pinfirmable 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: f55d06fcbd986c88e69b9c9df912939affadb399
+  data.tar.gz: bc519c3cd1082adc7c732937a0cd1f4b474a7589
+SHA512:
+  metadata.gz: 8825940ef2a09fe180a816085e036ef2676b86eab19c34ec75e0f9b019c53e04886d71b158b14e3dda6f6938582a77f1fe565a71e3aeab52d7b4d81401c7d6af
+  data.tar.gz: 05da6db8b180edab5297581588aec469826bf04c1b9afdc311ede93a42b4beb625b8d65d788719ffdb901f11409272de5a4efe731c996799a986d5f12e9bb015

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright 2016 Yoomee Digital Ltd
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,36 @@
+# Pinfirmable
+A replacement for Devise `confirmable` to use a pin rather than an emailed link to confirm a users email. (Inspired by Slack)
+
+## Installation
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'pinfirmable'
+```
+And then execute:
+```bash
+$ bundle
+```
+Add the `pinfirmable` module to your devise model (e.g User)
+```ruby
+class User < ApplicationRecord
+  devise :database_authenticatable,
+         :registerable,
+         ...
+         :pinfirmable
+```
+```bash
+rake db:migrate
+# If your devise model isn't called user
+rake db:migrate MODEL=admin
+```
+Add the javascript include to the asset pipeline.
+```
+//= require pinfirmable
+```
+
+## Todo
+ - Encrypt the pin in the DB
+
+## License
+The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).

data/Rakefile

@@ -0,0 +1,30 @@
+begin
+  require "bundler/setup"
+rescue LoadError
+  puts "You must `gem install bundler` and `bundle install` to run rake tasks"
+end
+
+require "rdoc/task"
+
+RDoc::Task.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = "rdoc"
+  rdoc.title    = "Pinfirmable"
+  rdoc.options << "--line-numbers"
+  rdoc.rdoc_files.include("README.md")
+  rdoc.rdoc_files.include("lib/**/*.rb")
+end
+
+APP_RAKEFILE = File.expand_path("../spec/dummy/Rakefile", __FILE__)
+load "rails/tasks/engine.rake"
+
+load "rails/tasks/statistics.rake"
+
+require "bundler/gem_tasks"
+
+require "rspec/core"
+require "rspec/core/rake_task"
+
+desc "Run all specs in spec directory (excluding plugin specs)"
+RSpec::Core::RakeTask.new(spec: "app:db:test:prepare")
+
+task default: :spec

data/app/assets/javascripts/pinfirmable.js

@@ -0,0 +1,80 @@
+var pinfirmable = {
+  init: function() {
+    var elem = document.getElementById('pinfirmable-noscript');
+    if(elem) {
+      elem.style.display = 'none';
+    }
+  },
+
+  autoTab: function(event) {
+    switch (this.detectKeyPress(event)) {
+    case "digit":
+      this.handleDigitPress(event);
+      event.preventDefault();
+      break;
+    case "backspace":
+      this.handleBackspacePress(event);
+      break;
+    case "character":
+      return false;
+    default:
+      return true;
+    }
+  },
+
+  handleDigitPress: function(event) {
+    var elem = event.srcElement;
+    elem.value = event.key;
+
+    var nextElem = this.nextElement(elem);
+    if(nextElem.type == "text" || nextElem.type == "number") {
+      nextElem.focus();
+    }
+    else {
+      elem.form.submit();
+    }
+    return true;
+  },
+
+  handleBackspacePress: function(event) {
+    var elem = event.srcElement;
+    if(elem.value.length > 0) {
+      elem.value = "";
+    } else {
+      var previousElement = this.previousElement(elem);
+      previousElement.value = "";
+      previousElement.focus();
+    }
+  },
+
+  indexOfElement: function(elem) {
+    var i;
+    var elements = elem.form.elements;
+      for (i=0, numElements=elements.length; i<numElements; i++) {
+        if (elements[i]==elem) {
+          break;
+      }
+    }
+    return i;
+  },
+
+  nextElement: function(elem) {
+    var elements = elem.form.elements;
+    var i = this.indexOfElement(elem);
+    return elements[i + 1];
+  },
+
+  previousElement: function(elem) {
+    var elements = elem.form.elements;
+    var i = this.indexOfElement(elem);
+    return elements[i - 1];
+  },
+
+  detectKeyPress: function(event) {
+    if(event.keyCode === 8) { return "backspace"; }
+    if(!isNaN(event.key - parseFloat(event.key))) { return "digit"; }
+    if(/\S/.test(String.fromCharCode(event.keyCode))) { return "character"; }
+  }
+};
+
+pinfirmable.init();

data/app/controllers/devise/pinfirmable_controller.rb

@@ -0,0 +1,56 @@
+module Devise
+  class PinfirmableController < DeviseController
+    def new
+      @locked_out = locked_out?
+    end
+
+    def create
+      if locked_out?
+        @locked_out = true
+        render(:new, status: 429) && return
+      end
+
+      if Pinfirmable::Pin.new(params[:digits]).matches_user_pin(pinfirmable_user)
+        pinfirmable_user.update_attribute(:pinfirmable_pin, nil)
+        redirect_to after_confirmation_path_for(resource_name, pinfirmable_user)
+      else
+        tries = pinfirmable_user.pinfirmable_tries += 1
+        lockout = (tries % 3).zero? ? (tries / 3).minute.from_now : nil
+        pinfirmable_user.update_attributes(
+          pinfirmable_tries: tries,
+          pinfirmable_lockout: lockout
+        )
+        redirect_to user_confirmemail_path
+      end
+    end
+
+    def resend_email
+      flash[:notice] = "We have just resent your code"
+      PinfirmableMailer.pin_email(pinfirmable_user).deliver
+      redirect_to user_confirmemail_path
+    end
+
+    protected
+
+    def pinfirmable_user
+      request.env["CHECKING_PINFIRMABLE_PIN"] = true
+      pu = current_user
+      request.env["CHECKING_PINFIRMABLE_PIN"] = false
+      pu
+    end
+
+    def locked_out?
+      return false unless pinfirmable_user
+      return false if pinfirmable_user.pinfirmable_lockout.nil?
+      pinfirmable_user.pinfirmable_lockout > Time.now
+    end
+
+    def after_confirmation_path_for(resource_name, resource)
+      if signed_in?(resource_name)
+        signed_in_root_path(resource)
+      else
+        new_session_path(resource_name)
+      end
+    end
+  end
+end

data/app/mailers/pinfirmable_mailer.rb

@@ -0,0 +1,13 @@
+class PinfirmableMailer < ApplicationMailer
+  def pin_email(user)
+    @code_part1 = user.pinfirmable_pin[0..2]
+    @code_part2 = user.pinfirmable_pin[3..6]
+    mail(
+      to: user.email,
+      subject: default_i18n_subject(
+        code_part1: @code_part1,
+        code_part2: @code_part2
+      )
+    )
+  end
+end

data/app/views/devise/pinfirmable/new.html.erb

@@ -0,0 +1,25 @@
+<div class="pinfirmable-panel">
+  <h1><%= t("confirm.title") %></h1>
+  <p><%= simple_format t("confirm.body") %></p>
+  <%= form_tag("/users/pinfirmable", method: "post", id: "pinfirmable-form") do %>
+    <div id="pinfirmable-pin-inputs">
+      <%= text_field_tag "digits[]", "", id: "digits_1", class: "pin-input", maxlength: "1", onKeyDown: "return pinfirmable.autoTab(event)", onFocus: "return this.select()", autocomplete: "off", autofocus: true %>
+      <%= text_field_tag "digits[]", "", id: "digits_2", class: "pin-input", maxlength: "1", onKeyDown: "return pinfirmable.autoTab(event)", onFocus: "return this.select()", autocomplete: "off" %>
+      <%= text_field_tag "digits[]", "", id: "digits_3", class: "pin-input", maxlength: "1", onKeyDown: "return pinfirmable.autoTab(event)", onFocus: "return this.select()", autocomplete: "off" %>
+      <span class="pin-separator">&nbsp;</span>
+        <%= text_field_tag "digits[]", "", id: "digits_4", class: "pin-input", maxlength: "1", onKeyDown: "return pinfirmable.autoTab(event)", onFocus: "return this.select()", autocomplete: "off" %>
+        <%= text_field_tag "digits[]", "", id: "digits_5", class: "pin-input", maxlength: "1", onKeyDown: "return pinfirmable.autoTab(event)", onFocus: "return this.select()", autocomplete: "off" %>
+        <%= text_field_tag "digits[]", "", id: "digits_6", class: "pin-input", maxlength: "1", onKeyDown: "return pinfirmable.autoTab(event)", onFocus: "return this.select()", autocomplete: "off" %>
+    </div>
+    <%= submit_tag("GO!", id: "pinfirmable-noscript") %>
+  <% end %>
+  <% if @locked_out %>
+    <div class="pinfirmable-alert">
+      <%= t("confirm.rate_limit") %>
+    </div>
+  <% end %>
+
+  <%= form_tag("/users/pinfirmable/resend_email", method: "post", id: "pinfirmable-resend-form") do %>
+    <%= submit_tag(t("confirm.no_email")) %>
+  <% end %>
+</div>

data/app/views/pinfirmable_mailer/pin_email.html.erb

@@ -0,0 +1,5 @@
+<h1>Confirm your email with the following code</h1>
+
+<h2><%= t(".code", code_part1: @code_part1, code_part2: @code_part2) %></h2>
+
+Thanks

data/config/locales/en.yml

@@ -0,0 +1,12 @@
+en:
+  pinfirmable_mailer:
+    pin_email:
+      subject: "Confirmation code: %{code_part1}-%{code_part2}"
+      code: "%{code_part1}-%{code_part2}"
+  confirm:
+    title: "Thanks. We've sent you an email"
+    body: |
+      The email we have sent you contains a 6 digit code. Please enter your code below.
+      We do this to make sure that we are creating your account with the correct email address and to stop any account being created in error.
+    no_email: "Not received an email?"
+    rate_limit: "You're trying too many times, please try again in a minute."

data/db/migrate/20160901131628_add_pinfirmable_columns_to_resource.rb

@@ -0,0 +1,8 @@
+class AddPinfirmableColumnsToResource < ActiveRecord::Migration[5.0]
+  def change
+    model = (ENV["MODEL"] || "user").downcase.pluralize.to_sym
+    add_column model, :pinfirmable_pin, :string
+    add_column model, :pinfirmable_tries, :integer, default: 0
+    add_column model, :pinfirmable_lockout, :datetime, default: nil
+  end
+end

data/lib/pinfirmable/engine.rb

@@ -0,0 +1,11 @@
+module Pinfirmable
+  class Engine < ::Rails::Engine
+    initializer :append_migrations do |app|
+      unless app.root.to_s.match root.to_s
+        config.paths["db/migrate"].expanded.each do |expanded_path|
+          app.config.paths["db/migrate"] << expanded_path
+        end
+      end
+    end
+  end
+end

data/lib/pinfirmable/hooks/pinfirmable.rb

@@ -0,0 +1,7 @@
+Warden::Manager.after_set_user do |user, warden, _options|
+  unless warden.env["CHECKING_PINFIRMABLE_PIN"] || !user.pinfirmable_pin.present?
+    response = Rack::Response.new
+    response.redirect "/users/confirmemail"
+    throw :warden, response.finish
+  end
+end

data/lib/pinfirmable/models/pinfirmable.rb

@@ -0,0 +1,23 @@
+module Devise
+  module Models
+    module Pinfirmable
+      extend ActiveSupport::Concern
+      included do
+        before_create :generate_confirmation_token
+        after_commit :send_confirmation_instructions, on: :create
+      end
+
+      protected
+
+      def generate_confirmation_token
+        pin = ""
+        6.times { pin << SecureRandom.random_number(9).to_s }
+        self.pinfirmable_pin = pin
+      end
+
+      def send_confirmation_instructions
+        PinfirmableMailer.pin_email(self).deliver
+      end
+    end
+  end
+end

data/lib/pinfirmable/pin.rb

@@ -0,0 +1,13 @@
+module Pinfirmable
+  class Pin
+    attr_accessor :digits
+
+    def initialize(digits)
+      @digits = digits.flatten.join
+    end
+
+    def matches_user_pin(user)
+      user.pinfirmable_pin == @digits
+    end
+  end
+end

data/lib/pinfirmable/routes.rb

@@ -0,0 +1,18 @@
+module ActionDispatch
+  module Routing
+    class Mapper
+      protected
+
+      def devise_pinfirmable(mapping, controllers)
+        resource :pinfirmable,
+                 only: [:create],
+                 path: mapping.path_names[:pinfirmable],
+                 controller: controllers[:pinfirmable] do
+                   post :resend_email
+                 end
+
+        get :confirmemail, to: :new, controller: controllers[:pinfirmable], action: :new
+      end
+    end
+  end
+end

data/lib/pinfirmable/version.rb

@@ -0,0 +1,3 @@
+module Pinfirmable
+  VERSION = "0.1.0".freeze
+end

data/lib/pinfirmable.rb

@@ -0,0 +1,14 @@
+require "pinfirmable/engine"
+require "devise"
+
+module Pinfirmable
+end
+
+Devise.add_module :pinfirmable,
+                  controller: :pinfirmable,
+                  route: :pinfirmable,
+                  model: "pinfirmable/models/pinfirmable"
+
+require "pinfirmable/routes"
+require "pinfirmable/pin"
+require "pinfirmable/hooks/pinfirmable"

data/lib/tasks/pinfirmable_tasks.rake

@@ -0,0 +1,4 @@
+# desc "Explaining what the task does"
+# task :pinfirmable do
+#   # Task goes here
+# end

data/spec/controllers/pinfirmable_controller/create_spec.rb

@@ -0,0 +1,60 @@
+require "spec_helper"
+require "timecop"
+
+RSpec.describe Devise::PinfirmableController do
+  describe "POST create" do
+    before do
+      @request.env["devise.mapping"] = Devise.mappings[:user]
+      @user = User.create(email: "test@example.com", password: "password")
+      sign_in @user
+    end
+
+    context "correct pin" do
+      it "returns success" do
+        post :create, params: { digits: @user.pinfirmable_pin.split("") }
+        expect(response).to redirect_to("/")
+      end
+    end
+
+    context "incorrect pin" do
+      let(:pin) { %w(1 2 3 4 5 6) }
+
+      it "returns success" do
+        post :create, params: { digits: pin }
+        expect(response).to redirect_to("/users/confirmemail")
+      end
+
+      it "increments the tries" do
+        post :create, params: { digits: pin }
+        expect(@user.reload.pinfirmable_tries).to eq(1)
+      end
+
+      it "after 3 tries the user is stopped from trying anymore pins for 1 minute" do
+        Timecop.freeze(Time.now)
+        3.times { post :create, params: { digits: pin } }
+        expect(@user.reload.pinfirmable_lockout).to eq(1.minute.from_now)
+      end
+
+      it "after 6 tries the user is stopped from trying anymore pins for 1 minute" do
+        3.times { post :create, params: { digits: pin } }
+        Timecop.freeze(2.minutes.from_now)
+        3.times { post :create, params: { digits: pin } }
+        expect(@user.reload.pinfirmable_lockout).to eq(2.minutes.from_now)
+      end
+
+      it "while locked out no tries are allowed" do
+        Timecop.freeze(Time.now)
+        4.times { post :create, params: { digits: pin } }
+        expect(response.status).to eq(429)
+      end
+
+      it "after the lockout you can try again" do
+        Timecop.freeze(Time.now)
+        4.times { post :create, params: { digits: pin } }
+        Timecop.freeze(2.minutes.from_now)
+        post :create, params: { digits: pin }
+        expect(@user.reload.pinfirmable_tries).to eq(4)
+      end
+    end
+  end
+end

data/spec/controllers/pinfirmable_controller/new_spec.rb

@@ -0,0 +1,14 @@
+require "spec_helper"
+
+RSpec.describe Devise::PinfirmableController do
+  describe "GET new" do
+    before do
+      @request.env["devise.mapping"] = Devise.mappings[:user]
+    end
+
+    it "returns success" do
+      get :new
+      expect(response).to be_success
+    end
+  end
+end

data/spec/controllers/pinfirmable_controller/resend_email_spec.rb

@@ -0,0 +1,21 @@
+require "spec_helper"
+
+RSpec.describe Devise::PinfirmableController do
+  describe "POST resend_email" do
+    before do
+      @request.env["devise.mapping"] = Devise.mappings[:user]
+      @user = User.create(email: "test@example.com", password: "password")
+      sign_in @user
+    end
+
+    it "redirects back to the confirm page" do
+      post :resend_email
+      expect(response).to be_redirect
+    end
+
+    it "sets the flash" do
+      post :resend_email
+      expect(flash[:notice]).to eq("We have just resent your code")
+    end
+  end
+end

data/spec/dummy/Rakefile

@@ -0,0 +1,6 @@
+# Add your own tasks in files placed in lib/tasks ending in .rake,
+# for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
+
+require_relative "config/application"
+
+Rails.application.load_tasks

data/spec/dummy/app/assets/config/manifest.js

@@ -0,0 +1,5 @@
+
+//= link_tree ../images
+//= link_directory ../javascripts .js
+//= link_directory ../stylesheets .css
+//= link pinfirmable_manifest.js

data/spec/dummy/app/assets/javascripts/application.js

@@ -0,0 +1,13 @@
+// This is a manifest file that'll be compiled into application.js, which will include all the files
+// listed below.
+//
+// Any JavaScript/Coffee file within this directory, lib/assets/javascripts, vendor/assets/javascripts,
+// or any plugin's vendor/assets/javascripts directory can be referenced here using a relative path.
+//
+// It's not advisable to add code directly here, but if you do, it'll appear at the bottom of the
+// compiled file. JavaScript code in this file should be added after the last require_* statement.
+//
+// Read Sprockets README (https://github.com/rails/sprockets#sprockets-directives) for details
+// about supported directives.
+//
+//= require_tree .

data/spec/dummy/app/assets/javascripts/cable.js

@@ -0,0 +1,13 @@
+// Action Cable provides the framework to deal with WebSockets in Rails.
+// You can generate new channels where WebSocket features live using the rails generate channel command.
+//
+//= require action_cable
+//= require_self
+//= require_tree ./channels
+
+(function() {
+  this.App || (this.App = {});
+
+  App.cable = ActionCable.createConsumer();
+
+}).call(this);

data/spec/dummy/app/assets/stylesheets/application.css

@@ -0,0 +1,15 @@
+/*
+ * This is a manifest file that'll be compiled into application.css, which will include all the files
+ * listed below.
+ *
+ * Any CSS and SCSS file within this directory, lib/assets/stylesheets, vendor/assets/stylesheets,
+ * or any plugin's vendor/assets/stylesheets directory can be referenced here using a relative path.
+ *
+ * You're free to add application-wide styles to this file and they'll appear at the bottom of the
+ * compiled file so the styles you add here take precedence over styles defined in any other CSS/SCSS
+ * files in this directory. Styles in this file should be added after the last require_* statement.
+ * It is generally better to create a new file per style scope.
+ *
+ *= require_tree .
+ *= require_self
+ */

data/spec/dummy/app/channels/application_cable/channel.rb

@@ -0,0 +1,4 @@
+module ApplicationCable
+  class Channel < ActionCable::Channel::Base
+  end
+end

data/spec/dummy/app/channels/application_cable/connection.rb

@@ -0,0 +1,4 @@
+module ApplicationCable
+  class Connection < ActionCable::Connection::Base
+  end
+end

data/spec/dummy/app/controllers/application_controller.rb

@@ -0,0 +1,7 @@
+class ApplicationController < ActionController::Base
+  protect_from_forgery with: :exception
+
+  def index
+    render plain: "Hello world!"
+  end
+end

data/spec/dummy/app/helpers/application_helper.rb

@@ -0,0 +1,2 @@
+module ApplicationHelper
+end

data/spec/dummy/app/jobs/application_job.rb

@@ -0,0 +1,2 @@
+class ApplicationJob < ActiveJob::Base
+end

data/spec/dummy/app/mailers/application_mailer.rb

@@ -0,0 +1,4 @@
+class ApplicationMailer < ActionMailer::Base
+  default from: "from@example.com"
+  layout "mailer"
+end

data/spec/dummy/app/models/application_record.rb

@@ -0,0 +1,3 @@
+class ApplicationRecord < ActiveRecord::Base
+  self.abstract_class = true
+end

data/spec/dummy/app/models/user.rb

@@ -0,0 +1,6 @@
+class User < ApplicationRecord
+  # Include default devise modules. Others available are:
+  # :confirmable, :lockable, :timeoutable and :omniauthable
+  devise :database_authenticatable, :registerable,
+         :recoverable, :rememberable, :trackable, :validatable, :pinfirmable
+end

data/spec/dummy/app/views/layouts/application.html.erb

@@ -0,0 +1,14 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <title>Dummy</title>
+    <%= csrf_meta_tags %>
+
+    <%= stylesheet_link_tag    'application', media: 'all', 'data-turbolinks-track': 'reload' %>
+    <%= javascript_include_tag 'application', 'data-turbolinks-track': 'reload' %>
+  </head>
+
+  <body>
+    <%= yield %>
+  </body>
+</html>

data/spec/dummy/app/views/layouts/mailer.html.erb

@@ -0,0 +1,13 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+    <style>
+      /* Email styles need to be inline */
+    </style>
+  </head>
+
+  <body>
+    <%= yield %>
+  </body>
+</html>

data/spec/dummy/app/views/layouts/mailer.text.erb

@@ -0,0 +1 @@
+<%= yield %>

data/spec/dummy/bin/bundle

@@ -0,0 +1,3 @@
+#!/usr/bin/env ruby
+ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../../Gemfile", __FILE__)
+load Gem.bin_path("bundler", "bundle")