Skip to content

leemour/hanami_id

Repository files navigation

HanamiId

Authentication solution for Hanami framework. Based on Warden and Bcrypt.

HanamiId tries to be a plug-n-play solution like Devise is for Rails. But instead of magic intervention, it generates a separate app with controllers, views, templates full of working code that you can easily change to your liking.
HanamiId doesn't monkey patch anything, doesn't mess with your app configuration and acts completely isolated.

Status

Build Status Gem Known Vulnerabilities Depfu Codacy Badge License: MIT Test Coverage Maintainability

Installation

Add these lines to your application's Gemfile:

gem "hanami_id"

group :plugins do
  gem "hanami_id-generators"
end

And then execute:

$ bundle

Run generator:

$ hanami g auth --app auth --model user --modules=sessions,registrations --mode project

Use --help to see all available options and defaults. They are:

  • --app
  • --model
  • --modules
  • --locale
  • --id_type
  • --login_column
  • --password_column

The above command is using Hanami CLI under the hood and will generate an application with all controller actions, views, templates in apps folder. As well as entity, repository and interactors in lib fodler. All relevant specs are coming soon (RSpec, Capybara).

All available modules are:

  • sessions
  • registrations
  • passwords
  • confirmations
  • unlocks

Currently working modules are sessions and registrations only. Other modules' files are generated but functionality is either not implemented or not supported by mailers (mailing is to be added very soon).

During generation, when project mode is used, the authentication helpers, I18n and Warden are instlled project-wide in /config/environment.rb. When standalone mode is used, they are installed only inside the authentication app e.g. apps/auth/application.rb. If you need to add authentication to selected few apps, you can do it manually. Automatic handling of selected option is in coming soon.

Usage

The gem provides several helpers:

  • authenticate_<model>!
  • authenticate_<model>
  • current_<model>
  • <model>_signed_in?

Use authenticate_<model>! method to fail if authentications fails and authenticate_<model> to proceed to normal application workflow even if authentication fails.

current_<model> method is nil if no user is authenticated otherwise it represents the authenticated user.

Use <model>_signed_in? to check if user is authenticated.

In case of standalone installation, auth app will be completely isolated and HanamiId will not be injected in other apps code. For authenication usage in a specific app add Warden Rack middleware to that app:

# apps/web/application.rb
module Web
  class Application < Hanami::Application
    configure do
      # ...
      sessions :cookie, secret: ENV["WEB_SESSIONS_SECRET"]
      include HanamiId::Warden::AppHelper
    end
  end
end

To use authentication in all controller actions of an app do:

# apps/web/application.rb
module Auth
  class Application < Hanami::Application
    configure do
      controller.prepare do
        before :authenticate_user!
      end
    end
  end
end

To force authentication inside a controller action use:

# apps/web/controllers/dashboard/show.rb
module Web
  module Controllers
    module Dashboard
      class Show
        before :authenticate_user!

        def call(params)
          # ...
        end
      end
    end
  end
end

Development

After checking out the repo, run bin/setup to install dependencies. Then, run rake spec to run the tests. You can also run bin/console for an interactive prompt that will allow you to experiment.

To install this gem onto your local machine, run bundle exec rake install. To release a new version, update the version number in version.rb, and then run bundle exec rake release, which will create a git tag for the version, push git commits and tags, and push the .gem file to rubygems.org.

Contributing

Bug reports and pull requests are welcome on GitHub at https://github.com/leemour/hanami_id. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the Contributor Covenant code of conduct.

Code of Conduct

Everyone interacting in the HanamiId project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the code of conduct.