auth_master 0.0.2 → 0.0.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ac57c91a103b1ea33d4f895eb59938c605e09ec4d0e82668fdce9bfbf48ffdb4
-  data.tar.gz: 2e13917724efec1f13880dbcea2d449cdfece27ce5c5da44dc475af70e00fa6f
+  metadata.gz: c266d6e5222227d0f002f1ed663a9420d599d9f3456d082f3de21473f2c6af25
+  data.tar.gz: 68ef46005182ad74059391ad7df9f869099ae381b5b7913224f6fcdfe17cbcdd
 SHA512:
-  metadata.gz: f75e3ff10432e47d5790167b2a213dc4a458aa93669da69a0491948987d8d2535bed00bc554abb61140923c923986a1a1d730e890a48e4bdf753cf47d9c54727
-  data.tar.gz: 5f1cf4148fb7ea0c831d914d03122bd5b0e879552a529f1b14df80842f914f61c04e83d82b718247858fbc8f390df1a943e00d107e39c6015fcd38ab95733d72
+  metadata.gz: c16626eee3bf0fbbe5b2e6db7beea09a9a27d2785450ef50c4a572bd60b4fd1be9cf313100308b3cd1cc483555fd48fed06e936f4bda5aaf5f1400cf863cc41d
+  data.tar.gz: 735d46ca1a99308be75b5891df5203c9b63c1b8459312d63d5de623b77322204526b49958842f6983ae35744f785a803e9e5cd4b8de40a65f30e2ad459bdf898

data/README.md

@@ -21,8 +21,27 @@ Or install it yourself as:
 $ gem install auth_master
 ```
 
+Install database migrations:
+```bash
+$ bin/rails auth_master:install:migrations
+```
+
+Run migrations:
+```bash
+$ bin/rails db:migrate
+```
+
 ## Contributing
-Contribution directions go here.
+
+Build gem:
+```bash
+$ rake build
+```
+
+Push to RubyGems.org:
+```bash
+$ gem push auth_master-x.y.z.gem
+```
 
 ## License
 The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/app/controllers/auth_master/application_controller.rb

@@ -1,5 +1,9 @@
 module AuthMaster
   class ApplicationController < ActionController::Base
+    # NOTE: Ability to use main app url helpers from main app's layout
+    helper Rails.application.routes.url_helpers
+    helper_method :target_route
+
     def target_scoped_class
       target_scope = config_for(:scope)
       target_scope.present? ? target_accessor.send(target_scope) : target_accessor
@@ -20,12 +24,20 @@ module AuthMaster
       params[:target].to_sym
     end
 
+    def target_param_name
+      params[:target].to_sym
+    end
+
+    def target_route
+      config_for(:route) || :auth_master
+    end
+
     def config_for(name)
       AuthMaster.targets[target_param][name.to_sym]
     end
 
     def check_target_configuration
-      raise ActionController::RoutingError.new("Not Found") if AuthMaster.targets[target_param].blank?
+      raise ActionController::RoutingError.new("Not Found Target Config") if AuthMaster.targets[target_param].blank?
     end
   end
 end

data/app/controllers/auth_master/sessions_controller.rb

@@ -3,14 +3,21 @@ module AuthMaster
     TIMING_ATTACK_INTERVAL = 1
 
     before_action :check_target_configuration
-    around_action :prevent_timing_attack, only: :send_link
+
+    before_action :check_token_presence, only: :link
+    before_action :check_pre_session_id, only: :link
+
+    around_action :prevent_timing_attack, only: :create
 
     # NOTE: Show input email form
     def new
     end
 
-    def send_link
-      AuthMaster::SendLinkOperation.call!(params[:email], target_scoped_class:)
+    def create
+      uuid = Random.uuid
+      session[session_key] = uuid
+
+      AuthMaster::SendLinkOperation.call!(params[:email], target_scoped_class:, uuid:)
       redirect_to auth_master_sent_url(target: target_param)
     end
 
@@ -20,8 +27,23 @@ module AuthMaster
     def link
     end
 
+    def activate
+      uuid = session[session_key]
+      auth_master_session = AuthMaster::CheckLinkOperation.call!(params[:token], uuid:, target_param_name:)
+      (redirect_to(auth_master_denied_path(target: target_param_name)) and return) if auth_master_session.blank?
+
+      session.delete(session_key)
+      session[target_session_key] = auth_master_session.id
+
+      redirect_to("/")
+    end
+
     private
 
+    def session_key
+      [ "auth_master", params[:target].to_s, "id" ].join("_")
+    end
+
     def prevent_timing_attack
       start_time = Time.current
       yield
@@ -36,5 +58,17 @@ module AuthMaster
     def timing_attack_interval
       AuthMaster.timing_attack_interval.presence || TIMING_ATTACK_INTERVAL
     end
+
+    def check_token_presence
+      raise ActionController::RoutingError.new("Not Found Token") if params[:token].blank?
+    end
+
+    def check_pre_session_id
+      raise ActionController::RoutingError.new("Not Found Session") if session[session_key].blank?
+    end
+
+    def target_session_key
+      [ "current", target_param_name, "id" ].join("_")
+    end
   end
 end

data/app/controllers/concerns/auth_master/current_concern.rb

@@ -0,0 +1,22 @@
+module AuthMaster::CurrentConcern
+  extend ActiveSupport::Concern
+
+  # included do
+  #   helper_method :current_auth_master
+  # end
+
+  def current_auth_master(target_param_name)
+    session_accessor_key = [ "current", target_param_name, "id" ].join("_")
+    auth_master_session_id = session[session_accessor_key]
+    return nil if auth_master_session_id.blank?
+
+    auth_master_session = AuthMaster::Session.active.find_by(id: auth_master_session_id)
+    return nil if auth_master_session.blank?
+
+    target = auth_master_session.target
+    return nil if target.blank?
+    # return nil if !target.is_a?(target_class_by_name(target_param_name))
+
+    target
+  end
+end

data/app/lib/auth_master/config.rb

@@ -0,0 +1,42 @@
+module AuthMaster
+  module Config
+    DEFAULT_LOGIN_TIMEOUT_INTERVAL  = 5.minutes
+    DEFAULT_LOGIN_ATTEMPTS_COUNT    = 3
+    DEFAULT_TOKEN_PURPOSE           = :auth_master_email
+
+    def login_timeout_interval_config(target)
+      config_for(target, :login_timeout_interval) || DEFAULT_LOGIN_TIMEOUT_INTERVAL
+    end
+
+    def login_attempts_count_config(target)
+      config_for(target, :login_attempts_count) || DEFAULT_LOGIN_ATTEMPTS_COUNT
+    end
+
+    def token_purpose_config(target)
+      config_for(target, :token_purpose) || DEFAULT_TOKEN_PURPOSE
+    end
+
+    def secret_config(target)
+      config_for(target, :secret)
+    end
+
+    def target_mailer_config(target)
+      config_for(target, :mailer_class).to_s.classify.constantize
+    end
+
+    def target_mailer_login_link_method(target)
+      config_for(target, :mailer_login_link_method)
+    end
+
+    def target_name(target)
+      return target if target.is_a? Symbol
+      return target.to_sym if target.is_a? String
+
+      target.class.to_s.underscore.to_sym
+    end
+
+    def config_for(target, name)
+      AuthMaster.targets[target_name(target)][name.to_sym]
+    end
+  end
+end

data/app/models/auth_master/session.rb

@@ -1,5 +1,7 @@
 module AuthMaster
   class Session < ApplicationRecord
     belongs_to :target, polymorphic: true
+
+    enum :status, [ :inactive, :active ], default: :inactive
   end
 end

data/app/operations/auth_master/abstract_operation.rb

@@ -0,0 +1,7 @@
+require "token_guard"
+
+module AuthMaster
+  class AbstractOperation
+    extend AuthMaster::Config
+  end
+end

data/app/operations/auth_master/check_link_operation.rb

@@ -0,0 +1,21 @@
+module AuthMaster
+  class CheckLinkOperation < AuthMaster::AbstractOperation
+    def self.call!(encrypted_token, uuid:, target_param_name:)
+      purpose = token_purpose_config(target_param_name)
+      secret  = secret_config(target_param_name)
+
+      auth_master_session_id = TokenGuard.decrypt(encrypted_token, purpose:, secret:)
+      return if auth_master_session_id.blank?
+
+      # NOTE: Auth from the same device
+      return if auth_master_session_id != uuid
+
+      auth_master_session = AuthMaster::SessionService.inactive_find(auth_master_session_id)
+      return if auth_master_session.blank?
+
+      AuthMaster::SessionService.activate!(auth_master_session)
+
+      auth_master_session
+    end
+  end
+end

data/app/operations/auth_master/send_link_operation.rb

@@ -1,11 +1,28 @@
 module AuthMaster
-  class SendLinkOperation
-    def self.call!(email, target_scoped_class:)
+  class SendLinkOperation < AuthMaster::AbstractOperation
+    def self.call!(email, target_scoped_class:, uuid:)
       target = target_scoped_class.find_by(email:)
       return if target.blank?
 
-      auth_master_session = AuthMaster::SessionService.create!(target)
-      AuthMaster::SessionService.send_link!(auth_master_session) if auth_master_session.present?
+      auth_master_session = AuthMaster::SessionService.create!(target, uuid:)
+      return if auth_master_session.blank?
+
+      purpose = token_purpose_config(target)
+      secret  = secret_config(target)
+      token = TokenGuard.encrypt(auth_master_session.id, purpose:, secret:)
+
+      mailer = target_mailer_config(target)
+      mailer_action = target_mailer_login_link_method(target)
+
+      url = AuthMaster::Engine.routes.url_helpers.auth_master_link_url(
+        target: target_name(target),
+        token: token,
+        host: Rails.application.config.action_mailer.default_url_options[:host]
+      )
+
+      mailer.with(email: target.email, url:).public_send(mailer_action).deliver_later
+
+      # auth_master_session
     end
   end
 end

data/app/services/auth_master/session_service.rb

@@ -2,21 +2,22 @@ require "token_guard"
 
 module AuthMaster
   class SessionService
-    LOGIN_TIMEOUT_INTERVAL  = 5.minutes
-    LOGIN_ATTEMPTS_COUNT    = 3
+    extend AuthMaster::Config
 
     class << self
-      def create!(target)
+      def create!(target, uuid:)
         return if !allow_creation?(target)
 
-        AuthMaster::Session.create!(target:)
+        AuthMaster::Session.create!(target:, id: uuid)
       end
 
-      def send_link!(auth_master_session)
-        target = auth_master_session.target
+      def inactive_find(id)
+        AuthMaster::Session.inactive.find_by(id:)
+      end
 
-        token = TokenGuard.encrypt(auth_master_session.id, purpose: :email, secret: AuthMaster.targets[target_name(target)][:secret])
-        target_mailer(target).with(email: target.email, token:).send(target_mailer_login_link_method(target)).deliver_later
+      def activate!(auth_master_session)
+        auth_master_session.active!
+        # TODO: Save IP Address, User Agent, etc
       end
 
       private
@@ -26,31 +27,7 @@ module AuthMaster
       end
 
       def allow_creation?(target)
-        count(target, time: login_timeout_interval(target)) < login_attempts_count(target)
-      end
-
-      def login_timeout_interval(target)
-        AuthMaster.targets[target_name(target)][:login_timeout_interval] || LOGIN_TIMEOUT_INTERVAL
-      end
-
-      def login_attempts_count(target)
-        AuthMaster.targets[target_name(target)][:login_attempts_count] || LOGIN_ATTEMPTS_COUNT
-      end
-
-      def target_name(target)
-        target.class.to_s.downcase.to_sym
-      end
-
-      def target_mailer(target)
-        config_for(target, :mailer_class).to_s.classify.constantize
-      end
-
-      def target_mailer_login_link_method(target)
-        config_for(target, :mailer_login_link_method)
-      end
-
-      def config_for(target, name)
-        AuthMaster.targets[target_name(target)][name.to_sym]
+        count(target, time: login_timeout_interval_config(target)) < login_attempts_count_config(target)
       end
     end
   end

data/app/views/auth_master/sessions/link.html.erb

@@ -0,0 +1,6 @@
+<h1>Login:</h1>
+
+<%= form_with url: send(target_route).auth_master_link_path(target: params[:target]), method: :post do |form| %>
+  <%= form.hidden_field :token, value: params[:token] %>
+  <%= form.submit "Login" %>
+<% end %>

data/app/views/auth_master/sessions/new.html.erb

@@ -1 +1,7 @@
-<h1>Sessions#new</h1>
+<h1>Login:</h1>
+
+<%= form_with url: send(target_route).auth_master_login_path(target: params[:target]), method: :post do |form| %>
+  <%= form.label :email, "Email:" %>
+  <%= form.email_field :email %>
+  <%= form.submit "Login" %>
+<% end %>

data/config/routes.rb

@@ -1,11 +1,11 @@
 AuthMaster::Engine.routes.draw do
   get   "/:target/login", to: "sessions#new", as: :auth_master_login
-  post  "/:target/login", to: "sessions#send_link"
+  post  "/:target/login", to: "sessions#create"
 
   get   "/:target/sent",  to: "sessions#sent", as: :auth_master_sent
 
   get   "/:target/link",  to: "sessions#link", as: :auth_master_link
-  post  "/:target/link",  to: "sessions#create"
+  post  "/:target/link",  to: "sessions#activate"
 
   get   "/:target/denied", to: "sessions#denied", as: :auth_master_denied
 end

data/db/migrate/20250313120723_create_auth_master_sessions.rb

@@ -1,7 +1,8 @@
 class CreateAuthMasterSessions < ActiveRecord::Migration[8.0]
   def change
     create_table :auth_master_sessions, id: :uuid do |t|
-      t.references :target, polymorphic: true, null: false, type: :uuid
+      t.references :target, polymorphic: true,  null: false, type: :uuid
+      t.integer :status, limit: 2, null: false
 
       t.timestamps
     end

data/lib/auth_master/version.rb

@@ -1,3 +1,3 @@
 module AuthMaster
-  VERSION = "0.0.2"
+  VERSION = "0.0.4"
 end

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: auth_master
 version: !ruby/object:Gem::Version
-  version: 0.0.2
+  version: 0.0.4
 platform: ruby
 authors:
 - vickodin
 bindir: bin
 cert_chain: []
-date: 2025-03-26 00:00:00.000000000 Z
+date: 2025-03-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -56,12 +56,17 @@ files:
 - app/assets/stylesheets/auth_master/application.css
 - app/controllers/auth_master/application_controller.rb
 - app/controllers/auth_master/sessions_controller.rb
+- app/controllers/concerns/auth_master/current_concern.rb
 - app/helpers/auth_master/application_helper.rb
 - app/helpers/auth_master/sessions_helper.rb
+- app/lib/auth_master/config.rb
 - app/models/auth_master/application_record.rb
 - app/models/auth_master/session.rb
+- app/operations/auth_master/abstract_operation.rb
+- app/operations/auth_master/check_link_operation.rb
 - app/operations/auth_master/send_link_operation.rb
 - app/services/auth_master/session_service.rb
+- app/views/auth_master/sessions/link.html.erb
 - app/views/auth_master/sessions/new.html.erb
 - app/views/auth_master/sessions/sent.html.erb
 - config/routes.rb