Skip to content

R
rails_api_authentication
Commit e453079c by liyijie
Options

Merge branch 'liyijie/valid' into 'master'

Add valid to authable See merge request !2
parents b63b8f89 3d8622e8
Showing with 101 additions and 4 deletions
lib/rails_api_authentication.rb
......@@ -2,6 +2,7 @@ require "rails_api_authentication/version"
require "rails_api_authentication/configuration"
require "rails_api_authentication/auth_action"
require "rails_api_authentication/auth_session"
require "rails_api_authentication/auth_password"
require "rails_api_authentication/auth_token"
require "rails_api_authentication/authable"
require "rails_api_authentication/acts_as_authenticationable"
......
lib/rails_api_authentication/acts_as_authentication_handler.rb
......@@ -6,8 +6,17 @@ module RailsApiAuthentication
end
def acts_as_auth_session(klass_sym)
include RailsApiAuthentication::AuthAction
include RailsApiAuthentication::AuthSession
auth_action klass_sym, only: [:destroy]
auth_session klass_sym
end
def acts_as_auth_password(klass_sym)
include RailsApiAuthentication::AuthAction
include RailsApiAuthentication::AuthPassword
auth_action klass_sym, only: [:update]
auth_password klass_sym
end
end
end
lib/rails_api_authentication/acts_as_authenticationable.rb
......@@ -4,5 +4,10 @@ module RailsApiAuthentication
include RailsApiAuthentication::Authable
auth_for params
end
def acts_as_validable(params={})
include RailsApiAuthentication::Authable
valid_for params
end
end
end
lib/rails_api_authentication/auth_password.rb 0 → 100644
module RailsApiAuthentication
module AuthPassword
extend ActiveSupport::Concern
included do
end
# Reset password with token
def create
auth_key = self.class.klass.auth_key
auth_password = self.class.klass.auth_password
valid_key = self.class.klass.valid_key
current_authable = self.class.klass.send(:find_by!, auth_key => reset_password_params[auth_key])
current_authable.reset_password(reset_password_params[auth_password], reset_password_params[valid_key])
render json: { meesage: "reset password successful"}, status: 200
rescue UserError => e
render json: { error: e.message }, status: e.status
end
# Update password when the auth is pass
def update
auth_password = self.class.klass.auth_password
self.send("current_#{self.class.klass_sym}")&.update_password(password_params[auth_password])
render json: { meesage: "update password successful"}, status: 200
rescue UserError => e
render json: { error: e.message }, status: e.status
end
private
def password_params
auth_password = self.class.klass.auth_password
params.require(self.class.klass_sym).permit(auth_password)
end
def reset_password_params
auth_key = self.class.klass.auth_key
auth_password = self.class.klass.auth_password
valid_key = self.class.klass.valid_key
params.require(self.class.klass_sym).permit(
auth_key, auth_password, valid_key
)
end
module ClassMethods
attr_reader :klass, :klass_sym
def auth_password klass_sym
@klass = klass_sym.to_s.camelize.constantize
@klass_sym = klass_sym
end
end
end
end
lib/rails_api_authentication/authable.rb
......@@ -4,23 +4,45 @@ module RailsApiAuthentication
DIGEST = Digest::SHA2.new
included do
attr_accessor :token
def logout
AuthToken.find(token: token)&.first&.delete if token.present?
end
def update_password password
raise(UserError.new(401, '-1', 'password is blank')) if password.blank?
auth_password = self.class.auth_password
self.update(auth_password => self.class.send(:generate_password, password))
end
def reset_password password, valid_code
auth_key = self.class.auth_key
update_password(password) if self.class.valid!(self.send(auth_key), valid_code)
end
end
module ClassMethods
attr_reader :auth_key, :auth_password
attr_reader :auth_key, :auth_password, :valid_key
def auth_for params
@auth_key = params[:auth_key]&.to_sym || :name
@auth_password = params[:auth_password]&.to_sym || :password
end
def valid_for params
@valid_key = params[:key]&.to_sym || :valid_code
@valid_expire = params[:expire]&.to_sym || 600
@valid_length = params[:length]&.to_sym || 4
end
def generate_valid_code name
code = (0..9).to_a.sample(@valid_length).join
$redis.setex("#{self}::#{name}", @valid_expire, code)
code
end
def login(name, password)
user = self.find_by(@auth_key => name)
raise(UserError.new(401, '-1', 'Unauthorized')) if user.nil?
......@@ -29,7 +51,6 @@ module RailsApiAuthentication
AuthToken.create(self, { oid: user.id })
end
def auth!(request)
user = auth(request)
user.nil? ? raise(UserError.new(401, '-1', 'Unauthorized')) : user
......@@ -37,7 +58,8 @@ module RailsApiAuthentication
def register(name, password, attrs={})
raise(UserError.new(401, '-1', 'password is blank')) if password.blank?
self.create!({@auth_key => name, @auth_password => generate_password(password)}.merge attrs)
valid! name, attrs.delete(@valid_key)
self.create!({@auth_key => name, @auth_password => generate_password(password)}.merge attrs)
rescue ActiveRecord::RecordInvalid => e
raise UserError.new(401, '-1', e.message)
end
......@@ -49,6 +71,10 @@ module RailsApiAuthentication
register(name, password, attrs)
end
def valid! name, valid_code
raise(UserError.new(401, '-1', 'valid token is not correct')) unless valid?(name, valid_code)
end
private
def salt(password, suffix)
......@@ -61,6 +87,10 @@ module RailsApiAuthentication
"#{salt(password, suffix)}:#{suffix}"
end
def valid? name, valid_code
@valid_key.blank? || (valid_code.present? && valid_code == $redis.get("#{self}::#{name}"))
end
def auth(request)
token = request.env["HTTP_#{self.to_s.upcase}_TOKEN"] || request.env["#{self.to_s.upcase}_TOKEN"]
auth = AuthToken.find(token: token)&.first
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment