RubyGems - passwordless - Versions diffs - 1.5.0 → 1.7.0 - Mend

passwordless 1.5.0 → 1.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (13) hide show

checksums.yaml +4 -4
data/README.md +48 -2
data/app/controllers/passwordless/sessions_controller.rb +7 -6
data/app/models/passwordless/session.rb +2 -1
data/app/views/passwordless/sessions/show.html.erb +1 -1
data/config/locales/en.yml +1 -0
data/db/migrate/20171104221735_create_passwordless_sessions.rb +1 -1
data/lib/passwordless/constraint.rb +40 -0
data/lib/passwordless/controller_helpers.rb +1 -1
data/lib/passwordless/engine.rb +0 -4
data/lib/passwordless/version.rb +1 -1
data/lib/passwordless.rb +1 -0
metadata +4 -3

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 472a9d736665b6a1e1a71bf5175214f3acc414e0c918a33825c98a1d7ac02624
-  data.tar.gz: 9e12898751e19fc7104c62826eaf7c9ee4e17a14a12efc66419eab4850dae720
+  metadata.gz: 7e765c341b12f05bb0156802dae574f7a0db31288181d4f71779a6ca49e48cd6
+  data.tar.gz: 746f09e1aefaea54d0f926c9bff27548ba1f8a4fdeeea0cfbd87ddc4b22ad65f
 SHA512:
-  metadata.gz: 58b5bac3c0260d68a86fc7d9c3258457405a3670e0f8333959aa1ee54774ab68774728522d2e40c5d3b67a430f3b952af8903bb5d29b4ee12b6a291e3415fd17
-  data.tar.gz: 42252595f95f48896cd08ec1be77a28657553ae287cc52213bed5cc343c38121bf12c8aba1db8ea002237ea8b5c1d706a8fc8f10dc7b9522c72c80218e4d35a5
+  metadata.gz: 8792ad81a4efbd5a071bb8a119d3e1ad057f2112e2bebbb888bbfdc9a84b95a77e4e2cb68ffb957fecb98f75cf05efb6c17cbd5c97b67a41f1372257eeb1cae9
+  data.tar.gz: 763dbbba33a8568976b5a5df2c28f0d157dcf9fc92504bf9ca016e85f8239c59b1e6ae48f4fa4e2e5ab2391aba9239ce956f7706c5437e168c27756a80fc9f33

data/README.md CHANGED Viewed

@@ -8,7 +8,24 @@
 Add authentication to your Rails app without all the icky-ness of passwords. _Magic link_ authentication, if you will. We call it _passwordless_.
----
+- [Installation](#installation)
+  - [Upgrading](#upgrading)
+- [Usage](#usage)
+  - [Getting the current user, restricting access, the usual](#getting-the-current-user-restricting-access-the-usual)
+  - [Providing your own templates](#providing-your-own-templates)
+  - [Registering new users](#registering-new-users)
+  - [URLs and links](#urls-and-links)
+  - [Route constraints](#route-constraints)
+- [Configuration](#configuration)
+  - [Delivery method](#delivery-method)
+  - [Token generation](#token-generation)
+  - [Timeout and Expiry](#timeout-and-expiry)
+  - [Redirection after sign-in](#redirection-after-sign-in)
+  - [Looking up the user](#looking-up-the-user)
+- [Test helpers](#test-helpers)
+- [Security considerations](#security-considerations)
+- [Alternatives](#alternatives)
+- [License](#license)
 ## Installation
@@ -149,6 +166,35 @@ config.action_mailer.default_url_options = {host: "www.example.com"}
 routes.default_url_options[:host] ||= "www.example.com"
 ```
+### Route constraints
+With [constraints](https://guides.rubyonrails.org/routing.html#request-based-constraints) you can restrict access to certain routes.
+Passwordless provides `Passwordless::Constraint` and it's negative counterpart `Passwordless::NotConstraint` for this purpose.
+To limit a route to only authenticated `User`s:
+```ruby
+constraints Passwordless::Constraint.new(User) do
+  # ...
+end
+```
+The constraint takes a second `if:` argument, that expects a block and is passed the `authenticatable` record, (ie. `User`):
+```ruby
+constraints Passwordless::Constraint.new(User, if: -> (user) { user.email.include?("john") }) do
+  # ...
+end
+```
+The negated version has the same API but with the opposite result, ie. ensuring authenticated user **don't** have access:
+```ruby
+constraints Passwordless::NotConstraint.new(User) do
+  get("/no-users-allowed", to: "secrets#index")
+end
+```
 ## Configuration
 To customize Passwordless, create a file `config/initializers/passwordless.rb`.
@@ -160,7 +206,7 @@ Passwordless.configure do |config|
   config.default_from_address = "CHANGE_ME@example.com"
   config.parent_controller = "ApplicationController"
   config.parent_mailer = "ActionMailer::Base"
-  config.restrict_token_reuse = false # Can a token/link be used multiple times?
+  config.restrict_token_reuse = true # Can a token/link be used multiple times?
   config.token_generator = Passwordless::ShortTokenGenerator.new # Used to generate magic link tokens.
   config.expires_at = lambda { 1.year.from_now } # How long until a signed in session expires.

data/app/controllers/passwordless/sessions_controller.rb CHANGED Viewed

@@ -30,19 +30,20 @@ module Passwordless
           Passwordless.context.path_for(
             @session,
             id: @session.to_param,
-            action: "show"
+            action: "show",
+            **default_url_options
           ),
           flash: {notice: I18n.t("passwordless.sessions.create.email_sent")}
         )
       else
-        flash[:error] = I18n.t("passwordless.sessions.create.error")
+        flash.alert = I18n.t("passwordless.sessions.create.error")
         render(:new, status: :unprocessable_entity)
       end
     rescue ActiveRecord::RecordNotFound
       @session = Session.new
-      flash[:error] = I18n.t("passwordless.sessions.create.not_found")
+      flash.alert = I18n.t("passwordless.sessions.create.not_found")
       render(:new, status: :not_found)
     end
@@ -155,15 +156,15 @@ module Passwordless
           **redirect_to_options
         )
       else
-        flash[:error] = I18n.t("passwordless.sessions.errors.invalid_token")
+        flash.alert = I18n.t("passwordless.sessions.errors.invalid_token")
         render(status: :forbidden, action: "show")
       end
     rescue Errors::TokenAlreadyClaimedError
-      flash[:error] = I18n.t("passwordless.sessions.errors.token_claimed")
+      flash.alert = I18n.t("passwordless.sessions.errors.token_claimed")
       redirect_to(passwordless_failure_redirect_path, status: :see_other, **redirect_to_options)
     rescue Errors::SessionTimedOutError
-      flash[:error] = I18n.t("passwordless.sessions.errors.session_expired")
+      flash.alert = I18n.t("passwordless.sessions.errors.session_expired")
       redirect_to(passwordless_failure_redirect_path, status: :see_other, **redirect_to_options)
     end

data/app/models/passwordless/session.rb CHANGED Viewed

@@ -9,7 +9,8 @@ module Passwordless
     belongs_to(
       :authenticatable,
       polymorphic: true,
-      inverse_of: :passwordless_sessions
+      inverse_of: :passwordless_sessions,
+      autosave: false
     )
     validates(

data/app/views/passwordless/sessions/show.html.erb CHANGED Viewed

@@ -1,5 +1,5 @@
 <%= form_with(model: @session, url: url_for(action: 'update'), scope: 'passwordless', method: 'patch', data: { turbo: false }) do |f| %>
-  <%= f.label :token %>
+  <%= f.label :token, t(".token") %>
   <%= f.text_field :token,
       required: true,
       autofocus: true,

data/config/locales/en.yml CHANGED Viewed

@@ -12,6 +12,7 @@ en:
         not_found: "We couldn't find a user with that email address"
         error: "An error occured"
       show:
+        token: "Token"
         confirm: "Confirm"
       errors:
         invalid_token: "Token is invalid"

data/db/migrate/20171104221735_create_passwordless_sessions.rb CHANGED Viewed

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
-class CreatePasswordlessSessions < ActiveRecord::Migration[5.1]
+class CreatePasswordlessSessions < ActiveRecord::Migration[6.0]
   def change
     create_table(:passwordless_sessions) do |t|
       t.belongs_to(

data/lib/passwordless/constraint.rb ADDED Viewed

@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+require "passwordless/controller_helpers"
+module Passwordless
+  # A class the constraint routes to authenticated records
+  class Constraint
+    include ControllerHelpers
+    attr_reader :authenticatable_type, :predicate, :session
+    # @param [Class] authenticatable_type Authenticatable class
+    # @option options [Proc] :if A lambda that takes an authenticatable and returns a boolean
+    def initialize(authenticatable_type, **options)
+      @authenticatable_type = authenticatable_type
+      # `if' is a keyword but so we do this instead of keyword arguments
+      @predicate = options.fetch(:if) { -> (_) { true } }
+    end
+    def matches?(request)
+      # used in authenticate_by_session
+      @session = request.session
+      authenticatable = authenticate_by_session(authenticatable_type)
+      !!(authenticatable && predicate.call(authenticatable))
+    end
+  end
+  # A class the constraint routes to NOT authenticated records
+  class ConstraintNot < Constraint
+    # @param [Class] authenticatable_type Authenticatable class
+    # @option options [Proc] :if A lambda that takes an authenticatable and returns a boolean
+    def initialize(authenticatable_type, **options)
+      super
+    end
+    def matches?(request)
+      !super
+    end
+  end
+end

data/lib/passwordless/controller_helpers.rb CHANGED Viewed

@@ -54,7 +54,7 @@ module Passwordless
     end
     # Signs in session
-    # @param authenticatable [Passwordless::Session] Instance of {Passwordless::Session}
+    # @param passwordless_session [Passwordless::Session] Instance of {Passwordless::Session}
     # to sign in
     # @return [ActiveRecord::Base] the record that is passed in.
     def sign_in(passwordless_session)

data/lib/passwordless/engine.rb CHANGED Viewed

@@ -11,9 +11,5 @@ module Passwordless
       ActionDispatch::Routing::Mapper.include RouterHelpers
       ActiveRecord::Base.extend ModelHelpers
     end
-    config.before_initialize do |app|
-      app.config.i18n.load_path += Dir[Engine.root.join("config", "locales", "*.yml")]
-    end
   end
 end

data/lib/passwordless/version.rb CHANGED Viewed

@@ -2,5 +2,5 @@
 module Passwordless
   # :nodoc:
-  VERSION = "1.5.0"
+  VERSION = "1.7.0"
 end

data/lib/passwordless.rb CHANGED Viewed

@@ -3,6 +3,7 @@
 require "active_support"
 require "passwordless/config"
 require "passwordless/context"
+require "passwordless/constraint"
 require "passwordless/errors"
 require "passwordless/engine"
 require "passwordless/token_digest"

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: passwordless
 version: !ruby/object:Gem::Version
-  version: 1.5.0
+  version: 1.7.0
 platform: ruby
 authors:
 - Mikkel Malmberg
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-03-11 00:00:00.000000000 Z
+date: 2024-05-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -62,6 +62,7 @@ files:
 - lib/generators/passwordless/views_generator.rb
 - lib/passwordless.rb
 - lib/passwordless/config.rb
+- lib/passwordless/constraint.rb
 - lib/passwordless/context.rb
 - lib/passwordless/controller_helpers.rb
 - lib/passwordless/engine.rb
@@ -91,7 +92,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.5.6
+rubygems_version: 3.5.10
 signing_key:
 specification_version: 4
 summary: Add authentication to your app without all the ickyness of passwords.