ae_users 0.6.0

data/README

@@ -0,0 +1,47 @@
+AeUsers
+=======
+
+This is the authentication system used in Alleged Entertainment Rails 
+applications such as Journey and ProCon.  For more information, go to 
+www.aegames.org.
+
+
+Migrating from AeUsers 0.1
+==========================
+
+To migrate from AeUsers 0.1, run the following SQL commands in your ae_users
+database:
+
+alter table email_addresses add column person_id int;
+update email_addresses, accounts, people set email_addresses.person_id=people.id 
+  where email_addresses.account_id = accounts.id 
+        and people.account_id = accounts.id;
+alter table email_addresses drop column account_id;
+
+alter table accounts add column person_id int;
+update accounts, people set accounts.person_id=people.id 
+  where accounts.id = people.account_id;
+alter table people drop column account_id;
+
+create table open_id_identities (id int not null auto_increment primary key, 
+                                 person_id int, identity_url varchar(4000));
+
+You'll also want to run this command in each of your application databases:
+
+create table auth_tickets (id int not null auto_increment primary key, 
+  secret varchar(40) unique, person_id int, created_at datetime, 
+  updated_at datetime, expires_at datetime);
+
+And if you want to enable permission caching (experimental, but can dramatically 
+increase performance in some cases), run these commands in each of your 
+application databases for which you want to enable it:
+
+create table permission_caches (id int not null auto_increment primary key, 
+  person_id int, permissioned_id int, permissioned_type varchar(255), 
+  permission_name varchar(255), result tinyint(1));
+create index index_permission_caches_on_person_id on permission_caches 
+  (person_id);
+create index index_permission_caches_on_permissioned on permission_caches 
+  (permissioned_id, permissioned_type);
+create index index_permission_caches_on_permission_name on permission_caches 
+  (permission_name);

data/Rakefile

@@ -0,0 +1,36 @@
+require 'rake'
+require 'rake/testtask'
+require 'rake/rdoctask'
+
+desc 'Default: run unit tests.'
+task :default => :test
+
+desc 'Test the ae_users plugin.'
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'lib'
+  t.pattern = 'test/**/*_test.rb'
+  t.verbose = true
+end
+
+desc 'Generate documentation for the ae_users plugin.'
+Rake::RDocTask.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'AeUsers'
+  rdoc.options << '--line-numbers' << '--inline-source'
+  rdoc.rdoc_files.include('README')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+begin
+  require 'jeweler'
+  Jeweler::Tasks.new do |gemspec|
+    gemspec.name = "ae_users"
+    gemspec.summary = "An authentication and authorization system for Rails"
+    gemspec.email = "natbudin@gmail.com"
+    gemspec.homepage = "http://github.com/nbudin/ae_users"
+    gemspec.authors = ["Nat Budin"]
+  end
+  Jeweler::GemcutterTasks.new
+rescue LoadError
+  puts "Jeweler not available. Install it with: sudo gem install technicalpickles-jeweler -s http://gems.github.com"
+end

data/VERSION

@@ -0,0 +1 @@
+0.6.0

data/ae_users.gemspec

@@ -0,0 +1,117 @@
+# Generated by jeweler
+# DO NOT EDIT THIS FILE
+# Instead, edit Jeweler::Tasks in Rakefile, and run `rake gemspec`
+# -*- encoding: utf-8 -*-
+
+Gem::Specification.new do |s|
+  s.name = %q{ae_users}
+  s.version = "0.6.0"
+
+  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
+  s.authors = ["Nat Budin"]
+  s.date = %q{2009-10-05}
+  s.email = %q{natbudin@gmail.com}
+  s.extra_rdoc_files = [
+    "README"
+  ]
+  s.files = [
+    "README",
+     "Rakefile",
+     "VERSION",
+     "ae_users.gemspec",
+     "app/controllers/account_controller.rb",
+     "app/controllers/auth_controller.rb",
+     "app/controllers/permission_controller.rb",
+     "app/helpers/account_helper.rb",
+     "app/helpers/auth_helper.rb",
+     "app/helpers/permission_helper.rb",
+     "app/models/account.rb",
+     "app/models/auth_notifier.rb",
+     "app/models/auth_ticket.rb",
+     "app/models/email_address.rb",
+     "app/models/login.rb",
+     "app/models/open_id_identity.rb",
+     "app/models/permission.rb",
+     "app/models/person.rb",
+     "app/models/role.rb",
+     "app/views/account/_personal_info.rhtml",
+     "app/views/account/_procon_profile.rhtml",
+     "app/views/account/_signup_form.html.erb",
+     "app/views/account/activate.rhtml",
+     "app/views/account/activation_error.rhtml",
+     "app/views/account/change_password.rhtml",
+     "app/views/account/edit_profile.rhtml",
+     "app/views/account/signup.rhtml",
+     "app/views/account/signup_noactivation.rhtml",
+     "app/views/account/signup_success.rhtml",
+     "app/views/auth/_auth_form.rhtml",
+     "app/views/auth/_forgot_form.html.erb",
+     "app/views/auth/_mini_auth_form.rhtml",
+     "app/views/auth/_openid_auth_form.html.erb",
+     "app/views/auth/_other_login_options.html.erb",
+     "app/views/auth/auth_form.js.erb",
+     "app/views/auth/forgot.rhtml",
+     "app/views/auth/forgot_form.rhtml",
+     "app/views/auth/index.css.erb",
+     "app/views/auth/login.rhtml",
+     "app/views/auth/needs_activation.rhtml",
+     "app/views/auth/needs_person.html.erb",
+     "app/views/auth/needs_profile.rhtml",
+     "app/views/auth/openid_login.html.erb",
+     "app/views/auth/resend_activation.rhtml",
+     "app/views/auth_notifier/account_activation.rhtml",
+     "app/views/auth_notifier/generated_password.rhtml",
+     "app/views/permission/_add_grantee.rhtml",
+     "app/views/permission/_role_member.rhtml",
+     "app/views/permission/_show.rhtml",
+     "app/views/permission/_userpicker.rhtml",
+     "app/views/permission/add_role_member.rhtml",
+     "app/views/permission/admin.rhtml",
+     "app/views/permission/edit.rhtml",
+     "app/views/permission/edit_role.rhtml",
+     "app/views/permission/grant.rhtml",
+     "db/migrate/002_create_accounts.rb",
+     "db/migrate/003_create_email_addresses.rb",
+     "db/migrate/004_create_people.rb",
+     "db/migrate/013_simplify_signup.rb",
+     "db/migrate/014_create_permissions.rb",
+     "db/migrate/015_create_roles.rb",
+     "db/migrate/016_refactor_people.rb",
+     "db/migrate/017_people_permissions.rb",
+     "generators/ae_users/USAGE",
+     "generators/ae_users/ae_users_generator.rb",
+     "generators/ae_users/templates/add.png",
+     "generators/ae_users/templates/admin.png",
+     "generators/ae_users/templates/group.png",
+     "generators/ae_users/templates/logout.png",
+     "generators/ae_users/templates/migration.rb",
+     "generators/ae_users/templates/openid.gif",
+     "generators/ae_users/templates/remove.png",
+     "generators/ae_users/templates/user.png",
+     "init.rb",
+     "install.rb",
+     "lib/ae_users.rb",
+     "rails/init.rb",
+     "tasks/ae_users_tasks.rake",
+     "test/ae_users_test.rb",
+     "uninstall.rb"
+  ]
+  s.homepage = %q{http://github.com/nbudin/ae_users}
+  s.rdoc_options = ["--charset=UTF-8"]
+  s.require_paths = ["lib"]
+  s.rubygems_version = %q{1.3.5}
+  s.summary = %q{An authentication and authorization system for Rails}
+  s.test_files = [
+    "test/ae_users_test.rb"
+  ]
+
+  if s.respond_to? :specification_version then
+    current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
+    s.specification_version = 3
+
+    if Gem::Version.new(Gem::RubyGemsVersion) >= Gem::Version.new('1.2.0') then
+    else
+    end
+  else
+  end
+end

data/app/controllers/account_controller.rb

@@ -0,0 +1,167 @@
+class AccountController < ApplicationController
+  unloadable
+  require_login :only => [:edit_profile, :edit_email_addresses, :change_password, :add_openid, :delete_openid]
+  before_filter :check_signup_allowed, :only => [:signup, :signup_success]
+  
+  filter_parameter_logging :password
+  
+  def activate
+    if logged_in?
+      redirect_to "/"
+      return
+    end
+
+    @account = Account.find params[:account]
+
+    if not @account.nil? and @account.activation_key == params[:activation_key]
+      @account.active = true
+      @account.activation_key = nil
+      @account.save
+    else
+      redirect_to :action => :activation_error
+    end
+  end
+  
+  def edit_profile
+    @person = logged_in_person
+    if not AeUsers.profile_class.nil?
+      @app_profile = AeUsers.profile_class.find_by_person_id(@person.id)
+    end
+    
+    if request.post?
+      @person.update_attributes params[:person]
+      if @app_profile
+        @app_profile.update_attributes params[:app_profile]
+      end
+    end
+  end
+  
+  def edit_email_addresses
+    errs = []
+    
+    if params[:new_address] and params[:new_address].length > 0
+      existing_ea = EmailAddress.find_by_address params[:new_address]
+      if existing_ea
+        errs.push "A different person is already associated with the email address you tried to add."
+      else
+        newea = EmailAddress.create :person => logged_in_person, :address => params[:new_address]
+        if params[:primary] == 'new'
+          newea.primary = true
+          newea.save
+        end
+      end
+    end
+    
+    if params[:primary] and params[:primary] != 'new'
+      id = params[:primary].to_i
+      if id != 0
+        addr = EmailAddress.find id
+        if addr.person != logged_in_person
+          errs.push "The email address you've selected as primary belongs to a different person."
+        else
+          addr.primary = true
+          addr.save
+        end
+      else
+        errs.push "The email address you've selected as primary doesn't exist."
+      end
+    end
+    
+    if params[:delete]
+      params[:delete].each do |id|
+        addr = EmailAddress.find id
+        if addr.person != logged_in_person
+          errs.push "The email address you've selected to delete belongs to a different person."
+        elsif addr.primary
+          errs.push "You can't delete your primary email address.  Try making a different email address your primary address first."
+        else
+          addr.destroy
+        end
+      end
+    end
+    
+    if errs.length > 0
+      flash[:error_messages] = errs
+    end
+    
+    redirect_to :action => :edit_profile
+  end
+  
+  def change_password
+    password = params[:password]
+    if password[:password1].nil? or password[:password2].nil?
+      redirect_to :action => :edit_profile
+    elsif password[:password1] != password[:password2]
+      flash[:error_messages] = ["The passwords you entered don't match.  Please try again."]
+      redirect_to :action => :edit_profile
+    else
+      acct = logged_in_person.account
+      acct.password = password[:password1]
+      acct.save
+    end
+  end
+  
+  def activation_error
+  end
+  
+  def signup_success
+  end
+  
+  def add_openid
+    if using_open_id?
+      authenticate_with_open_id(params[:openid_url]) do |result, identity_url|
+        if result.successful?
+          id = OpenIdIdentity.find_by_identity_url(identity_url)
+          if id.nil?
+            id = OpenIdIdentity.new :person => logged_in_person, :identity_url => identity_url
+          else
+            if id.person.nil?
+              id.person = logged_in_person
+            elsif id.person != logged_in_person
+              flash[:error_messages] = ["That OpenID belongs to a different person (#{id.person.name})."]
+              return
+            end
+          end
+          if not id.save
+            flash[:error_messages] = id.errors.collect { |e| e[0].humanize + " " + e[1] }
+          end
+        else
+          flash[:error_messages] = [result.message]
+        end
+        redirect_to :action => 'edit_profile'
+      end
+    else
+      flash[:error_messages] = ["Please enter an OpenID url."]
+    end
+  end
+  
+  def delete_openid
+    id = OpenIdIdentity.find(params[:id])
+    if id.person == logged_in_person
+      if logged_in_person.account or logged_in_person.open_id_identities.length > 1
+        id.destroy
+      else
+        flash[:error_messages] = ["Deleting that OpenID would leave you no way of logging in!"]
+      end
+    else
+      flash[:error_messages] = ["That OpenID does not belong to you!"]
+    end
+    redirect_to :action => 'edit_profile'
+  end
+  
+  def signup
+    ret = create_account_and_person()
+    if ret == :success
+      redirect_to :action => 'signup_success'
+    elsif ret == :no_activation
+      redirect_to :action => :signup_noactivation
+    end
+  end
+  
+  private  
+  def check_signup_allowed
+    if not AeUsers.signup_allowed?
+      access_denied "Account signup is not allowed on this site."
+    end
+  end
+end

data/app/controllers/auth_controller.rb

@@ -0,0 +1,202 @@
+class AuthController < ApplicationController
+  unloadable
+  filter_parameter_logging :password
+  before_filter :construct_login, :only => [:login, :openid_login, :forgot_form]
+  
+  def index
+    respond_to do |format|
+      format.css { render :layout => false }
+    end
+  end
+  
+  def openid_login
+    params[:openid_url] ||= cookies['openid_url']    
+    if using_open_id?
+      if attempt_open_id_login(@login.return_to)
+        successful_login_redirect
+      end
+    end
+  end
+  
+  def login
+    if request.post?
+      unless @login.password or @login.have_password
+        redirect_to :controller => "account", :action => "signup", :email => @login.email
+      end
+    end
+    if request.post? and not logged_in?
+      if attempt_login(@login)
+        successful_login_redirect
+      end
+    end
+  end
+  
+  def needs_person
+    @open_id_identity = OpenIdIdentity.find_or_create_by_identity_url(session[:identity_url])
+    @person = Person.new
+    if not AeUsers.profile_class.nil?
+      @app_profile = AeUsers.profile_class.send(:new, :person => @person)
+    end
+    
+    if params[:registration]
+      person_map = HashWithIndifferentAccess.new(Person.sreg_map)
+      profile_map = if AeUsers.profile_class and AeUsers.profile_class.respond_to?("sreg_map")
+        HashWithIndifferentAccess.new(AeUsers.profile_class.sreg_map)
+      else
+        nil
+      end
+        
+      params[:registration].each_pair do |key, value|
+        if key == 'email'
+          params[:email] = value
+        elsif person_map.has_key?(key.to_s)
+          mapper = person_map[key]
+          attrs = mapper.call(value)
+          @person.attributes = attrs
+        elsif (profile_map and profile_map.has_key?(key))
+          mapper = profile_map[key]
+          @app_profile.attributes = mapper.call(value)
+        end
+      end
+    end
+    if params[:person]
+      @person.attributes = params[:person]
+    end
+    if params[:app_profile] and @app_profile
+      @app_profile.attributes = params[:app_profile]
+    end
+    
+    if request.post?
+      error_messages = []
+      error_fields = []
+      
+      ["firstname", "lastname", "gender"].each do |field|
+        if not @person.send(field)
+          error_fields.push field
+          error_messages.push "You must enter a value for #{field}."
+        end
+      end
+      
+      if not params[:email]
+        error_fields.push("email")
+        error_messages.push "You must enter a value for email."
+      end
+      
+      if error_messages.length > 0
+        flash[:error_fields] = error_fields
+        flash[:error_messages] = error_messages
+      else
+        @person.save
+        @person.primary_email_address = params[:email]
+        @open_id_identity.person = @person
+        @open_id_identity.save
+        if @app_profile
+          @app_profile.save
+        end
+        
+        session[:person] = @person
+        redirect_to session[:return_to]
+      end
+    end
+  end
+
+  def auth_form  
+    respond_to do |format|
+      format.js { render :layout => false }
+    end
+  end
+  
+  def needs_profile
+    @person = Person.find session[:provisional_person]
+    if @person.nil?
+      flash[:error_messages] = ["Couldn't find a person record with that ID.  
+        Something may have gone wrong internally.  Please try again, and if the problem persists, please contact
+        the site administrator."]
+      redirect_to :back
+    end
+    
+    if not AeUsers.signup_allowed?
+      flash[:error_messages] = ['Your account is not valid for this site.']
+      redirect_to url_for("/")
+    else
+      if not AeUsers.profile_class.nil?
+        @app_profile = AeUsers.profile_class.send(:new, :person_id => session[:provisional_person])
+        @app_profile.attributes = params[:app_profile]
+        
+        if request.post?
+          @app_profile.save
+          session[:person] = @person
+          redirect_to params[:return_to]
+        end
+      end
+    end
+  end
+  
+  def forgot
+    ActionMailer::Base.default_url_options[:host] = request.host
+    
+    @account = Account.find_by_email_address(params[:email])
+    if not @account.nil?
+      @account.generate_password
+    else
+      flash[:error_messages] = ["There's no account matching that email address.  Please try again, or sign up for an account."]
+      redirect_to :action => :forgot_form
+    end
+  end
+  
+  def resend_validation
+    ActionMailer::Base.default_url_options[:host] = request.host
+    
+    @email_address = Account.find params[:email]
+    if not @email_address.nil?
+      @email_address.generate_validation
+    else
+      flash[:error_messages] = ["Email address #{params[:email]} not found!"]
+      redirect_to url_for("/")
+    end
+  end
+  
+  def logout
+    reset_session
+    redirect_to url_for("/")
+  end
+  
+  private
+  
+  def construct_login
+    @login = Login.new(params[:login])
+    @login.email ||= cookies['email']
+    if @login.return_to.nil? or @login.return_to == ""
+      if params[:return_to]
+        @login.return_to = params[:return_to]
+      else
+        @login.return_to = request.env["HTTP_REFERER"]
+      end
+    end
+
+    # prevent infinite redirect loops
+    begin
+      if URI(@login.return_to).path == URI(request.url).path
+        @login.return_to = url_for("/")
+      end
+    rescue
+    end
+    
+    # if they're already logged in, don't let them view this page
+    if logged_in?
+      successful_login_redirect
+    end
+  end
+  
+  def successful_login_redirect
+    if @login.return_to
+      redirect_to @login.return_to
+    elsif session[:return_to]
+      rt = session[:return_to]
+      session[:return_to] = nil
+      redirect_to rt
+    else
+      redirect_to url_for('/')
+    end
+  end
+end