-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
9d6fa7d
commit b0c9c09
Showing
1 changed file
with
15 additions
and
15 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,25 +1,25 @@ | ||
| # Changelog | ||
|
|
||
| All notable changes to "UsualSuspect" will be documented in this file. | ||
|
|
||
| The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), | ||
| and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). | ||
| All notable changes to the `UsualSuspect` gem will be documented in this file. | ||
|
|
||
| ## [Unreleased] | ||
|
|
||
| - Additional security features such as rooted device detection, VPN/proxy usage, geo velocity, etc. | ||
| - Additional security features and enhancements. | ||
|
|
||
| ## [0.1.0] - 2024-01-10 | ||
|
|
||
| ## [0.1.0] - 2024-01-08 | ||
| ### Added | ||
| - Initial release of the gem. | ||
| - UserExtension module to track and log suspicious password changes. | ||
| - Rake task for generating necessary migrations for users. | ||
| - Mocks for `save` and `encrypted_password_changed?` methods in RSpec tests. | ||
| - Basic configuration and setup instructions. | ||
| - Gemspec with a valid homepage_uri link. | ||
|
|
||
| ### Fixed | ||
| - Gemspec validation issues related to metadata 'homepage_uri'. | ||
| - **Suspicious Password Change Detection**: Automatically monitors and logs instances where a password is changed shortly after logging in, helping to identify potential account hijacking. | ||
| - **Geo-Velocity Tracking**: Implements a check for the physical feasibility of user movement between consecutive logins based on login locations and timestamps. | ||
| - **VPN and Proxy Detection**: Integrates with the IP2Location service to identify logins from VPNs and proxies, flagging potentially masked IP addresses and location spoofing. | ||
| - **Session-Specific Event Logging**: Each login session is now uniquely identified and tracked, allowing for more precise security monitoring and reducing the likelihood of false positives in security event detection. | ||
| - **Customizable Configuration**: Allows users to set their IP2Location API keys and configure other settings for tailored security measures. | ||
| - **Rails Session Integration**: Utilizes Rails session mechanism to track and associate user activities with specific login sessions. | ||
| - **Improved Documentation**: Expanded README and in-code documentation for easier setup and usage. | ||
|
|
||
| ### Changed | ||
| - Discussion and clarification on the `after_update` callback behavior, particularly related to `changed?` and `saved_change_to_attribute?` methods. | ||
|
|
||
| - **Refactored Event Logging**: Transitioned to a model where each login event is stored as a separate record for more accurate tracking. | ||
| - **Enhanced Security Checks**: Updated methods for more precise detection of suspicious activities, including the use of latitude and longitude for geo-velocity calculations. | ||
|
|