trestle-auth 0.2.5 → 0.4.3

data/lib/generators/trestle/auth/install/templates/basic.rb.erb

@@ -0,0 +1,121 @@
+# == Authentication Options
+#
+# Specify the user class to be used by trestle-auth.
+#
+config.auth.user_class = -> { <%= model %> }
+
+# Specify the scope for valid admin users.
+# Defaults to config.auth.user_class (unscoped).
+#
+# config.auth.user_scope = -> { User.where(admin: true) }
+
+# Specify the Trestle admin for managing the current user (My Account).
+#
+config.auth.user_admin = -> { :"auth/account" }
+
+# Specify the parameter (along with a password) to be used to
+# authenticate an administrator. Defaults to :email.
+#
+# config.auth.authenticate_with = :login
+
+# Customize the method for authenticating a user given login parameters.
+# The block should return an instance of the auth user class, or nil.
+#
+# config.auth.authenticate = ->(params) {
+#   User.authenticate(params[:login], params[:password])
+# }
+
+# Customize the method for finding a user given an ID from the session.
+# The block should return an instance of the auth user class, or nil.
+#
+# config.auth.find_user = ->(id) {
+#   User.find_by(id: id)
+# }
+
+# Customize the rendering of user avatars. Can be disabled by setting to false.
+# Defaults to the Gravatar based on the user's email address.
+#
+# config.auth.avatar = ->(user) {
+#   avatar(fallback: user.initials) do
+#     image_tag(user.avatar_url, alt: user.name) if user.avatar_url?
+#   end
+# }
+
+# Customize the rendering of the current user's name in the main header.
+# Defaults to the user's #first_name and #last_name (last name in bold),
+# with a fallback to `display(user)` if those methods aren't defined.
+#
+# config.auth.format_user_name = ->(user) {
+#   content_tag(:strong, user.full_name)
+# }
+
+# Customize the method for determining the user's locale.
+# Defaults to user.locale (if the method is defined).
+#
+# config.auth.locale = ->(user) {
+#   user.locale if user.respond_to?(:locale)
+# }
+
+# Customize the method for determining the user's time zone.
+# Defaults to user.time_zone (if the method is defined).
+#
+# config.auth.time_zone = ->(user) {
+#   user.time_zone if user.respond_to?(:time_zone)
+# }
+
+# Specify the redirect location after a successful login.
+# Defaults to the main Trestle admin path.
+#
+# config.auth.redirect_on_login = -> {
+#   if admin = Trestle.lookup(Trestle.config.auth.user_admin)
+#     admin.instance_path(current_user)
+#   else
+#     Trestle.config.path
+#   end
+# }
+
+# Specify the redirect location after logging out.
+# Defaults to the trestle-auth new login path.
+#
+# config.auth.redirect_on_logout = -> { "/" }
+
+# Enable or disable the built-in login/logout form and actions. Defaults to true.
+# You may wish to disable these if you are using a custom backend and
+# handling authentication entirely within your main application.
+#
+# config.auth.enable_login = true
+# config.auth.enable_logout = true
+
+# Specify the logo used on the login form.
+# If not specified, will fall back to config.site_logo,
+# config.site_logo_small or config.site_title.
+#
+# config.auth.logo = "auth-logo.png"
+
+# Enable or disable remember me functionality. Defaults to true.
+#
+# config.auth.remember.enabled = false
+
+# Specify remember me expiration time. Defaults to 2 weeks.
+#
+# config.auth.remember.for = 30.days
+
+# Customize the method for authenticating a user given a remember token.
+#
+# config.auth.remember.authenticate = ->(token) {
+#   User.authenticate_with_remember_token(token)
+# }
+
+# Customize the method for remembering a user.
+#
+# config.auth.remember.remember_me = ->(user) { user.remember_me! }
+
+# Customize the method for forgetting a user.
+#
+# config.auth.remember.forget_me = ->(user) { user.forget_me! }
+
+# Customize the method for generating the remember cookie.
+#
+# config.auth.remember.cookie = ->(user) {
+#   { value: user.remember_token, expires: user.remember_token_expires_at }
+# }

data/lib/generators/trestle/auth/install/templates/devise.rb.erb

@@ -0,0 +1,92 @@
+# == Authentication Options
+#
+# Set the authentication backend to use Devise.
+#
+config.auth.backend = :devise
+
+# Specify the Devise/Warden mapping/scope.
+#
+config.auth.warden.scope = :<%= model.underscore.singularize %>
+
+# Specify the user class to be used by trestle-auth.
+#
+config.auth.user_class = -> { <%= model %> }
+
+# Specify the Trestle admin for managing the current user (My Account).
+#
+config.auth.user_admin = -> { :"auth/account" }
+
+# Specify the parameter (along with a password) to be used to
+# authenticate an administrator. Defaults to :email if not specified below.
+#
+config.auth.authenticate_with = -> { Devise.authentication_keys.first }
+
+# Customize the rendering of user avatars. Can be disabled by setting to false.
+# Defaults to the Gravatar based on the user's email address.
+#
+# config.auth.avatar = ->(user) {
+#   avatar(fallback: user.initials) do
+#     image_tag(user.avatar_url, alt: user.name) if user.avatar_url?
+#   end
+# }
+
+# Customize the rendering of the current user's name in the main header.
+# Defaults to the user's #first_name and #last_name (last name in bold),
+# with a fallback to `display(user)` if those methods aren't defined.
+#
+# config.auth.format_user_name = ->(user) {
+#   content_tag(:strong, user.full_name)
+# }
+
+# Customize the method for determining the user's locale.
+# Defaults to user.locale (if the method is defined).
+#
+# config.auth.locale = ->(user) {
+#   user.locale if user.respond_to?(:locale)
+# }
+
+# Customize the method for determining the user's time zone.
+# Defaults to user.time_zone (if the method is defined).
+#
+# config.auth.time_zone = ->(user) {
+#   user.time_zone if user.respond_to?(:time_zone)
+# }
+
+# Specify the redirect location after a successful login.
+# Defaults to the main Trestle admin path.
+#
+# config.auth.redirect_on_login = -> {
+#   if admin = Trestle.lookup(Trestle.config.auth.user_admin)
+#     admin.instance_path(current_user)
+#   else
+#     Trestle.config.path
+#   end
+# }
+
+# Specify the redirect location after logging out.
+# Defaults to the trestle-auth new login path.
+#
+# config.auth.redirect_on_logout = -> { "/" }
+
+# Enable or disable the built-in login/logout form and actions. Defaults to true.
+# You may wish to disable these if you are using a custom backend and
+# handling authentication entirely within your main application.
+#
+# config.auth.enable_login = true
+# config.auth.enable_logout = true
+
+# Specify the path to redirect to when login is required.
+# Defaults to the trestle-auth login page. You may wish to change
+# this if you have also disabled the login form/action above.
+#
+# config.auth.login_url = -> { "/users/sign_in" }
+
+# Specify the logo used on the login form.
+# If not specified, will fall back to config.site_logo,
+# config.site_logo_small or config.site_title.
+#
+# config.auth.logo = "auth-logo.png"
+
+# Enable or disable remember me functionality. Defaults to true.
+#
+# config.auth.remember.enabled = false

data/lib/trestle/auth.rb

@@ -1,19 +1,25 @@
-require "trestle/auth/version"
+require_relative "auth/version"
 
 require "trestle"
 
 module Trestle
   module Auth
-    extend ActiveSupport::Autoload
+    require_relative "auth/backends"
+    require_relative "auth/configuration"
+    require_relative "auth/constraint"
+    require_relative "auth/model_methods"
+    require_relative "auth/null_user"
 
-    autoload :Configuration
-    autoload :Constraint
-    autoload :ControllerMethods
-    autoload :ModelMethods
-    autoload :NullUser
+    module Controller
+      require_relative "auth/controller/authentication"
+      require_relative "auth/controller/locale"
+      require_relative "auth/controller/time_zone"
+    end
+
+    require_relative "auth/controller_methods"
   end
 
   Configuration.option :auth, Auth::Configuration.new
 end
 
-require "trestle/auth/engine" if defined?(Rails)
+require_relative "auth/engine" if defined?(Rails)

data/lib/trestle/auth/backends.rb

@@ -0,0 +1,34 @@
+module Trestle
+  module Auth
+    module Backends
+      extend ActiveSupport::Autoload
+
+      require_relative "backends/base"
+
+      autoload :Basic
+      autoload :Devise
+      autoload :Warden
+
+      def self.lookup(backend)
+        case backend
+        when Class
+          backend
+        else
+          registry.fetch(backend) { raise ArgumentError, "Invalid authentication backend: #{backend.inspect}" }
+        end
+      end
+
+      def self.registry
+        @registry ||= {}
+      end
+
+      def self.register(name, klass)
+        registry[name] = klass
+      end
+
+      register(:basic, Basic)
+      register(:devise, Devise)
+      register(:warden, Warden)
+    end
+  end
+end

data/lib/trestle/auth/backends/base.rb

@@ -0,0 +1,28 @@
+module Trestle
+  module Auth
+    module Backends
+      class Base
+        attr_reader :controller, :request, :session, :cookies
+
+        def initialize(controller:, request:, session:, cookies:)
+          @controller, @request, @session, @cookies = controller, request, session, cookies
+        end
+
+        # Default params scope to use for the login form.
+        def scope
+          :user
+        end
+
+        # Stores the previous return location in the session to return to after logging in.
+        def store_location(url)
+          session[:trestle_return_to] = url
+        end
+
+        # Returns (and deletes) the previously stored return location from the session.
+        def previous_location
+          session.delete(:trestle_return_to)
+        end
+      end
+    end
+  end
+end

data/lib/trestle/auth/backends/basic.rb

@@ -0,0 +1,72 @@
+module Trestle
+  module Auth
+    module Backends
+      class Basic < Base
+        # Returns the current logged in user (after #authentication).
+        attr_reader :user
+
+        # Authenticates a user from a login form request.
+        def authenticate!
+          params = login_params
+
+          if user = Trestle.config.auth.authenticate(params)
+            login!(user)
+            remember_me! if Trestle.config.auth.remember.enabled && params[:remember_me]
+            user
+          end
+        end
+
+        # Authenticates a user from the session or cookie. Called on each request via a before_action.
+        def authenticate
+          @user = find_authenticated_user || find_remembered_user
+        end
+
+        # Checks if there is a logged in user.
+        def logged_in?
+          !!user
+        end
+
+        # Stores the given user in the session as logged in.
+        def login!(user)
+          session[:trestle_user] = user.id
+          @user = user
+        end
+
+        # Logs out the current user.
+        def logout!
+          if logged_in? && Trestle.config.auth.remember.enabled
+            Trestle.config.auth.remember.forget_me(user)
+            cookies.delete(:trestle_remember_token)
+          end
+
+          session.delete(:trestle_user)
+          @user = nil
+        end
+
+      protected
+        def remember_me!
+          Trestle.config.auth.remember.remember_me(user)
+          cookies.signed[:trestle_remember_token] = Trestle.config.auth.remember.cookie(user)
+        end
+
+        def find_authenticated_user
+          Trestle.config.auth.find_user(session[:trestle_user]) if session[:trestle_user]
+        end
+
+        def find_remembered_user
+          return unless Trestle.config.auth.remember.enabled
+
+          if token = cookies.signed[:trestle_remember_token]
+            user = Trestle.config.auth.remember.authenticate(token)
+            login!(user) if user
+            user
+          end
+        end
+
+        def login_params
+          controller.params.require(:user).permit!
+        end
+      end
+    end
+  end
+end

data/lib/trestle/auth/backends/devise.rb

@@ -0,0 +1,14 @@
+module Trestle
+  module Auth
+    module Backends
+      class Devise < Warden
+        # Authenticates a user from a login form request.
+        # Devise requires that params authentication is explicitly enabled.
+        def authenticate!
+          request.env["devise.allow_params_authentication"] = true
+          super
+        end
+      end
+    end
+  end
+end

data/lib/trestle/auth/backends/warden.rb

@@ -0,0 +1,53 @@
+module Trestle
+  module Auth
+    module Backends
+      class Warden < Base
+        # Authenticates a user from a login form request.
+        def authenticate!
+          authenticate
+        end
+
+        # Authenticates the user using Warden.
+        def authenticate
+          warden.authenticate(scope: scope)
+        end
+
+        # Checks if there is a logged in user.
+        def logged_in?
+          warden.authenticated?(scope)
+        end
+
+        # Returns the current logged in user.
+        def user
+          warden.user(scope)
+        end
+
+        # Stores the given user as logged in.
+        def login!(user)
+          warden.set_user(user, scope: scope)
+        end
+
+        # Logs out the current user.
+        def logout!
+          if scope
+            warden.logout(scope)
+            warden.clear_strategies_cache!(scope: scope)
+          else
+            warden.logout
+            warden.clear_strategies_cache!
+          end
+        end
+
+        # Set the login params scope from configuration, which is also used as the Warden scope.
+        def scope
+          Trestle.config.auth.warden.scope
+        end
+
+      protected
+        def warden
+          request.env['warden']
+        end
+      end
+    end
+  end
+end