RubyGems - rails_simple_auth - Versions diffs - 1.0.4 → 1.0.6 - Mend

rails_simple_auth 1.0.4 → 1.0.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: fd84335df56b3bc4fbb386f841bfb66bc74eadae1dc3864873bcda904a946cd2
-  data.tar.gz: 00d31290be4bdccf36c5f9a326896e9506936f6b122f9298f53fabc0aadcd8a3
+  metadata.gz: 4d04d803a06cf6538074412280d1b8b526b227f62433c6e9431adfb52c0a040d
+  data.tar.gz: 86f0719d9a2422895271a8c143856e4fd530f0bb93d2bd6d3f037e22808722a2
 SHA512:
-  metadata.gz: 2c0cf144576a950a1aff4a1958197b9ef93a3edc405bf1de36339f3effed3c09087158b821f6e2c7617af9b9ae9b3ef184783b08c9428da0df65d79ac5a2ba3e
-  data.tar.gz: 0cc8bd3f8ce5094910f25daf12496f1efe6f447d3ee22f3744ad47d7ff4b65ad46209ecd2004fe9024f2fcad85c38efb6478261bd408251f728aad1c2fc89824
+  metadata.gz: 02af0cb35354280587ad5ada2e4ffd9d59ba9ce193b28f56120bb61de550a116a0643a0d61b0d10e870db1da5ff6b2a18fee96431e650d52ef5824d7a2dabaa1
+  data.tar.gz: ef261bb888584b7ad366b0bea4ae253c2d86fd81ae09072b0a39d0d1e4e52492eedf1d1fdd6a8c366500ec3ae7d101d0b452c1965509a7b6bffe236831f972e2

data/CHANGELOG.md CHANGED Viewed

@@ -7,6 +7,22 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ## [Unreleased]
+## [1.0.6] - 2025-01-19
+### Added
+- **Database-level email uniqueness** - Partial unique index ensures permanent users have unique emails at database level (not just Rails validation)
+### Changed
+- Simplified `temporary?` method for cleaner implementation
+## [1.0.5] - 2025-01-19
+### Added
+- **Secure OmniAuth by default** - Automatically restricts OAuth initiation to POST requests only (prevents CSRF attacks)
 ## [1.0.4] - 2025-01-19
 ### Added

data/README.md CHANGED Viewed

@@ -206,7 +206,7 @@ end
 ```ruby
 class User < ApplicationRecord
-  include RailsSimpleAuth::Models::Concerns::OAuthConnectable
+  authenticates_with :oauth
   def assign_oauth_attributes(auth_hash)
     self.name = auth_hash.dig("info", "name")

data/lib/generators/rails_simple_auth/install/install_generator.rb CHANGED Viewed

@@ -40,15 +40,14 @@ module RailsSimpleAuth
         say 'Next steps:'
         say '  1. Review and edit the migration: db/migrate/xxx_add_rails_simple_auth.rb'
         say '  2. Run: rails db:migrate'
-        say "  3. Add concerns to your #{options[:user_model]} model:"
+        say "  3. Add authentication to your #{options[:user_model]} model:"
         say ''
         say "     class #{options[:user_model]} < ApplicationRecord"
-        say '       include RailsSimpleAuth::Models::Concerns::Authenticatable'
-        say '       include RailsSimpleAuth::Models::Concerns::Confirmable      # optional'
-        say '       include RailsSimpleAuth::Models::Concerns::MagicLinkable    # optional'
-        say '       include RailsSimpleAuth::Models::Concerns::OAuthConnectable # optional'
+        say '       authenticates_with :confirmable, :magic_linkable'
         say '     end'
         say ''
+        say '     Available modules: :confirmable, :magic_linkable, :oauth, :temporary'
+        say ''
         say '  4. Add before_action to protect routes:'
         say ''
         say '     class ApplicationController < ActionController::Base'
@@ -56,8 +55,9 @@ module RailsSimpleAuth
         say '     end'
         say ''
         say 'Optional generators:'
-        say '  rails generate rails_simple_auth:views  # Copy views for customization'
-        say '  rails generate rails_simple_auth:css    # Copy CSS for styling'
+        say '  rails generate rails_simple_auth:views           # Copy views for customization'
+        say '  rails generate rails_simple_auth:css             # Copy CSS for styling'
+        say '  rails generate rails_simple_auth:temporary_users # Add guest account support'
         say ''
       end
     end

data/lib/generators/rails_simple_auth/temporary_users/USAGE CHANGED Viewed

@@ -9,8 +9,8 @@ Example:
     This will create:
         db/migrate/YYYYMMDDHHMMSS_add_temporary_to_users.rb
-    After running the migration, include the concern in your User model:
-        include RailsSimpleAuth::Models::Concerns::TemporaryUser
+    After running the migration, add :temporary to your User model:
+        authenticates_with :confirmable, :temporary
     And enable in your initializer:
         config.temporary_users_enabled = true

data/lib/generators/rails_simple_auth/temporary_users/templates/add_temporary_to_users.rb.erb CHANGED Viewed

@@ -4,5 +4,6 @@ class AddTemporaryToUsers < ActiveRecord::Migration[<%= Rails::VERSION::MAJOR %>
   def change
     add_column :users, :temporary, :boolean, default: false, null: false
     add_index :users, [:temporary, :created_at], name: "index_users_on_temporary_and_created_at"
+    add_index :users, :email_address, unique: true, where: "temporary = false", name: "index_users_on_email_address_permanent_unique"
   end
 end

data/lib/generators/rails_simple_auth/temporary_users/temporary_users_generator.rb CHANGED Viewed

@@ -28,8 +28,8 @@ module RailsSimpleAuth
         say 'Next steps:', :yellow
         say '  1. Run: bin/rails db:migrate'
         say ''
-        say '  2. Include the concern in your User model:'
-        say '     include RailsSimpleAuth::Models::Concerns::TemporaryUser'
+        say '  2. Add :temporary to your User model:'
+        say '     authenticates_with :confirmable, :temporary'
         say ''
         say '  3. Enable in your initializer:'
         say '     config.temporary_users_enabled = true'

data/lib/rails_simple_auth/controllers/concerns/session_management.rb CHANGED Viewed

@@ -58,7 +58,7 @@ module RailsSimpleAuth
             temp_user.destroy!
           end
-          Rails.logger.info("[RailsSimpleAuth] Destroyed temporary user #{temp_user_id} on sign in")
+          Rails.logger.info "[RailsSimpleAuth] Destroyed temporary user #{temp_user_id} on sign in"
         rescue ActiveRecord::RecordNotDestroyed => e
           Rails.logger.error("[RailsSimpleAuth] Failed to destroy temporary user #{temp_user_id}: #{e.message}")
         end

data/lib/rails_simple_auth/engine.rb CHANGED Viewed

@@ -22,5 +22,12 @@ module RailsSimpleAuth
         include RailsSimpleAuth::Model
       end
     end
+    # Secure OmniAuth by default - only allow POST to initiate OAuth (prevents CSRF)
+    initializer 'rails_simple_auth.omniauth', after: :load_config_initializers do
+      if defined?(OmniAuth)
+        OmniAuth.config.allowed_request_methods = %i[post]
+      end
+    end
   end
 end

data/lib/rails_simple_auth/models/concerns/temporary_user.rb CHANGED Viewed

@@ -18,7 +18,7 @@ module RailsSimpleAuth
         end
         def temporary?
-          temporary == true
+          temporary
         end
         def permanent?

data/lib/rails_simple_auth/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module RailsSimpleAuth
-  VERSION = '1.0.4'
+  VERSION = '1.0.6'
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rails_simple_auth
 version: !ruby/object:Gem::Version
-  version: 1.0.4
+  version: 1.0.6
 platform: ruby
 authors:
 - Ivan Kuznetsov