authentication-zero 3.0.0.alpha1 → 3.0.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/workflows/CI.yml +6 -4
- data/.rubocop.yml +8 -0
- data/Gemfile.lock +1 -1
- data/README.md +9 -1
- data/lib/authentication_zero/version.rb +1 -1
- data/lib/generators/authentication/templates/lib/account_middleware.rb +4 -6
- data/lib/generators/authentication/templates/models/user.rb.tt +0 -1
- data/lib/generators/authentication/templates/test_unit/controllers/html/identity/emails_controller_test.rb.tt +2 -2
- metadata +5 -5
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 92112d3c18d8e744aa40aed7fef55a2d0297e90e1975c2dd8efbcd4197314cd7
|
4
|
+
data.tar.gz: 7ec0f1e5283f8035bdcbcfe0d8d497a618158689fc7c85d550c96ec3324d5d48
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 8b0af8f623956d8cbd08046c2c30e2e3705542b975236585a8420d26d8b7fdb450ddea61abd2b6e67b675c677869126cebfc0c898b7c2d88cde869d0715c72cb
|
7
|
+
data.tar.gz: 5015012ed105a8e4cf26f2a801dda0d91785a99bf45497964f1a806311a5ff822348afa1533209d8c847f2732bfa4d424e59e5854eabb2824a3b16f9b42b9696
|
data/.github/workflows/CI.yml
CHANGED
@@ -18,10 +18,11 @@ jobs:
|
|
18
18
|
- name: Install Ruby and gems
|
19
19
|
uses: ruby/setup-ruby@v1
|
20
20
|
with:
|
21
|
+
ruby-version: "3.2"
|
21
22
|
bundler-cache: true
|
22
23
|
|
23
24
|
- name: Install the latest Rails gem
|
24
|
-
run: gem install rails -v "
|
25
|
+
run: gem install rails -v "7.1.0"
|
25
26
|
|
26
27
|
- name: Install Rubocop
|
27
28
|
run: gem install rubocop rubocop-performance rubocop-minitest rubocop-packaging rubocop-minitest rubocop-rails
|
@@ -31,7 +32,7 @@ jobs:
|
|
31
32
|
|
32
33
|
- name: Create fresh Rails app and run generator
|
33
34
|
run: |
|
34
|
-
rails new test-app --
|
35
|
+
rails new test-app --skip-action-mailbox --skip-action-text --skip-active-storage
|
35
36
|
cp .rubocop.yml test-app/.rubocop.yml
|
36
37
|
cd test-app
|
37
38
|
bundle add authentication-zero --path ..
|
@@ -61,10 +62,11 @@ jobs:
|
|
61
62
|
- name: Install Ruby and gems
|
62
63
|
uses: ruby/setup-ruby@v1
|
63
64
|
with:
|
65
|
+
ruby-version: "3.2"
|
64
66
|
bundler-cache: true
|
65
67
|
|
66
68
|
- name: Install the latest Rails gem
|
67
|
-
run: gem install rails -v "
|
69
|
+
run: gem install rails -v "7.1.0"
|
68
70
|
|
69
71
|
- name: Install Rubocop
|
70
72
|
run: gem install rubocop rubocop-performance rubocop-minitest rubocop-packaging rubocop-minitest rubocop-rails
|
@@ -74,7 +76,7 @@ jobs:
|
|
74
76
|
|
75
77
|
- name: Create fresh Rails app and run generator
|
76
78
|
run: |
|
77
|
-
rails new test-app --
|
79
|
+
rails new test-app --skip-action-mailbox --skip-action-text --skip-active-storage
|
78
80
|
cp .rubocop.yml test-app/.rubocop.yml
|
79
81
|
cd test-app
|
80
82
|
bundle add authentication-zero --path ..
|
data/.rubocop.yml
CHANGED
@@ -4,5 +4,13 @@ Style/HashSyntax:
|
|
4
4
|
Exclude:
|
5
5
|
- Gemfile
|
6
6
|
|
7
|
+
Layout/EmptyLinesAroundBlockBody:
|
8
|
+
Exclude:
|
9
|
+
- Gemfile
|
10
|
+
|
11
|
+
Layout/TrailingWhitespace:
|
12
|
+
Exclude:
|
13
|
+
- config/initializers/filter_parameter_logging.rb
|
14
|
+
|
7
15
|
Style/FrozenStringLiteralComment:
|
8
16
|
Enabled: false
|
data/Gemfile.lock
CHANGED
data/README.md
CHANGED
@@ -5,7 +5,13 @@ The purpose of authentication zero is to generate a pre-built authentication sys
|
|
5
5
|
## Installation
|
6
6
|
|
7
7
|
```
|
8
|
-
$ bundle add authentication-zero
|
8
|
+
$ bundle add authentication-zero
|
9
|
+
```
|
10
|
+
|
11
|
+
If you are using Rails < 7.1, you must use version 2.
|
12
|
+
|
13
|
+
```
|
14
|
+
$ bundle add authentication-zero --version "~> 2"
|
9
15
|
```
|
10
16
|
|
11
17
|
## Usage
|
@@ -51,6 +57,8 @@ Since Authentication Zero generates this code into your application instead of b
|
|
51
57
|
## Generated code
|
52
58
|
|
53
59
|
- [has_secure_password](https://api.rubyonrails.org/classes/ActiveModel/SecurePassword/ClassMethods.html#method-i-has_secure_password): Adds methods to set and authenticate against a bcrypt password.
|
60
|
+
- [authenticate_by](https://edgeapi.rubyonrails.org/classes/ActiveRecord/SecurePassword/ClassMethods.html#method-i-authenticate_by): Given a set of attributes, finds a record using the non-password attributes, and then authenticates that record using the password attributes.
|
61
|
+
- [generates_token_for](https://edgeapi.rubyonrails.org/classes/ActiveRecord/TokenFor/ClassMethods.html#method-i-generates_token_for): Defines the behavior of tokens generated for a specific purpose.
|
54
62
|
- [signed cookies](https://api.rubyonrails.org/classes/ActionDispatch/Cookies.html): Returns a jar that'll automatically generate a signed representation of cookie value and verify it when reading from the cookie again.
|
55
63
|
- [httponly cookies](https://api.rubyonrails.org/classes/ActionDispatch/Cookies.html): A cookie with the httponly attribute is inaccessible to the JavaScript, this precaution helps mitigate cross-site scripting (XSS) attacks.
|
56
64
|
- [signed_id](https://api.rubyonrails.org/classes/ActiveRecord/SignedId.html): Returns a signed id that is tamper proof, so it's safe to send in an email or otherwise share with the outside world.
|
@@ -6,13 +6,11 @@ class AccountMiddleware
|
|
6
6
|
def call(env)
|
7
7
|
request = ActionDispatch::Request.new(env)
|
8
8
|
|
9
|
-
|
10
|
-
|
11
|
-
|
9
|
+
if m = /\A(\/(\d{1,}))/.match(request.path_info)
|
10
|
+
script_name, account_id, path_info = [m[1], m[2], m.post_match]
|
11
|
+
request.script_name = script_name
|
12
|
+
request.path_info = path_info.presence || "/"
|
12
13
|
set_current_account(account_id)
|
13
|
-
|
14
|
-
request.script_name = "/#{account_id}"
|
15
|
-
request.path_info = "/#{request_path}"
|
16
14
|
@app.call(request.env)
|
17
15
|
else
|
18
16
|
@app.call(request.env)
|
@@ -16,8 +16,8 @@ class Identity::EmailsControllerTest < ActionDispatch::IntegrationTest
|
|
16
16
|
end
|
17
17
|
|
18
18
|
|
19
|
-
test "should not update
|
20
|
-
patch
|
19
|
+
test "should not update email with wrong password challenge" do
|
20
|
+
patch identity_email_url, params: { email: "new_email@hey.com", password_challenge: "SecretWrong1*3" }
|
21
21
|
|
22
22
|
assert_response :unprocessable_entity
|
23
23
|
assert_select "li", /Password challenge is invalid/
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: authentication-zero
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 3.0.
|
4
|
+
version: 3.0.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Nixon
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2023-
|
11
|
+
date: 2023-10-14 00:00:00.000000000 Z
|
12
12
|
dependencies: []
|
13
13
|
description:
|
14
14
|
email:
|
@@ -152,11 +152,11 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
152
152
|
version: '0'
|
153
153
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
154
154
|
requirements:
|
155
|
-
- - "
|
155
|
+
- - ">="
|
156
156
|
- !ruby/object:Gem::Version
|
157
|
-
version:
|
157
|
+
version: '0'
|
158
158
|
requirements: []
|
159
|
-
rubygems_version: 3.4.
|
159
|
+
rubygems_version: 3.4.20
|
160
160
|
signing_key:
|
161
161
|
specification_version: 4
|
162
162
|
summary: An authentication system generator for Rails applications
|