kingsman 0.0.0.beta → 0.1.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7d48d26f76dd2a261f622a2538474b0c30f28ec82502d5f0ffa213a3b29a4093
-  data.tar.gz: a793bd466f2ec909d96e17fed93177c930baac7d62875bf9b290d5aed590972d
+  metadata.gz: b377dcbfbe9233de9918897c4439e17264f6d2a2029fea2837830cdc9c909eb9
+  data.tar.gz: '0079936f3046d827ca53397bea9e9a2f2ba7b3f4c022a0b716821c44d0e76f3d'
 SHA512:
-  metadata.gz: 905f8f722b1110cef7f42f95c7c3ef1ffa0c939a6085e9e5a5fe363b6ffdb612508c6f8c29f1c9eade16d9d7308a2004e06a23c15cc79636483c951adf72a85f
-  data.tar.gz: 26623ba45589b56fde604d081bd0a2fdcd22732d1eacc347283be5d0c119a285f63420316ef696bfbd641ec8a0bc54f6e3ffc543dd92f27748a77ecf5064aa6e
+  metadata.gz: 5aa3fa3de11c5de49f9f9c6210d44e4044d62d13f00a2a5f3ecee03c59a9069500f8620232408c1eb87e234c218f37296edc42fbf5f811bad87b753df2354a53
+  data.tar.gz: 7b858e0f87c075bed2c5aee3290d32d5c383ae63b64d5e21635e97c0ff276d8ea7c30245328572c07aac3fb0b71b1032dfdd84f14821f8668e0a49875a07c1d6

data/CHANGELOG.md

@@ -0,0 +1,10 @@
+# Change Log
+
+All notable changes to this project will be documented in this file.
+This project *loosely tries* to adhere to [Semantic Versioning](http://semver.org/), even before v1.0.
+
+## [0.1.1] - 2023-12-02
+- add dependency jets-responders
+
+## [0.1.0]
+- Initial release.

data/README.md

@@ -1,10 +1,11 @@
 # Kingsman
 
-## Installation
+[![Gem Version](https://badge.fury.io/rb/jets-responders.png)](http://badge.fury.io/rb/jets-responders)
 
-Install the gem and add to the application's Gemfile by executing:
+[![BoltOps Badge](https://img.boltops.com/boltops/badges/boltops-badge.png)](https://www.boltops.com)
 
-    $ bundle add kingsman
+[![BoltOps Learn Badge](https://img.boltops.com/boltops-learn/boltops-learn.png)](https://learn.boltops.com)
 
-## Usage
+Kingsman is a flexible authentication solution for Jets based on Warden. It is a port of [heartcombo/devise](https://github.com/heartcombo/devise) to Jets.
 
+Docs: https://docs.rubyonjet.scom/docs/auth/kingsman/

data/app/controllers/kingsman/confirmations_controller.rb

@@ -0,0 +1,54 @@
+# frozen_string_literal: true
+
+class Kingsman::ConfirmationsController < KingsmanController
+  # GET /resource/confirmation/new
+  def new
+    self.resource = resource_class.new
+  end
+
+  # POST /resource/confirmation
+  def create
+    self.resource = resource_class.send_confirmation_instructions(resource_params)
+    yield resource if block_given?
+
+    if successfully_sent?(resource)
+      respond_with({}, location: after_resending_confirmation_instructions_path_for(resource_name))
+    else
+      respond_with(resource)
+    end
+  end
+
+  # GET /resource/confirmation?confirmation_token=abcdef
+  def show
+    self.resource = resource_class.confirm_by_token(params[:confirmation_token])
+    yield resource if block_given?
+
+    if resource.errors.empty?
+      set_flash_message!(:notice, :confirmed)
+      respond_with_navigational(resource){ redirect_to after_confirmation_path_for(resource_name, resource) }
+    else
+      # TODO: use `error_status` when the default changes to `:unprocessable_entity`.
+      respond_with_navigational(resource.errors, status: :unprocessable_entity){ render :new }
+    end
+  end
+
+  protected
+
+    # The path used after resending confirmation instructions.
+    def after_resending_confirmation_instructions_path_for(resource_name)
+      is_navigational_format? ? new_session_path(resource_name) : '/'
+    end
+
+    # The path used after confirmation.
+    def after_confirmation_path_for(resource_name, resource)
+      if signed_in?(resource_name)
+        signed_in_root_path(resource)
+      else
+        new_session_path(resource_name)
+      end
+    end
+
+    def translation_scope
+      'kingsman.confirmations'
+    end
+end

data/app/controllers/kingsman/omniauth_callbacks_controller.rb

@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+
+class Kingsman::OmniauthCallbacksController < KingsmanController
+  prepend_before_action { request.env["kingsman.skip_timeout"] = true }
+
+  def passthru
+    render status: 404, plain: "Not found. Authentication passthru."
+  end
+
+  def failure
+    set_flash_message! :alert, :failure, kind: OmniAuth::Utils.camelize(failed_strategy.name), reason: failure_message
+    redirect_to after_omniauth_failure_path_for(resource_name)
+  end
+
+  protected
+
+  def failed_strategy
+    request.respond_to?(:get_header) ? request.get_header("omniauth.error.strategy") : request.env["omniauth.error.strategy"]
+  end
+
+  def failure_message
+    exception = request.respond_to?(:get_header) ? request.get_header("omniauth.error") : request.env["omniauth.error"]
+    error   = exception.error_reason if exception.respond_to?(:error_reason)
+    error ||= exception.error        if exception.respond_to?(:error)
+    error ||= (request.respond_to?(:get_header) ? request.get_header("omniauth.error.type") : request.env["omniauth.error.type"]).to_s
+    error.to_s.humanize if error
+  end
+
+  def after_omniauth_failure_path_for(scope)
+    new_session_path(scope)
+  end
+
+  def translation_scope
+    'kingsman.omniauth_callbacks'
+  end
+end

data/app/controllers/kingsman/passwords_controller.rb

@@ -0,0 +1,83 @@
+# frozen_string_literal: true
+
+class Kingsman::PasswordsController < KingsmanController
+  prepend_before_action :require_no_authentication
+  # Render the #edit only if coming from a reset password email link
+  append_before_action :assert_reset_token_passed, only: :edit
+
+  # GET /resource/password/new
+  def new
+    self.resource = resource_class.new
+  end
+
+  # POST /resource/password
+  def create
+    self.resource = resource_class.send_reset_password_instructions(resource_params)
+    yield resource if block_given?
+
+    if successfully_sent?(resource)
+      respond_with({}, location: after_sending_reset_password_instructions_path_for(resource_name))
+    else
+      respond_with(resource)
+    end
+  end
+
+  # GET /resource/password/edit?reset_password_token=abcdef
+  def edit
+    self.resource = resource_class.new
+    set_minimum_password_length
+    resource.reset_password_token = params[:reset_password_token]
+  end
+
+  # PUT /resource/password
+  def update
+    self.resource = resource_class.reset_password_by_token(resource_params)
+    yield resource if block_given?
+
+    if resource.errors.empty?
+      resource.unlock_access! if unlockable?(resource)
+      if resource_class.sign_in_after_reset_password
+        flash_message = resource.active_for_authentication? ? :updated : :updated_not_active
+        set_flash_message!(:notice, flash_message)
+        resource.after_database_authentication
+        sign_in(resource_name, resource)
+      else
+        set_flash_message!(:notice, :updated_not_active)
+      end
+      respond_with resource, location: after_resetting_password_path_for(resource)
+    else
+      set_minimum_password_length
+      respond_with resource
+    end
+  end
+
+  protected
+    def after_resetting_password_path_for(resource)
+      resource_class.sign_in_after_reset_password ? after_sign_in_path_for(resource) : new_session_path(resource_name)
+    end
+
+    # The path used after sending reset password instructions
+    def after_sending_reset_password_instructions_path_for(resource_name)
+      new_session_path(resource_name) if is_navigational_format?
+    end
+
+    # Check if a reset_password_token is provided in the request
+    def assert_reset_token_passed
+      if params[:reset_password_token].blank?
+        set_flash_message(:alert, :no_token)
+        redirect_to new_session_path(resource_name)
+      end
+    end
+
+    # Check if proper Lockable module methods are present & unlock strategy
+    # allows to unlock resource on password reset
+    def unlockable?(resource)
+      resource.respond_to?(:unlock_access!) &&
+        resource.respond_to?(:unlock_strategy_enabled?) &&
+        resource.unlock_strategy_enabled?(:email)
+    end
+
+    def translation_scope
+      'kingsman.passwords'
+    end
+end

data/app/controllers/kingsman/registrations_controller.rb

@@ -0,0 +1,168 @@
+# frozen_string_literal: true
+
+class Kingsman::RegistrationsController < KingsmanController
+  prepend_before_action :require_no_authentication, only: [:new, :create, :cancel]
+  prepend_before_action :authenticate_scope!, only: [:edit, :update, :destroy]
+  prepend_before_action :set_minimum_password_length, only: [:new, :edit]
+
+  # GET /resource/sign_up
+  def new
+    build_resource
+    yield resource if block_given?
+    respond_with resource
+  end
+
+  # POST /resource
+  def create
+    build_resource(sign_up_params)
+
+    resource.save
+    yield resource if block_given?
+    if resource.persisted?
+      if resource.active_for_authentication?
+        set_flash_message! :notice, :signed_up
+        sign_up(resource_name, resource)
+        respond_with resource, location: after_sign_up_path_for(resource)
+      else
+        set_flash_message! :notice, :"signed_up_but_#{resource.inactive_message}"
+        expire_data_after_sign_in!
+        respond_with resource, location: after_inactive_sign_up_path_for(resource)
+      end
+    else
+      clean_up_passwords resource
+      set_minimum_password_length
+      respond_with resource
+    end
+  end
+
+  # GET /resource/edit
+  def edit
+    render :edit
+  end
+
+  # PUT /resource
+  # We need to use a copy of the resource because we don't want to change
+  # the current user in place.
+  def update
+    self.resource = resource_class.to_adapter.get!(send(:"current_#{resource_name}").to_key)
+    prev_unconfirmed_email = resource.unconfirmed_email if resource.respond_to?(:unconfirmed_email)
+
+    resource_updated = update_resource(resource, account_update_params)
+    yield resource if block_given?
+    if resource_updated
+      set_flash_message_for_update(resource, prev_unconfirmed_email)
+      bypass_sign_in resource, scope: resource_name if sign_in_after_change_password?
+
+      respond_with resource, location: after_update_path_for(resource)
+    else
+      clean_up_passwords resource
+      set_minimum_password_length
+      respond_with resource
+    end
+  end
+
+  # DELETE /resource
+  def destroy
+    resource.destroy
+    Kingsman.sign_out_all_scopes ? sign_out : sign_out(resource_name)
+    set_flash_message! :notice, :destroyed
+    yield resource if block_given?
+    respond_with_navigational(resource){ redirect_to after_sign_out_path_for(resource_name), status: Kingsman.responder.redirect_status }
+  end
+
+  # GET /resource/cancel
+  # Forces the session data which is usually expired after sign
+  # in to be expired now. This is useful if the user wants to
+  # cancel oauth signing in/up in the middle of the process,
+  # removing all OAuth session data.
+  def cancel
+    expire_data_after_sign_in!
+    redirect_to new_registration_path(resource_name)
+  end
+
+  protected
+
+  def update_needs_confirmation?(resource, previous)
+    resource.respond_to?(:pending_reconfirmation?) &&
+      resource.pending_reconfirmation? &&
+      previous != resource.unconfirmed_email
+  end
+
+  # By default we want to require a password checks on update.
+  # You can overwrite this method in your own RegistrationsController.
+  def update_resource(resource, params)
+    resource.update_with_password(params)
+  end
+
+  # Build a kingsman resource passing in the session. Useful to move
+  # temporary session data to the newly created user.
+  def build_resource(hash = {})
+    self.resource = resource_class.new_with_session(hash, session)
+  end
+
+  # Signs in a user on sign up. You can overwrite this method in your own
+  # RegistrationsController.
+  def sign_up(resource_name, resource)
+    sign_in(resource_name, resource)
+  end
+
+  # The path used after sign up. You need to overwrite this method
+  # in your own RegistrationsController.
+  def after_sign_up_path_for(resource)
+    after_sign_in_path_for(resource) if is_navigational_format?
+  end
+
+  # The path used after sign up for inactive accounts. You need to overwrite
+  # this method in your own RegistrationsController.
+  def after_inactive_sign_up_path_for(resource)
+    scope = Kingsman::Mapping.find_scope!(resource)
+    router_name = Kingsman.mappings[scope].router_name
+    context = router_name ? send(router_name) : self
+    context.respond_to?(:root_path) ? context.root_path : "/"
+  end
+
+  # The default url to be used after updating a resource. You need to overwrite
+  # this method in your own RegistrationsController.
+  def after_update_path_for(resource)
+    sign_in_after_change_password? ? signed_in_root_path(resource) : new_session_path(resource_name)
+  end
+
+  # Authenticates the current scope and gets the current resource from the session.
+  def authenticate_scope!
+    send(:"authenticate_#{resource_name}!", force: true)
+    self.resource = send(:"current_#{resource_name}")
+  end
+
+  def sign_up_params
+    kingsman_parameter_sanitizer.sanitize(:sign_up)
+  end
+
+  def account_update_params
+    kingsman_parameter_sanitizer.sanitize(:account_update)
+  end
+
+  def translation_scope
+    'kingsman.registrations'
+  end
+
+  private
+
+  def set_flash_message_for_update(resource, prev_unconfirmed_email)
+    return unless is_flashing_format?
+
+    flash_key = if update_needs_confirmation?(resource, prev_unconfirmed_email)
+                  :update_needs_confirmation
+                elsif sign_in_after_change_password?
+                  :updated
+                else
+                  :updated_but_not_signed_in
+                end
+    set_flash_message :notice, flash_key
+  end
+
+  def sign_in_after_change_password?
+    return true if account_update_params[:password].blank?
+
+    Kingsman.sign_in_after_change_password
+  end
+end

data/app/controllers/kingsman/sessions_controller.rb

@@ -0,0 +1,83 @@
+class Kingsman::SessionsController < KingsmanController
+  prepend_before_action :require_no_authentication, only: [:new, :create]
+  prepend_before_action :allow_params_authentication!, only: :create
+  prepend_before_action :verify_signed_out_user, only: :destroy
+  prepend_before_action(only: [:create, :destroy]) { request.env["kingsman.skip_timeout"] = true }
+
+  # GET /resource/sign_in
+  def new
+    self.resource = resource_class.new(sign_in_params)
+    clean_up_passwords(resource)
+    yield resource if block_given?
+    respond_with(resource, serialize_options(resource))
+  end
+
+  # POST /resource/sign_in
+  def create
+    self.resource = warden.authenticate!(auth_options)
+    set_flash_message!(:notice, :signed_in)
+    sign_in(resource_name, resource)
+    yield resource if block_given?
+    respond_with resource, location: after_sign_in_path_for(resource)
+  end
+
+  # DELETE /resource/sign_out
+  def destroy
+    signed_out = (Kingsman.sign_out_all_scopes ? sign_out : sign_out(resource_name))
+    set_flash_message! :notice, :signed_out if signed_out
+    yield if block_given?
+    respond_to_on_destroy
+  end
+
+  protected
+
+  def sign_in_params
+    kingsman_parameter_sanitizer.sanitize(:sign_in)
+  end
+
+  def serialize_options(resource)
+    methods = resource_class.authentication_keys.dup
+    methods = methods.keys if methods.is_a?(Hash)
+    methods << :password if resource.respond_to?(:password)
+    { methods: methods, only: [:password] }
+  end
+
+  def auth_options
+    { scope: resource_name, recall: "#{controller_path}#new" }
+  end
+
+  def translation_scope
+    'kingsman.sessions'
+  end
+
+  private
+
+  # Check if there is no signed in user before doing the sign out.
+  #
+  # If there is no signed in user, it will set the flash message and redirect
+  # to the after_sign_out path.
+  def verify_signed_out_user
+    if all_signed_out?
+      set_flash_message! :notice, :already_signed_out
+
+      respond_to_on_destroy
+    end
+  end
+
+  def all_signed_out?
+    users = Kingsman.mappings.keys.map { |s| warden.user(scope: s, run_callbacks: false) }
+
+    users.all?(&:blank?)
+  end
+
+  def respond_to_on_destroy
+    # We actually need to hardcode this as Rails default responder doesn't
+    # support returning empty response on GET request
+    respond_to do |format|
+      # Need format.js Jets ujs-compat uses AJAX delete requests to handle logout
+      format.js  { render json: { location: "/" } }
+      format.all { head :no_content }
+      format.any(*navigational_formats) { redirect_to after_sign_out_path_for(resource_name), status: Kingsman.responder.redirect_status }
+    end
+  end
+end

data/app/controllers/kingsman/unlocks_controller.rb

@@ -0,0 +1,52 @@
+# frozen_string_literal: true
+
+class Kingsman::UnlocksController < KingsmanController
+  prepend_before_action :require_no_authentication
+
+  # GET /resource/unlock/new
+  def new
+    self.resource = resource_class.new
+  end
+
+  # POST /resource/unlock
+  def create
+    self.resource = resource_class.send_unlock_instructions(resource_params)
+    yield resource if block_given?
+
+    if successfully_sent?(resource)
+      respond_with({}, location: after_sending_unlock_instructions_path_for(resource))
+    else
+      respond_with(resource)
+    end
+  end
+
+  # GET /resource/unlock?unlock_token=abcdef
+  def show
+    self.resource = resource_class.unlock_access_by_token(params[:unlock_token])
+    yield resource if block_given?
+
+    if resource.errors.empty?
+      set_flash_message! :notice, :unlocked
+      respond_with_navigational(resource){ redirect_to after_unlock_path_for(resource) }
+    else
+      # TODO: use `error_status` when the default changes to `:unprocessable_entity`.
+      respond_with_navigational(resource.errors, status: :unprocessable_entity){ render :new }
+    end
+  end
+
+  protected
+
+    # The path used after sending unlock password instructions
+    def after_sending_unlock_instructions_path_for(resource)
+      new_session_path(resource) if is_navigational_format?
+    end
+
+    # The path used after unlocking the resource
+    def after_unlock_path_for(resource)
+      new_session_path(resource)  if is_navigational_format?
+    end
+
+    def translation_scope
+      'kingsman.unlocks'
+    end
+end