implements passwordless login

disables omniauth due to conflicts with passwordless stuff

refs: #198118

Author: eug3nix

Diff for: Gemfile

@@ -39,6 +39,7 @@ gem 'rails-i18n', '~> 4.0.0'
 # as authentification framework
 gem 'devise',  '>= 4.8.0'
 gem 'devise_ichain_authenticatable'
+gem 'devise-passwordless'
 # prevent bot registrations
 gem "recaptcha", require: "recaptcha/rails"
 

Diff for: Gemfile.lock

@@ -239,6 +239,9 @@ GEM
       railties (>= 4.1.0)
       responders
       warden (~> 1.2.3)
+    devise-passwordless (1.0.3)
+      devise
+      globalid
     devise_ichain_authenticatable (0.3.1)
       devise (>= 2.2)
     diff-lcs (1.2.5)
@@ -327,7 +330,7 @@ GEM
       haml (>= 4.0.6, < 6.0)
       html2haml (>= 1.0.1)
       railties (>= 4.0.1)
-    hashie (4.1.0)
+    hashie (5.0.0)
     hightop (0.2.2)
       activesupport (>= 4.2)
     html2haml (2.2.0)
@@ -365,7 +368,7 @@ GEM
     json (2.5.1)
     json-schema (2.5.0)
       addressable (~> 2.3)
-    jwt (2.2.3)
+    jwt (2.7.0)
     launchy (2.4.2)
       addressable (~> 2.3)
     leaflet-rails (0.7.4)
@@ -444,13 +447,13 @@ GEM
       oauth2 (~> 1.1)
       omniauth (~> 2.0)
       omniauth-oauth2 (~> 1.7.1)
-    omniauth-oauth2 (1.7.1)
-      oauth2 (~> 1.4)
+    omniauth-oauth2 (1.7.3)
+      oauth2 (>= 1.4, < 3)
       omniauth (>= 1.9, < 3)
     omniauth-openid (2.0.1)
       omniauth (>= 1.0, < 3.0)
       rack-openid (~> 1.4.0)
-    omniauth-rails_csrf_protection (1.0.0)
+    omniauth-rails_csrf_protection (1.0.1)
       actionpack (>= 4.2)
       omniauth (~> 2.0)
     open4 (1.3.4)
@@ -499,7 +502,7 @@ GEM
     rack-openid (1.4.2)
       rack (>= 1.1.0)
       ruby-openid (>= 2.1.8)
-    rack-protection (2.1.0)
+    rack-protection (2.2.4)
       rack
     rack-test (0.6.3)
       rack (>= 1.0)
@@ -825,6 +828,7 @@ DEPENDENCIES
   database_cleaner
   delayed_job_active_record
   devise (>= 4.8.0)
+  devise-passwordless
   devise_ichain_authenticatable
   dotenv-rails
   exception_notification

Diff for: app/assets/stylesheets/newsite.css.scss

@@ -1,3 +1,6 @@
+@import "bootstrap/variables";
+@import "bootstrap/mixins";
+
 $light_background: #F3F3F3;
 $main_color: #001970;
 $background_color: #111e34;
@@ -306,6 +309,19 @@ a:focus {
         height: 63vh;
     }
 
+    .alert {
+        &-info {
+            @include alert-variant(rgba(0, 135, 255, 0.1), rgba($alert-info-border,.2), $color_central_blocks);
+            .close {
+                color: white;
+                opacity: .5;
+            }
+            .close:hover {
+                opacity: 1;
+            }
+        }
+    }
+
     .main-card {
         padding: 4vh;
         background: -webkit-linear-gradient($background);
@@ -469,13 +485,13 @@ a:focus {
 
 .cta-btn-other {
     background-color: $main_color;
-    color: $button_color;
+    color: $button_color !important;
     width: 100%;
     border: 2px solid $main_color;
     transition: 0.2s all linear 0s;
     &:hover, &:focus{
       background-color: transparent;
-      color: $main_color;
+      color: $main_color !important;
       transition: 0.2s all ease-in 0s;
     }
 }

Diff for: app/controllers/application_controller.rb

@@ -29,6 +29,7 @@ def store_location
         request.path != '/accounts/password/edit' &&
         request.path != '/accounts/confirmation' &&
         request.path != '/accounts/sign_out' &&
+        request.path != '/accounts/magic_link' &&
         request.path != '/users/ichain_registration/ichain_sign_up' &&
         !request.path.starts_with?(Devise.ichain_base_url) &&
         !request.xhr?) # don't store ajax calls
@@ -48,7 +49,7 @@ def after_sign_in_path_for(_resource)
   end
 
   def get_conferences
-    @conferences =Conference.all
+    @conferences = Conference.all
   end
 
   def current_ability

Diff for: app/models/user.rb

@@ -39,9 +39,9 @@ def by_conference(conference)
   if ENV['OSEM_ICHAIN_ENABLED'] == 'true'
     devise_modules += [ :ichain_authenticatable, :ichain_registerable, :omniauthable, omniauth_providers: [] ]
   else
-    devise_modules += [:database_authenticatable, :registerable,
+    devise_modules += [:database_authenticatable, :registerable, :magic_link_authenticatable,
                        :recoverable, :rememberable, :trackable, :validatable, :confirmable,
-                       :omniauthable, omniauth_providers: [:suse, :google, :facebook, :github] ]
+                       ]
   end
 
   devise(*devise_modules)

Diff for: app/views/devise/mailer/magic_link.html.erb

@@ -0,0 +1,7 @@
+<p>Hello <%= @resource.email %>!</p>
+
+<p>You can login to Postgres Conference using the link below:</p>
+
+<p><%= link_to "Log in to my account", magic_link_url(@resource, @scope_name => {login: @resource.email, token: @token, remember_me: @remember_me}) %></p>
+
+<p>Note that the link will expire in <%= Devise.passwordless_login_within.seconds/60 %> minutes.</p>          

Diff for: app/views/devise/registrations/edit.html.haml

@@ -30,7 +30,7 @@
           %h4
             To add an openID with a different email address to your account, sign in with your
             openID while logged in to PostgresConf
-          - if User.omniauth_providers.present?
+          - if User.try(:omniauth_providers).present?
             #openidlinks
               = render 'devise/shared/openid_links'
         = f.inputs name: 'Confirmation' do

Diff for: app/views/layouts/_navigation.html.haml

@@ -89,14 +89,41 @@
                   = password_field_tag 'password', nil, id: 'user_ichain_password_dd', placeholder: 'Password'
                   %button.btn.btn-success.btn-block Sign in
               - else
-                = form_tag new_user_session_path do
+                = form_tag new_user_session_path, id: 'login_form', style: 'display: none' do
                   = text_field_tag 'user[login]', nil, id: 'user_login_dd', placeholder: 'E-Mail'
                   = password_field_tag 'user[password]', nil, id: 'user_password_dd', placeholder: 'Password'
                   %p.text-right
                     %small
                       Remember me
                       = check_box_tag 'user[remember_me]'
                   %button.btn.btn-success.btn-block Sign in
+                  .divider
+                  %h6.text-center
+                    = link_to 'Sign in with email', '#', id: 'passwordless_toggle'
+
+                  - unless omniauth_configured.empty?
+                    .divider
+                    %h6.text-center
+                      or
+                    = render 'devise/shared/openid_links'
+                  %div.dropdown-footer.clearfix
+                    %a.small.btn.btn-xs.btn-default.pull-right{"data-toggle" => "collapse", "data-target" =>  "#navbar-devise-help"}
+                      Need Help?
+                  #navbar-devise-help.collapse
+                    = render 'devise/shared/links'
+                  %li.hidden-lg
+                    = link_to('Sign In', new_user_session_path)
+
+                = form_tag new_passwordless_user_session_path, id: 'passwordless_login_form' do
+                  = text_field_tag 'passwordless_user[email]', nil, id: 'user_login_dd', placeholder: 'E-Mail'
+                  %p.text-right
+                    %small
+                      Remember me
+                      = check_box_tag 'user[remember_me]'
+                  %button.btn.btn-success.btn-block Sign in
+                  .divider
+                  %h6.text-center
+                    = link_to 'Sign in with password', '#', id: 'password_toggle'
                   - unless omniauth_configured.empty?
                     .divider
                     %h6.text-center
@@ -195,4 +222,15 @@
         $('.navbar-collapse').scrollTop(9000)
       }
     })
+    $('#password_toggle').on('click', function(e) {
+      e.stopPropagation()
+      $('#login_form').show()
+      $('#passwordless_login_form').hide()
+    });
+    
+    $('#passwordless_toggle').on('click', function(e) {
+      e.stopPropagation()
+      $('#login_form').hide()
+      $('#passwordless_login_form').show()
+    });
   })

Diff for: app/views/layouts/websitenew.html.haml

@@ -17,6 +17,7 @@
             PgConf
           - else
             Postgres Conference
+
       .container-fluid
         .row
           - @meetups = Refinery::Meetups::Meetup.upcoming(10)
@@ -27,6 +28,13 @@
           - @top_card = @digital_events.first || @current.second
           - @bottom_card = @meetups.first || @current.third
           .col-md-10.col-md-offset-1
+            - flash.each do |type, message|
+              %div{:class=>"alert alert-dismissable #{bootstrap_class_for(type)}", :id=>"flash"}
+                .button.close{"data-dismiss" => "alert", "aria-hidden"=>"true"}
+                  ×
+                %p
+                  = message
+
             .row.wrapper-main-cards
               .col-md-7.col-sm-12.h-100
                 = render partial: "/refinery/conference_card_main", locals: { conference: @main_conference } if @main_conference
@@ -136,4 +144,16 @@
         let selector = $(event.target).data('scrolldown-target')
         //we cant scroll the invisible element immediately, the timeout is to ensure the element is visible and DOM is recalculated
         setTimeout(function(){$(selector)[0].scrollIntoView({behavior: "smooth", block: "start", inline: "nearest"})},10);
-      })
+      })
+
+      $('#password_toggle').on('click', function(e) {
+        e.stopPropagation()
+        $('#login_form').show()
+        $('#passwordless_login_form').hide()
+      });
+
+      $('#passwordless_toggle').on('click', function(e) {
+        e.stopPropagation()
+        $('#login_form').hide()
+        $('#passwordless_login_form').show()
+      });

Diff for: app/views/refinery/_header.html.haml

@@ -42,14 +42,38 @@
                   Sign in
                   %b.caret
                 .dropdown-menu.sign-in-form
-                  = form_tag main_app.new_user_session_path do
+                  = form_tag main_app.new_user_session_path, id: 'login_form', method: :post, style: 'display: none' do
                     %h2.text-center Sign in
                     .form-group
                       = text_field_tag 'user[login]', nil, id: 'user_login_dd', placeholder: 'E-Mail', class: 'form-control'
                     .form-group
                       = password_field_tag 'user[password]', nil, id: 'user_password_dd', placeholder: 'Password', class: 'form-control'
                     .form-group
-                      = button_to 'Log In', main_app.new_user_session_path, class: 'btn cta-btn-other uppercase bold'
+                      = link_to 'Sign In', '#', class: 'btn cta-btn-other uppercase bold', :onclick => "$('#login_form').submit()"
+
+                    .form-group.text-center.font-weight-normal
+                      = link_to 'Sign in with email', '#', id: 'passwordless_toggle'
+
+                    .form-group.text-center.font-weight-normal
+                      Don't have an account?
+                      = link_to 'Register', main_app.new_user_registration_path
+                    .clearfix
+                      %label.pull-left.checkbox-inline
+                        = check_box_tag 'user[remember_me]'
+                        Remember me
+                      %a.pull-right{"aria-expanded" => "true", "id" => "help_link", "data-target" => "#navbar-devise-help", "data-toggle" => "collapse", :href => "#"} Need help?
+                    #navbar-devise-help.collapse{"aria-expanded" => "true"}
+                      = render 'devise/shared/links'
+
+                  = form_tag main_app.new_passwordless_user_session_path, id: 'passwordless_login_form' do
+                    %h2.text-center Sign in
+                    .form-group
+                      = text_field_tag 'passwordless_user[email]', nil, id: 'passwordless_user_email_dd', placeholder: 'E-Mail', class: 'form-control'
+                    .form-group
+                      = link_to 'Sign In', '#', class: 'btn cta-btn-other uppercase bold', :onclick => "$('#passwordless_login_form').submit()"
+
+                    .form-group.text-center.font-weight-normal
+                      = link_to 'Sign in with password', '#', id: 'password_toggle'
 
                     .form-group.text-center.font-weight-normal
                       Don't have an account?

Diff for: config/application.rb

@@ -39,7 +39,7 @@ class Application < Rails::Application
     config.encoding = 'utf-8'
 
     # Configure sensitive parameters which will be filtered from the log file.
-    config.filter_parameters += [:password]
+    config.filter_parameters += [:password, :token]
 
     # Enable escaping HTML in JSON.
     config.active_support.escape_html_entities_in_json = true
@@ -69,4 +69,3 @@ class Application < Rails::Application
     config.exceptions_app = self.routes
   end
 end
-

Diff for: config/initializers/devise.rb

@@ -271,4 +271,29 @@
 
   # In test mode, force the following additional attributes
   # config.ichain_force_test_attributes = {:email => "[email protected]"}
+
+  # ==> Configuration for :magic_link_authenticatable
+
+  # Need to use a custom Devise mailer in order to send magic links.
+  # If you're already using a custom mailer just have it inherit from
+  # Devise::Passwordless::Mailer instead of Devise::Mailer
+  config.mailer = "Devise::Passwordless::Mailer"
+
+  # Which algorithm to use for tokenizing magic links. See README for descriptions
+  config.passwordless_tokenizer = "SignedGlobalIDTokenizer"
+
+  # Time period after a magic login link is sent out that it will be valid for.
+  # config.passwordless_login_within = 20.minutes
+
+  # The secret key used to generate passwordless login tokens. The default value
+  # is nil, which means defer to Devise's `secret_key` config value. Changing this
+  # key will render invalid all existing passwordless login tokens. You can
+  # generate your own secret value with e.g. `rake secret`
+  # config.passwordless_secret_key = nil
+
+  # When using the :trackable module and MessageEncryptorTokenizer, set to true to
+  # consider magic link tokens generated before the user's current sign in time to
+  # be expired. In other words, each time you sign in, all existing magic links
+  # will be considered invalid.
+  # config.passwordless_expire_old_tokens_on_sign_in = false
 end

Diff for: config/locales/devise.en.yml

@@ -50,9 +50,19 @@ en:
       success: 'Successfully authenticated from %{kind} account.'
       failure: 'Could not authenticate you from %{kind} because "%{reason}".'
     mailer:
-      confirmation_instructions:
-        subject: 'Confirmation instructions'
-      reset_password_instructions:
-        subject: 'Reset password instructions'
-      unlock_instructions:
-        subject: 'Unlock Instructions'
+      magic_link:
+        user_subject: "Here's your USER magic login link ✨"
+        admin_subject: "Here's your ADMIN magic login link ✨"
+        subject: "Here's your magic login link ✨"
+    passwordless:
+      user:
+        not_found_in_database: "Could not find a USER for that email address"
+        magic_link_sent: "A USER login link has been sent to your email address. Please follow the link to log in to your account."
+        magic_link_sent_paranoid: "If your USER account exists, you will receive an email with a login link. Please follow the link to log in to your account."
+      admin:
+        not_found_in_database: "Could not find an ADMIN for that email address"
+        magic_link_sent: "An ADMIN login link has been sent to your email address. Please follow the link to log in to your account."
+        magic_link_sent_paranoid: "If your ADMIN account exists, you will receive an email with a login link. Please follow the link to log in to your account."
+      not_found_in_database: "Could not find a user for that email address"
+      magic_link_sent: "A login link has been sent to your email address. Please follow the link to log in to your account."
+      magic_link_sent_paranoid: "If your account exists, you will receive an email with a login link. Please follow the link to log in to your account."

Diff for: config/routes.rb

@@ -6,8 +6,12 @@
     devise_for :users,
                controllers: {
                    registrations: :registrations, confirmations: :confirmations,
-                   omniauth_callbacks: 'users/omniauth_callbacks' },
+               },
                path: 'accounts'
+    namespace "passwordless" do
+      devise_for :users,
+        controllers: { sessions: "devise/passwordless/sessions" }
+    end
   end
 
   # Use letter_opener_web to open mails in browser (e.g. necessary for Vagrant)