tiny_auth 0.2.0 → 1.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA256:
-  metadata.gz: d2c08fa6193667861a991bb4442e3669e32d559a8fd6de39001e9bcef25857f0
-  data.tar.gz: 7edd1dc4569763af9f68e19066bcc1c0f8d273976f123d01b0a2439414fdd5ae
+SHA1:
+  metadata.gz: ab849294a31f7be0e5da2033ab81e9bd91850e67
+  data.tar.gz: cd1c89e452847d5b48cf69235c9e0c46f0ecd1ea
 SHA512:
-  metadata.gz: ce1f2b71ff644335d65683a044f75280f89bc752b7cd0754d5103ce93b921d051a8fdcc5b7298cec43d32fa516eb0ae03ab6f3a181cab2724a59715d59fb4beb
-  data.tar.gz: ecfe0672b60c176ea9e8687cb5690af60207814da193a08ec4a7800bad2da3743667061768ce7a245a4557862a6cb3a1ea0d01d4619f88a57c1e271c1a7dd7e6
+  metadata.gz: 399030a4ad8844703aee70fa18185fc36f65e566941a1c8fd01a39c36ebe4773604a4ee270e00a5656153f010e3c6dc0bff02af8c410a01b58a530d7049edf32
+  data.tar.gz: 63dbff0e1f10d646a14939ba3c6d199860027aae7660657bc9450c90d29c2e4c6b5cc1697637d87bc7ec067d48e075f335a69690bf2208aa3770f88823bf5dd7

data/.gitignore

@@ -9,3 +9,5 @@
 
 # rspec failure tracking
 .rspec_status
+
+/Gemfile.lock

data/Gemfile

@@ -2,4 +2,6 @@ source "https://rubygems.org"
 
 # Specify your gem's dependencies in tiny_auth.gemspec
 gemspec
-gem 'simplecov', require: false, group: :test
+
+gem "simplecov"
+gem "coveralls"

data/README.md

@@ -1,4 +1,4 @@
-# TinyAuth [![Build Status](https://travis-ci.org/rzane/tiny_auth.svg?branch=master)](https://travis-ci.org/rzane/tiny_auth)
+# TinyAuth [![Build Status](https://travis-ci.org/rzane/tiny_auth.svg?branch=master)](https://travis-ci.org/rzane/tiny_auth) [![Coverage Status](https://coveralls.io/repos/github/rzane/tiny_auth/badge.svg?branch=master)](https://coveralls.io/github/rzane/tiny_auth?branch=master)
 
 A utility for minimal user authentication.
 
@@ -22,10 +22,11 @@ First, create a table to store your users:
 create_table :users do |t|
   t.string :email, null: false
   t.string :password_digest, null: false
-  t.string :reset_token
+  t.string :reset_token_digest
   t.datetime :reset_token_expires_at
+
   t.index :email, unique: true
-  t.index :reset_token, unique: true
+  t.index :reset_token_digest, unique: true
 end
 ```
 
@@ -33,32 +34,41 @@ Your model should look like this:
 
 ```ruby
 class User < ApplicationRecord
+  include TinyAuth::Model
   has_secure_password
 end
 ```
 
-Now, you're ready to use `TinyAuth`:
+Now, you're ready to authenticate!
 
 ```ruby
-auth = TinyAuth.new(User)
-
-user = auth.find_by_email('user@example.com')
-user = auth.find_by_credentials('user@example.com', 'password')
+user = User.find_by_email("user@example.com")
+user = User.find_by_credentials("user@example.com", "password")
 
-token = auth.generate_token(user)
-user = auth.find_by_token(token)
+token = user.generate_token
+user = User.find_by_token(token)
 
-reset_token = auth.generate_reset_token(user)
-user = auth.exchange_reset_token(user, password: "changed")
+reset_token = user.generate_reset_token
+user = User.exchange_reset_token(reset_token)
 ```
 
-## Development
-
-After checking out the repo, run `bundle install` to install dependencies.
-
-Then, run `bundle exec rspec` to run the tests.
+Oh, and you can add authentication to your controllers:
 
-To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+```ruby
+class ApplicationController < ActionController::Base
+  extend TinyAuth::Controller
+
+  authenticates model: User
+
+  def index
+    if user_signed_in?
+      render json: {id: current_user.id}
+    else
+      head :unauthorized
+    end
+  end
+end
+```
 
 ## Contributing
 

data/lib/tiny_auth.rb

@@ -1,76 +1,42 @@
+require "openssl"
+require "tiny_auth/model"
+require "tiny_auth/controller"
 require "tiny_auth/version"
-require "globalid"
-require "active_record"
-require "active_support/core_ext/securerandom"
 
-class TinyAuth
-  def initialize(model, scope: model, secret: secret_key_base)
-    @model = model
-    @scope = scope
-    @secret = secret
-
-    raise ArgumentError, "missing argument: model" if model.nil?
-    raise ArgumentError, "missing keyword: secret" if secret.nil?
-  end
-
-  def find_by_email(email)
-    scope.find_by(model.arel_table[:email].lower.eq(email.downcase))
-  end
-
-  def find_by_credentials(email, password)
-    resource = find_by_email(email)
-    resource if resource&.authenticate(password)
-  end
-
-  def generate_token(resource, purpose: :access, expires_in: 24.hours)
-    resource.to_sgid(expires_in: expires_in, for: purpose).to_s
-  end
-
-  def find_by_token(token, purpose: :access)
-    GlobalID::Locator.locate_signed(token, for: purpose)
-  rescue ActiveRecord::RecordNotFound
-  end
-
-  def generate_reset_token(resource, **opts)
-    generate_single_use_token(resource, purpose: :reset, **opts)
-  end
-
-  def generate_single_use_token(resource, purpose:, expires_in: 2.hours)
-    token = SecureRandom.base58(24)
-
-    resource.update!(
-      "#{purpose}_token" => hmac(token),
-      "#{purpose}_token_expires_at" => expires_in.from_now
-    )
-
-    token
-  end
-
-  def exchange_reset_token(token, **opts, &block)
-    exchange_single_use_token(token, purpose: :reset, **opts, &block)
-  end
-
-  def exchange_single_use_token(token, purpose:, update: {})
-    not_expired = model.arel_table[:"#{purpose}_token_expires_at"].gt(Time.now)
-    resource = scope.where(not_expired).find_by(:"#{purpose}_token" => hmac(token))
-
-    return if resource.nil?
-    yield resource if block_given?
-
-    resource.assign_attributes(update)
-    resource.update!("#{purpose}_token" => nil, "#{purpose}_token_expires_at" => nil)
-    resource
-  end
-
-  private
-
-  attr_reader :model, :scope, :secret
-
-  def hmac(value)
-    OpenSSL::HMAC.hexdigest("SHA256", secret, value)
-  end
-
-  def secret_key_base
-    Rails.application.secret_key_base if defined?(Rails)
+module TinyAuth
+  class << self
+    # A secret that is used for hashing tokens.
+    #
+    # If `Rails` is defined, it will attempt to use
+    # `Rails.application.secret_key_base`.
+    #
+    # @raise [RuntimeError]
+    # @return [String]
+    def secret
+      @secret || secret_key_base || missing_secret!
+    end
+
+    # Configure the secret that is used for hashing tokens.
+    # @param secret [String]
+    def secret=(secret)
+      @secret = secret
+    end
+
+    # Create a hash from a value using the secret
+    # @param value [String]
+    # @return [String]
+    def hexdigest(value)
+      OpenSSL::HMAC.hexdigest("SHA256", secret, value)
+    end
+
+    private
+
+    def secret_key_base
+      Rails.application.secret_key_base if defined? Rails
+    end
+
+    def missing_secret!
+      raise "You need to configure TinyAuth.secret"
+    end
   end
 end

data/lib/tiny_auth/controller.rb

@@ -0,0 +1,58 @@
+require "active_support/core_ext/object/blank"
+
+module TinyAuth
+  module Controller
+    # Extract a token from a request
+    # @param request [ActionDispatch::HTTP::Request]
+    # @return [String,nil]
+    def self.token(request)
+      header = request.authorization.to_s
+      header[/^Bearer (.*)$/, 1].presence
+    end
+
+    # Defines a before action that will authenticate the resource.
+    # It also defines methods for accessing the currently authenticated
+    # resource.
+    # @param model [ActiveRecord::Base]
+    # @param name [Symbol] Used to define methods like `current_user`
+    # @param options [Hash] Additional arguments for `before_action`
+    #
+    # @example
+    #   class ApplicationController < ActionController::Base
+    #     extend TinyAuth::Controller
+    #
+    #     authenticates model: User, only: :index
+    #
+    #     def index
+    #       if user_signed_in?
+    #         render json: current_user
+    #       else
+    #         head :unauthorized
+    #       end
+    #     end
+    #   end
+    def authenticates(model:, name: model.model_name.singular, **options)
+      authenticate = :"authenticate_#{name}"
+      current = :"current_#{name}"
+      current_ivar = :"@current_#{name}"
+      signed_in = :"#{name}_signed_in?"
+
+      attr_reader current
+
+      define_method(signed_in) do
+        !send(current).nil?
+      end
+
+      define_method(authenticate) do
+        token = TinyAuth::Controller.token(request)
+
+        if token
+          resource = model.find_by_token(token)
+          instance_variable_set(current_ivar, resource)
+        end
+      end
+
+      before_action(authenticate, **options)
+    end
+  end
+end

data/lib/tiny_auth/model.rb

@@ -0,0 +1,75 @@
+require "active_record"
+require "globalid"
+require "active_support/core_ext/numeric/time"
+require "active_support/core_ext/securerandom"
+
+module TinyAuth
+  module Model
+    def self.included(base)
+      base.extend ClassMethods
+    end
+
+    module ClassMethods
+      # Find a resource by email, ignoring case
+      # @param email [String]
+      # @return [ActiveRecord::Base,nil]
+      def find_by_email(email)
+        find_by arel_table[:email].lower.eq(email.downcase)
+      end
+
+      # Find a resource by their email address and password
+      # This assumes that you've added `has_secure_password` to your model.
+      # @param email [String]
+      # @param password [String]
+      # @return [ActiveRecord::Base,nil]
+      def find_by_credentials(email, password)
+        resource = find_by_email(email)
+        resource if resource&.authenticate(password)
+      end
+
+      # Finds a resource by a token
+      # @param token [String]
+      # @return [ActiveRecord::Base,nil]
+      def find_by_token(token)
+        resource = GlobalID::Locator.locate_signed(token, for: :access)
+        resource if resource.kind_of?(self)
+      rescue ActiveRecord::RecordNotFound
+      end
+
+      # Finds a resource by their reset token and nillifies `reset_password_digest`
+      # and `reset_token_expires_at` fields
+      # @param token [String]
+      # @return [ActiveRecord::Base,nil]
+      def exchange_reset_token(token)
+        digest = TinyAuth.hexdigest(token)
+        not_expired = arel_table[:reset_token_expires_at].gt(Time.now)
+        resource = where(not_expired).find_by(reset_token_digest: digest)
+        resource&.reset_token_digest = nil
+        resource&.reset_token_expires_at = nil
+        resource
+      end
+    end
+
+    # Generates a stateless token for a resource
+    # @param expires_in [ActiveSupport::Duration] defaults to 24 hours
+    def generate_token(expires_in: 24.hours)
+      to_signed_global_id(expires_in: expires_in, for: :access).to_s
+    end
+
+    # Generates a reset token for a resource. A hashed version of the token
+    # is stored in the database
+    # @param expires_in [ActiveSupport::Duration] defaults to 2 hours
+    def generate_reset_token(expires_in: 2.hours)
+      token = SecureRandom.base58(24)
+      digest = TinyAuth.hexdigest(token)
+      expiry = expires_in.from_now
+
+      update_columns(
+        reset_token_digest: digest,
+        reset_token_expires_at: expiry
+      )
+
+      token
+    end
+  end
+end

data/lib/tiny_auth/version.rb

@@ -1,3 +1,3 @@
-class TinyAuth
-  VERSION = "0.2.0"
+module TinyAuth
+  VERSION = "1.0.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: tiny_auth
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 1.0.0
 platform: ruby
 authors:
 - Ray Zane
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-11-16 00:00:00.000000000 Z
+date: 2019-12-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activerecord
@@ -134,11 +134,12 @@ files:
 - ".travis.yml"
 - CODE_OF_CONDUCT.md
 - Gemfile
-- Gemfile.lock
 - LICENSE.txt
 - README.md
 - Rakefile
 - lib/tiny_auth.rb
+- lib/tiny_auth/controller.rb
+- lib/tiny_auth/model.rb
 - lib/tiny_auth/version.rb
 - tiny_auth.gemspec
 homepage: https://github.com/rzane/tiny_auth
@@ -163,7 +164,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.7.6
+rubygems_version: 2.6.14
 signing_key: 
 specification_version: 4
 summary: Bare-minimum authentication for APIs

data/Gemfile.lock

@@ -1,71 +0,0 @@
-PATH
-  remote: .
-  specs:
-    tiny_auth (0.1.2)
-      activerecord (~> 6.0)
-      activesupport (~> 6.0)
-      globalid (~> 0.4)
-
-GEM
-  remote: https://rubygems.org/
-  specs:
-    activemodel (6.0.1)
-      activesupport (= 6.0.1)
-    activerecord (6.0.1)
-      activemodel (= 6.0.1)
-      activesupport (= 6.0.1)
-    activesupport (6.0.1)
-      concurrent-ruby (~> 1.0, >= 1.0.2)
-      i18n (>= 0.7, < 2)
-      minitest (~> 5.1)
-      tzinfo (~> 1.1)
-      zeitwerk (~> 2.2)
-    bcrypt (3.1.13)
-    concurrent-ruby (1.1.5)
-    diff-lcs (1.3)
-    docile (1.3.2)
-    globalid (0.4.2)
-      activesupport (>= 4.2.0)
-    i18n (1.7.0)
-      concurrent-ruby (~> 1.0)
-    json (2.2.0)
-    minitest (5.13.0)
-    rake (10.5.0)
-    rspec (3.9.0)
-      rspec-core (~> 3.9.0)
-      rspec-expectations (~> 3.9.0)
-      rspec-mocks (~> 3.9.0)
-    rspec-core (3.9.0)
-      rspec-support (~> 3.9.0)
-    rspec-expectations (3.9.0)
-      diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.9.0)
-    rspec-mocks (3.9.0)
-      diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.9.0)
-    rspec-support (3.9.0)
-    simplecov (0.17.0)
-      docile (~> 1.1)
-      json (>= 1.8, < 3)
-      simplecov-html (~> 0.10.0)
-    simplecov-html (0.10.2)
-    sqlite3 (1.4.1)
-    thread_safe (0.3.6)
-    tzinfo (1.2.5)
-      thread_safe (~> 0.1)
-    zeitwerk (2.2.1)
-
-PLATFORMS
-  ruby
-
-DEPENDENCIES
-  bcrypt (~> 3.1)
-  bundler (~> 2.0)
-  rake (~> 10.0)
-  rspec (~> 3.0)
-  simplecov
-  sqlite3 (~> 1.4)
-  tiny_auth!
-
-BUNDLED WITH
-   2.0.2