clavis 0.7.1

data/lib/generators/clavis/controller/templates/controller.rb.tt

@@ -0,0 +1,137 @@
+# frozen_string_literal: true
+
+class <%= class_name %>Controller < ApplicationController
+  include Clavis::Controllers::Concerns::Authentication
+  include Clavis::Controllers::Concerns::SessionManagement
+  
+  # Skip CSRF protection for callback action since OAuth providers will redirect to it
+  # The OAuth flow has its own CSRF protection via the state parameter
+  skip_before_action :verify_authenticity_token, only: [:callback]
+  
+  # Skip authentication for OAuth actions
+  skip_before_action :authenticate_user!, only: [:login, :authorize, :callback, :failure], if: -> { respond_to?(:authenticate_user!) }
+  
+  # Login page with OAuth provider buttons
+  def login
+    # If user is already logged in, redirect to root path
+    redirect_to after_login_path if authenticated?
+  end
+  
+  # Start OAuth flow
+  def authorize
+    # Store the current URL to return to after authentication if needed
+    store_location if params[:return_to].blank?
+    
+    # Store the return_to path in the session if explicitly provided
+    if params[:return_to].present?
+      Clavis::Security::SessionManager.store_redirect_uri(session, params[:return_to])
+    end
+    
+    # Start the OAuth flow
+    oauth_authorize
+  rescue => e
+    handle_error(e)
+  end
+  
+  # OAuth callback
+  def callback
+    oauth_callback do |user, auth_hash|
+      # Find or create user from OAuth data
+      @user = find_or_create_user(auth_hash)
+      
+      # Sign in the user using the secure cookie approach
+      sign_in_user(@user)
+      
+      # Redirect to the stored redirect URI or default path
+      redirect_uri = Clavis::Security::SessionManager.validate_and_retrieve_redirect_uri(
+        session,
+        default: after_login_path
+      )
+      
+      redirect_to redirect_uri
+    end
+  rescue => e
+    handle_error(e)
+  end
+  
+  # OAuth failure
+  def failure
+    message = params[:message] || "Authentication failed"
+    flash[:alert] = Clavis::Security::InputValidator.sanitize(message)
+    redirect_to login_path
+  end
+  
+  # Logout
+  def logout
+    sign_out_user
+    redirect_to after_logout_path
+  end
+  
+  private
+  
+  # Find or create a user from OAuth data
+  def find_or_create_user(auth_hash)
+    # Find existing identity
+    identity = OauthIdentity.find_by(
+      provider: auth_hash[:provider],
+      uid: auth_hash[:uid]
+    )
+    
+    if identity&.user
+      # Update the identity with new token information
+      identity.update(
+        token: auth_hash[:credentials][:token],
+        refresh_token: auth_hash[:credentials][:refresh_token],
+        expires_at: auth_hash[:credentials][:expires_at]
+      )
+      
+      return identity.user
+    else
+      # Create a new user and identity
+      user = User.find_or_create_from_clavis(auth_hash)
+      
+      # Create the identity
+      OauthIdentity.create(
+        user: user,
+        provider: auth_hash[:provider],
+        uid: auth_hash[:uid],
+        token: auth_hash[:credentials][:token],
+        refresh_token: auth_hash[:credentials][:refresh_token],
+        expires_at: auth_hash[:credentials][:expires_at]
+      )
+      
+      return user
+    end
+  end
+  
+  # Handle errors
+  def handle_error(error)
+    case error
+    when Clavis::AuthorizationDenied
+      flash[:alert] = "Authorization denied: #{error.message}"
+      redirect_to login_path
+    when Clavis::InvalidState
+      flash[:alert] = "Invalid state parameter. Please try again."
+      redirect_to login_path
+    when Clavis::InvalidGrant
+      flash[:alert] = "Invalid authorization code. Please try again."
+      redirect_to login_path
+    when Clavis::InvalidNonce
+      flash[:alert] = "Invalid nonce parameter. Please try again."
+      redirect_to login_path
+    when Clavis::InvalidRedirectUri
+      flash[:alert] = "Invalid redirect URI. Please try again."
+      redirect_to login_path
+    when Clavis::ProviderError
+      flash[:alert] = "Provider error: #{error.message}"
+      redirect_to login_path
+    else
+      # Log the error
+      Rails.logger.error("OAuth Error: #{error.class.name} - #{error.message}")
+      Rails.logger.error(error.backtrace.join("\n"))
+      
+      flash[:alert] = "An error occurred during authentication. Please try again."
+      redirect_to login_path
+    end
+  end
+end 

data/lib/generators/clavis/controller/templates/views/login.html.erb.tt

@@ -0,0 +1,145 @@
+<div class="oauth-login-container">
+  <h1>Sign in with</h1>
+  
+  <% if flash[:alert] %>
+    <div class="alert alert-danger">
+      <%= flash[:alert] %>
+    </div>
+  <% end %>
+  
+  <div class="oauth-providers">
+    <% if Clavis.configuration.providers[:google] %>
+      <a href="<%= auth_path(:google) %>" class="oauth-button google-button">
+        <span class="provider-icon">G</span>
+        <span class="provider-name">Google</span>
+      </a>
+    <% end %>
+    
+    <% if Clavis.configuration.providers[:github] %>
+      <a href="<%= auth_path(:github) %>" class="oauth-button github-button">
+        <span class="provider-icon">GH</span>
+        <span class="provider-name">GitHub</span>
+      </a>
+    <% end %>
+    
+    <% if Clavis.configuration.providers[:facebook] %>
+      <a href="<%= auth_path(:facebook) %>" class="oauth-button facebook-button">
+        <span class="provider-icon">F</span>
+        <span class="provider-name">Facebook</span>
+      </a>
+    <% end %>
+    
+    <% if Clavis.configuration.providers[:apple] %>
+      <a href="<%= auth_path(:apple) %>" class="oauth-button apple-button">
+        <span class="provider-icon">A</span>
+        <span class="provider-name">Apple</span>
+      </a>
+    <% end %>
+    
+    <% if Clavis.configuration.providers[:microsoft] %>
+      <a href="<%= auth_path(:microsoft) %>" class="oauth-button microsoft-button">
+        <span class="provider-icon">M</span>
+        <span class="provider-name">Microsoft</span>
+      </a>
+    <% end %>
+  </div>
+</div>
+
+<style>
+  .oauth-login-container {
+    max-width: 400px;
+    margin: 0 auto;
+    padding: 2rem;
+    text-align: center;
+    font-family: system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif;
+  }
+  
+  .oauth-login-container h1 {
+    margin-bottom: 2rem;
+    font-weight: 500;
+  }
+  
+  .alert {
+    padding: 1rem;
+    margin-bottom: 1rem;
+    border-radius: 4px;
+  }
+  
+  .alert-danger {
+    background-color: #f8d7da;
+    color: #721c24;
+    border: 1px solid #f5c6cb;
+  }
+  
+  .oauth-providers {
+    display: flex;
+    flex-direction: column;
+    gap: 1rem;
+  }
+  
+  .oauth-button {
+    display: flex;
+    align-items: center;
+    padding: 0.75rem 1rem;
+    border-radius: 4px;
+    text-decoration: none;
+    font-weight: 500;
+    transition: background-color 0.2s;
+  }
+  
+  .provider-icon {
+    display: flex;
+    align-items: center;
+    justify-content: center;
+    width: 24px;
+    height: 24px;
+    margin-right: 1rem;
+    border-radius: 50%;
+    background-color: rgba(255, 255, 255, 0.2);
+  }
+  
+  .google-button {
+    background-color: #4285F4;
+    color: white;
+  }
+  
+  .google-button:hover {
+    background-color: #3367D6;
+  }
+  
+  .github-button {
+    background-color: #24292e;
+    color: white;
+  }
+  
+  .github-button:hover {
+    background-color: #1a1e22;
+  }
+  
+  .facebook-button {
+    background-color: #1877F2;
+    color: white;
+  }
+  
+  .facebook-button:hover {
+    background-color: #166fe5;
+  }
+  
+  .apple-button {
+    background-color: #000000;
+    color: white;
+  }
+  
+  .apple-button:hover {
+    background-color: #1a1a1a;
+  }
+  
+  .microsoft-button {
+    background-color: #00a4ef;
+    color: white;
+  }
+  
+  .microsoft-button:hover {
+    background-color: #0078d4;
+  }
+</style> 

data/lib/generators/clavis/install_generator.rb

@@ -0,0 +1,182 @@
+# frozen_string_literal: true
+
+require "rails/generators/base"
+require "rails/generators/active_record"
+require "rails/generators/actions"
+
+module Clavis
+  module Generators
+    class InstallGenerator < Rails::Generators::Base
+      include ActiveRecord::Generators::Migration
+      include Rails::Generators::Actions
+
+      source_root File.expand_path("templates", __dir__)
+
+      class_option :providers, type: :array, default: ["google"],
+                               desc: "List of providers to configure (google, github, apple, facebook, microsoft)"
+
+      # Implement the required next_migration_number method
+      # Must be defined as a class method
+      def self.next_migration_number(dirname)
+        next_migration_number = current_migration_number(dirname) + 1
+        ActiveRecord::Migration.next_migration_number(next_migration_number)
+      end
+
+      def create_initializer
+        template "initializer.rb", "config/initializers/clavis.rb"
+        say_status :create, "config/initializers/clavis.rb", :green
+      end
+
+      def add_stylesheets
+        # Create the vendor directory if it doesn't exist
+        vendor_css_dir = Rails.root.join("vendor", "assets", "stylesheets")
+        FileUtils.mkdir_p(vendor_css_dir) unless File.directory?(vendor_css_dir)
+
+        # Copy the CSS template to the vendor directory
+        template "clavis.css", "vendor/assets/stylesheets/clavis.css"
+        say_status :create, "vendor/assets/stylesheets/clavis.css", :green
+
+        # Create custom styles file in app/assets
+        create_file "app/assets/stylesheets/clavis_custom.css", "/* Add your custom Clavis styles here */"
+        say_status :create, "app/assets/stylesheets/clavis_custom.css", :green
+
+        # For Rails 7+ with Propshaft
+        if File.exist?(Rails.root.join("app", "assets", "stylesheets", "application.css"))
+          app_css_content = File.read(Rails.root.join("app", "assets", "stylesheets", "application.css"))
+          if app_css_content.include?("Propshaft")
+            # Create a separate file for Propshaft
+            propshaft_css_path = Rails.root.join("app", "assets", "stylesheets", "clavis_styles.css")
+            create_file propshaft_css_path, File.read(File.expand_path("clavis.css", source_paths.first))
+            say_status :create, "app/assets/stylesheets/clavis_styles.css for Propshaft", :green
+            @provide_css_instructions = true
+            return
+          end
+        end
+
+        # Different strategies for different asset pipeline setups
+        if File.exist?(Rails.root.join("app", "assets", "stylesheets", "application.scss"))
+          append_to_file "app/assets/stylesheets/application.scss", "\n@import 'clavis';\n"
+          say_status :insert, "clavis import in application.scss", :green
+        elsif File.exist?(Rails.root.join("app", "assets", "stylesheets", "application.css"))
+          inject_into_file "app/assets/stylesheets/application.css", " *= require clavis\n", before: "*/",
+                                                                                             verbose: false
+          say_status :insert, "clavis require in application.css", :green
+        elsif File.exist?(Rails.root.join("app", "assets", "stylesheets", "application.css.scss"))
+          append_to_file "app/assets/stylesheets/application.css.scss", "\n@import 'clavis';\n"
+          say_status :insert, "clavis import in application.css.scss", :green
+        else
+          say_status :warn, "Could not find main application CSS file", :yellow
+          create_file "app/assets/stylesheets/clavis_styles.css",
+                      File.read(File.expand_path("clavis.css", source_paths.first))
+          say_status :create, "app/assets/stylesheets/clavis_styles.css as fallback", :green
+          @provide_css_instructions = true
+        end
+      end
+
+      def create_migration
+        # First, create the OAuth identities table migration if it doesn't exist
+        create_identities_migration
+
+        # Then create the User table migration if the users table exists
+        create_user_migration
+      rescue ActiveRecord::NoDatabaseError
+        say_status :error, "Skipping migration because database doesn't exist. Run 'rails db:create' first.", :red
+      end
+
+      def mount_engine
+        # Check if the route already exists in the routes file
+        routes_content = File.read(Rails.root.join("config/routes.rb"))
+
+        # Only add the route if it doesn't already exist
+        if routes_content.include?("mount Clavis::Engine")
+          say_status :skip, "Clavis::Engine is already mounted, skipping route addition.", :yellow
+        else
+          route "mount Clavis::Engine => '/auth'"
+          say_status :route, "Mounted Clavis::Engine at /auth", :green
+          say_status :info, "Added auth_path and auth_callback_path route helpers", :green
+        end
+      end
+
+      def create_user_method
+        # Generate the user method concern
+        generate "clavis:user_method"
+      end
+
+      def show_post_install_message
+        say "\nClavis has been installed successfully!"
+
+        # Next steps
+        say "\nNext steps:"
+
+        steps = []
+
+        if @provide_css_instructions
+          steps << "Include the Clavis styles in your layout:\n   <%= stylesheet_link_tag 'clavis_styles' %>"
+        end
+
+        steps << "Configure your providers in config/initializers/clavis.rb"
+        steps << "Run migrations: rails db:migrate"
+        steps << "⚠️ Customize the user creation code in app/models/concerns/clavis_user_methods.rb"
+        steps << "Add OAuth buttons to your views:\n   <%= clavis_oauth_button :google %>"
+
+        # Output numbered steps
+        steps.each_with_index do |step, index|
+          say "#{index + 1}. #{step}"
+        end
+
+        say "\nClavis has configured your User model with OAuth support via the ClavisUserMethods concern."
+        say "IMPORTANT: The default implementation only sets the email field when creating users."
+        say "You MUST customize this to include all required fields for your User model."
+
+        say "\nFor more information, see the documentation at https://github.com/clayton/clavis"
+      end
+
+      private
+
+      def create_identities_migration
+        return if migration_exists?("db/migrate", "create_clavis_oauth_identities")
+
+        migration_number = self.class.next_migration_number("db/migrate")
+        @migration_class_name = "CreateClavisOauthIdentities"
+        template(
+          "migration.rb",
+          "db/migrate/#{migration_number}_create_clavis_oauth_identities.rb"
+        )
+        say_status :migration, "Created db/migrate/#{migration_number}_create_clavis_oauth_identities.rb", :green
+      end
+
+      def create_user_migration
+        return if migration_exists?("db/migrate", "add_oauth_to_users")
+
+        # Check if the users table exists
+        return unless table_exists?("users")
+
+        migration_number = self.class.next_migration_number("db/migrate")
+        @migration_class_name = "AddOauthToUsers"
+
+        template(
+          "add_oauth_to_users.rb",
+          "db/migrate/#{migration_number}_add_oauth_to_users.rb"
+        )
+        say_status :migration, "Created db/migrate/#{migration_number}_add_oauth_to_users.rb", :green
+      end
+
+      # Check if a migration with a given name already exists
+      def migration_exists?(dirname, migration_name)
+        Dir.glob("#{dirname}/[0-9]*_*.rb").grep(/\d+_#{migration_name}.rb$/).any?
+      end
+
+      # Check if a table exists in the database
+      def table_exists?(table_name)
+        ActiveRecord::Base.connection.table_exists?(table_name)
+      rescue ActiveRecord::NoDatabaseError
+        say_status :error, "No database connection. Run 'rails db:create' first.", :red
+        false
+      end
+
+      def providers
+        options[:providers]
+      end
+    end
+  end
+end

data/lib/generators/clavis/templates/add_oauth_to_users.rb

@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+class AddOauthToUsers < ActiveRecord::Migration[<%= Rails::VERSION::MAJOR %>.<%= Rails::VERSION::MINOR %>]
+  def change
+    # Add oauth_user flag to identify users created through OAuth
+    # This helps with password validation for has_secure_password
+    add_column :users, :oauth_user, :boolean, default: false
+    
+    # These fields are added by default for better OAuth integration
+    # You can comment out any fields you don't want to use
+    
+    # Cache the avatar URL from OAuth for quicker access
+    add_column :users, :avatar_url, :string, null: true
+
+    # Track when the user last authenticated via OAuth
+    add_column :users, :last_oauth_login_at, :datetime, null: true
+    
+    # Track which provider was most recently used
+    add_column :users, :last_oauth_provider, :string, null: true
+    
+    # Note: All OAuth identity information (tokens, credentials, etc.) is 
+    # stored in the clavis_oauth_identities table, not directly on the User.
+    
+    # If you have existing provider/uid columns, uncomment this to remove them:
+    remove_column :users, :provider, :string
+    remove_column :users, :uid, :string
+  end
+end

data/lib/generators/clavis/templates/clavis.css

@@ -0,0 +1,133 @@
+/* Clavis OAuth Button Styles */
+
+.clavis-oauth-button {
+  display: inline-flex;
+  align-items: center;
+  justify-content: center;
+  padding: 10px 16px;
+  border-radius: 4px;
+  font-size: 14px;
+  font-weight: 500;
+  text-decoration: none;
+  margin: 5px 0;
+  border: 1px solid rgba(0, 0, 0, 0.1);
+  transition: all 0.2s ease;
+  cursor: pointer;
+  min-width: 240px;
+  height: 40px;
+  box-sizing: border-box;
+}
+
+.clavis-oauth-button__icon, 
+.clavis-oauth-button span .clavis-icon {
+  width: 18px;
+  height: 18px;
+  margin-right: 10px;
+  fill: currentColor;
+}
+
+.clavis-oauth-button span {
+  line-height: 1;
+}
+
+/* Google - Following Google branding guidelines */
+.clavis-oauth-button--google {
+  background-color: white;
+  color: rgba(0, 0, 0, 0.54);
+  border: 1px solid #dadce0;
+  box-shadow: 0 1px 3px rgba(0, 0, 0, 0.08);
+  font-weight: 500;
+}
+
+.clavis-oauth-button--google:hover {
+  background-color: #f8f8f8;
+  box-shadow: 0 1px 3px rgba(0, 0, 0, 0.12);
+}
+
+.clavis-oauth-button--google:focus {
+  box-shadow: 0 0 0 3px rgba(66, 133, 244, 0.3);
+  outline: none;
+}
+
+.clavis-oauth-button--google .clavis-icon {
+  width: 18px;
+  height: 18px;
+}
+
+/* GitHub */
+.clavis-oauth-button--github {
+  background-color: #24292e;
+  color: white;
+}
+
+.clavis-oauth-button--github:hover {
+  background-color: #2c3238;
+  border-color: #24292e;
+}
+
+/* Apple - Following Apple's Sign in with Apple guidelines */
+.clavis-oauth-button--apple {
+  background-color: black;
+  color: white;
+  border-radius: 4px;
+}
+
+.clavis-oauth-button--apple:hover {
+  background-color: #333;
+}
+
+.clavis-oauth-button--apple .clavis-icon {
+  width: 16px;
+  height: 16px;
+}
+
+/* Facebook - Following Facebook branding guidelines */
+.clavis-oauth-button--facebook {
+  background-color: #1877F2;
+  color: white;
+  border: none;
+  font-weight: bold;
+}
+
+.clavis-oauth-button--facebook:hover {
+  background-color: #166fe5;
+  border-color: #166fe5;
+}
+
+/* Microsoft - Following Microsoft branding guidelines */
+.clavis-oauth-button--microsoft {
+  background-color: white;
+  color: #5e5e5e;
+  border: 1px solid #8c8c8c;
+}
+
+.clavis-oauth-button--microsoft:hover {
+  background-color: #f0f0f0;
+}
+
+.clavis-oauth-button--microsoft .clavis-icon {
+  width: 16px;
+  height: 16px;
+}
+
+/* Generic OAuth button */
+.clavis-oauth-button--oauth {
+  background-color: #f8f9fa;
+  color: #202124;
+  border: 1px solid #dadce0;
+}
+
+.clavis-oauth-button--oauth:hover {
+  background-color: #f1f3f4;
+}
+
+/* Error message */
+.clavis-error {
+  color: #721c24;
+  background-color: #f8d7da;
+  border: 1px solid #f5c6cb;
+  padding: 10px;
+  border-radius: 4px;
+  margin: 10px 0;
+  font-size: 14px;
+} 

data/lib/generators/clavis/templates/initializer.rb

@@ -0,0 +1,47 @@
+# frozen_string_literal: true
+
+Clavis.configure do |config|
+  # Configure your OAuth providers here
+  config.providers = {
+<% providers.each do |provider| %>
+    <%= provider %>: {
+      client_id: ENV["<%= provider.upcase %>_CLIENT_ID"] || Rails.application.credentials.dig(:<%= provider %>, :client_id),
+      client_secret: ENV["<%= provider.upcase %>_CLIENT_SECRET"] || Rails.application.credentials.dig(:<%= provider %>, :client_secret),
+      # IMPORTANT: This exact URI must be registered in the <%= provider.capitalize %> developer console/dashboard
+      # For example, in Google Cloud Console: APIs & Services > Credentials > OAuth 2.0 Client IDs > Authorized redirect URIs
+      redirect_uri: "http://localhost:3000/auth/<%= provider %>/callback" # Change this in production
+    },
+<% end %>
+  }
+
+  # Default scopes to request from providers
+  # config.default_scopes = "email profile"
+
+  # Enable verbose logging for debugging
+  # config.verbose_logging = true
+  
+  # User class and finder method
+  # These settings control how Clavis finds or creates users from OAuth data
+  # config.user_class = "User" # The class to use for user creation/lookup
+  # config.user_finder_method = :find_or_create_from_clavis # The method to call on user_class
+  #
+  # Make sure to add this method to your User model:
+  #   rails generate clavis:user_method
+  #
+  # Or implement it manually with your custom logic
+
+  # Custom claims processor
+  # config.claims_processor = proc do |auth_hash, user|
+  #   # Process specific claims
+  #   if auth_hash[:provider] == "google" && auth_hash[:info][:email_verified]
+  #     user.verified_email = true
+  #   end
+  # end
+  
+  # IMPORTANT: By default, after successful authentication users will be
+  # redirected to your application's root_path. If you need to customize this,
+  # you can override the after_login_path method in your own controller.
+  # 
+  # If you're experiencing redirect loops after authentication, make sure 
+  # you have a root_path defined in your application.
+end