better_record 0.10.10 → 0.11.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/app/models/better_record/base.rb +10 -0
- data/app/models/better_record/model_concerns/has_protected_password.rb +19 -10
- data/lib/better_record.rb +2 -0
- data/lib/better_record/jwt.rb +8 -2
- data/lib/better_record/migration.rb +29 -26
- data/lib/better_record/version.rb +1 -1
- data/lib/generators/better_record/setup/templates/initializer.rb +3 -0
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 0216b700a22a49717a214a6dd3c60b69fdb122cbacbe26c89393d52981d34add
|
|
4
|
+
data.tar.gz: eedc6c633f0f7d24575a21802513c120b86c3dbfa3e775b604a41e00bde27dd1
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 27b8353a2fb42ff2f2dcb370914fc18b4915a0db500cacbb35852181cdfc7d1d7bf7c623834b291479efb2ec3de321f8cb90ad487e03bd4f98ce372f4ef33e3e
|
|
7
|
+
data.tar.gz: 68f379ad36aa82e88978feb560bea1148a6d7e55659f86971a3724b9b5175569c803a5073b655d29b892fad280d6c25fcfedeaf456bb3f9345ab7ee0e3a49ca5
|
|
@@ -34,9 +34,19 @@ module BetterRecord
|
|
|
34
34
|
enum col, BetterRecord::Gender::ENUM
|
|
35
35
|
end
|
|
36
36
|
|
|
37
|
+
def self.get_hashed_string(str)
|
|
38
|
+
ct = Time.now.to_i
|
|
39
|
+
cq = ActiveRecord::Base.sanitize_sql_array(["hash_password(?) as hashed_cert_#{t}", str])
|
|
40
|
+
select(cq).limit(1).first[:"hashed_cert_#{t}"]
|
|
41
|
+
end
|
|
42
|
+
|
|
37
43
|
# == Boolean Methods ======================================================
|
|
38
44
|
|
|
39
45
|
# == Instance Methods =====================================================
|
|
46
|
+
def get_hashed_string(str)
|
|
47
|
+
self.class.get_hashed_string(str)
|
|
48
|
+
end
|
|
49
|
+
|
|
40
50
|
def indifferent_attributes
|
|
41
51
|
attributes.with_indifferent_access
|
|
42
52
|
end
|
|
@@ -18,8 +18,7 @@ module BetterRecord
|
|
|
18
18
|
def has_protected_password(
|
|
19
19
|
password_field: :password,
|
|
20
20
|
password_validator: nil,
|
|
21
|
-
|
|
22
|
-
max_image_size: 500.kilobytes,
|
|
21
|
+
confirm: true,
|
|
23
22
|
**opts
|
|
24
23
|
)
|
|
25
24
|
# == Constants ============================================================
|
|
@@ -76,15 +75,25 @@ module BetterRecord
|
|
|
76
75
|
true
|
|
77
76
|
end
|
|
78
77
|
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
78
|
+
if confirm
|
|
79
|
+
define_method :"require_#{password_field}_confirmation" do
|
|
80
|
+
tmp_new_pwd = __send__ :"new_#{password_field}"
|
|
81
|
+
tmp_new_confirmation = __send__ :"new_#{password_field}_confirmation"
|
|
82
|
+
|
|
83
|
+
if tmp_new_pwd.present?
|
|
84
|
+
if tmp_new_pwd != tmp_new_confirmation
|
|
85
|
+
errors.add(:"new_#{password_field}", 'does not match confirmation')
|
|
86
|
+
else
|
|
87
|
+
self.__send__ :"#{password_field}=", tmp_new_pwd
|
|
88
|
+
end
|
|
89
|
+
end
|
|
90
|
+
end
|
|
91
|
+
else
|
|
92
|
+
define_method :"require_#{password_field}_confirmation" do
|
|
93
|
+
tmp_new_pwd = __send__ :"new_#{password_field}"
|
|
82
94
|
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
errors.add(:"new_#{password_field}", 'Password does not match confirmation')
|
|
86
|
-
else
|
|
87
|
-
self.password = tmp_new_pwd
|
|
95
|
+
if tmp_new_pwd.present?
|
|
96
|
+
self.__send__ :"#{password_field}=", tmp_new_pwd
|
|
88
97
|
end
|
|
89
98
|
end
|
|
90
99
|
end
|
data/lib/better_record.rb
CHANGED
|
@@ -28,6 +28,7 @@ module BetterRecord
|
|
|
28
28
|
:certificate_session_column,
|
|
29
29
|
:certificate_session_user_method,
|
|
30
30
|
:certificate_header,
|
|
31
|
+
:certificate_is_hashed,
|
|
31
32
|
].freeze
|
|
32
33
|
|
|
33
34
|
class << self
|
|
@@ -70,6 +71,7 @@ module BetterRecord
|
|
|
70
71
|
self.certificate_session_column = (ENV.fetch('BR_CERTIFICATE_SESSION_COLUMN') { :certificate }).to_sym
|
|
71
72
|
self.certificate_session_user_method = (ENV.fetch('BR_CERTIFICATE_SESSION_USER_METHOD') { :user }).to_sym
|
|
72
73
|
self.certificate_header = (ENV.fetch('BR_CERTIFICATE_HEADER') { :HTTP_X_SSL_CERT }).to_sym
|
|
74
|
+
self.certificate_is_hashed = Boolean.strict_parse(ENV.fetch('BR_CERTIFICATE_IS_HASHED') { false })
|
|
73
75
|
end
|
|
74
76
|
|
|
75
77
|
Dir.glob("#{File.expand_path(__dir__)}/better_record/*.rb").each do |d|
|
data/lib/better_record/jwt.rb
CHANGED
|
@@ -105,8 +105,14 @@ module BetterRecord
|
|
|
105
105
|
end
|
|
106
106
|
|
|
107
107
|
def create_session_from_certificate(cert)
|
|
108
|
-
|
|
109
|
-
|
|
108
|
+
u_class = (certificate_session_class || session_class)
|
|
109
|
+
user = u_class.where.not(certificate_session_column => nil)
|
|
110
|
+
|
|
111
|
+
if certificate_is_hashed
|
|
112
|
+
user = user.find_by("#{certificate_session_column} = crypt(?, #{certificate_session_column})", cert.clean_certificate)
|
|
113
|
+
else
|
|
114
|
+
user = user.find_by(certificate_session_column => cert.clean_certificate)
|
|
115
|
+
end
|
|
110
116
|
|
|
111
117
|
if user
|
|
112
118
|
if certificate_session_user_method &&
|
|
@@ -28,33 +28,36 @@ module BetterRecord
|
|
|
28
28
|
end
|
|
29
29
|
end
|
|
30
30
|
|
|
31
|
-
def login_triggers(table_name, password_col = 'password', email_col = 'email')
|
|
31
|
+
def login_triggers(table_name, password_col = 'password', email_col = 'email', function_name = nil, in_reverse = false)
|
|
32
32
|
table_name = table_name.to_s
|
|
33
33
|
|
|
34
34
|
reversible do |d|
|
|
35
|
-
d.up do
|
|
35
|
+
d.__send__(in_reverse ? :down : :up) do
|
|
36
36
|
password_text = ''
|
|
37
37
|
|
|
38
38
|
if !!password_col
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
NEW.#{
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
IF (TG_OP IS DISTINCT FROM 'INSERT') THEN
|
|
51
|
-
NEW.#{password_col} = OLD.#{password_col};
|
|
39
|
+
create_pwd_txt = ->(col) {
|
|
40
|
+
<<-SQL
|
|
41
|
+
IF (NEW.#{col} IS NOT NULL)
|
|
42
|
+
AND (
|
|
43
|
+
(TG_OP = 'INSERT') OR ( NEW.#{col} IS DISTINCT FROM OLD.#{col} )
|
|
44
|
+
) THEN
|
|
45
|
+
IF (NEW.#{col} IS DISTINCT FROM 'CLEAR_EXISTING_PASSWORD_FOR_ROW') THEN
|
|
46
|
+
NEW.#{col} = hash_password(NEW.#{col});
|
|
47
|
+
ELSE
|
|
48
|
+
NEW.#{col} = NULL;
|
|
49
|
+
END IF;
|
|
52
50
|
ELSE
|
|
53
|
-
|
|
51
|
+
IF (TG_OP IS DISTINCT FROM 'INSERT') THEN
|
|
52
|
+
NEW.#{col} = OLD.#{col};
|
|
53
|
+
ELSE
|
|
54
|
+
NEW.#{col} = NULL;
|
|
55
|
+
END IF;
|
|
54
56
|
END IF;
|
|
55
|
-
END IF;
|
|
56
57
|
|
|
57
|
-
|
|
58
|
+
SQL
|
|
59
|
+
}
|
|
60
|
+
password_text = password_col.is_a?(Array) ? (password_col.map {|pwd| create_pwd_txt.call(pwd)}).join("\n") : create_pwd_txt.call(password_col)
|
|
58
61
|
end
|
|
59
62
|
|
|
60
63
|
email_text = ''
|
|
@@ -69,7 +72,7 @@ module BetterRecord
|
|
|
69
72
|
end
|
|
70
73
|
|
|
71
74
|
execute <<-SQL
|
|
72
|
-
CREATE OR REPLACE FUNCTION #{table_name.singularize}_changed()
|
|
75
|
+
CREATE OR REPLACE FUNCTION #{function_name.presence || table_name.singularize}_changed()
|
|
73
76
|
RETURNS TRIGGER AS
|
|
74
77
|
$BODY$
|
|
75
78
|
BEGIN
|
|
@@ -82,24 +85,24 @@ module BetterRecord
|
|
|
82
85
|
SQL
|
|
83
86
|
|
|
84
87
|
execute <<-SQL
|
|
85
|
-
CREATE TRIGGER #{table_name}_on_insert
|
|
88
|
+
CREATE TRIGGER #{function_name.presence || table_name}_on_insert
|
|
86
89
|
BEFORE INSERT ON #{table_name}
|
|
87
90
|
FOR EACH ROW
|
|
88
|
-
EXECUTE PROCEDURE #{table_name.singularize}_changed();
|
|
91
|
+
EXECUTE PROCEDURE #{function_name.presence || table_name.singularize}_changed();
|
|
89
92
|
SQL
|
|
90
93
|
|
|
91
94
|
execute <<-SQL
|
|
92
|
-
CREATE TRIGGER #{table_name}_on_update
|
|
95
|
+
CREATE TRIGGER #{function_name.presence || table_name}_on_update
|
|
93
96
|
BEFORE UPDATE ON #{table_name}
|
|
94
97
|
FOR EACH ROW
|
|
95
|
-
EXECUTE PROCEDURE #{table_name.singularize}_changed();
|
|
98
|
+
EXECUTE PROCEDURE #{function_name.presence || table_name.singularize}_changed();
|
|
96
99
|
|
|
97
100
|
SQL
|
|
98
101
|
end
|
|
99
102
|
|
|
100
|
-
d.down do
|
|
101
|
-
execute "DROP TRIGGER IF EXISTS #{table_name}_on_insert ON #{table_name};"
|
|
102
|
-
execute "DROP TRIGGER IF EXISTS #{table_name}_on_update ON #{table_name};"
|
|
103
|
+
d.__send__(in_reverse ? :up : :down) do
|
|
104
|
+
execute "DROP TRIGGER IF EXISTS #{function_name.presence || table_name}_on_insert ON #{table_name};"
|
|
105
|
+
execute "DROP TRIGGER IF EXISTS #{function_name.presence || table_name}_on_update ON #{table_name};"
|
|
103
106
|
end
|
|
104
107
|
end
|
|
105
108
|
end
|
|
@@ -18,6 +18,7 @@ module BetterRecord
|
|
|
18
18
|
# certificate_session_column: BR_CERTIFICATE_SESSION_COLUMN #
|
|
19
19
|
# certificate_session_user_method: BR_CERTIFICATE_SESSION_USER_METHOD #
|
|
20
20
|
# certificate_header: BR_CERTIFICATE_HEADER #
|
|
21
|
+
# certificate_is_hashed: BR_CERTIFICATE_IS_HASHED #
|
|
21
22
|
##########################################################################
|
|
22
23
|
|
|
23
24
|
# uncomment the following line to disable three-state booleans in models
|
|
@@ -90,6 +91,8 @@ module BetterRecord
|
|
|
90
91
|
# self.certificate_session_user_method = :user
|
|
91
92
|
|
|
92
93
|
# self.certificate_header = :HTTP_X_CERTIFICATE
|
|
94
|
+
|
|
95
|
+
# self.certificate_is_hashed = true
|
|
93
96
|
# end
|
|
94
97
|
|
|
95
98
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: better_record
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.11.4
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Sampson Crowley
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-09-
|
|
11
|
+
date: 2018-09-13 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rails
|