RubyGems - magic_links - Versions diffs - 1.0.1 → 1.1.2 - Mend

magic_links 1.0.1 → 1.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

checksums.yaml +4 -4
data/README.md +13 -0
data/lib/magic_links/middleware/magic_token_redirect.rb +5 -1
data/lib/magic_links/rails.rb +5 -3
data/lib/magic_links/strategies/magic_token_authentication.rb +1 -1
data/lib/magic_links/template.rb +1 -1
data/lib/magic_links/version.rb +1 -1
data/lib/magic_links.rb +4 -2
metadata +6 -6

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b6939cd65d873662c0c1101a1073e1d9dcfef386af25be14aa8d8232a5b293e7
-  data.tar.gz: 437b07e49b311be7721c3e3882275893ce3fe1ce2587105665b0a9e827c8f655
+  metadata.gz: 0ca9f2d66c3052c05116055c9b61b1fc6a66417412cecd060c764b74eddef094
+  data.tar.gz: 8f9a7e53449e2b4dfe7c90d146a3519d7654ed58c4faf691f74a827ab6cac086
 SHA512:
-  metadata.gz: 0146bba9e94182eb77b5bc001abfb0edcd232ea07fea288868fbdb63c4279676084147abe4da32b91257f91ff0b263b086095d068efdcf72399c934e37525bd5
-  data.tar.gz: 8b5d6a7bfec01316fa1f232d4239838b95a737f2d062c22af3a7ecc5be1b294be90794ee78d3f81ba02cb0631a9afb8f0d57e2e26d38e99de75a8157db455cf8
+  metadata.gz: 0a4f797d5de2f987403f0b6e431e2add3c078f4d6653151f5a1dfe0bb80cfa19d5e08e0a14c98766ad86f9ff4e374c3ac4561a1279f1e5114cc6a6acd5a9d8cf
+  data.tar.gz: aed557a6f72f060d35c964d62f1463493cb8d8e5b663d71abc2e60ada0cda9007c86cf5c99365fd1dd9599d0c03df977296df0d4cf9d9c0033660c3c3116d9af

data/README.md CHANGED Viewed

@@ -94,5 +94,18 @@ end
 When using the `magic_url_for` helper you'll need to specify default_url_options for your development and testing
 environments.
+### Magic token cookie expiry
+A magic token cookie is dropped on the client when a magic link is used. This cookie is used to authenticate subsequent
+requests. By default, the magic token cookie expiry (not to be confused with the expiry of the magic link) is set to
+1 hour. You can override this setting by setting it in an initializer:
+```ruby
+# in /config/initializers/magic_links.rb
+MagicLinks.magic_token_cookie_expiry = 15.minutes
+```
+By setting a short expiry it reduces security risks on shared devices.
 ## License
 The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/lib/magic_links/middleware/magic_token_redirect.rb CHANGED Viewed

@@ -22,7 +22,7 @@ module MagicLinks
           return unless redirect_request?
           return root unless magic_token.present?
-          cookies.signed[magic_token_key] = magic_token.token if scope
+          cookies.encrypted[magic_token_key] = {value: magic_token.token, expires: cookie_expiry} if scope
           respond_with_redirect magic_token.target_path
         end
@@ -72,6 +72,10 @@ module MagicLinks
         def cookies
           request.cookie_jar
         end
+        def cookie_expiry
+          MagicLinks.magic_token_cookie_expiry
+        end
       end
     end
   end

data/lib/magic_links/rails.rb CHANGED Viewed

@@ -2,9 +2,11 @@ module MagicLinks
   class Engine < ::Rails::Engine
     initializer 'magic_links.url_helpers' do
-      ActiveSupport.on_load(:action_controller) do
-        include MagicLinks::UrlHelper
-      end
+      Rails.application.reloader.to_prepare do
+        ActiveSupport.on_load(:action_controller) do
+          include MagicLinks::UrlHelper
+        end
+      end
     end
     initializer 'magic_links.middleware_redirect', before: :build_middleware_stack do |app|

data/lib/magic_links/strategies/magic_token_authentication.rb CHANGED Viewed

@@ -55,7 +55,7 @@ module MagicLinks
       end
       def magic_token_cookie
-        @magic_token_cookie ||= cookies.signed[magic_token_key]
+        @magic_token_cookie ||= cookies.encrypted[magic_token_key]
       end
       def controller

data/lib/magic_links/template.rb CHANGED Viewed

@@ -42,7 +42,7 @@ module MagicLinks
     end
     def magic_token_for(user, path, expiry)
-      MagicToken.for(magic_token_params_for(user, path, expiry))
+      MagicToken.for(**magic_token_params_for(user, path, expiry))
     end
     def magic_token_params_for(user, path, expiry)

data/lib/magic_links/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 module MagicLinks
-  VERSION = '1.0.1'
+  VERSION = '1.1.2'
   def self.version
     VERSION

data/lib/magic_links.rb CHANGED Viewed

@@ -6,7 +6,9 @@ require 'magic_links/strategies/magic_token_authentication'
 require 'magic_links/rails'
 module MagicLinks
-  def self.add_template(*args)
-    MagicLinks::Templates.add(*args)
+  mattr_accessor :magic_token_cookie_expiry, default: 1.hour
+  def self.add_template(...)
+    MagicLinks::Templates.add(...)
   end
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: magic_links
 version: !ruby/object:Gem::Version
-  version: 1.0.1
+  version: 1.1.2
 platform: ruby
 authors:
 - James wozniak
-autorequire:
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-06-24 00:00:00.000000000 Z
+date: 2022-11-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -124,7 +124,7 @@ licenses:
 metadata:
   allowed_push_host: https://rubygems.org
   source_code_uri: https://github.com/ClickMechanic/magic_links
-post_install_message:
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -139,8 +139,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.6
-signing_key:
+rubygems_version: 3.3.26
+signing_key:
 specification_version: 4
 summary: Token based authentication
 test_files: []