composable-pwdless 0.0.10

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 153458ce93f5cb89635ddaf1aed49e057ed65009fb2f78e0ab392ac08e59451a
+  data.tar.gz: 48e861394f7580d2107a7f4e2c26abd791783dbb4db469759ba233d5296fb18d
+SHA512:
+  metadata.gz: ee1f4c3fcdd955d8e542899bd34badb2331a62b2f3467556c4c9b4b7d328fda2eaf6c59b9c32d3c8a490419ae85ff8880e7a8255d5d6a3f6ebcdcb46666c6284
+  data.tar.gz: a21b4041e6b29c4f3474659cb6d6cfe3487b95b1f9e686962cd09a6347d08e7e9c5dad48f468e98580d7a3a771c6bc44a95ebcb702405de8c49c89ab126fed8f

data/CHANGELOG.md

@@ -0,0 +1,5 @@
+## [Unreleased]
+
+## [0.1.0] - 2022-12-01
+
+- Initial release

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2022 Jairo Vazquez
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,43 @@
+# Composable::Pwdless
+
+Welcome to your new gem! In this directory, you'll find the files you need to be able to package up your Ruby library into a gem. Put your Ruby code in the file `lib/composable/pwdless`. To experiment with that code, run `bin/console` for an interactive prompt.
+
+TODO: Delete this and the text above, and describe your gem
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'composable-pwdless'
+```
+
+And then execute:
+
+    $ bundle install
+
+Or install it yourself as:
+
+    $ gem install composable-pwdless
+
+## Usage
+
+TODO: Write usage instructions here
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake test` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and the created tag, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/composable-pwdless. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [code of conduct](https://github.com/[USERNAME]/composable-pwdless/blob/master/CODE_OF_CONDUCT.md).
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
+
+## Code of Conduct
+
+Everyone interacting in the Composable::Pwdless project's codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/[USERNAME]/composable-pwdless/blob/master/CODE_OF_CONDUCT.md).

data/app/controllers/composable/pwdless/auth_controller.rb

@@ -0,0 +1,86 @@
+module Composable
+  module Pwdless
+    class AuthController < BaseController
+      def new
+        @form = Form::Authentication.new
+      end
+
+      def create
+        @form = Form::Authentication.call(authentication_params)
+
+        if @form.success?
+          deliver_authentication(@form)
+          @form = @form.result
+          block_given? ? yield(@form) : render(:edit)
+        else
+          render :new, status: :unprocessable_entity
+        end
+      end
+
+      def update
+        @form = Form::Verification.call(verification_params)
+
+        if @form.success?
+          verification_succeeded @form.data
+        elsif @form.has_expired?
+          verification_expired @form
+        elsif @form.has_exceeded_attempts?
+          verification_exceeded_attempts @form
+        elsif @form.invalid_code?
+          render :edit, status: :unprocessable_entity
+        else
+          verification_failed @form
+        end
+      end
+
+      private
+
+      # Override with your own logic to deliver a code to the user.
+      def deliver_authentication(authentication)
+        Pwdless::Mailer.with(authentication: authentication).notification_email.deliver
+      end
+
+      # Override with your own logic to do something with the valid data. For
+      # example, you might setup the current user session here via:
+      #
+      # ```
+      # def verification_succeeded(email)
+      #   session[:user_id] = User.find_or_create_by(email: email)
+      #   redirect_to dashboard_url
+      # end
+      # ```
+      def verification_succeeded(email)
+        redirect_to root_url
+      end
+
+      # Override with your own logic to do something when verification fails.
+      def verification_failed(verification)
+        redirect_to root_url
+      end
+
+      # Override with logic for when verification attempts are exceeded. For
+      # example, you might want to tweak the flash message that's displayed
+      # or redirect them to a page other than the one where they'd re-verify.
+      def verification_exceeded_attempts(verification)
+        flash[:composable_pwdless] =  Pwdless.t(:attempts_exceeded, scope: "errors.messages")
+        redirect_to url_for(action: :new)
+      end
+
+      # Override with logic for when verification has expired. For
+      # example, you might want to tweak the flash message that's displayed
+      # or redirect them to a page other than the one where they'd re-verify.
+      def verification_expired(verification)
+        flash[:composable_pwdless] =  Pwdless.t(:expired, scope: "errors.messages")
+        redirect_to url_for(action: :new)
+      end
+
+      def verification_params
+        params.require(:composable_pwdless).permit(:code, :salt, :data)
+      end
+
+      def authentication_params
+        params.require(:composable_pwdless).permit(:email)
+      end
+    end
+  end
+end

data/app/controllers/composable/pwdless/base_controller.rb

@@ -0,0 +1,10 @@
+module Composable
+  module Pwdless
+    class BaseController < Pwdless.parent_controller.constantize
+      # Find the resource name from the request
+      def resource_name
+        @resource_name ||= request.env["composable_pwdless_resource"]
+      end
+    end
+  end
+end

data/app/mailers/composable/pwdless/mailer.rb

@@ -0,0 +1,48 @@
+module Composable
+  module Pwdless
+    class Mailer < Pwdless.parent_mailer.constantize
+      def notification_email
+        @authentication = params[:authentication]
+        @code           = @authentication.code
+
+        mail headers_for(:notification_email, to: @authentication.email)
+      end
+
+      private
+
+      def headers_for(action, options)
+        @headers ||= {
+          subject:  subject_for(action),
+          from:     mailer_sender,
+          reply_to: mailer_reply_to,
+          template_path: Pwdless.mailer_template_path,
+          template_name: action
+        }.merge(options)
+      end
+
+      def mailer_reply_to
+        mailer_sender(:reply_to)
+      end
+
+      def mailer_from
+        mailer_sender(:from)
+      end
+
+      def mailer_sender(sender = :from)
+        default_sender = default_params[sender]
+
+        if default_sender.present?
+          default_sender.respond_to?(:to_proc) ? instance_eval(&default_sender) : default_sender
+        elsif Pwdless.mailer_sender.is_a?(Proc)
+          Pwdless.mailer_sender.call
+        else
+          Pwdless.mailer_sender
+        end
+      end
+
+      def subject_for(key)
+        Pwdless.t(:subject, scope: "mailer.#{key}", code: @code)
+      end
+    end
+  end
+end

data/app/models/composable/pwdless/secret.rb

@@ -0,0 +1,116 @@
+module Composable
+  module Pwdless
+    class Secret < ApplicationRecord
+      self.table_name = "composable_pwdless_secrets"
+
+      # Initialize new models with all the stuff needed to encrypt and store the data.
+      after_initialize :assign_defaults, unless: :persisted?
+
+      before_validation :assign_digests, on: :create
+      validates :data_digest, presence: true
+      validates :code_digest, presence: true
+
+      # This is used to derive the `data_digest`, which finds the secret.
+      attr_accessor :salt
+      validates :salt, presence: true
+
+      validates :expires_at, presence: true
+      validate :expiration
+
+      validates :remaining_attempts, presence: true,
+                                     numericality: {
+                                       only_integer: true,
+                                       greater_than: 0
+                                     }
+
+      attr_reader :code
+      validate :code_authenticity
+      # Ensure the code is a non-empty string. The nil will
+      # trigger validations and blow up the downstream Encryptor.
+      def code=(code)
+        @code = code.to_s if code.present?
+      end
+
+      attr_accessor :data
+      validates :data, presence: true
+      validate :data_tampering, on: :update
+
+      def has_expired?
+        Time.current > expires_at
+      end
+
+      def has_exceeded_attempts?
+        remaining_attempts.zero?
+      end
+
+      def has_tampered_data?
+        self.data_digest != digest_data if persisted?
+      end
+
+      def has_authentic_code?
+        self.code_digest == digest_code
+      end
+
+      def decrement_remaining_attempts!
+        decrement!(:remaining_attempts)
+      end
+
+      def self.find_by_digest(salt:, data:)
+        return if salt.nil? || data.nil?
+
+        find_by(data_digest: digest_data(salt: salt, data: data)).tap do |secret|
+          if secret
+            secret.salt = salt
+            secret.data = data
+          end
+        end
+      end
+
+      def self.digest_data(salt:, data:)
+        return if salt.nil? || data.nil?
+
+        Digest::SHA256.hexdigest(salt + data)
+      end
+
+      def self.digest_code(data_digest:, code:)
+        return if code.nil? || data_digest.nil?
+
+        Digest::SHA256.hexdigest(data_digest + code)
+      end
+
+      private
+
+      def assign_defaults
+        self.salt = SecureRandom.urlsafe_base64(ActiveSupport::MessageEncryptor.key_len)
+        self.code ||= SecureRandom.send(:choose, Pwdless.code_charset, Pwdless.code_length)
+        self.expires_at ||= Pwdless.expires_in.from_now
+        self.remaining_attempts ||= Pwdless.maximum_attempts
+      end
+
+      def assign_digests
+        self.data_digest = digest_data
+        self.code_digest = digest_code
+      end
+
+      def digest_data
+        self.class.digest_data(salt: salt, data: data)
+      end
+
+      def digest_code
+        self.class.digest_code(data_digest: data_digest, code: code)
+      end
+
+      def expiration
+        errors.add(:expires_at, "has been exceeded") if has_expired?
+      end
+
+      def data_tampering
+        errors.add(:data, "has been tampered") if has_tampered_data?
+      end
+
+      def code_authenticity
+        errors.add(:code, :invalid) unless has_authentic_code?
+      end
+    end
+  end
+end

data/app/services/composable/pwdless/form/authentication.rb

@@ -0,0 +1,27 @@
+require "uri"
+
+module Composable
+  module Pwdless
+    module Form
+      class Authentication < Composable::Form::Command
+        attribute :email
+        validates :email, presence: true
+        validates :email, format: { with: URI::MailTo::EMAIL_REGEXP }, if: :email?
+
+        def save
+          # We don't want the code in the verification, otherwise the user will
+          # set it on the subsequent request, which would undermine the whole thing.
+          Form::Verification.new(salt: salt, data: email)
+        end
+
+        private
+
+        delegate :code, :salt, to: :secret
+
+        def secret
+          @secret ||= Pwdless::Secret.create!(data: email)
+        end
+      end
+    end
+  end
+end

data/app/services/composable/pwdless/form/verification.rb

@@ -0,0 +1,33 @@
+module Composable
+  module Pwdless
+    module Form
+      class Verification < Composable::Form::Command
+        attribute :salt, :data, :code
+        validates :data, :code, presence: true
+        validates :secret, presence: true, if: -> { data? && code? }
+
+        after_save { secret.decrement_remaining_attempts! }
+
+        def save
+          errors.add(:code, :invalid) unless secret.valid?
+        end
+
+        def invalid_code?
+          !code? || errors.added?(:code, :invalid)
+        end
+
+        private
+
+        delegate :has_expired?, :has_exceeded_attempts?, to: :secret, allow_nil: true
+
+        def secret
+          return @secret if defined?(@secret)
+
+          @secret = Pwdless::Secret.find_by_digest(salt: salt, data: data).tap do |secret|
+            secret.code = code if secret
+          end
+        end
+      end
+    end
+  end
+end

data/app/views/composable/pwdless/auth/edit.html.erb

@@ -0,0 +1,24 @@
+<h1>Verify login code</h1>
+
+<p>Look for a 6 digit code in the inbox or spam folder.</p>
+
+<%= form_for @form, as: :composable_pwdless, url: url_for(action: :update), data: { turbo: false }, method: :put do |f| %>
+  <%= f.hidden_field :salt %>
+  <%= f.hidden_field :data %>
+  <%= f.label :code %>
+  <%= f.text_field :code, autofocus: true %>
+  <%= f.submit "Continue" %>
+<% end %>
+
+<% if @form.errors.any? %>
+  <p><%= @form.errors.full_messages.to_sentence %></p>
+<% end %>
+
+<p>
+  Launch
+  <%= link_to "Gmail", "https://gmail.com/", target: "_blank" %>
+  |
+  <%= link_to "Outlook", "https://outlook.live.com/", target: "_blank" %>
+  |
+  <%= link_to "Yahoo Mail", "https://mail.yahoo.com/", target: "_blank" %>
+</p>

data/app/views/composable/pwdless/auth/new.html.erb

@@ -0,0 +1,18 @@
+<h1>Get a login code</h1>
+
+<% if (message = flash[:composable_pwdless]) %>
+<div><%= message %></div>
+  <p>Enter an email address to request a new login code and try again.</p>
+<% else %>
+  <p>We'll email you a login code so we can securely get you to your account</p>
+<% end %>
+
+<%= form_for @form, as: :composable_pwdless, url: url_for(action: :create), data: { turbo: false } do |f| %>
+  <%= f.label :email %>
+  <%= f.email_field :email, autofocus: true %>
+  <%= f.submit "Continue" %>
+<% end %>
+
+<% if @form.errors.any? %>
+  <p><%= @form.errors.full_messages.to_sentence %></p>
+<% end %>

data/app/views/composable/pwdless/mailer/notification_email.html.erb

@@ -0,0 +1,5 @@
+<h1>Verify your email address</h1>
+
+<p>Enter the code below into your open browser window to verify your email address.</p>
+
+<code style="font-size: 3em; background-color: rgba(0.5, 0.5, 0.5, 0.05); padding: 1em 2em; text-align: center; font-family: monospace; font-weight: bold; display: inline-block; border-radius: 0.25em;"><%= @authentication.code %></code>

data/app/views/composable/pwdless/mailer/notification_email.html.txt

@@ -0,0 +1,3 @@
+Enter the code below into your open browser window to verify your email address.
+
+<%= @authentication.code %>

data/config/locales/en.yml

@@ -0,0 +1,9 @@
+en:
+  composable_pwdless:
+    mailer:
+      notification_email:
+        default_subject: "Verification code: %{code}"
+    errors:
+      messages:
+        default_expired: "The code has expired"
+        default_attempts_exceeded: "The number of times the code can be tried has been exceeded."

data/db/migrate/db/migrate/20221211203235_create_composable_pwdless_secrets.rb

@@ -0,0 +1,13 @@
+class CreateComposablePwdlessSecrets < ActiveRecord::Migration[7.0]
+  def change
+    create_table :composable_pwdless_secrets do |t|
+      t.string :data_digest, null: false, index: { unique: true }
+      t.string :code_digest, null: false
+
+      t.datetime :expires_at, null: false
+      t.integer :remaining_attempts, null: false, unsigned: true
+
+      t.timestamps
+    end
+  end
+end

data/lib/composable/pwdless/engine.rb

@@ -0,0 +1,13 @@
+module Composable
+  module Pwdless
+    class Engine < ::Rails::Engine
+      isolate_namespace Composable::Pwdless
+
+      config.to_prepare do
+        require "composable/pwdless/router_helpers"
+
+        ActionDispatch::Routing::Mapper.include RouterHelpers
+      end
+    end
+  end
+end

data/lib/composable/pwdless/gem_version.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+module Composable
+  module Pwdless
+    # Returns the currently-loaded version of Composable::Form as a <tt>Gem::Version</tt>.
+    def self.gem_version
+      Gem::Version.new VERSION::STRING
+    end
+
+    module VERSION
+      MAJOR = 0
+      MINOR = 0
+      TINY  = 10
+      PRE   = nil
+
+      STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
+    end
+  end
+end

data/lib/composable/pwdless/router_helpers.rb

@@ -0,0 +1,19 @@
+module Composable
+  module Pwdless
+    module RouterHelpers
+      def composable_pwdless_for(resource, controller: nil, as: nil)
+        as         ||= resource.to_s
+        controller ||= "/composable/pwdless/auth"
+
+        constraints(->(req) { (req.env["composable_pwdless_resource"] = resource.to_s).present? }) do
+          scope resource.to_s, as: as do
+            get   "/sign_in",  to: "#{controller}#new", as: :sign_in
+            post  "/sign_in",  to: "#{controller}#create"
+            put   "/sign_in",  to: "#{controller}#update"
+            match "/sign_out", to: "#{controller}#destroy", via: :delete, as: :sign_out
+          end
+        end
+      end
+    end
+  end
+end

data/lib/composable/pwdless/version.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+module Composable
+  module Pwdless
+    VERSION = "0.1.0"
+  end
+end

data/lib/composable/pwdless.rb

@@ -0,0 +1,60 @@
+# frozen_string_literal: true
+
+require "composable/core"
+require_relative "pwdless/version"
+require "composable/pwdless/engine"
+
+module Composable
+  module Pwdless
+    class Error < StandardError; end
+    # Your code goes here...
+
+    # The parent controller all Composable::Pwdless controllers inherits from.
+    # Defaults to ApplicationController. This should be set early
+    # in the initialization process and should be set to a string.
+    mattr_accessor :parent_controller
+    @@parent_controller = "ApplicationController"
+
+    # Maximum number of times that a verification can be attempted.
+    mattr_accessor :maximum_attempts
+    @@maximum_attempts = 3
+
+    # How long a verification code is valid for.
+    mattr_accessor :expires_in
+    @@expires_in = 5.minutes
+
+    # The number of digits in the verification code.
+    mattr_accessor :code_length
+    @@code_length = 6
+
+    # The chartset used to generate the verification code.
+    mattr_accessor :code_charset
+    @@code_charset = [*'0'..'9'].freeze
+
+    # The parent mailer all Composable::Pwdless mailer inherit from.
+    # Defaults to ActionMailer::Base. This should be set early
+    # in the initialization process and should be set to a string.
+    mattr_accessor :parent_mailer
+    @@parent_mailer = "ActionMailer::Base"
+
+    # Address which sends Composable::Pwdless e-mails.
+    mattr_accessor :mailer_sender
+    @@mailer_sender = nil
+
+    # The path to the templates used by Composable::Pwdless mailer.
+    mattr_accessor :mailer_template_path
+    @@mailer_template_path = "composable/pwdless/mailer"
+
+    # Default way to set up Composable::Pwdless.
+    def self.setup
+      yield self
+    end
+
+    def self.t(key, scope:, **options)
+      options[:scope]   = [:composable_pwdless, scope]
+      options[:default] = :"default_#{key}"
+
+      I18n.t(key, **options)
+    end
+  end
+end

metadata

@@ -0,0 +1,80 @@
+--- !ruby/object:Gem::Specification
+name: composable-pwdless
+version: !ruby/object:Gem::Version
+  version: 0.0.10
+platform: ruby
+authors:
+- Jairo Vazquez
+autorequire:
+bindir: exe
+cert_chain: []
+date: 2022-12-16 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: composable-core
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.0.10
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.0.10
+description: Authentication composable objects to perform passwordless authentication
+email:
+- jairovm20@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- CHANGELOG.md
+- LICENSE.txt
+- README.md
+- app/controllers/composable/pwdless/auth_controller.rb
+- app/controllers/composable/pwdless/base_controller.rb
+- app/mailers/composable/pwdless/mailer.rb
+- app/models/composable/pwdless/secret.rb
+- app/services/composable/pwdless/form/authentication.rb
+- app/services/composable/pwdless/form/verification.rb
+- app/views/composable/pwdless/auth/edit.html.erb
+- app/views/composable/pwdless/auth/new.html.erb
+- app/views/composable/pwdless/mailer/notification_email.html.erb
+- app/views/composable/pwdless/mailer/notification_email.html.txt
+- config/locales/en.yml
+- db/migrate/db/migrate/20221211203235_create_composable_pwdless_secrets.rb
+- lib/composable/pwdless.rb
+- lib/composable/pwdless/engine.rb
+- lib/composable/pwdless/gem_version.rb
+- lib/composable/pwdless/router_helpers.rb
+- lib/composable/pwdless/version.rb
+homepage: https://github.com/jairovm/composables
+licenses:
+- MIT
+metadata:
+  homepage_uri: https://github.com/jairovm/composables
+  source_code_uri: https://github.com/jairovm/composables/tree/main/composable-pwdless
+  changelog_uri: https://github.com/jairovm/composables/tree/main/composable-pwdless/CHANGELOG.md
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.7.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.3.7
+signing_key:
+specification_version: 4
+summary: Authentication Composable Objects
+test_files: []