quo_vadis 1.4.0 → 2.0.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/.gitignore +11 -7
- data/CHANGELOG.md +22 -0
- data/Gemfile +11 -1
- data/LICENSE.txt +21 -0
- data/README.md +453 -127
- data/Rakefile +15 -9
- data/app/controllers/quo_vadis/confirmations_controller.rb +102 -0
- data/app/controllers/quo_vadis/logs_controller.rb +20 -0
- data/app/controllers/quo_vadis/password_resets_controller.rb +65 -0
- data/app/controllers/quo_vadis/passwords_controller.rb +26 -0
- data/app/controllers/quo_vadis/recovery_codes_controller.rb +54 -0
- data/app/controllers/quo_vadis/sessions_controller.rb +50 -132
- data/app/controllers/quo_vadis/totps_controller.rb +72 -0
- data/app/controllers/quo_vadis/twofas_controller.rb +26 -0
- data/app/mailers/quo_vadis/mailer.rb +73 -0
- data/app/models/quo_vadis/account.rb +59 -0
- data/app/models/quo_vadis/account_confirmation_token.rb +17 -0
- data/app/models/quo_vadis/log.rb +57 -0
- data/app/models/quo_vadis/password.rb +52 -0
- data/app/models/quo_vadis/password_reset_token.rb +17 -0
- data/app/models/quo_vadis/recovery_code.rb +26 -0
- data/app/models/quo_vadis/session.rb +55 -0
- data/app/models/quo_vadis/token.rb +42 -0
- data/app/models/quo_vadis/totp.rb +56 -0
- data/bin/console +15 -0
- data/bin/rails +21 -0
- data/bin/setup +8 -0
- data/config/locales/quo_vadis.en.yml +50 -23
- data/config/routes.rb +46 -12
- data/db/migrate/202102150904_setup.rb +48 -0
- data/lib/generators/quo_vadis/install_generator.rb +4 -23
- data/lib/quo_vadis.rb +103 -97
- data/lib/quo_vadis/controller.rb +228 -0
- data/lib/quo_vadis/crypt.rb +43 -0
- data/lib/quo_vadis/current_request_details.rb +11 -0
- data/lib/quo_vadis/defaults.rb +18 -0
- data/lib/quo_vadis/encrypted_type.rb +17 -0
- data/lib/quo_vadis/engine.rb +9 -11
- data/lib/quo_vadis/hmacable.rb +26 -0
- data/lib/quo_vadis/ip_masking.rb +31 -0
- data/lib/quo_vadis/model.rb +86 -0
- data/lib/quo_vadis/version.rb +3 -1
- data/quo_vadis.gemspec +20 -25
- data/test/dummy/README.markdown +1 -0
- data/test/dummy/Rakefile +2 -6
- data/test/dummy/app/controllers/application_controller.rb +0 -1
- data/test/dummy/app/controllers/articles_controller.rb +8 -11
- data/test/dummy/app/controllers/sign_ups_controller.rb +42 -0
- data/test/dummy/app/controllers/users_controller.rb +13 -5
- data/test/dummy/app/models/application_record.rb +3 -0
- data/test/dummy/app/models/article.rb +2 -1
- data/test/dummy/app/models/person.rb +5 -2
- data/test/dummy/app/models/user.rb +4 -1
- data/test/dummy/app/views/articles/also_secret.html.erb +1 -0
- data/test/dummy/app/views/articles/index.html.erb +1 -1
- data/test/dummy/app/views/articles/secret.html.erb +1 -0
- data/test/dummy/app/views/articles/very_secret.html.erb +2 -0
- data/test/dummy/app/views/layouts/application.html.erb +41 -25
- data/test/dummy/app/views/quo_vadis/confirmations/edit.html.erb +10 -0
- data/test/dummy/app/views/quo_vadis/confirmations/edit_email.html.erb +14 -0
- data/test/dummy/app/views/quo_vadis/confirmations/index.html.erb +14 -0
- data/test/dummy/app/views/quo_vadis/confirmations/new.html.erb +16 -0
- data/test/dummy/app/views/quo_vadis/logs/index.html.erb +28 -0
- data/test/dummy/app/views/quo_vadis/mailer/account_confirmation.text.erb +4 -0
- data/test/dummy/app/views/quo_vadis/mailer/email_change_notification.text.erb +8 -0
- data/test/dummy/app/views/quo_vadis/mailer/identifier_change_notification.text.erb +8 -0
- data/test/dummy/app/views/quo_vadis/mailer/password_change_notification.text.erb +8 -0
- data/test/dummy/app/views/quo_vadis/mailer/password_reset_notification.text.erb +8 -0
- data/test/dummy/app/views/quo_vadis/mailer/recovery_codes_generation_notification.text.erb +8 -0
- data/test/dummy/app/views/quo_vadis/mailer/reset_password.text.erb +4 -0
- data/test/dummy/app/views/quo_vadis/mailer/totp_reuse_notification.text.erb +6 -0
- data/test/dummy/app/views/quo_vadis/mailer/totp_setup_notification.text.erb +8 -0
- data/test/dummy/app/views/quo_vadis/mailer/twofa_deactivated_notification.text.erb +8 -0
- data/test/dummy/app/views/quo_vadis/password_resets/edit.html.erb +25 -0
- data/test/dummy/app/views/quo_vadis/password_resets/index.html.erb +5 -0
- data/test/dummy/app/views/quo_vadis/password_resets/new.html.erb +12 -0
- data/test/dummy/app/views/quo_vadis/passwords/edit.html.erb +30 -0
- data/test/dummy/app/views/quo_vadis/recovery_codes/challenge.html.erb +11 -0
- data/test/dummy/app/views/quo_vadis/recovery_codes/index.html.erb +25 -0
- data/test/dummy/app/views/quo_vadis/sessions/index.html.erb +26 -0
- data/test/dummy/app/views/quo_vadis/sessions/new.html.erb +24 -0
- data/test/dummy/app/views/quo_vadis/totps/challenge.html.erb +11 -0
- data/test/dummy/app/views/quo_vadis/totps/new.html.erb +17 -0
- data/test/dummy/app/views/quo_vadis/twofas/show.html.erb +20 -0
- data/test/dummy/app/views/sign_ups/new.html.erb +37 -0
- data/test/dummy/app/views/sign_ups/show.html.erb +5 -0
- data/test/dummy/app/views/users/new.html.erb +32 -9
- data/test/dummy/config.ru +6 -3
- data/test/dummy/config/application.rb +18 -9
- data/test/dummy/config/boot.rb +3 -9
- data/test/dummy/config/database.yml +2 -14
- data/test/dummy/config/environment.rb +2 -3
- data/test/dummy/config/initializers/quo_vadis.rb +5 -75
- data/test/dummy/config/routes.rb +11 -3
- data/test/dummy/db/migrate/202102121932_create_users.rb +10 -0
- data/test/dummy/db/migrate/202102121935_create_people.rb +10 -0
- data/test/dummy/db/schema.rb +80 -21
- data/test/fixtures/quo_vadis/mailer/account_confirmation.text +4 -0
- data/test/fixtures/quo_vadis/mailer/email_change_notification.text +8 -0
- data/test/fixtures/quo_vadis/mailer/identifier_change_notification.text +8 -0
- data/test/fixtures/quo_vadis/mailer/password_change_notification.text +8 -0
- data/test/fixtures/quo_vadis/mailer/password_reset_notification.text +8 -0
- data/test/fixtures/quo_vadis/mailer/recovery_codes_generation_notification.text +8 -0
- data/test/fixtures/quo_vadis/mailer/reset_password.text +4 -0
- data/test/fixtures/quo_vadis/mailer/totp_reuse_notification.text +6 -0
- data/test/fixtures/quo_vadis/mailer/totp_setup_notification.text +8 -0
- data/test/fixtures/quo_vadis/mailer/twofa_deactivated_notification.text +8 -0
- data/test/integration/account_confirmation_test.rb +145 -0
- data/test/integration/controller_test.rb +280 -0
- data/test/integration/logging_test.rb +235 -0
- data/test/integration/password_change_test.rb +93 -0
- data/test/integration/password_login_test.rb +125 -0
- data/test/integration/password_reset_test.rb +136 -0
- data/test/integration/recovery_codes_test.rb +48 -0
- data/test/integration/sessions_test.rb +86 -0
- data/test/integration/sign_up_test.rb +26 -12
- data/test/integration/totps_test.rb +96 -0
- data/test/integration/twofa_test.rb +82 -0
- data/test/mailers/mailer_test.rb +200 -0
- data/test/models/account_test.rb +34 -0
- data/test/models/crypt_test.rb +22 -0
- data/test/models/log_test.rb +16 -0
- data/test/models/mask_ip_test.rb +27 -0
- data/test/models/model_test.rb +66 -0
- data/test/models/password_test.rb +163 -0
- data/test/models/recovery_code_test.rb +54 -0
- data/test/models/session_test.rb +67 -0
- data/test/models/token_test.rb +70 -0
- data/test/models/totp_test.rb +68 -0
- data/test/quo_vadis_test.rb +39 -3
- data/test/test_helper.rb +42 -70
- metadata +123 -207
- data/app/controllers/controller_mixin.rb +0 -109
- data/app/mailers/quo_vadis/notifier.rb +0 -30
- data/app/models/model_mixin.rb +0 -128
- data/lib/generators/quo_vadis/templates/migration.rb.erb +0 -18
- data/lib/generators/quo_vadis/templates/quo_vadis.rb.erb +0 -96
- data/test/dummy/.gitignore +0 -2
- data/test/dummy/app/helpers/application_helper.rb +0 -2
- data/test/dummy/app/helpers/articles_helper.rb +0 -2
- data/test/dummy/app/views/articles/new.html.erb +0 -11
- data/test/dummy/app/views/layouts/sessions.html.erb +0 -3
- data/test/dummy/app/views/quo_vadis/notifier/change_password.text.erb +0 -9
- data/test/dummy/app/views/quo_vadis/notifier/invite.text.erb +0 -8
- data/test/dummy/app/views/sessions/edit.html.erb +0 -11
- data/test/dummy/app/views/sessions/forgotten.html.erb +0 -13
- data/test/dummy/app/views/sessions/invite.html.erb +0 -31
- data/test/dummy/app/views/sessions/new.html.erb +0 -15
- data/test/dummy/config/environments/development.rb +0 -26
- data/test/dummy/config/environments/production.rb +0 -49
- data/test/dummy/config/environments/test.rb +0 -37
- data/test/dummy/config/initializers/backtrace_silencers.rb +0 -7
- data/test/dummy/config/initializers/inflections.rb +0 -10
- data/test/dummy/config/initializers/mime_types.rb +0 -5
- data/test/dummy/config/initializers/rack_patch.rb +0 -16
- data/test/dummy/config/initializers/secret_token.rb +0 -7
- data/test/dummy/config/initializers/session_store.rb +0 -8
- data/test/dummy/config/locales/en.yml +0 -5
- data/test/dummy/config/locales/quo_vadis.en.yml +0 -21
- data/test/dummy/db/migrate/20110124125037_create_users.rb +0 -13
- data/test/dummy/db/migrate/20110124131535_create_articles.rb +0 -14
- data/test/dummy/db/migrate/20110127094709_add_authentication_to_users.rb +0 -18
- data/test/dummy/db/migrate/20111004112209_create_people.rb +0 -13
- data/test/dummy/db/migrate/20111004132342_add_authentication_to_people.rb +0 -18
- data/test/dummy/public/404.html +0 -26
- data/test/dummy/public/422.html +0 -26
- data/test/dummy/public/500.html +0 -26
- data/test/dummy/public/javascripts/application.js +0 -2
- data/test/dummy/public/javascripts/controls.js +0 -965
- data/test/dummy/public/javascripts/dragdrop.js +0 -974
- data/test/dummy/public/javascripts/effects.js +0 -1123
- data/test/dummy/public/javascripts/prototype.js +0 -6001
- data/test/dummy/public/javascripts/rails.js +0 -175
- data/test/dummy/public/stylesheets/.gitkeep +0 -0
- data/test/dummy/script/rails +0 -6
- data/test/integration/activation_test.rb +0 -108
- data/test/integration/authenticate_test.rb +0 -39
- data/test/integration/blocked_test.rb +0 -23
- data/test/integration/config_test.rb +0 -118
- data/test/integration/cookie_test.rb +0 -67
- data/test/integration/csrf_test.rb +0 -41
- data/test/integration/forgotten_test.rb +0 -93
- data/test/integration/helper_test.rb +0 -18
- data/test/integration/locale_test.rb +0 -197
- data/test/integration/navigation_test.rb +0 -7
- data/test/integration/sign_in_person_test.rb +0 -26
- data/test/integration/sign_in_test.rb +0 -24
- data/test/integration/sign_out_test.rb +0 -20
- data/test/support/integration_case.rb +0 -11
- data/test/unit/user_test.rb +0 -75
data/Rakefile
CHANGED
@@ -1,14 +1,20 @@
|
|
1
|
-
require 'bundler'
|
2
|
-
Bundler::GemHelper.install_tasks
|
1
|
+
require 'bundler/setup'
|
3
2
|
|
4
|
-
|
3
|
+
APP_RAKEFILE = File.expand_path('test/dummy/Rakefile', __dir__)
|
4
|
+
load 'rails/tasks/engine.rake'
|
5
|
+
|
6
|
+
load 'rails/tasks/statistics.rake'
|
7
|
+
|
8
|
+
require "bundler/gem_tasks"
|
9
|
+
|
10
|
+
require "rake/testtask"
|
5
11
|
|
6
12
|
Rake::TestTask.new(:test) do |t|
|
7
|
-
t.libs <<
|
8
|
-
t.libs <<
|
9
|
-
t.
|
10
|
-
t.
|
11
|
-
t.warning = false
|
13
|
+
t.libs << "test"
|
14
|
+
# t.libs << "lib"
|
15
|
+
t.test_files = FileList["test/**/*_test.rb"]
|
16
|
+
# t.warning = false
|
12
17
|
end
|
13
18
|
|
14
|
-
task :
|
19
|
+
task default: :test
|
20
|
+
|
@@ -0,0 +1,102 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module QuoVadis
|
4
|
+
class ConfirmationsController < ApplicationController
|
5
|
+
|
6
|
+
# holding page
|
7
|
+
def index
|
8
|
+
@account = find_pending_account_from_session
|
9
|
+
end
|
10
|
+
|
11
|
+
|
12
|
+
# form for requesting new confirmation email
|
13
|
+
def new
|
14
|
+
end
|
15
|
+
|
16
|
+
|
17
|
+
# send new confirmation email form submits here
|
18
|
+
def create
|
19
|
+
account = QuoVadis.find_account_by_identifier_in_params params
|
20
|
+
|
21
|
+
unless account
|
22
|
+
redirect_to new_confirmation_path, alert: QuoVadis.translate('flash.confirmation.identifier') and return
|
23
|
+
end
|
24
|
+
|
25
|
+
request_confirmation account.model
|
26
|
+
redirect_to confirmations_path
|
27
|
+
end
|
28
|
+
|
29
|
+
|
30
|
+
# emailed confirmation link points here
|
31
|
+
def edit
|
32
|
+
account = AccountConfirmationToken.find_account params[:token]
|
33
|
+
|
34
|
+
unless account # expired or already confirmed
|
35
|
+
redirect_to new_confirmation_path, alert: QuoVadis.translate('flash.confirmation.unknown') and return
|
36
|
+
end
|
37
|
+
end
|
38
|
+
|
39
|
+
|
40
|
+
# confirm the account (and login)
|
41
|
+
def update
|
42
|
+
account = AccountConfirmationToken.find_account params[:token]
|
43
|
+
|
44
|
+
unless account # expired or already confirmed
|
45
|
+
redirect_to new_confirmation_path, alert: QuoVadis.translate('flash.confirmation.unknown') and return
|
46
|
+
end
|
47
|
+
|
48
|
+
account.confirmed!
|
49
|
+
qv.log account, Log::ACCOUNT_CONFIRMATION
|
50
|
+
|
51
|
+
session.delete :account_pending_confirmation
|
52
|
+
|
53
|
+
login account.model, true
|
54
|
+
redirect_to qv.path_after_authentication, notice: QuoVadis.translate('flash.confirmation.confirmed')
|
55
|
+
end
|
56
|
+
|
57
|
+
|
58
|
+
def edit_email
|
59
|
+
account = find_pending_account_from_session
|
60
|
+
|
61
|
+
unless account
|
62
|
+
redirect_to confirmations_path, alert: QuoVadis.translate('flash.confirmation.unknown') and return
|
63
|
+
end
|
64
|
+
|
65
|
+
@email = account.model.email
|
66
|
+
end
|
67
|
+
|
68
|
+
|
69
|
+
def update_email
|
70
|
+
account = find_pending_account_from_session
|
71
|
+
|
72
|
+
unless account
|
73
|
+
redirect_to confirmations_path, alert: QuoVadis.translate('flash.confirmation.unknown') and return
|
74
|
+
end
|
75
|
+
|
76
|
+
account.model.update email: params[:email]
|
77
|
+
|
78
|
+
request_confirmation account.model
|
79
|
+
redirect_to confirmations_path
|
80
|
+
end
|
81
|
+
|
82
|
+
|
83
|
+
def resend
|
84
|
+
account = find_pending_account_from_session
|
85
|
+
|
86
|
+
unless account
|
87
|
+
redirect_to confirmations_path, alert: QuoVadis.translate('flash.confirmation.unknown') and return
|
88
|
+
end
|
89
|
+
|
90
|
+
request_confirmation account.model
|
91
|
+
redirect_to confirmations_path
|
92
|
+
end
|
93
|
+
|
94
|
+
|
95
|
+
private
|
96
|
+
|
97
|
+
def find_pending_account_from_session
|
98
|
+
Account.find(session[:account_pending_confirmation]) if session[:account_pending_confirmation]
|
99
|
+
end
|
100
|
+
|
101
|
+
end
|
102
|
+
end
|
@@ -0,0 +1,20 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module QuoVadis
|
4
|
+
class LogsController < ApplicationController
|
5
|
+
before_action :require_password_authentication
|
6
|
+
|
7
|
+
PER_PAGE = 25
|
8
|
+
|
9
|
+
def index
|
10
|
+
logs = authenticated_model.qv_account.logs
|
11
|
+
|
12
|
+
page = params[:page] ? params[:page].to_i : 1
|
13
|
+
@logs = logs.new_to_old.page(page, PER_PAGE)
|
14
|
+
|
15
|
+
@prev_page = page - 1 if page > 1
|
16
|
+
@next_page = page + 1 if logs.count > page * PER_PAGE
|
17
|
+
end
|
18
|
+
|
19
|
+
end
|
20
|
+
end
|
@@ -0,0 +1,65 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module QuoVadis
|
4
|
+
class PasswordResetsController < ApplicationController
|
5
|
+
|
6
|
+
# holding page for after the create action
|
7
|
+
def index
|
8
|
+
end
|
9
|
+
|
10
|
+
|
11
|
+
def new
|
12
|
+
end
|
13
|
+
|
14
|
+
|
15
|
+
def create
|
16
|
+
flash[:notice] = QuoVadis.translate 'flash.password_reset.create'
|
17
|
+
|
18
|
+
account = QuoVadis.find_account_by_identifier_in_params params
|
19
|
+
return unless account
|
20
|
+
|
21
|
+
token = QuoVadis::PasswordResetToken.generate account
|
22
|
+
QuoVadis.deliver :reset_password, email: account.model.email, url: quo_vadis.edit_password_reset_url(token)
|
23
|
+
|
24
|
+
redirect_to password_resets_path
|
25
|
+
end
|
26
|
+
|
27
|
+
|
28
|
+
# emailed password-reset link points here
|
29
|
+
def edit
|
30
|
+
account = PasswordResetToken.find_account params[:token]
|
31
|
+
|
32
|
+
unless account # expired or password already changed
|
33
|
+
redirect_to new_password_reset_path, alert: QuoVadis.translate('flash.password_reset.unknown') and return
|
34
|
+
end
|
35
|
+
|
36
|
+
@password = QuoVadis::Password.new
|
37
|
+
end
|
38
|
+
|
39
|
+
|
40
|
+
# really reset the password
|
41
|
+
def update
|
42
|
+
account = PasswordResetToken.find_account params[:token]
|
43
|
+
|
44
|
+
unless account # expired or password already changed
|
45
|
+
redirect_to new_password_reset_path, alert: QuoVadis.translate('flash.password_reset.unknown') and return
|
46
|
+
end
|
47
|
+
|
48
|
+
@password = account.password
|
49
|
+
if @password.reset params[:password], params[:password_confirmation]
|
50
|
+
# Logout account's sessions because password has changed.
|
51
|
+
# Note model is not logged in here.
|
52
|
+
@password.account.sessions.destroy_all
|
53
|
+
|
54
|
+
qv.log @password.account, Log::PASSWORD_RESET
|
55
|
+
QuoVadis.notify :password_reset_notification, email: @password.account.model.email
|
56
|
+
|
57
|
+
login @password.account.model, true
|
58
|
+
redirect_to qv.path_after_authentication, notice: QuoVadis.translate('flash.password_reset.reset')
|
59
|
+
else
|
60
|
+
render :edit
|
61
|
+
end
|
62
|
+
end
|
63
|
+
|
64
|
+
end
|
65
|
+
end
|
@@ -0,0 +1,26 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module QuoVadis
|
4
|
+
class PasswordsController < ApplicationController
|
5
|
+
|
6
|
+
before_action :require_authentication
|
7
|
+
|
8
|
+
def edit
|
9
|
+
@password = QuoVadis::Password.new
|
10
|
+
end
|
11
|
+
|
12
|
+
def update
|
13
|
+
@password = authenticated_model.qv_account.password
|
14
|
+
if @password.change params[:password], params[:new_password], params[:new_password_confirmation]
|
15
|
+
qv.log authenticated_model.qv_account, Log::PASSWORD_CHANGE
|
16
|
+
QuoVadis.notify :password_change_notification, email: authenticated_model.email
|
17
|
+
qv.logout_other_sessions
|
18
|
+
qv.replace_session
|
19
|
+
redirect_to qv.path_after_password_change, notice: QuoVadis.translate('flash.password.update')
|
20
|
+
else
|
21
|
+
render :edit
|
22
|
+
end
|
23
|
+
end
|
24
|
+
|
25
|
+
end
|
26
|
+
end
|
@@ -0,0 +1,54 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module QuoVadis
|
4
|
+
class RecoveryCodesController < ApplicationController
|
5
|
+
before_action :require_password_authentication
|
6
|
+
|
7
|
+
|
8
|
+
def index
|
9
|
+
@codes = flash[:recovery_codes]
|
10
|
+
@recovery_code_count = account.recovery_codes.count
|
11
|
+
end
|
12
|
+
|
13
|
+
|
14
|
+
def challenge
|
15
|
+
end
|
16
|
+
|
17
|
+
|
18
|
+
def authenticate
|
19
|
+
if account.recovery_codes.detect { |rc| rc.authenticate_code params[:code] }
|
20
|
+
qv.log account, Log::RECOVERY_CODE_SUCCESS
|
21
|
+
qv.replace_session
|
22
|
+
qv.session_authenticated_with_second_factor
|
23
|
+
reset_totp
|
24
|
+
redirect_to qv.path_after_authentication,
|
25
|
+
notice: QuoVadis.translate('flash.recovery_code.success',
|
26
|
+
count: account.recovery_codes.count)
|
27
|
+
else
|
28
|
+
qv.log account, Log::RECOVERY_CODE_FAILURE
|
29
|
+
flash.now[:alert] = QuoVadis.translate('flash.recovery_code.unverified')
|
30
|
+
render :challenge
|
31
|
+
end
|
32
|
+
end
|
33
|
+
|
34
|
+
|
35
|
+
def generate
|
36
|
+
qv.log account, Log::RECOVERY_CODE_GENERATE
|
37
|
+
QuoVadis.notify :recovery_codes_generation_notification, email: authenticated_model.email
|
38
|
+
account.recovery_codes.delete_all
|
39
|
+
flash[:recovery_codes] = account.generate_recovery_codes
|
40
|
+
redirect_to quo_vadis.recovery_codes_path
|
41
|
+
end
|
42
|
+
|
43
|
+
|
44
|
+
private
|
45
|
+
|
46
|
+
def account
|
47
|
+
authenticated_model.qv_account
|
48
|
+
end
|
49
|
+
|
50
|
+
def reset_totp
|
51
|
+
account.totp&.destroy
|
52
|
+
end
|
53
|
+
end
|
54
|
+
end
|
@@ -1,153 +1,71 @@
|
|
1
|
-
|
2
|
-
skip_filter :authenticate, :except => [:destroy]
|
3
|
-
layout :quo_vadis_layout
|
1
|
+
# frozen_string_literal: true
|
4
2
|
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
|
3
|
+
module QuoVadis
|
4
|
+
class SessionsController < ApplicationController
|
5
|
+
|
6
|
+
# Don't require authentication for the :destroy action so that someone
|
7
|
+
# who has logged in via password but not completed 2fa can still log out.
|
8
|
+
before_action :require_authentication, except: [:new, :create, :destroy]
|
9
9
|
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
flash_if_present :alert, 'quo_vadis.flash.sign_in.blocked', :now
|
14
|
-
render 'sessions/new'
|
15
|
-
elsif user = QuoVadis.model_class.authenticate(params[:username], params[:password])
|
16
|
-
flash_if_present :notice, 'quo_vadis.flash.sign_in.after'
|
17
|
-
sign_in user
|
18
|
-
else
|
19
|
-
QuoVadis.failed_sign_in_hook self
|
20
|
-
flash_if_present :alert, 'quo_vadis.flash.sign_in.failed', :now
|
21
|
-
render 'sessions/new'
|
10
|
+
def index
|
11
|
+
@qv_session = qv.session
|
12
|
+
@qv_sessions = @qv_session.account.sessions
|
22
13
|
end
|
23
|
-
end
|
24
14
|
|
25
|
-
# GET sign_out_path
|
26
|
-
def destroy
|
27
|
-
QuoVadis.signed_out_hook send(:"current_#{QuoVadis.model_instance_name}"), self
|
28
|
-
self.send :"current_#{QuoVadis.model_instance_name}=", nil
|
29
|
-
flash_if_present :notice, 'quo_vadis.flash.sign_out'
|
30
|
-
redirect_to QuoVadis.signed_out_url(self)
|
31
|
-
end
|
32
15
|
|
33
|
-
|
34
|
-
# POST forgotten_sign_in_path
|
35
|
-
def forgotten
|
36
|
-
if request.get?
|
37
|
-
render 'sessions/forgotten'
|
38
|
-
elsif request.post?
|
39
|
-
if params[:username].present? &&
|
40
|
-
(user = QuoVadis.model_class.where(:username => params[:username]).first)
|
41
|
-
if user.email.present?
|
42
|
-
user.generate_token!
|
43
|
-
QuoVadis::Notifier.change_password(user).deliver
|
44
|
-
flash_if_present :notice, 'quo_vadis.flash.forgotten.sent_email'
|
45
|
-
redirect_to :root
|
46
|
-
else
|
47
|
-
flash_if_present :alert, 'quo_vadis.flash.forgotten.no_email', :now
|
48
|
-
render 'sessions/forgotten'
|
49
|
-
end
|
50
|
-
else
|
51
|
-
flash_if_present :alert, 'quo_vadis.flash.forgotten.unknown', :now
|
52
|
-
render 'sessions/forgotten'
|
53
|
-
end
|
16
|
+
def new
|
54
17
|
end
|
55
|
-
end
|
56
18
|
|
57
|
-
# GET change_password_path /sign-in/change-password/:token
|
58
|
-
def edit
|
59
|
-
if QuoVadis.model_class.valid_token(params[:token]).first
|
60
|
-
render 'sessions/edit'
|
61
|
-
else
|
62
|
-
invalid_token :forgotten
|
63
|
-
end
|
64
|
-
end
|
65
19
|
|
66
|
-
|
67
|
-
|
68
|
-
|
69
|
-
|
70
|
-
|
71
|
-
|
72
|
-
|
73
|
-
|
74
|
-
sign_in user
|
75
|
-
else
|
76
|
-
render 'sessions/edit'
|
77
|
-
end
|
78
|
-
else
|
79
|
-
render 'sessions/edit'
|
20
|
+
def create
|
21
|
+
account = QuoVadis.find_account_by_identifier_in_params params
|
22
|
+
|
23
|
+
unless account
|
24
|
+
qv.log nil, Log::LOGIN_UNKNOWN, identifier: QuoVadis.identifier_value_in_params(params)
|
25
|
+
flash.now[:alert] = QuoVadis.translate 'flash.login.failed'
|
26
|
+
render :new
|
27
|
+
return
|
80
28
|
end
|
81
|
-
else
|
82
|
-
invalid_token :forgotten
|
83
|
-
end
|
84
|
-
end
|
85
29
|
|
86
|
-
|
87
|
-
|
88
|
-
|
89
|
-
|
90
|
-
|
91
|
-
|
92
|
-
@user.username = nil
|
93
|
-
render 'sessions/invite'
|
94
|
-
else
|
95
|
-
invalid_token :activation
|
96
|
-
end
|
97
|
-
end
|
30
|
+
unless account.password.authenticate params[:password]
|
31
|
+
qv.log account, Log::LOGIN_FAILURE
|
32
|
+
flash.now[:alert] = QuoVadis.translate 'flash.login.failed'
|
33
|
+
render :new
|
34
|
+
return
|
35
|
+
end
|
98
36
|
|
99
|
-
|
100
|
-
|
101
|
-
|
102
|
-
@user.username, @user.password = params[:username], params[:password]
|
103
|
-
# When we create a user who must activate their account, we give them
|
104
|
-
# a random username and password. However we want to treat them as if
|
105
|
-
# they weren't set at all.
|
106
|
-
@user.password_digest = nil if params[:password].blank?
|
107
|
-
if @user.save
|
108
|
-
@user.clear_token
|
109
|
-
flash_if_present :notice, 'quo_vadis.flash.activation.accepted'
|
110
|
-
sign_in @user
|
111
|
-
else
|
112
|
-
flash_if_present :alert, 'quo_vadis.flash.activation.invalid_credentials', :now
|
113
|
-
render 'sessions/invite'
|
37
|
+
if QuoVadis.accounts_require_confirmation && !account.confirmed?
|
38
|
+
redirect_to new_confirmation_path, notice: QuoVadis.translate('flash.confirmation.required')
|
39
|
+
return
|
114
40
|
end
|
115
|
-
else
|
116
|
-
invalid_token :activation
|
117
|
-
end
|
118
|
-
end
|
119
41
|
|
120
|
-
|
121
|
-
|
122
|
-
|
123
|
-
|
124
|
-
|
125
|
-
|
126
|
-
end
|
127
|
-
hide_action :send_invitation
|
42
|
+
# no params[:remember] => use QuoVadis.session_lifetime
|
43
|
+
# params[:remember] == 0 => use :session
|
44
|
+
# params[:remember] == 1 => use QuoVadis.session_lifetime
|
45
|
+
browser_session = params[:remember] == '0'
|
46
|
+
|
47
|
+
flash[:notice] = QuoVadis.translate 'flash.login.success'
|
128
48
|
|
129
|
-
|
49
|
+
login account.model, browser_session
|
130
50
|
|
131
|
-
|
132
|
-
if workflow == :activation
|
133
|
-
flash_if_present :alert, 'quo_vadis.flash.activation.invalid_token'
|
134
|
-
redirect_to root_path
|
135
|
-
else
|
136
|
-
flash_if_present :alert, 'quo_vadis.flash.forgotten.invalid_token'
|
137
|
-
redirect_to forgotten_sign_in_url
|
51
|
+
redirect_to qv.path_after_authentication
|
138
52
|
end
|
139
|
-
end
|
140
53
|
|
141
|
-
def quo_vadis_layout # :nodoc:
|
142
|
-
QuoVadis.layout
|
143
|
-
end
|
144
54
|
|
145
|
-
|
146
|
-
|
147
|
-
|
148
|
-
|
149
|
-
|
55
|
+
def destroy
|
56
|
+
if params[:id] # other session
|
57
|
+
current_qv_session = qv.session
|
58
|
+
current_qv_session.account.sessions.destroy params[:id]
|
59
|
+
qv.log current_qv_session.account, Log::LOGOUT_OTHER
|
60
|
+
flash[:notice] = QuoVadis.translate 'flash.logout.other'
|
61
|
+
redirect_to action: :index
|
62
|
+
else # this session
|
63
|
+
qv.log authenticated_model.qv_account, Log::LOGOUT
|
64
|
+
qv.logout
|
65
|
+
flash[:notice] = QuoVadis.translate 'flash.logout.self'
|
66
|
+
redirect_to main_app.root_path
|
67
|
+
end
|
150
68
|
end
|
151
|
-
end
|
152
69
|
|
70
|
+
end
|
153
71
|
end
|