rails_base 0.51.0

data/config/initializers/encryption.rb

@@ -0,0 +1,2 @@
+# need to find a different way -- rotate_secrete utilized db and db is not loaded
+# Encryption.rotate_secret

data/config/initializers/switch_user.rb

@@ -0,0 +1,58 @@
+# frozen_string_literal: true
+
+require 'switch_user'
+
+SwitchUser.setup do |config|
+  # provider may be :devise, :authlogic, :clearance, :restful_authentication, :sorcery, or :session
+  config.provider = :devise
+
+  # available_users is a hash,
+  # key is the model name of user (:user, :admin, or any name you use),
+  # value is a block that return the users that can be switched.
+  config.available_users = { user: -> { User.all } }
+
+  # available_users_identifiers is a hash,
+  # keys in this hash should match a key in the available_users hash
+  # value is the name of the identifying column to find by,
+  # defaults to id
+  # this hash is to allow you to specify a different column to
+  # expose for instance a username on a User model instead of id
+  config.available_users_identifiers = { user: :id }
+
+  # available_users_names is a hash,
+  # keys in this hash should match a key in the available_users hash
+  # value is the column name which will be displayed in select box
+  config.available_users_names = { user: :full_name }
+
+  # controller_guard is a block,
+  # if it returns true, the request will continue,
+  # else the request will be refused and returns "Permission Denied"
+  # if you switch from "admin" to user, the current_user param is "admin"
+  # config.controller_guard = ->(current_user, request, original_user) { current_user && current_user.admin? || original_user && original_user.super_admin? }
+  # RailsBase handles authentication/gaurding for controlller and viewer
+  config.controller_guard = ->(_current_user, _request) { true }
+
+  # view_guard is a block,
+  # if it returns true, the switch user select box will be shown,
+  # else the select box will not be shown
+  # if you switch from admin to "user", the current_user param is "user"
+  # RailsBase handles authentication/gaurding for controlller and viewer
+  config.view_guard = ->(current_user, request)  { true }
+
+  # redirect_path is a block, it returns which page will be redirected
+  # after switching a user.
+  config.redirect_path = ->(_request, _params) { RailsBase.url_routes.authenticated_root_path }
+
+  # helper_with_guest is a boolean value, if it set to false
+  # the guest item in the helper won't be shown
+  config.helper_with_guest = false
+
+  # false = login from one scope to another and you are logged in only in both scopes
+  # true = you are logged only into one scope at a time
+  config.login_exclusive = true
+
+  # switch_back allows you to switch back to a previously selected user. See
+  # README for more details.
+  # we will implement our own switch back using encrpytion on session
+  config.switch_back = false
+end

data/config/initializers/switch_user_helper.rb

@@ -0,0 +1,29 @@
+require 'switch_user'
+require SwitchUser::Engine.root.join('app', 'helpers', 'switch_user_helper.rb')
+
+module SwitchUserHelper
+  def switch_user_custom(options = {})
+    return unless available?
+
+    selected_user = nil
+
+    grouped_options_container =
+      {}.tap do |h|
+        SwitchUser.all_users.each do |record|
+          scope = record.is_a?(SwitchUser::GuestRecord) ? :Guest : record.scope.to_s.capitalize
+          h[scope] ||= []
+          h[scope] << [record.label, record.scope_id]
+
+          next unless selected_user.nil?
+          next if record.is_a?(SwitchUser::GuestRecord)
+
+          selected_user = record.scope_id if provider.current_user?(record.user, record.scope)
+        end
+      end
+
+    option_tags = grouped_options_for_select(grouped_options_container.to_a, selected_user)
+
+    render partial: 'rails_base/switch_user/widget',
+           locals: { option_tags: option_tags, classes: options[:class], styles: options[:style] }
+  end
+end

data/config/locales/devise.en.yml

@@ -0,0 +1,65 @@
+# Additional translations at https://github.com/heartcombo/devise/wiki/I18n
+
+en:
+  devise:
+    confirmations:
+      confirmed: "Your email address has been successfully confirmed."
+      send_instructions: "You will receive an email with instructions for how to confirm your email address in a few minutes."
+      send_paranoid_instructions: "If your email address exists in our database, you will receive an email with instructions for how to confirm your email address in a few minutes."
+    failure:
+      already_authenticated: "You are already signed in."
+      inactive: "Your account is not activated yet."
+      invalid: "Invalid %{authentication_keys} or password."
+      locked: "Your account is locked."
+      last_attempt: "You have one more attempt before your account is locked."
+      not_found_in_database: "Invalid %{authentication_keys} or password."
+      timeout: "Your session expired. Please sign in again to continue."
+      unauthenticated: "You need to sign in or sign up before continuing."
+      unconfirmed: "You have to confirm your email address before continuing."
+    mailer:
+      confirmation_instructions:
+        subject: "Confirmation instructions"
+      reset_password_instructions:
+        subject: "Reset password instructions"
+      unlock_instructions:
+        subject: "Unlock instructions"
+      email_changed:
+        subject: "Email Changed"
+      password_change:
+        subject: "Password Changed"
+    omniauth_callbacks:
+      failure: "Could not authenticate you from %{kind} because \"%{reason}\"."
+      success: "Successfully authenticated from %{kind} account."
+    passwords:
+      no_token: "You can't access this page without coming from a password reset email. If you do come from a password reset email, please make sure you used the full URL provided."
+      send_instructions: "You will receive an email with instructions on how to reset your password in a few minutes."
+      send_paranoid_instructions: "If your email address exists in our database, you will receive a password recovery link at your email address in a few minutes."
+      updated: "Your password has been changed successfully. You are now signed in."
+      updated_not_active: "Your password has been changed successfully."
+    registrations:
+      destroyed: "Bye! Your account has been successfully cancelled. We hope to see you again soon."
+      signed_up: "Welcome! You have signed up successfully."
+      signed_up_but_inactive: "You have signed up successfully. However, we could not sign you in because your account is not yet activated."
+      signed_up_but_locked: "You have signed up successfully. However, we could not sign you in because your account is locked."
+      signed_up_but_unconfirmed: "A message with a confirmation link has been sent to your email address. Please follow the link to activate your account."
+      update_needs_confirmation: "You updated your account successfully, but we need to verify your new email address. Please check your email and follow the confirmation link to confirm your new email address."
+      updated: "Your account has been updated successfully."
+      updated_but_not_signed_in: "Your account has been updated successfully, but since your password was changed, you need to sign in again"
+    sessions:
+      signed_in: "Signed in successfully."
+      signed_out: "Signed out successfully."
+      already_signed_out: "Signed out successfully."
+    unlocks:
+      send_instructions: "You will receive an email with instructions for how to unlock your account in a few minutes."
+      send_paranoid_instructions: "If your account exists, you will receive an email with instructions for how to unlock it in a few minutes."
+      unlocked: "Your account has been unlocked successfully. Please sign in to continue."
+  errors:
+    messages:
+      already_confirmed: "was already confirmed, please try signing in"
+      confirmation_period_expired: "needs to be confirmed within %{period}, please request a new one"
+      expired: "has expired, please request a new one"
+      not_found: "not found"
+      not_locked: "was not locked"
+      not_saved:
+        one: "1 error prohibited this %{resource} from being saved:"
+        other: "%{count} errors prohibited this %{resource} from being saved:"

data/config/locales/en.yml

@@ -0,0 +1,58 @@
+# Files in the config/locales directory are used for internationalization
+# and are automatically loaded by Rails. If you want to use locales other
+# than English, add the necessary files in this directory.
+#
+# To use the locales, use `I18n.t`:
+#
+#     I18n.t 'hello'
+#
+# In views, this is aliased to just `t`:
+#
+#     <%= t('hello') %>
+#
+# To use a different locale, set it with `I18n.locale`:
+#
+#     I18n.locale = :es
+#
+# This would use the information in config/locales/es.yml.
+#
+# The following keys must be escaped otherwise they will not be retrieved by
+# the default I18n backend:
+#
+# true, false, on, off, yes, no
+#
+# Instead, surround them with single quotes.
+#
+# en:
+#   'true': 'foo'
+#
+# To learn more, please read the Rails Internationalization guide
+# available at http://guides.rubyonrails.org/i18n.html.
+
+en:
+  request_response:
+    teapot:
+      valid: 'You are not a teapot'
+      fail: Unable to complete request
+  user_setting:
+    destroy_user:
+      soft: 'You have succesfully disabled your user. Sign up again to reset your data'
+      hard: 'You have succesfully destroyed your user and associated data'
+  authentication:
+    after_email_login_session_create: Welcome. You have succesfully logged in
+    after_email_login_session_new: Email has been verified. Please Log in again to gain access
+    resend_email: 'Verification Email resent to %{email}'
+    confirm_phone_registration:
+      fail: "Unable to complete request. %{message}"
+      valid: You have succesfully enabled 2fa.
+    remove_phone_mfa: You have Disabled 2fa. 2fa will no longer be applied during log in. You can re-enable any time
+    forgot_password:
+      2fa: 2 Factor Authentication is required for this account
+      base: Please enter your new password
+    forgot_password_with_mfa:
+      expired_datum: 'Unauthorized. Incorrect Data parameter'
+      valid_mfa: 'Successful MFA code. Please reset your password'
+    reset_password: Password succesfully changed. Please login
+    sso_login:
+      fail: 'Unable to Authenticate User - '
+      valid: Succesfully logged in from SSO link

data/config/routes.rb

@@ -0,0 +1,114 @@
+Rails.application.routes.draw do
+  ##################################
+  # Start of error handling routes #
+  ##################################
+
+  get '/404', to: 'rails_base/errors#not_found', as: :error_404
+  get '/422', to: 'rails_base/errors#unacceptable', as: :error_422
+  get '/500', to: 'rails_base/errors#internal_error', as: :error_500
+
+  ################################
+  # End of error handling routes #
+  ################################
+
+  ################################
+  # Start of UserSettings routes #
+  ################################
+
+  get 'user/settings', to: 'rails_base/user_settings#index', as: :user_settings
+  post 'user/settings/edit/name', to: 'rails_base/user_settings#edit_name', as: :user_edit_name
+  post 'user/settings/edit/password', to: 'rails_base/user_settings#edit_password', as: :edit_password
+  post 'user/settings/confirm/password/:reason', to: 'rails_base/user_settings#confirm_password', as: :confirm_current_password
+  post 'user/settings/destroy', to: 'rails_base/user_settings#destroy_user', as: :destroy_user
+
+  ##############################
+  # End of UserSettings routes #
+  ##############################
+
+  ##################################
+  # Start of Authentication routes #
+  ##################################
+
+  # START ROOT PATH AUTHENTICATED -- This is devise magic methods
+  unless (Rails.application.routes.url_helpers.authenticated_root_path rescue false)
+    authenticated do
+      root to: 'rails_base/user_settings#index', as: :authenticated_root
+    end
+  end
+  # END ROOT PATH AUTHENTICATED
+
+  devise_for :users, controllers:
+    {
+      sessions: 'rails_base/users/sessions',
+      registrations: 'rails_base/users/registrations',
+      passwords: 'rails_base/users/passwords'
+    }
+
+  devise_scope :user do
+    delete '/signout', to: 'devise/sessions#destroy', as: :signout
+    get 'heartbeat', to: 'rails_base/users/sessions#hearbeat_without_auth', as: :heartbeat_without_auth
+    post 'heartbeat', to: 'rails_base/users/sessions#hearbeat_with_auth', as: :heartbeat_with_auth
+
+    # START ROOT PATH UNAUTHENTICATED
+    unless (Rails.application.routes.url_helpers.unauthenticated_root_path rescue false)
+      unauthenticated do
+        root to: 'rails_base/users/sessions#new', as: :unauthenticated_root
+      end
+    end
+    # END ROOT PATH UNAUTHENTICATED
+  end
+
+  get 'auth/validate/:data', to: 'rails_base/secondary_authentication#sso_login', as: :sso_login
+  get 'auth/email/wait', to: 'rails_base/secondary_authentication#static', as: :auth_static
+  get 'auth/email/:data', to: 'rails_base/secondary_authentication#email_verification', as: :email_verification
+  get 'auth/login', to: 'rails_base/secondary_authentication#after_email_login_session_new', as: :login_after_email
+  post 'auth/login', to: 'rails_base/secondary_authentication#after_email_login_session_create', as: :login_after_email_session_create
+  post 'auth/resend_email', to: 'rails_base/secondary_authentication#resend_email', as: :resend_email_verification
+  delete 'auth/phone/mfa', to: 'rails_base/secondary_authentication#remove_phone_mfa', as: :remove_phone_registration_mfa
+  get 'auth/password/forgot/:data', to: 'rails_base/secondary_authentication#forgot_password', as: :forgot_password_auth
+  post 'auth/password/forgot/:data', to: 'rails_base/secondary_authentication#forgot_password_with_mfa', as: :forgot_password_with_mfa_auth
+  post 'auth/password/reset/:data', to: 'rails_base/secondary_authentication#reset_password', as: :reset_password_auth
+
+  constraints(->(_req) { RailsBase.config.mfa.enable? }) do
+    get 'mfa_verify', to: 'rails_base/mfa_auth#mfa_code', as: :mfa_code
+    post 'mfa_verify', to: 'rails_base/mfa_auth#mfa_code_verify', as: :mfa_code_verify
+    post 'resend_mfa', to: 'rails_base/mfa_auth#resend_mfa', as: :resend_mfa
+
+    post 'auth/phone', to: 'rails_base/secondary_authentication#phone_registration', as: :phone_registration
+    post 'auth/phone/mfa', to: 'rails_base/secondary_authentication#confirm_phone_registration', as: :phone_registration_mfa_code
+  end
+
+  ################################
+  # END of Authentication routes #
+  ################################
+
+  #########################
+  # Start of Admin routes #
+  #########################
+  # override url and location for switch_user gem
+  constraints(->(_req) { RailsBase.config.admin.enable? }) do
+    post 'admin/impersonate/:scope_identifier', to: 'rails_base/switch_user#set_current_user', as: :switch_user
+
+    post 'admin/ack', to: 'rails_base/admin#ack', as: :admin_ack
+    post 'admin/impersonate', to: 'rails_base/admin#switch_back', as: :admin_stop_impersonation
+    post 'admin/update', to: 'rails_base/admin#update_attribute', as: :admin_upate_attribute
+    post 'admin/update/name', to: 'rails_base/admin#update_name', as: :admin_upate_name
+    post 'admin/update/email', to: 'rails_base/admin#update_email', as: :admin_upate_email
+    post 'admin/update/phone', to: 'rails_base/admin#update_phone', as: :admin_upate_phone
+    post 'admin/validate_intent/send', to: 'rails_base/admin#send_2fa', as: :admin_validate_intent
+    post 'admin/validate_intent/verify', to: 'rails_base/admin#verify_2fa', as: :admin_verify_intent
+
+    get 'admin', to: 'rails_base/admin#index', as: :admin_base
+    get 'admin/config', to: 'rails_base/admin#show_config', as: :admin_config
+    get 'admin/history', to: 'rails_base/admin#history', as: :admin_history
+    post 'admin/history', to: 'rails_base/admin#history_paginate', as: :admin_history_page
+
+    post 'admin/sso/:id', to: 'rails_base/admin#sso_send', as: :admin_sso_send
+  end
+  # route is part of admin control, but does not need admin enabled
+  get 'auth/sso/:data', to: 'rails_base/admin#sso_retrieve', as: :sso_retrieve
+
+  #######################
+  # End of Admin routes #
+  #######################
+end

data/db/migrate/20210212175453_devise_create_rails_base_users.rb

@@ -0,0 +1,56 @@
+# frozen_string_literal: true
+
+class DeviseCreateRailsBaseUsers < ActiveRecord::Migration[5.2]
+  def change
+    create_table :users do |t|
+      t.string :first_name, null: false, default: ""
+      t.string :last_name, null: false, default: ""
+
+      t.string :phone_number
+      t.timestamp :last_mfa_login
+      t.boolean :email_validated, default: false
+      t.boolean :mfa_enabled, default: false, null: false
+      t.boolean  :active, default: true, null: false
+      t.string  :admin
+
+      t.string :last_known_timezone
+      t.timestamp :last_known_timezone_update
+
+      ## Database authenticatable
+      t.string :email,              null: false, default: ""
+      t.string :encrypted_password, null: false, default: ""
+
+      ## Recoverable
+      t.string   :reset_password_token
+      t.datetime :reset_password_sent_at
+
+      ## Rememberable
+      t.datetime :remember_created_at
+
+      ## Trackable
+      t.integer  :sign_in_count, default: 0, null: false
+      t.datetime :current_sign_in_at
+      t.datetime :last_sign_in_at
+      t.string   :current_sign_in_ip
+      t.string   :last_sign_in_ip
+
+      ## Confirmable
+      # t.string   :confirmation_token
+      # t.datetime :confirmed_at
+      # t.datetime :confirmation_sent_at
+      # t.string   :unconfirmed_email # Only if using reconfirmable
+
+      ## Lockable
+      # t.integer  :failed_attempts, default: 0, null: false # Only if lock strategy is :failed_attempts
+      # t.string   :unlock_token # Only if unlock strategy is :email or :both
+      # t.datetime :locked_at
+
+      t.timestamps
+    end
+
+    add_index :users, :email,                unique: true
+    add_index :users, :phone_number,         unique: true
+    add_index :users, :reset_password_token, unique: true
+    add_index :users, :active
+  end
+end

data/db/migrate/20210212190537_create_rails_base_short_lived_data.rb

@@ -0,0 +1,19 @@
+class CreateRailsBaseShortLivedData < ActiveRecord::Migration[5.2]
+  def change
+    create_table :short_lived_data do |t|
+
+      t.integer :user_id, null: false
+      t.string :data, null: false
+      t.string :reason
+      t.datetime :death_time, null: false
+      t.string :extra
+      t.integer :exclusive_use_count, default: 0
+      t.integer :exclusive_use_count_max
+
+      t.timestamps
+    end
+
+    add_index :short_lived_data, :data
+    add_index :short_lived_data, [:data, :reason]
+  end
+end

data/db/migrate/20210212192645_create_rails_base_secrets.rb

@@ -0,0 +1,11 @@
+class CreateRailsBaseSecrets < ActiveRecord::Migration[5.2]
+  def change
+    create_table :secrets do |t|
+      t.integer :version
+      t.text :secret
+      t.string :name
+
+      t.timestamps
+    end
+  end
+end

data/db/migrate/20210406015744_create_rails_base_admin_actions.rb

@@ -0,0 +1,17 @@
+class CreateRailsBaseAdminActions < ActiveRecord::Migration[5.2]
+  def change
+    create_table :admin_actions do |t|
+      t.bigint :admin_user_id, null: false
+      t.bigint :user_id
+      t.string :action       , null: false
+      t.string :change_from
+      t.string :change_to
+      t.text   :long_action
+
+      t.timestamps
+    end
+
+    add_index :admin_actions, :admin_user_id
+    add_index :admin_actions, :user_id
+  end
+end

data/db/seeds.rb

@@ -0,0 +1,23 @@
+
+params = {
+  email: "mattius.taylor@gmail.com",
+  first_name: 'Some',
+  last_name: 'Guy',
+  phone_number: '6508675309',
+  password: "password1",
+  password_confirmation: "password1"
+}
+
+User.create!(params)
+
+
+params = {
+  email: "#{ENV['GMAIL_USER_NAME']}@gmail.com",
+  first_name: 'Some2',
+  last_name: 'Guy2',
+  phone_number: '6508675309',
+  password: "password2",
+  password_confirmation: "password2"
+}
+
+User.create!(params)