RubyGems - passwordless - Versions diffs - 0.5.4 → 0.6.0 - Mend

passwordless 0.5.4 → 0.6.0

Files changed (7) hide show

checksums.yaml +4 -4
data/README.md +55 -11
data/app/controllers/passwordless/sessions_controller.rb +9 -3
data/app/models/passwordless/session.rb +3 -2
data/lib/passwordless.rb +3 -0
data/lib/passwordless/version.rb +1 -1
metadata +3 -4

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: fa64d2ab5ebc0459f75b9c7156a480228b519f8b5b38f791fc6cba0a780a82cd
-  data.tar.gz: 4297d10aaa0cbb727a68d3ba79282df3a0345d3fcd6aa041db37a929a345ea0c
+  metadata.gz: 00fe76a0b0247e700ff5868fcabf1dc82b1bffddd63437f21d5ec5c4dce83479
+  data.tar.gz: ff56c5859f448221da83458c17dd30623bd335942fe77e44bede19144a7dd49e
 SHA512:
-  metadata.gz: ad267857c79956191a9b7dc474c2349dfbf1213a39f388339f57dd4d50bf77a69841d3bc4c4bbf227be084b9e138aff9290925bea665436e7548754810fdac4e
-  data.tar.gz: 11114a1b24a896e5613a496771a193c68b4e170880e422cbd894c284c5e9ee2bf7927ac5beedda95c8c6c1d1946ade7d5b933dddb19754ce2e861cef06573f8a
+  metadata.gz: 2e3281f7a60b04f82796a00759a6aea284aeeafb237670c10f458a629ea02b0d55607f155b4efa257209f580aeb394b0bf33c69c5bce250ec3e179e01eecaf89
+  data.tar.gz: 81ddaae8d5120e6e1867a8992bc9c0b0f596933ba163dac63a1b3ad39b2b4ba40d84c6b69bb1764283ea9eac39eba199f1fbced0a91f1f93f16f10f01e56bf38

data/README.md CHANGED

@@ -16,8 +16,10 @@ Add authentication to your Rails app without all the icky-ness of passwords.
 * [Usage](#usage)
      * [Getting the current user, restricting access, the usual](#getting-the-current-user-restricting-access-the-usual)
      * [Providing your own templates](#providing-your-own-templates)
+     * [Overrides](#overrides)
      * [Registering new users](#registering-new-users)
      * [Generating tokens](#generating-tokens)
+     * [Token and Session Expiry](#token-and-session-expiry)
      * [Redirecting back after sign-in](#redirecting-back-after-sign-in)
      * [URLs and links](#urls-and-links)
      * [E-mail security](#e-mail-security)
@@ -51,7 +53,7 @@ Then specify which field on your `User` record is the email field with:
 ```ruby
 class User < ApplicationRecord
   validates :email, presence: true, uniqueness: { case_sensitive: false }
   passwordless_with :email # <-- here!
 end
 ```
@@ -73,13 +75,13 @@ Passwordless doesn't give you `current_user` automatically -- it's dead easy to
 ```ruby
 class ApplicationController < ActionController::Base
   include Passwordless::ControllerHelpers # <-- This!
   # ...
   helper_method :current_user
   private
   def current_user
     @current_user ||= authenticate_by_cookie(User)
   end
@@ -96,7 +98,7 @@ Et voilà:
 ```ruby
 class VerySecretThingsController < ApplicationController
   before_action :require_user!
   def index
     @things = current_user.very_secret_things
   end
@@ -118,6 +120,22 @@ app/views/passwordless/mailer/magic_link.text.erb
 See [the bundled views](https://github.com/mikker/passwordless/tree/master/app/views/passwordless).
+### Overrides
+By default `passwordless` uses the `passwordless_with` column you specify in the model to case insensitively fetch the resource during authentication. You can override this and provide your own customer fetcher by defining a class method `fetch_resource_for_passwordless` in your passwordless model. The method will be supplied with the downcased email and should return an `ActiveRecord` instance of the model.
+Example time:
+Let's say we would like to fetch the record and if it doesn't exist, create automatically.
+```ruby
+class User < ApplicationRecord
+  def self.fetch_resource_for_passwordless(email)
+    find_or_create_by(email: email)
+  end
+end
+```
 ### Registering new users
 Because your `User` record is like any other record, you create one like you normally would. Passwordless provides a helper method you can use to sign in the created user after it is saved like so:
@@ -129,7 +147,7 @@ class UsersController < ApplicationController
   def create
     @user = User.new user_params
     if @user.save
       sign_in @user # <-- And this!
       redirect_to @user, flash: {notice: 'Welcome!'}
@@ -137,7 +155,7 @@ class UsersController < ApplicationController
       render :new
     end
   end
   # ...
 end
 ```
@@ -154,6 +172,32 @@ Passwordless.token_generator = -> (session) {
 Session is going to keep generating tokens until it finds one that hasn't been used yet. So be sure to use some kind of method where matches are unlikely.
+### Token and Session Expiry
+Token timeout is the time by which the sign in token is invalidated. Post the timeout, the token cannot be used to sign-in to the app and the user would need to request it again.
+Session expiry is the expiration time of the session of a logged in user. Once this is expired, user would need to log back in to create a new session.
+#### Token timeout
+By default, sign in tokens generated by Passwordless are made invalid after `1.hour` from the time they are generated. If you wish you can override this and supply your custom Proc function that will return a valid datetime object. Make sure the generated time is in the future.
+> Make sure to use a `.call`able object, like a proc or lambda as it will be called everytime a session is created.
+```ruby
+Passwordless.timeout_at = lambda { 2.hours.from_now }
+```
+#### Session Expiry
+Session expiry is the time when the actual session is itself expired, i.e. users will be logged out and has to sign back in post this expiry time. By default, sessions are valid for `1.year` from the time they are generated. You can override by providing your custom Proc function that returns a datetime object.
+> Make sure to use a `.call`able object, like a proc or lambda as it will be called everytime a session is created.
+```ruby
+Passwordless.expires_at = lambda { 24.hours.from_now }
+```
 ### Redirecting back after sign-in
 By default Passwordless will redirect back to where the user wanted to go **if** it knows where that is, so you'll have to help it. `Passwordless::ControllerHelpers` provide a method for this:
@@ -161,9 +205,9 @@ By default Passwordless will redirect back to where the user wanted to go **if**
 ```ruby
 class ApplicationController < ActionController::Base
   include Passwordless::ControllerHelpers # <-- Probably already have this!
   # ...
   def require_user!
     return if current_user
     save_passwordless_redirect_location!(User) # <-- here we go!
@@ -181,7 +225,7 @@ By default, Passwordless uses the resource name given to `passwordless_for` to g
 ```ruby
 passwordless_for :users
   # <%= users.sign_in_path %> # => /users/sign_in
 passwordless_for :users, at: '/', as: :auth
   # <%= auth.sign_in_path %> # => /sign_in
 ```

data/app/controllers/passwordless/sessions_controller.rb CHANGED

@@ -90,9 +90,15 @@ module Passwordless
     end
     def find_authenticatable
-      authenticatable_class.where(
-        "lower(#{email_field}) = ?", params[:passwordless][email_field].downcase
-      ).first
+      email = params[:passwordless][email_field].downcase
+      if authenticatable_class.respond_to?(:fetch_resource_for_passwordless)
+        authenticatable_class.fetch_resource_for_passwordless(email)
+      else
+        authenticatable_class.where(
+          "lower(#{email_field}) = ?", params[:passwordless][email_field].downcase
+        ).first
+      end
     end
     def find_session

data/app/models/passwordless/session.rb CHANGED

@@ -8,6 +8,7 @@ module Passwordless
       polymorphic: true, inverse_of: :passwordless_sessions
     validates \
+      :authenticatable,
       :timeout_at,
       :expires_at,
       :user_agent,
@@ -28,8 +29,8 @@ module Passwordless
     private
     def set_defaults
-      self.expires_at ||= 1.year.from_now
-      self.timeout_at ||= 1.hour.from_now
+      self.expires_at ||= Passwordless.expires_at.call
+      self.timeout_at ||= Passwordless.timeout_at.call
       self.token ||= loop do
         token = Passwordless.token_generator.call(self)
         break token unless Session.find_by(token: token)

data/lib/passwordless.rb CHANGED

@@ -9,4 +9,7 @@ module Passwordless
   mattr_accessor(:token_generator) { UrlSafeBase64Generator.new }
   mattr_accessor(:redirect_back_after_sign_in) { true }
   mattr_accessor(:mounted_as) { :configured_when_mounting_passwordless }
+  mattr_accessor(:expires_at) { lambda { 1.year.from_now } }
+  mattr_accessor(:timeout_at) { lambda { 1.hour.from_now } }
 end

data/lib/passwordless/version.rb CHANGED

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module Passwordless
-  VERSION = '0.5.4' # :nodoc:
+  VERSION = '0.6.0' # :nodoc:
 end

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: passwordless
 version: !ruby/object:Gem::Version
-  version: 0.5.4
+  version: 0.6.0
 platform: ruby
 authors:
 - Mikkel Malmberg
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2018-06-22 00:00:00.000000000 Z
+date: 2019-01-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -127,8 +127,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project:
-rubygems_version: 2.7.6
+rubygems_version: 3.0.2
 signing_key:
 specification_version: 4
 summary: Add authentication to your app without all the ickyness of passwords.