authentication-zero 4.0.0 → 4.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.github/workflows/CI.yml +2 -2
- data/CHANGELOG.md +11 -0
- data/Gemfile.lock +1 -1
- data/README.md +1 -2
- data/lib/authentication_zero/version.rb +1 -1
- data/lib/generators/authentication/authentication_generator.rb +3 -26
- data/lib/generators/authentication/templates/controllers/api/identity/password_resets_controller.rb.tt +0 -3
- data/lib/generators/authentication/templates/controllers/html/application_controller.rb.tt +3 -0
- data/lib/generators/authentication/templates/controllers/html/sessions/sudos_controller.rb.tt +1 -1
- data/lib/generators/authentication/templates/migrations/create_sessions_migration.rb.tt +3 -0
- data/lib/generators/authentication/templates/models/session.rb.tt +9 -6
- metadata +2 -3
- data/lib/generators/authentication/templates/config/redis/shared.yml +0 -10
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: a27f54fb7d0351d835f355c5018136265f190a0b55929aa5e9a1ef4572dda2db
|
|
4
|
+
data.tar.gz: 61003cd5539e38851b2de9125cfdc5e94ae73366eb9a0b66514a9fbd8e67a43d
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 6744a2f7059c69e90aefbc6053738f11a44379c37ee443ecb2ebbd4be139615399eef151bf97d9588fa940b516726c8f001b3fcb81eb6458d1a10e1141ee42b3
|
|
7
|
+
data.tar.gz: 5ac18f8698a62505bb9fe8edf8298e077e2cc8a8b2031f285e71e4c8dc5d745bc6545125228dbbed8debe7a98b871485dba9ab98a80f554c29b1b32c46c9874a
|
data/.github/workflows/CI.yml
CHANGED
|
@@ -22,7 +22,7 @@ jobs:
|
|
|
22
22
|
bundler-cache: true
|
|
23
23
|
|
|
24
24
|
- name: Install the latest Rails gem
|
|
25
|
-
run: gem install rails -v "7.1
|
|
25
|
+
run: gem install rails -v "7.2.1"
|
|
26
26
|
|
|
27
27
|
- name: Install Rubocop
|
|
28
28
|
run: gem install rubocop rubocop-performance rubocop-minitest rubocop-packaging rubocop-minitest rubocop-rails
|
|
@@ -65,7 +65,7 @@ jobs:
|
|
|
65
65
|
bundler-cache: true
|
|
66
66
|
|
|
67
67
|
- name: Install the latest Rails gem
|
|
68
|
-
run: gem install rails -v "7.1
|
|
68
|
+
run: gem install rails -v "7.2.1"
|
|
69
69
|
|
|
70
70
|
- name: Install Rubocop
|
|
71
71
|
run: gem install rubocop rubocop-performance rubocop-minitest rubocop-packaging rubocop-minitest rubocop-rails
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,14 @@
|
|
|
1
|
+
## New version
|
|
2
|
+
|
|
3
|
+
* Remove dependency on redis / kredis for sudoable
|
|
4
|
+
* Fix --webauthn option. (add @github/webauthn-json)
|
|
5
|
+
* Update application_controller to rails 8
|
|
6
|
+
* Remove --ratelimit option
|
|
7
|
+
|
|
8
|
+
## Authentication Zero 4.0.1 ##
|
|
9
|
+
|
|
10
|
+
* Remove rate limit from api generator
|
|
11
|
+
|
|
1
12
|
## Authentication Zero 4.0.0 ##
|
|
2
13
|
|
|
3
14
|
* Remove system tests
|
data/Gemfile.lock
CHANGED
data/README.md
CHANGED
|
@@ -8,7 +8,7 @@ The purpose of authentication zero is to generate a pre-built authentication sys
|
|
|
8
8
|
$ bundle add authentication-zero
|
|
9
9
|
```
|
|
10
10
|
|
|
11
|
-
If you are using Rails <
|
|
11
|
+
If you are using Rails < 7.2, you must use version 3.
|
|
12
12
|
|
|
13
13
|
```
|
|
14
14
|
$ bundle add authentication-zero --version "~> 3"
|
|
@@ -46,7 +46,6 @@ Since Authentication Zero generates this code into your application instead of b
|
|
|
46
46
|
- Reset the user password and send reset instructions
|
|
47
47
|
- Reset the user password only from verified emails
|
|
48
48
|
- Lock mechanism to prevent email bombing (--lockable)
|
|
49
|
-
- Rate limiting for your app, 1000 reqs/minute (--ratelimit)
|
|
50
49
|
- Send e-mail confirmation when your email has been changed
|
|
51
50
|
- Manage multiple sessions & devices
|
|
52
51
|
- Activity log (--trackable)
|
|
@@ -7,8 +7,7 @@ class AuthenticationGenerator < Rails::Generators::Base
|
|
|
7
7
|
class_option :pwned, type: :boolean, desc: "Add pwned password validation"
|
|
8
8
|
class_option :sudoable, type: :boolean, desc: "Add password request before sensitive data changes"
|
|
9
9
|
class_option :lockable, type: :boolean, desc: "Add password reset locking"
|
|
10
|
-
class_option :
|
|
11
|
-
class_option :passwordless, type: :boolean, desc: "Add passwordless sign"
|
|
10
|
+
class_option :passwordless, type: :boolean, desc: "Add passwordless sign in"
|
|
12
11
|
class_option :omniauthable, type: :boolean, desc: "Add social login support"
|
|
13
12
|
class_option :trackable, type: :boolean, desc: "Add activity log support"
|
|
14
13
|
class_option :two_factor, type: :boolean, desc: "Add two factor authentication"
|
|
@@ -22,15 +21,6 @@ class AuthenticationGenerator < Rails::Generators::Base
|
|
|
22
21
|
def add_gems
|
|
23
22
|
gem "bcrypt", "~> 3.1.7", comment: "Use Active Model has_secure_password [https://guides.rubyonrails.org/active_model_basics.html#securepassword]"
|
|
24
23
|
|
|
25
|
-
if options.ratelimit?
|
|
26
|
-
gem "rack-ratelimit", group: :production, comment: "Use Rack::Ratelimit to rate limit requests [https://github.com/jeremy/rack-ratelimit]"
|
|
27
|
-
end
|
|
28
|
-
|
|
29
|
-
if redis?
|
|
30
|
-
gem "redis", "~> 4.0", comment: "Use Redis adapter to run additional authentication features"
|
|
31
|
-
gem "kredis", comment: "Use Kredis to get higher-level data types in Redis [https://github.com/rails/kredis]"
|
|
32
|
-
end
|
|
33
|
-
|
|
34
24
|
if options.pwned?
|
|
35
25
|
gem "pwned", comment: "Use Pwned to check if a password has been found in any of the huge data breaches [https://github.com/philnash/pwned]"
|
|
36
26
|
end
|
|
@@ -53,11 +43,9 @@ class AuthenticationGenerator < Rails::Generators::Base
|
|
|
53
43
|
def add_environment_configurations
|
|
54
44
|
application "config.action_mailer.default_url_options = { host: \"localhost\", port: 3000 }", env: "development"
|
|
55
45
|
application "config.action_mailer.default_url_options = { host: \"localhost\", port: 3000 }", env: "test"
|
|
56
|
-
environment ratelimit_block, env: "production" if options.ratelimit?
|
|
57
46
|
end
|
|
58
47
|
|
|
59
48
|
def create_configuration_files
|
|
60
|
-
copy_file "config/redis/shared.yml" if redis?
|
|
61
49
|
copy_file "config/initializers/omniauth.rb" if omniauthable?
|
|
62
50
|
copy_file "config/initializers/webauthn.rb" if webauthn?
|
|
63
51
|
end
|
|
@@ -124,8 +112,8 @@ class AuthenticationGenerator < Rails::Generators::Base
|
|
|
124
112
|
def install_javascript
|
|
125
113
|
return unless webauthn?
|
|
126
114
|
copy_file "javascript/controllers/web_authn_controller.js", "app/javascript/controllers/web_authn_controller.js"
|
|
127
|
-
run "bin/importmap pin @rails/request.js" if importmaps?
|
|
128
|
-
run "yarn add @rails/request.js" if node?
|
|
115
|
+
run "bin/importmap pin @rails/request.js @github/webauthn-json" if importmaps?
|
|
116
|
+
run "yarn add @rails/request.js @github/webauthn-json" if node?
|
|
129
117
|
end
|
|
130
118
|
|
|
131
119
|
def create_views
|
|
@@ -258,10 +246,6 @@ class AuthenticationGenerator < Rails::Generators::Base
|
|
|
258
246
|
options.sudoable? && !options.api?
|
|
259
247
|
end
|
|
260
248
|
|
|
261
|
-
def redis?
|
|
262
|
-
options.ratelimit? || sudoable?
|
|
263
|
-
end
|
|
264
|
-
|
|
265
249
|
def importmaps?
|
|
266
250
|
Rails.root.join("config/importmap.rb").exist?
|
|
267
251
|
end
|
|
@@ -269,11 +253,4 @@ class AuthenticationGenerator < Rails::Generators::Base
|
|
|
269
253
|
def node?
|
|
270
254
|
Rails.root.join("package.json").exist?
|
|
271
255
|
end
|
|
272
|
-
|
|
273
|
-
def ratelimit_block
|
|
274
|
-
<<~CODE
|
|
275
|
-
# Rate limit general requests by IP address in a rate of 1000 requests per minute
|
|
276
|
-
config.middleware.use(Rack::Ratelimit, name: "General", rate: [1000, 1.minute], redis: Redis.new, logger: Rails.logger) { |env| ActionDispatch::Request.new(env).ip }
|
|
277
|
-
CODE
|
|
278
|
-
end
|
|
279
256
|
end
|
|
@@ -1,4 +1,7 @@
|
|
|
1
1
|
class ApplicationController < ActionController::Base
|
|
2
|
+
# Only allow modern browsers supporting webp images, web push, badges, import maps, CSS nesting, and CSS :has.
|
|
3
|
+
allow_browser versions: :modern
|
|
4
|
+
|
|
2
5
|
before_action :set_current_request_details
|
|
3
6
|
before_action :authenticate
|
|
4
7
|
|
data/lib/generators/authentication/templates/controllers/html/sessions/sudos_controller.rb.tt
CHANGED
|
@@ -6,7 +6,7 @@ class Sessions::SudosController < ApplicationController
|
|
|
6
6
|
session_record = Current.session
|
|
7
7
|
|
|
8
8
|
if session_record.user.authenticate(params[:password])
|
|
9
|
-
session_record.
|
|
9
|
+
session_record.touch(:sudo_at); redirect_to(params[:proceed_to_url])
|
|
10
10
|
else
|
|
11
11
|
redirect_to new_sessions_sudo_path(proceed_to_url: params[:proceed_to_url]), alert: "The password you entered is incorrect"
|
|
12
12
|
end
|
|
@@ -4,6 +4,9 @@ class <%= migration_class_name %> < ActiveRecord::Migration[<%= ActiveRecord::Mi
|
|
|
4
4
|
t.references :user, null: false, foreign_key: true
|
|
5
5
|
t.string :user_agent
|
|
6
6
|
t.string :ip_address
|
|
7
|
+
<%- if sudoable? %>
|
|
8
|
+
t.datetime :sudo_at, null: false
|
|
9
|
+
<%- end -%>
|
|
7
10
|
|
|
8
11
|
t.timestamps
|
|
9
12
|
end
|
|
@@ -1,18 +1,21 @@
|
|
|
1
1
|
class Session < ApplicationRecord
|
|
2
2
|
belongs_to :user
|
|
3
|
-
<%- if sudoable? %>
|
|
4
|
-
kredis_flag :sudo, expires_in: 30.minutes
|
|
5
|
-
<%- end -%>
|
|
6
3
|
|
|
7
4
|
before_create do
|
|
8
5
|
self.user_agent = Current.user_agent
|
|
9
6
|
self.ip_address = Current.ip_address
|
|
7
|
+
<%- if sudoable? %>
|
|
8
|
+
self.sudo_at = Time.current
|
|
9
|
+
<%- end -%>
|
|
10
10
|
end
|
|
11
|
-
<%- if sudoable? %>
|
|
12
|
-
after_create { sudo.mark }
|
|
13
|
-
<%- end -%>
|
|
14
11
|
<%- if options.trackable? %>
|
|
15
12
|
after_create { user.events.create! action: "signed_in" }
|
|
16
13
|
after_destroy { user.events.create! action: "signed_out" }
|
|
17
14
|
<%- end -%>
|
|
15
|
+
<%- if sudoable? %>
|
|
16
|
+
|
|
17
|
+
def sudo?
|
|
18
|
+
sudo_at > 30.minutes.ago
|
|
19
|
+
end
|
|
20
|
+
<%- end -%>
|
|
18
21
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: authentication-zero
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 4.0.
|
|
4
|
+
version: 4.0.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Nixon
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-10-
|
|
11
|
+
date: 2024-10-26 00:00:00.000000000 Z
|
|
12
12
|
dependencies: []
|
|
13
13
|
description:
|
|
14
14
|
email:
|
|
@@ -37,7 +37,6 @@ files:
|
|
|
37
37
|
- lib/generators/authentication/authentication_generator.rb
|
|
38
38
|
- lib/generators/authentication/templates/config/initializers/omniauth.rb
|
|
39
39
|
- lib/generators/authentication/templates/config/initializers/webauthn.rb
|
|
40
|
-
- lib/generators/authentication/templates/config/redis/shared.yml
|
|
41
40
|
- lib/generators/authentication/templates/controllers/api/application_controller.rb.tt
|
|
42
41
|
- lib/generators/authentication/templates/controllers/api/authentications/events_controller.rb.tt
|
|
43
42
|
- lib/generators/authentication/templates/controllers/api/identity/email_verifications_controller.rb.tt
|