revise_auth 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 93ae9905de3248b59ccc8901f7c86b6201e7f40150293dc1f4c49c973a7c5145
+  data.tar.gz: 4de33a4af773cdcff4ea5a14c40055a89817b4b4acc0214f249740551518284c
+SHA512:
+  metadata.gz: 27dbb6e0796fb42449c83ec90916521104f2849cd4b3ed896aea6ebe72ca0478ac8f5d739c74014de0611f53beaee6b1d2395270cf52f4133b7e18dcee39bba0
+  data.tar.gz: e56b36a7a646737361d0eaa8f6de42353eb24a09ffe26ae6f20b668facf5c4cd45cb009e0397a01495d38bde81dd04d77ebddf5d5ffd373d923bce50464933fd

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright 2023 Chris Oliver
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,28 @@
+# ReviseAuth
+Short description and motivation.
+
+## Usage
+How to use my plugin.
+
+## Installation
+Add this line to your application's Gemfile:
+
+```ruby
+gem "revise_auth"
+```
+
+And then execute:
+```bash
+$ bundle
+```
+
+Or install it yourself as:
+```bash
+$ gem install revise_auth
+```
+
+## Contributing
+Contribution directions go here.
+
+## License
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/Rakefile

@@ -0,0 +1,3 @@
+require "bundler/setup"
+
+require "bundler/gem_tasks"

data/app/controllers/revise_auth/email_controller.rb

@@ -0,0 +1,29 @@
+class ReviseAuth::EmailController < ReviseAuthController
+  before_action :authenticate_user!, except: [:show]
+
+  # GET /profile/email?confirmation_token=abcdef
+  def show
+    if User.find_by(confirmation_token: params[:confirmation_token])&.confirm_email_change
+      flash[:notice] = "Your email address has been successfully confirmed."
+      user_signed_in?
+      redirect_to (user_signed_in? ? profile_path : root_path)
+    else
+      redirect_to root_path, alert: "Unable to confirm email address."
+    end
+  end
+
+  def update
+    if current_user.update(email_params)
+      current_user.send_confirmation_instructions
+      flash[:notice] = "A confirmation email has been sent to #{current_user.unconfirmed_email}"
+    end
+
+    redirect_to profile_path
+  end
+
+  private
+
+  def email_params
+    params.require(:user).permit(:unconfirmed_email)
+  end
+end

data/app/controllers/revise_auth/password_controller.rb

@@ -0,0 +1,17 @@
+class ReviseAuth::PasswordController < ReviseAuthController
+  before_action :validate_current_password, only: [:update]
+
+  def update
+    if current_user.update(password_params)
+      flash[:notice] = "Your password has been changed successfully."
+    end
+
+    redirect_to profile_path
+  end
+
+  private
+
+  def password_params
+    params.require(:user).permit(:password, :password_confirmation)
+  end
+end

data/app/controllers/revise_auth/registrations_controller.rb

@@ -0,0 +1,44 @@
+class ReviseAuth::RegistrationsController < ReviseAuthController
+  before_action :authenticate_user!, except: [:new, :create]
+
+  def new
+    @user = User.new
+  end
+
+  def create
+    @user = User.new(sign_up_params)
+    if @user.save
+      login(@user)
+      redirect_to root_path
+    else
+      render :new, status: :unprocessable_entity
+    end
+  end
+
+  def edit
+  end
+
+  def update
+    if current_user.update(profile_params)
+      redirect_to profile_path, notice: "Account updated successfully."
+    else
+      render :edit, status: :unprocessable_entity
+    end
+  end
+
+  def destroy
+    current_user.destroy
+    logout
+    redirect_to root_path, status: :see_other, alert: I18n.t("revise_auth.account_deleted")
+  end
+
+  private
+
+  def sign_up_params
+    params.require(:user).permit(:name, :email, :password, :password_confirmation)
+  end
+
+  def profile_params
+    params.require(:user).permit(:name)
+  end
+end

data/app/controllers/revise_auth/sessions_controller.rb

@@ -0,0 +1,19 @@
+class ReviseAuth::SessionsController < ReviseAuthController
+  def new
+  end
+
+  def create
+    if user = User.find_by(email: params[:email])&.authenticate(params[:password])
+      login(user)
+      redirect_to root_path
+    else
+      flash[:alert] = I18n.t("revise_auth.invalid_email_or_password")
+      render :new, status: :unprocessable_entity
+    end
+  end
+
+  def destroy
+    logout
+    redirect_to root_path
+  end
+end

data/app/controllers/revise_auth_controller.rb

@@ -0,0 +1,8 @@
+class ReviseAuthController < ApplicationController
+  def validate_current_password
+    unless current_user.authenticate(params[:current_password])
+      flash[:alert] = "Your current password is incorrect. Please try again."
+      render :edit, status: :unprocessable_entity
+    end
+  end
+end

data/app/mailers/revise_auth/mailer.rb

@@ -0,0 +1,5 @@
+class ReviseAuth::Mailer < ApplicationMailer
+  def confirm_email
+    mail to: params[:user].unconfirmed_email
+  end
+end

data/app/views/revise_auth/mailer/confirm_email.html.erb

@@ -0,0 +1,7 @@
+<p>Welcome <%= params[:user].unconfirmed_email %>!</p>
+
+<p>You can confirm your account email through the link below:</p>
+
+<p><%= link_to 'Confirm my account', profile_email_url(confirmation_token: params[:user].confirmation_token) %></p>
+
+<p>This link will expire in 24 hours.</p>

data/app/views/revise_auth/registrations/edit.html.erb

@@ -0,0 +1,71 @@
+<h1>Profile</h1>
+
+<%= form_with model: current_user, url: profile_email_path do |form| %>
+  <fieldset>
+    <legend>Change Email Address</legend>
+
+    <% if current_user.unconfirmed_email? %>
+      <p>Waiting for confirmation of <%= current_user.unconfirmed_email %></p>
+    <% end %>
+
+    <% if form.object.errors.any? %>
+      <ul>
+        <% form.object.errors.full_messages.each do |message| %>
+          <li><%= message %></li>
+        <% end %>
+      </ul>
+    <% end %>
+
+    <p>Your email address is: <%= current_user.email %>
+    <p>To change your email, we will send a confirmation email to your new address to complete the change.</p>
+
+    <div>
+      <%= form.label :unconfirmed_email, "Email address" %>
+      <%= form.email_field :unconfirmed_email, required: true %>
+    </div>
+
+    <div>
+      <%= form.button "Save Changes" %>
+    </div>
+  </fieldset>
+<% end %>
+
+<%= form_with model: current_user, url: profile_password_path do |form| %>
+  <fieldset>
+    <legend>Change Password</legend>
+
+    <% if form.object.errors.any? %>
+      <ul>
+        <% form.object.errors.full_messages.each do |message| %>
+          <li><%= message %></li>
+        <% end %>
+      </ul>
+    <% end %>
+
+    <div>
+      <%= label_tag :current_password %>
+      <%= password_field_tag :current_password, nil, required: true %>
+    </div>
+
+    <div>
+      <%= form.label :password, "New password" %>
+      <%= form.password_field :password, required: true %>
+    </div>
+
+    <div>
+      <%= form.label :password_confirmation %>
+      <%= form.password_field :password_confirmation, required: true %>
+    </div>
+
+    <div>
+      <%= form.button "Save Changes" %>
+    </div>
+  </fieldset>
+<% end %>
+
+<%= form_with url: profile_path, method: :delete do |form| %>
+  <fieldset>
+    <legend>Delete my account</legend>
+    <%= form.button "Delete account", data: { turbo_confirm: "Are you sure?" } %>
+  </fieldset>
+<% end %>

data/app/views/revise_auth/registrations/new.html.erb

@@ -0,0 +1,30 @@
+<h1>Sign Up</h1>
+
+<%= form_with model: @user, url: sign_up_path do |form| %>
+  <% if form.object.errors.any? %>
+    <ul>
+      <% form.object.errors.full_messages.each do |message| %>
+        <li><%= message %></li>
+      <% end %>
+    </ul>
+  <% end %>
+
+  <div>
+    <%= form.label :email %>
+    <%= form.email_field :email, required: true, autofocus: true %>
+  </div>
+
+  <div>
+    <%= form.label :password %>
+    <%= form.password_field :password, required: true %>
+  </div>
+
+  <div>
+    <%= form.label :password_confirmation %>
+    <%= form.password_field :password_confirmation, required: true %>
+  </div>
+
+  <div>
+    <%= form.button "Sign Up" %>
+  </div>
+<% end %>

data/app/views/revise_auth/sessions/new.html.erb

@@ -0,0 +1,17 @@
+<h1>Log in</h1>
+
+<%= form_with url: login_path do |form| %>
+  <div>
+    <%= form.label :email %>
+    <%= form.email_field :email, required: true, autofocus: true %>
+  </div>
+
+  <div>
+    <%= form.label :password %>
+    <%= form.password_field :password, required: true %>
+  </div>
+
+  <div>
+    <%= form.button "Login" %>
+  </div>
+<% end %>

data/config/locales/en.yml

@@ -0,0 +1,6 @@
+en:
+  revise_auth:
+    account_deleted: "Your account has been deleted."
+    invalid_email_or_password: "Invalid email or password."
+    sign_up_or_login: "Sign up or log in to continue."
+

data/config/routes.rb

@@ -0,0 +1,20 @@
+Rails.application.routes.draw do
+  scope module: :revise_auth do
+    get "sign_up", to: "registrations#new"
+    post "sign_up", to: "registrations#create"
+
+    get "login", to: "sessions#new"
+    post "login", to: "sessions#create"
+
+    get "profile", to: "registrations#edit"
+    patch "profile", to: "registrations#update"
+    delete "profile", to: "registrations#destroy"
+
+    patch "profile/email", to: "email#update"
+    patch "profile/password", to: "password#update"
+
+    get "profile/email", to: "email#show"
+
+    delete "logout", to: "sessions#destroy"
+  end
+end

data/lib/revise_auth/engine.rb

@@ -0,0 +1,9 @@
+module ReviseAuth
+  class Engine < ::Rails::Engine
+    initializer "revise_auth.controller" do
+      ActiveSupport.on_load(:action_controller_base) do
+        include ReviseAuth::Authentication
+      end
+    end
+  end
+end

data/lib/revise_auth/model.rb

@@ -0,0 +1,45 @@
+module ReviseAuth
+  module Model
+    extend ActiveSupport::Concern
+
+    included do
+      has_secure_password
+      has_secure_token :confirmation_token
+
+      validates :email, format: {with: URI::MailTo::EMAIL_REGEXP}, presence: true, uniqueness: true
+      validates :unconfirmed_email, format: {with: URI::MailTo::EMAIL_REGEXP}, allow_blank: true
+
+      before_save do
+        self.email = email.downcase
+        self.unconfirmed_email = unconfirmed_email&.downcase
+      end
+    end
+
+    # Generates a confirmation token and send email to the user
+    def send_confirmation_instructions
+      update!(
+        confirmation_token: self.class.generate_unique_secure_token(length: ActiveRecord::SecureToken::MINIMUM_TOKEN_LENGTH),
+        confirmation_sent_at: Time.current
+      )
+      ReviseAuth::Mailer.with(user: self).confirm_email.deliver_later
+    end
+
+    # Confirms an email address change
+    def confirm_email_change
+      if confirmation_period_expired?
+        false
+      else
+        update(
+          confirmed_at: Time.current,
+          email: unconfirmed_email,
+          unconfirmed_email: nil
+        )
+      end
+    end
+
+    # Checks whether the confirmation token is within the valid time
+    def confirmation_period_expired?
+      confirmation_sent_at.before?(1.day.ago)
+    end
+  end
+end

data/lib/revise_auth/version.rb

@@ -0,0 +1,3 @@
+module ReviseAuth
+  VERSION = "0.1.0"
+end

data/lib/revise_auth.rb

@@ -0,0 +1,65 @@
+require "revise_auth/version"
+require "revise_auth/engine"
+
+module ReviseAuth
+  autoload :Model, "revise_auth/model"
+
+  module Authentication
+    # Provides methods for controllers and views for authentication
+    #
+    extend ActiveSupport::Concern
+
+    included do
+      helper_method :user_signed_in?
+      helper_method :current_user
+    end
+
+    # Returns a boolean whether the user is signed in or not
+    def user_signed_in?
+      !!current_user
+    end
+
+    # Authenticates the user if not already authenticated
+    # Returns a User or nil
+    def current_user
+      Current.user ||= authenticate_user
+    end
+
+    # Authenticates a user or redirects to the login page
+    def authenticate_user!
+      redirect_to login_path, alert: I18n.t("revise_auth.sign_up_or_login") unless user_signed_in?
+    end
+
+    # Authenticates the current user
+    # - from session cookie
+    # - (future) from Authorization header
+    def authenticate_user
+      Current.user = authenticated_user_from_session
+    end
+
+    # Returns a user from session cookie
+    def authenticated_user_from_session
+      user_id = session[:user_id]
+      return unless user_id
+      User.find_by(id: user_id)
+    end
+
+    # Logs in the user
+    # - Set Current.user for the current request
+    # - Save a session cookie so the next request is authenticated
+    def login(user)
+      Current.user = user
+      session[:user_id] = user.id
+    end
+
+    def logout
+      Current.user = nil
+      session.delete(:user_id)
+    end
+  end
+
+  class Current < ActiveSupport::CurrentAttributes
+    # Stores the current user for the request
+    attribute :user
+  end
+end

data/lib/tasks/revise_auth_tasks.rake

@@ -0,0 +1,4 @@
+# desc "Explaining what the task does"
+# task :revise_auth do
+#   # Task goes here
+# end

metadata

@@ -0,0 +1,91 @@
+--- !ruby/object:Gem::Specification
+name: revise_auth
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Chris Oliver
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2023-01-12 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 7.0.4
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 7.0.4
+- !ruby/object:Gem::Dependency
+  name: bcrypt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.1'
+description: Hotwire compatible authentication for Ruby on Rails apps
+email:
+- excid3@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- MIT-LICENSE
+- README.md
+- Rakefile
+- app/controllers/revise_auth/email_controller.rb
+- app/controllers/revise_auth/password_controller.rb
+- app/controllers/revise_auth/registrations_controller.rb
+- app/controllers/revise_auth/sessions_controller.rb
+- app/controllers/revise_auth_controller.rb
+- app/mailers/revise_auth/mailer.rb
+- app/views/revise_auth/mailer/confirm_email.html.erb
+- app/views/revise_auth/registrations/edit.html.erb
+- app/views/revise_auth/registrations/new.html.erb
+- app/views/revise_auth/sessions/new.html.erb
+- config/locales/en.yml
+- config/routes.rb
+- lib/revise_auth.rb
+- lib/revise_auth/engine.rb
+- lib/revise_auth/model.rb
+- lib/revise_auth/version.rb
+- lib/tasks/revise_auth_tasks.rake
+homepage: https://github.com/excid3/revise_auth
+licenses:
+- MIT
+metadata: {}
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.4.3
+signing_key:
+specification_version: 4
+summary: Simple authentication for Ruby on Rails apps
+test_files: []