minimalist_authentication 0.6.14 → 1.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: a34456f10d23a888a02be9b3f641b98aa6cc80ef
-  data.tar.gz: e8e0a2755308097c530c7e8680cc320ed963ab77
+  metadata.gz: 2d020d82d864706eb3048098a397f68a6dd1cbf7
+  data.tar.gz: 0ebabb35dda1683be51aff8132a84fbb851f1da7
 SHA512:
-  metadata.gz: 12cb3f5a4d7eec151c4666e2f6268ef46a796554a2afcef5bc9065aee3e1b637ac5daeafe3654c6016df9e5cf1c140eb266dfdbf330796b584e96c7edd87a986
-  data.tar.gz: 92b48a4cf0293909525d4042c1857bf1696750025918cbe6eaef61b9e2115e7f7e9203f7dc3f35ca6e0ee0aab4e6aa5bcbfa011e100ce9905dac95c3dcabd46e
+  metadata.gz: fb9ec1fde1bbf9d5ba15778b0b52b906b67cf2a76e5a5c44ed1159d72377b2fc313f81bde6d54423e4229111b14927ac3e7ef695dd0fc5c21b2631b0f4663a2a
+  data.tar.gz: 82e0db4943b2b1e4b8e0fe4320876079a5a38609a0add94598bc01f4d68e101560cf1e5569814076aa62918461374068c8ad5531cf3eb87dcd3e57f4d80bb893

data/MIT-LICENSE

@@ -1,4 +1,4 @@
-Copyright (c) 2009-2013 WorldWide IDEA, Inc http://www.wwidea.org
+Copyright 2009-2017 Brightways Learning https://www.brightwayslearning.org
 
 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and associated documentation files (the

data/README.md

@@ -1,55 +1,59 @@
-[![Code Climate](https://codeclimate.com/badge.png)](https://codeclimate.com/github/wwidea/minimalist_authentication)
-
-MinimalistAuthentication
-========================
-
+# MinimalistAuthentication
 A Rails authentication gem that takes a minimalist approach. It is designed to be simple to understand, use, and modify for your application.
 
-This gem was largely inspired by the restful-authentication plugin (http://github.com/technoweenie/restful-authentication/tree/master). I selected the essential methods for password based authentication, reorganized them, trimmed them down when possible, added a couple of features, and resisted the urge to start adding more.
-
-
-Installation
-============
-1) Add to your Gemfile:
-
-    gem 'minimalist_authentication'
-
-2) Create a user model:
-
-    bin/rails generate model user active:boolean email:string crypted_password:string salt:string using_digest_version:integer last_logged_in_at:datetime
-
-
-Example
-=======
-
-1) app/models/user.rb
-
-    class User < ActiveRecord::Base
-      include Minimalist::Authentication
-    end
-
-2) app/controllers/application.rb
-
-    class ApplicationController < ActionController::Base
-      include Minimalist::Authorization
-      
-      # Lock down everything by default
-      # use skip_before_filter to open up sepecific actions
-      prepend_before_filter :authorization_required
-    end
-
-3) app/controllers/sessions_controller.rb
-
-    class SessionsController < ApplicationController
-      include Minimalist::Sessions
-      skip_before_filter :authorization_required, only: [:new, :create]
-    end
-
-4) test/test_helper.rb
-
-    class ActiveSupport::TestCase
-      include Minimalist::TestHelper
-    end
-
 
-Copyright (c) 2009 Aaron Baldwin, released under the MIT license
+## Installation
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'minimalist_authentication'
+```
+
+And then execute:
+```bash
+$ bundle
+```
+
+Create a user model:
+```bash
+bin/rails generate model user active:boolean email:string crypted_password:string salt:string using_digest_version:integer last_logged_in_at:datetime
+```
+
+
+## Example
+Include Minimalist::Authentication in your user model (app/models/user.rb)
+```ruby
+class User < ApplicationRecord
+  include Minimalist::Authentication
+end
+```
+
+Include Minimalist::Authorization in your ApplicationController (app/controllers/application.rb)
+```ruby
+class ApplicationController < ActionController::Base
+  include Minimalist::Authorization
+  
+  # Lock down everything by default
+  # use skip_before_action to open up specific actions
+  before_action :authorization_required
+end
+```
+
+Include Minimalist::Sessions in your SessionsController (app/controllers/sessions_controller.rb)
+```ruby
+class SessionsController < ApplicationController
+  include Minimalist::Sessions
+  skip_before_action :authorization_required, only: %i(new create)
+end
+```
+
+Include Minimalist::TestHelper in your test helper (test/test_helper.rb)
+```ruby
+class ActiveSupport::TestCase
+  include Minimalist::TestHelper
+end
+```
+
+
+## License
+The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).

data/Rakefile

@@ -1,35 +1,36 @@
-require 'rake'
-require 'rake/testtask'
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+
 require 'rdoc/task'
 
-desc 'Default: run unit tests.'
-task :default => :test
+RDoc::Task.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'MinimalistAuthentication'
+  rdoc.options << '--line-numbers'
+  rdoc.rdoc_files.include('README.md')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+APP_RAKEFILE = File.expand_path("../test/dummy/Rakefile", __FILE__)
+load 'rails/tasks/engine.rake'
+
+
+load 'rails/tasks/statistics.rake'
+
+
+
+require 'bundler/gem_tasks'
+
+require 'rake/testtask'
 
-desc 'Test the minimalist_authentication plugin.'
 Rake::TestTask.new(:test) do |t|
-  t.libs << 'lib'
   t.libs << 'test'
   t.pattern = 'test/**/*_test.rb'
-  t.verbose = true
+  t.verbose = false
 end
 
-desc 'Generate documentation for the minimalist_authentication plugin.'
-Rake::RDocTask.new(:rdoc) do |rdoc|
-  rdoc.rdoc_dir = 'rdoc'
-  rdoc.title    = 'MinimalistAuthentication'
-  rdoc.options << '--line-numbers' << '--inline-source'
-  rdoc.rdoc_files.include('README')
-  rdoc.rdoc_files.include('lib/**/*.rb')
-end
 
-desc 'Measures test coverage using rcov'
-task :rcov do
-  rm_f "coverage"
-  rcov = "rcov --rails --text-summary -Ilib --exclude /gems/,/app/,/Library/"
-  system("#{rcov} --html #{Dir.glob('test/**/*_test.rb').join(' ')}")
-  if PLATFORM['darwin'] #Mac
-    system("open coverage/index.html")
-  elsif PLATFORM[/linux/] #Ubuntu, etc.
-    system("/etc/alternatives/x-www-browser coverage/index.html")
-  end
-end
+task default: :test

data/app/views/sessions/_form.html.erb

@@ -0,0 +1,5 @@
+<%= form_for :user, url: session_path do |form| %>
+  <%= form.text_field     :email %>
+  <%= form.password_field :password %>
+  <%= form.submit         'Log in' %>
+<% end %>

data/app/views/sessions/new.html.erb

@@ -0,0 +1 @@
+<%= render partial: 'form' %>

data/config/routes.rb

@@ -0,0 +1,2 @@
+Rails.application.routes.draw do
+end

data/lib/minimalist/authentication.rb

@@ -3,33 +3,29 @@ require 'bcrypt'
 
 module Minimalist
   module Authentication
+    extend ActiveSupport::Concern
+    
     GUEST_USER_EMAIL = 'guest'
     PREFERRED_DIGEST_VERSION = 3
 
     # Recalibrates cost when class is loaded so that new user passwords
     # can automatically take advantage of faster server hardware in the
     # future for better encryption.
-    CALIBRATED_BCRYPT_COST = BCrypt::Engine.calibrate(750)
+    # sets cost to BCrypt::Engine::MIN_COST in the test environment
+    CALIBRATED_BCRYPT_COST = (::Rails.env.test? ? BCrypt::Engine::MIN_COST : BCrypt::Engine.calibrate(750))
 
-    def self.included( base )
-      base.extend(ClassMethods)
-      base.class_eval do
-        include InstanceMethods
+    included do
+      attr_accessor :password
+      before_save :encrypt_password
 
-        attr_accessor :password
-        before_save :encrypt_password
+      validates_presence_of     :email, if: :validate_email_presence?
+      validates_uniqueness_of   :email, allow_blank: true, if: :validate_email_uniqueness?
+      validates_format_of       :email, allow_blank: true, with: /\A([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})\Z/i, if: :validate_email_format?
+      validates_presence_of     :password,                 if: :password_required?
+      validates_confirmation_of :password,                 if: :password_required?
+      validates_length_of       :password, within: 6..40,  if: :password_required?
 
-        validates_presence_of     :email, if: :validate_email_presence?
-        validates_uniqueness_of   :email, allow_blank: true, if: :validate_email_uniqueness?
-        validates_format_of       :email, allow_blank: true, with: /\A([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})\Z/i, if: :validate_email_format?
-        validates_presence_of     :password,                 if: :password_required?
-        validates_confirmation_of :password,                 if: :password_required?
-        validates_length_of       :password, within: 6..40,  if: :password_required?
-
-        scope :active, ->(active = true) { where active: active }
-
-
-      end
+      scope :active, ->(active = true) { where active: active }
     end
 
     module ClassMethods
@@ -40,7 +36,7 @@ module Minimalist
         return user
       end
 
-      def secure_digest(string, salt, version = 1)
+      def secure_digest(string, salt, version = PREFERRED_DIGEST_VERSION)
         case version
           when 0 then Digest::MD5.hexdigest(string.to_s)
           when 1 then Digest::SHA1.hexdigest("#{string}--#{salt}")
@@ -54,84 +50,78 @@ module Minimalist
       end
 
       def guest
-        new.tap do |user|
-          user.email = GUEST_USER_EMAIL
-        end
+        new(email: GUEST_USER_EMAIL)
       end
     end
 
-    module InstanceMethods
-
-      def active?
-        active
-      end
+    def active?
+      active
+    end
 
-      def authenticated?(password)
-        if crypted_password == encrypt(password)
-          if self.respond_to?(:using_digest_version) and (using_digest_version != PREFERRED_DIGEST_VERSION or salt_cost < CALIBRATED_BCRYPT_COST)
-            new_salt = self.class.make_token
-            self.update_attribute(:crypted_password,self.class.secure_digest(password, new_salt, PREFERRED_DIGEST_VERSION))
-            self.update_attribute(:salt, new_salt)
-            self.update_attribute(:using_digest_version, PREFERRED_DIGEST_VERSION)
-          end
-          return true
-        else
-          return false
+    def authenticated?(password)
+      if crypted_password == encrypt(password)
+        if self.respond_to?(:using_digest_version) && (using_digest_version != PREFERRED_DIGEST_VERSION || salt_cost < CALIBRATED_BCRYPT_COST)
+          new_salt = self.class.make_token
+          self.update_attribute(:crypted_password, self.class.secure_digest(password, new_salt))
+          self.update_attribute(:salt, new_salt)
+          self.update_attribute(:using_digest_version, PREFERRED_DIGEST_VERSION)
         end
+        return true
+      else
+        return false
       end
+    end
 
-      def logged_in
-        update_column(:last_logged_in_at, Time.current) # use update_column to avoid updated_on trigger
-      end
+    def logged_in
+      update_column(:last_logged_in_at, Time.current) # use update_column to avoid updated_on trigger
+    end
 
-      def is_guest?
-        email == GUEST_USER_EMAIL
-      end
+    def is_guest?
+      email == GUEST_USER_EMAIL
+    end
 
-      #######
-      private
-      #######
 
-      def password_required?
-        active? && (crypted_password.blank? || !password.blank?)
-      end
+    private
 
-      def encrypt(password)
-        self.class.secure_digest(password, salt, digest_version)
-      end
+    def password_required?
+      active? && (crypted_password.blank? || !password.blank?)
+    end
 
-      def encrypt_password
-        return if password.blank?
-        self.salt = self.class.make_token
-        self.crypted_password = self.class.secure_digest(password, salt, (self.respond_to?(:using_digest_version) ? PREFERRED_DIGEST_VERSION : 1))
-        self.using_digest_version = PREFERRED_DIGEST_VERSION if self.respond_to?(:using_digest_version)
-      end
+    def encrypt(password)
+      self.class.secure_digest(password, salt, digest_version)
+    end
 
-      def digest_version
-        self.respond_to?(:using_digest_version) ? (using_digest_version || 1) : 1
-      end
+    def encrypt_password
+      return if password.blank?
+      self.salt = self.class.make_token
+      self.crypted_password = self.class.secure_digest(password, salt)
+      self.using_digest_version = PREFERRED_DIGEST_VERSION if self.respond_to?(:using_digest_version)
+    end
 
-      def salt_cost
-        BCrypt::Engine.valid_salt?(salt) ? salt.match(/\$[^\$]+\$([0-9]+)\$/)[1].to_i : 0
-      end
+    def digest_version
+      self.respond_to?(:using_digest_version) ? (using_digest_version || 1) : 1
+    end
 
-      # email validation
-      def validate_email?
-        # allows applications to turn off email validation
-        true
-      end
+    def salt_cost
+      BCrypt::Engine.valid_salt?(salt) ? salt.match(/\$[^\$]+\$([0-9]+)\$/)[1].to_i : 0
+    end
 
-      def validate_email_presence?
-        validate_email? && active?
-      end
+    # email validation
+    def validate_email?
+      # allows applications to turn off email validation
+      true
+    end
 
-      def validate_email_format?
-        validate_email? && active?
-      end
+    def validate_email_presence?
+      validate_email? && active?
+    end
 
-      def validate_email_uniqueness?
-        validate_email? && active?
-      end
+    def validate_email_format?
+      validate_email? && active?
+    end
+
+    def validate_email_uniqueness?
+      validate_email? && active?
     end
   end
 end

data/lib/minimalist/authorization.rb

@@ -1,49 +1,44 @@
 module Minimalist
   module Authorization
-    def self.included( base )
-      base.class_eval do
-        include InstanceMethods
-        helper_method :current_user, :logged_in?, :authorized?
-      end
+    extend ActiveSupport::Concern
+    
+    included do
+      helper_method :current_user, :logged_in?, :authorized?
     end
 
-    module InstanceMethods
-      #######
-      private
-      #######
+    private
 
-      def current_user
-        @current_user ||= (get_user_from_session || User.guest)
-      end
+    def current_user
+      @current_user ||= (get_user_from_session || User.guest)
+    end
 
-      def get_user_from_session
-        User.find_by_id(session[:user_id]) if session[:user_id]
-      end
+    def get_user_from_session
+      User.find_by_id(session[:user_id]) if session[:user_id]
+    end
 
-      def authorization_required
-        authorized? || access_denied
-      end
+    def authorization_required
+      authorized? || access_denied
+    end
 
-      def authorized?(action = action_name, resource = controller_name)
-        logged_in?
-      end
+    def authorized?(action = action_name, resource = controller_name)
+      logged_in?
+    end
 
-      def logged_in?
-        !current_user.is_guest?
-      end
+    def logged_in?
+      !current_user.is_guest?
+    end
 
-      def access_denied
-        store_location if request.method.to_s.downcase == 'get' && !logged_in?
-        redirect_to new_session_path
-      end
+    def access_denied
+      store_location if request.method.to_s.downcase == 'get' && !logged_in?
+      redirect_to new_session_path
+    end
 
-      def store_location
-        session['return_to'] = request.fullpath
-      end
+    def store_location
+      session['return_to'] = request.fullpath
+    end
 
-      def redirect_back_or_default(default)
-        redirect_to(session.delete('return_to') || default)
-      end
+    def redirect_back_or_default(default)
+      redirect_to(session.delete('return_to') || default)
     end
   end
-end
+end