quo_vadis 2.2.0 → 2.2.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (11) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +7 -0
  3. data/README.md +36 -2
  4. data/app/views/quo_vadis/password_resets/new.html.erb +1 -1
  5. data/app/views/quo_vadis/sessions/new.html.erb +1 -1
  6. data/lib/quo_vadis/controller.rb +1 -1
  7. data/lib/quo_vadis/version.rb +1 -1
  8. data/test/README.md +6 -0
  9. data/test/dummy/app/controllers/articles_controller.rb +1 -0
  10. data/test/integration/sessions_test.rb +16 -0
  11. metadata +4 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 5e9808f4e29d96b1c9deac895bb45ebacbeb046928f22851fe618593abb49fa4
4
- data.tar.gz: 38980863633e441f4c5d28c2fe03e5d8e6357afc4f4ddd4546f4492205aee48c
3
+ metadata.gz: f55b91cf69117006b0dce03a6b0d38423b587bf460c05e24984735de6a4cf8a3
4
+ data.tar.gz: 6a309a19fd35aaacbf1ec8ff5df7544ab980cecfad30664f6f0abb3778eb1d37
5
5
  SHA512:
6
- metadata.gz: cb68d8909ca3343ed508dbe5c0510860a358cb39398d2bb5b91f999c6a74935e8bb09d41a27de5bcdc1a3061cb280865ce146fa168fa88690fc37f030cd83a78
7
- data.tar.gz: 6b5e022eab6f659dd4620117595c9ff9b9527f532d6963b732d149db4316f833626cca40f5e89cd7b8071ebea7e87ff64462c71c8104628b033447debec7a2a2
6
+ metadata.gz: 70bb7a3fc80f540889eb0aff8416d75759e4b2564d17d8605ad368ea8eb53e803bda66b91dd8ba0192ee061148a62fe034d164becfd4b41876100c740edfe008
7
+ data.tar.gz: cfaa08ccde542121a46a361dbdbff4a56fd6d77b4295cc1f5e0232b7c94e1514a7a422a7138add4d9e8f964a451e0038fa065f8e49a8d79a5594e180c0bb63a2
data/CHANGELOG.md CHANGED
@@ -4,6 +4,13 @@
4
4
  ## HEAD
5
5
 
6
6
 
7
+ ## 2.2.1 (1 August 2023)
8
+
9
+ * Do not clear application session data on logout.
10
+ * Use 'email' type for email input fields.
11
+ * Document how to log out.
12
+
13
+
7
14
  ## 2.2.0 (17 April 2023)
8
15
 
9
16
  * Improve the readme with internal links and more section headings.
data/README.md CHANGED
@@ -171,7 +171,7 @@ Your new user sign-up form ([example](https://github.com/airblade/quo_vadis/blob
171
171
  - a field for their identifier;
172
172
  - an `:email` field if the identifier is not their email.
173
173
 
174
- In your controller, use the [`#login`](#loginmodel-browser_session-%3D-true) method to log in your new user. The optional second argument specifies for how long the user should be logged in, and any metadata you supply is logged in the audit log.
174
+ In your controller, use the [`#login`](#loginmodel-browser_session--true-metadata-) method to log in your new user. The optional second argument specifies for how long the user should be logged in, and any metadata you supply is logged in the audit log.
175
175
 
176
176
  After logging in the user, redirect them wherever you like. You can use `qv.path_after_signup` which resolves to the first of these routes that exists: `:after_signup`, `:after_login`, the root route.
177
177
 
@@ -238,6 +238,40 @@ After authenticating the user will be redirected to the first of these that exis
238
238
  - your root route.
239
239
 
240
240
 
241
+ ### Logout
242
+
243
+ Send a DELETE request to `quo_vadis.logout_path`. For example:
244
+
245
+ ```ruby
246
+ button_to 'Log out', quo_vadis.logout_path, method: :delete
247
+ ```
248
+
249
+ Note you are responsible for removing any application session data you want removed. To do so, subclass `QuoVadis::SessionsController` and override the `destroy` method:
250
+
251
+ ````ruby
252
+ # app/controllers/custom_sessions_controller.rb
253
+ class CustomSessionsController < QuoVadis::SessionsController
254
+ def destroy
255
+ reset_session
256
+ super
257
+ end
258
+ end
259
+ ```
260
+
261
+ Add a route:
262
+
263
+ ```ruby
264
+ # config/routes.rb
265
+ delete 'logout', to: 'custom_sessions#destroy'
266
+ ```
267
+
268
+ And then point your log out button at your custom action:
269
+
270
+ ```ruby
271
+ button_to 'Log out', main_app.logout_path, method: :delete
272
+ ```
273
+
274
+
241
275
  ### Two-factor authentication (2FA) or Two-step verification (2SV)
242
276
 
243
277
  If you do not want 2FA at all, set `QuoVadis.two_factor_authentication_mandatory false` in your configuration and skip the rest of this section.
@@ -490,6 +524,6 @@ If you don't want a specific flash message at all, give the key an empty value i
490
524
 
491
525
  ## Intellectual Property
492
526
 
493
- Copyright 2011-2022 Andrew Stewart (boss@airbladesoftware.com).
527
+ Copyright Andrew Stewart (boss@airbladesoftware.com).
494
528
 
495
529
  Released under the MIT licence.
data/app/views/quo_vadis/password_resets/new.html.erb CHANGED
@@ -3,7 +3,7 @@
3
3
  <%= form_with url: password_reset_path, method: :post do |f| %>
4
4
  <p>
5
5
  <%= f.label :email %>
6
- <%= f.text_field :email, inputmode: 'email', autocomplete: 'email' %>
6
+ <%= f.text_field :email, type: 'email', inputmode: 'email', autocomplete: 'email' %>
7
7
  </p>
8
8
 
9
9
  <p>
data/app/views/quo_vadis/sessions/new.html.erb CHANGED
@@ -3,7 +3,7 @@
3
3
  <%= form_with url: login_path, method: :post do |f| %>
4
4
  <p>
5
5
  <%= f.label :email %>
6
- <%= f.text_field :email, inputmode: 'email', autocomplete: 'email' %>
6
+ <%= f.text_field :email, type: 'email', inputmode: 'email', autocomplete: 'email' %>
7
7
  </p>
8
8
 
9
9
  <p>
data/lib/quo_vadis/controller.rb CHANGED
@@ -190,7 +190,7 @@ module QuoVadis
190
190
  def logout
191
191
  session&.destroy
192
192
  clear_session_id
193
- reset_session
193
+ prevent_rails_session_fixation
194
194
  controller.instance_variable_set :@authenticated_model, nil
195
195
  end
196
196
 
data/lib/quo_vadis/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module QuoVadis
4
- VERSION = '2.2.0'
4
+ VERSION = '2.2.1'
5
5
  end
data/test/README.md ADDED
@@ -0,0 +1,6 @@
1
+ # Testing
2
+
3
+ Run tests with:
4
+
5
+ bundle exec rails test
6
+
data/test/dummy/app/controllers/articles_controller.rb CHANGED
@@ -6,6 +6,7 @@ class ArticlesController < ApplicationController
6
6
  end
7
7
 
8
8
  def secret
9
+ session[:foo] = 'bar'
9
10
  end
10
11
 
11
12
  def also_secret
data/test/integration/sessions_test.rb CHANGED
@@ -69,6 +69,22 @@ class SessionsTest < IntegrationTest
69
69
  end
70
70
 
71
71
 
72
+ test 'non-authentication session data is not removed on logout' do
73
+ desktop = login
74
+ session_id = desktop.session.id
75
+
76
+ desktop.get secret_articles_path
77
+ assert_equal 'bar', desktop.session[:foo]
78
+
79
+ desktop.delete quo_vadis.logout_path
80
+ refute desktop.controller.logged_in?
81
+
82
+ desktop.get articles_path
83
+ assert_equal 'bar', desktop.session[:foo]
84
+ refute_equal session_id, desktop.session.id
85
+ end
86
+
87
+
72
88
  private
73
89
 
74
90
  # starts a new rails session and logs in
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: quo_vadis
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.2.0
4
+ version: 2.2.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Andy Stewart
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-04-17 00:00:00.000000000 Z
11
+ date: 2023-08-01 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rails
@@ -136,6 +136,7 @@ files:
136
136
  - lib/quo_vadis/model.rb
137
137
  - lib/quo_vadis/version.rb
138
138
  - quo_vadis.gemspec
139
+ - test/README.md
139
140
  - test/dummy/README.markdown
140
141
  - test/dummy/Rakefile
141
142
  - test/dummy/app/controllers/application_controller.rb
@@ -218,7 +219,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
218
219
  - !ruby/object:Gem::Version
219
220
  version: '0'
220
221
  requirements: []
221
- rubygems_version: 3.2.33
222
+ rubygems_version: 3.4.10
222
223
  signing_key:
223
224
  specification_version: 4
224
225
  summary: Multifactor authentication for Rails 6 and 7.