lato 3.5.1 → 3.5.2

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 56ee3e9b961152eba70e1a6bc9847cba388918270a97b54b0e5f62c411522d7e
4
- data.tar.gz: 6911a1d184c652e28489ccba829b0fe1fdfa48fc4e2bf38de2a4996b9b6be279
3
+ metadata.gz: 0e24a9027aaa18602126a3e83d58f6965fa71767621211ae79026192f74f01f6
4
+ data.tar.gz: 07beba102b8c9cd35d985d0870c73553a635a9e2f8f23e6e74d3c7881ebb96c8
5
5
  SHA512:
6
- metadata.gz: a3ec9fc339e4606798bbe19d2879f6e9900a6b72ff0feb0904b88be10e0854b17f73abceee9f5b7e5b9ee4c0f56d8973afde4cb32f42dea4abff56501e4187e3
7
- data.tar.gz: c97f878b5872460270eaf450f6cfec947dbaeaef884e63afcd7213bf427a82080effc2df75f24b1813f2e763dd3bbeb8546aebcbee5daf6d5c4492cc0b73bacf
6
+ metadata.gz: 5cd1b768467aaba97b45b31ff9dfc852872cd496da2c16ea265a2f60b134e729efe90cf3daab6b2f53bee8ad3e6541d41f2e529fd61e227999ab78126355b7d5
7
+ data.tar.gz: 60f6a2f4a3040ab22dfd24615a859a74f744bdfa03796cfd9a607c7abf6907aa3d80f5a808c6b65f182f72754131c8bf32e843985e1cf4f080161c63aff0db5b
@@ -6,9 +6,10 @@ module Lato
6
6
 
7
7
  before_action :find_user, only: %i[verify_email verify_email_action update_password update_password_action]
8
8
  before_action :find_invitation, only: %i[accept_invitation accept_invitation_action]
9
-
9
+
10
10
  before_action :lock_signup_if_disabled, only: %i[signup signup_action]
11
11
  before_action :lock_recover_password_if_disabled, only: %i[recover_password recover_password_action update_password update_password_action]
12
+ before_action :lock_web3_if_disabled, only: %i[web3_signin web3_signin_action]
12
13
 
13
14
  before_action :hide_sidebar
14
15
 
@@ -38,6 +39,34 @@ module Lato
38
39
  end
39
40
  end
40
41
 
42
+ def web3_signin
43
+ session[:web3_signin_id] = SecureRandom.hex
44
+
45
+ @user = Lato::User.new
46
+ @user.id = session[:web3_signin_id] # This is a temporary id to identify the user
47
+ @user.start_web3_signin
48
+ end
49
+
50
+ def web3_signin_action
51
+ @user = Lato::User.new
52
+ @user.id = session[:web3_signin_id] # This is a temporary id to identify the user
53
+
54
+ respond_to do |format|
55
+ if @user.web3_signin(params.require(:user).permit(:web3_address, :web3_signed_nonce).merge(
56
+ ip_address: request.remote_ip,
57
+ user_agent: request.user_agent
58
+ ))
59
+ session_create(@user.id)
60
+
61
+ format.html { redirect_to lato.root_path }
62
+ format.json { render json: @user }
63
+ else
64
+ format.html { render :web3_signin, status: :unprocessable_entity }
65
+ format.json { render json: @user.errors, status: :unprocessable_entity }
66
+ end
67
+ end
68
+ end
69
+
41
70
  # Signup
42
71
  ##
43
72
 
@@ -180,6 +209,13 @@ module Lato
180
209
  def lock_recover_password_if_disabled
181
210
  return unless Lato.config.auth_disable_recover_password
182
211
 
212
+ respond_to_with_not_found
213
+ end
214
+
215
+ def lock_web3_if_disabled
216
+ return if Lato.config.web3_connection && !Lato.config.auth_disable_web3
217
+
218
+
183
219
  respond_to_with_not_found
184
220
  end
185
221
  end
@@ -12,6 +12,7 @@ module Lato
12
12
  validates :email, presence: true, uniqueness: true
13
13
  validates :accepted_privacy_policy_version, presence: true
14
14
  validates :accepted_terms_and_conditions_version, presence: true
15
+ validates :web3_address, uniqueness: true, allow_blank: true
15
16
 
16
17
  # Relations
17
18
  ##
@@ -118,6 +119,42 @@ module Lato
118
119
  true
119
120
  end
120
121
 
122
+ def start_web3_signin
123
+ c_web3_nonce(SecureRandom.hex(32))
124
+ end
125
+
126
+ def web3_signin(params)
127
+ self.web3_address = params[:web3_address]
128
+
129
+ user = Lato::User.find_by(web3_address: params[:web3_address].downcase)
130
+ unless user
131
+ errors.add(:web3_address, :not_correct)
132
+ return
133
+ end
134
+
135
+ signature_pubkey = Eth::Signature.personal_recover(c_web3_nonce, params[:web3_signed_nonce])
136
+ signature_address = Eth::Util.public_key_to_address signature_pubkey
137
+ unless signature_address.to_s.downcase == params[:web3_address].downcase
138
+ errors.add(:web3_signed_nonce, :not_correct)
139
+ return
140
+ end
141
+
142
+ self.id = user.id
143
+ reload
144
+
145
+ begin
146
+ lato_log_user_signins.create(
147
+ ip_address: params[:ip_address],
148
+ user_agent: params[:user_agent]
149
+ )
150
+ rescue StandardError => e
151
+ Rails.logger.error(e)
152
+ end
153
+
154
+ c_web3_nonce__clear
155
+ true
156
+ end
157
+
121
158
  def request_verify_email
122
159
  if c_email_verification_semaphore
123
160
  errors.add(:base, :email_verification_limit)
@@ -11,14 +11,18 @@ user ||= Lato::User.new
11
11
 
12
12
  <% if user.web3_connection_completed? %>
13
13
  <div class="row">
14
- <div class="col col-12">
15
- <%= lato_form_item_label form, :web3_address, 'You are connected to the following address' %>
14
+ <div class="col col-12 mb-3">
15
+ <%= lato_form_item_label form, :web3_address %>
16
16
  <div class="input-group">
17
17
  <%= lato_form_item_input_text form, :web3_address, required: true, readonly: true %>
18
- <%= lato_form_submit form, 'Disconnect', class: %w[btn-danger] %>
18
+ <button class="btn btn-outline-success" style="pointer-events: none"><%= I18n.t('lato.connected_wallet') %></button>
19
19
  </div>
20
20
  </div>
21
21
  </div>
22
+
23
+ <div class="d-flex justify-content-end">
24
+ <%= lato_form_submit form, I18n.t('lato.disconnect_wallet'), class: %w[btn-danger] %>
25
+ </div>
22
26
  <% elsif user.web3_connection_started? %>
23
27
  <div class="alert alert-light mb-0">
24
28
  <h4 class="alert-heading">Connecting..</h4>
@@ -58,12 +62,12 @@ user ||= Lato::User.new
58
62
  </script>
59
63
  <% else %>
60
64
  <div class="alert alert-light mb-0">
61
- <h4 class="alert-heading">Connect your wallet</h4>
65
+ <h4 class="alert-heading"><%= I18n.t('lato.account_web3_start_title') %></h4>
62
66
  <p>
63
- Connect your web3 wallet by clicking the button below and signing the message.
67
+ <%= raw I18n.t('lato.account_web3_start_description') %>
64
68
  </p>
65
69
  <p class="mb-0">
66
- <%= lato_form_submit form, 'Connect wallet', class: %w[btn-primary] %>
70
+ <%= lato_form_submit form, I18n.t('lato.connect_wallet'), class: %w[btn-primary] %>
67
71
  </p>
68
72
  </div>
69
73
  <% end %>
@@ -12,25 +12,25 @@
12
12
  </div>
13
13
  </div>
14
14
 
15
- <% if Lato.config.web3_connection %>
16
15
  <div class="card mb-4">
17
16
  <div class="card-header">
18
- <h2 class="fs-4 mb-0"><%= I18n.t('lato.account_web3') %></h2>
17
+ <h2 class="fs-4 mb-0"><%= I18n.t('lato.update_password') %></h2>
19
18
  </div>
20
19
  <div class="card-body">
21
- <%= render 'lato/account/form-web3', user: @session.user %>
20
+ <%= render 'lato/account/form-password', user: @session.user %>
22
21
  </div>
23
22
  </div>
24
- <% end %>
25
23
 
24
+ <% if Lato.config.web3_connection %>
26
25
  <div class="card mb-4">
27
26
  <div class="card-header">
28
- <h2 class="fs-4 mb-0"><%= I18n.t('lato.update_password') %></h2>
27
+ <h2 class="fs-4 mb-0"><%= I18n.t('lato.account_web3') %></h2>
29
28
  </div>
30
29
  <div class="card-body">
31
- <%= render 'lato/account/form-password', user: @session.user %>
30
+ <%= render 'lato/account/form-web3', user: @session.user %>
32
31
  </div>
33
32
  </div>
33
+ <% end %>
34
34
 
35
35
  <div class="card mb-4">
36
36
  <div class="card-header">
@@ -22,6 +22,11 @@ user ||= Lato::User.new
22
22
  <div>
23
23
  <%= lato_form_submit form, I18n.t('lato.signin'), class: %w[d-block w-100] %>
24
24
  </div>
25
+ <% if Lato.config.web3_connection && !Lato.config.auth_disable_web3 %>
26
+ <div class="mt-2">
27
+ <%= link_to I18n.t('lato.web3_signin'), lato.authentication_web3_signin_path, class: 'btn btn-info w-100' %>
28
+ </div>
29
+ <% end %>
25
30
  <% unless Lato.config.auth_disable_signup %>
26
31
  <div class="text-center mt-3 mb-3">
27
32
  <%= I18n.t('lato.or').downcase %> <%= link_to I18n.t('lato.create_free_account').downcase, lato.authentication_signup_path %>
@@ -0,0 +1,49 @@
1
+ <%
2
+
3
+ user ||= Lato::User.new
4
+
5
+ %>
6
+
7
+ <%= turbo_frame_tag 'authentication_form-web3-signin' do %>
8
+ <%= form_with model: user, url: lato.authentication_web3_signin_action_path, data: { turbo_frame: '_self', controller: 'lato-form' } do |form| %>
9
+ <%= lato_form_notices class: %w[mb-3] %>
10
+ <%= lato_form_errors user, class: %w[mb-3] %>
11
+
12
+ <div class="alert alert-light mb-0 text-center">
13
+ <h4 class="alert-heading">Connecting..</h4>
14
+ <div class="progress" role="progressbar" aria-valuenow="100" aria-valuemin="0" aria-valuemax="100">
15
+ <div class="progress-bar progress-bar-striped progress-bar-animated" style="width: 100%"></div>
16
+ </div>
17
+ </div>
18
+
19
+ <span id="account_form-web3__nonce" style="display: none;"><%= user.c_web3_nonce %></span>
20
+ <%= form.hidden_field :web3_address, id: 'account_form-web3__input-web3_address' %>
21
+ <%= form.hidden_field :web3_signed_nonce, id: 'account_form-web3__input-web3_signed_nonce' %>
22
+ <%= lato_form_submit form, 'Confirm', class: %w[btn-primary d-none], id: 'account_form-web3__submit' %>
23
+
24
+ <script>
25
+ (async () => {
26
+ const ethers = await import('https://cdnjs.cloudflare.com/ajax/libs/ethers/5.7.2/ethers.esm.min.js')
27
+
28
+ const nonce = document.getElementById('account_form-web3__nonce').innerText
29
+ const inputAddress = document.getElementById('account_form-web3__input-web3_address')
30
+ const inputSignedNonce = document.getElementById('account_form-web3__input-web3_signed_nonce')
31
+ const submitButton = document.getElementById('account_form-web3__submit')
32
+
33
+ let address = ''
34
+ let signedNonce = ''
35
+
36
+ if (window.ethereum) {
37
+ const provider = new ethers.ethers.providers.Web3Provider(window.ethereum)
38
+ const signer = provider.getSigner()
39
+ address = await signer.getAddress()
40
+ signedNonce = await signer.signMessage(nonce)
41
+ }
42
+
43
+ inputAddress.value = address
44
+ inputSignedNonce.value = signedNonce
45
+ submitButton.click()
46
+ })()
47
+ </script>
48
+ <% end %>
49
+ <% end %>
@@ -0,0 +1,10 @@
1
+ <div class="w-100 h-100 d-flex justify-content-center align-items-center" style="min-height: calc(100vh - 54px - 2rem)">
2
+ <div class="card w-100" style="max-width: 400px">
3
+ <div class="card-header">
4
+ <h1 class="fs-3 mb-0 text-center"><%= I18n.t('lato.web3_signin') %></h1>
5
+ </div>
6
+ <div class="card-body">
7
+ <%= render 'lato/authentication/form-web3-signin', user: @user %>
8
+ </div>
9
+ </div>
10
+ </div>
@@ -41,6 +41,12 @@ en:
41
41
  terms_and_conditions_update_title: Terms and conditions update
42
42
  accept_invitation: Accept invitation
43
43
  account_web3: Web3 connection
44
+ account_web3_start_title: Connect your wallet
45
+ account_web3_start_description: Connect your web3 wallet by clicking the button below and signing the message.<br> This will allow you to use the platform without having to enter your password.
46
+ connect_wallet: Connect wallet
47
+ disconnect_wallet: Disconnect
48
+ connected_wallet: Connected
49
+ web3_signin: Web3 Login
44
50
 
45
51
  account_controller:
46
52
  update_user_action_notice: Account information properly updated
@@ -85,6 +91,8 @@ en:
85
91
  inclusion: not accepted
86
92
  accepted_terms_and_conditions_version:
87
93
  inclusion: not accepted
94
+ web3_address:
95
+ not_correct: not correct
88
96
  lato/invitation:
89
97
  attributes:
90
98
  base:
@@ -43,6 +43,12 @@ it:
43
43
  terms_and_conditions_update_title: Aggiornamento termini e condizioni
44
44
  accept_invitation: Accetta invito
45
45
  account_web3: Connessione Web3
46
+ account_web3_start_title: Connetti il tuo wallet
47
+ account_web3_start_description: Connetti il tuo wallet web3 cliccando il pulsante sottostante e firmando il messaggio.<br>Questo ti permetterà di utilizzare la piattaforma senza dover inserire la tua password.
48
+ connect_wallet: Connetti wallet
49
+ disconnect_wallet: Disconnetti
50
+ connected_wallet: Connesso
51
+ web3_signin: Accedi con Web3
46
52
 
47
53
  account_controller:
48
54
  update_user_action_notice: Informazioni account aggiornate correttamente
@@ -95,6 +101,8 @@ it:
95
101
  inclusion: non accettata
96
102
  accepted_terms_and_conditions_version:
97
103
  inclusion: non accettati
104
+ web3_address:
105
+ not_correct: non corretto
98
106
  lato/invitation:
99
107
  attributes:
100
108
  base:
data/config/routes.rb CHANGED
@@ -12,6 +12,8 @@ Lato::Engine.routes.draw do
12
12
  scope :authentication do
13
13
  get 'signin', to: 'authentication#signin', as: :authentication_signin
14
14
  post 'signin_action', to: 'authentication#signin_action', as: :authentication_signin_action
15
+ get 'web3_signin', to: 'authentication#web3_signin', as: :authentication_web3_signin
16
+ post 'web3_signin_action', to: 'authentication#web3_signin_action', as: :authentication_web3_signin_action
15
17
  get 'signup', to: 'authentication#signup', as: :authentication_signup
16
18
  post 'signup_action', to: 'authentication#signup_action', as: :authentication_signup_action
17
19
  get 'signout', to: 'authentication#signout', as: :authentication_signout
data/lib/lato/config.rb CHANGED
@@ -10,7 +10,7 @@ module Lato
10
10
  attr_accessor :session_lifetime, :session_root_path
11
11
 
12
12
  # Authentication configs
13
- attr_accessor :auth_disable_signup, :auth_disable_recover_password
13
+ attr_accessor :auth_disable_signup, :auth_disable_recover_password, :auth_disable_web3
14
14
 
15
15
  # Assets configs
16
16
  attr_accessor :assets_stylesheet_entry
@@ -33,6 +33,7 @@ module Lato
33
33
 
34
34
  @auth_disable_signup = false
35
35
  @auth_disable_recover_password = false
36
+ @auth_disable_web3 = false
36
37
 
37
38
  @assets_stylesheet_entry = 'application'
38
39
 
data/lib/lato/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Lato
2
- VERSION = "3.5.1"
2
+ VERSION = "3.5.2"
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: lato
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.5.1
4
+ version: 3.5.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Gregorio Galante
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-02-22 00:00:00.000000000 Z
11
+ date: 2024-02-23 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rails
@@ -174,6 +174,7 @@ files:
174
174
  - app/views/lato/authentication/_form-signup.html.erb
175
175
  - app/views/lato/authentication/_form-update-password.html.erb
176
176
  - app/views/lato/authentication/_form-verify-email.html.erb
177
+ - app/views/lato/authentication/_form-web3-signin.html.erb
177
178
  - app/views/lato/authentication/accept_invitation.html.erb
178
179
  - app/views/lato/authentication/recover_password.html.erb
179
180
  - app/views/lato/authentication/signin.html.erb
@@ -181,6 +182,7 @@ files:
181
182
  - app/views/lato/authentication/signup.html.erb
182
183
  - app/views/lato/authentication/update_password.html.erb
183
184
  - app/views/lato/authentication/verify_email.html.erb
185
+ - app/views/lato/authentication/web3_signin.html.erb
184
186
  - app/views/lato/components/_index.html.erb
185
187
  - app/views/lato/components/_navbar_nav_item.html.erb
186
188
  - app/views/lato/components/_navbar_nav_locales_item.html.erb