RubyGems - passwordless - Versions diffs - 1.2.0 → 1.3.0 - Mend

passwordless 1.2.0 → 1.3.0

Files changed (10) hide show

checksums.yaml +4 -4
data/README.md +10 -24
data/app/controllers/passwordless/sessions_controller.rb +33 -17
data/app/mailers/passwordless/mailer.rb +3 -2
data/app/views/passwordless/sessions/new.html.erb +6 -6
data/app/views/passwordless/sessions/show.html.erb +5 -2
data/lib/passwordless/config.rb +3 -0
data/lib/passwordless/test_helpers.rb +5 -4
data/lib/passwordless/version.rb +1 -1
metadata +3 -3

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b88192b582d0e4f8cb601b00f2cf5d51250dbe9f747d6413728cf2e5da7ddd1b
-  data.tar.gz: 054c733891aa4e4f98a1f684b6d6107414b4214589f76ec5aa20c7337a5b2098
+  metadata.gz: 2242a4b95f1a99d5be1b889539dc6dd9f1eda711ce616f3b090f12dd68337254
+  data.tar.gz: afd9ea1fd2d3b3f15f10a4772d231c53adfd524e22de00d833a9183b34d69397
 SHA512:
-  metadata.gz: a760c9c2ade52b80be4a482abb17a2ff9c71579d07bc55eb1268980a39f69540d354bf1988bb4a7ea35d08e801042d9ff266cc2c98913b7ea5c331a1556b882c
-  data.tar.gz: f66c443aa783a9f490dac97e4a9720ce077594e4d170ad10053bd42168033ca5c57e1b4f20288e0b5a7bd63eaac67b90b8cd52ba80ac8b9a290d2de2bfb2078e
+  metadata.gz: 9b2ceb4c68972744e10ac6dd56e2e863b5e229bb31053b7159a16c020a2cfa55ffe1affcbef92ca52ee03de79d4d675cb5b3f4340e1c888e064e9ab246f3e455
+  data.tar.gz: 7dd102d25dd4cbb60ab73d30732f78a6cd1d6757e345e3b304c9b1abe4394b6b1d883c1368bd7eaa12ecee986ecdfabf3d82cea081048694807388fc5a1bfd69

data/README.md CHANGED Viewed

@@ -25,26 +25,21 @@ See [Upgrading to Passwordless 1.0](docs/upgrading_to_1_0.md) for more details.
 ## Usage
-Passwordless creates a single model called `Passwordless::Session`. It doesn't come with its own `User` model, it expects you to create one:
+Passwordless creates a single model called `Passwordless::Session`, so it doesn't come with its own user model. Instead, it expects you to provide one, with an email field in place. If you don't yet have a user model, check out the wiki on [creating the user model](https://github.com/mikker/passwordless/wiki/Creating-the-user-model).
-```sh
-$ bin/rails generate model User email
-```
-Then specify which field on your `User` record is the email field with:
+Enable Passwordless on your user model by pointing it to the email field:
 ```ruby
 class User < ApplicationRecord
-  validates :email,
-            presence: true,
-            uniqueness: { case_sensitive: false },
-            format: { with: URI::MailTo::EMAIL_REGEXP }
+  # your other code..
+  passwordless_with :email # <-- here! this needs to be a column in `users` table
-  passwordless_with :email # <-- here!
+  # more of your code..
 end
 ```
-Finally, mount the engine in your routes:
+Then mount the engine in your routes:
 ```ruby
 Rails.application.routes.draw do
@@ -163,6 +158,7 @@ The default values are shown below. It's recommended to only include the ones th
 ```ruby
 Passwordless.configure do |config|
   config.default_from_address = "CHANGE_ME@example.com"
+  config.parent_controller = "ApplicationController"
   config.parent_mailer = "ActionMailer::Base"
   config.restrict_token_reuse = false # Can a token/link be used multiple times?
   config.token_generator = Passwordless::ShortTokenGenerator.new # Used to generate magic link tokens.
@@ -175,6 +171,8 @@ Passwordless.configure do |config|
   config.success_redirect_path = '/' # After a user successfully signs in
   config.failure_redirect_path = '/' # After a sign in fails
   config.sign_out_redirect_path = '/' # After a user signs out
+  config.paranoid = false # Display email sent notice even when the resource is not found.
 end
 ```
@@ -260,18 +258,6 @@ class User < ApplicationRecord
 end
 ```
-### Claiming tokens
-By default, a token/magic link **can** be used more than once.
-To change, in `config/initializers/passwordless.rb`:
-```ruby
-Passwordless.configure do |config|
-  config.restrict_token_reuse = true
-end
-```
 ## Test helpers
 To help with testing, a set of test helpers are provided.

data/app/controllers/passwordless/sessions_controller.rb CHANGED Viewed

@@ -4,7 +4,7 @@ require "bcrypt"
 module Passwordless
   # Controller for managing Passwordless sessions
-  class SessionsController < ApplicationController
+  class SessionsController < Passwordless.config.parent_controller.constantize
     include ControllerHelpers
     helper_method :email_field
@@ -20,21 +20,11 @@ module Passwordless
     #   Creates a new Session record then sends the magic link
     #   redirects to sign in page with generic flash message.
     def create
-      unless @resource = find_authenticatable
-        raise(
-          ActiveRecord::RecordNotFound,
-          "Couldn't find #{authenticatable_type} with email #{passwordless_session_params[email_field]}"
-        )
-      end
+      handle_resource_not_found unless @resource = find_authenticatable
       @session = build_passwordless_session(@resource)
       if @session.save
-        if Passwordless.config.after_session_save.arity == 2
-          Passwordless.config.after_session_save.call(@session, request)
-        else
-          Passwordless.config.after_session_save.call(@session)
-        end
+        call_after_session_save
         redirect_to(
           Passwordless.context.path_for(
@@ -50,6 +40,8 @@ module Passwordless
       end
     rescue ActiveRecord::RecordNotFound
+      @session = Session.new
       flash[:error] = I18n.t("passwordless.sessions.create.not_found")
       render(:new, status: :not_found)
     end
@@ -173,12 +165,36 @@ module Passwordless
     end
     def find_authenticatable
-      email = passwordless_session_params[email_field].downcase.strip
       if authenticatable_class.respond_to?(:fetch_resource_for_passwordless)
-        authenticatable_class.fetch_resource_for_passwordless(email)
+        authenticatable_class.fetch_resource_for_passwordless(normalized_email_param)
+      else
+        authenticatable_class.where("lower(#{email_field}) = ?", normalized_email_param).first
+      end
+    end
+    def normalized_email_param
+      passwordless_session_params[email_field].downcase.strip
+    end
+    def handle_resource_not_found
+      if Passwordless.config.paranoid
+        @resource = authenticatable_class.new(email: normalized_email_param)
+        @skip_after_session_save_callback = true
+      else
+        raise(
+          ActiveRecord::RecordNotFound,
+          "Couldn't find #{authenticatable_type} with email #{normalized_email_param}"
+        )
+      end
+    end
+    def call_after_session_save
+      return if @skip_after_session_save_callback
+      if Passwordless.config.after_session_save.arity == 2
+        Passwordless.config.after_session_save.call(@session, request)
       else
-        authenticatable_class.where("lower(#{email_field}) = ?", email).first
+        Passwordless.config.after_session_save.call(@session)
       end
     end

data/app/mailers/passwordless/mailer.rb CHANGED Viewed

@@ -3,7 +3,7 @@
 module Passwordless
   # The mailer responsible for sending Passwordless' mails.
   class Mailer < Passwordless.config.parent_mailer.constantize
-    default from: Passwordless.config.default_from_address
+    default(from: Passwordless.config.default_from_address) if Passwordless.config.default_from_address
     # Sends a token and a magic link
     #
@@ -17,7 +17,8 @@ module Passwordless
         session,
         action: "confirm",
         id: session.to_param,
-        token: @token
+        token: @token,
+        **default_url_options
       )
       email_field = session.authenticatable.class.passwordless_email_field

data/app/views/passwordless/sessions/new.html.erb CHANGED Viewed

@@ -1,12 +1,12 @@
 <%= form_with(model: @session, url: url_for(action: 'new'), data: { turbo: 'false' }) do |f| %>
   <% email_field_name = :"passwordless[#{email_field}]" %>
   <%= f.label email_field_name,
-          t("passwordless.sessions.new.email.label"),
-          for: "passwordless_#{email_field}" %>
+      t("passwordless.sessions.new.email.label"),
+      for: "passwordless_#{email_field}" %>
   <%= email_field_tag email_field_name,
-  params.fetch(email_field_name, nil),
-  required: true,
-  autofocus: true,
-  placeholder: t("passwordless.sessions.new.email.placeholder") %>
+      params.fetch(email_field_name, nil),
+      required: true,
+      autofocus: true,
+      placeholder: t("passwordless.sessions.new.email.placeholder") %>
   <%= f.submit t("passwordless.sessions.new.submit") %>
 <% end %>

data/app/views/passwordless/sessions/show.html.erb CHANGED Viewed

@@ -1,5 +1,8 @@
 <%= form_with(model: @session, url: url_for(action: 'update'), scope: 'passwordless', method: 'patch', data: { turbo: false }) do |f| %>
-  <%= f.label :token, autocomplete: "off" %>
-  <%= f.text_field :token %>
+  <%= f.label :token %>
+  <%= f.text_field :token,
+      required: true,
+      autofocus: true,
+      autocomplete: "one-time-code" %>
   <%= f.submit t(".confirm") %>
 <% end %>

data/lib/passwordless/config.rb CHANGED Viewed

@@ -28,6 +28,7 @@ module Passwordless
     include Options
     option :default_from_address, default: "CHANGE_ME@example.com"
+    option :parent_controller, default: "ApplicationController"
     option :parent_mailer, default: "ActionMailer::Base"
     option :restrict_token_reuse, default: true
     option :token_generator, default: ShortTokenGenerator.new
@@ -48,6 +49,8 @@ module Passwordless
       end
     )
+    option :paranoid, default: false
     def initialize
       set_defaults!
     end

data/lib/passwordless/test_helpers.rb CHANGED Viewed

@@ -43,21 +43,22 @@ module Passwordless
     end
     module SystemTestCase
-      def passwordless_sign_out(cls = nil)
+      def passwordless_sign_out(cls = nil, only_path: false)
         cls ||= "User".constantize
         resource = cls.model_name.to_s.tableize
-        visit(Passwordless.context.url_for(resource, action: "destroy"))
+        visit(Passwordless.context.url_for(resource, action: "destroy", only_path: only_path))
       end
-      def passwordless_sign_in(resource)
+      def passwordless_sign_in(resource, only_path: false)
         session = Passwordless::Session.create!(authenticatable: resource)
         magic_link = Passwordless.context.url_for(
           session,
           action: "confirm",
           id: session.to_param,
-          token: session.token
+          token: session.token,
+          only_path: only_path
         )
         visit(magic_link)

data/lib/passwordless/version.rb CHANGED Viewed

@@ -2,5 +2,5 @@
 module Passwordless
   # :nodoc:
-  VERSION = "1.2.0"
+  VERSION = "1.3.0"
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: passwordless
 version: !ruby/object:Gem::Version
-  version: 1.2.0
+  version: 1.3.0
 platform: ruby
 authors:
 - Mikkel Malmberg
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-12-05 00:00:00.000000000 Z
+date: 2024-01-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -91,7 +91,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.4.22
+rubygems_version: 3.5.5
 signing_key:
 specification_version: 4
 summary: Add authentication to your app without all the ickyness of passwords.