kingsman 0.0.0.beta → 0.1.0

data/lib/kingsman/models/validatable.rb

@@ -0,0 +1,68 @@
+# frozen_string_literal: true
+
+module Kingsman
+  module Models
+    # Validatable creates all needed validations for a user email and password.
+    # It's optional, given you may want to create the validations by yourself.
+    # Automatically validate if the email is present, unique and its format is
+    # valid. Also tests presence of password, confirmation and length.
+    #
+    # == Options
+    #
+    # Validatable adds the following options to +kingsman+:
+    #
+    #   * +email_regexp+: the regular expression used to validate e-mails;
+    #   * +password_length+: a range expressing password length. Defaults to 6..128.
+    #
+    module Validatable
+      # All validations used by this module.
+      VALIDATIONS = [:validates_presence_of, :validates_uniqueness_of, :validates_format_of,
+                     :validates_confirmation_of, :validates_length_of].freeze
+
+      def self.required_fields(klass)
+        []
+      end
+
+      def self.included(base)
+        base.extend ClassMethods
+        assert_validations_api!(base)
+
+        base.class_eval do
+          validates_presence_of   :email, if: :email_required?
+          validates_uniqueness_of :email, allow_blank: true, case_sensitive: true, if: :kingsman_will_save_change_to_email?
+          validates_format_of     :email, with: email_regexp, allow_blank: true, if: :kingsman_will_save_change_to_email?
+
+          validates_presence_of     :password, if: :password_required?
+          validates_confirmation_of :password, if: :password_required?
+          validates_length_of       :password, within: password_length, allow_blank: true
+        end
+      end
+
+      def self.assert_validations_api!(base) #:nodoc:
+        unavailable_validations = VALIDATIONS.select { |v| !base.respond_to?(v) }
+
+        unless unavailable_validations.empty?
+          raise "Could not use :validatable module since #{base} does not respond " \
+                "to the following methods: #{unavailable_validations.to_sentence}."
+        end
+      end
+
+    protected
+
+      # Checks whether a password is needed or not. For validations only.
+      # Passwords are always required if it's a new record, or if the password
+      # or confirmation are being set somewhere.
+      def password_required?
+        !persisted? || !password.nil? || !password_confirmation.nil?
+      end
+
+      def email_required?
+        true
+      end
+
+      module ClassMethods
+        Kingsman::Models.config(self, :email_regexp, :password_length)
+      end
+    end
+  end
+end

data/lib/kingsman/models.rb

@@ -0,0 +1,122 @@
+# frozen_string_literal: true
+
+module Kingsman
+  module Models
+    class MissingAttribute < StandardError
+      def initialize(attributes)
+        @attributes = attributes
+      end
+
+      def message
+        "The following attribute(s) is (are) missing on your model: #{@attributes.join(", ")}"
+      end
+    end
+
+    # Creates configuration values for Kingsman and for the given module.
+    #
+    #   Kingsman::Models.config(Kingsman::Models::DatabaseAuthenticatable, :stretches)
+    #
+    # The line above creates:
+    #
+    #   1) An accessor called Kingsman.stretches, which value is used by default;
+    #
+    #   2) Some class methods for your model Model.stretches and Model.stretches=
+    #      which have higher priority than Kingsman.stretches;
+    #
+    #   3) And an instance method stretches.
+    #
+    # To add the class methods you need to have a module ClassMethods defined
+    # inside the given class.
+    #
+    def self.config(mod, *accessors) #:nodoc:
+      class << mod; attr_accessor :available_configs; end
+      mod.available_configs = accessors
+
+      accessors.each do |accessor|
+        mod.class_eval <<-METHOD, __FILE__, __LINE__ + 1
+          def #{accessor}
+            if defined?(@#{accessor})
+              @#{accessor}
+            elsif superclass.respond_to?(:#{accessor})
+              superclass.#{accessor}
+            else
+              Kingsman.#{accessor}
+            end
+          end
+
+          def #{accessor}=(value)
+            @#{accessor} = value
+          end
+        METHOD
+      end
+    end
+
+    def self.check_fields!(klass)
+      failed_attributes = []
+      instance = klass.new
+
+      klass.kingsman_modules.each do |mod|
+        constant = const_get(mod.to_s.classify)
+
+        constant.required_fields(klass).each do |field|
+          failed_attributes << field unless instance.respond_to?(field)
+        end
+      end
+
+      if failed_attributes.any?
+        fail Kingsman::Models::MissingAttribute.new(failed_attributes)
+      end
+    end
+
+    # Include the chosen kingsman modules in your model:
+    #
+    #   kingsman :database_authenticatable, :confirmable, :recoverable
+    #
+    # You can also give any of the kingsman configuration values in form of a hash,
+    # with specific values for this model. Please check your Kingsman initializer
+    # for a complete description on those values.
+    #
+    def kingsman(*modules)
+      options = modules.extract_options!.dup
+
+      selected_modules = modules.map(&:to_sym).uniq.sort_by do |s|
+        Kingsman::ALL.index(s) || -1  # follow Kingsman::ALL order
+      end
+
+      kingsman_modules_hook! do
+        include Kingsman::Orm
+        include Kingsman::Models::Authenticatable
+
+        selected_modules.each do |m|
+          mod = Kingsman::Models.const_get(m.to_s.classify)
+
+          if mod.const_defined?("ClassMethods")
+            class_mod = mod.const_get("ClassMethods")
+            extend class_mod
+
+            if class_mod.respond_to?(:available_configs)
+              available_configs = class_mod.available_configs
+              available_configs.each do |config|
+                next unless options.key?(config)
+                send(:"#{config}=", options.delete(config))
+              end
+            end
+          end
+
+          include mod
+        end
+
+        self.kingsman_modules |= selected_modules
+        options.each { |key, value| send(:"#{key}=", value) }
+      end
+    end
+
+    # The hook which is called inside kingsman.
+    # So your ORM can include kingsman compatibility stuff.
+    def kingsman_modules_hook!
+      yield
+    end
+  end
+end
+
+require 'kingsman/models/authenticatable'

data/lib/kingsman/modules.rb

@@ -0,0 +1,33 @@
+require 'active_support/core_ext/object/with_options'
+
+# Kingsman.with_options model: true do |k|
+#   k.add_module :database_authenticatable
+#   # k.add_module :database_authenticatable, controller: :sessions, route: { session: [nil, :new, :destroy] }
+# end
+
+Kingsman.with_options model: true do |k|
+  # Strategies first
+  k.with_options strategy: true do |s|
+    routes = [nil, :new, :destroy]
+    s.add_module :database_authenticatable, controller: :sessions, route: { session: routes }
+    s.add_module :rememberable, no_input: true
+  end
+
+  # Other authentications
+  k.add_module :omniauthable, controller: :omniauth_callbacks,  route: :omniauth_callback
+
+  # Misc after
+  routes = [nil, :new, :edit]
+  k.add_module :recoverable,  controller: :passwords,     route: { password: routes }
+  k.add_module :registerable, controller: :registrations, route: { registration: (routes << :cancel) }
+  k.add_module :validatable
+
+  # The ones which can sign out after
+  routes = [nil, :new]
+  k.add_module :confirmable,  controller: :confirmations, route: { confirmation: routes }
+  k.add_module :lockable,     controller: :unlocks,       route: { unlock: routes }
+  k.add_module :timeoutable
+
+  # Stats for last, so we make sure the user is really signed in
+  k.add_module :trackable
+end

data/lib/kingsman/omniauth/config.rb

@@ -0,0 +1,47 @@
+# frozen_string_literal: true
+
+module Kingsman
+  module OmniAuth
+    class StrategyNotFound < NameError
+      def initialize(strategy)
+        @strategy = strategy
+        super("Could not find a strategy with name `#{strategy}'. " \
+          "Please ensure it is required or explicitly set it using the :strategy_class option.")
+      end
+    end
+
+    class Config
+      attr_accessor :strategy
+      attr_reader :args, :options, :provider, :strategy_name
+
+      def initialize(provider, args)
+        @provider       = provider
+        @args           = args
+        @options        = @args.last.is_a?(Hash) ? @args.last : {}
+        @strategy       = nil
+        @strategy_name  = options[:name] || @provider
+        @strategy_class = options.delete(:strategy_class)
+      end
+
+      def strategy_class
+        @strategy_class ||= find_strategy || autoload_strategy
+      end
+
+      def find_strategy
+        ::OmniAuth.strategies.find do |strategy_class|
+          strategy_class.to_s =~ /#{::OmniAuth::Utils.camelize(strategy_name)}$/ ||
+            strategy_class.default_options[:name] == strategy_name
+        end
+      end
+
+      def autoload_strategy
+        name = ::OmniAuth::Utils.camelize(provider.to_s)
+        if ::OmniAuth::Strategies.const_defined?(name)
+          ::OmniAuth::Strategies.const_get(name)
+        else
+          raise StrategyNotFound, name
+        end
+      end
+    end
+  end
+end

data/lib/kingsman/omniauth/url_helpers.rb

@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+module Kingsman
+  module OmniAuth
+    # Note: scope is at the end of the method name for Jets whereas it is at the beginning for Rails
+    module UrlHelpers
+      def omniauth_authorize_path(resource_or_scope, provider, *args)
+        scope = Kingsman::Mapping.find_scope!(resource_or_scope)
+        _kingsman_route_context.send("#{provider}_omniauth_authorize_#{scope}_path", *args)
+      end
+
+      def omniauth_authorize_url(resource_or_scope, provider, *args)
+        scope = Kingsman::Mapping.find_scope!(resource_or_scope)
+        _kingsman_route_context.send("#{provider}_omniauth_authorize_#{scope}_url", *args)
+      end
+
+      def omniauth_callback_path(resource_or_scope, provider, *args)
+        scope = Kingsman::Mapping.find_scope!(resource_or_scope)
+        _kingsman_route_context.send("#{provider}_omniauth_callback_#{scope}_path", *args)
+      end
+
+      def omniauth_callback_url(resource_or_scope, provider, *args)
+        scope = Kingsman::Mapping.find_scope!(resource_or_scope)
+        _kingsman_route_context.send("#{provider}_omniauth_callback_#{scope}_url", *args)
+      end
+    end
+  end
+end

data/lib/kingsman/omniauth.rb

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+begin
+  gem "omniauth", ">= 1.0.0"
+
+  require "omniauth"
+rescue LoadError
+  warn "Could not load 'omniauth'. Please ensure you have the omniauth gem >= 1.0.0 installed and listed in your Gemfile."
+  raise
+end
+
+# Clean up the default path_prefix. It will be automatically set by Kingsman.
+OmniAuth.config.path_prefix = nil
+
+OmniAuth.config.on_failure = Proc.new do |env|
+  env['kingsman.mapping'] = Kingsman::Mapping.find_by_path!(env['PATH_INFO'], :path)
+  controller_name  = ActiveSupport::Inflector.camelize(env['kingsman.mapping'].controllers[:omniauth_callbacks])
+  controller_klass = ActiveSupport::Inflector.constantize("#{controller_name}Controller")
+  controller_klass.action(:failure).call(env)
+end

data/lib/kingsman/orm/active_record.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+# loaded from config/initalizers/kingsman.rb
+#
+#    Kingsman.setup do |config|
+#      require 'kingsman/orm/active_record'
+#
+require 'orm_adapter'
+require 'orm_adapter/adapters/active_record'
+
+ActiveSupport.on_load(:active_record) do
+  extend Kingsman::Models
+end

data/lib/kingsman/orm/mongoid.rb

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+ActiveSupport.on_load(:mongoid) do
+  require 'orm_adapter/base'
+  require 'orm_adapter/adapters/mongoid'
+
+  Mongoid::Document::ClassMethods.send :include, Kingsman::Models
+end

data/lib/kingsman/orm.rb

@@ -0,0 +1,37 @@
+module Kingsman
+  module Orm # :nodoc:
+    def self.active_record?(model)
+      defined?(ActiveRecord) && model < ActiveRecord::Base
+    end
+
+    def self.included(model)
+      model.include DirtyTrackingMethods
+    end
+
+    module DirtyTrackingMethods
+      def kingsman_email_before_last_save
+        email_before_last_save
+      end
+
+      def kingsman_email_in_database
+        email_in_database
+      end
+
+      def kingsman_saved_change_to_email?
+        saved_change_to_email?
+      end
+
+      def kingsman_saved_change_to_encrypted_password?
+        saved_change_to_encrypted_password?
+      end
+
+      def kingsman_will_save_change_to_email?
+        will_save_change_to_email?
+      end
+
+      def kingsman_respond_to_and_will_save_change_to_attribute?(attribute)
+        respond_to?("will_save_change_to_#{attribute}?") && send("will_save_change_to_#{attribute}?")
+      end
+    end
+  end
+end

data/lib/kingsman/parameter_filter.rb

@@ -0,0 +1,44 @@
+# frozen_string_literal: true
+
+module Kingsman
+  class ParameterFilter
+    def initialize(case_insensitive_keys, strip_whitespace_keys)
+      @case_insensitive_keys = case_insensitive_keys || []
+      @strip_whitespace_keys = strip_whitespace_keys || []
+    end
+
+    def filter(conditions)
+      conditions = stringify_params(conditions.dup)
+
+      conditions.merge!(filtered_hash_by_method_for_given_keys(conditions.dup, :downcase, @case_insensitive_keys))
+      conditions.merge!(filtered_hash_by_method_for_given_keys(conditions.dup, :strip, @strip_whitespace_keys))
+
+      conditions
+    end
+
+    def filtered_hash_by_method_for_given_keys(conditions, method, condition_keys)
+      condition_keys.each do |k|
+        next unless conditions.key?(k)
+
+        value = conditions[k]
+        conditions[k] = value.send(method) if value.respond_to?(method)
+      end
+
+      conditions
+    end
+
+    # Force keys to be string to avoid injection on mongoid related database.
+    def stringify_params(conditions)
+      return conditions unless conditions.is_a?(Hash)
+      conditions.each do |k, v|
+        conditions[k] = v.to_s if param_requires_string_conversion?(v)
+      end
+    end
+
+    private
+
+    def param_requires_string_conversion?(value)
+      true
+    end
+  end
+end

data/lib/kingsman/parameter_sanitizer.rb

@@ -0,0 +1,173 @@
+# frozen_string_literal: true
+
+module Kingsman
+  # The +ParameterSanitizer+ deals with permitting specific parameters values
+  # for each +Kingsman+ scope in the application.
+  #
+  # The sanitizer knows about Kingsman default parameters (like +password+ and
+  # +password_confirmation+ for the `RegistrationsController`), and you can
+  # extend or change the permitted parameters list on your controllers.
+  #
+  # === Permitting new parameters
+  #
+  # You can add new parameters to the permitted list using the +permit+ method
+  # in a +before_action+ method, for instance.
+  #
+  #    class ApplicationController < ActionController::Base
+  #      before_action :configure_permitted_parameters, if: :kingsman_controller?
+  #
+  #      protected
+  #
+  #      def configure_permitted_parameters
+  #        # Permit the `subscribe_newsletter` parameter along with the other
+  #        # sign up parameters.
+  #        kingsman_parameter_sanitizer.permit(:sign_up, keys: [:subscribe_newsletter])
+  #      end
+  #    end
+  #
+  # Using a block yields an +ActionController::Parameters+ object so you can
+  # permit nested parameters and have more control over how the parameters are
+  # permitted in your controller.
+  #
+  #    def configure_permitted_parameters
+  #      kingsman_parameter_sanitizer.permit(:sign_up) do |user|
+  #        user.permit(newsletter_preferences: [])
+  #      end
+  #    end
+  class ParameterSanitizer
+    DEFAULT_PERMITTED_ATTRIBUTES = {
+      sign_in: [:password, :remember_me],
+      sign_up: [:password, :password_confirmation],
+      account_update: [:password, :password_confirmation, :current_password]
+    }
+
+    def initialize(resource_class, resource_name, params)
+      @auth_keys      = extract_auth_keys(resource_class)
+      @params         = params
+      @resource_name  = resource_name
+      @permitted      = {}
+
+      DEFAULT_PERMITTED_ATTRIBUTES.each_pair do |action, keys|
+        permit(action, keys: keys)
+      end
+    end
+
+    # Sanitize the parameters for a specific +action+.
+    #
+    # === Arguments
+    #
+    # * +action+ - A +Symbol+ with the action that the controller is
+    #   performing, like +sign_up+, +sign_in+, etc.
+    #
+    # === Examples
+    #
+    #    # Inside the `RegistrationsController#create` action.
+    #    resource = build_resource(kingsman_parameter_sanitizer.sanitize(:sign_up))
+    #    resource.save
+    #
+    # Returns an +ActiveSupport::HashWithIndifferentAccess+ with the permitted
+    # attributes.
+    def sanitize(action)
+      permissions = @permitted[action]
+
+      if permissions.respond_to?(:call)
+        cast_to_hash permissions.call(default_params)
+      elsif permissions.present?
+        cast_to_hash permit_keys(default_params, permissions)
+      else
+        unknown_action!(action)
+      end
+    end
+
+    # Add or remove new parameters to the permitted list of an +action+.
+    #
+    # === Arguments
+    #
+    # * +action+ - A +Symbol+ with the action that the controller is
+    #   performing, like +sign_up+, +sign_in+, etc.
+    # * +keys:+     - An +Array+ of keys that also should be permitted.
+    # * +except:+   - An +Array+ of keys that shouldn't be permitted.
+    # * +block+     - A block that should be used to permit the action
+    #   parameters instead of the +Array+ based approach. The block will be
+    #   called with an +ActionController::Parameters+ instance.
+    #
+    # === Examples
+    #
+    #   # Adding new parameters to be permitted in the `sign_up` action.
+    #   kingsman_parameter_sanitizer.permit(:sign_up, keys: [:subscribe_newsletter])
+    #
+    #   # Removing the `password` parameter from the `account_update` action.
+    #   kingsman_parameter_sanitizer.permit(:account_update, except: [:password])
+    #
+    #   # Using the block form to completely override how we permit the
+    #   # parameters for the `sign_up` action.
+    #   kingsman_parameter_sanitizer.permit(:sign_up) do |user|
+    #     user.permit(:email, :password, :password_confirmation)
+    #   end
+    #
+    #
+    # Returns nothing.
+    def permit(action, keys: nil, except: nil, &block)
+      if block_given?
+        @permitted[action] = block
+      end
+
+      if keys.present?
+        @permitted[action] ||= @auth_keys.dup
+        @permitted[action].concat(keys)
+      end
+
+      if except.present?
+        @permitted[action] ||= @auth_keys.dup
+        @permitted[action] = @permitted[action] - except
+      end
+    end
+
+    private
+
+    # Cast a sanitized +ActionController::Parameters+ to a +HashWithIndifferentAccess+
+    # that can be used elsewhere.
+    #
+    # Returns an +ActiveSupport::HashWithIndifferentAccess+.
+    def cast_to_hash(params)
+      # TODO: Remove the `with_indifferent_access` method call when we only support Rails 5+.
+      params && params.to_h.with_indifferent_access
+    end
+
+    def default_params
+      if hashable_resource_params?
+        @params.fetch(@resource_name)
+      else
+        empty_params
+      end
+    end
+
+    def hashable_resource_params?
+      @params[@resource_name].respond_to?(:permit)
+    end
+
+    def empty_params
+      ActionController::Parameters.new({})
+    end
+
+    def permit_keys(parameters, keys)
+      parameters.permit(*keys)
+    end
+
+    def extract_auth_keys(klass)
+      auth_keys = klass.authentication_keys
+
+      auth_keys.respond_to?(:keys) ? auth_keys.keys : auth_keys
+    end
+
+    def unknown_action!(action)
+      raise NotImplementedError, <<-MESSAGE.strip_heredoc
+        "Kingsman doesn't know how to sanitize parameters for '#{action}'".
+        If you want to define a new set of parameters to be sanitized use the
+        `permit` method first:
+
+          kingsman_parameter_sanitizer.permit(:#{action}, keys: [:param1, :param2, :param3])
+      MESSAGE
+    end
+  end
+end

data/lib/kingsman/secret_key_finder.rb

@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+module Kingsman
+  class SecretKeyFinder
+    def initialize(application)
+      @application = application
+    end
+
+    def find
+      if @application.respond_to?(:credentials) && key_exists?(@application.credentials)
+        @application.credentials.secret_key_base
+      elsif @application.respond_to?(:secrets) && key_exists?(@application.secrets)
+        @application.secrets.secret_key_base
+      elsif @application.config.respond_to?(:secret_key_base) && key_exists?(@application.config)
+        @application.config.secret_key_base
+      elsif @application.respond_to?(:secret_key_base) && key_exists?(@application)
+        @application.secret_key_base
+      end
+    end
+
+    private
+
+    def key_exists?(object)
+      object.secret_key_base.present?
+    end
+  end
+end