searls-auth 0.1.1 → 1.0.0

data/lib/searls/auth/delivers_password_reset.rb

@@ -0,0 +1,18 @@
+module Searls
+  module Auth
+    class DeliversPasswordReset
+      Result = Struct.new(:success?, keyword_init: true)
+
+      def deliver(user:, redirect_path: nil, redirect_subdomain: nil)
+        token = Searls::Auth.config.password_reset_token_generator.call(user)
+        PasswordResetMailer.with(
+          user:,
+          token:,
+          redirect_path:,
+          redirect_subdomain:
+        ).password_reset.deliver_later
+        Result.new(success?: true)
+      end
+    end
+  end
+end

data/lib/searls/auth/emails_link.rb

@@ -1,11 +1,11 @@
 module Searls
   module Auth
     class EmailsLink
-      def email(user:, short_code:, redirect_path: nil, redirect_subdomain: nil)
+      def email(user:, email_otp:, redirect_path: nil, redirect_subdomain: nil)
         LoginLinkMailer.with(
           user:,
-          token: generate_token!(user),
-          short_code:,
+          token: (Searls::Auth.config.auth_methods.include?(:email_link) ? generate_token!(user) : nil),
+          email_otp: (Searls::Auth.config.auth_methods.include?(:email_otp) ? email_otp : nil),
           redirect_path:,
           redirect_subdomain:
         ).login_link.deliver_later

data/lib/searls/auth/emails_verification.rb

@@ -0,0 +1,33 @@
+module Searls
+  module Auth
+    class EmailsVerification
+      def email(user:, redirect_path: nil, redirect_subdomain: nil)
+        EmailVerificationMailer.with(
+          user:,
+          token: generate_token!(user),
+          redirect_path:,
+          redirect_subdomain:
+        ).verification_email.deliver_later
+      end
+
+      private
+
+      def generate_token!(user)
+        Searls::Auth.config.token_generator.call(user)
+      rescue KeyError => e
+        raise Error, <<~MSG
+          Secure token generation for user failed!
+
+          Message: #{e.message}
+          User: #{user.inspect}
+
+          This can probably be fixed by adding a line like this to your #{user.class.name} class:
+
+            generates_token_for :email_auth, expires_in: 30.minutes
+
+          Otherwise, you may want to override searls-auth's "token_generator" setting with a proc of your own.
+        MSG
+      end
+    end
+  end
+end

data/lib/searls/auth/parses_time_safely.rb

@@ -0,0 +1,34 @@
+require "active_support/time"
+
+module Searls
+  module Auth
+    class ParsesTimeSafely
+      def parse(input)
+        return nil if input.nil?
+
+        case input
+        when String
+          parse_string(input)
+        when Integer, Float
+          Time.at(input).in_time_zone
+        else
+          if input.respond_to?(:in_time_zone)
+            input.in_time_zone
+          else
+            parse_string(input.to_s)
+          end
+        end
+      rescue ArgumentError, TypeError, NoMethodError
+        nil
+      end
+
+      private
+
+      def parse_string(s)
+        if !(stripped = s.strip).empty?
+          Time.zone.parse(stripped)
+        end
+      end
+    end
+  end
+end

data/lib/searls/auth/railtie.rb

@@ -13,7 +13,6 @@ module Searls
 
       # Initialize configuration defaults
       initializer "searls.auth.configure" do |app|
-        # Set up any configuration defaults here
       end
     end
   end

data/lib/searls/auth/resets_password.rb

@@ -0,0 +1,41 @@
+module Searls
+  module Auth
+    class ResetsPassword
+      Result = Struct.new(:success?, :errors, :user, keyword_init: true)
+
+      def reset(user:, password:, password_confirmation:)
+        configuration = Searls::Auth.config
+
+        if password.blank?
+          message = configuration.resolve(:flash_error_after_password_reset_password_blank, {})
+          return Result.new(success?: false, errors: Array(message), user: user)
+        end
+
+        if password != password_confirmation
+          message = configuration.resolve(:flash_error_after_password_reset_password_mismatch, {})
+          return Result.new(success?: false, errors: Array(message), user: user)
+        end
+
+        configuration.password_setter.call(user, password)
+        if user.respond_to?(:password_confirmation=)
+          user.password_confirmation = password_confirmation
+        end
+
+        if user.save
+          configuration.after_login_success.call(user)
+          Result.new(success?: true, user: user, errors: [])
+        else
+          Result.new(success?: false, user: user, errors: simplified_error_messages(user))
+        end
+      end
+
+      private
+
+      def simplified_error_messages(model)
+        model.errors.details.keys.map { |attr|
+          model.errors.full_messages_for(attr).first
+        }.compact
+      end
+    end
+  end
+end

data/lib/searls/auth/updates_settings.rb

@@ -0,0 +1,149 @@
+module Searls
+  module Auth
+    class UpdatesSettings
+      Result = Struct.new(
+        :success?,
+        :errors,
+        :user,
+        :password_changed?,
+        keyword_init: true
+      )
+
+      def initialize(user:, params:)
+        @user = user
+        @params = params || {}
+        @errors = []
+        @password_changed = false
+      end
+
+      def update
+        enforce_current_password_requirement
+
+        handle_password_change if errors.empty?
+
+        return failure_result unless errors.empty?
+
+        if changes_applied?
+          if user.save
+            Result.new(
+              success?: true,
+              user: user,
+              errors: [],
+              password_changed?: @password_changed
+            )
+          else
+            Result.new(
+              success?: false,
+              user: user,
+              errors: simplified_error_messages(user)
+            )
+          end
+        else
+          Result.new(success?: true, user: user, errors: [], password_changed?: false)
+        end
+      end
+
+      private
+
+      attr_reader :user, :params, :errors
+
+      def enforce_current_password_requirement
+        return unless password_present?
+        return unless password_change_requested?
+
+        if current_password.blank?
+          errors << array_wrap(Searls::Auth.config.resolve(:flash_error_after_settings_current_password_missing, {}))
+          errors.flatten!
+          return
+        end
+
+        begin
+          verified = Searls::Auth.config.password_verifier.call(user, current_password)
+        rescue NameError
+          errors << array_wrap(Searls::Auth.config.resolve(:flash_error_after_password_misconfigured, {}))
+          errors.flatten!
+          return
+        end
+
+        unless verified
+          errors << array_wrap(Searls::Auth.config.resolve(:flash_error_after_settings_current_password_invalid, {}))
+          errors.flatten!
+        end
+      end
+
+      def handle_password_change
+        return unless password_change_requested?
+
+        if new_password.blank?
+          errors << array_wrap(Searls::Auth.config.resolve(:flash_error_after_password_reset_password_blank, {}))
+          errors.flatten!
+          return
+        end
+
+        if new_password != new_password_confirmation
+          errors << array_wrap(Searls::Auth.config.resolve(:flash_error_after_password_reset_password_mismatch, {}))
+          errors.flatten!
+          return
+        end
+
+        Searls::Auth.config.password_setter.call(user, new_password)
+        if user.respond_to?(:password_confirmation=)
+          user.password_confirmation = new_password_confirmation
+        end
+        @password_changed = true
+      end
+
+      def password_present?
+        Searls::Auth.config.password_present?(user)
+      end
+
+      def password_change_requested?
+        new_password.present? || new_password_confirmation.present?
+      end
+
+      def current_password
+        param(:current_password).to_s
+      end
+
+      def new_password
+        param(:password)
+      end
+
+      def new_password_confirmation
+        param(:password_confirmation)
+      end
+
+      def param(key)
+        params[key] || params[key.to_s]
+      end
+
+      def changes_applied?
+        @password_changed
+      end
+
+      def failure_result
+        flattened = errors.flatten.compact_blank
+        Result.new(success?: false, user: user, errors: flattened.presence || simplified_error_messages(user))
+      end
+
+      def array_wrap(value)
+        case value
+        when Array
+          value
+        when nil
+          []
+        else
+          [value]
+        end
+      end
+
+      def simplified_error_messages(model)
+        return [] unless model.respond_to?(:errors)
+
+        model.errors.details.keys.map do |attr|
+          model.errors.full_messages_for(attr).first
+        end.compact
+      end
+    end
+  end
+end

data/lib/searls/auth/version.rb

@@ -1,5 +1,5 @@
 module Searls
   module Auth
-    VERSION = "0.1.1"
+    VERSION = "1.0.0"
   end
 end

data/lib/searls/auth.rb

@@ -1,10 +1,16 @@
 require_relative "auth/authenticates_user"
+require_relative "auth/parses_time_safely"
 require_relative "auth/config"
+require_relative "auth/builds_target_redirect_url" if defined?(Rails)
 require_relative "auth/creates_user" if defined?(Rails)
 require_relative "auth/emails_link"
+require_relative "auth/emails_verification"
 require_relative "auth/engine" if defined?(Rails)
 require_relative "auth/railtie" if defined?(Rails)
 require_relative "auth/resets_session"
+require_relative "auth/delivers_password_reset"
+require_relative "auth/resets_password"
+require_relative "auth/updates_settings"
 require_relative "auth/version"
 
 module Searls
@@ -12,6 +18,8 @@ module Searls
     class Error < StandardError; end
 
     DEFAULT_CONFIG = {
+      auth_methods: [:email_link, :email_otp],
+      email_verification_mode: :none,
       # Data setup
       user_finder_by_email: ->(email) { User.find_by(email:) },
       user_finder_by_id: ->(id) { User.find_by(id:) },
@@ -19,34 +27,52 @@ module Searls
       user_initializer: ->(params) { User.new(email: params[:email]) },
       user_name_method: "name",
       token_generator: ->(user) { user.generate_token_for(:email_auth) },
-      token_expiry_minutes: 30,
+      email_otp_expiry_minutes: 30,
+      password_verifier: ->(user, password) { user.authenticate(password) },
+      password_setter: ->(user, password) { user.password = password },
+      password_reset_token_generator: ->(user) { user.generate_token_for(:password_reset) },
+      password_reset_token_finder: ->(token) { User.find_by_token_for(:password_reset, token) },
+      before_password_reset: ->(user, params, controller) { true },
+      password_reset_enabled: true,
+      email_verified_predicate: ->(user) { user.respond_to?(:email_verified_at) && user.email_verified_at.present? },
+      email_verified_setter: ->(user, time = Time.current) { user.respond_to?(:email_verified_at) ? user.update!(email_verified_at: time) : true },
+      password_present_predicate: ->(user) { user.respond_to?(:password_digest) && user.password_digest.present? },
       # Controller setup
       preserve_session_keys_after_logout: [],
-      max_allowed_short_code_attempts: 10,
+      max_allowed_email_otp_attempts: 10,
       # View setup
       layout: "application",
       register_view: "searls/auth/registrations/show",
       login_view: "searls/auth/logins/show",
       verify_view: "searls/auth/verifications/show",
+      pending_email_verification_view: "searls/auth/registrations/pending_email_verification",
+      password_reset_request_view: "searls/auth/requests_password_resets/show",
+      password_reset_edit_view: "searls/auth/resets_passwords/show",
       mail_layout: "searls/auth/layouts/mailer",
       mail_login_template_path: "searls/auth/login_link_mailer",
       mail_login_template_name: "login_link",
+      mail_password_reset_template_path: "searls/auth/password_reset_mailer",
+      mail_password_reset_template_name: "password_reset",
+      mail_email_verification_template_path: "searls/auth/email_verification_mailer",
+      mail_email_verification_template_name: "verification_email",
       # Route setup
       redirect_path_after_register: ->(user, params, request, routes) {
         # Not every app defines a root_path, so guarding here:
         routes.respond_to?(:root_path) ? routes.root_path : "/"
       },
-      default_redirect_path_after_login: ->(user, params, request, routes) {
+      redirect_path_after_login: ->(user, params, request, routes) {
         # Not every app defines a root_path, so guarding here:
         routes.respond_to?(:root_path) ? routes.root_path : "/"
       },
+      redirect_path_after_settings_change: ->(user, params, request, routes) {
+        routes.respond_to?(:edit_settings_path) ? routes.edit_settings_path : "/settings"
+      },
       # Hook setup
       validate_registration: ->(user, params, errors) { errors },
-      after_login_success: nil,
+      after_login_success: ->(user) {},
       # Branding setup
       app_name: nil,
       app_url: nil,
-      support_email_address: nil,
       email_background_color: "#d8d7ed",
       email_button_color: "#c664f3",
       email_banner_image_path: nil,
@@ -55,23 +81,47 @@ module Searls
       flash_error_after_register_attempt: ->(error_messages, login_path, params) { error_messages },
       flash_notice_after_login_attempt: ->(user, params) { "Login details sent to #{params[:email]}" },
       flash_error_after_login_attempt_unknown_email: ->(register_path, params) {
-        "We don't know that email. <a href=\"#{register_path}\">Sign up</a> instead?".html_safe
+        "We don't know that email. <a href=\"#{register_path}\">Sign up</a> instead?"
+      },
+      flash_error_after_login_attempt_invalid_password: ->(params) { "Invalid password. Try again?" },
+      flash_error_after_login_attempt_unverified_email: ->(resend_path, params) {
+        "You must verify your email before logging in. <a href=\"#{resend_path}\" data-turbo-method=\"patch\">Resend verification email</a>"
+      },
+      flash_notice_after_login_with_unverified_email: ->(resend_path, params) {
+        "You are now logged in, but your email is still unverified. <a href=\"#{resend_path}\" data-turbo-method=\"patch\">Resend verification email</a>"
+      },
+      flash_error_after_password_misconfigured: ->(params) {
+        "Password authentication misconfigured. Add `bcrypt` to your Gemfile or override password hooks."
       },
+      flash_error_after_password_reset_token_invalid: ->(params) { "That password reset link is no longer valid. Try again?" },
+      flash_error_after_password_reset_password_mismatch: ->(params) { "Passwords must match. Try again?" },
+      flash_error_after_password_reset_password_blank: ->(params) { "Password can't be blank. Try again?" },
+      flash_error_after_password_reset_not_enabled: ->(params) { "Password resets are unavailable." },
       flash_notice_after_logout: "You've been logged out",
-      flash_notice_after_verification: "You are now logged in",
+      flash_notice_after_login: "You are now logged in",
+      flash_notice_after_verification_email_resent: "Verification email sent",
+      flash_notice_after_email_verified: "Email verified",
+      flash_notice_after_password_reset_email: ->(params) { "If that email exists, password reset instructions are on the way." },
+      flash_notice_after_password_reset: ->(user, params) { "Your password has been reset." },
       flash_error_after_verify_attempt_exceeds_limit: "Too many verification attempts. Please login again to generate a new code",
-      flash_error_after_verify_attempt_incorrect_short_code: "We weren't able to log you in with that code. Try again?",
-      flash_error_after_verify_attempt_invalid_link: "We weren't able to log you in with that link. Try again?"
+      flash_error_after_verify_attempt_incorrect_email_otp: "We weren't able to log you in with that code. Try again?",
+      flash_error_after_verify_attempt_invalid_link: "We weren't able to log you in with that link. Try again?",
+      flash_notice_after_settings_update: ->(user, params) { "Settings updated." },
+      flash_error_after_settings_current_password_missing: ->(params) { "Enter your current password to make changes." },
+      flash_error_after_settings_current_password_invalid: ->(params) { "That current password doesn't match our records." },
+      auto_login_after_password_reset: true
 
     }.freeze
 
-    CONFIG = Config.new(**DEFAULT_CONFIG)
-    def self.configure(&blk)
-      yield CONFIG
+    C_O_N_F_I_G__D_O_N_T_R_E_F_E_R_E_N_C_E__T_H_I_S__D_I_R_E_C_T_L_Y_L_O_L = Config.new(**DEFAULT_CONFIG)
+    def self.configure
+      yield C_O_N_F_I_G__D_O_N_T_R_E_F_E_R_E_N_C_E__T_H_I_S__D_I_R_E_C_T_L_Y_L_O_L
+      C_O_N_F_I_G__D_O_N_T_R_E_F_E_R_E_N_C_E__T_H_I_S__D_I_R_E_C_T_L_Y_L_O_L.validate!
+      C_O_N_F_I_G__D_O_N_T_R_E_F_E_R_E_N_C_E__T_H_I_S__D_I_R_E_C_T_L_Y_L_O_L
     end
 
     def self.config
-      CONFIG.dup.freeze
+      C_O_N_F_I_G__D_O_N_T_R_E_F_E_R_E_N_C_E__T_H_I_S__D_I_R_E_C_T_L_Y_L_O_L.dup.freeze
     end
   end
 end

data/script/setup

@@ -5,10 +5,5 @@ set -e
 bundle
 
 cd example/simple_app
-bundle
-bin/rake db:setup
-export PLAYWRIGHT_CLI_VERSION=$(bundle exec ruby -e 'require "playwright"; puts Playwright::COMPATIBLE_PLAYWRIGHT_VERSION.strip')
-PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD=1 yarn add -D "playwright@$PLAYWRIGHT_CLI_VERSION"
-yarn run playwright install chromium
-
+./script/setup
 cd ../..

data/script/test

@@ -7,7 +7,7 @@ bundle exec rake
 
 echo "-----> Testing example/simple_app"
 cd example/simple_app
-bin/rake
+./script/test
 cd ../..
 
 echo "-----> Looks good! 🪩"

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: searls-auth
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 1.0.0
 platform: ruby
 authors:
 - Justin Searls
@@ -35,30 +35,52 @@ files:
 - README.md
 - Rakefile
 - app/controllers/searls/auth/base_controller.rb
+- app/controllers/searls/auth/email_verifications_controller.rb
 - app/controllers/searls/auth/logins_controller.rb
 - app/controllers/searls/auth/registrations_controller.rb
+- app/controllers/searls/auth/requests_password_resets_controller.rb
+- app/controllers/searls/auth/resets_passwords_controller.rb
+- app/controllers/searls/auth/settings_controller.rb
 - app/controllers/searls/auth/verifications_controller.rb
 - app/helpers/searls/auth/application_helper.rb
 - app/javascript/controllers/searls_auth_login_controller.js
 - app/javascript/controllers/searls_auth_otp_controller.js
 - app/mailers/searls/auth/base_mailer.rb
+- app/mailers/searls/auth/email_verification_mailer.rb
 - app/mailers/searls/auth/login_link_mailer.rb
+- app/mailers/searls/auth/password_reset_mailer.rb
+- app/views/searls/auth/email_verification_mailer/verification_email.html.erb
+- app/views/searls/auth/email_verification_mailer/verification_email.text.erb
 - app/views/searls/auth/layouts/mailer.html.erb
 - app/views/searls/auth/login_link_mailer/login_link.html.erb
 - app/views/searls/auth/login_link_mailer/login_link.text.erb
 - app/views/searls/auth/logins/show.html.erb
+- app/views/searls/auth/password_reset_mailer/password_reset.html.erb
+- app/views/searls/auth/password_reset_mailer/password_reset.text.erb
+- app/views/searls/auth/registrations/pending_email_verification.html.erb
 - app/views/searls/auth/registrations/show.html.erb
+- app/views/searls/auth/requests_password_resets/show.html.erb
+- app/views/searls/auth/resets_passwords/show.html.erb
+- app/views/searls/auth/settings/edit.html.erb
+- app/views/searls/auth/shared/_login_fields.html.erb
+- app/views/searls/auth/shared/_register_fields.html.erb
 - app/views/searls/auth/verifications/show.html.erb
 - config/importmap.rb
 - config/routes.rb
 - lib/searls/auth.rb
 - lib/searls/auth/authenticates_user.rb
+- lib/searls/auth/builds_target_redirect_url.rb
 - lib/searls/auth/config.rb
 - lib/searls/auth/creates_user.rb
+- lib/searls/auth/delivers_password_reset.rb
 - lib/searls/auth/emails_link.rb
+- lib/searls/auth/emails_verification.rb
 - lib/searls/auth/engine.rb
+- lib/searls/auth/parses_time_safely.rb
 - lib/searls/auth/railtie.rb
+- lib/searls/auth/resets_password.rb
 - lib/searls/auth/resets_session.rb
+- lib/searls/auth/updates_settings.rb
 - lib/searls/auth/version.rb
 - script/setup
 - script/setup_ci
@@ -84,7 +106,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.6.7
+rubygems_version: 3.6.9
 specification_version: 4
 summary: Searls-flavored login for Rails apps
 test_files: []