ae_users_legacy 0.6.3

data/LICENSE

@@ -0,0 +1,20 @@
+Copyright (c) 2009 Nat Budin
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README

@@ -0,0 +1,47 @@
+AeUsers
+=======
+
+This is the authentication system used in Alleged Entertainment Rails 
+applications such as Journey and ProCon.  For more information, go to 
+www.aegames.org.
+
+
+Migrating from AeUsers 0.1
+==========================
+
+To migrate from AeUsers 0.1, run the following SQL commands in your ae_users
+database:
+
+alter table email_addresses add column person_id int;
+update email_addresses, accounts, people set email_addresses.person_id=people.id 
+  where email_addresses.account_id = accounts.id 
+        and people.account_id = accounts.id;
+alter table email_addresses drop column account_id;
+
+alter table accounts add column person_id int;
+update accounts, people set accounts.person_id=people.id 
+  where accounts.id = people.account_id;
+alter table people drop column account_id;
+
+create table open_id_identities (id int not null auto_increment primary key, 
+                                 person_id int, identity_url varchar(4000));
+
+You'll also want to run this command in each of your application databases:
+
+create table auth_tickets (id int not null auto_increment primary key, 
+  secret varchar(40) unique, person_id int, created_at datetime, 
+  updated_at datetime, expires_at datetime);
+
+And if you want to enable permission caching (experimental, but can dramatically 
+increase performance in some cases), run these commands in each of your 
+application databases for which you want to enable it:
+
+create table permission_caches (id int not null auto_increment primary key, 
+  person_id int, permissioned_id int, permissioned_type varchar(255), 
+  permission_name varchar(255), result tinyint(1));
+create index index_permission_caches_on_person_id on permission_caches 
+  (person_id);
+create index index_permission_caches_on_permissioned on permission_caches 
+  (permissioned_id, permissioned_type);
+create index index_permission_caches_on_permission_name on permission_caches 
+  (permission_name);

data/Rakefile

@@ -0,0 +1,49 @@
+require 'rubygems'
+require 'rake'
+
+begin
+  require 'jeweler'
+  Jeweler::Tasks.new do |gem|
+    gem.name = "ae_users_legacy"
+    gem.summary = %Q{Legacy authentication/authorization framework}
+    gem.description = %Q{Don't use this gem.  Use something written in the last couple years instead.}
+    gem.email = "natbudin@gmail.com"
+    gem.homepage = "http://github.com/nbudin/ae_users"
+    gem.authors = ["Nat Budin"]
+    gem.add_development_dependency "thoughtbot-shoulda", ">= 0"
+    gem.add_dependency "ruby-openid", ">= 2.0.4"
+  end
+  Jeweler::GemcutterTasks.new
+rescue LoadError
+  puts "Jeweler (or a dependency) not available. Install it with: gem install jeweler"
+end
+
+require 'rake/testtask'
+Rake::TestTask.new(:test) do |test|
+  test.libs << 'lib' << 'test'
+  test.pattern = 'test/**/test_*.rb'
+  test.verbose = true
+end
+
+begin
+  require 'rcov/rcovtask'
+  Rcov::RcovTask.new do |test|
+    test.libs << 'test'
+    test.pattern = 'test/**/test_*.rb'
+    test.verbose = true
+  end
+rescue LoadError
+  task :rcov do
+    abort "RCov is not available. In order to run rcov, you must: sudo gem install spicycode-rcov"
+  end
+end
+
+require 'rake/rdoctask'
+desc 'Generate documentation for the ae_users plugin.'
+Rake::RDocTask.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'AeUsers'
+  rdoc.options << '--line-numbers' << '--inline-source'
+  rdoc.rdoc_files.include('README')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end

data/VERSION

@@ -0,0 +1 @@
+0.6.3

data/ae_users_legacy.gemspec

@@ -0,0 +1,126 @@
+# Generated by jeweler
+# DO NOT EDIT THIS FILE DIRECTLY
+# Instead, edit Jeweler::Tasks in Rakefile, and run the gemspec command
+# -*- encoding: utf-8 -*-
+
+Gem::Specification.new do |s|
+  s.name = %q{ae_users_legacy}
+  s.version = "0.6.3"
+
+  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
+  s.authors = ["Nat Budin"]
+  s.date = %q{2011-01-13}
+  s.description = %q{Don't use this gem.  Use something written in the last couple years instead.}
+  s.email = %q{natbudin@gmail.com}
+  s.extra_rdoc_files = [
+    "LICENSE",
+     "README"
+  ]
+  s.files = [
+    "LICENSE",
+     "README",
+     "Rakefile",
+     "VERSION",
+     "ae_users_legacy.gemspec",
+     "app/controllers/account_controller.rb",
+     "app/controllers/auth_controller.rb",
+     "app/controllers/permission_controller.rb",
+     "app/helpers/account_helper.rb",
+     "app/helpers/auth_helper.rb",
+     "app/helpers/permission_helper.rb",
+     "app/models/account.rb",
+     "app/models/auth_notifier.rb",
+     "app/models/auth_ticket.rb",
+     "app/models/email_address.rb",
+     "app/models/login.rb",
+     "app/models/open_id_identity.rb",
+     "app/models/permission.rb",
+     "app/models/person.rb",
+     "app/models/role.rb",
+     "app/views/account/_personal_info.rhtml",
+     "app/views/account/_procon_profile.rhtml",
+     "app/views/account/_signup_form.html.erb",
+     "app/views/account/activate.rhtml",
+     "app/views/account/activation_error.rhtml",
+     "app/views/account/change_password.rhtml",
+     "app/views/account/edit_profile.rhtml",
+     "app/views/account/signup.rhtml",
+     "app/views/account/signup_noactivation.rhtml",
+     "app/views/account/signup_success.rhtml",
+     "app/views/auth/_auth_form.rhtml",
+     "app/views/auth/_forgot_form.html.erb",
+     "app/views/auth/_mini_auth_form.rhtml",
+     "app/views/auth/_openid_auth_form.html.erb",
+     "app/views/auth/_other_login_options.html.erb",
+     "app/views/auth/auth_form.js.erb",
+     "app/views/auth/forgot.rhtml",
+     "app/views/auth/forgot_form.rhtml",
+     "app/views/auth/index.css.erb",
+     "app/views/auth/login.rhtml",
+     "app/views/auth/needs_activation.rhtml",
+     "app/views/auth/needs_person.html.erb",
+     "app/views/auth/needs_profile.rhtml",
+     "app/views/auth/openid_login.html.erb",
+     "app/views/auth/resend_activation.rhtml",
+     "app/views/auth_notifier/account_activation.rhtml",
+     "app/views/auth_notifier/generated_password.rhtml",
+     "app/views/permission/_add_grantee.rhtml",
+     "app/views/permission/_role_member.rhtml",
+     "app/views/permission/_show.rhtml",
+     "app/views/permission/_userpicker.rhtml",
+     "app/views/permission/add_role_member.rhtml",
+     "app/views/permission/admin.rhtml",
+     "app/views/permission/edit.rhtml",
+     "app/views/permission/edit_role.rhtml",
+     "app/views/permission/grant.rhtml",
+     "db/migrate/002_create_accounts.rb",
+     "db/migrate/003_create_email_addresses.rb",
+     "db/migrate/004_create_people.rb",
+     "db/migrate/013_simplify_signup.rb",
+     "db/migrate/014_create_permissions.rb",
+     "db/migrate/015_create_roles.rb",
+     "db/migrate/016_refactor_people.rb",
+     "db/migrate/017_people_permissions.rb",
+     "generators/ae_users/USAGE",
+     "generators/ae_users/ae_users_generator.rb",
+     "generators/ae_users/templates/add.png",
+     "generators/ae_users/templates/admin.png",
+     "generators/ae_users/templates/group.png",
+     "generators/ae_users/templates/logout.png",
+     "generators/ae_users/templates/migration.rb",
+     "generators/ae_users/templates/openid.gif",
+     "generators/ae_users/templates/remove.png",
+     "generators/ae_users/templates/user.png",
+     "init.rb",
+     "install.rb",
+     "lib/ae_users.rb",
+     "rails/init.rb",
+     "tasks/ae_users_tasks.rake",
+     "test/ae_users_test.rb",
+     "uninstall.rb"
+  ]
+  s.homepage = %q{http://github.com/nbudin/ae_users}
+  s.rdoc_options = ["--charset=UTF-8"]
+  s.require_paths = ["lib"]
+  s.rubygems_version = %q{1.4.2}
+  s.summary = %q{Legacy authentication/authorization framework}
+  s.test_files = [
+    "test/ae_users_test.rb"
+  ]
+
+  if s.respond_to? :specification_version then
+    s.specification_version = 3
+
+    if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
+      s.add_development_dependency(%q<thoughtbot-shoulda>, [">= 0"])
+      s.add_runtime_dependency(%q<ruby-openid>, [">= 2.0.4"])
+    else
+      s.add_dependency(%q<thoughtbot-shoulda>, [">= 0"])
+      s.add_dependency(%q<ruby-openid>, [">= 2.0.4"])
+    end
+  else
+    s.add_dependency(%q<thoughtbot-shoulda>, [">= 0"])
+    s.add_dependency(%q<ruby-openid>, [">= 2.0.4"])
+  end
+end
+

data/app/controllers/account_controller.rb

@@ -0,0 +1,167 @@
+class AccountController < ApplicationController
+  unloadable
+  require_login :only => [:edit_profile, :edit_email_addresses, :change_password, :add_openid, :delete_openid]
+  before_filter :check_signup_allowed, :only => [:signup, :signup_success]
+  
+  filter_parameter_logging :password
+  
+  def activate
+    if logged_in?
+      redirect_to "/"
+      return
+    end
+
+    @account = Account.find params[:account]
+
+    if not @account.nil? and @account.activation_key == params[:activation_key]
+      @account.active = true
+      @account.activation_key = nil
+      @account.save
+    else
+      redirect_to :action => :activation_error
+    end
+  end
+  
+  def edit_profile
+    @person = logged_in_person
+    if not AeUsers.profile_class.nil?
+      @app_profile = AeUsers.profile_class.find_by_person_id(@person.id)
+    end
+    
+    if request.post?
+      @person.update_attributes params[:person]
+      if @app_profile
+        @app_profile.update_attributes params[:app_profile]
+      end
+    end
+  end
+  
+  def edit_email_addresses
+    errs = []
+    
+    if params[:new_address] and params[:new_address].length > 0
+      existing_ea = EmailAddress.find_by_address params[:new_address]
+      if existing_ea
+        errs.push "A different person is already associated with the email address you tried to add."
+      else
+        newea = EmailAddress.create :person => logged_in_person, :address => params[:new_address]
+        if params[:primary] == 'new'
+          newea.primary = true
+          newea.save
+        end
+      end
+    end
+    
+    if params[:primary] and params[:primary] != 'new'
+      id = params[:primary].to_i
+      if id != 0
+        addr = EmailAddress.find id
+        if addr.person != logged_in_person
+          errs.push "The email address you've selected as primary belongs to a different person."
+        else
+          addr.primary = true
+          addr.save
+        end
+      else
+        errs.push "The email address you've selected as primary doesn't exist."
+      end
+    end
+    
+    if params[:delete]
+      params[:delete].each do |id|
+        addr = EmailAddress.find id
+        if addr.person != logged_in_person
+          errs.push "The email address you've selected to delete belongs to a different person."
+        elsif addr.primary
+          errs.push "You can't delete your primary email address.  Try making a different email address your primary address first."
+        else
+          addr.destroy
+        end
+      end
+    end
+    
+    if errs.length > 0
+      flash[:error_messages] = errs
+    end
+    
+    redirect_to :action => :edit_profile
+  end
+  
+  def change_password
+    password = params[:password]
+    if password[:password1].nil? or password[:password2].nil?
+      redirect_to :action => :edit_profile
+    elsif password[:password1] != password[:password2]
+      flash[:error_messages] = ["The passwords you entered don't match.  Please try again."]
+      redirect_to :action => :edit_profile
+    else
+      acct = logged_in_person.account
+      acct.password = password[:password1]
+      acct.save
+    end
+  end
+  
+  def activation_error
+  end
+  
+  def signup_success
+  end
+  
+  def add_openid
+    if using_open_id?
+      authenticate_with_open_id(params[:openid_url]) do |result, identity_url|
+        if result.successful?
+          id = OpenIdIdentity.find_by_identity_url(identity_url)
+          if id.nil?
+            id = OpenIdIdentity.new :person => logged_in_person, :identity_url => identity_url
+          else
+            if id.person.nil?
+              id.person = logged_in_person
+            elsif id.person != logged_in_person
+              flash[:error_messages] = ["That OpenID belongs to a different person (#{id.person.name})."]
+              return
+            end
+          end
+          if not id.save
+            flash[:error_messages] = id.errors.collect { |e| e[0].humanize + " " + e[1] }
+          end
+        else
+          flash[:error_messages] = [result.message]
+        end
+        redirect_to :action => 'edit_profile'
+      end
+    else
+      flash[:error_messages] = ["Please enter an OpenID url."]
+    end
+  end
+  
+  def delete_openid
+    id = OpenIdIdentity.find(params[:id])
+    if id.person == logged_in_person
+      if logged_in_person.account or logged_in_person.open_id_identities.length > 1
+        id.destroy
+      else
+        flash[:error_messages] = ["Deleting that OpenID would leave you no way of logging in!"]
+      end
+    else
+      flash[:error_messages] = ["That OpenID does not belong to you!"]
+    end
+    redirect_to :action => 'edit_profile'
+  end
+  
+  def signup
+    ret = create_account_and_person()
+    if ret == :success
+      redirect_to :action => 'signup_success'
+    elsif ret == :no_activation
+      redirect_to :action => :signup_noactivation
+    end
+  end
+  
+  private  
+  def check_signup_allowed
+    if not AeUsers.signup_allowed?
+      access_denied "Account signup is not allowed on this site."
+    end
+  end
+end

data/app/controllers/auth_controller.rb

@@ -0,0 +1,202 @@
+class AuthController < ApplicationController
+  unloadable
+  filter_parameter_logging :password
+  before_filter :construct_login, :only => [:login, :openid_login, :forgot_form]
+  
+  def index
+    respond_to do |format|
+      format.css { render :layout => false }
+    end
+  end
+  
+  def openid_login
+    params[:openid_url] ||= cookies['openid_url']    
+    if using_open_id?
+      if attempt_open_id_login(@login.return_to)
+        successful_login_redirect
+      end
+    end
+  end
+  
+  def login
+    if request.post?
+      unless @login.password or @login.have_password
+        redirect_to :controller => "account", :action => "signup", :email => @login.email
+      end
+    end
+    if request.post? and not logged_in?
+      if attempt_login(@login)
+        successful_login_redirect
+      end
+    end
+  end
+  
+  def needs_person
+    @open_id_identity = OpenIdIdentity.find_or_create_by_identity_url(session[:identity_url])
+    @person = Person.new
+    if not AeUsers.profile_class.nil?
+      @app_profile = AeUsers.profile_class.send(:new, :person => @person)
+    end
+    
+    if params[:registration]
+      person_map = HashWithIndifferentAccess.new(Person.sreg_map)
+      profile_map = if AeUsers.profile_class and AeUsers.profile_class.respond_to?("sreg_map")
+        HashWithIndifferentAccess.new(AeUsers.profile_class.sreg_map)
+      else
+        nil
+      end
+        
+      params[:registration].each_pair do |key, value|
+        if key == 'email'
+          params[:email] = value
+        elsif person_map.has_key?(key.to_s)
+          mapper = person_map[key]
+          attrs = mapper.call(value)
+          @person.attributes = attrs
+        elsif (profile_map and profile_map.has_key?(key))
+          mapper = profile_map[key]
+          @app_profile.attributes = mapper.call(value)
+        end
+      end
+    end
+    if params[:person]
+      @person.attributes = params[:person]
+    end
+    if params[:app_profile] and @app_profile
+      @app_profile.attributes = params[:app_profile]
+    end
+    
+    if request.post?
+      error_messages = []
+      error_fields = []
+      
+      ["firstname", "lastname", "gender"].each do |field|
+        if not @person.send(field)
+          error_fields.push field
+          error_messages.push "You must enter a value for #{field}."
+        end
+      end
+      
+      if not params[:email]
+        error_fields.push("email")
+        error_messages.push "You must enter a value for email."
+      end
+      
+      if error_messages.length > 0
+        flash[:error_fields] = error_fields
+        flash[:error_messages] = error_messages
+      else
+        @person.save
+        @person.primary_email_address = params[:email]
+        @open_id_identity.person = @person
+        @open_id_identity.save
+        if @app_profile
+          @app_profile.save
+        end
+        
+        session[:person] = @person
+        redirect_to session[:return_to]
+      end
+    end
+  end
+
+  def auth_form  
+    respond_to do |format|
+      format.js { render :layout => false }
+    end
+  end
+  
+  def needs_profile
+    @person = Person.find session[:provisional_person]
+    if @person.nil?
+      flash[:error_messages] = ["Couldn't find a person record with that ID.  
+        Something may have gone wrong internally.  Please try again, and if the problem persists, please contact
+        the site administrator."]
+      redirect_to :back
+    end
+    
+    if not AeUsers.signup_allowed?
+      flash[:error_messages] = ['Your account is not valid for this site.']
+      redirect_to url_for("/")
+    else
+      if not AeUsers.profile_class.nil?
+        @app_profile = AeUsers.profile_class.send(:new, :person_id => session[:provisional_person])
+        @app_profile.attributes = params[:app_profile]
+        
+        if request.post?
+          @app_profile.save
+          session[:person] = @person
+          redirect_to params[:return_to]
+        end
+      end
+    end
+  end
+  
+  def forgot
+    ActionMailer::Base.default_url_options[:host] = request.host
+    
+    @account = Account.find_by_email_address(params[:email])
+    if not @account.nil?
+      @account.generate_password
+    else
+      flash[:error_messages] = ["There's no account matching that email address.  Please try again, or sign up for an account."]
+      redirect_to :action => :forgot_form
+    end
+  end
+  
+  def resend_validation
+    ActionMailer::Base.default_url_options[:host] = request.host
+    
+    @email_address = Account.find params[:email]
+    if not @email_address.nil?
+      @email_address.generate_validation
+    else
+      flash[:error_messages] = ["Email address #{params[:email]} not found!"]
+      redirect_to url_for("/")
+    end
+  end
+  
+  def logout
+    reset_session
+    redirect_to :back
+  end
+  
+  private
+  
+  def construct_login
+    @login = Login.new(params[:login])
+    @login.email ||= cookies['email']
+    if @login.return_to.nil? or @login.return_to == ""
+      if params[:return_to]
+        @login.return_to = params[:return_to]
+      else
+        @login.return_to = request.env["HTTP_REFERER"]
+      end
+    end
+
+    # prevent infinite redirect loops
+    begin
+      if URI(@login.return_to).path == URI(request.url).path
+        @login.return_to = url_for("/")
+      end
+    rescue
+    end
+    
+    # if they're already logged in, don't let them view this page
+    if logged_in?
+      successful_login_redirect
+    end
+  end
+  
+  def successful_login_redirect
+    if @login.return_to
+      redirect_to @login.return_to
+    elsif session[:return_to]
+      rt = session[:return_to]
+      session[:return_to] = nil
+      redirect_to rt
+    else
+      redirect_to url_for('/')
+    end
+  end
+end