authenticate 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 95466d6fe7aaa95a7157ca870d2cb7324a11aacf
+  data.tar.gz: f10ec192418dff2700252c2c37c99ff0324c18ba
+SHA512:
+  metadata.gz: 137399918e6cad2a327fde6bda5c724192d10cc52b7c5682814773641662ab4b58808a48a7a3076e1baf9dde108cc4db942675bdf3072177aa8ab3cb6dc489a8
+  data.tar.gz: be34b75f473e5f0ae869c0859710a158c87a92d02bd5d2166d0ebe9527ce02eb58458027bdc1133665d2ee3be4148ddd58cbfeac14618ea548e4156fe76a6973

data/.gitignore

@@ -0,0 +1,9 @@
+.bundle/
+log/*.log
+pkg/
+test/dummy/db/*.sqlite3
+test/dummy/db/*.sqlite3-journal
+test/dummy/log/*.log
+test/dummy/tmp/
+spec/dummy/log/test.log
+spec/dummy/log/development.log

data/.rspec

@@ -0,0 +1,2 @@
+--color
+--require spec_helper

data/.ruby-version

@@ -0,0 +1 @@
+2.3.0

data/Gemfile

@@ -0,0 +1,21 @@
+source 'https://rubygems.org'
+
+gem 'rails'
+gem 'sqlite3'
+gem 'pry'
+gem 'factory_girl_rails'
+# gem 'capybara'
+
+# Declare your gem's dependencies in authenticate.gemspec.
+# Bundler will treat runtime dependencies like base dependencies, and
+# development dependencies will be added by default to the :development group.
+gemspec
+
+# Declare any dependencies that are still in development here instead of in
+# your gemspec. These might include edge Rails or gems from your path or
+# Git. Remember to move these dependencies to your gemspec before releasing
+# your gem to rubygems.org.
+
+# To use a debugger
+# gem 'byebug', group: [:development, :test]
+

data/Gemfile.lock

@@ -0,0 +1,154 @@
+PATH
+  remote: .
+  specs:
+    authenticate (0.1.0)
+      bcrypt
+      email_validator (~> 1.6)
+      rails (>= 4.0, < 5.1)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    actionmailer (4.2.5)
+      actionpack (= 4.2.5)
+      actionview (= 4.2.5)
+      activejob (= 4.2.5)
+      mail (~> 2.5, >= 2.5.4)
+      rails-dom-testing (~> 1.0, >= 1.0.5)
+    actionpack (4.2.5)
+      actionview (= 4.2.5)
+      activesupport (= 4.2.5)
+      rack (~> 1.6)
+      rack-test (~> 0.6.2)
+      rails-dom-testing (~> 1.0, >= 1.0.5)
+      rails-html-sanitizer (~> 1.0, >= 1.0.2)
+    actionview (4.2.5)
+      activesupport (= 4.2.5)
+      builder (~> 3.1)
+      erubis (~> 2.7.0)
+      rails-dom-testing (~> 1.0, >= 1.0.5)
+      rails-html-sanitizer (~> 1.0, >= 1.0.2)
+    activejob (4.2.5)
+      activesupport (= 4.2.5)
+      globalid (>= 0.3.0)
+    activemodel (4.2.5)
+      activesupport (= 4.2.5)
+      builder (~> 3.1)
+    activerecord (4.2.5)
+      activemodel (= 4.2.5)
+      activesupport (= 4.2.5)
+      arel (~> 6.0)
+    activesupport (4.2.5)
+      i18n (~> 0.7)
+      json (~> 1.7, >= 1.7.7)
+      minitest (~> 5.1)
+      thread_safe (~> 0.3, >= 0.3.4)
+      tzinfo (~> 1.1)
+    arel (6.0.3)
+    bcrypt (3.1.10)
+    builder (3.2.2)
+    coderay (1.1.0)
+    concurrent-ruby (1.0.0)
+    diff-lcs (1.2.5)
+    email_validator (1.6.0)
+      activemodel
+    erubis (2.7.0)
+    factory_girl (4.4.0)
+      activesupport (>= 3.0.0)
+    factory_girl_rails (4.4.1)
+      factory_girl (~> 4.4.0)
+      railties (>= 3.0.0)
+    globalid (0.3.6)
+      activesupport (>= 4.1.0)
+    i18n (0.7.0)
+    json (1.8.3)
+    loofah (2.0.3)
+      nokogiri (>= 1.5.9)
+    mail (2.6.3)
+      mime-types (>= 1.16, < 3)
+    method_source (0.8.2)
+    mime-types (2.99)
+    mini_portile2 (2.0.0)
+    minitest (5.8.3)
+    nokogiri (1.6.7.1)
+      mini_portile2 (~> 2.0.0.rc2)
+    pry (0.10.3)
+      coderay (~> 1.1.0)
+      method_source (~> 0.8.1)
+      slop (~> 3.4)
+    rack (1.6.4)
+    rack-test (0.6.3)
+      rack (>= 1.0)
+    rails (4.2.5)
+      actionmailer (= 4.2.5)
+      actionpack (= 4.2.5)
+      actionview (= 4.2.5)
+      activejob (= 4.2.5)
+      activemodel (= 4.2.5)
+      activerecord (= 4.2.5)
+      activesupport (= 4.2.5)
+      bundler (>= 1.3.0, < 2.0)
+      railties (= 4.2.5)
+      sprockets-rails
+    rails-deprecated_sanitizer (1.0.3)
+      activesupport (>= 4.2.0.alpha)
+    rails-dom-testing (1.0.7)
+      activesupport (>= 4.2.0.beta, < 5.0)
+      nokogiri (~> 1.6.0)
+      rails-deprecated_sanitizer (>= 1.0.1)
+    rails-html-sanitizer (1.0.2)
+      loofah (~> 2.0)
+    railties (4.2.5)
+      actionpack (= 4.2.5)
+      activesupport (= 4.2.5)
+      rake (>= 0.8.7)
+      thor (>= 0.18.1, < 2.0)
+    rake (10.4.2)
+    rspec (3.1.0)
+      rspec-core (~> 3.1.0)
+      rspec-expectations (~> 3.1.0)
+      rspec-mocks (~> 3.1.0)
+    rspec-core (3.1.7)
+      rspec-support (~> 3.1.0)
+    rspec-expectations (3.1.2)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.1.0)
+    rspec-mocks (3.1.3)
+      rspec-support (~> 3.1.0)
+    rspec-rails (3.1.0)
+      actionpack (>= 3.0)
+      activesupport (>= 3.0)
+      railties (>= 3.0)
+      rspec-core (~> 3.1.0)
+      rspec-expectations (~> 3.1.0)
+      rspec-mocks (~> 3.1.0)
+      rspec-support (~> 3.1.0)
+    rspec-support (3.1.2)
+    slop (3.6.0)
+    sprockets (3.5.2)
+      concurrent-ruby (~> 1.0)
+      rack (> 1, < 3)
+    sprockets-rails (3.0.0)
+      actionpack (>= 4.0)
+      activesupport (>= 4.0)
+      sprockets (>= 3.0.0)
+    sqlite3 (1.3.11)
+    thor (0.19.1)
+    thread_safe (0.3.5)
+    tzinfo (1.2.2)
+      thread_safe (~> 0.1)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  authenticate!
+  factory_girl_rails
+  pry
+  rails
+  rspec
+  rspec-rails
+  sqlite3
+
+BUNDLED WITH
+   1.11.2

data/LICENSE

@@ -0,0 +1,20 @@
+Copyright 2016 Justin Tomich
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,240 @@
+# Authenticate
+
+A Rails authentication gem.
+
+Authenticate is small, simple, but extensible. It has highly opinionated defaults but is
+open to significant modification.
+
+Authenticate is inspired by, and draws from, Devise, Warden, Authlogic, Clearance, Sorcery, and restful_authentication.
+
+
+## Install
+
+Installation is pretty standard. Authenticate does not currently have an automated install process. One is coming.
+
+* Include `Authenticate::User` into your `User` model.
+* Include `Authenticate::Controller` into your `ApplicationController`
+* Add an initializer: config/intializers/authenticate.rb containing:
+    Authenticate.configure do |config|
+      # any settings you wish to tweak, see below
+    end
+* Create a migration for any Authenticate features you wish to take advantage of. Here's a good default:
+    `rails g migration AddAuthenticateToUsers email:string encrypted_password:string session_token:string 
+    session_expiration:datetime sign_in_count:integer last_sign_in_at:datetime last_sign_in_ip:string 
+    last_access_at:datetime current_sign_in_at:datetime current_sign_in_ip:string`
+
+
+## Configure
+
+Override any of these defaults in your application `config/initializers/authenticate.rb`.
+
+```ruby
+Authenticate.configure do |config|
+    config.user_model = 'User'
+    config.cookie_name = 'authenticate_session_token'
+    config.cookie_expiration = { 1.year.from_now.utc }
+    config.cookie_domain = nil
+    config.crypto_provider = Bcrypt
+    config.timeout_in = nil  # 45.minutes
+    config.max_session_lifetime = nil  # 8.hours
+    config.max_consecutive_bad_logins_allowed = nil # 5
+    config.bad_login_lockout_period = nil # 5.minutes
+    config.authentication_strategy = :email
+```
+
+
+
+### timeout_in
+
+* timeout_in: the interval to timeout the user session without activity.
+
+If your configuration sets timeout_in to a non-nil value, then the last user access is tracked.
+If the interval between the current access time and the last access time is greater than timeout_in,
+the session is invalidated. The user will be prompted for authentication again.
+
+
+
+### max_session_lifetime
+
+* max_session_lifetime: the maximum interval a session is valid, regardless of user activity.
+
+If your configuration sets max_session_lifetime, a User session will expire once it has been active for
+max_session_lifetime. The user session is invalidated and the next access will will prompt the user for
+authentication again.
+
+
+
+### max_consecutive_bad_logins_allowed & bad_login_lockout_period
+
+* max_consecutive_bad_logins_allowed: an integer
+* bad_login_lockout_period: a ActiveSupport::CoreExtensions::Numeric::Time
+
+To enable brute force protection, set max_consecutive_bad_logins_allowed to a non-nil positive integer.
+The user's consecutive bad logins will be tracked, and if they exceed the allowed maximumm the user's account
+will be locked. The lock will last `bad_login_lockout_period`, which can be any time period (e.g. `10.minutes`).  
+
+
+
+### authentication_strategy
+
+The default authentication strategy is :email. This requires that your User model have an attribute named `email`.
+The User account will be identified by this email address. The strategy will add email attribute validation to
+the User, ensuring that it exists, is properly formatted, and is unique.
+
+You may instead opt for :username. The username strategy will identify users with an attribute named `username`.
+The strategy will also add username attribute validation, ensuring the username exists and is unique.
+
+
+## Use
+
+### Authentication
+
+To perform authentication use:
+
+* authenticate(params) - authenticate a user with credentials in params, return user if correct. 
+`params[:session][:email]` and `params[:session][:password]` are required for the :email authentication
+strategy. `params[:session][:username]` and `params[:session][:password]` are required for
+the :username authentication strategy.
+
+* login(user, &block) - log in the just-authenticated user. Login will run all rules as provided in the configuration,
+such as timeout_in detection, max_session_lifetime, etc. You can provide a block to this method to handle the result.
+Your block will receive either {SuccessStatus} or {FailureStatus}.
+
+An example session controller:
+
+```ruby
+class SessionsController < ActionController::Base
+  include Authenticate::Controller
+
+  def create
+    user = authenticate(params)
+    login(user) do |status|
+      if status.success?
+        flash[:notice] = 'You successfully logged in! Very nice.'
+        logger.info flash[:notice].inspect
+        redirect_to '/'
+      else
+        flash[:notice] = status.message
+        logger.info flash[:notice].inspect
+        render template: 'sessions/new', status: :unauthorized
+      end
+    end
+  end
+
+
+  def new
+  end
+
+  def destroy
+    logout
+    redirect_to '/', notice: 'You logged out successfully'
+  end
+end
+```
+
+
+### Access Control
+
+Use the `require_authentication` filter to control access to controller actions.
+
+```ruby
+class ApplicationController < ActionController::Base
+    before_action :require_authentication
+end
+```
+
+
+### Helpers
+
+Use `current_user` and `authenticated?` in controllers, views, and helpers.
+
+Example:
+
+```erb
+<% if authenticated? %>
+  <%= current_user.email %>
+  <%= button_to "Sign out", sign_out_path, method: :delete %>
+<% else %>
+  <%= link_to "Sign in", sign_in_path %>
+<% end %>
+```
+
+### Logout
+
+Log the user out. The user session_token will be deleted from the database, and the session cookie will
+be deleted from the user's browser session.
+
+```ruby
+# in session controller...
+def destroy
+  logout
+  redirect_to '/', notice: 'You logged out successfully'
+end
+```
+
+
+## Extending Authenticate
+
+Authenticate can be extended with two mechanisms:
+
+* user modules: add behavior to the user model
+* callbacks: add login during various authentication events, during login and access
+
+
+
+### User Modules
+
+Add behavior to your User model for your callbacks to use. Include them yourself directly in your User class,
+or via the Authentication configuration. 
+
+Example:
+```ruby
+Authenticate.configuraton do |config|
+  config.modules = [MyUserModule]
+end
+```
+
+
+### Callbacks
+
+Callbacks can be added with `after_set_user` or `after_authentication`. See {Authenticate::Lifecycle} for full details.
+
+Callbacks can `throw(:failure, message)` to signal an authentication/authorization failure, or perform
+actions on the user or session. Callbacks are passed a block at runtime of `|user, session, options|`.
+
+
+Example that counts logins for users. It consists of a module for User, and a callback that is
+set in the `included` block. The callback is then added to the  User module via the Authenticate configuration.
+
+```ruby
+module LoginCount
+  extend ActiveSupport::Concern
+
+  included do
+    # authentication hook
+    Authenticate.lifecycle.after_authentication name:'login counter' do |user, session, options|
+      user.count_login if user
+    end
+  end
+
+  def count_login
+    self.login_counter += 1
+  end
+end
+
+Authenticate.configiration do |config|
+  config.modules = [LoginCount]
+end
+```
+
+
+
+## Testing
+
+Authenticate has been tested with rails 4.2, other versions to follow.
+
+## License
+
+This project rocks and uses MIT-LICENSE.
+
+