active_model-password_reset 1.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.gitignore +17 -0
- data/Gemfile +3 -0
- data/LICENSE.txt +22 -0
- data/README.md +88 -0
- data/Rakefile +10 -0
- data/active_model-password_reset.gemspec +25 -0
- data/lib/active_model/password_reset.rb +49 -0
- data/lib/active_model/password_reset/error.rb +9 -0
- data/lib/active_model/password_reset/message_verifier.rb +29 -0
- data/lib/active_model/password_reset/version.rb +5 -0
- data/test/password_reset_test.rb +69 -0
- data/test/test_helper.rb +9 -0
- metadata +100 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: af0f8e094ac95633ffa336d7aa15341262c1f38b
|
4
|
+
data.tar.gz: ce44163e6df01e2e6b6cffb82cddc911a47ef503
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: dcd9e401896b3f804773aea3cfefb6e3466469b756180f4b6cd493fd67788666cdf914c50459f1069531a475ed5d25fe2eca275d5b1953ed62c649151125bc3f
|
7
|
+
data.tar.gz: 6cb84665fbe2e7e409117e6c72d67b71fab6e22f5d8d69ab096596f80883d550d4478b6aa28990a1425cdcaaa3d9a6cbe160a743e568771bb5341497945b0223
|
data/.gitignore
ADDED
data/Gemfile
ADDED
data/LICENSE.txt
ADDED
@@ -0,0 +1,22 @@
|
|
1
|
+
Copyright (c) 2014 Kuba Kuźma
|
2
|
+
|
3
|
+
MIT License
|
4
|
+
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining
|
6
|
+
a copy of this software and associated documentation files (the
|
7
|
+
"Software"), to deal in the Software without restriction, including
|
8
|
+
without limitation the rights to use, copy, modify, merge, publish,
|
9
|
+
distribute, sublicense, and/or sell copies of the Software, and to
|
10
|
+
permit persons to whom the Software is furnished to do so, subject to
|
11
|
+
the following conditions:
|
12
|
+
|
13
|
+
The above copyright notice and this permission notice shall be
|
14
|
+
included in all copies or substantial portions of the Software.
|
15
|
+
|
16
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
17
|
+
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
18
|
+
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
19
|
+
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
20
|
+
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
21
|
+
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
22
|
+
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
data/README.md
ADDED
@@ -0,0 +1,88 @@
|
|
1
|
+
# ActiveModel::PasswordReset
|
2
|
+
|
3
|
+
`ActiveModel::PasswordReset` is a lightweight password reset model implemented on top of `ActiveModel::Model`. It does not require storing any additional information in the database. Resulting token is signed by `ActiveSupport::MessageVerifier` class, using `secret_key_base` and salt. Token is invalidated when:
|
4
|
+
|
5
|
+
* user changed password
|
6
|
+
* expiration time passed (default: 24 hours)
|
7
|
+
|
8
|
+
## Installation
|
9
|
+
|
10
|
+
Add this line to your application's Gemfile:
|
11
|
+
|
12
|
+
gem "active_model-password_reset"
|
13
|
+
|
14
|
+
And then execute:
|
15
|
+
|
16
|
+
$ bundle
|
17
|
+
|
18
|
+
Or install it yourself as:
|
19
|
+
|
20
|
+
$ gem install active_model-password_reset
|
21
|
+
|
22
|
+
## Usage
|
23
|
+
|
24
|
+
The most popular workflow is:
|
25
|
+
|
26
|
+
class PasswordResetsController < ApplicationController
|
27
|
+
def new
|
28
|
+
@password_reset = ActiveModel::PasswordReset.new
|
29
|
+
end
|
30
|
+
|
31
|
+
def create
|
32
|
+
@password_reset = ActiveModel::PasswordReset.new(password_reset_params)
|
33
|
+
if @password_reset.valid?
|
34
|
+
UserMailer.reset_password(password_reset.email, password_reset.token).deliver
|
35
|
+
redirect_to root_url, notice: "You will receive an email with instructions."
|
36
|
+
else
|
37
|
+
render :new
|
38
|
+
end
|
39
|
+
end
|
40
|
+
|
41
|
+
private
|
42
|
+
|
43
|
+
def password_reset_params
|
44
|
+
params.require(:password_reset).permit(:email)
|
45
|
+
end
|
46
|
+
end
|
47
|
+
|
48
|
+
class PasswordsController < ApplicationController
|
49
|
+
def edit
|
50
|
+
# find raises TokenInvalid, TokenExpired, EmailInvalid, PasswordChanged exceptions
|
51
|
+
@password_reset = ActiveModel::PasswordReset.find(params[:id])
|
52
|
+
@user = @password_reset.user
|
53
|
+
rescue ActiveModel::PasswordReset::Error
|
54
|
+
raise ActiveRecord::RecordNotFound # display 404
|
55
|
+
end
|
56
|
+
|
57
|
+
def update
|
58
|
+
@password_reset = ActiveModel::PasswordReset.find(params[:id])
|
59
|
+
@user = @password_reset.user
|
60
|
+
if @user.update(user_params)
|
61
|
+
redirect_to root_url, notice: "Password changed successfully, you can now log in."
|
62
|
+
else
|
63
|
+
render :edit
|
64
|
+
end
|
65
|
+
rescue ActiveModel::PasswordReset::Error
|
66
|
+
raise ActiveRecord::RecordNotFound # display 404
|
67
|
+
end
|
68
|
+
|
69
|
+
private
|
70
|
+
|
71
|
+
def user_params
|
72
|
+
params.require(:user).permit(:password, :password_confirmation)
|
73
|
+
end
|
74
|
+
end
|
75
|
+
|
76
|
+
If you don't like the default behavior, you can always inherit the session model and override some defaults:
|
77
|
+
|
78
|
+
class PasswordReset < ActiveModel::PasswordReset
|
79
|
+
EXPIRATION_TIME = 1.hour
|
80
|
+
|
81
|
+
def user
|
82
|
+
@user = Admin.find_by(email: email)
|
83
|
+
end
|
84
|
+
end
|
85
|
+
|
86
|
+
## Copyright
|
87
|
+
|
88
|
+
Copyright © 2014 Kuba Kuźma. See LICENSE for details.
|
data/Rakefile
ADDED
@@ -0,0 +1,25 @@
|
|
1
|
+
# coding: utf-8
|
2
|
+
lib = File.expand_path('../lib', __FILE__)
|
3
|
+
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
4
|
+
require 'active_model/password_reset/version'
|
5
|
+
|
6
|
+
Gem::Specification.new do |spec|
|
7
|
+
spec.name = "active_model-password_reset"
|
8
|
+
spec.version = ActiveModel::PasswordReset::VERSION
|
9
|
+
spec.authors = ["Kuba Kuźma"]
|
10
|
+
spec.email = ["kuba@jah.pl"]
|
11
|
+
spec.description = %q{Simple password reset model implemented on top of ActiveModel::Model}
|
12
|
+
spec.summary = %q{Simple password reset model implemented on top of ActiveModel::Model}
|
13
|
+
spec.homepage = "https://github.com/cowbell/active_model-password_reset"
|
14
|
+
spec.license = "MIT"
|
15
|
+
|
16
|
+
spec.files = `git ls-files -z`.split("\x0")
|
17
|
+
spec.executables = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
|
18
|
+
spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
|
19
|
+
spec.require_paths = ["lib"]
|
20
|
+
|
21
|
+
spec.add_dependency "activemodel", ">= 4.0.0"
|
22
|
+
|
23
|
+
spec.add_development_dependency "bundler", "~> 1.5"
|
24
|
+
spec.add_development_dependency "rake"
|
25
|
+
end
|
@@ -0,0 +1,49 @@
|
|
1
|
+
require "active_model/password_reset/version"
|
2
|
+
require "active_model/password_reset/error"
|
3
|
+
require "active_model/password_reset/message_verifier"
|
4
|
+
require "active_model"
|
5
|
+
|
6
|
+
module ActiveModel
|
7
|
+
class PasswordReset
|
8
|
+
EXPIRATION_TIME = 60 * 60 * 24 # 24 hours
|
9
|
+
|
10
|
+
include Model
|
11
|
+
|
12
|
+
attr_accessor :email
|
13
|
+
|
14
|
+
validates :email, presence: true
|
15
|
+
validate :existence, if: -> { email.present? }
|
16
|
+
delegate :id, to: :user, prefix: true, allow_nil: true
|
17
|
+
|
18
|
+
def user
|
19
|
+
return @user if defined?(@user)
|
20
|
+
@user = User.find_by(email: email)
|
21
|
+
end
|
22
|
+
|
23
|
+
def token
|
24
|
+
email = user.email
|
25
|
+
digest = Digest::MD5.digest(user.password_digest)
|
26
|
+
expires_at = Time.now.to_i + EXPIRATION_TIME
|
27
|
+
MessageVerifier.generate([email, digest, expires_at])
|
28
|
+
end
|
29
|
+
|
30
|
+
def self.find(token)
|
31
|
+
email, digest, expires_at = MessageVerifier.verify(token)
|
32
|
+
raise TokenExpired if Time.now.to_i > expires_at.to_i
|
33
|
+
new(email: email).tap do |password_reset|
|
34
|
+
raise EmailInvalid if password_reset.invalid?
|
35
|
+
raise PasswordChanged if password_reset.send(:digest) != digest
|
36
|
+
end
|
37
|
+
end
|
38
|
+
|
39
|
+
private
|
40
|
+
|
41
|
+
def digest
|
42
|
+
Digest::MD5.digest(user.password_digest)
|
43
|
+
end
|
44
|
+
|
45
|
+
def existence
|
46
|
+
errors.add(:email, :invalid) if user.blank?
|
47
|
+
end
|
48
|
+
end
|
49
|
+
end
|
@@ -0,0 +1,29 @@
|
|
1
|
+
require "singleton"
|
2
|
+
|
3
|
+
module ActiveModel
|
4
|
+
class PasswordReset
|
5
|
+
class MessageVerifier
|
6
|
+
include Singleton
|
7
|
+
|
8
|
+
attr_reader :message_verifier
|
9
|
+
|
10
|
+
class << self
|
11
|
+
def generate(object)
|
12
|
+
instance.message_verifier.generate(object)
|
13
|
+
end
|
14
|
+
|
15
|
+
def verify(string)
|
16
|
+
instance.message_verifier.verify(string)
|
17
|
+
rescue ActiveSupport::MessageVerifier::InvalidSignature
|
18
|
+
raise TokenInvalid
|
19
|
+
end
|
20
|
+
end
|
21
|
+
|
22
|
+
def initialize
|
23
|
+
key_generator = ActiveSupport::KeyGenerator.new(Rails.application.config.secret_key_base, iterations: 1000)
|
24
|
+
secret = key_generator.generate_key("password reset salt")
|
25
|
+
@message_verifier = ActiveSupport::MessageVerifier.new(secret)
|
26
|
+
end
|
27
|
+
end
|
28
|
+
end
|
29
|
+
end
|
@@ -0,0 +1,69 @@
|
|
1
|
+
require "test_helper"
|
2
|
+
|
3
|
+
class User
|
4
|
+
attr_accessor :id, :password_digest, :email
|
5
|
+
|
6
|
+
RECORDS = {
|
7
|
+
{email: "alice@example.com"} => {id: 1, email: "alice@example.com", password_digest: "alicedigest"}
|
8
|
+
}
|
9
|
+
|
10
|
+
def self.find_by(options)
|
11
|
+
attributes = RECORDS[options]
|
12
|
+
new(attributes) if attributes.present?
|
13
|
+
end
|
14
|
+
|
15
|
+
def initialize(options)
|
16
|
+
self.id = options[:id]
|
17
|
+
self.email = options[:email]
|
18
|
+
self.password_digest = options[:password_digest]
|
19
|
+
end
|
20
|
+
end
|
21
|
+
|
22
|
+
class PasswordResetTest < Test::Unit::TestCase
|
23
|
+
include ActiveModel::Lint::Tests
|
24
|
+
|
25
|
+
def setup
|
26
|
+
@model = @password_reset = ActiveModel::PasswordReset.new
|
27
|
+
end
|
28
|
+
|
29
|
+
def test_basic_workflow
|
30
|
+
@password_reset.email = "alice@example.com"
|
31
|
+
@password_reset.valid?
|
32
|
+
token = @password_reset.token
|
33
|
+
assert token.present?
|
34
|
+
password_reset = ActiveModel::PasswordReset.find(token)
|
35
|
+
assert_equal @password_reset.email, password_reset.email
|
36
|
+
assert password_reset.user.present?
|
37
|
+
end
|
38
|
+
|
39
|
+
def test_is_invalid_with_invalid_email
|
40
|
+
@password_reset.email = "invalid@example.com"
|
41
|
+
assert @password_reset.invalid?
|
42
|
+
assert @password_reset.errors[:email].present?
|
43
|
+
end
|
44
|
+
|
45
|
+
def test_is_invalid_without_email
|
46
|
+
@password_reset.email = nil
|
47
|
+
assert @password_reset.invalid?
|
48
|
+
assert @password_reset.errors[:email].present?
|
49
|
+
end
|
50
|
+
|
51
|
+
def test_find_raises_exception_with_invalid_email
|
52
|
+
token = ActiveModel::PasswordReset::MessageVerifier.generate(["invalid@example.com", Digest::MD5.digest("alicedigest"), Time.now.to_i + 3600])
|
53
|
+
assert_raises(ActiveModel::PasswordReset::EmailInvalid) { ActiveModel::PasswordReset.find(token) }
|
54
|
+
end
|
55
|
+
|
56
|
+
def test_find_raises_exception_with_invalid_token
|
57
|
+
assert_raises(ActiveModel::PasswordReset::TokenInvalid) { ActiveModel::PasswordReset.find("invalidtoken") }
|
58
|
+
end
|
59
|
+
|
60
|
+
def test_find_raises_exception_with_expired_token
|
61
|
+
token = ActiveModel::PasswordReset::MessageVerifier.generate(["alice@example.com", Digest::MD5.digest("alicedigest"), Time.now.to_i - 3600])
|
62
|
+
assert_raises(ActiveModel::PasswordReset::TokenExpired) { ActiveModel::PasswordReset.find(token) }
|
63
|
+
end
|
64
|
+
|
65
|
+
def test_find_raises_exception_with_changed_password
|
66
|
+
token = ActiveModel::PasswordReset::MessageVerifier.generate(["alice@example.com", Digest::MD5.digest("anotheralicedigest"), Time.now.to_i + 3600])
|
67
|
+
assert_raises(ActiveModel::PasswordReset::PasswordChanged) { ActiveModel::PasswordReset.find(token) }
|
68
|
+
end
|
69
|
+
end
|
data/test/test_helper.rb
ADDED
@@ -0,0 +1,9 @@
|
|
1
|
+
require "test/unit"
|
2
|
+
require "active_model/password_reset"
|
3
|
+
require "ostruct"
|
4
|
+
|
5
|
+
class Rails
|
6
|
+
def self.application
|
7
|
+
OpenStruct.new(config: OpenStruct.new(secret_key_base: "12345678901234567890123456789012345678901234567890123456789012345678901234567890"))
|
8
|
+
end
|
9
|
+
end
|
metadata
ADDED
@@ -0,0 +1,100 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: active_model-password_reset
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 1.0.0
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Kuba Kuźma
|
8
|
+
autorequire:
|
9
|
+
bindir: bin
|
10
|
+
cert_chain: []
|
11
|
+
date: 2014-01-30 00:00:00.000000000 Z
|
12
|
+
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: activemodel
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - ">="
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: 4.0.0
|
20
|
+
type: :runtime
|
21
|
+
prerelease: false
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - ">="
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: 4.0.0
|
27
|
+
- !ruby/object:Gem::Dependency
|
28
|
+
name: bundler
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
30
|
+
requirements:
|
31
|
+
- - "~>"
|
32
|
+
- !ruby/object:Gem::Version
|
33
|
+
version: '1.5'
|
34
|
+
type: :development
|
35
|
+
prerelease: false
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
37
|
+
requirements:
|
38
|
+
- - "~>"
|
39
|
+
- !ruby/object:Gem::Version
|
40
|
+
version: '1.5'
|
41
|
+
- !ruby/object:Gem::Dependency
|
42
|
+
name: rake
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
44
|
+
requirements:
|
45
|
+
- - ">="
|
46
|
+
- !ruby/object:Gem::Version
|
47
|
+
version: '0'
|
48
|
+
type: :development
|
49
|
+
prerelease: false
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
51
|
+
requirements:
|
52
|
+
- - ">="
|
53
|
+
- !ruby/object:Gem::Version
|
54
|
+
version: '0'
|
55
|
+
description: Simple password reset model implemented on top of ActiveModel::Model
|
56
|
+
email:
|
57
|
+
- kuba@jah.pl
|
58
|
+
executables: []
|
59
|
+
extensions: []
|
60
|
+
extra_rdoc_files: []
|
61
|
+
files:
|
62
|
+
- ".gitignore"
|
63
|
+
- Gemfile
|
64
|
+
- LICENSE.txt
|
65
|
+
- README.md
|
66
|
+
- Rakefile
|
67
|
+
- active_model-password_reset.gemspec
|
68
|
+
- lib/active_model/password_reset.rb
|
69
|
+
- lib/active_model/password_reset/error.rb
|
70
|
+
- lib/active_model/password_reset/message_verifier.rb
|
71
|
+
- lib/active_model/password_reset/version.rb
|
72
|
+
- test/password_reset_test.rb
|
73
|
+
- test/test_helper.rb
|
74
|
+
homepage: https://github.com/cowbell/active_model-password_reset
|
75
|
+
licenses:
|
76
|
+
- MIT
|
77
|
+
metadata: {}
|
78
|
+
post_install_message:
|
79
|
+
rdoc_options: []
|
80
|
+
require_paths:
|
81
|
+
- lib
|
82
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
83
|
+
requirements:
|
84
|
+
- - ">="
|
85
|
+
- !ruby/object:Gem::Version
|
86
|
+
version: '0'
|
87
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
88
|
+
requirements:
|
89
|
+
- - ">="
|
90
|
+
- !ruby/object:Gem::Version
|
91
|
+
version: '0'
|
92
|
+
requirements: []
|
93
|
+
rubyforge_project:
|
94
|
+
rubygems_version: 2.2.0
|
95
|
+
signing_key:
|
96
|
+
specification_version: 4
|
97
|
+
summary: Simple password reset model implemented on top of ActiveModel::Model
|
98
|
+
test_files:
|
99
|
+
- test/password_reset_test.rb
|
100
|
+
- test/test_helper.rb
|