authenticate 0.2.0 → 0.2.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 1233e7491c83dd3155f5546e45fe6de01e3dfba3
-  data.tar.gz: 8cf747a94820850842e2ae37137a2be1bdd22f6a
+  metadata.gz: ee7e6d853c9b5bbd628cff1a668915f044763ee2
+  data.tar.gz: eed8ffa17e581d9e78f7a9a1de4c7256f5aab006
 SHA512:
-  metadata.gz: 578c426daca72149a48eea0340da3df6c98dda9df0707eef6479dc9aa2b622ccfe113ab16a2cfe1bf693974368545af190710371f29959108b01bc6b40cd408b
-  data.tar.gz: 70817ffbf340daa66078abf00b427412e6bec84b8257c4fd5d1f5fa30ed200718f2b6bd73c81c72b8dc58d7f1c520ed95c890080b6c91e615d0e3054ad7aa353
+  metadata.gz: 9e5a156bd35d223e8e513efe3224e76ccd9f11b1df4b4215c72ed88d34a53b0f00d2329beb29681981b4ba4f1c3c1625e5ca3e5ff5ee9966d8d3225cdb9bf23b
+  data.tar.gz: 21d14b3ceac3b4a6e99794ba9e5ee8adb36e2a9f513d75d9f156116a77400b252b869e10004181b9ca3de23fba12977031261fb28fcf91171866efa302f6f5c4

data/.gitignore

@@ -1,4 +1,5 @@
 .bundle/
+authenticate-*.gem
 log/*.log
 pkg/
 test/dummy/db/*.sqlite3

data/.travis.yml

@@ -0,0 +1,17 @@
+language: ruby
+
+rvm:
+  - 2.1.8
+  - 2.2.4
+  - 2.3.0
+
+gemfile:
+  - gemfiles/rails42.gemfile
+
+branches:
+  only:
+    - master
+
+sudo: false
+
+script: bundle exec rspec --color --format documentation

data/CHANGELOG.md

@@ -1,11 +1,23 @@
 # Authenticate Changelog
 
 
+## [0.2.1] - February 2, 2016
+
+Fixed potential password_reset nil pointer.
+Continued adding I18n support.
+Minor documentation improvments.
+
+[0.2.1]: https://github.com/tomichj/authenticate/compare/v0.2.0...v0.2.1
+
+
 ## [0.2.0] - February 2, 2016
 
 Added app/ including controllers, views, routes, mailers.
 
+[0.2.0]: https://github.com/tomichj/authenticate/compare/v0.1.0...v0.2.0
+
+
+## 0.1.0 - January 23, 2016
 
-## [0.1.0] - January 23, 2016
+Initial Release, barely functioning
 
-Initial Release, barely functioning

data/Gemfile

@@ -1,11 +1,11 @@
 source 'https://rubygems.org'
 
-gem 'rails'
+gemspec
+
 
 # Declare your gem's dependencies in authenticate.gemspec.
 # Bundler will treat runtime dependencies like base dependencies, and
 # development dependencies will be added by default to the :development group.
-gemspec
 
 # Declare any dependencies that are still in development here instead of in
 # your gemspec. These might include edge Rails or gems from your path or

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    authenticate (0.1.0)
+    authenticate (0.2.1)
       bcrypt
       email_validator (~> 1.6)
       rails (>= 4.0, < 5.1)
@@ -124,7 +124,7 @@ GEM
     sprockets (3.5.2)
       concurrent-ruby (~> 1.0)
       rack (> 1, < 3)
-    sprockets-rails (3.0.0)
+    sprockets-rails (3.0.1)
       actionpack (>= 4.0)
       activesupport (>= 4.0)
       sprockets (>= 3.0.0)
@@ -141,7 +141,6 @@ DEPENDENCIES
   authenticate!
   factory_girl_rails
   pry
-  rails
   rspec-rails
   sqlite3
 

data/README.md

@@ -11,13 +11,13 @@ Please use [GitHub Issues] to report bugs.
 
 [GitHub Issues]: https://github.com/tomichj/authenticate/issues
 
-
+![Build status](https://travis-ci.org/tomichj/authenticate.svg?branch=master) ![Code Climate](https://codeclimate.com/github/tomichj/authenticate/badges/gpa.svg)
 
 ## Philosophy
 
 * simple - Authenticate's code is straightforward and easy to read.
 * opinionated - set the "right" defaults, but let you control almost everything if you want
-* small footprint - as few public methods and modules as possible
+* small footprint - as few public methods and modules as possible. Methods only loaded into your user model if needed.
 * configuration driven - almost all configuration is performed in the initializer
 
 
@@ -28,7 +28,7 @@ Authenticate:
 * loads modules into your user model to provide authentication functionality
 * loads `callbacks` that are triggered during authentication and access events. All authentication
 decisions are performed in callbacks, e.g. do you have a valid session, has your session timed out, etc.
-* loads a module into your controllers (typically application controller) to secure controller actions 
+* loads a module into your controllers (typically application controller) to secure controller actions
 
 The callback architecture is based on the system used by devise and warden, but significantly simplified.
 
@@ -36,14 +36,10 @@ The callback architecture is based on the system used by devise and warden, but
 ### Session Token
 
 Authenticate generates and clears a token (called a 'session token') to identify the user from a saved cookie.
-When a user authenticates successfully, Authenticate generates and stores a 'session token' for your user in 
-your database. The session token is also stored in a cookie in the user's browser. 
+When a user authenticates successfully, Authenticate generates and stores a 'session token' for your user in
+your database. The session token is also stored in a cookie in the user's browser.
 The cookie is then presented upon each subsequent access attempt to your server.
 
-### User Model
-
-
-
 
 ## Install
 
@@ -94,18 +90,40 @@ Authenticate.configure do |config|
   config.cookie_domain = nil
   config.cookie_path = '/
   config.secure_cookie = false
-  config.http_only = false
+  config.cookie_http_only = false
+  config.mailer_sender = 'reply@example.com'
   config.crypto_provider = Bcrypt
   config.timeout_in = nil  # 45.minutes
   config.max_session_lifetime = nil  # 8.hours
   config.max_consecutive_bad_logins_allowed = nil # 5
   config.bad_login_lockout_period = nil # 5.minutes
   config.authentication_strategy = :email
+  config.redirect_url = '/'
+  config.allow_sign_up = true
+  config.routes = true
+  config.reset_password_within = 2.days
+end
 ```
 
 Configuration parameters are described in detail here: [Configuration](lib/authenticate/configuration.rb)
 
 
+### User Model
+
+Authenticate assumes your user class is '::User' by default. You can elect to use another user class.
+Set the user model class name using `user_model` in configuration. For example, if your user model
+class is `Profile`:
+
+```ruby
+Authenticate.configure do |config|
+  config.user_model = '::Profile'
+end
+```
+
+Your user model will also need to `include Authenticate::User`. This is done automatically for you using
+the Authenticate install generator, see [install](#install) above.
+
+
 ### timeout_in
 
 * timeout_in: the interval to timeout the user session without activity.
@@ -131,7 +149,7 @@ authentication again.
 
 To enable brute force protection, set max_consecutive_bad_logins_allowed to a non-nil positive integer.
 The user's consecutive bad logins will be tracked, and if they exceed the allowed maximumm the user's account
-will be locked. The lock will last `bad_login_lockout_period`, which can be any time period (e.g. `10.minutes`).  
+will be locked. The lock will last `bad_login_lockout_period`, which can be any time period (e.g. `10.minutes`).
 
 
 ### authentication_strategy
@@ -149,7 +167,7 @@ The strategy will also add username attribute validation, ensuring the username
 
 ### Authentication
 
-Authenticate provides a session controller and views to authenticate users. After successful authentication, 
+Authenticate provides a session controller and views to authenticate users. After successful authentication,
 the user is redirected to the path they attempted to access, or as specified by the `redirect_url` property
  in your configuration. This defaults to '/' but can customized:
 
@@ -202,23 +220,34 @@ end
 
 ## Overriding Authenticate
 
-### Views
+### Routes
 
-You can quickly get started with a rails application using the built-in views. See [app/views](/app/views) for
-the default views. When you want to customize an Authenticate view, create your own copy of it in your app.
+Authenticate adds routes. See [config/routes.rb](/config/routes.rb) for the default routes.
 
-You can use the Authenticate view generator to copy the default views into your application: 
+If you want to control and customize the routes, you can turn off the built-in routes in
+the Authenticate configuration with `config.routes = false` and dump a copy of the default routes into your
+application for modification.
+
+To turn off Authenticate's built-in routes:
+
+```ruby
+Authenticate.configure do |config|
+  config.routes = false
+end
+```
+
+You can run a generator to dump a copy of the default routes into your application for modification.
 
 ```sh
-$ rails generate authenticate:views
+$ rails generate authenticate:routes
 ```
 
 
 ### Controllers
 
 If the customization at the views level is not enough, you can customize each controller, and the
-authenticate mailer. See [app/controllers](/app/controllers) for the default controllers, and 
-[app/mailers](/app/mailers) for the default mailer. 
+authenticate mailer. See [app/controllers](/app/controllers) for the default controllers, and
+[app/mailers](/app/mailers) for the default mailer.
 
 You can use the Authenticate controller generator to copy the default controllers and mailer into your application:
 
@@ -227,20 +256,62 @@ $ rails generate authenticate:controllers
 ```
 
 
-### Routes
-
-Authenticate adds routes. See [config/routes.rb](/config/routes.rb) for the default routes.
+### Views
 
-If you want to control and customizer the routes, you can turn off the built-in routes in
-the Authenticate configuration with `config.routes = false`.
+You can quickly get started with a rails application using the built-in views. See [app/views](/app/views) for
+the default views. When you want to customize an Authenticate view, create your own copy of it in your app.
 
-You can optionally run a generator to dump a copy of the default routes into your application for modification.
+You can use the Authenticate view generator to copy the default views into your application: 
 
 ```sh
-$ rails generate authenticate:routes
+$ rails generate authenticate:views
+```
+
+
+### Layout
+
+Authenticate uses your application's default layout. If you would like to change the layout clearance uses when
+rendering views, you can either deploy copies of the controllers and customize them, or you can specify
+the layout in an initializer. This needs to be done in a to_prepare callback in `config/application.rb`
+because it's executed once in production and before each request in development.
+                              
+You can specify the layout per-controller:
+
+```ruby
+config.to_prepare do
+  Authenticate::PasswordsController.layout 'my_passwords_layout'
+  Authenticate::SessionsController.layout 'my_sessions_layout'
+  Authenticate::UsersController.layout 'my_users_layout'
+end
+```
+
+
+### Layout
+
+Authenticate uses your application's default layout. If you would like to change the layout clearance uses when
+rendering views, you can either deploy copies of the controllers and customize them, or you can specify
+the layout in an initializer. This needs to be done in a to_prepare callback in `config/application.rb`
+because it's executed once in production and before each request in development.
+                              
+You can specify the layout per-controller:
+
+```ruby
+config.to_prepare do
+  Authenticate::PasswordsController.layout 'my_passwords_layout'
+  Authenticate::SessionsController.layout 'my_sessions_layout'
+  Authenticate::UsersController.layout 'my_users_layout'
+end
 ```
 
 
+### Translations
+
+All flash messages and email lines are stored in i18n translations. You can override them like any other translation.
+
+See [config/locales/authenticate.en.yml](/config/locales/authenticate.en.yml) for the default messages.
+
+
+
 ## Extending Authenticate
 
 Authenticate can be further extended with two mechanisms:
@@ -251,10 +322,10 @@ Authenticate can be further extended with two mechanisms:
 
 ### User Modules
 
-Add behavior to your User model for your callbacks to use. You can, of course, incldue behavrio yourself directly 
+Add behavior to your User model for your callbacks to use. You can, of course, incldue behavrio yourself directly
 in your User class, but you can also use the Authenticate module loading system.
 
-To add a custom module to Authenticate, e.g. `MyUserModule`: 
+To add a custom module to Authenticate, e.g. `MyUserModule`:
 
 ```ruby
 Authenticate.configuration do |config|
@@ -265,7 +336,7 @@ end
 
 ### Callbacks
 
-Callbacks can be added to Authenticate. Use `Authenticate.lifecycle.after_set_user` or 
+Callbacks can be added to Authenticate. Use `Authenticate.lifecycle.after_set_user` or
 `Authenticate.lifecycle.after_authentication`. See [Lifecycle](lib/authenticate/lifecycle.rb) for full details.
 
 Callbacks can `throw(:failure, message)` to signal an authentication/authorization failure. Callbacks can also perform
@@ -279,7 +350,7 @@ set in the `included` block. The callback is then added to the  User module via
 module LoginCount
   extend ActiveSupport::Concern
 
-  included do    
+  included do
     # Add a callback that is triggered after every authentication
     Authenticate.lifecycle.after_authentication name:'login counter' do |user, session, options|
       user.count_login if user
@@ -304,6 +375,8 @@ end
 
 Authenticate has been tested with rails 4.2, other versions to follow.
 
+
+
 ## License
 
 This project rocks and uses MIT-LICENSE.

data/app/controllers/authenticate/authenticate_controller.rb

@@ -0,0 +1,2 @@
+class Authenticate::AuthenticateController < ApplicationController
+end

data/app/controllers/authenticate/passwords_controller.rb

@@ -1,6 +1,6 @@
 # Request password change via an emailed link with a unique token.
 # Thanks to devise and Clearance.
-class Authenticate::PasswordsController < ApplicationController
+class Authenticate::PasswordsController < Authenticate::AuthenticateController
   skip_before_action :require_authentication, only: [:create, :edit, :new, :update], raise: false
   before_action :ensure_existing_user, only: [:edit, :update]
 

data/app/controllers/authenticate/sessions_controller.rb

@@ -1,4 +1,4 @@
-class Authenticate::SessionsController < ApplicationController
+class Authenticate::SessionsController < Authenticate::AuthenticateController
   before_action :redirect_signed_in_users, only: [:new]
   skip_before_action :require_authentication, only: [:create, :new, :destroy], raise: false
 

data/app/controllers/authenticate/users_controller.rb

@@ -1,4 +1,4 @@
-class Authenticate::UsersController < ApplicationController
+class Authenticate::UsersController < Authenticate::AuthenticateController
   before_action :redirect_signed_in_users, only: [:create, :new]
   skip_before_action :require_authentication, only: [:create, :new], raise: false
 

data/app/views/passwords/new.html.erb

@@ -16,4 +16,8 @@
 
   <% end %>
 
+  <div class="links">
+    <%= link_to t(".sign_in"), sign_in_path %>
+  </div>
+
 </div>

data/authenticate.gemspec

@@ -10,28 +10,26 @@ Gem::Specification.new do |s|
   s.authors     = ['Justin Tomich']
   s.email       = ['justin@tomich.org']
   s.homepage    = 'http://github.com/tomichj/authenticate'
-  s.summary     = 'Rails authentication with email & password'
-  s.description = 'Rails authentication with email & password'
+  s.summary     = 'Authentication for Rails applications'
+  s.description = 'Authentication for Rails applications'
   s.license     = 'MIT'
 
-  # s.files = Dir["{app,config,db,lib}/**/*", "MIT-LICENSE", "Rakefile", "README.md"]
   s.files = `git ls-files`.split("\n")
-  # s.test_files = `git ls-files -- {spec}/*`.split("\n")
-  s.test_files = Dir['spec/**/*_spec.rb']
-
-  s.extra_rdoc_files = %w(LICENSE README.md)
-  s.rdoc_options = ['--charset=UTF-8']
+  s.test_files = `git ls-files -- {spec}/*`.split("\n")
 
   s.require_paths = ['lib']
+  s.extra_rdoc_files = %w(LICENSE README.md CHANGELOG.md)
+  s.rdoc_options = ['--charset=UTF-8']
 
   s.add_dependency 'bcrypt'
   s.add_dependency 'email_validator', '~> 1.6'
   s.add_dependency 'rails', '>= 4.0', '< 5.1'
-  s.add_development_dependency 'sqlite3'
-  s.add_development_dependency 'rspec-rails'
+
   # s.add_development_dependency 'capybara'
   s.add_development_dependency 'factory_girl_rails'
+  s.add_development_dependency 'rspec-rails'
   s.add_development_dependency 'pry'
+  s.add_development_dependency 'sqlite3'
 
   s.required_ruby_version = Gem::Requirement.new('>= 2.0')
 end

data/config/locales/authenticate.en.yml

@@ -10,7 +10,6 @@ en:
       link_text: Change my password
       opening: Someone has requested a link to change your password. You can do this through the link below.
   flashes:
-    failure_after_create: Bad email or password.
     failure_after_update: Password can't be blank.
     failure_when_forbidden: Please double check the URL or try submitting the form again.
     failure_when_not_signed_in: Please sign in to continue.
@@ -55,3 +54,12 @@ en:
     new:
       sign_in: Sign in
       title: Sign up
+  callbacks:
+    authenticatable:
+      failure:  Bad id or password
+    brute_force:
+      failure: "Your account is locked, will unlock in %{time_remaining}"
+    lifetimed:
+      failure: Your session has reached it's maximum allowed lifetime, you must log in again
+    timeoutable:
+      failure: Your session has expired