module Authentic

Overview

Module for handling authentication

Configuration

Authentic uses Habitat for configuration.

Here's how to set it up:

# Most of this is set up for you when you generate a new Lucky project.
# This is usually in config/authentic.cr
Authentic.configure do |settings|
  # Required: You must set a secret key for encrypting password reset tokens
  # Hint: generate a key with: Random::Secure.base64(32)
  settings.secret_key = "32 character long secret"

  # Optional: `encryption_cost` defaults to `Crypto::Bcrypt::DEFAULT_COST`
  # For faster tests set to 4 (the lowest allowed cost).
  # Make sure to use `Crypto::Bcrypt::DEFAULT_COST` in production
  settings.encryption_cost = 1

  # Optional: `default_password_reset_time_limit` defaults to 15.minutes
  settings.default_password_reset_time_limit = 1.day

  # Optional: The session key used during sign in/out. Default id `user_id`
  settings.sign_in_key = "admin_code"
end

Included Modules

Defined in:

authentic.cr
authentic/action_helpers.cr
authentic/version.cr

Constant Summary

HABITAT_SETTINGS = [{decl: encryption_cost : Int32 = Crypto::Bcrypt::DEFAULT_COST, example: nil, validation: nil}, {decl: default_password_reset_time_limit : Time::Span = 15.minutes, example: nil, validation: nil}, {decl: secret_key : String, example: nil, validation: :validate_length}, {decl: sign_in_key : String = "user_id", example: "user_id", validation: nil}] of Nil
VERSION = "1.0.0"

Class Method Summary

Instance Method Summary

Class Method Detail

def self.configure(&) #

[View source]
def self.copy_and_encrypt(from password_field : Avram::Attribute | Avram::PermittedAttribute, to encrypted_password_field : Avram::Attribute | Avram::PermittedAttribute) : Nil #

Encrypts a form password

class SignUpUser < User::SaveOperation
  attribute password : String

  before_save encrypt_password

  def encrypt_password
    # Encrypt the `password` and copy the value to the `encrypted_password` field
    Authentic.copy_and_encrypt password, to: encrypted_password
  end
end

[View source]
def self.correct_password?(authenticatable : Authentic::PasswordAuthenticatable, password_value : String) : Bool #

Checks whether the password is correct

user = UserQuery.first
Authentic.correct_password?(user, "my-password")

[View source]
def self.generate_encrypted_password(password_value : String, encryptor = Crypto::Bcrypt::Password) : String #

Generates a encrypted password from a password string

By default it uses Bcrypt to encrypt the password.


[View source]
def self.generate_password_reset_token(authenticatable : Authentic::PasswordAuthenticatable, expires_in : Time::Span = Authentic.settings.default_password_reset_time_limit) : String #

Generates a password reset token


[View source]
def self.redirect_to_originally_requested_path(action : Lucky::Action, fallback : Lucky::Action.class | Lucky::RouteHelper) : Lucky::Response #

After successful sign in, call this to redirect back to the originally request path

First call Authentic.remember_requested_path if the user is not signed in. Then call this to redirect them. A fallback action is required. The fallback action will be used if user was not trying to access a protected page before sign in.


[View source]
def self.remember_requested_path(action : Lucky::Action) : Nil #

Remember the originally requested path if it is a GET

Call this if the user requested an action that requires sign in. It will remember the path they requested if it is a get.

Once the user signs in call Authentic.redirect_to_originally_requested_path to redirect them back.


[View source]
def self.settings #

[View source]
def self.valid_password_reset_token?(authenticatable : Authentic::PasswordAuthenticatable, token : String) : Bool #

Checks that the given reset token is valid

A token is valid if the id matches the authenticatable and the token is not expired.

To generate a token see Authentic.generate_password_reset_token


[View source]
def self.validate_length(value : String) #

[View source]

Instance Method Detail

def settings #

[View source]