README.md in authtrail-0.1.3 vs README.md in authtrail-0.2.0
- old
+ new
@@ -30,11 +30,11 @@
- `failure_reason` - if the login failed
- `user` - the user if the login succeeded
- `context` - controller and action
- `ip` - IP address
- `user_agent` and `referrer` - from browser
-- `city`, `region`, and `country` - from IP
+- `city`, `region`, `country`, `latitude`, and `longitude` - from IP
- `created_at` - time of event
## Features
Exclude certain attempts from tracking - useful if you run acceptance tests
@@ -51,11 +51,11 @@
AuthTrail.track_method = lambda do |info|
# code
end
```
-Use a custom identity method [master]
+Use a custom identity method
```ruby
AuthTrail.identity_method = lambda do |request, opts, user|
if user
user.email
@@ -71,11 +71,11 @@
class User < ApplicationRecord
has_many :login_activities, as: :user # use :user no matter what your model name
end
```
-The `LoginActivity` model uses a [polymorphic association](http://guides.rubyonrails.org/association_basics.html#polymorphic-associations) so it can be associated with different user models.
+The `LoginActivity` model uses a [polymorphic association](https://guides.rubyonrails.org/association_basics.html#polymorphic-associations) so it can be associated with different user models.
## Geocoding
IP geocoding is performed in a background job so it doesn’t slow down web requests. You can disable it entirely with:
@@ -110,27 +110,37 @@
)
```
## Data Protection
-Protect the privacy of your users by encrypting fields that contain personal information, such as `identity` and `ip`. [attr_encrypted](https://github.com/attr-encrypted/attr_encrypted) is great for this.
+Protect the privacy of your users by encrypting fields that contain personal information, such as `identity` and `ip`. [attr_encrypted](https://github.com/attr-encrypted/attr_encrypted) is great for this. Use [blind_index](https://github.com/ankane/blind_index) so you can still query the fields.
```ruby
class LoginActivity < ApplicationRecord
- attr_encrypted :identity, ...
- attr_encrypted :ip, ...
+ attr_encrypted :identity, key: ...
+ attr_encrypted :ip, key: ...
+
+ blind_index :identity, key: ...
+ blind_index :ip, key: ...
end
```
-You should also make it clear that you collect this information in your privacy policy.
-
## Other Notes
We recommend using this in addition to Devise’s `Lockable` module and [Rack::Attack](https://github.com/kickstarter/rack-attack).
-Check out [Hardening Devise](https://github.com/ankane/shorts/blob/master/Hardening-Devise.md) and [Secure Rails](https://github.com/ankane/secure_rails) for more best practices.
+Check out [Hardening Devise](https://ankane.org/hardening-devise) and [Secure Rails](https://github.com/ankane/secure_rails) for more best practices.
-Works with Rails 4.2+
+## Upgrading
+
+### 0.2.0
+
+To store latitude and longitude, create a migration with:
+
+```ruby
+add_column :login_activities, :latitude, :float
+add_column :login_activities, :longitude, :float
+```
## History
View the [changelog](https://github.com/ankane/authtrail/blob/master/CHANGELOG.md)