authtrail 0.3.0 → 0.3.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +4 -0
- data/README.md +22 -7
- data/lib/auth_trail/version.rb +1 -1
- data/lib/generators/authtrail/install_generator.rb +27 -1
- data/lib/generators/authtrail/templates/login_activities_migration.rb.tt +2 -5
- data/lib/generators/authtrail/templates/{login_activity_model.rb.tt → model.rb.tt} +0 -0
- data/lib/generators/authtrail/templates/model_lockbox.rb.tt +14 -0
- metadata +4 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: eb0329a5efc01b445b4686a7e1712d6937f57d52443ad880802c5a79c6e746c4
|
|
4
|
+
data.tar.gz: d4ac5c96149eebd39ba9964303758e48b537e1823345e27117ce35bf1ff7752a
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 837b7df27b74e7c4ac54855bc40584c0fb7ed5291abb5f7627d13d9bd5fa8adfb25bdb50f2292721c67394ca5a8274b8e95a881bf63213dea7a73b927da204ae
|
|
7
|
+
data.tar.gz: 20b98bad8507a73e67fececc5cb2811a98013e4f449ab8d8b9c97227a4ffb33ecdf1237228c3282ebd3449f2b04cd080369b75d3c1f4f6fa585155169d1433cd
|
data/CHANGELOG.md
CHANGED
data/README.md
CHANGED
|
@@ -14,7 +14,14 @@ Add this line to your application’s Gemfile:
|
|
|
14
14
|
gem 'authtrail'
|
|
15
15
|
```
|
|
16
16
|
|
|
17
|
-
|
|
17
|
+
To encrypt email and IP addresses, install [Lockbox](https://github.com/ankane/lockbox) and [Blind Index](https://github.com/ankane/blind_index) and run:
|
|
18
|
+
|
|
19
|
+
```sh
|
|
20
|
+
rails generate authtrail:install --lockbox
|
|
21
|
+
rails db:migrate
|
|
22
|
+
```
|
|
23
|
+
|
|
24
|
+
If you prefer not to encrypt data, run:
|
|
18
25
|
|
|
19
26
|
```sh
|
|
20
27
|
rails generate authtrail:install
|
|
@@ -95,7 +102,7 @@ The `LoginActivity` model uses a [polymorphic association](https://guides.rubyon
|
|
|
95
102
|
|
|
96
103
|
## Geocoding
|
|
97
104
|
|
|
98
|
-
AuthTrail uses [Geocoder](https://github.com/alexreisner/geocoder) for geocoding. We recommend configuring [local geocoding](#local-geocoding) so IP addresses are not sent to a 3rd party service. If you do use a 3rd party service and adhere to GDPR, be sure to add it to your subprocessor list.
|
|
105
|
+
AuthTrail uses [Geocoder](https://github.com/alexreisner/geocoder) for geocoding. We recommend configuring [local geocoding](#local-geocoding) or [load balancer geocoding](#load-balancer-geocoding) so IP addresses are not sent to a 3rd party service. If you do use a 3rd party service and adhere to GDPR, be sure to add it to your subprocessor list.
|
|
99
106
|
|
|
100
107
|
To enable geocoding, update `config/initializers/authtrail.rb`:
|
|
101
108
|
|
|
@@ -146,17 +153,25 @@ Geocoder.configure(
|
|
|
146
153
|
)
|
|
147
154
|
```
|
|
148
155
|
|
|
149
|
-
|
|
156
|
+
### Load Balancer Geocoding
|
|
157
|
+
|
|
158
|
+
Some load balancers can add geocoding information to request headers.
|
|
150
159
|
|
|
151
|
-
|
|
160
|
+
- [nginx](https://nginx.org/en/docs/http/ngx_http_geoip_module.html)
|
|
161
|
+
- [Google Cloud](https://cloud.google.com/load-balancing/docs/custom-headers)
|
|
162
|
+
- [Cloudflare](https://support.cloudflare.com/hc/en-us/articles/200168236-Configuring-Cloudflare-IP-Geolocation)
|
|
152
163
|
|
|
153
164
|
```ruby
|
|
154
|
-
|
|
155
|
-
|
|
156
|
-
|
|
165
|
+
AuthTrail.geocode = false
|
|
166
|
+
AuthTrail.transform_method = lambda do |data, request|
|
|
167
|
+
data[:country] = request.headers["<country-header>"]
|
|
168
|
+
data[:region] = request.headers["<region-header>"]
|
|
169
|
+
data[:city] = request.headers["<city-header>"]
|
|
157
170
|
end
|
|
158
171
|
```
|
|
159
172
|
|
|
173
|
+
Check out [this example](https://github.com/ankane/authtrail/issues/40)
|
|
174
|
+
|
|
160
175
|
## Other Notes
|
|
161
176
|
|
|
162
177
|
We recommend using this in addition to Devise’s `Lockable` module and [Rack::Attack](https://github.com/kickstarter/rack-attack).
|
data/lib/auth_trail/version.rb
CHANGED
|
@@ -6,6 +6,8 @@ module Authtrail
|
|
|
6
6
|
include ActiveRecord::Generators::Migration
|
|
7
7
|
source_root File.join(__dir__, "templates")
|
|
8
8
|
|
|
9
|
+
class_option :lockbox, type: :boolean
|
|
10
|
+
|
|
9
11
|
def copy_migration
|
|
10
12
|
migration_template "login_activities_migration.rb", "db/migrate/create_login_activities.rb", migration_version: migration_version
|
|
11
13
|
end
|
|
@@ -15,12 +17,36 @@ module Authtrail
|
|
|
15
17
|
end
|
|
16
18
|
|
|
17
19
|
def generate_model
|
|
18
|
-
|
|
20
|
+
if lockbox?
|
|
21
|
+
template "model_lockbox.rb", "app/models/login_activity.rb"
|
|
22
|
+
else
|
|
23
|
+
template "model.rb", "app/models/login_activity.rb"
|
|
24
|
+
end
|
|
19
25
|
end
|
|
20
26
|
|
|
21
27
|
def migration_version
|
|
22
28
|
"[#{ActiveRecord::VERSION::MAJOR}.#{ActiveRecord::VERSION::MINOR}]"
|
|
23
29
|
end
|
|
30
|
+
|
|
31
|
+
def identity_column
|
|
32
|
+
if lockbox?
|
|
33
|
+
"t.text :identity_ciphertext\n t.string :identity_bidx, index: true"
|
|
34
|
+
else
|
|
35
|
+
"t.string :identity, index: true"
|
|
36
|
+
end
|
|
37
|
+
end
|
|
38
|
+
|
|
39
|
+
def ip_column
|
|
40
|
+
if lockbox?
|
|
41
|
+
"t.text :ip_ciphertext\n t.string :ip_bidx, index: true"
|
|
42
|
+
else
|
|
43
|
+
"t.string :ip, index: true"
|
|
44
|
+
end
|
|
45
|
+
end
|
|
46
|
+
|
|
47
|
+
def lockbox?
|
|
48
|
+
options[:lockbox]
|
|
49
|
+
end
|
|
24
50
|
end
|
|
25
51
|
end
|
|
26
52
|
end
|
|
@@ -3,12 +3,12 @@ class <%= migration_class_name %> < ActiveRecord::Migration<%= migration_version
|
|
|
3
3
|
create_table :login_activities do |t|
|
|
4
4
|
t.string :scope
|
|
5
5
|
t.string :strategy
|
|
6
|
-
|
|
6
|
+
<%= identity_column %>
|
|
7
7
|
t.boolean :success
|
|
8
8
|
t.string :failure_reason
|
|
9
9
|
t.references :user, polymorphic: true
|
|
10
10
|
t.string :context
|
|
11
|
-
|
|
11
|
+
<%= ip_column %>
|
|
12
12
|
t.text :user_agent
|
|
13
13
|
t.text :referrer
|
|
14
14
|
t.string :city
|
|
@@ -18,8 +18,5 @@ class <%= migration_class_name %> < ActiveRecord::Migration<%= migration_version
|
|
|
18
18
|
t.float :longitude
|
|
19
19
|
t.datetime :created_at
|
|
20
20
|
end
|
|
21
|
-
|
|
22
|
-
add_index :login_activities, :identity
|
|
23
|
-
add_index :login_activities, :ip
|
|
24
21
|
end
|
|
25
22
|
end
|
|
File without changes
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
class LoginActivity < ApplicationRecord
|
|
2
|
+
belongs_to :user, polymorphic: true, optional: true
|
|
3
|
+
|
|
4
|
+
encrypts :identity, :ip
|
|
5
|
+
blind_index :identity, :ip
|
|
6
|
+
|
|
7
|
+
before_save :reduce_precision
|
|
8
|
+
|
|
9
|
+
# reduce precision to city level to protect IP
|
|
10
|
+
def reduce_precision
|
|
11
|
+
self.latitude = latitude&.round(1) if try(:latitude_changed?)
|
|
12
|
+
self.longitude = longitude&.round(1) if try(:longitude_changed?)
|
|
13
|
+
end
|
|
14
|
+
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: authtrail
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.3.
|
|
4
|
+
version: 0.3.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Andrew Kane
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-03-
|
|
11
|
+
date: 2021-03-04 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: railties
|
|
@@ -83,7 +83,8 @@ files:
|
|
|
83
83
|
- lib/generators/authtrail/install_generator.rb
|
|
84
84
|
- lib/generators/authtrail/templates/initializer.rb.tt
|
|
85
85
|
- lib/generators/authtrail/templates/login_activities_migration.rb.tt
|
|
86
|
-
- lib/generators/authtrail/templates/
|
|
86
|
+
- lib/generators/authtrail/templates/model.rb.tt
|
|
87
|
+
- lib/generators/authtrail/templates/model_lockbox.rb.tt
|
|
87
88
|
homepage: https://github.com/ankane/authtrail
|
|
88
89
|
licenses:
|
|
89
90
|
- MIT
|