sorcery 0.6.1 → 0.7.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of sorcery might be problematic. Click here for more details.
- data/Gemfile +1 -1
- data/Gemfile.lock +7 -7
- data/README.rdoc +14 -4
- data/Rakefile +1 -1
- data/VERSION +1 -1
- data/lib/generators/sorcery_migration/templates/core.rb +1 -1
- data/lib/generators/sorcery_migration/templates/reset_password.rb +4 -0
- data/lib/sorcery.rb +1 -0
- data/lib/sorcery/controller.rb +26 -6
- data/lib/sorcery/controller/adapters/sinatra.rb +12 -1
- data/lib/sorcery/controller/submodules/activity_logging.rb +18 -1
- data/lib/sorcery/controller/submodules/brute_force_protection.rb +2 -1
- data/lib/sorcery/controller/submodules/external.rb +10 -3
- data/lib/sorcery/controller/submodules/external/protocols/certs/ca-bundle.crt +5182 -0
- data/lib/sorcery/controller/submodules/external/protocols/oauth2.rb +10 -6
- data/lib/sorcery/controller/submodules/external/providers/github.rb +80 -0
- data/lib/sorcery/controller/submodules/external/providers/twitter.rb +5 -0
- data/lib/sorcery/controller/submodules/http_basic_auth.rb +1 -1
- data/lib/sorcery/controller/submodules/remember_me.rb +13 -4
- data/lib/sorcery/controller/submodules/session_timeout.rb +1 -1
- data/lib/sorcery/crypto_providers/aes256.rb +7 -3
- data/lib/sorcery/engine.rb +1 -0
- data/lib/sorcery/initializers/initializer.rb +81 -60
- data/lib/sorcery/model.rb +13 -11
- data/lib/sorcery/model/adapters/active_record.rb +2 -1
- data/lib/sorcery/model/adapters/mongoid.rb +7 -2
- data/lib/sorcery/model/submodules/brute_force_protection.rb +5 -3
- data/lib/sorcery/model/submodules/remember_me.rb +1 -1
- data/lib/sorcery/model/submodules/reset_password.rb +1 -2
- data/lib/sorcery/model/submodules/user_activation.rb +1 -2
- data/lib/sorcery/model/temporary_token.rb +5 -0
- data/lib/sorcery/test_helpers/internal/rails.rb +1 -1
- data/lib/sorcery/test_helpers/rails.rb +2 -2
- data/lib/sorcery/test_helpers/sinatra.rb +1 -1
- data/sorcery.gemspec +16 -9
- data/spec/Gemfile +1 -1
- data/spec/Gemfile.lock +9 -11
- data/spec/README.md +26 -0
- data/spec/rails3/Gemfile +2 -0
- data/spec/rails3/Gemfile.lock +33 -11
- data/spec/rails3/app/controllers/application_controller.rb +40 -22
- data/spec/rails3/app/views/application/index.html.erb +17 -0
- data/spec/rails3/spec/controller_activity_logging_spec.rb +23 -0
- data/spec/rails3/spec/controller_oauth2_spec.rb +61 -20
- data/spec/rails3/spec/controller_remember_me_spec.rb +37 -6
- data/spec/rails3/spec/controller_spec.rb +30 -0
- data/spec/rails3/spec/integration_spec.rb +23 -0
- data/spec/rails3/spec/spec_helper.rb +6 -3
- data/spec/rails3_mongoid/Gemfile.lock +9 -11
- data/spec/rails3_mongoid/spec/controller_spec.rb +130 -0
- data/spec/shared_examples/user_remember_me_shared_examples.rb +1 -0
- data/spec/shared_examples/user_shared_examples.rb +7 -7
- data/spec/sinatra/Gemfile.lock +9 -11
- data/spec/sinatra/spec/controller_oauth2_spec.rb +3 -6
- data/spec/sinatra/spec/controller_spec.rb +7 -0
- data/spec/sinatra_modular/Gemfile.lock +9 -11
- data/spec/sinatra_modular/spec_modular/controller_oauth2_spec.rb +3 -6
- metadata +12 -5
- data/spec/rails3/public/index.html +0 -239
|
@@ -9,18 +9,22 @@ module Sorcery
|
|
|
9
9
|
"2.0"
|
|
10
10
|
end
|
|
11
11
|
|
|
12
|
-
def authorize_url(
|
|
13
|
-
|
|
14
|
-
|
|
12
|
+
def authorize_url(options = {})
|
|
13
|
+
defaults = {
|
|
14
|
+
:site => @site,
|
|
15
|
+
:ssl => { :ca_file => Config.ca_file }
|
|
16
|
+
}
|
|
17
|
+
client = ::OAuth2::Client.new(@key, @secret, defaults.merge!(options))
|
|
18
|
+
client.authorize_url(:redirect_uri => @callback_url, :scope => @scope)
|
|
15
19
|
end
|
|
16
20
|
|
|
17
21
|
def get_access_token(args)
|
|
18
|
-
client = ::OAuth2::Client.new(@key, @secret, :site => @site)
|
|
19
|
-
client.
|
|
22
|
+
client = ::OAuth2::Client.new(@key, @secret, :site => @site, :ssl => { :ca_file => Config.ca_file })
|
|
23
|
+
client.get_token(args[:code], :redirect_uri => @callback_url)
|
|
20
24
|
end
|
|
21
25
|
end
|
|
22
26
|
end
|
|
23
27
|
end
|
|
24
28
|
end
|
|
25
29
|
end
|
|
26
|
-
end
|
|
30
|
+
end
|
|
@@ -0,0 +1,80 @@
|
|
|
1
|
+
module Sorcery
|
|
2
|
+
module Controller
|
|
3
|
+
module Submodules
|
|
4
|
+
module External
|
|
5
|
+
module Providers
|
|
6
|
+
# This module adds support for OAuth with github.com.
|
|
7
|
+
# When included in the 'config.providers' option, it adds a new option, 'config.github'.
|
|
8
|
+
# Via this new option you can configure Github specific settings like your app's key and secret.
|
|
9
|
+
#
|
|
10
|
+
# config.github.key = <key>
|
|
11
|
+
# config.github.secret = <secret>
|
|
12
|
+
# ...
|
|
13
|
+
#
|
|
14
|
+
module Github
|
|
15
|
+
def self.included(base)
|
|
16
|
+
base.module_eval do
|
|
17
|
+
class << self
|
|
18
|
+
attr_reader :github # access to github_client.
|
|
19
|
+
|
|
20
|
+
def merge_github_defaults!
|
|
21
|
+
@defaults.merge!(:@github => GithubClient)
|
|
22
|
+
end
|
|
23
|
+
end
|
|
24
|
+
merge_github_defaults!
|
|
25
|
+
update!
|
|
26
|
+
end
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
module GithubClient
|
|
30
|
+
class << self
|
|
31
|
+
attr_accessor :key,
|
|
32
|
+
:secret,
|
|
33
|
+
:callback_url,
|
|
34
|
+
:site,
|
|
35
|
+
:user_info_path,
|
|
36
|
+
:user_info_mapping
|
|
37
|
+
|
|
38
|
+
include Protocols::Oauth2
|
|
39
|
+
|
|
40
|
+
def init
|
|
41
|
+
@site = "https://github.com/"
|
|
42
|
+
@user_info_path = "/api/v2/json/user/show"
|
|
43
|
+
@user_info_mapping = {}
|
|
44
|
+
end
|
|
45
|
+
|
|
46
|
+
def get_user_hash
|
|
47
|
+
user_hash = {}
|
|
48
|
+
response = @access_token.get(@user_info_path)
|
|
49
|
+
user_hash[:user_info] = JSON.parse(response)
|
|
50
|
+
user_hash[:uid] = user_hash[:user_info]['id']
|
|
51
|
+
user_hash
|
|
52
|
+
end
|
|
53
|
+
|
|
54
|
+
def has_callback?
|
|
55
|
+
true
|
|
56
|
+
end
|
|
57
|
+
|
|
58
|
+
# calculates and returns the url to which the user should be redirected,
|
|
59
|
+
# to get authenticated at the external provider's site.
|
|
60
|
+
def login_url(params,session)
|
|
61
|
+
self.authorize_url({:authorize_path => '/login/oauth/authorize'})
|
|
62
|
+
end
|
|
63
|
+
|
|
64
|
+
# tries to login the user from access token
|
|
65
|
+
def process_callback(params,session)
|
|
66
|
+
args = {}
|
|
67
|
+
args.merge!({:code => params[:code]}) if params[:code]
|
|
68
|
+
@access_token = self.get_access_token(args)
|
|
69
|
+
end
|
|
70
|
+
|
|
71
|
+
end
|
|
72
|
+
init
|
|
73
|
+
end
|
|
74
|
+
|
|
75
|
+
end
|
|
76
|
+
end
|
|
77
|
+
end
|
|
78
|
+
end
|
|
79
|
+
end
|
|
80
|
+
end
|
|
@@ -39,6 +39,11 @@ module Sorcery
|
|
|
39
39
|
:user_info_mapping
|
|
40
40
|
|
|
41
41
|
include Protocols::Oauth1
|
|
42
|
+
|
|
43
|
+
# Override included get_consumer method to provide authorize_path
|
|
44
|
+
def get_consumer
|
|
45
|
+
::OAuth::Consumer.new(@key, @secret, :site => @site, :authorize_path => "/oauth/authenticate")
|
|
46
|
+
end
|
|
42
47
|
|
|
43
48
|
def init
|
|
44
49
|
@site = "https://api.twitter.com"
|
|
@@ -46,7 +46,7 @@ module Sorcery
|
|
|
46
46
|
def login_from_basic_auth
|
|
47
47
|
authenticate_with_http_basic do |username, password|
|
|
48
48
|
@current_user = (user_class.authenticate(username, password) if session[:http_authentication_used]) || false
|
|
49
|
-
|
|
49
|
+
auto_login(@current_user) if @current_user
|
|
50
50
|
@current_user
|
|
51
51
|
end
|
|
52
52
|
end
|
|
@@ -26,19 +26,27 @@ module Sorcery
|
|
|
26
26
|
cookies[:remember_me_token] = nil
|
|
27
27
|
end
|
|
28
28
|
|
|
29
|
+
# Override.
|
|
30
|
+
# logins a user instance, and optionally remembers him.
|
|
31
|
+
def auto_login(user, should_remember = false)
|
|
32
|
+
session[:user_id] = user.id
|
|
33
|
+
@current_user = user
|
|
34
|
+
remember_me! if should_remember
|
|
35
|
+
end
|
|
36
|
+
|
|
29
37
|
protected
|
|
30
38
|
|
|
31
39
|
# calls remember_me! if a third credential was passed to the login method.
|
|
32
40
|
# Runs as a hook after login.
|
|
33
41
|
def remember_me_if_asked_to(user, credentials)
|
|
34
|
-
remember_me! if credentials.size == 3 && credentials[2]
|
|
42
|
+
remember_me! if ( credentials.size == 3 && credentials[2] && credentials[2] != "0" )
|
|
35
43
|
end
|
|
36
44
|
|
|
37
45
|
# Checks the cookie for a remember me token, tried to find a user with that token
|
|
38
46
|
# and logs the user in if found.
|
|
39
47
|
# Runs as a login source. See 'current_user' method for how it is used.
|
|
40
48
|
def login_from_cookie
|
|
41
|
-
user = cookies[:remember_me_token] && user_class.find_by_remember_me_token(cookies[:remember_me_token])
|
|
49
|
+
user = cookies.signed[:remember_me_token] && user_class.find_by_remember_me_token(cookies.signed[:remember_me_token])
|
|
42
50
|
if user && user.remember_me_token?
|
|
43
51
|
set_remember_me_cookie!(user)
|
|
44
52
|
@current_user = user
|
|
@@ -48,9 +56,10 @@ module Sorcery
|
|
|
48
56
|
end
|
|
49
57
|
|
|
50
58
|
def set_remember_me_cookie!(user)
|
|
51
|
-
cookies[:remember_me_token] = {
|
|
59
|
+
cookies.signed[:remember_me_token] = {
|
|
52
60
|
:value => user.send(user.sorcery_config.remember_me_token_attribute_name),
|
|
53
|
-
:expires => user.send(user.sorcery_config.remember_me_token_expires_at_attribute_name)
|
|
61
|
+
:expires => user.send(user.sorcery_config.remember_me_token_expires_at_attribute_name),
|
|
62
|
+
:httponly => true
|
|
54
63
|
}
|
|
55
64
|
end
|
|
56
65
|
end
|
|
@@ -39,7 +39,7 @@ module Sorcery
|
|
|
39
39
|
session_to_use = Config.session_timeout_from_last_action ? session[:last_action_time] : session[:login_time]
|
|
40
40
|
if session_to_use && (Time.now.utc - session_to_use > Config.session_timeout)
|
|
41
41
|
reset_session
|
|
42
|
-
@current_user =
|
|
42
|
+
@current_user = nil
|
|
43
43
|
else
|
|
44
44
|
session[:last_action_time] = Time.now.utc
|
|
45
45
|
end
|
|
@@ -28,12 +28,16 @@ module Sorcery
|
|
|
28
28
|
end
|
|
29
29
|
|
|
30
30
|
def matches?(crypted, *tokens)
|
|
31
|
-
|
|
32
|
-
aes.key = @key
|
|
33
|
-
(aes.update(crypted.unpack("m").first) + aes.final) == tokens.join
|
|
31
|
+
decrypt(crypted) == tokens.join
|
|
34
32
|
rescue OpenSSL::CipherError
|
|
35
33
|
false
|
|
36
34
|
end
|
|
35
|
+
|
|
36
|
+
def decrypt(crypted)
|
|
37
|
+
aes.decrypt
|
|
38
|
+
aes.key = @key
|
|
39
|
+
(aes.update(crypted.unpack("m").first) + aes.final)
|
|
40
|
+
end
|
|
37
41
|
|
|
38
42
|
private
|
|
39
43
|
|
data/lib/sorcery/engine.rb
CHANGED
|
@@ -10,6 +10,7 @@ module Sorcery
|
|
|
10
10
|
initializer "extend Controller with sorcery" do |app|
|
|
11
11
|
ActionController::Base.send(:include, Sorcery::Controller)
|
|
12
12
|
ActionController::Base.helper_method :current_user
|
|
13
|
+
ActionController::Base.helper_method :logged_in?
|
|
13
14
|
end
|
|
14
15
|
|
|
15
16
|
rake_tasks do
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
# The first thing you need to configure is which modules you need in your app.
|
|
2
2
|
# The default is nothing which will include only core features (password encryption, login/logout).
|
|
3
|
-
# Available submodules are: :user_activation, :http_basic_auth, :remember_me,
|
|
3
|
+
# Available submodules are: :user_activation, :http_basic_auth, :remember_me,
|
|
4
4
|
# :reset_password, :session_timeout, :brute_force_protection, :activity_logging, :external
|
|
5
5
|
Rails.application.config.sorcery.submodules = []
|
|
6
6
|
|
|
@@ -8,165 +8,186 @@ Rails.application.config.sorcery.submodules = []
|
|
|
8
8
|
Rails.application.config.sorcery.configure do |config|
|
|
9
9
|
# -- core --
|
|
10
10
|
# config.not_authenticated_action = :not_authenticated # what controller action to call for
|
|
11
|
-
# non-authenticated users.
|
|
12
|
-
# You can also override 'not_authenticated'
|
|
11
|
+
# non-authenticated users.
|
|
12
|
+
# You can also override 'not_authenticated'
|
|
13
13
|
# instead.
|
|
14
|
-
|
|
15
|
-
# config.save_return_to_url = true # when a non logged in user tries to enter
|
|
16
|
-
# a page that requires login,
|
|
17
|
-
# save the URL he wanted to reach,
|
|
14
|
+
|
|
15
|
+
# config.save_return_to_url = true # when a non logged in user tries to enter
|
|
16
|
+
# a page that requires login,
|
|
17
|
+
# save the URL he wanted to reach,
|
|
18
18
|
# and send him there after login, using
|
|
19
19
|
# 'redirect_back_or_to'.
|
|
20
20
|
|
|
21
|
-
# -- session timeout --
|
|
21
|
+
# -- session timeout --
|
|
22
22
|
# config.session_timeout = 3600 # how long in seconds to keep the session alive.
|
|
23
|
-
# config.session_timeout_from_last_action = false # use the last action as the beginning of
|
|
23
|
+
# config.session_timeout_from_last_action = false # use the last action as the beginning of
|
|
24
24
|
# session timeout.
|
|
25
|
-
|
|
25
|
+
|
|
26
26
|
# -- http_basic_auth --
|
|
27
27
|
# config.controller_to_realm_map = {"application" => "Application"} # What realm to display for which controller name.
|
|
28
28
|
# For example {"My App" => "Application"}
|
|
29
29
|
|
|
30
|
+
# -- activity logging --
|
|
31
|
+
# config.register_login_time = true # will register the time of last user login, every login.
|
|
32
|
+
# config.register_logout_time = true # will register the time of last user logout, every logout.
|
|
33
|
+
# config.register_last_activity_time = true # will register the time of last user action, every action.
|
|
34
|
+
|
|
30
35
|
# -- external --
|
|
31
|
-
# config.external_providers = [] # What providers are supported by this app,
|
|
32
|
-
# i.e. [:twitter, :facebook] .
|
|
33
|
-
#
|
|
36
|
+
# config.external_providers = [] # What providers are supported by this app,
|
|
37
|
+
# i.e. [:twitter, :facebook, :github] .
|
|
38
|
+
# config.ca_file = 'path/to/ca_file' # Path to ca_file. By default use a internal ca-bundle.crt.
|
|
39
|
+
# You can change it by your local ca_file.
|
|
40
|
+
# i.e. '/etc/pki/tls/certs/ca-bundle.crt'
|
|
41
|
+
|
|
34
42
|
# config.twitter.key = "eYVNBjBDi33aa9GkA3w"
|
|
35
43
|
# config.twitter.secret = "XpbeSdCoaKSmQGSeokz5qcUATClRW5u08QWNfv71N8"
|
|
36
44
|
# config.twitter.callback_url = "http://0.0.0.0:3000/oauth/callback?provider=twitter"
|
|
37
45
|
# config.twitter.user_info_mapping = {:email => "screen_name"}
|
|
38
|
-
#
|
|
46
|
+
#
|
|
39
47
|
# config.facebook.key = "34cebc81c08a521bc66e212f947d73ec"
|
|
40
48
|
# config.facebook.secret = "5b458d179f61d4f036ee66a497ffbcd0"
|
|
41
49
|
# config.facebook.callback_url = "http://0.0.0.0:3000/oauth/callback?provider=facebook"
|
|
42
50
|
# config.facebook.user_info_mapping = {:email => "name"}
|
|
43
|
-
|
|
51
|
+
#
|
|
52
|
+
# config.github.key = ""
|
|
53
|
+
# config.github.secret = ""
|
|
54
|
+
# config.github.callback_url = "http://0.0.0.0:3000/oauth/callback?provider=github"
|
|
55
|
+
# config.github.user_info_mapping = {:email => "name"}
|
|
56
|
+
|
|
57
|
+
# config.sinatra_cookie_secret = 'ch4ng3M3plz' # key used to sign cookies in Sinatra
|
|
58
|
+
# changing it will invalidate all signed cookies!
|
|
59
|
+
|
|
44
60
|
# --- user config ---
|
|
45
61
|
config.user_config do |user|
|
|
46
62
|
# -- core --
|
|
47
|
-
# user.
|
|
48
|
-
#
|
|
49
|
-
#
|
|
50
|
-
|
|
63
|
+
# user.username_attribute_names = [:username] # specify username
|
|
64
|
+
# attributes, for example:
|
|
65
|
+
# [:username, :email].
|
|
66
|
+
|
|
51
67
|
# user.password_attribute_name = :password # change *virtual* password
|
|
52
68
|
# attribute, the one which is used
|
|
53
69
|
# until an encrypted one is
|
|
54
70
|
# generated.
|
|
55
|
-
|
|
71
|
+
|
|
56
72
|
# user.email_attribute_name = :email # change default email attribute.
|
|
57
|
-
|
|
73
|
+
|
|
58
74
|
# user.crypted_password_attribute_name = :crypted_password # change default crypted_password
|
|
59
75
|
# attribute.
|
|
60
|
-
|
|
76
|
+
|
|
61
77
|
# user.salt_join_token = "" # what pattern to use to join the
|
|
62
78
|
# password with the salt
|
|
63
|
-
|
|
79
|
+
|
|
64
80
|
# user.salt_attribute_name = :salt # change default salt attribute.
|
|
65
|
-
|
|
81
|
+
|
|
66
82
|
# user.stretches = nil # how many times to apply
|
|
67
83
|
# encryption to the password.
|
|
68
|
-
|
|
84
|
+
|
|
69
85
|
# user.encryption_key = nil # encryption key used to encrypt
|
|
70
86
|
# reversible encryptions such as
|
|
71
87
|
# AES256.
|
|
72
|
-
|
|
73
|
-
|
|
88
|
+
#
|
|
89
|
+
# WARNING:
|
|
90
|
+
#
|
|
91
|
+
# If used for users' passwords, changing this key
|
|
92
|
+
# will leave passwords undecryptable!
|
|
93
|
+
|
|
94
|
+
# user.custom_encryption_provider = nil # use an external encryption
|
|
74
95
|
# class.
|
|
75
|
-
|
|
96
|
+
|
|
76
97
|
# user.encryption_algorithm = :bcrypt # encryption algorithm name. See
|
|
77
98
|
# 'encryption_algorithm=' for
|
|
78
99
|
# available options.
|
|
79
|
-
|
|
100
|
+
|
|
80
101
|
# user.subclasses_inherit_config = false # make this configuration
|
|
81
102
|
# inheritable for subclasses.
|
|
82
103
|
# Useful for ActiveRecord's STI.
|
|
83
|
-
|
|
84
|
-
# -- user_activation --
|
|
104
|
+
|
|
105
|
+
# -- user_activation --
|
|
85
106
|
# user.activation_state_attribute_name = :activation_state # the attribute name to hold
|
|
86
107
|
# activation state
|
|
87
108
|
# (active/pending).
|
|
88
|
-
|
|
109
|
+
|
|
89
110
|
# user.activation_token_attribute_name = :activation_token # the attribute name to hold
|
|
90
111
|
# activation code (sent by email).
|
|
91
|
-
|
|
112
|
+
|
|
92
113
|
# user.activation_token_expires_at_attribute_name = :activation_token_expires_at # the attribute name to hold
|
|
93
|
-
# activation code expiration date.
|
|
94
|
-
|
|
114
|
+
# activation code expiration date.
|
|
115
|
+
|
|
95
116
|
# user.activation_token_expiration_period = nil # how many seconds before the
|
|
96
117
|
# activation code expires. nil for
|
|
97
118
|
# never expires.
|
|
98
|
-
|
|
119
|
+
|
|
99
120
|
# user.user_activation_mailer = nil # your mailer class. Required.
|
|
100
|
-
|
|
121
|
+
|
|
101
122
|
# user.activation_needed_email_method_name = :activation_needed_email # activation needed email method
|
|
102
123
|
# on your mailer class.
|
|
103
|
-
|
|
124
|
+
|
|
104
125
|
# user.activation_success_email_method_name = :activation_success_email # activation success email method
|
|
105
126
|
# on your mailer class.
|
|
106
|
-
|
|
127
|
+
|
|
107
128
|
# user.prevent_non_active_users_to_login = true # do you want to prevent or allow
|
|
108
129
|
# users that did not activate by
|
|
109
|
-
# email to login?
|
|
110
|
-
|
|
111
|
-
# -- reset_password --
|
|
130
|
+
# email to login?
|
|
131
|
+
|
|
132
|
+
# -- reset_password --
|
|
112
133
|
# user.reset_password_token_attribute_name = :reset_password_token # reset password code
|
|
113
134
|
# attribute name.
|
|
114
|
-
|
|
135
|
+
|
|
115
136
|
# user.reset_password_token_expires_at_attribute_name = :reset_password_token_expires_at # expires at attribute
|
|
116
137
|
# name.
|
|
117
|
-
|
|
138
|
+
|
|
118
139
|
# user.reset_password_email_sent_at_attribute_name = :reset_password_email_sent_at # when was email sent,
|
|
119
140
|
# used for hammering
|
|
120
141
|
# protection.
|
|
121
|
-
|
|
142
|
+
|
|
122
143
|
# user.reset_password_mailer = nil # mailer class. Needed.
|
|
123
|
-
|
|
144
|
+
|
|
124
145
|
# user.reset_password_email_method_name = :reset_password_email # reset password email
|
|
125
146
|
# method on your mailer
|
|
126
147
|
# class.
|
|
127
|
-
|
|
148
|
+
|
|
128
149
|
# user.reset_password_expiration_period = nil # how many seconds
|
|
129
150
|
# before the reset
|
|
130
151
|
# request expires. nil
|
|
131
152
|
# for never expires.
|
|
132
|
-
|
|
153
|
+
|
|
133
154
|
# user.reset_password_time_between_emails = 5 * 60 # hammering protection,
|
|
134
155
|
# how long to wait
|
|
135
156
|
# before allowing
|
|
136
157
|
# another email to be
|
|
137
158
|
# sent.
|
|
138
|
-
|
|
139
|
-
# -- brute_force_protection --
|
|
159
|
+
|
|
160
|
+
# -- brute_force_protection --
|
|
140
161
|
# user.failed_logins_count_attribute_name = :failed_logins_count # failed logins attribute name.
|
|
141
|
-
|
|
162
|
+
|
|
142
163
|
# user.lock_expires_at_attribute_name = :lock_expires_at # this field indicates whether
|
|
143
164
|
# user is banned and when it will
|
|
144
165
|
# be active again.
|
|
145
|
-
|
|
166
|
+
|
|
146
167
|
# user.consecutive_login_retries_amount_limit = 50 # how many failed logins allowed.
|
|
147
|
-
|
|
168
|
+
|
|
148
169
|
# user.login_lock_time_period = 60 * 60 # how long the user should be
|
|
149
170
|
# banned. in seconds. 0 for
|
|
150
171
|
# permanent.
|
|
151
|
-
|
|
152
|
-
# -- activity logging --
|
|
172
|
+
|
|
173
|
+
# -- activity logging --
|
|
153
174
|
# user.last_login_at_attribute_name = :last_login_at # last login attribute name.
|
|
154
175
|
# user.last_logout_at_attribute_name = :last_logout_at # last logout attribute name.
|
|
155
176
|
# user.last_activity_at_attribute_name = :last_activity_at # last activity attribute name.
|
|
156
177
|
# user.activity_timeout = 10 * 60 # how long since last activity is
|
|
157
178
|
# the user defined logged out?
|
|
158
|
-
|
|
159
|
-
# -- external --
|
|
179
|
+
|
|
180
|
+
# -- external --
|
|
160
181
|
# user.authentications_class = nil # class which holds the various
|
|
161
182
|
# external provider data for this
|
|
162
183
|
# user.
|
|
163
|
-
|
|
184
|
+
|
|
164
185
|
# user.authentications_user_id_attribute_name = :user_id # user's identifier in
|
|
165
186
|
# authentications class.
|
|
166
|
-
|
|
187
|
+
|
|
167
188
|
# user.provider_attribute_name = :provider # provider's identifier in
|
|
168
189
|
# authentications class.
|
|
169
|
-
|
|
190
|
+
|
|
170
191
|
# user.provider_uid_attribute_name = :uid # user's external unique
|
|
171
192
|
# identifier in authentications
|
|
172
193
|
# class.
|