action_auth 0.2.15 → 1.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 0e857cd3b20f2efab695368d0b8b127a63cfe1639ef44dc4d346399c8aa446f7
-  data.tar.gz: 791837aee1c820e999896082cbdec807b65a0df7db1d29de02b31774682c5448
+  metadata.gz: 24c21d0f3f0275043c101a941be6587f6ab14dcd56be5951e410a15c66d2ce59
+  data.tar.gz: 0406533a71d0411f164c20dc805e1f9e43988ffd7d979dc9ece4f8a20050bf30
 SHA512:
-  metadata.gz: f881d2e71ec6d1f2f1a5ccc764a9eecb333671163cba5ae8958e4a0b36c408f9670d05e818ce4ff1ab244583f2738f4376f9e8e987cc418748c8fce3217ee4ce
-  data.tar.gz: 30773441bd4c9184638cedba7ee4bb8a635f72a761bf6cc6abee5da65c26a4bdbe3cbd4aa72d7774a514276db539818e1b9f89b860c5a790b6a6785a898297d0
+  metadata.gz: 415a5088415bdc54b813b8a199486e733442b6346ec9ba30b2995bf9428983478aa86e8406adb2cf18bf7271669dad2f0de50f9658dbe0627d4b61b6423ee66f
+  data.tar.gz: 795b6cc968062e90034ddfb08ad4f251a69b7bd5a50b580d706f98fa99c71276da291ef0bce15964153593a05aef4e5f3b171d2e5e980928754d6800b2324dea

data/README.md

@@ -22,6 +22,43 @@ user experience akin to that offered by the well-regarded Devise gem.
 7. [License](#license)
 8. [Credits](#credits)
 
+## Breaking Changes
+
+With the release of v1.0.0, there are some breaking changes that have been introduced. The
+biggest change is that the `ActionAuth::User` model now uses the table name of `users` instead
+of `action_auth_users`. This was done to make it easier to integrate with your application
+without having to worry about the table name. If you have an existing application that is
+using ActionAuth, you will need to rename the table to `users` with a migration like
+
+```ruby
+rename_table :action_auth_users, :users
+```
+
+Coming from `v0.3.0` to `v1.0.0`, you will need to create a migration to rename the table and foreign keys.
+
+```ruby
+class UpgradeActionAuth < ActiveRecord::Migration[7.1]
+  def change
+    rename_table :action_auth_users, :users
+
+    rename_table :action_auth_sessions, :sessions
+    rename_column :sessions, :action_auth_user_id, :user_id
+
+    rename_table :action_auth_webauthn_credentials, :webauthn_credentials
+    rename_column :webauthn_credentials, :action_auth_user_id, :user_id
+  end
+end
+```
+
+You will then need to undo the migrations where the foreign keys were added in cases where `foreign_key: true` was
+changed to `foreign_key: { to_table: 'action_auth_users' }`. You can do this for each table with a migration like:
+
+```ruby
+add_foreign_key :user_settings, :users, column: :user_id unless foreign_key_exists?(:user_settings, :users)
+add_foreign_key :profiles, :users, column: :user_id unless foreign_key_exists?(:profiles, :users)
+add_foreign_key :nfcs, :users, column: :user_id unless foreign_key_exists?(:nfcs, :users)
+```
+
 ## Installation
 Add this line to your application's Gemfile:
 
@@ -242,30 +279,12 @@ end
 
 #### Generating an association
 
-There's one little gotcha when generating the associations. We are using `user:belongs_to` instead of
-`action_auth_user:belongs_to`. However, when the foreign key is generated, it will look for the users table
-instead of the action_auth_users table. To get around this, we'll need to modify the migration.
+We are using `user:belongs_to` instead of `action_auth_user:belongs_to`.
 
 ```bash
 bin/rails g scaffold posts user:belongs_to title
 ```
 
-We can update the `foreign_key` from `true` to `{ to_table: :action_auth_users }` to get around this.
-
-```ruby
-# db/migrate/XXXXXXXXXXX_create_posts.rb
-class CreatePosts < ActiveRecord::Migration[7.1]
-  def change
-    create_table :posts do |t|
-      t.belongs_to :user, null: false, foreign_key: { to_table: :action_auth_users }
-      t.string :title
-
-      t.timestamps
-    end
-  end
-end
-```
-
 And the post model doesn't need anything special to ActionAuth.
 
 ```ruby

data/app/controllers/action_auth/identity/email_verifications_controller.rb

@@ -5,13 +5,13 @@ module ActionAuth
 
       def show
         @user.update! verified: true
-        redirect_to main_app.root_path, notice: "Thank you for verifying your email address"
+        redirect_to sign_in_path, notice: "Thank you for verifying your email address"
       end
 
       def create
         user = ActionAuth::User.find_by(email: params[:email])
         UserMailer.with(user: user).email_verification.deliver_later if user
-        redirect_to main_app.root_path, notice: "We sent a verification email to your email address"
+        redirect_to sign_in_path, notice: "We sent a verification email to your email address"
       end
 
       private

data/app/controllers/action_auth/identity/emails_controller.rb

@@ -27,9 +27,9 @@ module ActionAuth
       def redirect_to_root
         if @user.email_previously_changed?
           resend_email_verification
-          redirect_to main_app.root_path, notice: "Your email has been changed"
+          redirect_to sign_in_path, notice: "Your email has been changed. Check your email to verify your email."
         else
-          redirect_to main_app.root_path
+          redirect_to sign_in_path
         end
       end
 

data/app/controllers/action_auth/identity/password_resets_controller.rb

@@ -14,7 +14,7 @@ module ActionAuth
           send_password_reset_email
           redirect_to sign_in_path, notice: "Check your email for reset instructions"
         else
-          redirect_to new_identity_password_reset_path, alert: "You can't reset your password until you verify your email"
+          redirect_to sign_in_path, alert: "You can't reset your password until you verify your email"
         end
       end
 

data/app/controllers/action_auth/passwords_controller.rb

@@ -7,7 +7,7 @@ module ActionAuth
 
     def update
       if @user.update(user_params)
-        redirect_to main_app.root_path, notice: "Your password has been changed"
+        redirect_to sign_in_path, notice: "Your password has been changed"
       else
         render :edit, status: :unprocessable_entity
       end

data/app/controllers/action_auth/registrations_controller.rb

@@ -10,12 +10,12 @@ module ActionAuth
       if @user.save
         if ActionAuth.configuration.verify_email_on_sign_in
           send_email_verification
-          redirect_to main_app.root_path, notice: "Welcome! You have signed up successfully. Please check your email to verify your account."
+          redirect_to sign_in_path, notice: "Welcome! You have signed up successfully. Please check your email to verify your account."
         else
-          session_record = @user.action_auth_sessions.create!
+          session_record = @user.sessions.create!
           cookies.signed.permanent[:session_token] = { value: session_record.id, httponly: true }
 
-          redirect_to main_app.root_path, notice: "Welcome! You have signed up successfully"
+          redirect_to sign_in_path, notice: "Welcome! You have signed up successfully"
         end
       else
         render :new, status: :unprocessable_entity

data/app/controllers/action_auth/sessions_controller.rb

@@ -5,7 +5,7 @@ module ActionAuth
 
     def index
       @action_auth_wide = true
-      @sessions = Current.user.action_auth_sessions.order(created_at: :desc)
+      @sessions = Current.user.sessions.order(created_at: :desc)
     end
 
     def new
@@ -18,7 +18,7 @@ module ActionAuth
           redirect_to new_webauthn_credential_authentications_path
         else
           return if check_if_email_is_verified(user)
-          @session = user.action_auth_sessions.create
+          @session = user.sessions.create
           cookies.signed.permanent[:session_token] = { value: @session.id, httponly: true }
           redirect_to main_app.root_path, notice: "Signed in successfully"
         end
@@ -28,7 +28,7 @@ module ActionAuth
     end
 
     def destroy
-      session = Current.user.action_auth_sessions.find(params[:id])
+      session = Current.user.sessions.find(params[:id])
       session.destroy
       redirect_to main_app.root_path, notice: "That session has been logged out"
     end

data/app/controllers/action_auth/webauthn_credential_authentications_controller.rb

@@ -4,7 +4,7 @@ class ActionAuth::WebauthnCredentialAuthenticationsController < ApplicationContr
   layout "action_auth/application"
 
   def new
-    get_options = WebAuthn::Credential.options_for_get(allow: user.action_auth_webauthn_credentials.pluck(:external_id))
+    get_options = WebAuthn::Credential.options_for_get(allow: user.webauthn_credentials.pluck(:external_id))
     session[:current_challenge] = get_options.challenge
     @options = get_options
   end
@@ -12,7 +12,7 @@ class ActionAuth::WebauthnCredentialAuthenticationsController < ApplicationContr
   def create
     webauthn_credential = WebAuthn::Credential.from_get(params)
 
-    credential = user.action_auth_webauthn_credentials.find_by(external_id: webauthn_credential.id)
+    credential = user.webauthn_credentials.find_by(external_id: webauthn_credential.id)
 
     begin
       webauthn_credential.verify(
@@ -23,7 +23,7 @@ class ActionAuth::WebauthnCredentialAuthenticationsController < ApplicationContr
 
       credential.update!(sign_count: webauthn_credential.sign_count)
       session.delete(:webauthn_user_id)
-      session = user.action_auth_sessions.create
+      session = user.sessions.create
       cookies.signed.permanent[:session_token] = { value: session.id, httponly: true }
       render json: { status: "ok" }, status: :ok
     rescue WebAuthn::Error => e

data/app/controllers/action_auth/webauthn_credentials_controller.rb

@@ -15,7 +15,7 @@ class ActionAuth::WebauthnCredentialsController < ApplicationController
         id: current_user.webauthn_id,
         name: current_user.email
       },
-      exclude: current_user.action_auth_webauthn_credentials.pluck(:external_id)
+      exclude: current_user.webauthn_credentials.pluck(:external_id)
     )
 
     session[:current_challenge] = create_options.challenge
@@ -34,7 +34,7 @@ class ActionAuth::WebauthnCredentialsController < ApplicationController
     begin
       webauthn_credential.verify(session[:current_challenge])
 
-      credential = current_user.action_auth_webauthn_credentials.build(
+      credential = current_user.webauthn_credentials.build(
         external_id: webauthn_credential.id,
         nickname: params[:credential_nickname],
         public_key: webauthn_credential.public_key,
@@ -53,7 +53,7 @@ class ActionAuth::WebauthnCredentialsController < ApplicationController
   end
 
   def destroy
-    current_user.action_auth_webauthn_credentials.destroy(params[:id])
+    current_user.webauthn_credentials.destroy(params[:id])
 
     redirect_to sessions_path
   end

data/app/models/action_auth/current.rb

@@ -3,10 +3,6 @@ module ActionAuth
     attribute :session
     attribute :user_agent, :ip_address
 
-    delegate :action_auth_user, to: :session, allow_nil: true
-
-    def user
-      action_auth_user
-    end
+    delegate :user, to: :session, allow_nil: true
   end
 end

data/app/models/action_auth/session.rb

@@ -1,6 +1,8 @@
 module ActionAuth
   class Session < ApplicationRecord
-    belongs_to :action_auth_user, class_name: "ActionAuth::User", foreign_key: "action_auth_user_id"
+    self.table_name = "sessions"
+
+    belongs_to :user, class_name: "ActionAuth::User", foreign_key: "user_id"
 
     before_create do
       self.user_agent = Current.user_agent

data/app/models/action_auth/user.rb

@@ -1,13 +1,15 @@
 module ActionAuth
   class User < ApplicationRecord
+    self.table_name = "users"
+
     has_secure_password
 
-    has_many :action_auth_sessions, dependent: :destroy,
-      class_name: "ActionAuth::Session", foreign_key: "action_auth_user_id"
+    has_many :sessions, dependent: :destroy,
+      class_name: "ActionAuth::Session", foreign_key: "user_id"
 
     if ActionAuth.configuration.webauthn_enabled?
-      has_many :action_auth_webauthn_credentials, dependent: :destroy,
-        class_name: "ActionAuth::WebauthnCredential", foreign_key: "action_auth_user_id"
+      has_many :webauthn_credentials, dependent: :destroy,
+        class_name: "ActionAuth::WebauthnCredential", foreign_key: "user_id"
     end
 
     generates_token_for :email_verification, expires_in: 2.days do
@@ -28,12 +30,12 @@ module ActionAuth
     end
 
     after_update if: :password_digest_previously_changed? do
-      action_auth_sessions.where.not(id: Current.session).delete_all
+      sessions.where.not(id: Current.session).delete_all
     end
 
     def second_factor_enabled?
       return false unless ActionAuth.configuration.webauthn_enabled?
-      action_auth_webauthn_credentials.any?
+      webauthn_credentials.any?
     end
   end
 end

data/app/models/action_auth/webauthn_credential.rb

@@ -1,5 +1,7 @@
 module ActionAuth
   class WebauthnCredential < ApplicationRecord
+    self.table_name = "webauthn_credentials"
+
     validates :external_id, :public_key, :nickname, :sign_count, presence: true
     validates :external_id, uniqueness: true
     validates :sign_count,

data/app/views/action_auth/sessions/index.html.erb

@@ -41,7 +41,7 @@
         </tr>
       </thead>
       <tbody>
-        <% current_user.action_auth_webauthn_credentials.each do |credential| %>
+        <% current_user.webauthn_credentials.each do |credential| %>
           <%= content_tag :tr, id: dom_id(credential) do %>
             <td><%= credential.nickname %></td>
             <td nowrap><%= credential.created_at.strftime('%B %d, %Y') %></td>

data/db/migrate/20231107165548_create_action_auth_users.rb

@@ -1,12 +1,12 @@
 class CreateActionAuthUsers < ActiveRecord::Migration[7.1]
   def change
-    create_table :action_auth_users do |t|
+    create_table :users do |t|
       t.string :email
       t.string :password_digest
       t.boolean :verified
 
       t.timestamps
     end
-    add_index :action_auth_users, :email, unique: true
+    add_index :users, :email, unique: true
   end
 end

data/db/migrate/20231107170349_create_action_auth_sessions.rb

@@ -1,7 +1,7 @@
 class CreateActionAuthSessions < ActiveRecord::Migration[7.1]
   def change
-    create_table :action_auth_sessions do |t|
-      t.references :action_auth_user, null: false, foreign_key: true
+    create_table :sessions do |t|
+      t.references :user, null: false, foreign_key: true
       t.string :user_agent
       t.string :ip_address
 

data/db/migrate/20240111125859_add_webauthn_credentials.rb

@@ -1,6 +1,6 @@
 class AddWebauthnCredentials < ActiveRecord::Migration[7.1]
   def change
-    create_table :action_auth_webauthn_credentials do |t|
+    create_table :webauthn_credentials do |t|
       t.string :external_id, null: false
       t.string :public_key, null: false
       t.string :nickname, null: false
@@ -8,7 +8,7 @@ class AddWebauthnCredentials < ActiveRecord::Migration[7.1]
 
       t.index :external_id, unique: true
 
-      t.references :action_auth_user, foreign_key: true
+      t.references :user, foreign_key: true
 
       t.timestamps
     end

data/db/migrate/20240111142545_add_webauthn_id_to_users.rb

@@ -1,5 +1,5 @@
 class AddWebauthnIdToUsers < ActiveRecord::Migration[7.1]
   def change
-    add_column :action_auth_users, :webauthn_id, :string
+    add_column :users, :webauthn_id, :string
   end
 end

data/lib/action_auth/version.rb

@@ -1,3 +1,3 @@
 module ActionAuth
-  VERSION = "0.2.15"
+  VERSION = "1.0.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: action_auth
 version: !ruby/object:Gem::Version
-  version: 0.2.15
+  version: 1.0.0
 platform: ruby
 authors:
 - Dave Kimura
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-02-01 00:00:00.000000000 Z
+date: 2024-08-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -120,7 +120,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.5.5
+rubygems_version: 3.5.16
 signing_key:
 specification_version: 4
 summary: A simple Rails engine for authorization.