Configuration - AlyBadawy/Securial GitHub Wiki

⚙️ Configuration

After installing the Securial engine (see the Installation page), an initializer file is created at:

config/initializers/securial.rb

That file has information about how to configure Securial.

[!TIP] Make sure to restart your Rails server after making changes to this file.

🔧 Logging Configuration

Securial allows you to configure how logging is handled:

  • log_to_file: Set to true to enable file logging; which will log all interaction by Securial to log/securial.log
  • log_to_stdout: Set to true to enable STDOUT logging (useful for development).
  • log_file_level: Set the logging level for file logging (:debug, :info, :warn, :error, :fatal, or :unknown).
  • log_stdout_level: Set the logging level for STDOUT logging.

👤 User Roles

Securial provides role-based access controls:

  • admin_role: Defines the role that has administrative access. Setting this will create a special URL for the admins to access privileged areas. for example setting the admin_role to "superuser" will create end points in /securial/superusers/ like:
    • /securial/superusers/users
    • /securial/superusers/roles

Read more about the managing users in the Wiki › User management

🕒 Session Configuration

Control how session management is handled:

  • session_expiration_duration: Set how long a session is valid before it expires. This should be an ActiveSupport::Duration like 3.minutes. Once this duration lapses, the user will need to refresh the token or log in again.

  • session_renewal_duration: Set how long of a grace period the user has to refresh a session token after it has expired. After that grace period, the user will have to login again to obtain a new session token, and refresh token.

  • session_secret: A secret key used for signing session tokens. This should be kept safe, and it's recommended to store this is an environment variable or secret. Changing this value will invalidate all sessions.

  • session_algorithm: Choose the signing algorithm (:hs256, :hs384, :hs512).

Read more about sessions and authentication in the Wiki › Authentication

📬 Mailer Configuration

Settings related to email delivery:

  • mailer_sender: Email address used to send all Securial-generated emails (e.g., password resets).

🔐 Password Configuration

Security-related settings for password management:

  • password_reset_email_subject: Subject line for password reset emails.
  • password_min_length: Minimum length for user passwords.
  • password_max_length: Maximum allowable length for passwords.
  • password_complexity: Regex used to validate password strength.
  • password_expires_in: Duration after which a password must be changed.
  • reset_password_token_expires_in: Duration for which a password reset token remains valid.
  • reset_password_token_secret: Secret used to sign reset tokens.

Read more about passwords and authentication in the Wiki › Authentication

For advanced use cases or further customization, refer to the source code or open an issue on the GitHub repository.