RubyGems - rails_base - Versions diffs - 0.75.5 → 0.80.0 - Mend

rails_base 0.75.5 → 0.80.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (88) hide show

data/lib/rails_base/configuration/twilio.rb ADDED Viewed

@@ -0,0 +1,85 @@
+require 'rails_base/configuration/base'
+module RailsBase
+  module Configuration
+    class Twilio < Base
+      MFA_TYPE_OPTIONS = [ DEFAULT_TYPE = :totp, :twilio ]
+      MFA_MIN_LENGTH = 4
+      MFA_MAX_LENGTH = 8
+      DEFAULT_VALUES = {
+        enable: {
+          type: :boolean,
+          default: ENV.fetch('MFA_ENABLE', 'true')=='true',
+          description: 'Allow twilio as an MFA option.',
+        },
+        mfa_length: {
+          type: :integer,
+          default: 5,
+          custom: ->(val) { val > MFA_MIN_LENGTH && val < MFA_MAX_LENGTH },
+          msg: "Must be an integer greater than #{MFA_MIN_LENGTH} and less than #{MFA_MAX_LENGTH}",
+          description: 'Length of MFA verification',
+        },
+        twilio_sid: {
+          type: :string,
+          default: ENV.fetch('TWILIO_ACCOUNT_SID',''),
+          secret: true,
+          description: 'Twilio SID',
+        },
+        twilio_auth_token: {
+          type: :string,
+          default: ENV.fetch('TWILIO_AUTH_TOKEN', ''),
+          secret: true,
+          description: 'Twilio Auth Token',
+        },
+        twilio_from_number: {
+          type: :string,
+          default: ENV.fetch('TWILIO_FROM_NUMBER', ''),
+          description: 'Number that we send MFA\'s From',
+        },
+        twilio_velocity_max: {
+          type: :integer,
+          default: ENV.fetch('TWILIO_VELOCITY_MAX', 5).to_i,
+          description: 'Max number of SMS we send to a user in a sliding window',
+        },
+        twilio_velocity_max_in_frame: {
+          type: :duration,
+          default: ENV.fetch('TWILIO_VELOCITY_MAX_IN_FRAME', 1).to_i.hours,
+          description: 'Sliding window for twilio_velocity_max',
+        },
+        twilio_velocity_frame: {
+          type: :duration,
+          default: ENV.fetch('TWILIO_VELOCITY_FRAME', 5).to_i.hours,
+          description: 'Debug purposes. How long to keep admin_velocity_max attempts',
+        },
+        active_job_queue: {
+          type: :string,
+          default: 'twilio_sms',
+          description: 'The active job queue to send twilio messages from. Ensure that adapter is bound to the queue',
+        }
+      }
+      attr_accessor *DEFAULT_VALUES.keys
+      private
+      def custom_validations
+        enforce_twilio!
+      end
+      def enforce_twilio!
+        return unless enable == true
+        return if twilio_sid.present? &&
+          twilio_auth_token.present? &&
+          twilio_from_number.present?
+        raise InvalidConfiguration, "twilio_sid twilio_auth_token twilio_from_number need to be present when `mfa.enabled`"
+      end
+      def default_values
+        DEFAULT_VALUES
+      end
+    end
+  end
+end

data/lib/rails_base/mfa_event.rb ADDED Viewed

@@ -0,0 +1,186 @@
+# frozen_string_literal: true
+module RailsBase
+  class MfaEvent
+    ENABLE_SMS_EVENT = :sms_enable
+    DISABLE_SMS_EVENT = :sms_disable
+    FORGOT_PASSWORD = :forgot_password
+    ADMIN_VERIFY = :admin_verify
+    class InvalidParameter < ArgumentError; end
+    attr_reader :only_mfa, :phone_number, :set_satiated_on_success, :satiated, :access_count, :flash_notice, :sign_in_user,
+      :invalid_redirect, :ttl, :user_id, :event, :description, :death_time, :redirect, :params, :access_count_max
+    def self.admin_actions(user:)
+      params = {
+        user: user,
+        event: ADMIN_VERIFY,
+        ttl: 30.seconds,
+        redirect: "",
+        invalid_redirect: "",
+        flash_notice: "",
+      }
+      new(**params)
+    end
+    def self.login_event(user:)
+      params = {
+        user: user,
+        event: :login,
+        ttl: 1.minutes,
+        redirect: RailsBase.url_routes.authenticated_root_path,
+        invalid_redirect: RailsBase.url_routes.unauthenticated_root_path,
+        sign_in_user: true,
+        flash_notice: "Welcome #{user.full_name}. You have succesfully signed in"
+      }
+      new(**params)
+    end
+    # This is a JSON event not html; Can leave redirects/notice empty
+    def self.sms_enable(user:)
+      params = {
+        user: user,
+        event: ENABLE_SMS_EVENT,
+        ttl: 5.minutes,
+        invalid_redirect: RailsBase.url_routes.user_settings_path,
+        redirect: RailsBase.url_routes.user_settings_path,
+        flash_notice: ""
+      }
+      new(**params)
+    end
+    def self.sms_disable(user:)
+      params = {
+        user: user,
+        event: DISABLE_SMS_EVENT,
+        ttl: 5.minutes,
+        invalid_redirect: RailsBase.url_routes.user_settings_path,
+        redirect: RailsBase.url_routes.user_settings_path,
+        flash_notice: "SMS option for MFA is disabled"
+      }
+      new(**params)
+    end
+    def self.forgot_password(user:, data:)
+      params = {
+        user: user,
+        event: FORGOT_PASSWORD,
+        ttl: 2.minutes,
+        invalid_redirect: RailsBase.url_routes.unauthenticated_root_path,
+        redirect: RailsBase.url_routes.reset_password_input_path(data:),
+        flash_notice: "MFA success. You may now reset your forgotten password",
+        access_count_max: 1,
+      }
+      new(**params)
+    end
+    def initialize(event:, flash_notice:, redirect:, only_mfa: nil, phone_number: nil, ttl: nil, death_time: nil, user_id: nil, user: nil, invalid_redirect: nil, sign_in_user: false, access_count: 0, access_count_max: nil, satiated: false, set_satiated_on_success: true)
+      @death_time = begin
+        raw = (death_time || ttl&.from_now)
+        Time.zone.parse(raw.to_s) rescue nil
+      end
+      @access_count = access_count
+      @access_count_max = access_count_max
+      @event = event
+      @flash_notice = flash_notice
+      @invalid_redirect = invalid_redirect || RailsBase.url_routes.authenticated_root_path
+      @only_mfa = only_mfa
+      @phone_number = phone_number
+      @redirect = redirect
+      @satiated = satiated
+      @set_satiated_on_success = set_satiated_on_success
+      @sign_in_user = sign_in_user
+      @user_id = user_id || user.id rescue nil
+      validate_data!
+    end
+    def to_hash
+      {
+        access_count:,
+        access_count_max:,
+        death_time:,
+        event:,
+        flash_notice:,
+        invalid_redirect:,
+        only_mfa:,
+        phone_number:,
+        redirect:,
+        satiated:,
+        set_satiated_on_success:,
+        sign_in_user:,
+        user_id:,
+      }
+    end
+    def access_count
+      @access_count
+    end
+    def satiated!
+      @satiated = true
+    end
+    def satiated?
+      @satiated
+    end
+    def increase_access_count!
+      @access_count += 1
+    end
+    def valid?
+      valid_by_death_time? && valid_by_access_count?
+    end
+    def valid_by_death_time?
+      death_time >= Time.now
+    end
+    def valid_by_access_count?
+      return true if @access_count_max.nil?
+      @access_count_max
+    end
+    def invalid_reasons
+      arr = []
+      arr << "Max Access count reached" unless valid_by_death_time?
+      arr << "#{event} has expired" unless valid_by_access_count?
+      arr
+    end
+    private
+    def validate_data!
+      raise_event!(value: @event, name: :event, klass: [String, Symbol])
+      raise_event!(value: @death_time, name: :death_time, klass: [ActiveSupport::TimeWithZone])
+      raise_event!(value: @redirect, name: :redirect, klass: [String])
+      raise_event!(value: @user_id, name: :user, klass: [Integer])
+      raise_event!(value: @flash_notice, name: :flash_notice, klass: [String])
+      raise_event!(value: @access_count, name: :access_count, klass: [Integer])
+      raise_event!(value: @access_count_max, name: :access_count_max, klass: [Integer, NilClass])
+    end
+    def raise_event!(value:, name:, klass:, &blk)
+      boolean = klass.include?(value.class)
+      raise_message = nil
+      if boolean && block_given?
+        raise_message = yield(value)
+      end
+      boolean = false if raise_message
+      return if boolean
+      message = raise_message || "@#{name}=#{value}. Value is expected to be in #{klass}"
+      raise InvalidParameter, message
+    end
+  end
+end

data/lib/rails_base/version.rb CHANGED Viewed

@@ -1,7 +1,7 @@
 module RailsBase
-  MAJOR = '0'
-  MINOR = '75'
-  PATCH = '5'
+  MAJOR = "0"
+  MINOR = "80"
+  PATCH = "0"
   VERSION = "#{MAJOR}.#{MINOR}.#{PATCH}"
   def self.print_version

data/lib/rails_base.rb CHANGED Viewed

@@ -15,6 +15,7 @@ require 'switch_user'
 require 'rails_base/admin/action_cache'
 require 'rails_base/config'
+require 'rails_base/mfa_event'
 module RailsBase

data/lib/twilio_helper.rb CHANGED Viewed

@@ -2,9 +2,9 @@ require 'twilio-ruby'
 class TwilioHelper
   class << self
-    TWILIO_ACCOUNT_SID = RailsBase.config.mfa.twilio_sid
-    TWILIO_AUTH_TOKEN = RailsBase.config.mfa.twilio_auth_token
-    TWILIO_FROM_NUMBER = RailsBase.config.mfa.twilio_from_number
+    TWILIO_ACCOUNT_SID = RailsBase.config.twilio.twilio_sid
+    TWILIO_AUTH_TOKEN = RailsBase.config.twilio.twilio_auth_token
+    TWILIO_FROM_NUMBER = RailsBase.config.twilio.twilio_from_number
     def send_sms(message:, to:)
       Rails.logger.info "Sending Twilio message:[#{message}] to [#{to}]"