passwordless 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 7975d0dabfd39211005c2a34f3f3d967755b0a70
+  data.tar.gz: 621a7327a0375aeeb6e4dafb990bce78d4bf32dc
+SHA512:
+  metadata.gz: 55ca6da5e10b2a0d8e92d0dad1cc048214efd7e32a9d6fecc40a2ebce102744772c96b6b128fae53d1b14b3709bb49f1225c82c6d5a08507eef8db29fc1ce0f9
+  data.tar.gz: 925dbd8b6d98ac9a68d5c12bdc940bc38a1dc8c4e82b47c941d2de768b0cdd43edf2681a900e213eac366fd1e17dab9031650869cc2ce6801bd24881989e6320

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright 2017 Mikkel Malmberg
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,9 @@
+# Passwordless
+
+Add authentication to your Rails app without all the icky-ness of passwords.
+
+_WIP_
+
+# License
+
+MIT

data/Rakefile

@@ -0,0 +1,36 @@
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+
+require 'rdoc/task'
+
+RDoc::Task.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'Passwordless'
+  rdoc.options << '--line-numbers'
+  rdoc.rdoc_files.include('README.md')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+APP_RAKEFILE = File.expand_path("../test/dummy/Rakefile", __FILE__)
+load 'rails/tasks/engine.rake'
+
+
+load 'rails/tasks/statistics.rake'
+
+
+
+require 'bundler/gem_tasks'
+
+require 'rake/testtask'
+
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'test'
+  t.pattern = 'test/**/*_test.rb'
+  t.verbose = false
+end
+
+
+task default: :test

data/app/controllers/passwordless/application_controller.rb

@@ -0,0 +1,5 @@
+module Passwordless
+  class ApplicationController < ActionController::Base
+    protect_from_forgery with: :exception
+  end
+end

data/app/controllers/passwordless/sessions_controller.rb

@@ -0,0 +1,53 @@
+module Passwordless
+  class SessionsController < ApplicationController
+    include ControllerHelpers
+
+    def new
+      @email_field = authenticatable_class.passwordless_email_field
+
+      @session = Session.new
+    end
+
+    def create
+      email_field = authenticatable_class.passwordless_email_field
+      authenticatable = authenticatable_class.where(
+        "lower(#{email_field}) = ?", params[:passwordless][email_field]
+      ).first
+
+      session = Session.new.tap do |us|
+        us.remote_addr = request.remote_addr
+        us.user_agent = request.env['HTTP_USER_AGENT']
+        us.authenticatable = authenticatable
+      end
+
+      if session.save
+        Mailer.magic_link(session).deliver_now
+      end
+
+      render
+    end
+
+    def show
+      session = Session.valid.find_by!(
+        authenticatable_type: params[:authenticatable],
+        token: params[:token]
+      )
+
+      sign_in! session.authenticatable
+
+      redirect_to main_app.root_path
+    end
+
+    def destroy
+      sign_out! authenticatable_class
+
+      redirect_to main_app.root_path
+    end
+
+    private
+
+    def authenticatable_class
+      params[:authenticatable].constantize
+    end
+  end
+end

data/app/lib/passwordless/controller_helpers.rb

@@ -0,0 +1,30 @@
+module Passwordless
+  module ControllerHelpers
+
+    def authenticate!(authenticatable_class)
+      key = :"#{authenticatable_class.to_s.underscore}_id"
+      authenticatable_id = cookies.encrypted[key]
+      return unless authenticatable_id
+
+      authenticatable_class.find_by(id: authenticatable_id)
+    end
+
+    def sign_in!(authenticatable)
+      key = :"#{authenticatable.class.to_s.underscore}_id"
+      cookies.encrypted.permanent[key] = { value: authenticatable.id }
+      authenticatable
+    end
+
+    def sign_out!(authenticatable_class)
+      key = :"#{authenticatable_class.to_s.underscore}_id"
+      cookies.encrypted.permanent[key] = { value: nil }
+      cookies.delete(key)
+    end
+
+    # def self.included(kls)
+    #   kls.class_eval do
+    #     # helper_method :current_user
+    #   end
+    # end
+  end
+end

data/app/mailers/passwordless/mailer.rb

@@ -0,0 +1,12 @@
+module Passwordless
+  class Mailer < ActionMailer::Base
+    default from: 'from@example.com'
+
+    def magic_link(session)
+      @session = session
+
+      email_field = @session.authenticatable.class.passwordless_email_field
+      mail to: @session.authenticatable.send(email_field), subject: "Your magic link ✨"
+    end
+  end
+end

data/app/models/passwordless/application_record.rb

@@ -0,0 +1,5 @@
+module Passwordless
+  class ApplicationRecord < ActiveRecord::Base
+    self.abstract_class = true
+  end
+end

data/app/models/passwordless/session.rb

@@ -0,0 +1,30 @@
+module Passwordless
+  class Session < ApplicationRecord
+    belongs_to :authenticatable, polymorphic: true
+
+    validates \
+      :timeout_at,
+      :expires_at,
+      :user_agent,
+      :remote_addr,
+      :token,
+      presence: true
+
+    before_validation :set_defaults
+
+    scope :valid, lambda {
+      where('timeout_at > ? AND expires_at > ?', Time.current, Time.current)
+    }
+
+    private
+
+    def set_defaults
+      self.expires_at ||= 1.year.from_now
+      self.timeout_at ||= 1.hour.from_now
+      self.token ||= loop do
+        token = SecureRandom.urlsafe_base64(32)
+        break token unless Session.find_by(token: token)
+      end
+    end
+  end
+end

data/app/views/passwordless/mailer/magic_link.text.erb

@@ -0,0 +1,2 @@
+Here's your link:
+<%= passwordless.token_sign_in_url @session.token %>

data/app/views/passwordless/sessions/create.html.erb

@@ -0,0 +1 @@
+<p>If we found you in the system, we've sent you an email.</p>

data/app/views/passwordless/sessions/new.html.erb

@@ -0,0 +1,5 @@
+<%= form_for @session, url: passwordless.sign_in_path do |f| %>
+  <% email_field_name = :"passwordless[#{@email_field}]" %>
+  <%= text_field_tag email_field_name, params.fetch(email_field_name, nil) %>
+  <%= f.submit 'Send magic link' %>
+<% end %>

data/config/routes.rb

@@ -0,0 +1,7 @@
+Passwordless::Engine.routes.draw do
+  get '/sign_in', to: 'sessions#new', as: :sign_in
+  post '/sign_in', to: 'sessions#create'
+  get '/sign_in_create', to: 'sessions#create_test'
+  get '/sign_in/:token', to: 'sessions#show', as: :token_sign_in
+  match '/sign_out', to: 'sessions#destroy', via: %i[get delete], as: :sign_out
+end

data/db/migrate/20171104221735_create_passwordless_sessions.rb

@@ -0,0 +1,18 @@
+class CreatePasswordlessSessions < ActiveRecord::Migration[5.1]
+  def change
+    create_table :passwordless_sessions do |t|
+      t.belongs_to(
+        :authenticatable,
+        polymorphic: true,
+        index: { name: 'authenticatable' }
+      )
+      t.datetime :timeout_at, null: false
+      t.datetime :expires_at, null: false
+      t.text :user_agent, null: false
+      t.string :remote_addr, null: false
+      t.string :token, null: false
+
+      t.timestamps
+    end
+  end
+end

data/lib/passwordless.rb

@@ -0,0 +1,5 @@
+require "passwordless/engine"
+
+module Passwordless
+  # Your code goes here...
+end

data/lib/passwordless/engine.rb

@@ -0,0 +1,5 @@
+module Passwordless
+  class Engine < ::Rails::Engine
+    isolate_namespace Passwordless
+  end
+end

data/lib/passwordless/version.rb

@@ -0,0 +1,3 @@
+module Passwordless
+  VERSION = '0.1.0'
+end

data/lib/tasks/passwordless_tasks.rake

@@ -0,0 +1,4 @@
+# desc "Explaining what the task does"
+# task :passwordless do
+#   # Task goes here
+# end

metadata

@@ -0,0 +1,90 @@
+--- !ruby/object:Gem::Specification
+name: passwordless
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Mikkel Malmberg
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2017-11-05 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 5.1.4
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 5.1.4
+- !ruby/object:Gem::Dependency
+  name: sqlite3
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: 
+email:
+- mikkel@brnbw.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- MIT-LICENSE
+- README.md
+- Rakefile
+- app/controllers/passwordless/application_controller.rb
+- app/controllers/passwordless/sessions_controller.rb
+- app/lib/passwordless/controller_helpers.rb
+- app/mailers/passwordless/mailer.rb
+- app/models/passwordless/application_record.rb
+- app/models/passwordless/session.rb
+- app/views/passwordless/mailer/magic_link.text.erb
+- app/views/passwordless/sessions/create.html.erb
+- app/views/passwordless/sessions/new.html.erb
+- config/routes.rb
+- db/migrate/20171104221735_create_passwordless_sessions.rb
+- lib/passwordless.rb
+- lib/passwordless/engine.rb
+- lib/passwordless/version.rb
+- lib/tasks/passwordless_tasks.rake
+homepage: https://github.com/mikker/passwordless
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.6.13
+signing_key: 
+specification_version: 4
+summary: Add authentication to your Rails app without all the icky-ness of passwords.
+test_files: []