challah 1.5.0 → 2.0.0.beta2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 5267d7f2cfbc84cb4a6af2c0d4a863ef8790a853
-  data.tar.gz: cbf3accdb5a30c551041e0b749ce3fd7a3f84eb7
+SHA256:
+  metadata.gz: d05cda1196da8d17990de0b423ab5a7fcd8c90c520caf63bde46622d3bfbf785
+  data.tar.gz: 55f6dcfd49852401a3c9a4a908b437ed8bd76ca65505e6b7e89d8c4b22dfb752
 SHA512:
-  metadata.gz: 8849cba25a8264c34e120aa9c875040cac7aff7dc7a0f423b844098686f56544f66c973caaf089a018b5fd4bcbf7d7011ac972bb2124fb4ef888135eeea6b06b
-  data.tar.gz: d4c31ad4cc1301412bce1f6ebbeb3b1a5b6b79cb65ecfdbbe26041db09c8ac1eedd9b3e38839ce5ccee2855c5acd98f28bdbc299bf2b84f11b35d860202dd106
+  metadata.gz: bf730007a455b7da22048d46f0838a0da38f631cb687ab88520a85ac0340aa50c38682b90c9e43fc47e211ae6035fba1bee5cd231eae7a09b4aa74dc4d50522a
+  data.tar.gz: bf0c9af78de747792d290e7bab0c8ecdae8571658906959c7f073f179127b89e85b8b3a4abe4a8b5c7a2498b6e13f618e5f1fccea7f2c742d65848a6b2d93b12

data/CHANGELOG.md

@@ -1,3 +1,35 @@
+## Challah 2.0.0.beta2
+
+* "Support" for Rails 7.0
+* Drops support for Ruby prior to 2.6
+
+## Challah 2.0.0.beta1
+
+This version introduces the following breaking changes, and therefore a new major version number:
+
+* Plugins no longer supported. This was never fully baked and was only used for the now defunct challah-rolls library, which is no longer maintained.
+* Drops support for Rails 4
+* Drops support for Ruby prior to 2.5.0
+* Removes legacy support for boolean-based User#active column in favor of enums on User#status
+
+Plus the following new changes:
+
+* Support for Rails 6.0
+* Authorizations table is now properly set as a foreign key to users (for new installations only, for existing tables you can do this yourself)
+
+## Challah 1.6.1
+
+* Prevent an email address that is blank from saving the `User#email_hash` attribute
+* Removes default column for `last_session_ip` that unnecessarily stores user IP addresses by default and could be considered a privacy concern. This column can be manually included in the migration to still track the user IP.
+
+## Challah 1.6.0
+
+* For token technique, don't bother checking the database for an empty token query param
+* Add migration generator to account for Rails 5 migration inheritance syntax (`ActiveRecord::Migration[5.1]`)
+* Minor testing updates
+* Dependency updates, including renaming FactoryGirl to FactoryBot
+* Readme typo [PR #32](https://github.com/jdtornow/challah/pull/34) @stevenschobert
+
 ## Challah 1.5.0
 
 * Extract status enum to separate concern [PR #32](https://github.com/jdtornow/challah/pull/32) @philtr

data/README.md

@@ -1,6 +1,6 @@
 # Challah
 
-[![Build Status](https://travis-ci.org/jdtornow/challah.svg?branch=master)](https://travis-ci.org/jdtornow/challah) [![Code Climate](https://codeclimate.com/github/jdtornow/challah/badges/gpa.svg)](https://codeclimate.com/github/jdtornow/challah) [![Dependency Status](https://gemnasium.com/jdtornow/challah.svg)](https://gemnasium.com/jdtornow/challah) [![Gem Version](https://badge.fury.io/rb/challah.svg)](https://badge.fury.io/rb/challah)
+[![CircleCI](https://circleci.com/gh/jdtornow/challah.svg?style=svg)](https://circleci.com/gh/jdtornow/challah) [![Code Climate](https://codeclimate.com/github/jdtornow/challah/badges/gpa.svg)](https://codeclimate.com/github/jdtornow/challah) [![Gem Version](https://badge.fury.io/rb/challah.svg)](https://badge.fury.io/rb/challah)
 
 Challah (pronounced HAH-lah) is a simple Rails authentication gem that provides users a way to authenticate with your app. Most of the functionality within the gem lives within a Rails engine and tries to stay out of the way of your app.
 
@@ -8,9 +8,8 @@ Challah doesn't provide any fancy controllers or views that clutter your app or
 
 ## Requirements
 
-* Ruby 2.2.2+
-* Bundler
-* Rails 4.2+ (5.0 Recommended)
+* Ruby 2.5.0+
+* Rails 5.2+
 
 ## Installation
 
@@ -35,7 +34,7 @@ This will copy over the necessary migrations to your app and migrate the databas
 If you would prefer to handle these steps manually, you can do so by using these rake tasks instead:
 
 ```bash
-rails challah:setup:migrations
+rails generate challah
 rails challah:unpack:user
 rails db:migrate
 ```
@@ -187,7 +186,7 @@ curl -H "X-App-User: abc123" \
 
 _Note: Custom HTTP headers should always start with X-_
 
-## ActionCable in Rails 5
+## ActionCable
 
 Challah works well with securing your ActionCable channels since Rails 5. Here is a sample `ApplicationCable::Connection` file to secure connections to a valid signed-in user:
 
@@ -215,45 +214,13 @@ module ApplicationCable
 end
 ```
 
-## Upgrading to Challah 1.4+
-
-In Challah 1.4, the `active` boolean column changed to a `status` Rails enum with "active" as the default option. To upgrade a users table, use the following migration example:
-
-```bash
-rails g migration ConvertUsersActiveToEnum
-```
-
-```ruby
-class ConvertUsersActiveToEnum < ActiveRecord::Migration
-  def up
-    add_column :users, :status, :integer, default: 0
-
-    say_with_time "Converting users to status enum" do
-      User.where(active: false).update_all(status: User.statuses[:inactive])
-    end
-
-    remove_column :users, :active
-  end
-
-  def down
-    add_column :users, :active, :boolean, default: true
-
-    say_with_time "Converting users to active boolean" do
-      User.where(status: User.statuses[:inactive]).update_all(active: false)
-    end
-
-    remove_column :users, :status
-  end
-end
-```
-
 ## User Validations
 
 By default, the `first_name`, `last_name`, and `email` fields are required on the user model. If you'd prefer to add your own validations and leave the defaults off, you can use the following option within an initializer:
 
 ```ruby
 # in config/initializers/challah.rb
-Challah[:skip_user_validations] = true
+Challah.options[:skip_user_validations] = true
 ```
 
 ## Authorization Model

data/VERSION

@@ -1 +1 @@
-1.5.0
+2.0.0.beta2

data/app/controllers/sessions_controller.rb

@@ -3,6 +3,7 @@ if File.exist?(Rails.root.join("controllers/application_controller"))
 end
 
 class SessionsController < (defined?(ApplicationController) ? ApplicationController : ActionController::Base)
+
   before_action :destroy_session, except: :create
 
   # GET /login
@@ -20,7 +21,7 @@ class SessionsController < (defined?(ApplicationController) ? ApplicationControl
     if @session.save
       redirect_to return_to_path
     else
-      redirect_to signin_path, alert: I18n.translate('sessions.create.failed_login')
+      redirect_to signin_path, alert: I18n.translate("sessions.create.failed_login")
     end
   end
 
@@ -32,14 +33,14 @@ class SessionsController < (defined?(ApplicationController) ? ApplicationControl
 
   protected
 
-  def destroy_session
-    current_user_session.destroy
-  end
+    def destroy_session
+      current_user_session.destroy
+    end
 
-  def return_to_path(default_path = '/')
-    result = session[:return_to]
-    result = nil if result and result == "http://#{request.domain}/"
-    result || default_path
-  end
-end
+    def return_to_path(default_path = "/")
+      result = session[:return_to]
+      result = nil if result && (result == "http://#{ request.domain }/")
+      result || default_path
+    end
 
+end

data/app/models/authorization.rb

@@ -1,3 +1,5 @@
 class Authorization < ActiveRecord::Base
+
   include Challah::Authorizeable
+
 end

data/lib/challah/audit.rb

@@ -28,6 +28,7 @@ module Challah
   #       end
   #
   module Audit
+
     extend ActiveSupport::Concern
 
     included do
@@ -58,53 +59,54 @@ module Challah
 
     private
 
-    def before_save_audit
-      if new_record?
-        all_audit_attributes.map(&:to_s).each do |column|
-          if respond_to?(column) && respond_to?("#{ column }=")
-            write_attribute(column, current_user_id)
+      def before_save_audit
+        if new_record?
+          all_audit_attributes.map(&:to_s).each do |column|
+            if respond_to?(column) && respond_to?("#{ column }=")
+              write_attribute(column, current_user_id)
+            end
           end
-        end
-      else
-        audit_attributes_for_update.map(&:to_s).each do |column|
-          if respond_to?(column) && respond_to?("#{ column }=")
-            next if attribute_changed?(column) # don't update the column if we already manually did
-            write_attribute(column, current_user_id)
+        else
+          audit_attributes_for_update.map(&:to_s).each do |column|
+            if respond_to?(column) && respond_to?("#{ column }=")
+              next if attribute_changed?(column) # don't update the column if we already manually did
+              write_attribute(column, current_user_id)
+            end
           end
         end
       end
-    end
-
-    # @private
-    def audit_attributes_for_update
-      [ :updated_by, :modifed_by, :updated_user_id ]
-    end
 
-    # @private
-    def audit_attributes_for_create
-      [ :created_by, :created_user_id ]
-    end
+      # @private
+      def audit_attributes_for_update
+        [ :updated_by, :modifed_by, :updated_user_id ]
+      end
 
-    # @private
-    def all_audit_attributes
-      audit_attributes_for_update + audit_attributes_for_create
-    end
+      # @private
+      def audit_attributes_for_create
+        [ :created_by, :created_user_id ]
+      end
 
-    # Clear attributes and changed_attributes
-    def clear_audit_attributes
-      all_audit_attributes.each do |attribute_name|
-        if respond_to?(attribute_name) && respond_to?("#{ attribute_name }=")
-          write_attribute(attribute_name, nil)
-        end
+      # @private
+      def all_audit_attributes
+        audit_attributes_for_update + audit_attributes_for_create
       end
 
-      @changed_attributes = changed_attributes.reduce(ActiveSupport::HashWithIndifferentAccess.new) do |result, (key, value)|
-        unless all_audit_attributes.include?(key.to_sym)
-          result[key] = value
+      # Clear attributes and changed_attributes
+      def clear_audit_attributes
+        all_audit_attributes.each do |attribute_name|
+          if respond_to?(attribute_name) && respond_to?("#{ attribute_name }=")
+            write_attribute(attribute_name, nil)
+          end
         end
 
-        result
+        @changed_attributes = changed_attributes.reduce(ActiveSupport::HashWithIndifferentAccess.new) do |result, (key, value)|
+          unless all_audit_attributes.include?(key.to_sym)
+            result[key] = value
+          end
+
+          result
+        end
       end
-    end
+
   end
 end

data/lib/challah/authenticators/api_key.rb

@@ -1,9 +1,11 @@
 module Challah
   module Authenticators
     class ApiKey
+
       def self.match?(user, provider, api_key)
-        user.api_key ==  api_key.to_s.strip
+        user.api_key == api_key.to_s.strip
       end
+
     end
   end
-end
+end

data/lib/challah/authenticators/password.rb

@@ -1,6 +1,7 @@
 module Challah
   module Authenticators
     class Password
+
       def self.match?(user, provider, plain_password)
         if !!provider
           crypted_password = provider.fetch(:token)
@@ -9,6 +10,7 @@ module Challah
 
         false
       end
+
     end
   end
-end
+end

data/lib/challah/authenticators.rb

@@ -1,8 +1,9 @@
-require 'challah/authenticators/api_key'
-require 'challah/authenticators/password'
+require "challah/authenticators/api_key"
+require "challah/authenticators/password"
 
 module Challah
   module Authenticators
+
     # Register a new authenticator.
     #
     # Usage:
@@ -19,5 +20,6 @@ module Challah
     def authenticators
       @authenticators.dup
     end
+
   end
-end
+end

data/lib/challah/concerns/authorizeable.rb

@@ -1,5 +1,6 @@
 module Challah
   module Authorizeable
+
     extend ActiveSupport::Concern
 
     included do
@@ -12,6 +13,7 @@ module Challah
     end
 
     module ClassMethods
+
       def hashable_attributes
         protected_attributes = %w( user_id provider last_session_at last_session_ip session_count created_at updated_at )
         @hashable_attributes ||= self.columns.map(&:name) - protected_attributes
@@ -63,6 +65,8 @@ module Challah
       def user_model
         @user_model ||= Challah.user
       end
+
     end
+
   end
 end

data/lib/challah/concerns/user/attributeable.rb

@@ -1,5 +1,6 @@
 module Challah
   module UserAttributeable
+
     extend ActiveSupport::Concern
 
     included do
@@ -30,44 +31,51 @@ module Challah
 
     protected
 
-    # Ensure that all system-generated columns aren't blank on each save
-    def ensure_user_tokens
-      ensure_api_key_presence
-      ensure_email_hash_presence
-      ensure_persistence_token_presence
-    end
+      # Ensure that all system-generated columns aren't blank on each save
+      def ensure_user_tokens
+        ensure_api_key_presence
+        ensure_email_hash_presence
+        ensure_persistence_token_presence
+      end
 
-    # Store a random seed for this user's api key
-    def ensure_api_key_presence
-      if respond_to?("api_key=")
-        if self.api_key.to_s.blank?
-          self.api_key = Random.token(50)
+      # Store a random seed for this user's api key
+      def ensure_api_key_presence
+        if respond_to?("api_key=")
+          if self.api_key.to_s.blank?
+            self.api_key = Random.token(50)
+          end
         end
       end
-    end
 
-    # Store a hashed email if the column exists
-    def ensure_email_hash_presence
-      if respond_to?("email_hash=")
-        if email_changed?
-          self.email_hash = Encrypter.md5(email.to_s.downcase.strip)
+      # Store a hashed email if the column exists
+      def ensure_email_hash_presence
+        if respond_to?("email_hash=")
+          if email_changed?
+            self.email_hash = generate_email_hash
+          end
         end
       end
-    end
 
-    # Store a random token to identify user in persisted objects
-    def ensure_persistence_token_presence
-      if respond_to?("persistence_token=")
-        if self.persistence_token.to_s.blank?
-          self.persistence_token = Random.token(125)
+      # Store a random token to identify user in persisted objects
+      def ensure_persistence_token_presence
+        if respond_to?("persistence_token=")
+          if self.persistence_token.to_s.blank?
+            self.persistence_token = Random.token(125)
+          end
         end
       end
-    end
 
-    # Downcase email and strip if of whitespace
-    # Ex: "   HELLO@example.com   " => "hello@example.com"
-    def normalize_user_email
-      self.email = self.email.to_s.downcase.strip
-    end
+      def generate_email_hash
+        if self.email.present?
+          Encrypter.md5(email.to_s.downcase.strip)
+        end
+      end
+
+      # Downcase email and strip if of whitespace
+      # Ex: "   HELLO@example.com   " => "hello@example.com"
+      def normalize_user_email
+        self.email = self.email.to_s.downcase.strip
+      end
+
   end
 end

data/lib/challah/concerns/user/authenticateable.rb

@@ -1,5 +1,6 @@
 module Challah
   module UserAuthenticateable
+
     # Generic authentication method. By default, this just checks to see if the password
     # given matches this user. You can also pass in the first parameter as the method
     # to use for a different type of authentication.
@@ -35,9 +36,10 @@ module Challah
     # been authenticated.
     def successful_authentication!(ip_address = nil)
       self.last_session_at = Time.now
-      self.last_session_ip = ip_address
+      self.last_session_ip = ip_address if respond_to?(:last_session_ip=)
       self.save
       self.increment!(:session_count, 1)
     end
+
   end
-end
+end

data/lib/challah/concerns/user/authorizable.rb

@@ -1,5 +1,6 @@
 module Challah
   module UserAuthorizable
+
     extend ActiveSupport::Concern
 
     included do
@@ -8,25 +9,28 @@ module Challah
       before_destroy :clear_authorizations_before_destroy
     end
 
-    protected
-
     def authorizations
       return [] if new_record?
       self.class.authorization_model.where(user_id: self.id)
     end
 
-    def clear_authorizations_before_destroy
-      authorizations.destroy_all
-    end
+    protected
 
-    module ClassMethods
-      def authorizations_table_name
-        @authorizations_table_name ||= authorization_model.table_name
+      def clear_authorizations_before_destroy
+        authorizations.destroy_all
       end
 
-      def authorization_model
-        @authorization_model ||= ::Authorization
+      module ClassMethods
+
+        def authorizations_table_name
+          @authorizations_table_name ||= authorization_model.table_name
+        end
+
+        def authorization_model
+          @authorization_model ||= ::Authorization
+        end
+
       end
-    end
+
   end
-end
+end

data/lib/challah/concerns/user/findable.rb

@@ -1,5 +1,6 @@
 module Challah
   module UserFindable
+
     extend ActiveSupport::Concern
 
     module ClassMethods
@@ -15,18 +16,20 @@ module Challah
 
       protected
 
-      def find_by_authorization(uid)
-        authorization = self.authorization_model
-        result = authorization.where(provider: :password, uid: uid).first
-        if result
-          result.user
+        def find_by_authorization(uid)
+          authorization = self.authorization_model
+          result = authorization.where(provider: :password, uid: uid).first
+          if result
+            result.user
+          end
+        end
+
+        def find_by_email(email)
+          return unless email.include?("@")
+          where(email: email).first
         end
-      end
 
-      def find_by_email(email)
-        return unless email.include?('@')
-        where(email: email).first
-      end
     end
+
   end
 end

data/lib/challah/concerns/user/passwordable.rb

@@ -1,5 +1,6 @@
 module Challah
   module UserPasswordable
+
     # Set the password and password_confirmation in one shortcut method.
     def password!(new_password)
       self.password = new_password
@@ -7,7 +8,7 @@ module Challah
     end
 
     def password_provider?
-      return true if @password_updated or @username_updated
+      return true if @password_updated || @username_updated
       !!providers[:password]
     end
 
@@ -37,12 +38,13 @@ module Challah
     end
 
     def username
-      @username ||= password_provider? ? password_provider.fetch(:uid, '') : ''
+      @username ||= password_provider? ? password_provider.fetch(:uid, "") : ""
     end
 
     def username=(value)
       @username_updated = true
       @username = value.to_s.strip.downcase
     end
+
   end
-end
+end

data/lib/challah/concerns/user/provideable.rb

@@ -1,5 +1,6 @@
 module Challah
   module UserProvideable
+
     extend ActiveSupport::Concern
 
     included do
@@ -76,30 +77,31 @@ module Challah
 
     protected
 
-    def clear_cached_providers_after_save
-      @providers = nil
-    end
-
-    # If password or username was changed, update the authorization record
-    def update_modified_providers_after_save
-      # Save password provider
-      if @password_updated or @username_updated
-        Challah.providers[:password].save(self)
-        @password_updated = false
-        @username_updated = false
-        @password = nil
+      def clear_cached_providers_after_save
+        @providers = nil
       end
 
-      # Save any other providers
-      Challah.custom_providers.each do |name, klass|
-        custom_provider_attributes = provider_attributes[name]
+      # If password or username was changed, update the authorization record
+      def update_modified_providers_after_save
+        # Save password provider
+        if @password_updated || @username_updated
+          Challah.providers[:password].save(self)
+          @password_updated = false
+          @username_updated = false
+          @password = nil
+        end
 
-        if custom_provider_attributes.respond_to?(:fetch)
-          if klass.valid?(self)
-            klass.save(self)
+        # Save any other providers
+        Challah.custom_providers.each do |name, klass|
+          custom_provider_attributes = provider_attributes[name]
+
+          if custom_provider_attributes.respond_to?(:fetch)
+            if klass.valid?(self)
+              klass.save(self)
+            end
           end
         end
       end
-    end
+
   end
-end
+end