authkit 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 90322223474f0c5031812ebb9b08656f13667ad0
+  data.tar.gz: dbf307ddf9d5269d69742427777b6e7f72373428
+SHA512:
+  metadata.gz: ba3bd5d2352745b4f9ff270ac323715359c95ecdde097ca4e60ca4b6f708275724e113d441f9b4c75f200f57a766ed55d0ce409dfefeaf3454f556e9d5e6bea3
+  data.tar.gz: cef78bd47d5249fdde5bb51276ef05b68400c9d251265deb0500fe7a7450142bc3db3b550c09bce606c22051c941c8ca5dab84f32d0dd4ff6f2f7c5e991e04f8

data/.gitignore

@@ -0,0 +1,17 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp

data/FEATURES.md

@@ -0,0 +1,73 @@
+# Authkit Features
+
+  * Signup (username or email)
+  * Login/Logout
+  * Database backed unique constraints
+  * Email confirmation (you must connect a mailer, see below)
+  * Password reset (you must connect a mailer, see below)
+  * One time password / Two factor authentication
+  * Token support
+  * Remember me
+  * Account page
+  * Time zones
+  * Do not track (DNT) support
+  * Sign-in Tracking
+  * Analytics (coming soon)
+  * Lockout for failed attempts (coming soon)
+
+## Basic functionality
+
+Users should be able to sign up, login and logout. Authkit takes the approach that users should
+immediately be given access to the site once they have signed up. An email confirmation is
+sent, but on sign up the user is immediately logged in and their email address is immediately
+active.
+
+Because of this, users are immediately able to reset their password (in case they forget it).
+This also makes supporting third-party authentication easier. In order to support password
+resets you must implement the `send_reset_password` in `user.rb`.
+
+```ruby
+def send_reset_password
+  return false unless set_token(:reset_password_token)
+
+  # TODO: insert your mailer logic here
+  true
+end
+```
+
+
+## Email confirmation
+
+In order to properly use email confirmation you must implement the `send_confirmation`
+method in `user.rb`
+
+```ruby
+def send_confirmation
+  return false unless set_token(:confirmation_token)
+
+  # TODO: insert your mailer logic here
+  true
+end
+```
+
+Email confirmation is deceptively simple. By default you can sign up with any email address
+and that address must be unique. A confirmation is immediately sent to the email address.
+When editing the user settings the email is not adjusted (so a user cannot lock themselves
+out) until it is confirmed. Because of this, the edit form modifies the `confirmation_email`
+and sends out a new confirmation if changed. Once the confirmation is accepted the
+`confirmation_email` is copied to the `email` field and confirmation tokens are cleared.
+
+When changing the confirmation email it is checked for uniqueness against the existing set
+of user emails. However, it is possible that a user will change their email and then
+sign up with that email after the fact. If the user then confirms the original change it
+will fail to confirm because the email will already be in use.
+
+## Remember me
+
+Authkit takes the approach that users always want to be remembered. When users are working on
+public computers, it is assumed that they will logout before leaving or their session will
+be reset (as is the case in most libraries). If your application contains sensitive data
+you may want to change this default. There are a number of approaches to determining that
+the user wants to be remembered (checkbox, etc.) but ultimately the `set_remember_cookie`
+call in the `login` must be called conditionally.
+

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in authkit.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2013 Jeff Rafter
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,168 @@
+# Authkit
+
+A gem for installing auth into you app.
+
+## Why?
+
+There are lots of great authentication gems out there; devise? clearance? restful_auth?
+All of these seek to solve the problem of adding authentication to your application but they all share
+one philosophy: you shouldn't need to think about authentication to build your app. For me, I find I
+spend way more time trying to figure out how to customize the tools for the few cases when my
+application needs to do something different.
+
+Authkit takes the opposite stance: auth belongs in your app. It is important and it is specific to your
+app. It only includes generators and installs itself with some specs. You customize it. Everything
+is right where you would expect it to be.
+
+## Features
+
+Authkit supports Ruby down to version 1.9 but targets 2.0. It is built for Rails 4. It is possible
+that it could support Rails 3.x (it would need strong parameters). Some of the features include:
+
+  * Signup (username or email)
+  * Login/Logout
+  * Database backed unique constraints
+  * Email confirmation (you must connect a mailer, see below)
+  * Password reset (you must connect a mailer, see below)
+  * One time password / Two factor authentication
+  * Token support
+  * Remember me
+  * Account page
+  * Time zones
+  * Do not track (DNT) support
+  * Sign-in Tracking
+  * Analytics (coming soon)
+  * Lockout for failed attempts (coming soon)
+
+Some possible features include:
+
+  * Master lockout/reset
+  * Visit tracking and anonymous users
+  * Third party accounts
+  * Installer options (test framework, security bulletins, modules)
+
+If there is a feature you don't want to use, you just have to go and delete the generated code.
+It is your application to customize.
+
+More information is available in [FEATURES](FEATURES.md).
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+    group :development do
+      gem 'authkit'
+    end
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install authkit
+
+## Usage
+
+Once you've installed authkit you can run the generator:
+
+    rails g authkit:install
+
+This will add some basic migrations for the user:
+
+    create  db/migrate/20131025001051_create_users.rb
+    create  db/migrate/20131025001052_add_authkit_fields_to_users.rb
+
+It will also create general authentication models and controllers:
+
+    create  app/models/user.rb
+    create  app/controllers/users_controller.rb
+    create  app/controllers/sessions_controller.rb
+    create  app/controllers/password_reset_controller.rb
+    create  app/controllers/password_change_controller.rb
+    create  app/controllers/email_confirmation_controller.rb
+    create  app/views/users/new.html.erb
+    create  app/views/users/edit.html.erb
+    create  app/views/sessions/new.html.erb
+    create  app/views/password_reset/show.html.erb
+    create  app/views/password_change/show.html.erb
+
+And will insert a series of helpers into your application controller:
+
+    insert  app/controllers/application_controller.rb
+
+And create corresponding specs:
+
+    create  spec/models/user_spec.rb
+    create  spec/controllers/application_controller_spec.rb
+    create  spec/controllers/users_controller_spec.rb
+    create  spec/controllers/sessions_controller_spec.rb
+    create  spec/controllers/password_reset_controller_spec.rb
+    create  spec/controllers/password_change_controller_spec.rb
+    create  spec/controllers/email_confirmation_controller_spec.rb
+
+And a nice helpful email format validator:
+
+    create  lib/email_format_validator.rb
+
+It will also generate a set of routes:
+
+    route  get  '/email/confirm/:token', to: 'email_confirmation#show', as: :confirm
+    route  post '/password/reset', to: 'password_reset#create'
+    route  get  '/password/reset', to: 'password_reset#show', as: :password_reset
+    route  post '/password/change/:token', to: 'password_change#create'
+    route  get  '/password/change/:token', to: 'password_change#show', as: :password_change
+    route  get  '/signup', to: 'users#new', as: :signup
+    route  get  '/logout', to: 'sessions#destroy', as: :logout
+    route  get  '/login', to: 'sessions#new', as: :login
+    route  put  '/account', to: 'users#update'
+    route  get  '/account', to: 'users#edit', as: :user
+
+    route  resources :sessions, only: [:new, :create, :destroy]
+    route  resources :users, only: [:new, :create]
+
+And will add some gems to your Gemfile:
+
+    gemfile  active_model_otp
+    gemfile  bcrypt-ruby (~> 3.0.0)
+    gemfile  rspec-rails, :test, :development
+    gemfile  shoulda-matchers, :test, :development
+
+Once you have this installed you can remove the gem, however you may want to
+keep the gem installed in development as you will be able to update it
+and check for security bulletins.
+
+You'll need to migrate your database (check the migrations before you do):
+
+    rake db:migrate
+
+You'll also need to connect your mailers for sending password reset instructions
+and email confirmations. (See the TODO in `user.rb`)
+
+## Testing
+
+The files generated using the installer include specs. To test these you should be
+able to:
+
+    $ bundle install
+
+Then run the default task:
+
+    $ rake
+
+This will run the specs, which by default will generate a new Rails application,
+run the installer, and execute the specs in the context of that temporary
+application.
+
+The specs that are generated utilize a generous amount of mocking and stubbing in
+an attempt to keep them fast. However, they use vanilla `rspec-rails`, meaning
+they are not using FactoryGirl, or mocha. The one caveat is shoulda-matchers
+which are required.
+
+## Contributing
+
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request

data/Rakefile

@@ -0,0 +1,60 @@
+require "bundler/gem_tasks"
+require 'rspec/core/rake_task'
+
+gem_name = :authkit
+
+RSpec::Core::RakeTask.new(spec: ["generator:cleanup", "generator:prepare", "generator:#{gem_name}"]) do |task|
+  task.pattern = "spec/**/*_spec.rb"
+  task.rspec_opts = "--color --drb"
+  task.verbose = true
+end
+
+namespace :spec do
+  RSpec::Core::RakeTask.new(database: ["generator:cleanup", "generator:prepare", "generator:database", "generator:#{gem_name}"]) do |task|
+    task.pattern = "spec/**/*_spec.rb"
+    task.verbose = true
+  end
+end
+
+namespace :generator do
+  desc "Cleans up the sample app before running the generator"
+  task :cleanup do
+    FileUtils.rm_rf("spec/tmp/sample") if Dir.exist?("spec/tmp/sample") if ENV['SKIP_CLEANUP'].nil?
+  end
+
+  desc "Prepare the sample app before running the generator"
+  task :prepare do
+    next if Dir.exist?("spec/tmp/sample")
+
+    FileUtils.mkdir_p("spec/tmp")
+
+    system "cd spec/tmp && rails new sample"
+
+    # bundle
+    gem_root = File.expand_path(File.dirname(__FILE__))
+    system "echo \"gem 'rspec-rails'\" >> spec/tmp/sample/Gemfile"
+    system "echo \"gem '#{gem_name}', :path => '#{gem_root}'\" >> spec/tmp/sample/Gemfile"
+    system "cd spec/tmp/sample && bundle install"
+    system "cd spec/tmp/sample && rails g rspec:install"
+
+    # Make a thing
+    system "cd spec/tmp/sample && rails g scaffold thing name:string mood:string"
+  end
+
+  # This task is not used unless you need to test the generator with an alternate database
+  # such as mysql or postgres. By default the sample application utilize sqlite3
+  desc "Prepares the application with an alternate database"
+  task :database do
+    puts "==  Configuring the database =================================================="
+    system "cp config/database.yml.example spec/tmp/sample/config/database.yml"
+    system "cd spec/tmp/sample && rake db:migrate:reset"
+  end
+
+  desc "Run the #{gem_name} generator"
+  task gem_name do
+    system "cd spec/tmp/sample && rails g #{gem_name}:install --force && rake db:migrate db:test:prepare"
+  end
+
+end
+
+task :default => :spec

data/authkit.gemspec

@@ -0,0 +1,27 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'authkit/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "authkit"
+  spec.version       = Authkit::VERSION
+  spec.authors       = ["Jeff Rafter"]
+  spec.email         = ["jeffrafter@gmail.com"]
+  spec.description   = %q{Auth for your Rails application}
+  spec.summary       = %q{Auth for your Rails application}
+  spec.homepage      = "https://github.com/jeffrafter/authkit"
+  spec.license       = "MIT"
+
+  spec.files         = `git ls-files`.split($/)
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ["lib"]
+
+  spec.add_development_dependency "bundler", "~> 1.3"
+  spec.add_development_dependency "rake"
+  spec.add_development_dependency "rspec-rails"
+  spec.add_development_dependency "factory_girl_rails"
+  spec.add_development_dependency "mocha"
+  spec.add_development_dependency "active_model_otp"
+end

data/config/database.yml.example

@@ -0,0 +1,19 @@
+# This file is not copied to or used by your Rails environment. The only time
+# these settings are used is when you have executed rake test:database while
+# running the tests for the authkit gem (not from within Rails). This file makes
+# it easy to test alternate database drivers with Authkit. The
+# default testing environment uses the rails default (sqlite3).
+
+development:
+  adapter: mysql
+  database: authkit_development
+  username: root
+  password:
+  host: localhost
+
+test:
+  adapter: mysql
+  database: authkit_test
+  username: root
+  password:
+  host: localhost

data/lib/authkit.rb

@@ -0,0 +1,5 @@
+require "authkit/version"
+
+module Authkit
+  require 'authkit/engine' if defined?(Rails)
+end

data/lib/authkit/engine.rb

@@ -0,0 +1,7 @@
+require 'rails'
+
+module Authkit
+  class Engine < Rails::Engine
+  end
+end
+

data/lib/authkit/version.rb

@@ -0,0 +1,3 @@
+module Authkit
+  VERSION = "0.0.1"
+end

data/lib/generators/authkit/USAGE

@@ -0,0 +1,18 @@
+Usage:
+  rails generate authkit [options]
+
+Runtime options:
+  -f, [--force]    # Overwrite files that already exist
+  -p, [--pretend]  # Run but do not make any changes
+  -s, [--skip]     # Skip files that already exist
+  -q, [--quiet]    # Supress status output
+
+Description:
+    Installs an auth system for your Rails application.
+
+Example:
+    rails generate authkit:install
+
+    This will create:
+
+    ...