authtrail 0.1.2 → 0.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 686cc3a7c96d52e4cf5ac79c4268bdb0cd9b670978ac23668af4e8e0d4f11b08
-  data.tar.gz: 073fd3fefbe1cee4eca8daa2ee3fe13ea2aefd1c3f3d1d868daafa1fe40b7511
+  metadata.gz: e54d90f6f3527e7f9f37276deda00150f33b472069b97bd66b0d27f0a3a44c6f
+  data.tar.gz: aa1cd0b4fc8e01590efbd51cd872a57a3ef6e984c844166f261ebd01230a771a
 SHA512:
-  metadata.gz: 5b2afdc6ab493f2d8c3759d9d0d145b518f3447250889ce5013f737629d3bd89248ddb7413d8f75c2452a221ed950404355a9763814bdcfffe158bb89a7a2da7
-  data.tar.gz: ac21a072dd8328cb749a65aedd12188de9cc93501d5ad54bb4ada4b0a56e24bc1cc1116f8d32dfeb3c8a3d28a066258ffc05bbec655c94ec08a30c3ff7e1fee0
+  metadata.gz: b640a2f9705502d2405fc15d1bf4bf6082cac388addef26b3592514af117508db8b5f35306f5bd93555472f25e58a86b42d1ade276083bf4b4c4db6dea284ec8
+  data.tar.gz: 80475eaba75303cffdf3313706a3a58e73718804414002559780a55a1041616de61da596f9b67f79b57e71998e9c27a8c590faefdb0febaaa9834fd74b897a55

data/CHANGELOG.md

@@ -1,13 +1,37 @@
-## 0.1.2
+## 0.3.0 (2021-03-01)
+
+- Disabled geocoding by default for new installations
+- Raise an exception instead of logging when auditing fails
+- Removed support for Rails < 5.2 and Ruby < 2.6
+
+## 0.2.2 (2020-11-21)
+
+- Added `transform_method` option
+
+## 0.2.1 (2020-08-17)
+
+- Added `job_queue` option
+
+## 0.2.0 (2019-06-23)
+
+- Added latitude and longitude
+- `AuthTrail::GeocodeJob` now inherits from `ActiveJob::Base` instead of `ApplicationJob`
+- Removed support for Rails 4.2
+
+## 0.1.3 (2018-09-27)
+
+- Added support for Rails 4.2
+
+## 0.1.2 (2018-07-30)
 
 - Added `identity_method` option
 - Fixed geocoding
 
-## 0.1.1
+## 0.1.1 (2018-07-13)
 
 - Improved strategy detection for failures
 - Fixed migration for MySQL
 
-## 0.1.0
+## 0.1.0 (2017-11-07)
 
 - First release

data/LICENSE.txt

@@ -1,4 +1,4 @@
-Copyright (c) 2017 Andrew Kane
+Copyright (c) 2017-2021 Andrew Kane
 
 MIT License
 

data/README.md

@@ -4,6 +4,8 @@ Track Devise login activity
 
 :tangerine: Battle-tested at [Instacart](https://www.instacart.com/opensource)
 
+[![Build Status](https://github.com/ankane/authtrail/workflows/build/badge.svg?branch=master)](https://github.com/ankane/authtrail/actions)
+
 ## Installation
 
 Add this line to your application’s Gemfile:
@@ -32,7 +34,7 @@ A `LoginActivity` record is created every time a user tries to login. You can th
 - `context` - controller and action
 - `ip` - IP address
 - `user_agent` and `referrer` - from browser
-- `city`, `region`, and `country` - from IP
+- `city`, `region`, `country`, `latitude`, and `longitude` - from IP
 - `created_at` - time of event
 
 ## Features
@@ -40,20 +42,36 @@ A `LoginActivity` record is created every time a user tries to login. You can th
 Exclude certain attempts from tracking - useful if you run acceptance tests
 
 ```ruby
-AuthTrail.exclude_method = lambda do |info|
-  info[:identity] == "capybara@example.org"
+AuthTrail.exclude_method = lambda do |data|
+  data[:identity] == "capybara@example.org"
+end
+```
+
+Add or modify data - also add new fields to the `login_activities` table if needed
+
+```ruby
+AuthTrail.transform_method = lambda do |data, request|
+  data[:request_id] = request.request_id
+end
+```
+
+Store the user on failed attempts
+
+```ruby
+AuthTrail.transform_method = lambda do |data, request|
+  data[:user] ||= User.find_by(email: data[:identity])
 end
 ```
 
 Write data somewhere other than the `login_activities` table
 
 ```ruby
-AuthTrail.track_method = lambda do |info|
+AuthTrail.track_method = lambda do |data|
   # code
 end
 ```
 
-Use a custom identity method [master]
+Use a custom identity method
 
 ```ruby
 AuthTrail.identity_method = lambda do |request, opts, user|
@@ -73,63 +91,88 @@ class User < ApplicationRecord
 end
 ```
 
-The `LoginActivity` model uses a [polymorphic association](http://guides.rubyonrails.org/association_basics.html#polymorphic-associations) so it can be associated with different user models.
+The `LoginActivity` model uses a [polymorphic association](https://guides.rubyonrails.org/association_basics.html#polymorphic-associations) so it can be associated with different user models.
 
 ## Geocoding
 
-IP geocoding is performed in a background job so it doesn’t slow down web requests. You can disable it entirely with:
+AuthTrail uses [Geocoder](https://github.com/alexreisner/geocoder) for geocoding. We recommend configuring [local geocoding](#local-geocoding) so IP addresses are not sent to a 3rd party service. If you do use a 3rd party service and adhere to GDPR, be sure to add it to your subprocessor list.
+
+To enable geocoding, update `config/initializers/authtrail.rb`:
 
 ```ruby
-AuthTrail.geocode = false
+AuthTrail.geocode = true
 ```
 
-Set job queue for geocoding
+Geocoding is performed in a background job so it doesn’t slow down web requests. Set the job queue with:
 
 ```ruby
-AuthTrail::GeocodeJob.queue_as :low
+AuthTrail.job_queue = :low_priority
 ```
 
-### Geocoding Performance
+### Local Geocoding
 
-To avoid calls to a remote API, download the [GeoLite2 City database](https://dev.maxmind.com/geoip/geoip2/geolite2/) and configure Geocoder to use it.
-
-Add this line to your application’s Gemfile:
+For privacy and performance, we recommend geocoding locally. Add this line to your application’s Gemfile:
 
 ```ruby
 gem 'maxminddb'
 ```
 
-And create an initializer at `config/initializers/geocoder.rb` with:
+For city-level geocoding, download the [GeoLite2 City database](https://dev.maxmind.com/geoip/geoip2/geolite2/) and create `config/initializers/geocoder.rb` with:
 
 ```ruby
 Geocoder.configure(
   ip_lookup: :geoip2,
   geoip2: {
-    file: Rails.root.join("lib", "GeoLite2-City.mmdb")
+    file: "path/to/GeoLite2-City.mmdb"
+  }
+)
+```
+
+For country-level geocoding, install the `geoip-database` package. It’s preinstalled on Heroku. For Ubuntu, use:
+
+```sh
+sudo apt-get install geoip-database
+```
+
+And create `config/initializers/geocoder.rb` with:
+
+```ruby
+Geocoder.configure(
+  ip_lookup: :maxmind_local,
+  maxmind_local: {
+    file: "/usr/share/GeoIP/GeoIP.dat",
+    package: :country
   }
 )
 ```
 
 ## Data Protection
 
-Protect the privacy of your users by encrypting fields that contain personal information, such as `identity` and `ip`. [attr_encrypted](https://github.com/attr-encrypted/attr_encrypted) is great for this.
+Protect the privacy of your users by encrypting fields that contain personal data, such as `identity` and `ip`. [Lockbox](https://github.com/ankane/lockbox) is great for this. Use [Blind Index](https://github.com/ankane/blind_index) so you can still query the fields.
 
 ```ruby
 class LoginActivity < ApplicationRecord
-  attr_encrypted :identity, ...
-  attr_encrypted :ip, ...
+  encrypts :identity, :ip
+  blind_index :identity, :ip
 end
 ```
 
-You should also make it clear that you collect this information in your privacy policy.
-
 ## Other Notes
 
 We recommend using this in addition to Devise’s `Lockable` module and [Rack::Attack](https://github.com/kickstarter/rack-attack).
 
-Check out [Hardening Devise](https://github.com/ankane/shorts/blob/master/Hardening-Devise.md) and [Secure Rails](https://github.com/ankane/secure_rails) for more best practices.
+Check out [Hardening Devise](https://ankane.org/hardening-devise) and [Secure Rails](https://github.com/ankane/secure_rails) for more best practices.
+
+## Upgrading
 
-Works with Rails 5+
+### 0.2.0
+
+To store latitude and longitude, create a migration with:
+
+```ruby
+add_column :login_activities, :latitude, :float
+add_column :login_activities, :longitude, :float
+```
 
 ## History
 
@@ -143,3 +186,12 @@ Everyone is encouraged to help improve this project. Here are a few ways you can
 - Fix bugs and [submit pull requests](https://github.com/ankane/authtrail/pulls)
 - Write, clarify, or fix documentation
 - Suggest or add new features
+
+To get started with development and testing:
+
+```sh
+git clone https://github.com/ankane/authtrail.git
+cd authtrail
+bundle install
+bundle exec rake test
+```

data/app/jobs/auth_trail/geocode_job.rb

@@ -1,5 +1,9 @@
 module AuthTrail
-  class GeocodeJob < ApplicationJob
+  class GeocodeJob < ActiveJob::Base
+    # default queue is used if queue_as returns nil
+    # Rails has a test for this
+    queue_as { AuthTrail.job_queue }
+
     def perform(login_activity)
       result =
         begin
@@ -10,11 +14,17 @@ module AuthTrail
         end
 
       if result
-        login_activity.update!(
-          city: result.try(:city).presence,
-          region: result.try(:state).presence,
-          country: result.try(:country).presence
-        )
+        attributes = {
+          city: result.try(:city),
+          region: result.try(:state),
+          country: result.try(:country),
+          latitude: result.try(:latitude),
+          longitude: result.try(:longitude)
+        }
+        attributes.each do |k, v|
+          login_activity.try("#{k}=", v.presence)
+        end
+        login_activity.save!
       end
     end
   end

data/lib/auth_trail/manager.rb

@@ -2,36 +2,29 @@ module AuthTrail
   module Manager
     class << self
       def after_set_user(user, auth, opts)
-        # do not raise an exception for tracking
-        AuthTrail.safely do
-          request = ActionDispatch::Request.new(auth.env)
+        request = ActionDispatch::Request.new(auth.env)
 
-          AuthTrail.track(
-            strategy: detect_strategy(auth),
-            scope: opts[:scope].to_s,
-            identity: AuthTrail.identity_method.call(request, opts, user),
-            success: true,
-            request: request,
-            user: user
-          )
-        end
+        AuthTrail.track(
+          strategy: detect_strategy(auth),
+          scope: opts[:scope].to_s,
+          identity: AuthTrail.identity_method.call(request, opts, user),
+          success: true,
+          request: request,
+          user: user
+        )
       end
 
       def before_failure(env, opts)
-        AuthTrail.safely do
-          if opts[:message]
-            request = ActionDispatch::Request.new(env)
+        request = ActionDispatch::Request.new(env)
 
-            AuthTrail.track(
-              strategy: detect_strategy(env["warden"]),
-              scope: opts[:scope].to_s,
-              identity: AuthTrail.identity_method.call(request, opts, nil),
-              success: false,
-              request: request,
-              failure_reason: opts[:message].to_s
-            )
-          end
-        end
+        AuthTrail.track(
+          strategy: detect_strategy(env["warden"]),
+          scope: opts[:scope].to_s,
+          identity: AuthTrail.identity_method.call(request, opts, nil),
+          success: false,
+          request: request,
+          failure_reason: opts[:message].to_s
+        )
       end
 
       private

data/lib/auth_trail/version.rb

@@ -1,3 +1,3 @@
 module AuthTrail
-  VERSION = "0.1.2"
+  VERSION = "0.3.0"
 end

data/lib/authtrail.rb

@@ -9,7 +9,7 @@ require "auth_trail/version"
 
 module AuthTrail
   class << self
-    attr_accessor :exclude_method, :geocode, :track_method, :identity_method
+    attr_accessor :exclude_method, :geocode, :track_method, :identity_method, :job_queue, :transform_method
   end
   self.geocode = true
   self.identity_method = lambda do |request, opts, user|
@@ -22,7 +22,7 @@ module AuthTrail
   end
 
   def self.track(strategy:, scope:, identity:, success:, request:, user: nil, failure_reason: nil)
-    info = {
+    data = {
       strategy: strategy,
       scope: scope,
       identity: identity,
@@ -35,17 +35,25 @@ module AuthTrail
     }
 
     if request.params[:controller]
-      info[:context] = "#{request.params[:controller]}##{request.params[:action]}"
+      data[:context] = "#{request.params[:controller]}##{request.params[:action]}"
     end
 
+    # add request data before exclude_method since exclude_method doesn't have access to request
+    # could also add 2nd argument to exclude_method when arity > 1
+    AuthTrail.transform_method.call(data, request) if AuthTrail.transform_method
+
     # if exclude_method throws an exception, default to not excluding
-    exclude = AuthTrail.exclude_method && AuthTrail.safely(default: false) { AuthTrail.exclude_method.call(info) }
+    exclude = AuthTrail.exclude_method && AuthTrail.safely(default: false) { AuthTrail.exclude_method.call(data) }
 
     unless exclude
       if AuthTrail.track_method
-        AuthTrail.track_method.call(info)
+        AuthTrail.track_method.call(data)
       else
-        login_activity = LoginActivity.create!(info)
+        login_activity = LoginActivity.new
+        data.each do |k, v|
+          login_activity.try("#{k}=", v)
+        end
+        login_activity.save!
         AuthTrail::GeocodeJob.perform_later(login_activity) if AuthTrail.geocode
       end
     end
@@ -66,5 +74,5 @@ Warden::Manager.after_set_user except: :fetch do |user, auth, opts|
 end
 
 Warden::Manager.before_failure do |env, opts|
-  AuthTrail::Manager.before_failure(env, opts)
+  AuthTrail::Manager.before_failure(env, opts) if opts[:message]
 end

data/lib/generators/authtrail/install_generator.rb

@@ -1,29 +1,19 @@
-# taken from https://github.com/collectiveidea/audited/blob/master/lib/generators/audited/install_generator.rb
-require "rails/generators"
-require "rails/generators/migration"
-require "active_record"
 require "rails/generators/active_record"
 
 module Authtrail
   module Generators
     class InstallGenerator < Rails::Generators::Base
-      include Rails::Generators::Migration
-      source_root File.expand_path("../templates", __FILE__)
-
-      # Implement the required interface for Rails::Generators::Migration.
-      def self.next_migration_number(dirname) #:nodoc:
-        next_migration_number = current_migration_number(dirname) + 1
-        if ::ActiveRecord::Base.timestamped_migrations
-          [Time.now.utc.strftime("%Y%m%d%H%M%S"), "%.14d" % next_migration_number].max
-        else
-          "%.3d" % next_migration_number
-        end
-      end
+      include ActiveRecord::Generators::Migration
+      source_root File.join(__dir__, "templates")
 
       def copy_migration
         migration_template "login_activities_migration.rb", "db/migrate/create_login_activities.rb", migration_version: migration_version
       end
 
+      def copy_templates
+        template "initializer.rb", "config/initializers/authtrail.rb"
+      end
+
       def generate_model
         template "login_activity_model.rb", "app/models/login_activity.rb"
       end

data/lib/generators/authtrail/templates/initializer.rb.tt

@@ -0,0 +1,14 @@
+# set to true for geocoding
+# we recommend configuring local geocoding first
+# see https://github.com/ankane/authtrail#geocoding
+AuthTrail.geocode = false
+
+# add or modify data
+# AuthTrail.transform_method = lambda do |data, request|
+#   data[:request_id] = request.request_id
+# end
+
+# exclude certain attempts from tracking
+# AuthTrail.exclude_method = lambda do |data|
+#   data[:identity] == "capybara@example.org"
+# end

data/lib/generators/authtrail/templates/{login_activities_migration.rb → login_activities_migration.rb.tt}

@@ -14,6 +14,8 @@ class <%= migration_class_name %> < ActiveRecord::Migration<%= migration_version
       t.string :city
       t.string :region
       t.string :country
+      t.float :latitude
+      t.float :longitude
       t.datetime :created_at
     end
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: authtrail
 version: !ruby/object:Gem::Version
-  version: 0.1.2
+  version: 0.3.0
 platform: ruby
 authors:
 - Andrew Kane
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2018-07-31 00:00:00.000000000 Z
+date: 2021-03-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: railties
@@ -16,28 +16,28 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '5'
+        version: '5.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '5'
+        version: '5.2'
 - !ruby/object:Gem::Dependency
   name: activerecord
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '5'
+        version: '5.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '5'
+        version: '5.2'
 - !ruby/object:Gem::Dependency
   name: warden
   requirement: !ruby/object:Gem::Requirement
@@ -66,50 +66,8 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-- !ruby/object:Gem::Dependency
-  name: bundler
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: rake
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: minitest
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-description: 
-email: andrew@chartkick.com
+description:
+email: andrew@ankane.org
 executables: []
 extensions: []
 extra_rdoc_files: []
@@ -123,13 +81,14 @@ files:
 - lib/auth_trail/version.rb
 - lib/authtrail.rb
 - lib/generators/authtrail/install_generator.rb
-- lib/generators/authtrail/templates/login_activities_migration.rb
-- lib/generators/authtrail/templates/login_activity_model.rb
+- lib/generators/authtrail/templates/initializer.rb.tt
+- lib/generators/authtrail/templates/login_activities_migration.rb.tt
+- lib/generators/authtrail/templates/login_activity_model.rb.tt
 homepage: https://github.com/ankane/authtrail
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -137,16 +96,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '2.2'
+      version: '2.6'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.7
-signing_key: 
+rubygems_version: 3.2.3
+signing_key:
 specification_version: 4
 summary: Track Devise login activity
 test_files: []