clavis 0.7.1

data/Rakefile

@@ -0,0 +1,341 @@
+# frozen_string_literal: true
+
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new(:spec)
+
+task default: :ci
+
+# Helper method to safely run a Rails command and fix known issues
+def safe_rails_command(rails_app_dir, command)
+  Dir.chdir(rails_app_dir) do
+    # Fix bootsnap issue if needed
+    fix_bootsnap_issue
+
+    # Try running the command
+    puts "Running: #{command}"
+    result = system(command)
+
+    # If it fails, check for asset configuration issues
+    unless result
+      puts "Command failed, checking for asset configuration issues..."
+
+      # Try to fix assets.rb if it exists
+      assets_initializer = "config/initializers/assets.rb"
+      if File.exist?(assets_initializer)
+        puts "Fixing assets configuration..."
+        # Comment out the entire file to prevent issues
+        content = File.read(assets_initializer)
+        fixed_content = "# Assets configuration disabled for testing\n# Original content:\n# #{content.gsub("\n",
+                                                                                                            "\n# ")}"
+        File.write(assets_initializer, fixed_content)
+
+        # Try the command again
+        puts "Retrying: #{command}"
+        result = system(command)
+      end
+    end
+
+    return result
+  end
+end
+
+# Helper to fix bootsnap issues and other dependencies in the Rails app
+def fix_bootsnap_issue
+  boot_rb_path = "config/boot.rb"
+  return unless File.exist?(boot_rb_path)
+
+  content = File.read(boot_rb_path)
+  return unless content.include?("bootsnap/setup") && !system("bundle list | grep bootsnap")
+
+  puts "Fixing bootsnap issue..."
+
+  # Option 1: Add bootsnap to Gemfile
+  unless File.read("Gemfile").include?("bootsnap")
+    puts "Adding bootsnap to Gemfile..."
+    File.open("Gemfile", "a") do |f|
+      f.puts "\n# Reduces boot times through caching; required in config/boot.rb"
+      f.puts "gem \"bootsnap\", require: false"
+    end
+    system("bundle install")
+  end
+
+  # Option 2 (fallback): Comment out bootsnap line in boot.rb
+  return if system("bundle list | grep bootsnap")
+
+  puts "Commenting out bootsnap in boot.rb..."
+  modified_content = content.gsub(
+    'require "bootsnap/setup"',
+    '# require "bootsnap/setup" # Commented out to avoid dependency issues'
+  )
+  File.write(boot_rb_path, modified_content)
+end
+
+# Helper to test loading the clavis gem
+def test_clavis_loading(rails_app_dir)
+  Dir.chdir(rails_app_dir) do
+    puts "Testing if the clavis gem can be loaded..."
+    test_code = "require 'clavis'; puts 'Clavis loaded successfully! Version: ' + Clavis::VERSION"
+    system("bundle exec ruby -e \"#{test_code}\"")
+  end
+end
+
+# Define an environment task for Rails-dependent tasks
+task :environment do
+  # This is a no-op task to satisfy dependencies
+  # Rails would normally provide this task
+end
+
+# Task to run Rails-dependent tests
+# rubocop:disable Metrics/BlockLength
+namespace :test do
+  desc "Run Rails controller tests"
+  task controllers: :environment do
+    ENV["RAILS_ENV"] = "test"
+    system("bundle exec rspec spec/clavis/controllers/*_spec.rb")
+  end
+
+  desc "Run Rails integration tests"
+  task integration: :environment do
+    ENV["RAILS_ENV"] = "test"
+    system("bundle exec rspec spec/integration/*_spec.rb")
+  end
+
+  desc "Run Rails generator tests"
+  task generators: :environment do
+    ENV["RAILS_ENV"] = "test"
+    system("bundle exec rspec spec/generators/**/*_generator_spec.rb")
+  end
+
+  desc "Run all Rails-dependent tests"
+  task rails: %i[controllers integration generators]
+
+  desc "Test the actual generator in the rails-app directory"
+  task real_generator: :bootstrap_rails_app do
+    puts "Testing basic functionality in rails-app..."
+    rails_app_dir = File.expand_path("rails-app", __dir__)
+
+    # The bootstrap task ensures the directory exists, so we can remove this check
+    # or keep it for extra safety
+    unless File.directory?(rails_app_dir)
+      puts "Error: rails-app directory not found"
+      exit 1
+    end
+
+    Dir.chdir(rails_app_dir) do
+      puts "Adding bcrypt"
+      unless system("bundle add bcrypt")
+        puts "Error: Failed to add bcrypt"
+        exit 1
+      end
+
+      puts "Adding clavis"
+      unless system("bundle add clavis")
+        puts "Error: Failed to add clavis"
+        exit 1
+      end
+
+      # Install dependencies
+      puts "Installing dependencies in rails-app..."
+      unless system("bundle install")
+        puts "Error: Failed to install dependencies in rails-app"
+        exit 1
+      end
+
+      # Test loading the gem
+      unless test_clavis_loading(rails_app_dir)
+        puts "Error: Failed to load the clavis gem in rails-app"
+        exit 1
+      end
+
+      # Run our clavis generator
+      puts "Running Clavis generator..."
+      unless safe_rails_command(rails_app_dir, "bin/rails generate clavis:install")
+        puts "Error: Failed to run Clavis generator"
+        exit 1
+      end
+
+      # Run migrations again after the generator
+      puts "Running migrations after generator..."
+      unless safe_rails_command(rails_app_dir, "bin/rails db:migrate RAILS_ENV=development") &&
+             safe_rails_command(rails_app_dir, "bin/rails db:migrate RAILS_ENV=test")
+        puts "Error: Failed to run migrations after generator"
+        exit 1
+      end
+
+      puts "Checking routes"
+      unless safe_rails_command(rails_app_dir, "bin/rails routes")
+        puts "Error: Failed to check routes"
+        exit 1
+      end
+
+      puts "Generator dependency test in rails-app passed successfully!"
+    end
+  end
+end
+# Task to run all tests
+desc "Run all tests including Rails controller tests and integration tests"
+task all_tests: [:spec, "test:rails", "test:real_generator"]
+
+# Helper to set up rails app authentication
+def setup_rails_authentication(rails_app_dir, gemfile_content)
+  Dir.chdir(rails_app_dir) do
+    # Add bcrypt first to ensure it's available for has_secure_password
+    unless gemfile_content.include?("gem \"bcrypt\"")
+      puts "Adding bcrypt to Gemfile..."
+      File.open("Gemfile", "a") do |f|
+        f.puts "\n# Use Active Model has_secure_password"
+        f.puts "gem \"bcrypt\", \"~> 3.1.7\""
+      end
+      puts "Installing bcrypt..."
+      system("bundle install")
+    end
+
+    # Use the Rails 8 built-in authentication generator
+    puts "Using Rails built-in authentication generator..."
+    system("bin/rails generate authentication")
+  end
+end
+
+# Task to bootstrap rails-app if it doesn't exist
+desc "Create a minimal Rails application for testing if rails-app doesn't exist"
+task :bootstrap_rails_app do
+  rails_app_dir = File.expand_path("rails-app", __dir__)
+
+  if File.directory?(rails_app_dir)
+    puts "Rails application already exists at #{rails_app_dir}"
+
+    # Even if it exists, make sure the database is migrated
+    puts "Ensuring database is migrated..."
+    safe_rails_command(rails_app_dir, "bin/rails db:migrate RAILS_ENV=development")
+    safe_rails_command(rails_app_dir, "bin/rails db:migrate RAILS_ENV=test")
+  else
+    puts "Creating Rails application at #{rails_app_dir}..."
+
+    # Check if Rails is installed
+    unless system("gem list rails -i")
+      puts "Installing Rails..."
+      system("gem install rails")
+    end
+
+    # Create a new Rails application with minimal sensible flags
+    system("rails new #{rails_app_dir} --skip-git")
+
+    # Add the clavis gem to the Gemfile
+    gemfile_path = File.join(rails_app_dir, "Gemfile")
+
+    # Read the current Gemfile
+    gemfile_content = File.read(gemfile_path)
+
+    # Add clavis with path to local directory
+    unless gemfile_content.include?("gem \"clavis\"")
+      puts "Adding clavis gem to Gemfile..."
+      gem_line = "gem \"clavis\", path: \"../.\""
+
+      # Append to Gemfile
+      File.open(gemfile_path, "a") do |f|
+        f.puts "\n# Add local Clavis gem for testing"
+        f.puts gem_line
+      end
+    end
+
+    Dir.chdir(rails_app_dir) do
+      puts "Installing dependencies..."
+      system("bundle install")
+
+      # Fix bootsnap issue
+      fix_bootsnap_issue
+
+      # Fix asset configuration if needed
+      assets_initializer = "config/initializers/assets.rb"
+      if File.exist?(assets_initializer)
+        puts "Checking assets configuration..."
+        assets_content = File.read(assets_initializer)
+        if assets_content.include?("Rails.application.config.assets") &&
+           !system("bin/rails runner 'Rails.application.config.respond_to?(:assets)'")
+          puts "Fixing assets configuration..."
+          fixed_content = assets_content.gsub(/Rails\.application\.config\.assets.*$/,
+                                              "# Assets configuration disabled for testing")
+          File.write(assets_initializer, fixed_content)
+        end
+      end
+    end
+
+    safe_rails_command(rails_app_dir, "bin/rails g model User name:string")
+
+    # Set up authentication
+    setup_rails_authentication(rails_app_dir, gemfile_content)
+
+    # Use safe_rails_command for migrations
+    safe_rails_command(rails_app_dir, "bin/rails db:migrate RAILS_ENV=development")
+    safe_rails_command(rails_app_dir, "bin/rails db:migrate RAILS_ENV=test")
+
+    puts "Rails application created successfully with authentication!"
+  end
+end
+# rubocop:enable Metrics/BlockLength
+# Tasks for the dummy Rails app
+namespace :dummy do
+  desc "Prepare the dummy Rails app for testing"
+  task prepare: :environment do
+    app_path = File.expand_path("spec/dummy", __dir__)
+
+    # Ensure the db directory exists
+    FileUtils.mkdir_p(File.join(app_path, "db"))
+
+    # Set up environment
+    ENV["RAILS_ENV"] = "test"
+
+    # Make sure we can load ActiveRecord
+    require "active_record"
+
+    # Configure ActiveRecord for in-memory SQLite
+    ActiveRecord::Base.establish_connection adapter: "sqlite3", database: ":memory:"
+
+    # Load the schema
+    ActiveRecord::Schema.verbose = false
+    load File.expand_path("spec/dummy/db/schema.rb", __dir__)
+
+    Rails.logger.debug "Dummy Rails app prepared successfully!"
+  end
+
+  desc "Run RSpec tests with the dummy Rails app"
+  task tests: :prepare do
+    ENV["RAILS_ENV"] = "test"
+    Rake::Task["spec"].invoke
+  end
+end
+
+# Task to cleanup the dummy Rails app
+task clean: :environment do
+  app_path = File.expand_path("spec/dummy", __dir__)
+  db_path = File.join(app_path, "db", "test.sqlite3")
+  FileUtils.rm_f(db_path)
+end
+
+begin
+  require "rubocop/rake_task"
+  RuboCop::RakeTask.new
+rescue LoadError
+  desc "Run RuboCop"
+  task rubocop: :environment do
+    abort "RuboCop is not available. Run 'bundle install' first."
+  end
+end
+
+begin
+  require "brakeman"
+  desc "Run Brakeman"
+  task brakeman: :environment do
+    Brakeman.run(app_path: ".")
+  end
+rescue LoadError
+  desc "Run Brakeman"
+  task brakeman: :environment do
+    abort "Brakeman is not available. Run 'bundle install' first."
+  end
+end
+
+desc "Run all CI checks"
+task ci: %i[rubocop all_tests brakeman]

data/UPGRADE.md

@@ -0,0 +1,57 @@
+# Clavis Upgrade Guide
+
+## Upgrading to 0.2.0 from 0.1.x
+
+Version 0.2.0 brings several important fixes and improvements to the Clavis gem, focusing on better documentation, improved compatibility with existing Rails applications, and bug fixes for various integration issues.
+
+### Key Changes
+
+1. **Module Alias Consistency**:
+   - The module `Clavis::Models::OauthAuthenticatable` is now properly aliased to `Clavis::Models::Concerns::OauthAuthenticatable`
+   - This means either reference can be used in your application code: `include Clavis::Models::OauthAuthenticatable` or `include Clavis::Models::Concerns::OauthAuthenticatable`
+
+2. **View Helper Integration**:
+   - Improved automatic inclusion of view helpers in Rails applications
+   - Fixed issues with helper availability in `ApplicationHelper`
+   - View helpers like `clavis_oauth_button` should now work out of the box
+
+3. **Installation Generator Improvements**:
+   - Updated the `clavis:install` generator to properly handle the creation of OAuth identity tables
+   - Fixed issues with duplicate migrations
+   - Added better support for integrating with existing User models
+
+4. **Documentation Updates**:
+   - Added comprehensive guide for integrating with existing authentication systems
+   - Corrected inconsistencies between code examples and actual implementations
+   - Updated installation and configuration guidance
+
+### Migration Steps
+
+**For most users, no changes are required**. The improvements in 0.2.0 are backward compatible.
+
+If you encountered any of the specific issues addressed in this release, upgrade to 0.2.0 and follow these steps:
+
+1. Update your Gemfile:
+   ```ruby
+   gem 'clavis', '~> 0.2.0'
+   ```
+
+2. Run bundle install:
+   ```bash
+   bundle install
+   ```
+
+3. If you've manually implemented workarounds for any of the fixed issues, you can now remove them.
+
+4. If you're integrating with an existing application, refer to the new integration guide at `/docs/integration.md` for detailed instructions.
+
+### New Documentation
+
+- `docs/integration.md` - Guide for integrating Clavis with existing authentication systems
+- Updated README with clearer instructions and example code
+- Improved error handling documentation
+
+### Known Issues
+
+- Rails 7.1+ and Ruby 3.4+ compatibility testing is ongoing
+- Full test suite coverage requires a Rails environment for some specs 

data/app/assets/stylesheets/clavis.css

@@ -0,0 +1,133 @@
+/* Clavis OAuth Button Styles */
+
+.clavis-oauth-button {
+  display: inline-flex;
+  align-items: center;
+  justify-content: center;
+  padding: 10px 16px;
+  border-radius: 4px;
+  font-size: 14px;
+  font-weight: 500;
+  text-decoration: none;
+  margin: 5px 0;
+  border: 1px solid rgba(0, 0, 0, 0.1);
+  transition: all 0.2s ease;
+  cursor: pointer;
+  min-width: 240px;
+  height: 40px;
+  box-sizing: border-box;
+}
+
+.clavis-oauth-button__icon, 
+.clavis-oauth-button span .clavis-icon {
+  width: 18px;
+  height: 18px;
+  margin-right: 10px;
+  fill: currentColor;
+}
+
+.clavis-oauth-button span {
+  line-height: 1;
+}
+
+/* Google - Following Google branding guidelines */
+.clavis-oauth-button--google {
+  background-color: white;
+  color: rgba(0, 0, 0, 0.54);
+  border: 1px solid #dadce0;
+  box-shadow: 0 1px 3px rgba(0, 0, 0, 0.08);
+  font-weight: 500;
+}
+
+.clavis-oauth-button--google:hover {
+  background-color: #f8f8f8;
+  box-shadow: 0 1px 3px rgba(0, 0, 0, 0.12);
+}
+
+.clavis-oauth-button--google:focus {
+  box-shadow: 0 0 0 3px rgba(66, 133, 244, 0.3);
+  outline: none;
+}
+
+.clavis-oauth-button--google .clavis-icon {
+  width: 18px;
+  height: 18px;
+}
+
+/* GitHub */
+.clavis-oauth-button--github {
+  background-color: #24292e;
+  color: white;
+}
+
+.clavis-oauth-button--github:hover {
+  background-color: #2c3238;
+  border-color: #24292e;
+}
+
+/* Apple - Following Apple's Sign in with Apple guidelines */
+.clavis-oauth-button--apple {
+  background-color: black;
+  color: white;
+  border-radius: 4px;
+}
+
+.clavis-oauth-button--apple:hover {
+  background-color: #333;
+}
+
+.clavis-oauth-button--apple .clavis-icon {
+  width: 16px;
+  height: 16px;
+}
+
+/* Facebook - Following Facebook branding guidelines */
+.clavis-oauth-button--facebook {
+  background-color: #1877F2;
+  color: white;
+  border: none;
+  font-weight: bold;
+}
+
+.clavis-oauth-button--facebook:hover {
+  background-color: #166fe5;
+  border-color: #166fe5;
+}
+
+/* Microsoft - Following Microsoft branding guidelines */
+.clavis-oauth-button--microsoft {
+  background-color: white;
+  color: #5e5e5e;
+  border: 1px solid #8c8c8c;
+}
+
+.clavis-oauth-button--microsoft:hover {
+  background-color: #f0f0f0;
+}
+
+.clavis-oauth-button--microsoft .clavis-icon {
+  width: 16px;
+  height: 16px;
+}
+
+/* Generic OAuth button */
+.clavis-oauth-button--oauth {
+  background-color: #f8f9fa;
+  color: #202124;
+  border: 1px solid #dadce0;
+}
+
+.clavis-oauth-button--oauth:hover {
+  background-color: #f1f3f4;
+}
+
+/* Error message */
+.clavis-error {
+  color: #721c24;
+  background-color: #f8d7da;
+  border: 1px solid #f5c6cb;
+  padding: 10px;
+  border-radius: 4px;
+  margin: 10px 0;
+  font-size: 14px;
+} 

data/app/controllers/clavis/auth_controller.rb

@@ -0,0 +1,133 @@
+# frozen_string_literal: true
+
+module Clavis
+  # AuthController directly inherits from ActionController::Base to avoid inheriting
+  # host application's authentication requirements or before_actions that could
+  # interfere with the OAuth flow
+  class AuthController < ::ActionController::Base
+    include Clavis::Controllers::Concerns::Authentication
+    include Clavis::Controllers::Concerns::SessionManagement
+
+    # Add basic controller setup
+    protect_from_forgery with: :exception
+
+    # Allow access to main_app routes
+    helper Rails.application.routes.url_helpers if defined?(Rails)
+
+    # Skip CSRF protection for OAuth callback endpoints since they come from external redirects
+    skip_before_action :verify_authenticity_token, only: [:callback]
+
+    def authorize
+      # Store the current URL for returning after authentication
+      store_location if request.get?
+
+      oauth_authorize
+    end
+
+    def callback
+      oauth_callback do |user, auth_hash|
+        # This is a default implementation that can be overridden
+        # by the application using the gem
+        if respond_to?(:clavis_authentication_success)
+          clavis_authentication_success(user, auth_hash)
+        else
+          # Use the SessionManagement method to sign in the user with secure cookies
+          sign_in_user(user)
+
+          # Get the redirect path
+          redirect_path = after_login_path
+
+          # Force redirect to root path if it's redirecting to auth path
+          if redirect_path.include?("/auth/")
+            redirect_path = defined?(main_app) && main_app.respond_to?(:root_path) ? main_app.root_path : "/"
+          end
+
+          redirect_to redirect_path, notice: "Successfully signed in with #{params[:provider].capitalize}"
+        end
+      end
+    rescue StandardError => e
+      Clavis::Logging.log_error(e)
+
+      if respond_to?(:clavis_authentication_failure)
+        clavis_authentication_failure(e)
+      else
+        # Default behavior: redirect to sign in page with error
+        flash[:alert] = case e
+                        when Clavis::AuthorizationDenied
+                          "Authentication was cancelled"
+                        when Clavis::InvalidState, Clavis::MissingState
+                          "Authentication session expired. Please try again."
+                        else
+                          "Authentication failed: #{e.message}"
+                        end
+
+        # Safe redirect to after_login_path
+        redirect_to after_login_path
+      end
+    end
+
+    private
+
+    def find_or_create_user_from_oauth(auth_hash)
+      user_class = Clavis.configuration.user_class.constantize
+      finder_method = Clavis.configuration.user_finder_method
+
+      if user_class.respond_to?(finder_method)
+        user_class.public_send(finder_method, auth_hash)
+      else
+        # If no suitable method is available, just return the auth hash
+        auth_hash
+      end
+    end
+
+    # Method to handle authentication requests with proper routing
+    def request_authentication
+      session[:return_to_after_authenticating] = request.url
+
+      # Only redirect to paths we control or to root_path
+      # This avoids assumptions about the host application's routes
+      redirect_to main_app.root_path, alert: "Authentication required. Please sign in to continue."
+    end
+
+    def after_authentication_url
+      return session.delete(:return_to_after_authenticating) if session[:return_to_after_authenticating].present?
+
+      # Try to get main_app's root_path, fall back to "/"
+      begin
+        main_app.respond_to?(:root_path) ? main_app.root_path : "/"
+      rescue StandardError
+        "/"
+      end
+    end
+
+    def safe_redirect(path = nil)
+      # Try default paths in order of preference
+      fallback_paths = [
+        -> { main_app.root_path if main_app.respond_to?(:root_path) },
+        -> { main_app.respond_to?(:login_path) ? main_app.login_path : nil },
+        -> { "/" } # Final fallback is always root
+      ]
+
+      # Use provided path or find first working fallback
+      target_path = path || fallback_paths.lazy.map(&:call).find(&:present?)
+
+      # Perform the redirect with exception handling
+      begin
+        redirect_to target_path
+      rescue StandardError => e
+        # Log the error and redirect to root as ultimate fallback
+        Clavis::Logging.log_error("Redirect error: #{e.message}. Falling back to '/'")
+        redirect_to "/"
+      end
+    end
+
+    # Override default_path to ensure we don't redirect back to auth paths
+    def default_path
+      if defined?(main_app) && main_app.respond_to?(:root_path)
+        main_app.root_path
+      else
+        "/"
+      end
+    end
+  end
+end

data/config/database.yml

@@ -0,0 +1,16 @@
+default: &default
+  adapter: sqlite3
+  pool: <%= ENV.fetch("RAILS_MAX_THREADS") { 5 } %>
+  timeout: 5000
+
+development:
+  <<: *default
+  database: db/development.sqlite3
+
+test:
+  <<: *default
+  database: ":memory:"
+
+production:
+  <<: *default
+  database: db/production.sqlite3