quo_vadis 2.2.1 → 2.2.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f55b91cf69117006b0dce03a6b0d38423b587bf460c05e24984735de6a4cf8a3
-  data.tar.gz: 6a309a19fd35aaacbf1ec8ff5df7544ab980cecfad30664f6f0abb3778eb1d37
+  metadata.gz: e38d43ca3eb42e7fe421725da06631c57c15308a0ee0fcb395043b3c8d922bde
+  data.tar.gz: 2e09223593c598cdfcad8cb5947dc4065b499e9a9dee06e8eec1a7cd6124003a
 SHA512:
-  metadata.gz: 70bb7a3fc80f540889eb0aff8416d75759e4b2564d17d8605ad368ea8eb53e803bda66b91dd8ba0192ee061148a62fe034d164becfd4b41876100c740edfe008
-  data.tar.gz: cfaa08ccde542121a46a361dbdbff4a56fd6d77b4295cc1f5e0232b7c94e1514a7a422a7138add4d9e8f964a451e0038fa065f8e49a8d79a5594e180c0bb63a2
+  metadata.gz: 69048fb28b48d94329ee3269cb706f583796893a2a8a6d7177adfb2b9b022f7fe84e4076044816d33d6e4a02b6529b3413c12b38f6dc6a3f3672095683a04610
+  data.tar.gz: fd2a1c93a899e07d1e9bb2a393a52eccbdb5f9256c894d03ca1eb34bc867f351dfe12149d45879ab5bc5960f9d393cdbbe7f5dc24ab43a46cc3cfa50a6454b44

data/CHANGELOG.md

@@ -4,9 +4,21 @@
 ## HEAD
 
 
+## 2.2.3 (22 May 2024)
+
+* Add login shortcut for speedier tests.
+
+
+## 2.2.2 (30 April 2024)
+
+* Do not update last activity time for ActiveStorage (#23).
+* Fix login success-flash to not be reset (#37).
+* Add issue numbers to changelog entries.
+
+
 ## 2.2.1 (1 August 2023)
 
-* Do not clear application session data on logout.
+* Do not clear application session data on logout (#34).
 * Use 'email' type for email input fields.
 * Document how to log out.
 
@@ -14,10 +26,10 @@
 ## 2.2.0 (17 April 2023)
 
 * Improve the readme with internal links and more section headings.
-* Rename `password_reset_token_lifetime` to `password_reset_otp_lifetime`.
-* Use OTP instead of link for password reset.
-* Rename `account_confirmation_token_lifetime` to `account_confirmation_otp_lifetime`.
-* Use OTP instead of link for account confirmation.
+* Rename `password_reset_token_lifetime` to `password_reset_otp_lifetime` (#28).
+* Use OTP instead of link for password reset (#28).
+* Rename `account_confirmation_token_lifetime` to `account_confirmation_otp_lifetime` (#28).
+* Use OTP instead of link for account confirmation (#28).
 
 
 ## 2.1.11 (14 September 2022)
@@ -27,18 +39,18 @@
 
 ## 2.1.10 (14 September 2022)
 
-* Enable configuration of mailer superclass.
+* Enable configuration of mailer superclass (#30).
 
 
 ## 2.1.9 (13 September 2022)
 
-* Enable code to be run after sign up.
+* Enable code to be run after sign up (#29).
 
 
 ## 2.1.8 (18 June 2022)
 
-* Extract convenience method for has authentication account.
-* Only authenticating models react to email change.
+* Extract convenience method for has authentication account (#26).
+* Only authenticating models react to email change (#26).
 
 
 ## 2.1.7 (30 May 2022)
@@ -54,7 +66,7 @@
 
 ## 2.1.5 (27 May 2022)
 
-* Order sessions list and display more information.
+* Order sessions list and display more information (#25).
 * Set status 303 See Other on destroy redirects.
 * Streamline bundler instructions.
 
@@ -66,7 +78,7 @@
 
 ## 2.1.3 (30 September 2021)
 
-* Pass IP and timestamp as parameters to mailer.
+* Pass IP and timestamp as parameters to mailer (#24).
 
 
 ## 2.1.2 (30 September 2021)
@@ -78,8 +90,8 @@
 
 * Remove unnecessary route names.
 * Add user revocation.
-* Ensure password is only updated via #change or #reset.
-* Move views into gem's app/views/ directory.
+* Ensure password is only updated via #change or #reset (#15).
+* Move views into gem's app/views/ directory (#22).
 
 
 ## 2.1.0 (25 June 2021)
@@ -97,8 +109,8 @@
 
 ## 2.0.2 (24 May 2021)
 
-* Account confirmation: enable updating of email address.
-* Account confirmation: enable direct resending of email.
+* Account confirmation: enable updating of email address (#21).
+* Account confirmation: enable direct resending of email (#21).
 * Log unknown identifier in metadata.
 
 

data/README.md

@@ -12,6 +12,7 @@ Simple to integrate into your application.  The main task is customising the exa
 ### General features
 
 - Works with any model, e.g. `User` or `Person`.
+- Works with multiple models, e.g. `User` and `Admin`.
 - Works with any identifier, e.g. `:username` or `:email`.
 - Minimal footprint in your models and controllers.
 - Does not touch your existing database tables.
@@ -31,6 +32,10 @@ Simple to integrate into your application.  The main task is customising the exa
 - Email-notifications of updates to authentication details.
 - Audit trail.
 
+### Testing
+
+- Can shortcut logging in for speedier tests.
+
 
 ## Installation
 
@@ -248,7 +253,7 @@ button_to 'Log out', quo_vadis.logout_path, method: :delete
 
 Note you are responsible for removing any application session data you want removed.  To do so, subclass `QuoVadis::SessionsController` and override the `destroy` method:
 
-````ruby
+```ruby
 # app/controllers/custom_sessions_controller.rb
 class CustomSessionsController < QuoVadis::SessionsController
   def destroy
@@ -384,6 +389,22 @@ They must be in `app/views/quo_vadis/mailer/NAME.{text,html}.erb`.
 You can revoke a user's access by calling `#revoke_authentication_credentials` on the model instance.  This deletes the user's password, TOTP credential, recovery codes, and active sessions.  Their authentication logs, or audit trail, are preserved.
 
 
+## Shortcut logging in for functional, integration, and system tests
+
+Instead of going through your login page to log in before every test, you can tell QuoVadis which model to authenticate as when visiting the first URL in your test.
+
+Use a `login` param pointing to your model's global ID.  Note that the model must be able to log in normally, i.e. it must have a password (and therefore a `qv_account`).
+
+For example:
+
+```ruby
+@user = User.create(email: '...', password: '...')
+visit dashboard_path(login: @user.to_global_id)
+```
+
+This only works in the test environment.
+
+
 ## Configuration
 
 This is QuoVadis' [default configuration](https://github.com/airblade/quo_vadis/blob/master/lib/quo_vadis/defaults.rb):

data/app/controllers/quo_vadis/sessions_controller.rb

@@ -39,10 +39,10 @@ module QuoVadis
       #    params[:remember] == 1 => use QuoVadis.session_lifetime
       browser_session = params[:remember] == '0'
 
-      flash[:notice] = QuoVadis.translate 'flash.login.success'
-
       login account.model, browser_session
 
+      flash[:notice] = QuoVadis.translate 'flash.login.success'
+
       redirect_to qv.path_after_authentication
     end
 

data/lib/quo_vadis/controller.rb

@@ -4,6 +4,15 @@ module QuoVadis
   module Controller
 
     def self.included(base)
+      if Rails.env.test?
+        base.before_action {
+          if params[:login]
+            model = GlobalID::Locator.locate(params.delete(:login))
+            login model
+          end
+        }
+      end
+
       base.before_action { CurrentRequestDetails.request = request }
 
       base.helper_method :authenticated_model, :logged_in?
@@ -11,7 +20,13 @@ module QuoVadis
       # Remember the last activity time so we can timeout idle sessions.
       # This has to be done after that timestamp is checked (in `#authenticated_model`)
       # otherwise sessions could never look idle.
-      base.after_action { |controller| controller.qv.touch_session_last_seen_at }
+      #
+      # Ignores ActiveStorage requests.
+      base.after_action { |controller|
+        if !defined?(::ActiveStorage) || !controller.class.module_parents.include?(::ActiveStorage)
+          controller.qv.touch_session_last_seen_at
+        end
+      }
     end
 
 

data/lib/quo_vadis/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module QuoVadis
-  VERSION = '2.2.1'
+  VERSION = '2.2.3'
 end

data/test/integration/controller_test.rb

@@ -14,6 +14,14 @@ class ControllerTest < IntegrationTest
   end
 
 
+  test 'shortcut login' do
+    get secret_articles_path(login: User.first.to_global_id)
+
+    assert_response :success
+    assert_equal secret_articles_path, path
+  end
+
+
   test 'require_authentication when not logged in' do
     get secret_articles_path
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: quo_vadis
 version: !ruby/object:Gem::Version
-  version: 2.2.1
+  version: 2.2.3
 platform: ruby
 authors:
 - Andy Stewart
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-08-01 00:00:00.000000000 Z
+date: 2024-05-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -219,7 +219,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.4.10
+rubygems_version: 3.5.3
 signing_key:
 specification_version: 4
 summary: Multifactor authentication for Rails 6 and 7.