no_password_auth 0.2.1 → 0.3.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 21b0742b67d08d1694998ce4a0cb4c5460eaa07d28b4481bd2f081580dfe2cad
4
- data.tar.gz: 2148a8faa5cccc2d52f33708d862f116d69b832a1043dfc18aa9900d1c9a0ae3
3
+ metadata.gz: 57fba7b27f8275b00ea718d33f1c1db68ef99bd4d31f13155941304ed48fe712
4
+ data.tar.gz: b2f68422141e8735e5352107f6361a0ba04bdcd54d9fe6b83df4fe6f2ee49730
5
5
  SHA512:
6
- metadata.gz: 395f222367f5bfe903e1947e2fb4246ecad6c11c904679dc78ed3dc43e0a751066aa6cce9f016d2fd6e6aca396321898d240775ba1348a43aa1716c11fcdb1a3
7
- data.tar.gz: d8beccec2e849f9a407ddfd27850e4a2c1568f4189564424578e669d5030c39f1b25653f324c157c93a4cab5daffa4908a59e5042ae04ac3213bdba11a5bcca0
6
+ metadata.gz: 80b05f4d8c074c851c8eb604b1805f873f3c5e4711e5778078d2b5746ea96a0a263087c8b1bd556d946ad67cc66b1b25c3ff4228e017c3608af9892f4ed91ae4
7
+ data.tar.gz: f80aef0e6dfda703fd20c8a552caa4bc1b428a208bd79faae66f3cbac1cea4f3d3f1e4a39e5ff264cb846c60ba216723e890a609dbf43e48c1953be935af2440
data/README-ES.md CHANGED
@@ -144,16 +144,15 @@ El flujo normal para iniciar sesión consta de dos pasos, una página donde se i
144
144
 
145
145
  Este callback va a ser llamado en cada intento de iniciar sesión, ya sea con código o con link mágico, independientemente de si el inicio de sesión es exitoso o no.
146
146
  ```ruby
147
- after_sign_in!(signed_in, by_url, return_url)
147
+ after_sign_in!(current_session, by_url)
148
148
  ```
149
- El callback recibe 3 parámetros.
150
- - `signed_in`: indica si fue exitoso el inicio de sesión o no, su valor es booleano.
149
+ El callback recibe dos parámetros.
150
+ - `current_session`: El objecto que representa a la sesión activa.
151
151
  - `by_url`: indica como se inentó iniciar sesión, ya sea por el link mágico o con el código introducido manualmente, su valor es booleano.
152
- - `return_url`: Contiene la URL a donde redireccionar al usuario en caso de que el inicio de sesión sea exitoso, su valor es una cadena de texto.
153
152
 
154
153
  El controlador `SessionConfirmationsController` espera como respuesta del callback los siguientes posibles valores:
155
154
  - `nil`: con el cual se indica que se ejecutó el callback y que regresa el control del flujo al controlador.
156
- - `render` o `redirect_to`: en este caso le indicamos al controlador que el callback toma el control del flujo.
155
+ - `redirect path`: es una ruta en forma de string que indica que el callback se ejecutó y espera una redirección a esa ruta específica.
157
156
 
158
157
  Podemos implementar el callback `after_sign_in!` creando el archivo `app/controllers/no_password/session_confirmations_controller.rb` en nuestra aplicación principal,
159
158
  donde cargamos el controlador original desde el engine de NoPassword y con `class_eval` le inyectamos el método.
@@ -162,12 +161,12 @@ donde cargamos el controlador original desde el engine de NoPassword y con `clas
162
161
  load NoPassword::Engine.root.join("app", "controllers", "no_password", "session_confirmations_controller.rb")
163
162
 
164
163
  NoPassword::SessionConfirmationsController.class_eval do
165
- def after_sign_in!(signed_in, by_url)
164
+ def after_sign_in!(current_session, by_url)
166
165
  return do_something_different if signed_in # Do something different if user signed in successfully
167
166
  return nil if !by_url # Return control if failed to sign in with magic link
168
167
 
169
168
  flash[:alert] = "Your code is not valid"
170
- redirect_to main_app.demo_path # Redirect somewhere else if token is invalid
169
+ main_app.demo_path # Redirect somewhere else if token is invalid
171
170
  end
172
171
  end
173
172
  ```
data/README.md CHANGED
@@ -145,16 +145,15 @@ This is an example of a custom flow that mimics a Single Page flow.
145
145
 
146
146
  The callback is called on every intent to start a session, whether the sign was successful or not.
147
147
  ```ruby
148
- after_sign_in!(signed_in, by_url, return_url)
148
+ after_sign_in!(current_session, by_url)
149
149
  ```
150
- It receives three parameters.
151
- - `signed_in`: A boolean value that indicates if the user succeeded in getting a session.
150
+ It receives two parameters.
151
+ - `current_session`: An object that represents the active session.
152
152
  - `by_url`: A boolean value that indicates if the login happens with the magic link or entered token manually.
153
- - `return_url`: A string value with the return path if the user succeeded in getting a session.
154
153
 
155
154
  The `SessionConfirmationsController` controller expects any of the following possible values from the callback.
156
155
  - `nil`: indicates callback was executed but is returning flow control to the controller.
157
- - `render` o `redirect_to`: indicates callback was executed and is taking over sign in flow.
156
+ - `redirect path`: it is a string path that indicates callback was executed and want to redirect to specific path.
158
157
 
159
158
  `after_sign_in!` callback is implemented by creating a `app/controllers/no_password/session_confirmations_controller.rb` file in your application. The original controller from NoPassword engine is loaded, and then the callback is added with a `class_eval`.
160
159
 
@@ -162,12 +161,12 @@ The `SessionConfirmationsController` controller expects any of the following pos
162
161
  load NoPassword::Engine.root.join("app", "controllers", "no_password", "session_confirmations_controller.rb")
163
162
 
164
163
  NoPassword::SessionConfirmationsController.class_eval do
165
- def after_sign_in!(signed_in, by_url)
164
+ def after_sign_in!(current_session, by_url)
166
165
  return do_something_different if signed_in # Do something different if user signed in successfully
167
166
  return nil if !by_url # Return control if failed to sign in with magic link
168
167
 
169
168
  flash[:alert] = "Your code is not valid"
170
- redirect_to main_app.demo_path # Redirect somewhere else if token is invalid
169
+ main_app.demo_path # Redirect somewhere else if token is invalid
171
170
  end
172
171
  end
173
172
  ```
@@ -1,4 +1,5 @@
1
1
  module NoPassword
2
2
  class ApplicationController < ActionController::Base
3
+ protect_from_forgery with: :exception
3
4
  end
4
5
  end
@@ -6,16 +6,18 @@ module NoPassword
6
6
  include NoPassword::WebTokens
7
7
 
8
8
  def edit
9
- if params[:token].present?
10
- token = verify_token(params[:token])
9
+ return unless params[:token].present?
11
10
 
12
- sign_in_session(token, true)
13
- end
11
+ token = verify_token(params[:token])
12
+ redirect_url = sign_in_session(token, by_url: true)
13
+
14
+ return redirect_to(redirect_url) if redirect_url.present?
14
15
  end
15
16
 
16
17
  def update
17
- result = sign_in_session(params[:token])
18
- return result if result.present?
18
+ redirect_url = sign_in_session(params[:token])
19
+
20
+ return redirect_to(redirect_url) if redirect_url.present?
19
21
 
20
22
  response.status = :unprocessable_entity
21
23
  render turbo_stream: turbo_stream.update("notifications", partial: "notification")
@@ -23,19 +25,25 @@ module NoPassword
23
25
 
24
26
  private
25
27
 
26
- def sign_in_session(token, by_url = false)
28
+ def claim_session(token)
27
29
  current_session = SessionManager.new.claim(token)
30
+ if current_session.present?
31
+ save_session_to_cookie(current_session)
32
+ else
33
+ flash.now.alert = t("flash.update.invalid_code.alert")
34
+ end
28
35
 
29
- flash.now.alert = t("flash.update.invalid_code.alert") if current_session.blank?
36
+ current_session
37
+ end
38
+
39
+ def sign_in_session(token, by_url: false)
40
+ current_session = claim_session(token)
30
41
 
31
- result = if respond_to?(:after_sign_in!)
32
- after_sign_in!(current_session.present?, by_url, current_session&.return_url)
42
+ if respond_to?(:after_sign_in!)
43
+ after_sign_in!(current_session, by_url)
33
44
  elsif current_session.present?
34
- save_session_to_cookie(current_session)
35
- redirect_to(current_session.return_url || main_app.root_path)
45
+ (current_session.return_url || main_app.root_path)
36
46
  end
37
-
38
- result if result.present?
39
47
  end
40
48
 
41
49
  def save_session_to_cookie(current_session, key = nil, data = nil)
@@ -36,7 +36,7 @@ module NoPassword
36
36
  referrer = CGI.unescape(return_to)
37
37
  return nil if referrer.blank?
38
38
 
39
- referrer.include?(no_password.new_session_path) || referrer.include?(no_password.edit_session_confirmations_path) ? nil : referrer
39
+ (referrer.include?(no_password.new_session_path) || referrer.include?(no_password.edit_session_confirmations_path)) ? nil : referrer
40
40
  end
41
41
 
42
42
  def sign_out(key = nil)
@@ -0,0 +1,52 @@
1
+ {
2
+ "ignored_warnings": [
3
+ {
4
+ "warning_type": "Redirect",
5
+ "warning_code": 18,
6
+ "fingerprint": "310eb4d856343cbe3a4b5357ce331265a65360c7c51cef559f077eaa96015e95",
7
+ "check_name": "Redirect",
8
+ "message": "Possible unprotected redirect",
9
+ "file": "app/controllers/no_password/session_confirmations_controller.rb",
10
+ "line": 14,
11
+ "link": "https://brakemanscanner.org/docs/warning_types/redirect/",
12
+ "code": "redirect_to(sign_in_session(verify_token(params[:token]), :by_url => true))",
13
+ "render_path": null,
14
+ "location": {
15
+ "type": "method",
16
+ "class": "NoPassword::SessionConfirmationsController",
17
+ "method": "edit"
18
+ },
19
+ "user_input": "params[:token]",
20
+ "confidence": "Weak",
21
+ "cwe_id": [
22
+ 601
23
+ ],
24
+ "note": "It is ok,redirect is calculated."
25
+ },
26
+ {
27
+ "warning_type": "Redirect",
28
+ "warning_code": 18,
29
+ "fingerprint": "6a097716f95b29bd0948be5684aa38582be64c76f258032743ff949a8abdc064",
30
+ "check_name": "Redirect",
31
+ "message": "Possible unprotected redirect",
32
+ "file": "app/controllers/no_password/session_confirmations_controller.rb",
33
+ "line": 20,
34
+ "link": "https://brakemanscanner.org/docs/warning_types/redirect/",
35
+ "code": "redirect_to(sign_in_session(params[:token]))",
36
+ "render_path": null,
37
+ "location": {
38
+ "type": "method",
39
+ "class": "NoPassword::SessionConfirmationsController",
40
+ "method": "update"
41
+ },
42
+ "user_input": "params[:token]",
43
+ "confidence": "Weak",
44
+ "cwe_id": [
45
+ 601
46
+ ],
47
+ "note": "It is ok, redirect is calculated."
48
+ }
49
+ ],
50
+ "updated": "2023-08-10 11:37:09 -0600",
51
+ "brakeman_version": "6.0.1"
52
+ }
@@ -12,10 +12,10 @@ en:
12
12
  default_from: no-reply@aoorora.com
13
13
 
14
14
  send_token:
15
- subject: Here is your temporary login token
15
+ subject: "Aoorora: Your temporary session code is here"
16
16
  greetings: Hello!
17
- instructions_1: You requested a login token to start a new session. Here is your code. You can copy/paste the code into our website. Please don't share this code to anyone.
18
- instructions_2: Or use this button to start a new session. It will open a new browser window.
17
+ instructions_1: You are receiving this email because you requested a login code to begin a demo session in Aoorora. Please don't share this code with anyone else.
18
+ instructions_2: Click this button to start a new session. It will open a new browser window.
19
19
  instructions_2_text: Or use the follwing link to start a new session. Copy and paste it your browser.
20
20
  start_session: Continue to your session
21
21
  instructions_3: If you did not request this email, please ignore and delete it. Do not resend or share it with other people.
@@ -4,7 +4,7 @@ es:
4
4
  invalid_code:
5
5
  alert:
6
6
  title: Código inválido
7
- description: Revise su código no es válido o ya expiró. Puede solicitar uno nuevo.
7
+ description: Revise su código, es válido o ya expiró. Puede solicitar uno nuevo.
8
8
  session:
9
9
  alert:
10
10
  title: No existe sesión activa
@@ -1,7 +1,6 @@
1
1
  class CreateNoPasswordSessions < ActiveRecord::Migration[7.0]
2
2
  def change
3
3
  create_table :no_password_sessions, if_not_exists: true do |t|
4
-
5
4
  t.timestamp :expires_at
6
5
  t.timestamp :claimed_at
7
6
  t.string :token, null: false
@@ -1,3 +1,3 @@
1
1
  module NoPassword
2
- VERSION = "0.2.1"
2
+ VERSION = "0.3.0"
3
3
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: no_password_auth
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.1
4
+ version: 0.3.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Mario Alberto Chávez
@@ -10,64 +10,70 @@ authors:
10
10
  autorequire:
11
11
  bindir: bin
12
12
  cert_chain: []
13
- date: 2022-11-08 00:00:00.000000000 Z
13
+ date: 2023-08-10 00:00:00.000000000 Z
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
16
16
  name: rails
17
17
  requirement: !ruby/object:Gem::Requirement
18
18
  requirements:
19
- - - "~>"
19
+ - - ">="
20
20
  - !ruby/object:Gem::Version
21
21
  version: 7.0.0
22
+ - - "<="
23
+ - !ruby/object:Gem::Version
24
+ version: 7.1.0
22
25
  type: :runtime
23
26
  prerelease: false
24
27
  version_requirements: !ruby/object:Gem::Requirement
25
28
  requirements:
26
- - - "~>"
29
+ - - ">="
27
30
  - !ruby/object:Gem::Version
28
31
  version: 7.0.0
32
+ - - "<="
33
+ - !ruby/object:Gem::Version
34
+ version: 7.1.0
29
35
  - !ruby/object:Gem::Dependency
30
36
  name: turbo-rails
31
37
  requirement: !ruby/object:Gem::Requirement
32
38
  requirements:
33
39
  - - "~>"
34
40
  - !ruby/object:Gem::Version
35
- version: 1.1.0
41
+ version: 1.3.0
36
42
  type: :runtime
37
43
  prerelease: false
38
44
  version_requirements: !ruby/object:Gem::Requirement
39
45
  requirements:
40
46
  - - "~>"
41
47
  - !ruby/object:Gem::Version
42
- version: 1.1.0
48
+ version: 1.3.0
43
49
  - !ruby/object:Gem::Dependency
44
50
  name: stimulus-rails
45
51
  requirement: !ruby/object:Gem::Requirement
46
52
  requirements:
47
53
  - - "~>"
48
54
  - !ruby/object:Gem::Version
49
- version: 1.1.0
55
+ version: 1.2.0
50
56
  type: :runtime
51
57
  prerelease: false
52
58
  version_requirements: !ruby/object:Gem::Requirement
53
59
  requirements:
54
60
  - - "~>"
55
61
  - !ruby/object:Gem::Version
56
- version: 1.1.0
62
+ version: 1.2.0
57
63
  - !ruby/object:Gem::Dependency
58
64
  name: importmap-rails
59
65
  requirement: !ruby/object:Gem::Requirement
60
66
  requirements:
61
67
  - - "~>"
62
68
  - !ruby/object:Gem::Version
63
- version: 1.1.0
69
+ version: 1.2.0
64
70
  type: :runtime
65
71
  prerelease: false
66
72
  version_requirements: !ruby/object:Gem::Requirement
67
73
  requirements:
68
74
  - - "~>"
69
75
  - !ruby/object:Gem::Version
70
- version: 1.1.0
76
+ version: 1.2.0
71
77
  - !ruby/object:Gem::Dependency
72
78
  name: tailwindcss-rails
73
79
  requirement: !ruby/object:Gem::Requirement
@@ -137,7 +143,6 @@ files:
137
143
  - README.md
138
144
  - Rakefile
139
145
  - app/assets/config/no_password/manifest.js
140
- - app/assets/config/no_password/tailwind.config.js
141
146
  - app/assets/images/no_password/aoo.svg
142
147
  - app/assets/javascripts/no_password/application.js
143
148
  - app/assets/javascripts/no_password/controllers/alert_controller.js
@@ -170,6 +175,7 @@ files:
170
175
  - app/views/no_password/sessions/new.html.erb
171
176
  - app/views/no_password/sessions_mailer/send_token.html.erb
172
177
  - app/views/no_password/sessions_mailer/send_token.text.erb
178
+ - config/brakeman.ignore
173
179
  - config/initializers/importmap.rb
174
180
  - config/locales/en/flash.en.yml
175
181
  - config/locales/en/forms.en.yml
@@ -220,7 +226,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
220
226
  - !ruby/object:Gem::Version
221
227
  version: '0'
222
228
  requirements: []
223
- rubygems_version: 3.3.7
229
+ rubygems_version: 3.4.18
224
230
  signing_key:
225
231
  specification_version: 4
226
232
  summary: Passwordless Ruby on Rails engine.
@@ -1,61 +0,0 @@
1
- const defaultTheme = require('tailwindcss/defaultTheme')
2
-
3
- function withOpacityValue(variableName) {
4
- return ({opacityValue}) => {
5
- opacityValue = opacityValue ?? 1;
6
- return `rgba(var(${variableName}), ${opacityValue})`
7
- }
8
- };
9
-
10
- module.exports = {
11
- content: [
12
- '/Users/marioch/Development/creditario/nopassword/app/views/**/*',
13
- '/Users/marioch/Development/creditario/nopassword/app/helpers/**/*',
14
- '/Users/marioch/Development/creditario/nopassword/app/controllers/**/*',
15
- '/Users/marioch/Development/creditario/nopassword/app/javascript/**/*.js',
16
- '/Users/marioch/Development/creditario/nopassword/app/assets/**/application.tailwind.css'
17
- ],
18
- theme: {
19
- extend: {
20
- fontFamily: {
21
- sans: ['Inter var', ...defaultTheme.fontFamily.sans],
22
- },
23
- textColor: {
24
- skin: {
25
- inverted: withOpacityValue('--color-inverted'),
26
- accented: withOpacityValue('--color-accented'),
27
- 'accented-hover': withOpacityValue('--color-accented-hover'),
28
- base: withOpacityValue('--color-base'),
29
- muted: withOpacityValue('--color-muted'),
30
- dimmed: withOpacityValue('--color-dimmed'),
31
- error: withOpacityValue('--color-error'),
32
- }
33
- },
34
- backgroundColor: {
35
- skin: {
36
- 'button-accented': withOpacityValue('--color-accented'),
37
- 'button-accented-hover': withOpacityValue('--color-accented-hover'),
38
- 'button-inverted': withOpacityValue('--color-inverted'),
39
- 'button-inverted-hover': withOpacityValue('--color-inverted-hover'),
40
- muted: withOpacityValue('--color-muted'),
41
- dimmed: withOpacityValue('--color-dimmed'),
42
- accent: withOpacityValue('--color-accent'),
43
- }
44
- },
45
- ringColor: {
46
- skin: {
47
- accented: withOpacityValue('--color-border-accented'),
48
- }
49
- },
50
- borderColor: {
51
- skin: {
52
- base: withOpacityValue('--color-border-base'),
53
- accented: withOpacityValue('--color-border-accented'),
54
- }
55
- }
56
- },
57
- },
58
- plugins: [
59
- require('@tailwindcss/forms')
60
- ],
61
- }