module Authentic

Overview

Module for handling authentication

Configuration

Authentic uses Habitat for configuration.

Here's how to set it up:

# Most of this is set up for you when you generate a new Lucky project.
# This is usually in config/authentic.cr
Authentic.configure do |settings|
  # Required: You must set a secret key for encrypting password reset tokens
  # Hint: generate a key with: Random::Secure.base64(32)
  settings.secret_key = "32 character long secret"

  # Optional: `encryption_cost` defaults to `Crypto::Bcrypt::DEFAULT_COST`
  # For faster tests set to 4 (the lowest allowed cost).
  # Make sure to use `Crypto::Bcrypt::DEFAULT_COST` in production
  settings.encryption_cost = 1

  # Optional: `default_password_reset_time_limit` defaults to 15.minutes
  settings.default_password_reset_time_limit = 1.day
end

Included Modules

Defined in:

Constant Summary

HABITAT_SETTINGS = [{decl: encryption_cost : Int32 = Crypto::Bcrypt::DEFAULT_COST, example: nil, validation: nil}, {decl: default_password_reset_time_limit : Time::Span = 15.minutes, example: nil, validation: nil}, {decl: secret_key : String, example: nil, validation: nil}] of Nil
VERSION = "0.7.3"

Class Method Summary

Instance Method Summary

Class Method Detail

def self.configure(&) #

def self.copy_and_encrypt(from password_field : Avram::Attribute | Avram::PermittedAttribute, to encrypted_password_field : Avram::Attribute | Avram::PermittedAttribute) : Void #

Encrypts a form password

class SignUpUser < User::SaveOperation
  attribute password : String

  before_save encrypt_password

  def encrypt_password
    # Encrypt the `password` and copy the value to the `encrypted_password` field
    Authentic.copy_and_encrypt password, to: encrypted_password
  end
end

def self.correct_password?(authenticatable : Authentic::PasswordAuthenticatable, password_value : String) : Bool #

Checks whether the password is correct

user = UserQuery.first
Authentic.correct_password?(user, "my-password")

def self.generate_encrypted_password(password_value : String, encryptor = Crypto::Bcrypt::Password) : String #

Generates a encrypted password from a password string

By default it uses Bcrypt to encrypt the password.


def self.generate_password_reset_token(authenticatable : Authentic::PasswordAuthenticatable, expires_in : Time::Span = Authentic.settings.default_password_reset_time_limit) : String #

Generates a password reset token


def self.redirect_to_originally_requested_path(action : Lucky::Action, fallback : Lucky::Action.class | Lucky::RouteHelper) : Lucky::Response #

After successful sign in, call this to redirect back to the originally request path

First call Authentic.remember_requested_path if the user is not signed in. Then call this to redirect them. A fallback action is required. The fallback action will be used if user was not trying to access a protected page before sign in.


def self.remember_requested_path(action : Lucky::Action) : Void #

Remember the originally requested path if it is a GET

Call this if the user requested an action that requires sign in. It will remember the path they requested if it is a get.

Once the user signs in call Authentic.redirect_to_originally_requested_path to redirect them back.


def self.settings #

def self.valid_password_reset_token?(authenticatable : Authentic::PasswordAuthenticatable, token : String) : Bool #

Checks that the given reset token is valid

A token is valid if the id matches the authenticatable and the token is not expired.

To generate a token see Authentic.generate_password_reset_token


Instance Method Detail

def settings #