quo_vadis 1.4.2 → 2.1.1

data/lib/quo_vadis/version.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module QuoVadis
-  VERSION = '1.4.2'
+  VERSION = '2.1.1'
 end

data/quo_vadis.gemspec

@@ -1,31 +1,26 @@
-# -*- encoding: utf-8 -*-
-$:.push File.expand_path('../lib', __FILE__)
-require 'quo_vadis/version'
+# frozen_string_literal: true
 
-Gem::Specification.new do |s|
-  s.name        = 'quo_vadis'
-  s.version     = QuoVadis::VERSION
-  s.platform    = Gem::Platform::RUBY
-  s.authors     = ['Andy Stewart']
-  s.email       = ['boss@airbladesoftware.com']
-  s.homepage    = 'https://github.com/airblade/quo_vadis'
-  s.summary     = 'Simple username/password authentication for Rails 3.'
-  s.description = s.summary
+require_relative 'lib/quo_vadis/version'
 
-  s.rubyforge_project = 'quo_vadis'
+Gem::Specification.new do |spec|
+  spec.name          = 'quo_vadis'
+  spec.version       = QuoVadis::VERSION
+  spec.authors       = ['Andy Stewart']
+  spec.email         = ['boss@airbladesoftware.com']
 
-  s.files         = `git ls-files`.split("\n")
-  s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
-  s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
-  s.require_paths = ['lib']
+  spec.summary       = 'Multifactor authentication for Rails 6.'
+  spec.homepage      = 'https://github.com/airblade/quo_vadis'
+  spec.license       = 'MIT'
 
-  s.add_dependency 'rails',       '> 3.0.4', '< 5'
-  s.add_dependency 'bcrypt', '> 3.1.6'
+  # spec.required_ruby_version = Gem::Requirement.new('>= 2.4.0')
 
-  # s.add_development_dependency 'rails', '~> 3.0.4'  # so we can test CSRF protection
-  s.add_development_dependency 'sqlite3'
-  s.add_development_dependency 'capybara', '~>1.1'
-  s.add_development_dependency 'launchy'
-  s.add_development_dependency 'rake'
-  s.add_development_dependency 'test-unit', '~> 3.0'
+  spec.files = Dir.chdir(File.expand_path(__dir__)) do
+    `git ls-files -z`.split("\x0")
+  end
+  spec.require_paths = ['lib']
+
+  spec.add_dependency 'rails',   '>= 6'
+  spec.add_dependency 'bcrypt',  '~> 3.1.7'
+  spec.add_dependency 'rotp',    '>= 6'
+  spec.add_dependency 'rqrcode', '~> 2.0'
 end

data/test/dummy/README.markdown

@@ -0,0 +1 @@
+Only authenticated users can view articles.

data/test/dummy/Rakefile

@@ -1,7 +1,3 @@
-# Add your own tasks in files placed in lib/tasks ending in .rake,
-# for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
+require_relative 'config/application'
 
-require File.expand_path('../config/application', __FILE__)
-require 'rake'
-
-Dummy::Application.load_tasks
+Rails.application.load_tasks

data/test/dummy/app/controllers/application_controller.rb

@@ -1,3 +1,2 @@
 class ApplicationController < ActionController::Base
-  protect_from_forgery
 end

data/test/dummy/app/controllers/articles_controller.rb

@@ -1,20 +1,17 @@
 class ArticlesController < ApplicationController
-  before_filter :authenticate, :except => [:index, :show]
+  before_action :require_authentication, except: :index
+  before_action :require_two_factor_authentication, only: :very_secret
 
   def index
-    @articles = Article.all
   end
 
-  def new
-    @article = Article.new
+  def secret
   end
 
-  def create
-    @article = Article.new params[:article]
-    if @article.save
-      redirect_to :action => 'index'
-    else
-      render 'new'
-    end
+  def also_secret
   end
+
+  def very_secret
+  end
+
 end

data/test/dummy/app/controllers/sign_ups_controller.rb

@@ -0,0 +1,42 @@
+# To test sign-ups with confirmation (activation / verification)
+class SignUpsController < ApplicationController
+
+  around_action :toggle_confirmation
+
+  def new
+    @user = User.new
+  end
+
+
+  def create
+    @user = User.new user_params
+    if @user.save
+      if QuoVadis.accounts_require_confirmation
+        request_confirmation @user
+        redirect_to quo_vadis.confirmations_path
+      else
+        redirect_to articles_path
+      end
+    else
+      render :new
+    end
+  end
+
+  def show
+    @user = User.find params[:id]
+  end
+
+  private
+
+  def user_params
+    params.require(:user).permit(:name, :email, :password, :password_confirmation)
+  end
+
+  def toggle_confirmation
+    QuoVadis.accounts_require_confirmation true
+    yield
+  ensure
+    QuoVadis.accounts_require_confirmation false
+  end
+
+end

data/test/dummy/app/controllers/users_controller.rb

@@ -1,17 +1,25 @@
-class UsersController < ActionController::Base
+# To test creating users without activation
+class UsersController < ApplicationController
 
   def new
     @user = User.new
   end
 
   def create
-    @user = User.new params[:user]
+    @user = User.new user_params
     if @user.save
-      flash[:notice] = 'You have signed up!'
-      sign_in @user  # <-- Quo Vadis sign-in hook
+      # NOTE to login the user here, do this:
+      # login @user, true
+      redirect_to articles_path
     else
-      render 'new'
+      render :new
     end
   end
 
+  private
+
+  def user_params
+    params.require(:user).permit(:name, :email, :password, :password_confirmation)
+  end
+
 end

data/test/dummy/app/models/application_record.rb

@@ -0,0 +1,3 @@
+class ApplicationRecord < ActiveRecord::Base
+  self.abstract_class = true
+end

data/test/dummy/app/models/article.rb

@@ -1,2 +1,3 @@
-class Article < ActiveRecord::Base
+class Article < ApplicationRecord
+  validates :title, presence: true
 end

data/test/dummy/app/models/person.rb

@@ -1,3 +1,6 @@
-class Person < ActiveRecord::Base
-  authenticates
+class Person < ApplicationRecord
+  validates :username, presence: true, uniqueness: {case_sensitive: false}
+  validates :email, presence: true, uniqueness: {case_sensitive: false}
+
+  authenticates identifier: :username
 end

data/test/dummy/app/models/user.rb

@@ -1,3 +1,6 @@
-class User < ActiveRecord::Base
+class User < ApplicationRecord
+  validates :name, presence: true
+  validates :email, presence: true, uniqueness: {case_sensitive: false}
+
   authenticates
 end

data/test/dummy/app/views/articles/also_secret.html.erb

@@ -0,0 +1 @@
+<p>Also-secret Articles</p>

data/test/dummy/app/views/articles/index.html.erb

@@ -1 +1 @@
-<h1>Articles</h1>
+<p>Public Articles</p>

data/test/dummy/app/views/articles/secret.html.erb

@@ -0,0 +1 @@
+<p>Secret Articles</p>

data/test/dummy/app/views/articles/very_secret.html.erb

@@ -0,0 +1,2 @@
+<p>Very Secret Articles</p>
+

data/test/dummy/app/views/layouts/application.html.erb

@@ -1,30 +1,46 @@
-<!DOCTYPE html>
 <html>
-<head>
-  <title>Dummy</title>
-  <%= csrf_meta_tag %>
-</head>
-<body>
-
-  <div id='topnav'>
-    <% if authenticated? %>
-      You are signed in as
-      <% if defined?(current_user) %>
-        <%= current_user.name %>.
-      <% elsif defined?(current_person) %>
-        <%= current_person.name %>.
+  <head>
+    <meta charset="utf-8">
+    <%= csrf_meta_tags %>
+    <style>
+      nav {
+        border-bottom: 1px solid #ddd;
+        padding: 10px 0;
+      }
+      nav span {
+        margin: 0 5px;
+      }
+      main {
+        margin-top: 20px;
+      }
+    </style>
+  </head>
+  <body>
+    <nav>
+      <% if logged_in? %>
+        <span>Logged in as: <%= authenticated_model.email %></span>
+        <span><%= link_to 'Sessions', quo_vadis.sessions_path %></span>
+        <span><%= link_to 'Change password', quo_vadis.edit_password_path %></span>
+        <span><%= link_to '2FA', quo_vadis.twofa_path %></span>
+        <span><%= link_to 'Logs', quo_vadis.logs_path %></span>
+        <span><%= button_to 'Log out', quo_vadis.logout_path, method: :delete, form: {style: 'display:inline-block'} %></span>
+      <% else %>
+        <span><%= link_to 'Add user (without confirmation)', main_app.new_user_path %></span>
+        <span><%= link_to 'Sign up (with confirmation)', main_app.new_sign_up_path %></span>
+        <span><%= link_to 'Log in', quo_vadis.login_path %></span>
       <% end %>
-      <%= link_to 'Sign out', sign_out_path %>
-    <% else %>
-      <%= link_to 'Sign in', sign_in_path %>
-    <% end %>
-  </div>
-
-  <% flash.each do |key, value| %>
-    <div class='flash <%= key %>'><%= value %></div>
-  <% end %>
+    </nav>
 
-<%= yield %>
+    <main>
+      <section>
+        <% %w[notice alert].select { |k| flash.key? k }.each do |k| %>
+          <div class="flash flash-<%= k %>">
+            <%= flash[k] %>
+          </div>
+        <% end %>
+      </section>
 
-</body>
+      <%= yield %>
+    </main>
+  </body>
 </html>

data/test/dummy/app/views/sign_ups/new.html.erb

@@ -0,0 +1,37 @@
+<h1>New sign up (with confirmation)</h1>
+
+
+<% if @user.errors.any? %>
+  <ul>
+    <% @user.errors.full_messages.each do |message| %>
+      <li><%= message %></li>
+    <% end %>
+  </ul>
+<% end %>
+
+
+<%= form_with model: @user, url: sign_ups_path do |f| %>
+  <p>
+    <%= f.label :name %>
+    <%= f.text_field :name %>
+  </p>
+
+  <p>
+    <%= f.label :email %>
+    <%= f.text_field :email %>
+  </p>
+
+  <p>
+    <%= f.label :password %>
+    <%= f.password_field :password %>
+  </p>
+
+  <p>
+    <%= f.label :password_confirmation %>
+    <%= f.password_field :password_confirmation %>
+  </p>
+
+  <p>
+    <%= f.submit %>
+  </p>
+<% end %>

data/test/dummy/app/views/sign_ups/show.html.erb

@@ -0,0 +1,5 @@
+<h1>User</h1>
+
+<p><%= @user.name %></p>
+
+<p><%= @user.email %></p>

data/test/dummy/app/views/users/new.html.erb

@@ -1,14 +1,37 @@
-<h1>Sign up</h1>
+<h1>New user (without confirmation)</h1>
 
-<%= form_for @user do |f| %>
-  <%= f.label :name %>
-  <%= f.text_field :name %>
 
-  <%= f.label :username %>
-  <%= f.text_field :username %>
+<% if @user.errors.any? %>
+  <ul>
+    <% @user.errors.full_messages.each do |message| %>
+      <li><%= message %></li>
+    <% end %>
+  </ul>
+<% end %>
+
+
+<%= form_with model: @user do |f| %>
+  <p>
+    <%= f.label :name %>
+    <%= f.text_field :name %>
+  </p>
+
+  <p>
+    <%= f.label :email %>
+    <%= f.text_field :email %>
+  </p>
+
+  <p>
+    <%= f.label :password %>
+    <%= f.password_field :password %>
+  </p>
 
-  <%= f.label :password %>
-  <%= f.password_field :password %>
+  <p>
+    <%= f.label :password_confirmation %>
+    <%= f.password_field :password_confirmation %>
+  </p>
 
-  <%= f.submit 'Sign up' %>
+  <p>
+    <%= f.submit %>
+  </p>
 <% end %>

data/test/dummy/config.ru

@@ -1,4 +1,7 @@
-# This file is used by Rack-based servers to start the application.
+require_relative 'config/environment'
 
-require ::File.expand_path('../config/environment',  __FILE__)
-run Dummy::Application
+run Rails.application
+Rails.application.load_server
+
+
+# copied from qvfull - not sure if necessary

data/test/dummy/config/application.rb

@@ -1,21 +1,30 @@
-require File.expand_path('../boot', __FILE__)
+require_relative 'boot'
 
+# copied from https://github.com/janko/rodauth-rails/blob/master/test/rails_app/config/application.rb
+
+# require "rails/all"
 require "active_model/railtie"
 require "active_record/railtie"
-require "action_controller/railtie"
-require "action_view/railtie"
+# require "action_controller/railtie"
+# require "action_view/railtie"
 require "action_mailer/railtie"
+require "rails/test_unit/railtie"
+
+Bundler.require(*Rails.groups)
 
-Bundler.require
 require 'quo_vadis'
 
 module Dummy
   class Application < Rails::Application
-    # Configure the default encoding used in templates for Ruby 1.9.
-    config.encoding = "utf-8"
+    config.load_defaults Rails::VERSION::STRING.to_f
 
-    # Configure sensitive parameters which will be filtered from the log file.
-    config.filter_parameters += [:password]
+    # config.logger = Logger.new nil
+    config.eager_load = true
+    config.action_dispatch.show_exceptions = false
+    config.action_controller.allow_forgery_protection = false
+
+    config.action_mailer.delivery_method = :test
+    config.action_mailer.default_url_options = { host: 'example.com' }
+    config.action_mailer.delivery_job = 'ActionMailer::MailDeliveryJob'
   end
 end
-