active_authentication 0.1.0

data/config/i18n-tasks.yml

@@ -0,0 +1,159 @@
+# i18n-tasks finds and manages missing and unused translations: https://github.com/glebm/i18n-tasks
+
+# The "main" locale.
+base_locale: en
+## All available locales are inferred from the data by default. Alternatively, specify them explicitly:
+# locales: [es, fr]
+## Reporting locale, default: en. Available: en, ru.
+# internal_locale: en
+
+# Read and write translations.
+data:
+  ## Translations are read from the file system. Supported format: YAML, JSON.
+  ## Provide a custom adapter:
+  # adapter: I18n::Tasks::Data::FileSystem
+
+  # Locale files or `Find.find` patterns where translations are read from:
+  read:
+    ## Default:
+    # - config/locales/%{locale}.yml
+    ## More files:
+    # - config/locales/**/*.%{locale}.yml
+
+  # Locale files to write new keys to, based on a list of key pattern => file rules. Matched from top to bottom:
+  # `i18n-tasks normalize -p` will force move the keys according to these rules
+  write:
+    ## For example, write devise and simple form keys to their respective files:
+    # - ['{devise, simple_form}.*', 'config/locales/\1.%{locale}.yml']
+    ## Catch-all default:
+    # - config/locales/%{locale}.yml
+
+  # External locale data (e.g. gems).
+  # This data is not considered unused and is never written to.
+  external:
+    ## Example (replace %#= with %=):
+    # - "<%#= %x[bundle info vagrant --path].chomp %>/templates/locales/%{locale}.yml"
+
+  ## Specify the router (see Readme for details). Valid values: conservative_router, pattern_router, or a custom class.
+  # router: conservative_router
+
+  yaml:
+    write:
+      # do not wrap lines at 80 characters
+      line_width: -1
+
+  ## Pretty-print JSON:
+  # json:
+  #   write:
+  #     indent: '  '
+  #     space: ' '
+  #     object_nl: "\n"
+  #     array_nl: "\n"
+
+# Find translate calls
+search:
+  ## Paths or `Find.find` patterns to search in:
+  # paths:
+  #  - app/
+
+  ## Root directories for relative keys resolution.
+  # relative_roots:
+  #   - app/controllers
+  #   - app/helpers
+  #   - app/mailers
+  #   - app/presenters
+  #   - app/views
+
+  ## Directories where method names which should not be part of a relative key resolution.
+  # By default, if a relative translation is used inside a method, the name of the method will be considered part of the resolved key.
+  # Directories listed here will not consider the name of the method part of the resolved key
+  #
+  # relative_exclude_method_name_paths:
+  #  -
+
+  ## Files or `File.fnmatch` patterns to exclude from search. Some files are always excluded regardless of this setting:
+  ##   *.jpg *.jpeg *.png *.gif *.svg *.ico *.eot *.otf *.ttf *.woff *.woff2 *.pdf *.css *.sass *.scss *.less
+  ##   *.yml *.json *.zip *.tar.gz *.swf *.flv *.mp3 *.wav *.flac *.webm *.mp4 *.ogg *.opus *.webp *.map *.xlsx
+  exclude:
+    - app/assets/images
+    - app/assets/fonts
+    - app/assets/videos
+    - app/assets/builds
+
+  ## Alternatively, the only files or `File.fnmatch patterns` to search in `paths`:
+  ## If specified, this settings takes priority over `exclude`, but `exclude` still applies.
+  # only: ["*.rb", "*.html.slim"]
+
+  ## If `strict` is `false`, guess usages such as t("categories.#{category}.title"). The default is `true`.
+  # strict: true
+
+  ## Allows adding ast_matchers for finding translations using the AST-scanners
+  ## The available matchers are:
+  ## - RailsModelMatcher
+  ##     Matches ActiveRecord translations like
+  ##     User.human_attribute_name(:email) and User.model_name.human
+  ##
+  ## To implement your own, please see `I18n::Tasks::Scanners::AstMatchers::BaseMatcher`.
+  # <%# I18n::Tasks.add_ast_matcher('I18n::Tasks::Scanners::AstMatchers::RailsModelMatcher') %>
+
+  ## Multiple scanners can be used. Their results are merged.
+  ## The options specified above are passed down to each scanner. Per-scanner options can be specified as well.
+  ## See this example of a custom scanner: https://github.com/glebm/i18n-tasks/wiki/A-custom-scanner-example
+
+## Translation Services
+# translation:
+#   # Google Translate
+#   # Get an API key and set billing info at https://code.google.com/apis/console to use Google Translate
+#   google_translate_api_key: "AbC-dEf5"
+#   # DeepL Pro Translate
+#   # Get an API key and subscription at https://www.deepl.com/pro to use DeepL Pro
+#   deepl_api_key: "48E92789-57A3-466A-9959-1A1A1A1A1A1A"
+#   # deepl_host: "https://api.deepl.com"
+#   # deepl_version: "v2"
+#   # add additional options to the DeepL.translate call: https://www.deepl.com/docs-api/translate-text/translate-text/
+#   deepl_options:
+#     formality: prefer_less
+## Do not consider these keys missing:
+# ignore_missing:
+# - 'errors.messages.{accepted,blank,invalid,too_short,too_long}'
+# - '{devise,simple_form}.*'
+
+## Consider these keys used:
+# ignore_unused:
+# - 'activerecord.attributes.*'
+# - '{devise,kaminari,will_paginate}.*'
+# - 'simple_form.{yes,no}'
+# - 'simple_form.{placeholders,hints,labels}.*'
+# - 'simple_form.{error_notification,required}.:'
+ignore_unused:
+  - activerecord.attributes.*
+  - active_authentication.failure.*
+  - active_authentication.mailer.*.subject
+
+## Exclude these keys from the `i18n-tasks eq-base' report:
+# ignore_eq_base:
+#   all:
+#     - common.ok
+#   fr,es:
+#     - common.brand
+
+## Exclude these keys from the `i18n-tasks check-consistent-interpolations` report:
+# ignore_inconsistent_interpolations:
+# - 'activerecord.attributes.*'
+
+## Ignore these keys completely:
+# ignore:
+#  - kaminari.*
+
+## Sometimes, it isn't possible for i18n-tasks to match the key correctly,
+## e.g. in case of a relative key defined in a helper method.
+## In these cases you can use the built-in PatternMapper to map patterns to keys, e.g.:
+#
+# <%# I18n::Tasks.add_scanner 'I18n::Tasks::Scanners::PatternMapper',
+#       only: %w(*.html.haml *.html.slim),
+#       patterns: [['= title\b', '.page_title']] %>
+#
+# The PatternMapper can also match key literals via a special %{key} interpolation, e.g.:
+#
+# <%# I18n::Tasks.add_scanner 'I18n::Tasks::Scanners::PatternMapper',
+#       patterns: [['\bSpree\.t[( ]\s*%{key}', 'spree.%{key}']] %>

data/config/locales/en.yml

@@ -0,0 +1,90 @@
+---
+en:
+  active_authentication:
+    confirmations:
+      create:
+        success: Email confirmation instructions will be sent to your email.
+      new:
+        email_confirmation_instructions: Send email confirmation instructions
+      set_user:
+        invalid_token: Email confirmation token is invalid.
+      show:
+        success: Your email has been successfully confirmed.
+    failure:
+      already_signed_in: You are already signed in.
+      form_errors: "%{errors} prohibited this user from being saved:"
+      locked: Your account has been locked after %{count} failed attempts. Unlock instructions will be sent to your email.
+      unauthenticated: You need to sign in or sign up before continuing.
+    mailer:
+      email_confirmation_instructions:
+        confirm_email: Confirm my account
+        confirm_email_below: 'You can confirm your account email by clicking the link below:'
+        hello: Hello, %{email}!
+        subject: Confirmation instructions
+      password_reset_instructions:
+        hello: Hello, %{email}!
+        reset_password: Reset your password
+        reset_password_below: 'You can reset your password by clicking the link below:'
+        subject: Password reset instructions
+      unlock_instructions:
+        hello: Hello, %{email}!
+        subject: Unlock instructions
+        unlock: Unlock your account
+        unlock_below: 'You can unlock your account by clicking the link below:'
+    passwords:
+      create:
+        success: Password reset instructions will be sent to your email.
+      edit:
+        set_new_password: Set new password
+      new:
+        reset_password_instructions: Send reset password instructions
+      set_user:
+        invalid_token: Password reset token is invalid.
+      update:
+        success: Your password has been successfully updated.
+    registrations:
+      create:
+        success: You have signed up successfully.
+      destroy:
+        success: Your account has been successfully cancelled.
+      edit:
+        cancel_account: Cancel account
+        confirm: Are you sure?
+        danger_zone: Danger zone
+        edit_profile: Edit profile
+        pending_confirmation: 'You need to confirm your new email address: %{unconfirmed_email}'
+        save: Save
+      new:
+        sign_up: Sign up
+      update:
+        success: Your account has been successfully updated.
+    sessions:
+      create:
+        invalid_email_or_password: Invalid email or password.
+        success: Signed in successfully.
+      destroy:
+        success: Signed out successfully.
+      new:
+        sign_in: Sign in
+    shared:
+      links:
+        reset_password: Reset password
+        send_email_confirmation_instructions: Didn't receive confirmation instructions?
+        send_unlock_instructions: Didn't receive unlock instructions?
+        sign_in: Sign in
+        sign_up: Sign up
+    unlocks:
+      create:
+        success: Unlock instructions will be sent to your email.
+      new:
+        unlock_instructions: Send unlock instructions
+      set_user:
+        invalid_token: Unlock token is invalid.
+      show:
+        success: Your account has been successfully unlocked.
+  activerecord:
+    attributes:
+      user:
+        email: Email
+        password: Password
+        password_confirmation: Password confirmation

data/config/locales/es.yml

@@ -0,0 +1,90 @@
+---
+es:
+  active_authentication:
+    confirmations:
+      create:
+        success: Te enviaremos un email con las instrucciones para confirmar tu cuenta.
+      new:
+        email_confirmation_instructions: Enviar instrucciones de confirmación
+      set_user:
+        invalid_token: El token es inválido.
+      show:
+        success: Tu cuenta fue confirmada exitosamente.
+    failure:
+      already_signed_in: Ya iniciaste sesión.
+      form_errors: "%{errors} no permitieron guardar este elemento:"
+      locked: Tu cuenta fue bloqueada después de %{count} intentos fallidos. Te enviaremos un email con las instrucciones de desbloqueo.
+      unauthenticated: Tenés que iniciar sesión antes de continuar.
+    mailer:
+      email_confirmation_instructions:
+        confirm_email: Confirmar mi cuenta
+        confirm_email_below: 'Podés confirmar tu cuenta haciendo click en el siguiente link:'
+        hello: Hola, %{email}!
+        subject: Instrucciones de confirmación
+      password_reset_instructions:
+        hello: Hola, %{email}!
+        reset_password: Recuperar contraseña
+        reset_password_below: 'Podés recuperar tu contraseña haciendo click en el siguiente link:'
+        subject: Instrucciones de recuperación de contraseña
+      unlock_instructions:
+        hello: Hola, %{email}!
+        subject: Instrucciones de desbloqueo
+        unlock: Desbloquear cuenta
+        unlock_below: 'Podés desbloquear tu contraseña haciendo click en el siguiente link:'
+    passwords:
+      create:
+        success: Te enviaremos un email con las instrucciones de para recuperar tu contraseña.
+      edit:
+        set_new_password: Cambiar contraseña
+      new:
+        reset_password_instructions: Enviar instrucciones para recuperar contraseña
+      set_user:
+        invalid_token: El token es inválido.
+      update:
+        success: Tu contraseña fue actualizada exitosamente.
+    registrations:
+      create:
+        success: Te registraste exitosamente.
+      destroy:
+        success: Tu cuenta fue cancelada exitosamente.
+      edit:
+        cancel_account: Cancelar cuenta
+        confirm: "¿Estás seguro?"
+        danger_zone: Zona de peligro
+        edit_profile: Editar perfil
+        pending_confirmation: 'Tenés que confirmar tu nuevo email: %{unconfirmed_email}'
+        save: Guardar
+      new:
+        sign_up: Crear una cuenta
+      update:
+        success: Tu cuenta fue actualizada exitosamente.
+    sessions:
+      create:
+        invalid_email_or_password: Email o contraseña inválidos.
+        success: Inicio de sesión existoso.
+      destroy:
+        success: Cierre de sesión exitoso.
+      new:
+        sign_in: Iniciar sesión
+    shared:
+      links:
+        reset_password: Recuperar contraseña
+        send_email_confirmation_instructions: "¿No recibiste las instrucciones de confirmación?"
+        send_unlock_instructions: "¿No recibiste las instrucciones de desbloqueo?"
+        sign_in: Iniciar sesión
+        sign_up: Crear una cuenta
+    unlocks:
+      create:
+        success: Te enviaremos un email con las instrucciones de desbloqueo.
+      new:
+        unlock_instructions: Enviar instrucciones de desbloqueo
+      set_user:
+        invalid_token: El token es inválido.
+      show:
+        success: Tu cuenta fue desbloqueada exitosamente.
+  activerecord:
+    attributes:
+      user:
+        email: Email
+        password: Contraseña
+        password_confirmation: Repetir contraseña

data/lib/active_authentication/controller/lockable.rb

@@ -0,0 +1,31 @@
+module ActiveAuthentication
+  module Controller
+    module Lockable
+      extend ActiveSupport::Concern
+
+      included do
+        set_callback :failed_sign_in, :before, :increment_failed_attempts
+        set_callback :failed_sign_in, :after, :set_alert
+
+        private
+
+        def increment_failed_attempts
+          user = User.find_by email: params[:email]
+          user&.increment_failed_attempts
+        end
+
+        def scope
+          User.unlocked
+        end
+
+        def set_alert
+          user = User.find_by email: params[:email]
+
+          if user.locked?
+            flash[:alert] = t "active_authentication.failure.locked", count: user.failed_attempts
+          end
+        end
+      end
+    end
+  end
+end

data/lib/active_authentication/controller/trackable.rb

@@ -0,0 +1,17 @@
+module ActiveAuthentication
+  module Controller
+    module Trackable
+      extend ActiveSupport::Concern
+
+      included do
+        set_callback :successful_sign_in, :after, :track
+
+        private
+
+        def track
+          current_user.track request
+        end
+      end
+    end
+  end
+end

data/lib/active_authentication/controller.rb

@@ -0,0 +1,48 @@
+module ActiveAuthentication
+  module Controller
+    extend ActiveSupport::Concern
+    include ActiveSupport::Callbacks
+
+    included do
+      helper_method :current_user
+      helper_method :user_signed_in?
+    end
+
+    def authenticate_user!
+      redirect_to new_session_path, alert: t("active_authentication.failure.unauthenticated") unless user_signed_in?
+    end
+
+    def current_user
+      Current.user ||= user_from_session
+    end
+
+    def require_no_authentication
+      redirect_to root_path, alert: t("active_authentication.failure.already_signed_in") if user_signed_in?
+    end
+
+    def sign_in(user)
+      reset_session
+      Current.user = user
+      session[:user_id] = user.id
+    end
+
+    def sign_out
+      reset_session
+      Current.user = nil
+    end
+
+    def user_signed_in?
+      current_user.present?
+    end
+
+    private
+
+    def scope
+      User
+    end
+
+    def user_from_session
+      User.find_by id: session[:user_id]
+    end
+  end
+end

data/lib/active_authentication/current.rb

@@ -0,0 +1,5 @@
+module ActiveAuthentication
+  class Current < ActiveSupport::CurrentAttributes
+    attribute :user
+  end
+end

data/lib/active_authentication/engine.rb

@@ -0,0 +1,16 @@
+require "active_authentication/controller"
+require "active_authentication/model"
+
+module ActiveAuthentication
+  class Engine < ::Rails::Engine
+    initializer :active_authentication_controller do
+      ActiveSupport.on_load :action_controller_base do
+        include ActiveAuthentication::Controller
+      end
+
+      ActiveSupport.on_load :active_record do
+        include ActiveAuthentication::Model
+      end
+    end
+  end
+end

data/lib/active_authentication/model/authenticatable.rb

@@ -0,0 +1,16 @@
+module ActiveAuthentication
+  module Model
+    module Authenticatable
+      extend ActiveSupport::Concern
+
+      included do
+        has_secure_password
+
+        normalizes :email, with: -> { _1.strip.downcase }
+
+        validates :email, format: {with: URI::MailTo::EMAIL_REGEXP}, presence: true, uniqueness: true
+        validates :password, length: {minimum: ActiveAuthentication.min_password_length}, allow_blank: true
+      end
+    end
+  end
+end

data/lib/active_authentication/model/confirmable.rb

@@ -0,0 +1,54 @@
+module ActiveAuthentication
+  module Model
+    module Confirmable
+      extend ActiveSupport::Concern
+
+      included do
+        generates_token_for :email_confirmation, expires_in: ActiveAuthentication.email_confirmation_token_expires_in
+
+        normalizes :unconfirmed_email, with: -> { _1.strip.downcase }
+
+        validates :unconfirmed_email, format: {with: URI::MailTo::EMAIL_REGEXP}, allow_blank: true
+
+        after_initialize do
+          @set_unconfirmed_email = true
+          @send_email_confirmation_instructions = true
+        end
+
+        before_update :set_unconfirmed_email, if: :set_unconfirmed_email?
+        after_save :send_email_confirmation_instructions, if: :send_email_confirmation_instructions?
+      end
+
+      def confirm
+        @send_email_confirmation_instructions = false
+        @set_unconfirmed_email = false
+
+        update email: unconfirmed_email, unconfirmed_email: nil
+      end
+
+      def send_email_confirmation_instructions
+        token = generate_token_for :email_confirmation
+        ActiveAuthentication::Mailer.with(token: token, user: self).email_confirmation_instructions.deliver
+      end
+
+      def send_email_confirmation_instructions?
+        @send_email_confirmation_instructions && unconfirmed_email.present?
+      end
+
+      def unconfirmed?
+        unconfirmed_email.present?
+      end
+
+      private
+
+      def set_unconfirmed_email
+        self.unconfirmed_email = email
+        self.email = email_was
+      end
+
+      def set_unconfirmed_email?
+        @set_unconfirmed_email && email_changed?
+      end
+    end
+  end
+end

data/lib/active_authentication/model/lockable.rb

@@ -0,0 +1,42 @@
+module ActiveAuthentication
+  module Model
+    module Lockable
+      extend ActiveSupport::Concern
+
+      included do
+        ActiveAuthentication::SessionsController.send :include, ActiveAuthentication::Controller::Lockable
+
+        generates_token_for :unlock, expires_in: ActiveAuthentication.unlock_token_expires_in
+
+        scope :unlocked, -> { where locked_at: nil }
+      end
+
+      def increment_failed_attempts
+        increment :failed_attempts
+
+        lock if failed_attempts == ActiveAuthentication.max_failed_attempts
+
+        save
+      end
+
+      def locked?
+        locked_at.present?
+      end
+
+      def lock
+        update locked_at: Time.now
+
+        send_unlock_instructions
+      end
+
+      def send_unlock_instructions
+        token = generate_token_for :unlock
+        ActiveAuthentication::Mailer.with(token: token, user: self).unlock_instructions.deliver
+      end
+
+      def unlock
+        update failed_attempts: 0, locked_at: nil
+      end
+    end
+  end
+end

data/lib/active_authentication/model/recoverable.rb

@@ -0,0 +1,16 @@
+module ActiveAuthentication
+  module Model
+    module Recoverable
+      extend ActiveSupport::Concern
+
+      included do
+        generates_token_for :password_reset, expires_in: ActiveAuthentication.password_reset_token_expires_in
+      end
+
+      def send_password_reset_instructions
+        token = generate_token_for :password_reset
+        ActiveAuthentication::Mailer.with(token: token, user: self).password_reset_instructions.deliver
+      end
+    end
+  end
+end

data/lib/active_authentication/model/registerable.rb

@@ -0,0 +1,7 @@
+module ActiveAuthentication
+  module Model
+    module Registerable
+      extend ActiveSupport::Concern
+    end
+  end
+end

data/lib/active_authentication/model/trackable.rb

@@ -0,0 +1,23 @@
+module ActiveAuthentication
+  module Model
+    module Trackable
+      extend ActiveSupport::Concern
+
+      included do
+        ActiveAuthentication::SessionsController.send :include, ActiveAuthentication::Controller::Trackable
+      end
+
+      def track(request)
+        self.sign_in_count += 1
+
+        self.last_sign_in_at = current_sign_in_at
+        self.current_sign_in_at = Time.now
+
+        self.last_sign_in_ip = current_sign_in_ip
+        self.current_sign_in_ip = request.remote_ip
+
+        save
+      end
+    end
+  end
+end

data/lib/active_authentication/model.rb

@@ -0,0 +1,21 @@
+module ActiveAuthentication
+  module Model
+    extend ActiveSupport::Concern
+
+    CONCERNS = %i[authenticatable confirmable lockable recoverable registerable trackable]
+
+    class_methods do
+      def authenticates_with(*concerns)
+        include Authenticatable
+        concerns.each do |concern|
+          include const_get(concern.to_s.classify)
+        end
+      end
+      alias_method :authenticates, :authenticates_with
+
+      CONCERNS.each do |concern|
+        define_method(:"#{concern}?") { User.included_modules.include? const_get(concern.to_s.classify) }
+      end
+    end
+  end
+end

data/lib/active_authentication/routes.rb

@@ -0,0 +1,34 @@
+module ActionDispatch::Routing
+  class Mapper
+    def active_authentication
+      scope module: :active_authentication do
+        ActiveAuthentication::Model::CONCERNS.each do |concern|
+          send(concern) if User.send(:"#{concern}?") && respond_to?(concern, true)
+        end
+      end
+    end
+
+    private
+
+    def authenticatable
+      resource :session, only: [:new, :create, :destroy]
+    end
+
+    def confirmable
+      resources :confirmations, param: :token, only: [:new, :create, :show]
+    end
+
+    def lockable
+      resources :unlocks, param: :token, only: [:new, :create, :show]
+    end
+
+    def registerable
+      resources :registrations, only: [:new, :create]
+      resource :profile, only: [:edit, :update, :destroy], path: :profile, controller: :registrations
+    end
+
+    def recoverable
+      resources :passwords, param: :token, only: [:new, :create, :edit, :update]
+    end
+  end
+end