Rails 7 Refactor
This is a refactor of AuthenticatedApp. From the perspective of the application that mounts this engine, the functionality and routes are mostly the same, but the code internally has been reorganized. Special cases, like encrypted storage and non-hashed vpn secrets, not used in petal have been removed. Hopefully all this will make it easier for this gem to be used with other apps and will help us implement other authentication methods and procedures such as two-factor in the future.
Notable changes
-
Controller tests are rewritten as integration tests. Tests are run on gitlab's CI.
-
All code has been moved to the top level AuthenticatedApp namespace: RandomCode ->
AuthenticatedApp::RandomCode, AuthenticatedAppConcern ->AuthenticatedApp::Controller -
Authentication logic is moved to
AuthenticatedApp::Service. Password services and controller now share more logic. -
Uses GlobalId to keep track of user ids in password rest forms. Username and emails are now obfuscated in password-reset urls.
-
Zxcvbn is no longer optional, and is automatically loaded
-
A new setting allows users to use their primary email address to reset their password
-
Password validation happens in the AuthenticatedApp::Service not on the User model
-
Added more documentation with yardoc. Use
yard docandyard server