active_entry 1.1.0 → 1.2.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +16 -28
- data/lib/active_entry.rb +20 -2
- data/lib/active_entry/errors.rb +18 -2
- data/lib/active_entry/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 8473716d8d36f309773e287f91b9555d9dc166f84580f05998f03d87e3b3f96f
|
4
|
+
data.tar.gz: 59cb7db7d902f5507717582381662b6d3fa08114d06e8acb6dbdbb1c7ae3093e
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 92182576896b166ccad824dc857f4b494366b02080bbd6f3de1aeb5c8551b5c659177cce9636e42cdd45c3120daa25ac6bde2a52a94cf456d8721c35c0e6602d
|
7
|
+
data.tar.gz: 5db0ea52d9dc59943db877b4dea88b657125e7deb0f457bd252ac897bb7fa5f15bd3b381396fceff1dc8d577826fd6c74fa1ffd4da579b09256e1e7adde67ffc
|
data/README.md
CHANGED
@@ -1,6 +1,6 @@
|
|
1
1
|
[<img src="active_entry_logo.png" alt="Active Entry Logo" width="250px"/>](https://github.com/TFM-Agency/active_entry)
|
2
2
|
|
3
|
-
# Active Entry - Simple and flexible authentication and authorization
|
3
|
+
# Active Entry - Simple and flexible authentication and authorization [![Ruby](https://github.com/TFM-Agency/active_entry/actions/workflows/ci-rspec.yml/badge.svg)](https://github.com/TFM-Agency/active_entry/actions/workflows/ci-rspec.yml)
|
4
4
|
|
5
5
|
Active Entry is a simple and secure authentication and authorization system for your Rails application, which lets you to authenticate and authorize directly in your controllers.
|
6
6
|
|
@@ -23,16 +23,29 @@ $ gem install active_entry
|
|
23
23
|
|
24
24
|
## Usage
|
25
25
|
With Active Entry authentication and authorization is done in your Rails controllers. To enable authentication and authorization in one of your controllers, just add a before action for `authenticate!` and `authorize!` and the user has to authenticate and authorize on every call.
|
26
|
-
|
26
|
+
|
27
|
+
### Verify authentication and authorization
|
28
|
+
You probably want to control authentication and authorization for every controller action you have in your app. As a safeguard to ensure, that auth is performed in every controller and the call for auth is not forgotten in development, add the `#verify_authentication!` and `#verify_authorization` as after action callbacks to your `ApplicationController`.
|
27
29
|
|
28
30
|
```ruby
|
29
31
|
class ApplicationController < ActionController::Base
|
32
|
+
before_action :verify_authentication!, :verify_authorization!
|
33
|
+
# ...
|
34
|
+
end
|
35
|
+
```
|
36
|
+
This ensures, that you call `authenticate!` and/or `authorize!` in all your controllers and raises an `ActiveEntry::AuthenticationNotPerformedError` / `ActiveEntry::AuthorizationNotPerformedError` if not.
|
37
|
+
|
38
|
+
### Perform authentication and authorization
|
39
|
+
in order to do the actual authentication and authorization, you have to add `authenticate!` and `authorize!` as before action callback in your controllers.
|
40
|
+
|
41
|
+
```ruby
|
42
|
+
class DashboardController < ApplicationController
|
30
43
|
before_action :authenticate!, :authorize!
|
31
44
|
# ...
|
32
45
|
end
|
33
46
|
```
|
34
47
|
|
35
|
-
If you try to open a page, you will get an `ActiveEntry::
|
48
|
+
If you try to open a page, you will get an `ActiveEntry::AuthenticationDecisionMakerMissingError` or `ActiveEntry::AuthorizationDecisionMakerMissingError`. This means that you have to instruct Active Entry when a user is authenticated/authorized and when not.
|
36
49
|
You can do this by defining the methods `authenticated?` and `authorized?` in your controller.
|
37
50
|
|
38
51
|
```ruby
|
@@ -194,31 +207,6 @@ class ApplicationController < ActionController::Base
|
|
194
207
|
end
|
195
208
|
```
|
196
209
|
|
197
|
-
## Known Issues
|
198
|
-
The authentication/authorization is done in a before action. These Rails controller before callbacks are done in defined order. If you set an instance variable which is needed in the `authenticated?` or `authorized?` method, you have to call the before action after the other method again.
|
199
|
-
|
200
|
-
For example if you set `@user` in your controller in the `set_user` before action and you want to use the variable in `authorized?` action, you have to add the `authenticate!` or `authorize!` method after the `set_user` again, otherwise `@user` won't be available in `authenticate!` or `authorized?` yet.
|
201
|
-
|
202
|
-
```ruby
|
203
|
-
class UsersController < ApplicationController
|
204
|
-
before_action :set_user
|
205
|
-
before_action :authenticate!, :authorize!
|
206
|
-
|
207
|
-
def show
|
208
|
-
end
|
209
|
-
|
210
|
-
private
|
211
|
-
|
212
|
-
def authenticated?
|
213
|
-
return true if user_signed_in?
|
214
|
-
end
|
215
|
-
|
216
|
-
def authorized?
|
217
|
-
return true if current_user == @user
|
218
|
-
end
|
219
|
-
end
|
220
|
-
```
|
221
|
-
|
222
210
|
## Contributing
|
223
211
|
Create pull requests on Github and help us to improve this Gem. There are some guidelines to follow:
|
224
212
|
|
data/lib/active_entry.rb
CHANGED
@@ -4,6 +4,11 @@ require "active_entry/controller_methods"
|
|
4
4
|
require "active_entry/railtie" if defined? Rails::Railtie
|
5
5
|
|
6
6
|
module ActiveEntry
|
7
|
+
# Verifies that #authenticate! has been called in the controller.
|
8
|
+
def verify_authentication!
|
9
|
+
raise ActiveEntry::AuthenticationNotPerformedError unless @_authentication_done == true
|
10
|
+
end
|
11
|
+
|
7
12
|
# Authenticates the user
|
8
13
|
def authenticate!
|
9
14
|
general_decision_maker_method_name = :authenticated?
|
@@ -20,7 +25,7 @@ module ActiveEntry
|
|
20
25
|
#
|
21
26
|
# This ensures that you actually do authentication in your controller.
|
22
27
|
if !scoped_decision_maker_defined && !general_decision_maker_defined
|
23
|
-
raise ActiveEntry::
|
28
|
+
raise ActiveEntry::AuthenticationDecisionMakerMissingError
|
24
29
|
end
|
25
30
|
|
26
31
|
error = {}
|
@@ -37,6 +42,15 @@ module ActiveEntry
|
|
37
42
|
# Use the .rescue_from method from ActionController::Base
|
38
43
|
# to catch the exception and show the user a proper error message.
|
39
44
|
raise ActiveEntry::NotAuthenticatedError.new(error) unless is_authenticated == true
|
45
|
+
|
46
|
+
# Tell #verify_authentication! that authentication
|
47
|
+
# has been performed.
|
48
|
+
@_authentication_done = true
|
49
|
+
end
|
50
|
+
|
51
|
+
# Verifies that #authorize! has been called in the controller.
|
52
|
+
def verify_authorization!
|
53
|
+
raise ActiveEntry::AuthorizationNotPerformedError unless @_authorization_done == true
|
40
54
|
end
|
41
55
|
|
42
56
|
# Authorizes the user.
|
@@ -55,7 +69,7 @@ module ActiveEntry
|
|
55
69
|
#
|
56
70
|
# This ensures that you actually do authorization in your controller.
|
57
71
|
if !scoped_decision_maker_defined && !general_decision_maker_defined
|
58
|
-
raise ActiveEntry::
|
72
|
+
raise ActiveEntry::AuthorizationDecisionMakerMissingError
|
59
73
|
end
|
60
74
|
|
61
75
|
error = {}
|
@@ -72,5 +86,9 @@ module ActiveEntry
|
|
72
86
|
# Use the .rescue_from method from ActionController::Base
|
73
87
|
# to catch the exception and show the user a proper error message.
|
74
88
|
raise ActiveEntry::NotAuthorizedError.new(error) unless is_authorized == true
|
89
|
+
|
90
|
+
# Tell #verify_authorization! that authorization
|
91
|
+
# has been performed.
|
92
|
+
@_authorization_done = true
|
75
93
|
end
|
76
94
|
end
|
data/lib/active_entry/errors.rb
CHANGED
@@ -11,11 +11,19 @@ module ActiveEntry
|
|
11
11
|
# Error for controllers in which authorization isn't handled.
|
12
12
|
#
|
13
13
|
# @raise [AuthorizationNotPerformedError]
|
14
|
-
# if
|
14
|
+
# if authorize! is not called
|
15
15
|
# in the controller class.
|
16
16
|
class AuthorizationNotPerformedError < AuthorizationError
|
17
17
|
end
|
18
18
|
|
19
|
+
# Error for controllers in which authorization decision maker is missing.
|
20
|
+
#
|
21
|
+
# @raise [AuthorizationDecisionMakerMissingError]
|
22
|
+
# if the #authorized? method isn't defined
|
23
|
+
# in the controller class.
|
24
|
+
class AuthorizationDecisionMakerMissingError < AuthorizationError
|
25
|
+
end
|
26
|
+
|
19
27
|
# Error if user unauthorized.
|
20
28
|
#
|
21
29
|
# @raise [NotAuthorizedError]
|
@@ -43,11 +51,19 @@ module ActiveEntry
|
|
43
51
|
# Error for controllers in which authentication isn't handled.
|
44
52
|
#
|
45
53
|
# @raise [AuthenticationNotPerformedError]
|
46
|
-
# if
|
54
|
+
# if authenticate! is not called
|
47
55
|
# in the controller class.
|
48
56
|
class AuthenticationNotPerformedError < AuthenticationError
|
49
57
|
end
|
50
58
|
|
59
|
+
# Error for controllers in which authentication decision maker is missing.
|
60
|
+
#
|
61
|
+
# @raise [AuthenticationDecisionMakerMissingError]
|
62
|
+
# if the #authenticated? method isn't defined
|
63
|
+
# in the controller class.
|
64
|
+
class AuthenticationDecisionMakerMissingError < AuthenticationError
|
65
|
+
end
|
66
|
+
|
51
67
|
# Error if user not authenticated
|
52
68
|
#
|
53
69
|
# @raise [NotAuthenticatedError]
|
data/lib/active_entry/version.rb
CHANGED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: active_entry
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.2.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- TFM Agency GmbH
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2021-03-
|
12
|
+
date: 2021-03-04 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: rails
|