class Locomotive::Steam::AuthService
Constants
- MIN_PASSWORD_LENGTH
- RESET_TOKEN_LIFETIME
Public Instance Methods
find_authenticated_resource(type, id)
click to toggle source
# File lib/locomotive/steam/services/auth_service.rb, line 11 def find_authenticated_resource(type, id) entries.find(type, id) end
forgot_password(options, context)
click to toggle source
options is an instance of the AuthOptions class
# File lib/locomotive/steam/services/auth_service.rb, line 54 def forgot_password(options, context) entry = entries.all(options.type, options.id_field => options.id).first if entry.nil? :"wrong_#{options.id_field}" else entries.update_decorated_entry(entry, { '_auth_reset_token' => SecureRandom.hex, '_auth_reset_sent_at' => Time.zone.now.iso8601 }) context['reset_password_url'] = options.reset_password_url + '?auth_reset_token=' + entry['_auth_reset_token'] context[options.type.singularize] = entry send_reset_password_instructions(options, context) :"reset_#{options.password_field}_instructions_sent" end end
notify(action, entry, request)
click to toggle source
# File lib/locomotive/steam/services/auth_service.rb, line 99 def notify(action, entry, request) ActiveSupport::Notifications.instrument("steam.auth.#{action}", site: site, entry: entry, locale: entries.locale, request: request ) end
reset_password(options, request)
click to toggle source
# File lib/locomotive/steam/services/auth_service.rb, line 74 def reset_password(options, request) return :invalid_token if options.reset_token.blank? return :password_too_short if options.password.to_s.size < MIN_PASSWORD_LENGTH entry = entries.all(options.type, '_auth_reset_token' => options.reset_token).first if entry sent_at = Time.parse(entry[:_auth_reset_sent_at]).to_i now = Time.zone.now.to_i - RESET_TOKEN_LIFETIME if sent_at >= now entries.update_decorated_entry(entry, { "#{options.password_field}_hash" => BCrypt::Password.create(options.password), '_auth_reset_token' => nil, '_auth_reset_sent_at' => nil }) notify(:reset_password, entry, request) return [:"#{options.password_field}_reset", entry] end end :invalid_token end
sign_in(options, request)
click to toggle source
# File lib/locomotive/steam/services/auth_service.rb, line 30 def sign_in(options, request) entry = entries.all(options.type, options.id_field => options.id).first if entry && (entry.send(options.password_field).present?) hashed_password = entry[:"#{options.password_field}_hash"] password = ::BCrypt::Engine.hash_secret(options.password, entry.send(options.password_field).try(:salt)) same_password = secure_compare(password, hashed_password) if same_password notify(:signed_in, entry, request) return [:signed_in, entry] end end :wrong_credentials end
sign_out(entry, request)
click to toggle source
# File lib/locomotive/steam/services/auth_service.rb, line 47 def sign_out(entry, request) notify(:signed_out, entry, request) :signed_out end
sign_up(options, context, request = nil)
click to toggle source
# File lib/locomotive/steam/services/auth_service.rb, line 15 def sign_up(options, context, request = nil) entry = entries.create(options.type, options.entry) do |_entry| _entry.extend(ContentEntryAuth) _entry[:_password_field] = options.password_field.to_sym end if entry.errors.empty? notify(:signed_up, entry, request) context[options.type.singularize] = entry send_welcome_email(options, context) end [entry.errors.empty? ? :entry_created : :invalid_entry, entry] end
Private Instance Methods
secure_compare(a, b)
click to toggle source
github.com/plataformatec/devise/blob/88724e10adaf9ffd1d8dbfbaadda2b9d40de756a/lib/devise.rb#L485
# File lib/locomotive/steam/services/auth_service.rb, line 141 def secure_compare(a, b) return false if a.blank? || b.blank? || a.bytesize != b.bytesize l = a.unpack "C#{a.bytesize}" res = 0 b.each_byte { |byte| res |= byte ^ l.shift } res == 0 end
send_email(options, context, default_body)
click to toggle source
# File lib/locomotive/steam/services/auth_service.rb, line 128 def send_email(options, context, default_body) email_options = { from: options.from, to: options.id, subject: options.subject, smtp: options.smtp } if options.email_handle email_options[:page_handle] = options.email_handle else email_options[:body] = default_body end email_service.send_email(email_options, context) end
send_reset_password_instructions(options, context)
click to toggle source
# File lib/locomotive/steam/services/auth_service.rb, line 120 def send_reset_password_instructions(options, context) send_email options, context, <<-EMAIL Hi, To reset your password please follow the link below: #{context['reset_password_url']}. Thanks! EMAIL end
send_welcome_email(options, context)
click to toggle source
# File lib/locomotive/steam/services/auth_service.rb, line 110 def send_welcome_email(options, context) return if options.disable_email send_email options, context, <<-EMAIL Hi, You've been successfully registered. Thanks! EMAIL end