kingsman 0.0.0.beta → 0.1.0

data/lib/kingsman/autoloader.rb

@@ -0,0 +1,31 @@
+require "zeitwerk"
+
+module Kingsman
+  class Autoloader
+    class Inflector < Zeitwerk::Inflector
+      def camelize(basename, _abspath)
+        map = { cli: "CLI", version: "VERSION", omniauth: "OmniAuth" }
+        map[basename.to_sym] || super
+      end
+    end
+
+    class << self
+      def setup
+        loader = Zeitwerk::Loader.new
+        loader.inflector = Inflector.new
+        lib = File.dirname(__dir__)
+        loader.push_dir(lib) # lib
+        loader.do_not_eager_load("#{lib}/generators")
+        loader.do_not_eager_load("#{lib}/kingsman/models/omniauthable.rb")
+        loader.ignore("#{lib}/kingsman/omniauth.rb")
+        loader.ignore("#{lib}/kingsman/hooks")
+        loader.ignore("#{lib}/kingsman/jets.rb")
+        loader.ignore("#{lib}/kingsman/jets")
+        loader.ignore("#{lib}/kingsman/modules.rb")
+        loader.ignore("#{lib}/kingsman/orm")
+        loader.ignore("#{lib}/kingsman/routes.rb")
+        loader.setup
+      end
+    end
+  end
+end

data/lib/kingsman/controllers/helpers.rb

@@ -0,0 +1,221 @@
+# frozen_string_literal: true
+
+module Kingsman
+  module Controllers
+    # Those helpers are convenience methods added to ApplicationController.
+    module Helpers
+      extend ActiveSupport::Concern
+      include Kingsman::Controllers::SignInOut
+      include Kingsman::Controllers::StoreLocation
+
+      included do
+        if respond_to?(:helper_method)
+          helper_method :warden, :signed_in?, :kingsman_controller?
+        end
+      end
+
+      # Define authentication filters and accessor helpers based on mappings.
+      # These filters should be used inside the controllers as before_actions,
+      # so you can control the scope of the user who should be signed in to
+      # access that specific controller/action.
+      # Example:
+      #
+      #   Roles:
+      #     User
+      #     Admin
+      #
+      #   Generated methods:
+      #     authenticate_user!  # Signs user in or redirect
+      #     authenticate_admin! # Signs admin in or redirect
+      #     user_signed_in?     # Checks whether there is a user signed in or not
+      #     admin_signed_in?    # Checks whether there is an admin signed in or not
+      #     current_user        # Current signed in user
+      #     current_admin       # Current signed in admin
+      #     user_session        # Session data available only to the user scope
+      #     admin_session       # Session data available only to the admin scope
+      #
+      #   Use:
+      #     before_action :authenticate_user!  # Tell kingsman to use :user map
+      #     before_action :authenticate_admin! # Tell kingsman to use :admin map
+      #
+      def self.define_helpers(mapping) #:nodoc:
+        mapping = mapping.name
+
+        class_eval <<-METHODS, __FILE__, __LINE__ + 1
+          def authenticate_#{mapping}!(opts = {})
+            opts[:scope] = :#{mapping}
+            warden.authenticate!(opts) if !kingsman_controller? || opts.delete(:force)
+          end
+
+          def #{mapping}_signed_in?
+            !!current_#{mapping}
+          end
+
+          def current_#{mapping}
+            @current_#{mapping} ||= warden.authenticate(scope: :#{mapping})
+          end
+
+          def #{mapping}_session
+            current_#{mapping} && warden.session(:#{mapping})
+          end
+        METHODS
+
+        ActiveSupport.on_load(:jets_controller) do
+          if respond_to?(:helper_method)
+            helper_method "current_#{mapping}", "#{mapping}_signed_in?", "#{mapping}_session"
+          end
+        end
+      end
+
+      # The main accessor for the warden proxy instance
+      def warden
+        request.env['warden'] or raise MissingWarden
+      end
+
+      # Return true if it's a kingsman_controller. false to all controllers unless
+      # the controllers defined inside kingsman. Useful if you want to apply a before
+      # filter to all controllers, except the ones in kingsman:
+      #
+      #   before_action :my_filter, unless: :kingsman_controller?
+      def kingsman_controller?
+        is_a?(::KingsmanController)
+      end
+
+      # Set up a param sanitizer to filter parameters using strong_parameters. See
+      # lib/kingsman/parameter_sanitizer.rb for more info. Override this
+      # method in your application controller to use your own parameter sanitizer.
+      def kingsman_parameter_sanitizer
+        @kingsman_parameter_sanitizer ||= Kingsman::ParameterSanitizer.new(resource_class, resource_name, params)
+      end
+
+      # Tell warden that params authentication is allowed for that specific page.
+      def allow_params_authentication!
+        request.env["kingsman.allow_params_authentication"] = true
+      end
+
+      # The scope root url to be used when they're signed in. By default, it first
+      # tries to find a resource_root_path, otherwise it uses the root_path.
+      def signed_in_root_path(resource_or_scope)
+        scope = Kingsman::Mapping.find_scope!(resource_or_scope)
+        router_name = Kingsman.mappings[scope].router_name
+
+        home_path = "#{scope}_root_path"
+
+        context = router_name ? send(router_name) : self
+        if context.respond_to?(home_path, true)
+          context.send(home_path)
+        elsif context.respond_to?(:root_path)
+          context.root_path
+        elsif respond_to?(:root_path)
+          root_path
+        else
+          "/"
+        end
+      end
+
+      # The default url to be used after signing in. This is used by all Kingsman
+      # controllers and you can overwrite it in your ApplicationController to
+      # provide a custom hook for a custom resource.
+      #
+      # By default, it first tries to find a valid resource_return_to key in the
+      # session, then it fallbacks to resource_root_path, otherwise it uses the
+      # root path. For a user scope, you can define the default url in
+      # the following way:
+      #
+      #   get '/users' => 'users#index', as: :user_root # creates user_root_path
+      #
+      #   namespace :user do
+      #     root 'users#index' # creates user_root_path
+      #   end
+      #
+      # If the resource root path is not defined, root_path is used. However,
+      # if this default is not enough, you can customize it, for example:
+      #
+      #   def after_sign_in_path_for(resource)
+      #     stored_location_for(resource) ||
+      #       if resource.is_a?(User) && resource.can_publish?
+      #         publisher_url
+      #       else
+      #         super
+      #       end
+      #   end
+      #
+      def after_sign_in_path_for(resource_or_scope)
+        stored_location_for(resource_or_scope) || signed_in_root_path(resource_or_scope)
+      end
+
+      # Method used by sessions controller to sign out a user. You can overwrite
+      # it in your ApplicationController to provide a custom hook for a custom
+      # scope. Notice that differently from +after_sign_in_path_for+ this method
+      # receives a symbol with the scope, and not the resource.
+      #
+      # By default it is the root_path.
+      def after_sign_out_path_for(resource_or_scope)
+        scope = Kingsman::Mapping.find_scope!(resource_or_scope)
+        router_name = Kingsman.mappings[scope].router_name
+        context = router_name ? send(router_name) : self
+        context.respond_to?(:root_path) ? context.root_path : "/"
+      end
+
+      # Sign in a user and tries to redirect first to the stored location and
+      # then to the url specified by after_sign_in_path_for. It accepts the same
+      # parameters as the sign_in method.
+      def sign_in_and_redirect(resource_or_scope, *args)
+        options  = args.extract_options!
+        scope    = Kingsman::Mapping.find_scope!(resource_or_scope)
+        resource = args.last || resource_or_scope
+        sign_in(scope, resource, options)
+        redirect_to after_sign_in_path_for(resource)
+      end
+
+      # Sign out a user and tries to redirect to the url specified by
+      # after_sign_out_path_for.
+      def sign_out_and_redirect(resource_or_scope)
+        scope = Kingsman::Mapping.find_scope!(resource_or_scope)
+        redirect_path = after_sign_out_path_for(scope)
+        Kingsman.sign_out_all_scopes ? sign_out : sign_out(scope)
+        redirect_to redirect_path
+      end
+
+      # Overwrite Rails' handle unverified request to sign out all scopes,
+      # clear run strategies and remove cached variables.
+      def handle_unverified_request
+        super # call the default behavior which resets/nullifies/raises
+        request.env["kingsman.skip_storage"] = true
+        sign_out_all_scopes(false)
+      end
+
+      def request_format
+        @request_format ||= request.format.try(:ref)
+      end
+
+      def is_navigational_format?
+        Kingsman.navigational_formats.include?(request_format)
+      end
+
+      # Check if flash messages should be emitted. Default is to do it on
+      # navigational formats
+      def is_flashing_format?
+        request.respond_to?(:flash) && is_navigational_format?
+      end
+
+      private
+
+      def expire_data_after_sign_out!
+        Kingsman.mappings.each { |_,m| instance_variable_set("@current_#{m.name}", nil) }
+        super
+      end
+    end
+  end
+
+  class MissingWarden < StandardError
+    def initialize
+      super "Kingsman could not find the `Warden::Proxy` instance on your request environment.\n" + \
+        "Make sure that your application is loading Kingsman and Warden as expected and that " + \
+        "the `Warden::Manager` middleware is present in your middleware stack.\n" + \
+        "If you are seeing this on one of your tests, ensure that your tests are either " + \
+        "executing the Rails middleware stack or that your tests are using the `Kingsman::Test::ControllerHelpers` " + \
+        "module to inject the `request.env['warden']` object for you."
+    end
+  end
+end

data/lib/kingsman/controllers/rememberable.rb

@@ -0,0 +1,57 @@
+# frozen_string_literal: true
+
+module Kingsman
+  module Controllers
+    # A module that may be optionally included in a controller in order
+    # to provide remember me behavior. Useful when signing in is done
+    # through a callback, like in OmniAuth.
+    module Rememberable
+      # Return default cookie values retrieved from session options.
+      def self.cookie_values
+        Jets.config.session_options.slice(:path, :domain, :secure)
+      end
+
+      def remember_me_is_active?(resource)
+        return false unless resource.respond_to?(:remember_me)
+        scope = Kingsman::Mapping.find_scope!(resource)
+        _, token, generated_at = cookies.signed[remember_key(resource, scope)]
+        resource.remember_me?(token, generated_at)
+      end
+
+      # Remembers the given resource by setting up a cookie
+      def remember_me(resource)
+        return if request.env["kingsman.skip_storage"]
+        scope = Kingsman::Mapping.find_scope!(resource)
+        resource.remember_me!
+        cookies.signed[remember_key(resource, scope)] = remember_cookie_values(resource)
+      end
+
+      # Forgets the given resource by deleting a cookie
+      def forget_me(resource)
+        scope = Kingsman::Mapping.find_scope!(resource)
+        resource.forget_me!
+        cookies.delete(remember_key(resource, scope))
+        # cookies.delete(remember_key(resource, scope), forget_cookie_values(resource))
+      end
+
+      protected
+
+      def forget_cookie_values(resource)
+        Kingsman::Controllers::Rememberable.cookie_values.merge!(resource.rememberable_options)
+      end
+
+      def remember_cookie_values(resource)
+        options = { httponly: true }
+        options.merge!(forget_cookie_values(resource))
+        options.merge!(
+          value: resource.class.serialize_into_cookie(resource),
+          expires: resource.remember_expires_at
+        )
+      end
+
+      def remember_key(resource, scope)
+        resource.rememberable_options.fetch(:key, "remember_#{scope}_token")
+      end
+    end
+  end
+end

data/lib/kingsman/controllers/responder.rb

@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+
+module Kingsman
+  module Controllers
+    # Custom Responder to configure default statuses that only apply to Kingsman,
+    # and allow to integrate more easily with Hotwire/Turbo.
+    class Responder < Jets::Controller::Responder
+      if respond_to?(:error_status=) && respond_to?(:redirect_status=)
+        self.error_status = :ok
+        self.redirect_status = :found
+      else
+        # TODO: remove this support for older Rails versions, which aren't supported by Turbo
+        # and/or responders. It won't allow configuring a custom response, but it allows Kingsman
+        # to use these methods and defaults across the implementation more easily.
+        def self.error_status
+          :ok
+        end
+
+        def self.redirect_status
+          :found
+        end
+
+        def self.error_status=(*)
+          warn "[KINGSMAN] Setting the error status on the Kingsman responder has no effect with this " \
+            "version of `responders`, please make sure you're using a newer version. Check the changelog for more info."
+        end
+
+        def self.redirect_status=(*)
+          warn "[KINGSMAN] Setting the redirect status on the Kingsman responder has no effect with this " \
+            "version of `responders`, please make sure you're using a newer version. Check the changelog for more info."
+        end
+      end
+    end
+  end
+end

data/lib/kingsman/controllers/scoped_views.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+module Kingsman
+  module Controllers
+    module ScopedViews
+      extend ActiveSupport::Concern
+
+      module ClassMethods
+        def scoped_views?
+          defined?(@scoped_views) ? @scoped_views : Kingsman.scoped_views
+        end
+
+        def scoped_views=(value)
+          @scoped_views = value
+        end
+      end
+    end
+  end
+end

data/lib/kingsman/controllers/sign_in_out.rb

@@ -0,0 +1,112 @@
+# frozen_string_literal: true
+
+module Kingsman
+  module Controllers
+    # Provide sign in and sign out functionality.
+    # Included by default in all controllers.
+    module SignInOut
+      # Return true if the given scope is signed in session. If no scope given, return
+      # true if any scope is signed in. This will run authentication hooks, which may
+      # cause exceptions to be thrown from this method; if you simply want to check
+      # if a scope has already previously been authenticated without running
+      # authentication hooks, you can directly call `warden.authenticated?(scope: scope)`
+      def signed_in?(scope = nil)
+        [scope || Kingsman.mappings.keys].flatten.any? do |_scope|
+          warden.authenticate?(scope: _scope)
+        end
+      end
+
+      # Sign in a user that already was authenticated. This helper is useful for logging
+      # users in after sign up. All options given to sign_in is passed forward
+      # to the set_user method in warden.
+      # If you are using a custom warden strategy and the timeoutable module, you have to
+      # set `env["kingsman.skip_timeout"] = true` in the request to use this method, like we do
+      # in the sessions controller: https://github.com/heartcombo/kingsman/blob/main/app/controllers/kingsman/sessions_controller.rb#L7
+      #
+      # Examples:
+      #
+      #   sign_in :user, @user                      # sign_in(scope, resource)
+      #   sign_in @user                             # sign_in(resource)
+      #   sign_in @user, event: :authentication     # sign_in(resource, options)
+      #   sign_in @user, store: false               # sign_in(resource, options)
+      #
+      def sign_in(resource_or_scope, *args)
+        options  = args.extract_options!
+        scope    = Kingsman::Mapping.find_scope!(resource_or_scope)
+        resource = args.last || resource_or_scope
+
+        expire_data_after_sign_in!
+
+        if warden.user(scope) == resource && !options.delete(:force)
+          # Do nothing. User already signed in and we are not forcing it.
+          true
+        else
+          warden.set_user(resource, options.merge!(scope: scope))
+        end
+      end
+
+      # Sign in a user bypassing the warden callbacks and stores the user
+      # straight in session. This option is useful in cases the user is already
+      # signed in, but we want to refresh the credentials in session.
+      #
+      # Examples:
+      #
+      #   bypass_sign_in @user, scope: :user
+      #   bypass_sign_in @user
+      def bypass_sign_in(resource, scope: nil)
+        scope ||= Kingsman::Mapping.find_scope!(resource)
+        expire_data_after_sign_in!
+        warden.session_serializer.store(resource, scope)
+      end
+
+      # Sign out a given user or scope. This helper is useful for signing out a user
+      # after deleting accounts. Returns true if there was a logout and false if there
+      # is no user logged in on the referred scope
+      #
+      # Examples:
+      #
+      #   sign_out :user     # sign_out(scope)
+      #   sign_out @user     # sign_out(resource)
+      #
+      def sign_out(resource_or_scope = nil)
+        return sign_out_all_scopes unless resource_or_scope
+        scope = Kingsman::Mapping.find_scope!(resource_or_scope)
+        user = warden.user(scope: scope, run_callbacks: false) # If there is no user
+
+        warden.logout(scope)
+        warden.clear_strategies_cache!(scope: scope)
+        instance_variable_set(:"@current_#{scope}", nil)
+
+        !!user
+      end
+
+      # Sign out all active users or scopes. This helper is useful for signing out all roles
+      # in one click. This signs out ALL scopes in warden. Returns true if there was at least one logout
+      # and false if there was no user logged in on all scopes.
+      def sign_out_all_scopes(lock = true)
+        users = Kingsman.mappings.keys.map { |s| warden.user(scope: s, run_callbacks: false) }
+
+        warden.logout
+        expire_data_after_sign_out!
+        warden.clear_strategies_cache!
+        warden.lock! if lock
+
+        users.any?
+      end
+
+      private
+
+      def expire_data_after_sign_in!
+        # TODO: remove once Rails 5.2+ and forward are only supported.
+        # session.keys will return an empty array if the session is not yet loaded.
+        # This is a bug in both Rack and Rails.
+        # A call to #empty? forces the session to be loaded.
+        session.empty?
+
+        session.keys.grep(/^kingsman\./).each { |k| session.delete(k) }
+      end
+
+      alias :expire_data_after_sign_out! :expire_data_after_sign_in!
+    end
+  end
+end

data/lib/kingsman/controllers/store_location.rb

@@ -0,0 +1,76 @@
+# frozen_string_literal: true
+
+require "uri"
+
+module Kingsman
+  module Controllers
+    # Provide the ability to store a location.
+    # Used to redirect back to a desired path after sign in.
+    # Included by default in all controllers.
+    module StoreLocation
+      # Returns and delete (if it's navigational format) the url stored in the session for
+      # the given scope. Useful for giving redirect backs after sign up:
+      #
+      # Example:
+      #
+      #   redirect_to stored_location_for(:user) || root_path
+      #
+      def stored_location_for(resource_or_scope)
+        session_key = stored_location_key_for(resource_or_scope)
+
+        if is_navigational_format?
+          session.delete(session_key)
+        else
+          session[session_key]
+        end
+      end
+
+      # Stores the provided location to redirect the user after signing in.
+      # Useful in combination with the `stored_location_for` helper.
+      #
+      # Example:
+      #
+      #   store_location_for(:user, dashboard_path)
+      #   redirect_to user_facebook_omniauth_authorize_path
+      #
+      def store_location_for(resource_or_scope, location)
+        session_key = stored_location_key_for(resource_or_scope)
+
+        path = extract_path_from_location(location)
+        session[session_key] = path if path
+      end
+
+      private
+
+      def parse_uri(location)
+        location && URI.parse(location)
+      rescue URI::InvalidURIError
+        nil
+      end
+
+      def stored_location_key_for(resource_or_scope)
+        scope = Kingsman::Mapping.find_scope!(resource_or_scope)
+        "#{scope}_return_to"
+      end
+
+      def extract_path_from_location(location)
+        uri = parse_uri(location)
+
+        if uri
+          path = remove_domain_from_uri(uri)
+          path = add_fragment_back_to_path(uri, path)
+
+          path
+        end
+      end
+
+      def remove_domain_from_uri(uri)
+        [uri.path.sub(/\A\/+/, '/'), uri.query].compact.join('?')
+      end
+
+      def add_fragment_back_to_path(uri, path)
+        [path, uri.fragment].compact.join('#')
+      end
+    end
+  end
+end

data/lib/kingsman/controllers/url_helpers.rb

@@ -0,0 +1,72 @@
+# frozen_string_literal: true
+
+module Kingsman
+  module Controllers
+    # Create url helpers to be used with resource/scope configuration. Acts as
+    # proxies to the generated routes created by kingsman.
+    # Resource param can be a string or symbol, a class, or an instance object.
+    # Example using a :user resource:
+    #
+    #   new_session_path(:user)      => new_user_session_path
+    #   session_path(:user)          => user_session_path
+    #   destroy_session_path(:user)  => destroy_user_session_path
+    #
+    #   new_password_path(:user)     => new_user_password_path
+    #   password_path(:user)         => user_password_path
+    #   edit_password_path(:user)    => edit_user_password_path
+    #
+    #   new_confirmation_path(:user) => new_user_confirmation_path
+    #   confirmation_path(:user)     => user_confirmation_path
+    #
+    # Those helpers are included by default to ActionController::Base.
+    #
+    # Keeping interesting note about how Rails routes work.
+    #
+    # In case you want to add such helpers to another class, you can do
+    # that as long as this new class includes both url_helpers and
+    # mounted_helpers. Example:
+    #
+    #     include Rails.application.routes.url_helpers
+    #     include Rails.application.routes.mounted_helpers
+    #
+    module UrlHelpers
+      def self.remove_helpers!
+        self.instance_methods.map(&:to_s).grep(/_(url|path)$/).each do |method|
+          remove_method method
+        end
+      end
+
+      def self.generate_helpers!(routes = nil)
+        routes ||= begin
+          mappings = Kingsman.mappings.values.map(&:used_helpers).flatten.uniq
+          Kingsman::URL_HELPERS.slice(*mappings)
+        end
+
+        routes.each do |module_name, actions|
+          [:path, :url].each do |path_or_url|
+            actions.each do |action|
+              action = action ? "#{action}_" : ""
+              method = :"#{action}#{module_name}_#{path_or_url}"
+
+              define_method method do |resource_or_scope, *args|
+                scope = Kingsman::Mapping.find_scope!(resource_or_scope)
+                router_name = Kingsman.mappings[scope].router_name
+                context = router_name ? send(router_name) : _kingsman_route_context
+                method_name = "#{action}#{scope}_#{module_name}_#{path_or_url}"
+                context.send(method_name, *args)
+              end
+            end
+          end
+        end
+      end
+
+      generate_helpers!(Kingsman::URL_HELPERS)
+
+      private
+
+      def _kingsman_route_context
+        @_kingsman_route_context ||= send(Kingsman.available_router_name)
+      end
+    end
+  end
+end

data/lib/kingsman/delegator.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+module Kingsman
+  # Checks the scope in the given environment and returns the associated failure app.
+  class Delegator
+    def call(env)
+      failure_app(env).call(env)
+    end
+
+    def failure_app(env)
+      app = env["warden.options"] &&
+        (scope = env["warden.options"][:scope]) &&
+        Kingsman.mappings[scope.to_sym].failure_app
+
+      app || Kingsman::FailureApp
+    end
+  end
+end

data/lib/kingsman/encryptor.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+require 'bcrypt'
+
+module Kingsman
+  module Encryptor
+    def self.digest(password)
+      stretches = 12
+      ::BCrypt::Password.create(password, cost: stretches).to_s
+    end
+
+    def self.compare(hashed_password, password)
+      return false if hashed_password.blank?
+      bcrypt   = ::BCrypt::Password.new(hashed_password)
+      password = ::BCrypt::Engine.hash_secret(password, bcrypt.salt)
+      Kingsman.secure_compare(password, hashed_password)
+    end
+  end
+end