sudo_rails 0.7.0 → 0.9.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 9b83893c9eec976687c8c2025317dc0e3b0b3174cc128868a0d4cdb079c83bfc
4
- data.tar.gz: cf24b4e05521fc40d24e31e061c5fc71efb0b63af7eacfcff0164d35d60ac0e4
3
+ metadata.gz: ef841eee5e065e49eef95c49c95313b4ca06085ad72a9d8823a57601a8d77dab
4
+ data.tar.gz: a63794f0c1285c3a90ce9241032c906543f5865656525f2f578c5a0931f948b3
5
5
  SHA512:
6
- metadata.gz: 650c2237a64d202041e45f50b3831362af5077d5f1b35e56482d7c93326482c1b022896cd39a215e199c8a52aaf638db7db0b6a90bf7d5bbbb3e37dddf8e32fb
7
- data.tar.gz: 25f83106ff3762ff132b442f186f2f82966595a82ee7390fef99a9b3a415b87a6cf882adadf14fb6e283a2f35c2b786673f0ff50bd8230cba7e329cff1bd803c
6
+ metadata.gz: f9468293ceac9777f6b7f79fc115e3822e6ebb2bb20a8b166f8f78f3c3fe719e3014333644a8e516697357c03d5694a2b0427f35b9b1db5b8b235ce9b764f309
7
+ data.tar.gz: 9eaed5ed8dc3674198512128b94e22cb9b5f9f7079ca384af2daca03de8aad7f13576a6f535626c106db5e67fed9a59570be3d392842caf722674236915f93f6
data/LICENSE CHANGED
@@ -1,4 +1,4 @@
1
- Copyright 2019-2020 Marc Anguera Insa @markets
1
+ Copyright 2019 Marc Anguera Insa @markets
2
2
 
3
3
  Permission is hereby granted, free of charge, to any person obtaining
4
4
  a copy of this software and associated documentation files (the
data/README.md CHANGED
@@ -1,7 +1,7 @@
1
1
  # Sudo Rails
2
2
 
3
3
  [![Gem](https://img.shields.io/gem/v/sudo_rails.svg?style=flat-square)](https://rubygems.org/gems/sudo_rails)
4
- [![Build Status](https://travis-ci.com/markets/sudo_rails.svg?branch=master)](https://travis-ci.com/markets/sudo_rails)
4
+ [![Build Status](https://github.com/markets/sudo_rails/workflows/CI/badge.svg)](https://github.com/markets/sudo_rails/actions)
5
5
  [![Maintainability](https://api.codeclimate.com/v1/badges/322350adc7ab052beccb/maintainability)](https://codeclimate.com/github/markets/sudo_rails/maintainability)
6
6
 
7
7
  > Sudo mode for your Rails controllers
@@ -16,6 +16,8 @@ end
16
16
 
17
17
  *Inspired by [Unix `sudo` command](https://en.wikipedia.org/wiki/Sudo) and [GitHub Sudo mode](https://help.github.com/en/articles/sudo-mode).*
18
18
 
19
+ ![](support/images/cover.png)
20
+
19
21
  ## Installation
20
22
 
21
23
  Add this line to your Gemfile and then execute `bundle install`:
@@ -68,9 +70,23 @@ SudoRails.setup do |config|
68
70
 
69
71
  # Reset password link
70
72
  config.reset_pass_link = '/users/password/new'
73
+
74
+ # Subscribe to different events
75
+ config.callbacks = {
76
+ invalid_sudo_session: -> (context) {
77
+ user = context.current_user
78
+ AuthService.send_code(user)
79
+ },
80
+ invalid_confirmation: -> (context) {
81
+ user = context.current_user
82
+ Rails.logger.warn("[SUDO_RAILS] invalid password for #{user.email}")
83
+ }
84
+ }
71
85
  end
72
86
  ```
73
87
 
88
+ Use the provided `sudo_rails:config` generator to create a default config file under your *initializers* folder.
89
+
74
90
  ### Sudo sessions
75
91
 
76
92
  Using the `sudo_session_duration` option you are able to configure the `sudo` session duration (30 minutes by default).
@@ -81,9 +97,11 @@ If you set it to `nil`, your `sudo` session won't expire automatically and you w
81
97
 
82
98
  Using the `custom_logo`, `primary_color` and `background_color` options, you can customize the confirmation page. In case you want full control of the styles, you can use your own layout (and consequently your own styles too) using the `layout` option.
83
99
 
84
- See some :camera: [examples here](support/images/).
100
+ See some :camera: [examples here](support/images/examples/).
85
101
 
86
- **NOTE** If you are using your own layout, don't forget to render the flash messages in that layout. You can do something like [this](app/views/sudo_rails/_flash_alert.html.erb).
102
+ > ℹ️ If you are using your own layout, don't forget to render the flash messages in that layout. You can do something [like this](app/views/sudo_rails/_flash_alert.html.erb).
103
+
104
+ You can also override the view by calling the `sudo_rails:view` generator. This will create a copy of the view file at `app/views/sudo_rails/confirm_form.html.erb` which can be later modified as per your requirements.
87
105
 
88
106
  ### Confirmation strategy
89
107
 
@@ -91,6 +109,8 @@ You should define how to validate the password using the `confirm_strategy` opti
91
109
 
92
110
  By default, the gem ships with `Devise` and `Clearance` integration. Check it [here](lib/sudo_rails/integrations/).
93
111
 
112
+ > ℹ️ In order to autoload `Devise` or `Clearance` strategy properly, you should place the `sudo_rails` gem after them in the Gemfile.
113
+
94
114
  Implementation examples:
95
115
 
96
116
  ```ruby
@@ -106,14 +126,49 @@ config.confirm_strategy = -> (context, password) {
106
126
  user.authenticate(password)
107
127
  }
108
128
 
109
- # Other custom implementations
129
+ # Another example, using ENV vars
110
130
  config.confirm_strategy = -> (context, password) {
111
131
  user = context.current_user
112
132
  user.admin? && password == ENV['SUPER_SECRET_PASSWORD']
113
133
  }
134
+ ```
114
135
 
115
- config.confirm_strategy = -> (context, password) {
116
- Auth.call(context.current_user.email, password)
136
+ ### Callbacks
137
+
138
+ You can subscribe to different lifecycle events via the `callbacks` option. Each callback must be a `lambda`, which will receive 1 argument, the controller instance (`context`).
139
+
140
+ You can subscribe to the following events:
141
+
142
+ - `:invalid_sudo_session`: fired when the confirmation page is rendered, because there is no valid sudo session. Be careful! If the page is re-submitted or the password is invalid, the confirmation page will be rendered again and this event will be fired again too.
143
+ - `:new_sudo_session`: fired when a new sudo session is started.
144
+ - `:invalid_confirmation`: fired when an invalid password is submitted.
145
+
146
+ This can be really useful for example for instrumentation or logging:
147
+
148
+ ```ruby
149
+ config.callbacks = {
150
+ invalid_confirmation: -> (context) {
151
+ user = context.current_user
152
+ request = context.request
153
+
154
+ Rails.logger.warn("[SUDO_RAILS] Invalid verification: #{user.email} - #{request.remote_ip}")
155
+ }
156
+ }
157
+ ```
158
+
159
+ Or you can even implement custom workflows along with the `confirm_strategy` option. Like for example, using your 2FA system instead of the session password:
160
+
161
+ ```ruby
162
+ config.callbacks = {
163
+ invalid_sudo_session: -> (context) {
164
+ user = context.current_user
165
+ AuthService.send_code(user)
166
+ }
167
+ }
168
+
169
+ config.confirm_strategy = -> (context, code) {
170
+ user = context.current_user
171
+ AuthService.validate_code(user, code)
117
172
  }
118
173
  ```
119
174
 
data/Rakefile CHANGED
@@ -1,6 +1 @@
1
1
  require "bundler/gem_tasks"
2
-
3
- require 'rspec/core/rake_task'
4
- RSpec::Core::RakeTask.new(:spec)
5
-
6
- task :default => :spec
@@ -4,7 +4,7 @@ module SudoRails
4
4
 
5
5
  def confirm
6
6
  if SudoRails.confirm?(self, params[:password])
7
- session[:sudo_session] = Time.zone.now.to_s
7
+ extend_sudo_session!
8
8
  else
9
9
  flash[:alert] = I18n.t('sudo_rails.invalid_pass', locale: params[:locale])
10
10
  end
@@ -7,7 +7,7 @@
7
7
  </div>
8
8
 
9
9
  <div class='sudo-form'>
10
- <%= form_tag '/sudo_rails/confirm' do |f| %>
10
+ <%= form_tag sudo_rails_confirm_path do |f| %>
11
11
  <%= hidden_field_tag :locale, I18n.locale %>
12
12
  <%= hidden_field_tag :target_path, params[:target_path] || request.url %>
13
13
  <%= password_field_tag :password, nil, required: true, placeholder: t('sudo_rails.password') %>
@@ -0,0 +1,35 @@
1
+ class SudoRails::ConfigGenerator < Rails::Generators::Base
2
+ def create_config_file
3
+ create_file "config/initializers/sudo_rails.rb", <<~RUBY
4
+ SudoRails.setup do |config|
5
+ ### On/off engine
6
+ # config.enabled = true
7
+
8
+ ### Sudo mode sessions duration, default is 30 minutes
9
+ # config.sudo_session_duration = 10.minutes
10
+
11
+ ### Confirmation page styling
12
+ # config.custom_logo = '/images/logo_medium.png'
13
+ # config.primary_color = '#1a7191'
14
+ # config.background_color = '#1a1a1a'
15
+ # config.layout = 'admin'
16
+
17
+ ### Confirmation strategy implementation
18
+ # config.confirm_strategy = -> (context, password) {
19
+ # user = context.current_user
20
+ # user.valid_password?(password)
21
+ # }
22
+
23
+ ### Reset password link
24
+ # config.reset_pass_link = '/users/password/new'
25
+
26
+ ### Subscribe to different events
27
+ # config.callbacks = {
28
+ # new_sudo_session: -> (context) { Rails.logger.warn("new sudo session created") },
29
+ # invalid_sudo_session: -> (context) { Rails.logger.warn("invalid sudo session") },
30
+ # invalid_confirmation: -> (context) { Rails.logger.warn("invalid password in sudo session") }
31
+ # }
32
+ end
33
+ RUBY
34
+ end
35
+ end
@@ -0,0 +1,7 @@
1
+ class SudoRails::ViewGenerator < Rails::Generators::Base
2
+ source_root File.expand_path("../../../app/views/sudo_rails/", __dir__)
3
+
4
+ def copy_view_file
5
+ copy_file "confirm_form.html.erb", "app/views/sudo_rails/confirm_form.html.erb"
6
+ end
7
+ end
@@ -8,6 +8,8 @@ module SudoRails
8
8
  next unless SudoRails.enabled
9
9
  next if SudoRails.valid_sudo_session?(session[:sudo_session])
10
10
 
11
+ SudoRails.run_callback(:invalid_sudo_session, self)
12
+
11
13
  render 'sudo_rails/confirm_form', layout: SudoRails.get_layout
12
14
  end
13
15
  end
@@ -3,14 +3,14 @@ module SudoRails
3
3
  isolate_namespace SudoRails
4
4
 
5
5
  initializer "sudo_rails.controller_ext" do
6
- ActiveSupport.on_load(:action_controller) do
6
+ ActiveSupport.on_load(:action_controller_base) do
7
7
  include SudoRails::ControllerExt
8
8
  end
9
9
  end
10
10
 
11
11
  initializer 'sudo_rails.routes' do |app|
12
12
  app.routes.append do
13
- post '/sudo_rails/confirm' => 'sudo_rails/application#confirm'
13
+ post '/sudo_rails/confirm' => 'sudo_rails/application#confirm', as: :sudo_rails_confirm
14
14
  end
15
15
  end
16
16
  end
@@ -1,3 +1,3 @@
1
1
  module SudoRails
2
- VERSION = "0.7.0"
2
+ VERSION = "0.9.0"
3
3
  end
data/lib/sudo_rails.rb CHANGED
@@ -7,8 +7,15 @@ module SudoRails
7
7
  class << self
8
8
  include Styling
9
9
 
10
+ AVAILABLE_CALLBACKS = [
11
+ :invalid_sudo_session,
12
+ :new_sudo_session,
13
+ :invalid_confirmation
14
+ ]
15
+
10
16
  attr_accessor :enabled,
11
17
  :confirm_strategy,
18
+ :callbacks,
12
19
  :sudo_session_duration,
13
20
  :reset_pass_link,
14
21
  :layout,
@@ -24,7 +31,15 @@ module SudoRails
24
31
  strategy = confirm_strategy
25
32
  raise(ArgumentError, 'Please, provide an strategy via SudoRails.confirm_strategy') unless strategy
26
33
 
27
- strategy.call(context, password)
34
+ confirmed = strategy.call(context, password)
35
+
36
+ if confirmed
37
+ SudoRails.run_callback(:new_sudo_session, context)
38
+ else
39
+ SudoRails.run_callback(:invalid_confirmation, context)
40
+ end
41
+
42
+ confirmed
28
43
  end
29
44
 
30
45
  def valid_sudo_session?(started_at)
@@ -33,10 +48,23 @@ module SudoRails
33
48
 
34
49
  DateTime.parse(started_at) + sudo_session_duration > Time.zone.now
35
50
  end
51
+
52
+ def run_callback(type, context)
53
+ type = type.to_sym
54
+ if !AVAILABLE_CALLBACKS.include?(type)
55
+ raise(ArgumentError, "Please, provide a valid callback: #{AVAILABLE_CALLBACKS.to_sentence}")
56
+ end
57
+
58
+ callback = callbacks[type]
59
+ return unless callback
60
+
61
+ callback.call(context)
62
+ end
36
63
  end
37
64
 
38
65
  self.enabled = true
39
66
  self.sudo_session_duration = 30.minutes
67
+ self.callbacks = {}
40
68
  end
41
69
 
42
70
  require 'sudo_rails/integrations/devise' if defined?(Devise)
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: sudo_rails
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.7.0
4
+ version: 0.9.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - markets
8
- autorequire:
8
+ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-03-05 00:00:00.000000000 Z
11
+ date: 2024-04-17 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rails
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - ">="
18
18
  - !ruby/object:Gem::Version
19
- version: '4.2'
19
+ version: '5'
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - ">="
25
25
  - !ruby/object:Gem::Version
26
- version: '4.2'
26
+ version: '5'
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: rspec-rails
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -54,6 +54,8 @@ files:
54
54
  - app/views/sudo_rails/_stylesheet.html.erb
55
55
  - app/views/sudo_rails/confirm_form.html.erb
56
56
  - config/locales/en.yml
57
+ - lib/generators/sudo_rails/config_generator.rb
58
+ - lib/generators/sudo_rails/view_generator.rb
57
59
  - lib/sudo_rails.rb
58
60
  - lib/sudo_rails/controller_ext.rb
59
61
  - lib/sudo_rails/engine.rb
@@ -65,7 +67,7 @@ homepage: https://github.com/markets/sudo_rails
65
67
  licenses:
66
68
  - MIT
67
69
  metadata: {}
68
- post_install_message:
70
+ post_install_message:
69
71
  rdoc_options: []
70
72
  require_paths:
71
73
  - lib
@@ -80,8 +82,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
80
82
  - !ruby/object:Gem::Version
81
83
  version: '0'
82
84
  requirements: []
83
- rubygems_version: 3.0.3
84
- signing_key:
85
+ rubygems_version: 3.4.10
86
+ signing_key:
85
87
  specification_version: 4
86
88
  summary: Sudo mode for Rails
87
89
  test_files: []