
2
|
+
skip_before_action :verify_authenticity_token
|
3
|
+
skip_before_action :authenticate
|
4
|
+
|
5
|
+
def create
|
6
|
+
@<%= singular_table_name %> = <%= class_name %>.where(omniauth_params).first_or_initialize(<%= "#{singular_table_name}_params" %>)
|
7
|
+
|
8
|
+
if @<%= singular_table_name %>.save
|
9
|
+
session = @<%= singular_table_name %>.sessions.create!(session_params)
|
10
|
+
cookies.signed.permanent[:session_token] = { value: session.id, httponly: true }
|
11
|
+
|
12
|
+
redirect_to root_path, notice: "Signed in successfully"
|
13
|
+
else
|
14
|
+
redirect_to sign_in_path, alert: "Authentication failed"
|
15
|
+
end
|
16
|
+
end
|
17
|
+
|
18
|
+
def failure
|
19
|
+
redirect_to sign_in_path, alert: params[:message]
|
20
|
+
end
|
21
|
+
|
22
|
+
private
|
23
|
+
def omniauth_params
|
24
|
+
{ provider: omniauth.provider, uid: omniauth.uid }
|
25
|
+
end
|
26
|
+
|
27
|
+
def <%= "#{singular_table_name}_params" %>
|
28
|
+
{ email: omniauth.info.email, password: SecureRandom::base58, verified: true }
|
29
|
+
end
|
30
|
+
|
31
|
+
def session_params
|
32
|
+
{ user_agent: request.user_agent, ip_address: request.remote_ip, sudo_at: Time.current }
|
33
|
+
end
|
34
|
+
|
35
|
+
def omniauth
|
36
|
+
request.env["omniauth.auth"]
|
37
|
+
end
|
38
|
+
end
|
data/lib/generators/authentication/templates/erb/{emails → identity/emails}/edit.html.erb.tt
RENAMED
@@ -5,10 +5,10 @@
|
|
5
5
|
<%% else %>
|
6
6
|
<h1>Verify your email</h1>
|
7
7
|
<p>We sent a verification email to the address below. Check that email and follow those instructions to confirm it's your email address.</p>
|
8
|
-
<p><%%= button_to "Re-send verification email",
|
8
|
+
<p><%%= button_to "Re-send verification email", identity_email_verification_path %></p>
|
9
9
|
<%% end %>
|
10
10
|
|
11
|
-
<%%= form_with(model: @<%= model_resource_name %>, url:
|
11
|
+
<%%= form_with(model: @<%= model_resource_name %>, url: identity_email_path) do |form| %>
|
12
12
|
<%% if @<%= singular_table_name %>.errors.any? %>
|
13
13
|
<div style="color: red">
|
14
14
|
<h2><%%= pluralize(@<%= singular_table_name %>.errors.count, "error") %> prohibited this <%= singular_table_name %> from being saved:</h2>
|
@@ -1,6 +1,6 @@
|
|
1
1
|
<h1>Reset your password</h1>
|
2
2
|
|
3
|
-
<%%= form_with(model: @<%= model_resource_name %>, url:
|
3
|
+
<%%= form_with(model: @<%= model_resource_name %>, url: identity_password_reset_path) do |form| %>
|
4
4
|
<%% if @<%= singular_table_name %>.errors.any? %>
|
5
5
|
<div style="color: red">
|
6
6
|
<h2><%%= pluralize(@<%= singular_table_name %>.errors.count, "error") %> prohibited this <%= singular_table_name %> from being saved:</h2>
|
@@ -2,7 +2,7 @@
|
|
2
2
|
|
3
3
|
<h1>Forgot your password?</h1>
|
4
4
|
|
5
|
-
<%%= form_with(url:
|
5
|
+
<%%= form_with(url: identity_password_reset_path) do |form| %>
|
6
6
|
<div>
|
7
7
|
<%%= form.label :email, style: "display: block" %>
|
8
8
|
<%%= form.email_field :email, autofocus: true, required: true %>
|
@@ -4,7 +4,7 @@
|
|
4
4
|
|
5
5
|
<p><strong>You must hit the link below to confirm that you received this email.</strong></p>
|
6
6
|
|
7
|
-
<%%= link_to "Yes, use this email for my account",
|
7
|
+
<%%= link_to "Yes, use this email for my account", edit_identity_email_verification_url(token: @signed_id, email: @<%= singular_table_name %>.email) %>
|
8
8
|
|
9
9
|
<hr>
|
10
10
|
|
@@ -4,6 +4,6 @@ This is to confirm that <%%= @<%= singular_table_name %>.email %> is the email y
|
|
4
4
|
|
5
5
|
You must hit the link below to confirm that you received this email.
|
6
6
|
|
7
|
-
[Yes, use this email for my account]<%%=
|
7
|
+
[Yes, use this email for my account]<%%= edit_identity_email_verification_url(token: @signed_id, email: @<%= singular_table_name %>.email) %>
|
8
8
|
|
9
9
|
Have questions or need help? Just reply to this email and our support team will help you sort it out.
|
@@ -2,7 +2,7 @@
|
|
2
2
|
|
3
3
|
<p>Can't remember your password for <strong><%%= @<%= singular_table_name %>.email %></strong>? That's OK, it happens. Just hit the link below to set a new one.</p>
|
4
4
|
|
5
|
-
<p><%%= link_to "Reset my password",
|
5
|
+
<p><%%= link_to "Reset my password", edit_identity_password_reset_url(token: @signed_id) %></p>
|
6
6
|
|
7
7
|
<p>If you did not request a password reset you can safely ignore this email, it expires in 20 minutes. Only someone with access to this email account can reset your password.</p>
|
8
8
|
|
@@ -2,7 +2,7 @@ Hey there,
|
|
2
2
|
|
3
3
|
Can't remember your password for <%%= @<%= singular_table_name %>.email %>? That's OK, it happens. Just hit the link below to set a new one.
|
4
4
|
|
5
|
-
[Reset my password]<%%=
|
5
|
+
[Reset my password]<%%= edit_identity_password_reset_url(token: @signed_id) %>
|
6
6
|
|
7
7
|
If you did not request a password reset you can safely ignore this email, it expires in 20 minutes. Only someone with access to this email account can reset your password.
|
8
8
|
|
data/lib/generators/authentication/templates/erb/session_mailer/signed_in_notification.html.erb.tt
CHANGED
@@ -12,7 +12,7 @@
|
|
12
12
|
|
13
13
|
<p><strong>If this was you, carry on.</strong> We could notify you about sign-ins from this device again.</p>
|
14
14
|
|
15
|
-
<p><strong>If you don't recognize this device</strong>, someone else may have accessed your account. You should immediately <%%= link_to "change your password",
|
15
|
+
<p><strong>If you don't recognize this device</strong>, someone else may have accessed your account. You should immediately <%%= link_to "change your password", new_identity_password_reset_url %>.</p>
|
16
16
|
|
17
17
|
<p><strong>Tip:</strong> It's a good idea to periodically review all of the <%%= link_to "devices and sessions", sessions_url %> in your account for suspicious activity.</p>
|
18
18
|
|
data/lib/generators/authentication/templates/erb/session_mailer/signed_in_notification.text.erb.tt
CHANGED
@@ -10,7 +10,7 @@ A new device just signed in to your account (<%%= @session.<%= singular_table_na
|
|
10
10
|
|
11
11
|
If this was you, carry on. We could notify you about sign-ins from this device again.
|
12
12
|
|
13
|
-
If you don't recognize this device, someone else may have accessed your account. You should immediately [change your password]<%%=
|
13
|
+
If you don't recognize this device, someone else may have accessed your account. You should immediately [change your password]<%%= new_identity_password_reset_url %>.
|
14
14
|
|
15
15
|
Tip: It's a good idea to periodically review all of the [devices and sessions]<%%= sessions_url %> in your account for suspicious activity.
|
16
16
|
|
@@ -18,10 +18,15 @@
|
|
18
18
|
<%%= form.submit "Sign in" %>
|
19
19
|
</div>
|
20
20
|
<%% end %>
|
21
|
+
<% if options.omniauth? %>
|
22
|
+
<div>
|
23
|
+
<%%= button_to "Sign in with OmniAuth", "/auth/developer", "data-turbo" => false %>
|
24
|
+
</div>
|
25
|
+
<% end -%>
|
21
26
|
|
22
27
|
<br>
|
23
28
|
|
24
29
|
<div>
|
25
30
|
<%%= link_to "Sign up", sign_up_path %> |
|
26
|
-
<%%= link_to "Forgot your password?",
|
31
|
+
<%%= link_to "Forgot your password?", new_identity_password_reset_path %>
|
27
32
|
</div>
|
@@ -2,7 +2,7 @@
|
|
2
2
|
|
3
3
|
<h1>Enter your password to continue</h1>
|
4
4
|
|
5
|
-
<%%= form_with(url:
|
5
|
+
<%%= form_with(url: sessions_sudo_path) do |form| %>
|
6
6
|
|
7
7
|
<%%= hidden_field_tag :proceed_to_url, params[:proceed_to_url] %>
|
8
8
|
|
@@ -24,5 +24,5 @@
|
|
24
24
|
|
25
25
|
<p>
|
26
26
|
<strong>Forgot your password?</strong><br>
|
27
|
-
We'll help you <%%= link_to "reset it",
|
27
|
+
We'll help you <%%= link_to "reset it", new_identity_password_reset_path %> so you can continue.
|
28
28
|
</p>
|
@@ -8,7 +8,7 @@ class IdentityMailer < ApplicationMailer
|
|
8
8
|
|
9
9
|
def email_verify_confirmation
|
10
10
|
@<%= singular_table_name %> = params[:<%= singular_table_name %>]
|
11
|
-
@signed_id = @<%= singular_table_name %>.signed_id(purpose: @<%= singular_table_name %>.email, expires_in:
|
11
|
+
@signed_id = @<%= singular_table_name %>.signed_id(purpose: @<%= singular_table_name %>.email, expires_in: 2.days)
|
12
12
|
|
13
13
|
mail to: @<%= singular_table_name %>.email, subject: "Verify your email"
|
14
14
|
end
|
@@ -0,0 +1,8 @@
|
|
1
|
+
class <%= migration_class_name %> < ActiveRecord::Migration[<%= ActiveRecord::Migration.current_version %>]
|
2
|
+
def change
|
3
|
+
add_column :<%= table_name %>, :provider, :string
|
4
|
+
add_column :<%= table_name %>, :uid, :string
|
5
|
+
end
|
6
|
+
|
7
|
+
add_index :<%= table_name %>, [:provider, :uid], unique: true
|
8
|
+
end
|
@@ -1,6 +1,6 @@
|
|
1
1
|
require "test_helper"
|
2
2
|
|
3
|
-
class EmailVerificationsControllerTest < ActionDispatch::IntegrationTest
|
3
|
+
class Identity::EmailVerificationsControllerTest < ActionDispatch::IntegrationTest
|
4
4
|
setup do
|
5
5
|
@<%= singular_table_name %>, @token = sign_in_as(<%= table_name %>(:lazaro_nixon))
|
6
6
|
@sid = @<%= singular_table_name %>.signed_id(purpose: @<%= singular_table_name %>.email, expires_in: 20.minutes)
|
@@ -11,19 +11,19 @@ class EmailVerificationsControllerTest < ActionDispatch::IntegrationTest
|
|
11
11
|
|
12
12
|
test "should send a verification email" do
|
13
13
|
assert_enqueued_email_with IdentityMailer, :email_verify_confirmation, args: { <%= singular_table_name %>: @<%= singular_table_name %> } do
|
14
|
-
post
|
14
|
+
post identity_email_verification_url, headers: { "Authorization" => "Bearer #{@token}" }
|
15
15
|
end
|
16
16
|
|
17
17
|
assert_response :no_content
|
18
18
|
end
|
19
19
|
|
20
20
|
test "should verify email" do
|
21
|
-
get
|
21
|
+
get edit_identity_email_verification_url, params: { token: @sid, email: @<%= singular_table_name %>.email }, headers: { "Authorization" => "Bearer #{@token}" }
|
22
22
|
assert_response :no_content
|
23
23
|
end
|
24
24
|
|
25
25
|
test "should not verify email with expired token" do
|
26
|
-
get
|
26
|
+
get edit_identity_email_verification_url, params: { token: @sid_exp, email: @<%= singular_table_name %>.email }, headers: { "Authorization" => "Bearer #{@token}" }
|
27
27
|
|
28
28
|
assert_response :bad_request
|
29
29
|
assert_equal "That email verification link is invalid", response.parsed_body["error"]
|
@@ -32,7 +32,7 @@ class EmailVerificationsControllerTest < ActionDispatch::IntegrationTest
|
|
32
32
|
test "should not verify email with previous token" do
|
33
33
|
@<%= singular_table_name %>.update! email: "other_email@hey.com"
|
34
34
|
|
35
|
-
get
|
35
|
+
get edit_identity_email_verification_url, params: { token: @sid, email: @<%= singular_table_name %>.email_previously_was }, headers: { "Authorization" => "Bearer #{@token}" }
|
36
36
|
|
37
37
|
assert_response :bad_request
|
38
38
|
assert_equal "That email verification link is invalid", response.parsed_body["error"]
|
@@ -1,19 +1,19 @@
|
|
1
1
|
require "test_helper"
|
2
2
|
|
3
|
-
class EmailsControllerTest < ActionDispatch::IntegrationTest
|
3
|
+
class Identity::EmailsControllerTest < ActionDispatch::IntegrationTest
|
4
4
|
setup do
|
5
5
|
@<%= singular_table_name %>, @token = sign_in_as(<%= table_name %>(:lazaro_nixon))
|
6
6
|
end
|
7
7
|
|
8
8
|
test "should update email" do
|
9
|
-
patch
|
9
|
+
patch identity_email_url, params: { email: "new_email@hey.com" }, headers: { "Authorization" => "Bearer #{@token}" }
|
10
10
|
assert_response :success
|
11
11
|
end
|
12
12
|
|
13
13
|
test "should not update email without sudo" do
|
14
14
|
@<%= singular_table_name %>.sessions.last.update! sudo_at: 1.day.ago
|
15
15
|
|
16
|
-
patch
|
16
|
+
patch identity_email_url, params: { email: "new_email@hey.com" }, headers: { "Authorization" => "Bearer #{@token}" }
|
17
17
|
|
18
18
|
assert_response :forbidden
|
19
19
|
assert_equal "Enter your password to continue", response.parsed_body["error"]
|
@@ -1,6 +1,6 @@
|
|
1
1
|
require "test_helper"
|
2
2
|
|
3
|
-
class PasswordResetsControllerTest < ActionDispatch::IntegrationTest
|
3
|
+
class Identity::PasswordResetsControllerTest < ActionDispatch::IntegrationTest
|
4
4
|
setup do
|
5
5
|
@<%= singular_table_name %> = <%= table_name %>(:lazaro_nixon)
|
6
6
|
@sid = @<%= singular_table_name %>.signed_id(purpose: :password_reset, expires_in: 20.minutes)
|
@@ -12,7 +12,7 @@ class PasswordResetsControllerTest < ActionDispatch::IntegrationTest
|
|
12
12
|
|
13
13
|
test "should send a password reset email" do
|
14
14
|
assert_enqueued_email_with IdentityMailer, :password_reset_provision, args: { <%= singular_table_name %>: @<%= singular_table_name %> } do
|
15
|
-
post
|
15
|
+
post identity_password_reset_url, params: { email: @<%= singular_table_name %>.email }
|
16
16
|
end
|
17
17
|
|
18
18
|
assert_response :no_content
|
@@ -20,7 +20,7 @@ class PasswordResetsControllerTest < ActionDispatch::IntegrationTest
|
|
20
20
|
|
21
21
|
test "should not send a password reset email to a nonexistent email" do
|
22
22
|
assert_no_enqueued_emails do
|
23
|
-
post
|
23
|
+
post identity_password_reset_url, params: { email: "invalid_email@hey.com" }
|
24
24
|
end
|
25
25
|
|
26
26
|
assert_response :not_found
|
@@ -31,7 +31,7 @@ class PasswordResetsControllerTest < ActionDispatch::IntegrationTest
|
|
31
31
|
@<%= singular_table_name %>.update! verified: false
|
32
32
|
|
33
33
|
assert_no_enqueued_emails do
|
34
|
-
post
|
34
|
+
post identity_password_reset_url, params: { email: @<%= singular_table_name %>.email }
|
35
35
|
end
|
36
36
|
|
37
37
|
assert_response :not_found
|
@@ -39,12 +39,12 @@ class PasswordResetsControllerTest < ActionDispatch::IntegrationTest
|
|
39
39
|
end
|
40
40
|
|
41
41
|
test "should update password" do
|
42
|
-
patch
|
42
|
+
patch identity_password_reset_url, params: { token: @sid, password: "Secret6*4*2*", password_confirmation: "Secret6*4*2*" }
|
43
43
|
assert_response :success
|
44
44
|
end
|
45
45
|
|
46
46
|
test "should not update password with expired token" do
|
47
|
-
patch
|
47
|
+
patch identity_password_reset_url, params: { token: @sid_exp, password: "Secret6*4*2*", password_confirmation: "Secret6*4*2*" }
|
48
48
|
|
49
49
|
assert_response :bad_request
|
50
50
|
assert_equal "That password reset link is invalid", response.parsed_body["error"]
|
@@ -1,18 +1,18 @@
|
|
1
1
|
require "test_helper"
|
2
2
|
|
3
|
-
class SudosControllerTest < ActionDispatch::IntegrationTest
|
3
|
+
class Sessions::SudosControllerTest < ActionDispatch::IntegrationTest
|
4
4
|
setup do
|
5
5
|
@<%= singular_table_name %>, @token = sign_in_as(<%= table_name %>(:lazaro_nixon))
|
6
6
|
@<%= singular_table_name %>.sessions.last.update! sudo_at: 1.day.ago
|
7
7
|
end
|
8
8
|
|
9
9
|
test "should sudo" do
|
10
|
-
post
|
10
|
+
post sessions_sudo_url, params: { password: "Secret1*3*5*" }, headers: { "Authorization" => "Bearer #{@token}" }
|
11
11
|
assert_response :no_content
|
12
12
|
end
|
13
13
|
|
14
14
|
test "should not sudo with wrong password" do
|
15
|
-
post
|
15
|
+
post sessions_sudo_url, params: { password: "SecretWrong1*3" }, headers: { "Authorization" => "Bearer #{@token}" }
|
16
16
|
|
17
17
|
assert_response :bad_request
|
18
18
|
assert_equal "The password you entered is incorrect", response.parsed_body["error"]
|
@@ -1,6 +1,6 @@
|
|
1
1
|
require "test_helper"
|
2
2
|
|
3
|
-
class EmailVerificationsControllerTest < ActionDispatch::IntegrationTest
|
3
|
+
class Identity::EmailVerificationsControllerTest < ActionDispatch::IntegrationTest
|
4
4
|
setup do
|
5
5
|
@<%= singular_table_name %> = sign_in_as(<%= table_name %>(:lazaro_nixon))
|
6
6
|
@sid = @<%= singular_table_name %>.signed_id(purpose: @<%= singular_table_name %>.email, expires_in: 20.minutes)
|
@@ -11,30 +11,30 @@ class EmailVerificationsControllerTest < ActionDispatch::IntegrationTest
|
|
11
11
|
|
12
12
|
test "should send a verification email" do
|
13
13
|
assert_enqueued_email_with IdentityMailer, :email_verify_confirmation, args: { <%= singular_table_name %>: @<%= singular_table_name %> } do
|
14
|
-
post
|
14
|
+
post identity_email_verification_url
|
15
15
|
end
|
16
16
|
|
17
|
-
assert_redirected_to
|
17
|
+
assert_redirected_to root_url
|
18
18
|
end
|
19
19
|
|
20
20
|
test "should verify email" do
|
21
|
-
get
|
22
|
-
assert_redirected_to
|
21
|
+
get edit_identity_email_verification_url(token: @sid, email: @<%= singular_table_name %>.email)
|
22
|
+
assert_redirected_to root_url
|
23
23
|
end
|
24
24
|
|
25
25
|
test "should not verify email with expired token" do
|
26
|
-
get
|
26
|
+
get edit_identity_email_verification_url(token: @sid_exp, email: @<%= singular_table_name %>.email)
|
27
27
|
|
28
|
-
assert_redirected_to
|
28
|
+
assert_redirected_to edit_identity_email_url
|
29
29
|
assert_equal "That email verification link is invalid", flash[:alert]
|
30
30
|
end
|
31
31
|
|
32
32
|
test "should not verify email with previous token" do
|
33
33
|
@<%= singular_table_name %>.update! email: "other_email@hey.com"
|
34
34
|
|
35
|
-
get
|
35
|
+
get edit_identity_email_verification_url(token: @sid, email: @<%= singular_table_name %>.email_previously_was)
|
36
36
|
|
37
|
-
assert_redirected_to
|
37
|
+
assert_redirected_to edit_identity_email_url
|
38
38
|
assert_equal "That email verification link is invalid", flash[:alert]
|
39
39
|
end
|
40
40
|
|
@@ -1,32 +1,32 @@
|
|
1
1
|
require "test_helper"
|
2
2
|
|
3
|
-
class EmailsControllerTest < ActionDispatch::IntegrationTest
|
3
|
+
class Identity::EmailsControllerTest < ActionDispatch::IntegrationTest
|
4
4
|
setup do
|
5
5
|
@<%= singular_table_name %> = sign_in_as(<%= table_name %>(:lazaro_nixon))
|
6
6
|
end
|
7
7
|
|
8
8
|
test "should get edit" do
|
9
|
-
get
|
9
|
+
get edit_identity_email_url
|
10
10
|
assert_response :success
|
11
11
|
end
|
12
12
|
|
13
13
|
test "should not get edit without sudo" do
|
14
14
|
@<%= singular_table_name %>.sessions.last.update! sudo_at: 1.day.ago
|
15
15
|
|
16
|
-
get
|
17
|
-
assert_redirected_to
|
16
|
+
get edit_identity_email_url
|
17
|
+
assert_redirected_to new_sessions_sudo_url(proceed_to_url: edit_identity_email_url)
|
18
18
|
end
|
19
19
|
|
20
20
|
test "should update email" do
|
21
|
-
patch
|
22
|
-
assert_redirected_to
|
21
|
+
patch identity_email_url, params: { <%= singular_table_name %>: { email: "new_email@hey.com" } }
|
22
|
+
assert_redirected_to root_url
|
23
23
|
end
|
24
24
|
|
25
25
|
test "should not update email without sudo" do
|
26
26
|
@<%= singular_table_name %>.sessions.last.update! sudo_at: 1.day.ago
|
27
27
|
|
28
|
-
patch
|
29
|
-
assert_redirected_to
|
28
|
+
patch identity_email_url, params: { <%= singular_table_name %>: { email: "new_email@hey.com" } }
|
29
|
+
assert_redirected_to new_sessions_sudo_url(proceed_to_url: identity_email_url)
|
30
30
|
end
|
31
31
|
|
32
32
|
def sign_in_as(<%= singular_table_name %>)
|
@@ -1,6 +1,6 @@
|
|
1
1
|
require "test_helper"
|
2
2
|
|
3
|
-
class PasswordResetsControllerTest < ActionDispatch::IntegrationTest
|
3
|
+
class Identity::PasswordResetsControllerTest < ActionDispatch::IntegrationTest
|
4
4
|
setup do
|
5
5
|
@<%= singular_table_name %> = <%= table_name %>(:lazaro_nixon)
|
6
6
|
@sid = @<%= singular_table_name %>.signed_id(purpose: :password_reset, expires_in: 20.minutes)
|
@@ -11,29 +11,29 @@ class PasswordResetsControllerTest < ActionDispatch::IntegrationTest
|
|
11
11
|
<% end -%>
|
12
12
|
|
13
13
|
test "should get new" do
|
14
|
-
get
|
14
|
+
get new_identity_password_reset_url
|
15
15
|
assert_response :success
|
16
16
|
end
|
17
17
|
|
18
18
|
test "should get edit" do
|
19
|
-
get
|
19
|
+
get edit_identity_password_reset_url(token: @sid)
|
20
20
|
assert_response :success
|
21
21
|
end
|
22
22
|
|
23
23
|
test "should send a password reset email" do
|
24
24
|
assert_enqueued_email_with IdentityMailer, :password_reset_provision, args: { <%= singular_table_name %>: @<%= singular_table_name %> } do
|
25
|
-
post
|
25
|
+
post identity_password_reset_url, params: { email: @<%= singular_table_name %>.email }
|
26
26
|
end
|
27
27
|
|
28
|
-
assert_redirected_to
|
28
|
+
assert_redirected_to sign_in_url
|
29
29
|
end
|
30
30
|
|
31
31
|
test "should not send a password reset email to a nonexistent email" do
|
32
32
|
assert_no_enqueued_emails do
|
33
|
-
post
|
33
|
+
post identity_password_reset_url, params: { email: "invalid_email@hey.com" }
|
34
34
|
end
|
35
35
|
|
36
|
-
assert_redirected_to
|
36
|
+
assert_redirected_to new_identity_password_reset_url
|
37
37
|
assert_equal "You can't reset your password until you verify your email", flash[:alert]
|
38
38
|
end
|
39
39
|
|
@@ -41,22 +41,22 @@ class PasswordResetsControllerTest < ActionDispatch::IntegrationTest
|
|
41
41
|
@<%= singular_table_name %>.update! verified: false
|
42
42
|
|
43
43
|
assert_no_enqueued_emails do
|
44
|
-
post
|
44
|
+
post identity_password_reset_url, params: { email: @<%= singular_table_name %>.email }
|
45
45
|
end
|
46
46
|
|
47
|
-
assert_redirected_to
|
47
|
+
assert_redirected_to new_identity_password_reset_url
|
48
48
|
assert_equal "You can't reset your password until you verify your email", flash[:alert]
|
49
49
|
end
|
50
50
|
|
51
51
|
test "should update password" do
|
52
|
-
patch
|
53
|
-
assert_redirected_to
|
52
|
+
patch identity_password_reset_url, params: { token: @sid, <%= singular_table_name %>: { password: "Secret6*4*2*", password_confirmation: "Secret6*4*2*" } }
|
53
|
+
assert_redirected_to sign_in_url
|
54
54
|
end
|
55
55
|
|
56
56
|
test "should not update password with expired token" do
|
57
|
-
patch
|
57
|
+
patch identity_password_reset_url, params: { token: @sid_exp, password: "Secret6*4*2*", password_confirmation: "Secret6*4*2*" }
|
58
58
|
|
59
|
-
assert_redirected_to
|
59
|
+
assert_redirected_to new_identity_password_reset_url
|
60
60
|
assert_equal "That password reset link is invalid", flash[:alert]
|
61
61
|
end
|
62
62
|
end
|
@@ -12,13 +12,13 @@ class PasswordsControllerTest < ActionDispatch::IntegrationTest
|
|
12
12
|
|
13
13
|
test "should update password" do
|
14
14
|
patch password_url, params: { current_password: "Secret1*3*5*", <%= singular_table_name %>: { password: "Secret6*4*2*", password_confirmation: "Secret6*4*2*" } }
|
15
|
-
assert_redirected_to
|
15
|
+
assert_redirected_to root_url
|
16
16
|
end
|
17
17
|
|
18
18
|
test "should not update password with wrong current password" do
|
19
19
|
patch password_url, params: { current_password: "SecretWrong1*3", <%= singular_table_name %>: { password: "Secret6*4*2*", password_confirmation: "Secret6*4*2*" } }
|
20
20
|
|
21
|
-
assert_redirected_to
|
21
|
+
assert_redirected_to edit_password_url
|
22
22
|
assert_equal "The current password you entered is incorrect", flash[:alert]
|
23
23
|
end
|
24
24
|
|
@@ -18,7 +18,7 @@ class RegistrationsControllerTest < ActionDispatch::IntegrationTest
|
|
18
18
|
sign_in_as <%= table_name %>(:lazaro_nixon)
|
19
19
|
|
20
20
|
assert_difference("<%= class_name %>.count", -1) do
|
21
|
-
delete
|
21
|
+
delete registration_url
|
22
22
|
end
|
23
23
|
|
24
24
|
assert_redirected_to sign_in_url
|
@@ -1,23 +1,23 @@
|
|
1
1
|
require "test_helper"
|
2
2
|
|
3
|
-
class SudosControllerTest < ActionDispatch::IntegrationTest
|
3
|
+
class Sessions::SudosControllerTest < ActionDispatch::IntegrationTest
|
4
4
|
setup do
|
5
5
|
@<%= singular_table_name %> = sign_in_as(<%= table_name %>(:lazaro_nixon))
|
6
6
|
end
|
7
7
|
|
8
8
|
test "should get new" do
|
9
|
-
get
|
9
|
+
get new_sessions_sudo_url(proceed_to_url: edit_password_url)
|
10
10
|
assert_response :success
|
11
11
|
end
|
12
12
|
|
13
13
|
test "should sudo" do
|
14
|
-
post
|
14
|
+
post sessions_sudo_url, params: { password: "Secret1*3*5*", proceed_to_url: edit_password_url }
|
15
15
|
assert_redirected_to edit_password_url
|
16
16
|
end
|
17
17
|
|
18
18
|
test "should not sudo with wrong password" do
|
19
|
-
post
|
20
|
-
assert_redirected_to
|
19
|
+
post sessions_sudo_url, params: { password: "SecretWrong1*3", proceed_to_url: edit_password_url }
|
20
|
+
assert_redirected_to new_sessions_sudo_url(proceed_to_url: edit_password_url)
|
21
21
|
end
|
22
22
|
|
23
23
|
def sign_in_as(<%= singular_table_name %>)
|
@@ -33,17 +33,17 @@ class SessionsControllerTest < ActionDispatch::IntegrationTest
|
|
33
33
|
assert_equal "That email or password is incorrect", flash[:alert]
|
34
34
|
|
35
35
|
get root_url
|
36
|
-
assert_redirected_to
|
36
|
+
assert_redirected_to sign_in_url
|
37
37
|
end
|
38
38
|
|
39
39
|
test "should sign out" do
|
40
40
|
sign_in_as @<%= singular_table_name %>
|
41
41
|
|
42
42
|
delete session_url(@<%= singular_table_name %>.sessions.last)
|
43
|
-
assert_redirected_to
|
43
|
+
assert_redirected_to sessions_url
|
44
44
|
|
45
45
|
follow_redirect!
|
46
|
-
assert_redirected_to
|
46
|
+
assert_redirected_to sign_in_url
|
47
47
|
end
|
48
48
|
|
49
49
|
def sign_in_as(<%= singular_table_name %>)
|
@@ -1,6 +1,6 @@
|
|
1
1
|
require "application_system_test_case"
|
2
2
|
|
3
|
-
class EmailsTest < ApplicationSystemTestCase
|
3
|
+
class Identity::EmailsTest < ApplicationSystemTestCase
|
4
4
|
setup do
|
5
5
|
@<%= singular_table_name %> = sign_in_as(<%= table_name %>(:lazaro_nixon))
|
6
6
|
end
|
@@ -29,7 +29,7 @@ class EmailsTest < ApplicationSystemTestCase
|
|
29
29
|
fill_in :password, with: "Secret1*3*5*"
|
30
30
|
click_on "Sign in"
|
31
31
|
|
32
|
-
assert_current_path
|
32
|
+
assert_current_path root_url
|
33
33
|
return <%= singular_table_name %>
|
34
34
|
end
|
35
35
|
end
|
@@ -1,6 +1,6 @@
|
|
1
1
|
require "application_system_test_case"
|
2
2
|
|
3
|
-
class PasswordResetsTest < ApplicationSystemTestCase
|
3
|
+
class Identity::PasswordResetsTest < ApplicationSystemTestCase
|
4
4
|
setup do
|
5
5
|
@<%= singular_table_name %> = <%= table_name %>(:lazaro_nixon)
|
6
6
|
@sid = @<%= singular_table_name %>.signed_id(purpose: :password_reset, expires_in: 20.minutes)
|
@@ -20,7 +20,7 @@ class PasswordResetsTest < ApplicationSystemTestCase
|
|
20
20
|
end
|
21
21
|
|
22
22
|
test "updating password" do
|
23
|
-
visit
|
23
|
+
visit edit_identity_password_reset_url(token: @sid)
|
24
24
|
|
25
25
|
fill_in "New password", with: "Secret6*4*2*"
|
26
26
|
fill_in "Confirm new password", with: "Secret6*4*2*"
|
@@ -1,12 +1,12 @@
|
|
1
1
|
require "application_system_test_case"
|
2
2
|
|
3
|
-
class SudosTest < ApplicationSystemTestCase
|
3
|
+
class Sessions::SudosTest < ApplicationSystemTestCase
|
4
4
|
setup do
|
5
5
|
@<%= singular_table_name %> = sign_in_as(<%= table_name %>(:lazaro_nixon))
|
6
6
|
end
|
7
7
|
|
8
8
|
test "executing sudo" do
|
9
|
-
visit
|
9
|
+
visit new_sessions_sudo_url(proceed_to_url: edit_password_url)
|
10
10
|
fill_in :password, with: "Secret1*3*5*"
|
11
11
|
click_on "Continue"
|
12
12
|
|
@@ -19,7 +19,7 @@ class SudosTest < ApplicationSystemTestCase
|
|
19
19
|
fill_in :password, with: "Secret1*3*5*"
|
20
20
|
click_on "Sign in"
|
21
21
|
|
22
|
-
assert_current_path
|
22
|
+
assert_current_path root_url
|
23
23
|
return <%= singular_table_name %>
|
24
24
|
end
|
25
25
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: authentication-zero
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.
|
4
|
+
version: 2.8.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Nixon
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2022-02
|
11
|
+
date: 2022-03-02 00:00:00.000000000 Z
|
12
12
|
dependencies: []
|
13
13
|
description:
|
14
14
|
email:
|
@@ -32,64 +32,67 @@ files:
|
|
32
32
|
- lib/authentication_zero/version.rb
|
33
33
|
- lib/generators/authentication/USAGE
|
34
34
|
- lib/generators/authentication/authentication_generator.rb
|
35
|
+
- lib/generators/authentication/templates/config/initializers/omniauth.rb
|
35
36
|
- lib/generators/authentication/templates/config/redis/shared.yml
|
36
|
-
- lib/generators/authentication/templates/controllers/api/email_verifications_controller.rb.tt
|
37
|
-
- lib/generators/authentication/templates/controllers/api/emails_controller.rb.tt
|
38
|
-
- lib/generators/authentication/templates/controllers/api/password_resets_controller.rb.tt
|
37
|
+
- lib/generators/authentication/templates/controllers/api/identity/email_verifications_controller.rb.tt
|
38
|
+
- lib/generators/authentication/templates/controllers/api/identity/emails_controller.rb.tt
|
39
|
+
- lib/generators/authentication/templates/controllers/api/identity/password_resets_controller.rb.tt
|
39
40
|
- lib/generators/authentication/templates/controllers/api/passwords_controller.rb.tt
|
40
41
|
- lib/generators/authentication/templates/controllers/api/registrations_controller.rb.tt
|
42
|
+
- lib/generators/authentication/templates/controllers/api/sessions/sudos_controller.rb.tt
|
41
43
|
- lib/generators/authentication/templates/controllers/api/sessions_controller.rb.tt
|
42
|
-
- lib/generators/authentication/templates/controllers/
|
43
|
-
- lib/generators/authentication/templates/controllers/html/
|
44
|
-
- lib/generators/authentication/templates/controllers/html/
|
45
|
-
- lib/generators/authentication/templates/controllers/html/password_resets_controller.rb.tt
|
44
|
+
- lib/generators/authentication/templates/controllers/html/identity/email_verifications_controller.rb.tt
|
45
|
+
- lib/generators/authentication/templates/controllers/html/identity/emails_controller.rb.tt
|
46
|
+
- lib/generators/authentication/templates/controllers/html/identity/password_resets_controller.rb.tt
|
46
47
|
- lib/generators/authentication/templates/controllers/html/passwords_controller.rb.tt
|
47
48
|
- lib/generators/authentication/templates/controllers/html/registrations_controller.rb.tt
|
49
|
+
- lib/generators/authentication/templates/controllers/html/sessions/sudos_controller.rb.tt
|
48
50
|
- lib/generators/authentication/templates/controllers/html/sessions_controller.rb.tt
|
49
|
-
- lib/generators/authentication/templates/controllers/
|
50
|
-
- lib/generators/authentication/templates/erb/emails/edit.html.erb.tt
|
51
|
+
- lib/generators/authentication/templates/controllers/omniauth_controller.rb.tt
|
52
|
+
- lib/generators/authentication/templates/erb/identity/emails/edit.html.erb.tt
|
53
|
+
- lib/generators/authentication/templates/erb/identity/password_resets/edit.html.erb.tt
|
54
|
+
- lib/generators/authentication/templates/erb/identity/password_resets/new.html.erb.tt
|
51
55
|
- lib/generators/authentication/templates/erb/identity_mailer/email_verify_confirmation.html.erb.tt
|
52
56
|
- lib/generators/authentication/templates/erb/identity_mailer/email_verify_confirmation.text.erb.tt
|
53
57
|
- lib/generators/authentication/templates/erb/identity_mailer/password_reset_provision.html.erb.tt
|
54
58
|
- lib/generators/authentication/templates/erb/identity_mailer/password_reset_provision.text.erb.tt
|
55
|
-
- lib/generators/authentication/templates/erb/password_resets/edit.html.erb.tt
|
56
|
-
- lib/generators/authentication/templates/erb/password_resets/new.html.erb.tt
|
57
59
|
- lib/generators/authentication/templates/erb/passwords/edit.html.erb.tt
|
58
60
|
- lib/generators/authentication/templates/erb/registrations/new.html.erb.tt
|
59
61
|
- lib/generators/authentication/templates/erb/session_mailer/signed_in_notification.html.erb.tt
|
60
62
|
- lib/generators/authentication/templates/erb/session_mailer/signed_in_notification.text.erb.tt
|
61
63
|
- lib/generators/authentication/templates/erb/sessions/index.html.erb.tt
|
62
64
|
- lib/generators/authentication/templates/erb/sessions/new.html.erb.tt
|
63
|
-
- lib/generators/authentication/templates/erb/sudos/new.html.erb.tt
|
65
|
+
- lib/generators/authentication/templates/erb/sessions/sudos/new.html.erb.tt
|
64
66
|
- lib/generators/authentication/templates/mailers/identity_mailer.rb.tt
|
65
67
|
- lib/generators/authentication/templates/mailers/session_mailer.rb.tt
|
68
|
+
- lib/generators/authentication/templates/migrations/add_omniauth_migration.rb.tt
|
66
69
|
- lib/generators/authentication/templates/migrations/create_sessions_migration.rb.tt
|
67
70
|
- lib/generators/authentication/templates/migrations/create_table_migration.rb.tt
|
68
71
|
- lib/generators/authentication/templates/models/current.rb.tt
|
69
72
|
- lib/generators/authentication/templates/models/locking.rb.tt
|
70
73
|
- lib/generators/authentication/templates/models/model.rb.tt
|
71
74
|
- lib/generators/authentication/templates/models/session.rb.tt
|
72
|
-
- lib/generators/authentication/templates/test_unit/controllers/api/email_verifications_controller_test.rb.tt
|
73
|
-
- lib/generators/authentication/templates/test_unit/controllers/api/emails_controller_test.rb.tt
|
74
|
-
- lib/generators/authentication/templates/test_unit/controllers/api/password_resets_controller_test.rb.tt
|
75
|
+
- lib/generators/authentication/templates/test_unit/controllers/api/identity/email_verifications_controller_test.rb.tt
|
76
|
+
- lib/generators/authentication/templates/test_unit/controllers/api/identity/emails_controller_test.rb.tt
|
77
|
+
- lib/generators/authentication/templates/test_unit/controllers/api/identity/password_resets_controller_test.rb.tt
|
75
78
|
- lib/generators/authentication/templates/test_unit/controllers/api/passwords_controller_test.rb.tt
|
76
79
|
- lib/generators/authentication/templates/test_unit/controllers/api/registrations_controller_test.rb.tt
|
80
|
+
- lib/generators/authentication/templates/test_unit/controllers/api/sessions/sudos_controller_test.rb.tt
|
77
81
|
- lib/generators/authentication/templates/test_unit/controllers/api/sessions_controller_test.rb.tt
|
78
|
-
- lib/generators/authentication/templates/test_unit/controllers/
|
79
|
-
- lib/generators/authentication/templates/test_unit/controllers/html/
|
80
|
-
- lib/generators/authentication/templates/test_unit/controllers/html/
|
81
|
-
- lib/generators/authentication/templates/test_unit/controllers/html/password_resets_controller_test.rb.tt
|
82
|
+
- lib/generators/authentication/templates/test_unit/controllers/html/identity/email_verifications_controller_test.rb.tt
|
83
|
+
- lib/generators/authentication/templates/test_unit/controllers/html/identity/emails_controller_test.rb.tt
|
84
|
+
- lib/generators/authentication/templates/test_unit/controllers/html/identity/password_resets_controller_test.rb.tt
|
82
85
|
- lib/generators/authentication/templates/test_unit/controllers/html/passwords_controller_test.rb.tt
|
83
86
|
- lib/generators/authentication/templates/test_unit/controllers/html/registrations_controller_test.rb.tt
|
87
|
+
- lib/generators/authentication/templates/test_unit/controllers/html/sessions/sudos_controller_test.rb.tt
|
84
88
|
- lib/generators/authentication/templates/test_unit/controllers/html/sessions_controller_test.rb.tt
|
85
|
-
- lib/generators/authentication/templates/test_unit/controllers/html/sudos_controller_test.rb.tt
|
86
89
|
- lib/generators/authentication/templates/test_unit/fixtures.yml.tt
|
87
|
-
- lib/generators/authentication/templates/test_unit/system/emails_test.rb.tt
|
88
|
-
- lib/generators/authentication/templates/test_unit/system/password_resets_test.rb.tt
|
90
|
+
- lib/generators/authentication/templates/test_unit/system/identity/emails_test.rb.tt
|
91
|
+
- lib/generators/authentication/templates/test_unit/system/identity/password_resets_test.rb.tt
|
89
92
|
- lib/generators/authentication/templates/test_unit/system/passwords_test.rb.tt
|
90
93
|
- lib/generators/authentication/templates/test_unit/system/registrations_test.rb.tt
|
94
|
+
- lib/generators/authentication/templates/test_unit/system/sessions/sudos_test.rb.tt
|
91
95
|
- lib/generators/authentication/templates/test_unit/system/sessions_test.rb.tt
|
92
|
-
- lib/generators/authentication/templates/test_unit/system/sudos_test.rb.tt
|
93
96
|
homepage: https://github.com/lazaronixon/authentication-zero
|
94
97
|
licenses:
|
95
98
|
- MIT
|
@@ -1,14 +0,0 @@
|
|
1
|
-
class SudosController < ApplicationController
|
2
|
-
def new
|
3
|
-
end
|
4
|
-
|
5
|
-
def create
|
6
|
-
session = Current.session
|
7
|
-
|
8
|
-
if session.<%= singular_table_name %>.authenticate(params[:password])
|
9
|
-
session.update!(sudo_at: Time.current); redirect_to(params[:proceed_to_url])
|
10
|
-
else
|
11
|
-
redirect_to new_sudo_path(proceed_to_url: params[:proceed_to_url]), alert: "The password you entered is incorrect"
|
12
|
-
end
|
13
|
-
end
|
14
|
-
end
|