action_auth 0.2.9 → 0.2.11

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 15e0dbb39c116db3c4230dfd773cb2efca4b4b489718b9bcf346be31c5622aca
-  data.tar.gz: 8bd290cce05e06f729e1eadabaef9e09801fb525bfd527f2eccf055f50f648ff
+  metadata.gz: 8c07ad9154a460104b707e5de606ed075d7598d46ec23aea95886cf38adde58b
+  data.tar.gz: be73fc563f21b20d7011beb5d8f254da78dd19cec32e17d5544dfbead62021ea
 SHA512:
-  metadata.gz: 21cc228bd5ecaeb7fcf5ff95fad43d7dce4b4655d4460dced0378dfcba168054261c743b92ae59430c6d32e8bf115156f439badde073943f9325c7254302ed5e
-  data.tar.gz: 1704cce56c19388ebb971ffbac49552a578cb09f67d8285334ebcabb4375647ce701e82a36a33f95b51f79c902e8f6c7d61356572fe753eef06a9d006af92e5f
+  metadata.gz: dd5c45af824e82690d667dca90b29e3741da5a607f5d66e9acb8b3b3cf7ab1cfdd6fdff6c5b7501e39df358e474cdc4093166a54a1f7244858df16c0b1d012c1
+  data.tar.gz: 7fc79d6d508ed1e5293bd1153b29f545ab01ba80b6ee4a5692abd1f7fac6bb5640ec284811e7bf7047aebcfe0b423f69215348c4ec105f84c25fac6c2915ff08

data/README.md

@@ -7,6 +7,21 @@ user experience akin to that offered by the well-regarded Devise gem.
 
 [![Ruby](https://github.com/kobaltz/action_auth/actions/workflows/test.yml/badge.svg)](https://github.com/kobaltz/action_auth/actions/workflows/test.yml)
 
+## Table of Contents
+1. [Introduction](#introduction)
+2. [Installation](#installation)
+3. [Features](#features)
+4. [Usage](#usage)
+   - [Routes](#routes)
+   - [Helper Methods](#helper-methods)
+   - [Restricting and Changing Routes](#restricting-and-changing-routes)
+5. [WebAuthn](#webauthn)
+6. [Within Your Application](#within-your-application)
+7. Customizing
+   - [Sign In Page](https://github.com/kobaltz/action_auth/wiki/Overriding-Sign-In-page-view)
+7. [License](#license)
+8. [Credits](#credits)
+
 ## Installation
 Add this line to your application's Gemfile:
 
@@ -33,6 +48,13 @@ In your view layout
 <% end %>
 ```
 
+If you're using something like importmaps and plain css, then you may need to add the lines below to your `app/assets/config/manifest.js` file.
+
+```javascript
+//= link action_auth/application.css
+//= link action_auth/application.js
+```
+
 See [WebAuthn](#webauthn) for additional configuration steps if you want to enable WebAuthn.
 In your `config/initializers/action_auth.rb` file, you can add the following configuration
 settings.
@@ -43,6 +65,7 @@ ActionAuth.configure do |config|
   config.webauthn_origin = "http://localhost:3000" # or "https://example.com"
   config.webauthn_rp_name = Rails.application.class.to_s.deconstantize
   config.verify_email_on_sign_in = true
+  config.default_from_email = "from@example.com"
 end
 ```
 
@@ -114,8 +137,10 @@ can create a constraint to restrict access to these routes.
       end
 
       def self.current_user(request)
-        session_token = request.cookie_jar.signed[:session_token]
-        ActionAuth::Session.find_by(id: session_token)&.action_auth_user
+         session_token = request.cookie_jar.signed[:session_token]
+         session = ActionAuth::Session.find_by(id: session_token)
+         return nil unless session.present?
+         session.action_auth_user&.becomes(User)
       end
     end
 
@@ -150,7 +175,7 @@ they can add a Passkey to their account. The Passkey could be an iCloud Keychain
 key like a Yubikey, or a mobile device. If enabled and configured, the user will be prompted to use
 their Passkey after they log in.
 
-### Configuration
+#### Configuration
 
 The migrations are already copied over to your application when you run
 `bin/rails action_auth:install:migrations`. There are only two steps that you have to take to enable
@@ -176,6 +201,7 @@ ActionAuth.configure do |config|
   config.webauthn_origin = "http://localhost:3000" # or "https://example.com"
   config.webauthn_rp_name = Rails.application.class.to_s.deconstantize
   config.verify_email_on_sign_in = true
+  config.default_from_email = "from@example.com"
 end
 ```
 
@@ -185,6 +211,74 @@ Here's a view of the experience with WebAuthn
 
 ![action_auth](https://github.com/kobaltz/action_auth/assets/635114/fa88d83c-5af5-471b-a094-ec9785ea2f87)
 
+## Within Your Application
+
+It can be cumbersome to have to reference ActionAuth::User within the application as well as in the
+relationships between models. Luckily, we can use ActiveSupport::CurrentAttributes to make this
+process easier as well as inheritance of our models.
+
+#### Setting up the User model
+
+```ruby
+# app/models/user.rb
+class User < ActionAuth::User
+  has_many :posts, dependent: :destroy
+end
+```
+
+#### Setting up the Current model
+
+We can set the user to become a User record instead of an ActionAuth::User record. This will then allow `Current.user.posts` to work.
+
+```ruby
+# app/models/current.rb
+class Current < ActiveSupport::CurrentAttributes
+  def user
+    return unless ActionAuth::Current.user
+    ActionAuth::Current.user.becomes(User)
+  end
+end
+```
+
+#### Generating an association
+
+There's one little gotcha when generating the associations. We are using `user:belongs_to` instead of
+`action_auth_user:belongs_to`. However, when the foreign key is generated, it will look for the users table
+instead of the action_auth_users table. To get around this, we'll need to modify the migration.
+
+```bash
+bin/rails g scaffold posts user:belongs_to title
+```
+
+We can update the `foreign_key` from `true` to `{ to_table: :action_auth_users }` to get around this.
+
+```ruby
+# db/migrate/XXXXXXXXXXX_create_posts.rb
+class CreatePosts < ActiveRecord::Migration[7.1]
+  def change
+    create_table :posts do |t|
+      t.belongs_to :user, null: false, foreign_key: { to_table: :action_auth_users }
+      t.string :title
+
+      t.timestamps
+    end
+  end
+end
+```
+
+And the post model doesn't need anything special to ActionAuth.
+
+```ruby
+# app/models/post.rb
+class Post < ApplicationRecord
+  belongs_to :user
+end
+```
+
+#### Using the Current model
+
+Now, you'll be able to do things like `Current.user` and `Current.user.posts` within your application. However, I recommend that you still use
+the helpers around `user_signed_in?` to verify that the `ActionAuth::Current.user` is not nil (or nil if they are signed out). This will help ensure that any thread safety issues are avoided.
 
 ## License
 The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
@@ -193,5 +287,5 @@ The gem is available as open source under the terms of the [MIT License](https:/
 ## Credits
 
 ❤️ Heavily inspired by [Drifting Ruby #300](https://www.driftingruby.com/episodes/authentication-from-scratch)
-and [Authentication Zero](https://github.com/lazaronixon/authentication-zero) and WebAuthn work from
+and [Authentication Zero](https://github.com/lazaronixon/authentication-zero) and
 [cedarcode](https://www.cedarcode.com/).

data/app/controllers/action_auth/sessions_controller.rb

@@ -2,9 +2,9 @@ module ActionAuth
   class SessionsController < ApplicationController
     before_action :set_current_request_details
     before_action :authenticate_user!, only: [:index, :destroy]
-    layout "action_auth/application-full-width", only: :index
 
     def index
+      @action_auth_wide = true
       @sessions = Current.user.action_auth_sessions.order(created_at: :desc)
     end
 

data/app/mailers/action_auth/application_mailer.rb

@@ -1,6 +1,6 @@
 module ActionAuth
   class ApplicationMailer < ActionMailer::Base
-    default from: "from@example.com"
+    default from: ActionAuth.configuration.default_from_email
     layout "mailer"
   end
 end

data/app/views/action_auth/identity/password_resets/new.html.erb

@@ -13,7 +13,9 @@
 <% end %>
 
 <div class="mb-3">
-  <%= link_to "Sign In", sign_in_path %> |
-  <%= link_to "Sign Up", sign_up_path %> |
-  <%= link_to "Verify Email", identity_email_verification_path %>
+  <%= link_to "Sign In", sign_in_path %>
+  | <%= link_to "Sign Up", sign_up_path %>
+  <% if ActionAuth.configuration.verify_email_on_sign_in %>
+    | <%= link_to "Verify Email", identity_email_verification_path %>
+  <% end %>
 </div>

data/app/views/action_auth/registrations/new.html.erb

@@ -36,6 +36,8 @@
 
 <div class="mb-3">
   <%= link_to "Sign In", sign_in_path %> |
-  <%= link_to "Reset Password", new_identity_password_reset_path %> |
-  <%= link_to "Verify Email", identity_email_verification_path %>
+  <%= link_to "Reset Password", new_identity_password_reset_path %>
+  <% if ActionAuth.configuration.verify_email_on_sign_in %>
+    | <%= link_to "Verify Email", identity_email_verification_path %>
+  <% end %>
 </div>

data/app/views/action_auth/sessions/index.html.erb

@@ -21,8 +21,8 @@
         <%= content_tag :tr, id: dom_id(session) do %>
           <td><%= session.user_agent %></td>
           <td nowrap><%= session.ip_address %></td>
-          <td nowrap><%= session.created_at %></td>
-          <td nowrap><%= button_to "Log out", session, method: :delete, class: "btn btn-primary" %></td>
+          <td><%= session.created_at %></td>
+          <td><%= button_to "Log out", session, method: :delete, class: "btn btn-primary" %></td>
         <% end %>
       <% end %>
     </tbody>

data/app/views/action_auth/sessions/new.html.erb

@@ -21,6 +21,8 @@
 
 <div class="mb-3">
   <%= link_to "Sign Up", sign_up_path %> |
-  <%= link_to "Reset Password", new_identity_password_reset_path %> |
-  <%= link_to "Verify Email", identity_email_verification_path %>
+  <%= link_to "Reset Password", new_identity_password_reset_path %>
+  <% if ActionAuth.configuration.verify_email_on_sign_in %>
+    | <%= link_to "Verify Email", identity_email_verification_path %>
+  <% end %>
 </div>

data/app/views/layouts/action_auth/application.html.erb

@@ -2,6 +2,7 @@
 <html>
 <head>
   <title>Action Auth</title>
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
   <%= csrf_meta_tags %>
   <%= csp_meta_tag %>
   <%= stylesheet_link_tag "action_auth/application", media: "all" %>
@@ -13,7 +14,7 @@
   <% end %>
 </head>
 <body class="bg-light">
-  <div class="container bg-white border pb-3">
+  <div class="<%= defined?(@action_auth_wide) ? 'container-fluid' : 'container' %> bg-white border pb-3">
     <%= yield %>
   </div>
   <div class="action-auth--text-center">

data/lib/action_auth/configuration.rb

@@ -5,12 +5,14 @@ module ActionAuth
     attr_accessor :webauthn_origin
     attr_accessor :webauthn_rp_name
     attr_accessor :verify_email_on_sign_in
+    attr_accessor :default_from_email
 
     def initialize
       @webauthn_enabled = defined?(WebAuthn)
       @webauthn_origin = "http://localhost:3000"
       @webauthn_rp_name = Rails.application.class.to_s.deconstantize
       @verify_email_on_sign_in = true
+      @default_from_email = "from@example.com"
     end
 
     def webauthn_enabled?

data/lib/action_auth/version.rb

@@ -1,3 +1,3 @@
 module ActionAuth
-  VERSION = "0.2.9"
+  VERSION = "0.2.11"
 end

data/lib/action_auth.rb

@@ -6,13 +6,12 @@ module ActionAuth
   class << self
     attr_writer :configuration
 
-    # Initialize configuration with default settings
     def configuration
       @configuration ||= Configuration.new
     end
 
     def configure
-      yield(configuration) if block_given?  # Yield only if a block is provided
+      yield(configuration) if block_given?
       configure_webauthn
     end
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: action_auth
 version: !ruby/object:Gem::Version
-  version: 0.2.9
+  version: 0.2.11
 platform: ruby
 authors:
 - Dave Kimura
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-01-14 00:00:00.000000000 Z
+date: 2024-01-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -83,7 +83,6 @@ files:
 - app/views/action_auth/user_mailer/password_reset.text.erb
 - app/views/action_auth/webauthn_credential_authentications/new.html.erb
 - app/views/action_auth/webauthn_credentials/new.html.erb
-- app/views/layouts/action_auth/application-full-width.html.erb
 - app/views/layouts/action_auth/application.html.erb
 - app/views/layouts/action_auth/mailer.html.erb
 - app/views/layouts/action_auth/mailer.text.erb
@@ -121,7 +120,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.5.3
+rubygems_version: 3.5.5
 signing_key:
 specification_version: 4
 summary: A simple Rails engine for authorization.

data/app/views/layouts/action_auth/application-full-width.html.erb

@@ -1,20 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-  <title>Action Auth</title>
-  <%= csrf_meta_tags %>
-  <%= csp_meta_tag %>
-  <%= stylesheet_link_tag "action_auth/application", media: "all" %>
-  <%= javascript_include_tag "action_auth/application", "data-turbo-track": "reload", type: "module" %>
-  <% if ActionAuth.configuration.webauthn_enabled? %>
-    <%= tag :meta, name: :webauthn_auth_url, content: action_auth.webauthn_credential_authentications_url %>
-    <%= tag :meta, name: :webauthn_cred_url, content: action_auth.webauthn_credentials_url %>
-    <%= tag :meta, name: :webauthn_redirect_url, content: action_auth.sessions_url %>
-  <% end %>
-</head>
-<body class="bg-light">
-  <div class="container-fluid bg-white border pb-3">
-    <%= yield %>
-  </div>
-</body>
-</html>