better_authy 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 2cd343402586a23dd2212844efaa3a7007be3a0777b5012264d9380852b060c8
+  data.tar.gz: b0bde974d6e6c64172d8453193fe4c0727cd3d101b9548093928ab7a33259a0d
+SHA512:
+  metadata.gz: 7f58ca868ea2d945e6f2ec0e22b4c255295efa4354a277648c32d9547d3525e8515f705d595a0c4671225cdf77e4ae070891832dfb96fb1d95fefce52a267b94
+  data.tar.gz: df65aa3eb2b1afb41e9c386d92e045e8f9deb3763c512d5d381d9e7256becefc1dcfe8a08fb16a8671fbfa12bf995948096e04b0c6816eb9ce30abee277ea50a

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright Umberto Peserico
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,123 @@
+# BetterAuthy
+
+A flexible authentication engine for Rails 8.0+ with multi-scope support. Enables multiple authenticatable models (users, accounts, admins) through a scope-based configuration system.
+
+## Features
+
+- Multi-scope authentication (multiple user types)
+- Session-based authentication with encrypted cookies
+- Remember me functionality
+- Password reset via email
+- Sign-in tracking (IP, timestamp, count)
+
+## Quick Start
+
+### 1. Add to Gemfile
+
+```ruby
+gem "better_authy", "~> 0.1.0"
+```
+
+### 2. Configure scope
+
+```ruby
+# config/initializers/better_authy.rb
+BetterAuthy.configure do |config|
+  config.scope :user do |scope|
+    scope.model_name = "User"
+  end
+end
+```
+
+### 3. Add to model
+
+```ruby
+class User < ApplicationRecord
+  better_authy_authenticable :user
+end
+```
+
+### 4. Include controller helpers
+
+```ruby
+class ApplicationController < ActionController::Base
+  include BetterAuthy::ControllerHelpers
+end
+```
+
+### 5. Mount engine
+
+```ruby
+Rails.application.routes.draw do
+  mount BetterAuthy::Engine => "/auth"
+end
+```
+
+### 6. Create migration
+
+```ruby
+class CreateUsers < ActiveRecord::Migration[8.0]
+  def change
+    create_table :users, id: :uuid do |t|
+      t.timestamps null: false
+      t.string :email, null: false
+      t.string :password_digest, null: false
+      t.string :remember_token_digest
+      t.datetime :remember_created_at
+      t.string :password_reset_token_digest
+      t.datetime :password_reset_sent_at
+      t.integer :sign_in_count, default: 0
+      t.datetime :current_sign_in_at, :last_sign_in_at
+      t.string :current_sign_in_ip, :last_sign_in_ip
+      t.index :email, unique: true
+    end
+  end
+end
+```
+
+## Usage
+
+```ruby
+# In controllers
+before_action :authenticate_user!
+current_user
+user_signed_in?
+
+# Manual sign in/out
+sign_in_user(user, remember: true)
+sign_out_user
+```
+
+## Routes
+
+| Path | Description |
+|------|-------------|
+| `/auth/user/login` | Login |
+| `/auth/user/logout` | Logout |
+| `/auth/user/signup` | Registration |
+| `/auth/user/password/new` | Forgot password |
+| `/auth/user/password/edit` | Reset password |
+
+## Documentation
+
+See the [docs/](docs/) folder for detailed guides:
+
+- [Installation](docs/installation.md) - Complete setup instructions
+- [Configuration](docs/configuration.md) - All configuration options
+- [Models](docs/models.md) - Authenticable model setup
+- [Controller Helpers](docs/controller-helpers.md) - Authentication methods
+- [Routes](docs/routes.md) - Route helpers and customization
+- [Password Reset](docs/password-reset.md) - Password reset flow
+- [Multi-Scope](docs/multi-scope.md) - Multiple user types
+- [Testing](docs/testing.md) - Test setup and patterns
+
+## Dependencies
+
+- Rails >= 8.0
+- bcrypt ~> 3.1
+- view_component ~> 4.0
+- better_ui ~> 0.7
+
+## License
+
+MIT License

data/Rakefile

@@ -0,0 +1,3 @@
+require "bundler/setup"
+
+require "bundler/gem_tasks"

data/app/controllers/better_authy/base_controller.rb

@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+
+module BetterAuthy
+  class BaseController < ::ApplicationController
+    helper BetterAuthy::ApplicationHelper
+
+    layout :resolve_layout
+    protect_from_forgery with: :exception
+
+    private
+
+    def scope_name
+      # Scope is injected into params via routes defaults: { scope: scope_name }
+      params[:scope]
+    end
+
+    def scope_config
+      @scope_config ||= BetterAuthy.scope_for!(scope_name)
+    end
+
+    def redirect_if_signed_in
+      return unless send(:"#{scope_name}_signed_in?")
+
+      redirect_to scope_config.after_sign_in_path
+    end
+
+    def resolve_layout
+      return default_layout if scope_name.blank?
+
+      scope_config.layout
+    rescue BetterAuthy::ConfigurationError
+      default_layout
+    end
+
+    def default_layout
+      "better_authy/application"
+    end
+  end
+end

data/app/controllers/better_authy/passwords_controller.rb

@@ -0,0 +1,92 @@
+# frozen_string_literal: true
+
+module BetterAuthy
+  class PasswordsController < BaseController
+    before_action :redirect_if_signed_in, only: %i[new create edit update]
+    before_action :find_resource_by_token, only: %i[edit update]
+
+    def new
+      @forgot_password_form = BetterAuthy::ForgotPasswordForm.new
+    end
+
+    def create
+      @forgot_password_form = BetterAuthy::ForgotPasswordForm.new(forgot_password_params)
+
+      if @forgot_password_form.valid?
+        resource = find_resource_by_email
+        if resource
+          token = resource.generate_password_reset_token!
+          BetterAuthy::PasswordResetMailer.reset_password_instructions(
+            resource, token, scope_name
+          ).deliver_later
+        end
+        # Always show generic message to prevent email enumeration
+        redirect_to send(:"#{scope_name}_login_path"),
+                    notice: I18n.t("better_authy.passwords.send_instructions")
+      else
+        render :new, status: :unprocessable_content
+      end
+    end
+
+    def edit
+      @reset_password_form = BetterAuthy::ResetPasswordForm.new(token: params[:token])
+    end
+
+    def update
+      @reset_password_form = BetterAuthy::ResetPasswordForm.new(reset_password_params)
+
+      if @reset_password_form.valid? && @resource.reset_password!(
+        @reset_password_form.password,
+        @reset_password_form.password_confirmation
+      )
+        redirect_to send(:"#{scope_name}_login_path"),
+                    notice: I18n.t("better_authy.passwords.updated")
+      else
+        @resource.errors.each do |error|
+          @reset_password_form.errors.add(error.attribute, error.message)
+        end
+        render :edit, status: :unprocessable_content
+      end
+    end
+
+    private
+
+    def forgot_password_params
+      params.require(:forgot_password).permit(:email)
+    end
+
+    def reset_password_params
+      params.require(:reset_password).permit(:token, :password, :password_confirmation)
+    end
+
+    def find_resource_by_email
+      email = forgot_password_params[:email].to_s.strip.downcase
+      scope_config.model_class.find_by(email: email)
+    end
+
+    def find_resource_by_token
+      token = params[:token]
+      token ||= params.dig(:reset_password, :token)
+
+      if token.blank?
+        redirect_to send(:"new_#{scope_name}_password_path"),
+                    alert: I18n.t("better_authy.passwords.no_token")
+        return
+      end
+
+      @resource = find_resource_with_valid_token(token)
+
+      unless @resource
+        redirect_to send(:"new_#{scope_name}_password_path"),
+                    alert: I18n.t("better_authy.passwords.invalid_token")
+      end
+    end
+
+    def find_resource_with_valid_token(token)
+      scope_config.model_class.find_each do |resource|
+        return resource if resource.password_reset_token_valid?(token)
+      end
+      nil
+    end
+  end
+end

data/app/controllers/better_authy/registrations_controller.rb

@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+module BetterAuthy
+  class RegistrationsController < BaseController
+    before_action :redirect_if_signed_in, only: %i[new create]
+
+    def new
+      @resource = scope_config.model_class.new
+    end
+
+    def create
+      @resource = scope_config.model_class.new(resource_params)
+      if @resource.save
+        send(:"sign_in_#{scope_name}", @resource)
+        redirect_to scope_config.after_sign_in_path
+      else
+        render :new, status: :unprocessable_content
+      end
+    end
+
+    private
+
+    def resource_params
+      params.require(scope_name).permit(:email, :password, :password_confirmation)
+    end
+  end
+end

data/app/controllers/better_authy/sessions_controller.rb

@@ -0,0 +1,48 @@
+# frozen_string_literal: true
+
+module BetterAuthy
+  class SessionsController < BaseController
+    before_action :redirect_if_signed_in, only: %i[new create]
+
+    def new
+      @session_form = BetterAuthy::SessionForm.new(email: params.dig(:session, :email))
+    end
+
+    def create
+      @session_form = BetterAuthy::SessionForm.new(session_params)
+
+      # debugger
+
+      resource = find_resource_by_email
+      if resource&.authenticate(session_params[:password])
+        remember = @session_form.remember_me
+        send(:"sign_in_#{scope_name}", resource, remember: remember)
+        redirect_to scope_config.after_sign_in_path
+      else
+        render_invalid_credentials
+      end
+    end
+
+    def destroy
+      send(:"sign_out_#{scope_name}")
+      redirect_to scope_config.after_sign_in_path
+    end
+
+    private
+
+    def session_params
+      params.require(:session).permit(:email, :password, :remember_me)
+    end
+
+    def find_resource_by_email
+      email = session_params[:email].to_s.strip.downcase
+      scope_config.model_class.find_by(email: email)
+    end
+
+    def render_invalid_credentials
+      flash.now[:alert] = I18n.t("better_authy.sessions.invalid_credentials",
+                                  default: "Invalid email or password")
+      render :new, status: :unprocessable_content
+    end
+  end
+end

data/app/helpers/better_authy/application_helper.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+module BetterAuthy
+  module ApplicationHelper
+    include BetterUi::ApplicationHelper
+  end
+end

data/app/mailers/better_authy/application_mailer.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+module BetterAuthy
+  class ApplicationMailer < ::ActionMailer::Base
+    default from: -> { default_from_address }
+
+    private
+
+    def default_from_address
+      ENV.fetch("BETTER_AUTHY_MAILER_FROM", "noreply@example.com")
+    end
+  end
+end

data/app/mailers/better_authy/password_reset_mailer.rb

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+module BetterAuthy
+  class PasswordResetMailer < ApplicationMailer
+    include BetterAuthy::Engine.routes.url_helpers
+
+    def reset_password_instructions(resource, token, scope_name)
+      @resource = resource
+      @token = token
+      @scope_name = scope_name
+      @scope_config = BetterAuthy.scope_for!(scope_name)
+      @reset_url = send(:"edit_#{scope_name}_password_url", token: token)
+
+      mail(
+        to: resource.email,
+        subject: I18n.t("better_authy.passwords.mailer.subject")
+      )
+    end
+  end
+end

data/app/models/better_authy/forgot_password_form.rb

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+module BetterAuthy
+  class ForgotPasswordForm
+    include ActiveModel::Model
+    include ActiveModel::Attributes
+
+    attribute :email, :string
+
+    validates :email, presence: true
+  end
+end

data/app/models/better_authy/reset_password_form.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+module BetterAuthy
+  class ResetPasswordForm
+    include ActiveModel::Model
+    include ActiveModel::Attributes
+
+    attribute :token, :string
+    attribute :password, :string
+    attribute :password_confirmation, :string
+
+    validates :password, presence: true, length: { minimum: 8 }
+    validates :password_confirmation, presence: true
+  end
+end

data/app/models/better_authy/session_form.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+module BetterAuthy
+  class SessionForm
+    include ActiveModel::Model
+    include ActiveModel::Attributes
+
+    attribute :email, :string
+    attribute :password, :string
+    attribute :remember_me, :boolean, default: false
+
+    validates :email, presence: true
+    validates :password, presence: true
+  end
+end

data/app/views/better_authy/password_reset_mailer/reset_password_instructions.html.erb

@@ -0,0 +1,13 @@
+<h1><%= t("better_authy.passwords.mailer.greeting", email: @resource.email) %></h1>
+
+<p><%= t("better_authy.passwords.mailer.instruction") %></p>
+
+<p>
+  <a href="<%= @reset_url %>">
+    <%= t("better_authy.passwords.mailer.action") %>
+  </a>
+</p>
+
+<p><%= t("better_authy.passwords.mailer.ignore") %></p>
+
+<p><%= t("better_authy.passwords.mailer.expiration", hours: (@scope_config.password_reset_within / 1.hour).to_i) %></p>

data/app/views/better_authy/password_reset_mailer/reset_password_instructions.text.erb

@@ -0,0 +1,9 @@
+<%= t("better_authy.passwords.mailer.greeting", email: @resource.email) %>
+
+<%= t("better_authy.passwords.mailer.instruction") %>
+
+<%= @reset_url %>
+
+<%= t("better_authy.passwords.mailer.ignore") %>
+
+<%= t("better_authy.passwords.mailer.expiration", hours: (@scope_config.password_reset_within / 1.hour).to_i) %>

data/app/views/better_authy/passwords/edit.html.erb

@@ -0,0 +1,55 @@
+<% content_for :title, t("better_authy.passwords.reset_title") %>
+
+<div class="w-full max-w-md">
+  <% if flash[:alert].present? %>
+    <%= bui_action_messages([flash[:alert]],
+      variant: :danger,
+      style: :soft,
+      dismissible: true,
+      container_classes: "mb-6"
+    ) %>
+  <% end %>
+
+  <%= bui_card(
+    variant: :light,
+    style: :bordered,
+    size: :lg,
+    shadow: true
+  ) do |card| %>
+    <% card.with_header do %>
+      <h1 class="text-2xl font-bold text-center text-grayscale-900">
+        <%= t("better_authy.passwords.reset_title") %>
+      </h1>
+    <% end %>
+
+    <% card.with_body do %>
+      <%= form_with model: @reset_password_form, scope: :reset_password, url: send(:"#{params[:scope]}_password_path"), method: :patch, builder: BetterUi::UiFormBuilder, class: "space-y-6" do |f| %>
+        <%= f.hidden_field :token %>
+
+        <%= f.bui_password_input :password,
+          label: t("better_authy.attributes.password"),
+          placeholder: t("better_authy.placeholders.password"),
+          hint: t("better_authy.hints.password"),
+          autocomplete: "new-password" %>
+
+        <%= f.bui_password_input :password_confirmation,
+          label: t("better_authy.attributes.password_confirmation"),
+          placeholder: t("better_authy.placeholders.password_confirmation"),
+          autocomplete: "new-password" %>
+
+        <div>
+          <%= bui_button(
+            variant: :primary,
+            style: :solid,
+            size: :lg,
+            type: :submit,
+            show_loader_on_click: true,
+            container_classes: "w-full"
+          ) do %>
+            <%= t("better_authy.passwords.reset_submit") %>
+          <% end %>
+        </div>
+      <% end %>
+    <% end %>
+  <% end %>
+</div>

data/app/views/better_authy/passwords/new.html.erb

@@ -0,0 +1,61 @@
+<% content_for :title, t("better_authy.passwords.forgot_title") %>
+
+<div class="w-full max-w-md">
+  <% if flash[:alert].present? %>
+    <%= bui_action_messages([flash[:alert]],
+      variant: :danger,
+      style: :soft,
+      dismissible: true,
+      container_classes: "mb-6"
+    ) %>
+  <% end %>
+
+  <%= bui_card(
+    variant: :light,
+    style: :bordered,
+    size: :lg,
+    shadow: true
+  ) do |card| %>
+    <% card.with_header do %>
+      <h1 class="text-2xl font-bold text-center text-grayscale-900">
+        <%= t("better_authy.passwords.forgot_title") %>
+      </h1>
+    <% end %>
+
+    <% card.with_body do %>
+      <p class="text-sm text-grayscale-600 mb-6">
+        <%= t("better_authy.passwords.forgot_instruction") %>
+      </p>
+
+      <%= form_with model: @forgot_password_form, scope: :forgot_password, url: send(:"#{params[:scope]}_password_path"), builder: BetterUi::UiFormBuilder, class: "space-y-6" do |f| %>
+        <%= f.bui_text_input :email,
+          label: t("better_authy.attributes.email"),
+          placeholder: t("better_authy.placeholders.email"),
+          type: "email",
+          autocomplete: "email" %>
+
+        <div>
+          <%= bui_button(
+            variant: :primary,
+            style: :solid,
+            size: :lg,
+            type: :submit,
+            show_loader_on_click: true,
+            container_classes: "w-full"
+          ) do %>
+            <%= t("better_authy.passwords.forgot_submit") %>
+          <% end %>
+        </div>
+      <% end %>
+    <% end %>
+
+    <% card.with_footer do %>
+      <p class="text-center text-sm text-grayscale-600">
+        <%= t("better_authy.passwords.remembered") %>
+        <%= link_to t("better_authy.registrations.login_link"),
+                    send(:"#{params[:scope]}_login_path"),
+                    class: "font-medium text-primary-600 hover:text-primary-500" %>
+      </p>
+    <% end %>
+  <% end %>
+</div>

data/app/views/better_authy/registrations/new.html.erb

@@ -0,0 +1,59 @@
+<% content_for :title, t("better_authy.registrations.title") %>
+
+<div class="w-full max-w-md">
+  <%= bui_card(
+    variant: :light,
+    style: :bordered,
+    size: :lg,
+    shadow: true
+  ) do |card| %>
+    <% card.with_header do %>
+      <h1 class="text-2xl font-bold text-center text-grayscale-900">
+        <%= t("better_authy.registrations.title") %>
+      </h1>
+    <% end %>
+
+    <% card.with_body do %>
+      <%= form_with model: @resource, scope: params[:scope], url: request.path, builder: BetterUi::UiFormBuilder, class: "space-y-6" do |f| %>
+        <%= f.bui_text_input :email,
+          label: t("better_authy.attributes.email"),
+          placeholder: t("better_authy.placeholders.email"),
+          type: "email",
+          autocomplete: "email" %>
+
+        <%= f.bui_password_input :password,
+          label: t("better_authy.attributes.password"),
+          placeholder: t("better_authy.placeholders.password"),
+          hint: t("better_authy.hints.password"),
+          autocomplete: "new-password" %>
+
+        <%= f.bui_password_input :password_confirmation,
+          label: t("better_authy.attributes.password_confirmation"),
+          placeholder: t("better_authy.placeholders.password_confirmation"),
+          autocomplete: "new-password" %>
+
+        <div>
+          <%= bui_button(
+            variant: :primary,
+            style: :solid,
+            size: :lg,
+            type: :submit,
+            show_loader_on_click: true,
+            container_classes: "w-full"
+          ) do %>
+            <%= t("better_authy.registrations.submit") %>
+          <% end %>
+        </div>
+      <% end %>
+    <% end %>
+
+    <% card.with_footer do %>
+      <p class="text-center text-sm text-grayscale-600">
+        <%= t("better_authy.registrations.has_account") %>
+        <%= link_to t("better_authy.registrations.login_link"),
+                    send(:"#{params[:scope]}_login_path"),
+                    class: "font-medium text-primary-600 hover:text-primary-500" %>
+      </p>
+    <% end %>
+  <% end %>
+</div>