linked_rails-auth 0.0.1

data/app/controllers/linked_rails/auth/otp_attempts_controller.rb

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+module LinkedRails
+  module Auth
+    class OtpAttemptsController < LinkedRails.controller_parent_class
+      private
+
+      def create_success
+        sign_in(current_resource.owner, otp_verified: true)
+
+        head 200
+      end
+
+      class << self
+        def controller_class
+          LinkedRails.otp_attempt_class
+        end
+      end
+    end
+  end
+end

data/app/controllers/linked_rails/auth/otp_secrets_controller.rb

@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+
+module LinkedRails
+  module Auth
+    class OtpSecretsController < LinkedRails.controller_parent_class
+      active_response :show
+
+      private
+
+      def create_success
+        active_response_block do
+          sign_in(current_resource.owner, otp_verified: true) if current_user.guest?
+
+          respond_with_redirect(
+            location: current_resource.redirect_url,
+            reload: true
+          )
+        end
+      end
+
+      def destroy_success
+        active_response_block do
+          respond_with_redirect(location: LinkedRails.iri.to_s, reload: true)
+        end
+      end
+
+      def permit_params
+        return super unless action_name == 'create'
+
+        super.merge(active: true)
+      end
+
+      class << self
+        def controller_class
+          LinkedRails.otp_secret_class
+        end
+      end
+    end
+  end
+end

data/app/controllers/linked_rails/auth/passwords_controller.rb

@@ -0,0 +1,63 @@
+# frozen_string_literal: true
+
+module LinkedRails
+  module Auth
+    class PasswordsController < Devise::PasswordsController
+      skip_before_action :require_no_authentication, only: :create
+
+      private
+
+      def after_sending_reset_password_instructions_path_for(_resource_name)
+        LinkedRails.iri(path: '/u/session/new').path
+      end
+
+      def after_resetting_password_path_for(_resource)
+        LinkedRails.iri(path: '/u/session/new').path
+      end
+
+      def create_execute
+        @current_resource = resource_class.send_reset_password_instructions(resource_params)
+        successfully_sent?(current_resource)
+      end
+
+      def create_failure_message; end
+
+      def create_success_location
+        after_sending_reset_password_instructions_path_for(resource_name)
+      end
+
+      def create_success_message
+        find_message(:send_instructions)
+      end
+
+      def new_session_path(*_args)
+        LinkedRails.iri(path: 'u/session/new').path
+      end
+
+      def resource_params
+        params.fetch(resource_name, nil) ||
+          params.fetch(controller_name.singularize, {})
+      end
+
+      def update_execute
+        @current_resource = resource_class.reset_password_by_token(resource_params)
+
+        current_resource.errors.empty?
+      end
+
+      def update_success_message
+        find_message(:updated_not_active)
+      end
+
+      def update_success_location
+        after_resetting_password_path_for(current_resource)
+      end
+
+      class << self
+        def controller_class
+          LinkedRails.password_class
+        end
+      end
+    end
+  end
+end

data/app/controllers/linked_rails/auth/registrations_controller.rb

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+module LinkedRails
+  module Auth
+    class RegistrationsController < Devise::RegistrationsController
+      skip_before_action :assert_is_devise_resource!, only: :show
+      active_response :show
+
+      private
+
+      def active_response_success_message; end
+
+      def create_success
+        sign_in(current_resource)
+        super
+      end
+
+      def create_success_location
+        current_resource.redirect_url
+      end
+
+      def resource_params
+        params.require(permit_param_key)
+      end
+
+      class << self
+        def controller_class
+          LinkedRails.registration_class
+        end
+      end
+    end
+  end
+end

data/app/controllers/linked_rails/auth/sessions_controller.rb

@@ -0,0 +1,55 @@
+# frozen_string_literal: true
+
+module LinkedRails
+  module Auth
+    class SessionsController < ApplicationController
+      active_response :create
+
+      private
+
+      def active_response_success_message; end
+
+      def active_response_failure_message; end
+
+      def create_execute
+        true
+      end
+
+      def create_success_location
+        if requested_user
+          LinkedRails.iri(path: 'u/access_token/new').to_s
+        else
+          LinkedRails.iri(path: 'u/registration/new').to_s
+        end
+      end
+
+      def requested_user
+        @requested_user ||= LinkedRails.user_class.find_for_database_authentication(email: permit_params[:email])
+      end
+
+      def destroy_execute
+        sign_out
+      end
+
+      def destroy_success
+        respond_with_redirect(
+          location: '/'
+        )
+      end
+
+      def permit_params
+        params.require(:session).permit(:redirect_url, :email)
+      end
+
+      def r_param
+        new_resource_params[:redirect_url] || (params.key?(:session) ? permit_params[:redirect_url] : nil)
+      end
+
+      class << self
+        def controller_class
+          LinkedRails.session_class
+        end
+      end
+    end
+  end
+end

data/app/controllers/linked_rails/auth/unlocks_controller.rb

@@ -0,0 +1,44 @@
+# frozen_string_literal: true
+
+module LinkedRails
+  module Auth
+    class UnlocksController < Devise::UnlocksController
+      private
+
+      def after_sending_unlock_instructions_path_for(_resource)
+        LinkedRails.iri(path: '/u/session/new').path
+      end
+
+      def after_unlock_path_for(_resource)
+        LinkedRails.iri(path: '/u/session/new').path
+      end
+
+      def create_execute
+        @current_resource = resource_class.send_unlock_instructions(resource_params)
+
+        successfully_sent?(current_resource!)
+      end
+
+      def create_failure_message; end
+
+      def create_success_location
+        after_sending_unlock_instructions_path_for(current_resource)
+      end
+
+      def create_success_message
+        find_message(:send_instructions)
+      end
+
+      def resource_params
+        params.fetch(resource_name, nil) ||
+          params.fetch(controller_name.singularize, {})
+      end
+
+      class << self
+        def controller_class
+          LinkedRails.unlock_class
+        end
+      end
+    end
+  end
+end

data/app/forms/linked_rails/auth/access_token_form.rb

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+module LinkedRails
+  module Auth
+    class AccessTokenForm < LinkedRails.form_parent_class
+      field :email,
+            input_field: LinkedRails::Form::Field::EmailInput,
+            min_count: 1
+      field :password,
+            description: '',
+            input_field: LinkedRails::Form::Field::PasswordInput,
+            min_count: 1
+      resource :reset_password, url: -> { LinkedRails.iri(path: '/u/password/new') }
+
+      hidden do
+        field :redirect_url
+      end
+    end
+  end
+end

data/app/forms/linked_rails/auth/confirmation_form.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+module LinkedRails
+  module Auth
+    class ConfirmationForm < LinkedRails.form_parent_class
+      field :email, input_field: LinkedRails::Form::Field::EmailInput, min_count: 1
+    end
+  end
+end

data/app/forms/linked_rails/auth/otp_attempt_form.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+module LinkedRails
+  module Auth
+    class OtpAttemptForm < LinkedRails.form_parent_class
+      field :otp_attempt, description: '', min_count: 1
+    end
+  end
+end

data/app/forms/linked_rails/auth/otp_secret_form.rb

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+module LinkedRails
+  module Auth
+    class OtpSecretForm < LinkedRails.form_parent_class
+      resource :provision_image,
+               description: -> { I18n.t('otp_secrets.properties.provision_image.description') },
+               path: Vocab.schema.image
+      field :otp_attempt, description: '', min_count: 1
+    end
+  end
+end

data/app/forms/linked_rails/auth/password_form.rb

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+module LinkedRails
+  module Auth
+    class PasswordForm < LinkedRails.form_parent_class
+      field :email,
+            input_field: LinkedRails::Form::Field::EmailInput,
+            min_count: 1
+      field :password,
+            input_field: LinkedRails::Form::Field::PasswordInput,
+            min_count: 1
+      field :password_confirmation,
+            input_field: LinkedRails::Form::Field::PasswordInput,
+            min_count: 1
+
+      hidden do
+        field :reset_password_token
+      end
+    end
+  end
+end

data/app/forms/linked_rails/auth/registration_form.rb

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+module LinkedRails
+  module Auth
+    class RegistrationForm < LinkedRails.form_parent_class
+      field :email,
+            input_field: LinkedRails::Form::Field::EmailInput,
+            min_count: 1
+      field :password,
+            input_field: LinkedRails::Form::Field::PasswordInput,
+            min_count: 1
+      field :password_confirmation,
+            input_field: LinkedRails::Form::Field::PasswordInput,
+            min_count: 1
+
+      hidden do
+        field :redirect_url
+      end
+    end
+  end
+end

data/app/forms/linked_rails/auth/session_form.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+module LinkedRails
+  module Auth
+    class SessionForm < LinkedRails.form_parent_class
+      field :email, input_field: LinkedRails::Form::Field::EmailInput, min_count: 1
+
+      hidden do
+        field :redirect_url
+      end
+    end
+  end
+end

data/app/forms/linked_rails/auth/unlock_form.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+module LinkedRails
+  module Auth
+    class UnlockForm < LinkedRails.form_parent_class
+      field :email, input_field: LinkedRails::Form::Field::EmailInput, min_count: 1
+    end
+  end
+end

data/app/helpers/linked_rails/auth/otp_helper.rb

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+module LinkedRails
+  module Auth
+    module OtpHelper
+      def handle_expired_session
+        raise LinkedRails::Auth::Errors::Expired, I18n.t('messages.otp_secrets.expired')
+      end
+
+      def session_from_param(session_param)
+        return {} unless session_param
+
+        JWT.decode(
+          session_param,
+          Doorkeeper::JWT.configuration.secret_key,
+          true,
+          algorithms: [Doorkeeper::JWT.configuration.encryption_method.to_s.upcase]
+        ).first || {}
+      rescue JWT::ExpiredSignature
+        handle_expired_session
+      end
+
+      def owner_from_session(session_param)
+        user_id = session_from_param(session_param)['user_id']
+
+        LinkedRails.otp_owner_class.find_by(id: user_id) if user_id
+      end
+    end
+  end
+end

data/app/models/linked_rails/auth/access_token.rb

@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+
+module LinkedRails
+  module Auth
+    class AccessToken < LinkedRails::Resource
+      enhance LinkedRails::Enhancements::Actionable
+      enhance LinkedRails::Enhancements::Creatable
+      enhance LinkedRails::Enhancements::Singularable
+
+      attr_accessor :email, :redirect_url, :password
+      alias root_relative_iri root_relative_singular_iri
+
+      def singular_iri_opts
+        {redirect_url: redirect_url}
+      end
+
+      class << self
+        def action_list
+          LinkedRails.access_token_action_list_class
+        end
+
+        def form_class
+          LinkedRails.access_token_form_class
+        end
+
+        def singular_iri_template
+          @singular_iri_template ||= URITemplate.new("/#{singular_route_key}{?redirect_url}")
+        end
+
+        def singular_route_key
+          'u/access_token'
+        end
+
+        def requested_singular_resource(params, _user_context)
+          new(redirect_url: params[:redirect_url])
+        end
+      end
+    end
+  end
+end