RubyGems - tinytokenauth-rails - Versions diffs - 0.1.11 → 0.90.0 - Mend

tinytokenauth-rails 0.1.11 → 0.90.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

checksums.yaml +4 -4
data/Gemfile.lock +1 -1
data/README.md +73 -3
data/lib/tinytokenauth/authorizable.rb +8 -4
data/lib/tinytokenauth/version.rb +1 -1
metadata +6 -6
data/app/helpers/tinytokenauth-rails/current_user_helper.rb +0 -7

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f6baf29c41c8a1e86f24609a31cf2331a1cbed8a9206c9f65acf3bf39e140d19
-  data.tar.gz: 8f886cd34190b7177e8264b87f99bb08c208e689d61489abae911e004cbee358
+  metadata.gz: eb8e1dd95f2f3b5a573ea6cdf6a4a5e628b3ef6d7066f33433e72389dda9f9a2
+  data.tar.gz: bb891e4c277d766c82a1bac13153e58dfc6f54e4a48165d24eca0aede90508b1
 SHA512:
-  metadata.gz: b6878943a558518f36e2939ec891e03019d3b7646ca360729ac9a324c4b58e1aff1408f26a2cc425272bbf10327c0bc9f2e2e7bb2b1f28400ab56c4557754ff2
-  data.tar.gz: 254048055fb0c78ec3dc5343dfe3297cf9df3c87df2a6c62a8dea8af23b8c6277c2dcf3e100ee8867516b1ebb65cf37016654e9eb0f2b2b0dca381310d2c7cda
+  metadata.gz: b35c4590d997dada90621046be56aa91218fe6c3b5c27a35f81466df4d7d92729210896e56974c88978b410d14df626a9a840f4763907ccf0a501cfa5e17c5de
+  data.tar.gz: c73602893d2f2eb083cc8ac1d88607d2a25b4dde89930b084601b3f13a91da86d0fee95b3d48e4b148b9b446727e1ece69b38e3aba00a333cd8cb9409cf04550

data/Gemfile.lock CHANGED Viewed

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    tinytokenauth-rails (0.1.11)
+    tinytokenauth-rails (0.90.0)
       jwt (~> 2.7)
       rails (>= 6.0)

data/README.md CHANGED Viewed

@@ -1,8 +1,11 @@
 # Tinytokenauth::Rails
-Welcome to your new gem! In this directory, you'll find the files you need to be able to package up your Ruby library into a gem. Put your Ruby code in the file `lib/tinytokenauth/rails`. To experiment with that code, run `bin/console` for an interactive prompt.
+This gem wants to help you with user authentication without bloating up beyond what
+is required. It uses a JWT (JSON Web Token) in a cookie to store session state in the browser.
-TODO: Delete this and the text above, and describe your gem
+Since the JWT is signed with a secret, and this signature is verified server-side, the user can't
+tamper with its contents. Its content is not encrypted, so frontend libraries can use this information
+if they need to distinguish between 'signed in' vs 'signed out' state.
 ## Installation
@@ -16,7 +19,74 @@ If bundler is not being used to manage dependencies, install the gem by executin
 ## Usage
-TODO: Write usage instructions here
+Include the module `Tinytokenauth::Authorizable` wherever you need to sign a user in/out or want to know if a user is signed in or not.
+One option is to do this in `ApplicationController`, so the useful methods from this gem are available everywhere
+```ruby
+# app/controller/application_controller.rb
+class ApplicationController < ActionController::Base
+  include Tinytokenauth::Authorizable
+  before_action :set_current_user
+end
+```
+You will then have the user set in the variable `@current_user` or this will be nil if no user is signed in.
+If a signed in user is required for some action, you can use the following pattern, the content of the block after
+`require_current_user` is an example and depends on your project
+```ruby
+class PostsController < ApplicationController
+  before_action ->{ require_current_user do
+    # new_session_path is a route you need to setup same for the controller
+    redirect_to new_session_path(forward_to: request.path), notice: "Please sign in again"
+  end }, only: [:new, :create]
+  # ...
+end
+```
+User authentication need to be managed by yourself, afterwards you can leverage the helper method to sign the user in with the token
+Below is an example how you can handle this yourself
+```ruby
+class SessionsController < ApplicationController
+  def new
+  end
+  def create
+    user = User.find_by_email(params[:email]) # This depends on your use case
+    if user&.authenticate(params[:password]) # This depends on your use case, this method comes from 'has_secure_password' in the model
+      sign_in_with_token user # THIS IS FROM Tinytokenauth
+      redirect_to params[:forward_to] || root_path, notice: 'Signed in!'
+    else
+      flash[:alert] = 'NOT signed in!'
+      render 'new', status: :unauthorized
+    end
+  end
+  def destroy
+    sign_out_with_token # THIS IS FROM Tinytokenauth
+    redirect_to params[:forward_to] || root_path, notice: 'Signed out!'
+  end
+end
+```
+If you want to configure the gem, please create a custom initializer like the one below. The values show below are the defaults
+```ruby
+# config/initializers/tinytokenauth.rb
+require 'tinytokenauth'
+Tinytokenauth.configure do |config|
+  config.user_class = 'User' #  what is your modal that needs to be checked for a signed in user?
+  config.token_validity_hours = 24 # how long should a token be valid?
+  config.token_secret = Rails.application.credentials.secret_key_base # with which secret is the JWT signed?
+  config.token_auto_renew_hours = 4 # if the token expires in less than X hours, renew it automatically
+  config.cookie_name = 'ttauth' # what should be the name of the cookie that stores the auth information
+end
+```
 ## Development

data/lib/tinytokenauth/authorizable.rb CHANGED Viewed

@@ -32,11 +32,11 @@ module Tinytokenauth
       token = cookies[Tinytokenauth.configuration.cookie_name]
       begin
         @decoded = JsonWebToken.decode(Tinytokenauth.configuration.token_secret, token)
-        @current_user = Tinytokenauth.configuration.user_class.constantize.send 'find', @decoded[:user_id]
+        @current_user = Tinytokenauth.configuration.user_class.constantize.send 'find', @decoded[:tinytokenauth_id]
         @exp = @decoded[:exp]
         if Tinytokenauth.configuration.token_auto_renew_hours &&
           @exp < Tinytokenauth.configuration.token_auto_renew_hours.hours.from_now.to_i
-          sign_in @current_user
+          sign_in_with_token @current_user
         end
       rescue ActiveRecord::RecordNotFound, JWT::DecodeError => e
         if block_given? && current_user.nil?
@@ -58,14 +58,18 @@ module Tinytokenauth
       @current_user
     end
-    def sign_in(user)
+    def sign_in_with_token(user)
       @current_user = user
       jwt = JsonWebToken.encode(Tinytokenauth.configuration.token_validity_hours.hours.from_now,
                                 Tinytokenauth.configuration.token_secret,
-                                user_id: user.id,)
+                                tinytokenauth_id: user.id,)
       cookies[Tinytokenauth.configuration.cookie_name] = jwt
     end
+    def sign_out_with_token
+      cookies[Tinytokenauth.configuration.cookie_name] = nil
+    end
     def current_user
       @current_user
     end

data/lib/tinytokenauth/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module Tinytokenauth
-  VERSION = "0.1.11"
+  VERSION = "0.90.0"
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: tinytokenauth-rails
 version: !ruby/object:Gem::Version
-  version: 0.1.11
+  version: 0.90.0
 platform: ruby
 authors:
 - Kim Laplume
@@ -38,9 +38,11 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '2.7'
-description: Soon
+description: |-
+  This gem wants to help you with user authentication without bloating up beyond what
+  is required. It uses a JWT (JSON Web Token) in a cookie to store session state in the browser.
 email:
-- kim.laplume@protonmail.com
+- klap@hey.com
 executables: []
 extensions: []
 extra_rdoc_files: []
@@ -53,7 +55,6 @@ files:
 - LICENSE.txt
 - README.md
 - Rakefile
-- app/helpers/tinytokenauth-rails/current_user_helper.rb
 - lib/tinytokenauth.rb
 - lib/tinytokenauth/authorizable.rb
 - lib/tinytokenauth/configuration.rb
@@ -66,7 +67,6 @@ homepage: https://github.com/1klap/tinytokenauth-rails
 licenses:
 - MIT
 metadata:
-  allowed_push_host: https://rubygems.org
   homepage_uri: https://github.com/1klap/tinytokenauth-rails
   source_code_uri: https://github.com/1klap/tinytokenauth-rails
   changelog_uri: https://github.com/1klap/tinytokenauth-rails/blob/main/CHANGELOG.md
@@ -88,5 +88,5 @@ requirements: []
 rubygems_version: 3.4.1
 signing_key:
 specification_version: 4
-summary: Soon
+summary: Minimalistic JWT-based authentication that gets out of your way
 test_files: []

data/app/helpers/tinytokenauth-rails/current_user_helper.rb DELETED Viewed

@@ -1,7 +0,0 @@
-module Tinytokenauth
-  module CurrentUserHelper
-    def foo(options = {}, &block)
-      # render SimpleCalendar::Calendar.new(self, options), &block
-    end
-  end
-end