daboh/vms
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Installed authentication-zero
Some checks are pending
CI / scan_ruby (push) Waiting to run
Details
CI / scan_js (push) Waiting to run
Details
CI / lint (push) Waiting to run
Details
CI / test (push) Waiting to run
Details

Browse Source
This commit is contained in:
David Böhm
2024-08-17 21:18:23 +02:00
parent cbe55aee36
commit c4b96a43e4
44 changed files with 988 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
app/controllers/application_controller.rb
View File

@@ -1,4 +1,18 @@
class ApplicationController < ActionController::Base
# Only allow modern browsers supporting webp images, web push, badges, import maps, CSS nesting, and CSS :has.
allow_browser versions: :modern
before_action :set_current_request_details
before_action :authenticate
private
def authenticate
if session_record = Session.find_by_id(cookies.signed[:session_token])
Current.session = session_record
else
redirect_to sign_in_path
end
end
def set_current_request_details
Current.user_agent = request.user_agent
Current.ip_address = request.ip
end
end

4
app/controllers/home_controller.rb Normal file
View File

@@ -0,0 +1,4 @@
class HomeController < ApplicationController
def index
end
end

26
app/controllers/identity/email_verifications_controller.rb Normal file
View File

@@ -0,0 +1,26 @@
class Identity::EmailVerificationsController < ApplicationController
skip_before_action :authenticate, only: :show
before_action :set_user, only: :show
def show
@user.update! verified: true
redirect_to root_path, notice: "Thank you for verifying your email address"
end
def create
send_email_verification
redirect_to root_path, notice: "We sent a verification email to your email address"
end
private
def set_user
@user = User.find_by_token_for!(:email_verification, params[:sid])
rescue StandardError
redirect_to edit_identity_email_path, alert: "That email verification link is invalid"
end
def send_email_verification
UserMailer.with(user: Current.user).email_verification.deliver_later
end
end

36
app/controllers/identity/emails_controller.rb Normal file
View File

@@ -0,0 +1,36 @@
class Identity::EmailsController < ApplicationController
before_action :set_user
def edit
end
def update
if @user.update(user_params)
redirect_to_root
else
render :edit, status: :unprocessable_entity
end
end
private
def set_user
@user = Current.user
end
def user_params
params.permit(:email, :password_challenge).with_defaults(password_challenge: "")
end
def redirect_to_root
if @user.email_previously_changed?
resend_email_verification
redirect_to root_path, notice: "Your email has been changed"
else
redirect_to root_path
end
end
def resend_email_verification
UserMailer.with(user: @user).email_verification.deliver_later
end
end

43
app/controllers/identity/password_resets_controller.rb Normal file
View File

@@ -0,0 +1,43 @@
class Identity::PasswordResetsController < ApplicationController
skip_before_action :authenticate
before_action :set_user, only: %i[ edit update ]
def new
end
def edit
end
def create
if @user = User.find_by(email: params[:email], verified: true)
send_password_reset_email
redirect_to sign_in_path, notice: "Check your email for reset instructions"
else
redirect_to new_identity_password_reset_path, alert: "You can't reset your password until you verify your email"
end
end
def update
if @user.update(user_params)
redirect_to sign_in_path, notice: "Your password was reset successfully. Please sign in"
else
render :edit, status: :unprocessable_entity
end
end
private
def set_user
@user = User.find_by_token_for!(:password_reset, params[:sid])
rescue StandardError
redirect_to new_identity_password_reset_path, alert: "That password reset link is invalid"
end
def user_params
params.permit(:password, :password_confirmation)
end
def send_password_reset_email
UserMailer.with(user: @user).password_reset.deliver_later
end
end

23
app/controllers/passwords_controller.rb Normal file
View File

@@ -0,0 +1,23 @@
class PasswordsController < ApplicationController
before_action :set_user
def edit
end
def update
if @user.update(user_params)
redirect_to root_path, notice: "Your password has been changed"
else
render :edit, status: :unprocessable_entity
end
end
private
def set_user
@user = Current.user
end
def user_params
params.permit(:password, :password_confirmation, :password_challenge).with_defaults(password_challenge: "")
end
end

30
app/controllers/registrations_controller.rb Normal file
View File

@@ -0,0 +1,30 @@
class RegistrationsController < ApplicationController
skip_before_action :authenticate
def new
@user = User.new
end
def create
@user = User.new(user_params)
if @user.save
session_record = @user.sessions.create!
cookies.signed.permanent[:session_token] = { value: session_record.id, httponly: true }
send_email_verification
redirect_to root_path, notice: "Welcome! You have signed up successfully"
else
render :new, status: :unprocessable_entity
end
end
private
def user_params
params.permit(:email, :password, :password_confirmation)
end
def send_email_verification
UserMailer.with(user: @user).email_verification.deliver_later
end
end

32
app/controllers/sessions_controller.rb Normal file
View File

@@ -0,0 +1,32 @@
class SessionsController < ApplicationController
skip_before_action :authenticate, only: %i[ new create ]
before_action :set_session, only: :destroy
def index
@sessions = Current.user.sessions.order(created_at: :desc)
end
def new
end
def create
if user = User.authenticate_by(email: params[:email], password: params[:password])
@session = user.sessions.create!
cookies.signed.permanent[:session_token] = { value: @session.id, httponly: true }
redirect_to root_path, notice: "Signed in successfully"
else
redirect_to sign_in_path(email_hint: params[:email]), alert: "That email or password is incorrect"
end
end
def destroy
@session.destroy; redirect_to(sessions_path, notice: "That session has been logged out")
end
private
def set_session
@session = Current.user.sessions.find(params[:id])
end
end

15
app/mailers/user_mailer.rb Normal file
View File

@@ -0,0 +1,15 @@
class UserMailer < ApplicationMailer
def password_reset
@user = params[:user]
@signed_id = @user.generate_token_for(:password_reset)
mail to: @user.email, subject: "Reset your password"
end
def email_verification
@user = params[:user]
@signed_id = @user.generate_token_for(:email_verification)
mail to: @user.email, subject: "Verify your email"
end
end

6
app/models/current.rb Normal file
View File

@@ -0,0 +1,6 @@
class Current < ActiveSupport::CurrentAttributes
attribute :session
attribute :user_agent, :ip_address
delegate :user, to: :session, allow_nil: true
end

8
app/models/session.rb Normal file
View File

@@ -0,0 +1,8 @@
class Session < ApplicationRecord
belongs_to :user
before_create do
self.user_agent = Current.user_agent
self.ip_address = Current.ip_address
end
end

26
app/models/user.rb Normal file
View File

@@ -0,0 +1,26 @@
class User < ApplicationRecord
has_secure_password
generates_token_for :email_verification, expires_in: 2.days do
email
end
generates_token_for :password_reset, expires_in: 20.minutes do
password_salt.last(10)
end
has_many :sessions, dependent: :destroy
validates :email, presence: true, uniqueness: true, format: { with: URI::MailTo::EMAIL_REGEXP }
validates :password, allow_nil: true, length: { minimum: 12 }
normalizes :email, with: -> { _1.strip.downcase }
before_validation if: :email_changed?, on: :update do
self.verified = false
end
after_update if: :password_digest_previously_changed? do
sessions.where.not(id: Current.session).delete_all
end
end

23
app/views/home/index.html.erb Normal file
View File

@@ -0,0 +1,23 @@
<p style="color: green"><%= notice %></p>
<p>Signed as <%= Current.user.email %></p>
<h2>Login and verification</h2>
<div>
<%= link_to "Change password", edit_password_path %>
</div>
<div>
<%= link_to "Change email address", edit_identity_email_path %>
</div>
<h2>Access history</h2>
<div>
<%= link_to "Devices & Sessions", sessions_path %>
</div>
<br>
<%= button_to "Log out", Current.session, method: :delete %>

43
app/views/identity/emails/edit.html.erb Normal file
View File

@@ -0,0 +1,43 @@
<p style="color: red"><%= alert %></p>
<% if Current.user.verified? %>
<h1>Change your email</h1>
<% else %>
<h1>Verify your email</h1>
<p>We sent a verification email to the address below. Check that email and follow those instructions to confirm it's your email address.</p>
<p><%= button_to "Re-send verification email", identity_email_verification_path %></p>
<% end %>
<%= form_with(url: identity_email_path, method: :patch) do |form| %>
<% if @user.errors.any? %>
<div style="color: red">
<h2><%= pluralize(@user.errors.count, "error") %> prohibited this user from being saved:</h2>
<ul>
<% @user.errors.each do |error| %>
<li><%= error.full_message %></li>
<% end %>
</ul>
</div>
<% end %>
<div>
<%= form.label :email, "New email", style: "display: block" %>
<%= form.email_field :email, required: true, autofocus: true %>
</div>
<div>
<%= form.label :password_challenge, style: "display: block" %>
<%= form.password_field :password_challenge, required: true, autocomplete: "current-password" %>
</div>
<div>
<%= form.submit "Save changes" %>
</div>
<% end %>
<br>
<div>
<%= link_to "Back", root_path %>
</div>

32
app/views/identity/password_resets/edit.html.erb Normal file
View File

@@ -0,0 +1,32 @@
<h1>Reset your password</h1>
<%= form_with(url: identity_password_reset_path, method: :patch) do |form| %>
<% if @user.errors.any? %>
<div style="color: red">
<h2><%= pluralize(@user.errors.count, "error") %> prohibited this user from being saved:</h2>
<ul>
<% @user.errors.each do |error| %>
<li><%= error.full_message %></li>
<% end %>
</ul>
</div>
<% end %>
<%= form.hidden_field :sid, value: params[:sid] %>
<div>
<%= form.label :password, "New password", style: "display: block" %>
<%= form.password_field :password, required: true, autofocus: true, autocomplete: "new-password" %>
<div>12 characters minimum.</div>
</div>
<div>
<%= form.label :password_confirmation, "Confirm new password", style: "display: block" %>
<%= form.password_field :password_confirmation, required: true, autocomplete: "new-password" %>
</div>
<div>
<%= form.submit "Save changes" %>
</div>
<% end %>

14
app/views/identity/password_resets/new.html.erb Normal file
View File

@@ -0,0 +1,14 @@
<p style="color: red"><%= alert %></p>
<h1>Forgot your password?</h1>
<%= form_with(url: identity_password_reset_path) do |form| %>
<div>
<%= form.label :email, style: "display: block" %>
<%= form.email_field :email, required: true, autofocus: true %>
</div>
<div>
<%= form.submit "Send password reset email" %>
</div>
<% end %>

43
app/views/passwords/edit.html.erb Normal file
View File

@@ -0,0 +1,43 @@
<p style="color: red"><%= alert %></p>
<h1>Change your password</h1>
<%= form_with(url: password_path, method: :patch) do |form| %>
<% if @user.errors.any? %>
<div style="color: red">
<h2><%= pluralize(@user.errors.count, "error") %> prohibited this user from being saved:</h2>
<ul>
<% @user.errors.each do |error| %>
<li><%= error.full_message %></li>
<% end %>
</ul>
</div>
<% end %>
<div>
<%= form.label :password_challenge, style: "display: block" %>
<%= form.password_field :password_challenge, required: true, autofocus: true, autocomplete: "current-password" %>
</div>
<div>
<%= form.label :password, "New password", style: "display: block" %>
<%= form.password_field :password, required: true, autocomplete: "new-password" %>
<div>12 characters minimum.</div>
</div>
<div>
<%= form.label :password_confirmation, "Confirm new password", style: "display: block" %>
<%= form.password_field :password_confirmation, required: true, autocomplete: "new-password" %>
</div>
<div>
<%= form.submit "Save changes" %>
</div>
<% end %>
<br>
<div>
<%= link_to "Back", root_path %>
</div>

35
app/views/registrations/new.html.erb Normal file
View File

@@ -0,0 +1,35 @@
<h1>Sign up</h1>
<%= form_with(url: sign_up_path) do |form| %>
<% if @user.errors.any? %>
<div style="color: red">
<h2><%= pluralize(@user.errors.count, "error") %> prohibited this user from being saved:</h2>
<ul>
<% @user.errors.each do |error| %>
<li><%= error.full_message %></li>
<% end %>
</ul>
</div>
<% end %>
<div>
<%= form.label :email, style: "display: block" %>
<%= form.email_field :email, value: @user.email, required: true, autofocus: true, autocomplete: "email" %>
</div>
<div>
<%= form.label :password, style: "display: block" %>
<%= form.password_field :password, required: true, autocomplete: "new-password" %>
<div>12 characters minimum.</div>
</div>
<div>
<%= form.label :password_confirmation, style: "display: block" %>
<%= form.password_field :password_confirmation, required: true, autocomplete: "new-password" %>
</div>
<div>
<%= form.submit "Sign up" %>
</div>
<% end %>

34
app/views/sessions/index.html.erb Normal file
View File

@@ -0,0 +1,34 @@
<p style="color: green"><%= notice %></p>
<h1>Devices & Sessions</h1>
<div id="sessions">
<% @sessions.each do |session| %>
<div id="<%= dom_id session %>">
<p>
<strong>User Agent:</strong>
<%= session.user_agent %>
</p>
<p>
<strong>Ip Address:</strong>
<%= session.ip_address %>
</p>
<p>
<strong>Created at:</strong>
<%= session.created_at %>
</p>
</div>
<p>
<%= button_to "Log out", session, method: :delete %>
</p>
<% end %>
</div>
<br>
<div>
<%= link_to "Back", root_path %>
</div>

30
app/views/sessions/new.html.erb Normal file
View File

@@ -0,0 +1,30 @@
<p style="color: green"><%= notice %></p>
<p style="color: red"><%= alert %></p>
<h1>Sign in</h1>
<%= form_with(url: sign_in_path) do |form| %>
<div>
<%= form.label :email, style: "display: block" %>
<%= form.email_field :email, value: params[:email_hint], required: true, autofocus: true, autocomplete: "email" %>
</div>
<div>
<%= form.label :password, style: "display: block" %>
<%= form.password_field :password, required: true, autocomplete: "current-password" %>
</div>
<div>
<%= form.submit "Sign in" %>
</div>
<% end %>
<br>
<br>
<div>
<%= link_to "Sign up", sign_up_path %> |
<%= link_to "Forgot your password?", new_identity_password_reset_path %>
</div>

11
app/views/user_mailer/email_verification.html.erb Normal file
View File

@@ -0,0 +1,11 @@
<p>Hey there,</p>
<p>This is to confirm that <%= @user.email %> is the email you want to use on your account. If you ever lose your password, that's where we'll email a reset link.</p>
<p><strong>You must hit the link below to confirm that you received this email.</strong></p>
<p><%= link_to "Yes, use this email for my account", identity_email_verification_url(sid: @signed_id) %></p>
<hr>
<p>Have questions or need help? Just reply to this email and our support team will help you sort it out.</p>

11
app/views/user_mailer/password_reset.html.erb Normal file
View File

@@ -0,0 +1,11 @@
<p>Hey there,</p>
<p>Can't remember your password for <strong><%= @user.email %></strong>? That's OK, it happens. Just hit the link below to set a new one.</p>
<p><%= link_to "Reset my password", edit_identity_password_reset_url(sid: @signed_id) %></p>
<p>If you did not request a password reset you can safely ignore this email, it expires in 20 minutes. Only someone with access to this email account can reset your password.</p>
<hr>
<p>Have questions or need help? Just reply to this email and our support team will help you sort it out.</p>