gatleon-authform-rails 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: b3ca7bb6cbffefb551a1a745285cb28ad6ba451811565199278b462c899ff2b1
+  data.tar.gz: 790d1b536bf057cf929b5c7b975d9ecfdfa583477f51c1af15045ad5846ed795
+SHA512:
+  metadata.gz: 6923b17d438ded1ed5fbc8ab8dbe8eecb475b7b760e6a7ed782aa672af8ebbb45cc71b84cfbea3ef49f057dea43a26fc61900e16f4fe2892521f88d96826015d
+  data.tar.gz: 3b890fb44898fbd97d919a06cd439c1459c31e5e590f23083b6cce3b8c42f2cb94c65c63c33090f9b5738cf398b9398dde831ce56469a9ca3c2a4e78f712136c

data/.gitignore

@@ -0,0 +1,11 @@
+/.bundle/
+/.yardoc
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+
+# rspec failure tracking
+.rspec_status

data/.rspec

@@ -0,0 +1,3 @@
+--format documentation
+--color
+--require spec_helper

data/.travis.yml

@@ -0,0 +1,6 @@
+---
+language: ruby
+cache: bundler
+rvm:
+  - 2.6.5
+before_install: gem install bundler -v 2.1.4

data/Gemfile

@@ -0,0 +1,9 @@
+source "https://rubygems.org"
+
+# Specify your gem's dependencies in gatleon-authform-rails.gemspec
+gemspec
+
+gem "rake", "~> 12.0"
+gem "rspec", "~> 3.0"
+gem "rails"
+gem "byebug"

data/Gemfile.lock

@@ -0,0 +1,159 @@
+PATH
+  remote: .
+  specs:
+    gatleon-authform-rails (0.1.0)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    actioncable (6.0.2.2)
+      actionpack (= 6.0.2.2)
+      nio4r (~> 2.0)
+      websocket-driver (>= 0.6.1)
+    actionmailbox (6.0.2.2)
+      actionpack (= 6.0.2.2)
+      activejob (= 6.0.2.2)
+      activerecord (= 6.0.2.2)
+      activestorage (= 6.0.2.2)
+      activesupport (= 6.0.2.2)
+      mail (>= 2.7.1)
+    actionmailer (6.0.2.2)
+      actionpack (= 6.0.2.2)
+      actionview (= 6.0.2.2)
+      activejob (= 6.0.2.2)
+      mail (~> 2.5, >= 2.5.4)
+      rails-dom-testing (~> 2.0)
+    actionpack (6.0.2.2)
+      actionview (= 6.0.2.2)
+      activesupport (= 6.0.2.2)
+      rack (~> 2.0, >= 2.0.8)
+      rack-test (>= 0.6.3)
+      rails-dom-testing (~> 2.0)
+      rails-html-sanitizer (~> 1.0, >= 1.2.0)
+    actiontext (6.0.2.2)
+      actionpack (= 6.0.2.2)
+      activerecord (= 6.0.2.2)
+      activestorage (= 6.0.2.2)
+      activesupport (= 6.0.2.2)
+      nokogiri (>= 1.8.5)
+    actionview (6.0.2.2)
+      activesupport (= 6.0.2.2)
+      builder (~> 3.1)
+      erubi (~> 1.4)
+      rails-dom-testing (~> 2.0)
+      rails-html-sanitizer (~> 1.1, >= 1.2.0)
+    activejob (6.0.2.2)
+      activesupport (= 6.0.2.2)
+      globalid (>= 0.3.6)
+    activemodel (6.0.2.2)
+      activesupport (= 6.0.2.2)
+    activerecord (6.0.2.2)
+      activemodel (= 6.0.2.2)
+      activesupport (= 6.0.2.2)
+    activestorage (6.0.2.2)
+      actionpack (= 6.0.2.2)
+      activejob (= 6.0.2.2)
+      activerecord (= 6.0.2.2)
+      marcel (~> 0.3.1)
+    activesupport (6.0.2.2)
+      concurrent-ruby (~> 1.0, >= 1.0.2)
+      i18n (>= 0.7, < 2)
+      minitest (~> 5.1)
+      tzinfo (~> 1.1)
+      zeitwerk (~> 2.2)
+    builder (3.2.4)
+    byebug (11.1.3)
+    concurrent-ruby (1.1.6)
+    crass (1.0.6)
+    diff-lcs (1.3)
+    erubi (1.9.0)
+    globalid (0.4.2)
+      activesupport (>= 4.2.0)
+    i18n (1.8.2)
+      concurrent-ruby (~> 1.0)
+    loofah (2.5.0)
+      crass (~> 1.0.2)
+      nokogiri (>= 1.5.9)
+    mail (2.7.1)
+      mini_mime (>= 0.1.1)
+    marcel (0.3.3)
+      mimemagic (~> 0.3.2)
+    method_source (1.0.0)
+    mimemagic (0.3.4)
+    mini_mime (1.0.2)
+    mini_portile2 (2.4.0)
+    minitest (5.14.0)
+    nio4r (2.5.2)
+    nokogiri (1.10.9)
+      mini_portile2 (~> 2.4.0)
+    rack (2.2.2)
+    rack-test (1.1.0)
+      rack (>= 1.0, < 3)
+    rails (6.0.2.2)
+      actioncable (= 6.0.2.2)
+      actionmailbox (= 6.0.2.2)
+      actionmailer (= 6.0.2.2)
+      actionpack (= 6.0.2.2)
+      actiontext (= 6.0.2.2)
+      actionview (= 6.0.2.2)
+      activejob (= 6.0.2.2)
+      activemodel (= 6.0.2.2)
+      activerecord (= 6.0.2.2)
+      activestorage (= 6.0.2.2)
+      activesupport (= 6.0.2.2)
+      bundler (>= 1.3.0)
+      railties (= 6.0.2.2)
+      sprockets-rails (>= 2.0.0)
+    rails-dom-testing (2.0.3)
+      activesupport (>= 4.2.0)
+      nokogiri (>= 1.6)
+    rails-html-sanitizer (1.3.0)
+      loofah (~> 2.3)
+    railties (6.0.2.2)
+      actionpack (= 6.0.2.2)
+      activesupport (= 6.0.2.2)
+      method_source
+      rake (>= 0.8.7)
+      thor (>= 0.20.3, < 2.0)
+    rake (12.3.3)
+    rspec (3.9.0)
+      rspec-core (~> 3.9.0)
+      rspec-expectations (~> 3.9.0)
+      rspec-mocks (~> 3.9.0)
+    rspec-core (3.9.1)
+      rspec-support (~> 3.9.1)
+    rspec-expectations (3.9.1)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.9.0)
+    rspec-mocks (3.9.1)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.9.0)
+    rspec-support (3.9.2)
+    sprockets (4.0.0)
+      concurrent-ruby (~> 1.0)
+      rack (> 1, < 3)
+    sprockets-rails (3.2.1)
+      actionpack (>= 4.0)
+      activesupport (>= 4.0)
+      sprockets (>= 3.0.0)
+    thor (1.0.1)
+    thread_safe (0.3.6)
+    tzinfo (1.2.7)
+      thread_safe (~> 0.1)
+    websocket-driver (0.7.1)
+      websocket-extensions (>= 0.1.0)
+    websocket-extensions (0.1.4)
+    zeitwerk (2.3.0)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  byebug
+  gatleon-authform-rails!
+  rails
+  rake (~> 12.0)
+  rspec (~> 3.0)
+
+BUNDLED WITH
+   2.1.4

data/LICENSE

@@ -0,0 +1,22 @@
+The MIT License (MIT)
+
+Copyright (c) 2020 gatleon
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
+

data/README.md

@@ -0,0 +1,81 @@
+![authform-rails](https://raw.githubusercontent.com/gatleon/gatleon-rails/master/gatleon-authform-rails.png)
+
+# authform-rails by gatleon
+
+add authentication to your application - in 1 minute or less.
+
+## installation
+
+add this line to your application's Gemfile:
+
+```ruby
+gem "gatleon-authform-rails"
+```
+
+and then execute:
+
+```
+$ bundle install
+```
+
+add a profile controller
+
+```ruby
+class ProfileController < ActionController::Base
+  AUTHFORM_FORM_SECRET_KEY = "" # Available at https://authform.gatleon.com. coming soon!
+  AUTHFORM_FORM_PUBLIC_KEY = "" # Available at https://authform.gatleon.com. coming soon!
+
+  include Gatleon::Authform::Rails::Concern.new(public_key: AUTHFORM_FORM_PUBLIC_KEY, secret_key: AUTHFORM_FORM_SECRET_KEY)
+
+  before_action :require_login, only: [:index]
+
+  def index
+    erb = <<~ERB
+      <h1>Profile</h1>
+      <p style="color: green;">You are signed in.</p>
+      <p><%= current_user %></p>
+    ERB
+
+    render inline: erb
+  end
+
+  def signin
+    erb = <<~ERB
+      <p style="color: red;"><%= flash[:error] %></p>
+      <h1>Sign In</h1>
+      <form action="https://authform.gatleon.com/v1/form/<%= ProfileController::AUTHFORM_FORM_PUBLIC_KEY %>" method="POST">
+        <input type="email" name="email">
+        <button type="submit">Sign In</button>
+      </form>
+    ERB
+
+    render inline: erb
+  end
+
+  private
+
+  def require_login
+    unless current_user
+      flash[:error] = "Sign in, please."
+
+      redirect_to(profile_signin_path) and return
+    end
+  end
+end
+```
+
+add profile routes to routes.rb
+
+```ruby
+Rails.application.routes.draw do
+  get '/profile', to: 'profile#index', as: 'profile'
+  get '/profile/signin', to: 'profile#signin', as: 'profile_signin'
+end
+```
+
+that's it!
+
+## license
+
+the gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
+

data/Rakefile

@@ -0,0 +1,6 @@
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new(:spec)
+
+task :default => :spec

data/bin/console

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require "gatleon/authform/rails"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require "irb"
+IRB.start(__FILE__)

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/gatleon-authform-rails.gemspec

@@ -0,0 +1,27 @@
+require_relative 'lib/gatleon/authform/rails/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "gatleon-authform-rails"
+  spec.version       = Gatleon::Authform::Rails::VERSION
+  spec.authors       = ["gatleon"]
+  spec.email         = [""]
+
+  spec.summary       = %q{add authentication to your application - in 1 minute or less}
+  spec.description   = %q{add authentication to your application - in 1 minute or less}
+  spec.homepage      = "https://gatleon.com"
+  spec.license       = "MIT"
+  spec.required_ruby_version = Gem::Requirement.new(">= 2.3.0")
+
+  spec.metadata["homepage_uri"] = spec.homepage
+  spec.metadata["source_code_uri"] = "https://github.com/gatleon/gatleon-authform-rails"
+  spec.metadata["changelog_uri"] = "https://github.com/gatleon/gatleon-authform-rails"
+
+  # Specify which files should be added to the gem when it is released.
+  # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
+  spec.files         = Dir.chdir(File.expand_path('..', __FILE__)) do
+    `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  end
+  spec.bindir        = "exe"
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+end

data/lib/gatleon/authform/rails.rb

@@ -0,0 +1,13 @@
+require "net/http"
+require "gatleon/authform/rails/version"
+require "gatleon/authform/rails/user"
+require "gatleon/authform/rails/concern"
+
+module Gatleon
+  module Authform
+    module Rails
+      class Error < StandardError; end
+      # Your code goes here...
+    end
+  end
+end

data/lib/gatleon/authform/rails/concern.rb

@@ -0,0 +1,68 @@
+module Gatleon
+  module Authform
+    module Rails
+      class Concern < Module
+        def initialize(public_key:,
+                       secret_key:,
+                       current_user_method_name: "current_user",
+                       _authform_base_url: "https://authform.gatleon.com")
+          super() do
+            extend ActiveSupport::Concern
+
+            included do
+              helper_method "#{current_user_method_name}".to_sym
+              before_action :_exchange_user_voucher_for_user
+            end
+
+            private
+
+            # defaults to current_user
+            define_method current_user_method_name do
+              begin
+                json = JSON.parse(cookies[_authform_user_cookie_key])["data"]
+
+                Gatleon::Authform::Rails::User.new(json: json, _form_secret_key: secret_key, _authform_base_url: _authform_base_url)
+              rescue
+                nil
+              end
+            end
+
+            define_method :_exchange_user_voucher_for_user do
+              if params[:_authformForm] == public_key && params[:_authformUserVoucher]
+                # TODO: headers for api verification
+                
+                uri = URI("#{_authform_base_url}/v1/exchangeUserVoucherForUser/#{params[:_authformUserVoucher]}")
+                response = Net::HTTP.get_response(uri)
+
+                if response.code.to_i == 200
+                  # First attempt WITHOUT all - for setting on platforms like heroku that deny setting cookies across all subdomains
+                  cookies[_authform_user_cookie_key] = {
+                    value: response.body
+                  }
+
+                  # Then set all - desired behavior for hosting your own domain
+                  cookies[_authform_user_cookie_key] = {
+                    value: response.body,
+                    domain: :all
+                  }
+                end
+
+                q = Rack::Utils.parse_query(URI.parse(request.url).query)
+                q.delete("_authformUserVoucher")
+                q.delete("_authformForm")
+                url = q.empty? ? request.path : "#{request.path}?#{q.to_query}"
+
+                redirect_to url, status: 302 # redirect to finish removal of query param
+              end
+            end
+
+            define_method :_authform_user_cookie_key do
+              public_key # allows for multiple forms per site
+            end
+          end
+        end
+      end
+    end
+  end
+end
+

data/lib/gatleon/authform/rails/user.rb

@@ -0,0 +1,63 @@
+module Gatleon
+  module Authform
+    module Rails
+      class User
+        PERMITTED_CHARS = /\A[a-zA-Z0-9_)]*\z/
+
+        def initialize(json:, _form_secret_key:, _authform_base_url:)
+          @json = json
+
+          @_form_secret_key = _form_secret_key
+          @_authform_base_url = _authform_base_url
+        end
+
+        # Getters
+        #
+        def _id
+          @json["_id"]
+        end
+
+        def _email
+          @json["_email"]
+        end
+
+        # Getters
+        #
+        def [](key)
+          @json[key.to_s]
+        end
+
+        # Setters
+        #
+        def []=(key, value)
+          key = _clean_key(key)
+
+          raise Gatleon::Authform::Rails::Error, "can't set reserved field name #{key}" if key[0] == "_" # anything starting with _
+
+          raise Gatleon::Authform::Rails::Error, "can't set empty field name" if key == ""
+
+          raise Gatleon::Authform::Rails::Error, "only characters a-z, A-Z, 0-9, and _ permitted in field name" unless key.match?(PERMITTED_CHARS)
+
+          @json[key] = value.to_s
+        end
+
+        private
+
+        def _persist(key, value)
+          uri = _persist_url(key, vlue)
+          
+          Net::HTTP.get_response(uri) # TODO: move to post request
+        end
+
+        def _persist_url(key, value)
+          URI("#{@_authform_base_url}/v1/setUser?_id=#{_id}&_secretKey=#{@_form_secret_key}&#{key}=#{value}")
+        end
+
+        def _clean_key(k_or_v)
+          k_or_v.to_s.strip
+        end
+      end
+    end
+  end
+end
+

data/lib/gatleon/authform/rails/version.rb

@@ -0,0 +1,7 @@
+module Gatleon
+  module Authform
+    module Rails
+      VERSION = "0.1.0"
+    end
+  end
+end

metadata

@@ -0,0 +1,62 @@
+--- !ruby/object:Gem::Specification
+name: gatleon-authform-rails
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- gatleon
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2020-04-30 00:00:00.000000000 Z
+dependencies: []
+description: add authentication to your application - in 1 minute or less
+email:
+- ''
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".rspec"
+- ".travis.yml"
+- Gemfile
+- Gemfile.lock
+- LICENSE
+- README.md
+- Rakefile
+- bin/console
+- bin/setup
+- gatleon-authform-rails.gemspec
+- gatleon-authform-rails.png
+- lib/gatleon/authform/rails.rb
+- lib/gatleon/authform/rails/concern.rb
+- lib/gatleon/authform/rails/user.rb
+- lib/gatleon/authform/rails/version.rb
+homepage: https://gatleon.com
+licenses:
+- MIT
+metadata:
+  homepage_uri: https://gatleon.com
+  source_code_uri: https://github.com/gatleon/gatleon-authform-rails
+  changelog_uri: https://github.com/gatleon/gatleon-authform-rails
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.3.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.0.3
+signing_key: 
+specification_version: 4
+summary: add authentication to your application - in 1 minute or less
+test_files: []