castle_devise 0.3.0 → 0.4.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/workflows/lint.yml +4 -1
- data/.github/workflows/specs.yml +3 -6
- data/Appraisals +4 -6
- data/CHANGELOG.md +17 -1
- data/Gemfile +1 -1
- data/Gemfile.lock +144 -99
- data/README.md +30 -7
- data/castle_devise.gemspec +1 -1
- data/gemfiles/{rails_5.2.gemfile → rails_7.0.gemfile} +1 -1
- data/lib/castle_devise/configuration.rb +8 -0
- data/lib/castle_devise/hooks/castle_protectable.rb +10 -5
- data/lib/castle_devise/patches/registrations_controller.rb +15 -10
- data/lib/castle_devise/sdk_facade.rb +4 -3
- data/lib/castle_devise/version.rb +1 -1
- data/lib/castle_devise.rb +5 -3
- metadata +6 -6
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 6843034cd0d1278d25140abc645d54dca7b8a3431829c6d7b58920ad987381a6
|
4
|
+
data.tar.gz: 58f4ae8fb336b3299f96b067210b788f9906efd223965c7c17143a2e2583fad3
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 0b8f9feca618661708bf6695d3c870c54e4fd4eb747b8ea96031e8a88bcb53c7af7b52b47ce38b92cd44bb85e352b5a9a6bc1aba6a80d4218ecee6dbbe6fdd6c
|
7
|
+
data.tar.gz: e81f6b014851e78444088a9949746aec347a800c39487ab4cae3c0727c6568b8a2b9691f561c7366be873725ea00f0e62e9d33e2ca919193d3c758da975b116a
|
data/.github/workflows/lint.yml
CHANGED
@@ -9,10 +9,13 @@ jobs:
|
|
9
9
|
steps:
|
10
10
|
- name: Check out code
|
11
11
|
uses: actions/checkout@v1
|
12
|
+
- name: Give permissions
|
13
|
+
run: |
|
14
|
+
sudo chown -R root:root $GITHUB_WORKSPACE
|
12
15
|
- name: standardrb
|
13
16
|
uses: SennaLabs/action-standardrb@v0.0.3
|
14
17
|
with:
|
15
18
|
github_token: ${{ secrets.github_token }}
|
16
19
|
reporter: github-pr-review # Default is github-pr-check
|
17
|
-
rubocop_version: 1.1.
|
20
|
+
rubocop_version: 1.1.6 # note: this actually refers to standardb version, not Rubocop
|
18
21
|
rubocop_flags: --format progress
|
data/.github/workflows/specs.yml
CHANGED
@@ -10,11 +10,8 @@ jobs:
|
|
10
10
|
strategy:
|
11
11
|
fail-fast: false
|
12
12
|
matrix:
|
13
|
-
ruby: ["2.
|
14
|
-
rails: ["
|
15
|
-
exclude:
|
16
|
-
- ruby: "3.0"
|
17
|
-
rails: "5.2"
|
13
|
+
ruby: ["2.7", "3.0", "3.1", "3.2"]
|
14
|
+
rails: ["6.0", "6.1", "7.0"]
|
18
15
|
|
19
16
|
steps:
|
20
17
|
- uses: actions/checkout@v2
|
@@ -22,7 +19,7 @@ jobs:
|
|
22
19
|
uses: ruby/setup-ruby@v1
|
23
20
|
with:
|
24
21
|
ruby-version: ${{ matrix.ruby }}
|
25
|
-
- name: Install
|
22
|
+
- name: Install dependencies
|
26
23
|
env:
|
27
24
|
BUNDLE_GEMFILE: gemfiles/rails_${{ matrix.rails }}.gemfile
|
28
25
|
run: |
|
data/Appraisals
CHANGED
@@ -1,9 +1,3 @@
|
|
1
|
-
if RUBY_VERSION < "3.0"
|
2
|
-
appraise "rails-5.2" do
|
3
|
-
gem "railties", "~> 5.2.6"
|
4
|
-
end
|
5
|
-
end
|
6
|
-
|
7
1
|
appraise "rails-6.0" do
|
8
2
|
gem "railties", "~> 6.0.4"
|
9
3
|
end
|
@@ -11,3 +5,7 @@ end
|
|
11
5
|
appraise "rails-6.1" do
|
12
6
|
gem "railties", "~> 6.1.4"
|
13
7
|
end
|
8
|
+
|
9
|
+
appraise "rails-7.0" do
|
10
|
+
gem "railties", "~> 7.0"
|
11
|
+
end
|
data/CHANGELOG.md
CHANGED
@@ -2,6 +2,18 @@
|
|
2
2
|
|
3
3
|
## [Unreleased][main]
|
4
4
|
|
5
|
+
## [0.4.3] - 2023-07-11
|
6
|
+
- Fix an issue where we would send a `login.failed` event on any attempt of accessing a protected resource, not only when the user failed to log in specifically
|
7
|
+
|
8
|
+
## [0.4.2] - 2023-07-10
|
9
|
+
- Change `params` to contain the email address sent by the user for the `/v1/filter` endpoint
|
10
|
+
|
11
|
+
## [0.4.1] - 2022-12-13
|
12
|
+
- Introduced new configuration options for `castle_sdk_facade_class` and `castle_client`
|
13
|
+
|
14
|
+
## [0.4.0] - 2022-05-17
|
15
|
+
- Send $login $failed events to /v1/filter
|
16
|
+
|
5
17
|
## [0.3.0] - 2021-08-30
|
6
18
|
|
7
19
|
- Switch c.js to 2.0 version, Update c.js related helpers
|
@@ -17,7 +29,11 @@
|
|
17
29
|
|
18
30
|
- Initial release
|
19
31
|
|
20
|
-
[main]: https://github.com/castle/castle_devise/compare/v0.3
|
32
|
+
[main]: https://github.com/castle/castle_devise/compare/v0.4.3...HEAD
|
33
|
+
[0.4.3]: https://github.com/castle/castle_devise/compare/v0.4.2...v0.4.3
|
34
|
+
[0.4.2]: https://github.com/castle/castle_devise/compare/v0.4.1...v0.4.2
|
35
|
+
[0.4.1]: https://github.com/castle/castle_devise/compare/v0.4.0...v0.4.1
|
36
|
+
[0.4.0]: https://github.com/castle/castle_devise/compare/v0.3.0...v0.4.0
|
21
37
|
[0.3.0]: https://github.com/castle/castle_devise/compare/v0.2.0...v0.3.0
|
22
38
|
[0.2.0]: https://github.com/castle/castle_devise/compare/v0.1.0...v0.2.0
|
23
39
|
[0.1.0]: https://github.com/castle/castle_devise/releases/tag/v0.1.0
|
data/Gemfile
CHANGED
data/Gemfile.lock
CHANGED
@@ -1,177 +1,222 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
castle_devise (0.3
|
4
|
+
castle_devise (0.4.3)
|
5
5
|
activesupport (>= 5.0)
|
6
|
-
castle-rb (>= 7.
|
6
|
+
castle-rb (>= 7.2, < 8.0)
|
7
7
|
devise (>= 4.3.0, < 5.0)
|
8
8
|
|
9
9
|
GEM
|
10
10
|
remote: https://rubygems.org/
|
11
11
|
specs:
|
12
|
-
actionmailer (
|
13
|
-
actionpack (=
|
14
|
-
actionview (=
|
15
|
-
activejob (=
|
16
|
-
activesupport (=
|
12
|
+
actionmailer (7.0.4.3)
|
13
|
+
actionpack (= 7.0.4.3)
|
14
|
+
actionview (= 7.0.4.3)
|
15
|
+
activejob (= 7.0.4.3)
|
16
|
+
activesupport (= 7.0.4.3)
|
17
17
|
mail (~> 2.5, >= 2.5.4)
|
18
|
+
net-imap
|
19
|
+
net-pop
|
20
|
+
net-smtp
|
18
21
|
rails-dom-testing (~> 2.0)
|
19
|
-
actionpack (
|
20
|
-
actionview (=
|
21
|
-
activesupport (=
|
22
|
-
rack (~> 2.0, >= 2.0
|
22
|
+
actionpack (7.0.4.3)
|
23
|
+
actionview (= 7.0.4.3)
|
24
|
+
activesupport (= 7.0.4.3)
|
25
|
+
rack (~> 2.0, >= 2.2.0)
|
23
26
|
rack-test (>= 0.6.3)
|
24
27
|
rails-dom-testing (~> 2.0)
|
25
28
|
rails-html-sanitizer (~> 1.0, >= 1.2.0)
|
26
|
-
actionview (
|
27
|
-
activesupport (=
|
29
|
+
actionview (7.0.4.3)
|
30
|
+
activesupport (= 7.0.4.3)
|
28
31
|
builder (~> 3.1)
|
29
32
|
erubi (~> 1.4)
|
30
33
|
rails-dom-testing (~> 2.0)
|
31
34
|
rails-html-sanitizer (~> 1.1, >= 1.2.0)
|
32
|
-
activejob (
|
33
|
-
activesupport (=
|
35
|
+
activejob (7.0.4.3)
|
36
|
+
activesupport (= 7.0.4.3)
|
34
37
|
globalid (>= 0.3.6)
|
35
|
-
activemodel (
|
36
|
-
activesupport (=
|
37
|
-
activerecord (
|
38
|
-
activemodel (=
|
39
|
-
activesupport (=
|
40
|
-
activesupport (
|
38
|
+
activemodel (7.0.4.3)
|
39
|
+
activesupport (= 7.0.4.3)
|
40
|
+
activerecord (7.0.4.3)
|
41
|
+
activemodel (= 7.0.4.3)
|
42
|
+
activesupport (= 7.0.4.3)
|
43
|
+
activesupport (7.0.4.3)
|
41
44
|
concurrent-ruby (~> 1.0, >= 1.0.2)
|
42
45
|
i18n (>= 1.6, < 2)
|
43
46
|
minitest (>= 5.1)
|
44
47
|
tzinfo (~> 2.0)
|
45
|
-
|
46
|
-
|
47
|
-
public_suffix (>= 2.0.2, < 5.0)
|
48
|
+
addressable (2.8.4)
|
49
|
+
public_suffix (>= 2.0.2, < 6.0)
|
48
50
|
appraisal (2.3.0)
|
49
51
|
bundler
|
50
52
|
rake
|
51
53
|
thor (>= 0.14.0)
|
52
54
|
ast (2.4.2)
|
53
|
-
bcrypt (3.1.
|
55
|
+
bcrypt (3.1.19)
|
54
56
|
builder (3.2.4)
|
55
57
|
byebug (11.1.3)
|
56
|
-
castle-rb (7.
|
57
|
-
concurrent-ruby (1.
|
58
|
+
castle-rb (7.2.0)
|
59
|
+
concurrent-ruby (1.2.2)
|
58
60
|
crack (0.4.5)
|
59
61
|
rexml
|
60
62
|
crass (1.0.6)
|
61
|
-
|
63
|
+
date (3.3.3)
|
64
|
+
devise (4.9.2)
|
62
65
|
bcrypt (~> 3.0)
|
63
66
|
orm_adapter (~> 0.1)
|
64
67
|
railties (>= 4.1.0)
|
65
68
|
responders
|
66
69
|
warden (~> 1.2.3)
|
67
|
-
diff-lcs (1.
|
70
|
+
diff-lcs (1.5.0)
|
68
71
|
docile (1.4.0)
|
69
|
-
erubi (1.
|
70
|
-
globalid (
|
72
|
+
erubi (1.12.0)
|
73
|
+
globalid (1.1.0)
|
71
74
|
activesupport (>= 5.0)
|
72
75
|
hashdiff (1.0.1)
|
73
|
-
i18n (1.
|
76
|
+
i18n (1.13.0)
|
74
77
|
concurrent-ruby (~> 1.0)
|
75
|
-
|
78
|
+
json (2.6.3)
|
79
|
+
language_server-protocol (3.17.0.3)
|
80
|
+
lint_roller (1.0.0)
|
81
|
+
loofah (2.21.3)
|
76
82
|
crass (~> 1.0.2)
|
77
|
-
nokogiri (>= 1.
|
78
|
-
mail (2.
|
83
|
+
nokogiri (>= 1.12.0)
|
84
|
+
mail (2.8.1)
|
79
85
|
mini_mime (>= 0.1.1)
|
86
|
+
net-imap
|
87
|
+
net-pop
|
88
|
+
net-smtp
|
80
89
|
method_source (1.0.0)
|
81
|
-
mini_mime (1.1.
|
82
|
-
|
83
|
-
|
90
|
+
mini_mime (1.1.2)
|
91
|
+
mini_portile2 (2.8.2)
|
92
|
+
minitest (5.18.0)
|
93
|
+
net-imap (0.3.4)
|
94
|
+
date
|
95
|
+
net-protocol
|
96
|
+
net-pop (0.1.2)
|
97
|
+
net-protocol
|
98
|
+
net-protocol (0.2.1)
|
99
|
+
timeout
|
100
|
+
net-smtp (0.3.3)
|
101
|
+
net-protocol
|
102
|
+
nokogiri (1.15.1)
|
103
|
+
mini_portile2 (~> 2.8.2)
|
104
|
+
racc (~> 1.4)
|
105
|
+
nokogiri (1.15.1-aarch64-linux)
|
106
|
+
racc (~> 1.4)
|
107
|
+
nokogiri (1.15.1-arm64-darwin)
|
108
|
+
racc (~> 1.4)
|
109
|
+
nokogiri (1.15.1-x86_64-darwin)
|
84
110
|
racc (~> 1.4)
|
85
111
|
orm_adapter (0.5.0)
|
86
|
-
parallel (1.
|
87
|
-
parser (3.
|
112
|
+
parallel (1.23.0)
|
113
|
+
parser (3.2.2.1)
|
88
114
|
ast (~> 2.4.1)
|
89
|
-
public_suffix (
|
90
|
-
racc (1.
|
91
|
-
rack (2.2.
|
92
|
-
rack-test (
|
93
|
-
rack (>= 1.
|
115
|
+
public_suffix (5.0.1)
|
116
|
+
racc (1.6.2)
|
117
|
+
rack (2.2.7)
|
118
|
+
rack-test (2.1.0)
|
119
|
+
rack (>= 1.3)
|
94
120
|
rails-dom-testing (2.0.3)
|
95
121
|
activesupport (>= 4.2.0)
|
96
122
|
nokogiri (>= 1.6)
|
97
|
-
rails-html-sanitizer (1.
|
98
|
-
loofah (~> 2.
|
99
|
-
railties (
|
100
|
-
actionpack (=
|
101
|
-
activesupport (=
|
123
|
+
rails-html-sanitizer (1.5.0)
|
124
|
+
loofah (~> 2.19, >= 2.19.1)
|
125
|
+
railties (7.0.4.3)
|
126
|
+
actionpack (= 7.0.4.3)
|
127
|
+
activesupport (= 7.0.4.3)
|
102
128
|
method_source
|
103
|
-
rake (>=
|
129
|
+
rake (>= 12.2)
|
104
130
|
thor (~> 1.0)
|
105
|
-
|
131
|
+
zeitwerk (~> 2.5)
|
132
|
+
rainbow (3.1.1)
|
106
133
|
rake (13.0.6)
|
107
|
-
regexp_parser (2.
|
108
|
-
responders (3.0
|
109
|
-
actionpack (>= 5.
|
110
|
-
railties (>= 5.
|
134
|
+
regexp_parser (2.8.0)
|
135
|
+
responders (3.1.0)
|
136
|
+
actionpack (>= 5.2)
|
137
|
+
railties (>= 5.2)
|
111
138
|
rexml (3.2.5)
|
112
|
-
rspec (3.
|
113
|
-
rspec-core (~> 3.
|
114
|
-
rspec-expectations (~> 3.
|
115
|
-
rspec-mocks (~> 3.
|
116
|
-
rspec-core (3.
|
117
|
-
rspec-support (~> 3.
|
118
|
-
rspec-expectations (3.
|
139
|
+
rspec (3.12.0)
|
140
|
+
rspec-core (~> 3.12.0)
|
141
|
+
rspec-expectations (~> 3.12.0)
|
142
|
+
rspec-mocks (~> 3.12.0)
|
143
|
+
rspec-core (3.12.2)
|
144
|
+
rspec-support (~> 3.12.0)
|
145
|
+
rspec-expectations (3.12.3)
|
119
146
|
diff-lcs (>= 1.2.0, < 2.0)
|
120
|
-
rspec-support (~> 3.
|
121
|
-
rspec-mocks (3.
|
147
|
+
rspec-support (~> 3.12.0)
|
148
|
+
rspec-mocks (3.12.5)
|
122
149
|
diff-lcs (>= 1.2.0, < 2.0)
|
123
|
-
rspec-support (~> 3.
|
124
|
-
rspec-rails (
|
125
|
-
actionpack (>=
|
126
|
-
activesupport (>=
|
127
|
-
railties (>=
|
128
|
-
rspec-core (~> 3.
|
129
|
-
rspec-expectations (~> 3.
|
130
|
-
rspec-mocks (~> 3.
|
131
|
-
rspec-support (~> 3.
|
132
|
-
rspec-support (3.
|
133
|
-
rubocop (1.
|
150
|
+
rspec-support (~> 3.12.0)
|
151
|
+
rspec-rails (6.0.2)
|
152
|
+
actionpack (>= 6.1)
|
153
|
+
activesupport (>= 6.1)
|
154
|
+
railties (>= 6.1)
|
155
|
+
rspec-core (~> 3.12)
|
156
|
+
rspec-expectations (~> 3.12)
|
157
|
+
rspec-mocks (~> 3.12)
|
158
|
+
rspec-support (~> 3.12)
|
159
|
+
rspec-support (3.12.0)
|
160
|
+
rubocop (1.50.2)
|
161
|
+
json (~> 2.3)
|
134
162
|
parallel (~> 1.10)
|
135
|
-
parser (>= 3.
|
163
|
+
parser (>= 3.2.0.0)
|
136
164
|
rainbow (>= 2.2.2, < 4.0)
|
137
165
|
regexp_parser (>= 1.8, < 3.0)
|
138
|
-
rexml
|
139
|
-
rubocop-ast (>= 1.
|
166
|
+
rexml (>= 3.2.5, < 4.0)
|
167
|
+
rubocop-ast (>= 1.28.0, < 2.0)
|
140
168
|
ruby-progressbar (~> 1.7)
|
141
|
-
unicode-display_width (>=
|
142
|
-
rubocop-ast (1.
|
143
|
-
parser (>= 3.
|
144
|
-
rubocop-performance (1.
|
169
|
+
unicode-display_width (>= 2.4.0, < 3.0)
|
170
|
+
rubocop-ast (1.28.1)
|
171
|
+
parser (>= 3.2.1.0)
|
172
|
+
rubocop-performance (1.16.0)
|
145
173
|
rubocop (>= 1.7.0, < 2.0)
|
146
174
|
rubocop-ast (>= 0.4.0)
|
147
|
-
ruby-progressbar (1.
|
148
|
-
simplecov (0.
|
175
|
+
ruby-progressbar (1.13.0)
|
176
|
+
simplecov (0.22.0)
|
149
177
|
docile (~> 1.1)
|
150
178
|
simplecov-html (~> 0.11)
|
151
179
|
simplecov_json_formatter (~> 0.1)
|
152
180
|
simplecov-html (0.12.3)
|
153
|
-
simplecov_json_formatter (0.1.
|
154
|
-
sqlite3 (1.
|
155
|
-
|
156
|
-
|
157
|
-
|
158
|
-
|
159
|
-
|
181
|
+
simplecov_json_formatter (0.1.4)
|
182
|
+
sqlite3 (1.6.3)
|
183
|
+
mini_portile2 (~> 2.8.0)
|
184
|
+
sqlite3 (1.6.3-aarch64-linux)
|
185
|
+
sqlite3 (1.6.3-arm64-darwin)
|
186
|
+
sqlite3 (1.6.3-x86_64-darwin)
|
187
|
+
standard (1.28.2)
|
188
|
+
language_server-protocol (~> 3.17.0.2)
|
189
|
+
lint_roller (~> 1.0)
|
190
|
+
rubocop (~> 1.50.2)
|
191
|
+
standard-custom (~> 1.0.0)
|
192
|
+
standard-performance (~> 1.0.1)
|
193
|
+
standard-custom (1.0.0)
|
194
|
+
lint_roller (~> 1.0)
|
195
|
+
standard-performance (1.0.1)
|
196
|
+
lint_roller (~> 1.0)
|
197
|
+
rubocop-performance (~> 1.16.0)
|
198
|
+
thor (1.2.2)
|
199
|
+
timeout (0.3.2)
|
200
|
+
tzinfo (2.0.6)
|
160
201
|
concurrent-ruby (~> 1.0)
|
161
|
-
unicode-display_width (2.
|
162
|
-
vcr (6.
|
202
|
+
unicode-display_width (2.4.2)
|
203
|
+
vcr (6.1.0)
|
163
204
|
warden (1.2.9)
|
164
205
|
rack (>= 2.0.9)
|
165
|
-
webmock (3.
|
166
|
-
addressable (>= 2.
|
206
|
+
webmock (3.18.1)
|
207
|
+
addressable (>= 2.8.0)
|
167
208
|
crack (>= 0.3.2)
|
168
209
|
hashdiff (>= 0.4.0, < 2.0.0)
|
169
|
-
zeitwerk (2.
|
210
|
+
zeitwerk (2.6.8)
|
170
211
|
|
171
212
|
PLATFORMS
|
213
|
+
aarch64-linux
|
214
|
+
arm64-darwin-21
|
215
|
+
ruby
|
172
216
|
x86_64-darwin-18
|
173
217
|
x86_64-darwin-19
|
174
218
|
x86_64-darwin-20
|
219
|
+
x86_64-darwin-22
|
175
220
|
|
176
221
|
DEPENDENCIES
|
177
222
|
actionmailer
|
@@ -179,7 +224,7 @@ DEPENDENCIES
|
|
179
224
|
appraisal (~> 2.3.0)
|
180
225
|
byebug
|
181
226
|
castle_devise!
|
182
|
-
railties (~>
|
227
|
+
railties (~> 7.0)
|
183
228
|
rake
|
184
229
|
rspec
|
185
230
|
rspec-rails
|
@@ -190,4 +235,4 @@ DEPENDENCIES
|
|
190
235
|
webmock
|
191
236
|
|
192
237
|
BUNDLED WITH
|
193
|
-
2.
|
238
|
+
2.4.12
|
data/README.md
CHANGED
@@ -2,11 +2,11 @@
|
|
2
2
|
|
3
3
|
**Disclaimer:** CastleDevise is currently in beta. There might be some upcoming breaking changes to the gem before we stabilize the API.
|
4
4
|
|
5
|
-
---
|
5
|
+
---
|
6
6
|
|
7
|
-
#
|
7
|
+
# CastleDevise
|
8
8
|
|
9
|
-
CastleDevise is a [Devise](https://github.com/heartcombo/devise) plugin that integrates [Castle](https://castle.io).
|
9
|
+
CastleDevise is a [Devise](https://github.com/heartcombo/devise) plugin that integrates [Castle](https://castle.io).
|
10
10
|
|
11
11
|
It currently provides the following features:
|
12
12
|
- preventing bots from registration attacks using Castle's [Filter API](https://docs.castle.io/v1/reference/api-reference/#filter)
|
@@ -26,11 +26,11 @@ gem 'castle_devise'
|
|
26
26
|
|
27
27
|
Create `config/initializers/castle_devise.rb` and fill in your API secret and APP_ID from the [Castle Dashboard](https://dashboard.castle.io/settings/general)
|
28
28
|
|
29
|
-
```ruby
|
29
|
+
```ruby
|
30
30
|
CastleDevise.configure do |config|
|
31
31
|
config.api_secret = ENV.fetch('CASTLE_API_SECRET')
|
32
32
|
config.app_id = ENV.fetch('CASTLE_APP_ID')
|
33
|
-
|
33
|
+
|
34
34
|
# When monitoring mode is enabled, CastleDevise sends
|
35
35
|
# requests to Castle but it doesn't act on the "deny" verdicts.
|
36
36
|
#
|
@@ -45,10 +45,10 @@ end
|
|
45
45
|
|
46
46
|
Add `:castle_protectable` Devise module to your User model:
|
47
47
|
|
48
|
-
```ruby
|
48
|
+
```ruby
|
49
49
|
class User < ApplicationRecord
|
50
50
|
devise :database_authenticatable, :registerable,
|
51
|
-
:recoverable, :rememberable, :validatable,
|
51
|
+
:recoverable, :rememberable, :validatable,
|
52
52
|
:castle_protectable # <--- add this
|
53
53
|
end
|
54
54
|
```
|
@@ -211,3 +211,26 @@ CastleDevise.configure do |config|
|
|
211
211
|
end
|
212
212
|
end
|
213
213
|
```
|
214
|
+
|
215
|
+
## Development
|
216
|
+
|
217
|
+
### Setup
|
218
|
+
|
219
|
+
```bash
|
220
|
+
bundle install
|
221
|
+
```
|
222
|
+
|
223
|
+
### Running tests
|
224
|
+
|
225
|
+
Most of the specs should pass just by running the following command:
|
226
|
+
|
227
|
+
```bash
|
228
|
+
bundle exec rake
|
229
|
+
```
|
230
|
+
|
231
|
+
We also have a few VCR tests that will periodically rebuild the cassettes just to make sure that the integration with Castle API is working.
|
232
|
+
For those, you need to run your specs with a proper Castle API Secret:
|
233
|
+
|
234
|
+
```bash
|
235
|
+
CASTLE_API_SECRET=your_api_secret bundle exec rake
|
236
|
+
```
|
data/castle_devise.gemspec
CHANGED
@@ -28,7 +28,7 @@ Gem::Specification.new do |spec|
|
|
28
28
|
spec.require_paths = ["lib"]
|
29
29
|
|
30
30
|
spec.add_dependency "activesupport", ">= 5.0"
|
31
|
-
spec.add_dependency "castle-rb", ">= 7.
|
31
|
+
spec.add_dependency "castle-rb", ">= 7.2", "< 8.0"
|
32
32
|
spec.add_dependency "devise", ">= 4.3.0", "< 5.0"
|
33
33
|
|
34
34
|
spec.add_development_dependency "appraisal", "~> 2.3.0"
|
@@ -39,6 +39,14 @@ module CastleDevise
|
|
39
39
|
# @return [Array<Proc>] Array of procs that will get called after a request to the Castle API
|
40
40
|
config_accessor(:after_request_hooks) { [] }
|
41
41
|
|
42
|
+
# @!attribute castle_sdk_facade_class
|
43
|
+
# @return [Class] Castle API implementation
|
44
|
+
config_accessor(:castle_sdk_facade_class) { ::CastleDevise::SdkFacade }
|
45
|
+
|
46
|
+
# @!attribute castle_client
|
47
|
+
# @return [Class] Castle SDK client
|
48
|
+
config_accessor(:castle_client) { ::Castle::Client.new }
|
49
|
+
|
42
50
|
# Adds a new before_request hook
|
43
51
|
# @param blk [Proc]
|
44
52
|
def before_request(&blk)
|
@@ -23,9 +23,11 @@ Warden::Manager.after_authentication do |resource, warden, opts|
|
|
23
23
|
context.logout!
|
24
24
|
end
|
25
25
|
rescue Castle::InvalidParametersError
|
26
|
-
#
|
27
|
-
|
28
|
-
|
26
|
+
# log API error and allow
|
27
|
+
CastleDevise.logger.warn(
|
28
|
+
"[CastleDevise] /v1/risk request contained invalid parameters."
|
29
|
+
)
|
30
|
+
rescue Castle::InvalidRequestTokenError
|
29
31
|
CastleDevise.logger.warn(
|
30
32
|
"[CastleDevise] /v1/risk request contained invalid parameters." \
|
31
33
|
" This might mean that either you didn't configure Castle's Javascript properly, or" \
|
@@ -42,6 +44,9 @@ end
|
|
42
44
|
|
43
45
|
Warden::Manager.before_failure do |env, opts|
|
44
46
|
next if opts[:castle_devise] == :skip
|
47
|
+
# recall is set by Devise on a failed login attempt. If it's not set, this hook might fire on any
|
48
|
+
# authentication failure attempt (eg. trying to access a resource while unauthenticated), not just login specifically
|
49
|
+
next unless opts.key?(:recall)
|
45
50
|
|
46
51
|
resource_class = Devise.mappings[opts[:scope]].to
|
47
52
|
|
@@ -52,12 +57,12 @@ Warden::Manager.before_failure do |env, opts|
|
|
52
57
|
context = CastleDevise::Context.from_rack_env(env, opts[:scope])
|
53
58
|
|
54
59
|
begin
|
55
|
-
CastleDevise.sdk_facade.
|
60
|
+
CastleDevise.sdk_facade.filter(
|
56
61
|
event: "$login",
|
57
62
|
status: "$failed",
|
58
63
|
context: context
|
59
64
|
)
|
60
65
|
rescue Castle::Error => e
|
61
|
-
CastleDevise.logger.error("[CastleDevise]
|
66
|
+
CastleDevise.logger.error("[CastleDevise] filter($login, $failed): #{e}")
|
62
67
|
end
|
63
68
|
end
|
@@ -28,16 +28,19 @@ module CastleDevise
|
|
28
28
|
context: context
|
29
29
|
)
|
30
30
|
rescue Castle::InvalidParametersError
|
31
|
-
#
|
32
|
-
# compared to any other validation errors. However, we can't do this with the
|
33
|
-
# current Castle SDK as it doesn't give us any way to differentiate these two cases.
|
31
|
+
# log API error and allow
|
34
32
|
CastleDevise.logger.warn(
|
35
|
-
"[CastleDevise] /v1/risk request contained invalid parameters."
|
36
|
-
|
33
|
+
"[CastleDevise] /v1/risk request contained invalid parameters."
|
34
|
+
)
|
35
|
+
rescue Castle::InvalidRequestTokenError
|
36
|
+
CastleDevise.logger.warn(
|
37
|
+
"[CastleDevise] /v1/risk request contained invalid token." \
|
38
|
+
" This means that either you didn't configure Castle's Javascript properly," \
|
37
39
|
" or a request has been made without Javascript (eg. cURL/bot)." \
|
38
40
|
" Such a request is treated as if Castle responded with a 'deny' action in" \
|
39
41
|
" non-monitoring mode."
|
40
42
|
)
|
43
|
+
# TODO: Implement a deny mechanism for this action.
|
41
44
|
rescue Castle::Error => e
|
42
45
|
# log API errors and allow
|
43
46
|
CastleDevise.logger.error("[CastleDevise] risk($profile_update): #{e}")
|
@@ -81,12 +84,14 @@ module CastleDevise
|
|
81
84
|
# everything fine, continue
|
82
85
|
end
|
83
86
|
rescue Castle::InvalidParametersError
|
84
|
-
#
|
85
|
-
|
86
|
-
|
87
|
+
# log error and allow
|
88
|
+
CastleDevise.logger.warn(
|
89
|
+
"[CastleDevise] /v1/filter request contained invalid parameters."
|
90
|
+
)
|
91
|
+
rescue Castle::InvalidRequestTokenError
|
87
92
|
CastleDevise.logger.warn(
|
88
|
-
"[CastleDevise] /v1/filter request contained invalid
|
89
|
-
" This
|
93
|
+
"[CastleDevise] /v1/filter request contained invalid request token." \
|
94
|
+
" This means that either you didn't configure Castle's Javascript properly, or" \
|
90
95
|
" a request has been made without Javascript (eg. cURL/bot)." \
|
91
96
|
" Such a request is treated as if Castle responded with a 'deny' action in" \
|
92
97
|
" non-monitoring mode."
|
@@ -20,12 +20,13 @@ module CastleDevise
|
|
20
20
|
# @param context [CastleDevise::Context]
|
21
21
|
# @return [Hash] Raw API response
|
22
22
|
# @see https://docs.castle.io/v1/reference/api-reference/#v1filter
|
23
|
-
def filter(event:, context:)
|
23
|
+
def filter(event:, context:, status: "$attempted")
|
24
24
|
payload = {
|
25
25
|
event: event,
|
26
|
-
|
26
|
+
status: status,
|
27
|
+
params: {
|
27
28
|
email: context.email
|
28
|
-
},
|
29
|
+
}.compact,
|
29
30
|
request_token: context.request_token,
|
30
31
|
context: payload_context(context.rack_request)
|
31
32
|
}
|
data/lib/castle_devise.rb
CHANGED
@@ -25,6 +25,8 @@ module CastleDevise
|
|
25
25
|
|
26
26
|
# @yieldparam [CastleDevise::Configuration] configuration object
|
27
27
|
def configure
|
28
|
+
@sdk_facade = @castle = nil
|
29
|
+
|
28
30
|
yield configuration
|
29
31
|
|
30
32
|
Castle.api_secret = configuration.api_secret
|
@@ -38,7 +40,7 @@ module CastleDevise
|
|
38
40
|
|
39
41
|
# @return [CastleDevise::SdkFacade]
|
40
42
|
def sdk_facade
|
41
|
-
@sdk_facade ||=
|
43
|
+
@sdk_facade ||= configuration.castle_sdk_facade_class.new(
|
42
44
|
castle,
|
43
45
|
configuration.before_request_hooks,
|
44
46
|
configuration.after_request_hooks
|
@@ -47,15 +49,15 @@ module CastleDevise
|
|
47
49
|
|
48
50
|
# @return [Castle::Client]
|
49
51
|
def castle
|
50
|
-
@castle ||=
|
52
|
+
@castle ||= configuration.castle_client
|
51
53
|
end
|
52
54
|
end
|
53
55
|
end
|
54
56
|
|
57
|
+
require_relative "castle_devise/sdk_facade"
|
55
58
|
require_relative "castle_devise/configuration"
|
56
59
|
require_relative "castle_devise/context"
|
57
60
|
require_relative "castle_devise/patches"
|
58
|
-
require_relative "castle_devise/sdk_facade"
|
59
61
|
require_relative "castle_devise/controllers/helpers"
|
60
62
|
require_relative "castle_devise/helpers/castle_helper"
|
61
63
|
require_relative "castle_devise/hooks/castle_protectable"
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: castle_devise
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.3
|
4
|
+
version: 0.4.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Kacper Madej
|
@@ -10,7 +10,7 @@ authors:
|
|
10
10
|
autorequire:
|
11
11
|
bindir: exe
|
12
12
|
cert_chain: []
|
13
|
-
date:
|
13
|
+
date: 2023-07-11 00:00:00.000000000 Z
|
14
14
|
dependencies:
|
15
15
|
- !ruby/object:Gem::Dependency
|
16
16
|
name: activesupport
|
@@ -32,7 +32,7 @@ dependencies:
|
|
32
32
|
requirements:
|
33
33
|
- - ">="
|
34
34
|
- !ruby/object:Gem::Version
|
35
|
-
version: '7.
|
35
|
+
version: '7.2'
|
36
36
|
- - "<"
|
37
37
|
- !ruby/object:Gem::Version
|
38
38
|
version: '8.0'
|
@@ -42,7 +42,7 @@ dependencies:
|
|
42
42
|
requirements:
|
43
43
|
- - ">="
|
44
44
|
- !ruby/object:Gem::Version
|
45
|
-
version: '7.
|
45
|
+
version: '7.2'
|
46
46
|
- - "<"
|
47
47
|
- !ruby/object:Gem::Version
|
48
48
|
version: '8.0'
|
@@ -102,9 +102,9 @@ files:
|
|
102
102
|
- bin/console
|
103
103
|
- bin/setup
|
104
104
|
- castle_devise.gemspec
|
105
|
-
- gemfiles/rails_5.2.gemfile
|
106
105
|
- gemfiles/rails_6.0.gemfile
|
107
106
|
- gemfiles/rails_6.1.gemfile
|
107
|
+
- gemfiles/rails_7.0.gemfile
|
108
108
|
- lib/castle_devise.rb
|
109
109
|
- lib/castle_devise/configuration.rb
|
110
110
|
- lib/castle_devise/context.rb
|
@@ -140,7 +140,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
140
140
|
- !ruby/object:Gem::Version
|
141
141
|
version: '0'
|
142
142
|
requirements: []
|
143
|
-
rubygems_version: 3.
|
143
|
+
rubygems_version: 3.3.3
|
144
144
|
signing_key:
|
145
145
|
specification_version: 4
|
146
146
|
summary: Integrates Castle with Devise
|