pollett 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 0b840bb4badc9859eb7fda1c68585d2deb6b3de4
+  data.tar.gz: ca1179661479d54174900d8af6181f78d3a31b2a
+SHA512:
+  metadata.gz: 0680f8f973d73b0b09ab6e3d463a2e3b5f975dd44f69a23eaf114ad1d65c30f3d818d1da46d17040d34d631fcc9eb3b303d63a40d598efb92385937db2299a3d
+  data.tar.gz: 4e7e6e4c1e72cdb5e0d9c903554831a1e52b7a05a31cecfa9cd2b33e27c2b521fc9f412be3bc59794e8f290ac4790e938c488d49302b08eba218ed9fa3cb5c7f

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright 2015 Jason Kriss
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,81 @@
+# Pollett
+
+Token-based authentication for your Rails API.
+
+Pollett is a simple authentication library for your API-only Rails app. It treats sessions as a [first class domain concern]
+(https://github.com/blog/1661-modeling-your-app-s-user-session) and takes its inspiration from [Clearance](https://github.com/thoughtbot/clearance).
+
+Pollett currently requires Postgres and the use of UUID primary keys. This means you will need to have the `uuid-ossp` extension enabled before using Pollett.
+
+## Install
+
+To get started, add Pollett to your `Gemfile`, `bundle install`, and run the
+`install generator`:
+
+```sh
+$ rails g pollett:install
+```
+
+The generator:
+
+* Inserts `Pollett::User` into your `User` model
+* Inserts `Pollett::Controller` into your `ApplicationController`
+* Creates an initializer to allow further configuration
+* Creates a migration that either creates a users table or adds the necessary columns to the existing table
+* Copies over the Session model migration
+* Mounts the engine
+
+Then, just migrate the database:
+
+```sh
+$ rake db:migrate
+```
+
+Finally, you must implement the `render_list` method in your `ApplicationController`. Use this method to paginate a list of records any way you want.
+
+## Configure
+
+Override any of these defaults in `config/initializers/pollett.rb`:
+
+```ruby
+Pollett.configure do |config|
+  config.user_model = ::User
+  config.minimum_password_length = 8
+  config.send_welcome_email = true
+  config.parent_mailer = ::ApplicationMailer
+  config.from_email = "noreply@example.com"
+  config.reset_url = ->(token) { "https://example.com/#{token}/reset" }
+  config.whitelist = []
+end
+```
+
+At minimum, you will need to configure `reset_url` so that the link will be correct in password reset emails. Also, if a default "from" email is not set in your `parent_mailer`, you will need to configure `from_email` as well.
+
+## Use
+
+### Access Control
+
+Pollett authentication is opt-out rather than opt-in. This means that if there is an action that does not require authentication, you will need to use `skip_authentication`:
+
+```ruby
+class ArticlesController < ApplicationController
+  skip_authentication only: :safe_action
+
+  def safe_action
+  	# something that does not require authentication
+  end
+end
+```
+
+As you'd expect, `current_user` can be used from within controllers to access the authenticated user.
+
+When authentication fails, Pollett raises a `Pollett::Unauthorized` error. You should [rescue_from](http://guides.rubyonrails.org/action_controller_overview.html#rescue-from) this to customize what is rendered.
+
+### Email
+Pollett is capable of sending two types of emails. In addition to the standard password reset email, it will send a welcome email upon registration unless `config.send_welcome_email` is set to `false`.
+
+These emails will make use of whatever `layout` you have specified in your `ApplicationMailer`. If you need to customize the subject of these emails or make minor tweaks to the messages, you can simply override them via [i18n translations]
+(http://guides.rubyonrails.org/i18n.html). See [config/locales/en.yml](/config/locales/en.yml) for the
+default behavior.
+
+If you need to make more elaborate changes, you'll want to override the actual views. See [app/views/pollett/mailer](/app/views/pollett/mailer) for the default behavior.

data/Rakefile

@@ -0,0 +1,25 @@
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+
+require 'rdoc/task'
+
+RDoc::Task.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'Pollett'
+  rdoc.options << '--line-numbers'
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+APP_RAKEFILE = File.expand_path("../spec/dummy/Rakefile", __FILE__)
+load 'rails/tasks/engine.rake'
+
+
+load 'rails/tasks/statistics.rake'
+
+
+
+Bundler::GemHelper.install_tasks
+

data/app/controllers/concerns/pollett/controller.rb

@@ -0,0 +1,37 @@
+module Pollett
+  module Controller
+    extend ActiveSupport::Concern
+
+    include ActionController::HttpAuthentication::Token::ControllerMethods
+
+    included do
+      attr_accessor :current_context
+
+      before_action :authenticate!
+    end
+
+    module ClassMethods
+      def skip_authentication(options = {})
+        skip_before_action(:authenticate!, options)
+      end
+    end
+
+    private
+    def activate_context(context)
+      context.access(request)
+      self.current_context = context
+    end
+
+    def current_user
+      current_context.try(:user)
+    end
+
+    def authenticate!
+      if context = authenticate_with_http_token { |id, _| Context.authenticate(id) }
+        activate_context(context)
+      else
+        raise Unauthorized
+      end
+    end
+  end
+end

data/app/controllers/pollett/application_controller.rb

@@ -0,0 +1,4 @@
+module Pollett
+  class ApplicationController < ::ApplicationController
+  end
+end

data/app/controllers/pollett/keys_controller.rb

@@ -0,0 +1,5 @@
+module Pollett
+  class KeysController < ApplicationController
+    include Concerns::Controllers::KeysController
+  end
+end

data/app/controllers/pollett/sessions_controller.rb

@@ -0,0 +1,5 @@
+module Pollett
+  class SessionsController < ApplicationController
+    include Concerns::Controllers::SessionsController
+  end
+end

data/app/controllers/pollett/users_controller.rb

@@ -0,0 +1,5 @@
+module Pollett
+  class UsersController < ApplicationController
+    include Concerns::Controllers::UsersController
+  end
+end

data/app/mailers/pollett/mailer.rb

@@ -0,0 +1,5 @@
+module Pollett
+  class Mailer < Pollett.config.parent_mailer
+    include Concerns::Mailers::Mailer
+  end
+end

data/app/models/concerns/pollett/user.rb

@@ -0,0 +1,40 @@
+require "email_validator"
+
+module Pollett
+  module User
+    extend ActiveSupport::Concern
+
+    included do
+      has_secure_password
+
+      has_many :contexts, class_name: "Pollett::Context"
+      has_many :sessions, class_name: "Pollett::Session"
+      has_many :keys, class_name: "Pollett::Key"
+
+      before_validation :normalize_email
+
+      validates :name, presence: true
+
+      validates :email, presence: true,
+                        uniqueness: true,
+                        email: { strict_mode: true }
+
+      validates :password, length: { minimum: Pollett.config.minimum_password_length }, if: :password
+    end
+
+    module ClassMethods
+      def find_by_normalized_email(email)
+        find_by(email: normalize_email(email))
+      end
+
+      def normalize_email(email)
+        email.to_s.downcase.gsub(/\s+/, "")
+      end
+    end
+
+    private
+    def normalize_email
+      self.email = self.class.normalize_email(email)
+    end
+  end
+end

data/app/models/pollett/context.rb

@@ -0,0 +1,5 @@
+module Pollett
+  class Context < ActiveRecord::Base
+    include Concerns::Models::Context
+  end
+end

data/app/models/pollett/key.rb

@@ -0,0 +1,5 @@
+module Pollett
+  class Key < Context
+    include Concerns::Models::Key
+  end
+end

data/app/models/pollett/session.rb

@@ -0,0 +1,5 @@
+module Pollett
+  class Session < Context
+    include Concerns::Models::Session
+  end
+end

data/app/serializers/pollett/key_serializer.rb

@@ -0,0 +1,5 @@
+module Pollett
+  class KeySerializer < ActiveModel::Serializer
+    include Concerns::Serializers::ContextSerializer
+  end
+end

data/app/serializers/pollett/session_serializer.rb

@@ -0,0 +1,5 @@
+module Pollett
+  class SessionSerializer < ActiveModel::Serializer
+    include Concerns::Serializers::ContextSerializer
+  end
+end

data/app/serializers/user_serializer.rb

@@ -0,0 +1,3 @@
+class UserSerializer < ActiveModel::Serializer
+  include Pollett::Concerns::Serializers::UserSerializer
+end

data/app/services/pollett/authenticate_user.rb

@@ -0,0 +1,5 @@
+module Pollett
+  class AuthenticateUser
+    include Concerns::Services::AuthenticateUser
+  end
+end

data/app/services/pollett/change_password.rb

@@ -0,0 +1,5 @@
+module Pollett
+  class ChangePassword
+    include Concerns::Services::ChangePassword
+  end
+end

data/app/services/pollett/create_session.rb

@@ -0,0 +1,5 @@
+module Pollett
+  class CreateSession
+    include Concerns::Services::CreateSession
+  end
+end

data/app/services/pollett/register_user.rb

@@ -0,0 +1,5 @@
+module Pollett
+  class RegisterUser
+    include Concerns::Services::RegisterUser
+  end
+end

data/app/services/pollett/reset_password.rb

@@ -0,0 +1,5 @@
+module Pollett
+  class ResetPassword
+    include Concerns::Services::ResetPassword
+  end
+end

data/app/views/pollett/mailer/reset.text.erb

@@ -0,0 +1,5 @@
+<%= t(".opening") %>
+
+<%= @url %>
+
+<%= t(".closing") %>

data/app/views/pollett/mailer/welcome.text.erb

@@ -0,0 +1 @@
+<%= t(".body") %>

data/config/locales/en.yml

@@ -0,0 +1,14 @@
+en:
+  pollett:
+    mailer:
+      welcome:
+        subject: "Welcome!"
+        body: "Welcome aboard!"
+      reset:
+        subject: "Password Reset"
+        opening: "Someone recently requested a password change for your account. To reset your password, just follow this link:"
+        closing: "If you did not make this request, just ignore this email. Your password will remain unchanged."
+  activerecord:
+    attributes:
+      user:
+        password_digest: "Password"

data/config/routes.rb

@@ -0,0 +1,11 @@
+Pollett::Engine.routes.draw do
+  scope shallow: true, format: false do
+    resource :user, only: [:show, :update, :destroy]
+    
+    resources :sessions, except: [:new, :edit, :update] do
+      post :forgot, on: :collection
+    end
+
+    resources :keys, except: [:new, :edit, :update]
+  end
+end

data/db/migrate/20150226024506_create_pollett_contexts.rb

@@ -0,0 +1,21 @@
+class CreatePollettContexts < ActiveRecord::Migration
+  def change
+    create_table :pollett_contexts, id: :uuid do |t|
+      t.string :type, null: false
+      t.uuid :user_id, null: false
+      t.string :client, null: false
+      t.datetime :revoked_at
+      t.datetime :accessed_at
+      t.string :ip
+      t.string :user_agent
+
+      t.timestamps null: false
+    end
+
+    add_foreign_key :pollett_contexts, :users, on_delete: :cascade
+
+    add_index :pollett_contexts, :user_id
+    add_index :pollett_contexts, :accessed_at
+    add_index :pollett_contexts, :revoked_at
+  end
+end

data/lib/generators/pollett/install/install_generator.rb

@@ -0,0 +1,123 @@
+require "rails/generators/base"
+require "rails/generators/active_record"
+
+module Pollett
+  module Generators
+    class InstallGenerator < Rails::Generators::Base
+      include Rails::Generators::Migration
+
+      source_root File.expand_path("../templates", __FILE__)
+
+      def mount
+        inject_into_file "config/routes.rb", after: "Rails.application.routes.draw do\n" do
+          "  mount Pollett::Engine => \"/\"\n\n"
+        end
+      end
+
+      def create_initializer
+        copy_file "initializer.rb", "config/initializers/pollett.rb"
+      end
+
+      def inject_into_application_controller
+        inject_into_class "app/controllers/application_controller.rb", ApplicationController do
+          "  include Pollett::Controller\n"
+        end
+      end
+
+      def create_or_inject_into_user_model
+        if File.exist? "app/models/user.rb"
+          inject_into_file "app/models/user.rb", after: "class User < ActiveRecord::Base\n" do
+            "  include Pollett::User\n\n"
+          end
+        else
+          copy_file "user.rb", "app/models/user.rb"
+        end
+      end
+
+      def create_users_migration
+        if users_table_exists?
+          create_add_columns_migration
+        else
+          copy_migration "create_users.rb"
+        end
+      end
+
+      def install_migrations
+        Dir.chdir(Rails.root) { `rake pollett:install:migrations` }
+      end
+
+      private
+      def users_table_exists?
+        ActiveRecord::Base.connection.table_exists?(:users)
+      end
+
+      def create_add_columns_migration
+        if migration_needed?
+          config = {
+            new_columns: new_columns,
+            new_indexes: new_indexes
+          }
+
+          copy_migration("add_pollett_to_users.rb", config)
+        end
+      end
+
+      def migration_needed?
+        new_columns.any? || new_indexes.any?
+      end
+
+      def new_columns
+        @new_columns ||= {
+          email: "t.string :name, null: false",
+          email: "t.string :email, null: false",
+          password_digest: "t.string :password_digest, null: false",
+          reset_token: "t.string :reset_token"
+        }.reject { |column| existing_users_columns.include?(column.to_s) }
+      end
+
+      def new_indexes
+        @new_indexes ||= {
+          index_users_on_email: "add_index :users, :email, unique: true",
+          index_users_on_reset_token: "add_index :users, :reset_token, unique: true"
+        }.reject { |index| existing_users_indexes.include?(index.to_s) }
+      end
+
+      def copy_migration(migration_name, config = {})
+        unless migration_exists?(migration_name)
+          migration_template(
+            "db/migrate/#{migration_name}",
+            "db/migrate/#{migration_name}",
+            config
+          )
+        end
+      end
+
+      def migration_exists?(name)
+        existing_migrations.include?(name)
+      end
+
+      def existing_migrations
+        @existing_migrations ||= Dir.glob("db/migrate/*.rb").map do |file|
+          migration_name_without_timestamp(file)
+        end
+      end
+
+      def migration_name_without_timestamp(name)
+        name.sub(%r{^.*(db/migrate/)(?:\d+_)?}, "")
+      end
+
+      def existing_users_columns
+        ActiveRecord::Base.connection.columns(:users).map(&:name)
+      end
+
+      def existing_users_indexes
+        ActiveRecord::Base.connection.indexes(:users).map(&:name)
+      end
+
+      # for generating a timestamp when using `create_migration`
+      def self.next_migration_number(dir)
+        ActiveRecord::Generators::Base.next_migration_number(dir)
+      end
+    end
+  end
+end