simple_auth 3.1.3 → 3.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b1d2a68a9455a5f601c57c8f98d70af46795e492f084815a9f2f1f929591d3b0
-  data.tar.gz: 0f0cb2fec8e43e8d2c00970618bb120b9914d4c2ffe113b93038bacec2d8c4d4
+  metadata.gz: 767e5c4765e914fc1e310fe57f9ad0491ccfc7f3eff8b22c0002877bb4ddb262
+  data.tar.gz: f2ffea82bbf55a41c705bddb67b638f7df1cfb1f4abc1918c4d89d7b46bde019
 SHA512:
-  metadata.gz: 38930354c31b9b9b43970e0efc9d7ae0a71b643702fd8f37b46527a811e30174f32a31e339225d56f3c08175b7e96d24dc9baa764622bc2ad1b6bd27538d0e3d
-  data.tar.gz: 80715edb98f53b659ca8a95cdda946863da7eb25e4310398621f0fffc24e4becbe0d78e2c9c412a06972a765bbc448a2ecfbf064abac0a10da7fe0b41bd607c1
+  metadata.gz: b1489bc14e6f5b787902ad3540e7236e1112a71939f192cdf2e100af5ce0ca302794200e307c517334ef8fe42ec87ade787cfb609f96c6cee91093431741a103
+  data.tar.gz: fe1ee4d957ac0a892cedd74efbc7a0f671f1d9adeb6a11f268fc9d4cba7e8a45aac9d8b9a1c68798dde41dd17fb7c3f6ba71062c63320a12635816855016fa1d

data/.github/CODEOWNERS

@@ -0,0 +1,4 @@
+# You can read more about CODEOWNERS at
+# https://help.github.com/github/creating-cloning-and-archiving-repositories/about-code-owners
+
+* @fnando

data/.github/FUNDING.yml

@@ -0,0 +1,4 @@
+# These are supported funding model platforms
+---
+github: [fnando]
+custom: ["https://paypal.me/nandovieira/🍕"]

data/.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,41 @@
+---
+name: "🐛 Bug Report"
+about: Report a reproducible bug or regression.
+title: 'Bug: '
+labels: 'Status: Unconfirmed'
+
+---
+
+<!--
+  - Please provide a clear and concise description of what the bug is.
+  - If possible, add an example reproducing your issue.
+  - Please test using the latest version of simple_auth
+    to make sure your issue has not already been fixed.
+-->
+
+## Description
+
+[Add bug description here]
+
+## How to reproduce
+
+[Add steps on how to reproduce this issue]
+
+## What do you expect
+
+[Describe what do you expect to happen]
+
+## What happened instead
+
+[Describe the actual results]
+
+## Software:
+
+- Gem version: [Add gem version here]
+- Ruby version: [Add version here]
+
+## Full backtrace
+
+```text
+[Paste full backtrace here]
+```

data/.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,5 @@
+---
+contact_links:
+  - name: "🤨 Q&A"
+    url: https://github.com/fnando/simple_auth/discussions/new?category=q-a
+    about: Have a question? Ask it away here!

data/.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,23 @@
+---
+name: "💡 Feature request"
+about: Have an idea that may be useful? Make a suggestion!
+title: 'Feature Request: '
+labels: 'Feature request'
+
+---
+
+## Description
+
+_A clear and concise description of what the problem is._
+
+## Describe the solution
+
+_A clear and concise description of what you want to happen._
+
+## Alternatives you considered
+
+_A clear and concise description of any alternative solutions or features you've considered._
+
+## Additional context
+
+_Add any other context, screenshots, links, etc about the feature request here._

data/.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,38 @@
+<!--
+If you're making a doc PR or something tiny where the below is irrelevant,
+delete this template and use a short description, but in your description aim to
+include both what the change is, and why it is being made, with enough context
+for anyone to understand.
+-->
+
+<details>
+  <summary>PR Checklist</summary>
+
+### PR Structure
+
+- [ ] This PR has reasonably narrow scope (if not, break it down into smaller
+      PRs).
+- [ ] This PR avoids mixing refactoring changes with feature changes (split into
+      two PRs otherwise).
+- [ ] This PR's title starts is concise and descriptive.
+
+### Thoroughness
+
+- [ ] This PR adds tests for the most critical parts of the new functionality or
+      fixes.
+- [ ] I've updated any docs, `.md` files, etc… affected by this change.
+
+</details>
+
+### What
+
+[TODO: Short statement about what is changing.]
+
+### Why
+
+[TODO: Why this change is being made. Include any context required to understand
+the why.]
+
+### Known limitations
+
+[TODO or N/A]

data/.github/dependabot.yml

@@ -0,0 +1,15 @@
+---
+# Documentation:
+# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"
+
+  - package-ecosystem: bundler
+    directory: "/"
+    schedule:
+      interval: "daily"

data/.github/workflows/ruby-tests.yml

@@ -0,0 +1,69 @@
+---
+name: ruby-tests
+
+on:
+  pull_request_target:
+  push:
+    branches:
+      - main
+  workflow_dispatch:
+    inputs: {}
+
+jobs:
+  build:
+    name: Tests with Ruby ${{ matrix.ruby }} and ${{ matrix.gemfile }}
+    runs-on: "ubuntu-latest"
+    if: |
+      github.actor == 'dependabot[bot]' && github.event_name == 'pull_request_target' ||
+      github.actor != 'dependabot[bot]'
+    strategy:
+      fail-fast: false
+      matrix:
+        ruby: ["3.3", "3.4", "4.0"]
+        gemfile:
+          - Gemfile
+          - gemfiles/rails_8_0.gemfile
+          - gemfiles/rails_8_1.gemfile
+
+    services:
+      postgres:
+        image: postgres:11.5
+        ports: ["5432:5432"]
+        options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/cache@v3
+        with:
+          path: vendor/bundle
+          key: >
+            ${{ runner.os }}-${{ matrix.ruby }}-gems-${{ hashFiles(matrix.gemfile) }} #magic___^_^___line
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.ruby }}
+
+      - name: Install PostgreSQL client
+        env:
+          PGHOST: localhost
+          PGUSER: postgres
+        run: |
+          sudo apt-get -yqq install libpq-dev
+          psql -U postgres -c "create database test"
+
+      - name: Install gem dependencies
+        env:
+          BUNDLE_GEMFILE: ${{ matrix.gemfile }}
+        run: |
+          gem install bundler
+          bundle config path vendor/bundle
+          bundle update --jobs 4 --retry 3
+
+      - name: Run Tests
+        env:
+          BUNDLE_GEMFILE: ${{ matrix.gemfile }}
+          PGHOST: localhost
+          PGUSER: postgres
+        run: |
+          bundle exec rake

data/.rubocop.yml

@@ -3,7 +3,11 @@ inherit_gem:
   rubocop-fnando: .rubocop.yml
 
 AllCops:
-  TargetRubyVersion: 2.6
+  TargetRubyVersion: 3.3
+  NewCops: enable
+  Exclude:
+    - gemfiles/**/*
+    - vendor/**/*
 
-Metrics/AbcSize:
+Minitest/EmptyLineBeforeAssertionMethods:
   Enabled: false

data/CHANGELOG.md

@@ -1,45 +1,56 @@
-# v3.1.3
+# Changelog
+
+## v3.2.0
+
+- Bump up ruby requirement to 3.3.
+- Add support for ActionController::API
+
+## v3.1.4
+
+- Add `authenticate(scope, condition, &block)`, so you can restrict routes
+  directly from the routes definition.
+
+## v3.1.3
 
 - Remove session[:return_to] after using it.
 
-# v3.1.2
+## v3.1.2
 
 - Make flash message key configurable via
   `SimpleAuth::Config#flash_message_key`.
 
-# v3.1.1
+## v3.1.1
 
 - Catch exceptions related to record not found when session tries to load a
   record from session. You can customize the recognized exceptions by adding the
   error class to `SimpleAuth::Session.record_not_found_exceptions`.
 
-# v3.1.0
+## v3.1.0
 
 - SimpleAuth now uses [GlobalID](https://github.com/rails/globalid) as the
   identification that's saved on the session. This should be a seamless
   migration (users will only have to re-login). This allows using any objects
   that respond to `#to_gid`, including namespaced models and POROs.
 
-# v3.0.0
+## v3.0.0
 
 - Reimplemented library.
 - Add support for scoped authentication (e.g. user and admin).
 
-# v2.0.3
+## v2.0.3
 
 - Assign the raw password/confirmation, so we can apply validations on the raw
   value.
 
-# v2.0.2
+## v2.0.2
 
 - The compat wasn't validating fields correctly.
 
-# v2.0.1
+## v2.0.1
 
 - The compat mode wasn't generating the `password_digest`.
 
-# v2.0.0
+## v2.0.0
 
-- Released version 2.0.0. This version removes support for MongoDB
-  and switches to `has_secure_password` encryption method. This
-  change requires Rails 3.1.0+.
+- Released version 2.0.0. This version removes support for MongoDB and switches
+  to `has_secure_password` encryption method. This change requires Rails 3.1.0+.

data/CODE_OF_CONDUCT.md

@@ -0,0 +1,74 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+In the interest of fostering an open and welcoming environment, we as
+contributors and maintainers pledge to making participation in our project and
+our community a harassment-free experience for everyone, regardless of age, body
+size, disability, ethnicity, gender identity and expression, level of experience,
+nationality, personal appearance, race, religion, or sexual identity and
+orientation.
+
+## Our Standards
+
+Examples of behavior that contributes to creating a positive environment
+include:
+
+* Using welcoming and inclusive language
+* Being respectful of differing viewpoints and experiences
+* Gracefully accepting constructive criticism
+* Focusing on what is best for the community
+* Showing empathy towards other community members
+
+Examples of unacceptable behavior by participants include:
+
+* The use of sexualized language or imagery and unwelcome sexual attention or
+advances
+* Trolling, insulting/derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or electronic
+  address, without explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Our Responsibilities
+
+Project maintainers are responsible for clarifying the standards of acceptable
+behavior and are expected to take appropriate and fair corrective action in
+response to any instances of unacceptable behavior.
+
+Project maintainers have the right and responsibility to remove, edit, or
+reject comments, commits, code, wiki edits, issues, and other contributions
+that are not aligned to this Code of Conduct, or to ban temporarily or
+permanently any contributor for other behaviors that they deem inappropriate,
+threatening, offensive, or harmful.
+
+## Scope
+
+This Code of Conduct applies both within project spaces and in public spaces
+when an individual is representing the project or its community. Examples of
+representing a project or community include using an official project e-mail
+address, posting via an official social media account, or acting as an appointed
+representative at an online or offline event. Representation of a project may be
+further defined and clarified by project maintainers.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported by contacting the project team at me@fnando.com. All
+complaints will be reviewed and investigated and will result in a response that
+is deemed necessary and appropriate to the circumstances. The project team is
+obligated to maintain confidentiality with regard to the reporter of an incident.
+Further details of specific enforcement policies may be posted separately.
+
+Project maintainers who do not follow or enforce the Code of Conduct in good
+faith may face temporary or permanent repercussions as determined by other
+members of the project's leadership.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
+available at [https://contributor-covenant.org/version/1/4][version]
+
+[homepage]: https://contributor-covenant.org
+[version]: https://contributor-covenant.org/version/1/4/

data/LICENSE.md

@@ -0,0 +1,20 @@
+(The MIT License)
+
+Copyright (c) 2010 Nando Vieira
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the 'Software'), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+the Software, and to permit persons to whom the Software is furnished to do so,
+subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -1,10 +1,9 @@
 # Simple Auth
 
-[![Travis-CI](https://travis-ci.org/fnando/simple_auth.svg)](https://travis-ci.org/fnando/simple_auth)
-[![Code Climate](https://codeclimate.com/github/fnando/simple_auth/badges/gpa.svg)](https://codeclimate.com/github/fnando/simple_auth)
-[![Test Coverage](https://codeclimate.com/github/fnando/simple_auth/badges/coverage.svg)](https://codeclimate.com/github/fnando/simple_auth/coverage)
+[![Tests](https://github.com/fnando/simple_auth/workflows/ruby-tests/badge.svg)](https://github.com/fnando/simple_auth)
 [![Gem](https://img.shields.io/gem/v/simple_auth.svg)](https://rubygems.org/gems/simple_auth)
 [![Gem](https://img.shields.io/gem/dt/simple_auth.svg)](https://rubygems.org/gems/simple_auth)
+[![MIT License](https://img.shields.io/:License-MIT-blue.svg)](https://tldrlegal.com/license/mit-license)
 
 SimpleAuth is an authentication library to be used when everything else is just
 too complicated.
@@ -136,16 +135,80 @@ current_#{scope}       # e.g. current_user    (available in controller & views)
 #{scope}_session       # e.g. user_session    (available in controller & views)
 ```
 
+#### From your routes file
+
+You can also restrict routes directly from your routes:
+
+```ruby
+Rails.application.routes.draw do
+  authenticate :admin, ->(user) { user.admin? } do
+    mount Sidekiq::Web, at: "sidekiq"
+  end
+end
+```
+
+In this case, `:admin` is the scope and the lambda will only be called whenever
+there's a valid record associated with that record.
+
+### API Controllers
+
+simple_auth supports `ActionController::API`-based controllers. Include the
+`SimpleAuth::ActionController::API` module in your API controller:
+
+```ruby
+class ApiController < ActionController::API
+  include SimpleAuth::ActionController::API
+
+  before_action :authenticate_via_token
+  before_action :require_logged_user
+
+  def index
+    render json: {message: "hello there"}
+  end
+
+  private def authenticate_via_token
+    user = User.find_by_api_token(id: request.headers["Authorization"])
+
+    return render(plain: "401 Unauthorized", status: :unauthorized) unless user
+
+    SimpleAuth::Session.create(scope: "user", session:, record: user)
+  end
+end
+```
+
+By default, unauthorized requests receive a `401 Unauthorized` plain text
+response. You can override `render_unauthorized_access(authorization)` to
+customize this behavior. The `authorization` object gives you access to
+`authorization.error_message`, which contains the translated error message for
+the failed authorization:
+
+```ruby
+class ApiController < ActionController::API
+  include SimpleAuth::ActionController::API
+
+  private def render_unauthorized_access(authorization)
+    render json: {error: authorization.error_message}, status: :unauthorized
+  end
+end
+```
+
+> [!NOTE]
+>
+> `SimpleAuth::ActionController::API` defines a stub session object that's just
+> a hash, so the user record can be resolved across multiple calls within the
+> same request.
+
 ### Translations
 
 These are the translations you'll need:
 
 ```yaml
+---
 en:
   simple_auth:
     user:
-      need_to_be_logged_in: "You need to be logged in"
-      not_authorized: "You don't have permission to access this page"
+      unlogged_in: "You need to be logged in"
+      unauthorized: "You don't have permission to access this page"
 ```
 
 If you don't set these translations, a default message will be used.
@@ -154,6 +217,7 @@ To display the error message, use something like `<%= flash[:alert] %>`. If you
 want to use a custom key, say `:error`, use the configuration file
 `config/initializers/simple_auth.rb` to define the new key:
 
+```ruby
 # config/initializers/simple_auth.rb
 SimpleAuth.setup do |config|
   # ...
@@ -166,27 +230,25 @@ end
 
 ## Maintainer
 
-* Nando Vieira (<http://nandovieira.com>)
+- [Nando Vieira](https://github.com/fnando)
+
+## Contributors
+
+- https://github.com/fnando/simple_auth/contributors
+
+## Contributing
 
-## License:
+For more details about how to contribute, please read
+https://github.com/fnando/simple_auth/blob/main/CONTRIBUTING.md.
 
-(The MIT License)
+## License
 
-Permission is hereby granted, free of charge, to any person obtaining
-a copy of this software and associated documentation files (the
-'Software'), to deal in the Software without restriction, including
-without limitation the rights to use, copy, modify, merge, publish,
-distribute, sublicense, and/or sell copies of the Software, and to
-permit persons to whom the Software is furnished to do so, subject to
-the following conditions:
+The gem is available as open source under the terms of the
+[MIT License](https://opensource.org/licenses/MIT). A copy of the license can be
+found at https://github.com/fnando/simple_auth/blob/main/LICENSE.md.
 
-The above copyright notice and this permission notice shall be
-included in all copies or substantial portions of the Software.
+## Code of Conduct
 
-THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
-IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
-CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
-TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
-SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+Everyone interacting in the simple_auth project's codebases, issue trackers,
+chat rooms and mailing lists is expected to follow the
+[code of conduct](https://github.com/fnando/simple_auth/blob/main/CODE_OF_CONDUCT.md).

data/gemfiles/rails_6_1.gemfile

@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+
+source "https://rubygems.org"
+gemspec path: ".."
+
+gem "rails", "~> 6.1.0"

data/gemfiles/rails_7_0.gemfile

@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+
+source "https://rubygems.org"
+gemspec path: ".."
+
+gem "rails", "~> 7.0.0"

data/gemfiles/rails_8_0.gemfile

@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+
+source "https://rubygems.org"
+gemspec path: ".."
+
+gem "rails", "~> 8.0.0"

data/gemfiles/rails_8_1.gemfile

@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+
+source "https://rubygems.org"
+gemspec path: ".."
+
+gem "rails", "~> 8.1.0"

data/lib/simple_auth/action_controller/api.rb

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+module SimpleAuth
+  module ActionController
+    module API
+      extend ActiveSupport::Concern
+      include SimpleAuth::ActionController
+
+      included do
+        undef_method :simple_auth_redirect_logged_scope
+        undef_method :return_to
+
+        SimpleAuth.config.scopes.each do |scope|
+          undef_method :"redirect_logged_#{scope}"
+        end
+      end
+
+      # A stub session so we can persist the record id between different calls
+      # to fetch the record.
+      private def session
+        @session ||= {}
+      end
+
+      private def render_unauthorized_access(*)
+        render plain: "401 Unauthorized", status: :unauthorized
+      end
+    end
+  end
+end

data/lib/simple_auth/action_controller/require_login_action.rb

@@ -18,7 +18,7 @@ module SimpleAuth
         valid_session? && authorized?
       end
 
-      def message
+      def error_message
         return if valid?
         return unauthorized_message unless authorized?
 
@@ -26,11 +26,11 @@ module SimpleAuth
       end
 
       private def valid_session?
-        controller.send("#{scope}_session").valid?
+        controller.send(:"#{scope}_session").valid?
       end
 
       private def authorized?
-        controller.send("authorized_#{scope}?")
+        controller.send(:"authorized_#{scope}?")
       end
 
       private def unauthorized_message

data/lib/simple_auth/action_controller.rb

@@ -12,34 +12,46 @@ module SimpleAuth
       def install_simple_auth_scopes
         SimpleAuth.config.scopes.each do |scope|
           install_simple_auth_scope(scope)
-          helper_method "current_#{scope}", "#{scope}_logged_in?"
+
+          if respond_to?(:helper_method)
+            helper_method("current_#{scope}", "#{scope}_logged_in?")
+          end
         end
       end
 
-      def install_simple_auth_scope(scope) # rubocop:disable Metrics/MethodLength
+      def install_simple_auth_scope(scope)
         class_eval <<-RUBY, __FILE__, __LINE__ + 1
+          # def user_session
+          #   @user_session ||= Session.create(scope: :user, session: session)
+          # end
           def #{scope}_session
             @#{scope}_session ||= Session.create(scope: :#{scope}, session: session)
           end
 
+          # def current_user
+          #   user_session.record
+          # end
           def current_#{scope}
             #{scope}_session.record
           end
 
+          # def user_logged_in?
+          #   current_user.present?
+          # end
           def #{scope}_logged_in?
             current_#{scope}.present?
           end
         RUBY
 
-        define_method "authorized_#{scope}?" do
+        define_method :"authorized_#{scope}?" do
           true
         end
 
-        define_method "require_logged_#{scope}" do
+        define_method :"require_logged_#{scope}" do
           simple_auth_require_logged_scope(scope)
         end
 
-        define_method "redirect_logged_#{scope}" do
+        define_method :"redirect_logged_#{scope}" do
           simple_auth_redirect_logged_scope(scope)
         end
       end
@@ -54,21 +66,25 @@ module SimpleAuth
     end
 
     private def simple_auth_require_logged_scope(scope)
-      action = RequireLoginAction.new(self, scope)
+      authorization = RequireLoginAction.new(self, scope)
 
-      return if action.valid?
+      return if authorization.valid?
 
-      reset_session
-      flash[simple_auth.flash_message_key] = action.message
-      session[:return_to] = request.fullpath if request.get?
-      redirect_to instance_eval(&simple_auth.login_url)
+      render_unauthorized_access(authorization)
     end
 
     private def simple_auth_redirect_logged_scope(scope)
-      scope_session = send("#{scope}_session")
+      scope_session = send(:"#{scope}_session")
       return unless scope_session.valid?
 
       redirect_to instance_eval(&simple_auth.logged_url)
     end
+
+    private def render_unauthorized_access(authorization)
+      reset_session
+      flash[simple_auth.flash_message_key] = authorization.error_message
+      session[:return_to] = request.fullpath if request.get?
+      redirect_to instance_eval(&simple_auth.login_url)
+    end
   end
 end

data/lib/simple_auth/config.rb

@@ -22,6 +22,7 @@ module SimpleAuth
 
     def install_helpers!
       ::ActionController::Base.include SimpleAuth::ActionController
+      ::ActionController::API.include SimpleAuth::ActionController::API
     end
   end
 end

data/lib/simple_auth/routing_mapper.rb

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+module SimpleAuth
+  module RoutingMapper
+    class Matcher
+      attr_reader :scope, :condition
+
+      def initialize(scope:, condition:)
+        @scope = scope
+        @condition = condition
+      end
+
+      def call(request)
+        session = Session.create(scope: scope, session: request.session)
+        record = session.record
+
+        record && condition.call(record)
+      end
+    end
+
+    def authenticate(scope, condition, &block)
+      with_options(
+        constraints: Matcher.new(scope: scope, condition: condition)
+      ) do
+        instance_eval(&block)
+      end
+    end
+  end
+end

data/lib/simple_auth/session.rb

@@ -6,8 +6,8 @@ module SimpleAuth
       @record_not_found_exceptions ||= []
     end
 
-    def self.create(**kwargs)
-      new(**kwargs)
+    def self.create(**)
+      new(**)
     end
 
     def initialize(scope:, session:, record: nil)

data/lib/simple_auth/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module SimpleAuth
-  VERSION = "3.1.3"
+  VERSION = "3.2.0"
 end

data/lib/simple_auth.rb

@@ -4,15 +4,20 @@ module SimpleAuth
   require "rails/railtie"
   require "global_id/railtie"
   require "active_support/concern"
+  require "action_dispatch/routing/mapper"
 
   require "simple_auth/version"
   require "simple_auth/config"
   require "simple_auth/railtie"
   require "simple_auth/action_controller"
+  require "simple_auth/action_controller/api"
+  require "simple_auth/routing_mapper"
   require "simple_auth/action_controller/require_login_action"
   require "simple_auth/session"
   require "simple_auth/generator"
 
+  ::ActionDispatch::Routing::Mapper.prepend SimpleAuth::RoutingMapper
+
   def self.setup
     yield config
   end

data/simple_auth.gemspec

@@ -11,9 +11,20 @@ Gem::Specification.new do |s|
   s.homepage    = "http://rubygems.org/gems/simple_auth"
   s.summary     = "A simple authentication system for Rails apps"
   s.description = s.summary
+  s.required_ruby_version = Gem::Requirement.new(">= 3.3.0")
+
+  github_url = "https://github.com/fnando/simple_auth"
+  github_tree_url = "#{github_url}/tree/v#{s.version}"
+
+  s.metadata["homepage_uri"] = s.homepage
+  s.metadata["bug_tracker_uri"] = "#{github_url}/issues"
+  s.metadata["source_code_uri"] = github_tree_url
+  s.metadata["changelog_uri"] = "#{github_tree_url}/CHANGELOG.md"
+  s.metadata["documentation_uri"] = "#{github_tree_url}/README.md"
+  s.metadata["license_uri"] = "#{github_tree_url}/LICENSE.md"
+  s.metadata["rubygems_mfa_required"] = "true"
 
   s.files         = `git ls-files`.split("\n")
-  s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
   s.executables   = `git ls-files -- bin/*`
                     .split("\n")
                     .map {|f| File.basename(f) }
@@ -22,7 +33,7 @@ Gem::Specification.new do |s|
   s.add_dependency "globalid"
   s.add_dependency "rails"
   s.add_development_dependency "activerecord"
-  s.add_development_dependency "bcrypt", "~> 3.1.7"
+  s.add_development_dependency "bcrypt"
   s.add_development_dependency "minitest"
   s.add_development_dependency "minitest-utils"
   s.add_development_dependency "pry-meta"

data/test/controllers/api_controller_test.rb

@@ -0,0 +1,50 @@
+# frozen_string_literal: true
+
+require "test_helper"
+
+class ApiControllerTest < ActionController::TestCase
+  setup do
+    @routes = Rails.application.routes
+    User.delete_all
+  end
+
+  def create_records
+    admin = User.create!(
+      password: "test",
+      email: "admin@example.com",
+      admin: true
+    )
+    user = User.create!(
+      password: "test",
+      email: "john@example.com",
+      admin: false
+    )
+
+    [admin, user]
+  end
+
+  test "renders unauthorized for invalid api keys" do
+    get :index
+
+    assert_equal 401, response.status
+    assert_equal "401 Unauthorized", response.body
+  end
+
+  test "renders unauthorized for unauthorized users" do
+    _, user = *create_records
+    @request.headers["Authorization"] = user.id.to_s
+    get :index
+
+    assert_equal 401, response.status
+    assert_equal "401 Unauthorized", response.body
+  end
+
+  test "renders page for authorized users" do
+    admin, _ = *create_records
+    @request.headers["Authorization"] = admin.id.to_s
+    get :index
+
+    assert_equal 200, response.status
+    assert_equal %[{"message":"hello there"}], response.body
+  end
+end

data/test/requests/admin_test.rb

@@ -0,0 +1,81 @@
+# frozen_string_literal: true
+
+require "test_helper"
+
+class AdminTest < ActionDispatch::IntegrationTest
+  setup do
+    User.delete_all
+  end
+
+  def create_records
+    admin = User.create!(
+      password: "test",
+      email: "admin@example.com",
+      admin: true
+    )
+    user = User.create!(
+      password: "test",
+      email: "john@example.com",
+      admin: false
+    )
+
+    [admin, user]
+  end
+
+  test "allows users with admin flag to access page" do
+    admin, _ = *create_records
+
+    get "/only/admins"
+    assert_equal 404, response.status
+
+    get "/only/admins-by-email"
+    assert_equal 404, response.status
+
+    post "/start-session", params: {scope: "admin", id: admin.id}
+    assert_equal 200, response.status
+
+    get "/only/admins"
+    assert_equal 200, response.status
+
+    get "/only/admins-by-email"
+    assert_equal 404, response.status
+  end
+
+  test "allows users with admin email to access page" do
+    admin, _ = *create_records
+
+    get "/only/admins"
+    assert_equal 404, response.status
+
+    get "/only/admins-by-email"
+    assert_equal 404, response.status
+
+    post "/start-session", params: {scope: "user", id: admin.id}
+    assert_equal 200, response.status
+
+    get "/only/admins"
+    assert_equal 404, response.status
+
+    get "/only/admins-by-email"
+    assert_equal 200, response.status
+  end
+
+  test "rejects users with non admin email" do
+    _, user = *create_records
+
+    get "/only/admins"
+    assert_equal 404, response.status
+
+    get "/only/admins-by-email"
+    assert_equal 404, response.status
+
+    post "/start-session", params: {scope: "user", id: user.id}
+    assert_equal 200, response.status
+
+    get "/only/admins"
+    assert_equal 404, response.status
+
+    get "/only/admins-by-email"
+    assert_equal 404, response.status
+  end
+end

data/test/support/dummy/app/controllers/api_controller.rb

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+class ApiController < ActionController::API
+  include SimpleAuth::ActionController::API
+
+  before_action :validate_api_key
+  before_action :require_logged_user
+
+  def index
+    render json: {message: "hello there"}
+  end
+
+  private def authorized_user?
+    current_user&.admin?
+  end
+
+  private def validate_api_key
+    id = request.headers["Authorization"]
+    user = User.find_by(id:)
+
+    return render(plain: "401 Unauthorized", status: :unauthorized) unless user
+
+    SimpleAuth::Session.create(
+      scope: "user",
+      session:,
+      record: User.find_by(id:)
+    )
+  end
+end

data/test/support/dummy/app/controllers/sessions_controller.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+class SessionsController < ApplicationController
+  def create_session
+    session["#{params[:scope]}_id"] = User.find(params[:id]).to_gid.to_s
+    render plain: "", status: 200
+  end
+
+  def terminate_session
+    reset_session
+    render plain: "", status: 200
+  end
+end

data/test/support/dummy/config/routes.rb

@@ -5,6 +5,17 @@ Rails.application.routes.draw do
   get "/admin/dashboard", to: "admin/dashboard#index"
   get "/login", to: "sessions#new"
 
+  post "/start-session", to: "sessions#create_session"
+  post "/terminate-session", to: "sessions#terminate_session"
+
+  authenticate :admin, lambda(&:admin?) do
+    get "/only/admins", to: ->(_env) { [200, {}, ["OK"]] }
+  end
+
+  authenticate :user, ->(u) { u.email == "admin@example.com" } do
+    get "only/admins-by-email", to: ->(_env) { [200, {}, ["OK"]] }
+  end
+
   controller :dashboard do
     get :log_in
     get :not_logged
@@ -24,4 +35,6 @@ Rails.application.routes.draw do
       get :log_in_with_admin_flag
     end
   end
+
+  get "api", to: "api#index"
 end

data/test/test_helper.rb

@@ -18,4 +18,4 @@ require "active_record"
 ActiveRecord::Base.establish_connection adapter: "sqlite3", database: ":memory:"
 require "./test/support/schema"
 
-Dir["./test/support/**/*.rb"].sort.each {|file| require file }
+Dir["./test/support/**/*.rb"].each {|file| require file }

metadata

@@ -1,14 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: simple_auth
 version: !ruby/object:Gem::Version
-  version: 3.1.3
+  version: 3.2.0
 platform: ruby
 authors:
 - Nando Vieira
-autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-02-21 00:00:00.000000000 Z
+date: 1980-01-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: globalid
@@ -56,16 +55,16 @@ dependencies:
   name: bcrypt
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 3.1.7
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 3.1.7
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: minitest
   requirement: !ruby/object:Gem::Requirement
@@ -172,35 +171,54 @@ executables:
 extensions: []
 extra_rdoc_files: []
 files:
+- ".github/CODEOWNERS"
+- ".github/FUNDING.yml"
+- ".github/ISSUE_TEMPLATE/bug_report.md"
+- ".github/ISSUE_TEMPLATE/config.yml"
+- ".github/ISSUE_TEMPLATE/feature_request.md"
+- ".github/PULL_REQUEST_TEMPLATE.md"
+- ".github/dependabot.yml"
+- ".github/workflows/ruby-tests.yml"
 - ".gitignore"
 - ".rubocop.yml"
-- ".travis.yml"
 - CHANGELOG.md
+- CODE_OF_CONDUCT.md
 - Gemfile
+- LICENSE.md
 - MIGRATE.md
 - README.md
 - Rakefile
 - bin/console
 - gemfiles/rails_5_2.gemfile
 - gemfiles/rails_6_0.gemfile
+- gemfiles/rails_6_1.gemfile
+- gemfiles/rails_7_0.gemfile
+- gemfiles/rails_8_0.gemfile
+- gemfiles/rails_8_1.gemfile
 - lib/simple_auth.rb
 - lib/simple_auth/action_controller.rb
+- lib/simple_auth/action_controller/api.rb
 - lib/simple_auth/action_controller/require_login_action.rb
 - lib/simple_auth/config.rb
 - lib/simple_auth/generator.rb
 - lib/simple_auth/railtie.rb
+- lib/simple_auth/routing_mapper.rb
 - lib/simple_auth/session.rb
 - lib/simple_auth/templates/install/initializer.rb
 - lib/simple_auth/version.rb
 - simple_auth.gemspec
 - test/controllers/admin/dashboard_controller_test.rb
+- test/controllers/api_controller_test.rb
 - test/controllers/dashboard_controller_test.rb
 - test/controllers/pages_controller_test.rb
 - test/generators/install_test.rb
+- test/requests/admin_test.rb
 - test/support/dummy/app/controllers/admin/dashboard_controller.rb
+- test/support/dummy/app/controllers/api_controller.rb
 - test/support/dummy/app/controllers/application_controller.rb
 - test/support/dummy/app/controllers/dashboard_controller.rb
 - test/support/dummy/app/controllers/pages_controller.rb
+- test/support/dummy/app/controllers/sessions_controller.rb
 - test/support/dummy/app/models/user.rb
 - test/support/dummy/config/application.rb
 - test/support/dummy/config/initializers/simple_auth.rb
@@ -210,8 +228,14 @@ files:
 - test/unit/session_test.rb
 homepage: http://rubygems.org/gems/simple_auth
 licenses: []
-metadata: {}
-post_install_message: 
+metadata:
+  homepage_uri: http://rubygems.org/gems/simple_auth
+  bug_tracker_uri: https://github.com/fnando/simple_auth/issues
+  source_code_uri: https://github.com/fnando/simple_auth/tree/v3.2.0
+  changelog_uri: https://github.com/fnando/simple_auth/tree/v3.2.0/CHANGELOG.md
+  documentation_uri: https://github.com/fnando/simple_auth/tree/v3.2.0/README.md
+  license_uri: https://github.com/fnando/simple_auth/tree/v3.2.0/LICENSE.md
+  rubygems_mfa_required: 'true'
 rdoc_options: []
 require_paths:
 - lib
@@ -219,30 +243,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 3.3.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.2
-signing_key: 
+rubygems_version: 4.0.3
 specification_version: 4
 summary: A simple authentication system for Rails apps
-test_files:
-- test/controllers/admin/dashboard_controller_test.rb
-- test/controllers/dashboard_controller_test.rb
-- test/controllers/pages_controller_test.rb
-- test/generators/install_test.rb
-- test/support/dummy/app/controllers/admin/dashboard_controller.rb
-- test/support/dummy/app/controllers/application_controller.rb
-- test/support/dummy/app/controllers/dashboard_controller.rb
-- test/support/dummy/app/controllers/pages_controller.rb
-- test/support/dummy/app/models/user.rb
-- test/support/dummy/config/application.rb
-- test/support/dummy/config/initializers/simple_auth.rb
-- test/support/dummy/config/routes.rb
-- test/support/schema.rb
-- test/test_helper.rb
-- test/unit/session_test.rb
+test_files: []

data/.travis.yml

@@ -1,22 +0,0 @@
----
-sudo: false
-cache: bundler
-rvm:
-  - 2.7.0
-  - 2.6.5
-  - 2.5.7
-script: bundle exec rake
-before_script:
-  - curl -L https://codeclimate.com/downloads/test-reporter/test-reporter-latest-linux-amd64 > ./cc-test-reporter
-  - chmod +x ./cc-test-reporter
-  - "./cc-test-reporter before-build"
-after_script:
-  - "./cc-test-reporter after-build --exit-code $TRAVIS_TEST_RESULT"
-notifications:
-  email: false
-gemfile:
-  - gemfiles/rails_6_0.gemfile
-  - gemfiles/rails_5_2.gemfile
-env:
-  global:
-    secure: LglasZ2QJLCE2tSKyZ9wIZNNwDNQ/gi+QNSHlpK2olgBOYMKV1idJPZjUlSTAac7+QHTYRRGCoUVMYHWxJgLfcuo7YpXVAgqPwjVl5nbHKfh/oP/FLriELKZbqMo0TtuqZNdnqPdO8RE7zK0om37jYNoUPJ4j2mUVLC8PMZpbiM=