rails_jwt_auth 1.7.3 → 2.0.3

data/lib/rails_jwt_auth/session.rb

@@ -0,0 +1,128 @@
+module RailsJwtAuth
+  class Session
+    attr_reader :user, :errors, :jwt
+
+    Errors = Struct.new :details # simulate ActiveModel::Errors
+
+    def initialize(params={})
+      @auth_field_value = (params[RailsJwtAuth.auth_field_name] || '').strip
+      @auth_field_value.downcase! if RailsJwtAuth.downcase_auth_field
+      @password = params[:password]
+
+      find_user if @auth_field_value.present?
+    end
+
+    def valid?
+      validate!
+
+      !errors?
+    end
+
+    def generate!(request)
+      if valid?
+        user.clean_reset_password if recoverable?
+        user.clean_lock if lockable?
+        user.track_session_info(request) if trackable?
+        user.load_auth_token
+
+        unless user.save
+          add_error(RailsJwtAuth.model_name.underscore, :invalid)
+
+          return false
+        end
+
+        generate_jwt(request)
+
+        true
+      else
+        user.failed_attempt if lockable?
+
+        false
+      end
+    end
+
+    private
+
+    def validate!
+      # Can't use ActiveModel::Validations since we have dynamic fields
+      @errors = Errors.new({})
+
+      validate_auth_field_presence
+      validate_password_presence
+      validate_user_exist
+      validate_user_is_confirmed if confirmable?
+      validate_user_is_not_locked if lockable?
+      validate_user_password unless errors?
+      validate_custom
+    end
+
+    def find_user
+      @user = RailsJwtAuth.model.where(RailsJwtAuth.auth_field_name => @auth_field_value).first
+    end
+
+    def confirmable?
+      @user&.kind_of?(RailsJwtAuth::Confirmable)
+    end
+
+    def lockable?
+      @user&.kind_of?(RailsJwtAuth::Lockable)
+    end
+
+    def recoverable?
+      @user&.kind_of?(RailsJwtAuth::Recoverable)
+    end
+
+    def trackable?
+      @user&.kind_of?(RailsJwtAuth::Trackable)
+    end
+
+    def user?
+      @user.present?
+    end
+
+    def field_error(field)
+      RailsJwtAuth.avoid_email_errors ? :session : field
+    end
+
+    def validate_auth_field_presence
+      add_error(RailsJwtAuth.auth_field_name, :blank) if @auth_field_value.blank?
+    end
+
+    def validate_password_presence
+      add_error(:password, :blank) if @password.blank?
+    end
+
+    def validate_user_exist
+      add_error(field_error(RailsJwtAuth.auth_field_name), :invalid) unless @user
+    end
+
+    def validate_user_password
+      add_error(field_error(:password), :invalid) unless @user.authenticate(@password)
+    end
+
+    def validate_user_is_confirmed
+      add_error(RailsJwtAuth.email_field_name, :unconfirmed) unless @user.confirmed?
+    end
+
+    def validate_user_is_not_locked
+      add_error(RailsJwtAuth.email_field_name, :locked) if @user.access_locked?
+    end
+
+    def validate_custom
+      # allow add custom validations overwriting this method
+    end
+
+    def add_error(field, detail)
+      @errors.details[field.to_sym] ||= []
+      @errors.details[field.to_sym].push({error: detail})
+    end
+
+    def errors?
+      @errors.details.any?
+    end
+
+    def generate_jwt(request)
+      @jwt = JwtManager.encode(user.to_token_payload(request))
+    end
+  end
+end

data/lib/rails_jwt_auth/version.rb

@@ -1,3 +1,3 @@
 module RailsJwtAuth
-  VERSION = '1.7.3'
+  VERSION = '2.0.3'
 end

data/lib/rails_jwt_auth.rb

@@ -1,15 +1,16 @@
+require 'active_support/core_ext/integer/time'
 require 'bcrypt'
 
 require 'rails_jwt_auth/engine'
 require 'rails_jwt_auth/jwt_manager'
+require 'rails_jwt_auth/session'
 
 module RailsJwtAuth
-  InvalidEmailField = Class.new(StandardError)
-  InvalidAuthField = Class.new(StandardError)
   NotConfirmationsUrl = Class.new(StandardError)
   NotInvitationsUrl = Class.new(StandardError)
   NotResetPasswordsUrl = Class.new(StandardError)
-  NotSetPasswordsUrl = Class.new(StandardError)
+  NotUnlockUrl = Class.new(StandardError)
+  InvalidJwtPayload = Class.new(StandardError)
 
   mattr_accessor :model_name
   self.model_name = 'User'
@@ -20,6 +21,12 @@ module RailsJwtAuth
   mattr_accessor :email_field_name
   self.email_field_name = 'email'
 
+  mattr_accessor :email_regex
+  self.email_regex = URI::MailTo::EMAIL_REGEXP
+
+  mattr_accessor :downcase_auth_field
+  self.downcase_auth_field = false
+
   mattr_accessor :jwt_expiration_time
   self.jwt_expiration_time = 7.days
 
@@ -29,11 +36,17 @@ module RailsJwtAuth
   mattr_accessor :simultaneous_sessions
   self.simultaneous_sessions = 2
 
+  mattr_accessor :mailer_name
+  self.mailer_name = 'RailsJwtAuth::Mailer'
+
   mattr_accessor :mailer_sender
   self.mailer_sender = 'initialize-mailer_sender@example.com'
 
-  mattr_accessor :send_email_changed_notification
-  self.send_email_changed_notification = true
+  mattr_accessor :send_email_change_requested_notification
+  self.send_email_change_requested_notification = true
+
+  mattr_accessor :send_password_changed_notification
+  self.send_password_changed_notification = true
 
   mattr_accessor :confirmation_expiration_time
   self.confirmation_expiration_time = 1.day
@@ -44,18 +57,6 @@ module RailsJwtAuth
   mattr_accessor :invitation_expiration_time
   self.invitation_expiration_time = 2.days
 
-  mattr_accessor :confirmations_url
-  self.confirmations_url = nil
-
-  mattr_accessor :reset_passwords_url
-  self.reset_passwords_url = nil
-
-  mattr_accessor :set_passwords_url
-  self.set_passwords_url = nil
-
-  mattr_accessor :invitations_url
-  self.invitations_url = nil
-
   mattr_accessor :deliver_later
   self.deliver_later = false
 
@@ -72,51 +73,49 @@ module RailsJwtAuth
   self.unlock_in = 60.minutes
 
   mattr_accessor :reset_attempts_in
-  self.unlock_in = 60.minutes
+  self.reset_attempts_in = 60.minutes
 
-  mattr_accessor :unlock_url
-  self.unlock_url = nil
+  mattr_accessor :confirm_email_url
+  self.confirm_email_url = nil
 
-  def self.model
-    model_name.constantize
-  end
+  mattr_accessor :reset_password_url
+  self.reset_password_url = nil
 
-  def self.table_name
-    model_name.underscore.pluralize
-  end
+  mattr_accessor :accept_invitation_url
+  self.accept_invitation_url = nil
+
+  mattr_accessor :unlock_account_url
+  self.unlock_account_url = nil
+
+  mattr_accessor :avoid_email_errors
+  self.avoid_email_errors = true
 
   def self.setup
     yield self
   end
 
-  def self.auth_field_name!
-    field_name = RailsJwtAuth.auth_field_name
-    klass = RailsJwtAuth.model
-
-    unless field_name.present? &&
-           (klass.respond_to?(:column_names) && klass.column_names.include?(field_name) ||
-            klass.respond_to?(:fields) && klass.fields[field_name])
-      raise RailsJwtAuth::InvalidAuthField
-    end
-
-    field_name
+  def self.model
+    model_name.constantize
   end
 
-  def self.email_field_name!
-    field_name = RailsJwtAuth.email_field_name
-    klass = RailsJwtAuth.model
+  def self.mailer
+    mailer_name.constantize
+  end
 
-    unless field_name.present? &&
-           (klass.respond_to?(:column_names) && klass.column_names.include?(field_name) ||
-            klass.respond_to?(:fields) && klass.fields[field_name])
-      raise RailsJwtAuth::InvalidEmailField
-    end
+  def self.table_name
+    model_name.underscore.pluralize
+  end
 
-    field_name
+  # Thanks to https://github.com/heartcombo/devise/blob/master/lib/devise.rb#L496
+  def self.friendly_token(length = 24)
+    # To calculate real characters, we must perform this operation.
+    # See SecureRandom.urlsafe_base64
+    rlength = (length * 3 / 4) - 1
+    SecureRandom.urlsafe_base64(rlength, true).tr('lIO0', 'sxyz')
   end
 
   def self.send_email(method, user)
-    mailer = RailsJwtAuth::Mailer.with(user_id: user.id.to_s).public_send(method)
+    mailer = RailsJwtAuth.mailer.with(user_id: user.id.to_s).public_send(method)
     RailsJwtAuth.deliver_later ? mailer.deliver_later : mailer.deliver
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rails_jwt_auth
 version: !ruby/object:Gem::Version
-  version: 1.7.3
+  version: 2.0.3
 platform: ruby
 authors:
 - rjurado
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-12-15 00:00:00.000000000 Z
+date: 2021-07-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bcrypt
@@ -67,10 +67,11 @@ files:
 - app/controllers/concerns/rails_jwt_auth/render_helper.rb
 - app/controllers/rails_jwt_auth/confirmations_controller.rb
 - app/controllers/rails_jwt_auth/invitations_controller.rb
-- app/controllers/rails_jwt_auth/passwords_controller.rb
+- app/controllers/rails_jwt_auth/profiles_controller.rb
 - app/controllers/rails_jwt_auth/registrations_controller.rb
+- app/controllers/rails_jwt_auth/reset_passwords_controller.rb
 - app/controllers/rails_jwt_auth/sessions_controller.rb
-- app/controllers/rails_jwt_auth/unlocks_controller.rb
+- app/controllers/rails_jwt_auth/unlock_accounts_controller.rb
 - app/controllers/unauthorized_controller.rb
 - app/mailers/rails_jwt_auth/mailer.rb
 - app/models/concerns/rails_jwt_auth/authenticatable.rb
@@ -80,11 +81,11 @@ files:
 - app/models/concerns/rails_jwt_auth/recoverable.rb
 - app/models/concerns/rails_jwt_auth/trackable.rb
 - app/views/rails_jwt_auth/mailer/confirmation_instructions.html.erb
-- app/views/rails_jwt_auth/mailer/email_changed.html.erb
+- app/views/rails_jwt_auth/mailer/email_change_requested_notification.html.erb
+- app/views/rails_jwt_auth/mailer/invitation_instructions.html.erb
+- app/views/rails_jwt_auth/mailer/password_changed_notification.html.erb
 - app/views/rails_jwt_auth/mailer/reset_password_instructions.html.erb
-- app/views/rails_jwt_auth/mailer/send_invitation.html.erb
-- app/views/rails_jwt_auth/mailer/send_unlock_instructions.html.erb
-- app/views/rails_jwt_auth/mailer/set_password_instructions.html.erb
+- app/views/rails_jwt_auth/mailer/unlock_instructions.html.erb
 - config/locales/en.yml
 - lib/generators/rails_jwt_auth/install_generator.rb
 - lib/generators/rails_jwt_auth/migrate_generator.rb
@@ -93,6 +94,7 @@ files:
 - lib/rails_jwt_auth.rb
 - lib/rails_jwt_auth/engine.rb
 - lib/rails_jwt_auth/jwt_manager.rb
+- lib/rails_jwt_auth/session.rb
 - lib/rails_jwt_auth/spec_helpers.rb
 - lib/rails_jwt_auth/version.rb
 homepage: https://github.com/rjurado01/rails_jwt_auth
@@ -114,7 +116,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.2
+rubygems_version: 3.1.4
 signing_key: 
 specification_version: 4
 summary: Rails jwt authentication.

data/app/controllers/rails_jwt_auth/passwords_controller.rb

@@ -1,32 +0,0 @@
-module RailsJwtAuth
-  class PasswordsController < ApplicationController
-    include ParamsHelper
-    include RenderHelper
-
-    def create
-      email_field = RailsJwtAuth.email_field_name
-
-      if password_create_params[email_field].blank?
-        return render_422(email_field => [{error: :blank}])
-      end
-
-      user = RailsJwtAuth.model.where(
-        email_field => password_create_params[email_field].to_s.strip.downcase
-      ).first
-
-      return render_422(email_field => [{error: :not_found}]) unless user
-
-      user.send_reset_password_instructions ? render_204 : render_422(user.errors.details)
-    end
-
-    def update
-      return render_404 unless
-        params[:id] &&
-        (user = RailsJwtAuth.model.where(reset_password_token: params[:id]).first)
-
-      return render_422(password: [{error: :blank}]) if password_update_params[:password].blank?
-
-      user.update(password_update_params) ? render_204 : render_422(user.errors.details)
-    end
-  end
-end

data/app/views/rails_jwt_auth/mailer/set_password_instructions.html.erb

@@ -1,5 +0,0 @@
-<p>Hello <%= @user[RailsJwtAuth.email_field_name] %>!</p>
-
-<p>You need to define your password to complete registration. You can do this through the link below.</p>
-
-<p><%= link_to 'Set my password', @reset_passwords_url.html_safe %></p>