reputable 0.1.7 → 0.1.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +26 -1
- data/lib/reputable/rails.rb +72 -0
- data/lib/reputable/version.rb +1 -1
- data/lib/reputable.rb +1 -0
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 0b987ffa68c839c4a7d7a288fbe89f530eebeed3ba7f793ae7f9dc99ffa09063
|
|
4
|
+
data.tar.gz: 4d83e36696d0b1164958dc32be975f4b18dbdc9e2d67e25e586cbdced3c690f3
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: a89be2adeabee55f6ef8599dff51e6fbdff659de9cc7657b1d82ae61e14d61a52985533f067939500f89b19e36b844be4baf9b882d2926f29c7d899b5da6fa1a
|
|
7
|
+
data.tar.gz: bb16577e080d26d0ba106e8dbbc777b48b030c1bdc83bae5fba75df56f06db46557a0aa92318e9e82e7f04722065e0f3b7fb28adcf80dd400b9f3810e14b84a2
|
data/README.md
CHANGED
|
@@ -305,6 +305,31 @@ rep = current_ip_reputation
|
|
|
305
305
|
# => { status: 'trusted_verified', reason: 'payment', ... }
|
|
306
306
|
```
|
|
307
307
|
|
|
308
|
+
### Verification Redirect Helpers
|
|
309
|
+
|
|
310
|
+
```ruby
|
|
311
|
+
class SessionsController < ApplicationController
|
|
312
|
+
def new
|
|
313
|
+
require_reputable_verification!
|
|
314
|
+
# If verified, continue
|
|
315
|
+
end
|
|
316
|
+
end
|
|
317
|
+
```
|
|
318
|
+
|
|
319
|
+
Optional args:
|
|
320
|
+
- `return_url` (default: `request.original_url`)
|
|
321
|
+
- `failure_url` (default: API `/verify/failure` page)
|
|
322
|
+
- `session_id` (default: `session.id`)
|
|
323
|
+
- `force_challenge` (default: `false`)
|
|
324
|
+
- `session_key` (default: `:reputable_verified_at`)
|
|
325
|
+
|
|
326
|
+
You can check or clear the session flag:
|
|
327
|
+
|
|
328
|
+
```ruby
|
|
329
|
+
reputable_verified?
|
|
330
|
+
clear_reputable_verification!
|
|
331
|
+
```
|
|
332
|
+
|
|
308
333
|
---
|
|
309
334
|
|
|
310
335
|
## Manual API Usage
|
|
@@ -391,7 +416,7 @@ end
|
|
|
391
416
|
|
|
392
417
|
**Options:**
|
|
393
418
|
- `return_url` (required): Where to redirect after successful verification
|
|
394
|
-
- `failure_url` (optional): Where to redirect on failure (defaults to
|
|
419
|
+
- `failure_url` (optional): Where to redirect on failure (defaults to API `/verify/failure` page)
|
|
395
420
|
- `session_id` (optional): Bind verification to a specific session
|
|
396
421
|
- `force_challenge` (optional): If `true`, always show CAPTCHA even for trusted users. Useful for testing the challenge flow.
|
|
397
422
|
|
data/lib/reputable/rails.rb
CHANGED
|
@@ -7,6 +7,10 @@ module Reputable
|
|
|
7
7
|
module ControllerHelpers
|
|
8
8
|
extend ActiveSupport::Concern
|
|
9
9
|
|
|
10
|
+
included do
|
|
11
|
+
helper_method :reputable_verified? if respond_to?(:helper_method)
|
|
12
|
+
end
|
|
13
|
+
|
|
10
14
|
# Track the current request with optional extra tags
|
|
11
15
|
def track_reputable_request(tags: [], **options)
|
|
12
16
|
Reputable::Tracker.track_request(
|
|
@@ -81,6 +85,74 @@ module Reputable
|
|
|
81
85
|
def current_ip_status
|
|
82
86
|
Reputable::Reputation.lookup_ip(request.remote_ip)
|
|
83
87
|
end
|
|
88
|
+
|
|
89
|
+
# ========================================
|
|
90
|
+
# Verification redirect helpers
|
|
91
|
+
# ========================================
|
|
92
|
+
|
|
93
|
+
# Check if the current session has already passed verification
|
|
94
|
+
# @param session_key [Symbol]
|
|
95
|
+
# @return [Boolean]
|
|
96
|
+
def reputable_verified?(session_key: :reputable_verified_at)
|
|
97
|
+
session[session_key].present?
|
|
98
|
+
end
|
|
99
|
+
|
|
100
|
+
# Clear verification status for the current session
|
|
101
|
+
# @param session_key [Symbol]
|
|
102
|
+
def clear_reputable_verification!(session_key: :reputable_verified_at)
|
|
103
|
+
session.delete(session_key)
|
|
104
|
+
end
|
|
105
|
+
|
|
106
|
+
# Enforce verification redirect flow.
|
|
107
|
+
# - If already verified in this session, returns immediately.
|
|
108
|
+
# - If returning with signature, validates and marks session.
|
|
109
|
+
# - Otherwise redirects to verification URL.
|
|
110
|
+
#
|
|
111
|
+
# @param return_url [String] URL to return to after verification
|
|
112
|
+
# @param failure_url [String] URL to return to on failure/invalid token
|
|
113
|
+
# @param session_id [String] Optional session id to link
|
|
114
|
+
# @param force_challenge [Boolean] Force challenge even if trusted
|
|
115
|
+
# @param session_key [Symbol] Session key used to store verified state
|
|
116
|
+
def require_reputable_verification!(
|
|
117
|
+
return_url: request.original_url,
|
|
118
|
+
failure_url: nil,
|
|
119
|
+
session_id: session.id,
|
|
120
|
+
force_challenge: false,
|
|
121
|
+
session_key: :reputable_verified_at
|
|
122
|
+
)
|
|
123
|
+
return if reputable_verified?(session_key: session_key)
|
|
124
|
+
|
|
125
|
+
if params[:reputable_signature]
|
|
126
|
+
if Reputable.verify_redirect_return(params)
|
|
127
|
+
if params[:reputable_status] == "pass"
|
|
128
|
+
session[session_key] = Time.now.to_i
|
|
129
|
+
return
|
|
130
|
+
end
|
|
131
|
+
|
|
132
|
+
redirect_to failure_url and return
|
|
133
|
+
else
|
|
134
|
+
render plain: "Verification failed", status: 403 and return
|
|
135
|
+
end
|
|
136
|
+
end
|
|
137
|
+
|
|
138
|
+
redirect_to reputable_verification_url(
|
|
139
|
+
return_url: return_url,
|
|
140
|
+
failure_url: failure_url,
|
|
141
|
+
session_id: session_id,
|
|
142
|
+
force_challenge: force_challenge
|
|
143
|
+
) and return
|
|
144
|
+
end
|
|
145
|
+
|
|
146
|
+
private
|
|
147
|
+
|
|
148
|
+
def reputable_verification_url(return_url:, failure_url:, session_id:, force_challenge:)
|
|
149
|
+
Reputable.verification_url(
|
|
150
|
+
return_url: return_url,
|
|
151
|
+
failure_url: failure_url,
|
|
152
|
+
session_id: session_id,
|
|
153
|
+
force_challenge: force_challenge
|
|
154
|
+
)
|
|
155
|
+
end
|
|
84
156
|
end
|
|
85
157
|
|
|
86
158
|
# Railtie for automatic Rails integration (only defined when Rails is present)
|
data/lib/reputable/version.rb
CHANGED
data/lib/reputable.rb
CHANGED
|
@@ -145,6 +145,7 @@ module Reputable
|
|
|
145
145
|
# Ensure base_url doesn't have a trailing slash, then append the verify path
|
|
146
146
|
base_url = base_url.chomp("/")
|
|
147
147
|
verify_url = "#{base_url}/_reputable/verify"
|
|
148
|
+
failure_url ||= "#{base_url}/_reputable/verify/failure"
|
|
148
149
|
|
|
149
150
|
# JWT Header
|
|
150
151
|
header = { alg: "HS256", typ: "JWT" }
|