Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/rzane/tiny_auth

A collection of utilities for authenticating users.
https://github.com/rzane/tiny_auth

authentication password rails reset token

Last synced: about 2 months ago
JSON representation

A collection of utilities for authenticating users.

Host: GitHub
URL: https://github.com/rzane/tiny_auth
Owner: rzane
License: mit
Created: 2019-11-15T05:25:41.000Z (almost 5 years ago)
Default Branch: master
Last Pushed: 2021-05-20T15:21:05.000Z (over 3 years ago)
Last Synced: 2024-07-24T01:19:53.740Z (2 months ago)
Topics: authentication, password, rails, reset, token
Language: Ruby
Homepage:
Size: 49.8 KB
Stars: 2
Watchers: 2
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE.txt
- Code of conduct: CODE_OF_CONDUCT.md

Awesome Lists containing this project

README

# TinyAuth [![Build Status](https://travis-ci.org/rzane/tiny_auth.svg?branch=master)](https://travis-ci.org/rzane/tiny_auth) [![Coverage Status](https://coveralls.io/repos/github/rzane/tiny_auth/badge.svg?branch=master)](https://coveralls.io/github/rzane/tiny_auth?branch=master)

A utility for minimal user authentication.

## Installation

Add this line to your application's Gemfile:

```ruby
gem 'tiny_auth'
```

And then execute:

$ bundle

## Usage

### `TinyAuth::Model`

First, create a table to store your users:

```ruby
create_table :users do |t|
t.string :email, null: false
t.string :password_digest, null: false
t.integer :token_version, null: false, default: 0
t.index :email, unique: true
t.index [:id, :token_version], unique: true
end
```

Your model should look like this:

```ruby
class User < ApplicationRecord
include TinyAuth::Model
end
```

#### `#generate_token(purpose: :access, expires_in: 24.hours)`

Generate a token. The token is generated from the user's `id` and their `token_version`.

If the `token_version` changes, all previously issued tokens will be revoked. Anytime the
user's password changes, this will happen automatically.

```ruby
irb> user.generate_token
"eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJ..."

irb> user.generate_token(purpose: :reset, expires_in: 1.hour)
"eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJ..."
```

#### `#invalidate_tokens`

Increments the `#token_version`, but does not apply the change to the database.

#### `#invalidate_tokens!`

Increments the `#token_version` and applies the change to the database.

#### `.find_by_email(email)`

Find a user by their email address. The query will disregard casing.

```ruby
irb> User.find_by_email("[email protected]")
#
```

#### `.find_by_credentials(email, password)`

Find a user by their email, then check that the password matches.

If the email doesn't exist, `nil` will be returned. If the password doesn't match, `nil` will be returned.

```ruby
irb> User.find_by_credentials("[email protected]", "testing123")
#

irb> User.find_by_credentials("[email protected]", "")
nil

irb> User.find_by_credentials("", "")
nil
```

#### `.find_by_token(token, purpose: :access)`

Find a user by their token. If the user can't be found, `nil` will be returned.

```ruby
irb> User.find_by_token(token)
#

irb> User.find_by_token(reset_token, purpose: :reset)
#

irb> User.find_by_token("")
nil
```

### `TinyAuth::Controller`

```ruby
class ApplicationController < ActionController::Base
include TinyAuth::Controller.new(model: User)
end
```

The example above would generate the following methods based on the model's name:

#### `#authenticate_user`

This method should be called in a `before_action`. If an `Authorization` header is found, it will attempt to locate a user.

#### `#current_user`

An accessor that can be used to obtain access to the authenticated user after calling `authenticate_user`.

#### `#user_signed_in?`

A convenience method to determine if a user is signed in.

## Contributing

Bug reports and pull requests are welcome on GitHub at https://github.com/rzane/tiny_auth. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.

## License

The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

## Code of Conduct

Everyone interacting in the TinyAuth project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/rzane/tiny_auth/blob/master/CODE_OF_CONDUCT.md).