Steve Polito

Shameless plug, but I think the guide I wrote could be a good resource since it covers topics such as timing attacks and multiple sessions. It also highlights the Current...

Support Rails 6.1.6.1

1

This commit does the bare minimum to support Rails 6.1.6.1 Because the `gem` command is no longer reversible, I opted to replace all instances with `append_file`. However, #1066 provides a...

Limit remember cookie to httponly

1

## Before https://github.com/stevepolitodesign/rails-authentication-from-scratch/blob/b3e253fe2986d5672ba50f4ca23d4af038d5e8b1/app/controllers/concerns/authentication.rb#L37-L39 ## After ```ruby def remember(active_session) cookies.permanent.encrypted[:remember_token] = { value: active_session.remember_token, httponly: true } end ``` Issues ------- [set httponly cookie](https://github.com/stevepolitodesign/rails_mvp_authentication/issues/53#issuecomment-1051187056)

https://github.com/stevepolitodesign/rails-authentication-from-scratch/blob/b3e253fe2986d5672ba50f4ca23d4af038d5e8b1/app/models/user.rb#L57 Issues ------- https://github.com/stevepolitodesign/rails_mvp_authentication/issues/54

I should up the the intro to reference [the generator](https://github.com/stevepolitodesign/rails_mvp_authentication). - [ ] Update [blog post](https://stevepolito.design/blog/rails-authentication-from-scratch/) - [ ] Update [Dev.to post](https://dev.to/stevepolitodesign/rails-authentication-from-scratch-38m2)

Remove call to `&& request.local?`. https://github.com/stevepolitodesign/rails_mvp_authentication/blob/b644108810c27e783b5a3cea7d72f779468e6e84/lib/generators/rails_mvp_authentication/templates/authentication.rb.tt#L56

Fix branching login in test helper

1

This should be: ```ruby elsif cookies[:remember_token].present ... end ``` https://github.com/stevepolitodesign/rails_mvp_authentication/blob/365017fb3173e99e901926da067d44825a9310a1/lib/generators/rails_mvp_authentication/install_generator.rb#L230-L233

If the `Gemfile` contains `bcrypt` (but commented out) the script should be un-commenting this line. Right now, we have logic in place to do this, but it's not working.

This is a work in progress Open questions - [ ] Explore default bundle strategy like esbuild. - [ ] Should we default to Hotwire? - [ ] Should we...

### Motivation / Background The previous recommendation to place constraints in `lib/constraints` did not work in practice on a default Rails install, as it will raise the following: ``` uninitialized...