RubyGems - auther - Versions diffs - 9.1.0 → 9.2.0 - Mend

auther 9.1.0 → 9.2.0

Files changed (11) hide show

checksums.yaml +4 -4
checksums.yaml.gz.sig +1 -4
data.tar.gz.sig +0 -0
data/README.md +27 -30
data/app/models/auther/account.rb +19 -21
data/lib/auther/cipher.rb +17 -0
data/lib/auther/identity.rb +1 -1
data/lib/generators/auther/credentials/credentials_generator.rb +25 -0
data/lib/generators/auther/templates/config/initializers/auther.rb +1 -1
metadata +4 -3
metadata.gz.sig +0 -0

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e896b20d8be7a8f578e5c8cc6627d58f56eeb39e3ffc25e8e891c0c5bff642a3
-  data.tar.gz: 64a33043ec2d4d8a8465415c4ecbecb017c639738838f43257bb0f557e509bb2
+  metadata.gz: f228f383a09dcdc7134f056029301bd8772951da343c58dc0c6e90e69ad86411
+  data.tar.gz: 817565c91e455cc793c5155a1eaea82e29fb414cce6778b199c5cac78ccb76b0
 SHA512:
-  metadata.gz: 459c61e9b1a739d7836a08c8ef1d8ae321b96a8393b2517014bb22168ad66e1b08265121a90c0d3af5d0acba967e42d65b2ac1e50b09f42210b37a3ae0b80679
-  data.tar.gz: 5a50f311fddd2c5d04c11d9b4fbe71995eca6bf34d8b65ccb7cfbd8f0ec3818b888bc919b8630ed54abf362121a5804c87d7d2c5cea84924cc051e6e94664de3
+  metadata.gz: 6dcaa5d6848f95a53b0c64afa686ff369495916688079f9240fa462c56ef754a1d47094927ea6cc01a805088947a2f2aef55dbed8a2ec0d61428b482415c950c
+  data.tar.gz: 054d90a6232f5d6205e65bafe7ee1d8e778d7573902727eb6ba1b3f478807e90eade485c8835fb43d1ce906744b40ed8039f106b88a3e4b29c089e7e5c8a4592

checksums.yaml.gz.sig CHANGED

@@ -1,4 +1 @@
-�H���]��n�a���g�x���lH��B�wĳ҄+*� ���
-s�\Ka�I���d\�W�/�d�5�U�
-{�/�ב�y�4��
-օ��z��*�3�VY<�3�C>.��_�D���S�*��w����q�q���S��x�E(���1"����啅�O�&@t)�Di��D�-r��0�A*XZ��p�S
+!

data.tar.gz.sig CHANGED

Binary file

data/README.md CHANGED

@@ -42,8 +42,8 @@ user experience.
 - Supports form-based authentication compatible with password managers like
   [1Password](https://agilebits.com/onepassword).
-[![Screenshot - Form Without Errors](doc/screenshots/form-without_errors.png)](https://github.com/bkuhlmann/auther)
-[![Screenshot - For With Errors](doc/screenshots/form-with_errors.png)](https://github.com/bkuhlmann/auther)
+![Form Without Errors Screenshot](doc/screenshots/form-without_errors.png)
+![Form With Errors Screenshot](doc/screenshots/form-with_errors.png)
 - Uses CSS Flexbox for lightweight styling.
 - Uses encrypted account credentials to keep sensitive information secure.
@@ -54,8 +54,8 @@ user experience.
 ## Requirements
-0. [Ruby 2.5.x](https://www.ruby-lang.org).
-0. [Ruby on Rails 5.x.x](http://rubyonrails.org).
+1. [Ruby 2.5.x](https://www.ruby-lang.org).
+1. [Ruby on Rails 5.x.x](http://rubyonrails.org).
 ## Setup
@@ -67,29 +67,27 @@ Add the following to your Gemfile:
     gem "auther"
-Run the generator to configure and initialize your application:
+Run the install generator to configure and initialize your application:
     rails generate auther:install
-## Usage
+Run the credentials generator to generate credentials for your application:
-Assuming you are using something like [direnv](https://direnv.net), add the following to your
-`.envrc` file:
+    rails generate auther:credentials
-    AUTHER_SECRET=281047a438dcd3f1f1401954d779025e496dc938ba79703bcf6ca0605ca350e7
-    AUTHER_ADMIN_LOGIN=V0lMaDFBK2o3SngvSHUySUZOYVJ3dC82QmlQaDRWcUhKOEFkUjFsYkF3ND0tLXpMZDBhdCtJaHVsVnpWNkFWVWUxVVE9PQ==--d8595331720f8475090763d5a3a3103b3f6a9259
-    AUTHER_ADMIN_PASSWORD=Tk05VzlWNTdoQW5sbEtzWlA5T25VVHRFb3FkS0xGbjA2ZVU5bjVqN3RHST0tLVBOaVcyWnp3ZFY5ais0eWtrNXhobXc9PQ==--a83d6d7644085a972d847181b5f486bf245fd16b
+If using [direnv](https://direnv.net), for example, you can copy and paste the generated credentials
+into your `.envrc` file. Example:
-Launch your Rails application and visit the following:
+![Credentials Generator Screenshot](doc/screenshots/credentials_generator.png)
-    http://localhost:3000/login
+## Usage
-Use these credentials to login:
+Launch your Rails application and visit the following:
-- Login: test@test.com
-- Password: nevermore
+    http://localhost:3000/login
-That's it, you'll be logged in at this point.
+Enter your login and password as used for the `rails generate auther:credentials` generator and
+you'll be logged in.
 ### Initializer
@@ -106,23 +104,22 @@ The initializer comes installed with the following settings:
         encrypted_password: ENV["AUTHER_ADMIN_PASSWORD"],
         paths: ["/admin"]
       ],
-      secret: [ENV["AUTHER_SECRET"]].pack("H*")
+      secret: ENV["AUTHER_SECRET"]
     }
-**IMPORTANT**: The encrypted secret, login, and password used in the `.envrc` setup above must be
-unique and re-encrypted before deploying to production (don't use the provided examples)! To
-encrypt/decrypt account credentials, launch a rails console and run the following:
+To encrypt/decrypt account credentials, launch a rails console and run the following:
+    # The secret as defined in `auther_settings` and/or produced by the credentials generator.
+    secret = SecureRandom.hex 16 # "426a7f46548a1a4518676a8e246517d8"
-    # Best if generated via `SecureRandom.hex 32`. Exactly `32` bytes is required or you'll
-    # get a `ArgumentError: key must be 32 bytes`. Must be equal to the secret as defined in
-    # `auther_settings`.
-    cipher = Auther::Cipher.new "f106a7169a5cfb90f016105b31b595282011a1090d843b7868103c770e35e38e"
+    # The cipher for encrypting/decrypting values.
+    cipher = Auther::Cipher.new secret
     # Use the following to encrypt an unecrypted value.
     cipher.encrypt "test@test.com"
     # Use the following to decrypt an encrypted value.
-    cipher.decrypt "cEgyd2hHSit6NkpwN000aUNiU3BkNThxcjRRd1AyT1RmbFFqaGJRR0FjVT0tLWR6Mm1sUmxscHlxQU1leHF2d3ZoZ2c9PQ==--6d4b8bfadc54bfba6a41164675b14980caf01445"
+    cipher.decrypt "hWToltdpl+uZJBPELKNC7Ij++jPkTuo=--nEdbOYL9fIRh14hY--fU+VSCd4+DDOhOmG1gzRfQ=="
 The initializer can be customized as follows:
@@ -160,10 +157,10 @@ The routes can be customized as follows (installed, by default, via the install
 ### Model
-The [Auther::Account](app/models/auther/account.rb) is a plain old Ruby object that uses ActiveModel
-validations to aid in attribute validation. This model could potentially be replaced with a
-database-backed object (would require controller customization)...but you should question if you
-have outgrown the use of this gem and need a different solution altogether if it comes to that.
+The [Auther::Account](app/models/auther/account.rb) is a struct that uses ActiveModel validations to
+aid in attribute validation. This model could potentially be replaced with a database-backed object
+(would require controller customization)...but you should question if you have outgrown the use of
+this gem and need a different solution altogether if it comes to that.
 ### Presenter

data/app/models/auther/account.rb CHANGED

@@ -3,32 +3,30 @@
 require "active_model"
 module Auther
+  ACCOUNT_ATTRIBUTES = %i[
+    name
+    encrypted_login
+    encrypted_password
+    paths
+    authorized_url
+    deauthorized_url
+  ].freeze
   # Represents an authenticatable account.
-  class Account
+  Account = Struct.new(*ACCOUNT_ATTRIBUTES, keyword_init: true) do
     include ActiveModel::Validations
-    attr_accessor :name,
-                  :encrypted_login,
-                  :encrypted_password,
-                  :paths,
-                  :authorized_url,
-                  :deauthorized_url
     validates :name, :encrypted_login, :encrypted_password, presence: true
-    validates :paths, presence: {
-      unless: ->(account) { account.paths.is_a? Array },
-      message: "must be an array"
-    }
+    validate :paths_type
+    def paths
+      self[:paths] || []
+    end
+    private
-    # rubocop:disable Style/OptionHash
-    def initialize options = {}
-      @name = options.fetch :name, nil
-      @encrypted_login = options.fetch :encrypted_login, nil
-      @encrypted_password = options.fetch :encrypted_password, nil
-      @paths = options.fetch :paths, []
-      @authorized_url = options.fetch :authorized_url, nil
-      @deauthorized_url = options.fetch :deauthorized_url, nil
+    def paths_type
+      errors.add(:paths, "must be an array") unless paths.is_a?(Array)
     end
-    # rubocop:enable Style/OptionHash
   end
 end

data/lib/auther/cipher.rb CHANGED

@@ -3,6 +3,23 @@
 module Auther
   # Manages encryption/decryption.
   class Cipher
+    BYTE_DIVISOR = 2
+    def self.generate login, password
+      secret = SecureRandom.hex key_length / BYTE_DIVISOR
+      cipher = new secret
+      {
+        secret: secret,
+        login: cipher.encrypt(login),
+        password: cipher.encrypt(password)
+      }
+    end
+    def self.key_length
+      ActiveSupport::MessageEncryptor.key_len
+    end
     def initialize secret
       @encryptor = ActiveSupport::MessageEncryptor.new secret
     end

data/lib/auther/identity.rb CHANGED

@@ -12,7 +12,7 @@ module Auther
     end
     def self.version
-      "9.1.0"
+      "9.2.0"
     end
     def self.version_label

data/lib/generators/auther/credentials/credentials_generator.rb ADDED

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+module Auther
+  # Credentials generator for new secret, login, and password.
+  class CredentialsGenerator < ::Rails::Generators::Base
+    desc "Generate Auther secret, login, and password credentials."
+    # :reek:TooManyStatements
+    def credentials
+      puts "Welcome to the Auther credentials generator.\n"
+      login = ask "  Enter admin login:", echo: false
+      password = ask "\n  Enter admin password:", echo: false
+      credentials = Cipher.generate login, password
+      puts "\n\nHere are your credentials:\n"
+      say "  AUTHER_SECRET: #{credentials.fetch :secret}\n" \
+          "  AUTHER_ADMIN_LOGIN: #{credentials.fetch :login}\n" \
+          "  AUTHER_ADMIN_PASSWORD: #{credentials.fetch :password}",
+          :green
+      say "\nReminder: Do not add these credentials to source control.", :yellow
+    end
+  end
+end

data/lib/generators/auther/templates/config/initializers/auther.rb CHANGED

@@ -7,5 +7,5 @@ Rails.application.config.auther_settings = {
     encrypted_password: ENV["AUTHER_ADMIN_PASSWORD"],
     paths: ["/admin"]
   ],
-  secret: [ENV["AUTHER_SECRET"]].pack("H*")
+  secret: ENV["AUTHER_SECRET"]
 }

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: auther
 version: !ruby/object:Gem::Version
-  version: 9.1.0
+  version: 9.2.0
 platform: ruby
 authors:
 - Brooke Kuhlmann
@@ -29,7 +29,7 @@ cert_chain:
   4Zrsxi713z6sndd9JBAm4G7mJiV93MsuCM5N4ZDY7XaxIhvctNSNhX/Yn8LLdtGI
   b4jw5t40FKyNUvLPPXYAvQALBtk=
   -----END CERTIFICATE-----
-date: 2018-04-01 00:00:00.000000000 Z
+date: 2018-06-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -340,6 +340,7 @@ files:
 - lib/auther/keymaster.rb
 - lib/auther/null_logger.rb
 - lib/auther/settings.rb
+- lib/generators/auther/credentials/credentials_generator.rb
 - lib/generators/auther/install/install_generator.rb
 - lib/generators/auther/templates/config/initializers/auther.rb
 homepage: https://github.com/bkuhlmann/auther
@@ -365,7 +366,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 2.7.6
+rubygems_version: 2.7.7
 signing_key:
 specification_version: 4
 summary: Enhances Rails with multi-account, form-based, database-less, application-wide

metadata.gz.sig CHANGED

Binary file