README.md in authtrail-0.1.3 vs README.md in authtrail-0.2.0

- old
+ new

@@ -30,11 +30,11 @@ - `failure_reason` - if the login failed - `user` - the user if the login succeeded - `context` - controller and action - `ip` - IP address - `user_agent` and `referrer` - from browser -- `city`, `region`, and `country` - from IP +- `city`, `region`, `country`, `latitude`, and `longitude` - from IP - `created_at` - time of event ## Features Exclude certain attempts from tracking - useful if you run acceptance tests @@ -51,11 +51,11 @@ AuthTrail.track_method = lambda do |info| # code end ``` -Use a custom identity method [master] +Use a custom identity method ```ruby AuthTrail.identity_method = lambda do |request, opts, user| if user user.email @@ -71,11 +71,11 @@ class User < ApplicationRecord has_many :login_activities, as: :user # use :user no matter what your model name end ``` -The `LoginActivity` model uses a [polymorphic association](http://guides.rubyonrails.org/association_basics.html#polymorphic-associations) so it can be associated with different user models. +The `LoginActivity` model uses a [polymorphic association](https://guides.rubyonrails.org/association_basics.html#polymorphic-associations) so it can be associated with different user models. ## Geocoding IP geocoding is performed in a background job so it doesn’t slow down web requests. You can disable it entirely with: @@ -110,27 +110,37 @@ ) ``` ## Data Protection -Protect the privacy of your users by encrypting fields that contain personal information, such as `identity` and `ip`. [attr_encrypted](https://github.com/attr-encrypted/attr_encrypted) is great for this. +Protect the privacy of your users by encrypting fields that contain personal information, such as `identity` and `ip`. [attr_encrypted](https://github.com/attr-encrypted/attr_encrypted) is great for this. Use [blind_index](https://github.com/ankane/blind_index) so you can still query the fields. ```ruby class LoginActivity < ApplicationRecord - attr_encrypted :identity, ... - attr_encrypted :ip, ... + attr_encrypted :identity, key: ... + attr_encrypted :ip, key: ... + + blind_index :identity, key: ... + blind_index :ip, key: ... end ``` -You should also make it clear that you collect this information in your privacy policy. - ## Other Notes We recommend using this in addition to Devise’s `Lockable` module and [Rack::Attack](https://github.com/kickstarter/rack-attack). -Check out [Hardening Devise](https://github.com/ankane/shorts/blob/master/Hardening-Devise.md) and [Secure Rails](https://github.com/ankane/secure_rails) for more best practices. +Check out [Hardening Devise](https://ankane.org/hardening-devise) and [Secure Rails](https://github.com/ankane/secure_rails) for more best practices. -Works with Rails 4.2+ +## Upgrading + +### 0.2.0 + +To store latitude and longitude, create a migration with: + +```ruby +add_column :login_activities, :latitude, :float +add_column :login_activities, :longitude, :float +``` ## History View the [changelog](https://github.com/ankane/authtrail/blob/master/CHANGELOG.md)