sorcery 0.7.6 → 0.8.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/.travis.yml +3 -0
- data/Gemfile +9 -4
- data/Gemfile.lock +99 -58
- data/README.rdoc +33 -8
- data/Rakefile +6 -7
- data/VERSION +1 -1
- data/lib/generators/sorcery/install_generator.rb +9 -7
- data/lib/generators/sorcery/templates/initializer.rb +324 -127
- data/lib/generators/sorcery/templates/migration/brute_force_protection.rb +2 -0
- data/lib/sorcery/controller/submodules/brute_force_protection.rb +1 -2
- data/lib/sorcery/controller/submodules/external/protocols/oauth2.rb +2 -2
- data/lib/sorcery/controller/submodules/external/providers/facebook.rb +16 -4
- data/lib/sorcery/controller/submodules/external/providers/github.rb +6 -4
- data/lib/sorcery/controller/submodules/external/providers/google.rb +4 -4
- data/lib/sorcery/controller/submodules/external/providers/linkedin.rb +101 -0
- data/lib/sorcery/controller/submodules/external/providers/liveid.rb +1 -1
- data/lib/sorcery/controller/submodules/external/providers/vkontakte.rb +94 -0
- data/lib/sorcery/controller/submodules/external.rb +83 -15
- data/lib/sorcery/controller/submodules/http_basic_auth.rb +1 -1
- data/lib/sorcery/controller/submodules/remember_me.rb +11 -2
- data/lib/sorcery/controller.rb +14 -6
- data/lib/sorcery/crypto_providers/bcrypt.rb +1 -0
- data/lib/sorcery/model/adapters/active_record.rb +9 -4
- data/lib/sorcery/model/adapters/mongo_mapper.rb +16 -14
- data/lib/sorcery/model/adapters/mongoid.rb +12 -6
- data/lib/sorcery/model/submodules/brute_force_protection.rb +44 -13
- data/lib/sorcery/model/submodules/remember_me.rb +4 -6
- data/lib/sorcery/model/submodules/reset_password.rb +14 -7
- data/lib/sorcery/model/submodules/user_activation.rb +14 -6
- data/lib/sorcery/model.rb +40 -39
- data/lib/sorcery/railties/tasks.rake +2 -0
- data/lib/sorcery.rb +3 -1
- data/sorcery.gemspec +31 -141
- data/spec/Gemfile +1 -1
- data/spec/Gemfile.lock +20 -19
- data/spec/README.md +8 -8
- data/spec/rails3/Gemfile +1 -0
- data/spec/rails3/Gemfile.lock +27 -24
- data/spec/rails3/app/controllers/application_controller.rb +54 -0
- data/spec/rails3/app/mailers/sorcery_mailer.rb +7 -0
- data/spec/rails3/app/views/sorcery_mailer/send_unlock_token_email.text.erb +1 -0
- data/spec/rails3/db/migrate/brute_force_protection/20101224223626_add_brute_force_protection_to_users.rb +2 -0
- data/spec/rails3/spec/controller_activity_logging_spec.rb +3 -0
- data/spec/rails3/spec/controller_brute_force_protection_spec.rb +23 -1
- data/spec/rails3/spec/controller_oauth2_spec.rb +162 -24
- data/spec/rails3/spec/controller_oauth_spec.rb +111 -6
- data/spec/rails3/spec/controller_spec.rb +7 -0
- data/spec/rails3_mongo_mapper/Gemfile +2 -1
- data/spec/rails3_mongo_mapper/Gemfile.lock +37 -39
- data/spec/rails3_mongo_mapper/app/controllers/application_controller.rb +14 -0
- data/spec/rails3_mongo_mapper/spec/controller_spec.rb +7 -0
- data/spec/rails3_mongoid/Gemfile +1 -0
- data/spec/rails3_mongoid/Gemfile.lock +28 -25
- data/spec/rails3_mongoid/app/controllers/application_controller.rb +14 -0
- data/spec/rails3_mongoid/config/mongoid.yml +1 -1
- data/spec/rails3_mongoid/spec/controller_activity_logging_spec.rb +11 -11
- data/spec/rails3_mongoid/spec/controller_spec.rb +7 -0
- data/spec/shared_examples/controller_oauth2_shared_examples.rb +20 -1
- data/spec/shared_examples/controller_oauth_shared_examples.rb +18 -0
- data/spec/shared_examples/user_activation_shared_examples.rb +71 -41
- data/spec/shared_examples/user_reset_password_shared_examples.rb +76 -31
- data/spec/sorcery_crypto_providers_spec.rb +9 -0
- metadata +159 -246
|
@@ -7,61 +7,118 @@ Rails.application.config.sorcery.submodules = []
|
|
|
7
7
|
# Here you can configure each submodule's features.
|
|
8
8
|
Rails.application.config.sorcery.configure do |config|
|
|
9
9
|
# -- core --
|
|
10
|
-
#
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
10
|
+
# What controller action to call for non-authenticated users. You can also
|
|
11
|
+
# override the 'not_authenticated' method of course.
|
|
12
|
+
# Default: `:not_authenticated`
|
|
13
|
+
#
|
|
14
|
+
# config.not_authenticated_action =
|
|
15
|
+
|
|
16
|
+
|
|
17
|
+
# When a non logged in user tries to enter a page that requires login, save
|
|
18
|
+
# the URL he wanted to reach, and send him there after login, using 'redirect_back_or_to'.
|
|
19
|
+
# Default: `true`
|
|
20
|
+
#
|
|
21
|
+
# config.save_return_to_url =
|
|
22
|
+
|
|
14
23
|
|
|
15
|
-
#
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
# 'redirect_back_or_to'.
|
|
24
|
+
# Set domain option for cookies; Useful for remember_me submodule.
|
|
25
|
+
# Default: `nil`
|
|
26
|
+
#
|
|
27
|
+
# config.cookie_domain =
|
|
20
28
|
|
|
21
|
-
|
|
22
|
-
|
|
29
|
+
|
|
30
|
+
# -- remember_me --
|
|
31
|
+
# allow the remember_me cookie to settable through AJAX
|
|
32
|
+
# Default: `true`
|
|
33
|
+
#
|
|
34
|
+
# user.remember_me_httponly =
|
|
35
|
+
|
|
23
36
|
|
|
24
37
|
# -- session timeout --
|
|
25
|
-
#
|
|
26
|
-
#
|
|
27
|
-
|
|
38
|
+
# How long in seconds to keep the session alive.
|
|
39
|
+
# Default: `3600`
|
|
40
|
+
#
|
|
41
|
+
# config.session_timeout =
|
|
42
|
+
|
|
43
|
+
|
|
44
|
+
# Use the last action as the beginning of session timeout.
|
|
45
|
+
# Default: `false`
|
|
46
|
+
#
|
|
47
|
+
# config.session_timeout_from_last_action =
|
|
48
|
+
|
|
28
49
|
|
|
29
50
|
# -- http_basic_auth --
|
|
30
|
-
#
|
|
31
|
-
|
|
51
|
+
# What realm to display for which controller name. For example {"My App" => "Application"}
|
|
52
|
+
# Default: `{"application" => "Application"}`
|
|
53
|
+
#
|
|
54
|
+
# config.controller_to_realm_map =
|
|
55
|
+
|
|
32
56
|
|
|
33
57
|
# -- activity logging --
|
|
34
|
-
#
|
|
35
|
-
#
|
|
36
|
-
#
|
|
58
|
+
# will register the time of last user login, every login.
|
|
59
|
+
# Default: `true`
|
|
60
|
+
#
|
|
61
|
+
# config.register_login_time =
|
|
62
|
+
|
|
63
|
+
|
|
64
|
+
# will register the time of last user logout, every logout.
|
|
65
|
+
# Default: `true`
|
|
66
|
+
#
|
|
67
|
+
# config.register_logout_time =
|
|
68
|
+
|
|
69
|
+
|
|
70
|
+
# will register the time of last user action, every action.
|
|
71
|
+
# Default: `true`
|
|
72
|
+
#
|
|
73
|
+
# config.register_last_activity_time =
|
|
74
|
+
|
|
37
75
|
|
|
38
76
|
# -- external --
|
|
39
|
-
#
|
|
40
|
-
|
|
41
|
-
#
|
|
42
|
-
|
|
43
|
-
|
|
77
|
+
# What providers are supported by this app, i.e. [:twitter, :facebook, :github, :google, :liveid] .
|
|
78
|
+
# Default: `[]`
|
|
79
|
+
#
|
|
80
|
+
# config.external_providers =
|
|
81
|
+
|
|
82
|
+
|
|
83
|
+
# You can change it by your local ca_file. i.e. '/etc/pki/tls/certs/ca-bundle.crt'
|
|
84
|
+
# Path to ca_file. By default use a internal ca-bundle.crt.
|
|
85
|
+
# Default: `'path/to/ca_file'`
|
|
86
|
+
#
|
|
87
|
+
# config.ca_file =
|
|
88
|
+
|
|
44
89
|
|
|
90
|
+
# For information about LinkedIn API:
|
|
91
|
+
# - user info fields go to https://developer.linkedin.com/documents/profile-fields
|
|
92
|
+
# - access permissions go to https://developer.linkedin.com/documents/authentication#granting
|
|
93
|
+
#
|
|
94
|
+
# config.linkedin.key = ""
|
|
95
|
+
# config.linkedin.secret = ""
|
|
96
|
+
# config.linkedin.callback_url = "http://0.0.0.0:3000/oauth/callback?provider=linkedin"
|
|
97
|
+
# config.linkedin.user_info_fields = ['first-name', 'last-name']
|
|
98
|
+
# config.linkedin.user_info_mapping = {first_name: "firstName", last_name: "lastName"}
|
|
99
|
+
# config.linkedin.access_permissions = ['r_basicprofile']
|
|
100
|
+
#
|
|
45
101
|
# Twitter wil not accept any requests nor redirect uri containing localhost,
|
|
46
102
|
# make sure you use 0.0.0.0:3000 to access your app in development
|
|
47
103
|
#
|
|
48
|
-
# config.twitter.key = "
|
|
49
|
-
# config.twitter.secret = "
|
|
104
|
+
# config.twitter.key = ""
|
|
105
|
+
# config.twitter.secret = ""
|
|
50
106
|
# config.twitter.callback_url = "http://0.0.0.0:3000/oauth/callback?provider=twitter"
|
|
51
107
|
# config.twitter.user_info_mapping = {:email => "screen_name"}
|
|
52
108
|
#
|
|
53
|
-
# config.facebook.key = "
|
|
54
|
-
# config.facebook.secret = "
|
|
109
|
+
# config.facebook.key = ""
|
|
110
|
+
# config.facebook.secret = ""
|
|
55
111
|
# config.facebook.callback_url = "http://0.0.0.0:3000/oauth/callback?provider=facebook"
|
|
56
112
|
# config.facebook.user_info_mapping = {:email => "name"}
|
|
113
|
+
# config.facebook.access_permissions = ["email", "publish_stream"]
|
|
57
114
|
#
|
|
58
115
|
# config.github.key = ""
|
|
59
116
|
# config.github.secret = ""
|
|
60
117
|
# config.github.callback_url = "http://0.0.0.0:3000/oauth/callback?provider=github"
|
|
61
118
|
# config.github.user_info_mapping = {:email => "name"}
|
|
62
119
|
#
|
|
63
|
-
# config.google.key = "
|
|
64
|
-
# config.google.secret = "
|
|
120
|
+
# config.google.key = ""
|
|
121
|
+
# config.google.secret = ""
|
|
65
122
|
# config.google.callback_url = "http://0.0.0.0:3000/oauth/callback?provider=google"
|
|
66
123
|
# config.google.user_info_mapping = {:email => "email", :username => "name"}
|
|
67
124
|
#
|
|
@@ -74,147 +131,287 @@ Rails.application.config.sorcery.configure do |config|
|
|
|
74
131
|
# config.liveid.callback_url = "http://mydomain.com:3000/oauth/callback?provider=liveid"
|
|
75
132
|
# config.liveid.user_info_mapping = {:username => "name"}
|
|
76
133
|
|
|
134
|
+
|
|
77
135
|
# --- user config ---
|
|
78
136
|
config.user_config do |user|
|
|
79
137
|
# -- core --
|
|
80
|
-
#
|
|
81
|
-
|
|
82
|
-
|
|
138
|
+
# specify username attributes, for example: [:username, :email].
|
|
139
|
+
# Default: `[:username]`
|
|
140
|
+
#
|
|
141
|
+
# user.username_attribute_names =
|
|
142
|
+
|
|
143
|
+
|
|
144
|
+
# change *virtual* password attribute, the one which is used until an encrypted one is generated.
|
|
145
|
+
# Default: `:password`
|
|
146
|
+
#
|
|
147
|
+
# user.password_attribute_name =
|
|
148
|
+
|
|
149
|
+
|
|
150
|
+
# downcase the username before trying to authenticate, default is false
|
|
151
|
+
# Default: `false`
|
|
152
|
+
#
|
|
153
|
+
# user.downcase_username_before_authenticating =
|
|
154
|
+
|
|
155
|
+
|
|
156
|
+
# change default email attribute.
|
|
157
|
+
# Default: `:email`
|
|
158
|
+
#
|
|
159
|
+
# user.email_attribute_name =
|
|
160
|
+
|
|
161
|
+
|
|
162
|
+
# change default crypted_password attribute.
|
|
163
|
+
# Default: `:crypted_password`
|
|
164
|
+
#
|
|
165
|
+
# user.crypted_password_attribute_name =
|
|
166
|
+
|
|
83
167
|
|
|
84
|
-
#
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
168
|
+
# what pattern to use to join the password with the salt
|
|
169
|
+
# Default: `""`
|
|
170
|
+
#
|
|
171
|
+
# user.salt_join_token =
|
|
88
172
|
|
|
89
|
-
# user.downcase_username_before_authenticating = false # downcase the username before
|
|
90
|
-
# trying to authenticate, default
|
|
91
|
-
# is false
|
|
92
173
|
|
|
93
|
-
#
|
|
174
|
+
# change default salt attribute.
|
|
175
|
+
# Default: `:salt`
|
|
176
|
+
#
|
|
177
|
+
# user.salt_attribute_name =
|
|
94
178
|
|
|
95
|
-
# user.crypted_password_attribute_name = :crypted_password # change default crypted_password
|
|
96
|
-
# attribute.
|
|
97
179
|
|
|
98
|
-
#
|
|
99
|
-
|
|
180
|
+
# how many times to apply encryption to the password.
|
|
181
|
+
# Default: `nil`
|
|
182
|
+
#
|
|
183
|
+
# user.stretches =
|
|
100
184
|
|
|
101
|
-
# user.salt_attribute_name = :salt # change default salt attribute.
|
|
102
185
|
|
|
103
|
-
#
|
|
104
|
-
|
|
186
|
+
# encryption key used to encrypt reversible encryptions such as AES256.
|
|
187
|
+
# WARNING: If used for users' passwords, changing this key will leave passwords undecryptable!
|
|
188
|
+
# Default: `nil`
|
|
189
|
+
#
|
|
190
|
+
# user.encryption_key =
|
|
105
191
|
|
|
106
|
-
# user.encryption_key = nil # encryption key used to encrypt
|
|
107
|
-
# reversible encryptions such as
|
|
108
|
-
# AES256.
|
|
109
|
-
#
|
|
110
|
-
# WARNING:
|
|
111
|
-
#
|
|
112
|
-
# If used for users' passwords, changing this key
|
|
113
|
-
# will leave passwords undecryptable!
|
|
114
192
|
|
|
115
|
-
#
|
|
116
|
-
|
|
193
|
+
# use an external encryption class.
|
|
194
|
+
# Default: `nil`
|
|
195
|
+
#
|
|
196
|
+
# user.custom_encryption_provider =
|
|
117
197
|
|
|
118
|
-
# user.encryption_algorithm = :bcrypt # encryption algorithm name. See
|
|
119
|
-
# 'encryption_algorithm=' for
|
|
120
|
-
# available options.
|
|
121
198
|
|
|
122
|
-
#
|
|
123
|
-
|
|
124
|
-
|
|
199
|
+
# encryption algorithm name. See 'encryption_algorithm=' for available options.
|
|
200
|
+
# Default: `:bcrypt`
|
|
201
|
+
#
|
|
202
|
+
# user.encryption_algorithm =
|
|
203
|
+
|
|
204
|
+
|
|
205
|
+
# make this configuration inheritable for subclasses. Useful for ActiveRecord's STI.
|
|
206
|
+
# Default: `false`
|
|
207
|
+
#
|
|
208
|
+
# user.subclasses_inherit_config =
|
|
209
|
+
|
|
125
210
|
|
|
126
211
|
# -- user_activation --
|
|
127
|
-
#
|
|
128
|
-
|
|
129
|
-
|
|
212
|
+
# the attribute name to hold activation state (active/pending).
|
|
213
|
+
# Default: `:activation_state`
|
|
214
|
+
#
|
|
215
|
+
# user.activation_state_attribute_name =
|
|
216
|
+
|
|
217
|
+
|
|
218
|
+
# the attribute name to hold activation code (sent by email).
|
|
219
|
+
# Default: `:activation_token`
|
|
220
|
+
#
|
|
221
|
+
# user.activation_token_attribute_name =
|
|
222
|
+
|
|
223
|
+
|
|
224
|
+
# the attribute name to hold activation code expiration date.
|
|
225
|
+
# Default: `:activation_token_expires_at`
|
|
226
|
+
#
|
|
227
|
+
# user.activation_token_expires_at_attribute_name =
|
|
228
|
+
|
|
229
|
+
|
|
230
|
+
# how many seconds before the activation code expires. nil for never expires.
|
|
231
|
+
# Default: `nil`
|
|
232
|
+
#
|
|
233
|
+
# user.activation_token_expiration_period =
|
|
234
|
+
|
|
130
235
|
|
|
131
|
-
#
|
|
132
|
-
|
|
236
|
+
# your mailer class. Required.
|
|
237
|
+
# Default: `nil`
|
|
238
|
+
#
|
|
239
|
+
# user.user_activation_mailer =
|
|
133
240
|
|
|
134
|
-
# user.activation_token_expires_at_attribute_name = :activation_token_expires_at # the attribute name to hold
|
|
135
|
-
# activation code expiration date.
|
|
136
241
|
|
|
137
|
-
#
|
|
138
|
-
|
|
139
|
-
|
|
242
|
+
# when true sorcery will not automatically
|
|
243
|
+
# email activation details and allow you to
|
|
244
|
+
# manually handle how and when email is sent.
|
|
245
|
+
# Default: `false`
|
|
246
|
+
#
|
|
247
|
+
# user.activation_mailer_disabled =
|
|
140
248
|
|
|
141
|
-
# user.user_activation_mailer = nil # your mailer class. Required.
|
|
142
249
|
|
|
143
|
-
#
|
|
144
|
-
|
|
250
|
+
# activation needed email method on your mailer class.
|
|
251
|
+
# Default: `:activation_needed_email`
|
|
252
|
+
#
|
|
253
|
+
# user.activation_needed_email_method_name =
|
|
145
254
|
|
|
146
|
-
# user.activation_success_email_method_name = :activation_success_email # activation success email method
|
|
147
|
-
# on your mailer class.
|
|
148
255
|
|
|
149
|
-
#
|
|
150
|
-
|
|
151
|
-
|
|
256
|
+
# activation success email method on your mailer class.
|
|
257
|
+
# Default: `:activation_success_email`
|
|
258
|
+
#
|
|
259
|
+
# user.activation_success_email_method_name =
|
|
260
|
+
|
|
261
|
+
|
|
262
|
+
# do you want to prevent or allow users that did not activate by email to login?
|
|
263
|
+
# Default: `true`
|
|
264
|
+
#
|
|
265
|
+
# user.prevent_non_active_users_to_login =
|
|
266
|
+
|
|
152
267
|
|
|
153
268
|
# -- reset_password --
|
|
154
|
-
#
|
|
155
|
-
|
|
269
|
+
# reset password code attribute name.
|
|
270
|
+
# Default: `:reset_password_token`
|
|
271
|
+
#
|
|
272
|
+
# user.reset_password_token_attribute_name =
|
|
273
|
+
|
|
274
|
+
|
|
275
|
+
# expires at attribute name.
|
|
276
|
+
# Default: `:reset_password_token_expires_at`
|
|
277
|
+
#
|
|
278
|
+
# user.reset_password_token_expires_at_attribute_name =
|
|
279
|
+
|
|
280
|
+
|
|
281
|
+
# when was email sent, used for hammering protection.
|
|
282
|
+
# Default: `:reset_password_email_sent_at`
|
|
283
|
+
#
|
|
284
|
+
# user.reset_password_email_sent_at_attribute_name =
|
|
285
|
+
|
|
286
|
+
|
|
287
|
+
# mailer class. Needed.
|
|
288
|
+
# Default: `nil`
|
|
289
|
+
#
|
|
290
|
+
# user.reset_password_mailer =
|
|
291
|
+
|
|
156
292
|
|
|
157
|
-
#
|
|
158
|
-
|
|
293
|
+
# reset password email method on your mailer class.
|
|
294
|
+
# Default: `:reset_password_email`
|
|
295
|
+
#
|
|
296
|
+
# user.reset_password_email_method_name =
|
|
159
297
|
|
|
160
|
-
# user.reset_password_email_sent_at_attribute_name = :reset_password_email_sent_at # when was email sent,
|
|
161
|
-
# used for hammering
|
|
162
|
-
# protection.
|
|
163
298
|
|
|
164
|
-
#
|
|
299
|
+
# when true sorcery will not automatically
|
|
300
|
+
# email password reset details and allow you to
|
|
301
|
+
# manually handle how and when email is sent
|
|
302
|
+
# Default: `false`
|
|
303
|
+
#
|
|
304
|
+
# user.reset_password_mailer_disabled =
|
|
165
305
|
|
|
166
|
-
# user.reset_password_email_method_name = :reset_password_email # reset password email
|
|
167
|
-
# method on your mailer
|
|
168
|
-
# class.
|
|
169
306
|
|
|
170
|
-
#
|
|
171
|
-
|
|
172
|
-
|
|
173
|
-
|
|
307
|
+
# how many seconds before the reset request expires. nil for never expires.
|
|
308
|
+
# Default: `nil`
|
|
309
|
+
#
|
|
310
|
+
# user.reset_password_expiration_period =
|
|
311
|
+
|
|
312
|
+
|
|
313
|
+
# hammering protection, how long to wait before allowing another email to be sent.
|
|
314
|
+
# Default: `5 * 60`
|
|
315
|
+
#
|
|
316
|
+
# user.reset_password_time_between_emails =
|
|
174
317
|
|
|
175
|
-
# user.reset_password_time_between_emails = 5 * 60 # hammering protection,
|
|
176
|
-
# how long to wait
|
|
177
|
-
# before allowing
|
|
178
|
-
# another email to be
|
|
179
|
-
# sent.
|
|
180
318
|
|
|
181
319
|
# -- brute_force_protection --
|
|
182
|
-
#
|
|
320
|
+
# Failed logins attribute name.
|
|
321
|
+
# Default: `:failed_logins_count`
|
|
322
|
+
#
|
|
323
|
+
# user.failed_logins_count_attribute_name =
|
|
324
|
+
|
|
325
|
+
|
|
326
|
+
# This field indicates whether user is banned and when it will be active again.
|
|
327
|
+
# Default: `:lock_expires_at`
|
|
328
|
+
#
|
|
329
|
+
# user.lock_expires_at_attribute_name =
|
|
330
|
+
|
|
183
331
|
|
|
184
|
-
#
|
|
185
|
-
|
|
186
|
-
|
|
332
|
+
# How many failed logins allowed.
|
|
333
|
+
# Default: `50`
|
|
334
|
+
#
|
|
335
|
+
# user.consecutive_login_retries_amount_limit =
|
|
187
336
|
|
|
188
|
-
# user.consecutive_login_retries_amount_limit = 50 # how many failed logins allowed.
|
|
189
337
|
|
|
190
|
-
#
|
|
191
|
-
|
|
192
|
-
|
|
338
|
+
# How long the user should be banned. in seconds. 0 for permanent.
|
|
339
|
+
# Default: `60 * 60`
|
|
340
|
+
#
|
|
341
|
+
# user.login_lock_time_period =
|
|
342
|
+
|
|
343
|
+
# Unlock token attribute name
|
|
344
|
+
# Default: `:unlock_token`
|
|
345
|
+
#
|
|
346
|
+
# user.unlock_token_attribute_name =
|
|
347
|
+
|
|
348
|
+
# Unlock token mailer method
|
|
349
|
+
# Default: `:send_unlock_token_email`
|
|
350
|
+
#
|
|
351
|
+
# user.unlock_token_email_method_name =
|
|
352
|
+
|
|
353
|
+
# when true sorcery will not automatically
|
|
354
|
+
# send email with unlock token
|
|
355
|
+
# Default: `false`
|
|
356
|
+
#
|
|
357
|
+
# user.unlock_token_mailer_disabled = true
|
|
358
|
+
|
|
359
|
+
# Unlock token mailer class
|
|
360
|
+
# Default: `nil`
|
|
361
|
+
#
|
|
362
|
+
# user.unlock_token_mailer = UserMailer
|
|
193
363
|
|
|
194
364
|
# -- activity logging --
|
|
195
|
-
#
|
|
196
|
-
#
|
|
197
|
-
#
|
|
198
|
-
# user.
|
|
199
|
-
|
|
365
|
+
# Last login attribute name.
|
|
366
|
+
# Default: `:last_login_at`
|
|
367
|
+
#
|
|
368
|
+
# user.last_login_at_attribute_name =
|
|
369
|
+
|
|
370
|
+
|
|
371
|
+
# Last logout attribute name.
|
|
372
|
+
# Default: `:last_logout_at`
|
|
373
|
+
#
|
|
374
|
+
# user.last_logout_at_attribute_name =
|
|
375
|
+
|
|
376
|
+
|
|
377
|
+
# Last activity attribute name.
|
|
378
|
+
# Default: `:last_activity_at`
|
|
379
|
+
#
|
|
380
|
+
# user.last_activity_at_attribute_name =
|
|
381
|
+
|
|
382
|
+
|
|
383
|
+
# How long since last activity is he user defined logged out?
|
|
384
|
+
# Default: `10 * 60`
|
|
385
|
+
#
|
|
386
|
+
# user.activity_timeout =
|
|
387
|
+
|
|
200
388
|
|
|
201
389
|
# -- external --
|
|
202
|
-
#
|
|
203
|
-
|
|
204
|
-
|
|
390
|
+
# Class which holds the various external provider data for this user.
|
|
391
|
+
# Default: `nil`
|
|
392
|
+
#
|
|
393
|
+
# user.authentications_class =
|
|
394
|
+
|
|
395
|
+
|
|
396
|
+
# User's identifier in authentications class.
|
|
397
|
+
# Default: `:user_id`
|
|
398
|
+
#
|
|
399
|
+
# user.authentications_user_id_attribute_name =
|
|
400
|
+
|
|
205
401
|
|
|
206
|
-
#
|
|
207
|
-
|
|
402
|
+
# Provider's identifier in authentications class.
|
|
403
|
+
# Default: `:provider`
|
|
404
|
+
#
|
|
405
|
+
# user.provider_attribute_name =
|
|
208
406
|
|
|
209
|
-
# user.provider_attribute_name = :provider # provider's identifier in
|
|
210
|
-
# authentications class.
|
|
211
407
|
|
|
212
|
-
#
|
|
213
|
-
|
|
214
|
-
|
|
408
|
+
# User's external unique identifier in authentications class.
|
|
409
|
+
# Default: `:uid`
|
|
410
|
+
#
|
|
411
|
+
# user.provider_uid_attribute_name =
|
|
215
412
|
end
|
|
216
413
|
|
|
217
414
|
# This line must come after the 'user config' block.
|
|
218
|
-
|
|
219
|
-
|
|
415
|
+
# Define which model authenticates with sorcery.
|
|
416
|
+
config.user_class = "<%= model_class_name %>"
|
|
220
417
|
end
|
|
@@ -2,10 +2,12 @@ class SorceryBruteForceProtection < ActiveRecord::Migration
|
|
|
2
2
|
def self.up
|
|
3
3
|
add_column :<%= model_class_name.tableize %>, :failed_logins_count, :integer, :default => 0
|
|
4
4
|
add_column :<%= model_class_name.tableize %>, :lock_expires_at, :datetime, :default => nil
|
|
5
|
+
add_column :<%= model_class_name.tableize %>, :unlock_token, :string, :default => nil
|
|
5
6
|
end
|
|
6
7
|
|
|
7
8
|
def self.down
|
|
8
9
|
remove_column :<%= model_class_name.tableize %>, :lock_expires_at
|
|
9
10
|
remove_column :<%= model_class_name.tableize %>, :failed_logins_count
|
|
11
|
+
remove_column :<%= model_class_name.tableize %>, :unlock_token
|
|
10
12
|
end
|
|
11
13
|
end
|
|
@@ -29,8 +29,7 @@ module Sorcery
|
|
|
29
29
|
# Resets the failed logins counter.
|
|
30
30
|
# Runs as a hook after a successful login.
|
|
31
31
|
def reset_failed_logins_count!(user, credentials)
|
|
32
|
-
user.
|
|
33
|
-
user.save!(:validate => false)
|
|
32
|
+
user.update_many_attributes(user_class.sorcery_config.failed_logins_count_attribute_name => 0)
|
|
34
33
|
end
|
|
35
34
|
end
|
|
36
35
|
end
|
|
@@ -20,9 +20,9 @@ module Sorcery
|
|
|
20
20
|
|
|
21
21
|
def get_access_token(args, options = {})
|
|
22
22
|
client = build_client(options)
|
|
23
|
-
client.auth_code.
|
|
23
|
+
client.auth_code.get_token(
|
|
24
24
|
args[:code],
|
|
25
|
-
:redirect_uri => @callback_url
|
|
25
|
+
{ :redirect_uri => @callback_url, :parse => options.delete(:parse) }, options
|
|
26
26
|
)
|
|
27
27
|
end
|
|
28
28
|
|
|
@@ -35,7 +35,8 @@ module Sorcery
|
|
|
35
35
|
:user_info_path,
|
|
36
36
|
:scope,
|
|
37
37
|
:user_info_mapping,
|
|
38
|
-
:display
|
|
38
|
+
:display,
|
|
39
|
+
:access_permissions
|
|
39
40
|
attr_reader :access_token
|
|
40
41
|
|
|
41
42
|
include Protocols::Oauth2
|
|
@@ -46,12 +47,16 @@ module Sorcery
|
|
|
46
47
|
@scope = "email,offline_access"
|
|
47
48
|
@user_info_mapping = {}
|
|
48
49
|
@display = "page"
|
|
50
|
+
@token_url = "oauth/access_token"
|
|
51
|
+
@mode = :query
|
|
52
|
+
@parse = :query
|
|
53
|
+
@param_name = "access_token"
|
|
49
54
|
end
|
|
50
55
|
|
|
51
56
|
def get_user_hash
|
|
52
57
|
user_hash = {}
|
|
53
58
|
response = @access_token.get(@user_info_path)
|
|
54
|
-
user_hash[:user_info] = JSON.parse(response)
|
|
59
|
+
user_hash[:user_info] = JSON.parse(response.body)
|
|
55
60
|
user_hash[:uid] = user_hash[:user_info]['id']
|
|
56
61
|
user_hash
|
|
57
62
|
end
|
|
@@ -65,12 +70,19 @@ module Sorcery
|
|
|
65
70
|
def login_url(params,session)
|
|
66
71
|
self.authorize_url
|
|
67
72
|
end
|
|
68
|
-
|
|
73
|
+
|
|
74
|
+
# overrides oauth2#authorize_url to allow customized scope.
|
|
75
|
+
def authorize_url
|
|
76
|
+
@scope = self.access_permissions.present? ? self.access_permissions.join(",") : @scope
|
|
77
|
+
super
|
|
78
|
+
end
|
|
79
|
+
|
|
69
80
|
# tries to login the user from access token
|
|
70
81
|
def process_callback(params,session)
|
|
71
82
|
args = {}
|
|
83
|
+
options = { :token_url => @token_url, :mode => @mode, :param_name => @param_name, :parse => @parse }
|
|
72
84
|
args.merge!({:code => params[:code]}) if params[:code]
|
|
73
|
-
@access_token = self.get_access_token(args)
|
|
85
|
+
@access_token = self.get_access_token(args, options)
|
|
74
86
|
end
|
|
75
87
|
|
|
76
88
|
end
|