better_record 0.10.10 → 0.11.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 49b7b4ea4d8817b1aba8766c1d6a867f33254868447aab90abb87b7c27f2a281
-  data.tar.gz: 780150e415f69315ef3068024c8d6418c6b481c970cce68846bf415eeb8345e2
+  metadata.gz: 0216b700a22a49717a214a6dd3c60b69fdb122cbacbe26c89393d52981d34add
+  data.tar.gz: eedc6c633f0f7d24575a21802513c120b86c3dbfa3e775b604a41e00bde27dd1
 SHA512:
-  metadata.gz: 30f7a6e2a4de835bd788cadf24017079e0a321b01a25da89dc73ee9659a6da80418134fcabe1741164e6fc4eff227f9d341da8a10c894975416ee2ee621998e6
-  data.tar.gz: 972c96b325b791c364def16d74c9fe5c192a6c7c163ff8a368e0b2a5278d6469325756835e1175c7adfa1bbdcb428dec4888964fd1a5e9e762ed69d3d894d954
+  metadata.gz: 27b8353a2fb42ff2f2dcb370914fc18b4915a0db500cacbb35852181cdfc7d1d7bf7c623834b291479efb2ec3de321f8cb90ad487e03bd4f98ce372f4ef33e3e
+  data.tar.gz: 68f379ad36aa82e88978feb560bea1148a6d7e55659f86971a3724b9b5175569c803a5073b655d29b892fad280d6c25fcfedeaf456bb3f9345ab7ee0e3a49ca5

data/app/models/better_record/base.rb

@@ -34,9 +34,19 @@ module BetterRecord
       enum col, BetterRecord::Gender::ENUM
     end
 
+    def self.get_hashed_string(str)
+      ct = Time.now.to_i
+      cq = ActiveRecord::Base.sanitize_sql_array(["hash_password(?) as hashed_cert_#{t}", str])
+      select(cq).limit(1).first[:"hashed_cert_#{t}"]
+    end
+
     # == Boolean Methods ======================================================
 
     # == Instance Methods =====================================================
+    def get_hashed_string(str)
+      self.class.get_hashed_string(str)
+    end
+    
     def indifferent_attributes
       attributes.with_indifferent_access
     end

data/app/models/better_record/model_concerns/has_protected_password.rb

@@ -18,8 +18,7 @@ module BetterRecord
         def has_protected_password(
           password_field: :password,
           password_validator: nil,
-          min_image_size: nil,
-          max_image_size: 500.kilobytes,
+          confirm: true,
           **opts
         )
           # == Constants ============================================================
@@ -76,15 +75,25 @@ module BetterRecord
             true
           end
 
-          define_method :"require_#{password_field}_confirmation" do
-            tmp_new_pwd = __send__ :"new_#{password_field}"
-            tmp_new_confirmation = __send__ :"new_#{password_field}_confirmation"
+          if confirm
+            define_method :"require_#{password_field}_confirmation" do
+              tmp_new_pwd = __send__ :"new_#{password_field}"
+              tmp_new_confirmation = __send__ :"new_#{password_field}_confirmation"
+
+              if tmp_new_pwd.present?
+                if tmp_new_pwd != tmp_new_confirmation
+                  errors.add(:"new_#{password_field}", 'does not match confirmation')
+                else
+                  self.__send__ :"#{password_field}=", tmp_new_pwd
+                end
+              end
+            end
+          else
+            define_method :"require_#{password_field}_confirmation" do
+              tmp_new_pwd = __send__ :"new_#{password_field}"
 
-            if tmp_new_pwd.present?
-              if tmp_new_pwd != tmp_new_confirmation
-                errors.add(:"new_#{password_field}", 'Password does not match confirmation')
-              else
-                self.password = tmp_new_pwd
+              if tmp_new_pwd.present?
+                self.__send__ :"#{password_field}=", tmp_new_pwd
               end
             end
           end

data/lib/better_record.rb

@@ -28,6 +28,7 @@ module BetterRecord
     :certificate_session_column,
     :certificate_session_user_method,
     :certificate_header,
+    :certificate_is_hashed,
   ].freeze
 
   class << self
@@ -70,6 +71,7 @@ module BetterRecord
   self.certificate_session_column = (ENV.fetch('BR_CERTIFICATE_SESSION_COLUMN') { :certificate }).to_sym
   self.certificate_session_user_method = (ENV.fetch('BR_CERTIFICATE_SESSION_USER_METHOD') { :user }).to_sym
   self.certificate_header = (ENV.fetch('BR_CERTIFICATE_HEADER') { :HTTP_X_SSL_CERT }).to_sym
+  self.certificate_is_hashed = Boolean.strict_parse(ENV.fetch('BR_CERTIFICATE_IS_HASHED') { false })
 end
 
 Dir.glob("#{File.expand_path(__dir__)}/better_record/*.rb").each do |d|

data/lib/better_record/jwt.rb

@@ -105,8 +105,14 @@ module BetterRecord
         end
 
         def create_session_from_certificate(cert)
-          user = (certificate_session_class || session_class).
-          find_by(certificate_session_column => cert.clean_certificate)
+          u_class = (certificate_session_class || session_class)
+          user = u_class.where.not(certificate_session_column => nil)
+
+          if certificate_is_hashed
+            user = user.find_by("#{certificate_session_column} = crypt(?, #{certificate_session_column})", cert.clean_certificate)
+          else
+            user = user.find_by(certificate_session_column => cert.clean_certificate)
+          end
 
           if user
             if  certificate_session_user_method &&

data/lib/better_record/migration.rb

@@ -28,33 +28,36 @@ module BetterRecord
       end
     end
 
-    def login_triggers(table_name, password_col = 'password', email_col = 'email')
+    def login_triggers(table_name, password_col = 'password', email_col = 'email', function_name = nil, in_reverse = false)
       table_name = table_name.to_s
 
       reversible do |d|
-        d.up do
+        d.__send__(in_reverse ? :down : :up) do
           password_text = ''
 
           if !!password_col
-            password_text = <<-SQL
-              IF (NEW.#{password_col} IS NOT NULL)
-              AND (
-                (TG_OP = 'INSERT') OR ( NEW.#{password_col} IS DISTINCT FROM OLD.#{password_col} )
-              ) THEN
-                IF (NEW.#{password_col} IS DISTINCT FROM 'CLEAR_EXISTING_PASSWORD_FOR_ROW') THEN
-                  NEW.#{password_col} = hash_password(NEW.#{password_col});
-                ELSE
-                  NEW.#{password_col} = NULL;
-                END IF;
-              ELSE
-                IF (TG_OP IS DISTINCT FROM 'INSERT') THEN
-                  NEW.#{password_col} = OLD.#{password_col};
+            create_pwd_txt = ->(col) {
+              <<-SQL
+                IF (NEW.#{col} IS NOT NULL)
+                AND (
+                  (TG_OP = 'INSERT') OR ( NEW.#{col} IS DISTINCT FROM OLD.#{col} )
+                ) THEN
+                  IF (NEW.#{col} IS DISTINCT FROM 'CLEAR_EXISTING_PASSWORD_FOR_ROW') THEN
+                    NEW.#{col} = hash_password(NEW.#{col});
+                  ELSE
+                    NEW.#{col} = NULL;
+                  END IF;
                 ELSE
-                  NEW.#{password_col} = NULL;
+                  IF (TG_OP IS DISTINCT FROM 'INSERT') THEN
+                    NEW.#{col} = OLD.#{col};
+                  ELSE
+                    NEW.#{col} = NULL;
+                  END IF;
                 END IF;
-              END IF;
 
-            SQL
+              SQL
+            }
+            password_text = password_col.is_a?(Array) ? (password_col.map {|pwd| create_pwd_txt.call(pwd)}).join("\n") : create_pwd_txt.call(password_col)
           end
 
           email_text = ''
@@ -69,7 +72,7 @@ module BetterRecord
           end
 
           execute <<-SQL
-            CREATE OR REPLACE FUNCTION #{table_name.singularize}_changed()
+            CREATE OR REPLACE FUNCTION #{function_name.presence || table_name.singularize}_changed()
               RETURNS TRIGGER AS
             $BODY$
             BEGIN
@@ -82,24 +85,24 @@ module BetterRecord
           SQL
 
           execute <<-SQL
-            CREATE TRIGGER #{table_name}_on_insert
+            CREATE TRIGGER #{function_name.presence || table_name}_on_insert
             BEFORE INSERT ON #{table_name}
             FOR EACH ROW
-            EXECUTE PROCEDURE #{table_name.singularize}_changed();
+            EXECUTE PROCEDURE #{function_name.presence || table_name.singularize}_changed();
           SQL
 
           execute <<-SQL
-            CREATE TRIGGER #{table_name}_on_update
+            CREATE TRIGGER #{function_name.presence || table_name}_on_update
             BEFORE UPDATE ON #{table_name}
             FOR EACH ROW
-            EXECUTE PROCEDURE #{table_name.singularize}_changed();
+            EXECUTE PROCEDURE #{function_name.presence || table_name.singularize}_changed();
 
           SQL
         end
 
-        d.down do
-          execute "DROP TRIGGER IF EXISTS #{table_name}_on_insert ON #{table_name};"
-          execute "DROP TRIGGER IF EXISTS #{table_name}_on_update ON #{table_name};"
+        d.__send__(in_reverse ? :up : :down) do
+          execute "DROP TRIGGER IF EXISTS #{function_name.presence || table_name}_on_insert ON #{table_name};"
+          execute "DROP TRIGGER IF EXISTS #{function_name.presence || table_name}_on_update ON #{table_name};"
         end
       end
     end

data/lib/better_record/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module BetterRecord
-  VERSION = '0.10.10'
+  VERSION = '0.11.4'
 end

data/lib/generators/better_record/setup/templates/initializer.rb

@@ -18,6 +18,7 @@ module BetterRecord
   #       certificate_session_column: BR_CERTIFICATE_SESSION_COLUMN        #
   #  certificate_session_user_method: BR_CERTIFICATE_SESSION_USER_METHOD   #
   #               certificate_header: BR_CERTIFICATE_HEADER                #
+  #            certificate_is_hashed: BR_CERTIFICATE_IS_HASHED             #
   ##########################################################################
 
   # uncomment the following line to disable three-state booleans in models
@@ -90,6 +91,8 @@ module BetterRecord
     # self.certificate_session_user_method = :user
 
     # self.certificate_header = :HTTP_X_CERTIFICATE
+
+    # self.certificate_is_hashed = true
   # end
 
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: better_record
 version: !ruby/object:Gem::Version
-  version: 0.10.10
+  version: 0.11.4
 platform: ruby
 authors:
 - Sampson Crowley
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-09-12 00:00:00.000000000 Z
+date: 2018-09-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails