RubyGems - authentication-zero - Versions diffs - 2.5.1 → 2.6.0 - Mend

authentication-zero 2.5.1 → 2.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +4 -0
data/Gemfile.lock +1 -1
data/README.md +1 -0
data/lib/authentication_zero/version.rb +1 -1
data/lib/generators/authentication/authentication_generator.rb +38 -57
metadata +2 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ebb3996aab124c3a79772a894284fcad873a5ae828c76293e5d1cd0906576683
-  data.tar.gz: 9963aeed1729d5eb54a7118f14efd2c6af6e1e8c0e7691ad77ae928df656e035
+  metadata.gz: 1ace4c68009deb2e2a34a3320b53ee2c319d795efd0e22256164b27b774c10df
+  data.tar.gz: c54f843f81f32b9ad20876c6bc2a2aa6417cd493dfeeab67f30606d501c5e776
 SHA512:
-  metadata.gz: 8e80edd0462b08c649c7c09f45534843294b43075ed9eeb8fbe940da43b4aae4b0dc014e21e4d142efe270f7f8477b314eea19859d64a1b1412ee9aed78aa8b8
-  data.tar.gz: 35821b25cb41eeab19dce8e6cbdf4f9435fce558b19a51d40def6ac7b84908212f6d05a82ed852b6d6743ff81b29cd921c6abd83c03f02b991b28ed2e5382f42
+  metadata.gz: 51bea8df73af396e6aeff95c9d89649cec269a753b7e025efbde2ec4c1479b5083a275da54e68206b94a6589e9f86577f97a602bda02f424c2d610dc8d00c916
+  data.tar.gz: 7a779d25f193d024d466ced745649968e50b4cd54fd17a85cffa2cc47f3aec61ef46ba245ec1dc8b728a1d1b52713f108586e99779e77f5ecec0c895bddb300f

data/CHANGELOG.md CHANGED Viewed

@@ -1,3 +1,7 @@
+## Authentication Zero 2.6.0 (March 1, 2022) ##
+* Implemented ratelimit
 ## Authentication Zero 2.5.0 (February 28, 2022) ##
 * Implemented pwned

data/Gemfile.lock CHANGED Viewed

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    authentication-zero (2.5.1)
+    authentication-zero (2.6.0)
 GEM
   remote: https://rubygems.org/

data/README.md CHANGED Viewed

@@ -15,6 +15,7 @@ The purpose of authentication zero is to generate a pre-built authentication sys
 - Reset the user password and send reset instructions
 - Reset the user password only from verified emails
 - Lock sending reset password email after many attempts (--lockable)
+- Rate limiting for your app, 1000 reqs/hour (--ratelimit)
 - Send e-mail notification when your email has been changed
 - Send e-mail notification when someone has logged into your account
 - Manage multiple sessions & devices

data/lib/authentication_zero/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module AuthenticationZero
-  VERSION = "2.5.1"
+  VERSION = "2.6.0"
 end

data/lib/generators/authentication/authentication_generator.rb CHANGED Viewed

@@ -3,53 +3,48 @@ require "rails/generators/active_record"
 class AuthenticationGenerator < Rails::Generators::NamedBase
   include ActiveRecord::Generators::Migration
-  class_option :api, type: :boolean, desc: "Generates API authentication"
-  class_option :lockable, type: :boolean, desc: "Add password reset locking"
-  class_option :pwned, type: :boolean, desc: "Add pwned password validation"
-  class_option :migration, type: :boolean, default: true
-  class_option :test_framework, type: :string, desc: "Test framework to be invoked"
-  class_option :fixture, type: :boolean, default: true
-  class_option :system_tests, type: :string, desc: "Skip system test files"
-  class_option :skip_routes, type: :boolean
+  class_option :api,       type: :boolean, desc: "Generates API authentication"
+  class_option :pwned,     type: :boolean, desc: "Add pwned password validation"
+  class_option :lockable,  type: :boolean, desc: "Add password reset locking"
+  class_option :ratelimit, type: :boolean, desc: "Add request rate limiting"
   source_root File.expand_path("templates", __dir__)
   def add_gems
     uncomment_lines "Gemfile", /"bcrypt"/
-    uncomment_lines "Gemfile", /"redis"/  if options.lockable
-    uncomment_lines "Gemfile", /"kredis"/ if options.lockable
-    gem "pwned", comment: "Use pwned to check if a password has been found in any of the huge data breaches [https://github.com/philnash/pwned]" if options.pwned
+    uncomment_lines "Gemfile", /"redis"/  if options.lockable?
+    uncomment_lines "Gemfile", /"kredis"/ if options.lockable?
+    gem "pwned", comment: "Use Pwned to check if a password has been found in any of the huge data breaches [https://github.com/philnash/pwned]" if options.pwned?
+    gem "rack-ratelimit", group: :production, comment: "Use Rack::Ratelimit to rate limit requests" if options.ratelimit?
   end
-  def create_configuartions
-     copy_file "config/redis/shared.yml", "config/redis/shared.yml" if options.lockable
+  def create_configuration_files
+     copy_file "config/redis/shared.yml", "config/redis/shared.yml" if options.lockable?
+  end
+  def add_environment_configurations
+     ratelimit_code = <<~CODE
+      # Rate limit general requests by IP address in a rate of 1000 requests per hour
+      config.middleware.use(Rack::Ratelimit, name: "General", rate: [1000, 1.hour], logger: Rails.logger, redis: Redis.new) { |env| ActionDispatch::Request.new(env).ip }
+    CODE
+    environment ratelimit_code, env: "production" if options.ratelimit?
   end
   def create_migrations
-    if options.migration
-      migration_template "migrations/create_table_migration.rb", "#{db_migrate_path}/create_#{table_name}.rb"
-      migration_template "migrations/create_sessions_migration.rb", "#{db_migrate_path}/create_sessions.rb"
-    end
+    migration_template "migrations/create_table_migration.rb", "#{db_migrate_path}/create_#{table_name}.rb"
+    migration_template "migrations/create_sessions_migration.rb", "#{db_migrate_path}/create_sessions.rb"
   end
   def create_models
     template "models/model.rb", "app/models/#{file_name}.rb"
     template "models/session.rb", "app/models/session.rb"
     template "models/current.rb", "app/models/current.rb"
-    template "models/locking.rb", "app/models/locking.rb" if options.lockable
+    template "models/locking.rb", "app/models/locking.rb" if options.lockable?
   end
-  hook_for :fixture_replacement
   def create_fixture_file
-    if options.fixture && options.fixture_replacement.nil?
-      template "#{test_framework}/fixtures.yml", "test/fixtures/#{fixture_file_name}.yml"
-    end
+    template "test_unit/fixtures.yml", "test/fixtures/#{fixture_file_name}.yml"
   end
   def add_application_controller_methods
@@ -100,7 +95,7 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
   end
   def create_views
-    if options.api
+    if options.api?
       directory "erb/identity_mailer", "app/views/identity_mailer"
       directory "erb/session_mailer", "app/views/session_mailer"
     else
@@ -113,40 +108,26 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
   end
   def add_routes
-    unless options.skip_routes
-      route "resource :sudo, only: [:new, :create]"
-      route "resource :registration, only: :destroy"
-      route "resource :password_reset, only: [:new, :edit, :create, :update]"
-      route "resource :password, only: [:edit, :update]"
-      route "resource :email_verification, only: [:edit, :create]"
-      route "resource :email, only: [:edit, :update]"
-      route "resources :sessions, only: [:index, :show, :destroy]"
-      route "post 'sign_up', to: 'registrations#create'"
-      route "get 'sign_up', to: 'registrations#new'" unless options.api?
-      route "post 'sign_in', to: 'sessions#create'"
-      route "get 'sign_in', to: 'sessions#new'" unless options.api?
-    end
+    route "resource :sudo, only: [:new, :create]"
+    route "resource :registration, only: :destroy"
+    route "resource :password_reset, only: [:new, :edit, :create, :update]"
+    route "resource :password, only: [:edit, :update]"
+    route "resource :email_verification, only: [:edit, :create]"
+    route "resource :email, only: [:edit, :update]"
+    route "resources :sessions, only: [:index, :show, :destroy]"
+    route "post 'sign_up', to: 'registrations#create'"
+    route "get 'sign_up', to: 'registrations#new'" unless options.api?
+    route "post 'sign_in', to: 'sessions#create'"
+    route "get 'sign_in', to: 'sessions#new'" unless options.api?
   end
   def create_test_files
-    directory "#{test_framework}/controllers/#{format_folder}", "test/controllers"
-    directory "#{system_tests}/system", "test/system" if system_tests?
+    directory "test_unit/controllers/#{format_folder}", "test/controllers"
+    directory "test_unit/system", "test/system" unless options.api?
   end
   private
     def format_folder
-      options.api ? "api" : "html"
-    end
-    def test_framework
-      options.test_framework
-    end
-    def system_tests
-      options.system_tests
-    end
-    def system_tests?
-      !options.api? && options.system_tests
+      options.api? ? "api" : "html"
     end
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: authentication-zero
 version: !ruby/object:Gem::Version
-  version: 2.5.1
+  version: 2.6.0
 platform: ruby
 authors:
 - Nixon
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-02-28 00:00:00.000000000 Z
+date: 2022-03-01 00:00:00.000000000 Z
 dependencies: []
 description:
 email: