sorcery 0.13.0 → 0.16.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/FUNDING.yml +1 -0
- data/.github/PULL_REQUEST_TEMPLATE.md +5 -0
- data/.github/workflows/ruby.yml +49 -0
- data/.rubocop.yml +2 -2
- data/.rubocop_todo.yml +157 -1
- data/CHANGELOG.md +49 -0
- data/CODE_OF_CONDUCT.md +14 -0
- data/Gemfile +1 -1
- data/README.md +4 -4
- data/Rakefile +3 -1
- data/SECURITY.md +19 -0
- data/gemfiles/rails_52.gemfile +7 -0
- data/gemfiles/rails_60.gemfile +7 -0
- data/lib/generators/sorcery/helpers.rb +4 -0
- data/lib/generators/sorcery/templates/initializer.rb +111 -85
- data/lib/generators/sorcery/templates/migration/activity_logging.rb +5 -5
- data/lib/generators/sorcery/templates/migration/brute_force_protection.rb +4 -4
- data/lib/generators/sorcery/templates/migration/core.rb +4 -4
- data/lib/generators/sorcery/templates/migration/external.rb +3 -3
- data/lib/generators/sorcery/templates/migration/magic_login.rb +4 -4
- data/lib/generators/sorcery/templates/migration/remember_me.rb +3 -3
- data/lib/generators/sorcery/templates/migration/reset_password.rb +5 -5
- data/lib/generators/sorcery/templates/migration/user_activation.rb +4 -4
- data/lib/sorcery/adapters/active_record_adapter.rb +2 -2
- data/lib/sorcery/controller.rb +4 -1
- data/lib/sorcery/controller/config.rb +6 -6
- data/lib/sorcery/controller/submodules/activity_logging.rb +5 -3
- data/lib/sorcery/controller/submodules/external.rb +4 -1
- data/lib/sorcery/controller/submodules/http_basic_auth.rb +1 -0
- data/lib/sorcery/controller/submodules/remember_me.rb +2 -1
- data/lib/sorcery/controller/submodules/session_timeout.rb +2 -0
- data/lib/sorcery/crypto_providers/aes256.rb +1 -1
- data/lib/sorcery/crypto_providers/bcrypt.rb +6 -1
- data/lib/sorcery/engine.rb +7 -1
- data/lib/sorcery/model.rb +6 -5
- data/lib/sorcery/model/config.rb +5 -0
- data/lib/sorcery/model/submodules/magic_login.rb +7 -4
- data/lib/sorcery/model/submodules/reset_password.rb +6 -2
- data/lib/sorcery/providers/battlenet.rb +51 -0
- data/lib/sorcery/providers/discord.rb +52 -0
- data/lib/sorcery/providers/line.rb +63 -0
- data/lib/sorcery/providers/linkedin.rb +45 -36
- data/lib/sorcery/providers/vk.rb +1 -1
- data/lib/sorcery/version.rb +1 -1
- data/sorcery.gemspec +5 -6
- data/spec/controllers/controller_oauth2_spec.rb +41 -6
- data/spec/controllers/controller_oauth_spec.rb +6 -0
- data/spec/controllers/controller_remember_me_spec.rb +15 -12
- data/spec/controllers/controller_spec.rb +11 -1
- data/spec/providers/example_provider_spec.rb +17 -0
- data/spec/providers/example_spec.rb +17 -0
- data/spec/rails_app/app/assets/config/manifest.js +1 -0
- data/spec/rails_app/app/controllers/application_controller.rb +2 -0
- data/spec/rails_app/app/controllers/sorcery_controller.rb +69 -1
- data/spec/rails_app/config/routes.rb +10 -0
- data/spec/shared_examples/user_reset_password_shared_examples.rb +18 -2
- data/spec/shared_examples/user_shared_examples.rb +63 -0
- data/spec/sorcery_crypto_providers_spec.rb +60 -0
- data/spec/support/migration_helper.rb +12 -2
- data/spec/support/providers/example.rb +11 -0
- data/spec/support/providers/example_provider.rb +11 -0
- metadata +25 -15
- data/.travis.yml +0 -38
- data/gemfiles/active_record_rails_40.gemfile +0 -6
- data/gemfiles/active_record_rails_41.gemfile +0 -6
- data/gemfiles/active_record_rails_42.gemfile +0 -6
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 0f0614713fb5b564c7273b8f08b71547414613303b574156932f415dee83286e
|
4
|
+
data.tar.gz: aa2b3081950f5c5f4615dbb21f535fa90ade9a600b29a9d41e3449bdd8551c58
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 781c5dd4d01ab49353464f4e8eb1f1990351f75e1acf307ef9fb83892e4304fd5a5876afa4b8091e4f4edad6661e1f6a4b6b226eb8cb1b290d0712e30826414b
|
7
|
+
data.tar.gz: 347e36c6b09f16eaa1028e8ae02eca140763d07c9981a74b867997994e32a968dcde6016b4b8aab61738ee5eaf463989775ae1c1d257bc561e20ec30ac7e4068
|
data/.github/FUNDING.yml
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
github: athix
|
@@ -0,0 +1,49 @@
|
|
1
|
+
name: Test Suite
|
2
|
+
|
3
|
+
# Run against all commits and pull requests.
|
4
|
+
on: [ push, pull_request ]
|
5
|
+
|
6
|
+
jobs:
|
7
|
+
test_matrix:
|
8
|
+
|
9
|
+
runs-on: ubuntu-latest
|
10
|
+
|
11
|
+
strategy:
|
12
|
+
fail-fast: false
|
13
|
+
matrix:
|
14
|
+
ruby:
|
15
|
+
- 2.4
|
16
|
+
- 2.5
|
17
|
+
- 2.6
|
18
|
+
- 2.7
|
19
|
+
- 3.0
|
20
|
+
|
21
|
+
rails:
|
22
|
+
- '52'
|
23
|
+
- '60'
|
24
|
+
|
25
|
+
exclude:
|
26
|
+
- ruby: 2.4
|
27
|
+
rails: '60'
|
28
|
+
- ruby: 3.0
|
29
|
+
rails: '52'
|
30
|
+
|
31
|
+
env:
|
32
|
+
BUNDLE_GEMFILE: gemfiles/rails_${{ matrix.rails }}.gemfile
|
33
|
+
|
34
|
+
steps:
|
35
|
+
- uses: actions/checkout@v2
|
36
|
+
- name: Set up Ruby
|
37
|
+
uses: ruby/setup-ruby@v1
|
38
|
+
with:
|
39
|
+
ruby-version: ${{ matrix.ruby }}
|
40
|
+
bundler-cache: true
|
41
|
+
- name: Run tests
|
42
|
+
run: bundle exec rake spec
|
43
|
+
|
44
|
+
finish:
|
45
|
+
runs-on: ubuntu-latest
|
46
|
+
needs: [ test_matrix ]
|
47
|
+
steps:
|
48
|
+
- name: Wait for status checks
|
49
|
+
run: echo "All Green!"
|
data/.rubocop.yml
CHANGED
@@ -3,7 +3,7 @@ inherit_from: .rubocop_todo.yml
|
|
3
3
|
AllCops:
|
4
4
|
Exclude:
|
5
5
|
- 'lib/generators/sorcery/templates/**/*'
|
6
|
-
TargetRubyVersion: 2.
|
6
|
+
TargetRubyVersion: 2.6
|
7
7
|
|
8
8
|
# See: https://github.com/rubocop-hq/rubocop/issues/3344
|
9
9
|
Style/DoubleNegation:
|
@@ -21,7 +21,7 @@ Metrics/BlockLength:
|
|
21
21
|
Exclude:
|
22
22
|
- 'lib/**/*'
|
23
23
|
- 'spec/**/*'
|
24
|
-
|
24
|
+
Layout/LineLength:
|
25
25
|
Exclude:
|
26
26
|
- 'lib/**/*'
|
27
27
|
- 'spec/**/*'
|
data/.rubocop_todo.yml
CHANGED
@@ -1,7 +1,163 @@
|
|
1
1
|
# This configuration was generated by
|
2
2
|
# `rubocop --auto-gen-config`
|
3
|
-
# on
|
3
|
+
# on 2021-04-04 05:00:11 UTC using RuboCop version 0.88.0.
|
4
4
|
# The point is for the user to remove these configuration records
|
5
5
|
# one by one as the offenses are removed from the code base.
|
6
6
|
# Note that changes in the inspected code, or installation of new
|
7
7
|
# versions of RuboCop, may require this file to be generated again.
|
8
|
+
|
9
|
+
# Offense count: 1
|
10
|
+
# Configuration parameters: Include.
|
11
|
+
# Include: **/*.gemspec
|
12
|
+
Gemspec/RequiredRubyVersion:
|
13
|
+
Exclude:
|
14
|
+
- 'sorcery.gemspec'
|
15
|
+
|
16
|
+
# Offense count: 2
|
17
|
+
# Cop supports --auto-correct.
|
18
|
+
# Configuration parameters: IndentationWidth.
|
19
|
+
# SupportedStyles: special_inside_parentheses, consistent, align_braces
|
20
|
+
Layout/FirstHashElementIndentation:
|
21
|
+
EnforcedStyle: consistent
|
22
|
+
|
23
|
+
# Offense count: 83
|
24
|
+
# Cop supports --auto-correct.
|
25
|
+
# Configuration parameters: AllowMultipleStyles, EnforcedHashRocketStyle, EnforcedColonStyle, EnforcedLastArgumentHashStyle.
|
26
|
+
# SupportedHashRocketStyles: key, separator, table
|
27
|
+
# SupportedColonStyles: key, separator, table
|
28
|
+
# SupportedLastArgumentHashStyles: always_inspect, always_ignore, ignore_implicit, ignore_explicit
|
29
|
+
Layout/HashAlignment:
|
30
|
+
Enabled: false
|
31
|
+
|
32
|
+
# Offense count: 3
|
33
|
+
# Cop supports --auto-correct.
|
34
|
+
# Configuration parameters: AllowInHeredoc.
|
35
|
+
Layout/TrailingWhitespace:
|
36
|
+
Exclude:
|
37
|
+
- 'lib/sorcery/controller/submodules/external.rb'
|
38
|
+
|
39
|
+
# Offense count: 2
|
40
|
+
# Configuration parameters: AllowSafeAssignment.
|
41
|
+
Lint/AssignmentInCondition:
|
42
|
+
Exclude:
|
43
|
+
- 'spec/rails_app/app/controllers/sorcery_controller.rb'
|
44
|
+
|
45
|
+
# Offense count: 1
|
46
|
+
# Cop supports --auto-correct.
|
47
|
+
Lint/NonDeterministicRequireOrder:
|
48
|
+
Exclude:
|
49
|
+
- 'spec/spec_helper.rb'
|
50
|
+
|
51
|
+
# Offense count: 4
|
52
|
+
# Cop supports --auto-correct.
|
53
|
+
Lint/RedundantCopDisableDirective:
|
54
|
+
Exclude:
|
55
|
+
- 'lib/sorcery/controller.rb'
|
56
|
+
- 'lib/sorcery/model.rb'
|
57
|
+
- 'spec/rails_app/config/application.rb'
|
58
|
+
- 'spec/shared_examples/user_shared_examples.rb'
|
59
|
+
|
60
|
+
# Offense count: 4
|
61
|
+
# Cop supports --auto-correct.
|
62
|
+
Lint/SendWithMixinArgument:
|
63
|
+
Exclude:
|
64
|
+
- 'lib/sorcery.rb'
|
65
|
+
- 'lib/sorcery/engine.rb'
|
66
|
+
- 'lib/sorcery/test_helpers/internal/rails.rb'
|
67
|
+
|
68
|
+
# Offense count: 2
|
69
|
+
# Cop supports --auto-correct.
|
70
|
+
# Configuration parameters: IgnoreEmptyBlocks, AllowUnusedKeywordArguments.
|
71
|
+
Lint/UnusedBlockArgument:
|
72
|
+
Exclude:
|
73
|
+
- 'spec/shared_examples/user_shared_examples.rb'
|
74
|
+
|
75
|
+
# Offense count: 1
|
76
|
+
# Cop supports --auto-correct.
|
77
|
+
# Configuration parameters: EnforcedStyle, SingleLineConditionsOnly, IncludeTernaryExpressions.
|
78
|
+
# SupportedStyles: assign_to_condition, assign_inside_condition
|
79
|
+
Style/ConditionalAssignment:
|
80
|
+
Exclude:
|
81
|
+
- 'lib/sorcery/adapters/active_record_adapter.rb'
|
82
|
+
|
83
|
+
# Offense count: 1
|
84
|
+
# Cop supports --auto-correct.
|
85
|
+
Style/ExpandPathArguments:
|
86
|
+
Exclude:
|
87
|
+
- 'spec/rails_app/config.ru'
|
88
|
+
|
89
|
+
# Offense count: 1
|
90
|
+
# Configuration parameters: EnforcedStyle.
|
91
|
+
# SupportedStyles: annotated, template, unannotated
|
92
|
+
Style/FormatStringToken:
|
93
|
+
Exclude:
|
94
|
+
- 'lib/generators/sorcery/install_generator.rb'
|
95
|
+
|
96
|
+
# Offense count: 125
|
97
|
+
# Cop supports --auto-correct.
|
98
|
+
# Configuration parameters: EnforcedStyle.
|
99
|
+
# SupportedStyles: always, always_true, never
|
100
|
+
Style/FrozenStringLiteralComment:
|
101
|
+
Enabled: false
|
102
|
+
|
103
|
+
# Offense count: 3
|
104
|
+
# Cop supports --auto-correct.
|
105
|
+
# Configuration parameters: EnforcedStyle, UseHashRocketsWithSymbolValues, PreferHashRocketsForNonAlnumEndingSymbols.
|
106
|
+
# SupportedStyles: ruby19, hash_rockets, no_mixed_keys, ruby19_no_mixed_keys
|
107
|
+
Style/HashSyntax:
|
108
|
+
Exclude:
|
109
|
+
- 'lib/sorcery/adapters/active_record_adapter.rb'
|
110
|
+
- 'lib/sorcery/test_helpers/rails/integration.rb'
|
111
|
+
|
112
|
+
# Offense count: 34
|
113
|
+
# Cop supports --auto-correct.
|
114
|
+
Style/IfUnlessModifier:
|
115
|
+
Enabled: false
|
116
|
+
|
117
|
+
# Offense count: 1
|
118
|
+
# Cop supports --auto-correct.
|
119
|
+
Style/MultilineIfModifier:
|
120
|
+
Exclude:
|
121
|
+
- 'lib/sorcery/providers/line.rb'
|
122
|
+
|
123
|
+
# Offense count: 2
|
124
|
+
# Cop supports --auto-correct.
|
125
|
+
Style/RedundantBegin:
|
126
|
+
Exclude:
|
127
|
+
- 'lib/sorcery/controller.rb'
|
128
|
+
- 'lib/sorcery/model.rb'
|
129
|
+
|
130
|
+
# Offense count: 4
|
131
|
+
# Cop supports --auto-correct.
|
132
|
+
# Configuration parameters: ConvertCodeThatCanStartToReturnNil, AllowedMethods.
|
133
|
+
# AllowedMethods: present?, blank?, presence, try, try!
|
134
|
+
Style/SafeNavigation:
|
135
|
+
Exclude:
|
136
|
+
- 'lib/sorcery/controller/config.rb'
|
137
|
+
- 'lib/sorcery/controller/submodules/brute_force_protection.rb'
|
138
|
+
- 'lib/sorcery/controller/submodules/remember_me.rb'
|
139
|
+
- 'lib/sorcery/model.rb'
|
140
|
+
|
141
|
+
# Offense count: 7
|
142
|
+
# Cop supports --auto-correct.
|
143
|
+
# Configuration parameters: EnforcedStyle, ConsistentQuotesInMultiline.
|
144
|
+
# SupportedStyles: single_quotes, double_quotes
|
145
|
+
Style/StringLiterals:
|
146
|
+
Exclude:
|
147
|
+
- 'spec/controllers/controller_oauth2_spec.rb'
|
148
|
+
- 'spec/sorcery_crypto_providers_spec.rb'
|
149
|
+
|
150
|
+
# Offense count: 1
|
151
|
+
# Cop supports --auto-correct.
|
152
|
+
# Configuration parameters: EnforcedStyle, MinSize.
|
153
|
+
# SupportedStyles: percent, brackets
|
154
|
+
Style/SymbolArray:
|
155
|
+
Exclude:
|
156
|
+
- 'Rakefile'
|
157
|
+
|
158
|
+
# Offense count: 2
|
159
|
+
# Cop supports --auto-correct.
|
160
|
+
Style/UnpackFirst:
|
161
|
+
Exclude:
|
162
|
+
- 'lib/sorcery/crypto_providers/aes256.rb'
|
163
|
+
- 'spec/sorcery_crypto_providers_spec.rb'
|
data/CHANGELOG.md
CHANGED
@@ -1,6 +1,55 @@
|
|
1
1
|
# Changelog
|
2
2
|
## HEAD
|
3
3
|
|
4
|
+
## 0.16.1
|
5
|
+
|
6
|
+
* Fix default table name being incorrect in migration generator [#274](https://github.com/Sorcery/sorcery/pull/274)
|
7
|
+
* Update `oauth` dependency per CVE-2016-11086
|
8
|
+
|
9
|
+
## 0.16.0
|
10
|
+
|
11
|
+
* Add BattleNet Provider [#260](https://github.com/Sorcery/sorcery/pull/260)
|
12
|
+
* Fix failing isolated tests [#249](https://github.com/Sorcery/sorcery/pull/249)
|
13
|
+
* Support LINE login v2.1 [#251](https://github.com/Sorcery/sorcery/pull/251)
|
14
|
+
* Update generators to better support namespaces [#237](https://github.com/Sorcery/sorcery/pull/237)
|
15
|
+
* Add support for Rails 6 [#238](https://github.com/Sorcery/sorcery/pull/238)
|
16
|
+
* Fix ruby 2.7 deprecation warnings [#241](https://github.com/Sorcery/sorcery/pull/241)
|
17
|
+
* Use set to ensure unique arrays [#233](https://github.com/Sorcery/sorcery/pull/233)
|
18
|
+
|
19
|
+
## 0.15.1
|
20
|
+
|
21
|
+
* Update `oauth` dependency per CVE-2016-11086
|
22
|
+
|
23
|
+
## 0.15.0
|
24
|
+
|
25
|
+
* Fix brute force vuln due to callbacks no being ran [#235](https://github.com/Sorcery/sorcery/pull/235)
|
26
|
+
* Revert on_load change due to breaking existing applications [#234](https://github.com/Sorcery/sorcery/pull/234)
|
27
|
+
* Add forget_me! and force_forget_me! test cases [#216](https://github.com/Sorcery/sorcery/pull/216)
|
28
|
+
* In `generic_send_email`, check responds_to [#211](https://github.com/Sorcery/sorcery/pull/211)
|
29
|
+
* Fix typo [#219](https://github.com/Sorcery/sorcery/pull/219)
|
30
|
+
* Fix deprecation warnings in Rails 6 [#209](https://github.com/Sorcery/sorcery/pull/209)
|
31
|
+
* Add ruby 2.6.5 to the travis build [#215](https://github.com/Sorcery/sorcery/pull/215)
|
32
|
+
* Add discord provider [#185](https://github.com/Sorcery/sorcery/pull/185)
|
33
|
+
* Remove MySQL database creation call [#214](https://github.com/Sorcery/sorcery/pull/214)
|
34
|
+
* Use id instead of uid for VK provider [#199](https://github.com/Sorcery/sorcery/pull/199)
|
35
|
+
* Don't :return_t JSON requests after login [#197](https://github.com/Sorcery/sorcery/pull/197)
|
36
|
+
* Fix email scope for LinkedIn Provider [#191](https://github.com/Sorcery/sorcery/pull/191)
|
37
|
+
* Ignore cookies when undefined cookies [#187](https://github.com/Sorcery/sorcery/pull/187)
|
38
|
+
* Allow for custom providers with multi-word class names. [#190](https://github.com/Sorcery/sorcery/pull/190)
|
39
|
+
|
40
|
+
## 0.14.0
|
41
|
+
|
42
|
+
* Update LinkedIn to use OAuth 2 [#189](https://github.com/Sorcery/sorcery/pull/189)
|
43
|
+
* Support the LINE login auth [#80](https://github.com/Sorcery/sorcery/pull/80)
|
44
|
+
* Allow BCrypt to have app-specific secret token [#173](https://github.com/Sorcery/sorcery/pull/173)
|
45
|
+
* Add #change_password method to reset_password module. [#165](https://github.com/Sorcery/sorcery/pull/165)
|
46
|
+
* Clean up initializer comments [#153](https://github.com/Sorcery/sorcery/pull/153)
|
47
|
+
* Allow load_from_magic_login_token to accept a block [#152](https://github.com/Sorcery/sorcery/pull/152)
|
48
|
+
* Fix CipherError class name [#142](https://github.com/Sorcery/sorcery/pull/142)
|
49
|
+
* Fix `update_failed_logins_count` being called twice when login failed [#163](https://github.com/Sorcery/sorcery/pull/163)
|
50
|
+
* Update migration templates to use new hash syntax [#170](https://github.com/Sorcery/sorcery/pull/170)
|
51
|
+
* Support for Rails 4.2 and lower soft-dropped [#171](https://github.com/Sorcery/sorcery/pull/171)
|
52
|
+
|
4
53
|
## 0.13.0
|
5
54
|
|
6
55
|
* Add support for Rails 5.2 / Ruby 2.5 [#129](https://github.com/Sorcery/sorcery/pull/129)
|
data/CODE_OF_CONDUCT.md
ADDED
@@ -0,0 +1,14 @@
|
|
1
|
+
# The Sorcery Community Code of Conduct
|
2
|
+
|
3
|
+
This document provides a few simple community guidelines for a safe, respectful,
|
4
|
+
productive, and collaborative place for any person who is willing to contribute
|
5
|
+
to the Sorcery community. It applies to all "collaborative spaces", which are
|
6
|
+
defined as community communications channels (such as mailing lists, submitted
|
7
|
+
patches, commit comments, etc.).
|
8
|
+
|
9
|
+
* Participants will be tolerant of opposing views.
|
10
|
+
* Participants must ensure that their language and actions are free of personal
|
11
|
+
attacks and disparaging personal remarks.
|
12
|
+
* When interpreting the words and actions of others, participants should always
|
13
|
+
assume good intentions.
|
14
|
+
* Behaviour which can be reasonably considered harassment will not be tolerated.
|
data/Gemfile
CHANGED
data/README.md
CHANGED
@@ -4,7 +4,6 @@
|
|
4
4
|
[![Gem Downloads](https://img.shields.io/gem/dt/sorcery.svg)](https://rubygems.org/gems/sorcery)
|
5
5
|
[![Build Status](https://travis-ci.org/Sorcery/sorcery.svg?branch=master)](https://travis-ci.org/Sorcery/sorcery)
|
6
6
|
[![Code Climate](https://codeclimate.com/github/Sorcery/sorcery.svg)](https://codeclimate.com/github/Sorcery/sorcery)
|
7
|
-
[![Inline docs](http://inch-ci.org/github/Sorcery/sorcery.svg?branch=master)](http://inch-ci.org/github/Sorcery/sorcery)
|
8
7
|
[![Join the chat at https://gitter.im/Sorcery/sorcery](https://badges.gitter.im/join_chat.svg)](https://gitter.im/Sorcery/sorcery?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
|
9
8
|
|
10
9
|
Magical Authentication for Rails. Supports ActiveRecord, DataMapper, Mongoid and MongoMapper.
|
@@ -99,7 +98,8 @@ force_forget_me! # Forgets all sessions by clearing the token, even if remember_
|
|
99
98
|
User.load_from_reset_password_token(token)
|
100
99
|
@user.generate_reset_password_token! # Use if you want to send the email by yourself
|
101
100
|
@user.deliver_reset_password_instructions! # Generates the token and sends the email
|
102
|
-
@user.change_password
|
101
|
+
@user.change_password(new_password)
|
102
|
+
@user.change_password!(new_password) # Same as change_password but raises exception on save
|
103
103
|
```
|
104
104
|
|
105
105
|
### Session Timeout
|
@@ -237,14 +237,14 @@ Feel free to ask questions using these contact details:
|
|
237
237
|
|
238
238
|
**Current Maintainers:**
|
239
239
|
|
240
|
-
-
|
241
|
-
- Josh Buker ([@athix](https://github.com/athix)) | [Email](mailto:jbuker@aeonsplice.com)
|
240
|
+
- Josh Buker ([@athix](https://github.com/athix)) | [Email](mailto:crypto+sorcery@joshbuker.com?subject=Sorcery)
|
242
241
|
|
243
242
|
**Past Maintainers:**
|
244
243
|
|
245
244
|
- Noam Ben-Ari ([@NoamB](https://github.com/NoamB)) | [Email](mailto:nbenari@gmail.com) | [Twitter](https://twitter.com/nbenari)
|
246
245
|
- Kir Shatrov ([@kirs](https://github.com/kirs)) | [Email](mailto:shatrov@me.com) | [Twitter](https://twitter.com/Kiiiir)
|
247
246
|
- Grzegorz Witek ([@arnvald](https://github.com/arnvald)) | [Email](mailto:arnvald.to@gmail.com) | [Twitter](https://twitter.com/arnvald)
|
247
|
+
- Chase Gilliam ([@Ch4s3](https://github.com/Ch4s3)) | [Email](mailto:chase.gilliam@gmail.com)
|
248
248
|
|
249
249
|
## License
|
250
250
|
|
data/Rakefile
CHANGED
data/SECURITY.md
ADDED
@@ -0,0 +1,19 @@
|
|
1
|
+
# Security Policy
|
2
|
+
|
3
|
+
## Supported Versions
|
4
|
+
|
5
|
+
| Version | Supported |
|
6
|
+
| --------- | ------------------ |
|
7
|
+
| ~> 0.16.0 | :white_check_mark: |
|
8
|
+
| ~> 0.15.0 | :white_check_mark: |
|
9
|
+
| < 0.15.0 | :x: |
|
10
|
+
|
11
|
+
## Reporting a Vulnerability
|
12
|
+
|
13
|
+
Email the current maintainer(s) with a description of the vulnerability. You
|
14
|
+
should expect a response within 48 hours. If the vulnerability is accepted, a
|
15
|
+
Github advisory will be created and eventually released with a CVE corresponding
|
16
|
+
to the issue found.
|
17
|
+
|
18
|
+
A list of the current maintainers can be found on the README under the contact
|
19
|
+
section. See: [README.md](https://github.com/Sorcery/sorcery#contact)
|
@@ -12,6 +12,10 @@ module Sorcery
|
|
12
12
|
options[:model] ? options[:model].classify : 'User'
|
13
13
|
end
|
14
14
|
|
15
|
+
def tableized_model_class
|
16
|
+
options[:model] ? options[:model].gsub(/::/, '').tableize : 'users'
|
17
|
+
end
|
18
|
+
|
15
19
|
def model_path
|
16
20
|
@model_path ||= File.join('app', 'models', "#{file_path}.rb")
|
17
21
|
end
|
@@ -1,7 +1,9 @@
|
|
1
1
|
# The first thing you need to configure is which modules you need in your app.
|
2
2
|
# The default is nothing which will include only core features (password encryption, login/logout).
|
3
|
+
#
|
3
4
|
# Available submodules are: :user_activation, :http_basic_auth, :remember_me,
|
4
|
-
# :reset_password, :session_timeout, :brute_force_protection, :activity_logging,
|
5
|
+
# :reset_password, :session_timeout, :brute_force_protection, :activity_logging,
|
6
|
+
# :magic_login, :external
|
5
7
|
Rails.application.config.sorcery.submodules = []
|
6
8
|
|
7
9
|
# Here you can configure each submodule's features.
|
@@ -13,8 +15,8 @@ Rails.application.config.sorcery.configure do |config|
|
|
13
15
|
#
|
14
16
|
# config.not_authenticated_action =
|
15
17
|
|
16
|
-
# When a non logged
|
17
|
-
# the URL he
|
18
|
+
# When a non logged-in user tries to enter a page that requires login, save
|
19
|
+
# the URL he wants to reach, and send him there after login, using 'redirect_back_or_to'.
|
18
20
|
# Default: `true`
|
19
21
|
#
|
20
22
|
# config.save_return_to_url =
|
@@ -46,7 +48,7 @@ Rails.application.config.sorcery.configure do |config|
|
|
46
48
|
#
|
47
49
|
# config.session_timeout_from_last_action =
|
48
50
|
|
49
|
-
# Invalidate active sessions Requires an `invalidate_sessions_before` timestamp column
|
51
|
+
# Invalidate active sessions. Requires an `invalidate_sessions_before` timestamp column
|
50
52
|
# Default: `false`
|
51
53
|
#
|
52
54
|
# config.session_timeout_invalidate_active_sessions_enabled =
|
@@ -58,23 +60,24 @@ Rails.application.config.sorcery.configure do |config|
|
|
58
60
|
# config.controller_to_realm_map =
|
59
61
|
|
60
62
|
# -- activity logging --
|
61
|
-
#
|
63
|
+
# Will register the time of last user login, every login.
|
62
64
|
# Default: `true`
|
63
65
|
#
|
64
66
|
# config.register_login_time =
|
65
67
|
|
66
|
-
#
|
68
|
+
# Will register the time of last user logout, every logout.
|
67
69
|
# Default: `true`
|
68
70
|
#
|
69
71
|
# config.register_logout_time =
|
70
72
|
|
71
|
-
#
|
73
|
+
# Will register the time of last user action, every action.
|
72
74
|
# Default: `true`
|
73
75
|
#
|
74
76
|
# config.register_last_activity_time =
|
75
77
|
|
76
78
|
# -- external --
|
77
|
-
# What providers are supported by this app
|
79
|
+
# What providers are supported by this app
|
80
|
+
# i.e. [:twitter, :facebook, :github, :linkedin, :xing, :google, :liveid, :salesforce, :slack, :line].
|
78
81
|
# Default: `[]`
|
79
82
|
#
|
80
83
|
# config.external_providers =
|
@@ -85,16 +88,19 @@ Rails.application.config.sorcery.configure do |config|
|
|
85
88
|
#
|
86
89
|
# config.ca_file =
|
87
90
|
|
88
|
-
#
|
89
|
-
#
|
90
|
-
#
|
91
|
+
# Linkedin requires r_emailaddress scope to fetch user's email address.
|
92
|
+
# You can skip including the email field if you use an intermediary signup form. (using build_from method).
|
93
|
+
# The r_emailaddress scope is only necessary if you are using the create_from method directly.
|
91
94
|
#
|
92
95
|
# config.linkedin.key = ""
|
93
96
|
# config.linkedin.secret = ""
|
94
97
|
# config.linkedin.callback_url = "http://0.0.0.0:3000/oauth/callback?provider=linkedin"
|
95
|
-
# config.linkedin.
|
96
|
-
#
|
97
|
-
#
|
98
|
+
# config.linkedin.user_info_mapping = {
|
99
|
+
# first_name: 'localizedFirstName',
|
100
|
+
# last_name: 'localizedLastName',
|
101
|
+
# email: 'emailAddress'
|
102
|
+
# }
|
103
|
+
# config.linkedin.scope = "r_liteprofile r_emailaddress"
|
98
104
|
#
|
99
105
|
#
|
100
106
|
# For information about XING API:
|
@@ -107,7 +113,7 @@ Rails.application.config.sorcery.configure do |config|
|
|
107
113
|
#
|
108
114
|
#
|
109
115
|
# Twitter will not accept any requests nor redirect uri containing localhost,
|
110
|
-
#
|
116
|
+
# Make sure you use 0.0.0.0:3000 to access your app in development
|
111
117
|
#
|
112
118
|
# config.twitter.key = ""
|
113
119
|
# config.twitter.secret = ""
|
@@ -159,7 +165,8 @@ Rails.application.config.sorcery.configure do |config|
|
|
159
165
|
# config.google.scope = "https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile"
|
160
166
|
#
|
161
167
|
# For Microsoft Graph, the key will be your App ID, and the secret will be your app password/public key.
|
162
|
-
# The callback URL "can't contain a query string or invalid special characters"
|
168
|
+
# The callback URL "can't contain a query string or invalid special characters"
|
169
|
+
# See: https://docs.microsoft.com/en-us/azure/active-directory/active-directory-v2-limitations#restrictions-on-redirect-uris
|
163
170
|
# More information at https://graph.microsoft.io/en-us/docs
|
164
171
|
#
|
165
172
|
# config.microsoft.key = ""
|
@@ -190,7 +197,7 @@ Rails.application.config.sorcery.configure do |config|
|
|
190
197
|
|
191
198
|
# For information about JIRA API:
|
192
199
|
# https://developer.atlassian.com/display/JIRADEV/JIRA+REST+API+Example+-+OAuth+authentication
|
193
|
-
#
|
200
|
+
# To obtain the consumer key and the public key you can use the jira-ruby gem https://github.com/sumoheavy/jira-ruby
|
194
201
|
# or run openssl req -x509 -nodes -newkey rsa:1024 -sha1 -keyout rsakey.pem -out rsacert.pem to obtain the public key
|
195
202
|
# Make sure you have configured the application link properly
|
196
203
|
|
@@ -203,7 +210,7 @@ Rails.application.config.sorcery.configure do |config|
|
|
203
210
|
# For information about Salesforce API:
|
204
211
|
# https://developer.salesforce.com/signup &
|
205
212
|
# https://www.salesforce.com/us/developer/docs/api_rest/
|
206
|
-
# Salesforce callback_url must be https. You can run the following to generate self-signed ssl cert
|
213
|
+
# Salesforce callback_url must be https. You can run the following to generate self-signed ssl cert:
|
207
214
|
# openssl req -new -newkey rsa:2048 -sha1 -days 365 -nodes -x509 -keyout server.key -out server.crt
|
208
215
|
# Make sure you have configured the application link properly
|
209
216
|
# config.salesforce.key = '123123'
|
@@ -212,230 +219,248 @@ Rails.application.config.sorcery.configure do |config|
|
|
212
219
|
# config.salesforce.scope = "full"
|
213
220
|
# config.salesforce.user_info_mapping = {:email => "email"}
|
214
221
|
|
222
|
+
# config.line.key = ""
|
223
|
+
# config.line.secret = ""
|
224
|
+
# config.line.callback_url = "http://mydomain.com:3000/oauth/callback?provider=line"
|
225
|
+
# config.line.scope = "profile"
|
226
|
+
# config.line.bot_prompt = "normal"
|
227
|
+
# config.line.user_info_mapping = {name: 'displayName'}
|
228
|
+
|
229
|
+
|
230
|
+
# For information about Discord API
|
231
|
+
# https://discordapp.com/developers/docs/topics/oauth2
|
232
|
+
# config.discord.key = "xxxxxx"
|
233
|
+
# config.discord.secret = "xxxxxx"
|
234
|
+
# config.discord.callback_url = "http://localhost:3000/oauth/callback?provider=discord"
|
235
|
+
# config.discord.scope = "email guilds"
|
236
|
+
|
237
|
+
# For information about Battlenet API
|
238
|
+
# https://develop.battle.net/documentation/guides/using-oauth
|
239
|
+
# config.battlenet.site = "https://eu.battle.net/" #See Website for other Regional Domains
|
240
|
+
# config.battlenet.key = "xxxxxx"
|
241
|
+
# config.battlenet.secret = "xxxxxx"
|
242
|
+
# config.battlenet.callback_url = "http://localhost:3000/oauth/callback?provider=battlenet"
|
243
|
+
# config.battlenet.scope = "openid"
|
215
244
|
# --- user config ---
|
216
245
|
config.user_config do |user|
|
217
246
|
# -- core --
|
218
|
-
#
|
247
|
+
# Specify username attributes, for example: [:username, :email].
|
219
248
|
# Default: `[:email]`
|
220
249
|
#
|
221
250
|
# user.username_attribute_names =
|
222
251
|
|
223
|
-
#
|
252
|
+
# Change *virtual* password attribute, the one which is used until an encrypted one is generated.
|
224
253
|
# Default: `:password`
|
225
254
|
#
|
226
255
|
# user.password_attribute_name =
|
227
256
|
|
228
|
-
#
|
257
|
+
# Downcase the username before trying to authenticate, default is false
|
229
258
|
# Default: `false`
|
230
259
|
#
|
231
260
|
# user.downcase_username_before_authenticating =
|
232
261
|
|
233
|
-
#
|
262
|
+
# Change default email attribute.
|
234
263
|
# Default: `:email`
|
235
264
|
#
|
236
265
|
# user.email_attribute_name =
|
237
266
|
|
238
|
-
#
|
267
|
+
# Change default crypted_password attribute.
|
239
268
|
# Default: `:crypted_password`
|
240
269
|
#
|
241
270
|
# user.crypted_password_attribute_name =
|
242
271
|
|
243
|
-
#
|
272
|
+
# What pattern to use to join the password with the salt
|
244
273
|
# Default: `""`
|
245
274
|
#
|
246
275
|
# user.salt_join_token =
|
247
276
|
|
248
|
-
#
|
277
|
+
# Change default salt attribute.
|
249
278
|
# Default: `:salt`
|
250
279
|
#
|
251
280
|
# user.salt_attribute_name =
|
252
281
|
|
253
|
-
#
|
282
|
+
# How many times to apply encryption to the password.
|
254
283
|
# Default: 1 in test env, `nil` otherwise
|
255
284
|
#
|
256
285
|
user.stretches = 1 if Rails.env.test?
|
257
286
|
|
258
|
-
#
|
287
|
+
# Encryption key used to encrypt reversible encryptions such as AES256.
|
259
288
|
# WARNING: If used for users' passwords, changing this key will leave passwords undecryptable!
|
260
289
|
# Default: `nil`
|
261
290
|
#
|
262
291
|
# user.encryption_key =
|
263
292
|
|
264
|
-
#
|
293
|
+
# Use an external encryption class.
|
265
294
|
# Default: `nil`
|
266
295
|
#
|
267
296
|
# user.custom_encryption_provider =
|
268
297
|
|
269
|
-
#
|
298
|
+
# Encryption algorithm name. See 'encryption_algorithm=' for available options.
|
270
299
|
# Default: `:bcrypt`
|
271
300
|
#
|
272
301
|
# user.encryption_algorithm =
|
273
302
|
|
274
|
-
#
|
303
|
+
# Make this configuration inheritable for subclasses. Useful for ActiveRecord's STI.
|
275
304
|
# Default: `false`
|
276
305
|
#
|
277
306
|
# user.subclasses_inherit_config =
|
278
307
|
|
279
308
|
# -- remember_me --
|
280
309
|
# How long in seconds the session length will be
|
281
|
-
# Default: `
|
310
|
+
# Default: `60 * 60 * 24 * 7`
|
282
311
|
#
|
283
312
|
# user.remember_me_for =
|
284
313
|
|
285
|
-
#
|
286
|
-
# logins/logouts (
|
314
|
+
# When true, sorcery will persist a single remember me token for all
|
315
|
+
# logins/logouts (to support remembering on multiple browsers simultaneously).
|
287
316
|
# Default: false
|
288
317
|
#
|
289
318
|
# user.remember_me_token_persist_globally =
|
290
319
|
|
291
320
|
# -- user_activation --
|
292
|
-
#
|
321
|
+
# The attribute name to hold activation state (active/pending).
|
293
322
|
# Default: `:activation_state`
|
294
323
|
#
|
295
324
|
# user.activation_state_attribute_name =
|
296
325
|
|
297
|
-
#
|
326
|
+
# The attribute name to hold activation code (sent by email).
|
298
327
|
# Default: `:activation_token`
|
299
328
|
#
|
300
329
|
# user.activation_token_attribute_name =
|
301
330
|
|
302
|
-
#
|
331
|
+
# The attribute name to hold activation code expiration date.
|
303
332
|
# Default: `:activation_token_expires_at`
|
304
333
|
#
|
305
334
|
# user.activation_token_expires_at_attribute_name =
|
306
335
|
|
307
|
-
#
|
336
|
+
# How many seconds before the activation code expires. nil for never expires.
|
308
337
|
# Default: `nil`
|
309
338
|
#
|
310
339
|
# user.activation_token_expiration_period =
|
311
340
|
|
312
|
-
#
|
341
|
+
# REQUIRED:
|
342
|
+
# User activation mailer class.
|
313
343
|
# Default: `nil`
|
314
344
|
#
|
315
345
|
# user.user_activation_mailer =
|
316
346
|
|
317
|
-
#
|
318
|
-
#
|
319
|
-
# manually handle how and when email is sent.
|
347
|
+
# When true, sorcery will not automatically
|
348
|
+
# send the activation details email, and allow you to
|
349
|
+
# manually handle how and when the email is sent.
|
320
350
|
# Default: `false`
|
321
351
|
#
|
322
352
|
# user.activation_mailer_disabled =
|
323
353
|
|
324
|
-
#
|
354
|
+
# Method to send email related
|
325
355
|
# options: `:deliver_later`, `:deliver_now`, `:deliver`
|
326
356
|
# Default: :deliver (Rails version < 4.2) or :deliver_now (Rails version 4.2+)
|
327
357
|
#
|
328
358
|
# user.email_delivery_method =
|
329
359
|
|
330
|
-
#
|
360
|
+
# Activation needed email method on your mailer class.
|
331
361
|
# Default: `:activation_needed_email`
|
332
362
|
#
|
333
363
|
# user.activation_needed_email_method_name =
|
334
364
|
|
335
|
-
#
|
365
|
+
# Activation success email method on your mailer class.
|
336
366
|
# Default: `:activation_success_email`
|
337
367
|
#
|
338
368
|
# user.activation_success_email_method_name =
|
339
369
|
|
340
|
-
#
|
370
|
+
# Do you want to prevent users who did not activate by email from logging in?
|
341
371
|
# Default: `true`
|
342
372
|
#
|
343
373
|
# user.prevent_non_active_users_to_login =
|
344
374
|
|
345
375
|
# -- reset_password --
|
346
|
-
# reset
|
376
|
+
# Password reset token attribute name.
|
347
377
|
# Default: `:reset_password_token`
|
348
378
|
#
|
349
379
|
# user.reset_password_token_attribute_name =
|
350
380
|
|
351
|
-
#
|
381
|
+
# Password token expiry attribute name.
|
352
382
|
# Default: `:reset_password_token_expires_at`
|
353
383
|
#
|
354
384
|
# user.reset_password_token_expires_at_attribute_name =
|
355
385
|
|
356
|
-
#
|
386
|
+
# When was password reset email sent. Used for hammering protection.
|
357
387
|
# Default: `:reset_password_email_sent_at`
|
358
388
|
#
|
359
389
|
# user.reset_password_email_sent_at_attribute_name =
|
360
390
|
|
361
|
-
#
|
391
|
+
# REQUIRED:
|
392
|
+
# Password reset mailer class.
|
362
393
|
# Default: `nil`
|
363
394
|
#
|
364
395
|
# user.reset_password_mailer =
|
365
396
|
|
366
|
-
#
|
397
|
+
# Reset password email method on your mailer class.
|
367
398
|
# Default: `:reset_password_email`
|
368
399
|
#
|
369
400
|
# user.reset_password_email_method_name =
|
370
401
|
|
371
|
-
#
|
372
|
-
#
|
373
|
-
# manually handle how and when email is sent
|
402
|
+
# When true, sorcery will not automatically
|
403
|
+
# send the password reset details email, and allow you to
|
404
|
+
# manually handle how and when the email is sent
|
374
405
|
# Default: `false`
|
375
406
|
#
|
376
407
|
# user.reset_password_mailer_disabled =
|
377
408
|
|
378
|
-
#
|
409
|
+
# How many seconds before the reset request expires. nil for never expires.
|
379
410
|
# Default: `nil`
|
380
411
|
#
|
381
412
|
# user.reset_password_expiration_period =
|
382
413
|
|
383
|
-
#
|
414
|
+
# Hammering protection: how long in seconds to wait before allowing another email to be sent.
|
384
415
|
# Default: `5 * 60`
|
385
416
|
#
|
386
417
|
# user.reset_password_time_between_emails =
|
387
|
-
|
388
|
-
#
|
418
|
+
|
419
|
+
# Access counter to a reset password page attribute name
|
389
420
|
# Default: `:access_count_to_reset_password_page`
|
390
421
|
#
|
391
422
|
# user.reset_password_page_access_count_attribute_name =
|
392
423
|
|
393
424
|
# -- magic_login --
|
394
|
-
#
|
425
|
+
# Magic login code attribute name.
|
395
426
|
# Default: `:magic_login_token`
|
396
427
|
#
|
397
428
|
# user.magic_login_token_attribute_name =
|
398
429
|
|
399
|
-
|
400
|
-
# expires at attribute name.
|
430
|
+
# Magic login expiry attribute name.
|
401
431
|
# Default: `:magic_login_token_expires_at`
|
402
432
|
#
|
403
433
|
# user.magic_login_token_expires_at_attribute_name =
|
404
434
|
|
405
|
-
|
406
|
-
# when was email sent, used for hammering protection.
|
435
|
+
# When was magic login email sent — used for hammering protection.
|
407
436
|
# Default: `:magic_login_email_sent_at`
|
408
437
|
#
|
409
438
|
# user.magic_login_email_sent_at_attribute_name =
|
410
439
|
|
411
|
-
|
412
|
-
# mailer class.
|
440
|
+
# REQUIRED:
|
441
|
+
# Magic login mailer class.
|
413
442
|
# Default: `nil`
|
414
443
|
#
|
415
444
|
# user.magic_login_mailer_class =
|
416
445
|
|
417
|
-
|
418
|
-
# magic login email method on your mailer class.
|
446
|
+
# Magic login email method on your mailer class.
|
419
447
|
# Default: `:magic_login_email`
|
420
448
|
#
|
421
449
|
# user.magic_login_email_method_name =
|
422
450
|
|
423
|
-
|
424
|
-
#
|
425
|
-
#
|
426
|
-
# manually handle how and when email is sent
|
451
|
+
# When true, sorcery will not automatically
|
452
|
+
# send magic login details email, and allow you to
|
453
|
+
# manually handle how and when the email is sent
|
427
454
|
# Default: `true`
|
428
455
|
#
|
429
456
|
# user.magic_login_mailer_disabled =
|
430
457
|
|
431
|
-
|
432
|
-
# how many seconds before the request expires. nil for never expires.
|
458
|
+
# How many seconds before the request expires. nil for never expires.
|
433
459
|
# Default: `nil`
|
434
460
|
#
|
435
461
|
# user.magic_login_expiration_period =
|
436
462
|
|
437
|
-
|
438
|
-
# hammering protection, how long in seconds to wait before allowing another email to be sent.
|
463
|
+
# Hammering protection: how long in seconds to wait before allowing another email to be sent.
|
439
464
|
# Default: `5 * 60`
|
440
465
|
#
|
441
466
|
# user.magic_login_time_between_emails =
|
@@ -451,12 +476,12 @@ Rails.application.config.sorcery.configure do |config|
|
|
451
476
|
#
|
452
477
|
# user.lock_expires_at_attribute_name =
|
453
478
|
|
454
|
-
# How many failed logins allowed.
|
479
|
+
# How many failed logins are allowed.
|
455
480
|
# Default: `50`
|
456
481
|
#
|
457
482
|
# user.consecutive_login_retries_amount_limit =
|
458
483
|
|
459
|
-
# How long the user should be banned
|
484
|
+
# How long the user should be banned, in seconds. 0 for permanent.
|
460
485
|
# Default: `60 * 60`
|
461
486
|
#
|
462
487
|
# user.login_lock_time_period =
|
@@ -471,16 +496,17 @@ Rails.application.config.sorcery.configure do |config|
|
|
471
496
|
#
|
472
497
|
# user.unlock_token_email_method_name =
|
473
498
|
|
474
|
-
#
|
475
|
-
# send email with unlock token
|
499
|
+
# When true, sorcery will not automatically
|
500
|
+
# send email with the unlock token
|
476
501
|
# Default: `false`
|
477
502
|
#
|
478
503
|
# user.unlock_token_mailer_disabled = true
|
479
504
|
|
480
|
-
#
|
505
|
+
# REQUIRED:
|
506
|
+
# Unlock token mailer class.
|
481
507
|
# Default: `nil`
|
482
508
|
#
|
483
|
-
# user.unlock_token_mailer =
|
509
|
+
# user.unlock_token_mailer =
|
484
510
|
|
485
511
|
# -- activity logging --
|
486
512
|
# Last login attribute name.
|
@@ -498,7 +524,7 @@ Rails.application.config.sorcery.configure do |config|
|
|
498
524
|
#
|
499
525
|
# user.last_activity_at_attribute_name =
|
500
526
|
|
501
|
-
# How long since last activity
|
527
|
+
# How long since user's last activity will they be considered logged out?
|
502
528
|
# Default: `10 * 60`
|
503
529
|
#
|
504
530
|
# user.activity_timeout =
|
@@ -509,17 +535,17 @@ Rails.application.config.sorcery.configure do |config|
|
|
509
535
|
#
|
510
536
|
# user.authentications_class =
|
511
537
|
|
512
|
-
# User's identifier in authentications class.
|
538
|
+
# User's identifier in the `authentications` class.
|
513
539
|
# Default: `:user_id`
|
514
540
|
#
|
515
541
|
# user.authentications_user_id_attribute_name =
|
516
542
|
|
517
|
-
# Provider's identifier in authentications class.
|
543
|
+
# Provider's identifier in the `authentications` class.
|
518
544
|
# Default: `:provider`
|
519
545
|
#
|
520
546
|
# user.provider_attribute_name =
|
521
547
|
|
522
|
-
# User's external unique identifier in authentications class.
|
548
|
+
# User's external unique identifier in the `authentications` class.
|
523
549
|
# Default: `:uid`
|
524
550
|
#
|
525
551
|
# user.provider_uid_attribute_name =
|
@@ -527,5 +553,5 @@ Rails.application.config.sorcery.configure do |config|
|
|
527
553
|
|
528
554
|
# This line must come after the 'user config' block.
|
529
555
|
# Define which model authenticates with sorcery.
|
530
|
-
config.user_class =
|
556
|
+
config.user_class = "<%= model_class_name %>"
|
531
557
|
end
|