authentication-zero 4.0.1 → 4.0.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +14 -0
- data/Gemfile.lock +1 -1
- data/README.md +0 -1
- data/lib/authentication_zero/version.rb +1 -1
- data/lib/generators/authentication/authentication_generator.rb +8 -28
- data/lib/generators/authentication/templates/controllers/html/application_controller.rb.tt +3 -0
- data/lib/generators/authentication/templates/controllers/html/sessions/sudos_controller.rb.tt +1 -1
- data/lib/generators/authentication/templates/migrations/create_sessions_migration.rb.tt +3 -0
- data/lib/generators/authentication/templates/models/session.rb.tt +9 -6
- metadata +2 -3
- data/lib/generators/authentication/templates/config/redis/shared.yml +0 -10
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: a20860b4e4e996ed12ee1f8627c322cee71785051bb58569e8d3694bd8d46860
|
|
4
|
+
data.tar.gz: da8ceac9a2cd8d53028b446fd988b9604bbc6a72ab8f89dfe4cc0442cd0facd7
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 03ba76dae5a7ae6862a45525d43bcbf1ca566b5e5bd1738a743f52a62d5af8c31838381e183d3eb2fd2776a7f909430c6a57746999c9bd4f4ead57bd67ccf6a1
|
|
7
|
+
data.tar.gz: 1d8aad9fc172635ba87cc4f154a25a1da38470967cd8a8e82f344318bf54e95e5a759f0956b38a48092d08ae29d6a626750d6076c45f40f84d96918db5c54f75
|
data/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,19 @@
|
|
|
1
1
|
## New version
|
|
2
2
|
|
|
3
|
+
## Authentication Zero 4.0.3 ##
|
|
4
|
+
|
|
5
|
+
* We don't need to add `config.action_mailer.default_url_options` anymore
|
|
6
|
+
* Make gem add bcrypt more resilient
|
|
7
|
+
|
|
8
|
+
## Authentication Zero 4.0.2 ##
|
|
9
|
+
|
|
10
|
+
* Remove dependency on redis / kredis for sudoable
|
|
11
|
+
* Fix --webauthn option. (add @github/webauthn-json)
|
|
12
|
+
* Update application_controller to rails 8
|
|
13
|
+
* Remove --ratelimit option
|
|
14
|
+
|
|
15
|
+
## Authentication Zero 4.0.1 ##
|
|
16
|
+
|
|
3
17
|
* Remove rate limit from api generator
|
|
4
18
|
|
|
5
19
|
## Authentication Zero 4.0.0 ##
|
data/Gemfile.lock
CHANGED
data/README.md
CHANGED
|
@@ -46,7 +46,6 @@ Since Authentication Zero generates this code into your application instead of b
|
|
|
46
46
|
- Reset the user password and send reset instructions
|
|
47
47
|
- Reset the user password only from verified emails
|
|
48
48
|
- Lock mechanism to prevent email bombing (--lockable)
|
|
49
|
-
- Rate limiting for your app, 1000 reqs/minute (--ratelimit)
|
|
50
49
|
- Send e-mail confirmation when your email has been changed
|
|
51
50
|
- Manage multiple sessions & devices
|
|
52
51
|
- Activity log (--trackable)
|
|
@@ -7,7 +7,6 @@ class AuthenticationGenerator < Rails::Generators::Base
|
|
|
7
7
|
class_option :pwned, type: :boolean, desc: "Add pwned password validation"
|
|
8
8
|
class_option :sudoable, type: :boolean, desc: "Add password request before sensitive data changes"
|
|
9
9
|
class_option :lockable, type: :boolean, desc: "Add password reset locking"
|
|
10
|
-
class_option :ratelimit, type: :boolean, desc: "Add request rate limiting"
|
|
11
10
|
class_option :passwordless, type: :boolean, desc: "Add passwordless sign in"
|
|
12
11
|
class_option :omniauthable, type: :boolean, desc: "Add social login support"
|
|
13
12
|
class_option :trackable, type: :boolean, desc: "Add activity log support"
|
|
@@ -20,15 +19,10 @@ class AuthenticationGenerator < Rails::Generators::Base
|
|
|
20
19
|
source_root File.expand_path("templates", __dir__)
|
|
21
20
|
|
|
22
21
|
def add_gems
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
gem "
|
|
27
|
-
end
|
|
28
|
-
|
|
29
|
-
if redis?
|
|
30
|
-
gem "redis", "~> 4.0", comment: "Use Redis adapter to run additional authentication features"
|
|
31
|
-
gem "kredis", comment: "Use Kredis to get higher-level data types in Redis [https://github.com/rails/kredis]"
|
|
22
|
+
if bcrypt_present?
|
|
23
|
+
uncomment_lines "Gemfile", /gem "bcrypt"/
|
|
24
|
+
else
|
|
25
|
+
gem "bcrypt", "~> 3.1.7", comment: "Use Active Model has_secure_password [https://guides.rubyonrails.org/active_model_basics.html#securepassword]"
|
|
32
26
|
end
|
|
33
27
|
|
|
34
28
|
if options.pwned?
|
|
@@ -50,14 +44,7 @@ class AuthenticationGenerator < Rails::Generators::Base
|
|
|
50
44
|
end
|
|
51
45
|
end
|
|
52
46
|
|
|
53
|
-
def add_environment_configurations
|
|
54
|
-
application "config.action_mailer.default_url_options = { host: \"localhost\", port: 3000 }", env: "development"
|
|
55
|
-
application "config.action_mailer.default_url_options = { host: \"localhost\", port: 3000 }", env: "test"
|
|
56
|
-
environment ratelimit_block, env: "production" if options.ratelimit?
|
|
57
|
-
end
|
|
58
|
-
|
|
59
47
|
def create_configuration_files
|
|
60
|
-
copy_file "config/redis/shared.yml" if redis?
|
|
61
48
|
copy_file "config/initializers/omniauth.rb" if omniauthable?
|
|
62
49
|
copy_file "config/initializers/webauthn.rb" if webauthn?
|
|
63
50
|
end
|
|
@@ -124,8 +111,8 @@ class AuthenticationGenerator < Rails::Generators::Base
|
|
|
124
111
|
def install_javascript
|
|
125
112
|
return unless webauthn?
|
|
126
113
|
copy_file "javascript/controllers/web_authn_controller.js", "app/javascript/controllers/web_authn_controller.js"
|
|
127
|
-
run "bin/importmap pin @rails/request.js" if importmaps?
|
|
128
|
-
run "yarn add @rails/request.js" if node?
|
|
114
|
+
run "bin/importmap pin @rails/request.js @github/webauthn-json" if importmaps?
|
|
115
|
+
run "yarn add @rails/request.js @github/webauthn-json" if node?
|
|
129
116
|
end
|
|
130
117
|
|
|
131
118
|
def create_views
|
|
@@ -258,8 +245,8 @@ class AuthenticationGenerator < Rails::Generators::Base
|
|
|
258
245
|
options.sudoable? && !options.api?
|
|
259
246
|
end
|
|
260
247
|
|
|
261
|
-
def
|
|
262
|
-
|
|
248
|
+
def bcrypt_present?
|
|
249
|
+
File.read("Gemfile").include?('gem "bcrypt"')
|
|
263
250
|
end
|
|
264
251
|
|
|
265
252
|
def importmaps?
|
|
@@ -269,11 +256,4 @@ class AuthenticationGenerator < Rails::Generators::Base
|
|
|
269
256
|
def node?
|
|
270
257
|
Rails.root.join("package.json").exist?
|
|
271
258
|
end
|
|
272
|
-
|
|
273
|
-
def ratelimit_block
|
|
274
|
-
<<~CODE
|
|
275
|
-
# Rate limit general requests by IP address in a rate of 1000 requests per minute
|
|
276
|
-
config.middleware.use(Rack::Ratelimit, name: "General", rate: [1000, 1.minute], redis: Redis.new, logger: Rails.logger) { |env| ActionDispatch::Request.new(env).ip }
|
|
277
|
-
CODE
|
|
278
|
-
end
|
|
279
259
|
end
|
|
@@ -1,4 +1,7 @@
|
|
|
1
1
|
class ApplicationController < ActionController::Base
|
|
2
|
+
# Only allow modern browsers supporting webp images, web push, badges, import maps, CSS nesting, and CSS :has.
|
|
3
|
+
allow_browser versions: :modern
|
|
4
|
+
|
|
2
5
|
before_action :set_current_request_details
|
|
3
6
|
before_action :authenticate
|
|
4
7
|
|
data/lib/generators/authentication/templates/controllers/html/sessions/sudos_controller.rb.tt
CHANGED
|
@@ -6,7 +6,7 @@ class Sessions::SudosController < ApplicationController
|
|
|
6
6
|
session_record = Current.session
|
|
7
7
|
|
|
8
8
|
if session_record.user.authenticate(params[:password])
|
|
9
|
-
session_record.
|
|
9
|
+
session_record.touch(:sudo_at); redirect_to(params[:proceed_to_url])
|
|
10
10
|
else
|
|
11
11
|
redirect_to new_sessions_sudo_path(proceed_to_url: params[:proceed_to_url]), alert: "The password you entered is incorrect"
|
|
12
12
|
end
|
|
@@ -4,6 +4,9 @@ class <%= migration_class_name %> < ActiveRecord::Migration[<%= ActiveRecord::Mi
|
|
|
4
4
|
t.references :user, null: false, foreign_key: true
|
|
5
5
|
t.string :user_agent
|
|
6
6
|
t.string :ip_address
|
|
7
|
+
<%- if sudoable? %>
|
|
8
|
+
t.datetime :sudo_at, null: false
|
|
9
|
+
<%- end -%>
|
|
7
10
|
|
|
8
11
|
t.timestamps
|
|
9
12
|
end
|
|
@@ -1,18 +1,21 @@
|
|
|
1
1
|
class Session < ApplicationRecord
|
|
2
2
|
belongs_to :user
|
|
3
|
-
<%- if sudoable? %>
|
|
4
|
-
kredis_flag :sudo, expires_in: 30.minutes
|
|
5
|
-
<%- end -%>
|
|
6
3
|
|
|
7
4
|
before_create do
|
|
8
5
|
self.user_agent = Current.user_agent
|
|
9
6
|
self.ip_address = Current.ip_address
|
|
7
|
+
<%- if sudoable? %>
|
|
8
|
+
self.sudo_at = Time.current
|
|
9
|
+
<%- end -%>
|
|
10
10
|
end
|
|
11
|
-
<%- if sudoable? %>
|
|
12
|
-
after_create { sudo.mark }
|
|
13
|
-
<%- end -%>
|
|
14
11
|
<%- if options.trackable? %>
|
|
15
12
|
after_create { user.events.create! action: "signed_in" }
|
|
16
13
|
after_destroy { user.events.create! action: "signed_out" }
|
|
17
14
|
<%- end -%>
|
|
15
|
+
<%- if sudoable? %>
|
|
16
|
+
|
|
17
|
+
def sudo?
|
|
18
|
+
sudo_at > 30.minutes.ago
|
|
19
|
+
end
|
|
20
|
+
<%- end -%>
|
|
18
21
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: authentication-zero
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 4.0.
|
|
4
|
+
version: 4.0.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Nixon
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-10-
|
|
11
|
+
date: 2024-10-26 00:00:00.000000000 Z
|
|
12
12
|
dependencies: []
|
|
13
13
|
description:
|
|
14
14
|
email:
|
|
@@ -37,7 +37,6 @@ files:
|
|
|
37
37
|
- lib/generators/authentication/authentication_generator.rb
|
|
38
38
|
- lib/generators/authentication/templates/config/initializers/omniauth.rb
|
|
39
39
|
- lib/generators/authentication/templates/config/initializers/webauthn.rb
|
|
40
|
-
- lib/generators/authentication/templates/config/redis/shared.yml
|
|
41
40
|
- lib/generators/authentication/templates/controllers/api/application_controller.rb.tt
|
|
42
41
|
- lib/generators/authentication/templates/controllers/api/authentications/events_controller.rb.tt
|
|
43
42
|
- lib/generators/authentication/templates/controllers/api/identity/email_verifications_controller.rb.tt
|