negroni 0.1.0

data/lib/negroni/models/lockable.rb

@@ -0,0 +1,216 @@
+# frozen_string_literal: true
+
+module Negroni
+  module Models
+    # Handles blocking a user access after a certain number of attempts.
+    # Lockable accepts two different strategies to unlock a user after it's
+    # blocked: email and time. The former will send an email to the user when
+    # the lock happens, containing a link to unlock its account. The second will
+    # unlock the user automatically after some configured time (ie 2.hours).
+    # It's also possible to set up lockable to use both email and time
+    # strategies.
+    #
+    # ## Options
+    #
+    # Lockable adds the following options to `negroni`:
+    #
+    #   * `maximum_attempts`: how many attempts should be accepted before
+    #      blocking the user.
+    #   * `lock_strategy`: lock the user account by :failed_attempts or :none.
+    #   * `unlock_strategy`: unlock the user account by :time, :email, :both or
+    #      :none.
+    #   * `unlock_in`: the time you want to lock the user after to lock happens.
+    #                  Only available when unlock_strategy is :time or :both.
+    #   * `unlock_keys`: the keys you want to use when locking and unlocking.
+    #
+    module Lockable
+      extend ActiveSupport::Concern
+
+      # @!method lock_strategy_enabled?(strategy)
+      #   @return [Boolean] if the passed strategy is enabled
+      delegate :lock_strategy_enabled?,
+               :unlock_strategy_enabled?,
+               to: 'self.class'
+
+      # Required fields
+      def self.required_fields(klass)
+        att = []
+        att << :failed_attempts if klass.lock_strategy_enabled? :failed_attempts
+        att << :locked_at if klass.unlock_strategy_enabled? :time
+        att << :unlock_token if klass.unlock_strategy_enabled? :email
+        att
+      end
+
+      # Lock a user setting its locked_at to actual time.
+      #
+      # @param opts [Hash] hash of options
+      # @option opts [Boolean] :send_instructions pass `false` to not send the
+      #         email
+      def lock_access!(opts = {})
+        self.locked_at = Time.now.utc
+
+        if unlock_strategy_enabled?(:email) &&
+           opts.fetch(:send_instructions, true)
+          send_unlock_instructions
+        else
+          save(validate: false)
+        end
+      end
+
+      # Unlock a user, clearing `locked_at` and `failed_attempts`.
+      def unlock_access!
+        self.locked_at = nil
+        self.failed_attempts = 0 if respond_to?(:failed_attempts=)
+        self.unlock_token = nil if respond_to?(:unlock_token=)
+        save(validate: false)
+      end
+
+      # Returns true if the user has access locked
+      # @return [Boolean]
+      def access_locked?
+        locked_at && !lock_expired?
+      end
+
+      # send instructions to unlock
+      def send_unlock_instructions
+        raw, enc = Negroni.token_generator.generate(self.class, :unlock_token)
+        self.unlock_token = enc
+
+        save(validate: false) # rubocop:disable Rails/SaveBang
+        send_auth_notification(:unlock_instructions, raw, {})
+        raw
+      end
+
+      # Resend instructions if the user is locked
+      def resend_unlock_instructions
+        if_access_locked { send_unlock_instructions }
+      end
+
+      # Override active_for_auth? for locking purposes
+      def active_for_auth?
+        super && !access_locked?
+      end
+
+      # Override for locking purposes
+      def inactive_message
+        access_locked? ? :locked : super
+      end
+
+      # rubocop:disable Metrics/CyclomaticComplexity,PerceivedComplexity
+
+      # Override for locking purposes
+      def valid_for_auth?
+        return super unless persisted? &&
+                            lock_strategy_enabled?(:failed_attempts)
+
+        unlock_access! if lock_expired?
+
+        return true if super && !access_locked?
+
+        self.failed_attempts ||= 0
+        self.failed_attempts += 1
+
+        if attempts_exceeded?
+          lock_access! unless access_locked?
+        else
+          save(validate: false)
+        end
+
+        false
+      end
+
+      # Override for locking
+      def unauthenticated_message
+        if Negroni.paranoid
+          super
+        elsif access_locked? ||
+              (lock_strategy_enabled?(:failed_attempts) && attempts_exceeded?)
+          :locked
+        elsif lock_strategy_enabled?(:failed_attempts) &&
+              last_attempt? && self.class.last_attempt_warning
+          :last_attempt
+        else
+          super
+        end
+      end
+
+      protected
+
+      def attempts_exceeded?
+        failed_attempts >= self.class.maximum_attempts
+      end
+
+      def last_attempt?
+        failed_attempts == self.class.maximum_attempts - 1
+      end
+
+      def lock_expired?
+        return false unless unlock_strategy_enabled?(:time)
+        locked_at && locked_at < self.class.unlock_in.ago
+      end
+
+      def if_access_locked
+        if access_locked?
+          yield
+        else
+          errors.add(Negroni.unlock_keys.first, :not_locked)
+          false
+        end
+      end
+
+      # Class Methods for Lockable
+      module ClassMethods
+        # @private
+        BOTH_STRATEGIES = [:time, :email].freeze
+        private_constant :BOTH_STRATEGIES
+
+        Negroni::Models.config(self, :maximum_attempts, :lock_strategy,
+                               :unlock_strategy, :unlock_in, :unlock_keys,
+                               :last_attempt_warning)
+
+        # Attempt to find a user by its unlock keys. If a record is found, send
+        # new unlock instructions to it. If not user is found, returns a new
+        # user with an email not found error.  Options must contain the user's
+        # unlock keys Checks if a given lock strategy is enabled.
+        def send_unlock_instructions(attributes = {})
+          lockable = find_or_initialize_with_errors(
+            unlock_keys, attributes, :not_found
+          )
+          lockable.resend_unlock_instructions if lockable.persisted?
+          lockable
+        end
+
+        # Find a user by its unlock token and try to unlock it.
+        # If no user is found, returns a new user with an error.
+        # If the user is not locked, creates an error for the user
+        # Options must have the unlock_token
+        def unlock_access_by_token(token)
+          orig = token
+          token = Negroni.token_generator.digest(self, :unlock_token, token)
+
+          lockable = find_or_initialize_with_error_by(:unlock_token, token)
+          lockable.unlock_access! if lockable.persisted?
+          lockable.unlock_token = orig
+          lockable
+        end
+
+        # @param strategy [Symbol] the name of the strategy.
+        #
+        # @return [Boolean] if the strategy is enabled.
+        def lock_strategy_enabled?(strategy)
+          lock_strategy == strategy
+        end
+
+        # Checks if a given unlock strategy is enabled.
+        #
+        # @param strategy [Symbol] the name of the strategy.
+        #
+        # @return [Boolean] if the strategy is enabled.
+        def unlock_strategy_enabled?(strategy)
+          unlock_strategy == strategy ||
+            (unlock_strategy == :both && BOTH_STRATEGIES.include?(strategy))
+        end
+      end
+    end
+  end
+end

data/lib/negroni/models/omniauthable.rb

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+require 'negroni/omniauth'
+
+module Negroni
+  module Models
+    # Adds OmniAuth support to your model.
+    #
+    # ## Options
+    #
+    # Omniauthable adds the following options to negroni:
+    #
+    #   * `omniauth_providers`: Which providers are available to this model.
+    #           It expects an array.
+    #
+    # @example
+    #   negroni :authenticable, :omniauthable, omniauth_providers: [:twitter]
+    #
+    module Omniauthable
+      extend ActiveSupport::Concern
+
+      # Required fields for this module (_none_)
+      def self.required_fields(_klass = nil)
+        []
+      end
+
+      # Configuration options
+      module ClassMethods
+        Negroni::Models.config(self, :omniauth_providers)
+      end
+    end
+  end
+end

data/lib/negroni/models/recoverable.rb

@@ -0,0 +1,204 @@
+# frozen_string_literal: true
+
+module Negroni
+  module Models
+    # Recoverable takes care of resetting the user password and send reset
+    # instructions.
+    #
+    # ## Required attributes
+    #
+    # Recoverable requires that the including class has the following attributes:
+    #
+    #   * `reset_password_sent_at`: [DateTime]
+    #   * `reset_password_token`: [String]
+    #
+    # ## Options
+    #
+    # Recoverable adds the following class options:
+    #
+    #   * `reset_password_keys`: the keys you want to use when recovering the
+    #                            password for an account
+    #   * `reset_password_within`: the time period within which the password must
+    #                              be reset or the token expires.
+    #   * `sign_in_after_reset_password`: whether or not to sign in the user
+    #                                     automatically after a password reset.
+    #
+    # @example
+    #   # resets the user password and save the record, true if valid passwords
+    #   # are given, otherwise false
+    #   User.find(1).reset_password('password123', 'password123')
+    #
+    # @example
+    #   # creates a new token and send it with instructions about how to reset
+    #   # the password
+    #   User.find(1).send_reset_password_instructions
+    #
+    module Recoverable
+      extend ActiveSupport::Concern
+
+      # Required fields for Recoverable
+      def self.required_fields(_klass = nil)
+        [:reset_password_sent_at, :reset_password_token]
+      end
+
+      included do
+        before_update :clear_reset_password_token,
+                      if: :clear_reset_password_token?
+      end
+
+      # Update password saving the record and clearing token. Returns true if
+      # the passwords are valid and the record was saved, false otherwise.
+      #
+      # @param new_password [String] the new password
+      # @param new_password_confirmation [String] confirmation of the password
+      #
+      # @return [Boolean] if the operation was successful
+      def reset_password(new_password, new_password_confirmation)
+        self.password = new_password
+        self.password_confirmation = new_password_confirmation
+
+        save
+      end
+
+      # Resets reset password token and send reset password instructions by
+      # email.  Returns the token sent in the e-mail.
+      #
+      # @return [String] the token that was sent in the email.
+      def send_reset_password_instructions
+        token = set_reset_password_token
+        send_reset_password_instructions_notification(token)
+
+        token
+      end
+
+      # Checks if the reset password token sent is within the limit time.  We do
+      # this by calculating if the difference between today and the sending date
+      # does not exceed the confirm in time configured.  Returns true if the
+      # resource is not responding to reset_password_sent_at at all.
+      #
+      # @return [Boolean] if the period is valid.
+      #
+      # reset_password_within is a model configuration, must always be an integer
+      # value.
+      #
+      # @example
+      #   # reset_password_within = 1.day and reset_password_sent_at = today
+      #   reset_password_period_valid?   # => true
+      #
+      # @example
+      #   # reset_password_within = 5.days; reset_password_sent_at = 4.days.ago
+      #   reset_password_period_valid?   # => true
+      #
+      # @example
+      #   # reset_password_within = 5.days; reset_password_sent_at = 5.days.ago
+      #   reset_password_period_valid?   # => false
+      #
+      # @example
+      #   # reset_password_within = 0.days
+      #   reset_password_period_valid?   # will always return false
+      #
+      def reset_password_period_valid?
+        reset_password_sent_at &&
+          reset_password_sent_at.utc >= self.class.reset_password_within.ago.utc
+      end
+
+      protected
+
+      # Removes `reset_password_token`
+      def clear_reset_password_token
+        self.reset_password_token = nil
+        self.reset_password_sent_at = nil
+      end
+
+      # Sets the `reset_password_token` for the record
+      def set_reset_password_token
+        raw, encoded = Negroni.token_generator.generate(self.class,
+                                                        :reset_password_token)
+
+        self.reset_password_token = encoded
+        self.reset_password_sent_at = Time.now.utc
+
+        save(validate: false) # rubocop:disable Rails/SaveBang
+        raw
+      end
+
+      def send_reset_password_instructions_notification(token)
+        send_auth_notification(:reset_password_instructions, token, {})
+      end
+
+      def clear_reset_password_token?
+        auth_keys_changed = self.class.authentication_keys.any? do |attribute|
+          respond_to?("#{attribute}_changed?") && send("#{attribute}_changed?")
+        end
+
+        !new_record? && (auth_keys_changed || password_digest_changed?)
+      end
+
+      # Class Methods for `Recoverable`
+      module ClassMethods
+        # Attempt to find a user by password reset token. If a user is found,
+        # return it.  If not, return `nil`.
+        def with_reset_password_token(token)
+          reset_password_token = Negroni.token_generator.digest(
+            self, :reset_password_token, token
+          )
+          to_adapter.find_first(reset_password_token: reset_password_token)
+        end
+
+        # Attempt to find a user by its email. If a record is found, send new
+        # password instructions to it. If user is not found, returns a new user
+        # with an email not found error.
+        #
+        # Attributes must contain the user's email
+        def send_reset_password_instructions(attributes = {})
+          recoverable = find_or_initialize_with_errors(reset_password_keys,
+                                                       attributes,
+                                                       :not_found)
+
+          recoverable.send_reset_password_instructions if recoverable.persisted?
+          recoverable
+        end
+
+        # rubocop:disable Metrics/MethodLength
+
+        # Attempt to find a user by its reset_password_token to reset its
+        # password. If a user is found and token is still valid, reset its
+        # password and automatically try saving the record. If not user is
+        # found, returns a new user containing an error in reset_password_token
+        # attribute.
+        #
+        # Attributes must contain reset_password_token, password and confirmation
+        def reset_password_by_token(attributes = {})
+          original = attributes[:reset_password_token]
+          token = Negroni.token_generator.digest(
+            self, :reset_password_token, original
+          )
+
+          recoverable = find_or_initialize_with_error_by(:reset_password_token,
+                                                         token)
+
+          if recoverable.persisted?
+            if recoverable.reset_password_period_valid?
+              recoverable.reset_password(attributes[:password],
+                                         attributes[:password_confirmation])
+            else
+              recoverable.errors.add(:reset_password_token, :expired)
+            end
+          end
+
+          if recoverable.reset_password_token.present?
+            recoverable.reset_password_token = original
+          end
+
+          recoverable
+        end
+
+        Negroni::Models.config(self,
+                               :reset_password_keys,
+                               :reset_password_within)
+      end
+    end
+  end
+end
+
+# rubocop:enable all