passwordless 0.12.0 → 1.0.0

data/lib/passwordless/engine.rb

@@ -3,17 +3,13 @@
 module Passwordless
   # Engine that runs the passwordless gem.
   class Engine < ::Rails::Engine
-    isolate_namespace Passwordless
-
     config.to_prepare do
       require "passwordless/router_helpers"
-
-      ActionDispatch::Routing::Mapper.include RouterHelpers
       require "passwordless/model_helpers"
-
-      ActiveRecord::Base.extend ModelHelpers
       require "passwordless/controller_helpers"
 
+      ActionDispatch::Routing::Mapper.include RouterHelpers
+      ActiveRecord::Base.extend ModelHelpers
     end
 
     config.before_initialize do |app|

data/lib/passwordless/errors.rb

@@ -2,6 +2,10 @@
 
 module Passwordless
   module Errors
+    # Raised when the authenticatable class is not found.
+    class MissingEmailFieldError < StandardError
+    end
+
     # Raise this exception when a session is expired.
     class SessionTimedOutError < StandardError
     end

data/lib/passwordless/router_helpers.rb

@@ -8,6 +8,8 @@ module Passwordless
     #     passwordless_for :users
     #     # or with options ...
     #     passwordless_for :users, at: 'session_stuff', as: :user_session_things
+    #     # or with a custom controller ...
+    #     passwordless_for :users, controller: 'my_custom_controller'
     # @param resource [Symbol] the pluralized symbol of a Model (e.g - :users).
     # @param at [String] Optional - provide custom path for the passwordless
     #   engine to get mounted at (using the above example your URLs end
@@ -16,17 +18,29 @@ module Passwordless
     #   helpers (using the above example in a view:
     #   <%= link_to 'Sign in', user_session_things.sign_in_path %>).
     #   (Default: resource.to_s)
-    def passwordless_for(resource, at: nil, as: nil)
-      mount_at = at || resource.to_s
-      mount_as = as || resource.to_s
-      mount(
-        Passwordless::Engine,
-        at: mount_at,
-        as: mount_as,
-        defaults: {authenticatable: resource.to_s.singularize}
-      )
+    # @param controller [String] Optional - provide a custom controller for
+    #  sessions to use (using the above example the controller called would be MyCustomController
+    #  (Default: 'passwordless/sessions')
+    def passwordless_for(resource, at: :na, as: :na, controller: "passwordless/sessions")
+      at == :na && at = "/#{resource.to_s}"
+      as == :na && as = "#{resource.to_s}_"
 
-      Passwordless.mounted_as = mount_as
+      plural = resource.to_s
+      singular = plural.singularize
+
+      defaults = {
+        authenticatable: singular,
+        resource: resource,
+      }
+
+      scope(defaults: defaults) do
+        get("#{at}/sign_in", to: "#{controller}#new", as: :"#{as}sign_in")
+        post("#{at}/sign_in", to: "#{controller}#create")
+        get("#{at}/sign_in/:id", to: "#{controller}#show", as: :"verify_#{as}sign_in")
+        get("#{at}/sign_in/:id/:token", to: "#{controller}#confirm", as: :"confirm_#{as}sign_in")
+        patch("#{at}/sign_in/:id", to: "#{controller}#update")
+        match("#{at}/sign_out", to: "#{controller}#destroy", via: %i[get delete], as: :"#{as}sign_out")
+      end
     end
   end
 end

data/lib/passwordless/short_token_generator.rb

@@ -0,0 +1,9 @@
+module Passwordless
+  class ShortTokenGenerator
+    CHARS = [*"A".."Z", *"0".."9"].freeze
+
+    def call(_session)
+      CHARS.sample(6).join
+    end
+  end
+end

data/lib/passwordless/test_helpers.rb

@@ -2,25 +2,35 @@ module Passwordless
   module TestHelpers
     module TestCase
       def passwordless_sign_out
-        delete Passwordless::Engine.routes.url_helpers.sign_out_path
+        delete(Passwordless::Engine.routes.url_helpers.sign_out_path)
         follow_redirect!
       end
 
       def passwordless_sign_in(resource)
-        session = Passwordless::Session.create!(authenticatable: resource, user_agent: "TestAgent", remote_addr: "unknown")
-        get Passwordless::Engine.routes.url_helpers.token_sign_in_path(session.token)
+        session = Passwordless::Session.create!(authenticatable: resource)
+        magic_link = Passwordless::Engine.routes.url_helpers.send(
+          :"confirm_#{session.authenticatable_type.tableize}_sign_in_url",
+          session,
+          session.token
+        )
+        get(magic_link)
         follow_redirect!
       end
     end
 
     module SystemTestCase
       def passwordless_sign_out
-        visit Passwordless::Engine.routes.url_helpers.sign_out_path
+        visit(Passwordless::Engine.routes.url_helpers.sign_out_path)
       end
 
       def passwordless_sign_in(resource)
-        session = Passwordless::Session.create!(authenticatable: resource, user_agent: "TestAgent", remote_addr: "unknown")
-        visit Passwordless::Engine.routes.url_helpers.token_sign_in_path(session.token)
+        session = Passwordless::Session.create!(authenticatable: resource)
+        magic_link = Passwordless::Engine.routes.url_helpers.send(
+          :"confirm_#{session.authenticatable_type.tableize}_sign_in_url",
+          session,
+          session.token
+        )
+        visit(magic_link)
       end
     end
   end
@@ -36,8 +46,8 @@ end
 
 if defined?(RSpec)
   RSpec.configure do |config|
-    config.include ::Passwordless::TestHelpers::TestCase, type: :request
-    config.include ::Passwordless::TestHelpers::TestCase, type: :controller
-    config.include ::Passwordless::TestHelpers::SystemTestCase, type: :system
+    config.include(::Passwordless::TestHelpers::TestCase, type: :request)
+    config.include(::Passwordless::TestHelpers::TestCase, type: :controller)
+    config.include(::Passwordless::TestHelpers::SystemTestCase, type: :system)
   end
 end

data/lib/passwordless/token_digest.rb

@@ -0,0 +1,18 @@
+module Passwordless
+  class TokenDigest
+    ALGORITHM = "SHA256"
+
+    def initialize(str)
+      @str = str
+    end
+
+    def digest
+      key = self.class.key()
+      OpenSSL::HMAC.hexdigest(ALGORITHM, key, @str)
+    end
+
+    def self.key
+      @key ||= ActiveSupport::KeyGenerator.new(Rails.application.secret_key_base).generate_key("passwordless")
+    end
+  end
+end

data/lib/passwordless/version.rb

@@ -2,5 +2,5 @@
 
 module Passwordless
   # :nodoc:
-  VERSION = "0.12.0"
+  VERSION = "1.0.0"
 end

data/lib/passwordless.rb

@@ -1,30 +1,16 @@
 # frozen_string_literal: true
 
 require "active_support"
+require "passwordless/config"
 require "passwordless/errors"
 require "passwordless/engine"
-require "passwordless/url_safe_base_64_generator"
+require "passwordless/token_digest"
 
 # The main Passwordless module
 module Passwordless
-  mattr_accessor(:parent_mailer) { "ActionMailer::Base" }
-  mattr_accessor(:default_from_address) { "CHANGE_ME@example.com" }
-  mattr_accessor(:token_generator) { UrlSafeBase64Generator.new }
-  mattr_accessor(:restrict_token_reuse) { false }
-  mattr_accessor(:redirect_back_after_sign_in) { true }
-  mattr_accessor(:mounted_as) { :configured_when_mounting_passwordless }
+  extend Configurable
 
-  mattr_accessor(:expires_at) { lambda { 1.year.from_now } }
-  mattr_accessor(:timeout_at) { lambda { 1.hour.from_now } }
-  mattr_accessor(:redirect_to_response_options) { {} }
-  mattr_accessor(:success_redirect_path) { "/" }
-  mattr_accessor(:failure_redirect_path) { "/" }
-  mattr_accessor(:sign_out_redirect_path) { "/" }
-
-  mattr_accessor(:after_session_save) do
-    lambda { |session, _request| Mailer.magic_link(session).deliver_now }
+  def self.digest(token)
+    TokenDigest.new(token).digest
   end
-
-  CookieDeprecation = ActiveSupport::Deprecation.new("0.9", "passwordless")
-  SessionValidDeprecation = ActiveSupport::Deprecation.new("0.9", "passwordless")
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: passwordless
 version: !ruby/object:Gem::Version
-  version: 0.12.0
+  version: 1.0.0
 platform: ruby
 authors:
 - Mikkel Malmberg
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-06-16 00:00:00.000000000 Z
+date: 2023-10-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -28,58 +28,16 @@ dependencies:
   name: bcrypt
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: 3.1.11
   type: :runtime
   prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: 3.1.11
-- !ruby/object:Gem::Dependency
-  name: sqlite3
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 1.4.1
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 1.4.1
-- !ruby/object:Gem::Dependency
-  name: yard
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: standard
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 3.1.11
 description:
 email:
 - mikkel@brnbw.com
@@ -95,20 +53,23 @@ files:
 - app/mailers/passwordless/mailer.rb
 - app/models/passwordless/application_record.rb
 - app/models/passwordless/session.rb
-- app/views/passwordless/mailer/magic_link.text.erb
+- app/views/passwordless/mailer/sign_in.text.erb
 - app/views/passwordless/sessions/new.html.erb
+- app/views/passwordless/sessions/show.html.erb
 - config/locales/en.yml
 - config/routes.rb
 - db/migrate/20171104221735_create_passwordless_sessions.rb
 - lib/generators/passwordless/views_generator.rb
 - lib/passwordless.rb
+- lib/passwordless/config.rb
 - lib/passwordless/controller_helpers.rb
 - lib/passwordless/engine.rb
 - lib/passwordless/errors.rb
 - lib/passwordless/model_helpers.rb
 - lib/passwordless/router_helpers.rb
+- lib/passwordless/short_token_generator.rb
 - lib/passwordless/test_helpers.rb
-- lib/passwordless/url_safe_base_64_generator.rb
+- lib/passwordless/token_digest.rb
 - lib/passwordless/version.rb
 homepage: https://github.com/mikker/passwordless
 licenses:
@@ -129,7 +90,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.4.14
+rubygems_version: 3.4.20
 signing_key:
 specification_version: 4
 summary: Add authentication to your app without all the ickyness of passwords.

data/app/views/passwordless/mailer/magic_link.text.erb

@@ -1 +0,0 @@
-<%= I18n.t('passwordless.mailer.magic_link', link: @magic_link) %>

data/lib/passwordless/url_safe_base_64_generator.rb

@@ -1,15 +0,0 @@
-# frozen_string_literal: true
-
-module Passwordless
-  # Generates random numbers for Session records
-  class UrlSafeBase64Generator
-    # Passwordless' default random string strategy. Generates a url safe
-    # base64 random string.
-    # @param _session [Session] Optional - Passwordless passes the sesion Record
-    # to generators so you can (optionally) use it for generating your tokens.
-    # @return [String] 32 byte base64 string
-    def call(_session)
-      SecureRandom.urlsafe_base64(32)
-    end
-  end
-end