tachiban 0.5.0 → 0.8.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 32f1f2b6604c7cda5393b06aad44f4ea84397a0d
-  data.tar.gz: 6e6dbbb843fae38ed80dc10034071da0b669d3ef
+SHA256:
+  metadata.gz: d18cad68d32567d0d583c417d817bd6980861ad662a505afd97cdfefe1c71f09
+  data.tar.gz: 720f7cb6014086b2de126283248ed728fabf003a9aa76772798b4e9ee3fbef33
 SHA512:
-  metadata.gz: ee08ab9357babdfef72ad367eb31f2815a1dbfffed18d2c0e526b0d9b411edee1bfc1124d5cd02052677b08cd966a4e114ac55365fa9fd2d30440e72ed0edc7b
-  data.tar.gz: 98e960466e21300d6973b405d493ecba1cb691a58e85296775468390a0c9acebe678cd8ce31665071342c025b5ecf731fbcf1b839f75b9a6283f009a427c2230
+  metadata.gz: bb298b0167b10f277c44ef4383c5d28e2e231e1a3ea731aca592c662afca362a42bbc25e55a854c1c330fef750b9d641ec26031a5a8cc412e312168f02ca86c1
+  data.tar.gz: cde4bc49bbef7f438732aff48502daabd750862a8fcf9d1feea9b5495e49e0f45b09952a292ef0ac105467981ec207ea186e3e36728be509528a271ad905718e

data/.gitignore

@@ -7,3 +7,4 @@
 /pkg/
 /spec/reports/
 /tmp/
+*.gem

data/.travis.yml

@@ -1,4 +1,4 @@
 language: ruby
 rvm:
-  - 2.2.1
-before_install: gem install bundler -v 1.11.2
+  - 2.5.1
+before_install: gem install bundler -v 2.0.2

data/README.md

@@ -1,6 +1,6 @@
 # Tachiban
 
-[![Join the chat at https://gitter.im/sebastjan-hribar/tachiban](https://badges.gitter.im/sebastjan-hribar/tachiban.svg)](https://gitter.im/sebastjan-hribar/tachiban?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge) [![Gem Version](https://badge.fury.io/rb/tachiban.svg)](https://badge.fury.io/rb/tachiban)
+[![Join the chat at https://gitter.im/sebastjan-hribar/tachiban](https://badges.gitter.im/sebastjan-hribar/tachiban.svg)](https://gitter.im/sebastjan-hribar/tachiban?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge) [![Gem Version](https://badge.fury.io/rb/tachiban.svg)](https://badge.fury.io/rb/tachiban) [![Build Status](https://travis-ci.org/sebastjan-hribar/tachiban.svg?branch=master)](https://travis-ci.org/sebastjan-hribar/tachiban)
 
 Tachiban (立ち番 - standing watch) provides simple authentication system for [Hanami web applications](http://hanamirb.org/) by using bcrypt for password hashing and
 offers the following functionalities (with methods listed below
@@ -10,11 +10,7 @@ offers the following functionalities (with methods listed below
 - Authentication
 - Session handling
 - Password reset
-- Authorization
-
-The Tachiban logic (apart from the Authorization) and code were extracted from a Hanami based web app using
-Hanami::Model and was also used in a Camping based web app using Active Record.
-
+- Authorization has been moved to [Rokku](https://github.com/sebastjan-hribar/rokku) 
 
 ## Installation
 
@@ -44,26 +40,20 @@ end
 
 ## Usage
 
-#### Prerequisites
+### Prerequisites
 Prior to logging in or authenticating the user, retrieve the entity from the
 database and assign it to the instance variable of `@user`.
 
-The password reset methods require the user entity to have the following attributes:
-**token** and **password_reset_sent_at (set as `Time.now`)**. The token can be used to compose
- the password reset url and to later retrieve the correct user from
-the database when the user visits the password reset url.
-
-The **password_reset_sent_at** can be used to check the reset link validity.
-
-The only prerequisite for the authorization is the attribute of **role** for the user entity.
+In addition to that, the user entity must have the following attributes:
 
+* **token** (used to compose the password reset url and get the user from the database)
+* **password_reset_sent_at** (set as `Time.now` to check the reset link validity)
+* **hashed_pass** (to hold the generated hashed password)
 
-#### Usage
 
-###### Signup
-The entity for which authentication is used must have the
-attribute `hashed_pass` to hold the generated hashed password.
+### Usage
 
+#### Signup
 To create a user with a hashed password use the `hashed_password(password)`
 method for the password and store it as the user's attribute `hashed_pass`.
 
@@ -81,14 +71,14 @@ def call(params)
 end
 ```
 
-###### Login
+#### Authentication and login
 To authenticate a user use the `authenticated?(input_password)` method and log
 them in with the `login` method. Authentication is successful if the user exists and passwords match.
 
-The user is logged in by setting the user object as the `session[:current_user]`.
+The user is logged in by setting the user object ID as the `session[:current_user]`.
 After the user is logged in the session start time is defined as
-`session[:session_start_time] = Time.now`. A flash message is also
-assigned as `flash[:success_notice] = flash_message`.
+`session[:session_start_time] = Time.now`. A default flash message is also
+assigned as 'You have been successfully logged in.'.
 
 The `session[:session_start_time]` is then used by the `session_expired?`
 method to determine whether the session has expired or not.
@@ -101,25 +91,23 @@ email = params[:entity_session][:email]
 password = params[:entity_session][:password]
 
 @user = EntityRepository.new.find_by_email(email)
-login("You have been successfully logged in.") if authenticated?(password)
+login if authenticated?(password)
 ```
 
-
-###### Authentication
 To check whether the user is logged in use the `check_for_logged_in_user` method.
 If the user is not logged in the `logout` method takes over.
 
 
-###### Session handling
+#### Session handling
 Tachiban handles session expiration by checking if a session has
 expired and then restarts the session start time if the session
 is still valid or proceeds with the following if the session
 has expired:
 
-- setting the `session[:current_user]` to `nil`
-- a flash message is set: `flash[:failed_notice] = "Your session has expired"`
+- setting the `session[:current_user]` to `nil`,
+- a flash message is set: `flash[:failed_notice] = "Your session has expired"`,
 - redirects to the `routes.root_path` which can be overwritten by assigning
-a different url to @redirect_url
+a different url to @redirect_url.
 
 
 The `session_expired?` method compares the session start time
@@ -132,7 +120,7 @@ by default, but can be overwritten) with the current time.
     if session_expired?
       @redirect_url ||= routes.root_path
       session[:current_user] = nil
-      flash[:failed_notice] = "Your session has expired"
+      flash[:failed_notice] = "Your session has expired."
       redirect_to @redirect_url
     else
       restart_session_counter
@@ -157,7 +145,7 @@ end
 ```
 
 
-###### Password reset
+#### Password reset
 The password reset feature provides a few simple methods to generate a
 token, email subject and body. It is also possible to specify and
 check the validity of the password reset url.
@@ -188,35 +176,43 @@ by the link validity: `Time.now > @user.password_reset_sent_at + link_validity`
 password_reset_url_valid?(link_validity)
 ```
 
+### Example of use in an application
+[Using Tachiban with a Hanami app](https://sebastjan-hribar.github.io/programming/2021/09/03/tachiban-with-hanami.html)
 
-###### Authorization
-Authorization support was setup as inspired by [this blog post](http://billpatrianakos.me/blog/2013/10/22/authorize-users-based-on-roles-and-permissions-without-a-gem/).
 
-Authorization features support the generation of policy files for each controller where authorized roles are specified for each action.
+### Changelog
 
-```ruby
-tachiban -n mightyPoster -p post
-```
-The above CLI command will generate a policy file for the application mightyPoster (not the project) and the controller post. The file will be generated as `myProject/lib/mightyPoster/policies/PostPolicy.rb`
+#### 0.8.0
 
-Each application would have its own `app/policies` folders.
+Bug fix for determining the validity of the password update linke. Greater than instead of less than was used
+to compare the time of the reset link email and the time when the user tries to update the password.
 
-**The command must be run in the project root folder.**
 
-Once the file is generated the authorized roles variables in the initialize block for required actions need to be uncommneted and supplied with specific roles.
+#### 0.7.0
 
-Then we can check if a user is authorized:
+Authorization was moved to a separate gem [Rokku](https://github.com/sebastjan-hribar/rokku).
+Readme update.
+
+Method: `Tachiban::login`
+<br>Change:
+Default flash message and redirect url provided.
+
+
+#### 0.6.1
+
+Dependency change for **rake** to ">= 12.3.3".
 
-```ruby
-authorized?(controller, role, action)
-```
 
+#### 0.6.0
 
-### ToDo
+Method: `Tachiban::login`
+<br>Change:
+`session[:current_user]` is not set as the user object, but as the user object id.
+***
+Method: `Tachiban::logout`
+<br>Change:
+Added `session.clear` to remove any other values upon logout.
 
-- Add support for level based authorizations. [x]
-- Add generators for adding authorization rules to existing policies.
-- Add generators for entities with required attributes.
 
 
 ## Development

data/bin/tachiban

@@ -1,2 +1 @@
 #!/usr/bin/env ruby
-require_relative "../lib/tachiban/commands/commands.rb"

data/lib/tachiban/version.rb

@@ -1,3 +1,3 @@
 module Tachiban
-  VERSION = "0.5.0"
+  VERSION = "0.8.0"
 end

data/lib/tachiban.rb

@@ -5,7 +5,6 @@ require 'hanami/action/session'
 
 module Hanami
   module Tachiban
-
 private
 
   # ### Signup ###
@@ -19,7 +18,6 @@ private
       BCrypt::Password.create(password)
     end
 
-
   # ### Login ###
 
   # The authenticated? method returns true if the the following criteria
@@ -31,35 +29,41 @@ private
       @user && BCrypt::Password.new(@user.hashed_pass) == input_pass
     end
 
-
   # The login method can be used in combination with the authenticated? method to
   # log the user in if the authenticated? method returns true. The user is
-  # logged in by setting the user object as the session[:current_user].
+  # logged in by setting the user object id as the session[:current_user].
   # After the user is logged in the session start time is defined, which is then used
   # by the session_expired? method to determine whether the session has
   # expired or not.
 
+  # There are two defualt values set: one for flash message and
+  # the other for redirect url. Both can be overwritten by assigning
+  # new values for @flash_message and @login_redirect_url.
+
   # Example:
   # login if authenticated?(input_pass)
 
-    def login(flash_message)
-      session[:current_user] = @user
+    def login
+      session[:current_user] = @user.id
       session[:session_start_time] = Time.now
-      flash[:success_notice] = flash_message
+      @flash_message ||= 'You have been successfully logged in.'
+      flash[:success_notice] = @flash_message
+      @login_redirect_url ||= routes.root_path
+      redirect_to @login_redirect_url
     end
 
-
   # The logout method sets the current user in the session to nil
-  # and performs a redirect to the @redirect_to which is set to
-  # routes.root_path and can be overwritten as needed with a specific url.
+  # and performs a redirect to the redirect_url which is set to
+  # /login, but can be overwritten as needed with a specific url
+  # by setting a new value for @logout_redirect_url.
 
     def logout
       session[:current_user] = nil
-      @redirect_url ||= routes.root_path
-      redirect_to @redirect_url
+      session.clear
+      @logout_redirect_url ||= '/login'
+      redirect_to @logout_redirect_url
     end
 
-
   # ### Authentication ###
 
   # The check_for_logged_in_user method can be used to check for each
@@ -67,10 +71,9 @@ private
   # the logout method takes over.
 
     def check_for_logged_in_user
-        logout unless session[:current_user]
+      logout unless session[:current_user]
     end
 
-
   # ### Session handling ###
 
   # Session handling  includes methods session_expired?,
@@ -87,7 +90,6 @@ private
       end
     end
 
-
   # The restart_session_counter method resets the session start time to
   # Time.now. It's used in the handle  session method.
 
@@ -95,7 +97,6 @@ private
       session[:session_start_time] = Time.now
     end
 
-
     # The handle_session method is used to handle the incoming requests
     # based on the the session expiration. If the session has expired the
     # session user is set to nil, a flash message of "Your session has expired"
@@ -109,16 +110,14 @@ private
       if session_expired?
         @redirect_url ||= routes.root_path
         session[:current_user] = nil
-        flash[:failed_notice] = "Your session has expired"
+        flash[:failed_notice] = 'Your session has expired.'
         redirect_to @redirect_url
       else
         restart_session_counter
       end
     end
 
-
   # ### Password reset ###
-
     def token
       SecureRandom.urlsafe_base64
     end
@@ -134,22 +133,8 @@ private
 
     # State the link_validity in seconds.
     def password_reset_url_valid?(link_validity)
-      Time.now > @user.password_reset_sent_at + link_validity
-    end
-
-
-  # ### Authorization ###
-  # The authorized? method checks if the specified user has the required role
-  # and permission to access the action. It returns true or false and
-  # provides the basis for further actions in either case.
-  #
-  # Example: redirect_to "/" unless authorized?
-
-    def authorized?(controller, role, action)
-      Object.const_get(controller.downcase.capitalize + "Policy").new(role).send("#{action.downcase}?")
+      Time.now < @user.password_reset_sent_at + link_validity
     end
-
-
   end
 end
 

data/tachiban.gemspec

@@ -17,14 +17,14 @@ Gem::Specification.new do |spec|
   spec.executables = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
   spec.require_paths = ["lib"]
 
-  spec.add_development_dependency "bundler", "~> 1.11"
-  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "bundler", "~> 2.0"
+  spec.add_development_dependency "rake", "~> 12.3", ">= 12.3.3"
   spec.add_development_dependency "minitest", "~> 5.0"
   spec.add_development_dependency "hanami-model", "~> 1.0"
   spec.add_development_dependency "timecop", "0.8.1"
   spec.add_development_dependency 'hanami-controller', "~> 1.0"
   spec.add_development_dependency 'hanami-router', "~> 1.0"
-  spec.add_development_dependency 'pry'
+  spec.add_development_dependency 'pry', "~> 0"
 
   spec.add_runtime_dependency "bcrypt", "~> 3.1"
   spec.add_runtime_dependency 'hanami-controller', "~> 1.0"

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: tachiban
 version: !ruby/object:Gem::Version
-  version: 0.5.0
+  version: 0.8.0
 platform: ruby
 authors:
 - Sebastjan Hribar
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-08-22 00:00:00.000000000 Z
+date: 2021-09-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -16,28 +16,34 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.11'
+        version: '2.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.11'
+        version: '2.0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '12.3'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 12.3.3
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '12.3'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 12.3.3
 - !ruby/object:Gem::Dependency
   name: minitest
   requirement: !ruby/object:Gem::Requirement
@@ -112,14 +118,14 @@ dependencies:
   name: pry
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
@@ -185,8 +191,6 @@ files:
 - bin/setup
 - bin/tachiban
 - lib/tachiban.rb
-- lib/tachiban/commands/commands.rb
-- lib/tachiban/policy_generator/policy_generator.rb
 - lib/tachiban/version.rb
 - tachiban.gemspec
 homepage: https://github.com/sebastjan-hribar/tachiban
@@ -209,7 +213,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.5.2
+rubygems_version: 2.7.7
 signing_key: 
 specification_version: 4
 summary: Tachiban provides simple password hashing for user authentication with bcrypt

data/lib/tachiban/commands/commands.rb

@@ -1,45 +0,0 @@
-#!/usr/bin/env ruby
-require 'optparse'
-require_relative "../policy_generator/policy_generator.rb"
-
-
-options = {}
-optparse = OptionParser.new do |opts|
-  opts.banner = "\nHanami authorization policy generator
-Usage: tachiban -n myapp -p user
-Flags:
-\n"
-
-  opts.on("-n", "--app_name APP", "Specify the application name for the policy") do |app_name|
-    options[:app_name] = app_name
-  end
-
-  opts.on("-p", "--policy POLICY", "Specify the policy name") do |policy|
-    options[:policy] = policy
-  end
-
-  opts.on("-h", "--help", "Displays help") do
-    puts opts
-    exit
-  end
-
-end
-
-
-begin
-  optparse.parse!
-  puts "Add flag -h or --help to see usage instructions." if options.empty?
-  mandatory = [:app_name, :policy]
-  missing = mandatory.select{ |arg| options[arg].nil? }
-  unless missing.empty?
-    raise OptionParser::MissingArgument.new(missing.join(', '))
-  end
-
-rescue OptionParser::InvalidOption, OptionParser::MissingArgument
-  puts $!.to_s
-  puts optparse
-  exit
-end
-
-puts "Performing task with options: #{options.inspect}"
-generate_policy("#{options[:app_name]}", "#{options[:policy]}") if options[:policy]

data/lib/tachiban/policy_generator/policy_generator.rb

@@ -1,58 +0,0 @@
-require 'fileutils'
-
-# The generate_policy method creates the policy file for specified
-# application and controller. By default all actions to check against
-# are commented out.
-# Uncomment the needed actions and define appropriate user role.
-
-def generate_policy(app_name, controller_name)
-  app_name = app_name
-  controller = controller_name.downcase.capitalize
-  policy_txt = <<-TXT
-    class #{controller}Policy
-      def initialize(role)
-        @user_role = role
-
-        # Uncomment the required roles and add the
-        # appropriate user role to the @authorized_roles* array.
-
-        # @authorized_roles_for_new = []
-        # @authorized_roles_for_create = []
-        # @authorized_roles_for_show = []
-        # @authorized_roles_for_index = []
-        # @authorized_roles_for_edit = []
-        # @authorized_roles_for_update = []
-        # @authorized_roles_for_destroy = []
-      end
-
-      def new?
-        @authorized_roles_for_new.include? @user_role
-      end
-      def create?
-        @authorized_roles_for_create.include? @user_role
-      end
-      def show?
-        @authorized_roles_for_show.include? @user_role
-      end
-      def index?
-        @authorized_roles_for_index.include? @user_role
-      end
-      def edit?
-        @authorized_roles_for_edit.include? @user_role
-      end
-      def update?
-        @authorized_roles_for_update.include? @user_role
-      end
-      def destroy?
-        @authorized_roles_for_destroy.include? @user_role
-      end
-    end
-    TXT
-
-
-  FileUtils.mkdir_p "lib/#{app_name}/policies" unless File.directory?("lib/#{app_name}/policies")
-  unless File.file?("lib/#{app_name}/policies/#{controller}Policy.rb")
-    File.open("lib/#{app_name}/policies/#{controller}Policy.rb", 'w') { |file| file.write(policy_txt) }
-  end
-  puts("Generated policy: lib/#{app_name}/policies/#{controller}Policy.rb") if File.file?("lib/#{app_name}/policies/#{controller}Policy.rb")
-end