passwordless 1.1.0 → 1.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4d3bfd49106dd713d65f26a575911bdcb1a903a62273d741f08f1c0b36ea9a77
-  data.tar.gz: 239fdcce54d30e39f39bb6eb2d7ffdd6c2f2f50e04fe38ec7f53bca000b449d6
+  metadata.gz: b88192b582d0e4f8cb601b00f2cf5d51250dbe9f747d6413728cf2e5da7ddd1b
+  data.tar.gz: 054c733891aa4e4f98a1f684b6d6107414b4214589f76ec5aa20c7337a5b2098
 SHA512:
-  metadata.gz: f7afa9aed4245ed2a3ab13bd7624ec8561d8c0e47db9435a1e415442f6c1d4e6e1770cd9d799095888a189a0485fc9bd5d3fa22e9e3145f2e351e8deee04277b
-  data.tar.gz: 5f4d8142044cdaff3f9746bad1d184d587b293241ab4f2d0344924fc452cb65590f91840b0db698d535588098cb72098c67f09c2243530177e45f395ab1466a9
+  metadata.gz: a760c9c2ade52b80be4a482abb17a2ff9c71579d07bc55eb1268980a39f69540d354bf1988bb4a7ea35d08e801042d9ff266cc2c98913b7ea5c331a1556b882c
+  data.tar.gz: f66c443aa783a9f490dac97e4a9720ce077594e4d170ad10053bd42168033ca5c57e1b4f20288e0b5a7bd63eaac67b90b8cd52ba80ac8b9a290d2de2bfb2078e

data/README.md

@@ -122,7 +122,7 @@ class UsersController < ApplicationController
     @user = User.new(user_params)
 
     if @user.save
-      sign_in(build_passwordless_session(@user)) # <-- This!
+      sign_in(create_passwordless_session(@user)) # <-- This!
       redirect_to(@user, flash: { notice: 'Welcome!' })
     else
       render(:new)
@@ -146,7 +146,13 @@ passwordless_for :users, at: '/', as: :auth
 ```
 
 Also be sure to
-[specify ActionMailer's `default_url_options.host`](http://guides.rubyonrails.org/action_mailer_basics.html#generating-urls-in-action-mailer-views).
+[specify ActionMailer's `default_url_options.host`](http://guides.rubyonrails.org/action_mailer_basics.html#generating-urls-in-action-mailer-views) and tell the routes as well:
+
+```ruby
+# config/application.rb for example:
+config.action_mailer.default_url_options = {host: "www.example.com"}
+routes.default_url_options[:host] ||= "www.example.com"
+```
 
 ## Configuration
 

data/app/controllers/passwordless/sessions_controller.rb

@@ -37,7 +37,11 @@ module Passwordless
         end
 
         redirect_to(
-          url_for(id: @session.identifier, action: "show"),
+          Passwordless.context.path_for(
+            @session,
+            id: @session.to_param,
+            action: "show"
+          ),
           flash: {notice: I18n.t("passwordless.sessions.create.email_sent")}
         )
       else
@@ -133,6 +137,8 @@ module Passwordless
     private
 
     def artificially_slow_down_brute_force_attacks(token)
+      return unless Passwordless.config.combat_brute_force_attacks
+
       # Make it "slow" on purpose to make brute-force attacks more of a hassle
       BCrypt::Password.create(token)
     end

data/app/mailers/passwordless/mailer.rb

@@ -12,16 +12,14 @@ module Passwordless
     # is still in memory (optional)
     def sign_in(session, token = nil)
       @token = token || session.token
-      @magic_link = url_for(
-        {
-          controller: "passwordless/sessions",
-          action: "confirm",
-          id: session.identifier,
-          token: token,
-          authenticatable: "user",
-          resource: "users"
-        }
+
+      @magic_link = Passwordless.context.url_for(
+        session,
+        action: "confirm",
+        id: session.to_param,
+        token: @token
       )
+
       email_field = session.authenticatable.class.passwordless_email_field
 
       mail(

data/app/views/passwordless/sessions/new.html.erb

@@ -3,9 +3,10 @@
   <%= f.label email_field_name,
           t("passwordless.sessions.new.email.label"),
           for: "passwordless_#{email_field}" %>
-  <%= text_field_tag email_field_name,
+  <%= email_field_tag email_field_name,
   params.fetch(email_field_name, nil),
   required: true,
+  autofocus: true,
   placeholder: t("passwordless.sessions.new.email.placeholder") %>
   <%= f.submit t("passwordless.sessions.new.submit") %>
 <% end %>

data/lib/passwordless/config.rb

@@ -31,6 +31,7 @@ module Passwordless
     option :parent_mailer, default: "ActionMailer::Base"
     option :restrict_token_reuse, default: true
     option :token_generator, default: ShortTokenGenerator.new
+    option :combat_brute_force_attacks, default: !Rails.env.test?
 
     option :expires_at, default: lambda { 1.year.from_now }
     option :timeout_at, default: lambda { 10.minutes.from_now }

data/lib/passwordless/context.rb

@@ -0,0 +1,51 @@
+# frozen_string_literal: true
+
+module Passwordless
+  class Resource
+    def initialize(resource, controller:)
+      @resource = resource
+      @authenticatable = resource.to_s.singularize.to_sym
+      @controller = controller
+    end
+
+    attr_reader :resource, :authenticatable, :controller
+
+    def defaults
+      @defaults ||= {
+        authenticatable: authenticatable,
+        resource: resource,
+        controller: controller
+      }
+    end
+  end
+
+  class Context
+    def initialize
+      @resources = {}
+    end
+
+    attr_reader :resources
+
+    def resource_for(session_or_authenticatable)
+      if session_or_authenticatable.is_a?(Session)
+        session_or_authenticatable = session_or_authenticatable.authenticatable.model_name.to_s.tableize.to_sym
+      end
+
+      resources[session_or_authenticatable.to_sym]
+    end
+
+    def url_for(session_or_authenticatable, **options)
+      unless (resource = resource_for(session_or_authenticatable))
+        raise ArgumentError, "No resource registered for #{session_or_authenticatable}"
+      end
+
+      Rails.application.routes.url_helpers.url_for(
+        resource.defaults.merge(options)
+      )
+    end
+
+    def path_for(session_or_authenticatable, **options)
+      url_for(session_or_authenticatable, only_path: true, **options)
+    end
+  end
+end

data/lib/passwordless/router_helpers.rb

@@ -27,15 +27,9 @@ module Passwordless
 
       as = as.to_s + "_" unless !as || as.to_s.end_with?("_")
 
-      plural = resource.to_s
-      singular = plural.singularize
+      pwless_resource = Passwordless.add_resource(resource, controller: controller)
 
-      defaults = {
-        authenticatable: singular,
-        resource: resource
-      }
-
-      scope(defaults: defaults) do
+      scope(defaults: pwless_resource.defaults) do
         get("#{at}/sign_in", to: "#{controller}#new", as: :"#{as}sign_in")
         post("#{at}/sign_in", to: "#{controller}#create")
         get("#{at}/sign_in/:id", to: "#{controller}#show", as: :"verify_#{as}sign_in")

data/lib/passwordless/test_helpers.rb

@@ -1,33 +1,42 @@
 module Passwordless
   module TestHelpers
-    module TestCase
+    module ControllerTestCase
+      class H
+        extend ControllerHelpers
+      end
+
       def passwordless_sign_out(cls = nil)
         cls ||= "User".constantize
-        dest = url_for(
-          {
-            controller: "passwordless/sessions",
-            action: "destroy",
-            authenticatable: cls.model_name.singular,
-            resource: cls.model_name.to_s.tableize
-          }
-        )
+        @request.session.delete(H.session_key(cls))
+      end
+
+      def passwordless_sign_in(resource)
+        session = Passwordless::Session.create!(authenticatable: resource)
+        @request.session[H.session_key(resource.class)] = session.id
+      end
+    end
+
+    module RequestTestCase
+      def passwordless_sign_out(cls = nil)
+        cls ||= "User".constantize
+        resource = cls.model_name.to_s.tableize
+
+        dest = Passwordless.context.path_for(resource, action: "destroy")
         delete(dest)
+
         follow_redirect!
       end
 
       def passwordless_sign_in(resource)
-        cls = resource.class
         session = Passwordless::Session.create!(authenticatable: resource)
-        magic_link = url_for(
-          {
-            controller: "passwordless/sessions",
-            action: "confirm",
-            id: session.id,
-            token: session.token,
-            authenticatable: cls.model_name.singular,
-            resource: cls.model_name.to_s.tableize
-          }
+
+        magic_link = Passwordless.context.path_for(
+          session,
+          action: "confirm",
+          id: session.to_param,
+          token: session.token
         )
+
         get(magic_link)
         follow_redirect!
       end
@@ -36,31 +45,21 @@ module Passwordless
     module SystemTestCase
       def passwordless_sign_out(cls = nil)
         cls ||= "User".constantize
-        visit(
-          url_for(
-            {
-              controller: "passwordless/sessions",
-              action: "destroy",
-              authenticatable: cls.model_name.singular,
-              resource: cls.model_name.to_s.tableize
-            }
-          )
-        )
+        resource = cls.model_name.to_s.tableize
+
+        visit(Passwordless.context.url_for(resource, action: "destroy"))
       end
 
       def passwordless_sign_in(resource)
-        cls = resource.class
         session = Passwordless::Session.create!(authenticatable: resource)
-        magic_link = url_for(
-          {
-            controller: "passwordless/sessions",
-            action: "confirm",
-            id: session.id,
-            token: session.token,
-            authenticatable: cls.model_name.singular,
-            resource: cls.model_name.to_s.tableize
-          }
+
+        magic_link = Passwordless.context.url_for(
+          session,
+          action: "confirm",
+          id: session.to_param,
+          token: session.token
         )
+
         visit(magic_link)
       end
     end
@@ -68,7 +67,7 @@ module Passwordless
 end
 
 if defined?(ActiveSupport::TestCase)
-  ActiveSupport::TestCase.send(:include, ::Passwordless::TestHelpers::TestCase)
+  ActiveSupport::TestCase.send(:include, ::Passwordless::TestHelpers::ControllerTestCase)
 end
 
 if defined?(ActionDispatch::SystemTestCase)
@@ -77,8 +76,8 @@ end
 
 if defined?(RSpec)
   RSpec.configure do |config|
-    config.include(::Passwordless::TestHelpers::TestCase, type: :request)
-    config.include(::Passwordless::TestHelpers::TestCase, type: :controller)
+    config.include(::Passwordless::TestHelpers::ControllerTestCase, type: :controller)
+    config.include(::Passwordless::TestHelpers::RequestTestCase, type: :request)
     config.include(::Passwordless::TestHelpers::SystemTestCase, type: :system)
   end
 end

data/lib/passwordless/version.rb

@@ -2,5 +2,5 @@
 
 module Passwordless
   # :nodoc:
-  VERSION = "1.1.0"
+  VERSION = "1.2.0"
 end

data/lib/passwordless.rb

@@ -2,6 +2,7 @@
 
 require "active_support"
 require "passwordless/config"
+require "passwordless/context"
 require "passwordless/errors"
 require "passwordless/engine"
 require "passwordless/token_digest"
@@ -10,6 +11,14 @@ require "passwordless/token_digest"
 module Passwordless
   extend Configurable
 
+  def self.context
+    @context ||= Context.new
+  end
+
+  def self.add_resource(resource, controller:, **defaults)
+    context.resources[resource] = Resource.new(resource, controller: controller)
+  end
+
   def self.digest(token)
     TokenDigest.new(token).digest
   end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: passwordless
 version: !ruby/object:Gem::Version
-  version: 1.1.0
+  version: 1.2.0
 platform: ruby
 authors:
 - Mikkel Malmberg
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-11-07 00:00:00.000000000 Z
+date: 2023-12-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -62,6 +62,7 @@ files:
 - lib/generators/passwordless/views_generator.rb
 - lib/passwordless.rb
 - lib/passwordless/config.rb
+- lib/passwordless/context.rb
 - lib/passwordless/controller_helpers.rb
 - lib/passwordless/engine.rb
 - lib/passwordless/errors.rb
@@ -90,7 +91,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.4.21
+rubygems_version: 3.4.22
 signing_key:
 specification_version: 4
 summary: Add authentication to your app without all the ickyness of passwords.