quo_vadis 2.2.2 → 2.2.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f5f77cea22311c350e1a0671c147db092e3e6c46164a468bff88904eb5fdb742
-  data.tar.gz: 03f0d04ea03e4e84b45d83fb494959a02f0483b5fd145ff550200fdbb6639ab6
+  metadata.gz: 0d059bd573146f59fff8f4fff1ef953c4da0bff83b07125efafadfd40334a9a8
+  data.tar.gz: 744bd5ac56082016453309608721c76e37dcb8827f1c7111102d8a0d06961608
 SHA512:
-  metadata.gz: b96e1e5398ded302e9efb69c6e268307606535fc63346acc4faf0443098eb500c97daa107be2ccced4151078c90aac9917a72e037023aeea7cf460a7c706dde8
-  data.tar.gz: 6de70ddbe36d8c5334d1a6ab95da333ab59d28a98a0c1a57ca1c47e1375a156df5c689fbc66f90e70ea44d3e46e2a9af3ad4b4b8a7d8e86fd6ed27e2055ab5e4
+  metadata.gz: 746819329e2b544e00ca92ccf75cd5293f58160da3243db0c0d6b9dba6d70fde94e59492fd2d73387e20d5f60487dbb98f56eb8c618573215a6b9efd027b4442
+  data.tar.gz: caf55aa31161fe96980ab58b2a3d477202e03b80fa2a4a684477bfb6f3aef4c4033ff670b03f2d434cbda45ff4bc23291d288b196440f372545c1eaccd89732f

data/CHANGELOG.md

@@ -4,6 +4,16 @@
 ## HEAD
 
 
+## 2.2.4 (25 June 2024)
+
+* Add logged-{in, out} routing constraints.
+
+
+## 2.2.3 (22 May 2024)
+
+* Add login shortcut for speedier tests.
+
+
 ## 2.2.2 (30 April 2024)
 
 * Do not update last activity time for ActiveStorage (#23).

data/README.md

@@ -12,6 +12,7 @@ Simple to integrate into your application.  The main task is customising the exa
 ### General features
 
 - Works with any model, e.g. `User` or `Person`.
+- Works with multiple models, e.g. `User` and `Admin`.
 - Works with any identifier, e.g. `:username` or `:email`.
 - Minimal footprint in your models and controllers.
 - Does not touch your existing database tables.
@@ -31,6 +32,10 @@ Simple to integrate into your application.  The main task is customising the exa
 - Email-notifications of updates to authentication details.
 - Audit trail.
 
+### Testing
+
+- Can shortcut logging in for speedier tests.
+
 
 ## Installation
 
@@ -132,6 +137,23 @@ Call this to find out whether a user has authenticated with a password.
 Available in controllers and views.
 
 
+### Routes
+
+You can use routing constraints to restrict routes to logged-in or logged-out users.  For example:
+
+```ruby
+Rails.application.routes.draw do
+  constraints(QuoVadis::Constraints::LoggedOut) do
+    root "pages#index"
+  end
+
+  constraints(QuoVadis::Constraints::LoggedIn) do
+    root "dashboard#show", as: :dashboard
+  end
+end
+```
+
+
 ### Views
 
 You can use `authenticated_model` and `logged_in?` in your views.  For example:
@@ -384,6 +406,22 @@ They must be in `app/views/quo_vadis/mailer/NAME.{text,html}.erb`.
 You can revoke a user's access by calling `#revoke_authentication_credentials` on the model instance.  This deletes the user's password, TOTP credential, recovery codes, and active sessions.  Their authentication logs, or audit trail, are preserved.
 
 
+## Shortcut logging in for functional, integration, and system tests
+
+Instead of going through your login page to log in before every test, you can tell QuoVadis which model to authenticate as when visiting the first URL in your test.
+
+Use a `login` param pointing to your model's global ID.  Note that the model must be able to log in normally, i.e. it must have a password (and therefore a `qv_account`).
+
+For example:
+
+```ruby
+@user = User.create(email: '...', password: '...')
+visit dashboard_path(login: @user.to_global_id)
+```
+
+This only works in the test environment.
+
+
 ## Configuration
 
 This is QuoVadis' [default configuration](https://github.com/airblade/quo_vadis/blob/master/lib/quo_vadis/defaults.rb):

data/lib/quo_vadis/constraints/logged_in.rb

@@ -0,0 +1,13 @@
+module QuoVadis
+  module Constraints
+
+    class LoggedIn
+      def self.matches?(request)
+        cookies = ActionDispatch::Cookies::CookieJar.build(request, request.cookies)
+        session_id = cookies.encrypted[QuoVadis.cookie_name]
+        session_id && QuoVadis::Session.find_by(id: session_id)
+      end
+    end
+
+  end
+end

data/lib/quo_vadis/constraints/logged_out.rb

@@ -0,0 +1,13 @@
+module QuoVadis
+  module Constraints
+
+    class LoggedOut
+      def self.matches?(request)
+        cookies = ActionDispatch::Cookies::CookieJar.build(request, request.cookies)
+        session_id = cookies.encrypted[QuoVadis.cookie_name]
+        session_id.nil? || QuoVadis::Session.find_by(id: session_id).nil?
+      end
+    end
+
+  end
+end

data/lib/quo_vadis/controller.rb

@@ -4,6 +4,15 @@ module QuoVadis
   module Controller
 
     def self.included(base)
+      if Rails.env.test?
+        base.before_action {
+          if params[:login]
+            model = GlobalID::Locator.locate(params.delete(:login))
+            login model
+          end
+        }
+      end
+
       base.before_action { CurrentRequestDetails.request = request }
 
       base.helper_method :authenticated_model, :logged_in?

data/lib/quo_vadis/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module QuoVadis
-  VERSION = '2.2.2'
+  VERSION = '2.2.4'
 end

data/lib/quo_vadis.rb

@@ -117,6 +117,8 @@ require_relative 'quo_vadis/ip_masking'
 require_relative 'quo_vadis/model'
 require_relative 'quo_vadis/current_request_details'
 require_relative 'quo_vadis/controller'
+require_relative 'quo_vadis/constraints/logged_in'
+require_relative 'quo_vadis/constraints/logged_out'
 
 ActiveSupport.on_load(:action_controller) do
   include QuoVadis::Controller

data/test/integration/controller_test.rb

@@ -14,6 +14,14 @@ class ControllerTest < IntegrationTest
   end
 
 
+  test 'shortcut login' do
+    get secret_articles_path(login: User.first.to_global_id)
+
+    assert_response :success
+    assert_equal secret_articles_path, path
+  end
+
+
   test 'require_authentication when not logged in' do
     get secret_articles_path
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: quo_vadis
 version: !ruby/object:Gem::Version
-  version: 2.2.2
+  version: 2.2.4
 platform: ruby
 authors:
 - Andy Stewart
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-04-30 00:00:00.000000000 Z
+date: 2024-06-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -125,6 +125,8 @@ files:
 - db/migrate/202102150904_setup.rb
 - lib/generators/quo_vadis/install_generator.rb
 - lib/quo_vadis.rb
+- lib/quo_vadis/constraints/logged_in.rb
+- lib/quo_vadis/constraints/logged_out.rb
 - lib/quo_vadis/controller.rb
 - lib/quo_vadis/crypt.rb
 - lib/quo_vadis/current_request_details.rb
@@ -219,7 +221,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.5.3
+rubygems_version: 3.5.11
 signing_key:
 specification_version: 4
 summary: Multifactor authentication for Rails 6 and 7.