Add valid to authable

692eab74 · liyijie · b63b8f89 · 692eab74 · 692eab74 · 692eab74
Commit 692eab74 authored Jul 25, 2017 by liyijie
4 changed files
--- a/lib/rails_api_authentication/acts_as_authentication_handler.rb
+++ b/lib/rails_api_authentication/acts_as_authentication_handler.rb
@@ -9,5 +9,10 @@ module RailsApiAuthentication
      include RailsApiAuthentication::AuthSession
      auth_session klass_sym
    end
+    def acts_as_auth_password(klass_sym)
+      include RailsApiAuthentication::AuthPassword
+      auth_password klass_sym
+    end
  end
 end
--- a/lib/rails_api_authentication/acts_as_authenticationable.rb
+++ b/lib/rails_api_authentication/acts_as_authenticationable.rb
@@ -4,5 +4,10 @@ module RailsApiAuthentication
      include RailsApiAuthentication::Authable
      auth_for params
    end
+    def acts_as_validable(params={})
+      include RailsApiAuthentication::Authable
+      valid_for params
+    end
  end
 end
--- a/lib/rails_api_authentication/auth_password.rb
+++ b/lib/rails_api_authentication/auth_password.rb
+module RailsApiAuthentication
+  module AuthPassword
+    extend ActiveSupport::Concern
+    included do
+    end
+    # Reset password with token
+    def create
+      auth_password = self.class.klass.auth_password
+      valid_key = self.class.klass.valid_key
+      self.send("current_#{self.class.klass_sym}")&.reset_password(reset_password_params[auth_password], reset_password_params[valid_key])
+      render json: { meesage: "reset password successful"}, status: 200
+    rescue UserError => e
+      render json: { error: e.message }, status: e.status
+    end
+    # Update password when the auth is pass
+    def update
+      auth_password = self.class.klass.auth_password
+      self.send("current_#{self.class.klass_sym}")&.update_password(password_params[auth_password])
+      render json: { meesage: "update password successful"}, status: 200
+    rescue UserError => e
+      render json: { error: e.message }, status: e.status
+    end
+    private
+      def password_params
+        auth_password = self.class.klass.auth_password
+        params.require(self.class.klass_sym).permit(auth_password)
+      end
+      def reset_password_params
+        auth_password = self.class.klass.auth_password
+        valid_key = self.class.klass.valid_key
+        params.require(self.class.klass_sym).permit(
+          auth_password, valid_key
+        )
+      end
+    module ClassMethods
+      attr_reader :klass, :klass_sym
+      def auth_password klass_sym
+        @klass = klass_sym.to_s.camelize.constantize
+        @klass_sym = klass_sym
+      end
+    end
+  end
+end
--- a/lib/rails_api_authentication/authable.rb
+++ b/lib/rails_api_authentication/authable.rb
@@ -4,23 +4,42 @@ module RailsApiAuthentication
    DIGEST = Digest::SHA2.new
    included do
      attr_accessor :token
      def logout
        AuthToken.find(token: token)&.first&.delete if token.present?
      end
+      def update_password password
+        raise(UserError.new(401, '-1', 'password is blank')) if password.blank?
+        self.update(@auth_password => generate_password(password))
+      end
+      def reset_password password, valid_code
+        update_password(password) if self.class.valid?(self.send(@auth_key), valid_code)
+      end
    end
    module ClassMethods
-      attr_reader :auth_key, :auth_password
+      attr_reader :auth_key, :auth_password, :valid_key
      def auth_for params
        @auth_key = params[:auth_key]&.to_sym || :name
        @auth_password = params[:auth_password]&.to_sym || :password
      end
+      def valid_for params
+        @valid_key = params[:key]&.to_sym || :valid_code
+        @valid_expire = params[:expire]&.to_sym || 60
+        @valid_length = params[:length]&.to_sym || 4
+      end
+      def generate_valid_code name
+        code = (0..9).to_a.sample(@valid_length).join
+        $redis.setex(name, @valid_expire, code)
+      end
      def login(name, password)
        user = self.find_by(@auth_key => name)
        raise(UserError.new(401, '-1', 'Unauthorized')) if user.nil?
@@ -29,7 +48,6 @@ module RailsApiAuthentication
        AuthToken.create(self, { oid: user.id })
      end
      def auth!(request)
        user = auth(request)
        user.nil? ? raise(UserError.new(401, '-1', 'Unauthorized')) : user
@@ -37,6 +55,7 @@ module RailsApiAuthentication
      def register(name, password, attrs={})
        raise(UserError.new(401, '-1', 'password is blank')) if password.blank?
+        raise(UserError.new(401, '-1', 'valid token is not correct')) if @valid_key.present? && !valid?(name, attrs[@valid_key])
        self.create!({@auth_key => name, @auth_password => generate_password(password)}.merge attrs)
      rescue ActiveRecord::RecordInvalid => e
        raise UserError.new(401, '-1', e.message)
@@ -61,6 +80,10 @@ module RailsApiAuthentication
        "#{salt(password, suffix)}:#{suffix}"
      end
+      def valid? name, valid_code
+        valid_code == $redis.get(name)
+      end
      def auth(request)
        token = request.env["HTTP_#{self.to_s.upcase}_TOKEN"] || request.env["#{self.to_s.upcase}_TOKEN"]
        auth = AuthToken.find(token: token)&.first