auther 4.1.0 → 5.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: d1d5af7b92ee3662ab016d97a30cfb9bd99f4942
-  data.tar.gz: 29633e73943f1f9e0513b0abf0f5da1e32339f09
+  metadata.gz: afbf9e0daac1c015150d4c65cdb4db78c533df92
+  data.tar.gz: ddc7c7aee85af6ce9320701d5f3a701f19936e77
 SHA512:
-  metadata.gz: 0ad825950a2ec3eb978b1655141a5770f3821eb6c60535813059595cc42f4def065cbb48d05398335d6d238ecb1c1cc6942fa0f13211ee2e1ad5be5699d1665b
-  data.tar.gz: 29cecf9a5bac939862d5af435b2201f457f9364b3368f71ca934fb86418278ce580bdd25cb9d84a7b835d1ae843b3dcb60442ee582103f6dfaea03064e823352
+  metadata.gz: e16402c17bb22ca4cf6f7d94bd9f95bc59293639e264fbec6a8c8cb2b11a307558361dd8b784c4b4fa5acf5e2f80b62a0ed7630f7ac464f3c39d3d67883f06cc
+  data.tar.gz: deffffbbff5597864342a75314fa5e03d1d08ce982cc274bf1468a65320e0d9269392afb27daedafb7562d198616fa56e6b612ec1161052ccd53a283319346b6

data/README.md

@@ -1,36 +1,67 @@
-# Overview
+# Auther
 
-[![Gem Version](https://badge.fury.io/rb/auther.png)](http://badge.fury.io/rb/auther)
-[![Code Climate GPA](https://codeclimate.com/github/bkuhlmann/auther.png)](https://codeclimate.com/github/bkuhlmann/auther)
-[![Code Climate Coverage](https://codeclimate.com/github/bkuhlmann/auther/coverage.png)](https://codeclimate.com/github/bkuhlmann/auther)
-[![Gemnasium Status](https://gemnasium.com/bkuhlmann/auther.png)](https://gemnasium.com/bkuhlmann/auther)
-[![Travis CI Status](https://secure.travis-ci.org/bkuhlmann/auther.png)](http://travis-ci.org/bkuhlmann/auther)
-[![Gittip](http://img.shields.io/gittip/bkuhlmann.svg)](https://www.gittip.com/bkuhlmann)
+[![Gem Version](https://badge.fury.io/rb/auther.svg)](http://badge.fury.io/rb/auther)
+[![Code Climate GPA](https://codeclimate.com/github/bkuhlmann/auther.svg)](https://codeclimate.com/github/bkuhlmann/auther)
+[![Code Climate Coverage](https://codeclimate.com/github/bkuhlmann/auther/coverage.svg)](https://codeclimate.com/github/bkuhlmann/auther)
+[![Gemnasium Status](https://gemnasium.com/bkuhlmann/auther.svg)](https://gemnasium.com/bkuhlmann/auther)
+[![Travis CI Status](https://secure.travis-ci.org/bkuhlmann/auther.svg)](http://travis-ci.org/bkuhlmann/auther)
+[![Patreon](https://img.shields.io/badge/patreon-donate-brightgreen.svg)](https://www.patreon.com/bkuhlmann)
 
 Provides simple, form-based authentication for apps that need security but don't want to deal with the clunky UI
 of HTTP Basic Authentication or something as heavyweight as [Devise](https://github.com/plataformatec/devise). It
 doesn't require a database and is compatible with password managers like [1Password](https://agilebits.com/onepassword)
 making for a pleasent user experience.
 
+<!-- START doctoc generated TOC please keep comment here to allow auto update -->
+<!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
+# Table of Contents
+
+- [Features](#features)
+- [Requirements](#requirements)
+- [Setup](#setup)
+- [Usage](#usage)
+  - [Initializer](#initializer)
+  - [Routes](#routes)
+  - [Model](#model)
+  - [Presenter](#presenter)
+  - [View](#view)
+  - [Controller](#controller)
+  - [Logging](#logging)
+  - [Troubleshooting](#troubleshooting)
+- [Tests](#tests)
+- [Code of Conduct](#code-of-conduct)
+- [Contributions](#contributions)
+- [License](#license)
+- [History](#history)
+- [Credits](#credits)
+
+<!-- END doctoc generated TOC please keep comment here to allow auto update -->
+
 # Features
 
-- Form-based authentication compatible with password managers like [1Password](https://agilebits.com/onepassword).
+- Supports form-based authentication compatible with password managers like
+  [1Password](https://agilebits.com/onepassword).
+
+[![Screenshot - Large Valid](doc/screenshots/large-valid.png)](https://github.com/bkuhlmann/auther)
+[![Screenshot - Large Invalid](doc/screenshots/large-invalid.png)](https://github.com/bkuhlmann/auther)
+
+- Supports mobile layouts and small screens:
 
-[![Screenshot - Clean](https://github.com/bkuhlmann/auther/raw/master/screenshot-clean.png)](https://github.com/bkuhlmann/auther)
-[![Screenshot - Error](https://github.com/bkuhlmann/auther/raw/master/screenshot-error.png)](https://github.com/bkuhlmann/auther)
+[![Screenshot - Mobile Valid](doc/screenshots/mobile-valid.png)](https://github.com/bkuhlmann/auther)
+[![Screenshot - Mobile Invalid](doc/screenshots/mobile-invalid.png)](https://github.com/bkuhlmann/auther)
 
-- Encrypted account credentials.
-- Multiple account support with account specific blacklisted paths.
-- Auto-redirection to requested path (once credentials have been verified).
-- Log filtering for account credentials (login and password).
-- Customizable view support.
-- Customizable controller support.
-- Customizable logger support.
+- Uses [Bourbon](http://bourbon.io), [Neat](http://neat.bourbon.io), and [Bitters](http://bitters.bourbon.io) for
+  lightweight styling.
+- Uses encrypted account credentials to keep sensitive information secure.
+- Supports multiple accounts with account specific blacklists.
+- Supports customizable routes, models, presenters, views, controllers, and loggers.
+- Provides a generator for easy install and setup within an existing project.
+- Provides auto-redirection to requested path for verified credentials.
 
 # Requirements
 
 0. [MRI 2.x.x](http://www.ruby-lang.org).
-0. [Ruby on Rails 4.x.x](http://rubyonrails.org).
+0. [Ruby on Rails 4.2.x](http://rubyonrails.org).
 
 # Setup
 
@@ -56,8 +87,7 @@ Run the generator to configure and initialize your application:
 
 # Usage
 
-Assuming you are using the excellent [dotenv](https://github.com/bkeepers/dotenv) gem, add the following to your `.env`
-settings:
+Assuming you are using the [dotenv](https://github.com/bkeepers/dotenv) gem, add the following to your `.env` settings:
 
     AUTHER_SECRET=66is2tB4EbekG74DPGRmyQkdtZkQyNWZY6yeeNsmQ4Rpu42esdnP9X6puxpKfs64Gy2ghPu6QGTKsvQ73wXuDyWzDr
     AUTHER_ADMIN_LOGIN=aHdMWUhiVGRyVHBPMmhTRWNRR082MFhNdVFkL2ZaSGpvY2VoVS90dGRpRT0tLXFBWWZDRkJ4aDR3Qy9aamNOeU1JekE9PQ==--bf077a68a8e654ed9e480851c9597dae57ec34b8
@@ -72,8 +102,6 @@ Use these credentials to login:
 - Login: test@test.com
 - Password: password
 
-# Customization
-
 ## Initializer
 
 The initializer (installed during setup) can be found here:
@@ -95,7 +123,7 @@ The initializer comes installed with the following settings:
 **IMPORTANT**: The encrypted secret, login, and password credentials used in the `.env` setup above must be re-encrypted
 before deploying to production! To encrypt/decrypt account credentials, launch a rails console and run the following:
 
-    # Best if more than 150 characters and gibberish to read. Must be the same as defined in auther settings.
+    # Best if more than 150 characters and gibberish to read. Must be equal to what is defined in the `auther_settings`.
     cipher = Auther::Cipher.new "vuKrwD9XWoYuv@s99?tR(9VqryiL,KV{W7wFnejUa4QcVBP+D{2rD4JfuD(mXgA=$tNK4Pfn#NeGs3o3TZ3CqNc^Qb"
 
     # Do this to encrypt an unecrypted value.
@@ -110,12 +138,12 @@ The initializer can be customized as follows:
 - *label* - Optional. The page label (what would appear above the form). Default: "Authorization".
 - *secret* - Required. The secret passphrase used to encrypt/decrypt account credentials.
 - *accounts* - Required. The array of accounts with different or similar access to the application.
-    - *name* - Required. The account name. The name that uniquely identifies each account.
+    - *name* - Required. The account name that uniquely identifies the account.
     - *encrypted_login* - Required. The encrypted account login.
     - *encrypted_password* - Required. The encrypted account password.
     - *paths* - Required. The array of blacklisted paths for which only this account has access to.
     - *authorized_url* - Optional. The URL to redirect to upon successful authorization. Authorized redirection works
-      as follows (in the order defined):
+      in the order defined:
         0. The blacklisted path (if requested prior to authorization but now authorized).
         0. The authorized URL (if defined and the blacklisted path wasn't requested).
         0. The root path (if none of the above).
@@ -124,7 +152,7 @@ The initializer can be customized as follows:
         0. The deauthorized URL (if defined).
         0. The auth URL.
 - *auth_url* - Optional. The URL to redirect to when enforcing authentication. Default: “/login”.
-- *logger* - Optional. The logger used to log path/account authorization messages. Default: Auther::NullLogger.
+- *logger* - Optional. The logger used to log path/account authorization messages. Default: `Auther::NullLogger`.
 
 ## Routes
 
@@ -140,7 +168,7 @@ The routes can be customized as follows (installed, by default, via the install
 
 The [Auther::Account](app/models/auther/account.rb) is a plain old Ruby object that uses ActiveModel validations to aid
 in attribute validation. This model could potentially be replaced with a database-backed object (would require
-controller customization)...but you might want to question if you have outgrown the use of this gem and need a different
+controller customization)...but you should question if you have outgrown the use of this gem and need a different
 solution altogether if it comes to that.
 
 ## Presenter
@@ -155,8 +183,8 @@ default Auther::SessionController implementation is sufficient):
 
     app/views/auther/session/new.html
 
-The form uses `@account_presenter` instance variable which is an instance of the Auther::Presenter::Account presenter
-(as mentioned above). The form can be stylized by attaching new styles to the .authorization class (see
+The form uses `@account` instance variable which is an instance of the Auther::Presenter::Account presenter (as
+mentioned above). The form can be stylized by attaching new styles to the .authorization class (see
 [auther.scss](app/assets/stylesheets/auther/auther.scss) for details).
 
 ## Controller
@@ -170,8 +198,8 @@ you add a controller to your app that inherits from the Auther::BaseController.
       layout "example"
     end
 
-This allows complete customization of session controller behavior to serve any special business needs. See the
-Auther::BaseController for additional details or the Auther::SessionController for default implementation.
+This allows customization of session controller behavior to serve any special business needs. See the
+`Auther::BaseController` for additional details or the `Auther::SessionController` for default implementation.
 
 ## Logging
 
@@ -189,24 +217,23 @@ Auther settings:
 - Account authentication pass/fail.
 - Account and path authorization pass/fail.
 
-# Tests
-
-To test, run:
-
-    bundle exec rspec spec
-
-# Troubleshooting
+## Troubleshooting
 
 - If upgrading Rails, changing the cookie/session settings, generating a new secret base key, etc. this might
   cause Auther authentication to fail. Make sure to clear your browser cookies in this situation or use Google
   Chrome (incognito mode) to verify.
+- If the authentication view/form looks broken (stylewise) this could be due to custom
+  `ActionView::Base.field_error_proc` settings defined by your app (usually via an initializer). Auther uses this
+  configuration `ActionView::Base.field_error_proc = proc { |html_tag, _| html_tag.html_safe }` so that no additional
+  markup is added to the DOM when errors are raised. If you have customized this to something else, you might want to
+  read the usage documentation (mentioned above) to rebuild the authentication view/form for your specific business
+  needs.
 
-# Resources
+# Tests
+
+To test, run:
 
-- [Simplest Auth](https://github.com/vigetlabs/simplest_auth) - For situations where you need user and email reset
-  support beyond what this engine can provide.
-- [Devise](https://github.com/plataformatec/devise) - For complex situations where you need persisted user objects,
-  email support, social media support, and much more.
+    bundle exec rake
 
 # Code of Conduct
 

data/app/assets/stylesheets/auther/application.scss

@@ -1,2 +1,4 @@
-@import "foundation_and_overrides";
+@import "bourbon";
+@import "bitters/base";
+@import "neat";
 @import "auther";

data/app/assets/stylesheets/auther/auther.scss

@@ -1,11 +1,100 @@
-.authorization {
-  position: relative;
-  -webkit-transform: translateY(25%);
-  -ms-transform: translateY(25%);
-  transform: translateY(25%);
-
-  .authorization-label {
-    text-align: center !important;
-    margin-bottom: 0.5em;
+$auther-red: #F04124;
+$auther-white: #FFFFFF;
+$mobile: new-breakpoint(max-width 480px 4);
+
+.auther-page {
+  @include row;
+}
+
+.auther-content {
+  @include outer-container;
+}
+
+.auther-credentials {
+  @include span-columns(6);
+  @include shift(2);
+  @include media($mobile) {
+    @include shift(0);
+    @include span-columns(4);
+  }
+}
+
+.auther-title {
+  font-size: 2em;
+  font-weight: 400;
+  margin: 2em 0 1em 0;
+  text-align: center;
+  @include media($mobile) {
+    margin-top: 1em;
+  }
+}
+
+.auther-form-section {
+  @include span-columns(6 of 6);
+}
+
+%auther-form-label {
+  @include span-columns(2 of 6);
+  font-weight: 300;
+  text-align: right;
+  @include media($mobile) {
+    @include span-columns(4 of 4);
+    @include omega();
+    text-align: center;
+  }
+}
+
+.auther-form-label {
+  @extend %auther-form-label;
+}
+
+.auther-form-select-label {
+  @extend %auther-form-label;
+}
+
+.auther-form-select {
+  @include fill-parent;
+}
+
+.auther-form-group {
+  @include span-columns(4 of 6);
+  @include omega();
+  @include media($mobile) {
+    @include span-columns(4 of 4);
+  }
+}
+
+.auther-button {
+  @include shift(1.3);
+  @include span-columns(4 of 6);
+  @include media($mobile) {
+    @include shift(0);
+    @include span-columns(4 of 4);
+  }
+}
+
+.auther-error-message {
+  background: $auther-red;
+  color: $auther-white;
+  display: none;
+  padding: 0.3em 0.5em;
+}
+
+.auther-error {
+  .auther-form-label {
+    color: $auther-red;
+  }
+
+  .auther-form-group {
+    margin-bottom: 0.75em;
+  }
+
+  .auther-form-input {
+    border-color: $auther-red;
+    margin-bottom: 0;
+  }
+
+  .auther-error-message {
+    display: block;
   }
 }

data/app/controllers/auther/base_controller.rb

@@ -1,35 +1,40 @@
 module Auther
+  # Abstract controller for session management.
   class BaseController < ActionController::Base
     def show
       redirect_to settings.auth_url
     end
 
     def new
-      @account_presenter = Auther::Presenter::Account.new
+      @account = Auther::Presenter::Account.new
     end
 
     def create
-      @account_presenter = Auther::Presenter::Account.new params[:account]
-      account_model = Auther::Account.new settings.find_account(@account_presenter.name)
-      authenticator = Auther::Authenticator.new settings.secret, account_model, @account_presenter
+      @account = Auther::Presenter::Account.new account_params
+      account = Auther::Account.new settings.find_account(@account.name)
+      authenticator = Auther::Authenticator.new settings.secret, account, @account
 
       if authenticator.authenticated?
-        store_credentials account_model
-        redirect_to authorized_url(account_model)
+        store_credentials account
+        redirect_to authorized_url(account)
       else
-        remove_credentials account_model
+        remove_credentials account
         render template: new_template_path
       end
     end
 
     def destroy
-      account_model = Auther::Account.new settings.find_account(params[:name])
-      remove_credentials account_model
-      redirect_to deauthorized_url(account_model)
+      account = Auther::Account.new settings.find_account(params[:name])
+      remove_credentials account
+      redirect_to deauthorized_url(account)
     end
 
     private
 
+    def account_params
+      params.require(:account).permit(:name, :login, :password)
+    end
+
     def settings
       Auther::Settings.new Rails.application.config.auther_settings
     end
@@ -50,25 +55,25 @@ module Auther
     end
 
     def new_template_path
-      raise NotImplementedError, "The method, #new_template_path, is not implemented."
+      fail NotImplementedError, "The method, #new_template_path, is not implemented."
     end
 
-    def authorized_url account_model
-      session["auther_redirect_url"] || account_model.authorized_url || '/'
+    def authorized_url account
+      session["auther_redirect_url"] || account.authorized_url || "/"
     end
 
-    def deauthorized_url account_model
-      account_model.deauthorized_url || settings.auth_url
+    def deauthorized_url account
+      account.deauthorized_url || settings.auth_url
     end
 
-    def store_credentials account_model
-      keymaster = Auther::Keymaster.new account_model.name
-      session[keymaster.login_key] = account_model.encrypted_login
-      session[keymaster.password_key] = account_model.encrypted_password
+    def store_credentials account
+      keymaster = Auther::Keymaster.new account.name
+      session[keymaster.login_key] = account.encrypted_login
+      session[keymaster.password_key] = account.encrypted_password
     end
 
-    def remove_credentials account_model
-      keymaster = Auther::Keymaster.new account_model.name
+    def remove_credentials account
+      keymaster = Auther::Keymaster.new account.name
       session.delete keymaster.login_key
       session.delete keymaster.password_key
     end

data/app/controllers/auther/session_controller.rb

@@ -1,11 +1,14 @@
-class Auther::SessionController < Auther::BaseController
-  layout "auther/auth"
-  before_filter :load_title, :load_label
-  before_filter :load_account_options, only: [:new, :create]
+module Auther
+  # Default implementation for session management.
+  class SessionController < BaseController
+    layout "auther/auth"
+    before_filter :load_title, :load_label
+    before_filter :load_account_options, only: [:new, :create]
 
-  private
+    private
 
-  def new_template_path
-    "auther/session/new"
+    def new_template_path
+      "auther/session/new"
+    end
   end
 end

data/app/models/auther/account.rb

@@ -1,13 +1,14 @@
 require "active_model"
 
 module Auther
+  # Represents an authenticatable account.
   class Account
     include ActiveModel::Validations
 
     attr_accessor :name, :encrypted_login, :encrypted_password, :paths, :authorized_url, :deauthorized_url
 
     validates :name, :encrypted_login, :encrypted_password, presence: true
-    validates :paths, presence: {unless: lambda { |account| account.paths.is_a? Array }, message: "must be an array"}
+    validates :paths, presence: {unless: ->(account) { account.paths.is_a? Array }, message: "must be an array"}
 
     def initialize options = {}
       @name = options.fetch :name, nil