rails_simple_auth 1.0.3 → 1.0.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +18 -0
- data/README.md +86 -8
- data/lib/rails_simple_auth/engine.rb +8 -0
- data/lib/rails_simple_auth/model.rb +49 -0
- data/lib/rails_simple_auth/version.rb +1 -1
- metadata +2 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: fd84335df56b3bc4fbb386f841bfb66bc74eadae1dc3864873bcda904a946cd2
|
|
4
|
+
data.tar.gz: 00d31290be4bdccf36c5f9a326896e9506936f6b122f9298f53fabc0aadcd8a3
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 2c0cf144576a950a1aff4a1958197b9ef93a3edc405bf1de36339f3effed3c09087158b821f6e2c7617af9b9ae9b3ef184783b08c9428da0df65d79ac5a2ba3e
|
|
7
|
+
data.tar.gz: 0cc8bd3f8ce5094910f25daf12496f1efe6f447d3ee22f3744ad47d7ff4b65ad46209ecd2004fe9024f2fcad85c38efb6478261bd408251f728aad1c2fc89824
|
data/CHANGELOG.md
CHANGED
|
@@ -7,6 +7,24 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|
|
7
7
|
|
|
8
8
|
## [Unreleased]
|
|
9
9
|
|
|
10
|
+
## [1.0.4] - 2025-01-19
|
|
11
|
+
|
|
12
|
+
### Added
|
|
13
|
+
|
|
14
|
+
- **`authenticates_with` DSL** - Cleaner model setup inspired by Devise syntax
|
|
15
|
+
```ruby
|
|
16
|
+
# Before
|
|
17
|
+
include RailsSimpleAuth::Models::Concerns::Authenticatable
|
|
18
|
+
include RailsSimpleAuth::Models::Concerns::Confirmable
|
|
19
|
+
|
|
20
|
+
# After
|
|
21
|
+
authenticates_with :confirmable, :magic_linkable, :oauth, :temporary
|
|
22
|
+
```
|
|
23
|
+
- **Devise comparison article** - Comprehensive comparison at `docs/devise-comparison.md`
|
|
24
|
+
- **Admin Users documentation** - Guide for implementing admin functionality
|
|
25
|
+
- **Rate Limiting documentation** - Default limits and customization guide
|
|
26
|
+
- **Session Management documentation** - Expiration, querying, and cleanup
|
|
27
|
+
|
|
10
28
|
## [1.0.3] - 2025-01-19
|
|
11
29
|
|
|
12
30
|
### Added
|
data/README.md
CHANGED
|
@@ -2,6 +2,8 @@
|
|
|
2
2
|
|
|
3
3
|
Simple, secure authentication for Rails 8+ applications. Built on Rails primitives with no magic.
|
|
4
4
|
|
|
5
|
+
**Coming from Devise?** Read our [detailed comparison](docs/devise-comparison.md).
|
|
6
|
+
|
|
5
7
|
## Features
|
|
6
8
|
|
|
7
9
|
- [**Email/Password authentication**](#installation) - secure session-based auth
|
|
@@ -36,20 +38,31 @@ rails generate rails_simple_auth:install
|
|
|
36
38
|
rails db:migrate
|
|
37
39
|
```
|
|
38
40
|
|
|
39
|
-
Add
|
|
41
|
+
Add authentication to your User model:
|
|
40
42
|
|
|
41
43
|
```ruby
|
|
42
44
|
class User < ApplicationRecord
|
|
43
|
-
|
|
44
|
-
include RailsSimpleAuth::Models::Concerns::Confirmable # optional
|
|
45
|
-
include RailsSimpleAuth::Models::Concerns::MagicLinkable # optional
|
|
46
|
-
include RailsSimpleAuth::Models::Concerns::OAuthConnectable # optional
|
|
45
|
+
authenticates_with :confirmable, :magic_linkable, :oauth, :temporary
|
|
47
46
|
|
|
48
47
|
# Your custom fields and validations
|
|
49
48
|
validates :company_name, presence: true
|
|
50
49
|
end
|
|
51
50
|
```
|
|
52
51
|
|
|
52
|
+
Available modules:
|
|
53
|
+
- `:confirmable` - Email confirmation for new accounts
|
|
54
|
+
- `:magic_linkable` - Passwordless sign-in via email
|
|
55
|
+
- `:oauth` - OAuth provider support (Google, GitHub, etc.)
|
|
56
|
+
- `:temporary` - Guest accounts that convert to permanent
|
|
57
|
+
|
|
58
|
+
For basic email/password auth only:
|
|
59
|
+
|
|
60
|
+
```ruby
|
|
61
|
+
class User < ApplicationRecord
|
|
62
|
+
authenticates_with
|
|
63
|
+
end
|
|
64
|
+
```
|
|
65
|
+
|
|
53
66
|
Protect your routes:
|
|
54
67
|
|
|
55
68
|
```ruby
|
|
@@ -228,12 +241,11 @@ rails generate rails_simple_auth:temporary_users
|
|
|
228
241
|
rails db:migrate
|
|
229
242
|
```
|
|
230
243
|
|
|
231
|
-
2. Add the
|
|
244
|
+
2. Add the `:temporary` module to your User model:
|
|
232
245
|
|
|
233
246
|
```ruby
|
|
234
247
|
class User < ApplicationRecord
|
|
235
|
-
|
|
236
|
-
include RailsSimpleAuth::Models::Concerns::TemporaryUser # Add this
|
|
248
|
+
authenticates_with :confirmable, :temporary
|
|
237
249
|
end
|
|
238
250
|
```
|
|
239
251
|
|
|
@@ -587,6 +599,72 @@ end
|
|
|
587
599
|
- **Account conversion**: All sessions are invalidated when a temporary user converts to permanent
|
|
588
600
|
- **Sign out**: Only the current session is destroyed (other devices stay signed in)
|
|
589
601
|
|
|
602
|
+
## Admin Users
|
|
603
|
+
|
|
604
|
+
RailsSimpleAuth uses a single table with role-based access — the Rails way. No separate admin models or authentication flows needed.
|
|
605
|
+
|
|
606
|
+
### Setup
|
|
607
|
+
|
|
608
|
+
Add an admin column to your users table:
|
|
609
|
+
|
|
610
|
+
```ruby
|
|
611
|
+
# Migration
|
|
612
|
+
add_column :users, :admin, :boolean, default: false
|
|
613
|
+
```
|
|
614
|
+
|
|
615
|
+
Add a helper method to your model:
|
|
616
|
+
|
|
617
|
+
```ruby
|
|
618
|
+
class User < ApplicationRecord
|
|
619
|
+
authenticates_with :confirmable
|
|
620
|
+
|
|
621
|
+
def admin?
|
|
622
|
+
admin == true
|
|
623
|
+
end
|
|
624
|
+
end
|
|
625
|
+
```
|
|
626
|
+
|
|
627
|
+
### Protecting Admin Routes
|
|
628
|
+
|
|
629
|
+
```ruby
|
|
630
|
+
class AdminController < ApplicationController
|
|
631
|
+
before_action :require_admin
|
|
632
|
+
|
|
633
|
+
private
|
|
634
|
+
|
|
635
|
+
def require_admin
|
|
636
|
+
redirect_to root_path, alert: "Not authorized" unless current_user&.admin?
|
|
637
|
+
end
|
|
638
|
+
end
|
|
639
|
+
|
|
640
|
+
# Or as a concern
|
|
641
|
+
module AdminAuthentication
|
|
642
|
+
extend ActiveSupport::Concern
|
|
643
|
+
|
|
644
|
+
included do
|
|
645
|
+
before_action :require_admin
|
|
646
|
+
end
|
|
647
|
+
|
|
648
|
+
private
|
|
649
|
+
|
|
650
|
+
def require_admin
|
|
651
|
+
redirect_to root_path, alert: "Not authorized" unless current_user&.admin?
|
|
652
|
+
end
|
|
653
|
+
end
|
|
654
|
+
```
|
|
655
|
+
|
|
656
|
+
### Creating Admin Users
|
|
657
|
+
|
|
658
|
+
```ruby
|
|
659
|
+
# Console
|
|
660
|
+
User.find_by(email: "admin@example.com").update!(admin: true)
|
|
661
|
+
|
|
662
|
+
# Seeds
|
|
663
|
+
User.create!(email: "admin@example.com", password: "secure123", admin: true)
|
|
664
|
+
```
|
|
665
|
+
|
|
666
|
+
For more complex role systems, consider adding a `role` enum or using an authorization gem like [Pundit](https://github.com/varvet/pundit).
|
|
667
|
+
|
|
590
668
|
## Security Features
|
|
591
669
|
|
|
592
670
|
- **BCrypt password hashing** with salts
|
|
@@ -1,5 +1,7 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
|
+
require 'rails_simple_auth/model'
|
|
4
|
+
|
|
3
5
|
module RailsSimpleAuth
|
|
4
6
|
class Engine < ::Rails::Engine
|
|
5
7
|
isolate_namespace RailsSimpleAuth
|
|
@@ -14,5 +16,11 @@ module RailsSimpleAuth
|
|
|
14
16
|
include RailsSimpleAuth::Controllers::Concerns::SessionManagement
|
|
15
17
|
end
|
|
16
18
|
end
|
|
19
|
+
|
|
20
|
+
initializer 'rails_simple_auth.model' do
|
|
21
|
+
ActiveSupport.on_load(:active_record) do
|
|
22
|
+
include RailsSimpleAuth::Model
|
|
23
|
+
end
|
|
24
|
+
end
|
|
17
25
|
end
|
|
18
26
|
end
|
|
@@ -0,0 +1,49 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module RailsSimpleAuth
|
|
4
|
+
module Model
|
|
5
|
+
extend ActiveSupport::Concern
|
|
6
|
+
|
|
7
|
+
MODULES = {
|
|
8
|
+
confirmable: 'RailsSimpleAuth::Models::Concerns::Confirmable',
|
|
9
|
+
magic_linkable: 'RailsSimpleAuth::Models::Concerns::MagicLinkable',
|
|
10
|
+
oauth: 'RailsSimpleAuth::Models::Concerns::OAuthConnectable',
|
|
11
|
+
temporary: 'RailsSimpleAuth::Models::Concerns::TemporaryUser'
|
|
12
|
+
}.freeze
|
|
13
|
+
|
|
14
|
+
class_methods do
|
|
15
|
+
# Configure authentication for this model
|
|
16
|
+
#
|
|
17
|
+
# @example Basic authentication only
|
|
18
|
+
# authenticates_with
|
|
19
|
+
#
|
|
20
|
+
# @example With optional modules
|
|
21
|
+
# authenticates_with :confirmable, :magic_linkable
|
|
22
|
+
#
|
|
23
|
+
# @example Full featured
|
|
24
|
+
# authenticates_with :confirmable, :magic_linkable, :oauth, :temporary
|
|
25
|
+
#
|
|
26
|
+
# Available modules:
|
|
27
|
+
# - :confirmable - Email confirmation for new accounts
|
|
28
|
+
# - :magic_linkable - Passwordless sign-in via email
|
|
29
|
+
# - :oauth - OAuth provider support (Google, GitHub, etc.)
|
|
30
|
+
# - :temporary - Guest accounts that convert to permanent
|
|
31
|
+
#
|
|
32
|
+
def authenticates_with(*modules)
|
|
33
|
+
# Always include base authentication
|
|
34
|
+
include RailsSimpleAuth::Models::Concerns::Authenticatable
|
|
35
|
+
|
|
36
|
+
# Include requested optional modules
|
|
37
|
+
modules.each do |mod|
|
|
38
|
+
mod_name = mod.to_sym
|
|
39
|
+
unless MODULES.key?(mod_name)
|
|
40
|
+
raise ArgumentError, "Unknown authentication module: #{mod.inspect}. " \
|
|
41
|
+
"Available modules: #{MODULES.keys.join(', ')}"
|
|
42
|
+
end
|
|
43
|
+
|
|
44
|
+
include MODULES[mod_name].constantize
|
|
45
|
+
end
|
|
46
|
+
end
|
|
47
|
+
end
|
|
48
|
+
end
|
|
49
|
+
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rails_simple_auth
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.0.
|
|
4
|
+
version: 1.0.4
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Ivan Kuznetsov
|
|
@@ -82,6 +82,7 @@ files:
|
|
|
82
82
|
- lib/rails_simple_auth/controllers/concerns/authentication.rb
|
|
83
83
|
- lib/rails_simple_auth/controllers/concerns/session_management.rb
|
|
84
84
|
- lib/rails_simple_auth/engine.rb
|
|
85
|
+
- lib/rails_simple_auth/model.rb
|
|
85
86
|
- lib/rails_simple_auth/models/concerns/authenticatable.rb
|
|
86
87
|
- lib/rails_simple_auth/models/concerns/confirmable.rb
|
|
87
88
|
- lib/rails_simple_auth/models/concerns/magic_linkable.rb
|