authentication-zero 2.6.0 → 2.7.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +4 -0
- data/Gemfile.lock +1 -1
- data/README.md +2 -1
- data/lib/authentication_zero/version.rb +1 -1
- data/lib/generators/authentication/authentication_generator.rb +28 -3
- data/lib/generators/authentication/templates/config/initializers/omniauth.rb +3 -0
- data/lib/generators/authentication/templates/controllers/html/sessions_controller.rb.tt +1 -2
- data/lib/generators/authentication/templates/controllers/html/sudos_controller.rb.tt +4 -0
- data/lib/generators/authentication/templates/controllers/omniauth/omniauth_sessions_controller.rb.tt +38 -0
- data/lib/generators/authentication/templates/erb/sessions/new.html.erb.tt +5 -0
- data/lib/generators/authentication/templates/mailers/identity_mailer.rb.tt +1 -1
- data/lib/generators/authentication/templates/migrations/add_omniauth_migration.rb.tt +8 -0
- metadata +5 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 60cf049a1db63ab5db00eae68715cb06a09e9a7901453050c44193ea0fa2c3ef
|
|
4
|
+
data.tar.gz: 0e4373e8deb0556129a6aa8dc07222dcff48f5e79c156120c9e1fc90ac9444a5
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 9168e4d6d3aa6873a56dab1cdb2b53f1640f71de184b73041430c4ee64e804eacc4e853ddc768d7be8189db41f4bdc69f66c3be61bc903adff40fbb491a38dad
|
|
7
|
+
data.tar.gz: 5f96ab18052f21ac747ed35edd5c9f2afec612c423bac8626a8eaf05970e78d782af567b3d9c831787ecb2d77c9eb823e604cb7b639a560df630aeac6193ac5e
|
data/CHANGELOG.md
CHANGED
data/Gemfile.lock
CHANGED
data/README.md
CHANGED
|
@@ -11,12 +11,13 @@ The purpose of authentication zero is to generate a pre-built authentication sys
|
|
|
11
11
|
- Checks if a password has been found in any data breach (--pwned)
|
|
12
12
|
- Authentication by cookie
|
|
13
13
|
- Authentication by token (--api)
|
|
14
|
+
- Social Login with OmniAuth (--omniauth)
|
|
14
15
|
- Ask password before sensitive data changes, aka: sudo
|
|
15
16
|
- Reset the user password and send reset instructions
|
|
16
17
|
- Reset the user password only from verified emails
|
|
17
18
|
- Lock sending reset password email after many attempts (--lockable)
|
|
18
19
|
- Rate limiting for your app, 1000 reqs/hour (--ratelimit)
|
|
19
|
-
- Send e-mail
|
|
20
|
+
- Send e-mail confirmation when your email has been changed
|
|
20
21
|
- Send e-mail notification when someone has logged into your account
|
|
21
22
|
- Manage multiple sessions & devices
|
|
22
23
|
- Cancel my account
|
|
@@ -7,6 +7,7 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
|
|
|
7
7
|
class_option :pwned, type: :boolean, desc: "Add pwned password validation"
|
|
8
8
|
class_option :lockable, type: :boolean, desc: "Add password reset locking"
|
|
9
9
|
class_option :ratelimit, type: :boolean, desc: "Add request rate limiting"
|
|
10
|
+
class_option :omniauth, type: :boolean, desc: "Add social login support"
|
|
10
11
|
|
|
11
12
|
source_root File.expand_path("templates", __dir__)
|
|
12
13
|
|
|
@@ -14,18 +15,30 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
|
|
|
14
15
|
uncomment_lines "Gemfile", /"bcrypt"/
|
|
15
16
|
uncomment_lines "Gemfile", /"redis"/ if options.lockable?
|
|
16
17
|
uncomment_lines "Gemfile", /"kredis"/ if options.lockable?
|
|
17
|
-
|
|
18
|
-
|
|
18
|
+
|
|
19
|
+
if options.pwned?
|
|
20
|
+
gem "pwned", comment: "Use Pwned to check if a password has been found in any of the huge data breaches [https://github.com/philnash/pwned]"
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
if options.ratelimit?
|
|
24
|
+
gem "rack-ratelimit", group: :production, comment: "Use Rack::Ratelimit to rate limit requests [https://github.com/jeremy/rack-ratelimit]"
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
if omniauth?
|
|
28
|
+
gem "omniauth", comment: "Use OmniAuth to support multi-provider authentication [https://github.com/omniauth/omniauth]"
|
|
29
|
+
gem "omniauth-rails_csrf_protection", comment: "Provides a mitigation against CVE-2015-9284 [https://github.com/cookpad/omniauth-rails_csrf_protection]"
|
|
30
|
+
end
|
|
19
31
|
end
|
|
20
32
|
|
|
21
33
|
def create_configuration_files
|
|
22
34
|
copy_file "config/redis/shared.yml", "config/redis/shared.yml" if options.lockable?
|
|
35
|
+
copy_file "config/initializers/omniauth.rb", "config/initializers/omniauth.rb" if omniauth?
|
|
23
36
|
end
|
|
24
37
|
|
|
25
38
|
def add_environment_configurations
|
|
26
39
|
ratelimit_code = <<~CODE
|
|
27
40
|
# Rate limit general requests by IP address in a rate of 1000 requests per hour
|
|
28
|
-
config.middleware.use(Rack::Ratelimit, name: "General", rate: [1000, 1.hour],
|
|
41
|
+
config.middleware.use(Rack::Ratelimit, name: "General", rate: [1000, 1.hour], redis: Redis.new, logger: Rails.logger) { |env| ActionDispatch::Request.new(env).ip }
|
|
29
42
|
CODE
|
|
30
43
|
|
|
31
44
|
environment ratelimit_code, env: "production" if options.ratelimit?
|
|
@@ -34,6 +47,7 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
|
|
|
34
47
|
def create_migrations
|
|
35
48
|
migration_template "migrations/create_table_migration.rb", "#{db_migrate_path}/create_#{table_name}.rb"
|
|
36
49
|
migration_template "migrations/create_sessions_migration.rb", "#{db_migrate_path}/create_sessions.rb"
|
|
50
|
+
migration_template "migrations/add_omniauth_migration.rb", "#{db_migrate_path}/add_omniauth_to_#{table_name}.rb" if omniauth?
|
|
37
51
|
end
|
|
38
52
|
|
|
39
53
|
def create_models
|
|
@@ -92,6 +106,7 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
|
|
|
92
106
|
|
|
93
107
|
def create_controllers
|
|
94
108
|
directory "controllers/#{format_folder}", "app/controllers"
|
|
109
|
+
directory "controllers/omniauth", "app/controllers" if omniauth?
|
|
95
110
|
end
|
|
96
111
|
|
|
97
112
|
def create_views
|
|
@@ -108,6 +123,12 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
|
|
|
108
123
|
end
|
|
109
124
|
|
|
110
125
|
def add_routes
|
|
126
|
+
if omniauth?
|
|
127
|
+
route "post '/auth/:provider/callback', to: 'omniauth_sessions#create'"
|
|
128
|
+
route "get '/auth/:provider/callback', to: 'omniauth_sessions#create'"
|
|
129
|
+
route "get '/auth/failure', to: 'omniauth_sessions#failure'"
|
|
130
|
+
end
|
|
131
|
+
|
|
111
132
|
route "resource :sudo, only: [:new, :create]"
|
|
112
133
|
route "resource :registration, only: :destroy"
|
|
113
134
|
route "resource :password_reset, only: [:new, :edit, :create, :update]"
|
|
@@ -130,4 +151,8 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
|
|
|
130
151
|
def format_folder
|
|
131
152
|
options.api? ? "api" : "html"
|
|
132
153
|
end
|
|
154
|
+
|
|
155
|
+
def omniauth?
|
|
156
|
+
options.omniauth? && !options.api?
|
|
157
|
+
end
|
|
133
158
|
end
|
|
@@ -25,8 +25,7 @@ class SessionsController < ApplicationController
|
|
|
25
25
|
end
|
|
26
26
|
|
|
27
27
|
def destroy
|
|
28
|
-
@session.destroy
|
|
29
|
-
redirect_to sessions_path, notice: "That session has been logged out"
|
|
28
|
+
@session.destroy; redirect_to(sessions_path, notice: "That session has been logged out")
|
|
30
29
|
end
|
|
31
30
|
|
|
32
31
|
private
|
|
@@ -5,7 +5,11 @@ class SudosController < ApplicationController
|
|
|
5
5
|
def create
|
|
6
6
|
session = Current.session
|
|
7
7
|
|
|
8
|
+
<% if options.omniauth? -%>
|
|
9
|
+
if session.<%= singular_table_name %>.authenticate(params[:password]) || session.<%= singular_table_name %>.provider
|
|
10
|
+
<% else -%>
|
|
8
11
|
if session.<%= singular_table_name %>.authenticate(params[:password])
|
|
12
|
+
<% end -%>
|
|
9
13
|
session.update!(sudo_at: Time.current); redirect_to(params[:proceed_to_url])
|
|
10
14
|
else
|
|
11
15
|
redirect_to new_sudo_path(proceed_to_url: params[:proceed_to_url]), alert: "The password you entered is incorrect"
|
data/lib/generators/authentication/templates/controllers/omniauth/omniauth_sessions_controller.rb.tt
ADDED
|
@@ -0,0 +1,38 @@
|
|
|
1
|
+
class OmniauthSessionsController < ApplicationController
|
|
2
|
+
skip_before_action :verify_authenticity_token
|
|
3
|
+
skip_before_action :authenticate
|
|
4
|
+
|
|
5
|
+
def create
|
|
6
|
+
@<%= singular_table_name %> = <%= class_name %>.where(omniauth_params).first_or_initialize(<%= "#{singular_table_name}_params" %>)
|
|
7
|
+
|
|
8
|
+
if @<%= singular_table_name %>.save
|
|
9
|
+
session = @<%= singular_table_name %>.sessions.create!(session_params)
|
|
10
|
+
cookies.signed.permanent[:session_token] = { value: session.id, httponly: true }
|
|
11
|
+
|
|
12
|
+
redirect_to root_path, notice: "Signed in successfully"
|
|
13
|
+
else
|
|
14
|
+
redirect_to sign_in_path, alert: "Authentication failed"
|
|
15
|
+
end
|
|
16
|
+
end
|
|
17
|
+
|
|
18
|
+
def failure
|
|
19
|
+
redirect_to sign_in_path, alert: params[:message]
|
|
20
|
+
end
|
|
21
|
+
|
|
22
|
+
private
|
|
23
|
+
def omniauth_params
|
|
24
|
+
{ provider: omniauth.provider, uid: omniauth.uid }
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
def <%= "#{singular_table_name}_params" %>
|
|
28
|
+
{ email: omniauth.info.email, password: SecureRandom::base58, verified: true }
|
|
29
|
+
end
|
|
30
|
+
|
|
31
|
+
def session_params
|
|
32
|
+
{ user_agent: request.user_agent, ip_address: request.remote_ip, sudo_at: Time.current }
|
|
33
|
+
end
|
|
34
|
+
|
|
35
|
+
def omniauth
|
|
36
|
+
request.env["omniauth.auth"]
|
|
37
|
+
end
|
|
38
|
+
end
|
|
@@ -8,7 +8,7 @@ class IdentityMailer < ApplicationMailer
|
|
|
8
8
|
|
|
9
9
|
def email_verify_confirmation
|
|
10
10
|
@<%= singular_table_name %> = params[:<%= singular_table_name %>]
|
|
11
|
-
@signed_id = @<%= singular_table_name %>.signed_id(purpose: @<%= singular_table_name %>.email, expires_in:
|
|
11
|
+
@signed_id = @<%= singular_table_name %>.signed_id(purpose: @<%= singular_table_name %>.email, expires_in: 2.days)
|
|
12
12
|
|
|
13
13
|
mail to: @<%= singular_table_name %>.email, subject: "Verify your email"
|
|
14
14
|
end
|
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
class <%= migration_class_name %> < ActiveRecord::Migration[<%= ActiveRecord::Migration.current_version %>]
|
|
2
|
+
def change
|
|
3
|
+
add_column :<%= table_name %>, :provider, :string
|
|
4
|
+
add_column :<%= table_name %>, :uid, :string
|
|
5
|
+
end
|
|
6
|
+
|
|
7
|
+
add_index :<%= table_name %>, [:provider, :uid], unique: true
|
|
8
|
+
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: authentication-zero
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.
|
|
4
|
+
version: 2.7.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Nixon
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-03-
|
|
11
|
+
date: 2022-03-02 00:00:00.000000000 Z
|
|
12
12
|
dependencies: []
|
|
13
13
|
description:
|
|
14
14
|
email:
|
|
@@ -32,6 +32,7 @@ files:
|
|
|
32
32
|
- lib/authentication_zero/version.rb
|
|
33
33
|
- lib/generators/authentication/USAGE
|
|
34
34
|
- lib/generators/authentication/authentication_generator.rb
|
|
35
|
+
- lib/generators/authentication/templates/config/initializers/omniauth.rb
|
|
35
36
|
- lib/generators/authentication/templates/config/redis/shared.yml
|
|
36
37
|
- lib/generators/authentication/templates/controllers/api/email_verifications_controller.rb.tt
|
|
37
38
|
- lib/generators/authentication/templates/controllers/api/emails_controller.rb.tt
|
|
@@ -47,6 +48,7 @@ files:
|
|
|
47
48
|
- lib/generators/authentication/templates/controllers/html/registrations_controller.rb.tt
|
|
48
49
|
- lib/generators/authentication/templates/controllers/html/sessions_controller.rb.tt
|
|
49
50
|
- lib/generators/authentication/templates/controllers/html/sudos_controller.rb.tt
|
|
51
|
+
- lib/generators/authentication/templates/controllers/omniauth/omniauth_sessions_controller.rb.tt
|
|
50
52
|
- lib/generators/authentication/templates/erb/emails/edit.html.erb.tt
|
|
51
53
|
- lib/generators/authentication/templates/erb/identity_mailer/email_verify_confirmation.html.erb.tt
|
|
52
54
|
- lib/generators/authentication/templates/erb/identity_mailer/email_verify_confirmation.text.erb.tt
|
|
@@ -63,6 +65,7 @@ files:
|
|
|
63
65
|
- lib/generators/authentication/templates/erb/sudos/new.html.erb.tt
|
|
64
66
|
- lib/generators/authentication/templates/mailers/identity_mailer.rb.tt
|
|
65
67
|
- lib/generators/authentication/templates/mailers/session_mailer.rb.tt
|
|
68
|
+
- lib/generators/authentication/templates/migrations/add_omniauth_migration.rb.tt
|
|
66
69
|
- lib/generators/authentication/templates/migrations/create_sessions_migration.rb.tt
|
|
67
70
|
- lib/generators/authentication/templates/migrations/create_table_migration.rb.tt
|
|
68
71
|
- lib/generators/authentication/templates/models/current.rb.tt
|