tiny_auth 0.1.0 → 2.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 067c6cf62a8fe40b8fa2da418605dbc53cd790bc
-  data.tar.gz: 91a2dc9cbceecf73688c9204445d7d6026a2080a
+SHA256:
+  metadata.gz: ff3ff4ff25d9895b64f12d3e506d3c4ebba61c5c0ba702afc37501aeb13dc956
+  data.tar.gz: 6f71e8f393807eb1b5ab944d720982a7b14e4cbb43a00f2ede0f822ad8cb85cc
 SHA512:
-  metadata.gz: 97074ce70bc487d7219b36f55d8c5c3512c2a2c94206c3b12d2045f47a90c46cc516d09abcaa36db00f93cfbc72e349eed75323f7bd12ccc24aa9909ef1a1923
-  data.tar.gz: 2ea66468d7fad3f816153b402a423742312d3b8447fd80c1c9be305043dc8114e2232b847cf3d461cb86acbb8b54856c77d18314badc899e5707e34776acb73c
+  metadata.gz: d8d987c6ca4ef3387d245a9f4e6a263729a928839466617b227db3592d96ffce8605513fbf78f63d33802de18712c36a97b04f8961570a7fb3e57c45e2101341
+  data.tar.gz: 72c2cee4eb4bc47dbe50dfa55473d3ae3be6eca231ebbd5581d000c633dfffe204c79493f9171a51087cffa419135ef3392ebe09416623b42c70a569e8787445

data/.gitignore

@@ -9,3 +9,5 @@
 
 # rspec failure tracking
 .rspec_status
+
+/Gemfile.lock

data/Gemfile

@@ -2,3 +2,6 @@ source "https://rubygems.org"
 
 # Specify your gem's dependencies in tiny_auth.gemspec
 gemspec
+
+gem "simplecov"
+gem "coveralls"

data/README.md

@@ -1,4 +1,4 @@
-# TinyAuth
+# TinyAuth [![Build Status](https://travis-ci.org/rzane/tiny_auth.svg?branch=master)](https://travis-ci.org/rzane/tiny_auth) [![Coverage Status](https://coveralls.io/repos/github/rzane/tiny_auth/badge.svg?branch=master)](https://coveralls.io/github/rzane/tiny_auth?branch=master)
 
 A utility for minimal user authentication.
 
@@ -22,10 +22,11 @@ First, create a table to store your users:
 create_table :users do |t|
   t.string :email, null: false
   t.string :password_digest, null: false
-  t.string :reset_token
+  t.string :reset_token_digest
   t.datetime :reset_token_expires_at
+
   t.index :email, unique: true
-  t.index :reset_token, unique: true
+  t.index :reset_token_digest, unique: true
 end
 ```
 
@@ -33,34 +34,45 @@ Your model should look like this:
 
 ```ruby
 class User < ApplicationRecord
+  include TinyAuth::Model
   has_secure_password
 end
 ```
 
-Now, you're ready to use `TinyAuth`:
+Now, you're ready to authenticate!
 
 ```ruby
-auth = TinyAuth.new(User)
-
-user = auth.find_by_email('user@example.com')
-user = auth.find_by_credentials('user@example.com', 'password')
+user = User.find_by_email("user@example.com")
+user = User.find_by_credentials("user@example.com", "password")
 
-token = auth.generate_token(user)
-user = auth.find_by_token(token)
+token = user.generate_token
+user = User.find_by_token(token)
 
-reset_token = auth.generate_reset_token(user)
-user = auth.exchange_reset_token(user, password: "changed")
+reset_token = user.generate_reset_token
+user = User.exchange_reset_token(reset_token)
 ```
 
-## Development
-
-After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+Oh, and you can add authentication to your controllers:
 
-To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+```ruby
+class ApplicationController < ActionController::Base
+  include TinyAuth::Controller.new(model: User)
+
+  before_action :authenticate_user
+
+  def index
+    if user_signed_in?
+      render json: {id: current_user.id}
+    else
+      head :unauthorized
+    end
+  end
+end
+```
 
 ## Contributing
 
-Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/tiny_auth. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
+Bug reports and pull requests are welcome on GitHub at https://github.com/rzane/tiny_auth. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
 
 ## License
 
@@ -68,4 +80,4 @@ The gem is available as open source under the terms of the [MIT License](https:/
 
 ## Code of Conduct
 
-Everyone interacting in the TinyAuth project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/[USERNAME]/tiny_auth/blob/master/CODE_OF_CONDUCT.md).
+Everyone interacting in the TinyAuth project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/rzane/tiny_auth/blob/master/CODE_OF_CONDUCT.md).

data/lib/tiny_auth.rb

@@ -1,60 +1,42 @@
+require "openssl"
+require "tiny_auth/model"
+require "tiny_auth/controller"
 require "tiny_auth/version"
-require "globalid"
-require "active_record"
-require "active_support/core_ext/securerandom"
 
-class TinyAuth
-  class Error < StandardError; end
-  class PersistError < StandardError; end
-
-  def initialize(model, scope: model)
-    @model = model
-    @scope = scope
-  end
-
-  def find_by_email(email)
-    @scope.find_by(@model.arel_table[:email].lower.eq(email.downcase))
-  end
-
-  def find_by_credentials(email, password)
-    resource = find_by_email(email)
-    resource if resource&.authenticate(password)
-  end
-
-  def generate_token(resource, purpose: :access, expires_in: 24.hours)
-    resource.to_sgid(expires_in: expires_in, for: purpose)
-  end
-
-  def find_by_token(token, purpose: :access)
-    GlobalID::Locator.locate_signed(token, for: purpose)
-  end
-
-  def generate_reset_token(resource, expires_in: 2.hours)
-    update_reset(
-      resource,
-      reset_token: SecureRandom.base58(24),
-      reset_token_expires_at: Time.now + expires_in
-    )
+module TinyAuth
+  class << self
+    # A secret that is used for hashing tokens.
+    #
+    # If `Rails` is defined, it will attempt to use
+    # `Rails.application.secret_key_base`.
+    #
+    # @raise [RuntimeError]
+    # @return [String]
+    def secret
+      @secret || secret_key_base || missing_secret!
+    end
 
-    resource.reset_token
-  end
+    # Configure the secret that is used for hashing tokens.
+    # @param secret [String]
+    def secret=(secret)
+      @secret = secret
+    end
 
-  def exchange_reset_token(reset_token, changes = {})
-    changes = changes.merge(reset_token: nil, reset_token_expires_at: nil)
-    not_expired = @model.arel_table[:reset_token_expires_at].gt(Time.now)
-    resource = @scope.where(not_expired).find_by(reset_token: reset_token)
+    # Create a hash from a value using the secret
+    # @param value [String]
+    # @return [String]
+    def hexdigest(value)
+      OpenSSL::HMAC.hexdigest("SHA256", secret, value)
+    end
 
-    yield resource if resource && block_given?
-    update_reset(resource, changes) if resource
-  end
+    private
 
-  private
+    def secret_key_base
+      Rails.application.secret_key_base if defined? Rails
+    end
 
-  def update_reset(resource, changes)
-    if resource.update(changes)
-      resource
-    else
-      raise PersistError, "Failed to reset password."
+    def missing_secret!
+      raise "You need to configure TinyAuth.secret"
     end
   end
 end

data/lib/tiny_auth/controller.rb

@@ -0,0 +1,55 @@
+require "active_support/core_ext/object/blank"
+
+module TinyAuth
+  class Controller < Module
+    # Extract a token from a request
+    # @param request [ActionDispatch::HTTP::Request]
+    # @return [String,nil]
+    def self.token(request)
+      header = request.authorization.to_s
+      header[/^Bearer (.*)$/, 1].presence
+    end
+
+    # Defines a before action that will authenticate the resource.
+    # It also defines methods for accessing the currently authenticated
+    # resource.
+    # @param model [ActiveRecord::Base]
+    # @param name [Symbol] Used to define methods like `current_user`
+    #
+    # @example
+    #   class ApplicationController < ActionController::Base
+    #     include TinyAuth::Controller.new(model: User)
+    #
+    #     before_action :authenticate_user
+    #
+    #     def index
+    #       if user_signed_in?
+    #         render json: current_user
+    #       else
+    #         head :unauthorized
+    #       end
+    #     end
+    #   end
+    def initialize(model:, name: model.model_name.singular)
+      authenticate = :"authenticate_#{name}"
+      current = :"current_#{name}"
+      current_ivar = :"@current_#{name}"
+      signed_in = :"#{name}_signed_in?"
+
+      attr_reader current
+
+      define_method(signed_in) do
+        !send(current).nil?
+      end
+
+      define_method(authenticate) do
+        token = TinyAuth::Controller.token(request)
+
+        if token
+          resource = model.find_by_token(token)
+          instance_variable_set(current_ivar, resource)
+        end
+      end
+    end
+  end
+end

data/lib/tiny_auth/model.rb

@@ -0,0 +1,75 @@
+require "active_record"
+require "globalid"
+require "active_support/core_ext/numeric/time"
+require "active_support/core_ext/securerandom"
+
+module TinyAuth
+  module Model
+    def self.included(base)
+      base.extend ClassMethods
+    end
+
+    module ClassMethods
+      # Find a resource by email, ignoring case
+      # @param email [String]
+      # @return [ActiveRecord::Base,nil]
+      def find_by_email(email)
+        find_by arel_table[:email].lower.eq(email.downcase)
+      end
+
+      # Find a resource by their email address and password
+      # This assumes that you've added `has_secure_password` to your model.
+      # @param email [String]
+      # @param password [String]
+      # @return [ActiveRecord::Base,nil]
+      def find_by_credentials(email, password)
+        resource = find_by_email(email)
+        resource if resource&.authenticate(password)
+      end
+
+      # Finds a resource by a token
+      # @param token [String]
+      # @return [ActiveRecord::Base,nil]
+      def find_by_token(token)
+        resource = GlobalID::Locator.locate_signed(token, for: :access)
+        resource if resource.kind_of?(self)
+      rescue ActiveRecord::RecordNotFound
+      end
+
+      # Finds a resource by their reset token and nillifies `reset_password_digest`
+      # and `reset_token_expires_at` fields
+      # @param token [String]
+      # @return [ActiveRecord::Base,nil]
+      def exchange_reset_token(token)
+        digest = TinyAuth.hexdigest(token)
+        not_expired = arel_table[:reset_token_expires_at].gt(Time.now)
+        resource = where(not_expired).find_by(reset_token_digest: digest)
+        resource&.reset_token_digest = nil
+        resource&.reset_token_expires_at = nil
+        resource
+      end
+    end
+
+    # Generates a stateless token for a resource
+    # @param expires_in [ActiveSupport::Duration] defaults to 24 hours
+    def generate_token(expires_in: 24.hours)
+      to_signed_global_id(expires_in: expires_in, for: :access).to_s
+    end
+
+    # Generates a reset token for a resource. A hashed version of the token
+    # is stored in the database
+    # @param expires_in [ActiveSupport::Duration] defaults to 2 hours
+    def generate_reset_token(expires_in: 2.hours)
+      token = SecureRandom.base58(24)
+      digest = TinyAuth.hexdigest(token)
+      expiry = expires_in.from_now
+
+      update_columns(
+        reset_token_digest: digest,
+        reset_token_expires_at: expiry
+      )
+
+      token
+    end
+  end
+end

data/lib/tiny_auth/version.rb

@@ -1,3 +1,3 @@
-class TinyAuth
-  VERSION = "0.1.0"
+module TinyAuth
+  VERSION = "2.0.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: tiny_auth
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 2.0.0
 platform: ruby
 authors:
 - Ray Zane
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-11-15 00:00:00.000000000 Z
+date: 2020-05-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activerecord
@@ -134,13 +134,12 @@ files:
 - ".travis.yml"
 - CODE_OF_CONDUCT.md
 - Gemfile
-- Gemfile.lock
 - LICENSE.txt
 - README.md
 - Rakefile
-- bin/console
-- bin/setup
 - lib/tiny_auth.rb
+- lib/tiny_auth/controller.rb
+- lib/tiny_auth/model.rb
 - lib/tiny_auth/version.rb
 - tiny_auth.gemspec
 homepage: https://github.com/rzane/tiny_auth
@@ -165,7 +164,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.6.14
+rubygems_version: 2.7.6
 signing_key: 
 specification_version: 4
 summary: Bare-minimum authentication for APIs

data/Gemfile.lock

@@ -1,63 +0,0 @@
-PATH
-  remote: .
-  specs:
-    tiny_auth (0.1.0)
-      activerecord (~> 6.0)
-      activesupport (~> 6.0)
-      globalid (~> 0.4)
-
-GEM
-  remote: https://rubygems.org/
-  specs:
-    activemodel (6.0.1)
-      activesupport (= 6.0.1)
-    activerecord (6.0.1)
-      activemodel (= 6.0.1)
-      activesupport (= 6.0.1)
-    activesupport (6.0.1)
-      concurrent-ruby (~> 1.0, >= 1.0.2)
-      i18n (>= 0.7, < 2)
-      minitest (~> 5.1)
-      tzinfo (~> 1.1)
-      zeitwerk (~> 2.2)
-    bcrypt (3.1.13)
-    concurrent-ruby (1.1.5)
-    diff-lcs (1.3)
-    globalid (0.4.2)
-      activesupport (>= 4.2.0)
-    i18n (1.7.0)
-      concurrent-ruby (~> 1.0)
-    minitest (5.13.0)
-    rake (10.5.0)
-    rspec (3.9.0)
-      rspec-core (~> 3.9.0)
-      rspec-expectations (~> 3.9.0)
-      rspec-mocks (~> 3.9.0)
-    rspec-core (3.9.0)
-      rspec-support (~> 3.9.0)
-    rspec-expectations (3.9.0)
-      diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.9.0)
-    rspec-mocks (3.9.0)
-      diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.9.0)
-    rspec-support (3.9.0)
-    sqlite3 (1.4.1)
-    thread_safe (0.3.6)
-    tzinfo (1.2.5)
-      thread_safe (~> 0.1)
-    zeitwerk (2.2.1)
-
-PLATFORMS
-  ruby
-
-DEPENDENCIES
-  bcrypt (~> 3.1)
-  bundler (~> 2.0)
-  rake (~> 10.0)
-  rspec (~> 3.0)
-  sqlite3 (~> 1.4)
-  tiny_auth!
-
-BUNDLED WITH
-   2.0.2

data/bin/console

@@ -1,14 +0,0 @@
-#!/usr/bin/env ruby
-
-require "bundler/setup"
-require "tiny_auth"
-
-# You can add fixtures and/or initialization code here to make experimenting
-# with your gem easier. You can also use a different console, if you like.
-
-# (If you use this, don't forget to add pry to your Gemfile!)
-# require "pry"
-# Pry.start
-
-require "irb"
-IRB.start(__FILE__)

data/bin/setup

@@ -1,8 +0,0 @@
-#!/usr/bin/env bash
-set -euo pipefail
-IFS=$'\n\t'
-set -vx
-
-bundle install
-
-# Do any other automated setup that you need to do here