passwordless 0.2.0 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: d3bdc9fe84110cc587576344e493cbe16a0a9a74
4
- data.tar.gz: 1d7558d9be99a4764c21eb6fda029a765a9540bb
3
+ metadata.gz: b5a2a15ba36dbcd13fb11898d26ed934083be8ba
4
+ data.tar.gz: e66f31f5dd29b2a6ff0813863a8af864e2db59a1
5
5
  SHA512:
6
- metadata.gz: 6ec72945db7eec026bd640a3116c82fc9b5eea790cea4405bf9593815ed2e02edc3d91e58c82bdc52122a6190e512eb8013e51ca198d0b47cd961491d5f471aa
7
- data.tar.gz: 0ca8c6e2e4d6bed6fab0351200acef5ac9e65a1526c2cd7503d751d967da8fd96d7200d005310600af693af00fde068aee7541b185e8969612342f32155dca4a
6
+ metadata.gz: 1a1665bf6d15e0b7b8ae88666c8ad6cb50c2032d57ae0aea3a640c32cb5d4c4b9e3e7bc825aaa92c1cda144218ce0c95dd71befb9275b4424ca9bd6cf4ecc636
7
+ data.tar.gz: 1d65cedeada62b9842afabd70d8bd51e56c30a11039f79c3eda668e1cdf2b330cfc8a6dba012e2cc2439d7423804f9c8fd79e5fdbb62cf75ee1b53b1e35928e1
data/README.md CHANGED
@@ -1,5 +1,5 @@
1
1
  <p align='center'>
2
- <img src='https://s3.brnbw.com/Passwordless-title-JO71NQv7Q0.svg' alt='Passwordless' />
2
+ <img src='https://s3.brnbw.com/Passwordless-title-gaIVkX0sPg.svg' alt='Passwordless' />
3
3
  <br />
4
4
  <br />
5
5
  </p>
@@ -74,6 +74,18 @@ class ApplicationController < ActionController::Base
74
74
  end
75
75
  ```
76
76
 
77
+ Et voilá:
78
+
79
+ ```ruby
80
+ class VerySecretThingsController < ApplicationController
81
+ before_filter :require_user!
82
+
83
+ def index
84
+ @things = current_user.very_secret_things
85
+ end
86
+ end
87
+ ```
88
+
77
89
  ## Providing your own templates
78
90
 
79
91
  Override `passwordless`' bundled views by adding your own. `passwordless` has 2 action views and 1 mailer view:
@@ -91,7 +103,7 @@ See [the bundled views](https://github.com/mikker/passwordless/tree/master/app/v
91
103
 
92
104
  ## Registering new users
93
105
 
94
- Because your `User` record is just any other record, you just create one like you normally would. Passwordless provides a helper method you can use to sign in the created user after it is saved like so:
106
+ Because your `User` record is like any other record, you create one like you normally would. Passwordless provides a helper method you can use to sign in the created user after it is saved like so:
95
107
 
96
108
  ```ruby
97
109
  class UsersController < ApplicationController
@@ -113,18 +125,18 @@ class UsersController < ApplicationController
113
125
  end
114
126
  ```
115
127
 
116
- Et voilá:
128
+ ## Generating tokens
129
+
130
+ By default Passwordless generates tokens using Rails' `SecureRandom.urlsafe_base64` but you can change that by setting `Passwordless.token_generator` to something else that responds to `call(session)` eg.:
117
131
 
118
132
  ```ruby
119
- class VerySecretThingsController < ApplicationController
120
- before_filter :require_user!
121
-
122
- def index
123
- @things = current_user.very_secret_things
124
- end
125
- end
133
+ Passwordless.token_generator = -> (session) {
134
+ "probably-stupid-token-#{session.user_agent}-#{Time.current}"
135
+ }
126
136
  ```
127
137
 
138
+ Session is going to keep generating tokens until it finds one that hasn't been used yet. So be sure to use some kind of method where matches are unlikely.
139
+
128
140
  # License
129
141
 
130
142
  MIT
@@ -1,3 +1,5 @@
1
+ require 'bcrypt'
2
+
1
3
  module Passwordless
2
4
  class SessionsController < ApplicationController
3
5
  include ControllerHelpers
@@ -30,6 +32,9 @@ module Passwordless
30
32
  end
31
33
 
32
34
  def show
35
+ # Make it "slow" on purpose to make brute-force attacks more of a hassle
36
+ BCrypt::Password.create(params[:token])
37
+
33
38
  session = Session.valid.find_by!(
34
39
  authenticatable_type: authenticatable_classname,
35
40
  token: params[:token]
@@ -22,7 +22,7 @@ module Passwordless
22
22
  self.expires_at ||= 1.year.from_now
23
23
  self.timeout_at ||= 1.hour.from_now
24
24
  self.token ||= loop do
25
- token = SecureRandom.urlsafe_base64(32)
25
+ token = Passwordless.token_generator.call(self)
26
26
  break token unless Session.find_by(token: token)
27
27
  end
28
28
  end
@@ -0,0 +1,7 @@
1
+ module Passwordless
2
+ class UrlSafeBase64Generator
3
+ def call(_session)
4
+ SecureRandom.urlsafe_base64(32)
5
+ end
6
+ end
7
+ end
@@ -1,3 +1,3 @@
1
1
  module Passwordless
2
- VERSION = '0.2.0'
2
+ VERSION = '0.3.0'
3
3
  end
data/lib/passwordless.rb CHANGED
@@ -1,5 +1,9 @@
1
- require "passwordless/engine"
1
+ require 'passwordless/engine'
2
+ require 'passwordless/url_safe_base_64_generator'
2
3
 
3
4
  module Passwordless
4
5
  mattr_accessor(:default_from_address) { 'CHANGE_ME@example.com' }
6
+ mattr_accessor(:token_generator) do
7
+ UrlSafeBase64Generator.new
8
+ end
5
9
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: passwordless
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.0
4
+ version: 0.3.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Mikkel Malmberg
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2017-11-06 00:00:00.000000000 Z
11
+ date: 2017-11-11 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rails
@@ -24,6 +24,20 @@ dependencies:
24
24
  - - "~>"
25
25
  - !ruby/object:Gem::Version
26
26
  version: 5.1.4
27
+ - !ruby/object:Gem::Dependency
28
+ name: bcrypt
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - "~>"
32
+ - !ruby/object:Gem::Version
33
+ version: 3.1.11
34
+ type: :runtime
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - "~>"
39
+ - !ruby/object:Gem::Version
40
+ version: 3.1.11
27
41
  - !ruby/object:Gem::Dependency
28
42
  name: sqlite3
29
43
  requirement: !ruby/object:Gem::Requirement
@@ -63,6 +77,7 @@ files:
63
77
  - lib/passwordless/engine.rb
64
78
  - lib/passwordless/model_helpers.rb
65
79
  - lib/passwordless/router_helpers.rb
80
+ - lib/passwordless/url_safe_base_64_generator.rb
66
81
  - lib/passwordless/version.rb
67
82
  - lib/tasks/passwordless_tasks.rake
68
83
  homepage: https://github.com/mikker/passwordless