quo_vadis 2.1.3 → 2.1.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +17 -0
- data/README.md +2 -4
- data/app/controllers/quo_vadis/sessions_controller.rb +3 -3
- data/app/controllers/quo_vadis/twofas_controller.rb +1 -1
- data/app/models/quo_vadis/session.rb +1 -0
- data/app/views/quo_vadis/sessions/index.html.erb +6 -0
- data/lib/quo_vadis/controller.rb +2 -2
- data/lib/quo_vadis/version.rb +1 -1
- data/quo_vadis.gemspec +1 -1
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 7ae53bae73aaf968a8edec5148304394b411eace9c0df39069c6b240e90a6ea9
|
|
4
|
+
data.tar.gz: 4980707b8a6670298f0d99f7f1a554767c12323055d5103057c3028837da49af
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 00f025682cb8623ff02713e15bf25fdcc8c2a2964273bbc9f450f562375d18dd508ae1e729657cfa2275f2cb92672ef75b278edf8dbebd75cb2d6064d6c974b9
|
|
7
|
+
data.tar.gz: c017aa443847c3d62dd17e8e384f50db13e11f63189008787be7d896ebc80a362318328139537859d8613a240607362ef2bd81c5022a99a358086f77d079bedf
|
data/CHANGELOG.md
CHANGED
|
@@ -4,6 +4,23 @@
|
|
|
4
4
|
## HEAD
|
|
5
5
|
|
|
6
6
|
|
|
7
|
+
## 2.1.6 (30 May 2022)
|
|
8
|
+
|
|
9
|
+
* Fix typo in session scope.
|
|
10
|
+
|
|
11
|
+
|
|
12
|
+
## 2.1.5 (27 May 2022)
|
|
13
|
+
|
|
14
|
+
* Order sessions list and display more information.
|
|
15
|
+
* Set status 303 See Other on destroy redirects.
|
|
16
|
+
* Streamline bundler instructions.
|
|
17
|
+
|
|
18
|
+
|
|
19
|
+
## 2.1.4 (2 October 2021)
|
|
20
|
+
|
|
21
|
+
* Allow metadata for login log.
|
|
22
|
+
|
|
23
|
+
|
|
7
24
|
## 2.1.3 (30 September 2021)
|
|
8
25
|
|
|
9
26
|
* Pass IP and timestamp as paramenters to mailer.
|
data/README.md
CHANGED
|
@@ -37,11 +37,9 @@ Simple to integrate into your application. The main task is customising the exa
|
|
|
37
37
|
Add the gem to your Gemfile:
|
|
38
38
|
|
|
39
39
|
```ruby
|
|
40
|
-
|
|
40
|
+
bundle add 'quo_vadis'
|
|
41
41
|
```
|
|
42
42
|
|
|
43
|
-
Then run `bundle install`.
|
|
44
|
-
|
|
45
43
|
Next, add the database tables:
|
|
46
44
|
|
|
47
45
|
```
|
|
@@ -119,7 +117,7 @@ end
|
|
|
119
117
|
|
|
120
118
|
__`login(model, browser_session = true)`__
|
|
121
119
|
|
|
122
|
-
To log in a user who has authenticated with a password, call `#login(model, browser_session = true)`. For the `browser_session` argument, pass `true` to log in for the duration of the browser session, or `false` to log in for `QuoVadis.session_lifetime` (which could be the browser session anyway).
|
|
120
|
+
To log in a user who has authenticated with a password, call `#login(model, browser_session = true, metadata: {})`. For the `browser_session` argument, optionally pass `true` to log in for the duration of the browser session, or `false` to log in for `QuoVadis.session_lifetime` (which could be the browser session anyway). Any metadata are stored in the log entry for the login.
|
|
123
121
|
|
|
124
122
|
__`request_confirmation(model)`__
|
|
125
123
|
|
|
@@ -9,7 +9,7 @@ module QuoVadis
|
|
|
9
9
|
|
|
10
10
|
def index
|
|
11
11
|
@qv_session = qv.session
|
|
12
|
-
@qv_sessions = @qv_session.account.sessions
|
|
12
|
+
@qv_sessions = @qv_session.account.sessions.new_to_old
|
|
13
13
|
end
|
|
14
14
|
|
|
15
15
|
|
|
@@ -58,12 +58,12 @@ module QuoVadis
|
|
|
58
58
|
current_qv_session.account.sessions.destroy params[:id]
|
|
59
59
|
qv.log current_qv_session.account, Log::LOGOUT_OTHER
|
|
60
60
|
flash[:notice] = QuoVadis.translate 'flash.logout.other'
|
|
61
|
-
redirect_to action: :index
|
|
61
|
+
redirect_to action: :index, status: :see_other
|
|
62
62
|
else # this session
|
|
63
63
|
qv.log authenticated_model.qv_account, Log::LOGOUT
|
|
64
64
|
qv.logout
|
|
65
65
|
flash[:notice] = QuoVadis.translate 'flash.logout.self'
|
|
66
|
-
redirect_to main_app.root_path
|
|
66
|
+
redirect_to main_app.root_path, status: :see_other
|
|
67
67
|
end
|
|
68
68
|
end
|
|
69
69
|
|
|
@@ -14,7 +14,7 @@ module QuoVadis
|
|
|
14
14
|
account.sessions.each &:reset_authenticated_with_second_factor # OWASP ASV v4.0, 2.8.6
|
|
15
15
|
qv.log account, Log::TWOFA_DEACTIVATED
|
|
16
16
|
QuoVadis.notify :twofa_deactivated_notification, email: authenticated_model.email
|
|
17
|
-
redirect_to twofa_path, notice: QuoVadis.translate('flash.2fa.invalidated')
|
|
17
|
+
redirect_to twofa_path, notice: QuoVadis.translate('flash.2fa.invalidated'), status: :see_other
|
|
18
18
|
end
|
|
19
19
|
|
|
20
20
|
private
|
|
@@ -3,6 +3,9 @@
|
|
|
3
3
|
<table>
|
|
4
4
|
<thead>
|
|
5
5
|
<tr>
|
|
6
|
+
<th>Signed in</th>
|
|
7
|
+
<th>Last seen</th>
|
|
8
|
+
<th>2FA used</th>
|
|
6
9
|
<th>IP</th>
|
|
7
10
|
<th>User agent</th>
|
|
8
11
|
<th></th>
|
|
@@ -11,6 +14,9 @@
|
|
|
11
14
|
<tbody>
|
|
12
15
|
<% @qv_sessions.each do |sess| %>
|
|
13
16
|
<tr>
|
|
17
|
+
<td><time datetime="<%= sess.created_at.to_formatted_s(:iso_8601) %>"><%= sess.created_at.to_formatted_s('%-d %B %Y') %></time></td>
|
|
18
|
+
<td><time datetime="<%= sess.last_seen_at.to_formatted_s(:iso_8601) %>"><%= sess.last_seen_at.to_formatted_s('%-d %B %Y') %></time></td>
|
|
19
|
+
<td><%= sess.second_factor_authenticated? ? 'Yes' : 'No' %></td>
|
|
14
20
|
<td><%= sess.ip %></td>
|
|
15
21
|
<td><%= sess.user_agent %></td>
|
|
16
22
|
<td>
|
data/lib/quo_vadis/controller.rb
CHANGED
|
@@ -36,8 +36,8 @@ module QuoVadis
|
|
|
36
36
|
#
|
|
37
37
|
# browser_session - true: login only for duration of browser session
|
|
38
38
|
# false: login for QuoVadis.session_lifetime (which may be browser session anyway)
|
|
39
|
-
def login(model, browser_session = true)
|
|
40
|
-
qv.log model.qv_account, Log::LOGIN_SUCCESS
|
|
39
|
+
def login(model, browser_session = true, metadata: {})
|
|
40
|
+
qv.log model.qv_account, Log::LOGIN_SUCCESS, metadata
|
|
41
41
|
|
|
42
42
|
qv.prevent_rails_session_fixation
|
|
43
43
|
|
data/lib/quo_vadis/version.rb
CHANGED
data/quo_vadis.gemspec
CHANGED
|
@@ -8,7 +8,7 @@ Gem::Specification.new do |spec|
|
|
|
8
8
|
spec.authors = ['Andy Stewart']
|
|
9
9
|
spec.email = ['boss@airbladesoftware.com']
|
|
10
10
|
|
|
11
|
-
spec.summary = 'Multifactor authentication for Rails 6.'
|
|
11
|
+
spec.summary = 'Multifactor authentication for Rails 6 and 7.'
|
|
12
12
|
spec.homepage = 'https://github.com/airblade/quo_vadis'
|
|
13
13
|
spec.license = 'MIT'
|
|
14
14
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: quo_vadis
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.1.
|
|
4
|
+
version: 2.1.6
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Andy Stewart
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2022-05-30 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rails
|
|
@@ -224,8 +224,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
224
224
|
- !ruby/object:Gem::Version
|
|
225
225
|
version: '0'
|
|
226
226
|
requirements: []
|
|
227
|
-
rubygems_version: 3.
|
|
227
|
+
rubygems_version: 3.2.22
|
|
228
228
|
signing_key:
|
|
229
229
|
specification_version: 4
|
|
230
|
-
summary: Multifactor authentication for Rails 6.
|
|
230
|
+
summary: Multifactor authentication for Rails 6 and 7.
|
|
231
231
|
test_files: []
|