quo_vadis 1.4.2 → 2.0.0

data/lib/quo_vadis/version.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module QuoVadis
-  VERSION = '1.4.2'
+  VERSION = '2.0.0'
 end

data/quo_vadis.gemspec

@@ -1,31 +1,24 @@
-# -*- encoding: utf-8 -*-
-$:.push File.expand_path('../lib', __FILE__)
-require 'quo_vadis/version'
+# frozen_string_literal: true
 
-Gem::Specification.new do |s|
-  s.name        = 'quo_vadis'
-  s.version     = QuoVadis::VERSION
-  s.platform    = Gem::Platform::RUBY
-  s.authors     = ['Andy Stewart']
-  s.email       = ['boss@airbladesoftware.com']
-  s.homepage    = 'https://github.com/airblade/quo_vadis'
-  s.summary     = 'Simple username/password authentication for Rails 3.'
-  s.description = s.summary
+require_relative 'lib/quo_vadis/version'
 
-  s.rubyforge_project = 'quo_vadis'
+Gem::Specification.new do |spec|
+  spec.name          = 'quo_vadis'
+  spec.version       = QuoVadis::VERSION
+  spec.authors       = ['Andy Stewart']
+  spec.email         = ['boss@airbladesoftware.com']
 
-  s.files         = `git ls-files`.split("\n")
-  s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
-  s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
-  s.require_paths = ['lib']
+  spec.summary       = 'Multifactor authentication for Rails 6.'
+  spec.homepage      = 'https://github.com/airblade/quo_vadis'
+  spec.license       = 'MIT'
 
-  s.add_dependency 'rails',       '> 3.0.4', '< 5'
-  s.add_dependency 'bcrypt', '> 3.1.6'
+  # spec.required_ruby_version = Gem::Requirement.new('>= 2.4.0')
 
-  # s.add_development_dependency 'rails', '~> 3.0.4'  # so we can test CSRF protection
-  s.add_development_dependency 'sqlite3'
-  s.add_development_dependency 'capybara', '~>1.1'
-  s.add_development_dependency 'launchy'
-  s.add_development_dependency 'rake'
-  s.add_development_dependency 'test-unit', '~> 3.0'
+  spec.files = Dir.chdir(File.expand_path(__dir__)) do
+    `git ls-files -z`.split("\x0").reject { |f| f.match(%r{\A(?:test|spec|features)/}) }
+  end
+  spec.require_paths = ['lib']
+
+  spec.add_dependency 'rails', '>= 6'
+  spec.add_dependency 'bcrypt', '~> 3.1.7'
 end

metadata

@@ -1,120 +1,44 @@
 --- !ruby/object:Gem::Specification
 name: quo_vadis
 version: !ruby/object:Gem::Version
-  version: 1.4.2
+  version: 2.0.0
 platform: ruby
 authors:
 - Andy Stewart
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-12-19 00:00:00.000000000 Z
+date: 2021-05-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">"
-      - !ruby/object:Gem::Version
-        version: 3.0.4
-    - - "<"
-      - !ruby/object:Gem::Version
-        version: '5'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">"
-      - !ruby/object:Gem::Version
-        version: 3.0.4
-    - - "<"
-      - !ruby/object:Gem::Version
-        version: '5'
-- !ruby/object:Gem::Dependency
-  name: bcrypt
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">"
-      - !ruby/object:Gem::Version
-        version: 3.1.6
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">"
-      - !ruby/object:Gem::Version
-        version: 3.1.6
-- !ruby/object:Gem::Dependency
-  name: sqlite3
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: capybara
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.1'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.1'
-- !ruby/object:Gem::Dependency
-  name: launchy
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: rake
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
+        version: '6'
+  type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '6'
 - !ruby/object:Gem::Dependency
-  name: test-unit
+  name: bcrypt
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.0'
-  type: :development
+        version: 3.1.7
+  type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.0'
-description: Simple username/password authentication for Rails 3.
+        version: 3.1.7
+description:
 email:
 - boss@airbladesoftware.com
 executables: []
@@ -124,98 +48,50 @@ files:
 - ".gitignore"
 - CHANGELOG.md
 - Gemfile
+- Gemfile.lock
+- LICENSE.txt
 - README.md
 - Rakefile
-- app/controllers/controller_mixin.rb
+- app/controllers/quo_vadis/confirmations_controller.rb
+- app/controllers/quo_vadis/logs_controller.rb
+- app/controllers/quo_vadis/password_resets_controller.rb
+- app/controllers/quo_vadis/passwords_controller.rb
+- app/controllers/quo_vadis/recovery_codes_controller.rb
 - app/controllers/quo_vadis/sessions_controller.rb
-- app/mailers/quo_vadis/notifier.rb
-- app/models/model_mixin.rb
+- app/controllers/quo_vadis/totps_controller.rb
+- app/controllers/quo_vadis/twofas_controller.rb
+- app/mailers/quo_vadis/mailer.rb
+- app/models/quo_vadis/account.rb
+- app/models/quo_vadis/account_confirmation_token.rb
+- app/models/quo_vadis/log.rb
+- app/models/quo_vadis/password.rb
+- app/models/quo_vadis/password_reset_token.rb
+- app/models/quo_vadis/recovery_code.rb
+- app/models/quo_vadis/session.rb
+- app/models/quo_vadis/token.rb
+- app/models/quo_vadis/totp.rb
+- bin/console
+- bin/rails
+- bin/setup
 - config/locales/quo_vadis.en.yml
 - config/routes.rb
+- db/migrate/202102150904_setup.rb
 - lib/generators/quo_vadis/install_generator.rb
-- lib/generators/quo_vadis/templates/migration.rb.erb
-- lib/generators/quo_vadis/templates/quo_vadis.rb.erb
 - lib/quo_vadis.rb
+- lib/quo_vadis/controller.rb
+- lib/quo_vadis/crypt.rb
+- lib/quo_vadis/current_request_details.rb
+- lib/quo_vadis/defaults.rb
+- lib/quo_vadis/encrypted_type.rb
 - lib/quo_vadis/engine.rb
+- lib/quo_vadis/hmacable.rb
+- lib/quo_vadis/ip_masking.rb
+- lib/quo_vadis/model.rb
 - lib/quo_vadis/version.rb
 - quo_vadis.gemspec
-- test/dummy/.gitignore
-- test/dummy/Rakefile
-- test/dummy/app/controllers/application_controller.rb
-- test/dummy/app/controllers/articles_controller.rb
-- test/dummy/app/controllers/users_controller.rb
-- test/dummy/app/helpers/application_helper.rb
-- test/dummy/app/helpers/articles_helper.rb
-- test/dummy/app/models/article.rb
-- test/dummy/app/models/person.rb
-- test/dummy/app/models/user.rb
-- test/dummy/app/views/articles/index.html.erb
-- test/dummy/app/views/articles/new.html.erb
-- test/dummy/app/views/layouts/application.html.erb
-- test/dummy/app/views/layouts/sessions.html.erb
-- test/dummy/app/views/quo_vadis/notifier/change_password.text.erb
-- test/dummy/app/views/quo_vadis/notifier/invite.text.erb
-- test/dummy/app/views/sessions/edit.html.erb
-- test/dummy/app/views/sessions/forgotten.html.erb
-- test/dummy/app/views/sessions/invite.html.erb
-- test/dummy/app/views/sessions/new.html.erb
-- test/dummy/app/views/users/new.html.erb
-- test/dummy/config.ru
-- test/dummy/config/application.rb
-- test/dummy/config/boot.rb
-- test/dummy/config/database.yml
-- test/dummy/config/environment.rb
-- test/dummy/config/environments/development.rb
-- test/dummy/config/environments/production.rb
-- test/dummy/config/environments/test.rb
-- test/dummy/config/initializers/backtrace_silencers.rb
-- test/dummy/config/initializers/inflections.rb
-- test/dummy/config/initializers/mime_types.rb
-- test/dummy/config/initializers/quo_vadis.rb
-- test/dummy/config/initializers/rack_patch.rb
-- test/dummy/config/initializers/secret_token.rb
-- test/dummy/config/initializers/session_store.rb
-- test/dummy/config/locales/en.yml
-- test/dummy/config/locales/quo_vadis.en.yml
-- test/dummy/config/routes.rb
-- test/dummy/db/migrate/20110124125037_create_users.rb
-- test/dummy/db/migrate/20110124131535_create_articles.rb
-- test/dummy/db/migrate/20110127094709_add_authentication_to_users.rb
-- test/dummy/db/migrate/20111004112209_create_people.rb
-- test/dummy/db/migrate/20111004132342_add_authentication_to_people.rb
-- test/dummy/db/schema.rb
-- test/dummy/public/404.html
-- test/dummy/public/422.html
-- test/dummy/public/500.html
-- test/dummy/public/favicon.ico
-- test/dummy/public/javascripts/application.js
-- test/dummy/public/javascripts/controls.js
-- test/dummy/public/javascripts/dragdrop.js
-- test/dummy/public/javascripts/effects.js
-- test/dummy/public/javascripts/prototype.js
-- test/dummy/public/javascripts/rails.js
-- test/dummy/public/stylesheets/.gitkeep
-- test/dummy/script/rails
-- test/integration/activation_test.rb
-- test/integration/authenticate_test.rb
-- test/integration/blocked_test.rb
-- test/integration/config_test.rb
-- test/integration/cookie_test.rb
-- test/integration/csrf_test.rb
-- test/integration/forgotten_test.rb
-- test/integration/helper_test.rb
-- test/integration/locale_test.rb
-- test/integration/navigation_test.rb
-- test/integration/sign_in_person_test.rb
-- test/integration/sign_in_test.rb
-- test/integration/sign_out_test.rb
-- test/integration/sign_up_test.rb
-- test/quo_vadis_test.rb
-- test/support/integration_case.rb
-- test/test_helper.rb
-- test/unit/user_test.rb
 homepage: https://github.com/airblade/quo_vadis
-licenses: []
+licenses:
+- MIT
 metadata: {}
 post_install_message:
 rdoc_options: []
@@ -232,84 +108,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: quo_vadis
-rubygems_version: 2.5.2.3
+rubygems_version: 3.1.4
 signing_key:
 specification_version: 4
-summary: Simple username/password authentication for Rails 3.
-test_files:
-- test/dummy/.gitignore
-- test/dummy/Rakefile
-- test/dummy/app/controllers/application_controller.rb
-- test/dummy/app/controllers/articles_controller.rb
-- test/dummy/app/controllers/users_controller.rb
-- test/dummy/app/helpers/application_helper.rb
-- test/dummy/app/helpers/articles_helper.rb
-- test/dummy/app/models/article.rb
-- test/dummy/app/models/person.rb
-- test/dummy/app/models/user.rb
-- test/dummy/app/views/articles/index.html.erb
-- test/dummy/app/views/articles/new.html.erb
-- test/dummy/app/views/layouts/application.html.erb
-- test/dummy/app/views/layouts/sessions.html.erb
-- test/dummy/app/views/quo_vadis/notifier/change_password.text.erb
-- test/dummy/app/views/quo_vadis/notifier/invite.text.erb
-- test/dummy/app/views/sessions/edit.html.erb
-- test/dummy/app/views/sessions/forgotten.html.erb
-- test/dummy/app/views/sessions/invite.html.erb
-- test/dummy/app/views/sessions/new.html.erb
-- test/dummy/app/views/users/new.html.erb
-- test/dummy/config.ru
-- test/dummy/config/application.rb
-- test/dummy/config/boot.rb
-- test/dummy/config/database.yml
-- test/dummy/config/environment.rb
-- test/dummy/config/environments/development.rb
-- test/dummy/config/environments/production.rb
-- test/dummy/config/environments/test.rb
-- test/dummy/config/initializers/backtrace_silencers.rb
-- test/dummy/config/initializers/inflections.rb
-- test/dummy/config/initializers/mime_types.rb
-- test/dummy/config/initializers/quo_vadis.rb
-- test/dummy/config/initializers/rack_patch.rb
-- test/dummy/config/initializers/secret_token.rb
-- test/dummy/config/initializers/session_store.rb
-- test/dummy/config/locales/en.yml
-- test/dummy/config/locales/quo_vadis.en.yml
-- test/dummy/config/routes.rb
-- test/dummy/db/migrate/20110124125037_create_users.rb
-- test/dummy/db/migrate/20110124131535_create_articles.rb
-- test/dummy/db/migrate/20110127094709_add_authentication_to_users.rb
-- test/dummy/db/migrate/20111004112209_create_people.rb
-- test/dummy/db/migrate/20111004132342_add_authentication_to_people.rb
-- test/dummy/db/schema.rb
-- test/dummy/public/404.html
-- test/dummy/public/422.html
-- test/dummy/public/500.html
-- test/dummy/public/favicon.ico
-- test/dummy/public/javascripts/application.js
-- test/dummy/public/javascripts/controls.js
-- test/dummy/public/javascripts/dragdrop.js
-- test/dummy/public/javascripts/effects.js
-- test/dummy/public/javascripts/prototype.js
-- test/dummy/public/javascripts/rails.js
-- test/dummy/public/stylesheets/.gitkeep
-- test/dummy/script/rails
-- test/integration/activation_test.rb
-- test/integration/authenticate_test.rb
-- test/integration/blocked_test.rb
-- test/integration/config_test.rb
-- test/integration/cookie_test.rb
-- test/integration/csrf_test.rb
-- test/integration/forgotten_test.rb
-- test/integration/helper_test.rb
-- test/integration/locale_test.rb
-- test/integration/navigation_test.rb
-- test/integration/sign_in_person_test.rb
-- test/integration/sign_in_test.rb
-- test/integration/sign_out_test.rb
-- test/integration/sign_up_test.rb
-- test/quo_vadis_test.rb
-- test/support/integration_case.rb
-- test/test_helper.rb
-- test/unit/user_test.rb
+summary: Multifactor authentication for Rails 6.
+test_files: []

data/app/controllers/controller_mixin.rb

@@ -1,109 +0,0 @@
-module ControllerMixin
-  def self.included(base)
-    base.helper_method :"current_#{QuoVadis.model_instance_name}", :authenticated?
-  end
-
-  protected
-
-  def handle_unverified_request
-    super
-    cookies.delete :remember_me, :domain => QuoVadis.cookie_domain
-  end
-
-  private
-
-  class_eval <<-END, __FILE__, __LINE__ + 1
-    # Returns `true` if we have an authenticated user, `false` otherwise.
-    def authenticated?
-      !!current_#{QuoVadis.model_instance_name}
-    end
-
-    # Remembers the authenticated <tt>user</tt> (in this session and future sessions).
-    #
-    # If you want to sign in a <tt>user</tt> you have just created, call <tt>sign_in</tt>
-    # instead.
-    def current_#{QuoVadis.model_instance_name}=(user)
-      remember_user_in_session user
-      remember_user_between_sessions user
-    end
-
-    # Returns the authenticated user.
-    def current_#{QuoVadis.model_instance_name}
-      @current_#{QuoVadis.model_instance_name} ||= find_authenticated_user
-    end
-
-    # Does nothing if we already have an authenticated user.  If we don't have an
-    # authenticated user, it stores the desired URL and redirects to the sign in URL.
-    def authenticate
-      unless authenticated?
-        session[:quo_vadis_original_url] = request.fullpath
-        flash[:notice] = t('quo_vadis.flash.sign_in.before') unless t('quo_vadis.flash.sign_in.before').blank?
-        redirect_to sign_in_url
-      end
-    end
-
-    # Signs in a user, i.e. remembers them in the session, runs the sign-in hook,
-    # and redirects appropriately.
-    #
-    # This method should be called when you have just authenticated a <tt>user</tt>
-    # and you need to sign them in.  For example, if a new user has just signed up,
-    # you should call this method to sign them in.
-    def sign_in(user)
-      prevent_session_fixation
-      self.current_#{QuoVadis.model_instance_name} = user
-      QuoVadis.signed_in_hook user, self
-      redirect_to QuoVadis.signed_in_url(user, original_url, self)
-    end
-
-    def remember_user_in_session(user) # :nodoc:
-      session[:current_#{QuoVadis.model_instance_name}_id] = user ? user.id : nil
-    end
-
-    def find_user_by_cookie # :nodoc:
-      #{QuoVadis.model}.find_by_salt(*cookies.signed[:remember_me]) if cookies.signed[:remember_me]
-    end
-
-    def find_user_by_session # :nodoc:
-      #{QuoVadis.model}.find(session[:current_#{QuoVadis.model_instance_name}_id]) if session[:current_#{QuoVadis.model_instance_name}_id]
-    end
-  END
-
-  # Returns true if the sign-in process is blocked to the user, false otherwise.
-  def blocked?
-    QuoVadis.blocked?(self)
-  end
-
-  def remember_user_between_sessions(user) # :nodoc:
-    if user && QuoVadis.remember_for
-      cookies.signed[:remember_me] = {
-        :value    => [user.id, user.password_salt],
-        :expires  => QuoVadis.remember_for.from_now,
-        :httponly => true,
-        :domain   => QuoVadis.cookie_domain
-      }
-    else
-      cookies.delete :remember_me, :domain => QuoVadis.cookie_domain
-    end
-  end
-
-  def find_authenticated_user # :nodoc:
-    find_user_by_session || find_user_by_cookie
-  end
-
-  # Returns the URL if any which the user tried to visit before being forced to authenticate.
-  def original_url
-    url = session[:quo_vadis_original_url]
-    session[:quo_vadis_original_url] = nil
-    url
-  end
-
-  def prevent_session_fixation # :nodoc:
-    original_flash = flash.inject({}) { |hsh, (k,v)| hsh[k] = v; hsh }
-    original_url = session[:quo_vadis_original_url]
-
-    reset_session
-
-    original_flash.each { |k,v| flash[k] = v }
-    session[:quo_vadis_original_url] = original_url
-  end
-end