passwordless 0.2.1 → 0.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 717a5f675e50cbb57b59ee2138833bd2847dd71c
-  data.tar.gz: 2487b137a19da048afaabc061f648a7aee659e62
+  metadata.gz: b5a2a15ba36dbcd13fb11898d26ed934083be8ba
+  data.tar.gz: e66f31f5dd29b2a6ff0813863a8af864e2db59a1
 SHA512:
-  metadata.gz: b72b379c9acd55088adabd5f0a0bad5a42f24c1e55c600896e6284e8ff54b1f9e21c0111037c7d112c6bf5df6bdc3c1bed43298e0d6e8c1495a9af8c573a0753
-  data.tar.gz: 6234dd6216fd0fecd79860b3d3277460a665001e657656c3023dae4a1ea72ae1619750e27e6fde6115e39d5d1ecec712155271effa3a7da7e0595efcf6ae4745
+  metadata.gz: 1a1665bf6d15e0b7b8ae88666c8ad6cb50c2032d57ae0aea3a640c32cb5d4c4b9e3e7bc825aaa92c1cda144218ce0c95dd71befb9275b4424ca9bd6cf4ecc636
+  data.tar.gz: 1d65cedeada62b9842afabd70d8bd51e56c30a11039f79c3eda668e1cdf2b330cfc8a6dba012e2cc2439d7423804f9c8fd79e5fdbb62cf75ee1b53b1e35928e1

data/README.md

@@ -74,6 +74,18 @@ class ApplicationController < ActionController::Base
 end
 ```
 
+Et voilá:
+
+```ruby
+class VerySecretThingsController < ApplicationController
+  before_filter :require_user!
+  
+  def index
+    @things = current_user.very_secret_things
+  end
+end
+```
+
 ## Providing your own templates
 
 Override `passwordless`' bundled views by adding your own. `passwordless` has 2 action views and 1 mailer view:
@@ -113,18 +125,18 @@ class UsersController < ApplicationController
 end
 ```
 
-Et voilá:
+## Generating tokens
+
+By default Passwordless generates tokens using Rails' `SecureRandom.urlsafe_base64` but you can change that by setting `Passwordless.token_generator` to something else that responds to `call(session)` eg.:
 
 ```ruby
-class VerySecretThingsController < ApplicationController
-  before_filter :require_user!
-  
-  def index
-    @things = current_user.very_secret_things
-  end
-end
+Passwordless.token_generator = -> (session) {
+  "probably-stupid-token-#{session.user_agent}-#{Time.current}"
+}
 ```
 
+Session is going to keep generating tokens until it finds one that hasn't been used yet. So be sure to use some kind of method where matches are unlikely.
+
 # License
 
 MIT

data/app/models/passwordless/session.rb

@@ -22,7 +22,7 @@ module Passwordless
       self.expires_at ||= 1.year.from_now
       self.timeout_at ||= 1.hour.from_now
       self.token ||= loop do
-        token = SecureRandom.urlsafe_base64(32)
+        token = Passwordless.token_generator.call(self)
         break token unless Session.find_by(token: token)
       end
     end

data/lib/passwordless.rb

@@ -1,5 +1,9 @@
-require "passwordless/engine"
+require 'passwordless/engine'
+require 'passwordless/url_safe_base_64_generator'
 
 module Passwordless
   mattr_accessor(:default_from_address) { 'CHANGE_ME@example.com' }
+  mattr_accessor(:token_generator) do
+    UrlSafeBase64Generator.new
+  end
 end

data/lib/passwordless/url_safe_base_64_generator.rb

@@ -0,0 +1,7 @@
+module Passwordless
+  class UrlSafeBase64Generator
+    def call(_session)
+      SecureRandom.urlsafe_base64(32)
+    end
+  end
+end

data/lib/passwordless/version.rb

@@ -1,3 +1,3 @@
 module Passwordless
-  VERSION = '0.2.1'
+  VERSION = '0.3.0'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: passwordless
 version: !ruby/object:Gem::Version
-  version: 0.2.1
+  version: 0.3.0
 platform: ruby
 authors:
 - Mikkel Malmberg
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-11-07 00:00:00.000000000 Z
+date: 2017-11-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -77,6 +77,7 @@ files:
 - lib/passwordless/engine.rb
 - lib/passwordless/model_helpers.rb
 - lib/passwordless/router_helpers.rb
+- lib/passwordless/url_safe_base_64_generator.rb
 - lib/passwordless/version.rb
 - lib/tasks/passwordless_tasks.rake
 homepage: https://github.com/mikker/passwordless