authentication-zero 4.0.1 → 4.0.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +7 -0
- data/Gemfile.lock +1 -1
- data/README.md +0 -1
- data/lib/authentication_zero/version.rb +1 -1
- data/lib/generators/authentication/authentication_generator.rb +2 -25
- data/lib/generators/authentication/templates/controllers/html/application_controller.rb.tt +3 -0
- data/lib/generators/authentication/templates/controllers/html/sessions/sudos_controller.rb.tt +1 -1
- data/lib/generators/authentication/templates/migrations/create_sessions_migration.rb.tt +3 -0
- data/lib/generators/authentication/templates/models/session.rb.tt +9 -6
- metadata +2 -3
- data/lib/generators/authentication/templates/config/redis/shared.yml +0 -10
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: a27f54fb7d0351d835f355c5018136265f190a0b55929aa5e9a1ef4572dda2db
|
|
4
|
+
data.tar.gz: 61003cd5539e38851b2de9125cfdc5e94ae73366eb9a0b66514a9fbd8e67a43d
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 6744a2f7059c69e90aefbc6053738f11a44379c37ee443ecb2ebbd4be139615399eef151bf97d9588fa940b516726c8f001b3fcb81eb6458d1a10e1141ee42b3
|
|
7
|
+
data.tar.gz: 5ac18f8698a62505bb9fe8edf8298e077e2cc8a8b2031f285e71e4c8dc5d745bc6545125228dbbed8debe7a98b871485dba9ab98a80f554c29b1b32c46c9874a
|
data/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,12 @@
|
|
|
1
1
|
## New version
|
|
2
2
|
|
|
3
|
+
* Remove dependency on redis / kredis for sudoable
|
|
4
|
+
* Fix --webauthn option. (add @github/webauthn-json)
|
|
5
|
+
* Update application_controller to rails 8
|
|
6
|
+
* Remove --ratelimit option
|
|
7
|
+
|
|
8
|
+
## Authentication Zero 4.0.1 ##
|
|
9
|
+
|
|
3
10
|
* Remove rate limit from api generator
|
|
4
11
|
|
|
5
12
|
## Authentication Zero 4.0.0 ##
|
data/Gemfile.lock
CHANGED
data/README.md
CHANGED
|
@@ -46,7 +46,6 @@ Since Authentication Zero generates this code into your application instead of b
|
|
|
46
46
|
- Reset the user password and send reset instructions
|
|
47
47
|
- Reset the user password only from verified emails
|
|
48
48
|
- Lock mechanism to prevent email bombing (--lockable)
|
|
49
|
-
- Rate limiting for your app, 1000 reqs/minute (--ratelimit)
|
|
50
49
|
- Send e-mail confirmation when your email has been changed
|
|
51
50
|
- Manage multiple sessions & devices
|
|
52
51
|
- Activity log (--trackable)
|
|
@@ -7,7 +7,6 @@ class AuthenticationGenerator < Rails::Generators::Base
|
|
|
7
7
|
class_option :pwned, type: :boolean, desc: "Add pwned password validation"
|
|
8
8
|
class_option :sudoable, type: :boolean, desc: "Add password request before sensitive data changes"
|
|
9
9
|
class_option :lockable, type: :boolean, desc: "Add password reset locking"
|
|
10
|
-
class_option :ratelimit, type: :boolean, desc: "Add request rate limiting"
|
|
11
10
|
class_option :passwordless, type: :boolean, desc: "Add passwordless sign in"
|
|
12
11
|
class_option :omniauthable, type: :boolean, desc: "Add social login support"
|
|
13
12
|
class_option :trackable, type: :boolean, desc: "Add activity log support"
|
|
@@ -22,15 +21,6 @@ class AuthenticationGenerator < Rails::Generators::Base
|
|
|
22
21
|
def add_gems
|
|
23
22
|
gem "bcrypt", "~> 3.1.7", comment: "Use Active Model has_secure_password [https://guides.rubyonrails.org/active_model_basics.html#securepassword]"
|
|
24
23
|
|
|
25
|
-
if options.ratelimit?
|
|
26
|
-
gem "rack-ratelimit", group: :production, comment: "Use Rack::Ratelimit to rate limit requests [https://github.com/jeremy/rack-ratelimit]"
|
|
27
|
-
end
|
|
28
|
-
|
|
29
|
-
if redis?
|
|
30
|
-
gem "redis", "~> 4.0", comment: "Use Redis adapter to run additional authentication features"
|
|
31
|
-
gem "kredis", comment: "Use Kredis to get higher-level data types in Redis [https://github.com/rails/kredis]"
|
|
32
|
-
end
|
|
33
|
-
|
|
34
24
|
if options.pwned?
|
|
35
25
|
gem "pwned", comment: "Use Pwned to check if a password has been found in any of the huge data breaches [https://github.com/philnash/pwned]"
|
|
36
26
|
end
|
|
@@ -53,11 +43,9 @@ class AuthenticationGenerator < Rails::Generators::Base
|
|
|
53
43
|
def add_environment_configurations
|
|
54
44
|
application "config.action_mailer.default_url_options = { host: \"localhost\", port: 3000 }", env: "development"
|
|
55
45
|
application "config.action_mailer.default_url_options = { host: \"localhost\", port: 3000 }", env: "test"
|
|
56
|
-
environment ratelimit_block, env: "production" if options.ratelimit?
|
|
57
46
|
end
|
|
58
47
|
|
|
59
48
|
def create_configuration_files
|
|
60
|
-
copy_file "config/redis/shared.yml" if redis?
|
|
61
49
|
copy_file "config/initializers/omniauth.rb" if omniauthable?
|
|
62
50
|
copy_file "config/initializers/webauthn.rb" if webauthn?
|
|
63
51
|
end
|
|
@@ -124,8 +112,8 @@ class AuthenticationGenerator < Rails::Generators::Base
|
|
|
124
112
|
def install_javascript
|
|
125
113
|
return unless webauthn?
|
|
126
114
|
copy_file "javascript/controllers/web_authn_controller.js", "app/javascript/controllers/web_authn_controller.js"
|
|
127
|
-
run "bin/importmap pin @rails/request.js" if importmaps?
|
|
128
|
-
run "yarn add @rails/request.js" if node?
|
|
115
|
+
run "bin/importmap pin @rails/request.js @github/webauthn-json" if importmaps?
|
|
116
|
+
run "yarn add @rails/request.js @github/webauthn-json" if node?
|
|
129
117
|
end
|
|
130
118
|
|
|
131
119
|
def create_views
|
|
@@ -258,10 +246,6 @@ class AuthenticationGenerator < Rails::Generators::Base
|
|
|
258
246
|
options.sudoable? && !options.api?
|
|
259
247
|
end
|
|
260
248
|
|
|
261
|
-
def redis?
|
|
262
|
-
options.ratelimit? || sudoable?
|
|
263
|
-
end
|
|
264
|
-
|
|
265
249
|
def importmaps?
|
|
266
250
|
Rails.root.join("config/importmap.rb").exist?
|
|
267
251
|
end
|
|
@@ -269,11 +253,4 @@ class AuthenticationGenerator < Rails::Generators::Base
|
|
|
269
253
|
def node?
|
|
270
254
|
Rails.root.join("package.json").exist?
|
|
271
255
|
end
|
|
272
|
-
|
|
273
|
-
def ratelimit_block
|
|
274
|
-
<<~CODE
|
|
275
|
-
# Rate limit general requests by IP address in a rate of 1000 requests per minute
|
|
276
|
-
config.middleware.use(Rack::Ratelimit, name: "General", rate: [1000, 1.minute], redis: Redis.new, logger: Rails.logger) { |env| ActionDispatch::Request.new(env).ip }
|
|
277
|
-
CODE
|
|
278
|
-
end
|
|
279
256
|
end
|
|
@@ -1,4 +1,7 @@
|
|
|
1
1
|
class ApplicationController < ActionController::Base
|
|
2
|
+
# Only allow modern browsers supporting webp images, web push, badges, import maps, CSS nesting, and CSS :has.
|
|
3
|
+
allow_browser versions: :modern
|
|
4
|
+
|
|
2
5
|
before_action :set_current_request_details
|
|
3
6
|
before_action :authenticate
|
|
4
7
|
|
data/lib/generators/authentication/templates/controllers/html/sessions/sudos_controller.rb.tt
CHANGED
|
@@ -6,7 +6,7 @@ class Sessions::SudosController < ApplicationController
|
|
|
6
6
|
session_record = Current.session
|
|
7
7
|
|
|
8
8
|
if session_record.user.authenticate(params[:password])
|
|
9
|
-
session_record.
|
|
9
|
+
session_record.touch(:sudo_at); redirect_to(params[:proceed_to_url])
|
|
10
10
|
else
|
|
11
11
|
redirect_to new_sessions_sudo_path(proceed_to_url: params[:proceed_to_url]), alert: "The password you entered is incorrect"
|
|
12
12
|
end
|
|
@@ -4,6 +4,9 @@ class <%= migration_class_name %> < ActiveRecord::Migration[<%= ActiveRecord::Mi
|
|
|
4
4
|
t.references :user, null: false, foreign_key: true
|
|
5
5
|
t.string :user_agent
|
|
6
6
|
t.string :ip_address
|
|
7
|
+
<%- if sudoable? %>
|
|
8
|
+
t.datetime :sudo_at, null: false
|
|
9
|
+
<%- end -%>
|
|
7
10
|
|
|
8
11
|
t.timestamps
|
|
9
12
|
end
|
|
@@ -1,18 +1,21 @@
|
|
|
1
1
|
class Session < ApplicationRecord
|
|
2
2
|
belongs_to :user
|
|
3
|
-
<%- if sudoable? %>
|
|
4
|
-
kredis_flag :sudo, expires_in: 30.minutes
|
|
5
|
-
<%- end -%>
|
|
6
3
|
|
|
7
4
|
before_create do
|
|
8
5
|
self.user_agent = Current.user_agent
|
|
9
6
|
self.ip_address = Current.ip_address
|
|
7
|
+
<%- if sudoable? %>
|
|
8
|
+
self.sudo_at = Time.current
|
|
9
|
+
<%- end -%>
|
|
10
10
|
end
|
|
11
|
-
<%- if sudoable? %>
|
|
12
|
-
after_create { sudo.mark }
|
|
13
|
-
<%- end -%>
|
|
14
11
|
<%- if options.trackable? %>
|
|
15
12
|
after_create { user.events.create! action: "signed_in" }
|
|
16
13
|
after_destroy { user.events.create! action: "signed_out" }
|
|
17
14
|
<%- end -%>
|
|
15
|
+
<%- if sudoable? %>
|
|
16
|
+
|
|
17
|
+
def sudo?
|
|
18
|
+
sudo_at > 30.minutes.ago
|
|
19
|
+
end
|
|
20
|
+
<%- end -%>
|
|
18
21
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: authentication-zero
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 4.0.
|
|
4
|
+
version: 4.0.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Nixon
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-10-
|
|
11
|
+
date: 2024-10-26 00:00:00.000000000 Z
|
|
12
12
|
dependencies: []
|
|
13
13
|
description:
|
|
14
14
|
email:
|
|
@@ -37,7 +37,6 @@ files:
|
|
|
37
37
|
- lib/generators/authentication/authentication_generator.rb
|
|
38
38
|
- lib/generators/authentication/templates/config/initializers/omniauth.rb
|
|
39
39
|
- lib/generators/authentication/templates/config/initializers/webauthn.rb
|
|
40
|
-
- lib/generators/authentication/templates/config/redis/shared.yml
|
|
41
40
|
- lib/generators/authentication/templates/controllers/api/application_controller.rb.tt
|
|
42
41
|
- lib/generators/authentication/templates/controllers/api/authentications/events_controller.rb.tt
|
|
43
42
|
- lib/generators/authentication/templates/controllers/api/identity/email_verifications_controller.rb.tt
|