booth 0.0.1 → 0.0.2

data/lib/booth/concerns/action.rb

@@ -1,6 +1,8 @@
+# frozen_string_literal: true
+
 module Booth
   module Concerns
-    # An "Action" is something that is called from a Rails controller.#
+    # An "Action" is something that is called from a Rails controller.
     # It contains all the logic that the controller action is supposed to execute.
     # By convention the "authentication scope" and the "request object" are passed in.
     module Action
@@ -8,10 +10,10 @@ module Booth
 
       included do
         include ::Booth::Logging
-        include ::Booth::MethodObject
+        include Calls
 
-        option :scope, ->(scope) { ::Booth::Syntaxes::Scope.call(scope).normalized_scope }
-        option :request, ::Booth::Request
+        option :scope, ::Booth::Coercers::Scope
+        option :request, ::Booth::Coercers::Request
 
         delegate :params, to: :request, private: true
       end
@@ -22,36 +24,46 @@ module Booth
       # May be overriden
       # ----------------
 
+      # An Action implements at least this method. It holds an Array of Transition classes.
+      #
+      # If a Transition feels responsible for handling the incoming params,
+      # it is instantiated and called, to change the state of the user authentication.
+      def transitions
+        raise "Implement `#transitions` in #{self}"
+      end
+
       def initialize_transition
-        transition.call(request:)
+        transition.call(scope:, request:)
       end
 
       def after_transition; end
 
-      def transitions
-        raise "Implement `#transitions` in #{self}"
-      end
-
       # ---------------
       # Never overriden
       # ---------------
 
       # I found this to be a repetitive pattern, so I added this method in this concern.
-      # It makes the code a little harder to read but probably still more robust.
+      # It makes the code a little harder to read but probably more robust.
       def do_transition
         if transition
-          # debug { "Calling Transition #{transition}" }
+          message = if ENV['DEBUG']
+                      "🔹 TRANSITION - #{transition.to_s.demodulize}"
+                    else
+                      "Calling Transition #{transition}"
+                    end
+          log { message }
+
           result = initialize_transition
           after_transition
           return result
         end
 
-        debug { 'No transition applies to these params' }
+        log { "❌ No transition applies to these params: #{params.keys.join(', ')}" }
         Tron.failure :unknown_transition
       end
 
       def transition
-        @transition ||= transitions.detect { _1.applicable?(params:) }
+        @transition ||= transitions.detect { it.applicable?(params:) }
       end
     end
   end

data/lib/booth/concerns/transition.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Booth
   module Concerns
     # A `Booth::Action` usually consists of several `Booth::Transition`s.
@@ -6,9 +8,10 @@ module Booth
 
       included do
         include ::Booth::Logging
-        include ::Booth::MethodObject
+        include Calls
 
-        option :request, ::Booth::Request
+        option :scope, ::Booth::Coercers::Scope
+        option :request, ::Booth::Coercers::Request
 
         delegate :params, to: :request, private: true
       end

data/lib/booth/configuration.rb

@@ -1,31 +1,22 @@
+# frozen_string_literal: true
+
 module Booth
   # Holds global configuration parameters.
   class Configuration
-    def otp_issuer(scope: :default)
-      @otp_issuers ||= {}
+    def initialize
+      @logger = rails_logger
+      @session_inactivity_lifetime = 1.year
 
-      @otp_issuers[scope.to_sym].to_s.presence || 'Login'
+      # Need to keep the name `request:` here, because it is checked when calling the lambda.
+      @relying_party_resolver = lambda { |request:| # rubocop:disable Lint/UnusedBlockArgument
+        raise 'Please set a Booth.config.relying_party_resolver'
+      }
     end
 
-    def set_otp_issuer(new_issuer, scope: :default)
-      @otp_issuers ||= {}
-
-      @otp_issuers[scope.to_sym] = new_issuer
-    end
-
-    def otp_issuer=(new_issuer)
-      set_otp_issuer(new_issuer)
-    end
+    attr_accessor :logger, :session_inactivity_lifetime, :relying_party_resolver
 
-    def logger
-      return if @no_logger
-
-      @logger || rails_logger
-    end
-
-    def logger=(new_logger)
-      @no_logger = new_logger.nil?
-      @logger = new_logger
+    def interaction_timeout
+      20.minutes
     end
 
     def log_to_rails_and_stdout!
@@ -34,47 +25,9 @@ module Booth
           ::Booth.config.send(:rails_logger).debug(...)
           ::Booth.config.send(:stdout_logger).debug(...)
         end
-
-        def warn(...)
-          ::Booth.config.send(:rails_logger).warn(...)
-          ::Booth.config.send(:stdout_logger).warn(...)
-        end
-
-        def error(...)
-          ::Booth.config.send(:rails_logger).error(...)
-          ::Booth.config.send(:stdout_logger).error(...)
-        end
       end.new
     end
 
-    def interaction_timeout
-      20.minutes
-    end
-
-    def session_inactivity_lifetime
-      @session_inactivity_lifetime ||= 3.months
-    end
-
-    def session_inactivity_lifetime=(new_lifetime)
-      @session_inactivity_lifetime = new_lifetime
-    end
-
-    def password_reset_window
-      2.hours
-    end
-
-    def onboarding_window
-      1.week
-    end
-
-    def otp_digits
-      6
-    end
-
-    def contest_digits
-      6
-    end
-
     private
 
     # The standard Rails logger does not show `progname`.
@@ -82,19 +35,7 @@ module Booth
     def rails_logger
       @rails_logger ||= Class.new do
         def debug(progname, &block)
-          ::Rails.logger.debug { "#{ActiveSupport::LogSubscriber.new.send(:color, progname, :blue)} - #{block.call}" }
-        end
-
-        def info(progname, &block)
-          ::Rails.logger.info { "#{ActiveSupport::LogSubscriber.new.send(:color, progname, :blue)} - #{block.call}" }
-        end
-
-        def warn(progname, &block)
-          ::Rails.logger.warn { "#{ActiveSupport::LogSubscriber.new.send(:color, progname, :blue)} - #{block.call}" }
-        end
-
-        def error(progname, &block)
-          ::Rails.logger.error { "#{ActiveSupport::LogSubscriber.new.send(:color, progname, :blue)} - #{block.call}" }
+          ::Rails.logger.debug { "#{Paint[progname, :blue]} - #{block.call}" }
         end
       end.new
     end
@@ -109,7 +50,7 @@ module Booth
 
     def stdout_logger_formatter
       proc do |severity, _, progname, message|
-        [severity.rjust(5), progname, '-', message, "\n"].join(' ')
+        "#{severity.rjust(5)} #{Paint[progname, :blue]} - #{message}\n"
       end
     end
   end

data/lib/booth/configure.rb

@@ -1,3 +1,6 @@
+# frozen_string_literal: true
+
+# The main module for this Ruby gem.
 module Booth
   # Lazy-loads and returns the global configuration instance.
   #
@@ -24,14 +27,4 @@ module Booth
   def self.configure
     yield config
   end
-
-  # Resets the configuration.
-  #
-  # @note This is useful for testing, since the configuration is global
-  #   and persists across tests.
-  # @api private
-  #
-  def self.reset!
-    @configs = nil
-  end
 end

data/lib/booth/{audits/register → core/audit}/completed_onboarding.rb

@@ -1,17 +1,19 @@
+# frozen_string_literal: true
+
 module Booth
-  module Audits
-    module Register
+  module Core
+    module Audit
       class CompletedOnboarding
-        include ::Booth::MethodObject
+        include Calls
 
         option :credential
         option :ip
         option :agent
 
         def call
-          ::Booth::Models::Audit.create! credential: credential,
-                                         ip: ip,
-                                         agent: agent,
+          ::Booth::Models::Audit.create! credential:,
+                                         ip:,
+                                         agent:,
                                          event: :completed_onboarding
 
           nil

data/lib/booth/core/audit/credential_created.rb

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+module Booth
+  module Core
+    module Audit
+      class CredentialCreated
+        include Calls
+
+        option :credential
+        option :ip
+        option :agent
+
+        def call
+          ::Booth::Models::Audit.create! credential:,
+                                         ip:,
+                                         agent:,
+                                         event: :registered
+
+          nil
+        end
+      end
+    end
+  end
+end

data/lib/booth/core/audit/logout.rb

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+module Booth
+  module Core
+    module Audit
+      class Logout
+        include Calls
+
+        option :credential
+        option :ip
+        option :agent
+
+        def call
+          ::Booth::Models::Audit.create! credential:,
+                                         ip:,
+                                         agent:,
+                                         event: :logout
+
+          nil
+        end
+      end
+    end
+  end
+end

data/lib/booth/core/authenticators/confirm.rb

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+module Booth
+  module Core
+    module Authenticators
+      class Confirm
+        include Calls
+        include ::Booth::Logging
+
+        option :authenticator
+        option :sign_count
+
+        def call
+          raise 'Authenticator is already confirmed' if authenticator.confirmed_at
+
+          log { 'Confirming Authenticator...' }
+          authenticator.transaction do
+            authenticator.update! sign_count:,
+                                  confirmed_at: Time.current
+          end
+
+          Tron.success :confirmation_successful
+        rescue ActiveRecord::ActiveRecordError => e
+          error { e }
+          Tron.failure :confirmation_failed
+        end
+      end
+    end
+  end
+end

data/lib/booth/core/authenticators/step.rb

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+module Booth
+  module Core
+    module Authenticators
+      # Registration status of an Authenticator.
+      class Step
+        include Calls
+
+        param :authenticator
+
+        def call
+          return :register if authenticator.device_id.blank? ||
+                              authenticator.public_key.blank? ||
+                              authenticator.sign_count.blank?
+          return :choose_nickname if authenticator.nickname.blank?
+          return :confirm if authenticator.confirmed_at.blank?
+
+          :completed
+        end
+      end
+    end
+  end
+end

data/lib/booth/core/cooldowns/distance_of_time.rb

@@ -0,0 +1,50 @@
+# frozen_string_literal: true
+
+module Booth
+  module Core
+    module Cooldowns
+      class DistanceOfTime
+        include Calls
+
+        option :from
+        option :till
+
+        def call
+          result = []
+          result.push("#{distance_in_hours} h") if show_hours?
+          result.push("#{distance_in_minutes} min") if show_minutes?
+          result.push("#{distance_in_seconds} s") if show_seconds?
+          result.join(' ')
+        end
+
+        def show_hours?
+          distance_in_hours.positive?
+        end
+
+        def show_minutes?
+          return false if (((till - from).abs % 3600) / 60) < 1
+
+          distance_in_minutes.nonzero?
+        end
+
+        def show_seconds?
+          return true if distance_in_seconds < 60
+
+          distance_in_hours.zero? && distance_in_minutes.zero?
+        end
+
+        def distance_in_hours
+          ((till - from).abs / 3600).floor
+        end
+
+        def distance_in_minutes
+          (((till - from).abs % 3600) / 60).round
+        end
+
+        def distance_in_seconds
+          (till - from).abs.round
+        end
+      end
+    end
+  end
+end

data/lib/booth/core/cooldowns/strategies/exponential.rb

@@ -0,0 +1,88 @@
+# frozen_string_literal: true
+
+module Booth
+  module Core
+    module Cooldowns
+      module Strategies
+        class Exponential
+          include Calls
+          include ::Booth::Logging
+
+          option :scope
+
+          def call
+            return limit_not_yet_reached! if seconds_to_wait.zero?
+
+            limit_reached!
+          end
+
+          private
+
+          def limit_reached!
+            log do
+              "Wait #{seconds_to_wait}/#{waiting_period} sec for #{number_of_incidents} incidents"
+            end
+            public_message = I18n.t('booth.try_again_cooldown', distance_of_time_until_cooldown:)
+
+            ::Booth::Core::Cooldowns::Strategies::Result.failure(
+              public_message:,
+              attempts_left: 999_999,
+              cooldown_at:,
+              number_of_incidents:,
+            )
+          end
+
+          def limit_not_yet_reached!
+            log { 'No need to wait' }
+
+            ::Booth::Core::Cooldowns::Strategies::Result.success(
+              public_message: nil,
+              attempts_left: 999_999,
+              number_of_incidents:,
+            )
+          end
+
+          # Calculation Helpers
+
+          def cooldown_at
+            seconds_to_wait.from_now
+          end
+
+          def seconds_to_wait
+            return 0 unless newest_timestamp
+
+            candidate = newest_timestamp.to_i + waiting_period - Time.current.to_i
+            return 0 if candidate.negative?
+
+            candidate
+          end
+
+          def waiting_period
+            return 2.years if number_of_incidents > 9
+
+            # This effectively implies less than 10 attempts.
+            (5**number_of_incidents).seconds
+          end
+
+          # Queries
+
+          def number_of_incidents
+            @number_of_incidents ||= scope.count
+          end
+
+          def newest_timestamp
+            return @newest_timestamp if defined? @newest_timestamp
+
+            @newest_timestamp = scope.maximum(:created_at)
+          end
+
+          # Helpers
+
+          def distance_of_time_until_cooldown
+            ::Booth::Core::Cooldowns::DistanceOfTime.call(from: Time.current, till: cooldown_at)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/booth/core/cooldowns/strategies/global.rb

@@ -0,0 +1,66 @@
+# frozen_string_literal: true
+
+module Booth
+  module Core
+    module Cooldowns
+      module Strategies
+        class Global
+          include Calls
+          include ::Booth::Logging
+
+          option :scope
+          option :max_attempts
+
+          def call
+            if number_of_incidents >= max_attempts
+              limit_reached!
+            else
+              limit_not_yet_reached!
+            end
+          end
+
+          private
+
+          def limit_reached!
+            log { "Limited globally #{number_of_incidents}/#{max_attempts}" }
+
+            ::Booth::Core::Cooldowns::Strategies::Result.failure(
+              public_message: I18n.t('booth.permanently_blocked'),
+              attempts_left:,
+              cooldown_at: nil,
+              number_of_incidents:,
+            )
+          end
+
+          def limit_not_yet_reached!
+            log { "Not yet globally limited #{number_of_incidents}/#{max_attempts}" }
+
+            ::Booth::Core::Cooldowns::Strategies::Result.success(
+              public_message:,
+              attempts_left:,
+              number_of_incidents:,
+            )
+          end
+
+          def public_message
+            return if number_of_incidents.zero?
+
+            if attempts_left == 1
+              I18n.t 'booth.last_attempt'
+            else
+              I18n.t 'booth.attempts_left', attempts_left:
+            end
+          end
+
+          def attempts_left
+            max_attempts - number_of_incidents
+          end
+
+          def number_of_incidents
+            @number_of_incidents ||= scope.count
+          end
+        end
+      end
+    end
+  end
+end

data/lib/booth/core/cooldowns/strategies/result.rb

@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+module Booth
+  module Core
+    module Cooldowns
+      module Strategies
+        # All strategies quack the same way.
+        # They respond an immutable Tron Data object with additional information.
+        module Result
+          def self.failure(number_of_incidents:, public_message:, cooldown_at:, attempts_left:)
+            Tron.failure :hot, public_message:,
+                               cooldown_at:,
+                               attempts_left:,
+                               number_of_incidents:
+          end
+
+          def self.success(public_message:, number_of_incidents:, attempts_left:)
+            Tron.success :cool, number_of_incidents:,
+                                cooldown_at: nil,
+                                public_message:,
+                                attempts_left:
+          end
+        end
+      end
+    end
+  end
+end

data/lib/booth/core/credentials/create.rb

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+module Booth
+  module Core
+    module Credentials
+      class Create
+        include Calls
+        include ::Booth::Logging
+
+        option :domain
+        option :scope
+        option :username
+
+        def call
+          if credential.save
+            log { "Successfully persisted a new Booth::Models::Credential record with ID #{credential.id.inspect}" }
+            Tron.success :credential_created, credential:
+          else
+            log { 'Could not persist a new Booth::Models::Credential record' }
+            Tron.failure :persistence_failed, error: credential.errors.to_a.to_sentence
+          end
+        end
+
+        private
+
+        def credential
+          @credential ||= ::Booth::Models::Credential.new(domain:, username:, scope:)
+        end
+      end
+    end
+  end
+end