sudo_rails 0.1.0 → 0.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 638291947f7e86c97efc387c94903a011517acb4782ce38e82203086ebd2435c
-  data.tar.gz: 48ccb8a2114553330cab7e3fbe31e6ff36edb8a9ff1e8a709b549354cf9e6501
+  metadata.gz: 4b5f63db43fde756597153993a5ec14de3a2391e048fc221fc8630ca440d1688
+  data.tar.gz: 5be8d33df45adc1f9314555cbb65090cac0a0f8cc25a5fe5c114a67b31b84256
 SHA512:
-  metadata.gz: a8ea7742c4449d1389c7f1c392f274ea371d14d6890dfcb3bb010c766e4d9d625a011314a41f1b1e04017c3ecb8f635582cef2e7907406f47a84533d5b27dc65
-  data.tar.gz: 6c76d8fdc1c1ddda5376bd4cc466719ef386e1fdd349ed8e1a1f5d5aae94115374c67b5c3d276bf520cede3fc5b14cd4b3a3fd763413b7d818d3815d478ffe5e
+  metadata.gz: 7a36cf5217082dc574ebebd6bca0d8ee98bd2576db780ca19fe94af6be9bf421d077687756ae0539a16dfefe9ac58388d7c03832c48a0abc0b0b34954180c1af
+  data.tar.gz: 14ab4140a84df2017818dd98cdc405d77d388becf5a65a8b633a61390ca37dc0f8029add4f1bf86de153e1869c7b8efa54619d0ba9f8012f9493ecb72130ec75

data/README.md

@@ -5,7 +5,7 @@
 
 > Sudo mode for your Rails controllers
 
-Protect :lock: any Rails action with a customizable password confirmation strategy.
+:lock: Protect any Rails action with a customizable password confirmation strategy.
 
 ```ruby
 class SecretController < ApplicationController
@@ -13,7 +13,7 @@ class SecretController < ApplicationController
 end
 ```
 
-*Inspired by Unix `sudo` command and [GitHub Sudo mode](https://help.github.com/en/articles/sudo-mode).*
+*Inspired by [Unix `sudo` command](https://en.wikipedia.org/wiki/Sudo) and [GitHub Sudo mode](https://help.github.com/en/articles/sudo-mode).*
 
 ## Installation
 
@@ -35,24 +35,71 @@ end
 
 ### Configuration
 
-You can use the `setup` method to customize different things:
+You can use the `setup` method to configure and customize different things:
 
 ```ruby
 # config/initializers/sudo_rails.rb
 SudoRails.setup do |config|
+  # On/off engine
   config.enabled = true
-  config.sudo_session_time = 20.minutes # default is 1 hour
-  config.layout = 'admin'
+
+  # Sudo mode sessions duration, default is 1 hour
+  config.sudo_session_duration = 20.minutes
+
+  # Default confirmation page styles
   config.custom_logo = 'logos/medium_dark.png'
   config.primary_color = '#1A7191'
-  config.reset_pass_link = '/users/password/new'
-  config.confirm_with = -> (context, password) {
+  config.layout = 'admin'
+
+  # Confirmation strategy
+  config.confirm_strategy = -> (context, password) {
     user = context.current_user
     user.valid_password?(password)
   }
+  config.reset_pass_link = '/users/password/new'
 end
 ```
 
+### Styling
+
+Using the `custom_logo` and `primary_color` options, you can customize the confirmation page. In case you want full control of the styles, you can use your own layout (and consequently your own styles too) using the `layout` option.
+
+### Confirmation strategy
+
+You should define how to validate the password using the `confirm_strategy` option. It must be a `lambda`, which will receive 2 arguments: the controller instance (`context`) and the password from the user.
+
+By default, the gem ships with `Devise` and `Clearance` integration.
+
+Implementation examples:
+
+```ruby
+# Devise implementation
+config.confirm_strategy = -> (context, password) {
+  user = context.current_user
+  user.valid_password?(password)
+}
+
+# has_secure_password implementation
+config.confirm_strategy = -> (context, password) {
+  user = context.current_user
+  user.authenticate(password)
+}
+
+# Other custom implementation
+config.confirm_strategy = -> (context, password) {
+  user = context.current_user
+  user.admin? && password == ENV['SUPER_SECRET_PASSWORD']
+}
+
+config.confirm_strategy = -> (context, password) {
+  Auth.call(context.current_user.email, password)
+}
+```
+
+### I18n
+
+`sudo_rails` uses I18n by default. Take a look at our [locale file](config/locales/en.yml) to check all available messages.
+
 ## Development
 
 Any kind of feedback, bug report, idea or enhancement are really appreciated.

data/app/assets/stylesheets/sudo_rails/application.scss

@@ -1,8 +1,7 @@
 body {
   text-align: center;
-  font-size: 22px;
   font-family: Helvetica, Arial, sans-serif;
-  background-color: #f9f9f9;
+  background-color: #ececec;
   transform: translateY(20%);
 }
 
@@ -17,31 +16,31 @@ body {
 .sudo-form {
   background-color: #fff;
   border-radius: 5px;
-  border: 1px solid #d8dee2;
-  font-size: 14px;
   padding: 20px;
   margin: 10px auto;
   width: 340px;
+  box-shadow: 0 4px 8px 0 rgba(0, 0, 0, 0.1), 0 6px 20px 0 rgba(0, 0, 0, 0.1);
 
   input {
     display: block;
     width: 100%;
     font-size: 16px;
     line-height: 30px;
-    padding: 4px;
+    padding: 2px;
     border-radius: 5px;
-    border: 1px solid #d8dee2;
+    border: 1px solid #ececec;
   }
 
   input[type="submit"] {
     margin: 20px auto;
     width: 60%;
     padding: 4px;
-    background-color: #d8dee2;
+    background-color: #ececec;
     border-radius: 25px;
   }
 }
 
 .sudo-tip {
+  margin-top: 20px;
   font-size: 14px;
 }

data/app/controllers/sudo_rails/application_controller.rb

@@ -3,7 +3,7 @@ module SudoRails
     before_action :sudo_enabled?
 
     def confirm
-      if request.post? && confirm_sudo?
+      if request.post? && SudoRails.confirm?(self, params[:password])
         session[:sudo_rails_session] = Time.zone.now
         redirect_to params[:target_path]
       else
@@ -16,10 +16,5 @@ module SudoRails
     def sudo_enabled?
       SudoRails.enabled || head(404, message: "SudoRails disabled")
     end
-
-    def confirm_sudo?
-      block = SudoRails.confirm_with
-      block.call(self, params[:password])
-    end
   end
 end

data/app/views/layouts/sudo_rails/application.html.erb

@@ -3,7 +3,7 @@
 <head>
   <%= csrf_meta_tags %>
   <%= stylesheet_link_tag "sudo_rails/application", media: "all" %>
-  <%= render 'sudo_rails/inject_custom_styles' if SudoRails.primary_color %>
+  <%= render 'sudo_rails/inject_custom_styles' if SudoRails.custom_styles? %>
 </head>
 <body>
   <%= yield %>

data/app/views/sudo_rails/confirm_form.html.erb

@@ -3,22 +3,21 @@
     <%= image_tag SudoRails.custom_logo %>
   <% end %>
 
-  <h3>Confirm password to continue</h3>
+  <h2><%= t('sudo_rails.page_header') %></h2>
 </header>
 
 <div class='sudo-form'>
   <%= form_tag '/sudo_rails/confirm' do |f| %>
     <%= hidden_field_tag :target_path, params[:target_path] || request.url %>
-    <%= password_field_tag :password, nil, required: true, placeholder: 'Password' %>
-    <%= submit_tag 'Confirm password' %>
+    <%= password_field_tag :password, nil, required: true, placeholder: t('sudo_rails.password') %>
+    <%= submit_tag t('sudo_rails.button') %>
   <% end %>
 
   <% if SudoRails.reset_pass_link %>
-    <%= link_to 'Forgot your password?', SudoRails.reset_pass_link, target: '_blank' %>
+    <%= link_to t('sudo_rails.forgot_pass'), SudoRails.reset_pass_link, target: '_blank' %>
   <% end %>
 </div>
 
 <div class='sudo-tip'>
-  You are entering <b>sudo mode</b>.<br>
-  We won’t ask for your password again for <i><%= time_ago_in_words(SudoRails.sudo_session_time.ago) %></i>.
+  <%= t('sudo_rails.tip', session_duration: time_ago_in_words(SudoRails.sudo_session_duration.ago)).html_safe %>
 </div>

data/config/locales/en.yml

@@ -0,0 +1,9 @@
+en:
+  sudo_rails:
+    page_header: Confirm password to continue
+    button: Confirm password
+    password: Password
+    forgot_pass: Forgot your password?
+    tip: |-
+      You are entering <b>sudo mode</b>.<br>
+      We won’t ask for your password again for <i>%{session_duration}</i>.

data/lib/sudo_rails/controller_ext.rb

@@ -14,7 +14,7 @@ module SudoRails
     def self.valid_sudo_session?(started_at)
       return false unless started_at
 
-      Time.parse(started_at) + SudoRails.sudo_session_time > Time.zone.now
+      Time.parse(started_at) + SudoRails.sudo_session_duration > Time.zone.now
     end
   end
 end

data/lib/sudo_rails/integrations/clearance.rb

@@ -0,0 +1,7 @@
+SudoRails.setup do |config|
+  config.confirm_strategy = -> (context, password) {
+    user = context.current_user
+    user.authenticated?(password)
+  }
+  config.reset_pass_link = "/passwords/new"
+end

data/lib/sudo_rails/integrations/devise.rb

@@ -0,0 +1,8 @@
+SudoRails.setup do |config|
+  config.confirm_strategy = -> (context, password) {
+    user = context.current_user
+    user.valid_password?(password)
+  }
+  config.reset_pass_link = "/users/password/new"
+end
+

data/lib/sudo_rails/version.rb

@@ -1,3 +1,3 @@
 module SudoRails
-  VERSION = "0.1.0"
+  VERSION = "0.2.0"
 end

data/lib/sudo_rails.rb

@@ -8,8 +8,8 @@ module SudoRails
                   :layout,
                   :custom_logo,
                   :primary_color,
-                  :confirm_with,
-                  :sudo_session_time,
+                  :confirm_strategy,
+                  :sudo_session_duration,
                   :reset_pass_link
 
     def setup
@@ -19,16 +19,22 @@ module SudoRails
     def get_layout
       layout || 'sudo_rails/application'
     end
+
+    def custom_styles?
+      primary_color.present?
+    end
+
+    def confirm?(context, password)
+      strategy = confirm_strategy
+      raise(ArgumentError, 'Please, provide an strategy via SudoRails.confirm_strategy') unless strategy
+
+      strategy.call(context, password)
+    end
   end
 
   self.enabled = true
-  self.sudo_session_time = 1.hour
-
-  if defined?(Devise)
-    self.confirm_with = -> (context, password) {
-      user = context.current_user
-      user.valid_password?(password)
-    }
-    self.reset_pass_link = "/users/password/new"
-  end
+  self.sudo_session_duration = 1.hour
 end
+
+require 'sudo_rails/integrations/devise'    if defined?(Devise)
+require 'sudo_rails/integrations/clearance' if defined?(Clearance)

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: sudo_rails
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.2.0
 platform: ruby
 authors:
 - markets
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-05-01 00:00:00.000000000 Z
+date: 2019-05-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -67,9 +67,12 @@ files:
 - app/views/layouts/sudo_rails/application.html.erb
 - app/views/sudo_rails/_inject_custom_styles.html.erb
 - app/views/sudo_rails/confirm_form.html.erb
+- config/locales/en.yml
 - lib/sudo_rails.rb
 - lib/sudo_rails/controller_ext.rb
 - lib/sudo_rails/engine.rb
+- lib/sudo_rails/integrations/clearance.rb
+- lib/sudo_rails/integrations/devise.rb
 - lib/sudo_rails/version.rb
 homepage: https://github.com/markets/sudo_rails
 licenses: