sorcery 0.11.0 → 0.16.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/.github/ISSUE_TEMPLATE.md +20 -0
- data/.github/PULL_REQUEST_TEMPLATE.md +5 -0
- data/.github/workflows/ruby.yml +23 -0
- data/.rubocop.yml +55 -0
- data/.rubocop_todo.yml +155 -0
- data/.travis.yml +11 -51
- data/CHANGELOG.md +75 -0
- data/CODE_OF_CONDUCT.md +14 -0
- data/Gemfile +2 -2
- data/{LICENSE.txt → LICENSE.md} +1 -1
- data/README.md +34 -7
- data/SECURITY.md +18 -0
- data/gemfiles/rails_52.gemfile +7 -0
- data/gemfiles/rails_60.gemfile +7 -0
- data/lib/generators/sorcery/USAGE +1 -1
- data/lib/generators/sorcery/helpers.rb +4 -0
- data/lib/generators/sorcery/install_generator.rb +21 -21
- data/lib/generators/sorcery/templates/initializer.rb +176 -69
- data/lib/generators/sorcery/templates/migration/activity_logging.rb +5 -5
- data/lib/generators/sorcery/templates/migration/brute_force_protection.rb +4 -4
- data/lib/generators/sorcery/templates/migration/core.rb +4 -4
- data/lib/generators/sorcery/templates/migration/external.rb +3 -3
- data/lib/generators/sorcery/templates/migration/magic_login.rb +9 -0
- data/lib/generators/sorcery/templates/migration/remember_me.rb +3 -3
- data/lib/generators/sorcery/templates/migration/reset_password.rb +5 -4
- data/lib/generators/sorcery/templates/migration/user_activation.rb +4 -4
- data/lib/sorcery.rb +2 -0
- data/lib/sorcery/adapters/active_record_adapter.rb +4 -3
- data/lib/sorcery/adapters/mongoid_adapter.rb +23 -11
- data/lib/sorcery/controller.rb +26 -15
- data/lib/sorcery/controller/config.rb +7 -5
- data/lib/sorcery/controller/submodules/activity_logging.rb +9 -3
- data/lib/sorcery/controller/submodules/external.rb +52 -33
- data/lib/sorcery/controller/submodules/http_basic_auth.rb +2 -0
- data/lib/sorcery/controller/submodules/remember_me.rb +3 -8
- data/lib/sorcery/controller/submodules/session_timeout.rb +28 -5
- data/lib/sorcery/crypto_providers/aes256.rb +2 -1
- data/lib/sorcery/crypto_providers/bcrypt.rb +8 -2
- data/lib/sorcery/engine.rb +16 -3
- data/lib/sorcery/model.rb +14 -10
- data/lib/sorcery/model/config.rb +12 -4
- data/lib/sorcery/model/submodules/brute_force_protection.rb +6 -7
- data/lib/sorcery/model/submodules/external.rb +19 -3
- data/lib/sorcery/model/submodules/magic_login.rb +130 -0
- data/lib/sorcery/model/submodules/reset_password.rb +25 -2
- data/lib/sorcery/model/submodules/user_activation.rb +1 -1
- data/lib/sorcery/model/temporary_token.rb +3 -1
- data/lib/sorcery/protocols/oauth.rb +1 -0
- data/lib/sorcery/providers/auth0.rb +46 -0
- data/lib/sorcery/providers/battlenet.rb +51 -0
- data/lib/sorcery/providers/discord.rb +52 -0
- data/lib/sorcery/providers/heroku.rb +1 -0
- data/lib/sorcery/providers/instagram.rb +73 -0
- data/lib/sorcery/providers/line.rb +63 -0
- data/lib/sorcery/providers/linkedin.rb +45 -36
- data/lib/sorcery/providers/vk.rb +5 -4
- data/lib/sorcery/providers/wechat.rb +8 -6
- data/lib/sorcery/test_helpers/internal.rb +5 -4
- data/lib/sorcery/test_helpers/internal/rails.rb +11 -11
- data/lib/sorcery/test_helpers/rails/request.rb +20 -0
- data/lib/sorcery/version.rb +1 -1
- data/sorcery.gemspec +26 -10
- data/spec/active_record/user_activation_spec.rb +2 -2
- data/spec/active_record/user_activity_logging_spec.rb +2 -2
- data/spec/active_record/user_brute_force_protection_spec.rb +2 -2
- data/spec/active_record/user_magic_login_spec.rb +15 -0
- data/spec/active_record/user_oauth_spec.rb +2 -2
- data/spec/active_record/user_remember_me_spec.rb +2 -2
- data/spec/active_record/user_reset_password_spec.rb +2 -2
- data/spec/active_record/user_spec.rb +0 -10
- data/spec/controllers/controller_http_basic_auth_spec.rb +1 -1
- data/spec/controllers/controller_oauth2_spec.rb +230 -123
- data/spec/controllers/controller_oauth_spec.rb +13 -7
- data/spec/controllers/controller_remember_me_spec.rb +16 -8
- data/spec/controllers/controller_session_timeout_spec.rb +90 -3
- data/spec/controllers/controller_spec.rb +13 -3
- data/spec/orm/active_record.rb +2 -2
- data/spec/providers/example_provider_spec.rb +17 -0
- data/spec/providers/example_spec.rb +17 -0
- data/spec/providers/vk_spec.rb +42 -0
- data/spec/rails_app/app/assets/config/manifest.js +1 -0
- data/spec/rails_app/app/controllers/application_controller.rb +2 -0
- data/spec/rails_app/app/controllers/sorcery_controller.rb +152 -33
- data/spec/rails_app/app/mailers/sorcery_mailer.rb +7 -0
- data/spec/rails_app/app/views/sorcery_mailer/magic_login_email.html.erb +13 -0
- data/spec/rails_app/app/views/sorcery_mailer/magic_login_email.text.erb +6 -0
- data/spec/rails_app/config/application.rb +8 -3
- data/spec/rails_app/config/boot.rb +1 -1
- data/spec/rails_app/config/environment.rb +1 -1
- data/spec/rails_app/config/routes.rb +17 -0
- data/spec/rails_app/config/secrets.yml +4 -0
- data/spec/rails_app/db/migrate/activity_logging/20101224223624_add_activity_logging_to_users.rb +2 -2
- data/spec/rails_app/db/migrate/invalidate_active_sessions/20180221093235_add_invalidate_active_sessions_before_to_users.rb +9 -0
- data/spec/rails_app/db/migrate/magic_login/20170924151831_add_magic_login_to_users.rb +17 -0
- data/spec/rails_app/db/migrate/reset_password/20101224223622_add_reset_password_to_users.rb +2 -0
- data/spec/rails_app/db/schema.rb +7 -9
- data/spec/shared_examples/user_magic_login_shared_examples.rb +150 -0
- data/spec/shared_examples/user_oauth_shared_examples.rb +1 -1
- data/spec/shared_examples/user_remember_me_shared_examples.rb +1 -1
- data/spec/shared_examples/user_reset_password_shared_examples.rb +37 -5
- data/spec/shared_examples/user_shared_examples.rb +104 -43
- data/spec/sorcery_crypto_providers_spec.rb +61 -1
- data/spec/sorcery_temporary_token_spec.rb +27 -0
- data/spec/spec.opts +1 -1
- data/spec/spec_helper.rb +2 -2
- data/spec/support/migration_helper.rb +29 -0
- data/spec/support/providers/example.rb +11 -0
- data/spec/support/providers/example_provider.rb +11 -0
- metadata +92 -29
- data/gemfiles/active_record-rails40.gemfile +0 -7
- data/gemfiles/active_record-rails41.gemfile +0 -7
- data/gemfiles/active_record-rails42.gemfile +0 -7
- data/spec/rails_app/config/initializers/secret_token.rb +0 -7
data/Gemfile
CHANGED
data/{LICENSE.txt → LICENSE.md}
RENAMED
data/README.md
CHANGED
@@ -3,7 +3,6 @@
|
|
3
3
|
[![Gem Version](https://badge.fury.io/rb/sorcery.svg)](https://rubygems.org/gems/sorcery)
|
4
4
|
[![Gem Downloads](https://img.shields.io/gem/dt/sorcery.svg)](https://rubygems.org/gems/sorcery)
|
5
5
|
[![Build Status](https://travis-ci.org/Sorcery/sorcery.svg?branch=master)](https://travis-ci.org/Sorcery/sorcery)
|
6
|
-
[![Dependency Status](https://gemnasium.com/badges/github.com/Sorcery/sorcery.svg)](https://gemnasium.com/github.com/Sorcery/sorcery)
|
7
6
|
[![Code Climate](https://codeclimate.com/github/Sorcery/sorcery.svg)](https://codeclimate.com/github/Sorcery/sorcery)
|
8
7
|
[![Inline docs](http://inch-ci.org/github/Sorcery/sorcery.svg?branch=master)](http://inch-ci.org/github/Sorcery/sorcery)
|
9
8
|
[![Join the chat at https://gitter.im/Sorcery/sorcery](https://badges.gitter.im/join_chat.svg)](https://gitter.im/Sorcery/sorcery?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
|
@@ -22,6 +21,18 @@ Sorcery is a stripped-down, bare-bones authentication library, with which you ca
|
|
22
21
|
- Configuration over Confusion - Centralized (1 file), Simple & short configuration as possible, not drowning in syntactic sugar.
|
23
22
|
- Keep MVC cleanly separated - DB is for models, sessions are for controllers. Models stay unaware of sessions.
|
24
23
|
|
24
|
+
## Table of Contents
|
25
|
+
|
26
|
+
1. [Useful Links](#useful-links)
|
27
|
+
2. [API Summary](#api-summary)
|
28
|
+
3. [Installation](#installation)
|
29
|
+
4. [Configuration](#configuration)
|
30
|
+
5. [Full Features List by Module](#full-features-list-by-module)
|
31
|
+
6. [Planned Features](#planned-features)
|
32
|
+
7. [Contributing](#contributing)
|
33
|
+
8. [Contact](#contact)
|
34
|
+
9. [License](#license)
|
35
|
+
|
25
36
|
## Useful Links
|
26
37
|
|
27
38
|
- [Documentation](http://rubydoc.info/gems/sorcery)
|
@@ -70,6 +81,7 @@ require_login_from_http_basic # This is a before action
|
|
70
81
|
login_at(provider) # Sends the user to an external service (Facebook, Twitter, etc.) to authenticate
|
71
82
|
login_from(provider) # Tries to login from the external provider's callback
|
72
83
|
create_from(provider) # Create the user in the local app database
|
84
|
+
build_from(provider) # Build user instance using user_info_mappings
|
73
85
|
```
|
74
86
|
|
75
87
|
### Remember Me
|
@@ -87,7 +99,14 @@ force_forget_me! # Forgets all sessions by clearing the token, even if remember_
|
|
87
99
|
User.load_from_reset_password_token(token)
|
88
100
|
@user.generate_reset_password_token! # Use if you want to send the email by yourself
|
89
101
|
@user.deliver_reset_password_instructions! # Generates the token and sends the email
|
90
|
-
@user.change_password
|
102
|
+
@user.change_password(new_password)
|
103
|
+
@user.change_password!(new_password) # Same as change_password but raises exception on save
|
104
|
+
```
|
105
|
+
|
106
|
+
### Session Timeout
|
107
|
+
|
108
|
+
```ruby
|
109
|
+
invalidate_active_sessions! #Invalidate all sessions with a login_time or last_action_time before the current time. Must Opt-in
|
91
110
|
```
|
92
111
|
|
93
112
|
### User Activation
|
@@ -171,6 +190,7 @@ Inside the initializer, the comments will tell you what each setting does.
|
|
171
190
|
|
172
191
|
- Configurable session timeout
|
173
192
|
- Optionally session timeout will be calculated from last user action
|
193
|
+
- Optionally enable a method to clear all active sessions, expects an `invalidate_sessions_before` datetime attribute.
|
174
194
|
|
175
195
|
**Brute Force Protection** (see [lib/sorcery/model/submodules/brute_force_protection.rb](https://github.com/Sorcery/sorcery/blob/master/lib/sorcery/model/submodules/brute_force_protection.rb)):
|
176
196
|
|
@@ -209,16 +229,23 @@ Have an idea? Let us know, and it might get into the gem!
|
|
209
229
|
|
210
230
|
Bug reports and pull requests are welcome on GitHub at https://github.com/Sorcery/sorcery.
|
211
231
|
|
212
|
-
|
213
|
-
|
232
|
+
- [Git Workflow](https://github.com/Sorcery/sorcery/wiki/Git-Workflow)
|
233
|
+
- [Running the specs](https://github.com/Sorcery/sorcery/wiki/Running-the-specs)
|
214
234
|
|
215
235
|
## Contact
|
216
236
|
|
217
237
|
Feel free to ask questions using these contact details:
|
218
238
|
|
219
|
-
|
220
|
-
|
221
|
-
-
|
239
|
+
**Current Maintainers:**
|
240
|
+
|
241
|
+
- Josh Buker ([@athix](https://github.com/athix)) | [Email](mailto:crypto+sorcery@joshbuker.com?subject=Sorcery)
|
242
|
+
|
243
|
+
**Past Maintainers:**
|
244
|
+
|
245
|
+
- Noam Ben-Ari ([@NoamB](https://github.com/NoamB)) | [Email](mailto:nbenari@gmail.com) | [Twitter](https://twitter.com/nbenari)
|
246
|
+
- Kir Shatrov ([@kirs](https://github.com/kirs)) | [Email](mailto:shatrov@me.com) | [Twitter](https://twitter.com/Kiiiir)
|
247
|
+
- Grzegorz Witek ([@arnvald](https://github.com/arnvald)) | [Email](mailto:arnvald.to@gmail.com) | [Twitter](https://twitter.com/arnvald)
|
248
|
+
- Chase Gilliam ([@Ch4s3](https://github.com/Ch4s3)) | [Email](mailto:chase.gilliam@gmail.com)
|
222
249
|
|
223
250
|
## License
|
224
251
|
|
data/SECURITY.md
ADDED
@@ -0,0 +1,18 @@
|
|
1
|
+
# Security Policy
|
2
|
+
|
3
|
+
## Supported Versions
|
4
|
+
|
5
|
+
| Version | Supported |
|
6
|
+
| -------- | ------------------ |
|
7
|
+
| 0.15.0 | :white_check_mark: |
|
8
|
+
| < 0.15.0 | :x: |
|
9
|
+
|
10
|
+
## Reporting a Vulnerability
|
11
|
+
|
12
|
+
Email the current maintainer(s) with a description of the vulnerability. You
|
13
|
+
should expect a response within 48 hours. If the vulnerability is accepted, a
|
14
|
+
Github advisory will be created and eventually released with a CVE corresponding
|
15
|
+
to the issue found.
|
16
|
+
|
17
|
+
A list of the current maintainers can be found on the README under the contact
|
18
|
+
section. See: [README.md](https://github.com/Sorcery/sorcery#contact)
|
@@ -12,6 +12,10 @@ module Sorcery
|
|
12
12
|
options[:model] ? options[:model].classify : 'User'
|
13
13
|
end
|
14
14
|
|
15
|
+
def tableized_model_class
|
16
|
+
options[:model] ? options[:model].gsub(/::/, '').tableize : 'User'
|
17
|
+
end
|
18
|
+
|
15
19
|
def model_path
|
16
20
|
@model_path ||= File.join('app', 'models', "#{file_path}.rb")
|
17
21
|
end
|
@@ -7,7 +7,7 @@ module Sorcery
|
|
7
7
|
include Rails::Generators::Migration
|
8
8
|
include Sorcery::Generators::Helpers
|
9
9
|
|
10
|
-
source_root File.expand_path('
|
10
|
+
source_root File.expand_path('templates', __dir__)
|
11
11
|
|
12
12
|
argument :submodules, optional: true, type: :array, banner: 'submodules'
|
13
13
|
|
@@ -21,9 +21,9 @@ module Sorcery
|
|
21
21
|
desc: "Specify if you want to add submodules to an existing model\n\t\t\t # (will generate migrations files, and add submodules to config file)"
|
22
22
|
|
23
23
|
def check_deprecated_options
|
24
|
-
|
25
|
-
|
26
|
-
|
24
|
+
return unless options[:migrations]
|
25
|
+
|
26
|
+
warn('[DEPRECATED] `--migrations` option is deprecated, please use `--only-submodules` instead')
|
27
27
|
end
|
28
28
|
|
29
29
|
# Copy the initializer file to config/initializers folder.
|
@@ -33,23 +33,22 @@ module Sorcery
|
|
33
33
|
|
34
34
|
def configure_initializer_file
|
35
35
|
# Add submodules to the initializer file.
|
36
|
-
|
37
|
-
submodule_names = submodules.collect { |submodule| ':' + submodule }
|
36
|
+
return unless submodules
|
38
37
|
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
|
38
|
+
submodule_names = submodules.collect { |submodule| ':' + submodule }
|
39
|
+
|
40
|
+
gsub_file sorcery_config_path, /submodules = \[.*\]/ do |str|
|
41
|
+
current_submodule_names = (str =~ /\[(.*)\]/ ? Regexp.last_match(1) : '').delete(' ').split(',')
|
42
|
+
"submodules = [#{(current_submodule_names | submodule_names).join(', ')}]"
|
43
43
|
end
|
44
44
|
end
|
45
45
|
|
46
46
|
def configure_model
|
47
47
|
# Generate the model and add 'authenticates_with_sorcery!' unless you passed --only-submodules
|
48
|
-
|
49
|
-
generate "model #{model_class_name} --skip-migration"
|
48
|
+
return if only_submodules?
|
50
49
|
|
51
|
-
|
52
|
-
|
50
|
+
generate "model #{model_class_name} --skip-migration"
|
51
|
+
inject_sorcery_to_model
|
53
52
|
end
|
54
53
|
|
55
54
|
def inject_sorcery_to_model
|
@@ -61,14 +60,15 @@ module Sorcery
|
|
61
60
|
# Copy the migrations files to db/migrate folder
|
62
61
|
def copy_migration_files
|
63
62
|
# Copy core migration file in all cases except when you pass --only-submodules.
|
64
|
-
return unless defined?(
|
63
|
+
return unless defined?(ActiveRecord)
|
64
|
+
|
65
65
|
migration_template 'migration/core.rb', 'db/migrate/sorcery_core.rb', migration_class_name: migration_class_name unless only_submodules?
|
66
66
|
|
67
|
-
|
68
|
-
|
69
|
-
|
70
|
-
|
71
|
-
|
67
|
+
return unless submodules
|
68
|
+
|
69
|
+
submodules.each do |submodule|
|
70
|
+
unless %w[http_basic_auth session_timeout core].include?(submodule)
|
71
|
+
migration_template "migration/#{submodule}.rb", "db/migrate/sorcery_#{submodule}.rb", migration_class_name: migration_class_name
|
72
72
|
end
|
73
73
|
end
|
74
74
|
end
|
@@ -79,7 +79,7 @@ module Sorcery
|
|
79
79
|
sleep 1 # make sure each time we get a different timestamp
|
80
80
|
Time.new.utc.strftime('%Y%m%d%H%M%S')
|
81
81
|
else
|
82
|
-
'%.3d'
|
82
|
+
format('%.3d', (current_migration_number(dirname) + 1))
|
83
83
|
end
|
84
84
|
end
|
85
85
|
|
@@ -1,7 +1,9 @@
|
|
1
1
|
# The first thing you need to configure is which modules you need in your app.
|
2
2
|
# The default is nothing which will include only core features (password encryption, login/logout).
|
3
|
+
#
|
3
4
|
# Available submodules are: :user_activation, :http_basic_auth, :remember_me,
|
4
|
-
# :reset_password, :session_timeout, :brute_force_protection, :activity_logging,
|
5
|
+
# :reset_password, :session_timeout, :brute_force_protection, :activity_logging,
|
6
|
+
# :magic_login, :external
|
5
7
|
Rails.application.config.sorcery.submodules = []
|
6
8
|
|
7
9
|
# Here you can configure each submodule's features.
|
@@ -13,8 +15,8 @@ Rails.application.config.sorcery.configure do |config|
|
|
13
15
|
#
|
14
16
|
# config.not_authenticated_action =
|
15
17
|
|
16
|
-
# When a non logged
|
17
|
-
# the URL he
|
18
|
+
# When a non logged-in user tries to enter a page that requires login, save
|
19
|
+
# the URL he wants to reach, and send him there after login, using 'redirect_back_or_to'.
|
18
20
|
# Default: `true`
|
19
21
|
#
|
20
22
|
# config.save_return_to_url =
|
@@ -29,6 +31,12 @@ Rails.application.config.sorcery.configure do |config|
|
|
29
31
|
#
|
30
32
|
# config.remember_me_httponly =
|
31
33
|
|
34
|
+
# Set token randomness. (e.g. user activation tokens)
|
35
|
+
# The length of the result string is about 4/3 of `token_randomness`.
|
36
|
+
# Default: `15`
|
37
|
+
#
|
38
|
+
# config.token_randomness =
|
39
|
+
|
32
40
|
# -- session timeout --
|
33
41
|
# How long in seconds to keep the session alive.
|
34
42
|
# Default: `3600`
|
@@ -40,6 +48,11 @@ Rails.application.config.sorcery.configure do |config|
|
|
40
48
|
#
|
41
49
|
# config.session_timeout_from_last_action =
|
42
50
|
|
51
|
+
# Invalidate active sessions. Requires an `invalidate_sessions_before` timestamp column
|
52
|
+
# Default: `false`
|
53
|
+
#
|
54
|
+
# config.session_timeout_invalidate_active_sessions_enabled =
|
55
|
+
|
43
56
|
# -- http_basic_auth --
|
44
57
|
# What realm to display for which controller name. For example {"My App" => "Application"}
|
45
58
|
# Default: `{"application" => "Application"}`
|
@@ -47,23 +60,24 @@ Rails.application.config.sorcery.configure do |config|
|
|
47
60
|
# config.controller_to_realm_map =
|
48
61
|
|
49
62
|
# -- activity logging --
|
50
|
-
#
|
63
|
+
# Will register the time of last user login, every login.
|
51
64
|
# Default: `true`
|
52
65
|
#
|
53
66
|
# config.register_login_time =
|
54
67
|
|
55
|
-
#
|
68
|
+
# Will register the time of last user logout, every logout.
|
56
69
|
# Default: `true`
|
57
70
|
#
|
58
71
|
# config.register_logout_time =
|
59
72
|
|
60
|
-
#
|
73
|
+
# Will register the time of last user action, every action.
|
61
74
|
# Default: `true`
|
62
75
|
#
|
63
76
|
# config.register_last_activity_time =
|
64
77
|
|
65
78
|
# -- external --
|
66
|
-
# What providers are supported by this app
|
79
|
+
# What providers are supported by this app
|
80
|
+
# i.e. [:twitter, :facebook, :github, :linkedin, :xing, :google, :liveid, :salesforce, :slack, :line].
|
67
81
|
# Default: `[]`
|
68
82
|
#
|
69
83
|
# config.external_providers =
|
@@ -74,16 +88,19 @@ Rails.application.config.sorcery.configure do |config|
|
|
74
88
|
#
|
75
89
|
# config.ca_file =
|
76
90
|
|
77
|
-
#
|
78
|
-
#
|
79
|
-
#
|
91
|
+
# Linkedin requires r_emailaddress scope to fetch user's email address.
|
92
|
+
# You can skip including the email field if you use an intermediary signup form. (using build_from method).
|
93
|
+
# The r_emailaddress scope is only necessary if you are using the create_from method directly.
|
80
94
|
#
|
81
95
|
# config.linkedin.key = ""
|
82
96
|
# config.linkedin.secret = ""
|
83
97
|
# config.linkedin.callback_url = "http://0.0.0.0:3000/oauth/callback?provider=linkedin"
|
84
|
-
# config.linkedin.
|
85
|
-
#
|
86
|
-
#
|
98
|
+
# config.linkedin.user_info_mapping = {
|
99
|
+
# first_name: 'localizedFirstName',
|
100
|
+
# last_name: 'localizedLastName',
|
101
|
+
# email: 'emailAddress'
|
102
|
+
# }
|
103
|
+
# config.linkedin.scope = "r_liteprofile r_emailaddress"
|
87
104
|
#
|
88
105
|
#
|
89
106
|
# For information about XING API:
|
@@ -96,7 +113,7 @@ Rails.application.config.sorcery.configure do |config|
|
|
96
113
|
#
|
97
114
|
#
|
98
115
|
# Twitter will not accept any requests nor redirect uri containing localhost,
|
99
|
-
#
|
116
|
+
# Make sure you use 0.0.0.0:3000 to access your app in development
|
100
117
|
#
|
101
118
|
# config.twitter.key = ""
|
102
119
|
# config.twitter.secret = ""
|
@@ -106,12 +123,19 @@ Rails.application.config.sorcery.configure do |config|
|
|
106
123
|
# config.facebook.key = ""
|
107
124
|
# config.facebook.secret = ""
|
108
125
|
# config.facebook.callback_url = "http://0.0.0.0:3000/oauth/callback?provider=facebook"
|
109
|
-
# config.facebook.
|
110
|
-
# config.facebook.
|
126
|
+
# config.facebook.user_info_path = "me?fields=email"
|
127
|
+
# config.facebook.user_info_mapping = {:email => "email"}
|
128
|
+
# config.facebook.access_permissions = ["email"]
|
111
129
|
# config.facebook.display = "page"
|
112
130
|
# config.facebook.api_version = "v2.3"
|
113
131
|
# config.facebook.parse = :json
|
114
132
|
#
|
133
|
+
# config.instagram.key = ""
|
134
|
+
# config.instagram.secret = ""
|
135
|
+
# config.instagram.callback_url = "http://0.0.0.0:3000/oauth/callback?provider=instagram"
|
136
|
+
# config.instagram.user_info_mapping = {:email => "username"}
|
137
|
+
# config.instagram.access_permissions = ["basic", "public_content", "follower_list", "comments", "relationships", "likes"]
|
138
|
+
#
|
115
139
|
# config.github.key = ""
|
116
140
|
# config.github.secret = ""
|
117
141
|
# config.github.callback_url = "http://0.0.0.0:3000/oauth/callback?provider=github"
|
@@ -127,6 +151,13 @@ Rails.application.config.sorcery.configure do |config|
|
|
127
151
|
# config.wechat.secret = ""
|
128
152
|
# config.wechat.callback_url = "http://0.0.0.0:3000/oauth/callback?provider=wechat"
|
129
153
|
#
|
154
|
+
# For Auth0, site is required and should match the domain provided by Auth0.
|
155
|
+
#
|
156
|
+
# config.auth0.key = ""
|
157
|
+
# config.auth0.secret = ""
|
158
|
+
# config.auth0.callback_url = "https://0.0.0.0:3000/oauth/callback?provider=auth0"
|
159
|
+
# config.auth0.site = "https://example.auth0.com"
|
160
|
+
#
|
130
161
|
# config.google.key = ""
|
131
162
|
# config.google.secret = ""
|
132
163
|
# config.google.callback_url = "http://0.0.0.0:3000/oauth/callback?provider=google"
|
@@ -134,7 +165,8 @@ Rails.application.config.sorcery.configure do |config|
|
|
134
165
|
# config.google.scope = "https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile"
|
135
166
|
#
|
136
167
|
# For Microsoft Graph, the key will be your App ID, and the secret will be your app password/public key.
|
137
|
-
# The callback URL "can't contain a query string or invalid special characters"
|
168
|
+
# The callback URL "can't contain a query string or invalid special characters"
|
169
|
+
# See: https://docs.microsoft.com/en-us/azure/active-directory/active-directory-v2-limitations#restrictions-on-redirect-uris
|
138
170
|
# More information at https://graph.microsoft.io/en-us/docs
|
139
171
|
#
|
140
172
|
# config.microsoft.key = ""
|
@@ -147,6 +179,7 @@ Rails.application.config.sorcery.configure do |config|
|
|
147
179
|
# config.vk.secret = ""
|
148
180
|
# config.vk.callback_url = "http://0.0.0.0:3000/oauth/callback?provider=vk"
|
149
181
|
# config.vk.user_info_mapping = {:login => "domain", :name => "full_name"}
|
182
|
+
# config.vk.api_version = "5.71"
|
150
183
|
#
|
151
184
|
# config.slack.callback_url = "http://0.0.0.0:3000/oauth/callback?provider=slack"
|
152
185
|
# config.slack.key = ''
|
@@ -164,7 +197,7 @@ Rails.application.config.sorcery.configure do |config|
|
|
164
197
|
|
165
198
|
# For information about JIRA API:
|
166
199
|
# https://developer.atlassian.com/display/JIRADEV/JIRA+REST+API+Example+-+OAuth+authentication
|
167
|
-
#
|
200
|
+
# To obtain the consumer key and the public key you can use the jira-ruby gem https://github.com/sumoheavy/jira-ruby
|
168
201
|
# or run openssl req -x509 -nodes -newkey rsa:1024 -sha1 -keyout rsakey.pem -out rsacert.pem to obtain the public key
|
169
202
|
# Make sure you have configured the application link properly
|
170
203
|
|
@@ -177,7 +210,7 @@ Rails.application.config.sorcery.configure do |config|
|
|
177
210
|
# For information about Salesforce API:
|
178
211
|
# https://developer.salesforce.com/signup &
|
179
212
|
# https://www.salesforce.com/us/developer/docs/api_rest/
|
180
|
-
# Salesforce callback_url must be https. You can run the following to generate self-signed ssl cert
|
213
|
+
# Salesforce callback_url must be https. You can run the following to generate self-signed ssl cert:
|
181
214
|
# openssl req -new -newkey rsa:2048 -sha1 -days 365 -nodes -x509 -keyout server.key -out server.crt
|
182
215
|
# Make sure you have configured the application link properly
|
183
216
|
# config.salesforce.key = '123123'
|
@@ -186,179 +219,252 @@ Rails.application.config.sorcery.configure do |config|
|
|
186
219
|
# config.salesforce.scope = "full"
|
187
220
|
# config.salesforce.user_info_mapping = {:email => "email"}
|
188
221
|
|
222
|
+
# config.line.key = ""
|
223
|
+
# config.line.secret = ""
|
224
|
+
# config.line.callback_url = "http://mydomain.com:3000/oauth/callback?provider=line"
|
225
|
+
# config.line.scope = "profile"
|
226
|
+
# config.line.bot_prompt = "normal"
|
227
|
+
# config.line.user_info_mapping = {name: 'displayName'}
|
228
|
+
|
229
|
+
|
230
|
+
# For information about Discord API
|
231
|
+
# https://discordapp.com/developers/docs/topics/oauth2
|
232
|
+
# config.discord.key = "xxxxxx"
|
233
|
+
# config.discord.secret = "xxxxxx"
|
234
|
+
# config.discord.callback_url = "http://localhost:3000/oauth/callback?provider=discord"
|
235
|
+
# config.discord.scope = "email guilds"
|
236
|
+
|
237
|
+
# For information about Battlenet API
|
238
|
+
# https://develop.battle.net/documentation/guides/using-oauth
|
239
|
+
# config.battlenet.site = "https://eu.battle.net/" #See Website for other Regional Domains
|
240
|
+
# config.battlenet.key = "xxxxxx"
|
241
|
+
# config.battlenet.secret = "xxxxxx"
|
242
|
+
# config.battlenet.callback_url = "http://localhost:3000/oauth/callback?provider=battlenet"
|
243
|
+
# config.battlenet.scope = "openid"
|
189
244
|
# --- user config ---
|
190
245
|
config.user_config do |user|
|
191
246
|
# -- core --
|
192
|
-
#
|
247
|
+
# Specify username attributes, for example: [:username, :email].
|
193
248
|
# Default: `[:email]`
|
194
249
|
#
|
195
250
|
# user.username_attribute_names =
|
196
251
|
|
197
|
-
#
|
252
|
+
# Change *virtual* password attribute, the one which is used until an encrypted one is generated.
|
198
253
|
# Default: `:password`
|
199
254
|
#
|
200
255
|
# user.password_attribute_name =
|
201
256
|
|
202
|
-
#
|
257
|
+
# Downcase the username before trying to authenticate, default is false
|
203
258
|
# Default: `false`
|
204
259
|
#
|
205
260
|
# user.downcase_username_before_authenticating =
|
206
261
|
|
207
|
-
#
|
262
|
+
# Change default email attribute.
|
208
263
|
# Default: `:email`
|
209
264
|
#
|
210
265
|
# user.email_attribute_name =
|
211
266
|
|
212
|
-
#
|
267
|
+
# Change default crypted_password attribute.
|
213
268
|
# Default: `:crypted_password`
|
214
269
|
#
|
215
270
|
# user.crypted_password_attribute_name =
|
216
271
|
|
217
|
-
#
|
272
|
+
# What pattern to use to join the password with the salt
|
218
273
|
# Default: `""`
|
219
274
|
#
|
220
275
|
# user.salt_join_token =
|
221
276
|
|
222
|
-
#
|
277
|
+
# Change default salt attribute.
|
223
278
|
# Default: `:salt`
|
224
279
|
#
|
225
280
|
# user.salt_attribute_name =
|
226
281
|
|
227
|
-
#
|
228
|
-
# Default: `nil`
|
282
|
+
# How many times to apply encryption to the password.
|
283
|
+
# Default: 1 in test env, `nil` otherwise
|
229
284
|
#
|
230
|
-
|
285
|
+
user.stretches = 1 if Rails.env.test?
|
231
286
|
|
232
|
-
#
|
287
|
+
# Encryption key used to encrypt reversible encryptions such as AES256.
|
233
288
|
# WARNING: If used for users' passwords, changing this key will leave passwords undecryptable!
|
234
289
|
# Default: `nil`
|
235
290
|
#
|
236
291
|
# user.encryption_key =
|
237
292
|
|
238
|
-
#
|
293
|
+
# Use an external encryption class.
|
239
294
|
# Default: `nil`
|
240
295
|
#
|
241
296
|
# user.custom_encryption_provider =
|
242
297
|
|
243
|
-
#
|
298
|
+
# Encryption algorithm name. See 'encryption_algorithm=' for available options.
|
244
299
|
# Default: `:bcrypt`
|
245
300
|
#
|
246
301
|
# user.encryption_algorithm =
|
247
302
|
|
248
|
-
#
|
303
|
+
# Make this configuration inheritable for subclasses. Useful for ActiveRecord's STI.
|
249
304
|
# Default: `false`
|
250
305
|
#
|
251
306
|
# user.subclasses_inherit_config =
|
252
307
|
|
253
308
|
# -- remember_me --
|
254
309
|
# How long in seconds the session length will be
|
255
|
-
# Default: `
|
310
|
+
# Default: `60 * 60 * 24 * 7`
|
256
311
|
#
|
257
312
|
# user.remember_me_for =
|
258
313
|
|
259
|
-
#
|
260
|
-
# logins/logouts (
|
314
|
+
# When true, sorcery will persist a single remember me token for all
|
315
|
+
# logins/logouts (to support remembering on multiple browsers simultaneously).
|
261
316
|
# Default: false
|
262
317
|
#
|
263
318
|
# user.remember_me_token_persist_globally =
|
264
319
|
|
265
320
|
# -- user_activation --
|
266
|
-
#
|
321
|
+
# The attribute name to hold activation state (active/pending).
|
267
322
|
# Default: `:activation_state`
|
268
323
|
#
|
269
324
|
# user.activation_state_attribute_name =
|
270
325
|
|
271
|
-
#
|
326
|
+
# The attribute name to hold activation code (sent by email).
|
272
327
|
# Default: `:activation_token`
|
273
328
|
#
|
274
329
|
# user.activation_token_attribute_name =
|
275
330
|
|
276
|
-
#
|
331
|
+
# The attribute name to hold activation code expiration date.
|
277
332
|
# Default: `:activation_token_expires_at`
|
278
333
|
#
|
279
334
|
# user.activation_token_expires_at_attribute_name =
|
280
335
|
|
281
|
-
#
|
336
|
+
# How many seconds before the activation code expires. nil for never expires.
|
282
337
|
# Default: `nil`
|
283
338
|
#
|
284
339
|
# user.activation_token_expiration_period =
|
285
340
|
|
286
|
-
#
|
341
|
+
# REQUIRED:
|
342
|
+
# User activation mailer class.
|
287
343
|
# Default: `nil`
|
288
344
|
#
|
289
345
|
# user.user_activation_mailer =
|
290
346
|
|
291
|
-
#
|
292
|
-
#
|
293
|
-
# manually handle how and when email is sent.
|
347
|
+
# When true, sorcery will not automatically
|
348
|
+
# send the activation details email, and allow you to
|
349
|
+
# manually handle how and when the email is sent.
|
294
350
|
# Default: `false`
|
295
351
|
#
|
296
352
|
# user.activation_mailer_disabled =
|
297
353
|
|
298
|
-
#
|
354
|
+
# Method to send email related
|
299
355
|
# options: `:deliver_later`, `:deliver_now`, `:deliver`
|
300
356
|
# Default: :deliver (Rails version < 4.2) or :deliver_now (Rails version 4.2+)
|
301
357
|
#
|
302
358
|
# user.email_delivery_method =
|
303
359
|
|
304
|
-
#
|
360
|
+
# Activation needed email method on your mailer class.
|
305
361
|
# Default: `:activation_needed_email`
|
306
362
|
#
|
307
363
|
# user.activation_needed_email_method_name =
|
308
364
|
|
309
|
-
#
|
365
|
+
# Activation success email method on your mailer class.
|
310
366
|
# Default: `:activation_success_email`
|
311
367
|
#
|
312
368
|
# user.activation_success_email_method_name =
|
313
369
|
|
314
|
-
#
|
370
|
+
# Do you want to prevent users who did not activate by email from logging in?
|
315
371
|
# Default: `true`
|
316
372
|
#
|
317
373
|
# user.prevent_non_active_users_to_login =
|
318
374
|
|
319
375
|
# -- reset_password --
|
320
|
-
# reset
|
376
|
+
# Password reset token attribute name.
|
321
377
|
# Default: `:reset_password_token`
|
322
378
|
#
|
323
379
|
# user.reset_password_token_attribute_name =
|
324
380
|
|
325
|
-
#
|
381
|
+
# Password token expiry attribute name.
|
326
382
|
# Default: `:reset_password_token_expires_at`
|
327
383
|
#
|
328
384
|
# user.reset_password_token_expires_at_attribute_name =
|
329
385
|
|
330
|
-
#
|
386
|
+
# When was password reset email sent. Used for hammering protection.
|
331
387
|
# Default: `:reset_password_email_sent_at`
|
332
388
|
#
|
333
389
|
# user.reset_password_email_sent_at_attribute_name =
|
334
390
|
|
335
|
-
#
|
391
|
+
# REQUIRED:
|
392
|
+
# Password reset mailer class.
|
336
393
|
# Default: `nil`
|
337
394
|
#
|
338
395
|
# user.reset_password_mailer =
|
339
396
|
|
340
|
-
#
|
397
|
+
# Reset password email method on your mailer class.
|
341
398
|
# Default: `:reset_password_email`
|
342
399
|
#
|
343
400
|
# user.reset_password_email_method_name =
|
344
401
|
|
345
|
-
#
|
346
|
-
#
|
347
|
-
# manually handle how and when email is sent
|
402
|
+
# When true, sorcery will not automatically
|
403
|
+
# send the password reset details email, and allow you to
|
404
|
+
# manually handle how and when the email is sent
|
348
405
|
# Default: `false`
|
349
406
|
#
|
350
407
|
# user.reset_password_mailer_disabled =
|
351
408
|
|
352
|
-
#
|
409
|
+
# How many seconds before the reset request expires. nil for never expires.
|
353
410
|
# Default: `nil`
|
354
411
|
#
|
355
412
|
# user.reset_password_expiration_period =
|
356
413
|
|
357
|
-
#
|
414
|
+
# Hammering protection: how long in seconds to wait before allowing another email to be sent.
|
358
415
|
# Default: `5 * 60`
|
359
416
|
#
|
360
417
|
# user.reset_password_time_between_emails =
|
361
418
|
|
419
|
+
# Access counter to a reset password page attribute name
|
420
|
+
# Default: `:access_count_to_reset_password_page`
|
421
|
+
#
|
422
|
+
# user.reset_password_page_access_count_attribute_name =
|
423
|
+
|
424
|
+
# -- magic_login --
|
425
|
+
# Magic login code attribute name.
|
426
|
+
# Default: `:magic_login_token`
|
427
|
+
#
|
428
|
+
# user.magic_login_token_attribute_name =
|
429
|
+
|
430
|
+
# Magic login expiry attribute name.
|
431
|
+
# Default: `:magic_login_token_expires_at`
|
432
|
+
#
|
433
|
+
# user.magic_login_token_expires_at_attribute_name =
|
434
|
+
|
435
|
+
# When was magic login email sent — used for hammering protection.
|
436
|
+
# Default: `:magic_login_email_sent_at`
|
437
|
+
#
|
438
|
+
# user.magic_login_email_sent_at_attribute_name =
|
439
|
+
|
440
|
+
# REQUIRED:
|
441
|
+
# Magic login mailer class.
|
442
|
+
# Default: `nil`
|
443
|
+
#
|
444
|
+
# user.magic_login_mailer_class =
|
445
|
+
|
446
|
+
# Magic login email method on your mailer class.
|
447
|
+
# Default: `:magic_login_email`
|
448
|
+
#
|
449
|
+
# user.magic_login_email_method_name =
|
450
|
+
|
451
|
+
# When true, sorcery will not automatically
|
452
|
+
# send magic login details email, and allow you to
|
453
|
+
# manually handle how and when the email is sent
|
454
|
+
# Default: `true`
|
455
|
+
#
|
456
|
+
# user.magic_login_mailer_disabled =
|
457
|
+
|
458
|
+
# How many seconds before the request expires. nil for never expires.
|
459
|
+
# Default: `nil`
|
460
|
+
#
|
461
|
+
# user.magic_login_expiration_period =
|
462
|
+
|
463
|
+
# Hammering protection: how long in seconds to wait before allowing another email to be sent.
|
464
|
+
# Default: `5 * 60`
|
465
|
+
#
|
466
|
+
# user.magic_login_time_between_emails =
|
467
|
+
|
362
468
|
# -- brute_force_protection --
|
363
469
|
# Failed logins attribute name.
|
364
470
|
# Default: `:failed_logins_count`
|
@@ -370,12 +476,12 @@ Rails.application.config.sorcery.configure do |config|
|
|
370
476
|
#
|
371
477
|
# user.lock_expires_at_attribute_name =
|
372
478
|
|
373
|
-
# How many failed logins allowed.
|
479
|
+
# How many failed logins are allowed.
|
374
480
|
# Default: `50`
|
375
481
|
#
|
376
482
|
# user.consecutive_login_retries_amount_limit =
|
377
483
|
|
378
|
-
# How long the user should be banned
|
484
|
+
# How long the user should be banned, in seconds. 0 for permanent.
|
379
485
|
# Default: `60 * 60`
|
380
486
|
#
|
381
487
|
# user.login_lock_time_period =
|
@@ -390,16 +496,17 @@ Rails.application.config.sorcery.configure do |config|
|
|
390
496
|
#
|
391
497
|
# user.unlock_token_email_method_name =
|
392
498
|
|
393
|
-
#
|
394
|
-
# send email with unlock token
|
499
|
+
# When true, sorcery will not automatically
|
500
|
+
# send email with the unlock token
|
395
501
|
# Default: `false`
|
396
502
|
#
|
397
503
|
# user.unlock_token_mailer_disabled = true
|
398
504
|
|
399
|
-
#
|
505
|
+
# REQUIRED:
|
506
|
+
# Unlock token mailer class.
|
400
507
|
# Default: `nil`
|
401
508
|
#
|
402
|
-
# user.unlock_token_mailer =
|
509
|
+
# user.unlock_token_mailer =
|
403
510
|
|
404
511
|
# -- activity logging --
|
405
512
|
# Last login attribute name.
|
@@ -417,7 +524,7 @@ Rails.application.config.sorcery.configure do |config|
|
|
417
524
|
#
|
418
525
|
# user.last_activity_at_attribute_name =
|
419
526
|
|
420
|
-
# How long since last activity
|
527
|
+
# How long since user's last activity will they be considered logged out?
|
421
528
|
# Default: `10 * 60`
|
422
529
|
#
|
423
530
|
# user.activity_timeout =
|
@@ -428,17 +535,17 @@ Rails.application.config.sorcery.configure do |config|
|
|
428
535
|
#
|
429
536
|
# user.authentications_class =
|
430
537
|
|
431
|
-
# User's identifier in authentications class.
|
538
|
+
# User's identifier in the `authentications` class.
|
432
539
|
# Default: `:user_id`
|
433
540
|
#
|
434
541
|
# user.authentications_user_id_attribute_name =
|
435
542
|
|
436
|
-
# Provider's identifier in authentications class.
|
543
|
+
# Provider's identifier in the `authentications` class.
|
437
544
|
# Default: `:provider`
|
438
545
|
#
|
439
546
|
# user.provider_attribute_name =
|
440
547
|
|
441
|
-
# User's external unique identifier in authentications class.
|
548
|
+
# User's external unique identifier in the `authentications` class.
|
442
549
|
# Default: `:uid`
|
443
550
|
#
|
444
551
|
# user.provider_uid_attribute_name =
|
@@ -446,5 +553,5 @@ Rails.application.config.sorcery.configure do |config|
|
|
446
553
|
|
447
554
|
# This line must come after the 'user config' block.
|
448
555
|
# Define which model authenticates with sorcery.
|
449
|
-
config.user_class =
|
556
|
+
config.user_class = "<%= model_class_name %>"
|
450
557
|
end
|