tachiban 0.7.0 → 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +14 -4
- data/lib/tachiban/version.rb +1 -1
- data/lib/tachiban.rb +10 -7
- data/tachiban.gemspec +2 -2
- metadata +7 -8
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 2b2e100df48cb7de260705114b0c7d282bf2e67f8073442d987cb0295e985d48
|
|
4
|
+
data.tar.gz: 810a6b68cef7fd9177ef3083b05b0cc083eaecbc26e02b0621194c7f8c582db3
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: b884dd3638bc74fb54ccd11a1957d5fa6d4b32bf5a20aff39cfc300ce794069d4812b1decef520a2f31db2b91e2c4d41424e1747b4892b8321b67c0680dbe4e5
|
|
7
|
+
data.tar.gz: 64b5a67347b6cfc4c62ef3df0afb8e21305ef140807334ebbf3748fba2d8d9445d014b385735434fa238fb1b441df00b4e341156e78e9650b3df16e962779a91
|
data/README.md
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
|
|
3
3
|
[](https://gitter.im/sebastjan-hribar/tachiban?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge) [](https://badge.fury.io/rb/tachiban) [](https://travis-ci.org/sebastjan-hribar/tachiban)
|
|
4
4
|
|
|
5
|
-
Tachiban (立ち番 - standing watch) provides simple authentication system for [Hanami web applications](http://hanamirb.org/) by using
|
|
5
|
+
Tachiban (立ち番 - standing watch) provides simple authentication system for [Hanami web applications](http://hanamirb.org/) by using Argon2 for password hashing and
|
|
6
6
|
offers the following functionalities (with methods listed below
|
|
7
7
|
under Methods by features):
|
|
8
8
|
- Signup
|
|
@@ -176,13 +176,23 @@ by the link validity: `Time.now > @user.password_reset_sent_at + link_validity`
|
|
|
176
176
|
password_reset_url_valid?(link_validity)
|
|
177
177
|
```
|
|
178
178
|
|
|
179
|
+
### Example of use in an application
|
|
180
|
+
[Using Tachiban with a Hanami app](https://sebastjan-hribar.github.io/programming/2021/09/03/tachiban-with-hanami.html)
|
|
179
181
|
|
|
180
|
-
### ToDo
|
|
181
|
-
|
|
182
|
-
- Add full Hanami app for testing purposes.
|
|
183
182
|
|
|
184
183
|
### Changelog
|
|
185
184
|
|
|
185
|
+
#### 1.0.0
|
|
186
|
+
|
|
187
|
+
BCrypt was replaced by Argon2.
|
|
188
|
+
|
|
189
|
+
|
|
190
|
+
#### 0.8.0
|
|
191
|
+
|
|
192
|
+
Bug fix for determining the validity of the password update linke. Greater than instead of less than was used
|
|
193
|
+
to compare the time of the reset link email and the time when the user tries to update the password.
|
|
194
|
+
|
|
195
|
+
|
|
186
196
|
#### 0.7.0
|
|
187
197
|
|
|
188
198
|
Authorization was moved to a separate gem [Rokku](https://github.com/sebastjan-hribar/rokku).
|
data/lib/tachiban/version.rb
CHANGED
data/lib/tachiban.rb
CHANGED
|
@@ -1,21 +1,24 @@
|
|
|
1
1
|
require 'tachiban/version'
|
|
2
|
-
require 'bcrypt'
|
|
3
2
|
require 'hanami/controller'
|
|
4
3
|
require 'hanami/action/session'
|
|
4
|
+
require 'argon2'
|
|
5
5
|
|
|
6
6
|
module Hanami
|
|
7
7
|
module Tachiban
|
|
8
8
|
private
|
|
9
9
|
|
|
10
|
+
|
|
10
11
|
# ### Signup ###
|
|
11
12
|
|
|
12
13
|
# The hashed_password method generates a hashed version of the user's
|
|
13
|
-
# password.
|
|
14
|
-
#
|
|
15
|
-
#
|
|
14
|
+
# password. Password hashing is provided by Argon2. Hashed password
|
|
15
|
+
# by default includes a salt and the default cost factorr.
|
|
16
|
+
#
|
|
17
|
+
# Hashed password should be stored in the database as an user's
|
|
18
|
+
# attribute so it can be retrieved during the login process.
|
|
16
19
|
|
|
17
20
|
def hashed_password(password)
|
|
18
|
-
|
|
21
|
+
Argon2::Password.create(password)
|
|
19
22
|
end
|
|
20
23
|
|
|
21
24
|
# ### Login ###
|
|
@@ -26,7 +29,7 @@ private
|
|
|
26
29
|
# - a user's hashed password from the database matches the input password
|
|
27
30
|
|
|
28
31
|
def authenticated?(input_pass)
|
|
29
|
-
@user &&
|
|
32
|
+
@user && Argon2::Password.verify_password(input_pass, @user.hashed_pass)
|
|
30
33
|
end
|
|
31
34
|
|
|
32
35
|
# The login method can be used in combination with the authenticated? method to
|
|
@@ -133,7 +136,7 @@ private
|
|
|
133
136
|
|
|
134
137
|
# State the link_validity in seconds.
|
|
135
138
|
def password_reset_url_valid?(link_validity)
|
|
136
|
-
Time.now
|
|
139
|
+
Time.now < @user.password_reset_sent_at + link_validity
|
|
137
140
|
end
|
|
138
141
|
end
|
|
139
142
|
end
|
data/tachiban.gemspec
CHANGED
|
@@ -9,7 +9,7 @@ Gem::Specification.new do |spec|
|
|
|
9
9
|
spec.authors = ["Sebastjan Hribar"]
|
|
10
10
|
spec.email = ["sebastjan.hribar@gmail.com"]
|
|
11
11
|
|
|
12
|
-
spec.summary = %q{Tachiban provides simple password hashing for user authentication with
|
|
12
|
+
spec.summary = %q{Tachiban provides simple password hashing for user authentication with Argon2 for Hanami web applications.}
|
|
13
13
|
spec.homepage = "https://github.com/sebastjan-hribar/tachiban"
|
|
14
14
|
spec.license = "MIT"
|
|
15
15
|
|
|
@@ -26,7 +26,7 @@ Gem::Specification.new do |spec|
|
|
|
26
26
|
spec.add_development_dependency 'hanami-router', "~> 1.0"
|
|
27
27
|
spec.add_development_dependency 'pry', "~> 0"
|
|
28
28
|
|
|
29
|
-
spec.add_runtime_dependency "
|
|
29
|
+
spec.add_runtime_dependency "argon2", "~> 2.3"
|
|
30
30
|
spec.add_runtime_dependency 'hanami-controller', "~> 1.0"
|
|
31
31
|
spec.add_runtime_dependency 'hanami-router', "~> 1.0"
|
|
32
32
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: tachiban
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 1.0.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Sebastjan Hribar
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2023-10-09 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -129,19 +129,19 @@ dependencies:
|
|
|
129
129
|
- !ruby/object:Gem::Version
|
|
130
130
|
version: '0'
|
|
131
131
|
- !ruby/object:Gem::Dependency
|
|
132
|
-
name:
|
|
132
|
+
name: argon2
|
|
133
133
|
requirement: !ruby/object:Gem::Requirement
|
|
134
134
|
requirements:
|
|
135
135
|
- - "~>"
|
|
136
136
|
- !ruby/object:Gem::Version
|
|
137
|
-
version: '3
|
|
137
|
+
version: '2.3'
|
|
138
138
|
type: :runtime
|
|
139
139
|
prerelease: false
|
|
140
140
|
version_requirements: !ruby/object:Gem::Requirement
|
|
141
141
|
requirements:
|
|
142
142
|
- - "~>"
|
|
143
143
|
- !ruby/object:Gem::Version
|
|
144
|
-
version: '3
|
|
144
|
+
version: '2.3'
|
|
145
145
|
- !ruby/object:Gem::Dependency
|
|
146
146
|
name: hanami-controller
|
|
147
147
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -212,10 +212,9 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
212
212
|
- !ruby/object:Gem::Version
|
|
213
213
|
version: '0'
|
|
214
214
|
requirements: []
|
|
215
|
-
|
|
216
|
-
rubygems_version: 2.7.7
|
|
215
|
+
rubygems_version: 3.1.6
|
|
217
216
|
signing_key:
|
|
218
217
|
specification_version: 4
|
|
219
|
-
summary: Tachiban provides simple password hashing for user authentication with
|
|
218
|
+
summary: Tachiban provides simple password hashing for user authentication with Argon2
|
|
220
219
|
for Hanami web applications.
|
|
221
220
|
test_files: []
|