booth 0.0.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/CHANGELOG.md +4 -0
- data/LICENSE.md +22 -0
- data/README.md +372 -0
- data/app/assets/config/booth_manifest.js +15 -0
- data/app/assets/images/booth/browsers/README.md +2 -0
- data/app/assets/images/booth/browsers/chrome.svg +1 -0
- data/app/assets/images/booth/browsers/edge.svg +1 -0
- data/app/assets/images/booth/browsers/firefox.svg +1 -0
- data/app/assets/images/booth/browsers/internet_explorer.svg +1 -0
- data/app/assets/images/booth/browsers/opera.svg +1 -0
- data/app/assets/images/booth/browsers/safari.svg +1 -0
- data/app/assets/images/booth/browsers/unknown.svg +1 -0
- data/app/assets/images/booth/platforms/README.md +2 -0
- data/app/assets/images/booth/platforms/android.svg +6 -0
- data/app/assets/images/booth/platforms/apple.svg +6 -0
- data/app/assets/images/booth/platforms/linux.svg +6 -0
- data/app/assets/images/booth/platforms/unknown.svg +1 -0
- data/app/assets/images/booth/platforms/windows.svg +6 -0
- data/app/assets/javascripts/booth/all.js +162 -0
- data/app/assets/javascripts/booth/all.js.map +1 -0
- data/app/assets/javascripts/booth/booth.ts +194 -0
- data/app/assets/javascripts/booth/webauthn-json.ts +99 -0
- data/config/locales/de.yml +84 -0
- data/config/locales/en.yml +79 -0
- data/lib/booth/adminland/credentials/create.rb +30 -0
- data/lib/booth/adminland/onboardings/create.rb +63 -0
- data/lib/booth/adminland/onboardings/destroy.rb +50 -0
- data/lib/booth/adminland/onboardings/find.rb +93 -0
- data/lib/booth/adminland/onboardings/index.rb +23 -0
- data/lib/booth/adminland/periodic_cleanup.rb +11 -0
- data/lib/booth/adminland/recoveries/consume.rb +70 -0
- data/lib/booth/adminland.rb +48 -0
- data/lib/booth/audits/register/added_otp.rb +22 -0
- data/lib/booth/audits/register/changed_otp.rb +22 -0
- data/lib/booth/audits/register/completed_onboarding.rb +22 -0
- data/lib/booth/audits/register/correct_otp.rb +42 -0
- data/lib/booth/audits/register/correct_password.rb +43 -0
- data/lib/booth/audits/register/logout.rb +22 -0
- data/lib/booth/audits/register/requested_password_reset.rb +22 -0
- data/lib/booth/audits/register/wrong_otp.rb +22 -0
- data/lib/booth/audits/register/wrong_password.rb +25 -0
- data/lib/booth/authenticators/confirm.rb +34 -0
- data/lib/booth/authenticators/credential_mode_after_confirmation.rb +25 -0
- data/lib/booth/authenticators/step.rb +19 -0
- data/lib/booth/concerns/action.rb +58 -0
- data/lib/booth/concerns/transition.rb +17 -0
- data/lib/booth/configuration.rb +116 -0
- data/lib/booth/configure.rb +37 -0
- data/lib/booth/contests/get.rb +36 -0
- data/lib/booth/contests/respond.rb +78 -0
- data/lib/booth/contests/set_for_login.rb +28 -0
- data/lib/booth/cooldowns/distance_of_time.rb +46 -0
- data/lib/booth/cooldowns/otp.rb +22 -0
- data/lib/booth/cooldowns/password.rb +44 -0
- data/lib/booth/cooldowns/password_reset.rb +24 -0
- data/lib/booth/cooldowns/strategies/exponential.rb +82 -0
- data/lib/booth/cooldowns/strategies/global.rb +62 -0
- data/lib/booth/cooldowns/strategies/result.rb +22 -0
- data/lib/booth/credentials/create.rb +28 -0
- data/lib/booth/credentials/create_with_onboarding.rb +26 -0
- data/lib/booth/credentials/find_by_username.rb +45 -0
- data/lib/booth/credentials/mode.rb +69 -0
- data/lib/booth/credentials/modes/otp_addable.rb +23 -0
- data/lib/booth/credentials/modes/otp_changeable.rb +23 -0
- data/lib/booth/credentials/modes/otp_manageable.rb +17 -0
- data/lib/booth/credentials/modes/otp_removable.rb +23 -0
- data/lib/booth/credentials/modes/password_addable.rb +29 -0
- data/lib/booth/credentials/modes/password_changeable.rb +31 -0
- data/lib/booth/credentials/modes/password_manageable.rb +17 -0
- data/lib/booth/credentials/modes/password_removable.rb +24 -0
- data/lib/booth/credentials/modes/password_removal_requires_user_verifiable_webauth.rb +16 -0
- data/lib/booth/credentials/modes/webauth_addable.rb +26 -0
- data/lib/booth/credentials/modes/webauth_manageable.rb +16 -0
- data/lib/booth/credentials/modes/webauth_removable.rb +25 -0
- data/lib/booth/credentials/otp_authentication.rb +59 -0
- data/lib/booth/credentials/password_authentication.rb +72 -0
- data/lib/booth/credentials/webauth_challenge.rb +28 -0
- data/lib/booth/engine.rb +25 -0
- data/lib/booth/errors.rb +86 -0
- data/lib/booth/geolocation.rb +20 -0
- data/lib/booth/hooks/after_fetch.rb +54 -0
- data/lib/booth/hooks/before_logout.rb +29 -0
- data/lib/booth/hooks/serialize_from_session.rb +24 -0
- data/lib/booth/hooks/serialize_into_session.rb +14 -0
- data/lib/booth/logger.rb +41 -0
- data/lib/booth/logging.rb +59 -0
- data/lib/booth/method_object.rb +73 -0
- data/lib/booth/mode.rb +22 -0
- data/lib/booth/models/application_record.rb +7 -0
- data/lib/booth/models/audit.rb +24 -0
- data/lib/booth/models/authenticator.rb +45 -0
- data/lib/booth/models/concerns/modeable.rb +50 -0
- data/lib/booth/models/concerns/otpable.rb +37 -0
- data/lib/booth/models/concerns/passwordable.rb +58 -0
- data/lib/booth/models/contest.rb +55 -0
- data/lib/booth/models/contests/scopes/recently_created.rb +23 -0
- data/lib/booth/models/contests/scopes/recently_responded.rb +32 -0
- data/lib/booth/models/credential.rb +61 -0
- data/lib/booth/models/onboarding.rb +61 -0
- data/lib/booth/models/password_reset.rb +41 -0
- data/lib/booth/models/recovery.rb +32 -0
- data/lib/booth/models/registration.rb +10 -0
- data/lib/booth/models/session.rb +47 -0
- data/lib/booth/models/user_agent.rb +50 -0
- data/lib/booth/modes/base.rb +25 -0
- data/lib/booth/modes/username_and_password.rb +7 -0
- data/lib/booth/modes/username_and_webauth.rb +7 -0
- data/lib/booth/modes/username_password_and_otp.rb +7 -0
- data/lib/booth/modes/username_password_and_webauth.rb +7 -0
- data/lib/booth/onboardings/find.rb +35 -0
- data/lib/booth/onboardings/propagate_to_credential.rb +63 -0
- data/lib/booth/onboardings/step.rb +68 -0
- data/lib/booth/password_resets/create.rb +57 -0
- data/lib/booth/password_resets/find.rb +36 -0
- data/lib/booth/password_resets/propagate_to_credential.rb +36 -0
- data/lib/booth/password_resets/step.rb +18 -0
- data/lib/booth/recoveries/create.rb +45 -0
- data/lib/booth/request.rb +106 -0
- data/lib/booth/requests/agent.rb +14 -0
- data/lib/booth/requests/authentication.rb +47 -0
- data/lib/booth/requests/ip.rb +28 -0
- data/lib/booth/requests/return_path.rb +34 -0
- data/lib/booth/requests/session.rb +106 -0
- data/lib/booth/requests/storage.rb +62 -0
- data/lib/booth/requests/storages/login.rb +108 -0
- data/lib/booth/requests/storages/otp.rb +54 -0
- data/lib/booth/requests/storages/password.rb +49 -0
- data/lib/booth/requests/storages/password_reset.rb +35 -0
- data/lib/booth/requests/storages/recovery.rb +35 -0
- data/lib/booth/requests/storages/registration.rb +27 -0
- data/lib/booth/requests/storages/webauth.rb +38 -0
- data/lib/booth/requests/sudo.rb +110 -0
- data/lib/booth/routes/userland.rb +80 -0
- data/lib/booth/sessions/create_and_login.rb +46 -0
- data/lib/booth/sessions/historical_locations.rb +18 -0
- data/lib/booth/sessions/index.rb +59 -0
- data/lib/booth/sessions/revoke.rb +51 -0
- data/lib/booth/sessions/revoke_all_others.rb +43 -0
- data/lib/booth/sessions/to_passport.rb +51 -0
- data/lib/booth/syntaxes/contest_code.rb +58 -0
- data/lib/booth/syntaxes/email.rb +97 -0
- data/lib/booth/syntaxes/ip.rb +37 -0
- data/lib/booth/syntaxes/otp.rb +57 -0
- data/lib/booth/syntaxes/scope.rb +21 -0
- data/lib/booth/syntaxes/scope_comparison.rb +28 -0
- data/lib/booth/syntaxes/secret_key.rb +64 -0
- data/lib/booth/syntaxes/username.rb +85 -0
- data/lib/booth/syntaxes/uuid.rb +23 -0
- data/lib/booth/test/helpers.rb +63 -0
- data/lib/booth/test/support/assert_all_partials_were_covered.rb +63 -0
- data/lib/booth/test/support/assert_logged_in.rb +49 -0
- data/lib/booth/test/support/assert_logged_out.rb +30 -0
- data/lib/booth/test/support/assert_partial.rb +29 -0
- data/lib/booth/test/support/force_login.rb +26 -0
- data/lib/booth/test/support/get_session_value.rb +35 -0
- data/lib/booth/test/support/otp_code_from_session.rb +30 -0
- data/lib/booth/test/support/soft_reset_session.rb +22 -0
- data/lib/booth/test/userland/logins/missing_authenticators.rb +72 -0
- data/lib/booth/test/userland/logins/missing_onboarding.rb +35 -0
- data/lib/booth/test/userland/logins/username_and_password.rb +40 -0
- data/lib/booth/test/userland/logins/username_and_webauth.rb +75 -0
- data/lib/booth/test/userland/logins/username_password_and_otp.rb +45 -0
- data/lib/booth/test/userland/logins/username_password_and_webauth.rb +86 -0
- data/lib/booth/test/userland/onboardings/already_logged_in.rb +64 -0
- data/lib/booth/test/userland/onboardings/otp.rb +63 -0
- data/lib/booth/test/userland/onboardings/password.rb +49 -0
- data/lib/booth/test/userland/onboardings/timeout.rb +47 -0
- data/lib/booth/test/userland/otps/manage.rb +86 -0
- data/lib/booth/test/userland/password_resets/reset.rb +102 -0
- data/lib/booth/test/userland.rb +38 -0
- data/lib/booth/test/webauthn/disable.rb +17 -0
- data/lib/booth/test/webauthn/enable.rb +19 -0
- data/lib/booth/test/webauthn/virtual_authenticators/create.rb +38 -0
- data/lib/booth/test/webauthn/virtual_authenticators/destroy.rb +20 -0
- data/lib/booth/test.rb +53 -0
- data/lib/booth/to_struct.rb +11 -0
- data/lib/booth/userland/extract_flash_messages.rb +35 -0
- data/lib/booth/userland/logins/create.rb +28 -0
- data/lib/booth/userland/logins/destroy.rb +37 -0
- data/lib/booth/userland/logins/new.rb +70 -0
- data/lib/booth/userland/logins/transitions/create/choose_username.rb +41 -0
- data/lib/booth/userland/logins/transitions/create/enter_otp.rb +70 -0
- data/lib/booth/userland/logins/transitions/create/skip_remotes.rb +24 -0
- data/lib/booth/userland/logins/transitions/create/verify_password.rb +70 -0
- data/lib/booth/userland/logins/transitions/create/webauth_authentication_initiation.rb +55 -0
- data/lib/booth/userland/logins/transitions/create/webauth_authentication_verification.rb +80 -0
- data/lib/booth/userland/logins/transitions/new/already_logged_in.rb +21 -0
- data/lib/booth/userland/logins/transitions/new/fallible.rb +27 -0
- data/lib/booth/userland/logins/transitions/new/mode_first_time.rb +20 -0
- data/lib/booth/userland/logins/transitions/new/mode_username_and_password.rb +20 -0
- data/lib/booth/userland/logins/transitions/new/mode_username_and_webauth.rb +26 -0
- data/lib/booth/userland/logins/transitions/new/mode_username_password_and_otp.rb +24 -0
- data/lib/booth/userland/logins/transitions/new/mode_username_password_and_webauth.rb +24 -0
- data/lib/booth/userland/logins/transitions/new/no_username_chosen.rb +19 -0
- data/lib/booth/userland/logins/transitions/new/remote_session_available.rb +52 -0
- data/lib/booth/userland/logins/transitions/new/timed_out.rb +25 -0
- data/lib/booth/userland/onboardings/show.rb +74 -0
- data/lib/booth/userland/onboardings/transitions/update/choose_mode.rb +58 -0
- data/lib/booth/userland/onboardings/transitions/update/choose_password.rb +41 -0
- data/lib/booth/userland/onboardings/transitions/update/choose_webauth_nickname.rb +50 -0
- data/lib/booth/userland/onboardings/transitions/update/confirm_otp.rb +58 -0
- data/lib/booth/userland/onboardings/transitions/update/confirm_password.rb +49 -0
- data/lib/booth/userland/onboardings/transitions/update/register_otp.rb +31 -0
- data/lib/booth/userland/onboardings/transitions/update/reset_otp.rb +40 -0
- data/lib/booth/userland/onboardings/transitions/update/reset_password.rb +35 -0
- data/lib/booth/userland/onboardings/transitions/update/reset_webauth.rb +46 -0
- data/lib/booth/userland/onboardings/transitions/update/webauth_authentication_initiation.rb +40 -0
- data/lib/booth/userland/onboardings/transitions/update/webauth_authentication_verification.rb +59 -0
- data/lib/booth/userland/onboardings/transitions/update/webauth_registration_initiation.rb +46 -0
- data/lib/booth/userland/onboardings/transitions/update/webauth_registration_verification.rb +56 -0
- data/lib/booth/userland/onboardings/update.rb +68 -0
- data/lib/booth/userland/otps/destroy.rb +42 -0
- data/lib/booth/userland/otps/edit.rb +72 -0
- data/lib/booth/userland/otps/guards/manageable.rb +21 -0
- data/lib/booth/userland/otps/guards/sudo.rb +23 -0
- data/lib/booth/userland/otps/show.rb +36 -0
- data/lib/booth/userland/otps/sudo.rb +51 -0
- data/lib/booth/userland/otps/transitions/update/confirm.rb +84 -0
- data/lib/booth/userland/otps/transitions/update/register.rb +40 -0
- data/lib/booth/userland/otps/transitions/update/reset.rb +31 -0
- data/lib/booth/userland/otps/update.rb +34 -0
- data/lib/booth/userland/password_resets/create.rb +73 -0
- data/lib/booth/userland/password_resets/guards/logged_out.rb +21 -0
- data/lib/booth/userland/password_resets/new.rb +57 -0
- data/lib/booth/userland/password_resets/show.rb +77 -0
- data/lib/booth/userland/password_resets/transitions/update/choose_password.rb +48 -0
- data/lib/booth/userland/password_resets/transitions/update/confirm_password.rb +54 -0
- data/lib/booth/userland/password_resets/transitions/update/reset_password.rb +29 -0
- data/lib/booth/userland/password_resets/update.rb +65 -0
- data/lib/booth/userland/passwords/destroy.rb +41 -0
- data/lib/booth/userland/passwords/edit.rb +54 -0
- data/lib/booth/userland/passwords/guards/manageable.rb +21 -0
- data/lib/booth/userland/passwords/guards/removable.rb +21 -0
- data/lib/booth/userland/passwords/guards/sudo.rb +21 -0
- data/lib/booth/userland/passwords/remove.rb +34 -0
- data/lib/booth/userland/passwords/show.rb +32 -0
- data/lib/booth/userland/passwords/sudo.rb +55 -0
- data/lib/booth/userland/passwords/transitions/remove/step.rb +27 -0
- data/lib/booth/userland/passwords/transitions/update/choose_password.rb +62 -0
- data/lib/booth/userland/passwords/transitions/update/confirm_password.rb +82 -0
- data/lib/booth/userland/passwords/update.rb +33 -0
- data/lib/booth/userland/personal_contests/show.rb +60 -0
- data/lib/booth/userland/personal_contests/update.rb +37 -0
- data/lib/booth/userland/recoveries/create.rb +48 -0
- data/lib/booth/userland/recoveries/new.rb +35 -0
- data/lib/booth/userland/registrations/create.rb +56 -0
- data/lib/booth/userland/registrations/new.rb +39 -0
- data/lib/booth/userland/sessions/destroy_one_or_other.rb +41 -0
- data/lib/booth/userland/sessions/index.rb +27 -0
- data/lib/booth/userland/sessions/show.rb +31 -0
- data/lib/booth/userland/sessions/transitions/destroy/enter_password.rb +50 -0
- data/lib/booth/userland/sessions/transitions/destroy/enter_webauth.rb +56 -0
- data/lib/booth/userland/sessions/transitions/destroy/verify_password.rb +83 -0
- data/lib/booth/userland/sessions/transitions/destroy/webauth_authentication_initiation.rb +38 -0
- data/lib/booth/userland/sessions/transitions/destroy/webauth_authentication_verification.rb +61 -0
- data/lib/booth/userland/sessions/transitions/show/enter_webauth.rb +56 -0
- data/lib/booth/userland/webauths/create.rb +83 -0
- data/lib/booth/userland/webauths/destroy.rb +60 -0
- data/lib/booth/userland/webauths/guards/manageable.rb +21 -0
- data/lib/booth/userland/webauths/guards/sudo.rb +22 -0
- data/lib/booth/userland/webauths/index.rb +43 -0
- data/lib/booth/userland/webauths/new.rb +70 -0
- data/lib/booth/userland/webauths/sudo.rb +25 -0
- data/lib/booth/userland/webauths/transitions/create/authentication_initiation.rb +52 -0
- data/lib/booth/userland/webauths/transitions/create/authentication_verification.rb +64 -0
- data/lib/booth/userland/webauths/transitions/create/choose_nickname.rb +50 -0
- data/lib/booth/userland/webauths/transitions/create/registration_initiation.rb +61 -0
- data/lib/booth/userland/webauths/transitions/create/registration_verification.rb +68 -0
- data/lib/booth/userland/webauths/transitions/create/reset.rb +36 -0
- data/lib/booth/userland/webauths/transitions/new/step.rb +23 -0
- data/lib/booth/userland/webauths/transitions/sudo/authentication_initiation.rb +47 -0
- data/lib/booth/userland/webauths/transitions/sudo/authentication_verification.rb +34 -0
- data/lib/booth/userland.rb +192 -0
- data/lib/booth/version.rb +3 -0
- data/lib/booth/webauth/authentication_verification.rb +68 -0
- data/lib/booth/webauth/demand_user_verification.rb +29 -0
- data/lib/booth/webauth/options_for_create.rb +46 -0
- data/lib/booth/webauth/options_for_get.rb +29 -0
- data/lib/booth.rb +267 -0
- data/lib/generators/booth/migration/migration_generator.rb +25 -0
- data/lib/generators/booth/migration/templates/add_credential_to_users.erb +18 -0
- data/lib/generators/booth/migration/templates/create_booth_mode_types.erb +20 -0
- data/lib/generators/booth/migration/templates/create_booth_tables.erb +135 -0
- metadata +861 -0
data/lib/booth.rb
ADDED
@@ -0,0 +1,267 @@
|
|
1
|
+
# ------------
|
2
|
+
# Dependencies
|
3
|
+
# ------------
|
4
|
+
|
5
|
+
# Rails
|
6
|
+
require 'active_model'
|
7
|
+
require 'active_record'
|
8
|
+
require 'active_support'
|
9
|
+
|
10
|
+
# Gems
|
11
|
+
require 'active_model_otp'
|
12
|
+
require 'browser'
|
13
|
+
require 'dry-initializer'
|
14
|
+
require 'i18n'
|
15
|
+
require 'pwned'
|
16
|
+
require 'rqrcode'
|
17
|
+
require 'tron'
|
18
|
+
require 'warden'
|
19
|
+
require 'webauthn'
|
20
|
+
|
21
|
+
require_relative 'booth/method_object' # Extracted from a gem
|
22
|
+
|
23
|
+
# -----
|
24
|
+
# BOOTH
|
25
|
+
# -----
|
26
|
+
|
27
|
+
# Generators
|
28
|
+
require 'generators/booth/migration/migration_generator'
|
29
|
+
|
30
|
+
# Global
|
31
|
+
require_relative 'booth/logging'
|
32
|
+
require_relative 'booth/logger'
|
33
|
+
require_relative 'booth/errors'
|
34
|
+
require_relative 'booth/configuration'
|
35
|
+
require_relative 'booth/configure'
|
36
|
+
require_relative 'booth/engine'
|
37
|
+
|
38
|
+
# Syntax Checkers
|
39
|
+
require_relative 'booth/syntaxes/contest_code'
|
40
|
+
require_relative 'booth/syntaxes/email'
|
41
|
+
require_relative 'booth/syntaxes/ip'
|
42
|
+
require_relative 'booth/syntaxes/otp'
|
43
|
+
require_relative 'booth/syntaxes/scope'
|
44
|
+
require_relative 'booth/syntaxes/scope_comparison'
|
45
|
+
require_relative 'booth/syntaxes/secret_key'
|
46
|
+
require_relative 'booth/syntaxes/username'
|
47
|
+
require_relative 'booth/syntaxes/uuid'
|
48
|
+
|
49
|
+
# Helpers
|
50
|
+
require_relative 'booth/concerns/action'
|
51
|
+
require_relative 'booth/concerns/transition'
|
52
|
+
require_relative 'booth/geolocation'
|
53
|
+
require_relative 'booth/request'
|
54
|
+
require_relative 'booth/routes/userland'
|
55
|
+
require_relative 'booth/to_struct'
|
56
|
+
require_relative 'booth/mode'
|
57
|
+
require_relative 'booth/modes/base'
|
58
|
+
require_relative 'booth/modes/username_and_password'
|
59
|
+
require_relative 'booth/modes/username_and_webauth'
|
60
|
+
require_relative 'booth/modes/username_password_and_otp'
|
61
|
+
require_relative 'booth/modes/username_password_and_webauth'
|
62
|
+
|
63
|
+
# Model dependencies
|
64
|
+
require_relative 'booth/models/contests/scopes/recently_created'
|
65
|
+
require_relative 'booth/models/contests/scopes/recently_responded'
|
66
|
+
|
67
|
+
# Models
|
68
|
+
require_relative 'booth/models/application_record'
|
69
|
+
require_relative 'booth/models/audit'
|
70
|
+
require_relative 'booth/models/authenticator'
|
71
|
+
require_relative 'booth/models/concerns/modeable'
|
72
|
+
require_relative 'booth/models/concerns/otpable'
|
73
|
+
require_relative 'booth/models/concerns/passwordable'
|
74
|
+
require_relative 'booth/models/contest'
|
75
|
+
require_relative 'booth/models/credential'
|
76
|
+
require_relative 'booth/models/onboarding'
|
77
|
+
require_relative 'booth/models/password_reset'
|
78
|
+
require_relative 'booth/models/recovery'
|
79
|
+
require_relative 'booth/models/session'
|
80
|
+
require_relative 'booth/models/user_agent'
|
81
|
+
|
82
|
+
# Services
|
83
|
+
require_relative 'booth/audits/register/added_otp'
|
84
|
+
require_relative 'booth/audits/register/changed_otp'
|
85
|
+
require_relative 'booth/audits/register/completed_onboarding'
|
86
|
+
require_relative 'booth/audits/register/correct_otp'
|
87
|
+
require_relative 'booth/audits/register/correct_password'
|
88
|
+
require_relative 'booth/audits/register/requested_password_reset'
|
89
|
+
require_relative 'booth/audits/register/logout'
|
90
|
+
require_relative 'booth/audits/register/wrong_otp'
|
91
|
+
require_relative 'booth/audits/register/wrong_password'
|
92
|
+
require_relative 'booth/authenticators/confirm'
|
93
|
+
require_relative 'booth/authenticators/credential_mode_after_confirmation'
|
94
|
+
require_relative 'booth/authenticators/step'
|
95
|
+
require_relative 'booth/contests/get'
|
96
|
+
require_relative 'booth/contests/respond'
|
97
|
+
require_relative 'booth/contests/set_for_login'
|
98
|
+
require_relative 'booth/cooldowns/distance_of_time'
|
99
|
+
require_relative 'booth/cooldowns/otp'
|
100
|
+
require_relative 'booth/cooldowns/password'
|
101
|
+
require_relative 'booth/cooldowns/password_reset'
|
102
|
+
require_relative 'booth/cooldowns/strategies/exponential'
|
103
|
+
require_relative 'booth/cooldowns/strategies/global'
|
104
|
+
require_relative 'booth/cooldowns/strategies/result'
|
105
|
+
require_relative 'booth/credentials/create_with_onboarding'
|
106
|
+
require_relative 'booth/credentials/create'
|
107
|
+
require_relative 'booth/credentials/find_by_username'
|
108
|
+
require_relative 'booth/credentials/mode'
|
109
|
+
require_relative 'booth/credentials/modes/otp_addable'
|
110
|
+
require_relative 'booth/credentials/modes/otp_changeable'
|
111
|
+
require_relative 'booth/credentials/modes/otp_manageable'
|
112
|
+
require_relative 'booth/credentials/modes/otp_removable'
|
113
|
+
require_relative 'booth/credentials/modes/password_addable'
|
114
|
+
require_relative 'booth/credentials/modes/password_changeable'
|
115
|
+
require_relative 'booth/credentials/modes/password_manageable'
|
116
|
+
require_relative 'booth/credentials/modes/password_removable'
|
117
|
+
require_relative 'booth/credentials/modes/webauth_addable'
|
118
|
+
require_relative 'booth/credentials/modes/webauth_removable'
|
119
|
+
require_relative 'booth/credentials/modes/webauth_manageable'
|
120
|
+
require_relative 'booth/credentials/otp_authentication'
|
121
|
+
require_relative 'booth/credentials/password_authentication'
|
122
|
+
require_relative 'booth/credentials/webauth_challenge'
|
123
|
+
require_relative 'booth/hooks/after_fetch'
|
124
|
+
require_relative 'booth/hooks/before_logout'
|
125
|
+
require_relative 'booth/hooks/serialize_from_session'
|
126
|
+
require_relative 'booth/hooks/serialize_into_session'
|
127
|
+
require_relative 'booth/onboardings/find'
|
128
|
+
require_relative 'booth/onboardings/propagate_to_credential'
|
129
|
+
require_relative 'booth/onboardings/step'
|
130
|
+
require_relative 'booth/password_resets/create'
|
131
|
+
require_relative 'booth/password_resets/find'
|
132
|
+
require_relative 'booth/password_resets/propagate_to_credential'
|
133
|
+
require_relative 'booth/password_resets/step'
|
134
|
+
require_relative 'booth/recoveries/create'
|
135
|
+
require_relative 'booth/requests/agent'
|
136
|
+
require_relative 'booth/requests/authentication'
|
137
|
+
require_relative 'booth/requests/ip'
|
138
|
+
require_relative 'booth/requests/return_path'
|
139
|
+
require_relative 'booth/requests/session'
|
140
|
+
require_relative 'booth/requests/storage'
|
141
|
+
require_relative 'booth/requests/storages/login'
|
142
|
+
require_relative 'booth/requests/storages/otp'
|
143
|
+
require_relative 'booth/requests/storages/password_reset'
|
144
|
+
require_relative 'booth/requests/storages/password'
|
145
|
+
require_relative 'booth/requests/storages/recovery'
|
146
|
+
require_relative 'booth/requests/storages/registration'
|
147
|
+
require_relative 'booth/requests/storages/webauth'
|
148
|
+
require_relative 'booth/requests/sudo'
|
149
|
+
require_relative 'booth/sessions/create_and_login'
|
150
|
+
require_relative 'booth/sessions/historical_locations'
|
151
|
+
require_relative 'booth/sessions/index'
|
152
|
+
require_relative 'booth/sessions/revoke_all_others'
|
153
|
+
require_relative 'booth/sessions/revoke'
|
154
|
+
require_relative 'booth/sessions/to_passport'
|
155
|
+
require_relative 'booth/webauth/authentication_verification'
|
156
|
+
require_relative 'booth/webauth/demand_user_verification'
|
157
|
+
require_relative 'booth/webauth/options_for_create'
|
158
|
+
require_relative 'booth/webauth/options_for_get'
|
159
|
+
|
160
|
+
# Userland Transitions
|
161
|
+
require_relative 'booth/userland/logins/transitions/create/choose_username'
|
162
|
+
require_relative 'booth/userland/logins/transitions/create/enter_otp'
|
163
|
+
require_relative 'booth/userland/logins/transitions/create/skip_remotes'
|
164
|
+
require_relative 'booth/userland/logins/transitions/create/verify_password'
|
165
|
+
require_relative 'booth/userland/logins/transitions/create/webauth_authentication_initiation'
|
166
|
+
require_relative 'booth/userland/logins/transitions/create/webauth_authentication_verification'
|
167
|
+
require_relative 'booth/userland/logins/transitions/new/fallible' # Concern, needs to come first
|
168
|
+
require_relative 'booth/userland/logins/transitions/new/already_logged_in'
|
169
|
+
require_relative 'booth/userland/logins/transitions/new/mode_first_time'
|
170
|
+
require_relative 'booth/userland/logins/transitions/new/mode_username_and_password'
|
171
|
+
require_relative 'booth/userland/logins/transitions/new/mode_username_and_webauth'
|
172
|
+
require_relative 'booth/userland/logins/transitions/new/mode_username_password_and_otp'
|
173
|
+
require_relative 'booth/userland/logins/transitions/new/mode_username_password_and_webauth'
|
174
|
+
require_relative 'booth/userland/logins/transitions/new/no_username_chosen'
|
175
|
+
require_relative 'booth/userland/logins/transitions/new/remote_session_available'
|
176
|
+
require_relative 'booth/userland/logins/transitions/new/timed_out'
|
177
|
+
require_relative 'booth/userland/onboardings/transitions/update/choose_mode'
|
178
|
+
require_relative 'booth/userland/onboardings/transitions/update/choose_password'
|
179
|
+
require_relative 'booth/userland/onboardings/transitions/update/choose_webauth_nickname'
|
180
|
+
require_relative 'booth/userland/onboardings/transitions/update/confirm_otp'
|
181
|
+
require_relative 'booth/userland/onboardings/transitions/update/confirm_password'
|
182
|
+
require_relative 'booth/userland/onboardings/transitions/update/register_otp'
|
183
|
+
require_relative 'booth/userland/onboardings/transitions/update/reset_otp'
|
184
|
+
require_relative 'booth/userland/onboardings/transitions/update/reset_password'
|
185
|
+
require_relative 'booth/userland/onboardings/transitions/update/reset_webauth'
|
186
|
+
require_relative 'booth/userland/onboardings/transitions/update/webauth_authentication_initiation'
|
187
|
+
require_relative 'booth/userland/onboardings/transitions/update/webauth_authentication_verification'
|
188
|
+
require_relative 'booth/userland/onboardings/transitions/update/webauth_registration_initiation'
|
189
|
+
require_relative 'booth/userland/onboardings/transitions/update/webauth_registration_verification'
|
190
|
+
require_relative 'booth/userland/otps/guards/manageable'
|
191
|
+
require_relative 'booth/userland/otps/guards/sudo'
|
192
|
+
require_relative 'booth/userland/otps/transitions/update/confirm'
|
193
|
+
require_relative 'booth/userland/otps/transitions/update/register'
|
194
|
+
require_relative 'booth/userland/otps/transitions/update/reset'
|
195
|
+
require_relative 'booth/userland/password_resets/guards/logged_out'
|
196
|
+
require_relative 'booth/userland/password_resets/transitions/update/choose_password'
|
197
|
+
require_relative 'booth/userland/password_resets/transitions/update/confirm_password'
|
198
|
+
require_relative 'booth/userland/password_resets/transitions/update/reset_password'
|
199
|
+
require_relative 'booth/userland/passwords/guards/manageable'
|
200
|
+
require_relative 'booth/userland/passwords/guards/removable'
|
201
|
+
require_relative 'booth/userland/passwords/guards/sudo'
|
202
|
+
require_relative 'booth/userland/passwords/transitions/remove/step'
|
203
|
+
require_relative 'booth/userland/passwords/transitions/update/choose_password'
|
204
|
+
require_relative 'booth/userland/passwords/transitions/update/confirm_password'
|
205
|
+
require_relative 'booth/userland/sessions/transitions/destroy/enter_password'
|
206
|
+
require_relative 'booth/userland/sessions/transitions/destroy/enter_webauth'
|
207
|
+
require_relative 'booth/userland/sessions/transitions/destroy/verify_password'
|
208
|
+
require_relative 'booth/userland/sessions/transitions/destroy/webauth_authentication_initiation'
|
209
|
+
require_relative 'booth/userland/sessions/transitions/destroy/webauth_authentication_verification'
|
210
|
+
require_relative 'booth/userland/sessions/transitions/show/enter_webauth'
|
211
|
+
require_relative 'booth/userland/webauths/transitions/create/authentication_initiation'
|
212
|
+
require_relative 'booth/userland/webauths/transitions/create/authentication_verification'
|
213
|
+
require_relative 'booth/userland/webauths/transitions/create/choose_nickname'
|
214
|
+
require_relative 'booth/userland/webauths/transitions/create/registration_initiation'
|
215
|
+
require_relative 'booth/userland/webauths/transitions/create/registration_verification'
|
216
|
+
require_relative 'booth/userland/webauths/transitions/create/reset'
|
217
|
+
require_relative 'booth/userland/webauths/transitions/sudo/authentication_initiation'
|
218
|
+
require_relative 'booth/userland/webauths/transitions/sudo/authentication_verification'
|
219
|
+
|
220
|
+
# Userland Actions
|
221
|
+
require_relative 'booth/userland'
|
222
|
+
require_relative 'booth/userland/extract_flash_messages'
|
223
|
+
require_relative 'booth/userland/logins/create'
|
224
|
+
require_relative 'booth/userland/logins/destroy'
|
225
|
+
require_relative 'booth/userland/logins/new'
|
226
|
+
require_relative 'booth/userland/onboardings/show'
|
227
|
+
require_relative 'booth/userland/onboardings/update'
|
228
|
+
require_relative 'booth/userland/otps/destroy'
|
229
|
+
require_relative 'booth/userland/otps/edit'
|
230
|
+
require_relative 'booth/userland/otps/show'
|
231
|
+
require_relative 'booth/userland/otps/sudo'
|
232
|
+
require_relative 'booth/userland/otps/update'
|
233
|
+
require_relative 'booth/userland/password_resets/create'
|
234
|
+
require_relative 'booth/userland/password_resets/new'
|
235
|
+
require_relative 'booth/userland/password_resets/show'
|
236
|
+
require_relative 'booth/userland/password_resets/update'
|
237
|
+
require_relative 'booth/userland/passwords/destroy'
|
238
|
+
require_relative 'booth/userland/passwords/edit'
|
239
|
+
require_relative 'booth/userland/passwords/remove'
|
240
|
+
require_relative 'booth/userland/passwords/show'
|
241
|
+
require_relative 'booth/userland/passwords/sudo'
|
242
|
+
require_relative 'booth/userland/passwords/update'
|
243
|
+
require_relative 'booth/userland/personal_contests/show'
|
244
|
+
require_relative 'booth/userland/personal_contests/update'
|
245
|
+
require_relative 'booth/userland/recoveries/create'
|
246
|
+
require_relative 'booth/userland/recoveries/new'
|
247
|
+
require_relative 'booth/userland/registrations/create'
|
248
|
+
require_relative 'booth/userland/registrations/new'
|
249
|
+
require_relative 'booth/userland/sessions/destroy_one_or_other'
|
250
|
+
require_relative 'booth/userland/sessions/index'
|
251
|
+
require_relative 'booth/userland/sessions/show'
|
252
|
+
require_relative 'booth/userland/webauths/create'
|
253
|
+
require_relative 'booth/userland/webauths/destroy'
|
254
|
+
require_relative 'booth/userland/webauths/guards/manageable'
|
255
|
+
require_relative 'booth/userland/webauths/guards/sudo'
|
256
|
+
require_relative 'booth/userland/webauths/index'
|
257
|
+
require_relative 'booth/userland/webauths/new'
|
258
|
+
require_relative 'booth/userland/webauths/sudo'
|
259
|
+
|
260
|
+
# Adminland Helpers
|
261
|
+
require_relative 'booth/adminland'
|
262
|
+
require_relative 'booth/adminland/recoveries/consume'
|
263
|
+
require_relative 'booth/adminland/credentials/create'
|
264
|
+
require_relative 'booth/adminland/onboardings/create'
|
265
|
+
require_relative 'booth/adminland/onboardings/destroy'
|
266
|
+
require_relative 'booth/adminland/onboardings/find'
|
267
|
+
require_relative 'booth/adminland/onboardings/index'
|
@@ -0,0 +1,25 @@
|
|
1
|
+
require 'rails/generators'
|
2
|
+
require 'rails/generators/migration'
|
3
|
+
|
4
|
+
module Booth
|
5
|
+
module Generators
|
6
|
+
class MigrationGenerator < ::Rails::Generators::Base
|
7
|
+
include Rails::Generators::Migration
|
8
|
+
|
9
|
+
source_root File.expand_path('templates', __dir__)
|
10
|
+
desc 'Generate the migration file for creating the Booth database tables'
|
11
|
+
|
12
|
+
# See https://github.com/rails/rails/blob/9a2e00e27b87632be3528b53efb8bba504688711/activerecord/lib/rails/generators/active_record/migration.rb#L13-L16
|
13
|
+
def self.next_migration_number(dirname)
|
14
|
+
next_migration_number = current_migration_number(dirname) + 1
|
15
|
+
ActiveRecord::Migration.next_migration_number(next_migration_number)
|
16
|
+
end
|
17
|
+
|
18
|
+
def copy_migrations
|
19
|
+
migration_template 'create_booth_mode_types.erb', 'db/migrate/create_booth_mode_types.rb'
|
20
|
+
migration_template 'create_booth_tables.erb', 'db/migrate/create_booth_tables.rb'
|
21
|
+
migration_template 'add_credential_to_users.erb', 'db/migrate/add_credential_to_users.rb'
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
25
|
+
end
|
@@ -0,0 +1,18 @@
|
|
1
|
+
class AddCredentialToUsers < ActiveRecord::Migration[<%= ActiveRecord::Migration.current_version %>]
|
2
|
+
def change
|
3
|
+
# Booth assumes that you already have one or more tables for your users.
|
4
|
+
|
5
|
+
# Add a column to your users table holding a reference to the `booth_credentials` table.
|
6
|
+
# Every user record belongs to one corresponding credential record.
|
7
|
+
# If your table is not called "users", you'll of course have to modify the table name below.
|
8
|
+
add_column :users, :credential_id, :uuid
|
9
|
+
add_index :users, :credential_id, unique: true
|
10
|
+
add_foreign_key :users, :booth_credentials, column: :credential_id, on_delete: :nullify
|
11
|
+
|
12
|
+
# If you have multiple, separate user tables, add a reference to them as well.
|
13
|
+
# By the way, feel free to rename the column. It is yours.
|
14
|
+
add_column :employees, :credential_id, :uuid
|
15
|
+
add_index :employees, :credential_id, unique: true
|
16
|
+
add_foreign_key :employees, :booth_credentials, column: :credential_id, on_delete: :nullify
|
17
|
+
end
|
18
|
+
end
|
@@ -0,0 +1,20 @@
|
|
1
|
+
# Don't change anything in this file.
|
2
|
+
|
3
|
+
class CreateBoothModeTypes < ActiveRecord::Migration[<%= ActiveRecord::Migration.current_version %>]
|
4
|
+
def up
|
5
|
+
execute <<-SQL
|
6
|
+
CREATE TYPE booth_credential_mode AS ENUM
|
7
|
+
('first_time',
|
8
|
+
'username_and_password',
|
9
|
+
'username_password_and_otp',
|
10
|
+
'username_password_and_webauth',
|
11
|
+
'username_and_webauth');
|
12
|
+
SQL
|
13
|
+
end
|
14
|
+
|
15
|
+
def down
|
16
|
+
execute <<-SQL
|
17
|
+
DROP TYPE booth_credential_mode;
|
18
|
+
SQL
|
19
|
+
end
|
20
|
+
end
|
@@ -0,0 +1,135 @@
|
|
1
|
+
class CreateBoothTables < ActiveRecord::Migration[<%= ActiveRecord::Migration.current_version %>]
|
2
|
+
def change
|
3
|
+
# In order for Postgres to generate UUIDs, you may have to enable this extension first.
|
4
|
+
enable_extension 'pgcrypto'
|
5
|
+
# To register timestamps belonging to IPs we use an hstore field.
|
6
|
+
enable_extension 'hstore'
|
7
|
+
|
8
|
+
####################################################################################
|
9
|
+
# The following tables are owned by Booth. Do not change anything below this line. #
|
10
|
+
####################################################################################
|
11
|
+
|
12
|
+
# ------------------------------------------------------------
|
13
|
+
# There is one credential record per user.
|
14
|
+
# This is where login secrets such as the password are stored.
|
15
|
+
# ------------------------------------------------------------
|
16
|
+
|
17
|
+
create_table :booth_credentials, id: :uuid do |t|
|
18
|
+
t.string :scope, null: false, default: 'default'
|
19
|
+
t.string :username, null: false, index: { unique: true }
|
20
|
+
t.string :password_digest, null: false
|
21
|
+
t.string :otp_secret_key, null: false
|
22
|
+
t.column :allowed_modes, :booth_credential_mode, array: true, null: false, default: []
|
23
|
+
t.column :mode, :booth_credential_mode, null: false, default: :first_time
|
24
|
+
t.datetime :flagged_pwned_at
|
25
|
+
t.timestamps
|
26
|
+
end
|
27
|
+
add_index :booth_credentials, %i[username scope], unique: true
|
28
|
+
|
29
|
+
create_table :booth_authenticators, id: :uuid do |t|
|
30
|
+
t.references :credential, foreign_key: { to_table: :booth_credentials }, type: :uuid, null: false, index: true, on_delete: :cascade
|
31
|
+
t.string :webauthn_id, unique: true, null: false # I.e. our username presented to the hardware key
|
32
|
+
t.string :device_id # I.e. what the hardware key says its technical name is
|
33
|
+
t.string :nickname # I.e. what the user says its hardware key is called
|
34
|
+
t.string :public_key
|
35
|
+
t.string :challenge, null: false
|
36
|
+
t.bigint :sign_count
|
37
|
+
t.datetime :confirmed_at
|
38
|
+
t.boolean :supports_user_verification, null: false, default: false
|
39
|
+
t.timestamps
|
40
|
+
end
|
41
|
+
add_index :booth_authenticators, %i[credential_id webauthn_id], unique: true
|
42
|
+
add_index :booth_authenticators, %i[credential_id confirmed_at], where: 'confirmed_at IS NULL', unique: true
|
43
|
+
|
44
|
+
create_table :booth_password_resets, id: :uuid do |t|
|
45
|
+
t.references :credential, foreign_key: { to_table: :booth_credentials }, type: :uuid, null: false, index: true, on_delete: :cascade
|
46
|
+
t.string :secret_key, null: false, index: { unique: true }
|
47
|
+
t.inet :creator_ip, null: false
|
48
|
+
t.inet :consumer_ip
|
49
|
+
t.datetime :accessed_at
|
50
|
+
t.string :password_digest
|
51
|
+
t.datetime :password_chosen_at
|
52
|
+
t.datetime :password_confirmed_at
|
53
|
+
t.datetime :propagated_at
|
54
|
+
t.datetime :revoked_at
|
55
|
+
t.timestamps
|
56
|
+
end
|
57
|
+
|
58
|
+
create_table :booth_recoveries, id: :uuid do |t|
|
59
|
+
t.string :scope, null: false, index: true
|
60
|
+
t.string :email, null: false, index: true
|
61
|
+
t.inet :creator_ip, null: false
|
62
|
+
t.datetime :consumed_at
|
63
|
+
t.datetime :revoked_at
|
64
|
+
t.timestamps
|
65
|
+
end
|
66
|
+
|
67
|
+
# ------------------------------------------------------------
|
68
|
+
# To give a new user the opportunity to choose a login method,
|
69
|
+
# they go through an onboarding process.
|
70
|
+
# ------------------------------------------------------------
|
71
|
+
|
72
|
+
create_table :booth_onboardings, id: :uuid do |t|
|
73
|
+
t.references :credential, foreign_key: { to_table: :booth_credentials }, type: :uuid, null: false, index: { unique: true }, on_delete: :cascade
|
74
|
+
t.string :secret_key, null: false, index: { unique: true }
|
75
|
+
t.datetime :accessed_at
|
76
|
+
t.column :mode, :booth_credential_mode, null: false, default: :first_time
|
77
|
+
t.string :password_digest
|
78
|
+
t.datetime :password_chosen_at
|
79
|
+
t.datetime :password_confirmed_at
|
80
|
+
t.string :otp_secret_key
|
81
|
+
t.datetime :otp_registered_at
|
82
|
+
t.datetime :otp_confirmed_at
|
83
|
+
t.string :webauthn_id
|
84
|
+
t.string :authenticator_id
|
85
|
+
t.string :authenticator_nickname
|
86
|
+
t.string :authenticator_challenge
|
87
|
+
t.string :authenticator_public_key
|
88
|
+
t.bigint :authenticator_sign_count
|
89
|
+
t.datetime :authenticator_confirmed_at
|
90
|
+
t.datetime :propagated_at
|
91
|
+
t.timestamps
|
92
|
+
end
|
93
|
+
|
94
|
+
# ------------------------------------------------------------
|
95
|
+
# Once logged in with a credential, a server-side session will
|
96
|
+
# be generated and its use continuously verified.
|
97
|
+
# ------------------------------------------------------------
|
98
|
+
|
99
|
+
create_table :booth_sessions, id: :uuid do |t|
|
100
|
+
t.references :credential, foreign_key: { to_table: :booth_credentials }, type: :uuid, null: false, index: true, on_delete: :cascade
|
101
|
+
t.references :incognito_credential, foreign_key: { to_table: :booth_credentials }, type: :uuid, index: { unique: true }, on_delete: :cascade
|
102
|
+
t.datetime :activity_at, null: false, index: true
|
103
|
+
t.datetime :revoked_at
|
104
|
+
t.string :revoke_reason
|
105
|
+
t.inet :most_recent_ip, null: false
|
106
|
+
t.hstore :historical_ips, null: false, default: {}
|
107
|
+
t.string :agent
|
108
|
+
t.string :location
|
109
|
+
t.hstore :historical_locations, null: false, default: {}
|
110
|
+
t.timestamps
|
111
|
+
end
|
112
|
+
|
113
|
+
create_table :booth_contests, id: :uuid do |t|
|
114
|
+
t.references :credential, foreign_key: { to_table: :booth_credentials }, type: :uuid, null: false, index: { unique: true }, on_delete: :cascade
|
115
|
+
t.string :code, null: false, index: true
|
116
|
+
t.string :reason, null: false, index: true
|
117
|
+
t.inet :ip, null: false
|
118
|
+
t.string :agent
|
119
|
+
t.string :location
|
120
|
+
t.datetime :responded_at
|
121
|
+
t.timestamps
|
122
|
+
end
|
123
|
+
|
124
|
+
create_table :booth_audits, id: :uuid do |t|
|
125
|
+
t.references :credential, foreign_key: { to_table: :booth_credentials }, type: :uuid, index: true, on_delete: :cascade
|
126
|
+
t.inet :ip, null: false
|
127
|
+
t.string :agent
|
128
|
+
t.string :location
|
129
|
+
t.string :event, null: false, index: true
|
130
|
+
t.datetime :deleted_at
|
131
|
+
t.timestamps
|
132
|
+
end
|
133
|
+
add_index :booth_audits, %i[ip event]
|
134
|
+
end
|
135
|
+
end
|