groovestack-auth 0.1.5 → 0.1.6

data/lib/groovestack/auth.rb

@@ -1,109 +1,59 @@
 # frozen_string_literal: true
 
-require 'groovestack/base'
-require 'groovestack/config'
+require 'devise'
+require 'devise/passwordless'
+require 'rotp'
 
-require 'graphql_devise' if defined?(GraphqlDevise)
-require 'omniauth-google-oauth2'
-require 'omniauth-apple'
+require 'groovestack/identities'
+require 'groovestack/config'
 
 require 'groovestack/auth/version'
-require 'groovestack/auth/railtie' if defined?(Rails::Railtie)
-
-if defined?(GraphqlDevise)
-  # add devise and devise_token_auth app/ dirs to load path
-  Dir[File.join(Gem::Specification.find_by_name('devise').gem_dir, 'app', '*')].each do |sub_dir|
-    $LOAD_PATH.push(sub_dir)
-  end
-  Dir[File.join(Gem::Specification.find_by_name('devise_token_auth').gem_dir, 'app', '*')].each do |sub_dir|
-    $LOAD_PATH.push(sub_dir)
-  end
+require 'groovestack/auth/engine' if defined?(Rails::Engine)
+require 'groovestack/auth/settings'
+require 'groovestack/auth/routes'
 
-  unless defined?(ApplicationController)
-    class ApplicationController < ActionController::Base
+module Groovestack
+  module Auth
+    module GraphQL
+      autoload :AuthorizedField, 'groovestack/auth/graphql/authorized_field'
+      autoload :AuthorizedObject, 'groovestack/auth/graphql/authorized_object'
+      autoload :VisibleField, 'groovestack/auth/graphql/visible_field'
+      autoload :VisibleObject, 'groovestack/auth/graphql/visible_object'
+      autoload :SchemaVisibility, 'groovestack/auth/graphql/schema_visibility'
     end
-  end
 
-  unless defined?(DeviseTokenAuth::Concerns)
-    module DeviseTokenAuth
-      module Concerns
-      end
+    module Passwordless
+      autoload :TOtpTokenizer, 'groovestack/auth/passwordless/t_otp_tokenizer'
     end
-  end
-end
-
-require 'users/roles'
-require 'user'
-require 'identity'
 
-module GraphQL
-  module Identity
-    autoload :Type, 'graphql/identity/type'
-    autoload :Filter, 'graphql/identity/filter'
-    autoload :Queries, 'graphql/identity/queries'
-    autoload :Mutations, 'graphql/identity/mutations'
-  end
-
-  module User
-    autoload :Filter, 'graphql/user/filter'
-    autoload :Type, 'graphql/user/type'
-    autoload :Queries, 'graphql/user/queries'
-    autoload :Mutations, 'graphql/user/mutations'
-  end
-end
-
-module Groovestack
-  module Auth
     autoload :Provider, 'groovestack/auth/provider'
 
-    if defined?(GraphqlDevise)
-      autoload :AuthenticatedApiController, 'groovestack/auth/authenticated_api_controller'
-      autoload :OmniauthCallbacksController, 'groovestack/auth/omniauth_callbacks_controller'
-      autoload :ActionCable, 'groovestack/auth/action_cable'
-      autoload :SchemaPlugin, 'groovestack/auth/schema_plugin'
-    end
-
     module Providers
       extend ActiveSupport::Autoload
 
       eager_autoload do
         autoload :Email, 'groovestack/auth/providers/email'
-        autoload :OmniAuth, 'groovestack/auth/providers/omni_auth'
-        autoload :Apple, 'groovestack/auth/providers/apple'
-        autoload :Google, 'groovestack/auth/providers/google'
+        if defined?(OmniAuth)
+          autoload :OmniAuth, 'groovestack/auth/providers/omni_auth'
+          autoload :Apple, 'groovestack/auth/providers/apple'
+          autoload :Facebook, 'groovestack/auth/providers/facebook'
+          autoload :Google, 'groovestack/auth/providers/google'
+        end
       end
     end
 
-    extend Dry::Configurable
-
-    setting :disabled_providers, default: [], reader: true
+    include ::Groovestack::Auth::Settings
+    include ::Groovestack::Auth::Routes
   end
 end
 
-require 'fabricators/user_fabricator' if defined?(Fabrication) && defined?(Faker)
-
-# TODO: remove aliases after all core modules have been updated
-# to reference Groovestack::Auth
-module Core
-  module Auth
-    Provider = ::Groovestack::Auth::Provider
-
-    if defined?(GraphqlDevise)
-      AuthenticatedApiController = ::Groovestack::Auth::AuthenticatedApiController
-      OmniauthCallbacksController = ::Groovestack::Auth::OmniauthCallbacksController
-      ActionCable = ::Groovestack::Auth::ActionCable
-      SchemaPlugin = ::Groovestack::Auth::SchemaPlugin
-    end
-
-    module Providers
-      Email = ::Groovestack::Auth::Providers::Email
-      OmniAuth = ::Groovestack::Auth::Providers::OmniAuth
-      Apple = ::Groovestack::Auth::Providers::Apple
-      Google = ::Groovestack::Auth::Providers::Google
-    end
-
-    extend Dry::Configurable
+# Include Auth concerns after Rails is fully loaded
+ActiveSupport.on_load(:devise) do
+  ::GraphQL::User::Type.class_eval do
+    include ::GraphQL::UserExtensions
+  end
 
-    setting :disabled_providers, default: [], reader: true
+  ::GraphQL::Identity::Type.class_eval do
+    include ::GraphQL::IdentityExtensions
   end
 end

metadata

@@ -1,84 +1,85 @@
 --- !ruby/object:Gem::Specification
 name: groovestack-auth
 version: !ruby/object:Gem::Version
-  version: 0.1.5
+  version: 0.1.6
 platform: ruby
 authors:
 - Max Schridde
+autorequire:
 bindir: exe
 cert_chain: []
-date: 1980-01-02 00:00:00.000000000 Z
+date: 2025-05-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
-  name: groovestack-base
+  name: devise
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '0.1'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.1.10
+        version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '0.1'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.1.10
+        version: '0'
 - !ruby/object:Gem::Dependency
-  name: groovestack-config
+  name: devise-passwordless
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '0.1'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.1.2
+        version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '0.1'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.1.2
+        version: '0'
 - !ruby/object:Gem::Dependency
-  name: jsonb_accessor
+  name: groovestack-config
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.4'
+        version: '0.1'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.1.4
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.4'
+        version: '0.1'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.1.4
 - !ruby/object:Gem::Dependency
-  name: omniauth-apple
+  name: groovestack-identities
   requirement: !ruby/object:Gem::Requirement
     requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.1'
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 0.1.3
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.1'
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 0.1.3
 - !ruby/object:Gem::Dependency
-  name: omniauth-google-oauth2
+  name: rotp
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -104,41 +105,44 @@ files:
 - CHANGELOG.md
 - Gemfile
 - Gemfile.lock
+- app/channels/groovestack/auth/action_cable/connection.rb
+- app/controllers/concerns/groovestack/auth/graphql/controllers/auth_helpers.rb
+- app/controllers/concerns/groovestack/auth/graphql/controllers/authed_execute.rb
+- app/controllers/groovestack/auth/authenticated_api_controller.rb
+- app/controllers/groovestack/auth/omniauth_callbacks_controller.rb
+- app/controllers/groovestack/auth/passwordless/magic_links_controller.rb
+- app/controllers/groovestack/auth/passwordless/sessions_controller.rb
+- app/graphql/graphql/identity_extensions.rb
+- app/graphql/graphql/user_extensions.rb
+- app/models/concerns/groovestack/auth/authorized_fields_for_serialization.rb
+- app/models/concerns/groovestack/auth/identity.rb
+- app/models/concerns/groovestack/auth/user.rb
+- app/views/devise/mailer/magic_link.html.erb
 - config.ru
 - config/initializers/core_config.rb
 - config/initializers/devise.rb
-- config/initializers/devise_token_auth.rb
-- config/initializers/graphql_devise.rb
 - config/initializers/omniauth.rb
-- config/routes.rb
-- db/migrate/20231103172517_create_users.rb
-- db/migrate/20231103174037_create_identities.rb
+- config/locales/devise.en.yml
+- db/migrate/20231103174050_add_devise_to_users_and_identities.rb
 - docs/apple-oauth-local-dev.adoc
 - groovestack-auth.gemspec
-- lib/fabricators/user_fabricator.rb
-- lib/graphql/identity/filter.rb
-- lib/graphql/identity/mutations.rb
-- lib/graphql/identity/queries.rb
-- lib/graphql/identity/type.rb
-- lib/graphql/user/filter.rb
-- lib/graphql/user/mutations.rb
-- lib/graphql/user/queries.rb
-- lib/graphql/user/type.rb
 - lib/groovestack/auth.rb
-- lib/groovestack/auth/action_cable.rb
-- lib/groovestack/auth/authenticated_api_controller.rb
-- lib/groovestack/auth/omniauth_callbacks_controller.rb
+- lib/groovestack/auth/engine.rb
+- lib/groovestack/auth/graphql/authorized_field.rb
+- lib/groovestack/auth/graphql/authorized_object.rb
+- lib/groovestack/auth/graphql/schema_visibility.rb
+- lib/groovestack/auth/graphql/visible_field.rb
+- lib/groovestack/auth/graphql/visible_object.rb
+- lib/groovestack/auth/passwordless/t_otp_tokenizer.rb
 - lib/groovestack/auth/provider.rb
 - lib/groovestack/auth/providers/apple.rb
 - lib/groovestack/auth/providers/email.rb
+- lib/groovestack/auth/providers/facebook.rb
 - lib/groovestack/auth/providers/google.rb
 - lib/groovestack/auth/providers/omni_auth.rb
-- lib/groovestack/auth/railtie.rb
-- lib/groovestack/auth/schema_plugin.rb
+- lib/groovestack/auth/routes.rb
+- lib/groovestack/auth/settings.rb
 - lib/groovestack/auth/version.rb
-- lib/identity.rb
-- lib/user.rb
-- lib/users/roles.rb
 - readme.adoc
 homepage: https://github.com/talysto/groovestack-core/
 licenses: []
@@ -163,7 +167,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.6.7
+rubygems_version: 3.3.26
+signing_key:
 specification_version: 4
 summary: Groovestack extension for application authentication
 test_files: []

data/config/initializers/devise_token_auth.rb

@@ -1,72 +0,0 @@
-# frozen_string_literal: true
-
-if defined?(DeviseTokenAuth)
-  DeviseTokenAuth.setup do |config|
-    # By default the authorization headers will change after each request. The
-    # client is responsible for keeping track of the changing tokens. Change
-    # this to false to prevent the Authorization header from changing after
-    # each request.
-    config.change_headers_on_each_request = false
-
-    # By default, users will need to re-authenticate after 2 weeks. This setting
-    # determines how long tokens will remain valid after they are issued.
-    # config.token_lifespan = 2.weeks
-
-    # Limiting the token_cost to just 4 in testing will increase the performance of
-    # your test suite dramatically. The possible cost value is within range from 4
-    # to 31. It is recommended to not use a value more than 10 in other environments.
-    config.token_cost = Rails.env.test? ? 4 : 10
-
-    # Sets the max number of concurrent devices per user, which is 10 by default.
-    # After this limit is reached, the oldest tokens will be removed.
-    # config.max_number_of_devices = 10
-
-    # Sometimes it's necessary to make several requests to the API at the same
-    # time. In this case, each request in the batch will need to share the same
-    # auth token. This setting determines how far apart the requests can be while
-    # still using the same auth token.
-    # config.batch_request_buffer_throttle = 5.seconds
-
-    # This route will be the prefix for all oauth2 redirect callbacks. For
-    # example, using the default '/omniauth', the github oauth2 provider will
-    # redirect successful authentications to '/omniauth/github/callback'
-    config.omniauth_prefix = '/users/auth'
-
-    config.cookie_attributes = {
-      expires: 10.seconds
-    }
-
-    # By default sending current password is not needed for the password update.
-    # Uncomment to enforce current_password param to be checked before all
-    # attribute updates. Set it to :password if you want it to be checked only if
-    # password is updated.
-    # config.check_current_password_before_update = :attributes
-
-    # By default we will use callbacks for single omniauth.
-    # It depends on fields like email, provider and uid.
-    config.default_callbacks = false
-
-    # Makes it possible to change the headers names
-    config.headers_names = {
-      authorization: 'Authorization',
-      'access-token': 'access-token',
-      client: 'client',
-      expiry: 'expiry',
-      id: 'id',
-      'token-type': 'token-type'
-    }
-
-    # Makes it possible to use custom uid column
-    config.other_uid = 'id'
-
-    # By default, only Bearer Token authentication is implemented out of the box.
-    # If, however, you wish to integrate with legacy Devise authentication, you can
-    # do so by enabling this flag. NOTE: This feature is highly experimental!
-    # config.enable_standard_devise_support = false
-
-    # By default DeviseTokenAuth will not send confirmation email, even when including
-    # devise confirmable module. If you want to use devise confirmable module and
-    # send email, set it to true. (This is a setting for compatibility)
-    # config.send_confirmation_email = true
-  end
-end

data/config/initializers/graphql_devise.rb

@@ -1,58 +0,0 @@
-# frozen_string_literal: true
-
-if defined?(GraphqlDevise)
-  ActiveSupport.on_load(:after_initialize) do # rubocop:disable Metrics/BlockLength
-    module DeviseTokenAuth
-      module Concerns
-        module ActiveRecordSupport
-          extend ActiveSupport::Concern
-
-          class_methods do
-            # Override to remove provider from attrs b/c use identity model
-            def dta_find_by(attrs = {})
-              attrs.delete(:provider)
-              attrs.delete('provider')
-              find_by(attrs)
-            end
-          end
-        end
-      end
-    end
-
-    class User < ActiveRecord::Base
-      # Override to remove provider from attrs b/c use identity model
-      def self.dta_find_by(attrs = {})
-        attrs.delete(:provider)
-        attrs.delete('provider')
-        find_by(attrs)
-      end
-    end
-
-    User.include ::GraphqlDevise::Authenticatable
-
-    module AugmentedGraphqlDeviseRegisterArgs
-      extend ActiveSupport::Concern
-
-      included do
-        argument :name, String, required: true
-      end
-    end
-
-    GraphqlDevise::Mutations::Register.include AugmentedGraphqlDeviseRegisterArgs
-
-    GraphqlDevise::Mutations::Register.class_eval do
-      private
-
-      def build_resource(attrs)
-        # NOTE: remove provider from attrs b/c use identity model
-        attrs.delete(:provider)
-        attrs[:roles] = [Users::Roles::Role::ADMIN] unless Groovestack::Config::App.generate_config[:has_admins]
-        resource_class.new(attrs)
-      end
-    end
-
-    GraphqlDevise::Types::AuthenticatableType.class_eval do
-      field :id, GraphQL::Types::ID, null: false
-    end
-  end
-end

data/config/routes.rb

@@ -1,11 +0,0 @@
-# frozen_string_literal: true
-
-Groovestack::Auth::Railtie.routes.draw do
-  if defined?(Devise)
-    devise_scope :user do
-      match '/users/auth/:provider/callback', to: 'groovestack/auth/omniauth_callbacks#verified', via: %i[get post],
-                                              as: :omniauth_callback
-      get '/users/auth/failure', to: 'groovestack/auth/omniauth_callbacks#omniauth_failure', as: :omniauth_failure
-    end
-  end
-end

data/db/migrate/20231103172517_create_users.rb

@@ -1,54 +0,0 @@
-# frozen_string_literal: true
-
-# dynamic rails major version as recommended by perplexity
-class CreateUsers < ActiveRecord::Migration[Gem::Version.new(Rails.version).segments.first.to_f]
-  def change # rubocop:disable Metrics/MethodLength, Metrics/AbcSize
-    create_table :users, id: :uuid do |t|
-      ## Database authenticatable
-      t.string :encrypted_password, null: false, default: ''
-
-      ## Recoverable
-      t.string   :reset_password_token
-      t.datetime :reset_password_sent_at
-      t.boolean  :allow_password_change, default: false, null: false
-
-      ## Rememberable
-      t.datetime :remember_created_at
-
-      ## Trackable
-      t.integer  :sign_in_count, default: 0, null: false
-      t.datetime :current_sign_in_at
-      t.datetime :last_sign_in_at
-      t.inet     :current_sign_in_ip
-      t.inet     :last_sign_in_ip
-
-      ## Confirmable
-      t.string   :confirmation_token
-      t.datetime :confirmed_at
-      t.datetime :confirmation_sent_at
-      t.string   :unconfirmed_email # Only if using reconfirmable
-
-      # Lockable
-      # t.integer  :failed_attempts, :default => 0, :null => false # Only if lock strategy is :failed_attempts
-      # t.string   :unlock_token # Only if unlock strategy is :email or :both
-      # t.datetime :locked_at
-
-      ## User Info
-      t.string :name
-      t.string :email
-      t.jsonb  :roles, null: false, default: []
-      t.string :language
-      t.string :image
-
-      ## Tokens
-      t.json :tokens
-
-      t.timestamps
-    end
-
-    add_index :users, :email,                unique: true
-    add_index :users, :reset_password_token, unique: true
-    add_index :users, :confirmation_token,   unique: true
-    # add_index :users, :unlock_token,         unique: true
-  end
-end

data/db/migrate/20231103174037_create_identities.rb

@@ -1,19 +0,0 @@
-# frozen_string_literal: true
-
-# dynamic rails major version as recommended by perplexity
-class CreateIdentities < ActiveRecord::Migration[Gem::Version.new(Rails.version).segments.first.to_f]
-  def change
-    create_table :identities, id: :uuid do |t|
-      t.string :provider
-      t.string :uid
-      t.jsonb :omniauth_data
-
-      t.references :user, foreign_key: true, index: false, null: false, type: :uuid
-
-      t.timestamps
-    end
-
-    add_index :identities, %i[user_id provider], unique: true
-    add_index :identities, %i[provider uid], unique: true
-  end
-end

data/lib/fabricators/user_fabricator.rb

@@ -1,17 +0,0 @@
-# frozen_string_literal: true
-
-require 'fabrication'
-require 'faker'
-
-Fabricator(:user) do
-  name { Faker::Name.name }
-  password { Devise.friendly_token[0, 20] }
-end
-
-Fabricator(:user_with_email, from: :user) do
-  email { Faker::Internet.email }
-end
-
-Fabricator(:admin_user, from: :user_with_email) do
-  roles [User::Role::ADMIN]
-end

data/lib/graphql/identity/filter.rb

@@ -1,13 +0,0 @@
-# frozen_string_literal: true
-
-module GraphQL
-  module Identity
-    class Filter < ::Groovestack::Base::GraphQL::Base::InputObject
-      description 'Identity filter props'
-
-      argument :ids, [ID], required: false
-
-      argument :user_id, ID, required: false
-    end
-  end
-end

data/lib/graphql/identity/mutations.rb

@@ -1,27 +0,0 @@
-# frozen_string_literal: true
-
-module GraphQL
-  module Identity
-    module Mutations
-      class Delete < ::Groovestack::Base::GraphQL::Base::Mutation
-        argument :id, ID, required: true
-
-        type ::GraphQL::Identity::Type
-
-        def perform(id:)
-          identity = ::Identity.find(id)
-
-          identity.destroy!
-
-          identity
-        end
-      end
-
-      extend ActiveSupport::Concern
-
-      included do
-        field :delete_identity, mutation: ::GraphQL::Identity::Mutations::Delete, description: 'delete identity'
-      end
-    end
-  end
-end

data/lib/graphql/identity/queries.rb

@@ -1,25 +0,0 @@
-# frozen_string_literal: true
-
-module GraphQL
-  module Identity
-    module Queries
-      extend ActiveSupport::Concern
-
-      included do
-        include ::Groovestack::Base::GraphQL::Providers::ReactAdmin::Resource
-
-        react_admin_resource :identities, graphql_path: 'GraphQL'
-      end
-
-      def identities_scope(base_scope:, sort_field: nil, sort_order: nil, filter: {})
-        scope = base_scope
-        scope = scope.where(id: filter.ids) if filter.ids.present?
-        scope = scope.where(user_id: filter.user_id) if filter.user_id.present?
-
-        return scope if sort_field.blank?
-
-        scope.order({ sort_field.underscore => sort_order || 'desc' })
-      end
-    end
-  end
-end

data/lib/graphql/identity/type.rb

@@ -1,22 +0,0 @@
-# frozen_string_literal: true
-
-module GraphQL
-  module Identity
-    class Type < ::Groovestack::Base::GraphQL::Base::Object
-      description 'An identity'
-
-      graphql_name 'Identity'
-
-      field :created_at, ::GraphQL::Types::ISO8601DateTime, null: false, description: 'created at'
-      field :id, ID, null: false, description: 'id'
-      field :uid, String, null: false, description: 'uid'
-      field :updated_at, ::GraphQL::Types::ISO8601DateTime, null: false, description: 'updated at'
-
-      field :provider, String, null: true, description: 'provider'
-
-      # associations
-
-      field :user_id, ID, null: false, description: 'user id of the user the identity is associated with'
-    end
-  end
-end

data/lib/graphql/user/filter.rb

@@ -1,15 +0,0 @@
-# frozen_string_literal: true
-
-module GraphQL
-  module User
-    class Filter < ::Groovestack::Base::GraphQL::Base::InputObject
-      description 'User filter props'
-
-      argument :ids, [ID], required: false
-      argument :q, String, required: false
-
-      argument :name, String, required: false
-      argument :roles, [String], required: false
-    end
-  end
-end