tachiban 0.7.0 → 1.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +14 -4
- data/lib/tachiban/version.rb +1 -1
- data/lib/tachiban.rb +10 -7
- data/tachiban.gemspec +2 -2
- metadata +7 -8
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 2b2e100df48cb7de260705114b0c7d282bf2e67f8073442d987cb0295e985d48
|
|
4
|
+
data.tar.gz: 810a6b68cef7fd9177ef3083b05b0cc083eaecbc26e02b0621194c7f8c582db3
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: b884dd3638bc74fb54ccd11a1957d5fa6d4b32bf5a20aff39cfc300ce794069d4812b1decef520a2f31db2b91e2c4d41424e1747b4892b8321b67c0680dbe4e5
|
|
7
|
+
data.tar.gz: 64b5a67347b6cfc4c62ef3df0afb8e21305ef140807334ebbf3748fba2d8d9445d014b385735434fa238fb1b441df00b4e341156e78e9650b3df16e962779a91
|
data/README.md
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
|
|
3
3
|
[](https://gitter.im/sebastjan-hribar/tachiban?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge) [](https://badge.fury.io/rb/tachiban) [](https://travis-ci.org/sebastjan-hribar/tachiban)
|
|
4
4
|
|
|
5
|
-
Tachiban (立ち番 - standing watch) provides simple authentication system for [Hanami web applications](http://hanamirb.org/) by using
|
|
5
|
+
Tachiban (立ち番 - standing watch) provides simple authentication system for [Hanami web applications](http://hanamirb.org/) by using Argon2 for password hashing and
|
|
6
6
|
offers the following functionalities (with methods listed below
|
|
7
7
|
under Methods by features):
|
|
8
8
|
- Signup
|
|
@@ -176,13 +176,23 @@ by the link validity: `Time.now > @user.password_reset_sent_at + link_validity`
|
|
|
176
176
|
password_reset_url_valid?(link_validity)
|
|
177
177
|
```
|
|
178
178
|
|
|
179
|
+
### Example of use in an application
|
|
180
|
+
[Using Tachiban with a Hanami app](https://sebastjan-hribar.github.io/programming/2021/09/03/tachiban-with-hanami.html)
|
|
179
181
|
|
|
180
|
-
### ToDo
|
|
181
|
-
|
|
182
|
-
- Add full Hanami app for testing purposes.
|
|
183
182
|
|
|
184
183
|
### Changelog
|
|
185
184
|
|
|
185
|
+
#### 1.0.0
|
|
186
|
+
|
|
187
|
+
BCrypt was replaced by Argon2.
|
|
188
|
+
|
|
189
|
+
|
|
190
|
+
#### 0.8.0
|
|
191
|
+
|
|
192
|
+
Bug fix for determining the validity of the password update linke. Greater than instead of less than was used
|
|
193
|
+
to compare the time of the reset link email and the time when the user tries to update the password.
|
|
194
|
+
|
|
195
|
+
|
|
186
196
|
#### 0.7.0
|
|
187
197
|
|
|
188
198
|
Authorization was moved to a separate gem [Rokku](https://github.com/sebastjan-hribar/rokku).
|
data/lib/tachiban/version.rb
CHANGED
data/lib/tachiban.rb
CHANGED
|
@@ -1,21 +1,24 @@
|
|
|
1
1
|
require 'tachiban/version'
|
|
2
|
-
require 'bcrypt'
|
|
3
2
|
require 'hanami/controller'
|
|
4
3
|
require 'hanami/action/session'
|
|
4
|
+
require 'argon2'
|
|
5
5
|
|
|
6
6
|
module Hanami
|
|
7
7
|
module Tachiban
|
|
8
8
|
private
|
|
9
9
|
|
|
10
|
+
|
|
10
11
|
# ### Signup ###
|
|
11
12
|
|
|
12
13
|
# The hashed_password method generates a hashed version of the user's
|
|
13
|
-
# password.
|
|
14
|
-
#
|
|
15
|
-
#
|
|
14
|
+
# password. Password hashing is provided by Argon2. Hashed password
|
|
15
|
+
# by default includes a salt and the default cost factorr.
|
|
16
|
+
#
|
|
17
|
+
# Hashed password should be stored in the database as an user's
|
|
18
|
+
# attribute so it can be retrieved during the login process.
|
|
16
19
|
|
|
17
20
|
def hashed_password(password)
|
|
18
|
-
|
|
21
|
+
Argon2::Password.create(password)
|
|
19
22
|
end
|
|
20
23
|
|
|
21
24
|
# ### Login ###
|
|
@@ -26,7 +29,7 @@ private
|
|
|
26
29
|
# - a user's hashed password from the database matches the input password
|
|
27
30
|
|
|
28
31
|
def authenticated?(input_pass)
|
|
29
|
-
@user &&
|
|
32
|
+
@user && Argon2::Password.verify_password(input_pass, @user.hashed_pass)
|
|
30
33
|
end
|
|
31
34
|
|
|
32
35
|
# The login method can be used in combination with the authenticated? method to
|
|
@@ -133,7 +136,7 @@ private
|
|
|
133
136
|
|
|
134
137
|
# State the link_validity in seconds.
|
|
135
138
|
def password_reset_url_valid?(link_validity)
|
|
136
|
-
Time.now
|
|
139
|
+
Time.now < @user.password_reset_sent_at + link_validity
|
|
137
140
|
end
|
|
138
141
|
end
|
|
139
142
|
end
|
data/tachiban.gemspec
CHANGED
|
@@ -9,7 +9,7 @@ Gem::Specification.new do |spec|
|
|
|
9
9
|
spec.authors = ["Sebastjan Hribar"]
|
|
10
10
|
spec.email = ["sebastjan.hribar@gmail.com"]
|
|
11
11
|
|
|
12
|
-
spec.summary = %q{Tachiban provides simple password hashing for user authentication with
|
|
12
|
+
spec.summary = %q{Tachiban provides simple password hashing for user authentication with Argon2 for Hanami web applications.}
|
|
13
13
|
spec.homepage = "https://github.com/sebastjan-hribar/tachiban"
|
|
14
14
|
spec.license = "MIT"
|
|
15
15
|
|
|
@@ -26,7 +26,7 @@ Gem::Specification.new do |spec|
|
|
|
26
26
|
spec.add_development_dependency 'hanami-router', "~> 1.0"
|
|
27
27
|
spec.add_development_dependency 'pry', "~> 0"
|
|
28
28
|
|
|
29
|
-
spec.add_runtime_dependency "
|
|
29
|
+
spec.add_runtime_dependency "argon2", "~> 2.3"
|
|
30
30
|
spec.add_runtime_dependency 'hanami-controller', "~> 1.0"
|
|
31
31
|
spec.add_runtime_dependency 'hanami-router', "~> 1.0"
|
|
32
32
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: tachiban
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 1.0.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Sebastjan Hribar
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2023-10-09 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -129,19 +129,19 @@ dependencies:
|
|
|
129
129
|
- !ruby/object:Gem::Version
|
|
130
130
|
version: '0'
|
|
131
131
|
- !ruby/object:Gem::Dependency
|
|
132
|
-
name:
|
|
132
|
+
name: argon2
|
|
133
133
|
requirement: !ruby/object:Gem::Requirement
|
|
134
134
|
requirements:
|
|
135
135
|
- - "~>"
|
|
136
136
|
- !ruby/object:Gem::Version
|
|
137
|
-
version: '3
|
|
137
|
+
version: '2.3'
|
|
138
138
|
type: :runtime
|
|
139
139
|
prerelease: false
|
|
140
140
|
version_requirements: !ruby/object:Gem::Requirement
|
|
141
141
|
requirements:
|
|
142
142
|
- - "~>"
|
|
143
143
|
- !ruby/object:Gem::Version
|
|
144
|
-
version: '3
|
|
144
|
+
version: '2.3'
|
|
145
145
|
- !ruby/object:Gem::Dependency
|
|
146
146
|
name: hanami-controller
|
|
147
147
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -212,10 +212,9 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
212
212
|
- !ruby/object:Gem::Version
|
|
213
213
|
version: '0'
|
|
214
214
|
requirements: []
|
|
215
|
-
|
|
216
|
-
rubygems_version: 2.7.7
|
|
215
|
+
rubygems_version: 3.1.6
|
|
217
216
|
signing_key:
|
|
218
217
|
specification_version: 4
|
|
219
|
-
summary: Tachiban provides simple password hashing for user authentication with
|
|
218
|
+
summary: Tachiban provides simple password hashing for user authentication with Argon2
|
|
220
219
|
for Hanami web applications.
|
|
221
220
|
test_files: []
|