action_auth 0.1.4 → 0.1.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 833b67b5320991ffda2c7a9bf6bc7e7b0c38d2cd725ffec5060db45bd64ab247
-  data.tar.gz: f9f2e1c7dc63d26595d2188c9b7c7ccdcbdd93d0debd90c96450dd8c3246e7a6
+  metadata.gz: 3241fccee9fc330469fa84edd693d48755d96c2d74396c16c101860ffe4cfbc9
+  data.tar.gz: 48a479437297feaff6eb40135dd9ae963821950b084a2f19cb877c752ca42261
 SHA512:
-  metadata.gz: a141534bd16cdc1d343f36903fb6b08585740dee6f00a6525ada9fa7cba3abb67e88e3073025de74bd57125ec41b138ef44ee643ef0ce1a223ef0553b641e55f
-  data.tar.gz: eabbec0f09c5a2bcac0a4deaa858ce74917f5e03c059229ea4e22cc0b682c8c44e641a0c6f7dd8d732bb65002e8b7d658045008c8cee73fe940e8dabbb91685e
+  metadata.gz: f9fa30b51192ab5291349f95d0b49237a09cbd41c85dcea3e7920ae6cad3f889a95661356bce4de4b2bb89be8789e5c9023498aad166580aa7027af4562991b1
+  data.tar.gz: c5be4a6316acd4923803bbecd77e0252b438c8ff844983db495f5abf969a26576d280f5c0cd9d0844736620ec0e1cd67c4ed310180ac2bbc1197efb6811d64a2

data/README.md

@@ -1,9 +1,11 @@
 # ActionAuth
-ActionAuth is a Rails engine that provides a simple authentication system for your Rails application.
-It uses the latest methods for authentication and handling reset tokens from Rails 7.1.0.
-It is designed to be simple and easy to use and allows you to focus on building your application.
-The functionality of this gem relies on ActiveSupport::CurrentAttributes the methods are
-designed to have a similar experience as Devise.
+ActionAuth is an authentication Rails engine crafted to integrate seamlessly
+with your Rails application. Optimized for Rails 7.1.0, it employs the most modern authentication
+techniques and streamlined token reset processes. Its simplicity and ease of use let you concentrate
+on developing your application, while its reliance on ActiveSupport::CurrentAttributes ensures a
+user experience akin to that offered by the well-regarded Devise gem.
+
+[![Ruby](https://github.com/kobaltz/action_auth/actions/workflows/test.yml/badge.svg)](https://github.com/kobaltz/action_auth/actions/workflows/test.yml)
 
 ## Installation
 Add this line to your application's Gemfile:
@@ -31,26 +33,106 @@ In your view layout
 <% end %>
 ```
 
+## Features
+
+These are the planned features for ActionAuth. The ones that are checked off are currently implemented. The ones that are not checked off are planned for future releases.
+
+✅ - Sign Up, Sign In, Sign Out
+
+✅ - Password reset
+
+✅ - Account Email Verification
+
+✅ - Cookie-based sessions
+
+⏳ - Multifactor Authentication
+
+⏳ - Passkeys/Hardware Security Keys
+
+⏳ - Magic Links
+
+⏳ - OAuth with Google, Facebook, Github, Twitter, etc.
+
+⏳ - Account Deletion
+
+⏳ - Account Lockout
+
+⏳ - Account Suspension
+
+⏳ - Account Impersonation
+
+
+
 ## Usage
 
 ### Routes
 
 Within your application, you'll have access to these routes. They have been styled to be consistent with Devise.
 
-    Method	                    Verb	  Params	Description
-    user_sessions_path	        GET		            Device session management
-    user_session_path	        DELETE	  [:id]     Log Out
-    new_user_session_path	    GET		            Log in
-    new_user_registration_path	GET		            Sign Up
-    edit_password_path          GET		            Change Password
-    password_path               PATCH               Update Password
+    Method				Verb		Params	Description
+    user_sessions_path		GET			Device session management
+    user_session_path		DELETE		[:id]	Log Out
+    new_user_session_path		GET			Log in
+    new_user_registration_path	GET			Sign Up
+    edit_password_path		GET			Change Password
+    password_path			PATCH			Update Password
 
 ### Helper Methods
 
-    Method	                    Description
-    current_user	            Returns the currently logged in user
-    user_signed_in?	            Returns true if the user is logged in
-    current_session	            Returns the current session
+    Method			Description
+    current_user		Returns the currently logged in user
+    user_signed_in?		Returns true if the user is logged in
+    current_session		Returns the current session
+
+### Restricting and Changing Routes with Constraints
+
+Sometimes, there could be some routes that you would want to prevent access to unless the
+user is an admin. These routes could be for managing users, or other sensitive data. You
+can create a constraint to restrict access to these routes.
+
+    # app/constraints/admin_constraint.rb
+
+    class AdminConstraint
+      def self.matches?(request)
+        user = current_user(request)
+        user && user.admin?
+      end
+
+      def self.current_user(request)
+        session_token = request.cookie_jar.signed[:session_token]
+        ActionAuth::Session.find_by(id: session_token)&.action_auth_user
+      end
+    end
+
+    # config/routes.rb
+
+    constraints AdminConstraint do
+      mount GoodJob::Engine => 'good_job'
+    end
+
+Other times, you may want to have a different kind of view for a user that is logged in
+versus a user that is not logged in.
+
+    # app/constraints/authenticated_constraint.rb
+    class AuthenticatedConstraint
+      def self.matches?(request)
+        session_token = request.cookie_jar.signed[:session_token]
+        ActionAuth::Session.exists?(session_token)
+      end
+    end
+
+    # config/routes.rb
+    constraints AuthenticatedConstraint do
+      root to: 'dashboard#index'
+    end
+    root to: 'welcome#index'
+
 
 ## License
 The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
+
+
+## Credits
+
+Heavily inspired by [Drifting Ruby #300](https://www.driftingruby.com/episodes/authentication-from-scratch)
+and [Authentication Zero](https://github.com/lazaronixon/authentication-zero).

data/app/assets/stylesheets/action_auth/application.css

@@ -29,6 +29,21 @@ body {
   background-color: rgb(255, 255, 255) !important;
 }
 
+.container-fluid {
+  -webkit-text-size-adjust: 100%;
+  -webkit-tap-highlight-color: rgba(0, 0, 0, 0);
+  box-sizing: border-box;
+  width: 100%;
+  padding-right: 12px;
+  padding-left: 12px;
+  margin-right: auto;
+  margin-left: auto;
+  max-width: 1140px;
+  border: solid 1px rgb(222, 226, 230) !important;
+  padding-bottom: 1rem !important;
+  background-color: rgb(255, 255, 255) !important;
+}
+
 input[type="text"],
 input[type="email"],
 input[type="password"] {
@@ -99,3 +114,43 @@ input[type="password"] {
   background-color: #007bff;
   border-color: #007bff;
 }
+
+.action-auth--table {
+  width: 100%;
+  border-collapse: separate;
+  border-spacing: 0;
+  box-shadow: 0 4px 8px rgba(0, 0, 0, 0.1);
+  font-family: 'Arial', sans-serif;
+  overflow: hidden;
+  margin: 20px 0;
+}
+
+.action-auth--table thead {
+  background-color: #007BFF;
+  color: #ffffff;
+}
+
+.action-auth--table th,
+.action-auth--table td {
+  padding: 12px 15px;
+  text-align: left;
+  border-bottom: 1px solid #dddddd;
+}
+
+.action-auth--table tr:last-child {
+  border-bottom: none;
+}
+
+.action-auth--table th {
+  position: sticky;
+  top: 0;
+  z-index: 10;
+}
+
+.action-auth--table tbody tr:hover {
+  background-color: #f1f1f1;
+}
+
+.action-auth--table td {
+  transition: background-color 0.3s;
+}

data/app/controllers/action_auth/identity/email_verifications_controller.rb

@@ -9,7 +9,8 @@ module ActionAuth
       end
 
       def create
-        send_email_verification
+        user = ActionAuth::User.find_by(email: params[:email])
+        UserMailer.with(user: user).email_verification.deliver_later if user
         redirect_to main_app.root_path, notice: "We sent a verification email to your email address"
       end
 
@@ -21,10 +22,6 @@ module ActionAuth
         redirect_to edit_identity_email_path, alert: "That email verification link is invalid"
       end
 
-      def send_email_verification
-        return unless Current.user
-        UserMailer.with(user: Current.user).email_verification.deliver_later
-      end
     end
   end
 end

data/app/controllers/action_auth/sessions_controller.rb

@@ -1,7 +1,7 @@
 module ActionAuth
   class SessionsController < ApplicationController
     before_action :set_current_request_details
-
+    layout "action_auth/application-full-width", only: :index
     def index
       @sessions = Current.user.action_auth_sessions.order(created_at: :desc)
     end

data/app/models/action_auth/user.rb

@@ -10,7 +10,6 @@ module ActionAuth
       password_salt.last(10)
     end
 
-
     has_many :action_auth_sessions, dependent: :destroy, class_name: "ActionAuth::Session", foreign_key: "action_auth_user_id"
 
     validates :email, presence: true, uniqueness: true, format: { with: URI::MailTo::EMAIL_REGEXP }
@@ -18,7 +17,6 @@ module ActionAuth
 
     normalizes :email, with: -> email { email.strip.downcase }
 
-
     before_validation if: :email_changed?, on: :update do
       self.verified = false
     end

data/app/views/action_auth/identity/emails/edit.html.erb

@@ -3,16 +3,20 @@
   <% header_text = "Change Your Email" %>
   <% label_text = "New email" %>
   <% button_text = "Save changes" %>
+  <% form_url = identity_email_path %>
+  <% form_method = :patch %>
 <% else %>
   <% header_text = "Verify Your Email" %>
   <% label_text = "Email" %>
   <% button_text = "Send verification email" %>
+  <% form_url = identity_email_verification_path %>
+  <% form_method = :post %>
 <% end %>
 <h1><%= header_text %></h1>
 
 <p style="color: red"><%= alert %></p>
 
-<%= form_with(url: identity_email_path, method: :patch) do |form| %>
+<%= form_with(url: form_url, method: form_method) do |form| %>
   <% if @user&.errors&.any? %>
     <div style="color: red">
       <h2><%= pluralize(@user.errors.count, "error") %> prohibited this user from being saved:</h2>

data/app/views/action_auth/sessions/index.html.erb

@@ -3,27 +3,25 @@
 <h1>Devices & Sessions</h1>
 
 <div id="sessions">
-  <% @sessions.each do |session| %>
-    <div id="<%= dom_id session %>">
-      <p>
-        <strong>User Agent:</strong>
-        <%= session.user_agent %>
-      </p>
-
-      <p>
-        <strong>Ip Address:</strong>
-        <%= session.ip_address %>
-      </p>
-
-      <p>
-        <strong>Created at:</strong>
-        <%= session.created_at %>
-      </p>
-
-    </div>
-    <p>
-      <%= button_to "Log out", session, method: :delete %>
-    </p>
-  <% end %>
+  <table class="action-auth--table">
+    <thead>
+      <tr>
+        <th>User Agent</th>
+        <th nowrap>Ip Address</th>
+        <th nowrap>Created at</th>
+        <th nowrap></th>
+      </tr>
+    </thead>
+    <tbody>
+      <% @sessions.each do |session| %>
+        <%= content_tag :tr, id: dom_id(session) do %>
+          <td><%= session.user_agent %></td>
+          <td nowrap><%= session.ip_address %></td>
+          <td nowrap><%= session.created_at %></td>
+          <td nowrap><%= button_to "Log out", session, method: :delete, class: "btn btn-primary" %></td>
+        <% end %>
+      <% end %>
+    </tbody>
+  </table>
 </div>
 

data/app/views/action_auth/user_mailer/email_verification.html.erb

@@ -4,7 +4,7 @@
 
 <p><strong>You must hit the link below to confirm that you received this email.</strong></p>
 
-<p><%# link_to "Yes, use this email for my account", identity_email_verification_url(sid: @signed_id) %></p>
+<p><%= link_to "Yes, use this email for my account", identity_email_verification_url(sid: @signed_id) %></p>
 
 <hr>
 

data/app/views/layouts/action_auth/application-full-width.html.erb

@@ -0,0 +1,14 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>Action Auth</title>
+  <%= csrf_meta_tags %>
+  <%= csp_meta_tag %>
+  <%= stylesheet_link_tag "action_auth/application", media: "all" %>
+</head>
+<body class="bg-light">
+  <div class="container-fluid bg-white border pb-3">
+    <%= yield %>
+  </div>
+</body>
+</html>

data/app/views/layouts/action_auth/application.html.erb

@@ -1,11 +1,10 @@
 <!DOCTYPE html>
 <html>
 <head>
-  <title>Action auth</title>
+  <title>Action Auth</title>
   <%= csrf_meta_tags %>
   <%= csp_meta_tag %>
-
-  <%= stylesheet_link_tag    "action_auth/application", media: "all" %>
+  <%= stylesheet_link_tag "action_auth/application", media: "all" %>
 </head>
 <body class="bg-light">
   <div class="container bg-white border pb-3">

data/lib/action_auth/version.rb

@@ -1,3 +1,3 @@
 module ActionAuth
-  VERSION = "0.1.4"
+  VERSION = "0.1.6"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: action_auth
 version: !ruby/object:Gem::Version
-  version: 0.1.4
+  version: 0.1.6
 platform: ruby
 authors:
 - Dave Kimura
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-11-09 00:00:00.000000000 Z
+date: 2023-11-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -77,6 +77,7 @@ files:
 - app/views/action_auth/user_mailer/email_verification.text.erb
 - app/views/action_auth/user_mailer/password_reset.html.erb
 - app/views/action_auth/user_mailer/password_reset.text.erb
+- app/views/layouts/action_auth/application-full-width.html.erb
 - app/views/layouts/action_auth/application.html.erb
 - app/views/layouts/action_auth/mailer.html.erb
 - app/views/layouts/action_auth/mailer.text.erb