[CLI] [Auth] Authentication generator improvements

[gabrielengel]

Description

Based on Devise behaviors, I think we should offer something practical on the authentication generator. How about including capacity to:

1. Block Signups (non-REGISTERABLE);
2. Recover account when passwords forgotten (RECOVERABLE);
3. Force user to confirm e-mail (EMAIL_CONFIRMABLE);
4. User to be locked out permanently or based on failed login attempts (LOCKABLE)

Expected behavior: when we generate authentication for the amber app, we will have this functionalities enabled by default (coming from templates). If the developer doesn't need them, he can turn a constant to false on the User model.

class User < Granite::ORM::Base
  REGISTERABLE      = true # Can create new account
  RECOVERABLE       = true # Can ask for forgotten password and update password
  EMAIL_CONFIRMABLE = true # Must confirm e-mail
  LOCKABLE          = true # Can be admin-locked (locked boolean)

Actual behavior: changes 2,3 and 4 involve sending an e-mail to the user for recobering, confirming or unlocking his account and an extra screen/interface to confirm success or failure on doing so. Change 1 will be the block of RegistrationsController.

[gabrielengel]

For the registry, other Devise implementations are:

:timeoutable
:omniauthable
:database_authenticatable
:rememberable
:trackable
:validatable

[eliasjpr]

@gabrielengel I think is a great candidate to move the Auth generator to its own shard Amber::Auth and figure a way to plug it in to amber generators.

[marksiemers]

@eliasjpr - I think @faustinoaq had some thoughts on designing a plugin system for the CLI.

[faustinoaq]

@eliasjpr @marksiemers Yeah, I think this is a good use-case for an amber plugin system:

1. Add amber_auth dependency:

development_dependencies:
    amber_auth:
      github: fulanitodetal/amber_auth

2. Execute bin/plugin amber_auth or amber plugin amber_auth (see https://github.com/amberframework/amber/issues/573#issuecomment-360679860)

> amber plugin amber_auth --registerable --lockable # logs are just an example (not real yet)
Compiling amber_auth plugin. This should only happen once...
Fetching dependencies...
Installing dependencies...
Building: amber_auth
Executing: bin/plugins/amber_auth --registerable --lockable
04:42:35 Generate   | (INFO) Rendering amber_auth template...
04:42:35 Generate   | (INFO) new       db/migrations/20180123164235353_create_amber_auth.sql
04:42:35 Generate   | (INFO) new       src/models/amber_auth.cr
04:42:35 Generate   | (INFO) new       spec/models/amber_auth_spec.cr
04:42:35 Generate   | (INFO) new       spec/models/spec_helper.cr
04:42:35 Generate   | (INFO) new       src/controllers/amber_auth_controller.cr
04:42:35 Generate   | (INFO) new       spec/controllers/amber_auth_controller_spec.cr
04:42:35 Generate   | (INFO) new       spec/controllers/spec_helper.cr
04:42:35 Generate   | (INFO) new       src/views/amber_auth/show.slang
04:42:35 Generate   | (INFO) new       src/views/amber_auth/new.slang
04:42:35 Generate   | (INFO) new       src/views/amber_auth/index.slang
04:42:35 Generate   | (INFO) new       src/views/amber_auth/edit.slang
04:42:35 Generate   | (INFO) new       src/views/amber_auth/_form.slang
04:42:35 Generate   | (INFO) rewritten src/views/layouts/_nav.slang
> amber plugin amber_auth -v
Useful Authentication Template for Amber Framework (v0.1.0)

@robacarp WDYT? ^

[marksiemers]

I think auth would be a good first candidate to move out. It is a little heavy on code to be built into amber directly, and it will likely only grow.

[faustinoaq]

I think we can omit amber plugin subcommand, it's not necessary at all, please see: https://github.com/amberframework/amber/issues/573#issuecomment-362360783

amber-auth could be based on amber-saludo example

[faustinoaq]

Also I think we can move other things out of amber:

Maybe we can keep "blessed shards" like:

• amber-granite
• amber-crecto
• amber-lucky-record
• amber-admin
• amber-dashboard
• amber-auth
• amber-error

WDYT?

[eliasjpr]

@gabrielengel would you like to move this into its own Amber::Auth shard?

[eliasjpr]

@gabrielengel @faustinoaq @robacarp I think that soon there will be support for recipes this Authentication generator should be move to a recipe. See https://github.com/amberframework/amber/pull/728

[damianham]

At the moment the recipes generator does not re-implement the Auth generator. However if we add a plugin type generator to recipes then anything could be generated. Also we could allow plugin recipes to come from a plugins folder in the recipes repo so the path to an auth plugin could be amberframework/recipes/plugins/auth.zip in addition to or instead of a path to a recipe in a contributors folder.

Also I always thought that we could have some folders in the recipes repo for certain flavours e.g. react, angular, ionic, bootstrap, foundation, material-design, react-native, mobile etc. I am working on a react recipe at the moment as that is what I want to use to generate my apps, but there are many ways to build react apps. Having the recipes in folders based on their flavour of front-end design might make finding the recipe they want easier for the user.

[faustinoaq]

@damianham That sounds great!

I guess after merging recipe feature we can cleanup many things in amber new generator, see: https://github.com/amberframework/amber/issues/693

[drujensen]

#1009 is the first step to allow us to create your own generator shard