simple_auth 2.0.4 → 3.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 5a215455bb8f741f52ef5264369f23de3ba08c7d
-  data.tar.gz: 1d8f0a5c88ff1984aafc1e15301bb45f35b756fa
+  metadata.gz: 1de8cb8aeaa7b6bfee0b0a72545d2a466b931837
+  data.tar.gz: f4319e57e9226858d1b90e9b8d2aa84c684b21ef
 SHA512:
-  metadata.gz: 2720ed1e46481f2f76fec454b8a987f9e8e5398ab86c796ab4bd503313e1b1116136370b3865cc48fbbde7a1ac7462fa4bf4e89c05cf47dcf8202a14b1577ad7
-  data.tar.gz: 2ef4c67cfb8cada8dba397db2a0b032ed474233a5cfa408897d269bac2898f5d80b3a6821a24f8fff0448c0b702d8341bf10565a6260ae9e5df01e19f72d8181
+  metadata.gz: 66b65c80f6776fc1fff063e454614639e8916c33a16bf8e381abb2bc1b400ca470d3c0a2f876945f3ce753d25d7e02b32b670cabc81ff21e0181c8d1d428d6f9
+  data.tar.gz: 80386bfdc372ce83bf8ef03b18081d2b6415fb0b92925a00bb26bfa8415bdf3d320c59c825a683e3e1e9cbdff72f981a50bb54e883ed8532695c46a614f94a3f

data/.gitignore

@@ -5,3 +5,6 @@ log
 .bundle
 gemfiles/*.lock
 Gemfile.lock
+*.log
+/tmp
+/log

data/.travis.yml

@@ -1,11 +1,8 @@
+sudo: false
+cache: bundler
 rvm:
-  - 1.9.3
-  - 2.0.0
-  - 2.1.0
-script: bundle exec rspec
+  - "2.2.4"
+script: bundle exec rake
 gemfile:
-  - Gemfile
-  - gemfiles/rails_3_1.gemfile
-  - gemfiles/rails_3_2.gemfile
-  - gemfiles/rails_4_0.gemfile
-  - gemfiles/rails_4_1.gemfile
+  - gemfiles/rails_4_2.gemfile
+  - gemfiles/rails_5_0.gemfile

data/CHANGELOG.md

@@ -1,3 +1,7 @@
+#v3.0.0
+- Reimplemented library.
+- Add support for scoped authentication (e.g. user and admin).
+
 # v2.0.3
 
 - Assign the raw password/confirmation, so we can apply validations on the raw value.

data/Gemfile

@@ -1,2 +1,2 @@
-source "http://rubygems.org"
+source "https://rubygems.org"
 gemspec

data/MIGRATE.md

@@ -0,0 +1,40 @@
+# Migrate from previous versions to v3
+
+Follow these steps:
+
+1. Rename your existing `config/initializers/simple_auth.rb` to `config/initializers/simple_auth.rb.old`.
+2. Generate a new initializer with `rails g simple_auth:install`. Update `config/initializers/simple_auth.rb` with your settings (check `simple_auth.rb.old`).
+3. Remove `config/initializers/simple_auth.rb.old`.
+4. Remove `authentication` from your model (e.g. `User`).
+5. Replace all calls from old version as the list below:
+    - Controllers: `require_logged_user` becomes `before_action :require_logged_user`.
+    - Controllers: `redirect_logged_user` becomes `before_action :redirect_logged_user`.
+    - Controllers & Views: `logged_in?` becomes `user_logged_in?`.
+    - Controllers: `authorized?` becomes `authorized_user?`.
+    - Controllers: `current_session.destroy` becomes `reset_session`.
+6. On your sessions controller, replace the call to `SimpleAuth::Session.new` to something like this:
+```ruby
+class SessionsController < ApplicationController
+  def new
+  end
+
+  def create
+    @user = User.find_by_email(params[:email])
+
+    if @user.try(:authenticate, params[:password])
+      SimpleAuth::Session.create(scope: "user", session: session, record: @user)
+      redirect_to return_to(dashboard_path)
+    else
+      flash[:alert] = "Invalid username or password"
+      render :new
+    end
+  end
+
+  def destroy
+    reset_session
+    redirect_to root_path
+  end
+end
+```
+
+If you have any issue, just [open a ticket](https://github.com/fnando/simple_auth/issues/new).

data/README.md

@@ -2,12 +2,13 @@
 
 [![Build Status](https://travis-ci.org/fnando/simple_auth.svg)](https://travis-ci.org/fnando/simple_auth)
 [![Code Climate](https://codeclimate.com/github/fnando/simple_auth.png)](https://codeclimate.com/github/fnando/simple_auth)
+[![Gem Version](https://badge.fury.io/rb/simple_auth.svg)](http://badge.fury.io/rb/simple_auth)
 
 SimpleAuth is an authentication library to be used when everything else is just too complicated.
 
-This library only supports in-site authentication and won't implement OpenID, Facebook Connect and like.
+This library only handles session. You have to implement the authentication strategy as you want (e.g. in-site authentication, OAuth, etc).
 
-Rails 3.1.0+ is required.
+Rails 4.2+ running over Ruby 2.1+ is required.
 
 ## Installation
 
@@ -19,67 +20,42 @@ Then run `rails generate simple_auth:install` to copy the initializer file.
 
 ## Usage
 
-Your user model should have the attribute `password_digest`. The credential field can be anything you want, but SimpleAuth uses `[:email, :login]` by default.
+The initializer will install the required helper methods on your controller. So, let's say you want to support `user` and `admin` authentication. You'll need to specify the following scope.
 
 ```ruby
-class CreateUsers < ActiveRecord::Migration
-  def change
-    create_table :users do |t|
-      t.string :email, null: false
-      t.string :login, null: false
-      t.string :password_digest, null: false
-
-      t.timestamps
-    end
+# config/initializers/simple_auth.rb
+SimpleAuth.setup do |config|
+  config.scopes = %i[user admin]
+  config.login_url = proc { login_path }
+  config.logged_url = proc { dashboard_path }
 
-    add_index :users, :email, unique: true
-    add_index :users, :login, unique: true
-    add_index :users, [:email, :login]
-  end
-end
-```
-
-In your model, use the `authentication` macro.
-
-```ruby
-class User < ActiveRecord::Base
-  authentication
+  config.install_helpers!
 end
 ```
 
-This will add some callbacks and password validations. It will also inject helper methods like `Model.authenticate`.
-
-Session is valid only when both `Model#authorized?` and `Controller#authorized?` methods return `true`, which is the default behavior. You can override these methods with your own rules:
+Session is valid only when `Controller#authorized_#{scope}?` method returns `true`, which is the default behavior. You can override these methods with your own rules; the following example shows how you can authorize all e-mails from `@example.com` to access the admin dashboard.
 
 ```ruby
-class User < ActiveRecord::Base
-  authentication
-
-  def authorized?
-    deleted_at.nil?
-  end
-end
-
 class Admin::DashboardController < ApplicationController
   private
-  def authorized?
-    current_user.admin?
+  def authorized_admin?
+    current_user.email.match(/@example.com\z/)
   end
 end
 ```
 
-After you set up the model, you can go to the controller.
+So, how do you set up a new user session? That's really simple, actually.
 
 ```ruby
 class SessionsController < ApplicationController
   def new
-    @user_session = SimpleAuth::Session.new
   end
 
   def create
-    @user_session = SimpleAuth::Session.new(params[:session])
+    @user = User.find_by_email(params[:email])
 
-    if @user_session.save
+    if @user.try(:authenticate, params[:password])
+      SimpleAuth::Session.create(scope: "user", session: session, record: @user)
       redirect_to return_to(dashboard_path)
     else
       flash[:alert] = "Invalid username or password"
@@ -88,79 +64,38 @@ class SessionsController < ApplicationController
   end
 
   def destroy
-    current_session.destroy if logged_in?
+    reset_session
     redirect_to root_path
   end
 end
 ```
 
-The `return_to` helper will give you the requested url (before the user logged in) or the default url.
+First thing to notice is that simple_auth doesn't care about how you authenticate. You could easily set up a different authentication strategy, e.g. API tokens. The important part is assign the `record:` and `scope:` options. The `return_to` helper will give you the requested url (before the user logged in) or the default url.
+
+Same thing applies to destroying a session. You can just reset it, calling `reset_session`.
 
-You can restrict access by using 2 macros:
+You can restrict access by using 2 macros. Use `redirect_logged_#{scope}` to avoid rendering a page for logged user.
 
 ```ruby
 class SignupController < ApplicationController
-  redirect_logged_user :to => "/"
+  before_action :redirect_logged_user
 end
 ```
 
-Here's some usage examples:
-
-```ruby
-redirect_logged_user :to => proc { login_path }
-redirect_logged_user :to => {:controller => "dashboard"}
-redirect_logged_user :only => [:index], :to => login_path
-redirect_logged_user :except => [:public], :to => login_path
-```
-
-You can skip the `:to` option if you set it globally on your initializer:
-
-```ruby
-SimpleAuth::Config.logged_url = {:controller => "session", :action => "new"}
-SimpleAuth::Config.logged_url = proc { login_path }
-```
-
-To require a logged user, use the `require_logged_user` macro:
+Use `require_logged_#{scope}` to enforce authenticated access.
 
 ```ruby
 class DashboardController < ApplicationController
-  require_logged_user :to => proc { login_path }
+  before_action :require_logged_user
 end
 ```
 
-Here's some usage examples:
+"So which helpers are defined?", you ask. Just three simple helpers.
 
 ```ruby
-require_logged_user :to => proc { login_path }
-require_logged_user :to => {:controller => "session", :action => "new"}
-require_logged_user :only => [:index], :to => login_path
-require_logged_user :except => [:public], :to => login_path
-```
-
-You can skip the `:to` option if you set it globally on your initializer:
-
-```ruby
-SimpleAuth::Config.login_url = {:controller => "session", :action => "new"}
-SimpleAuth::Config.login_url = proc { login_path }
-```
-
-There are some helpers:
-
-```ruby
-logged_in?              # controller & views
-current_user            # controller & views
-current_session         # controller & views
-when_logged(&block)     # views
-find_by_credential      # model
-find_by_credential!     # model
-```
-
-If you're having problems to use any helper, include the module `SimpleAuth::Helper` on your `ApplicationHelper`.
-
-```ruby
-module ApplicationHelper
-  include SimpleAuth::Helper
-end
+#{scope}_logged_in?    # e.g. user_logged_in? (available in controller & views)
+current_#{scope}       # e.g. current_user    (available in controller & views)
+#{scope}_session       # e.g. user_session    (available in controller & views)
 ```
 
 ### Translations
@@ -170,54 +105,16 @@ These are the translations you'll need:
 ```yaml
 en:
   simple_auth:
-    sessions:
-      need_to_be_logged: "You need to be logged"
-      invalid_credentials: "Invalid username or password"
-```
-
-### Compatibility Mode with v1
-
-The previous version was based on hashing with salt. If you want to migrate to the v2 release, you must do some things.
-
-First, add the following line to the configuration initializer (available at `config/initializers/simple_auth.rb`:
-
-```ruby
-require "simple_auth/compat"
-```
-
-Then create a field called `password_digest`. This field is required by the `ActiveRecord::Base.has_secure_password` method. You can create a migration with the following content:
-
-```ruby
-class AddPasswordDigestToUsers < ActiveRecord::Migration
-  def up
-    add_column :users, :password_digest, :string, null: true
-    SimpleAuth.migrate_passwords!
-    change_column_null :users, :password_digest, false
-  end
-
-  def down
-    remove_column :users, :password_digest
-  end
-end
-```
-
-Apply this migration with `rake db:migrate`. Go read a book; this is going to take a while.
-
-Check if your application is still working. If so, you can remove the `password_hash` column. Here's the migration to do it so.
-
-```ruby
-class RemovePasswordHashFromUsers < ActiveRecord::Migration
-  def change
-    remove_column :users, :password_hash
-  end
-end
+    user:
+      need_to_be_logged_in: "You need to be logged"
+      not_authorized: "You don't have permission to access this page"
 ```
 
-Again, apply this migration with `rake db:migrate`.
+If you don't set these translations, a default message will be used.
 
 ## Maintainer
 
-* Nando Vieira (<http://simplesideias.com.br>)
+* Nando Vieira (<http://nandovieira.com>)
 
 ## License:
 

data/Rakefile

@@ -1,20 +1,10 @@
-require "bundler"
-Bundler::GemHelper.install_tasks
+require "bundler/gem_tasks"
+require "rake/testtask"
 
-require "rspec/core/rake_task"
-RSpec::Core::RakeTask.new
-
-desc "Run specs against all gemfiles"
-task "spec:all" do
-  %w[
-    Gemfile
-    gemfiles/rails_3_1.gemfile
-    gemfiles/rails_3_2.gemfile
-    gemfiles/rails_4_0.gemfile
-    gemfiles/rails_4_1.gemfile
-  ].each do |gemfile|
-    puts "\n=> Running with Gemfile: #{gemfile}"
-    system "BUNDLE_GEMFILE=#{gemfile} bundle exec rspec"
-    exit 1 unless $?.success?
-  end
+Rake::TestTask.new(:test) do |t|
+  t.libs << "test"
+  t.libs << "lib"
+  t.test_files = FileList["test/**/*_test.rb"]
 end
+
+task :default => :test

data/bin/console

@@ -0,0 +1,5 @@
+#!/usr/bin/env ruby
+require "bundler/setup"
+require "pry"
+Pry.start
+require "simple_auth"

data/gemfiles/{rails_4_1.gemfile → rails_4_2.gemfile}

@@ -1,4 +1,4 @@
 source "https://rubygems.org"
 gemspec path: ".."
 
-gem "rails", "~> 4.1.0"
+gem "rails", "~> 4.2.4"

data/gemfiles/{rails_4_0.gemfile → rails_5_0.gemfile}

@@ -1,4 +1,4 @@
 source "https://rubygems.org"
 gemspec path: ".."
 
-gem "rails", "~> 4.0.0"
+gem "rails", github: "rails/rails"

data/lib/simple_auth.rb

@@ -1,11 +1,26 @@
-require "rails/railtie"
-require "active_support/all"
-
-require "simple_auth/railtie"
-require "simple_auth/config"
-require "simple_auth/exceptions"
-require "simple_auth/action_controller"
-require "simple_auth/active_record"
-require "simple_auth/session"
-require "simple_auth/helper"
-require "simple_auth/version"
+module SimpleAuth
+  require "rails/railtie"
+  require "active_support/concern"
+
+  require "simple_auth/version"
+  require "simple_auth/config"
+  require "simple_auth/railtie"
+  require "simple_auth/action_controller"
+  require "simple_auth/action_controller/require_login_action"
+  require "simple_auth/session"
+  require "simple_auth/generator"
+
+  def self.setup
+    yield config
+  end
+
+  def self.config
+    @config ||= Config.new
+  end
+
+  setup do |config|
+    config.scopes = %i[user]
+    config.login_url = -> { login_path }
+    config.logged_url = -> { dashboard_path }
+  end
+end

data/lib/simple_auth/action_controller.rb

@@ -1,102 +1,74 @@
+# frozen_string_literal: true
 module SimpleAuth
   module ActionController
-    def self.included(base)
-      base.class_eval do
-        include InstanceMethods
-        extend ClassMethods
-      end
-    end
+    extend ActiveSupport::Concern
 
-    module InstanceMethods
-      private
-      def return_to(url = nil, &block)
-        url = session.delete(:return_to) || url
-        url = instance_eval(&block) if block_given?
-        url
-      end
+    included do
+      install_simple_auth_scopes
+    end
 
-      def current_session
-        @current_session ||= SimpleAuth::Session.find
+    module ClassMethods
+      def install_simple_auth_scopes
+        SimpleAuth.config.scopes.each do |scope|
+          install_simple_auth_scope(scope)
+          helper_method "current_#{scope}", "#{scope}_logged_in?"
+        end
       end
 
-      def current_user
-        current_session && current_session.record
-      end
+      def install_simple_auth_scope(scope)
+        class_eval <<-RUBY, __FILE__, __LINE__ + 1
+          def #{scope}_session
+            @#{scope}_session ||= Session.create(scope: :#{scope}, session: session)
+          end
 
-      def authorized?
-        true
-      end
+          def current_#{scope}
+            #{scope}_session.record
+          end
 
-      def logged_in?
-        current_user != nil
-      end
+          def #{scope}_logged_in?
+            current_#{scope}.present?
+          end
+        RUBY
 
-      def activate_simple_auth
-        SimpleAuth::Config.controller = self
-      end
+        define_method "authorized_#{scope}?" do
+          true
+        end
 
-      def simple_auth_url_for(method, controller, path)
-        path ||= SimpleAuth::Config.send(method)
-        path = controller.instance_eval(&path) if path.kind_of?(Proc)
-        path
-      end
+        define_method "require_logged_#{scope}" do
+          simple_auth_require_logged_scope(scope)
+        end
 
-      def request_uri
-        if request.respond_to?(:fullpath)
-          request.fullpath
-        else
-          request.request_uri
+        define_method "redirect_logged_#{scope}" do
+          simple_auth_redirect_logged_scope(scope)
         end
       end
     end
 
-    module ClassMethods
-      # Redirect unlogged users to the specified <tt>:to</tt> path
-      #
-      #   require_logged_user :to => proc { login_path }
-      #   require_logged_user :to => {:controller => "session", :action => "new"}
-      #   require_logged_user :only => [:index], :to => login_path
-      #   require_logged_user :except => [:public], :to => login_path
-      #
-      # You can set login url globally:
-      #
-      #   SimpleAuth::Config.login_url = {:controller => "session", :action => "new"}
-      #   SimpleAuth::Config.login_url = proc { login_path }
-      #
-      def require_logged_user(options = {})
-        before_filter options.except(:to) do |controller|
-          controller.instance_eval do
-            # Already logged in, so skip validation.
-            next if current_session.try(:valid?) && authorized?
+    private
 
-            session[:return_to] = request_uri if request.get?
+    def simple_auth
+      @simple_auth ||= SimpleAuth.config
+    end
 
-            SimpleAuth::Session.destroy!
-            flash.alert = t("simple_auth.sessions.need_to_be_logged")
-            redirect_to simple_auth_url_for(:login_url, controller, options[:to])
-          end
-        end
-      end
+    def return_to(url)
+      session[:return_to] || url
+    end
 
-      # Redirect logged users to the specified <tt>:to</tt> path
-      #
-      #   redirect_logged_user :to => proc { login_path }
-      #   redirect_logged_user :to => {:controller => "dashboard"}
-      #   redirect_logged_user :only => [:index], :to => login_path
-      #   redirect_logged_user :except => [:public], :to => login_path
-      #
-      # You can set the logged url globally:
-      #
-      #   SimpleAuth::Config.logged_url = {:controller => "dashboard", :action => "index"}
-      #   SimpleAuth::Config.logged_url = proc { dashboard_path }
-      #
-      def redirect_logged_user(options = {})
-        before_filter options.except(:to) do |controller|
-          controller.instance_eval do
-            redirect_to simple_auth_url_for(:logged_url, controller, options[:to]) if logged_in?
-          end
-        end
-      end
+    def simple_auth_require_logged_scope(scope)
+      action = RequireLoginAction.new(self, scope)
+      return if action.valid?
+
+      reset_session
+      flash[:alert] = action.message
+      session[:return_to] = request.fullpath if request.get?
+      redirect_to instance_eval(&simple_auth.login_url)
+    end
+
+    def simple_auth_redirect_logged_scope(scope)
+      scope_session = send("#{scope}_session")
+      return unless scope_session.valid?
+
+      redirect_to instance_eval(&simple_auth.logged_url)
     end
   end
 end