rodauth-rails 1.6.2 → 1.6.3

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: f29cbaceb49208cac659dd31cbfcb874bf0df2c3b6b0133680f75904ab07a578
4
- data.tar.gz: 2c9c7ed9e5d91428f15058274c0896298402e93d22a94c90c7d127e33699a1a7
3
+ metadata.gz: e133150815312f4fec4d4c03685b7a762b285860f72cd4594c5d034b58c8d37f
4
+ data.tar.gz: 10623324c6d20a69973f48faf950563d76ddffa1eb70f39cf82872b1318042ee
5
5
  SHA512:
6
- metadata.gz: 546070f740b95f26d8f29b632672339215383737e9b6497c64d613c3c07929052477022a4e70051254d267a037c7b794448674aa99927d26edb4322cf274f778
7
- data.tar.gz: 638ecc60b072197c490180a8241ed5af02ed3d6114f3cf5aa2e621ced9296e175d6d5b579543e43d23283164d3193551eb68efd54b2ef3b68cb79f49462397d8
6
+ metadata.gz: a8b8d22356e108f7e7a6a4025958639546e2fd957a1115f5faf3faf187c136072c7aac1ab130e04a925637a77c31b99326c92d6e43cbc363b6bba3a89188718d
7
+ data.tar.gz: a5b40c767d34b94f8485d61cb0bd45021108ce927ee16892e72c2095c31a7091c75229bfd971f029227e5a24355de4f090cb75f5d974be9b7c267a5032e2e7c8
data/CHANGELOG.md CHANGED
@@ -1,3 +1,13 @@
1
+ ## 1.6.3 (2022-11-15)
2
+
3
+ * Suggest passing an integer to `verify_account_grace_period` instead of `ActiveSupport::Duration` (@vlado)
4
+
5
+ * Use `pass` plugin for forwarding other `{prefix}/*` requests when automatically routing the prefix (@janko)
6
+
7
+ * Set minimum password length to 8 in the generated configuration, as per OWASP recommendation (@janko)
8
+
9
+ * Set maximum password bytesize to 72 in the generated configuration, as bcrypt truncates inputs longer than 72 bytes (@janko)
10
+
1
11
  ## 1.6.2 (2022-09-19)
2
12
 
3
13
  * Use matching precision for current timestamp default values in Active Record 7.0+ migrations on MySQL (@janko)
data/README.md CHANGED
@@ -48,19 +48,12 @@ Active Record's database connection][sequel-activerecord_connection].
48
48
 
49
49
  ## Installation
50
50
 
51
- Add the gem to your Gemfile:
51
+ Add the gem to your project:
52
52
 
53
- ```rb
54
- gem "rodauth-rails", "~> 1.0"
55
-
56
- # gem "jwt", require: false # for JWT feature
57
- # gem "rotp", require: false # for OTP feature
58
- # gem "rqrcode", require: false # for OTP feature
59
- # gem "webauthn", require: false # for WebAuthn feature
53
+ ```sh
54
+ $ bundle add rodauth-rails
60
55
  ```
61
56
 
62
- Then run `bundle install`.
63
-
64
57
  Next, run the install generator:
65
58
 
66
59
  ```sh
@@ -143,36 +136,44 @@ authentication experience, and the forms use [Bootstrap] markup.
143
136
 
144
137
  ### Current account
145
138
 
146
- The `#current_account` method is defined in controllers and views, which
147
- returns the model instance of the currently logged in account. If the account
148
- doesn't exist in the database, the session will be cleared.
139
+ The Rodauth object defines a `#rails_account` method, which returns a model
140
+ instance of the currently logged in account. You can create a helper method for
141
+ easy access from controllers and views:
149
142
 
150
143
  ```rb
151
- current_account #=> #<Account id=123 email="user@example.com">
152
- current_account.email #=> "user@example.com"
153
- ```
144
+ class ApplicationController < ActionController::Base
145
+ private
154
146
 
155
- Pass the configuration name to retrieve accounts belonging to other Rodauth
156
- configurations:
147
+ def current_account
148
+ rodauth.rails_account
149
+ end
150
+ helper_method :current_account # skip if inheriting from ActionController::API
151
+ end
152
+ ```
157
153
 
158
154
  ```rb
159
- current_account(:admin)
155
+ current_account #=> #<Account id=123 email="user@example.com">
156
+ current_account.email #=> "user@example.com"
160
157
  ```
161
158
 
162
- This just delegates to the `#rails_account` method on the Rodauth object.
159
+ If the session is logged in, but the account doesn't exist in the database, the
160
+ session will be reset.
163
161
 
164
162
  #### Custom account model
165
163
 
166
- The `#current_account` method will try to infer the account model class from
167
- the configured table name. If that fails, you can set the account model
168
- manually:
164
+ The `#rails_account` method will try to infer the account model class from
165
+ the configured table name. For example, if the `accounts_table` is set to
166
+ `:users`, it will automatically assume the model class of `User`.
167
+
168
+ However, if the model class cannot be inferred from the table name, you can
169
+ configure it manually:
169
170
 
170
171
  ```rb
171
172
  # app/misc/rodauth_main.rb
172
173
  class RodauthMain < Rodauth::Rails::Auth
173
174
  configure do
174
175
  # ...
175
- rails_account_model Authentication::Account # custom model name
176
+ rails_account_model { Authentication::Account } # custom model name
176
177
  end
177
178
  end
178
179
  ```
@@ -526,7 +527,7 @@ handles both storing the password hash in a column on the accounts table, or in
526
527
  a separate table.
527
528
 
528
529
  ```rb
529
- account = Account.create!(email: "user@example.com", password: "secret")
530
+ account = Account.create!(email: "user@example.com", password: "secret123")
530
531
 
531
532
  # when password hash is stored in a column on the accounts table
532
533
  account.password_hash #=> "$2a$12$k/Ub1I2iomi84RacqY89Hu4.M0vK7klRnRtzorDyvOkVI.hKhkNw."
@@ -649,7 +650,7 @@ end
649
650
  ```
650
651
  ```rb
651
652
  # primary configuration
652
- RodauthApp.rodauth.create_account(login: "user@example.com", password: "secret")
653
+ RodauthApp.rodauth.create_account(login: "user@example.com", password: "secret123")
653
654
  RodauthApp.rodauth.verify_account(account_login: "user@example.com")
654
655
 
655
656
  # secondary configuration
@@ -744,7 +745,7 @@ class ArticlesControllerTest < ActionController::TestCase
744
745
  assert_redirected_to "/login"
745
746
  assert_equal "Please login to continue", flash[:alert]
746
747
 
747
- account = Account.create!(email: "user@example.com", password: "secret", status: "verified")
748
+ account = Account.create!(email: "user@example.com", password: "secret123", status: "verified")
748
749
  login(account)
749
750
 
750
751
  get :index
@@ -40,6 +40,11 @@ class RodauthMain < Rodauth::Rails::Auth
40
40
  # Store password hash in a column instead of a separate table.
41
41
  account_password_hash_column :password_hash
42
42
 
43
+ # Passwords shorter than 8 characters are considered weak according to OWASP.
44
+ password_minimum_length 8
45
+ # bcrypt has a maximum input length of 72 bytes, truncating any extra bytes.
46
+ password_maximum_bytes 72
47
+
43
48
  # Set password when creating account instead of when verifying.
44
49
  verify_account_set_password? false
45
50
 
@@ -150,7 +155,7 @@ class RodauthMain < Rodauth::Rails::Auth
150
155
 
151
156
  # ==> Deadlines
152
157
  # Change default deadlines for some actions.
153
- # verify_account_grace_period 3.days
158
+ # verify_account_grace_period 3.days.to_i
154
159
  # reset_password_deadline_interval Hash[hours: 6]
155
160
  # verify_login_change_deadline_interval Hash[days: 2]
156
161
  <% unless jwt? -%>
@@ -19,6 +19,7 @@ module Rodauth
19
19
 
20
20
  plugin :hooks
21
21
  plugin :render, layout: false
22
+ plugin :pass
22
23
 
23
24
  def self.configure(*args, **options, &block)
24
25
  auth_class = args.shift if args[0].is_a?(Class)
@@ -30,6 +31,7 @@ module Rodauth
30
31
 
31
32
  plugin :rodauth, auth_class: auth_class, name: name, csrf: false, flash: false, json: true, **options, &block
32
33
 
34
+ # we need to do it after request methods from rodauth have been included
33
35
  self::RodaRequest.include RequestMethods
34
36
  end
35
37
 
@@ -66,13 +68,15 @@ module Rodauth
66
68
  end
67
69
 
68
70
  module RequestMethods
71
+ # Automatically route the prefix if it hasn't been routed already. This
72
+ # way people only have to update prefix in their Rodauth configurations.
69
73
  def rodauth(name = nil)
70
74
  prefix = scope.rodauth(name).prefix
71
75
 
72
76
  if prefix.present? && remaining_path == path_info
73
77
  on prefix[1..-1] do
74
78
  super
75
- break # forward other `{prefix}/*` requests to the rails router
79
+ pass # forward other {prefix}/* requests downstream
76
80
  end
77
81
  else
78
82
  super
@@ -1,11 +1,15 @@
1
+ require "active_support/concern"
2
+
1
3
  module Rodauth
2
4
  module Rails
3
5
  module Feature
4
6
  module Base
5
- def self.included(feature)
6
- feature.auth_methods :rails_controller
7
- feature.auth_value_methods :rails_account_model
8
- feature.auth_cached_method :rails_controller_instance
7
+ extend ActiveSupport::Concern
8
+
9
+ included do
10
+ auth_methods :rails_controller
11
+ auth_value_methods :rails_account_model
12
+ auth_cached_method :rails_controller_instance
9
13
  end
10
14
 
11
15
  def rails_account
@@ -2,6 +2,8 @@ module Rodauth
2
2
  module Rails
3
3
  module Feature
4
4
  module Callbacks
5
+ extend ActiveSupport::Concern
6
+
5
7
  private
6
8
 
7
9
  def _around_rodauth
@@ -2,8 +2,10 @@ module Rodauth
2
2
  module Rails
3
3
  module Feature
4
4
  module Csrf
5
- def self.included(feature)
6
- feature.auth_methods(
5
+ extend ActiveSupport::Concern
6
+
7
+ included do
8
+ auth_methods(
7
9
  :rails_csrf_tag,
8
10
  :rails_csrf_param,
9
11
  :rails_csrf_token,
@@ -2,8 +2,10 @@ module Rodauth
2
2
  module Rails
3
3
  module Feature
4
4
  module Email
5
- def self.included(feature)
6
- feature.depends :email_base
5
+ extend ActiveSupport::Concern
6
+
7
+ included do
8
+ depends :email_base
7
9
  end
8
10
 
9
11
  private
@@ -2,6 +2,8 @@ module Rodauth
2
2
  module Rails
3
3
  module Feature
4
4
  module Instrumentation
5
+ extend ActiveSupport::Concern
6
+
5
7
  private
6
8
 
7
9
  def _around_rodauth
@@ -2,6 +2,8 @@ module Rodauth
2
2
  module Rails
3
3
  module Feature
4
4
  module InternalRequest
5
+ extend ActiveSupport::Concern
6
+
5
7
  def domain
6
8
  return super unless missing_host? && rails_url_options
7
9
 
@@ -2,8 +2,10 @@ module Rodauth
2
2
  module Rails
3
3
  module Feature
4
4
  module Render
5
- def self.included(feature)
6
- feature.auth_methods :rails_render
5
+ extend ActiveSupport::Concern
6
+
7
+ included do
8
+ auth_methods :rails_render
7
9
  end
8
10
 
9
11
  # Renders templates with layout. First tries to render a user-defined
@@ -1,5 +1,5 @@
1
1
  module Rodauth
2
2
  module Rails
3
- VERSION = "1.6.2"
3
+ VERSION = "1.6.3"
4
4
  end
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rodauth-rails
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.6.2
4
+ version: 1.6.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - Janko Marohnić
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-09-19 00:00:00.000000000 Z
11
+ date: 2022-11-15 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: railties