simple_sessions 0.1.1 → 0.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b38fcd3f010748f185cbd8d9b3bea565bb63971695fc82548fcb81d91b3a195d
-  data.tar.gz: 5371ee45a9238fe3b4eebcf62c235cb33fec431ece6d0d06675a4f062ec3db86
+  metadata.gz: 382d49fae876965f7d63c5b0b3192d6a52c11a70a9ea7735aaf7044f0fc4a2ab
+  data.tar.gz: 8e38e3e1693a089e5bd73602f67df65edeea1e3d8455de46d293cd9889192de5
 SHA512:
-  metadata.gz: 75610e77fc4c16566a5b8d82d851d2f25900398893f5d97c40bb93b5711e10f245d13c5cbd906969f6bd90d5738fb39b2d29a82724b180a7ca2af700465fb08e
-  data.tar.gz: 31b51733d782bbee799f6371a6f8fdd6c26941e32313a7d147832e257b3175947b9ed2c8f06487c277fc037dc5abbdddb5a771fcccb5ee0ca05fbbc1eb2aeebe
+  metadata.gz: 72e50c3696623cfd8bcf6016095ea6522b619577be5033bcd844b27e35d4d98ead575ace6ad73c0f53e5ed4b63cd18db068651ab1d019117d8ce613a8a782e79
+  data.tar.gz: 7ccf9a3d46099da813c7d2a7cdc684f77772b16539358d27440362ff1f5e25a9b11b253eb9b4def8090e40ed440a9491c1d3ad6e075d97f12854203e5619247b

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright 2020 lucasmazo32
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,185 @@
+# Simple sessions
+
+To use the gem type `gem 'simple_sessions', '~> 0.2.0'` in your Gemfile.
+
+The objective of this gem is to make your life easier when creating sessions. Creating sessions (especially the ones with permanent secure cookies) can be difficult or can take up some time for the programmer; therefore, I hope this will make your life easier.
+
+# Version 0.2.0
+
+After running `bundle update` and `bundle` you should be able to run:
+
+> `rails g simple NAME` *or* `rails g advanced NAME`
+
+## How does it work?
+
+It will automatically generate the view, controller, helper, test (for this version there are no automatic tests!), routes in your config/routes.rb and add the SessionsHelper to your ApplicationController.
+
+For this program, 'NAME' means the name of the database. Taking into consideration that the database should be singular (like User), you should write the name in singular. It doesn't matter if you write it in capital letters or downcase, the program will automatically recognize it. What it doesn't understand is the plural version of the word.
+
+*e.g:*
+
+> `rails g advanced user` *correct*
+
+> `rails g advanced users` *wrong!*
+
+You can always run `rails destroy advanced NAME` or `rails destroy simple NAME`, but remember that if you had a mistake writing the name, you probably are going to get an error (although most of the times you can ignore them).
+
+I strongly recommend creating the user's database before running this command, because it will generate a migration to add the column **remember_digest** to your user's schema.
+
+## Which one to pick
+Simple sessions are an easy way of making your sessions. Those only include a cookie with an encrypted user_id which will expire after the browser is closed. This is an easy way of testing your apps in your localhost without expending time in creating the functions necessary for creating sessions.
+
+Advanced sessions also include cookies that expire in 20 years (Thus, permanent). They cover more functions and is more secure (User's id is saved encrypted in a cookie, and for the remember_digest, I use BCrypt hash security and a urlsafe_base64 for generating the tokens that will go in the remember column.
+
+## Files generated and recommendations
+
+- `custom.scss`: This file imports the bootstrap configuration, which will be used to automatically style de buttons and form fields.
+- `new.html.erb`: View containing the form for logging in users. 
+- `sessions_controller_test.rb`: File in which you can generate your tests for the session.
+- `sessions_controller.rb`: File in which the logic of finding the right user lives. This file doesn't change too much between *simple* and *advanced*.
+- `sessions_helper.rb`: All the logic involving the sessions live here. The cookies and session information lives in here.
+- `migration file (ONLY FOR ADVANCED)`: It will create a migration to add the column **remember_digest** to the database for your users.
+
+### new.html.erb
+```
+<%= form_for(:session, url: login_path) do |f| %>
+            
+  <%= f.label :username %>
+  <%= f.text_field :username, class: 'form-control' %>
+
+  <%= f.label :password %>
+  <%= f.password_field :password, class: 'form-control' %>
+
+  <%= f.submit 'Sign up!', class: 'btn btn-primary' %>
+<% end %>
+```
+
+### sessions_controller.rb
+```
+class SessionsController < ApplicationController
+  def new; end
+
+  def create
+    user = User.find_by(username: params[:session][:username].downcase)
+    if user&.authenticate(params[:session][:password])
+      create_session user
+      redirect_to user
+    else
+      flash.now[:danger] = 'Invalid username/password combination'
+      render 'new'
+    end
+  end
+
+  def destroy
+    log_out
+    redirect_to root_path
+  end
+end
+```
+
+### sessions_helper.rb (simple)
+```
+module SessionsHelper
+  def log_in(user)
+    session[:user_id] = user.id
+  end
+
+  def current_user
+    @current_user ||= User.find_by(id: session[:user_id]) if session[:user_id]
+  end
+
+  def logged_in?
+    !current_user.nil?
+  end
+
+  def log_out
+    @current_user = nil
+    session[:user_id] = nil
+  end
+
+  def correct_user
+    redirect_to root_path unless current_user == User.find(params[:id])
+  end
+
+  def login_if_not_logged
+    redirect_to login_path unless logged_in?
+  end
+end
+```
+
+### sessions_helper.rb (advanced)
+```
+module SessionsHelper
+  def log_in(user)
+    session[:user_id] = user.id
+  end
+
+  def remember(user)
+    cookies.permanent.signed[:user_id] = user.id
+    token = SecureRandom.urlsafe_base64
+    cookies.permanent[:remember_token] = token
+    user.remember_digest = Digest::SHA2.hexdigest token
+  end
+
+  def create_session(user)
+    log_in(user)
+    remember(user)
+  end
+
+  def current_user
+    if session[:user_id]
+      @current_user ||= User.find_by(id: session[:user_id])
+    elsif cookies.signed[:id]
+      user = User.find_by(id: cookies.signed[:id])
+      cond1 = Digest::SHA2.hexdigest(cookies[:remember_token]) ==
+              user.remember_digest
+      if user & cond1
+        @current_user ||= user
+        session[:user_id] = user.id
+      end
+    end
+  end
+
+  def logged_in?
+    !current_user.nil?
+  end
+
+  def log_out
+    @current_user = nil
+    session[:user_id] = nil
+    cookies.delete :remember_token
+    cookies.delete :id
+  end
+
+  def correct_user
+    redirect_to root_path unless current_user == User.find(params[:id])
+  end
+
+  def login_if_not_logged
+    redirect_to login_path unless logged_in?
+  end
+end
+```
+
+### time_add_remember_digest_to_NAME.rb
+```
+class AddRememberDigestToName < ActiveRecord::Migration[X.0]
+  def change
+    add_column :names, :remember_digest, :string
+  end
+end
+```
+
+# Recommendations
+Use rails 5.0.0 or newer versions.
+
+# Conclusion
+
+Note that the only thing that changes between the controllers is the use of create_session instead of a simple log_in, otherwise is the same thing. The way of how the session's functions are organized allows you to spend less time worrying about the code you write, but in how your application will work. I hope you enjoy it!
+
+# Author
+Lucas Mazo: [Github](https://github.com/lucasmazo32)
+
+# Built with:
+- Ruby ~> 2.6.5
+- VSCode

data/lib/generators/advanced/advanced_generator.rb

@@ -0,0 +1,115 @@
+# frozen_string_literal: true
+
+class AdvancedGenerator < Rails::Generators::NamedBase
+  source_root File.expand_path('templates', __dir__)
+
+  # Adds the helper, view, controller, test, routes and includes the
+  # SessionHelper in the ApplicationController
+  def create_advanced_file
+    copy_file 'new.html.erb', 'app/views/sessions/new.html.erb'
+    copy_file 'sessions_controller_test.rb', 'test/controllers/sessions_controller_test.rb'
+    create_file 'app/helpers/sessions_helper.rb', <<-FILE
+module SessionsHelper
+  def log_in(user)
+    session[:user_id] = user.id
+  end
+
+  def remember(user)
+    cookies.permanent.signed[:id] = user.id
+    token = SecureRandom.urlsafe_base64
+    cookies.permanent[:remember_token] = token
+    user.remember(token)
+  end
+
+  def create_session(user)
+    log_in(user)
+    remember(user)
+  end
+
+  def current_user
+    if session[:user_id]
+      @current_user ||= #{file_name.capitalize}.find_by(id: session[:user_id])
+    elsif cookies.signed[:id]
+      user = #{file_name.capitalize}.find_by(id: cookies.signed[:id])
+      cond1 = user.authenticated?(cookies[:remember_token])
+      if user && cond1
+        @current_user ||= user
+        session[:user_id] = user.id
+      end
+    end
+  end
+
+  def logged_in?
+    !current_user.nil?
+  end
+
+  def log_out
+    @current_user = nil
+    session[:user_id] = nil
+    cookies.delete :remember_token
+    cookies.delete :id
+  end
+
+  def correct_user
+    redirect_to root_path unless current_user == #{file_name.capitalize}.find(params[:id])
+  end
+
+  def login_if_not_logged
+    redirect_to login_path unless logged_in?
+  end
+end
+    FILE
+    create_file 'app/controllers/sessions_controller.rb', <<-FILE
+class SessionsController < ApplicationController
+  def new; end
+
+  def create
+    user = #{file_name.capitalize}.find_by(username: params[:session][:username].downcase)
+    if user&.authenticate(params[:session][:password])
+      create_session user
+      redirect_to user
+    else
+      flash.now[:danger] = 'Invalid username/password combination'
+      render 'new'
+    end
+  end
+
+  def destroy
+    log_out
+    redirect_to root_path
+  end
+end
+    FILE
+    copy_file 'custom.scss', 'app/assets/stylesheets/custom.scss'
+  end
+
+  def file_changes
+    route "get '/login', to: 'sessions#new'"
+    route "post '/login', to: 'sessions#create'"
+    route "delete '/logout', to: 'sessions#destroy'"
+    inject_into_file 'app/controllers/application_controller.rb', after: "class ApplicationController < ActionController::Base\n" do <<-'RUBY'
+  protect_from_forgery with: :exception
+  include SessionsHelper
+    RUBY
+    end
+    inject_into_file "app/models/#{file_name.downcase}.rb", after: "class #{file_name.capitalize} < ApplicationRecord\n" do <<-'RUBY'
+  attr_accessor :remember_token
+  ############
+  # Paste this two functions after your validations and before private (If you have it)
+  def remember(token)
+    self.remember_token = token
+    update_attribute(:remember_digest, BCrypt::Password.create(remember_token))
+  end
+
+  def authenticated?(remember_token)
+    BCrypt::Password.new(remember_digest).is_password?(remember_token)
+  end
+  ############
+    RUBY
+    end
+  end
+
+  def migration
+    generate 'migration', "add_remember_digest_to_#{file_name.downcase}s remember_digest:string"
+  end
+end

data/lib/generators/advanced/templates/custom.scss

@@ -0,0 +1 @@
+@import 'bootstrap';

data/lib/generators/advanced/templates/new.html.erb

@@ -0,0 +1,16 @@
+<div class="row">
+  <div class="col"></div>
+    <div class="col-4">
+      <%= form_for(:session, url: login_path) do |f| %>
+            
+        <%= f.label :username %>
+        <%= f.text_field :username, class: 'form-control' %>
+
+        <%= f.label :password %>
+        <%= f.password_field :password, class: 'form-control' %>
+
+        <%= f.submit 'Sign up!', class: 'btn btn-primary' %>
+      <% end %>
+    </div>
+  <div class="col"></div>
+</div>

data/lib/generators/advanced/templates/sessions_controller_test.rb

@@ -0,0 +1,7 @@
+require 'test_helper'
+
+class SessionsControllerTest < ActionDispatch::IntegrationTest
+  # test "the truth" do
+  #   assert true
+  # end
+end

data/lib/generators/simple/simple_generator.rb

@@ -0,0 +1,70 @@
+# frozen_string_literal: true
+
+class SimpleGenerator < Rails::Generators::NamedBase
+  source_root File.expand_path('templates', __dir__)
+
+  # Adds the helper, view, controller, test, routes and includes the
+  # SessionHelper in the ApplicationController
+  def simple
+    copy_file 'new.html.erb', 'app/views/sessions/new.html.erb'
+    copy_file 'sessions_controller_test.rb', 'test/controllers/sessions_controller_test.rb'
+    copy_file 'custom.scss', 'app/assets/stylesheets/custom.scss'
+    create_file 'app/helpers/sessions_helper.rb', <<-FILE
+module SessionsHelper
+  def log_in(user)
+    session[:user_id] = user.id
+  end
+
+  def current_user
+    @current_user ||= #{file_name.capitalize}.find_by(id: session[:user_id]) if session[:user_id]
+  end
+
+  def logged_in?
+    !current_user.nil?
+  end
+
+  def log_out
+    @current_user = nil
+    session[:user_id] = nil
+  end
+
+  def correct_user
+    redirect_to root_path unless current_user == #{file_name.capitalize}.find(params[:id])
+  end
+
+  def login_if_not_logged
+    redirect_to login_path unless logged_in?
+  end
+end
+    FILE
+    create_file 'app/controllers/sessions_controller.rb', <<-FILE
+class SessionsController < ApplicationController
+  def new; end
+
+  def create
+    user = User.find_by(username: params[:session][:username].downcase)
+    if user&.authenticate(params[:session][:password])
+      log_in user
+      redirect_to user
+    else
+      flash.now[:danger] = 'Invalid username/password combination'
+      render 'new'
+    end
+  end
+
+  def destroy
+    log_out
+    redirect_to root_path
+  end
+end
+    FILE
+    route "get '/login', to: 'sessions#new'"
+    route "post '/login', to: 'sessions#create'"
+    route "delete '/logout', to: 'sessions#destroy'"
+    inject_into_file 'app/controllers/application_controller.rb', after: "class ApplicationController < ActionController::Base\n" do <<-'RUBY'
+  protect_from_forgery with: :exception
+  include SessionsHelper
+    RUBY
+    end
+  end
+end

data/lib/generators/simple/templates/custom.scss

@@ -0,0 +1 @@
+@import 'bootstrap';

data/lib/generators/simple/templates/new.html.erb

@@ -0,0 +1,16 @@
+<div class="row">
+  <div class="col"></div>
+    <div class="col-4">
+      <%= form_for(:session, url: login_path) do |f| %>
+            
+        <%= f.label :username %>
+        <%= f.text_field :username, class: 'form-control' %>
+
+        <%= f.label :password %>
+        <%= f.password_field :password, class: 'form-control' %>
+
+        <%= f.submit 'Sign up!', class: 'btn btn-primary' %>
+      <% end %>
+    </div>
+  <div class="col"></div>
+</div>

data/lib/generators/simple/templates/sessions_controller.rb

@@ -0,0 +1,19 @@
+class SessionsController < ApplicationController
+  def new; end
+
+  def create
+    user = User.find_by(username: params[:session][:username].downcase)
+    if user&.authenticate(params[:session][:password])
+      log_in user
+      redirect_to user
+    else
+      flash.now[:danger] = 'Invalid username/password combination'
+      render 'new'
+    end
+  end
+
+  def destroy
+    log_out
+    redirect_to root_path
+  end
+end

data/lib/generators/simple/templates/sessions_controller_test.rb

@@ -0,0 +1,7 @@
+require 'test_helper'
+
+class SessionsControllerTest < ActionDispatch::IntegrationTest
+  # test "the truth" do
+  #   assert true
+  # end
+end

data/lib/simple_sessions/version.rb

@@ -0,0 +1,3 @@
+module SimpleSessions
+  VERSION = '0.2.0'
+end

data/lib/simple_sessions.rb

@@ -27,10 +27,10 @@ module Advanced
   end
 
   def remember(user)
-    cookies.permanent.signed[:user_id] = user.id
+    cookies.permanent.signed[:id] = user.id
     token = SecureRandom.urlsafe_base64
     cookies.permanent[:remember_token] = token
-    user.remember_digest = Digest::SHA2.hexdigest token
+    user.remember(token)
   end
 
   def create_session(user)
@@ -43,9 +43,8 @@ module Advanced
       @current_user ||= User.find_by(id: session[:user_id])
     elsif cookies.signed[:id]
       user = User.find_by(id: cookies.signed[:id])
-      cond1 = Digest::SHA2.hexdigest(cookies[:remember_token]) ==
-              user.remember_digest
-      if user & cond1
+      cond1 = user.authenticated?(cookies[:remember_token])
+      if user && cond1
         @current_user ||= user
         session[:user_id] = user.id
       end
@@ -63,45 +62,3 @@ module Advanced
     cookies.delete :id
   end
 end
-
-# This is the module to create simple sessions in the controller//This does not work
-module SimpleController
-  def new; end
-
-  def create
-    user = User.find_by(username: params[:session][:username].downcase)
-    if user&.authenticate(params[:session][:password])
-      log_in user
-      redirect_to user
-    else
-      flash.now[:danger] = 'Invalid username/password combination'
-      render 'new'
-    end
-  end
-
-  def destroy
-    log_out
-    redirect_to root_path
-  end
-end
-
-# This is the module to create simple sessions in the controller//This does not work
-module AdvancedController
-  def new; end
-
-  def create
-    user = User.find_by(username: params[:session][:username].downcase)
-    if user&.authenticate(params[:session][:password])
-      create_session user
-      redirect_to user
-    else
-      flash.now[:danger] = 'Invalid username/password combination'
-      render 'new'
-    end
-  end
-
-  def destroy
-    log_out
-    redirect_to root_path
-  end
-end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: simple_sessions
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 0.2.0
 platform: ruby
 authors:
 - Lucas Mazo
@@ -19,8 +19,20 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- MIT-LICENSE
+- README.md
+- lib/generators/advanced/advanced_generator.rb
+- lib/generators/advanced/templates/custom.scss
+- lib/generators/advanced/templates/new.html.erb
+- lib/generators/advanced/templates/sessions_controller_test.rb
+- lib/generators/simple/simple_generator.rb
+- lib/generators/simple/templates/custom.scss
+- lib/generators/simple/templates/new.html.erb
+- lib/generators/simple/templates/sessions_controller.rb
+- lib/generators/simple/templates/sessions_controller_test.rb
 - lib/simple_sessions.rb
-homepage: https://rubygems.org/gems/simple_sessions
+- lib/simple_sessions/version.rb
+homepage: https://github.com/lucasmazo32/simple-sessions
 licenses:
 - MIT
 metadata: {}