castle_devise 0.4.1 → 0.4.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: '08bc5ac82986fd553c2c64a8c10a04748220a997b1c3430d1dc2bde82c18623d'
-  data.tar.gz: 367ba90a6e2e6e6b32a2dd87a9ad7e375fc6567d64dc069816d85f0bf1d5a014
+  metadata.gz: 6843034cd0d1278d25140abc645d54dca7b8a3431829c6d7b58920ad987381a6
+  data.tar.gz: 58f4ae8fb336b3299f96b067210b788f9906efd223965c7c17143a2e2583fad3
 SHA512:
-  metadata.gz: c3b603e7ad9f16909b546bb2604cff29d9939ea5e43b187764a0f114f9ee43a9746616bf05e1699a4bb914053781df0a190d7281ed5c9e2c1e0e34739bd34945
-  data.tar.gz: 47abcfb52b021885ce447ca68199cea7142f9e574e5b4bdb5653e60c6c4c373b67d1225c06baf61df24cca590b1dd35756cb3914c2de6348aea72c70ce110ac8
+  metadata.gz: 0b8f9feca618661708bf6695d3c870c54e4fd4eb747b8ea96031e8a88bcb53c7af7b52b47ce38b92cd44bb85e352b5a9a6bc1aba6a80d4218ecee6dbbe6fdd6c
+  data.tar.gz: e81f6b014851e78444088a9949746aec347a800c39487ab4cae3c0727c6568b8a2b9691f561c7366be873725ea00f0e62e9d33e2ca919193d3c758da975b116a

data/.github/workflows/specs.yml

@@ -10,11 +10,8 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        ruby: ["2.6", "2.7", "3.0"]
-        rails: ["5.2", "6.0", "6.1"]
-        exclude:
-          - ruby: "3.0"
-            rails: "5.2"
+        ruby: ["2.7", "3.0", "3.1", "3.2"]
+        rails: ["6.0", "6.1", "7.0"]
 
     steps:
     - uses: actions/checkout@v2
@@ -22,7 +19,7 @@ jobs:
       uses: ruby/setup-ruby@v1
       with:
         ruby-version: ${{ matrix.ruby }}
-    - name: Install depenencies
+    - name: Install dependencies
       env:
         BUNDLE_GEMFILE: gemfiles/rails_${{ matrix.rails }}.gemfile
       run: |

data/Appraisals

@@ -1,9 +1,3 @@
-if RUBY_VERSION < "3.0"
-  appraise "rails-5.2" do
-    gem "railties", "~> 5.2.6"
-  end
-end
-
 appraise "rails-6.0" do
   gem "railties", "~> 6.0.4"
 end
@@ -11,3 +5,7 @@ end
 appraise "rails-6.1" do
   gem "railties", "~> 6.1.4"
 end
+
+appraise "rails-7.0" do
+  gem "railties", "~> 7.0"
+end

data/CHANGELOG.md

@@ -2,6 +2,12 @@
 
 ## [Unreleased][main]
 
+## [0.4.3] - 2023-07-11
+- Fix an issue where we would send a `login.failed` event on any attempt of accessing a protected resource, not only when the user failed to log in specifically
+
+## [0.4.2] - 2023-07-10
+- Change `params` to contain the email address sent by the user for the `/v1/filter` endpoint
+
 ## [0.4.1] - 2022-12-13
 - Introduced new configuration options for `castle_sdk_facade_class` and `castle_client`
 
@@ -23,7 +29,10 @@
 
 - Initial release
 
-[main]: https://github.com/castle/castle_devise/compare/v0.4.0...HEAD
+[main]: https://github.com/castle/castle_devise/compare/v0.4.3...HEAD
+[0.4.3]: https://github.com/castle/castle_devise/compare/v0.4.2...v0.4.3
+[0.4.2]: https://github.com/castle/castle_devise/compare/v0.4.1...v0.4.2
+[0.4.1]: https://github.com/castle/castle_devise/compare/v0.4.0...v0.4.1
 [0.4.0]: https://github.com/castle/castle_devise/compare/v0.3.0...v0.4.0
 [0.3.0]: https://github.com/castle/castle_devise/compare/v0.2.0...v0.3.0
 [0.2.0]: https://github.com/castle/castle_devise/compare/v0.1.0...v0.2.0

data/Gemfile

@@ -8,7 +8,7 @@ gemspec
 gem "actionmailer"
 gem "activerecord"
 gem "byebug"
-gem "railties", "~> 6.1"
+gem "railties", "~> 7.0"
 gem "rake"
 gem "rspec"
 gem "rspec-rails"

data/Gemfile.lock

@@ -1,177 +1,222 @@
 PATH
   remote: .
   specs:
-    castle_devise (0.4.1)
+    castle_devise (0.4.3)
       activesupport (>= 5.0)
-      castle-rb (>= 7.0, < 8.0)
+      castle-rb (>= 7.2, < 8.0)
       devise (>= 4.3.0, < 5.0)
 
 GEM
   remote: https://rubygems.org/
   specs:
-    actionmailer (6.1.4)
-      actionpack (= 6.1.4)
-      actionview (= 6.1.4)
-      activejob (= 6.1.4)
-      activesupport (= 6.1.4)
+    actionmailer (7.0.4.3)
+      actionpack (= 7.0.4.3)
+      actionview (= 7.0.4.3)
+      activejob (= 7.0.4.3)
+      activesupport (= 7.0.4.3)
       mail (~> 2.5, >= 2.5.4)
+      net-imap
+      net-pop
+      net-smtp
       rails-dom-testing (~> 2.0)
-    actionpack (6.1.4)
-      actionview (= 6.1.4)
-      activesupport (= 6.1.4)
-      rack (~> 2.0, >= 2.0.9)
+    actionpack (7.0.4.3)
+      actionview (= 7.0.4.3)
+      activesupport (= 7.0.4.3)
+      rack (~> 2.0, >= 2.2.0)
       rack-test (>= 0.6.3)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.0, >= 1.2.0)
-    actionview (6.1.4)
-      activesupport (= 6.1.4)
+    actionview (7.0.4.3)
+      activesupport (= 7.0.4.3)
       builder (~> 3.1)
       erubi (~> 1.4)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.1, >= 1.2.0)
-    activejob (6.1.4)
-      activesupport (= 6.1.4)
+    activejob (7.0.4.3)
+      activesupport (= 7.0.4.3)
       globalid (>= 0.3.6)
-    activemodel (6.1.4)
-      activesupport (= 6.1.4)
-    activerecord (6.1.4)
-      activemodel (= 6.1.4)
-      activesupport (= 6.1.4)
-    activesupport (6.1.4)
+    activemodel (7.0.4.3)
+      activesupport (= 7.0.4.3)
+    activerecord (7.0.4.3)
+      activemodel (= 7.0.4.3)
+      activesupport (= 7.0.4.3)
+    activesupport (7.0.4.3)
       concurrent-ruby (~> 1.0, >= 1.0.2)
       i18n (>= 1.6, < 2)
       minitest (>= 5.1)
       tzinfo (~> 2.0)
-      zeitwerk (~> 2.3)
-    addressable (2.8.0)
-      public_suffix (>= 2.0.2, < 5.0)
+    addressable (2.8.4)
+      public_suffix (>= 2.0.2, < 6.0)
     appraisal (2.3.0)
       bundler
       rake
       thor (>= 0.14.0)
     ast (2.4.2)
-    bcrypt (3.1.16)
+    bcrypt (3.1.19)
     builder (3.2.4)
     byebug (11.1.3)
-    castle-rb (7.1.1)
-    concurrent-ruby (1.1.9)
+    castle-rb (7.2.0)
+    concurrent-ruby (1.2.2)
     crack (0.4.5)
       rexml
     crass (1.0.6)
-    devise (4.8.0)
+    date (3.3.3)
+    devise (4.9.2)
       bcrypt (~> 3.0)
       orm_adapter (~> 0.1)
       railties (>= 4.1.0)
       responders
       warden (~> 1.2.3)
-    diff-lcs (1.4.4)
+    diff-lcs (1.5.0)
     docile (1.4.0)
-    erubi (1.10.0)
-    globalid (0.5.1)
+    erubi (1.12.0)
+    globalid (1.1.0)
       activesupport (>= 5.0)
     hashdiff (1.0.1)
-    i18n (1.8.10)
+    i18n (1.13.0)
       concurrent-ruby (~> 1.0)
-    loofah (2.10.0)
+    json (2.6.3)
+    language_server-protocol (3.17.0.3)
+    lint_roller (1.0.0)
+    loofah (2.21.3)
       crass (~> 1.0.2)
-      nokogiri (>= 1.5.9)
-    mail (2.7.1)
+      nokogiri (>= 1.12.0)
+    mail (2.8.1)
       mini_mime (>= 0.1.1)
+      net-imap
+      net-pop
+      net-smtp
     method_source (1.0.0)
-    mini_mime (1.1.0)
-    minitest (5.14.4)
-    nokogiri (1.11.7-x86_64-darwin)
+    mini_mime (1.1.2)
+    mini_portile2 (2.8.2)
+    minitest (5.18.0)
+    net-imap (0.3.4)
+      date
+      net-protocol
+    net-pop (0.1.2)
+      net-protocol
+    net-protocol (0.2.1)
+      timeout
+    net-smtp (0.3.3)
+      net-protocol
+    nokogiri (1.15.1)
+      mini_portile2 (~> 2.8.2)
+      racc (~> 1.4)
+    nokogiri (1.15.1-aarch64-linux)
+      racc (~> 1.4)
+    nokogiri (1.15.1-arm64-darwin)
+      racc (~> 1.4)
+    nokogiri (1.15.1-x86_64-darwin)
       racc (~> 1.4)
     orm_adapter (0.5.0)
-    parallel (1.20.1)
-    parser (3.0.2.0)
+    parallel (1.23.0)
+    parser (3.2.2.1)
       ast (~> 2.4.1)
-    public_suffix (4.0.6)
-    racc (1.5.2)
-    rack (2.2.3)
-    rack-test (1.1.0)
-      rack (>= 1.0, < 3)
+    public_suffix (5.0.1)
+    racc (1.6.2)
+    rack (2.2.7)
+    rack-test (2.1.0)
+      rack (>= 1.3)
     rails-dom-testing (2.0.3)
       activesupport (>= 4.2.0)
       nokogiri (>= 1.6)
-    rails-html-sanitizer (1.3.0)
-      loofah (~> 2.3)
-    railties (6.1.4)
-      actionpack (= 6.1.4)
-      activesupport (= 6.1.4)
+    rails-html-sanitizer (1.5.0)
+      loofah (~> 2.19, >= 2.19.1)
+    railties (7.0.4.3)
+      actionpack (= 7.0.4.3)
+      activesupport (= 7.0.4.3)
       method_source
-      rake (>= 0.13)
+      rake (>= 12.2)
       thor (~> 1.0)
-    rainbow (3.0.0)
+      zeitwerk (~> 2.5)
+    rainbow (3.1.1)
     rake (13.0.6)
-    regexp_parser (2.1.1)
-    responders (3.0.1)
-      actionpack (>= 5.0)
-      railties (>= 5.0)
+    regexp_parser (2.8.0)
+    responders (3.1.0)
+      actionpack (>= 5.2)
+      railties (>= 5.2)
     rexml (3.2.5)
-    rspec (3.10.0)
-      rspec-core (~> 3.10.0)
-      rspec-expectations (~> 3.10.0)
-      rspec-mocks (~> 3.10.0)
-    rspec-core (3.10.1)
-      rspec-support (~> 3.10.0)
-    rspec-expectations (3.10.1)
+    rspec (3.12.0)
+      rspec-core (~> 3.12.0)
+      rspec-expectations (~> 3.12.0)
+      rspec-mocks (~> 3.12.0)
+    rspec-core (3.12.2)
+      rspec-support (~> 3.12.0)
+    rspec-expectations (3.12.3)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.10.0)
-    rspec-mocks (3.10.2)
+      rspec-support (~> 3.12.0)
+    rspec-mocks (3.12.5)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.10.0)
-    rspec-rails (5.0.1)
-      actionpack (>= 5.2)
-      activesupport (>= 5.2)
-      railties (>= 5.2)
-      rspec-core (~> 3.10)
-      rspec-expectations (~> 3.10)
-      rspec-mocks (~> 3.10)
-      rspec-support (~> 3.10)
-    rspec-support (3.10.2)
-    rubocop (1.18.4)
+      rspec-support (~> 3.12.0)
+    rspec-rails (6.0.2)
+      actionpack (>= 6.1)
+      activesupport (>= 6.1)
+      railties (>= 6.1)
+      rspec-core (~> 3.12)
+      rspec-expectations (~> 3.12)
+      rspec-mocks (~> 3.12)
+      rspec-support (~> 3.12)
+    rspec-support (3.12.0)
+    rubocop (1.50.2)
+      json (~> 2.3)
       parallel (~> 1.10)
-      parser (>= 3.0.0.0)
+      parser (>= 3.2.0.0)
       rainbow (>= 2.2.2, < 4.0)
       regexp_parser (>= 1.8, < 3.0)
-      rexml
-      rubocop-ast (>= 1.8.0, < 2.0)
+      rexml (>= 3.2.5, < 4.0)
+      rubocop-ast (>= 1.28.0, < 2.0)
       ruby-progressbar (~> 1.7)
-      unicode-display_width (>= 1.4.0, < 3.0)
-    rubocop-ast (1.8.0)
-      parser (>= 3.0.1.1)
-    rubocop-performance (1.11.4)
+      unicode-display_width (>= 2.4.0, < 3.0)
+    rubocop-ast (1.28.1)
+      parser (>= 3.2.1.0)
+    rubocop-performance (1.16.0)
       rubocop (>= 1.7.0, < 2.0)
       rubocop-ast (>= 0.4.0)
-    ruby-progressbar (1.11.0)
-    simplecov (0.21.2)
+    ruby-progressbar (1.13.0)
+    simplecov (0.22.0)
       docile (~> 1.1)
       simplecov-html (~> 0.11)
       simplecov_json_formatter (~> 0.1)
     simplecov-html (0.12.3)
-    simplecov_json_formatter (0.1.3)
-    sqlite3 (1.4.2)
-    standard (1.1.6)
-      rubocop (= 1.18.4)
-      rubocop-performance (= 1.11.4)
-    thor (1.1.0)
-    tzinfo (2.0.4)
+    simplecov_json_formatter (0.1.4)
+    sqlite3 (1.6.3)
+      mini_portile2 (~> 2.8.0)
+    sqlite3 (1.6.3-aarch64-linux)
+    sqlite3 (1.6.3-arm64-darwin)
+    sqlite3 (1.6.3-x86_64-darwin)
+    standard (1.28.2)
+      language_server-protocol (~> 3.17.0.2)
+      lint_roller (~> 1.0)
+      rubocop (~> 1.50.2)
+      standard-custom (~> 1.0.0)
+      standard-performance (~> 1.0.1)
+    standard-custom (1.0.0)
+      lint_roller (~> 1.0)
+    standard-performance (1.0.1)
+      lint_roller (~> 1.0)
+      rubocop-performance (~> 1.16.0)
+    thor (1.2.2)
+    timeout (0.3.2)
+    tzinfo (2.0.6)
       concurrent-ruby (~> 1.0)
-    unicode-display_width (2.0.0)
-    vcr (6.0.0)
+    unicode-display_width (2.4.2)
+    vcr (6.1.0)
     warden (1.2.9)
       rack (>= 2.0.9)
-    webmock (3.13.0)
-      addressable (>= 2.3.6)
+    webmock (3.18.1)
+      addressable (>= 2.8.0)
       crack (>= 0.3.2)
       hashdiff (>= 0.4.0, < 2.0.0)
-    zeitwerk (2.4.2)
+    zeitwerk (2.6.8)
 
 PLATFORMS
+  aarch64-linux
+  arm64-darwin-21
+  ruby
   x86_64-darwin-18
   x86_64-darwin-19
   x86_64-darwin-20
+  x86_64-darwin-22
 
 DEPENDENCIES
   actionmailer
@@ -179,7 +224,7 @@ DEPENDENCIES
   appraisal (~> 2.3.0)
   byebug
   castle_devise!
-  railties (~> 6.1)
+  railties (~> 7.0)
   rake
   rspec
   rspec-rails
@@ -190,4 +235,4 @@ DEPENDENCIES
   webmock
 
 BUNDLED WITH
-   2.2.23
+   2.4.12

data/README.md

@@ -211,3 +211,26 @@ CastleDevise.configure do |config|
   end
 end
 ```
+
+## Development
+
+### Setup
+
+```bash
+bundle install
+```
+
+### Running tests
+
+Most of the specs should pass just by running the following command:
+
+```bash
+bundle exec rake
+```
+
+We also have a few VCR tests that will periodically rebuild the cassettes just to make sure that the integration with Castle API is working.
+For those, you need to run your specs with a proper Castle API Secret:
+
+```bash
+CASTLE_API_SECRET=your_api_secret bundle exec rake
+```

data/castle_devise.gemspec

@@ -28,7 +28,7 @@ Gem::Specification.new do |spec|
   spec.require_paths = ["lib"]
 
   spec.add_dependency "activesupport", ">= 5.0"
-  spec.add_dependency "castle-rb", ">= 7.0", "< 8.0"
+  spec.add_dependency "castle-rb", ">= 7.2", "< 8.0"
   spec.add_dependency "devise", ">= 4.3.0", "< 5.0"
 
   spec.add_development_dependency "appraisal", "~> 2.3.0"

data/gemfiles/{rails_5.2.gemfile → rails_7.0.gemfile}

@@ -4,7 +4,7 @@ source "https://rubygems.org"
 
 gem "actionmailer"
 gem "activerecord"
-gem "railties", "~> 5.2.6"
+gem "railties", "~> 7.0"
 gem "rake"
 gem "rspec"
 gem "rspec-rails"

data/lib/castle_devise/hooks/castle_protectable.rb

@@ -23,9 +23,11 @@ Warden::Manager.after_authentication do |resource, warden, opts|
       context.logout!
     end
   rescue Castle::InvalidParametersError
-    # TODO: We should act differently if the error is about missing/invalid request token
-    #   compared to any other validation errors. However, we can't do this with the
-    #   current Castle SDK as it doesn't give us any way to differentiate these two cases.
+    # log API error and allow
+    CastleDevise.logger.warn(
+      "[CastleDevise] /v1/risk request contained invalid parameters."
+    )
+  rescue Castle::InvalidRequestTokenError
     CastleDevise.logger.warn(
       "[CastleDevise] /v1/risk request contained invalid parameters." \
       " This might mean that either you didn't configure Castle's Javascript properly, or" \
@@ -42,6 +44,9 @@ end
 
 Warden::Manager.before_failure do |env, opts|
   next if opts[:castle_devise] == :skip
+  # recall is set by Devise on a failed login attempt. If it's not set, this hook might fire on any
+  # authentication failure attempt (eg. trying to access a resource while unauthenticated), not just login specifically
+  next unless opts.key?(:recall)
 
   resource_class = Devise.mappings[opts[:scope]].to
 

data/lib/castle_devise/patches/registrations_controller.rb

@@ -28,16 +28,19 @@ module CastleDevise
               context: context
             )
           rescue Castle::InvalidParametersError
-            # TODO: We should act differently if the error is about missing/invalid request token
-            #   compared to any other validation errors. However, we can't do this with the
-            #   current Castle SDK as it doesn't give us any way to differentiate these two cases.
+            # log API error and allow
             CastleDevise.logger.warn(
-              "[CastleDevise] /v1/risk request contained invalid parameters." \
-              " This might mean that either you didn't configure Castle's Javascript properly," \
+              "[CastleDevise] /v1/risk request contained invalid parameters."
+            )
+          rescue Castle::InvalidRequestTokenError
+            CastleDevise.logger.warn(
+              "[CastleDevise] /v1/risk request contained invalid token." \
+              " This means that either you didn't configure Castle's Javascript properly," \
               " or a request has been made without Javascript (eg. cURL/bot)." \
               " Such a request is treated as if Castle responded with a 'deny' action in" \
               " non-monitoring mode."
             )
+            # TODO: Implement a deny mechanism for this action.
           rescue Castle::Error => e
             # log API errors and allow
             CastleDevise.logger.error("[CastleDevise] risk($profile_update): #{e}")
@@ -81,12 +84,14 @@ module CastleDevise
           # everything fine, continue
         end
       rescue Castle::InvalidParametersError
-        # TODO: We should act differently if the error is about missing/invalid request token
-        #   compared to any other validation errors. However, we can't do this with the
-        #   current Castle SDK as it doesn't give us any way to differentiate these two cases.
+        # log error and allow
+        CastleDevise.logger.warn(
+          "[CastleDevise] /v1/filter request contained invalid parameters."
+        )
+      rescue Castle::InvalidRequestTokenError
         CastleDevise.logger.warn(
-          "[CastleDevise] /v1/filter request contained invalid parameters." \
-          " This might mean that either you didn't configure Castle's Javascript properly, or" \
+          "[CastleDevise] /v1/filter request contained invalid request token." \
+          " This means that either you didn't configure Castle's Javascript properly, or" \
           " a request has been made without Javascript (eg. cURL/bot)." \
           " Such a request is treated as if Castle responded with a 'deny' action in" \
           " non-monitoring mode."

data/lib/castle_devise/sdk_facade.rb

@@ -24,9 +24,9 @@ module CastleDevise
       payload = {
         event: event,
         status: status,
-        user: {
+        params: {
           email: context.email
-        },
+        }.compact,
         request_token: context.request_token,
         context: payload_context(context.rack_request)
       }

data/lib/castle_devise/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module CastleDevise
-  VERSION = "0.4.1"
+  VERSION = "0.4.3"
 end

metadata

@@ -1,16 +1,16 @@
 --- !ruby/object:Gem::Specification
 name: castle_devise
 version: !ruby/object:Gem::Version
-  version: 0.4.1
+  version: 0.4.3
 platform: ruby
 authors:
 - Kacper Madej
 - Dawid Libiszewski
 - Johan Brissmyr
-autorequire: 
+autorequire:
 bindir: exe
 cert_chain: []
-date: 2022-12-13 00:00:00.000000000 Z
+date: 2023-07-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -32,7 +32,7 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '7.0'
+        version: '7.2'
     - - "<"
       - !ruby/object:Gem::Version
         version: '8.0'
@@ -42,7 +42,7 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '7.0'
+        version: '7.2'
     - - "<"
       - !ruby/object:Gem::Version
         version: '8.0'
@@ -102,9 +102,9 @@ files:
 - bin/console
 - bin/setup
 - castle_devise.gemspec
-- gemfiles/rails_5.2.gemfile
 - gemfiles/rails_6.0.gemfile
 - gemfiles/rails_6.1.gemfile
+- gemfiles/rails_7.0.gemfile
 - lib/castle_devise.rb
 - lib/castle_devise/configuration.rb
 - lib/castle_devise/context.rb
@@ -125,7 +125,7 @@ metadata:
   homepage_uri: https://github.com/castle/castle_devise
   source_code_uri: https://github.com/castle/castle_devise
   changelog_uri: https://github.com/castle/castle_devise/CHANGELOG.md
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -140,8 +140,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.4
-signing_key: 
+rubygems_version: 3.3.3
+signing_key:
 specification_version: 4
 summary: Integrates Castle with Devise
 test_files: []