authenticate 0.3.1 → 0.3.2

data/lib/authenticate/configuration.rb

@@ -1,6 +1,10 @@
+# Authenticate
 module Authenticate
+  #
+  # Configuration for Authenticate.
+  #
   class Configuration
-
+    #
     # ActiveRecord model class name that represents your user. Specify as a String.
     #
     # Defaults to '::User'.
@@ -224,12 +228,11 @@ module Authenticate
     # @return [Boolean]
     attr_accessor :debug
 
-
     def initialize
       # Defaults
       @debug = false
       @cookie_name = 'authenticate_session_token'
-      @cookie_expiration =  -> { 1.year.from_now.utc }
+      @cookie_expiration = -> { 1.year.from_now.utc }
       @cookie_domain = nil
       @cookie_path = '/'
       @secure_cookie = false
@@ -286,10 +289,12 @@ module Authenticate
       modules << :brute_force if @max_consecutive_bad_logins_allowed
       modules
     end
-
   end # end of Configuration class
-
-
+  #
+  # Access to Authenticate's configuration, e.g.:
+  #
+  #   puts Authenticate.configuration.redirect_url
+  #
   def self.configuration
     @configuration ||= Configuration.new
   end
@@ -301,5 +306,4 @@ module Authenticate
   def self.configure
     yield configuration
   end
-
 end

data/lib/authenticate/controller.rb

@@ -1,4 +1,27 @@
 module Authenticate
+  #
+  # The authenticate controller methods.
+  #
+  # Typically, you include this concern into your ApplicationController. A basic implementation might look like this:
+  #
+  #    class ApplicationController < ActionController::Base
+  #       include Authenticate::Controller
+  #       before_action :require_authentication
+  #       protect_from_forgery with: :exception
+  #     end
+  #
+  # Methods, generally called from authenticate's app controllers:
+  # * authenticate(params) - validate a user's identity
+  # * login(user, &block) - complete login after validating a user's identity, creating an Authenticate session
+  # * logout - log a user out, invalidating their Authenticate session.
+  #
+  # Action/Filter:
+  # * require_authentication - restrict access to authenticated users, often from ApplicationController
+  #
+  # Helpers, used anywhere:
+  # * current_user - get the current user from the current Authenticate session.
+  # * authenticated? - has the user been logged in?
+  #
   module Controller
     extend ActiveSupport::Concern
     include Debug
@@ -8,7 +31,6 @@ module Authenticate
       attr_writer :authenticate_session
     end
 
-
     # Validate a user's identity with (typically) email/ID & password, and return the User if valid, or nil.
     # After calling this, call login(user) to complete the process.
     def authenticate(params)
@@ -16,14 +38,12 @@ module Authenticate
       Authenticate.configuration.user_model_class.authenticate(credentials)
     end
 
-
     # Complete the user's sign in process: after calling authenticate, or after user creates account.
     # Runs all valid callbacks and sends the user a session token.
     def login(user, &block)
       authenticate_session.login user, &block
     end
 
-
     # Log the user out. Typically used in session controller.
     #
     # class SessionsController < ActionController::Base
@@ -37,7 +57,6 @@ module Authenticate
       authenticate_session.deauthenticate
     end
 
-
     # Use this filter as a before_action to restrict controller actions to authenticated users.
     # Consider using in application_controller to restrict access to all controllers.
     #
@@ -53,18 +72,14 @@ module Authenticate
     #
     def require_authentication
       debug 'Controller::require_authentication'
-      unless authenticated?
-        unauthorized
-      end
-
+      unauthorized unless authenticated?
       message = catch(:failure) do
         current_user = authenticate_session.current_user
-        Authenticate.lifecycle.run_callbacks(:after_set_user, current_user, authenticate_session, {event: :set_user })
+        Authenticate.lifecycle.run_callbacks(:after_set_user, current_user, authenticate_session, event: :set_user)
       end
       unauthorized(message) if message
     end
 
-
     # Has the user been logged in? Exposed as a helper, can be called from views.
     #
     #   <% if authenticated? %>
@@ -77,7 +92,6 @@ module Authenticate
       authenticate_session.authenticated?
     end
 
-
     # Get the current user from the current Authenticate session.
     # Exposed as a helper , can be called from controllers, views, and other helpers.
     #
@@ -103,9 +117,7 @@ module Authenticate
       authenticate_session.deauthenticate
       respond_to do |format|
         format.any(:js, :json, :xml) { head :unauthorized }
-        format.any {
-          redirect_unauthorized(msg)
-        }
+        format.any { redirect_unauthorized(msg) }
       end
     end
 
@@ -113,7 +125,7 @@ module Authenticate
       store_location
 
       if flash_message
-        flash[:notice] = flash_message  # TODO use locales
+        flash[:notice] = flash_message # TODO: use locales
       end
 
       if authenticated?
@@ -123,13 +135,11 @@ module Authenticate
       end
     end
 
-
     def redirect_back_or(default)
       redirect_to(stored_location || default)
       clear_stored_location
     end
 
-
     # Used as the redirect location when {#unauthorized} is called and there is a
     # currently signed in user.
     #
@@ -152,11 +162,11 @@ module Authenticate
     def store_location
       if request.get?
         value = {
-            expires: nil,
-            httponly: true,
-            path: nil,
-            secure: Authenticate.configuration.secure_cookie,
-            value: request.original_fullpath
+          expires: nil,
+          httponly: true,
+          path: nil,
+          secure: Authenticate.configuration.secure_cookie,
+          value: request.original_fullpath
         }
         cookies[:authenticate_return_to] = value
       end
@@ -173,6 +183,5 @@ module Authenticate
     def authenticate_session
       @authenticate_session ||= Authenticate::Session.new(request, cookies)
     end
-
   end
 end

data/lib/authenticate/crypto/bcrypt.rb

@@ -1,6 +1,6 @@
 module Authenticate
   module Crypto
-
+    #
     # All crypto providers must implement encrypt(secret) and match?(secret, encrypted)
     module BCrypt
       require 'bcrypt'
@@ -20,11 +20,11 @@ module Authenticate
 
       def cost=(val)
         if val < ::BCrypt::Engine::MIN_COST
-          raise ArgumentError.new("bcrypt cost cannot be set below the engine's min cost (#{::BCrypt::Engine::MIN_COST})")
+          msg = "bcrypt cost cannot be set below the engine's min cost (#{::BCrypt::Engine::MIN_COST})"
+          raise ArgumentError.new(msg), msg
         end
         @cost = val
       end
-
     end
   end
 end

data/lib/authenticate/debug.rb

@@ -1,16 +1,16 @@
 module Authenticate
+  #
+  # Simple debug output for gem.
+  #
   module Debug
     extend ActiveSupport::Concern
 
-
     def debug(msg)
-      if defined?(Rails) && defined?(Rails.logger)
-        Rails.logger.info msg.to_s if Authenticate.configuration.debug
-      else
-        puts msg.to_s if Authenticate.configuration.debug
+      if defined?(Rails) && defined?(Rails.logger) && Authenticate.configuration.debug
+        Rails.logger.info msg.to_s
+      elsif Authenticate.configuration.debug
+        puts msg.to_s
       end
     end
-
-
   end
 end

data/lib/authenticate/engine.rb

@@ -2,8 +2,11 @@ require 'authenticate'
 require 'rails'
 
 module Authenticate
+  #
+  # Authenticate Rails engine.
+  # Filter password, token, from spewing out.
+  #
   class Engine < ::Rails::Engine
-
     initializer 'authenticate.filter' do |app|
       app.config.filter_parameters += [:password, :token]
     end
@@ -12,6 +15,5 @@ module Authenticate
       g.test_framework :rspec
       g.fixture_replacement :factory_girl, dir: 'spec/factories'
     end
-
   end
 end

data/lib/authenticate/lifecycle.rb

@@ -1,5 +1,6 @@
+# Authenticate Lifecycle methods within
 module Authenticate
-
+  #
   # Lifecycle stores and runs callbacks for authorization events.
   #
   # Heavily borrowed from warden (https://github.com/hassox/warden).
@@ -37,22 +38,22 @@ module Authenticate
   #
   class Lifecycle
     include Debug
-    @@conditions = [:only, :except, :event]
+
+    def initialize
+      @conditions = [:only, :except, :event].freeze
+    end
 
     # This callback is triggered after the first time a user is set during per-hit authorization, or during login.
     def after_set_user(options = {}, method = :push, &block)
       add_callback(after_set_user_callbacks, options, method, &block)
     end
 
-
-
     # A callback to run after the user successfully authenticates, during the login process.
     # Mechanically identical to [#after_set_user].
     def after_authentication(options = {}, method = :push, &block)
       add_callback(after_authentication_callbacks, options, method, &block)
     end
 
-
     # Run callbacks of the given kind.
     #
     # * kind - :authenticate or :after_set_user
@@ -64,27 +65,16 @@ module Authenticate
     def run_callbacks(kind, *args) # args - |user, session, opts|
       # Last callback arg MUST be a Hash
       options = args.last
-      debug "START Lifecycle.run_callbacks kind:#{kind} options:#{options.inspect}"
-
-      # each callback has 'conditions' stored with it
-      send("#{kind}_callbacks").each do |callback, conditions|
-        conditions = conditions.dup # make a copy, we mutate it
-        debug "Lifecycle.running callback -- #{conditions.inspect}"
-        conditions.delete_if {|key, _val| !@@conditions.include? key}
-        # debug "conditions after filter:#{conditions.inspect}"
+      send("#{kind}_callbacks").each do |callback, conditions| # each callback has 'conditions' stored with it
+        conditions = conditions.dup.delete_if { |key, _val| !@conditions.include? key }
         invalid = conditions.find do |key, value|
-          # debug "!!!!!!! conditions key:#{key} value:#{value}      options[key]:#{options[key].inspect}"
-          # debug("!value.include?(options[key]):#{!value.include?(options[key])}") if value.is_a?(Array)
           value.is_a?(Array) ? !value.include?(options[key]) : (value != options[key])
         end
-        debug "Lifecycle.callback invalid? #{invalid.inspect}"
         callback.call(*args) unless invalid
       end
-      debug "FINISHED Lifecycle.run_callbacks #{kind}"
       nil
     end
 
-
     def prepend_after_authentication(options = {}, &block)
       after_authentication(options, :unshift, &block)
     end
@@ -97,7 +87,6 @@ module Authenticate
       callbacks.send(method, [block, options])
     end
 
-
     # set event: to run callback on based on options
     def process_opts(options)
       if options.key?(:only)
@@ -108,7 +97,6 @@ module Authenticate
       options
     end
 
-
     def after_set_user_callbacks
       @after_set_user_callbacks ||= []
     end
@@ -118,7 +106,9 @@ module Authenticate
     end
   end
 
-
+  # Invoke lifecycle methods. Example:
+  #   Authenticate.lifecycle.run_callbacks(:after_set_user, current_user, authenticate_session, { event: :set_user })
+  #
   def self.lifecycle
     @lifecycle ||= Lifecycle.new
   end
@@ -126,4 +116,4 @@ module Authenticate
   def self.lifecycle=(lifecycle)
     @lifecycle = lifecycle
   end
-end
+end

data/lib/authenticate/login_status.rb

@@ -1,14 +1,17 @@
 module Authenticate
-
+  #
   # Indicate login attempt was successful. Allows caller to supply a block to login() predicated on success?
+  #
   class Success
     def success?
       true
     end
   end
 
+  #
   # Indicate login attempt was a failure, with a message.
   # Allows caller to supply a block to login() predicated on success?
+  #
   class Failure
     # The reason the sign in failed.
     attr_reader :message
@@ -22,6 +25,4 @@ module Authenticate
       false
     end
   end
-
 end
-

data/lib/authenticate/model/brute_force.rb

@@ -2,8 +2,7 @@ require 'authenticate/callbacks/brute_force'
 
 module Authenticate
   module Model
-
-
+    #
     # Protect from brute force attacks. Lock accounts that have too many failed consecutive logins.
     # Todo: email user to allow unlocking via a token.
     #
@@ -37,7 +36,6 @@ module Authenticate
         [:failed_logins_count, :lock_expires_at]
       end
 
-
       def register_failed_login!
         self.failed_logins_count ||= 0
         self.failed_logins_count += 1
@@ -45,11 +43,11 @@ module Authenticate
       end
 
       def lock!
-        self.update_attribute(:lock_expires_at, Time.now.utc + lockout_period)
+        update_attribute(:lock_expires_at, Time.now.utc + lockout_period)
       end
 
       def unlock!
-        self.update_attributes({failed_logins_count: 0, lock_expires_at: nil})
+        update_attributes(failed_logins_count: 0, lock_expires_at: nil)
       end
 
       def locked?
@@ -57,7 +55,7 @@ module Authenticate
       end
 
       def unlocked?
-        self.lock_expires_at.nil?
+        lock_expires_at.nil?
       end
 
       private

data/lib/authenticate/model/db_password.rb

@@ -1,9 +1,8 @@
 require 'authenticate/crypto/bcrypt'
 
-
 module Authenticate
   module Model
-
+    #
     # Encrypts and stores a password in the database to validate the authenticity of a user while logging in.
     #
     # Authenticate can plug in any crypto provider, but currently only features BCrypt.
@@ -37,28 +36,23 @@ module Authenticate
         attr_accessor :password_changing
         validates :password,
                   presence: true,
-                  length:{ in: password_length },
+                  length: { in: password_length },
                   unless: :skip_password_validation?
       end
 
-
-
       def password_match?(password)
-        match?(password, self.encrypted_password)
+        match?(password, encrypted_password)
       end
 
       def password=(new_password)
         @password = new_password
-
-        if new_password.present?
-          self.encrypted_password = encrypt(new_password)
-        end
+        self.encrypted_password = encrypt(new_password) if new_password.present?
       end
 
       private
 
+      # Class methods for database password management.
       module ClassMethods
-
         # We only have one crypto provider at the moment, but look up the provider in the config.
         def crypto_provider
           Authenticate.configuration.crypto_provider || Authenticate::Crypto::BCrypt
@@ -69,13 +63,10 @@ module Authenticate
         end
       end
 
-
       # If we already have an encrypted password and it's not changing, skip the validation.
       def skip_password_validation?
         encrypted_password.present? && !password_changing
       end
-
     end
   end
 end
-