quo_vadis 1.3.1 → 2.0.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (126) hide show
  1. checksums.yaml +5 -5
  2. data/.gitignore +11 -8
  3. data/CHANGELOG.md +26 -0
  4. data/Gemfile +14 -1
  5. data/Gemfile.lock +178 -0
  6. data/LICENSE.txt +21 -0
  7. data/README.md +435 -127
  8. data/Rakefile +14 -16
  9. data/app/controllers/quo_vadis/confirmations_controller.rb +56 -0
  10. data/app/controllers/quo_vadis/logs_controller.rb +20 -0
  11. data/app/controllers/quo_vadis/password_resets_controller.rb +65 -0
  12. data/app/controllers/quo_vadis/passwords_controller.rb +26 -0
  13. data/app/controllers/quo_vadis/recovery_codes_controller.rb +54 -0
  14. data/app/controllers/quo_vadis/sessions_controller.rb +50 -132
  15. data/app/controllers/quo_vadis/totps_controller.rb +72 -0
  16. data/app/controllers/quo_vadis/twofas_controller.rb +26 -0
  17. data/app/mailers/quo_vadis/mailer.rb +73 -0
  18. data/app/models/quo_vadis/account.rb +59 -0
  19. data/app/models/quo_vadis/account_confirmation_token.rb +17 -0
  20. data/app/models/quo_vadis/log.rb +57 -0
  21. data/app/models/quo_vadis/password.rb +52 -0
  22. data/app/models/quo_vadis/password_reset_token.rb +17 -0
  23. data/app/models/quo_vadis/recovery_code.rb +26 -0
  24. data/app/models/quo_vadis/session.rb +55 -0
  25. data/app/models/quo_vadis/token.rb +42 -0
  26. data/app/models/quo_vadis/totp.rb +56 -0
  27. data/bin/console +15 -0
  28. data/bin/rails +21 -0
  29. data/bin/setup +8 -0
  30. data/config/locales/quo_vadis.en.yml +51 -18
  31. data/config/routes.rb +40 -12
  32. data/db/migrate/202102150904_setup.rb +48 -0
  33. data/lib/generators/quo_vadis/install_generator.rb +4 -23
  34. data/lib/quo_vadis.rb +100 -106
  35. data/lib/quo_vadis/controller.rb +227 -0
  36. data/lib/quo_vadis/crypt.rb +43 -0
  37. data/lib/quo_vadis/current_request_details.rb +11 -0
  38. data/lib/quo_vadis/defaults.rb +18 -0
  39. data/lib/quo_vadis/encrypted_type.rb +17 -0
  40. data/lib/quo_vadis/engine.rb +9 -11
  41. data/lib/quo_vadis/hmacable.rb +26 -0
  42. data/lib/quo_vadis/ip_masking.rb +31 -0
  43. data/lib/quo_vadis/model.rb +86 -0
  44. data/lib/quo_vadis/version.rb +3 -1
  45. data/quo_vadis.gemspec +18 -24
  46. metadata +49 -229
  47. data/app/controllers/controller_mixin.rb +0 -109
  48. data/app/mailers/quo_vadis/notifier.rb +0 -30
  49. data/app/models/model_mixin.rb +0 -128
  50. data/lib/generators/quo_vadis/templates/migration.rb.erb +0 -18
  51. data/lib/generators/quo_vadis/templates/quo_vadis.rb.erb +0 -96
  52. data/test/dummy/.gitignore +0 -2
  53. data/test/dummy/Rakefile +0 -7
  54. data/test/dummy/app/controllers/application_controller.rb +0 -3
  55. data/test/dummy/app/controllers/articles_controller.rb +0 -20
  56. data/test/dummy/app/controllers/users_controller.rb +0 -17
  57. data/test/dummy/app/helpers/application_helper.rb +0 -2
  58. data/test/dummy/app/helpers/articles_helper.rb +0 -2
  59. data/test/dummy/app/models/article.rb +0 -2
  60. data/test/dummy/app/models/person.rb +0 -3
  61. data/test/dummy/app/models/user.rb +0 -3
  62. data/test/dummy/app/views/articles/index.html.erb +0 -1
  63. data/test/dummy/app/views/articles/new.html.erb +0 -11
  64. data/test/dummy/app/views/layouts/application.html.erb +0 -30
  65. data/test/dummy/app/views/layouts/sessions.html.erb +0 -3
  66. data/test/dummy/app/views/quo_vadis/notifier/change_password.text.erb +0 -9
  67. data/test/dummy/app/views/quo_vadis/notifier/invite.text.erb +0 -8
  68. data/test/dummy/app/views/sessions/edit.html.erb +0 -11
  69. data/test/dummy/app/views/sessions/forgotten.html.erb +0 -13
  70. data/test/dummy/app/views/sessions/invite.html.erb +0 -31
  71. data/test/dummy/app/views/sessions/new.html.erb +0 -15
  72. data/test/dummy/app/views/users/new.html.erb +0 -14
  73. data/test/dummy/config.ru +0 -4
  74. data/test/dummy/config/application.rb +0 -21
  75. data/test/dummy/config/boot.rb +0 -10
  76. data/test/dummy/config/database.yml +0 -22
  77. data/test/dummy/config/environment.rb +0 -5
  78. data/test/dummy/config/environments/development.rb +0 -26
  79. data/test/dummy/config/environments/production.rb +0 -49
  80. data/test/dummy/config/environments/test.rb +0 -37
  81. data/test/dummy/config/initializers/backtrace_silencers.rb +0 -7
  82. data/test/dummy/config/initializers/inflections.rb +0 -10
  83. data/test/dummy/config/initializers/mime_types.rb +0 -5
  84. data/test/dummy/config/initializers/quo_vadis.rb +0 -84
  85. data/test/dummy/config/initializers/rack_patch.rb +0 -16
  86. data/test/dummy/config/initializers/secret_token.rb +0 -7
  87. data/test/dummy/config/initializers/session_store.rb +0 -8
  88. data/test/dummy/config/locales/en.yml +0 -5
  89. data/test/dummy/config/locales/quo_vadis.en.yml +0 -21
  90. data/test/dummy/config/routes.rb +0 -5
  91. data/test/dummy/db/migrate/20110124125037_create_users.rb +0 -13
  92. data/test/dummy/db/migrate/20110124131535_create_articles.rb +0 -14
  93. data/test/dummy/db/migrate/20110127094709_add_authentication_to_users.rb +0 -18
  94. data/test/dummy/db/migrate/20111004112209_create_people.rb +0 -13
  95. data/test/dummy/db/migrate/20111004132342_add_authentication_to_people.rb +0 -18
  96. data/test/dummy/db/schema.rb +0 -33
  97. data/test/dummy/public/404.html +0 -26
  98. data/test/dummy/public/422.html +0 -26
  99. data/test/dummy/public/500.html +0 -26
  100. data/test/dummy/public/favicon.ico +0 -0
  101. data/test/dummy/public/javascripts/application.js +0 -2
  102. data/test/dummy/public/javascripts/controls.js +0 -965
  103. data/test/dummy/public/javascripts/dragdrop.js +0 -974
  104. data/test/dummy/public/javascripts/effects.js +0 -1123
  105. data/test/dummy/public/javascripts/prototype.js +0 -6001
  106. data/test/dummy/public/javascripts/rails.js +0 -175
  107. data/test/dummy/public/stylesheets/.gitkeep +0 -0
  108. data/test/dummy/script/rails +0 -6
  109. data/test/integration/activation_test.rb +0 -108
  110. data/test/integration/authenticate_test.rb +0 -39
  111. data/test/integration/blocked_test.rb +0 -23
  112. data/test/integration/config_test.rb +0 -132
  113. data/test/integration/cookie_test.rb +0 -67
  114. data/test/integration/csrf_test.rb +0 -41
  115. data/test/integration/forgotten_test.rb +0 -93
  116. data/test/integration/helper_test.rb +0 -18
  117. data/test/integration/locale_test.rb +0 -197
  118. data/test/integration/navigation_test.rb +0 -7
  119. data/test/integration/sign_in_person_test.rb +0 -26
  120. data/test/integration/sign_in_test.rb +0 -24
  121. data/test/integration/sign_out_test.rb +0 -20
  122. data/test/integration/sign_up_test.rb +0 -21
  123. data/test/quo_vadis_test.rb +0 -7
  124. data/test/support/integration_case.rb +0 -11
  125. data/test/test_helper.rb +0 -88
  126. data/test/unit/user_test.rb +0 -75
@@ -1,13 +0,0 @@
1
- <h1>Forgotten your password?</h1>
2
-
3
- <p>Don't worry, it happens to the best of us. Just tell us who you are, and we'll send you an email explaining how to change your password.</p>
4
-
5
- <%= form_tag forgotten_sign_in_path do %>
6
- <p>
7
- <%= label_tag :username %>
8
- <%= text_field_tag :username %>
9
- </p>
10
- <p>
11
- <%= submit_tag 'Send me that email' %>
12
- </p>
13
- <% end %>
@@ -1,31 +0,0 @@
1
- <h1>Choose your username and password</h1>
2
-
3
- <%= form_tag activation_path(params[:token]) do %>
4
- <p>
5
- <%= label_tag :username %>
6
- <%= text_field_tag :username %>
7
- </p>
8
- <p>
9
- <%= label_tag :password %>
10
- <%= password_field_tag :password %>
11
- </p>
12
- <p>
13
- <%= submit_tag 'Save my details' %>
14
- </p>
15
- <% end %>
16
-
17
- <!-- OR, to use Rails' form validation helpers:
18
- <%= form_for @user, url: activation_path(params[:token]), html: {method: :post} do |f| %>
19
- <p>
20
- <%= label_tag :password %>
21
- <%= f.text_field :username, name: 'username' %>
22
- </p>
23
- <p>
24
- <%= label_tag :password %>
25
- <%= f.password_field :password, name: 'password' %>
26
- </p>
27
- <p>
28
- <%= submit_tag 'Save my details' %>
29
- </p>
30
- <% end %>
31
- -->
@@ -1,15 +0,0 @@
1
- <h1>Sign in</h1>
2
-
3
- <%= form_tag sign_in_path do %>
4
- <p>
5
- <%= label_tag :username %>
6
- <%= text_field_tag :username %>
7
- </p>
8
- <p>
9
- <%= label_tag :password %>
10
- <%= password_field_tag :password %>
11
- </p>
12
- <p>
13
- <%= submit_tag 'Sign in' %>
14
- </p>
15
- <% end %>
@@ -1,14 +0,0 @@
1
- <h1>Sign up</h1>
2
-
3
- <%= form_for @user do |f| %>
4
- <%= f.label :name %>
5
- <%= f.text_field :name %>
6
-
7
- <%= f.label :username %>
8
- <%= f.text_field :username %>
9
-
10
- <%= f.label :password %>
11
- <%= f.password_field :password %>
12
-
13
- <%= f.submit 'Sign up' %>
14
- <% end %>
data/test/dummy/config.ru DELETED
@@ -1,4 +0,0 @@
1
- # This file is used by Rack-based servers to start the application.
2
-
3
- require ::File.expand_path('../config/environment', __FILE__)
4
- run Dummy::Application
@@ -1,21 +0,0 @@
1
- require File.expand_path('../boot', __FILE__)
2
-
3
- require "active_model/railtie"
4
- require "active_record/railtie"
5
- require "action_controller/railtie"
6
- require "action_view/railtie"
7
- require "action_mailer/railtie"
8
-
9
- Bundler.require
10
- require 'quo_vadis'
11
-
12
- module Dummy
13
- class Application < Rails::Application
14
- # Configure the default encoding used in templates for Ruby 1.9.
15
- config.encoding = "utf-8"
16
-
17
- # Configure sensitive parameters which will be filtered from the log file.
18
- config.filter_parameters += [:password]
19
- end
20
- end
21
-
@@ -1,10 +0,0 @@
1
- require 'rubygems'
2
- gemfile = File.expand_path('../../../../Gemfile', __FILE__)
3
-
4
- if File.exist?(gemfile)
5
- ENV['BUNDLE_GEMFILE'] = gemfile
6
- require 'bundler'
7
- Bundler.setup
8
- end
9
-
10
- $:.unshift File.expand_path('../../../../lib', __FILE__)
@@ -1,22 +0,0 @@
1
- # SQLite version 3.x
2
- # gem install sqlite3-ruby (not necessary on OS X Leopard)
3
- development:
4
- adapter: sqlite3
5
- database: db/development.sqlite3
6
- pool: 5
7
- timeout: 5000
8
-
9
- # Warning: The database defined as "test" will be erased and
10
- # re-generated from your development database when you run "rake".
11
- # Do not set this db to the same as development or production.
12
- test:
13
- adapter: sqlite3
14
- database: db/test.sqlite3
15
- pool: 5
16
- timeout: 5000
17
-
18
- production:
19
- adapter: sqlite3
20
- database: db/production.sqlite3
21
- pool: 5
22
- timeout: 5000
@@ -1,5 +0,0 @@
1
- # Load the rails application
2
- require File.expand_path('../application', __FILE__)
3
-
4
- # Initialize the rails application
5
- Dummy::Application.initialize!
@@ -1,26 +0,0 @@
1
- Dummy::Application.configure do
2
- # Settings specified here will take precedence over those in config/application.rb
3
-
4
- # In the development environment your application's code is reloaded on
5
- # every request. This slows down response time but is perfect for development
6
- # since you don't have to restart the webserver when you make code changes.
7
- config.cache_classes = false
8
-
9
- # Log error messages when you accidentally call methods on nil.
10
- config.whiny_nils = true
11
-
12
- # Show full error reports and disable caching
13
- config.consider_all_requests_local = true
14
- config.action_view.debug_rjs = true
15
- config.action_controller.perform_caching = false
16
-
17
- # Don't care if the mailer can't send
18
- config.action_mailer.raise_delivery_errors = false
19
-
20
- # Print deprecation notices to the Rails logger
21
- config.active_support.deprecation = :log
22
-
23
- # Only use best-standards-support built into browsers
24
- config.action_dispatch.best_standards_support = :builtin
25
- end
26
-
@@ -1,49 +0,0 @@
1
- Dummy::Application.configure do
2
- # Settings specified here will take precedence over those in config/application.rb
3
-
4
- # The production environment is meant for finished, "live" apps.
5
- # Code is not reloaded between requests
6
- config.cache_classes = true
7
-
8
- # Full error reports are disabled and caching is turned on
9
- config.consider_all_requests_local = false
10
- config.action_controller.perform_caching = true
11
-
12
- # Specifies the header that your server uses for sending files
13
- config.action_dispatch.x_sendfile_header = "X-Sendfile"
14
-
15
- # For nginx:
16
- # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect'
17
-
18
- # If you have no front-end server that supports something like X-Sendfile,
19
- # just comment this out and Rails will serve the files
20
-
21
- # See everything in the log (default is :info)
22
- # config.log_level = :debug
23
-
24
- # Use a different logger for distributed setups
25
- # config.logger = SyslogLogger.new
26
-
27
- # Use a different cache store in production
28
- # config.cache_store = :mem_cache_store
29
-
30
- # Disable Rails's static asset server
31
- # In production, Apache or nginx will already do this
32
- config.serve_static_assets = false
33
-
34
- # Enable serving of images, stylesheets, and javascripts from an asset server
35
- # config.action_controller.asset_host = "http://assets.example.com"
36
-
37
- # Disable delivery errors, bad email addresses will be ignored
38
- # config.action_mailer.raise_delivery_errors = false
39
-
40
- # Enable threaded mode
41
- # config.threadsafe!
42
-
43
- # Enable locale fallbacks for I18n (makes lookups for any locale fall back to
44
- # the I18n.default_locale when a translation can not be found)
45
- config.i18n.fallbacks = true
46
-
47
- # Send deprecation notices to registered listeners
48
- config.active_support.deprecation = :notify
49
- end
@@ -1,37 +0,0 @@
1
- Dummy::Application.configure do
2
- # Settings specified here will take precedence over those in config/application.rb
3
-
4
- # The test environment is used exclusively to run your application's
5
- # test suite. You never need to work with it otherwise. Remember that
6
- # your test database is "scratch space" for the test suite and is wiped
7
- # and recreated between test runs. Don't rely on the data there!
8
- config.cache_classes = true
9
-
10
- # Log error messages when you accidentally call methods on nil.
11
- config.whiny_nils = true
12
-
13
- # Show full error reports and disable caching
14
- config.consider_all_requests_local = true
15
- config.action_controller.perform_caching = false
16
-
17
- # Raise exceptions instead of rendering exception templates
18
- config.action_dispatch.show_exceptions = false
19
-
20
- # Enable request forgery protection in test environment
21
- config.action_controller.allow_forgery_protection = true
22
-
23
- # Tell Action Mailer not to deliver emails to the real world.
24
- # The :test delivery method accumulates sent emails in the
25
- # ActionMailer::Base.deliveries array.
26
- config.action_mailer.delivery_method = :test
27
-
28
- config.action_mailer.default_url_options = {:host => 'www.example.com'}
29
-
30
- # Use SQL instead of Active Record's schema dumper when creating the test database.
31
- # This is necessary if your schema can't be completely dumped by the schema dumper,
32
- # like if you have constraints or database-specific column types
33
- # config.active_record.schema_format = :sql
34
-
35
- # Print deprecation notices to the stderr
36
- config.active_support.deprecation = :stderr
37
- end
@@ -1,7 +0,0 @@
1
- # Be sure to restart your server when you modify this file.
2
-
3
- # You can add backtrace silencers for libraries that you're using but don't wish to see in your backtraces.
4
- # Rails.backtrace_cleaner.add_silencer { |line| line =~ /my_noisy_library/ }
5
-
6
- # You can also remove all the silencers if you're trying to debug a problem that might stem from framework code.
7
- # Rails.backtrace_cleaner.remove_silencers!
@@ -1,10 +0,0 @@
1
- # Be sure to restart your server when you modify this file.
2
-
3
- # Add new inflection rules using the following format
4
- # (all these examples are active by default):
5
- # ActiveSupport::Inflector.inflections do |inflect|
6
- # inflect.plural /^(ox)$/i, '\1en'
7
- # inflect.singular /^(ox)en/i, '\1'
8
- # inflect.irregular 'person', 'people'
9
- # inflect.uncountable %w( fish sheep )
10
- # end
@@ -1,5 +0,0 @@
1
- # Be sure to restart your server when you modify this file.
2
-
3
- # Add new mime types for use in respond_to blocks:
4
- # Mime::Type.register "text/richtext", :rtf
5
- # Mime::Type.register_alias "text/html", :iphone
@@ -1,84 +0,0 @@
1
- QuoVadis.configure do |config|
2
-
3
- #
4
- # Sign in
5
- #
6
-
7
- # The URL to redirect the user to after s/he signs in.
8
- # Use a proc if the URL depends on the user. E.g.:
9
- #
10
- # config.signed_in_url = Proc.new do |user|
11
- # user.admin? ? :admin : :root
12
- # end
13
- #
14
- # See also `:override_original_url`.
15
- config.signed_in_url = :root
16
-
17
- # Whether the `:signed_in_url` should override the URL the user was trying
18
- # to reach when they were made to authenticate.
19
- config.override_original_url = false
20
-
21
- # Code to run when the user has signed in. E.g.:
22
- #
23
- # config.signed_in_hook = Proc.new do |user, controller|
24
- # user.increment! :sign_in_count # assuming this attribute exists
25
- # end
26
- config.signed_in_hook = nil
27
-
28
- # Code to run when someone has tried but failed to sign in. E.g.:
29
- #
30
- # config.failed_sign_in_hook = Proc.new do |controller|
31
- # Rails.logger.info "Failed sign in from #{controller.request.remote_ip}"
32
- # end
33
- config.failed_sign_in_hook = nil
34
-
35
- # How long to remember user across browser sessions.
36
- # Set to <tt>nil</tt> to never remember user.
37
- config.remember_for = 2.weeks
38
-
39
- # Code to run to determine whether the sign-in process is blocked to the user. E.g.:
40
- #
41
- # config.blocked = Proc.new do |controller|
42
- # # Assuming a SignIn model with scopes for `failed`, `last_day`, `for_ip`.
43
- # SignIn.failed.last_day.for_ip(controller.request.remote_ip) >= 5
44
- # end
45
- config.blocked = false
46
-
47
-
48
- #
49
- # Sign out
50
- #
51
-
52
- # The URL to redirect the user to after s/he signs out.
53
- config.signed_out_url = :root
54
-
55
- # Code to run just before the user has signed out. E.g.:
56
- #
57
- # config.signed_out_hook = Proc.new do |user, controller|
58
- # controller.session.reset
59
- # end
60
- config.signed_out_hook = nil
61
-
62
-
63
- #
64
- # Forgotten-password Mailer
65
- #
66
-
67
- # From whom the forgotten-password email should be sent.
68
- config.from = 'noreply@example.com'
69
-
70
- # Subject of the forgotten-password email.
71
- config.subject_change_password = 'Change your password'
72
-
73
- # Subject of the invitation email.
74
- config.subject_invitation = 'Activate your account'
75
-
76
-
77
- #
78
- # Miscellaneous
79
- #
80
-
81
- # Layout for the sign-in view. Pass a string or a symbol.
82
- config.layout = 'application'
83
-
84
- end
@@ -1,16 +0,0 @@
1
- # TODO: remove once on Rack 1.3.0.
2
- # https://github.com/jnicklas/capybara/issues/87#issuecomment-2106788
3
- module Rack
4
- module Utils
5
-
6
- def escape(s)
7
- CGI.escape s.to_s
8
- end
9
-
10
- def unescape(s)
11
- CGI.unescape s
12
- end
13
-
14
- end
15
- end
16
-
@@ -1,7 +0,0 @@
1
- # Be sure to restart your server when you modify this file.
2
-
3
- # Your secret key for verifying the integrity of signed cookies.
4
- # If you change this key, all old signed cookies will become invalid!
5
- # Make sure the secret is at least 30 characters and all random,
6
- # no regular words or you'll be exposed to dictionary attacks.
7
- Dummy::Application.config.secret_token = 'f1a18259451d9108e9c4e2ff90df5ac2781e7c6cb570db616d20d451f9657c57fae753791b756a7815fc46d0709d78745c56e78a6412dca98462c2d6c9d5f99b'
@@ -1,8 +0,0 @@
1
- # Be sure to restart your server when you modify this file.
2
-
3
- Dummy::Application.config.session_store :cookie_store, :key => '_dummy_session'
4
-
5
- # Use the database for sessions instead of the cookie-based default,
6
- # which shouldn't be used to store highly confidential information
7
- # (create the session table with "rails generate session_migration")
8
- # Dummy::Application.config.session_store :active_record_store
@@ -1,5 +0,0 @@
1
- # Sample localization file for English. Add more files in this directory for other locales.
2
- # See http://github.com/svenfuchs/rails-i18n/tree/master/rails%2Flocale for starting points.
3
-
4
- en:
5
- hello: "Hello world"
@@ -1,21 +0,0 @@
1
- en:
2
- quo_vadis:
3
- flash:
4
- sign_in:
5
- before: 'Please sign in first.'
6
- after: 'You have successfully signed in.'
7
- failed: 'Sorry, we did not recognise you.'
8
- blocked: 'Sorry, your account is blocked.'
9
-
10
- sign_out: 'You have successfully signed out.'
11
-
12
- forgotten:
13
- unknown: "Sorry, we did not recognise you."
14
- no_email: "Sorry, we don't have an email address for you."
15
- sent_email: "We've emailed you a link where you can change your password."
16
- invalid_token: "Sorry, this link isn't valid anymore."
17
- password_changed: "You have successfully changed your password and you're now signed in."
18
-
19
- activation:
20
- accepted: "Your account is active and you're now signed in."
21
- invalid_token: "Sorry, this link isn't valid anymore."