pages_core 3.12.7 → 3.14.0

data/lib/rails/generators/pages_core/install/install_generator.rb

@@ -22,11 +22,6 @@ module PagesCore
         nil
       end
 
-      def create_active_job_initializer
-        template("active_job_initializer.rb",
-                 File.join("config/initializers/active_job.rb"))
-      end
-
       def create_application_controller
         template("application_controller.rb",
                  File.join("app/controllers/application_controller.rb"))
@@ -57,16 +52,6 @@ module PagesCore
                   File.join("app/views/pages/templates/index.html.erb"))
       end
 
-      def create_delayed_job_script
-        template "delayed_job", File.join("bin/delayed_job")
-        File.chmod(0o755, Rails.root.join("bin/delayed_job"))
-      end
-
-      def create_delayed_job_initializer
-        template("delayed_job_initializer.rb",
-                 File.join("config/initializers/delayed_job.rb"))
-      end
-
       def create_initializer_file
         read_configuration!
         template("pages_initializer.rb",

data/lib/rails/generators/pages_core/rspec/templates/page_templates_spec.rb

@@ -7,7 +7,7 @@ RSpec.describe "Page templates", type: :system do
 
   let(:page_model) do
     create(:page,
-           template: template,
+           template:,
            headline: "My headline",
            body: "My body",
            excerpt: "My excerpt")

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: pages_core
 version: !ruby/object:Gem::Version
-  version: 3.12.7
+  version: 3.14.0
 platform: ruby
 authors:
 - Inge Jørgensen
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-09-01 00:00:00.000000000 Z
+date: 2024-01-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -206,6 +206,34 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: 4.3.2
+- !ruby/object:Gem::Dependency
+  name: rotp
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 6.3.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 6.3.0
+- !ruby/object:Gem::Dependency
+  name: rqrcode
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: tty-table
   requirement: !ruby/object:Gem::Requirement
@@ -332,48 +360,6 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 0.5.3
-- !ruby/object:Gem::Dependency
-  name: daemons
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: 1.2.0
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: 1.2.0
-- !ruby/object:Gem::Dependency
-  name: delayed_job
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: 4.1.2
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: 4.1.2
-- !ruby/object:Gem::Dependency
-  name: delayed_job_active_record
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: 4.1.1
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: 4.1.1
 description: Pages Core
 email:
 - inge@anyone.no
@@ -419,6 +405,7 @@ files:
 - app/assets/stylesheets/pages_core/admin/components/textarea.css
 - app/assets/stylesheets/pages_core/admin/components/toast.css
 - app/assets/stylesheets/pages_core/admin/components/toolbar.css
+- app/assets/stylesheets/pages_core/admin/components/totp.css
 - app/assets/stylesheets/pages_core/admin/controllers/pages.css
 - app/assets/stylesheets/pages_core/admin/controllers/users.css
 - app/assets/stylesheets/pages_core/admin/vars.css
@@ -430,14 +417,17 @@ files:
 - app/controller_dummies/page_files_controller.rb
 - app/controller_dummies/pages_controller.rb
 - app/controller_dummies/sitemaps_controller.rb
+- app/controllers/admin/account_recoveries_controller.rb
 - app/controllers/admin/attachments_controller.rb
 - app/controllers/admin/calendars_controller.rb
 - app/controllers/admin/categories_controller.rb
 - app/controllers/admin/images_controller.rb
 - app/controllers/admin/invites_controller.rb
 - app/controllers/admin/news_controller.rb
+- app/controllers/admin/otp_secrets_controller.rb
 - app/controllers/admin/pages_controller.rb
-- app/controllers/admin/password_resets_controller.rb
+- app/controllers/admin/recovery_codes_controller.rb
+- app/controllers/admin/sessions_controller.rb
 - app/controllers/admin/users_controller.rb
 - app/controllers/concerns/pages_core/admin/persistent_params.rb
 - app/controllers/concerns/pages_core/authentication.rb
@@ -458,7 +448,6 @@ files:
 - app/controllers/pages_core/frontend_controller.rb
 - app/controllers/pages_core/images_controller.rb
 - app/controllers/pages_core/sitemaps_controller.rb
-- app/controllers/sessions_controller.rb
 - app/formatters/pages_core/html_formatter.rb
 - app/formatters/pages_core/image_embedder.rb
 - app/formatters/pages_core/link_renderer.rb
@@ -534,7 +523,6 @@ files:
 - app/javascript/components/drag/useDragUploader.ts
 - app/javascript/components/drag/useDraggable.ts
 - app/javascript/controllers/EditPageController.ts
-- app/javascript/controllers/LoginController.ts
 - app/javascript/controllers/MainController.ts
 - app/javascript/controllers/PageOptionsController.js
 - app/javascript/features/RichText.tsx
@@ -554,6 +542,7 @@ files:
 - app/models/attachment.rb
 - app/models/autopublisher.rb
 - app/models/category.rb
+- app/models/concerns/pages_core/has_otp.rb
 - app/models/concerns/pages_core/has_roles.rb
 - app/models/concerns/pages_core/humanizable_param.rb
 - app/models/concerns/pages_core/page_model/attachments.rb
@@ -574,6 +563,7 @@ files:
 - app/models/image.rb
 - app/models/invite.rb
 - app/models/invite_role.rb
+- app/models/otp_secret.rb
 - app/models/page.rb
 - app/models/page_builder.rb
 - app/models/page_category.rb
@@ -581,7 +571,6 @@ files:
 - app/models/page_file.rb
 - app/models/page_image.rb
 - app/models/page_path.rb
-- app/models/password_reset_token.rb
 - app/models/role.rb
 - app/models/search_document.rb
 - app/models/tag.rb
@@ -605,6 +594,8 @@ files:
 - app/services/pages_core/create_user_service.rb
 - app/services/pages_core/destroy_invite_service.rb
 - app/services/pages_core/invite_service.rb
+- app/views/admin/account_recoveries/new.html.erb
+- app/views/admin/account_recoveries/show.html.erb
 - app/views/admin/calendars/_sidebar.html.erb
 - app/views/admin/calendars/show.html.erb
 - app/views/admin/images/show.json.jbuilder
@@ -612,6 +603,8 @@ files:
 - app/views/admin/invites/show.html.erb
 - app/views/admin/news/_sidebar.html.erb
 - app/views/admin/news/index.html.erb
+- app/views/admin/otp_secrets/create.html.erb
+- app/views/admin/otp_secrets/new.html.erb
 - app/views/admin/pages/_edit_content.html.erb
 - app/views/admin/pages/_edit_files.html.erb
 - app/views/admin/pages/_edit_images.html.erb
@@ -625,18 +618,22 @@ files:
 - app/views/admin/pages/index.html.erb
 - app/views/admin/pages/new.html.erb
 - app/views/admin/pages/search.html.erb
-- app/views/admin/password_resets/show.html.erb
+- app/views/admin/recovery_codes/_codes.html.erb
+- app/views/admin/recovery_codes/create.html.erb
+- app/views/admin/recovery_codes/new.html.erb
+- app/views/admin/sessions/_otp_form.html.erb
+- app/views/admin/sessions/new.html.erb
+- app/views/admin/sessions/verify_otp.html.erb
 - app/views/admin/users/_access_control.html.erb
 - app/views/admin/users/_list.html.erb
 - app/views/admin/users/deactivated.html.erb
 - app/views/admin/users/edit.html.erb
 - app/views/admin/users/index.html.erb
-- app/views/admin/users/login.html.erb
 - app/views/admin/users/new.html.erb
 - app/views/admin/users/new_password.html.erb
 - app/views/admin/users/show.html.erb
+- app/views/admin_mailer/account_recovery.text.erb
 - app/views/admin_mailer/invite.text.erb
-- app/views/admin_mailer/password_reset.text.erb
 - app/views/errors/401.html.erb
 - app/views/errors/403.html.erb
 - app/views/errors/404.html.erb
@@ -648,6 +645,7 @@ files:
 - app/views/layouts/admin.html.erb
 - app/views/layouts/admin/_header.html.erb
 - app/views/layouts/admin/_page_header.html.erb
+- app/views/layouts/admin/_toast.html.erb
 - app/views/layouts/errors.html.erb
 - app/views/sitemaps/show.xml.builder
 - config/locales/en.yml
@@ -657,6 +655,8 @@ files:
 - db/migrate/20210209151400_create_search_configurations.rb
 - db/migrate/20210210235200_create_search_documents.rb
 - db/migrate/20220615160300_remove_username.rb
+- db/migrate/20240126160700_add_2fa_fields.rb
+- db/migrate/20240129201300_remove_password_reset_tokens.rb
 - lib/pages_core.rb
 - lib/pages_core/admin_menu_item.rb
 - lib/pages_core/archive_finder.rb
@@ -700,12 +700,9 @@ files:
 - lib/rails/generators/pages_core/frontend/templates/stylesheets/global/grid.css
 - lib/rails/generators/pages_core/frontend/templates/stylesheets/global/typography.css
 - lib/rails/generators/pages_core/install/install_generator.rb
-- lib/rails/generators/pages_core/install/templates/active_job_initializer.rb
 - lib/rails/generators/pages_core/install/templates/application_controller.rb
 - lib/rails/generators/pages_core/install/templates/application_helper.rb
 - lib/rails/generators/pages_core/install/templates/default_page_template.html.erb
-- lib/rails/generators/pages_core/install/templates/delayed_job
-- lib/rails/generators/pages_core/install/templates/delayed_job_initializer.rb
 - lib/rails/generators/pages_core/install/templates/frontend_controller.rb
 - lib/rails/generators/pages_core/install/templates/frontend_helper.rb
 - lib/rails/generators/pages_core/install/templates/gitignore.erb
@@ -736,14 +733,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 3.0.0
+      version: 3.1.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.4.10
+rubygems_version: 3.5.3
 signing_key:
 specification_version: 4
 summary: Pages Core

data/app/controllers/admin/password_resets_controller.rb

@@ -1,85 +0,0 @@
-# frozen_string_literal: true
-
-module Admin
-  class PasswordResetsController < Admin::AdminController
-    before_action :find_password_reset_token, only: %i[show update]
-    before_action :check_for_expired_token, only: %i[show update]
-    before_action :require_authentication, except: %i[create show update]
-
-    layout "admin"
-
-    def show
-      @user = @password_reset_token.user
-    end
-
-    def create
-      @user = find_user_by_email(params[:email])
-      if @user
-        @password_reset_token = @user.password_reset_tokens.create
-        deliver_password_reset(@user, @password_reset_token)
-        flash[:notice] = t("pages_core.password_reset.sent")
-      else
-        flash[:notice] = t("pages_core.password_reset.not_found")
-      end
-      redirect_to login_admin_users_url
-    end
-
-    def update
-      @user = @password_reset_token.user
-      if user_params[:password].present? && @user.update(user_params)
-        @password_reset_token.destroy
-        authenticate!(@user)
-        flash[:notice] = t("pages_core.password_reset.changed")
-        redirect_to login_admin_users_url
-      else
-        render action: :show
-      end
-    end
-
-    private
-
-    def deliver_password_reset(user, password_reset)
-      AdminMailer.password_reset(
-        user,
-        admin_password_reset_with_token_url(
-          password_reset, password_reset.token
-        )
-      ).deliver_later
-    end
-
-    def find_user_by_email(email)
-      return unless email
-
-      User.find_by_email(params[:email])
-    end
-
-    def user_params
-      params.require(:user).permit(:password, :confirm_password)
-    end
-
-    def valid_token?(reset)
-      reset && secure_compare(reset.token, params[:token])
-    end
-
-    def find_password_reset_token
-      @password_reset_token = begin
-        PasswordResetToken.find(params[:id])
-      rescue ActiveRecord::RecordNotFound
-        nil
-      end
-
-      return if valid_token?(@password_reset_token)
-
-      flash[:notice] = t("pages_core.password_reset.invalid_request")
-      redirect_to(login_admin_users_url) && return
-    end
-
-    def check_for_expired_token
-      return unless @password_reset_token.expired?
-
-      @password_reset_token.destroy
-      flash[:notice] = t("pages_core.password_reset.expired")
-      redirect_to(login_admin_users_url)
-    end
-  end
-end

data/app/controllers/sessions_controller.rb

@@ -1,27 +0,0 @@
-# frozen_string_literal: true
-
-class SessionsController < ApplicationController
-  def create
-    user = find_user(params[:email], params[:password])
-    authenticate!(user) if user
-
-    if logged_in?
-      redirect_to admin_default_url
-    else
-      flash[:notice] = t("pages_core.invalid_login")
-      redirect_to login_admin_users_url
-    end
-  end
-
-  def destroy
-    flash[:notice] = t("pages_core.logged_out")
-    deauthenticate!
-    redirect_to login_admin_users_url
-  end
-
-  protected
-
-  def find_user(email, password)
-    User.authenticate(email, password: password) if email && password
-  end
-end

data/app/javascript/controllers/LoginController.ts

@@ -1,32 +0,0 @@
-import { Controller } from "@hotwired/stimulus";
-
-export default class LoginController extends Controller {
-  declare readonly tabTargets: HTMLDivElement[];
-
-  static get targets() {
-    return ["tab"];
-  }
-
-  connect() {
-    if (this.tabTargets.length > 0) {
-      this.showTab(this.tabTargets[0].dataset.tab);
-    }
-  }
-
-  changeTab(evt: Event) {
-    evt.preventDefault();
-    if ("dataset" in evt.target && "tab" in evt.target.dataset) {
-      this.showTab(evt.target.dataset.tab);
-    }
-  }
-
-  showTab(tab: string) {
-    this.tabTargets.forEach((t) => {
-      if (t.dataset.tab == tab) {
-        t.classList.remove("hidden");
-      } else {
-        t.classList.add("hidden");
-      }
-    });
-  }
-}

data/app/models/password_reset_token.rb

@@ -1,34 +0,0 @@
-# frozen_string_literal: true
-
-class PasswordResetToken < ApplicationRecord
-  belongs_to :user
-  before_create :ensure_token
-  before_create :ensure_expiration
-
-  scope :active,  -> { where("expires_at >= ?", Time.now.utc) }
-  scope :expired, -> { where("expires_at < ?", Time.now.utc) }
-
-  class << self
-    def default_expiration
-      24.hours
-    end
-
-    def expire!
-      expired.delete_all
-    end
-  end
-
-  def expired?
-    expires_at < Time.now.utc
-  end
-
-  private
-
-  def ensure_expiration
-    self.expires_at ||= Time.now.utc + self.class.default_expiration
-  end
-
-  def ensure_token
-    self.token ||= SecureRandom.hex(32)
-  end
-end

data/app/views/admin/password_resets/show.html.erb

@@ -1,21 +0,0 @@
-<% content_for :page_title, "Reset password" %>
-<% content_for :page_description, "Please choose a new password to proceed" %>
-<% content_for :body_class, "login" %>
-
-<div class="login-form">
-  <%= form_for(@user,
-               url: admin_password_reset_path(@password_reset_token, token: @password_reset_token.token),
-               builder: PagesCore::Admin::FormBuilder,
-               class: 'form') do |f| %>
-    <%= f.labelled_password_field(:password,
-                                  autocomplete: "new-password") %>
-    <%= f.labelled_password_field(:confirm_password,
-                                  autocomplete: "new-password") %>
-    <p>
-      <button type="submit">
-        Change Password
-      </button>
-      or <%= link_to "Return to login screen", login_admin_users_path %>
-    </p>
-  <% end %>
-</div>

data/app/views/admin/users/login.html.erb

@@ -1,65 +0,0 @@
-<% content_for :page_title, "Sign in" %>
-<% content_for(:page_description,
-               "Please enter your email address and password to sign in") %>
-<% content_for :body_class, "login" %>
-
-<% content_for :sidebar do %>
-  <h2>Please note</h2>
-  <p>
-    Please contact support if you experience problems logging in or using Pages.
-  </p>
-<% end %>
-
-<div class="login-form"
-     data-controller="login">
-  <div class="login-tab password"
-       data-login-target="tab"
-       data-tab="password">
-    <%= form_tag session_path do %>
-      <p>
-        <label>Email address</label>
-        <%= text_field_tag(:email, "", autocomplete: "email") %>
-      </p>
-      <p>
-        <label>Password</label>
-        <%= password_field_tag(:password, "", autocomplete: "current-password") %>
-      </p>
-      <p>
-        <button type="submit">Sign in</button>
-      </p>
-      <ul>
-        <li>
-          <%= link_to("<b>Help!</b> I forgot my password!".html_safe,
-                      login_admin_users_path,
-                      data: {
-                        action: "click->login#changeTab",
-                        tab: "password-reset"
-          }) %>
-        </li>
-      </ul>
-    <% end %>
-  </div>
-
-  <div class="login-tab password-reset"
-       data-login-target="tab"
-       data-tab="password-reset">
-    <%= form_tag admin_password_resets_path do %>
-      <h2>
-        Forgot your password?
-      </h2>
-      <p>
-        Don't worry, it happens.
-        Enter your email address below,
-        and we'll send you a link where you can reset your password.
-      </p>
-      <p>
-        <%= text_field_tag(:email, "", autocomplete: "email") %>
-      </p>
-      <p>
-        <button type="submit">
-          Send
-        </button>
-      </p>
-    <% end %>
-  </div>
-</div>

data/app/views/admin_mailer/password_reset.text.erb

@@ -1,11 +0,0 @@
-Hi, <%= @user.name %>!
-
-We've received a request to reset the password for your account on <%= PagesCore.config(:site_name) %>.
-
-If you want to reset your password, please click the following link:
-
-<%= @url %>
-
-This will take you to a web page where you can set a new password of your choosing. The link will expire in 24 hours.
-
-If you do not want to change your password, please ignore this email.

data/lib/rails/generators/pages_core/install/templates/active_job_initializer.rb

@@ -1,3 +0,0 @@
-# frozen_string_literal: true
-
-ActiveJob::Base.queue_adapter = :delayed_job

data/lib/rails/generators/pages_core/install/templates/delayed_job

@@ -1,7 +0,0 @@
-#!/usr/bin/env ruby
-# frozen_string_literal: true
-
-require File.expand_path(File.join(File.dirname(__FILE__), "..", "config",
-                                   "environment"))
-require "delayed/command"
-Delayed::Command.new(ARGV).daemonize

data/lib/rails/generators/pages_core/install/templates/delayed_job_initializer.rb

@@ -1,18 +0,0 @@
-# frozen_string_literal: true
-
-Delayed::Worker.backend = :active_record
-
-if Object.const_defined?("Postmark")
-  class InvalidRecipientsPlugin < Delayed::Plugin
-    callbacks do |lifecycle|
-      lifecycle.around(:invoke_job) do |job, *args, &block|
-        # Forward the call to the next callback in the callback chain
-        block.call(job, *args)
-      rescue Postmark::InactiveRecipientError => e
-        Rails.logger.error "#{e.class}: #{e.message}"
-      end
-    end
-  end
-
-  Delayed::Worker.plugins << InvalidRecipientsPlugin
-end