rails_mvp_authentication
rails_mvp_authentication copied to clipboard
stevepolitodesign
An authentication generator for Rails 7. Generate all the files needed to create a feature rich authentication system that you control. No configuration needed.
Remove call to `&& request.local?`. https://github.com/stevepolitodesign/rails_mvp_authentication/blob/b644108810c27e783b5a3cea7d72f779468e6e84/lib/generators/rails_mvp_authentication/templates/authentication.rb.tt#L56
https://github.com/stevepolitodesign/rails_mvp_authentication/blob/b2e0ebd8badafbcf337d57e6828e69afb77cfd1b/lib/generators/rails_mvp_authentication/templates/authentication.rb.tt#L38 ``` cookies.permanent.encrypted[:remember_token] = { value: active_session.remember_token, httponly: true } ``` Someone can use 'document.cookies' and stole your cookie if you don't use httponly.
https://github.com/stevepolitodesign/rails_mvp_authentication/blob/b2e0ebd8badafbcf337d57e6828e69afb77cfd1b/lib/generators/rails_mvp_authentication/templates/confirmations_controller.rb.tt#L16 The user will receive a confirmation token, with this token he can validate any further email. I solved it by setting the email as purpose, so that token is...
This should be: ```ruby elsif cookies[:remember_token].present ... end ``` https://github.com/stevepolitodesign/rails_mvp_authentication/blob/365017fb3173e99e901926da067d44825a9310a1/lib/generators/rails_mvp_authentication/install_generator.rb#L230-L233
If the `Gemfile` contains `bcrypt` (but commented out) the script should be un-commenting this line. Right now, we have logic in place to do this, but it's not working.
fixes #53 References: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite https://api.rubyonrails.org/classes/ActionDispatch/Cookies.html
Metadata
Owner
Metadata
An authentication generator for Rails 7. Generate all the files needed to create a feature rich authentication system that you control. No configuration needed.