auther 9.1.0 → 9.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: e896b20d8be7a8f578e5c8cc6627d58f56eeb39e3ffc25e8e891c0c5bff642a3
4
- data.tar.gz: 64a33043ec2d4d8a8465415c4ecbecb017c639738838f43257bb0f557e509bb2
3
+ metadata.gz: f228f383a09dcdc7134f056029301bd8772951da343c58dc0c6e90e69ad86411
4
+ data.tar.gz: 817565c91e455cc793c5155a1eaea82e29fb414cce6778b199c5cac78ccb76b0
5
5
  SHA512:
6
- metadata.gz: 459c61e9b1a739d7836a08c8ef1d8ae321b96a8393b2517014bb22168ad66e1b08265121a90c0d3af5d0acba967e42d65b2ac1e50b09f42210b37a3ae0b80679
7
- data.tar.gz: 5a50f311fddd2c5d04c11d9b4fbe71995eca6bf34d8b65ccb7cfbd8f0ec3818b888bc919b8630ed54abf362121a5804c87d7d2c5cea84924cc051e6e94664de3
6
+ metadata.gz: 6dcaa5d6848f95a53b0c64afa686ff369495916688079f9240fa462c56ef754a1d47094927ea6cc01a805088947a2f2aef55dbed8a2ec0d61428b482415c950c
7
+ data.tar.gz: 054d90a6232f5d6205e65bafe7ee1d8e778d7573902727eb6ba1b3f478807e90eade485c8835fb43d1ce906744b40ed8039f106b88a3e4b29c089e7e5c8a4592
@@ -1,4 +1 @@
1
- �H���]��n�a���g�x���lH��B�wij҄+*� ���
2
- s�\Ka�I���d\�W�/�d�5�U�
3
- {�/�ב�y�4��
4
- օ��z��*�3�VY<�3�C>.�� _�D���S�*��w����q�q���S��x�E(���1"����啅�O�&@t)�Di��D�-r��0 �A*XZ��p�S
1
+ !
data.tar.gz.sig CHANGED
Binary file
data/README.md CHANGED
@@ -42,8 +42,8 @@ user experience.
42
42
  - Supports form-based authentication compatible with password managers like
43
43
  [1Password](https://agilebits.com/onepassword).
44
44
 
45
- [![Screenshot - Form Without Errors](doc/screenshots/form-without_errors.png)](https://github.com/bkuhlmann/auther)
46
- [![Screenshot - For With Errors](doc/screenshots/form-with_errors.png)](https://github.com/bkuhlmann/auther)
45
+ ![Form Without Errors Screenshot](doc/screenshots/form-without_errors.png)
46
+ ![Form With Errors Screenshot](doc/screenshots/form-with_errors.png)
47
47
 
48
48
  - Uses CSS Flexbox for lightweight styling.
49
49
  - Uses encrypted account credentials to keep sensitive information secure.
@@ -54,8 +54,8 @@ user experience.
54
54
 
55
55
  ## Requirements
56
56
 
57
- 0. [Ruby 2.5.x](https://www.ruby-lang.org).
58
- 0. [Ruby on Rails 5.x.x](http://rubyonrails.org).
57
+ 1. [Ruby 2.5.x](https://www.ruby-lang.org).
58
+ 1. [Ruby on Rails 5.x.x](http://rubyonrails.org).
59
59
 
60
60
  ## Setup
61
61
 
@@ -67,29 +67,27 @@ Add the following to your Gemfile:
67
67
 
68
68
  gem "auther"
69
69
 
70
- Run the generator to configure and initialize your application:
70
+ Run the install generator to configure and initialize your application:
71
71
 
72
72
  rails generate auther:install
73
73
 
74
- ## Usage
74
+ Run the credentials generator to generate credentials for your application:
75
75
 
76
- Assuming you are using something like [direnv](https://direnv.net), add the following to your
77
- `.envrc` file:
76
+ rails generate auther:credentials
78
77
 
79
- AUTHER_SECRET=281047a438dcd3f1f1401954d779025e496dc938ba79703bcf6ca0605ca350e7
80
- AUTHER_ADMIN_LOGIN=V0lMaDFBK2o3SngvSHUySUZOYVJ3dC82QmlQaDRWcUhKOEFkUjFsYkF3ND0tLXpMZDBhdCtJaHVsVnpWNkFWVWUxVVE9PQ==--d8595331720f8475090763d5a3a3103b3f6a9259
81
- AUTHER_ADMIN_PASSWORD=Tk05VzlWNTdoQW5sbEtzWlA5T25VVHRFb3FkS0xGbjA2ZVU5bjVqN3RHST0tLVBOaVcyWnp3ZFY5ais0eWtrNXhobXc9PQ==--a83d6d7644085a972d847181b5f486bf245fd16b
78
+ If using [direnv](https://direnv.net), for example, you can copy and paste the generated credentials
79
+ into your `.envrc` file. Example:
82
80
 
83
- Launch your Rails application and visit the following:
81
+ ![Credentials Generator Screenshot](doc/screenshots/credentials_generator.png)
84
82
 
85
- http://localhost:3000/login
83
+ ## Usage
86
84
 
87
- Use these credentials to login:
85
+ Launch your Rails application and visit the following:
88
86
 
89
- - Login: test@test.com
90
- - Password: nevermore
87
+ http://localhost:3000/login
91
88
 
92
- That's it, you'll be logged in at this point.
89
+ Enter your login and password as used for the `rails generate auther:credentials` generator and
90
+ you'll be logged in.
93
91
 
94
92
  ### Initializer
95
93
 
@@ -106,23 +104,22 @@ The initializer comes installed with the following settings:
106
104
  encrypted_password: ENV["AUTHER_ADMIN_PASSWORD"],
107
105
  paths: ["/admin"]
108
106
  ],
109
- secret: [ENV["AUTHER_SECRET"]].pack("H*")
107
+ secret: ENV["AUTHER_SECRET"]
110
108
  }
111
109
 
112
- **IMPORTANT**: The encrypted secret, login, and password used in the `.envrc` setup above must be
113
- unique and re-encrypted before deploying to production (don't use the provided examples)! To
114
- encrypt/decrypt account credentials, launch a rails console and run the following:
110
+ To encrypt/decrypt account credentials, launch a rails console and run the following:
111
+
112
+ # The secret as defined in `auther_settings` and/or produced by the credentials generator.
113
+ secret = SecureRandom.hex 16 # "426a7f46548a1a4518676a8e246517d8"
115
114
 
116
- # Best if generated via `SecureRandom.hex 32`. Exactly `32` bytes is required or you'll
117
- # get a `ArgumentError: key must be 32 bytes`. Must be equal to the secret as defined in
118
- # `auther_settings`.
119
- cipher = Auther::Cipher.new "f106a7169a5cfb90f016105b31b595282011a1090d843b7868103c770e35e38e"
115
+ # The cipher for encrypting/decrypting values.
116
+ cipher = Auther::Cipher.new secret
120
117
 
121
118
  # Use the following to encrypt an unecrypted value.
122
119
  cipher.encrypt "test@test.com"
123
120
 
124
121
  # Use the following to decrypt an encrypted value.
125
- cipher.decrypt "cEgyd2hHSit6NkpwN000aUNiU3BkNThxcjRRd1AyT1RmbFFqaGJRR0FjVT0tLWR6Mm1sUmxscHlxQU1leHF2d3ZoZ2c9PQ==--6d4b8bfadc54bfba6a41164675b14980caf01445"
122
+ cipher.decrypt "hWToltdpl+uZJBPELKNC7Ij++jPkTuo=--nEdbOYL9fIRh14hY--fU+VSCd4+DDOhOmG1gzRfQ=="
126
123
 
127
124
  The initializer can be customized as follows:
128
125
 
@@ -160,10 +157,10 @@ The routes can be customized as follows (installed, by default, via the install
160
157
 
161
158
  ### Model
162
159
 
163
- The [Auther::Account](app/models/auther/account.rb) is a plain old Ruby object that uses ActiveModel
164
- validations to aid in attribute validation. This model could potentially be replaced with a
165
- database-backed object (would require controller customization)...but you should question if you
166
- have outgrown the use of this gem and need a different solution altogether if it comes to that.
160
+ The [Auther::Account](app/models/auther/account.rb) is a struct that uses ActiveModel validations to
161
+ aid in attribute validation. This model could potentially be replaced with a database-backed object
162
+ (would require controller customization)...but you should question if you have outgrown the use of
163
+ this gem and need a different solution altogether if it comes to that.
167
164
 
168
165
  ### Presenter
169
166
 
@@ -3,32 +3,30 @@
3
3
  require "active_model"
4
4
 
5
5
  module Auther
6
+ ACCOUNT_ATTRIBUTES = %i[
7
+ name
8
+ encrypted_login
9
+ encrypted_password
10
+ paths
11
+ authorized_url
12
+ deauthorized_url
13
+ ].freeze
14
+
6
15
  # Represents an authenticatable account.
7
- class Account
16
+ Account = Struct.new(*ACCOUNT_ATTRIBUTES, keyword_init: true) do
8
17
  include ActiveModel::Validations
9
18
 
10
- attr_accessor :name,
11
- :encrypted_login,
12
- :encrypted_password,
13
- :paths,
14
- :authorized_url,
15
- :deauthorized_url
16
-
17
19
  validates :name, :encrypted_login, :encrypted_password, presence: true
18
- validates :paths, presence: {
19
- unless: ->(account) { account.paths.is_a? Array },
20
- message: "must be an array"
21
- }
20
+ validate :paths_type
21
+
22
+ def paths
23
+ self[:paths] || []
24
+ end
25
+
26
+ private
22
27
 
23
- # rubocop:disable Style/OptionHash
24
- def initialize options = {}
25
- @name = options.fetch :name, nil
26
- @encrypted_login = options.fetch :encrypted_login, nil
27
- @encrypted_password = options.fetch :encrypted_password, nil
28
- @paths = options.fetch :paths, []
29
- @authorized_url = options.fetch :authorized_url, nil
30
- @deauthorized_url = options.fetch :deauthorized_url, nil
28
+ def paths_type
29
+ errors.add(:paths, "must be an array") unless paths.is_a?(Array)
31
30
  end
32
- # rubocop:enable Style/OptionHash
33
31
  end
34
32
  end
@@ -3,6 +3,23 @@
3
3
  module Auther
4
4
  # Manages encryption/decryption.
5
5
  class Cipher
6
+ BYTE_DIVISOR = 2
7
+
8
+ def self.generate login, password
9
+ secret = SecureRandom.hex key_length / BYTE_DIVISOR
10
+ cipher = new secret
11
+
12
+ {
13
+ secret: secret,
14
+ login: cipher.encrypt(login),
15
+ password: cipher.encrypt(password)
16
+ }
17
+ end
18
+
19
+ def self.key_length
20
+ ActiveSupport::MessageEncryptor.key_len
21
+ end
22
+
6
23
  def initialize secret
7
24
  @encryptor = ActiveSupport::MessageEncryptor.new secret
8
25
  end
@@ -12,7 +12,7 @@ module Auther
12
12
  end
13
13
 
14
14
  def self.version
15
- "9.1.0"
15
+ "9.2.0"
16
16
  end
17
17
 
18
18
  def self.version_label
@@ -0,0 +1,25 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Auther
4
+ # Credentials generator for new secret, login, and password.
5
+ class CredentialsGenerator < ::Rails::Generators::Base
6
+ desc "Generate Auther secret, login, and password credentials."
7
+ # :reek:TooManyStatements
8
+ def credentials
9
+ puts "Welcome to the Auther credentials generator.\n"
10
+
11
+ login = ask " Enter admin login:", echo: false
12
+ password = ask "\n Enter admin password:", echo: false
13
+ credentials = Cipher.generate login, password
14
+
15
+ puts "\n\nHere are your credentials:\n"
16
+
17
+ say " AUTHER_SECRET: #{credentials.fetch :secret}\n" \
18
+ " AUTHER_ADMIN_LOGIN: #{credentials.fetch :login}\n" \
19
+ " AUTHER_ADMIN_PASSWORD: #{credentials.fetch :password}",
20
+ :green
21
+
22
+ say "\nReminder: Do not add these credentials to source control.", :yellow
23
+ end
24
+ end
25
+ end
@@ -7,5 +7,5 @@ Rails.application.config.auther_settings = {
7
7
  encrypted_password: ENV["AUTHER_ADMIN_PASSWORD"],
8
8
  paths: ["/admin"]
9
9
  ],
10
- secret: [ENV["AUTHER_SECRET"]].pack("H*")
10
+ secret: ENV["AUTHER_SECRET"]
11
11
  }
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: auther
3
3
  version: !ruby/object:Gem::Version
4
- version: 9.1.0
4
+ version: 9.2.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Brooke Kuhlmann
@@ -29,7 +29,7 @@ cert_chain:
29
29
  4Zrsxi713z6sndd9JBAm4G7mJiV93MsuCM5N4ZDY7XaxIhvctNSNhX/Yn8LLdtGI
30
30
  b4jw5t40FKyNUvLPPXYAvQALBtk=
31
31
  -----END CERTIFICATE-----
32
- date: 2018-04-01 00:00:00.000000000 Z
32
+ date: 2018-06-17 00:00:00.000000000 Z
33
33
  dependencies:
34
34
  - !ruby/object:Gem::Dependency
35
35
  name: rails
@@ -340,6 +340,7 @@ files:
340
340
  - lib/auther/keymaster.rb
341
341
  - lib/auther/null_logger.rb
342
342
  - lib/auther/settings.rb
343
+ - lib/generators/auther/credentials/credentials_generator.rb
343
344
  - lib/generators/auther/install/install_generator.rb
344
345
  - lib/generators/auther/templates/config/initializers/auther.rb
345
346
  homepage: https://github.com/bkuhlmann/auther
@@ -365,7 +366,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
365
366
  version: '0'
366
367
  requirements: []
367
368
  rubyforge_project:
368
- rubygems_version: 2.7.6
369
+ rubygems_version: 2.7.7
369
370
  signing_key:
370
371
  specification_version: 4
371
372
  summary: Enhances Rails with multi-account, form-based, database-less, application-wide
metadata.gz.sig CHANGED
Binary file