sudo_rails 0.1.0 → 0.2.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 638291947f7e86c97efc387c94903a011517acb4782ce38e82203086ebd2435c
4
- data.tar.gz: 48ccb8a2114553330cab7e3fbe31e6ff36edb8a9ff1e8a709b549354cf9e6501
3
+ metadata.gz: 4b5f63db43fde756597153993a5ec14de3a2391e048fc221fc8630ca440d1688
4
+ data.tar.gz: 5be8d33df45adc1f9314555cbb65090cac0a0f8cc25a5fe5c114a67b31b84256
5
5
  SHA512:
6
- metadata.gz: a8ea7742c4449d1389c7f1c392f274ea371d14d6890dfcb3bb010c766e4d9d625a011314a41f1b1e04017c3ecb8f635582cef2e7907406f47a84533d5b27dc65
7
- data.tar.gz: 6c76d8fdc1c1ddda5376bd4cc466719ef386e1fdd349ed8e1a1f5d5aae94115374c67b5c3d276bf520cede3fc5b14cd4b3a3fd763413b7d818d3815d478ffe5e
6
+ metadata.gz: 7a36cf5217082dc574ebebd6bca0d8ee98bd2576db780ca19fe94af6be9bf421d077687756ae0539a16dfefe9ac58388d7c03832c48a0abc0b0b34954180c1af
7
+ data.tar.gz: 14ab4140a84df2017818dd98cdc405d77d388becf5a65a8b633a61390ca37dc0f8029add4f1bf86de153e1869c7b8efa54619d0ba9f8012f9493ecb72130ec75
data/README.md CHANGED
@@ -5,7 +5,7 @@
5
5
 
6
6
  > Sudo mode for your Rails controllers
7
7
 
8
- Protect :lock: any Rails action with a customizable password confirmation strategy.
8
+ :lock: Protect any Rails action with a customizable password confirmation strategy.
9
9
 
10
10
  ```ruby
11
11
  class SecretController < ApplicationController
@@ -13,7 +13,7 @@ class SecretController < ApplicationController
13
13
  end
14
14
  ```
15
15
 
16
- *Inspired by Unix `sudo` command and [GitHub Sudo mode](https://help.github.com/en/articles/sudo-mode).*
16
+ *Inspired by [Unix `sudo` command](https://en.wikipedia.org/wiki/Sudo) and [GitHub Sudo mode](https://help.github.com/en/articles/sudo-mode).*
17
17
 
18
18
  ## Installation
19
19
 
@@ -35,24 +35,71 @@ end
35
35
 
36
36
  ### Configuration
37
37
 
38
- You can use the `setup` method to customize different things:
38
+ You can use the `setup` method to configure and customize different things:
39
39
 
40
40
  ```ruby
41
41
  # config/initializers/sudo_rails.rb
42
42
  SudoRails.setup do |config|
43
+ # On/off engine
43
44
  config.enabled = true
44
- config.sudo_session_time = 20.minutes # default is 1 hour
45
- config.layout = 'admin'
45
+
46
+ # Sudo mode sessions duration, default is 1 hour
47
+ config.sudo_session_duration = 20.minutes
48
+
49
+ # Default confirmation page styles
46
50
  config.custom_logo = 'logos/medium_dark.png'
47
51
  config.primary_color = '#1A7191'
48
- config.reset_pass_link = '/users/password/new'
49
- config.confirm_with = -> (context, password) {
52
+ config.layout = 'admin'
53
+
54
+ # Confirmation strategy
55
+ config.confirm_strategy = -> (context, password) {
50
56
  user = context.current_user
51
57
  user.valid_password?(password)
52
58
  }
59
+ config.reset_pass_link = '/users/password/new'
53
60
  end
54
61
  ```
55
62
 
63
+ ### Styling
64
+
65
+ Using the `custom_logo` and `primary_color` options, you can customize the confirmation page. In case you want full control of the styles, you can use your own layout (and consequently your own styles too) using the `layout` option.
66
+
67
+ ### Confirmation strategy
68
+
69
+ You should define how to validate the password using the `confirm_strategy` option. It must be a `lambda`, which will receive 2 arguments: the controller instance (`context`) and the password from the user.
70
+
71
+ By default, the gem ships with `Devise` and `Clearance` integration.
72
+
73
+ Implementation examples:
74
+
75
+ ```ruby
76
+ # Devise implementation
77
+ config.confirm_strategy = -> (context, password) {
78
+ user = context.current_user
79
+ user.valid_password?(password)
80
+ }
81
+
82
+ # has_secure_password implementation
83
+ config.confirm_strategy = -> (context, password) {
84
+ user = context.current_user
85
+ user.authenticate(password)
86
+ }
87
+
88
+ # Other custom implementation
89
+ config.confirm_strategy = -> (context, password) {
90
+ user = context.current_user
91
+ user.admin? && password == ENV['SUPER_SECRET_PASSWORD']
92
+ }
93
+
94
+ config.confirm_strategy = -> (context, password) {
95
+ Auth.call(context.current_user.email, password)
96
+ }
97
+ ```
98
+
99
+ ### I18n
100
+
101
+ `sudo_rails` uses I18n by default. Take a look at our [locale file](config/locales/en.yml) to check all available messages.
102
+
56
103
  ## Development
57
104
 
58
105
  Any kind of feedback, bug report, idea or enhancement are really appreciated.
@@ -1,8 +1,7 @@
1
1
  body {
2
2
  text-align: center;
3
- font-size: 22px;
4
3
  font-family: Helvetica, Arial, sans-serif;
5
- background-color: #f9f9f9;
4
+ background-color: #ececec;
6
5
  transform: translateY(20%);
7
6
  }
8
7
 
@@ -17,31 +16,31 @@ body {
17
16
  .sudo-form {
18
17
  background-color: #fff;
19
18
  border-radius: 5px;
20
- border: 1px solid #d8dee2;
21
- font-size: 14px;
22
19
  padding: 20px;
23
20
  margin: 10px auto;
24
21
  width: 340px;
22
+ box-shadow: 0 4px 8px 0 rgba(0, 0, 0, 0.1), 0 6px 20px 0 rgba(0, 0, 0, 0.1);
25
23
 
26
24
  input {
27
25
  display: block;
28
26
  width: 100%;
29
27
  font-size: 16px;
30
28
  line-height: 30px;
31
- padding: 4px;
29
+ padding: 2px;
32
30
  border-radius: 5px;
33
- border: 1px solid #d8dee2;
31
+ border: 1px solid #ececec;
34
32
  }
35
33
 
36
34
  input[type="submit"] {
37
35
  margin: 20px auto;
38
36
  width: 60%;
39
37
  padding: 4px;
40
- background-color: #d8dee2;
38
+ background-color: #ececec;
41
39
  border-radius: 25px;
42
40
  }
43
41
  }
44
42
 
45
43
  .sudo-tip {
44
+ margin-top: 20px;
46
45
  font-size: 14px;
47
46
  }
@@ -3,7 +3,7 @@ module SudoRails
3
3
  before_action :sudo_enabled?
4
4
 
5
5
  def confirm
6
- if request.post? && confirm_sudo?
6
+ if request.post? && SudoRails.confirm?(self, params[:password])
7
7
  session[:sudo_rails_session] = Time.zone.now
8
8
  redirect_to params[:target_path]
9
9
  else
@@ -16,10 +16,5 @@ module SudoRails
16
16
  def sudo_enabled?
17
17
  SudoRails.enabled || head(404, message: "SudoRails disabled")
18
18
  end
19
-
20
- def confirm_sudo?
21
- block = SudoRails.confirm_with
22
- block.call(self, params[:password])
23
- end
24
19
  end
25
20
  end
@@ -3,7 +3,7 @@
3
3
  <head>
4
4
  <%= csrf_meta_tags %>
5
5
  <%= stylesheet_link_tag "sudo_rails/application", media: "all" %>
6
- <%= render 'sudo_rails/inject_custom_styles' if SudoRails.primary_color %>
6
+ <%= render 'sudo_rails/inject_custom_styles' if SudoRails.custom_styles? %>
7
7
  </head>
8
8
  <body>
9
9
  <%= yield %>
@@ -3,22 +3,21 @@
3
3
  <%= image_tag SudoRails.custom_logo %>
4
4
  <% end %>
5
5
 
6
- <h3>Confirm password to continue</h3>
6
+ <h2><%= t('sudo_rails.page_header') %></h2>
7
7
  </header>
8
8
 
9
9
  <div class='sudo-form'>
10
10
  <%= form_tag '/sudo_rails/confirm' do |f| %>
11
11
  <%= hidden_field_tag :target_path, params[:target_path] || request.url %>
12
- <%= password_field_tag :password, nil, required: true, placeholder: 'Password' %>
13
- <%= submit_tag 'Confirm password' %>
12
+ <%= password_field_tag :password, nil, required: true, placeholder: t('sudo_rails.password') %>
13
+ <%= submit_tag t('sudo_rails.button') %>
14
14
  <% end %>
15
15
 
16
16
  <% if SudoRails.reset_pass_link %>
17
- <%= link_to 'Forgot your password?', SudoRails.reset_pass_link, target: '_blank' %>
17
+ <%= link_to t('sudo_rails.forgot_pass'), SudoRails.reset_pass_link, target: '_blank' %>
18
18
  <% end %>
19
19
  </div>
20
20
 
21
21
  <div class='sudo-tip'>
22
- You are entering <b>sudo mode</b>.<br>
23
- We won’t ask for your password again for <i><%= time_ago_in_words(SudoRails.sudo_session_time.ago) %></i>.
22
+ <%= t('sudo_rails.tip', session_duration: time_ago_in_words(SudoRails.sudo_session_duration.ago)).html_safe %>
24
23
  </div>
@@ -0,0 +1,9 @@
1
+ en:
2
+ sudo_rails:
3
+ page_header: Confirm password to continue
4
+ button: Confirm password
5
+ password: Password
6
+ forgot_pass: Forgot your password?
7
+ tip: |-
8
+ You are entering <b>sudo mode</b>.<br>
9
+ We won’t ask for your password again for <i>%{session_duration}</i>.
@@ -14,7 +14,7 @@ module SudoRails
14
14
  def self.valid_sudo_session?(started_at)
15
15
  return false unless started_at
16
16
 
17
- Time.parse(started_at) + SudoRails.sudo_session_time > Time.zone.now
17
+ Time.parse(started_at) + SudoRails.sudo_session_duration > Time.zone.now
18
18
  end
19
19
  end
20
20
  end
@@ -0,0 +1,7 @@
1
+ SudoRails.setup do |config|
2
+ config.confirm_strategy = -> (context, password) {
3
+ user = context.current_user
4
+ user.authenticated?(password)
5
+ }
6
+ config.reset_pass_link = "/passwords/new"
7
+ end
@@ -0,0 +1,8 @@
1
+ SudoRails.setup do |config|
2
+ config.confirm_strategy = -> (context, password) {
3
+ user = context.current_user
4
+ user.valid_password?(password)
5
+ }
6
+ config.reset_pass_link = "/users/password/new"
7
+ end
8
+
@@ -1,3 +1,3 @@
1
1
  module SudoRails
2
- VERSION = "0.1.0"
2
+ VERSION = "0.2.0"
3
3
  end
data/lib/sudo_rails.rb CHANGED
@@ -8,8 +8,8 @@ module SudoRails
8
8
  :layout,
9
9
  :custom_logo,
10
10
  :primary_color,
11
- :confirm_with,
12
- :sudo_session_time,
11
+ :confirm_strategy,
12
+ :sudo_session_duration,
13
13
  :reset_pass_link
14
14
 
15
15
  def setup
@@ -19,16 +19,22 @@ module SudoRails
19
19
  def get_layout
20
20
  layout || 'sudo_rails/application'
21
21
  end
22
+
23
+ def custom_styles?
24
+ primary_color.present?
25
+ end
26
+
27
+ def confirm?(context, password)
28
+ strategy = confirm_strategy
29
+ raise(ArgumentError, 'Please, provide an strategy via SudoRails.confirm_strategy') unless strategy
30
+
31
+ strategy.call(context, password)
32
+ end
22
33
  end
23
34
 
24
35
  self.enabled = true
25
- self.sudo_session_time = 1.hour
26
-
27
- if defined?(Devise)
28
- self.confirm_with = -> (context, password) {
29
- user = context.current_user
30
- user.valid_password?(password)
31
- }
32
- self.reset_pass_link = "/users/password/new"
33
- end
36
+ self.sudo_session_duration = 1.hour
34
37
  end
38
+
39
+ require 'sudo_rails/integrations/devise' if defined?(Devise)
40
+ require 'sudo_rails/integrations/clearance' if defined?(Clearance)
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: sudo_rails
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.0
4
+ version: 0.2.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - markets
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-05-01 00:00:00.000000000 Z
11
+ date: 2019-05-02 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rails
@@ -67,9 +67,12 @@ files:
67
67
  - app/views/layouts/sudo_rails/application.html.erb
68
68
  - app/views/sudo_rails/_inject_custom_styles.html.erb
69
69
  - app/views/sudo_rails/confirm_form.html.erb
70
+ - config/locales/en.yml
70
71
  - lib/sudo_rails.rb
71
72
  - lib/sudo_rails/controller_ext.rb
72
73
  - lib/sudo_rails/engine.rb
74
+ - lib/sudo_rails/integrations/clearance.rb
75
+ - lib/sudo_rails/integrations/devise.rb
73
76
  - lib/sudo_rails/version.rb
74
77
  homepage: https://github.com/markets/sudo_rails
75
78
  licenses: