authentication-zero 0.0.3 → 0.0.7

Sign up to get free protection for your applications and to get access to all the features.
Files changed (23) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile.lock +1 -1
  3. data/README.md +1 -1
  4. data/lib/authentication_zero/version.rb +1 -1
  5. data/lib/generators/authentication/authentication_generator.rb +46 -18
  6. data/lib/generators/authentication/templates/controllers/api/cancellations_controller.rb.tt +5 -0
  7. data/lib/generators/authentication/templates/controllers/api/password_resets_controller.rb.tt +35 -0
  8. data/lib/generators/authentication/templates/controllers/api/passwords_controller.rb.tt +22 -0
  9. data/lib/generators/authentication/templates/controllers/api/registrations_controller.rb.tt +18 -0
  10. data/lib/generators/authentication/templates/controllers/api/sessions_controller.rb.tt +17 -0
  11. data/lib/generators/authentication/templates/controllers/html/cancellations_controller.rb.tt +0 -1
  12. data/lib/generators/authentication/templates/controllers/html/passwords_controller.rb.tt +8 -2
  13. data/lib/generators/authentication/templates/controllers/html/sessions_controller.rb.tt +0 -1
  14. data/lib/generators/authentication/templates/models/resource.rb.tt +5 -1
  15. data/lib/generators/authentication/templates/views/{html/cancellations → cancellations}/new.html.erb.tt +0 -0
  16. data/lib/generators/authentication/templates/views/{html/password_mailer → password_mailer}/reset.html.erb.tt +0 -0
  17. data/lib/generators/authentication/templates/views/{html/password_mailer → password_mailer}/reset.text.erb.tt +0 -0
  18. data/lib/generators/authentication/templates/views/{html/password_resets → password_resets}/edit.html.erb.tt +1 -1
  19. data/lib/generators/authentication/templates/views/{html/password_resets → password_resets}/new.html.erb.tt +0 -0
  20. data/lib/generators/authentication/templates/views/{html/passwords → passwords}/edit.html.erb.tt +2 -2
  21. data/lib/generators/authentication/templates/views/{html/registrations → registrations}/new.html.erb.tt +1 -1
  22. data/lib/generators/authentication/templates/views/{html/sessions → sessions}/new.html.erb.tt +0 -0
  23. metadata +15 -10
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 5ce5e21bc2cc3d6c6918ccbad332d242cca9cfcb39118627249175e7ebb5aa87
4
- data.tar.gz: 35e17b1191f02d6cb5a56d3225e800399ee2cff532762b9e69e407f008b07008
3
+ metadata.gz: 00f2558085051718c5d29c5aeb4f4f5ebb5daf9d6a165c0f8dd588771b73789a
4
+ data.tar.gz: c4c548e20a25306b3dc44cc46fd4c5dae7d798a8bce4dc352bf0bce314b33b53
5
5
  SHA512:
6
- metadata.gz: 60910c9bd432c8b8cbfc1db6f80ac6b0f95fd8533b2662cd7972f953ef7bbba18cbc01597a301ffc1cc94a19928e092f99fd329a0007c07ff948ada0eddc6e1a
7
- data.tar.gz: a894976b67986f247d3913da3007693ee4d0470c9916a0615d793f21b17cab8c5ef0e70c6a929bd8a35c154302ae6eba15b311d1f89b0bdc83abec4cec6c3fdb
6
+ metadata.gz: d3ea2a5b31a39bd3aa1f029c96f5c24791d6df8da63b41384e806ad79887122497e1845c4b509c4caf8414ff48eb1a6830d438c0f6d9b31870fed145999f3d84
7
+ data.tar.gz: 57b4ff721d9c4af1d30aa50f2495869d31a3a8a0d5017ee3d78d12df257625716e5dad2ba58e05a73c0c8e7a70e42bc519fe6ed77301da6fd58da0a6dddc1395
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- authentication-zero (0.0.3)
4
+ authentication-zero (0.0.7)
5
5
 
6
6
  GEM
7
7
  remote: https://rubygems.org/
data/README.md CHANGED
@@ -1,6 +1,6 @@
1
1
  # Authentication Zero
2
2
 
3
- The purpose of authentication zero is to generate a pre-built authentication system into a rails application that follows both security and rails best practices. By generating code into the user's application instead of using a library, the user has complete freedom to modify the authentication system so it works best with their app.
3
+ The purpose of authentication zero is to generate a pre-built authentication system into a rails application (web or api-only) that follows both security and rails best practices. By generating code into the user's application instead of using a library, the user has complete freedom to modify the authentication system so it works best with their app.
4
4
 
5
5
  ## Installation
6
6
 
@@ -1,3 +1,3 @@
1
1
  module AuthenticationZero
2
- VERSION = "0.0.3"
2
+ VERSION = "0.0.7"
3
3
  end
@@ -3,10 +3,16 @@ require "rails/generators/active_record"
3
3
  class AuthenticationGenerator < Rails::Generators::NamedBase
4
4
  include ActiveRecord::Generators::Migration
5
5
 
6
+ class_option :api, type: :boolean, desc: "Generates API authentication"
7
+
6
8
  source_root File.expand_path("templates", __dir__)
7
9
 
8
10
  def create_controllers
9
- directory "controllers/html", "app/controllers"
11
+ if options.api
12
+ directory "controllers/api", "app/controllers"
13
+ else
14
+ directory "controllers/html", "app/controllers"
15
+ end
10
16
  end
11
17
 
12
18
  def create_mailers
@@ -14,7 +20,11 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
14
20
  end
15
21
 
16
22
  def create_views
17
- directory "views/html", "app/views"
23
+ if options.api
24
+ directory "views/password_mailer", "app/views/password_mailer"
25
+ else
26
+ directory "views/html", "app/views"
27
+ end
18
28
  end
19
29
 
20
30
  def create_models
@@ -27,15 +37,15 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
27
37
  end
28
38
 
29
39
  def add_routes
30
- route "get 'sign_up', to: 'registrations#new'"
40
+ route "get 'sign_up', to: 'registrations#new'" unless options.api?
31
41
  route "post 'sign_up', to: 'registrations#create'"
32
- route "get 'sign_in', to: 'sessions#new'"
42
+ route "get 'sign_in', to: 'sessions#new'" unless options.api?
33
43
  route "post 'sign_in', to: 'sessions#create'"
34
- route "get 'password/edit', to: 'passwords#edit'"
44
+ route "get 'password/edit', to: 'passwords#edit'" unless options.api?
35
45
  route "patch 'password', to: 'passwords#update'"
36
- route "get 'cancellation/new', to: 'cancellations#new'"
46
+ route "get 'cancellation/new', to: 'cancellations#new'" unless options.api?
37
47
  route "post 'cancellation', to: 'cancellations#destroy'"
38
- route "get 'password_reset/new', to: 'password_resets#new'"
48
+ route "get 'password_reset/new', to: 'password_resets#new'" unless options.api?
39
49
  route "post 'password_reset', to: 'password_resets#create'"
40
50
  route "get 'password_reset/edit', to: 'password_resets#edit'"
41
51
  route "patch 'password_reset', to: 'password_resets#update'"
@@ -43,18 +53,36 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
43
53
  end
44
54
 
45
55
  def add_application_controller_methods
46
- inject_into_class "app/controllers/application_controller.rb", "ApplicationController", verbose: false do <<-CODE
47
- before_action :authenticate
48
-
49
- private
50
- def authenticate
51
- if #{singular_table_name} = cookies[:session_token] && #{class_name}.find_by_session_token(cookies[:session_token])
52
- Current.user = #{singular_table_name}
53
- else
54
- redirect_to sign_in_path, alert: "You need to sign in or sign up before continuing"
56
+ if options.api?
57
+ inject_into_class "app/controllers/application_controller.rb", "ApplicationController", verbose: false do <<~CODE
58
+ include ActionController::HttpAuthentication::Token::ControllerMethods
59
+
60
+ before_action :authenticate
61
+
62
+ private
63
+ def authenticate
64
+ if #{singular_table_name} = authenticate_with_http_token { |token, _| #{class_name}.find_by_session_token(token) }
65
+ Current.user = #{singular_table_name}
66
+ else
67
+ request_http_token_authentication
68
+ end
69
+ end
70
+ CODE
71
+ end
72
+ else
73
+ inject_into_class "app/controllers/application_controller.rb", "ApplicationController", verbose: false do <<~CODE
74
+ before_action :authenticate
75
+
76
+ private
77
+ def authenticate
78
+ if #{singular_table_name} = cookies[:session_token] && #{class_name}.find_by_session_token(cookies[:session_token])
79
+ Current.user = #{singular_table_name}
80
+ else
81
+ redirect_to sign_in_path, alert: "You need to sign in or sign up before continuing"
82
+ end
83
+ end
84
+ CODE
55
85
  end
56
- end
57
- CODE
58
86
  end
59
87
  end
60
88
  end
@@ -0,0 +1,5 @@
1
+ class CancellationsController < ApplicationController
2
+ def destroy
3
+ Current.<%= singular_table_name %>.destroy
4
+ end
5
+ end
@@ -0,0 +1,35 @@
1
+ class PasswordResetsController < ApplicationController
2
+ before_action :set_<%= singular_table_name %>, only: %i[ edit update ]
3
+ skip_before_action :authenticate
4
+
5
+ def edit
6
+ render json: { message: "Open this link in your device" }, status: :not_found
7
+ end
8
+
9
+ def create
10
+ if @<%= singular_table_name %> = <%= class_name %>.find_by_email(params[:email])
11
+ PasswordMailer.with(<%= singular_table_name %>: @<%= singular_table_name %>).reset.deliver_later
12
+ else
13
+ render json: { error: "The email address doesn't exist in our database" }, status: :bad_request
14
+ end
15
+ end
16
+
17
+ def update
18
+ if @<%= singular_table_name %>.update(password_params)
19
+ render json: @<%= singular_table_name %>
20
+ else
21
+ render json: @<%= singular_table_name %>.errors, status: :unprocessable_entity
22
+ end
23
+ end
24
+
25
+ private
26
+ def set_<%= singular_table_name %>
27
+ @<%= singular_table_name %> = <%= class_name %>.find_signed!(params[:token], purpose: "password_reset")
28
+ rescue ActiveSupport::MessageVerifier::InvalidSignature
29
+ render json: { error: "Your token has expired, please request a new one" }, status: :bad_request
30
+ end
31
+
32
+ def password_params
33
+ params.require(:<%= singular_table_name %>).permit(:password, :password_confirmation)
34
+ end
35
+ end
@@ -0,0 +1,22 @@
1
+ class PasswordsController < ApplicationController
2
+ before_action :set_<%= singular_table_name %>
3
+
4
+ def update
5
+ if !@<%= singular_table_name %>.authenticate(params[:current_password])
6
+ render json: { error: "The current password you entered is incorrect" }, status: :bad_request
7
+ elsif @<%= singular_table_name %>.update(password_params)
8
+ render json: @<%= singular_table_name %>
9
+ else
10
+ render json: @<%= singular_table_name %>.errors, status: :unprocessable_entity
11
+ end
12
+ end
13
+
14
+ private
15
+ def set_<%= singular_table_name %>
16
+ @<%= singular_table_name %> = Current.<%= singular_table_name %>
17
+ end
18
+
19
+ def password_params
20
+ params.require(:<%= singular_table_name %>).permit(:password, :password_confirmation)
21
+ end
22
+ end
@@ -0,0 +1,18 @@
1
+ class RegistrationsController < ApplicationController
2
+ skip_before_action :authenticate
3
+
4
+ def create
5
+ @<%= singular_table_name %> = <%= class_name %>.new(<%= "#{singular_table_name}_params" %>)
6
+
7
+ if @<%= singular_table_name %>.save
8
+ render json: @<%= singular_table_name %>, status: :created
9
+ else
10
+ render json: @<%= singular_table_name %>.errors, status: :unprocessable_entity
11
+ end
12
+ end
13
+
14
+ private
15
+ def <%= "#{singular_table_name}_params" %>
16
+ params.require(:<%= singular_table_name %>).permit(:email, :password, :password_confirmation)
17
+ end
18
+ end
@@ -0,0 +1,17 @@
1
+ class SessionsController < ApplicationController
2
+ skip_before_action :authenticate, except: :destroy
3
+
4
+ def create
5
+ @<%= singular_table_name %> = <%= class_name %>.find_by_email(params[:email])
6
+
7
+ if @<%= singular_table_name %>.try(:authenticate, params[:password])
8
+ render json: { session_token: @<%= singular_table_name %>.session_token }
9
+ else
10
+ render json: { error: "Invalid session token" }, status: :unauthorized
11
+ end
12
+ end
13
+
14
+ def destroy
15
+ Current.<%= singular_table_name %>.regenerate_session_token
16
+ end
17
+ end
@@ -4,7 +4,6 @@ class CancellationsController < ApplicationController
4
4
 
5
5
  def destroy
6
6
  Current.<%= singular_table_name %>.destroy
7
- cookies.delete :session_token
8
7
  redirect_to sign_in_path, notice: "Bye! Your account has been successfully cancelled"
9
8
  end
10
9
  end
@@ -1,12 +1,14 @@
1
1
  class PasswordsController < ApplicationController
2
+ before_action :set_<%= singular_table_name %>
3
+
2
4
  def edit
3
5
  @<%= singular_table_name %> = Current.<%= singular_table_name %>
4
6
  end
5
7
 
6
8
  def update
7
- if !Current.<%= singular_table_name %>.authenticate(params[:current_password])
9
+ if !@<%= singular_table_name %>.authenticate(params[:current_password])
8
10
  redirect_to password_edit_path, alert: "The current password you entered is incorrect"
9
- elsif Current.<%= singular_table_name %>.update(password_params)
11
+ elsif @<%= singular_table_name %>.update(password_params)
10
12
  redirect_to root_path, notice: "Your password has been changed successfully"
11
13
  else
12
14
  render :edit, status: :unprocessable_entity
@@ -14,6 +16,10 @@ class PasswordsController < ApplicationController
14
16
  end
15
17
 
16
18
  private
19
+ def set_<%= singular_table_name %>
20
+ @<%= singular_table_name %> = Current.<%= singular_table_name %>
21
+ end
22
+
17
23
  def password_params
18
24
  params.require(:<%= singular_table_name %>).permit(:password, :password_confirmation)
19
25
  end
@@ -22,7 +22,6 @@ class SessionsController < ApplicationController
22
22
  end
23
23
 
24
24
  def destroy
25
- cookies.delete :session_token
26
25
  Current.<%= singular_table_name %>.regenerate_session_token
27
26
  redirect_to sign_in_path, notice: "Signed out successfully"
28
27
  end
@@ -4,7 +4,11 @@ class <%= class_name %> < ApplicationRecord
4
4
 
5
5
  validates :email, presence: true, uniqueness: true
6
6
  validates :email, format: { with: /\A[^@\s]+@[^@\s]+\z/ }
7
- validates :password, length: 8..70, allow_blank: true
7
+ validates_length_of :password, minimum: 8, allow_blank: true
8
8
 
9
9
  before_validation { self.email = email.downcase.strip }
10
+
11
+ def as_json(options)
12
+ super(options.merge(except: [:password_digest, :session_token]))
13
+ end
10
14
  end
@@ -14,7 +14,7 @@
14
14
  <%% end %>
15
15
 
16
16
  <div>
17
- <%%= form.label :password, "New password (6 characters minimum)", style: "display: block" %>
17
+ <%%= form.label :password, "New password (8 characters minimum)", style: "display: block" %>
18
18
  <%%= form.password_field :password, autofocus: true, autocomplete: "new-password" %>
19
19
  </div>
20
20
 
@@ -17,11 +17,11 @@
17
17
 
18
18
  <div>
19
19
  <%%= label_tag :current_password, nil, style: "display: block" %>
20
- <%%= password_field_tag :current_password, autofocus: true, autocomplete: "current-password" %>
20
+ <%%= password_field_tag :current_password, nil, autofocus: true, autocomplete: "current-password" %>
21
21
  </div>
22
22
 
23
23
  <div>
24
- <%%= form.label :password, "New password (6 characters minimum)", style: "display: block" %>
24
+ <%%= form.label :password, "New password (8 characters minimum)", style: "display: block" %>
25
25
  <%%= form.password_field :password, autocomplete: "new-password" %>
26
26
  </div>
27
27
 
@@ -19,7 +19,7 @@
19
19
  </div>
20
20
 
21
21
  <div>
22
- <%%= form.label :password, "Password (6 characters minimum)", style: "display: block" %>
22
+ <%%= form.label :password, "Password (8 characters minimum)", style: "display: block" %>
23
23
  <%%= form.password_field :password, autocomplete: "new-password" %>
24
24
  </div>
25
25
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: authentication-zero
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.3
4
+ version: 0.0.7
5
5
  platform: ruby
6
6
  authors:
7
7
  - Nixon
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-02-14 00:00:00.000000000 Z
11
+ date: 2022-02-15 00:00:00.000000000 Z
12
12
  dependencies: []
13
13
  description:
14
14
  email:
@@ -31,6 +31,11 @@ files:
31
31
  - lib/authentication_zero/version.rb
32
32
  - lib/generators/authentication/USAGE
33
33
  - lib/generators/authentication/authentication_generator.rb
34
+ - lib/generators/authentication/templates/controllers/api/cancellations_controller.rb.tt
35
+ - lib/generators/authentication/templates/controllers/api/password_resets_controller.rb.tt
36
+ - lib/generators/authentication/templates/controllers/api/passwords_controller.rb.tt
37
+ - lib/generators/authentication/templates/controllers/api/registrations_controller.rb.tt
38
+ - lib/generators/authentication/templates/controllers/api/sessions_controller.rb.tt
34
39
  - lib/generators/authentication/templates/controllers/html/cancellations_controller.rb.tt
35
40
  - lib/generators/authentication/templates/controllers/html/password_resets_controller.rb.tt
36
41
  - lib/generators/authentication/templates/controllers/html/passwords_controller.rb.tt
@@ -40,14 +45,14 @@ files:
40
45
  - lib/generators/authentication/templates/migration.rb.tt
41
46
  - lib/generators/authentication/templates/models/current.rb.tt
42
47
  - lib/generators/authentication/templates/models/resource.rb.tt
43
- - lib/generators/authentication/templates/views/html/cancellations/new.html.erb.tt
44
- - lib/generators/authentication/templates/views/html/password_mailer/reset.html.erb.tt
45
- - lib/generators/authentication/templates/views/html/password_mailer/reset.text.erb.tt
46
- - lib/generators/authentication/templates/views/html/password_resets/edit.html.erb.tt
47
- - lib/generators/authentication/templates/views/html/password_resets/new.html.erb.tt
48
- - lib/generators/authentication/templates/views/html/passwords/edit.html.erb.tt
49
- - lib/generators/authentication/templates/views/html/registrations/new.html.erb.tt
50
- - lib/generators/authentication/templates/views/html/sessions/new.html.erb.tt
48
+ - lib/generators/authentication/templates/views/cancellations/new.html.erb.tt
49
+ - lib/generators/authentication/templates/views/password_mailer/reset.html.erb.tt
50
+ - lib/generators/authentication/templates/views/password_mailer/reset.text.erb.tt
51
+ - lib/generators/authentication/templates/views/password_resets/edit.html.erb.tt
52
+ - lib/generators/authentication/templates/views/password_resets/new.html.erb.tt
53
+ - lib/generators/authentication/templates/views/passwords/edit.html.erb.tt
54
+ - lib/generators/authentication/templates/views/registrations/new.html.erb.tt
55
+ - lib/generators/authentication/templates/views/sessions/new.html.erb.tt
51
56
  homepage: https://github.com/lazaronixon/authentication-zero
52
57
  licenses:
53
58
  - MIT