devise-passwordless 1.0.0 → 1.0.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +9 -1
- data/README.md +10 -9
- data/app/mailers/devise/passwordless/mailer.rb +1 -0
- data/lib/devise/hooks/magic_link_authenticatable.rb +1 -1
- data/lib/devise/passwordless/rails.rb +1 -6
- data/lib/devise/passwordless/version.rb +1 -1
- data/lib/devise/passwordless.rb +16 -0
- data/lib/generators/devise/passwordless/install_generator.rb +4 -3
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 897ecbae9b1eab423447003362253109504478955ae120b2fb81602e78d83d0a
|
4
|
+
data.tar.gz: 892716d7fe7fda88cb153ed9eb561b47272081e066f34720a3a567812c653435
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 4cd0fe91740b1fdd19b68de208ed790c46336e87ead4515ba71775e214edd4b25ee46ca62e311f6573e93be44f7ef644811cf5ed9b66081a24eb76690db7dde7
|
7
|
+
data.tar.gz: 44bb12db02ea4d0fcf9867edbce48a93a5f836df0e15ec89aa2fd71a9b5fd9070d42dc8300b7a9c6ab5251bad68a95676997667cf0c0b33a422181262b21fc78
|
data/CHANGELOG.md
CHANGED
@@ -1,4 +1,10 @@
|
|
1
|
-
## 1.0.
|
1
|
+
## 1.0.1 - Sep 18, 2023
|
2
|
+
|
3
|
+
### Bugfixes
|
4
|
+
|
5
|
+
* Fixed bug where `filter_parameters` check erred on regex keys ([#39] - thanks [@thimo]!)
|
6
|
+
|
7
|
+
## 1.0.0 - Sep 15, 2023
|
2
8
|
|
3
9
|
### Enhancements
|
4
10
|
|
@@ -32,6 +38,7 @@
|
|
32
38
|
[@iainbeeston]: https://github.com/iainbeeston
|
33
39
|
[@joeyparis]: https://github.com/joeyparis
|
34
40
|
[@JoeyLeadJig]: https://github.com/JoeyLeadJig
|
41
|
+
[@thimo]: https://github.com/thimo
|
35
42
|
[@til]: https://github.com/til
|
36
43
|
|
37
44
|
[#13]: https://github.com/abevoelker/devise-passwordless/issues/13
|
@@ -42,3 +49,4 @@
|
|
42
49
|
[#27]: https://github.com/abevoelker/devise-passwordless/pull/27
|
43
50
|
[#33]: https://github.com/abevoelker/devise-passwordless/pull/33
|
44
51
|
[#36]: https://github.com/abevoelker/devise-passwordless/pull/36
|
52
|
+
[#39]: https://github.com/abevoelker/devise-passwordless/issues/39
|
data/README.md
CHANGED
@@ -119,9 +119,10 @@ config.passwordless_tokenizer = "SignedGlobalIDTokenizer"
|
|
119
119
|
# generate your own secret value with e.g. `rake secret`
|
120
120
|
# config.passwordless_secret_key = nil
|
121
121
|
|
122
|
-
# When using the :trackable module, set to true to
|
123
|
-
# generated before the user's current sign in time to
|
124
|
-
# each time you sign in, all existing magic links
|
122
|
+
# When using the :trackable module and MessageEncryptorTokenizer, set to true to
|
123
|
+
# consider magic link tokens generated before the user's current sign in time to
|
124
|
+
# be expired. In other words, each time you sign in, all existing magic links
|
125
|
+
# will be considered invalid.
|
125
126
|
# config.passwordless_expire_old_tokens_on_sign_in = false
|
126
127
|
```
|
127
128
|
|
@@ -233,12 +234,12 @@ you can write something like this:
|
|
233
234
|
|
234
235
|
```ruby
|
235
236
|
class ApplicationController < ActionController::Base
|
236
|
-
def after_magic_link_sent_path_for(
|
237
|
-
case
|
238
|
-
when
|
239
|
-
|
240
|
-
when
|
241
|
-
|
237
|
+
def after_magic_link_sent_path_for(resource_or_scope)
|
238
|
+
case Devise::Mapping.find_scope!(resource_or_scope)
|
239
|
+
when :user
|
240
|
+
some_path
|
241
|
+
when :admin
|
242
|
+
some_other_path
|
242
243
|
end
|
243
244
|
end
|
244
245
|
end
|
@@ -2,7 +2,7 @@
|
|
2
2
|
|
3
3
|
# Deny user access when magic link authentication is disabled
|
4
4
|
Warden::Manager.after_set_user do |record, warden, options|
|
5
|
-
if record && record.respond_to?(:active_for_magic_link_authentication?) && !record.active_for_magic_link_authentication?
|
5
|
+
if record && record.respond_to?(:active_for_magic_link_authentication?) && !record.active_for_magic_link_authentication? && warden.winning_strategy.is_a?(Devise::Strategies::MagicLinkAuthenticatable)
|
6
6
|
scope = options[:scope]
|
7
7
|
warden.logout(scope)
|
8
8
|
throw :warden, scope: scope, message: record.magic_link_inactive_message
|
@@ -14,12 +14,7 @@ module Devise::Passwordless
|
|
14
14
|
initializer "devise_passwordless.log_filter_check" do
|
15
15
|
params = Rails.try(:application).try(:config).try(:filter_parameters) || []
|
16
16
|
|
17
|
-
|
18
|
-
warn "[DEVISE-PASSWORDLESS] We have detected that your Rails configuration does not " \
|
19
|
-
"filter :token parameters out of your logs. You should append :token to your " \
|
20
|
-
"config.filter_parameters Rails setting so that magic link tokens don't " \
|
21
|
-
"leak out of your logs."
|
22
|
-
end
|
17
|
+
::Devise::Passwordless.check_filter_parameters(params)
|
23
18
|
end
|
24
19
|
end
|
25
20
|
end
|
data/lib/devise/passwordless.rb
CHANGED
@@ -23,5 +23,21 @@ module Devise
|
|
23
23
|
Devise.secret_key
|
24
24
|
end
|
25
25
|
end
|
26
|
+
|
27
|
+
FILTER_PARAMS_WARNING = "[DEVISE-PASSWORDLESS] We have detected that your Rails configuration does not " \
|
28
|
+
"filter :token parameters out of your logs. You should append :token to your " \
|
29
|
+
"config.filter_parameters Rails setting so that magic link tokens don't " \
|
30
|
+
"leak out of your logs."
|
31
|
+
|
32
|
+
def self.check_filter_parameters(params)
|
33
|
+
begin
|
34
|
+
unless params.find{|p| p.to_sym == :token}
|
35
|
+
warn FILTER_PARAMS_WARNING
|
36
|
+
end
|
37
|
+
# Cancel the check if filter_parameters contains regular expressions or other exotic values
|
38
|
+
rescue NoMethodError
|
39
|
+
return
|
40
|
+
end
|
41
|
+
end
|
26
42
|
end
|
27
43
|
end
|
@@ -33,9 +33,10 @@ module Devise::Passwordless
|
|
33
33
|
# generate your own secret value with e.g. `rake secret`
|
34
34
|
# config.passwordless_secret_key = nil
|
35
35
|
|
36
|
-
# When using the :trackable module, set to true to
|
37
|
-
# generated before the user's current sign in time to
|
38
|
-
# each time you sign in, all existing magic links
|
36
|
+
# When using the :trackable module and MessageEncryptorTokenizer, set to true to
|
37
|
+
# consider magic link tokens generated before the user's current sign in time to
|
38
|
+
# be expired. In other words, each time you sign in, all existing magic links
|
39
|
+
# will be considered invalid.
|
39
40
|
# config.passwordless_expire_old_tokens_on_sign_in = false
|
40
41
|
CONFIG
|
41
42
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: devise-passwordless
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.0.
|
4
|
+
version: 1.0.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Abe Voelker
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2024-04-27 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: devise
|
@@ -101,7 +101,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
101
101
|
- !ruby/object:Gem::Version
|
102
102
|
version: '0'
|
103
103
|
requirements: []
|
104
|
-
rubygems_version: 3.4.
|
104
|
+
rubygems_version: 3.4.19
|
105
105
|
signing_key:
|
106
106
|
specification_version: 4
|
107
107
|
summary: Passwordless (email-only) login strategy for Devise
|