Class: DoorMat::Configuration

Inherits:
Object
  • Object
show all
Defined in:
lib/door_mat/configuration.rb

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initializeConfiguration

Returns a new instance of Configuration.



56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
 
# File 'lib/door_mat/configuration.rb', line 56

def initialize
  @mailer_from_address = "[email protected]"

  # Controllers that require_password_reconfirm will only
  # allow the user in without requesting an additional sign-in if the user password
  # was last entered less than password_reconfirm_delay
  # minutes ago.
  # All sections of the site allowing access to or modification
  # of sensitive information or settings should be protected this way.
  # This includes operations resulting in
  # a financial transaction using stored or pre-authorized payment methods.
  @password_reconfirm_delay = 5

  # A session from a public computer will only last
  # until the browser is closed and will timeout
  # after public_computer_access_session_timeout
  # minutes of inactivity.
  @public_computer_access_session_timeout = 30

  # A session from a private computer will survive
  # a browser restart but will expire in the
  # browser and timeout on the system
  # after private_computer_access_session_timeout
  # minutes of inactivity.
  @private_computer_access_session_timeout = 60


  # To prevent email flooding, a new request for a recovery password
  # links will only be sent after the specified delay
  @forgot_password_link_request_delay_minutes = 30

  # Password recovery links older than this delay become invalid
  @forgot_password_link_expiration_delay_minutes = 30

  # Does the system allow the remember me feature?
  # High value target systems such as financial sites
  # should not allow the remember me feature.
  # Even when this feature is enabled, sensitive area of the site
  # should require users to re-authenticate using a
  # before_action -> {require_password_reconfirm()}
  # filter
  @allow_remember_me_feature = false

  # As a safety reminder, the user must confirm that they
  # are not loging in from a public computer before enabling
  # the remember me feature
  @remember_me_require_private_computer_confirmation = true

  # A session from a private computer for which the
  # cookie will remain for a number of days specified
  # by remember_me_max_day_count and automatically
  # renew the session for that period of time
  @remember_me_max_day_count = 30

  # Do not pre-populate the email address field
  # in the sign_in form while doing a password reconfirmation
  # as it could be considered to leak the information about which
  # email address was used to login to the system before the reconfirmation request
  @leak_email_address_at_reconfirm = false

  # How many different accounts a single email address can be associated with on the system
  @plausible_deniability_count = 1

  # How many different emails can be linked to an actor
  @max_email_count_per_actor = 2

  # Production systems should eventually redefine their own routes explicitly
  # instead of relying on those provided by the engine
  @define_door_mat_routes = true

  #
  @allow_redirect_to_requested_url = true

  # When specifying redirects in
  # config/initializers/door_mat.rb you can use:
  # [ :main_app, :__path__ ] or [:__engine_name_, :__path__] respectively to redirect to an
  # existing path defined in your main application or loaded engine.
  # [:main_app, :root_url] to redirect to the root of your main application.
  # [ :request, :referer ] for an alternative to redirect_to :back.
  @lockdown_default_redirect_url = [ :request, :referer ]
  @sign_up_success_url = [ :sign_up_success_url ]
  @sign_in_success_url = [ :sign_in_success_url ]
  @add_email_success_url = [ :add_email_success_url ]
  @destroy_email_redirect_url = [ :request, :referer ]
  @set_primary_email_redirect_url = [ :request, :referer ]
  @resend_email_confirmation_redirect_url = [ :request, :referer ]
  @confirm_email_success_url = [ :confirm_email_success_url ]
  @reconfirm_password_success_url = [ :reconfirm_password_success_url ]
  @change_password_success_url = [ :change_password_success_url ]
  @sign_out_success_url = [ :sign_out_success_url ]
  @forgot_password_verification_mail_sent_url = [ :forgot_password_verification_mail_sent_url ]

  @allow_sign_up = true
  @allow_sign_in_from_sign_up_form = false

  @transmit_cookies_only_over_https = true

  @crypto_pbkdf2_salt_length = 32
  @crypto_pbkdf2_password_length = 32
  @crypto_pbkdf2_iterations = 10_000

  @crypto_bcrypt_cost = 12

  @crypto_secure_compare_default_length = 1024


  @event_hook_before_sign_up = []
  @event_hook_after_sign_up = []
  @event_hook_after_failed_sign_up = []
  @event_hook_before_sign_in = []
  @event_hook_after_sign_in = []
  @event_hook_after_failed_sign_in = []
  @event_hook_before_confirm_email = []
  @event_hook_after_confirm_email = [] # The confirmed DoorMat::Email is passed as function argument
  @event_hook_after_failed_confirm_email = []
  @event_hook_before_download_recovery_key = []
  @event_hook_after_download_recovery_key = []
  @event_hook_after_failed_download_recovery_key = []
  @event_hook_before_sign_out = []
  @event_hook_after_sign_out = []

  @logger = Rails.logger

  # By default, there are no password less sessions defined
  # see test_app/config/initializers/door_mat.rb for sample usage
  @password_less_sessions = {}

end

Instance Attribute Details

#add_email_success_urlObject

Returns the value of attribute add_email_success_url.



4
5
6
 
# File 'lib/door_mat/configuration.rb', line 4

def add_email_success_url
  @add_email_success_url
end

#allow_redirect_to_requested_urlObject

Returns the value of attribute allow_redirect_to_requested_url.



4
5
6
 
# File 'lib/door_mat/configuration.rb', line 4

def allow_redirect_to_requested_url
  @allow_redirect_to_requested_url
end

#allow_remember_me_featureObject

Returns the value of attribute allow_remember_me_feature.



4
5
6
 
# File 'lib/door_mat/configuration.rb', line 4

def allow_remember_me_feature
  @allow_remember_me_feature
end

#allow_sign_in_from_sign_up_formObject

Returns the value of attribute allow_sign_in_from_sign_up_form.



4
5
6
 
# File 'lib/door_mat/configuration.rb', line 4

def 
  @allow_sign_in_from_sign_up_form
end

#allow_sign_upObject

Returns the value of attribute allow_sign_up.



4
5
6
 
# File 'lib/door_mat/configuration.rb', line 4

def 
  @allow_sign_up
end

#change_password_success_urlObject

Returns the value of attribute change_password_success_url.



4
5
6
 
# File 'lib/door_mat/configuration.rb', line 4

def change_password_success_url
  @change_password_success_url
end

#confirm_email_success_urlObject

Returns the value of attribute confirm_email_success_url.



4
5
6
 
# File 'lib/door_mat/configuration.rb', line 4

def confirm_email_success_url
  @confirm_email_success_url
end

#crypto_bcrypt_costObject

Returns the value of attribute crypto_bcrypt_cost.



4
5
6
 
# File 'lib/door_mat/configuration.rb', line 4

def crypto_bcrypt_cost
  @crypto_bcrypt_cost
end

#crypto_pbkdf2_iterationsObject

Returns the value of attribute crypto_pbkdf2_iterations.



4
5
6
 
# File 'lib/door_mat/configuration.rb', line 4

def crypto_pbkdf2_iterations
  @crypto_pbkdf2_iterations
end

#crypto_pbkdf2_password_lengthObject

Returns the value of attribute crypto_pbkdf2_password_length.



4
5
6
 
# File 'lib/door_mat/configuration.rb', line 4

def crypto_pbkdf2_password_length
  @crypto_pbkdf2_password_length
end

#crypto_pbkdf2_salt_lengthObject

Returns the value of attribute crypto_pbkdf2_salt_length.



4
5
6
 
# File 'lib/door_mat/configuration.rb', line 4

def crypto_pbkdf2_salt_length
  @crypto_pbkdf2_salt_length
end

#crypto_secure_compare_default_lengthObject

Returns the value of attribute crypto_secure_compare_default_length.



4
5
6
 
# File 'lib/door_mat/configuration.rb', line 4

def crypto_secure_compare_default_length
  @crypto_secure_compare_default_length
end

#define_door_mat_routesObject

Returns the value of attribute define_door_mat_routes.



4
5
6
 
# File 'lib/door_mat/configuration.rb', line 4

def define_door_mat_routes
  @define_door_mat_routes
end

#destroy_email_redirect_urlObject

Returns the value of attribute destroy_email_redirect_url.



4
5
6
 
# File 'lib/door_mat/configuration.rb', line 4

def destroy_email_redirect_url
  @destroy_email_redirect_url
end

#event_hook_after_confirm_emailObject

Returns the value of attribute event_hook_after_confirm_email.



4
5
6
 
# File 'lib/door_mat/configuration.rb', line 4

def event_hook_after_confirm_email
  @event_hook_after_confirm_email
end

#event_hook_after_download_recovery_keyObject

Returns the value of attribute event_hook_after_download_recovery_key.



4
5
6
 
# File 'lib/door_mat/configuration.rb', line 4

def event_hook_after_download_recovery_key
  @event_hook_after_download_recovery_key
end

#event_hook_after_failed_confirm_emailObject

Returns the value of attribute event_hook_after_failed_confirm_email.



4
5
6
 
# File 'lib/door_mat/configuration.rb', line 4

def event_hook_after_failed_confirm_email
  @event_hook_after_failed_confirm_email
end

#event_hook_after_failed_download_recovery_keyObject

Returns the value of attribute event_hook_after_failed_download_recovery_key.



4
5
6
 
# File 'lib/door_mat/configuration.rb', line 4

def event_hook_after_failed_download_recovery_key
  @event_hook_after_failed_download_recovery_key
end

#event_hook_after_failed_sign_inObject

Returns the value of attribute event_hook_after_failed_sign_in.



4
5
6
 
# File 'lib/door_mat/configuration.rb', line 4

def 
  @event_hook_after_failed_sign_in
end

#event_hook_after_failed_sign_upObject

Returns the value of attribute event_hook_after_failed_sign_up.



4
5
6
 
# File 'lib/door_mat/configuration.rb', line 4

def 
  @event_hook_after_failed_sign_up
end

#event_hook_after_sign_inObject

Returns the value of attribute event_hook_after_sign_in.



4
5
6
 
# File 'lib/door_mat/configuration.rb', line 4

def 
  @event_hook_after_sign_in
end

#event_hook_after_sign_outObject

Returns the value of attribute event_hook_after_sign_out.



4
5
6
 
# File 'lib/door_mat/configuration.rb', line 4

def event_hook_after_sign_out
  @event_hook_after_sign_out
end

#event_hook_after_sign_upObject

Returns the value of attribute event_hook_after_sign_up.



4
5
6
 
# File 'lib/door_mat/configuration.rb', line 4

def 
  @event_hook_after_sign_up
end

#event_hook_before_confirm_emailObject

Returns the value of attribute event_hook_before_confirm_email.



4
5
6
 
# File 'lib/door_mat/configuration.rb', line 4

def event_hook_before_confirm_email
  @event_hook_before_confirm_email
end

#event_hook_before_download_recovery_keyObject

Returns the value of attribute event_hook_before_download_recovery_key.



4
5
6
 
# File 'lib/door_mat/configuration.rb', line 4

def event_hook_before_download_recovery_key
  @event_hook_before_download_recovery_key
end

#event_hook_before_sign_inObject

Returns the value of attribute event_hook_before_sign_in.



4
5
6
 
# File 'lib/door_mat/configuration.rb', line 4

def 
  @event_hook_before_sign_in
end

#event_hook_before_sign_outObject

Returns the value of attribute event_hook_before_sign_out.



4
5
6
 
# File 'lib/door_mat/configuration.rb', line 4

def event_hook_before_sign_out
  @event_hook_before_sign_out
end

#event_hook_before_sign_upObject

Returns the value of attribute event_hook_before_sign_up.



4
5
6
 
# File 'lib/door_mat/configuration.rb', line 4

def 
  @event_hook_before_sign_up
end

#forgot_password_link_expiration_delay_minutesObject

Returns the value of attribute forgot_password_link_expiration_delay_minutes.



4
5
6
 
# File 'lib/door_mat/configuration.rb', line 4

def forgot_password_link_expiration_delay_minutes
  @forgot_password_link_expiration_delay_minutes
end

#forgot_password_link_request_delay_minutesObject

Returns the value of attribute forgot_password_link_request_delay_minutes.



4
5
6
 
# File 'lib/door_mat/configuration.rb', line 4

def forgot_password_link_request_delay_minutes
  @forgot_password_link_request_delay_minutes
end

#forgot_password_verification_mail_sent_urlObject

Returns the value of attribute forgot_password_verification_mail_sent_url.



4
5
6
 
# File 'lib/door_mat/configuration.rb', line 4

def forgot_password_verification_mail_sent_url
  @forgot_password_verification_mail_sent_url
end

#leak_email_address_at_reconfirmObject

Returns the value of attribute leak_email_address_at_reconfirm.



4
5
6
 
# File 'lib/door_mat/configuration.rb', line 4

def leak_email_address_at_reconfirm
  @leak_email_address_at_reconfirm
end

#lockdown_default_redirect_urlObject

Returns the value of attribute lockdown_default_redirect_url.



4
5
6
 
# File 'lib/door_mat/configuration.rb', line 4

def lockdown_default_redirect_url
  @lockdown_default_redirect_url
end

#loggerObject

Returns the value of attribute logger.



4
5
6
 
# File 'lib/door_mat/configuration.rb', line 4

def logger
  @logger
end

#mailer_from_addressObject

Returns the value of attribute mailer_from_address.



4
5
6
 
# File 'lib/door_mat/configuration.rb', line 4

def mailer_from_address
  @mailer_from_address
end

#max_email_count_per_actorObject

Returns the value of attribute max_email_count_per_actor.



4
5
6
 
# File 'lib/door_mat/configuration.rb', line 4

def max_email_count_per_actor
  @max_email_count_per_actor
end

#password_less_sessionsObject

Returns the value of attribute password_less_sessions.



4
5
6
 
# File 'lib/door_mat/configuration.rb', line 4

def password_less_sessions
  @password_less_sessions
end

#password_reconfirm_delayObject

Returns the value of attribute password_reconfirm_delay.



4
5
6
 
# File 'lib/door_mat/configuration.rb', line 4

def password_reconfirm_delay
  @password_reconfirm_delay
end

#plausible_deniability_countObject

Returns the value of attribute plausible_deniability_count.



4
5
6
 
# File 'lib/door_mat/configuration.rb', line 4

def plausible_deniability_count
  @plausible_deniability_count
end

#private_computer_access_session_timeoutObject

Returns the value of attribute private_computer_access_session_timeout.



4
5
6
 
# File 'lib/door_mat/configuration.rb', line 4

def private_computer_access_session_timeout
  @private_computer_access_session_timeout
end

#public_computer_access_session_timeoutObject

Returns the value of attribute public_computer_access_session_timeout.



4
5
6
 
# File 'lib/door_mat/configuration.rb', line 4

def public_computer_access_session_timeout
  @public_computer_access_session_timeout
end

#reconfirm_password_success_urlObject

Returns the value of attribute reconfirm_password_success_url.



4
5
6
 
# File 'lib/door_mat/configuration.rb', line 4

def reconfirm_password_success_url
  @reconfirm_password_success_url
end

#remember_me_max_day_countObject

Returns the value of attribute remember_me_max_day_count.



4
5
6
 
# File 'lib/door_mat/configuration.rb', line 4

def remember_me_max_day_count
  @remember_me_max_day_count
end

#remember_me_require_private_computer_confirmationObject

Returns the value of attribute remember_me_require_private_computer_confirmation.



4
5
6
 
# File 'lib/door_mat/configuration.rb', line 4

def remember_me_require_private_computer_confirmation
  @remember_me_require_private_computer_confirmation
end

#resend_email_confirmation_redirect_urlObject

Returns the value of attribute resend_email_confirmation_redirect_url.



4
5
6
 
# File 'lib/door_mat/configuration.rb', line 4

def resend_email_confirmation_redirect_url
  @resend_email_confirmation_redirect_url
end

#set_primary_email_redirect_urlObject

Returns the value of attribute set_primary_email_redirect_url.



4
5
6
 
# File 'lib/door_mat/configuration.rb', line 4

def set_primary_email_redirect_url
  @set_primary_email_redirect_url
end

#sign_in_success_urlObject

Returns the value of attribute sign_in_success_url.



4
5
6
 
# File 'lib/door_mat/configuration.rb', line 4

def 
  @sign_in_success_url
end

#sign_out_success_urlObject

Returns the value of attribute sign_out_success_url.



4
5
6
 
# File 'lib/door_mat/configuration.rb', line 4

def sign_out_success_url
  @sign_out_success_url
end

#sign_up_success_urlObject

Returns the value of attribute sign_up_success_url.



4
5
6
 
# File 'lib/door_mat/configuration.rb', line 4

def 
  @sign_up_success_url
end

#transmit_cookies_only_over_httpsObject

Returns the value of attribute transmit_cookies_only_over_https.



4
5
6
 
# File 'lib/door_mat/configuration.rb', line 4

def transmit_cookies_only_over_https
  @transmit_cookies_only_over_https
end