rails_jwt_auth 0.23.2 → 1.0.0

data/app/models/concerns/rails_jwt_auth/recoverable.rb

@@ -1,20 +1,42 @@
 module RailsJwtAuth
   module Recoverable
+    def self.included(base)
+      base.class_eval do
+        if defined?(Mongoid) && base.ancestors.include?(Mongoid::Document)
+          # include GlobalID::Identification to use deliver_later method
+          # http://edgeguides.rubyonrails.org/active_job_basics.html#globalid
+          include GlobalID::Identification if RailsJwtAuth.deliver_later
+
+          field :reset_password_token,   type: String
+          field :reset_password_sent_at, type: Time
+        end
+
+        validate :validate_reset_password_token, if: :password_digest_changed?
+
+        before_update do
+          self.reset_password_token = nil if password_digest_changed? && reset_password_token
+        end
+      end
+    end
+
     def send_reset_password_instructions
+      email_field = RailsJwtAuth.email_field_name! # ensure email field es valid
+
       if self.class.ancestors.include?(RailsJwtAuth::Confirmable) && !confirmed?
-        errors.add(:email, :unconfirmed)
+        errors.add(email_field, :unconfirmed)
         return false
       end
 
       self.reset_password_token = SecureRandom.base58(24)
-      self.reset_password_sent_at = Time.now
+      self.reset_password_sent_at = Time.current
       return false unless save
 
-      mailer = Mailer.reset_password_instructions(id.to_s)
+      mailer = Mailer.reset_password_instructions(self)
       RailsJwtAuth.deliver_later ? mailer.deliver_later : mailer.deliver
     end
 
     def set_and_send_password_instructions
+      RailsJwtAuth.email_field_name! # ensure email field es valid
       return if password.present?
 
       self.password = SecureRandom.base58(48)
@@ -22,40 +44,19 @@ module RailsJwtAuth
       self.skip_confirmation! if self.class.ancestors.include?(RailsJwtAuth::Confirmable)
 
       self.reset_password_token = SecureRandom.base58(24)
-      self.reset_password_sent_at = Time.now
+      self.reset_password_sent_at = Time.current
       return false unless save
 
-      mailer = Mailer.set_password_instructions(id.to_s)
+      mailer = Mailer.set_password_instructions(self)
       RailsJwtAuth.deliver_later ? mailer.deliver_later : mailer.deliver
       true
     end
 
-    def self.included(base)
-      base.class_eval do
-        if defined?(Mongoid) && base.ancestors.include?(Mongoid::Document)
-          # include GlobalID::Identification to use deliver_later method
-          # http://edgeguides.rubyonrails.org/active_job_basics.html#globalid
-          include GlobalID::Identification if RailsJwtAuth.deliver_later
-
-          field :reset_password_token,   type: String
-          field :reset_password_sent_at, type: Time
-        end
-
-        validate :validate_reset_password_token, if: :password_digest_changed?
-
-        before_update do
-          if password_digest_changed? && reset_password_token
-            self.reset_password_token = nil
-          end
-        end
-      end
-    end
-
-    private
+    protected
 
     def validate_reset_password_token
       if reset_password_sent_at &&
-         (reset_password_sent_at < (Time.now - RailsJwtAuth.reset_password_expiration_time))
+         (reset_password_sent_at < (Time.current - RailsJwtAuth.reset_password_expiration_time))
         errors.add(:reset_password_token, :expired)
       end
     end

data/app/models/concerns/rails_jwt_auth/trackable.rb

@@ -1,7 +1,7 @@
 module RailsJwtAuth
   module Trackable
     def update_tracked_fields!(request)
-      self.last_sign_in_at = Time.now.utc
+      self.last_sign_in_at = Time.current
       self.last_sign_in_ip = request.respond_to?(:remote_ip) ? request.remote_ip : request.ip
       save(validate: false)
     end

data/app/views/rails_jwt_auth/mailer/confirmation_instructions.html.erb

@@ -1,5 +1,5 @@
-<p>Welcome <%= @user.email %>!</p>
+<p>Welcome <%= @user[RailsJwtAuth.email_field_name] %>!</p>
 
 <p>You can confirm your account email through the link below:</p>
 
-<p><%= link_to 'Confirm my account', @confirmation_url.html_safe %></p>
+<p><%= link_to 'Confirm my account', @confirmations_url.html_safe %></p>

data/app/views/rails_jwt_auth/mailer/reset_password_instructions.html.erb

@@ -1,8 +1,8 @@
-<p>Hello <%= @user.email %>!</p>
+<p>Hello <%= @user[RailsJwtAuth.email_field_name] %>!</p>
 
 <p>Someone has requested a link to change your password. You can do this through the link below.</p>
 
-<p><%= link_to 'Change my password', @reset_password_url.html_safe %></p>
+<p><%= link_to 'Change my password', @reset_passwords_url.html_safe %></p>
 
 <p>If you didn't request this, please ignore this email.</p>
 <p>Your password won't change until you access the link above and create a new one.</p>

data/app/views/rails_jwt_auth/mailer/send_invitation.html.erb

@@ -1,6 +1,6 @@
-<p>Hello <%= @user.email %>!</p>
+<p>Hello <%= @user[RailsJwtAuth.email_field_name] %>!</p>
 
 <p>Someone has sent you an invitation to App.</p>
 <p>To complete registration setting a password, please click the following link.</p>
 
-<p><%= link_to "Accept invitation", @accept_invitation_url.html_safe %></p>
+<p><%= link_to "Accept invitation", @invitations_url.html_safe %></p>

data/app/views/rails_jwt_auth/mailer/set_password_instructions.html.erb

@@ -1,5 +1,5 @@
-<p>Hello <%= @user.email %>!</p>
+<p>Hello <%= @user[RailsJwtAuth.email_field_name] %>!</p>
 
 <p>You need to define your password to complete registration. You can do this through the link below.</p>
 
-<p><%= link_to 'Set my password', @reset_password_url.html_safe %></p>
+<p><%= link_to 'Set my password', @reset_passwords_url.html_safe %></p>

data/lib/generators/rails_jwt_auth/install_generator.rb

@@ -6,12 +6,11 @@ class RailsJwtAuth::InstallGenerator < Rails::Generators::Base
   end
 
   def create_routes
-    route "resource :session, controller: 'rails_jwt_auth/sessions', only: [:create, :destroy]"
-    route "resource :registration, controller: 'rails_jwt_auth/registrations', only: [:create, :update, :destroy]"
-
-    route "resource :confirmation, controller: 'rails_jwt_auth/confirmations', only: [:create, :update]"
-    route "resource :password, controller: 'rails_jwt_auth/passwords', only: [:create, :update]"
+    route "resources :session, controller: 'rails_jwt_auth/sessions', only: [:create, :destroy]"
+    route "resources :registration, controller: 'rails_jwt_auth/registrations', only: [:create, :update, :destroy]"
 
+    route "resources :confirmations, controller: 'rails_jwt_auth/confirmations', only: [:create, :update]"
+    route "resources :passwords, controller: 'rails_jwt_auth/passwords', only: [:create, :update]"
     route "resources :invitations, controller: 'rails_jwt_auth/invitations', only: [:create, :update]"
   end
 end

data/lib/generators/rails_jwt_auth/migrate_generator.rb

@@ -0,0 +1,17 @@
+class RailsJwtAuth::MigrateGenerator < Rails::Generators::Base
+  include Rails::Generators::Migration
+
+  source_root File.expand_path('../templates', __dir__)
+
+  def self.next_migration_number(_dir)
+    Time.current.strftime('%Y%m%d%H%M%S')
+  end
+
+  def create_initializer_file
+    migration_template 'migration.rb', "db/migrate/create_#{RailsJwtAuth.table_name}.rb"
+  end
+
+  def migration_version
+    "[#{Rails.version.split('.')[0..1].join('.')}]"
+  end
+end

data/lib/generators/templates/initializer.rb

@@ -5,11 +5,8 @@ RailsJwtAuth.setup do |config|
   # field name used to authentication with password
   #config.auth_field_name = 'email'
 
-  # set to true to validate auth_field email format
-  #config.auth_field_email = true
-
-  # regex used to Validate email format
-  #config.email_regex = /\A([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})\z/i
+  # define email field name used to send emails
+  #config.email_field_name = 'email'
 
   # expiration time for generated tokens
   #config.jwt_expiration_time = 7.days
@@ -23,28 +20,28 @@ RailsJwtAuth.setup do |config|
   # mailer sender
   #config.mailer_sender = 'initialize-mailer_sender@example.com'
 
-  # url used to create email link with confirmation token
-  #config.confirmation_url = 'http://frontend.com/confirmation'
-
   # expiration time for confirmation tokens
   #config.confirmation_expiration_time = 1.day
 
+  # expiration time for reset password tokens
+  #config.reset_password_expiration_time = 1.day
+
+  # time an invitation is valid after sent
+  # config.invitation_expiration_time = 2.days
+
+  # url used to create email link with confirmation token
+  #config.confirmations_url = 'http://frontend.com/confirmation'
+
   # url used to create email link with reset password token
-  #config.reset_password_url = 'http://frontend.com/reset_password'
+  #config.reset_passwords_url = 'http://frontend.com/reset_password'
 
   # url used to create email link with set password token
   # by set_and_send_password_instructions method
-  #config.set_password_url = 'http://frontend.com/set_password'
+  #config.set_passwords_url = 'http://frontend.com/set_password'
 
-  # expiration time for reset password tokens
-  #config.reset_password_expiration_time = 1.day
+  # url used to create email link with activation token parameter to accept invitation
+  #config.invitations_url = 'http://frontend.com/accept_invitation'
 
   # uses deliver_later to send emails instead of deliver method
   #config.deliver_later = false
-
-  # time an invitation is valid after sent
-  # config.invitation_expiration_time = 2.days
-
-  # url used to create email link with activation token parameter to accept invitation
-  # config.accept_invitation_url = 'http://frontend.com/accept_invitation'
 end

data/lib/generators/templates/migration.rb

@@ -0,0 +1,29 @@
+class Create<%= RailsJwtAuth.model_name.pluralize %> < ActiveRecord::Migration<%= migration_version %>
+  def change
+    create_table :<%= RailsJwtAuth.table_name %> do |t|
+      t.string :email
+      t.string :password_digest
+      t.string :auth_tokens
+
+      ## Confirmable
+      # t.string :unconfirmed_email
+      # t.string :confirmation_token
+      # t.datetime :confirmation_sent_at
+      # t.datetime :confirmed_at
+
+      ## Recoverable
+      # t.string :reset_password_token
+      # t.datetime :reset_password_sent_at
+
+      ## Trackable
+      # t.string :last_sign_in_ip
+      # t.datetime :last_sign_in_at
+
+      ## Invitable
+      # t.string :invitation_token
+      # t.datetime :invitation_sent_at
+      # t.datetime :invitation_accepted_at
+      # t.datetime :invitation_created_at
+    end
+  end
+end

data/lib/rails_jwt_auth.rb

@@ -1,20 +1,24 @@
-require 'warden'
 require 'bcrypt'
 
 require 'rails_jwt_auth/engine'
+require 'rails_jwt_auth/jwt_manager'
 
 module RailsJwtAuth
+  InvalidEmailField = Class.new(StandardError)
+  InvalidAuthField = Class.new(StandardError)
+  NotConfirmationsUrl = Class.new(StandardError)
+  NotInvitationsUrl = Class.new(StandardError)
+  NotResetPasswordsUrl = Class.new(StandardError)
+  NotSetPasswordsUrl = Class.new(StandardError)
+
   mattr_accessor :model_name
   self.model_name = 'User'
 
   mattr_accessor :auth_field_name
   self.auth_field_name = 'email'
 
-  mattr_accessor :auth_field_email
-  self.auth_field_email = true
-
-  mattr_accessor :email_regex
-  self.email_regex = /\A([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})\z/i
+  mattr_accessor :email_field_name
+  self.email_field_name = 'email'
 
   mattr_accessor :jwt_expiration_time
   self.jwt_expiration_time = 7.days
@@ -28,35 +32,65 @@ module RailsJwtAuth
   mattr_accessor :mailer_sender
   self.mailer_sender = 'initialize-mailer_sender@example.com'
 
-  mattr_accessor :confirmation_url
-  self.confirmation_url = nil
-
   mattr_accessor :confirmation_expiration_time
   self.confirmation_expiration_time = 1.day
 
-  mattr_accessor :reset_password_url
-  self.reset_password_url = nil
-
-  mattr_accessor :set_password_url
-  self.set_password_url = nil
-
   mattr_accessor :reset_password_expiration_time
   self.reset_password_expiration_time = 1.day
 
-  mattr_accessor :deliver_later
-  self.deliver_later = false
-
   mattr_accessor :invitation_expiration_time
   self.invitation_expiration_time = 2.days
 
-  mattr_accessor :accept_invitation_url
-  self.accept_invitation_url = nil
+  mattr_accessor :confirmations_url
+  self.confirmations_url = nil
+
+  mattr_accessor :reset_passwords_url
+  self.reset_passwords_url = nil
+
+  mattr_accessor :set_passwords_url
+  self.set_passwords_url = nil
+
+  mattr_accessor :invitations_url
+  self.invitations_url = nil
+
+  mattr_accessor :deliver_later
+  self.deliver_later = false
 
   def self.model
     model_name.constantize
   end
 
+  def self.table_name
+    model_name.underscore.pluralize
+  end
+
   def self.setup
     yield self
   end
+
+  def self.auth_field_name!
+    field_name = RailsJwtAuth.auth_field_name
+    klass = RailsJwtAuth.model
+
+    unless field_name.present? &&
+           (klass.respond_to?(:column_names) && klass.column_names.include?(field_name) ||
+            klass.respond_to?(:fields) && klass.fields[field_name])
+      raise RailsJwtAuth::InvalidAuthField
+    end
+
+    field_name
+  end
+
+  def self.email_field_name!
+    field_name = RailsJwtAuth.email_field_name
+    klass = RailsJwtAuth.model
+
+    unless field_name.present? &&
+           (klass.respond_to?(:column_names) && klass.column_names.include?(field_name) ||
+            klass.respond_to?(:fields) && klass.fields[field_name])
+      raise RailsJwtAuth::InvalidEmailField
+    end
+
+    field_name
+  end
 end

data/lib/rails_jwt_auth/engine.rb

@@ -1,25 +1,4 @@
 module RailsJwtAuth
   class Engine < ::Rails::Engine
-    require 'rails_jwt_auth/strategies/jwt'
-
-    config.generators do |g|
-      g.test_framework :rspec
-      g.fixture_replacement :factory_girl, dir: 'spec/factories'
-    end
-
-    initializer 'rails_jwt_auth.warden' do |app|
-      app.middleware.insert_after ActionDispatch::Callbacks, Warden::Manager do |manager|
-        manager.default_strategies :authentication_token
-        manager.failure_app = UnauthorizedController
-      end
-
-      Warden::Strategies.add(:authentication_token, Strategies::Jwt)
-
-      Warden::Manager.after_set_user except: :fetch do |record, warden, options|
-        if record.respond_to?(:update_tracked_fields!) && warden.authenticated?(options[:scope])
-          record.update_tracked_fields!(warden.request)
-        end
-      end
-    end
   end
 end

data/lib/rails_jwt_auth/jwt_manager.rb

@@ -0,0 +1,33 @@
+require 'jwt'
+
+module RailsJwtAuth
+  module JwtManager
+    def self.secret_key_base
+      Rails.application.secrets.secret_key_base || Rails.application.credentials.secret_key_base
+    end
+
+    # Encodes and signs JWT Payload with expiration
+    def self.encode(payload)
+      payload.reverse_merge!(meta)
+      JWT.encode(payload, secret_key_base)
+    end
+
+    # Decodes the JWT with the signed secret
+    # [{"auth_token"=>"xxx", "exp"=>148..., "iss"=>"RJA"}, {"typ"=>"JWT", "alg"=>"HS256"}]
+    def self.decode(token)
+      JWT.decode(token, secret_key_base)
+    end
+
+    # Default options to be encoded in the token
+    def self.meta
+      {
+        exp: RailsJwtAuth.jwt_expiration_time.from_now.to_i,
+        iss: RailsJwtAuth.jwt_issuer
+      }
+    end
+
+    def self.decode_from_request(request)
+      decode(request.env['HTTP_AUTHORIZATION']&.split&.last)
+    end
+  end
+end

data/lib/rails_jwt_auth/spec_helpers.rb

@@ -0,0 +1,15 @@
+module RailsJwtAuth
+  module SpecHelpers
+    def sign_out
+      warn '[DEPRECATION] `sign_out` is deprecated and not needed.  Please remove it.'
+    end
+
+    def sign_in(user)
+      allow_any_instance_of(RailsJwtAuth::AuthenticableHelper)
+        .to receive(:authenticate!).and_return(true)
+
+      allow_any_instance_of(RailsJwtAuth::AuthenticableHelper)
+        .to receive(:current_user).and_return(user)
+    end
+  end
+end