rails_mvp_authentication 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 4fa3c307eee6e61d01e318fe1453a30660e18f0e2eb1de7b725c22f93c6a60e6
+  data.tar.gz: 8ac56c76c7dd2f316ef9b19c81e8c78987cade71cee289f2e1b3ef8c1dc22d0e
+SHA512:
+  metadata.gz: da4f0c62616acff46d67f8ca95ae1b7606710a23e99dfab4b6225b24ab90dca5dab8aec39c64d5749d4b608a21a9ea6ed3891f7ecb5586c8b568b3d71f394bfc
+  data.tar.gz: c6a117f9c7f8cb7168087329e21a62636b2b8bb74561f28e77dcb5ce8052f5add760b3254f43dfd051cfd8198103f57703d364c547134edcb0d8706365db0c94

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright 2022 Steve Polito
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,28 @@
+# RailsMvpAuthentication
+Short description and motivation.
+
+## Usage
+How to use my plugin.
+
+## Installation
+Add this line to your application's Gemfile:
+
+```ruby
+gem "rails_mvp_authentication"
+```
+
+And then execute:
+```bash
+$ bundle
+```
+
+Or install it yourself as:
+```bash
+$ gem install rails_mvp_authentication
+```
+
+## Contributing
+Contribution directions go here.
+
+## License
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/Rakefile

@@ -0,0 +1,8 @@
+require "bundler/setup"
+
+APP_RAKEFILE = File.expand_path("test/dummy/Rakefile", __dir__)
+load "rails/tasks/engine.rake"
+
+load "rails/tasks/statistics.rake"
+
+require "bundler/gem_tasks"

data/app/assets/config/rails_mvp_authentication_manifest.js

@@ -0,0 +1 @@
+//= link_directory ../stylesheets/rails_mvp_authentication .css

data/app/assets/stylesheets/rails_mvp_authentication/application.css

@@ -0,0 +1,15 @@
+/*
+ * This is a manifest file that'll be compiled into application.css, which will include all the files
+ * listed below.
+ *
+ * Any CSS and SCSS file within this directory, lib/assets/stylesheets, vendor/assets/stylesheets,
+ * or any plugin's vendor/assets/stylesheets directory can be referenced here using a relative path.
+ *
+ * You're free to add application-wide styles to this file and they'll appear at the bottom of the
+ * compiled file so the styles you add here take precedence over styles defined in any other CSS/SCSS
+ * files in this directory. Styles in this file should be added after the last require_* statement.
+ * It is generally better to create a new file per style scope.
+ *
+ *= require_tree .
+ *= require_self
+ */

data/app/controllers/rails_mvp_authentication/application_controller.rb

@@ -0,0 +1,4 @@
+module RailsMvpAuthentication
+  class ApplicationController < ActionController::Base
+  end
+end

data/app/helpers/rails_mvp_authentication/application_helper.rb

@@ -0,0 +1,4 @@
+module RailsMvpAuthentication
+  module ApplicationHelper
+  end
+end

data/app/jobs/rails_mvp_authentication/application_job.rb

@@ -0,0 +1,4 @@
+module RailsMvpAuthentication
+  class ApplicationJob < ActiveJob::Base
+  end
+end

data/app/mailers/rails_mvp_authentication/application_mailer.rb

@@ -0,0 +1,6 @@
+module RailsMvpAuthentication
+  class ApplicationMailer < ActionMailer::Base
+    default from: "from@example.com"
+    layout "mailer"
+  end
+end

data/app/models/rails_mvp_authentication/application_record.rb

@@ -0,0 +1,5 @@
+module RailsMvpAuthentication
+  class ApplicationRecord < ActiveRecord::Base
+    self.abstract_class = true
+  end
+end

data/app/views/layouts/rails_mvp_authentication/application.html.erb

@@ -0,0 +1,15 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>Rails mvp authentication</title>
+  <%= csrf_meta_tags %>
+  <%= csp_meta_tag %>
+
+  <%= stylesheet_link_tag    "rails_mvp_authentication/application", media: "all" %>
+</head>
+<body>
+
+<%= yield %>
+
+</body>
+</html>

data/config/routes.rb

@@ -0,0 +1,2 @@
+RailsMvpAuthentication::Engine.routes.draw do
+end

data/lib/generators/rails_mvp_authentication/USAGE

@@ -0,0 +1,5 @@
+Description:
+    Rails authentication via a generator.
+
+Example:
+    bin/rails generate rails_mvp_authentication:install

data/lib/generators/rails_mvp_authentication/install_generator.rb

@@ -0,0 +1,251 @@
+module RailsMvpAuthentication
+  module Generators
+    class InstallGenerator < Rails::Generators::Base
+      source_root File.expand_path("templates", __dir__)
+
+      desc "Rails authentication via a generator."
+
+      def perform
+        create_users_table
+        modify_users_table
+        create_user_model
+        add_bcrypt
+        add_routes
+        create_current_model
+        create_users_controller
+        create_user_views
+        create_confirmations_controller
+        create_confirmation_views
+        ceate_user_mailer
+        ceate_user_mailer_views
+        configure_hosts
+        create_authentication_concern
+        modify_application_controller
+        create_sessions_controller
+        create_session_views
+        create_passwords_controller
+        create_password_views
+        if using_default_test_suite
+          create_tests
+          modify_test_helper
+        end
+        add_links
+        print_instructions
+      end
+
+      private
+
+      def add_bcrypt
+        return unless gemfile_exists
+
+        if bcrypt_is_commented_out
+          uncomment_lines(gemfile, /gem "bcrypt", "~> 3.1.7"/)
+        else
+          gem "bcrypt", "~> 3.1.7"
+        end
+      end
+
+      def add_links
+        inject_into_file "app/views/layouts/application.html.erb", after: "<body>\n" do
+          <<-ERB
+    <ul>
+      <% if user_signed_in? %>
+        <li><%= link_to "My Acount", account_path %></li>
+        <li><%= button_to "Logout", logout_path, method: :delete %></li>
+      <% else %>
+        <li><%= link_to "Login", login_path %></li>
+        <li><%= link_to "Sign Up", sign_up_path %></li>
+        <li><%= link_to "Forgot my password", new_password_path %></li>
+        <li><%= link_to "Didn't receive confirmation instructions", new_confirmation_path %></li>
+      <% end %>
+    </ul>          
+          ERB
+        end
+      end
+
+      def add_routes
+        route %(
+          post "sign_up", to: "users#create"
+          get "sign_up", to: "users#new"
+          put "account", to: "users#update"
+          get "account", to: "users#edit"
+          delete "account", to: "users#destroy"
+          resources :confirmations, only: [:create, :edit, :new], param: :confirmation_token
+          post "login", to: "sessions#create"
+          delete "logout", to: "sessions#destroy"
+          get "login", to: "sessions#new"
+          resources :passwords, only: [:create, :edit, :new, :update], param: :password_reset_token
+          resources :active_sessions, only: [:destroy] do
+            collection do
+              delete "destroy_all"
+            end
+          end
+        )
+      end
+
+      def bcrypt_is_commented_out
+        gemfile = path_to("Gemfile")
+
+        File.open(gemfile).each_line do |line|
+          return true if line == '# gem "bcrypt", "~> 3.1.7"'
+        end
+
+        false
+      end
+
+      def configure_hosts
+        application(nil, env: "test") do
+          'config.action_mailer.default_url_options = {host: "example.com"}'
+        end
+        application(nil, env: "development") do
+          'config.action_mailer.default_url_options = {host: "localhost", port: 3000}'
+        end
+      end
+
+      def create_authentication_concern
+        template "authentication.rb", "app/controllers/concerns/authentication.rb"
+      end
+
+      def create_confirmations_controller
+        template "confirmations_controller.rb", "app/controllers/confirmations_controller.rb"
+      end
+
+      def create_confirmation_views
+        template "views/confirmations/new.html.erb", "app/views/confirmations/new.html.erb"
+      end
+
+      def create_current_model
+        template "current.rb", "app/models/current.rb"
+      end
+
+      def create_passwords_controller
+        template "passwords_controller.rb", "app/controllers/passwords_controller.rb"
+      end
+
+      def create_password_views
+        template "views/passwords/new.html.erb", "app/views/passwords/new.html.erb"
+        template "views/passwords/edit.html.erb", "app/views/passwords/edit.html.erb"
+      end
+
+      def create_sessions_controller
+        template "sessions_controller.rb", "app/controllers/sessions_controller.rb"
+      end
+
+      def create_session_views
+        template "views/sessions/new.html.erb", "app/views/sessions/new.html.erb"
+      end
+
+      def create_users_controller
+        template "users_controller.rb", "app/controllers/users_controller.rb"
+      end
+
+      def create_tests
+        template "test/controllers/active_sessions_controller_test.rb", "test/controllers/active_sessions_controller_test.rb"
+        template "test/controllers/confirmations_controller_test.rb", "test/controllers/confirmations_controller_test.rb"
+        template "test/controllers/active_sessions_controller_test.rb", "test/controllers/active_sessions_controller_test.rb"
+        template "test/controllers/passwords_controller_test.rb", "test/controllers/passwords_controller_test.rb"
+        template "test/controllers/sessions_controller_test.rb", "test/controllers/sessions_controller_test.rb"
+        template "test/controllers/users_controller_test.rb", "test/controllers/users_controller_test.rb"
+
+        template "test/integration/friendly_redirects_test.rb", "test/integration/friendly_redirects_test.rb"
+        template "test/integration/user_interface_test.rb", "test/integration/user_interface_test.rb"
+
+        template "test/mailers/previews/user_mailer_preview.rb", "test/mailers/previews/user_mailer_preview.rb"
+        template "test/mailers/user_mailer_test.rb", "test/mailers/user_mailer_test.rb"
+
+        template "test/models/user_test.rb", "test/models/user_test.rb"
+        template "test/models/active_session_test.rb", "test/models/active_session_test.rb"
+
+        template "test/system/logins_test.rb", "test/system/logins_test.rb"
+      end
+
+      def ceate_user_mailer
+        template "user_mailer.rb", "app/mailers/user_mailer.rb"
+      end
+
+      def ceate_user_mailer_views
+        template "views/user_mailer/confirmation.html.erb", "app/views/user_mailer/confirmation.html.erb"
+        template "views/user_mailer/confirmation.text.erb", "app/views/user_mailer/confirmation.text.erb"
+        template "views/user_mailer/password_reset.html.erb", "app/views/user_mailer/password_reset.html.erb"
+        template "views/user_mailer/password_reset.text.erb", "app/views/user_mailer/password_reset.text.erb"
+      end
+
+      def create_user_model
+        template "user.rb", "app/models/user.rb"
+      end
+
+      def create_users_table
+        generate "migration", "create_users_table email:string:index confirmed_at:datetime password_digest:string unconfirmed_email:string"
+      end
+
+      def create_user_views
+        template "views/users/edit.html.erb", "app/views/users/edit.html.erb"
+        template "views/users/new.html.erb", "app/views/users/new.html.erb"
+      end
+
+      def directory_exists(directory)
+        File.directory?(directory)
+      end
+
+      def gemfile
+        path_to("Gemfile")
+      end
+
+      def gemfile_exists
+        File.exist?(gemfile)
+      end
+
+      def modify_application_controller
+        inject_into_file "app/controllers/application_controller.rb", "\tinclude Authentication\n", after: "class ApplicationController < ActionController::Base\n"
+      end
+
+      def modify_test_helper
+        inject_into_class "test/test_helper.rb", "ActiveSupport::TestCase" do
+          <<-RUBY
+  def current_user
+    if session[:current_active_session_id].present?
+      ActiveSession.find_by(id: session[:current_active_session_id])&.user
+    else
+      cookies[:remember_token].present?
+      ActiveSession.find_by(remember_token: cookies[:remember_token])&.user
+    end
+  end
+
+  def login(user, remember_user: nil)
+    post login_path, params: {
+      user: {
+        email: user.email,
+        password: user.password,
+        remember_me: remember_user == true ? 1 : 0
+      }
+    }
+  end
+
+  def logout
+    session.delete(:current_active_session_id)
+  end
+          RUBY
+        end
+      end
+
+      def modify_users_table
+        migration = Dir.glob(Rails.root.join("db/migrate/*")).max_by { |f| File.mtime(f) }
+        gsub_file migration, /t.string :email/, "t.string :email, null: false"
+        gsub_file migration, /t.string :password_digest/, "t.string :password_digest, null: false"
+        gsub_file migration, /add_index :users_tables, :email/, "add_index :users_tables, :email, unique: true"
+      end
+
+      def path_to(path)
+        Rails.root.join(path)
+      end
+
+      def print_instructions
+        readme "README"
+      end
+
+      def using_default_test_suite
+        directory_exists(path_to("test"))
+      end
+    end
+  end
+end

data/lib/generators/rails_mvp_authentication/templates/README

@@ -0,0 +1,7 @@
+========== Setup complete! 🎉  ==========
+
+Next steps 👇
+
+🏗  Run bundle install
+💿  Run rails db:migrate
+🔗  Add a root path in config/routes.rb

data/lib/generators/rails_mvp_authentication/templates/authentication.rb.tt

@@ -0,0 +1,58 @@
+module Authentication
+  extend ActiveSupport::Concern
+
+  included do
+    before_action :current_user
+    helper_method :current_user
+    helper_method :user_signed_in?
+  end
+
+  def authenticate_user!
+    store_location
+    redirect_to login_path, alert: "You need to login to access that page." unless user_signed_in?
+  end
+
+  def login(user)
+    reset_session
+    active_session = user.active_sessions.create!(user_agent: request.user_agent, ip_address: request.ip)
+    session[:current_active_session_id] = active_session.id
+
+    active_session
+  end
+
+  def forget_active_session
+    cookies.delete :remember_token
+  end
+
+  def logout
+    active_session = ActiveSession.find_by(id: session[:current_active_session_id])
+    reset_session
+    active_session.destroy! if active_session.present?
+  end
+
+  def redirect_if_authenticated
+    redirect_to root_path, alert: "You are already logged in." if user_signed_in?
+  end
+
+  def remember(active_session)
+    cookies.permanent.encrypted[:remember_token] = active_session.remember_token
+  end
+
+  private
+
+  def current_user
+    Current.user = if session[:current_active_session_id].present?
+      ActiveSession.find_by(id: session[:current_active_session_id])&.user
+    elsif cookies.permanent.encrypted[:remember_token].present?
+      ActiveSession.find_by(remember_token: cookies.permanent.encrypted[:remember_token])&.user
+    end
+  end
+
+  def user_signed_in?
+    Current.user.present?
+  end
+
+  def store_location
+    session[:user_return_to] = request.original_url if request.get? && request.local?
+  end
+end

data/lib/generators/rails_mvp_authentication/templates/confirmations_controller.rb.tt

@@ -0,0 +1,32 @@
+class ConfirmationsController < ApplicationController
+  before_action :redirect_if_authenticated, only: [:create, :new]
+
+  def create
+    @user = User.find_by(email: params[:user][:email].downcase)
+
+    if @user.present? && @user.unconfirmed?
+      @user.send_confirmation_email!
+      redirect_to root_path, notice: "Check your email for confirmation instructions."
+    else
+      redirect_to new_confirmation_path, alert: "We could not find a user with that email or that email has already been confirmed."
+    end
+  end
+
+  def edit
+    @user = User.find_signed(params[:confirmation_token], purpose: :confirm_email)
+    if @user.present? && @user.unconfirmed_or_reconfirming?
+      if @user.confirm!
+        login @user
+        redirect_to root_path, notice: "Your account has been confirmed."
+      else
+        redirect_to new_confirmation_path, alert: "Something went wrong."
+      end
+    else
+      redirect_to new_confirmation_path, alert: "Invalid token."
+    end
+  end
+
+  def new
+    @user = User.new
+  end
+end

data/lib/generators/rails_mvp_authentication/templates/current.rb.tt

@@ -0,0 +1,3 @@
+class Current < ActiveSupport::CurrentAttributes
+  attribute :user
+end

data/lib/generators/rails_mvp_authentication/templates/passwords_controller.rb.tt

@@ -0,0 +1,52 @@
+class PasswordsController < ApplicationController
+  before_action :redirect_if_authenticated
+
+  def create
+    @user = User.find_by(email: params[:user][:email].downcase)
+    if @user.present?
+      if @user.confirmed?
+        @user.send_password_reset_email!
+        redirect_to root_path, notice: "If that user exists we've sent instructions to their email."
+      else
+        redirect_to new_confirmation_path, alert: "Please confirm your email first."
+      end
+    else
+      redirect_to root_path, notice: "If that user exists we've sent instructions to their email."
+    end
+  end
+
+  def edit
+    @user = User.find_signed(params[:password_reset_token], purpose: :reset_password)
+    if @user.present? && @user.unconfirmed?
+      redirect_to new_confirmation_path, alert: "You must confirm your email before you can sign in."
+    elsif @user.nil?
+      redirect_to new_password_path, alert: "Invalid or expired token."
+    end
+  end
+
+  def new
+  end
+
+  def update
+    @user = User.find_signed(params[:password_reset_token], purpose: :reset_password)
+    if @user
+      if @user.unconfirmed?
+        redirect_to new_confirmation_path, alert: "You must confirm your email before you can sign in."
+      elsif @user.update(password_params)
+        redirect_to login_path, notice: "Sign in."
+      else
+        flash.now[:alert] = @user.errors.full_messages.to_sentence
+        render :edit, status: :unprocessable_entity
+      end
+    else
+      flash.now[:alert] = "Invalid or expired token."
+      render :new, status: :unprocessable_entity
+    end
+  end
+
+  private
+
+  def password_params
+    params.require(:user).permit(:password, :password_confirmation)
+  end
+end

data/lib/generators/rails_mvp_authentication/templates/sessions_controller.rb.tt

@@ -0,0 +1,30 @@
+class SessionsController < ApplicationController
+  before_action :redirect_if_authenticated, only: [:create, :new]
+  before_action :authenticate_user!, only: [:destroy]
+
+  def create
+    @user = User.authenticate_by(email: params[:user][:email].downcase, password: params[:user][:password])
+    if @user
+      if @user.unconfirmed?
+        redirect_to new_confirmation_path, alert: "Incorrect email or password."
+      else
+        after_login_path = session[:user_return_to] || root_path
+        active_session = login @user
+        remember(active_session) if params[:user][:remember_me] == "1"
+        redirect_to after_login_path, notice: "Signed in."
+      end
+    else
+      flash.now[:alert] = "Incorrect email or password."
+      render :new, status: :unprocessable_entity
+    end
+  end
+
+  def destroy
+    forget_active_session
+    logout
+    redirect_to root_path, notice: "Signed out."
+  end
+
+  def new
+  end
+end

data/lib/generators/rails_mvp_authentication/templates/test/controllers/active_sessions_controller_test.rb.tt

@@ -0,0 +1,68 @@
+require "test_helper"
+
+class ActiveSessionsControllerTest < ActionDispatch::IntegrationTest
+  setup do
+    @confirmed_user = User.create!(email: "confirmed_user@example.com", password: "password", password_confirmation: "password", confirmed_at: Time.current)
+  end
+
+  test "should destroy all active sessions" do
+    login @confirmed_user
+    @confirmed_user.active_sessions.create!
+
+    assert_difference("ActiveSession.count", -2) do
+      delete destroy_all_active_sessions_path
+    end
+
+    assert_redirected_to root_path
+    assert_nil current_user
+    assert_not_nil flash[:notice]
+  end
+
+  test "should destroy all active sessions and forget active sessions" do
+    login @confirmed_user, remember_user: true
+    @confirmed_user.active_sessions.create!
+
+    assert_difference("ActiveSession.count", -2) do
+      delete destroy_all_active_sessions_path
+    end
+
+    assert_nil current_user
+    assert cookies[:remember_token].blank?
+  end
+
+  test "should destroy another session" do
+    login @confirmed_user
+    @confirmed_user.active_sessions.create!
+
+    assert_difference("ActiveSession.count", -1) do
+      delete active_session_path(@confirmed_user.active_sessions.last)
+    end
+
+    assert_redirected_to account_path
+    assert_not_nil current_user
+    assert_not_nil flash[:notice]
+  end
+
+  test "should destroy current session" do
+    login @confirmed_user
+
+    assert_difference("ActiveSession.count", -1) do
+      delete active_session_path(@confirmed_user.active_sessions.last)
+    end
+
+    assert_redirected_to root_path
+    assert_nil current_user
+    assert_not_nil flash[:notice]
+  end
+
+  test "should destroy current session and forget current active session" do
+    login @confirmed_user, remember_user: true
+
+    assert_difference("ActiveSession.count", -1) do
+      delete active_session_path(@confirmed_user.active_sessions.last)
+    end
+
+    assert_nil current_user
+    assert cookies[:remember_token].blank?
+  end
+end