RubyGems - active_authentication - Versions diffs - 0.1.0 - Mend

active_authentication 0.1.0

Files changed (44) hide show

checksums.yaml ADDED Viewed

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: a8b956c6e7b16a3f007c97efaf865bd070897b57fcef56be4f6a8615c6e83b37
+  data.tar.gz: 365972997162dcbc741186117bcb43fc45c04338ce3d4c8dd7562f9ac1d9a6ea
+SHA512:
+  metadata.gz: f3e34c5159ff44130cd296ece54c3e5ba02158f247775f0a1af856c70efdd2369bf20ccf522d5cb1dc2ec76e7f2bc37b488f5117c1f93d6cf5987a6adc9354e6
+  data.tar.gz: b7bb7d568d98831ee2d18309da36ba125ee0f2a1aa76197c2e2d37aa66d78febfe5368f63f62819802907e7aba73a205e6db6255a519a4ca96c56c29916a858c

data/README.md ADDED Viewed

@@ -0,0 +1,120 @@
+# ActiveAuthentication
+A pure Rails authentication solution.
+## Main features
+* Pure Rails implementation, uses [has_secure_password](https://api.rubyonrails.org/classes/ActiveModel/SecurePassword/ClassMethods.html#method-i-has_secure_password), [generates_token_for](https://api.rubyonrails.org/classes/ActiveRecord/TokenFor/ClassMethods.html#method-i-generates_token_for), [find_by_token_for](https://api.rubyonrails.org/classes/ActiveRecord/TokenFor/ClassMethods.html#method-i-find_by_token_for) and [authenticate_by](https://api.rubyonrails.org/classes/ActiveRecord/SecurePassword/ClassMethods.html#method-i-authenticate_by).
+* ActiveAuthentication authenticates users and only users. If you need to authenticate other models you should be asking yourself if you shouldn't handle authorization differently.
+* Turn on/off the features you need by using concerns.
+### Concerns
+* Authenticatable: provides the standard email/password authentication. It's the only concern that can't be turned off.
+* Confirmable: allows users to confirm their email addresses.
+* Lockable: locks users after a number of failed sign in attempts.
+* Recoverable: allows users to reset their password.
+* Registerable: allows users to sign up and edit their profile.
+* Trackable: tracks users sign in count, timestamps and ip addresses.
+Planned concerns:
+* MagicLinkable: to allow users to sign in with a magic link.
+* Omniauthable: to allow users to sign up and sign in using a third party service through Omniauth.
+* Timeoutable: to expire sessions after a period of inactivity.
+## Installation
+Add this line to your application's Gemfile:
+```ruby
+gem "active_authentication"
+```
+And then execute:
+```bash
+$ bundle
+```
+Or install it yourself as:
+```bash
+$ gem install active_authentication
+```
+## Usage
+After installing the gem, you need to generate the `User` model. To generate it, run:
+```bash
+$ rails generate active_authentication:install
+```
+This command will generate the `User` model, add the `active_authentication` route, and generate an initializer (`config/initializers/active_authentication.rb`) where you can configure the concerns.
+You will need to set up the default url options in your `config/environments/development.rb`:
+```ruby
+config.action_mailer.default_url_options = {host: "localhost", port: 3000}
+```
+And the `root` path in `config/routes.rb`.
+Finally, run `rails db:migrate`.
+### Concerns
+If you look at the `User` model (in `app/models/user.rb`), you will notice there's only a sentence:
+```ruby
+class User < ApplicationRecord
+  authenticates_with :confirmable, :lockable, :recoverable, :registerable, :trackable
+end
+```
+Notice that `:authenticatable` is not in the list. This is because you cannot turn it off.
+By default, all concerns are turned on. But you can turn them off by just removing them from the list. If you plan to not use any concerns, you can replace `authenticates_with` with `authenticates`.
+### Filters and helpers
+ActiveAuthentication comes with filters and helpers you can use in your controllers and views.
+To protect actions from being accessed by unauthenticated users, use the `authenticate_user!` filter:
+```ruby
+before_action :authenticate_user!
+```
+Then, to verify if there's an authenticated user, you can use the `user_signed_in?` helper.
+Similarly, you can use `current_user` to access the current authenticated user.
+## Customization
+### Concerns configuration
+When you run the `active_authentication:install` generator, an initializer will be copied to your app at `config/initializers/active_authentication.rb`. There's a section per concern where you can configure certain aspects of their behavior.
+### Views
+The default views are good enough to get you started, but you'll want to customize them sooner than later. To copy the default views into your app, run the following command:
+```bash
+$ rails generate active_authentication:views
+```
+If you're not using all the concerns, you might want to copy only the views you need. To do that, you can use the `--views` (`-v`) option:
+```bash
+$ rails generate active_authentication:views -v sessions
+```
+## Contributing
+You can open an issue or a PR in GitHub.
+## License
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/Rakefile ADDED Viewed

@@ -0,0 +1,8 @@
+require "bundler/setup"
+APP_RAKEFILE = File.expand_path("test/dummy/Rakefile", __dir__)
+load "rails/tasks/engine.rake"
+load "rails/tasks/statistics.rake"
+require "bundler/gem_tasks"

data/app/controllers/active_authentication/confirmations_controller.rb ADDED Viewed

@@ -0,0 +1,29 @@
+class ActiveAuthentication::ConfirmationsController < ApplicationController
+  before_action :require_no_authentication, except: :show
+  before_action :set_user, only: :show
+  def new
+  end
+  def create
+    @user = User.find_by unconfirmed_email: params[:email]
+    @user&.send_email_confirmation_instructions
+    redirect_to root_path, notice: t(".success")
+  end
+  def show
+    @user.confirm
+    sign_in(@user) unless user_signed_in?
+    redirect_to root_url, notice: t(".success")
+  end
+  private
+  def set_user
+    @user = User.find_by_token_for :email_confirmation, params[:token]
+    redirect_to root_url, alert: t(".invalid_token") unless @user.present?
+  end
+end

data/app/controllers/active_authentication/passwords_controller.rb ADDED Viewed

@@ -0,0 +1,37 @@
+class ActiveAuthentication::PasswordsController < ApplicationController
+  before_action :require_no_authentication
+  before_action :set_user, only: [:edit, :update]
+  def new
+  end
+  def create
+    @user = User.find_by email: params[:email]
+    @user&.send_password_reset_instructions
+    redirect_to root_url, notice: t(".success")
+  end
+  def edit
+  end
+  def update
+    if @user.update(user_params)
+      sign_in @user
+      redirect_to root_url, notice: t(".success")
+    else
+      render :edit, status: :unprocessable_entity
+    end
+  end
+  private
+  def set_user
+    @user = User.find_by_token_for :password_reset, params[:token]
+    redirect_to root_url, alert: t(".invalid_token") unless @user.present?
+  end
+  def user_params
+    params.require(:user).permit(:password, :password_confirmation)
+  end
+end

data/app/controllers/active_authentication/registrations_controller.rb ADDED Viewed

@@ -0,0 +1,42 @@
+class ActiveAuthentication::RegistrationsController < ApplicationController
+  before_action :require_no_authentication, only: [:new, :create]
+  before_action :authenticate_user!, only: [:edit, :update, :destroy]
+  def new
+    @user = User.new
+  end
+  def create
+    @user = User.new user_params
+    if @user.save
+      sign_in @user
+      redirect_to root_path, notice: t(".success")
+    else
+      render :new, status: :unprocessable_entity
+    end
+  end
+  def edit
+  end
+  def update
+    if current_user.update(user_params)
+      redirect_to edit_profile_path, notice: t(".success")
+    else
+      render :edit, status: :unprocessable_entity
+    end
+  end
+  def destroy
+    current_user.destroy
+    sign_out
+    redirect_to root_url, notice: t(".success")
+  end
+  private
+  def user_params
+    params.require(:user).permit(:email, :password, :password_confirmation)
+  end
+end

data/app/controllers/active_authentication/sessions_controller.rb ADDED Viewed

@@ -0,0 +1,36 @@
+class ActiveAuthentication::SessionsController < ApplicationController
+  include ActiveSupport::Callbacks
+  before_action :require_no_authentication, except: :destroy
+  before_action :authenticate_user!, only: :destroy
+  define_callbacks :successful_sign_in, :failed_sign_in, :sign_out
+  def new
+  end
+  def create
+    @user = scope.authenticate_by email: params[:email], password: params[:password]
+    if @user.present?
+      run_callbacks :successful_sign_in do
+        sign_in @user
+      end
+      redirect_to root_path, notice: t(".success")
+    else
+      run_callbacks :failed_sign_in do
+        flash[:alert] = t(".invalid_email_or_password")
+      end
+      render :new, status: :unprocessable_entity
+    end
+  end
+  def destroy
+    run_callbacks :sign_out do
+      sign_out
+    end
+    redirect_to root_url, notice: t(".success")
+  end
+end

data/app/controllers/active_authentication/unlocks_controller.rb ADDED Viewed

@@ -0,0 +1,29 @@
+class ActiveAuthentication::UnlocksController < ApplicationController
+  before_action :require_no_authentication
+  before_action :set_user, only: :show
+  def new
+  end
+  def create
+    @user = User.find_by email: params[:email]
+    @user&.send_unlock_instructions if @user&.locked?
+    redirect_to root_path, notice: t(".success")
+  end
+  def show
+    @user.unlock
+    sign_in @user
+    redirect_to root_url, notice: t(".success")
+  end
+  private
+  def set_user
+    @user = User.find_by_token_for :unlock, params[:token]
+    redirect_to root_url, alert: t(".invalid_token") unless @user.present?
+  end
+end

data/app/mailers/active_authentication/mailer.rb ADDED Viewed

@@ -0,0 +1,21 @@
+module ActiveAuthentication
+  class Mailer < ApplicationMailer
+    def email_confirmation_instructions
+      @token, @user = params[:token], params[:user]
+      mail to: @user.unconfirmed_email
+    end
+    def password_reset_instructions
+      @token, @user = params[:token], params[:user]
+      mail to: @user.email
+    end
+    def unlock_instructions
+      @token, @user = params[:token], params[:user]
+      mail to: @user.email
+    end
+  end
+end

data/app/views/active_authentication/confirmations/new.html.erb ADDED Viewed

@@ -0,0 +1,14 @@
+<h1 class="text-4xl font-bold"><%=t ".email_confirmation_instructions" %></h1>
+<%= form_with url: confirmations_path do |form| %>
+  <div>
+    <%= form.label :email, t("activerecord.attributes.user.email") %>
+    <%= form.email_field :email %>
+  </div>
+  <div>
+    <%= form.submit t(".email_confirmation_instructions") %>
+  </div>
+<% end %>
+<%= render "active_authentication/shared/links" %>

data/app/views/active_authentication/mailer/email_confirmation_instructions.html.erb ADDED Viewed

@@ -0,0 +1,5 @@
+<p><%=t ".hello", email: @user.unconfirmed_email %></p>
+<p><%=t ".confirm_email_below" %></p>
+<p><%= link_to t(".confirm_email"), confirmation_url(token: @token) %></p>

data/app/views/active_authentication/mailer/password_reset_instructions.html.erb ADDED Viewed

@@ -0,0 +1,5 @@
+<p><%=t ".hello", email: @user.email %></p>
+<p><%=t ".reset_password_below" %></p>
+<p><%= link_to t(".reset_password"), edit_password_url(token: @token) %></p>

data/app/views/active_authentication/mailer/unlock_instructions.html.erb ADDED Viewed

@@ -0,0 +1,5 @@
+<p><%=t ".hello", email: @user.email %></p>
+<p><%=t ".unlock_below" %></p>
+<p><%= link_to t(".unlock"), unlock_url(token: @token) %></p>

data/app/views/active_authentication/passwords/edit.html.erb ADDED Viewed

@@ -0,0 +1,28 @@
+<h1 class="text-4xl font-bold"><%=t ".set_new_password" %></h1>
+<%= form_with model: @user, url: password_path(token: params[:token]), method: :put, data: {turbo: false} do |form| %>
+  <% if @user.errors.any? %>
+    <div id="error_explanation" class="px-3 py-2 mt-3 font-medium text-red-500 rounded-lg bg-red-50">
+      <h2><%=t "active_authentication.failure.form_errors", errors: pluralize(@user.errors.count, "error") %></h2>
+      <ul>
+        <% @user.errors.each do |error| %>
+          <li><%= error.full_message %></li>
+        <% end %>
+      </ul>
+    </div>
+  <% end %>
+  <div>
+    <%= form.label :password %>
+    <%= form.password_field :password %>
+  </div>
+  <div>
+    <%= form.label :password_confirmation %>
+    <%= form.password_field :password_confirmation %>
+  </div>
+  <div>
+    <%= form.submit t(".set_new_password") %>
+  </div>
+<% end %>

data/app/views/active_authentication/passwords/new.html.erb ADDED Viewed

@@ -0,0 +1,14 @@
+<h1 class="text-4xl font-bold"><%=t ".reset_password_instructions" %></h1>
+<%= form_with url: passwords_path, data: {turbo: false} do |form| %>
+  <div>
+    <%= form.label :email, t("activerecord.attributes.user.email") %>
+    <%= form.email_field :email %>
+  </div>
+  <div>
+    <%= form.submit t(".reset_password_instructions") %>
+  </div>
+<% end %>
+<%= render "active_authentication/shared/links" %>

data/app/views/active_authentication/registrations/edit.html.erb ADDED Viewed

@@ -0,0 +1,42 @@
+<h1 class="text-4xl font-bold"><%=t ".edit_profile" %></h1>
+<% if current_user.unconfirmed? %>
+  <div class="px-3 py-2 mt-3 font-medium text-yellow-500 rounded-lg bg-yellow-50">
+    <%=t ".pending_confirmation", unconfirmed_email: current_user.unconfirmed_email %>
+  </div>
+<% end %>
+<%= form_with model: current_user, url: profile_path, data: {turbo: false} do |form| %>
+  <% if current_user.errors.any? %>
+    <div id="error_explanation" class="px-3 py-2 mt-3 font-medium text-red-500 rounded-lg bg-red-50">
+      <h2><%=t "active_authentication.failure.form_errors", errors: pluralize(current_user.errors.count, "error") %></h2>
+      <ul>
+        <% current_user.errors.each do |error| %>
+          <li><%= error.full_message %></li>
+        <% end %>
+      </ul>
+    </div>
+  <% end %>
+  <div>
+    <%= form.label :email %>
+    <%= form.email_field :email %>
+  </div>
+  <div>
+    <%= form.label :password %>
+    <%= form.password_field :password %>
+  </div>
+  <div>
+    <%= form.label :password_confirmation %>
+    <%= form.password_field :password_confirmation %>
+  </div>
+  <div>
+    <%= form.submit t(".save") %>
+  </div>
+<% end %>
+<h2 class="text-2xl font-bold"><%=t ".danger_zone" %></h2>
+<%= button_to t(".cancel_account"), profile_path, method: :delete, data: {turbo_confirm: t(".confirm")} %>

data/app/views/active_authentication/registrations/new.html.erb ADDED Viewed

@@ -0,0 +1,35 @@
+<h1 class="text-4xl font-bold"><%=t ".sign_up" %></h1>
+<%= form_with model: @user, url: registrations_path, data: {turbo: false} do |form| %>
+  <% if @user.errors.any? %>
+    <div id="error_explanation" class="px-3 py-2 mt-3 font-medium text-red-500 rounded-lg bg-red-50">
+      <h2><%=t "active_authentication.failure.form_errors", errors: pluralize(@user.errors.count, "error") %></h2>
+      <ul>
+        <% @user.errors.each do |error| %>
+          <li><%= error.full_message %></li>
+        <% end %>
+      </ul>
+    </div>
+  <% end %>
+  <div>
+    <%= form.label :email %>
+    <%= form.email_field :email %>
+  </div>
+  <div>
+    <%= form.label :password %>
+    <%= form.password_field :password %>
+  </div>
+  <div>
+    <%= form.label :password_confirmation %>
+    <%= form.password_field :password_confirmation %>
+  </div>
+  <div>
+    <%= form.submit t(".sign_up") %>
+  </div>
+<% end %>
+<%= render "active_authentication/shared/links" %>

data/app/views/active_authentication/sessions/new.html.erb ADDED Viewed

@@ -0,0 +1,19 @@
+<h1 class="text-4xl font-bold"><%=t ".sign_in" %></h1>
+<%= form_with url: session_path, data: {turbo: false} do |form| %>
+  <div>
+    <%= form.label :email, t("activerecord.attributes.user.email") %>
+    <%= form.email_field :email %>
+  </div>
+  <div>
+    <%= form.label :password, t("activerecord.attributes.user.password") %>
+    <%= form.password_field :password %>
+  </div>
+  <div>
+    <%= form.submit t(".sign_in") %>
+  </div>
+<% end %>
+<%= render "active_authentication/shared/links" %>

data/app/views/active_authentication/shared/_links.html.erb ADDED Viewed

@@ -0,0 +1,19 @@
+<% if controller_name != "sessions" %>
+  <p><%= link_to t(".sign_in"), new_session_path %></p>
+<% end %>
+<% if User.registerable? && controller_name != "registrations" %>
+  <p><%= link_to t(".sign_up"), new_registration_path %></p>
+<% end %>
+<% if User.recoverable? && controller_name != "registrations" && controller_name != "passwords" %>
+  <p><%= link_to t(".reset_password"), new_password_path %></p>
+<% end %>
+<% if User.confirmable? && controller_name != "confirmations" %>
+  <p><%= link_to t(".send_email_confirmation_instructions"), new_confirmation_path %></p>
+<% end %>
+<% if User.lockable? && controller_name != "unlocks" %>
+  <p><%= link_to t(".send_unlock_instructions"), new_unlock_path %></p>
+<% end %>

data/app/views/active_authentication/unlocks/new.html.erb ADDED Viewed

@@ -0,0 +1,14 @@
+<h1 class="text-4xl font-bold"><%=t ".unlock_instructions" %></h1>
+<%= form_with url: unlocks_path do |form| %>
+  <div>
+    <%= form.label :email, t("activerecord.attributes.user.email") %>
+    <%= form.email_field :email %>
+  </div>
+  <div>
+    <%= form.submit t(".unlock_instructions") %>
+  </div>
+<% end %>
+<%= render "active_authentication/shared/links" %>