minimalist_authentication 3.2.1 → 3.2.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4b81e23298baa784d92be34aa1b6b372f585c5ea8bba51d953a85ee39ec44db5
-  data.tar.gz: 2cad820418a3869931fad968063d3f97e7302686b1fd534daf3a1c9f0d5dda15
+  metadata.gz: 69d08aa192324c376e8a95622c7dbdad23b1d3b97c271a0dfaf23ea096c7a3ee
+  data.tar.gz: 8a28310be5faf089c7b2128624a186ee0d4afe4827bc8e81be26a12a6d69a2f6
 SHA512:
-  metadata.gz: 3b5cd0f9f672f3084884b5385d333705d21d9835738e0b79ba8bc10853bc8bf5cbec88451ff07db26844a601fc69e685fe3f5e3961c5dbcd3616033d9cfe781a
-  data.tar.gz: 183194ef85c0ed224f9550c95779ecc5d37b6437ea0b05cd2e2cc32c43785d6718639bc1e4b74997df0fedf93432366e7240bc1e1d6b440008210ce64f277134
+  metadata.gz: 5fd1cb1d8a7e659c2e29c6d395f86f70b87dc6e4f91e47b96fc233d70c8328537baee9b310dc3f60f92700c8455afb8cc1c28558692c2b3df08f420ec360ebf8
+  data.tar.gz: 93ecc3a00b2a1728f0974f8bda923d9177ae7d74fe03df9af66c0dc8d2c70032c9bfaccc65083507be82486d23d347316cda948d24b8b778f56ba4744e7cba47

data/README.md

@@ -26,6 +26,13 @@ bin/rails generate model user active:boolean username:string password_digest:str
 
 
 ## Example
+Create a Current class that inherits from ActiveSupport::CurrentAttributes with a user attribute (app/models/current.rb)
+```ruby
+class Current < ActiveSupport::CurrentAttributes
+  attribute :user
+end
+```
+
 Include MinimalistAuthentication::User in your user model (app/models/user.rb)
 ```ruby
 class User < ApplicationRecord

data/app/controllers/emails_controller.rb

@@ -7,7 +7,7 @@ class EmailsController < ApplicationController
     if current_user.update(user_params)
       redirect_to update_redirect_path, notice: t(".notice")
     else
-      render :edit, status: :unprocessable_entity
+      render :edit, status: :unprocessable_content
     end
   end
 

data/app/controllers/password_resets_controller.rb

@@ -19,7 +19,7 @@ class PasswordResetsController < ApplicationController
       redirect_to new_session_path, notice: t(".notice", email:)
     else
       flash.now.alert = t(".alert")
-      render :new, status: :unprocessable_entity
+      render :new, status: :unprocessable_content
     end
   end
 

data/app/controllers/passwords_controller.rb

@@ -17,7 +17,7 @@ class PasswordsController < ApplicationController
     if user.update(password_params)
       redirect_to new_session_path, notice: t(".notice")
     else
-      render :edit, status: :unprocessable_entity
+      render :edit, status: :unprocessable_content
     end
   end
 

data/lib/minimalist_authentication/controller.rb

@@ -5,8 +5,11 @@ module MinimalistAuthentication
     extend ActiveSupport::Concern
 
     included do
-      # Lock down everything by default
-      # use skip_before_action to open up specific actions
+      # Loads the user object from the session and assigns it to Current.user
+      before_action :load_current_user
+
+      # Requires an authorized user for all actions
+      # Use skip_before_action to allow access to specific actions
       before_action :authorization_required
 
       helper MinimalistAuthentication::ApplicationHelper
@@ -14,35 +17,47 @@ module MinimalistAuthentication
       helper_method :current_user, :logged_in?, :authorized?
     end
 
-    private
+    # Returns true if the user is logged in
+    # Override this method in your controller to customize authorization
+    def authorized?(_action = action_name, _resource = controller_name)
+      logged_in?
+    end
 
+    # Returns the current user from the client application Current class
     def current_user
-      @current_user ||= find_session_user || MinimalistAuthentication.configuration.user_model.guest
+      ::Current.user
     end
 
-    def find_session_user
-      MinimalistAuthentication.configuration.user_model.find_enabled(session_user_id)
+    # Returns true if a current user is present, otherwise returns false
+    def logged_in?
+      current_user.present?
     end
 
-    def session_user_id
-      session[MinimalistAuthentication.configuration.session_key]
+    # Logs in a user by setting the session key and updating the Current user
+    # Should only be called after a successful authentication
+    def update_current_user(user)
+      reset_session
+      session[MinimalistAuthentication.session_key] = user.id
+      ::Current.user = user
     end
 
-    def authorization_required
-      authorized? || access_denied
+    private
+
+    def access_denied
+      store_location if request.get? && !logged_in?
+      redirect_to new_session_path
     end
 
-    def authorized?(_action = action_name, _resource = controller_name)
-      logged_in?
+    def authorization_required
+      authorized? || access_denied
     end
 
-    def logged_in?
-      !current_user.guest?
+    def find_session_user
+      MinimalistAuthentication.user_model.find_enabled(session[MinimalistAuthentication.session_key])
     end
 
-    def access_denied
-      store_location if request.get? && !logged_in?
-      redirect_to new_session_path
+    def load_current_user
+      Current.user = find_session_user
     end
 
     def store_location

data/lib/minimalist_authentication/sessions.rb

@@ -27,11 +27,17 @@ module MinimalistAuthentication
 
     def destroy
       reset_session
+      clear_site_data
       redirect_to logout_redirect_to, notice: t(".notice"), status: :see_other
     end
 
     private
 
+    # Sets a “Clear-Site-Data” header to clear the browser cache.
+    def clear_site_data
+      response.headers["Clear-Site-Data"] = '"cache","storage"'
+    end
+
     def user
       @user ||= MinimalistAuthentication.configuration.user_model.new
     end
@@ -42,9 +48,8 @@ module MinimalistAuthentication
 
     def log_in_user
       self.return_to = session["return_to"]
-      reset_session
+      update_current_user(authenticated_user)
       authenticated_user.logged_in
-      session[MinimalistAuthentication.configuration.session_key] = authenticated_user.id
     end
 
     def user_params
@@ -77,7 +82,7 @@ module MinimalistAuthentication
     def after_authentication_failure
       flash.now.alert = t(".alert", identifier:)
       user
-      render :new, status: :unprocessable_entity
+      render :new, status: :unprocessable_content
     end
 
     def identifier

data/lib/minimalist_authentication/test_helper.rb

@@ -5,22 +5,22 @@ module MinimalistAuthentication
     PASSWORD = "test-password"
     PASSWORD_DIGEST = BCrypt::Password.create(PASSWORD, cost: BCrypt::Engine::MIN_COST)
 
-    def login_as(user_fixture_name, password = PASSWORD)
-      post session_path, params: { user: { email: users(user_fixture_name).email, password: } }
-    end
-
     def current_user
       @current_user ||= load_user_from_session
     end
 
+    def login_as(user_fixture_name, password = PASSWORD)
+      post session_path, params: { user: { email: users(user_fixture_name).email, password: } }
+    end
+
     private
 
     def load_user_from_session
-      MinimalistAuthentication.configuration.user_model.find(session_user_id) if session_user_id
+      MinimalistAuthentication.user_model.find(session_user_id) if session_user_id
     end
 
     def session_user_id
-      @request.session[MinimalistAuthentication.configuration.session_key]
+      @request.session[MinimalistAuthentication.session_key]
     end
   end
 end

data/lib/minimalist_authentication/user.rb

@@ -6,8 +6,6 @@ module MinimalistAuthentication
   module User
     extend ActiveSupport::Concern
 
-    GUEST_USER_EMAIL = "guest"
-
     included do
       has_secure_password
 
@@ -54,11 +52,6 @@ module MinimalistAuthentication
         active(false)
       end
 
-      # Returns a frozen user with the email set to GUEST_USER_EMAIL.
-      def guest
-        new(email: GUEST_USER_EMAIL).freeze
-      end
-
       # Minimum password length
       def password_minimum = 12
     end
@@ -87,9 +80,14 @@ module MinimalistAuthentication
       authenticate(password)
     end
 
-    # Check if user is a guest based on their email attribute
+    # Deprecated method to check if the user is a guest. Returns false because the guest user has been removed.
     def guest?
-      email == GUEST_USER_EMAIL
+      MinimalistAuthentication.deprecator.warn(<<-MSG.squish)
+        Calling #guest? is deprecated. Use #MinimalistAuthentication::Controller#logged_in? to
+        check for the presence of a current_user instead.
+      MSG
+
+      false
     end
 
     # Returns true if the user is not active.

data/lib/minimalist_authentication/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module MinimalistAuthentication
-  VERSION = "3.2.1"
+  VERSION = "3.2.3"
 end

data/lib/minimalist_authentication.rb

@@ -12,7 +12,7 @@ require "minimalist_authentication/test_helper"
 
 module MinimalistAuthentication
   class << self
-    delegate :user_model, to: :configuration
+    delegate :session_key, :user_model, to: :configuration
 
     def deprecator
       @deprecator ||= ActiveSupport::Deprecation.new("4.0", name)

metadata

@@ -1,15 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: minimalist_authentication
 version: !ruby/object:Gem::Version
-  version: 3.2.1
+  version: 3.2.3
 platform: ruby
 authors:
 - Aaron Baldwin
 - Brightways Learning
-autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-11-22 00:00:00.000000000 Z
+date: 1980-01-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bcrypt
@@ -97,7 +96,6 @@ licenses:
 metadata:
   homepage_uri: https://github.com/wwidea/minimalist_authentication
   rubygems_mfa_required: 'true'
-post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -112,8 +110,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.5.11
-signing_key:
+rubygems_version: 3.6.9
 specification_version: 4
 summary: A Rails authentication plugin that takes a minimalist approach.
 test_files: []