action_auth 1.0.0 → 1.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 24c21d0f3f0275043c101a941be6587f6ab14dcd56be5951e410a15c66d2ce59
-  data.tar.gz: 0406533a71d0411f164c20dc805e1f9e43988ffd7d979dc9ece4f8a20050bf30
+  metadata.gz: 2199e638d124811034db20d5d3cd6f0b23d56acf260d42e18f9559bf54405295
+  data.tar.gz: ab312a35ead67087ab41cfb30f54a42696521924fb1e695870e87632742497d6
 SHA512:
-  metadata.gz: 415a5088415bdc54b813b8a199486e733442b6346ec9ba30b2995bf9428983478aa86e8406adb2cf18bf7271669dad2f0de50f9658dbe0627d4b61b6423ee66f
-  data.tar.gz: 795b6cc968062e90034ddfb08ad4f251a69b7bd5a50b580d706f98fa99c71276da291ef0bce15964153593a05aef4e5f3b171d2e5e980928754d6800b2324dea
+  metadata.gz: 53f6e3b604bc0037a751269cd16975e243e84ebd1018419764c88a2b60a8309455736b2b7a2ec1e6b29cb2970e4e0020348756fed9658400f32d2d3a2f3b179a
+  data.tar.gz: 0ccad04b7a3e4ccbb50e80149b40d452364089600a2a5462ea2392ece13151f8903f65c491d8bd3dc5507ae6fac3ac6430ae18b0b0ac247acb434f898a3c3055

data/README.md

@@ -98,11 +98,13 @@ settings.
 
 ```ruby
 ActionAuth.configure do |config|
+  config.allow_user_deletion = true
+  config.default_from_email = "from@example.com"
+  config.magic_link_enabled = true
+  config.verify_email_on_sign_in = true
   config.webauthn_enabled = true
   config.webauthn_origin = "http://localhost:3000" # or "https://example.com"
   config.webauthn_rp_name = Rails.application.class.to_s.deconstantize
-  config.verify_email_on_sign_in = true
-  config.default_from_email = "from@example.com"
 end
 ```
 
@@ -124,11 +126,11 @@ These are the planned features for ActionAuth. The ones that are checked off are
 
 ✅ - Passkeys/Hardware Security Keys
 
-⏳ - Magic Links
+✅ - Magic Links
 
 ⏳ - OAuth with Google, Facebook, Github, Twitter, etc.
 
-⏳ - Account Deletion
+✅ - Account Deletion
 
 ⏳ - Account Lockout
 
@@ -212,6 +214,29 @@ they can add a Passkey to their account. The Passkey could be an iCloud Keychain
 key like a Yubikey, or a mobile device. If enabled and configured, the user will be prompted to use
 their Passkey after they log in.
 
+## Magic Links
+
+Magic Links are a way to authenticate a user without requiring a password. This is done by sending
+an email to the user with a link that will log them in. This is a great way to allow users to log in
+without having to remember a password. This is especially useful for users who may not have a password
+manager or have a hard time remembering passwords.
+
+## Account Deletion
+
+Account deletion is a feature that is enabled by default. When a user deletes their account, the account
+is marked as deleted and the user is logged out. The user will no longer be able to log in with their
+email and password. The user will need to create a new account if they wish to continue using the application.
+
+Here's an example of how you may want to add a delete account button to your application. Obviously, you
+will want to style this to fit your application and have some kind of confirmation dialog.
+
+```
+<p>
+  Unhappy with the service?
+  <%= button_to "Delete Account", action_auth.users_path, method: :delete %>
+</p>
+```
+
 #### Configuration
 
 The migrations are already copied over to your application when you run
@@ -272,7 +297,7 @@ We can set the user to become a User record instead of an ActionAuth::User recor
 class Current < ActiveSupport::CurrentAttributes
   def user
     return unless ActionAuth::Current.user
-    ActionAuth::Current.user.becomes(User)
+    ActionAuth::Current.user&.becomes(User)
   end
 end
 ```

data/app/controllers/action_auth/magics/requests_controller.rb

@@ -0,0 +1,20 @@
+module ActionAuth
+  class Magics::RequestsController < ApplicationController
+    def new
+    end
+
+    def create
+      user = User.find_or_initialize_by(email: params[:email])
+      if user.new_record?
+        password = SecureRandom.hex(32)
+        user.password = password
+        user.password_confirmation = password
+        user.save!
+      end
+
+      UserMailer.with(user: user).magic_link.deliver_later
+
+      redirect_to sign_in_path, notice: "Check your email for a magic link."
+    end
+  end
+end

data/app/controllers/action_auth/magics/sign_ins_controller.rb

@@ -0,0 +1,15 @@
+module ActionAuth
+  class Magics::SignInsController < ApplicationController
+    def show
+      user = ActionAuth::User.find_by_token_for(:magic_token, params[:token])
+      if user
+        @session = user.sessions.create
+        cookies.signed.permanent[:session_token] = { value: @session.id, httponly: true }
+        user.update(verified: true)
+        redirect_to main_app.root_path, notice: "Signed In"
+      else
+        redirect_to sign_in_path, alert: "Authentication failed, please try again."
+      end
+    end
+  end
+end

data/app/controllers/action_auth/users_controller.rb

@@ -0,0 +1,10 @@
+module ActionAuth
+  class UsersController < ApplicationController
+    before_action :authenticate_user!
+
+    def destroy
+      Current.user.destroy
+      redirect_to main_app.root_url, notice: "Your account has been deleted."
+    end
+  end
+end

data/app/mailers/action_auth/user_mailer.rb

@@ -13,5 +13,12 @@ module ActionAuth
 
       mail to: @user.email, subject: "Verify your email"
     end
+
+    def magic_link
+      @user = params[:user]
+      @signed_id = @user.generate_token_for(:magic_token)
+
+      mail to: @user.email, subject: "Sign in to your account"
+    end
   end
 end

data/app/models/action_auth/user.rb

@@ -20,6 +20,10 @@ module ActionAuth
       password_salt.last(10)
     end
 
+    generates_token_for :magic_token, expires_in: 20.minutes do
+      password_salt.last(10)
+    end
+
     validates :email, presence: true, uniqueness: true, format: { with: URI::MailTo::EMAIL_REGEXP }
     validates :password, allow_nil: true, length: { minimum: 12 }
 

data/app/views/action_auth/magics/requests/new.html.erb

@@ -0,0 +1,21 @@
+<h1>Sign up</h1>
+
+<%= form_with(url: magics_requests_path) do |form| %>
+  <div class="mb-3">
+    <%= form.label :email, style: "display: block" %>
+    <%= form.email_field :email, required: true, autofocus: true, autocomplete: "email" %>
+  </div>
+
+  <div class="mb-3">
+    <%= form.submit "Request Magic Link", class: "btn btn-primary" %>
+  </div>
+<% end %>
+
+<div class="mb-3">
+  <%= link_to "Sign In", sign_in_path %> |
+  <%= link_to "Sign Up", sign_up_path %> |
+  <%= link_to "Reset Password", new_identity_password_reset_path %>
+  <% if ActionAuth.configuration.verify_email_on_sign_in %>
+    | <%= link_to "Verify Email", identity_email_verification_path %>
+  <% end %>
+</div>

data/app/views/action_auth/registrations/new.html.erb

@@ -36,6 +36,9 @@
 
 <div class="mb-3">
   <%= link_to "Sign In", sign_in_path %> |
+  <% if ActionAuth.configuration.magic_link_enabled? %>
+    <%= link_to "Magic Link", new_magics_requests_path %> |
+  <% end %>
   <%= link_to "Reset Password", new_identity_password_reset_path %>
   <% if ActionAuth.configuration.verify_email_on_sign_in %>
     | <%= link_to "Verify Email", identity_email_verification_path %>

data/app/views/action_auth/sessions/new.html.erb

@@ -21,6 +21,9 @@
 
 <div class="mb-3">
   <%= link_to "Sign Up", sign_up_path %> |
+  <% if ActionAuth.configuration.magic_link_enabled? %>
+    <%= link_to "Magic Link", new_magics_requests_path %> |
+  <% end %>
   <%= link_to "Reset Password", new_identity_password_reset_path %>
   <% if ActionAuth.configuration.verify_email_on_sign_in %>
     | <%= link_to "Verify Email", identity_email_verification_path %>

data/app/views/action_auth/user_mailer/magic_link.html.erb

@@ -0,0 +1,3 @@
+<p>
+  Use this <%= link_to "link", magics_sign_ins_url(token: @signed_id) %> to sign in.
+</p>

data/config/routes.rb

@@ -3,13 +3,18 @@ ActionAuth::Engine.routes.draw do
   post "sign_in", to: "sessions#create"
   get  "sign_up", to: "registrations#new"
   post "sign_up", to: "registrations#create"
-  resources :sessions, only: [:index, :show, :destroy]
-  resource  :password, only: [:edit, :update]
+
   namespace :identity do
     resource :email,              only: [:edit, :update]
     resource :email_verification, only: [:show, :create]
     resource :password_reset,     only: [:new, :edit, :create, :update]
   end
+  resource  :password, only: [:edit, :update]
+  resources :sessions, only: [:index, :show, :destroy]
+
+  if ActionAuth.configuration.allow_user_deletion?
+    resource  :users, only: [:destroy]
+  end
 
   if ActionAuth.configuration.webauthn_enabled?
     resources :webauthn_credentials, only: [:new, :create, :destroy] do
@@ -18,4 +23,11 @@ ActionAuth::Engine.routes.draw do
 
     resource :webauthn_credential_authentications, only: [:new, :create]
   end
+
+  if ActionAuth.configuration.magic_link_enabled?
+    namespace :magics do
+      resource :sign_ins, only: [:show]
+      resource :requests, only: [:new, :create]
+    end
+  end
 end

data/lib/action_auth/configuration.rb

@@ -1,18 +1,31 @@
 module ActionAuth
   class Configuration
 
+    attr_accessor :allow_user_deletion
+    attr_accessor :default_from_email
+    attr_accessor :magic_link_enabled
+    attr_accessor :verify_email_on_sign_in
     attr_accessor :webauthn_enabled
     attr_accessor :webauthn_origin
     attr_accessor :webauthn_rp_name
-    attr_accessor :verify_email_on_sign_in
-    attr_accessor :default_from_email
+
 
     def initialize
+      @allow_user_deletion = true
+      @default_from_email = "from@example.com"
+      @magic_link_enabled = true
+      @verify_email_on_sign_in = true
       @webauthn_enabled = defined?(WebAuthn)
       @webauthn_origin = "http://localhost:3000"
       @webauthn_rp_name = Rails.application.class.to_s.deconstantize
-      @verify_email_on_sign_in = true
-      @default_from_email = "from@example.com"
+    end
+
+    def allow_user_deletion?
+      @allow_user_deletion.respond_to?(:call) ? @allow_user_deletion.call : @allow_user_deletion
+    end
+
+    def magic_link_enabled?
+      @magic_link_enabled.respond_to?(:call) ? @magic_link_enabled.call : @magic_link_enabled
     end
 
     def webauthn_enabled?

data/lib/action_auth/version.rb

@@ -1,3 +1,3 @@
 module ActionAuth
-  VERSION = "1.0.0"
+  VERSION = "1.2.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: action_auth
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 1.2.0
 platform: ruby
 authors:
 - Dave Kimura
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-08-06 00:00:00.000000000 Z
+date: 2024-08-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -56,9 +56,12 @@ files:
 - app/controllers/action_auth/identity/email_verifications_controller.rb
 - app/controllers/action_auth/identity/emails_controller.rb
 - app/controllers/action_auth/identity/password_resets_controller.rb
+- app/controllers/action_auth/magics/requests_controller.rb
+- app/controllers/action_auth/magics/sign_ins_controller.rb
 - app/controllers/action_auth/passwords_controller.rb
 - app/controllers/action_auth/registrations_controller.rb
 - app/controllers/action_auth/sessions_controller.rb
+- app/controllers/action_auth/users_controller.rb
 - app/controllers/action_auth/webauthn_credential_authentications_controller.rb
 - app/controllers/action_auth/webauthn_credentials_controller.rb
 - app/helpers/action_auth/application_helper.rb
@@ -73,12 +76,14 @@ files:
 - app/views/action_auth/identity/emails/edit.html.erb
 - app/views/action_auth/identity/password_resets/edit.html.erb
 - app/views/action_auth/identity/password_resets/new.html.erb
+- app/views/action_auth/magics/requests/new.html.erb
 - app/views/action_auth/passwords/edit.html.erb
 - app/views/action_auth/registrations/new.html.erb
 - app/views/action_auth/sessions/index.html.erb
 - app/views/action_auth/sessions/new.html.erb
 - app/views/action_auth/user_mailer/email_verification.html.erb
 - app/views/action_auth/user_mailer/email_verification.text.erb
+- app/views/action_auth/user_mailer/magic_link.html.erb
 - app/views/action_auth/user_mailer/password_reset.html.erb
 - app/views/action_auth/user_mailer/password_reset.text.erb
 - app/views/action_auth/webauthn_credential_authentications/new.html.erb