cow_auth 0.2.0 → 0.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: c476f86eb5beb51e9d81ea1231eadc99342b2154
-  data.tar.gz: ff572095c33410d3dd61a6df889e082f104c7083
+  metadata.gz: 2ef0a48dce112adc6dfba038831d871c13a577f6
+  data.tar.gz: 607ad6d1172eaba966ef85410cb706a5afc6b2e7
 SHA512:
-  metadata.gz: 7775f24a1b6af4004d0ce7ea14aaf17c45ed1be2f569d7ffddcc604a0bda176934574ce8a3399e270b5ef846d5bde13e7b247e934503dcb322db56ea16b5014f
-  data.tar.gz: e497095730f0964547c3d1cb339250e5273270ef0bb8c3c2a90acd5db819cb8df5d08a008b0886fc2d898c82edf608d35cae9e4d0cbb3d9d16cd55ffd8bc8f0d
+  metadata.gz: 0f2e1bb17673d7c0cd102e00132054d59c73fa8e8381d67b1646f0a3ac9911c71be4baa35f9c82ef78c2a49f3293795360fac91698917ad6c1faf16da370ff8f
+  data.tar.gz: c8886526b41df9a13cf605eb2d53fae28288505a50393f209bc97eb020cdfffbcec76d12da7cfc5b64adf578effdd89e476ca652091f7f5a970b38eecb10562b

data/README.md

@@ -1,7 +1,5 @@
 # CowAuth
 
-WARNING: This gem is in early development, which means you probably shouldn't use it yet for critical applications.
-
 The main goal of this gem is to provide API authentication for Rails (or Rails-like) web applications.
 
 ## Installation
@@ -20,38 +18,139 @@ Or install it yourself as:
 
     $ gem install cow_auth
 
-## Usage
-
-TODO: Write usage instructions here
+## Model
 
 Example Rails model generator command:
 
     $ bundle exec rails generate model user email:string sid:string encrypted_password:string first_name:string last_name:string sign_in_count:integer
 
-    # Modified migration; includes indexes.
+    # Modified migration; includes indexes and other stuff you might not want.
     class CreateUsers < ActiveRecord::Migration[5.0]
       def change
         create_table :users do |t|
+          t.string :uuid, null: false
           t.string :email, null: false
           t.string :sid, null: false
-          t.string :encrypted_password
+          t.string :encrypted_password, null: false
           t.string :first_name
           t.string :last_name
-          t.integer :sign_in_count
+          t.integer :sign_in_count, default: 0, null: false
+          t.boolean :is_approved, default: false, null: false
+          t.boolean :is_deleted, default: false, null: false
           t.timestamps
         end
+        add_index :users, :uuid, unique: true
         add_index :users, :email, unique: true
         add_index :users, :sid, unique: true
       end
     end
 
+### Create User
+
+    User.create! email: 'email', password: 'password'
+
+## Session Authentication
+
+### Sign In View Example
+
+    <%= form_tag '/sessions' do %>
+      <%= label_tag(:email) %><br>
+      <%= text_field_tag(:email) %><br>
+      <%= label_tag(:password) %><br>
+      <%= password_field_tag(:password) %><br>
+      <%= submit_tag('Sign In') %>
+    <% end %>
+
+### Routes Example
+
+    get 'sessions/new' => 'sessions#new'
+    post 'sessions' => 'sessions#create'
+    delete 'sessions' => 'sessions#destroy'
+
+### Controllers
+
+Add the following lines in the controller(s) that you want to enforce authentication for.
+
+    include CowAuth::SessionAuth::AuthenticateRequest
+    before_action :authenticate_user
+
+### Application Controller Example
+
+    class ApplicationController < ActionController::Base
+      include CowAuth::SessionAuth::AuthenticateRequest
+
+      protect_from_forgery with: :exception
+
+      before_action :authenticate_user
+
+      rescue_from CowAuth::NotAuthenticatedError, with: :user_not_authenticated
+
+    private
+
+      def user_not_authenticated(exception)
+        flash[:notice] = exception.message
+        render sessions_new_path
+      end
+    end
+
+### Sessions Controller Example
+
+    class SessionsController < ApplicationController
+      include CowAuth::SessionAuth::SessionEndpoints
+
+      skip_before_action :authenticate_user, only: [:new, :create]
+
+      def sign_in_success_path
+        flash[:notice] = 'Successfully signed in.'
+        return home_path
+      end
+
+      def sign_out_success_path
+        return sessions_new_path
+      end
+    end
+
+## Token Authentication
+
+### Authenticated Request
+
+Note that token and sid are both required.
+
+Example GET:
+
+    curl -X GET http://api.local.dev:3000/v1/test -i -H "Authorization: Token token=b5503c9b85b881f8b3ddbd82f511912c,sid=C3281846f3976809796f91cf6bbb35c53"
+
 ### Controllers
 
-Add the following lines in the controller(s) that you want to enforce authenticatication for.
+Add the following lines in the controller(s) that you want to enforce authentication for.
 
-    include CowAuth::Authentication
+    include CowAuth::TokenAuth::AuthenticateRequest
     before_action :authenticate_user
 
+### Application Controller Example
+
+    class ApplicationController < ActionController::API
+      include CowAuth::TokenAuth::AuthenticateRequest
+
+      before_action :authenticate_user
+
+      rescue_from CowAuth::NotAuthenticatedError, with: :user_not_authenticated
+
+    private
+
+      def user_not_authenticated(exception)
+        @message = exception.message
+        render 'errors/unauthorized', status: :unauthorized
+      end
+    end
+
+### Sessions Controller Example
+
+    class Api::V1::SessionsController < ApplicationController
+      include CowAuth::TokenAuth::SessionEndpoints
+
+      skip_before_action :authenticate_user, only: [:create]
+    end
 
 ## Development
 
@@ -70,4 +169,3 @@ Bug reports and pull requests are welcome on GitHub at https://github.com/mickey
 ## License
 
 The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).
-

data/lib/cow_auth.rb

@@ -1,13 +1,14 @@
 require 'cow_auth/version'
 require 'cow_auth/user'
-require 'cow_auth/session'
-require 'cow_auth/authentication'
 require 'cow_auth/not_authenticated_error'
+require 'cow_auth/session_auth/session_endpoints'
+require 'cow_auth/session_auth/authenticate_request'
+require 'cow_auth/token_auth/session_endpoints'
+require 'cow_auth/token_auth/authenticate_request'
 
 module CowAuth
   def self.moo
-    user = CowAuth::User.new
-    puts user
-    return user
+    puts 'Moo Cow: ' + CowAuth::VERSION
+    return CowAuth::User.new
   end
 end

data/lib/cow_auth/session_auth/authenticate_request.rb

@@ -0,0 +1,17 @@
+require 'cow_auth/not_authenticated_error'
+
+module CowAuth
+  module SessionAuth
+    module AuthenticateRequest
+      extend ActiveSupport::Concern
+
+    private
+
+      def authenticate_user
+        @current_user = User.find_by(uuid: session[:current_user])
+        raise CowAuth::NotAuthenticatedError.new('User not authenticated.') if @current_user.blank?
+        return true
+      end
+    end
+  end
+end

data/lib/cow_auth/session_auth/session_endpoints.rb

@@ -0,0 +1,32 @@
+require 'cow_auth/not_authenticated_error'
+
+module CowAuth
+  module SessionAuth
+    module SessionEndpoints
+      extend ActiveSupport::Concern
+
+      def new
+      end
+
+      def create
+        user = User.find_by(email: params[:email])
+        if user.try(:authenticate, params[:password])
+          session[:current_user] = user.uuid
+          redirect_to sign_in_success_path
+        else
+          session[:current_user] = nil
+          raise CowAuth::NotAuthenticatedError.new('Invalid user credentials.')
+        end
+      end
+
+      def destroy
+        if @current_user.present?
+          session[:current_user] = nil
+          redirect_to sign_out_success_path
+        else
+          raise CowAuth::StandardError.new('Could not sign user out.')
+        end
+      end
+    end
+  end
+end

data/lib/cow_auth/token_auth/authenticate_request.rb

@@ -0,0 +1,20 @@
+require 'cow_auth/not_authenticated_error'
+
+module CowAuth
+  module TokenAuth
+    module AuthenticateRequest
+      extend ActiveSupport::Concern
+      include ActionController::HttpAuthentication::Token::ControllerMethods
+
+    private
+
+      def authenticate_user
+        authenticate_or_request_with_http_token do |token, options|
+          @current_user = User.authenticate_from_token(options[:sid], token)
+          raise CowAuth::NotAuthenticatedError.new('User not authenticated.') if @current_user.blank?
+          return true
+        end
+      end
+    end
+  end
+end

data/lib/cow_auth/token_auth/session_endpoints.rb

@@ -0,0 +1,26 @@
+require 'cow_auth/not_authenticated_error'
+
+module CowAuth
+  module TokenAuth
+    module SessionEndpoints
+      extend ActiveSupport::Concern
+
+      def create
+        @user = User.find_by(email: params[:email])
+        if @user.try(:authenticate, params[:password])
+          @user.api_sign_in
+        else
+          raise CowAuth::NotAuthenticatedError.new('Invalid user credentials.')
+        end
+      end
+
+      def destroy
+        if @current_user.try(:api_sign_out)
+          head :ok
+        else
+          raise CowAuth::NotAuthenticatedError.new('Could not sign user out.')
+        end
+      end
+    end
+  end
+end

data/lib/cow_auth/user.rb

@@ -30,7 +30,7 @@ module CowAuth
 
     def api_sign_in
       $redis.set(self.redis_key, {
-        auth_token: User.generate_random_hex_string,
+        auth_token: User.generate_auth_token,
         expires_at: User.generate_token_expires_at
       }.to_json)
     end
@@ -64,8 +64,8 @@ module CowAuth
       return true
     end
 
-    def self.generate_random_hex_string
-      return SecureRandom.hex(16)
+    def self.generate_auth_token
+      return SecureRandom.hex(32)
     end
 
     def self.generate_token_expires_at

data/lib/cow_auth/version.rb

@@ -1,3 +1,3 @@
 module CowAuth
-  VERSION = '0.2.0'
+  VERSION = '0.3.0'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: cow_auth
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.3.0
 platform: ruby
 authors:
 - Mickey Cowden
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2016-04-19 00:00:00.000000000 Z
+date: 2016-07-31 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -84,9 +84,11 @@ files:
 - bin/setup
 - cow_auth.gemspec
 - lib/cow_auth.rb
-- lib/cow_auth/authentication.rb
 - lib/cow_auth/not_authenticated_error.rb
-- lib/cow_auth/session.rb
+- lib/cow_auth/session_auth/authenticate_request.rb
+- lib/cow_auth/session_auth/session_endpoints.rb
+- lib/cow_auth/token_auth/authenticate_request.rb
+- lib/cow_auth/token_auth/session_endpoints.rb
 - lib/cow_auth/user.rb
 - lib/cow_auth/version.rb
 homepage: https://github.com/mickey13/cow_auth
@@ -109,7 +111,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.6.2
+rubygems_version: 2.6.6
 signing_key: 
 specification_version: 4
 summary: Summary

data/lib/cow_auth/authentication.rb

@@ -1,34 +0,0 @@
-require 'cow_auth/not_authenticated_error'
-
-module CowAuth
-  module Authentication
-    extend ActiveSupport::Concern
-    include ActionController::HttpAuthentication::Token::ControllerMethods
-
-  private
-
-    def authenticate_user
-      authenticate_or_request_with_http_token do |token, options|
-        puts options
-
-        # sid, auth_token = api_key.match(/sid=([[:alnum:]]*)&auth_token=([[:alnum:]]*)/).try(:captures)
-        @current_user = User.authenticate_from_token(options[:sid], token)
-        raise CowAuth::NotAuthenticatedError.new('User not authenticated.') if @current_user.blank?
-        return true
-      end
-    end
-
-    # def authenticate_user
-    #   authenticate_or_request_with_http_token do |api_key, options|
-    #     sid, auth_token = api_key.match(/sid=([[:alnum:]]*)&auth_token=([[:alnum:]]*)/).try(:captures)
-    #     @current_user = User.authenticate_from_token(sid, auth_token)
-    #     raise CowAuth::NotAuthenticatedError.new('User not authenticated.') if @current_user.blank?
-    #     return true
-    #   end
-    # end
-  end
-end
-
-# curl -X GET http://api.local.dev:3000/v1/test -i -H "Authorization: Token token=sid=C3281845f3976809796f91cf6bbb35c53&auth_token=b5503c9b85b881f8b3ddbd82f511912c"
-
-# curl -X GET http://api.local.dev:3000/v1/test -i -H "Authorization: Token token=b5503c9b85b881f8b3ddbd82f511912c,sid=C3281845f3976809796f91cf6bbb35c53"

data/lib/cow_auth/session.rb

@@ -1,24 +0,0 @@
-require 'cow_auth/not_authenticated_error'
-
-module CowAuth
-  module Session
-    extend ActiveSupport::Concern
-
-    def create
-      @user = User.find_by(email: params[:email])
-      if @user.try(:authenticate, params[:password])
-        @user.api_sign_in
-      else
-        raise CowAuth::NotAuthenticatedError.new('Invalid user credentials.')
-      end
-    end
-
-    def destroy
-      if @current_user.try(:api_sign_out)
-        head :ok
-      else
-        raise CowAuth::NotAuthenticatedError.new('Could not sign user out.')
-      end
-    end
-  end
-end