adva_user 0.0.1

data/lib/action_controller/authenticate_anonymous.rb

@@ -0,0 +1,70 @@
+# Auto-registers and re-authenticates anonymous users based on a single token
+# that's stored in the session. This is for anonymous posting of blog comments,
+# editing wikipages etc. and allows to do such things as:
+#
+# * store user information in the user table (which keeps the model and db
+#   structure clean) and
+# * allow users to (e.g.) edit their comment based on this anonymous login.
+
+module ActionController
+  module AuthenticateAnonymous
+    def self.included(base)
+      base.extend ClassMethods
+    end
+
+    module ClassMethods
+      def authenticates_anonymous_user
+        return if authenticates_anonymous_user?
+        include InstanceMethods
+        alias_method_chain :current_user, :anonymous
+        alias_method_chain :authenticated?, :anonymous
+      end
+
+      def authenticates_anonymous_user?
+        included_modules.include? InstanceMethods
+      end
+    end
+
+    module InstanceMethods
+      def current_user_with_anonymous
+        @current_user ||= (current_user_without_anonymous || login_or_register_anonymous)
+      end
+
+      def authenticated_with_anonymous?
+        !!current_user and !current_user.anonymous?
+      end
+
+      def login_or_register_anonymous
+        anonymous = try_login_anonymous || User.anonymous
+        anonymous = register_or_update_anonymous anonymous if params[:user]
+        login_anonymous! anonymous if anonymous
+        anonymous
+      end
+
+      def try_login_anonymous
+        # try to authenticate if token is present
+        validate_token User, session[:anonymous_token] if session[:anonymous_token]
+      end
+
+      def register_or_update_anonymous(anonymous)
+        # if :name and :email params are passed either register a new Anonymous or update the existing one
+        anonymous.update_attributes params[:user].merge(request_info)
+        anonymous
+      end
+
+      def login_anonymous!(anonymous)
+        # set a new session token and expiration
+        token = anonymous.assign_token('anonymous', 3.hour.from_now)
+        anonymous.save
+        session[:anonymous_token] = "#{anonymous.id};#{token}"
+        cookies[:aid] = anonymous.id.to_s unless anonymous.new_record?
+      end
+
+      def request_info
+        { :ip      => request.env["REMOTE_ADDR"],
+          :agent   => request.env["HTTP_USER_AGENT"],
+          :referer => request.env["HTTP_REFERER"] }
+      end
+    end
+  end
+end

data/lib/action_controller/authenticate_user.rb

@@ -0,0 +1,201 @@
+module ActionController
+
+  # Module automatically mixed into the all controllers making the
+  # application of authentication easy. See
+  # Login::ControllerIntegration::ClassMethods for how to apply
+  # authentication.
+  module AuthenticateUser
+    def self.included(target)
+      target.extend(ClassMethods)
+      target.send(:include, InstanceMethods)
+      target.helper_method(:logged_in?, :authenticated?)
+    end
+
+    # Methods available as macro-style methods on any controller
+    module ClassMethods
+
+      # Sets up the controller so that authentication is required. If
+      # the user is not authenticated then they will be redirected to
+      # the login screen.
+      #
+      # The page requested will be saved so that once the login has
+      # occured they will be sent back to the page they first
+      # requested. If no page was requested (they went to the login
+      # page directly) then they will be directed to profiles/home
+      # after login which is a placeholder for the app to override.
+      #
+      # Options given are passed directly to the before_filter method
+      # so feel free to provide :only and :except options.
+      def authentication_required
+        before_filter :require_authentication
+      end
+
+      # Will remove authentication from certain actions. Options given
+      # are passed directly to skip_before_filter so feel free to use
+      # :only and :except options.
+      #
+      # This method is useful in cases where you have locked down the
+      # entire application by putting authentication_required in your
+      # ApplicationController but then want to open an action back up
+      # in a specific controller.
+      def no_authentication_required
+        skip_before_filter :require_authentication
+      end
+    end
+
+    # Methods callable from within actions
+    module InstanceMethods
+      def authenticate_user(credentials)
+        User.authenticate(credentials).tap do |user|
+          if user
+            # prevent session hijacking - unnecessary according to http://dev.rubyonrails.org/ticket/10108
+            # reset_session_except :return_location
+            session[:uid] = user.id
+            set_user_cookie!(user)
+          end
+        end
+      end
+
+      # Will retrieve the current_user. Will not force a login but
+      # simply load the current user if a person is logged in. If
+      # you need the user object loaded with extra options (such as
+      # eager loading) then create a private method called
+      # "user_find_options" on your controller that returns a hash
+      # of the find options you want.
+      #
+      # This method will also inform the models of the current user
+      # if the current user is logged in and the "User" class responds
+      # to the class method current_user=. This is a nice way to
+      # communciate the current user down to the model level for
+      # model-level security. This means you will want to call this
+      # method at least once before using the model-level security.
+      # Usually you will call it in a before filter. This method is
+      # called automatically when authentication_required is applied to
+      # an action.
+      def current_user
+        @current_user ||= begin
+          # Check for session[:uid] here? That would mean that for token auth the
+          # user always needs to be logged out (e.g. in UserController#create).
+          # Looks a bit more robust this way:
+          try_login
+          if session && session[:uid]
+            user = find_current_user
+            set_user_cookie!(user)
+            user
+          end
+        end
+      end
+
+      def authenticated?
+        !!current_user
+      end
+      alias :logged_in? :authenticated?
+
+      # killed this because it's just the wrong way to do it
+      #
+      # # Will store the current params so that we can return here on
+      # # successful login. If you want to redirect to the login yourself
+      # # (perhaps you are applying your own security instead of just
+      # # determining if the user is logged in) then you will want to
+      # # call this before issuing your redirect to the login screen.
+      # def store_return_location
+      #   session[:return_location] = params
+      # end
+
+      private
+
+        # Will actually test to see if the user is authorized
+        def require_authentication
+          # No matter what the app does a user can always login, forgot
+          # password and register. The controllers provided by this
+          # plugin alreaddy have these controllers/actions on an
+          # exception list but this prevents a mistake an overridden
+          # controller from preventing the normal login behavior.
+          %w(session password user).each do |c|
+  	        %w(new create).each do |a|
+              return if (controller_name == c) && (action_name == a)
+            end
+  	      end
+
+          # If we cannot get the current user store the requested page
+          # and send them to the login page.
+          if current_user.nil? or current_user.anonymous?
+            redirect_to login_url(:return_to => request.url) and false
+          end
+        end
+
+        def logout
+          reset_session
+          forget_me!
+        end
+
+        def forget_me!
+          cookies[:remember_me] = nil
+          cookies[:uid] = nil
+          cookies[:uname] = nil
+        end
+
+        def remember_me!
+          token = current_user.assign_token!('remember me')
+          cookies[:remember_me] = { :value => "#{current_user.id};#{token}", :expires => 10.years.from_now }
+        end
+
+        def set_user_cookie!(user = current_user)
+          if user
+            cookies[:uid] = user.id.to_s
+            cookies[:uname] = user.name
+          end
+        end
+
+        # There are a few ways that a user can login without going through
+        # a login screen. These methods all rely on authenticating with
+        # the information given in the request. If any of these methods
+        # are successful then session[:uid] will be set with the current
+        # user id and current_user will return the current user
+        def try_login
+          if user = http_auth_login || validation_login || remember_me_login
+            session[:uid] = user.id
+          end
+        end
+
+        # Will attempt to authenticate with HTTP Auth. HTTP Auth will not
+        # be required. We are just checking if it is provided mainly for
+        # RESTful requests.
+        def http_auth_login
+          # FIXME: Implement
+        end
+
+        # Will use the URL param :token to see if we can do a token
+        # authentication.
+        def validation_login
+          validate_token User, params[:token]
+        end
+
+        # Will check for a :remember_me cookie for a token that will
+        # authenticate the user.
+        def remember_me_login
+          validate_token User, cookies[:remember_me]
+        end
+
+        # The tokens are stored in various places as id;token. This method
+        # will split that out and validate it. If everything is successful
+        # then the user object is returned. Otherwise nil is returned.
+        # The full token should be passed in.
+        def validate_token(klass, token, options = {})
+          return nil if token.blank?
+          return nil unless token =~ /\;/
+
+          uid, token = token.split ';'
+          if object = klass.find_by_id(uid)
+            return object if object.authenticate(token)
+          end
+          nil
+        end
+
+        def find_current_user
+          User.find_by_id(session[:uid])
+        end
+
+    end
+  end
+end

data/lib/active_record/belongs_to_author.rb

@@ -0,0 +1,37 @@
+module ActiveRecord
+  module BelongsToAuthor
+    def self.included(base)
+      base.extend ActMacro
+    end
+
+    module ActMacro
+      def belongs_to_user(*args)
+        options = args.extract_options!
+        args = (args.empty? ? [:user] : args)
+        belongs_to_cacheable *args.dup << options # FIXME should not be polymorphic!
+        
+        args.each do |name|
+          class_eval <<-code, __FILE__, __LINE__
+            def #{name}_ip
+              #{name}.ip if #{name} && #{name}.respond_to?(:ip)
+            end
+
+            def #{name}_agent
+              #{name}.agent if #{name} && #{name}.respond_to?(:agent)
+            end
+
+            def #{name}_referer
+              #{name}.referer if #{name} && #{name}.respond_to?(:referer)
+            end
+          code
+        end
+      end
+
+      def belongs_to_author(*args)
+        options = args.extract_options!
+        args = (args.empty? ? [:author] : args) << options
+        belongs_to_user *args
+      end
+    end
+  end
+end

data/lib/adva_user.rb

@@ -0,0 +1,28 @@
+# require "adva_user/version"
+
+# load vendored gems
+Dir["#{File.expand_path("#{File.dirname(__FILE__)}/../vendor/gems")}/**/lib"].each do |vendored_gem_path|
+  $: << vendored_gem_path
+end
+require "authentication"
+
+require "rails"
+
+require "action_controller/authenticate_user"
+require "action_controller/authenticate_anonymous"
+require "active_record/belongs_to_author"
+require "login/helper_integration"
+
+module AdvaUser
+  class Engine < Rails::Engine
+    initializer "adva_user.init" do
+      ActionController::Base.send :include, ActionController::AuthenticateUser
+      ActionController::Base.send :include, ActionController::AuthenticateAnonymous
+      ActiveRecord::Base.send :include, ActiveRecord::BelongsToAuthor
+      ActionView::Base.send :include, Login::HelperIntegration
+
+      Event.observers << 'UserMailer'
+      Event.observers << 'PasswordMailer'
+    end
+  end
+end

data/lib/adva_user/version.rb

@@ -0,0 +1,3 @@
+module AdvaUser
+  VERSION = "0.0.1"
+end

data/lib/login/helper_integration.rb

@@ -0,0 +1,11 @@
+module Login
+  # Automatically mixed into all views for utility functions.
+  module HelperIntegration
+
+    # Returns the current user at the view level. Everything said
+    # about the current_user method in the
+    # Login::ControllerIntegration::InstanceMethods module
+    # applies to this method as well.
+    def current_user; controller.current_user end
+  end
+end

data/lib/login/mail_config.rb

@@ -0,0 +1,39 @@
+module Login
+
+  # The purpose of this module is to provide an application some control
+  # over how the messages are sent without having to overwrite blocks
+  # of code. We do this through simple constants. The two constants
+  # currently are:
+  #
+  # SUBJECT_PREFIX::
+  #   Text that is before every message subject. By default this is not
+  #   used. You may want to put something like the website here.
+  # NOTIFICATIONS_FROM::
+  #   Who the message appears to be coming from. By default this is
+  #   postmaster@yourdomain.com
+  #
+  # If you want to access these same values in your own mailers just
+  # mix them into your mailers and the methods will be available.
+  module MailConfig
+    protected
+
+    # Will return subject prefix
+    def subject_prefix
+      return "[#{SUBJECT_PREFIX}] " if Object.const_defined?('SUBJECT_PREFIX')
+      ''
+    end
+
+    # Email message appear to come from. The constant takes priority
+    # but if no constant is defined then the email is extracted from
+    # the given param which can be any link that you want the email
+    # to appear to come from.
+    def system_email(extract_from)
+      return NOTIFICATIONS_FROM if Object.const_defined?('NOTIFICATIONS_FROM')
+      if host = URI.parse(extract_from).host
+        host = host.split '.'
+        host.shift if host.first =~ /www/i
+        "postmaster@#{host * '.'}"
+      end
+    end
+  end
+end

data/test/contexts.rb

@@ -0,0 +1,42 @@
+class Test::Unit::TestCase
+  def login(user)
+    @user = user
+    stub(@controller).current_user.returns(user)
+  end
+
+  share :no_user do
+    before do 
+      User.delete_all
+    end
+  end
+
+  share :a_user do
+    before do 
+      @user = User.first
+    end
+  end
+  
+  def valid_user_params
+    { :first_name      => 'first name',
+      :last_name       => 'last name',
+      :email           => 'email@email.org',
+      :password        => 'password',
+      :homepage        => 'http://homepage.org' }
+  end
+  
+  share :valid_user_params do
+    before { @params = { :user => valid_user_params } }
+  end
+  
+  share :invalid_user_params do
+    before { @params = { :user => valid_user_params.update(:first_name => '') } }
+  end
+  
+  share :invalid_user_params do
+    before { @params = { :user => valid_user_params.update(:email => '') } }
+  end
+  
+  share :invalid_user_params do
+    before { @params = { :user => valid_user_params.update(:password => '') } }
+  end
+end

data/test/fixtures.rb

@@ -0,0 +1,18 @@
+user1 = User.create!  :first_name => 'user1',
+                      :email => 'user1@example.com',
+                      :password => 'a password',
+                      :verified_at => Time.now
+user2 = User.create!  :first_name => 'user2',
+                      :email => 'user2@example.com',
+                      :password => 'a password',
+                      :verified_at => Time.now
+user3 = User.create!  :first_name => 'user3',
+                      :email => 'user3@example.com',
+                      :password => 'a password',
+                      :verified_at => Time.now
+user4 = User.create!  :first_name => 'user4',
+                      :email => 'user4@example.com',
+                      :password => 'a password',
+                      :verified_at => Time.now
+
+account = Account.create! :name => 'an account', :users => [ user1, user2, user3 ]