avocado 0.5.0 → 0.7.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a530ebf9605c2bb861d2da09da546513e68c4f647fc97c80686e07b32985cabe
-  data.tar.gz: 3be481be5c31ce2ee3bb1ea1a2d796bb7f8cbe850f7ccf2de6f296384a656bb2
+  metadata.gz: e9ec8adfbc4563b5bbcddd5d5406963b4a9fe7d5a38765e35a86c9a3d35a09a0
+  data.tar.gz: 6db1dfa3a370661017533e44f2278a09daeece5c145267f05f0bced8943ea910
 SHA512:
-  metadata.gz: cf3320eb985cc65c05c2da2d007697b4b9016d9a85f7ebebbd0735d744d7f8ca77096d86182c6761b63ea6f51f4b942a3c2dd363bb102ccc4ed53da6f5702c4f
-  data.tar.gz: f0b021b9e0f3433f2034e5cccdc751a446b50bc870474376e1a39b84e973bbabfaef95b59d96f60986bbddc7695afe88b860bd2d1568f991a17b3b654d7f3995
+  metadata.gz: 9761662e0cf44fab571f6f6003aed2c0be2ae56424afbc1cc4b3ccb2f0d856a3e4d3b7a67c8a9e82b7d408977ebb30b4f1f61d9af0fd24db17c3fcb5c944cd89
+  data.tar.gz: a8021001d0f4864a36c981b2c5d18b71bca432f4f4b6fcde4ff6f07c38e7fc39f766dd39670041582cacb9a80526423eafd8156b5d8fc0580189679a1b67d144

data/CHANGELOG.md

@@ -1,33 +1,78 @@
+# Changelog
+
 ## [Unreleased]
 
+## [0.7.0] - 2023-08-10
+
+### Added
+
+- An `avocado:views` generator copies engine views into application
+
+### Changed
+
+- Flash messages for controllers moved to i18n yml
+- View forms updated to use `_form` partials
+- Move the reset phase of password recovery to a `Credentials` controller
+
+## [0.6.0] - 2023-07-25
+
+### Added
+
+- Migration generator
+
+### Changed
+
+- Affirmation and Verification paths require user action
+- Use session `token` instead of `id` for signed cookie value
+
 ## [0.5.0] - 2023-07-21
 
-- Add controller for "passwordless" email-link sign-in
-- Add event class to log user auth events
-- Add user-facing email and password edit pages
-- Add various event logging callbacks
-- Sign out all non current sessions when password changes
+### Added
+
+- Controller for "passwordless" email-link sign-in
+- `Event` class to log user auth events
+- User-facing email and password edit pages
+- Misc event logging callbacks
+
+### Changed
+
+- Sign out all non-current sessions when password changes
 
 ## [0.4.0] - 2023-07-19
 
+### Added
+
+- Controllers for signing up, signing in, password reset and email verification
+
+### Changed
+
 - Convert the `Avocado::Mailer` module into a class
-- Add controllers for signing up, signing in, password reset and email
-  verification
 
 ## [0.3.0] - 2023-07-17
 
-- Add an `Avocado::Mailer` which generates each of the signed ids
+### Added
+
+- `Avocado::Mailer` which generates each of the signed ids
+
+### Changed
+
 - Rename `password_recovery` to `password_reset`
 
 ## [0.2.0] - 2023-07-15
 
-- Validate presence, uniqueness, and format on `email` attribute
-- Normalize email value during save
-- Validate password format and length
-- Include a token generator for password recovery
+### Added
+
+- Validations for presence, uniqueness, and format on `email` attribute
+- Normalizer for email value during save
+- Validations on password format and length
+- Token generator for password recovery
+
+### Changed
+
 - Rename `Avocado::UserConcern` to `Avocado::User`
 
 ## [0.1.0] - 2023-07-14
 
-- Initial release
-- Add `Avocado::UserConcern` which calls `has_secure_password`
+### Added
+
+- `Avocado::UserConcern` which calls `has_secure_password`

data/README.md

@@ -1,6 +1,6 @@
-# Avocado
+# 🥑
 
-A collection of authentication tools for use in [Rails] 7.1+ applications.
+Authentication library for [Rails] 7.1+ applications.
 
 ## Installation
 
@@ -10,49 +10,13 @@ Add to the application's Gemfile by executing:
 
 ## Usage
 
-If you are nervous about using Rails features directly, preferring to consume
-such features via a packaged gem, you can include some Avocado modules into your
-application to get authentication functionality.
-
-As a prerequisite, you should have a database schema with columns that match the
-users and sessions tables from [the demo app schema]. It's ok to have more
-columns, but you need at least what is shown there.
-
-With that set, include the modules into your classes:
-
-```ruby
-class User < ApplicationRecord
-  include Avocado::User
-end
-
-class Session < ApplicationRecord
-  include Avocado::Session
-end
-
-class Event < ApplicationRecord
-  include Avocado::Event
-end
-
-class ApplicationController < ActionController::Base
-  include Avocado::Authentication
-end
-```
-
-This will enable a few things:
-
-- Models will get validations, associations, and normalizations
-- Rails built-in `has_secure_password` is called within `User`
-- A mailer with signed token generators is created
-- Controllers and Routes for sign up, sign in, password reset, email
-  verification, etc
-
-The `spec/internal` app within this repo has some example usage.
+Read the [documentation] for more details or the [wiki] for background.
 
 ## Development
 
-After checking out the repo, run `bin/setup` to install dependencies. Then, run
-`rake spec` to run the tests. You can also run `bin/console` for an interactive
-prompt that will allow you to experiment.
+After checking out the repo, run `bin/setup` to install dependencies. Use
+`bin/rspec` to run the full spec suite and `bin/standardrb` to run the linter.
+Running `bin/rake` will run specs & linter.
 
 ## Contributing
 
@@ -62,7 +26,8 @@ Bug reports and pull requests are welcome on [GitHub].
 
 The gem is available as open source under the terms of the [MIT License].
 
+[documentation]: https://github.com/tcuwp/avocado/blob/main/docs/USAGE.md
 [GitHub]: https://github.com/tcuwp/avocado
 [MIT License]: https://opensource.org/licenses/MIT
 [Rails]: https://github.com/rails/rails
-[the demo app schema]: https://github.com/tcuwp/avocado/blob/main/spec/internal/db/schema.rb
+[wiki]: https://github.com/tcuwp/avocado/wiki

data/Rakefile

@@ -1,5 +1,3 @@
-# frozen_string_literal: true
-
 require "bundler/gem_tasks"
 require "rspec/core/rake_task"
 

data/app/controllers/avocado/affirmations_controller.rb

@@ -1,23 +1,28 @@
-# frozen_string_literal: true
-
 module Avocado
   class AffirmationsController < BaseController
     skip_before_action :authenticate
 
-    before_action :set_user, only: :show
-    before_action :verify_user, only: :create
+    before_action :set_user,
+      only: %i[edit update]
+    before_action :verify_user,
+      only: :create
 
     def new
     end
 
-    def show
-      sign_in(@user)
-      redirect_to(root_path, notice: "Signed in successfully")
-    end
-
     def create
       send_affirmation_email
-      redirect_to new_session_path, notice: "Check your email for sign in instructions"
+      redirect_to new_session_path,
+        notice: t(".success")
+    end
+
+    def edit
+    end
+
+    def update
+      sign_in(@user)
+      redirect_to root_path,
+        notice: t(".success")
     end
 
     private
@@ -25,7 +30,8 @@ module Avocado
     def set_user
       @user = user_from_signed_affirmation_token
     rescue ActiveSupport::MessageVerifier::InvalidSignature
-      redirect_to new_affirmation_path, alert: "That sign in link is invalid"
+      redirect_to new_affirmation_path,
+        alert: t(".errors.invalid_token")
     end
 
     def user_from_signed_affirmation_token
@@ -33,19 +39,16 @@ module Avocado
     end
 
     def verify_user
-      unless user_from_params_email
-        redirect_to new_affirmation_path, alert: "You can't sign in until you verify your email"
+      unless requested_verified_user
+        redirect_to new_affirmation_path,
+          alert: t(".errors.unverified_email")
       end
     end
 
     def send_affirmation_email
-      mailer_for(user_from_params_email)
+      mailer_for(requested_verified_user)
         .email_affirmation
         .deliver_later
     end
-
-    def user_from_params_email
-      ::User.verified.find_by(email: params[:email])
-    end
   end
 end

data/app/controllers/avocado/base_controller.rb

@@ -1,21 +1,42 @@
-# frozen_string_literal: true
-
 module Avocado
   class BaseController < ApplicationController
+    FINDER_PARAMETERS = %i[email]
+
     private
 
     def verify_password_challenge
       unless current_user.authenticate(params_password_challenge)
-        redirect_back alert: "Password challenge failed.", fallback_location: root_path
+        redirect_back fallback_location: root_path,
+          alert: t("avocado.filters.invalid_password_challenge")
       end
     end
 
     def params_password_challenge
-      params.dig(:user, :password_challenge)
+      params
+        .dig(:user, :password_challenge)
+    end
+
+    def requested_verified_user
+      ::User
+        .verified
+        .find_by(email: finder_parameters[:email])
+    end
+
+    def finder_parameters
+      params
+        .require(:user)
+        .permit(FINDER_PARAMETERS)
     end
 
     def mailer_for(user)
-      Avocado::Mailer.with(user: user)
+      Avocado::Mailer
+        .with(user: user)
+    end
+
+    def send_email_verification(user)
+      mailer_for(user)
+        .email_verification
+        .deliver_later
     end
   end
 end

data/app/controllers/avocado/credentials_controller.rb

@@ -0,0 +1,41 @@
+module Avocado
+  class CredentialsController < BaseController
+    UPDATE_PARAMETERS = %i[password password_confirmation]
+
+    skip_before_action :authenticate
+
+    before_action :set_user
+
+    def edit
+    end
+
+    def update
+      if @user.update(update_parameters)
+        redirect_to new_session_path,
+          notice: t(".success")
+      else
+        render :edit, status: :unprocessable_entity
+      end
+    end
+
+    private
+
+    def set_user
+      @user = user_from_signed_password_reset_token
+    rescue ActiveSupport::MessageVerifier::InvalidSignature
+      redirect_to new_recovery_path,
+        alert: t(".errors.invalid_token")
+    end
+
+    def user_from_signed_password_reset_token
+      ::User
+        .find_by_token_for!(:password_reset, params[:id])
+    end
+
+    def update_parameters
+      params
+        .require(:user)
+        .permit(UPDATE_PARAMETERS)
+    end
+  end
+end

data/app/controllers/avocado/emails_controller.rb

@@ -1,18 +1,19 @@
-# frozen_string_literal: true
-
 module Avocado
   class EmailsController < BaseController
-    PERMITTED_PARAMS = [:email]
+    UPDATE_PARAMETERS = %i[email]
 
     before_action :set_user
-    before_action :verify_password_challenge, only: :update
+    before_action :verify_password_challenge,
+      only: :update
 
     def edit
     end
 
     def update
-      if @user.update(user_params)
+      if @user.update(update_parameters)
         process_email_update
+        redirect_to root_path,
+          notice: t(".success")
       else
         render :edit, status: :unprocessable_entity
       end
@@ -24,25 +25,16 @@ module Avocado
       @user = current_user
     end
 
-    def user_params
+    def update_parameters
       params
         .require(:user)
-        .permit(PERMITTED_PARAMS)
+        .permit(UPDATE_PARAMETERS)
     end
 
     def process_email_update
       if @user.email_previously_changed?
-        resend_email_verification
-        redirect_to root_path, notice: "Your email has been changed"
-      else
-        redirect_to root_path
+        send_email_verification(@user)
       end
     end
-
-    def resend_email_verification
-      mailer_for(@user)
-        .email_verification
-        .deliver_later
-    end
   end
 end

data/app/controllers/avocado/events_controller.rb

@@ -1,9 +1,9 @@
-# frozen_string_literal: true
-
 module Avocado
   class EventsController < BaseController
     def index
-      @events = current_user.events.newest_first
+      @events = current_user
+        .events
+        .newest_first
     end
   end
 end

data/app/controllers/avocado/passwords_controller.rb

@@ -1,18 +1,18 @@
-# frozen_string_literal: true
-
 module Avocado
   class PasswordsController < BaseController
-    PERMITTED_PARAMS = [:password, :password_confirmation, :password_challenge]
+    UPDATE_PARAMETERS = %i[password password_confirmation password_challenge]
 
     before_action :set_user
-    before_action :verify_password_challenge, only: :update
+    before_action :verify_password_challenge,
+      only: :update
 
     def edit
     end
 
     def update
-      if @user.update(user_params)
-        redirect_to root_path, notice: "Your password has been changed"
+      if @user.update(update_parameters)
+        redirect_to root_path,
+          notice: t(".success")
       else
         render :edit, status: :unprocessable_entity
       end
@@ -24,10 +24,10 @@ module Avocado
       @user = current_user
     end
 
-    def user_params
+    def update_parameters
       params
         .require(:user)
-        .permit(PERMITTED_PARAMS)
+        .permit(UPDATE_PARAMETERS)
         .with_defaults(password_challenge: "")
     end
   end

data/app/controllers/avocado/recoveries_controller.rb

@@ -1,63 +1,30 @@
-# frozen_string_literal: true
-
 module Avocado
   class RecoveriesController < BaseController
-    PERMITTED_PARAMS = %i[password password_confirmation]
-
     skip_before_action :authenticate
 
-    before_action :set_user, only: %i[edit update]
-    before_action :verify_user, only: :create
+    before_action :verify_user,
+      only: :create
 
     def new
     end
 
-    def edit
-    end
-
     def create
       send_password_reset_email
-      redirect_to new_session_path, notice: "Check your email for reset instructions."
-    end
-
-    def update
-      if @user.update(user_params)
-        redirect_to new_session_path, notice: "Password reset successfully. Please sign in."
-      else
-        render :edit, status: :unprocessable_entity
-      end
+      redirect_to new_session_path,
+        notice: t(".success")
     end
 
     private
 
-    def set_user
-      @user = user_from_signed_password_reset_token
-    rescue ActiveSupport::MessageVerifier::InvalidSignature
-      redirect_to new_recovery_path, alert: "Password reset link is invalid."
-    end
-
-    def user_from_signed_password_reset_token
-      ::User.find_by_token_for!(:password_reset, params[:id])
-    end
-
     def verify_user
-      unless user_from_params_email
-        redirect_to new_recovery_path, alert: "Verify email first before resetting password."
+      unless requested_verified_user
+        redirect_to new_recovery_path,
+          alert: t(".errors.unverified_email")
       end
     end
 
-    def user_params
-      params
-        .require(:user)
-        .permit(PERMITTED_PARAMS)
-    end
-
-    def user_from_params_email
-      ::User.find_by(email: params[:email], verified: true)
-    end
-
     def send_password_reset_email
-      mailer_for(user_from_params_email)
+      mailer_for(requested_verified_user)
         .password_reset
         .deliver_later
     end

data/app/controllers/avocado/registrations_controller.rb

@@ -1,8 +1,6 @@
-# frozen_string_literal: true
-
 module Avocado
   class RegistrationsController < BaseController
-    PERMITTED_PARAMS = %i[email password password_confirmation]
+    INITIALIZATION_PARAMETERS = %i[email password password_confirmation]
 
     skip_before_action :authenticate
 
@@ -11,13 +9,14 @@ module Avocado
     end
 
     def create
-      @user = ::User.new(user_params)
+      @user = ::User.new(initialization_parameters)
 
       if @user.save
         sign_in(@user)
 
-        send_email_verification
-        redirect_to root_path, notice: "Registration successful"
+        send_email_verification(@user)
+        redirect_to root_path,
+          notice: t(".success")
       else
         render :new, status: :unprocessable_entity
       end
@@ -25,16 +24,10 @@ module Avocado
 
     private
 
-    def user_params
+    def initialization_parameters
       params
         .require(:user)
-        .permit(PERMITTED_PARAMS)
-    end
-
-    def send_email_verification
-      mailer_for(@user)
-        .email_verification
-        .deliver_later
+        .permit(INITIALIZATION_PARAMETERS)
     end
   end
 end

data/app/controllers/avocado/sessions_controller.rb

@@ -1,19 +1,21 @@
-# frozen_string_literal: true
-
 module Avocado
   class SessionsController < BaseController
-    PERMITTED_PARAMS = %i[email password]
+    AUTHENTICATION_PARAMETERS = %i[email password]
 
-    skip_before_action :authenticate, only: %i[new create]
+    skip_before_action :authenticate,
+      only: %i[new create]
 
     with_options only: :create do
       before_action :verify_authentication_attempt
     end
 
-    before_action :set_session, only: :destroy
+    before_action :set_session,
+      only: :destroy
 
     def index
-      @sessions = current_user.sessions.newest_first
+      @sessions = current_user
+        .sessions
+        .newest_first
     end
 
     def new
@@ -23,35 +25,41 @@ module Avocado
     def create
       sign_in(authenticated_user)
 
-      redirect_to root_path, notice: "Session created"
+      redirect_to root_path,
+        notice: t(".success")
     end
 
     def destroy
       @session.destroy
-      redirect_to sessions_path, notice: "Session destroyed"
+      redirect_to sessions_path,
+        notice: t(".success")
     end
 
     private
 
-    def session_params
+    def authentication_parameters
       params
         .require(:session)
-        .permit(PERMITTED_PARAMS)
+        .permit(AUTHENTICATION_PARAMETERS)
         .with_defaults(email: "", password: "")
     end
 
     def authenticated_user
-      @_authenticated_user ||= ::User.authenticate_by(session_params)
+      @_authenticated_user ||= ::User
+        .authenticate_by(authentication_parameters)
     end
 
     def verify_authentication_attempt
       if authenticated_user.blank?
-        redirect_to new_session_path, alert: "Authentication failed"
+        redirect_to new_session_path,
+          alert: t(".errors.authentication")
       end
     end
 
     def set_session
-      @session = current_user.sessions.find(params[:id])
+      @session = current_user
+        .sessions
+        .find(params[:id])
     end
   end
 end