RubyGems - authentication-zero - Versions diffs - 2.8.0 → 2.8.3 - Mend

authentication-zero 2.8.0 → 2.8.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (21) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2c14a071b3c939bbcbe5b14fb0ef71b3ba79651a8a50f91dbe4a4cb566ddd2e1
-  data.tar.gz: 543198b65f48bbc852ac4d084d14bef31a17f92e4c9780180f429b55baafea1b
+  metadata.gz: 7c761cc8c78b6706041724ca6313bb115f8263036a5d4ea94e50ea30c8928ebc
+  data.tar.gz: d9488244decbc2fbd95e4d46b6847d34b701b3f023c6bb37c26da19a67a7ab19
 SHA512:
-  metadata.gz: 1ae13f8453c42b2eb949683e28363b84b4bd84b4394f8871d9e351c442c64941270a41a3f75f74d1ed387c595ce84e6852b03b937e0427101d8788fe64f02144
-  data.tar.gz: bc7a6f40765bf0bd8caa091d64616f01df272575ae3010ae91fa799a7f189b1e33bd7bafedfe2eebf0e405c1755074d3b28cdb1df0d806649ef76969ebaccf52
+  metadata.gz: 9a09fd156b599aba36c0e27d6c96e07779fde672da91b2db7541d12ea2395f581114569f8036cd18cdf6a062d68b9cabacb543b76a5885aa4121a79768495831
+  data.tar.gz: bbdcd461f3effa96d83ffb631defa701eb4b174bc3ada9ce6782e906b136ed2c7d45f8f5c2b56b80d8caa95326f5fbcfa637759c44b3a731c356b3adef56b819

data/Gemfile.lock CHANGED Viewed

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    authentication-zero (2.8.0)
+    authentication-zero (2.8.3)
 GEM
   remote: https://rubygems.org/

data/README.md CHANGED Viewed

@@ -11,7 +11,7 @@ The purpose of authentication zero is to generate a pre-built authentication sys
 - Checks if a password has been found in any data breach (--pwned)
 - Authentication by cookie
 - Authentication by token (--api)
-- Social Login with OmniAuth (--omniauth)
+- Social Login with OmniAuth (--omniauthable)
 - Ask password before sensitive data changes, aka: sudo
 - Reset the user password and send reset instructions
 - Reset the user password only from verified emails
@@ -20,7 +20,6 @@ The purpose of authentication zero is to generate a pre-built authentication sys
 - Send e-mail confirmation when your email has been changed
 - Send e-mail notification when someone has logged into your account
 - Manage multiple sessions & devices
-- Cancel my account
 - Log out
 ## Security and best practices
@@ -62,20 +61,16 @@ Add these lines to your `app/views/home/index.html.erb`:
 <p>Signed as <%= Current.user.email %></p>
-<div>
-  <%= link_to "Change password", edit_password_path %>
-</div>
 <div>
   <%= link_to "Change email address", edit_identity_email_path %>
 </div>
 <div>
-  <%= link_to "Devices & Sessions", sessions_path %>
+  <%= link_to "Change password", edit_password_path %>
 </div>
 <div>
-  <%= button_to "Cancel my account & delete my data", registration_path, method: :delete  %>
+  <%= link_to "Devices & Sessions", sessions_path %>
 </div>
 <br>

data/lib/authentication_zero/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module AuthenticationZero
-  VERSION = "2.8.0"
+  VERSION = "2.8.3"
 end

data/lib/generators/authentication/authentication_generator.rb CHANGED Viewed

@@ -3,11 +3,11 @@ require "rails/generators/active_record"
 class AuthenticationGenerator < Rails::Generators::NamedBase
   include ActiveRecord::Generators::Migration
-  class_option :api,       type: :boolean, desc: "Generates API authentication"
-  class_option :pwned,     type: :boolean, desc: "Add pwned password validation"
-  class_option :lockable,  type: :boolean, desc: "Add password reset locking"
-  class_option :ratelimit, type: :boolean, desc: "Add request rate limiting"
-  class_option :omniauth,  type: :boolean, desc: "Add social login support"
+  class_option :api,          type: :boolean, desc: "Generates API authentication"
+  class_option :pwned,        type: :boolean, desc: "Add pwned password validation"
+  class_option :lockable,     type: :boolean, desc: "Add password reset locking"
+  class_option :ratelimit,    type: :boolean, desc: "Add request rate limiting"
+  class_option :omniauthable, type: :boolean, desc: "Add social login support"
   source_root File.expand_path("templates", __dir__)
@@ -24,7 +24,7 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
       gem "rack-ratelimit", group: :production, comment: "Use Rack::Ratelimit to rate limit requests [https://github.com/jeremy/rack-ratelimit]"
     end
-    if omniauth?
+    if omniauthable?
       gem "omniauth", comment: "Use OmniAuth to support multi-provider authentication [https://github.com/omniauth/omniauth]"
       gem "omniauth-rails_csrf_protection", comment: "Provides a mitigation against CVE-2015-9284 [https://github.com/cookpad/omniauth-rails_csrf_protection]"
     end
@@ -32,7 +32,7 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
   def create_configuration_files
      copy_file "config/redis/shared.yml", "config/redis/shared.yml" if options.lockable?
-     copy_file "config/initializers/omniauth.rb", "config/initializers/omniauth.rb" if omniauth?
+     copy_file "config/initializers/omniauth.rb", "config/initializers/omniauth.rb" if omniauthable?
   end
   def add_environment_configurations
@@ -47,7 +47,7 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
   def create_migrations
     migration_template "migrations/create_table_migration.rb", "#{db_migrate_path}/create_#{table_name}.rb"
     migration_template "migrations/create_sessions_migration.rb", "#{db_migrate_path}/create_sessions.rb"
-    migration_template "migrations/add_omniauth_migration.rb", "#{db_migrate_path}/add_omniauth_to_#{table_name}.rb" if omniauth?
+    migration_template "migrations/add_omniauth_migration.rb", "#{db_migrate_path}/add_omniauth_to_#{table_name}.rb" if omniauthable?
   end
   def create_models
@@ -106,7 +106,7 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
   def create_controllers
     directory "controllers/#{format_folder}", "app/controllers"
-    template  "controllers/omniauth_controller.rb", "app/controllers/sessions/omniauth_controller.rb" if omniauth?
+    template  "controllers/omniauth_controller.rb", "app/controllers/sessions/omniauth_controller.rb" if omniauthable?
   end
   def create_views
@@ -123,7 +123,7 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
   end
   def add_routes
-    if omniauth?
+    if omniauthable?
       route "post '/auth/:provider/callback', to: 'sessions/omniauth#create'"
       route "get '/auth/:provider/callback', to: 'sessions/omniauth#create'"
       route "get '/auth/failure', to: 'sessions/omniauth#failure'"
@@ -135,7 +135,6 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
     route "resource :sudo, only: [:new, :create]", namespace: :sessions
     route "resources :sessions, only: [:index, :show, :destroy]"
     route "resource :password, only: [:edit, :update]"
-    route "resource :registration, only: :destroy"
     route "post 'sign_up', to: 'registrations#create'"
     route "get 'sign_up', to: 'registrations#new'" unless options.api?
     route "post 'sign_in', to: 'sessions#create'"
@@ -152,7 +151,7 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
       options.api? ? "api" : "html"
     end
-    def omniauth?
-      options.omniauth? && !options.api?
+    def omniauthable?
+      options.omniauthable? && !options.api?
     end
 end

data/lib/generators/authentication/templates/controllers/api/registrations_controller.rb.tt CHANGED Viewed

@@ -1,5 +1,5 @@
 class RegistrationsController < ApplicationController
-  skip_before_action :authenticate, only: :create
+  skip_before_action :authenticate
   def create
     @<%= singular_table_name %> = <%= class_name %>.new(<%= "#{singular_table_name}_params" %>)
@@ -11,10 +11,6 @@ class RegistrationsController < ApplicationController
     end
   end
-  def destroy
-    Current.<%= singular_table_name %>.destroy
-  end
   private
     def <%= "#{singular_table_name}_params" %>
       params.permit(:email, :password, :password_confirmation)

data/lib/generators/authentication/templates/controllers/html/identity/emails_controller.rb.tt CHANGED Viewed

@@ -19,6 +19,6 @@ class Identity::EmailsController < ApplicationController
     end
     def <%= "#{singular_table_name}_params" %>
-      params.require(:<%= singular_table_name %>).permit(:email)
+      params.permit(:email)
     end
 end

data/lib/generators/authentication/templates/controllers/html/identity/password_resets_controller.rb.tt CHANGED Viewed

@@ -37,7 +37,7 @@ class Identity::PasswordResetsController < ApplicationController
     end
     def <%= "#{singular_table_name}_params" %>
-      params.require(:<%= singular_table_name %>).permit(:password, :password_confirmation)
+      params.permit(:password, :password_confirmation)
     end
 <% if options.lockable? %>
     def require_locking

data/lib/generators/authentication/templates/controllers/html/passwords_controller.rb.tt CHANGED Viewed

@@ -20,6 +20,6 @@ class PasswordsController < ApplicationController
     end
     def <%= "#{singular_table_name}_params" %>
-      params.require(:<%= singular_table_name %>).permit(:password, :password_confirmation)
+      params.permit(:password, :password_confirmation)
     end
 end

data/lib/generators/authentication/templates/controllers/html/registrations_controller.rb.tt CHANGED Viewed

@@ -1,5 +1,5 @@
 class RegistrationsController < ApplicationController
-  skip_before_action :authenticate, only: %i[ new create ]
+  skip_before_action :authenticate
   def new
     @<%= singular_table_name %> = <%= class_name %>.new
@@ -18,13 +18,9 @@ class RegistrationsController < ApplicationController
     end
   end
-  def destroy
-    Current.<%= singular_table_name %>.destroy; redirect_to(sign_in_path, notice: "Your account is closed")
-  end
   private
     def <%= "#{singular_table_name}_params" %>
-      params.require(:<%= singular_table_name %>).permit(:email, :password, :password_confirmation)
+      params.permit(:email, :password, :password_confirmation)
     end
     def session_params

data/lib/generators/authentication/templates/erb/identity/emails/edit.html.erb.tt CHANGED Viewed

@@ -8,7 +8,7 @@
   <p><%%= button_to "Re-send verification email", identity_email_verification_path %></p>
 <%% end %>
-<%%= form_with(model: @<%= model_resource_name %>, url: identity_email_path) do |form| %>
+<%%= form_with(url: identity_email_path, method: :patch) do |form| %>
   <%% if @<%= singular_table_name %>.errors.any? %>
     <div style="color: red">
       <h2><%%= pluralize(@<%= singular_table_name %>.errors.count, "error") %> prohibited this <%= singular_table_name %> from being saved:</h2>

data/lib/generators/authentication/templates/erb/identity/password_resets/edit.html.erb.tt CHANGED Viewed

@@ -1,6 +1,6 @@
 <h1>Reset your password</h1>
-<%%= form_with(model: @<%= model_resource_name %>, url: identity_password_reset_path) do |form| %>
+<%%= form_with(url: identity_password_reset_path, method: :patch) do |form| %>
   <%% if @<%= singular_table_name %>.errors.any? %>
     <div style="color: red">
       <h2><%%= pluralize(@<%= singular_table_name %>.errors.count, "error") %> prohibited this <%= singular_table_name %> from being saved:</h2>

data/lib/generators/authentication/templates/erb/passwords/edit.html.erb.tt CHANGED Viewed

@@ -2,7 +2,7 @@
 <h1>Change your password</h1>
-<%%= form_with(model: @<%= model_resource_name %>, url: password_path) do |form| %>
+<%%= form_with(url: password_path, method: :patch) do |form| %>
   <%% if @<%= singular_table_name %>.errors.any? %>
     <div style="color: red">
       <h2><%%= pluralize(@<%= singular_table_name %>.errors.count, "error") %> prohibited this <%= singular_table_name %> from being saved:</h2>

data/lib/generators/authentication/templates/erb/registrations/new.html.erb.tt CHANGED Viewed

@@ -1,6 +1,6 @@
 <h1>Sign up</h1>
-<%%= form_with(model: @<%= model_resource_name %>, url: sign_up_path) do |form| %>
+<%%= form_with(url: sign_up_path) do |form| %>
   <%% if @<%= singular_table_name %>.errors.any? %>
     <div style="color: red">
       <h2><%%= pluralize(@<%= singular_table_name %>.errors.count, "error") %> prohibited this <%= singular_table_name %> from being saved:</h2>

data/lib/generators/authentication/templates/test_unit/controllers/api/registrations_controller_test.rb.tt CHANGED Viewed

@@ -8,18 +8,4 @@ class RegistrationsControllerTest < ActionDispatch::IntegrationTest
     assert_response :created
   end
-  test "should destroy account" do
-    @<%= singular_table_name %>, @token = sign_in_as(<%= table_name %>(:lazaro_nixon))
-    assert_difference("<%= class_name %>.count", -1) do
-      delete registration_url, headers: { "Authorization" => "Bearer #{@token}" }
-    end
-    assert_response :no_content
-  end
-  def sign_in_as(<%= singular_table_name %>)
-    post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "Secret1*3*5*" }, headers: { "User-Agent" => "App iOS" }); [<%= singular_table_name %>, response.headers["X-Session-Token"]]
-  end
 end

data/lib/generators/authentication/templates/test_unit/controllers/html/identity/emails_controller_test.rb.tt CHANGED Viewed

@@ -18,14 +18,14 @@ class Identity::EmailsControllerTest < ActionDispatch::IntegrationTest
   end
   test "should update email" do
-    patch identity_email_url, params: { <%= singular_table_name %>: { email: "new_email@hey.com" } }
+    patch identity_email_url, params: { email: "new_email@hey.com" }
     assert_redirected_to root_url
   end
   test "should not update email without sudo" do
     @<%= singular_table_name %>.sessions.last.update! sudo_at: 1.day.ago
-    patch identity_email_url, params: { <%= singular_table_name %>: { email: "new_email@hey.com" } }
+    patch identity_email_url, params: { email: "new_email@hey.com" }
     assert_redirected_to new_sessions_sudo_url(proceed_to_url: identity_email_url)
   end

data/lib/generators/authentication/templates/test_unit/controllers/html/identity/password_resets_controller_test.rb.tt CHANGED Viewed

@@ -49,7 +49,7 @@ class Identity::PasswordResetsControllerTest < ActionDispatch::IntegrationTest
   end
   test "should update password" do
-    patch identity_password_reset_url, params: { token: @sid, <%= singular_table_name %>: { password: "Secret6*4*2*", password_confirmation: "Secret6*4*2*" } }
+    patch identity_password_reset_url, params: { token: @sid, password: "Secret6*4*2*", password_confirmation: "Secret6*4*2*" }
     assert_redirected_to sign_in_url
   end

data/lib/generators/authentication/templates/test_unit/controllers/html/passwords_controller_test.rb.tt CHANGED Viewed

@@ -11,12 +11,12 @@ class PasswordsControllerTest < ActionDispatch::IntegrationTest
   end
   test "should update password" do
-    patch password_url, params: { current_password: "Secret1*3*5*", <%= singular_table_name %>: { password: "Secret6*4*2*", password_confirmation: "Secret6*4*2*" } }
+    patch password_url, params: { current_password: "Secret1*3*5*", password: "Secret6*4*2*", password_confirmation: "Secret6*4*2*" }
     assert_redirected_to root_url
   end
   test "should not update password with wrong current password" do
-    patch password_url, params: { current_password: "SecretWrong1*3", <%= singular_table_name %>: { password: "Secret6*4*2*", password_confirmation: "Secret6*4*2*" } }
+    patch password_url, params: { current_password: "SecretWrong1*3", password: "Secret6*4*2*", password_confirmation: "Secret6*4*2*" }
     assert_redirected_to edit_password_url
     assert_equal "The current password you entered is incorrect", flash[:alert]

data/lib/generators/authentication/templates/test_unit/controllers/html/registrations_controller_test.rb.tt CHANGED Viewed

@@ -8,23 +8,9 @@ class RegistrationsControllerTest < ActionDispatch::IntegrationTest
   test "should sign up" do
     assert_difference("<%= class_name %>.count") do
-      post sign_up_url, params: { <%= singular_table_name %>: { email: "lazaronixon@hey.com", password: "Secret1*3*5*", password_confirmation: "Secret1*3*5*" } }, headers: { "User-Agent" => "Firefox" }
+      post sign_up_url, params: { email: "lazaronixon@hey.com", password: "Secret1*3*5*", password_confirmation: "Secret1*3*5*" }, headers: { "User-Agent" => "Firefox" }
     end
     assert_redirected_to root_url
   end
-  test "should destroy account" do
-    sign_in_as <%= table_name %>(:lazaro_nixon)
-    assert_difference("<%= class_name %>.count", -1) do
-      delete registration_url
-    end
-    assert_redirected_to sign_in_url
-  end
-  def sign_in_as(<%= singular_table_name %>)
-    post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "Secret1*3*5*" }, headers: { "User-Agent" => "Firefox" }); <%= singular_table_name %>
-  end
 end

data/lib/generators/authentication/templates/test_unit/system/registrations_test.rb.tt CHANGED Viewed

@@ -1,10 +1,6 @@
 require "application_system_test_case"
 class RegistrationsTest < ApplicationSystemTestCase
-  setup do
-    @<%= singular_table_name %> = <%= table_name %>(:lazaro_nixon)
-  end
   test "signing up" do
     visit sign_up_url
@@ -15,21 +11,4 @@ class RegistrationsTest < ApplicationSystemTestCase
     assert_text "Welcome! You have signed up successfully"
   end
-  test "cancelling my account" do
-    sign_in_as @<%= singular_table_name %>
-    click_on "Cancel my account & delete my data"
-    assert_text "Your account is closed"
-  end
-  def sign_in_as(<%= singular_table_name %>)
-    visit sign_in_url
-    fill_in :email, with: <%= singular_table_name %>.email
-    fill_in :password, with: "Secret1*3*5*"
-    click_on "Sign in"
-    assert_current_path root_url
-    return <%= singular_table_name %>
-  end
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: authentication-zero
 version: !ruby/object:Gem::Version
-  version: 2.8.0
+  version: 2.8.3
 platform: ruby
 authors:
 - Nixon
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-03-02 00:00:00.000000000 Z
+date: 2022-03-03 00:00:00.000000000 Z
 dependencies: []
 description:
 email: