auther 9.1.0 → 9.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +1 -4
- data.tar.gz.sig +0 -0
- data/README.md +27 -30
- data/app/models/auther/account.rb +19 -21
- data/lib/auther/cipher.rb +17 -0
- data/lib/auther/identity.rb +1 -1
- data/lib/generators/auther/credentials/credentials_generator.rb +25 -0
- data/lib/generators/auther/templates/config/initializers/auther.rb +1 -1
- metadata +4 -3
- metadata.gz.sig +0 -0
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: f228f383a09dcdc7134f056029301bd8772951da343c58dc0c6e90e69ad86411
|
4
|
+
data.tar.gz: 817565c91e455cc793c5155a1eaea82e29fb414cce6778b199c5cac78ccb76b0
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 6dcaa5d6848f95a53b0c64afa686ff369495916688079f9240fa462c56ef754a1d47094927ea6cc01a805088947a2f2aef55dbed8a2ec0d61428b482415c950c
|
7
|
+
data.tar.gz: 054d90a6232f5d6205e65bafe7ee1d8e778d7573902727eb6ba1b3f478807e90eade485c8835fb43d1ce906744b40ed8039f106b88a3e4b29c089e7e5c8a4592
|
checksums.yaml.gz.sig
CHANGED
data.tar.gz.sig
CHANGED
Binary file
|
data/README.md
CHANGED
@@ -42,8 +42,8 @@ user experience.
|
|
42
42
|
- Supports form-based authentication compatible with password managers like
|
43
43
|
[1Password](https://agilebits.com/onepassword).
|
44
44
|
|
45
|
-
|
46
|
-
|
45
|
+

|
46
|
+

|
47
47
|
|
48
48
|
- Uses CSS Flexbox for lightweight styling.
|
49
49
|
- Uses encrypted account credentials to keep sensitive information secure.
|
@@ -54,8 +54,8 @@ user experience.
|
|
54
54
|
|
55
55
|
## Requirements
|
56
56
|
|
57
|
-
|
58
|
-
|
57
|
+
1. [Ruby 2.5.x](https://www.ruby-lang.org).
|
58
|
+
1. [Ruby on Rails 5.x.x](http://rubyonrails.org).
|
59
59
|
|
60
60
|
## Setup
|
61
61
|
|
@@ -67,29 +67,27 @@ Add the following to your Gemfile:
|
|
67
67
|
|
68
68
|
gem "auther"
|
69
69
|
|
70
|
-
Run the generator to configure and initialize your application:
|
70
|
+
Run the install generator to configure and initialize your application:
|
71
71
|
|
72
72
|
rails generate auther:install
|
73
73
|
|
74
|
-
|
74
|
+
Run the credentials generator to generate credentials for your application:
|
75
75
|
|
76
|
-
|
77
|
-
`.envrc` file:
|
76
|
+
rails generate auther:credentials
|
78
77
|
|
79
|
-
|
80
|
-
|
81
|
-
AUTHER_ADMIN_PASSWORD=Tk05VzlWNTdoQW5sbEtzWlA5T25VVHRFb3FkS0xGbjA2ZVU5bjVqN3RHST0tLVBOaVcyWnp3ZFY5ais0eWtrNXhobXc9PQ==--a83d6d7644085a972d847181b5f486bf245fd16b
|
78
|
+
If using [direnv](https://direnv.net), for example, you can copy and paste the generated credentials
|
79
|
+
into your `.envrc` file. Example:
|
82
80
|
|
83
|
-
|
81
|
+

|
84
82
|
|
85
|
-
|
83
|
+
## Usage
|
86
84
|
|
87
|
-
|
85
|
+
Launch your Rails application and visit the following:
|
88
86
|
|
89
|
-
|
90
|
-
- Password: nevermore
|
87
|
+
http://localhost:3000/login
|
91
88
|
|
92
|
-
|
89
|
+
Enter your login and password as used for the `rails generate auther:credentials` generator and
|
90
|
+
you'll be logged in.
|
93
91
|
|
94
92
|
### Initializer
|
95
93
|
|
@@ -106,23 +104,22 @@ The initializer comes installed with the following settings:
|
|
106
104
|
encrypted_password: ENV["AUTHER_ADMIN_PASSWORD"],
|
107
105
|
paths: ["/admin"]
|
108
106
|
],
|
109
|
-
secret:
|
107
|
+
secret: ENV["AUTHER_SECRET"]
|
110
108
|
}
|
111
109
|
|
112
|
-
|
113
|
-
|
114
|
-
|
110
|
+
To encrypt/decrypt account credentials, launch a rails console and run the following:
|
111
|
+
|
112
|
+
# The secret as defined in `auther_settings` and/or produced by the credentials generator.
|
113
|
+
secret = SecureRandom.hex 16 # "426a7f46548a1a4518676a8e246517d8"
|
115
114
|
|
116
|
-
#
|
117
|
-
|
118
|
-
# `auther_settings`.
|
119
|
-
cipher = Auther::Cipher.new "f106a7169a5cfb90f016105b31b595282011a1090d843b7868103c770e35e38e"
|
115
|
+
# The cipher for encrypting/decrypting values.
|
116
|
+
cipher = Auther::Cipher.new secret
|
120
117
|
|
121
118
|
# Use the following to encrypt an unecrypted value.
|
122
119
|
cipher.encrypt "test@test.com"
|
123
120
|
|
124
121
|
# Use the following to decrypt an encrypted value.
|
125
|
-
cipher.decrypt "
|
122
|
+
cipher.decrypt "hWToltdpl+uZJBPELKNC7Ij++jPkTuo=--nEdbOYL9fIRh14hY--fU+VSCd4+DDOhOmG1gzRfQ=="
|
126
123
|
|
127
124
|
The initializer can be customized as follows:
|
128
125
|
|
@@ -160,10 +157,10 @@ The routes can be customized as follows (installed, by default, via the install
|
|
160
157
|
|
161
158
|
### Model
|
162
159
|
|
163
|
-
The [Auther::Account](app/models/auther/account.rb) is a
|
164
|
-
|
165
|
-
|
166
|
-
|
160
|
+
The [Auther::Account](app/models/auther/account.rb) is a struct that uses ActiveModel validations to
|
161
|
+
aid in attribute validation. This model could potentially be replaced with a database-backed object
|
162
|
+
(would require controller customization)...but you should question if you have outgrown the use of
|
163
|
+
this gem and need a different solution altogether if it comes to that.
|
167
164
|
|
168
165
|
### Presenter
|
169
166
|
|
@@ -3,32 +3,30 @@
|
|
3
3
|
require "active_model"
|
4
4
|
|
5
5
|
module Auther
|
6
|
+
ACCOUNT_ATTRIBUTES = %i[
|
7
|
+
name
|
8
|
+
encrypted_login
|
9
|
+
encrypted_password
|
10
|
+
paths
|
11
|
+
authorized_url
|
12
|
+
deauthorized_url
|
13
|
+
].freeze
|
14
|
+
|
6
15
|
# Represents an authenticatable account.
|
7
|
-
|
16
|
+
Account = Struct.new(*ACCOUNT_ATTRIBUTES, keyword_init: true) do
|
8
17
|
include ActiveModel::Validations
|
9
18
|
|
10
|
-
attr_accessor :name,
|
11
|
-
:encrypted_login,
|
12
|
-
:encrypted_password,
|
13
|
-
:paths,
|
14
|
-
:authorized_url,
|
15
|
-
:deauthorized_url
|
16
|
-
|
17
19
|
validates :name, :encrypted_login, :encrypted_password, presence: true
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
20
|
+
validate :paths_type
|
21
|
+
|
22
|
+
def paths
|
23
|
+
self[:paths] || []
|
24
|
+
end
|
25
|
+
|
26
|
+
private
|
22
27
|
|
23
|
-
|
24
|
-
|
25
|
-
@name = options.fetch :name, nil
|
26
|
-
@encrypted_login = options.fetch :encrypted_login, nil
|
27
|
-
@encrypted_password = options.fetch :encrypted_password, nil
|
28
|
-
@paths = options.fetch :paths, []
|
29
|
-
@authorized_url = options.fetch :authorized_url, nil
|
30
|
-
@deauthorized_url = options.fetch :deauthorized_url, nil
|
28
|
+
def paths_type
|
29
|
+
errors.add(:paths, "must be an array") unless paths.is_a?(Array)
|
31
30
|
end
|
32
|
-
# rubocop:enable Style/OptionHash
|
33
31
|
end
|
34
32
|
end
|
data/lib/auther/cipher.rb
CHANGED
@@ -3,6 +3,23 @@
|
|
3
3
|
module Auther
|
4
4
|
# Manages encryption/decryption.
|
5
5
|
class Cipher
|
6
|
+
BYTE_DIVISOR = 2
|
7
|
+
|
8
|
+
def self.generate login, password
|
9
|
+
secret = SecureRandom.hex key_length / BYTE_DIVISOR
|
10
|
+
cipher = new secret
|
11
|
+
|
12
|
+
{
|
13
|
+
secret: secret,
|
14
|
+
login: cipher.encrypt(login),
|
15
|
+
password: cipher.encrypt(password)
|
16
|
+
}
|
17
|
+
end
|
18
|
+
|
19
|
+
def self.key_length
|
20
|
+
ActiveSupport::MessageEncryptor.key_len
|
21
|
+
end
|
22
|
+
|
6
23
|
def initialize secret
|
7
24
|
@encryptor = ActiveSupport::MessageEncryptor.new secret
|
8
25
|
end
|
data/lib/auther/identity.rb
CHANGED
@@ -0,0 +1,25 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Auther
|
4
|
+
# Credentials generator for new secret, login, and password.
|
5
|
+
class CredentialsGenerator < ::Rails::Generators::Base
|
6
|
+
desc "Generate Auther secret, login, and password credentials."
|
7
|
+
# :reek:TooManyStatements
|
8
|
+
def credentials
|
9
|
+
puts "Welcome to the Auther credentials generator.\n"
|
10
|
+
|
11
|
+
login = ask " Enter admin login:", echo: false
|
12
|
+
password = ask "\n Enter admin password:", echo: false
|
13
|
+
credentials = Cipher.generate login, password
|
14
|
+
|
15
|
+
puts "\n\nHere are your credentials:\n"
|
16
|
+
|
17
|
+
say " AUTHER_SECRET: #{credentials.fetch :secret}\n" \
|
18
|
+
" AUTHER_ADMIN_LOGIN: #{credentials.fetch :login}\n" \
|
19
|
+
" AUTHER_ADMIN_PASSWORD: #{credentials.fetch :password}",
|
20
|
+
:green
|
21
|
+
|
22
|
+
say "\nReminder: Do not add these credentials to source control.", :yellow
|
23
|
+
end
|
24
|
+
end
|
25
|
+
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: auther
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 9.
|
4
|
+
version: 9.2.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Brooke Kuhlmann
|
@@ -29,7 +29,7 @@ cert_chain:
|
|
29
29
|
4Zrsxi713z6sndd9JBAm4G7mJiV93MsuCM5N4ZDY7XaxIhvctNSNhX/Yn8LLdtGI
|
30
30
|
b4jw5t40FKyNUvLPPXYAvQALBtk=
|
31
31
|
-----END CERTIFICATE-----
|
32
|
-
date: 2018-
|
32
|
+
date: 2018-06-17 00:00:00.000000000 Z
|
33
33
|
dependencies:
|
34
34
|
- !ruby/object:Gem::Dependency
|
35
35
|
name: rails
|
@@ -340,6 +340,7 @@ files:
|
|
340
340
|
- lib/auther/keymaster.rb
|
341
341
|
- lib/auther/null_logger.rb
|
342
342
|
- lib/auther/settings.rb
|
343
|
+
- lib/generators/auther/credentials/credentials_generator.rb
|
343
344
|
- lib/generators/auther/install/install_generator.rb
|
344
345
|
- lib/generators/auther/templates/config/initializers/auther.rb
|
345
346
|
homepage: https://github.com/bkuhlmann/auther
|
@@ -365,7 +366,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
365
366
|
version: '0'
|
366
367
|
requirements: []
|
367
368
|
rubyforge_project:
|
368
|
-
rubygems_version: 2.7.
|
369
|
+
rubygems_version: 2.7.7
|
369
370
|
signing_key:
|
370
371
|
specification_version: 4
|
371
372
|
summary: Enhances Rails with multi-account, form-based, database-less, application-wide
|
metadata.gz.sig
CHANGED
Binary file
|