class DoorMat::Configuration
Attributes
add_email_success_url[RW]
allow_redirect_to_requested_url[RW]
allow_remember_me_feature[RW]
allow_sign_in_from_sign_up_form[RW]
allow_sign_up[RW]
change_password_success_url[RW]
confirm_email_success_url[RW]
crypto_bcrypt_cost[RW]
crypto_pbkdf2_iterations[RW]
crypto_pbkdf2_password_length[RW]
crypto_pbkdf2_salt_length[RW]
crypto_secure_compare_default_length[RW]
define_door_mat_routes[RW]
destroy_email_redirect_url[RW]
event_hook_after_confirm_email[RW]
event_hook_after_download_recovery_key[RW]
event_hook_after_failed_confirm_email[RW]
event_hook_after_failed_download_recovery_key[RW]
event_hook_after_failed_sign_in[RW]
event_hook_after_failed_sign_up[RW]
event_hook_after_sign_in[RW]
event_hook_after_sign_out[RW]
event_hook_after_sign_up[RW]
event_hook_before_confirm_email[RW]
event_hook_before_download_recovery_key[RW]
event_hook_before_sign_in[RW]
event_hook_before_sign_out[RW]
event_hook_before_sign_up[RW]
forgot_password_link_expiration_delay_minutes[RW]
forgot_password_link_request_delay_minutes[RW]
forgot_password_verification_mail_sent_url[RW]
leak_email_address_at_reconfirm[RW]
lockdown_default_redirect_url[RW]
logger[RW]
mailer_from_address[RW]
max_email_count_per_actor[RW]
password_less_sessions[RW]
password_reconfirm_delay[RW]
plausible_deniability_count[RW]
private_computer_access_session_timeout[RW]
public_computer_access_session_timeout[RW]
reconfirm_password_success_url[RW]
remember_me_max_day_count[RW]
remember_me_require_private_computer_confirmation[RW]
resend_email_confirmation_redirect_url[RW]
set_primary_email_redirect_url[RW]
sign_in_success_url[RW]
sign_out_success_url[RW]
sign_up_success_url[RW]
Public Class Methods
new()
click to toggle source
# File lib/door_mat/configuration.rb, line 56 def initialize @mailer_from_address = "noreply@example.com" # Controllers that require_password_reconfirm will only # allow the user in without requesting an additional sign-in if the user password # was last entered less than password_reconfirm_delay # minutes ago. # All sections of the site allowing access to or modification # of sensitive information or settings should be protected this way. # This includes operations resulting in # a financial transaction using stored or pre-authorized payment methods. @password_reconfirm_delay = 5 # A session from a public computer will only last # until the browser is closed and will timeout # after public_computer_access_session_timeout # minutes of inactivity. @public_computer_access_session_timeout = 30 # A session from a private computer will survive # a browser restart but will expire in the # browser and timeout on the system # after private_computer_access_session_timeout # minutes of inactivity. @private_computer_access_session_timeout = 60 # To prevent email flooding, a new request for a recovery password # links will only be sent after the specified delay @forgot_password_link_request_delay_minutes = 30 # Password recovery links older than this delay become invalid @forgot_password_link_expiration_delay_minutes = 30 # Does the system allow the remember me feature? # High value target systems such as financial sites # should not allow the remember me feature. # Even when this feature is enabled, sensitive area of the site # should require users to re-authenticate using a # before_action -> {require_password_reconfirm()} # filter @allow_remember_me_feature = false # As a safety reminder, the user must confirm that they # are not loging in from a public computer before enabling # the remember me feature @remember_me_require_private_computer_confirmation = true # A session from a private computer for which the # cookie will remain for a number of days specified # by remember_me_max_day_count and automatically # renew the session for that period of time @remember_me_max_day_count = 30 # Do not pre-populate the email address field # in the sign_in form while doing a password reconfirmation # as it could be considered to leak the information about which # email address was used to login to the system before the reconfirmation request @leak_email_address_at_reconfirm = false # How many different accounts a single email address can be associated with on the system @plausible_deniability_count = 1 # How many different emails can be linked to an actor @max_email_count_per_actor = 2 # Production systems should eventually redefine their own routes explicitly # instead of relying on those provided by the engine @define_door_mat_routes = true # @allow_redirect_to_requested_url = true # When specifying redirects in # config/initializers/door_mat.rb you can use: # [ :main_app, :__path__ ] or [:__engine_name_, :__path__] respectively to redirect to an # existing path defined in your main application or loaded engine. # [:main_app, :root_url] to redirect to the root of your main application. # [ :request, :referer ] for an alternative to redirect_to :back. @lockdown_default_redirect_url = [ :request, :referer ] @sign_up_success_url = [ :sign_up_success_url ] @sign_in_success_url = [ :sign_in_success_url ] @add_email_success_url = [ :add_email_success_url ] @destroy_email_redirect_url = [ :request, :referer ] @set_primary_email_redirect_url = [ :request, :referer ] @resend_email_confirmation_redirect_url = [ :request, :referer ] @confirm_email_success_url = [ :confirm_email_success_url ] @reconfirm_password_success_url = [ :reconfirm_password_success_url ] @change_password_success_url = [ :change_password_success_url ] @sign_out_success_url = [ :sign_out_success_url ] @forgot_password_verification_mail_sent_url = [ :forgot_password_verification_mail_sent_url ] @allow_sign_up = true @allow_sign_in_from_sign_up_form = false @transmit_cookies_only_over_https = true @crypto_pbkdf2_salt_length = 32 @crypto_pbkdf2_password_length = 32 @crypto_pbkdf2_iterations = 10_000 @crypto_bcrypt_cost = 12 @crypto_secure_compare_default_length = 1024 @event_hook_before_sign_up = [] @event_hook_after_sign_up = [] @event_hook_after_failed_sign_up = [] @event_hook_before_sign_in = [] @event_hook_after_sign_in = [] @event_hook_after_failed_sign_in = [] @event_hook_before_confirm_email = [] @event_hook_after_confirm_email = [] # The confirmed DoorMat::Email is passed as function argument @event_hook_after_failed_confirm_email = [] @event_hook_before_download_recovery_key = [] @event_hook_after_download_recovery_key = [] @event_hook_after_failed_download_recovery_key = [] @event_hook_before_sign_out = [] @event_hook_after_sign_out = [] @logger = Rails.logger # By default, there are no password less sessions defined # see test_app/config/initializers/door_mat.rb for sample usage @password_less_sessions = {} end