amber [CLI] [Auth] Authentication generator improvements

Description

Based on Devise behaviors, I think we should offer something practical on the authentication generator. How about including capacity to:

Block Signups (non-REGISTERABLE);
Recover account when passwords forgotten (RECOVERABLE);
Force user to confirm e-mail (EMAIL_CONFIRMABLE);
User to be locked out permanently or based on failed login attempts (LOCKABLE)

Expected behavior: when we generate authentication for the amber app, we will have this functionalities enabled by default (coming from templates). If the developer doesn't need them, he can turn a constant to false on the User model.

class User < Granite::ORM::Base
  REGISTERABLE      = true # Can create new account
  RECOVERABLE       = true # Can ask for forgotten password and update password
  EMAIL_CONFIRMABLE = true # Must confirm e-mail
  LOCKABLE          = true # Can be admin-locked (locked boolean)

Actual behavior: changes 2,3 and 4 involve sending an e-mail to the user for recobering, confirming or unlocking his account and an extra screen/interface to confirm success or failure on doing so. Change 1 will be the block of RegistrationsController.

Jan 25 '18 17:01 gabrielengel

For the registry, other Devise implementations are:

:timeoutable
:omniauthable
:database_authenticatable
:rememberable
:trackable
:validatable

Jan 25 '18 17:01 gabrielengel

@gabrielengel I think is a great candidate to move the Auth generator to its own shard Amber::Auth and figure a way to plug it in to amber generators.

Jan 26 '18 16:01 eliasjpr

@eliasjpr - I think @faustinoaq had some thoughts on designing a plugin system for the CLI.

Jan 31 '18 17:01 marksiemers

@eliasjpr @marksiemers Yeah, I think this is a good use-case for an amber plugin system:

Add amber_auth dependency:

development_dependencies:
    amber_auth:
      github: fulanitodetal/amber_auth

Execute bin/plugin amber_auth or amber plugin amber_auth (see https://github.com/amberframework/amber/issues/573#issuecomment-360679860)

> amber plugin amber_auth --registerable --lockable # logs are just an example (not real yet)
Compiling amber_auth plugin. This should only happen once...
Fetching dependencies...
Installing dependencies...
Building: amber_auth
Executing: bin/plugins/amber_auth --registerable --lockable
04:42:35 Generate   | (INFO) Rendering amber_auth template...
04:42:35 Generate   | (INFO) new       db/migrations/20180123164235353_create_amber_auth.sql
04:42:35 Generate   | (INFO) new       src/models/amber_auth.cr
04:42:35 Generate   | (INFO) new       spec/models/amber_auth_spec.cr
04:42:35 Generate   | (INFO) new       spec/models/spec_helper.cr
04:42:35 Generate   | (INFO) new       src/controllers/amber_auth_controller.cr
04:42:35 Generate   | (INFO) new       spec/controllers/amber_auth_controller_spec.cr
04:42:35 Generate   | (INFO) new       spec/controllers/spec_helper.cr
04:42:35 Generate   | (INFO) new       src/views/amber_auth/show.slang
04:42:35 Generate   | (INFO) new       src/views/amber_auth/new.slang
04:42:35 Generate   | (INFO) new       src/views/amber_auth/index.slang
04:42:35 Generate   | (INFO) new       src/views/amber_auth/edit.slang
04:42:35 Generate   | (INFO) new       src/views/amber_auth/_form.slang
04:42:35 Generate   | (INFO) rewritten src/views/layouts/_nav.slang
> amber plugin amber_auth -v
Useful Authentication Template for Amber Framework (v0.1.0)

@robacarp WDYT? ^

Jan 31 '18 17:01 faustinoaq

I think auth would be a good first candidate to move out. It is a little heavy on code to be built into amber directly, and it will likely only grow.

Feb 01 '18 18:02 marksiemers

I think we can omit amber plugin subcommand, it's not necessary at all, please see: https://github.com/amberframework/amber/issues/573#issuecomment-362360783

amber-auth could be based on amber-saludo example

Feb 01 '18 18:02 faustinoaq

Also I think we can move other things out of amber:

Maybe we can keep "blessed shards" like:

amber-granite
amber-crecto
amber-lucky-record
amber-admin
amber-dashboard
amber-auth
amber-error

WDYT?

Feb 01 '18 18:02 faustinoaq

@gabrielengel would you like to move this into its own Amber::Auth shard?

Feb 09 '18 16:02 eliasjpr

@gabrielengel @faustinoaq @robacarp I think that soon there will be support for recipes this Authentication generator should be move to a recipe. See https://github.com/amberframework/amber/pull/728

Apr 06 '18 21:04 eliasjpr

At the moment the recipes generator does not re-implement the Auth generator. However if we add a plugin type generator to recipes then anything could be generated. Also we could allow plugin recipes to come from a plugins folder in the recipes repo so the path to an auth plugin could be amberframework/recipes/plugins/auth.zip in addition to or instead of a path to a recipe in a contributors folder.

Also I always thought that we could have some folders in the recipes repo for certain flavours e.g. react, angular, ionic, bootstrap, foundation, material-design, react-native, mobile etc. I am working on a react recipe at the moment as that is what I want to use to generate my apps, but there are many ways to build react apps. Having the recipes in folders based on their flavour of front-end design might make finding the recipe they want easier for the user.

Apr 07 '18 06:04 damianham

@damianham That sounds great!

I guess after merging recipe feature we can cleanup many things in amber new generator, see: https://github.com/amberframework/amber/issues/693

Apr 07 '18 12:04 faustinoaq

#1009 is the first step to allow us to create your own generator shard

Dec 30 '18 04:12 drujensen

amber amber copied to clipboard

[CLI] [Auth] Authentication generator improvements

Description

amber
amber copied to clipboard