tachiban 0.6.1 → 0.7.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3fbe2ce6b5eb049f1a610456e1071a346881c14df1222f9963f9821fb02681b9
-  data.tar.gz: 8e085cd08268eef3597869b00bc42361e08baac42f8de346d92e559e81a8466b
+  metadata.gz: 6a4772cbc2387fbc462f6fd7f0bb3e1738521e1ede9a4d8b02e6cda05ab9ffc1
+  data.tar.gz: 16069ee6e897992462ce538ec514fdeef1c2798014f573265e293e15603f8b42
 SHA512:
-  metadata.gz: d6c945ffabc49f82f57782db4bb145c3eab6a1a719ae84219f95bf6a7d25a2022b564ace70c1fca45eab965c28db136fb669ef095bf52c4b4eaeb1e58d5b96cc
-  data.tar.gz: a498df67c718b21dee1ebbe0d1bba26002b9c11734a1fda51f3c6a9bfded7721f467377f0a0a7ade8677df15187420752ccb1f83616072120f2a6b67806a9fcb
+  metadata.gz: d8d446ac3dd3f8762154859b8a32369d2e92a8eeb570a05bffdb8bc9674ed1676d288c8e71a1666887beda650e91db0c98becf306db4f097ff9ff00f1defac60
+  data.tar.gz: 4745b414ecf91bb84564b54febbab5febcd1c40d0e0df454140286b454b9af5938546a91da8f3f17ae7612a598eeada823f5e8616d8fc8377a90383089c36db6

data/README.md

@@ -10,11 +10,7 @@ offers the following functionalities (with methods listed below
 - Authentication
 - Session handling
 - Password reset
-- Authorization
-
-The Tachiban logic (apart from the Authorization) and code were extracted from a Hanami based web app using
-Hanami::Model and was also used in a Camping based web app using Active Record.
-
+- Authorization has been moved to [Rokku](https://github.com/sebastjan-hribar/rokku) 
 
 ## Installation
 
@@ -48,22 +44,16 @@ end
 Prior to logging in or authenticating the user, retrieve the entity from the
 database and assign it to the instance variable of `@user`.
 
-The password reset methods require the user entity to have the following attributes:
-**token** and **password_reset_sent_at (set as `Time.now`)**. The token can be used to compose
- the password reset url and to later retrieve the correct user from
-the database when the user visits the password reset url.
-
-The **password_reset_sent_at** can be used to check the reset link validity.
+In addition to that, the user entity must have the following attributes:
 
-The only prerequisite for the authorization is the attribute of **role** for the user entity.
+* **token** (used to compose the password reset url and get the user from the database)
+* **password_reset_sent_at** (set as `Time.now` to check the reset link validity)
+* **hashed_pass** (to hold the generated hashed password)
 
 
 ### Usage
 
 #### Signup
-The entity for which authentication is used must have the
-attribute `hashed_pass` to hold the generated hashed password.
-
 To create a user with a hashed password use the `hashed_password(password)`
 method for the password and store it as the user's attribute `hashed_pass`.
 
@@ -81,14 +71,14 @@ def call(params)
 end
 ```
 
-#### Login
+#### Authentication and login
 To authenticate a user use the `authenticated?(input_password)` method and log
 them in with the `login` method. Authentication is successful if the user exists and passwords match.
 
-The user is logged in by setting the user object as the `session[:current_user]`.
+The user is logged in by setting the user object ID as the `session[:current_user]`.
 After the user is logged in the session start time is defined as
-`session[:session_start_time] = Time.now`. A flash message is also
-assigned as `flash[:success_notice] = flash_message`.
+`session[:session_start_time] = Time.now`. A default flash message is also
+assigned as 'You have been successfully logged in.'.
 
 The `session[:session_start_time]` is then used by the `session_expired?`
 method to determine whether the session has expired or not.
@@ -101,11 +91,9 @@ email = params[:entity_session][:email]
 password = params[:entity_session][:password]
 
 @user = EntityRepository.new.find_by_email(email)
-login("You have been successfully logged in.") if authenticated?(password)
+login if authenticated?(password)
 ```
 
-
-#### Authentication
 To check whether the user is logged in use the `check_for_logged_in_user` method.
 If the user is not logged in the `logout` method takes over.
 
@@ -116,10 +104,10 @@ expired and then restarts the session start time if the session
 is still valid or proceeds with the following if the session
 has expired:
 
-- setting the `session[:current_user]` to `nil`
-- a flash message is set: `flash[:failed_notice] = "Your session has expired"`
+- setting the `session[:current_user]` to `nil`,
+- a flash message is set: `flash[:failed_notice] = "Your session has expired"`,
 - redirects to the `routes.root_path` which can be overwritten by assigning
-a different url to @redirect_url
+a different url to @redirect_url.
 
 
 The `session_expired?` method compares the session start time
@@ -132,7 +120,7 @@ by default, but can be overwritten) with the current time.
     if session_expired?
       @redirect_url ||= routes.root_path
       session[:current_user] = nil
-      flash[:failed_notice] = "Your session has expired"
+      flash[:failed_notice] = "Your session has expired."
       redirect_to @redirect_url
     else
       restart_session_counter
@@ -189,37 +177,26 @@ password_reset_url_valid?(link_validity)
 ```
 
 
-#### Authorization
-Authorization support was setup as inspired by [this blog post](http://billpatrianakos.me/blog/2013/10/22/authorize-users-based-on-roles-and-permissions-without-a-gem/).
-
-Authorization features support the generation of policy files for each controller where authorized roles are specified for each action.
-
-```ruby
-tachiban -n mightyPoster -p post
-```
-The above CLI command will generate a policy file for the application mightyPoster (not the project) and the controller post. The file will be generated as `myProject/lib/mightyPoster/policies/PostPolicy.rb`
-
-Each application would have its own `app/policies` folders.
+### ToDo
 
-**The command must be run in the project root folder.**
+- Add full Hanami app for testing purposes.
 
-Once the file is generated the authorized roles variables in the initialize block for required actions need to be uncommneted and supplied with specific roles.
+### Changelog
 
-Then we can check if a user is authorized:
+#### 0.7.0
 
-```ruby
-authorized?(controller, role, action)
-```
+Authorization was moved to a separate gem [Rokku](https://github.com/sebastjan-hribar/rokku).
+Readme update.
 
+Method: `Tachiban::login`
+<br>Change:
+Default flash message and redirect url provided.
 
-### ToDo
 
-- Add support for level based authorizations. [x]
-- Add generators for adding authorization rules to existing policies.
-- Add generators for entities with required attributes.
+#### 0.6.1
 
+Dependency change for **rake** to ">= 12.3.3".
 
-### Changelog
 
 #### 0.6.0
 
@@ -231,10 +208,6 @@ Method: `Tachiban::logout`
 <br>Change:
 Added `session.clear` to remove any other values upon logout.
 
-#### 0.6.1
-
-Dependency change for **rake** to ">= 12.3.3".
-
 
 
 ## Development

data/bin/tachiban

@@ -1,2 +1 @@
 #!/usr/bin/env ruby
-require_relative "../lib/tachiban/commands/commands.rb"

data/lib/tachiban.rb

@@ -5,7 +5,6 @@ require 'hanami/action/session'
 
 module Hanami
   module Tachiban
-
 private
 
   # ### Signup ###
@@ -19,7 +18,6 @@ private
       BCrypt::Password.create(password)
     end
 
-
   # ### Login ###
 
   # The authenticated? method returns true if the the following criteria
@@ -31,7 +29,6 @@ private
       @user && BCrypt::Password.new(@user.hashed_pass) == input_pass
     end
 
-
   # The login method can be used in combination with the authenticated? method to
   # log the user in if the authenticated? method returns true. The user is
   # logged in by setting the user object id as the session[:current_user].
@@ -39,28 +36,34 @@ private
   # by the session_expired? method to determine whether the session has
   # expired or not.
 
+  # There are two defualt values set: one for flash message and
+  # the other for redirect url. Both can be overwritten by assigning
+  # new values for @flash_message and @login_redirect_url.
+
   # Example:
   # login if authenticated?(input_pass)
 
-    def login(flash_message)
+    def login
       session[:current_user] = @user.id
       session[:session_start_time] = Time.now
-      flash[:success_notice] = flash_message
+      @flash_message ||= 'You have been successfully logged in.'
+      flash[:success_notice] = @flash_message
+      @login_redirect_url ||= routes.root_path
+      redirect_to @login_redirect_url
     end
 
-
   # The logout method sets the current user in the session to nil
-  # and performs a redirect to the @redirect_to which is set to
-  # routes.root_path and can be overwritten as needed with a specific url.
+  # and performs a redirect to the redirect_url which is set to
+  # /login, but can be overwritten as needed with a specific url
+  # by setting a new value for @logout_redirect_url.
 
     def logout
       session[:current_user] = nil
       session.clear
-      @redirect_url ||= routes.root_path
-      redirect_to @redirect_url
+      @logout_redirect_url ||= '/login'
+      redirect_to @logout_redirect_url
     end
 
-
   # ### Authentication ###
 
   # The check_for_logged_in_user method can be used to check for each
@@ -68,10 +71,9 @@ private
   # the logout method takes over.
 
     def check_for_logged_in_user
-        logout unless session[:current_user]
+      logout unless session[:current_user]
     end
 
-
   # ### Session handling ###
 
   # Session handling  includes methods session_expired?,
@@ -88,7 +90,6 @@ private
       end
     end
 
-
   # The restart_session_counter method resets the session start time to
   # Time.now. It's used in the handle  session method.
 
@@ -96,7 +97,6 @@ private
       session[:session_start_time] = Time.now
     end
 
-
     # The handle_session method is used to handle the incoming requests
     # based on the the session expiration. If the session has expired the
     # session user is set to nil, a flash message of "Your session has expired"
@@ -110,16 +110,14 @@ private
       if session_expired?
         @redirect_url ||= routes.root_path
         session[:current_user] = nil
-        flash[:failed_notice] = "Your session has expired"
+        flash[:failed_notice] = 'Your session has expired.'
         redirect_to @redirect_url
       else
         restart_session_counter
       end
     end
 
-
   # ### Password reset ###
-
     def token
       SecureRandom.urlsafe_base64
     end
@@ -137,20 +135,6 @@ private
     def password_reset_url_valid?(link_validity)
       Time.now > @user.password_reset_sent_at + link_validity
     end
-
-
-  # ### Authorization ###
-  # The authorized? method checks if the specified user has the required role
-  # and permission to access the action. It returns true or false and
-  # provides the basis for further actions in either case.
-  #
-  # Example: redirect_to "/" unless authorized?
-
-    def authorized?(controller, role, action)
-      Object.const_get(controller.downcase.capitalize + "Policy").new(role).send("#{action.downcase}?")
-    end
-
-
   end
 end
 

data/lib/tachiban/version.rb

@@ -1,3 +1,3 @@
 module Tachiban
-  VERSION = "0.6.1"
+  VERSION = "0.7.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: tachiban
 version: !ruby/object:Gem::Version
-  version: 0.6.1
+  version: 0.7.0
 platform: ruby
 authors:
 - Sebastjan Hribar
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-10-02 00:00:00.000000000 Z
+date: 2021-02-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -191,8 +191,6 @@ files:
 - bin/setup
 - bin/tachiban
 - lib/tachiban.rb
-- lib/tachiban/commands/commands.rb
-- lib/tachiban/policy_generator/policy_generator.rb
 - lib/tachiban/version.rb
 - tachiban.gemspec
 homepage: https://github.com/sebastjan-hribar/tachiban

data/lib/tachiban/commands/commands.rb

@@ -1,45 +0,0 @@
-#!/usr/bin/env ruby
-require 'optparse'
-require_relative "../policy_generator/policy_generator.rb"
-
-
-options = {}
-optparse = OptionParser.new do |opts|
-  opts.banner = "\nHanami authorization policy generator
-Usage: tachiban -n myapp -p user
-Flags:
-\n"
-
-  opts.on("-n", "--app_name APP", "Specify the application name for the policy") do |app_name|
-    options[:app_name] = app_name
-  end
-
-  opts.on("-p", "--policy POLICY", "Specify the policy name") do |policy|
-    options[:policy] = policy
-  end
-
-  opts.on("-h", "--help", "Displays help") do
-    puts opts
-    exit
-  end
-
-end
-
-
-begin
-  optparse.parse!
-  puts "Add flag -h or --help to see usage instructions." if options.empty?
-  mandatory = [:app_name, :policy]
-  missing = mandatory.select{ |arg| options[arg].nil? }
-  unless missing.empty?
-    raise OptionParser::MissingArgument.new(missing.join(', '))
-  end
-
-rescue OptionParser::InvalidOption, OptionParser::MissingArgument
-  puts $!.to_s
-  puts optparse
-  exit
-end
-
-puts "Performing task with options: #{options.inspect}"
-generate_policy("#{options[:app_name]}", "#{options[:policy]}") if options[:policy]

data/lib/tachiban/policy_generator/policy_generator.rb

@@ -1,58 +0,0 @@
-require 'fileutils'
-
-# The generate_policy method creates the policy file for specified
-# application and controller. By default all actions to check against
-# are commented out.
-# Uncomment the needed actions and define appropriate user role.
-
-def generate_policy(app_name, controller_name)
-  app_name = app_name
-  controller = controller_name.downcase.capitalize
-  policy_txt = <<-TXT
-    class #{controller}Policy
-      def initialize(role)
-        @user_role = role
-
-        # Uncomment the required roles and add the
-        # appropriate user role to the @authorized_roles* array.
-
-        # @authorized_roles_for_new = []
-        # @authorized_roles_for_create = []
-        # @authorized_roles_for_show = []
-        # @authorized_roles_for_index = []
-        # @authorized_roles_for_edit = []
-        # @authorized_roles_for_update = []
-        # @authorized_roles_for_destroy = []
-      end
-
-      def new?
-        @authorized_roles_for_new.include? @user_role
-      end
-      def create?
-        @authorized_roles_for_create.include? @user_role
-      end
-      def show?
-        @authorized_roles_for_show.include? @user_role
-      end
-      def index?
-        @authorized_roles_for_index.include? @user_role
-      end
-      def edit?
-        @authorized_roles_for_edit.include? @user_role
-      end
-      def update?
-        @authorized_roles_for_update.include? @user_role
-      end
-      def destroy?
-        @authorized_roles_for_destroy.include? @user_role
-      end
-    end
-    TXT
-
-
-  FileUtils.mkdir_p "lib/#{app_name}/policies" unless File.directory?("lib/#{app_name}/policies")
-  unless File.file?("lib/#{app_name}/policies/#{controller}Policy.rb")
-    File.open("lib/#{app_name}/policies/#{controller}Policy.rb", 'w') { |file| file.write(policy_txt) }
-  end
-  puts("Generated policy: lib/#{app_name}/policies/#{controller}Policy.rb") if File.file?("lib/#{app_name}/policies/#{controller}Policy.rb")
-end