action_auth 0.2.9 → 0.2.11

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 15e0dbb39c116db3c4230dfd773cb2efca4b4b489718b9bcf346be31c5622aca
4
- data.tar.gz: 8bd290cce05e06f729e1eadabaef9e09801fb525bfd527f2eccf055f50f648ff
3
+ metadata.gz: 8c07ad9154a460104b707e5de606ed075d7598d46ec23aea95886cf38adde58b
4
+ data.tar.gz: be73fc563f21b20d7011beb5d8f254da78dd19cec32e17d5544dfbead62021ea
5
5
  SHA512:
6
- metadata.gz: 21cc228bd5ecaeb7fcf5ff95fad43d7dce4b4655d4460dced0378dfcba168054261c743b92ae59430c6d32e8bf115156f439badde073943f9325c7254302ed5e
7
- data.tar.gz: 1704cce56c19388ebb971ffbac49552a578cb09f67d8285334ebcabb4375647ce701e82a36a33f95b51f79c902e8f6c7d61356572fe753eef06a9d006af92e5f
6
+ metadata.gz: dd5c45af824e82690d667dca90b29e3741da5a607f5d66e9acb8b3b3cf7ab1cfdd6fdff6c5b7501e39df358e474cdc4093166a54a1f7244858df16c0b1d012c1
7
+ data.tar.gz: 7fc79d6d508ed1e5293bd1153b29f545ab01ba80b6ee4a5692abd1f7fac6bb5640ec284811e7bf7047aebcfe0b423f69215348c4ec105f84c25fac6c2915ff08
data/README.md CHANGED
@@ -7,6 +7,21 @@ user experience akin to that offered by the well-regarded Devise gem.
7
7
 
8
8
  [![Ruby](https://github.com/kobaltz/action_auth/actions/workflows/test.yml/badge.svg)](https://github.com/kobaltz/action_auth/actions/workflows/test.yml)
9
9
 
10
+ ## Table of Contents
11
+ 1. [Introduction](#introduction)
12
+ 2. [Installation](#installation)
13
+ 3. [Features](#features)
14
+ 4. [Usage](#usage)
15
+ - [Routes](#routes)
16
+ - [Helper Methods](#helper-methods)
17
+ - [Restricting and Changing Routes](#restricting-and-changing-routes)
18
+ 5. [WebAuthn](#webauthn)
19
+ 6. [Within Your Application](#within-your-application)
20
+ 7. Customizing
21
+ - [Sign In Page](https://github.com/kobaltz/action_auth/wiki/Overriding-Sign-In-page-view)
22
+ 7. [License](#license)
23
+ 8. [Credits](#credits)
24
+
10
25
  ## Installation
11
26
  Add this line to your application's Gemfile:
12
27
 
@@ -33,6 +48,13 @@ In your view layout
33
48
  <% end %>
34
49
  ```
35
50
 
51
+ If you're using something like importmaps and plain css, then you may need to add the lines below to your `app/assets/config/manifest.js` file.
52
+
53
+ ```javascript
54
+ //= link action_auth/application.css
55
+ //= link action_auth/application.js
56
+ ```
57
+
36
58
  See [WebAuthn](#webauthn) for additional configuration steps if you want to enable WebAuthn.
37
59
  In your `config/initializers/action_auth.rb` file, you can add the following configuration
38
60
  settings.
@@ -43,6 +65,7 @@ ActionAuth.configure do |config|
43
65
  config.webauthn_origin = "http://localhost:3000" # or "https://example.com"
44
66
  config.webauthn_rp_name = Rails.application.class.to_s.deconstantize
45
67
  config.verify_email_on_sign_in = true
68
+ config.default_from_email = "from@example.com"
46
69
  end
47
70
  ```
48
71
 
@@ -114,8 +137,10 @@ can create a constraint to restrict access to these routes.
114
137
  end
115
138
 
116
139
  def self.current_user(request)
117
- session_token = request.cookie_jar.signed[:session_token]
118
- ActionAuth::Session.find_by(id: session_token)&.action_auth_user
140
+ session_token = request.cookie_jar.signed[:session_token]
141
+ session = ActionAuth::Session.find_by(id: session_token)
142
+ return nil unless session.present?
143
+ session.action_auth_user&.becomes(User)
119
144
  end
120
145
  end
121
146
 
@@ -150,7 +175,7 @@ they can add a Passkey to their account. The Passkey could be an iCloud Keychain
150
175
  key like a Yubikey, or a mobile device. If enabled and configured, the user will be prompted to use
151
176
  their Passkey after they log in.
152
177
 
153
- ### Configuration
178
+ #### Configuration
154
179
 
155
180
  The migrations are already copied over to your application when you run
156
181
  `bin/rails action_auth:install:migrations`. There are only two steps that you have to take to enable
@@ -176,6 +201,7 @@ ActionAuth.configure do |config|
176
201
  config.webauthn_origin = "http://localhost:3000" # or "https://example.com"
177
202
  config.webauthn_rp_name = Rails.application.class.to_s.deconstantize
178
203
  config.verify_email_on_sign_in = true
204
+ config.default_from_email = "from@example.com"
179
205
  end
180
206
  ```
181
207
 
@@ -185,6 +211,74 @@ Here's a view of the experience with WebAuthn
185
211
 
186
212
  ![action_auth](https://github.com/kobaltz/action_auth/assets/635114/fa88d83c-5af5-471b-a094-ec9785ea2f87)
187
213
 
214
+ ## Within Your Application
215
+
216
+ It can be cumbersome to have to reference ActionAuth::User within the application as well as in the
217
+ relationships between models. Luckily, we can use ActiveSupport::CurrentAttributes to make this
218
+ process easier as well as inheritance of our models.
219
+
220
+ #### Setting up the User model
221
+
222
+ ```ruby
223
+ # app/models/user.rb
224
+ class User < ActionAuth::User
225
+ has_many :posts, dependent: :destroy
226
+ end
227
+ ```
228
+
229
+ #### Setting up the Current model
230
+
231
+ We can set the user to become a User record instead of an ActionAuth::User record. This will then allow `Current.user.posts` to work.
232
+
233
+ ```ruby
234
+ # app/models/current.rb
235
+ class Current < ActiveSupport::CurrentAttributes
236
+ def user
237
+ return unless ActionAuth::Current.user
238
+ ActionAuth::Current.user.becomes(User)
239
+ end
240
+ end
241
+ ```
242
+
243
+ #### Generating an association
244
+
245
+ There's one little gotcha when generating the associations. We are using `user:belongs_to` instead of
246
+ `action_auth_user:belongs_to`. However, when the foreign key is generated, it will look for the users table
247
+ instead of the action_auth_users table. To get around this, we'll need to modify the migration.
248
+
249
+ ```bash
250
+ bin/rails g scaffold posts user:belongs_to title
251
+ ```
252
+
253
+ We can update the `foreign_key` from `true` to `{ to_table: :action_auth_users }` to get around this.
254
+
255
+ ```ruby
256
+ # db/migrate/XXXXXXXXXXX_create_posts.rb
257
+ class CreatePosts < ActiveRecord::Migration[7.1]
258
+ def change
259
+ create_table :posts do |t|
260
+ t.belongs_to :user, null: false, foreign_key: { to_table: :action_auth_users }
261
+ t.string :title
262
+
263
+ t.timestamps
264
+ end
265
+ end
266
+ end
267
+ ```
268
+
269
+ And the post model doesn't need anything special to ActionAuth.
270
+
271
+ ```ruby
272
+ # app/models/post.rb
273
+ class Post < ApplicationRecord
274
+ belongs_to :user
275
+ end
276
+ ```
277
+
278
+ #### Using the Current model
279
+
280
+ Now, you'll be able to do things like `Current.user` and `Current.user.posts` within your application. However, I recommend that you still use
281
+ the helpers around `user_signed_in?` to verify that the `ActionAuth::Current.user` is not nil (or nil if they are signed out). This will help ensure that any thread safety issues are avoided.
188
282
 
189
283
  ## License
190
284
  The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
@@ -193,5 +287,5 @@ The gem is available as open source under the terms of the [MIT License](https:/
193
287
  ## Credits
194
288
 
195
289
  ❤️ Heavily inspired by [Drifting Ruby #300](https://www.driftingruby.com/episodes/authentication-from-scratch)
196
- and [Authentication Zero](https://github.com/lazaronixon/authentication-zero) and WebAuthn work from
290
+ and [Authentication Zero](https://github.com/lazaronixon/authentication-zero) and
197
291
  [cedarcode](https://www.cedarcode.com/).
@@ -2,9 +2,9 @@ module ActionAuth
2
2
  class SessionsController < ApplicationController
3
3
  before_action :set_current_request_details
4
4
  before_action :authenticate_user!, only: [:index, :destroy]
5
- layout "action_auth/application-full-width", only: :index
6
5
 
7
6
  def index
7
+ @action_auth_wide = true
8
8
  @sessions = Current.user.action_auth_sessions.order(created_at: :desc)
9
9
  end
10
10
 
@@ -1,6 +1,6 @@
1
1
  module ActionAuth
2
2
  class ApplicationMailer < ActionMailer::Base
3
- default from: "from@example.com"
3
+ default from: ActionAuth.configuration.default_from_email
4
4
  layout "mailer"
5
5
  end
6
6
  end
@@ -13,7 +13,9 @@
13
13
  <% end %>
14
14
 
15
15
  <div class="mb-3">
16
- <%= link_to "Sign In", sign_in_path %> |
17
- <%= link_to "Sign Up", sign_up_path %> |
18
- <%= link_to "Verify Email", identity_email_verification_path %>
16
+ <%= link_to "Sign In", sign_in_path %>
17
+ | <%= link_to "Sign Up", sign_up_path %>
18
+ <% if ActionAuth.configuration.verify_email_on_sign_in %>
19
+ | <%= link_to "Verify Email", identity_email_verification_path %>
20
+ <% end %>
19
21
  </div>
@@ -36,6 +36,8 @@
36
36
 
37
37
  <div class="mb-3">
38
38
  <%= link_to "Sign In", sign_in_path %> |
39
- <%= link_to "Reset Password", new_identity_password_reset_path %> |
40
- <%= link_to "Verify Email", identity_email_verification_path %>
39
+ <%= link_to "Reset Password", new_identity_password_reset_path %>
40
+ <% if ActionAuth.configuration.verify_email_on_sign_in %>
41
+ | <%= link_to "Verify Email", identity_email_verification_path %>
42
+ <% end %>
41
43
  </div>
@@ -21,8 +21,8 @@
21
21
  <%= content_tag :tr, id: dom_id(session) do %>
22
22
  <td><%= session.user_agent %></td>
23
23
  <td nowrap><%= session.ip_address %></td>
24
- <td nowrap><%= session.created_at %></td>
25
- <td nowrap><%= button_to "Log out", session, method: :delete, class: "btn btn-primary" %></td>
24
+ <td><%= session.created_at %></td>
25
+ <td><%= button_to "Log out", session, method: :delete, class: "btn btn-primary" %></td>
26
26
  <% end %>
27
27
  <% end %>
28
28
  </tbody>
@@ -21,6 +21,8 @@
21
21
 
22
22
  <div class="mb-3">
23
23
  <%= link_to "Sign Up", sign_up_path %> |
24
- <%= link_to "Reset Password", new_identity_password_reset_path %> |
25
- <%= link_to "Verify Email", identity_email_verification_path %>
24
+ <%= link_to "Reset Password", new_identity_password_reset_path %>
25
+ <% if ActionAuth.configuration.verify_email_on_sign_in %>
26
+ | <%= link_to "Verify Email", identity_email_verification_path %>
27
+ <% end %>
26
28
  </div>
@@ -2,6 +2,7 @@
2
2
  <html>
3
3
  <head>
4
4
  <title>Action Auth</title>
5
+ <meta name="viewport" content="width=device-width, initial-scale=1.0">
5
6
  <%= csrf_meta_tags %>
6
7
  <%= csp_meta_tag %>
7
8
  <%= stylesheet_link_tag "action_auth/application", media: "all" %>
@@ -13,7 +14,7 @@
13
14
  <% end %>
14
15
  </head>
15
16
  <body class="bg-light">
16
- <div class="container bg-white border pb-3">
17
+ <div class="<%= defined?(@action_auth_wide) ? 'container-fluid' : 'container' %> bg-white border pb-3">
17
18
  <%= yield %>
18
19
  </div>
19
20
  <div class="action-auth--text-center">
@@ -5,12 +5,14 @@ module ActionAuth
5
5
  attr_accessor :webauthn_origin
6
6
  attr_accessor :webauthn_rp_name
7
7
  attr_accessor :verify_email_on_sign_in
8
+ attr_accessor :default_from_email
8
9
 
9
10
  def initialize
10
11
  @webauthn_enabled = defined?(WebAuthn)
11
12
  @webauthn_origin = "http://localhost:3000"
12
13
  @webauthn_rp_name = Rails.application.class.to_s.deconstantize
13
14
  @verify_email_on_sign_in = true
15
+ @default_from_email = "from@example.com"
14
16
  end
15
17
 
16
18
  def webauthn_enabled?
@@ -1,3 +1,3 @@
1
1
  module ActionAuth
2
- VERSION = "0.2.9"
2
+ VERSION = "0.2.11"
3
3
  end
data/lib/action_auth.rb CHANGED
@@ -6,13 +6,12 @@ module ActionAuth
6
6
  class << self
7
7
  attr_writer :configuration
8
8
 
9
- # Initialize configuration with default settings
10
9
  def configuration
11
10
  @configuration ||= Configuration.new
12
11
  end
13
12
 
14
13
  def configure
15
- yield(configuration) if block_given? # Yield only if a block is provided
14
+ yield(configuration) if block_given?
16
15
  configure_webauthn
17
16
  end
18
17
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: action_auth
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.9
4
+ version: 0.2.11
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dave Kimura
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-01-14 00:00:00.000000000 Z
11
+ date: 2024-01-22 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rails
@@ -83,7 +83,6 @@ files:
83
83
  - app/views/action_auth/user_mailer/password_reset.text.erb
84
84
  - app/views/action_auth/webauthn_credential_authentications/new.html.erb
85
85
  - app/views/action_auth/webauthn_credentials/new.html.erb
86
- - app/views/layouts/action_auth/application-full-width.html.erb
87
86
  - app/views/layouts/action_auth/application.html.erb
88
87
  - app/views/layouts/action_auth/mailer.html.erb
89
88
  - app/views/layouts/action_auth/mailer.text.erb
@@ -121,7 +120,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
121
120
  - !ruby/object:Gem::Version
122
121
  version: '0'
123
122
  requirements: []
124
- rubygems_version: 3.5.3
123
+ rubygems_version: 3.5.5
125
124
  signing_key:
126
125
  specification_version: 4
127
126
  summary: A simple Rails engine for authorization.
@@ -1,20 +0,0 @@
1
- <!DOCTYPE html>
2
- <html>
3
- <head>
4
- <title>Action Auth</title>
5
- <%= csrf_meta_tags %>
6
- <%= csp_meta_tag %>
7
- <%= stylesheet_link_tag "action_auth/application", media: "all" %>
8
- <%= javascript_include_tag "action_auth/application", "data-turbo-track": "reload", type: "module" %>
9
- <% if ActionAuth.configuration.webauthn_enabled? %>
10
- <%= tag :meta, name: :webauthn_auth_url, content: action_auth.webauthn_credential_authentications_url %>
11
- <%= tag :meta, name: :webauthn_cred_url, content: action_auth.webauthn_credentials_url %>
12
- <%= tag :meta, name: :webauthn_redirect_url, content: action_auth.sessions_url %>
13
- <% end %>
14
- </head>
15
- <body class="bg-light">
16
- <div class="container-fluid bg-white border pb-3">
17
- <%= yield %>
18
- </div>
19
- </body>
20
- </html>