tiny_auth 0.1.2 → 3.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: a857ca2f5a5570a3c6eeeb44c38f181b6e65cd5a
-  data.tar.gz: ce6eda4d395ec74c98837fe4ebb92fb03be5e6aa
+SHA256:
+  metadata.gz: 44afb63af8c4c286b6ea58e6cea65629621614931f630f76ef0fdac12b73f8fb
+  data.tar.gz: 64331660202e7610cb8d459c8cf6e21a73f9e0665d02e197c79a89c8e9b49a8a
 SHA512:
-  metadata.gz: 421a42289951a95406cb3b06e29339e5e9d35bb08d09a2933f112b110df28647c0cc6b139b6f934f62a7173cb56f545bb0e063ae92efbd19c6814ea43ff59472
-  data.tar.gz: 72e2a5ab7f10ef4ab1db43ca70b3ae56e0bf6ed4515277362f644ab538935937ea8d37ca22ffc62e0fe676f1170956e2340d860d47e2406297cadab0149f68b9
+  metadata.gz: 629a9db85d09fa28e1b92891a272bed123f26b2c1d8f6a889547a5751fd53eb03b7729eeb7ba37e2d2e499798ae748c0d65bb73abb88ee4d06c32b91f3109115
+  data.tar.gz: 5ae7c9d1e667d321298cebc4b5df889ce472c7b5d6293e66f8cf40552236cb506db41226ef22beb5fa250eeb34be59f2088099cd0b7de3a55cab36319f5f114a

data/.gitignore

@@ -9,3 +9,5 @@
 
 # rspec failure tracking
 .rspec_status
+
+/Gemfile.lock

data/Gemfile

@@ -2,3 +2,6 @@ source "https://rubygems.org"
 
 # Specify your gem's dependencies in tiny_auth.gemspec
 gemspec
+
+gem "simplecov"
+gem "coveralls"

data/README.md

@@ -1,4 +1,4 @@
-# TinyAuth
+# TinyAuth [![Build Status](https://travis-ci.org/rzane/tiny_auth.svg?branch=master)](https://travis-ci.org/rzane/tiny_auth) [![Coverage Status](https://coveralls.io/repos/github/rzane/tiny_auth/badge.svg?branch=master)](https://coveralls.io/github/rzane/tiny_auth?branch=master)
 
 A utility for minimal user authentication.
 
@@ -16,16 +16,17 @@ And then execute:
 
 ## Usage
 
+### `TinyAuth::Model`
+
 First, create a table to store your users:
 
 ```ruby
 create_table :users do |t|
   t.string :email, null: false
   t.string :password_digest, null: false
-  t.string :reset_token
-  t.datetime :reset_token_expires_at
+  t.integer :token_version, null: false, default: 0
   t.index :email, unique: true
-  t.index :reset_token, unique: true
+  t.index [:id, :token_version], unique: true
 end
 ```
 
@@ -33,34 +34,99 @@ Your model should look like this:
 
 ```ruby
 class User < ApplicationRecord
-  has_secure_password
+  include TinyAuth::Model
 end
 ```
 
-Now, you're ready to use `TinyAuth`:
+#### `#generate_token(purpose: :access, expires_in: 24.hours)`
+
+Generate a token. The token is generated from the user's `id` and their `token_version`.
+
+If the `token_version` changes, all previously issued tokens will be revoked. Anytime the
+user's password changes, this will happen automatically.
+
+```ruby
+irb> user.generate_token
+"eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJ..."
+
+irb> user.generate_token(purpose: :reset, expires_in: 1.hour)
+"eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJ..."
+```
+
+#### `#invalidate_tokens`
+
+Increments the `#token_version`, but does not apply the change to the database.
+
+#### `#invalidate_tokens!`
+
+Increments the `#token_version` and applies the change to the database.
+
+#### `.find_by_email(email)`
+
+Find a user by their email address. The query will disregard casing.
+
+```ruby
+irb> User.find_by_email("user@example.com")
+#<User id: 1, email: "user@example.com">
+```
+
+#### `.find_by_credentials(email, password)`
+
+Find a user by their email, then check that the password matches.
+
+If the email doesn't exist, `nil` will be returned. If the password doesn't match, `nil` will be returned.
 
 ```ruby
-auth = TinyAuth.new(User)
+irb> User.find_by_credentials("user@example.com", "testing123")
+#<User id: 1, email: "user@example.com">
+
+irb> User.find_by_credentials("user@example.com", "")
+nil
+
+irb> User.find_by_credentials("", "")
+nil
+```
 
-user = auth.find_by_email('user@example.com')
-user = auth.find_by_credentials('user@example.com', 'password')
+#### `.find_by_token(token, purpose: :access)`
 
-token = auth.generate_token(user)
-user = auth.find_by_token(token)
+Find a user by their token. If the user can't be found, `nil` will be returned.
 
-reset_token = auth.generate_reset_token(user)
-user = auth.exchange_reset_token(user, password: "changed")
+```ruby
+irb> User.find_by_token(token)
+#<User id: 1, email: "user@example.com">
+
+irb> User.find_by_token(reset_token, purpose: :reset)
+#<User id: 1, email: "user@example.com">
+
+irb> User.find_by_token("")
+nil
 ```
 
-## Development
+### `TinyAuth::Controller`
+
+```ruby
+class ApplicationController < ActionController::Base
+  include TinyAuth::Controller.new(model: User)
+end
+```
+
+The example above would generate the following methods based on the model's name:
+
+#### `#authenticate_user`
+
+This method should be called in a `before_action`. If an `Authorization` header is found, it will attempt to locate a user.
+
+#### `#current_user`
+
+An accessor that can be used to obtain access to the authenticated user after calling `authenticate_user`.
 
-After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+#### `#user_signed_in?`
 
-To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+A convenience method to determine if a user is signed in.
 
 ## Contributing
 
-Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/tiny_auth. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
+Bug reports and pull requests are welcome on GitHub at https://github.com/rzane/tiny_auth. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
 
 ## License
 
@@ -68,4 +134,4 @@ The gem is available as open source under the terms of the [MIT License](https:/
 
 ## Code of Conduct
 
-Everyone interacting in the TinyAuth project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/[USERNAME]/tiny_auth/blob/master/CODE_OF_CONDUCT.md).
+Everyone interacting in the TinyAuth project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/rzane/tiny_auth/blob/master/CODE_OF_CONDUCT.md).

data/bin/console

@@ -1,14 +1,16 @@
 #!/usr/bin/env ruby
 
 require "bundler/setup"
+require "irb"
+require "active_record"
 require "tiny_auth"
 
-# You can add fixtures and/or initialization code here to make experimenting
-# with your gem easier. You can also use a different console, if you like.
+require_relative "../spec/support/schema"
+require_relative "../spec/support/models"
 
-# (If you use this, don't forget to add pry to your Gemfile!)
-# require "pry"
-# Pry.start
+TinyAuth.secret = "supersecret"
+ActiveRecord::Base.logger = ActiveSupport::Logger.new(STDOUT)
+
+User.create!(email: "user@example.com", password: "testing123")
 
-require "irb"
 IRB.start(__FILE__)

data/docs/UPGRADING.md

@@ -0,0 +1,17 @@
+# Upgrading
+
+## 2.x to 3.x
+
+- Change all occurences of `generate_reset_token` to use `generate_token`.
+- Change all occurences of `exchange_reset_token` to use `find_by_token`.
+- Add a new migration:
+
+```ruby
+change_table :users do |t|
+  t.remove :reset_token_digest
+  t.remove :reset_token_expires_at
+
+  t.integer :token_version, null: false, default: 0
+  t.index [:id, :token_version], unique: true
+end
+```

data/lib/tiny_auth.rb

@@ -1,61 +1,25 @@
+require "tiny_auth/controller"
+require "tiny_auth/model"
+require "tiny_auth/verifier"
 require "tiny_auth/version"
-require "globalid"
-require "active_record"
-require "active_support/core_ext/securerandom"
 
-class TinyAuth
-  class Error < StandardError; end
-  class PersistError < StandardError; end
-
-  def initialize(model, scope: model)
-    @model = model
-    @scope = scope
-  end
-
-  def find_by_email(email)
-    @scope.find_by(@model.arel_table[:email].lower.eq(email.downcase))
-  end
-
-  def find_by_credentials(email, password)
-    resource = find_by_email(email)
-    resource if resource&.authenticate(password)
-  end
-
-  def generate_token(resource, purpose: :access, expires_in: 24.hours)
-    resource.to_sgid(expires_in: expires_in, for: purpose).to_s
-  end
-
-  def find_by_token(token, purpose: :access)
-    GlobalID::Locator.locate_signed(token, for: purpose)
-  rescue ActiveRecord::RecordNotFound
-  end
-
-  def generate_reset_token(resource, expires_in: 2.hours)
-    update_reset(
-      resource,
-      reset_token: SecureRandom.base58(24),
-      reset_token_expires_at: Time.now + expires_in
-    )
-
-    resource.reset_token
-  end
-
-  def exchange_reset_token(reset_token, changes = {})
-    changes = changes.merge(reset_token: nil, reset_token_expires_at: nil)
-    not_expired = @model.arel_table[:reset_token_expires_at].gt(Time.now)
-    resource = @scope.where(not_expired).find_by(reset_token: reset_token)
-
-    yield resource if resource && block_given?
-    update_reset(resource, changes) if resource
-  end
-
-  private
+module TinyAuth
+  class << self
+    # Configure the secret used to sign and verify tokens.
+    # @param secret [String]
+    def secret=(secret)
+      @verifier = Verifier.new(secret)
+    end
 
-  def update_reset(resource, changes)
-    if resource.update(changes)
-      resource
-    else
-      raise PersistError, "Failed to reset password."
+    def verifier # :nodoc:
+      @verifier || raise("Secret has not been configured")
     end
   end
 end
+
+begin
+  require "rails/railtie"
+rescue LoadError
+else
+  require "tiny_auth/railtie"
+end

data/lib/tiny_auth/controller.rb

@@ -0,0 +1,55 @@
+require "active_support/core_ext/object/blank"
+
+module TinyAuth
+  class Controller < Module
+    # Extract a token from a request
+    # @param request [ActionDispatch::HTTP::Request]
+    # @return [String,nil]
+    def self.token(request)
+      header = request.authorization.to_s
+      header[/^Bearer (.*)$/, 1].presence
+    end
+
+    # Defines a before action that will authenticate the resource.
+    # It also defines methods for accessing the currently authenticated
+    # resource.
+    # @param model [ActiveRecord::Base]
+    # @param name [Symbol] Used to define methods like `current_user`
+    #
+    # @example
+    #   class ApplicationController < ActionController::Base
+    #     include TinyAuth::Controller.new(model: User)
+    #
+    #     before_action :authenticate_user
+    #
+    #     def index
+    #       if user_signed_in?
+    #         render json: current_user
+    #       else
+    #         head :unauthorized
+    #       end
+    #     end
+    #   end
+    def initialize(model:, name: model.model_name.singular)
+      authenticate = :"authenticate_#{name}"
+      current = :"current_#{name}"
+      current_ivar = :"@current_#{name}"
+      signed_in = :"#{name}_signed_in?"
+
+      attr_reader current
+
+      define_method(signed_in) do
+        !send(current).nil?
+      end
+
+      define_method(authenticate) do
+        token = TinyAuth::Controller.token(request)
+
+        if token
+          resource = model.find_by_token(token)
+          instance_variable_set(current_ivar, resource)
+        end
+      end
+    end
+  end
+end

data/lib/tiny_auth/model.rb

@@ -0,0 +1,66 @@
+require "active_record"
+require "active_support/core_ext/numeric/time"
+
+module TinyAuth
+  module Model
+    def self.included(base)
+      base.extend ClassMethods
+      base.has_secure_password
+      base.before_save :invalidate_tokens, if: :password_digest_changed?
+    end
+
+    module ClassMethods
+      # Find a resource by email, ignoring case
+      # @param email [String]
+      # @return [ActiveRecord::Base,nil]
+      def find_by_email(email)
+        find_by(arel_table[:email].lower.eq(email.downcase))
+      end
+
+      # Find a resource by their email address and password
+      # This assumes that you've added `has_secure_password` to your model.
+      # @param email [String]
+      # @param password [String]
+      # @return [ActiveRecord::Base,nil]
+      def find_by_credentials(email, password)
+        resource = find_by_email(email)
+        resource if resource&.authenticate(password)
+      end
+
+      # Finds a resource by a token
+      # @param token [String]
+      # @param purpose [Symbol] defaults to `:access`
+      # @return [ActiveRecord::Base,nil]
+      def find_by_token(token, purpose: :access)
+        id, token_version = TinyAuth.verifier.verify(token, purpose: purpose)
+        find_by(id: id, token_version: token_version)
+      rescue ActiveSupport::MessageVerifier::InvalidSignature
+      end
+    end
+
+    # Generates a token for this resource.
+    # @param expires_in [ActiveSupport::Duration] defaults to 24 hours
+    # @param purpose [Symbol] defaults to `:access`
+    # @return [String]
+    def generate_token(purpose: :access, expires_in: 24.hours)
+      TinyAuth.verifier.generate(
+        [id, token_version],
+        purpose: purpose,
+        expires_in: expires_in
+      )
+    end
+
+    # Invalidate all tokens for this resource. The token version will
+    # be incremented and written to the database.
+    # @return [self]
+    def invalidate_tokens!
+      increment!(:token_version)
+    end
+
+    # Invalidate all tokens for this resource. The token version will
+    # be incremented, but it will not be written to the database.
+    def invalidate_tokens
+      increment(:token_version)
+    end
+  end
+end

data/lib/tiny_auth/railtie.rb

@@ -0,0 +1,7 @@
+module TinyAuth
+  class Railtie < Rails::Railtie # :nodoc:
+    initializer "tiny_auth" do |app|
+      TinyAuth.secret = app.key_generator.generate_key("tiny_auth")
+    end
+  end
+end

data/lib/tiny_auth/verifier.rb

@@ -0,0 +1,16 @@
+require "base64"
+require "active_support/message_verifier"
+
+module TinyAuth
+  class Verifier < ActiveSupport::MessageVerifier # :nodoc:
+    private
+
+    def encode(data)
+      ::Base64.urlsafe_encode64(data)
+    end
+
+    def decode(data)
+      ::Base64.urlsafe_decode64(data)
+    end
+  end
+end

data/lib/tiny_auth/version.rb

@@ -1,3 +1,3 @@
-class TinyAuth
-  VERSION = "0.1.2"
+module TinyAuth
+  VERSION = "3.0.0"
 end

data/tiny_auth.gemspec

@@ -26,7 +26,6 @@ Gem::Specification.new do |spec|
 
   spec.add_dependency "activerecord", "~> 6.0"
   spec.add_dependency "activesupport", "~> 6.0"
-  spec.add_dependency "globalid", "~> 0.4"
 
   spec.add_development_dependency "bundler", "~> 2.0"
   spec.add_development_dependency "rake", "~> 10.0"

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: tiny_auth
 version: !ruby/object:Gem::Version
-  version: 0.1.2
+  version: 3.0.0
 platform: ruby
 authors:
 - Ray Zane
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2019-11-15 00:00:00.000000000 Z
+date: 2021-05-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activerecord
@@ -38,20 +38,6 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '6.0'
-- !ruby/object:Gem::Dependency
-  name: globalid
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '0.4'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '0.4'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -134,13 +120,16 @@ files:
 - ".travis.yml"
 - CODE_OF_CONDUCT.md
 - Gemfile
-- Gemfile.lock
 - LICENSE.txt
 - README.md
 - Rakefile
 - bin/console
-- bin/setup
+- docs/UPGRADING.md
 - lib/tiny_auth.rb
+- lib/tiny_auth/controller.rb
+- lib/tiny_auth/model.rb
+- lib/tiny_auth/railtie.rb
+- lib/tiny_auth/verifier.rb
 - lib/tiny_auth/version.rb
 - tiny_auth.gemspec
 homepage: https://github.com/rzane/tiny_auth
@@ -149,7 +138,7 @@ licenses:
 metadata:
   homepage_uri: https://github.com/rzane/tiny_auth
   source_code_uri: https://github.com/rzane/tiny_auth
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -164,9 +153,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.6.14
-signing_key: 
+rubygems_version: 3.2.3
+signing_key:
 specification_version: 4
 summary: Bare-minimum authentication for APIs
 test_files: []

data/Gemfile.lock

@@ -1,63 +0,0 @@
-PATH
-  remote: .
-  specs:
-    tiny_auth (0.1.1)
-      activerecord (~> 6.0)
-      activesupport (~> 6.0)
-      globalid (~> 0.4)
-
-GEM
-  remote: https://rubygems.org/
-  specs:
-    activemodel (6.0.1)
-      activesupport (= 6.0.1)
-    activerecord (6.0.1)
-      activemodel (= 6.0.1)
-      activesupport (= 6.0.1)
-    activesupport (6.0.1)
-      concurrent-ruby (~> 1.0, >= 1.0.2)
-      i18n (>= 0.7, < 2)
-      minitest (~> 5.1)
-      tzinfo (~> 1.1)
-      zeitwerk (~> 2.2)
-    bcrypt (3.1.13)
-    concurrent-ruby (1.1.5)
-    diff-lcs (1.3)
-    globalid (0.4.2)
-      activesupport (>= 4.2.0)
-    i18n (1.7.0)
-      concurrent-ruby (~> 1.0)
-    minitest (5.13.0)
-    rake (10.5.0)
-    rspec (3.9.0)
-      rspec-core (~> 3.9.0)
-      rspec-expectations (~> 3.9.0)
-      rspec-mocks (~> 3.9.0)
-    rspec-core (3.9.0)
-      rspec-support (~> 3.9.0)
-    rspec-expectations (3.9.0)
-      diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.9.0)
-    rspec-mocks (3.9.0)
-      diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.9.0)
-    rspec-support (3.9.0)
-    sqlite3 (1.4.1)
-    thread_safe (0.3.6)
-    tzinfo (1.2.5)
-      thread_safe (~> 0.1)
-    zeitwerk (2.2.1)
-
-PLATFORMS
-  ruby
-
-DEPENDENCIES
-  bcrypt (~> 3.1)
-  bundler (~> 2.0)
-  rake (~> 10.0)
-  rspec (~> 3.0)
-  sqlite3 (~> 1.4)
-  tiny_auth!
-
-BUNDLED WITH
-   2.0.2

data/bin/setup

@@ -1,8 +0,0 @@
-#!/usr/bin/env bash
-set -euo pipefail
-IFS=$'\n\t'
-set -vx
-
-bundle install
-
-# Do any other automated setup that you need to do here