rails_jwt_auth 0.17.1 → 0.18.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 7c2aed170511243b66a49dc2913ba59c5e00e5b5
-  data.tar.gz: a7cb07b8a569c4af7f6b65211be0109ba0d88ee0
+  metadata.gz: f62382c4d00178ccea3aa3a95e9fce5a2ce51909
+  data.tar.gz: 88608b4d059215392fb2c2c5b9a22478ca3ce915
 SHA512:
-  metadata.gz: 14f8f7d270903f22e5adffab7f158e4d4a0c24ccae6bb6abd2d9cd9908901980b7699800ab00ee5ddbdef82446e51c6f2944f7176ffcc8dcb386945eb989ed4b
-  data.tar.gz: 7f326f34d1c084dbed94362941f7d4f9d493f23fdba54f1ccaa43ac60a8ac71f0c25088764caeb26c3ec4f254b290ae3b55b725643cd60210077bed23976b6be
+  metadata.gz: 6c9483c6c630e56a44880cd19e5efa76f6ab055ac64a577802dea27d8ccac3c6c926b5f3299cb2217911a1849695aae3e8abdb2c5820205597719e1ab6c21661
+  data.tar.gz: a179d9f7eb6d28b360c5ecaba632f4124b755cb95d5bc6698aee80db6e401144a47ac74a63e5be1a5445c017bb218a0af3794a2685db1b4331f852934bfcceed

data/README.md

@@ -1,4 +1,6 @@
 # RailsJwtAuth
+[![Gem Version](https://badge.fury.io/rb/rails_jwt_auth.svg)](https://badge.fury.io/rb/rails_jwt_auth)
+![Build Status](https://travis-ci.org/rjurado01/rails_jwt_auth.svg?branch=master)
 
 Rails-API authentication solution based on Warden and JWT and inspired by Devise.
 
@@ -48,6 +50,8 @@ You can edit configuration options into `config/initializers/auth_token_auth.rb`
 | reset_password_expiration_time | 1.day             | Confirmation token expiration time                                    |
 | set_password_url               | password_path     | Url used to create email link with set password token                 |
 | deliver_later                  | false             | Uses `deliver_later` method to send emails                            |
+| invitation_expiration_time     | 2.days            | Time an invitation is valid and can be accepted                       |
+| invitation_url                 | invitation_path   | URL used to create email link with invitation token                   |
 
 ## Authenticatable
 
@@ -211,6 +215,46 @@ class User
 end
 ```
 
+## Invitable
+
+This module allows you to invite an user to your application sending an invitation mail with a unique link and complete registration by setting user's password.
+
+### ActiveRecord
+
+Include `RailsJwtAuth::Invitable` module in your User model:
+
+```ruby
+# app/models/user.rb
+class User < ApplicationRecord
+  include RailsJwtAuth::Authenticatable
+  include RailsJwtAuth::Invitable
+end
+```
+
+And create the corresponding migration
+
+```ruby
+# Example migration
+change_table :users do |t|
+  t.string :invitation_token
+  t.datetime :invitation_sent_at
+  t.datetime :invitation_accepted_at
+  t.datetime :invitation_created_at
+end
+```
+
+### Mongoid
+
+Include `RailsJwtAuth::Invitable` module in your User model:
+
+```ruby
+# app/models/user.rb
+class User < ApplicationRecord
+  include RailsJwtAuth::Authenticatable
+  include RailsJwtAuth::Invitable
+end
+```
+
 ## Controller helpers
 
 RailsJwtAuth will create some helpers to use inside your controllers.
@@ -368,6 +412,44 @@ Password api is defined by RailsJwtAuth::PasswordsController.
 }
 ```
 
+### Invitations
+
+Invitations api is provided by RailsJwtAuth::InvitationsController.
+
+1.  Create an invitation and send email:
+
+```js
+{
+  url: host/invitation,
+  method: POST,
+  data: {
+    invitation: {
+      email: "user@example.com",
+      // More fields of your user
+    }
+  }
+}
+```
+
+2.  Accept an invitation:
+
+```js
+{
+  url: host/invitation,
+  method: PUT,
+  data: {
+    accept_invitation: {
+      invitation_token: "token",
+      password: '1234',
+      password_confirmation: '1234',
+      // More fields of your user...
+    }
+  }
+}
+```
+
+Note: To add more fields, see "Custom strong parameters" below.
+
 ## Custom controllers
 
 You can overwrite RailsJwtAuth controllers to edit actions, responses,
@@ -420,7 +502,7 @@ end
 
 ## Register users with random password
 
-This is a controller example that allows admins to register users with random password and send email to reset it.  
+This is a controller example that allows admins to register users with random password and send email to reset it.
 If registration is sucess it will send email to `set_password_url` with reset password token.
 
 ```ruby

data/Rakefile

@@ -17,10 +17,11 @@ end
 APP_RAKEFILE = File.expand_path("../spec/dummy/Rakefile", __FILE__)
 load 'rails/tasks/engine.rake'
 
-
 load 'rails/tasks/statistics.rake'
 
-
-
 require 'bundler/gem_tasks'
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new(:spec)
 
+task :default => :spec

data/app/controllers/concerns/rails_jwt_auth/params_helper.rb

@@ -23,5 +23,13 @@ module RailsJwtAuth
     def password_update_params
       params.require(:password).permit(:password, :password_confirmation)
     end
+
+    def invitation_create_params
+      params.require(:invitation).permit(:email)
+    end
+
+    def invitation_update_params
+      params.require(:accept_invitation).permit(:invitation_token, :password, :password_confirmation)
+    end
   end
 end

data/app/controllers/rails_jwt_auth/invitations_controller.rb

@@ -0,0 +1,27 @@
+module RailsJwtAuth
+  class InvitationsController < ApplicationController
+    include ParamsHelper
+    include RenderHelper
+
+    def create
+      attr_hash = invitation_create_params
+      user = RailsJwtAuth.model.invite!(attr_hash)
+      user.errors.empty? ? render_204 : render_422(user.errors)
+    end
+
+    def update
+      attr_hash = invitation_update_params
+      token = attr_hash.delete(:invitation_token)
+      user = RailsJwtAuth.model.where(invitation_token: token).first
+      user.assign_attributes attr_hash
+      user.accept_invitation!
+
+      if user.errors.empty? && user.save
+        return render_204
+      else
+        user.update_attribute :invitation_token, token
+        return render_422(user.errors)
+      end
+    end
+  end
+end

data/app/mailers/rails_jwt_auth/mailer.rb

@@ -52,5 +52,21 @@ if defined?(ActionMailer)
       subject = I18n.t('rails_jwt_auth.mailer.set_password_instructions.subject')
       mail(to: @user.email, subject: subject)
     end
+
+    def send_invitation(user)
+      @user = user
+
+      if RailsJwtAuth.invitation_url
+        url, params = RailsJwtAuth.invitation_url.split '?'
+        params = params ? params.split('&') : []
+        params.push("invitation_token=#{@user.invitation_token}")
+        @accept_invitation_url = "#{url}?#{params.join('&')}"
+      else
+        @accept_invitation_url = invitation_url(invitation_token: @user.invitation_token)
+      end
+
+      subject = I18n.t('rails_jwt_auth.mailer.send_invitation.subject')
+      mail(to: @user.email, subject: subject)
+    end
   end
 end

data/app/models/concerns/rails_jwt_auth/authenticatable.rb

@@ -49,24 +49,26 @@ module RailsJwtAuth
     end
 
     def self.included(base)
-      if defined?(Mongoid) && base.ancestors.include?(Mongoid::Document)
-        base.send(:field, RailsJwtAuth.auth_field_name, type: String)
-        base.send(:field, :password_digest,             type: String)
-        base.send(:field, :auth_tokens,                 type: Array)
-      elsif defined?(ActiveRecord) && base.ancestors.include?(ActiveRecord::Base)
-        base.send(:serialize, :auth_tokens, Array)
-      end
+      base.extend(ClassMethods)
 
-      base.send(:validates, RailsJwtAuth.auth_field_name, presence: true, uniqueness: true)
-      base.send(:validates, RailsJwtAuth.auth_field_name, email: true) if RailsJwtAuth.auth_field_email
+      base.class_eval do 
+        if defined?(Mongoid) && ancestors.include?(Mongoid::Document)
+          field RailsJwtAuth.auth_field_name, type: String
+          field :password_digest,             type: String
+          field :auth_tokens,                 type: Array
+        elsif defined?(ActiveRecord) && ancestors.include?(ActiveRecord::Base)
+          serialize :auth_tokens, Array
+        end
 
-      base.send(:has_secure_password)
+        validates RailsJwtAuth.auth_field_name, presence: true, uniqueness: true
+        validates RailsJwtAuth.auth_field_name, email: true if RailsJwtAuth.auth_field_email
 
-      base.send(:before_validation) do
-        self.email = email.downcase if self.email
-      end
+        has_secure_password
 
-      base.extend(ClassMethods)
+        before_validation do
+          self.email = email.downcase if email
+        end
+      end
     end
   end
 end

data/app/models/concerns/rails_jwt_auth/confirmable.rb

@@ -37,34 +37,36 @@ module RailsJwtAuth
     end
 
     def self.included(base)
-      if base.ancestors.include? Mongoid::Document
-        # include GlobalID::Identification to use deliver_later method
-        # http://edgeguides.rubyonrails.org/active_job_basics.html#globalid
-        base.send(:include, GlobalID::Identification) if RailsJwtAuth.deliver_later
-
-        base.send(:field, :email,                type: String)
-        base.send(:field, :unconfirmed_email,    type: String)
-        base.send(:field, :confirmation_token,   type: String)
-        base.send(:field, :confirmation_sent_at, type: Time)
-        base.send(:field, :confirmed_at,         type: Time)
-      end
+      base.class_eval do
+        if ancestors.include? Mongoid::Document
+          # include GlobalID::Identification to use deliver_later method
+          # http://edgeguides.rubyonrails.org/active_job_basics.html#globalid
+          include GlobalID::Identification if RailsJwtAuth.deliver_later
+
+          field :email,                type: String
+          field :unconfirmed_email,    type: String
+          field :confirmation_token,   type: String
+          field :confirmation_sent_at, type: Time
+          field :confirmed_at,         type: Time
+        end
 
-      base.send(:validate, :validate_confirmation, if: :confirmed_at_changed?)
+        validate :validate_confirmation, if: :confirmed_at_changed?
 
-      base.send(:after_create) do
-        send_confirmation_instructions unless confirmed_at || confirmation_sent_at
-      end
+        after_create do
+          send_confirmation_instructions unless confirmed_at || confirmation_sent_at
+        end
 
-      base.send(:before_update) do
-        if email_changed? && email_was && !confirmed_at_changed?
-          self.unconfirmed_email = email
-          self.email = email_was
+        before_update do
+          if email_changed? && email_was && !confirmed_at_changed?
+            self.unconfirmed_email = email
+            self.email = email_was
 
-          self.confirmation_token = SecureRandom.base58(24)
-          self.confirmation_sent_at = Time.now
+            self.confirmation_token = SecureRandom.base58(24)
+            self.confirmation_sent_at = Time.now
 
-          mailer = Mailer.confirmation_instructions(self)
-          RailsJwtAuth.deliver_later ? mailer.deliver_later : mailer.deliver
+            mailer = Mailer.confirmation_instructions(self)
+            RailsJwtAuth.deliver_later ? mailer.deliver_later : mailer.deliver
+          end
         end
       end
     end

data/app/models/concerns/rails_jwt_auth/invitable.rb

@@ -0,0 +1,113 @@
+module RailsJwtAuth
+  module Invitable
+    extend ActiveSupport::Concern
+
+    def self.included(base)
+      base.extend ClassMethods
+      base.class_eval do
+        if ancestors.include? Mongoid::Document
+          # include GlobalID::Identification to use deliver_later method
+          # http://edgeguides.rubyonrails.org/active_job_basics.html#globalid
+          include GlobalID::Identification if RailsJwtAuth.deliver_later
+
+          field :invitation_token,         type: String
+          field :invitation_sent_at,       type: Time
+          field :invitation_accepted_at,   type: Time
+          field :invitation_created_at,    type: Time
+
+          index({invitation_token: 1}, {unique: true})
+        end
+      end
+    end
+
+    module ClassMethods
+      # Creates an user and sends an invitation to him.
+      # If the user is already invited and pending of completing registration
+      # the invitation is resent by email.
+      # If the user is already registered, it returns the user with a
+      # <tt>:taken</tt> on the email field.
+      #
+      # @param [Hash] attributes Hash containing user's attributes to be filled.
+      #               Must contain an email key.
+      #
+      #
+      # @return [user] The user created or found by email.
+
+      def invite!(attributes={})
+        attrs = ActiveSupport::HashWithIndifferentAccess.new(attributes.to_h)
+        auth_field = RailsJwtAuth.auth_field_name
+        auth_attribute = attrs.delete(auth_field)
+
+        raise ArgumentError unless auth_attribute
+
+        record = RailsJwtAuth.model.find_or_initialize_by(auth_field => auth_attribute)
+        record.assign_attributes(attrs)
+        record.invitation_created_at = Time.now.utc if record.new_record?
+
+        unless record.password || record.password_digest
+          password = SecureRandom.base58(16)
+          record.password = password
+          record.password_confirmation = password
+        end
+
+        record.valid?
+
+        if !record.new_record? && !record.invited?
+          record.errors.add(RailsJwtAuth.auth_field_name, :taken)
+        end
+
+        record.invite! if record.errors.empty?
+        record
+      end
+    end
+
+    # Accept an invitation by clearing token and setting invitation_accepted_at
+    def accept_invitation
+      self.invitation_accepted_at = Time.now.utc
+      self.invitation_token = nil
+    end
+
+    def accept_invitation!
+      return unless invited?
+      if valid_invitation?
+        accept_invitation
+        # Override confirmable
+        self.confirmed_at = invitation_accepted_at if respond_to? :confirmed_at
+      else
+        errors.add(:invitation_token, :invalid)
+      end
+    end
+
+    def invite!
+      generate_invitation_token if invitation_token.nil?
+      self.invitation_created_at = Time.now.utc
+
+      deliver_invitation if save(validate: false)
+    end
+
+    def invited?
+      (persisted? && invitation_token.present?)
+    end
+
+    protected
+
+    def deliver_invitation
+      mailer = Mailer.send_invitation(self)
+      RailsJwtAuth.deliver_later ? mailer.deliver_later : mailer.deliver
+    end
+
+    def generate_invitation_token
+      self.invitation_token = SecureRandom.base58(128)
+    end
+
+    def valid_invitation?
+      invited? && invitation_period_valid?
+    end
+
+    def invitation_period_valid?
+      time = invitation_sent_at || invitation_created_at
+      expiration_time = RailsJwtAuth.invitation_expiration_time
+      time && (expiration_time.to_i.zero? || time.utc >= expiration_time.ago)
+    end
+  end
+end

data/app/models/concerns/rails_jwt_auth/recoverable.rb

@@ -31,20 +31,22 @@ module RailsJwtAuth
     end
 
     def self.included(base)
-      if base.ancestors.include? Mongoid::Document
-        # include GlobalID::Identification to use deliver_later method
-        # http://edgeguides.rubyonrails.org/active_job_basics.html#globalid
-        base.send(:include, GlobalID::Identification) if RailsJwtAuth.deliver_later
-
-        base.send(:field, :reset_password_token,   type: String)
-        base.send(:field, :reset_password_sent_at, type: Time)
-      end
+      base.class_eval do
+        if base.ancestors.include? Mongoid::Document
+          # include GlobalID::Identification to use deliver_later method
+          # http://edgeguides.rubyonrails.org/active_job_basics.html#globalid
+          include GlobalID::Identification if RailsJwtAuth.deliver_later
+
+          field :reset_password_token,   type: String
+          field :reset_password_sent_at, type: Time
+        end
 
-      base.send(:validate, :validate_reset_password_token, if: :password_digest_changed?)
+        validate :validate_reset_password_token, if: :password_digest_changed?
 
-      base.send(:before_update) do
-        if password_digest_changed? && reset_password_token
-          self.reset_password_token = nil
+        before_update do
+          if password_digest_changed? && reset_password_token
+            self.reset_password_token = nil
+          end
         end
       end
     end

data/app/models/concerns/rails_jwt_auth/trackable.rb

@@ -7,9 +7,11 @@ module RailsJwtAuth
     end
 
     def self.included(base)
-      if defined?(Mongoid) && base.ancestors.include?(Mongoid::Document)
-        base.send(:field, :last_sign_in_at, type: Time)
-        base.send(:field, :last_sign_in_ip, type: String)
+      base.class_eval do
+        if defined?(Mongoid) && ancestors.include?(Mongoid::Document)
+          field :last_sign_in_at, type: Time
+          field :last_sign_in_ip, type: String
+        end
       end
     end
   end

data/app/views/rails_jwt_auth/mailer/send_invitation.html.erb

@@ -0,0 +1,6 @@
+<p>Hello <%= @user.email %>!</p>
+
+<p>Someone has sent you an invitation to App.</p>
+<p>To complete registration setting a password, please click the following link.</p>
+
+<p><%= link_to "Accept invitation", @accept_invitation_url.html_safe %></p>

data/config/locales/en.yml

@@ -7,6 +7,9 @@ en:
         subject: "Reset password instructions"
       set_password_instructions:
         subject: "Set password instructions"
+      send_invitation:
+        subject: "Someone has sent you an invitation!"
+
     errors:
       unconfirmed: "unconfirmed email"
       already_confirmed: "was already confirmed, please try signing in"
@@ -15,6 +18,7 @@ en:
       invalid: "invalid"
       blank: "blank"
       not_found: "not found"
+      missing: "is missing"
       email:
         invalid: "is not an email"
       current_password:

data/lib/generators/rails_jwt_auth/install_generator.rb

@@ -11,5 +11,7 @@ class RailsJwtAuth::InstallGenerator < Rails::Generators::Base
 
     route "resource :confirmation, controller: 'rails_jwt_auth/confirmations', only: [:create, :update]"
     route "resource :password, controller: 'rails_jwt_auth/passwords', only: [:create, :update]"
+
+    route "resource :invitation, controller: 'rails_jwt_auth/invitations', only: [:create, :update]"
   end
 end

data/lib/generators/templates/initializer.rb

@@ -40,4 +40,12 @@ RailsJwtAuth.setup do |config|
 
   # uses deliver_later to send emails instead of deliver method
   #config.deliver_later = false
+
+  # Invitable configuration
+  # 
+  # Time an invitation is valid after sent
+  # config.invitation_expiration_time = 2.days
+  #
+  # URL used to create email link to activate invitation
+  # config.accept_invitation_url = 'http://frontend.com/accept_invitation'
 end

data/lib/rails_jwt_auth.rb

@@ -46,6 +46,12 @@ module RailsJwtAuth
   mattr_accessor :deliver_later
   @@deliver_later = false
 
+  mattr_accessor :invitation_expiration_time
+  @@invitation_expiration_time = 2.days
+
+  mattr_accessor :invitation_url
+  @@invitation_url = nil
+
   def self.model
     @@model_name.constantize
   end

data/lib/rails_jwt_auth/version.rb

@@ -1,3 +1,3 @@
 module RailsJwtAuth
-  VERSION = '0.17.1'
+  VERSION = '0.18.0'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rails_jwt_auth
 version: !ruby/object:Gem::Version
-  version: 0.17.1
+  version: 0.18.0
 platform: ruby
 authors:
 - rjurado
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-09-19 00:00:00.000000000 Z
+date: 2017-12-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -81,6 +81,7 @@ files:
 - app/controllers/concerns/rails_jwt_auth/render_helper.rb
 - app/controllers/concerns/rails_jwt_auth/warden_helper.rb
 - app/controllers/rails_jwt_auth/confirmations_controller.rb
+- app/controllers/rails_jwt_auth/invitations_controller.rb
 - app/controllers/rails_jwt_auth/passwords_controller.rb
 - app/controllers/rails_jwt_auth/registrations_controller.rb
 - app/controllers/rails_jwt_auth/sessions_controller.rb
@@ -88,11 +89,13 @@ files:
 - app/mailers/rails_jwt_auth/mailer.rb
 - app/models/concerns/rails_jwt_auth/authenticatable.rb
 - app/models/concerns/rails_jwt_auth/confirmable.rb
+- app/models/concerns/rails_jwt_auth/invitable.rb
 - app/models/concerns/rails_jwt_auth/recoverable.rb
 - app/models/concerns/rails_jwt_auth/trackable.rb
 - app/validators/email_validator.rb
 - app/views/rails_jwt_auth/mailer/confirmation_instructions.html.erb
 - app/views/rails_jwt_auth/mailer/reset_password_instructions.html.erb
+- app/views/rails_jwt_auth/mailer/send_invitation.html.erb
 - app/views/rails_jwt_auth/mailer/set_password_instructions.html.erb
 - config/locales/en.yml
 - lib/generators/rails_jwt_auth/install_generator.rb