revise_auth 0.1.1 → 0.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 44700fedfef11f40ec472b5a3577f9660b04acdde4aa8606a2a2c5e3856c0c09
-  data.tar.gz: a76df3e4eeb13822e6b341c49ede1a24a1e78de920d10cf960f1e1e0f4ec360f
+  metadata.gz: 9fac687711be2bb236ceab0cb252c397a71775ccd00bf3e2b77ab61888555d16
+  data.tar.gz: 4ce79cc15599316b649ea7e8ef3c1c54cd1c74f4ce0bb26685932b7c4c4e3303
 SHA512:
-  metadata.gz: 0b61d98ca68462aaa3adf426c4697ea309487c86dd18ab025d97da78a6835103fce342c275e47500b012f653b8fa5b619085996247a2644a5466c19142d98d3b
-  data.tar.gz: 8113dba96e39b285e32007e872de8028e579326e04b8f068e1dcc6d60d0fbb49d3f1116c8469eb105f6b52f1523ceae4c0324b09f2474c83ef6c6818588f1a80
+  metadata.gz: 9cb6ca3ca5f50d741c5e5ee319f438f1912496ab4c1f025c6225f6b6297f5dc94b06d025ed2f95e75bc56f8dc2915e81f8cf05af2faa08fc8dc537f811fc0428
+  data.tar.gz: 5c861bee5d4506055a967a8d755ac6b3959ccdcd5b399544f00444330ef52fa99e83abe536bed22be4868fca47202332bec38e8dfa0ad75a442acfb11798d296

data/README.md

@@ -1,28 +1,57 @@
 # ReviseAuth
-Short description and motivation.
 
-## Usage
-How to use my plugin.
+[![Gem Version](https://badge.fury.io/rb/revise_auth.svg)](https://badge.fury.io/rb/revise_auth)
+
+A pure Ruby on Rails authentication system like Devise.
 
 ## Installation
+
 Add this line to your application's Gemfile:
 
 ```ruby
-gem "revise_auth"
+bundle add "revise_auth"
 ```
 
-And then execute:
+And then execute the following to generate a `User` model (optionally adding other fields such as `first_name` and `last_name`):
 ```bash
-$ bundle
+$ rails g revise_auth:model first_name last_name
+$ rails db:migrate
 ```
 
-Or install it yourself as:
+## Usage
+
+ReviseAuth is designed around a single `User` model.
+
+### Roles / Other User Types
+
+ReviseAuth only works with a single model to keep things simple. We recommend adding roles to handle other types of users.
+
+You can accomplish this in a few different ways:
+
+* A `roles` attribute on the `User` model
+* The Rolify gem
+
+## Customizing
+
+To customize views, you can run:
+
 ```bash
-$ gem install revise_auth
+$ rails g revise_auth:views
 ```
 
+This will copy the views into `app/views/revise_auth` in your application.
+
 ## Contributing
-Contribution directions go here.
+
+If you have an issue you'd like to submit, please do so using the issue tracker in GitHub. In order for us to help you in the best way possible, please be as detailed as you can.
+
+If you'd like to open a PR please make sure the following things pass:
+
+```bash
+bin/rails db:test:prepare
+bin/rails test
+bundle exec standardrb
+```
 
 ## License
 The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/Rakefile

@@ -1,3 +1,18 @@
 require "bundler/setup"
-
 require "bundler/gem_tasks"
+require "rake/testtask"
+
+APP_RAKEFILE = File.expand_path("test/dummy/Rakefile", __dir__)
+load "rails/tasks/engine.rake"
+load "rails/tasks/statistics.rake"
+
+desc "Run tests"
+Rake::TestTask.new(:test) do |t|
+  t.libs << "lib"
+  t.libs << "test"
+  t.pattern = "test/**/*_test.rb"
+  t.verbose = true
+  t.warning = false
+end
+
+task default: :test

data/app/controllers/revise_auth/email_controller.rb

@@ -6,7 +6,7 @@ class ReviseAuth::EmailController < ReviseAuthController
     if User.find_by(confirmation_token: params[:confirmation_token])&.confirm_email_change
       flash[:notice] = I18n.t("revise_auth.email_confirmed")
       user_signed_in?
-      redirect_to (user_signed_in? ? profile_path : root_path)
+      redirect_to(user_signed_in? ? profile_path : root_path)
     else
       redirect_to root_path, alert: I18n.t("revise_auth.email_confirm_failed")
     end

data/app/controllers/revise_auth/sessions_controller.rb

@@ -3,7 +3,7 @@ class ReviseAuth::SessionsController < ReviseAuthController
   end
 
   def create
-    if user = User.find_by(email: params[:email])&.authenticate(params[:password])
+    if (user = User.authenticate_by(email: params[:email], password: params[:password]))
       login(user)
       redirect_to root_path
     else

data/app/controllers/revise_auth_controller.rb

@@ -1,2 +1,10 @@
 class ReviseAuthController < ApplicationController
+  # Return true if it's a revise_auth_controller. false to all controllers unless
+  # the controllers defined inside revise_auth. Useful if you want to apply a before
+  # filter to all controllers, except the ones in revise_auth:
+  #
+  #   before_action :authenticate_user!, except: :revise_auth_controller?
+  def revise_auth_controller?
+    is_a?(::ReviseAuthController)
+  end
 end

data/config/locales/de.yml

@@ -0,0 +1,16 @@
+de:
+  revise_auth:
+    account_deleted: "Dein Account wurde gelöscht." 
+    account_updated: "Account wurde erfolgreich aktualisiert." 
+
+    invalid_email_or_password: "Ungültige Email oder Passwort." 
+    sign_up_or_login: "Registrieren oder anmelden um fortzufahren." 
+
+    # Password changes
+    password_changed: "Dein Passwort wurde erfolgreich geändert."  
+    incorrect_password: "Das Passwort ist ungültig. Bitte versuche es erneut." 
+
+    # Email confirmations
+    email_confirmed: "Deine Email wurde erfogreich bestätigt."  
+    email_confirm_failed: "Email Adresse kann nicht bestätigt werden." 
+    confirmation_email_sent: "Eine Bestätigungsemail wurde versandt an %{email}" 

data/config/locales/el.yml

@@ -0,0 +1,16 @@
+el:
+  revise_auth:
+    account_deleted: "Ο λογαριασμός σας έχει διαγραφεί."
+    account_updated: "Ο λογαριασμός σας έχει ενημερωθεί επιτυχώς."
+
+    invalid_email_or_password: "Μη έγκυρο email ή κωδικός πρόσβασης."
+    sign_up_or_login: "Εγγραφείτε ή συνδεθείτε για να συνεχίσετε."
+
+    # Password changes
+    password_changed: "Ο κωδικός πρόσβασής σας άλλαξε με επιτυχία."
+    incorrect_password: "Ο τρέχων κωδικός πρόσβασής σας είναι λανθασμένος. Παρακαλώ δοκιμάστε ξανά."
+
+    # Email confirmations
+    email_confirmed: "Η διεύθυνση email σας επιβεβαιώθηκε επιτυχώς."
+    email_confirm_failed: "Δεν είναι δυνατή η επιβεβαίωση της διεύθυνσης email."
+    confirmation_email_sent: "Ένα email επιβεβαίωσης έχει σταλεί στο %{email}"

data/config/locales/fr.yml

@@ -0,0 +1,16 @@
+fr:
+  revise_auth:
+    account_deleted: "Votre compte a été supprimé."
+    account_updated: "Votre compte a été mis à jour."
+
+    invalid_email_or_password: "Email ou mot de passe incorrect."
+    sign_up_or_login: "Vous devez être connecté ou vous enregistrer pour continuer."
+
+    # Password changes
+    password_changed: "Votre mot de passe a été mis à jour avec succès."
+    incorrect_password: "Mot de passe incorrect. Merci de réessayer"
+
+    # Email confirmations
+    email_confirmed: "Votre adresse email vient d'être confirmé."
+    email_confirm_failed: "Impossible de confirmer votre adresse email."
+    confirmation_email_sent: "Un email de confirmation vient d'être envoyé à %{email}"

data/config/locales/nl.yml

@@ -0,0 +1,16 @@
+nl:
+    revise_auth:
+        account_deleted: "Uw account is verwijderd."
+        account_updated: "Account succesvol bijgewerkt."
+
+        invalid_email_of_password: "Ongeldige e-mail of wachtwoord."
+        sign_up_or_login: "Aanmelden of inloggen om door te gaan."
+
+        # Password changes
+        password_changed: "Uw wachtwoord is succesvol gewijzigd."
+        incorrect_password: "Uw huidige wachtwoord is onjuist. Probeer het opnieuw."
+
+        # E-mail confirmations
+        email_confirmed: "Uw e-mailadres is succesvol bevestigd."
+        email_confirm_failed: "E-mailadres bevestigen niet mogelijk."
+        confirmation_email_sent: "Er is een bevestigingsmail verzonden naar %{email}"

data/config/locales/tr.yml

@@ -0,0 +1,16 @@
+tr:
+  revise_auth:
+    account_deleted: "Hesabınız silindi."
+    account_updated: "Hesap başarıyla güncellendi."
+
+    invalid_email_or_password: "Geçersiz e-posta veya şifre."
+    sign_up_or_login: "Devam etmek için kaydol veya giriş yap."
+
+    # Password changes
+    password_changed: "Şifreniz başarıyla güncellendi."
+    incorrect_password: "Şu anki şifreniz yanlış. Lütfen tekrar deneyiniz."
+
+    # Email confirmations
+    email_confirmed: "E-posta adresiniz başarıyla onaylandı."
+    email_confirm_failed: "E-posta adresi doğrulanamıyor."
+    confirmation_email_sent: "%{email} adresine onay e-postası gönderildi."

data/config/locales/zh-TW.yml

@@ -0,0 +1,16 @@
+zh-TW:
+  revise_auth:
+    account_deleted: "您的帳號已經被刪除"
+    account_updated: "帳號更新成功"
+
+    invalid_email_or_password: "錯誤的信箱或是密碼"
+    sign_up_or_login: "需要註冊或是登入才能進行"
+
+    # Password changes
+    password_changed: "您的密碼已經成功地更新"
+    incorrect_password: "您現在輸入的密碼不正確, 請重新嘗試"
+
+    # Email confirmations
+    email_confirmed: "您的電子信箱已經成功地通過驗證"
+    email_confirm_failed: "無法驗證您的電子信箱"
+    confirmation_email_sent: "電子信箱驗證信已寄往 %{email}"

data/lib/generators/revise_auth/model_generator.rb

@@ -0,0 +1,58 @@
+module ReviseAuth
+  module Generators
+    class ModelGenerator < Rails::Generators::NamedBase
+      include Rails::Generators::ResourceHelpers
+
+      desc "Generates a model for authentication, default User"
+
+      source_root File.expand_path("templates", __dir__)
+
+      argument :name, required: false, default: "User"
+      argument :attributes, type: :array, default: [], banner: "field:type field:type"
+
+      def initialize(args, *options)
+        @original_attributes = args[1..] || []
+        super
+      end
+
+      def generate_model
+        generate :model, name, *model_attributes
+      end
+
+      def add_revise_auth_model
+        inject_into_class model_path, class_name, "  include ReviseAuth::Model\n"
+      end
+
+      def add_uniq_to_email_index
+        insert_into_file migration_path, after: "#{name.downcase.pluralize}, :email", force: true do
+          ", unique: true"
+        end
+      end
+
+      def done
+        readme "README" if behavior == :invoke
+      end
+
+      private
+
+      def migration_path
+        @migration_path ||= Dir.glob(Rails.root.join("db/migrate/*")).max_by { |f| File.mtime(f) }
+      end
+
+      def model_path
+        @model_path ||= File.join("app", "models", "#{file_path}.rb")
+      end
+
+      def model_attributes
+        [
+          "email:string:index",
+          "password_digest:string",
+          "confirmation_token:string",
+          "confirmed_at:datetime",
+          "confirmation_sent_at:datetime",
+          "unconfirmed_email:string"
+        ] + @original_attributes
+      end
+    end
+  end
+end

data/lib/generators/revise_auth/templates/README

@@ -0,0 +1,4 @@
+🚚 Your Revise auth database model has been generated!
+
+Next step:
+  Run "rails db:migrate"

data/lib/generators/revise_auth/views_generator.rb

@@ -0,0 +1,21 @@
+require "rails/generators"
+
+module ReviseAuth
+  module Generators
+    class ViewsGenerator < Rails::Generators::Base
+      source_root File.expand_path("../../../..", __FILE__)
+
+      class_option :views, aliases: "-v", type: :array, desc: "Select specific view directories to generate (confirmations, passwords, registrations, sessions, unlocks, mailer)"
+
+      def copy_views
+        if options[:views]
+          options[:views].each do |directory|
+            directory "app/views/revise_auth/#{directory}"
+          end
+        else
+          directory "app/views/revise_auth"
+        end
+      end
+    end
+  end
+end

data/lib/revise_auth/authentication.rb

@@ -0,0 +1,56 @@
+module ReviseAuth
+  module Authentication
+    # Provides methods for controllers and views for authentication
+    #
+    extend ActiveSupport::Concern
+
+    included do
+      helper_method :user_signed_in?
+      helper_method :current_user
+    end
+
+    # Returns a boolean whether the user is signed in or not
+    def user_signed_in?
+      !!current_user
+    end
+
+    # Authenticates the user if not already authenticated
+    # Returns a User or nil
+    def current_user
+      Current.user ||= authenticate_user
+    end
+
+    # Authenticates a user or redirects to the login page
+    def authenticate_user!
+      redirect_to login_path, alert: I18n.t("revise_auth.sign_up_or_login") unless user_signed_in?
+    end
+
+    # Authenticates the current user
+    # - from session cookie
+    # - (future) from Authorization header
+    def authenticate_user
+      Current.user = authenticated_user_from_session
+    end
+
+    # Returns a user from session cookie
+    def authenticated_user_from_session
+      user_id = session[:user_id]
+      return unless user_id
+      User.find_by(id: user_id)
+    end
+
+    # Logs in the user
+    # - Set Current.user for the current request
+    # - Save a session cookie so the next request is authenticated
+    def login(user)
+      Current.user = user
+      reset_session
+      session[:user_id] = user.id
+    end
+
+    def logout
+      Current.user = nil
+      reset_session
+    end
+  end
+end

data/lib/revise_auth/backports.rb

@@ -0,0 +1,24 @@
+module ReviseAuth
+  module Backports
+    extend ActiveSupport::Concern
+
+    class_methods do
+      # Prevent timing-based enumeration attacks.
+      # This can be removed when Rails 7.1 is released.
+      def authenticate_by(attributes)
+        passwords, identifiers = attributes.to_h.partition do |name, value|
+          !has_attribute?(name) && has_attribute?("#{name}_digest")
+        end.map(&:to_h)
+
+        raise ArgumentError, "One or more password arguments are required" if passwords.empty?
+        raise ArgumentError, "One or more finder arguments are required" if identifiers.empty?
+        if (record = find_by(identifiers))
+          record if passwords.count { |name, value| record.send(:"authenticate_#{name}", value) } == passwords.size
+        else
+          new(passwords)
+          nil
+        end
+      end
+    end
+  end
+end

data/lib/revise_auth/current.rb

@@ -0,0 +1,6 @@
+module ReviseAuth
+  class Current < ActiveSupport::CurrentAttributes
+    # Stores the current user for the request
+    attribute :user
+  end
+end

data/lib/revise_auth/engine.rb

@@ -1,9 +1,18 @@
 module ReviseAuth
   class Engine < ::Rails::Engine
-    initializer "revise_auth.controller" do
+    initializer :revise_auth_controller do
       ActiveSupport.on_load(:action_controller_base) do
         include ReviseAuth::Authentication
       end
     end
+
+    # Set default session expiration of 30 days if not specified
+    # Runs immediately after Rails defines the default session store
+    # https://github.com/rails/rails/blob/7-0-stable/railties/lib/rails/application/finisher.rb#L43-L49
+    initializer :revise_auth_cookie_session_expiry, after: :setup_default_session_store do |app|
+      if app.config.session_store == ActionDispatch::Session::CookieStore
+        app.config.session_options.with_defaults! expire_after: 30.days
+      end
+    end
   end
 end

data/lib/revise_auth/model.rb

@@ -3,15 +3,18 @@ module ReviseAuth
     extend ActiveSupport::Concern
 
     included do
+      include Backports if Rails.gem_version < Gem::Version.new("7.1")
+
       has_secure_password
       has_secure_token :confirmation_token
 
       validates :email, format: {with: URI::MailTo::EMAIL_REGEXP}, presence: true, uniqueness: true
       validates :unconfirmed_email, format: {with: URI::MailTo::EMAIL_REGEXP}, allow_blank: true
+      validates_length_of :password, minimum: 12, allow_nil: true
 
-      before_save do
-        self.email = email.downcase
-        self.unconfirmed_email = unconfirmed_email&.downcase
+      before_validation do
+        email&.downcase!&.strip!
+        unconfirmed_email&.downcase!
       end
     end
 

data/lib/revise_auth/route_constraint.rb

@@ -0,0 +1,15 @@
+module ReviseAuth
+  class RouteConstraint
+    attr_reader :request
+
+    # Stub out helper_method
+    def self.helper_method(...)
+    end
+
+    include Authentication
+
+    def initialize(request)
+      @request = request
+    end
+  end
+end

data/lib/revise_auth/routes.rb

@@ -0,0 +1,49 @@
+module ActionDispatch::Routing
+  class Mapper
+    def revise_auth
+      scope module: :revise_auth do
+        revise_registration
+
+        get "login", to: "sessions#new"
+        post "login", to: "sessions#create"
+
+        revise_profile
+
+        patch "profile/email", to: "email#update"
+        patch "profile/password", to: "password#update"
+
+        # Email confirmation
+        get "profile/email", to: "email#show"
+
+        delete "logout", to: "sessions#destroy"
+      end
+    end
+
+    # Adds helpers for config/routes.rb to constraint routes with authentication
+    #
+    def authenticated
+      constraints ->(request) { ReviseAuth::RouteConstraint.new(request).user_signed_in? } do
+        yield
+      end
+    end
+
+    def unauthenticated
+      constraints ->(request) { !ReviseAuth::RouteConstraint.new(request).user_signed_in? } do
+        yield
+      end
+    end
+
+    private
+
+    def revise_registration
+      get "sign_up", to: "registrations#new"
+      post "sign_up", to: "registrations#create"
+    end
+
+    def revise_profile
+      get "profile", to: "registrations#edit"
+      patch "profile", to: "registrations#update"
+      delete "profile", to: "registrations#destroy"
+    end
+  end
+end

data/lib/revise_auth/version.rb

@@ -1,3 +1,3 @@
 module ReviseAuth
-  VERSION = "0.1.1"
+  VERSION = "0.2.0"
 end

data/lib/revise_auth.rb

@@ -1,65 +1,11 @@
 require "revise_auth/version"
 require "revise_auth/engine"
+require "revise_auth/routes"
 
 module ReviseAuth
+  autoload :Authentication, "revise_auth/authentication"
+  autoload :Backports, "revise_auth/backports"
+  autoload :Current, "revise_auth/current"
   autoload :Model, "revise_auth/model"
-
-  module Authentication
-    # Provides methods for controllers and views for authentication
-    #
-    extend ActiveSupport::Concern
-
-    included do
-      helper_method :user_signed_in?
-      helper_method :current_user
-    end
-
-    # Returns a boolean whether the user is signed in or not
-    def user_signed_in?
-      !!current_user
-    end
-
-    # Authenticates the user if not already authenticated
-    # Returns a User or nil
-    def current_user
-      Current.user ||= authenticate_user
-    end
-
-    # Authenticates a user or redirects to the login page
-    def authenticate_user!
-      redirect_to login_path, alert: I18n.t("revise_auth.sign_up_or_login") unless user_signed_in?
-    end
-
-    # Authenticates the current user
-    # - from session cookie
-    # - (future) from Authorization header
-    def authenticate_user
-      Current.user = authenticated_user_from_session
-    end
-
-    # Returns a user from session cookie
-    def authenticated_user_from_session
-      user_id = session[:user_id]
-      return unless user_id
-      User.find_by(id: user_id)
-    end
-
-    # Logs in the user
-    # - Set Current.user for the current request
-    # - Save a session cookie so the next request is authenticated
-    def login(user)
-      Current.user = user
-      session[:user_id] = user.id
-    end
-
-    def logout
-      Current.user = nil
-      session.delete(:user_id)
-    end
-  end
-
-  class Current < ActiveSupport::CurrentAttributes
-    # Stores the current user for the request
-    attribute :user
-  end
+  autoload :RouteConstraint, "revise_auth/route_constraint"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: revise_auth
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 0.2.0
 platform: ruby
 authors:
 - Chris Oliver
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-01-12 00:00:00.000000000 Z
+date: 2023-04-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -58,17 +58,33 @@ files:
 - app/views/revise_auth/registrations/edit.html.erb
 - app/views/revise_auth/registrations/new.html.erb
 - app/views/revise_auth/sessions/new.html.erb
+- config/locales/de.yml
+- config/locales/el.yml
 - config/locales/en.yml
-- config/routes.rb
+- config/locales/fr.yml
+- config/locales/nl.yml
+- config/locales/tr.yml
+- config/locales/zh-TW.yml
+- lib/generators/revise_auth/model_generator.rb
+- lib/generators/revise_auth/templates/README
+- lib/generators/revise_auth/views_generator.rb
 - lib/revise_auth.rb
+- lib/revise_auth/authentication.rb
+- lib/revise_auth/backports.rb
+- lib/revise_auth/current.rb
 - lib/revise_auth/engine.rb
 - lib/revise_auth/model.rb
+- lib/revise_auth/route_constraint.rb
+- lib/revise_auth/routes.rb
 - lib/revise_auth/version.rb
 - lib/tasks/revise_auth_tasks.rake
 homepage: https://github.com/excid3/revise_auth
 licenses:
 - MIT
-metadata: {}
+metadata:
+  homepage_uri: https://github.com/excid3/revise_auth
+  source_code_uri: https://github.com/excid3/revise_auth
+  changelog_uri: https://github.com/excid3/revise_auth/blob/main/CHANGELOG.md
 post_install_message:
 rdoc_options: []
 require_paths:
@@ -84,7 +100,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.4.3
+rubygems_version: 3.4.7
 signing_key:
 specification_version: 4
 summary: Simple authentication for Ruby on Rails apps

data/config/routes.rb

@@ -1,21 +0,0 @@
-Rails.application.routes.draw do
-  scope module: :revise_auth do
-    get "sign_up", to: "registrations#new"
-    post "sign_up", to: "registrations#create"
-
-    get "login", to: "sessions#new"
-    post "login", to: "sessions#create"
-
-    get "profile", to: "registrations#edit"
-    patch "profile", to: "registrations#update"
-    delete "profile", to: "registrations#destroy"
-
-    patch "profile/email", to: "email#update"
-    patch "profile/password", to: "password#update"
-
-    # Email confirmation
-    get "profile/email", to: "email#show"
-
-    delete "logout", to: "sessions#destroy"
-  end
-end