diff --git a/README.md b/README.md index 61018a9..52f6f99 100644 --- a/README.md +++ b/README.md @@ -7,15 +7,20 @@ SDK (8.x). ## What's demonstrated +- **sign up** – new registrations are scored with the `risk` endpoint + (`$registration`); a `deny` verdict rolls the sign-up back, mirroring login. - **login** – successful logins are scored with the `risk` endpoint; failed logins are sent to `filter`. The returned verdict (`allow`, `challenge` or `deny`) drives whether the session is allowed. -- **logout & profile updates** – recorded with the non-blocking `log` endpoint. +- **logout, profile updates & custom events** – recorded with the non-blocking + `log` endpoint. The custom event is available from the profile page, once + signed in. - **Twitter/X OAuth login** – the same risk assessment applied to social sign-in. - **webhooks** – incoming Castle webhooks are signature-verified with `Castle::Webhooks::Verify` and listed in the app. - **browser SDK** – the `@castleio/castle-js` SDK mints a request token in the - browser that is submitted with the login form and forwarded to the API. + browser for every Castle-bound form (sign up, login, profile update, custom + event, logout) and forwards it to the backend. ## Screenshots diff --git a/app/assets/builds/tailwind.css b/app/assets/builds/tailwind.css index 4c7a143..260fc20 100644 --- a/app/assets/builds/tailwind.css +++ b/app/assets/builds/tailwind.css @@ -1 +1 @@ -*,:after,:before{--tw-border-spacing-x:0;--tw-border-spacing-y:0;--tw-translate-x:0;--tw-translate-y:0;--tw-rotate:0;--tw-skew-x:0;--tw-skew-y:0;--tw-scale-x:1;--tw-scale-y:1;--tw-pan-x: ;--tw-pan-y: ;--tw-pinch-zoom: ;--tw-scroll-snap-strictness:proximity;--tw-gradient-from-position: ;--tw-gradient-via-position: ;--tw-gradient-to-position: ;--tw-ordinal: ;--tw-slashed-zero: ;--tw-numeric-figure: ;--tw-numeric-spacing: ;--tw-numeric-fraction: ;--tw-ring-inset: ;--tw-ring-offset-width:0px;--tw-ring-offset-color:#fff;--tw-ring-color:rgba(59,130,246,.5);--tw-ring-offset-shadow:0 0 #0000;--tw-ring-shadow:0 0 #0000;--tw-shadow:0 0 #0000;--tw-shadow-colored:0 0 #0000;--tw-blur: ;--tw-brightness: ;--tw-contrast: ;--tw-grayscale: ;--tw-hue-rotate: ;--tw-invert: ;--tw-saturate: ;--tw-sepia: ;--tw-drop-shadow: ;--tw-backdrop-blur: ;--tw-backdrop-brightness: ;--tw-backdrop-contrast: ;--tw-backdrop-grayscale: ;--tw-backdrop-hue-rotate: ;--tw-backdrop-invert: ;--tw-backdrop-opacity: ;--tw-backdrop-saturate: ;--tw-backdrop-sepia: ;--tw-contain-size: ;--tw-contain-layout: ;--tw-contain-paint: ;--tw-contain-style: }::backdrop{--tw-border-spacing-x:0;--tw-border-spacing-y:0;--tw-translate-x:0;--tw-translate-y:0;--tw-rotate:0;--tw-skew-x:0;--tw-skew-y:0;--tw-scale-x:1;--tw-scale-y:1;--tw-pan-x: ;--tw-pan-y: ;--tw-pinch-zoom: ;--tw-scroll-snap-strictness:proximity;--tw-gradient-from-position: ;--tw-gradient-via-position: ;--tw-gradient-to-position: ;--tw-ordinal: ;--tw-slashed-zero: ;--tw-numeric-figure: ;--tw-numeric-spacing: ;--tw-numeric-fraction: ;--tw-ring-inset: ;--tw-ring-offset-width:0px;--tw-ring-offset-color:#fff;--tw-ring-color:rgba(59,130,246,.5);--tw-ring-offset-shadow:0 0 #0000;--tw-ring-shadow:0 0 #0000;--tw-shadow:0 0 #0000;--tw-shadow-colored:0 0 #0000;--tw-blur: ;--tw-brightness: ;--tw-contrast: ;--tw-grayscale: ;--tw-hue-rotate: ;--tw-invert: ;--tw-saturate: ;--tw-sepia: ;--tw-drop-shadow: ;--tw-backdrop-blur: ;--tw-backdrop-brightness: ;--tw-backdrop-contrast: ;--tw-backdrop-grayscale: ;--tw-backdrop-hue-rotate: ;--tw-backdrop-invert: ;--tw-backdrop-opacity: ;--tw-backdrop-saturate: ;--tw-backdrop-sepia: ;--tw-contain-size: ;--tw-contain-layout: ;--tw-contain-paint: ;--tw-contain-style: }/*! tailwindcss v3.4.19 | MIT License | https://tailwindcss.com*/*,:after,:before{border:0 solid #e5e7eb;box-sizing:border-box}:after,:before{--tw-content:""}:host,html{line-height:1.5;-webkit-text-size-adjust:100%;font-family:Inter,ui-sans-serif,system-ui,sans-serif;font-feature-settings:normal;font-variation-settings:normal;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-tap-highlight-color:transparent}body{line-height:inherit;margin:0}hr{border-top-width:1px;color:inherit;height:0}abbr:where([title]){-webkit-text-decoration:underline dotted;text-decoration:underline dotted}h1,h2,h3,h4,h5,h6{font-size:inherit;font-weight:inherit}a{color:inherit;text-decoration:inherit}b,strong{font-weight:bolder}code,kbd,pre,samp{font-family:ui-monospace,SFMono-Regular,Menlo,Consolas,monospace;font-feature-settings:normal;font-size:1em;font-variation-settings:normal}small{font-size:80%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}sub{bottom:-.25em}sup{top:-.5em}table{border-collapse:collapse;border-color:inherit;text-indent:0}button,input,optgroup,select,textarea{color:inherit;font-family:inherit;font-feature-settings:inherit;font-size:100%;font-variation-settings:inherit;font-weight:inherit;letter-spacing:inherit;line-height:inherit;margin:0;padding:0}button,select{text-transform:none}button,input:where([type=button]),input:where([type=reset]),input:where([type=submit]){-webkit-appearance:button;background-color:transparent;background-image:none}:-moz-focusring{outline:auto}:-moz-ui-invalid{box-shadow:none}progress{vertical-align:baseline}::-webkit-inner-spin-button,::-webkit-outer-spin-button{height:auto}[type=search]{-webkit-appearance:textfield;outline-offset:-2px}::-webkit-search-decoration{-webkit-appearance:none}::-webkit-file-upload-button{-webkit-appearance:button;font:inherit}summary{display:list-item}blockquote,dd,dl,figure,h1,h2,h3,h4,h5,h6,hr,p,pre{margin:0}fieldset{margin:0}fieldset,legend{padding:0}menu,ol,ul{list-style:none;margin:0;padding:0}dialog{padding:0}textarea{resize:vertical}input::-moz-placeholder,textarea::-moz-placeholder{color:#9ca3af;opacity:1}input::placeholder,textarea::placeholder{color:#9ca3af;opacity:1}[role=button],button{cursor:pointer}:disabled{cursor:default}audio,canvas,embed,iframe,img,object,svg,video{display:block;vertical-align:middle}img,video{height:auto;max-width:100%}[hidden]:where(:not([hidden=until-found])){display:none}body{min-height:100vh;--tw-bg-opacity:1;background-color:rgb(11 14 20/var(--tw-bg-opacity,1));color:rgb(230 233 239/var(--tw-text-opacity,1));font-family:Inter,ui-sans-serif,system-ui,sans-serif;font-size:15px;line-height:1.625;-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale;background-image:radial-gradient(1200px 600px at 80% -10%,rgba(124,92,255,.12),transparent 60%)}a,body{--tw-text-opacity:1}a{color:rgb(124 92 255/var(--tw-text-opacity,1));text-decoration-line:none}a:hover{text-decoration-line:underline}h1,h2,h3,h4{font-weight:600;line-height:1.25}p{margin-bottom:.75rem}code{border-radius:.25rem;border-width:1px;--tw-border-opacity:1;border-color:rgb(35 43 57/var(--tw-border-opacity,1));--tw-bg-opacity:1;background-color:rgb(27 34 48/var(--tw-bg-opacity,1));font-family:ui-monospace,SFMono-Regular,Menlo,Consolas,monospace;font-size:.86em;padding:.125rem .375rem}.relative{position:relative}.mb-4{margin-bottom:1rem}.mb-6{margin-bottom:1.5rem}.mt-2{margin-top:.5rem}.mt-3{margin-top:.75rem}.mt-4{margin-top:1rem}.block{display:block}.inline{display:inline}.table{display:table}.hidden{display:none}.w-full{width:100%}.list-disc{list-style-type:disc}.justify-center{justify-content:center}.justify-between{justify-content:space-between}.border{border-width:1px}.pl-5{padding-left:1.25rem}.text-center{text-align:center}.text-\[1\.2rem\]{font-size:1.2rem}.text-\[1\.3rem\]{font-size:1.3rem}.text-\[1\.4rem\]{font-size:1.4rem}.text-\[2rem\]{font-size:2rem}.text-muted{--tw-text-opacity:1;color:rgb(154 164 178/var(--tw-text-opacity,1))}.filter{filter:var(--tw-blur) var(--tw-brightness) var(--tw-contrast) var(--tw-grayscale) var(--tw-hue-rotate) var(--tw-invert) var(--tw-saturate) var(--tw-sepia) var(--tw-drop-shadow)}.navbar{border-bottom-width:1px;flex-wrap:wrap;gap:1.5rem;position:sticky;top:0;z-index:50;--tw-border-opacity:1;-webkit-backdrop-filter:blur(10px);backdrop-filter:blur(10px);background:rgba(13,16,22,.8);border-color:rgb(35 43 57/var(--tw-border-opacity,1));padding:.875rem 1.5rem}.brand,.navbar{align-items:center;display:flex}.brand{font-size:1.05rem;font-weight:700;gap:.5rem;--tw-text-opacity:1;color:rgb(230 233 239/var(--tw-text-opacity,1))}.brand:hover{text-decoration-line:none}.brand-dot{border-radius:9999px;height:.625rem;width:.625rem;--tw-bg-opacity:1;background-color:rgb(124 92 255/var(--tw-bg-opacity,1));box-shadow:0 0 12px #7c5cff}.nav-links{align-items:center;display:flex;flex-wrap:wrap;gap:1.25rem;margin-left:auto}.nav-links a{font-size:.92rem;--tw-text-opacity:1;color:rgb(154 164 178/var(--tw-text-opacity,1))}.nav-links a:hover{--tw-text-opacity:1;color:rgb(230 233 239/var(--tw-text-opacity,1));text-decoration-line:none}.tag{background-color:rgba(124,92,255,.1);border-color:rgba(124,92,255,.4);border-radius:9999px;border-width:1px;font-size:.75rem;font-weight:600;line-height:1rem;padding:.125rem .5rem;--tw-text-opacity:1;color:rgb(124 92 255/var(--tw-text-opacity,1))}.container-page{margin-left:auto;margin-right:auto;max-width:1120px;padding:2rem 1.5rem 4rem}.container-narrow{margin-left:auto;margin-right:auto;max-width:420px;padding:4rem 1.5rem;width:100%}.card{border-radius:14px;border-width:1px;--tw-border-opacity:1;border-color:rgb(35 43 57/var(--tw-border-opacity,1));--tw-bg-opacity:1;background-color:rgb(21 26 35/var(--tw-bg-opacity,1));padding:1.5rem;--tw-shadow:0 10px 30px rgba(0,0,0,.35);--tw-shadow-colored:0 10px 30px var(--tw-shadow-color);box-shadow:var(--tw-ring-offset-shadow,0 0 #0000),var(--tw-ring-shadow,0 0 #0000),var(--tw-shadow)}.eyebrow{font-size:.75rem;font-weight:700;letter-spacing:.05em;line-height:1rem;margin-bottom:.375rem;text-transform:uppercase;--tw-text-opacity:1;color:rgb(154 164 178/var(--tw-text-opacity,1))}.hero{margin-bottom:2rem;padding:2rem}.feature,.hero{border-radius:14px;border-width:1px;--tw-border-opacity:1;border-color:rgb(35 43 57/var(--tw-border-opacity,1));--tw-bg-opacity:1;background-color:rgb(21 26 35/var(--tw-bg-opacity,1))}.feature{display:block;padding:1.25rem;text-align:left;transition-duration:.15s;transition-property:color,background-color,border-color,text-decoration-color,fill,stroke,opacity,box-shadow,transform,filter,-webkit-backdrop-filter;transition-property:color,background-color,border-color,text-decoration-color,fill,stroke,opacity,box-shadow,transform,filter,backdrop-filter;transition-property:color,background-color,border-color,text-decoration-color,fill,stroke,opacity,box-shadow,transform,filter,backdrop-filter,-webkit-backdrop-filter;transition-timing-function:cubic-bezier(.4,0,.2,1)}.feature:hover{--tw-translate-y:-0.125rem;transform:translate(var(--tw-translate-x),var(--tw-translate-y)) rotate(var(--tw-rotate)) skewX(var(--tw-skew-x)) skewY(var(--tw-skew-y)) scaleX(var(--tw-scale-x)) scaleY(var(--tw-scale-y));--tw-border-opacity:1;border-color:rgb(124 92 255/var(--tw-border-opacity,1));text-decoration-line:none}.section-head{border-bottom-width:1px;margin-bottom:.75rem;margin-top:2rem;--tw-border-opacity:1;border-color:rgb(35 43 57/var(--tw-border-opacity,1));padding-bottom:.5rem}.prose-list>:not([hidden])~:not([hidden]){--tw-space-y-reverse:0;margin-bottom:calc(.5rem*var(--tw-space-y-reverse));margin-top:calc(.5rem*(1 - var(--tw-space-y-reverse)))}.field{margin-bottom:.875rem}.field label{display:block;font-size:.82rem;font-weight:600;margin-bottom:.375rem;--tw-text-opacity:1;color:rgb(154 164 178/var(--tw-text-opacity,1))}.input,input[type=email],input[type=password],input[type=text]{border-radius:9px;border-width:1px;width:100%;--tw-border-opacity:1;border-color:rgb(35 43 57/var(--tw-border-opacity,1));--tw-bg-opacity:1;background-color:rgb(17 21 31/var(--tw-bg-opacity,1));font-family:Inter,ui-sans-serif,system-ui,sans-serif;font-size:.95rem;padding:.625rem .75rem;--tw-text-opacity:1;color:rgb(230 233 239/var(--tw-text-opacity,1));transition-duration:.15s;transition-property:color,background-color,border-color,text-decoration-color,fill,stroke,opacity,box-shadow,transform,filter,-webkit-backdrop-filter;transition-property:color,background-color,border-color,text-decoration-color,fill,stroke,opacity,box-shadow,transform,filter,backdrop-filter;transition-property:color,background-color,border-color,text-decoration-color,fill,stroke,opacity,box-shadow,transform,filter,backdrop-filter,-webkit-backdrop-filter;transition-timing-function:cubic-bezier(.4,0,.2,1)}.input:focus,input[type=email]:focus,input[type=password]:focus,input[type=text]:focus{--tw-border-opacity:1;border-color:rgb(124 92 255/var(--tw-border-opacity,1));box-shadow:0 0 0 3px rgba(124,92,255,.14);outline:2px solid transparent;outline-offset:2px}.btn{border-radius:9px;border-width:1px;cursor:pointer;display:inline-block;--tw-border-opacity:1;border-color:rgb(35 43 57/var(--tw-border-opacity,1));--tw-bg-opacity:1;background-color:rgb(27 34 48/var(--tw-bg-opacity,1));font-family:Inter,ui-sans-serif,system-ui,sans-serif;font-size:.92rem;font-weight:600;padding:.625rem 1rem;text-align:center;--tw-text-opacity:1;color:rgb(230 233 239/var(--tw-text-opacity,1));text-decoration-line:none;transition-duration:.15s;transition-property:color,background-color,border-color,text-decoration-color,fill,stroke,opacity,box-shadow,transform,filter,-webkit-backdrop-filter;transition-property:color,background-color,border-color,text-decoration-color,fill,stroke,opacity,box-shadow,transform,filter,backdrop-filter;transition-property:color,background-color,border-color,text-decoration-color,fill,stroke,opacity,box-shadow,transform,filter,backdrop-filter,-webkit-backdrop-filter;transition-timing-function:cubic-bezier(.4,0,.2,1)}.btn:hover{--tw-border-opacity:1;border-color:rgb(124 92 255/var(--tw-border-opacity,1));text-decoration-line:none}.btn:active{--tw-translate-y:1px;transform:translate(var(--tw-translate-x),var(--tw-translate-y)) rotate(var(--tw-rotate)) skewX(var(--tw-skew-x)) skewY(var(--tw-skew-y)) scaleX(var(--tw-scale-x)) scaleY(var(--tw-scale-y))}.btn-primary{--tw-border-opacity:1;border-color:rgb(124 92 255/var(--tw-border-opacity,1));--tw-bg-opacity:1;background-color:rgb(124 92 255/var(--tw-bg-opacity,1));--tw-text-opacity:1;color:rgb(255 255 255/var(--tw-text-opacity,1))}.btn-primary:hover{--tw-bg-opacity:1;background-color:rgb(107 76 240/var(--tw-bg-opacity,1))}.btn-alt,.btn-ghost{background-color:transparent}.btn-danger{background-color:rgba(255,92,124,.1);border-color:rgba(255,92,124,.5);--tw-text-opacity:1;color:rgb(255 92 124/var(--tw-text-opacity,1))}.btn-row{display:flex;flex-wrap:wrap;gap:.625rem;margin-top:1rem}.alert{align-items:center;border-radius:9px;border-width:1px;display:flex;font-size:.92rem;gap:1rem;justify-content:space-between;margin-bottom:1rem;padding:.75rem 1rem}.alert-success{background-color:rgba(46,204,113,.1);border-color:rgba(46,204,113,.4)}.alert-danger,.alert-success{--tw-text-opacity:1;color:rgb(230 233 239/var(--tw-text-opacity,1))}.alert-danger{background-color:rgba(255,92,124,.1);border-color:rgba(255,92,124,.4)}.alert .btn-close{background-color:transparent;border-width:0;cursor:pointer;font-size:1.125rem;line-height:1.75rem;line-height:1;--tw-text-opacity:1;color:rgb(154 164 178/var(--tw-text-opacity,1))}.alert .btn-close:hover{--tw-text-opacity:1;color:rgb(230 233 239/var(--tw-text-opacity,1))}table.table{border-collapse:collapse;border-radius:9px;font-size:.9rem;overflow:hidden;width:100%}table.table th{border-bottom-width:1px;--tw-border-opacity:1;border-color:rgb(35 43 57/var(--tw-border-opacity,1));--tw-bg-opacity:1;background-color:rgb(27 34 48/var(--tw-bg-opacity,1));font-size:.78rem;font-weight:700;letter-spacing:.025em;padding:.5rem .75rem;text-align:left;text-transform:uppercase;--tw-text-opacity:1;color:rgb(154 164 178/var(--tw-text-opacity,1))}table.table td{border-bottom-width:1px;--tw-border-opacity:1;border-color:rgb(28 35 48/var(--tw-border-opacity,1));padding:.5rem .75rem;vertical-align:top}.lead{font-size:1.1rem;--tw-text-opacity:1;color:rgb(154 164 178/var(--tw-text-opacity,1))}.form-actions{margin-top:1.25rem}.error,.invalid-feedback{color:rgb(255 92 124/var(--tw-text-opacity,1))}.error,.hint,.invalid-feedback{display:block;font-size:.8rem;margin-top:.25rem;--tw-text-opacity:1}.hint{color:rgb(154 164 178/var(--tw-text-opacity,1))}.field_with_errors{display:contents} \ No newline at end of file +*,:after,:before{--tw-border-spacing-x:0;--tw-border-spacing-y:0;--tw-translate-x:0;--tw-translate-y:0;--tw-rotate:0;--tw-skew-x:0;--tw-skew-y:0;--tw-scale-x:1;--tw-scale-y:1;--tw-pan-x: ;--tw-pan-y: ;--tw-pinch-zoom: ;--tw-scroll-snap-strictness:proximity;--tw-gradient-from-position: ;--tw-gradient-via-position: ;--tw-gradient-to-position: ;--tw-ordinal: ;--tw-slashed-zero: ;--tw-numeric-figure: ;--tw-numeric-spacing: ;--tw-numeric-fraction: ;--tw-ring-inset: ;--tw-ring-offset-width:0px;--tw-ring-offset-color:#fff;--tw-ring-color:rgba(59,130,246,.5);--tw-ring-offset-shadow:0 0 #0000;--tw-ring-shadow:0 0 #0000;--tw-shadow:0 0 #0000;--tw-shadow-colored:0 0 #0000;--tw-blur: ;--tw-brightness: ;--tw-contrast: ;--tw-grayscale: ;--tw-hue-rotate: ;--tw-invert: ;--tw-saturate: ;--tw-sepia: ;--tw-drop-shadow: ;--tw-backdrop-blur: ;--tw-backdrop-brightness: ;--tw-backdrop-contrast: ;--tw-backdrop-grayscale: ;--tw-backdrop-hue-rotate: ;--tw-backdrop-invert: ;--tw-backdrop-opacity: ;--tw-backdrop-saturate: ;--tw-backdrop-sepia: ;--tw-contain-size: ;--tw-contain-layout: ;--tw-contain-paint: ;--tw-contain-style: }::backdrop{--tw-border-spacing-x:0;--tw-border-spacing-y:0;--tw-translate-x:0;--tw-translate-y:0;--tw-rotate:0;--tw-skew-x:0;--tw-skew-y:0;--tw-scale-x:1;--tw-scale-y:1;--tw-pan-x: ;--tw-pan-y: ;--tw-pinch-zoom: ;--tw-scroll-snap-strictness:proximity;--tw-gradient-from-position: ;--tw-gradient-via-position: ;--tw-gradient-to-position: ;--tw-ordinal: ;--tw-slashed-zero: ;--tw-numeric-figure: ;--tw-numeric-spacing: ;--tw-numeric-fraction: ;--tw-ring-inset: ;--tw-ring-offset-width:0px;--tw-ring-offset-color:#fff;--tw-ring-color:rgba(59,130,246,.5);--tw-ring-offset-shadow:0 0 #0000;--tw-ring-shadow:0 0 #0000;--tw-shadow:0 0 #0000;--tw-shadow-colored:0 0 #0000;--tw-blur: ;--tw-brightness: ;--tw-contrast: ;--tw-grayscale: ;--tw-hue-rotate: ;--tw-invert: ;--tw-saturate: ;--tw-sepia: ;--tw-drop-shadow: ;--tw-backdrop-blur: ;--tw-backdrop-brightness: ;--tw-backdrop-contrast: ;--tw-backdrop-grayscale: ;--tw-backdrop-hue-rotate: ;--tw-backdrop-invert: ;--tw-backdrop-opacity: ;--tw-backdrop-saturate: ;--tw-backdrop-sepia: ;--tw-contain-size: ;--tw-contain-layout: ;--tw-contain-paint: ;--tw-contain-style: }/*! tailwindcss v3.4.19 | MIT License | https://tailwindcss.com*/*,:after,:before{border:0 solid #e5e7eb;box-sizing:border-box}:after,:before{--tw-content:""}:host,html{line-height:1.5;-webkit-text-size-adjust:100%;font-family:Inter,ui-sans-serif,system-ui,sans-serif;font-feature-settings:normal;font-variation-settings:normal;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-tap-highlight-color:transparent}body{line-height:inherit;margin:0}hr{border-top-width:1px;color:inherit;height:0}abbr:where([title]){-webkit-text-decoration:underline dotted;text-decoration:underline dotted}h1,h2,h3,h4,h5,h6{font-size:inherit;font-weight:inherit}a{color:inherit;text-decoration:inherit}b,strong{font-weight:bolder}code,kbd,pre,samp{font-family:ui-monospace,SFMono-Regular,Menlo,Consolas,monospace;font-feature-settings:normal;font-size:1em;font-variation-settings:normal}small{font-size:80%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}sub{bottom:-.25em}sup{top:-.5em}table{border-collapse:collapse;border-color:inherit;text-indent:0}button,input,optgroup,select,textarea{color:inherit;font-family:inherit;font-feature-settings:inherit;font-size:100%;font-variation-settings:inherit;font-weight:inherit;letter-spacing:inherit;line-height:inherit;margin:0;padding:0}button,select{text-transform:none}button,input:where([type=button]),input:where([type=reset]),input:where([type=submit]){-webkit-appearance:button;background-color:transparent;background-image:none}:-moz-focusring{outline:auto}:-moz-ui-invalid{box-shadow:none}progress{vertical-align:baseline}::-webkit-inner-spin-button,::-webkit-outer-spin-button{height:auto}[type=search]{-webkit-appearance:textfield;outline-offset:-2px}::-webkit-search-decoration{-webkit-appearance:none}::-webkit-file-upload-button{-webkit-appearance:button;font:inherit}summary{display:list-item}blockquote,dd,dl,figure,h1,h2,h3,h4,h5,h6,hr,p,pre{margin:0}fieldset{margin:0}fieldset,legend{padding:0}menu,ol,ul{list-style:none;margin:0;padding:0}dialog{padding:0}textarea{resize:vertical}input::-moz-placeholder,textarea::-moz-placeholder{color:#9ca3af;opacity:1}input::placeholder,textarea::placeholder{color:#9ca3af;opacity:1}[role=button],button{cursor:pointer}:disabled{cursor:default}audio,canvas,embed,iframe,img,object,svg,video{display:block;vertical-align:middle}img,video{height:auto;max-width:100%}[hidden]:where(:not([hidden=until-found])){display:none}body{min-height:100vh;--tw-bg-opacity:1;background-color:rgb(11 14 20/var(--tw-bg-opacity,1));color:rgb(230 233 239/var(--tw-text-opacity,1));font-family:Inter,ui-sans-serif,system-ui,sans-serif;font-size:15px;line-height:1.625;-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale;background-image:radial-gradient(1200px 600px at 80% -10%,rgba(124,92,255,.12),transparent 60%)}a,body{--tw-text-opacity:1}a{color:rgb(124 92 255/var(--tw-text-opacity,1));text-decoration-line:none}a:hover{text-decoration-line:underline}h1,h2,h3,h4{font-weight:600;line-height:1.25}p{margin-bottom:.75rem}code{border-radius:.25rem;border-width:1px;--tw-border-opacity:1;border-color:rgb(35 43 57/var(--tw-border-opacity,1));--tw-bg-opacity:1;background-color:rgb(27 34 48/var(--tw-bg-opacity,1));font-family:ui-monospace,SFMono-Regular,Menlo,Consolas,monospace;font-size:.86em;padding:.125rem .375rem}.relative{position:relative}.mb-4{margin-bottom:1rem}.mb-6{margin-bottom:1.5rem}.mt-2{margin-top:.5rem}.mt-3{margin-top:.75rem}.mt-4{margin-top:1rem}.block{display:block}.inline{display:inline}.table{display:table}.hidden{display:none}.w-full{width:100%}.list-disc{list-style-type:disc}.justify-center{justify-content:center}.justify-between{justify-content:space-between}.border{border-width:1px}.pl-5{padding-left:1.25rem}.text-center{text-align:center}.text-\[1\.2rem\]{font-size:1.2rem}.text-\[1\.3rem\]{font-size:1.3rem}.text-\[1\.4rem\]{font-size:1.4rem}.text-\[2rem\]{font-size:2rem}.text-muted{--tw-text-opacity:1;color:rgb(154 164 178/var(--tw-text-opacity,1))}.filter{filter:var(--tw-blur) var(--tw-brightness) var(--tw-contrast) var(--tw-grayscale) var(--tw-hue-rotate) var(--tw-invert) var(--tw-saturate) var(--tw-sepia) var(--tw-drop-shadow)}.navbar{border-bottom-width:1px;flex-wrap:wrap;gap:1.5rem;position:sticky;top:0;z-index:50;--tw-border-opacity:1;-webkit-backdrop-filter:blur(10px);backdrop-filter:blur(10px);background:rgba(13,16,22,.8);border-color:rgb(35 43 57/var(--tw-border-opacity,1));padding:.875rem 1.5rem}.brand,.navbar{align-items:center;display:flex}.brand{font-size:1.05rem;font-weight:700;gap:.5rem;--tw-text-opacity:1;color:rgb(230 233 239/var(--tw-text-opacity,1))}.brand:hover{text-decoration-line:none}.brand-dot{border-radius:9999px;height:.625rem;width:.625rem;--tw-bg-opacity:1;background-color:rgb(124 92 255/var(--tw-bg-opacity,1));box-shadow:0 0 12px #7c5cff}.nav-links{align-items:center;display:flex;flex-wrap:wrap;gap:1.25rem;margin-left:auto}.nav-links a{font-size:.92rem;--tw-text-opacity:1;color:rgb(154 164 178/var(--tw-text-opacity,1))}.nav-links a:hover{--tw-text-opacity:1;color:rgb(230 233 239/var(--tw-text-opacity,1));text-decoration-line:none}.nav-links form{display:inline;margin:0}.nav-links form button{background-color:transparent;border-width:0;cursor:pointer;font-size:.92rem;padding:0;--tw-text-opacity:1;color:rgb(154 164 178/var(--tw-text-opacity,1))}.nav-links form button:hover{--tw-text-opacity:1;color:rgb(230 233 239/var(--tw-text-opacity,1))}.tag{background-color:rgba(124,92,255,.1);border-color:rgba(124,92,255,.4);border-radius:9999px;border-width:1px;font-size:.75rem;font-weight:600;line-height:1rem;padding:.125rem .5rem;--tw-text-opacity:1;color:rgb(124 92 255/var(--tw-text-opacity,1))}.container-page{margin-left:auto;margin-right:auto;max-width:1120px;padding:2rem 1.5rem 4rem}.container-narrow{margin-left:auto;margin-right:auto;max-width:420px;padding:4rem 1.5rem;width:100%}.card{border-radius:14px;border-width:1px;--tw-border-opacity:1;border-color:rgb(35 43 57/var(--tw-border-opacity,1));--tw-bg-opacity:1;background-color:rgb(21 26 35/var(--tw-bg-opacity,1));padding:1.5rem;--tw-shadow:0 10px 30px rgba(0,0,0,.35);--tw-shadow-colored:0 10px 30px var(--tw-shadow-color);box-shadow:var(--tw-ring-offset-shadow,0 0 #0000),var(--tw-ring-shadow,0 0 #0000),var(--tw-shadow)}.eyebrow{font-size:.75rem;font-weight:700;letter-spacing:.05em;line-height:1rem;margin-bottom:.375rem;text-transform:uppercase;--tw-text-opacity:1;color:rgb(154 164 178/var(--tw-text-opacity,1))}.hero{margin-bottom:2rem;padding:2rem}.feature,.hero{border-radius:14px;border-width:1px;--tw-border-opacity:1;border-color:rgb(35 43 57/var(--tw-border-opacity,1));--tw-bg-opacity:1;background-color:rgb(21 26 35/var(--tw-bg-opacity,1))}.feature{display:block;padding:1.25rem;text-align:left;transition-duration:.15s;transition-property:color,background-color,border-color,text-decoration-color,fill,stroke,opacity,box-shadow,transform,filter,-webkit-backdrop-filter;transition-property:color,background-color,border-color,text-decoration-color,fill,stroke,opacity,box-shadow,transform,filter,backdrop-filter;transition-property:color,background-color,border-color,text-decoration-color,fill,stroke,opacity,box-shadow,transform,filter,backdrop-filter,-webkit-backdrop-filter;transition-timing-function:cubic-bezier(.4,0,.2,1)}.feature:hover{--tw-translate-y:-0.125rem;transform:translate(var(--tw-translate-x),var(--tw-translate-y)) rotate(var(--tw-rotate)) skewX(var(--tw-skew-x)) skewY(var(--tw-skew-y)) scaleX(var(--tw-scale-x)) scaleY(var(--tw-scale-y));--tw-border-opacity:1;border-color:rgb(124 92 255/var(--tw-border-opacity,1));text-decoration-line:none}.section-head{border-bottom-width:1px;margin-bottom:.75rem;margin-top:2rem;--tw-border-opacity:1;border-color:rgb(35 43 57/var(--tw-border-opacity,1));padding-bottom:.5rem}.prose-list>:not([hidden])~:not([hidden]){--tw-space-y-reverse:0;margin-bottom:calc(.5rem*var(--tw-space-y-reverse));margin-top:calc(.5rem*(1 - var(--tw-space-y-reverse)))}.field{margin-bottom:.875rem}.field label{display:block;font-size:.82rem;font-weight:600;margin-bottom:.375rem;--tw-text-opacity:1;color:rgb(154 164 178/var(--tw-text-opacity,1))}.input,input[type=email],input[type=password],input[type=text]{border-radius:9px;border-width:1px;width:100%;--tw-border-opacity:1;border-color:rgb(35 43 57/var(--tw-border-opacity,1));--tw-bg-opacity:1;background-color:rgb(17 21 31/var(--tw-bg-opacity,1));font-family:Inter,ui-sans-serif,system-ui,sans-serif;font-size:.95rem;padding:.625rem .75rem;--tw-text-opacity:1;color:rgb(230 233 239/var(--tw-text-opacity,1));transition-duration:.15s;transition-property:color,background-color,border-color,text-decoration-color,fill,stroke,opacity,box-shadow,transform,filter,-webkit-backdrop-filter;transition-property:color,background-color,border-color,text-decoration-color,fill,stroke,opacity,box-shadow,transform,filter,backdrop-filter;transition-property:color,background-color,border-color,text-decoration-color,fill,stroke,opacity,box-shadow,transform,filter,backdrop-filter,-webkit-backdrop-filter;transition-timing-function:cubic-bezier(.4,0,.2,1)}.input:focus,input[type=email]:focus,input[type=password]:focus,input[type=text]:focus{--tw-border-opacity:1;border-color:rgb(124 92 255/var(--tw-border-opacity,1));box-shadow:0 0 0 3px rgba(124,92,255,.14);outline:2px solid transparent;outline-offset:2px}.btn{border-radius:9px;border-width:1px;cursor:pointer;display:inline-block;--tw-border-opacity:1;border-color:rgb(35 43 57/var(--tw-border-opacity,1));--tw-bg-opacity:1;background-color:rgb(27 34 48/var(--tw-bg-opacity,1));font-family:Inter,ui-sans-serif,system-ui,sans-serif;font-size:.92rem;font-weight:600;padding:.625rem 1rem;text-align:center;--tw-text-opacity:1;color:rgb(230 233 239/var(--tw-text-opacity,1));text-decoration-line:none;transition-duration:.15s;transition-property:color,background-color,border-color,text-decoration-color,fill,stroke,opacity,box-shadow,transform,filter,-webkit-backdrop-filter;transition-property:color,background-color,border-color,text-decoration-color,fill,stroke,opacity,box-shadow,transform,filter,backdrop-filter;transition-property:color,background-color,border-color,text-decoration-color,fill,stroke,opacity,box-shadow,transform,filter,backdrop-filter,-webkit-backdrop-filter;transition-timing-function:cubic-bezier(.4,0,.2,1)}.btn:hover{--tw-border-opacity:1;border-color:rgb(124 92 255/var(--tw-border-opacity,1));text-decoration-line:none}.btn:active{--tw-translate-y:1px;transform:translate(var(--tw-translate-x),var(--tw-translate-y)) rotate(var(--tw-rotate)) skewX(var(--tw-skew-x)) skewY(var(--tw-skew-y)) scaleX(var(--tw-scale-x)) scaleY(var(--tw-scale-y))}.btn-primary{--tw-border-opacity:1;border-color:rgb(124 92 255/var(--tw-border-opacity,1));--tw-bg-opacity:1;background-color:rgb(124 92 255/var(--tw-bg-opacity,1));--tw-text-opacity:1;color:rgb(255 255 255/var(--tw-text-opacity,1))}.btn-primary:hover{--tw-bg-opacity:1;background-color:rgb(107 76 240/var(--tw-bg-opacity,1))}.btn-alt,.btn-ghost{background-color:transparent}.btn-danger{background-color:rgba(255,92,124,.1);border-color:rgba(255,92,124,.5);--tw-text-opacity:1;color:rgb(255 92 124/var(--tw-text-opacity,1))}.btn-row{display:flex;flex-wrap:wrap;gap:.625rem;margin-top:1rem}.alert{align-items:center;border-radius:9px;border-width:1px;display:flex;font-size:.92rem;gap:1rem;justify-content:space-between;margin-bottom:1rem;padding:.75rem 1rem}.alert-success{background-color:rgba(46,204,113,.1);border-color:rgba(46,204,113,.4)}.alert-danger,.alert-success{--tw-text-opacity:1;color:rgb(230 233 239/var(--tw-text-opacity,1))}.alert-danger{background-color:rgba(255,92,124,.1);border-color:rgba(255,92,124,.4)}.alert .btn-close{background-color:transparent;border-width:0;cursor:pointer;font-size:1.125rem;line-height:1.75rem;line-height:1;--tw-text-opacity:1;color:rgb(154 164 178/var(--tw-text-opacity,1))}.alert .btn-close:hover{--tw-text-opacity:1;color:rgb(230 233 239/var(--tw-text-opacity,1))}table.table{border-collapse:collapse;border-radius:9px;font-size:.9rem;overflow:hidden;width:100%}table.table th{border-bottom-width:1px;--tw-border-opacity:1;border-color:rgb(35 43 57/var(--tw-border-opacity,1));--tw-bg-opacity:1;background-color:rgb(27 34 48/var(--tw-bg-opacity,1));font-size:.78rem;font-weight:700;letter-spacing:.025em;padding:.5rem .75rem;text-align:left;text-transform:uppercase;--tw-text-opacity:1;color:rgb(154 164 178/var(--tw-text-opacity,1))}table.table td{border-bottom-width:1px;--tw-border-opacity:1;border-color:rgb(28 35 48/var(--tw-border-opacity,1));padding:.5rem .75rem;vertical-align:top}.lead{font-size:1.1rem;--tw-text-opacity:1;color:rgb(154 164 178/var(--tw-text-opacity,1))}.form-actions{margin-top:1.25rem}.error,.invalid-feedback{color:rgb(255 92 124/var(--tw-text-opacity,1))}.error,.hint,.invalid-feedback{display:block;font-size:.8rem;margin-top:.25rem;--tw-text-opacity:1}.hint{color:rgb(154 164 178/var(--tw-text-opacity,1))}.field_with_errors{display:contents} \ No newline at end of file diff --git a/app/assets/stylesheets/application.tailwind.css b/app/assets/stylesheets/application.tailwind.css index cc3b33a..43e7241 100644 --- a/app/assets/stylesheets/application.tailwind.css +++ b/app/assets/stylesheets/application.tailwind.css @@ -60,6 +60,14 @@ @apply text-[0.92rem] text-muted hover:text-ink hover:no-underline; } +.nav-links form { + @apply m-0 inline; +} + +.nav-links form button { + @apply cursor-pointer border-0 bg-transparent p-0 text-[0.92rem] text-muted hover:text-ink; +} + .tag { @apply rounded-full border border-accent/40 bg-accent/10 px-2 py-0.5 text-xs font-semibold text-accent; } diff --git a/app/controllers/users/custom_events_controller.rb b/app/controllers/users/custom_events_controller.rb new file mode 100644 index 0000000..f3c15f1 --- /dev/null +++ b/app/controllers/users/custom_events_controller.rb @@ -0,0 +1,25 @@ +# frozen_string_literal: true + +module Users + # Sends an ad-hoc custom event to Castle for the signed-in user. Custom events + # are only meaningful once a user is authenticated, so this lives behind the + # default `authenticate_user!` before_action. + class CustomEventsController < ApplicationController + layout 'devise' + + # Records a custom event with the non-blocking log endpoint. + def create + castle.log( + type: '$custom', + name: 'Demo custom event', + status: '$succeeded', + request_token: castle_request_token, + user: { id: current_user.id, email: current_user.email } + ) + rescue Castle::Error + nil + ensure + redirect_to edit_users_profile_path, notice: t('.sent') + end + end +end diff --git a/app/controllers/users/profiles_controller.rb b/app/controllers/users/profiles_controller.rb index 2f7d0ee..50f3c8d 100644 --- a/app/controllers/users/profiles_controller.rb +++ b/app/controllers/users/profiles_controller.rb @@ -28,6 +28,7 @@ def track_profile_update castle.log( type: '$profile_update', status: status, + request_token: castle_request_token, user: { id: current_user.id, email: current_user.email } ) rescue Castle::Error diff --git a/app/controllers/users/registrations_controller.rb b/app/controllers/users/registrations_controller.rb index a55e5eb..51595cc 100644 --- a/app/controllers/users/registrations_controller.rb +++ b/app/controllers/users/registrations_controller.rb @@ -1,8 +1,65 @@ # frozen_string_literal: true module Users - # User registration Devise actions + # User registration Devise actions with integrated Castle.io risk assessment. class RegistrationsController < Devise::RegistrationsController layout 'devise' + + # Sign up with Castle risk assessment. + # @note A 'challenge' verdict is treated as 'allow' here; a real app would + # step up to MFA. 'deny' rolls the registration back. + def create + build_resource(sign_up_params) + + if resource.save + if evaluate_registration(resource) == 'deny' + resource.destroy + flash[:error] = t('.access_denied') + redirect_to new_user_registration_url + else + sign_up(resource_name, resource) + set_flash_message! :notice, :signed_up + respond_with resource, location: after_sign_up_path_for(resource) + end + else + track_failed_registration + clean_up_passwords resource + set_minimum_password_length + respond_with resource + end + end + + private + + # Sends a successful registration to the risk endpoint and returns the verdict. + # @param user [User] + # @return [String] the Castle policy action: 'allow', 'challenge' or 'deny' + def evaluate_registration(user) + castle.risk( + type: '$registration', + status: '$succeeded', + request_token: castle_request_token, + user: { id: user.id, email: user.email } + ).dig(:policy, :action) + rescue Castle::Error + # Never block a sign-up because Castle is unhappy with the request. + 'allow' + end + + # Reports an invalid registration attempt (e.g. an email already taken) to + # the filter endpoint. + def track_failed_registration + email = sign_up_params[:email] + + castle.filter( + type: '$registration', + status: '$failed', + request_token: castle_request_token, + user: { email: email }, + params: { email: email } + ) + rescue Castle::Error + nil + end end end diff --git a/app/controllers/users/sessions_controller.rb b/app/controllers/users/sessions_controller.rb index 5be6e0a..adb0858 100644 --- a/app/controllers/users/sessions_controller.rb +++ b/app/controllers/users/sessions_controller.rb @@ -31,10 +31,12 @@ def destroy # This is a failover just in case there is no user because an unauthenticated user # tried to logout user_id = current_user&.id + token = castle_request_token super castle.log( type: '$logout', status: '$succeeded', + request_token: token, user: { id: user_id } ) end diff --git a/app/views/layouts/application.html.haml b/app/views/layouts/application.html.haml index 109d6c4..8241be0 100644 --- a/app/views/layouts/application.html.haml +++ b/app/views/layouts/application.html.haml @@ -14,7 +14,7 @@ - if user_signed_in? = link_to t('.nav.edit_password'), edit_user_registration_path = link_to t('.nav.edit_profile'), edit_users_profile_path - = link_to t('.nav.sign_out'), destroy_user_session_path, method: :delete + = button_to t('.nav.sign_out'), destroy_user_session_path, method: :delete, form: { data: { castle: true } } - else = link_to t('.nav.login'), new_user_session_path = link_to t('.nav.register'), new_user_registration_path diff --git a/app/views/main/index.html.haml b/app/views/main/index.html.haml index ab995d4..f008a8e 100644 --- a/app/views/main/index.html.haml +++ b/app/views/main/index.html.haml @@ -11,6 +11,11 @@ %h2{ class: 'text-[1.2rem]' } What's demonstrated %ul.prose-list.list-disc.pl-5 + %li + %strong Sign up + — new registrations are scored with the + %code risk + endpoint ($registration); a denied verdict rolls the sign-up back. %li %strong Login — successful logins are scored with the @@ -19,7 +24,7 @@ %code filter and the verdict can allow, challenge or deny the user. %li - %strong Logout & profile updates + %strong Logout, profile updates & custom events — recorded with the non-blocking %code log endpoint. diff --git a/app/views/users/profiles/edit.html.haml b/app/views/users/profiles/edit.html.haml index 6e96bd3..6676774 100644 --- a/app/views/users/profiles/edit.html.haml +++ b/app/views/users/profiles/edit.html.haml @@ -1,11 +1,13 @@ %h2= t('.title') -= simple_form_for(current_user, url: users_profile_path, html: { method: :put }) do |f| += simple_form_for(current_user, url: users_profile_path, html: { method: :put, data: { castle: true } }) do |f| = f.error_notification .form-inputs = f.input :email, required: true, autofocus: true .form-actions = f.button :submit, t('.button'), class: 'btn btn-primary w-full' += button_to t('.custom_event'), users_custom_event_path, class: 'btn w-full mt-3', form: { data: { castle: true } } + .btn-row = link_to t('.back'), root_path, class: 'btn' diff --git a/app/views/users/registrations/new.html.haml b/app/views/users/registrations/new.html.haml index 4fc0f5e..2fe9fa7 100644 --- a/app/views/users/registrations/new.html.haml +++ b/app/views/users/registrations/new.html.haml @@ -1,6 +1,6 @@ %h2.mb-4 Sign up -= simple_form_for(resource, as: resource_name, url: registration_path(resource_name)) do |f| += simple_form_for(resource, as: resource_name, url: registration_path(resource_name), html: { data: { castle: true } }) do |f| = f.error_notification .form-inputs = f.input :email, required: true, autofocus: true diff --git a/config/locales/en/users.yml b/config/locales/en/users.yml index 4772f1c..be63912 100644 --- a/config/locales/en/users.yml +++ b/config/locales/en/users.yml @@ -14,6 +14,8 @@ en: new: button: Sign up hint: "%{min} characters minimum" + create: + access_denied: Access denied. Please contact the administrator. edit: title: Editing account confirmation_pending: 'Currently waiting confirmation for: %#{email}' @@ -26,7 +28,11 @@ en: edit: title: Profile editing button: Update profile + custom_event: Send a custom event back: Back + custom_events: + create: + sent: Custom event sent to Castle. shared: links: log_in: Log in diff --git a/config/routes.rb b/config/routes.rb index d71481e..35719ec 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -16,6 +16,7 @@ namespace :users do resource :profile, only: %i[edit update] + resource :custom_event, only: %i[create] end namespace :integrations do diff --git a/spec/controllers/users/custom_events_controller_spec.rb b/spec/controllers/users/custom_events_controller_spec.rb new file mode 100644 index 0000000..8d8975f --- /dev/null +++ b/spec/controllers/users/custom_events_controller_spec.rb @@ -0,0 +1,45 @@ +# frozen_string_literal: true + +RSpec.describe Users::CustomEventsController do + describe 'POST #create' do + context 'when unauthenticated' do + before { post :create } + + it { expect(response).to redirect_to new_user_session_path } + end + + context 'when authenticated' do + with_user + + before do + allow(controller.castle).to receive(:log) + post :create + end + + it { expect(response).to redirect_to edit_users_profile_path } + + it 'logs a custom event for the current user' do + expect(controller.castle).to have_received(:log).with( + type: '$custom', + name: 'Demo custom event', + status: '$succeeded', + request_token: nil, + user: { id: user.id, email: user.email } + ) + end + end + + context 'when Castle raises' do + with_user + + before do + allow(controller.castle).to receive(:log).and_raise(Castle::Error) + post :create + end + + it 'still redirects without surfacing the error' do + expect(response).to redirect_to edit_users_profile_path + end + end + end +end diff --git a/spec/controllers/users/profiles_controller_spec.rb b/spec/controllers/users/profiles_controller_spec.rb index 75cf4a3..f8dbee7 100644 --- a/spec/controllers/users/profiles_controller_spec.rb +++ b/spec/controllers/users/profiles_controller_spec.rb @@ -40,6 +40,7 @@ { type: '$profile_update', status: '$failed', + request_token: nil, user: { id: controller.current_user.id, email: controller.current_user.email } } end @@ -60,6 +61,7 @@ { type: '$profile_update', status: '$succeeded', + request_token: nil, user: { id: controller.current_user.id, email: controller.current_user.email } } end diff --git a/spec/controllers/users/registrations_controller_spec.rb b/spec/controllers/users/registrations_controller_spec.rb index 90cda33..ca1776f 100644 --- a/spec/controllers/users/registrations_controller_spec.rb +++ b/spec/controllers/users/registrations_controller_spec.rb @@ -12,19 +12,73 @@ describe 'POST #create' do let(:password) { 'sup3r-s3cret' } + let(:email) { Faker::Internet.email } let(:params) do - { user: { email: Faker::Internet.email, password: password, password_confirmation: password } } + { user: { email: email, password: password, password_confirmation: password } } end - it 'creates a new user' do - expect { post :create, params: params }.to change(User, :count).by(1) + context 'when the registration is allowed' do + before { allow(controller.castle).to receive(:risk).and_return(policy: { action: 'allow' }) } + + it 'creates a new user' do + expect { post :create, params: params }.to change(User, :count).by(1) + end + + it 'signs the user in' do + post :create, params: params + + expect(controller.current_user).to be_present + expect(response).to redirect_to root_path + end + + it 'scores the registration with the risk endpoint' do + post :create, params: params + + expect(controller.castle).to have_received(:risk).with( + type: '$registration', + status: '$succeeded', + request_token: nil, + user: hash_including(email: email) + ) + end end - it 'signs the user in' do - post :create, params: params + context 'when the registration is denied' do + before { allow(controller.castle).to receive(:risk).and_return(policy: { action: 'deny' }) } + + it 'rolls the registration back' do + expect { post :create, params: params }.not_to change(User, :count) + end + + it 'redirects back to the sign-up form' do + post :create, params: params + + expect(response).to redirect_to new_user_registration_url + end + end + + context 'when Castle raises during risk assessment' do + before { allow(controller.castle).to receive(:risk).and_raise(Castle::Error) } + + it 'fails open and keeps the user' do + expect { post :create, params: params }.to change(User, :count).by(1) + expect(response).to redirect_to root_path + end + end + + context 'when the registration is invalid' do + let(:params) { { user: { email: '', password: password, password_confirmation: password } } } + + before { allow(controller.castle).to receive(:filter) } + + it 're-renders the form and reports a failed registration' do + expect { post :create, params: params }.not_to change(User, :count) - expect(controller.current_user).to be_present - expect(response).to redirect_to root_path + expect(response).to render_template(:new) + expect(controller.castle).to have_received(:filter).with( + hash_including(type: '$registration', status: '$failed') + ) + end end end end diff --git a/spec/controllers/users/sessions_controller_spec.rb b/spec/controllers/users/sessions_controller_spec.rb index 4f8d5a9..257df22 100644 --- a/spec/controllers/users/sessions_controller_spec.rb +++ b/spec/controllers/users/sessions_controller_spec.rb @@ -96,7 +96,7 @@ describe 'DELETE destroy' do with_user - let(:log_args) { { type: '$logout', status: '$succeeded', user: { id: user.id } } } + let(:log_args) { { type: '$logout', status: '$succeeded', request_token: nil, user: { id: user.id } } } before do allow(controller.castle).to receive(:log)