authentication-zero 2.9.2 → 2.11.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.rubocop.yml +15 -0
- data/CHANGELOG.md +10 -0
- data/Gemfile.lock +1 -1
- data/README.md +8 -3
- data/authentication-zero-api.md +0 -3
- data/lib/authentication_zero/version.rb +1 -1
- data/lib/generators/authentication/authentication_generator.rb +47 -73
- data/lib/generators/authentication/templates/controllers/api/application_controller.rb.tt +27 -0
- data/lib/generators/authentication/templates/controllers/api/identity/emails_controller.rb.tt +3 -2
- data/lib/generators/authentication/templates/controllers/api/identity/password_resets_controller.rb.tt +4 -4
- data/lib/generators/authentication/templates/controllers/api/sessions/sudos_controller.rb.tt +1 -1
- data/lib/generators/authentication/templates/controllers/html/application_controller.rb.tt +25 -0
- data/lib/generators/authentication/templates/controllers/html/identity/emails_controller.rb.tt +3 -2
- data/lib/generators/authentication/templates/controllers/html/identity/password_resets_controller.rb.tt +4 -4
- data/lib/generators/authentication/templates/controllers/html/sessions/sudos_controller.rb.tt +4 -4
- data/lib/generators/authentication/templates/controllers/html/sessions_controller.rb.tt +13 -0
- data/lib/generators/authentication/templates/controllers/html/two_factor_authentication/challenges_controller.rb.tt +28 -0
- data/lib/generators/authentication/templates/controllers/html/two_factor_authentication/totps_controller.rb.tt +27 -0
- data/lib/generators/authentication/templates/erb/identity/emails/edit.html.erb.tt +5 -0
- data/lib/generators/authentication/templates/erb/identity/password_resets/edit.html.erb.tt +1 -1
- data/lib/generators/authentication/templates/erb/passwords/edit.html.erb.tt +2 -2
- data/lib/generators/authentication/templates/erb/sessions/sudos/new.html.erb.tt +2 -2
- data/lib/generators/authentication/templates/erb/two_factor_authentication/challenges/new.html.erb.tt +16 -0
- data/lib/generators/authentication/templates/erb/two_factor_authentication/totps/new.html.erb.tt +33 -0
- data/lib/generators/authentication/templates/migrations/create_sessions_migration.rb.tt +0 -3
- data/lib/generators/authentication/templates/migrations/create_table_migration.rb.tt +7 -4
- data/lib/generators/authentication/templates/models/model.rb.tt +8 -8
- data/lib/generators/authentication/templates/models/session.rb.tt +10 -3
- data/lib/generators/authentication/templates/test_unit/application_system_test_case.rb.tt +15 -0
- data/lib/generators/authentication/templates/test_unit/controllers/api/identity/email_verifications_controller_test.rb.tt +8 -8
- data/lib/generators/authentication/templates/test_unit/controllers/api/identity/emails_controller_test.rb.tt +9 -11
- data/lib/generators/authentication/templates/test_unit/controllers/api/identity/password_resets_controller_test.rb.tt +0 -3
- data/lib/generators/authentication/templates/test_unit/controllers/api/passwords_controller_test.rb.tt +6 -6
- data/lib/generators/authentication/templates/test_unit/controllers/api/sessions_controller_test.rb.tt +7 -7
- data/lib/generators/authentication/templates/test_unit/controllers/html/identity/email_verifications_controller_test.rb.tt +0 -4
- data/lib/generators/authentication/templates/test_unit/controllers/html/identity/emails_controller_test.rb.tt +5 -16
- data/lib/generators/authentication/templates/test_unit/controllers/html/identity/password_resets_controller_test.rb.tt +0 -3
- data/lib/generators/authentication/templates/test_unit/controllers/html/passwords_controller_test.rb.tt +0 -4
- data/lib/generators/authentication/templates/test_unit/controllers/html/sessions_controller_test.rb.tt +0 -4
- data/lib/generators/authentication/templates/test_unit/system/identity/emails_test.rb.tt +1 -10
- data/lib/generators/authentication/templates/test_unit/system/identity/password_resets_test.rb.tt +0 -3
- data/lib/generators/authentication/templates/test_unit/system/passwords_test.rb.tt +0 -10
- data/lib/generators/authentication/templates/test_unit/system/sessions_test.rb.tt +0 -10
- data/lib/generators/authentication/templates/test_unit/test_helper.rb.tt +22 -0
- metadata +11 -5
- data/lib/generators/authentication/templates/test_unit/controllers/api/sessions/sudos_controller_test.rb.tt +0 -24
- data/lib/generators/authentication/templates/test_unit/controllers/html/sessions/sudos_controller_test.rb.tt +0 -26
- data/lib/generators/authentication/templates/test_unit/system/sessions/sudos_test.rb.tt +0 -25
data/lib/generators/authentication/templates/erb/two_factor_authentication/totps/new.html.erb.tt
ADDED
@@ -0,0 +1,33 @@
|
|
1
|
+
<p style="color: red"><%%= alert %></p>
|
2
|
+
|
3
|
+
<h1>Upgrade your security with 2FA</h1>
|
4
|
+
|
5
|
+
<h2>Step 1: Get an Authenticator App</h2>
|
6
|
+
<p>First, you'll need a 2FA authenticator app on your phone. <strong>If you already have one, skip to step 2.</strong></p>
|
7
|
+
<p><strong>If you don't have one, or you aren't sure, we recommend Microsoft Authenticator</strong>. You can download it free on the Apple App Store for iPhone, or Google Play Store for Android. Please grab your phone, search the store, and install it now.</p>
|
8
|
+
|
9
|
+
<h2>Step 2: Scan + Enter the Code</h2>
|
10
|
+
<p>Next, open the authenticator app, tap "Scan QR code" or "+", and, when it asks, point your phone's camera at this QR code picture below.</p>
|
11
|
+
|
12
|
+
<figure>
|
13
|
+
<%%= image_tag @qr_code.as_png(resize_exactly_to: 200).to_data_url%>
|
14
|
+
<figcaption>Point your camera here</figcaption>
|
15
|
+
</figure>
|
16
|
+
|
17
|
+
<%%= form_with(url: two_factor_authentication_totp_path) do |form| %>
|
18
|
+
<%%= form.hidden_field :secret, value: @totp.secret %>
|
19
|
+
|
20
|
+
<div>
|
21
|
+
<%%= form.label :current_password, style: "display: block" %>
|
22
|
+
<%%= form.password_field :current_password, required: true, autofocus: true, autocomplete: "current-password" %>
|
23
|
+
</div>
|
24
|
+
|
25
|
+
<div>
|
26
|
+
<%%= form.label :code, "After scanning with your camera, the app will generate a six-digit code. Enter it here:", style: "display: block" %>
|
27
|
+
<%%= form.text_field :code, autofocus: true, required: true, autocomplete: :off %>
|
28
|
+
</div>
|
29
|
+
|
30
|
+
<div>
|
31
|
+
<%%= form.submit "Verify and active" %>
|
32
|
+
</div>
|
33
|
+
<%% end %>
|
@@ -2,12 +2,9 @@ class <%= migration_class_name %> < ActiveRecord::Migration[<%= ActiveRecord::Mi
|
|
2
2
|
def change
|
3
3
|
create_table :sessions do |t|
|
4
4
|
t.references :<%= singular_table_name %>, null: false, foreign_key: true
|
5
|
-
|
6
5
|
t.string :user_agent
|
7
6
|
t.string :ip_address
|
8
7
|
|
9
|
-
t.datetime :sudo_at, null: false
|
10
|
-
|
11
8
|
t.timestamps
|
12
9
|
end
|
13
10
|
end
|
@@ -5,17 +5,20 @@ class <%= migration_class_name %> < ActiveRecord::Migration[<%= ActiveRecord::Mi
|
|
5
5
|
t.string :password_digest, null: false
|
6
6
|
|
7
7
|
t.boolean :verified, null: false, default: false
|
8
|
-
|
8
|
+
<%- if two_factor? %>
|
9
|
+
t.string :otp_secret
|
10
|
+
<%- end -%>
|
11
|
+
<%- if omniauthable? %>
|
9
12
|
t.string :provider
|
10
13
|
t.string :uid
|
11
|
-
|
14
|
+
<%- end -%>
|
12
15
|
|
13
16
|
t.timestamps
|
14
17
|
end
|
15
18
|
|
16
19
|
add_index :<%= table_name %>, :email, unique: true
|
17
|
-
|
20
|
+
<%- if omniauthable? -%>
|
18
21
|
add_index :<%= table_name %>, [:provider, :uid], unique: true
|
19
|
-
|
22
|
+
<%- end -%>
|
20
23
|
end
|
21
24
|
end
|
@@ -2,18 +2,18 @@ class <%= class_name %> < ApplicationRecord
|
|
2
2
|
has_secure_password
|
3
3
|
|
4
4
|
has_many :sessions, dependent: :destroy
|
5
|
-
|
5
|
+
<%- if options.trackable? -%>
|
6
6
|
has_many :events, dependent: :destroy
|
7
|
-
|
7
|
+
<%- end -%>
|
8
8
|
|
9
9
|
validates :email, presence: true, uniqueness: true
|
10
10
|
validates_format_of :email, with: /\A[^@\s]+@[^@\s]+\z/
|
11
11
|
|
12
|
-
validates_length_of :password, minimum: 12,
|
13
|
-
validates_format_of :password, with: /(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])/,
|
14
|
-
|
12
|
+
validates_length_of :password, minimum: 12, allow_nil: true
|
13
|
+
validates_format_of :password, with: /(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])/, allow_nil: true, message: "might easily be guessed"
|
14
|
+
<%- if options.pwned? -%>
|
15
15
|
validates :password, not_pwned: { message: "might easily be guessed" }
|
16
|
-
|
16
|
+
<%- end -%>
|
17
17
|
|
18
18
|
before_validation do
|
19
19
|
self.email = email.downcase.strip
|
@@ -30,7 +30,7 @@ class <%= class_name %> < ApplicationRecord
|
|
30
30
|
after_save_commit if: :email_previously_changed? do
|
31
31
|
IdentityMailer.with(user: self).email_verify_confirmation.deliver_later
|
32
32
|
end
|
33
|
-
|
33
|
+
<%- if options.trackable? %>
|
34
34
|
after_save_commit if: :email_previously_changed? do
|
35
35
|
events.create! action: "email_verification_requested"
|
36
36
|
end
|
@@ -42,5 +42,5 @@ class <%= class_name %> < ApplicationRecord
|
|
42
42
|
after_update if: :verified_previously_changed? do
|
43
43
|
events.create! action: "email_verified" if verified?
|
44
44
|
end
|
45
|
-
|
45
|
+
<%- end -%>
|
46
46
|
end
|
@@ -1,16 +1,23 @@
|
|
1
1
|
class Session < ApplicationRecord
|
2
2
|
belongs_to :<%= singular_table_name %>
|
3
|
+
<%- if options.sudoable? %>
|
4
|
+
kredis_flag :sudo
|
5
|
+
<%- end -%>
|
3
6
|
|
4
7
|
before_create do
|
5
8
|
self.user_agent = Current.user_agent
|
6
9
|
self.ip_address = Current.ip_address
|
7
|
-
self.sudo_at = Time.current
|
8
10
|
end
|
11
|
+
<%- if options.sudoable? %>
|
12
|
+
after_create_commit do
|
13
|
+
self.sudo.mark expires_in: 30.minutes
|
14
|
+
end
|
15
|
+
<%- end -%>
|
9
16
|
|
10
17
|
after_create_commit do
|
11
18
|
SessionMailer.with(session: self).signed_in_notification.deliver_later
|
12
19
|
end
|
13
|
-
|
20
|
+
<%- if options.trackable? %>
|
14
21
|
after_create do
|
15
22
|
<%= singular_table_name %>.events.create! action: "signed_in"
|
16
23
|
end
|
@@ -18,5 +25,5 @@ class Session < ApplicationRecord
|
|
18
25
|
after_destroy do
|
19
26
|
<%= singular_table_name %>.events.create! action: "signed_out"
|
20
27
|
end
|
21
|
-
|
28
|
+
<%- end -%>
|
22
29
|
end
|
@@ -0,0 +1,15 @@
|
|
1
|
+
require "test_helper"
|
2
|
+
|
3
|
+
class ApplicationSystemTestCase < ActionDispatch::SystemTestCase
|
4
|
+
driven_by :selenium, using: :chrome, screen_size: [1400, 1400]
|
5
|
+
|
6
|
+
def sign_in_as(<%= singular_table_name %>)
|
7
|
+
visit sign_in_url
|
8
|
+
fill_in :email, with: <%= singular_table_name %>.email
|
9
|
+
fill_in :password, with: "Secret1*3*5*"
|
10
|
+
click_on "Sign in"
|
11
|
+
|
12
|
+
assert_current_path root_url
|
13
|
+
<%= singular_table_name %>
|
14
|
+
end
|
15
|
+
end
|
@@ -9,21 +9,25 @@ class Identity::EmailVerificationsControllerTest < ActionDispatch::IntegrationTe
|
|
9
9
|
@<%= singular_table_name %>.update! verified: false
|
10
10
|
end
|
11
11
|
|
12
|
+
def default_headers
|
13
|
+
{ "Authorization" => "Bearer #{@token}" }
|
14
|
+
end
|
15
|
+
|
12
16
|
test "should send a verification email" do
|
13
17
|
assert_enqueued_email_with IdentityMailer, :email_verify_confirmation, args: { <%= singular_table_name %>: @<%= singular_table_name %> } do
|
14
|
-
post identity_email_verification_url, headers:
|
18
|
+
post identity_email_verification_url, headers: default_headers
|
15
19
|
end
|
16
20
|
|
17
21
|
assert_response :no_content
|
18
22
|
end
|
19
23
|
|
20
24
|
test "should verify email" do
|
21
|
-
get edit_identity_email_verification_url, params: { token: @sid, email: @<%= singular_table_name %>.email }, headers:
|
25
|
+
get edit_identity_email_verification_url, params: { token: @sid, email: @<%= singular_table_name %>.email }, headers: default_headers
|
22
26
|
assert_response :no_content
|
23
27
|
end
|
24
28
|
|
25
29
|
test "should not verify email with expired token" do
|
26
|
-
get edit_identity_email_verification_url, params: { token: @sid_exp, email: @<%= singular_table_name %>.email }, headers:
|
30
|
+
get edit_identity_email_verification_url, params: { token: @sid_exp, email: @<%= singular_table_name %>.email }, headers: default_headers
|
27
31
|
|
28
32
|
assert_response :bad_request
|
29
33
|
assert_equal "That email verification link is invalid", response.parsed_body["error"]
|
@@ -32,13 +36,9 @@ class Identity::EmailVerificationsControllerTest < ActionDispatch::IntegrationTe
|
|
32
36
|
test "should not verify email with previous token" do
|
33
37
|
@<%= singular_table_name %>.update! email: "other_email@hey.com"
|
34
38
|
|
35
|
-
get edit_identity_email_verification_url, params: { token: @sid, email: @<%= singular_table_name %>.email_previously_was }, headers:
|
39
|
+
get edit_identity_email_verification_url, params: { token: @sid, email: @<%= singular_table_name %>.email_previously_was }, headers: default_headers
|
36
40
|
|
37
41
|
assert_response :bad_request
|
38
42
|
assert_equal "That email verification link is invalid", response.parsed_body["error"]
|
39
43
|
end
|
40
|
-
|
41
|
-
def sign_in_as(<%= singular_table_name %>)
|
42
|
-
post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "Secret1*3*5*" }); [<%= singular_table_name %>, response.headers["X-Session-Token"]]
|
43
|
-
end
|
44
44
|
end
|
@@ -5,21 +5,19 @@ class Identity::EmailsControllerTest < ActionDispatch::IntegrationTest
|
|
5
5
|
@<%= singular_table_name %>, @token = sign_in_as(<%= table_name %>(:lazaro_nixon))
|
6
6
|
end
|
7
7
|
|
8
|
+
def default_headers
|
9
|
+
{ "Authorization" => "Bearer #{@token}" }
|
10
|
+
end
|
11
|
+
|
8
12
|
test "should update email" do
|
9
|
-
patch identity_email_url, params: { email: "new_email@hey.com"
|
13
|
+
patch identity_email_url, params: { email: "new_email@hey.com", current_password: "Secret1*3*5*" }, headers: default_headers
|
10
14
|
assert_response :success
|
11
15
|
end
|
12
16
|
|
13
|
-
test "should not update email
|
14
|
-
|
15
|
-
|
16
|
-
patch identity_email_url, params: { email: "new_email@hey.com" }, headers: { "Authorization" => "Bearer #{@token}" }
|
17
|
-
|
18
|
-
assert_response :forbidden
|
19
|
-
assert_equal "Enter your password to continue", response.parsed_body["error"]
|
20
|
-
end
|
17
|
+
test "should not update email with wrong current password" do
|
18
|
+
patch identity_email_url, params: { email: "new_email@hey.com", current_password: "SecretWrong1*3" }, headers: default_headers
|
21
19
|
|
22
|
-
|
23
|
-
|
20
|
+
assert_response :bad_request
|
21
|
+
assert_equal "The password you entered is incorrect", response.parsed_body["error"]
|
24
22
|
end
|
25
23
|
end
|
@@ -6,9 +6,6 @@ class Identity::PasswordResetsControllerTest < ActionDispatch::IntegrationTest
|
|
6
6
|
@sid = @<%= singular_table_name %>.signed_id(purpose: :password_reset, expires_in: 20.minutes)
|
7
7
|
@sid_exp = @<%= singular_table_name %>.signed_id(purpose: :password_reset, expires_in: 0.minutes)
|
8
8
|
end
|
9
|
-
<% if options.lockable? %>
|
10
|
-
teardown { Kredis.clear_all }
|
11
|
-
<% end -%>
|
12
9
|
|
13
10
|
test "should send a password reset email" do
|
14
11
|
assert_enqueued_email_with IdentityMailer, :password_reset_provision, args: { <%= singular_table_name %>: @<%= singular_table_name %> } do
|
@@ -5,19 +5,19 @@ class PasswordsControllerTest < ActionDispatch::IntegrationTest
|
|
5
5
|
@<%= singular_table_name %>, @token = sign_in_as(<%= table_name %>(:lazaro_nixon))
|
6
6
|
end
|
7
7
|
|
8
|
+
def default_headers
|
9
|
+
{ "Authorization" => "Bearer #{@token}" }
|
10
|
+
end
|
11
|
+
|
8
12
|
test "should update password" do
|
9
|
-
patch password_url, params: { current_password: "Secret1*3*5*", password: "Secret6*4*2*", password_confirmation: "Secret6*4*2*" }, headers:
|
13
|
+
patch password_url, params: { current_password: "Secret1*3*5*", password: "Secret6*4*2*", password_confirmation: "Secret6*4*2*" }, headers: default_headers
|
10
14
|
assert_response :success
|
11
15
|
end
|
12
16
|
|
13
17
|
test "should not update password with wrong current password" do
|
14
|
-
patch password_url, params: { current_password: "SecretWrong1*3", password: "Secret6*4*2*", password_confirmation: "Secret6*4*2*" }, headers:
|
18
|
+
patch password_url, params: { current_password: "SecretWrong1*3", password: "Secret6*4*2*", password_confirmation: "Secret6*4*2*" }, headers: default_headers
|
15
19
|
|
16
20
|
assert_response :bad_request
|
17
21
|
assert_equal "The current password you entered is incorrect", response.parsed_body["error"]
|
18
22
|
end
|
19
|
-
|
20
|
-
def sign_in_as(<%= singular_table_name %>)
|
21
|
-
post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "Secret1*3*5*" }); [<%= singular_table_name %>, response.headers["X-Session-Token"]]
|
22
|
-
end
|
23
23
|
end
|
@@ -5,13 +5,17 @@ class SessionsControllerTest < ActionDispatch::IntegrationTest
|
|
5
5
|
@<%= singular_table_name %>, @token = sign_in_as(<%= table_name %>(:lazaro_nixon))
|
6
6
|
end
|
7
7
|
|
8
|
+
def default_headers
|
9
|
+
{ "Authorization" => "Bearer #{@token}" }
|
10
|
+
end
|
11
|
+
|
8
12
|
test "should get index" do
|
9
|
-
get sessions_url, headers:
|
13
|
+
get sessions_url, headers: default_headers
|
10
14
|
assert_response :success
|
11
15
|
end
|
12
16
|
|
13
17
|
test "should show session" do
|
14
|
-
get session_url(@<%= singular_table_name %>.sessions.last), headers:
|
18
|
+
get session_url(@<%= singular_table_name %>.sessions.last), headers: default_headers
|
15
19
|
assert_response :success
|
16
20
|
end
|
17
21
|
|
@@ -28,11 +32,7 @@ class SessionsControllerTest < ActionDispatch::IntegrationTest
|
|
28
32
|
end
|
29
33
|
|
30
34
|
test "should sign out" do
|
31
|
-
delete session_url(@<%= singular_table_name %>.sessions.last), headers:
|
35
|
+
delete session_url(@<%= singular_table_name %>.sessions.last), headers: default_headers
|
32
36
|
assert_response :no_content
|
33
37
|
end
|
34
|
-
|
35
|
-
def sign_in_as(<%= singular_table_name %>)
|
36
|
-
post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "Secret1*3*5*" }); [<%= singular_table_name %>, response.headers["X-Session-Token"]]
|
37
|
-
end
|
38
38
|
end
|
@@ -37,8 +37,4 @@ class Identity::EmailVerificationsControllerTest < ActionDispatch::IntegrationTe
|
|
37
37
|
assert_redirected_to edit_identity_email_url
|
38
38
|
assert_equal "That email verification link is invalid", flash[:alert]
|
39
39
|
end
|
40
|
-
|
41
|
-
def sign_in_as(<%= singular_table_name %>)
|
42
|
-
post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "Secret1*3*5*" }); <%= singular_table_name %>
|
43
|
-
end
|
44
40
|
end
|
@@ -10,26 +10,15 @@ class Identity::EmailsControllerTest < ActionDispatch::IntegrationTest
|
|
10
10
|
assert_response :success
|
11
11
|
end
|
12
12
|
|
13
|
-
test "should not get edit without sudo" do
|
14
|
-
@<%= singular_table_name %>.sessions.last.update! sudo_at: 1.day.ago
|
15
|
-
|
16
|
-
get edit_identity_email_url
|
17
|
-
assert_redirected_to new_sessions_sudo_url(proceed_to_url: edit_identity_email_url)
|
18
|
-
end
|
19
|
-
|
20
13
|
test "should update email" do
|
21
|
-
patch identity_email_url, params: { email: "new_email@hey.com" }
|
14
|
+
patch identity_email_url, params: { email: "new_email@hey.com", current_password: "Secret1*3*5*" }
|
22
15
|
assert_redirected_to root_url
|
23
16
|
end
|
24
17
|
|
25
|
-
test "should not update email
|
26
|
-
|
27
|
-
|
28
|
-
patch identity_email_url, params: { email: "new_email@hey.com" }
|
29
|
-
assert_redirected_to new_sessions_sudo_url(proceed_to_url: identity_email_url)
|
30
|
-
end
|
18
|
+
test "should not update email with wrong current password" do
|
19
|
+
patch identity_email_url, params: { email: "new_email@hey.com", current_password: "SecretWrong1*3" }
|
31
20
|
|
32
|
-
|
33
|
-
|
21
|
+
assert_redirected_to edit_identity_email_url
|
22
|
+
assert_equal "The password you entered is incorrect", flash[:alert]
|
34
23
|
end
|
35
24
|
end
|
@@ -6,9 +6,6 @@ class Identity::PasswordResetsControllerTest < ActionDispatch::IntegrationTest
|
|
6
6
|
@sid = @<%= singular_table_name %>.signed_id(purpose: :password_reset, expires_in: 20.minutes)
|
7
7
|
@sid_exp = @<%= singular_table_name %>.signed_id(purpose: :password_reset, expires_in: 0.minutes)
|
8
8
|
end
|
9
|
-
<% if options.lockable? %>
|
10
|
-
teardown { Kredis.clear_all }
|
11
|
-
<% end -%>
|
12
9
|
|
13
10
|
test "should get new" do
|
14
11
|
get new_identity_password_reset_url
|
@@ -21,8 +21,4 @@ class PasswordsControllerTest < ActionDispatch::IntegrationTest
|
|
21
21
|
assert_redirected_to edit_password_url
|
22
22
|
assert_equal "The current password you entered is incorrect", flash[:alert]
|
23
23
|
end
|
24
|
-
|
25
|
-
def sign_in_as(<%= singular_table_name %>)
|
26
|
-
post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "Secret1*3*5*" }); <%= singular_table_name %>
|
27
|
-
end
|
28
24
|
end
|
@@ -45,8 +45,4 @@ class SessionsControllerTest < ActionDispatch::IntegrationTest
|
|
45
45
|
follow_redirect!
|
46
46
|
assert_redirected_to sign_in_url
|
47
47
|
end
|
48
|
-
|
49
|
-
def sign_in_as(<%= singular_table_name %>)
|
50
|
-
post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "Secret1*3*5*" }); <%= singular_table_name %>
|
51
|
-
end
|
52
48
|
end
|
@@ -8,6 +8,7 @@ class Identity::EmailsTest < ApplicationSystemTestCase
|
|
8
8
|
test "updating the email" do
|
9
9
|
click_on "Change email address"
|
10
10
|
|
11
|
+
fill_in "Current password", with: "Secret1*3*5*"
|
11
12
|
fill_in "New email", with: "new_email@hey.com"
|
12
13
|
click_on "Save changes"
|
13
14
|
|
@@ -22,14 +23,4 @@ class Identity::EmailsTest < ApplicationSystemTestCase
|
|
22
23
|
|
23
24
|
assert_text "We sent a verification email to your email address"
|
24
25
|
end
|
25
|
-
|
26
|
-
def sign_in_as(<%= singular_table_name %>)
|
27
|
-
visit sign_in_url
|
28
|
-
fill_in :email, with: <%= singular_table_name %>.email
|
29
|
-
fill_in :password, with: "Secret1*3*5*"
|
30
|
-
click_on "Sign in"
|
31
|
-
|
32
|
-
assert_current_path root_url
|
33
|
-
return <%= singular_table_name %>
|
34
|
-
end
|
35
26
|
end
|
data/lib/generators/authentication/templates/test_unit/system/identity/password_resets_test.rb.tt
CHANGED
@@ -5,9 +5,6 @@ class Identity::PasswordResetsTest < ApplicationSystemTestCase
|
|
5
5
|
@<%= singular_table_name %> = <%= table_name %>(:lazaro_nixon)
|
6
6
|
@sid = @<%= singular_table_name %>.signed_id(purpose: :password_reset, expires_in: 20.minutes)
|
7
7
|
end
|
8
|
-
<% if options.lockable? %>
|
9
|
-
teardown { Kredis.clear_all }
|
10
|
-
<% end -%>
|
11
8
|
|
12
9
|
test "sending a password reset email" do
|
13
10
|
visit sign_in_url
|
@@ -15,14 +15,4 @@ class PasswordsTest < ApplicationSystemTestCase
|
|
15
15
|
|
16
16
|
assert_text "Your password has been changed"
|
17
17
|
end
|
18
|
-
|
19
|
-
def sign_in_as(<%= singular_table_name %>)
|
20
|
-
visit sign_in_url
|
21
|
-
fill_in :email, with: <%= singular_table_name %>.email
|
22
|
-
fill_in :password, with: "Secret1*3*5*"
|
23
|
-
click_on "Sign in"
|
24
|
-
|
25
|
-
assert_current_path root_url
|
26
|
-
return <%= singular_table_name %>
|
27
|
-
end
|
28
18
|
end
|
@@ -27,14 +27,4 @@ class SessionsTest < ApplicationSystemTestCase
|
|
27
27
|
click_on "Log out"
|
28
28
|
assert_text "That session has been logged out"
|
29
29
|
end
|
30
|
-
|
31
|
-
def sign_in_as(<%= singular_table_name %>)
|
32
|
-
visit sign_in_url
|
33
|
-
fill_in :email, with: <%= singular_table_name %>.email
|
34
|
-
fill_in :password, with: "Secret1*3*5*"
|
35
|
-
click_on "Sign in"
|
36
|
-
|
37
|
-
assert_current_path root_url
|
38
|
-
return <%= singular_table_name %>
|
39
|
-
end
|
40
30
|
end
|
@@ -0,0 +1,22 @@
|
|
1
|
+
ENV["RAILS_ENV"] ||= "test"
|
2
|
+
require_relative "../config/environment"
|
3
|
+
require "rails/test_help"
|
4
|
+
|
5
|
+
class ActiveSupport::TestCase
|
6
|
+
# Run tests in parallel with specified workers
|
7
|
+
parallelize(workers: :number_of_processors)
|
8
|
+
|
9
|
+
# Setup all fixtures in test/fixtures/*.yml for all tests in alphabetical order.
|
10
|
+
fixtures :all
|
11
|
+
|
12
|
+
# Add more helper methods to be used by all tests here...
|
13
|
+
<%- if options.api? -%>
|
14
|
+
def sign_in_as(<%= singular_table_name %>)
|
15
|
+
post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "Secret1*3*5*" }); [<%= singular_table_name %>, response.headers["X-Session-Token"]]
|
16
|
+
end
|
17
|
+
<%- else -%>
|
18
|
+
def sign_in_as(<%= singular_table_name %>)
|
19
|
+
post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "Secret1*3*5*" }); <%= singular_table_name %>
|
20
|
+
end
|
21
|
+
<%- end -%>
|
22
|
+
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: authentication-zero
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.
|
4
|
+
version: 2.11.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Nixon
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2022-03-
|
11
|
+
date: 2022-03-27 00:00:00.000000000 Z
|
12
12
|
dependencies: []
|
13
13
|
description:
|
14
14
|
email:
|
@@ -19,6 +19,7 @@ extra_rdoc_files: []
|
|
19
19
|
files:
|
20
20
|
- ".github/FUNDING.yml"
|
21
21
|
- ".gitignore"
|
22
|
+
- ".rubocop.yml"
|
22
23
|
- CHANGELOG.md
|
23
24
|
- CODE_OF_CONDUCT.md
|
24
25
|
- Gemfile
|
@@ -35,6 +36,7 @@ files:
|
|
35
36
|
- lib/generators/authentication/authentication_generator.rb
|
36
37
|
- lib/generators/authentication/templates/config/initializers/omniauth.rb
|
37
38
|
- lib/generators/authentication/templates/config/redis/shared.yml
|
39
|
+
- lib/generators/authentication/templates/controllers/api/application_controller.rb.tt
|
38
40
|
- lib/generators/authentication/templates/controllers/api/authentications/events_controller.rb.tt
|
39
41
|
- lib/generators/authentication/templates/controllers/api/identity/email_verifications_controller.rb.tt
|
40
42
|
- lib/generators/authentication/templates/controllers/api/identity/emails_controller.rb.tt
|
@@ -43,6 +45,7 @@ files:
|
|
43
45
|
- lib/generators/authentication/templates/controllers/api/registrations_controller.rb.tt
|
44
46
|
- lib/generators/authentication/templates/controllers/api/sessions/sudos_controller.rb.tt
|
45
47
|
- lib/generators/authentication/templates/controllers/api/sessions_controller.rb.tt
|
48
|
+
- lib/generators/authentication/templates/controllers/html/application_controller.rb.tt
|
46
49
|
- lib/generators/authentication/templates/controllers/html/authentications/events_controller.rb.tt
|
47
50
|
- lib/generators/authentication/templates/controllers/html/identity/email_verifications_controller.rb.tt
|
48
51
|
- lib/generators/authentication/templates/controllers/html/identity/emails_controller.rb.tt
|
@@ -52,6 +55,8 @@ files:
|
|
52
55
|
- lib/generators/authentication/templates/controllers/html/sessions/omniauth_controller.rb.tt
|
53
56
|
- lib/generators/authentication/templates/controllers/html/sessions/sudos_controller.rb.tt
|
54
57
|
- lib/generators/authentication/templates/controllers/html/sessions_controller.rb.tt
|
58
|
+
- lib/generators/authentication/templates/controllers/html/two_factor_authentication/challenges_controller.rb.tt
|
59
|
+
- lib/generators/authentication/templates/controllers/html/two_factor_authentication/totps_controller.rb.tt
|
55
60
|
- lib/generators/authentication/templates/erb/authentications/events/index.html.erb
|
56
61
|
- lib/generators/authentication/templates/erb/identity/emails/edit.html.erb.tt
|
57
62
|
- lib/generators/authentication/templates/erb/identity/password_resets/edit.html.erb.tt
|
@@ -67,6 +72,8 @@ files:
|
|
67
72
|
- lib/generators/authentication/templates/erb/sessions/index.html.erb.tt
|
68
73
|
- lib/generators/authentication/templates/erb/sessions/new.html.erb.tt
|
69
74
|
- lib/generators/authentication/templates/erb/sessions/sudos/new.html.erb.tt
|
75
|
+
- lib/generators/authentication/templates/erb/two_factor_authentication/challenges/new.html.erb.tt
|
76
|
+
- lib/generators/authentication/templates/erb/two_factor_authentication/totps/new.html.erb.tt
|
70
77
|
- lib/generators/authentication/templates/mailers/identity_mailer.rb.tt
|
71
78
|
- lib/generators/authentication/templates/mailers/session_mailer.rb.tt
|
72
79
|
- lib/generators/authentication/templates/migrations/create_events_migration.rb.tt
|
@@ -77,27 +84,26 @@ files:
|
|
77
84
|
- lib/generators/authentication/templates/models/locking.rb.tt
|
78
85
|
- lib/generators/authentication/templates/models/model.rb.tt
|
79
86
|
- lib/generators/authentication/templates/models/session.rb.tt
|
87
|
+
- lib/generators/authentication/templates/test_unit/application_system_test_case.rb.tt
|
80
88
|
- lib/generators/authentication/templates/test_unit/controllers/api/identity/email_verifications_controller_test.rb.tt
|
81
89
|
- lib/generators/authentication/templates/test_unit/controllers/api/identity/emails_controller_test.rb.tt
|
82
90
|
- lib/generators/authentication/templates/test_unit/controllers/api/identity/password_resets_controller_test.rb.tt
|
83
91
|
- lib/generators/authentication/templates/test_unit/controllers/api/passwords_controller_test.rb.tt
|
84
92
|
- lib/generators/authentication/templates/test_unit/controllers/api/registrations_controller_test.rb.tt
|
85
|
-
- lib/generators/authentication/templates/test_unit/controllers/api/sessions/sudos_controller_test.rb.tt
|
86
93
|
- lib/generators/authentication/templates/test_unit/controllers/api/sessions_controller_test.rb.tt
|
87
94
|
- lib/generators/authentication/templates/test_unit/controllers/html/identity/email_verifications_controller_test.rb.tt
|
88
95
|
- lib/generators/authentication/templates/test_unit/controllers/html/identity/emails_controller_test.rb.tt
|
89
96
|
- lib/generators/authentication/templates/test_unit/controllers/html/identity/password_resets_controller_test.rb.tt
|
90
97
|
- lib/generators/authentication/templates/test_unit/controllers/html/passwords_controller_test.rb.tt
|
91
98
|
- lib/generators/authentication/templates/test_unit/controllers/html/registrations_controller_test.rb.tt
|
92
|
-
- lib/generators/authentication/templates/test_unit/controllers/html/sessions/sudos_controller_test.rb.tt
|
93
99
|
- lib/generators/authentication/templates/test_unit/controllers/html/sessions_controller_test.rb.tt
|
94
100
|
- lib/generators/authentication/templates/test_unit/fixtures.yml.tt
|
95
101
|
- lib/generators/authentication/templates/test_unit/system/identity/emails_test.rb.tt
|
96
102
|
- lib/generators/authentication/templates/test_unit/system/identity/password_resets_test.rb.tt
|
97
103
|
- lib/generators/authentication/templates/test_unit/system/passwords_test.rb.tt
|
98
104
|
- lib/generators/authentication/templates/test_unit/system/registrations_test.rb.tt
|
99
|
-
- lib/generators/authentication/templates/test_unit/system/sessions/sudos_test.rb.tt
|
100
105
|
- lib/generators/authentication/templates/test_unit/system/sessions_test.rb.tt
|
106
|
+
- lib/generators/authentication/templates/test_unit/test_helper.rb.tt
|
101
107
|
homepage: https://github.com/lazaronixon/authentication-zero
|
102
108
|
licenses:
|
103
109
|
- MIT
|
@@ -1,24 +0,0 @@
|
|
1
|
-
require "test_helper"
|
2
|
-
|
3
|
-
class Sessions::SudosControllerTest < ActionDispatch::IntegrationTest
|
4
|
-
setup do
|
5
|
-
@<%= singular_table_name %>, @token = sign_in_as(<%= table_name %>(:lazaro_nixon))
|
6
|
-
@<%= singular_table_name %>.sessions.last.update! sudo_at: 1.day.ago
|
7
|
-
end
|
8
|
-
|
9
|
-
test "should sudo" do
|
10
|
-
post sessions_sudo_url, params: { password: "Secret1*3*5*" }, headers: { "Authorization" => "Bearer #{@token}" }
|
11
|
-
assert_response :no_content
|
12
|
-
end
|
13
|
-
|
14
|
-
test "should not sudo with wrong password" do
|
15
|
-
post sessions_sudo_url, params: { password: "SecretWrong1*3" }, headers: { "Authorization" => "Bearer #{@token}" }
|
16
|
-
|
17
|
-
assert_response :bad_request
|
18
|
-
assert_equal "The password you entered is incorrect", response.parsed_body["error"]
|
19
|
-
end
|
20
|
-
|
21
|
-
def sign_in_as(<%= singular_table_name %>)
|
22
|
-
post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "Secret1*3*5*" }); [<%= singular_table_name %>, response.headers["X-Session-Token"]]
|
23
|
-
end
|
24
|
-
end
|
@@ -1,26 +0,0 @@
|
|
1
|
-
require "test_helper"
|
2
|
-
|
3
|
-
class Sessions::SudosControllerTest < ActionDispatch::IntegrationTest
|
4
|
-
setup do
|
5
|
-
@<%= singular_table_name %> = sign_in_as(<%= table_name %>(:lazaro_nixon))
|
6
|
-
end
|
7
|
-
|
8
|
-
test "should get new" do
|
9
|
-
get new_sessions_sudo_url(proceed_to_url: edit_password_url)
|
10
|
-
assert_response :success
|
11
|
-
end
|
12
|
-
|
13
|
-
test "should sudo" do
|
14
|
-
post sessions_sudo_url, params: { password: "Secret1*3*5*", proceed_to_url: edit_password_url }
|
15
|
-
assert_redirected_to edit_password_url
|
16
|
-
end
|
17
|
-
|
18
|
-
test "should not sudo with wrong password" do
|
19
|
-
post sessions_sudo_url, params: { password: "SecretWrong1*3", proceed_to_url: edit_password_url }
|
20
|
-
assert_redirected_to new_sessions_sudo_url(proceed_to_url: edit_password_url)
|
21
|
-
end
|
22
|
-
|
23
|
-
def sign_in_as(<%= singular_table_name %>)
|
24
|
-
post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "Secret1*3*5*" }); [<%= singular_table_name %>, response.headers["X-Session-Token"]]
|
25
|
-
end
|
26
|
-
end
|
@@ -1,25 +0,0 @@
|
|
1
|
-
require "application_system_test_case"
|
2
|
-
|
3
|
-
class Sessions::SudosTest < ApplicationSystemTestCase
|
4
|
-
setup do
|
5
|
-
@<%= singular_table_name %> = sign_in_as(<%= table_name %>(:lazaro_nixon))
|
6
|
-
end
|
7
|
-
|
8
|
-
test "executing sudo" do
|
9
|
-
visit new_sessions_sudo_url(proceed_to_url: edit_password_url)
|
10
|
-
fill_in :password, with: "Secret1*3*5*"
|
11
|
-
click_on "Continue"
|
12
|
-
|
13
|
-
assert_selector "h1", text: "Change your password"
|
14
|
-
end
|
15
|
-
|
16
|
-
def sign_in_as(<%= singular_table_name %>)
|
17
|
-
visit sign_in_url
|
18
|
-
fill_in :email, with: <%= singular_table_name %>.email
|
19
|
-
fill_in :password, with: "Secret1*3*5*"
|
20
|
-
click_on "Sign in"
|
21
|
-
|
22
|
-
assert_current_path root_url
|
23
|
-
return <%= singular_table_name %>
|
24
|
-
end
|
25
|
-
end
|