credible 0.6.0 → 0.8.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +2 -2
- data/app/controllers/credible/authentication/sessions_controller.rb +8 -5
- data/app/controllers/credible/authentication/users_controller.rb +10 -9
- data/app/controllers/credible/authentication_controller.rb +0 -12
- data/app/views/credible/authentication/users/_user.json.jbuilder +1 -1
- data/app/views/credible/confirmation_mailer/confirmation_email.html.haml +1 -1
- data/app/views/credible/confirmation_mailer/confirmation_email.text.haml +1 -1
- data/lib/credible/{application_controller.rb → controller_concern.rb} +1 -18
- data/lib/credible/version.rb +1 -1
- data/lib/credible.rb +1 -1
- metadata +3 -21
- data/app/policies/credible/application_policy.rb +0 -61
- data/app/policies/credible/authentication/session_policy.rb +0 -9
- data/app/policies/credible/authentication/user_policy.rb +0 -17
- data/app/policies/credible/authentication_policy.rb +0 -16
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 61357e14d2d15acb05c8382cddc3d46da9cad63d3f64a1a30ea51855cd99111d
|
4
|
+
data.tar.gz: d785759b5a2a64fbdb99e747afef80af236417aa86885b63186980edd2045219
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: caf407bff7ada8ade260aa0617cebc191bf5cd132d5962aeaba2e51770d5135ad36b5a04727852eb85c00689bea3523ba132e761f18d97b3804d349b5e717838
|
7
|
+
data.tar.gz: b3e114d34cddacee014020349326a2a42ac2ef22cf374b585f6de199180e1fdac455cf7684e7202b3d94f5f2b18aff92e59b0b9788763eb4e59682b0cc4b4c4b
|
data/README.md
CHANGED
@@ -35,11 +35,11 @@ Rails.application.routes.draw do
|
|
35
35
|
end
|
36
36
|
```
|
37
37
|
|
38
|
-
And in your Application Controller, inherit from `Credible::
|
38
|
+
And in your Application Controller, inherit from `Credible::ControllerConcern`:
|
39
39
|
|
40
40
|
```ruby
|
41
41
|
class ApplicationController < ActionController::Base
|
42
|
-
include Credible::
|
42
|
+
include Credible::ControllerConcern
|
43
43
|
end
|
44
44
|
```
|
45
45
|
|
@@ -2,7 +2,9 @@ class Credible::Authentication::SessionsController < Credible::AuthenticationCon
|
|
2
2
|
before_action :set_session, only: [:show, :destroy]
|
3
3
|
|
4
4
|
skip_before_action :authenticate!, only: [:new, :create, :fail]
|
5
|
-
|
5
|
+
|
6
|
+
# skip_after_action :verify_authorized, only: [:fail]
|
7
|
+
# TODO: Reevaluate authorization without Pundit
|
6
8
|
|
7
9
|
# GET /sessions
|
8
10
|
# GET /sessions.json
|
@@ -17,14 +19,12 @@ class Credible::Authentication::SessionsController < Credible::AuthenticationCon
|
|
17
19
|
# GET /sessions/new
|
18
20
|
def new
|
19
21
|
@session = ::Session.new
|
20
|
-
authorize @session
|
21
22
|
end
|
22
23
|
|
23
24
|
# POST /sessions
|
24
25
|
# POST /sessions.json
|
25
26
|
def create
|
26
|
-
@session = ::Session.authenticate(
|
27
|
-
authorize @session
|
27
|
+
@session = ::Session.authenticate(session_params)
|
28
28
|
|
29
29
|
if @session.save
|
30
30
|
render :show, status: :created, location: @session
|
@@ -51,6 +51,9 @@ class Credible::Authentication::SessionsController < Credible::AuthenticationCon
|
|
51
51
|
# Use callbacks to share common setup or constraints between actions.
|
52
52
|
def set_session
|
53
53
|
@session = current_session
|
54
|
-
|
54
|
+
end
|
55
|
+
|
56
|
+
def session_params
|
57
|
+
params.require(:session).permit(:login, :password)
|
55
58
|
end
|
56
59
|
end
|
@@ -3,6 +3,8 @@ class Credible::Authentication::UsersController < Credible::AuthenticationContro
|
|
3
3
|
|
4
4
|
skip_before_action :authenticate!, only: [:new, :create, :confirm]
|
5
5
|
|
6
|
+
# TODO: Reevaluate authorization without Pundit
|
7
|
+
|
6
8
|
# GET /users/1
|
7
9
|
# GET /users/1.json
|
8
10
|
def show
|
@@ -11,14 +13,12 @@ class Credible::Authentication::UsersController < Credible::AuthenticationContro
|
|
11
13
|
# GET /users/new
|
12
14
|
def new
|
13
15
|
@user = ::User.new
|
14
|
-
authorize @user
|
15
16
|
end
|
16
17
|
|
17
18
|
# POST /users
|
18
19
|
# POST /users.json
|
19
20
|
def create
|
20
|
-
@user = ::User.new(
|
21
|
-
authorize @user
|
21
|
+
@user = ::User.new(user_params)
|
22
22
|
|
23
23
|
if @user.save
|
24
24
|
Credible::ConfirmationMailer.with(user: @user).confirmation_email.deliver_later
|
@@ -33,7 +33,6 @@ class Credible::Authentication::UsersController < Credible::AuthenticationContro
|
|
33
33
|
# GET /users/confirm/:confirmation_token.json
|
34
34
|
def confirm
|
35
35
|
@user = ::User.find_by(email: params[:email])
|
36
|
-
authorize @user
|
37
36
|
|
38
37
|
@user.confirm(params[:confirmation_token])
|
39
38
|
|
@@ -48,8 +47,7 @@ class Credible::Authentication::UsersController < Credible::AuthenticationContro
|
|
48
47
|
# POST /users/reset_password
|
49
48
|
# POST /users/reset_password.json
|
50
49
|
def reset_password
|
51
|
-
@user = ::User.find_by(email:
|
52
|
-
authorize @user
|
50
|
+
@user = ::User.find_by(email: user_params[:email])
|
53
51
|
|
54
52
|
@user.reset_password
|
55
53
|
|
@@ -68,7 +66,7 @@ class Credible::Authentication::UsersController < Credible::AuthenticationContro
|
|
68
66
|
# PATCH/PUT /users/1
|
69
67
|
# PATCH/PUT /users/1.json
|
70
68
|
def update
|
71
|
-
if @user.update(
|
69
|
+
if @user.update(user_params)
|
72
70
|
render :show, status: :ok, location: @user
|
73
71
|
else
|
74
72
|
render json: @user.errors, status: :unprocessable_entity
|
@@ -86,6 +84,9 @@ class Credible::Authentication::UsersController < Credible::AuthenticationContro
|
|
86
84
|
# Use callbacks to share common setup or constraints between actions.
|
87
85
|
def set_user
|
88
86
|
@user = current_user
|
89
|
-
|
90
|
-
|
87
|
+
end
|
88
|
+
|
89
|
+
def user_params
|
90
|
+
params.require(:user).permit(:email, :password)
|
91
|
+
end
|
91
92
|
end
|
@@ -1,16 +1,4 @@
|
|
1
1
|
class Credible::AuthenticationController < ApplicationController
|
2
2
|
# TODO: Authentication module is now redundant inside Credible Engine.
|
3
3
|
# Migrate out of namespace.
|
4
|
-
|
5
|
-
def policy_scope(scope)
|
6
|
-
super([:credible, :authentication, scope])
|
7
|
-
end
|
8
|
-
|
9
|
-
def authorize(record, query = nil)
|
10
|
-
super([:credible, :authentication, record], query)
|
11
|
-
end
|
12
|
-
|
13
|
-
def permitted_attributes(record, action = action_name)
|
14
|
-
super([:credible, :authentication, record], action)
|
15
|
-
end
|
16
4
|
end
|
@@ -1,26 +1,15 @@
|
|
1
1
|
module Credible
|
2
|
-
module
|
2
|
+
module ControllerConcern
|
3
3
|
extend ActiveSupport::Concern
|
4
4
|
|
5
5
|
included do
|
6
6
|
skip_before_action :verify_authenticity_token
|
7
7
|
|
8
|
-
include Pundit
|
9
|
-
after_action :verify_authorized
|
10
|
-
after_action :verify_policy_scoped, only: :index
|
11
|
-
|
12
|
-
rescue_from Pundit::NotAuthorizedError, with: :user_not_authorized
|
13
|
-
rescue_from Pundit::NotDefinedError, with: :user_not_authorized
|
14
|
-
|
15
8
|
before_action :authenticate!, if: proc { request.env['HTTP_AUTHORIZATION'] || request.env['HTTP_API_TOKEN'] }
|
16
9
|
|
17
10
|
helper_method :current_user
|
18
11
|
helper_method :current_session
|
19
12
|
|
20
|
-
def pundit_user
|
21
|
-
current_session
|
22
|
-
end
|
23
|
-
|
24
13
|
def current_user
|
25
14
|
current_session.user
|
26
15
|
end
|
@@ -40,11 +29,5 @@ module Credible
|
|
40
29
|
|
41
30
|
class_methods do
|
42
31
|
end
|
43
|
-
|
44
|
-
private
|
45
|
-
|
46
|
-
def user_not_authorized
|
47
|
-
render json: {}.to_json, status: :forbidden
|
48
|
-
end
|
49
32
|
end
|
50
33
|
end
|
data/lib/credible/version.rb
CHANGED
data/lib/credible.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: credible
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.8.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Thom Bruce
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-04-
|
11
|
+
date: 2020-04-21 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rails
|
@@ -44,20 +44,6 @@ dependencies:
|
|
44
44
|
- - "~>"
|
45
45
|
- !ruby/object:Gem::Version
|
46
46
|
version: 1.2.8
|
47
|
-
- !ruby/object:Gem::Dependency
|
48
|
-
name: pundit
|
49
|
-
requirement: !ruby/object:Gem::Requirement
|
50
|
-
requirements:
|
51
|
-
- - "~>"
|
52
|
-
- !ruby/object:Gem::Version
|
53
|
-
version: 2.1.0
|
54
|
-
type: :runtime
|
55
|
-
prerelease: false
|
56
|
-
version_requirements: !ruby/object:Gem::Requirement
|
57
|
-
requirements:
|
58
|
-
- - "~>"
|
59
|
-
- !ruby/object:Gem::Version
|
60
|
-
version: 2.1.0
|
61
47
|
- !ruby/object:Gem::Dependency
|
62
48
|
name: pg
|
63
49
|
requirement: !ruby/object:Gem::Requirement
|
@@ -133,10 +119,6 @@ files:
|
|
133
119
|
- app/mailers/credible/reset_password_mailer.rb
|
134
120
|
- app/mailers/credible_mailer.rb
|
135
121
|
- app/models/credible/application_record.rb
|
136
|
-
- app/policies/credible/application_policy.rb
|
137
|
-
- app/policies/credible/authentication/session_policy.rb
|
138
|
-
- app/policies/credible/authentication/user_policy.rb
|
139
|
-
- app/policies/credible/authentication_policy.rb
|
140
122
|
- app/views/credible/authentication/sessions/_session.json.jbuilder
|
141
123
|
- app/views/credible/authentication/sessions/show.json.jbuilder
|
142
124
|
- app/views/credible/authentication/users/_user.json.jbuilder
|
@@ -150,7 +132,7 @@ files:
|
|
150
132
|
- config/initializers/warden.rb
|
151
133
|
- config/routes.rb
|
152
134
|
- lib/credible.rb
|
153
|
-
- lib/credible/
|
135
|
+
- lib/credible/controller_concern.rb
|
154
136
|
- lib/credible/engine.rb
|
155
137
|
- lib/credible/session.rb
|
156
138
|
- lib/credible/user.rb
|
@@ -1,61 +0,0 @@
|
|
1
|
-
module Credible
|
2
|
-
class ApplicationPolicy
|
3
|
-
attr_reader :session, :record
|
4
|
-
|
5
|
-
def initialize(session, record)
|
6
|
-
@session = session
|
7
|
-
@record = record
|
8
|
-
end
|
9
|
-
|
10
|
-
def index?
|
11
|
-
user
|
12
|
-
end
|
13
|
-
|
14
|
-
def show?
|
15
|
-
user
|
16
|
-
end
|
17
|
-
|
18
|
-
def create?
|
19
|
-
user
|
20
|
-
end
|
21
|
-
|
22
|
-
def new?
|
23
|
-
create?
|
24
|
-
end
|
25
|
-
|
26
|
-
def update?
|
27
|
-
user
|
28
|
-
end
|
29
|
-
|
30
|
-
def edit?
|
31
|
-
update?
|
32
|
-
end
|
33
|
-
|
34
|
-
def destroy?
|
35
|
-
user
|
36
|
-
end
|
37
|
-
|
38
|
-
# Helper Methods
|
39
|
-
def user
|
40
|
-
session.user
|
41
|
-
end
|
42
|
-
|
43
|
-
class Scope
|
44
|
-
attr_reader :session, :scope
|
45
|
-
|
46
|
-
def initialize(session, scope)
|
47
|
-
@session = session
|
48
|
-
@scope = scope
|
49
|
-
end
|
50
|
-
|
51
|
-
def resolve
|
52
|
-
scope.all
|
53
|
-
end
|
54
|
-
|
55
|
-
# Helper Methods
|
56
|
-
def user
|
57
|
-
session.user
|
58
|
-
end
|
59
|
-
end
|
60
|
-
end
|
61
|
-
end
|
@@ -1,17 +0,0 @@
|
|
1
|
-
class Credible::Authentication::UserPolicy < Credible::AuthenticationPolicy
|
2
|
-
def permitted_attributes
|
3
|
-
[:name, :email, :password]
|
4
|
-
end
|
5
|
-
|
6
|
-
def confirm?
|
7
|
-
true
|
8
|
-
end
|
9
|
-
|
10
|
-
def reset_password?
|
11
|
-
true
|
12
|
-
end
|
13
|
-
|
14
|
-
def update?
|
15
|
-
user && user == record
|
16
|
-
end
|
17
|
-
end
|
@@ -1,16 +0,0 @@
|
|
1
|
-
class Credible::AuthenticationPolicy < Credible::ApplicationPolicy
|
2
|
-
# Authentication concerns the User and their single instance.
|
3
|
-
# The rules that apply to update? will always apply to show?
|
4
|
-
# and destroy? too.
|
5
|
-
def show?
|
6
|
-
update?
|
7
|
-
end
|
8
|
-
|
9
|
-
def create?
|
10
|
-
!user
|
11
|
-
end
|
12
|
-
|
13
|
-
def destroy?
|
14
|
-
update?
|
15
|
-
end
|
16
|
-
end
|