authenticate 0.1.0 → 0.2.0

data/lib/authenticate/session.rb

@@ -100,7 +100,9 @@ module Authenticate
 
     def write_cookie
       cookie_hash = {
-          httponly: true,
+          path: Authenticate.configuration.cookie_path,
+          secure: Authenticate.configuration.secure_cookie,
+          httponly: Authenticate.configuration.cookie_http_only,
           value: @current_user.session_token,
           expires: Authenticate.configuration.cookie_expiration.call
       }

data/lib/authenticate/user.rb

@@ -35,16 +35,21 @@ module Authenticate
       load_modules
     end
 
+    # Generate a new session token for the user, overwriting the existing session token, if any.
+    # This is not automatically persisted; call {#reset_session_token!} to automatically
+    # generate and persist the session token update.
     def generate_session_token
       self.session_token = Authenticate::Token.new
-      # puts 'User.generate_session_token session_token:' + self.session_token.to_s
     end
 
+    # Generate a new session token and persist the change, ignoring validations.
+    # This effectively signs out all existing sessions. Called as part of logout.
     def reset_session_token!
       generate_session_token
       save validate: false
     end
 
+
   end
 end
 

data/lib/authenticate/version.rb

@@ -1,3 +1,3 @@
 module Authenticate
-  VERSION = '0.1.0'
+  VERSION = '0.2.0'
 end

data/lib/generators/authenticate/controllers/USAGE

@@ -0,0 +1,12 @@
+Description:
+  Override the default authentication controllers and mailers. This generator will copy all of the
+  base authenticate controllers and mailers into your project.
+
+Examples:
+  rails generate authenticate:controllers
+
+  View: app/controllers/authenticate/passwords_controller.rb
+  View: app/controllers/authenticate/sessions_controller.rb
+  View: app/controllers/authenticate/users_controller.rb
+  View: app/mailers/authenticate_mailer.rb
+

data/lib/generators/authenticate/controllers/controllers_generator.rb

@@ -0,0 +1,21 @@
+require 'rails/generators/base'
+
+#
+# deploy view and locale assets
+#
+module Authenticate
+  module Generators
+    class ControllersGenerator < Rails::Generators::Base
+      source_root File.expand_path("../../../../..", __FILE__)
+
+      def create_views
+        directory 'app/controllers'
+      end
+
+      def create_mailers
+        directory 'app/mailers'
+      end
+
+    end
+  end
+end

data/lib/generators/authenticate/install/USAGE

@@ -0,0 +1,7 @@
+Description:
+    Explain the generator
+
+Example:
+    rails generate authenticate:install
+
+    This will create:

data/lib/generators/authenticate/install/install_generator.rb

@@ -0,0 +1,140 @@
+require 'rails/generators/base'
+require 'rails/generators/active_record'
+
+module Authenticate
+  module Generators
+    class InstallGenerator < Rails::Generators::Base
+      include Rails::Generators::Migration
+      source_root File.expand_path('../templates', __FILE__)
+
+      def create_initializer
+        copy_file 'authenticate.rb', 'config/initializers/authenticate.rb'
+      end
+
+      def inject_into_application_controller
+        inject_into_class(
+            "app/controllers/application_controller.rb",
+            ApplicationController,
+            "  include Authenticate::Controller\n"
+        )
+      end
+
+      def create_or_inject_into_user_model
+        if File.exist? "app/models/user.rb"
+          inject_into_file(
+              'app/models/user.rb',
+              '  include Authenticate::User\n\n',
+              after: 'class User < ActiveRecord::Base\n'
+          )
+        else
+          copy_file 'user.rb', 'app/models/user.rb'
+        end
+      end
+
+      def create_authenticate_user_migration
+        if users_table_exists?
+          create_add_columns_migration
+        else
+          create_new_users_migration
+        end
+      end
+
+      def copy_migration_files
+        copy_migration 'add_authenticate_brute_force_to_users.rb'
+        copy_migration 'add_authenticate_timeoutable_to_users.rb'
+        copy_migration 'add_authenticate_password_reset_to_users.rb'
+      end
+
+      private
+
+      def create_new_users_migration
+        config = {
+            new_columns: new_columns,
+            new_indexes: new_indexes
+        }
+        copy_migration 'create_users.rb', config
+      end
+
+      def create_add_columns_migration
+        if migration_needed?
+          config = {
+              new_columns: new_columns,
+              new_indexes: new_indexes
+          }
+          copy_migration('add_authenticate_to_users.rb', config)
+        end
+      end
+
+      def copy_migration(migration_name, config = {})
+        unless migration_exists?(migration_name)
+          migration_template(
+              "db/migrate/#{migration_name}",
+              "db/migrate/#{migration_name}",
+              config
+          )
+        end
+      end
+
+      def migration_needed?
+        new_columns.any? || new_indexes.any?
+      end
+
+      def new_columns
+        @new_columns ||= {
+            email: 't.string :email',
+            encrypted_password: 't.string :encrypted_password, limit: 128',
+            session_token: 't.string :session_token, limit: 128',
+
+            # trackable, lifetimed
+            current_sign_in_at: 't.datetime :current_sign_in_at',
+            current_sign_in_ip: 't.string :current_sign_in_ip, limit: 128',
+            last_sign_in_at: 't.datetime :last_sign_in_at',
+            last_sign_in_ip: 't.string :last_sign_in_ip, limit: 128',
+            sign_in_count: 't.integer :sign_in_count'
+        }.reject { |column| existing_users_columns.include?(column.to_s) }
+      end
+
+      def new_indexes
+        @new_indexes ||= {
+            index_users_on_email: 'add_index :users, :email',
+            index_users_on_session_token: 'add_index :users, :session_token'
+        }.reject { |index| existing_users_indexes.include?(index.to_s) }
+      end
+
+      def migration_exists?(name)
+        existing_migrations.include?(name)
+      end
+
+      def existing_migrations
+        @existing_migrations ||= Dir.glob("db/migrate/*.rb").map do |file|
+          migration_name_without_timestamp(file)
+        end
+      end
+
+      def migration_name_without_timestamp(file)
+        file.sub(%r{^.*(db/migrate/)(?:\d+_)?}, '')
+      end
+
+      def users_table_exists?
+        ActiveRecord::Base.connection.table_exists?(:users)
+      end
+
+      def existing_users_columns
+        return [] unless users_table_exists?
+        ActiveRecord::Base.connection.columns(:users).map(&:name)
+      end
+
+      def existing_users_indexes
+        return [] unless users_table_exists?
+        ActiveRecord::Base.connection.indexes(:users).map(&:name)
+      end
+
+      # for generating a timestamp when using `create_migration`
+      def self.next_migration_number(dir)
+        ActiveRecord::Generators::Base.next_migration_number(dir)
+      end
+
+
+    end
+  end
+end

data/lib/generators/authenticate/install/templates/authenticate.rb

@@ -0,0 +1,22 @@
+Authenticate.configure do |config|
+  # config.user_model = 'User'
+  # config.cookie_name = 'authenticate_session_token'
+  # config.cookie_expiration = { 1.month.from_now.utc }
+  # config.cookie_domain = nil
+  # config.cookie_path = '/'
+  # config.secure_cookie = false   # set to true in production https environments
+  # config.cookie_http_only = false # set to true if you can
+
+  # config.mailer_sender = 'reply@example.com'
+  # config.crypto_provider = Authenticate::Model::BCrypt
+  # config.timeout_in = 45.minutes
+  # config.max_session_lifetime = 8.hours
+  # config.max_consecutive_bad_logins_allowed = 4
+  # config.bad_login_lockout_period = 10.minutes
+  # config.authentication_strategy = :email
+  # config.redirect_url = '/'
+  # config.allow_sign_up = true
+  # config.routes = true
+  # config.reset_password_within = 2.days
+  # config.modules = []
+end

data/lib/generators/authenticate/install/templates/db/migrate/add_authenticate_brute_force_to_users.rb

@@ -0,0 +1,6 @@
+class AddAuthenticateBruteForceToUsers < ActiveRecord::Migration
+  def change
+    add_column :users, :failed_logins_count, :integer, default: 0
+    add_column :users, :lock_expires_at, :datetime, default: nil
+  end
+end

data/lib/generators/authenticate/install/templates/db/migrate/add_authenticate_password_reset_to_users.rb

@@ -0,0 +1,7 @@
+class AddAuthenticatePasswordResetToUsers < ActiveRecord::Migration
+  def change
+    add_column :users, :password_reset_token, :string, default: nil
+    add_column :users, :password_reset_sent_at, :datetime, default: nil
+  end
+end
+

data/lib/generators/authenticate/install/templates/db/migrate/add_authenticate_timeoutable_to_users.rb

@@ -0,0 +1,5 @@
+class AddAuthenticateTimeoutableToUsers < ActiveRecord::Migration
+  def change
+    add_column :users, :last_access_at, :datetime, default: nil
+  end
+end

data/lib/generators/authenticate/install/templates/db/migrate/add_authenticate_to_users.rb

@@ -0,0 +1,21 @@
+class AddAuthenticateToUsers < ActiveRecord::Migration
+  def self.up
+    change_table :users do |t|
+<% config[:new_columns].values.each do |column| -%>
+      <%= column %>
+<% end -%>
+    end
+
+<% config[:new_indexes].values.each do |index| -%>
+    <%= index %>
+<% end -%>
+  end
+
+  def self.down
+    change_table :users do |t|
+<% if config[:new_columns].any? -%>
+      t.remove <%= new_columns.keys.map { |column| ":#{column}" }.join(", ") %>
+<% end -%>
+    end
+  end
+end

data/lib/generators/authenticate/install/templates/db/migrate/create_users.rb

@@ -0,0 +1,14 @@
+class CreateUsers < ActiveRecord::Migration
+  def change
+
+    create_table :users do |t|
+    <% config[:new_columns].values.each do |column| -%>
+      <%= column %>
+    <% end -%>
+    end
+
+<% config[:new_indexes].values.each do |index| -%>
+    <%= index %>
+<% end -%>
+  end
+end

data/lib/generators/authenticate/install/templates/user.rb

@@ -0,0 +1,3 @@
+class User < ActiveRecord::Base
+  include Authenticate::User
+end

data/lib/generators/authenticate/routes/USAGE

@@ -0,0 +1,8 @@
+Description:
+  Inject the authenticate routes into your `config/routes.rb`. Also turns off authenticate's built-in routes
+  by adding `config.routes = false` into your `config/initializers/authenticate.rb`.
+
+Examples:
+  rails generate authenticate:routes
+
+

data/lib/generators/authenticate/routes/routes_generator.rb

@@ -0,0 +1,32 @@
+require 'rails/generators/base'
+
+module Authenticate
+  module Generators
+    class RoutesGenerator < Rails::Generators::Base
+      source_root File.expand_path('../templates', __FILE__)
+
+      def add_authenticate_routes
+        route(authenticate_routes)
+      end
+
+      def disable_authenticate_internal_routes
+        inject_into_file(
+          'config/initializers/authenticate.rb',
+          "  config.routes = false \n",
+          after: "Authenticate.configure do |config|\n",
+        )
+      end
+
+      private
+
+      def authenticate_routes
+        File.read(routes_file_path)
+      end
+
+      def routes_file_path
+        File.expand_path(find_in_source_paths('routes.rb'))
+      end
+
+    end
+  end
+end

data/lib/generators/authenticate/routes/templates/routes.rb

@@ -0,0 +1,10 @@
+resource :session, controller: 'authenticate/sessions', only: [:create, :new, :destroy]
+  resources :passwords, controller: 'authenticate/passwords', only: [:new, :create]
+
+  resource :users, controller: 'authenticate/users', only: [:new, :create] do
+    resources :passwords, controller: 'authenticate/passwords', only: [:edit, :update]
+  end
+
+  get '/sign_up', to: 'authenticate/users#new', as: 'sign_up'
+  get '/sign_in', to: 'authenticate/sessions#new', as: 'sign_in'
+  get '/sign_out', to: 'authenticate/sessions#destroy', as: 'sign_out'

data/lib/generators/authenticate/views/USAGE

@@ -0,0 +1,13 @@
+Description:
+    Override the default authenticate views. This generator will copy all of the
+    base authenticate views into your project.
+
+Examples:
+    rails generate authenticate:views
+
+    View: app/views/authenticate_mailer/change_password.html.erb
+    View: app/views/layouts/application.html.erb
+    View: app/views/passwords/edit.html.erb
+    View: app/views/passwords/new.html.erb
+    View: app/views/sessions/new.html.erb
+    View: app/views/users/new.html.erb

data/lib/generators/authenticate/views/views_generator.rb

@@ -0,0 +1,21 @@
+require 'rails/generators/base'
+
+#
+# deploy view and locale assets
+#
+module Authenticate
+  module Generators
+    class ViewsGenerator < Rails::Generators::Base
+      source_root File.expand_path("../../../../..", __FILE__)
+
+      def create_views
+        directory 'app/views'
+      end
+
+      def create_locales
+        directory 'config/locales'
+      end
+
+    end
+  end
+end

data/spec/dummy/app/controllers/application_controller.rb

@@ -1,4 +1,5 @@
 class ApplicationController < ActionController::Base
+  include Authenticate::Controller
   # Prevent CSRF attacks by raising an exception.
   # For APIs, you may want to use :null_session instead.
   protect_from_forgery with: :exception

data/spec/dummy/config/initializers/authenticate.rb

@@ -1,7 +1,14 @@
-puts '************************** initializer start'
 Authenticate.configure do |config|
-  config.debug = true
-  config.timeout_in = 5.minutes
-  config.max_session_lifetime = 10.minutes
+  # config.user_model = 'User'
+  # config.cookie_name = 'authenticate_session_token'
+  # config.cookie_expiration = { 1.month.from_now.utc }
+  # config.cookie_domain = nil
+  # config.cookie_path = '/'
+  # config.secure_cookie = false # set to true in production https environments
+  # config.http_only = false # set to true if you can
+  # config.timeout_in = 45.minutes
+  # config.max_session_lifetime = 8.hours
+  config.max_consecutive_bad_logins_allowed = 1
+  config.bad_login_lockout_period = 2.minutes
+  # config.authentication_strategy = :email
 end
-puts '************************** initializer finished'