active_entry 1.1.0 → 1.2.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +16 -28
- data/lib/active_entry.rb +20 -2
- data/lib/active_entry/errors.rb +18 -2
- data/lib/active_entry/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 8473716d8d36f309773e287f91b9555d9dc166f84580f05998f03d87e3b3f96f
|
|
4
|
+
data.tar.gz: 59cb7db7d902f5507717582381662b6d3fa08114d06e8acb6dbdbb1c7ae3093e
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 92182576896b166ccad824dc857f4b494366b02080bbd6f3de1aeb5c8551b5c659177cce9636e42cdd45c3120daa25ac6bde2a52a94cf456d8721c35c0e6602d
|
|
7
|
+
data.tar.gz: 5db0ea52d9dc59943db877b4dea88b657125e7deb0f457bd252ac897bb7fa5f15bd3b381396fceff1dc8d577826fd6c74fa1ffd4da579b09256e1e7adde67ffc
|
data/README.md
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
[<img src="active_entry_logo.png" alt="Active Entry Logo" width="250px"/>](https://github.com/TFM-Agency/active_entry)
|
|
2
2
|
|
|
3
|
-
# Active Entry - Simple and flexible authentication and authorization
|
|
3
|
+
# Active Entry - Simple and flexible authentication and authorization [](https://github.com/TFM-Agency/active_entry/actions/workflows/ci-rspec.yml)
|
|
4
4
|
|
|
5
5
|
Active Entry is a simple and secure authentication and authorization system for your Rails application, which lets you to authenticate and authorize directly in your controllers.
|
|
6
6
|
|
|
@@ -23,16 +23,29 @@ $ gem install active_entry
|
|
|
23
23
|
|
|
24
24
|
## Usage
|
|
25
25
|
With Active Entry authentication and authorization is done in your Rails controllers. To enable authentication and authorization in one of your controllers, just add a before action for `authenticate!` and `authorize!` and the user has to authenticate and authorize on every call.
|
|
26
|
-
|
|
26
|
+
|
|
27
|
+
### Verify authentication and authorization
|
|
28
|
+
You probably want to control authentication and authorization for every controller action you have in your app. As a safeguard to ensure, that auth is performed in every controller and the call for auth is not forgotten in development, add the `#verify_authentication!` and `#verify_authorization` as after action callbacks to your `ApplicationController`.
|
|
27
29
|
|
|
28
30
|
```ruby
|
|
29
31
|
class ApplicationController < ActionController::Base
|
|
32
|
+
before_action :verify_authentication!, :verify_authorization!
|
|
33
|
+
# ...
|
|
34
|
+
end
|
|
35
|
+
```
|
|
36
|
+
This ensures, that you call `authenticate!` and/or `authorize!` in all your controllers and raises an `ActiveEntry::AuthenticationNotPerformedError` / `ActiveEntry::AuthorizationNotPerformedError` if not.
|
|
37
|
+
|
|
38
|
+
### Perform authentication and authorization
|
|
39
|
+
in order to do the actual authentication and authorization, you have to add `authenticate!` and `authorize!` as before action callback in your controllers.
|
|
40
|
+
|
|
41
|
+
```ruby
|
|
42
|
+
class DashboardController < ApplicationController
|
|
30
43
|
before_action :authenticate!, :authorize!
|
|
31
44
|
# ...
|
|
32
45
|
end
|
|
33
46
|
```
|
|
34
47
|
|
|
35
|
-
If you try to open a page, you will get an `ActiveEntry::
|
|
48
|
+
If you try to open a page, you will get an `ActiveEntry::AuthenticationDecisionMakerMissingError` or `ActiveEntry::AuthorizationDecisionMakerMissingError`. This means that you have to instruct Active Entry when a user is authenticated/authorized and when not.
|
|
36
49
|
You can do this by defining the methods `authenticated?` and `authorized?` in your controller.
|
|
37
50
|
|
|
38
51
|
```ruby
|
|
@@ -194,31 +207,6 @@ class ApplicationController < ActionController::Base
|
|
|
194
207
|
end
|
|
195
208
|
```
|
|
196
209
|
|
|
197
|
-
## Known Issues
|
|
198
|
-
The authentication/authorization is done in a before action. These Rails controller before callbacks are done in defined order. If you set an instance variable which is needed in the `authenticated?` or `authorized?` method, you have to call the before action after the other method again.
|
|
199
|
-
|
|
200
|
-
For example if you set `@user` in your controller in the `set_user` before action and you want to use the variable in `authorized?` action, you have to add the `authenticate!` or `authorize!` method after the `set_user` again, otherwise `@user` won't be available in `authenticate!` or `authorized?` yet.
|
|
201
|
-
|
|
202
|
-
```ruby
|
|
203
|
-
class UsersController < ApplicationController
|
|
204
|
-
before_action :set_user
|
|
205
|
-
before_action :authenticate!, :authorize!
|
|
206
|
-
|
|
207
|
-
def show
|
|
208
|
-
end
|
|
209
|
-
|
|
210
|
-
private
|
|
211
|
-
|
|
212
|
-
def authenticated?
|
|
213
|
-
return true if user_signed_in?
|
|
214
|
-
end
|
|
215
|
-
|
|
216
|
-
def authorized?
|
|
217
|
-
return true if current_user == @user
|
|
218
|
-
end
|
|
219
|
-
end
|
|
220
|
-
```
|
|
221
|
-
|
|
222
210
|
## Contributing
|
|
223
211
|
Create pull requests on Github and help us to improve this Gem. There are some guidelines to follow:
|
|
224
212
|
|
data/lib/active_entry.rb
CHANGED
|
@@ -4,6 +4,11 @@ require "active_entry/controller_methods"
|
|
|
4
4
|
require "active_entry/railtie" if defined? Rails::Railtie
|
|
5
5
|
|
|
6
6
|
module ActiveEntry
|
|
7
|
+
# Verifies that #authenticate! has been called in the controller.
|
|
8
|
+
def verify_authentication!
|
|
9
|
+
raise ActiveEntry::AuthenticationNotPerformedError unless @_authentication_done == true
|
|
10
|
+
end
|
|
11
|
+
|
|
7
12
|
# Authenticates the user
|
|
8
13
|
def authenticate!
|
|
9
14
|
general_decision_maker_method_name = :authenticated?
|
|
@@ -20,7 +25,7 @@ module ActiveEntry
|
|
|
20
25
|
#
|
|
21
26
|
# This ensures that you actually do authentication in your controller.
|
|
22
27
|
if !scoped_decision_maker_defined && !general_decision_maker_defined
|
|
23
|
-
raise ActiveEntry::
|
|
28
|
+
raise ActiveEntry::AuthenticationDecisionMakerMissingError
|
|
24
29
|
end
|
|
25
30
|
|
|
26
31
|
error = {}
|
|
@@ -37,6 +42,15 @@ module ActiveEntry
|
|
|
37
42
|
# Use the .rescue_from method from ActionController::Base
|
|
38
43
|
# to catch the exception and show the user a proper error message.
|
|
39
44
|
raise ActiveEntry::NotAuthenticatedError.new(error) unless is_authenticated == true
|
|
45
|
+
|
|
46
|
+
# Tell #verify_authentication! that authentication
|
|
47
|
+
# has been performed.
|
|
48
|
+
@_authentication_done = true
|
|
49
|
+
end
|
|
50
|
+
|
|
51
|
+
# Verifies that #authorize! has been called in the controller.
|
|
52
|
+
def verify_authorization!
|
|
53
|
+
raise ActiveEntry::AuthorizationNotPerformedError unless @_authorization_done == true
|
|
40
54
|
end
|
|
41
55
|
|
|
42
56
|
# Authorizes the user.
|
|
@@ -55,7 +69,7 @@ module ActiveEntry
|
|
|
55
69
|
#
|
|
56
70
|
# This ensures that you actually do authorization in your controller.
|
|
57
71
|
if !scoped_decision_maker_defined && !general_decision_maker_defined
|
|
58
|
-
raise ActiveEntry::
|
|
72
|
+
raise ActiveEntry::AuthorizationDecisionMakerMissingError
|
|
59
73
|
end
|
|
60
74
|
|
|
61
75
|
error = {}
|
|
@@ -72,5 +86,9 @@ module ActiveEntry
|
|
|
72
86
|
# Use the .rescue_from method from ActionController::Base
|
|
73
87
|
# to catch the exception and show the user a proper error message.
|
|
74
88
|
raise ActiveEntry::NotAuthorizedError.new(error) unless is_authorized == true
|
|
89
|
+
|
|
90
|
+
# Tell #verify_authorization! that authorization
|
|
91
|
+
# has been performed.
|
|
92
|
+
@_authorization_done = true
|
|
75
93
|
end
|
|
76
94
|
end
|
data/lib/active_entry/errors.rb
CHANGED
|
@@ -11,11 +11,19 @@ module ActiveEntry
|
|
|
11
11
|
# Error for controllers in which authorization isn't handled.
|
|
12
12
|
#
|
|
13
13
|
# @raise [AuthorizationNotPerformedError]
|
|
14
|
-
# if
|
|
14
|
+
# if authorize! is not called
|
|
15
15
|
# in the controller class.
|
|
16
16
|
class AuthorizationNotPerformedError < AuthorizationError
|
|
17
17
|
end
|
|
18
18
|
|
|
19
|
+
# Error for controllers in which authorization decision maker is missing.
|
|
20
|
+
#
|
|
21
|
+
# @raise [AuthorizationDecisionMakerMissingError]
|
|
22
|
+
# if the #authorized? method isn't defined
|
|
23
|
+
# in the controller class.
|
|
24
|
+
class AuthorizationDecisionMakerMissingError < AuthorizationError
|
|
25
|
+
end
|
|
26
|
+
|
|
19
27
|
# Error if user unauthorized.
|
|
20
28
|
#
|
|
21
29
|
# @raise [NotAuthorizedError]
|
|
@@ -43,11 +51,19 @@ module ActiveEntry
|
|
|
43
51
|
# Error for controllers in which authentication isn't handled.
|
|
44
52
|
#
|
|
45
53
|
# @raise [AuthenticationNotPerformedError]
|
|
46
|
-
# if
|
|
54
|
+
# if authenticate! is not called
|
|
47
55
|
# in the controller class.
|
|
48
56
|
class AuthenticationNotPerformedError < AuthenticationError
|
|
49
57
|
end
|
|
50
58
|
|
|
59
|
+
# Error for controllers in which authentication decision maker is missing.
|
|
60
|
+
#
|
|
61
|
+
# @raise [AuthenticationDecisionMakerMissingError]
|
|
62
|
+
# if the #authenticated? method isn't defined
|
|
63
|
+
# in the controller class.
|
|
64
|
+
class AuthenticationDecisionMakerMissingError < AuthenticationError
|
|
65
|
+
end
|
|
66
|
+
|
|
51
67
|
# Error if user not authenticated
|
|
52
68
|
#
|
|
53
69
|
# @raise [NotAuthenticatedError]
|
data/lib/active_entry/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: active_entry
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.2.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- TFM Agency GmbH
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2021-03-
|
|
12
|
+
date: 2021-03-04 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: rails
|