tiny_auth 0.1.2 → 0.2.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (9) hide show
  1. checksums.yaml +5 -5
  2. data/Gemfile +1 -0
  3. data/Gemfile.lock +9 -1
  4. data/README.md +6 -4
  5. data/lib/tiny_auth/version.rb +1 -1
  6. data/lib/tiny_auth.rb +38 -23
  7. metadata +3 -5
  8. data/bin/console +0 -14
  9. data/bin/setup +0 -8
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA1:
3
- metadata.gz: a857ca2f5a5570a3c6eeeb44c38f181b6e65cd5a
4
- data.tar.gz: ce6eda4d395ec74c98837fe4ebb92fb03be5e6aa
2
+ SHA256:
3
+ metadata.gz: d2c08fa6193667861a991bb4442e3669e32d559a8fd6de39001e9bcef25857f0
4
+ data.tar.gz: 7edd1dc4569763af9f68e19066bcc1c0f8d273976f123d01b0a2439414fdd5ae
5
5
  SHA512:
6
- metadata.gz: 421a42289951a95406cb3b06e29339e5e9d35bb08d09a2933f112b110df28647c0cc6b139b6f934f62a7173cb56f545bb0e063ae92efbd19c6814ea43ff59472
7
- data.tar.gz: 72e2a5ab7f10ef4ab1db43ca70b3ae56e0bf6ed4515277362f644ab538935937ea8d37ca22ffc62e0fe676f1170956e2340d860d47e2406297cadab0149f68b9
6
+ metadata.gz: ce1f2b71ff644335d65683a044f75280f89bc752b7cd0754d5103ce93b921d051a8fdcc5b7298cec43d32fa516eb0ae03ab6f3a181cab2724a59715d59fb4beb
7
+ data.tar.gz: ecfe0672b60c176ea9e8687cb5690af60207814da193a08ec4a7800bad2da3743667061768ce7a245a4557862a6cb3a1ea0d01d4619f88a57c1e271c1a7dd7e6
data/Gemfile CHANGED
@@ -2,3 +2,4 @@ source "https://rubygems.org"
2
2
 
3
3
  # Specify your gem's dependencies in tiny_auth.gemspec
4
4
  gemspec
5
+ gem 'simplecov', require: false, group: :test
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- tiny_auth (0.1.1)
4
+ tiny_auth (0.1.2)
5
5
  activerecord (~> 6.0)
6
6
  activesupport (~> 6.0)
7
7
  globalid (~> 0.4)
@@ -23,10 +23,12 @@ GEM
23
23
  bcrypt (3.1.13)
24
24
  concurrent-ruby (1.1.5)
25
25
  diff-lcs (1.3)
26
+ docile (1.3.2)
26
27
  globalid (0.4.2)
27
28
  activesupport (>= 4.2.0)
28
29
  i18n (1.7.0)
29
30
  concurrent-ruby (~> 1.0)
31
+ json (2.2.0)
30
32
  minitest (5.13.0)
31
33
  rake (10.5.0)
32
34
  rspec (3.9.0)
@@ -42,6 +44,11 @@ GEM
42
44
  diff-lcs (>= 1.2.0, < 2.0)
43
45
  rspec-support (~> 3.9.0)
44
46
  rspec-support (3.9.0)
47
+ simplecov (0.17.0)
48
+ docile (~> 1.1)
49
+ json (>= 1.8, < 3)
50
+ simplecov-html (~> 0.10.0)
51
+ simplecov-html (0.10.2)
45
52
  sqlite3 (1.4.1)
46
53
  thread_safe (0.3.6)
47
54
  tzinfo (1.2.5)
@@ -56,6 +63,7 @@ DEPENDENCIES
56
63
  bundler (~> 2.0)
57
64
  rake (~> 10.0)
58
65
  rspec (~> 3.0)
66
+ simplecov
59
67
  sqlite3 (~> 1.4)
60
68
  tiny_auth!
61
69
 
data/README.md CHANGED
@@ -1,4 +1,4 @@
1
- # TinyAuth
1
+ # TinyAuth [![Build Status](https://travis-ci.org/rzane/tiny_auth.svg?branch=master)](https://travis-ci.org/rzane/tiny_auth)
2
2
 
3
3
  A utility for minimal user authentication.
4
4
 
@@ -54,13 +54,15 @@ user = auth.exchange_reset_token(user, password: "changed")
54
54
 
55
55
  ## Development
56
56
 
57
- After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
57
+ After checking out the repo, run `bundle install` to install dependencies.
58
+
59
+ Then, run `bundle exec rspec` to run the tests.
58
60
 
59
61
  To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
60
62
 
61
63
  ## Contributing
62
64
 
63
- Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/tiny_auth. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
65
+ Bug reports and pull requests are welcome on GitHub at https://github.com/rzane/tiny_auth. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
64
66
 
65
67
  ## License
66
68
 
@@ -68,4 +70,4 @@ The gem is available as open source under the terms of the [MIT License](https:/
68
70
 
69
71
  ## Code of Conduct
70
72
 
71
- Everyone interacting in the TinyAuth project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/[USERNAME]/tiny_auth/blob/master/CODE_OF_CONDUCT.md).
73
+ Everyone interacting in the TinyAuth project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/rzane/tiny_auth/blob/master/CODE_OF_CONDUCT.md).
data/lib/tiny_auth/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  class TinyAuth
2
- VERSION = "0.1.2"
2
+ VERSION = "0.2.0"
3
3
  end
data/lib/tiny_auth.rb CHANGED
@@ -4,16 +4,17 @@ require "active_record"
4
4
  require "active_support/core_ext/securerandom"
5
5
 
6
6
  class TinyAuth
7
- class Error < StandardError; end
8
- class PersistError < StandardError; end
9
-
10
- def initialize(model, scope: model)
7
+ def initialize(model, scope: model, secret: secret_key_base)
11
8
  @model = model
12
9
  @scope = scope
10
+ @secret = secret
11
+
12
+ raise ArgumentError, "missing argument: model" if model.nil?
13
+ raise ArgumentError, "missing keyword: secret" if secret.nil?
13
14
  end
14
15
 
15
16
  def find_by_email(email)
16
- @scope.find_by(@model.arel_table[:email].lower.eq(email.downcase))
17
+ scope.find_by(model.arel_table[:email].lower.eq(email.downcase))
17
18
  end
18
19
 
19
20
  def find_by_credentials(email, password)
@@ -30,32 +31,46 @@ class TinyAuth
30
31
  rescue ActiveRecord::RecordNotFound
31
32
  end
32
33
 
33
- def generate_reset_token(resource, expires_in: 2.hours)
34
- update_reset(
35
- resource,
36
- reset_token: SecureRandom.base58(24),
37
- reset_token_expires_at: Time.now + expires_in
34
+ def generate_reset_token(resource, **opts)
35
+ generate_single_use_token(resource, purpose: :reset, **opts)
36
+ end
37
+
38
+ def generate_single_use_token(resource, purpose:, expires_in: 2.hours)
39
+ token = SecureRandom.base58(24)
40
+
41
+ resource.update!(
42
+ "#{purpose}_token" => hmac(token),
43
+ "#{purpose}_token_expires_at" => expires_in.from_now
38
44
  )
39
45
 
40
- resource.reset_token
46
+ token
41
47
  end
42
48
 
43
- def exchange_reset_token(reset_token, changes = {})
44
- changes = changes.merge(reset_token: nil, reset_token_expires_at: nil)
45
- not_expired = @model.arel_table[:reset_token_expires_at].gt(Time.now)
46
- resource = @scope.where(not_expired).find_by(reset_token: reset_token)
49
+ def exchange_reset_token(token, **opts, &block)
50
+ exchange_single_use_token(token, purpose: :reset, **opts, &block)
51
+ end
47
52
 
48
- yield resource if resource && block_given?
49
- update_reset(resource, changes) if resource
53
+ def exchange_single_use_token(token, purpose:, update: {})
54
+ not_expired = model.arel_table[:"#{purpose}_token_expires_at"].gt(Time.now)
55
+ resource = scope.where(not_expired).find_by(:"#{purpose}_token" => hmac(token))
56
+
57
+ return if resource.nil?
58
+ yield resource if block_given?
59
+
60
+ resource.assign_attributes(update)
61
+ resource.update!("#{purpose}_token" => nil, "#{purpose}_token_expires_at" => nil)
62
+ resource
50
63
  end
51
64
 
52
65
  private
53
66
 
54
- def update_reset(resource, changes)
55
- if resource.update(changes)
56
- resource
57
- else
58
- raise PersistError, "Failed to reset password."
59
- end
67
+ attr_reader :model, :scope, :secret
68
+
69
+ def hmac(value)
70
+ OpenSSL::HMAC.hexdigest("SHA256", secret, value)
71
+ end
72
+
73
+ def secret_key_base
74
+ Rails.application.secret_key_base if defined?(Rails)
60
75
  end
61
76
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: tiny_auth
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.2
4
+ version: 0.2.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Ray Zane
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-11-15 00:00:00.000000000 Z
11
+ date: 2019-11-16 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activerecord
@@ -138,8 +138,6 @@ files:
138
138
  - LICENSE.txt
139
139
  - README.md
140
140
  - Rakefile
141
- - bin/console
142
- - bin/setup
143
141
  - lib/tiny_auth.rb
144
142
  - lib/tiny_auth/version.rb
145
143
  - tiny_auth.gemspec
@@ -165,7 +163,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
165
163
  version: '0'
166
164
  requirements: []
167
165
  rubyforge_project:
168
- rubygems_version: 2.6.14
166
+ rubygems_version: 2.7.6
169
167
  signing_key:
170
168
  specification_version: 4
171
169
  summary: Bare-minimum authentication for APIs
data/bin/console DELETED
@@ -1,14 +0,0 @@
1
- #!/usr/bin/env ruby
2
-
3
- require "bundler/setup"
4
- require "tiny_auth"
5
-
6
- # You can add fixtures and/or initialization code here to make experimenting
7
- # with your gem easier. You can also use a different console, if you like.
8
-
9
- # (If you use this, don't forget to add pry to your Gemfile!)
10
- # require "pry"
11
- # Pry.start
12
-
13
- require "irb"
14
- IRB.start(__FILE__)
data/bin/setup DELETED
@@ -1,8 +0,0 @@
1
- #!/usr/bin/env bash
2
- set -euo pipefail
3
- IFS=$'\n\t'
4
- set -vx
5
-
6
- bundle install
7
-
8
- # Do any other automated setup that you need to do here