Class: Authenticate::Configuration

Inherits:

Object

• Object
• Authenticate::Configuration

Defined in:

lib/authenticate/configuration.rb

Overview

Configuration for Authenticate.

Instance Attribute Summary

• #allow_sign_up ⇒ Boolean

  Controls whether the “sign up” route, allowing creation of users, is enabled.

• #authentication_strategy ⇒ Symbol or Class

  Strategy for authentication.

• #bad_login_lockout_period ⇒ ActiveSupport::CoreExtensions::Numeric::Time

  Time period to lock an account for if the user exceeds max_consecutive_bad_logins_allowed.

• #cookie_domain ⇒ String

  The domain to set for the Authenticate session cookie.

• #cookie_expiration ⇒ Lambda

  A lambda called to set the remember token cookie expires attribute.

• #cookie_http_only ⇒ Boolean

  Controls whether the HttpOnly flag should be set on the session cookie.

• #cookie_name ⇒ String

  Name of the session cookie Authenticate will send to client browser.

• #cookie_path ⇒ String

  Controls which paths the session token cookie is valid for.

• #crypto_provider ⇒ Module #match? #encrypt

  Determines what crypto is used when authenticating and setting passwords.

• #debug ⇒ Boolean

  Enable debugging messages.

• #mailer_sender ⇒ String

  Controls the ‘from’ address for Authenticate emails.

• #max_consecutive_bad_logins_allowed ⇒ Integer

  Number of consecutive bad login attempts allowed.

• #max_session_lifetime ⇒ ActiveSupport::CoreExtensions::Numeric::Time

  Allow a session to ‘live’ for no more than the given elapsed time, e.g.

• #modules ⇒ Object

  List of symbols naming modules to load.

• #password_length ⇒ Range

  Range requirement for password length.

• #redirect_url ⇒ String

  The default path Authenticate will redirect signed in users to.

• #reset_password_within ⇒ ActiveSupport::CoreExtensions::Numeric::Time

  The time period within which the password must be reset or the token expires.

• #rotate_csrf_on_sign_in ⇒ Boolean

  Rotate CSRF token on sign in if true.

• #routes ⇒ Boolean

  Enable or disable Authenticate’s built-in routes.

• #secure_cookie ⇒ Boolean

  Controls the secure setting on the session cookie.

• #timeout_in ⇒ ActiveSupport::CoreExtensions::Numeric::Time

  Invalidate the session after the specified period of idle time.

• #user_model ⇒ String

  ActiveRecord model class name that represents your user.

Instance Method Summary

• #allow_sign_up? ⇒ Boolean

  Is the user sign up route enabled?.

• #initialize ⇒ Configuration constructor

  A new instance of Configuration.

• #rotate_csrf_on_sign_in? ⇒ Boolean
• #routes_enabled? ⇒ Boolean

  Are Authenticate’s built-in routes enabled?.

• #user_model_class ⇒ Object
• #user_model_param_key ⇒ Symbol

  The key for accessing user parameters.

• #user_model_route_key ⇒ Symbol

  The routing key for user routes.

Constructor Details

#initialize ⇒ Configuration

Returns a new instance of Configuration.

# File 'lib/authenticate/configuration.rb', line 241

def initialize
  # Defaults
  @debug = false
  @cookie_name = 'authenticate_session_token'
  @cookie_expiration = -> { 1.year.from_now.utc }
  @cookie_domain = nil
  @cookie_path = '/'
  @secure_cookie = false
  @cookie_http_only = true
  @mailer_sender = 'reply@example.com'
  @redirect_url = '/'
  @rotate_csrf_on_sign_in = false
  @allow_sign_up = true
  @routes = true
  @reset_password_within = 2.days
  @modules = []
  @user_model = '::User'
  @authentication_strategy = :email
  @password_length = 8..128
end

Instance Attribute Details

#allow_sign_up ⇒ Boolean

Controls whether the “sign up” route, allowing creation of users, is enabled.

Defaults to ‘true`.

Set to ‘false` to disable user creation routes. The setting is ignored if routes are disabled.

Parameters:

• value (Boolean)

Returns:

• (Boolean)

# File 'lib/authenticate/configuration.rb', line 207

def allow_sign_up
  @allow_sign_up
end

#authentication_strategy ⇒ Symbol or Class

Strategy for authentication.

Available strategies:

• :email - requires user have attribute :email

• :username - requires user have attribute :username

Defaults to :email. To set to :username:

Configuration.configure do |config|
  config.authentication_strategy = :username
end

Authenticate is designed to authenticate via :email. Some support for username is included. Username still requires an :email attribute on your User model.

Alternatively, you can plug in your own authentication class:

Configuration.configure do |config|
  config.authentication_strategy = MyFunkyAuthClass
end

Returns:

• (Symbol or Class)

# File 'lib/authenticate/configuration.rb', line 182

def authentication_strategy
  @authentication_strategy
end

#bad_login_lockout_period ⇒ ActiveSupport::CoreExtensions::Numeric::Time

Time period to lock an account for if the user exceeds max_consecutive_bad_logins_allowed.

If set to nil, account is locked out indefinitely.

Returns:

• (ActiveSupport::CoreExtensions::Numeric::Time)

# File 'lib/authenticate/configuration.rb', line 151

def bad_login_lockout_period
  @bad_login_lockout_period
end

#cookie_domain ⇒ String

The domain to set for the Authenticate session cookie.

Defaults to nil, which will cause the cookie domain to set to the domain of the request.

Returns:

• (String)

# File 'lib/authenticate/configuration.rb', line 50

def cookie_domain
  @cookie_domain
end

#cookie_expiration ⇒ Lambda

A lambda called to set the remember token cookie expires attribute.

Defaults to 1 year expiration.

Note this is NOT the authenticate session’s max lifetime, but only the cookie’s lifetime.

See #max_session_lifetime for more on the session lifetime.

To set cookie expiration yourself:

Authenticate.configure do |config|
  config.cookie_expiration = { 1.month.from_now.utc }
end

Returns:

• (Lambda)

# File 'lib/authenticate/configuration.rb', line 43

def cookie_expiration
  @cookie_expiration
end

#cookie_http_only ⇒ Boolean

Controls whether the HttpOnly flag should be set on the session cookie. If ‘true`, the cookie will not be made available to JavaScript.

Defaults to ‘true`.

For more see [RFC6265](tools.ietf.org/html/rfc6265#section-5.2.6).

Returns:

• (Boolean)

# File 'lib/authenticate/configuration.rb', line 83

def cookie_http_only
  @cookie_http_only
end

#cookie_name ⇒ String

Name of the session cookie Authenticate will send to client browser.

Defaults to ‘authenticate_session_token’.

Returns:

• (String)

# File 'lib/authenticate/configuration.rb', line 26

def cookie_name
  @cookie_name
end

#cookie_path ⇒ String

Controls which paths the session token cookie is valid for.

Defaults to ‘“/”` for the entire domain.

For more, see [RFC6265](tools.ietf.org/html/rfc6265#section-5.1.4).

Returns:

• (String)

# File 'lib/authenticate/configuration.rb', line 58

def cookie_path
  @cookie_path
end

#crypto_provider ⇒ Module #match? #encrypt

Determines what crypto is used when authenticating and setting passwords.

Defaults to Model::BCrypt.

At the moment Bcrypt is the only option offered.

Crypto implementations must implement:

* match?(secret, encrypted)
* encrypt(secret)

Returns:

• (Module #match? #encrypt)

# File 'lib/authenticate/configuration.rb', line 103

def crypto_provider
  @crypto_provider
end

#debug ⇒ Boolean

Enable debugging messages.

Returns:

• (Boolean)

# File 'lib/authenticate/configuration.rb', line 239

def debug
  @debug
end

#mailer_sender ⇒ String

Controls the ‘from’ address for Authenticate emails. Set this to a value appropriate to your application.

Defaults to reply@example.com.

Returns:

• (String)

# File 'lib/authenticate/configuration.rb', line 90

def mailer_sender
  @mailer_sender
end

#max_consecutive_bad_logins_allowed ⇒ Integer

Number of consecutive bad login attempts allowed. Commonly called “brute force protection”. The user’s consecutive bad logins will be tracked, and if they exceed the allowed maximum, the user’s account will be locked. The length of the lockout is determined by [#bad_login_lockout_period].

Default is nil, which disables this feature.

Authenticate.configure do |config|

config.max_consecutive_bad_logins_allowed = 4
config.bad_login_lockout_period = 10.minutes

end

Returns:

• (Integer)

# File 'lib/authenticate/configuration.rb', line 144

def max_consecutive_bad_logins_allowed
  @max_consecutive_bad_logins_allowed
end

#max_session_lifetime ⇒ ActiveSupport::CoreExtensions::Numeric::Time

Allow a session to ‘live’ for no more than the given elapsed time, e.g. 8.hours.

Defaults to nil, or no max session time.

If set, a user session will expire once it has been active for max_session_lifetime. The user session is invalidated and the next access will will prompt the user for authentication.

Authenticate.configure do |config|

config.max_session_lifetime = 8.hours

end

Returns:

• (ActiveSupport::CoreExtensions::Numeric::Time)

# File 'lib/authenticate/configuration.rb', line 130

def max_session_lifetime
  @max_session_lifetime
end

#modules ⇒ Object

List of symbols naming modules to load.

# File 'lib/authenticate/configuration.rb', line 234

def modules
  @modules
end

#password_length ⇒ Range

Range requirement for password length.

Defaults to ‘8..128`.

Returns:

• (Range)

# File 'lib/authenticate/configuration.rb', line 158

def password_length
  @password_length
end

#redirect_url ⇒ String

The default path Authenticate will redirect signed in users to.

Defaults to ‘“/”`.

This can also be overridden for specific scenarios by overriding controller methods that rely on it.

Returns:

• (String)

# File 'lib/authenticate/configuration.rb', line 190

def redirect_url
  @redirect_url
end

#reset_password_within ⇒ ActiveSupport::CoreExtensions::Numeric::Time

The time period within which the password must be reset or the token expires. If set to nil, the password reset token does not expire.

Defaults to ‘2.days`.

Returns:

• (ActiveSupport::CoreExtensions::Numeric::Time)

# File 'lib/authenticate/configuration.rb', line 227

def reset_password_within
  @reset_password_within
end

#rotate_csrf_on_sign_in ⇒ Boolean

Rotate CSRF token on sign in if true.

Defaults to false, but will default to true in 1.0.

Returns:

• (Boolean)

# File 'lib/authenticate/configuration.rb', line 197

def rotate_csrf_on_sign_in
  @rotate_csrf_on_sign_in
end

#routes ⇒ Boolean

Enable or disable Authenticate’s built-in routes.

Defaults to ‘true’.

If you disable the routes, your application is responsible for all routes.

You can deploy a copy of Authenticate’s routes with ‘rails generate authenticate:routes`, which will also set `config.routes = false`.

Returns:

• (Boolean)

# File 'lib/authenticate/configuration.rb', line 219

def routes
  @routes
end

#secure_cookie ⇒ Boolean

Controls the secure setting on the session cookie.

Defaults to ‘false`.

When set to ‘true’, the browser will only send the cookie to the server over HTTPS. If set to true over an insecure http (not https) connection, the cookie will not be usable and the user will not be successfully authenticated.

You should set this value to true in live environments to prevent session hijacking.

Set to false in development environments.

For more, see [RFC6265](tools.ietf.org/html/rfc6265#section-5.2.5).

Returns:

• (Boolean)

# File 'lib/authenticate/configuration.rb', line 74

def secure_cookie
  @secure_cookie
end

#timeout_in ⇒ ActiveSupport::CoreExtensions::Numeric::Time

Invalidate the session after the specified period of idle time. If the interval between the current access time and the last access time is greater than timeout_in, the session is invalidated. The user will be prompted for authentication again.

Defaults to nil, which is no idle timeout.

Authenticate.configure do |config|
  config.timeout_in = 45.minutes
end

Returns:

• (ActiveSupport::CoreExtensions::Numeric::Time)

# File 'lib/authenticate/configuration.rb', line 116

def timeout_in
  @timeout_in
end

#user_model ⇒ String

ActiveRecord model class name that represents your user. Specify as a String.

Defaults to ‘::User’.

To set to a different class:

Authenticate.configure do |config|
  config.user_model = 'BlogUser'
end

Returns:

• (String)

# File 'lib/authenticate/configuration.rb', line 19

def user_model
  @user_model
end

Instance Method Details

#allow_sign_up? ⇒ Boolean

Is the user sign up route enabled?

Returns:

• (Boolean)

# File 'lib/authenticate/configuration.rb', line 282

def allow_sign_up?
  @allow_sign_up
end

#rotate_csrf_on_sign_in? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/authenticate/configuration.rb', line 291

def rotate_csrf_on_sign_in?
  rotate_csrf_on_sign_in
end

#routes_enabled? ⇒ Boolean

Returns are Authenticate’s built-in routes enabled?.

Returns:

• (Boolean) —

  are Authenticate’s built-in routes enabled?

# File 'lib/authenticate/configuration.rb', line 287

def routes_enabled?
  @routes
end

#user_model_class ⇒ Object

# File 'lib/authenticate/configuration.rb', line 262

def user_model_class
  @user_model_class ||= user_model.constantize
end

#user_model_param_key ⇒ Symbol

The key for accessing user parameters.

Returns:

• (Symbol)

# File 'lib/authenticate/configuration.rb', line 275

def user_model_param_key
  return :user if @user_model == '::User' # avoid nil in generator
  user_model_class.model_name.param_key.to_sym
end

#user_model_route_key ⇒ Symbol

The routing key for user routes. See ‘routes.rb`.

Returns:

• (Symbol)

# File 'lib/authenticate/configuration.rb', line 268

def user_model_route_key
  return :users if @user_model == '::User' # avoid nil in generator
  user_model_class.model_name.route_key
end