RubyGems - authentication-zero - Versions diffs - 2.8.0 → 2.8.3 - Mend

authentication-zero 2.8.0 → 2.8.3

Files changed (21) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2c14a071b3c939bbcbe5b14fb0ef71b3ba79651a8a50f91dbe4a4cb566ddd2e1
-  data.tar.gz: 543198b65f48bbc852ac4d084d14bef31a17f92e4c9780180f429b55baafea1b
+  metadata.gz: 7c761cc8c78b6706041724ca6313bb115f8263036a5d4ea94e50ea30c8928ebc
+  data.tar.gz: d9488244decbc2fbd95e4d46b6847d34b701b3f023c6bb37c26da19a67a7ab19
 SHA512:
-  metadata.gz: 1ae13f8453c42b2eb949683e28363b84b4bd84b4394f8871d9e351c442c64941270a41a3f75f74d1ed387c595ce84e6852b03b937e0427101d8788fe64f02144
-  data.tar.gz: bc7a6f40765bf0bd8caa091d64616f01df272575ae3010ae91fa799a7f189b1e33bd7bafedfe2eebf0e405c1755074d3b28cdb1df0d806649ef76969ebaccf52
+  metadata.gz: 9a09fd156b599aba36c0e27d6c96e07779fde672da91b2db7541d12ea2395f581114569f8036cd18cdf6a062d68b9cabacb543b76a5885aa4121a79768495831
+  data.tar.gz: bbdcd461f3effa96d83ffb631defa701eb4b174bc3ada9ce6782e906b136ed2c7d45f8f5c2b56b80d8caa95326f5fbcfa637759c44b3a731c356b3adef56b819

data/Gemfile.lock CHANGED Viewed

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    authentication-zero (2.8.0)
+    authentication-zero (2.8.3)
 GEM
   remote: https://rubygems.org/

data/README.md CHANGED Viewed

@@ -11,7 +11,7 @@ The purpose of authentication zero is to generate a pre-built authentication sys
 - Checks if a password has been found in any data breach (--pwned)
 - Authentication by cookie
 - Authentication by token (--api)
-- Social Login with OmniAuth (--omniauth)
+- Social Login with OmniAuth (--omniauthable)
 - Ask password before sensitive data changes, aka: sudo
 - Reset the user password and send reset instructions
 - Reset the user password only from verified emails
@@ -20,7 +20,6 @@ The purpose of authentication zero is to generate a pre-built authentication sys
 - Send e-mail confirmation when your email has been changed
 - Send e-mail notification when someone has logged into your account
 - Manage multiple sessions & devices
-- Cancel my account
 - Log out
 ## Security and best practices
@@ -62,20 +61,16 @@ Add these lines to your `app/views/home/index.html.erb`:
 <p>Signed as <%= Current.user.email %></p>
-<div>
-  <%= link_to "Change password", edit_password_path %>
-</div>
 <div>
   <%= link_to "Change email address", edit_identity_email_path %>
 </div>
 <div>
-  <%= link_to "Devices & Sessions", sessions_path %>
+  <%= link_to "Change password", edit_password_path %>
 </div>
 <div>
-  <%= button_to "Cancel my account & delete my data", registration_path, method: :delete  %>
+  <%= link_to "Devices & Sessions", sessions_path %>
 </div>
 <br>

data/lib/authentication_zero/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module AuthenticationZero
-  VERSION = "2.8.0"
+  VERSION = "2.8.3"
 end

data/lib/generators/authentication/authentication_generator.rb CHANGED Viewed

@@ -3,11 +3,11 @@ require "rails/generators/active_record"
 class AuthenticationGenerator < Rails::Generators::NamedBase
   include ActiveRecord::Generators::Migration
-  class_option :api,       type: :boolean, desc: "Generates API authentication"
-  class_option :pwned,     type: :boolean, desc: "Add pwned password validation"
-  class_option :lockable,  type: :boolean, desc: "Add password reset locking"
-  class_option :ratelimit, type: :boolean, desc: "Add request rate limiting"
-  class_option :omniauth,  type: :boolean, desc: "Add social login support"
+  class_option :api,          type: :boolean, desc: "Generates API authentication"
+  class_option :pwned,        type: :boolean, desc: "Add pwned password validation"
+  class_option :lockable,     type: :boolean, desc: "Add password reset locking"
+  class_option :ratelimit,    type: :boolean, desc: "Add request rate limiting"
+  class_option :omniauthable, type: :boolean, desc: "Add social login support"
   source_root File.expand_path("templates", __dir__)
@@ -24,7 +24,7 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
       gem "rack-ratelimit", group: :production, comment: "Use Rack::Ratelimit to rate limit requests [https://github.com/jeremy/rack-ratelimit]"
     end
-    if omniauth?
+    if omniauthable?
       gem "omniauth", comment: "Use OmniAuth to support multi-provider authentication [https://github.com/omniauth/omniauth]"
       gem "omniauth-rails_csrf_protection", comment: "Provides a mitigation against CVE-2015-9284 [https://github.com/cookpad/omniauth-rails_csrf_protection]"
     end
@@ -32,7 +32,7 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
   def create_configuration_files
      copy_file "config/redis/shared.yml", "config/redis/shared.yml" if options.lockable?
-     copy_file "config/initializers/omniauth.rb", "config/initializers/omniauth.rb" if omniauth?
+     copy_file "config/initializers/omniauth.rb", "config/initializers/omniauth.rb" if omniauthable?
   end
   def add_environment_configurations
@@ -47,7 +47,7 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
   def create_migrations
     migration_template "migrations/create_table_migration.rb", "#{db_migrate_path}/create_#{table_name}.rb"
     migration_template "migrations/create_sessions_migration.rb", "#{db_migrate_path}/create_sessions.rb"
-    migration_template "migrations/add_omniauth_migration.rb", "#{db_migrate_path}/add_omniauth_to_#{table_name}.rb" if omniauth?
+    migration_template "migrations/add_omniauth_migration.rb", "#{db_migrate_path}/add_omniauth_to_#{table_name}.rb" if omniauthable?
   end
   def create_models
@@ -106,7 +106,7 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
   def create_controllers
     directory "controllers/#{format_folder}", "app/controllers"
-    template  "controllers/omniauth_controller.rb", "app/controllers/sessions/omniauth_controller.rb" if omniauth?
+    template  "controllers/omniauth_controller.rb", "app/controllers/sessions/omniauth_controller.rb" if omniauthable?
   end
   def create_views
@@ -123,7 +123,7 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
   end
   def add_routes
-    if omniauth?
+    if omniauthable?
       route "post '/auth/:provider/callback', to: 'sessions/omniauth#create'"
       route "get '/auth/:provider/callback', to: 'sessions/omniauth#create'"
       route "get '/auth/failure', to: 'sessions/omniauth#failure'"
@@ -135,7 +135,6 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
     route "resource :sudo, only: [:new, :create]", namespace: :sessions
     route "resources :sessions, only: [:index, :show, :destroy]"
     route "resource :password, only: [:edit, :update]"
-    route "resource :registration, only: :destroy"
     route "post 'sign_up', to: 'registrations#create'"
     route "get 'sign_up', to: 'registrations#new'" unless options.api?
     route "post 'sign_in', to: 'sessions#create'"
@@ -152,7 +151,7 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
       options.api? ? "api" : "html"
     end
-    def omniauth?
-      options.omniauth? && !options.api?
+    def omniauthable?
+      options.omniauthable? && !options.api?
     end
 end

data/lib/generators/authentication/templates/controllers/api/registrations_controller.rb.tt CHANGED Viewed

@@ -1,5 +1,5 @@
 class RegistrationsController < ApplicationController
-  skip_before_action :authenticate, only: :create
+  skip_before_action :authenticate
   def create
     @<%= singular_table_name %> = <%= class_name %>.new(<%= "#{singular_table_name}_params" %>)
@@ -11,10 +11,6 @@ class RegistrationsController < ApplicationController
     end
   end
-  def destroy
-    Current.<%= singular_table_name %>.destroy
-  end
   private
     def <%= "#{singular_table_name}_params" %>
       params.permit(:email, :password, :password_confirmation)

data/lib/generators/authentication/templates/controllers/html/identity/emails_controller.rb.tt CHANGED Viewed

@@ -19,6 +19,6 @@ class Identity::EmailsController < ApplicationController
     end
     def <%= "#{singular_table_name}_params" %>
-      params.require(:<%= singular_table_name %>).permit(:email)
+      params.permit(:email)
     end
 end

data/lib/generators/authentication/templates/controllers/html/identity/password_resets_controller.rb.tt CHANGED Viewed

@@ -37,7 +37,7 @@ class Identity::PasswordResetsController < ApplicationController
     end
     def <%= "#{singular_table_name}_params" %>
-      params.require(:<%= singular_table_name %>).permit(:password, :password_confirmation)
+      params.permit(:password, :password_confirmation)
     end
 <% if options.lockable? %>
     def require_locking

data/lib/generators/authentication/templates/controllers/html/passwords_controller.rb.tt CHANGED Viewed

@@ -20,6 +20,6 @@ class PasswordsController < ApplicationController
     end
     def <%= "#{singular_table_name}_params" %>
-      params.require(:<%= singular_table_name %>).permit(:password, :password_confirmation)
+      params.permit(:password, :password_confirmation)
     end
 end

data/lib/generators/authentication/templates/controllers/html/registrations_controller.rb.tt CHANGED Viewed

@@ -1,5 +1,5 @@
 class RegistrationsController < ApplicationController
-  skip_before_action :authenticate, only: %i[ new create ]
+  skip_before_action :authenticate
   def new
     @<%= singular_table_name %> = <%= class_name %>.new
@@ -18,13 +18,9 @@ class RegistrationsController < ApplicationController
     end
   end
-  def destroy
-    Current.<%= singular_table_name %>.destroy; redirect_to(sign_in_path, notice: "Your account is closed")
-  end
   private
     def <%= "#{singular_table_name}_params" %>
-      params.require(:<%= singular_table_name %>).permit(:email, :password, :password_confirmation)
+      params.permit(:email, :password, :password_confirmation)
     end
     def session_params

data/lib/generators/authentication/templates/erb/identity/emails/edit.html.erb.tt CHANGED Viewed

@@ -8,7 +8,7 @@
   <p><%%= button_to "Re-send verification email", identity_email_verification_path %></p>
 <%% end %>
-<%%= form_with(model: @<%= model_resource_name %>, url: identity_email_path) do |form| %>
+<%%= form_with(url: identity_email_path, method: :patch) do |form| %>
   <%% if @<%= singular_table_name %>.errors.any? %>
     <div style="color: red">
       <h2><%%= pluralize(@<%= singular_table_name %>.errors.count, "error") %> prohibited this <%= singular_table_name %> from being saved:</h2>

data/lib/generators/authentication/templates/erb/identity/password_resets/edit.html.erb.tt CHANGED Viewed

@@ -1,6 +1,6 @@
 <h1>Reset your password</h1>
-<%%= form_with(model: @<%= model_resource_name %>, url: identity_password_reset_path) do |form| %>
+<%%= form_with(url: identity_password_reset_path, method: :patch) do |form| %>
   <%% if @<%= singular_table_name %>.errors.any? %>
     <div style="color: red">
       <h2><%%= pluralize(@<%= singular_table_name %>.errors.count, "error") %> prohibited this <%= singular_table_name %> from being saved:</h2>

data/lib/generators/authentication/templates/erb/passwords/edit.html.erb.tt CHANGED Viewed

@@ -2,7 +2,7 @@
 <h1>Change your password</h1>
-<%%= form_with(model: @<%= model_resource_name %>, url: password_path) do |form| %>
+<%%= form_with(url: password_path, method: :patch) do |form| %>
   <%% if @<%= singular_table_name %>.errors.any? %>
     <div style="color: red">
       <h2><%%= pluralize(@<%= singular_table_name %>.errors.count, "error") %> prohibited this <%= singular_table_name %> from being saved:</h2>

data/lib/generators/authentication/templates/erb/registrations/new.html.erb.tt CHANGED Viewed

@@ -1,6 +1,6 @@
 <h1>Sign up</h1>
-<%%= form_with(model: @<%= model_resource_name %>, url: sign_up_path) do |form| %>
+<%%= form_with(url: sign_up_path) do |form| %>
   <%% if @<%= singular_table_name %>.errors.any? %>
     <div style="color: red">
       <h2><%%= pluralize(@<%= singular_table_name %>.errors.count, "error") %> prohibited this <%= singular_table_name %> from being saved:</h2>

data/lib/generators/authentication/templates/test_unit/controllers/api/registrations_controller_test.rb.tt CHANGED Viewed

@@ -8,18 +8,4 @@ class RegistrationsControllerTest < ActionDispatch::IntegrationTest
     assert_response :created
   end
-  test "should destroy account" do
-    @<%= singular_table_name %>, @token = sign_in_as(<%= table_name %>(:lazaro_nixon))
-    assert_difference("<%= class_name %>.count", -1) do
-      delete registration_url, headers: { "Authorization" => "Bearer #{@token}" }
-    end
-    assert_response :no_content
-  end
-  def sign_in_as(<%= singular_table_name %>)
-    post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "Secret1*3*5*" }, headers: { "User-Agent" => "App iOS" }); [<%= singular_table_name %>, response.headers["X-Session-Token"]]
-  end
 end

data/lib/generators/authentication/templates/test_unit/controllers/html/identity/emails_controller_test.rb.tt CHANGED Viewed

@@ -18,14 +18,14 @@ class Identity::EmailsControllerTest < ActionDispatch::IntegrationTest
   end
   test "should update email" do
-    patch identity_email_url, params: { <%= singular_table_name %>: { email: "new_email@hey.com" } }
+    patch identity_email_url, params: { email: "new_email@hey.com" }
     assert_redirected_to root_url
   end
   test "should not update email without sudo" do
     @<%= singular_table_name %>.sessions.last.update! sudo_at: 1.day.ago
-    patch identity_email_url, params: { <%= singular_table_name %>: { email: "new_email@hey.com" } }
+    patch identity_email_url, params: { email: "new_email@hey.com" }
     assert_redirected_to new_sessions_sudo_url(proceed_to_url: identity_email_url)
   end

data/lib/generators/authentication/templates/test_unit/controllers/html/identity/password_resets_controller_test.rb.tt CHANGED Viewed

@@ -49,7 +49,7 @@ class Identity::PasswordResetsControllerTest < ActionDispatch::IntegrationTest
   end
   test "should update password" do
-    patch identity_password_reset_url, params: { token: @sid, <%= singular_table_name %>: { password: "Secret6*4*2*", password_confirmation: "Secret6*4*2*" } }
+    patch identity_password_reset_url, params: { token: @sid, password: "Secret6*4*2*", password_confirmation: "Secret6*4*2*" }
     assert_redirected_to sign_in_url
   end

data/lib/generators/authentication/templates/test_unit/controllers/html/passwords_controller_test.rb.tt CHANGED Viewed

@@ -11,12 +11,12 @@ class PasswordsControllerTest < ActionDispatch::IntegrationTest
   end
   test "should update password" do
-    patch password_url, params: { current_password: "Secret1*3*5*", <%= singular_table_name %>: { password: "Secret6*4*2*", password_confirmation: "Secret6*4*2*" } }
+    patch password_url, params: { current_password: "Secret1*3*5*", password: "Secret6*4*2*", password_confirmation: "Secret6*4*2*" }
     assert_redirected_to root_url
   end
   test "should not update password with wrong current password" do
-    patch password_url, params: { current_password: "SecretWrong1*3", <%= singular_table_name %>: { password: "Secret6*4*2*", password_confirmation: "Secret6*4*2*" } }
+    patch password_url, params: { current_password: "SecretWrong1*3", password: "Secret6*4*2*", password_confirmation: "Secret6*4*2*" }
     assert_redirected_to edit_password_url
     assert_equal "The current password you entered is incorrect", flash[:alert]

data/lib/generators/authentication/templates/test_unit/controllers/html/registrations_controller_test.rb.tt CHANGED Viewed

@@ -8,23 +8,9 @@ class RegistrationsControllerTest < ActionDispatch::IntegrationTest
   test "should sign up" do
     assert_difference("<%= class_name %>.count") do
-      post sign_up_url, params: { <%= singular_table_name %>: { email: "lazaronixon@hey.com", password: "Secret1*3*5*", password_confirmation: "Secret1*3*5*" } }, headers: { "User-Agent" => "Firefox" }
+      post sign_up_url, params: { email: "lazaronixon@hey.com", password: "Secret1*3*5*", password_confirmation: "Secret1*3*5*" }, headers: { "User-Agent" => "Firefox" }
     end
     assert_redirected_to root_url
   end
-  test "should destroy account" do
-    sign_in_as <%= table_name %>(:lazaro_nixon)
-    assert_difference("<%= class_name %>.count", -1) do
-      delete registration_url
-    end
-    assert_redirected_to sign_in_url
-  end
-  def sign_in_as(<%= singular_table_name %>)
-    post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "Secret1*3*5*" }, headers: { "User-Agent" => "Firefox" }); <%= singular_table_name %>
-  end
 end

data/lib/generators/authentication/templates/test_unit/system/registrations_test.rb.tt CHANGED Viewed

@@ -1,10 +1,6 @@
 require "application_system_test_case"
 class RegistrationsTest < ApplicationSystemTestCase
-  setup do
-    @<%= singular_table_name %> = <%= table_name %>(:lazaro_nixon)
-  end
   test "signing up" do
     visit sign_up_url
@@ -15,21 +11,4 @@ class RegistrationsTest < ApplicationSystemTestCase
     assert_text "Welcome! You have signed up successfully"
   end
-  test "cancelling my account" do
-    sign_in_as @<%= singular_table_name %>
-    click_on "Cancel my account & delete my data"
-    assert_text "Your account is closed"
-  end
-  def sign_in_as(<%= singular_table_name %>)
-    visit sign_in_url
-    fill_in :email, with: <%= singular_table_name %>.email
-    fill_in :password, with: "Secret1*3*5*"
-    click_on "Sign in"
-    assert_current_path root_url
-    return <%= singular_table_name %>
-  end
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: authentication-zero
 version: !ruby/object:Gem::Version
-  version: 2.8.0
+  version: 2.8.3
 platform: ruby
 authors:
 - Nixon
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-03-02 00:00:00.000000000 Z
+date: 2022-03-03 00:00:00.000000000 Z
 dependencies: []
 description:
 email: