standard_id 0.14.2 → 0.14.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/db/migrate/20260414200000_add_target_created_at_index_to_code_challenges.rb +7 -0
- data/lib/standard_id/authorization_bypass.rb +8 -0
- data/lib/standard_id/passwordless/base_strategy.rb +23 -11
- data/lib/standard_id/passwordless/verification_service.rb +4 -5
- data/lib/standard_id/version.rb +1 -1
- metadata +2 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 47ce66e4e4b242fd96a90cda7b20a9316e31642551ebe6c94ae660336f8f0b2c
|
|
4
|
+
data.tar.gz: a1a6d6f746f2ef0590aec0b5d6c4cc51472e04030af53e30d8546495d2556f03
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: f323ce02474f8d4fc98a8aa4466616f15e58b9a5f6174336c91c0f9bc02c22e95862909963d0470271b49dc588fb0abcfcd2434c17a7ece79952d7547ed81ddf
|
|
7
|
+
data.tar.gz: 03a24d819ad4f699be3d97ce26e8dcf04873b373ff55c03e31f0de475a014198053a1927bf6539de40c0398855490be01ea4bc77dbe093d1f381f67eddfb8608
|
|
@@ -103,6 +103,14 @@ module StandardId
|
|
|
103
103
|
# Must remain public because it is invoked from a to_prepare lambda
|
|
104
104
|
# registered in apply, which executes outside this module's scope.
|
|
105
105
|
def apply_skips!
|
|
106
|
+
# ControllerPolicy lives in app/controllers/concerns/ and is autoloaded
|
|
107
|
+
# by Zeitwerk. When apply is called early (e.g. from a Rails initializer),
|
|
108
|
+
# the constant may not be loaded yet. This is safe to skip — controllers
|
|
109
|
+
# that register later will receive skips via apply_to_controller (called
|
|
110
|
+
# from ControllerPolicy.register), and the to_prepare block re-runs
|
|
111
|
+
# apply_skips! after class loading is complete.
|
|
112
|
+
return unless defined?(StandardId::ControllerPolicy)
|
|
113
|
+
|
|
106
114
|
StandardId::ControllerPolicy.registry_snapshot.each do |policy, controllers|
|
|
107
115
|
controllers.each { |controller| apply_to_controller(controller, policy) }
|
|
108
116
|
end
|
|
@@ -28,18 +28,30 @@ module StandardId
|
|
|
28
28
|
protected
|
|
29
29
|
|
|
30
30
|
def create_challenge!(username)
|
|
31
|
-
|
|
31
|
+
ActiveRecord::Base.transaction do
|
|
32
|
+
invalidate_active_challenges!(username)
|
|
33
|
+
|
|
34
|
+
code = generate_otp_code
|
|
35
|
+
|
|
36
|
+
StandardId::CodeChallenge.create!(
|
|
37
|
+
realm: "authentication",
|
|
38
|
+
channel: connection_type,
|
|
39
|
+
target: username,
|
|
40
|
+
code: code,
|
|
41
|
+
expires_at: StandardId.config.passwordless.code_ttl.seconds.from_now,
|
|
42
|
+
ip_address: StandardId::Utils::IpNormalizer.normalize(request.remote_ip),
|
|
43
|
+
user_agent: request.user_agent
|
|
44
|
+
)
|
|
45
|
+
end
|
|
46
|
+
end
|
|
32
47
|
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
user_agent: request.user_agent
|
|
41
|
-
)
|
|
42
|
-
cc
|
|
48
|
+
# Uses update_all for a single UPDATE statement (no N+1). This bypasses
|
|
49
|
+
# ActiveRecord callbacks intentionally — CodeChallenge has no after-save
|
|
50
|
+
# hooks today. If callbacks are added to CodeChallenge#use!, revisit this.
|
|
51
|
+
def invalidate_active_challenges!(username)
|
|
52
|
+
StandardId::CodeChallenge.active
|
|
53
|
+
.where(realm: "authentication", channel: connection_type, target: username)
|
|
54
|
+
.update_all(used_at: Time.current)
|
|
43
55
|
end
|
|
44
56
|
|
|
45
57
|
def generate_otp_code
|
|
@@ -200,11 +200,10 @@ module StandardId
|
|
|
200
200
|
end
|
|
201
201
|
|
|
202
202
|
def find_active_challenge
|
|
203
|
-
StandardId::CodeChallenge.active
|
|
204
|
-
realm: "authentication",
|
|
205
|
-
|
|
206
|
-
|
|
207
|
-
)
|
|
203
|
+
StandardId::CodeChallenge.active
|
|
204
|
+
.where(realm: "authentication", channel: @channel, target: @target)
|
|
205
|
+
.order(created_at: :desc)
|
|
206
|
+
.first
|
|
208
207
|
end
|
|
209
208
|
|
|
210
209
|
# NOTE: The update! here can raise ActiveRecord::RecordInvalid, which is
|
data/lib/standard_id/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: standard_id
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.14.
|
|
4
|
+
version: 0.14.4
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Jaryl Sim
|
|
@@ -205,6 +205,7 @@ files:
|
|
|
205
205
|
- db/migrate/20260311000000_add_provider_to_standard_id_identifiers.rb
|
|
206
206
|
- db/migrate/20260311100000_create_standard_id_refresh_tokens.rb
|
|
207
207
|
- db/migrate/20260311100001_add_nullify_to_refresh_token_previous_token_fk.rb
|
|
208
|
+
- db/migrate/20260414200000_add_target_created_at_index_to_code_challenges.rb
|
|
208
209
|
- lib/generators/standard_id/install/install_generator.rb
|
|
209
210
|
- lib/generators/standard_id/install/templates/standard_id.rb
|
|
210
211
|
- lib/standard_config.rb
|