slots-jwt 0.0.4

data/lib/generators/slots/model/USAGE

@@ -0,0 +1,9 @@
+Description:
+    Create the authentication model
+
+Example:
+    rails generate model MODEL
+
+    This will create:
+        app/models/model.rb
+        db/migrate/YYYYMMDDHHMMSS_create_models.rb

data/lib/generators/slots/model/model_generator.rb

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+module Slots
+  class ModelGenerator < Rails::Generators::NamedBase
+    source_root File.expand_path('templates', __dir__)
+
+    def copy_model
+      template "model.rb", "app/models/#{name.underscore}.rb"
+      template "model_test.rb", "test/models/#{name.underscore}_test.rb"
+      template "create_models.rb", "db/migrate/#{Time.now.strftime("%Y%m%d%H%M%S")}_create_#{name.underscore.pluralize}.rb"
+    end
+
+    def set_config
+      if name.underscore != 'user'
+        file = 'config/initializers/slots.rb'
+        config = /\n.+config\.authentication_model = .+/
+        gsub_file(file, config, "", verbose: false)
+        inject_into_file(file, after: /Slots.configure do .+\n/) do
+          "  config.authentication_model = '#{name.classify}'\n"
+        end
+      end
+    end
+  end
+end

data/lib/generators/slots/model/templates/create_models.rb

@@ -0,0 +1,12 @@
+class Create<%= name.classify.pluralize %> < ActiveRecord::Migration[5.2]
+  def change
+    create_table :users do |t|
+      t.string :email, index: true, unique: true
+
+      # database_authentication
+      t.string :password_digest
+
+      t.timestamps
+    end
+  end
+end

data/lib/generators/slots/model/templates/model.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+class <%= name.classify %> < ApplicationRecord
+  slots :database_authentication
+end

data/lib/generators/slots/model/templates/model_test.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+require 'test_helper'
+class <%= name.classify %>Test < ActiveSupport::TestCase
+end

data/lib/slots.rb

@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+
+require "slots/configuration"
+require "slots/database_authentication"
+require "slots/engine"
+require "slots/extra_classes"
+require "slots/generic_methods"
+require "slots/generic_validations"
+require "slots/slokens"
+require "slots/tests"
+require "slots/tokens"
+require "slots/authentication_helper"
+
+module Slots
+  # Your code goes here...
+  module Model
+    def session_assocaition
+      {foreign_key: "#{Slots.configuration.authentication_model.to_s.underscore}_id", class_name: Slots.configuration.authentication_model.to_s}
+    end
+
+    def slots(*extensions)
+      to_include = [GenericMethods, GenericValidations, Tokens]
+      extensions.each do |e|
+        extension = e.to_sym
+        case extension
+        when :database_authentication
+          to_include.push(DatabaseAuthentication)
+        else
+          raise "The following slot extension was not found: #{extension}\nThe following are allows :database_authentication, :approvable, :confirmable"
+        end
+      end
+      define_method(:slots?) { |v| extensions.include?(v) }
+
+      include(*to_include)
+      has_many :sessions, session_assocaition.merge(class_name: 'Slots::Session')
+    end
+
+    # module Controller
+    #   extended do
+    # include Slots::AuthenticationHelper
+    #   end
+    # end
+  end
+  ActiveRecord::Base.extend Slots::Model
+  ActionController::API.include Slots::AuthenticationHelper
+end

data/lib/slots/authentication_helper.rb

@@ -0,0 +1,144 @@
+# frozen_string_literal: true
+
+module Slots
+  module AuthenticationHelper
+    ALL = Object.new
+
+    extend ActiveSupport::Concern
+
+    included do
+      include ActionController::HttpAuthentication::Token::ControllerMethods
+    end
+
+    def jw_token
+      return @_jw_token if @_jw_token&.valid!
+      @_jw_token = Slots::Slokens.decode(authenticate_with_http_token { |t, _| t })
+      @_jw_token.valid!
+    end
+
+    def update_expired_session_tokens
+      return false unless Slots.configuration.session_lifetime
+      @_jw_token = Slots::Slokens.decode(authenticate_with_http_token { |t, _| t })
+      return false unless @_jw_token.expired? && @_jw_token.session.present?
+      new_session_token
+    end
+
+    def new_session_token
+      _current_user = Slots.configuration.authentication_model.from_sloken(@_jw_token)
+      return false unless _current_user&.update_session
+      @_current_user = _current_user
+      true
+    end
+
+    def current_user
+      return @_current_user if instance_variable_defined?(:@_current_user)
+      current_user = Slots.configuration.authentication_model.from_sloken(jw_token)
+      # So if jw_token initalize current_user if expired
+      @_current_user ||= current_user
+    end
+    def load_user
+      current_user&.valid_in_database? && current_user.allowed_new_token?
+    end
+
+    def set_token_header!
+      # check if current user for logout
+      response.set_header('authorization', "Bearer token=#{current_user.token}") if current_user&.new_token?
+    end
+
+    def require_valid_user
+      # Load user will make sure it is in the database and valid in the database
+      raise Slots::InvalidToken, "User doesnt exist" if @_require_load_user && !load_user
+      access_denied! unless current_user && (@_ignore_callbacks || token_allowed?)
+    end
+    def require_load_user
+      # Use varaible so that if this action is prepended it will still only be called when checking for valid user,
+      # i.e. so its not called before update_expired_session_tokens if set
+      @_require_load_user = true
+    end
+    def ignore_callbacks
+      @_ignore_callbacks = true
+    end
+
+    def access_denied!
+      raise Slots::AccessDenied
+    end
+
+    def token_allowed?
+      !(self.class._reject_token?(self))
+    end
+
+    def new_token!(session)
+      current_user.create_token(session)
+      set_token_header!
+    end
+
+    def update_token!
+      current_user.update_token
+    end
+
+    module ClassMethods
+      def update_expired_session_tokens!(**options)
+        prepend_before_action :update_expired_session_tokens, **options
+        after_action :set_token_header!, **options
+      end
+
+      def require_login!(load_user: false, **options)
+        before_action :require_load_user, **options if load_user
+        before_action :require_valid_user, **options
+      end
+
+      def require_user_load!(**options)
+        prepend_before_action :require_load_user, **options
+      end
+
+      def skip_callback!(**options)
+        prepend_before_action :ignore_callbacks, **options
+      end
+
+      def ignore_login!(**options)
+        skip_before_action :require_valid_user, **options
+        skip_before_action :require_load_user, **options, raise: false
+        skip_before_action :update_expired_session_tokens, **options, raise: false
+        skip_after_action :set_token_header!, **options, raise: false
+      end
+
+      def catch_invalid_login(response: {errors: {authentication: ['login or password is invalid']}}, status: :unauthorized)
+        rescue_from Slots::AuthenticationFailed do |exception|
+          render json: response, status: status
+        end
+      end
+
+      def catch_invalid_token(response: {errors: {authentication: ['invalid or missing token']}}, status: :unauthorized)
+        rescue_from Slots::InvalidToken do |exception|
+          render json: response, status: status
+        end
+      end
+
+      def catch_access_denied(response: {errors: {authorization: ["can't access"]}}, status: :forbidden)
+        rescue_from Slots::AccessDenied do |exception|
+          render json: response, status: status
+        end
+      end
+
+      def reject_token(only: ALL, except: ALL, &block)
+        raise 'Cant pass both only and except' unless only == ALL || except == ALL
+        only = Array(only) if only != ALL
+        except = Array(except) if except != ALL
+
+        (@_reject_token ||= []).push([only, except, block])
+      end
+      def _reject_token?(con)
+        (@_reject_token ||= []).any? { |o, e, b| _check_to_reject?(con, o, e, b) } || _superclass_reject_token?(con)
+      end
+      def _check_to_reject?(con, only, except, block)
+        return false unless only == ALL || only.any? { |o| o.to_sym == con.action_name.to_sym }
+        return false if except != ALL && except.any? { |e| e.to_sym == con.action_name.to_sym }
+        (con.instance_eval &block)
+      end
+
+      def _superclass_reject_token?(con)
+        self.superclass.respond_to?('_reject_token?') && self.superclass._reject_token?(con)
+      end
+    end
+  end
+end

data/lib/slots/configuration.rb

@@ -0,0 +1,82 @@
+# frozen_string_literal: true
+
+require 'yaml'
+
+module Slots
+  class Configuration
+    attr_accessor :login_regex_validations, :token_lifetime, :session_lifetime, :previous_jwt_lifetime
+    attr_reader :logins
+    attr_writer :authentication_model
+
+    # raise_no_error is used for rake to load
+    def initialize
+      @logins = {email: //}
+      @login_regex_validations = true
+      @authentication_model = 'User'
+      @secret_keys = [{created_at: 0, secret: ENV['SLOT_SECRET']}]
+      @token_lifetime = 1.hour
+      @session_lifetime = 2.weeks # Set to nil if you dont want sessions
+      @previous_jwt_lifetime = 5.seconds # Set to nil if you dont want sessions
+      @manage_callbacks = Proc.new { }
+    end
+
+    def logins=(value)
+      if value.is_a? Symbol
+        @logins = {value => //}
+      elsif value.is_a?(Hash)
+        # Should do most inclusive regex last
+        raise 'must be hash of symbols => regex' unless value.length > 0 && value.all? { |k, v| k.is_a?(Symbol) && v.is_a?(Regexp) }
+        @logins = value
+      else
+        raise 'must be a symbol or hash'
+      end
+    end
+
+    def authentication_model
+      @authentication_model.to_s.constantize rescue nil
+    end
+
+    def secret=(v)
+      @secret_keys = [{created_at: 0, secret: v}]
+    end
+
+    def secret_yaml=(file_path_string)
+      secret_keys = YAML.load_file(Slots.secret_yaml_file)
+      @secret_keys = []
+      secret_keys.each do |secret_key|
+        raise ArgumentError, 'Need CREATED_AT' unless (created_at = secret_key['CREATED_AT']&.to_i)
+        raise ArgumentError, 'Need SECRET' unless (secret = secret_key['SECRET'])
+        previous_created_at = @secret_keys[-1]&.dig(:created_at) || Time.now.to_i
+
+        raise ArgumentError, 'CREATED_AT must be newest to latest' unless previous_created_at > created_at
+        @secret_keys.push(
+          created_at: created_at,
+          secret: secret
+        )
+      end
+    end
+
+    def secret(at = Time.now.to_i)
+      @secret_keys.each do |secret_hash|
+        return secret_hash[:secret] if at > secret_hash[:created_at]
+      end
+      raise InvalidSecret, 'Invalid Secret'
+    end
+  end
+
+  class << self
+    attr_writer :configuration
+
+    def configuration
+      @configuration ||= Configuration.new
+    end
+
+    def configure
+      yield configuration
+    end
+
+    def secret_yaml_file
+      Rails.root.join('config', 'slots_secrets.yml')
+    end
+  end
+end

data/lib/slots/database_authentication.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+module Slots
+  module DatabaseAuthentication
+    extend ActiveSupport::Concern
+
+    included do
+      has_secure_password
+    end
+
+    # TODO allow super
+    def as_json(*)
+      super.except('password_digest')
+    end
+
+    module ClassMethods
+    end
+  end
+end

data/lib/slots/engine.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+module Slots
+  class Engine < ::Rails::Engine
+    isolate_namespace Slots
+  end
+end

data/lib/slots/extra_classes.rb

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+module Slots
+  class AuthenticationFailed < StandardError
+  end
+  class InvalidToken < StandardError
+  end
+  class AccessDenied < StandardError
+  end
+  class InvalidSecret < StandardError
+  end
+end

data/lib/slots/generic_methods.rb

@@ -0,0 +1,51 @@
+# frozen_string_literal: true
+
+module Slots
+  module GenericMethods
+    extend ActiveSupport::Concern
+
+    included do
+    end
+
+    def allowed_new_token?
+      !(self.class._reject_new_token?(self))
+    end
+
+    def run_token_created_callback
+      self.class._token_created_callback(self)
+    end
+
+    def authenticate?(password)
+      password.present? && persisted? && respond_to?(:authenticate) && authenticate(password) && allowed_new_token?
+    end
+
+    def authenticate!(password)
+      raise Slots::AuthenticationFailed unless self.authenticate?(password)
+      true
+    end
+
+    module ClassMethods
+      def find_for_authentication(login)
+        Slots.configuration.logins.each do |k, v|
+          next unless login&.match(v)
+          return find_by(arel_table[k].lower.eq(login.downcase)) || new
+        end
+        new
+      end
+
+      def reject_new_token(&block)
+        (@_reject_new_token ||= []).push(block)
+      end
+      def _reject_new_token?(user)
+        (@_reject_new_token ||= []).any? { |b| user.instance_eval &b }
+      end
+
+      def token_created_callback(&block)
+        (@_token_created_callback ||= []).push(block)
+      end
+      def _token_created_callback(user)
+        (@_token_created_callback ||= []).each { |b| user.instance_eval &b }
+      end
+    end
+  end
+end

data/lib/slots/generic_validations.rb

@@ -0,0 +1,51 @@
+# frozen_string_literal: true
+
+module Slots
+  module GenericValidations
+    extend ActiveSupport::Concern
+
+    included do
+      validate :unique_and_present, :logins_meets_criteria
+    end
+
+    def logins_meets_criteria
+      return if self.errors.any?
+      return unless Slots.configuration.login_regex_validations
+      logins = Slots.configuration.logins
+      login_c = logins.keys
+      logins.each do |col, reg|
+        login_c.delete(col) # Login columns left
+        column_match(reg, col)
+        column_dont_match(reg, col, login_c)
+      end
+    end
+
+    def unique_and_present
+      # Use this rather than validates because logins in configure might not be set yet on include
+      Slots.configuration.logins.each do |column, _|
+        value = self.send(column)
+        next self.errors.add(column, "can't be blank") unless value.present?
+
+        pk_value = self.send(self.class.primary_key)
+        lower_case = self.class.arel_table[column].lower.eq(value.downcase)
+        next unless self.class.where.not(self.class.primary_key => pk_value).where(lower_case).exists?
+        self.errors.add(column, "has already been taken")
+      end
+    end
+
+    def column_match(regex, column)
+      # TODO change error message to use locals? or something configurable
+      self.errors.add(column, "didn't match login criteria") unless self.send(column).match(regex)
+    end
+
+    def column_dont_match(regex, column_not_to_match, columns)
+      columns.each do |c|
+        # Since we check if any errors should be present
+        self.errors.add(c, "matched #{column_not_to_match} login criteria") if self.send(c).match(regex)
+      end
+    end
+
+    module ClassMethods
+    end
+  end
+end