action_auth 0.1.0 → 0.1.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6c7b9bf432371c7d2d5dce29f8b5e8946064206ef58f6116bd0b66335dbe8061
-  data.tar.gz: 24d15513648b56084857a68f2f25b61c29a29d63a66e29b1251e8b48a2d2c04d
+  metadata.gz: 45ce58405d5a45e6c9bf204378b2d187b468285401d889fe9e8323ce9649e345
+  data.tar.gz: 1e94b9b8e23d211d93ce96f8ff1e4ea1f6b816ca0ed9de8144b72a03273a7de7
 SHA512:
-  metadata.gz: d5327306545b7798deb20118f940cd2eeff5769f6dec72a4da626264c7e255da0ad715ee87f0dd530314c1d02371a7b53f3a13e6af763256bae6db070f13b8f9
-  data.tar.gz: 22225ffdaa9e1f0115e461d4b2363f84db5484d1338f84cb49a29ecfccb5085d17fb213705a77114a3fe4ffc2ec9761073078132d6f50ae5c2458f2060e7ad31
+  metadata.gz: 889f0be20c9e05507bfa12035ce2c06254b751161191bf3e1ae99eaba39643bbbb7b995a94b74dc4ba6453350e8201ae5265f938caaf50a85a149eae975e9a30
+  data.tar.gz: caecc465fce527d29225ab23ef7cc33c6cd992496864e5a224ab426a3a81378c2290a020b83dff6053c2f159d4bf9d8c579b9033ab48db8990b4796bacd024ab

data/README.md

@@ -5,21 +5,28 @@ This is a placeholder for the ActionAuth gem.  It is not yet ready for use.
 Add this line to your application's Gemfile:
 
 ```ruby
-gem "action_auth"
+bundle add action_auth
+bin/rails action_auth:install:migrations
 ```
+## Usage
 
-And then execute:
-```bash
-$ bundle
-```
+### Routes
 
-Or install it yourself as:
-```bash
-$ gem install action_auth
-```
+Within your application, you'll have access to these routes. They have been styled to be consistent with Devise.
+
+    Method	                    Verb	  Params	Description
+    user_sessions_path	        GET		          Device session management
+    user_session_path	          DELETE	[:id]	  Log Out
+    new_user_session_path	      GET		          Log in
+    new_user_registration_path	GET		          Sign Up
+
+### Helper Methods
+
+    Method	                    Description
+    current_user	              Returns the currently logged in user
+    user_signed_in?	            Returns true if the user is logged in
+    current_session	              Returns the current session
 
-## Contributing
-Contribution directions go here.
 
 ## License
 The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/app/controllers/action_auth/passwords_controller.rb

@@ -0,0 +1,26 @@
+module ActionAuth
+  class PasswordsController < ApplicationController
+    before_action :set_user
+
+    def edit
+    end
+
+    def update
+      if @user.update(user_params)
+        redirect_to root_path, notice: "Your password has been changed"
+      else
+        render :edit, status: :unprocessable_entity
+      end
+    end
+
+    private
+
+    def set_user
+      @user = Current.user
+    end
+
+    def user_params
+      params.permit(:password, :password_confirmation, :password_challenge).with_defaults(password_challenge: "")
+    end
+  end
+end

data/app/controllers/action_auth/registrations_controller.rb

@@ -0,0 +1,30 @@
+module ActionAuth
+  class RegistrationsController < ApplicationController
+    def new
+      @user = User.new
+    end
+
+    def create
+      @user = User.new(user_params)
+
+      if @user.save!
+        session_record = @user.action_auth_sessions.create!
+        cookies.signed.permanent[:session_token] = { value: session_record.id, httponly: true }
+
+        send_email_verification
+        redirect_to main_app.root_path, notice: "Welcome! You have signed up successfully"
+      else
+        render :new, status: :unprocessable_entity
+      end
+    end
+
+    private
+      def user_params
+        params.permit(:email, :password, :password_confirmation)
+      end
+
+      def send_email_verification
+        UserMailer.with(user: @user).email_verification.deliver_later
+      end
+  end
+end

data/app/controllers/action_auth/sessions_controller.rb

@@ -0,0 +1,27 @@
+module ActionAuth
+  class SessionsController < ApplicationController
+    before_action :set_current_request_details
+    def index
+      @sessions = Current.user.action_auth_sessions.order(created_at: :desc)
+    end
+
+    def new
+    end
+
+    def create
+      if user = User.authenticate_by(email: params[:email], password: params[:password])
+        @session = user.action_auth_sessions.create
+        cookies.signed.permanent[:session_token] = { value: @session.id, httponly: true }
+        redirect_to main_app.root_path, notice: "Signed in successfully"
+      else
+        redirect_to sign_in_path(email_hint: params[:email]), alert: "That email or password is incorrect"
+      end
+    end
+
+    def destroy
+      session = Current.user.action_auth_sessions.find(params[:id])
+      session.destroy
+      redirect_to(main_app.root_path, notice: "That session has been logged out")
+    end
+  end
+end

data/app/mailers/action_auth/user_mailer.rb

@@ -0,0 +1,17 @@
+module ActionAuth
+  class UserMailer < ApplicationMailer
+    def password_reset
+      @user = params[:user]
+      @signed_id = @user.generate_token_for(:password_reset)
+
+      mail to: @user.email, subject: "Reset your password"
+    end
+
+    def email_verification
+      @user = params[:user]
+      @signed_id = @user.generate_token_for(:email_verification)
+
+      mail to: @user.email, subject: "Verify your email"
+    end
+  end
+end

data/app/models/action_auth/current.rb

@@ -0,0 +1,12 @@
+module ActionAuth
+  class Current < ActiveSupport::CurrentAttributes
+    attribute :session
+    attribute :user_agent, :ip_address
+
+    delegate :action_auth_user, to: :session, allow_nil: true
+
+    def user
+      action_auth_user
+    end
+  end
+end

data/app/models/action_auth/session.rb

@@ -0,0 +1,10 @@
+module ActionAuth
+  class Session < ApplicationRecord
+    belongs_to :action_auth_user, class_name: "ActionAuth::User", foreign_key: "action_auth_user_id"
+
+    before_create do
+      self.user_agent = Current.user_agent
+      self.ip_address = Current.ip_address
+    end
+  end
+end

data/app/models/action_auth/user.rb

@@ -0,0 +1,30 @@
+module ActionAuth
+  class User < ApplicationRecord
+    has_secure_password
+
+    generates_token_for :email_verification, expires_in: 2.days do
+      email
+    end
+
+    generates_token_for :password_reset, expires_in: 20.minutes do
+      password_salt.last(10)
+    end
+
+
+    has_many :action_auth_sessions, dependent: :destroy, class_name: "ActionAuth::Session", foreign_key: "action_auth_user_id"
+
+    validates :email, presence: true, uniqueness: true, format: { with: URI::MailTo::EMAIL_REGEXP }
+    validates :password, allow_nil: true, length: { minimum: 12 }
+
+    normalizes :email, with: -> email { email.strip.downcase }
+
+
+    before_validation if: :email_changed?, on: :update do
+      self.verified = false
+    end
+
+    after_update if: :password_digest_previously_changed? do
+      action_auth_sessions.where.not(id: Current.session).delete_all
+    end
+  end
+end

data/app/views/action_auth/passwords/edit.html.erb

@@ -0,0 +1,43 @@
+<p style="color: red"><%= alert %></p>
+
+<h1>Change your password</h1>
+
+<%= form_with(url: password_path, method: :patch) do |form| %>
+  <% if @user.errors.any? %>
+    <div style="color: red">
+      <h2><%= pluralize(@user.errors.count, "error") %> prohibited this user from being saved:</h2>
+
+      <ul>
+        <% @user.errors.each do |error| %>
+          <li><%= error.full_message %></li>
+        <% end %>
+      </ul>
+    </div>
+  <% end %>
+
+  <div>
+    <%= form.label :password_challenge, style: "display: block" %>
+    <%= form.password_field :password_challenge, required: true, autofocus: true, autocomplete: "current-password" %>
+  </div>
+
+  <div>
+    <%= form.label :password, "New password", style: "display: block" %>
+    <%= form.password_field :password, required: true, autocomplete: "new-password" %>
+    <div>12 characters minimum.</div>
+  </div>
+
+  <div>
+    <%= form.label :password_confirmation, "Confirm new password", style: "display: block" %>
+    <%= form.password_field :password_confirmation, required: true, autocomplete: "new-password" %>
+  </div>
+
+  <div>
+    <%= form.submit "Save changes" %>
+  </div>
+<% end %>
+
+<br>
+
+<div>
+  <%= link_to "Back", root_path %>
+</div>

data/app/views/action_auth/registrations/new.html.erb

@@ -0,0 +1,35 @@
+<h1>Sign up</h1>
+
+<%= form_with(url: sign_up_path) do |form| %>
+  <% if @user.errors.any? %>
+    <div style="color: red">
+      <h2><%= pluralize(@user.errors.count, "error") %> prohibited this user from being saved:</h2>
+
+      <ul>
+        <% @user.errors.each do |error| %>
+          <li><%= error.full_message %></li>
+        <% end %>
+      </ul>
+    </div>
+  <% end %>
+
+  <div>
+    <%= form.label :email, style: "display: block" %>
+    <%= form.email_field :email, value: @user.email, required: true, autofocus: true, autocomplete: "email" %>
+  </div>
+
+  <div>
+    <%= form.label :password, style: "display: block" %>
+    <%= form.password_field :password, required: true, autocomplete: "new-password" %>
+    <div>12 characters minimum.</div>
+  </div>
+
+  <div>
+    <%= form.label :password_confirmation, style: "display: block" %>
+    <%= form.password_field :password_confirmation, required: true, autocomplete: "new-password" %>
+  </div>
+
+  <div>
+    <%= form.submit "Sign up" %>
+  </div>
+<% end %>

data/app/views/action_auth/sessions/index.html.erb

@@ -0,0 +1,29 @@
+<p style="color: green"><%= notice %></p>
+
+<h1>Devices & Sessions</h1>
+
+<div id="sessions">
+  <% @sessions.each do |session| %>
+    <div id="<%= dom_id session %>">
+      <p>
+        <strong>User Agent:</strong>
+        <%= session.user_agent %>
+      </p>
+
+      <p>
+        <strong>Ip Address:</strong>
+        <%= session.ip_address %>
+      </p>
+
+      <p>
+        <strong>Created at:</strong>
+        <%= session.created_at %>
+      </p>
+
+    </div>
+    <p>
+      <%= button_to "Log out", session, method: :delete %>
+    </p>
+  <% end %>
+</div>
+

data/app/views/action_auth/sessions/new.html.erb

@@ -0,0 +1,30 @@
+<p style="color: green"><%= notice %></p>
+<p style="color: red"><%= alert %></p>
+
+<h1>Sign in</h1>
+
+<%= form_with(url: sign_in_path) do |form| %>
+  <div>
+    <%= form.label :email, style: "display: block" %>
+    <%= form.email_field :email, value: params[:email_hint], required: true, autofocus: true, autocomplete: "email" %>
+  </div>
+
+  <div>
+    <%= form.label :password, style: "display: block" %>
+    <%= form.password_field :password, required: true, autocomplete: "current-password" %>
+  </div>
+
+  <div>
+    <%= form.submit "Sign in" %>
+  </div>
+<% end %>
+
+<br>
+
+
+<br>
+
+<div>
+  <%= link_to "Sign up", sign_up_path %> |
+  <%# link_to "Forgot your password?", new_identity_password_reset_path %>
+</div>

data/app/views/action_auth/user_mailer/email_verification.html.erb

@@ -0,0 +1,11 @@
+<p>Hey there,</p>
+
+<p>This is to confirm that <%= @user.email %> is the email you want to use on your account. If you ever lose your password, that's where we'll email a reset link.</p>
+
+<p><strong>You must hit the link below to confirm that you received this email.</strong></p>
+
+<p><%# link_to "Yes, use this email for my account", identity_email_verification_url(sid: @signed_id) %></p>
+
+<hr>
+
+<p>Have questions or need help? Just reply to this email and our support team will help you sort it out.</p>

data/app/views/action_auth/user_mailer/email_verification.text.erb

@@ -0,0 +1,3 @@
+User#email_verification
+
+<%= @greeting %>, find me in app/views/action_auth/user_mailer/email_verification.text.erb

data/app/views/action_auth/user_mailer/password_reset.html.erb

@@ -0,0 +1,11 @@
+<p>Hey there,</p>
+
+<p>Can't remember your password for <strong><%= @user.email %></strong>? That's OK, it happens. Just hit the link below to set a new one.</p>
+
+<p><%# link_to "Reset my password", edit_identity_password_reset_url(sid: @signed_id) %></p>
+
+<p>If you did not request a password reset you can safely ignore this email, it expires in 20 minutes. Only someone with access to this email account can reset your password.</p>
+
+<hr>
+
+<p>Have questions or need help? Just reply to this email and our support team will help you sort it out.</p>

data/app/views/action_auth/user_mailer/password_reset.text.erb

@@ -0,0 +1,3 @@
+User#password_reset
+
+<%= @greeting %>, find me in app/views/action_auth/user_mailer/password_reset.text.erb

data/app/views/layouts/action_auth/mailer.html.erb

@@ -0,0 +1,13 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+    <style>
+      /* Email styles need to be inline */
+    </style>
+  </head>
+
+  <body>
+    <%= yield %>
+  </body>
+</html>

data/app/views/layouts/action_auth/mailer.text.erb

@@ -0,0 +1 @@
+<%= yield %>

data/config/routes.rb

@@ -1,2 +1,8 @@
 ActionAuth::Engine.routes.draw do
+  get  "sign_in", to: "sessions#new"
+  post "sign_in", to: "sessions#create"
+  get  "sign_up", to: "registrations#new"
+  post "sign_up", to: "registrations#create"
+  resources :sessions, only: [:index, :show, :destroy]
+  resource  :password, only: [:edit, :update]
 end

data/db/migrate/20231107165548_create_action_auth_users.rb

@@ -0,0 +1,12 @@
+class CreateActionAuthUsers < ActiveRecord::Migration[7.1]
+  def change
+    create_table :action_auth_users do |t|
+      t.string :email
+      t.string :password_digest
+      t.boolean :verified
+
+      t.timestamps
+    end
+    add_index :action_auth_users, :email, unique: true
+  end
+end

data/db/migrate/20231107170349_create_action_auth_sessions.rb

@@ -0,0 +1,11 @@
+class CreateActionAuthSessions < ActiveRecord::Migration[7.1]
+  def change
+    create_table :action_auth_sessions do |t|
+      t.references :action_auth_user, null: false, foreign_key: true
+      t.string :user_agent
+      t.string :ip_address
+
+      t.timestamps
+    end
+  end
+end

data/lib/action_auth/controllers/helpers.rb

@@ -0,0 +1,29 @@
+module ActionAuth
+  module Controllers
+    module Helpers
+      extend ActiveSupport::Concern
+
+      included do
+        before_action :set_current_request_details
+
+        def current_user; Current.user; end
+        helper_method :current_user
+
+        def current_session; Current.session; end
+        helper_method :current_session
+
+        def user_signed_in?; Current.user.present?; end
+        helper_method :user_signed_in?
+
+      end
+
+      private
+
+      def set_current_request_details
+        Current.session = Session.find_by(id: cookies.signed[:session_token])
+        Current.user_agent = request.user_agent
+        Current.ip_address = request.ip
+      end
+    end
+  end
+end

data/lib/action_auth/engine.rb

@@ -1,5 +1,20 @@
+require 'action_auth/controllers/helpers'
+require 'action_auth/routing/helpers'
+
 module ActionAuth
   class Engine < ::Rails::Engine
     isolate_namespace ActionAuth
+
+    ActiveSupport.on_load(:action_controller_base) do
+      include ActionAuth::Controllers::Helpers
+      include ActionAuth::Routing::Helpers
+    end
+
+    initializer 'action_auth.add_helpers' do |app|
+      ActiveSupport.on_load :action_controller_base do
+        helper_method :user_sessions_path, :user_session_path, :new_user_session_path
+        helper_method :new_user_registration_path
+      end
+    end
   end
 end

data/lib/action_auth/routing/helpers.rb

@@ -0,0 +1,21 @@
+module ActionAuth
+  module Routing
+    module Helpers
+      def user_sessions_path
+        action_auth.sessions_path
+      end
+
+      def user_session_path(session_id)
+        action_auth.session_path(session_id)
+      end
+
+      def new_user_session_path
+        action_auth.sign_in_path
+      end
+
+      def new_user_registration_path
+        action_auth.sign_up_path
+      end
+    end
+  end
+end

data/lib/action_auth/version.rb

@@ -1,3 +1,3 @@
 module ActionAuth
-  VERSION = "0.1.0"
+  VERSION = "0.1.1"
 end

data/lib/action_auth.rb

@@ -2,5 +2,6 @@ require "action_auth/version"
 require "action_auth/engine"
 
 module ActionAuth
-  # Your code goes here...
+  module Controllers
+  end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: action_auth
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.1.1
 platform: ruby
 authors:
 - Dave Kimura
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-11-07 00:00:00.000000000 Z
+date: 2023-11-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -24,6 +24,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '7.1'
+- !ruby/object:Gem::Dependency
+  name: bcrypt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.1.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.1.0
 description: Using the built in features of Rails, ActionAuth provides a simple way
   to authorize users to perform actions on your application.
 email:
@@ -38,14 +52,35 @@ files:
 - app/assets/config/action_auth_manifest.js
 - app/assets/stylesheets/action_auth/application.css
 - app/controllers/action_auth/application_controller.rb
+- app/controllers/action_auth/passwords_controller.rb
+- app/controllers/action_auth/registrations_controller.rb
+- app/controllers/action_auth/sessions_controller.rb
 - app/helpers/action_auth/application_helper.rb
 - app/jobs/action_auth/application_job.rb
 - app/mailers/action_auth/application_mailer.rb
+- app/mailers/action_auth/user_mailer.rb
 - app/models/action_auth/application_record.rb
+- app/models/action_auth/current.rb
+- app/models/action_auth/session.rb
+- app/models/action_auth/user.rb
+- app/views/action_auth/passwords/edit.html.erb
+- app/views/action_auth/registrations/new.html.erb
+- app/views/action_auth/sessions/index.html.erb
+- app/views/action_auth/sessions/new.html.erb
+- app/views/action_auth/user_mailer/email_verification.html.erb
+- app/views/action_auth/user_mailer/email_verification.text.erb
+- app/views/action_auth/user_mailer/password_reset.html.erb
+- app/views/action_auth/user_mailer/password_reset.text.erb
 - app/views/layouts/action_auth/application.html.erb
+- app/views/layouts/action_auth/mailer.html.erb
+- app/views/layouts/action_auth/mailer.text.erb
 - config/routes.rb
+- db/migrate/20231107165548_create_action_auth_users.rb
+- db/migrate/20231107170349_create_action_auth_sessions.rb
 - lib/action_auth.rb
+- lib/action_auth/controllers/helpers.rb
 - lib/action_auth/engine.rb
+- lib/action_auth/routing/helpers.rb
 - lib/action_auth/version.rb
 - lib/tasks/action_auth_tasks.rake
 homepage: https://www.github.com/kobaltz/action_auth