Merge pull request #5274 from consuldemocracy/last-sign-in

ENS: Add security secret "last_sign_in"
2023-10-24 18:57:18 +02:00
parent ce4939703e 87fc3c572b
commit c1e0d58291
7 changed files with 56 additions and 3 deletions
--- a/app/components/account/sign_in_info_component.html.erb
+++ b/app/components/account/sign_in_info_component.html.erb
@@ -0,0 +1,4 @@
+<div class="callout primary">
+  <%= t("account.show.last_sign_in", last_sign_in_at: I18n.l(account.last_sign_in_at, format: :long),
+                                     last_sign_in_ip: account.last_sign_in_ip) %>
+</div>
--- a/app/components/account/sign_in_info_component.rb
+++ b/app/components/account/sign_in_info_component.rb
@@ -0,0 +1,11 @@
+class Account::SignInInfoComponent < ApplicationComponent
+  attr_reader :account
+
+  def initialize(account)
+    @account = account
+  end
+
+  def render?
+    Tenant.current_secrets.dig(:security, :last_sign_in)
+  end
+end
--- a/app/views/account/show.html.erb
+++ b/app/views/account/show.html.erb
@@ -10,6 +10,8 @@

    <h1 class="inline-block"><%= t("account.show.title") %></h1>

+    <%= render Account::SignInInfoComponent.new(@account) %>
+
    <%= form_for @account, as: :account, url: account_path do |f| %>
      <%= render "shared/errors", resource: @account %>

--- a/config/locales/en/general.yml
+++ b/config/locales/en/general.yml
@@ -1,6 +1,7 @@
 en:
  account:
    show:
+      last_sign_in: "Last login: %{last_sign_in_at} from IP %{last_sign_in_ip}"
      change_credentials_link: Change my login details
      erase_account_link: Erase my account
      finish_verification: Complete verification
--- a/config/locales/es/general.yml
+++ b/config/locales/es/general.yml
@@ -1,6 +1,7 @@
 es:
  account:
    show:
+      last_sign_in: "Último acceso efectuado: %{last_sign_in_at} desde la IP %{last_sign_in_ip}"
      change_credentials_link: Cambiar mis datos de acceso
      erase_account_link: Darme de baja
      finish_verification: Finalizar verificación
--- a/config/secrets.yml.example
+++ b/config/secrets.yml.example
@@ -19,6 +19,8 @@ development:
  http_basic_username: "dev"
  http_basic_password: "pass"
  multitenancy: false
+  security:
+    last_sign_in: false
  secret_key_base: 56792feef405a59b18ea7db57b4777e855103882b926413d4afdfb8c0ea8aa86ea6649da4e729c5f5ae324c0ab9338f789174cf48c544173bc18fdc3b14262e4
  <<: *maps

@@ -50,6 +52,8 @@ staging:
  managers_url: ""
  managers_application_key: ""
  multitenancy: false
+  security:
+    last_sign_in: false
  tenants:
    # If you've enabled multitenancy, you can overwrite secrets for a
    # specific tenant with:
@@ -58,7 +62,7 @@ staging:
    #   secret_key: my_secret_value
    #
    # Currently you can overwrite SMTP, SMS, manager, microsoft API,
-    # HTTP basic, twitter, facebook, google and wordpress settings.
+    # HTTP basic, twitter, facebook, google, wordpress and security settings.
  <<: *maps
  <<: *apis

@@ -86,6 +90,8 @@ preproduction:
  managers_url: ""
  managers_application_key: ""
  multitenancy: false
+  security:
+    last_sign_in: false
  tenants:
    # If you've enabled multitenancy, you can overwrite secrets for a
    # specific tenant with:
@@ -94,7 +100,7 @@ preproduction:
    #   secret_key: my_secret_value
    #
    # Currently you can overwrite SMTP, SMS, manager, microsoft API,
-    # HTTP basic, twitter, facebook, google and wordpress settings.
+    # HTTP basic, twitter, facebook, google, wordpress and security settings.
  twitter_key: ""
  twitter_secret: ""
  facebook_key: ""
@@ -127,6 +133,8 @@ production:
  managers_url: ""
  managers_application_key: ""
  multitenancy: false
+  security:
+    last_sign_in: false
  tenants:
    # If you've enabled multitenancy, you can overwrite secrets for a
    # specific tenant with:
@@ -135,7 +143,7 @@ production:
    #   secret_key: my_secret_value
    #
    # Currently you can overwrite SMTP, SMS, manager, microsoft API,
-    # HTTP basic, twitter, facebook, google and wordpress settings.
+    # HTTP basic, twitter, facebook, google, wordpress and security settings.
  twitter_key: ""
  twitter_secret: ""
  facebook_key: ""
--- a/spec/components/account/sign_in_info_component_spec.rb
+++ b/spec/components/account/sign_in_info_component_spec.rb
@@ -0,0 +1,26 @@
+require "rails_helper"
+
+describe Account::SignInInfoComponent do
+  let(:account) { create(:user, last_sign_in_at: Date.current, last_sign_in_ip: "1.2.3.4") }
+
+  context "Security secret for render last sign in is enabled" do
+    it "shows a sign in info" do
+      allow(Rails.application).to receive(:secrets).and_return(ActiveSupport::OrderedOptions.new.merge(
+        security: { last_sign_in: true }
+      ))
+
+      render_inline Account::SignInInfoComponent.new(account)
+
+      expect(page).to have_content "Last login:"
+      expect(page).to have_content "from IP"
+    end
+  end
+
+  context "Security secret for render last sign in is disabled" do
+    it "does not show sign in info" do
+      render_inline Account::SignInInfoComponent.new(account)
+
+      expect(page).not_to be_rendered
+    end
+  end
+end