castle_devise 0.2.0 → 0.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (12) hide show
  1. checksums.yaml +4 -4
  2. data/.github/workflows/lint.yml +4 -1
  3. data/CHANGELOG.md +13 -1
  4. data/Gemfile.lock +2 -1
  5. data/README.md +14 -15
  6. data/lib/castle_devise/configuration.rb +8 -0
  7. data/lib/castle_devise/helpers/castle_helper.rb +4 -42
  8. data/lib/castle_devise/hooks/castle_protectable.rb +2 -2
  9. data/lib/castle_devise/sdk_facade.rb +2 -1
  10. data/lib/castle_devise/version.rb +1 -1
  11. data/lib/castle_devise.rb +5 -3
  12. metadata +6 -6
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 7cc0ef1100f1ceb942fa1be6553b6b7ca862656e3c7a6b9b57459285a69a46a7
4
- data.tar.gz: 9222268f8c6e22fb367bbc0cc9a0ce52b5dc8854f8eefa0f2f34e2afaa4a92eb
3
+ metadata.gz: '08bc5ac82986fd553c2c64a8c10a04748220a997b1c3430d1dc2bde82c18623d'
4
+ data.tar.gz: 367ba90a6e2e6e6b32a2dd87a9ad7e375fc6567d64dc069816d85f0bf1d5a014
5
5
  SHA512:
6
- metadata.gz: b6a11b460114c2133776991e4cde4f11a9030e5b019ea0162712b070a72b9adbd50cfad1f866cf90a92b05f505464ded6d9727a474c22edd5f65a9ed6f4fb0d6
7
- data.tar.gz: 292fe6b7dff6f11135c8e63b53ee4484cc8c1dd93dab449d58ef765b29935a8f4bbb925896bf4b4d06b21f1e44cc7ce748af8226287c832b9e8409026bc81c23
6
+ metadata.gz: c3b603e7ad9f16909b546bb2604cff29d9939ea5e43b187764a0f114f9ee43a9746616bf05e1699a4bb914053781df0a190d7281ed5c9e2c1e0e34739bd34945
7
+ data.tar.gz: 47abcfb52b021885ce447ca68199cea7142f9e574e5b4bdb5653e60c6c4c373b67d1225c06baf61df24cca590b1dd35756cb3914c2de6348aea72c70ce110ac8
data/.github/workflows/lint.yml CHANGED
@@ -9,10 +9,13 @@ jobs:
9
9
  steps:
10
10
  - name: Check out code
11
11
  uses: actions/checkout@v1
12
+ - name: Give permissions
13
+ run: |
14
+ sudo chown -R root:root $GITHUB_WORKSPACE
12
15
  - name: standardrb
13
16
  uses: SennaLabs/action-standardrb@v0.0.3
14
17
  with:
15
18
  github_token: ${{ secrets.github_token }}
16
19
  reporter: github-pr-review # Default is github-pr-check
17
- rubocop_version: 1.1.1 # note: this actually refers to standardb version, not Rubocop
20
+ rubocop_version: 1.1.6 # note: this actually refers to standardb version, not Rubocop
18
21
  rubocop_flags: --format progress
data/CHANGELOG.md CHANGED
@@ -2,6 +2,16 @@
2
2
 
3
3
  ## [Unreleased][main]
4
4
 
5
+ ## [0.4.1] - 2022-12-13
6
+ - Introduced new configuration options for `castle_sdk_facade_class` and `castle_client`
7
+
8
+ ## [0.4.0] - 2022-05-17
9
+ - Send $login $failed events to /v1/filter
10
+
11
+ ## [0.3.0] - 2021-08-30
12
+
13
+ - Switch c.js to 2.0 version, Update c.js related helpers
14
+
5
15
  ## [0.2.0] - 2021-08-12
6
16
 
7
17
  - Add Log action for $profile_update event with $succeeded and $failed statuses during reset password process
@@ -13,6 +23,8 @@
13
23
 
14
24
  - Initial release
15
25
 
16
- [main]: https://github.com/castle/castle_devise/compare/v0.2.0...HEAD
26
+ [main]: https://github.com/castle/castle_devise/compare/v0.4.0...HEAD
27
+ [0.4.0]: https://github.com/castle/castle_devise/compare/v0.3.0...v0.4.0
28
+ [0.3.0]: https://github.com/castle/castle_devise/compare/v0.2.0...v0.3.0
17
29
  [0.2.0]: https://github.com/castle/castle_devise/compare/v0.1.0...v0.2.0
18
30
  [0.1.0]: https://github.com/castle/castle_devise/releases/tag/v0.1.0
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- castle_devise (0.2.0)
4
+ castle_devise (0.4.1)
5
5
  activesupport (>= 5.0)
6
6
  castle-rb (>= 7.0, < 8.0)
7
7
  devise (>= 4.3.0, < 5.0)
@@ -171,6 +171,7 @@ GEM
171
171
  PLATFORMS
172
172
  x86_64-darwin-18
173
173
  x86_64-darwin-19
174
+ x86_64-darwin-20
174
175
 
175
176
  DEPENDENCIES
176
177
  actionmailer
data/README.md CHANGED
@@ -2,11 +2,11 @@
2
2
 
3
3
  **Disclaimer:** CastleDevise is currently in beta. There might be some upcoming breaking changes to the gem before we stabilize the API.
4
4
 
5
- ---
5
+ ---
6
6
 
7
- # CastleDevice
7
+ # CastleDevise
8
8
 
9
- CastleDevise is a [Devise](https://github.com/heartcombo/devise) plugin that integrates [Castle](https://castle.io).
9
+ CastleDevise is a [Devise](https://github.com/heartcombo/devise) plugin that integrates [Castle](https://castle.io).
10
10
 
11
11
  It currently provides the following features:
12
12
  - preventing bots from registration attacks using Castle's [Filter API](https://docs.castle.io/v1/reference/api-reference/#filter)
@@ -26,11 +26,11 @@ gem 'castle_devise'
26
26
 
27
27
  Create `config/initializers/castle_devise.rb` and fill in your API secret and APP_ID from the [Castle Dashboard](https://dashboard.castle.io/settings/general)
28
28
 
29
- ```ruby
29
+ ```ruby
30
30
  CastleDevise.configure do |config|
31
31
  config.api_secret = ENV.fetch('CASTLE_API_SECRET')
32
32
  config.app_id = ENV.fetch('CASTLE_APP_ID')
33
-
33
+
34
34
  # When monitoring mode is enabled, CastleDevise sends
35
35
  # requests to Castle but it doesn't act on the "deny" verdicts.
36
36
  #
@@ -45,10 +45,10 @@ end
45
45
 
46
46
  Add `:castle_protectable` Devise module to your User model:
47
47
 
48
- ```ruby
48
+ ```ruby
49
49
  class User < ApplicationRecord
50
50
  devise :database_authenticatable, :registerable,
51
- :recoverable, :rememberable, :validatable,
51
+ :recoverable, :rememberable, :validatable,
52
52
  :castle_protectable # <--- add this
53
53
  end
54
54
  ```
@@ -75,9 +75,7 @@ Include Castle's c.js script in the head section of your layout:
75
75
  Add the following tag to the the `<form>` tag in both `devise/registrations/new.html.erb` and `devise/sessions/new.html.erb` (if you haven't generated them yet, run `rails generate devise:views`):
76
76
 
77
77
  ```ruby
78
- <%= form_for @user do |f| %>
79
-
80
- <%= castle_request_token %>
78
+ <%= form_for @user, html: { onsubmit: castle_on_form_submit } do |f| %>
81
79
 
82
80
  <% end %>
83
81
  ```
@@ -87,20 +85,21 @@ You're set! Now verify that everything works by logging in to your application a
87
85
 
88
86
  #### Further steps if you're using Webpacker
89
87
 
90
- Add `castle.js` to your package.json file:
88
+ Add `@castleio/castle-js` to your package.json file:
91
89
 
92
90
  ```
93
- yarn add castle.js
91
+ yarn add @castleio/castle-js
94
92
  ```
95
93
 
96
- Require castle.js in your application pack:
94
+ configure castle in your application pack:
97
95
 
98
96
  ```javascript
99
- require("castle.js");
97
+ import * as Castle from '@castleio/castle-js'
100
98
 
101
- _castle("setAppId", YOUR_APPLICATION_ID);
99
+ Castle.configure(YOUR_APPLICATION_ID);
102
100
  ```
103
101
 
102
+ for advanced configuration follow [the readme](https://www.npmjs.com/package/@castleio/castle-js#configuration)
104
103
 
105
104
  ## How-Tos
106
105
 
data/lib/castle_devise/configuration.rb CHANGED
@@ -39,6 +39,14 @@ module CastleDevise
39
39
  # @return [Array<Proc>] Array of procs that will get called after a request to the Castle API
40
40
  config_accessor(:after_request_hooks) { [] }
41
41
 
42
+ # @!attribute castle_sdk_facade_class
43
+ # @return [Class] Castle API implementation
44
+ config_accessor(:castle_sdk_facade_class) { ::CastleDevise::SdkFacade }
45
+
46
+ # @!attribute castle_client
47
+ # @return [Class] Castle SDK client
48
+ config_accessor(:castle_client) { ::Castle::Client.new }
49
+
42
50
  # Adds a new before_request hook
43
51
  # @param blk [Proc]
44
52
  def before_request(&blk)
data/lib/castle_devise/helpers/castle_helper.rb CHANGED
@@ -23,7 +23,7 @@ module CastleDevise
23
23
  # <!-- the rest of your layout -->
24
24
  def castle_javascript_tag
25
25
  javascript_include_tag(
26
- "https://d2t77mnxyo7adj.cloudfront.net/v1/c.js?#{CastleDevise.configuration.app_id}"
26
+ "https://cdn.castle.io/v2/castle.js?#{CastleDevise.configuration.app_id}"
27
27
  )
28
28
  end
29
29
 
@@ -31,52 +31,14 @@ module CastleDevise
31
31
  # within the current form.
32
32
  #
33
33
  # @example
34
- # <%= form_for(resource, as: resource_name, url: sessions_path(resource_name)) do |f| %>
35
- # <%= castle_request_token %>
34
+ # <%= form_for(resource, as: resource_name, url: sessions_path(resource_name), html: { onsubmit: castle_on_form_submit }) do |f| %>
36
35
  # <%= f.email_field :email %>
37
36
  # <%= f.password_field :password, autocomplete: 'off' %>
38
37
  # <% end %>
39
38
  #
40
39
  # @return [String]
41
- def castle_request_token
42
- tag = <<~HEREDOC
43
- <script>
44
- // The current script tag is the last one at the time of load
45
- var el = document.getElementsByTagName('script');
46
- el = el[el.length - 1];
47
-
48
- // Traverse up until we find a form
49
- while (el && el !== document) {
50
- if (el.tagName === 'FORM') break;
51
- el = el.parentNode;
52
- }
53
-
54
- // Intercept the form submit
55
- if (el.tagName === 'FORM') {
56
- el.onsubmit = function(e) {
57
- e.preventDefault();
58
-
59
- _castle('createRequestToken').then(function(requestToken) {
60
- // Populate a hidden field called `castle_request_token` with the
61
- // request token
62
- var hiddenInput = document.createElement('input');
63
- hiddenInput.setAttribute('type', 'hidden');
64
- hiddenInput.setAttribute('name', 'castle_request_token');
65
- hiddenInput.setAttribute('value', requestToken);
66
-
67
- // Add the hidden field to the form so it gets sent to the server
68
- // before submitting the form
69
- el.appendChild(hiddenInput);
70
-
71
- el.submit();
72
- });
73
- };
74
- } else {
75
- console.log('[Castle] The script helper needs to be within a <form> tag')
76
- }
77
- </script>
78
- HEREDOC
79
- tag.html_safe
40
+ def castle_on_form_submit
41
+ "typeof(_castle)=='undefined'?event.preventDefault():_castle('onFormSubmit', event)"
80
42
  end
81
43
  end
82
44
  end
data/lib/castle_devise/hooks/castle_protectable.rb CHANGED
@@ -52,12 +52,12 @@ Warden::Manager.before_failure do |env, opts|
52
52
  context = CastleDevise::Context.from_rack_env(env, opts[:scope])
53
53
 
54
54
  begin
55
- CastleDevise.sdk_facade.log(
55
+ CastleDevise.sdk_facade.filter(
56
56
  event: "$login",
57
57
  status: "$failed",
58
58
  context: context
59
59
  )
60
60
  rescue Castle::Error => e
61
- CastleDevise.logger.error("[CastleDevise] log($login, $failed): #{e}")
61
+ CastleDevise.logger.error("[CastleDevise] filter($login, $failed): #{e}")
62
62
  end
63
63
  end
data/lib/castle_devise/sdk_facade.rb CHANGED
@@ -20,9 +20,10 @@ module CastleDevise
20
20
  # @param context [CastleDevise::Context]
21
21
  # @return [Hash] Raw API response
22
22
  # @see https://docs.castle.io/v1/reference/api-reference/#v1filter
23
- def filter(event:, context:)
23
+ def filter(event:, context:, status: "$attempted")
24
24
  payload = {
25
25
  event: event,
26
+ status: status,
26
27
  user: {
27
28
  email: context.email
28
29
  },
data/lib/castle_devise/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module CastleDevise
4
- VERSION = "0.2.0"
4
+ VERSION = "0.4.1"
5
5
  end
data/lib/castle_devise.rb CHANGED
@@ -25,6 +25,8 @@ module CastleDevise
25
25
 
26
26
  # @yieldparam [CastleDevise::Configuration] configuration object
27
27
  def configure
28
+ @sdk_facade = @castle = nil
29
+
28
30
  yield configuration
29
31
 
30
32
  Castle.api_secret = configuration.api_secret
@@ -38,7 +40,7 @@ module CastleDevise
38
40
 
39
41
  # @return [CastleDevise::SdkFacade]
40
42
  def sdk_facade
41
- @sdk_facade ||= CastleDevise::SdkFacade.new(
43
+ @sdk_facade ||= configuration.castle_sdk_facade_class.new(
42
44
  castle,
43
45
  configuration.before_request_hooks,
44
46
  configuration.after_request_hooks
@@ -47,15 +49,15 @@ module CastleDevise
47
49
 
48
50
  # @return [Castle::Client]
49
51
  def castle
50
- @castle ||= Castle::Client.new
52
+ @castle ||= configuration.castle_client
51
53
  end
52
54
  end
53
55
  end
54
56
 
57
+ require_relative "castle_devise/sdk_facade"
55
58
  require_relative "castle_devise/configuration"
56
59
  require_relative "castle_devise/context"
57
60
  require_relative "castle_devise/patches"
58
- require_relative "castle_devise/sdk_facade"
59
61
  require_relative "castle_devise/controllers/helpers"
60
62
  require_relative "castle_devise/helpers/castle_helper"
61
63
  require_relative "castle_devise/hooks/castle_protectable"
metadata CHANGED
@@ -1,16 +1,16 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: castle_devise
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.0
4
+ version: 0.4.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Kacper Madej
8
8
  - Dawid Libiszewski
9
9
  - Johan Brissmyr
10
- autorequire:
10
+ autorequire:
11
11
  bindir: exe
12
12
  cert_chain: []
13
- date: 2021-08-12 00:00:00.000000000 Z
13
+ date: 2022-12-13 00:00:00.000000000 Z
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
16
16
  name: activesupport
@@ -125,7 +125,7 @@ metadata:
125
125
  homepage_uri: https://github.com/castle/castle_devise
126
126
  source_code_uri: https://github.com/castle/castle_devise
127
127
  changelog_uri: https://github.com/castle/castle_devise/CHANGELOG.md
128
- post_install_message:
128
+ post_install_message:
129
129
  rdoc_options: []
130
130
  require_paths:
131
131
  - lib
@@ -140,8 +140,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
140
140
  - !ruby/object:Gem::Version
141
141
  version: '0'
142
142
  requirements: []
143
- rubygems_version: 3.0.3
144
- signing_key:
143
+ rubygems_version: 3.1.4
144
+ signing_key:
145
145
  specification_version: 4
146
146
  summary: Integrates Castle with Devise
147
147
  test_files: []