RubyGems - authentication-zero - Versions diffs - 0.0.5 → 0.0.6 - Mend

authentication-zero 0.0.5 → 0.0.6

Files changed (16) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: fbbdce3e39368908b25db1e2b98b1c6f7d8211c43099270f87e2d5905307033e
-  data.tar.gz: be7a32894d05d9796a3baa46a6cf0907e3d0dc4808687c6238e8cda262c5edd3
+  metadata.gz: 2f6baaecd5d394f4a5a589851c45638015379cf53022c6ca601b7aa49b46b1da
+  data.tar.gz: 93a28f7c9762aa2534672e45d25ee75b7708ec2e53fd629497bee70c77d1bbd4
 SHA512:
-  metadata.gz: e5db73d7da96f46cb79e4b2ea51fbd6d4698436ed234e50f535a7ad02b28f1cedbf1768d1b67d032ac070ac7bdec0ea7ab309141b9593a034497421f335f65b4
-  data.tar.gz: 840de055d1877b02c0e52af876730bf5c1a87aafe99faf956f34e26736ecf0aa39907d86071b4956844e062f4a8f413ad83d4d4b30e773b5a5f111ff18729be1
+  metadata.gz: 60439dd077e66f946f61663ffc1a0d395a3dcffd25793764eb0399b1163c9061b7917cbacd98ce74695c84bb5d363d42eb04dc09a8c2ceafb33413743f101683
+  data.tar.gz: 56756318409dbe854b7db0566e3a510f80d668aa399e38744b78aa9c3d604dd0b8a6321563b36f202dc618149ccb551ecbaf81c23b3afdbb03c766e50bb5fdac

data/Gemfile.lock CHANGED Viewed

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    authentication-zero (0.0.5)
+    authentication-zero (0.0.6)
 GEM
   remote: https://rubygems.org/

data/README.md CHANGED Viewed

@@ -1,6 +1,6 @@
 # Authentication Zero
-The purpose of authentication zero is to generate a pre-built authentication system into a rails application that follows both security and rails best practices. By generating code into the user's application instead of using a library, the user has complete freedom to modify the authentication system so it works best with their app.
+The purpose of authentication zero is to generate a pre-built authentication system into a rails application (web or api-only) that follows both security and rails best practices. By generating code into the user's application instead of using a library, the user has complete freedom to modify the authentication system so it works best with their app.
 ## Installation

data/lib/authentication_zero/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module AuthenticationZero
-  VERSION = "0.0.5"
+  VERSION = "0.0.6"
 end

data/lib/generators/authentication/authentication_generator.rb CHANGED Viewed

@@ -3,10 +3,16 @@ require "rails/generators/active_record"
 class AuthenticationGenerator < Rails::Generators::NamedBase
   include ActiveRecord::Generators::Migration
+  class_option :api, type: :boolean, desc: "Generates API authentication"
   source_root File.expand_path("templates", __dir__)
   def create_controllers
-    directory "controllers/html", "app/controllers"
+    if options.api
+      directory "controllers/api", "app/controllers"
+    else
+      directory "controllers/html", "app/controllers"
+    end
   end
   def create_mailers
@@ -14,7 +20,11 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
   end
   def create_views
-    directory "views/html", "app/views"
+    if options.api
+      directory "views/api", "app/views"
+    else
+      directory "views/html", "app/views"
+    end
   end
   def create_models
@@ -27,34 +37,52 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
   end
   def add_routes
-    route "get 'sign_up', to: 'registrations#new'"
+    route "get 'sign_up', to: 'registrations#new'" unless options.api?
     route "post 'sign_up', to: 'registrations#create'"
-    route "get 'sign_in', to: 'sessions#new'"
+    route "get 'sign_in', to: 'sessions#new'" unless options.api?
     route "post 'sign_in', to: 'sessions#create'"
-    route "get 'password/edit', to: 'passwords#edit'"
+    route "get 'password/edit', to: 'passwords#edit'" unless options.api?
     route "patch 'password', to: 'passwords#update'"
-    route "get 'cancellation/new', to: 'cancellations#new'"
+    route "get 'cancellation/new', to: 'cancellations#new'" unless options.api?
     route "post 'cancellation', to: 'cancellations#destroy'"
-    route "get 'password_reset/new', to: 'password_resets#new'"
+    route "get 'password_reset/new', to: 'password_resets#new'" unless options.api?
     route "post 'password_reset', to: 'password_resets#create'"
-    route "get 'password_reset/edit', to: 'password_resets#edit'"
+    route "get 'password_reset/edit', to: 'password_resets#edit'" unless options.api?
     route "patch 'password_reset', to: 'password_resets#update'"
     route "delete 'sign_out', to: 'sessions#destroy'"
   end
   def add_application_controller_methods
-    inject_into_class "app/controllers/application_controller.rb", "ApplicationController", verbose: false do <<-CODE
-  before_action :authenticate
-  private
-    def authenticate
-      if #{singular_table_name} = cookies[:session_token] && #{class_name}.find_by_session_token(cookies[:session_token])
-        Current.user = #{singular_table_name}
-      else
-        redirect_to sign_in_path, alert: "You need to sign in or sign up before continuing"
+    if options.api?
+      inject_into_class "app/controllers/application_controller.rb", "ApplicationController", verbose: false do <<~CODE
+        include ActionController::HttpAuthentication::Token::ControllerMethods
+        before_action :authenticate
+        private
+          def authenticate
+            if #{singular_table_name} = authenticate_with_http_token { |token, _| #{class_name}.find_by_session_token(token) }
+              Current.user = #{singular_table_name}
+            else
+              request_http_token_authentication
+            end
+          end
+      CODE
+      end
+    else
+      inject_into_class "app/controllers/application_controller.rb", "ApplicationController", verbose: false do <<~CODE
+        before_action :authenticate
+        private
+          def authenticate
+            if #{singular_table_name} = cookies[:session_token] && #{class_name}.find_by_session_token(cookies[:session_token])
+              Current.user = #{singular_table_name}
+            else
+              redirect_to sign_in_path, alert: "You need to sign in or sign up before continuing"
+            end
+          end
+      CODE
       end
-    end
-    CODE
     end
   end
 end

data/lib/generators/authentication/templates/controllers/api/cancellations_controller.rb.tt ADDED Viewed

@@ -0,0 +1,5 @@
+class CancellationsController < ApplicationController
+  def destroy
+    Current.<%= singular_table_name %>.destroy
+  end
+end

data/lib/generators/authentication/templates/controllers/api/password_resets_controller.rb.tt ADDED Viewed

@@ -0,0 +1,31 @@
+class PasswordResetsController < ApplicationController
+  before_action :set_<%= singular_table_name %>, only: :update
+  skip_before_action :authenticate
+  def create
+    if @<%= singular_table_name %> = <%= class_name %>.find_by_email(params[:email])
+      PasswordMailer.with(<%= singular_table_name %>: @<%= singular_table_name %>).reset.deliver_later
+    else
+      render json: { error: "The email address doesn't exist in our database" }, status: :bad_request
+    end
+  end
+  def update
+    if @<%= singular_table_name %>.update(password_params)
+      render json: @<%= singular_table_name %>
+    else
+      render json: @<%= singular_table_name %>.errors, status: :unprocessable_entity
+    end
+  end
+  private
+    def set_<%= singular_table_name %>
+      @<%= singular_table_name %> = <%= class_name %>.find_signed!(params[:token], purpose: "password_reset")
+    rescue ActiveSupport::MessageVerifier::InvalidSignature
+      render json: { error: "Your token has expired, please request a new one" }, status: :bad_request
+    end
+    def password_params
+      params.require(:<%= singular_table_name %>).permit(:password, :password_confirmation)
+    end
+end

data/lib/generators/authentication/templates/controllers/api/passwords_controller.rb.tt ADDED Viewed

@@ -0,0 +1,22 @@
+class PasswordsController < ApplicationController
+  before_action :set_<%= singular_table_name %>
+  def update
+    if !@<%= singular_table_name %>.authenticate(params[:current_password])
+      render json: { error: "The current password you entered is incorrect" }, status: :bad_request
+    elsif @<%= singular_table_name %>.update(password_params)
+      render json: @<%= singular_table_name %>
+    else
+      render json: @<%= singular_table_name %>.errors, status: :unprocessable_entity
+    end
+  end
+  private
+    def set_<%= singular_table_name %>
+      @<%= singular_table_name %> = Current.<%= singular_table_name %>
+    end
+    def password_params
+      params.require(:<%= singular_table_name %>).permit(:password, :password_confirmation)
+    end
+end

data/lib/generators/authentication/templates/controllers/api/registrations_controller.rb.tt ADDED Viewed

@@ -0,0 +1,18 @@
+class RegistrationsController < ApplicationController
+  skip_before_action :authenticate
+  def create
+    @<%= singular_table_name %> = <%= class_name %>.new(<%= "#{singular_table_name}_params" %>)
+    if @<%= singular_table_name %>.save
+      render json: @<%= singular_table_name %>, status: :created
+    else
+      render json: @<%= singular_table_name %>.errors, status: :unprocessable_entity
+    end
+  end
+  private
+    def <%= "#{singular_table_name}_params" %>
+      params.require(:<%= singular_table_name %>).permit(:email, :password, :password_confirmation)
+    end
+end

data/lib/generators/authentication/templates/controllers/api/sessions_controller.rb.tt ADDED Viewed

@@ -0,0 +1,17 @@
+class SessionsController < ApplicationController
+  skip_before_action :authenticate, except: :destroy
+  def create
+    @<%= singular_table_name %> = <%= class_name %>.find_by_email(params[:email])
+    if @<%= singular_table_name %>.try(:authenticate, params[:password])
+      render json: { session_token: @<%= singular_table_name %>.session_token }
+    else
+      render json: { error: "Invalid session token" }, status: :unauthorized
+    end
+  end
+  def destroy
+    Current.<%= singular_table_name %>.regenerate_session_token
+  end
+end

data/lib/generators/authentication/templates/controllers/html/cancellations_controller.rb.tt CHANGED Viewed

@@ -4,7 +4,6 @@ class CancellationsController < ApplicationController
   def destroy
     Current.<%= singular_table_name %>.destroy
-    cookies.delete :session_token
     redirect_to sign_in_path, notice: "Bye! Your account has been successfully cancelled"
   end
 end

data/lib/generators/authentication/templates/controllers/html/sessions_controller.rb.tt CHANGED Viewed

@@ -22,7 +22,6 @@ class SessionsController < ApplicationController
   end
   def destroy
-    cookies.delete :session_token
     Current.<%= singular_table_name %>.regenerate_session_token
     redirect_to sign_in_path, notice: "Signed out successfully"
   end

data/lib/generators/authentication/templates/models/resource.rb.tt CHANGED Viewed

@@ -7,4 +7,8 @@ class <%= class_name %> < ApplicationRecord
   validates_length_of :password, minimum: 8, allow_blank: true
   before_validation { self.email = email.downcase.strip }
+  def as_json(options)
+    super(options.merge(except: [:password_digest, :session_token]))
+  end
 end

data/lib/generators/authentication/templates/views/api/password_mailer/reset.html.erb.tt ADDED Viewed

@@ -0,0 +1,7 @@
+Hi <%%= params[:<%= singular_table_name %>].email %>,
+Someone requested a reset of your password.
+If this was you, use this token to reset your password. The token will expire automatically in 15 minutes.
+<%%= @token %>

data/lib/generators/authentication/templates/views/api/password_mailer/reset.text.erb.tt ADDED Viewed

@@ -0,0 +1,7 @@
+Hi <%%= params[:<%= singular_table_name %>].email %>,
+Someone requested a reset of your password.
+If this was you, use this token to reset your password. The token will expire automatically in 15 minutes.
+<%%= @token %>

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: authentication-zero
 version: !ruby/object:Gem::Version
-  version: 0.0.5
+  version: 0.0.6
 platform: ruby
 authors:
 - Nixon
@@ -31,6 +31,11 @@ files:
 - lib/authentication_zero/version.rb
 - lib/generators/authentication/USAGE
 - lib/generators/authentication/authentication_generator.rb
+- lib/generators/authentication/templates/controllers/api/cancellations_controller.rb.tt
+- lib/generators/authentication/templates/controllers/api/password_resets_controller.rb.tt
+- lib/generators/authentication/templates/controllers/api/passwords_controller.rb.tt
+- lib/generators/authentication/templates/controllers/api/registrations_controller.rb.tt
+- lib/generators/authentication/templates/controllers/api/sessions_controller.rb.tt
 - lib/generators/authentication/templates/controllers/html/cancellations_controller.rb.tt
 - lib/generators/authentication/templates/controllers/html/password_resets_controller.rb.tt
 - lib/generators/authentication/templates/controllers/html/passwords_controller.rb.tt
@@ -40,6 +45,8 @@ files:
 - lib/generators/authentication/templates/migration.rb.tt
 - lib/generators/authentication/templates/models/current.rb.tt
 - lib/generators/authentication/templates/models/resource.rb.tt
+- lib/generators/authentication/templates/views/api/password_mailer/reset.html.erb.tt
+- lib/generators/authentication/templates/views/api/password_mailer/reset.text.erb.tt
 - lib/generators/authentication/templates/views/html/cancellations/new.html.erb.tt
 - lib/generators/authentication/templates/views/html/password_mailer/reset.html.erb.tt
 - lib/generators/authentication/templates/views/html/password_mailer/reset.text.erb.tt