console1984 0.1.22 → 0.1.23

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 688301b16bc228224855392b24a0e4159a4e03acc4d1512f918a2c6a87a73ce1
-  data.tar.gz: 72433eff8fb2d85f7faa44653b653231da3081e1766f7e1f2303b7af628f095e
+  metadata.gz: 47d1011d6928811fe965c9935f1ef24d391b406525a2a1155b68f65afceafd78
+  data.tar.gz: 81612351e4688ecb94c7a8b27d10dd7b25425cadb8d7f0738214b876335eb603
 SHA512:
-  metadata.gz: d554267c6099abfc1b1a2f2aca9341adb13060f6cc007122a2cf172a76f2a4fa871959adc33dec2e01581e279f94cad9370a5aefb5f186bcfce0f8d85a652e12
-  data.tar.gz: f3074ebd12bf9547a54d4bfba5733fa5552bfa5cc809b2e8c1fd0191e90e925ba3817e8f4cdbbc5d08b5b67fd0ebc1c8cabf7da3bfec26a8bdb7848f84c1b718
+  metadata.gz: bdeb41585ec87acae2328f61f2077236ef559940084200f1c59c6655cb10f5e4e6e956aa8a34a6792a3512f2ba744c450c2411f948a1ae89d63171fb74331684
+  data.tar.gz: ab6095d0ae6f62f77bd76ed146bef36016e1485de710f0c646d211ad8d6645d7be96c00d678483d24fb1039c4d6ef049e3209cd9646598e6114028d97007fa03

data/README.md

@@ -14,7 +14,7 @@ If you are looking for the auditing tool, check [`audits1984`](https://github.co
 
 ## Installation
 
-**Important:** `console1984` depends on [Active Record encryption](https://edgeguides.rubyonrails.org/active_record_encryption.html) which is a Rails 7 feature. Since no gem for Rails 7 has been released yet, you need to run Rails edge in your project (point the gem to latest `main` in the [repo](https://github.com/rails/rails)).
+**Important:** `console1984` depends on [Active Record encryption](https://guides.rubyonrails.org/active_record_encryption.html) which is a Rails 7 feature.
 
 Add it to your `Gemfile`:
 
@@ -35,7 +35,7 @@ By default, console1984 is only enabled in `production`. You can configure the t
 config.console1984.protected_environments = %i[ production staging ]
 ```
 
-Finally, you need to [configure Active Record Encryption](https://edgeguides.rubyonrails.org/active_record_encryption.html#setup) in your
+Finally, you need to [configure Active Record Encryption](https://guides.rubyonrails.org/active_record_encryption.html#setup) in your
 project. This is because the library stores the tracked console commands encrypted.
 
 ## How it works
@@ -66,7 +66,7 @@ Check out [`audits1984`](https://github.com/basecamp/audits1984), a companion au
 
 ### Access to encrypted data
 
-By default, `console1984` won't decrypt data encrypted with [Active Record encryption](https://edgeguides.rubyonrails.org/active_record_encryption.html). Users will just see the ciphertexts.
+By default, `console1984` won't decrypt data encrypted with [Active Record encryption](https://guides.rubyonrails.org/active_record_encryption.html). Users will just see the ciphertexts.
 
 To decrypt data, enter the command `decrypt!`. It will ask for a justification, and these accesses will be flagged internally as sensitive.
 
@@ -127,7 +127,7 @@ In the default protected mode, trying to read data from a protected system will
 irb(main)> Rails.cache.read("some key") # raises Console1984::Errors::ProtectedConnection
 ```
 
-Running `decrypt!` will switch you to unprotected mode and let you access these systems normally. The system will ask for a justfication and will flag those accesses as sensitive.
+Running `decrypt!` will switch you to unprotected mode and let you access these systems normally. The system will ask for a justification and will flag those accesses as sensitive.
 
 This will work for systems that use Ruby sockets as the underlying communication mechanism.
 
@@ -143,18 +143,19 @@ When starting a console session, `console1984` will eager load all the applicati
 
 These config options are namespaced in `config.console1984`:
 
-| Name                                        | Description                                                  |
-| ------------------------------------------- | ------------------------------------------------------------ |
-| `protected_environments`                    | The list of environments where `console1984` will act on. Defaults to `%i[ production ]`. |
-| `protected_urls`                            | The list of URLs corresponding with external systems to protect. |
-| `session_logger`                            | The system used to record session data. The default logger is `Console1984::SessionsLogger::Database`. |
+| Name                                        | Description                                                                                                                                                                                                            |
+|---------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| `protected_environments`                    | The list of environments where `console1984` will act on. Defaults to `%i[ production ]`.                                                                                                                              |
+| `protected_urls`                            | The list of URLs corresponding with external systems to protect.                                                                                                                                                       |
+| `session_logger`                            | The system used to record session data. The default logger is `Console1984::SessionsLogger::Database`.                                                                                                                 |
 | `username_resolver`                         | Configure how the current user is determined for a given console session. The default is `Console1984::Username::EnvResolver.new("CONSOLE_USER")`, which returns the value of the environment variable `CONSOLE_USER`. |
-| `production_data_warning`                   | The text to show when a console session starts.              |
-| `enter_unprotected_encryption_mode_warning` | The text to show when user enters into unprotected mode.     |
-| `enter_protected_mode_warning`              | The text to show when user go backs to protected mode.       |
-| `incinerate`                                | Whether incinerate sessions automatically after a period of time or not. Default to `true`. |
-| `incinerate_after`                          | The period to keep sessions around before incinerate them. Default `30.days`. |
-| `incineration_queue`                        | The name of the queue for session incineration jobs. Default `console1984_incineration`. |
+ | `ask_for_username_if_empty`                 | If `true`, the console will ask for a username if it is empty. If `false`, it will raise an error if no username is set. Defaults to `false`.                                                                          |
+| `production_data_warning`                   | The text to show when a console session starts.                                                                                                                                                                        |
+| `enter_unprotected_encryption_mode_warning` | The text to show when user enters into unprotected mode.                                                                                                                                                               |
+| `enter_protected_mode_warning`              | The text to show when user go backs to protected mode.                                                                                                                                                                 |
+| `incinerate`                                | Whether incinerate sessions automatically after a period of time or not. Default to `true`.                                                                                                                            |
+| `incinerate_after`                          | The period to keep sessions around before incinerate them. Default `30.days`.                                                                                                                                          |
+| `incineration_queue`                        | The name of the queue for session incineration jobs. Default `console1984_incineration`.                                                                                                                               |
 
 ### SSH Config
 

data/lib/console1984/config.rb

@@ -7,7 +7,7 @@ class Console1984::Config
   PROTECTIONS_CONFIG_FILE_PATH = Console1984::Engine.root.join("config/protections.yml")
 
   PROPERTIES = %i[
-    session_logger username_resolver shield command_executor
+    session_logger username_resolver ask_for_username_if_empty shield command_executor
     protected_environments protected_urls
     production_data_warning enter_unprotected_encryption_mode_warning enter_protected_mode_warning
     incinerate incinerate_after incineration_queue
@@ -54,6 +54,7 @@ class Console1984::Config
       self.incinerate = true
       self.incinerate_after = 30.days
       self.incineration_queue = "console1984_incineration"
+      self.ask_for_username_if_empty = false
 
       self.debug = false
       self.test_mode = false

data/lib/console1984/errors.rb

@@ -23,5 +23,8 @@ module Console1984
     # Attempt to incinerate a session ahead of time as determined by
     # +config.console1984.incinerate_after+.
     class ForbiddenIncineration < StandardError; end
+
+    # The console username is not set. Only raised when `config.ask_for_username_if_empty = false`.
+    class MissingUsername < StandardError; end
   end
 end

data/lib/console1984/shield/modes.rb

@@ -55,6 +55,6 @@ module Console1984::Shield::Modes
 
   private
     def current_username
-      username_resolver.current
+      Console1984.supervisor.current_username
     end
 end

data/lib/console1984/supervisor.rb

@@ -35,6 +35,10 @@ class Console1984::Supervisor
     IRB.CurrentContext.exit
   end
 
+  def current_username
+    @current_username ||= username_resolver.current.presence || handle_empty_username
+  end
+
   private
     def require_dependencies
       Kernel.silence_warnings do
@@ -61,7 +65,11 @@ class Console1984::Supervisor
       session_logger.finish_session
     end
 
-    def current_username
-      username_resolver.current
+    def handle_empty_username
+      if Console1984.config.ask_for_username_if_empty
+        ask_for_value "Please, enter your name:"
+      else
+        raise Console1984::Errors::MissingUsername
+      end
     end
 end

data/lib/console1984/version.rb

@@ -1,3 +1,3 @@
 module Console1984
-  VERSION = '0.1.22'
+  VERSION = '0.1.23'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: console1984
 version: !ruby/object:Gem::Version
-  version: 0.1.22
+  version: 0.1.23
 platform: ruby
 authors:
 - Jorge Manrubia
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-12-22 00:00:00.000000000 Z
+date: 2022-04-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: colorize