standard_id 0.7.0 → 0.7.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/lib/standard_id/config/schema.rb +1 -1
  3. data/lib/standard_id/passwordless/verification_service.rb +15 -0
  4. data/lib/standard_id/version.rb +1 -1
  5. metadata +1 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: f8e7433ee5b0ef4a2da21afc993c2106cac0d69d03af4fb842f5ab2d8cf2e71b
4
- data.tar.gz: 7a4eb0f649f83157a77a1200d249eb79391de044470caad81c2bbbd2cc0906b1
3
+ metadata.gz: 79293d8af473e409c125e4412da31b1438fc0099efea935116d9036978251395
4
+ data.tar.gz: 568d1a2c768b0bbf17385c02781ec8193ef6a6b94da5118d1b4383755718ccbb
5
5
  SHA512:
6
- metadata.gz: fd06a2fa4d70147dadaa175cfd371861a0d723ec38b79cf4991c5d7dab0fb29667f08378654ec17a382673575af501b53d7bd84a1dc750766985e58326639abb
7
- data.tar.gz: 6686d5ced7aad0df56e585b454e614bb1ddb941a97c7843c97907dfa3ad05682e699a610ee25c31242b2dc8347827991c8e5f41b3a226e2a0c3c314d7bd5ff47
6
+ metadata.gz: 855acbd34604cd3a626d041daf889f3329259cdd23aab12e5f0055e1e75ddd55b728be1103b9b286602d045b1f37f34ef2be6251d96a77609e7e1f69414aa557
7
+ data.tar.gz: 3c99a235eb70e8713093d8bc4231677c888eae0f392aed5ccd72bcc09f65147d74c3e6355b877c5928d27a5c40622df6c4e450030da2b2d9affdc5264258d4dd
data/lib/standard_id/config/schema.rb CHANGED
@@ -33,7 +33,7 @@ StandardConfig.schema.draw do
33
33
  field :code_ttl, type: :integer, default: 600 # 10 minutes in seconds
34
34
  field :max_attempts, type: :integer, default: 3
35
35
  field :retry_delay, type: :integer, default: 30 # 30 seconds
36
- field :bypass_code, type: :string, default: nil
36
+ field :bypass_code, type: :string, default: nil # E2E testing only — NEVER set in production
37
37
  end
38
38
 
39
39
  scope :password do
data/lib/standard_id/passwordless/verification_service.rb CHANGED
@@ -133,14 +133,29 @@ module StandardId
133
133
  # When a bypass_code is configured and the submitted code matches,
134
134
  # skip the CodeChallenge lookup entirely. This allows E2E testing
135
135
  # tools (e.g. Playwright) to verify OTPs without a real challenge.
136
+ #
137
+ # Events are intentionally emitted with bypass: true so audit log
138
+ # subscribers can distinguish bypass logins from real OTP logins.
136
139
  def try_bypass
137
140
  bypass_code = StandardId.config.passwordless.bypass_code
138
141
  return unless bypass_code.present?
142
+
143
+ if defined?(Rails) && Rails.env.production?
144
+ raise "STANDARD_ID_BYPASS_CODE must not be set in production"
145
+ end
146
+
139
147
  return unless secure_compare(bypass_code, @code)
140
148
 
141
149
  strategy = strategy_for(@channel)
142
150
  account = strategy.find_or_create_account(@target)
143
151
 
152
+ StandardId::Events.publish(
153
+ StandardId::Events::OTP_VALIDATED,
154
+ account: account,
155
+ channel: @channel,
156
+ bypass: true
157
+ )
158
+
144
159
  success(account: account, challenge: nil)
145
160
  end
146
161
 
data/lib/standard_id/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module StandardId
2
- VERSION = "0.7.0"
2
+ VERSION = "0.7.1"
3
3
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: standard_id
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.7.0
4
+ version: 0.7.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Jaryl Sim