orthodox 0.2.4 → 0.3.0

data/lib/generators/authentication/templates/spec/models/session_spec.rb.erb

@@ -0,0 +1,45 @@
+require "rails_helper"
+
+# Automatically generated by the orthodox gem (https://github.com/katanacode/orthodox)
+# (c) Copyright 2019 Katana Code Ltd. All Rights Reserved.
+RSpec.describe <%= class_name %>Session, type: :model do
+
+  context "when credentials valid" do
+    
+    let(:<%= singular_name %>) { create(:<%= singular_name %>) }
+
+    before do
+      subject.email    = <%= singular_name %>.email
+      subject.password = <%= singular_name %>.password
+    end
+    
+    it { is_expected.to be_valid }
+    
+    it "sets the <%= singular_name %> attribute to the matching record" do
+      subject.valid?
+      expect(subject.<%= singular_name %>).to eql(<%= singular_name %>)
+    end
+    
+  end
+
+  context "when credentials are invalid" do
+
+    before do
+      subject.email    = Faker::Internet.safe_email
+      subject.password = "wrong-password"
+    end
+    
+    it { is_expected.not_to be_valid }
+    
+    it "sets the <%= singular_name %> attribute to nil" do
+      expect(subject.<%= singular_name %>).to be_nil
+    end
+    
+    it "has errors on base" do
+      subject.valid?
+      expect(subject.errors[:base]).to be_present
+    end
+    
+  end
+  
+end

data/lib/generators/authentication/templates/spec/models/tfa_session_spec.rb.erb

@@ -0,0 +1,115 @@
+require "rails_helper"
+
+# Automatically generated by the orthodox gem (https://github.com/katanacode/orthodox)
+# (c) Copyright 2019 Katana Code Ltd. All Rights Reserved.
+RSpec.describe TfaSession, type: :model do
+  
+  let!(:<%= singular_name %>) { create(:<%= singular_name %>) }
+  
+  before do
+    <%= singular_name %>.create_otp_credential!
+  end
+  
+  describe "#valid?" do
+    
+    subject { TfaSession.new(record: <%= singular_name %>) }
+    
+    context "when otp correct" do
+        
+      before do
+        subject.otp = <%= singular_name %>.otp_credential.send(:current_otp)
+      end
+      
+      it { is_expected.to be_valid }
+      
+    end
+
+    context "when otp incorrect" do
+      
+      before do
+        subject.otp = "12345"
+      end
+      
+      it { is_expected.to be_invalid }
+      
+    end
+     
+    context "when recovery code correct" do
+      
+      before do
+        subject.recovery_code = <%= singular_name %>.otp_credential.recovery_codes.sample
+      end
+      
+      it { is_expected.to be_valid }
+  
+    end
+
+    context "when recovery code incorrect" do
+      
+      before do
+        subject.recovery_code = "abcd-efgh"
+      end
+      
+      it { is_expected.to be_invalid }
+      
+    end
+  end
+  
+  
+  describe "#otp?" do
+        
+    context "when present" do
+
+      before do
+        subject.otp = "12345"
+      end
+          
+      it "is expected to be truthy" do
+        expect(subject.otp?).to be_truthy
+      end
+      
+    end
+
+    context "when blank" do
+      
+      before do
+        subject.otp = nil
+      end
+      
+      it "is expected to be falsey" do
+        expect(subject.otp?).to be_falsey
+      end
+
+    end
+    
+  end
+  
+  describe "#recovery_code?" do
+        
+    context "when present" do
+
+      before do
+        subject.recovery_code = "abcd-defg"
+      end
+          
+      it "is expected to be truthy" do
+        expect(subject.recovery_code?).to be_truthy
+      end
+      
+    end
+
+    context "when blank" do
+      
+      before do
+        subject.recovery_code = nil
+      end
+      
+      it "is expected to be falsey" do
+        expect(subject.recovery_code?).to be_falsey
+      end
+
+    end
+    
+  end
+  
+end

data/lib/generators/authentication/templates/spec/support/authentication_helpers.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal
+#
+# Helpers for automating sign-in and out during tests
+# Automatically generated by the orthodox gem (https://github.com/katanacode/orthodox)
+# (c) Copyright 2019 Katana Code Ltd. All Rights Reserved. 
+#
+module AuthenticationHelpers
+  def sign_in(record, **options)
+    type = record.class.model_name.singular
+    visit(public_send("new_#{type.pluralize}_session_path"))
+    fill_in :"#{type}_session_email", with: record.email
+    fill_in :"#{type}_session_password", with: record.password
+    click_button "Sign in"
+  end
+end
+RSpec.configure do |config|
+  config.include(AuthenticationHelpers, type: :system)
+end

data/lib/generators/authentication/templates/spec/support/factory_bot.rb

@@ -0,0 +1,5 @@
+require "factory_bot"
+
+RSpec.configure do |config|
+  config.include(FactoryBot::Syntax::Methods)
+end

data/lib/generators/authentication/templates/spec/system/authentication_spec.rb.erb

@@ -0,0 +1,25 @@
+require "rails_helper"
+
+# Automatically generated by the orthodox gem (https://github.com/katanacode/orthodox)
+# (c) Copyright 2019 Katana Code Ltd. All Rights Reserved. 
+RSpec.describe "<%= plural_class_name %>::Authentication", type: :system do
+  
+  let!(:<%= singular_name %>) { create(:<%= singular_name %>) }
+  
+  scenario "A <%= singular_name %> signs in successfully" do
+    visit new_<%= plural_name %>_session_path
+    fill_in :<%= singular_name %>_session_email, with: <%= singular_name %>.email
+    fill_in :<%= singular_name %>_session_password, with: <%= singular_name %>.password  
+    click_button "Sign in"
+    expect(current_path).to eql(<%= plural_name %>_dashboard_path)
+  end
+  
+  scenario "A <%= singular_name %> attempts to sign in unsuccessfully" do
+    visit new_<%= plural_name %>_session_path
+    fill_in :<%= singular_name %>_session_email, with: <%= singular_name %>.email
+    fill_in :<%= singular_name %>_session_password, with: "WRONG-PASSWORD"
+    click_button "Sign in"
+    expect(page).to have_text(<%= class_name%>Session::INVALID_CREDENTIALS)
+  end
+  
+end

data/lib/generators/authentication/templates/spec/system/password_resets_spec.rb.erb

@@ -0,0 +1,73 @@
+require "rails_helper"
+
+# Automatically generated by the orthodox gem (https://github.com/katanacode/orthodox)
+# (c) Copyright 2019 Katana Code Ltd. All Rights Reserved. 
+RSpec.describe "<%= plural_class_name %>::PasswordResets", type: :system do
+  
+  include ActiveSupport::Testing::TimeHelpers
+  
+  let(:<%= singular_name %>) { create(:<%= singular_name %>) }
+  
+  scenario "<%= class_name %> resets password successfully" do
+    visit new_<%= plural_name %>_session_path
+    click_link "Forgot password"
+    fill_in :<%= singular_name %>_email, with: <%= singular_name %>.email
+    click_button "Send"
+    expect(current_path).to eql(new_<%= plural_name %>_session_path)
+    expect(enqueued_jobs)
+    expect(last_mailer_job[:args][0..1]).to eql(["<%= class_name %>Mailer", "password_reset_link"])
+    visit(edit_<%= plural_name %>_password_reset_path(token: <%= singular_name %>.password_reset_token.secret))
+    fill_in(:<%= singular_name %>_password, with: "new-password")
+    fill_in(:<%= singular_name %>_password_confirmation, with: "new-password")    
+    click_button("Save")
+    expect(current_path).to eql(new_<%= plural_name %>_session_path)
+    expect(<%= singular_name %>.reload.authenticate("new-password")).to eql(<%= singular_name %>)
+  end
+  
+  scenario "<%= class_name %> clicks link once already used" do
+    visit new_<%= plural_name %>_session_path
+    click_link "Forgot password"
+    fill_in :<%= singular_name %>_email, with: <%= singular_name %>.email
+    click_button "Send"
+    expect(current_path).to eql(new_<%= plural_name %>_session_path)
+    expect(enqueued_jobs)
+    expect(last_mailer_job[:args][0..1]).to eql(["<%= class_name %>Mailer", "password_reset_link"])
+    visit(edit_<%= plural_name %>_password_reset_path(token: <%= singular_name %>.password_reset_token.secret))
+    fill_in(:<%= singular_name %>_password, with: "new-password")
+    fill_in(:<%= singular_name %>_password_confirmation, with: "new-password")    
+    click_button("Save")
+    expect(current_path).to eql(new_<%= plural_name %>_session_path)
+    visit(edit_<%= plural_name %>_password_reset_path(token: <%= singular_name %>.password_reset_token.secret))
+    expect(current_path).to eql(new_<%= plural_name %>_session_path)
+  end
+  
+  scenario "<%= class_name %> clicks link once expired" do
+    visit new_<%= plural_name %>_session_path
+    click_link "Forgot password"
+    fill_in :<%= singular_name %>_email, with: <%= singular_name %>.email
+    click_button "Send"
+    expect(current_path).to eql(new_<%= plural_name %>_session_path)
+    expect(enqueued_jobs)
+    expect(last_mailer_job[:args][0..1]).to eql(["<%= class_name %>Mailer", "password_reset_link"])
+    travel(16.minutes) do
+      visit(edit_<%= plural_name %>_password_reset_path(token: <%= singular_name %>.password_reset_token.secret))
+      expect(current_path).to eql(new_<%= plural_name %>_session_path)
+    end
+  end
+  
+  scenario "<%= class_name %> email address not recognised" do
+    visit new_<%= plural_name %>_session_path
+    click_link "Forgot password"
+    fill_in :<%= singular_name %>_email, with: "wrong-email@example.com"
+    click_button "Send"
+    expect(current_path).to eql(new_<%= plural_name %>_session_path)
+    expect(last_mailer_job).to be_nil
+  end
+  
+  private
+  
+  def last_mailer_job
+    enqueued_jobs.select { |job| job[:job] == ActionMailer::MailDeliveryJob }.last
+  end
+  
+end

data/lib/generators/authentication/templates/spec/system/tfa_authentication_spec.rb.erb

@@ -0,0 +1,38 @@
+require "rails_helper"
+
+# Automatically generated by the orthodox gem (https://github.com/katanacode/orthodox)
+# (c) Copyright 2019 Katana Code Ltd. All Rights Reserved. 
+RSpec.describe "<%= plural_class_name %>::TfaAuthentication", type: :system do
+  
+  let!(:<%= singular_name %>) { create(:<%= singular_name %>) }
+  
+  before do
+    <%= singular_name %>.create_otp_credential!
+  end
+  
+  scenario "A <%= singular_name %> signs in successfully with otp" do
+    sign_in(<%= singular_name %>, tfa: false)
+    expect(current_path).to eql(new_<%= plural_name %>_tfa_session_path)
+    fill_in(:tfa_session_otp, with: <%= singular_name %>.otp_credential.send(:current_otp))
+    click_button("Submit code")
+    expect(current_path).to eql(<%= plural_name %>_dashboard_path)
+  end
+
+  scenario "A <%= singular_name %> attempts with the wrong otp" do
+    sign_in(<%= singular_name %>, tfa: false)
+    expect(current_path).to eql(new_<%= plural_name %>_tfa_session_path)
+    fill_in(:tfa_session_otp, with: '999999')
+    click_button("Submit code")
+    expect(page).to have_text("not correct")
+  end
+  
+  scenario "A <%= singular_name %> signs in successfully with a recovery code" do
+    sign_in(<%= singular_name %>, tfa: false)
+    expect(current_path).to eql(new_<%= plural_name %>_tfa_session_path)
+    click_link("Use a recovery code")
+    fill_in(:tfa_session_recovery_code, with: <%= singular_name %>.otp_credential.recovery_codes.sample)
+    click_button("Submit code")
+    expect(current_path).to eql(<%= plural_name %>_dashboard_path)
+  end
+  
+end

data/lib/generators/authentication/templates/views/mailers/password_reset_link.html.slim.erb

@@ -0,0 +1,7 @@
+p Reset your password by clicking on this link
+
+= link_to(edit_<%= plural_name %>_password_reset_url(token: @<%= singular_name%>.password_reset_token.secret), edit_<%= plural_name %>_password_reset_url(token: @<%= singular_name%>.password_reset_token.secret)) 
+
+p 
+  em 
+    Note, this link will expire after #{@<%= singular_name%>.password_reset_token.expires_at.to_s(:long)}

data/lib/generators/authentication/templates/views/password_resets/edit.html.slim.erb

@@ -0,0 +1,16 @@
+- title "Set a new password"
+
+h1 = title
+
+= form_tag(<%= plural_name %>_password_reset_path(token: params[:token]), class: "form", method: :patch) do |f|
+
+  .form-group
+    = label(:<%= singular_name %>, :password, "Choose a new password")
+    = password_field(:<%= singular_name %>, :password, class: "form-control")
+
+  .form-group
+    = label(:<%= singular_name %>, :password_confirmation, "Re-enter your password")
+    = password_field(:<%= singular_name %>, :password_confirmation, class: "form-control")
+  
+  = submit_tag("Save changes", class: "btn btn-primary")
+    

data/lib/generators/authentication/templates/views/password_resets/new.html.slim.erb

@@ -0,0 +1,12 @@
+- title "Request a password reset"
+
+h1 = title
+
+= form_tag(<%= plural_name %>_password_resets_path, class: "form") do |f|
+
+  .form-group
+    = label(:<%= singular_name %>, :email, "Email address")
+    = email_field(:<%= singular_name %>, :email, class: "form-control")
+  
+  = submit_tag("Send me a link", class: "btn btn-primary")
+    

data/lib/generators/authentication/templates/views/sessions/new.html.slim.erb

@@ -0,0 +1,21 @@
+- title "Sign in"
+
+= form_for(@<%= singular_name %>_session, url: <%= plural_name %>_session_path) do |f|
+  
+  ul
+   - @<%= singular_name %>_session.errors.full_messages.each do |error_message|
+     li = error_message
+      
+  .form-group
+    = f.label(:email, "Email")
+    = f.email_field(:email, class: "form-control")
+
+  .form-group
+    = f.label(:password, "Password")
+    = f.password_field(:password, class: "form-control")
+    
+  div
+    = f.submit("Sign in")
+    
+  div
+    = link_to("Forgot password?", new_<%= plural_name %>_password_reset_path)

data/lib/generators/authentication/templates/views/tfa_sessions/new.html.slim.erb

@@ -0,0 +1,26 @@
+- title "Two-factor authentication"
+
+= form_for(@tfa_session, url: <%= plural_name %>_tfa_session_path) do |f|
+  
+  ul
+    - @tfa_session.errors.full_messages.each do |error_message|
+      li = error_message
+    
+  .form-group.js-tfa-field-group
+    = f.label(:otp, "Enter your one-time password")
+    = f.text_field(:otp, class: "form-control", autofocus: true, pattern: "[0-9]{3,6}")
+
+  .form-group.js-tfa-field-group.d-none
+    = f.label(:recovery_code, "Use a recovery code")
+    = f.text_field(:recovery_code, class: "form-control", pattern: "[a-zA-Z0-9]{5}-[a-zA-Z0-9]{5}")
+    
+  div
+    = link_to("Use a recovery code instead", "#",
+              class: "js-tfa-link js-tfa-link--recovery-code")
+                
+    = link_to("Use one-time password instead", "#",
+              class: "js-tfa-link js-tfa-link--otp d-none")
+                
+  div
+    = f.submit("Submit code")
+    

data/lib/generators/authentication/templates/views/tfas/show.html.slim.erb

@@ -0,0 +1,9 @@
+- title "Your two-factor authentication"
+
+h1 Your Two-Factor Authentication
+
+= svg_url_for_otp_credential(current_<%= singular_name %>.otp_credential)
+
+pre
+  code.code
+    = current_<%= singular_name %>.otp_credential.recovery_codes.join("\n")

data/lib/generators/base_controller/USAGE

@@ -0,0 +1,8 @@
+Description:
+    Create a base controller for a namespace
+    
+Example:
+    rails generate base_controller Member
+
+    This will create:
+        app/controllers/members/base_controller.rb

data/lib/generators/base_controller/base_controller_generator.rb

@@ -0,0 +1,22 @@
+# frozen_string_literal
+
+class BaseControllerGenerator < Rails::Generators::NamedBase
+  source_root File.expand_path('templates', __dir__)
+  
+  check_class_collision suffix: "Controller"
+
+  desc "This generator creates a base controller for the named namespace"
+
+  def ensure_file
+    template "base_controller.rb.erb", 
+             File.join("app", "controllers", plural_file_name, "base_controller.rb")
+  end
+  
+  private
+  
+  
+  def namespace_module
+    file_name.to_s.split("/").first.classify.pluralize
+  end
+  
+end