authentication-zero 0.0.4 → 0.0.8

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6543f6ea3814c085db9b5d9dbc3543ef3ded98ffd0ac329e0055f704d08c5e92
-  data.tar.gz: '0792d9e0d6e5bdfec32851dfc234aabf149f74b5abd991dd3f0b7c3d15ca2c78'
+  metadata.gz: 07c68a23f93d453c769787635ca42269f5f36e7c7a6b23aef28e7d99c530770e
+  data.tar.gz: a636bcbea4839a311ece1ed5f9985f5b3c7802e10a90fe11a7a5a580c0383759
 SHA512:
-  metadata.gz: e44c73c52924721feb5dbd2c2d0dbb5b32ff9e12a29a59200834a2bcc091a3bb380d8cd8ade247f4db2d1abf8748b43b23d0853bb891b9f4105d2fec73777277
-  data.tar.gz: 2357dc17f6c340cb5fde32f420415e80ed61b4ec8f697cfb15eefbb373aa1853b66da8b18e87f2821f3491f7c91965f0027cf670f0d3da94576b88089b5de086
+  metadata.gz: 44f612049c4a25d7db96bd68ddeb5905e8aeb44a5d077c2d23e908877720b99a059da1750743383710d8843946263752db4614b05b9bee30e7eba7c1303e1e59
+  data.tar.gz: c08827199263f82df359d3d9fc4eeec04dd1087e2d24508ab531f8f55524cbab8af16cf3f2c5ca3d2099ff8da2a80b7988be6fe7affd8ca36b240035cbe74719

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    authentication-zero (0.0.4)
+    authentication-zero (0.0.8)
 
 GEM
   remote: https://rubygems.org/

data/README.md

@@ -1,6 +1,6 @@
 # Authentication Zero
 
-The purpose of authentication zero is to generate a pre-built authentication system into a rails application that follows both security and rails best practices. By generating code into the user's application instead of using a library, the user has complete freedom to modify the authentication system so it works best with their app.
+The purpose of authentication zero is to generate a pre-built authentication system into a rails application (web or api-only) that follows both security and rails best practices. By generating code into the user's application instead of using a library, the user has complete freedom to modify the authentication system so it works best with their app.
 
 ## Installation
 

data/lib/authentication_zero/version.rb

@@ -1,3 +1,3 @@
 module AuthenticationZero
-  VERSION = "0.0.4"
+  VERSION = "0.0.8"
 end

data/lib/generators/authentication/authentication_generator.rb

@@ -3,10 +3,16 @@ require "rails/generators/active_record"
 class AuthenticationGenerator < Rails::Generators::NamedBase
   include ActiveRecord::Generators::Migration
 
+  class_option :api, type: :boolean, desc: "Generates API authentication"
+
   source_root File.expand_path("templates", __dir__)
 
   def create_controllers
-    directory "controllers/html", "app/controllers"
+    if options.api
+      directory "controllers/api", "app/controllers"
+    else
+      directory "controllers/html", "app/controllers"
+    end
   end
 
   def create_mailers
@@ -14,7 +20,11 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
   end
 
   def create_views
-    directory "views/html", "app/views"
+    if options.api
+      directory "views/password_mailer", "app/views/password_mailer"
+    else
+      directory "views", "app/views"
+    end
   end
 
   def create_models
@@ -27,15 +37,15 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
   end
 
   def add_routes
-    route "get 'sign_up', to: 'registrations#new'"
+    route "get 'sign_up', to: 'registrations#new'" unless options.api?
     route "post 'sign_up', to: 'registrations#create'"
-    route "get 'sign_in', to: 'sessions#new'"
+    route "get 'sign_in', to: 'sessions#new'" unless options.api?
     route "post 'sign_in', to: 'sessions#create'"
-    route "get 'password/edit', to: 'passwords#edit'"
+    route "get 'password/edit', to: 'passwords#edit'" unless options.api?
     route "patch 'password', to: 'passwords#update'"
-    route "get 'cancellation/new', to: 'cancellations#new'"
+    route "get 'cancellation/new', to: 'cancellations#new'" unless options.api?
     route "post 'cancellation', to: 'cancellations#destroy'"
-    route "get 'password_reset/new', to: 'password_resets#new'"
+    route "get 'password_reset/new', to: 'password_resets#new'" unless options.api?
     route "post 'password_reset', to: 'password_resets#create'"
     route "get 'password_reset/edit', to: 'password_resets#edit'"
     route "patch 'password_reset', to: 'password_resets#update'"
@@ -43,18 +53,36 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
   end
 
   def add_application_controller_methods
-    inject_into_class "app/controllers/application_controller.rb", "ApplicationController", verbose: false do <<-CODE
-  before_action :authenticate
-
-  private
-    def authenticate
-      if #{singular_table_name} = cookies[:session_token] && #{class_name}.find_by_session_token(cookies[:session_token])
-        Current.user = #{singular_table_name}
-      else
-        redirect_to sign_in_path, alert: "You need to sign in or sign up before continuing"
+    if options.api?
+      inject_into_class "app/controllers/application_controller.rb", "ApplicationController", verbose: false do <<~CODE
+        include ActionController::HttpAuthentication::Token::ControllerMethods
+
+        before_action :authenticate
+
+        private
+          def authenticate
+            if #{singular_table_name} = authenticate_with_http_token { |token, _| #{class_name}.find_by_session_token(token) }
+              Current.user = #{singular_table_name}
+            else
+              request_http_token_authentication
+            end
+          end
+      CODE
+      end
+    else
+      inject_into_class "app/controllers/application_controller.rb", "ApplicationController", verbose: false do <<~CODE
+        before_action :authenticate
+
+        private
+          def authenticate
+            if #{singular_table_name} = cookies[:session_token] && #{class_name}.find_by_session_token(cookies[:session_token])
+              Current.user = #{singular_table_name}
+            else
+              redirect_to sign_in_path, alert: "You need to sign in or sign up before continuing"
+            end
+          end
+      CODE
       end
-    end
-    CODE
     end
   end
 end

data/lib/generators/authentication/templates/controllers/api/cancellations_controller.rb.tt

@@ -0,0 +1,5 @@
+class CancellationsController < ApplicationController
+  def destroy
+    Current.<%= singular_table_name %>.destroy
+  end
+end

data/lib/generators/authentication/templates/controllers/api/password_resets_controller.rb.tt

@@ -0,0 +1,35 @@
+class PasswordResetsController < ApplicationController
+  before_action :set_<%= singular_table_name %>, only: %i[ edit update ]
+  skip_before_action :authenticate
+
+  def edit
+    render json: { message: "Open this link in your device" }, status: :not_found
+  end
+
+  def create
+    if @<%= singular_table_name %> = <%= class_name %>.find_by_email(params[:email])
+      PasswordMailer.with(<%= singular_table_name %>: @<%= singular_table_name %>).reset.deliver_later
+    else
+      render json: { error: "The email address doesn't exist in our database" }, status: :bad_request
+    end
+  end
+
+  def update
+    if @<%= singular_table_name %>.update(password_params)
+      render json: @<%= singular_table_name %>
+    else
+      render json: @<%= singular_table_name %>.errors, status: :unprocessable_entity
+    end
+  end
+
+  private
+    def set_<%= singular_table_name %>
+      @<%= singular_table_name %> = <%= class_name %>.find_signed!(params[:token], purpose: "password_reset")
+    rescue ActiveSupport::MessageVerifier::InvalidSignature
+      render json: { error: "Your token has expired, please request a new one" }, status: :bad_request
+    end
+
+    def password_params
+      params.require(:<%= singular_table_name %>).permit(:password, :password_confirmation)
+    end
+end

data/lib/generators/authentication/templates/controllers/api/passwords_controller.rb.tt

@@ -0,0 +1,22 @@
+class PasswordsController < ApplicationController
+  before_action :set_<%= singular_table_name %>
+
+  def update
+    if !@<%= singular_table_name %>.authenticate(params[:current_password])
+      render json: { error: "The current password you entered is incorrect" }, status: :bad_request
+    elsif @<%= singular_table_name %>.update(password_params)
+      render json: @<%= singular_table_name %>
+    else
+      render json: @<%= singular_table_name %>.errors, status: :unprocessable_entity
+    end
+  end
+
+  private
+    def set_<%= singular_table_name %>
+      @<%= singular_table_name %> = Current.<%= singular_table_name %>
+    end
+
+    def password_params
+      params.require(:<%= singular_table_name %>).permit(:password, :password_confirmation)
+    end
+end

data/lib/generators/authentication/templates/controllers/api/registrations_controller.rb.tt

@@ -0,0 +1,18 @@
+class RegistrationsController < ApplicationController
+  skip_before_action :authenticate
+
+  def create
+    @<%= singular_table_name %> = <%= class_name %>.new(<%= "#{singular_table_name}_params" %>)
+
+    if @<%= singular_table_name %>.save
+      render json: @<%= singular_table_name %>, status: :created
+    else
+      render json: @<%= singular_table_name %>.errors, status: :unprocessable_entity
+    end
+  end
+
+  private
+    def <%= "#{singular_table_name}_params" %>
+      params.require(:<%= singular_table_name %>).permit(:email, :password, :password_confirmation)
+    end
+end

data/lib/generators/authentication/templates/controllers/api/sessions_controller.rb.tt

@@ -0,0 +1,17 @@
+class SessionsController < ApplicationController
+  skip_before_action :authenticate, except: :destroy
+
+  def create
+    @<%= singular_table_name %> = <%= class_name %>.find_by_email(params[:email])
+
+    if @<%= singular_table_name %>.try(:authenticate, params[:password])
+      render json: { session_token: @<%= singular_table_name %>.session_token }
+    else
+      render json: { error: "Invalid session token" }, status: :unauthorized
+    end
+  end
+
+  def destroy
+    Current.<%= singular_table_name %>.regenerate_session_token
+  end
+end

data/lib/generators/authentication/templates/controllers/html/cancellations_controller.rb.tt

@@ -4,7 +4,6 @@ class CancellationsController < ApplicationController
 
   def destroy
     Current.<%= singular_table_name %>.destroy
-    cookies.delete :session_token
     redirect_to sign_in_path, notice: "Bye! Your account has been successfully cancelled"
   end
 end

data/lib/generators/authentication/templates/controllers/html/passwords_controller.rb.tt

@@ -1,12 +1,14 @@
 class PasswordsController < ApplicationController
+  before_action :set_<%= singular_table_name %>
+
   def edit
     @<%= singular_table_name %> = Current.<%= singular_table_name %>
   end
 
   def update
-    if !Current.<%= singular_table_name %>.authenticate(params[:current_password])
+    if !@<%= singular_table_name %>.authenticate(params[:current_password])
       redirect_to password_edit_path, alert: "The current password you entered is incorrect"
-    elsif Current.<%= singular_table_name %>.update(password_params)
+    elsif @<%= singular_table_name %>.update(password_params)
       redirect_to root_path, notice: "Your password has been changed successfully"
     else
       render :edit, status: :unprocessable_entity
@@ -14,6 +16,10 @@ class PasswordsController < ApplicationController
   end
 
   private
+    def set_<%= singular_table_name %>
+      @<%= singular_table_name %> = Current.<%= singular_table_name %>
+    end
+
     def password_params
       params.require(:<%= singular_table_name %>).permit(:password, :password_confirmation)
     end

data/lib/generators/authentication/templates/controllers/html/sessions_controller.rb.tt

@@ -22,7 +22,6 @@ class SessionsController < ApplicationController
   end
 
   def destroy
-    cookies.delete :session_token
     Current.<%= singular_table_name %>.regenerate_session_token
     redirect_to sign_in_path, notice: "Signed out successfully"
   end

data/lib/generators/authentication/templates/models/resource.rb.tt

@@ -4,7 +4,11 @@ class <%= class_name %> < ApplicationRecord
 
   validates :email, presence: true, uniqueness: true
   validates :email, format: { with: /\A[^@\s]+@[^@\s]+\z/ }
-  validates :password, length: 8..70, allow_blank: true
+  validates_length_of :password, minimum: 8, allow_blank: true
 
   before_validation { self.email = email.downcase.strip }
+
+  def as_json(options)
+    super(options.merge(except: [:password_digest, :session_token]))
+  end  
 end

data/lib/generators/authentication/templates/views/{html/passwords → passwords}/edit.html.erb.tt

@@ -17,7 +17,7 @@
 
   <div>
     <%%= label_tag :current_password, nil, style: "display: block" %>
-    <%%= password_field_tag :current_password, autofocus: true, autocomplete: "current-password" %>
+    <%%= password_field_tag :current_password, nil, autofocus: true, autocomplete: "current-password" %>
   </div>
 
   <div>

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: authentication-zero
 version: !ruby/object:Gem::Version
-  version: 0.0.4
+  version: 0.0.8
 platform: ruby
 authors:
 - Nixon
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-02-14 00:00:00.000000000 Z
+date: 2022-02-15 00:00:00.000000000 Z
 dependencies: []
 description: 
 email:
@@ -31,6 +31,11 @@ files:
 - lib/authentication_zero/version.rb
 - lib/generators/authentication/USAGE
 - lib/generators/authentication/authentication_generator.rb
+- lib/generators/authentication/templates/controllers/api/cancellations_controller.rb.tt
+- lib/generators/authentication/templates/controllers/api/password_resets_controller.rb.tt
+- lib/generators/authentication/templates/controllers/api/passwords_controller.rb.tt
+- lib/generators/authentication/templates/controllers/api/registrations_controller.rb.tt
+- lib/generators/authentication/templates/controllers/api/sessions_controller.rb.tt
 - lib/generators/authentication/templates/controllers/html/cancellations_controller.rb.tt
 - lib/generators/authentication/templates/controllers/html/password_resets_controller.rb.tt
 - lib/generators/authentication/templates/controllers/html/passwords_controller.rb.tt
@@ -40,14 +45,14 @@ files:
 - lib/generators/authentication/templates/migration.rb.tt
 - lib/generators/authentication/templates/models/current.rb.tt
 - lib/generators/authentication/templates/models/resource.rb.tt
-- lib/generators/authentication/templates/views/html/cancellations/new.html.erb.tt
-- lib/generators/authentication/templates/views/html/password_mailer/reset.html.erb.tt
-- lib/generators/authentication/templates/views/html/password_mailer/reset.text.erb.tt
-- lib/generators/authentication/templates/views/html/password_resets/edit.html.erb.tt
-- lib/generators/authentication/templates/views/html/password_resets/new.html.erb.tt
-- lib/generators/authentication/templates/views/html/passwords/edit.html.erb.tt
-- lib/generators/authentication/templates/views/html/registrations/new.html.erb.tt
-- lib/generators/authentication/templates/views/html/sessions/new.html.erb.tt
+- lib/generators/authentication/templates/views/cancellations/new.html.erb.tt
+- lib/generators/authentication/templates/views/password_mailer/reset.html.erb.tt
+- lib/generators/authentication/templates/views/password_mailer/reset.text.erb.tt
+- lib/generators/authentication/templates/views/password_resets/edit.html.erb.tt
+- lib/generators/authentication/templates/views/password_resets/new.html.erb.tt
+- lib/generators/authentication/templates/views/passwords/edit.html.erb.tt
+- lib/generators/authentication/templates/views/registrations/new.html.erb.tt
+- lib/generators/authentication/templates/views/sessions/new.html.erb.tt
 homepage: https://github.com/lazaronixon/authentication-zero
 licenses:
 - MIT