RubyGems - orthodox - Versions diffs - 0.2.4 → 0.3.0 - Mend

orthodox 0.2.4 → 0.3.0

Files changed (40) hide show

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f88d03f6e7af9cdf80036cac8d4729085eded3c2fab7397fcf1aa11342614529
-  data.tar.gz: 3e0cb40bc7890ff8a86e6206ad7d2c9e480aab0913c54e72aa8ff3167f98c912
+  metadata.gz: 616ba8695069097dae8c09c0912d366b2491ea1747d683e91fce2ee86bc91456
+  data.tar.gz: 05b4176b9a0c81b779ab5ac0490e21437eb3eaec6daad9fa98ce503de0481b4a
 SHA512:
-  metadata.gz: b4286e0501d78936b5e0af3ad5d2005a3f00afe97e5bdbb045743aae8c47baf43573f6be896714e4467f90787561c023ce57f200875707042f157ba68f1619ba
-  data.tar.gz: 4f4d3f93e1f76cb962183b0cda3ec7c9f9e1cff2a0b776b3fcb2c4e292152f54fbb40d34b8aa3e83d591135f63016cef19d1983695747aafdf013b68ba9b33da
+  metadata.gz: 436f151edd60aa7a0b8437aa7652d4406f95a78ae9d26aa4b05e0dd5948c86c71baf08225a58162cd50039e62688594ea8a57e433eef4b4459dea42f6b3de0a6
+  data.tar.gz: da50fc10b1b96d2a1f6b34d5ae13a57b5c9aa25b2cef9c8f9a8e719d7afa4d25595d6261493c913732fd8da36bc7f546cf9791fffe7a1080943ca975b1d361db

data/lib/generators/authentication/USAGE ADDED

@@ -0,0 +1,14 @@
+Description:
+    Adds boilerplate controllers, models, and views for authenticating a model.
+Example:
+    rails generate authentication Member
+    This will create:
+        app/models/concerns/authenticateable.rb
+        app/controllers/concerns/authentication.rb
+        app/controllers/members/sessions_controller.rb
+        app/models/member_session.rb
+        app/views/members/sessions/new.html.slim
+        spec/system/members/authentication_spec.rb
+        spec/models/member_session_spec.rb

data/lib/generators/authentication/authentication_generator.rb ADDED

@@ -0,0 +1,214 @@
+class AuthenticationGenerator < Rails::Generators::NamedBase
+  source_root File.expand_path('templates', __dir__)
+  desc "Creates authentication views, controllers and models for a given Model"
+  class_option :skip_views, type: :boolean, default: false
+  class_option :skip_tests, type: :boolean, default: false
+  class_option :two_factor, type: :boolean, default: false
+  def create_controllers
+    generate "base_controller", class_name
+    template "controllers/sessions_controller.rb.erb",
+             "app/controllers/#{plural_file_name}/sessions_controller.rb"
+    template "controllers/password_resets_controller.rb.erb",
+            "app/controllers/#{plural_file_name}/password_resets_controller.rb"
+    if options[:two_factor]
+      template "controllers/tfa_sessions_controller.rb.erb",
+               "app/controllers/#{plural_file_name}/tfa_sessions_controller.rb"
+      template "controllers/tfas_controller.rb.erb",
+               "app/controllers/#{plural_file_name}/tfas_controller.rb"
+    end
+  end
+  def extend_controllers
+    inject_into_class "app/controllers/#{plural_name}/base_controller.rb",
+                      "#{plural_class_name}::BaseController",
+                      "  authenticate_model :#{singular_name}, tfa: #{options[:two_factor]}\n"
+    include_module_in_controller("#{plural_name}/base_controller", "Authentication")
+  end
+  def ensure_helpers
+    if options[:two_factor]
+      copy_file "helpers/otp_credentials_helper.rb", "app/helpers/otp_credentials_helper.rb"
+    end
+  end
+  def ensure_js
+    if options[:two_factor]
+      copy_file "javascript/tfa_forms.js", "app/javascript/packs/tfa_forms.js"
+    end
+  end
+  def create_mailer
+    generate "mailer", "#{class_name}Mailer"
+    inject_into_class "app/mailers/#{singular_name}_mailer.rb", "#{class_name}Mailer", <<~RUBY
+    def password_reset_link(#{singular_name})
+      @#{singular_name} = #{singular_name}
+      mail(to: #{singular_name}.email, subject: "Reset your password")
+    end
+    RUBY
+    template "views/mailers/password_reset_link.html.slim.erb",
+             "app/views/#{singular_name}_mailer/password_reset_link.html.slim"
+  end
+  def create_models
+    copy_file "models/password_reset_token.rb", "app/models/password_reset_token.rb"
+    if options[:two_factor]
+      template "models/otp_credential.rb.erb", "app/models/otp_credential.rb"
+    end
+  end
+  def extend_models
+    include_module_in_model(class_name, "Authenticateable")
+    include_module_in_model(class_name, "PasswordResetable")
+    if options[:two_factor]
+      include_module_in_model(class_name, "Otpable")
+    end
+  end
+  def create_form_objects
+    template "models/session.rb.erb", "app/models/#{singular_name}_session.rb"
+    if options[:two_factor]
+      copy_file "models/tfa_session.rb", "app/models/tfa_session.rb"
+    end
+  end
+  def ensure_concerns
+    template "controllers/concerns/authentication.rb.erb",
+             "app/controllers/concerns/authentication.rb"
+    copy_file "models/concerns/authenticateable.rb",
+              "app/models/concerns/authenticateable.rb"
+    copy_file "models/concerns/password_resetable.rb",
+              "app/models/concerns/password_resetable.rb"
+    if options[:two_factor]
+      copy_file "controllers/concerns/two_factor_authentication.rb",
+                "app/controllers/concerns/two_factor_authentication.rb"
+      copy_file "models/concerns/otpable.rb", "app/models/concerns/otpable.rb"
+    end
+  end
+  def create_migrations
+    generate "migration", "create_password_reset_tokens secret:token "\
+                                                        "expires_at:datetime:index "\
+                                                        "resetable:references{polymorphic}"
+    if options[:two_factor]
+      generate "migration", "create_otp_credentials \
+                              created_at:datetime \
+                              last_used_at:datetime \
+                              secret:string{32} \
+                              authable:references{polymorphic} \
+                              recovery_codes:json"
+    end
+  end
+  def create_view_templates
+    return if options[:skip_views]
+    template "views/sessions/new.html.slim.erb",
+             "app/views/#{plural_name}/sessions/new.html.slim"
+    template "views/password_resets/new.html.slim.erb",
+             "app/views/#{plural_name}/password_resets/new.html.slim"
+    template "views/password_resets/edit.html.slim.erb",
+             "app/views/#{plural_name}/password_resets/edit.html.slim"
+    if options[:two_factor]
+      template "views/tfa_sessions/new.html.slim.erb",
+               "app/views/#{plural_name}/tfa_sessions/new.html.slim"
+      template "views/tfas/show.html.slim.erb",
+               "app/views/#{plural_name}/tfas/show.html.slim"
+    end
+  end
+  def create_specs
+    return if options[:skip_tests]
+    copy_file "spec/support/factory_bot.rb", "spec/support/factory_bot.rb"
+    template "spec/system/authentication_spec.rb.erb",
+             "spec/system/#{plural_name}/authentication_spec.rb"
+    template "spec/system/password_resets_spec.rb.erb",
+             "spec/system/#{plural_name}/password_resets_spec.rb"
+    template "spec/models/session_spec.rb.erb",
+            "spec/models/#{singular_name}_session_spec.rb"
+    copy_file "spec/models/password_reset_token_spec.rb",
+              "spec/models/password_reset_token_spec.rb"
+    if options[:two_factor]
+      copy_file "spec/support/authentication_helpers.rb",
+                "spec/support/authentication_helpers.rb"
+      template "spec/models/tfa_session_spec.rb.erb", "spec/models/tfa_session_spec.rb"
+      copy_file "spec/models/otp_credential_spec.rb",
+                "spec/models/otp_credential_spec.rb"
+      template "spec/system/tfa_authentication_spec.rb.erb",
+               "spec/system/#{plural_name}/tfa_authentication_spec.rb"
+    end
+  end
+  def create_factories
+    generate "factory_bot:model", "otp_credential"
+    generate "factory_bot:model", "password_reset_token"
+    generate "factory_bot:model", "#{singular_name}_session email:email password:password"
+  end
+  def ensure_gems
+    gem "validates_email_format_of", version: "~> 1.6"
+    gem "slim-rails"
+    gem "factory_bot_rails"
+    gem "faker"
+    if options[:two_factor]
+      gem "rotp", version: "~> 5.1.0"
+      gem "rqrcode", require: false
+    end
+  end
+  def create_routes
+    route <<~RUBY
+    namespace :#{plural_name} do
+      resource :session, only: [:new, :create, :destroy]
+      #{"resource :tfa_session, only: [:new, :create]" if options[:two_factor]}
+      resource :tfa, only: [:create, :show, :destroy]
+      resources :password_resets, only: [:new, :create, :edit, :update], param: :token
+    end
+    RUBY
+  end
+  private
+  def plural_class_name
+    class_name.pluralize
+  end
+  def include_module_in_controller(controller_name, module_name)
+    class_name = controller_name.classify
+    inject_into_class "app/controllers/#{controller_name}.rb", class_name,
+                      "  include #{module_name}\n"
+  end
+  def include_module_in_model(model_name, module_name)
+    inject_into_class "app/models/#{model_name.underscore}.rb", model_name,
+                      "  include #{module_name}\n"
+  end
+end

data/lib/generators/authentication/templates/controllers/concerns/authentication.rb.erb ADDED

@@ -0,0 +1,110 @@
+# frozen_string_literal
+# Concern added to controllres to provide methods for authentication.
+#
+# Automatically generated by the orthodox gem (https://github.com/katanacode/orthodox)
+# (c) Copyright 2019 Katana Code Ltd. All Rights Reserved.
+module Authentication
+  extend ActiveSupport::Concern
+  private
+  # Sign in a given record as a given type
+  #
+  # record - An AppliationRecord subclass instance (e.g. A Member)
+  # as     - A String or Symbol with the model name (e.g. "member")
+  <%- if options[:two_factor] -%>
+  # tfa    - Mark as Two-Factor authentication authenticated.
+  <%- end -%>
+  #
+  # Returns Integer
+  def sign_in(record, as:<%= ", tfa: false" if options[:two_factor] -%>)
+    session[:"#{as}_id"] = record.id.to_i
+    <%- if options[:two_factor] -%>
+    session[:"#{as}_tfa_authenticated"] = tfa
+    <%- end -%>
+  end
+  # Sign out a given record type.
+  #
+  # as - A String or Symbol with the model name (e.g. "member")
+  def sign_out(as)
+    session[:"#{as}_id"] = nil
+    <%- if options[:two_factor] -%>
+    session[:"#{as}_tfa_authenticated"] = nil
+    <%- end -%>
+    instance_variable_set("@current_#{as}", nil)
+  end
+  module ClassMethods
+    # Create a bunch of authentication methods for a given ActiveRecord model
+    def authenticate_model(model_name, **options)
+      # Define a current_<model> method to load the currently signed in record, if present
+      #
+      # Returns ApplicationRecord subclass
+      define_method(:"current_#{model_name}") do
+        instance_method_name = "@current_#{model_name}"
+        if instance_variable_get(instance_method_name).present?
+          instance_variable_get(instance_method_name)
+        else
+          scope = send(:"#{model_name}_auth_scope")
+          instance_variable_set(instance_method_name,
+                                scope.find_by(id: session[:"#{model_name}_id"]))
+        end
+      end
+      # Define a controller before_action method to authenticate a record for the given
+      # model. Redirects to the <model_name>_failed_authentication_url if not passed.
+      #
+      # Returns nil
+      define_method(:"authenticate_#{model_name}")  do
+        unless send(:"current_#{model_name}?")
+          redirect_to send(:"#{model_name}_failed_authentication_url"),
+                      warn: "You must be signed in to do that"
+        end
+      end
+      before_action :"authenticate_#{model_name}"
+      # Creates a scope that records are loaded through when being authenticated. Subclass
+      # this method to customise the load conditions.
+      #
+      # Returns ActiveRecord::Relation
+      define_method(:"#{model_name}_auth_scope") do
+        model_name.to_s.classify.constantize.all
+      end
+      # Creates a boolean method to check if a current_<model_name> has been authenticated
+      # or not.
+      #
+      # Returns Boolean
+      define_method(:"current_#{model_name}?") { send(:"current_#{model_name}").present? }
+      alias_method :"#{model_name}_signed_in?", :"current_#{model_name}?"
+      alias_method :"#{model_name}_failed_authentication_url",
+                   :"new_#{model_name.to_s.pluralize}_session_url"
+      helper_method :"current_#{model_name}"
+      helper_method :"current_#{model_name}?"
+      helper_method :"#{model_name}_signed_in?"
+      private :"current_#{model_name}"
+      private :"current_#{model_name}?"
+      private :"#{model_name}_signed_in?"
+      private :"authenticate_#{model_name}"
+      <%- if options[:two_factor] -%>
+      # This is included if the authentication generator is run with --two-factor=true
+      if options[:tfa] == true
+        include TwoFactorAuthentication
+        define_tfa_methods(model_name)
+      end
+      <%- end -%>
+    end
+  end
+end

data/lib/generators/authentication/templates/controllers/concerns/two_factor_authentication.rb ADDED

@@ -0,0 +1,40 @@
+module TwoFactorAuthentication
+  extend ActiveSupport::Concern
+  included do
+  end
+  module ClassMethods
+    def define_tfa_methods(model_name)
+      define_method :"authenticate_#{model_name}_with_tfa" do
+        send(:"authenticate_#{model_name}_without_tfa")
+        record = send(:"current_#{model_name}")
+        return unless record
+        if record.tfa? && !send(:"current_#{model_name}_tfa_authenticated?")
+          redirect_to send(:"new_#{model_name.to_s.pluralize}_tfa_session_url"),
+                      warn: "You cannot proceed without authenticating"
+        end
+      end
+      define_method :"current_#{model_name}_tfa_authenticated?" do
+        session[:"#{model_name}_tfa_authenticated"] == true
+      end
+      define_method :"#{model_name}_tfa_success_redirect_url" do
+        send(:"#{model_name.to_s.pluralize}_dashboard_url")
+      end
+      alias_method :"authenticate_#{model_name}_without_tfa", :"authenticate_#{model_name}"
+      alias_method :"authenticate_#{model_name}", :"authenticate_#{model_name}_with_tfa"
+    end
+  end
+end

data/lib/generators/authentication/templates/controllers/password_resets_controller.rb.erb ADDED

@@ -0,0 +1,54 @@
+# frozen_string_literal
+class <%= plural_class_name %>::PasswordResetsController < <%= plural_class_name %>::BaseController
+  skip_before_action :authenticate_<%= singular_name %>
+  def new
+  end
+  def create
+    @<%= singular_name %> = <%= plural_name %>_scope.find_by(email: permitted_params[:email])
+    if @<%= singular_name %>
+      @<%= singular_name %>.create_password_reset_token
+      <%= class_name %>Mailer.password_reset_link(@<%= singular_name %>).deliver_later
+    end
+    redirect_to new_<%= plural_name %>_session_url,
+                notice: "Please check your email for a password reset link"
+  end
+  def edit
+    @<%= singular_name %> = find_<%= singular_name %>_from_token(params[:token])
+    if @<%= singular_name %>.nil? or @<%= singular_name %>.password_reset_token.expired?
+      redirect_to new_<%= plural_name %>_session_url,
+                  error: "The link you followed does not look valid"
+    end
+  end
+  def update
+    @<%= singular_name %> = find_<%= singular_name %>_from_token(params[:token])
+    if @<%= singular_name %>.update(password: permitted_params[:password],
+                      password_confirmation: permitted_params[:password_confirmation])
+      @<%= singular_name %>.destroy_password_reset_token
+      redirect_to new_<%= plural_name %>_session_url, notice: "Successfully reset your password"
+    else
+      render :edit
+    end
+  end
+  private
+  def permitted_params
+    params.require(:<%= singular_name %>).permit(:email, :password, :password_confirmation)
+  end
+  # Change me to suit the scoping requirements for this project
+  def <%= plural_name %>_scope
+    <%= class_name %>.all
+  end
+  def find_<%= singular_name %>_from_token(token)
+    <%= plural_name %>_scope.joins(:password_reset_token)
+                 .where(password_reset_tokens: { secret: params[:token] }).first
+  end
+end