sorcery 0.9.1 → 0.16.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/.github/FUNDING.yml +1 -0
- data/.github/ISSUE_TEMPLATE.md +24 -0
- data/.github/PULL_REQUEST_TEMPLATE.md +7 -0
- data/.github/workflows/ruby.yml +70 -0
- data/.gitignore +3 -0
- data/.rubocop.yml +55 -0
- data/.rubocop_todo.yml +163 -0
- data/CHANGELOG.md +132 -34
- data/CODE_OF_CONDUCT.md +14 -0
- data/Gemfile +3 -17
- data/{LICENSE.txt → LICENSE.md} +1 -1
- data/MAINTAINING.md +64 -0
- data/README.md +146 -269
- data/Rakefile +4 -2
- data/SECURITY.md +19 -0
- data/gemfiles/rails_52.gemfile +7 -0
- data/gemfiles/rails_60.gemfile +7 -0
- data/gemfiles/rails_61.gemfile +7 -0
- data/gemfiles/rails_70.gemfile +7 -0
- data/lib/generators/sorcery/USAGE +1 -1
- data/lib/generators/sorcery/helpers.rb +8 -4
- data/lib/generators/sorcery/install_generator.rb +41 -35
- data/lib/generators/sorcery/templates/initializer.rb +216 -112
- data/lib/generators/sorcery/templates/migration/activity_logging.rb +7 -7
- data/lib/generators/sorcery/templates/migration/brute_force_protection.rb +5 -5
- data/lib/generators/sorcery/templates/migration/core.rb +5 -7
- data/lib/generators/sorcery/templates/migration/external.rb +4 -4
- data/lib/generators/sorcery/templates/migration/magic_login.rb +9 -0
- data/lib/generators/sorcery/templates/migration/remember_me.rb +5 -5
- data/lib/generators/sorcery/templates/migration/reset_password.rb +7 -6
- data/lib/generators/sorcery/templates/migration/user_activation.rb +6 -6
- data/lib/sorcery/adapters/active_record_adapter.rb +11 -21
- data/lib/sorcery/adapters/mongoid_adapter.rb +23 -11
- data/lib/sorcery/controller/config.rb +27 -23
- data/lib/sorcery/controller/submodules/activity_logging.rb +16 -18
- data/lib/sorcery/controller/submodules/brute_force_protection.rb +1 -2
- data/lib/sorcery/controller/submodules/external.rb +69 -44
- data/lib/sorcery/controller/submodules/http_basic_auth.rb +18 -19
- data/lib/sorcery/controller/submodules/remember_me.rb +16 -16
- data/lib/sorcery/controller/submodules/session_timeout.rb +33 -11
- data/lib/sorcery/controller.rb +50 -35
- data/lib/sorcery/crypto_providers/aes256.rb +17 -16
- data/lib/sorcery/crypto_providers/bcrypt.rb +26 -22
- data/lib/sorcery/crypto_providers/common.rb +1 -1
- data/lib/sorcery/crypto_providers/md5.rb +5 -5
- data/lib/sorcery/crypto_providers/sha1.rb +5 -5
- data/lib/sorcery/crypto_providers/sha256.rb +2 -2
- data/lib/sorcery/crypto_providers/sha512.rb +3 -3
- data/lib/sorcery/engine.rb +19 -11
- data/lib/sorcery/model/config.rb +73 -50
- data/lib/sorcery/model/submodules/activity_logging.rb +31 -12
- data/lib/sorcery/model/submodules/brute_force_protection.rb +38 -31
- data/lib/sorcery/model/submodules/external.rb +22 -10
- data/lib/sorcery/model/submodules/magic_login.rb +130 -0
- data/lib/sorcery/model/submodules/remember_me.rb +19 -7
- data/lib/sorcery/model/submodules/reset_password.rb +64 -42
- data/lib/sorcery/model/submodules/user_activation.rb +52 -54
- data/lib/sorcery/model/temporary_token.rb +30 -7
- data/lib/sorcery/model.rb +65 -40
- data/lib/sorcery/protocols/oauth.rb +4 -9
- data/lib/sorcery/protocols/oauth2.rb +0 -2
- data/lib/sorcery/providers/auth0.rb +46 -0
- data/lib/sorcery/providers/base.rb +4 -4
- data/lib/sorcery/providers/battlenet.rb +51 -0
- data/lib/sorcery/providers/discord.rb +52 -0
- data/lib/sorcery/providers/facebook.rb +8 -11
- data/lib/sorcery/providers/github.rb +5 -7
- data/lib/sorcery/providers/google.rb +3 -5
- data/lib/sorcery/providers/heroku.rb +7 -8
- data/lib/sorcery/providers/instagram.rb +73 -0
- data/lib/sorcery/providers/jira.rb +12 -17
- data/lib/sorcery/providers/line.rb +63 -0
- data/lib/sorcery/providers/linkedin.rb +44 -35
- data/lib/sorcery/providers/liveid.rb +4 -7
- data/lib/sorcery/providers/microsoft.rb +59 -0
- data/lib/sorcery/providers/paypal.rb +60 -0
- data/lib/sorcery/providers/salesforce.rb +3 -5
- data/lib/sorcery/providers/slack.rb +45 -0
- data/lib/sorcery/providers/twitter.rb +4 -6
- data/lib/sorcery/providers/vk.rb +8 -9
- data/lib/sorcery/providers/wechat.rb +81 -0
- data/lib/sorcery/providers/xing.rb +7 -10
- data/lib/sorcery/test_helpers/internal/rails.rb +25 -17
- data/lib/sorcery/test_helpers/internal.rb +15 -14
- data/lib/sorcery/test_helpers/rails/controller.rb +1 -1
- data/lib/sorcery/test_helpers/rails/integration.rb +5 -6
- data/lib/sorcery/test_helpers/rails/request.rb +20 -0
- data/lib/sorcery/version.rb +1 -1
- data/lib/sorcery.rb +4 -17
- data/sorcery.gemspec +43 -28
- data/spec/active_record/user_activation_spec.rb +4 -5
- data/spec/active_record/user_activity_logging_spec.rb +4 -6
- data/spec/active_record/user_brute_force_protection_spec.rb +5 -6
- data/spec/active_record/user_magic_login_spec.rb +15 -0
- data/spec/active_record/user_oauth_spec.rb +5 -6
- data/spec/active_record/user_remember_me_spec.rb +5 -6
- data/spec/active_record/user_reset_password_spec.rb +4 -5
- data/spec/active_record/user_spec.rb +7 -17
- data/spec/controllers/controller_activity_logging_spec.rb +13 -24
- data/spec/controllers/controller_brute_force_protection_spec.rb +8 -10
- data/spec/controllers/controller_http_basic_auth_spec.rb +20 -21
- data/spec/controllers/controller_oauth2_spec.rb +297 -158
- data/spec/controllers/controller_oauth_spec.rb +97 -71
- data/spec/controllers/controller_remember_me_spec.rb +49 -36
- data/spec/controllers/controller_session_timeout_spec.rb +106 -20
- data/spec/controllers/controller_spec.rb +87 -111
- data/spec/orm/active_record.rb +3 -3
- data/spec/providers/example_provider_spec.rb +17 -0
- data/spec/providers/example_spec.rb +17 -0
- data/spec/providers/examples_spec.rb +17 -0
- data/spec/providers/vk_spec.rb +42 -0
- data/spec/rails_app/app/active_record/authentication.rb +1 -1
- data/spec/rails_app/app/active_record/user.rb +2 -2
- data/spec/rails_app/app/assets/config/manifest.js +1 -0
- data/spec/rails_app/app/controllers/application_controller.rb +2 -0
- data/spec/rails_app/app/controllers/sorcery_controller.rb +250 -46
- data/spec/rails_app/app/mailers/sorcery_mailer.rb +23 -17
- data/spec/rails_app/app/views/sorcery_mailer/magic_login_email.html.erb +13 -0
- data/spec/rails_app/app/views/sorcery_mailer/magic_login_email.text.erb +6 -0
- data/spec/rails_app/config/application.rb +14 -9
- data/spec/rails_app/config/boot.rb +2 -2
- data/spec/rails_app/config/environment.rb +1 -1
- data/spec/rails_app/config/environments/test.rb +1 -1
- data/spec/rails_app/config/initializers/compatible_legacy_migration.rb +11 -0
- data/spec/rails_app/config/initializers/session_store.rb +3 -3
- data/spec/rails_app/config/routes.rb +31 -1
- data/spec/rails_app/config/secrets.yml +4 -0
- data/spec/rails_app/config.ru +1 -1
- data/spec/rails_app/db/migrate/activation/20101224223622_add_activation_to_users.rb +4 -4
- data/spec/rails_app/db/migrate/activity_logging/20101224223624_add_activity_logging_to_users.rb +10 -10
- data/spec/rails_app/db/migrate/brute_force_protection/20101224223626_add_brute_force_protection_to_users.rb +5 -5
- data/spec/rails_app/db/migrate/core/20101224223620_create_users.rb +5 -5
- data/spec/rails_app/db/migrate/external/20101224223628_create_authentications_and_user_providers.rb +3 -3
- data/spec/rails_app/db/migrate/invalidate_active_sessions/20180221093235_add_invalidate_active_sessions_before_to_users.rb +9 -0
- data/spec/rails_app/db/migrate/magic_login/20170924151831_add_magic_login_to_users.rb +17 -0
- data/spec/rails_app/db/migrate/remember_me/20101224223623_add_remember_me_token_to_users.rb +6 -6
- data/spec/rails_app/db/migrate/reset_password/20101224223622_add_reset_password_to_users.rb +7 -5
- data/spec/rails_app/db/schema.rb +7 -9
- data/spec/shared_examples/user_activation_shared_examples.rb +177 -58
- data/spec/shared_examples/user_activity_logging_shared_examples.rb +47 -41
- data/spec/shared_examples/user_brute_force_protection_shared_examples.rb +19 -24
- data/spec/shared_examples/user_magic_login_shared_examples.rb +150 -0
- data/spec/shared_examples/user_oauth_shared_examples.rb +7 -10
- data/spec/shared_examples/user_remember_me_shared_examples.rb +91 -22
- data/spec/shared_examples/user_reset_password_shared_examples.rb +153 -58
- data/spec/shared_examples/user_shared_examples.rb +328 -145
- data/spec/sorcery_crypto_providers_spec.rb +122 -75
- data/spec/sorcery_temporary_token_spec.rb +27 -0
- data/spec/spec.opts +1 -1
- data/spec/spec_helper.rb +19 -14
- data/spec/support/migration_helper.rb +29 -0
- data/spec/support/providers/example.rb +11 -0
- data/spec/support/providers/example_provider.rb +11 -0
- data/spec/support/providers/examples.rb +11 -0
- metadata +119 -89
- data/.travis.yml +0 -132
- data/gemfiles/active_record-rails40.gemfile +0 -7
- data/gemfiles/active_record-rails41.gemfile +0 -7
- data/gemfiles/mongo_mapper-rails40.gemfile +0 -9
- data/gemfiles/mongo_mapper-rails41.gemfile +0 -9
- data/gemfiles/mongoid-rails40.gemfile +0 -9
- data/gemfiles/mongoid-rails41.gemfile +0 -9
- data/gemfiles/mongoid3-rails32.gemfile +0 -9
- data/lib/sorcery/adapters/data_mapper_adapter.rb +0 -176
- data/lib/sorcery/adapters/mongo_mapper_adapter.rb +0 -110
- data/lib/sorcery/railties/tasks.rake +0 -6
- data/spec/data_mapper/user_activation_spec.rb +0 -10
- data/spec/data_mapper/user_activity_logging_spec.rb +0 -14
- data/spec/data_mapper/user_brute_force_protection_spec.rb +0 -9
- data/spec/data_mapper/user_oauth_spec.rb +0 -9
- data/spec/data_mapper/user_remember_me_spec.rb +0 -8
- data/spec/data_mapper/user_reset_password_spec.rb +0 -8
- data/spec/data_mapper/user_spec.rb +0 -27
- data/spec/mongo_mapper/user_activation_spec.rb +0 -9
- data/spec/mongo_mapper/user_activity_logging_spec.rb +0 -8
- data/spec/mongo_mapper/user_brute_force_protection_spec.rb +0 -8
- data/spec/mongo_mapper/user_oauth_spec.rb +0 -8
- data/spec/mongo_mapper/user_remember_me_spec.rb +0 -8
- data/spec/mongo_mapper/user_reset_password_spec.rb +0 -8
- data/spec/mongo_mapper/user_spec.rb +0 -37
- data/spec/mongoid/user_activation_spec.rb +0 -9
- data/spec/mongoid/user_activity_logging_spec.rb +0 -8
- data/spec/mongoid/user_brute_force_protection_spec.rb +0 -8
- data/spec/mongoid/user_oauth_spec.rb +0 -8
- data/spec/mongoid/user_remember_me_spec.rb +0 -8
- data/spec/mongoid/user_reset_password_spec.rb +0 -8
- data/spec/mongoid/user_spec.rb +0 -51
- data/spec/orm/data_mapper.rb +0 -48
- data/spec/orm/mongo_mapper.rb +0 -10
- data/spec/orm/mongoid.rb +0 -22
- data/spec/rails_app/app/data_mapper/authentication.rb +0 -8
- data/spec/rails_app/app/data_mapper/user.rb +0 -7
- data/spec/rails_app/app/mongo_mapper/authentication.rb +0 -6
- data/spec/rails_app/app/mongo_mapper/user.rb +0 -7
- data/spec/rails_app/app/mongoid/authentication.rb +0 -7
- data/spec/rails_app/app/mongoid/user.rb +0 -7
- data/spec/rails_app/config/initializers/secret_token.rb +0 -7
- data/spec/rails_app/log/development.log +0 -1791
data/README.md
CHANGED
@@ -1,96 +1,113 @@
|
|
1
|
-
|
2
|
-
[![Code Climate](https://codeclimate.com/github/NoamB/sorcery.png)](https://codeclimate.com/github/NoamB/sorcery)
|
3
|
-
[![Inline docs](http://inch-ci.org/github/NoamB/sorcery.png?branch=master)](http://inch-ci.org/github/NoamB/sorcery)
|
1
|
+
# Sorcery: Magical Authentication
|
4
2
|
|
5
|
-
|
6
|
-
|
7
|
-
|
3
|
+
[![Gem Version](https://badge.fury.io/rb/sorcery.svg)](https://rubygems.org/gems/sorcery)
|
4
|
+
[![Gem Downloads](https://img.shields.io/gem/dt/sorcery.svg)](https://rubygems.org/gems/sorcery)
|
5
|
+
[![Build Status](https://github.com/Sorcery/sorcery/actions/workflows/ruby.yml/badge.svg?branch=master)](https://github.com/Sorcery/sorcery/actions/workflows/ruby.yml)
|
8
6
|
|
9
|
-
|
10
|
-
almost unchanged from Authlogic. OAuth code inspired by OmniAuth and Ryan
|
11
|
-
Bates's railscasts about it.
|
7
|
+
Magical Authentication for Rails. Supports ActiveRecord, DataMapper, Mongoid and MongoMapper.
|
12
8
|
|
13
|
-
|
14
|
-
Until then we'll continue releasing `0.9.x` version with bug fixed.
|
9
|
+
Inspired by Restful Authentication, Authlogic and Devise. Crypto code taken almost unchanged from Authlogic. OAuth code inspired by OmniAuth and Ryan Bates's Railscast about it.
|
15
10
|
|
16
|
-
|
17
|
-
**Mongoid status:** Version 0.9.0 works with Mongoid 4.
|
11
|
+
### Philosophy
|
18
12
|
|
19
|
-
|
13
|
+
Sorcery is a stripped-down, bare-bones authentication library, with which you can write your own authentication flow. It was built with a few goals in mind:
|
20
14
|
|
21
|
-
|
15
|
+
- Less is more - less than 20 public methods to remember for the entire feature-set make the lib easy to 'get'.
|
16
|
+
- No built-in or generated code - use the library's methods inside *your own* MVC structures, and don't fight to fix someone else's.
|
17
|
+
- Magic yes, Voodoo no - the lib should be easy to hack for most developers.
|
18
|
+
- Configuration over Confusion - Centralized (1 file), Simple & short configuration as possible, not drowning in syntactic sugar.
|
19
|
+
- Keep MVC cleanly separated - DB is for models, sessions are for controllers. Models stay unaware of sessions.
|
22
20
|
|
23
|
-
|
24
|
-
can write your own authentication flow. It was built with a few goals in mind:
|
21
|
+
## Table of Contents
|
25
22
|
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
Hopefully, I've achieved this. If not, let me know.
|
23
|
+
1. [Useful Links](#useful-links)
|
24
|
+
2. [API Summary](#api-summary)
|
25
|
+
3. [Installation](#installation)
|
26
|
+
4. [Configuration](#configuration)
|
27
|
+
5. [Full Features List by Module](#full-features-list-by-module)
|
28
|
+
6. [Planned Features](#planned-features)
|
29
|
+
7. [Contributing](#contributing)
|
30
|
+
8. [Contact](#contact)
|
31
|
+
9. [License](#license)
|
38
32
|
|
39
33
|
## Useful Links
|
40
34
|
|
41
|
-
[Documentation](http://rubydoc.info/gems/sorcery)
|
42
|
-
[Railscast](http://railscasts.com/episodes/283-authentication-with-sorcery)
|
35
|
+
- [Documentation](http://rubydoc.info/gems/sorcery)
|
36
|
+
- [Railscast](http://railscasts.com/episodes/283-authentication-with-sorcery)
|
37
|
+
- [Simple tutorial](https://github.com/Sorcery/sorcery/wiki/Simple-Password-Authentication)
|
38
|
+
- [Example Rails app](https://github.com/Sorcery/sorcery-example-app)
|
43
39
|
|
44
|
-
Check out the tutorials in the [
|
40
|
+
Check out the tutorials in the [wiki](https://github.com/Sorcery/sorcery/wiki) for more:
|
41
|
+
|
42
|
+
- [DataMapper Support](https://github.com/Sorcery/sorcery/wiki/DataMapper-Support)
|
43
|
+
- [DelayedJob Integration](https://github.com/Sorcery/sorcery/wiki/DelayedJob-Integration)
|
44
|
+
- [Simple Password Authentication](https://github.com/Sorcery/sorcery/wiki/Simple-Password-Authentication)
|
45
|
+
- [Single Table Inheritance Support](https://github.com/Sorcery/sorcery/wiki/Single-Table-Inheritance-Support)
|
46
|
+
- [Upgrading](https://github.com/Sorcery/sorcery/wiki/Upgrading)
|
45
47
|
|
46
48
|
## API Summary
|
47
49
|
|
48
50
|
Below is a summary of the library methods. Most method names are self
|
49
51
|
explaining and the rest are commented:
|
50
52
|
|
53
|
+
### Core
|
51
54
|
|
52
|
-
### core
|
53
55
|
```ruby
|
54
|
-
require_login #
|
56
|
+
require_login # This is a before action
|
55
57
|
login(email, password, remember_me = false)
|
56
|
-
auto_login(user)#
|
58
|
+
auto_login(user) # Login without credentials
|
57
59
|
logout
|
58
|
-
logged_in?
|
59
|
-
current_user
|
60
|
-
redirect_back_or_to #
|
61
|
-
@user.external? #
|
62
|
-
@user.active_for_authentication? #
|
60
|
+
logged_in? # Available in views
|
61
|
+
current_user # Available in views
|
62
|
+
redirect_back_or_to # Use when a user tries to access a page while logged out, is asked to login, and we want to return him back to the page he originally wanted
|
63
|
+
@user.external? # Users who signed up using Facebook, Twitter, etc.
|
64
|
+
@user.active_for_authentication? # Add this method to define behaviour that will prevent selected users from signing in
|
65
|
+
@user.valid_password?('secret') # Compares 'secret' with the actual user's password, returns true if they match
|
63
66
|
User.authenticates_with_sorcery!
|
64
67
|
```
|
65
68
|
|
66
|
-
###
|
69
|
+
### HTTP Basic Auth
|
70
|
+
|
67
71
|
```ruby
|
68
|
-
require_login_from_http_basic #
|
72
|
+
require_login_from_http_basic # This is a before action
|
69
73
|
```
|
70
74
|
|
71
|
-
###
|
75
|
+
### External
|
76
|
+
|
72
77
|
```ruby
|
73
|
-
login_at(provider) #
|
74
|
-
login_from(provider) #
|
75
|
-
create_from(provider) #
|
78
|
+
login_at(provider) # Sends the user to an external service (Facebook, Twitter, etc.) to authenticate
|
79
|
+
login_from(provider) # Tries to login from the external provider's callback
|
80
|
+
create_from(provider) # Create the user in the local app database
|
81
|
+
build_from(provider) # Build user instance using user_info_mappings
|
76
82
|
```
|
77
83
|
|
78
|
-
###
|
84
|
+
### Remember Me
|
85
|
+
|
79
86
|
```ruby
|
80
|
-
auto_login(user, should_remember=false)
|
87
|
+
auto_login(user, should_remember = false) # Login without credentials, optional remember_me
|
81
88
|
remember_me!
|
82
89
|
forget_me!
|
90
|
+
force_forget_me! # Forgets all sessions by clearing the token, even if remember_me_token_persist_globally is set to true
|
83
91
|
```
|
84
92
|
|
85
|
-
###
|
93
|
+
### Reset Password
|
94
|
+
|
86
95
|
```ruby
|
87
96
|
User.load_from_reset_password_token(token)
|
88
|
-
@user.generate_reset_password_token! # if you want to send the email by
|
89
|
-
@user.deliver_reset_password_instructions! #
|
90
|
-
@user.change_password
|
97
|
+
@user.generate_reset_password_token! # Use if you want to send the email by yourself
|
98
|
+
@user.deliver_reset_password_instructions! # Generates the token and sends the email
|
99
|
+
@user.change_password(new_password)
|
100
|
+
@user.change_password!(new_password) # Same as change_password but raises exception on save
|
91
101
|
```
|
92
102
|
|
93
|
-
###
|
103
|
+
### Session Timeout
|
104
|
+
|
105
|
+
```ruby
|
106
|
+
invalidate_active_sessions! #Invalidate all sessions with a login_time or last_action_time before the current time. Must Opt-in
|
107
|
+
```
|
108
|
+
|
109
|
+
### User Activation
|
110
|
+
|
94
111
|
```ruby
|
95
112
|
User.load_from_activation_token(token)
|
96
113
|
@user.setup_activation
|
@@ -101,272 +118,132 @@ Please see the tutorials in the github wiki for detailed usage information.
|
|
101
118
|
|
102
119
|
## Installation
|
103
120
|
|
104
|
-
|
121
|
+
Add this line to your application's Gemfile:
|
105
122
|
|
106
123
|
```ruby
|
107
|
-
gem
|
124
|
+
gem 'sorcery'
|
108
125
|
```
|
109
126
|
|
110
|
-
And
|
127
|
+
And then execute:
|
111
128
|
|
112
|
-
|
113
|
-
bundle install
|
114
|
-
```
|
129
|
+
$ bundle
|
115
130
|
|
116
|
-
|
131
|
+
Or install it yourself as:
|
117
132
|
|
118
|
-
|
119
|
-
gem install sorcery
|
120
|
-
```
|
133
|
+
$ gem install sorcery
|
121
134
|
|
122
|
-
##
|
135
|
+
## Configuration
|
123
136
|
|
124
|
-
|
125
|
-
|
126
|
-
```
|
137
|
+
Run the following command to generate the core migration file, the initializer file and the
|
138
|
+
`User` model class.
|
127
139
|
|
128
|
-
|
129
|
-
'User' model class.
|
140
|
+
$ rails generate sorcery:install
|
130
141
|
|
131
|
-
|
132
|
-
rails generate sorcery:install remember_me reset_password
|
133
|
-
```
|
142
|
+
Run the following command generate the migrations files for remember_me and reset_password submodules and will create the initializer file (and add submodules to it), and create the `User` model class.
|
134
143
|
|
135
|
-
|
136
|
-
submodules and will create the initializer file (and add submodules to it),
|
137
|
-
and create the 'User' model class.
|
144
|
+
$ rails generate sorcery:install remember_me reset_password
|
138
145
|
|
139
|
-
|
140
|
-
rails generate sorcery:install --model Person
|
141
|
-
```
|
146
|
+
Run the following command to generate the core migration file, the initializer and change the model class (in the initializer and migration files) to the class `Person` (and its pluralized version, 'people')
|
142
147
|
|
143
|
-
|
144
|
-
model class (in the initializer and migration files) to the class 'Person'
|
145
|
-
(and its pluralized version, 'people')
|
148
|
+
$ rails generate sorcery:install --model Person
|
146
149
|
|
147
|
-
|
148
|
-
rails generate sorcery:install http_basic_auth external remember_me --only-submodules
|
149
|
-
```
|
150
|
+
Run the following command to generate only the migration files for the specified submodules and will add them to the initializer file.
|
150
151
|
|
151
|
-
|
152
|
-
will add them to the initializer file.
|
152
|
+
$ rails generate sorcery:install http_basic_auth external remember_me --only-submodules
|
153
153
|
|
154
154
|
Inside the initializer, the comments will tell you what each setting does.
|
155
155
|
|
156
|
-
##
|
157
|
-
|
158
|
-
By default emails are sent synchronously. You can send them asynchronously by
|
159
|
-
using the [delayed_job gem](https://github.com/collectiveidea/delayed_job).
|
160
|
-
|
161
|
-
After implementing the `delayed_job` into your project add the code below at
|
162
|
-
the end of the `config/initializers/sorcery.rb` file. After that all emails
|
163
|
-
will be sent asynchronously.
|
164
|
-
|
165
|
-
```ruby
|
166
|
-
module Sorcery
|
167
|
-
module Model
|
168
|
-
module InstanceMethods
|
169
|
-
def generic_send_email(method, mailer)
|
170
|
-
config = sorcery_config
|
171
|
-
mail = config.send(mailer).delay.send(config.send(method), self)
|
172
|
-
end
|
173
|
-
end
|
174
|
-
end
|
175
|
-
end
|
176
|
-
```
|
177
|
-
|
178
|
-
Sidekiq and Resque integrations are coming soon.
|
179
|
-
|
180
|
-
## Single Table Inheritance (STI) Support
|
181
|
-
STI is supported via a single setting in config/initializers/sorcery.rb.
|
182
|
-
|
183
|
-
## Full Features List by module
|
184
|
-
|
185
|
-
**Core** (see [lib/sorcery/model.rb](https://github.com/NoamB/sorcery/blob/master/lib/sorcery/model.rb) and
|
186
|
-
[lib/sorcery/controller.rb](https://github.com/NoamB/sorcery/blob/master/lib/sorcery/controller.rb)):
|
187
|
-
|
188
|
-
* login/logout, optional return user to requested url on login, configurable
|
189
|
-
redirect for non-logged-in users.
|
190
|
-
* password encryption, algorithms: bcrypt(default), md5, sha1, sha256,
|
191
|
-
sha512, aes256, custom(yours!), none. Configurable stretches and salt.
|
192
|
-
* configurable attribute names for username, password and email.
|
193
|
-
* allow multiple fields to serve as username.
|
156
|
+
## Full Features List by Module
|
194
157
|
|
158
|
+
**Core** (see [lib/sorcery/model.rb](https://github.com/Sorcery/sorcery/blob/master/lib/sorcery/model.rb) and [lib/sorcery/controller.rb](https://github.com/Sorcery/sorcery/blob/master/lib/sorcery/controller.rb)):
|
195
159
|
|
196
|
-
|
160
|
+
- Login / logout, optional return user to requested url on login, configurable redirect for non-logged-in users.
|
161
|
+
- Password encryption, algorithms: bcrypt (default), MD5, SHA-1, SHA-256, SHA-512, AES or custom. Configurable stretches and salt.
|
162
|
+
- Configurable attribute names for username, password and email.
|
163
|
+
- Allow multiple fields to serve as username.
|
197
164
|
|
198
|
-
|
199
|
-
* configurable attribute names.
|
200
|
-
* configurable mailer, method name, and attribute name.
|
201
|
-
* configurable temporary token expiration.
|
202
|
-
* Optionally prevent non-active users to login.
|
165
|
+
**User Activation** (see [lib/sorcery/model/submodules/user_activation.rb](https://github.com/Sorcery/sorcery/blob/master/lib/sorcery/model/submodules/user_activation.rb)):
|
203
166
|
|
167
|
+
- User activation by email with optional success email
|
168
|
+
- Configurable attribute names
|
169
|
+
- Configurable mailer, method name, and attribute name
|
170
|
+
- Configurable temporary token expiration
|
171
|
+
- Optionally prevent non-active users to login
|
204
172
|
|
205
|
-
**Reset Password** (see [lib/sorcery/model/submodules/reset_password.rb](https://github.com/
|
173
|
+
**Reset Password** (see [lib/sorcery/model/submodules/reset_password.rb](https://github.com/Sorcery/sorcery/blob/master/lib/sorcery/model/submodules/reset_password.rb)):
|
206
174
|
|
207
|
-
|
208
|
-
|
209
|
-
|
210
|
-
|
175
|
+
- Reset password with email verification
|
176
|
+
- Configurable mailer, method name, and attribute name
|
177
|
+
- Configurable temporary token expiration
|
178
|
+
- Configurable time between emails (hammering protection)
|
211
179
|
|
180
|
+
**Remember Me** (see [lib/sorcery/model/submodules/remember_me.rb](https://github.com/Sorcery/sorcery/blob/master/lib/sorcery/model/submodules/remember_me.rb)):
|
212
181
|
|
213
|
-
|
182
|
+
- Remember me with configurable expiration
|
183
|
+
- Configurable attribute names
|
184
|
+
- Configurable to persist globally (supporting multiple browsers at the same time), or starting anew after each login
|
214
185
|
|
215
|
-
|
216
|
-
* configurable attribute names.
|
186
|
+
**Session Timeout** (see [lib/sorcery/controller/submodules/session_timeout.rb](https://github.com/Sorcery/sorcery/blob/master/lib/sorcery/controller/submodules/session_timeout.rb)):
|
217
187
|
|
188
|
+
- Configurable session timeout
|
189
|
+
- Optionally session timeout will be calculated from last user action
|
190
|
+
- Optionally enable a method to clear all active sessions, expects an `invalidate_sessions_before` datetime attribute.
|
218
191
|
|
219
|
-
**
|
192
|
+
**Brute Force Protection** (see [lib/sorcery/model/submodules/brute_force_protection.rb](https://github.com/Sorcery/sorcery/blob/master/lib/sorcery/model/submodules/brute_force_protection.rb)):
|
220
193
|
|
221
|
-
|
222
|
-
|
194
|
+
- Brute force login hammering protection
|
195
|
+
- configurable logins before lock and lock duration
|
223
196
|
|
197
|
+
**Basic HTTP Authentication** (see [lib/sorcery/controller/submodules/http_basic_auth.rb](https://github.com/Sorcery/sorcery/blob/master/lib/sorcery/controller/submodules/http_basic_auth.rb)):
|
224
198
|
|
225
|
-
|
199
|
+
- A before action for requesting authentication with HTTP Basic
|
200
|
+
- Automatic login from HTTP Basic
|
201
|
+
- Automatic login is disabled if session key changed
|
226
202
|
|
227
|
-
|
228
|
-
* configurable logins before lock and lock duration.
|
203
|
+
**Activity Logging** (see [lib/sorcery/model/submodules/activity_logging.rb](https://github.com/Sorcery/sorcery/blob/master/lib/sorcery/model/submodules/activity_logging.rb)):
|
229
204
|
|
205
|
+
- Automatic logging of last login, last logout, last activity time and IP address for last login
|
206
|
+
- Configurable timeout by which to decide whether to include a user in the list of logged in users
|
230
207
|
|
231
|
-
**
|
208
|
+
**External** (see [lib/sorcery/controller/submodules/external.rb](https://github.com/Sorcery/sorcery/blob/master/lib/sorcery/controller/submodules/external.rb)):
|
232
209
|
|
233
|
-
|
234
|
-
|
235
|
-
|
210
|
+
- OAuth1 and OAuth2 support (currently: Twitter, Facebook, Github, Google, Heroku, LinkedIn, VK, LiveID, Xing, Salesforce)
|
211
|
+
- Configurable database column names
|
212
|
+
- Authentications table
|
236
213
|
|
214
|
+
## Planned Features
|
237
215
|
|
238
|
-
|
216
|
+
- Passing a block to encrypt, allowing the developer to define his own mix of salting and encrypting
|
217
|
+
- Forgot username, maybe as part of the reset_password module
|
218
|
+
- Scoping logins (to a subdomain or another arbitrary field)
|
219
|
+
- Allowing storing the salt and encrypted password in the same DB field for extra security
|
220
|
+
- Other reset password strategies (security questions?)
|
221
|
+
- Other brute force protection strategies (captcha)
|
239
222
|
|
240
|
-
|
241
|
-
address for last login.
|
242
|
-
* an easy method of collecting the list of currently logged in users.
|
243
|
-
* configurable timeout by which to decide whether to include a user in the
|
244
|
-
list of logged in users.
|
223
|
+
Have an idea? Let us know, and it might get into the gem!
|
245
224
|
|
225
|
+
## Contributing
|
246
226
|
|
247
|
-
|
227
|
+
Bug reports and pull requests are welcome on GitHub at https://github.com/Sorcery/sorcery.
|
248
228
|
|
249
|
-
|
250
|
-
|
251
|
-
* configurable db field names and authentications table.
|
252
|
-
|
253
|
-
|
254
|
-
## Next Planned Features
|
255
|
-
|
256
|
-
I've got some thoughts which include (unordered):
|
257
|
-
|
258
|
-
* Passing a block to encrypt, allowing the developer to define his own mix
|
259
|
-
of salting and encrypting
|
260
|
-
* Forgot username, maybe as part of the reset_password module
|
261
|
-
* Scoping logins (to a subdomain or another arbitrary field)
|
262
|
-
* Allowing storing the salt and crypted password in the same DB field for
|
263
|
-
extra security
|
264
|
-
* Other reset password strategies (security questions?)
|
265
|
-
* Other brute force protection strategies (captcha)
|
266
|
-
|
267
|
-
|
268
|
-
Have an idea? Let me know, and it might get into the gem!
|
269
|
-
|
270
|
-
## Backward compatibility
|
271
|
-
|
272
|
-
While the lib is young and evolving fast I'm breaking backward compatibility
|
273
|
-
quite often. I'm constantly finding better ways to do things and throwing away
|
274
|
-
old ways. To let you know when things are changing in a non-compatible way,
|
275
|
-
I'm bumping the minor version of the gem. The patch version changes are
|
276
|
-
backward compatible.
|
277
|
-
|
278
|
-
In short, an app that works with x.3.1 should be able to upgrade to x.3.2 with
|
279
|
-
no code changes. The same cannot be said about upgrading to x.4.0 and above,
|
280
|
-
however.
|
281
|
-
|
282
|
-
## DataMapper Support
|
283
|
-
|
284
|
-
Important notes:
|
285
|
-
|
286
|
-
* Expected to work with DM adapters: dm-mysql-adapter,
|
287
|
-
dm-redis-adapter.
|
288
|
-
* Submodules DM adapter dependent: activity_logging (dm-mysql-adapter)
|
289
|
-
* Usage: include DataMapper::Resource in user model, follow sorcery
|
290
|
-
instructions (remember to add property id, validators and accessor
|
291
|
-
attributes such as password and password_confirmation)
|
292
|
-
* Option downcase__username_before_authenticating and dm-mysql,
|
293
|
-
http://datamapper.lighthouseapp.com/projects/20609/tickets/1105-add-support-for-definingchanging-default-collation
|
294
|
-
|
295
|
-
## Upgrading
|
296
|
-
|
297
|
-
Important notes while upgrading:
|
298
|
-
|
299
|
-
* If you are upgrading from <= **0.8.6** and you use Sorcery model methods in your app,
|
300
|
-
you might need to change them from `user.method` to `user.sorcery_adapter.method` and from
|
301
|
-
`User.method` to `User.sorcery_adapter_method`
|
302
|
-
|
303
|
-
* If you are upgrading from <= **0.8.5** and you're using Sorcery test helpers,
|
304
|
-
you need to change the way you include them to following code:
|
305
|
-
|
306
|
-
```ruby
|
307
|
-
RSpec.configure do |config|
|
308
|
-
config.include Sorcery::TestHelpers::Rails::Controller, type: :controller
|
309
|
-
config.include Sorcery::TestHelpers::Rails::Integration, type: :feature
|
310
|
-
end
|
311
|
-
```
|
312
|
-
|
313
|
-
* If are upgrading to **0.8.2** and use activity_logging feature with
|
314
|
-
ActiveRecord, you will have to add a new column
|
315
|
-
`last_login_from_ip_address`
|
316
|
-
[#465](https://github.com/NoamB/sorcery/issues/465)
|
317
|
-
* Sinatra support existed until **v0.7.0** (including), but was dropped
|
318
|
-
later due to being a maintenance nightmare.
|
319
|
-
* If upgrading from <= **0.6.1 to >= **0.7.0** you need to change
|
320
|
-
'username
|
321
|
-
_attribute_name' to 'username_attribute_names' in initializer.
|
322
|
-
* If upgrading from <= **v0.5.1** to >= **v0.5.2** you need to explicitly
|
323
|
-
set your user_class model in the initializer file.
|
324
|
-
|
325
|
-
```ruby
|
326
|
-
# This line must come after the 'user config' block.
|
327
|
-
config.user_class = User
|
328
|
-
```
|
329
|
-
|
330
|
-
|
331
|
-
## Contributing to sorcery
|
332
|
-
|
333
|
-
Your feedback is very welcome and will make this gem much much better for you,
|
334
|
-
me and everyone else. Besides feedback on code, features, suggestions and bug
|
335
|
-
reports, you may want to actually make an impact on the code. For this:
|
336
|
-
|
337
|
-
* Fork it.
|
338
|
-
* Fix it.
|
339
|
-
* Test it.
|
340
|
-
* Commit it.
|
341
|
-
* Send me a pull request so I'll... Pull it.
|
342
|
-
|
343
|
-
|
344
|
-
If you feel sorcery has made your life easier, and you would like to express
|
345
|
-
your thanks via a donation, my paypal email is in the contact details.
|
229
|
+
- [Git Workflow](https://github.com/Sorcery/sorcery/wiki/Git-Workflow)
|
230
|
+
- [Running the specs](https://github.com/Sorcery/sorcery/wiki/Running-the-specs)
|
346
231
|
|
347
232
|
## Contact
|
348
233
|
|
349
234
|
Feel free to ask questions using these contact details:
|
350
235
|
|
351
|
-
|
352
|
-
|
353
|
-
email: nbenari@gmail.com ( also for paypal )
|
354
|
-
|
355
|
-
twitter: @nbenari
|
356
|
-
|
357
|
-
#### Kir Shatrov
|
358
|
-
|
359
|
-
email: shatrov@me.com
|
360
|
-
|
361
|
-
twitter: @Kiiiir
|
236
|
+
**Current Maintainers:**
|
362
237
|
|
363
|
-
|
238
|
+
- Josh Buker ([@athix](https://github.com/athix)) | [Email](mailto:crypto+sorcery@joshbuker.com?subject=Sorcery)
|
364
239
|
|
365
|
-
|
240
|
+
**Past Maintainers:**
|
366
241
|
|
367
|
-
|
242
|
+
- Noam Ben-Ari ([@NoamB](https://github.com/NoamB)) | [Email](mailto:nbenari@gmail.com) | [Twitter](https://twitter.com/nbenari)
|
243
|
+
- Kir Shatrov ([@kirs](https://github.com/kirs)) | [Email](mailto:shatrov@me.com) | [Twitter](https://twitter.com/Kiiiir)
|
244
|
+
- Grzegorz Witek ([@arnvald](https://github.com/arnvald)) | [Email](mailto:arnvald.to@gmail.com) | [Twitter](https://twitter.com/arnvald)
|
245
|
+
- Chase Gilliam ([@Ch4s3](https://github.com/Ch4s3)) | [Email](mailto:chase.gilliam@gmail.com)
|
368
246
|
|
369
|
-
##
|
247
|
+
## License
|
370
248
|
|
371
|
-
|
372
|
-
further details.
|
249
|
+
The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).
|
data/Rakefile
CHANGED
data/SECURITY.md
ADDED
@@ -0,0 +1,19 @@
|
|
1
|
+
# Security Policy
|
2
|
+
|
3
|
+
## Supported Versions
|
4
|
+
|
5
|
+
| Version | Supported |
|
6
|
+
| --------- | ------------------ |
|
7
|
+
| ~> 0.16.0 | :white_check_mark: |
|
8
|
+
| ~> 0.15.0 | :white_check_mark: |
|
9
|
+
| < 0.15.0 | :x: |
|
10
|
+
|
11
|
+
## Reporting a Vulnerability
|
12
|
+
|
13
|
+
Email the current maintainer(s) with a description of the vulnerability. You
|
14
|
+
should expect a response within 48 hours. If the vulnerability is accepted, a
|
15
|
+
Github advisory will be created and eventually released with a CVE corresponding
|
16
|
+
to the issue found.
|
17
|
+
|
18
|
+
A list of the current maintainers can be found on the README under the contact
|
19
|
+
section. See: [README.md](https://github.com/Sorcery/sorcery#contact)
|
@@ -4,16 +4,20 @@ module Sorcery
|
|
4
4
|
private
|
5
5
|
|
6
6
|
def sorcery_config_path
|
7
|
-
|
7
|
+
'config/initializers/sorcery.rb'
|
8
8
|
end
|
9
9
|
|
10
10
|
# Either return the model passed in a classified form or return the default "User".
|
11
11
|
def model_class_name
|
12
|
-
options[:model] ? options[:model].classify :
|
12
|
+
options[:model] ? options[:model].classify : 'User'
|
13
|
+
end
|
14
|
+
|
15
|
+
def tableized_model_class
|
16
|
+
options[:model] ? options[:model].gsub(/::/, '').tableize : 'users'
|
13
17
|
end
|
14
18
|
|
15
19
|
def model_path
|
16
|
-
@model_path ||= File.join(
|
20
|
+
@model_path ||= File.join('app', 'models', "#{file_path}.rb")
|
17
21
|
end
|
18
22
|
|
19
23
|
def file_path
|
@@ -33,7 +37,7 @@ module Sorcery
|
|
33
37
|
[namespace.to_s] + [model_class_name]
|
34
38
|
else
|
35
39
|
[model_class_name]
|
36
|
-
end.join(
|
40
|
+
end.join('::')
|
37
41
|
end
|
38
42
|
end
|
39
43
|
end
|