minimalist_authentication 3.0.0 → 3.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a82f3a3833f400b37555173885d052000dfbd5e4a67da90068384558f8d97705
-  data.tar.gz: 48b819ddbb26a5cb5deaa03c5cd3ef943394e93d6390286d3f30cbae7e5e8477
+  metadata.gz: eb8cc19088eea71ab56f803fe72724911988a9dea1eaf2df45ab6eab1127fea9
+  data.tar.gz: 648dad4be8864624cf3bc9158c9cc207fc19da57256c363415c2c4b3cbe6b3ef
 SHA512:
-  metadata.gz: c867bd7daebdce0f0998e78db4d05ed89bd8d3767d6bb0dc79e362f74ca8e2ac43e930dffb0f396d3d1f4f6b517d26fee00e03e06c32a8afd4b52fb0d03984b7
-  data.tar.gz: de8329fcb5b6bd2d01e9a421818952e6f362d4ff16a3e060d30e5b3afbd4751d56e4c0d37b1a3d80d917baf48dea36b407a2fbfc8f647019fa896529d82bf3a2
+  metadata.gz: fdce2aed67b60fb4adc4d6227523001c52099ea9df6458aa420ce89616467986e05e12362afba71811502d25ab406e2356d2857bc62f640ce7942dc00dc408f4
+  data.tar.gz: a9c0c9ac343602975b60415c0b53c13e50f748e08a63bf37a1ecb6ca64c20eea1e4e6402096c1900b45255cd13ee736a0ef664cce7a25639fccf73486ede9e12

data/README.md

@@ -73,7 +73,6 @@ MinimalistAuthentication.configure do |configuration|
   configuration.verify_email              = true                # default is true
   configuration.login_redirect_path       = :custom_path        # default is :root_path
   configuration.logout_redirect_path      = :custom_path        # default is :new_session_path
-  configuration.email_prefix              = '[Custom Prefix]'   # default is application name
 end
 ```
 

data/app/controllers/email_verifications_controller.rb

@@ -11,7 +11,7 @@ class EmailVerificationsController < ApplicationController
 
   def create
     current_user.regenerate_verification_token
-    MinimalistAuthenticationMailer.verify_email(current_user).deliver_now
+    MinimalistAuthenticationMailer.with(user: current_user).verify_email.deliver_now
 
     redirect_to dashboard_path, notice: t(".notice", email: current_user.email)
   end

data/app/controllers/password_resets_controller.rb

@@ -14,7 +14,7 @@ class PasswordResetsController < ApplicationController
   def create
     if user
       user.regenerate_verification_token
-      MinimalistAuthenticationMailer.update_password(user).deliver_now
+      MinimalistAuthenticationMailer.with(user:).update_password.deliver_now
     end
     # always display notice even if the user was not found to prevent leaking user emails
     redirect_to new_session_path, notice: "Password reset instructions were mailed to #{email}"

data/app/mailers/minimalist_authentication_mailer.rb

@@ -1,24 +1,20 @@
 # frozen_string_literal: true
 
 class MinimalistAuthenticationMailer < ApplicationMailer
-  def verify_email(user)
-    @verify_email_link = email_verification_url(token: user.verification_token)
-    send_to(user, "Email Address Verification")
+  before_action { @user = params[:user] }
+  after_action :mail_user
+
+  def verify_email
+    @verify_email_link = email_verification_url(token: @user.verification_token)
   end
 
-  def update_password(user)
-    @edit_password_link = edit_user_password_url(user, token: user.verification_token)
-    send_to(user, "Update Password")
+  def update_password
+    @edit_password_link = edit_user_password_url(@user, token: @user.verification_token)
   end
 
   private
 
-  def send_to(user, subject)
-    @user = user
-    mail to: @user.email, subject: prefixed_subject(subject)
-  end
-
-  def prefixed_subject(subject)
-    "#{MinimalistAuthentication.configuration.email_prefix} #{subject}"
+  def mail_user
+    mail(to: @user.email)
   end
 end

data/config/locales/minimalist_authentication.en.yml

@@ -19,6 +19,8 @@ en:
   minimalist_authentication_mailer:
     update_password:
       opening: Please click the link below to update your password.
+      subject: Update Password
     verify_email:
-      opening: Please click the link below to complete your email verification.
       closing: If you did not request email verification you can safely ignore this message.
+      opening: Please click the link below to complete your email verification.
+      subject: "Email Address Verification"

data/lib/minimalist_authentication/authenticator.rb

@@ -13,37 +13,44 @@ module MinimalistAuthentication
     # Params examples:
     # { email: 'user@example.com', password: 'abc123' }
     # { username: 'user', password: 'abc123' }
-    # Returns user object upon successful authentication.
-    def self.authenticated_user(params)
+    def self.authenticate(params)
       hash = params.to_h.with_indifferent_access
+      field, value = hash.find { |key, _| LOGIN_FIELDS.include?(key) }
+      new(field:, value:, password: hash["password"]).authenticated_user
+    end
 
-      # Extract login field from hash
-      field = (hash.keys & LOGIN_FIELDS).first
-
-      # Attempt to authenticate user
-      new(field:, value: hash[field], password: hash["password"]).authenticated_user
+    def self.authenticated_user(params)
+      MinimalistAuthentication.deprecator.warn(<<-MSG.squish)
+        Calling MinimalistAuthentication::Authenticator.authenticated_user is deprecated.
+        Use MinimalistAuthentication::Authenticator.authenticate instead.
+      MSG
+      authenticate(params)
     end
 
+    # Initializes a new Authenticator instance with the provided field, value, and password.
     def initialize(field:, value:, password:)
       @field    = field
       @value    = value
       @password = password
     end
 
-    # Returns user upon successful authentication, otherwise returns nil.
+    # Returns an authenticated and enabled user or nil.
     def authenticated_user
-      user if valid? && user&.authenticated?(password)
+      authenticated&.enabled if valid?
+    end
+
+    private
+
+    # Attempts to authenticate a user based on the provided field, value, and password.
+    # Returns user upon successful authentication, otherwise returns nil.
+    def authenticated
+      MinimalistAuthentication.configuration.user_model.authenticate_by(field => value, password:)
     end
 
     # Returns true if all the authentication attributes are present.
+    # Otherwise returns false.
     def valid?
       [field, value, password].all?(&:present?)
     end
-
-    private
-
-    def user
-      @user ||= MinimalistAuthentication.configuration.user_model.active.find_by(field => value)
-    end
   end
 end

data/lib/minimalist_authentication/configuration.rb

@@ -51,10 +51,6 @@ module MinimalistAuthentication
     # Defaults to :new_session_path
     attr_accessor :logout_redirect_path
 
-    # Email subject prefix for MinimalistAuthenticationMailer messages
-    # Defaults to application name
-    attr_accessor :email_prefix
-
     def initialize
       self.user_model_name          = "::User"
       self.session_key              = :user_id
@@ -64,7 +60,10 @@ module MinimalistAuthentication
       self.verify_email             = true
       self.login_redirect_path      = :root_path
       self.logout_redirect_path     = :new_session_path
-      self.email_prefix             = default_email_prefix
+    end
+
+    def email_prefix=(_)
+      MinimalistAuthentication.deprecator.warn("The #email_prefix configuration setting is no longer supported.")
     end
 
     # Returns the user_model class
@@ -73,11 +72,5 @@ module MinimalistAuthentication
     def user_model
       user_model_name.constantize
     end
-
-    private
-
-    def default_email_prefix
-      "[#{Rails.application.engine_name.delete_suffix('_application').titleize}]"
-    end
   end
 end

data/lib/minimalist_authentication/controller.rb

@@ -19,9 +19,7 @@ module MinimalistAuthentication
     end
 
     def find_session_user
-      return unless session_user_id
-
-      MinimalistAuthentication.configuration.user_model.active.find_by(id: session_user_id)
+      MinimalistAuthentication.configuration.user_model.find_enabled(session_user_id)
     end
 
     def session_user_id

data/lib/minimalist_authentication/sessions.rb

@@ -37,7 +37,7 @@ module MinimalistAuthentication
     end
 
     def authenticated_user
-      @authenticated_user ||= MinimalistAuthentication::Authenticator.authenticated_user(user_params)
+      @authenticated_user ||= MinimalistAuthentication::Authenticator.authenticate(user_params)
     end
 
     def log_in_user

data/lib/minimalist_authentication/user.rb

@@ -9,7 +9,7 @@ module MinimalistAuthentication
     GUEST_USER_EMAIL = "guest"
 
     included do
-      has_secure_password validations: false
+      has_secure_password
 
       # Force validations for a blank password.
       attribute :password_required, :boolean, default: false
@@ -24,37 +24,64 @@ module MinimalistAuthentication
       validates(:email, presence: true, if: :validate_email_presence?)
 
       # Password validations
-      validates(
-        :password,
-        confirmation: true,
-        length:       { minimum: :password_minimum, maximum: :password_maximum },
-        presence:     true,
-        if:           :validate_password?
-      )
+      # Adds validations for minimum password length and exclusivity.
+      # has_secure_password adds validations for presence, maximum length, confirmation,
+      # and password_challenge.
+      validates :password, length: { minimum: :password_minimum }, if: :validate_password?
       validate :password_exclusivity, if: :password?
 
       # Active scope
-      scope :active,    ->(state = true)  { where(active: state) }
-      scope :inactive,  ->                { active(false) }
+      scope :active, ->(state = true) { where(active: state) }
     end
 
     module ClassMethods
+      # Finds a user by their id and returns the user if they are enabled.
+      # Returns nil if the user is not found or not enabled.
+      def find_enabled(id)
+        find_by(id:)&.enabled if id.present?
+      end
+
+      def inactive
+        MinimalistAuthentication.deprecator.warn(<<-MSG.squish)
+          Calling #inactive is deprecated. Use #active(false) instead.
+        MSG
+        active(false)
+      end
+
       # Returns a frozen user with the email set to GUEST_USER_EMAIL.
       def guest
         new(email: GUEST_USER_EMAIL).freeze
       end
     end
 
+    # Called after a user is authenticated to determine if the user object should be returned.
+    def enabled
+      self if enabled?
+    end
+
+    # Returns true if the user is enabled.
+    # Override this method in your user model to implement custom logic that determines if a user is eligible to log in.
+    def enabled?
+      active?
+    end
+
+    # Remove the has_secure_password password blank error if password is not required.
+    def errors
+      super.tap { |errors| errors.delete(:password, :blank) unless validate_password? }
+    end
+
     # Returns true if the user is not active.
     def inactive?
+      MinimalistAuthentication.deprecator.warn("Calling #inactive? is deprecated.")
       !active?
     end
 
     # Returns true if password matches the hashed_password, otherwise returns false.
     def authenticated?(password)
+      MinimalistAuthentication.deprecator.warn(<<-MSG.squish)
+        Calling #authenticated? is deprecated. Use #authenticate instead.
+      MSG
       authenticate(password)
-    rescue ::BCrypt::Errors::InvalidHash
-      false
     end
 
     # Check if user is a guest based on their email attribute
@@ -62,17 +89,14 @@ module MinimalistAuthentication
       email == GUEST_USER_EMAIL
     end
 
+    # Sets #last_logged_in_at to the current time without updating the updated_at timestamp.
     def logged_in
-      # Use update_column to avoid updated_on trigger
       update_column(:last_logged_in_at, Time.current)
     end
 
     # Minimum password length
     def password_minimum = 12
 
-    # Maximum password length
-    def password_maximum = 40
-
     # Checks for password presence
     def password?
       password.present?

data/lib/minimalist_authentication/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module MinimalistAuthentication
-  VERSION = "3.0.0"
+  VERSION = "3.1.0"
 end

data/lib/minimalist_authentication.rb

@@ -9,3 +9,9 @@ require "minimalist_authentication/email_verification"
 require "minimalist_authentication/controller"
 require "minimalist_authentication/sessions"
 require "minimalist_authentication/test_helper"
+
+module MinimalistAuthentication
+  def self.deprecator
+    @deprecator ||= ActiveSupport::Deprecation.new("4.0", name)
+  end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: minimalist_authentication
 version: !ruby/object:Gem::Version
-  version: 3.0.0
+  version: 3.1.0
 platform: ruby
 authors:
 - Aaron Baldwin
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-11-03 00:00:00.000000000 Z
+date: 2024-11-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bcrypt
@@ -37,14 +37,14 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 6.0.0
+        version: 7.1.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 6.0.0
+        version: 7.1.0
 description: A Rails authentication plugin that takes a minimalist approach. It is
   designed to be simple to understand, use, and modify for your application.
 email:
@@ -94,7 +94,6 @@ licenses:
 - MIT
 metadata:
   homepage_uri: https://github.com/wwidea/minimalist_authentication
-  source_code_uri: https://github.com/wwidea/minimalist_authentication
   rubygems_mfa_required: 'true'
 post_install_message:
 rdoc_options: []