authenticate 0.2.2 → 0.2.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: c160442936452dc9147dbe4fd4d917c1aa278b50
-  data.tar.gz: 358c081a740043a8db0e95b62f8ce8e3512ffbf5
+  metadata.gz: ca8c03070d7634ba64d25f575271f6bebe6920fc
+  data.tar.gz: bc353110b848819716f864a7ca66f7df46afae1b
 SHA512:
-  metadata.gz: 392b0d52f226921b405e65bff052ac0e7f20eb2ed84c4047a44ddff2e544db0173734957425e51604137143ebb53573ba49077518eccc4543dcea7200b7d0166
-  data.tar.gz: 4e7833c91bf197290bdba2d81536adc920cc6c7e06ef710b3f7f095038d9c0709600e7be4d3f6ddd92738750e89c52b027b459bf2c044fccfabc3044c0fc726d
+  metadata.gz: 9c0d18c59f7373dbb3c817a92b7b02ff901d5f56c8c7ac5ab72c7c2dac611b044c15b25ebb0b93873986663825b00de386bc1ba25eccae537724d27171c767a1
+  data.tar.gz: 0122cd40a252a9db8c946368529220bdc41f6750220fd1ad3f6c61df3744392eac0f8969d13365e26f3c124fe333a1451f95e15bfad83574b2386db45d7a4ccc

data/CHANGELOG.md

@@ -1,5 +1,14 @@
 # Authenticate Changelog
 
+## [0.2.3] - February 13, 2016
+
+Small bugfix for :username authentication.
+Improved documentation, started adding wiki pages.
+
+[0.2.3]: https://github.com/tomichj/authenticate/compare/v0.2.2...v0.2.3
+
+
+
 ## [0.2.2] - February 9, 2016
 
 Password length range requirements added, defaults to 8..128.

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    authenticate (0.2.1)
+    authenticate (0.2.2)
       bcrypt
       email_validator (~> 1.6)
       rails (>= 4.0, < 5.1)

data/README.md

@@ -43,19 +43,13 @@ The cookie is then presented upon each subsequent access attempt to your server.
 
 ## Install
 
-To get started, add Authenticate to your `Gemfile`:
+To get started, add Authenticate to your `Gemfile` and run `bundle install` to install it:
 
 ```ruby
 gem 'authenticate'
 ```
 
-Then run:
-
-```sh
-bundle install
-```
-
-Then run the installation generator:
+Then run the authenticate install generator:
 
 ```sh
 rails generate authenticate:install
@@ -66,12 +60,10 @@ The generator does the following:
 * Insert `include Authenticate::User` into your `User` model. If you don't have a User model, one is created.
 * Insert `include Authenticate::Controller` into your `ApplicationController`
 * Add an initializer at `config/intializers/authenticate.rb`.
-* Create migrations to either create a users table or add additional columns to :user. A primary migration is added,
-'create users' or 'add_authenticate_to_users'. This migration is required. Two additonal migrations are created
-to support the 'brute_force' and 'timeoutable' modules. You may delete the brute_force and timeoutable migrations,
-but those migrations are required if you use those Authenticate features (see Configure, next).
+* Create migrations to create a users table or add columns to your existing table.
 
-Finally, you'll need to run the migrations that Authenticate just generated:
+
+You'll need to run the migrations that Authenticate just generated:
 
 ```sh
 rake db:migrate
@@ -88,15 +80,15 @@ Authenticate.configure do |config|
   config.cookie_name = 'authenticate_session_token'
   config.cookie_expiration = { 1.year.from_now.utc }
   config.cookie_domain = nil
-  config.cookie_path = '/
+  config.cookie_path = '/'
   config.secure_cookie = false
   config.cookie_http_only = false
   config.mailer_sender = 'reply@example.com'
   config.crypto_provider = Bcrypt
   config.timeout_in = nil
-  config.max_session_lifetime = nil  # 8.hours
+  config.max_session_lifetime = nil
   config.max_consecutive_bad_logins_allowed = nil
-  config.bad_login_lockout_period = nil # 5.minutes
+  config.bad_login_lockout_period = nil
   config.password_length = 8..128
   config.authentication_strategy = :email
   config.redirect_url = '/'
@@ -109,83 +101,30 @@ end
 Configuration parameters are described in detail here: [Configuration](lib/authenticate/configuration.rb)
 
 
-### User Model
-
-Authenticate assumes your user class is '::User' by default. You can elect to use another user class.
-Set the user model class name using `user_model` in configuration. For example, if your user model
-class is `Profile`:
-
-```ruby
-Authenticate.configure do |config|
-  config.user_model = '::Profile'
-end
-```
-
-Your user model will also need to `include Authenticate::User`. This is done automatically for you using
-the Authenticate install generator, see [install](#install) above.
-
-
-### timeout_in
-
-* timeout_in: the interval to timeout the user session without activity.
-
-If your configuration sets timeout_in to a non-nil value, then the last user access is tracked.
-If the interval between the current access time and the last access time is greater than timeout_in,
-the session is invalidated. The user will be prompted for authentication again.
-
-
-### max_session_lifetime
-
-* max_session_lifetime: the maximum interval a session is valid, regardless of user activity.
-
-If your configuration sets max_session_lifetime, a User session will expire once it has been active for
-max_session_lifetime. The user session is invalidated and the next access will will prompt the user for
-authentication again.
-
-
-### max_consecutive_bad_logins_allowed & bad_login_lockout_period
-
-* max_consecutive_bad_logins_allowed: an integer
-* bad_login_lockout_period: a ActiveSupport::CoreExtensions::Numeric::Time
-
-To enable brute force protection, set max_consecutive_bad_logins_allowed to a non-nil positive integer.
-The user's consecutive bad logins will be tracked, and if they exceed the allowed maximumm the user's account
-will be locked. The lock will last `bad_login_lockout_period`, which can be any time period (e.g. `10.minutes`).
-
-
-### authentication_strategy
-
-The default authentication strategy is :email. This requires that your User model have an attribute named `email`.
-The User account will be identified by this email address. The strategy will add email attribute validation to
-the User, ensuring that it exists, is properly formatted, and is unique.
-
-You may instead opt for :username. The username strategy will identify users with an attribute named `username`.
-The strategy will also add username attribute validation, ensuring the username exists and is unique.
-
-
 
 ## Use
 
-### Authentication
+### Access Control
 
-Authenticate provides a session controller and views to authenticate users. After successful authentication,
-the user is redirected to the path they attempted to access, or as specified by the `redirect_url` property
- in your configuration. This defaults to '/' but can customized:
+Use the `require_authentication` filter to control access to controller actions. To control access to
+all controller actions, add the filter to your `ApplicationController`, e.g.:
 
 ```ruby
-Authenticate.configure do |config|
-  config.redirect_url = '/specials'
+class ApplicationController < ActionController::Base
+    before_action :require_authentication
 end
 ```
 
 
-### Access Control
+### Authentication
 
-Use the `require_authentication` filter to control access to controller actions.
+Authenticate provides a session controller and views to authenticate users with an email and password.
+After successful authentication, the user is redirected to the path they attempted to access, 
+or as specified by the `redirect_url` property in your configuration. This defaults to '/' but can customized:
 
 ```ruby
-class ApplicationController < ActionController::Base
-    before_action :require_authentication
+Authenticate.configure do |config|
+  config.redirect_url = '/specials'
 end
 ```
 
@@ -205,6 +144,7 @@ Example:
 <% end %>
 ```
 
+
 ### Logout
 
 Log the user out. The user session_token will be deleted from the database, and the session cookie will
@@ -219,11 +159,33 @@ end
 ```
 
 
+### Password Resets
+
+Authenticate provides password reset controllers and views. When a user requests a password reset, Authenticate
+delivers an email to that user. Change your `mailer_sender`, which is used in the email's "from" header:
+
+```ruby
+Authenticate.configure do |config|
+  config.mailer_sender = 'reply@example.com'
+end
+```
+
+
 ## Overriding Authenticate
 
+### User Model
+
+You can [use an alternate user model class](https://github.com/tomichj/authenticate/wiki/custom-user-model).
+
+
+### Username Authentication
+
+You can [authenticate with username](https://github.com/tomichj/authenticate/wiki/Authenticate-with-username).
+
+
 ### Routes
 
-Authenticate adds routes. See [config/routes.rb](/config/routes.rb) for the default routes.
+Authenticate adds routes to your application. See [config/routes.rb](/config/routes.rb) for the default routes.
 
 If you want to control and customize the routes, you can turn off the built-in routes in
 the Authenticate configuration with `config.routes = false` and dump a copy of the default routes into your
@@ -237,7 +199,8 @@ Authenticate.configure do |config|
 end
 ```
 
-You can run a generator to dump a copy of the default routes into your application for modification.
+You can run a generator to dump a copy of the default routes into your application for modification. The generator
+will also switch off the routes as shown immediately above by setting `config.routes = false`. 
 
 ```sh
 $ rails generate authenticate:routes

data/app/controllers/authenticate/users_controller.rb

@@ -14,8 +14,6 @@ class Authenticate::UsersController < Authenticate::AuthenticateController
       login @user
       redirect_back_or url_after_create
     else
-      logger.info "@user: " + @user.inspect
-      logger.info "ERRORS?: " + @user.errors.inspect
       render template: 'users/new'
     end
   end
@@ -33,17 +31,17 @@ class Authenticate::UsersController < Authenticate::AuthenticateController
   end
 
   def user_from_params
-    email = user_params.delete(:email)
-    password = user_params.delete(:password)
-
-    Authenticate.configuration.user_model_class.new(user_params).tap do |user|
-      user.email = email
-      user.password = password
-    end
+    param_key = Authenticate.configuration.user_model_param_key.to_sym # :user, :user_profile, etc
+    user_params = params[param_key] ? user_params(param_key) : Hash.new
+    Authenticate.configuration.user_model_class.new(user_params)
   end
 
-  def user_params
-    key = Authenticate.configuration.user_model_param_key.to_sym
-    params[key] || Hash.new
+  # Override this method to allow additional user attributes.
+  # Default impl allows username and email to service both styles of authentication.
+  #
+  # * param_key - String used for parameter names, ActiveModel::Naming.param_key
+  #
+  def user_params(param_key)
+    params.require(param_key).permit(:username, :email, :password)
   end
 end

data/app/views/users/new.html.erb

@@ -3,25 +3,23 @@
 
   <%= form_for @user do |form| %>
 
-      <% if @user.errors.any? %>
-          <ul>
-            <% @user.errors.full_messages.each do |msg| %>
-                <li><%= msg %></li>
-            <% end %>
-          </ul>
-          <br>
-      <% end %>
+    <% if @user.errors.any? %>
+        <ul>
+          <% @user.errors.full_messages.each do |msg| %>
+            <li><%= msg %></li>
+          <% end %>
+        </ul>
+    <% end %>
 
+    <div class="field">
+      <%= form.label :email %>
+      <%= form.text_field :email, type: 'email' %>
+    </div>
 
-      <div class="field">
-        <%= form.label :email %>
-        <%= form.text_field :email, type: 'email' %>
-      </div>
-
-      <div class="field">
-        <%= form.label :password %>
-        <%= form.password_field :password %>
-      </div>
+    <div class="field">
+      <%= form.label :password %>
+      <%= form.password_field :password %>
+    </div>
 
     <div class="actions">
       <%= form.submit %>
@@ -30,5 +28,6 @@
     <div class="links">
       <%= link_to t(".sign_in"), sign_in_path %>
     </div>
+
   <% end %>
 </div>

data/lib/authenticate/configuration.rb

@@ -74,6 +74,8 @@ module Authenticate
     attr_accessor :crypto_provider
 
     # Invalidate the session after the specified period of idle time.
+    # If the interval between the current access time and the last access time is greater than timeout_in,
+    # the session is invalidated. The user will be prompted for authentication again.
     # Defaults to nil, which is no idle timeout.
     #
     #   Authenticate.configure do |config|
@@ -84,18 +86,34 @@ module Authenticate
     attr_accessor :timeout_in
 
     # Allow a session to 'live' for no more than the given elapsed time, e.g. 8.hours.
-    # Defaults to nil, or no max session time.
+    # Defaults to nil, or no max session time. If set, a user session will expire once it has been active for
+    # max_session_lifetime. The user session is invalidated and the next access will will prompt
+    # the user for authentication.
+    #
+    # Authenticate.configure do |config|
+    #   config.max_session_lifetime = 8.hours
+    # end
+    #
     # @return [ActiveSupport::CoreExtensions::Numeric::Time]
     attr_accessor :max_session_lifetime
 
-    # Number of consecutive bad login attempts allowed.
+    # Number of consecutive bad login attempts allowed. This is called "brute force protection".
+    # The user's consecutive bad logins will be tracked, and if they exceed the allowed maximumm
+    # the user's account will be locked. The length of the lockout is determined by [#bad_login_lockout_period].
+    #
     # Default is nil, which disables this feature.
+    #
+    # Authenticate.configure do |config|
+    #   config.max_consecutive_bad_logins_allowed = 4
+    #   config.bad_login_lockout_period = 10.minutes
+    # end
+    #
     # @return [Integer]
     attr_accessor :max_consecutive_bad_logins_allowed
 
-    # Time period to lock an account for if the user exceeds
-    # max_consecutive_bad_logins_allowed (and it's set to nonzero).
+    # Time period to lock an account for if the user exceeds max_consecutive_bad_logins_allowed.
     # If set to nil, account is locked out indefinitely.
+    #
     # @return [ActiveSupport::CoreExtensions::Numeric::Time]
     attr_accessor :bad_login_lockout_period
 

data/lib/authenticate/controller.rb

@@ -13,9 +13,9 @@ module Authenticate
     # After calling this, call login(user) to complete the process.
     def authenticate(params)
       # todo: get params from User model
-      user_credentials = Authenticate.configuration.user_model_class.credentials(params)
-      debug "Controller::user_credentials: #{user_credentials.inspect}"
-      Authenticate.configuration.user_model_class.authenticate(user_credentials)
+      credentials = Authenticate.configuration.user_model_class.credentials(params)
+      debug "Controller::credentials: #{credentials.inspect}"
+      Authenticate.configuration.user_model_class.authenticate(credentials)
     end
 
 
@@ -90,7 +90,7 @@ module Authenticate
     end
 
     # Return true if it's an Authenticate controller. Useful if you want to apply a before
-    # filter to all controllers, except the ones in Authenticate:
+    # filter to all controllers, except the ones in Authenticate, e.g.
     #
     #   before_action :my_filter, unless: :authenticate_controller?
     #

data/lib/authenticate/model/username.rb

@@ -18,7 +18,7 @@ module Authenticate
       extend ActiveSupport::Concern
 
       def self.required_fields(klass)
-        [:username]
+        [:username, :email]
       end
 
       included do
@@ -42,6 +42,7 @@ module Authenticate
           username = credentials[0]
           find_by_username username
         end
+
       end
 
     end

data/lib/authenticate/session.rb

@@ -14,15 +14,6 @@ module Authenticate
       debug 'SESSION initialize: @session_token: ' + @session_token.inspect
     end
 
-    # consecutive_failed_logins_limit
-    # timeout - time elapsed since last thingy. last_access_at column
-    # max session lifetime
-    # confirmation / awaiting confirmation
-    # reset password
-    # change password
-    # trackable - sign_in_count, last_sign_in_at, last_sign_in_ip
-
-
     # Finish user login process, *after* the user has been authenticated.
     # Called when user creates an account or signs back into the app.
     #

data/lib/authenticate/version.rb

@@ -1,3 +1,3 @@
 module Authenticate
-  VERSION = '0.2.2'
+  VERSION = '0.2.3'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: authenticate
 version: !ruby/object:Gem::Version
-  version: 0.2.2
+  version: 0.2.3
 platform: ruby
 authors:
 - Justin Tomich
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-02-13 00:00:00.000000000 Z
+date: 2016-02-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bcrypt