passwordless 1.6.0 → 1.7.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 44758dfedcb5f0b737a6892abdb754751f14d4da6d0c4e7e3ae9fa41d1b544ee
-  data.tar.gz: 01e6534d9d3f8e11ff1f13e908c62a096fc32129a1f34df5a75defa97b7a0b31
+  metadata.gz: 7e765c341b12f05bb0156802dae574f7a0db31288181d4f71779a6ca49e48cd6
+  data.tar.gz: 746f09e1aefaea54d0f926c9bff27548ba1f8a4fdeeea0cfbd87ddc4b22ad65f
 SHA512:
-  metadata.gz: 29e04ae936111350bf9673b2fd38f88e47006b72bcdd4aac5a38595623ab93558ab03e0a62677197d21f56e5370f38cc9fa5b5cc44bd8d8bdecf43e5ee66932d
-  data.tar.gz: 0701f4569d5e37ca19d42eb1afe00bd4b99fb68a1e2951ff9ec419221d32fb559e012cbc80115013b94cb316b5b98c70f32e862ce448cc2985464a39f73d9e4a
+  metadata.gz: 8792ad81a4efbd5a071bb8a119d3e1ad057f2112e2bebbb888bbfdc9a84b95a77e4e2cb68ffb957fecb98f75cf05efb6c17cbd5c97b67a41f1372257eeb1cae9
+  data.tar.gz: 763dbbba33a8568976b5a5df2c28f0d157dcf9fc92504bf9ca016e85f8239c59b1e6ae48f4fa4e2e5ab2391aba9239ce956f7706c5437e168c27756a80fc9f33

data/README.md

@@ -8,7 +8,24 @@
 
 Add authentication to your Rails app without all the icky-ness of passwords. _Magic link_ authentication, if you will. We call it _passwordless_.
 
----
+- [Installation](#installation)
+  - [Upgrading](#upgrading)
+- [Usage](#usage)
+  - [Getting the current user, restricting access, the usual](#getting-the-current-user-restricting-access-the-usual)
+  - [Providing your own templates](#providing-your-own-templates)
+  - [Registering new users](#registering-new-users)
+  - [URLs and links](#urls-and-links)
+  - [Route constraints](#route-constraints)
+- [Configuration](#configuration)
+  - [Delivery method](#delivery-method)
+  - [Token generation](#token-generation)
+  - [Timeout and Expiry](#timeout-and-expiry)
+  - [Redirection after sign-in](#redirection-after-sign-in)
+  - [Looking up the user](#looking-up-the-user)
+- [Test helpers](#test-helpers)
+- [Security considerations](#security-considerations)
+- [Alternatives](#alternatives)
+- [License](#license)
 
 ## Installation
 
@@ -149,6 +166,35 @@ config.action_mailer.default_url_options = {host: "www.example.com"}
 routes.default_url_options[:host] ||= "www.example.com"
 ```
 
+### Route constraints
+
+With [constraints](https://guides.rubyonrails.org/routing.html#request-based-constraints) you can restrict access to certain routes.
+Passwordless provides `Passwordless::Constraint` and it's negative counterpart `Passwordless::NotConstraint` for this purpose.
+
+To limit a route to only authenticated `User`s:
+
+```ruby
+constraints Passwordless::Constraint.new(User) do
+  # ...
+end
+```
+
+The constraint takes a second `if:` argument, that expects a block and is passed the `authenticatable` record, (ie. `User`):
+
+```ruby
+constraints Passwordless::Constraint.new(User, if: -> (user) { user.email.include?("john") }) do
+  # ...
+end
+```
+
+The negated version has the same API but with the opposite result, ie. ensuring authenticated user **don't** have access:
+
+```ruby
+constraints Passwordless::NotConstraint.new(User) do
+  get("/no-users-allowed", to: "secrets#index")
+end
+```
+
 ## Configuration
 
 To customize Passwordless, create a file `config/initializers/passwordless.rb`.
@@ -160,7 +206,7 @@ Passwordless.configure do |config|
   config.default_from_address = "CHANGE_ME@example.com"
   config.parent_controller = "ApplicationController"
   config.parent_mailer = "ActionMailer::Base"
-  config.restrict_token_reuse = false # Can a token/link be used multiple times?
+  config.restrict_token_reuse = true # Can a token/link be used multiple times?
   config.token_generator = Passwordless::ShortTokenGenerator.new # Used to generate magic link tokens.
 
   config.expires_at = lambda { 1.year.from_now } # How long until a signed in session expires.

data/lib/passwordless/constraint.rb

@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+
+require "passwordless/controller_helpers"
+
+module Passwordless
+  # A class the constraint routes to authenticated records
+  class Constraint
+    include ControllerHelpers
+
+    attr_reader :authenticatable_type, :predicate, :session
+
+    # @param [Class] authenticatable_type Authenticatable class
+    # @option options [Proc] :if A lambda that takes an authenticatable and returns a boolean
+    def initialize(authenticatable_type, **options)
+      @authenticatable_type = authenticatable_type
+      # `if' is a keyword but so we do this instead of keyword arguments
+      @predicate = options.fetch(:if) { -> (_) { true } }
+    end
+
+    def matches?(request)
+      # used in authenticate_by_session
+      @session = request.session
+      authenticatable = authenticate_by_session(authenticatable_type)
+      !!(authenticatable && predicate.call(authenticatable))
+    end
+  end
+
+  # A class the constraint routes to NOT authenticated records
+  class ConstraintNot < Constraint
+    # @param [Class] authenticatable_type Authenticatable class
+    # @option options [Proc] :if A lambda that takes an authenticatable and returns a boolean
+    def initialize(authenticatable_type, **options)
+      super
+    end
+
+    def matches?(request)
+      !super
+    end
+  end
+end

data/lib/passwordless/controller_helpers.rb

@@ -54,7 +54,7 @@ module Passwordless
     end
 
     # Signs in session
-    # @param authenticatable [Passwordless::Session] Instance of {Passwordless::Session}
+    # @param passwordless_session [Passwordless::Session] Instance of {Passwordless::Session}
     # to sign in
     # @return [ActiveRecord::Base] the record that is passed in.
     def sign_in(passwordless_session)

data/lib/passwordless/engine.rb

@@ -11,9 +11,5 @@ module Passwordless
       ActionDispatch::Routing::Mapper.include RouterHelpers
       ActiveRecord::Base.extend ModelHelpers
     end
-
-    config.before_initialize do |app|
-      app.config.i18n.load_path += Dir[Engine.root.join("config", "locales", "*.yml")]
-    end
   end
 end

data/lib/passwordless/version.rb

@@ -2,5 +2,5 @@
 
 module Passwordless
   # :nodoc:
-  VERSION = "1.6.0"
+  VERSION = "1.7.0"
 end

data/lib/passwordless.rb

@@ -3,6 +3,7 @@
 require "active_support"
 require "passwordless/config"
 require "passwordless/context"
+require "passwordless/constraint"
 require "passwordless/errors"
 require "passwordless/engine"
 require "passwordless/token_digest"

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: passwordless
 version: !ruby/object:Gem::Version
-  version: 1.6.0
+  version: 1.7.0
 platform: ruby
 authors:
 - Mikkel Malmberg
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-04-25 00:00:00.000000000 Z
+date: 2024-05-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -62,6 +62,7 @@ files:
 - lib/generators/passwordless/views_generator.rb
 - lib/passwordless.rb
 - lib/passwordless/config.rb
+- lib/passwordless/constraint.rb
 - lib/passwordless/context.rb
 - lib/passwordless/controller_helpers.rb
 - lib/passwordless/engine.rb
@@ -91,7 +92,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.5.9
+rubygems_version: 3.5.10
 signing_key:
 specification_version: 4
 summary: Add authentication to your app without all the ickyness of passwords.