authentication-zero 0.0.5 → 0.0.9

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: fbbdce3e39368908b25db1e2b98b1c6f7d8211c43099270f87e2d5905307033e
-  data.tar.gz: be7a32894d05d9796a3baa46a6cf0907e3d0dc4808687c6238e8cda262c5edd3
+  metadata.gz: 11deb23576e389ac26590fa1028b8da52e874a1eb8be2578961816b2745a8b14
+  data.tar.gz: debebbdfe6829936c06b5ff8f2f2ba13f1d623b944ac65ff7a581070fd78d2ab
 SHA512:
-  metadata.gz: e5db73d7da96f46cb79e4b2ea51fbd6d4698436ed234e50f535a7ad02b28f1cedbf1768d1b67d032ac070ac7bdec0ea7ab309141b9593a034497421f335f65b4
-  data.tar.gz: 840de055d1877b02c0e52af876730bf5c1a87aafe99faf956f34e26736ecf0aa39907d86071b4956844e062f4a8f413ad83d4d4b30e773b5a5f111ff18729be1
+  metadata.gz: cb417c4b4e83690f092c28d3573718217fe3ab25ac605c1dbb0ee494289921c0d71dae1d1cf92b9a702339d5b108b702ed64ae7177aee49eb53fe24314da3e1a
+  data.tar.gz: 6869e7c3eb2775fbfcc90a75e97eb9bd6e30244452ef065e6da688a22d307d1f2f3c305b93b1ba4f157263b4d7a65ecb22e2c1f30e064ec9034e5a53788760ed

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    authentication-zero (0.0.5)
+    authentication-zero (0.0.9)
 
 GEM
   remote: https://rubygems.org/

data/README.md

@@ -1,6 +1,6 @@
 # Authentication Zero
 
-The purpose of authentication zero is to generate a pre-built authentication system into a rails application that follows both security and rails best practices. By generating code into the user's application instead of using a library, the user has complete freedom to modify the authentication system so it works best with their app.
+The purpose of authentication zero is to generate a pre-built authentication system into a rails application (web or api-only) that follows both security and rails best practices. By generating code into the user's application instead of using a library, the user has complete freedom to modify the authentication system so it works best with their app.
 
 ## Installation
 

data/lib/authentication_zero/version.rb

@@ -1,3 +1,3 @@
 module AuthenticationZero
-  VERSION = "0.0.5"
+  VERSION = "0.0.9"
 end

data/lib/generators/authentication/authentication_generator.rb

@@ -3,10 +3,16 @@ require "rails/generators/active_record"
 class AuthenticationGenerator < Rails::Generators::NamedBase
   include ActiveRecord::Generators::Migration
 
+  class_option :api, type: :boolean, desc: "Generates API authentication"
+
   source_root File.expand_path("templates", __dir__)
 
   def create_controllers
-    directory "controllers/html", "app/controllers"
+    if options.api
+      directory "controllers/api", "app/controllers"
+    else
+      directory "controllers/html", "app/controllers"
+    end
   end
 
   def create_mailers
@@ -14,7 +20,11 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
   end
 
   def create_views
-    directory "views/html", "app/views"
+    if options.api
+      directory "views/password_mailer", "app/views/password_mailer"
+    else
+      directory "views", "app/views"
+    end
   end
 
   def create_models
@@ -27,15 +37,15 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
   end
 
   def add_routes
-    route "get 'sign_up', to: 'registrations#new'"
+    route "get 'sign_up', to: 'registrations#new'" unless options.api?
     route "post 'sign_up', to: 'registrations#create'"
-    route "get 'sign_in', to: 'sessions#new'"
+    route "get 'sign_in', to: 'sessions#new'" unless options.api?
     route "post 'sign_in', to: 'sessions#create'"
-    route "get 'password/edit', to: 'passwords#edit'"
+    route "get 'password/edit', to: 'passwords#edit'" unless options.api?
     route "patch 'password', to: 'passwords#update'"
-    route "get 'cancellation/new', to: 'cancellations#new'"
+    route "get 'cancellation/new', to: 'cancellations#new'" unless options.api?
     route "post 'cancellation', to: 'cancellations#destroy'"
-    route "get 'password_reset/new', to: 'password_resets#new'"
+    route "get 'password_reset/new', to: 'password_resets#new'" unless options.api?
     route "post 'password_reset', to: 'password_resets#create'"
     route "get 'password_reset/edit', to: 'password_resets#edit'"
     route "patch 'password_reset', to: 'password_resets#update'"
@@ -43,18 +53,36 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
   end
 
   def add_application_controller_methods
-    inject_into_class "app/controllers/application_controller.rb", "ApplicationController", verbose: false do <<-CODE
-  before_action :authenticate
-
-  private
-    def authenticate
-      if #{singular_table_name} = cookies[:session_token] && #{class_name}.find_by_session_token(cookies[:session_token])
-        Current.user = #{singular_table_name}
-      else
-        redirect_to sign_in_path, alert: "You need to sign in or sign up before continuing"
+    if options.api?
+      inject_into_class "app/controllers/application_controller.rb", "ApplicationController", verbose: false do <<~CODE
+        include ActionController::HttpAuthentication::Token::ControllerMethods
+
+        before_action :authenticate
+
+        private
+          def authenticate
+            if #{singular_table_name} = authenticate_with_http_token { |token, _| #{class_name}.find_by_session_token(token) }
+              Current.user = #{singular_table_name}
+            else
+              request_http_token_authentication
+            end
+          end
+      CODE
+      end
+    else
+      inject_into_class "app/controllers/application_controller.rb", "ApplicationController", verbose: false do <<~CODE
+        before_action :authenticate
+
+        private
+          def authenticate
+            if #{singular_table_name} = cookies[:session_token] && #{class_name}.find_by_session_token(cookies[:session_token])
+              Current.user = #{singular_table_name}
+            else
+              redirect_to sign_in_path, alert: "You need to sign in or sign up before continuing"
+            end
+          end
+      CODE
       end
-    end
-    CODE
     end
   end
 end

data/lib/generators/authentication/templates/controllers/api/cancellations_controller.rb.tt

@@ -0,0 +1,5 @@
+class CancellationsController < ApplicationController
+  def destroy
+    Current.<%= singular_table_name %>.destroy
+  end
+end

data/lib/generators/authentication/templates/controllers/api/password_resets_controller.rb.tt

@@ -0,0 +1,35 @@
+class PasswordResetsController < ApplicationController
+  before_action :set_<%= singular_table_name %>, only: %i[ edit update ]
+  skip_before_action :authenticate
+
+  def edit
+    render json: { message: "Open this link in your device" }, status: :not_found
+  end
+
+  def create
+    if @<%= singular_table_name %> = <%= class_name %>.find_by_email(params[:email])
+      PasswordMailer.with(<%= singular_table_name %>: @<%= singular_table_name %>).reset.deliver_later
+    else
+      render json: { error: "The email address doesn't exist in our database" }, status: :bad_request
+    end
+  end
+
+  def update
+    if @<%= singular_table_name %>.update(password_params)
+      render json: @<%= singular_table_name %>
+    else
+      render json: @<%= singular_table_name %>.errors, status: :unprocessable_entity
+    end
+  end
+
+  private
+    def set_<%= singular_table_name %>
+      @<%= singular_table_name %> = <%= class_name %>.find_signed!(params[:token], purpose: "password_reset")
+    rescue ActiveSupport::MessageVerifier::InvalidSignature
+      render json: { error: "Your token has expired, please request a new one" }, status: :bad_request
+    end
+
+    def password_params
+      params.require(:<%= singular_table_name %>).permit(:password, :password_confirmation)
+    end
+end

data/lib/generators/authentication/templates/controllers/api/passwords_controller.rb.tt

@@ -0,0 +1,22 @@
+class PasswordsController < ApplicationController
+  before_action :set_<%= singular_table_name %>
+
+  def update
+    if !@<%= singular_table_name %>.authenticate(params[:current_password])
+      render json: { error: "The current password you entered is incorrect" }, status: :bad_request
+    elsif @<%= singular_table_name %>.update(password_params)
+      render json: @<%= singular_table_name %>
+    else
+      render json: @<%= singular_table_name %>.errors, status: :unprocessable_entity
+    end
+  end
+
+  private
+    def set_<%= singular_table_name %>
+      @<%= singular_table_name %> = Current.<%= singular_table_name %>
+    end
+
+    def password_params
+      params.require(:<%= singular_table_name %>).permit(:password, :password_confirmation)
+    end
+end

data/lib/generators/authentication/templates/controllers/api/registrations_controller.rb.tt

@@ -0,0 +1,18 @@
+class RegistrationsController < ApplicationController
+  skip_before_action :authenticate
+
+  def create
+    @<%= singular_table_name %> = <%= class_name %>.new(<%= "#{singular_table_name}_params" %>)
+
+    if @<%= singular_table_name %>.save
+      render json: @<%= singular_table_name %>, status: :created
+    else
+      render json: @<%= singular_table_name %>.errors, status: :unprocessable_entity
+    end
+  end
+
+  private
+    def <%= "#{singular_table_name}_params" %>
+      params.require(:<%= singular_table_name %>).permit(:email, :password, :password_confirmation)
+    end
+end

data/lib/generators/authentication/templates/controllers/api/sessions_controller.rb.tt

@@ -0,0 +1,17 @@
+class SessionsController < ApplicationController
+  skip_before_action :authenticate, except: :destroy
+
+  def create
+    @<%= singular_table_name %> = <%= class_name %>.find_by_email(params[:email])
+
+    if @<%= singular_table_name %>.try(:authenticate, params[:password])
+      render json: { session_token: @<%= singular_table_name %>.session_token }
+    else
+      render json: { error: "Invalid session token" }, status: :unauthorized
+    end
+  end
+
+  def destroy
+    Current.<%= singular_table_name %>.regenerate_session_token
+  end
+end

data/lib/generators/authentication/templates/controllers/html/cancellations_controller.rb.tt

@@ -4,7 +4,6 @@ class CancellationsController < ApplicationController
 
   def destroy
     Current.<%= singular_table_name %>.destroy
-    cookies.delete :session_token
     redirect_to sign_in_path, notice: "Bye! Your account has been successfully cancelled"
   end
 end

data/lib/generators/authentication/templates/controllers/html/sessions_controller.rb.tt

@@ -22,7 +22,6 @@ class SessionsController < ApplicationController
   end
 
   def destroy
-    cookies.delete :session_token
     Current.<%= singular_table_name %>.regenerate_session_token
     redirect_to sign_in_path, notice: "Signed out successfully"
   end

data/lib/generators/authentication/templates/models/resource.rb.tt

@@ -7,4 +7,8 @@ class <%= class_name %> < ApplicationRecord
   validates_length_of :password, minimum: 8, allow_blank: true
 
   before_validation { self.email = email.downcase.strip }
+
+  def as_json(options)
+    super(options.merge(except: [:password_digest, :session_token]))
+  end  
 end

data/lib/generators/authentication/templates/views/password_mailer/reset.html.erb.tt

@@ -0,0 +1,8 @@
+<p>Hello <%%= params[:<%= singular_table_name %>].email %>!</p>
+
+<p>Someone has requested a link to change your password. You can do this through the link below.</p>
+
+<p><%%= link_to "Change my password", password_reset_edit_url(token: @token) %></p>
+
+<p>If you didn't request this, please ignore this email.</p>
+<p>Your password won't change until you access the link above and create a new one.</p>

data/lib/generators/authentication/templates/views/password_mailer/reset.text.erb.tt

@@ -0,0 +1,8 @@
+Hello <%%= params[:<%= singular_table_name %>].email %>
+
+Someone has requested a link to change your password, and you can do this through the link below.
+
+[Change my password]<%%= password_reset_edit_url(token: @token) %>
+
+If you didn't request this, please ignore this email.
+Your password won't change until you access the link above and create a new one.

data/lib/generators/authentication/templates/views/{html/password_resets → password_resets}/new.html.erb.tt

@@ -5,7 +5,7 @@
 <%%= form_with(url: password_reset_path) do |form| %>
   <div>
     <%%= form.label :email, style: "display: block" %>
-    <%%= form.email_field :email, autofocus: true, required: true, autocomplete: "email" %>
+    <%%= form.email_field :email, autofocus: true, required: true %>
   </div>
 
   <div>

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: authentication-zero
 version: !ruby/object:Gem::Version
-  version: 0.0.5
+  version: 0.0.9
 platform: ruby
 authors:
 - Nixon
@@ -31,6 +31,11 @@ files:
 - lib/authentication_zero/version.rb
 - lib/generators/authentication/USAGE
 - lib/generators/authentication/authentication_generator.rb
+- lib/generators/authentication/templates/controllers/api/cancellations_controller.rb.tt
+- lib/generators/authentication/templates/controllers/api/password_resets_controller.rb.tt
+- lib/generators/authentication/templates/controllers/api/passwords_controller.rb.tt
+- lib/generators/authentication/templates/controllers/api/registrations_controller.rb.tt
+- lib/generators/authentication/templates/controllers/api/sessions_controller.rb.tt
 - lib/generators/authentication/templates/controllers/html/cancellations_controller.rb.tt
 - lib/generators/authentication/templates/controllers/html/password_resets_controller.rb.tt
 - lib/generators/authentication/templates/controllers/html/passwords_controller.rb.tt
@@ -40,14 +45,14 @@ files:
 - lib/generators/authentication/templates/migration.rb.tt
 - lib/generators/authentication/templates/models/current.rb.tt
 - lib/generators/authentication/templates/models/resource.rb.tt
-- lib/generators/authentication/templates/views/html/cancellations/new.html.erb.tt
-- lib/generators/authentication/templates/views/html/password_mailer/reset.html.erb.tt
-- lib/generators/authentication/templates/views/html/password_mailer/reset.text.erb.tt
-- lib/generators/authentication/templates/views/html/password_resets/edit.html.erb.tt
-- lib/generators/authentication/templates/views/html/password_resets/new.html.erb.tt
-- lib/generators/authentication/templates/views/html/passwords/edit.html.erb.tt
-- lib/generators/authentication/templates/views/html/registrations/new.html.erb.tt
-- lib/generators/authentication/templates/views/html/sessions/new.html.erb.tt
+- lib/generators/authentication/templates/views/cancellations/new.html.erb.tt
+- lib/generators/authentication/templates/views/password_mailer/reset.html.erb.tt
+- lib/generators/authentication/templates/views/password_mailer/reset.text.erb.tt
+- lib/generators/authentication/templates/views/password_resets/edit.html.erb.tt
+- lib/generators/authentication/templates/views/password_resets/new.html.erb.tt
+- lib/generators/authentication/templates/views/passwords/edit.html.erb.tt
+- lib/generators/authentication/templates/views/registrations/new.html.erb.tt
+- lib/generators/authentication/templates/views/sessions/new.html.erb.tt
 homepage: https://github.com/lazaronixon/authentication-zero
 licenses:
 - MIT

data/lib/generators/authentication/templates/views/html/password_mailer/reset.html.erb.tt

@@ -1,7 +0,0 @@
-Hi <%%= params[:<%= singular_table_name %>].email %>,
-
-Someone requested a reset of your password.
-
-If this was you, click the link to reset your password. The link will expire automatically in 15 minutes.
-
-<%%= link_to "Reset password", password_reset_edit_url(token: @token) %>

data/lib/generators/authentication/templates/views/html/password_mailer/reset.text.erb.tt

@@ -1,7 +0,0 @@
-Hi <%%= params[:<%= singular_table_name %>].email %>,
-
-Someone requested a reset of your password.
-
-If this was you, click the link to reset your password. The link will expire automatically in 15 minutes.
-
-<%%= password_reset_edit_url(token: @token) %>