passwordless 0.11.0 → 0.12.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: bfea8774f73a80e003f7257caa02afc7c1475a87077a4881b2c1e85442ebf8e9
-  data.tar.gz: 4882a066aa2ecc18a4a170e697014b5f09b9bde58c32e821eb60944c9fb90b13
+  metadata.gz: b90e8f97825d92f0728154737c428d39cfecbedc9e02bbe6948d0861dd5e9c39
+  data.tar.gz: 2a5b288bf8c16004c6ec8fe7b8937e9f72496475e6e9af4e6a70c32a7a1d05dc
 SHA512:
-  metadata.gz: f71185082eb25883c1a7778276c244cd8e4ada2ee1c76137b2838c08b40ed8687b1db3eae2ed869f376be762d03d0ad7978c481d73f42c2338be0b1d200cb07c
-  data.tar.gz: 4ad367839721156af66ee6a76786acae842636eda04841ce1a92012dcc245ddd20414d00108908cd27190fa01e4636c88c4668012b893700f6e67ce604ca979f
+  metadata.gz: 2350958cc2cb4628a6242a6c86ef08b3962fef2ba12fd9ed5a1bf8727f9254fc61fb77e9fa946bb015ebfc98eb81563d1e56aeb1c40d1cbc2ef96e66af512de9
+  data.tar.gz: 5fed7a3d7541a302fa9d6fc802bd530002846ea8cc4dae2057d03fdd799d66263752c766578bd96a441ab584d539739fbe55a63f7e258c5a7e1b16fdecb9eb7a

data/README.md

@@ -58,7 +58,10 @@ Then specify which field on your `User` record is the email field with:
 
 ```ruby
 class User < ApplicationRecord
-  validates :email, presence: true, uniqueness: { case_sensitive: false }
+  validates :email,
+            presence: true,
+            uniqueness: { case_sensitive: false },
+            format: { with: URI::MailTo::EMAIL_REGEXP }
 
   passwordless_with :email # <-- here!
 end
@@ -250,6 +253,9 @@ Passwordless.redirect_back_after_sign_in = true # When enabled the user will be
 Passwordless.expires_at = lambda { 1.year.from_now } # How long until a passwordless session expires.
 Passwordless.timeout_at = lambda { 1.hour.from_now } # How long until a magic link expires.
 
+# redirection session behavior
+Passwordless.redirect_to_response_options = {} # any allowed response_options for redirect_to can go in here
+
 # Default redirection paths
 Passwordless.success_redirect_path = '/' # When a user succeeds in logging in.
 Passwordless.failure_redirect_path = '/' # When a a login is failed for any reason.

data/app/controllers/passwordless/sessions_controller.rb

@@ -17,7 +17,7 @@ module Passwordless
 
     # post '/sign_in'
     #   Creates a new Session record then sends the magic link
-    #   renders sessions/create.html.erb.
+    #   redirects to sign in page with generic flash message.
     # @see Mailer#magic_link Mailer#magic_link
     def create
       @resource = find_authenticatable
@@ -29,11 +29,10 @@ module Passwordless
         else
           Passwordless.after_session_save.call(session)
         end
-
-        render :create, status: :ok
-      else
-        render :create, status: :unprocessable_entity
       end
+
+      flash[:notice] = I18n.t('passwordless.sessions.create.email_sent_if_record_found')
+      redirect_to(sign_in_path)
     end
 
     # get '/sign_in/:token'
@@ -44,16 +43,17 @@ module Passwordless
     # @see ControllerHelpers#save_passwordless_redirect_location!
     def show
       # Make it "slow" on purpose to make brute-force attacks more of a hassle
+      redirect_to_options = Passwordless.redirect_to_response_options.dup
       BCrypt::Password.create(params[:token])
       sign_in(passwordless_session)
 
-      redirect_to(passwordless_success_redirect_path)
+      redirect_to(passwordless_success_redirect_path, redirect_to_options)
     rescue Errors::TokenAlreadyClaimedError
       flash[:error] = I18n.t(".passwordless.sessions.create.token_claimed")
-      redirect_to(passwordless_failure_redirect_path)
+      redirect_to(passwordless_failure_redirect_path, redirect_to_options)
     rescue Errors::SessionTimedOutError
       flash[:error] = I18n.t(".passwordless.sessions.create.session_expired")
-      redirect_to(passwordless_failure_redirect_path)
+      redirect_to(passwordless_failure_redirect_path, redirect_to_options)
     end
 
     # match '/sign_out', via: %i[get delete].
@@ -61,7 +61,7 @@ module Passwordless
     # @see ControllerHelpers#sign_out
     def destroy
       sign_out(authenticatable_class)
-      redirect_to(passwordless_sign_out_redirect_path)
+      redirect_to(passwordless_sign_out_redirect_path, Passwordless.redirect_to_response_options.dup)
     end
 
     protected

data/app/views/passwordless/sessions/new.html.erb

@@ -1,5 +1,5 @@
-<%= form_for @session, url: send(Passwordless.mounted_as).sign_in_path do |f| %>
+<%= form_with model: @session, url: send(Passwordless.mounted_as).sign_in_path, data: { turbo: 'false' } do |f| %>
   <% email_field_name = :"passwordless[#{@email_field}]" %>
-  <%= text_field_tag email_field_name, params.fetch(email_field_name, nil) %>
+  <%= text_field_tag email_field_name, params.fetch(email_field_name, nil), required: true %>
   <%= f.submit I18n.t('passwordless.sessions.new.submit') %>
 <% end %>

data/lib/generators/passwordless/views_generator.rb

@@ -8,7 +8,7 @@ module Passwordless
       def install
         copy_file 'mailer/magic_link.text.erb', 'app/views/passwordless/mailer/magic_link.text.erb'
         copy_file 'sessions/new.html.erb', 'app/views/passwordless/sessions/new.html.erb'
-        copy_file 'sessions/create.html.erb', 'app/views/passwordless/sessions.create.html.erb'
+        copy_file 'sessions/create.html.erb', 'app/views/passwordless/sessions/create.html.erb'
       end
     end
   end

data/lib/passwordless/controller_helpers.rb

@@ -90,7 +90,7 @@ module Passwordless
       raise Passwordless::Errors::SessionTimedOutError if passwordless_session.timed_out?
 
       old_session = session.dup.to_hash
-      reset_session
+      reset_session if defined?(reset_session) # allow usage outside controllers
       old_session.each_pair { |k, v| session[k.to_sym] = v }
 
       key = session_key(passwordless_session.authenticatable_type)
@@ -113,7 +113,7 @@ module Passwordless
       cookies.delete(key)
 
       # /deprecated
-      reset_session
+      reset_session if defined?(reset_session) # allow usage outside controllers
       true
     end
 

data/lib/passwordless/version.rb

@@ -2,5 +2,5 @@
 
 module Passwordless
   # :nodoc:
-  VERSION = "0.11.0"
+  VERSION = "0.12.0"
 end

data/lib/passwordless.rb

@@ -16,6 +16,7 @@ module Passwordless
 
   mattr_accessor(:expires_at) { lambda { 1.year.from_now } }
   mattr_accessor(:timeout_at) { lambda { 1.hour.from_now } }
+  mattr_accessor(:redirect_to_response_options) { {} }
   mattr_accessor(:success_redirect_path) { "/" }
   mattr_accessor(:failure_redirect_path) { "/" }
   mattr_accessor(:sign_out_redirect_path) { "/" }

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: passwordless
 version: !ruby/object:Gem::Version
-  version: 0.11.0
+  version: 0.12.0
 platform: ruby
 authors:
 - Mikkel Malmberg
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-08-12 00:00:00.000000000 Z
+date: 2023-06-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -42,14 +42,14 @@ dependencies:
   name: sqlite3
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: 1.4.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: 1.4.1
 - !ruby/object:Gem::Dependency
@@ -96,7 +96,6 @@ files:
 - app/models/passwordless/application_record.rb
 - app/models/passwordless/session.rb
 - app/views/passwordless/mailer/magic_link.text.erb
-- app/views/passwordless/sessions/create.html.erb
 - app/views/passwordless/sessions/new.html.erb
 - config/locales/en.yml
 - config/routes.rb
@@ -130,7 +129,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.3.7
+rubygems_version: 3.4.14
 signing_key:
 specification_version: 4
 summary: Add authentication to your app without all the ickyness of passwords.

data/app/views/passwordless/sessions/create.html.erb

@@ -1 +0,0 @@
-<p><%= I18n.t('passwordless.sessions.create.email_sent_if_record_found') %></p>