authentication-zero 0.0.2 → 0.0.6
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile.lock +1 -1
- data/README.md +1 -1
- data/lib/authentication_zero/version.rb +1 -1
- data/lib/generators/authentication/authentication_generator.rb +47 -19
- data/lib/generators/authentication/templates/controllers/api/cancellations_controller.rb.tt +5 -0
- data/lib/generators/authentication/templates/controllers/api/password_resets_controller.rb.tt +31 -0
- data/lib/generators/authentication/templates/controllers/api/passwords_controller.rb.tt +22 -0
- data/lib/generators/authentication/templates/controllers/api/registrations_controller.rb.tt +18 -0
- data/lib/generators/authentication/templates/controllers/api/sessions_controller.rb.tt +17 -0
- data/lib/generators/authentication/templates/controllers/html/cancellations_controller.rb.tt +0 -1
- data/lib/generators/authentication/templates/controllers/html/password_resets_controller.rb.tt +1 -1
- data/lib/generators/authentication/templates/controllers/html/passwords_controller.rb.tt +8 -2
- data/lib/generators/authentication/templates/controllers/html/sessions_controller.rb.tt +0 -1
- data/lib/generators/authentication/templates/models/resource.rb.tt +5 -1
- data/lib/generators/authentication/templates/views/api/password_mailer/reset.html.erb.tt +7 -0
- data/lib/generators/authentication/templates/views/api/password_mailer/reset.text.erb.tt +7 -0
- data/lib/generators/authentication/templates/views/html/cancellations/new.html.erb.tt +1 -1
- data/lib/generators/authentication/templates/views/html/password_resets/edit.html.erb.tt +1 -1
- data/lib/generators/authentication/templates/views/html/passwords/edit.html.erb.tt +3 -3
- data/lib/generators/authentication/templates/views/html/registrations/new.html.erb.tt +1 -1
- metadata +9 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 2f6baaecd5d394f4a5a589851c45638015379cf53022c6ca601b7aa49b46b1da
|
|
4
|
+
data.tar.gz: 93a28f7c9762aa2534672e45d25ee75b7708ec2e53fd629497bee70c77d1bbd4
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 60439dd077e66f946f61663ffc1a0d395a3dcffd25793764eb0399b1163c9061b7917cbacd98ce74695c84bb5d363d42eb04dc09a8c2ceafb33413743f101683
|
|
7
|
+
data.tar.gz: 56756318409dbe854b7db0566e3a510f80d668aa399e38744b78aa9c3d604dd0b8a6321563b36f202dc618149ccb551ecbaf81c23b3afdbb03c766e50bb5fdac
|
data/Gemfile.lock
CHANGED
data/README.md
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
# Authentication Zero
|
|
2
2
|
|
|
3
|
-
The purpose of authentication zero is to generate a pre-built authentication system into a rails application that follows both security and rails best practices. By generating code into the user's application instead of using a library, the user has complete freedom to modify the authentication system so it works best with their app.
|
|
3
|
+
The purpose of authentication zero is to generate a pre-built authentication system into a rails application (web or api-only) that follows both security and rails best practices. By generating code into the user's application instead of using a library, the user has complete freedom to modify the authentication system so it works best with their app.
|
|
4
4
|
|
|
5
5
|
## Installation
|
|
6
6
|
|
|
@@ -3,10 +3,16 @@ require "rails/generators/active_record"
|
|
|
3
3
|
class AuthenticationGenerator < Rails::Generators::NamedBase
|
|
4
4
|
include ActiveRecord::Generators::Migration
|
|
5
5
|
|
|
6
|
+
class_option :api, type: :boolean, desc: "Generates API authentication"
|
|
7
|
+
|
|
6
8
|
source_root File.expand_path("templates", __dir__)
|
|
7
9
|
|
|
8
10
|
def create_controllers
|
|
9
|
-
|
|
11
|
+
if options.api
|
|
12
|
+
directory "controllers/api", "app/controllers"
|
|
13
|
+
else
|
|
14
|
+
directory "controllers/html", "app/controllers"
|
|
15
|
+
end
|
|
10
16
|
end
|
|
11
17
|
|
|
12
18
|
def create_mailers
|
|
@@ -14,7 +20,11 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
|
|
|
14
20
|
end
|
|
15
21
|
|
|
16
22
|
def create_views
|
|
17
|
-
|
|
23
|
+
if options.api
|
|
24
|
+
directory "views/api", "app/views"
|
|
25
|
+
else
|
|
26
|
+
directory "views/html", "app/views"
|
|
27
|
+
end
|
|
18
28
|
end
|
|
19
29
|
|
|
20
30
|
def create_models
|
|
@@ -27,34 +37,52 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
|
|
|
27
37
|
end
|
|
28
38
|
|
|
29
39
|
def add_routes
|
|
30
|
-
route "get 'sign_up', to: 'registrations#new'"
|
|
40
|
+
route "get 'sign_up', to: 'registrations#new'" unless options.api?
|
|
31
41
|
route "post 'sign_up', to: 'registrations#create'"
|
|
32
|
-
route "get 'sign_in', to: 'sessions#new'"
|
|
42
|
+
route "get 'sign_in', to: 'sessions#new'" unless options.api?
|
|
33
43
|
route "post 'sign_in', to: 'sessions#create'"
|
|
34
|
-
route "get 'password/edit', to: 'passwords#edit'"
|
|
44
|
+
route "get 'password/edit', to: 'passwords#edit'" unless options.api?
|
|
35
45
|
route "patch 'password', to: 'passwords#update'"
|
|
36
|
-
route "get 'cancellation/new', to: 'cancellations#new'"
|
|
46
|
+
route "get 'cancellation/new', to: 'cancellations#new'" unless options.api?
|
|
37
47
|
route "post 'cancellation', to: 'cancellations#destroy'"
|
|
38
|
-
route "get 'password_reset/new', to: 'password_resets#new'"
|
|
48
|
+
route "get 'password_reset/new', to: 'password_resets#new'" unless options.api?
|
|
39
49
|
route "post 'password_reset', to: 'password_resets#create'"
|
|
40
|
-
route "get 'password_reset/edit', to: 'password_resets#edit'"
|
|
50
|
+
route "get 'password_reset/edit', to: 'password_resets#edit'" unless options.api?
|
|
41
51
|
route "patch 'password_reset', to: 'password_resets#update'"
|
|
42
52
|
route "delete 'sign_out', to: 'sessions#destroy'"
|
|
43
53
|
end
|
|
44
54
|
|
|
45
55
|
def add_application_controller_methods
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
56
|
+
if options.api?
|
|
57
|
+
inject_into_class "app/controllers/application_controller.rb", "ApplicationController", verbose: false do <<~CODE
|
|
58
|
+
include ActionController::HttpAuthentication::Token::ControllerMethods
|
|
59
|
+
|
|
60
|
+
before_action :authenticate
|
|
61
|
+
|
|
62
|
+
private
|
|
63
|
+
def authenticate
|
|
64
|
+
if #{singular_table_name} = authenticate_with_http_token { |token, _| #{class_name}.find_by_session_token(token) }
|
|
65
|
+
Current.user = #{singular_table_name}
|
|
66
|
+
else
|
|
67
|
+
request_http_token_authentication
|
|
68
|
+
end
|
|
69
|
+
end
|
|
70
|
+
CODE
|
|
71
|
+
end
|
|
72
|
+
else
|
|
73
|
+
inject_into_class "app/controllers/application_controller.rb", "ApplicationController", verbose: false do <<~CODE
|
|
74
|
+
before_action :authenticate
|
|
75
|
+
|
|
76
|
+
private
|
|
77
|
+
def authenticate
|
|
78
|
+
if #{singular_table_name} = cookies[:session_token] && #{class_name}.find_by_session_token(cookies[:session_token])
|
|
79
|
+
Current.user = #{singular_table_name}
|
|
80
|
+
else
|
|
81
|
+
redirect_to sign_in_path, alert: "You need to sign in or sign up before continuing"
|
|
82
|
+
end
|
|
83
|
+
end
|
|
84
|
+
CODE
|
|
55
85
|
end
|
|
56
|
-
end
|
|
57
|
-
CODE
|
|
58
86
|
end
|
|
59
87
|
end
|
|
60
88
|
end
|
|
@@ -0,0 +1,31 @@
|
|
|
1
|
+
class PasswordResetsController < ApplicationController
|
|
2
|
+
before_action :set_<%= singular_table_name %>, only: :update
|
|
3
|
+
skip_before_action :authenticate
|
|
4
|
+
|
|
5
|
+
def create
|
|
6
|
+
if @<%= singular_table_name %> = <%= class_name %>.find_by_email(params[:email])
|
|
7
|
+
PasswordMailer.with(<%= singular_table_name %>: @<%= singular_table_name %>).reset.deliver_later
|
|
8
|
+
else
|
|
9
|
+
render json: { error: "The email address doesn't exist in our database" }, status: :bad_request
|
|
10
|
+
end
|
|
11
|
+
end
|
|
12
|
+
|
|
13
|
+
def update
|
|
14
|
+
if @<%= singular_table_name %>.update(password_params)
|
|
15
|
+
render json: @<%= singular_table_name %>
|
|
16
|
+
else
|
|
17
|
+
render json: @<%= singular_table_name %>.errors, status: :unprocessable_entity
|
|
18
|
+
end
|
|
19
|
+
end
|
|
20
|
+
|
|
21
|
+
private
|
|
22
|
+
def set_<%= singular_table_name %>
|
|
23
|
+
@<%= singular_table_name %> = <%= class_name %>.find_signed!(params[:token], purpose: "password_reset")
|
|
24
|
+
rescue ActiveSupport::MessageVerifier::InvalidSignature
|
|
25
|
+
render json: { error: "Your token has expired, please request a new one" }, status: :bad_request
|
|
26
|
+
end
|
|
27
|
+
|
|
28
|
+
def password_params
|
|
29
|
+
params.require(:<%= singular_table_name %>).permit(:password, :password_confirmation)
|
|
30
|
+
end
|
|
31
|
+
end
|
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
class PasswordsController < ApplicationController
|
|
2
|
+
before_action :set_<%= singular_table_name %>
|
|
3
|
+
|
|
4
|
+
def update
|
|
5
|
+
if !@<%= singular_table_name %>.authenticate(params[:current_password])
|
|
6
|
+
render json: { error: "The current password you entered is incorrect" }, status: :bad_request
|
|
7
|
+
elsif @<%= singular_table_name %>.update(password_params)
|
|
8
|
+
render json: @<%= singular_table_name %>
|
|
9
|
+
else
|
|
10
|
+
render json: @<%= singular_table_name %>.errors, status: :unprocessable_entity
|
|
11
|
+
end
|
|
12
|
+
end
|
|
13
|
+
|
|
14
|
+
private
|
|
15
|
+
def set_<%= singular_table_name %>
|
|
16
|
+
@<%= singular_table_name %> = Current.<%= singular_table_name %>
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
def password_params
|
|
20
|
+
params.require(:<%= singular_table_name %>).permit(:password, :password_confirmation)
|
|
21
|
+
end
|
|
22
|
+
end
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
class RegistrationsController < ApplicationController
|
|
2
|
+
skip_before_action :authenticate
|
|
3
|
+
|
|
4
|
+
def create
|
|
5
|
+
@<%= singular_table_name %> = <%= class_name %>.new(<%= "#{singular_table_name}_params" %>)
|
|
6
|
+
|
|
7
|
+
if @<%= singular_table_name %>.save
|
|
8
|
+
render json: @<%= singular_table_name %>, status: :created
|
|
9
|
+
else
|
|
10
|
+
render json: @<%= singular_table_name %>.errors, status: :unprocessable_entity
|
|
11
|
+
end
|
|
12
|
+
end
|
|
13
|
+
|
|
14
|
+
private
|
|
15
|
+
def <%= "#{singular_table_name}_params" %>
|
|
16
|
+
params.require(:<%= singular_table_name %>).permit(:email, :password, :password_confirmation)
|
|
17
|
+
end
|
|
18
|
+
end
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
class SessionsController < ApplicationController
|
|
2
|
+
skip_before_action :authenticate, except: :destroy
|
|
3
|
+
|
|
4
|
+
def create
|
|
5
|
+
@<%= singular_table_name %> = <%= class_name %>.find_by_email(params[:email])
|
|
6
|
+
|
|
7
|
+
if @<%= singular_table_name %>.try(:authenticate, params[:password])
|
|
8
|
+
render json: { session_token: @<%= singular_table_name %>.session_token }
|
|
9
|
+
else
|
|
10
|
+
render json: { error: "Invalid session token" }, status: :unauthorized
|
|
11
|
+
end
|
|
12
|
+
end
|
|
13
|
+
|
|
14
|
+
def destroy
|
|
15
|
+
Current.<%= singular_table_name %>.regenerate_session_token
|
|
16
|
+
end
|
|
17
|
+
end
|
data/lib/generators/authentication/templates/controllers/html/password_resets_controller.rb.tt
CHANGED
|
@@ -10,7 +10,7 @@ class PasswordResetsController < ApplicationController
|
|
|
10
10
|
|
|
11
11
|
def create
|
|
12
12
|
if @<%= singular_table_name %> = <%= class_name %>.find_by_email(params[:email])
|
|
13
|
-
PasswordMailer.with(
|
|
13
|
+
PasswordMailer.with(<%= singular_table_name %>: @<%= singular_table_name %>).reset.deliver_later
|
|
14
14
|
redirect_to sign_in_path, notice: "You will receive an email with instructions on how to reset your password in a few minutes"
|
|
15
15
|
else
|
|
16
16
|
redirect_to password_reset_new_path, alert: "The email address doesn't exist in our database"
|
|
@@ -1,12 +1,14 @@
|
|
|
1
1
|
class PasswordsController < ApplicationController
|
|
2
|
+
before_action :set_<%= singular_table_name %>
|
|
3
|
+
|
|
2
4
|
def edit
|
|
3
5
|
@<%= singular_table_name %> = Current.<%= singular_table_name %>
|
|
4
6
|
end
|
|
5
7
|
|
|
6
8
|
def update
|
|
7
|
-
if
|
|
9
|
+
if !@<%= singular_table_name %>.authenticate(params[:current_password])
|
|
8
10
|
redirect_to password_edit_path, alert: "The current password you entered is incorrect"
|
|
9
|
-
elsif
|
|
11
|
+
elsif @<%= singular_table_name %>.update(password_params)
|
|
10
12
|
redirect_to root_path, notice: "Your password has been changed successfully"
|
|
11
13
|
else
|
|
12
14
|
render :edit, status: :unprocessable_entity
|
|
@@ -14,6 +16,10 @@ class PasswordsController < ApplicationController
|
|
|
14
16
|
end
|
|
15
17
|
|
|
16
18
|
private
|
|
19
|
+
def set_<%= singular_table_name %>
|
|
20
|
+
@<%= singular_table_name %> = Current.<%= singular_table_name %>
|
|
21
|
+
end
|
|
22
|
+
|
|
17
23
|
def password_params
|
|
18
24
|
params.require(:<%= singular_table_name %>).permit(:password, :password_confirmation)
|
|
19
25
|
end
|
|
@@ -4,7 +4,11 @@ class <%= class_name %> < ApplicationRecord
|
|
|
4
4
|
|
|
5
5
|
validates :email, presence: true, uniqueness: true
|
|
6
6
|
validates :email, format: { with: /\A[^@\s]+@[^@\s]+\z/ }
|
|
7
|
-
|
|
7
|
+
validates_length_of :password, minimum: 8, allow_blank: true
|
|
8
8
|
|
|
9
9
|
before_validation { self.email = email.downcase.strip }
|
|
10
|
+
|
|
11
|
+
def as_json(options)
|
|
12
|
+
super(options.merge(except: [:password_digest, :session_token]))
|
|
13
|
+
end
|
|
10
14
|
end
|
|
@@ -14,7 +14,7 @@
|
|
|
14
14
|
<%% end %>
|
|
15
15
|
|
|
16
16
|
<div>
|
|
17
|
-
<%%= form.label :password, "New password (
|
|
17
|
+
<%%= form.label :password, "New password (8 characters minimum)", style: "display: block" %>
|
|
18
18
|
<%%= form.password_field :password, autofocus: true, autocomplete: "new-password" %>
|
|
19
19
|
</div>
|
|
20
20
|
|
|
@@ -17,11 +17,11 @@
|
|
|
17
17
|
|
|
18
18
|
<div>
|
|
19
19
|
<%%= label_tag :current_password, nil, style: "display: block" %>
|
|
20
|
-
<%%= password_field_tag :current_password, autofocus: true, autocomplete: "current-password" %>
|
|
20
|
+
<%%= password_field_tag :current_password, nil, autofocus: true, autocomplete: "current-password" %>
|
|
21
21
|
</div>
|
|
22
22
|
|
|
23
23
|
<div>
|
|
24
|
-
<%%= form.label :password, "New password (
|
|
24
|
+
<%%= form.label :password, "New password (8 characters minimum)", style: "display: block" %>
|
|
25
25
|
<%%= form.password_field :password, autocomplete: "new-password" %>
|
|
26
26
|
</div>
|
|
27
27
|
|
|
@@ -38,5 +38,5 @@
|
|
|
38
38
|
<br>
|
|
39
39
|
|
|
40
40
|
<div>
|
|
41
|
-
<%%= link_to "Back",
|
|
41
|
+
<%%= link_to "Back", root_path %>
|
|
42
42
|
</div>
|
|
@@ -19,7 +19,7 @@
|
|
|
19
19
|
</div>
|
|
20
20
|
|
|
21
21
|
<div>
|
|
22
|
-
<%%= form.label :password, "Password (
|
|
22
|
+
<%%= form.label :password, "Password (8 characters minimum)", style: "display: block" %>
|
|
23
23
|
<%%= form.password_field :password, autocomplete: "new-password" %>
|
|
24
24
|
</div>
|
|
25
25
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: authentication-zero
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.6
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Nixon
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-02-
|
|
11
|
+
date: 2022-02-15 00:00:00.000000000 Z
|
|
12
12
|
dependencies: []
|
|
13
13
|
description:
|
|
14
14
|
email:
|
|
@@ -31,6 +31,11 @@ files:
|
|
|
31
31
|
- lib/authentication_zero/version.rb
|
|
32
32
|
- lib/generators/authentication/USAGE
|
|
33
33
|
- lib/generators/authentication/authentication_generator.rb
|
|
34
|
+
- lib/generators/authentication/templates/controllers/api/cancellations_controller.rb.tt
|
|
35
|
+
- lib/generators/authentication/templates/controllers/api/password_resets_controller.rb.tt
|
|
36
|
+
- lib/generators/authentication/templates/controllers/api/passwords_controller.rb.tt
|
|
37
|
+
- lib/generators/authentication/templates/controllers/api/registrations_controller.rb.tt
|
|
38
|
+
- lib/generators/authentication/templates/controllers/api/sessions_controller.rb.tt
|
|
34
39
|
- lib/generators/authentication/templates/controllers/html/cancellations_controller.rb.tt
|
|
35
40
|
- lib/generators/authentication/templates/controllers/html/password_resets_controller.rb.tt
|
|
36
41
|
- lib/generators/authentication/templates/controllers/html/passwords_controller.rb.tt
|
|
@@ -40,6 +45,8 @@ files:
|
|
|
40
45
|
- lib/generators/authentication/templates/migration.rb.tt
|
|
41
46
|
- lib/generators/authentication/templates/models/current.rb.tt
|
|
42
47
|
- lib/generators/authentication/templates/models/resource.rb.tt
|
|
48
|
+
- lib/generators/authentication/templates/views/api/password_mailer/reset.html.erb.tt
|
|
49
|
+
- lib/generators/authentication/templates/views/api/password_mailer/reset.text.erb.tt
|
|
43
50
|
- lib/generators/authentication/templates/views/html/cancellations/new.html.erb.tt
|
|
44
51
|
- lib/generators/authentication/templates/views/html/password_mailer/reset.html.erb.tt
|
|
45
52
|
- lib/generators/authentication/templates/views/html/password_mailer/reset.text.erb.tt
|