rails_simple_auth 1.0.9 → 1.0.11
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +20 -0
- data/lib/rails_simple_auth/configuration.rb +24 -2
- data/lib/rails_simple_auth/engine.rb +3 -0
- data/lib/rails_simple_auth/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 63f51b7959956bc2a4cecb47d58f131fa4e8a54d930d1a3acb29ae9d32602fe9
|
|
4
|
+
data.tar.gz: '0844c3355030f1515b9d14dd5e4fdcbced5972b019bc90deb14f20c3dd6d686f'
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: d54493c3417312b731eaaf3fda92006be4a63e15b2328468b25094cc701f04d3533dd00d4a41b8f7cf47e85e54293993ceaaee0d28059f8f2521b2477b10df87
|
|
7
|
+
data.tar.gz: 6d236f2ba54009287afe7d52aa0f374b3d9f9a09a4579bc6607606036a7ea05233db8bcaa7b8a690135bb8be27c320ea2218ead5bf2539b83e26c49fb651e3fb
|
data/CHANGELOG.md
CHANGED
|
@@ -7,6 +7,26 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|
|
7
7
|
|
|
8
8
|
## [Unreleased]
|
|
9
9
|
|
|
10
|
+
## [1.0.11] - 2026-01-19
|
|
11
|
+
|
|
12
|
+
### Added
|
|
13
|
+
|
|
14
|
+
- **OAuth provider display names** - Configure human-readable names for OAuth buttons
|
|
15
|
+
```ruby
|
|
16
|
+
# Hash format with custom display names
|
|
17
|
+
config.enable_oauth(google_oauth2: "Google", github: "GitHub")
|
|
18
|
+
|
|
19
|
+
# Symbol format still works (backward compatible)
|
|
20
|
+
config.enable_oauth(:google_oauth2, :github)
|
|
21
|
+
```
|
|
22
|
+
- `oauth_provider_display_name(provider)` method returns the display name, falling back to titleized provider name with `_oauth2` suffix removed
|
|
23
|
+
|
|
24
|
+
## [1.0.10] - 2026-01-19
|
|
25
|
+
|
|
26
|
+
### Fixed
|
|
27
|
+
|
|
28
|
+
- **OAuth authenticity token error** - Disabled OmniAuth's `AuthenticityTokenProtection` which was blocking OAuth requests even with valid CSRF tokens. POST-only enforcement already prevents CSRF attacks.
|
|
29
|
+
|
|
10
30
|
## [1.0.9] - 2026-01-19
|
|
11
31
|
|
|
12
32
|
### Added
|
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
|
|
3
3
|
module RailsSimpleAuth
|
|
4
4
|
class Configuration
|
|
5
|
-
attr_accessor :magic_link_enabled, :email_confirmation_enabled, :oauth_enabled, :oauth_providers, :oauth_link_existing_accounts,
|
|
5
|
+
attr_accessor :magic_link_enabled, :email_confirmation_enabled, :oauth_enabled, :oauth_providers, :oauth_provider_names, :oauth_link_existing_accounts,
|
|
6
6
|
:magic_link_expiry, :password_reset_expiry, :confirmation_expiry, :session_expiry,
|
|
7
7
|
:rate_limits,
|
|
8
8
|
:after_sign_in_path, :after_sign_out_path, :after_sign_up_path, :after_confirmation_path,
|
|
@@ -20,6 +20,7 @@ module RailsSimpleAuth
|
|
|
20
20
|
@email_confirmation_enabled = true
|
|
21
21
|
@oauth_enabled = false
|
|
22
22
|
@oauth_providers = []
|
|
23
|
+
@oauth_provider_names = {}
|
|
23
24
|
@oauth_link_existing_accounts = true # Allow OAuth to link to existing email accounts
|
|
24
25
|
|
|
25
26
|
@magic_link_expiry = 15.minutes
|
|
@@ -87,15 +88,36 @@ module RailsSimpleAuth
|
|
|
87
88
|
"Original error: #{e.message}"
|
|
88
89
|
end
|
|
89
90
|
|
|
91
|
+
# Enable OAuth providers with optional display names
|
|
92
|
+
# Usage:
|
|
93
|
+
# enable_oauth(:google_oauth2, :github) # Uses default display names
|
|
94
|
+
# enable_oauth(google_oauth2: "Google", github: "GitHub") # Custom display names
|
|
90
95
|
def enable_oauth(*providers)
|
|
91
96
|
self.oauth_enabled = true
|
|
92
|
-
|
|
97
|
+
|
|
98
|
+
if providers.length == 1 && providers.first.is_a?(Hash)
|
|
99
|
+
# Hash format: { google_oauth2: "Google", github: "GitHub" }
|
|
100
|
+
provider_hash = providers.first
|
|
101
|
+
self.oauth_providers = provider_hash.keys.map(&:to_sym)
|
|
102
|
+
self.oauth_provider_names = provider_hash.transform_keys(&:to_sym)
|
|
103
|
+
else
|
|
104
|
+
# Symbol format: :google_oauth2, :github (backward compatible)
|
|
105
|
+
self.oauth_providers = providers.map(&:to_sym)
|
|
106
|
+
self.oauth_provider_names = {}
|
|
107
|
+
end
|
|
93
108
|
end
|
|
94
109
|
|
|
95
110
|
def oauth_provider_enabled?(provider)
|
|
96
111
|
oauth_enabled && oauth_providers.include?(provider.to_sym)
|
|
97
112
|
end
|
|
98
113
|
|
|
114
|
+
# Get display name for an OAuth provider
|
|
115
|
+
# Falls back to titleized provider name if no custom name is configured
|
|
116
|
+
def oauth_provider_display_name(provider)
|
|
117
|
+
provider_sym = provider.to_sym
|
|
118
|
+
oauth_provider_names[provider_sym] || provider.to_s.gsub(/_oauth2$/, "").titleize
|
|
119
|
+
end
|
|
120
|
+
|
|
99
121
|
def rate_limit_for(action)
|
|
100
122
|
rate_limits&.dig(action.to_sym)
|
|
101
123
|
end
|
|
@@ -24,9 +24,12 @@ module RailsSimpleAuth
|
|
|
24
24
|
end
|
|
25
25
|
|
|
26
26
|
# Secure OmniAuth by default - only allow POST to initiate OAuth (prevents CSRF)
|
|
27
|
+
# Disable OmniAuth's authenticity token protection since POST-only already prevents CSRF
|
|
28
|
+
# and Rails handles CSRF protection at the application level
|
|
27
29
|
initializer 'rails_simple_auth.omniauth', after: :load_config_initializers do
|
|
28
30
|
if defined?(OmniAuth)
|
|
29
31
|
OmniAuth.config.allowed_request_methods = %i[post]
|
|
32
|
+
OmniAuth.config.request_validation_phase = nil
|
|
30
33
|
end
|
|
31
34
|
end
|
|
32
35
|
end
|