authentication-zero 4.0.1 → 4.0.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +14 -0
- data/Gemfile.lock +1 -1
- data/README.md +0 -1
- data/lib/authentication_zero/version.rb +1 -1
- data/lib/generators/authentication/authentication_generator.rb +8 -28
- data/lib/generators/authentication/templates/controllers/html/application_controller.rb.tt +3 -0
- data/lib/generators/authentication/templates/controllers/html/sessions/sudos_controller.rb.tt +1 -1
- data/lib/generators/authentication/templates/migrations/create_sessions_migration.rb.tt +3 -0
- data/lib/generators/authentication/templates/models/session.rb.tt +9 -6
- metadata +2 -3
- data/lib/generators/authentication/templates/config/redis/shared.yml +0 -10
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: a20860b4e4e996ed12ee1f8627c322cee71785051bb58569e8d3694bd8d46860
|
|
4
|
+
data.tar.gz: da8ceac9a2cd8d53028b446fd988b9604bbc6a72ab8f89dfe4cc0442cd0facd7
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 03ba76dae5a7ae6862a45525d43bcbf1ca566b5e5bd1738a743f52a62d5af8c31838381e183d3eb2fd2776a7f909430c6a57746999c9bd4f4ead57bd67ccf6a1
|
|
7
|
+
data.tar.gz: 1d8aad9fc172635ba87cc4f154a25a1da38470967cd8a8e82f344318bf54e95e5a759f0956b38a48092d08ae29d6a626750d6076c45f40f84d96918db5c54f75
|
data/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,19 @@
|
|
|
1
1
|
## New version
|
|
2
2
|
|
|
3
|
+
## Authentication Zero 4.0.3 ##
|
|
4
|
+
|
|
5
|
+
* We don't need to add `config.action_mailer.default_url_options` anymore
|
|
6
|
+
* Make gem add bcrypt more resilient
|
|
7
|
+
|
|
8
|
+
## Authentication Zero 4.0.2 ##
|
|
9
|
+
|
|
10
|
+
* Remove dependency on redis / kredis for sudoable
|
|
11
|
+
* Fix --webauthn option. (add @github/webauthn-json)
|
|
12
|
+
* Update application_controller to rails 8
|
|
13
|
+
* Remove --ratelimit option
|
|
14
|
+
|
|
15
|
+
## Authentication Zero 4.0.1 ##
|
|
16
|
+
|
|
3
17
|
* Remove rate limit from api generator
|
|
4
18
|
|
|
5
19
|
## Authentication Zero 4.0.0 ##
|
data/Gemfile.lock
CHANGED
data/README.md
CHANGED
|
@@ -46,7 +46,6 @@ Since Authentication Zero generates this code into your application instead of b
|
|
|
46
46
|
- Reset the user password and send reset instructions
|
|
47
47
|
- Reset the user password only from verified emails
|
|
48
48
|
- Lock mechanism to prevent email bombing (--lockable)
|
|
49
|
-
- Rate limiting for your app, 1000 reqs/minute (--ratelimit)
|
|
50
49
|
- Send e-mail confirmation when your email has been changed
|
|
51
50
|
- Manage multiple sessions & devices
|
|
52
51
|
- Activity log (--trackable)
|
|
@@ -7,7 +7,6 @@ class AuthenticationGenerator < Rails::Generators::Base
|
|
|
7
7
|
class_option :pwned, type: :boolean, desc: "Add pwned password validation"
|
|
8
8
|
class_option :sudoable, type: :boolean, desc: "Add password request before sensitive data changes"
|
|
9
9
|
class_option :lockable, type: :boolean, desc: "Add password reset locking"
|
|
10
|
-
class_option :ratelimit, type: :boolean, desc: "Add request rate limiting"
|
|
11
10
|
class_option :passwordless, type: :boolean, desc: "Add passwordless sign in"
|
|
12
11
|
class_option :omniauthable, type: :boolean, desc: "Add social login support"
|
|
13
12
|
class_option :trackable, type: :boolean, desc: "Add activity log support"
|
|
@@ -20,15 +19,10 @@ class AuthenticationGenerator < Rails::Generators::Base
|
|
|
20
19
|
source_root File.expand_path("templates", __dir__)
|
|
21
20
|
|
|
22
21
|
def add_gems
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
gem "
|
|
27
|
-
end
|
|
28
|
-
|
|
29
|
-
if redis?
|
|
30
|
-
gem "redis", "~> 4.0", comment: "Use Redis adapter to run additional authentication features"
|
|
31
|
-
gem "kredis", comment: "Use Kredis to get higher-level data types in Redis [https://github.com/rails/kredis]"
|
|
22
|
+
if bcrypt_present?
|
|
23
|
+
uncomment_lines "Gemfile", /gem "bcrypt"/
|
|
24
|
+
else
|
|
25
|
+
gem "bcrypt", "~> 3.1.7", comment: "Use Active Model has_secure_password [https://guides.rubyonrails.org/active_model_basics.html#securepassword]"
|
|
32
26
|
end
|
|
33
27
|
|
|
34
28
|
if options.pwned?
|
|
@@ -50,14 +44,7 @@ class AuthenticationGenerator < Rails::Generators::Base
|
|
|
50
44
|
end
|
|
51
45
|
end
|
|
52
46
|
|
|
53
|
-
def add_environment_configurations
|
|
54
|
-
application "config.action_mailer.default_url_options = { host: \"localhost\", port: 3000 }", env: "development"
|
|
55
|
-
application "config.action_mailer.default_url_options = { host: \"localhost\", port: 3000 }", env: "test"
|
|
56
|
-
environment ratelimit_block, env: "production" if options.ratelimit?
|
|
57
|
-
end
|
|
58
|
-
|
|
59
47
|
def create_configuration_files
|
|
60
|
-
copy_file "config/redis/shared.yml" if redis?
|
|
61
48
|
copy_file "config/initializers/omniauth.rb" if omniauthable?
|
|
62
49
|
copy_file "config/initializers/webauthn.rb" if webauthn?
|
|
63
50
|
end
|
|
@@ -124,8 +111,8 @@ class AuthenticationGenerator < Rails::Generators::Base
|
|
|
124
111
|
def install_javascript
|
|
125
112
|
return unless webauthn?
|
|
126
113
|
copy_file "javascript/controllers/web_authn_controller.js", "app/javascript/controllers/web_authn_controller.js"
|
|
127
|
-
run "bin/importmap pin @rails/request.js" if importmaps?
|
|
128
|
-
run "yarn add @rails/request.js" if node?
|
|
114
|
+
run "bin/importmap pin @rails/request.js @github/webauthn-json" if importmaps?
|
|
115
|
+
run "yarn add @rails/request.js @github/webauthn-json" if node?
|
|
129
116
|
end
|
|
130
117
|
|
|
131
118
|
def create_views
|
|
@@ -258,8 +245,8 @@ class AuthenticationGenerator < Rails::Generators::Base
|
|
|
258
245
|
options.sudoable? && !options.api?
|
|
259
246
|
end
|
|
260
247
|
|
|
261
|
-
def
|
|
262
|
-
|
|
248
|
+
def bcrypt_present?
|
|
249
|
+
File.read("Gemfile").include?('gem "bcrypt"')
|
|
263
250
|
end
|
|
264
251
|
|
|
265
252
|
def importmaps?
|
|
@@ -269,11 +256,4 @@ class AuthenticationGenerator < Rails::Generators::Base
|
|
|
269
256
|
def node?
|
|
270
257
|
Rails.root.join("package.json").exist?
|
|
271
258
|
end
|
|
272
|
-
|
|
273
|
-
def ratelimit_block
|
|
274
|
-
<<~CODE
|
|
275
|
-
# Rate limit general requests by IP address in a rate of 1000 requests per minute
|
|
276
|
-
config.middleware.use(Rack::Ratelimit, name: "General", rate: [1000, 1.minute], redis: Redis.new, logger: Rails.logger) { |env| ActionDispatch::Request.new(env).ip }
|
|
277
|
-
CODE
|
|
278
|
-
end
|
|
279
259
|
end
|
|
@@ -1,4 +1,7 @@
|
|
|
1
1
|
class ApplicationController < ActionController::Base
|
|
2
|
+
# Only allow modern browsers supporting webp images, web push, badges, import maps, CSS nesting, and CSS :has.
|
|
3
|
+
allow_browser versions: :modern
|
|
4
|
+
|
|
2
5
|
before_action :set_current_request_details
|
|
3
6
|
before_action :authenticate
|
|
4
7
|
|
data/lib/generators/authentication/templates/controllers/html/sessions/sudos_controller.rb.tt
CHANGED
|
@@ -6,7 +6,7 @@ class Sessions::SudosController < ApplicationController
|
|
|
6
6
|
session_record = Current.session
|
|
7
7
|
|
|
8
8
|
if session_record.user.authenticate(params[:password])
|
|
9
|
-
session_record.
|
|
9
|
+
session_record.touch(:sudo_at); redirect_to(params[:proceed_to_url])
|
|
10
10
|
else
|
|
11
11
|
redirect_to new_sessions_sudo_path(proceed_to_url: params[:proceed_to_url]), alert: "The password you entered is incorrect"
|
|
12
12
|
end
|
|
@@ -4,6 +4,9 @@ class <%= migration_class_name %> < ActiveRecord::Migration[<%= ActiveRecord::Mi
|
|
|
4
4
|
t.references :user, null: false, foreign_key: true
|
|
5
5
|
t.string :user_agent
|
|
6
6
|
t.string :ip_address
|
|
7
|
+
<%- if sudoable? %>
|
|
8
|
+
t.datetime :sudo_at, null: false
|
|
9
|
+
<%- end -%>
|
|
7
10
|
|
|
8
11
|
t.timestamps
|
|
9
12
|
end
|
|
@@ -1,18 +1,21 @@
|
|
|
1
1
|
class Session < ApplicationRecord
|
|
2
2
|
belongs_to :user
|
|
3
|
-
<%- if sudoable? %>
|
|
4
|
-
kredis_flag :sudo, expires_in: 30.minutes
|
|
5
|
-
<%- end -%>
|
|
6
3
|
|
|
7
4
|
before_create do
|
|
8
5
|
self.user_agent = Current.user_agent
|
|
9
6
|
self.ip_address = Current.ip_address
|
|
7
|
+
<%- if sudoable? %>
|
|
8
|
+
self.sudo_at = Time.current
|
|
9
|
+
<%- end -%>
|
|
10
10
|
end
|
|
11
|
-
<%- if sudoable? %>
|
|
12
|
-
after_create { sudo.mark }
|
|
13
|
-
<%- end -%>
|
|
14
11
|
<%- if options.trackable? %>
|
|
15
12
|
after_create { user.events.create! action: "signed_in" }
|
|
16
13
|
after_destroy { user.events.create! action: "signed_out" }
|
|
17
14
|
<%- end -%>
|
|
15
|
+
<%- if sudoable? %>
|
|
16
|
+
|
|
17
|
+
def sudo?
|
|
18
|
+
sudo_at > 30.minutes.ago
|
|
19
|
+
end
|
|
20
|
+
<%- end -%>
|
|
18
21
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: authentication-zero
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 4.0.
|
|
4
|
+
version: 4.0.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Nixon
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-10-
|
|
11
|
+
date: 2024-10-26 00:00:00.000000000 Z
|
|
12
12
|
dependencies: []
|
|
13
13
|
description:
|
|
14
14
|
email:
|
|
@@ -37,7 +37,6 @@ files:
|
|
|
37
37
|
- lib/generators/authentication/authentication_generator.rb
|
|
38
38
|
- lib/generators/authentication/templates/config/initializers/omniauth.rb
|
|
39
39
|
- lib/generators/authentication/templates/config/initializers/webauthn.rb
|
|
40
|
-
- lib/generators/authentication/templates/config/redis/shared.yml
|
|
41
40
|
- lib/generators/authentication/templates/controllers/api/application_controller.rb.tt
|
|
42
41
|
- lib/generators/authentication/templates/controllers/api/authentications/events_controller.rb.tt
|
|
43
42
|
- lib/generators/authentication/templates/controllers/api/identity/email_verifications_controller.rb.tt
|