yellin 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 69ebc2ac5998feed166538df0c55de6a2e4bece7
+  data.tar.gz: 6ca97b96038a8039843d2c9151704bd7dc0ff29a
+SHA512:
+  metadata.gz: 371978b77a2a02cf8fc7290267b7d8faf7c68b8af8b0df61261de3f35297bf07d0f49198dfeeb6d0b70d6590322d4255682da1c36ac8ca0c2344df97d2e6b5d4
+  data.tar.gz: 6b12e489f519fe28545128f4d2d13ae6335babce08724b315c22e6f58afad07c5886a8796b5deb0b0fd9dddefe0b052baeb17db663571c6ba3f3043e9573d59d

data/LICENSE

@@ -0,0 +1,57 @@
+This Engine is based on, and re-uses code from Michael Hartl's Ruby on Rails
+Tutorial. The original code is licensed under the MIT and Beerware licenses
+(see below). New modifications are similarly licensed under the MIT license:
+
+=============================================================================
+The MIT License
+
+Copyright (c) 2017 Luke Hogan
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
+
+
+Original licenses:
+=============================================================================
+Copyright 2016 Michael Hartl
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+=============================================================================
+THE BEERWARE LICENSE (Revision 42)
+
+Michael Hartl wrote this code. As long as you retain this notice you can do
+whatever you want with this stuff. If we meet some day, and you think this
+stuff is worth it, you can buy me a beer in return.

data/README.md

@@ -0,0 +1,96 @@
+# Yellin
+Sometimes you need secure authentication for your Rails app, but a huge library like Devise is overkill, and implementing your own using `has_secure_password` involves a bunch of typing (especially the tests). This is what Yellin is for -- it's a small Rails engine that implements a simple but secure authorization mechanism using `has_secure_password`.
+
+### Features
+* User registration
+* Account activation
+* Session authentication
+* Password reset
+
+### Password Resets
+Matasano (now part of NCC Group) considers automated password reset one of their 7 Deadly Web App Features. The implementation here takes into careful consideration the advice in [this discussion](https://news.ycombinator.com/item?id=5033513).
+
+### Credit where credit is due
+This gem is heavily based on the authentication system developed in Michael Hartl's [Ruby on Rails Tutorial](http://railstutorial.org). Basically, I've always liked most of that code, but I got tired of re-implementing my own modified version whenever I didn't want to use Devise. So I did the obvious thing and enginified it.
+
+## Usage
+Yellin provides a generator that takes care of all configuration you need to use it. Run the generator with the name of the user model class you want to use. If the model already exists, it will be updated. Otherwise, it will be created from scratch.
+
+```bash
+$ rails generate yellin User
+```
+
+If you decide Yellin is lame and need to remove it, you can use the normal `destroy` command:
+
+```bash
+$ rails destroy yellin User
+```
+
+### Configuration options
+The generator installs a generator to `config/initializers/yellin.rb`. It looks like this:
+
+```ruby
+Yellin.app_name = Default App Name
+Yellin.default_from_address = 'noreply@example.com'
+Yellin.minimum_password_length = 12
+Yellin.reset_timeout_hours = 2
+Yellin.user_class = "User"
+```
+
+The last line (`Yellin.user_class`) is absolutely necessary and will be set correctly based on the model to which you point the generator. *The quotes are essential.*
+
+`Yellin.app_name` is used to identify your app in the emails sent to users when they sign up or reset their passwords. Set it accordingly. `Yellin.default_from_address` is the email address from which these emails will be sent.
+
+In order to send emails, you must have ActionMailer configured correctly. For example, in development:
+
+```ruby
+# config/environments/development.rb
+Rails.application.configure do
+  ...
+  config.action_mailer.raise_delivery_errors = true
+  config.action_mailer.delivery_method = :test
+  host = 'localhost:3000'
+  config.action_mailer.default_url_options = { host: host, protocol: 'http' }
+  ...
+end
+```
+
+You also must have a root route defined in `routes.rb`, or Yellin will break in several places (probably along with lots of other things).
+
+### Views and Forms
+You'll likely want to modify the views and forms used by Yellin -- probably at least the user signup form. To encourage you to modify these views, Yellin provides a rake task to copy the default files into your workspace:
+
+```bash
+$ rails yellin:install:views
+```
+
+You'll find the files copied under `app/views/yellin`. Modify them in place -- if you move them, expect Yellin to misbehave.
+
+If you change your mind, you can remove the view files like so:
+
+```bash
+$ rails yellin:uninstall:views
+```
+
+## Installation
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'yellin'
+```
+
+And then execute:
+```bash
+$ bundle install
+```
+
+Or install it yourself as:
+```bash
+$ gem install yellin
+```
+
+## Contributing
+Bugfixes, enhancements, spelling corrections are all welcome. Use the pull request button :)
+
+## License
+The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).

data/Rakefile

@@ -0,0 +1,37 @@
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+
+require 'rdoc/task'
+
+RDoc::Task.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'Yellin'
+  rdoc.options << '--line-numbers'
+  rdoc.rdoc_files.include('README.md')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+APP_RAKEFILE = File.expand_path("../test/dummy/Rakefile", __FILE__)
+load 'rails/tasks/engine.rake'
+
+
+load 'rails/tasks/statistics.rake'
+
+
+
+require 'bundler/gem_tasks'
+
+require 'rake/testtask'
+
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'lib'
+  t.libs << 'test'
+  t.pattern = 'test/**/*_test.rb'
+  t.verbose = false
+end
+
+
+task default: :test

data/app/assets/config/yellin_manifest.js

@@ -0,0 +1,2 @@
+//= link_directory ../javascripts/yellin .js
+//= link_directory ../stylesheets/yellin .css

data/app/assets/javascripts/yellin/account_activations.js

@@ -0,0 +1,2 @@
+// Place all the behaviors and hooks related to the matching controller here.
+// All this logic will automatically be available in application.js.

data/app/assets/javascripts/yellin/application.js

@@ -0,0 +1,13 @@
+// This is a manifest file that'll be compiled into application.js, which will include all the files
+// listed below.
+//
+// Any JavaScript/Coffee file within this directory, lib/assets/javascripts, vendor/assets/javascripts,
+// or any plugin's vendor/assets/javascripts directory can be referenced here using a relative path.
+//
+// It's not advisable to add code directly here, but if you do, it'll appear at the bottom of the
+// compiled file. JavaScript code in this file should be added after the last require_* statement.
+//
+// Read Sprockets README (https://github.com/rails/sprockets#sprockets-directives) for details
+// about supported directives.
+//
+//= require_tree .

data/app/assets/javascripts/yellin/password_resets.js

@@ -0,0 +1,2 @@
+// Place all the behaviors and hooks related to the matching controller here.
+// All this logic will automatically be available in application.js.

data/app/assets/javascripts/yellin/registrations.js

@@ -0,0 +1,2 @@
+// Place all the behaviors and hooks related to the matching controller here.
+// All this logic will automatically be available in application.js.

data/app/assets/javascripts/yellin/sessions.js

@@ -0,0 +1,2 @@
+// Place all the behaviors and hooks related to the matching controller here.
+// All this logic will automatically be available in application.js.

data/app/assets/stylesheets/yellin/account_activations.css

@@ -0,0 +1,4 @@
+/*
+  Place all the styles related to the matching controller here.
+  They will automatically be included in application.css.
+*/

data/app/assets/stylesheets/yellin/application.css

@@ -0,0 +1,15 @@
+/*
+ * This is a manifest file that'll be compiled into application.css, which will include all the files
+ * listed below.
+ *
+ * Any CSS and SCSS file within this directory, lib/assets/stylesheets, vendor/assets/stylesheets,
+ * or any plugin's vendor/assets/stylesheets directory can be referenced here using a relative path.
+ *
+ * You're free to add application-wide styles to this file and they'll appear at the bottom of the
+ * compiled file so the styles you add here take precedence over styles defined in any other CSS/SCSS
+ * files in this directory. Styles in this file should be added after the last require_* statement.
+ * It is generally better to create a new file per style scope.
+ *
+ *= require_tree .
+ *= require_self
+ */

data/app/assets/stylesheets/yellin/password_resets.css

@@ -0,0 +1,4 @@
+/*
+  Place all the styles related to the matching controller here.
+  They will automatically be included in application.css.
+*/

data/app/assets/stylesheets/yellin/registrations.css

@@ -0,0 +1,4 @@
+/*
+  Place all the styles related to the matching controller here.
+  They will automatically be included in application.css.
+*/

data/app/assets/stylesheets/yellin/sessions.css

@@ -0,0 +1,4 @@
+/*
+  Place all the styles related to the matching controller here.
+  They will automatically be included in application.css.
+*/

data/app/controllers/yellin/account_activations_controller.rb

@@ -0,0 +1,24 @@
+require_dependency "yellin/application_controller"
+
+module Yellin
+  class AccountActivationsController < ApplicationController
+
+    def edit
+      @user = Yellin.user_class.find_by(email: params[:email])
+      if @user && !@user.activated? && @user.authenticated?(:activation, params[:id])
+        @user.activate
+        log_in @user
+        flash[:success] = Yellin.flash[:activation_success]
+        begin
+          redirect_to @user
+        rescue NoMethodError
+          redirect_to main_app.root_url
+        end
+      else
+        flash[:danger] = Yellin.flash[:activation_invalid]
+        redirect_to main_app.root_url
+      end
+    end
+
+  end
+end

data/app/controllers/yellin/application_controller.rb

@@ -0,0 +1,7 @@
+module Yellin
+  class ApplicationController < ActionController::Base
+    protect_from_forgery with: :exception
+
+    include Yellin::SessionsHelper
+  end
+end

data/app/controllers/yellin/password_resets_controller.rb

@@ -0,0 +1,63 @@
+require_dependency "yellin/application_controller"
+
+module Yellin
+  class PasswordResetsController < ApplicationController
+    before_action :get_user, only: [:edit, :update]
+    before_action :valid_user, only: [:edit, :update]
+    before_action :check_expiration, only: [:edit, :update]
+
+    def new
+    end
+
+    def create
+      @user = Yellin.user_class.find_by(email: params[:password_reset][:email].downcase)
+      if @user
+        @user.create_reset_digest
+        @user.send_password_reset_email
+        flash[:info] = Yellin.flash[:reset_sent]
+        redirect_to main_app.root_url
+      else
+        flash.now[:danger] = Yellin.flash[:reset_invalid]
+        render 'new'
+      end
+    end
+
+    def edit
+    end
+
+    def update
+      if params[:user][:password].empty?
+        @user.errors.add(:password, "can't be empty")
+        render 'edit'
+      elsif @user.reset_password(user_params)
+        flash[:success] = Yellin.flash[:reset_success]
+        redirect_to login_path
+      else
+        render 'edit'
+      end
+    end
+
+    private
+
+    def user_params
+      params.require(:user).permit(:password, :password_confirmation)
+    end
+
+    def get_user
+      @user = Yellin.user_class.find_by(email: params[:email])
+    end
+
+    def valid_user
+      unless (@user && @user.activated? && @user.authenticated?(:reset, params[:id]))
+        redirect_to main_app.root_url
+      end
+    end
+
+    def check_expiration
+      if @user.password_reset_expired?
+        flash[:danger] = Yellin.flash[:reset_expired]
+        redirect_to new_password_reset_url
+      end
+    end
+  end
+end

data/app/controllers/yellin/registrations_controller.rb

@@ -0,0 +1,27 @@
+require_dependency "yellin/application_controller"
+
+module Yellin
+  class RegistrationsController < ApplicationController
+
+    def create
+      @user = Yellin.user_class.new(signup_params)
+      if @user.save
+        @user.send_activation_email
+        flash[:info] = Yellin.flash[:activation_pending]
+        redirect_to main_app.root_url
+      else
+        render 'new'
+      end
+    end
+
+    def new
+      @user = Yellin.user_class.new
+    end
+
+    private
+    def signup_params
+      user_key = Yellin.user_class.model_name.param_key
+      params.require(user_key).permit(:email, :password, :password_confirmation)
+    end
+  end
+end

data/app/controllers/yellin/sessions_controller.rb

@@ -0,0 +1,36 @@
+require_dependency "yellin/application_controller"
+
+module Yellin
+  class SessionsController < ApplicationController
+
+    def create
+      @user = Yellin.user_class.find_by(email: params[:session][:email].downcase)
+      if @user && @user.authenticate(params[:session][:password])
+        if @user.activated?
+          log_in(@user)
+          params[:session][:remember_me] == '1' ? remember(@user) : forget(@user)
+          begin
+            redirect_back_or @user
+          rescue NoMethodError
+            redirect_to main_app.root_url
+          end
+        else
+          flash[:warning] = Yellin.flash[:account_inactive]
+          redirect_to main_app.root_url
+        end
+      else
+        flash.now[:danger] = Yellin.flash[:bad_credentials]
+        render 'new'
+      end
+    end
+
+    def destroy
+      log_out if logged_in?
+      redirect_to main_app.root_url
+    end
+
+    def new
+    end
+
+  end
+end

data/app/helpers/yellin/account_activations_helper.rb

@@ -0,0 +1,4 @@
+module Yellin
+  module AccountActivationsHelper
+  end
+end

data/app/helpers/yellin/application_helper.rb

@@ -0,0 +1,4 @@
+module Yellin
+  module ApplicationHelper
+  end
+end

data/app/helpers/yellin/password_resets_helper.rb

@@ -0,0 +1,4 @@
+module Yellin
+  module PasswordResetsHelper
+  end
+end

data/app/helpers/yellin/registrations_helper.rb

@@ -0,0 +1,4 @@
+module Yellin
+  module RegistrationsHelper
+  end
+end

data/app/helpers/yellin/sessions_helper.rb

@@ -0,0 +1,64 @@
+module Yellin
+  module SessionsHelper
+
+    def current_user
+      if (user_id = session[:user_id])
+        @current_user ||= Yellin.user_class.find_by(id: user_id)
+      elsif (user_id = cookies.signed[:user_id])
+        user = Yellin.user_class.find_by(id: user_id)
+        if user && user.authenticated?(:remember, cookies[:remember_token])
+          log_in user
+          @current_user = user
+        end
+      end
+    end
+
+    def current_user?(user)
+      user == current_user
+    end
+
+    def log_in(user)
+      session[:user_id] = user.id
+    end
+
+    def log_out
+      forget(current_user)
+      session.delete(:user_id)
+      @current_user = nil
+    end
+
+    def logged_in?
+      !current_user.nil?
+    end
+
+    def remember(user)
+      user.remember
+      cookies.permanent.signed[:user_id] = user.id
+      cookies.permanent[:remember_token] = user.remember_token
+    end
+
+    def forget(user)
+      user.forget
+      cookies.delete(:user_id)
+      cookies.delete(:remember_token)
+    end
+
+    def store_location
+      session[:forwarding_url] = request.original_url if request.get?
+    end
+
+    def redirect_back_or(default)
+      redirect_to(session[:forwarding_url] || default)
+      session.delete(:forwarding_url)
+    end
+
+    def logged_in_user
+      unless logged_in?
+        store_location
+        flash[:danger] = "Please sign in."
+        redirect_to login_url
+      end
+    end
+
+ end
+end

data/app/jobs/yellin/application_job.rb

@@ -0,0 +1,4 @@
+module Yellin
+  class ApplicationJob < ActiveJob::Base
+  end
+end

data/app/mailers/yellin/application_mailer.rb

@@ -0,0 +1,6 @@
+module Yellin
+  class ApplicationMailer < ActionMailer::Base
+    default from: Yellin.default_from_address
+    layout 'mailer'
+  end
+end

data/app/mailers/yellin/user_mailer.rb

@@ -0,0 +1,23 @@
+module Yellin
+  class UserMailer < ApplicationMailer
+    # Subject can be set in your I18n file at config/locales/en.yml
+    # with the following lookup:
+    #
+    #   en.user_mailer.account_activation.subject
+    #
+    def account_activation(user)
+      @user = user
+      mail to: user.email, subject: 'Account activation'
+    end
+
+    # Subject can be set in your I18n file at config/locales/en.yml
+    # with the following lookup:
+    #
+    #   en.user_mailer.password_reset.subject
+    #
+    def password_reset(user)
+      @user = user
+      mail to: user.email, subject: 'Password reset'
+    end
+  end
+end

data/app/models/yellin/application_record.rb

@@ -0,0 +1,5 @@
+module Yellin
+  class ApplicationRecord < ActiveRecord::Base
+    self.abstract_class = true
+  end
+end

data/app/views/layouts/yellin/mailer.html.erb

@@ -0,0 +1,13 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+    <style>
+      /* Email styles need to be inline */
+    </style>
+  </head>
+
+  <body>
+    <%= yield %>
+  </body>
+</html>

data/app/views/layouts/yellin/mailer.text.erb

@@ -0,0 +1 @@
+<%= yield %>

data/app/views/yellin/password_resets/edit.html.erb

@@ -0,0 +1,14 @@
+<% provide(:title, "Reset password") %>
+<h1>Reset password</h1>
+
+<%= form_for(@user, url: password_reset_path(params[:id])) do |f| %>
+  <%= render 'yellin/shared/error_messages', object: f.object %>
+  <%= hidden_field_tag :email, @user.email %>
+  <%= f.label :password %>
+  <%= f.password_field :password, class: 'form-control' %>
+
+  <%= f.label :password_confirmation, "Confirmation" %>
+  <%= f.password_field :password_confirmation, class: 'form-control' %>
+
+  <%= f.submit "Update password", class: "btn btn-primary" %>
+<% end %>

data/app/views/yellin/password_resets/new.html.erb

@@ -0,0 +1,9 @@
+<% provide(:title, "Forgot password") %>
+
+<h1>Forgot password</h1>
+<%= form_for(:password_reset, url: password_resets_path) do |f| %>
+  <%= f.label :email %>
+  <%= f.email_field :email, class: 'form-control' %>
+
+  <%= f.submit "Submit", class: "btn btn-primary" %>
+<% end %>

data/app/views/yellin/registrations/_form.html.erb

@@ -0,0 +1,14 @@
+<%= form_for(@user, url: yield(:form_action)) do |f| %>
+  <%= render 'yellin/shared/error_messages', object: f.object %>
+
+  <%= f.label :email %>
+  <%= f.email_field :email %>
+
+  <%= f.label :password %>
+  <%= f.password_field :password %>
+
+  <%= f.label :password_confirmation, "Confirm password" %>
+  <%= f.password_field :password_confirmation %>
+
+  <%= f.submit yield(:button_text), class: "btn btn-primary" %>
+<% end %>

data/app/views/yellin/registrations/new.html.erb

@@ -0,0 +1,5 @@
+<% provide(:title, 'Sign up') %>
+<% provide(:form_action, signup_path) %>
+<% provide(:button_text, "Create my account") %>
+<h1>Sign up</h1>
+<%= render 'form' %>

data/app/views/yellin/sessions/new.html.erb

@@ -0,0 +1,18 @@
+<% provide(:title, "Sign in") %>
+<h1>Sign in</h1>
+<%= form_for(:session, url: login_path) do |f| %>
+  <%= f.label :email %>
+  <%= f.email_field :email %>
+
+  <%= f.label :password %>
+  <%= link_to "(forgot password)", new_password_reset_path %>
+  <%= f.password_field :password %>
+
+  <%= f.label :remember_me, class: "checkbox inline" do %>
+    <%= f.check_box :remember_me %>
+    <span>Remember me on this computer</span>
+  <% end %>
+
+  <%= f.submit "Sign in", class: "btn btn-primary" %>
+<% end %>
+<p>New user? <%= link_to "Sign up now", signup_path %></p>

data/app/views/yellin/shared/_error_messages.html.erb

@@ -0,0 +1,12 @@
+<% if object.errors.any? %>
+  <div id="error_explanation">
+    <div class="alert alert-danger">
+      The form contains <%= pluralize(object.errors.count, "error") %>.
+    </div>
+    <ul>
+      <% object.errors.full_messages.each do |msg| %>
+        <li><%= msg %></li>
+      <% end %>
+    </ul>
+  </div>
+<% end %>

data/app/views/yellin/user_mailer/account_activation.html.erb

@@ -0,0 +1,9 @@
+<h1>Account activation</h1>
+
+<p>
+  Welcome to <%= Yellin.app_name %>
+</p>
+
+<p>To activate your account, click here:</p>
+
+<%= link_to "Activate", edit_account_activation_url(@user.activation_token, email: @user.email) %>

data/app/views/yellin/user_mailer/account_activation.text.erb

@@ -0,0 +1,5 @@
+Welcome to <%= Yellin.app_name %>
+
+To activate your account, click here:
+
+<%= edit_account_activation_url(@user.activation_token, email: @user.email) %>

data/app/views/yellin/user_mailer/password_reset.html.erb

@@ -0,0 +1,9 @@
+<h1>Password reset</h1>
+
+<p>To reset your password, click the link below:</p>
+
+<%= link_to "Reset password", edit_password_reset_url(@user.reset_token, email: @user.email) %>
+
+<p>This link will expire in two hours.</p>
+
+<p>If you did not request your password to be reset, please ignore this message and your password will stay as it is.</p>

data/app/views/yellin/user_mailer/password_reset.text.erb

@@ -0,0 +1,9 @@
+Password reset
+
+To reset your password, click the link below:
+
+<%= edit_password_reset_url(@user.reset_token, email: @user.email) %>
+
+This link will expire in two hours.
+
+If you did not request your password to be reset, please ignore this message and your password will stay as it is.

data/config/routes.rb

@@ -0,0 +1,11 @@
+Yellin::Engine.routes.draw do
+  get 'signup', to: 'registrations#new'
+  post 'signup', to: 'registrations#create'
+  get 'login', to: 'sessions#new'
+  post 'login', to: 'sessions#create'
+  delete 'logout', to: 'sessions#destroy'
+  get 'password_resets/new'
+  get 'password_resets/edit'
+  resources :account_activations, only: [:edit]
+  resources :password_resets, only: [:create, :edit, :new, :update]
+end

data/lib/generators/active_record/templates/migration_create.rb

@@ -0,0 +1,15 @@
+class <%= migration_class_name %> < ActiveRecord::Migration[<%= ActiveRecord::Migration.current_version %>]
+  def change
+    create_table :<%= table_name %><%= primary_key_type %> do |t|
+      t.string :email
+      t.string :password_digest
+      t.string :remember_digest
+      t.string :activation_digest
+      t.datetime :activated_at
+      t.string :reset_digest
+      t.datetime :reset_sent_at
+      t.timestamps
+      t.index [:email], name: :index_users_on_email, unique: true
+    end
+  end
+end

data/lib/generators/active_record/templates/migration_update.rb

@@ -0,0 +1,27 @@
+class <%= migration_class_name %> < ActiveRecord::Migration[<%= ActiveRecord::Migration.current_version %>]
+  def self.up
+    change_table :<%= table_name %> do |t|
+      t.string :email
+      t.string :password_digest
+      t.string :remember_digest
+      t.string :activation_digest
+      t.datetime :activated_at
+      t.string :reset_digest
+      t.datetime :reset_sent_at
+      t.index [:email], name: :index_users_on_email, unique: true
+    end
+  end
+
+  def self.down
+    raise ActiveRecord::IrreversibleMigration
+    ## Uncomment and edit below to remove any fields that were in your original model and you want to keep
+    # remove_column :<%= table_name %>, :email, :string
+    # remove_column :<%= table_name %>, :password_digest, :string
+    # remove_column :<%= table_name %>, :remember_digest, :string
+    # remove_column :<%= table_name %>, :activation_digest, :string
+    # remove_column :<%= table_name %>, :activated_at, :datetime
+    # remove_column :<%= table_name %>, :reset_digest, :string
+    # remove_column :<%= table_name %>, :reset_sent_at, :datetime
+    # remove_index :<%= table_name %>, name: :index_users_on_email
+  end
+end

data/lib/generators/active_record/yellin_generator.rb

@@ -0,0 +1,47 @@
+require 'rails/generators/active_record'
+
+module ActiveRecord
+  module Generators
+    class YellinGenerator < ActiveRecord::Generators::Base
+      source_root File.expand_path('../templates', __FILE__)
+
+      def handle_migration
+        @preexisting_model = (behavior == :invoke && model_exists?) || (behavior == :revoke && migration_exists?)
+        if @preexisting_model
+          migration_template "migration_update.rb", "db/migrate/add_yellin_to_#{table_name}.rb"
+        else
+          migration_template "migration_create.rb", "db/migrate/yellin_create_#{table_name}.rb"
+        end
+      end
+
+      def handle_model
+        yellinize_model if behavior == :revoke
+        unless @preexisting_model
+          invoke "active_record:model", [name], migration: false
+        end
+        yellinize_model if behavior == :invoke
+      end
+
+      private
+      def yellinize_model
+        # Avoid subtracting from non-existent file
+        if model_exists?
+          inject_into_file "app/models/#{file_name}.rb", after: "class #{class_name} < ApplicationRecord\n" do <<-YELLIN
+  include Yellin::ActsAsUser
+  acts_as_user
+         YELLIN
+          end
+        end
+      end
+
+      def model_exists?
+        File.exists? File.join(destination_root, "app/models", "#{file_name}.rb")
+      end
+
+      def migration_exists?
+        pattern = File.join(destination_root, "db/migrate", "*_add_yellin_to_#{table_name}.rb")
+        Dir.glob(pattern).first
+      end
+    end
+  end
+end

data/lib/generators/yellin/USAGE

@@ -0,0 +1,8 @@
+Description:
+    Explain the generator
+
+Example:
+    rails generate yellin Thing
+
+    This will create:
+        what/will/it/create

data/lib/generators/yellin/templates/initializer.rb

@@ -0,0 +1,29 @@
+# this is used to identify the application in account activation emails
+Yellin.app_name = <%= Rails.application.class.parent %>
+
+# this is used in the mailer to send account activation and password reset emails
+Yellin.default_from_address = "noreply@example.com"
+
+# this defines the notifications seen by the user
+Yellin.flash = {
+  account_inactive: "Account not activated. Check your email for the activation link.",
+  activation_invalid: "Invalid activation link.",
+  activation_pending: "Please check your email to activate your account.",
+  activation_success: "Account activated.",
+  bad_credentials: "Invalid email/password combination.",
+  login_required: "Please sign in.",
+  reset_expired: "Password reset has expired.",
+  reset_invalid: "Email address not found.",
+  reset_sent: "Email sent with password reset instructions.",
+  reset_success: "Your password has been reset.",
+}
+
+# this defines the minimum acceptable length of a password
+Yellin.password_minimum_length = 12
+
+# this is the number of hours after which a password reset expires. Should be an integer.
+Yellin.reset_timeout_hours = 2
+
+# this is the name of the class implementing the User API
+Yellin.user_class = "<%= name %>"
+

data/lib/generators/yellin/yellin_generator.rb

@@ -0,0 +1,13 @@
+class YellinGenerator < Rails::Generators::NamedBase
+  source_root File.expand_path('../templates', __FILE__)
+
+  def copy_initializer_file
+    template "initializer.rb", "config/initializers/yellin.rb"
+  end
+
+  def mount_engine
+    route "mount Yellin::Engine => '/'"
+  end
+
+  hook_for :orm
+end

data/lib/tasks/yellin_tasks.rake

@@ -0,0 +1,27 @@
+require 'fileutils'
+
+namespace :yellin do
+  namespace :install do
+    desc "Install Yellin views"
+    task :views do
+      source_root = Gem.loaded_specs['yellin'].full_gem_path
+      Dir.glob(File.join(source_root, "app/views/**/*.erb")).each do |view|
+        view.slice!(source_root)
+        path = view.split('/')
+        filename = path.pop
+        FileUtils.mkdir_p(File.join(Rails.root, path))
+        source = File.join(source_root, path, filename)
+        target = File.join(Rails.root, path, filename)
+        copy_file source, target
+      end
+    end
+  end
+
+  namespace :uninstall do
+    desc "Uninstall Yellin views"
+    task :views do
+      FileUtils.rm_rf(File.join(Rails.root, "app/views/yellin"))
+      FileUtils.rm_rf(File.join(Rails.root, "app/views/layouts/yellin"))
+    end
+  end
+end

data/lib/yellin/acts_as_user.rb

@@ -0,0 +1,87 @@
+module Yellin
+  module ActsAsUser
+    extend ActiveSupport::Concern
+
+    included do
+    end
+
+    module ClassMethods
+      def acts_as_user
+        attr_accessor :remember_token, :activation_token, :reset_token
+        has_secure_password
+        before_save :downcase_email
+        before_create :create_activation_digest
+        validates :password, presence: true, length: { minimum: Yellin.password_minimum_length }, allow_nil: true
+        # See https://davidcel.is/posts/stop-validating-email-addresses-with-regex/ for regex reasoning
+        validates :email, presence: true, length: { maximum: 255 }, format: { with: /@/ },
+                          uniqueness: { case_sensitive: false }
+
+        def self.digest(string)
+          cost = ActiveModel::SecurePassword.min_cost ? BCrypt::Engine::MIN_COST : BCrypt::Engine.cost
+          BCrypt::Password.create(string, cost: cost)
+        end
+
+        def self.new_token
+          SecureRandom.urlsafe_base64
+        end
+
+        include Yellin::ActsAsUser::LocalInstanceMethods
+      end
+    end
+
+    module LocalInstanceMethods
+      def activate
+        update_attribute(:activated_at, Time.zone.now)
+      end
+
+      def activated?
+        !activated_at.nil? && activated_at < Time.zone.now
+      end
+
+      def authenticated?(attribute, token)
+        digest = send("#{attribute}_digest")
+        return false if digest.nil?
+        BCrypt::Password.new(digest).is_password?(token)
+      end
+
+      def create_reset_digest
+        self.reset_token = Yellin.user_class.new_token
+        update_columns(reset_digest: Yellin.user_class.digest(reset_token), reset_sent_at: Time.zone.now)
+      end
+
+      def forget
+        update_attribute(:remember_digest, nil)
+      end
+
+      def password_reset_expired?
+        reset_sent_at < Yellin.reset_timeout_hours.hours.ago
+      end
+
+      def remember
+        self.remember_token = Yellin.user_class.new_token
+        update_attribute(:remember_digest, Yellin.user_class.digest(remember_token))
+      end
+
+      def reset_password(params)
+        update_attributes(password: params[:password], password_confirmation: params[:password_confirmation], reset_digest: nil)
+      end
+
+      def send_activation_email
+        UserMailer.account_activation(self).deliver_now
+      end
+
+      def send_password_reset_email
+        UserMailer.password_reset(self).deliver_now
+      end
+
+      def downcase_email
+        self.email.downcase!
+      end
+
+      def create_activation_digest
+        self.activation_token = Yellin.user_class.new_token
+        self.activation_digest = Yellin.user_class.digest(activation_token)
+      end
+    end
+  end
+end

data/lib/yellin/engine.rb

@@ -0,0 +1,11 @@
+module Yellin
+  class Engine < ::Rails::Engine
+    isolate_namespace Yellin
+
+    initializer 'yellin.action_controller' do |app|
+      ActiveSupport.on_load :action_controller do
+        helper Yellin::SessionsHelper
+      end
+    end
+  end
+end

data/lib/yellin/version.rb

@@ -0,0 +1,3 @@
+module Yellin
+  VERSION = '0.1.0'
+end

data/lib/yellin.rb

@@ -0,0 +1,43 @@
+require "yellin/engine"
+require "yellin/acts_as_user"
+
+module Yellin
+  mattr_accessor :app_name, :default_from_address, :flash, :password_minimum_length, :reset_timeout_hours, :user_class
+
+  def self.app_name
+    @@app_name || Rails.application.class.parent
+  end
+
+  def self.default_from_address
+    @@default_from_address || 'noreply@exmaple.com'
+  end
+
+  def self.flash
+    default_flash = {
+      account_inactive: "Account not activated. Check your email for the activation link.",
+      activation_invalid: "Invalid activation link.",
+      activation_pending: "Please check your email to activate your account.",
+      activation_success: "Account activated.",
+      bad_credentials: "Invalid email/password combination.",
+      login_required: "Please sign in.",
+      reset_expired: "Password reset has expired.",
+      reset_invalid: "Email address not found.",
+      reset_sent: "Email sent with password reset instructions.",
+      reset_success: "Your password has been reset.",
+    }
+    @@flash || default_flash
+  end
+
+  def self.password_minimum_length
+    @@password_minimum_length || 12
+  end
+
+  def self.reset_timeout_hours
+    @@reset_timeout_hours || 2
+  end
+
+  def self.user_class
+    @@user_class.constantize
+  end
+
+end

metadata

@@ -0,0 +1,155 @@
+--- !ruby/object:Gem::Specification
+name: yellin
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Luke Hogan
+- Michael Hartl
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2017-04-10 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 5.0.2
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 5.0.2
+- !ruby/object:Gem::Dependency
+  name: bcrypt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.1.11
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.1.11
+- !ruby/object:Gem::Dependency
+  name: sqlite3
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rails-controller-testing
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Rails engine providing user authentication and basic account management
+  (account confirmation, password reset); Based on authentication framework developed
+  during Michael Hartl's Ruby on Rails Tutorial.
+email:
+- hoganld@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- LICENSE
+- README.md
+- Rakefile
+- app/assets/config/yellin_manifest.js
+- app/assets/javascripts/yellin/account_activations.js
+- app/assets/javascripts/yellin/application.js
+- app/assets/javascripts/yellin/password_resets.js
+- app/assets/javascripts/yellin/registrations.js
+- app/assets/javascripts/yellin/sessions.js
+- app/assets/stylesheets/yellin/account_activations.css
+- app/assets/stylesheets/yellin/application.css
+- app/assets/stylesheets/yellin/password_resets.css
+- app/assets/stylesheets/yellin/registrations.css
+- app/assets/stylesheets/yellin/sessions.css
+- app/controllers/yellin/account_activations_controller.rb
+- app/controllers/yellin/application_controller.rb
+- app/controllers/yellin/password_resets_controller.rb
+- app/controllers/yellin/registrations_controller.rb
+- app/controllers/yellin/sessions_controller.rb
+- app/helpers/yellin/account_activations_helper.rb
+- app/helpers/yellin/application_helper.rb
+- app/helpers/yellin/password_resets_helper.rb
+- app/helpers/yellin/registrations_helper.rb
+- app/helpers/yellin/sessions_helper.rb
+- app/jobs/yellin/application_job.rb
+- app/mailers/yellin/application_mailer.rb
+- app/mailers/yellin/user_mailer.rb
+- app/models/yellin/application_record.rb
+- app/views/layouts/yellin/mailer.html.erb
+- app/views/layouts/yellin/mailer.text.erb
+- app/views/yellin/password_resets/edit.html.erb
+- app/views/yellin/password_resets/new.html.erb
+- app/views/yellin/registrations/_form.html.erb
+- app/views/yellin/registrations/new.html.erb
+- app/views/yellin/sessions/new.html.erb
+- app/views/yellin/shared/_error_messages.html.erb
+- app/views/yellin/user_mailer/account_activation.html.erb
+- app/views/yellin/user_mailer/account_activation.text.erb
+- app/views/yellin/user_mailer/password_reset.html.erb
+- app/views/yellin/user_mailer/password_reset.text.erb
+- config/routes.rb
+- lib/generators/active_record/templates/migration_create.rb
+- lib/generators/active_record/templates/migration_update.rb
+- lib/generators/active_record/yellin_generator.rb
+- lib/generators/yellin/USAGE
+- lib/generators/yellin/templates/initializer.rb
+- lib/generators/yellin/yellin_generator.rb
+- lib/tasks/yellin_tasks.rake
+- lib/yellin.rb
+- lib/yellin/acts_as_user.rb
+- lib/yellin/engine.rb
+- lib/yellin/version.rb
+homepage: https://github.com/dukemagen/yellin.git
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.5.2
+signing_key: 
+specification_version: 4
+summary: Rails engine providing authentication based on `has_secure_password`.
+test_files: []