devise-passwordless 1.0.0 → 1.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +9 -1
- data/README.md +10 -9
- data/app/mailers/devise/passwordless/mailer.rb +1 -0
- data/lib/devise/hooks/magic_link_authenticatable.rb +1 -1
- data/lib/devise/passwordless/rails.rb +1 -6
- data/lib/devise/passwordless/version.rb +1 -1
- data/lib/devise/passwordless.rb +16 -0
- data/lib/generators/devise/passwordless/install_generator.rb +4 -3
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 897ecbae9b1eab423447003362253109504478955ae120b2fb81602e78d83d0a
|
|
4
|
+
data.tar.gz: 892716d7fe7fda88cb153ed9eb561b47272081e066f34720a3a567812c653435
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 4cd0fe91740b1fdd19b68de208ed790c46336e87ead4515ba71775e214edd4b25ee46ca62e311f6573e93be44f7ef644811cf5ed9b66081a24eb76690db7dde7
|
|
7
|
+
data.tar.gz: 44bb12db02ea4d0fcf9867edbce48a93a5f836df0e15ec89aa2fd71a9b5fd9070d42dc8300b7a9c6ab5251bad68a95676997667cf0c0b33a422181262b21fc78
|
data/CHANGELOG.md
CHANGED
|
@@ -1,4 +1,10 @@
|
|
|
1
|
-
## 1.0.
|
|
1
|
+
## 1.0.1 - Sep 18, 2023
|
|
2
|
+
|
|
3
|
+
### Bugfixes
|
|
4
|
+
|
|
5
|
+
* Fixed bug where `filter_parameters` check erred on regex keys ([#39] - thanks [@thimo]!)
|
|
6
|
+
|
|
7
|
+
## 1.0.0 - Sep 15, 2023
|
|
2
8
|
|
|
3
9
|
### Enhancements
|
|
4
10
|
|
|
@@ -32,6 +38,7 @@
|
|
|
32
38
|
[@iainbeeston]: https://github.com/iainbeeston
|
|
33
39
|
[@joeyparis]: https://github.com/joeyparis
|
|
34
40
|
[@JoeyLeadJig]: https://github.com/JoeyLeadJig
|
|
41
|
+
[@thimo]: https://github.com/thimo
|
|
35
42
|
[@til]: https://github.com/til
|
|
36
43
|
|
|
37
44
|
[#13]: https://github.com/abevoelker/devise-passwordless/issues/13
|
|
@@ -42,3 +49,4 @@
|
|
|
42
49
|
[#27]: https://github.com/abevoelker/devise-passwordless/pull/27
|
|
43
50
|
[#33]: https://github.com/abevoelker/devise-passwordless/pull/33
|
|
44
51
|
[#36]: https://github.com/abevoelker/devise-passwordless/pull/36
|
|
52
|
+
[#39]: https://github.com/abevoelker/devise-passwordless/issues/39
|
data/README.md
CHANGED
|
@@ -119,9 +119,10 @@ config.passwordless_tokenizer = "SignedGlobalIDTokenizer"
|
|
|
119
119
|
# generate your own secret value with e.g. `rake secret`
|
|
120
120
|
# config.passwordless_secret_key = nil
|
|
121
121
|
|
|
122
|
-
# When using the :trackable module, set to true to
|
|
123
|
-
# generated before the user's current sign in time to
|
|
124
|
-
# each time you sign in, all existing magic links
|
|
122
|
+
# When using the :trackable module and MessageEncryptorTokenizer, set to true to
|
|
123
|
+
# consider magic link tokens generated before the user's current sign in time to
|
|
124
|
+
# be expired. In other words, each time you sign in, all existing magic links
|
|
125
|
+
# will be considered invalid.
|
|
125
126
|
# config.passwordless_expire_old_tokens_on_sign_in = false
|
|
126
127
|
```
|
|
127
128
|
|
|
@@ -233,12 +234,12 @@ you can write something like this:
|
|
|
233
234
|
|
|
234
235
|
```ruby
|
|
235
236
|
class ApplicationController < ActionController::Base
|
|
236
|
-
def after_magic_link_sent_path_for(
|
|
237
|
-
case
|
|
238
|
-
when
|
|
239
|
-
|
|
240
|
-
when
|
|
241
|
-
|
|
237
|
+
def after_magic_link_sent_path_for(resource_or_scope)
|
|
238
|
+
case Devise::Mapping.find_scope!(resource_or_scope)
|
|
239
|
+
when :user
|
|
240
|
+
some_path
|
|
241
|
+
when :admin
|
|
242
|
+
some_other_path
|
|
242
243
|
end
|
|
243
244
|
end
|
|
244
245
|
end
|
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
|
|
3
3
|
# Deny user access when magic link authentication is disabled
|
|
4
4
|
Warden::Manager.after_set_user do |record, warden, options|
|
|
5
|
-
if record && record.respond_to?(:active_for_magic_link_authentication?) && !record.active_for_magic_link_authentication?
|
|
5
|
+
if record && record.respond_to?(:active_for_magic_link_authentication?) && !record.active_for_magic_link_authentication? && warden.winning_strategy.is_a?(Devise::Strategies::MagicLinkAuthenticatable)
|
|
6
6
|
scope = options[:scope]
|
|
7
7
|
warden.logout(scope)
|
|
8
8
|
throw :warden, scope: scope, message: record.magic_link_inactive_message
|
|
@@ -14,12 +14,7 @@ module Devise::Passwordless
|
|
|
14
14
|
initializer "devise_passwordless.log_filter_check" do
|
|
15
15
|
params = Rails.try(:application).try(:config).try(:filter_parameters) || []
|
|
16
16
|
|
|
17
|
-
|
|
18
|
-
warn "[DEVISE-PASSWORDLESS] We have detected that your Rails configuration does not " \
|
|
19
|
-
"filter :token parameters out of your logs. You should append :token to your " \
|
|
20
|
-
"config.filter_parameters Rails setting so that magic link tokens don't " \
|
|
21
|
-
"leak out of your logs."
|
|
22
|
-
end
|
|
17
|
+
::Devise::Passwordless.check_filter_parameters(params)
|
|
23
18
|
end
|
|
24
19
|
end
|
|
25
20
|
end
|
data/lib/devise/passwordless.rb
CHANGED
|
@@ -23,5 +23,21 @@ module Devise
|
|
|
23
23
|
Devise.secret_key
|
|
24
24
|
end
|
|
25
25
|
end
|
|
26
|
+
|
|
27
|
+
FILTER_PARAMS_WARNING = "[DEVISE-PASSWORDLESS] We have detected that your Rails configuration does not " \
|
|
28
|
+
"filter :token parameters out of your logs. You should append :token to your " \
|
|
29
|
+
"config.filter_parameters Rails setting so that magic link tokens don't " \
|
|
30
|
+
"leak out of your logs."
|
|
31
|
+
|
|
32
|
+
def self.check_filter_parameters(params)
|
|
33
|
+
begin
|
|
34
|
+
unless params.find{|p| p.to_sym == :token}
|
|
35
|
+
warn FILTER_PARAMS_WARNING
|
|
36
|
+
end
|
|
37
|
+
# Cancel the check if filter_parameters contains regular expressions or other exotic values
|
|
38
|
+
rescue NoMethodError
|
|
39
|
+
return
|
|
40
|
+
end
|
|
41
|
+
end
|
|
26
42
|
end
|
|
27
43
|
end
|
|
@@ -33,9 +33,10 @@ module Devise::Passwordless
|
|
|
33
33
|
# generate your own secret value with e.g. `rake secret`
|
|
34
34
|
# config.passwordless_secret_key = nil
|
|
35
35
|
|
|
36
|
-
# When using the :trackable module, set to true to
|
|
37
|
-
# generated before the user's current sign in time to
|
|
38
|
-
# each time you sign in, all existing magic links
|
|
36
|
+
# When using the :trackable module and MessageEncryptorTokenizer, set to true to
|
|
37
|
+
# consider magic link tokens generated before the user's current sign in time to
|
|
38
|
+
# be expired. In other words, each time you sign in, all existing magic links
|
|
39
|
+
# will be considered invalid.
|
|
39
40
|
# config.passwordless_expire_old_tokens_on_sign_in = false
|
|
40
41
|
CONFIG
|
|
41
42
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: devise-passwordless
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.0.
|
|
4
|
+
version: 1.0.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Abe Voelker
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2024-04-27 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: devise
|
|
@@ -101,7 +101,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
101
101
|
- !ruby/object:Gem::Version
|
|
102
102
|
version: '0'
|
|
103
103
|
requirements: []
|
|
104
|
-
rubygems_version: 3.4.
|
|
104
|
+
rubygems_version: 3.4.19
|
|
105
105
|
signing_key:
|
|
106
106
|
specification_version: 4
|
|
107
107
|
summary: Passwordless (email-only) login strategy for Devise
|