avocado 0.5.0 → 0.7.0

data/app/controllers/avocado/verifications_controller.rb

@@ -1,20 +1,23 @@
-# frozen_string_literal: true
-
 module Avocado
   class VerificationsController < BaseController
-    with_options only: :show do
+    with_options only: %i[edit update] do
       skip_before_action :authenticate
       before_action :set_user
     end
 
-    def show
+    def edit
+    end
+
+    def update
       @user.update! verified: true
-      redirect_to root_path, notice: "Email address verified."
+      redirect_to root_path,
+        notice: t(".success")
     end
 
     def create
-      send_email_verification
-      redirect_to root_path, notice: "Verification email sent to your address."
+      send_email_verification(current_user)
+      redirect_to root_path,
+        notice: t(".success")
     end
 
     private
@@ -22,17 +25,13 @@ module Avocado
     def set_user
       @user = user_from_signed_email_verification_token
     rescue ActiveSupport::MessageVerifier::InvalidSignature
-      redirect_to root_path, alert: "Email verification link is invalid."
+      redirect_to root_path,
+        alert: t(".errors.invalid_token")
     end
 
     def user_from_signed_email_verification_token
-      ::User.find_by_token_for!(:email_verification, params[:id])
-    end
-
-    def send_email_verification
-      mailer_for(current_user)
-        .email_verification
-        .deliver_later
+      ::User
+        .find_by_token_for!(:email_verification, params[:id])
     end
   end
 end

data/app/views/avocado/affirmations/_form.html.erb

@@ -0,0 +1,4 @@
+<div>
+  <%= form.label :email %>
+  <%= form.email_field :email, autofocus: true, autocomplete: "email", required: true %>
+</div>

data/app/views/avocado/affirmations/edit.html.erb

@@ -0,0 +1,7 @@
+<h2>
+  Sign in without password
+</h2>
+
+<%= form_with url: affirmation_path(id: params[:id]), method: :patch do |form| %>
+  <%= form.button "Submit", name: nil %>
+<% end -%>

data/app/views/avocado/affirmations/new.html.erb

@@ -6,9 +6,7 @@
   <%= link_to "Reset your password", new_recovery_path %>
 </p>
 
-<%= form_with url: affirmations_path do |form| %>
-  <%= form.label :email %>
-  <%= form.email_field :email, autofocus: true, autocomplete: "email", required: true %>
-
+<%= form_with url: affirmations_path, scope: :user do |form| %>
+  <%= render form %>
   <%= form.button "Submit", name: nil %>
 <% end -%>

data/app/views/avocado/{recoveries/edit.html.erb → credentials/_form.html.erb}

@@ -1,17 +1,8 @@
-<h2>
-  Change your password
-</h2>
-
-<p>
-  <%= link_to "Sign in to your account" %>
-</p>
-
-<%= form_with model: @user, url: recovery_path(id: params[:id]), method: :patch do |form| %>
+<div>
   <%= form.label :password %>
   <%= form.password_field :password, autocomplete: "new-password", required: true %>
-
+</div>
+<div>
   <%= form.label :password_confirmation %>
   <%= form.password_field :password_confirmation, autocomplete: "new-password", required: true %>
-
-  <%= form.button "Submit", name: nil %>
-<% end %>
+</div>

data/app/views/avocado/credentials/edit.html.erb

@@ -0,0 +1,12 @@
+<h2>
+  Change your password
+</h2>
+
+<p>
+  <%= link_to "Sign in to your account" %>
+</p>
+
+<%= form_with model: @user, url: credential_path(id: params[:id]), method: :patch do |form| %>
+  <%= render form %>
+  <%= form.button "Submit", name: nil %>
+<% end %>

data/app/views/avocado/emails/_form.html.erb

@@ -0,0 +1,8 @@
+<div>
+  <%= form.label :email %>
+  <%= form.email_field :email, autocomplete: "email", required: true %>
+</div>
+<div>
+  <%= form.label :password_challenge, "Current password" %>
+  <%= form.password_field :password_challenge, autocomplete: "current-password", required: true %>
+</div>

data/app/views/avocado/emails/edit.html.erb

@@ -10,11 +10,6 @@
 <% end %>
 
 <%= form_with model: @user, url: email_path, method: :patch do |form| %>
-  <%= form.label :email %>
-  <%= form.email_field :email, autocomplete: "email", required: true %>
-
-  <%= form.label :password_challenge, "Current password" %>
-  <%= form.password_field :password_challenge, autocomplete: "current-password", required: true %>
-
+  <%= render form %>
   <%= form.button "Submit", name: nil %>
 <% end %>

data/app/views/avocado/mailer/email_affirmation.text.erb

@@ -1,3 +1,3 @@
 Sign in by following this link:
 
-<%= affirmation_url(id: @signed_id) %>
+<%= edit_affirmation_url(id: @signed_id) %>

data/app/views/avocado/mailer/email_verification.text.erb

@@ -1,3 +1,3 @@
 Verify your email by following this link:
 
-<%= verification_url(id: @signed_id) %>
+<%= edit_verification_url(id: @signed_id) %>

data/app/views/avocado/mailer/password_reset.text.erb

@@ -1,3 +1,3 @@
 Reset your password by following this link:
 
-<%= edit_recovery_url(id: @signed_id) %>
+<%= edit_credential_url(id: @signed_id) %>

data/app/views/avocado/passwords/_form.html.erb

@@ -0,0 +1,12 @@
+<div>
+  <%= form.label :password_challenge, "Current password" %>
+  <%= form.password_field :password_challenge, autocomplete: "current-password", required: true %>
+</div>
+<div>
+  <%= form.label :password %>
+  <%= form.password_field :password, autocomplete: "new-password", required: true %>
+</div>
+<div>
+  <%= form.label :password_confirmation %>
+  <%= form.password_field :password_confirmation, autocomplete: "new-password", required: true %>
+</div>

data/app/views/avocado/passwords/edit.html.erb

@@ -3,14 +3,6 @@
 </h2>
 
 <%= form_with model: @user, url: password_path, method: :patch do |form| %>
-  <%= form.label :password_challenge, "Current password" %>
-  <%= form.password_field :password_challenge, autocomplete: "current-password", required: true %>
-
-  <%= form.label :password %>
-  <%= form.password_field :password, autocomplete: "new-password", required: true %>
-
-  <%= form.label :password_confirmation %>
-  <%= form.password_field :password_confirmation, autocomplete: "new-password", required: true %>
-
+  <%= render form %>
   <%= form.button "Submit", name: nil %>
 <% end %>

data/app/views/avocado/recoveries/_form.html.erb

@@ -0,0 +1,4 @@
+<div>
+  <%= form.label :email %>
+  <%= form.email_field :email, autofocus: true, autocomplete: "email", required: true %>
+</div>

data/app/views/avocado/recoveries/new.html.erb

@@ -6,9 +6,7 @@
   <%= link_to "Sign in to your account", new_session_path %>
 </p>
 
-<%= form_with url: recoveries_path do |form| %>
-  <%= form.label :email %>
-  <%= form.email_field :email, autofocus: true, autocomplete: "email", required: true %>
-
+<%= form_with url: recoveries_path, scope: :user do |form| %>
+  <%= render form %>
   <%= form.button "Submit", name: nil %>
 <% end -%>

data/app/views/avocado/registrations/_form.html.erb

@@ -0,0 +1,12 @@
+<div>
+  <%= form.label :email %>
+  <%= form.email_field :email, autofocus: true, autocomplete: "email", required: true %>
+</div>
+<div>
+  <%= form.label :password %>
+  <%= form.password_field :password, autocomplete: "new-password", required: true %>
+</div>
+<div>
+  <%= form.label :password_confirmation %>
+  <%= form.password_field :password_confirmation, autocomplete: "new-password", required: true %>
+</div>

data/app/views/avocado/registrations/new.html.erb

@@ -7,17 +7,6 @@
 </p>
 
 <%= form_with model: @user, url: registrations_path do |form| %>
-  <div>
-    <%= form.label :email %>
-    <%= form.email_field :email, autofocus: true, autocomplete: "email", required: true %>
-  </div>
-  <div>
-    <%= form.label :password %>
-    <%= form.password_field :password, autocomplete: "new-password", required: true %>
-  </div>
-  <div>
-    <%= form.label :password_confirmation %>
-    <%= form.password_field :password_confirmation, autocomplete: "new-password", required: true %>
-  </div>
+  <%= render form %>
   <%= form.button "Submit", name: nil %>
 <% end %>

data/app/views/avocado/sessions/_form.html.erb

@@ -0,0 +1,8 @@
+<div>
+  <%= form.label :email %>
+  <%= form.email_field :email, autofocus: true, autocomplete: "email", required: true %>
+</div>
+<div>
+  <%= form.label :password %>
+  <%= form.password_field :password, autocomplete: "current-password", required: true %>
+</div>

data/app/views/avocado/sessions/new.html.erb

@@ -7,9 +7,6 @@
 </p>
 
 <%= form_with model: @session do |form| %>
-  <%= form.label :email %>
-  <%= form.email_field :email, autofocus: true, autocomplete: "email", required: true %>
-  <%= form.label :password %>
-  <%= form.password_field :password, autocomplete: "current-password", required: true %>
+  <%= render form %>
   <%= form.button "Submit", name: nil %>
 <% end -%>

data/app/views/avocado/verifications/edit.html.erb

@@ -0,0 +1,7 @@
+<h2>
+  Verify your email
+</h2>
+
+<%= form_with url: verification_path(id: params[:id]), method: :patch do |form| %>
+  <%= form.button "Submit", name: nil %>
+<% end -%>

data/config/locales/en.yml

@@ -0,0 +1,45 @@
+en:
+  avocado:
+    affirmations:
+      create:
+        success: Check email for sign in instructions.
+      errors:
+        invalid_token: Sign in link is invalid.
+        unverified_email: Verify email first before signing in.
+      update:
+        success: Signed in successfully.
+    credentials:
+      update:
+        success: Password reset successfully.
+      errors:
+        invalid_token: Password reset link is invalid.
+    emails:
+      update:
+        success: Email has been changed.
+    filters:
+      invalid_password_challenge: Password challenge failed.
+    passwords:
+      update:
+        success: Password has been changed.
+    recoveries:
+      create:
+        success: Check email for reset instructions.
+      errors:
+        unverified_email: Verify email first before resetting password.
+    registrations:
+      create:
+        success: Registration successful.
+    sessions:
+      create:
+        success: Session created.
+      destroy:
+        success: Session destroyed.
+      errors:
+        authentication: Authentication failed.
+    verifications:
+      create:
+        success: Verification email sent.
+      errors:
+        invalid_token: Email verification link is invalid.
+      update:
+        success: Email address verified.

data/config/routes/avocado.rb

@@ -0,0 +1,11 @@
+scope module: :avocado do
+  resource :email, only: %i[edit update]
+  resource :password, only: %i[edit update]
+  resources :affirmations, only: %i[new create edit update]
+  resources :credentials, only: %i[edit update]
+  resources :events, only: %i[index]
+  resources :recoveries, only: %i[new create]
+  resources :registrations, only: %i[new create]
+  resources :sessions, only: %i[index new create destroy]
+  resources :verifications, only: %i[create edit update]
+end

data/config.ru

@@ -1,5 +1,3 @@
-# frozen_string_literal: true
-
 require "rubygems"
 require "bundler"
 

data/docs/USAGE.md

@@ -0,0 +1,164 @@
+# Overview
+
+The 🥑 gem is a [Rails Engine] composed of a mixture of Ruby modules that get
+included into application classes and Ruby classes which will run directly from
+the 🥑 gem itself. The classes are intended to provide good defaults for basic
+scenarios, and can be subclassed and overridden for special cases.
+
+## Requirements
+
+Apps must be running Rails 7.1 or newer. The 🥑 gem uses features like
+`authenticate_by`, the `password_challenge` feature of `has_secure_password`,
+`generates_token_for`, and `normalizes` which don't exist in earlier versions.
+
+The database schema must have columns that match the `users`, `sessions`, and
+`events` tables from the [demo app schema]. More columns in each table are
+acceptable; the demo is just a minimum. Slight variations (using `uuid` instead
+of `bigint` for example) are harmless, but large departures will break the
+integration.
+
+Run `bin/rails g avocado:migrations` to generate migrations for the tables.
+
+The application must also have:
+
+- An `ApplicationController` base controller class for the controllers to
+  inherit from.
+- An `ApplicationMailer` base mailer class which sets a layout and default
+  `from` value.
+- A `root_path` route helper method (typically generated by routes configured in
+  the application).
+
+## Usage
+
+### Models
+
+Include these modules into `ActiveRecord` model classes:
+
+```ruby
+class User < ApplicationRecord
+  include Avocado::User
+end
+
+class Session < ApplicationRecord
+  include Avocado::Session
+end
+
+class Event < ApplicationRecord
+  include Avocado::Event
+end
+```
+
+This will set up some basic associations, validations, callbacks, and
+normalizations for those models.
+
+### Controllers
+
+Add the `Avocado::Authentication` module to the top-level controller:
+
+```ruby
+class ApplicationController < ActionController::Base
+  include Avocado::Authentication
+end
+```
+
+### Routes
+
+By defalt, 🥑 does not add any routes to the application when initialized. To
+hook up the controllers to routes, they must be added to the `config/routes.rb`
+of the application. It's possible to add all of the routes, or just a subset.
+
+This example defines a `root` route and also pulls in every feature route:
+
+```ruby
+Rails.application.routes.draw do
+  root to: "records#index"
+  draw(🥑)
+end
+```
+
+This example defines a `root` route and adds only a subset of feature routes:
+
+```ruby
+Rails.application.routes.draw do
+  root to: "records#index"
+  scope module: 🥑 do
+    resources :registrations, only: %i[new create]
+    resources :sessions, only: %i[new create destroy]
+  end
+end
+```
+
+## Summary
+
+### Routable controller features
+
+The 🥑 gem will create REST-ful routes that go to the various controllers during
+app initialization.
+
+These external (unauthenticated) features are available:
+
+- `Registrations` -- Fill out new user form and create users
+- `Sessions` -- Sign in and sign out
+- `Recoveries` -- Triggers password reset via emailed expiring link
+- `Credentials` -- Use expiring token link from recovery to update password
+- `Verifications` -- Confirm email address on account creation or email change
+- `Affirmations` -- "Passwordless" authentication via emailed expiring link
+
+These internal (authenticated) features are available:
+
+- `Sessions` -- Index view of active sessions, ability to destroy sessions
+- `Events` -- Index view of the user activity audit log
+- `Passwords` -- Edit and update a user password
+- `Emails` -- Edit and update a user email
+
+Linking to any of these internal pages is optional. Apps can use them as-is,
+override their views, or even ignore them entirely and make local versions.
+
+### Mailers
+
+There is an `Avocado::Mailer` which gets called to send emails. The mailer views
+here are very basic, and should be overriden within applications. Place views
+within `app/views/avocado/mailer/` to make this happen.
+
+### Before actions
+
+There is an `authenticate` method installed as default controller behavior using
+`before_action :authenticate`. Any actions which do not need to be authenticated
+should disable this with `skip_before_action :authenticate`, or inherit from a
+controller which performs the skip.
+
+There is also a `set_current_request_details` method installed as a default
+`before_action` which takes some loggable request meta information (User Agent,
+IP Address) and sets their values in `Current` so that they are accesible to
+code elsewhere in the 🥑 gem.
+
+### Helpers
+
+The `Avocado::Authentication` module included into the application controller
+provides some helper methods available in controllers, views, and helpers:
+
+- `signed_in?` is true if the session has a signed in user
+- `current_session` provides the DB record for the session, if one exists
+- `current_user` returns the user belonging to that session
+
+Usage of these can be seen in the views in the [demo app].
+
+## Customization
+
+There is not any configuration. To override functionality:
+
+- Redefine a method created in one of the models by the included module
+- Subclass a controller and update the routing to go to the subclass
+- Place views in the app where avocado expects (`app/views/avocado`) them to
+  override the defaults
+
+There is an `avocado:views` generator which will copy all the views as a
+starting point for further modification.
+
+## Examples
+
+There is a [demo app] used by the specs which has some example usage.
+
+[demo app schema]: https://github.com/tcuwp/avocado/blob/main/spec/internal/db/schema.rb
+[demo app]: https://github.com/tcuwp/avocado/blob/main/spec/internal
+[Rails Engine]: https://guides.rubyonrails.org/engines.html#what-are-engines-questionmark

data/lib/avocado/authentication.rb

@@ -1,5 +1,3 @@
-# frozen_string_literal: true
-
 module Avocado
   module Authentication
     extend ActiveSupport::Concern
@@ -37,12 +35,12 @@ module Avocado
 
     def sign_in(user)
       ::Session.create!(user: user).tap do |session|
-        cookies.signed.permanent[:session_token] = {value: session.id, httponly: true}
+        cookies.signed.permanent[:session_token] = {value: session.token, httponly: true}
       end
     end
 
     def session_from_token
-      ::Session.find_by_id(cookies.signed[:session_token])
+      ::Session.find_by_token(cookies.signed[:session_token])
     end
 
     def set_current_request_details

data/lib/avocado/current.rb

@@ -1,5 +1,3 @@
-# frozen_string_literal: true
-
 module Avocado
   class Current < ActiveSupport::CurrentAttributes
     attribute :session,

data/lib/avocado/engine.rb

@@ -1,9 +1,12 @@
-# frozen_string_literal: true
-
 require "avocado"
 require "rails/engine"
 
 module Avocado
   class Engine < Rails::Engine
+    initializer :avocado_routing do
+      ActiveSupport.on_load(:action_dispatch_request) do
+        ActionDispatch::Routing::Mapper.define_method(:🥑) { :avocado }
+      end
+    end
   end
 end

data/lib/avocado/event.rb

@@ -1,5 +1,3 @@
-# frozen_string_literal: true
-
 module Avocado
   module Event
     extend ActiveSupport::Concern

data/lib/avocado/mailer.rb

@@ -1,5 +1,3 @@
-# frozen_string_literal: true
-
 module Avocado
   class Mailer < ApplicationMailer
     before_action :set_user

data/lib/avocado/session.rb

@@ -1,14 +1,18 @@
-# frozen_string_literal: true
-
 module Avocado
   module Session
     extend ActiveSupport::Concern
 
+    SECURE_TOKEN_LENGTH = 64
+
     included do
       include SessionCallbacks
 
+      has_secure_token length: SECURE_TOKEN_LENGTH, on: :initialize
+
       belongs_to :user
 
+      validates :token, presence: true
+
       scope :newest_first, -> { order(created_at: :desc) }
       scope :non_current, -> { where.not(id: Current.session) }
     end

data/lib/avocado/session_callbacks.rb

@@ -1,5 +1,3 @@
-# frozen_string_literal: true
-
 module Avocado
   module SessionCallbacks
     extend ActiveSupport::Concern

data/lib/avocado/user.rb

@@ -1,5 +1,3 @@
-# frozen_string_literal: true
-
 module Avocado
   module User
     extend ActiveSupport::Concern

data/lib/avocado/user_callbacks.rb

@@ -1,5 +1,3 @@
-# frozen_string_literal: true
-
 module Avocado
   module UserCallbacks
     extend ActiveSupport::Concern

data/lib/avocado/user_tokens.rb

@@ -1,5 +1,3 @@
-# frozen_string_literal: true
-
 module Avocado
   module UserTokens
     extend ActiveSupport::Concern

data/lib/avocado/user_validations.rb

@@ -1,5 +1,3 @@
-# frozen_string_literal: true
-
 module Avocado
   module UserValidations
     extend ActiveSupport::Concern

data/lib/avocado/version.rb

@@ -1,5 +1,3 @@
-# frozen_string_literal: true
-
 module Avocado
-  VERSION = "0.5.0"
+  VERSION = "0.7.0"
 end

data/lib/avocado.rb

@@ -1,5 +1,4 @@
-# frozen_string_literal: true
-
+require "active_support"
 require_relative "avocado/engine"
 
 module Avocado