authtrail 0.1.1 → 0.2.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 0d0affe4e892e8dac1a1ddc212ebb6834ef1de340f782de0f4a19dcc230e0a51
-  data.tar.gz: 72b45a58e89181f07ea0c58e3875e67948287a2b1b0fc9aa627eac6be8aee5f8
+  metadata.gz: f88e2c20a95601d9da18766155a4eb0300ac193d7be16c56b8f293e42237163b
+  data.tar.gz: a74f7435a461fce5c2f2c12d98cc3329aeb6f45c6e54eac6192cd5d04dd1a857
 SHA512:
-  metadata.gz: 25b90ec6e2059c37c405e3e647cc39c12d3ece6a12697ac0403f0ca4b07c7b288ff73194c6fe07af1fed558bd94feb1e870e267dfba5fd6abd8adf5e3a6e18a2
-  data.tar.gz: 18428f49536b942f47d260e6d4251eaaae57c7cc6fddcb3d35fba1a3a6bb8adc8492453530569ab0c21b84181ffd2e92672ea8762ccb1c59dcb8c167c6037127
+  metadata.gz: 3a572225e8e080da90c400293ebccbb6a7808f642f2469b79e0777ed37470ccec13ebd31a6f6b57d4fc6b89d037f25c1ae1980298b68b04bdc258ff71037e578
+  data.tar.gz: 6558512fa9aa0b95932a95165c79533672f91c612116666cec6afe2743fcb7cd8357e9b230dadcab6ce503d8d8e622566c0d188d9b92cb016c37de5b46e3a09e

data/CHANGELOG.md

@@ -1,8 +1,31 @@
-## 0.1.1
+## 0.2.2 (2020-11-21)
+
+- Added `transform_method` option
+
+## 0.2.1 (2020-08-17)
+
+- Added `job_queue` option
+
+## 0.2.0 (2019-06-23)
+
+- Added latitude and longitude
+- `AuthTrail::GeocodeJob` now inherits from `ActiveJob::Base` instead of `ApplicationJob`
+- Removed support for Rails 4.2
+
+## 0.1.3 (2018-09-27)
+
+- Added support for Rails 4.2
+
+## 0.1.2 (2018-07-30)
+
+- Added `identity_method` option
+- Fixed geocoding
+
+## 0.1.1 (2018-07-13)
 
 - Improved strategy detection for failures
 - Fixed migration for MySQL
 
-## 0.1.0
+## 0.1.0 (2017-11-07)
 
 - First release

data/LICENSE.txt

@@ -1,4 +1,4 @@
-Copyright (c) 2017 Andrew Kane
+Copyright (c) 2017-2020 Andrew Kane
 
 MIT License
 

data/README.md

@@ -4,6 +4,8 @@ Track Devise login activity
 
 :tangerine: Battle-tested at [Instacart](https://www.instacart.com/opensource)
 
+[![Build Status](https://github.com/ankane/authtrail/workflows/build/badge.svg?branch=master)](https://github.com/ankane/authtrail/actions)
+
 ## Installation
 
 Add this line to your application’s Gemfile:
@@ -16,7 +18,7 @@ And run:
 
 ```sh
 rails generate authtrail:install
-rake db:migrate
+rails db:migrate
 ```
 
 ## How It Works
@@ -32,44 +34,127 @@ A `LoginActivity` record is created every time a user tries to login. You can th
 - `context` - controller and action
 - `ip` - IP address
 - `user_agent` and `referrer` - from browser
-- `city`, `region`, and `country` - from IP
+- `city`, `region`, `country`, `latitude`, and `longitude` - from IP
 - `created_at` - time of event
 
-IP geocoding is performed in a background job so it doesn’t slow down web requests. You can disable it entirely with:
+## Features
+
+Exclude certain attempts from tracking - useful if you run acceptance tests
 
 ```ruby
-AuthTrail.geocode = false
+AuthTrail.exclude_method = lambda do |data|
+  data[:identity] == "capybara@example.org"
+end
 ```
 
-## Features
+Add or modify data (also add new fields to the `login_activities` table)
 
-Exclude certain attempts from tracking - useful if you run acceptance tests
+```ruby
+AuthTrail.transform_method = lambda do |data, request|
+  data[:request_id] = request.request_id
+end
+```
+
+Store the user on failed attempts
 
 ```ruby
-AuthTrail.exclude_method = proc do |info|
-  info[:identity] == "capybara@example.org"
+AuthTrail.transform_method = lambda do |data, request|
+  data[:user] ||= User.find_by(email: data[:identity])
 end
 ```
 
-Write data somewhere other than the `login_activities` table.
+Write data somewhere other than the `login_activities` table
 
 ```ruby
-AuthTrail.track_method = proc do |info|
+AuthTrail.track_method = lambda do |data|
   # code
 end
 ```
 
+Use a custom identity method
+
+```ruby
+AuthTrail.identity_method = lambda do |request, opts, user|
+  if user
+    user.email
+  else
+    request.params.dig(opts[:scope], :email)
+  end
+end
+```
+
+Associate login activity with your user model
+
+```ruby
+class User < ApplicationRecord
+  has_many :login_activities, as: :user # use :user no matter what your model name
+end
+```
+
+The `LoginActivity` model uses a [polymorphic association](https://guides.rubyonrails.org/association_basics.html#polymorphic-associations) so it can be associated with different user models.
+
+## Geocoding
+
+IP geocoding is performed in a background job so it doesn’t slow down web requests. You can disable it entirely with:
+
+```ruby
+AuthTrail.geocode = false
+```
+
 Set job queue for geocoding
 
 ```ruby
-AuthTrail::GeocodeJob.queue_as :low
+AuthTrail.job_queue = :low_priority
+```
+
+### Geocoding Performance
+
+To avoid calls to a remote API, download the [GeoLite2 City database](https://dev.maxmind.com/geoip/geoip2/geolite2/) and configure Geocoder to use it.
+
+Add this line to your application’s Gemfile:
+
+```ruby
+gem 'maxminddb'
+```
+
+And create an initializer at `config/initializers/geocoder.rb` with:
+
+```ruby
+Geocoder.configure(
+  ip_lookup: :geoip2,
+  geoip2: {
+    file: Rails.root.join("lib", "GeoLite2-City.mmdb")
+  }
+)
+```
+
+## Data Protection
+
+Protect the privacy of your users by encrypting fields that contain personal data, such as `identity` and `ip`. [Lockbox](https://github.com/ankane/lockbox) is great for this. Use [Blind Index](https://github.com/ankane/blind_index) so you can still query the fields.
+
+```ruby
+class LoginActivity < ApplicationRecord
+  encrypts :identity, :ip
+  blind_index :identity, :ip
+end
 ```
 
 ## Other Notes
 
 We recommend using this in addition to Devise’s `Lockable` module and [Rack::Attack](https://github.com/kickstarter/rack-attack).
 
-Works with Rails 5+
+Check out [Hardening Devise](https://ankane.org/hardening-devise) and [Secure Rails](https://github.com/ankane/secure_rails) for more best practices.
+
+## Upgrading
+
+### 0.2.0
+
+To store latitude and longitude, create a migration with:
+
+```ruby
+add_column :login_activities, :latitude, :float
+add_column :login_activities, :longitude, :float
+```
 
 ## History
 
@@ -83,3 +168,12 @@ Everyone is encouraged to help improve this project. Here are a few ways you can
 - Fix bugs and [submit pull requests](https://github.com/ankane/authtrail/pulls)
 - Write, clarify, or fix documentation
 - Suggest or add new features
+
+To get started with development and testing:
+
+```sh
+git clone https://github.com/ankane/authtrail.git
+cd authtrail
+bundle install
+bundle exec rake test
+```

data/app/jobs/auth_trail/geocode_job.rb

@@ -1,20 +1,30 @@
 module AuthTrail
-  class GeocodeJob < ApplicationJob
+  class GeocodeJob < ActiveJob::Base
+    # default queue is used if queue_as returns nil
+    # Rails has a test for this
+    queue_as { AuthTrail.job_queue }
+
     def perform(login_activity)
       result =
         begin
-          Geocoder.search(login_activity.ip).first.try(:data)
+          Geocoder.search(login_activity.ip).first
         rescue => e
           Rails.logger.info "Geocode failed: #{e.message}"
           nil
         end
 
       if result
-        login_activity.update!(
-          city: result["city"].presence,
-          region: result["region_name"].presence,
-          country: result["country_name"].presence
-        )
+        attributes = {
+          city: result.try(:city),
+          region: result.try(:state),
+          country: result.try(:country),
+          latitude: result.try(:latitude),
+          longitude: result.try(:longitude)
+        }
+        attributes.each do |k, v|
+          login_activity.try("#{k}=", v.presence)
+        end
+        login_activity.save!
       end
     end
   end

data/lib/auth_trail/manager.rb

@@ -6,12 +6,10 @@ module AuthTrail
         AuthTrail.safely do
           request = ActionDispatch::Request.new(auth.env)
 
-          identity = user.try(:email)
-
           AuthTrail.track(
             strategy: detect_strategy(auth),
             scope: opts[:scope].to_s,
-            identity: identity,
+            identity: AuthTrail.identity_method.call(request, opts, user),
             success: true,
             request: request,
             user: user
@@ -21,21 +19,16 @@ module AuthTrail
 
       def before_failure(env, opts)
         AuthTrail.safely do
-          if opts[:message]
-            request = ActionDispatch::Request.new(env)
-
-            scope = opts[:scope]
-            identity = request.params[scope] && request.params[scope][:email] rescue nil
+          request = ActionDispatch::Request.new(env)
 
-            AuthTrail.track(
-              strategy: detect_strategy(env["warden"]),
-              scope: scope.to_s,
-              identity: identity,
-              success: false,
-              request: request,
-              failure_reason: opts[:message].to_s
-            )
-          end
+          AuthTrail.track(
+            strategy: detect_strategy(env["warden"]),
+            scope: opts[:scope].to_s,
+            identity: AuthTrail.identity_method.call(request, opts, nil),
+            success: false,
+            request: request,
+            failure_reason: opts[:message].to_s
+          )
         end
       end
 

data/lib/auth_trail/version.rb

@@ -1,3 +1,3 @@
 module AuthTrail
-  VERSION = "0.1.1"
+  VERSION = "0.2.2"
 end

data/lib/authtrail.rb

@@ -9,32 +9,51 @@ require "auth_trail/version"
 
 module AuthTrail
   class << self
-    attr_accessor :exclude_method, :geocode, :track_method
+    attr_accessor :exclude_method, :geocode, :track_method, :identity_method, :job_queue, :transform_method
   end
   self.geocode = true
+  self.identity_method = lambda do |request, opts, user|
+    if user
+      user.try(:email)
+    else
+      scope = opts[:scope]
+      request.params[scope] && request.params[scope][:email] rescue nil
+    end
+  end
 
   def self.track(strategy:, scope:, identity:, success:, request:, user: nil, failure_reason: nil)
-    info = {
+    data = {
       strategy: strategy,
       scope: scope,
       identity: identity,
       success: success,
       failure_reason: failure_reason,
       user: user,
-      context: "#{request.params[:controller]}##{request.params[:action]}",
       ip: request.remote_ip,
       user_agent: request.user_agent,
       referrer: request.referrer
     }
 
+    if request.params[:controller]
+      data[:context] = "#{request.params[:controller]}##{request.params[:action]}"
+    end
+
+    # add request data before exclude_method since exclude_method doesn't have access to request
+    # could also add 2nd argument to exclude_method when arity > 1
+    AuthTrail.transform_method.call(data, request) if AuthTrail.transform_method
+
     # if exclude_method throws an exception, default to not excluding
-    exclude = AuthTrail.exclude_method && AuthTrail.safely(default: false) { AuthTrail.exclude_method.call(info) }
+    exclude = AuthTrail.exclude_method && AuthTrail.safely(default: false) { AuthTrail.exclude_method.call(data) }
 
     unless exclude
       if AuthTrail.track_method
-        AuthTrail.track_method.call(info)
+        AuthTrail.track_method.call(data)
       else
-        login_activity = LoginActivity.create!(info)
+        login_activity = LoginActivity.new
+        data.each do |k, v|
+          login_activity.try("#{k}=", v)
+        end
+        login_activity.save!
         AuthTrail::GeocodeJob.perform_later(login_activity) if AuthTrail.geocode
       end
     end
@@ -55,5 +74,5 @@ Warden::Manager.after_set_user except: :fetch do |user, auth, opts|
 end
 
 Warden::Manager.before_failure do |env, opts|
-  AuthTrail::Manager.before_failure(env, opts)
+  AuthTrail::Manager.before_failure(env, opts) if opts[:message]
 end

data/lib/generators/authtrail/install_generator.rb

@@ -1,24 +1,10 @@
-# taken from https://github.com/collectiveidea/audited/blob/master/lib/generators/audited/install_generator.rb
-require "rails/generators"
-require "rails/generators/migration"
-require "active_record"
 require "rails/generators/active_record"
 
 module Authtrail
   module Generators
     class InstallGenerator < Rails::Generators::Base
-      include Rails::Generators::Migration
-      source_root File.expand_path("../templates", __FILE__)
-
-      # Implement the required interface for Rails::Generators::Migration.
-      def self.next_migration_number(dirname) #:nodoc:
-        next_migration_number = current_migration_number(dirname) + 1
-        if ::ActiveRecord::Base.timestamped_migrations
-          [Time.now.utc.strftime("%Y%m%d%H%M%S"), "%.14d" % next_migration_number].max
-        else
-          "%.3d" % next_migration_number
-        end
-      end
+      include ActiveRecord::Generators::Migration
+      source_root File.join(__dir__, "templates")
 
       def copy_migration
         migration_template "login_activities_migration.rb", "db/migrate/create_login_activities.rb", migration_version: migration_version

data/lib/generators/authtrail/templates/{login_activities_migration.rb → login_activities_migration.rb.tt}

@@ -1,19 +1,21 @@
 class <%= migration_class_name %> < ActiveRecord::Migration<%= migration_version %>
   def change
     create_table :login_activities do |t|
-      t.text :scope
-      t.text :strategy
+      t.string :scope
+      t.string :strategy
       t.string :identity
       t.boolean :success
-      t.text :failure_reason
+      t.string :failure_reason
       t.references :user, polymorphic: true
-      t.text :context
+      t.string :context
       t.string :ip
       t.text :user_agent
       t.text :referrer
-      t.text :city
-      t.text :region
-      t.text :country
+      t.string :city
+      t.string :region
+      t.string :country
+      t.float :latitude
+      t.float :longitude
       t.datetime :created_at
     end
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: authtrail
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 0.2.2
 platform: ruby
 authors:
 - Andrew Kane
-autorequire: 
-bindir: exe
+autorequire:
+bindir: bin
 cert_chain: []
-date: 2018-07-13 00:00:00.000000000 Z
+date: 2020-11-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: railties
@@ -96,6 +96,20 @@ dependencies:
         version: '0'
 - !ruby/object:Gem::Dependency
   name: minitest
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '5'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '5'
+- !ruby/object:Gem::Dependency
+  name: combustion
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -108,32 +122,70 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-description: 
-email:
-- andrew@chartkick.com
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: sqlite3
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: devise
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description:
+email: andrew@chartkick.com
 executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- ".gitignore"
 - CHANGELOG.md
-- Gemfile
 - LICENSE.txt
 - README.md
-- Rakefile
 - app/jobs/auth_trail/geocode_job.rb
-- authtrail.gemspec
 - lib/auth_trail/engine.rb
 - lib/auth_trail/manager.rb
 - lib/auth_trail/version.rb
 - lib/authtrail.rb
 - lib/generators/authtrail/install_generator.rb
-- lib/generators/authtrail/templates/login_activities_migration.rb
-- lib/generators/authtrail/templates/login_activity_model.rb
+- lib/generators/authtrail/templates/login_activities_migration.rb.tt
+- lib/generators/authtrail/templates/login_activity_model.rb.tt
 homepage: https://github.com/ankane/authtrail
-licenses: []
+licenses:
+- MIT
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -141,16 +193,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '0'
+      version: '2.4'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.7
-signing_key: 
+rubygems_version: 3.1.4
+signing_key:
 specification_version: 4
 summary: Track Devise login activity
 test_files: []

data/.gitignore

@@ -1,9 +0,0 @@
-/.bundle/
-/.yardoc
-/_yardoc/
-/coverage/
-/doc/
-/pkg/
-/spec/reports/
-/tmp/
-Gemfile.lock

data/Gemfile

@@ -1,6 +0,0 @@
-source "https://rubygems.org"
-
-git_source(:github) {|repo_name| "https://github.com/#{repo_name}" }
-
-# Specify your gem's dependencies in authtrail.gemspec
-gemspec

data/Rakefile

@@ -1,10 +0,0 @@
-require "bundler/gem_tasks"
-require "rake/testtask"
-
-Rake::TestTask.new(:test) do |t|
-  t.libs << "test"
-  t.libs << "lib"
-  t.test_files = FileList["test/**/*_test.rb"]
-end
-
-task default: :test

data/authtrail.gemspec

@@ -1,30 +0,0 @@
-
-lib = File.expand_path("../lib", __FILE__)
-$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
-require "auth_trail/version"
-
-Gem::Specification.new do |spec|
-  spec.name          = "authtrail"
-  spec.version       = AuthTrail::VERSION
-  spec.authors       = ["Andrew Kane"]
-  spec.email         = ["andrew@chartkick.com"]
-
-  spec.summary       = "Track Devise login activity"
-  spec.homepage      = "https://github.com/ankane/authtrail"
-
-  spec.files         = `git ls-files -z`.split("\x0").reject do |f|
-    f.match(%r{^(test|spec|features)/})
-  end
-  spec.bindir        = "exe"
-  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
-  spec.require_paths = ["lib"]
-
-  spec.add_dependency "railties", ">= 5"
-  spec.add_dependency "activerecord", ">= 5"
-  spec.add_dependency "warden"
-  spec.add_dependency "geocoder"
-
-  spec.add_development_dependency "bundler"
-  spec.add_development_dependency "rake"
-  spec.add_development_dependency "minitest"
-end