castle_devise 0.2.0 → 0.4.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (12) hide show
  1. checksums.yaml +4 -4
  2. data/.github/workflows/lint.yml +4 -1
  3. data/CHANGELOG.md +13 -1
  4. data/Gemfile.lock +2 -1
  5. data/README.md +14 -15
  6. data/lib/castle_devise/configuration.rb +8 -0
  7. data/lib/castle_devise/helpers/castle_helper.rb +4 -42
  8. data/lib/castle_devise/hooks/castle_protectable.rb +2 -2
  9. data/lib/castle_devise/sdk_facade.rb +2 -1
  10. data/lib/castle_devise/version.rb +1 -1
  11. data/lib/castle_devise.rb +5 -3
  12. metadata +6 -6
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 7cc0ef1100f1ceb942fa1be6553b6b7ca862656e3c7a6b9b57459285a69a46a7
4
- data.tar.gz: 9222268f8c6e22fb367bbc0cc9a0ce52b5dc8854f8eefa0f2f34e2afaa4a92eb
3
+ metadata.gz: '08bc5ac82986fd553c2c64a8c10a04748220a997b1c3430d1dc2bde82c18623d'
4
+ data.tar.gz: 367ba90a6e2e6e6b32a2dd87a9ad7e375fc6567d64dc069816d85f0bf1d5a014
5
5
  SHA512:
6
- metadata.gz: b6a11b460114c2133776991e4cde4f11a9030e5b019ea0162712b070a72b9adbd50cfad1f866cf90a92b05f505464ded6d9727a474c22edd5f65a9ed6f4fb0d6
7
- data.tar.gz: 292fe6b7dff6f11135c8e63b53ee4484cc8c1dd93dab449d58ef765b29935a8f4bbb925896bf4b4d06b21f1e44cc7ce748af8226287c832b9e8409026bc81c23
6
+ metadata.gz: c3b603e7ad9f16909b546bb2604cff29d9939ea5e43b187764a0f114f9ee43a9746616bf05e1699a4bb914053781df0a190d7281ed5c9e2c1e0e34739bd34945
7
+ data.tar.gz: 47abcfb52b021885ce447ca68199cea7142f9e574e5b4bdb5653e60c6c4c373b67d1225c06baf61df24cca590b1dd35756cb3914c2de6348aea72c70ce110ac8
data/.github/workflows/lint.yml CHANGED
@@ -9,10 +9,13 @@ jobs:
9
9
  steps:
10
10
  - name: Check out code
11
11
  uses: actions/checkout@v1
12
+ - name: Give permissions
13
+ run: |
14
+ sudo chown -R root:root $GITHUB_WORKSPACE
12
15
  - name: standardrb
13
16
  uses: SennaLabs/action-standardrb@v0.0.3
14
17
  with:
15
18
  github_token: ${{ secrets.github_token }}
16
19
  reporter: github-pr-review # Default is github-pr-check
17
- rubocop_version: 1.1.1 # note: this actually refers to standardb version, not Rubocop
20
+ rubocop_version: 1.1.6 # note: this actually refers to standardb version, not Rubocop
18
21
  rubocop_flags: --format progress
data/CHANGELOG.md CHANGED
@@ -2,6 +2,16 @@
2
2
 
3
3
  ## [Unreleased][main]
4
4
 
5
+ ## [0.4.1] - 2022-12-13
6
+ - Introduced new configuration options for `castle_sdk_facade_class` and `castle_client`
7
+
8
+ ## [0.4.0] - 2022-05-17
9
+ - Send $login $failed events to /v1/filter
10
+
11
+ ## [0.3.0] - 2021-08-30
12
+
13
+ - Switch c.js to 2.0 version, Update c.js related helpers
14
+
5
15
  ## [0.2.0] - 2021-08-12
6
16
 
7
17
  - Add Log action for $profile_update event with $succeeded and $failed statuses during reset password process
@@ -13,6 +23,8 @@
13
23
 
14
24
  - Initial release
15
25
 
16
- [main]: https://github.com/castle/castle_devise/compare/v0.2.0...HEAD
26
+ [main]: https://github.com/castle/castle_devise/compare/v0.4.0...HEAD
27
+ [0.4.0]: https://github.com/castle/castle_devise/compare/v0.3.0...v0.4.0
28
+ [0.3.0]: https://github.com/castle/castle_devise/compare/v0.2.0...v0.3.0
17
29
  [0.2.0]: https://github.com/castle/castle_devise/compare/v0.1.0...v0.2.0
18
30
  [0.1.0]: https://github.com/castle/castle_devise/releases/tag/v0.1.0
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- castle_devise (0.2.0)
4
+ castle_devise (0.4.1)
5
5
  activesupport (>= 5.0)
6
6
  castle-rb (>= 7.0, < 8.0)
7
7
  devise (>= 4.3.0, < 5.0)
@@ -171,6 +171,7 @@ GEM
171
171
  PLATFORMS
172
172
  x86_64-darwin-18
173
173
  x86_64-darwin-19
174
+ x86_64-darwin-20
174
175
 
175
176
  DEPENDENCIES
176
177
  actionmailer
data/README.md CHANGED
@@ -2,11 +2,11 @@
2
2
 
3
3
  **Disclaimer:** CastleDevise is currently in beta. There might be some upcoming breaking changes to the gem before we stabilize the API.
4
4
 
5
- ---
5
+ ---
6
6
 
7
- # CastleDevice
7
+ # CastleDevise
8
8
 
9
- CastleDevise is a [Devise](https://github.com/heartcombo/devise) plugin that integrates [Castle](https://castle.io).
9
+ CastleDevise is a [Devise](https://github.com/heartcombo/devise) plugin that integrates [Castle](https://castle.io).
10
10
 
11
11
  It currently provides the following features:
12
12
  - preventing bots from registration attacks using Castle's [Filter API](https://docs.castle.io/v1/reference/api-reference/#filter)
@@ -26,11 +26,11 @@ gem 'castle_devise'
26
26
 
27
27
  Create `config/initializers/castle_devise.rb` and fill in your API secret and APP_ID from the [Castle Dashboard](https://dashboard.castle.io/settings/general)
28
28
 
29
- ```ruby
29
+ ```ruby
30
30
  CastleDevise.configure do |config|
31
31
  config.api_secret = ENV.fetch('CASTLE_API_SECRET')
32
32
  config.app_id = ENV.fetch('CASTLE_APP_ID')
33
-
33
+
34
34
  # When monitoring mode is enabled, CastleDevise sends
35
35
  # requests to Castle but it doesn't act on the "deny" verdicts.
36
36
  #
@@ -45,10 +45,10 @@ end
45
45
 
46
46
  Add `:castle_protectable` Devise module to your User model:
47
47
 
48
- ```ruby
48
+ ```ruby
49
49
  class User < ApplicationRecord
50
50
  devise :database_authenticatable, :registerable,
51
- :recoverable, :rememberable, :validatable,
51
+ :recoverable, :rememberable, :validatable,
52
52
  :castle_protectable # <--- add this
53
53
  end
54
54
  ```
@@ -75,9 +75,7 @@ Include Castle's c.js script in the head section of your layout:
75
75
  Add the following tag to the the `<form>` tag in both `devise/registrations/new.html.erb` and `devise/sessions/new.html.erb` (if you haven't generated them yet, run `rails generate devise:views`):
76
76
 
77
77
  ```ruby
78
- <%= form_for @user do |f| %>
79
-
80
- <%= castle_request_token %>
78
+ <%= form_for @user, html: { onsubmit: castle_on_form_submit } do |f| %>
81
79
 
82
80
  <% end %>
83
81
  ```
@@ -87,20 +85,21 @@ You're set! Now verify that everything works by logging in to your application a
87
85
 
88
86
  #### Further steps if you're using Webpacker
89
87
 
90
- Add `castle.js` to your package.json file:
88
+ Add `@castleio/castle-js` to your package.json file:
91
89
 
92
90
  ```
93
- yarn add castle.js
91
+ yarn add @castleio/castle-js
94
92
  ```
95
93
 
96
- Require castle.js in your application pack:
94
+ configure castle in your application pack:
97
95
 
98
96
  ```javascript
99
- require("castle.js");
97
+ import * as Castle from '@castleio/castle-js'
100
98
 
101
- _castle("setAppId", YOUR_APPLICATION_ID);
99
+ Castle.configure(YOUR_APPLICATION_ID);
102
100
  ```
103
101
 
102
+ for advanced configuration follow [the readme](https://www.npmjs.com/package/@castleio/castle-js#configuration)
104
103
 
105
104
  ## How-Tos
106
105
 
data/lib/castle_devise/configuration.rb CHANGED
@@ -39,6 +39,14 @@ module CastleDevise
39
39
  # @return [Array<Proc>] Array of procs that will get called after a request to the Castle API
40
40
  config_accessor(:after_request_hooks) { [] }
41
41
 
42
+ # @!attribute castle_sdk_facade_class
43
+ # @return [Class] Castle API implementation
44
+ config_accessor(:castle_sdk_facade_class) { ::CastleDevise::SdkFacade }
45
+
46
+ # @!attribute castle_client
47
+ # @return [Class] Castle SDK client
48
+ config_accessor(:castle_client) { ::Castle::Client.new }
49
+
42
50
  # Adds a new before_request hook
43
51
  # @param blk [Proc]
44
52
  def before_request(&blk)
data/lib/castle_devise/helpers/castle_helper.rb CHANGED
@@ -23,7 +23,7 @@ module CastleDevise
23
23
  # <!-- the rest of your layout -->
24
24
  def castle_javascript_tag
25
25
  javascript_include_tag(
26
- "https://d2t77mnxyo7adj.cloudfront.net/v1/c.js?#{CastleDevise.configuration.app_id}"
26
+ "https://cdn.castle.io/v2/castle.js?#{CastleDevise.configuration.app_id}"
27
27
  )
28
28
  end
29
29
 
@@ -31,52 +31,14 @@ module CastleDevise
31
31
  # within the current form.
32
32
  #
33
33
  # @example
34
- # <%= form_for(resource, as: resource_name, url: sessions_path(resource_name)) do |f| %>
35
- # <%= castle_request_token %>
34
+ # <%= form_for(resource, as: resource_name, url: sessions_path(resource_name), html: { onsubmit: castle_on_form_submit }) do |f| %>
36
35
  # <%= f.email_field :email %>
37
36
  # <%= f.password_field :password, autocomplete: 'off' %>
38
37
  # <% end %>
39
38
  #
40
39
  # @return [String]
41
- def castle_request_token
42
- tag = <<~HEREDOC
43
- <script>
44
- // The current script tag is the last one at the time of load
45
- var el = document.getElementsByTagName('script');
46
- el = el[el.length - 1];
47
-
48
- // Traverse up until we find a form
49
- while (el && el !== document) {
50
- if (el.tagName === 'FORM') break;
51
- el = el.parentNode;
52
- }
53
-
54
- // Intercept the form submit
55
- if (el.tagName === 'FORM') {
56
- el.onsubmit = function(e) {
57
- e.preventDefault();
58
-
59
- _castle('createRequestToken').then(function(requestToken) {
60
- // Populate a hidden field called `castle_request_token` with the
61
- // request token
62
- var hiddenInput = document.createElement('input');
63
- hiddenInput.setAttribute('type', 'hidden');
64
- hiddenInput.setAttribute('name', 'castle_request_token');
65
- hiddenInput.setAttribute('value', requestToken);
66
-
67
- // Add the hidden field to the form so it gets sent to the server
68
- // before submitting the form
69
- el.appendChild(hiddenInput);
70
-
71
- el.submit();
72
- });
73
- };
74
- } else {
75
- console.log('[Castle] The script helper needs to be within a <form> tag')
76
- }
77
- </script>
78
- HEREDOC
79
- tag.html_safe
40
+ def castle_on_form_submit
41
+ "typeof(_castle)=='undefined'?event.preventDefault():_castle('onFormSubmit', event)"
80
42
  end
81
43
  end
82
44
  end
data/lib/castle_devise/hooks/castle_protectable.rb CHANGED
@@ -52,12 +52,12 @@ Warden::Manager.before_failure do |env, opts|
52
52
  context = CastleDevise::Context.from_rack_env(env, opts[:scope])
53
53
 
54
54
  begin
55
- CastleDevise.sdk_facade.log(
55
+ CastleDevise.sdk_facade.filter(
56
56
  event: "$login",
57
57
  status: "$failed",
58
58
  context: context
59
59
  )
60
60
  rescue Castle::Error => e
61
- CastleDevise.logger.error("[CastleDevise] log($login, $failed): #{e}")
61
+ CastleDevise.logger.error("[CastleDevise] filter($login, $failed): #{e}")
62
62
  end
63
63
  end
data/lib/castle_devise/sdk_facade.rb CHANGED
@@ -20,9 +20,10 @@ module CastleDevise
20
20
  # @param context [CastleDevise::Context]
21
21
  # @return [Hash] Raw API response
22
22
  # @see https://docs.castle.io/v1/reference/api-reference/#v1filter
23
- def filter(event:, context:)
23
+ def filter(event:, context:, status: "$attempted")
24
24
  payload = {
25
25
  event: event,
26
+ status: status,
26
27
  user: {
27
28
  email: context.email
28
29
  },
data/lib/castle_devise/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module CastleDevise
4
- VERSION = "0.2.0"
4
+ VERSION = "0.4.1"
5
5
  end
data/lib/castle_devise.rb CHANGED
@@ -25,6 +25,8 @@ module CastleDevise
25
25
 
26
26
  # @yieldparam [CastleDevise::Configuration] configuration object
27
27
  def configure
28
+ @sdk_facade = @castle = nil
29
+
28
30
  yield configuration
29
31
 
30
32
  Castle.api_secret = configuration.api_secret
@@ -38,7 +40,7 @@ module CastleDevise
38
40
 
39
41
  # @return [CastleDevise::SdkFacade]
40
42
  def sdk_facade
41
- @sdk_facade ||= CastleDevise::SdkFacade.new(
43
+ @sdk_facade ||= configuration.castle_sdk_facade_class.new(
42
44
  castle,
43
45
  configuration.before_request_hooks,
44
46
  configuration.after_request_hooks
@@ -47,15 +49,15 @@ module CastleDevise
47
49
 
48
50
  # @return [Castle::Client]
49
51
  def castle
50
- @castle ||= Castle::Client.new
52
+ @castle ||= configuration.castle_client
51
53
  end
52
54
  end
53
55
  end
54
56
 
57
+ require_relative "castle_devise/sdk_facade"
55
58
  require_relative "castle_devise/configuration"
56
59
  require_relative "castle_devise/context"
57
60
  require_relative "castle_devise/patches"
58
- require_relative "castle_devise/sdk_facade"
59
61
  require_relative "castle_devise/controllers/helpers"
60
62
  require_relative "castle_devise/helpers/castle_helper"
61
63
  require_relative "castle_devise/hooks/castle_protectable"
metadata CHANGED
@@ -1,16 +1,16 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: castle_devise
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.0
4
+ version: 0.4.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Kacper Madej
8
8
  - Dawid Libiszewski
9
9
  - Johan Brissmyr
10
- autorequire:
10
+ autorequire:
11
11
  bindir: exe
12
12
  cert_chain: []
13
- date: 2021-08-12 00:00:00.000000000 Z
13
+ date: 2022-12-13 00:00:00.000000000 Z
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
16
16
  name: activesupport
@@ -125,7 +125,7 @@ metadata:
125
125
  homepage_uri: https://github.com/castle/castle_devise
126
126
  source_code_uri: https://github.com/castle/castle_devise
127
127
  changelog_uri: https://github.com/castle/castle_devise/CHANGELOG.md
128
- post_install_message:
128
+ post_install_message:
129
129
  rdoc_options: []
130
130
  require_paths:
131
131
  - lib
@@ -140,8 +140,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
140
140
  - !ruby/object:Gem::Version
141
141
  version: '0'
142
142
  requirements: []
143
- rubygems_version: 3.0.3
144
- signing_key:
143
+ rubygems_version: 3.1.4
144
+ signing_key:
145
145
  specification_version: 4
146
146
  summary: Integrates Castle with Devise
147
147
  test_files: []