searls-auth 0.0.1 → 0.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4b25e2025b4ec1c7eb16c573e4006a079b9073e9837769f1038b62e7b8fc3bfd
-  data.tar.gz: b09296feab4da00d73216df4a2f5a23b7dd1a97e1a7fd93f824c20acf3fb0379
+  metadata.gz: 5e2b6983e76f48e3663946462d67f0dfdf62914aa8187c29a332111f430335f2
+  data.tar.gz: 0cfbab5b379a053ff0f23406e25c045caa6d7ca2c249330d0ac24b459e6f1ecf
 SHA512:
-  metadata.gz: ac9b6013cec969279330d49c5967de49a79b6c2e5fcab7a8189e5f0e6f9d3aa54b57fc487b59b789f7a03169412c8339ce57e9d4d7314420f8081a0cb5d75be1
-  data.tar.gz: ff8e2755bac9adc5a6e836b20908a57e5f1a8318aeef1316a30805aef252bc3a103b52729abc87955c5bb62a7cbcfdee843e8308d9406f5e9fa82a89d773f7c5
+  metadata.gz: 820ae8d2258753dd6e7f2f9bea7054537f0242aacc5218f220cc3a83d639a11a5204bcca728a95ec06e4ae8094994609abf0859f5df8162684a56c42bd27757b
+  data.tar.gz: 9d6f9469c3c4d99cd42f0b410f89934951924c605cff3fe9bf7490064d790d1a814b20e154574de45d525b325acaac6ccd793496f2ffbc83645042e4f2a0268f

data/.standard.yml

@@ -1,3 +1,5 @@
 # For available configuration options, see:
 #   https://github.com/standardrb/standard
 ruby_version: 3.4
+ignore:
+  - '**/vendor/**/*'

data/CHANGELOG.md

@@ -1,5 +1,15 @@
 ## [Unreleased]
 
+## [0.1.0] - 2025-04-26
+
+* Add `max_allowed_short_code_attempts` configuration, beyond which the code is erased from the session and the user needs to login again (default: 10)
+* Allow configuration of flash messages
+* Fix a routing error if the user is already registered
+
+## [0.0.2] - 2025-04-16
+
+* Little fixes. Renamed `user_name_field` to `user_name_method`
+
 ## [0.0.1] - 2025-04-15
 
-- Initial release
+* Initial release

data/app/controllers/searls/auth/base_controller.rb

@@ -13,22 +13,29 @@ module Searls
       end
 
       def attach_short_code_to_session!(user)
-        session[:email_auth_short_code_user_id] = user.id
-        session[:email_auth_short_code] = SecureRandom.random_number(1000000).to_s.rjust(6, "0")
-        session[:email_auth_short_code_generated_at] = Time.current
+        session[:searls_auth_short_code_user_id] = user.id
+        session[:searls_auth_short_code] = SecureRandom.random_number(1000000).to_s.rjust(6, "0")
+        session[:searls_auth_short_code_generated_at] = Time.current
+        session[:searls_auth_short_code_verification_attempts] = 0
       end
 
       def reset_expired_short_code
-        if session[:email_auth_short_code_generated_at].present? &&
-            Time.zone.parse(session[:email_auth_short_code_generated_at]) < Searls::Auth.config.token_expiry_minutes.minutes.ago
+        if session[:searls_auth_short_code_generated_at].present? &&
+            Time.zone.parse(session[:searls_auth_short_code_generated_at]) < Searls::Auth.config.token_expiry_minutes.minutes.ago
           clear_short_code_from_session!
         end
       end
 
       def clear_short_code_from_session!
-        session.delete(:email_auth_short_code_user_id)
-        session.delete(:email_auth_short_code_generated_at)
-        session.delete(:email_auth_short_code)
+        session.delete(:searls_auth_short_code_user_id)
+        session.delete(:searls_auth_short_code_generated_at)
+        session.delete(:searls_auth_short_code)
+        session.delete(:searls_auth_short_code_verification_attempts)
+      end
+
+      def log_short_code_verification_attempt!
+        session[:searls_auth_short_code_verification_attempts] ||= 0
+        session[:searls_auth_short_code_verification_attempts] += 1
       end
     end
   end

data/app/controllers/searls/auth/logins_controller.rb

@@ -16,19 +16,26 @@ module Searls
             user:,
             redirect_path: params[:redirect_path],
             redirect_subdomain: params[:redirect_subdomain],
-            short_code: session[:email_auth_short_code]
+            short_code: session[:searls_auth_short_code]
           )
-          flash[:notice] = "Login details sent to #{params[:email]}"
-          redirect_to verify_path(
+          flash[:notice] = searls_auth_config.resolve(
+            :flash_notice_after_login_attempt,
+            user, params
+          )
+          redirect_to searls_auth.verify_path(
             redirect_path: params[:redirect_path],
             redirect_subdomain: params[:redirect_subdomain]
           )
         else
-          flash.now[:error] = "We don't know that email. <a href=\"#{register_path(
-            email: params[:email],
-            redirect_path: params[:redirect_path],
-            redirect_subdomain: params[:redirect_subdomain]
-          )}\">Sign up</a> instead?".html_safe
+          flash.now[:error] = searls_auth_config.resolve(
+            :flash_error_after_login_attempt_unknown_email,
+            searls_auth.register_path(
+              email: params[:email],
+              redirect_path: params[:redirect_path],
+              redirect_subdomain: params[:redirect_subdomain]
+            ),
+            params
+          )
           render searls_auth_config.login_view, layout: searls_auth_config.layout, status: :unprocessable_entity
         end
       end
@@ -36,8 +43,11 @@ module Searls
       def destroy
         ResetsSession.new.reset(self, except_for: [:has_logged_in_before])
 
-        flash[:notice] = "You've been logged out."
-        redirect_to login_path
+        flash[:notice] = searls_auth_config.resolve(
+          :flash_notice_after_logout,
+          params
+        )
+        redirect_to searls_auth.login_path
       end
     end
   end

data/app/controllers/searls/auth/registrations_controller.rb

@@ -20,13 +20,26 @@ module Searls
 
           EmailsLink.new.email(
             user: result.user,
-            short_code: session[:email_auth_short_code],
+            short_code: session[:searls_auth_short_code],
             **redirect_params
           )
-          flash[:notice] = "Verification email sent to #{params[:email]}"
-          redirect_to verify_path(**redirect_params)
+          flash[:notice] = searls_auth_config.resolve(
+            :flash_notice_after_registration,
+            result.user, params
+          )
+
+          redirect_to searls_auth.verify_path(**redirect_params)
         else
-          flash.now[:error] = result.error_messages
+          flash.now[:error] = searls_auth_config.resolve(
+            :flash_error_after_register_attempt,
+            result.error_messages,
+            searls_auth.login_path(
+              email: params[:email],
+              redirect_path: params[:redirect_path],
+              redirect_subdomain: params[:redirect_subdomain]
+            ),
+            params
+          )
           render searls_auth_config.register_view, layout: searls_auth_config.layout, status: :unprocessable_entity
         end
       end

data/app/controllers/searls/auth/verifications_controller.rb

@@ -12,6 +12,7 @@ module Searls
         authenticator = AuthenticatesUser.new
         result = case auth_method
         when :short_code
+          log_short_code_verification_attempt!
           authenticator.authenticate_by_short_code(params[:short_code], session)
         when :token
           authenticator.authenticate_by_token(params[:token])
@@ -20,6 +21,10 @@ module Searls
         if result.success?
           session[:user_id] = result.user.id
           session[:has_logged_in_before] = true
+          flash[:notice] = searls_auth_config.resolve(
+            :flash_notice_after_verification,
+            result.user, params
+          )
           if params[:redirect_subdomain].present? && params[:redirect_subdomain] != request.subdomain
             redirect_to generate_full_url(
               params[:redirect_path],
@@ -32,25 +37,35 @@ module Searls
               result.user, params, request, main_app)
           end
         elsif auth_method == :short_code
-          flash[:error] = "We weren't able to log you in with that code. Try again?"
-          render searls_auth_config.verify_view, layout: searls_auth_config.layout, status: :unprocessable_entity
+          if result.exceeded_short_code_attempt_limit?
+            clear_short_code_from_session!
+            flash[:error] = searls_auth_config.resolve(
+              :flash_error_after_verify_attempt_exceeds_limit,
+              params
+            )
+            redirect_to searls_auth.login_path(
+              redirect_path: params[:redirect_path],
+              redirect_subdomain: params[:redirect_subdomain]
+            )
+          else
+            flash[:error] = searls_auth_config.resolve(
+              :flash_error_after_verify_attempt_incorrect_short_code,
+              params
+            )
+            render searls_auth_config.verify_view, layout: searls_auth_config.layout, status: :unprocessable_entity
+          end
         else
-          flash[:error] = "We weren't able to log you in with that link. Try again?"
-          redirect_to login_path(
+          flash[:error] = searls_auth_config.resolve(
+            :flash_error_after_verify_attempt_invalid_link,
+            params
+          )
+          redirect_to searls_auth.login_path(
             redirect_path: params[:redirect_path],
             redirect_subdomain: params[:redirect_subdomain]
           )
         end
       end
 
-      def destroy
-        ResetsSession.new.reset(self,
-          except_for: searls_auth_config.preserve_session_keys_after_logout)
-
-        flash[:notice] = "You've been logged out."
-        redirect_to login_path
-      end
-
       private
 
       def generate_full_url(path, subdomain)

data/app/helpers/searls/auth/application_helper.rb

@@ -51,10 +51,13 @@ module Searls
       end
 
       def attr_for(model, field_name)
-        model.attributes[field_name.to_s]
+        if model.respond_to?(field_name)
+          model.send(field_name)
+        end
       end
 
       def rpad(s, spacer = " ", times = 1)
+        return "" if s.blank?
         "#{s}#{spacer * times}"
       end
 

data/app/javascript/controllers/searls_auth_login_controller.js

@@ -23,7 +23,6 @@ export default class SearlsAuthLoginController extends Controller {
   }
 
   updateEmail (e) {
-    debugger
     this.emailValue = e.currentTarget.value
     window.sessionStorage.setItem('__searls_auth_email', this.emailValue)
   }

data/app/mailers/searls/auth/base_mailer.rb

@@ -3,6 +3,17 @@ module Searls
     class BaseMailer < ApplicationMailer # TODO should this be ActionMailer::Base? Trade-offs?
       helper Searls::Auth::ApplicationHelper
       include Searls::Auth::ApplicationHelper
+
+      protected
+
+      def format_to(user)
+        name_field = searls_auth_helper.attr_for(user, Searls::Auth.config.user_name_method)
+        if name_field.present?
+          "#{user.name} <#{user.email}>"
+        else
+          user.email
+        end
+      end
     end
   end
 end

data/app/mailers/searls/auth/login_link_mailer.rb

@@ -11,7 +11,7 @@ module Searls
 
         mail(
           to: format_to(@user),
-          subject: "Your #{searls_auth_helper.rpad(@config.app_name)} login code is #{@short_code}",
+          subject: "Your #{searls_auth_helper.rpad(@config.app_name)}login code is #{@short_code}",
           template_path: @config.mail_login_template_path,
           template_name: @config.mail_login_template_name
         ) do |format|

data/app/views/searls/auth/login_link_mailer/login_link.html.erb

@@ -1,6 +1,6 @@
 <%= content_for :width, 480 %>
   <p>
-    <% if (user_name = searls_auth_helper.attr_for(@user, @config.user_name_field)).present? %>
+    <% if (user_name = searls_auth_helper.attr_for(@user, @config.user_name_method)).present? %>
       Hello, <strong><%= user_name %></strong>!
     <% else %>
       Hello!

data/app/views/searls/auth/login_link_mailer/login_link.text.erb

@@ -1,4 +1,4 @@
-<% if (user_name = searls_auth_helper.attr_for(@user, @config.user_name_field)).present? %>
+<% if (user_name = searls_auth_helper.attr_for(@user, @config.user_name_method)).present? %>
 Hi, <%= user_name %>!
 <% else %>
 Hello!
@@ -6,7 +6,7 @@ Hello!
 
 You can log in to your <%= searls_auth_helper.rpad(@config.app_name) %>account at this URL:
 
-<%= verify_token_url({
+<%= searls_auth.verify_token_url({
   token: @token,
   redirect_path: @redirect_path,
   redirect_subdomain: @redirect_subdomain

data/app/views/searls/auth/logins/show.html.erb

@@ -1,15 +1,9 @@
 <h1>Log In</h1>
 
-<div style="background: rgba(255,0,0, 0.1)">
-  <%= flash[:error] %>
-</div>
-<div style="background: rgba(0,0,255, 0.1)">
-  <%= flash[:notice] %>
-</div>
-
-<%= form_with url: login_path, method: :post, data: {controller: searls_auth_helper.login_stimulus_controller} do |f| %>
+<%= form_with url: searls_auth.login_path, method: :post, data: {controller: searls_auth_helper.login_stimulus_controller} do |f| %>
   <%= f.hidden_field :redirect_path, value: params[:redirect_path] %>
   <%= f.hidden_field :redirect_subdomain, value: params[:redirect_subdomain] %>
+  <%= f.label :email %>
   <%= f.email_field :email, required: true, value: params[:email], data: searls_auth_helper.email_field_stimulus_data %>
   <%= f.submit "Log in" %>
 <% end %>

data/app/views/searls/auth/registrations/show.html.erb

@@ -1,15 +1,9 @@
 <h1>Create your account</h1>
 
-<div style="background: rgba(255,0,0, 0.1)">
-  <%= flash[:error] %>
-</div>
-<div style="background: rgba(0,0,255, 0.1)">
-  <%= flash[:notice] %>
-</div>
-
-<%= form_with url: register_path, data: {controller: searls_auth_helper.login_stimulus_controller} do |f| %>
+<%= form_with url: searls_auth.register_path, data: {controller: searls_auth_helper.login_stimulus_controller} do |f| %>
   <%= f.hidden_field :redirect_path, value: params[:redirect_path] %>
   <%= f.hidden_field :redirect_subdomain, value: params[:redirect_subdomain] %>
+  <%= f.label :email %>
   <%= f.email_field :email, value: params[:email], required: true, data: searls_auth_helper.email_field_stimulus_data %>
   <%= f.submit "Register" %>
 <% end %>

data/app/views/searls/auth/verifications/show.html.erb

@@ -3,13 +3,14 @@
   In the next few moments, you should receive an email that will provide you
   two ways to log in: a link and a six-digit code that you can enter below.
 </p>
-<%= form_with(url: verify_path, method: :post, data: {
+<%= form_with(url: searls_auth.verify_path, method: :post, data: {
     # Don't use turbo on cross-domain redirects
     turbo: searls_auth_helper.enable_turbo?
   }) do |f| %>
   <%= f.hidden_field :redirect_path, value: params[:redirect_path] %>
   <%= f.hidden_field :redirect_subdomain, value: params[:redirect_subdomain] %>
   <div data-controller="<%= searls_auth_helper.otp_stimulus_controller %>">
+    <%= f.label :short_code, "Code" %>
     <%= f.text_field :short_code,
       maxlength: 6,
       inputmode: "numeric",

data/lib/searls/auth/authenticates_user.rb

@@ -1,15 +1,17 @@
 module Searls
   module Auth
     class AuthenticatesUser
-      Result = Struct.new(:success?, :user, keyword_init: true)
+      Result = Struct.new(:success?, :user, :exceeded_short_code_attempt_limit?, keyword_init: true)
 
       def authenticate_by_short_code(short_code, session)
-        user = Searls::Auth.config.user_finder_by_id.call(session[:email_auth_short_code_user_id])
+        if session[:searls_auth_short_code_verification_attempts] > Searls::Auth.config.max_allowed_short_code_attempts
+          return Result.new(success?: false, exceeded_short_code_attempt_limit?: true)
+        end
 
-        if session[:email_auth_short_code_generated_at].present? &&
-            Time.zone.parse(session[:email_auth_short_code_generated_at]) > Searls::Auth.config.token_expiry_minutes.minutes.ago &&
-            user.present? &&
-            short_code == session[:email_auth_short_code]
+        if session[:searls_auth_short_code_generated_at].present? &&
+            Time.zone.parse(session[:searls_auth_short_code_generated_at]) > Searls::Auth.config.token_expiry_minutes.minutes.ago &&
+            short_code == session[:searls_auth_short_code] &&
+            (user = Searls::Auth.config.user_finder_by_id.call(session[:searls_auth_short_code_user_id])).present?
           Searls::Auth.config.after_login_success&.call(user)
           Result.new(success?: true, user: user)
         else

data/lib/searls/auth/config.rb

@@ -6,11 +6,12 @@ module Searls
       :user_finder_by_id, # proc (id)
       :user_finder_by_token, # proc (token)
       :user_initializer, # proc (params)
-      :user_name_field, # string
+      :user_name_method, # string
       :token_generator, # proc ()
       :token_expiry_minutes, # integer
       # Controller setup
       :preserve_session_keys_after_logout, # array of symbols
+      :max_allowed_short_code_attempts, # integer
       # View setup
       :layout, # string
       :login_view, # string
@@ -32,6 +33,16 @@ module Searls
       :email_banner_image_path, # string
       :email_background_color, # string
       :email_button_color, # string
+      # Messages setup
+      :flash_notice_after_registration, # string or proc(user, params)
+      :flash_error_after_register_attempt, # string or proc(error_messages, login_path, params)
+      :flash_notice_after_login_attempt, # string or proc(user, params)
+      :flash_error_after_login_attempt_unknown_email, # string or proc(register_path, params)
+      :flash_notice_after_logout, # string or proc(params)
+      :flash_notice_after_verification, # string or proc(user, params)
+      :flash_error_after_verify_attempt_exceeds_limit, # string or proc(params)
+      :flash_error_after_verify_attempt_incorrect_short_code, # string or proc(params)
+      :flash_error_after_verify_attempt_invalid_link, # string or proc(params)
       keyword_init: true
     ) do
       # Get values from values that might be procs

data/lib/searls/auth/version.rb

@@ -1,5 +1,5 @@
 module Searls
   module Auth
-    VERSION = "0.0.1"
+    VERSION = "0.1.0"
   end
 end

data/lib/searls/auth.rb

@@ -16,12 +16,13 @@ module Searls
       user_finder_by_email: ->(email) { User.find_by(email:) },
       user_finder_by_id: ->(id) { User.find_by(id:) },
       user_finder_by_token: ->(token) { User.find_by_token_for(:email_auth, token) },
-      user_initializer: ->(params) { User.new(params[:email]) },
-      user_name_field: "name",
+      user_initializer: ->(params) { User.new(email: params[:email]) },
+      user_name_method: "name",
       token_generator: ->(user) { user.generate_token_for(:email_auth) },
       token_expiry_minutes: 30,
       # Controller setup
       preserve_session_keys_after_logout: [],
+      max_allowed_short_code_attempts: 10,
       # View setup
       layout: "application",
       register_view: "searls/auth/registrations/show",
@@ -48,7 +49,20 @@ module Searls
       support_email_address: nil,
       email_background_color: "#d8d7ed",
       email_button_color: "#c664f3",
-      email_banner_image_path: nil
+      email_banner_image_path: nil,
+      # Messages setup
+      flash_notice_after_registration: ->(user, params) { "Verification email sent to #{params[:email]}" },
+      flash_error_after_register_attempt: ->(error_messages, login_path, params) { error_messages },
+      flash_notice_after_login_attempt: ->(user, params) { "Login details sent to #{params[:email]}" },
+      flash_error_after_login_attempt_unknown_email: ->(register_path, params) {
+        "We don't know that email. <a href=\"#{register_path}\">Sign up</a> instead?".html_safe
+      },
+      flash_notice_after_logout: "You've been logged out",
+      flash_notice_after_verification: "You are now logged in",
+      flash_error_after_verify_attempt_exceeds_limit: "Too many verification attempts. Please login again to generate a new code",
+      flash_error_after_verify_attempt_incorrect_short_code: "We weren't able to log you in with that code. Try again?",
+      flash_error_after_verify_attempt_invalid_link: "We weren't able to log you in with that link. Try again?"
+
     }.freeze
 
     CONFIG = Config.new(**DEFAULT_CONFIG)

data/script/setup

@@ -0,0 +1,14 @@
+#!/usr/bin/env bash
+
+set -e
+
+bundle
+
+cd example/simple_app
+bundle
+bin/rake db:setup
+export PLAYWRIGHT_CLI_VERSION=$(bundle exec ruby -e 'require "playwright"; puts Playwright::COMPATIBLE_PLAYWRIGHT_VERSION.strip')
+PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD=1 yarn add -D "playwright@$PLAYWRIGHT_CLI_VERSION"
+yarn run playwright install chromium
+
+cd ../..

data/script/setup_ci

@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+
+set -e
+
+cd example/simple_app
+bin/rake db:setup
+cd ../..

data/script/test

@@ -0,0 +1,13 @@
+#!/usr/bin/env bash
+
+set -e
+
+echo "-----> Testing searls-auth gem"
+bundle exec rake
+
+echo "-----> Testing example/simple_app"
+cd example/simple_app
+bin/rake
+cd ../..
+
+echo "-----> Looks good! 🪩"

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: searls-auth
 version: !ruby/object:Gem::Version
-  version: 0.0.1
+  version: 0.1.0
 platform: ruby
 authors:
 - Justin Searls
@@ -60,6 +60,9 @@ files:
 - lib/searls/auth/railtie.rb
 - lib/searls/auth/resets_session.rb
 - lib/searls/auth/version.rb
+- script/setup
+- script/setup_ci
+- script/test
 homepage: https://github.com/searls/searls-auth
 licenses:
 - GPL-3.0-only