avocado 0.3.0 → 0.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: '04228885896e7d922d727e6497a22a933f3910c96afad40b69bd21d209ab4a3c'
-  data.tar.gz: 8a71cb118b5d97513f506d44ee5b2e01a0af5747d9e8151c9d866a589565d660
+  metadata.gz: a530ebf9605c2bb861d2da09da546513e68c4f647fc97c80686e07b32985cabe
+  data.tar.gz: 3be481be5c31ce2ee3bb1ea1a2d796bb7f8cbe850f7ccf2de6f296384a656bb2
 SHA512:
-  metadata.gz: 6ff80323ec0979cbfecaa008f7cca93a73c7e2e82df4ac5590caae93de5b3b903c9fc724ab8508c50d70299d118df94718d6c22d00b0f990798a0a3544091a7f
-  data.tar.gz: d39393b42cfc22511acecaceacce2dc345a65a1500fe3071c7b69f11876f479eb48d9d03beee052a0518b485da2ded599b6fe919454df7bb547a4e2d3ac67664
+  metadata.gz: cf3320eb985cc65c05c2da2d007697b4b9016d9a85f7ebebbd0735d744d7f8ca77096d86182c6761b63ea6f51f4b942a3c2dd363bb102ccc4ed53da6f5702c4f
+  data.tar.gz: f0b021b9e0f3433f2034e5cccdc751a446b50bc870474376e1a39b84e973bbabfaef95b59d96f60986bbddc7695afe88b860bd2d1568f991a17b3b654d7f3995

data/CHANGELOG.md

@@ -1,5 +1,19 @@
 ## [Unreleased]
 
+## [0.5.0] - 2023-07-21
+
+- Add controller for "passwordless" email-link sign-in
+- Add event class to log user auth events
+- Add user-facing email and password edit pages
+- Add various event logging callbacks
+- Sign out all non current sessions when password changes
+
+## [0.4.0] - 2023-07-19
+
+- Convert the `Avocado::Mailer` module into a class
+- Add controllers for signing up, signing in, password reset and email
+  verification
+
 ## [0.3.0] - 2023-07-17
 
 - Add an `Avocado::Mailer` which generates each of the signed ids

data/README.md

@@ -4,42 +4,49 @@ A collection of authentication tools for use in [Rails] 7.1+ applications.
 
 ## Installation
 
-With bundler, add to the application's Gemfile by executing:
+Add to the application's Gemfile by executing:
 
     $ bundle add avocado
 
-Without bundler, install the gem by executing:
+## Usage
 
-    $ gem install avocado
+If you are nervous about using Rails features directly, preferring to consume
+such features via a packaged gem, you can include some Avocado modules into your
+application to get authentication functionality.
 
-## Usage
+As a prerequisite, you should have a database schema with columns that match the
+users and sessions tables from [the demo app schema]. It's ok to have more
+columns, but you need at least what is shown there.
 
-If you have a `User` model in your application and are nervous about using Rails
-features directly, preferring to consume the features via a packaged gem, add
-the `Avocado::User` to your `User` model:
+With that set, include the modules into your classes:
 
 ```ruby
 class User < ApplicationRecord
   include Avocado::User
 end
-```
 
-This will do a few things behind the scenes:
+class Session < ApplicationRecord
+  include Avocado::Session
+end
 
-- Use the built-in `has_secure_password` to generate relevant password methods
-- Add some basic validations for the `email` and `password` fields on `User`
-- Normalize email values when records are saved
-- Provide signed token generators for `password_reset`, `email_verification`,
-  and `email_affirmation`
+class Event < ApplicationRecord
+  include Avocado::Event
+end
 
-It's sort of funny to do this because you genuinely just could have put this
-stuff right in your app, and yet here we are making gems instead!
+class ApplicationController < ActionController::Base
+  include Avocado::Authentication
+end
+```
 
-There is an `Avocado::Mailer` which can be included in a mailer class and
-provides some basic mailers.
+This will enable a few things:
 
-The `spec/internal` app within this repo has some example usage of both model
-and mailer.
+- Models will get validations, associations, and normalizations
+- Rails built-in `has_secure_password` is called within `User`
+- A mailer with signed token generators is created
+- Controllers and Routes for sign up, sign in, password reset, email
+  verification, etc
+
+The `spec/internal` app within this repo has some example usage.
 
 ## Development
 
@@ -47,11 +54,6 @@ After checking out the repo, run `bin/setup` to install dependencies. Then, run
 `rake spec` to run the tests. You can also run `bin/console` for an interactive
 prompt that will allow you to experiment.
 
-To install this gem onto your local machine, run `bundle exec rake install`. To
-release a new version, update the version number in `version.rb`, and then run
-`bundle exec rake release`, which will create a git tag for the version, push
-git commits and the created tag, and push the `.gem` file to [RubyGems].
-
 ## Contributing
 
 Bug reports and pull requests are welcome on [GitHub].
@@ -60,7 +62,7 @@ Bug reports and pull requests are welcome on [GitHub].
 
 The gem is available as open source under the terms of the [MIT License].
 
-[GitHub]: https://github.com/unicorngroomers/avocado
+[GitHub]: https://github.com/tcuwp/avocado
 [MIT License]: https://opensource.org/licenses/MIT
 [Rails]: https://github.com/rails/rails
-[RubyGems]: https://rubygems.org
+[the demo app schema]: https://github.com/tcuwp/avocado/blob/main/spec/internal/db/schema.rb

data/app/controllers/avocado/affirmations_controller.rb

@@ -0,0 +1,51 @@
+# frozen_string_literal: true
+
+module Avocado
+  class AffirmationsController < BaseController
+    skip_before_action :authenticate
+
+    before_action :set_user, only: :show
+    before_action :verify_user, only: :create
+
+    def new
+    end
+
+    def show
+      sign_in(@user)
+      redirect_to(root_path, notice: "Signed in successfully")
+    end
+
+    def create
+      send_affirmation_email
+      redirect_to new_session_path, notice: "Check your email for sign in instructions"
+    end
+
+    private
+
+    def set_user
+      @user = user_from_signed_affirmation_token
+    rescue ActiveSupport::MessageVerifier::InvalidSignature
+      redirect_to new_affirmation_path, alert: "That sign in link is invalid"
+    end
+
+    def user_from_signed_affirmation_token
+      ::User.find_by_token_for!(:email_affirmation, params[:id])
+    end
+
+    def verify_user
+      unless user_from_params_email
+        redirect_to new_affirmation_path, alert: "You can't sign in until you verify your email"
+      end
+    end
+
+    def send_affirmation_email
+      mailer_for(user_from_params_email)
+        .email_affirmation
+        .deliver_later
+    end
+
+    def user_from_params_email
+      ::User.verified.find_by(email: params[:email])
+    end
+  end
+end

data/app/controllers/avocado/base_controller.rb

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+module Avocado
+  class BaseController < ApplicationController
+    private
+
+    def verify_password_challenge
+      unless current_user.authenticate(params_password_challenge)
+        redirect_back alert: "Password challenge failed.", fallback_location: root_path
+      end
+    end
+
+    def params_password_challenge
+      params.dig(:user, :password_challenge)
+    end
+
+    def mailer_for(user)
+      Avocado::Mailer.with(user: user)
+    end
+  end
+end

data/app/controllers/avocado/emails_controller.rb

@@ -0,0 +1,48 @@
+# frozen_string_literal: true
+
+module Avocado
+  class EmailsController < BaseController
+    PERMITTED_PARAMS = [:email]
+
+    before_action :set_user
+    before_action :verify_password_challenge, only: :update
+
+    def edit
+    end
+
+    def update
+      if @user.update(user_params)
+        process_email_update
+      else
+        render :edit, status: :unprocessable_entity
+      end
+    end
+
+    private
+
+    def set_user
+      @user = current_user
+    end
+
+    def user_params
+      params
+        .require(:user)
+        .permit(PERMITTED_PARAMS)
+    end
+
+    def process_email_update
+      if @user.email_previously_changed?
+        resend_email_verification
+        redirect_to root_path, notice: "Your email has been changed"
+      else
+        redirect_to root_path
+      end
+    end
+
+    def resend_email_verification
+      mailer_for(@user)
+        .email_verification
+        .deliver_later
+    end
+  end
+end

data/app/controllers/avocado/events_controller.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+module Avocado
+  class EventsController < BaseController
+    def index
+      @events = current_user.events.newest_first
+    end
+  end
+end

data/app/controllers/avocado/passwords_controller.rb

@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+
+module Avocado
+  class PasswordsController < BaseController
+    PERMITTED_PARAMS = [:password, :password_confirmation, :password_challenge]
+
+    before_action :set_user
+    before_action :verify_password_challenge, only: :update
+
+    def edit
+    end
+
+    def update
+      if @user.update(user_params)
+        redirect_to root_path, notice: "Your password has been changed"
+      else
+        render :edit, status: :unprocessable_entity
+      end
+    end
+
+    private
+
+    def set_user
+      @user = current_user
+    end
+
+    def user_params
+      params
+        .require(:user)
+        .permit(PERMITTED_PARAMS)
+        .with_defaults(password_challenge: "")
+    end
+  end
+end

data/app/controllers/avocado/recoveries_controller.rb

@@ -0,0 +1,65 @@
+# frozen_string_literal: true
+
+module Avocado
+  class RecoveriesController < BaseController
+    PERMITTED_PARAMS = %i[password password_confirmation]
+
+    skip_before_action :authenticate
+
+    before_action :set_user, only: %i[edit update]
+    before_action :verify_user, only: :create
+
+    def new
+    end
+
+    def edit
+    end
+
+    def create
+      send_password_reset_email
+      redirect_to new_session_path, notice: "Check your email for reset instructions."
+    end
+
+    def update
+      if @user.update(user_params)
+        redirect_to new_session_path, notice: "Password reset successfully. Please sign in."
+      else
+        render :edit, status: :unprocessable_entity
+      end
+    end
+
+    private
+
+    def set_user
+      @user = user_from_signed_password_reset_token
+    rescue ActiveSupport::MessageVerifier::InvalidSignature
+      redirect_to new_recovery_path, alert: "Password reset link is invalid."
+    end
+
+    def user_from_signed_password_reset_token
+      ::User.find_by_token_for!(:password_reset, params[:id])
+    end
+
+    def verify_user
+      unless user_from_params_email
+        redirect_to new_recovery_path, alert: "Verify email first before resetting password."
+      end
+    end
+
+    def user_params
+      params
+        .require(:user)
+        .permit(PERMITTED_PARAMS)
+    end
+
+    def user_from_params_email
+      ::User.find_by(email: params[:email], verified: true)
+    end
+
+    def send_password_reset_email
+      mailer_for(user_from_params_email)
+        .password_reset
+        .deliver_later
+    end
+  end
+end

data/app/controllers/avocado/registrations_controller.rb

@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+
+module Avocado
+  class RegistrationsController < BaseController
+    PERMITTED_PARAMS = %i[email password password_confirmation]
+
+    skip_before_action :authenticate
+
+    def new
+      @user = ::User.new
+    end
+
+    def create
+      @user = ::User.new(user_params)
+
+      if @user.save
+        sign_in(@user)
+
+        send_email_verification
+        redirect_to root_path, notice: "Registration successful"
+      else
+        render :new, status: :unprocessable_entity
+      end
+    end
+
+    private
+
+    def user_params
+      params
+        .require(:user)
+        .permit(PERMITTED_PARAMS)
+    end
+
+    def send_email_verification
+      mailer_for(@user)
+        .email_verification
+        .deliver_later
+    end
+  end
+end

data/app/controllers/avocado/sessions_controller.rb

@@ -0,0 +1,57 @@
+# frozen_string_literal: true
+
+module Avocado
+  class SessionsController < BaseController
+    PERMITTED_PARAMS = %i[email password]
+
+    skip_before_action :authenticate, only: %i[new create]
+
+    with_options only: :create do
+      before_action :verify_authentication_attempt
+    end
+
+    before_action :set_session, only: :destroy
+
+    def index
+      @sessions = current_user.sessions.newest_first
+    end
+
+    def new
+      @session = ::Session.new
+    end
+
+    def create
+      sign_in(authenticated_user)
+
+      redirect_to root_path, notice: "Session created"
+    end
+
+    def destroy
+      @session.destroy
+      redirect_to sessions_path, notice: "Session destroyed"
+    end
+
+    private
+
+    def session_params
+      params
+        .require(:session)
+        .permit(PERMITTED_PARAMS)
+        .with_defaults(email: "", password: "")
+    end
+
+    def authenticated_user
+      @_authenticated_user ||= ::User.authenticate_by(session_params)
+    end
+
+    def verify_authentication_attempt
+      if authenticated_user.blank?
+        redirect_to new_session_path, alert: "Authentication failed"
+      end
+    end
+
+    def set_session
+      @session = current_user.sessions.find(params[:id])
+    end
+  end
+end

data/app/controllers/avocado/verifications_controller.rb

@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+
+module Avocado
+  class VerificationsController < BaseController
+    with_options only: :show do
+      skip_before_action :authenticate
+      before_action :set_user
+    end
+
+    def show
+      @user.update! verified: true
+      redirect_to root_path, notice: "Email address verified."
+    end
+
+    def create
+      send_email_verification
+      redirect_to root_path, notice: "Verification email sent to your address."
+    end
+
+    private
+
+    def set_user
+      @user = user_from_signed_email_verification_token
+    rescue ActiveSupport::MessageVerifier::InvalidSignature
+      redirect_to root_path, alert: "Email verification link is invalid."
+    end
+
+    def user_from_signed_email_verification_token
+      ::User.find_by_token_for!(:email_verification, params[:id])
+    end
+
+    def send_email_verification
+      mailer_for(current_user)
+        .email_verification
+        .deliver_later
+    end
+  end
+end

data/app/views/avocado/affirmations/new.html.erb

@@ -0,0 +1,14 @@
+<h2>
+  Sign in without password
+</h2>
+
+<p>
+  <%= link_to "Reset your password", new_recovery_path %>
+</p>
+
+<%= form_with url: affirmations_path do |form| %>
+  <%= form.label :email %>
+  <%= form.email_field :email, autofocus: true, autocomplete: "email", required: true %>
+
+  <%= form.button "Submit", name: nil %>
+<% end -%>

data/app/views/avocado/emails/edit.html.erb

@@ -0,0 +1,20 @@
+<h2>
+  Change your email address
+</h2>
+
+<% if current_user.verified? %>
+  <p>Your email address is verified.</p>
+<% else %>
+  <p>Your email address is not verified. Check your email and follow the instructions to confirm it's your email address.</p>
+  <p><%= button_to "Re-send verification email", verifications_path %></p>
+<% end %>
+
+<%= form_with model: @user, url: email_path, method: :patch do |form| %>
+  <%= form.label :email %>
+  <%= form.email_field :email, autocomplete: "email", required: true %>
+
+  <%= form.label :password_challenge, "Current password" %>
+  <%= form.password_field :password_challenge, autocomplete: "current-password", required: true %>
+
+  <%= form.button "Submit", name: nil %>
+<% end %>

data/app/views/avocado/events/_event.html.erb

@@ -0,0 +1,6 @@
+<tr id="<%= dom_id event %>">
+  <td><%= event.action %></td>
+  <td><%= event.created_at %></td>
+  <td><%= truncate event.user_agent %></td>
+  <td><%= event.ip_address %></td>
+</tr>

data/app/views/avocado/events/index.html.erb

@@ -0,0 +1,17 @@
+<h2>
+  Events
+</h2>
+
+<table id="events">
+  <thead>
+    <tr>
+      <th scope="col">Action</th>
+      <th scope="col">Created</th>
+      <th scope="col">User Agent</th>
+      <th scope="col">IP Address</th>
+    </tr>
+  </thead>
+  <tbody>
+    <%= render @events %>
+  </tbody>
+</table>

data/app/views/avocado/mailer/email_affirmation.text.erb

@@ -0,0 +1,3 @@
+Sign in by following this link:
+
+<%= affirmation_url(id: @signed_id) %>

data/app/views/avocado/mailer/email_verification.text.erb

@@ -0,0 +1,3 @@
+Verify your email by following this link:
+
+<%= verification_url(id: @signed_id) %>

data/app/views/avocado/mailer/password_reset.text.erb

@@ -0,0 +1,3 @@
+Reset your password by following this link:
+
+<%= edit_recovery_url(id: @signed_id) %>

data/app/views/avocado/passwords/edit.html.erb

@@ -0,0 +1,16 @@
+<h2>
+  Change your password
+</h2>
+
+<%= form_with model: @user, url: password_path, method: :patch do |form| %>
+  <%= form.label :password_challenge, "Current password" %>
+  <%= form.password_field :password_challenge, autocomplete: "current-password", required: true %>
+
+  <%= form.label :password %>
+  <%= form.password_field :password, autocomplete: "new-password", required: true %>
+
+  <%= form.label :password_confirmation %>
+  <%= form.password_field :password_confirmation, autocomplete: "new-password", required: true %>
+
+  <%= form.button "Submit", name: nil %>
+<% end %>

data/app/views/avocado/recoveries/edit.html.erb

@@ -0,0 +1,17 @@
+<h2>
+  Change your password
+</h2>
+
+<p>
+  <%= link_to "Sign in to your account" %>
+</p>
+
+<%= form_with model: @user, url: recovery_path(id: params[:id]), method: :patch do |form| %>
+  <%= form.label :password %>
+  <%= form.password_field :password, autocomplete: "new-password", required: true %>
+
+  <%= form.label :password_confirmation %>
+  <%= form.password_field :password_confirmation, autocomplete: "new-password", required: true %>
+
+  <%= form.button "Submit", name: nil %>
+<% end %>

data/app/views/avocado/recoveries/new.html.erb

@@ -0,0 +1,14 @@
+<h2>
+  Reset your password
+</h2>
+
+<p>
+  <%= link_to "Sign in to your account", new_session_path %>
+</p>
+
+<%= form_with url: recoveries_path do |form| %>
+  <%= form.label :email %>
+  <%= form.email_field :email, autofocus: true, autocomplete: "email", required: true %>
+
+  <%= form.button "Submit", name: nil %>
+<% end -%>

data/app/views/avocado/registrations/new.html.erb

@@ -0,0 +1,23 @@
+<h2>
+  Sign up for a new account
+</h2>
+
+<p>
+  <%= link_to "Sign in to an existing account", new_session_path %>
+</p>
+
+<%= form_with model: @user, url: registrations_path do |form| %>
+  <div>
+    <%= form.label :email %>
+    <%= form.email_field :email, autofocus: true, autocomplete: "email", required: true %>
+  </div>
+  <div>
+    <%= form.label :password %>
+    <%= form.password_field :password, autocomplete: "new-password", required: true %>
+  </div>
+  <div>
+    <%= form.label :password_confirmation %>
+    <%= form.password_field :password_confirmation, autocomplete: "new-password", required: true %>
+  </div>
+  <%= form.button "Submit", name: nil %>
+<% end %>

data/app/views/avocado/sessions/_session.html.erb

@@ -0,0 +1,8 @@
+<tr id="<%= dom_id session %>">
+  <td><%= truncate session.user_agent %></td>
+  <td><%= session.ip_address %></td>
+  <td><%= session.created_at %></td>
+  <td>
+    <%= button_to "Delete", session, method: :delete %>
+  </td>
+</tr>

data/app/views/avocado/sessions/index.html.erb

@@ -0,0 +1,21 @@
+<h2>
+  Sessions
+</h2>
+
+<div>
+  <table id="sessions">
+    <thead>
+      <tr>
+        <th scope="col">User Agent</th>
+        <th scope="col">IP Address</th>
+        <th scope="col">Created</th>
+        <th scope="col">
+          <span class="sr-only">Edit</span>
+        </th>
+      </tr>
+    </thead>
+    <tbody>
+      <%= render @sessions %>
+    </tbody>
+  </table>
+</div>

data/app/views/avocado/sessions/new.html.erb

@@ -0,0 +1,15 @@
+<h2>
+  Sign in to your account
+</h2>
+
+<p>
+  <%= link_to "sign up for a new account", new_registration_path %>
+</p>
+
+<%= form_with model: @session do |form| %>
+  <%= form.label :email %>
+  <%= form.email_field :email, autofocus: true, autocomplete: "email", required: true %>
+  <%= form.label :password %>
+  <%= form.password_field :password, autocomplete: "current-password", required: true %>
+  <%= form.button "Submit", name: nil %>
+<% end -%>

data/config/routes.rb

@@ -0,0 +1,12 @@
+Rails.application.routes.draw do
+  scope module: :avocado do
+    resource :email, only: %i[edit update]
+    resource :password, only: %i[edit update]
+    resources :affirmations, only: %i[new show create]
+    resources :events, only: %i[index]
+    resources :recoveries, only: %i[new create edit update]
+    resources :registrations, only: %i[new create]
+    resources :sessions, only: %i[index new create destroy]
+    resources :verifications, only: %i[show create]
+  end
+end

data/lib/avocado/authentication.rb

@@ -0,0 +1,53 @@
+# frozen_string_literal: true
+
+module Avocado
+  module Authentication
+    extend ActiveSupport::Concern
+
+    included do
+      before_action :set_current_request_details
+      before_action :authenticate
+
+      helper_method :current_user
+      helper_method :signed_in?
+      helper_method :current_session
+    end
+
+    def current_user
+      Current.user
+    end
+
+    def signed_in?
+      current_user.present?
+    end
+
+    def current_session
+      Current.session
+    end
+
+    private
+
+    def authenticate
+      if session_from_token
+        Current.session = session_from_token
+      else
+        redirect_to new_session_path
+      end
+    end
+
+    def sign_in(user)
+      ::Session.create!(user: user).tap do |session|
+        cookies.signed.permanent[:session_token] = {value: session.id, httponly: true}
+      end
+    end
+
+    def session_from_token
+      ::Session.find_by_id(cookies.signed[:session_token])
+    end
+
+    def set_current_request_details
+      Current.user_agent = request.user_agent
+      Current.ip_address = request.ip
+    end
+  end
+end

data/lib/avocado/current.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+module Avocado
+  class Current < ActiveSupport::CurrentAttributes
+    attribute :session,
+      :user,
+      :user_agent,
+      :ip_address
+
+    def session=(session)
+      super
+      self.user = session.user
+    end
+  end
+end

data/lib/avocado/engine.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+require "avocado"
+require "rails/engine"
+
+module Avocado
+  class Engine < Rails::Engine
+  end
+end

data/lib/avocado/event.rb

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+module Avocado
+  module Event
+    extend ActiveSupport::Concern
+
+    VALID_ACTIONS = [
+      "email:update",
+      "email:verified",
+      "password:update",
+      "session:create",
+      "session:destroy"
+    ]
+
+    included do
+      belongs_to :user
+
+      scope :newest_first, -> { order(created_at: :desc) }
+
+      validates :action, inclusion: VALID_ACTIONS
+
+      before_create :capture_request_details
+    end
+
+    private
+
+    def capture_request_details
+      self.user_agent = Current.user_agent
+      self.ip_address = Current.ip_address
+    end
+  end
+end

data/lib/avocado/mailer.rb

@@ -1,17 +1,11 @@
 # frozen_string_literal: true
 
-require "active_support/concern"
-
 module Avocado
-  module Mailer
-    extend ActiveSupport::Concern
-
-    included do
-      before_action :set_user
-      before_action :set_signed_id
+  class Mailer < ApplicationMailer
+    before_action :set_user
+    before_action :set_signed_id
 
-      default to: -> { @user.email }
-    end
+    default to: -> { @user.email }
 
     def email_affirmation
       mail

data/lib/avocado/session.rb

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+module Avocado
+  module Session
+    extend ActiveSupport::Concern
+
+    included do
+      include SessionCallbacks
+
+      belongs_to :user
+
+      scope :newest_first, -> { order(created_at: :desc) }
+      scope :non_current, -> { where.not(id: Current.session) }
+    end
+  end
+end

data/lib/avocado/session_callbacks.rb

@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+
+module Avocado
+  module SessionCallbacks
+    extend ActiveSupport::Concern
+
+    included do
+      after_create :record_activity_create
+
+      after_destroy :record_activity_destroy
+
+      before_create :capture_request_details
+    end
+
+    private
+
+    def record_activity_create
+      create_user_event "session:create"
+    end
+
+    def record_activity_destroy
+      create_user_event "session:destroy"
+    end
+
+    def create_user_event(action)
+      user.events.create! action: action
+    end
+
+    def capture_request_details
+      self.user_agent = Current.user_agent
+      self.ip_address = Current.ip_address
+    end
+  end
+end

data/lib/avocado/user.rb

@@ -1,17 +1,25 @@
 # frozen_string_literal: true
 
-require "active_support/concern"
-
 module Avocado
   module User
     extend ActiveSupport::Concern
 
     included do
-      include UserEmail
-      include UserEmailAffirmation
-      include UserEmailVerification
-      include UserPassword
-      include UserPasswordReset
+      include UserCallbacks
+      include UserTokens
+      include UserValidations
+
+      has_secure_password
+
+      with_options dependent: :destroy do
+        has_many :events
+        has_many :sessions
+      end
+
+      scope :newest_first, -> { order(created_at: :desc) }
+      scope :verified, -> { where(verified: true) }
+
+      normalizes :email, with: ->(email) { email.downcase.strip }
     end
   end
 end

data/lib/avocado/user_callbacks.rb

@@ -0,0 +1,45 @@
+# frozen_string_literal: true
+
+module Avocado
+  module UserCallbacks
+    extend ActiveSupport::Concern
+
+    included do
+      with_options if: :password_digest_previously_changed? do
+        after_update :destroy_non_current_sessions
+        after_update :record_activity_password_update
+      end
+
+      after_update :record_activity_email_update, if: :email_previously_changed?
+      after_update :record_activity_email_verified, if: %i[verified_previously_changed? verified?]
+
+      before_validation :remove_email_verification, if: :email_changed?, on: :update
+    end
+
+    private
+
+    def record_activity_password_update
+      create_event "password:update"
+    end
+
+    def record_activity_email_update
+      create_event "email:update"
+    end
+
+    def record_activity_email_verified
+      create_event "email:verified"
+    end
+
+    def create_event(action)
+      events.create! action: action
+    end
+
+    def remove_email_verification
+      self.verified = false
+    end
+
+    def destroy_non_current_sessions
+      sessions.non_current.destroy_all
+    end
+  end
+end

data/lib/avocado/user_tokens.rb

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+module Avocado
+  module UserTokens
+    extend ActiveSupport::Concern
+
+    EXPIRES_FAST = 16.minutes
+    EXPIRES_LATER = 64.minutes
+    EXPIRES_LONG = 2_048.minutes
+
+    included do
+      generates_token_for :email_affirmation, expires_in: EXPIRES_FAST
+
+      generates_token_for :email_verification, expires_in: EXPIRES_LONG do
+        email
+      end
+
+      generates_token_for :password_reset, expires_in: EXPIRES_LATER do
+        password_digest_salt
+      end
+    end
+
+    private
+
+    def password_digest_salt
+      password_from_digest.salt[-10..]
+    end
+
+    def password_from_digest
+      BCrypt::Password.new(password_digest)
+    end
+  end
+end

data/lib/avocado/user_validations.rb

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+module Avocado
+  module UserValidations
+    extend ActiveSupport::Concern
+
+    PASSWORD_FORMAT = /\A(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9]).*\z/x
+    PASSWORD_MINIMUM_LENGTH = 8
+
+    included do
+      validates :email,
+        presence: true,
+        uniqueness: true,
+        format: {with: URI::MailTo::EMAIL_REGEXP}
+
+      validates :password,
+        format: {with: PASSWORD_FORMAT},
+        length: {minimum: PASSWORD_MINIMUM_LENGTH},
+        allow_nil: true
+    end
+  end
+end

data/lib/avocado/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Avocado
-  VERSION = "0.3.0"
+  VERSION = "0.5.0"
 end

data/lib/avocado.rb

@@ -1,15 +1,18 @@
 # frozen_string_literal: true
 
-require_relative "avocado/version"
+require_relative "avocado/engine"
 
 module Avocado
   class Error < StandardError; end
 
+  autoload :Authentication, "avocado/authentication"
+  autoload :Current, "avocado/current"
+  autoload :Event, "avocado/event"
   autoload :Mailer, "avocado/mailer"
+  autoload :Session, "avocado/session"
+  autoload :SessionCallbacks, "avocado/session_callbacks"
   autoload :User, "avocado/user"
-  autoload :UserEmail, "avocado/user_email"
-  autoload :UserEmailAffirmation, "avocado/user_email_affirmation"
-  autoload :UserEmailVerification, "avocado/user_email_verification"
-  autoload :UserPassword, "avocado/user_password"
-  autoload :UserPasswordReset, "avocado/user_password_reset"
+  autoload :UserCallbacks, "avocado/user_callbacks"
+  autoload :UserTokens, "avocado/user_tokens"
+  autoload :UserValidations, "avocado/user_validations"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: avocado
 version: !ruby/object:Gem::Version
-  version: 0.3.0
+  version: 0.5.0
 platform: ruby
 authors:
 - Matt Jankowski
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2023-07-18 00:00:00.000000000 Z
+date: 2023-07-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bcrypt
@@ -80,24 +80,52 @@ files:
 - LICENSE.txt
 - README.md
 - Rakefile
+- app/controllers/avocado/affirmations_controller.rb
+- app/controllers/avocado/base_controller.rb
+- app/controllers/avocado/emails_controller.rb
+- app/controllers/avocado/events_controller.rb
+- app/controllers/avocado/passwords_controller.rb
+- app/controllers/avocado/recoveries_controller.rb
+- app/controllers/avocado/registrations_controller.rb
+- app/controllers/avocado/sessions_controller.rb
+- app/controllers/avocado/verifications_controller.rb
+- app/views/avocado/affirmations/new.html.erb
+- app/views/avocado/emails/edit.html.erb
+- app/views/avocado/events/_event.html.erb
+- app/views/avocado/events/index.html.erb
+- app/views/avocado/mailer/email_affirmation.text.erb
+- app/views/avocado/mailer/email_verification.text.erb
+- app/views/avocado/mailer/password_reset.text.erb
+- app/views/avocado/passwords/edit.html.erb
+- app/views/avocado/recoveries/edit.html.erb
+- app/views/avocado/recoveries/new.html.erb
+- app/views/avocado/registrations/new.html.erb
+- app/views/avocado/sessions/_session.html.erb
+- app/views/avocado/sessions/index.html.erb
+- app/views/avocado/sessions/new.html.erb
 - config.ru
+- config/routes.rb
 - lib/avocado.rb
+- lib/avocado/authentication.rb
+- lib/avocado/current.rb
+- lib/avocado/engine.rb
+- lib/avocado/event.rb
 - lib/avocado/mailer.rb
+- lib/avocado/session.rb
+- lib/avocado/session_callbacks.rb
 - lib/avocado/user.rb
-- lib/avocado/user_email.rb
-- lib/avocado/user_email_affirmation.rb
-- lib/avocado/user_email_verification.rb
-- lib/avocado/user_password.rb
-- lib/avocado/user_password_reset.rb
+- lib/avocado/user_callbacks.rb
+- lib/avocado/user_tokens.rb
+- lib/avocado/user_validations.rb
 - lib/avocado/version.rb
 - sig/avocado.rbs
-homepage: https://github.com/unicorngroomers/avocado
+homepage: https://github.com/tcuwp/avocado
 licenses:
 - MIT
 metadata:
-  homepage_uri: https://github.com/unicorngroomers/avocado
-  source_code_uri: https://github.com/unicorngroomers/avocado
-  changelog_uri: https://github.com/unicorngroomers/avocado/blob/main/CHANGELOG.md
+  homepage_uri: https://github.com/tcuwp/avocado
+  source_code_uri: https://github.com/tcuwp/avocado
+  changelog_uri: https://github.com/tcuwp/avocado/blob/main/CHANGELOG.md
 post_install_message:
 rdoc_options: []
 require_paths:

data/lib/avocado/user_email.rb

@@ -1,15 +0,0 @@
-# frozen_string_literal: true
-
-require "active_support/concern"
-
-module Avocado
-  module UserEmail
-    extend ActiveSupport::Concern
-
-    included do
-      validates :email, presence: true, uniqueness: true, format: {with: URI::MailTo::EMAIL_REGEXP}
-
-      normalizes :email, with: ->(email) { email.downcase.strip }
-    end
-  end
-end

data/lib/avocado/user_email_affirmation.rb

@@ -1,15 +0,0 @@
-# frozen_string_literal: true
-
-require "active_support/concern"
-
-module Avocado
-  module UserEmailAffirmation
-    extend ActiveSupport::Concern
-
-    TOKEN_EXPIRATION = 16.minutes
-
-    included do
-      generates_token_for :email_affirmation, expires_in: TOKEN_EXPIRATION
-    end
-  end
-end

data/lib/avocado/user_email_verification.rb

@@ -1,17 +0,0 @@
-# frozen_string_literal: true
-
-require "active_support/concern"
-
-module Avocado
-  module UserEmailVerification
-    extend ActiveSupport::Concern
-
-    TOKEN_EXPIRATION = 2_048.minutes
-
-    included do
-      generates_token_for :email_verification, expires_in: TOKEN_EXPIRATION do
-        email
-      end
-    end
-  end
-end

data/lib/avocado/user_password.rb

@@ -1,18 +0,0 @@
-# frozen_string_literal: true
-
-require "active_support/concern"
-
-module Avocado
-  module UserPassword
-    extend ActiveSupport::Concern
-
-    REQUIRED_FORMAT = /\A(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9]).*\z/x
-    REQUIRED_LENGTH = 8
-
-    included do
-      has_secure_password
-
-      validates :password, format: {with: REQUIRED_FORMAT}, length: {minimum: REQUIRED_LENGTH}, allow_nil: true
-    end
-  end
-end

data/lib/avocado/user_password_reset.rb

@@ -1,27 +0,0 @@
-# frozen_string_literal: true
-
-require "active_support/concern"
-
-module Avocado
-  module UserPasswordReset
-    extend ActiveSupport::Concern
-
-    TOKEN_EXPIRATION = 64.minutes
-
-    included do
-      generates_token_for :password_reset, expires_in: TOKEN_EXPIRATION do
-        password_digest_salt
-      end
-    end
-
-    private
-
-    def password_digest_salt
-      password_from_digest.salt[-10..]
-    end
-
-    def password_from_digest
-      BCrypt::Password.new(password_digest)
-    end
-  end
-end