passwordless 0.2.0 → 0.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: b5a2a15ba36dbcd13fb11898d26ed934083be8ba
|
|
4
|
+
data.tar.gz: e66f31f5dd29b2a6ff0813863a8af864e2db59a1
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 1a1665bf6d15e0b7b8ae88666c8ad6cb50c2032d57ae0aea3a640c32cb5d4c4b9e3e7bc825aaa92c1cda144218ce0c95dd71befb9275b4424ca9bd6cf4ecc636
|
|
7
|
+
data.tar.gz: 1d65cedeada62b9842afabd70d8bd51e56c30a11039f79c3eda668e1cdf2b330cfc8a6dba012e2cc2439d7423804f9c8fd79e5fdbb62cf75ee1b53b1e35928e1
|
data/README.md
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
<p align='center'>
|
|
2
|
-
<img src='https://s3.brnbw.com/Passwordless-title-
|
|
2
|
+
<img src='https://s3.brnbw.com/Passwordless-title-gaIVkX0sPg.svg' alt='Passwordless' />
|
|
3
3
|
<br />
|
|
4
4
|
<br />
|
|
5
5
|
</p>
|
|
@@ -74,6 +74,18 @@ class ApplicationController < ActionController::Base
|
|
|
74
74
|
end
|
|
75
75
|
```
|
|
76
76
|
|
|
77
|
+
Et voilá:
|
|
78
|
+
|
|
79
|
+
```ruby
|
|
80
|
+
class VerySecretThingsController < ApplicationController
|
|
81
|
+
before_filter :require_user!
|
|
82
|
+
|
|
83
|
+
def index
|
|
84
|
+
@things = current_user.very_secret_things
|
|
85
|
+
end
|
|
86
|
+
end
|
|
87
|
+
```
|
|
88
|
+
|
|
77
89
|
## Providing your own templates
|
|
78
90
|
|
|
79
91
|
Override `passwordless`' bundled views by adding your own. `passwordless` has 2 action views and 1 mailer view:
|
|
@@ -91,7 +103,7 @@ See [the bundled views](https://github.com/mikker/passwordless/tree/master/app/v
|
|
|
91
103
|
|
|
92
104
|
## Registering new users
|
|
93
105
|
|
|
94
|
-
Because your `User` record is
|
|
106
|
+
Because your `User` record is like any other record, you create one like you normally would. Passwordless provides a helper method you can use to sign in the created user after it is saved like so:
|
|
95
107
|
|
|
96
108
|
```ruby
|
|
97
109
|
class UsersController < ApplicationController
|
|
@@ -113,18 +125,18 @@ class UsersController < ApplicationController
|
|
|
113
125
|
end
|
|
114
126
|
```
|
|
115
127
|
|
|
116
|
-
|
|
128
|
+
## Generating tokens
|
|
129
|
+
|
|
130
|
+
By default Passwordless generates tokens using Rails' `SecureRandom.urlsafe_base64` but you can change that by setting `Passwordless.token_generator` to something else that responds to `call(session)` eg.:
|
|
117
131
|
|
|
118
132
|
```ruby
|
|
119
|
-
|
|
120
|
-
|
|
121
|
-
|
|
122
|
-
def index
|
|
123
|
-
@things = current_user.very_secret_things
|
|
124
|
-
end
|
|
125
|
-
end
|
|
133
|
+
Passwordless.token_generator = -> (session) {
|
|
134
|
+
"probably-stupid-token-#{session.user_agent}-#{Time.current}"
|
|
135
|
+
}
|
|
126
136
|
```
|
|
127
137
|
|
|
138
|
+
Session is going to keep generating tokens until it finds one that hasn't been used yet. So be sure to use some kind of method where matches are unlikely.
|
|
139
|
+
|
|
128
140
|
# License
|
|
129
141
|
|
|
130
142
|
MIT
|
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
require 'bcrypt'
|
|
2
|
+
|
|
1
3
|
module Passwordless
|
|
2
4
|
class SessionsController < ApplicationController
|
|
3
5
|
include ControllerHelpers
|
|
@@ -30,6 +32,9 @@ module Passwordless
|
|
|
30
32
|
end
|
|
31
33
|
|
|
32
34
|
def show
|
|
35
|
+
# Make it "slow" on purpose to make brute-force attacks more of a hassle
|
|
36
|
+
BCrypt::Password.create(params[:token])
|
|
37
|
+
|
|
33
38
|
session = Session.valid.find_by!(
|
|
34
39
|
authenticatable_type: authenticatable_classname,
|
|
35
40
|
token: params[:token]
|
|
@@ -22,7 +22,7 @@ module Passwordless
|
|
|
22
22
|
self.expires_at ||= 1.year.from_now
|
|
23
23
|
self.timeout_at ||= 1.hour.from_now
|
|
24
24
|
self.token ||= loop do
|
|
25
|
-
token =
|
|
25
|
+
token = Passwordless.token_generator.call(self)
|
|
26
26
|
break token unless Session.find_by(token: token)
|
|
27
27
|
end
|
|
28
28
|
end
|
data/lib/passwordless/version.rb
CHANGED
data/lib/passwordless.rb
CHANGED
|
@@ -1,5 +1,9 @@
|
|
|
1
|
-
require
|
|
1
|
+
require 'passwordless/engine'
|
|
2
|
+
require 'passwordless/url_safe_base_64_generator'
|
|
2
3
|
|
|
3
4
|
module Passwordless
|
|
4
5
|
mattr_accessor(:default_from_address) { 'CHANGE_ME@example.com' }
|
|
6
|
+
mattr_accessor(:token_generator) do
|
|
7
|
+
UrlSafeBase64Generator.new
|
|
8
|
+
end
|
|
5
9
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: passwordless
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.3.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Mikkel Malmberg
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2017-11-
|
|
11
|
+
date: 2017-11-11 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rails
|
|
@@ -24,6 +24,20 @@ dependencies:
|
|
|
24
24
|
- - "~>"
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
26
|
version: 5.1.4
|
|
27
|
+
- !ruby/object:Gem::Dependency
|
|
28
|
+
name: bcrypt
|
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
|
30
|
+
requirements:
|
|
31
|
+
- - "~>"
|
|
32
|
+
- !ruby/object:Gem::Version
|
|
33
|
+
version: 3.1.11
|
|
34
|
+
type: :runtime
|
|
35
|
+
prerelease: false
|
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
37
|
+
requirements:
|
|
38
|
+
- - "~>"
|
|
39
|
+
- !ruby/object:Gem::Version
|
|
40
|
+
version: 3.1.11
|
|
27
41
|
- !ruby/object:Gem::Dependency
|
|
28
42
|
name: sqlite3
|
|
29
43
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -63,6 +77,7 @@ files:
|
|
|
63
77
|
- lib/passwordless/engine.rb
|
|
64
78
|
- lib/passwordless/model_helpers.rb
|
|
65
79
|
- lib/passwordless/router_helpers.rb
|
|
80
|
+
- lib/passwordless/url_safe_base_64_generator.rb
|
|
66
81
|
- lib/passwordless/version.rb
|
|
67
82
|
- lib/tasks/passwordless_tasks.rake
|
|
68
83
|
homepage: https://github.com/mikker/passwordless
|