authentication-zero 0.0.2 → 0.0.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile.lock +1 -1
- data/README.md +1 -1
- data/lib/authentication_zero/version.rb +1 -1
- data/lib/generators/authentication/authentication_generator.rb +47 -19
- data/lib/generators/authentication/templates/controllers/api/cancellations_controller.rb.tt +5 -0
- data/lib/generators/authentication/templates/controllers/api/password_resets_controller.rb.tt +31 -0
- data/lib/generators/authentication/templates/controllers/api/passwords_controller.rb.tt +22 -0
- data/lib/generators/authentication/templates/controllers/api/registrations_controller.rb.tt +18 -0
- data/lib/generators/authentication/templates/controllers/api/sessions_controller.rb.tt +17 -0
- data/lib/generators/authentication/templates/controllers/html/cancellations_controller.rb.tt +0 -1
- data/lib/generators/authentication/templates/controllers/html/password_resets_controller.rb.tt +1 -1
- data/lib/generators/authentication/templates/controllers/html/passwords_controller.rb.tt +8 -2
- data/lib/generators/authentication/templates/controllers/html/sessions_controller.rb.tt +0 -1
- data/lib/generators/authentication/templates/models/resource.rb.tt +5 -1
- data/lib/generators/authentication/templates/views/api/password_mailer/reset.html.erb.tt +7 -0
- data/lib/generators/authentication/templates/views/api/password_mailer/reset.text.erb.tt +7 -0
- data/lib/generators/authentication/templates/views/html/cancellations/new.html.erb.tt +1 -1
- data/lib/generators/authentication/templates/views/html/password_resets/edit.html.erb.tt +1 -1
- data/lib/generators/authentication/templates/views/html/passwords/edit.html.erb.tt +3 -3
- data/lib/generators/authentication/templates/views/html/registrations/new.html.erb.tt +1 -1
- metadata +9 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 2f6baaecd5d394f4a5a589851c45638015379cf53022c6ca601b7aa49b46b1da
|
|
4
|
+
data.tar.gz: 93a28f7c9762aa2534672e45d25ee75b7708ec2e53fd629497bee70c77d1bbd4
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 60439dd077e66f946f61663ffc1a0d395a3dcffd25793764eb0399b1163c9061b7917cbacd98ce74695c84bb5d363d42eb04dc09a8c2ceafb33413743f101683
|
|
7
|
+
data.tar.gz: 56756318409dbe854b7db0566e3a510f80d668aa399e38744b78aa9c3d604dd0b8a6321563b36f202dc618149ccb551ecbaf81c23b3afdbb03c766e50bb5fdac
|
data/Gemfile.lock
CHANGED
data/README.md
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
# Authentication Zero
|
|
2
2
|
|
|
3
|
-
The purpose of authentication zero is to generate a pre-built authentication system into a rails application that follows both security and rails best practices. By generating code into the user's application instead of using a library, the user has complete freedom to modify the authentication system so it works best with their app.
|
|
3
|
+
The purpose of authentication zero is to generate a pre-built authentication system into a rails application (web or api-only) that follows both security and rails best practices. By generating code into the user's application instead of using a library, the user has complete freedom to modify the authentication system so it works best with their app.
|
|
4
4
|
|
|
5
5
|
## Installation
|
|
6
6
|
|
|
@@ -3,10 +3,16 @@ require "rails/generators/active_record"
|
|
|
3
3
|
class AuthenticationGenerator < Rails::Generators::NamedBase
|
|
4
4
|
include ActiveRecord::Generators::Migration
|
|
5
5
|
|
|
6
|
+
class_option :api, type: :boolean, desc: "Generates API authentication"
|
|
7
|
+
|
|
6
8
|
source_root File.expand_path("templates", __dir__)
|
|
7
9
|
|
|
8
10
|
def create_controllers
|
|
9
|
-
|
|
11
|
+
if options.api
|
|
12
|
+
directory "controllers/api", "app/controllers"
|
|
13
|
+
else
|
|
14
|
+
directory "controllers/html", "app/controllers"
|
|
15
|
+
end
|
|
10
16
|
end
|
|
11
17
|
|
|
12
18
|
def create_mailers
|
|
@@ -14,7 +20,11 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
|
|
|
14
20
|
end
|
|
15
21
|
|
|
16
22
|
def create_views
|
|
17
|
-
|
|
23
|
+
if options.api
|
|
24
|
+
directory "views/api", "app/views"
|
|
25
|
+
else
|
|
26
|
+
directory "views/html", "app/views"
|
|
27
|
+
end
|
|
18
28
|
end
|
|
19
29
|
|
|
20
30
|
def create_models
|
|
@@ -27,34 +37,52 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
|
|
|
27
37
|
end
|
|
28
38
|
|
|
29
39
|
def add_routes
|
|
30
|
-
route "get 'sign_up', to: 'registrations#new'"
|
|
40
|
+
route "get 'sign_up', to: 'registrations#new'" unless options.api?
|
|
31
41
|
route "post 'sign_up', to: 'registrations#create'"
|
|
32
|
-
route "get 'sign_in', to: 'sessions#new'"
|
|
42
|
+
route "get 'sign_in', to: 'sessions#new'" unless options.api?
|
|
33
43
|
route "post 'sign_in', to: 'sessions#create'"
|
|
34
|
-
route "get 'password/edit', to: 'passwords#edit'"
|
|
44
|
+
route "get 'password/edit', to: 'passwords#edit'" unless options.api?
|
|
35
45
|
route "patch 'password', to: 'passwords#update'"
|
|
36
|
-
route "get 'cancellation/new', to: 'cancellations#new'"
|
|
46
|
+
route "get 'cancellation/new', to: 'cancellations#new'" unless options.api?
|
|
37
47
|
route "post 'cancellation', to: 'cancellations#destroy'"
|
|
38
|
-
route "get 'password_reset/new', to: 'password_resets#new'"
|
|
48
|
+
route "get 'password_reset/new', to: 'password_resets#new'" unless options.api?
|
|
39
49
|
route "post 'password_reset', to: 'password_resets#create'"
|
|
40
|
-
route "get 'password_reset/edit', to: 'password_resets#edit'"
|
|
50
|
+
route "get 'password_reset/edit', to: 'password_resets#edit'" unless options.api?
|
|
41
51
|
route "patch 'password_reset', to: 'password_resets#update'"
|
|
42
52
|
route "delete 'sign_out', to: 'sessions#destroy'"
|
|
43
53
|
end
|
|
44
54
|
|
|
45
55
|
def add_application_controller_methods
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
56
|
+
if options.api?
|
|
57
|
+
inject_into_class "app/controllers/application_controller.rb", "ApplicationController", verbose: false do <<~CODE
|
|
58
|
+
include ActionController::HttpAuthentication::Token::ControllerMethods
|
|
59
|
+
|
|
60
|
+
before_action :authenticate
|
|
61
|
+
|
|
62
|
+
private
|
|
63
|
+
def authenticate
|
|
64
|
+
if #{singular_table_name} = authenticate_with_http_token { |token, _| #{class_name}.find_by_session_token(token) }
|
|
65
|
+
Current.user = #{singular_table_name}
|
|
66
|
+
else
|
|
67
|
+
request_http_token_authentication
|
|
68
|
+
end
|
|
69
|
+
end
|
|
70
|
+
CODE
|
|
71
|
+
end
|
|
72
|
+
else
|
|
73
|
+
inject_into_class "app/controllers/application_controller.rb", "ApplicationController", verbose: false do <<~CODE
|
|
74
|
+
before_action :authenticate
|
|
75
|
+
|
|
76
|
+
private
|
|
77
|
+
def authenticate
|
|
78
|
+
if #{singular_table_name} = cookies[:session_token] && #{class_name}.find_by_session_token(cookies[:session_token])
|
|
79
|
+
Current.user = #{singular_table_name}
|
|
80
|
+
else
|
|
81
|
+
redirect_to sign_in_path, alert: "You need to sign in or sign up before continuing"
|
|
82
|
+
end
|
|
83
|
+
end
|
|
84
|
+
CODE
|
|
55
85
|
end
|
|
56
|
-
end
|
|
57
|
-
CODE
|
|
58
86
|
end
|
|
59
87
|
end
|
|
60
88
|
end
|
|
@@ -0,0 +1,31 @@
|
|
|
1
|
+
class PasswordResetsController < ApplicationController
|
|
2
|
+
before_action :set_<%= singular_table_name %>, only: :update
|
|
3
|
+
skip_before_action :authenticate
|
|
4
|
+
|
|
5
|
+
def create
|
|
6
|
+
if @<%= singular_table_name %> = <%= class_name %>.find_by_email(params[:email])
|
|
7
|
+
PasswordMailer.with(<%= singular_table_name %>: @<%= singular_table_name %>).reset.deliver_later
|
|
8
|
+
else
|
|
9
|
+
render json: { error: "The email address doesn't exist in our database" }, status: :bad_request
|
|
10
|
+
end
|
|
11
|
+
end
|
|
12
|
+
|
|
13
|
+
def update
|
|
14
|
+
if @<%= singular_table_name %>.update(password_params)
|
|
15
|
+
render json: @<%= singular_table_name %>
|
|
16
|
+
else
|
|
17
|
+
render json: @<%= singular_table_name %>.errors, status: :unprocessable_entity
|
|
18
|
+
end
|
|
19
|
+
end
|
|
20
|
+
|
|
21
|
+
private
|
|
22
|
+
def set_<%= singular_table_name %>
|
|
23
|
+
@<%= singular_table_name %> = <%= class_name %>.find_signed!(params[:token], purpose: "password_reset")
|
|
24
|
+
rescue ActiveSupport::MessageVerifier::InvalidSignature
|
|
25
|
+
render json: { error: "Your token has expired, please request a new one" }, status: :bad_request
|
|
26
|
+
end
|
|
27
|
+
|
|
28
|
+
def password_params
|
|
29
|
+
params.require(:<%= singular_table_name %>).permit(:password, :password_confirmation)
|
|
30
|
+
end
|
|
31
|
+
end
|
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
class PasswordsController < ApplicationController
|
|
2
|
+
before_action :set_<%= singular_table_name %>
|
|
3
|
+
|
|
4
|
+
def update
|
|
5
|
+
if !@<%= singular_table_name %>.authenticate(params[:current_password])
|
|
6
|
+
render json: { error: "The current password you entered is incorrect" }, status: :bad_request
|
|
7
|
+
elsif @<%= singular_table_name %>.update(password_params)
|
|
8
|
+
render json: @<%= singular_table_name %>
|
|
9
|
+
else
|
|
10
|
+
render json: @<%= singular_table_name %>.errors, status: :unprocessable_entity
|
|
11
|
+
end
|
|
12
|
+
end
|
|
13
|
+
|
|
14
|
+
private
|
|
15
|
+
def set_<%= singular_table_name %>
|
|
16
|
+
@<%= singular_table_name %> = Current.<%= singular_table_name %>
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
def password_params
|
|
20
|
+
params.require(:<%= singular_table_name %>).permit(:password, :password_confirmation)
|
|
21
|
+
end
|
|
22
|
+
end
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
class RegistrationsController < ApplicationController
|
|
2
|
+
skip_before_action :authenticate
|
|
3
|
+
|
|
4
|
+
def create
|
|
5
|
+
@<%= singular_table_name %> = <%= class_name %>.new(<%= "#{singular_table_name}_params" %>)
|
|
6
|
+
|
|
7
|
+
if @<%= singular_table_name %>.save
|
|
8
|
+
render json: @<%= singular_table_name %>, status: :created
|
|
9
|
+
else
|
|
10
|
+
render json: @<%= singular_table_name %>.errors, status: :unprocessable_entity
|
|
11
|
+
end
|
|
12
|
+
end
|
|
13
|
+
|
|
14
|
+
private
|
|
15
|
+
def <%= "#{singular_table_name}_params" %>
|
|
16
|
+
params.require(:<%= singular_table_name %>).permit(:email, :password, :password_confirmation)
|
|
17
|
+
end
|
|
18
|
+
end
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
class SessionsController < ApplicationController
|
|
2
|
+
skip_before_action :authenticate, except: :destroy
|
|
3
|
+
|
|
4
|
+
def create
|
|
5
|
+
@<%= singular_table_name %> = <%= class_name %>.find_by_email(params[:email])
|
|
6
|
+
|
|
7
|
+
if @<%= singular_table_name %>.try(:authenticate, params[:password])
|
|
8
|
+
render json: { session_token: @<%= singular_table_name %>.session_token }
|
|
9
|
+
else
|
|
10
|
+
render json: { error: "Invalid session token" }, status: :unauthorized
|
|
11
|
+
end
|
|
12
|
+
end
|
|
13
|
+
|
|
14
|
+
def destroy
|
|
15
|
+
Current.<%= singular_table_name %>.regenerate_session_token
|
|
16
|
+
end
|
|
17
|
+
end
|
data/lib/generators/authentication/templates/controllers/html/password_resets_controller.rb.tt
CHANGED
|
@@ -10,7 +10,7 @@ class PasswordResetsController < ApplicationController
|
|
|
10
10
|
|
|
11
11
|
def create
|
|
12
12
|
if @<%= singular_table_name %> = <%= class_name %>.find_by_email(params[:email])
|
|
13
|
-
PasswordMailer.with(
|
|
13
|
+
PasswordMailer.with(<%= singular_table_name %>: @<%= singular_table_name %>).reset.deliver_later
|
|
14
14
|
redirect_to sign_in_path, notice: "You will receive an email with instructions on how to reset your password in a few minutes"
|
|
15
15
|
else
|
|
16
16
|
redirect_to password_reset_new_path, alert: "The email address doesn't exist in our database"
|
|
@@ -1,12 +1,14 @@
|
|
|
1
1
|
class PasswordsController < ApplicationController
|
|
2
|
+
before_action :set_<%= singular_table_name %>
|
|
3
|
+
|
|
2
4
|
def edit
|
|
3
5
|
@<%= singular_table_name %> = Current.<%= singular_table_name %>
|
|
4
6
|
end
|
|
5
7
|
|
|
6
8
|
def update
|
|
7
|
-
if
|
|
9
|
+
if !@<%= singular_table_name %>.authenticate(params[:current_password])
|
|
8
10
|
redirect_to password_edit_path, alert: "The current password you entered is incorrect"
|
|
9
|
-
elsif
|
|
11
|
+
elsif @<%= singular_table_name %>.update(password_params)
|
|
10
12
|
redirect_to root_path, notice: "Your password has been changed successfully"
|
|
11
13
|
else
|
|
12
14
|
render :edit, status: :unprocessable_entity
|
|
@@ -14,6 +16,10 @@ class PasswordsController < ApplicationController
|
|
|
14
16
|
end
|
|
15
17
|
|
|
16
18
|
private
|
|
19
|
+
def set_<%= singular_table_name %>
|
|
20
|
+
@<%= singular_table_name %> = Current.<%= singular_table_name %>
|
|
21
|
+
end
|
|
22
|
+
|
|
17
23
|
def password_params
|
|
18
24
|
params.require(:<%= singular_table_name %>).permit(:password, :password_confirmation)
|
|
19
25
|
end
|
|
@@ -4,7 +4,11 @@ class <%= class_name %> < ApplicationRecord
|
|
|
4
4
|
|
|
5
5
|
validates :email, presence: true, uniqueness: true
|
|
6
6
|
validates :email, format: { with: /\A[^@\s]+@[^@\s]+\z/ }
|
|
7
|
-
|
|
7
|
+
validates_length_of :password, minimum: 8, allow_blank: true
|
|
8
8
|
|
|
9
9
|
before_validation { self.email = email.downcase.strip }
|
|
10
|
+
|
|
11
|
+
def as_json(options)
|
|
12
|
+
super(options.merge(except: [:password_digest, :session_token]))
|
|
13
|
+
end
|
|
10
14
|
end
|
|
@@ -14,7 +14,7 @@
|
|
|
14
14
|
<%% end %>
|
|
15
15
|
|
|
16
16
|
<div>
|
|
17
|
-
<%%= form.label :password, "New password (
|
|
17
|
+
<%%= form.label :password, "New password (8 characters minimum)", style: "display: block" %>
|
|
18
18
|
<%%= form.password_field :password, autofocus: true, autocomplete: "new-password" %>
|
|
19
19
|
</div>
|
|
20
20
|
|
|
@@ -17,11 +17,11 @@
|
|
|
17
17
|
|
|
18
18
|
<div>
|
|
19
19
|
<%%= label_tag :current_password, nil, style: "display: block" %>
|
|
20
|
-
<%%= password_field_tag :current_password, autofocus: true, autocomplete: "current-password" %>
|
|
20
|
+
<%%= password_field_tag :current_password, nil, autofocus: true, autocomplete: "current-password" %>
|
|
21
21
|
</div>
|
|
22
22
|
|
|
23
23
|
<div>
|
|
24
|
-
<%%= form.label :password, "New password (
|
|
24
|
+
<%%= form.label :password, "New password (8 characters minimum)", style: "display: block" %>
|
|
25
25
|
<%%= form.password_field :password, autocomplete: "new-password" %>
|
|
26
26
|
</div>
|
|
27
27
|
|
|
@@ -38,5 +38,5 @@
|
|
|
38
38
|
<br>
|
|
39
39
|
|
|
40
40
|
<div>
|
|
41
|
-
<%%= link_to "Back",
|
|
41
|
+
<%%= link_to "Back", root_path %>
|
|
42
42
|
</div>
|
|
@@ -19,7 +19,7 @@
|
|
|
19
19
|
</div>
|
|
20
20
|
|
|
21
21
|
<div>
|
|
22
|
-
<%%= form.label :password, "Password (
|
|
22
|
+
<%%= form.label :password, "Password (8 characters minimum)", style: "display: block" %>
|
|
23
23
|
<%%= form.password_field :password, autocomplete: "new-password" %>
|
|
24
24
|
</div>
|
|
25
25
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: authentication-zero
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.6
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Nixon
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-02-
|
|
11
|
+
date: 2022-02-15 00:00:00.000000000 Z
|
|
12
12
|
dependencies: []
|
|
13
13
|
description:
|
|
14
14
|
email:
|
|
@@ -31,6 +31,11 @@ files:
|
|
|
31
31
|
- lib/authentication_zero/version.rb
|
|
32
32
|
- lib/generators/authentication/USAGE
|
|
33
33
|
- lib/generators/authentication/authentication_generator.rb
|
|
34
|
+
- lib/generators/authentication/templates/controllers/api/cancellations_controller.rb.tt
|
|
35
|
+
- lib/generators/authentication/templates/controllers/api/password_resets_controller.rb.tt
|
|
36
|
+
- lib/generators/authentication/templates/controllers/api/passwords_controller.rb.tt
|
|
37
|
+
- lib/generators/authentication/templates/controllers/api/registrations_controller.rb.tt
|
|
38
|
+
- lib/generators/authentication/templates/controllers/api/sessions_controller.rb.tt
|
|
34
39
|
- lib/generators/authentication/templates/controllers/html/cancellations_controller.rb.tt
|
|
35
40
|
- lib/generators/authentication/templates/controllers/html/password_resets_controller.rb.tt
|
|
36
41
|
- lib/generators/authentication/templates/controllers/html/passwords_controller.rb.tt
|
|
@@ -40,6 +45,8 @@ files:
|
|
|
40
45
|
- lib/generators/authentication/templates/migration.rb.tt
|
|
41
46
|
- lib/generators/authentication/templates/models/current.rb.tt
|
|
42
47
|
- lib/generators/authentication/templates/models/resource.rb.tt
|
|
48
|
+
- lib/generators/authentication/templates/views/api/password_mailer/reset.html.erb.tt
|
|
49
|
+
- lib/generators/authentication/templates/views/api/password_mailer/reset.text.erb.tt
|
|
43
50
|
- lib/generators/authentication/templates/views/html/cancellations/new.html.erb.tt
|
|
44
51
|
- lib/generators/authentication/templates/views/html/password_mailer/reset.html.erb.tt
|
|
45
52
|
- lib/generators/authentication/templates/views/html/password_mailer/reset.text.erb.tt
|