Empact-authlogic_rpx 1.1.2

data/lib/authlogic_rpx/helper.rb

@@ -0,0 +1,44 @@
+module AuthlogicRpx
+	module Helper
+
+		# helper to insert an embedded iframe RPX login
+		# takes options hash:
+		#   * <tt>app_name:</tt> name of the application (will be prepended to RPX domain and used in RPX dialogues)
+		#   * <tt>return_url:</tt> url for the RPX callback (e.g. user_sessions_url)
+		#   * <tt>add_rpx:</tt> if true, requests RPX callback to add to current session. Else runs normal authentication process (default)
+		#
+		# The options hash may include other options as supported by rpx_now (see http://github.com/grosser/rpx_now)
+		#
+		def rpx_embed(options = {})
+		  app_name = options.delete( :app_name )
+			token_url = build_token_url!( options )
+			RPXNow.embed_code(app_name, token_url, options )
+		end
+
+		# helper to insert a link to pop-up RPX login
+		# takes options hash:
+		#   * <tt>link_text:</tt> text to use in the link
+		#   * <tt>app_name:</tt> name of the application (will be prepended to RPX domain and used in RPX dialogues)
+		#   * <tt>return_url:</tt> url for the RPX callback (e.g. user_sessions_url)
+		#   * <tt>add_rpx:</tt> if true, requests RPX callback to add to current session. Else runs normal authentication process (default)
+		#   * <tt>unobtrusive:</tt> true/false; sets javascript style for link. Default: true
+		#
+		# The options hash may include other options as supported by rpx_now (see http://github.com/grosser/rpx_now)
+		#
+		def rpx_popup(options = {})
+			options = { :unobtrusive => true, :add_rpx => false }.merge( options )
+			app_name = options.delete( :app_name )
+			link_text = options.delete( :link_text )
+			token_url = build_token_url!( options ) 
+			RPXNow.popup_code( link_text, app_name,	token_url, options	)
+		end
+
+    private
+    
+    def build_token_url!( options )
+      options.delete( :return_url ) + '?' + (
+        { :authenticity_token => form_authenticity_token, :add_rpx => options.delete( :add_rpx ) }.collect { |n| "#{n[0]}=#{ u(n[1]) }" if n[1] }
+			).compact.join('&')
+    end
+	end
+end

data/lib/authlogic_rpx/rpx_identifier.rb

@@ -0,0 +1,5 @@
+class RPXIdentifier < ActiveRecord::Base
+	validates_presence_of :identifier
+	validates_uniqueness_of :identifier
+	validates_presence_of :user_id
+end

data/lib/authlogic_rpx/session.rb

@@ -0,0 +1,241 @@
+module AuthlogicRpx
+	# This module is responsible for adding all of the RPX goodness to the Authlogic::Session::Base class.
+	module Session
+		# Add a simple rpx_identifier attribute and some validations for the field.
+		def self.included(klass)
+			klass.class_eval do
+				extend Config
+				include Methods
+			end
+		end
+		
+		module Config
+
+			def find_by_rpx_identifier_method(value = nil)
+				rw_config(:find_by_rpx_identifier_method, value, :find_by_rpx_identifier)
+			end
+			alias_method :find_by_rpx_identifier_method=, :find_by_rpx_identifier_method
+
+			# Auto Register is enabled by default. 
+			# Add this in your Session object if you need to disable auto-registration via rpx
+			#
+			def auto_register(value=true)
+				auto_register_value(value)
+			end
+			def auto_register_value(value=nil)
+				rw_config(:auto_register,value,true)
+			end      
+			alias_method :auto_register=,:auto_register
+
+			# Add this in your Session object to set the RPX API key 
+			# RPX won't work without the API key. Set it here if not already set in your app configuration.
+			#
+			def rpx_key(value=nil)
+				rpx_key_value(value)
+			end
+			def rpx_key_value(value=nil)
+				if !inheritable_attributes.include?(:rpx_key) 
+					RPXNow.api_key = value 
+				end
+				rw_config(:rpx_key,value,false)
+			end
+			alias_method :rpx_key=,:rpx_key
+
+			# Add this in your Session object to set whether RPX returns extended user info 
+			# By default, it will not, which is enough to get username, name, email and the rpx identified
+			# if you want to map additional information into your user details, you can request extended
+			# attributes (though not all providers give them - see the RPX docs)
+			#
+			def rpx_extended_info(value=true)
+				rpx_extended_info_value(value)
+			end
+			def rpx_extended_info_value(value=nil)
+				rw_config(:rpx_extended_info,value,false)
+			end
+			alias_method :rpx_extended_info=,:rpx_extended_info
+
+		end
+		
+		module Methods
+		  
+			def self.included(klass)
+				klass.class_eval do
+					attr_accessor :new_registration
+					after_persisting :add_rpx_identifier, :if => :adding_rpx_identifier?
+					validate :validate_by_rpx, :if => :authenticating_with_rpx?
+					validate :validate_user
+				end
+			end
+
+			# Determines if the authenticated user is also a new registration.
+			# For use in the session controller to help direct the most appropriate action to follow.
+			#
+			def new_registration?
+				new_registration || !new_registration.nil?
+			end
+
+			# True if the login was succeessful, but the logged-in user object is invalid.
+			# For use in the session controller to help direct the most appropriate action to follow.
+			#
+			def registration_incomplete?
+				valid? && attempted_record && !attempted_record.valid?
+			end
+
+			# Determines if the authenticated user has a complete registration (no validation errors)
+			# For use in the session controller to help direct the most appropriate action to follow.
+			#
+			def registration_complete?
+				attempted_record && attempted_record.valid?
+			end
+
+		private
+		  # Tests if current request is for RPX authentication
+		  #
+			def authenticating_with_rpx?
+				controller.params[:token] && !controller.params[:add_rpx]
+			end
+
+			# hook instance finder method to class
+			#
+			def find_by_rpx_identifier_method
+				self.class.find_by_rpx_identifier_method
+			end
+
+			# Tests if auto_registration is enabled (on by default)
+			#
+			def auto_register?
+				self.class.auto_register_value
+			end
+
+			# Tests if rpx_extended_info is enabled (off by default)
+			#
+			def rpx_extended_info?
+				self.class.rpx_extended_info_value
+			end
+
+      # Tests if current request is the special case of adding RPX to an existing account
+      #
+			def adding_rpx_identifier?
+				controller.params[:token] && controller.params[:add_rpx]
+			end
+			
+			# Handles the special case of RPX being added to an existing account. 
+			# At this point, a session has been established as a result of a "save" on the user model (which indirectly triggers user session validation).
+			# We do not directly add the RPX details to the user record here in order to avoid getting
+			# into a recursive dance between the session and user models.
+			# Rather, it uses the trick of adding the necessary RPX information to the session object, 
+			# and the user model will pluck these values out before completing its validation step.
+			#
+			def add_rpx_identifier
+				data = RPXNow.user_data(controller.params[:token], :extended=> rpx_extended_info? ) {|raw| raw }
+				controller.session['added_rpx_data'] = data if data
+			end
+			
+			# the main RPX magic. At this point, a session is being validated and we know RPX identifier
+			# has been provided. We'll callback to RPX to verify the token, and authenticate the matching 
+			# user. 
+			# If no user is found, and we have auto_register enabled (default) this method will also 
+			# create the user registration stub.
+			#
+			# On return to the controller, you can test for new_registration? and registration_complete?
+			# to determine the most appropriate action
+			#
+			def validate_by_rpx
+				@rpx_data = RPXNow.user_data(
+					controller.params[:token],
+					:extended => rpx_extended_info?) { |raw| raw }
+				
+				# If we don't have a valid sign-in, give-up at this point
+				if @rpx_data.nil? || @rpx_data['profile'].nil?
+					errors.add_to_base("Authentication failed. Please try again.")
+					return false
+				end
+				
+				rpx_id = @rpx_data['profile']['identifier']
+				rpx_provider_name = @rpx_data['profile']['providerName']
+				if rpx_id.blank?
+					errors.add_to_base("Authentication failed. Please try again.")
+					return false
+				end
+				
+				self.attempted_record = klass.send(find_by_rpx_identifier_method, rpx_id)
+				
+				# so what do we do if we can't find an existing user matching the RPX authentication...
+				if !attempted_record
+					if auto_register?
+						self.attempted_record = new_rpx_user(controller.params)
+						map_rpx_data
+						
+						# save the new user record - without session maintenance else we
+						# get caught in a self-referential hell, since both session and
+						# user objects invoke each other upon save
+						self.new_registration = true
+						self.attempted_record.add_rpx_identifier( rpx_id, rpx_provider_name)
+						self.attempted_record.save_without_session_maintenance
+					else
+						errors.add_to_base("We did not find any accounts with that login. Enter your details and create an account.")
+						return false
+					end
+				else
+					map_rpx_data_each_login
+				end
+			
+			end
+
+			def validate_user
+				errors.add(:user, "is invalid") if attempted_record && !attempted_record.valid?
+			end
+
+			# map_rpx_data maps additional fields from the RPX response into the user object during auto-registration.
+			# Override this in your session model to change the field mapping
+			# See https://rpxnow.com/docs#profile_data for the definition of available attributes
+			#
+			# In this procedure, you will be writing to fields of the "self.attempted_record" object, pulling data from the @rpx_data object.
+			#
+			# WARNING: if you are using auto-registration, any fields you map should NOT have constraints enforced at the database level.
+			# authlogic_rpx will optimistically attempt to save the user record during registration, and 
+			# violating a database constraint will cause the authentication/registration to fail.
+			#
+			# You can/should enforce any required validations at the model level e.g.
+			#   validates_uniqueness_of   :username, :case_sensitive => false
+			# This will allow the auto-registration to proceed, and the user can be given a chance to rectify the validation errors
+			# on your user profile page.
+			#
+			# If it is not acceptable in your application to have user records created with potential validation errors in auto-populated fields, you
+			# will need to override map_rpx_data and implement whatever special handling makes sense in your case. For example:
+			#   - directly check for uniqueness and other validation requirements
+			#   - automatically "uniquify" fields like username
+			#   - save conflicting profile information to "pending user review" columns or a seperate table
+			#
+			def map_rpx_data
+				self.attempted_record.send("#{klass.login_field}=", @rpx_data['profile']['preferredUsername'] ) if attempted_record.send(klass.login_field).blank?
+				self.attempted_record.send("#{klass.email_field}=", @rpx_data['profile']['email'] ) if attempted_record.send(klass.email_field).blank?
+			end
+
+			# new_rpx_user creates a fresh user in the case of auto-registration, prior to mapping in
+			# the rpx data via map_rpx_data. You are passed the current controller params,
+			# which you can use to initialize the user.
+			#
+			# Override this in your session model to change the initialization of auto-registered users.
+			#
+			def new_rpx_user(params)
+				klass.new()
+			end
+
+			# map_rpx_data_each_login provides a hook to allow you to map RPX profile information every time the user
+			# logs in.
+			# By default, nothing is mapped. 
+			#
+			# This would mainly be used to update relatively volatile information that you are maintaining in the user model (such as profile image url)
+			#
+			# In this procedure, you will be writing to fields of the "self.attempted_record" object, pulling data from the @rpx_data object.
+			#
+			#
+			def map_rpx_data_each_login
+
+			end
+	
+		end
+		
+	end
+end

data/lib/authlogic_rpx/session/validation.rb

@@ -0,0 +1,30 @@
+module AuthlogicRpx
+  module Session # :nodoc:
+    # This is different from mainline Session::Base#valid? in that it does not
+    # attempt to save_record on the attempted_record
+    #
+    # In a world without auto-registration the save, which seems to have been a
+    # performance optimization (authlogic SHA: 198521b75d26143c43), would be unlikely
+    # to produce show-stopper errors, but as RPX-driven auto-registration is
+    # far less likely to generate valid objects (for example, they can easily violate uniqueness
+    # constraints/validations), it is important not to save to avoid blowing up in these cases.
+    module Validation
+      def valid?
+        errors.clear
+        self.attempted_record = nil
+        
+        before_validation
+        new_session? ? before_validation_on_create : before_validation_on_update
+        validate
+        ensure_authentication_attempted
+                
+        if errors.size == 0
+          new_session? ? after_validation_on_create : after_validation_on_update
+          after_validation
+        end
+
+        errors.size == 0
+      end
+    end
+  end
+end

data/lib/authlogic_rpx/version.rb

@@ -0,0 +1,51 @@
+module AuthlogicRpx
+  # A class for describing the current version of a library. The version
+  # consists of three parts: the +major+ number, the +minor+ number, and the
+  # +tiny+ (or +patch+) number.
+  class Version
+    include Comparable
+  
+    # A convenience method for instantiating a new Version instance with the
+    # given +major+, +minor+, and +tiny+ components.
+    def self.[](major, minor, tiny)
+      new(major, minor, tiny)
+    end
+
+    attr_reader :major, :minor, :tiny
+
+    # Create a new Version object with the given components.
+    def initialize(major, minor, tiny)
+      @major, @minor, @tiny = major, minor, tiny
+    end
+
+    # Compare this version to the given +version+ object.
+    def <=>(version)
+      to_i <=> version.to_i
+    end
+
+    # Converts this version object to a string, where each of the three
+    # version components are joined by the '.' character. E.g., 2.0.0.
+    def to_s
+      @to_s ||= [@major, @minor, @tiny].join(".")
+    end
+
+    # Converts this version to a canonical integer that may be compared
+    # against other version objects.
+    def to_i
+      @to_i ||= @major * 1_000_000 + @minor * 1_000 + @tiny
+    end
+    
+    def to_a
+      [@major, @minor, @tiny]
+    end
+
+    MAJOR = 1
+    MINOR = 1
+    TINY  = 1
+
+    # The current version as a Version instance
+    CURRENT = new(MAJOR, MINOR, TINY)
+    # The current version as a String
+    STRING = CURRENT.to_s
+  end
+end

data/rails/init.rb

@@ -0,0 +1 @@
+require "authlogic_rpx"

data/test/fixtures/rpxresponses.yml

@@ -0,0 +1,20 @@
+valid_rpx_auth_user_one:
+  identifier : http://provider.one/valid_rpx_auth_user_one
+  provider_name: provider.one
+  username: valid_rpx_auth_user_one
+  verified_email: valid_rpx_auth_user_one@provider.one
+  display_name: valid rpx auth user one
+
+valid_rpx_auth_user_two:
+  identifier : http://provider.one/valid_rpx_auth_user_two
+  provider_name: provider.one
+  username: valid_rpx_auth_user_two
+  verified_email: valid_rpx_auth_user_two@provider.one
+  display_name: valid rpx auth user two
+
+unregistered_rpx_auth_user_one:
+  identifier : http://provider.one/unregistered_rpx_auth_user_one
+  provider_name: provider.one
+  username: unregistered_rpx_auth_user_one
+  verified_email: unregistered_rpx_auth_user_one@provider.one
+  display_name: unregistered rpx auth user one

data/test/fixtures/users.yml

@@ -0,0 +1,20 @@
+valid_rpx_auth_user_one:
+  login: valid_rpx_auth_user_one
+  email: valid_rpx_auth_user_one@provider.one
+  persistence_token: 6cde0674657a8a313ce952df979de2830309aa4c11ca65805dd00bfdc65dbcc2f5e36718660a1d2e68c1a08c276d996763985d2f06fd3d076eb7bc4d97b1e317
+  single_access_token: <%= Authlogic::Random.friendly_token %>
+  perishable_token: <%= Authlogic::Random.friendly_token %>
+  rpx_identifier : http://provider.one/valid_rpx_auth_user_one
+  
+valid_rpx_auth_user_two:
+  login: valid_rpx_auth_user_two
+  email: valid_rpx_auth_user_two@provider.one
+  persistence_token: 6cde0674657a8a313ce952df979de2830309aa4c11ca65805dd00bfdc65dbcc2f5e36718660a1d2e68c1a08c276d996763985d2f06fd3d076eb7bc4d97b1e317
+  single_access_token: <%= Authlogic::Random.friendly_token %>
+  perishable_token: <%= Authlogic::Random.friendly_token %>
+  rpx_identifier : http://provider.one/valid_rpx_auth_user_two 
+  
+invalid_rpx_auth_user_one:
+  login: invalid_rpx_auth_user_one
+
+ 

data/test/integration/basic_authentication_and_registration_test.rb

@@ -0,0 +1,73 @@
+# requires test_helper to be loaded first
+
+class BasicAuthenticationAndRegistrationTest < ActiveSupport::TestCase
+
+  must "authenticate valid existing user" do
+    test_user = users(:valid_rpx_auth_user_one)
+    controller.params[:token] = test_user.login
+    session = UserSession.new
+    assert_true session.save, "should be a valid session"
+    assert_false session.new_registration?, "should not be a new registration"
+    assert_true session.registration_complete?, "registration should be complete"
+    assert_equal test_user, session.record
+  end
+ 
+  must "do not authenticate invalidate non-existent user" do
+    controller.params[:token] = ''
+    session = UserSession.new
+    assert_false session.save, "should not be a valid session"
+  end
+
+  must "mark an invalaid auto-registered user as registration_incomplete" do
+    # enforce Authlogic settings required for test
+    UserSession.auto_register true
+    User.account_merge_enabled false
+    User.account_mapping_mode :none
+
+    # get response template. set the controller token (used by RPX mock to match mock response)
+    test_user = rpxresponses(:unregistered_rpx_auth_user_one)
+    controller.params[:token] = test_user.username
+    # emulate constraint violation
+
+    session = UserSession.new
+
+    stub.instance_of(User).save_without_session_maintenance.with_any_args {|*args|
+      raise "Kaboom" unless args.empty? || args.first
+    }
+    stub.instance_of(User).valid? { false }
+    assert_true session.registration_incomplete?
+  end
+
+  must "auto-register an unregistered user" do
+    # enforce Authlogic settings required for test
+    UserSession.auto_register true
+    User.account_merge_enabled false
+    User.account_mapping_mode :none
+    
+    # get response template. set the controller token (used by RPX mock to match mock response)
+    test_user = rpxresponses(:unregistered_rpx_auth_user_one)
+    controller.params[:token] = test_user.username
+    
+    session = UserSession.new
+    assert_false session.registration_incomplete?
+    assert_true session.save, "should be a valid session"
+    assert_true session.new_registration?, "should be a new registration"
+    assert_true session.registration_complete?, "registration should be complete"
+  end
+
+  must "auto-register disabled for an unregistered user" do
+    # enforce Authlogic settings required for test
+    UserSession.auto_register false
+    User.account_merge_enabled false
+    User.account_mapping_mode :none
+    
+    # get response template. set the controller token (used by RPX mock to match mock response)
+    test_user = rpxresponses(:unregistered_rpx_auth_user_one)
+    controller.params[:token] = test_user.username
+    
+    session = UserSession.new
+    assert_false session.registration_incomplete?
+    assert_false session.save, "should not be a valid session"
+  end
+
+end