authtrail 0.1.3 → 0.3.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +28 -4
- data/LICENSE.txt +1 -1
- data/README.md +92 -25
- data/app/jobs/auth_trail/geocode_job.rb +16 -6
- data/lib/auth_trail/manager.rb +18 -25
- data/lib/auth_trail/version.rb +1 -1
- data/lib/authtrail.rb +15 -7
- data/lib/generators/authtrail/install_generator.rb +28 -28
- data/lib/generators/authtrail/templates/initializer.rb.tt +14 -0
- data/lib/generators/authtrail/templates/login_activities_migration.rb.tt +4 -5
- data/lib/generators/authtrail/templates/model.rb.tt +3 -0
- data/lib/generators/authtrail/templates/model_lockbox.rb.tt +14 -0
- metadata +16 -57
- data/lib/generators/authtrail/templates/login_activity_model.rb.tt +0 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: eb0329a5efc01b445b4686a7e1712d6937f57d52443ad880802c5a79c6e746c4
|
|
4
|
+
data.tar.gz: d4ac5c96149eebd39ba9964303758e48b537e1823345e27117ce35bf1ff7752a
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 837b7df27b74e7c4ac54855bc40584c0fb7ed5291abb5f7627d13d9bd5fa8adfb25bdb50f2292721c67394ca5a8274b8e95a881bf63213dea7a73b927da204ae
|
|
7
|
+
data.tar.gz: 20b98bad8507a73e67fececc5cb2811a98013e4f449ab8d8b9c97227a4ffb33ecdf1237228c3282ebd3449f2b04cd080369b75d3c1f4f6fa585155169d1433cd
|
data/CHANGELOG.md
CHANGED
|
@@ -1,17 +1,41 @@
|
|
|
1
|
-
## 0.1
|
|
1
|
+
## 0.3.1 (2021-03-03)
|
|
2
|
+
|
|
3
|
+
- Added `--lockbox` option to install generator
|
|
4
|
+
|
|
5
|
+
## 0.3.0 (2021-03-01)
|
|
6
|
+
|
|
7
|
+
- Disabled geocoding by default for new installations
|
|
8
|
+
- Raise an exception instead of logging when auditing fails
|
|
9
|
+
- Removed support for Rails < 5.2 and Ruby < 2.6
|
|
10
|
+
|
|
11
|
+
## 0.2.2 (2020-11-21)
|
|
12
|
+
|
|
13
|
+
- Added `transform_method` option
|
|
14
|
+
|
|
15
|
+
## 0.2.1 (2020-08-17)
|
|
16
|
+
|
|
17
|
+
- Added `job_queue` option
|
|
18
|
+
|
|
19
|
+
## 0.2.0 (2019-06-23)
|
|
20
|
+
|
|
21
|
+
- Added latitude and longitude
|
|
22
|
+
- `AuthTrail::GeocodeJob` now inherits from `ActiveJob::Base` instead of `ApplicationJob`
|
|
23
|
+
- Removed support for Rails 4.2
|
|
24
|
+
|
|
25
|
+
## 0.1.3 (2018-09-27)
|
|
2
26
|
|
|
3
27
|
- Added support for Rails 4.2
|
|
4
28
|
|
|
5
|
-
## 0.1.2
|
|
29
|
+
## 0.1.2 (2018-07-30)
|
|
6
30
|
|
|
7
31
|
- Added `identity_method` option
|
|
8
32
|
- Fixed geocoding
|
|
9
33
|
|
|
10
|
-
## 0.1.1
|
|
34
|
+
## 0.1.1 (2018-07-13)
|
|
11
35
|
|
|
12
36
|
- Improved strategy detection for failures
|
|
13
37
|
- Fixed migration for MySQL
|
|
14
38
|
|
|
15
|
-
## 0.1.0
|
|
39
|
+
## 0.1.0 (2017-11-07)
|
|
16
40
|
|
|
17
41
|
- First release
|
data/LICENSE.txt
CHANGED
data/README.md
CHANGED
|
@@ -4,6 +4,8 @@ Track Devise login activity
|
|
|
4
4
|
|
|
5
5
|
:tangerine: Battle-tested at [Instacart](https://www.instacart.com/opensource)
|
|
6
6
|
|
|
7
|
+
[](https://github.com/ankane/authtrail/actions)
|
|
8
|
+
|
|
7
9
|
## Installation
|
|
8
10
|
|
|
9
11
|
Add this line to your application’s Gemfile:
|
|
@@ -12,7 +14,14 @@ Add this line to your application’s Gemfile:
|
|
|
12
14
|
gem 'authtrail'
|
|
13
15
|
```
|
|
14
16
|
|
|
15
|
-
|
|
17
|
+
To encrypt email and IP addresses, install [Lockbox](https://github.com/ankane/lockbox) and [Blind Index](https://github.com/ankane/blind_index) and run:
|
|
18
|
+
|
|
19
|
+
```sh
|
|
20
|
+
rails generate authtrail:install --lockbox
|
|
21
|
+
rails db:migrate
|
|
22
|
+
```
|
|
23
|
+
|
|
24
|
+
If you prefer not to encrypt data, run:
|
|
16
25
|
|
|
17
26
|
```sh
|
|
18
27
|
rails generate authtrail:install
|
|
@@ -32,7 +41,7 @@ A `LoginActivity` record is created every time a user tries to login. You can th
|
|
|
32
41
|
- `context` - controller and action
|
|
33
42
|
- `ip` - IP address
|
|
34
43
|
- `user_agent` and `referrer` - from browser
|
|
35
|
-
- `city`, `region`, and `
|
|
44
|
+
- `city`, `region`, `country`, `latitude`, and `longitude` - from IP
|
|
36
45
|
- `created_at` - time of event
|
|
37
46
|
|
|
38
47
|
## Features
|
|
@@ -40,20 +49,36 @@ A `LoginActivity` record is created every time a user tries to login. You can th
|
|
|
40
49
|
Exclude certain attempts from tracking - useful if you run acceptance tests
|
|
41
50
|
|
|
42
51
|
```ruby
|
|
43
|
-
AuthTrail.exclude_method = lambda do |
|
|
44
|
-
|
|
52
|
+
AuthTrail.exclude_method = lambda do |data|
|
|
53
|
+
data[:identity] == "capybara@example.org"
|
|
54
|
+
end
|
|
55
|
+
```
|
|
56
|
+
|
|
57
|
+
Add or modify data - also add new fields to the `login_activities` table if needed
|
|
58
|
+
|
|
59
|
+
```ruby
|
|
60
|
+
AuthTrail.transform_method = lambda do |data, request|
|
|
61
|
+
data[:request_id] = request.request_id
|
|
62
|
+
end
|
|
63
|
+
```
|
|
64
|
+
|
|
65
|
+
Store the user on failed attempts
|
|
66
|
+
|
|
67
|
+
```ruby
|
|
68
|
+
AuthTrail.transform_method = lambda do |data, request|
|
|
69
|
+
data[:user] ||= User.find_by(email: data[:identity])
|
|
45
70
|
end
|
|
46
71
|
```
|
|
47
72
|
|
|
48
73
|
Write data somewhere other than the `login_activities` table
|
|
49
74
|
|
|
50
75
|
```ruby
|
|
51
|
-
AuthTrail.track_method = lambda do |
|
|
76
|
+
AuthTrail.track_method = lambda do |data|
|
|
52
77
|
# code
|
|
53
78
|
end
|
|
54
79
|
```
|
|
55
80
|
|
|
56
|
-
Use a custom identity method
|
|
81
|
+
Use a custom identity method
|
|
57
82
|
|
|
58
83
|
```ruby
|
|
59
84
|
AuthTrail.identity_method = lambda do |request, opts, user|
|
|
@@ -73,63 +98,96 @@ class User < ApplicationRecord
|
|
|
73
98
|
end
|
|
74
99
|
```
|
|
75
100
|
|
|
76
|
-
The `LoginActivity` model uses a [polymorphic association](
|
|
101
|
+
The `LoginActivity` model uses a [polymorphic association](https://guides.rubyonrails.org/association_basics.html#polymorphic-associations) so it can be associated with different user models.
|
|
77
102
|
|
|
78
103
|
## Geocoding
|
|
79
104
|
|
|
80
|
-
|
|
105
|
+
AuthTrail uses [Geocoder](https://github.com/alexreisner/geocoder) for geocoding. We recommend configuring [local geocoding](#local-geocoding) or [load balancer geocoding](#load-balancer-geocoding) so IP addresses are not sent to a 3rd party service. If you do use a 3rd party service and adhere to GDPR, be sure to add it to your subprocessor list.
|
|
106
|
+
|
|
107
|
+
To enable geocoding, update `config/initializers/authtrail.rb`:
|
|
81
108
|
|
|
82
109
|
```ruby
|
|
83
|
-
AuthTrail.geocode =
|
|
110
|
+
AuthTrail.geocode = true
|
|
84
111
|
```
|
|
85
112
|
|
|
86
|
-
Set job queue
|
|
113
|
+
Geocoding is performed in a background job so it doesn’t slow down web requests. Set the job queue with:
|
|
87
114
|
|
|
88
115
|
```ruby
|
|
89
|
-
AuthTrail
|
|
116
|
+
AuthTrail.job_queue = :low_priority
|
|
90
117
|
```
|
|
91
118
|
|
|
92
|
-
### Geocoding
|
|
119
|
+
### Local Geocoding
|
|
93
120
|
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
Add this line to your application’s Gemfile:
|
|
121
|
+
For privacy and performance, we recommend geocoding locally. Add this line to your application’s Gemfile:
|
|
97
122
|
|
|
98
123
|
```ruby
|
|
99
124
|
gem 'maxminddb'
|
|
100
125
|
```
|
|
101
126
|
|
|
102
|
-
|
|
127
|
+
For city-level geocoding, download the [GeoLite2 City database](https://dev.maxmind.com/geoip/geoip2/geolite2/) and create `config/initializers/geocoder.rb` with:
|
|
103
128
|
|
|
104
129
|
```ruby
|
|
105
130
|
Geocoder.configure(
|
|
106
131
|
ip_lookup: :geoip2,
|
|
107
132
|
geoip2: {
|
|
108
|
-
file:
|
|
133
|
+
file: "path/to/GeoLite2-City.mmdb"
|
|
134
|
+
}
|
|
135
|
+
)
|
|
136
|
+
```
|
|
137
|
+
|
|
138
|
+
For country-level geocoding, install the `geoip-database` package. It’s preinstalled on Heroku. For Ubuntu, use:
|
|
139
|
+
|
|
140
|
+
```sh
|
|
141
|
+
sudo apt-get install geoip-database
|
|
142
|
+
```
|
|
143
|
+
|
|
144
|
+
And create `config/initializers/geocoder.rb` with:
|
|
145
|
+
|
|
146
|
+
```ruby
|
|
147
|
+
Geocoder.configure(
|
|
148
|
+
ip_lookup: :maxmind_local,
|
|
149
|
+
maxmind_local: {
|
|
150
|
+
file: "/usr/share/GeoIP/GeoIP.dat",
|
|
151
|
+
package: :country
|
|
109
152
|
}
|
|
110
153
|
)
|
|
111
154
|
```
|
|
112
155
|
|
|
113
|
-
|
|
156
|
+
### Load Balancer Geocoding
|
|
157
|
+
|
|
158
|
+
Some load balancers can add geocoding information to request headers.
|
|
114
159
|
|
|
115
|
-
|
|
160
|
+
- [nginx](https://nginx.org/en/docs/http/ngx_http_geoip_module.html)
|
|
161
|
+
- [Google Cloud](https://cloud.google.com/load-balancing/docs/custom-headers)
|
|
162
|
+
- [Cloudflare](https://support.cloudflare.com/hc/en-us/articles/200168236-Configuring-Cloudflare-IP-Geolocation)
|
|
116
163
|
|
|
117
164
|
```ruby
|
|
118
|
-
|
|
119
|
-
|
|
120
|
-
|
|
165
|
+
AuthTrail.geocode = false
|
|
166
|
+
AuthTrail.transform_method = lambda do |data, request|
|
|
167
|
+
data[:country] = request.headers["<country-header>"]
|
|
168
|
+
data[:region] = request.headers["<region-header>"]
|
|
169
|
+
data[:city] = request.headers["<city-header>"]
|
|
121
170
|
end
|
|
122
171
|
```
|
|
123
172
|
|
|
124
|
-
|
|
173
|
+
Check out [this example](https://github.com/ankane/authtrail/issues/40)
|
|
125
174
|
|
|
126
175
|
## Other Notes
|
|
127
176
|
|
|
128
177
|
We recommend using this in addition to Devise’s `Lockable` module and [Rack::Attack](https://github.com/kickstarter/rack-attack).
|
|
129
178
|
|
|
130
|
-
Check out [Hardening Devise](https://
|
|
179
|
+
Check out [Hardening Devise](https://ankane.org/hardening-devise) and [Secure Rails](https://github.com/ankane/secure_rails) for more best practices.
|
|
180
|
+
|
|
181
|
+
## Upgrading
|
|
182
|
+
|
|
183
|
+
### 0.2.0
|
|
131
184
|
|
|
132
|
-
|
|
185
|
+
To store latitude and longitude, create a migration with:
|
|
186
|
+
|
|
187
|
+
```ruby
|
|
188
|
+
add_column :login_activities, :latitude, :float
|
|
189
|
+
add_column :login_activities, :longitude, :float
|
|
190
|
+
```
|
|
133
191
|
|
|
134
192
|
## History
|
|
135
193
|
|
|
@@ -143,3 +201,12 @@ Everyone is encouraged to help improve this project. Here are a few ways you can
|
|
|
143
201
|
- Fix bugs and [submit pull requests](https://github.com/ankane/authtrail/pulls)
|
|
144
202
|
- Write, clarify, or fix documentation
|
|
145
203
|
- Suggest or add new features
|
|
204
|
+
|
|
205
|
+
To get started with development and testing:
|
|
206
|
+
|
|
207
|
+
```sh
|
|
208
|
+
git clone https://github.com/ankane/authtrail.git
|
|
209
|
+
cd authtrail
|
|
210
|
+
bundle install
|
|
211
|
+
bundle exec rake test
|
|
212
|
+
```
|
|
@@ -1,5 +1,9 @@
|
|
|
1
1
|
module AuthTrail
|
|
2
|
-
class GeocodeJob <
|
|
2
|
+
class GeocodeJob < ActiveJob::Base
|
|
3
|
+
# default queue is used if queue_as returns nil
|
|
4
|
+
# Rails has a test for this
|
|
5
|
+
queue_as { AuthTrail.job_queue }
|
|
6
|
+
|
|
3
7
|
def perform(login_activity)
|
|
4
8
|
result =
|
|
5
9
|
begin
|
|
@@ -10,11 +14,17 @@ module AuthTrail
|
|
|
10
14
|
end
|
|
11
15
|
|
|
12
16
|
if result
|
|
13
|
-
|
|
14
|
-
city: result.try(:city)
|
|
15
|
-
region: result.try(:state)
|
|
16
|
-
country: result.try(:country)
|
|
17
|
-
|
|
17
|
+
attributes = {
|
|
18
|
+
city: result.try(:city),
|
|
19
|
+
region: result.try(:state),
|
|
20
|
+
country: result.try(:country),
|
|
21
|
+
latitude: result.try(:latitude),
|
|
22
|
+
longitude: result.try(:longitude)
|
|
23
|
+
}
|
|
24
|
+
attributes.each do |k, v|
|
|
25
|
+
login_activity.try("#{k}=", v.presence)
|
|
26
|
+
end
|
|
27
|
+
login_activity.save!
|
|
18
28
|
end
|
|
19
29
|
end
|
|
20
30
|
end
|
data/lib/auth_trail/manager.rb
CHANGED
|
@@ -2,36 +2,29 @@ module AuthTrail
|
|
|
2
2
|
module Manager
|
|
3
3
|
class << self
|
|
4
4
|
def after_set_user(user, auth, opts)
|
|
5
|
-
|
|
6
|
-
AuthTrail.safely do
|
|
7
|
-
request = ActionDispatch::Request.new(auth.env)
|
|
5
|
+
request = ActionDispatch::Request.new(auth.env)
|
|
8
6
|
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
end
|
|
7
|
+
AuthTrail.track(
|
|
8
|
+
strategy: detect_strategy(auth),
|
|
9
|
+
scope: opts[:scope].to_s,
|
|
10
|
+
identity: AuthTrail.identity_method.call(request, opts, user),
|
|
11
|
+
success: true,
|
|
12
|
+
request: request,
|
|
13
|
+
user: user
|
|
14
|
+
)
|
|
18
15
|
end
|
|
19
16
|
|
|
20
17
|
def before_failure(env, opts)
|
|
21
|
-
|
|
22
|
-
if opts[:message]
|
|
23
|
-
request = ActionDispatch::Request.new(env)
|
|
18
|
+
request = ActionDispatch::Request.new(env)
|
|
24
19
|
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
end
|
|
34
|
-
end
|
|
20
|
+
AuthTrail.track(
|
|
21
|
+
strategy: detect_strategy(env["warden"]),
|
|
22
|
+
scope: opts[:scope].to_s,
|
|
23
|
+
identity: AuthTrail.identity_method.call(request, opts, nil),
|
|
24
|
+
success: false,
|
|
25
|
+
request: request,
|
|
26
|
+
failure_reason: opts[:message].to_s
|
|
27
|
+
)
|
|
35
28
|
end
|
|
36
29
|
|
|
37
30
|
private
|
data/lib/auth_trail/version.rb
CHANGED
data/lib/authtrail.rb
CHANGED
|
@@ -9,7 +9,7 @@ require "auth_trail/version"
|
|
|
9
9
|
|
|
10
10
|
module AuthTrail
|
|
11
11
|
class << self
|
|
12
|
-
attr_accessor :exclude_method, :geocode, :track_method, :identity_method
|
|
12
|
+
attr_accessor :exclude_method, :geocode, :track_method, :identity_method, :job_queue, :transform_method
|
|
13
13
|
end
|
|
14
14
|
self.geocode = true
|
|
15
15
|
self.identity_method = lambda do |request, opts, user|
|
|
@@ -22,7 +22,7 @@ module AuthTrail
|
|
|
22
22
|
end
|
|
23
23
|
|
|
24
24
|
def self.track(strategy:, scope:, identity:, success:, request:, user: nil, failure_reason: nil)
|
|
25
|
-
|
|
25
|
+
data = {
|
|
26
26
|
strategy: strategy,
|
|
27
27
|
scope: scope,
|
|
28
28
|
identity: identity,
|
|
@@ -35,17 +35,25 @@ module AuthTrail
|
|
|
35
35
|
}
|
|
36
36
|
|
|
37
37
|
if request.params[:controller]
|
|
38
|
-
|
|
38
|
+
data[:context] = "#{request.params[:controller]}##{request.params[:action]}"
|
|
39
39
|
end
|
|
40
40
|
|
|
41
|
+
# add request data before exclude_method since exclude_method doesn't have access to request
|
|
42
|
+
# could also add 2nd argument to exclude_method when arity > 1
|
|
43
|
+
AuthTrail.transform_method.call(data, request) if AuthTrail.transform_method
|
|
44
|
+
|
|
41
45
|
# if exclude_method throws an exception, default to not excluding
|
|
42
|
-
exclude = AuthTrail.exclude_method && AuthTrail.safely(default: false) { AuthTrail.exclude_method.call(
|
|
46
|
+
exclude = AuthTrail.exclude_method && AuthTrail.safely(default: false) { AuthTrail.exclude_method.call(data) }
|
|
43
47
|
|
|
44
48
|
unless exclude
|
|
45
49
|
if AuthTrail.track_method
|
|
46
|
-
AuthTrail.track_method.call(
|
|
50
|
+
AuthTrail.track_method.call(data)
|
|
47
51
|
else
|
|
48
|
-
login_activity = LoginActivity.
|
|
52
|
+
login_activity = LoginActivity.new
|
|
53
|
+
data.each do |k, v|
|
|
54
|
+
login_activity.try("#{k}=", v)
|
|
55
|
+
end
|
|
56
|
+
login_activity.save!
|
|
49
57
|
AuthTrail::GeocodeJob.perform_later(login_activity) if AuthTrail.geocode
|
|
50
58
|
end
|
|
51
59
|
end
|
|
@@ -66,5 +74,5 @@ Warden::Manager.after_set_user except: :fetch do |user, auth, opts|
|
|
|
66
74
|
end
|
|
67
75
|
|
|
68
76
|
Warden::Manager.before_failure do |env, opts|
|
|
69
|
-
AuthTrail::Manager.before_failure(env, opts)
|
|
77
|
+
AuthTrail::Manager.before_failure(env, opts) if opts[:message]
|
|
70
78
|
end
|
|
@@ -1,52 +1,52 @@
|
|
|
1
|
-
# taken from https://github.com/collectiveidea/audited/blob/master/lib/generators/audited/install_generator.rb
|
|
2
|
-
require "rails/generators"
|
|
3
|
-
require "rails/generators/migration"
|
|
4
|
-
require "active_record"
|
|
5
1
|
require "rails/generators/active_record"
|
|
6
2
|
|
|
7
3
|
module Authtrail
|
|
8
4
|
module Generators
|
|
9
5
|
class InstallGenerator < Rails::Generators::Base
|
|
10
|
-
include
|
|
11
|
-
source_root File.
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
def self.next_migration_number(dirname) #:nodoc:
|
|
15
|
-
next_migration_number = current_migration_number(dirname) + 1
|
|
16
|
-
if ::ActiveRecord::Base.timestamped_migrations
|
|
17
|
-
[Time.now.utc.strftime("%Y%m%d%H%M%S"), "%.14d" % next_migration_number].max
|
|
18
|
-
else
|
|
19
|
-
"%.3d" % next_migration_number
|
|
20
|
-
end
|
|
21
|
-
end
|
|
6
|
+
include ActiveRecord::Generators::Migration
|
|
7
|
+
source_root File.join(__dir__, "templates")
|
|
8
|
+
|
|
9
|
+
class_option :lockbox, type: :boolean
|
|
22
10
|
|
|
23
11
|
def copy_migration
|
|
24
12
|
migration_template "login_activities_migration.rb", "db/migrate/create_login_activities.rb", migration_version: migration_version
|
|
25
13
|
end
|
|
26
14
|
|
|
27
|
-
def
|
|
28
|
-
template "
|
|
15
|
+
def copy_templates
|
|
16
|
+
template "initializer.rb", "config/initializers/authtrail.rb"
|
|
29
17
|
end
|
|
30
18
|
|
|
31
|
-
def
|
|
32
|
-
if
|
|
33
|
-
"
|
|
19
|
+
def generate_model
|
|
20
|
+
if lockbox?
|
|
21
|
+
template "model_lockbox.rb", "app/models/login_activity.rb"
|
|
22
|
+
else
|
|
23
|
+
template "model.rb", "app/models/login_activity.rb"
|
|
34
24
|
end
|
|
35
25
|
end
|
|
36
26
|
|
|
37
|
-
def
|
|
38
|
-
|
|
27
|
+
def migration_version
|
|
28
|
+
"[#{ActiveRecord::VERSION::MAJOR}.#{ActiveRecord::VERSION::MINOR}]"
|
|
39
29
|
end
|
|
40
30
|
|
|
41
|
-
def
|
|
42
|
-
|
|
31
|
+
def identity_column
|
|
32
|
+
if lockbox?
|
|
33
|
+
"t.text :identity_ciphertext\n t.string :identity_bidx, index: true"
|
|
34
|
+
else
|
|
35
|
+
"t.string :identity, index: true"
|
|
36
|
+
end
|
|
43
37
|
end
|
|
44
38
|
|
|
45
|
-
def
|
|
46
|
-
if
|
|
47
|
-
",
|
|
39
|
+
def ip_column
|
|
40
|
+
if lockbox?
|
|
41
|
+
"t.text :ip_ciphertext\n t.string :ip_bidx, index: true"
|
|
42
|
+
else
|
|
43
|
+
"t.string :ip, index: true"
|
|
48
44
|
end
|
|
49
45
|
end
|
|
46
|
+
|
|
47
|
+
def lockbox?
|
|
48
|
+
options[:lockbox]
|
|
49
|
+
end
|
|
50
50
|
end
|
|
51
51
|
end
|
|
52
52
|
end
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
# set to true for geocoding
|
|
2
|
+
# we recommend configuring local geocoding first
|
|
3
|
+
# see https://github.com/ankane/authtrail#geocoding
|
|
4
|
+
AuthTrail.geocode = false
|
|
5
|
+
|
|
6
|
+
# add or modify data
|
|
7
|
+
# AuthTrail.transform_method = lambda do |data, request|
|
|
8
|
+
# data[:request_id] = request.request_id
|
|
9
|
+
# end
|
|
10
|
+
|
|
11
|
+
# exclude certain attempts from tracking
|
|
12
|
+
# AuthTrail.exclude_method = lambda do |data|
|
|
13
|
+
# data[:identity] == "capybara@example.org"
|
|
14
|
+
# end
|
|
@@ -3,21 +3,20 @@ class <%= migration_class_name %> < ActiveRecord::Migration<%= migration_version
|
|
|
3
3
|
create_table :login_activities do |t|
|
|
4
4
|
t.string :scope
|
|
5
5
|
t.string :strategy
|
|
6
|
-
|
|
6
|
+
<%= identity_column %>
|
|
7
7
|
t.boolean :success
|
|
8
8
|
t.string :failure_reason
|
|
9
9
|
t.references :user, polymorphic: true
|
|
10
10
|
t.string :context
|
|
11
|
-
|
|
11
|
+
<%= ip_column %>
|
|
12
12
|
t.text :user_agent
|
|
13
13
|
t.text :referrer
|
|
14
14
|
t.string :city
|
|
15
15
|
t.string :region
|
|
16
16
|
t.string :country
|
|
17
|
+
t.float :latitude
|
|
18
|
+
t.float :longitude
|
|
17
19
|
t.datetime :created_at
|
|
18
20
|
end
|
|
19
|
-
|
|
20
|
-
add_index :login_activities, :identity
|
|
21
|
-
add_index :login_activities, :ip
|
|
22
21
|
end
|
|
23
22
|
end
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
class LoginActivity < ApplicationRecord
|
|
2
|
+
belongs_to :user, polymorphic: true, optional: true
|
|
3
|
+
|
|
4
|
+
encrypts :identity, :ip
|
|
5
|
+
blind_index :identity, :ip
|
|
6
|
+
|
|
7
|
+
before_save :reduce_precision
|
|
8
|
+
|
|
9
|
+
# reduce precision to city level to protect IP
|
|
10
|
+
def reduce_precision
|
|
11
|
+
self.latitude = latitude&.round(1) if try(:latitude_changed?)
|
|
12
|
+
self.longitude = longitude&.round(1) if try(:longitude_changed?)
|
|
13
|
+
end
|
|
14
|
+
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: authtrail
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1
|
|
4
|
+
version: 0.3.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Andrew Kane
|
|
8
|
-
autorequire:
|
|
8
|
+
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2021-03-04 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: railties
|
|
@@ -16,28 +16,28 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - ">="
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: '
|
|
19
|
+
version: '5.2'
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - ">="
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: '
|
|
26
|
+
version: '5.2'
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: activerecord
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
30
30
|
requirements:
|
|
31
31
|
- - ">="
|
|
32
32
|
- !ruby/object:Gem::Version
|
|
33
|
-
version: '
|
|
33
|
+
version: '5.2'
|
|
34
34
|
type: :runtime
|
|
35
35
|
prerelease: false
|
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
|
37
37
|
requirements:
|
|
38
38
|
- - ">="
|
|
39
39
|
- !ruby/object:Gem::Version
|
|
40
|
-
version: '
|
|
40
|
+
version: '5.2'
|
|
41
41
|
- !ruby/object:Gem::Dependency
|
|
42
42
|
name: warden
|
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -66,50 +66,8 @@ dependencies:
|
|
|
66
66
|
- - ">="
|
|
67
67
|
- !ruby/object:Gem::Version
|
|
68
68
|
version: '0'
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
requirement: !ruby/object:Gem::Requirement
|
|
72
|
-
requirements:
|
|
73
|
-
- - ">="
|
|
74
|
-
- !ruby/object:Gem::Version
|
|
75
|
-
version: '0'
|
|
76
|
-
type: :development
|
|
77
|
-
prerelease: false
|
|
78
|
-
version_requirements: !ruby/object:Gem::Requirement
|
|
79
|
-
requirements:
|
|
80
|
-
- - ">="
|
|
81
|
-
- !ruby/object:Gem::Version
|
|
82
|
-
version: '0'
|
|
83
|
-
- !ruby/object:Gem::Dependency
|
|
84
|
-
name: rake
|
|
85
|
-
requirement: !ruby/object:Gem::Requirement
|
|
86
|
-
requirements:
|
|
87
|
-
- - ">="
|
|
88
|
-
- !ruby/object:Gem::Version
|
|
89
|
-
version: '0'
|
|
90
|
-
type: :development
|
|
91
|
-
prerelease: false
|
|
92
|
-
version_requirements: !ruby/object:Gem::Requirement
|
|
93
|
-
requirements:
|
|
94
|
-
- - ">="
|
|
95
|
-
- !ruby/object:Gem::Version
|
|
96
|
-
version: '0'
|
|
97
|
-
- !ruby/object:Gem::Dependency
|
|
98
|
-
name: minitest
|
|
99
|
-
requirement: !ruby/object:Gem::Requirement
|
|
100
|
-
requirements:
|
|
101
|
-
- - ">="
|
|
102
|
-
- !ruby/object:Gem::Version
|
|
103
|
-
version: '0'
|
|
104
|
-
type: :development
|
|
105
|
-
prerelease: false
|
|
106
|
-
version_requirements: !ruby/object:Gem::Requirement
|
|
107
|
-
requirements:
|
|
108
|
-
- - ">="
|
|
109
|
-
- !ruby/object:Gem::Version
|
|
110
|
-
version: '0'
|
|
111
|
-
description:
|
|
112
|
-
email: andrew@chartkick.com
|
|
69
|
+
description:
|
|
70
|
+
email: andrew@ankane.org
|
|
113
71
|
executables: []
|
|
114
72
|
extensions: []
|
|
115
73
|
extra_rdoc_files: []
|
|
@@ -123,13 +81,15 @@ files:
|
|
|
123
81
|
- lib/auth_trail/version.rb
|
|
124
82
|
- lib/authtrail.rb
|
|
125
83
|
- lib/generators/authtrail/install_generator.rb
|
|
84
|
+
- lib/generators/authtrail/templates/initializer.rb.tt
|
|
126
85
|
- lib/generators/authtrail/templates/login_activities_migration.rb.tt
|
|
127
|
-
- lib/generators/authtrail/templates/
|
|
86
|
+
- lib/generators/authtrail/templates/model.rb.tt
|
|
87
|
+
- lib/generators/authtrail/templates/model_lockbox.rb.tt
|
|
128
88
|
homepage: https://github.com/ankane/authtrail
|
|
129
89
|
licenses:
|
|
130
90
|
- MIT
|
|
131
91
|
metadata: {}
|
|
132
|
-
post_install_message:
|
|
92
|
+
post_install_message:
|
|
133
93
|
rdoc_options: []
|
|
134
94
|
require_paths:
|
|
135
95
|
- lib
|
|
@@ -137,16 +97,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
137
97
|
requirements:
|
|
138
98
|
- - ">="
|
|
139
99
|
- !ruby/object:Gem::Version
|
|
140
|
-
version: '2.
|
|
100
|
+
version: '2.6'
|
|
141
101
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
142
102
|
requirements:
|
|
143
103
|
- - ">="
|
|
144
104
|
- !ruby/object:Gem::Version
|
|
145
105
|
version: '0'
|
|
146
106
|
requirements: []
|
|
147
|
-
|
|
148
|
-
|
|
149
|
-
signing_key:
|
|
107
|
+
rubygems_version: 3.2.3
|
|
108
|
+
signing_key:
|
|
150
109
|
specification_version: 4
|
|
151
110
|
summary: Track Devise login activity
|
|
152
111
|
test_files: []
|