Project

lockie

0.0
A long-lived project that still receives updates
lockiemelvinsembrano/lockieHomepageDocumentationSource CodeBug TrackerWiki
Drop in password and JWT token authentication for Ruby on Rails
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Popularity
Downloads
36,173
Stars
3
Forks
0
Watchers
2
 Releases
Current version
0.5.3
Total releases
25
First release
2019-02-26
Latest release
2023-10-23
 Pull Requests
Open Pull Requests
4
Closed Pull Requests
27
Merged Pull Requests
30
Pull Request Acceptance Rate
49%
 Development
Primary Language
Ruby
Licenses
MIT
Average date of last 50 commits
2021-08-05
Reverse Dependencies
0

 Dependencies

Development

bcrypt
~> 3.1.7
byebug
~> 11.1.3
sqlite3
~> 1.4.1

Runtime

jwt
~> 2.1
rails
>= 5.2
warden
~> 1.2
 Project Readme

Build Status Gem Version

Lockie

A drop-in, none assuming warden based Password and JWT authentication for Rails 5.2++

Installation

Add this line to your application's Gemfile:

gem 'lockie', '~> 0.5.3'

And then execute:

$ bundle

Usage

Add the following lines to your authenticaiton model e.g. User:

has_secure_password
include Lockie::ModelHelper

Add the following lines to your base controller e.g. ApplicationController:

include Lockie::ControllerHelper
before_action :authenticate!

That's it! All your controllers that inherits ApplicationController are now protected with Authorization token or with email and password.

Adding a session controller

Creating a session controller is simple as:

Session controller

class SessionController < ApplicationController
  skip_before_action :authenticate!, only: [:new]

  def new
    session[:callback_url] = params[:callback_url] if params[:callback_url]
  end
  
  def create    
    redirect_to session[:callback_url] || root_url
  end

  def destroy
    logout
    redirect_to login_url
  end
end

routes.rb

get 'login' => 'session#new'
post 'login' => 'session#create'
get 'logout' => 'session#destroy'

session/new.html.erb view:

<%= form_tag(login_url) do -%>
  <%= email_field_tag 'email' %>
  <%= password_field_tag 'password' %>
  <%= submit_tag "Login" %>
<% end -%>

Configuration

config/initializers/lockie.rb

Lockie.configure do |c|
  c.jwt_secret = ENV.fetch("JWT_SECRET") { "i-am-jwt-secret" }
  c.model_name = "Account" # default to 'User'
  c.unauthenticated_path = "/some/login/path" # default to '/login'
  c.hash_algorithm = "HS512" # default to 'HS256'
  c.session_timeout = 14.days
  
  # add custom warden strategy, default strategies and priority are [:email_password, :jwt]
  c.default_strategies = [:auth0, :jwt]
  
  # set custom session serializer
  c.serializer_to_session = proc {|u| u.id }
  c.serializer_from_session = proc {|id| User.find(id) }
  
  # set custom scopes
  c.scopes = [
    [:api, { store: false, strategies: [:jwt]}],
    [:web, { store: true, strategies: [:email_password]}],
    [:admin, { store: true, strategies: [:email_password], unauthenticated_path: "/login-admin" }]
  ]
end

Testing

Using Warden::Test::Helpers https://github.com/wardencommunity/warden/wiki/testing testing is simple and straight forward

include Warden::Test::Helpers

setup do
  @user = users(:one)
  login_as @user
  
end
teardown { Warden.test_reset! }

Testing JSON Api with token

get articles_url(format: :json), headers: {
  Authorization: "Bearer #{ @user.create_token }"
}

Contributing

Contribution directions go here.

License

The gem is available as open source under the terms of the MIT License.