-
-
Notifications
You must be signed in to change notification settings - Fork 86
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add input token page to the sign in flow (#159)
Since building Passwordless I've changed my opinion slightly on what the best Passwordless sign in flow is. Most of the time, I find it preferable to, instead of clicking a magic link, copy-paste a token directly. I prefer it because: It lets me stay in the current browser tab It's easier if I'm on a computer but I check my email on my phone More than that, having it this way doesn't require removing the old way. So that's where Passwordless is going.
- Loading branch information
Showing
42 changed files
with
774 additions
and
764 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -4,6 +4,17 @@ | |
|
||
### Breaking changes | ||
|
||
This major release of Passwordless changes a lot of things and it is almost guaranteed that you will need to change your code to upgrade to this version. | ||
|
||
**Note** that there is no _need_ to upgrade. The previous versions of Passwordless will continue to work for the foreseeable future. | ||
|
||
The flow is now: | ||
|
||
1. User enters email | ||
1. User is presented with a token input page | ||
1. User enters token OR clicks link in email | ||
1. User is signed in | ||
|
||
#### 1. Upgrade your database | ||
|
||
If you're already running Passwordless, you'll need to update your database schema. | ||
|
@@ -27,35 +38,39 @@ class UpgradePassswordless < ActiveRecord::Migration[7.0] | |
end | ||
``` | ||
|
||
#### 2. Encrypted tokens | ||
#### 2. Move configuration to `Passwordless.config` | ||
|
||
Tokens are now encrypted in the database. | ||
Passwordless is now configured like this. In `config/initializers/passwordless.rb`: | ||
|
||
#### 3. Un-isolated namespace | ||
```ruby | ||
Passwordless.configure do |config| | ||
config.default_from_address = "[email protected]" | ||
end | ||
``` | ||
|
||
Passwordless no longer [_isolates namespace_](https://guides.rubyonrails.org/engines.html#routes). | ||
#### 3. Update your views (if you have customized them) | ||
|
||
1. Update all your links with eg. `users.sign_in_path` to `users_sign_in_path` | ||
1. Remove all links with `main_app.whatever_path` to just `whatever_path` | ||
The existing views have changed and a new one has been added. Regenerate them using `rails generate passwordless:views`. | ||
|
||
#### 4. Remove deprecated methods and helpers | ||
#### 4. Un-isolated namespace | ||
|
||
Removes `authenticate_by_cookie` and `upgrade_passwordless_cookie` from controller helpers. | ||
Passwordless no longer [_isolates namespace_](https://guides.rubyonrails.org/engines.html#routes). | ||
|
||
1. Change all your links with eg. `users.sign_in_path` to `users_sign_in_path` | ||
1. Change all links with `main_app.whatever_path` to just `whatever_path` | ||
|
||
#### 5. Stop collecting PII | ||
|
||
Passwordless no longer collects users' IP addresses. If you need this information, you can | ||
add it to your `after_session_save` callback. | ||
|
||
#### 6. Move configuration to `Passwordless.config` | ||
#### 6. Encrypted tokens | ||
|
||
Passwordless is now configured like this. In `config/initializers/passwordless.rb`: | ||
Tokens are now stored encrypted in the database. This means that any tokens that were generated with a previous version of Passwordless will no longer work. | ||
|
||
```ruby | ||
Passwordless.configure do |config| | ||
config.default_from_address = "[email protected]" | ||
end | ||
``` | ||
#### 7. Remove deprecated methods and helpers | ||
|
||
Removes `authenticate_by_cookie` and `upgrade_passwordless_cookie` from controller helpers. | ||
|
||
### Added | ||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,7 +1,16 @@ | ||
# frozen_string_literal: true | ||
|
||
source "https://rubygems.org" | ||
|
||
gemspec | ||
|
||
gem "codecov", require: false, group: :test | ||
gem "erb-formatter" | ||
gem "pry" | ||
gem "puma" | ||
gem "sqlite3" | ||
gem "yard" | ||
|
||
group :test do | ||
gem "capybara", require: false | ||
gem "codecov", require: false | ||
gem "minitest" | ||
gem "rails-controller-testing" | ||
end |
Oops, something went wrong.