minimalist_authentication 3.3.0 → 3.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/app/controllers/password_resets_controller.rb +4 -1
  3. data/app/controllers/passwords_controller.rb +3 -2
  4. data/config/locales/minimalist_authentication.en.yml +3 -1
  5. data/lib/minimalist_authentication/controller.rb +12 -0
  6. data/lib/minimalist_authentication/sessions.rb +5 -1
  7. data/lib/minimalist_authentication/version.rb +1 -1
  8. metadata +1 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: a00b1f4d3eca783ae2d6f0998b164bf1cc2cb26e2721b807c9c95e5b7c9c1ed4
4
- data.tar.gz: 9a881ed13f89438464d09f574e6ab24f4a2b6a49483a88ec12b4b1afcc937d89
3
+ metadata.gz: 79d61a668a0923babb9c46da034f262af4dc8ed449b511bb44427b2c1af202c4
4
+ data.tar.gz: b6e226a4f03b89609870b4841bfa83cbb781eb3b1ffc2c7d201c4e99328a4921
5
5
  SHA512:
6
- metadata.gz: 7001e00701070f34b03aa012841452fa75d58fdab35f5ae0cf551190d50f5c8319f746b71754858fba02f5e12365838d2dff398786895bd5ba9919da0b06575d
7
- data.tar.gz: 0f82b8cd2b1d47b6b899ee3a31fa4f50cb7ac54b958e3216c3acc13a1303ba5068c3170af7840ede8835130af379286b1ddd8b712a6c6ec81e30c62aa907a4f5
6
+ metadata.gz: '09a6e851dd57f8541116348298da3e1d5b2227f40a03ae3aed99a75040b30d237f5641741bfbad5b2fee73daaf9e1f2951634f263adc2a4827dc3bf5220307d7'
7
+ data.tar.gz: d47f8f2afa9464bce14cc503a64850dacf774bdd50ca965f4077e808afbb51f6ee8e4f1dc4877a9769fac7ff26b19cb77a6ad05828564a9436a692730be83a2f
data/app/controllers/password_resets_controller.rb CHANGED
@@ -5,7 +5,10 @@ class PasswordResetsController < ApplicationController
5
5
 
6
6
  layout "sessions"
7
7
 
8
- # Renders form for user to request a password reset
8
+ # Limit create requests by ip address
9
+ limit_creations
10
+
11
+ # Password reset request form
9
12
  def new
10
13
  # new.html.erb
11
14
  end
data/app/controllers/passwords_controller.rb CHANGED
@@ -39,8 +39,9 @@ class PasswordsController < ApplicationController
39
39
 
40
40
  def authenticate_with_token
41
41
  @token = params[:token]
42
- @user = MinimalistAuthentication.user_model.active.find_by_token_for(purpose, @token)
43
- redirect_to(new_session_path, alert: t(".invalid_token")) unless @user
42
+ @user = MinimalistAuthentication.user_model.active.find_by_token_for!(purpose, @token)
43
+ rescue ActiveRecord::RecordNotFound, ActiveSupport::MessageVerifier::InvalidSignature
44
+ redirect_to(new_session_path, alert: t(".invalid_token"))
44
45
  end
45
46
 
46
47
  def password_params
data/config/locales/minimalist_authentication.en.yml CHANGED
@@ -14,6 +14,8 @@ en:
14
14
  title: Email Update
15
15
  update:
16
16
  notice: Email successfully updated
17
+ limit_creations:
18
+ alert: Please try again later.
17
19
  minimalist_authentication_mailer:
18
20
  update_password:
19
21
  opening: Please click the link below to update your password.
@@ -26,7 +28,7 @@ en:
26
28
  new:
27
29
  email:
28
30
  placeholder: Enter your email address
29
- instructions: Enter your verified email address, and we'll send you a link to reset your password.
31
+ instructions: Enter your account email address to receive a password reset link.
30
32
  submit: Send Reset Link
31
33
  title: Reset Your Password
32
34
  create:
data/lib/minimalist_authentication/controller.rb CHANGED
@@ -17,6 +17,18 @@ module MinimalistAuthentication
17
17
  helper_method :authorized?, :current_user, :logged_in?, :login_redirect_to
18
18
  end
19
19
 
20
+ module ClassMethods
21
+ def limit_creations(**)
22
+ rate_limit(
23
+ to: 10,
24
+ within: 3.minutes,
25
+ only: :create,
26
+ with: -> { redirect_to new_session_path, alert: t("limit_creations.alert") },
27
+ **
28
+ )
29
+ end
30
+ end
31
+
20
32
  # Returns true if the user is logged in
21
33
  # Override this method in your controller to customize authorization
22
34
  def authorized?(_action = action_name, _resource = controller_name)
data/lib/minimalist_authentication/sessions.rb CHANGED
@@ -10,6 +10,10 @@ module MinimalistAuthentication
10
10
 
11
11
  skip_before_action :authorization_required, only: %i[new create]
12
12
  before_action :redirect_logged_in_users, only: :new
13
+
14
+ # Limit create requests by ip address and user identifier
15
+ limit_creations(to: 50)
16
+ limit_creations(by: -> { identifier&.downcase })
13
17
  end
14
18
 
15
19
  def new
@@ -80,7 +84,7 @@ module MinimalistAuthentication
80
84
  end
81
85
 
82
86
  def identifier
83
- user_params.values_at(*MinimalistAuthentication::Authenticator::LOGIN_FIELDS).compact.first
87
+ user_params[:email] || user_params[:username]
84
88
  end
85
89
 
86
90
  def logout_redirect_to
data/lib/minimalist_authentication/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module MinimalistAuthentication
4
- VERSION = "3.3.0"
4
+ VERSION = "3.4.1"
5
5
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: minimalist_authentication
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.3.0
4
+ version: 3.4.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Aaron Baldwin