quo_vadis 2.1.3 → 2.1.6
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +17 -0
- data/README.md +2 -4
- data/app/controllers/quo_vadis/sessions_controller.rb +3 -3
- data/app/controllers/quo_vadis/twofas_controller.rb +1 -1
- data/app/models/quo_vadis/session.rb +1 -0
- data/app/views/quo_vadis/sessions/index.html.erb +6 -0
- data/lib/quo_vadis/controller.rb +2 -2
- data/lib/quo_vadis/version.rb +1 -1
- data/quo_vadis.gemspec +1 -1
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 7ae53bae73aaf968a8edec5148304394b411eace9c0df39069c6b240e90a6ea9
|
|
4
|
+
data.tar.gz: 4980707b8a6670298f0d99f7f1a554767c12323055d5103057c3028837da49af
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 00f025682cb8623ff02713e15bf25fdcc8c2a2964273bbc9f450f562375d18dd508ae1e729657cfa2275f2cb92672ef75b278edf8dbebd75cb2d6064d6c974b9
|
|
7
|
+
data.tar.gz: c017aa443847c3d62dd17e8e384f50db13e11f63189008787be7d896ebc80a362318328139537859d8613a240607362ef2bd81c5022a99a358086f77d079bedf
|
data/CHANGELOG.md
CHANGED
|
@@ -4,6 +4,23 @@
|
|
|
4
4
|
## HEAD
|
|
5
5
|
|
|
6
6
|
|
|
7
|
+
## 2.1.6 (30 May 2022)
|
|
8
|
+
|
|
9
|
+
* Fix typo in session scope.
|
|
10
|
+
|
|
11
|
+
|
|
12
|
+
## 2.1.5 (27 May 2022)
|
|
13
|
+
|
|
14
|
+
* Order sessions list and display more information.
|
|
15
|
+
* Set status 303 See Other on destroy redirects.
|
|
16
|
+
* Streamline bundler instructions.
|
|
17
|
+
|
|
18
|
+
|
|
19
|
+
## 2.1.4 (2 October 2021)
|
|
20
|
+
|
|
21
|
+
* Allow metadata for login log.
|
|
22
|
+
|
|
23
|
+
|
|
7
24
|
## 2.1.3 (30 September 2021)
|
|
8
25
|
|
|
9
26
|
* Pass IP and timestamp as paramenters to mailer.
|
data/README.md
CHANGED
|
@@ -37,11 +37,9 @@ Simple to integrate into your application. The main task is customising the exa
|
|
|
37
37
|
Add the gem to your Gemfile:
|
|
38
38
|
|
|
39
39
|
```ruby
|
|
40
|
-
|
|
40
|
+
bundle add 'quo_vadis'
|
|
41
41
|
```
|
|
42
42
|
|
|
43
|
-
Then run `bundle install`.
|
|
44
|
-
|
|
45
43
|
Next, add the database tables:
|
|
46
44
|
|
|
47
45
|
```
|
|
@@ -119,7 +117,7 @@ end
|
|
|
119
117
|
|
|
120
118
|
__`login(model, browser_session = true)`__
|
|
121
119
|
|
|
122
|
-
To log in a user who has authenticated with a password, call `#login(model, browser_session = true)`. For the `browser_session` argument, pass `true` to log in for the duration of the browser session, or `false` to log in for `QuoVadis.session_lifetime` (which could be the browser session anyway).
|
|
120
|
+
To log in a user who has authenticated with a password, call `#login(model, browser_session = true, metadata: {})`. For the `browser_session` argument, optionally pass `true` to log in for the duration of the browser session, or `false` to log in for `QuoVadis.session_lifetime` (which could be the browser session anyway). Any metadata are stored in the log entry for the login.
|
|
123
121
|
|
|
124
122
|
__`request_confirmation(model)`__
|
|
125
123
|
|
|
@@ -9,7 +9,7 @@ module QuoVadis
|
|
|
9
9
|
|
|
10
10
|
def index
|
|
11
11
|
@qv_session = qv.session
|
|
12
|
-
@qv_sessions = @qv_session.account.sessions
|
|
12
|
+
@qv_sessions = @qv_session.account.sessions.new_to_old
|
|
13
13
|
end
|
|
14
14
|
|
|
15
15
|
|
|
@@ -58,12 +58,12 @@ module QuoVadis
|
|
|
58
58
|
current_qv_session.account.sessions.destroy params[:id]
|
|
59
59
|
qv.log current_qv_session.account, Log::LOGOUT_OTHER
|
|
60
60
|
flash[:notice] = QuoVadis.translate 'flash.logout.other'
|
|
61
|
-
redirect_to action: :index
|
|
61
|
+
redirect_to action: :index, status: :see_other
|
|
62
62
|
else # this session
|
|
63
63
|
qv.log authenticated_model.qv_account, Log::LOGOUT
|
|
64
64
|
qv.logout
|
|
65
65
|
flash[:notice] = QuoVadis.translate 'flash.logout.self'
|
|
66
|
-
redirect_to main_app.root_path
|
|
66
|
+
redirect_to main_app.root_path, status: :see_other
|
|
67
67
|
end
|
|
68
68
|
end
|
|
69
69
|
|
|
@@ -14,7 +14,7 @@ module QuoVadis
|
|
|
14
14
|
account.sessions.each &:reset_authenticated_with_second_factor # OWASP ASV v4.0, 2.8.6
|
|
15
15
|
qv.log account, Log::TWOFA_DEACTIVATED
|
|
16
16
|
QuoVadis.notify :twofa_deactivated_notification, email: authenticated_model.email
|
|
17
|
-
redirect_to twofa_path, notice: QuoVadis.translate('flash.2fa.invalidated')
|
|
17
|
+
redirect_to twofa_path, notice: QuoVadis.translate('flash.2fa.invalidated'), status: :see_other
|
|
18
18
|
end
|
|
19
19
|
|
|
20
20
|
private
|
|
@@ -3,6 +3,9 @@
|
|
|
3
3
|
<table>
|
|
4
4
|
<thead>
|
|
5
5
|
<tr>
|
|
6
|
+
<th>Signed in</th>
|
|
7
|
+
<th>Last seen</th>
|
|
8
|
+
<th>2FA used</th>
|
|
6
9
|
<th>IP</th>
|
|
7
10
|
<th>User agent</th>
|
|
8
11
|
<th></th>
|
|
@@ -11,6 +14,9 @@
|
|
|
11
14
|
<tbody>
|
|
12
15
|
<% @qv_sessions.each do |sess| %>
|
|
13
16
|
<tr>
|
|
17
|
+
<td><time datetime="<%= sess.created_at.to_formatted_s(:iso_8601) %>"><%= sess.created_at.to_formatted_s('%-d %B %Y') %></time></td>
|
|
18
|
+
<td><time datetime="<%= sess.last_seen_at.to_formatted_s(:iso_8601) %>"><%= sess.last_seen_at.to_formatted_s('%-d %B %Y') %></time></td>
|
|
19
|
+
<td><%= sess.second_factor_authenticated? ? 'Yes' : 'No' %></td>
|
|
14
20
|
<td><%= sess.ip %></td>
|
|
15
21
|
<td><%= sess.user_agent %></td>
|
|
16
22
|
<td>
|
data/lib/quo_vadis/controller.rb
CHANGED
|
@@ -36,8 +36,8 @@ module QuoVadis
|
|
|
36
36
|
#
|
|
37
37
|
# browser_session - true: login only for duration of browser session
|
|
38
38
|
# false: login for QuoVadis.session_lifetime (which may be browser session anyway)
|
|
39
|
-
def login(model, browser_session = true)
|
|
40
|
-
qv.log model.qv_account, Log::LOGIN_SUCCESS
|
|
39
|
+
def login(model, browser_session = true, metadata: {})
|
|
40
|
+
qv.log model.qv_account, Log::LOGIN_SUCCESS, metadata
|
|
41
41
|
|
|
42
42
|
qv.prevent_rails_session_fixation
|
|
43
43
|
|
data/lib/quo_vadis/version.rb
CHANGED
data/quo_vadis.gemspec
CHANGED
|
@@ -8,7 +8,7 @@ Gem::Specification.new do |spec|
|
|
|
8
8
|
spec.authors = ['Andy Stewart']
|
|
9
9
|
spec.email = ['boss@airbladesoftware.com']
|
|
10
10
|
|
|
11
|
-
spec.summary = 'Multifactor authentication for Rails 6.'
|
|
11
|
+
spec.summary = 'Multifactor authentication for Rails 6 and 7.'
|
|
12
12
|
spec.homepage = 'https://github.com/airblade/quo_vadis'
|
|
13
13
|
spec.license = 'MIT'
|
|
14
14
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: quo_vadis
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.1.
|
|
4
|
+
version: 2.1.6
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Andy Stewart
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2022-05-30 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rails
|
|
@@ -224,8 +224,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
224
224
|
- !ruby/object:Gem::Version
|
|
225
225
|
version: '0'
|
|
226
226
|
requirements: []
|
|
227
|
-
rubygems_version: 3.
|
|
227
|
+
rubygems_version: 3.2.22
|
|
228
228
|
signing_key:
|
|
229
229
|
specification_version: 4
|
|
230
|
-
summary: Multifactor authentication for Rails 6.
|
|
230
|
+
summary: Multifactor authentication for Rails 6 and 7.
|
|
231
231
|
test_files: []
|