magic_links 1.0.1 → 1.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +13 -0
  3. data/lib/magic_links/middleware/magic_token_redirect.rb +5 -1
  4. data/lib/magic_links/strategies/magic_token_authentication.rb +1 -1
  5. data/lib/magic_links/version.rb +1 -1
  6. data/lib/magic_links.rb +2 -0
  7. metadata +5 -5
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: b6939cd65d873662c0c1101a1073e1d9dcfef386af25be14aa8d8232a5b293e7
4
- data.tar.gz: 437b07e49b311be7721c3e3882275893ce3fe1ce2587105665b0a9e827c8f655
3
+ metadata.gz: 48af8c70fa309dcb3b6e3159d0f571a49635a8bd85288956faa0e5e10e14a341
4
+ data.tar.gz: 03d55c9dbd0d9aca3f03eb67099024387dc9d9e17b497fcc5731c1c1a3c4d0a8
5
5
  SHA512:
6
- metadata.gz: 0146bba9e94182eb77b5bc001abfb0edcd232ea07fea288868fbdb63c4279676084147abe4da32b91257f91ff0b263b086095d068efdcf72399c934e37525bd5
7
- data.tar.gz: 8b5d6a7bfec01316fa1f232d4239838b95a737f2d062c22af3a7ecc5be1b294be90794ee78d3f81ba02cb0631a9afb8f0d57e2e26d38e99de75a8157db455cf8
6
+ metadata.gz: 9dc60a5fe9b2432087b78b24dd5ab09bb4fa436956a852e4a1ce354b48850f3bba453cac4fa1d711b9949a2ac383e80e0f9717c151723b2a96b72c356e49c814
7
+ data.tar.gz: 99dcdfd7d10686e84c23b7d76b3e31ba53b86d7f9c2708d08fa3f2ab7341310b4beaedbd76676c3c058467e07ba8f680b83b1309c71135f5b5d4a3874d7ed184
data/README.md CHANGED
@@ -94,5 +94,18 @@ end
94
94
  When using the `magic_url_for` helper you'll need to specify default_url_options for your development and testing
95
95
  environments.
96
96
 
97
+ ### Magic token cookie expiry
98
+ A magic token cookie is dropped on the client when a magic link is used. This cookie is used to authenticate subsequent
99
+ requests. By default, the magic token cookie expiry (not to be confused with the expiry of the magic link) is set to
100
+ 1 hour. You can override this setting by setting it in an initializer:
101
+
102
+ ```ruby
103
+ # in /config/initializers/magic_links.rb
104
+
105
+ MagicLinks.magic_token_cookie_expiry = 15.minutes
106
+ ```
107
+
108
+ By setting a short expiry it reduces security risks on shared devices.
109
+
97
110
  ## License
98
111
  The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
data/lib/magic_links/middleware/magic_token_redirect.rb CHANGED
@@ -22,7 +22,7 @@ module MagicLinks
22
22
  return unless redirect_request?
23
23
  return root unless magic_token.present?
24
24
 
25
- cookies.signed[magic_token_key] = magic_token.token if scope
25
+ cookies.encrypted[magic_token_key] = {value: magic_token.token, expires: cookie_expiry} if scope
26
26
  respond_with_redirect magic_token.target_path
27
27
  end
28
28
 
@@ -72,6 +72,10 @@ module MagicLinks
72
72
  def cookies
73
73
  request.cookie_jar
74
74
  end
75
+
76
+ def cookie_expiry
77
+ MagicLinks.magic_token_cookie_expiry
78
+ end
75
79
  end
76
80
  end
77
81
  end
data/lib/magic_links/strategies/magic_token_authentication.rb CHANGED
@@ -55,7 +55,7 @@ module MagicLinks
55
55
  end
56
56
 
57
57
  def magic_token_cookie
58
- @magic_token_cookie ||= cookies.signed[magic_token_key]
58
+ @magic_token_cookie ||= cookies.encrypted[magic_token_key]
59
59
  end
60
60
 
61
61
  def controller
data/lib/magic_links/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module MagicLinks
2
- VERSION = '1.0.1'
2
+ VERSION = '1.1.1'
3
3
 
4
4
  def self.version
5
5
  VERSION
data/lib/magic_links.rb CHANGED
@@ -6,6 +6,8 @@ require 'magic_links/strategies/magic_token_authentication'
6
6
  require 'magic_links/rails'
7
7
 
8
8
  module MagicLinks
9
+ mattr_accessor :magic_token_cookie_expiry, default: 1.hour
10
+
9
11
  def self.add_template(*args)
10
12
  MagicLinks::Templates.add(*args)
11
13
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: magic_links
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.1
4
+ version: 1.1.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - James wozniak
8
- autorequire:
8
+ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-06-24 00:00:00.000000000 Z
11
+ date: 2022-07-04 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rails
@@ -124,7 +124,7 @@ licenses:
124
124
  metadata:
125
125
  allowed_push_host: https://rubygems.org
126
126
  source_code_uri: https://github.com/ClickMechanic/magic_links
127
- post_install_message:
127
+ post_install_message:
128
128
  rdoc_options: []
129
129
  require_paths:
130
130
  - lib
@@ -140,7 +140,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
140
140
  version: '0'
141
141
  requirements: []
142
142
  rubygems_version: 3.1.6
143
- signing_key:
143
+ signing_key:
144
144
  specification_version: 4
145
145
  summary: Token based authentication
146
146
  test_files: []