RubyGems - authem - Versions diffs - 1.5.0 → 2.0.0 - Mend

authem 1.5.0 → 2.0.0

Files changed (44) hide show

checksums.yaml +4 -4
data/.gitignore +3 -0
data/.rspec +2 -0
data/.ruby-gemset +1 -0
data/.ruby-version +1 -0
data/.travis.yml +6 -0
data/Appraisals +12 -0
data/CHANGELOG.md +42 -0
data/Gemfile +10 -0
data/README.markdown +15 -1
data/Rakefile +11 -5
data/authem.gemspec +25 -0
data/gemfiles/rails_4.0.gemfile +16 -0
data/gemfiles/rails_4.1.gemfile +15 -0
data/lib/authem.rb +4 -10
data/lib/authem/controller.rb +50 -0
data/lib/authem/errors/ambigous_role.rb +8 -0
data/lib/authem/errors/unknown_role.rb +7 -0
data/lib/authem/railtie.rb +12 -0
data/lib/authem/role.rb +62 -0
data/lib/authem/session.rb +41 -0
data/lib/authem/support.rb +129 -0
data/lib/authem/token.rb +5 -5
data/lib/authem/user.rb +27 -13
data/lib/authem/version.rb +1 -1
data/lib/generators/authem/session/session_generator.rb +12 -0
data/lib/generators/authem/session/templates/create_sessions.rb +15 -0
data/lib/generators/authem/user/templates/create_table_migration.rb +22 -0
data/lib/generators/authem/user/templates/model.rb +11 -0
data/lib/generators/authem/user/user_generator.rb +13 -0
data/spec/controller_spec.rb +413 -0
data/spec/session_spec.rb +52 -0
data/spec/spec_helper.rb +4 -0
data/spec/support/active_record.rb +45 -0
data/spec/support/i18n.rb +1 -0
data/spec/support/time.rb +1 -0
data/spec/token_spec.rb +10 -0
data/spec/user_spec.rb +115 -0
metadata +42 -112
data/lib/authem/base_user.rb +0 -54
data/lib/authem/config.rb +0 -21
data/lib/authem/controller_support.rb +0 -51
data/lib/authem/sorcery_user.rb +0 -24
data/lib/generators/authem/model/model_generator.rb +0 -23

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 0a94ea5cf81c75464c3a4c15f8cad8380967c225
-  data.tar.gz: 7506a4ded4f2de14fdbecc411192a1a90fada85d
+  metadata.gz: 67a264031f3e96725f18dc7e77c427ebd4708716
+  data.tar.gz: 09c0291510e6909b13ea9c5a3efa473e3054020b
 SHA512:
-  metadata.gz: 57c5091384d69b193e710fe349d1d35cd18671a58e90ae0055c6cc9a527cca8a0c36495a3ad1baeaa889813a03de67ca338629f131a20fa7c8762c69bf202383
-  data.tar.gz: 45a4f7c51d2518cf67746989e35d9912b70d49cfc47a8832d2266602bc8f7860f52fe8fb189af45b18fca7b90920414b17f043a7f2e94a1675f50b429b2657b4
+  metadata.gz: 771d1413927363e3c2426d0cee8d28fabf08389ce16a4aa6eefd06c6da6499177213f271fbc5ef2c111e48a2433c9695c1747877a6bb1b32e15aca99e4f491b7
+  data.tar.gz: 6e3adc3d207f865439888550c6aeb1d8f84f202e6a2ec31f132a23e4a254a218d5bd905a148309966e6917426cb89544cc4501c0208a81a955ab6ee7c198cf81

data/.gitignore ADDED

@@ -0,0 +1,3 @@
+pkg
+Gemfile.lock
+gemfiles/*.lock

data/.rspec ADDED

	@@ -0,0 +1,2 @@
1	+ --colour
2	+ --format progress

data/.ruby-gemset ADDED

	@@ -0,0 +1 @@
1	+ authem

data/.ruby-version ADDED

	@@ -0,0 +1 @@
1	+ ruby-2.1.2

data/.travis.yml ADDED

@@ -0,0 +1,6 @@
+gemfile:
+  - gemfiles/rails_4.0.gemfile
+  - gemfiles/rails_4.1.gemfile
+rvm:
+  - 2.0.0
+  - 2.1.1

data/Appraisals ADDED

@@ -0,0 +1,12 @@
+appraise "rails-4.1" do
+  gem "activerecord", "~> 4.1.0", require: "active_record"
+  gem "bcrypt", "~> 3.1"
+  gem "railties", "~> 4.0"
+end
+appraise "rails-4.0" do
+  gem "activerecord", "~> 4.0.0", require: "active_record"
+  gem "bcrypt", "~> 3.1"
+  gem "railties", "~> 4.0"
+  gem "protected_attributes"
+end

data/CHANGELOG.md ADDED

@@ -0,0 +1,42 @@
+### 2.0.0 ###
+* Complete rewrite from scratch
+* Store sessions in the database
+* Multiple sessions and models support
+* Drop Sorcery support
+* Initializer is no longer needed
+### 1.4.0 ###
+* Use SecureRandom for token generation
+* Lots of support file cleanup
+* Some code cleanup
+* All of this is thanks to Pavel Pravosud (@rwz). This guy is fantastic.
+### 1.3.3 ###
+* Regenerate session token when user signs out (Issue #21)
+### 1.3.2 ###
+* Prevent duplicate password validations on Authem::User
+### 1.3.1 ###
+* Bump bcrypt dependency for Rails 4.0.1 compatibility
+### 1.3.0 ###
+* Check for presence of password in authenticate
+* Reconstantize user class when requested
+* Add remember token to generated migrations
+* Remove weird commas from generated migrations
+### 1.2.0 ###
+* Use `sign_in?` helper in `require_user` (Issue #13)
+* Update rails dependencies to final release versions
+### 1.1.1 ###
+* Lock down bcrypt version per Rails' requirements

data/Gemfile ADDED

@@ -0,0 +1,10 @@
+source "https://rubygems.org"
+gem "appraisal"
+group :test do
+  gem "rspec", "~> 3.0"
+  gem "rake",  "~> 10.3"
+  gem "sqlite3"
+  gem "pry"
+end

data/README.markdown CHANGED

@@ -6,7 +6,7 @@ Authem is an email-based authentication library for ruby web apps.
 ## Compatibility
-Authem is tested against Ruby 1.9.3, 2.0.0, and Rubinius.
+Authem requires Ruby 2.0.0 or newer
 [![Build Status](https://secure.travis-ci.org/paulelliott/authem.png)](http://travis-ci.org/paulelliott/authem)
 [![Code Climate](https://codeclimate.com/github/paulelliott/authem.png)](https://codeclimate.com/github/paulelliott/authem)
@@ -14,3 +14,17 @@ Authem is tested against Ruby 1.9.3, 2.0.0, and Rubinius.
 ## Documentation
 Please see the Authem website for up-to-date documentation: http://authem.org
+## Upgrading to 2.0
+- Specify the latest alpha release in your Gemfile: `gem 'authem', '2.0.0.alpha.3'`
+- Remove references to the old Authem::Config object.
+- Create the new sessions table with `rails g authem:session`.
+- Replace `include Authem::ControllerSupport` with `authem_for :user`.
+- Rename `signed_in?` to `user_signed_in? OR `alias_method :signed_in?, :user_signed_in?` in your controller.
+- Rename column `User#reset_password_token` to `User#password_reset_token` OR `alias_attribute :password_reset_token, :reset_password_token` in your `User` model.
+- Replace calls to `user#reset_password_token!` with `user#password_reset_token`. Tokens are now generated automatically and the bang method is deprecated.
+- Rename `sign_out` to `sign_out_user` OR `alias_method :sign_out, :sign_out_user`
+- If you were passing a remember flag as the second argument to `sign_in`, you need to provide an options hash instead. For example, `sign_in(user, params[:remember])` would become `sign_in(user, remember: params[:remember])`.
+- Blank email addresses will now produce the proper "can't be blank" validation message". Update your tests accordingly.
+- Email addresses are no longer automatically downcased when calling `find_by_email` on your model. You will need to downcase the value manually if you wish to retain this behavior.

data/Rakefile CHANGED

@@ -1,6 +1,12 @@
-require "rspec/core/rake_task"
-RSpec::Core::RakeTask.new(:spec) do |spec|
-  spec.pattern = "spec/**/*_spec.rb"
-end
+require "bundler/setup"
+require "bundler/gem_tasks"
-task :default => :spec
+if !ENV["APPRAISAL_INITIALIZED"] && !ENV["TRAVIS"]
+  require "appraisal/task"
+  Appraisal::Task.new
+  task default: :appraisal
+else
+  require "rspec/core/rake_task"
+  RSpec::Core::RakeTask.new
+  task default: :spec
+end

data/authem.gemspec ADDED

@@ -0,0 +1,25 @@
+# coding: utf-8
+lib = File.expand_path("../lib", __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'authem/version'
+Gem::Specification.new do |spec|
+  spec.name                  = "authem"
+  spec.version               = Authem::VERSION
+  spec.authors               = ["Paul Elliott", "Pavel Pravosud"]
+  spec.email                 = ["paul@codingfrontier.com", "pavel@pravosud.com"]
+  spec.summary               = "Authem authenticates them by email"
+  spec.description           = "Authem provides a simple solution for email-based authentication"
+  spec.homepage              = "https://github.com/paulelliott/authem"
+  spec.license               = "MIT"
+  spec.required_ruby_version = ">= 2.0.0"
+  spec.files                 = `git ls-files`.split($/)
+  spec.test_files            = spec.files.grep("spec")
+  spec.require_path          = "lib"
+  spec.add_dependency "activesupport",  ">= 4.0.4"
+  spec.add_dependency "railties",       "~> 4.0"
+  spec.add_dependency "bcrypt",         "~> 3.1"
+end

data/gemfiles/rails_4.0.gemfile ADDED

@@ -0,0 +1,16 @@
+# This file was generated by Appraisal
+source "https://rubygems.org"
+gem "appraisal"
+gem "activerecord", "~> 4.0.0", :require => "active_record"
+gem "bcrypt", "~> 3.1"
+gem "railties", "~> 4.0"
+gem "protected_attributes"
+group :test do
+  gem "rspec", "~> 3.0"
+  gem "rake", "~> 10.3"
+  gem "sqlite3"
+  gem "pry"
+end

data/gemfiles/rails_4.1.gemfile ADDED

@@ -0,0 +1,15 @@
+# This file was generated by Appraisal
+source "https://rubygems.org"
+gem "appraisal"
+gem "activerecord", "~> 4.1.0", :require => "active_record"
+gem "bcrypt", "~> 3.1"
+gem "railties", "~> 4.0"
+group :test do
+  gem "rspec", "~> 3.0"
+  gem "rake", "~> 10.3"
+  gem "sqlite3"
+  gem "pry"
+end

data/lib/authem.rb CHANGED

@@ -1,12 +1,6 @@
-module Authem
-  autoload :BaseUser,          'authem/base_user'
-  autoload :User,              'authem/user'
-  autoload :SorceryUser,       'authem/sorcery_user'
-  autoload :Config,            'authem/config'
-  autoload :ControllerSupport, 'authem/controller_support'
-  autoload :Token,             'authem/token'
+require "authem/railtie"
+require "authem/user"
+require "authem/version"
-  def self.configure(&block)
-    Config.configure(&block)
-  end
+module Authem
 end

data/lib/authem/controller.rb ADDED

@@ -0,0 +1,50 @@
+require "active_support/concern"
+require "authem/role"
+module Authem
+  module Controller
+    extend ActiveSupport::Concern
+    included{ class_attribute :authem_roles }
+    module SessionManagementMethods
+      def sign_in(model, **options)
+        role = options.fetch(:as){ self.class.authem_role_for(model) }
+        public_send "sign_in_#{role}", model, options
+      end
+      def sign_out(model, **options)
+        role = options.fetch(:as){ self.class.authem_role_for(model) }
+        public_send "sign_out_#{role}"
+      end
+      def clear_all_sessions_for(model, **options)
+        role = options.fetch(:as){ self.class.authem_role_for(model) }
+        public_send "clear_all_#{role}_sessions_for", model
+      end
+      def redirect_back_or_to(url, **options)
+        url = session.delete(:return_to_url) || url
+        redirect_to url, options
+      end
+    end
+    module ClassMethods
+      def authem_for(role_name, **options)
+        include SessionManagementMethods
+        Authem::Role.new(self, role_name, options).setup!
+      end
+      def authem_role_for(record)
+        fail ArgumentError if record.nil?
+        matches = authem_roles.select{ |role| record.class == role.klass }
+        fail UnknownRoleError.build(record) if matches.empty?
+        fail AmbigousRoleError.build(record, matches) unless matches.one?
+        matches.first.name
+      end
+    end
+  end
+end

data/lib/authem/errors/ambigous_role.rb ADDED

@@ -0,0 +1,8 @@
+module Authem
+  class AmbigousRoleError < StandardError
+    def self.build(record, roles)
+      role_names = roles.map(&:name) * ", "
+      new("Ambigous match for #{record.inspect}: #{role_names}")
+    end
+  end
+end

data/lib/authem/errors/unknown_role.rb ADDED

@@ -0,0 +1,7 @@
+module Authem
+  class UnknownRoleError < StandardError
+    def self.build(record)
+      new("Unknown authem role: #{record.inspect}")
+    end
+  end
+end

data/lib/authem/railtie.rb ADDED

@@ -0,0 +1,12 @@
+require "authem/controller"
+require "rails/railtie"
+module Authem
+  class Railtie < ::Rails::Railtie
+    initializer "authem.controller" do
+      ActiveSupport.on_load :action_controller do
+        include Authem::Controller
+      end
+    end
+  end
+end

data/lib/authem/role.rb ADDED

@@ -0,0 +1,62 @@
+require "authem/support"
+module Authem
+  class Role
+    attr_reader :controller, :name, :options
+    METHODS = %i[current sign_in signed_in? require sign_out clear_for deny_access]
+    METHODS.each do |method_name|
+      define_method method_name do |controller, *args|
+        Support.new(self, controller).public_send(method_name, *args)
+      end
+    end
+    def initialize(controller, name, **options)
+      @controller, @name, @options = controller, name.to_s, options
+    end
+    def klass
+      @klass ||= options.fetch(:model){ name.classify.constantize }
+    end
+    def setup!
+      setup_controller_settings
+      setup_controller_instance_methods
+      setup_view_helpers
+    end
+    private
+    def setup_controller_settings
+      controller.authem_roles ||= []
+      controller.authem_roles += [self]
+    end
+    def setup_controller_instance_methods
+      role = self
+      method_mapping.each do |inner_method, exposed_method|
+        define_controller_method exposed_method do |*args|
+          role.public_send(inner_method, self, *args)
+        end
+      end
+    end
+    def setup_view_helpers
+      controller.helper_method *%I[current_#{name} #{name}_signed_in?]
+    end
+    def define_controller_method(*args, &block)
+      controller.instance_eval{ define_method *args, &block }
+    end
+    def method_mapping
+      exposed_methods = %I[current_#{name} sign_in_#{name}
+        #{name}_signed_in? require_#{name} sign_out_#{name}
+        clear_all_#{name}_sessions_for deny_#{name}_access]
+      Hash[[METHODS, exposed_methods].transpose]
+    end
+  end
+end

data/lib/authem/session.rb ADDED

@@ -0,0 +1,41 @@
+require "active_record"
+require "authem/token"
+module Authem
+  class Session < ::ActiveRecord::Base
+    self.table_name = :authem_sessions
+    belongs_to :subject, polymorphic: true
+    before_create do
+      self.token ||= Authem::Token.generate
+      self.ttl ||= 30.days
+      self.expires_at ||= ttl_from_now
+    end
+    class << self
+      def by_subject(record)
+        where(subject_type: record.class.name, subject_id: record.id)
+      end
+      def active
+        where(arel_table[:expires_at].gteq(Time.zone.now))
+      end
+      def expired
+        where(arel_table[:expires_at].lt(Time.zone.now))
+      end
+    end
+    def refresh
+      self.expires_at = ttl_from_now
+      save!
+    end
+    private
+    def ttl_from_now
+      ttl.to_i.seconds.from_now
+    end
+  end
+end

data/lib/authem/support.rb ADDED

@@ -0,0 +1,129 @@
+require "active_support/core_ext/module/delegation"
+require "authem/session"
+require "authem/errors/ambigous_role"
+require "authem/errors/unknown_role"
+module Authem
+  class Support
+    attr_reader :role, :controller
+    def initialize(role, controller)
+      @role, @controller = role, controller
+    end
+    def current
+      if ivar_defined?
+        ivar_get
+      else
+        ivar_set fetch_subject_by_token
+      end
+    end
+    def sign_in(record, **options)
+      check_record! record
+      ivar_set record
+      auth_session = create_auth_session(record, options)
+      save_session auth_session
+      save_cookie auth_session if options[:remember]
+      auth_session
+    end
+    def signed_in?
+      current.present?
+    end
+    def sign_out
+      ivar_set nil
+      Authem::Session.where(role: role_name, token: current_auth_token).delete_all
+      cookies.delete key, domain: :all
+      session.delete key
+    end
+    def clear_for(record)
+      check_record! record
+      sign_out
+      Authem::Session.by_subject(record).where(role: role_name).delete_all
+    end
+    def require
+      unless signed_in?
+        session[:return_to_url] = request.url unless request.xhr?
+        controller.send "deny_#{role_name}_access"
+      end
+    end
+    def deny_access
+      # default landing point for deny_#{role_name}_access
+      fail NotImplementedError, "No strategy for require_#{role_name} defined. Please define `deny_#{role_name}_access` method in your controller"
+    end
+    private
+    delegate :name, to: :role, prefix: true
+    def check_record!(record)
+      fail ArgumentError if record.nil?
+    end
+    def fetch_subject_by_token
+      return if current_auth_token.blank?
+      auth_session = get_auth_session_by_token(current_auth_token)
+      return nil unless auth_session
+      auth_session.refresh
+      save_cookie auth_session if cookies.signed[key].present?
+      auth_session.subject
+    end
+    def current_auth_token
+      session[key] || cookies.signed[key]
+    end
+    def create_auth_session(record, options)
+      Authem::Session.create!(role: role_name, subject: record, ttl: options[:ttl])
+    end
+    def save_session(auth_session)
+      session[key] = auth_session.token
+    end
+    def save_cookie(auth_session)
+      cookie_value = {
+        value:   auth_session.token,
+        expires: auth_session.expires_at,
+        domain:  :all
+      }
+      cookies.signed[key] = cookie_value
+    end
+    def get_auth_session_by_token(token)
+      Authem::Session.active.find_by(role: role_name, token: token)
+    end
+    def key
+      "_authem_current_#{role_name}"
+    end
+    def ivar_defined?
+      controller.instance_variable_defined?(ivar_name)
+    end
+    def ivar_set(value)
+      controller.instance_variable_set ivar_name, value
+    end
+    def ivar_get
+      controller.instance_variable_get ivar_name
+    end
+    def ivar_name
+      @ivar_name ||= "@_#{key}".to_sym
+    end
+    # exposing private controller methods
+    %i[cookies session redirect_to request].each do |method_name|
+      define_method method_name do |*args|
+        controller.send(method_name, *args)
+      end
+    end
+  end
+end