authenticate 0.7.1 → 0.7.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 385cdcc42a02c88733f5236180cbf2f8fe9b26cd
-  data.tar.gz: 467b36878265dd502f6fd88fd0fe4eb8075ff2a4
+  metadata.gz: 4b20e579605068181100a79652e0d2f59b40d7a5
+  data.tar.gz: 4cca1df92302dee427285af9453c9489fe9b985e
 SHA512:
-  metadata.gz: 5dbfc58d5d80c63d57ea44f2609cb5d7945db12c0122aba71b498f3a90e9dd395573389aebd8bfa12a8c048d4507307e5e0ac4470b01ac2dfb72cdcde97ea8a8
-  data.tar.gz: 576dedbcf695565157b8a5df868f510695e50a38a6ed0e36a68be484017fbad396a4d10428411727bcfb15c9f99b89a15b196637ae2700fb223ea1b023a89ae8
+  metadata.gz: '0855f6f3b59e182affb16b9e71ad9224ac031494c73acb869e335ff86781e5130fa9dcc0d28f24d17cf3f2e9e2dad2fcd82caefd15d0b27604b5cf9096975f58'
+  data.tar.gz: 58f3a8f48083d62280a32221c0130056cb5abf360dce3c9eb50c274667aff6dfc14eedb3e0f145b32579af653b0be068394609f5e59f3058069ef99e2695f45d

data/CHANGELOG.md

@@ -1,6 +1,17 @@
 # Authenticate Changelog
 
 
+## [0.7.2] - June 22, 2017
+
+### API change
+- removed new_users_path, sign_up_path remains
+
+### New Feature
+- added allow_sign_up flag to install generator 
+
+[0.7.2]: https://github.com/tomichj/authenticate/compare/v0.7.1...v0.7.2
+
+
 ## [0.7.1] - June 22, 2017
 
 ### Fixed

data/README.md

@@ -2,10 +2,11 @@
 
 A Rails authentication gem.
 
-Authenticate is small, simple, but extensible. It has highly opinionated defaults but is
-open to significant modification.
+Authenticate is small, simple, but extensible and comprehensive. Authenticate comes out of the box with opinionated 
+defaults but is open to complete modification.
 
-Authenticate is inspired by, and draws from, Devise, Warden, Authlogic, Clearance, Sorcery, and restful_authentication.
+Authenticate is inspired by, and draws both concepts and code from: 
+Devise, Warden, Authlogic, Clearance, Sorcery, and restful_authentication.
 
 Please use [GitHub Issues] to report bugs. You can contact me directly on twitter 
 [@JustinTomich](https://twitter.com/justintomich).
@@ -23,6 +24,17 @@ Please use [GitHub Issues] to report bugs. You can contact me directly on twitte
 * configuration driven - almost all configuration is performed in the initializer
 
 
+### What's different about Authenticate?
+
+Authenticate provides rails authentication with email & password. Authenticate only works with Rails, and only
+with active record; this keeps it simple. There's no middleware, and no compromises or added complexity to
+support other ORMs.
+
+Authenticate uses a modular callback mechanism similar to Warden, but much simpler. A lot of 
+functionality is provided: there are modules to detect brute force attacks, enforce maximum session
+lifetimes, session timeouts, track logins, etc. 
+
+
 ## Implementation Overview
 
 Authenticate:
@@ -188,12 +200,14 @@ end
 
 ### User Model
 
-You can [use an alternate user model class](https://github.com/tomichj/authenticate/wiki/custom-user-model).
+Authenticate assumes your user model is a class named User, but you can 
+[specify any user model class](https://github.com/tomichj/authenticate/wiki/custom-user-model).
 
 
 ### Username Authentication
 
-You can [authenticate with username](https://github.com/tomichj/authenticate/wiki/Authenticate-with-username).
+Authenticate uses email and password to login users. You 
+can also [authenticate with username](https://github.com/tomichj/authenticate/wiki/Authenticate-with-username).
 
 
 ### Routes

data/config/routes.rb

@@ -3,8 +3,8 @@ if Authenticate.configuration.routes_enabled?
     resource :session, controller: 'authenticate/sessions', only: [:create, :new, :destroy]
     resources :passwords, controller: 'authenticate/passwords', only: [:new, :create]
 
-    user_actions = Authenticate.configuration.allow_sign_up? ? [:new, :create] : []
     user_model = Authenticate.configuration.user_model_route_key
+    user_actions = Authenticate.configuration.allow_sign_up? ? [:create] : []
     resource user_model, controller: 'authenticate/users', only: user_actions do
       resources :passwords, controller: 'authenticate/passwords', only: [:edit, :update]
     end

data/lib/authenticate/configuration.rb

@@ -202,9 +202,8 @@ module Authenticate
     #
     # Set to `false` to disable user creation routes. The setting is ignored if routes are disabled.
     #
-    # @param [Boolean] value
     # @return [Boolean]
-    attr_accessor :allow_sign_up
+    attr_writer :allow_sign_up
 
     # Enable or disable Authenticate's built-in routes.
     #
@@ -277,6 +276,13 @@ module Authenticate
       user_model_class.model_name.param_key.to_sym
     end
 
+    # Actions allowed for :user resources (in routes.rb).
+    # If sign up is allowed, the [:create] action is allowed, otherwise [].
+    # @return [Array<Symbol>]
+    def user_actions
+      allow_sign_up? ? [:create] : []
+    end
+
     # Is the user sign up route enabled?
     # @return [Boolean]
     def allow_sign_up?

data/lib/authenticate/version.rb

@@ -1,3 +1,3 @@
 module Authenticate
-  VERSION = '0.7.1'.freeze
+  VERSION = '0.7.2'.freeze
 end

data/lib/generators/authenticate/install/install_generator.rb

@@ -15,6 +15,12 @@ module Authenticate
                    banner: 'model',
                    desc: "Specify the model class name if you will use anything other than 'User'"
 
+      class_option :allow_sign_up,
+                   optional: true,
+                   type: :boolean,
+                   banner: 'allow_sign_up',
+                   desc: 'Disable the sign up route'
+
       def initialize(*)
         super
         assign_names!(model_class_name)
@@ -32,7 +38,6 @@ module Authenticate
           inject_into_class(model_path, model_class_name, "  include Authenticate::User\n\n")
         else
           @model_base_class = model_base_class
-          # copy_file 'user.rb', 'app/models/user.rb'
           template 'user.rb.erb', 'app/models/user.rb'
         end
       end
@@ -64,7 +69,15 @@ module Authenticate
         if options[:model]
           inject_into_file(
             'config/initializers/authenticate.rb',
-            "  config.user_model = '#{options[:model]}' \n",
+            "  config.user_model = '#{options[:model]}'\n",
+            after: "Authenticate.configure do |config|\n"
+          )
+        end
+
+        if options.key? :allow_sign_up
+          inject_into_file(
+            'config/initializers/authenticate.rb',
+            "  config.allow_sign_up = #{options['allow_sign_up']}\n",
             after: "Authenticate.configure do |config|\n"
           )
         end
@@ -121,7 +134,7 @@ module Authenticate
 
       def new_indexes
         @new_indexes ||= {
-          index_users_on_email: "add_index :#{table_name}, :email",
+          index_users_on_email: "add_index :#{table_name}, :email, unique: true",
           index_users_on_session_token: "add_index :#{table_name}, :session_token"
         }.reject { |index| existing_users_indexes.include?(index.to_s) }
       end
@@ -140,10 +153,21 @@ module Authenticate
         file.sub(%r{^.*(db/migrate/)(?:\d+_)?}, '')
       end
 
+      # def users_table_exists?
+      #   ActiveRecord::Base.connection.table_exists?(table_name)
+      # end
+
       def users_table_exists?
-        ActiveRecord::Base.connection.table_exists?(table_name)
+        # Rails 5 uses 'data sources'
+        if ActiveRecord::Base.connection.respond_to?(:data_source_exists?)
+          ActiveRecord::Base.connection.data_source_exists?(table_name)
+        else
+          # Rails 4 uses 'tables'
+          ActiveRecord::Base.connection.table_exists?(table_name)
+        end
       end
 
+
       def existing_users_columns
         return [] unless users_table_exists?
         ActiveRecord::Base.connection.columns(table_name).map(&:name)

data/spec/controllers/deprecated_controller_methods_spec.rb

@@ -1,5 +1,4 @@
 require 'spec_helper'
-require 'support/controllers/controller_helpers'
 
 # Matcher that asserts user was denied access.
 RSpec::Matchers.define :deny_access do

data/spec/controllers/secured_controller_spec.rb

@@ -1,5 +1,4 @@
 require 'spec_helper'
-require 'support/controllers/controller_helpers'
 
 # Matcher that asserts user was denied access.
 RSpec::Matchers.define :deny_access do

data/spec/dummy/db/schema.rb

@@ -29,7 +29,7 @@ ActiveRecord::Schema.define(version: 20160130192731) do
     t.datetime "password_reset_sent_at"
   end
 
-  add_index "users", ["email"], name: "index_users_on_email"
+  add_index "users", ["email"], name: "index_users_on_email", unique: true
   add_index "users", ["session_token"], name: "index_users_on_session_token"
 
 end

data/spec/features/brute_force_spec.rb

@@ -1,5 +1,4 @@
 require 'spec_helper'
-require 'support/features/feature_helpers'
 
 feature 'visitor has consecutive bad logins' do
   before do

data/spec/features/create_user_spec.rb

@@ -1,5 +1,4 @@
 require 'spec_helper'
-require 'support/features/feature_helpers'
 
 feature 'create a user with valid attributes' do
 
@@ -32,13 +31,13 @@ feature 'create user after signed in' do
   scenario 'cannot get to new user page' do
     user = create(:user, email: 'test.user@example.com')
     sign_in_with user.email, user.password
-    visit new_users_path
+    visit sign_up_path
     expect_path_is_redirect_url
   end
 end
 
 def create_user_with_valid_params(user_attrs = attributes_for(:user))
-  visit new_users_path
+  visit sign_up_path
   fill_in 'user_email', with: user_attrs[:email]
   fill_in 'user_password', with: user_attrs[:password]
   click_button 'Sign up'

data/spec/features/max_session_lifetime_spec.rb

@@ -1,5 +1,4 @@
 require 'spec_helper'
-require 'support/features/feature_helpers'
 
 feature 'visitor has consecutive bad logins' do
   before(:each) do

data/spec/features/new_user_form_spec.rb

@@ -1,17 +1,16 @@
 require 'spec_helper'
-require 'support/features/feature_helpers'
 
-feature 'visitor at new user form, not signed in' do
+feature 'visitor at sign up form, not signed in' do
   scenario 'visit with no arguments' do
-    visit new_users_path
-    expect(page).to have_current_path new_users_path
+    visit sign_up_path
+    expect(page).to have_current_path sign_up_path
     within 'h2' do
       expect(page).to have_content /Sign up/i
     end
   end
 
   scenario 'defaults email to value provided in query string' do
-    visit new_users_path(user: { email: 'dude@example.com' })
+    visit sign_up_path(user: { email: 'dude@example.com' })
     expect(page).to have_selector 'input[value="dude@example.com"]'
   end
 end
@@ -20,7 +19,7 @@ feature 'visitor at new user form, already signed in' do
   scenario 'redirects user to redirect_url' do
     user = create(:user, email: 'test.user@example.com')
     sign_in_with 'Test.USER@example.com', user.password
-    visit new_users_path
+    visit sign_up_path
     expect_path_is_redirect_url
   end
 end

data/spec/features/password_reset_spec.rb

@@ -1,5 +1,4 @@
 require 'spec_helper'
-require 'support/features/feature_helpers'
 
 feature 'visitor requests password reset' do
   before(:each) do

data/spec/features/password_update_spec.rb

@@ -1,5 +1,4 @@
 require 'spec_helper'
-require 'support/features/feature_helpers'
 
 
 feature 'visit password edit screen' do

data/spec/features/sign_in_spec.rb

@@ -1,5 +1,4 @@
 require 'spec_helper'
-require 'support/features/feature_helpers'
 
 feature 'visitor signs in' do
   scenario 'with valid email and password' do
@@ -31,7 +30,7 @@ end
 feature 'visitor goes to sign in page' do
   scenario 'signed out user is not redirected' do
     visit sign_in_path
-    expect_sign_in_path
+    expect_sign_in_page
   end
 
   scenario 'signed in user is redirected' do
@@ -43,6 +42,10 @@ feature 'visitor goes to sign in page' do
   end
 end
 
-def expect_sign_in_path
-  expect(current_path).to eq sign_in_path
+feature 'user is not signed in' do
+  scenario 'redirected to sign in' do
+    visit welcome_index_path
+    expect_sign_in_page
+  end
 end
+

data/spec/features/sign_out_spec.rb

@@ -1,5 +1,4 @@
 require 'spec_helper'
-require 'support/features/feature_helpers'
 
 feature 'visitor signs out' do
   before do

data/spec/features/sign_up_spec.rb

@@ -1,5 +1,4 @@
 require 'spec_helper'
-require 'support/features/feature_helpers'
 
 feature 'visitor signs up' do
   scenario 'navigates to sign up page' do

data/spec/features/timeoutable_spec.rb

@@ -1,5 +1,4 @@
 require 'spec_helper'
-require 'support/features/feature_helpers'
 
 feature 'visitor session time' do
   before do

data/spec/model/email_spec.rb

@@ -19,4 +19,15 @@ describe Authenticate::Model::Email do
     user = create(:user)
     expect(User.authenticate([user.email, user.password])).to eq(user)
   end
+
+  it 'validates unique email address' do
+    original = build(:user, email: 'email@email.com')
+    dupe_email = build(:user, email: 'email@email.com')
+
+    original.save
+    dupe_email.save
+
+    expect(dupe_email.errors.count).to be(1)
+    expect(dupe_email.errors.messages[:email]).to include('has already been taken')
+  end
 end

data/spec/model/session_spec.rb

@@ -10,7 +10,6 @@ describe Authenticate::Session do
     end
     it 'nil user without a session token' do
       request = mock_request
-      cookies = {}
       session = Authenticate::Session.new(request)
       expect(session.current_user).to be_nil
     end

data/spec/spec_helper.rb

@@ -9,13 +9,13 @@ if ActiveRecord::VERSION::STRING >= '5.0'
 end
 
 require 'rspec/rails'
-# require 'shoulda-matchers'
 require 'capybara/rails'
 require 'capybara/rspec'
 require 'database_cleaner'
 require 'factory_girl'
 require 'timecop'
-require 'support/mailer'
+
+Dir[File.join(File.dirname(__FILE__), 'support/**/*.rb')].each { |f| require f }
 
 Rails.backtrace_cleaner.remove_silencers!
 DatabaseCleaner.strategy = :truncation
@@ -55,51 +55,3 @@ RSpec.configure do |config|
   end
 end
 
-#
-# todo - enhance test helpers, put in main project
-#
-def mock_request(params: {}, cookies: {})
-  req = double('request')
-  allow(req).to receive(:params).and_return(params)
-  allow(req).to receive(:remote_ip).and_return('111.111.111.111')
-  allow(req).to receive(:cookie_jar).and_return(cookies)
-  req
-end
-
-def session_cookie_for(user)
-  { Authenticate.configuration.cookie_name.freeze.to_sym => user.session_token }
-end
-
-
-#
-# Dumb glue method, deal with rails 4 vs rails 5 get/post methods.
-#
-def do_post(path, *args)
-  if Rails::VERSION::MAJOR >= 5
-    post path, *args
-  else
-    post path, *(args.collect{|i| i.values}.flatten)
-  end
-end
-
-def do_get(path, *args)
-  if Rails::VERSION::MAJOR >= 5
-    get path, *args
-  else
-    get path, *(args.collect{|i| i.values}.flatten)
-  end
-end
-
-def do_put(path, *args)
-  if Rails::VERSION::MAJOR >= 5
-    put path, *args
-  else
-    put path, *(args.collect{|i| i.values}.flatten)
-  end
-end
-
-# class ActionMailer::MessageDelivery
-#   def deliver_later
-#     deliver_now
-#   end
-# end

data/spec/support/features/feature_helpers.rb

@@ -30,6 +30,10 @@ module Features
     def expect_path_is_redirect_url
       expect(current_path).to eq(Authenticate.configuration.redirect_url)
     end
+
+    def expect_sign_in_page
+      expect(current_path).to eq sign_in_path
+    end
   end
 end
 

data/spec/support/request_helpers.rb

@@ -0,0 +1,46 @@
+module RequestHelpers
+
+  #
+  # Dumb glue methods, to deal with rails 4 vs rails 5 get/post methods.
+  #
+  def do_post(path, *args)
+    if Rails::VERSION::MAJOR >= 5
+      post path, *args
+    else
+      post path, *(args.collect{|i| i.values}.flatten)
+    end
+  end
+
+  def do_get(path, *args)
+    if Rails::VERSION::MAJOR >= 5
+      get path, *args
+    else
+      get path, *(args.collect{|i| i.values}.flatten)
+    end
+  end
+
+# def do_put(path, *args)
+#   if Rails::VERSION::MAJOR >= 5
+#     put path, *args
+#   else
+#     put path, *(args.collect{|i| i.values}.flatten)
+#   end
+# end
+
+
+  def mock_request(params: {}, cookies: {})
+    req = double('request')
+    allow(req).to receive(:params).and_return(params)
+    allow(req).to receive(:remote_ip).and_return('111.111.111.111')
+    allow(req).to receive(:cookie_jar).and_return(cookies)
+    req
+  end
+
+  def session_cookie_for(user)
+    { Authenticate.configuration.cookie_name.freeze.to_sym => user.session_token }
+  end
+end
+
+RSpec.configure do |config|
+  config.include RequestHelpers
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: authenticate
 version: !ruby/object:Gem::Version
-  version: 0.7.1
+  version: 0.7.2
 platform: ruby
 authors:
 - Justin Tomich
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-06-22 00:00:00.000000000 Z
+date: 2017-07-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bcrypt
@@ -317,10 +317,6 @@ files:
 - spec/dummy/config/locales/en.yml
 - spec/dummy/config/routes.rb
 - spec/dummy/config/secrets.yml
-- spec/dummy/db/migrate/20160130192728_create_users.rb
-- spec/dummy/db/migrate/20160130192729_add_authenticate_brute_force_to_users.rb
-- spec/dummy/db/migrate/20160130192730_add_authenticate_timeoutable_to_users.rb
-- spec/dummy/db/migrate/20160130192731_add_authenticate_password_reset_to_users.rb
 - spec/dummy/db/schema.rb
 - spec/dummy/lib/assets/.keep
 - spec/dummy/log/.keep
@@ -358,6 +354,7 @@ files:
 - spec/support/controllers/controller_helpers.rb
 - spec/support/features/feature_helpers.rb
 - spec/support/mailer.rb
+- spec/support/request_helpers.rb
 homepage: http://github.com/tomichj/authenticate
 licenses:
 - MIT

data/spec/dummy/db/migrate/20160130192728_create_users.rb

@@ -1,18 +0,0 @@
-class CreateUsers < ActiveRecord::Migration
-  def change
-
-    create_table :users do |t|
-          t.string :email
-          t.string :encrypted_password, limit: 128
-          t.string :session_token, limit: 128
-          t.datetime :current_sign_in_at
-          t.string :current_sign_in_ip, limit: 128
-          t.datetime :last_sign_in_at
-          t.string :last_sign_in_ip, limit: 128
-          t.integer :sign_in_count
-        end
-
-    add_index :users, :email
-    add_index :users, :session_token
-  end
-end

data/spec/dummy/db/migrate/20160130192729_add_authenticate_brute_force_to_users.rb

@@ -1,6 +0,0 @@
-class AddAuthenticateBruteForceToUsers < ActiveRecord::Migration
-  def change
-    add_column :users, :failed_logins_count, :integer, default: 0
-    add_column :users, :lock_expires_at, :datetime, default: nil
-  end
-end

data/spec/dummy/db/migrate/20160130192730_add_authenticate_timeoutable_to_users.rb

@@ -1,5 +0,0 @@
-class AddAuthenticateTimeoutableToUsers < ActiveRecord::Migration
-  def change
-    add_column :users, :last_access_at, :datetime, default: nil
-  end
-end

data/spec/dummy/db/migrate/20160130192731_add_authenticate_password_reset_to_users.rb

@@ -1,7 +0,0 @@
-class AddAuthenticatePasswordResetToUsers < ActiveRecord::Migration
-  def change
-    add_column :users, :password_reset_token, :string, default: nil
-    add_column :users, :password_reset_sent_at, :datetime, default: nil
-  end
-end
-