authenticate 0.2.2 → 0.2.3

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: c160442936452dc9147dbe4fd4d917c1aa278b50
4
- data.tar.gz: 358c081a740043a8db0e95b62f8ce8e3512ffbf5
3
+ metadata.gz: ca8c03070d7634ba64d25f575271f6bebe6920fc
4
+ data.tar.gz: bc353110b848819716f864a7ca66f7df46afae1b
5
5
  SHA512:
6
- metadata.gz: 392b0d52f226921b405e65bff052ac0e7f20eb2ed84c4047a44ddff2e544db0173734957425e51604137143ebb53573ba49077518eccc4543dcea7200b7d0166
7
- data.tar.gz: 4e7833c91bf197290bdba2d81536adc920cc6c7e06ef710b3f7f095038d9c0709600e7be4d3f6ddd92738750e89c52b027b459bf2c044fccfabc3044c0fc726d
6
+ metadata.gz: 9c0d18c59f7373dbb3c817a92b7b02ff901d5f56c8c7ac5ab72c7c2dac611b044c15b25ebb0b93873986663825b00de386bc1ba25eccae537724d27171c767a1
7
+ data.tar.gz: 0122cd40a252a9db8c946368529220bdc41f6750220fd1ad3f6c61df3744392eac0f8969d13365e26f3c124fe333a1451f95e15bfad83574b2386db45d7a4ccc
data/CHANGELOG.md CHANGED
@@ -1,5 +1,14 @@
1
1
  # Authenticate Changelog
2
2
 
3
+ ## [0.2.3] - February 13, 2016
4
+
5
+ Small bugfix for :username authentication.
6
+ Improved documentation, started adding wiki pages.
7
+
8
+ [0.2.3]: https://github.com/tomichj/authenticate/compare/v0.2.2...v0.2.3
9
+
10
+
11
+
3
12
  ## [0.2.2] - February 9, 2016
4
13
 
5
14
  Password length range requirements added, defaults to 8..128.
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- authenticate (0.2.1)
4
+ authenticate (0.2.2)
5
5
  bcrypt
6
6
  email_validator (~> 1.6)
7
7
  rails (>= 4.0, < 5.1)
data/README.md CHANGED
@@ -43,19 +43,13 @@ The cookie is then presented upon each subsequent access attempt to your server.
43
43
 
44
44
  ## Install
45
45
 
46
- To get started, add Authenticate to your `Gemfile`:
46
+ To get started, add Authenticate to your `Gemfile` and run `bundle install` to install it:
47
47
 
48
48
  ```ruby
49
49
  gem 'authenticate'
50
50
  ```
51
51
 
52
- Then run:
53
-
54
- ```sh
55
- bundle install
56
- ```
57
-
58
- Then run the installation generator:
52
+ Then run the authenticate install generator:
59
53
 
60
54
  ```sh
61
55
  rails generate authenticate:install
@@ -66,12 +60,10 @@ The generator does the following:
66
60
  * Insert `include Authenticate::User` into your `User` model. If you don't have a User model, one is created.
67
61
  * Insert `include Authenticate::Controller` into your `ApplicationController`
68
62
  * Add an initializer at `config/intializers/authenticate.rb`.
69
- * Create migrations to either create a users table or add additional columns to :user. A primary migration is added,
70
- 'create users' or 'add_authenticate_to_users'. This migration is required. Two additonal migrations are created
71
- to support the 'brute_force' and 'timeoutable' modules. You may delete the brute_force and timeoutable migrations,
72
- but those migrations are required if you use those Authenticate features (see Configure, next).
63
+ * Create migrations to create a users table or add columns to your existing table.
73
64
 
74
- Finally, you'll need to run the migrations that Authenticate just generated:
65
+
66
+ You'll need to run the migrations that Authenticate just generated:
75
67
 
76
68
  ```sh
77
69
  rake db:migrate
@@ -88,15 +80,15 @@ Authenticate.configure do |config|
88
80
  config.cookie_name = 'authenticate_session_token'
89
81
  config.cookie_expiration = { 1.year.from_now.utc }
90
82
  config.cookie_domain = nil
91
- config.cookie_path = '/
83
+ config.cookie_path = '/'
92
84
  config.secure_cookie = false
93
85
  config.cookie_http_only = false
94
86
  config.mailer_sender = 'reply@example.com'
95
87
  config.crypto_provider = Bcrypt
96
88
  config.timeout_in = nil
97
- config.max_session_lifetime = nil # 8.hours
89
+ config.max_session_lifetime = nil
98
90
  config.max_consecutive_bad_logins_allowed = nil
99
- config.bad_login_lockout_period = nil # 5.minutes
91
+ config.bad_login_lockout_period = nil
100
92
  config.password_length = 8..128
101
93
  config.authentication_strategy = :email
102
94
  config.redirect_url = '/'
@@ -109,83 +101,30 @@ end
109
101
  Configuration parameters are described in detail here: [Configuration](lib/authenticate/configuration.rb)
110
102
 
111
103
 
112
- ### User Model
113
-
114
- Authenticate assumes your user class is '::User' by default. You can elect to use another user class.
115
- Set the user model class name using `user_model` in configuration. For example, if your user model
116
- class is `Profile`:
117
-
118
- ```ruby
119
- Authenticate.configure do |config|
120
- config.user_model = '::Profile'
121
- end
122
- ```
123
-
124
- Your user model will also need to `include Authenticate::User`. This is done automatically for you using
125
- the Authenticate install generator, see [install](#install) above.
126
-
127
-
128
- ### timeout_in
129
-
130
- * timeout_in: the interval to timeout the user session without activity.
131
-
132
- If your configuration sets timeout_in to a non-nil value, then the last user access is tracked.
133
- If the interval between the current access time and the last access time is greater than timeout_in,
134
- the session is invalidated. The user will be prompted for authentication again.
135
-
136
-
137
- ### max_session_lifetime
138
-
139
- * max_session_lifetime: the maximum interval a session is valid, regardless of user activity.
140
-
141
- If your configuration sets max_session_lifetime, a User session will expire once it has been active for
142
- max_session_lifetime. The user session is invalidated and the next access will will prompt the user for
143
- authentication again.
144
-
145
-
146
- ### max_consecutive_bad_logins_allowed & bad_login_lockout_period
147
-
148
- * max_consecutive_bad_logins_allowed: an integer
149
- * bad_login_lockout_period: a ActiveSupport::CoreExtensions::Numeric::Time
150
-
151
- To enable brute force protection, set max_consecutive_bad_logins_allowed to a non-nil positive integer.
152
- The user's consecutive bad logins will be tracked, and if they exceed the allowed maximumm the user's account
153
- will be locked. The lock will last `bad_login_lockout_period`, which can be any time period (e.g. `10.minutes`).
154
-
155
-
156
- ### authentication_strategy
157
-
158
- The default authentication strategy is :email. This requires that your User model have an attribute named `email`.
159
- The User account will be identified by this email address. The strategy will add email attribute validation to
160
- the User, ensuring that it exists, is properly formatted, and is unique.
161
-
162
- You may instead opt for :username. The username strategy will identify users with an attribute named `username`.
163
- The strategy will also add username attribute validation, ensuring the username exists and is unique.
164
-
165
-
166
104
 
167
105
  ## Use
168
106
 
169
- ### Authentication
107
+ ### Access Control
170
108
 
171
- Authenticate provides a session controller and views to authenticate users. After successful authentication,
172
- the user is redirected to the path they attempted to access, or as specified by the `redirect_url` property
173
- in your configuration. This defaults to '/' but can customized:
109
+ Use the `require_authentication` filter to control access to controller actions. To control access to
110
+ all controller actions, add the filter to your `ApplicationController`, e.g.:
174
111
 
175
112
  ```ruby
176
- Authenticate.configure do |config|
177
- config.redirect_url = '/specials'
113
+ class ApplicationController < ActionController::Base
114
+ before_action :require_authentication
178
115
  end
179
116
  ```
180
117
 
181
118
 
182
- ### Access Control
119
+ ### Authentication
183
120
 
184
- Use the `require_authentication` filter to control access to controller actions.
121
+ Authenticate provides a session controller and views to authenticate users with an email and password.
122
+ After successful authentication, the user is redirected to the path they attempted to access,
123
+ or as specified by the `redirect_url` property in your configuration. This defaults to '/' but can customized:
185
124
 
186
125
  ```ruby
187
- class ApplicationController < ActionController::Base
188
- before_action :require_authentication
126
+ Authenticate.configure do |config|
127
+ config.redirect_url = '/specials'
189
128
  end
190
129
  ```
191
130
 
@@ -205,6 +144,7 @@ Example:
205
144
  <% end %>
206
145
  ```
207
146
 
147
+
208
148
  ### Logout
209
149
 
210
150
  Log the user out. The user session_token will be deleted from the database, and the session cookie will
@@ -219,11 +159,33 @@ end
219
159
  ```
220
160
 
221
161
 
162
+ ### Password Resets
163
+
164
+ Authenticate provides password reset controllers and views. When a user requests a password reset, Authenticate
165
+ delivers an email to that user. Change your `mailer_sender`, which is used in the email's "from" header:
166
+
167
+ ```ruby
168
+ Authenticate.configure do |config|
169
+ config.mailer_sender = 'reply@example.com'
170
+ end
171
+ ```
172
+
173
+
222
174
  ## Overriding Authenticate
223
175
 
176
+ ### User Model
177
+
178
+ You can [use an alternate user model class](https://github.com/tomichj/authenticate/wiki/custom-user-model).
179
+
180
+
181
+ ### Username Authentication
182
+
183
+ You can [authenticate with username](https://github.com/tomichj/authenticate/wiki/Authenticate-with-username).
184
+
185
+
224
186
  ### Routes
225
187
 
226
- Authenticate adds routes. See [config/routes.rb](/config/routes.rb) for the default routes.
188
+ Authenticate adds routes to your application. See [config/routes.rb](/config/routes.rb) for the default routes.
227
189
 
228
190
  If you want to control and customize the routes, you can turn off the built-in routes in
229
191
  the Authenticate configuration with `config.routes = false` and dump a copy of the default routes into your
@@ -237,7 +199,8 @@ Authenticate.configure do |config|
237
199
  end
238
200
  ```
239
201
 
240
- You can run a generator to dump a copy of the default routes into your application for modification.
202
+ You can run a generator to dump a copy of the default routes into your application for modification. The generator
203
+ will also switch off the routes as shown immediately above by setting `config.routes = false`.
241
204
 
242
205
  ```sh
243
206
  $ rails generate authenticate:routes
@@ -14,8 +14,6 @@ class Authenticate::UsersController < Authenticate::AuthenticateController
14
14
  login @user
15
15
  redirect_back_or url_after_create
16
16
  else
17
- logger.info "@user: " + @user.inspect
18
- logger.info "ERRORS?: " + @user.errors.inspect
19
17
  render template: 'users/new'
20
18
  end
21
19
  end
@@ -33,17 +31,17 @@ class Authenticate::UsersController < Authenticate::AuthenticateController
33
31
  end
34
32
 
35
33
  def user_from_params
36
- email = user_params.delete(:email)
37
- password = user_params.delete(:password)
38
-
39
- Authenticate.configuration.user_model_class.new(user_params).tap do |user|
40
- user.email = email
41
- user.password = password
42
- end
34
+ param_key = Authenticate.configuration.user_model_param_key.to_sym # :user, :user_profile, etc
35
+ user_params = params[param_key] ? user_params(param_key) : Hash.new
36
+ Authenticate.configuration.user_model_class.new(user_params)
43
37
  end
44
38
 
45
- def user_params
46
- key = Authenticate.configuration.user_model_param_key.to_sym
47
- params[key] || Hash.new
39
+ # Override this method to allow additional user attributes.
40
+ # Default impl allows username and email to service both styles of authentication.
41
+ #
42
+ # * param_key - String used for parameter names, ActiveModel::Naming.param_key
43
+ #
44
+ def user_params(param_key)
45
+ params.require(param_key).permit(:username, :email, :password)
48
46
  end
49
47
  end
@@ -3,25 +3,23 @@
3
3
 
4
4
  <%= form_for @user do |form| %>
5
5
 
6
- <% if @user.errors.any? %>
7
- <ul>
8
- <% @user.errors.full_messages.each do |msg| %>
9
- <li><%= msg %></li>
10
- <% end %>
11
- </ul>
12
- <br>
13
- <% end %>
6
+ <% if @user.errors.any? %>
7
+ <ul>
8
+ <% @user.errors.full_messages.each do |msg| %>
9
+ <li><%= msg %></li>
10
+ <% end %>
11
+ </ul>
12
+ <% end %>
14
13
 
14
+ <div class="field">
15
+ <%= form.label :email %>
16
+ <%= form.text_field :email, type: 'email' %>
17
+ </div>
15
18
 
16
- <div class="field">
17
- <%= form.label :email %>
18
- <%= form.text_field :email, type: 'email' %>
19
- </div>
20
-
21
- <div class="field">
22
- <%= form.label :password %>
23
- <%= form.password_field :password %>
24
- </div>
19
+ <div class="field">
20
+ <%= form.label :password %>
21
+ <%= form.password_field :password %>
22
+ </div>
25
23
 
26
24
  <div class="actions">
27
25
  <%= form.submit %>
@@ -30,5 +28,6 @@
30
28
  <div class="links">
31
29
  <%= link_to t(".sign_in"), sign_in_path %>
32
30
  </div>
31
+
33
32
  <% end %>
34
33
  </div>
@@ -74,6 +74,8 @@ module Authenticate
74
74
  attr_accessor :crypto_provider
75
75
 
76
76
  # Invalidate the session after the specified period of idle time.
77
+ # If the interval between the current access time and the last access time is greater than timeout_in,
78
+ # the session is invalidated. The user will be prompted for authentication again.
77
79
  # Defaults to nil, which is no idle timeout.
78
80
  #
79
81
  # Authenticate.configure do |config|
@@ -84,18 +86,34 @@ module Authenticate
84
86
  attr_accessor :timeout_in
85
87
 
86
88
  # Allow a session to 'live' for no more than the given elapsed time, e.g. 8.hours.
87
- # Defaults to nil, or no max session time.
89
+ # Defaults to nil, or no max session time. If set, a user session will expire once it has been active for
90
+ # max_session_lifetime. The user session is invalidated and the next access will will prompt
91
+ # the user for authentication.
92
+ #
93
+ # Authenticate.configure do |config|
94
+ # config.max_session_lifetime = 8.hours
95
+ # end
96
+ #
88
97
  # @return [ActiveSupport::CoreExtensions::Numeric::Time]
89
98
  attr_accessor :max_session_lifetime
90
99
 
91
- # Number of consecutive bad login attempts allowed.
100
+ # Number of consecutive bad login attempts allowed. This is called "brute force protection".
101
+ # The user's consecutive bad logins will be tracked, and if they exceed the allowed maximumm
102
+ # the user's account will be locked. The length of the lockout is determined by [#bad_login_lockout_period].
103
+ #
92
104
  # Default is nil, which disables this feature.
105
+ #
106
+ # Authenticate.configure do |config|
107
+ # config.max_consecutive_bad_logins_allowed = 4
108
+ # config.bad_login_lockout_period = 10.minutes
109
+ # end
110
+ #
93
111
  # @return [Integer]
94
112
  attr_accessor :max_consecutive_bad_logins_allowed
95
113
 
96
- # Time period to lock an account for if the user exceeds
97
- # max_consecutive_bad_logins_allowed (and it's set to nonzero).
114
+ # Time period to lock an account for if the user exceeds max_consecutive_bad_logins_allowed.
98
115
  # If set to nil, account is locked out indefinitely.
116
+ #
99
117
  # @return [ActiveSupport::CoreExtensions::Numeric::Time]
100
118
  attr_accessor :bad_login_lockout_period
101
119
 
@@ -13,9 +13,9 @@ module Authenticate
13
13
  # After calling this, call login(user) to complete the process.
14
14
  def authenticate(params)
15
15
  # todo: get params from User model
16
- user_credentials = Authenticate.configuration.user_model_class.credentials(params)
17
- debug "Controller::user_credentials: #{user_credentials.inspect}"
18
- Authenticate.configuration.user_model_class.authenticate(user_credentials)
16
+ credentials = Authenticate.configuration.user_model_class.credentials(params)
17
+ debug "Controller::credentials: #{credentials.inspect}"
18
+ Authenticate.configuration.user_model_class.authenticate(credentials)
19
19
  end
20
20
 
21
21
 
@@ -90,7 +90,7 @@ module Authenticate
90
90
  end
91
91
 
92
92
  # Return true if it's an Authenticate controller. Useful if you want to apply a before
93
- # filter to all controllers, except the ones in Authenticate:
93
+ # filter to all controllers, except the ones in Authenticate, e.g.
94
94
  #
95
95
  # before_action :my_filter, unless: :authenticate_controller?
96
96
  #
@@ -18,7 +18,7 @@ module Authenticate
18
18
  extend ActiveSupport::Concern
19
19
 
20
20
  def self.required_fields(klass)
21
- [:username]
21
+ [:username, :email]
22
22
  end
23
23
 
24
24
  included do
@@ -42,6 +42,7 @@ module Authenticate
42
42
  username = credentials[0]
43
43
  find_by_username username
44
44
  end
45
+
45
46
  end
46
47
 
47
48
  end
@@ -14,15 +14,6 @@ module Authenticate
14
14
  debug 'SESSION initialize: @session_token: ' + @session_token.inspect
15
15
  end
16
16
 
17
- # consecutive_failed_logins_limit
18
- # timeout - time elapsed since last thingy. last_access_at column
19
- # max session lifetime
20
- # confirmation / awaiting confirmation
21
- # reset password
22
- # change password
23
- # trackable - sign_in_count, last_sign_in_at, last_sign_in_ip
24
-
25
-
26
17
  # Finish user login process, *after* the user has been authenticated.
27
18
  # Called when user creates an account or signs back into the app.
28
19
  #
@@ -1,3 +1,3 @@
1
1
  module Authenticate
2
- VERSION = '0.2.2'
2
+ VERSION = '0.2.3'
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: authenticate
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.2
4
+ version: 0.2.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - Justin Tomich
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2016-02-13 00:00:00.000000000 Z
11
+ date: 2016-02-15 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bcrypt