sorcery 0.16.1 → 0.18.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +33 -1
- data/README.md +9 -8
- data/lib/generators/sorcery/helpers.rb +1 -1
- data/lib/generators/sorcery/install_generator.rb +9 -11
- data/lib/generators/sorcery/templates/initializer.rb +34 -10
- data/lib/generators/sorcery/templates/migration/core.rb +1 -3
- data/lib/sorcery/adapters/active_record_adapter.rb +12 -14
- data/lib/sorcery/adapters/mongoid_adapter.rb +7 -9
- data/lib/sorcery/controller/config.rb +27 -29
- data/lib/sorcery/controller/submodules/activity_logging.rb +4 -7
- data/lib/sorcery/controller/submodules/brute_force_protection.rb +4 -1
- data/lib/sorcery/controller/submodules/external.rb +12 -12
- data/lib/sorcery/controller/submodules/http_basic_auth.rb +7 -2
- data/lib/sorcery/controller/submodules/remember_me.rb +2 -1
- data/lib/sorcery/controller/submodules/session_timeout.rb +2 -2
- data/lib/sorcery/controller.rb +37 -19
- data/lib/sorcery/crypto_providers/aes256.rb +4 -2
- data/lib/sorcery/crypto_providers/bcrypt.rb +2 -1
- data/lib/sorcery/crypto_providers/md5.rb +1 -0
- data/lib/sorcery/crypto_providers/sha1.rb +1 -0
- data/lib/sorcery/crypto_providers/sha256.rb +1 -0
- data/lib/sorcery/crypto_providers/sha512.rb +1 -0
- data/lib/sorcery/engine.rb +6 -4
- data/lib/sorcery/errors.rb +10 -0
- data/lib/sorcery/model/config.rb +20 -31
- data/lib/sorcery/model/submodules/activity_logging.rb +8 -6
- data/lib/sorcery/model/submodules/brute_force_protection.rb +16 -14
- data/lib/sorcery/model/submodules/external.rb +8 -10
- data/lib/sorcery/model/submodules/magic_login.rb +8 -4
- data/lib/sorcery/model/submodules/remember_me.rb +3 -3
- data/lib/sorcery/model/submodules/reset_password.rb +23 -13
- data/lib/sorcery/model/submodules/user_activation.rb +19 -17
- data/lib/sorcery/model/temporary_token.rb +5 -5
- data/lib/sorcery/model.rb +29 -28
- data/lib/sorcery/protocols/oauth2.rb +1 -0
- data/lib/sorcery/providers/base.rb +1 -1
- data/lib/sorcery/providers/facebook.rb +2 -2
- data/lib/sorcery/providers/github.rb +3 -3
- data/lib/sorcery/providers/heroku.rb +1 -2
- data/lib/sorcery/providers/jira.rb +3 -2
- data/lib/sorcery/providers/line.rb +2 -4
- data/lib/sorcery/providers/microsoft.rb +1 -1
- data/lib/sorcery/providers/slack.rb +1 -1
- data/lib/sorcery/providers/twitter.rb +2 -2
- data/lib/sorcery/providers/vk.rb +4 -4
- data/lib/sorcery/providers/xing.rb +3 -2
- data/lib/sorcery/test_helpers/internal/rails.rb +5 -22
- data/lib/sorcery/test_helpers/internal.rb +4 -6
- data/lib/sorcery/test_helpers/rails/integration.rb +1 -1
- data/lib/sorcery/test_helpers/rails/request.rb +1 -1
- data/lib/sorcery/version.rb +1 -1
- data/lib/sorcery.rb +6 -1
- metadata +23 -157
- data/.document +0 -5
- data/.github/FUNDING.yml +0 -1
- data/.github/ISSUE_TEMPLATE.md +0 -20
- data/.github/PULL_REQUEST_TEMPLATE.md +0 -5
- data/.github/workflows/ruby.yml +0 -49
- data/.gitignore +0 -59
- data/.rspec +0 -1
- data/.rubocop.yml +0 -55
- data/.rubocop_todo.yml +0 -163
- data/CODE_OF_CONDUCT.md +0 -14
- data/Gemfile +0 -8
- data/Rakefile +0 -8
- data/SECURITY.md +0 -19
- data/gemfiles/rails_52.gemfile +0 -7
- data/gemfiles/rails_60.gemfile +0 -7
- data/sorcery.gemspec +0 -49
- data/spec/active_record/user_activation_spec.rb +0 -17
- data/spec/active_record/user_activity_logging_spec.rb +0 -15
- data/spec/active_record/user_brute_force_protection_spec.rb +0 -15
- data/spec/active_record/user_magic_login_spec.rb +0 -15
- data/spec/active_record/user_oauth_spec.rb +0 -15
- data/spec/active_record/user_remember_me_spec.rb +0 -15
- data/spec/active_record/user_reset_password_spec.rb +0 -15
- data/spec/active_record/user_spec.rb +0 -27
- data/spec/controllers/controller_activity_logging_spec.rb +0 -113
- data/spec/controllers/controller_brute_force_protection_spec.rb +0 -41
- data/spec/controllers/controller_http_basic_auth_spec.rb +0 -67
- data/spec/controllers/controller_oauth2_spec.rb +0 -568
- data/spec/controllers/controller_oauth_spec.rb +0 -266
- data/spec/controllers/controller_remember_me_spec.rb +0 -130
- data/spec/controllers/controller_session_timeout_spec.rb +0 -166
- data/spec/controllers/controller_spec.rb +0 -194
- data/spec/orm/active_record.rb +0 -21
- data/spec/providers/example_provider_spec.rb +0 -17
- data/spec/providers/example_spec.rb +0 -17
- data/spec/providers/vk_spec.rb +0 -42
- data/spec/rails_app/app/active_record/authentication.rb +0 -3
- data/spec/rails_app/app/active_record/user.rb +0 -5
- data/spec/rails_app/app/active_record/user_provider.rb +0 -3
- data/spec/rails_app/app/assets/config/manifest.js +0 -1
- data/spec/rails_app/app/controllers/application_controller.rb +0 -2
- data/spec/rails_app/app/controllers/sorcery_controller.rb +0 -489
- data/spec/rails_app/app/helpers/application_helper.rb +0 -2
- data/spec/rails_app/app/mailers/sorcery_mailer.rb +0 -38
- data/spec/rails_app/app/views/application/index.html.erb +0 -17
- data/spec/rails_app/app/views/layouts/application.html.erb +0 -14
- data/spec/rails_app/app/views/sorcery_mailer/activation_email.html.erb +0 -17
- data/spec/rails_app/app/views/sorcery_mailer/activation_email.text.erb +0 -9
- data/spec/rails_app/app/views/sorcery_mailer/activation_needed_email.html.erb +0 -17
- data/spec/rails_app/app/views/sorcery_mailer/activation_success_email.html.erb +0 -17
- data/spec/rails_app/app/views/sorcery_mailer/activation_success_email.text.erb +0 -9
- data/spec/rails_app/app/views/sorcery_mailer/magic_login_email.html.erb +0 -13
- data/spec/rails_app/app/views/sorcery_mailer/magic_login_email.text.erb +0 -6
- data/spec/rails_app/app/views/sorcery_mailer/reset_password_email.html.erb +0 -16
- data/spec/rails_app/app/views/sorcery_mailer/reset_password_email.text.erb +0 -8
- data/spec/rails_app/app/views/sorcery_mailer/send_unlock_token_email.text.erb +0 -1
- data/spec/rails_app/config/application.rb +0 -61
- data/spec/rails_app/config/boot.rb +0 -4
- data/spec/rails_app/config/database.yml +0 -22
- data/spec/rails_app/config/environment.rb +0 -5
- data/spec/rails_app/config/environments/test.rb +0 -37
- data/spec/rails_app/config/initializers/backtrace_silencers.rb +0 -7
- data/spec/rails_app/config/initializers/compatible_legacy_migration.rb +0 -11
- data/spec/rails_app/config/initializers/inflections.rb +0 -10
- data/spec/rails_app/config/initializers/mime_types.rb +0 -5
- data/spec/rails_app/config/initializers/session_store.rb +0 -12
- data/spec/rails_app/config/locales/en.yml +0 -5
- data/spec/rails_app/config/routes.rb +0 -81
- data/spec/rails_app/config/secrets.yml +0 -4
- data/spec/rails_app/config.ru +0 -4
- data/spec/rails_app/db/migrate/activation/20101224223622_add_activation_to_users.rb +0 -17
- data/spec/rails_app/db/migrate/activity_logging/20101224223624_add_activity_logging_to_users.rb +0 -19
- data/spec/rails_app/db/migrate/brute_force_protection/20101224223626_add_brute_force_protection_to_users.rb +0 -13
- data/spec/rails_app/db/migrate/core/20101224223620_create_users.rb +0 -16
- data/spec/rails_app/db/migrate/external/20101224223628_create_authentications_and_user_providers.rb +0 -22
- data/spec/rails_app/db/migrate/invalidate_active_sessions/20180221093235_add_invalidate_active_sessions_before_to_users.rb +0 -9
- data/spec/rails_app/db/migrate/magic_login/20170924151831_add_magic_login_to_users.rb +0 -17
- data/spec/rails_app/db/migrate/remember_me/20101224223623_add_remember_me_token_to_users.rb +0 -15
- data/spec/rails_app/db/migrate/reset_password/20101224223622_add_reset_password_to_users.rb +0 -15
- data/spec/rails_app/db/schema.rb +0 -21
- data/spec/rails_app/db/seeds.rb +0 -7
- data/spec/shared_examples/user_activation_shared_examples.rb +0 -361
- data/spec/shared_examples/user_activity_logging_shared_examples.rb +0 -106
- data/spec/shared_examples/user_brute_force_protection_shared_examples.rb +0 -151
- data/spec/shared_examples/user_magic_login_shared_examples.rb +0 -150
- data/spec/shared_examples/user_oauth_shared_examples.rb +0 -33
- data/spec/shared_examples/user_remember_me_shared_examples.rb +0 -129
- data/spec/shared_examples/user_reset_password_shared_examples.rb +0 -358
- data/spec/shared_examples/user_shared_examples.rb +0 -678
- data/spec/sorcery_crypto_providers_spec.rb +0 -245
- data/spec/sorcery_temporary_token_spec.rb +0 -27
- data/spec/spec.opts +0 -2
- data/spec/spec_helper.rb +0 -50
- data/spec/support/migration_helper.rb +0 -29
- data/spec/support/providers/example.rb +0 -11
- data/spec/support/providers/example_provider.rb +0 -11
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: e7509bf9580f3d4e579673961938754bac00a886623769bc36256ceae03afaf1
|
|
4
|
+
data.tar.gz: 0d3c7604e272b2e1adc7b30f5baa6ddcedd8b164d711e2b673a2b62810e054a5
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: c9a62852a6395dc2460fe1262752cd3a9d1934964b4e2dc5e8422bd39431515f7d21b7b0f2bb3cf9d1f1aace5c20b19897b54d56c229acf38193842127312f95
|
|
7
|
+
data.tar.gz: 4410f00144bfba291b84225f9c7f81e5e7d518b27b5c460558f94c4434c5263e8e1c2ad0004f811e0d295f7d580a0cc3e4344490fe59efdd2eb795389faa3d31
|
data/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,37 @@
|
|
|
1
1
|
# Changelog
|
|
2
|
-
|
|
2
|
+
|
|
3
|
+
**Note: As of version 0.17.0, we no longer maintain this CHANGELOG.md file manually. For the latest changes and release notes, please refer to [GitHub Releases](https://github.com/Sorcery/sorcery/releases).**
|
|
4
|
+
|
|
5
|
+
This file contains historical changelog entries for reference. New releases and their changes are documented in GitHub Releases.
|
|
6
|
+
|
|
7
|
+
## 0.17.0
|
|
8
|
+
|
|
9
|
+
* Fix Rails 7.1 compatibility by using `ActiveRecord.timestamped_migrations` [#352](https://github.com/Sorcery/sorcery/pull/352)
|
|
10
|
+
* Change CI settings for support Ruby3.0+ Rails6.1+ [#357](https://github.com/Sorcery/sorcery/pull/357)
|
|
11
|
+
* Fix error when running the install generator [#339](https://github.com/Sorcery/sorcery/pull/339)
|
|
12
|
+
|
|
13
|
+
## 0.16.5
|
|
14
|
+
|
|
15
|
+
* Raise ArgumentError when calling change_password! with blank password [#333](https://github.com/Sorcery/sorcery/pull/333)
|
|
16
|
+
* Update auth_scheme to oauth2 v1 defaults per v2 breaking changes [#341](https://github.com/Sorcery/sorcery/pull/341)
|
|
17
|
+
|
|
18
|
+
## 0.16.4
|
|
19
|
+
|
|
20
|
+
* Adapt to open request protection strategy of rails 7.0 [#318](https://github.com/Sorcery/sorcery/pull/318)
|
|
21
|
+
* Update OAuth2 gem to v2 per v1 deprecation [#323](https://github.com/Sorcery/sorcery/pull/323)
|
|
22
|
+
* Fixed typo in error message [#310](https://github.com/Sorcery/sorcery/pull/310)
|
|
23
|
+
|
|
24
|
+
## 0.16.3
|
|
25
|
+
|
|
26
|
+
* Fix provider instantiation for plural provider names (eg. okta) [#305](https://github.com/Sorcery/sorcery/pull/305)
|
|
27
|
+
|
|
28
|
+
## 0.16.2
|
|
29
|
+
|
|
30
|
+
* Inline core migration index definition [#281](https://github.com/Sorcery/sorcery/pull/281)
|
|
31
|
+
* Add missing remember_me attributes to config [#180](https://github.com/Sorcery/sorcery/pull/180)
|
|
32
|
+
* Fix MongoID adapter breaking on save [#284](https://github.com/Sorcery/sorcery/pull/284)
|
|
33
|
+
* Don't pass token to Slack in query params. Prevents 'invalid_auth' error [#287](https://github.com/Sorcery/sorcery/pull/287)
|
|
34
|
+
* Fix valid_password? not using configured values when called alone [#293](https://github.com/Sorcery/sorcery/pull/293)
|
|
3
35
|
|
|
4
36
|
## 0.16.1
|
|
5
37
|
|
data/README.md
CHANGED
|
@@ -2,9 +2,7 @@
|
|
|
2
2
|
|
|
3
3
|
[](https://rubygems.org/gems/sorcery)
|
|
4
4
|
[](https://rubygems.org/gems/sorcery)
|
|
5
|
-
[](https://codeclimate.com/github/Sorcery/sorcery)
|
|
7
|
-
[](https://gitter.im/Sorcery/sorcery?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
|
|
5
|
+
[](https://github.com/Sorcery/sorcery/actions/workflows/ruby.yml)
|
|
8
6
|
|
|
9
7
|
Magical Authentication for Rails. Supports ActiveRecord, DataMapper, Mongoid and MongoMapper.
|
|
10
8
|
|
|
@@ -57,6 +55,7 @@ explaining and the rest are commented:
|
|
|
57
55
|
```ruby
|
|
58
56
|
require_login # This is a before action
|
|
59
57
|
login(email, password, remember_me = false)
|
|
58
|
+
login!(email, password, remember_me = false) # Raises a `Sorcery::InvalidCredentials` exception on failure
|
|
60
59
|
auto_login(user) # Login without credentials
|
|
61
60
|
logout
|
|
62
61
|
logged_in? # Available in views
|
|
@@ -237,14 +236,16 @@ Feel free to ask questions using these contact details:
|
|
|
237
236
|
|
|
238
237
|
**Current Maintainers:**
|
|
239
238
|
|
|
240
|
-
-
|
|
239
|
+
- Shinichi Maeshima ([@willnet](https://github.com/willnet)) | [Email](mailto:netwillnet+sorcery@gmail.com?subject=Sorcery)
|
|
240
|
+
- Brendon Muir ([@brendon](https://github.com/brendon)) | [Email](mailto:brendon+sorcery@spike.net.nz?subject=Sorcery)
|
|
241
241
|
|
|
242
242
|
**Past Maintainers:**
|
|
243
243
|
|
|
244
|
-
-
|
|
245
|
-
-
|
|
246
|
-
-
|
|
247
|
-
-
|
|
244
|
+
- Josh Buker ([@joshbuker](https://github.com/joshbuker)) | [Email](mailto:github-profile+sorcery@joshbuker.com?subject=Sorcery)
|
|
245
|
+
- Noam Ben-Ari ([@NoamB](https://github.com/NoamB)) | [Email](mailto:nbenari+sorcery@gmail.com?subject=Sorcery) | [Twitter](https://twitter.com/nbenari)
|
|
246
|
+
- Kir Shatrov ([@kirs](https://github.com/kirs)) | [Email](mailto:shatrov+sorcery@me.com?subject=Sorcery) | [Twitter](https://twitter.com/Kiiiir)
|
|
247
|
+
- Grzegorz Witek ([@arnvald](https://github.com/arnvald)) | [Email](mailto:arnvald.to+sorcery@gmail.com?subject=Sorcery) | [Twitter](https://twitter.com/arnvald)
|
|
248
|
+
- Chase Gilliam ([@Ch4s3](https://github.com/Ch4s3)) | [Email](mailto:chase.gilliam+sorcery@gmail.com?subject=Sorcery)
|
|
248
249
|
|
|
249
250
|
## License
|
|
250
251
|
|
|
@@ -4,6 +4,7 @@ require 'generators/sorcery/helpers'
|
|
|
4
4
|
module Sorcery
|
|
5
5
|
module Generators
|
|
6
6
|
class InstallGenerator < Rails::Generators::Base
|
|
7
|
+
EXCLUDED_SUBMODULES = %w[http_basic_auth session_timeout core].freeze
|
|
7
8
|
include Rails::Generators::Migration
|
|
8
9
|
include Sorcery::Generators::Helpers
|
|
9
10
|
|
|
@@ -35,7 +36,7 @@ module Sorcery
|
|
|
35
36
|
# Add submodules to the initializer file.
|
|
36
37
|
return unless submodules
|
|
37
38
|
|
|
38
|
-
submodule_names = submodules.collect { |submodule|
|
|
39
|
+
submodule_names = submodules.collect { |submodule| ":#{submodule}" }
|
|
39
40
|
|
|
40
41
|
gsub_file sorcery_config_path, /submodules = \[.*\]/ do |str|
|
|
41
42
|
current_submodule_names = (str =~ /\[(.*)\]/ ? Regexp.last_match(1) : '').delete(' ').split(',')
|
|
@@ -48,7 +49,6 @@ module Sorcery
|
|
|
48
49
|
return if only_submodules?
|
|
49
50
|
|
|
50
51
|
generate "model #{model_class_name} --skip-migration"
|
|
51
|
-
inject_sorcery_to_model
|
|
52
52
|
end
|
|
53
53
|
|
|
54
54
|
def inject_sorcery_to_model
|
|
@@ -62,12 +62,14 @@ module Sorcery
|
|
|
62
62
|
# Copy core migration file in all cases except when you pass --only-submodules.
|
|
63
63
|
return unless defined?(ActiveRecord)
|
|
64
64
|
|
|
65
|
-
|
|
65
|
+
unless only_submodules?
|
|
66
|
+
migration_template 'migration/core.rb', 'db/migrate/sorcery_core.rb', migration_class_name: migration_class_name
|
|
67
|
+
end
|
|
66
68
|
|
|
67
69
|
return unless submodules
|
|
68
70
|
|
|
69
71
|
submodules.each do |submodule|
|
|
70
|
-
unless
|
|
72
|
+
unless EXCLUDED_SUBMODULES.include?(submodule)
|
|
71
73
|
migration_template "migration/#{submodule}.rb", "db/migrate/sorcery_#{submodule}.rb", migration_class_name: migration_class_name
|
|
72
74
|
end
|
|
73
75
|
end
|
|
@@ -75,11 +77,11 @@ module Sorcery
|
|
|
75
77
|
|
|
76
78
|
# Define the next_migration_number method (necessary for the migration_template method to work)
|
|
77
79
|
def self.next_migration_number(dirname)
|
|
78
|
-
if ActiveRecord
|
|
80
|
+
if ActiveRecord.timestamped_migrations
|
|
79
81
|
sleep 1 # make sure each time we get a different timestamp
|
|
80
82
|
Time.new.utc.strftime('%Y%m%d%H%M%S')
|
|
81
83
|
else
|
|
82
|
-
format('%.3d',
|
|
84
|
+
format('%.3d', current_migration_number(dirname) + 1)
|
|
83
85
|
end
|
|
84
86
|
end
|
|
85
87
|
|
|
@@ -90,11 +92,7 @@ module Sorcery
|
|
|
90
92
|
end
|
|
91
93
|
|
|
92
94
|
def migration_class_name
|
|
93
|
-
|
|
94
|
-
"ActiveRecord::Migration[#{Rails::VERSION::MAJOR}.#{Rails::VERSION::MINOR}]"
|
|
95
|
-
else
|
|
96
|
-
'ActiveRecord::Migration'
|
|
97
|
-
end
|
|
95
|
+
"ActiveRecord::Migration[#{Rails::VERSION::MAJOR}.#{Rails::VERSION::MINOR}]"
|
|
98
96
|
end
|
|
99
97
|
end
|
|
100
98
|
end
|
|
@@ -16,11 +16,20 @@ Rails.application.config.sorcery.configure do |config|
|
|
|
16
16
|
# config.not_authenticated_action =
|
|
17
17
|
|
|
18
18
|
# When a non logged-in user tries to enter a page that requires login, save
|
|
19
|
-
# the URL he wants to reach, and send him there after login, using '
|
|
19
|
+
# the URL he wants to reach, and send him there after login, using 'redirect_to_before_login_path'.
|
|
20
20
|
# Default: `true`
|
|
21
21
|
#
|
|
22
22
|
# config.save_return_to_url =
|
|
23
23
|
|
|
24
|
+
# Set whether to use 'redirect_back_or_to' defined in Rails 7.
|
|
25
|
+
# Rails 7 released a new method called 'redirect_back_or_to' as a replacement for 'redirect_back'.
|
|
26
|
+
# That may conflict with the method by the same name defined by Sorcery.
|
|
27
|
+
# If you set this option to true, Sorcery's 'redirect_back_or_to' calls 'super' to use
|
|
28
|
+
# the method of the same name defined in Rails 7.
|
|
29
|
+
# Default: `false`
|
|
30
|
+
#
|
|
31
|
+
# config.use_redirect_back_or_to_by_rails =
|
|
32
|
+
|
|
24
33
|
# Set domain option for cookies; Useful for remember_me submodule.
|
|
25
34
|
# Default: `nil`
|
|
26
35
|
#
|
|
@@ -31,12 +40,6 @@ Rails.application.config.sorcery.configure do |config|
|
|
|
31
40
|
#
|
|
32
41
|
# config.remember_me_httponly =
|
|
33
42
|
|
|
34
|
-
# Set token randomness. (e.g. user activation tokens)
|
|
35
|
-
# The length of the result string is about 4/3 of `token_randomness`.
|
|
36
|
-
# Default: `15`
|
|
37
|
-
#
|
|
38
|
-
# config.token_randomness =
|
|
39
|
-
|
|
40
43
|
# -- session timeout --
|
|
41
44
|
# How long in seconds to keep the session alive.
|
|
42
45
|
# Default: `3600`
|
|
@@ -75,6 +78,11 @@ Rails.application.config.sorcery.configure do |config|
|
|
|
75
78
|
#
|
|
76
79
|
# config.register_last_activity_time =
|
|
77
80
|
|
|
81
|
+
# Will register the source ip address of last user login, every login.
|
|
82
|
+
# Default: `true`
|
|
83
|
+
#
|
|
84
|
+
# config.register_last_ip_address =
|
|
85
|
+
|
|
78
86
|
# -- external --
|
|
79
87
|
# What providers are supported by this app
|
|
80
88
|
# i.e. [:twitter, :facebook, :github, :linkedin, :xing, :google, :liveid, :salesforce, :slack, :line].
|
|
@@ -226,7 +234,7 @@ Rails.application.config.sorcery.configure do |config|
|
|
|
226
234
|
# config.line.bot_prompt = "normal"
|
|
227
235
|
# config.line.user_info_mapping = {name: 'displayName'}
|
|
228
236
|
|
|
229
|
-
|
|
237
|
+
|
|
230
238
|
# For information about Discord API
|
|
231
239
|
# https://discordapp.com/developers/docs/topics/oauth2
|
|
232
240
|
# config.discord.key = "xxxxxx"
|
|
@@ -284,6 +292,12 @@ Rails.application.config.sorcery.configure do |config|
|
|
|
284
292
|
#
|
|
285
293
|
user.stretches = 1 if Rails.env.test?
|
|
286
294
|
|
|
295
|
+
# Set token randomness. (e.g. user activation tokens)
|
|
296
|
+
# The length of the result string is about 4/3 of `token_randomness`.
|
|
297
|
+
# Default: `15`
|
|
298
|
+
#
|
|
299
|
+
# user.token_randomness =
|
|
300
|
+
|
|
287
301
|
# Encryption key used to encrypt reversible encryptions such as AES256.
|
|
288
302
|
# WARNING: If used for users' passwords, changing this key will leave passwords undecryptable!
|
|
289
303
|
# Default: `nil`
|
|
@@ -306,6 +320,16 @@ Rails.application.config.sorcery.configure do |config|
|
|
|
306
320
|
# user.subclasses_inherit_config =
|
|
307
321
|
|
|
308
322
|
# -- remember_me --
|
|
323
|
+
# change default remember_me_token attribute.
|
|
324
|
+
# Default: `:remember_me_token`
|
|
325
|
+
#
|
|
326
|
+
# user.remember_me_token_attribute_name =
|
|
327
|
+
|
|
328
|
+
# change default remember_me_token_expires_at attribute.
|
|
329
|
+
# Default: `:remember_me_token_expires_at`
|
|
330
|
+
#
|
|
331
|
+
# user.remember_me_token_expires_at_attribute_name =
|
|
332
|
+
|
|
309
333
|
# How long in seconds the session length will be
|
|
310
334
|
# Default: `60 * 60 * 24 * 7`
|
|
311
335
|
#
|
|
@@ -352,8 +376,8 @@ Rails.application.config.sorcery.configure do |config|
|
|
|
352
376
|
# user.activation_mailer_disabled =
|
|
353
377
|
|
|
354
378
|
# Method to send email related
|
|
355
|
-
# options: `:deliver_later`, `:deliver_now
|
|
356
|
-
# Default: :
|
|
379
|
+
# options: `:deliver_later`, `:deliver_now`
|
|
380
|
+
# Default: :deliver_now
|
|
357
381
|
#
|
|
358
382
|
# user.email_delivery_method =
|
|
359
383
|
|
|
@@ -1,13 +1,11 @@
|
|
|
1
1
|
class SorceryCore < <%= migration_class_name %>
|
|
2
2
|
def change
|
|
3
3
|
create_table :<%= tableized_model_class %> do |t|
|
|
4
|
-
t.string :email, null: false
|
|
4
|
+
t.string :email, null: false, index: { unique: true }
|
|
5
5
|
t.string :crypted_password
|
|
6
6
|
t.string :salt
|
|
7
7
|
|
|
8
8
|
t.timestamps null: false
|
|
9
9
|
end
|
|
10
|
-
|
|
11
|
-
add_index :<%= tableized_model_class %>, :email, unique: true
|
|
12
10
|
end
|
|
13
11
|
end
|
|
@@ -1,12 +1,12 @@
|
|
|
1
1
|
module Sorcery
|
|
2
2
|
module Adapters
|
|
3
3
|
class ActiveRecordAdapter < BaseAdapter
|
|
4
|
-
def update_attributes(attrs)
|
|
4
|
+
def update_attributes(attrs) # rubocop:disable Naming/PredicateMethod
|
|
5
5
|
attrs.each do |name, value|
|
|
6
6
|
@model.send(:"#{name}=", value)
|
|
7
7
|
end
|
|
8
8
|
primary_key = @model.class.primary_key
|
|
9
|
-
updated_count = @model.class.where(
|
|
9
|
+
updated_count = @model.class.where("#{primary_key}": @model.send(:"#{primary_key}")).update_all(attrs)
|
|
10
10
|
updated_count == 1
|
|
11
11
|
end
|
|
12
12
|
|
|
@@ -23,7 +23,7 @@ module Sorcery
|
|
|
23
23
|
@user_config ||= ::Sorcery::Controller::Config.user_class.to_s.constantize.sorcery_config
|
|
24
24
|
conditions = {
|
|
25
25
|
@user_config.provider_uid_attribute_name => uid,
|
|
26
|
-
@user_config.provider_attribute_name
|
|
26
|
+
@user_config.provider_attribute_name => provider
|
|
27
27
|
}
|
|
28
28
|
|
|
29
29
|
@model.public_send(relation_name).where(conditions).first
|
|
@@ -42,7 +42,7 @@ module Sorcery
|
|
|
42
42
|
@user_config ||= ::Sorcery::Controller::Config.user_class.to_s.constantize.sorcery_config
|
|
43
43
|
conditions = {
|
|
44
44
|
@user_config.provider_uid_attribute_name => uid,
|
|
45
|
-
@user_config.provider_attribute_name
|
|
45
|
+
@user_config.provider_attribute_name => provider
|
|
46
46
|
}
|
|
47
47
|
|
|
48
48
|
@klass.where(conditions).first
|
|
@@ -56,11 +56,11 @@ module Sorcery
|
|
|
56
56
|
relation = nil
|
|
57
57
|
|
|
58
58
|
@klass.sorcery_config.username_attribute_names.each do |attribute|
|
|
59
|
-
if @klass.sorcery_config.downcase_username_before_authenticating
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
59
|
+
condition = if @klass.sorcery_config.downcase_username_before_authenticating
|
|
60
|
+
@klass.arel_table[attribute].lower.eq(@klass.arel_table.lower(credentials[0]))
|
|
61
|
+
else
|
|
62
|
+
@klass.arel_table[attribute].eq(credentials[0])
|
|
63
|
+
end
|
|
64
64
|
|
|
65
65
|
relation = if relation.nil?
|
|
66
66
|
condition
|
|
@@ -88,9 +88,7 @@ module Sorcery
|
|
|
88
88
|
|
|
89
89
|
def find_by_username(username)
|
|
90
90
|
@klass.sorcery_config.username_attribute_names.each do |attribute|
|
|
91
|
-
if @klass.sorcery_config.downcase_username_before_authenticating
|
|
92
|
-
username = username.downcase
|
|
93
|
-
end
|
|
91
|
+
username = username.downcase if @klass.sorcery_config.downcase_username_before_authenticating
|
|
94
92
|
|
|
95
93
|
result = @klass.where(attribute => username).first
|
|
96
94
|
return result if result
|
|
@@ -101,8 +99,8 @@ module Sorcery
|
|
|
101
99
|
@klass.where(@klass.sorcery_config.email_attribute_name => email).first
|
|
102
100
|
end
|
|
103
101
|
|
|
104
|
-
def transaction(&
|
|
105
|
-
@klass.tap(&
|
|
102
|
+
def transaction(&)
|
|
103
|
+
@klass.tap(&)
|
|
106
104
|
end
|
|
107
105
|
end
|
|
108
106
|
end
|
|
@@ -2,7 +2,7 @@ module Sorcery
|
|
|
2
2
|
module Adapters
|
|
3
3
|
class MongoidAdapter < BaseAdapter
|
|
4
4
|
def increment(attr)
|
|
5
|
-
|
|
5
|
+
@model.inc(attr => 1)
|
|
6
6
|
end
|
|
7
7
|
|
|
8
8
|
def update_attributes(attrs)
|
|
@@ -22,17 +22,13 @@ module Sorcery
|
|
|
22
22
|
@model.send(mthd, options)
|
|
23
23
|
end
|
|
24
24
|
|
|
25
|
-
def mongoid_4?
|
|
26
|
-
Gem::Version.new(::Mongoid::VERSION) >= Gem::Version.new('4.0.0.alpha')
|
|
27
|
-
end
|
|
28
|
-
|
|
29
25
|
class << self
|
|
30
26
|
def define_field(name, type, options = {})
|
|
31
27
|
@klass.field name, options.slice(:default).merge(type: type)
|
|
32
28
|
end
|
|
33
29
|
|
|
34
30
|
def define_callback(time, event, method_name, options = {})
|
|
35
|
-
@klass.send callback_name(time, event, options), method_name, options.slice(:if)
|
|
31
|
+
@klass.send callback_name(time, event, options), method_name, **options.slice(:if)
|
|
36
32
|
end
|
|
37
33
|
|
|
38
34
|
def callback_name(time, event, options)
|
|
@@ -44,7 +40,9 @@ module Sorcery
|
|
|
44
40
|
end
|
|
45
41
|
|
|
46
42
|
def credential_regex(credential)
|
|
47
|
-
|
|
43
|
+
if @klass.sorcery_config.downcase_username_before_authenticating
|
|
44
|
+
return { :$regex => /^#{Regexp.escape(credential)}$/i }
|
|
45
|
+
end
|
|
48
46
|
|
|
49
47
|
credential
|
|
50
48
|
end
|
|
@@ -70,8 +68,8 @@ module Sorcery
|
|
|
70
68
|
@klass.where(@klass.sorcery_config.remember_me_token_attribute_name => token).first
|
|
71
69
|
end
|
|
72
70
|
|
|
73
|
-
def transaction(&
|
|
74
|
-
tap(&
|
|
71
|
+
def transaction(&)
|
|
72
|
+
tap(&)
|
|
75
73
|
end
|
|
76
74
|
|
|
77
75
|
def find_by_id(id)
|
|
@@ -2,37 +2,35 @@ module Sorcery
|
|
|
2
2
|
module Controller
|
|
3
3
|
module Config
|
|
4
4
|
class << self
|
|
5
|
-
attr_accessor :submodules
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
attr_accessor :after_failed_login
|
|
19
|
-
attr_accessor :before_logout
|
|
20
|
-
attr_accessor :after_logout
|
|
21
|
-
attr_accessor :after_remember_me
|
|
5
|
+
attr_accessor :submodules,
|
|
6
|
+
:user_class, # what class to use as the user class.
|
|
7
|
+
:not_authenticated_action, # what controller action to call for non-authenticated users.
|
|
8
|
+
:save_return_to_url, # when a non logged in user tries to enter a page that requires login, save the URL he wanted to reach, and send him there after login.
|
|
9
|
+
:cookie_domain, # set domain option for cookies
|
|
10
|
+
:login_sources,
|
|
11
|
+
:after_login,
|
|
12
|
+
:after_failed_login,
|
|
13
|
+
:before_logout,
|
|
14
|
+
:after_logout,
|
|
15
|
+
:after_remember_me,
|
|
16
|
+
:use_redirect_back_or_to_by_rails, # set whether to use 'redirect_back_or_to' defined in Rails 7.
|
|
17
|
+
:after_login_lock
|
|
22
18
|
|
|
23
19
|
def init!
|
|
24
20
|
@defaults = {
|
|
25
|
-
:@user_class
|
|
26
|
-
:@submodules
|
|
27
|
-
:@not_authenticated_action
|
|
28
|
-
:@login_sources
|
|
29
|
-
:@after_login
|
|
30
|
-
:@after_failed_login
|
|
31
|
-
:@before_logout
|
|
32
|
-
:@after_logout
|
|
33
|
-
:@after_remember_me
|
|
34
|
-
:@save_return_to_url
|
|
35
|
-
:@cookie_domain
|
|
21
|
+
:@user_class => nil,
|
|
22
|
+
:@submodules => [],
|
|
23
|
+
:@not_authenticated_action => :not_authenticated,
|
|
24
|
+
:@login_sources => Set.new,
|
|
25
|
+
:@after_login => Set.new,
|
|
26
|
+
:@after_failed_login => Set.new,
|
|
27
|
+
:@before_logout => Set.new,
|
|
28
|
+
:@after_logout => Set.new,
|
|
29
|
+
:@after_remember_me => Set.new,
|
|
30
|
+
:@save_return_to_url => true,
|
|
31
|
+
:@cookie_domain => nil,
|
|
32
|
+
:@use_redirect_back_or_to_by_rails => false,
|
|
33
|
+
:@after_login_lock => Set.new
|
|
36
34
|
}
|
|
37
35
|
end
|
|
38
36
|
|
|
@@ -58,7 +56,7 @@ module Sorcery
|
|
|
58
56
|
end
|
|
59
57
|
|
|
60
58
|
def configure!
|
|
61
|
-
@configure_blk
|
|
59
|
+
@configure_blk&.call(self)
|
|
62
60
|
end
|
|
63
61
|
end
|
|
64
62
|
|
|
@@ -16,16 +16,13 @@ module Sorcery
|
|
|
16
16
|
base.send(:include, InstanceMethods)
|
|
17
17
|
Config.module_eval do
|
|
18
18
|
class << self
|
|
19
|
-
attr_accessor :register_login_time
|
|
20
|
-
attr_accessor :register_logout_time
|
|
21
|
-
attr_accessor :register_last_activity_time
|
|
22
|
-
attr_accessor :register_last_ip_address
|
|
19
|
+
attr_accessor :register_login_time, :register_logout_time, :register_last_activity_time, :register_last_ip_address
|
|
23
20
|
|
|
24
21
|
def merge_activity_logging_defaults!
|
|
25
|
-
@defaults.merge!(:@register_login_time
|
|
26
|
-
:@register_logout_time
|
|
22
|
+
@defaults.merge!(:@register_login_time => true,
|
|
23
|
+
:@register_logout_time => true,
|
|
27
24
|
:@register_last_activity_time => true,
|
|
28
|
-
:@register_last_ip_address
|
|
25
|
+
:@register_last_ip_address => true)
|
|
29
26
|
end
|
|
30
27
|
end
|
|
31
28
|
merge_activity_logging_defaults!
|
|
@@ -22,7 +22,10 @@ module Sorcery
|
|
|
22
22
|
# Runs as a hook after a failed login.
|
|
23
23
|
def update_failed_logins_count!(credentials)
|
|
24
24
|
user = user_class.sorcery_adapter.find_by_credentials(credentials)
|
|
25
|
-
user
|
|
25
|
+
return unless user && !user.login_locked?
|
|
26
|
+
|
|
27
|
+
user.register_failed_login!
|
|
28
|
+
after_login_lock!(credentials) if user.login_locked?
|
|
26
29
|
end
|
|
27
30
|
|
|
28
31
|
# Resets the failed logins counter.
|
|
@@ -39,9 +39,9 @@ module Sorcery
|
|
|
39
39
|
|
|
40
40
|
providers.each do |name|
|
|
41
41
|
class_eval <<-RUBY, __FILE__, __LINE__ + 1
|
|
42
|
-
def self.#{name}
|
|
43
|
-
@#{name} ||= Sorcery::Providers.const_get('#{name}'.
|
|
44
|
-
end
|
|
42
|
+
def self.#{name} # def self.github
|
|
43
|
+
@#{name} ||= Sorcery::Providers.const_get('#{name}'.camelcase).new # @github ||= Sorcery::Providers.const_get('github'.camelcase).new
|
|
44
|
+
end # end
|
|
45
45
|
RUBY
|
|
46
46
|
end
|
|
47
47
|
end
|
|
@@ -118,7 +118,7 @@ module Sorcery
|
|
|
118
118
|
# sends user to authenticate at the provider's website.
|
|
119
119
|
# after authentication the user is redirected to the callback defined in the provider config
|
|
120
120
|
def login_at(provider_name, args = {})
|
|
121
|
-
redirect_to sorcery_login_url(provider_name, args)
|
|
121
|
+
redirect_to sorcery_login_url(provider_name, args), allow_other_host: true
|
|
122
122
|
end
|
|
123
123
|
|
|
124
124
|
# tries to login the user from provider's callback
|
|
@@ -186,21 +186,21 @@ module Sorcery
|
|
|
186
186
|
#
|
|
187
187
|
# create_from(provider) {|user| user.some_check }
|
|
188
188
|
#
|
|
189
|
-
def create_from(provider_name, &
|
|
189
|
+
def create_from(provider_name, &)
|
|
190
190
|
sorcery_fetch_user_hash provider_name
|
|
191
191
|
# config = user_class.sorcery_config # TODO: Unused, remove?
|
|
192
192
|
|
|
193
193
|
attrs = user_attrs(@provider.user_info_mapping, @user_hash)
|
|
194
|
-
@user = user_class.create_from_provider(provider_name, @user_hash[:uid], attrs, &
|
|
194
|
+
@user = user_class.create_from_provider(provider_name, @user_hash[:uid], attrs, &)
|
|
195
195
|
end
|
|
196
196
|
|
|
197
197
|
# follows the same patterns as create_from, but builds the user instead of creating
|
|
198
|
-
def build_from(provider_name, &
|
|
198
|
+
def build_from(provider_name, &)
|
|
199
199
|
sorcery_fetch_user_hash provider_name
|
|
200
200
|
# config = user_class.sorcery_config # TODO: Unused, remove?
|
|
201
201
|
|
|
202
202
|
attrs = user_attrs(@provider.user_info_mapping, @user_hash)
|
|
203
|
-
@user = user_class.build_from_provider(attrs, &
|
|
203
|
+
@user = user_class.build_from_provider(attrs, &)
|
|
204
204
|
end
|
|
205
205
|
|
|
206
206
|
def user_attrs(user_info_mapping, user_hash)
|
|
@@ -208,10 +208,10 @@ module Sorcery
|
|
|
208
208
|
user_info_mapping.each do |k, v|
|
|
209
209
|
if (varr = v.split('/')).size > 1
|
|
210
210
|
attribute_value = begin
|
|
211
|
-
|
|
212
|
-
|
|
213
|
-
|
|
214
|
-
|
|
211
|
+
varr.inject(user_hash[:user_info]) { |hash, value| hash[value] }
|
|
212
|
+
rescue StandardError
|
|
213
|
+
nil
|
|
214
|
+
end
|
|
215
215
|
attribute_value.nil? ? attrs : attrs.merge!(k => attribute_value)
|
|
216
216
|
else
|
|
217
217
|
attrs.merge!(k => user_hash[:user_info][v])
|
|
@@ -37,7 +37,10 @@ module Sorcery
|
|
|
37
37
|
# To overcome this, we set a session when requesting the password, which logout will
|
|
38
38
|
# reset, and that's how we know if we need to request for HTTP auth again.
|
|
39
39
|
def require_login_from_http_basic
|
|
40
|
-
|
|
40
|
+
if request.authorization.nil? || session[:http_authentication_used].nil?
|
|
41
|
+
request_http_basic_authentication(realm_name_by_controller) && (session[:http_authentication_used] = true) && return
|
|
42
|
+
end
|
|
43
|
+
|
|
41
44
|
require_login
|
|
42
45
|
session[:http_authentication_used] = nil unless logged_in?
|
|
43
46
|
end
|
|
@@ -45,7 +48,9 @@ module Sorcery
|
|
|
45
48
|
# given to main controller module as a login source callback
|
|
46
49
|
def login_from_basic_auth
|
|
47
50
|
authenticate_with_http_basic do |username, password|
|
|
48
|
-
@current_user = (
|
|
51
|
+
@current_user = (if session[:http_authentication_used]
|
|
52
|
+
user_class.authenticate(username, password)
|
|
53
|
+
end) || false
|
|
49
54
|
auto_login(@current_user) if @current_user
|
|
50
55
|
@current_user
|
|
51
56
|
end
|
|
@@ -11,6 +11,7 @@ module Sorcery
|
|
|
11
11
|
Config.module_eval do
|
|
12
12
|
class << self
|
|
13
13
|
attr_accessor :remember_me_httponly
|
|
14
|
+
|
|
14
15
|
def merge_remember_me_defaults!
|
|
15
16
|
@defaults.merge!(:@remember_me_httponly => true)
|
|
16
17
|
end
|
|
@@ -56,7 +57,7 @@ module Sorcery
|
|
|
56
57
|
# Runs as a login source. See 'current_user' method for how it is used.
|
|
57
58
|
def login_from_cookie
|
|
58
59
|
user = cookies.signed[:remember_me_token] && user_class.sorcery_adapter.find_by_remember_me_token(cookies.signed[:remember_me_token]) if defined? cookies
|
|
59
|
-
if user
|
|
60
|
+
if user&.has_remember_me_token?
|
|
60
61
|
set_remember_me_cookie!(user)
|
|
61
62
|
session[:user_id] = user.id.to_s
|
|
62
63
|
after_remember_me!(user)
|
|
@@ -16,8 +16,8 @@ module Sorcery
|
|
|
16
16
|
attr_accessor :session_timeout_invalidate_active_sessions_enabled
|
|
17
17
|
|
|
18
18
|
def merge_session_timeout_defaults!
|
|
19
|
-
@defaults.merge!(:@session_timeout
|
|
20
|
-
:@session_timeout_from_last_action
|
|
19
|
+
@defaults.merge!(:@session_timeout => 3600, # 1.hour
|
|
20
|
+
:@session_timeout_from_last_action => false,
|
|
21
21
|
:@session_timeout_invalidate_active_sessions_enabled => false)
|
|
22
22
|
end
|
|
23
23
|
end
|