RubyGems - rails_base - Versions diffs - 0.75.6 → 0.81.0 - Mend

rails_base 0.75.6 → 0.81.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (88) hide show

metadata CHANGED Viewed

@@ -1,45 +1,45 @@
 --- !ruby/object:Gem::Specification
 name: rails_base
 version: !ruby/object:Gem::Version
-  version: 0.75.6
+  version: 0.81.0
 platform: ruby
 authors:
 - Matt Taylor
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-04-21 00:00:00.000000000 Z
+date: 2024-09-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
-  name: rails
+  name: allow_numeric
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '6.1'
+        version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '6.1'
+        version: '0'
 - !ruby/object:Gem::Dependency
-  name: zeitwerk
+  name: bootstrap
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.6.5
+        version: 4.6.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.6.5
+        version: 4.6.0
 - !ruby/object:Gem::Dependency
-  name: mysql2
+  name: browser
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -53,7 +53,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: sass-rails
+  name: coffee-rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -67,7 +67,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: uglifier
+  name: devise
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -81,7 +81,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: turbolinks
+  name: dotiw
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -95,7 +95,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: coffee-rails
+  name: interactor
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -129,63 +129,91 @@ dependencies:
       - !ruby/object:Gem::Version
         version: 4.3.3
 - !ruby/object:Gem::Dependency
-  name: rails-ujs
+  name: jquery_mask_rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 0.1.0
+        version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 0.1.0
+        version: '0'
 - !ruby/object:Gem::Dependency
-  name: bootstrap
+  name: mysql2
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '6'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '6'
+- !ruby/object:Gem::Dependency
+  name: rails-ujs
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 4.6.0
+        version: 0.1.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 4.6.0
+        version: 0.1.0
 - !ruby/object:Gem::Dependency
-  name: devise
+  name: redis
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 4.2.5
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 4.2.5
 - !ruby/object:Gem::Dependency
-  name: twilio-ruby
+  name: redis-namespace
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 1.8.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 1.8.1
 - !ruby/object:Gem::Dependency
-  name: interactor
+  name: rotp
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -199,7 +227,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: allow_numeric
+  name: rqrcode
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -213,7 +241,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: jquery_mask_rails
+  name: sass-rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -227,7 +255,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: browser
+  name: switch_user
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -241,7 +269,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: dotiw
+  name: turbolinks
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -255,47 +283,47 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: redis
+  name: twilio-ruby
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 4.2.5
+        version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 4.2.5
+        version: '0'
 - !ruby/object:Gem::Dependency
-  name: redis-namespace
+  name: uglifier
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.8.1
+        version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.8.1
+        version: '0'
 - !ruby/object:Gem::Dependency
-  name: switch_user
+  name: zeitwerk
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 2.6.5
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 2.6.5
 - !ruby/object:Gem::Dependency
   name: annotate
   requirement: !ruby/object:Gem::Requirement
@@ -311,21 +339,21 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: spring-watcher-listen
+  name: capybara
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '2.15'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '2.15'
 - !ruby/object:Gem::Dependency
-  name: spring
+  name: listen
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -339,7 +367,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: listen
+  name: pry
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -353,7 +381,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: web-console
+  name: pry-nav
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -367,7 +395,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: pry
+  name: pry-stack_explorer
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -381,7 +409,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: pry-nav
+  name: spring
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -395,7 +423,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: pry-stack_explorer
+  name: spring-watcher-listen
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -409,19 +437,19 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: capybara
+  name: web-console
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '2.15'
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '2.15'
+        version: '0'
 description: Rails Engine that handles authentication, admin, 2fa, audit tracking,
   with insane configuration abilites
 email:
@@ -438,6 +466,7 @@ files:
 - app/assets/javascripts/rails_base/admin.js
 - app/assets/javascripts/rails_base/application.js
 - app/assets/javascripts/rails_base/mfa_auth.coffee
+- app/assets/javascripts/rails_base/rails_base_query_checker.js
 - app/assets/javascripts/rails_base/secondary_authentication.coffee
 - app/assets/javascripts/rails_base/sessions.js
 - app/assets/javascripts/rails_base/user_settings.coffee
@@ -449,7 +478,11 @@ files:
 - app/assets/stylesheets/rails_base/user_settings.scss
 - app/controllers/rails_base/admin_controller.rb
 - app/controllers/rails_base/errors_controller.rb
-- app/controllers/rails_base/mfa_auth_controller.rb
+- app/controllers/rails_base/mfa/evaluation_controller.rb
+- app/controllers/rails_base/mfa/register/sms_controller.rb
+- app/controllers/rails_base/mfa/register/totp_controller.rb
+- app/controllers/rails_base/mfa/validate/sms_controller.rb
+- app/controllers/rails_base/mfa/validate/totp_controller.rb
 - app/controllers/rails_base/secondary_authentication_controller.rb
 - app/controllers/rails_base/switch_user_controller.rb
 - app/controllers/rails_base/user_settings_controller.rb
@@ -470,9 +503,14 @@ files:
 - app/mailers/rails_base/application_mailer.rb
 - app/mailers/rails_base/email_verification_mailer.rb
 - app/mailers/rails_base/event_mailer.rb
+- app/mailers/rails_base/mailer_kwarg_inject.rb
 - app/models/admin_action.rb
 - app/models/rails_base/application_record.rb
 - app/models/rails_base/user_constants.rb
+- app/models/rails_base/user_helper/totp.rb
+- app/models/rails_base/user_helper/totp/backup_method_options.rb
+- app/models/rails_base/user_helper/totp/class_options.rb
+- app/models/rails_base/user_helper/totp/consume_method_options.rb
 - app/models/secret.rb
 - app/models/short_lived_data.rb
 - app/models/user.rb
@@ -482,11 +520,8 @@ files:
 - app/services/rails_base/authentication/constants.rb
 - app/services/rails_base/authentication/decision_twofa_type.rb
 - app/services/rails_base/authentication/destroy_user.rb
-- app/services/rails_base/authentication/mfa_set_encrypt_token.rb
-- app/services/rails_base/authentication/mfa_validator.rb
 - app/services/rails_base/authentication/modify_password.rb
 - app/services/rails_base/authentication/send_forgot_password.rb
-- app/services/rails_base/authentication/send_login_mfa_to_user.rb
 - app/services/rails_base/authentication/send_verification_email.rb
 - app/services/rails_base/authentication/session_token_verifier.rb
 - app/services/rails_base/authentication/single_sign_on_create.rb
@@ -497,6 +532,21 @@ files:
 - app/services/rails_base/authentication/verify_forgot_password.rb
 - app/services/rails_base/email_change.rb
 - app/services/rails_base/encryption.rb
+- app/services/rails_base/mfa.rb
+- app/services/rails_base/mfa/decision.rb
+- app/services/rails_base/mfa/encrypt_token.rb
+- app/services/rails_base/mfa/sms/remove.rb
+- app/services/rails_base/mfa/sms/send.rb
+- app/services/rails_base/mfa/sms/validate.rb
+- app/services/rails_base/mfa/strategy/base.rb
+- app/services/rails_base/mfa/strategy/every_request.rb
+- app/services/rails_base/mfa/strategy/skip_every_request.rb
+- app/services/rails_base/mfa/strategy/time_based.rb
+- app/services/rails_base/mfa/totp/helper.rb
+- app/services/rails_base/mfa/totp/otp_metadata.rb
+- app/services/rails_base/mfa/totp/remove.rb
+- app/services/rails_base/mfa/totp/validate_code.rb
+- app/services/rails_base/mfa/totp/validate_temporary_code.rb
 - app/services/rails_base/name_change.rb
 - app/services/rails_base/service_base.rb
 - app/services/rails_base/service_logging.rb
@@ -528,10 +578,12 @@ files:
 - app/views/rails_base/errors/not_found.html.erb
 - app/views/rails_base/errors/unacceptable.html.erb
 - app/views/rails_base/event_mailer/event.html.erb
-- app/views/rails_base/mfa_auth/mfa_code.html.erb
+- app/views/rails_base/mfa/_switch_mfa_type.html.erb
+- app/views/rails_base/mfa/validate/sms/sms_event_input.html.erb
+- app/views/rails_base/mfa/validate/totp/totp_event_input.html.erb
 - app/views/rails_base/secondary_authentication/after_email_login_session_new.html.erb
-- app/views/rails_base/secondary_authentication/forgot_password.html.erb
 - app/views/rails_base/secondary_authentication/remove_me.html.erb
+- app/views/rails_base/secondary_authentication/reset_password_input.html.erb
 - app/views/rails_base/secondary_authentication/static.html.erb
 - app/views/rails_base/shared/_admin_actions_modal.html.erb
 - app/views/rails_base/shared/_admin_config_class.html.erb
@@ -556,10 +608,19 @@ files:
 - app/views/rails_base/shared/_mfa_input_layout_fallback.html.erb
 - app/views/rails_base/shared/_modify_mfa_auth_modal.html.erb
 - app/views/rails_base/shared/_password_confirm_javascript.html.erb
+- app/views/rails_base/shared/_request_link_alert.html.erb
 - app/views/rails_base/shared/_reset_password_form.html.erb
 - app/views/rails_base/shared/_session_create_form.html.erb
 - app/views/rails_base/shared/_session_timeout_modal.html.erb
 - app/views/rails_base/shared/_standardized_collapse.html.erb
+- app/views/rails_base/shared/mfa/sms/_login_input.html.erb
+- app/views/rails_base/shared/mfa/totp/_login_input.html.erb
+- app/views/rails_base/shared/totp/_add_authenticator.html.erb
+- app/views/rails_base/shared/totp/_add_authenticator_modal.html.erb
+- app/views/rails_base/shared/totp/_confirm_code.html.erb
+- app/views/rails_base/shared/totp/_confirm_code_ajax.html.erb
+- app/views/rails_base/shared/totp/_confirm_code_rest.html.erb
+- app/views/rails_base/shared/totp/_remove_authenticator_modal.html.erb
 - app/views/rails_base/switch_user/_widget.html.erb
 - app/views/rails_base/user_settings/_confirm_destroy_user.html.erb
 - app/views/rails_base/user_settings/_destroy_user.html.erb
@@ -581,6 +642,8 @@ files:
 - db/migrate/20210212190537_create_rails_base_short_lived_data.rb
 - db/migrate/20210212192645_create_rails_base_secrets.rb
 - db/migrate/20210406015744_create_rails_base_admin_actions.rb
+- db/migrate/20240808013706_add_totp_to_users.rb
+- db/migrate/20240825012724_reconfigure_mfa_variable_names.rb
 - db/seeds.rb
 - lib/link_decision_helper.rb
 - lib/rails_base.rb
@@ -620,8 +683,12 @@ files:
 - lib/rails_base/configuration/owner.rb
 - lib/rails_base/configuration/redis.rb
 - lib/rails_base/configuration/templates.rb
+- lib/rails_base/configuration/totp.rb
+- lib/rails_base/configuration/twilio.rb
 - lib/rails_base/configuration/user.rb
 - lib/rails_base/engine.rb
+- lib/rails_base/mfa_event.rb
+- lib/rails_base/request_link.rb
 - lib/rails_base/switch_user_helper.rb
 - lib/rails_base/version.rb
 - lib/tasks/rails_base_tasks.rake
@@ -637,16 +704,16 @@ require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - "~>"
     - !ruby/object:Gem::Version
-      version: '0'
+      version: '3.2'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.4.19
+rubygems_version: 3.5.9
 signing_key:
 specification_version: 4
 summary: Rails engine that takes care of the stuff you dont want to!

data/app/controllers/rails_base/mfa_auth_controller.rb DELETED Viewed

@@ -1,50 +0,0 @@
-module RailsBase
-  class MfaAuthController < RailsBaseApplicationController
-    before_action :validate_token, only: [:mfa_code, :mfa_code_verify, :resend_mfa]
-    # GET /mfa_verify
-    def mfa_code
-      @masked_phone = User.find(@token_verifier.user_id).masked_phone
-    end
-    # POST /mfa_verify
-    def mfa_code_verify
-      mfa_validity = RailsBase::Authentication::MfaValidator.call(params: params, session_mfa_user_id: @token_verifier.user_id)
-      if mfa_validity.failure?
-        redirect_to(mfa_validity.redirect_url, alert: mfa_validity.message)
-        return
-      end
-      mfa_validity.user.set_last_mfa_login!
-      sign_in(mfa_validity.user)
-      redirect_to RailsBase.url_routes.authenticated_root_path, notice: "Welcome #{mfa_validity.user.full_name}"
-    end
-    # POST /mfa_verify
-    def resend_mfa
-      user = User.find(@token_verifier.user_id)
-      mfa_token = RailsBase::Authentication::SendLoginMfaToUser.call(user: user)
-      if mfa_token.failure?
-        flash[:error] = mfa_token.message
-        session[:mfa_randomized_token] = nil
-        redirect_to RailsBase.url_routes.new_user_session_path, email: params.dig(:user,:email), alert: mfa_token.message
-        return
-      end
-      expired_at = Time.zone.parse(@token_verifier.expires_at)
-      session[:mfa_randomized_token] =
-        RailsBase::Authentication::MfaSetEncryptToken.call(user: user, expires_at: expired_at).encrypted_val
-      redirect_to RailsBase.url_routes.mfa_code_path, notice: "MFA has been sent via SMS to number on file"
-    end
-    def validate_token
-      @token_verifier =
-        RailsBase::Authentication::SessionTokenVerifier.call(mfa_randomized_token: session[:mfa_randomized_token])
-      return if @token_verifier.success?
-      redirect_to RailsBase.url_routes.new_user_session_path, alert: @token_verifier.message
-      return false
-    end
-  end
-end

data/app/services/rails_base/authentication/mfa_set_encrypt_token.rb DELETED Viewed

@@ -1,32 +0,0 @@
-module RailsBase::Authentication
-	class MfaSetEncryptToken < RailsBase::ServiceBase
-		delegate :user, to: :context
-		delegate :expires_at, to: :context
-		delegate :purpose, to: :context
-		def call
-			params = {
-				value: value,
-				purpose: purpose || Constants::MSET_PURPOSE,
-				expires_at: expires_at
-			}
-			context.encrypted_val = RailsBase::Encryption.encode(**params)
-		end
-		def value
-			# user_id with the same expires_at will return the same Encryption token
-			# to overcome this, do 2 things
-			# 1: Rotate the secret on every boot (ensures tplem changes on semi regular basis)
-			# 2: Add rand strings to the hash -- Ensures the token is different every time
-			{ user_id: user.id, rand: rand.to_s, expires_at: expires_at }.to_json
-		end
-		def validate!
-			raise "Expected user to be a User. Received #{user.class}" unless user.is_a? User
-			time_class = ActiveSupport::TimeWithZone
-			raise "Expected expires_at to be a Received #{time_class}. Received #{expires_at.class}" unless expires_at.is_a? time_class
-		end
-	end
-end