authentication-zero 2.16.36 → 3.0.0.alpha1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.github/workflows/CI.yml +2 -3
- data/CHANGELOG.md +7 -0
- data/Gemfile.lock +1 -1
- data/README.md +1 -1
- data/lib/authentication_zero/version.rb +1 -1
- data/lib/generators/authentication/authentication_generator.rb +0 -4
- data/lib/generators/authentication/templates/controllers/api/identity/email_verifications_controller.rb.tt +1 -1
- data/lib/generators/authentication/templates/controllers/api/identity/emails_controller.rb.tt +5 -3
- data/lib/generators/authentication/templates/controllers/api/identity/password_resets_controller.rb.tt +2 -6
- data/lib/generators/authentication/templates/controllers/api/passwords_controller.rb.tt +2 -4
- data/lib/generators/authentication/templates/controllers/api/sessions_controller.rb.tt +1 -3
- data/lib/generators/authentication/templates/controllers/html/identity/email_verifications_controller.rb.tt +1 -1
- data/lib/generators/authentication/templates/controllers/html/identity/emails_controller.rb.tt +5 -3
- data/lib/generators/authentication/templates/controllers/html/identity/password_resets_controller.rb.tt +2 -6
- data/lib/generators/authentication/templates/controllers/html/passwords_controller.rb.tt +2 -4
- data/lib/generators/authentication/templates/controllers/html/sessions_controller.rb.tt +1 -3
- data/lib/generators/authentication/templates/erb/identity/emails/edit.html.erb.tt +2 -2
- data/lib/generators/authentication/templates/erb/passwords/edit.html.erb.tt +2 -2
- data/lib/generators/authentication/templates/mailers/user_mailer.rb.tt +3 -3
- data/lib/generators/authentication/templates/models/user.rb.tt +5 -5
- data/lib/generators/authentication/templates/test_unit/controllers/api/identity/email_verifications_controller_test.rb.tt +7 -4
- data/lib/generators/authentication/templates/test_unit/controllers/api/identity/emails_controller_test.rb.tt +5 -5
- data/lib/generators/authentication/templates/test_unit/controllers/api/identity/password_resets_controller_test.rb.tt +8 -5
- data/lib/generators/authentication/templates/test_unit/controllers/api/passwords_controller_test.rb.tt +5 -5
- data/lib/generators/authentication/templates/test_unit/controllers/html/identity/email_verifications_controller_test.rb.tt +6 -4
- data/lib/generators/authentication/templates/test_unit/controllers/html/identity/emails_controller_test.rb.tt +6 -5
- data/lib/generators/authentication/templates/test_unit/controllers/html/identity/password_resets_controller_test.rb.tt +8 -5
- data/lib/generators/authentication/templates/test_unit/controllers/html/passwords_controller_test.rb.tt +5 -5
- data/lib/generators/authentication/templates/test_unit/system/identity/emails_test.rb.tt +1 -1
- data/lib/generators/authentication/templates/test_unit/system/identity/password_resets_test.rb.tt +1 -1
- data/lib/generators/authentication/templates/test_unit/system/passwords_test.rb.tt +1 -1
- metadata +4 -8
- data/lib/generators/authentication/templates/migrations/create_email_verification_tokens_migration.rb.tt +0 -7
- data/lib/generators/authentication/templates/migrations/create_password_reset_tokens_migration.rb.tt +0 -7
- data/lib/generators/authentication/templates/models/email_verification_token.rb.tt +0 -3
- data/lib/generators/authentication/templates/models/password_reset_token.rb.tt +0 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: a1c102d5a72628c6d1ffbe5d5e7724b5e0ffdfe52259754d4f39c09bd900622a
|
|
4
|
+
data.tar.gz: 679af3cd9f3120b50a46abb4e460eac87612116f21bb182456c76de3010a8e5f
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 778ea21bb5f23e80f16a773cd095146737eb646d5688fe238a4eb6604b234230c092ecf85af31c6e15dbddb3934d936a582307651a4e6737280fbaa03715247b
|
|
7
|
+
data.tar.gz: 9e42dcc5bd6ff6dbc4731326f3c25555e90c26c37e683e1666b0de862276615ef0235e4dc03991ce66e94a95460bcdaff315d0293dbd82eaf5eb04c8e5dbb48b
|
data/.github/workflows/CI.yml
CHANGED
|
@@ -31,7 +31,7 @@ jobs:
|
|
|
31
31
|
|
|
32
32
|
- name: Create fresh Rails app and run generator
|
|
33
33
|
run: |
|
|
34
|
-
rails new test-app
|
|
34
|
+
rails new test-app --main
|
|
35
35
|
cp .rubocop.yml test-app/.rubocop.yml
|
|
36
36
|
cd test-app
|
|
37
37
|
bundle add authentication-zero --path ..
|
|
@@ -74,7 +74,7 @@ jobs:
|
|
|
74
74
|
|
|
75
75
|
- name: Create fresh Rails app and run generator
|
|
76
76
|
run: |
|
|
77
|
-
rails new test-app
|
|
77
|
+
rails new test-app --main
|
|
78
78
|
cp .rubocop.yml test-app/.rubocop.yml
|
|
79
79
|
cd test-app
|
|
80
80
|
bundle add authentication-zero --path ..
|
|
@@ -90,4 +90,3 @@ jobs:
|
|
|
90
90
|
|
|
91
91
|
- name: Tests
|
|
92
92
|
run: cd test-app && bin/rails test
|
|
93
|
-
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,10 @@
|
|
|
1
|
+
## Authentication Zero 3.0.0 ##
|
|
2
|
+
|
|
3
|
+
* Use the new normalizes API
|
|
4
|
+
* Use the new password_challenge API
|
|
5
|
+
* Use the new authenticate_by API
|
|
6
|
+
* Use the new generates_token_for API
|
|
7
|
+
|
|
1
8
|
## Authentication Zero 2.16.35 ##
|
|
2
9
|
|
|
3
10
|
* Adjust relationship so that account has many users
|
data/Gemfile.lock
CHANGED
data/README.md
CHANGED
|
@@ -70,8 +70,6 @@ class AuthenticationGenerator < Rails::Generators::Base
|
|
|
70
70
|
migration_template "migrations/create_accounts_migration.rb", "#{db_migrate_path}/create_accounts_migration.rb" if options.tenantable?
|
|
71
71
|
migration_template "migrations/create_users_migration.rb", "#{db_migrate_path}/create_users.rb"
|
|
72
72
|
migration_template "migrations/create_sessions_migration.rb", "#{db_migrate_path}/create_sessions.rb"
|
|
73
|
-
migration_template "migrations/create_password_reset_tokens_migration.rb", "#{db_migrate_path}/create_password_reset_tokens.rb"
|
|
74
|
-
migration_template "migrations/create_email_verification_tokens_migration.rb", "#{db_migrate_path}/create_email_verification_tokens.rb"
|
|
75
73
|
migration_template "migrations/create_events_migration.rb", "#{db_migrate_path}/create_events.rb" if options.trackable?
|
|
76
74
|
migration_template "migrations/create_recovery_codes_migration.rb", "#{db_migrate_path}/create_recovery_codes.rb" if two_factor?
|
|
77
75
|
migration_template "migrations/create_security_keys_migration.rb", "#{db_migrate_path}/create_security_keys.rb" if webauthn?
|
|
@@ -83,9 +81,7 @@ class AuthenticationGenerator < Rails::Generators::Base
|
|
|
83
81
|
|
|
84
82
|
template "models/account.rb", "app/models/account.rb" if options.tenantable?
|
|
85
83
|
template "models/current.rb", "app/models/current.rb"
|
|
86
|
-
template "models/email_verification_token.rb", "app/models/email_verification_token.rb"
|
|
87
84
|
template "models/event.rb", "app/models/event.rb" if options.trackable?
|
|
88
|
-
template "models/password_reset_token.rb", "app/models/password_reset_token.rb"
|
|
89
85
|
template "models/recovery_code.rb", "app/models/recovery_code.rb" if two_factor?
|
|
90
86
|
template "models/security_key.rb", "app/models/security_key.rb" if webauthn?
|
|
91
87
|
template "models/session.rb", "app/models/session.rb"
|
|
@@ -13,7 +13,7 @@ class Identity::EmailVerificationsController < ApplicationController
|
|
|
13
13
|
|
|
14
14
|
private
|
|
15
15
|
def set_user
|
|
16
|
-
|
|
16
|
+
@user = User.find_by_token_for!(:email_verification, params[:sid])
|
|
17
17
|
rescue StandardError
|
|
18
18
|
render json: { error: "That email verification link is invalid" }, status: :bad_request
|
|
19
19
|
end
|
data/lib/generators/authentication/templates/controllers/api/identity/emails_controller.rb.tt
CHANGED
|
@@ -2,9 +2,7 @@ class Identity::EmailsController < ApplicationController
|
|
|
2
2
|
before_action :set_user
|
|
3
3
|
|
|
4
4
|
def update
|
|
5
|
-
if
|
|
6
|
-
render json: { error: "The password you entered is incorrect" }, status: :bad_request
|
|
7
|
-
elsif @user.update(email: params[:email])
|
|
5
|
+
if @user.update(user_params)
|
|
8
6
|
render_show
|
|
9
7
|
else
|
|
10
8
|
render json: @user.errors, status: :unprocessable_entity
|
|
@@ -16,6 +14,10 @@ class Identity::EmailsController < ApplicationController
|
|
|
16
14
|
@user = Current.user
|
|
17
15
|
end
|
|
18
16
|
|
|
17
|
+
def user_params
|
|
18
|
+
params.permit(:email, :password_challenge).with_defaults(password_challenge: "")
|
|
19
|
+
end
|
|
20
|
+
|
|
19
21
|
def render_show
|
|
20
22
|
if @user.email_previously_changed?
|
|
21
23
|
resend_email_verification; render(json: @user)
|
|
@@ -20,7 +20,7 @@ class Identity::PasswordResetsController < ApplicationController
|
|
|
20
20
|
|
|
21
21
|
def update
|
|
22
22
|
if @user.update(user_params)
|
|
23
|
-
|
|
23
|
+
render json: @user
|
|
24
24
|
else
|
|
25
25
|
render json: @user.errors, status: :unprocessable_entity
|
|
26
26
|
end
|
|
@@ -28,7 +28,7 @@ class Identity::PasswordResetsController < ApplicationController
|
|
|
28
28
|
|
|
29
29
|
private
|
|
30
30
|
def set_user
|
|
31
|
-
|
|
31
|
+
@user = User.find_by_token_for!(:password_reset, params[:sid])
|
|
32
32
|
rescue StandardError
|
|
33
33
|
render json: { error: "That password reset link is invalid" }, status: :bad_request
|
|
34
34
|
end
|
|
@@ -36,8 +36,4 @@ class Identity::PasswordResetsController < ApplicationController
|
|
|
36
36
|
def user_params
|
|
37
37
|
params.permit(:password, :password_confirmation)
|
|
38
38
|
end
|
|
39
|
-
|
|
40
|
-
def revoke_tokens
|
|
41
|
-
@user.password_reset_tokens.delete_all
|
|
42
|
-
end
|
|
43
39
|
end
|
|
@@ -2,9 +2,7 @@ class PasswordsController < ApplicationController
|
|
|
2
2
|
before_action :set_user
|
|
3
3
|
|
|
4
4
|
def update
|
|
5
|
-
if
|
|
6
|
-
render json: { error: "The current password you entered is incorrect" }, status: :bad_request
|
|
7
|
-
elsif @user.update(user_params)
|
|
5
|
+
if @user.update(user_params)
|
|
8
6
|
render json: @user
|
|
9
7
|
else
|
|
10
8
|
render json: @user.errors, status: :unprocessable_entity
|
|
@@ -17,6 +15,6 @@ class PasswordsController < ApplicationController
|
|
|
17
15
|
end
|
|
18
16
|
|
|
19
17
|
def user_params
|
|
20
|
-
params.permit(:password, :password_confirmation)
|
|
18
|
+
params.permit(:password, :password_confirmation, :password_challenge).with_defaults(password_challenge: "")
|
|
21
19
|
end
|
|
22
20
|
end
|
|
@@ -12,9 +12,7 @@ class SessionsController < ApplicationController
|
|
|
12
12
|
end
|
|
13
13
|
|
|
14
14
|
def create
|
|
15
|
-
user = User.
|
|
16
|
-
|
|
17
|
-
if user && user.authenticate(params[:password])
|
|
15
|
+
if user = User.authenticate_by(email: params[:email], password: params[:password])
|
|
18
16
|
@session = user.sessions.create!
|
|
19
17
|
response.set_header "X-Session-Token", @session.signed_id
|
|
20
18
|
|
|
@@ -15,7 +15,7 @@ class Identity::EmailVerificationsController < ApplicationController
|
|
|
15
15
|
|
|
16
16
|
private
|
|
17
17
|
def set_user
|
|
18
|
-
|
|
18
|
+
@user = User.find_by_token_for!(:email_verification, params[:sid])
|
|
19
19
|
rescue StandardError
|
|
20
20
|
redirect_to edit_identity_email_path, alert: "That email verification link is invalid"
|
|
21
21
|
end
|
data/lib/generators/authentication/templates/controllers/html/identity/emails_controller.rb.tt
CHANGED
|
@@ -5,9 +5,7 @@ class Identity::EmailsController < ApplicationController
|
|
|
5
5
|
end
|
|
6
6
|
|
|
7
7
|
def update
|
|
8
|
-
if
|
|
9
|
-
redirect_to edit_identity_email_path, alert: "The password you entered is incorrect"
|
|
10
|
-
elsif @user.update(email: params[:email])
|
|
8
|
+
if @user.update(user_params)
|
|
11
9
|
redirect_to_root
|
|
12
10
|
else
|
|
13
11
|
render :edit, status: :unprocessable_entity
|
|
@@ -19,6 +17,10 @@ class Identity::EmailsController < ApplicationController
|
|
|
19
17
|
@user = Current.user
|
|
20
18
|
end
|
|
21
19
|
|
|
20
|
+
def user_params
|
|
21
|
+
params.permit(:email, :password_challenge).with_defaults(password_challenge: "")
|
|
22
|
+
end
|
|
23
|
+
|
|
22
24
|
def redirect_to_root
|
|
23
25
|
if @user.email_previously_changed?
|
|
24
26
|
resend_email_verification
|
|
@@ -23,7 +23,7 @@ class Identity::PasswordResetsController < ApplicationController
|
|
|
23
23
|
|
|
24
24
|
def update
|
|
25
25
|
if @user.update(user_params)
|
|
26
|
-
|
|
26
|
+
redirect_to sign_in_path, notice: "Your password was reset successfully. Please sign in"
|
|
27
27
|
else
|
|
28
28
|
render :edit, status: :unprocessable_entity
|
|
29
29
|
end
|
|
@@ -31,7 +31,7 @@ class Identity::PasswordResetsController < ApplicationController
|
|
|
31
31
|
|
|
32
32
|
private
|
|
33
33
|
def set_user
|
|
34
|
-
|
|
34
|
+
@user = User.find_by_token_for!(:password_reset, params[:sid])
|
|
35
35
|
rescue StandardError
|
|
36
36
|
redirect_to new_identity_password_reset_path, alert: "That password reset link is invalid"
|
|
37
37
|
end
|
|
@@ -43,8 +43,4 @@ class Identity::PasswordResetsController < ApplicationController
|
|
|
43
43
|
def send_password_reset_email
|
|
44
44
|
UserMailer.with(user: @user).password_reset.deliver_later
|
|
45
45
|
end
|
|
46
|
-
|
|
47
|
-
def revoke_tokens
|
|
48
|
-
@user.password_reset_tokens.delete_all
|
|
49
|
-
end
|
|
50
46
|
end
|
|
@@ -5,9 +5,7 @@ class PasswordsController < ApplicationController
|
|
|
5
5
|
end
|
|
6
6
|
|
|
7
7
|
def update
|
|
8
|
-
if
|
|
9
|
-
redirect_to edit_password_path, alert: "The current password you entered is incorrect"
|
|
10
|
-
elsif @user.update(user_params)
|
|
8
|
+
if @user.update(user_params)
|
|
11
9
|
redirect_to root_path, notice: "Your password has been changed"
|
|
12
10
|
else
|
|
13
11
|
render :edit, status: :unprocessable_entity
|
|
@@ -20,6 +18,6 @@ class PasswordsController < ApplicationController
|
|
|
20
18
|
end
|
|
21
19
|
|
|
22
20
|
def user_params
|
|
23
|
-
params.permit(:password, :password_confirmation)
|
|
21
|
+
params.permit(:password, :password_confirmation, :password_challenge).with_defaults(password_challenge: "")
|
|
24
22
|
end
|
|
25
23
|
end
|
|
@@ -11,9 +11,7 @@ class SessionsController < ApplicationController
|
|
|
11
11
|
end
|
|
12
12
|
|
|
13
13
|
def create
|
|
14
|
-
user = User.
|
|
15
|
-
|
|
16
|
-
if user && user.authenticate(params[:password])
|
|
14
|
+
if user = User.authenticate_by(email: params[:email], password: params[:password])
|
|
17
15
|
<%- if two_factor? -%>
|
|
18
16
|
if user.otp_required_for_sign_in?
|
|
19
17
|
session[:challenge_token] = user.signed_id(purpose: :authentication_challenge, expires_in: 20.minutes)
|
|
@@ -27,8 +27,8 @@
|
|
|
27
27
|
</div>
|
|
28
28
|
|
|
29
29
|
<div>
|
|
30
|
-
<%%= form.label :
|
|
31
|
-
<%%= form.password_field :
|
|
30
|
+
<%%= form.label :password_challenge, style: "display: block" %>
|
|
31
|
+
<%%= form.password_field :password_challenge, required: true, autocomplete: "current-password" %>
|
|
32
32
|
</div>
|
|
33
33
|
|
|
34
34
|
<div>
|
|
@@ -16,8 +16,8 @@
|
|
|
16
16
|
<%% end %>
|
|
17
17
|
|
|
18
18
|
<div>
|
|
19
|
-
<%%= form.label :
|
|
20
|
-
<%%= form.password_field :
|
|
19
|
+
<%%= form.label :password_challenge, style: "display: block" %>
|
|
20
|
+
<%%= form.password_field :password_challenge, required: true, autofocus: true, autocomplete: "current-password" %>
|
|
21
21
|
</div>
|
|
22
22
|
|
|
23
23
|
<div>
|
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
class UserMailer < ApplicationMailer
|
|
2
2
|
def password_reset
|
|
3
3
|
@user = params[:user]
|
|
4
|
-
@signed_id = @user.
|
|
4
|
+
@signed_id = @user.generate_token_for(:password_reset)
|
|
5
5
|
|
|
6
6
|
mail to: @user.email, subject: "Reset your password"
|
|
7
7
|
end
|
|
8
8
|
|
|
9
9
|
def email_verification
|
|
10
10
|
@user = params[:user]
|
|
11
|
-
@signed_id = @user.
|
|
11
|
+
@signed_id = @user.generate_token_for(:email_verification)
|
|
12
12
|
|
|
13
13
|
mail to: @user.email, subject: "Verify your email"
|
|
14
14
|
end
|
|
@@ -23,7 +23,7 @@ class UserMailer < ApplicationMailer
|
|
|
23
23
|
<%- if invitable? %>
|
|
24
24
|
def invitation_instructions
|
|
25
25
|
@user = params[:user]
|
|
26
|
-
@signed_id = @user.
|
|
26
|
+
@signed_id = @user.generate_token_for(:password_reset)
|
|
27
27
|
|
|
28
28
|
mail to: @user.email, subject: "Invitation instructions"
|
|
29
29
|
end
|
|
@@ -1,11 +1,13 @@
|
|
|
1
1
|
class User < ApplicationRecord
|
|
2
2
|
has_secure_password
|
|
3
|
+
|
|
4
|
+
generates_token_for :email_verification, expires_in: 2.days { email }
|
|
5
|
+
generates_token_for :password_reset, expires_in: 20.minutes { password_salt.last(10) }
|
|
6
|
+
|
|
3
7
|
<%- if options.tenantable? %>
|
|
4
8
|
belongs_to :account
|
|
5
9
|
<%- end -%>
|
|
6
10
|
|
|
7
|
-
has_many :email_verification_tokens, dependent: :destroy
|
|
8
|
-
has_many :password_reset_tokens, dependent: :destroy
|
|
9
11
|
has_many :sessions, dependent: :destroy
|
|
10
12
|
<%- if two_factor? -%>
|
|
11
13
|
has_many :recovery_codes, dependent: :destroy
|
|
@@ -26,9 +28,7 @@ class User < ApplicationRecord
|
|
|
26
28
|
validates :password, not_pwned: { message: "might easily be guessed" }
|
|
27
29
|
<%- end -%>
|
|
28
30
|
|
|
29
|
-
|
|
30
|
-
self.email = email.downcase.strip
|
|
31
|
-
end
|
|
31
|
+
normalizes :email, with: -> { _1.strip.downcase }
|
|
32
32
|
|
|
33
33
|
before_validation if: :email_changed?, on: :update do
|
|
34
34
|
self.verified = false
|
|
@@ -11,7 +11,7 @@ class Identity::EmailVerificationsControllerTest < ActionDispatch::IntegrationTe
|
|
|
11
11
|
end
|
|
12
12
|
|
|
13
13
|
test "should send a verification email" do
|
|
14
|
-
assert_enqueued_email_with UserMailer, :email_verification,
|
|
14
|
+
assert_enqueued_email_with UserMailer, :email_verification, params: { user: @user } do
|
|
15
15
|
post identity_email_verification_url, headers: default_headers
|
|
16
16
|
end
|
|
17
17
|
|
|
@@ -19,16 +19,19 @@ class Identity::EmailVerificationsControllerTest < ActionDispatch::IntegrationTe
|
|
|
19
19
|
end
|
|
20
20
|
|
|
21
21
|
test "should verify email" do
|
|
22
|
-
sid = @user.
|
|
22
|
+
sid = @user.generate_token_for(:email_verification)
|
|
23
23
|
|
|
24
24
|
get identity_email_verification_url, params: { sid: sid }, headers: default_headers
|
|
25
25
|
assert_response :no_content
|
|
26
26
|
end
|
|
27
27
|
|
|
28
28
|
test "should not verify email with expired token" do
|
|
29
|
-
|
|
29
|
+
sid = @user.generate_token_for(:email_verification)
|
|
30
|
+
|
|
31
|
+
travel 3.days
|
|
32
|
+
|
|
33
|
+
get identity_email_verification_url, params: { sid: sid }, headers: default_headers
|
|
30
34
|
|
|
31
|
-
get identity_email_verification_url, params: { sid: sid_exp }, headers: default_headers
|
|
32
35
|
assert_response :bad_request
|
|
33
36
|
assert_equal "That email verification link is invalid", response.parsed_body["error"]
|
|
34
37
|
end
|
|
@@ -10,14 +10,14 @@ class Identity::EmailsControllerTest < ActionDispatch::IntegrationTest
|
|
|
10
10
|
end
|
|
11
11
|
|
|
12
12
|
test "should update email" do
|
|
13
|
-
patch identity_email_url, params: { email: "new_email@hey.com",
|
|
13
|
+
patch identity_email_url, params: { email: "new_email@hey.com", password_challenge: "Secret1*3*5*" }, headers: default_headers
|
|
14
14
|
assert_response :success
|
|
15
15
|
end
|
|
16
16
|
|
|
17
|
-
test "should not update email with wrong
|
|
18
|
-
patch identity_email_url, params: { email: "new_email@hey.com",
|
|
17
|
+
test "should not update email with wrong password challenge" do
|
|
18
|
+
patch identity_email_url, params: { email: "new_email@hey.com", password_challenge: "SecretWrong1*3" }, headers: default_headers
|
|
19
19
|
|
|
20
|
-
assert_response :
|
|
21
|
-
assert_equal "
|
|
20
|
+
assert_response :unprocessable_entity
|
|
21
|
+
assert_equal ["is invalid"], response.parsed_body["password_challenge"]
|
|
22
22
|
end
|
|
23
23
|
end
|
|
@@ -6,14 +6,14 @@ class Identity::PasswordResetsControllerTest < ActionDispatch::IntegrationTest
|
|
|
6
6
|
end
|
|
7
7
|
|
|
8
8
|
test "should get edit" do
|
|
9
|
-
sid = @user.
|
|
9
|
+
sid = @user.generate_token_for(:password_reset)
|
|
10
10
|
|
|
11
11
|
get edit_identity_password_reset_url(sid: sid)
|
|
12
12
|
assert_response :no_content
|
|
13
13
|
end
|
|
14
14
|
|
|
15
15
|
test "should send a password reset email" do
|
|
16
|
-
assert_enqueued_email_with UserMailer, :password_reset,
|
|
16
|
+
assert_enqueued_email_with UserMailer, :password_reset, params: { user: @user } do
|
|
17
17
|
post identity_password_reset_url, params: { email: @user.email }
|
|
18
18
|
end
|
|
19
19
|
|
|
@@ -41,16 +41,19 @@ class Identity::PasswordResetsControllerTest < ActionDispatch::IntegrationTest
|
|
|
41
41
|
end
|
|
42
42
|
|
|
43
43
|
test "should update password" do
|
|
44
|
-
sid = @user.
|
|
44
|
+
sid = @user.generate_token_for(:password_reset)
|
|
45
45
|
|
|
46
46
|
patch identity_password_reset_url, params: { sid: sid, password: "Secret6*4*2*", password_confirmation: "Secret6*4*2*" }
|
|
47
47
|
assert_response :success
|
|
48
48
|
end
|
|
49
49
|
|
|
50
50
|
test "should not update password with expired token" do
|
|
51
|
-
|
|
51
|
+
sid = @user.generate_token_for(:password_reset)
|
|
52
|
+
|
|
53
|
+
travel 30.minutes
|
|
54
|
+
|
|
55
|
+
patch identity_password_reset_url, params: { sid: sid, password: "Secret6*4*2*", password_confirmation: "Secret6*4*2*" }
|
|
52
56
|
|
|
53
|
-
patch identity_password_reset_url, params: { sid: sid_exp, password: "Secret6*4*2*", password_confirmation: "Secret6*4*2*" }
|
|
54
57
|
assert_response :bad_request
|
|
55
58
|
assert_equal "That password reset link is invalid", response.parsed_body["error"]
|
|
56
59
|
end
|
|
@@ -10,14 +10,14 @@ class PasswordsControllerTest < ActionDispatch::IntegrationTest
|
|
|
10
10
|
end
|
|
11
11
|
|
|
12
12
|
test "should update password" do
|
|
13
|
-
patch password_url, params: {
|
|
13
|
+
patch password_url, params: { password_challenge: "Secret1*3*5*", password: "Secret6*4*2*", password_confirmation: "Secret6*4*2*" }, headers: default_headers
|
|
14
14
|
assert_response :success
|
|
15
15
|
end
|
|
16
16
|
|
|
17
|
-
test "should not update password with wrong
|
|
18
|
-
patch password_url, params: {
|
|
17
|
+
test "should not update password with wrong password challenge" do
|
|
18
|
+
patch password_url, params: { password_challenge: "SecretWrong1*3", password: "Secret6*4*2*", password_confirmation: "Secret6*4*2*" }, headers: default_headers
|
|
19
19
|
|
|
20
|
-
assert_response :
|
|
21
|
-
assert_equal "
|
|
20
|
+
assert_response :unprocessable_entity
|
|
21
|
+
assert_equal ["is invalid"], response.parsed_body["password_challenge"]
|
|
22
22
|
end
|
|
23
23
|
end
|
|
@@ -7,7 +7,7 @@ class Identity::EmailVerificationsControllerTest < ActionDispatch::IntegrationTe
|
|
|
7
7
|
end
|
|
8
8
|
|
|
9
9
|
test "should send a verification email" do
|
|
10
|
-
assert_enqueued_email_with UserMailer, :email_verification,
|
|
10
|
+
assert_enqueued_email_with UserMailer, :email_verification, params: { user: @user } do
|
|
11
11
|
post identity_email_verification_url
|
|
12
12
|
end
|
|
13
13
|
|
|
@@ -15,16 +15,18 @@ class Identity::EmailVerificationsControllerTest < ActionDispatch::IntegrationTe
|
|
|
15
15
|
end
|
|
16
16
|
|
|
17
17
|
test "should verify email" do
|
|
18
|
-
sid = @user.
|
|
18
|
+
sid = @user.generate_token_for(:email_verification)
|
|
19
19
|
|
|
20
20
|
get identity_email_verification_url(sid: sid, email: @user.email)
|
|
21
21
|
assert_redirected_to root_url
|
|
22
22
|
end
|
|
23
23
|
|
|
24
24
|
test "should not verify email with expired token" do
|
|
25
|
-
|
|
25
|
+
sid = @user.generate_token_for(:email_verification)
|
|
26
26
|
|
|
27
|
-
|
|
27
|
+
travel 3.days
|
|
28
|
+
|
|
29
|
+
get identity_email_verification_url(sid: sid, email: @user.email)
|
|
28
30
|
|
|
29
31
|
assert_redirected_to edit_identity_email_url
|
|
30
32
|
assert_equal "That email verification link is invalid", flash[:alert]
|
|
@@ -11,14 +11,15 @@ class Identity::EmailsControllerTest < ActionDispatch::IntegrationTest
|
|
|
11
11
|
end
|
|
12
12
|
|
|
13
13
|
test "should update email" do
|
|
14
|
-
patch identity_email_url, params: { email: "new_email@hey.com",
|
|
14
|
+
patch identity_email_url, params: { email: "new_email@hey.com", password_challenge: "Secret1*3*5*" }
|
|
15
15
|
assert_redirected_to root_url
|
|
16
16
|
end
|
|
17
17
|
|
|
18
|
-
test "should not update email with wrong current password" do
|
|
19
|
-
patch identity_email_url, params: { email: "new_email@hey.com", current_password: "SecretWrong1*3" }
|
|
20
18
|
|
|
21
|
-
|
|
22
|
-
|
|
19
|
+
test "should not update password with wrong password challenge" do
|
|
20
|
+
patch password_url, params: { password_challenge: "SecretWrong1*3", password: "Secret6*4*2*", password_confirmation: "Secret6*4*2*" }
|
|
21
|
+
|
|
22
|
+
assert_response :unprocessable_entity
|
|
23
|
+
assert_select "li", /Password challenge is invalid/
|
|
23
24
|
end
|
|
24
25
|
end
|
|
@@ -11,14 +11,14 @@ class Identity::PasswordResetsControllerTest < ActionDispatch::IntegrationTest
|
|
|
11
11
|
end
|
|
12
12
|
|
|
13
13
|
test "should get edit" do
|
|
14
|
-
sid = @user.
|
|
14
|
+
sid = @user.generate_token_for(:password_reset)
|
|
15
15
|
|
|
16
16
|
get edit_identity_password_reset_url(sid: sid)
|
|
17
17
|
assert_response :success
|
|
18
18
|
end
|
|
19
19
|
|
|
20
20
|
test "should send a password reset email" do
|
|
21
|
-
assert_enqueued_email_with UserMailer, :password_reset,
|
|
21
|
+
assert_enqueued_email_with UserMailer, :password_reset, params: { user: @user } do
|
|
22
22
|
post identity_password_reset_url, params: { email: @user.email }
|
|
23
23
|
end
|
|
24
24
|
|
|
@@ -46,16 +46,19 @@ class Identity::PasswordResetsControllerTest < ActionDispatch::IntegrationTest
|
|
|
46
46
|
end
|
|
47
47
|
|
|
48
48
|
test "should update password" do
|
|
49
|
-
sid = @user.
|
|
49
|
+
sid = @user.generate_token_for(:password_reset)
|
|
50
50
|
|
|
51
51
|
patch identity_password_reset_url, params: { sid: sid, password: "Secret6*4*2*", password_confirmation: "Secret6*4*2*" }
|
|
52
52
|
assert_redirected_to sign_in_url
|
|
53
53
|
end
|
|
54
54
|
|
|
55
55
|
test "should not update password with expired token" do
|
|
56
|
-
|
|
56
|
+
sid = @user.generate_token_for(:password_reset)
|
|
57
|
+
|
|
58
|
+
travel 30.minutes
|
|
59
|
+
|
|
60
|
+
patch identity_password_reset_url, params: { sid: sid, password: "Secret6*4*2*", password_confirmation: "Secret6*4*2*" }
|
|
57
61
|
|
|
58
|
-
patch identity_password_reset_url, params: { sid: sid_exp, password: "Secret6*4*2*", password_confirmation: "Secret6*4*2*" }
|
|
59
62
|
assert_redirected_to new_identity_password_reset_url
|
|
60
63
|
assert_equal "That password reset link is invalid", flash[:alert]
|
|
61
64
|
end
|
|
@@ -11,14 +11,14 @@ class PasswordsControllerTest < ActionDispatch::IntegrationTest
|
|
|
11
11
|
end
|
|
12
12
|
|
|
13
13
|
test "should update password" do
|
|
14
|
-
patch password_url, params: {
|
|
14
|
+
patch password_url, params: { password_challenge: "Secret1*3*5*", password: "Secret6*4*2*", password_confirmation: "Secret6*4*2*" }
|
|
15
15
|
assert_redirected_to root_url
|
|
16
16
|
end
|
|
17
17
|
|
|
18
|
-
test "should not update password with wrong
|
|
19
|
-
patch password_url, params: {
|
|
18
|
+
test "should not update password with wrong password challenge" do
|
|
19
|
+
patch password_url, params: { password_challenge: "SecretWrong1*3", password: "Secret6*4*2*", password_confirmation: "Secret6*4*2*" }
|
|
20
20
|
|
|
21
|
-
|
|
22
|
-
|
|
21
|
+
assert_response :unprocessable_entity
|
|
22
|
+
assert_select "li", /Password challenge is invalid/
|
|
23
23
|
end
|
|
24
24
|
end
|
|
@@ -9,7 +9,7 @@ class Identity::EmailsTest < ApplicationSystemTestCase
|
|
|
9
9
|
click_on "Change email address"
|
|
10
10
|
|
|
11
11
|
fill_in "New email", with: "new_email@hey.com"
|
|
12
|
-
fill_in "
|
|
12
|
+
fill_in "Password challenge", with: "Secret1*3*5*"
|
|
13
13
|
click_on "Save changes"
|
|
14
14
|
|
|
15
15
|
assert_text "Your email has been changed"
|
data/lib/generators/authentication/templates/test_unit/system/identity/password_resets_test.rb.tt
CHANGED
|
@@ -3,7 +3,7 @@ require "application_system_test_case"
|
|
|
3
3
|
class Identity::PasswordResetsTest < ApplicationSystemTestCase
|
|
4
4
|
setup do
|
|
5
5
|
@user = users(:lazaro_nixon)
|
|
6
|
-
@sid = @user.
|
|
6
|
+
@sid = @user.generate_token_for(:password_reset)
|
|
7
7
|
end
|
|
8
8
|
|
|
9
9
|
test "sending a password reset email" do
|
|
@@ -8,7 +8,7 @@ class PasswordsTest < ApplicationSystemTestCase
|
|
|
8
8
|
test "updating the password" do
|
|
9
9
|
click_on "Change password"
|
|
10
10
|
|
|
11
|
-
fill_in "
|
|
11
|
+
fill_in "Password challenge", with: "Secret1*3*5*"
|
|
12
12
|
fill_in "New password", with: "Secret6*4*2*"
|
|
13
13
|
fill_in "Confirm new password", with: "Secret6*4*2*"
|
|
14
14
|
click_on "Save changes"
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: authentication-zero
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version:
|
|
4
|
+
version: 3.0.0.alpha1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Nixon
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2023-07-
|
|
11
|
+
date: 2023-07-19 00:00:00.000000000 Z
|
|
12
12
|
dependencies: []
|
|
13
13
|
description:
|
|
14
14
|
email:
|
|
@@ -98,9 +98,7 @@ files:
|
|
|
98
98
|
- lib/generators/authentication/templates/lib/account_middleware.rb
|
|
99
99
|
- lib/generators/authentication/templates/mailers/user_mailer.rb.tt
|
|
100
100
|
- lib/generators/authentication/templates/migrations/create_accounts_migration.rb.tt
|
|
101
|
-
- lib/generators/authentication/templates/migrations/create_email_verification_tokens_migration.rb.tt
|
|
102
101
|
- lib/generators/authentication/templates/migrations/create_events_migration.rb.tt
|
|
103
|
-
- lib/generators/authentication/templates/migrations/create_password_reset_tokens_migration.rb.tt
|
|
104
102
|
- lib/generators/authentication/templates/migrations/create_recovery_codes_migration.rb.tt
|
|
105
103
|
- lib/generators/authentication/templates/migrations/create_security_keys_migration.rb.tt
|
|
106
104
|
- lib/generators/authentication/templates/migrations/create_sessions_migration.rb.tt
|
|
@@ -109,9 +107,7 @@ files:
|
|
|
109
107
|
- lib/generators/authentication/templates/models/account.rb.tt
|
|
110
108
|
- lib/generators/authentication/templates/models/concerns/account_scoped.rb
|
|
111
109
|
- lib/generators/authentication/templates/models/current.rb.tt
|
|
112
|
-
- lib/generators/authentication/templates/models/email_verification_token.rb.tt
|
|
113
110
|
- lib/generators/authentication/templates/models/event.rb.tt
|
|
114
|
-
- lib/generators/authentication/templates/models/password_reset_token.rb.tt
|
|
115
111
|
- lib/generators/authentication/templates/models/recovery_code.rb.tt
|
|
116
112
|
- lib/generators/authentication/templates/models/security_key.rb.tt
|
|
117
113
|
- lib/generators/authentication/templates/models/session.rb.tt
|
|
@@ -156,9 +152,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
156
152
|
version: '0'
|
|
157
153
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
158
154
|
requirements:
|
|
159
|
-
- - "
|
|
155
|
+
- - ">"
|
|
160
156
|
- !ruby/object:Gem::Version
|
|
161
|
-
version:
|
|
157
|
+
version: 1.3.1
|
|
162
158
|
requirements: []
|
|
163
159
|
rubygems_version: 3.4.10
|
|
164
160
|
signing_key:
|