authtrail 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: d09fb569715557b1fcde80bcab0990674c3950c3
+  data.tar.gz: 4507a5bfb4536803efcc1a8d29ef04c1dd4c0717
+SHA512:
+  metadata.gz: 12879861a9e98af5c5defd08ddf1f10d0aa11e04724ff56dd191a34b3ea778821e8173a4198f1221a92774db49301e8e633f064fdbc7385a7f184df7173de00d
+  data.tar.gz: 1777a6f8bd28435970616e6dc90937301354edeb89ffb5ada0c85c531e01b07e8f138959f7313dbbd0c7ccb7add148550743425b5f90f200bfad7ca352363ad9

data/.gitignore

@@ -0,0 +1,8 @@
+/.bundle/
+/.yardoc
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/

data/CHANGELOG.md

@@ -0,0 +1,3 @@
+## 0.1.0
+
+- First release

data/Gemfile

@@ -0,0 +1,6 @@
+source "https://rubygems.org"
+
+git_source(:github) {|repo_name| "https://github.com/#{repo_name}" }
+
+# Specify your gem's dependencies in authtrail.gemspec
+gemspec

data/Gemfile.lock

@@ -0,0 +1,125 @@
+PATH
+  remote: .
+  specs:
+    authtrail (0.1.0)
+      geocoder
+      rails (>= 5)
+      warden
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    actioncable (5.1.4)
+      actionpack (= 5.1.4)
+      nio4r (~> 2.0)
+      websocket-driver (~> 0.6.1)
+    actionmailer (5.1.4)
+      actionpack (= 5.1.4)
+      actionview (= 5.1.4)
+      activejob (= 5.1.4)
+      mail (~> 2.5, >= 2.5.4)
+      rails-dom-testing (~> 2.0)
+    actionpack (5.1.4)
+      actionview (= 5.1.4)
+      activesupport (= 5.1.4)
+      rack (~> 2.0)
+      rack-test (>= 0.6.3)
+      rails-dom-testing (~> 2.0)
+      rails-html-sanitizer (~> 1.0, >= 1.0.2)
+    actionview (5.1.4)
+      activesupport (= 5.1.4)
+      builder (~> 3.1)
+      erubi (~> 1.4)
+      rails-dom-testing (~> 2.0)
+      rails-html-sanitizer (~> 1.0, >= 1.0.3)
+    activejob (5.1.4)
+      activesupport (= 5.1.4)
+      globalid (>= 0.3.6)
+    activemodel (5.1.4)
+      activesupport (= 5.1.4)
+    activerecord (5.1.4)
+      activemodel (= 5.1.4)
+      activesupport (= 5.1.4)
+      arel (~> 8.0)
+    activesupport (5.1.4)
+      concurrent-ruby (~> 1.0, >= 1.0.2)
+      i18n (~> 0.7)
+      minitest (~> 5.1)
+      tzinfo (~> 1.1)
+    arel (8.0.0)
+    builder (3.2.3)
+    concurrent-ruby (1.0.5)
+    crass (1.0.2)
+    erubi (1.7.0)
+    geocoder (1.4.4)
+    globalid (0.4.1)
+      activesupport (>= 4.2.0)
+    i18n (0.9.1)
+      concurrent-ruby (~> 1.0)
+    loofah (2.1.1)
+      crass (~> 1.0.2)
+      nokogiri (>= 1.5.9)
+    mail (2.7.0)
+      mini_mime (>= 0.1.1)
+    method_source (0.9.0)
+    mini_mime (0.1.4)
+    mini_portile2 (2.3.0)
+    minitest (5.10.3)
+    nio4r (2.1.0)
+    nokogiri (1.8.1)
+      mini_portile2 (~> 2.3.0)
+    rack (2.0.3)
+    rack-test (0.7.0)
+      rack (>= 1.0, < 3)
+    rails (5.1.4)
+      actioncable (= 5.1.4)
+      actionmailer (= 5.1.4)
+      actionpack (= 5.1.4)
+      actionview (= 5.1.4)
+      activejob (= 5.1.4)
+      activemodel (= 5.1.4)
+      activerecord (= 5.1.4)
+      activesupport (= 5.1.4)
+      bundler (>= 1.3.0)
+      railties (= 5.1.4)
+      sprockets-rails (>= 2.0.0)
+    rails-dom-testing (2.0.3)
+      activesupport (>= 4.2.0)
+      nokogiri (>= 1.6)
+    rails-html-sanitizer (1.0.3)
+      loofah (~> 2.0)
+    railties (5.1.4)
+      actionpack (= 5.1.4)
+      activesupport (= 5.1.4)
+      method_source
+      rake (>= 0.8.7)
+      thor (>= 0.18.1, < 2.0)
+    rake (12.2.1)
+    sprockets (3.7.1)
+      concurrent-ruby (~> 1.0)
+      rack (> 1, < 3)
+    sprockets-rails (3.2.1)
+      actionpack (>= 4.0)
+      activesupport (>= 4.0)
+      sprockets (>= 3.0.0)
+    thor (0.20.0)
+    thread_safe (0.3.6)
+    tzinfo (1.2.4)
+      thread_safe (~> 0.1)
+    warden (1.2.7)
+      rack (>= 1.0)
+    websocket-driver (0.6.5)
+      websocket-extensions (>= 0.1.0)
+    websocket-extensions (0.1.2)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  authtrail!
+  bundler
+  minitest
+  rake
+
+BUNDLED WITH
+   1.16.0

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2017 Andrew Kane
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,85 @@
+# AuthTrail
+
+Track Devise login activity
+
+:tangerine: Battle-tested at [Instacart](https://www.instacart.com/opensource)
+
+## Installation
+
+Add this line to your application’s Gemfile:
+
+```ruby
+gem 'authtrail'
+```
+
+And run:
+
+```sh
+rails generate authtrail:install
+rake db:migrate
+```
+
+## How It Works
+
+A `LoginActivity` record is created every time a user tries to login. You can then use this information to detect suspicious behavior. Data includes:
+
+- `scope` - Devise scope
+- `strategy` - `database_authenticatable` for password logins, `rememberable` for remember me cookie, or the name of the OmniAuth strategy
+- `identity` - email address
+- `success` - whether the login succeeded
+- `failure_reason` - if the login failed
+- `user` - the user if the login succeeded
+- `context` - controller and action
+- `ip` - IP address
+- `user_agent` and `referrer` - from browser
+- `city`, `region`, and `country` - from IP
+- `created_at` - time of event
+
+IP geocoding is performed in a background job so it doesn’t slow down web requests. You can disable it entirely with:
+
+```ruby
+AuthTrail.geocode = false
+```
+
+## Features
+
+Exclude certain attempts from tracking - useful if you run acceptance tests
+
+```ruby
+AuthTrail.exclude_method = proc do |info|
+  info[:identity] == "capybara@example.org"
+end
+```
+
+Write data somewhere other than the `login_activities` table.
+
+```ruby
+AuthTrail.track_method = proc do |info|
+  # code
+end
+```
+
+Set job queue for geocoding
+
+```ruby
+AuthTrail::GeocodeJob.queue_as :low
+```
+
+## Other Notes
+
+We recommend using this in addition to Devise’s `Lockable` module and [Rack::Attack](https://github.com/kickstarter/rack-attack).
+
+Works with Rails 5+
+
+## History
+
+View the [changelog](https://github.com/ankane/authtrail/blob/master/CHANGELOG.md)
+
+## Contributing
+
+Everyone is encouraged to help improve this project. Here are a few ways you can help:
+
+- [Report bugs](https://github.com/ankane/authtrail/issues)
+- Fix bugs and [submit pull requests](https://github.com/ankane/authtrail/pulls)
+- Write, clarify, or fix documentation
+- Suggest or add new features

data/Rakefile

@@ -0,0 +1,10 @@
+require "bundler/gem_tasks"
+require "rake/testtask"
+
+Rake::TestTask.new(:test) do |t|
+  t.libs << "test"
+  t.libs << "lib"
+  t.test_files = FileList["test/**/*_test.rb"]
+end
+
+task default: :test

data/app/jobs/auth_trail/geocode_job.rb

@@ -0,0 +1,21 @@
+module AuthTrail
+  class GeocodeJob < ApplicationJob
+    def perform(login_activity)
+      result =
+        begin
+          Geocoder.search(login_activity.ip).first.try(:data)
+        rescue => e
+          Rails.logger.info "Geocode failed: #{e.message}"
+          nil
+        end
+
+      if result
+        login_activity.update!(
+          city: result["city"].presence,
+          region: result["region_name"].presence,
+          country: result["country_name"].presence
+        )
+      end
+    end
+  end
+end

data/authtrail.gemspec

@@ -0,0 +1,29 @@
+
+lib = File.expand_path("../lib", __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require "auth_trail/version"
+
+Gem::Specification.new do |spec|
+  spec.name          = "authtrail"
+  spec.version       = AuthTrail::VERSION
+  spec.authors       = ["Andrew Kane"]
+  spec.email         = ["andrew@chartkick.com"]
+
+  spec.summary       = "Track Devise login activity"
+  spec.homepage      = "https://github.com/ankane/authtrail"
+
+  spec.files         = `git ls-files -z`.split("\x0").reject do |f|
+    f.match(%r{^(test|spec|features)/})
+  end
+  spec.bindir        = "exe"
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+
+  spec.add_dependency "rails", ">= 5"
+  spec.add_dependency "warden"
+  spec.add_dependency "geocoder"
+
+  spec.add_development_dependency "bundler"
+  spec.add_development_dependency "rake"
+  spec.add_development_dependency "minitest"
+end

data/lib/auth_trail/engine.rb

@@ -0,0 +1,4 @@
+module AuthTrail
+  class Engine < Rails::Engine
+  end
+end

data/lib/auth_trail/manager.rb

@@ -0,0 +1,44 @@
+module AuthTrail
+  module Manager
+    class << self
+      def after_set_user(user, auth, opts)
+        # do not raise an exception for tracking
+        AuthTrail.safely do
+          request = ActionDispatch::Request.new(auth.env)
+
+          strategy = auth.env["omniauth.auth"]["provider"] if auth.env["omniauth.auth"]
+          strategy ||= auth.winning_strategy.class.name.split("::").last.underscore if auth.winning_strategy
+          strategy ||= "database_authenticatable"
+
+          identity = user.try(:email)
+          AuthTrail.track(
+            strategy: strategy,
+            scope: opts[:scope].to_s,
+            identity: identity,
+            success: true,
+            request: request,
+            user: user
+          )
+        end
+      end
+
+      def before_failure(env, opts)
+        AuthTrail.safely do
+          if opts[:message]
+            request = ActionDispatch::Request.new(env)
+            identity = request.params[opts[:scope]] && request.params[opts[:scope]][:email] rescue nil
+
+            AuthTrail.track(
+              strategy: "database_authenticatable",
+              scope: opts[:scope].to_s,
+              identity: identity,
+              success: false,
+              request: request,
+              failure_reason: opts[:message].to_s
+            )
+          end
+        end
+      end
+    end
+  end
+end

data/lib/auth_trail/version.rb

@@ -0,0 +1,3 @@
+module AuthTrail
+  VERSION = "0.1.0"
+end

data/lib/authtrail.rb

@@ -0,0 +1,57 @@
+require "geocoder"
+require "rails"
+require "warden"
+require "auth_trail/engine"
+require "auth_trail/manager"
+require "auth_trail/version"
+
+module AuthTrail
+  class << self
+    attr_accessor :exclude_method, :geocode, :track_method
+  end
+  self.geocode = true
+
+  def self.track(strategy:, scope:, identity:, success:, request:, user: nil, failure_reason: nil)
+    info = {
+      strategy: strategy,
+      scope: scope,
+      identity: identity,
+      success: success,
+      failure_reason: failure_reason,
+      user: user,
+      context: "#{request.params[:controller]}##{request.params[:action]}",
+      ip: request.remote_ip,
+      user_agent: request.user_agent,
+      referrer: request.referrer
+    }
+
+    # if exclude_method throws an exception, default to not excluding
+    exclude = AuthTrail.exclude_method && AuthTrail.safely(default: false) { AuthTrail.exclude_method.call(info) }
+
+    unless exclude
+      if AuthTrail.track_method
+        AuthTrail.track_method.call(info)
+      else
+        login_activity = LoginActivity.create!(info)
+        AuthTrail::GeocodeJob.perform_later(login_activity) if AuthTrail.geocode
+      end
+    end
+  end
+
+  def self.safely(default: nil)
+    begin
+      yield
+    rescue => e
+      warn "[authtrail] #{e.class.name}: #{e.message}"
+      default
+    end
+  end
+end
+
+Warden::Manager.after_set_user except: :fetch do |user, auth, opts|
+  AuthTrail::Manager.after_set_user(user, auth, opts)
+end
+
+Warden::Manager.before_failure do |env, opts|
+  AuthTrail::Manager.before_failure(env, opts)
+end

data/lib/generators/authtrail/install_generator.rb

@@ -0,0 +1,36 @@
+# taken from https://github.com/collectiveidea/audited/blob/master/lib/generators/audited/install_generator.rb
+require "rails/generators"
+require "rails/generators/migration"
+require "active_record"
+require "rails/generators/active_record"
+
+module Authtrail
+  module Generators
+    class InstallGenerator < Rails::Generators::Base
+      include Rails::Generators::Migration
+      source_root File.expand_path("../templates", __FILE__)
+
+      # Implement the required interface for Rails::Generators::Migration.
+      def self.next_migration_number(dirname) #:nodoc:
+        next_migration_number = current_migration_number(dirname) + 1
+        if ::ActiveRecord::Base.timestamped_migrations
+          [Time.now.utc.strftime("%Y%m%d%H%M%S"), "%.14d" % next_migration_number].max
+        else
+          "%.3d" % next_migration_number
+        end
+      end
+
+      def copy_migration
+        migration_template "login_activities_migration.rb", "db/migrate/create_login_activities.rb", migration_version: migration_version
+      end
+
+      def generate_model
+        template "login_activity_model.rb", "app/models/login_activity.rb"
+      end
+
+      def migration_version
+        "[#{ActiveRecord::VERSION::MAJOR}.#{ActiveRecord::VERSION::MINOR}]"
+      end
+    end
+  end
+end

data/lib/generators/authtrail/templates/login_activities_migration.rb

@@ -0,0 +1,24 @@
+class <%= migration_class_name %> < ActiveRecord::Migration<%= migration_version %>
+  def change
+    create_table :login_activities do |t|
+      t.text :scope
+      t.text :strategy
+      t.text :identity
+      t.boolean :success
+      t.text :failure_reason
+      t.references :user, polymorphic: true
+      t.text :context
+      t.text :ip
+      t.text :user_agent
+      t.text :referrer
+      t.text :city
+      t.text :region
+      t.text :country
+      t.datetime :created_at
+    end
+
+    add_index :login_activities, :identity
+    add_index :login_activities, :ip
+    add_index :login_activities, :user_id
+  end
+end

data/lib/generators/authtrail/templates/login_activity_model.rb

@@ -0,0 +1,3 @@
+class LoginActivity < ApplicationRecord
+  belongs_to :user, polymorphic: true, optional: true
+end

metadata

@@ -0,0 +1,143 @@
+--- !ruby/object:Gem::Specification
+name: authtrail
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Andrew Kane
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2017-11-08 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '5'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '5'
+- !ruby/object:Gem::Dependency
+  name: warden
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: geocoder
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: minitest
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: 
+email:
+- andrew@chartkick.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- CHANGELOG.md
+- Gemfile
+- Gemfile.lock
+- LICENSE.txt
+- README.md
+- Rakefile
+- app/jobs/auth_trail/geocode_job.rb
+- authtrail.gemspec
+- lib/auth_trail/engine.rb
+- lib/auth_trail/manager.rb
+- lib/auth_trail/version.rb
+- lib/authtrail.rb
+- lib/generators/authtrail/install_generator.rb
+- lib/generators/authtrail/templates/login_activities_migration.rb
+- lib/generators/authtrail/templates/login_activity_model.rb
+homepage: https://github.com/ankane/authtrail
+licenses: []
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.6.13
+signing_key: 
+specification_version: 4
+summary: Track Devise login activity
+test_files: []