rodauth 0.10.0 → 1.0.0

data/doc/verify_change_login.rdoc

@@ -0,0 +1,9 @@
+= Documentation for Verify Change Login Feature
+
+The verify change login feature implements account reverification after
+change login.  Any time you use the verify account and change login
+features together, you should probably use this, otherwise it is trivial
+for users to work around account verification by creating an account with
+an email address they control, and the changing the login to an email
+address they don't control.  Depends on the change login and verify
+account grace period features.

data/lib/roda/plugins/rodauth.rb

@@ -1,264 +1,5 @@
-require 'tilt/string'
+# frozen-string-literal: true
 
-class Roda
-  module RodaPlugins
-    module Rodauth
-      def self.load_dependencies(app, opts={})
-        app.plugin :render
-        app.plugin :flash
-        app.plugin :h
-      end
-
-      def self.configure(app, opts={}, &block)
-        ((app.opts[:rodauths] ||= {})[opts[:name]] ||= Class.new(Auth)).configure(&block)
-      end
-
-      DSL_META_TYPES = [:auth, :auth_value].freeze
-      FEATURES = {}
-
-      class Feature < Module
-        DSL_META_TYPES.each do |meth|
-          name = :"#{meth}_methods"
-          define_method(name) do |*v|
-            iv = :"@#{name}"
-            existing = instance_variable_get(iv) || []
-            if v.empty?
-              existing
-            else
-              instance_variable_set(iv, existing + v)
-            end
-          end
-        end
-
-        attr_accessor :feature_name
-        attr_accessor :dependencies
-
-        def self.define(name, &block)
-          feature = new
-          feature.dependencies = []
-          feature.feature_name = name
-          feature.module_eval(&block)
-          FEATURES[name] = feature
-        end
-
-        DEFAULT_REDIRECT_BLOCK = proc{default_redirect}
-        def redirect(&block)
-          meth = :"#{feature_name}_redirect"
-          block ||= DEFAULT_REDIRECT_BLOCK
-          define_method(meth, &block)
-          auth_value_methods meth
-        end
-
-        def view(page, title)
-          meth = :"#{feature_name}_view"
-          define_method(meth) do
-            view(page, title)
-          end
-          auth_methods meth
-        end
-
-        def depends(*deps)
-          dependencies.concat(deps)
-        end
-
-        def after
-          meth = :"after_#{feature_name}"
-          define_method(meth) do
-            nil
-          end
-          auth_methods meth
-        end
-
-        def additional_form_tags
-          meth = :"#{feature_name}_additional_form_tags"
-          define_method(meth) do
-            nil
-          end
-          auth_value_methods meth
-        end
-
-        def require_account
-          @account_required = true
-        end
-
-        def account_required?
-          @account_required
-        end
-
-        [:route, :notice_flash, :error_flash, :button].each do |meth|
-          define_method(meth) do |v|
-            inst_meth = :"#{feature_name}_#{meth}"
-            define_method(inst_meth){v}
-            auth_value_methods inst_meth
-          end
-        end
-
-        [:get, :post, :route].each do |meth|
-          define_method("#{meth}_block") do |&block|
-            if block
-              instance_variable_set("@#{meth}_block", block)
-            else
-              instance_variable_get("@#{meth}_block")
-            end
-          end
-        end
-      end
-
-      class Auth
-        class << self
-          attr_reader :features
-          attr_reader :route_block_methods
-        end
-
-        def self.inherited(subclass)
-          super
-          subclass.instance_exec do
-            @features = []
-            @route_block_methods = []
-          end
-        end
-
-        def self.configure(&block)
-          DSL.new(self, &block)
-        end
-
-        def self.freeze
-          @features.freeze
-          @route_block_methods.freeze
-          super
-        end
-
-        def route_block_methods
-          self.class.route_block_methods
-        end
-      end
-
-      class DSL
-        def def_auth_method(meth)
-          define_sclass_method(meth) do |&block|
-            _def_auth_method(meth, &block)
-          end
-        end
-
-        def def_auth_value_method(meth)
-          define_sclass_method(meth) do |*v, &block|
-            v = v.first
-            block ||= proc{v}
-            _def_auth_method(meth, &block)
-          end
-        end
-
-        def def_auth_block_method(meth)
-          define_sclass_method(meth) do |&block|
-            _def_auth_method(meth){block}
-          end
-        end
-
-        def initialize(auth, &block)
-          @auth = auth
-          load_feature(:base)
-          instance_exec(&block)
-        end
-
-        def enable(*features)
-          new_features = features - @auth.features
-          new_features.each{|f| load_feature(f)}
-          @auth.features.concat(new_features)
-        end
-
-        private
-
-        def _def_auth_method(meth, &block)
-          @auth.send(:define_method, meth, &block)
-        end
-
-        def define_sclass_method(meth, &block)
-          (class << self; self end).send(:define_method, meth, &block)
-        end
-
-        def load_feature(feature_name)
-          require "roda/plugins/rodauth/#{feature_name}"
-          feature = FEATURES[feature_name]
-          enable(*feature.dependencies)
-
-          DSL_META_TYPES.each do |type|
-            feature.send(:"#{type}_methods").each{|m| send(:"def_#{type}_method", m)}
-          end
-
-          if get_block = feature.get_block
-            def_auth_block_method :"#{feature_name}_get_block"
-            _def_auth_method(:"#{feature_name}_get_block"){get_block}
-          end
-
-          if post_block = feature.post_block
-            def_auth_block_method :"#{feature_name}_post_block"
-            _def_auth_method(:"#{feature_name}_post_block"){post_block}
-          end
-
-          route_block = feature.route_block
-          if route_block || (get_block && post_block)
-            check_before_meth = :"check_before_#{feature_name}"
-            before_meth = :"before_#{feature_name}"
-            def_auth_block_method :"#{feature_name}_route_block"
-            route_block ||= proc do |r, auth|
-              r.is auth.send(:"#{feature_name}_route") do
-                auth.check_before(feature)
-                auth.send(before_meth)
-
-                r.get do
-                  instance_exec(r, auth, &auth.send(:"#{feature_name}_get_block"))
-                end
-
-                r.post do
-                  instance_exec(r, auth, &auth.send(:"#{feature_name}_post_block"))
-                end
-              end
-            end
-            _def_auth_method(:"#{feature_name}_route_block"){route_block}
-            _def_auth_method(before_meth){nil}
-            def_auth_method(before_meth)
-            @auth.route_block_methods << :"#{feature_name}_route_block"
-          end
-
-          @auth.send(:include, feature)
-        end
-      end
-
-      module InstanceMethods
-        def rodauth(name=nil)
-          if name
-            (@_rodauths ||= {})[name] ||= self.class.rodauth(name).new(self)
-          else
-            @_rodauth ||= self.class.rodauth.new(self)
-          end
-        end
-      end
-
-      module ClassMethods
-        def rodauth(name=nil)
-          opts[:rodauths][name]
-        end
-
-        def freeze
-          if opts[:rodauths]
-            opts[:rodauths].each_value(&:freeze)
-            opts[:rodauths].freeze
-          end
-          super
-        end
-      end
-
-      module RequestMethods
-        def rodauth(name=nil)
-          auth = scope.rodauth(name)
-          auth.route_block_methods.each do |meth|
-            scope.instance_exec(self, auth, &auth.send(meth))
-          end
-        end
-      end
-    end
-
-    register_plugin(:rodauth, Rodauth)
-  end
-end
+require 'rodauth'
 
+Roda::RodaPlugins.register_plugin(:rodauth, Rodauth)

data/lib/rodauth.rb

@@ -0,0 +1,260 @@
+# frozen-string-literal: true
+
+require 'securerandom'
+
+module Rodauth
+  def self.load_dependencies(app, opts={})
+    if opts[:json]
+      app.plugin :json
+      app.plugin :json_parser
+    end
+
+    unless opts[:json] == :only
+      require 'tilt/string'
+      app.plugin :render
+      app.plugin :csrf
+      app.plugin :flash
+      app.plugin :h
+    end
+  end
+
+  def self.configure(app, opts={}, &block)
+    ((app.opts[:rodauths] ||= {})[opts[:name]] ||= Class.new(Auth)).configure(&block)
+  end
+
+  FEATURES = {}
+
+  class FeatureConfiguration < Module
+    def def_configuration_methods(feature)
+      private_methods = feature.private_instance_methods.map(&:to_sym)
+      priv = proc{|m| private_methods.include?(m)}
+      feature.auth_methods.each{|m| def_auth_method(m, priv[m])}
+      feature.auth_value_methods.each{|m| def_auth_value_method(m, priv[m])}
+      feature.auth_private_methods.each{|m| def_auth_private_method(m)}
+    end
+
+    private
+
+    def def_auth_method(meth, priv)
+      define_method(meth) do |&block|
+        @auth.send(:define_method, meth, &block)
+        @auth.send(:private, meth) if priv
+      end
+    end
+
+    def def_auth_private_method(meth)
+      umeth = :"_#{meth}"
+      define_method(meth) do |&block|
+        @auth.send(:define_method, umeth, &block)
+        @auth.send(:private, umeth)
+      end
+    end
+
+    def def_auth_value_method(meth, priv)
+      define_method(meth) do |*v, &block|
+        v = v.first
+        block ||= proc{v}
+        @auth.send(:define_method, meth, &block)
+        @auth.send(:private, meth) if priv
+      end
+    end
+  end
+
+  class Feature < Module
+    [:auth, :auth_value, :auth_private].each do |meth|
+      name = :"#{meth}_methods"
+      define_method(name) do |*v|
+        iv = :"@#{name}"
+        existing = instance_variable_get(iv) || []
+        if v.empty?
+          existing
+        else
+          instance_variable_set(iv, existing + v)
+        end
+      end
+    end
+
+    attr_accessor :feature_name
+    attr_accessor :dependencies
+    attr_accessor :routes
+    attr_accessor :configuration
+
+    def route(name=feature_name, default=name.to_s.tr('_', '-'), &block)
+      auth_value_method "#{name}_route", default
+
+      handle_meth = "handle_#{name}"
+      route_meth = :"#{name}_route"
+      before route_meth
+
+      define_method(handle_meth) do
+        request.is send(route_meth) do
+          before_rodauth
+          instance_exec(request, &block)
+        end
+      end
+
+      routes << handle_meth
+    end
+
+    def self.define(name, &block)
+      feature = new
+      feature.dependencies = []
+      feature.routes = []
+      feature.feature_name = name
+      configuration = feature.configuration = FeatureConfiguration.new
+      feature.module_eval(&block)
+      configuration.def_configuration_methods(feature)
+      FEATURES[name] = feature
+    end
+
+    def configuration_module_eval(&block)
+      configuration.module_eval(&block)
+    end
+
+    DEFAULT_REDIRECT_BLOCK = proc{default_redirect}
+    def redirect(name=feature_name, &block)
+      meth = :"#{name}_redirect"
+      block ||= DEFAULT_REDIRECT_BLOCK
+      define_method(meth, &block)
+      auth_value_methods meth
+    end
+
+    def view(page, title, name=feature_name)
+      meth = :"#{name}_view"
+      define_method(meth) do
+        view(page, title)
+      end
+      auth_methods meth
+    end
+
+    def depends(*deps)
+      dependencies.concat(deps)
+    end
+
+    %w'after before'.each do |hook|
+      define_method(hook) do |*args|
+        name = args[0] || feature_name
+        meth = "#{hook}_#{name}"
+        class_eval("def #{meth}; super if defined?(super); _#{meth} end", __FILE__, __LINE__)
+        class_eval("def _#{meth}; nil end", __FILE__, __LINE__)
+        private meth, :"_#{meth}"
+        auth_private_methods(meth)
+      end
+    end
+
+    def additional_form_tags(name=feature_name)
+      auth_value_method(:"#{name}_additional_form_tags", nil)
+    end
+
+    def auth_value_method(meth, value)
+      define_method(meth){value}
+      auth_value_methods(meth)
+    end
+
+    def auth_cached_method(meth, iv=:"@#{meth}")
+      umeth = :"_#{meth}"
+      define_method(meth) do
+        if instance_variable_defined?(iv)
+          instance_variable_get(iv)
+        else
+          instance_variable_set(iv, send(umeth))
+        end
+      end
+      auth_private_methods(meth)
+    end
+
+    [:notice_flash, :error_flash, :button].each do |meth|
+      define_method(meth) do |v, *args|
+        name = args.shift || feature_name
+        auth_value_method(:"#{name}_#{meth}", v)
+      end
+    end
+  end
+
+  class Auth
+    class << self
+      attr_reader :features
+      attr_reader :routes
+      attr_accessor :route_hash
+    end
+
+    def self.inherited(subclass)
+      super
+      subclass.instance_exec do
+        @features = []
+        @routes = []
+        @route_hash = {}
+      end
+    end
+
+    def self.configure(&block)
+      Configuration.new(self, &block)
+    end
+
+    def self.freeze
+      @features.freeze
+      @routes.freeze
+      @route_hash.freeze
+      super
+    end
+  end
+
+  class Configuration
+    attr_reader :auth
+
+    def initialize(auth, &block)
+      @auth = auth
+      load_feature(:base)
+      instance_exec(&block)
+      auth.allocate.post_configure
+    end
+
+    def enable(*features)
+      new_features = features - @auth.features
+      new_features.each{|f| load_feature(f)}
+      @auth.features.concat(new_features)
+    end
+
+    private
+
+    def load_feature(feature_name)
+      require "rodauth/features/#{feature_name}"
+      feature = FEATURES[feature_name]
+      enable(*feature.dependencies)
+      extend feature.configuration
+
+      @auth.routes.concat(feature.routes)
+      @auth.send(:include, feature)
+    end
+  end
+
+  module InstanceMethods
+    def rodauth(name=nil)
+      if name
+        (@_rodauths ||= {})[name] ||= self.class.rodauth(name).new(self)
+      else
+        @_rodauth ||= self.class.rodauth.new(self)
+      end
+    end
+  end
+
+  module ClassMethods
+    def rodauth(name=nil)
+      opts[:rodauths][name]
+    end
+
+    def freeze
+      if opts[:rodauths]
+        opts[:rodauths].each_value(&:freeze)
+        opts[:rodauths].freeze
+      end
+      super
+    end
+  end
+
+  module RequestMethods
+    def rodauth(name=nil)
+      scope.rodauth(name).route!
+    end
+  end
+end