0.0
Repository is archived
No commit activity in last 3 years
No release in over 3 years
Devise extension for Castle. Secure your authentication stack with real-time monitoring, instantly notifying you and your users on potential account hijacks.
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Dependencies

Development

< 6, >= 4
>= 0

Runtime

< 4, >= 3
< 5, >= 4.0
 Project Readme

Warning

This repository is no longer maintained. Please use https://github.com/castle/castle_devise instead.


Gem Version

DeviseCastle

Adds support to Devise for protecting your user accounts with Castle. Castle monitors your login system and stops account hijacks in real-time.

Installation

Before you start, make sure that you've set up Devise in your Rails application.

  1. First add the devise_castle gem to your Gemfile:
gem 'devise_castle'
  1. Install the gem:
bundle install
  1. Take note of your API secret from your Castle dashboard and run the installation generator. This will add Castle configuration to your devise.rb initializer and add a devise_castle.en.yml to your locale files.
rails generate devise_castle:install YOUR-API-SECRET
  1. When you are done, you are ready to add DeviseCastle to any of your Devise models using the following generator. Replace MODEL by the class name you want to add DeviseCastle, like User, Admin, etc.
rails generate devise_castle MODEL
  1. That's it! Now log in to your application and watch your user appear in the Castle dashboard.

Supported events

These events are automatically tracked by the extension:

  • $login.succeeded
  • $login.failed
  • $logout.succeeded
  • $registration.succeeded
  • $registration.failed
  • $password_change.succeeded
  • $password_change.failed
  • $password_reset.requested
  • $password_reset.succeeded
  • $password_reset.failed

These events need to be tracked manually:

  • $challenge.requested
  • $challenge.succeeded
  • $challenge.failed
  • $email_change.requested
  • $email_change.succeeded
  • $email_change.failed

Configuration

Handling errors

By default, all Castle exceptions are handled silently. Uncomment these lines in config/initializers/devise.rb to create a custom error handler:

  # config.castle_error_handler = Proc.new { |exception|
  #   # Handle error from Castle
  # }

Models

By default, the id field of your user model will be used as the identifer when creating and querying Castle users. If you have multiple user models that risk generating the same identifier, you can override castle_id in your models:

class Admin < User
  def castle_id
    "admin-#{id}"
  end
end