active_entry 1.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 15c793e52a2f7f0b43f1752bb61303f2fae758c763264fe3e73561ca3c272b8b
+  data.tar.gz: 49ba592be85bb9f3f1642d748e4cbc235b4f49461dca4483773fb1de85252028
+SHA512:
+  metadata.gz: 1e009ca5bbd3b9c2d4153f96cf4dd864dd83196c317c276a7d2a71bde273325c6a59f2340e28ca6cadc83c4430da0fefa1f07846ffdd0d9e42409c2b91eab73e
+  data.tar.gz: 9e62985d0726b6323126b3929d7a3b9ad2d1d6d51e8488da8a6f7061b8c2d9efb94f284b260d69d344f0a8f140afa5b1428a4fb9c20d632a037542ca1d28da34

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright 2021 tobiasfeistmantl
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,182 @@
+[<img src="active_entry_logo.png" alt="Active Entry Logo" width="250px"/>](https://github.com/TFM-Agency/active_entry)
+
+# Active Entry - Simple and flexible authentication and authorization
+
+Active Entry is a simple and secure authentication and authorization system for your Rails application, which lets you to authenticate and authorize directly in your controllers.
+
+## Installation
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'active_entry'
+```
+
+And then execute:
+```bash
+$ bundle
+```
+
+Or install it yourself as:
+```bash
+$ gem install active_entry
+```
+
+## Usage
+With Active Entry authentication and authorization is done in your Rails controllers. To enable authentication and authorization in one of your controllers, just add a before action for `authenticate!` and `authorize!` and the user has to authenticate and authorize on every call.
+You probably want to control authentication and authorization for every controller action you have in your app. To enable this, just add the before action to the `ApplicationController`.
+
+```ruby
+class ApplicationController < ActionController::Base
+  before_action :authenticate!, :authorize!
+  # ...
+end
+```
+
+If you try to open a page, you will get an `ActiveEntry::AuthenticationNotPerformedError` or `ActiveEntry::AuthorizationNotPerformedError`. This means that you have to instruct Active Entry when a user is authenticated/authorized and when not.
+You can do this by defining the methods `authenticated?` and `authorized?` in your controller.
+
+```ruby
+class DashboardController < ApplicationController
+  # Actions ...
+
+  private
+
+  def authenticated?
+    return true if user_signed_in?
+  end
+
+  def authorized?
+    return true if current_user.admin?
+  end 
+end
+```
+
+Active Entry expects boolean return values from `authenticated?` and `authorized?`. `true` signals successful authentication/authorization, everything else not.
+
+If the user is signed in, he is authenticated and authorized if he is an admin, otherwise an `ActiveEntry::NotAuthenticatedError` or `ActiveEntry::NotAuthorizedError` will be raised.
+Now you just have to catch this error and react accordingly. Rails has the convinient `rescue_from` for that.
+
+```ruby
+class ApplicationController < ActionController::Base
+  # ...
+
+  rescue_from ActiveEntry::NotAuthenticatedError, with: :not_authenticated
+  rescue_from ActiveEntry::NotAuthorizedError, with: :not_authorized
+
+  private
+
+  def not_authenticated
+    flash[:danger] = "You are not authenticated!"
+    redirect_to login_path
+  end
+
+  def not_authorized
+    flash[:danger] = "You are not authorized to call this action!"
+    redirect_to root_path
+  end
+end
+```
+
+In this example above, the user will be redirected with a flash message. But you can do whatever you want. For example logging.
+
+Active Entry also has a few helper methods which help you to distinguish between RESTful controller actions.
+
+The following methods are available:
+
+ * `read_action?` - If the called action just read. Actions: `index`, `show`
+ * `write_action?` - If the called action writes something. Actions: `new`, `create`, `edit`, `update`, `destroy`
+ * `change_action?` - If something will be updated or destroyed. Actions: `edit`, `update`, `destroy`
+ * `create_action?` - If something will be created. Actions: `new`, `create`
+ * `update_action?` - If something will be updated. Actions: `edit`, `update`
+ * `destroy_action?` - If something will be destroyed. Action: `destroy`
+
+So you can for example do:
+
+```ruby
+def authorized?
+  return true if read_action?    # Everybody is authorized to call read actions
+
+  if write_action?
+    return true if admin_signed_in?		# Just admins are allowed to call write actions
+  end
+end
+```
+
+This is pretty much everything you have to do for basic authentication or authorization!
+
+## Pass a custom error hash
+You can pass an error hash to the exception and use this in your rescue method:
+
+```ruby
+class ApplicationController < ActionController::Base
+  before_action :authenticate!, :authorize!
+	
+  # ...
+
+  rescue_from ActiveEntry::NotAuthenticatedError, with: :not_authenticated
+  rescue_from ActiveEntry::NotAuthorizedError, with: :not_authorized
+
+  private
+
+  def not_authenticated(exception)
+    flash[:danger] = "You are not authenticated! Code: #{exception.error[:code]}"
+    redirect_to root_path
+  end
+
+  def not_authorized(exception)
+    flash[:danger] = "You are not authorized to call this action! Code: #{exception.error[:code]}"
+    redirect_to root_path
+  end
+
+  def authenticated?(error)
+    error[:code] = "ERROR"
+
+    return true if user_signed_in?
+  end
+	
+  def authorized?(error)
+    error[:code] = "ERROR"
+
+    return true if read_action?    # Everybody is authorized to call read actions
+
+    if write_action?
+      return true if admin_signed_in?		# Just admins are allowed to call write actions
+    end
+  end
+end
+```
+
+## Known Issues
+The authentication/authorization is done in a before action. These Rails controller before callbacks are done in defined order. If you set an instance variable which is needed in the `authenticated?` or `authorized?` method, you have to call the before action after the other method again.
+
+For example if you set `@user` in your controller in the `set_user` before action and you want to use the variable in `authorized?` action, you have to add the `authenticate!` or `authorize!` method after the `set_user` again, otherwise `@user` won't be available in `authenticate!` or `authorized?` yet.
+
+```ruby
+class UsersController < ApplicationController
+  before_action :set_user
+  before_action :authenticate!, :authorize!
+
+  def show
+  end
+
+  private
+
+  def authenticated?
+    return true if user_signed_in?
+  end
+
+  def authorized?
+    return true if current_user == @user
+  end
+end
+```
+
+## Contributing
+Create pull requests on Github and help us to improve this Gem. There are some guidelines to follow:
+
+ * Follow the conventions
+ * Test all your implementations
+ * Document methods that aren't self-explaining (we are using [YARD](http://yardoc.org/))
+
+## License
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/Rakefile

@@ -0,0 +1,3 @@
+require "bundler/setup"
+
+require "bundler/gem_tasks"

data/lib/active_entry.rb

@@ -0,0 +1,54 @@
+require "active_entry/version"
+require "active_entry/errors"
+require "active_entry/controller_methods"
+require "active_entry/railtie" if defined? Rails::Railtie
+
+module ActiveEntry
+  # Authenticates the user
+  def authenticate!
+    # Raise an error if the #authenticate? action isn't defined.
+    #
+    # This ensures that you actually do authentication in your controller.
+    raise ActiveEntry::AuthenticationNotPerformedError unless defined?(authenticated?)
+    
+    error = {}
+    is_authenticated = nil
+
+    if method(:authenticated?).arity > 0
+      is_authenticated = authenticated?(error)
+    else
+      is_authenticated = authenticated?
+    end
+    
+    # If the authenticated? method returns not true
+    # it raises the ActiveEntry::NotAuthenticatedError.
+    #
+    # Use the .rescue_from method from ActionController::Base
+    # to catch the exception and show the user a proper error message.
+    raise ActiveEntry::NotAuthenticatedError.new(error) unless is_authenticated == true
+  end
+  
+  # Authorizes the user.
+  def authorize!
+    # Raise an error if the #authorize? action isn't defined.
+    #
+    # This ensures that you actually do authorization in your controller. 
+    raise ActiveEntry::AuthorizationNotPerformedError unless defined?(authorized?)
+    
+    error = {}
+    is_authorized = nil
+
+    if method(:authorized?).arity > 0
+      is_authorized = authorized?(error)
+    else
+      is_authorized = authorized?
+    end
+
+    # If the authorized? method does not return true
+    # it raises the ActiveEntry::NotAuthorizedError
+    #
+    # Use the .rescue_from method from ActionController::Base
+    # to catch the exception and show the user a proper error message.
+    raise ActiveEntry::NotAuthorizedError.new(error) unless is_authorized == true
+  end
+end

data/lib/active_entry/controller_methods.rb

@@ -0,0 +1,83 @@
+# @author Tobias Feistmantl
+#
+# Helper methods for your controller
+# to identify RESTful actions.
+module ActiveEntry
+  # @return [Boolean]
+  #    True if the called action
+  #    is a only-read action.
+  def read_action?
+    action_name == 'index' ||
+    action_name == 'show'
+  end
+
+  # @return [Boolean]
+  #    True if the called action
+  #    is a write action.
+  def write_action?
+    action_name == 'new' ||
+    action_name == 'create' ||
+    action_name == 'edit' ||
+    action_name == 'update' ||
+    action_name == 'destroy'
+  end
+
+  # @return [Boolean]
+  #    True if the called action
+  #    is a change action.
+  def change_action?
+    action_name == 'edit' ||
+    action_name == 'update' ||
+    action_name == 'destroy'
+  end
+
+  # @return [Boolean]
+  #    True if the called action
+  #    is the index action.
+  def index_action?
+    action_name == 'index'
+  end
+
+  # @return [Boolean]
+  #    True if the called action
+  #    is the show action.
+  def show_action?
+    action_name == 'show'
+  end
+
+  # @note
+  #    Also true for the pseudo
+  #    update action `new`.
+  #
+  # @note
+  #    Only true for create methods
+  #    such as new and create.
+  #
+  # @return [Boolean]
+  #    True if the called action
+  #    is a create action.
+  def create_action?
+    action_name == 'new' ||
+    action_name == 'create'
+  end
+
+  # @note
+  #    Also true for the pseudo
+  #    update action `edit`.
+  #
+  # @return [Boolean]
+  #    True if the called action
+  #    is a update action.
+  def update_action?
+    action_name == 'edit' ||
+    action_name == 'update'
+  end
+
+  # @return [Boolean]
+  #    True if it's a destroy action.
+  def destroy_action?
+    action_name == 'destroy'
+  end
+
+  alias delete_action? destroy_action?
+end

data/lib/active_entry/errors.rb

@@ -0,0 +1,66 @@
+# @author Tobias Feistmantl
+module ActiveEntry
+  # Generic authorization error.
+  # Other, more specific, errors inherit from this one.
+  #
+  # @raise [AuthorizationError]
+  #    if something generic is happening.
+  class AuthorizationError < StandardError
+  end
+
+  # Error for controllers in which authorization isn't handled.
+  #
+  # @raise [AuthorizationNotPerformedError]
+  #    if the #authorized? method isn't defined
+  #    in the controller class.
+  class AuthorizationNotPerformedError < AuthorizationError
+  end
+
+  # Error if user unauthorized.
+  #
+  # @raise [NotAuthorizedError]
+  #    if authorized? isn't returning true.
+  #
+  # @note
+  #    Should always be called at the end
+  #    of the #authorize! method.
+  class NotAuthorizedError < AuthorizationError
+    attr_reader :error
+
+    def initialize(error={})
+      @error = error
+    end
+  end
+
+
+  # Base class for authentication errors.
+  #
+  # @raise [AuthenticationError]
+  #    if something generic happens.
+  class AuthenticationError < StandardError
+  end
+
+  # Error for controllers in which authentication isn't handled.
+  #
+  # @raise [AuthenticationNotPerformedError]
+  #    if the #authenticated? method isn't defined
+  #    in the controller class.
+  class AuthenticationNotPerformedError < AuthenticationError
+  end
+
+  # Error if user not authenticated
+  #
+  # @raise [NotAuthenticatedError]
+  #    if authenticated? isn't returning true.
+  #
+  # @note
+  #    Should always be called at the end
+  #    of the #authenticate! method.
+  class NotAuthenticatedError < AuthenticationError
+    attr_reader :error
+
+    def initialize(error={})
+      @error = error
+    end
+  end
+end

data/lib/active_entry/railtie.rb

@@ -0,0 +1,9 @@
+module ActiveEntry
+  class Railtie < ::Rails::Railtie
+    initializer 'active_entry.include_in_action_controller' do
+      ActiveSupport.on_load :action_controller do
+        ::ActionController::Base.include(ActiveEntry)
+      end
+    end
+  end
+end

data/lib/active_entry/version.rb

@@ -0,0 +1,3 @@
+module ActiveEntry
+  VERSION = '1.0.1'
+end

data/lib/tasks/active_entry_tasks.rake

@@ -0,0 +1,4 @@
+# desc "Explaining what the task does"
+# task :active_entry do
+#   # Task goes here
+# end

metadata

@@ -0,0 +1,113 @@
+--- !ruby/object:Gem::Specification
+name: active_entry
+version: !ruby/object:Gem::Version
+  version: 1.0.1
+platform: ruby
+authors:
+- TFM Agency GmbH
+- Tobias Feistmantl
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2021-03-02 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 4.0.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 4.0.0
+- !ruby/object:Gem::Dependency
+  name: rspec-rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: guard-rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: pry
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: An easy and flexible access control system. No need for policies, abilities,
+  etc. Do authentication and authorization directly in your controller.
+email:
+- hello@tfm.agency
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- MIT-LICENSE
+- README.md
+- Rakefile
+- lib/active_entry.rb
+- lib/active_entry/controller_methods.rb
+- lib/active_entry/errors.rb
+- lib/active_entry/railtie.rb
+- lib/active_entry/version.rb
+- lib/tasks/active_entry_tasks.rake
+homepage: https://github.com/TFM-Agency/active_entry
+licenses:
+- MIT
+metadata:
+  homepage_uri: https://github.com/TFM-Agency/active_entry
+  source_code_uri: https://github.com/TFM-Agency/active_entry
+  changelog_uri: https://github.com/TFM-Agency/active_entry/commits/main
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.2.3
+signing_key: 
+specification_version: 4
+summary: An easy and flexible access control system for your Rails app.
+test_files: []