From 8a164c70e2565e60fb388ac42b6707e81b8ebda5 Mon Sep 17 00:00:00 2001 From: Manuel Bustillo Date: Sat, 30 Nov 2024 10:44:23 +0100 Subject: [PATCH] Revert "Install Rails' authentication generator" This reverts commit aa0986986f1b6544e918d3fd6af13336547feacd. --- Gemfile | 2 - Gemfile.lock | 2 - app/channels/application_cable/connection.rb | 14 +---- app/controllers/application_controller.rb | 1 - app/controllers/concerns/authentication.rb | 55 -------------------- app/controllers/passwords_controller.rb | 33 ------------ app/controllers/sessions_controller.rb | 21 -------- app/mailers/passwords_mailer.rb | 6 --- app/models/current.rb | 4 -- app/models/session.rb | 22 -------- app/models/user.rb | 20 ------- app/views/passwords/edit.html.erb | 9 ---- app/views/passwords/new.html.erb | 8 --- app/views/passwords_mailer/reset.html.erb | 4 -- app/views/passwords_mailer/reset.text.erb | 2 - app/views/sessions/new.html.erb | 11 ---- config/routes.rb | 2 - db/migrate/20241118232609_create_users.rb | 11 ---- db/migrate/20241118232618_create_sessions.rb | 11 ---- db/schema.rb | 22 ++------ 20 files changed, 5 insertions(+), 255 deletions(-) delete mode 100644 app/controllers/concerns/authentication.rb delete mode 100644 app/controllers/passwords_controller.rb delete mode 100644 app/controllers/sessions_controller.rb delete mode 100644 app/mailers/passwords_mailer.rb delete mode 100644 app/models/current.rb delete mode 100644 app/models/session.rb delete mode 100644 app/models/user.rb delete mode 100644 app/views/passwords/edit.html.erb delete mode 100644 app/views/passwords/new.html.erb delete mode 100644 app/views/passwords_mailer/reset.html.erb delete mode 100644 app/views/passwords_mailer/reset.text.erb delete mode 100644 app/views/sessions/new.html.erb delete mode 100644 db/migrate/20241118232609_create_users.rb delete mode 100644 db/migrate/20241118232618_create_sessions.rb diff --git a/Gemfile b/Gemfile index a62f8ee..81b24ff 100644 --- a/Gemfile +++ b/Gemfile @@ -39,5 +39,3 @@ end gem 'chroma' gem 'solid_queue', '~> 1.0' - -gem "bcrypt", "~> 3.1" diff --git a/Gemfile.lock b/Gemfile.lock index ca48703..9ea8033 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -81,7 +81,6 @@ GEM babel-source (>= 4.0, < 6) execjs (~> 2.0) base64 (0.2.0) - bcrypt (3.1.20) benchmark (0.4.0) bigdecimal (3.1.8) bindex (0.8.1) @@ -364,7 +363,6 @@ PLATFORMS DEPENDENCIES annotaterb - bcrypt (~> 3.1) bootsnap chroma csv diff --git a/app/channels/application_cable/connection.rb b/app/channels/application_cable/connection.rb index 4264c74..1cc97c6 100644 --- a/app/channels/application_cable/connection.rb +++ b/app/channels/application_cable/connection.rb @@ -1,16 +1,6 @@ +# Copyright (C) 2024 Manuel Bustillo + module ApplicationCable class Connection < ActionCable::Connection::Base - identified_by :current_user - - def connect - set_current_user || reject_unauthorized_connection - end - - private - def set_current_user - if session = Session.find_by(id: cookies.signed[:session_id]) - self.current_user = session.user - end - end end end diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 54431ec..57926f3 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -1,7 +1,6 @@ # Copyright (C) 2024 Manuel Bustillo class ApplicationController < ActionController::Base - include Authentication after_action :set_csrf_cookie skip_before_action :verify_authenticity_token, if: :development_swagger? diff --git a/app/controllers/concerns/authentication.rb b/app/controllers/concerns/authentication.rb deleted file mode 100644 index 771b21d..0000000 --- a/app/controllers/concerns/authentication.rb +++ /dev/null @@ -1,55 +0,0 @@ -module Authentication - extend ActiveSupport::Concern - - included do - before_action :require_authentication - helper_method :authenticated? - end - - class_methods do - def allow_unauthenticated_access(**options) - skip_before_action :require_authentication, **options - end - end - - private - def authenticated? - resume_session - end - - def require_authentication - resume_session || request_authentication - end - - - def resume_session - Current.session ||= find_session_by_cookie - end - - def find_session_by_cookie - Session.find_by(id: cookies.signed[:session_id]) - end - - - def request_authentication - session[:return_to_after_authenticating] = request.url - redirect_to new_session_path - end - - def after_authentication_url - session.delete(:return_to_after_authenticating) || root_url - end - - - def start_new_session_for(user) - user.sessions.create!(user_agent: request.user_agent, ip_address: request.remote_ip).tap do |session| - Current.session = session - cookies.signed.permanent[:session_id] = { value: session.id, httponly: true, same_site: :lax } - end - end - - def terminate_session - Current.session.destroy - cookies.delete(:session_id) - end -end diff --git a/app/controllers/passwords_controller.rb b/app/controllers/passwords_controller.rb deleted file mode 100644 index 0c4b4a8..0000000 --- a/app/controllers/passwords_controller.rb +++ /dev/null @@ -1,33 +0,0 @@ -class PasswordsController < ApplicationController - allow_unauthenticated_access - before_action :set_user_by_token, only: %i[ edit update ] - - def new - end - - def create - if user = User.find_by(email_address: params[:email_address]) - PasswordsMailer.reset(user).deliver_later - end - - redirect_to new_session_path, notice: "Password reset instructions sent (if user with that email address exists)." - end - - def edit - end - - def update - if @user.update(params.permit(:password, :password_confirmation)) - redirect_to new_session_path, notice: "Password has been reset." - else - redirect_to edit_password_path(params[:token]), alert: "Passwords did not match." - end - end - - private - def set_user_by_token - @user = User.find_by_password_reset_token!(params[:token]) - rescue ActiveSupport::MessageVerifier::InvalidSignature - redirect_to new_password_path, alert: "Password reset link is invalid or has expired." - end -end diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb deleted file mode 100644 index 9785c92..0000000 --- a/app/controllers/sessions_controller.rb +++ /dev/null @@ -1,21 +0,0 @@ -class SessionsController < ApplicationController - allow_unauthenticated_access only: %i[ new create ] - rate_limit to: 10, within: 3.minutes, only: :create, with: -> { redirect_to new_session_url, alert: "Try again later." } - - def new - end - - def create - if user = User.authenticate_by(params.permit(:email_address, :password)) - start_new_session_for user - redirect_to after_authentication_url - else - redirect_to new_session_path, alert: "Try another email address or password." - end - end - - def destroy - terminate_session - redirect_to new_session_path - end -end diff --git a/app/mailers/passwords_mailer.rb b/app/mailers/passwords_mailer.rb deleted file mode 100644 index 4f0ac7f..0000000 --- a/app/mailers/passwords_mailer.rb +++ /dev/null @@ -1,6 +0,0 @@ -class PasswordsMailer < ApplicationMailer - def reset(user) - @user = user - mail subject: "Reset your password", to: user.email_address - end -end diff --git a/app/models/current.rb b/app/models/current.rb deleted file mode 100644 index 2bef56d..0000000 --- a/app/models/current.rb +++ /dev/null @@ -1,4 +0,0 @@ -class Current < ActiveSupport::CurrentAttributes - attribute :session - delegate :user, to: :session, allow_nil: true -end diff --git a/app/models/session.rb b/app/models/session.rb deleted file mode 100644 index 688bbd3..0000000 --- a/app/models/session.rb +++ /dev/null @@ -1,22 +0,0 @@ -# == Schema Information -# -# Table name: sessions -# -# id :bigint not null, primary key -# ip_address :string -# user_agent :string -# created_at :datetime not null -# updated_at :datetime not null -# user_id :bigint not null -# -# Indexes -# -# index_sessions_on_user_id (user_id) -# -# Foreign Keys -# -# fk_rails_... (user_id => users.id) -# -class Session < ApplicationRecord - belongs_to :user -end diff --git a/app/models/user.rb b/app/models/user.rb deleted file mode 100644 index 6b2fd8a..0000000 --- a/app/models/user.rb +++ /dev/null @@ -1,20 +0,0 @@ -# == Schema Information -# -# Table name: users -# -# id :bigint not null, primary key -# email_address :string not null -# password_digest :string not null -# created_at :datetime not null -# updated_at :datetime not null -# -# Indexes -# -# index_users_on_email_address (email_address) UNIQUE -# -class User < ApplicationRecord - has_secure_password - has_many :sessions, dependent: :destroy - - normalizes :email_address, with: ->(e) { e.strip.downcase } -end diff --git a/app/views/passwords/edit.html.erb b/app/views/passwords/edit.html.erb deleted file mode 100644 index 9f0c87c..0000000 --- a/app/views/passwords/edit.html.erb +++ /dev/null @@ -1,9 +0,0 @@ -

Update your password

- -<%= tag.div(flash[:alert], style: "color:red") if flash[:alert] %> - -<%= form_with url: password_path(params[:token]), method: :put do |form| %> - <%= form.password_field :password, required: true, autocomplete: "new-password", placeholder: "Enter new password", maxlength: 72 %>
- <%= form.password_field :password_confirmation, required: true, autocomplete: "new-password", placeholder: "Repeat new password", maxlength: 72 %>
- <%= form.submit "Save" %> -<% end %> diff --git a/app/views/passwords/new.html.erb b/app/views/passwords/new.html.erb deleted file mode 100644 index 44efb2b..0000000 --- a/app/views/passwords/new.html.erb +++ /dev/null @@ -1,8 +0,0 @@ -

Forgot your password?

- -<%= tag.div(flash[:alert], style: "color:red") if flash[:alert] %> - -<%= form_with url: passwords_path do |form| %> - <%= form.email_field :email_address, required: true, autofocus: true, autocomplete: "username", placeholder: "Enter your email address", value: params[:email_address] %>
- <%= form.submit "Email reset instructions" %> -<% end %> diff --git a/app/views/passwords_mailer/reset.html.erb b/app/views/passwords_mailer/reset.html.erb deleted file mode 100644 index 4a06619..0000000 --- a/app/views/passwords_mailer/reset.html.erb +++ /dev/null @@ -1,4 +0,0 @@ -

- You can reset your password within the next 15 minutes on - <%= link_to "this password reset page", edit_password_url(@user.password_reset_token) %>. -

diff --git a/app/views/passwords_mailer/reset.text.erb b/app/views/passwords_mailer/reset.text.erb deleted file mode 100644 index 2cf03fc..0000000 --- a/app/views/passwords_mailer/reset.text.erb +++ /dev/null @@ -1,2 +0,0 @@ -You can reset your password within the next 15 minutes on this password reset page: -<%= edit_password_url(@user.password_reset_token) %> diff --git a/app/views/sessions/new.html.erb b/app/views/sessions/new.html.erb deleted file mode 100644 index ff641c4..0000000 --- a/app/views/sessions/new.html.erb +++ /dev/null @@ -1,11 +0,0 @@ -<%= tag.div(flash[:alert], style: "color:red") if flash[:alert] %> -<%= tag.div(flash[:notice], style: "color:green") if flash[:notice] %> - -<%= form_with url: session_path do |form| %> - <%= form.email_field :email_address, required: true, autofocus: true, autocomplete: "username", placeholder: "Enter your email address", value: params[:email_address] %>
- <%= form.password_field :password, required: true, autocomplete: "current-password", placeholder: "Enter your password", maxlength: 72 %>
- <%= form.submit "Sign in" %> -<% end %> -
- -<%= link_to "Forgot password?", new_password_path %> diff --git a/config/routes.rb b/config/routes.rb index 537876a..c9d7ee6 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -1,8 +1,6 @@ # Copyright (C) 2024 Manuel Bustillo Rails.application.routes.draw do - resource :session - resources :passwords, param: :token mount Rswag::Ui::Engine => '/api-docs' mount Rswag::Api::Engine => '/api-docs' resources :groups, only: :index diff --git a/db/migrate/20241118232609_create_users.rb b/db/migrate/20241118232609_create_users.rb deleted file mode 100644 index 2075edf..0000000 --- a/db/migrate/20241118232609_create_users.rb +++ /dev/null @@ -1,11 +0,0 @@ -class CreateUsers < ActiveRecord::Migration[8.0] - def change - create_table :users do |t| - t.string :email_address, null: false - t.string :password_digest, null: false - - t.timestamps - end - add_index :users, :email_address, unique: true - end -end diff --git a/db/migrate/20241118232618_create_sessions.rb b/db/migrate/20241118232618_create_sessions.rb deleted file mode 100644 index 8102f13..0000000 --- a/db/migrate/20241118232618_create_sessions.rb +++ /dev/null @@ -1,11 +0,0 @@ -class CreateSessions < ActiveRecord::Migration[8.0] - def change - create_table :sessions do |t| - t.references :user, null: false, foreign_key: true - t.string :ip_address - t.string :user_agent - - t.timestamps - end - end -end diff --git a/db/schema.rb b/db/schema.rb index 98095a5..c54ec05 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -1,3 +1,5 @@ +# Copyright (C) 2024 Manuel Bustillo + # This file is auto-generated from the current state of the database. Instead # of editing this file, please use the migrations feature of Active Record to # incrementally modify your database, and then regenerate this schema definition. @@ -10,7 +12,7 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema[8.0].define(version: 2024_11_18_232618) do +ActiveRecord::Schema[8.0].define(version: 2024_11_11_063741) do # These are extensions that must be enabled in order to support this database enable_extension "pg_catalog.plpgsql" @@ -58,15 +60,6 @@ ActiveRecord::Schema[8.0].define(version: 2024_11_18_232618) do t.index ["tables_arrangement_id"], name: "index_seats_on_tables_arrangement_id" end - create_table "sessions", force: :cascade do |t| - t.bigint "user_id", null: false - t.string "ip_address" - t.string "user_agent" - t.datetime "created_at", null: false - t.datetime "updated_at", null: false - t.index ["user_id"], name: "index_sessions_on_user_id" - end - create_table "solid_queue_blocked_executions", force: :cascade do |t| t.bigint "job_id", null: false t.string "queue_name", null: false @@ -195,19 +188,10 @@ ActiveRecord::Schema[8.0].define(version: 2024_11_18_232618) do t.string "name", null: false end - create_table "users", force: :cascade do |t| - t.string "email_address", null: false - t.string "password_digest", null: false - t.datetime "created_at", null: false - t.datetime "updated_at", null: false - t.index ["email_address"], name: "index_users_on_email_address", unique: true - end - add_foreign_key "groups", "groups", column: "parent_id" add_foreign_key "guests", "groups" add_foreign_key "seats", "guests" add_foreign_key "seats", "tables_arrangements", on_delete: :cascade - add_foreign_key "sessions", "users" add_foreign_key "solid_queue_blocked_executions", "solid_queue_jobs", column: "job_id", on_delete: :cascade add_foreign_key "solid_queue_claimed_executions", "solid_queue_jobs", column: "job_id", on_delete: :cascade add_foreign_key "solid_queue_failed_executions", "solid_queue_jobs", column: "job_id", on_delete: :cascade