nyauth 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 43f12311bbcbae2757a70708c8729fcd541af09c
+  data.tar.gz: 8911316b67a0cabca61b72a25a0a0e25264fb3f5
+SHA512:
+  metadata.gz: 5bbb2a9bc1b43dd74198adaca2a241f06d1ae5db25b3753dd9694b1dff49278568a253e9c7beec302fb9819c99d7befd17aaed796b1dd7ab4c233c3343b5cdf0
+  data.tar.gz: a0434f772ab0f52520dadb3af244ef556ef3904f9e589ec472b10ba8b7f30b887a67c978123f77f16453917161e72261242302ee35b1eb57a565098c2917044e

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright 2015 koshikawa
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1 @@
+# Nyauth

data/Rakefile

@@ -0,0 +1,26 @@
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+
+require 'rdoc/task'
+
+RDoc::Task.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'Nyauth'
+  rdoc.options << '--line-numbers'
+  rdoc.rdoc_files.include('README.rdoc')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+APP_RAKEFILE = File.expand_path("../spec/dummy/Rakefile", __FILE__)
+load 'rails/tasks/engine.rake'
+
+Bundler::GemHelper.install_tasks
+
+require 'rspec/core'
+require 'rspec/core/rake_task'
+desc "Run all specs in spec directory (excluding plugin specs)"
+RSpec::Core::RakeTask.new(:spec => 'app:db:test:prepare')
+task :default => :spec

data/app/assets/javascripts/nyauth/application.js

@@ -0,0 +1,13 @@
+// This is a manifest file that'll be compiled into application.js, which will include all the files
+// listed below.
+//
+// Any JavaScript/Coffee file within this directory, lib/assets/javascripts, vendor/assets/javascripts,
+// or any plugin's vendor/assets/javascripts directory can be referenced here using a relative path.
+//
+// It's not advisable to add code directly here, but if you do, it'll appear at the bottom of the
+// compiled file.
+//
+// Read Sprockets README (https://github.com/sstephenson/sprockets#sprockets-directives) for details
+// about supported directives.
+//
+//= require_tree .

data/app/assets/stylesheets/nyauth/application.css

@@ -0,0 +1,15 @@
+/*
+ * This is a manifest file that'll be compiled into application.css, which will include all the files
+ * listed below.
+ *
+ * Any CSS and SCSS file within this directory, lib/assets/stylesheets, vendor/assets/stylesheets,
+ * or any plugin's vendor/assets/stylesheets directory can be referenced here using a relative path.
+ *
+ * You're free to add application-wide styles to this file and they'll appear at the bottom of the
+ * compiled file so the styles you add here take precedence over styles defined in any styles
+ * defined in the other CSS/SCSS files in this directory. It is generally better to create a new
+ * file per style scope.
+ *
+ *= require_tree .
+ *= require_self
+ */

data/app/controllers/concerns/nyauth/session_concern.rb

@@ -0,0 +1,71 @@
+module Nyauth
+  module SessionConcern
+    extend ActiveSupport::Concern
+
+    included do |base|
+      if base.ancestors.include?(ActionController::Base)
+        helper_method :signed_in?, :current_authenticated
+        class_attribute :allow_actions
+      end
+    end
+
+    # ex.)
+    # sign_in(client)
+    def sign_in(client)
+      return unless client
+      store_signed_in_session(client)
+    end
+
+    # ex.)
+    # signed_in?(as: :user)
+    def signed_in?(options = {})
+      options.reverse_merge!(as: :user)
+      session[signed_in_session_key].present?
+    end
+
+    # ex.)
+    # sign_out
+    def sign_out
+      reset_session
+    end
+
+    # ex.)
+    # before_action -> { require_authentication! as: :user }, only: :secret_action
+    def require_authentication!(options = {})
+      options.reverse_merge!(as: :user)
+      return if self.class.allow_actions == :all
+      return if self.class.allow_actions.present? && request[:action].to_sym.in?(self.class.allow_actions)
+      head :unauthorized unless signed_in?(options)
+    end
+
+    def current_authenticated
+      return nil unless session_value = session[signed_in_session_key]
+      klass_name, client_id = Nyauth::Encryptor.decrypt(session_value).split(':')
+      klass_name.constantize.find(client_id)
+    end
+
+    def store_signed_in_session(client)
+      session[signed_in_session_key] = signed_in_session_object(client)
+    end
+
+    private
+
+    def signed_in_session_key
+      "sign_in_session"
+    end
+
+    def signed_in_session_object(client)
+      Nyauth::Encryptor.encrypt("#{client.class.name}:#{client.id}")
+    end
+
+    module ClassMethods
+      def allow_everyone(options = {})
+        if options[:only]
+          self.allow_actions = options[:only] || []
+        else
+          self.allow_actions = :all
+        end
+      end
+    end
+  end
+end

data/app/controllers/nyauth/confirmation_requests_controller.rb

@@ -0,0 +1,28 @@
+module Nyauth
+  class ConfirmationRequestsController < ApplicationController
+    allow_everyone
+    respond_to :html, :json
+    before_action :set_user, only: [:create]
+    after_action :send_mail, only: [:create], if: -> { @user.confirmation_key.present? }
+
+    def new
+    end
+
+    def create
+      @user.request_confirmation
+      respond_with(@user, location: root_path)
+    end
+
+    private
+
+    def set_user
+      @user = User.find_by!(email: params[:user][:email])
+    rescue ActiveRecord::RecordNotFound
+      render :new
+    end
+
+    def send_mail
+      Nyauth::UserMailer.request_confirmation(@user).deliver_now
+    end
+  end
+end

data/app/controllers/nyauth/confirmations_controller.rb

@@ -0,0 +1,19 @@
+module Nyauth
+  class ConfirmationsController < ApplicationController
+    allow_everyone
+    self.responder = ConfirmationResponder
+    respond_to :html, :json
+    before_action :set_user
+
+    def update
+      @user.confirm
+      respond_with(@user, location: root_path)
+    end
+
+    private
+
+    def set_user
+      @user = User.find_by!(confirmation_key: params[:confirmation_key])
+    end
+  end
+end

data/app/controllers/nyauth/new_password_requests_controller.rb

@@ -0,0 +1,28 @@
+module Nyauth
+  class NewPasswordRequestsController < ApplicationController
+    allow_everyone
+    respond_to :html, :json
+    before_action :set_user, only: [:create]
+    after_action :send_mail, only: [:create], if: -> { @user.new_password_key.present? }
+
+    def new
+    end
+
+    def create
+      @user.request_new_password
+      respond_with(@user, location: root_path)
+    end
+
+    private
+
+    def set_user
+      @user = User.find_by!(email: params[:user][:email])
+    rescue ActiveRecord::RecordNotFound
+      render :new
+    end
+
+    def send_mail
+      Nyauth::UserMailer.request_new_password(@user).deliver_now
+    end
+  end
+end

data/app/controllers/nyauth/new_passwords_controller.rb

@@ -0,0 +1,26 @@
+module Nyauth
+  class NewPasswordsController < ApplicationController
+    allow_everyone
+    respond_to :html, :json
+    before_action :set_user
+
+    def edit
+    end
+
+    def update
+      @user.update_new_password(user_params)
+      respond_with(@user, location: nyauth.new_session_path)
+    end
+
+    private
+
+    def set_user
+      @user = User.find_by!(new_password_key: params[:new_password_key])
+    end
+
+    def user_params
+      params.fetch(:user, {})
+            .permit(:password, :password_confirmation)
+    end
+  end
+end

data/app/controllers/nyauth/passwords_controller.rb

@@ -0,0 +1,26 @@
+module Nyauth
+  class PasswordsController < ApplicationController
+    respond_to :html, :json
+    before_action :set_user
+
+    def edit
+    end
+
+    def update
+      @user.attributes = user_params
+      @user.save(context: :update_password)
+      respond_with(@user, location: root_path)
+    end
+
+    private
+
+    def set_user
+      @user = User.find(current_authenticated.id)
+    end
+
+    def user_params
+      params.fetch(:user, {})
+            .permit(:password, :password_confirmation)
+    end
+  end
+end

data/app/controllers/nyauth/registrations_controller.rb

@@ -0,0 +1,26 @@
+module Nyauth
+  class RegistrationsController < ApplicationController
+    allow_everyone
+    respond_to :html, :json
+    before_action :set_user
+
+    def new
+    end
+
+    def create
+      sign_in(@user) if @user.save
+      respond_with(@user, location: root_path)
+    end
+
+    private
+
+    def set_user
+      @user = User.new(user_params)
+    end
+
+    def user_params
+      params.fetch(:user, {})
+            .permit(:email, :password, :password_confirmation)
+    end
+  end
+end

data/app/controllers/nyauth/sessions_controller.rb

@@ -0,0 +1,31 @@
+module Nyauth
+  class SessionsController < ApplicationController
+    allow_everyone only: [:new, :create]
+    respond_to :html, :json
+    before_action :set_session_service
+
+    def new
+    end
+
+    def create
+      sign_in(@session_service.client) if @session_service.save
+      respond_with @session_service, location: root_path
+    end
+
+    def destroy
+      sign_out
+      respond_with @session_service, location: root_path
+    end
+
+    private
+
+    def set_session_service
+      @session_service = Nyauth::SessionService.new(session_service_params)
+    end
+
+    def session_service_params
+      params.fetch(:session_service, {})
+            .permit(:email, :password)
+    end
+  end
+end

data/app/helpers/nyauth/application_helper.rb

@@ -0,0 +1,4 @@
+module Nyauth
+  module ApplicationHelper
+  end
+end

data/app/mailers/nyauth/user_mailer.rb

@@ -0,0 +1,15 @@
+module Nyauth
+  class UserMailer < ActionMailer::Base
+    default from: "from@example.com"
+    layout 'nyauth/mailer'
+    def request_confirmation(user)
+      @user = user
+      mail to: user.email
+    end
+
+    def request_new_password(user)
+      @user = user
+      mail to: user.email
+    end
+  end
+end

data/app/models/concerns/nyauth/authenticatable.rb

@@ -0,0 +1,18 @@
+module Nyauth
+  module Authenticatable
+    extend ActiveSupport::Concern
+    include Nyauth::PasswordDigestAbility
+
+    included do
+      validates :email, presence: true
+    end
+
+    module ClassMethods
+      def authenticate(given_email, given_password)
+        record = where(email: given_email).last
+        return nil unless record
+        record.verify_password?(given_password) ? record : nil
+      end
+    end
+  end
+end

data/app/models/concerns/nyauth/confirmable.rb

@@ -0,0 +1,34 @@
+module Nyauth
+  module Confirmable
+    extend ActiveSupport::Concern
+
+    included do
+      before_validation :check_confirmation_key, on: :confirm
+    end
+
+    def confirm
+      self.confirmed_at = Time.current
+      save(context: :confirm)
+    end
+
+    def confirmed?
+      self.confirmed_at.present?
+    end
+
+    def request_confirmation
+      self.confirmation_key = SecureRandom.hex(32)
+      self.confirmation_key_expired_at = Time.current + 1.hour
+      save
+    end
+
+    private
+
+    def check_confirmation_key
+      if confirmation_key_expired_at.past?
+        errors.add(:confirmation_key, :expired)
+      else
+        self.confirmation_key = nil
+      end
+    end
+  end
+end

data/app/models/concerns/nyauth/new_password_ability.rb

@@ -0,0 +1,35 @@
+module Nyauth
+  module NewPasswordAbility
+    extend ActiveSupport::Concern
+
+    included do
+      before_validation :check_new_password_key, on: :new_password
+      validates :email, email: { strict_mode: false }
+      validates :password, presence: true,
+                           length: { minimum: 8 },
+                           on: [:create, :update_password, :new_password]
+      validates :password, confirmation: true
+    end
+
+    def update_new_password(params)
+      self.attributes = params
+      self.save(context: :new_password)
+    end
+
+    def request_new_password
+      self.new_password_key = SecureRandom.hex(32)
+      self.new_password_key_expired_at = Time.current + 1.hour
+      save
+    end
+
+    private
+
+    def check_new_password_key
+      if new_password_key_expired_at.past?
+        errors.add(:new_password_key, :expired)
+      else
+        self.new_password_key = nil
+      end
+    end
+  end
+end

data/app/models/concerns/nyauth/password_digest_ability.rb

@@ -0,0 +1,40 @@
+module Nyauth
+  module PasswordDigestAbility
+    extend ActiveSupport::Concern
+    DIGEST_STRETCHES = 1000
+
+    included do
+      attr_accessor :password, :password_confirmation
+      validates :password_digest, presence: true
+      before_validation do
+        set_password_salt if password.present?
+        set_password_digest if password.present?
+      end
+    end
+
+    def verify_password?(raw_password)
+      password_digest == generate_password_digest(raw_password)
+    end
+
+    private
+
+    def generate_password_digest(password)
+      DIGEST_STRETCHES.times do
+        password = Digest::SHA256.hexdigest("#{password}#{password_salt}")
+      end
+      password
+    end
+
+    def generate_password_salt
+      "#{id}#{SecureRandom.hex(128)}"
+    end
+
+    def set_password_salt
+      self.password_salt = generate_password_salt
+    end
+
+    def set_password_digest
+      self.password_digest = generate_password_digest(password)
+    end
+  end
+end

data/app/responders/nyauth/app_responder.rb

@@ -0,0 +1,6 @@
+module Nyauth
+  class AppResponder < ActionController::Responder
+    include Responders::FlashResponder
+    include Responders::HttpCacheResponder
+  end
+end

data/app/responders/nyauth/confirmation_responder.rb

@@ -0,0 +1,14 @@
+module Nyauth
+  class ConfirmationResponder < ActionController::Responder
+    include Responders::FlashResponder
+    include Responders::HttpCacheResponder
+
+    def get?
+      false
+    end
+
+    def default_action
+      :edit
+    end
+  end
+end

data/app/services/nyauth/confirmation_request_service.rb

@@ -0,0 +1,15 @@
+module Nyauth
+  class ConfimationRequestService
+    include ActiveModel::Model
+    attr_reader :client
+
+    def initialize(client)
+      @client = client
+    end
+
+    def save
+      client.request_confirmation
+      client.save
+    end
+  end
+end

data/app/services/nyauth/session_service.rb

@@ -0,0 +1,21 @@
+module Nyauth
+  class SessionService
+    include ActiveModel::Model
+    attr_reader :email, :password, :client
+
+    def initialize(session_service_params = {})
+      @email = session_service_params[:email]
+      @password = session_service_params[:password]
+    end
+
+    def save(options = {})
+      options.reverse_merge!(as: :user)
+      klass = options[:as].to_s.classify.constantize
+      @client = klass.authenticate(email, password)
+      errors.add(:client, 'invalid email or password') unless @client
+      client
+    rescue
+      errors.add(:client, 'invalid email or password')
+    end
+  end
+end

data/app/views/layouts/nyauth/mailer.html.erb

@@ -0,0 +1 @@
+<%= yield %>

data/app/views/layouts/nyauth/mailer.text.erb

@@ -0,0 +1 @@
+<%= yield %>

data/app/views/nyauth/confirmation_requests/new.html.slim

@@ -0,0 +1,5 @@
+= form_for(User.new, url: confirmation_requests_path, mehotd: :post, html: { class: 'pure-form' }) do |f|
+  fieldset
+    legend= t 'nav.confirmation_requests.new'
+  = f.text_field(:email, placeholder: :email)
+  = f.submit 'request confirmation', data: { disable_with: '...' }, class: 'pure-button pure-button-primary'

data/app/views/nyauth/confirmations/edit.html.slim

@@ -0,0 +1,5 @@
+- if @user.errors.present?
+  h2 errors
+  ul.errors
+    - @user.errors.full_messages.each do |e|
+      li #{e}

data/app/views/nyauth/group_requests/new.html.slim

@@ -0,0 +1,14 @@
+= form_for(@group_request, html: { class: 'pure-form pure-form-stacked' }) do |f|
+  fieldset
+    legend
+
+    - if @group_request.errors.present?
+      h2 errors
+      ul.errors
+        - @group_request.errors.full_messages.each do |e|
+          li #{e}
+    = f.text_field :key, placeholder: 'your team for domain'
+    |.circleaf.com
+    - unless signed_in?
+      = f.email_field :email, placeholder: 'your email'
+    = f.submit 'Request', data: { disable_with: '...' }, class: 'pure-button pure-button-primary'

data/app/views/nyauth/layouts/application.html.slim

@@ -0,0 +1,15 @@
+DOCTYPE
+html
+  head
+    title circleaf
+    = stylesheet_link_tag    'application', media: 'all'
+    = javascript_include_tag 'application'
+    = csrf_meta_tags
+  body
+    = render 'navigation'
+    - if flash[:notice].present?
+      .messages= flash[:notice]
+    - if flash[:alert].present? # FIXME: DRY
+      .messages= flash[:alert]
+    .main-content
+      == yield

data/app/views/nyauth/layouts/mailer.html.slim

@@ -0,0 +1 @@
+== yield

data/app/views/nyauth/layouts/mailer.text.slim

@@ -0,0 +1 @@
+== yield

data/app/views/nyauth/new_password_requests/new.html.slim

@@ -0,0 +1,5 @@
+= form_for(User.new, url: new_password_requests_path, mehotd: :post, html: { class: 'pure-form' }) do |f|
+  fieldset
+    legend= t 'nav.new_password_requests.new'
+  = f.text_field(:email, placeholder: :email)
+  = f.submit 'request new password', data: { disable_with: '...' }, class: 'pure-button pure-button-primary'

data/app/views/nyauth/new_passwords/edit.html.slim

@@ -0,0 +1,11 @@
+= form_for(@user, url: new_password_path(params[:new_password_key]), html: { class: 'pure-form pure-form-stacked' }) do |f|
+  fieldset
+    legend
+    - if @user.errors.present?
+      h2 errors
+      ul.errors
+        - @user.errors.full_messages.each do |e|
+          li #{e}
+    = f.password_field :password, placeholder: :password
+    = f.password_field :password_confirmation, placeholder: :confirmation
+    = f.submit 'Update', data: { disable_with: '...' }, class: 'pure-button pure-button-primary'

data/app/views/nyauth/passwords/edit.html.slim

@@ -0,0 +1,11 @@
+= form_for(@user, url: password_path, html: { class: 'pure-form pure-form-stacked' }) do |f|
+  fieldset
+    legend
+    - if @user.errors.present?
+      h2 errors
+      ul.errors
+        - @user.errors.full_messages.each do |e|
+          li #{e}
+    = f.password_field :password, placeholder: :password
+    = f.password_field :password_confirmation, placeholder: :confirmation
+    = f.submit 'Update', data: { disable_with: '...' }, class: 'pure-button pure-button-primary'