authentication-zero 0.0.2 → 0.0.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (22) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile.lock +1 -1
  3. data/README.md +1 -1
  4. data/lib/authentication_zero/version.rb +1 -1
  5. data/lib/generators/authentication/authentication_generator.rb +47 -19
  6. data/lib/generators/authentication/templates/controllers/api/cancellations_controller.rb.tt +5 -0
  7. data/lib/generators/authentication/templates/controllers/api/password_resets_controller.rb.tt +31 -0
  8. data/lib/generators/authentication/templates/controllers/api/passwords_controller.rb.tt +22 -0
  9. data/lib/generators/authentication/templates/controllers/api/registrations_controller.rb.tt +18 -0
  10. data/lib/generators/authentication/templates/controllers/api/sessions_controller.rb.tt +17 -0
  11. data/lib/generators/authentication/templates/controllers/html/cancellations_controller.rb.tt +0 -1
  12. data/lib/generators/authentication/templates/controllers/html/password_resets_controller.rb.tt +1 -1
  13. data/lib/generators/authentication/templates/controllers/html/passwords_controller.rb.tt +8 -2
  14. data/lib/generators/authentication/templates/controllers/html/sessions_controller.rb.tt +0 -1
  15. data/lib/generators/authentication/templates/models/resource.rb.tt +5 -1
  16. data/lib/generators/authentication/templates/views/api/password_mailer/reset.html.erb.tt +7 -0
  17. data/lib/generators/authentication/templates/views/api/password_mailer/reset.text.erb.tt +7 -0
  18. data/lib/generators/authentication/templates/views/html/cancellations/new.html.erb.tt +1 -1
  19. data/lib/generators/authentication/templates/views/html/password_resets/edit.html.erb.tt +1 -1
  20. data/lib/generators/authentication/templates/views/html/passwords/edit.html.erb.tt +3 -3
  21. data/lib/generators/authentication/templates/views/html/registrations/new.html.erb.tt +1 -1
  22. metadata +9 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 26fe7423bf85a359fb127c86bd15edbc28e764e8e909c22dfb38e592f6c6b76d
4
- data.tar.gz: f008ffe4350af35e63ba90d300ac58e2f9e7a0d7589703f0c433509fbe747cc1
3
+ metadata.gz: 2f6baaecd5d394f4a5a589851c45638015379cf53022c6ca601b7aa49b46b1da
4
+ data.tar.gz: 93a28f7c9762aa2534672e45d25ee75b7708ec2e53fd629497bee70c77d1bbd4
5
5
  SHA512:
6
- metadata.gz: 15f85ad77fa48009b89d73ad826fc38594d47475c14b131af01b0ecc31f33e41549496515709b4b9236cd9d94dd7412b836fac7dd6977a3780b1a82081c13327
7
- data.tar.gz: 68d79e565a3fad1335b4de13b5352853ba5609b854617bc893f495e19207ec5aae15a8bdffbac8bb6af40d2a64c0054f59b654d8b8975f66653fe3b80eb549c6
6
+ metadata.gz: 60439dd077e66f946f61663ffc1a0d395a3dcffd25793764eb0399b1163c9061b7917cbacd98ce74695c84bb5d363d42eb04dc09a8c2ceafb33413743f101683
7
+ data.tar.gz: 56756318409dbe854b7db0566e3a510f80d668aa399e38744b78aa9c3d604dd0b8a6321563b36f202dc618149ccb551ecbaf81c23b3afdbb03c766e50bb5fdac
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- authentication-zero (0.0.2)
4
+ authentication-zero (0.0.6)
5
5
 
6
6
  GEM
7
7
  remote: https://rubygems.org/
data/README.md CHANGED
@@ -1,6 +1,6 @@
1
1
  # Authentication Zero
2
2
 
3
- The purpose of authentication zero is to generate a pre-built authentication system into a rails application that follows both security and rails best practices. By generating code into the user's application instead of using a library, the user has complete freedom to modify the authentication system so it works best with their app.
3
+ The purpose of authentication zero is to generate a pre-built authentication system into a rails application (web or api-only) that follows both security and rails best practices. By generating code into the user's application instead of using a library, the user has complete freedom to modify the authentication system so it works best with their app.
4
4
 
5
5
  ## Installation
6
6
 
@@ -1,3 +1,3 @@
1
1
  module AuthenticationZero
2
- VERSION = "0.0.2"
2
+ VERSION = "0.0.6"
3
3
  end
@@ -3,10 +3,16 @@ require "rails/generators/active_record"
3
3
  class AuthenticationGenerator < Rails::Generators::NamedBase
4
4
  include ActiveRecord::Generators::Migration
5
5
 
6
+ class_option :api, type: :boolean, desc: "Generates API authentication"
7
+
6
8
  source_root File.expand_path("templates", __dir__)
7
9
 
8
10
  def create_controllers
9
- directory "controllers/html", "app/controllers"
11
+ if options.api
12
+ directory "controllers/api", "app/controllers"
13
+ else
14
+ directory "controllers/html", "app/controllers"
15
+ end
10
16
  end
11
17
 
12
18
  def create_mailers
@@ -14,7 +20,11 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
14
20
  end
15
21
 
16
22
  def create_views
17
- directory "views/html", "app/views"
23
+ if options.api
24
+ directory "views/api", "app/views"
25
+ else
26
+ directory "views/html", "app/views"
27
+ end
18
28
  end
19
29
 
20
30
  def create_models
@@ -27,34 +37,52 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
27
37
  end
28
38
 
29
39
  def add_routes
30
- route "get 'sign_up', to: 'registrations#new'"
40
+ route "get 'sign_up', to: 'registrations#new'" unless options.api?
31
41
  route "post 'sign_up', to: 'registrations#create'"
32
- route "get 'sign_in', to: 'sessions#new'"
42
+ route "get 'sign_in', to: 'sessions#new'" unless options.api?
33
43
  route "post 'sign_in', to: 'sessions#create'"
34
- route "get 'password/edit', to: 'passwords#edit'"
44
+ route "get 'password/edit', to: 'passwords#edit'" unless options.api?
35
45
  route "patch 'password', to: 'passwords#update'"
36
- route "get 'cancellation/new', to: 'cancellations#new'"
46
+ route "get 'cancellation/new', to: 'cancellations#new'" unless options.api?
37
47
  route "post 'cancellation', to: 'cancellations#destroy'"
38
- route "get 'password_reset/new', to: 'password_resets#new'"
48
+ route "get 'password_reset/new', to: 'password_resets#new'" unless options.api?
39
49
  route "post 'password_reset', to: 'password_resets#create'"
40
- route "get 'password_reset/edit', to: 'password_resets#edit'"
50
+ route "get 'password_reset/edit', to: 'password_resets#edit'" unless options.api?
41
51
  route "patch 'password_reset', to: 'password_resets#update'"
42
52
  route "delete 'sign_out', to: 'sessions#destroy'"
43
53
  end
44
54
 
45
55
  def add_application_controller_methods
46
- inject_into_class "app/controllers/application_controller.rb", "ApplicationController", verbose: false do <<-CODE
47
- before_action :authenticate
48
-
49
- private
50
- def authenticate
51
- if #{singular_table_name} = cookies[:session_token] && #{class_name}.find_by_session_token(cookies[:session_token])
52
- Current.user = #{singular_table_name}
53
- else
54
- redirect_to sign_in_path, alert: "You need to sign in or sign up before continuing"
56
+ if options.api?
57
+ inject_into_class "app/controllers/application_controller.rb", "ApplicationController", verbose: false do <<~CODE
58
+ include ActionController::HttpAuthentication::Token::ControllerMethods
59
+
60
+ before_action :authenticate
61
+
62
+ private
63
+ def authenticate
64
+ if #{singular_table_name} = authenticate_with_http_token { |token, _| #{class_name}.find_by_session_token(token) }
65
+ Current.user = #{singular_table_name}
66
+ else
67
+ request_http_token_authentication
68
+ end
69
+ end
70
+ CODE
71
+ end
72
+ else
73
+ inject_into_class "app/controllers/application_controller.rb", "ApplicationController", verbose: false do <<~CODE
74
+ before_action :authenticate
75
+
76
+ private
77
+ def authenticate
78
+ if #{singular_table_name} = cookies[:session_token] && #{class_name}.find_by_session_token(cookies[:session_token])
79
+ Current.user = #{singular_table_name}
80
+ else
81
+ redirect_to sign_in_path, alert: "You need to sign in or sign up before continuing"
82
+ end
83
+ end
84
+ CODE
55
85
  end
56
- end
57
- CODE
58
86
  end
59
87
  end
60
88
  end
@@ -0,0 +1,5 @@
1
+ class CancellationsController < ApplicationController
2
+ def destroy
3
+ Current.<%= singular_table_name %>.destroy
4
+ end
5
+ end
@@ -0,0 +1,31 @@
1
+ class PasswordResetsController < ApplicationController
2
+ before_action :set_<%= singular_table_name %>, only: :update
3
+ skip_before_action :authenticate
4
+
5
+ def create
6
+ if @<%= singular_table_name %> = <%= class_name %>.find_by_email(params[:email])
7
+ PasswordMailer.with(<%= singular_table_name %>: @<%= singular_table_name %>).reset.deliver_later
8
+ else
9
+ render json: { error: "The email address doesn't exist in our database" }, status: :bad_request
10
+ end
11
+ end
12
+
13
+ def update
14
+ if @<%= singular_table_name %>.update(password_params)
15
+ render json: @<%= singular_table_name %>
16
+ else
17
+ render json: @<%= singular_table_name %>.errors, status: :unprocessable_entity
18
+ end
19
+ end
20
+
21
+ private
22
+ def set_<%= singular_table_name %>
23
+ @<%= singular_table_name %> = <%= class_name %>.find_signed!(params[:token], purpose: "password_reset")
24
+ rescue ActiveSupport::MessageVerifier::InvalidSignature
25
+ render json: { error: "Your token has expired, please request a new one" }, status: :bad_request
26
+ end
27
+
28
+ def password_params
29
+ params.require(:<%= singular_table_name %>).permit(:password, :password_confirmation)
30
+ end
31
+ end
@@ -0,0 +1,22 @@
1
+ class PasswordsController < ApplicationController
2
+ before_action :set_<%= singular_table_name %>
3
+
4
+ def update
5
+ if !@<%= singular_table_name %>.authenticate(params[:current_password])
6
+ render json: { error: "The current password you entered is incorrect" }, status: :bad_request
7
+ elsif @<%= singular_table_name %>.update(password_params)
8
+ render json: @<%= singular_table_name %>
9
+ else
10
+ render json: @<%= singular_table_name %>.errors, status: :unprocessable_entity
11
+ end
12
+ end
13
+
14
+ private
15
+ def set_<%= singular_table_name %>
16
+ @<%= singular_table_name %> = Current.<%= singular_table_name %>
17
+ end
18
+
19
+ def password_params
20
+ params.require(:<%= singular_table_name %>).permit(:password, :password_confirmation)
21
+ end
22
+ end
@@ -0,0 +1,18 @@
1
+ class RegistrationsController < ApplicationController
2
+ skip_before_action :authenticate
3
+
4
+ def create
5
+ @<%= singular_table_name %> = <%= class_name %>.new(<%= "#{singular_table_name}_params" %>)
6
+
7
+ if @<%= singular_table_name %>.save
8
+ render json: @<%= singular_table_name %>, status: :created
9
+ else
10
+ render json: @<%= singular_table_name %>.errors, status: :unprocessable_entity
11
+ end
12
+ end
13
+
14
+ private
15
+ def <%= "#{singular_table_name}_params" %>
16
+ params.require(:<%= singular_table_name %>).permit(:email, :password, :password_confirmation)
17
+ end
18
+ end
@@ -0,0 +1,17 @@
1
+ class SessionsController < ApplicationController
2
+ skip_before_action :authenticate, except: :destroy
3
+
4
+ def create
5
+ @<%= singular_table_name %> = <%= class_name %>.find_by_email(params[:email])
6
+
7
+ if @<%= singular_table_name %>.try(:authenticate, params[:password])
8
+ render json: { session_token: @<%= singular_table_name %>.session_token }
9
+ else
10
+ render json: { error: "Invalid session token" }, status: :unauthorized
11
+ end
12
+ end
13
+
14
+ def destroy
15
+ Current.<%= singular_table_name %>.regenerate_session_token
16
+ end
17
+ end
@@ -4,7 +4,6 @@ class CancellationsController < ApplicationController
4
4
 
5
5
  def destroy
6
6
  Current.<%= singular_table_name %>.destroy
7
- cookies.delete :session_token
8
7
  redirect_to sign_in_path, notice: "Bye! Your account has been successfully cancelled"
9
8
  end
10
9
  end
@@ -10,7 +10,7 @@ class PasswordResetsController < ApplicationController
10
10
 
11
11
  def create
12
12
  if @<%= singular_table_name %> = <%= class_name %>.find_by_email(params[:email])
13
- PasswordMailer.with(to: @<%= singular_table_name %>).reset.deliver_later
13
+ PasswordMailer.with(<%= singular_table_name %>: @<%= singular_table_name %>).reset.deliver_later
14
14
  redirect_to sign_in_path, notice: "You will receive an email with instructions on how to reset your password in a few minutes"
15
15
  else
16
16
  redirect_to password_reset_new_path, alert: "The email address doesn't exist in our database"
@@ -1,12 +1,14 @@
1
1
  class PasswordsController < ApplicationController
2
+ before_action :set_<%= singular_table_name %>
3
+
2
4
  def edit
3
5
  @<%= singular_table_name %> = Current.<%= singular_table_name %>
4
6
  end
5
7
 
6
8
  def update
7
- if !Current.<%= singular_table_name %>.authenticate(params[:current_password])
9
+ if !@<%= singular_table_name %>.authenticate(params[:current_password])
8
10
  redirect_to password_edit_path, alert: "The current password you entered is incorrect"
9
- elsif Current.<%= singular_table_name %>.update(password_params)
11
+ elsif @<%= singular_table_name %>.update(password_params)
10
12
  redirect_to root_path, notice: "Your password has been changed successfully"
11
13
  else
12
14
  render :edit, status: :unprocessable_entity
@@ -14,6 +16,10 @@ class PasswordsController < ApplicationController
14
16
  end
15
17
 
16
18
  private
19
+ def set_<%= singular_table_name %>
20
+ @<%= singular_table_name %> = Current.<%= singular_table_name %>
21
+ end
22
+
17
23
  def password_params
18
24
  params.require(:<%= singular_table_name %>).permit(:password, :password_confirmation)
19
25
  end
@@ -22,7 +22,6 @@ class SessionsController < ApplicationController
22
22
  end
23
23
 
24
24
  def destroy
25
- cookies.delete :session_token
26
25
  Current.<%= singular_table_name %>.regenerate_session_token
27
26
  redirect_to sign_in_path, notice: "Signed out successfully"
28
27
  end
@@ -4,7 +4,11 @@ class <%= class_name %> < ApplicationRecord
4
4
 
5
5
  validates :email, presence: true, uniqueness: true
6
6
  validates :email, format: { with: /\A[^@\s]+@[^@\s]+\z/ }
7
- validates :password, length: 8..70, allow_blank: true
7
+ validates_length_of :password, minimum: 8, allow_blank: true
8
8
 
9
9
  before_validation { self.email = email.downcase.strip }
10
+
11
+ def as_json(options)
12
+ super(options.merge(except: [:password_digest, :session_token]))
13
+ end
10
14
  end
@@ -0,0 +1,7 @@
1
+ Hi <%%= params[:<%= singular_table_name %>].email %>,
2
+
3
+ Someone requested a reset of your password.
4
+
5
+ If this was you, use this token to reset your password. The token will expire automatically in 15 minutes.
6
+
7
+ <%%= @token %>
@@ -0,0 +1,7 @@
1
+ Hi <%%= params[:<%= singular_table_name %>].email %>,
2
+
3
+ Someone requested a reset of your password.
4
+
5
+ If this was you, use this token to reset your password. The token will expire automatically in 15 minutes.
6
+
7
+ <%%= @token %>
@@ -2,7 +2,7 @@
2
2
 
3
3
  <p>Your account will be immediately closed. You won’t be able to sign in anymore.</p>
4
4
  <p>Your data will be permanently deleted from our servers.</p>
5
- <p><%%= link_to "Back", :back %></p>
5
+ <p><%%= link_to "Back", root_path %></p>
6
6
 
7
7
  <br>
8
8
 
@@ -14,7 +14,7 @@
14
14
  <%% end %>
15
15
 
16
16
  <div>
17
- <%%= form.label :password, "New password (6 characters minimum)", style: "display: block" %>
17
+ <%%= form.label :password, "New password (8 characters minimum)", style: "display: block" %>
18
18
  <%%= form.password_field :password, autofocus: true, autocomplete: "new-password" %>
19
19
  </div>
20
20
 
@@ -17,11 +17,11 @@
17
17
 
18
18
  <div>
19
19
  <%%= label_tag :current_password, nil, style: "display: block" %>
20
- <%%= password_field_tag :current_password, autofocus: true, autocomplete: "current-password" %>
20
+ <%%= password_field_tag :current_password, nil, autofocus: true, autocomplete: "current-password" %>
21
21
  </div>
22
22
 
23
23
  <div>
24
- <%%= form.label :password, "New password (6 characters minimum)", style: "display: block" %>
24
+ <%%= form.label :password, "New password (8 characters minimum)", style: "display: block" %>
25
25
  <%%= form.password_field :password, autocomplete: "new-password" %>
26
26
  </div>
27
27
 
@@ -38,5 +38,5 @@
38
38
  <br>
39
39
 
40
40
  <div>
41
- <%%= link_to "Back", :back %>
41
+ <%%= link_to "Back", root_path %>
42
42
  </div>
@@ -19,7 +19,7 @@
19
19
  </div>
20
20
 
21
21
  <div>
22
- <%%= form.label :password, "Password (6 characters minimum)", style: "display: block" %>
22
+ <%%= form.label :password, "Password (8 characters minimum)", style: "display: block" %>
23
23
  <%%= form.password_field :password, autocomplete: "new-password" %>
24
24
  </div>
25
25
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: authentication-zero
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.2
4
+ version: 0.0.6
5
5
  platform: ruby
6
6
  authors:
7
7
  - Nixon
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-02-14 00:00:00.000000000 Z
11
+ date: 2022-02-15 00:00:00.000000000 Z
12
12
  dependencies: []
13
13
  description:
14
14
  email:
@@ -31,6 +31,11 @@ files:
31
31
  - lib/authentication_zero/version.rb
32
32
  - lib/generators/authentication/USAGE
33
33
  - lib/generators/authentication/authentication_generator.rb
34
+ - lib/generators/authentication/templates/controllers/api/cancellations_controller.rb.tt
35
+ - lib/generators/authentication/templates/controllers/api/password_resets_controller.rb.tt
36
+ - lib/generators/authentication/templates/controllers/api/passwords_controller.rb.tt
37
+ - lib/generators/authentication/templates/controllers/api/registrations_controller.rb.tt
38
+ - lib/generators/authentication/templates/controllers/api/sessions_controller.rb.tt
34
39
  - lib/generators/authentication/templates/controllers/html/cancellations_controller.rb.tt
35
40
  - lib/generators/authentication/templates/controllers/html/password_resets_controller.rb.tt
36
41
  - lib/generators/authentication/templates/controllers/html/passwords_controller.rb.tt
@@ -40,6 +45,8 @@ files:
40
45
  - lib/generators/authentication/templates/migration.rb.tt
41
46
  - lib/generators/authentication/templates/models/current.rb.tt
42
47
  - lib/generators/authentication/templates/models/resource.rb.tt
48
+ - lib/generators/authentication/templates/views/api/password_mailer/reset.html.erb.tt
49
+ - lib/generators/authentication/templates/views/api/password_mailer/reset.text.erb.tt
43
50
  - lib/generators/authentication/templates/views/html/cancellations/new.html.erb.tt
44
51
  - lib/generators/authentication/templates/views/html/password_mailer/reset.html.erb.tt
45
52
  - lib/generators/authentication/templates/views/html/password_mailer/reset.text.erb.tt