rails_simple_auth 1.0.4 → 1.0.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +6 -0
  3. data/README.md +1 -1
  4. data/lib/generators/rails_simple_auth/install/install_generator.rb +7 -7
  5. data/lib/generators/rails_simple_auth/temporary_users/USAGE +2 -2
  6. data/lib/generators/rails_simple_auth/temporary_users/temporary_users_generator.rb +2 -2
  7. data/lib/rails_simple_auth/engine.rb +7 -0
  8. data/lib/rails_simple_auth/version.rb +1 -1
  9. metadata +1 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: fd84335df56b3bc4fbb386f841bfb66bc74eadae1dc3864873bcda904a946cd2
4
- data.tar.gz: 00d31290be4bdccf36c5f9a326896e9506936f6b122f9298f53fabc0aadcd8a3
3
+ metadata.gz: 83fb50e708c25bcd5a7115ae8e0935e9921909580aef97ca6ec585100e410e37
4
+ data.tar.gz: 1b7a3bcef439ad6c38155404562167e487144aeeb292ea4fa9436c5252ad1e9c
5
5
  SHA512:
6
- metadata.gz: 2c0cf144576a950a1aff4a1958197b9ef93a3edc405bf1de36339f3effed3c09087158b821f6e2c7617af9b9ae9b3ef184783b08c9428da0df65d79ac5a2ba3e
7
- data.tar.gz: 0cc8bd3f8ce5094910f25daf12496f1efe6f447d3ee22f3744ad47d7ff4b65ad46209ecd2004fe9024f2fcad85c38efb6478261bd408251f728aad1c2fc89824
6
+ metadata.gz: df759dcc508dca50b40cd1c85a9c8609a80b2c1a8feb71dfc2ea0a06fe48187bb5c57488a67eecce77eb9e099441bb0609524b48d14b288e318ebcf0e4fec12c
7
+ data.tar.gz: f035ac8532d07768a6a4dd5ce7df1eab2454bf4fd49c53734732b0979f68d8280d876bd174576434c7daedd9f793f029d81a6cc0b335a0f6c608bd915c71d71d
data/CHANGELOG.md CHANGED
@@ -7,6 +7,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
7
7
 
8
8
  ## [Unreleased]
9
9
 
10
+ ## [1.0.5] - 2025-01-19
11
+
12
+ ### Added
13
+
14
+ - **Secure OmniAuth by default** - Automatically restricts OAuth initiation to POST requests only (prevents CSRF attacks)
15
+
10
16
  ## [1.0.4] - 2025-01-19
11
17
 
12
18
  ### Added
data/README.md CHANGED
@@ -206,7 +206,7 @@ end
206
206
 
207
207
  ```ruby
208
208
  class User < ApplicationRecord
209
- include RailsSimpleAuth::Models::Concerns::OAuthConnectable
209
+ authenticates_with :oauth
210
210
 
211
211
  def assign_oauth_attributes(auth_hash)
212
212
  self.name = auth_hash.dig("info", "name")
data/lib/generators/rails_simple_auth/install/install_generator.rb CHANGED
@@ -40,15 +40,14 @@ module RailsSimpleAuth
40
40
  say 'Next steps:'
41
41
  say ' 1. Review and edit the migration: db/migrate/xxx_add_rails_simple_auth.rb'
42
42
  say ' 2. Run: rails db:migrate'
43
- say " 3. Add concerns to your #{options[:user_model]} model:"
43
+ say " 3. Add authentication to your #{options[:user_model]} model:"
44
44
  say ''
45
45
  say " class #{options[:user_model]} < ApplicationRecord"
46
- say ' include RailsSimpleAuth::Models::Concerns::Authenticatable'
47
- say ' include RailsSimpleAuth::Models::Concerns::Confirmable # optional'
48
- say ' include RailsSimpleAuth::Models::Concerns::MagicLinkable # optional'
49
- say ' include RailsSimpleAuth::Models::Concerns::OAuthConnectable # optional'
46
+ say ' authenticates_with :confirmable, :magic_linkable'
50
47
  say ' end'
51
48
  say ''
49
+ say ' Available modules: :confirmable, :magic_linkable, :oauth, :temporary'
50
+ say ''
52
51
  say ' 4. Add before_action to protect routes:'
53
52
  say ''
54
53
  say ' class ApplicationController < ActionController::Base'
@@ -56,8 +55,9 @@ module RailsSimpleAuth
56
55
  say ' end'
57
56
  say ''
58
57
  say 'Optional generators:'
59
- say ' rails generate rails_simple_auth:views # Copy views for customization'
60
- say ' rails generate rails_simple_auth:css # Copy CSS for styling'
58
+ say ' rails generate rails_simple_auth:views # Copy views for customization'
59
+ say ' rails generate rails_simple_auth:css # Copy CSS for styling'
60
+ say ' rails generate rails_simple_auth:temporary_users # Add guest account support'
61
61
  say ''
62
62
  end
63
63
  end
data/lib/generators/rails_simple_auth/temporary_users/USAGE CHANGED
@@ -9,8 +9,8 @@ Example:
9
9
  This will create:
10
10
  db/migrate/YYYYMMDDHHMMSS_add_temporary_to_users.rb
11
11
 
12
- After running the migration, include the concern in your User model:
13
- include RailsSimpleAuth::Models::Concerns::TemporaryUser
12
+ After running the migration, add :temporary to your User model:
13
+ authenticates_with :confirmable, :temporary
14
14
 
15
15
  And enable in your initializer:
16
16
  config.temporary_users_enabled = true
data/lib/generators/rails_simple_auth/temporary_users/temporary_users_generator.rb CHANGED
@@ -28,8 +28,8 @@ module RailsSimpleAuth
28
28
  say 'Next steps:', :yellow
29
29
  say ' 1. Run: bin/rails db:migrate'
30
30
  say ''
31
- say ' 2. Include the concern in your User model:'
32
- say ' include RailsSimpleAuth::Models::Concerns::TemporaryUser'
31
+ say ' 2. Add :temporary to your User model:'
32
+ say ' authenticates_with :confirmable, :temporary'
33
33
  say ''
34
34
  say ' 3. Enable in your initializer:'
35
35
  say ' config.temporary_users_enabled = true'
data/lib/rails_simple_auth/engine.rb CHANGED
@@ -22,5 +22,12 @@ module RailsSimpleAuth
22
22
  include RailsSimpleAuth::Model
23
23
  end
24
24
  end
25
+
26
+ # Secure OmniAuth by default - only allow POST to initiate OAuth (prevents CSRF)
27
+ initializer 'rails_simple_auth.omniauth', after: :load_config_initializers do
28
+ if defined?(OmniAuth)
29
+ OmniAuth.config.allowed_request_methods = %i[post]
30
+ end
31
+ end
25
32
  end
26
33
  end
data/lib/rails_simple_auth/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module RailsSimpleAuth
4
- VERSION = '1.0.4'
4
+ VERSION = '1.0.5'
5
5
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rails_simple_auth
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.4
4
+ version: 1.0.5
5
5
  platform: ruby
6
6
  authors:
7
7
  - Ivan Kuznetsov