devise-passwordless 0.7.0 → 1.0.0

data/lib/devise/strategies/magic_link_authenticatable.rb

@@ -20,28 +20,19 @@ module Devise
       end
 
       def authenticate!
+        resource_class = mapping.to
+
         begin
-          data = decode_passwordless_token
-        rescue Devise::Passwordless::LoginToken::InvalidOrExpiredTokenError
+          resource, extra = resource_class.decode_passwordless_token(token, resource_class)
+        rescue Devise::Passwordless::InvalidOrExpiredTokenError
           fail!(:magic_link_invalid)
           return
         end
 
-        resource = mapping.to.find_by(id: data["data"]["resource"]["key"])
-
-        if resource && Devise.passwordless_expire_old_tokens_on_sign_in
-          if (last_login = resource.try(:current_sign_in_at))
-            token_created_at = ActiveSupport::TimeZone["UTC"].at(data["created_at"])
-            if token_created_at < last_login
-              fail!(:magic_link_invalid)
-              return
-            end
-          end
-        end
-
         if validate(resource)
           remember_me(resource)
           resource.after_magic_link_authentication
+          env['warden.magic_link_extra'] = extra.fetch('data', {}).delete('extra')
           success!(resource)
         else
           fail!(:magic_link_invalid)
@@ -50,10 +41,6 @@ module Devise
 
       private
 
-      def decode_passwordless_token
-        Devise::Passwordless::LoginToken.decode(self.token)
-      end
-
       # Sets the authentication hash and the token from params_auth_hash or http_auth_hash.
       def with_authentication_hash(auth_type, auth_values)
         self.authentication_hash, self.authentication_type = {}, auth_type
@@ -67,10 +54,3 @@ module Devise
 end
 
 Warden::Strategies.add(:magic_link_authenticatable, Devise::Strategies::MagicLinkAuthenticatable)
-
-Devise.add_module(:magic_link_authenticatable, {
-  strategy: true,
-  controller: :sessions,
-  route: :session,
-  model: "devise/models/magic_link_authenticatable",
-})

data/lib/generators/devise/passwordless/install_generator.rb

@@ -11,23 +11,19 @@ module Devise::Passwordless
         File.dirname(__FILE__)
       end
 
-      def create_sessions_controller
-        template "sessions_controller.rb.erb", "app/controllers/devise/passwordless/sessions_controller.rb"
-      end
-
-      def create_magic_links_controller
-        template "magic_links_controller.rb.erb", "app/controllers/devise/passwordless/magic_links_controller.rb"
-      end
-
       def update_devise_initializer
         inject_into_file 'config/initializers/devise.rb', before: /^end$/ do <<~'CONFIG'.indent(2)
 
           # ==> Configuration for :magic_link_authenticatable
 
-          # Need to use a custom Devise mailer in order to send magic links
-          require "devise/passwordless/mailer"
+          # Need to use a custom Devise mailer in order to send magic links.
+          # If you're already using a custom mailer just have it inherit from
+          # Devise::Passwordless::Mailer instead of Devise::Mailer
           config.mailer = "Devise::Passwordless::Mailer"
 
+          # Which algorithm to use for tokenizing magic links. See README for descriptions
+          config.passwordless_tokenizer = "SignedGlobalIDTokenizer"
+
           # Time period after a magic login link is sent out that it will be valid for.
           # config.passwordless_login_within = 20.minutes
 
@@ -51,7 +47,7 @@ module Devise::Passwordless
 
           <p>You can login using the link below:</p>
           
-          <p><%= link_to "Log in to my account", send("#{@scope_name.to_s.pluralize}_magic_link_url", Hash[@scope_name, {email: @resource.email, token: @token, remember_me: @remember_me}]) %></p>
+          <p><%= link_to "Log in to my account", magic_link_url(@resource, @scope_name => {email: @resource.email, token: @token, remember_me: @remember_me}) %></p>
           
           <p>Note that the link will expire in <%= Devise.passwordless_login_within.inspect %>.</p>          
         FILE
@@ -75,6 +71,7 @@ module Devise::Passwordless
               passwordless: {
                 not_found_in_database: "Could not find a user for that email address",
                 magic_link_sent: "A login link has been sent to your email address. Please follow the link to log in to your account.",
+                magic_link_sent_paranoid: "If your account exists, you will receive an email with a login link. Please follow the link to log in to your account.",
               },
               failure: {
                 magic_link_invalid: "Invalid or expired login link.",

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: devise-passwordless
 version: !ruby/object:Gem::Version
-  version: 0.7.0
+  version: 1.0.0
 platform: ruby
 authors:
 - Abe Voelker
 autorequire: 
-bindir: exe
+bindir: bin
 cert_chain: []
-date: 2022-03-06 00:00:00.000000000 Z
+date: 2023-09-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: devise
@@ -24,6 +24,34 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: globalid
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: timecop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 description: 
 email:
 - _@abevoelker.com
@@ -31,33 +59,34 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- ".github/workflows/test.yml"
-- ".gitignore"
-- ".rspec"
-- ".travis.yml"
-- Gemfile
+- CHANGELOG.md
 - LICENSE.txt
 - README.md
-- Rakefile
-- bin/console
-- bin/setup
-- devise-passwordless.gemspec
+- UPGRADING.md
+- app/controllers/devise/magic_links_controller.rb
+- app/controllers/devise/passwordless/sessions_controller.rb
+- app/mailers/devise/passwordless/mailer.rb
+- lib/devise/hooks/magic_link_authenticatable.rb
 - lib/devise/models/magic_link_authenticatable.rb
+- lib/devise/monkeypatch.rb
 - lib/devise/passwordless.rb
 - lib/devise/passwordless/login_token.rb
-- lib/devise/passwordless/mailer.rb
+- lib/devise/passwordless/rails.rb
+- lib/devise/passwordless/routing.rb
+- lib/devise/passwordless/tokenizers/message_encryptor_tokenizer.rb
+- lib/devise/passwordless/tokenizers/signed_global_id_tokenizer.rb
 - lib/devise/passwordless/version.rb
 - lib/devise/strategies/magic_link_authenticatable.rb
 - lib/generators/devise/passwordless/install_generator.rb
-- lib/generators/devise/passwordless/templates/magic_links_controller.rb.erb
-- lib/generators/devise/passwordless/templates/sessions_controller.rb.erb
 homepage: https://github.com/abevoelker/devise-passwordless
 licenses:
 - MIT
 metadata:
   homepage_uri: https://github.com/abevoelker/devise-passwordless
   source_code_uri: https://github.com/abevoelker/devise-passwordless
-post_install_message: 
+post_install_message: "\n  Devise Passwordless v1.0 introduces major, backwards-incompatible
+  changes!\n  Please see https://github.com/abevoelker/devise-passwordless/blob/master/UPGRADING.md\n
+  \ for a guide on upgrading, or CHANGELOG.md for a list of changes.\n  "
 rdoc_options: []
 require_paths:
 - lib
@@ -72,7 +101,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.6
+rubygems_version: 3.4.10
 signing_key: 
 specification_version: 4
 summary: Passwordless (email-only) login strategy for Devise

data/.github/workflows/test.yml

@@ -1,45 +0,0 @@
-name: test
-
-on:
-  push:
-    branches: [ master ]
-  pull_request:
-    branches: [ master ]
-
-jobs:
-  test:
-    runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        ruby-version:
-          - 3.0
-          - 2.7
-          - 2.6
-          - 2.5
-        gemfile:
-          - Gemfile-rails-7
-          - Gemfile-rails-6.1
-          - Gemfile-rails-6.0
-        exclude:
-          # Rails 7 requires Ruby 2.7+
-          - ruby-version: 2.5
-            gemfile: Gemfile-rails-7
-          - ruby-version: 2.6
-            gemfile: Gemfile-rails-7
-    steps:
-      - uses: actions/checkout@v2
-      - name: Set up Ruby ${{ matrix.ruby-version }}
-        uses: ruby/setup-ruby@477b21f02be01bcb8030d50f37cfec92bfa615b6
-        with:
-          ruby-version: ${{ matrix.ruby-version }}
-      - name: Run gem tests
-        run: |
-          bundle
-          bundle exec rake
-      - name: Run Rails dummy app tests
-        working-directory: ./spec/dummy_app
-        env:
-          BUNDLE_GEMFILE: gemfiles/${{ matrix.gemfile }}
-        run: |
-          bundle
-          bundle exec rake

data/.gitignore

@@ -1,16 +0,0 @@
-/.bundle/
-/.yardoc
-/_yardoc/
-/coverage/
-/doc/
-/pkg/
-/spec/reports/
-/spec/tmp
-/tmp/
-Gemfile.lock
-Gemfile*.lock
-
-# rspec failure tracking
-.rspec_status
-
-.ruby-version

data/.rspec

@@ -1,4 +0,0 @@
---format documentation
---color
---require spec_helper
---exclude-pattern "spec/dummy_app/**/**"

data/.travis.yml

@@ -1,7 +0,0 @@
----
-sudo: false
-language: ruby
-cache: bundler
-rvm:
-  - 2.6.2
-before_install: gem install bundler -v 1.17.2

data/Gemfile

@@ -1,13 +0,0 @@
-source "https://rubygems.org"
-
-git_source(:github) {|repo_name| "https://github.com/#{repo_name}" }
-
-# Specify your gem's dependencies in devise-passwordless.gemspec
-gemspec
-
-gem "rake", "~> 10.0"
-
-group :test do
-  gem "rspec", "~> 3.0"
-  gem "generator_spec"
-end

data/Rakefile

@@ -1,6 +0,0 @@
-require "bundler/gem_tasks"
-require "rspec/core/rake_task"
-
-RSpec::Core::RakeTask.new(:spec)
-
-task :default => :spec

data/bin/console

@@ -1,14 +0,0 @@
-#!/usr/bin/env ruby
-
-require "bundler/setup"
-require "devise/passwordless"
-
-# You can add fixtures and/or initialization code here to make experimenting
-# with your gem easier. You can also use a different console, if you like.
-
-# (If you use this, don't forget to add pry to your Gemfile!)
-# require "pry"
-# Pry.start
-
-require "irb"
-IRB.start(__FILE__)

data/bin/setup

@@ -1,8 +0,0 @@
-#!/usr/bin/env bash
-set -euo pipefail
-IFS=$'\n\t'
-set -vx
-
-bundle install
-
-# Do any other automated setup that you need to do here

data/devise-passwordless.gemspec

@@ -1,41 +0,0 @@
-
-lib = File.expand_path("../lib", __FILE__)
-$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
-require "devise/passwordless/version"
-
-Gem::Specification.new do |spec|
-  spec.name          = "devise-passwordless"
-  spec.version       = Devise::Passwordless::VERSION
-  spec.authors       = ["Abe Voelker"]
-  spec.email         = ["_@abevoelker.com"]
-
-  spec.summary       = %q{Passwordless (email-only) login strategy for Devise}
-  #spec.description   = %q{TODO: Write a longer description or delete this line.}
-  spec.homepage      = "https://github.com/abevoelker/devise-passwordless"
-  spec.license       = "MIT"
-
-  # Prevent pushing this gem to RubyGems.org. To allow pushes either set the 'allowed_push_host'
-  # to allow pushing to a single host or delete this section to allow pushing to any host.
-  if spec.respond_to?(:metadata)
-    #spec.metadata["allowed_push_host"] = "TODO: Set to 'http://mygemserver.com'"
-
-    spec.metadata["homepage_uri"] = spec.homepage
-    spec.metadata["source_code_uri"] = spec.homepage
-    #spec.metadata["changelog_uri"] = "TODO: Put your gem's CHANGELOG.md URL here."
-  else
-    raise "RubyGems 2.0 or newer is required to protect against " \
-      "public gem pushes."
-  end
-
-  # Specify which files should be added to the gem when it is released.
-  # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
-  spec.files         = Dir.chdir(File.expand_path('..', __FILE__)) do
-    `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
-  end
-  spec.bindir        = "exe"
-  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
-  spec.require_paths = ["lib"]
-  spec.required_ruby_version = ">= 2.1.0"
-
-  spec.add_dependency "devise"
-end

data/lib/devise/passwordless/mailer.rb

@@ -1,12 +0,0 @@
-# frozen_string_literal: true
-require "devise/mailer"
-
-module Devise::Passwordless
-  class Mailer < Devise::Mailer
-    def magic_link(record, token, remember_me, opts = {})
-      @token = token
-      @remember_me = remember_me
-      devise_mail(record, :magic_link, opts)
-    end
-  end
-end

data/lib/generators/devise/passwordless/templates/sessions_controller.rb.erb

@@ -1,34 +0,0 @@
-# frozen_string_literal: true
-
-<% module_namespacing do -%>
-class Devise::Passwordless::SessionsController < Devise::SessionsController
-  def create
-    self.resource = resource_class.find_by(email: create_params[:email])
-    if self.resource
-      resource.send_magic_link(create_params[:remember_me])
-      set_flash_message(:notice, :magic_link_sent, now: true)
-    else
-      set_flash_message(:alert, :not_found_in_database, now: true)
-    end
-
-    self.resource = resource_class.new(create_params)
-    render :new
-  end
-
-  protected
-
-  def translation_scope
-    if action_name == "create"
-      "devise.passwordless"
-    else
-      super
-    end
-  end
-
-  private
-
-  def create_params
-    resource_params.permit(:email, :remember_me)
-  end
-end
-<% end -%>