RubyGems - passwordless - Versions diffs - 1.0.0 → 1.1.0 - Mend

passwordless 1.0.0 → 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (13) hide show

checksums.yaml +4 -4
data/README.md +2 -2
data/app/controllers/passwordless/sessions_controller.rb +11 -10
data/app/mailers/passwordless/mailer.rb +10 -1
data/app/models/passwordless/session.rb +5 -0
data/app/views/passwordless/sessions/new.html.erb +3 -1
data/app/views/passwordless/sessions/show.html.erb +2 -2
data/config/locales/en.yml +4 -0
data/db/migrate/20171104221735_create_passwordless_sessions.rb +1 -0
data/lib/passwordless/router_helpers.rb +4 -2
data/lib/passwordless/test_helpers.rb +43 -12
data/lib/passwordless/version.rb +1 -1
metadata +3 -3

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 24d02d4dc7676adee968e3f922097f744ee41c2a1826d7622ffac01f3aaf76b8
-  data.tar.gz: 03624c6400113e2071eb038cd9406102870b3a56e1f8fa790bb9c190f17b95d5
+  metadata.gz: 4d3bfd49106dd713d65f26a575911bdcb1a903a62273d741f08f1c0b36ea9a77
+  data.tar.gz: 239fdcce54d30e39f39bb6eb2d7ffdd6c2f2f50e04fe38ec7f53bca000b449d6
 SHA512:
-  metadata.gz: 34e67e3b5a2be5cc657ee7193fa0ea76fc27ae7aad32413c66c4534bd2ce91540d7fe3ccdb2a2816a9d46053fd06d2f9c840d69e14cb7e5c49a45b3933be418e
-  data.tar.gz: ed550ba88a988109ad8192120fa25225c2c2fc161caff9beb9f51f5bd54baf72325c5baf02fb42da72a2a23ccb923687959aea517c2ce00879f580f82ab24559
+  metadata.gz: f7afa9aed4245ed2a3ab13bd7624ec8561d8c0e47db9435a1e415442f6c1d4e6e1770cd9d799095888a189a0485fc9bd5d3fa22e9e3145f2e351e8deee04277b
+  data.tar.gz: 5f4d8142044cdaff3f9746bad1d184d587b293241ab4f2d0344924fc452cb65590f91840b0db698d535588098cb72098c67f09c2243530177e45f395ab1466a9

data/README.md CHANGED Viewed

@@ -6,7 +6,7 @@
 [![CI](https://github.com/mikker/passwordless/actions/workflows/ci.yml/badge.svg)](https://github.com/mikker/passwordless/actions/workflows/ci.yml) [![Rubygems](https://img.shields.io/gem/v/passwordless.svg)](https://rubygems.org/gems/passwordless) [![codecov](https://codecov.io/gh/mikker/passwordless/branch/master/graph/badge.svg)](https://codecov.io/gh/mikker/passwordless)
-Add authentication to your Rails app without all the icky-ness of passwords.
+Add authentication to your Rails app without all the icky-ness of passwords. _Magic link_ authentication, if you will. We call it _passwordless_.
 ---
@@ -16,7 +16,7 @@ Add to your bundle and copy over the migrations:
 ```sh
 $ bundle add passwordless
-$ bin/rails passwordless:install:migrations
+$ bin/rails passwordless_engine:install:migrations
 ```
 ### Upgrading

data/app/controllers/passwordless/sessions_controller.rb CHANGED Viewed

@@ -37,7 +37,7 @@ module Passwordless
         end
         redirect_to(
-          url_for(id: @session.id, action: "show"),
+          url_for(id: @session.identifier, action: "show"),
           flash: {notice: I18n.t("passwordless.sessions.create.email_sent")}
         )
       else
@@ -54,7 +54,7 @@ module Passwordless
     #   Shows the form for confirming a Session record.
     #   renders sessions/show.html.erb.
     def show
-      @session = find_session
+      @session = passwordless_session
     end
     # patch "/:resource/sign_in/:id"
@@ -66,7 +66,7 @@ module Passwordless
     # @see ControllerHelpers#sign_in
     # @see ControllerHelpers#save_passwordless_redirect_location!
     def update
-      @session = find_session
+      @session = passwordless_session
       artificially_slow_down_brute_force_attacks(passwordless_session_params[:token])
@@ -86,7 +86,7 @@ module Passwordless
       # safe. We don't want to sign in the user in that case.
       return head(:ok) if request.head?
-      @session = find_session
+      @session = passwordless_session
       artificially_slow_down_brute_force_attacks(params[:token])
@@ -98,7 +98,12 @@ module Passwordless
     # @see ControllerHelpers#sign_out
     def destroy
       sign_out(authenticatable_class)
-      redirect_to(passwordless_sign_out_redirect_path, Passwordless.config.redirect_to_response_options.dup)
+      redirect_to(
+        passwordless_sign_out_redirect_path,
+        notice: I18n.t("passwordless.sessions.destroy.signed_out"),
+        **redirect_to_options
+      )
     end
     protected
@@ -161,10 +166,6 @@ module Passwordless
       authenticatable_type.constantize
     end
-    def find_session
-      Session.find_by!(id: params[:id], authenticatable_type: authenticatable_type)
-    end
     def find_authenticatable
       email = passwordless_session_params[email_field].downcase.strip
@@ -196,7 +197,7 @@ module Passwordless
     def passwordless_session
       @passwordless_session ||= Session.find_by!(
-        id: params[:id],
+        identifier: params[:id],
         authenticatable_type: authenticatable_type
       )
     end

data/app/mailers/passwordless/mailer.rb CHANGED Viewed

@@ -12,7 +12,16 @@ module Passwordless
     # is still in memory (optional)
     def sign_in(session, token = nil)
       @token = token || session.token
-      @magic_link = send(:"confirm_#{session.authenticatable_type.tableize}_sign_in_url", session, token)
+      @magic_link = url_for(
+        {
+          controller: "passwordless/sessions",
+          action: "confirm",
+          id: session.identifier,
+          token: token,
+          authenticatable: "user",
+          resource: "users"
+        }
+      )
       email_field = session.authenticatable.class.passwordless_email_field
       mail(

data/app/models/passwordless/session.rb CHANGED Viewed

@@ -61,6 +61,10 @@ module Passwordless
       !expired?
     end
+    def to_param
+      identifier
+    end
     private
     def token_digest_available?(token_digest)
@@ -68,6 +72,7 @@ module Passwordless
     end
     def set_defaults
+      self.identifier = SecureRandom.uuid
       self.expires_at ||= Passwordless.config.expires_at.call
       self.timeout_at ||= Passwordless.config.timeout_at.call

data/app/views/passwordless/sessions/new.html.erb CHANGED Viewed

@@ -1,6 +1,8 @@
 <%= form_with(model: @session, url: url_for(action: 'new'), data: { turbo: 'false' }) do |f| %>
   <% email_field_name = :"passwordless[#{email_field}]" %>
-  <%= f.label email_field_name, t("passwordless.sessions.new.email.label") %>
+  <%= f.label email_field_name,
+          t("passwordless.sessions.new.email.label"),
+          for: "passwordless_#{email_field}" %>
   <%= text_field_tag email_field_name,
   params.fetch(email_field_name, nil),
   required: true,

data/app/views/passwordless/sessions/show.html.erb CHANGED Viewed

@@ -1,5 +1,5 @@
 <%= form_with(model: @session, url: url_for(action: 'update'), scope: 'passwordless', method: 'patch', data: { turbo: false }) do |f| %>
-  <%= f.label :token %>
+  <%= f.label :token, autocomplete: "off" %>
   <%= f.text_field :token %>
-  <%= f.submit "Confirm" %>
+  <%= f.submit t(".confirm") %>
 <% end %>

data/config/locales/en.yml CHANGED Viewed

@@ -11,10 +11,14 @@ en:
         email_sent: "We've sent you an email with a secret token"
         not_found: "We couldn't find a user with that email address"
         error: "An error occured"
+      show:
+        confirm: "Confirm"
       errors:
         invalid_token: "Token is invalid"
         session_expired: "Your session has expired, please sign in again."
         token_claimed: "This link has already been used, try requesting the link again"
+      destroy:
+        signed_out: "Signed out successfully"
     mailer:
       sign_in:
         subject: "Signing in ✨"

data/db/migrate/20171104221735_create_passwordless_sessions.rb CHANGED Viewed

@@ -13,6 +13,7 @@ class CreatePasswordlessSessions < ActiveRecord::Migration[5.1]
       t.datetime(:expires_at, null: false)
       t.datetime(:claimed_at)
       t.string(:token_digest, null: false)
+      t.string(:identifier, null: false, index: {unique: true}, length: 36)
       t.timestamps
     end

data/lib/passwordless/router_helpers.rb CHANGED Viewed

@@ -23,14 +23,16 @@ module Passwordless
     #  (Default: 'passwordless/sessions')
     def passwordless_for(resource, at: :na, as: :na, controller: "passwordless/sessions")
       at == :na && at = "/#{resource.to_s}"
-      as == :na && as = "#{resource.to_s}_"
+      as == :na && as = resource.to_s
+      as = as.to_s + "_" unless !as || as.to_s.end_with?("_")
       plural = resource.to_s
       singular = plural.singularize
       defaults = {
         authenticatable: singular,
-        resource: resource,
+        resource: resource
       }
       scope(defaults: defaults) do

data/lib/passwordless/test_helpers.rb CHANGED Viewed

@@ -1,17 +1,32 @@
 module Passwordless
   module TestHelpers
     module TestCase
-      def passwordless_sign_out
-        delete(Passwordless::Engine.routes.url_helpers.sign_out_path)
+      def passwordless_sign_out(cls = nil)
+        cls ||= "User".constantize
+        dest = url_for(
+          {
+            controller: "passwordless/sessions",
+            action: "destroy",
+            authenticatable: cls.model_name.singular,
+            resource: cls.model_name.to_s.tableize
+          }
+        )
+        delete(dest)
         follow_redirect!
       end
       def passwordless_sign_in(resource)
+        cls = resource.class
         session = Passwordless::Session.create!(authenticatable: resource)
-        magic_link = Passwordless::Engine.routes.url_helpers.send(
-          :"confirm_#{session.authenticatable_type.tableize}_sign_in_url",
-          session,
-          session.token
+        magic_link = url_for(
+          {
+            controller: "passwordless/sessions",
+            action: "confirm",
+            id: session.id,
+            token: session.token,
+            authenticatable: cls.model_name.singular,
+            resource: cls.model_name.to_s.tableize
+          }
         )
         get(magic_link)
         follow_redirect!
@@ -19,16 +34,32 @@ module Passwordless
     end
     module SystemTestCase
-      def passwordless_sign_out
-        visit(Passwordless::Engine.routes.url_helpers.sign_out_path)
+      def passwordless_sign_out(cls = nil)
+        cls ||= "User".constantize
+        visit(
+          url_for(
+            {
+              controller: "passwordless/sessions",
+              action: "destroy",
+              authenticatable: cls.model_name.singular,
+              resource: cls.model_name.to_s.tableize
+            }
+          )
+        )
       end
       def passwordless_sign_in(resource)
+        cls = resource.class
         session = Passwordless::Session.create!(authenticatable: resource)
-        magic_link = Passwordless::Engine.routes.url_helpers.send(
-          :"confirm_#{session.authenticatable_type.tableize}_sign_in_url",
-          session,
-          session.token
+        magic_link = url_for(
+          {
+            controller: "passwordless/sessions",
+            action: "confirm",
+            id: session.id,
+            token: session.token,
+            authenticatable: cls.model_name.singular,
+            resource: cls.model_name.to_s.tableize
+          }
         )
         visit(magic_link)
       end

data/lib/passwordless/version.rb CHANGED Viewed

@@ -2,5 +2,5 @@
 module Passwordless
   # :nodoc:
-  VERSION = "1.0.0"
+  VERSION = "1.1.0"
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: passwordless
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 1.1.0
 platform: ruby
 authors:
 - Mikkel Malmberg
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-10-12 00:00:00.000000000 Z
+date: 2023-11-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -90,7 +90,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.4.20
+rubygems_version: 3.4.21
 signing_key:
 specification_version: 4
 summary: Add authentication to your app without all the ickyness of passwords.