RubyGems - passwordless - Versions diffs - 1.2.0 → 1.3.0 - Mend

passwordless 1.2.0 → 1.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

checksums.yaml +4 -4
data/README.md +10 -24
data/app/controllers/passwordless/sessions_controller.rb +33 -17
data/app/mailers/passwordless/mailer.rb +3 -2
data/app/views/passwordless/sessions/new.html.erb +6 -6
data/app/views/passwordless/sessions/show.html.erb +5 -2
data/lib/passwordless/config.rb +3 -0
data/lib/passwordless/test_helpers.rb +5 -4
data/lib/passwordless/version.rb +1 -1
metadata +3 -3

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b88192b582d0e4f8cb601b00f2cf5d51250dbe9f747d6413728cf2e5da7ddd1b
-  data.tar.gz: 054c733891aa4e4f98a1f684b6d6107414b4214589f76ec5aa20c7337a5b2098
+  metadata.gz: 2242a4b95f1a99d5be1b889539dc6dd9f1eda711ce616f3b090f12dd68337254
+  data.tar.gz: afd9ea1fd2d3b3f15f10a4772d231c53adfd524e22de00d833a9183b34d69397
 SHA512:
-  metadata.gz: a760c9c2ade52b80be4a482abb17a2ff9c71579d07bc55eb1268980a39f69540d354bf1988bb4a7ea35d08e801042d9ff266cc2c98913b7ea5c331a1556b882c
-  data.tar.gz: f66c443aa783a9f490dac97e4a9720ce077594e4d170ad10053bd42168033ca5c57e1b4f20288e0b5a7bd63eaac67b90b8cd52ba80ac8b9a290d2de2bfb2078e
+  metadata.gz: 9b2ceb4c68972744e10ac6dd56e2e863b5e229bb31053b7159a16c020a2cfa55ffe1affcbef92ca52ee03de79d4d675cb5b3f4340e1c888e064e9ab246f3e455
+  data.tar.gz: 7dd102d25dd4cbb60ab73d30732f78a6cd1d6757e345e3b304c9b1abe4394b6b1d883c1368bd7eaa12ecee986ecdfabf3d82cea081048694807388fc5a1bfd69

data/README.md CHANGED Viewed

@@ -25,26 +25,21 @@ See [Upgrading to Passwordless 1.0](docs/upgrading_to_1_0.md) for more details.
 ## Usage
-Passwordless creates a single model called `Passwordless::Session`. It doesn't come with its own `User` model, it expects you to create one:
+Passwordless creates a single model called `Passwordless::Session`, so it doesn't come with its own user model. Instead, it expects you to provide one, with an email field in place. If you don't yet have a user model, check out the wiki on [creating the user model](https://github.com/mikker/passwordless/wiki/Creating-the-user-model).
-```sh
-$ bin/rails generate model User email
-```
-Then specify which field on your `User` record is the email field with:
+Enable Passwordless on your user model by pointing it to the email field:
 ```ruby
 class User < ApplicationRecord
-  validates :email,
-            presence: true,
-            uniqueness: { case_sensitive: false },
-            format: { with: URI::MailTo::EMAIL_REGEXP }
+  # your other code..
+  passwordless_with :email # <-- here! this needs to be a column in `users` table
-  passwordless_with :email # <-- here!
+  # more of your code..
 end
 ```
-Finally, mount the engine in your routes:
+Then mount the engine in your routes:
 ```ruby
 Rails.application.routes.draw do
@@ -163,6 +158,7 @@ The default values are shown below. It's recommended to only include the ones th
 ```ruby
 Passwordless.configure do |config|
   config.default_from_address = "CHANGE_ME@example.com"
+  config.parent_controller = "ApplicationController"
   config.parent_mailer = "ActionMailer::Base"
   config.restrict_token_reuse = false # Can a token/link be used multiple times?
   config.token_generator = Passwordless::ShortTokenGenerator.new # Used to generate magic link tokens.
@@ -175,6 +171,8 @@ Passwordless.configure do |config|
   config.success_redirect_path = '/' # After a user successfully signs in
   config.failure_redirect_path = '/' # After a sign in fails
   config.sign_out_redirect_path = '/' # After a user signs out
+  config.paranoid = false # Display email sent notice even when the resource is not found.
 end
 ```
@@ -260,18 +258,6 @@ class User < ApplicationRecord
 end
 ```
-### Claiming tokens
-By default, a token/magic link **can** be used more than once.
-To change, in `config/initializers/passwordless.rb`:
-```ruby
-Passwordless.configure do |config|
-  config.restrict_token_reuse = true
-end
-```
 ## Test helpers
 To help with testing, a set of test helpers are provided.

data/app/controllers/passwordless/sessions_controller.rb CHANGED Viewed

@@ -4,7 +4,7 @@ require "bcrypt"
 module Passwordless
   # Controller for managing Passwordless sessions
-  class SessionsController < ApplicationController
+  class SessionsController < Passwordless.config.parent_controller.constantize
     include ControllerHelpers
     helper_method :email_field
@@ -20,21 +20,11 @@ module Passwordless
     #   Creates a new Session record then sends the magic link
     #   redirects to sign in page with generic flash message.
     def create
-      unless @resource = find_authenticatable
-        raise(
-          ActiveRecord::RecordNotFound,
-          "Couldn't find #{authenticatable_type} with email #{passwordless_session_params[email_field]}"
-        )
-      end
+      handle_resource_not_found unless @resource = find_authenticatable
       @session = build_passwordless_session(@resource)
       if @session.save
-        if Passwordless.config.after_session_save.arity == 2
-          Passwordless.config.after_session_save.call(@session, request)
-        else
-          Passwordless.config.after_session_save.call(@session)
-        end
+        call_after_session_save
         redirect_to(
           Passwordless.context.path_for(
@@ -50,6 +40,8 @@ module Passwordless
       end
     rescue ActiveRecord::RecordNotFound
+      @session = Session.new
       flash[:error] = I18n.t("passwordless.sessions.create.not_found")
       render(:new, status: :not_found)
     end
@@ -173,12 +165,36 @@ module Passwordless
     end
     def find_authenticatable
-      email = passwordless_session_params[email_field].downcase.strip
       if authenticatable_class.respond_to?(:fetch_resource_for_passwordless)
-        authenticatable_class.fetch_resource_for_passwordless(email)
+        authenticatable_class.fetch_resource_for_passwordless(normalized_email_param)
+      else
+        authenticatable_class.where("lower(#{email_field}) = ?", normalized_email_param).first
+      end
+    end
+    def normalized_email_param
+      passwordless_session_params[email_field].downcase.strip
+    end
+    def handle_resource_not_found
+      if Passwordless.config.paranoid
+        @resource = authenticatable_class.new(email: normalized_email_param)
+        @skip_after_session_save_callback = true
+      else
+        raise(
+          ActiveRecord::RecordNotFound,
+          "Couldn't find #{authenticatable_type} with email #{normalized_email_param}"
+        )
+      end
+    end
+    def call_after_session_save
+      return if @skip_after_session_save_callback
+      if Passwordless.config.after_session_save.arity == 2
+        Passwordless.config.after_session_save.call(@session, request)
       else
-        authenticatable_class.where("lower(#{email_field}) = ?", email).first
+        Passwordless.config.after_session_save.call(@session)
       end
     end

data/app/mailers/passwordless/mailer.rb CHANGED Viewed

@@ -3,7 +3,7 @@
 module Passwordless
   # The mailer responsible for sending Passwordless' mails.
   class Mailer < Passwordless.config.parent_mailer.constantize
-    default from: Passwordless.config.default_from_address
+    default(from: Passwordless.config.default_from_address) if Passwordless.config.default_from_address
     # Sends a token and a magic link
     #
@@ -17,7 +17,8 @@ module Passwordless
         session,
         action: "confirm",
         id: session.to_param,
-        token: @token
+        token: @token,
+        **default_url_options
       )
       email_field = session.authenticatable.class.passwordless_email_field

data/app/views/passwordless/sessions/new.html.erb CHANGED Viewed

@@ -1,12 +1,12 @@
 <%= form_with(model: @session, url: url_for(action: 'new'), data: { turbo: 'false' }) do |f| %>
   <% email_field_name = :"passwordless[#{email_field}]" %>
   <%= f.label email_field_name,
-          t("passwordless.sessions.new.email.label"),
-          for: "passwordless_#{email_field}" %>
+      t("passwordless.sessions.new.email.label"),
+      for: "passwordless_#{email_field}" %>
   <%= email_field_tag email_field_name,
-  params.fetch(email_field_name, nil),
-  required: true,
-  autofocus: true,
-  placeholder: t("passwordless.sessions.new.email.placeholder") %>
+      params.fetch(email_field_name, nil),
+      required: true,
+      autofocus: true,
+      placeholder: t("passwordless.sessions.new.email.placeholder") %>
   <%= f.submit t("passwordless.sessions.new.submit") %>
 <% end %>

data/app/views/passwordless/sessions/show.html.erb CHANGED Viewed

@@ -1,5 +1,8 @@
 <%= form_with(model: @session, url: url_for(action: 'update'), scope: 'passwordless', method: 'patch', data: { turbo: false }) do |f| %>
-  <%= f.label :token, autocomplete: "off" %>
-  <%= f.text_field :token %>
+  <%= f.label :token %>
+  <%= f.text_field :token,
+      required: true,
+      autofocus: true,
+      autocomplete: "one-time-code" %>
   <%= f.submit t(".confirm") %>
 <% end %>

data/lib/passwordless/config.rb CHANGED Viewed

@@ -28,6 +28,7 @@ module Passwordless
     include Options
     option :default_from_address, default: "CHANGE_ME@example.com"
+    option :parent_controller, default: "ApplicationController"
     option :parent_mailer, default: "ActionMailer::Base"
     option :restrict_token_reuse, default: true
     option :token_generator, default: ShortTokenGenerator.new
@@ -48,6 +49,8 @@ module Passwordless
       end
     )
+    option :paranoid, default: false
     def initialize
       set_defaults!
     end

data/lib/passwordless/test_helpers.rb CHANGED Viewed

@@ -43,21 +43,22 @@ module Passwordless
     end
     module SystemTestCase
-      def passwordless_sign_out(cls = nil)
+      def passwordless_sign_out(cls = nil, only_path: false)
         cls ||= "User".constantize
         resource = cls.model_name.to_s.tableize
-        visit(Passwordless.context.url_for(resource, action: "destroy"))
+        visit(Passwordless.context.url_for(resource, action: "destroy", only_path: only_path))
       end
-      def passwordless_sign_in(resource)
+      def passwordless_sign_in(resource, only_path: false)
         session = Passwordless::Session.create!(authenticatable: resource)
         magic_link = Passwordless.context.url_for(
           session,
           action: "confirm",
           id: session.to_param,
-          token: session.token
+          token: session.token,
+          only_path: only_path
         )
         visit(magic_link)

data/lib/passwordless/version.rb CHANGED Viewed

@@ -2,5 +2,5 @@
 module Passwordless
   # :nodoc:
-  VERSION = "1.2.0"
+  VERSION = "1.3.0"
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: passwordless
 version: !ruby/object:Gem::Version
-  version: 1.2.0
+  version: 1.3.0
 platform: ruby
 authors:
 - Mikkel Malmberg
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-12-05 00:00:00.000000000 Z
+date: 2024-01-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -91,7 +91,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.4.22
+rubygems_version: 3.5.5
 signing_key:
 specification_version: 4
 summary: Add authentication to your app without all the ickyness of passwords.