aikotoba 0.1.0

data/app/models/aikotoba/account.rb

@@ -0,0 +1,120 @@
+# frozen_string_literal: true
+
+module Aikotoba
+  class Account < ApplicationRecord
+    include EnabledFeatureCheckable
+    # NOTE: (RFC5321) Path: The maximum total length of a reverse-path or forward-path is 256 octets.
+    # https://datatracker.ietf.org/doc/html/rfc5321#section-4.5.3.1.3
+    EMAIL_MAXIMUM_LENGTH = 256
+    EMAIL_REGEXP = Aikotoba.email_format
+
+    belongs_to :authenticate_target, polymorphic: true, optional: true
+
+    attribute :max_failed_attempts, :integer, default: -> { Aikotoba.max_failed_attempts }
+
+    validates :email, presence: true, uniqueness: true, format: EMAIL_REGEXP, length: {maximum: EMAIL_MAXIMUM_LENGTH}
+    validates :password, presence: true, length: {in: Value::Password::LENGTH_RENGE}, on: [:create, :recover]
+    validates :password_digest, presence: true
+    validates :confirmed, inclusion: [true, false]
+    validates :failed_attempts, presence: true, numericality: {only_integer: true, greater_than_or_equal_to: 0}
+    validates :max_failed_attempts, numericality: {only_integer: true, greater_than: 0}
+    validates :locked, inclusion: [true, false]
+
+    after_initialize do
+      if authenticate_target
+        target_type_name = authenticate_target_type.gsub("::", "").underscore
+        define_singleton_method(target_type_name) { authenticate_target }
+      end
+    end
+
+    attr_reader :password
+
+    def password=(value)
+      new_password = Value::Password.new(value: value)
+      @password = new_password.value
+      assign_attributes(password_digest: new_password.digest)
+    end
+
+    concerning :Authenticatable do
+      included do
+        scope :authenticatable, -> {
+          result = all
+          result = result.confirmed if confirmable?
+          result = result.unlocked if lockable?
+          result
+        }
+      end
+
+      class_methods do
+        def authenticate_by(attributes:)
+          email, password = attributes.values_at(:email, :password)
+          Service::Authentication.call!(email: email, password: password)
+        end
+      end
+
+      def password_match?(password)
+        Value::Password.new(value: password).match?(digest: password_digest)
+      end
+
+      def authentication_failed!
+        increment!(:failed_attempts)
+      end
+
+      def authentication_success!
+        update!(failed_attempts: 0)
+      end
+    end
+
+    concerning :Registrable do
+      class_methods do
+        def build_by(attributes:)
+          email, password = attributes.values_at(:email, :password)
+          new(email: email).tap { |account| account.password = password }
+        end
+      end
+    end
+
+    concerning :Confirmable do
+      included do
+        has_one :confirmation_token, dependent: :destroy, foreign_key: "aikotoba_account_id"
+        scope :confirmed, -> { where(confirmed: true) }
+        scope :unconfirmed, -> { where(confirmed: false) }
+      end
+
+      def confirm!
+        update!(confirmed: true)
+      end
+    end
+
+    concerning :Lockable do
+      included do
+        has_one :unlock_token, dependent: :destroy, foreign_key: "aikotoba_account_id"
+        scope :locked, -> { where(locked: true) }
+        scope :unlocked, -> { where(locked: false) }
+      end
+
+      def should_lock?
+        failed_attempts > max_failed_attempts
+      end
+
+      def lock!
+        update!(locked: true)
+      end
+
+      def unlock!
+        update!(locked: false, failed_attempts: 0)
+      end
+    end
+
+    concerning :Recoverable do
+      included do
+        has_one :recovery_token, dependent: :destroy, foreign_key: "aikotoba_account_id"
+      end
+
+      def recover!(new_password:)
+        self.password = new_password
+        save!(context: :recover)
+      end
+    end
+  end
+end

data/app/models/concerns/aikotoba/enabled_feature_checkable.rb

@@ -0,0 +1,41 @@
+# frozen_string_literal: true
+
+module Aikotoba
+  module EnabledFeatureCheckable
+    extend ActiveSupport::Concern
+
+    module ClassMethods
+      def registerable?
+        Aikotoba.registerable
+      end
+
+      def lockable?
+        Aikotoba.lockable
+      end
+
+      def confirmable?
+        Aikotoba.confirmable
+      end
+
+      def recoverable?
+        Aikotoba.recoverable
+      end
+    end
+
+    def registerable?
+      self.class.registerable?
+    end
+
+    def lockable?
+      self.class.lockable?
+    end
+
+    def confirmable?
+      self.class.confirmable?
+    end
+
+    def recoverable?
+      self.class.recoverable?
+    end
+  end
+end

data/app/models/concerns/aikotoba/token_encryptable.rb

@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+module Aikotoba
+  module TokenEncryptable
+    extend ActiveSupport::Concern
+
+    included do
+      if enabled_aikotoba_enctypted_token?
+        if available_active_record_encryption?
+          encrypts :token, deterministic: true
+        else
+          raise Errors::NotAvailableException, "You need to be able to encrypt the token using Active Record Encryption."
+        end
+      end
+    end
+
+    module ClassMethods
+      def enabled_aikotoba_enctypted_token?
+        Aikotoba.encypted_token
+      end
+
+      def available_active_record_encryption?
+        ActiveRecord::VERSION::MAJOR >= 7
+      end
+    end
+  end
+end

data/app/views/aikotoba/account_mailer/confirm.html.erb

@@ -0,0 +1,3 @@
+Confirm url: <%= @confirm_url %>
+<br>
+The url expires at <%= I18n.l(@token.expired_at, format: :long) %>

data/app/views/aikotoba/account_mailer/recover.html.erb

@@ -0,0 +1,3 @@
+Password reset url: <%= @recover_url %>
+<br>
+The url expires at <%= I18n.l(@token.expired_at, format: :long) %>

data/app/views/aikotoba/account_mailer/unlock.html.erb

@@ -0,0 +1,3 @@
+Unlock url: <%= @unlock_url %>
+<br>
+The url expires at <%= I18n.l(@token.expired_at, format: :long) %>

data/app/views/aikotoba/accounts/new.html.erb

@@ -0,0 +1,19 @@
+<div class="aikotoba-accounts-new">
+  <%= render "aikotoba/common/message" %>
+  <h1><%= I18n.t(".aikotoba.accounts.new") %></h1>
+  <%= form_with model: @account, method: :post, url: aikotoba.create_account_path do |f| %>
+    <%= render "aikotoba/common/errors", resource: @account %>
+    <p>
+      <%= f.label :email %>
+      <%= f.email_field :email, required: true %>
+    </p>
+    <p>
+      <%= f.label :password %>
+      <%= f.password_field :password, required: true  %>
+    </p>
+    <%= f.submit I18n.t(".aikotoba.accounts.new") %>
+  <% end %>
+  <p>
+    <%= link_to I18n.t(".aikotoba.sessions.new"), aikotoba.new_session_path %>
+  </p>
+</div>

data/app/views/aikotoba/common/_errors.html.erb

@@ -0,0 +1,9 @@
+<% if resource.errors.any? %>
+  <div class="errors">
+    <ul>
+      <% resource.errors.full_messages.each do |message| %>
+        <li><%= message %></li>
+      <% end %>
+    </ul>
+  <div>
+<% end %>

data/app/views/aikotoba/common/_message.html.erb

@@ -0,0 +1,8 @@
+<div class="message">
+  <% if notice %>
+    <p><%= notice %></p>
+  <% end %>
+  <% if alert %>
+    <p><%= alert %></p>
+  <% end %>
+</div>

data/app/views/aikotoba/confirms/new.html.erb

@@ -0,0 +1,14 @@
+<div class="aikotoba-confirmation-new">
+  <%= render "aikotoba/common/message" %>
+  <h1><%= I18n.t(".aikotoba.confirms.new") %></h1>
+  <%= form_with model: @account, method: :post, url: aikotoba.create_confirmation_token_path do |f| %>
+    <p>
+      <%= f.label :email %>
+      <%= f.email_field :email, required: true %>
+    </p>
+    <%= f.submit I18n.t(".aikotoba.confirms.new") %>
+  <% end %>
+  <p>
+    <%= link_to I18n.t(".aikotoba.sessions.new"), aikotoba.new_session_path %>
+  </p>
+</div>

data/app/views/aikotoba/recoveries/edit.html.erb

@@ -0,0 +1,15 @@
+<div class="aikotoba-recoveries-edit">
+  <%= render "aikotoba/common/message" %>
+  <h1><%= I18n.t(".aikotoba.recoveries.edit") %></h1>
+  <%= form_with model: @account, method: :patch, url: aikotoba.update_account_password_path(token: @account.recovery_token.token) do |f| %>
+    <%= render "aikotoba/common/errors", resource: @account %>
+    <p>
+      <%= f.label :password %>
+      <%= f.password_field :password, required: true  %>
+    </p>
+    <%= f.submit I18n.t(".aikotoba.recoveries.edit") %>
+  <% end %>
+  <p>
+    <%= link_to I18n.t(".aikotoba.sessions.new"), aikotoba.new_session_path %>
+  </p>
+</div>

data/app/views/aikotoba/recoveries/new.html.erb

@@ -0,0 +1,14 @@
+<div class="aikotoba-recoveries-new">
+  <%= render "aikotoba/common/message" %>
+  <h1><%= I18n.t(".aikotoba.recoveries.new") %></h1>
+  <%= form_with model: @account, method: :post, url: aikotoba.create_recovery_token_path do |f| %>
+    <p>
+      <%= f.label :email %>
+      <%= f.email_field :email, required: true %>
+    </p>
+    <%= f.submit I18n.t(".aikotoba.recoveries.new") %>
+  <% end %>
+  <p>
+    <%= link_to I18n.t(".aikotoba.sessions.new"), aikotoba.new_session_path %>
+  </p>
+</div>

data/app/views/aikotoba/sessions/_links.html.erb

@@ -0,0 +1,20 @@
+<% if registerable? %>
+  <p>
+    <%= link_to I18n.t(".aikotoba.accounts.new"), aikotoba.new_account_path %>
+  </p>
+<% end %>
+<% if confirmable? %>
+  <p>
+    <%= link_to I18n.t(".aikotoba.confirms.new"), aikotoba.new_confirmation_token_path %>
+  </p>
+<% end %>
+<% if lockable? %>
+  <p>
+    <%= link_to I18n.t(".aikotoba.unlocks.new"), aikotoba.new_unlock_token_path %>
+  </p>
+<% end %>
+<% if recoverable? %>
+  <p>
+    <%= link_to I18n.t(".aikotoba.recoveries.new"), aikotoba.new_recovery_token_path %>
+  </p>
+<% end %>

data/app/views/aikotoba/sessions/new.html.erb

@@ -0,0 +1,16 @@
+<div class="aikotoba-sessions-new">
+  <%= render "aikotoba/common/message" %>
+  <h1><%= I18n.t(".aikotoba.sessions.new") %></h1>
+  <%= form_with model: @account, method: :post, url: aikotoba.new_session_path do |f| %>
+    <p>
+      <%= f.label :email %>
+      <%= f.email_field :email, required: true %>
+    </p>
+    <p>
+      <%= f.label :password %>
+      <%= f.password_field :password, required: true  %>
+    </p>
+    <%= f.submit I18n.t(".aikotoba.sessions.new") %>
+  <% end %>
+  <%= render 'links' %>
+</div>

data/app/views/aikotoba/unlocks/new.html.erb

@@ -0,0 +1,21 @@
+<div class="aikotoba-unlock-new">
+  <div class="message">
+    <% if notice %>
+      <p><%= notice %></p>
+    <% end %>
+    <% if alert %>
+      <p><%= alert %></p>
+    <% end %>
+  </div>
+  <h1><%= I18n.t(".aikotoba.unlocks.new") %></h1>
+  <%= form_with model: @account, method: :post, url: aikotoba.create_unlock_token_path do |f| %>
+    <p>
+      <%= f.label :email %>
+      <%= f.email_field :email, required: true %>
+    </p>
+    <%= f.submit I18n.t(".aikotoba.unlocks.new") %>
+  <% end %>
+  <p>
+    <%= link_to I18n.t(".aikotoba.sessions.new"), aikotoba.new_session_path %>
+  </p>
+</div>

data/app/views/layouts/aikotoba/application.html.erb

@@ -0,0 +1,11 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>Aikotoba</title>
+  <%= csrf_meta_tags %>
+  <%= csp_meta_tag %>
+</head>
+<body>
+  <%= yield %>
+</body>
+</html>

data/app/views/layouts/aikotoba/mailer.html.erb

@@ -0,0 +1,13 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+    <style>
+      /* Email styles need to be inline */
+    </style>
+  </head>
+
+  <body>
+    <%= yield %>
+  </body>
+</html>

data/app/views/layouts/aikotoba/mailer.text.erb

@@ -0,0 +1 @@
+<%= yield %>

data/config/locales/en.yml

@@ -0,0 +1,49 @@
+en:
+  activerecord:
+    attributes:
+      aikotoba/account:
+        email: Email
+        password: Password
+    models:
+      aikotoba/account: Account
+  aikotoba:
+    sessions:
+      new: Sign in
+    accounts:
+      new: Sign up
+    confirms:
+      new: Send confirm token
+    unlocks:
+      new: Send unlock token
+    recoveries:
+      new: Send password reset token
+      edit: Password reset
+    mailers:
+      confirm:
+        subject: "Confirmation instructions"
+      unlock:
+        subject: "Unlock instructions"
+      recover:
+        subject: "Password reset instructions"
+
+    messages:
+      authentication:
+        success: Signed in successfully.
+        failed: Oops. Signed in failed.
+        sign_out: Signed out.
+      registration:
+        success: Signed up successfully.
+        failed: Oops. Signed up failed.
+      confirmation:
+        sent: Confirm url has been sent to your email address.
+        success: Confirmed you email successfully.
+        failed: Oops. Confirm url sent failed.
+      unlocking:
+        sent: Unlock url has been sent to your email address.
+        success: Unlocked you account successfully.
+        failed: Oops. Unlock url sent failed.
+      recovery:
+        sent: Password reset url has been sent to your email address.
+        sent_failed: Oops. Password reset url sent failed.
+        success: Password reset you account successfully.
+        failed: Oops. Password reset failed.

data/config/routes.rb

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+require "aikotoba/constraints/registerable_constraint"
+require "aikotoba/constraints/confirmable_constraint"
+require "aikotoba/constraints/lockable_constraint"
+require "aikotoba/constraints/recoverable_constraint"
+
+Aikotoba::Engine.routes.draw do
+  get(Aikotoba.sign_in_path, to: "sessions#new", as: :new_session)
+  post(Aikotoba.sign_in_path, to: "sessions#create", as: :create_session)
+  delete(Aikotoba.sign_out_path, to: "sessions#destroy", as: :destroy_session)
+  constraints(Aikotoba::RegisterableConstraint) do
+    get(Aikotoba.sign_up_path, to: "accounts#new", as: :new_account)
+    post(Aikotoba.sign_up_path, to: "accounts#create", as: :create_account)
+  end
+  constraints(Aikotoba::ConfirmableConstraint) do
+    get(Aikotoba.confirm_path, to: "confirms#new", as: :new_confirmation_token)
+    post(Aikotoba.confirm_path, to: "confirms#create", as: :create_confirmation_token)
+    get(File.join(Aikotoba.confirm_path, ":token"), to: "confirms#update", as: :confirm_account)
+  end
+  constraints(Aikotoba::LockableConstraint) do
+    get(Aikotoba.unlock_path, to: "unlocks#new", as: :new_unlock_token)
+    post(Aikotoba.unlock_path, to: "unlocks#create", as: :create_unlock_token)
+    get(File.join(Aikotoba.unlock_path, ":token"), to: "unlocks#update", as: :unlock_account)
+  end
+  constraints(Aikotoba::RecoverableConstraint) do
+    get(Aikotoba.recover_path, to: "recoveries#new", as: :new_recovery_token)
+    post(Aikotoba.recover_path, to: "recoveries#create", as: :create_recovery_token)
+    get(File.join(Aikotoba.recover_path, ":token"), to: "recoveries#edit", as: :edit_account_password)
+    patch(File.join(Aikotoba.recover_path, ":token"), to: "recoveries#update", as: :update_account_password)
+  end
+end

data/db/migrate/20211204121532_create_aikotoba_accounts.rb

@@ -0,0 +1,50 @@
+class CreateAikotobaAccounts < ActiveRecord::Migration[6.1]
+  def change
+    create_table :aikotoba_accounts do |t|
+      t.belongs_to :authenticate_target, polymorphic: true, index: {unique: true}
+      t.string :email, null: false, index: {unique: true}
+      t.string :password_digest, null: false
+      t.boolean :confirmed, null: false, default: false
+      t.integer :failed_attempts, null: false, default: 0
+      t.boolean :locked, null: false, default: false
+
+      t.timestamps
+    end
+
+    create_table :aikotoba_account_confirmation_tokens do |t|
+      t.belongs_to(
+        :aikotoba_account,
+        foreign_key: true, null: false,
+        index: {unique: true, name: "index_account_confirmation_tokens_on_account_id"}
+      )
+      t.string :token, null: false, index: {unique: true}
+      t.datetime :expired_at, null: false
+
+      t.timestamps
+    end
+
+    create_table :aikotoba_account_unlock_tokens do |t|
+      t.belongs_to(
+        :aikotoba_account,
+        null: false, foreign_key: true,
+        index: {unique: true, name: "index_account_unlock_tokens_on_account_id"}
+      )
+      t.string :token, null: false, index: {unique: true}
+      t.datetime :expired_at, null: false
+
+      t.timestamps
+    end
+
+    create_table :aikotoba_account_recovery_tokens do |t|
+      t.belongs_to(
+        :aikotoba_account,
+        null: false, foreign_key: true,
+        index: {unique: true, name: "index_account_recovery_tokens_on_account_id"}
+      )
+      t.string :token, null: false, index: {unique: true}
+      t.datetime :expired_at, null: false
+
+      t.timestamps
+    end
+  end
+end

data/lib/aikotoba/constraints/confirmable_constraint.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+class Aikotoba::ConfirmableConstraint
+  def self.matches?(_request)
+    Aikotoba.confirmable
+  end
+end

data/lib/aikotoba/constraints/lockable_constraint.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+class Aikotoba::LockableConstraint
+  def self.matches?(_request)
+    Aikotoba.lockable
+  end
+end

data/lib/aikotoba/constraints/recoverable_constraint.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+class Aikotoba::RecoverableConstraint
+  def self.matches?(_request)
+    Aikotoba.recoverable
+  end
+end

data/lib/aikotoba/constraints/registerable_constraint.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+class Aikotoba::RegisterableConstraint
+  def self.matches?(_request)
+    Aikotoba.registerable
+  end
+end

data/lib/aikotoba/engine.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+module Aikotoba
+  class Engine < ::Rails::Engine
+    isolate_namespace Aikotoba
+  end
+end

data/lib/aikotoba/errors.rb

@@ -0,0 +1,7 @@
+module Aikotoba
+  module Errors
+    class Base < StandardError; end
+
+    class NotAvailableException < Base; end
+  end
+end

data/lib/aikotoba/test/authentication_helper.rb

@@ -0,0 +1,48 @@
+# frozen_string_literal: true
+
+module Aikotoba
+  module Test
+    module AuthenticationHelper
+      module Request
+        def aikotoba_sign_out
+          delete aikotoba.destroy_session_path
+          follow_redirect!
+        end
+
+        def aikotoba_sign_in(account)
+          post aikotoba.new_session_path, params: {account: {email: account.email, password: account.password}}
+          follow_redirect!
+        end
+      end
+
+      module System
+        def aikotoba_sign_out
+          if page.driver.is_a?(Capybara::RackTest::Driver)
+            disable_forgery_protection { page.driver.send(:delete, aikotoba.destroy_session_path) }
+          else
+            raise NotImplementedError, "Sorry. Only RackTest::Driver is supported as a test helper for Aikotoba's authentication."
+          end
+        end
+
+        def aikotoba_sign_in(account)
+          if page.driver.is_a?(Capybara::RackTest::Driver)
+            disable_forgery_protection do
+              page.driver.send(:post, aikotoba.new_session_path, account: {email: account.email, password: account.password})
+            end
+          else
+            raise NotImplementedError, "Sorry. Only RackTest::Driver is supported as a test helper for Aikotoba's authentication."
+          end
+        end
+
+        private
+
+        def disable_forgery_protection
+          csrf_protection = ActionController::Base.allow_forgery_protection
+          ActionController::Base.allow_forgery_protection = false
+          yield
+          ActionController::Base.allow_forgery_protection = csrf_protection
+        end
+      end
+    end
+  end
+end

data/lib/aikotoba/version.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module Aikotoba
+  VERSION = "0.1.0"
+end

data/lib/aikotoba.rb

@@ -0,0 +1,45 @@
+# frozen_string_literal: true
+
+require "aikotoba/version"
+require "aikotoba/engine"
+require "aikotoba/errors"
+
+module Aikotoba
+  mattr_accessor(:parent_controller) { "ApplicationController" }
+  mattr_accessor(:parent_mailer) { "ActionMailer::Base" }
+  mattr_accessor(:mailer_sender) { "from@example.com" }
+  mattr_accessor(:email_format) { /\A[^\s]+@[^\s]+\z/ }
+  mattr_accessor(:password_pepper) { "aikotoba-default-pepper" }
+  mattr_accessor(:password_length_range) { 8..100 }
+  mattr_accessor(:session_key) { "aikotoba-account-id" }
+  mattr_accessor(:sign_in_path) { "/sign_in" }
+  mattr_accessor(:sign_out_path) { "/sign_out" }
+  mattr_accessor(:after_sign_in_path) { "/" }
+  mattr_accessor(:after_sign_out_path) { "/sign_in" }
+
+  # for encrypt token
+  mattr_accessor(:encypted_token) { false }
+
+  # for registerable
+  mattr_accessor(:registerable) { true }
+  mattr_accessor(:sign_up_path) { "/sign_up" }
+
+  # for confirmable
+  mattr_accessor(:confirmable) { false }
+  mattr_accessor(:confirm_path) { "/confirm" }
+  mattr_accessor(:confirmation_token_expiry) { 1.day }
+
+  # for lockable
+  mattr_accessor(:lockable) { false }
+  mattr_accessor(:unlock_path) { "/unlock" }
+  mattr_accessor(:max_failed_attempts) { 10 }
+  mattr_accessor(:unlock_token_expiry) { 1.day }
+
+  # for recoverable
+  mattr_accessor(:recoverable) { false }
+  mattr_accessor(:recover_path) { "/recover" }
+  mattr_accessor(:recovery_token_expiry) { 4.hours }
+
+  # for security
+  mattr_accessor(:prevent_timing_atack) { true }
+end