masks 0.3.2 → 0.4.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/app/assets/builds/masks/application.css +1 -1
- data/app/assets/builds/masks/application.js +90 -3
- data/app/assets/builds/masks/application.js.map +4 -4
- data/app/assets/javascripts/controllers/application.js +1 -1
- data/app/assets/javascripts/controllers/index.js +9 -0
- data/app/assets/javascripts/controllers/table_controller.js +15 -0
- data/app/assets/stylesheets/application.css +12 -4
- data/app/controllers/concerns/masks/controller.rb +1 -1
- data/app/controllers/masks/manage/actors_controller.rb +72 -1
- data/app/controllers/masks/manage/base_controller.rb +10 -2
- data/app/controllers/masks/manage/clients_controller.rb +84 -0
- data/app/controllers/masks/manage/dashboard_controller.rb +15 -0
- data/app/controllers/masks/manage/devices_controller.rb +19 -0
- data/app/controllers/masks/openid/authorizations_controller.rb +45 -0
- data/app/controllers/masks/openid/discoveries_controller.rb +55 -0
- data/app/controllers/masks/openid/tokens_controller.rb +45 -0
- data/app/controllers/masks/openid/userinfo_controller.rb +28 -0
- data/app/controllers/masks/sessions_controller.rb +1 -1
- data/app/models/concerns/masks/access.rb +2 -2
- data/app/models/masks/access/actor_password.rb +2 -1
- data/app/models/masks/access/actor_signup.rb +1 -2
- data/app/models/masks/credentials/access_token.rb +60 -0
- data/app/models/masks/credentials/key.rb +1 -1
- data/app/models/masks/credentials/return_to.rb +27 -0
- data/app/models/masks/mask.rb +12 -1
- data/app/models/masks/openid/authorization.rb +116 -0
- data/app/models/masks/openid/token.rb +56 -0
- data/app/models/masks/rails/actor.rb +23 -1
- data/app/models/masks/rails/openid/access_token.rb +55 -0
- data/app/models/masks/rails/openid/authorization.rb +45 -0
- data/app/models/masks/rails/openid/client.rb +186 -0
- data/app/models/masks/rails/openid/id_token.rb +43 -0
- data/app/models/masks/sessions/access.rb +2 -1
- data/app/resources/masks/session_resource.rb +1 -1
- data/app/views/layouts/masks/manage.html.erb +22 -5
- data/app/views/masks/actor_mailer/recover_credentials.html.erb +2 -3
- data/app/views/masks/actor_mailer/verify_email.html.erb +2 -3
- data/app/views/masks/actors/current.html.erb +7 -14
- data/app/views/masks/application/_header.html.erb +3 -4
- data/app/views/masks/backup_codes/new.html.erb +34 -20
- data/app/views/masks/emails/new.html.erb +14 -8
- data/app/views/masks/keys/new.html.erb +7 -7
- data/app/views/masks/manage/actors/index.html.erb +101 -37
- data/app/views/masks/manage/{actor → actors}/show.html.erb +63 -17
- data/app/views/masks/manage/clients/index.html.erb +102 -0
- data/app/views/masks/manage/clients/show.html.erb +156 -0
- data/app/views/masks/manage/dashboard/index.html.erb +10 -0
- data/app/views/masks/manage/devices/index.html.erb +47 -0
- data/app/views/masks/one_time_code/new.html.erb +41 -24
- data/app/views/masks/openid/authorizations/error.html.erb +23 -0
- data/app/views/masks/openid/authorizations/new.html.erb +46 -0
- data/app/views/masks/passwords/edit.html.erb +20 -7
- data/app/views/masks/recoveries/new.html.erb +2 -4
- data/app/views/masks/recoveries/password.html.erb +2 -3
- data/app/views/masks/sessions/new.html.erb +22 -23
- data/config/initializers/inflections.rb +5 -0
- data/config/locales/en.yml +23 -2
- data/config/routes.rb +40 -3
- data/db/migrate/20240329182422_support_openid.rb +64 -0
- data/lib/generators/masks/install/templates/masks.json +4 -1
- data/lib/masks/configuration.rb +22 -9
- data/lib/masks/version.rb +1 -1
- data/lib/masks.rb +1 -0
- data/lib/tasks/masks_tasks.rake +2 -2
- data/masks.json +44 -6
- metadata +59 -11
- data/app/assets/builds/application.css +0 -4764
- data/app/assets/builds/application.js +0 -8236
- data/app/assets/builds/application.js.map +0 -7
- data/app/controllers/masks/manage/actor_controller.rb +0 -35
|
@@ -41,8 +41,7 @@
|
|
|
41
41
|
type="radio"
|
|
42
42
|
role="tab"
|
|
43
43
|
class="tab whitespace-nowrap"
|
|
44
|
-
aria-label="<%= t('.tab.one_time_code') %>"
|
|
45
|
-
/>
|
|
44
|
+
aria-label="<%= t('.tab.one_time_code') %>">
|
|
46
45
|
<div role="tabpanel" class="tab-content p-4 bg-base-100 rounded-b">
|
|
47
46
|
<p class="flex items-center gap-4 text-sm mb-4">
|
|
48
47
|
<%= lucide_icon("qr-code") %>
|
|
@@ -55,8 +54,7 @@
|
|
|
55
54
|
data-session-target="oneTimeCode"
|
|
56
55
|
placeholder="<%= t('.placeholder.one_time_code') %>"
|
|
57
56
|
name="session[one_time_code]"
|
|
58
|
-
class="input input-bordered w-full"
|
|
59
|
-
/>
|
|
57
|
+
class="input input-bordered w-full">
|
|
60
58
|
</label>
|
|
61
59
|
</div>
|
|
62
60
|
<% end %>
|
|
@@ -67,8 +65,7 @@
|
|
|
67
65
|
name="factor2"
|
|
68
66
|
role="tab"
|
|
69
67
|
class="tab whitespace-nowrap"
|
|
70
|
-
aria-label="<%= t('.tab.backup_code') %>"
|
|
71
|
-
/>
|
|
68
|
+
aria-label="<%= t('.tab.backup_code') %>">
|
|
72
69
|
<div role="tabpanel" class="tab-content p-4 bg-base-100 rounded-b">
|
|
73
70
|
<p class="flex items-center gap-4 text-sm mb-4">
|
|
74
71
|
<%= lucide_icon("rotate-cw") %>
|
|
@@ -81,8 +78,7 @@
|
|
|
81
78
|
data-session-target="backupCode"
|
|
82
79
|
placeholder="<%= t('.placeholder.backup_code') %>"
|
|
83
80
|
name="session[backup_code]"
|
|
84
|
-
class="input input-bordered w-full"
|
|
85
|
-
/>
|
|
81
|
+
class="input input-bordered w-full">
|
|
86
82
|
</label>
|
|
87
83
|
</div>
|
|
88
84
|
<% end %>
|
|
@@ -97,31 +93,34 @@
|
|
|
97
93
|
data-session-target="nickname"
|
|
98
94
|
placeholder="<%= t('.placeholder.nickname') %>"
|
|
99
95
|
name="session[nickname]"
|
|
100
|
-
class="input input-bordered w-full"
|
|
101
|
-
/>
|
|
96
|
+
class="input input-bordered w-full">
|
|
102
97
|
</label>
|
|
103
|
-
<label class="form-control w-full">
|
|
98
|
+
<label class="form-control input input-bordered w-full flex flex-row items-center gap-2" data-controller="password-visibility">
|
|
104
99
|
<input
|
|
105
100
|
type="password"
|
|
106
101
|
data-action="session#updatePassword"
|
|
107
102
|
data-session-target="password"
|
|
103
|
+
data-password-visibility-target="input"
|
|
104
|
+
spellcheck="false"
|
|
108
105
|
placeholder="<%= t('.placeholder.password') %>"
|
|
109
106
|
name="session[password]"
|
|
110
|
-
class="
|
|
111
|
-
|
|
112
|
-
|
|
113
|
-
<
|
|
114
|
-
|
|
115
|
-
|
|
116
|
-
href="<%= @config.site_links[:recover] %>"
|
|
117
|
-
><%= t(".recover_credentials") %></a></span>
|
|
118
|
-
</div>
|
|
119
|
-
<% end %>
|
|
107
|
+
class="flex-grow">
|
|
108
|
+
|
|
109
|
+
<button data-action="password-visibility#toggle" type="button" class="btn btn-sm btn-ghost -mr-2">
|
|
110
|
+
<span data-password-visibility-target="icon"><%= lucide_icon('eye') %></span>
|
|
111
|
+
<span data-password-visibility-target="icon" class="hidden"><%= lucide_icon('eye-off') %></span>
|
|
112
|
+
</button>
|
|
120
113
|
</label>
|
|
114
|
+
<% if @config.site_links[:recover] %>
|
|
115
|
+
<div class="label">
|
|
116
|
+
<span class="label-text-alt opacity-60 hover:opacity-100"><a
|
|
117
|
+
class="hover:underline"
|
|
118
|
+
href="<%= @config.site_links[:recover] %>"><%= t(".recover_credentials") %></a></span>
|
|
119
|
+
</div>
|
|
120
|
+
<% end %>
|
|
121
121
|
</div>
|
|
122
122
|
<% end %>
|
|
123
123
|
|
|
124
|
-
|
|
125
124
|
<% unless logged_in? %>
|
|
126
125
|
<div class="flex items-center gap-4">
|
|
127
126
|
<%= form.submit t(".submit"),
|
|
@@ -131,7 +130,7 @@
|
|
|
131
130
|
} %>
|
|
132
131
|
<div class="form-control" data-session-target="remember">
|
|
133
132
|
<label class="label cursor-pointer">
|
|
134
|
-
<input type="checkbox" name="session[remember_me]" class="toggle toggle-sm"
|
|
133
|
+
<input type="checkbox" name="session[remember_me]" class="toggle toggle-sm">
|
|
135
134
|
<span class="label-text pl-2"><%= t(".remember_me") %></span>
|
|
136
135
|
</label>
|
|
137
136
|
</div>
|
data/config/locales/en.yml
CHANGED
|
@@ -28,6 +28,15 @@
|
|
|
28
28
|
# enabled: "ON"
|
|
29
29
|
|
|
30
30
|
en:
|
|
31
|
+
scope:
|
|
32
|
+
openid_name: account
|
|
33
|
+
openid_desc: your account identifier
|
|
34
|
+
profile_name: profile
|
|
35
|
+
profile_desc: your name, email, and other personal details
|
|
36
|
+
phone_name: phone
|
|
37
|
+
phone_desc: your phone number
|
|
38
|
+
address_name: address
|
|
39
|
+
address_desc: your physical address
|
|
31
40
|
layouts:
|
|
32
41
|
masks:
|
|
33
42
|
application:
|
|
@@ -109,7 +118,7 @@ en:
|
|
|
109
118
|
secret: secret
|
|
110
119
|
submit: enable
|
|
111
120
|
delete: disable
|
|
112
|
-
delete_div: disable one-time
|
|
121
|
+
delete_div: disable one-time codes
|
|
113
122
|
backup_codes: save backup codes...
|
|
114
123
|
reset_codes: view backup codes...
|
|
115
124
|
backup_codes:
|
|
@@ -242,7 +251,7 @@ en:
|
|
|
242
251
|
enter_factor2: enter a secondary credential to continue...
|
|
243
252
|
enter_credentials: "enter your credentials to continue..."
|
|
244
253
|
enter_password: "enter your password to continue..."
|
|
245
|
-
continue: "press continue to
|
|
254
|
+
continue: "press continue to authorize..."
|
|
246
255
|
one_time_code: enter a 6-digit one-time code from your authenticator app...
|
|
247
256
|
backup_code: enter one of your saved 10-digit backup codes...
|
|
248
257
|
logged_in: welcome!
|
|
@@ -254,6 +263,18 @@ en:
|
|
|
254
263
|
password: password...
|
|
255
264
|
one_time_code: one-time code...
|
|
256
265
|
backup_code: backup code...
|
|
266
|
+
openid:
|
|
267
|
+
authorizations:
|
|
268
|
+
new:
|
|
269
|
+
authorize_client: "authorize %{name}?"
|
|
270
|
+
authorize_account: "%{name} wants access to your account."
|
|
271
|
+
authorize_scoped: "%{name} wants access to your account and the following data:"
|
|
272
|
+
approve: approve
|
|
273
|
+
deny: deny
|
|
274
|
+
error:
|
|
275
|
+
title: authorization failed
|
|
276
|
+
description: an unrecoverable error occurred during authorization...
|
|
277
|
+
home: go home
|
|
257
278
|
activerecord:
|
|
258
279
|
attributes:
|
|
259
280
|
masks/rails/actor:
|
data/config/routes.rb
CHANGED
|
@@ -39,8 +39,45 @@ Masks::Engine.routes.draw do
|
|
|
39
39
|
get "backup-codes", to: "backup_codes#new", as: :backup_codes
|
|
40
40
|
post "backup-codes", to: "backup_codes#create"
|
|
41
41
|
|
|
42
|
+
# OAuth/OpenID support
|
|
43
|
+
get "client/:id/.well-known/openid-configuration",
|
|
44
|
+
to: "openid/discoveries#new",
|
|
45
|
+
as: :openid_discovery
|
|
46
|
+
get "client/:id/jwks.json", to: "openid/discoveries#jwks", as: :openid_jwks
|
|
47
|
+
get "client/:id",
|
|
48
|
+
to:
|
|
49
|
+
redirect { |params, _|
|
|
50
|
+
"client/#{params[:id]}/.well-known/openid-configuration"
|
|
51
|
+
},
|
|
52
|
+
as: :openid_issuer
|
|
53
|
+
get "authorize", to: "openid/authorizations#new", as: :openid_authorization
|
|
54
|
+
post "authorize", to: "openid/authorizations#create"
|
|
55
|
+
post "token",
|
|
56
|
+
to: proc { |env| Masks::OpenID::Token.new.call(env) },
|
|
57
|
+
as: :openid_token
|
|
58
|
+
match "userinfo",
|
|
59
|
+
to: "openid/userinfo#show",
|
|
60
|
+
via: %i[get post],
|
|
61
|
+
as: :openid_userinfo
|
|
62
|
+
|
|
42
63
|
# managers-only section
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
64
|
+
namespace :manage do
|
|
65
|
+
get "/", to: "dashboard#index"
|
|
66
|
+
|
|
67
|
+
# manage clients
|
|
68
|
+
get "clients", to: "clients#index", as: :clients
|
|
69
|
+
post "clients", to: "clients#create"
|
|
70
|
+
get "clients/:id", to: "clients#show", as: :client
|
|
71
|
+
patch "clients/:id", to: "clients#update"
|
|
72
|
+
delete "clients/:id", to: "clients#destroy"
|
|
73
|
+
|
|
74
|
+
# manage actors
|
|
75
|
+
get "actors", to: "actors#index", as: :actors
|
|
76
|
+
get "actors/:actor", to: "actors#show", as: :actor
|
|
77
|
+
post "actors", to: "actors#create"
|
|
78
|
+
patch "actors/:actor", to: "actors#update"
|
|
79
|
+
|
|
80
|
+
# manage devices
|
|
81
|
+
get "devices", to: "devices#index", as: :devices
|
|
82
|
+
end
|
|
46
83
|
end
|
|
@@ -0,0 +1,64 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
class SupportOpenID < ActiveRecord::Migration[7.1]
|
|
3
|
+
def change
|
|
4
|
+
create_table :openid_clients do |t|
|
|
5
|
+
t.string :name
|
|
6
|
+
t.string :key
|
|
7
|
+
t.string :secret
|
|
8
|
+
t.string :client_type
|
|
9
|
+
t.text :redirect_uris
|
|
10
|
+
t.text :scopes
|
|
11
|
+
t.boolean :consent
|
|
12
|
+
t.string :subject_type
|
|
13
|
+
t.string :sector_identifier
|
|
14
|
+
t.string :code_expires_in
|
|
15
|
+
t.string :token_expires_in
|
|
16
|
+
t.string :refresh_expires_in
|
|
17
|
+
t.text :rsa_private_key
|
|
18
|
+
|
|
19
|
+
t.timestamps
|
|
20
|
+
|
|
21
|
+
t.index :key, unique: true
|
|
22
|
+
end
|
|
23
|
+
|
|
24
|
+
create_table :openid_authorizations do |t|
|
|
25
|
+
t.string :code
|
|
26
|
+
t.string :nonce
|
|
27
|
+
t.string :redirect_uri
|
|
28
|
+
t.text :scopes
|
|
29
|
+
|
|
30
|
+
t.references :actor
|
|
31
|
+
t.references :openid_client
|
|
32
|
+
t.datetime :expires_at
|
|
33
|
+
t.timestamps
|
|
34
|
+
|
|
35
|
+
t.index :code, unique: true
|
|
36
|
+
end
|
|
37
|
+
|
|
38
|
+
create_table :openid_access_tokens do |t|
|
|
39
|
+
t.string :token
|
|
40
|
+
t.string :refresh_token
|
|
41
|
+
t.string :refreshed_token
|
|
42
|
+
t.text :scopes
|
|
43
|
+
|
|
44
|
+
t.references :actor, null: true
|
|
45
|
+
t.references :openid_client
|
|
46
|
+
t.datetime :expires_at
|
|
47
|
+
t.datetime :revoked_at
|
|
48
|
+
t.timestamps
|
|
49
|
+
|
|
50
|
+
t.index :token, unique: true
|
|
51
|
+
t.index :refresh_token, unique: true
|
|
52
|
+
t.index :refreshed_token, unique: true
|
|
53
|
+
end
|
|
54
|
+
|
|
55
|
+
create_table :openid_id_tokens do |t|
|
|
56
|
+
t.string :nonce
|
|
57
|
+
t.datetime :expires_at
|
|
58
|
+
|
|
59
|
+
t.references :actor
|
|
60
|
+
t.references :openid_client
|
|
61
|
+
t.timestamps
|
|
62
|
+
end
|
|
63
|
+
end
|
|
64
|
+
end
|
data/lib/masks/configuration.rb
CHANGED
|
@@ -20,6 +20,7 @@ module Masks
|
|
|
20
20
|
attribute :site_links
|
|
21
21
|
attribute :site_logo
|
|
22
22
|
attribute :lifetimes
|
|
23
|
+
attribute :openid
|
|
23
24
|
attribute :masks
|
|
24
25
|
attribute :models
|
|
25
26
|
attribute :version
|
|
@@ -67,6 +68,23 @@ module Masks
|
|
|
67
68
|
super || data.fetch(:url, nil)
|
|
68
69
|
end
|
|
69
70
|
|
|
71
|
+
# Returns a string to use as the "issuer" for various secrets—TOTP, JWT, etc.
|
|
72
|
+
# @return [String]
|
|
73
|
+
def openid
|
|
74
|
+
{
|
|
75
|
+
scopes: %w[openid profile email address phone],
|
|
76
|
+
subject_types: %w[nickname email pairwise],
|
|
77
|
+
response_types: %w[code token id_token],
|
|
78
|
+
grant_types: %w[
|
|
79
|
+
client_credentials
|
|
80
|
+
authorization_code
|
|
81
|
+
implicit
|
|
82
|
+
refresh_token
|
|
83
|
+
],
|
|
84
|
+
pairwise_salt: "masks"
|
|
85
|
+
}.merge(super || data.fetch(:openid, {}))
|
|
86
|
+
end
|
|
87
|
+
|
|
70
88
|
# A hash of links—urls to various places on the frontend.
|
|
71
89
|
#
|
|
72
90
|
# These default to generated rails routes, but can be overridden
|
|
@@ -103,14 +121,6 @@ module Masks
|
|
|
103
121
|
|
|
104
122
|
# A hash of default models the app relies on.
|
|
105
123
|
#
|
|
106
|
-
# The following keys are available:
|
|
107
|
-
#
|
|
108
|
-
# actor: +Masks::Rails::Actor+
|
|
109
|
-
# role: +Masks::Rails::Role+
|
|
110
|
-
# scope: +Masks::Rails::Scope+
|
|
111
|
-
# email: +Masks::Rails::Email+
|
|
112
|
-
# recovery: +Masks::Rails::Recovery+
|
|
113
|
-
#
|
|
114
124
|
# This makes it easy to provide a substitute for key models
|
|
115
125
|
# while still relying on the base active record implementation.
|
|
116
126
|
#
|
|
@@ -124,6 +134,10 @@ module Masks
|
|
|
124
134
|
recovery: "Masks::Rails::Recovery",
|
|
125
135
|
device: "Masks::Rails::Device",
|
|
126
136
|
key: "Masks::Rails::Key",
|
|
137
|
+
openid_client: "Masks::Rails::OpenID::Client",
|
|
138
|
+
openid_access_token: "Masks::Rails::OpenID::AccessToken",
|
|
139
|
+
openid_id_token: "Masks::Rails::OpenID::IdToken",
|
|
140
|
+
openid_authorization: "Masks::Rails::OpenID::Authorization",
|
|
127
141
|
session_json: "Masks::SessionResource",
|
|
128
142
|
request: "Masks::Sessions::Request",
|
|
129
143
|
inline: "Masks::Sessions::Inline",
|
|
@@ -145,7 +159,6 @@ module Masks
|
|
|
145
159
|
def mask(type)
|
|
146
160
|
config = data.dig(:types, type.to_sym)
|
|
147
161
|
raise Masks::Error::InvalidConfiguration, type unless config
|
|
148
|
-
|
|
149
162
|
config
|
|
150
163
|
end
|
|
151
164
|
|
data/lib/masks/version.rb
CHANGED
data/lib/masks.rb
CHANGED
data/lib/tasks/masks_tasks.rake
CHANGED
|
@@ -37,7 +37,7 @@ namespace :masks do
|
|
|
37
37
|
exit 1
|
|
38
38
|
end
|
|
39
39
|
|
|
40
|
-
scopes = args[:scopes].split(
|
|
40
|
+
scopes = args[:scopes].split(";")
|
|
41
41
|
access = cli_access("actor.scopes", as: args[:actor])
|
|
42
42
|
access&.assign_scopes(scopes)
|
|
43
43
|
|
|
@@ -47,7 +47,7 @@ namespace :masks do
|
|
|
47
47
|
puts "failed to assign scopes to '#{access.actor.nickname}'"
|
|
48
48
|
puts "error: #{access.actor.errors.full_messages.join(", ")}"
|
|
49
49
|
else
|
|
50
|
-
puts "assigned scopes '#{scopes.join(
|
|
50
|
+
puts "assigned scopes '#{scopes.join(", ")}' to '#{access.actor.nickname}'"
|
|
51
51
|
end
|
|
52
52
|
end
|
|
53
53
|
|
data/masks.json
CHANGED
|
@@ -27,10 +27,31 @@
|
|
|
27
27
|
"anon": true,
|
|
28
28
|
"fail": false
|
|
29
29
|
},
|
|
30
|
+
{
|
|
31
|
+
"type": "access_token",
|
|
32
|
+
"request": {
|
|
33
|
+
"method": ["get", "post"],
|
|
34
|
+
"path": "/userinfo"
|
|
35
|
+
}
|
|
36
|
+
},
|
|
37
|
+
{
|
|
38
|
+
"skip": true,
|
|
39
|
+
"request": {
|
|
40
|
+
"method": "post",
|
|
41
|
+
"path": "/token"
|
|
42
|
+
}
|
|
43
|
+
},
|
|
44
|
+
{
|
|
45
|
+
"skip": true,
|
|
46
|
+
"request": {
|
|
47
|
+
"method": "get",
|
|
48
|
+
"path": "/client/*"
|
|
49
|
+
}
|
|
50
|
+
},
|
|
30
51
|
{
|
|
31
52
|
"type": "api",
|
|
32
53
|
"request": {
|
|
33
|
-
"path":
|
|
54
|
+
"path": "*",
|
|
34
55
|
"header": "Authorization"
|
|
35
56
|
}
|
|
36
57
|
},
|
|
@@ -48,7 +69,8 @@
|
|
|
48
69
|
"method": ["get", "delete"],
|
|
49
70
|
"path": "/session"
|
|
50
71
|
},
|
|
51
|
-
"fail": false
|
|
72
|
+
"fail": false,
|
|
73
|
+
"return_to": false
|
|
52
74
|
},
|
|
53
75
|
{
|
|
54
76
|
"type": "recovery",
|
|
@@ -146,10 +168,19 @@
|
|
|
146
168
|
{
|
|
147
169
|
"type": "manage",
|
|
148
170
|
"request": {
|
|
149
|
-
"path": ["/
|
|
171
|
+
"path": ["/manage", "/manage/*"]
|
|
150
172
|
},
|
|
173
|
+
"access": ["actor.password", "actor.signup"],
|
|
151
174
|
"fail": "/session"
|
|
152
175
|
},
|
|
176
|
+
{
|
|
177
|
+
"type": "session",
|
|
178
|
+
"request": {
|
|
179
|
+
"method": "get",
|
|
180
|
+
"path": "/authorize"
|
|
181
|
+
},
|
|
182
|
+
"fail": false
|
|
183
|
+
},
|
|
153
184
|
{
|
|
154
185
|
"type": "session",
|
|
155
186
|
"request": {
|
|
@@ -235,7 +266,7 @@
|
|
|
235
266
|
},
|
|
236
267
|
"device": {}
|
|
237
268
|
},
|
|
238
|
-
"credentials": ["Session", "Device"]
|
|
269
|
+
"credentials": ["Session", "Device", "ReturnTo"]
|
|
239
270
|
},
|
|
240
271
|
"manage": {
|
|
241
272
|
"checks": {
|
|
@@ -251,8 +282,8 @@
|
|
|
251
282
|
},
|
|
252
283
|
"device": {}
|
|
253
284
|
},
|
|
254
|
-
"credentials": ["Session", "Device"],
|
|
255
|
-
"scopes": "masks:
|
|
285
|
+
"credentials": ["Session", "Device", "ReturnTo"],
|
|
286
|
+
"scopes": ["masks:manage"]
|
|
256
287
|
},
|
|
257
288
|
"recovery": {
|
|
258
289
|
"checks": {
|
|
@@ -260,6 +291,13 @@
|
|
|
260
291
|
},
|
|
261
292
|
"credentials": ["Session", "Recovery", "Device"]
|
|
262
293
|
},
|
|
294
|
+
"access_token": {
|
|
295
|
+
"checks": {
|
|
296
|
+
"access_token": {},
|
|
297
|
+
"device": {}
|
|
298
|
+
},
|
|
299
|
+
"credentials": ["AccessToken", "Device"]
|
|
300
|
+
},
|
|
263
301
|
"api": {
|
|
264
302
|
"checks": {
|
|
265
303
|
"key": {},
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: masks
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.4.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- geiger-to
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-
|
|
11
|
+
date: 2024-04-11 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: alba
|
|
@@ -38,6 +38,20 @@ dependencies:
|
|
|
38
38
|
- - "~>"
|
|
39
39
|
- !ruby/object:Gem::Version
|
|
40
40
|
version: '3.1'
|
|
41
|
+
- !ruby/object:Gem::Dependency
|
|
42
|
+
name: chronic_duration
|
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
|
44
|
+
requirements:
|
|
45
|
+
- - "~>"
|
|
46
|
+
- !ruby/object:Gem::Version
|
|
47
|
+
version: '0.10'
|
|
48
|
+
type: :runtime
|
|
49
|
+
prerelease: false
|
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
51
|
+
requirements:
|
|
52
|
+
- - "~>"
|
|
53
|
+
- !ruby/object:Gem::Version
|
|
54
|
+
version: '0.10'
|
|
41
55
|
- !ruby/object:Gem::Dependency
|
|
42
56
|
name: cssbundling-rails
|
|
43
57
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -94,6 +108,20 @@ dependencies:
|
|
|
94
108
|
- - "~>"
|
|
95
109
|
- !ruby/object:Gem::Version
|
|
96
110
|
version: '1.2'
|
|
111
|
+
- !ruby/object:Gem::Dependency
|
|
112
|
+
name: openid_connect
|
|
113
|
+
requirement: !ruby/object:Gem::Requirement
|
|
114
|
+
requirements:
|
|
115
|
+
- - "~>"
|
|
116
|
+
- !ruby/object:Gem::Version
|
|
117
|
+
version: '2.3'
|
|
118
|
+
type: :runtime
|
|
119
|
+
prerelease: false
|
|
120
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
121
|
+
requirements:
|
|
122
|
+
- - "~>"
|
|
123
|
+
- !ruby/object:Gem::Version
|
|
124
|
+
version: '2.3'
|
|
97
125
|
- !ruby/object:Gem::Dependency
|
|
98
126
|
name: pagy
|
|
99
127
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -244,16 +272,16 @@ dependencies:
|
|
|
244
272
|
name: valid_email
|
|
245
273
|
requirement: !ruby/object:Gem::Requirement
|
|
246
274
|
requirements:
|
|
247
|
-
- - "
|
|
275
|
+
- - "~>"
|
|
248
276
|
- !ruby/object:Gem::Version
|
|
249
|
-
version: '0'
|
|
277
|
+
version: '0.2'
|
|
250
278
|
type: :runtime
|
|
251
279
|
prerelease: false
|
|
252
280
|
version_requirements: !ruby/object:Gem::Requirement
|
|
253
281
|
requirements:
|
|
254
|
-
- - "
|
|
282
|
+
- - "~>"
|
|
255
283
|
- !ruby/object:Gem::Version
|
|
256
|
-
version: '0'
|
|
284
|
+
version: '0.2'
|
|
257
285
|
description: masks is a ruby library and rails engine that adds simple, extensible
|
|
258
286
|
auth to most applications. DO NOT USE
|
|
259
287
|
email:
|
|
@@ -265,9 +293,6 @@ files:
|
|
|
265
293
|
- MIT-LICENSE
|
|
266
294
|
- README.md
|
|
267
295
|
- Rakefile
|
|
268
|
-
- app/assets/builds/application.css
|
|
269
|
-
- app/assets/builds/application.js
|
|
270
|
-
- app/assets/builds/application.js.map
|
|
271
296
|
- app/assets/builds/masks/application.css
|
|
272
297
|
- app/assets/builds/masks/application.js
|
|
273
298
|
- app/assets/builds/masks/application.js.map
|
|
@@ -280,6 +305,7 @@ files:
|
|
|
280
305
|
- app/assets/javascripts/controllers/recover_controller.js
|
|
281
306
|
- app/assets/javascripts/controllers/recover_password_controller.js
|
|
282
307
|
- app/assets/javascripts/controllers/session_controller.js
|
|
308
|
+
- app/assets/javascripts/controllers/table_controller.js
|
|
283
309
|
- app/assets/manifest.js
|
|
284
310
|
- app/assets/masks_manifest.js
|
|
285
311
|
- app/assets/stylesheets/application.css
|
|
@@ -292,10 +318,16 @@ files:
|
|
|
292
318
|
- app/controllers/masks/emails_controller.rb
|
|
293
319
|
- app/controllers/masks/error_controller.rb
|
|
294
320
|
- app/controllers/masks/keys_controller.rb
|
|
295
|
-
- app/controllers/masks/manage/actor_controller.rb
|
|
296
321
|
- app/controllers/masks/manage/actors_controller.rb
|
|
297
322
|
- app/controllers/masks/manage/base_controller.rb
|
|
323
|
+
- app/controllers/masks/manage/clients_controller.rb
|
|
324
|
+
- app/controllers/masks/manage/dashboard_controller.rb
|
|
325
|
+
- app/controllers/masks/manage/devices_controller.rb
|
|
298
326
|
- app/controllers/masks/one_time_code_controller.rb
|
|
327
|
+
- app/controllers/masks/openid/authorizations_controller.rb
|
|
328
|
+
- app/controllers/masks/openid/discoveries_controller.rb
|
|
329
|
+
- app/controllers/masks/openid/tokens_controller.rb
|
|
330
|
+
- app/controllers/masks/openid/userinfo_controller.rb
|
|
299
331
|
- app/controllers/masks/passwords_controller.rb
|
|
300
332
|
- app/controllers/masks/recoveries_controller.rb
|
|
301
333
|
- app/controllers/masks/sessions_controller.rb
|
|
@@ -320,6 +352,7 @@ files:
|
|
|
320
352
|
- app/models/masks/application_record.rb
|
|
321
353
|
- app/models/masks/check.rb
|
|
322
354
|
- app/models/masks/credential.rb
|
|
355
|
+
- app/models/masks/credentials/access_token.rb
|
|
323
356
|
- app/models/masks/credentials/backup_code.rb
|
|
324
357
|
- app/models/masks/credentials/device.rb
|
|
325
358
|
- app/models/masks/credentials/email.rb
|
|
@@ -331,16 +364,23 @@ files:
|
|
|
331
364
|
- app/models/masks/credentials/one_time_code.rb
|
|
332
365
|
- app/models/masks/credentials/password.rb
|
|
333
366
|
- app/models/masks/credentials/recovery.rb
|
|
367
|
+
- app/models/masks/credentials/return_to.rb
|
|
334
368
|
- app/models/masks/credentials/session.rb
|
|
335
369
|
- app/models/masks/device.rb
|
|
336
370
|
- app/models/masks/error.rb
|
|
337
371
|
- app/models/masks/event.rb
|
|
338
372
|
- app/models/masks/mask.rb
|
|
373
|
+
- app/models/masks/openid/authorization.rb
|
|
374
|
+
- app/models/masks/openid/token.rb
|
|
339
375
|
- app/models/masks/rails/actor.rb
|
|
340
376
|
- app/models/masks/rails/actor_role.rb
|
|
341
377
|
- app/models/masks/rails/device.rb
|
|
342
378
|
- app/models/masks/rails/email.rb
|
|
343
379
|
- app/models/masks/rails/key.rb
|
|
380
|
+
- app/models/masks/rails/openid/access_token.rb
|
|
381
|
+
- app/models/masks/rails/openid/authorization.rb
|
|
382
|
+
- app/models/masks/rails/openid/client.rb
|
|
383
|
+
- app/models/masks/rails/openid/id_token.rb
|
|
344
384
|
- app/models/masks/rails/recovery.rb
|
|
345
385
|
- app/models/masks/rails/role.rb
|
|
346
386
|
- app/models/masks/rails/scope.rb
|
|
@@ -364,17 +404,25 @@ files:
|
|
|
364
404
|
- app/views/masks/emails/new.html.erb
|
|
365
405
|
- app/views/masks/emails/verify.html.erb
|
|
366
406
|
- app/views/masks/keys/new.html.erb
|
|
367
|
-
- app/views/masks/manage/actor/show.html.erb
|
|
368
407
|
- app/views/masks/manage/actors/index.html.erb
|
|
408
|
+
- app/views/masks/manage/actors/show.html.erb
|
|
409
|
+
- app/views/masks/manage/clients/index.html.erb
|
|
410
|
+
- app/views/masks/manage/clients/show.html.erb
|
|
411
|
+
- app/views/masks/manage/dashboard/index.html.erb
|
|
412
|
+
- app/views/masks/manage/devices/index.html.erb
|
|
369
413
|
- app/views/masks/one_time_code/new.html.erb
|
|
414
|
+
- app/views/masks/openid/authorizations/error.html.erb
|
|
415
|
+
- app/views/masks/openid/authorizations/new.html.erb
|
|
370
416
|
- app/views/masks/passwords/edit.html.erb
|
|
371
417
|
- app/views/masks/recoveries/new.html.erb
|
|
372
418
|
- app/views/masks/recoveries/password.html.erb
|
|
373
419
|
- app/views/masks/sessions/new.html.erb
|
|
374
420
|
- config/brakeman.ignore
|
|
421
|
+
- config/initializers/inflections.rb
|
|
375
422
|
- config/locales/en.yml
|
|
376
423
|
- config/routes.rb
|
|
377
424
|
- db/migrate/20231205173845_create_actors.rb
|
|
425
|
+
- db/migrate/20240329182422_support_openid.rb
|
|
378
426
|
- lib/generators/masks/install/USAGE
|
|
379
427
|
- lib/generators/masks/install/install_generator.rb
|
|
380
428
|
- lib/generators/masks/install/templates/initializer.rb
|