search

amberframework / amber

A Crystal web framework that makes building applications fast, simple, and enjoyable. Get started with quick prototyping, less bugs, and blazing fast performance.
https://amberframework.org
MIT License
2.58k stars 206 forks source link

[CLI] [Auth] Authentication generator improvements #580

Open gabrielengel opened 6 years ago

gabrielengel commented 6 years ago

Description

Based on Devise behaviors, I think we should offer something practical on the authentication generator. How about including capacity to:

  1. Block Signups (non-REGISTERABLE);
  2. Recover account when passwords forgotten (RECOVERABLE);
  3. Force user to confirm e-mail (EMAIL_CONFIRMABLE);
  4. User to be locked out permanently or based on failed login attempts (LOCKABLE)

Expected behavior: when we generate authentication for the amber app, we will have this functionalities enabled by default (coming from templates). If the developer doesn't need them, he can turn a constant to false on the User model. 

class User < Granite::ORM::Base
  REGISTERABLE      = true # Can create new account
  RECOVERABLE       = true # Can ask for forgotten password and update password
  EMAIL_CONFIRMABLE = true # Must confirm e-mail
  LOCKABLE          = true # Can be admin-locked (locked boolean)

Actual behavior: changes 2,3 and 4 involve sending an e-mail to the user for recobering, confirming or unlocking his account and an extra screen/interface to confirm success or failure on doing so. Change 1 will be the block of RegistrationsController.

gabrielengel commented 6 years ago

For the registry, other Devise implementations are:

:timeoutable
:omniauthable
:database_authenticatable
:rememberable
:trackable
:validatable
eliasjpr commented 6 years ago

@gabrielengel I think is a great candidate to move the Auth generator to its own shard Amber::Auth and figure a way to plug it in to amber generators.

marksiemers commented 6 years ago

@eliasjpr - I think @faustinoaq had some thoughts on designing a plugin system for the CLI.

faustinoaq commented 6 years ago

@eliasjpr @marksiemers Yeah, I think this is a good use-case for an amber plugin system:

  1. Add amber_auth dependency:
development_dependencies:
    amber_auth:
      github: fulanitodetal/amber_auth
  1. Execute bin/plugin amber_auth or amber plugin amber_auth (see https://github.com/amberframework/amber/issues/573#issuecomment-360679860)
> amber plugin amber_auth --registerable --lockable # logs are just an example (not real yet)
Compiling amber_auth plugin. This should only happen once...
Fetching dependencies...
Installing dependencies...
Building: amber_auth
Executing: bin/plugins/amber_auth --registerable --lockable
04:42:35 Generate   | (INFO) Rendering amber_auth template...
04:42:35 Generate   | (INFO) new       db/migrations/20180123164235353_create_amber_auth.sql
04:42:35 Generate   | (INFO) new       src/models/amber_auth.cr
04:42:35 Generate   | (INFO) new       spec/models/amber_auth_spec.cr
04:42:35 Generate   | (INFO) new       spec/models/spec_helper.cr
04:42:35 Generate   | (INFO) new       src/controllers/amber_auth_controller.cr
04:42:35 Generate   | (INFO) new       spec/controllers/amber_auth_controller_spec.cr
04:42:35 Generate   | (INFO) new       spec/controllers/spec_helper.cr
04:42:35 Generate   | (INFO) new       src/views/amber_auth/show.slang
04:42:35 Generate   | (INFO) new       src/views/amber_auth/new.slang
04:42:35 Generate   | (INFO) new       src/views/amber_auth/index.slang
04:42:35 Generate   | (INFO) new       src/views/amber_auth/edit.slang
04:42:35 Generate   | (INFO) new       src/views/amber_auth/_form.slang
04:42:35 Generate   | (INFO) rewritten src/views/layouts/_nav.slang
> amber plugin amber_auth -v
Useful Authentication Template for Amber Framework (v0.1.0)

@robacarp WDYT? ^

marksiemers commented 6 years ago

I think auth would be a good first candidate to move out. It is a little heavy on code to be built into amber directly, and it will likely only grow.

faustinoaq commented 6 years ago

I think we can omit amber plugin subcommand, it's not necessary at all, please see: https://github.com/amberframework/amber/issues/573#issuecomment-362360783

amber-auth could be based on amber-saludo example

faustinoaq commented 6 years ago

Also I think we can move other things out of amber:

Maybe we can keep "blessed shards" like:

WDYT?

eliasjpr commented 6 years ago

@gabrielengel would you like to move this into its own Amber::Auth shard?

eliasjpr commented 6 years ago

@gabrielengel @faustinoaq @robacarp I think that soon there will be support for recipes this Authentication generator should be move to a recipe. See https://github.com/amberframework/amber/pull/728

damianham commented 6 years ago

At the moment the recipes generator does not re-implement the Auth generator. However if we add a plugin type generator to recipes then anything could be generated. Also we could allow plugin recipes to come from a plugins folder in the recipes repo so the path to an auth plugin could be amberframework/recipes/plugins/auth.zip in addition to or instead of a path to a recipe in a contributors folder.

Also I always thought that we could have some folders in the recipes repo for certain flavours e.g. react, angular, ionic, bootstrap, foundation, material-design, react-native, mobile etc. I am working on a react recipe at the moment as that is what I want to use to generate my apps, but there are many ways to build react apps. Having the recipes in folders based on their flavour of front-end design might make finding the recipe they want easier for the user.

faustinoaq commented 6 years ago

@damianham That sounds great!

I guess after merging recipe feature we can cleanup many things in amber new generator, see: https://github.com/amberframework/amber/issues/693

drujensen commented 5 years ago

1009 is the first step to allow us to create your own generator shard