passwordless 0.8.2 → 0.11.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b19e22b9a7152b299c8f639339709ebeaa3616ecfd7a85f461af205d8f6ad635
-  data.tar.gz: 8858c326d1457db832e08909957948d49d525bde1d45effa52e4d8e9b22f0374
+  metadata.gz: bfea8774f73a80e003f7257caa02afc7c1475a87077a4881b2c1e85442ebf8e9
+  data.tar.gz: 4882a066aa2ecc18a4a170e697014b5f09b9bde58c32e821eb60944c9fb90b13
 SHA512:
-  metadata.gz: 146b741cd502a702a10ed5169575eb5d6e9c47b0be8469e74b4e2369d2ecb82c1845624afe04aac2cac4e701deb6ea726e916dc1019007bdacd48e510272c9b7
-  data.tar.gz: f95c455c20f127c1a86c0df6763afdf2f90312afd429b81f96b8dd1e0901ac17c7cb3e8c1ff38d858d5208149eedf8257eff0b1e40809aa58c2189df58d1f90b
+  metadata.gz: f71185082eb25883c1a7778276c244cd8e4ada2ee1c76137b2838c08b40ed8687b1db3eae2ed869f376be762d03d0ad7978c481d73f42c2338be0b1d200cb07c
+  data.tar.gz: 4ad367839721156af66ee6a76786acae842636eda04841ce1a92012dcc245ddd20414d00108908cd27190fa01e4636c88c4668012b893700f6e67ce604ca979f

data/README.md

@@ -4,7 +4,7 @@
   <br />
 </p>
 
-[![Travis](https://travis-ci.org/mikker/passwordless.svg?branch=master)](https://travis-ci.org/mikker/passwordless) [![Rubygems](https://img.shields.io/gem/v/passwordless.svg)](https://rubygems.org/gems/passwordless) [![codecov](https://codecov.io/gh/mikker/passwordless/branch/master/graph/badge.svg)](https://codecov.io/gh/mikker/passwordless) [![Ruby Style Guide](https://img.shields.io/badge/code_style-standard-brightgreen.svg)](https://github.com/testdouble/standard)
+[![CI](https://github.com/mikker/passwordless/actions/workflows/ci.yml/badge.svg)](https://github.com/mikker/passwordless/actions/workflows/ci.yml) [![Rubygems](https://img.shields.io/gem/v/passwordless.svg)](https://rubygems.org/gems/passwordless) [![codecov](https://codecov.io/gh/mikker/passwordless/branch/master/graph/badge.svg)](https://codecov.io/gh/mikker/passwordless)
 
 Add authentication to your Rails app without all the icky-ness of passwords.
 
@@ -14,17 +14,21 @@ Add authentication to your Rails app without all the icky-ness of passwords.
 
 * [Installation](#installation)
 * [Usage](#usage)
-     * [Getting the current user, restricting access, the usual](#getting-the-current-user-restricting-access-the-usual)
-     * [Providing your own templates](#providing-your-own-templates)
-     * [Claming tokens](#claiming-tokens)
-     * [Overrides](#overrides)
-     * [Registering new users](#registering-new-users)
-     * [Generating tokens](#generating-tokens)
-     * [Token and Session Expiry](#token-and-session-expiry)
-     * [Redirecting back after sign-in](#redirecting-back-after-sign-in)
-     * [URLs and links](#urls-and-links)
-     * [Customize the way to send magic link](#customize-the-way-to-send-magic-link)
-     * [E-mail security](#e-mail-security)
+  * [Getting the current user, restricting access, the usual](#getting-the-current-user-restricting-access-the-usual)
+  * [Providing your own templates](#providing-your-own-templates)
+  * [Registering new users](#registering-new-users)
+  * [URLs and links](#urls-and-links)
+  * [Customize the way to send magic link](#customize-the-way-to-send-magic-link)
+  * [Generate your own magic links](#generate-your-own-magic-links)
+  * [Overrides](#overrides)
+* [Configuration](#configuration)
+  * [Customising token generation](#generating-tokens)
+  * [Token and Session Expiry](#token-and-session-expiry)
+  * [Redirecting back after sign-in](#redirecting-back-after-sign-in)
+  * [Claiming tokens](#claiming-tokens)
+  * [Supporting UUID primary keys](#supporting-uuid-primary-keys)
+* [Testing helpers](#testing-helpers)
+* [E-mail security](#e-mail-security)
 * [License](#license)
 
 ## Installation
@@ -46,7 +50,7 @@ $ bin/rails passwordless:install:migrations
 
 Passwordless creates a single model called `Passwordless::Session`. It doesn't come with its own `User` model, it expects you to create one:
 
-```
+```sh
 $ bin/rails generate model User email
 ```
 
@@ -90,7 +94,7 @@ class ApplicationController < ActionController::Base
 
   def require_user!
     return if current_user
-    redirect_to root_path, flash: {error: 'You are not worthy!'}
+    redirect_to root_path, flash: { error: 'You are not worthy!' }
   end
 end
 ```
@@ -109,7 +113,9 @@ end
 
 ### Providing your own templates
 
-Override `passwordless`' bundled views by adding your own. `passwordless` has 2 action views and 1 mailer view:
+Override `passwordless`' bundled views by adding your own. You can manually copy the specific views that you need or copy them to your application with `rails generate passwordless:views`.
+
+`passwordless` has 2 action views and 1 mailer view:
 
 ```sh
 # the form where the user inputs their email address
@@ -120,6 +126,17 @@ app/views/passwordless/sessions/create.html.erb
 app/views/passwordless/mailer/magic_link.text.erb
 ```
 
+If you'd like to let the user know whether or not a record was found, `@resource` is provided to the view. You may override `app/views/passwordless/session/create.html.erb` for example like so:
+```erb
+<% if @resource.present? %>
+  <p>User found, check your inbox</p>
+<% else %>
+  <p>No user found with the provided email address</p>
+<% end %>
+```
+
+Please note that, from a security standpoint, this is a **bad practice** because you'd be giving information about which users are registered on your system. It is recommended to use a single message similar to the default one: "If we found you in the system, we've sent you an email". The **best practice** is to never expose which emails are registered on your system.
+
 See [the bundled views](https://github.com/mikker/passwordless/tree/master/app/views/passwordless).
 
 ### Registering new users
@@ -136,7 +153,7 @@ class UsersController < ApplicationController
 
     if @user.save
       sign_in @user # <-- This!
-      redirect_to @user, flash: {notice: 'Welcome!'}
+      redirect_to @user, flash: { notice: 'Welcome!' }
     else
       render :new
     end
@@ -146,7 +163,100 @@ class UsersController < ApplicationController
 end
 ```
 
-### Generating tokens
+### URLs and links
+
+By default, Passwordless uses the resource name given to `passwordless_for` to generate its routes and helpers.
+
+```ruby
+passwordless_for :users
+  # <%= users.sign_in_path %> # => /users/sign_in
+
+passwordless_for :users, at: '/', as: :auth
+  # <%= auth.sign_in_path %> # => /sign_in
+```
+
+Also be sure to [specify ActionMailer's `default_url_options.host`](http://guides.rubyonrails.org/action_mailer_basics.html#generating-urls-in-action-mailer-views).
+
+### Customize the way to send magic link
+
+By default, magic link will send by email. You can customize this method. For example, you can send magic link via SMS.
+
+config/initializers/passwordless.rb
+
+```ruby
+Passwordless.after_session_save = lambda do |session, request|
+  # Default behavior is
+  # Passwordless::Mailer.magic_link(session).deliver_now
+
+  # You can change behavior to do something with session model. For example,
+  # session.authenticatable.send_sms
+end
+```
+
+You can access user model through authenticatable.
+
+### Generate your own magic links
+
+Currently there is not an officially supported way to generate your own magic links to send in your own mailers.
+
+However, you can accomplish this with the following snippet of code.
+
+```ruby
+session = Passwordless::Session.new({
+  authenticatable: @manager,
+  user_agent: 'Command Line',
+  remote_addr: 'unknown',
+})
+session.save!
+@magic_link = send(Passwordless.mounted_as).token_sign_in_url(session.token)
+```
+
+You can further customize this URL by specifying the destination path to be redirected to after the user has logged in. You can do this by adding the `destination_path` query parameter to the end of the URL. For example
+```
+@magic_link = "#{@magic_link}?destination_path=/your-custom-path"
+```
+
+### Overrides
+
+By default `passwordless` uses the `passwordless_with` column to _case insensitively_ fetch the resource.
+
+You can override this and provide your own customer fetcher by defining a class method `fetch_resource_for_passwordless` in your passwordless model. The method will be called with the downcased email and should return an `ActiveRecord` instance of the model.
+
+Example time:
+
+Let's say we would like to fetch the record and if it doesn't exist, create automatically.
+
+```ruby
+class User < ApplicationRecord
+  def self.fetch_resource_for_passwordless(email)
+    find_or_create_by(email: email)
+  end
+end
+```
+
+## Configuration
+
+The following configuration parameters are supported. You can override these for example in `initializers/passwordless.rb`.
+
+The default values are shown below. It's recommended to only include the ones that you specifically want to override.
+
+```ruby
+Passwordless.default_from_address = "CHANGE_ME@example.com"
+Passwordless.parent_mailer = "ActionMailer::Base"
+Passwordless.token_generator = Passwordless::UrlSafeBase64Generator.new # Used to generate magic link tokens.
+Passwordless.restrict_token_reuse = false # By default a magic link token can be used multiple times.
+Passwordless.redirect_back_after_sign_in = true # When enabled the user will be redirected to their previous page, or a page specified by the `destination_path` query parameter, if available.
+
+Passwordless.expires_at = lambda { 1.year.from_now } # How long until a passwordless session expires.
+Passwordless.timeout_at = lambda { 1.hour.from_now } # How long until a magic link expires.
+
+# Default redirection paths
+Passwordless.success_redirect_path = '/' # When a user succeeds in logging in.
+Passwordless.failure_redirect_path = '/' # When a a login is failed for any reason.
+Passwordless.sign_out_redirect_path = '/' # When a user logs out.
+```
+
+### Customizing token generation
 
 By default Passwordless generates tokens using `SecureRandom.urlsafe_base64` but you can change that by setting `Passwordless.token_generator` to something else that responds to `call(session)` eg.:
 
@@ -204,39 +314,6 @@ end
 
 This can be turned off with `Passwordless.redirect_back_after_sign_in = false` but if you just don't save the previous destination, you'll be fine.
 
-### URLs and links
-
-By default, Passwordless uses the resource name given to `passwordless_for` to generate its routes and helpers.
-
-```ruby
-passwordless_for :users
-  # <%= users.sign_in_path %> # => /users/sign_in
-
-passwordless_for :users, at: '/', as: :auth
-  # <%= auth.sign_in_path %> # => /sign_in
-```
-
-Also be sure to [specify ActionMailer's `default_url_options.host`](http://guides.rubyonrails.org/action_mailer_basics.html#generating-urls-in-action-mailer-views).
-
-
-### Customize the way to send magic link
-
-By default, magic link will send by email. You can customize this method. For example, you can send magic link via SMS.
-
-config/initializers/passwordless.rb
-
-```
-Passwordless.after_session_save = lambda do |session, request|
-  # Default behavior is
-  # Passwordless::Mailer.magic_link(session).deliver_now
-
-  # You can change behavior to do something with session model. For example,
-  # session.authenticatable.send_sms
-end
-```
-
-You can access user model through authenticatable.
-
 ### Claiming tokens
 
 Opt-in for marking tokens as `claimed` so they can only be used once.
@@ -248,7 +325,7 @@ config/initializers/passwordless.rb
 Passwordless.restrict_token_reuse = true
 ```
 
-#### Upgrading an existing Rails app
+#### Upgrading an existing Rails app to use claim token
 
 The simplest way to update your sessions table is with a single migration:
 
@@ -269,29 +346,55 @@ end
 ```
 </details>
 
-### Overrides
+### Supporting UUID primary keys
 
-By default `passwordless` uses the `passwordless_with` column to _case insensitively_ fetch the resource.
+If your `users` table uses UUIDs for its primary keys, you will need to add a migration
+to change the type of `passwordless`' `authenticatable_id` field to match your primary key type (this will also involve dropping and recreating associated indices).
 
-You can override this and provide your own customer fetcher by defining a class method `fetch_resource_for_passwordless` in your passwordless model. The method will be called with the downcased email and should return an `ActiveRecord` instance of the model.
+Here is an example migration you can use:
+```ruby
+class SupportUuidInPasswordlessSessions < ActiveRecord::Migration[6.0]
+  def change
+    remove_index :passwordless_sessions, column: [:authenticatable_type, :authenticatable_id] if index_exists? :authenticatable_type, :authenticatable_id
+    remove_column :passwordless_sessions, :authenticatable_id
+    add_column :passwordless_sessions, :authenticatable_id, :uuid
+    add_index :passwordless_sessions, [:authenticatable_type, :authenticatable_id], name: 'authenticatable'
+  end
+end
+```
 
-Example time:
+Alternatively, you can use `add_reference` with `type: :uuid` in your migration (see docs [here](https://api.rubyonrails.org/classes/ActiveRecord/ConnectionAdapters/SchemaStatements.html#method-i-add_reference)).
 
-Let's say we would like to fetch the record and if it doesn't exist, create automatically.
+## Testing helpers
+
+To help with testing, a set of test helpers are provided.
+
+If you are using RSpec, add the following line to your `spec/rails_helper.rb` or
+`spec/spec_helper.rb` if `rails_helper.rb` does not exist:
 
 ```ruby
-class User < ApplicationRecord
-  def self.fetch_resource_for_passwordless(email)
-    find_or_create_by(email: email)
-  end
-end
+require "passwordless/test_helpers"
+```
+
+If you are using TestUnit, add this line to your `test/test_helper.rb`:
+
+```ruby
+require "passwordless/test_helpers"
+```
+
+
+Then in your controller, request, and system tests/specs, you can utilize the following methods:
+
+```ruby
+passwordless_sign_in(user) # signs you in as a user
+passwordless_sign_out # signs out user
 ```
 
-### E-mail security
+## E-mail security
 
 There's no reason that this approach should be less secure than the usual username/password combo. In fact this is most often a more secure option, as users don't get to choose the weak passwords they still use. In a way this is just the same as having each user go through "Forgot password" on every login.
 
-But be aware that when everyone authenticates via emails you send, the way you send those mails becomes a weak spot. Email services usually provide a log of all the mails you send so if your app's account is compromised, every user in the system is as well. (This is the same for "Forgot password".) [Reddit was compromised](https://thenextweb.com/hardfork/2018/01/05/reddit-bitcoin-cash-hack/) using this method.
+But be aware that when everyone authenticates via emails you send, the way you send those mails becomes a weak spot. Email services usually provide a log of all the mails you send so if your app's account is compromised, every user in the system is as well. (This is the same for "Forgot password".) [Reddit was compromised](https://thenextweb.com/hardfork/2018/01/05/reddit-bitcoin-cash-stolen-hack/) using this method.
 
 Ideally you should set up your email provider to not log these mails. And be sure to turn on 2-factor auth if your provider supports it.
 

data/app/controllers/passwordless/sessions_controller.rb

@@ -20,7 +20,8 @@ module Passwordless
     #   renders sessions/create.html.erb.
     # @see Mailer#magic_link Mailer#magic_link
     def create
-      session = build_passwordless_session(find_authenticatable)
+      @resource = find_authenticatable
+      session = build_passwordless_session(@resource)
 
       if session.save
         if Passwordless.after_session_save.arity == 2
@@ -28,9 +29,11 @@ module Passwordless
         else
           Passwordless.after_session_save.call(session)
         end
-      end
 
-      render
+        render :create, status: :ok
+      else
+        render :create, status: :unprocessable_entity
+      end
     end
 
     # get '/sign_in/:token'
@@ -42,28 +45,47 @@ module Passwordless
     def show
       # Make it "slow" on purpose to make brute-force attacks more of a hassle
       BCrypt::Password.create(params[:token])
+      sign_in(passwordless_session)
 
-      destination =
-        Passwordless.redirect_back_after_sign_in &&
-        reset_passwordless_redirect_location!(authenticatable_class)
-
-      sign_in passwordless_session
-
-      redirect_to destination || main_app.root_path
+      redirect_to(passwordless_success_redirect_path)
     rescue Errors::TokenAlreadyClaimedError
       flash[:error] = I18n.t(".passwordless.sessions.create.token_claimed")
-      redirect_to main_app.root_path
+      redirect_to(passwordless_failure_redirect_path)
     rescue Errors::SessionTimedOutError
       flash[:error] = I18n.t(".passwordless.sessions.create.session_expired")
-      redirect_to main_app.root_path
+      redirect_to(passwordless_failure_redirect_path)
     end
 
     # match '/sign_out', via: %i[get delete].
     #   Signs user out. Redirects to root_path
     # @see ControllerHelpers#sign_out
     def destroy
-      sign_out authenticatable_class
-      redirect_to main_app.root_path
+      sign_out(authenticatable_class)
+      redirect_to(passwordless_sign_out_redirect_path)
+    end
+
+    protected
+
+    def passwordless_sign_out_redirect_path
+      Passwordless.sign_out_redirect_path
+    end
+
+    def passwordless_failure_redirect_path
+      Passwordless.failure_redirect_path
+    end
+
+    def passwordless_query_redirect_path
+      query_redirect_uri = URI(params[:destination_path])
+      query_redirect_uri.to_s if query_redirect_uri.host.nil? || query_redirect_uri.host == URI(request.url).host
+    rescue URI::InvalidURIError, ArgumentError
+      nil
+    end
+
+    def passwordless_success_redirect_path
+      return Passwordless.success_redirect_path unless Passwordless.redirect_back_after_sign_in
+
+      session_redirect_url = reset_passwordless_redirect_location!(authenticatable_class)
+      passwordless_query_redirect_path || session_redirect_url || Passwordless.success_redirect_path
     end
 
     private
@@ -85,14 +107,12 @@ module Passwordless
     end
 
     def find_authenticatable
-      email = params[:passwordless][email_field].downcase
+      email = params[:passwordless][email_field].downcase.strip
 
       if authenticatable_class.respond_to?(:fetch_resource_for_passwordless)
         authenticatable_class.fetch_resource_for_passwordless(email)
       else
-        authenticatable_class.where(
-          "lower(#{email_field}) = ?", params[:passwordless][email_field].downcase
-        ).first
+        authenticatable_class.where("lower(#{email_field}) = ?", email).first
       end
     end
 

data/app/mailers/passwordless/mailer.rb

@@ -2,7 +2,7 @@
 
 module Passwordless
   # The mailer responsible for sending Passwordless' mails.
-  class Mailer < ActionMailer::Base
+  class Mailer < Passwordless.parent_mailer.constantize
     default from: Passwordless.default_from_address
 
     # Sends a magic link (secret token) email.
@@ -10,8 +10,7 @@ module Passwordless
     def magic_link(session)
       @session = session
 
-      @magic_link = send(Passwordless.mounted_as)
-        .token_sign_in_url(session.token)
+      @magic_link = send(Passwordless.mounted_as).token_sign_in_url(session.token)
 
       email_field = @session.authenticatable.class.passwordless_email_field
       mail(

data/app/models/passwordless/session.rb

@@ -4,10 +4,13 @@ module Passwordless
   # The session responsible for holding the connection between the record
   # trying to log in and the unique tokens.
   class Session < ApplicationRecord
-    belongs_to :authenticatable,
-      polymorphic: true, inverse_of: :passwordless_sessions
+    belongs_to(
+      :authenticatable,
+      polymorphic: true,
+      inverse_of: :passwordless_sessions
+    )
 
-    validates \
+    validates(
       :authenticatable,
       :timeout_at,
       :expires_at,
@@ -15,16 +18,19 @@ module Passwordless
       :remote_addr,
       :token,
       presence: true
+    )
 
     before_validation :set_defaults
 
-    scope :available, lambda {
-      where("expires_at > ?", Time.current)
-    }
+    scope(
+      :available,
+      lambda { where("expires_at > ?", Time.current) }
+    )
 
     def self.valid
       available
     end
+
     class << self
       deprecate :valid, deprecator: SessionValidDeprecation
     end

data/config/routes.rb

@@ -1,8 +1,8 @@
 # frozen_string_literal: true
 
 Passwordless::Engine.routes.draw do
-  get "/sign_in", to: "sessions#new", as: :sign_in
-  post "/sign_in", to: "sessions#create"
-  get "/sign_in/:token", to: "sessions#show", as: :token_sign_in
-  match "/sign_out", to: "sessions#destroy", via: %i[get delete], as: :sign_out
+  get("/sign_in", to: "sessions#new", as: :sign_in)
+  post("/sign_in", to: "sessions#create")
+  get("/sign_in/:token", to: "sessions#show", as: :token_sign_in)
+  match("/sign_out", to: "sessions#destroy", via: %i[get delete], as: :sign_out)
 end

data/db/migrate/20171104221735_create_passwordless_sessions.rb

@@ -2,18 +2,19 @@
 
 class CreatePasswordlessSessions < ActiveRecord::Migration[5.1]
   def change
-    create_table :passwordless_sessions do |t|
+    create_table(:passwordless_sessions) do |t|
       t.belongs_to(
         :authenticatable,
         polymorphic: true,
         index: {name: "authenticatable"}
       )
-      t.datetime :timeout_at, null: false
-      t.datetime :expires_at, null: false
-      t.datetime :claimed_at
-      t.text :user_agent, null: false
-      t.string :remote_addr, null: false
-      t.string :token, null: false
+
+      t.datetime(:timeout_at, null: false)
+      t.datetime(:expires_at, null: false)
+      t.datetime(:claimed_at)
+      t.text(:user_agent, null: false)
+      t.string(:remote_addr, null: false)
+      t.string(:token, null: false)
 
       t.timestamps
     end

data/lib/generators/passwordless/views_generator.rb

@@ -0,0 +1,15 @@
+require 'rails/generators'
+
+module Passwordless
+  module Generators
+    class ViewsGenerator < Rails::Generators::Base
+      source_root File.expand_path('../../../app/views/passwordless', __dir__)
+
+      def install
+        copy_file 'mailer/magic_link.text.erb', 'app/views/passwordless/mailer/magic_link.text.erb'
+        copy_file 'sessions/new.html.erb', 'app/views/passwordless/sessions/new.html.erb'
+        copy_file 'sessions/create.html.erb', 'app/views/passwordless/sessions.create.html.erb'
+      end
+    end
+  end
+end

data/lib/passwordless/controller_helpers.rb

@@ -39,6 +39,7 @@ module Passwordless
 
       authenticate_by_session(authenticatable_class)
     end
+
     deprecate :authenticate_by_cookie, deprecator: CookieDeprecation
 
     def upgrade_passwordless_cookie(authenticatable_class)
@@ -51,7 +52,7 @@ module Passwordless
       return unless (record = authenticatable_class.find_by(id: authenticatable_id))
       new_session = build_passwordless_session(record).tap { |s| s.save! }
 
-      sign_in new_session
+      sign_in(new_session)
 
       new_session.authenticatable
     end
@@ -73,20 +74,25 @@ module Passwordless
     # to sign in
     # @return [ActiveRecord::Base] the record that is passed in.
     def sign_in(record)
-      passwordless_session =
-        if record.is_a?(Passwordless::Session)
-          record
-        else
-          warn "Passwordless::ControllerHelpers#sign_in with authenticatable " \
+      passwordless_session = if record.is_a?(Passwordless::Session)
+        record
+      else
+        warn(
+          "Passwordless::ControllerHelpers#sign_in with authenticatable " \
             "(`#{record.class}') is deprecated. Falling back to creating a " \
             "new Passwordless::Session"
-          build_passwordless_session(record).tap { |s| s.save! }
-        end
+        )
+        build_passwordless_session(record).tap { |s| s.save! }
+      end
 
       passwordless_session.claim! if Passwordless.restrict_token_reuse
 
       raise Passwordless::Errors::SessionTimedOutError if passwordless_session.timed_out?
 
+      old_session = session.dup.to_hash
+      reset_session
+      old_session.each_pair { |k, v| session[k.to_sym] = v }
+
       key = session_key(passwordless_session.authenticatable_type)
       session[key] = passwordless_session.id
 
@@ -105,8 +111,8 @@ module Passwordless
       key = cookie_name(authenticatable_class)
       cookies.encrypted.permanent[key] = {value: nil}
       cookies.delete(key)
-      # /deprecated
 
+      # /deprecated
       reset_session
       true
     end

data/lib/passwordless/engine.rb

@@ -7,15 +7,17 @@ module Passwordless
 
     config.to_prepare do
       require "passwordless/router_helpers"
+
       ActionDispatch::Routing::Mapper.include RouterHelpers
       require "passwordless/model_helpers"
+
       ActiveRecord::Base.extend ModelHelpers
       require "passwordless/controller_helpers"
+
     end
 
     config.before_initialize do |app|
-      app.config.i18n.load_path +=
-        Dir[Engine.root.join("config", "locales", "*.yml")]
+      app.config.i18n.load_path += Dir[Engine.root.join("config", "locales", "*.yml")]
     end
   end
 end

data/lib/passwordless/errors.rb

@@ -3,9 +3,11 @@
 module Passwordless
   module Errors
     # Raise this exception when a session is expired.
-    class SessionTimedOutError < StandardError; end
+    class SessionTimedOutError < StandardError
+    end
 
     # Raise this exception when the token has been previously claimed
-    class TokenAlreadyClaimedError < StandardError; end
+    class TokenAlreadyClaimedError < StandardError
+    end
   end
 end

data/lib/passwordless/model_helpers.rb

@@ -8,9 +8,11 @@ module Passwordless
     #   field name (e.g. `:email`)
     # @param field [string] email submitted by user.
     def passwordless_with(field)
-      has_many :passwordless_sessions,
+      has_many(
+        :passwordless_sessions,
         class_name: "Passwordless::Session",
         as: :authenticatable
+      )
 
       define_singleton_method(:passwordless_email_field) { field }
     end

data/lib/passwordless/router_helpers.rb

@@ -20,8 +20,10 @@ module Passwordless
       mount_at = at || resource.to_s
       mount_as = as || resource.to_s
       mount(
-        Passwordless::Engine, at: mount_at, as: mount_as,
-                              defaults: {authenticatable: resource.to_s.singularize}
+        Passwordless::Engine,
+        at: mount_at,
+        as: mount_as,
+        defaults: {authenticatable: resource.to_s.singularize}
       )
 
       Passwordless.mounted_as = mount_as

data/lib/passwordless/test_helpers.rb

@@ -0,0 +1,43 @@
+module Passwordless
+  module TestHelpers
+    module TestCase
+      def passwordless_sign_out
+        delete Passwordless::Engine.routes.url_helpers.sign_out_path
+        follow_redirect!
+      end
+
+      def passwordless_sign_in(resource)
+        session = Passwordless::Session.create!(authenticatable: resource, user_agent: "TestAgent", remote_addr: "unknown")
+        get Passwordless::Engine.routes.url_helpers.token_sign_in_path(session.token)
+        follow_redirect!
+      end
+    end
+
+    module SystemTestCase
+      def passwordless_sign_out
+        visit Passwordless::Engine.routes.url_helpers.sign_out_path
+      end
+
+      def passwordless_sign_in(resource)
+        session = Passwordless::Session.create!(authenticatable: resource, user_agent: "TestAgent", remote_addr: "unknown")
+        visit Passwordless::Engine.routes.url_helpers.token_sign_in_path(session.token)
+      end
+    end
+  end
+end
+
+if defined?(ActiveSupport::TestCase)
+  ActiveSupport::TestCase.send(:include, ::Passwordless::TestHelpers::TestCase)
+end
+
+if defined?(ActionDispatch::SystemTestCase)
+  ActionDispatch::SystemTestCase.send(:include, ::Passwordless::TestHelpers::SystemTestCase)
+end
+
+if defined?(RSpec)
+  RSpec.configure do |config|
+    config.include ::Passwordless::TestHelpers::TestCase, type: :request
+    config.include ::Passwordless::TestHelpers::TestCase, type: :controller
+    config.include ::Passwordless::TestHelpers::SystemTestCase, type: :system
+  end
+end

data/lib/passwordless/version.rb

@@ -1,5 +1,6 @@
 # frozen_string_literal: true
 
 module Passwordless
-  VERSION = "0.8.2" # :nodoc:
+  # :nodoc:
+  VERSION = "0.11.0"
 end

data/lib/passwordless.rb

@@ -7,6 +7,7 @@ require "passwordless/url_safe_base_64_generator"
 
 # The main Passwordless module
 module Passwordless
+  mattr_accessor(:parent_mailer) { "ActionMailer::Base" }
   mattr_accessor(:default_from_address) { "CHANGE_ME@example.com" }
   mattr_accessor(:token_generator) { UrlSafeBase64Generator.new }
   mattr_accessor(:restrict_token_reuse) { false }
@@ -15,6 +16,9 @@ module Passwordless
 
   mattr_accessor(:expires_at) { lambda { 1.year.from_now } }
   mattr_accessor(:timeout_at) { lambda { 1.hour.from_now } }
+  mattr_accessor(:success_redirect_path) { "/" }
+  mattr_accessor(:failure_redirect_path) { "/" }
+  mattr_accessor(:sign_out_redirect_path) { "/" }
 
   mattr_accessor(:after_session_save) do
     lambda { |session, _request| Mailer.magic_link(session).deliver_now }

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: passwordless
 version: !ruby/object:Gem::Version
-  version: 0.8.2
+  version: 0.11.0
 platform: ruby
 authors:
 - Mikkel Malmberg
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2019-08-30 00:00:00.000000000 Z
+date: 2022-08-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -80,7 +80,7 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-description: 
+description:
 email:
 - mikkel@brnbw.com
 executables: []
@@ -101,19 +101,21 @@ files:
 - config/locales/en.yml
 - config/routes.rb
 - db/migrate/20171104221735_create_passwordless_sessions.rb
+- lib/generators/passwordless/views_generator.rb
 - lib/passwordless.rb
 - lib/passwordless/controller_helpers.rb
 - lib/passwordless/engine.rb
 - lib/passwordless/errors.rb
 - lib/passwordless/model_helpers.rb
 - lib/passwordless/router_helpers.rb
+- lib/passwordless/test_helpers.rb
 - lib/passwordless/url_safe_base_64_generator.rb
 - lib/passwordless/version.rb
 homepage: https://github.com/mikker/passwordless
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -128,8 +130,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3
-signing_key: 
+rubygems_version: 3.3.7
+signing_key:
 specification_version: 4
 summary: Add authentication to your app without all the ickyness of passwords.
 test_files: []