tiny_auth 0.1.2 → 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- data/Gemfile +1 -0
- data/Gemfile.lock +9 -1
- data/README.md +6 -4
- data/lib/tiny_auth/version.rb +1 -1
- data/lib/tiny_auth.rb +38 -23
- metadata +3 -5
- data/bin/console +0 -14
- data/bin/setup +0 -8
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
|
-
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
2
|
+
SHA256:
|
|
3
|
+
metadata.gz: d2c08fa6193667861a991bb4442e3669e32d559a8fd6de39001e9bcef25857f0
|
|
4
|
+
data.tar.gz: 7edd1dc4569763af9f68e19066bcc1c0f8d273976f123d01b0a2439414fdd5ae
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: ce1f2b71ff644335d65683a044f75280f89bc752b7cd0754d5103ce93b921d051a8fdcc5b7298cec43d32fa516eb0ae03ab6f3a181cab2724a59715d59fb4beb
|
|
7
|
+
data.tar.gz: ecfe0672b60c176ea9e8687cb5690af60207814da193a08ec4a7800bad2da3743667061768ce7a245a4557862a6cb3a1ea0d01d4619f88a57c1e271c1a7dd7e6
|
data/Gemfile
CHANGED
data/Gemfile.lock
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
PATH
|
|
2
2
|
remote: .
|
|
3
3
|
specs:
|
|
4
|
-
tiny_auth (0.1.
|
|
4
|
+
tiny_auth (0.1.2)
|
|
5
5
|
activerecord (~> 6.0)
|
|
6
6
|
activesupport (~> 6.0)
|
|
7
7
|
globalid (~> 0.4)
|
|
@@ -23,10 +23,12 @@ GEM
|
|
|
23
23
|
bcrypt (3.1.13)
|
|
24
24
|
concurrent-ruby (1.1.5)
|
|
25
25
|
diff-lcs (1.3)
|
|
26
|
+
docile (1.3.2)
|
|
26
27
|
globalid (0.4.2)
|
|
27
28
|
activesupport (>= 4.2.0)
|
|
28
29
|
i18n (1.7.0)
|
|
29
30
|
concurrent-ruby (~> 1.0)
|
|
31
|
+
json (2.2.0)
|
|
30
32
|
minitest (5.13.0)
|
|
31
33
|
rake (10.5.0)
|
|
32
34
|
rspec (3.9.0)
|
|
@@ -42,6 +44,11 @@ GEM
|
|
|
42
44
|
diff-lcs (>= 1.2.0, < 2.0)
|
|
43
45
|
rspec-support (~> 3.9.0)
|
|
44
46
|
rspec-support (3.9.0)
|
|
47
|
+
simplecov (0.17.0)
|
|
48
|
+
docile (~> 1.1)
|
|
49
|
+
json (>= 1.8, < 3)
|
|
50
|
+
simplecov-html (~> 0.10.0)
|
|
51
|
+
simplecov-html (0.10.2)
|
|
45
52
|
sqlite3 (1.4.1)
|
|
46
53
|
thread_safe (0.3.6)
|
|
47
54
|
tzinfo (1.2.5)
|
|
@@ -56,6 +63,7 @@ DEPENDENCIES
|
|
|
56
63
|
bundler (~> 2.0)
|
|
57
64
|
rake (~> 10.0)
|
|
58
65
|
rspec (~> 3.0)
|
|
66
|
+
simplecov
|
|
59
67
|
sqlite3 (~> 1.4)
|
|
60
68
|
tiny_auth!
|
|
61
69
|
|
data/README.md
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
# TinyAuth
|
|
1
|
+
# TinyAuth [](https://travis-ci.org/rzane/tiny_auth)
|
|
2
2
|
|
|
3
3
|
A utility for minimal user authentication.
|
|
4
4
|
|
|
@@ -54,13 +54,15 @@ user = auth.exchange_reset_token(user, password: "changed")
|
|
|
54
54
|
|
|
55
55
|
## Development
|
|
56
56
|
|
|
57
|
-
After checking out the repo, run `
|
|
57
|
+
After checking out the repo, run `bundle install` to install dependencies.
|
|
58
|
+
|
|
59
|
+
Then, run `bundle exec rspec` to run the tests.
|
|
58
60
|
|
|
59
61
|
To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
|
|
60
62
|
|
|
61
63
|
## Contributing
|
|
62
64
|
|
|
63
|
-
Bug reports and pull requests are welcome on GitHub at https://github.com/
|
|
65
|
+
Bug reports and pull requests are welcome on GitHub at https://github.com/rzane/tiny_auth. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
|
|
64
66
|
|
|
65
67
|
## License
|
|
66
68
|
|
|
@@ -68,4 +70,4 @@ The gem is available as open source under the terms of the [MIT License](https:/
|
|
|
68
70
|
|
|
69
71
|
## Code of Conduct
|
|
70
72
|
|
|
71
|
-
Everyone interacting in the TinyAuth project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/
|
|
73
|
+
Everyone interacting in the TinyAuth project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/rzane/tiny_auth/blob/master/CODE_OF_CONDUCT.md).
|
data/lib/tiny_auth/version.rb
CHANGED
data/lib/tiny_auth.rb
CHANGED
|
@@ -4,16 +4,17 @@ require "active_record"
|
|
|
4
4
|
require "active_support/core_ext/securerandom"
|
|
5
5
|
|
|
6
6
|
class TinyAuth
|
|
7
|
-
|
|
8
|
-
class PersistError < StandardError; end
|
|
9
|
-
|
|
10
|
-
def initialize(model, scope: model)
|
|
7
|
+
def initialize(model, scope: model, secret: secret_key_base)
|
|
11
8
|
@model = model
|
|
12
9
|
@scope = scope
|
|
10
|
+
@secret = secret
|
|
11
|
+
|
|
12
|
+
raise ArgumentError, "missing argument: model" if model.nil?
|
|
13
|
+
raise ArgumentError, "missing keyword: secret" if secret.nil?
|
|
13
14
|
end
|
|
14
15
|
|
|
15
16
|
def find_by_email(email)
|
|
16
|
-
|
|
17
|
+
scope.find_by(model.arel_table[:email].lower.eq(email.downcase))
|
|
17
18
|
end
|
|
18
19
|
|
|
19
20
|
def find_by_credentials(email, password)
|
|
@@ -30,32 +31,46 @@ class TinyAuth
|
|
|
30
31
|
rescue ActiveRecord::RecordNotFound
|
|
31
32
|
end
|
|
32
33
|
|
|
33
|
-
def generate_reset_token(resource,
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
34
|
+
def generate_reset_token(resource, **opts)
|
|
35
|
+
generate_single_use_token(resource, purpose: :reset, **opts)
|
|
36
|
+
end
|
|
37
|
+
|
|
38
|
+
def generate_single_use_token(resource, purpose:, expires_in: 2.hours)
|
|
39
|
+
token = SecureRandom.base58(24)
|
|
40
|
+
|
|
41
|
+
resource.update!(
|
|
42
|
+
"#{purpose}_token" => hmac(token),
|
|
43
|
+
"#{purpose}_token_expires_at" => expires_in.from_now
|
|
38
44
|
)
|
|
39
45
|
|
|
40
|
-
|
|
46
|
+
token
|
|
41
47
|
end
|
|
42
48
|
|
|
43
|
-
def exchange_reset_token(
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
resource = @scope.where(not_expired).find_by(reset_token: reset_token)
|
|
49
|
+
def exchange_reset_token(token, **opts, &block)
|
|
50
|
+
exchange_single_use_token(token, purpose: :reset, **opts, &block)
|
|
51
|
+
end
|
|
47
52
|
|
|
48
|
-
|
|
49
|
-
|
|
53
|
+
def exchange_single_use_token(token, purpose:, update: {})
|
|
54
|
+
not_expired = model.arel_table[:"#{purpose}_token_expires_at"].gt(Time.now)
|
|
55
|
+
resource = scope.where(not_expired).find_by(:"#{purpose}_token" => hmac(token))
|
|
56
|
+
|
|
57
|
+
return if resource.nil?
|
|
58
|
+
yield resource if block_given?
|
|
59
|
+
|
|
60
|
+
resource.assign_attributes(update)
|
|
61
|
+
resource.update!("#{purpose}_token" => nil, "#{purpose}_token_expires_at" => nil)
|
|
62
|
+
resource
|
|
50
63
|
end
|
|
51
64
|
|
|
52
65
|
private
|
|
53
66
|
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
67
|
+
attr_reader :model, :scope, :secret
|
|
68
|
+
|
|
69
|
+
def hmac(value)
|
|
70
|
+
OpenSSL::HMAC.hexdigest("SHA256", secret, value)
|
|
71
|
+
end
|
|
72
|
+
|
|
73
|
+
def secret_key_base
|
|
74
|
+
Rails.application.secret_key_base if defined?(Rails)
|
|
60
75
|
end
|
|
61
76
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: tiny_auth
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.2.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Ray Zane
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2019-11-
|
|
11
|
+
date: 2019-11-16 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: activerecord
|
|
@@ -138,8 +138,6 @@ files:
|
|
|
138
138
|
- LICENSE.txt
|
|
139
139
|
- README.md
|
|
140
140
|
- Rakefile
|
|
141
|
-
- bin/console
|
|
142
|
-
- bin/setup
|
|
143
141
|
- lib/tiny_auth.rb
|
|
144
142
|
- lib/tiny_auth/version.rb
|
|
145
143
|
- tiny_auth.gemspec
|
|
@@ -165,7 +163,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
165
163
|
version: '0'
|
|
166
164
|
requirements: []
|
|
167
165
|
rubyforge_project:
|
|
168
|
-
rubygems_version: 2.6
|
|
166
|
+
rubygems_version: 2.7.6
|
|
169
167
|
signing_key:
|
|
170
168
|
specification_version: 4
|
|
171
169
|
summary: Bare-minimum authentication for APIs
|
data/bin/console
DELETED
|
@@ -1,14 +0,0 @@
|
|
|
1
|
-
#!/usr/bin/env ruby
|
|
2
|
-
|
|
3
|
-
require "bundler/setup"
|
|
4
|
-
require "tiny_auth"
|
|
5
|
-
|
|
6
|
-
# You can add fixtures and/or initialization code here to make experimenting
|
|
7
|
-
# with your gem easier. You can also use a different console, if you like.
|
|
8
|
-
|
|
9
|
-
# (If you use this, don't forget to add pry to your Gemfile!)
|
|
10
|
-
# require "pry"
|
|
11
|
-
# Pry.start
|
|
12
|
-
|
|
13
|
-
require "irb"
|
|
14
|
-
IRB.start(__FILE__)
|