RubyGems - aerogel-users - Versions diffs - 1.4.3 - Mend

aerogel-users 1.4.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (80) hide show

checksums.yaml +7 -0
data/.gitignore +19 -0
data/Gemfile +4 -0
data/LICENSE.txt +22 -0
data/README.md +16 -0
data/Rakefile +1 -0
data/aerogel-users.gemspec +30 -0
data/app/helpers/access_control.rb +32 -0
data/app/helpers/auth.rb +58 -0
data/app/helpers/auth_login_providers.rb +18 -0
data/app/mailers/user.rb +43 -0
data/app/routes/access_control.rb +15 -0
data/app/routes/auth.rb +53 -0
data/app/routes/user.rb +192 -0
data/assets/README.md +1 -0
data/assets/javascripts/.gitkeep +0 -0
data/assets/stylesheets/.gitkeep +0 -0
data/config/auth.conf +43 -0
data/config/development/.keep +0 -0
data/config/production/.keep +0 -0
data/db/model/access.rb +67 -0
data/db/model/authentication.rb +54 -0
data/db/model/role.rb +17 -0
data/db/model/user.rb +223 -0
data/db/model/user_email.rb +24 -0
data/db/model/user_registration_form.rb +23 -0
data/db/model/user_request_account_activation_form.rb +30 -0
data/db/model/user_request_email_confirmation_form.rb +40 -0
data/db/model/user_request_password_reset_form.rb +37 -0
data/db/model/user_reset_password_form.rb +41 -0
data/db/seed/01_user_role.seed +8 -0
data/db/seed/02_access_user.seed +25 -0
data/db/seed/development/.keep +0 -0
data/db/seed/development/test-user.seed +77 -0
data/db/seed/production/.keep +0 -0
data/lib/aerogel/users.rb +22 -0
data/lib/aerogel/users/auth.rb +67 -0
data/lib/aerogel/users/omniauth-failure_endpoint_ex.rb +21 -0
data/lib/aerogel/users/omniauth-password.rb +63 -0
data/lib/aerogel/users/secure_password.rb +55 -0
data/lib/aerogel/users/version.rb +5 -0
data/locales/actions/en.yml +18 -0
data/locales/actions/ru.yml +17 -0
data/locales/auth/en.yml +22 -0
data/locales/auth/ru.yml +22 -0
data/locales/mailers/en.yml +69 -0
data/locales/mailers/ru.yml +73 -0
data/locales/models/en.yml +65 -0
data/locales/models/ru.yml +64 -0
data/locales/views/en.yml +122 -0
data/locales/views/ru.yml +126 -0
data/public/README.md +1 -0
data/rake/README.md +3 -0
data/views/mailers/user/account_activation.html.erb +3 -0
data/views/mailers/user/account_activation.text.erb +3 -0
data/views/mailers/user/email_confirmation.html.erb +3 -0
data/views/mailers/user/email_confirmation.text.erb +3 -0
data/views/mailers/user/password_reset.html.erb +3 -0
data/views/mailers/user/password_reset.text.erb +3 -0
data/views/user/activate_account.html.erb +3 -0
data/views/user/activate_account_failure.html.erb +3 -0
data/views/user/confirm_email.html.erb +3 -0
data/views/user/confirm_email_failure.html.erb +3 -0
data/views/user/edit.html.erb +6 -0
data/views/user/index.html.erb +19 -0
data/views/user/login.html.erb +3 -0
data/views/user/login/_form.html.erb +28 -0
data/views/user/login/_provider.html.erb +5 -0
data/views/user/logout.html.erb +3 -0
data/views/user/register.html.erb +10 -0
data/views/user/register_success.html.erb +3 -0
data/views/user/request_account_activation.html.erb +9 -0
data/views/user/request_account_activation_success.html.erb +3 -0
data/views/user/request_email_confirmation.html.erb +8 -0
data/views/user/request_email_confirmation_success.html.erb +3 -0
data/views/user/request_password_reset.html.erb +8 -0
data/views/user/request_password_reset_success.html.erb +3 -0
data/views/user/reset_password.html.erb +9 -0
data/views/user/reset_password_success.html.erb +3 -0
metadata +234 -0

checksums.yaml ADDED

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 38e3f2209b78bded716b72e0d6fc1c3c018dce08
+  data.tar.gz: 15d5df47c1147bab9404240b00aebf2416ba642f
+SHA512:
+  metadata.gz: 2fe81054db3c0fb713768328bc76632b45f4a0663b85a7961dbfb0cd468e58dadd61f3f14572c3d95e578c45e001738548bd877a538ac4235b6cebca49f8a0ab
+  data.tar.gz: 897182d5dac0d2e39d9f672eb02f4b4111d76fd8dfccf38b504284f75a9aeaae7542ee92aceb86275b41215fbe50dac1cad0976ea0551091569808a4ef1e7962

data/.gitignore ADDED

@@ -0,0 +1,19 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp
+.ruby-version
+.ruby-gemset

data/Gemfile ADDED

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+# Specify your gem's dependencies in aerogel-module123.gemspec
+gemspec

data/LICENSE.txt ADDED

@@ -0,0 +1,22 @@
+Copyright (c) 2013 Alex Kukushkin
+MIT License
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md ADDED

@@ -0,0 +1,16 @@
+# aerogel-users
+User management for aerogel CMS.
+Provides user models, helpers and routs for user registration, authentication,
+roles and access management.
+## Usage
+In your application's config.ru:
+```ruby
+require 'aerogel/core'
+require 'aerogel/users'
+run Aerogel::Application.load
+```

data/Rakefile ADDED

	@@ -0,0 +1 @@
1	+ require "bundler/gem_tasks"

data/aerogel-users.gemspec ADDED

@@ -0,0 +1,30 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'aerogel/users/version'
+Gem::Specification.new do |spec|
+  spec.name          = "aerogel-users"
+  spec.version       = Aerogel::Users::VERSION
+  spec.authors       = ["Alex Kukushkin"]
+  spec.email         = ["alex@kukushk.in"]
+  spec.description   = %q{User management for aerogel}
+  spec.summary       = %q{User management for aerogel}
+  spec.homepage      = ""
+  spec.license       = "MIT"
+  spec.files         = `git ls-files`.split($/)
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ["lib"]
+  spec.add_dependency "aerogel-core", "~> 1.4"
+  spec.add_dependency "aerogel-forms", "~> 0.1"
+  spec.add_dependency "aerogel-mailer", "~> 1.1"
+  spec.add_dependency "aerogel-font_awesome"
+  spec.add_dependency "omniauth"
+  spec.add_dependency "bcrypt"
+  spec.add_development_dependency "bundler", "~> 1.3"
+  spec.add_development_dependency "rake"
+end

data/app/helpers/access_control.rb ADDED

@@ -0,0 +1,32 @@
+# Returns +true+ is user allowed to access +path+ with operation +access+.
+#
+def can? path, access = Access::READ
+  applied_rules = Access.rules_for_path path
+  # no rules for the path mean the access is not restricted
+  return true if applied_rules.blank?
+  # there are rules for the path, but the user is not authenticated
+  return false unless current_user?
+  # check if any rule grants access to path/access/user roles.
+  applied_rules.each do |access_rule|
+    return true if access_rule.grants?( path, access, current_user.roles )
+  end
+  # no luck
+  return false
+end
+# Returns constructed link if READ access to +url+ is allowed, returns empty string otherwise.
+#
+def link_to_if_can( url, text = url, opts = {} )
+  link_to( url, text, opts ) if can?( url )
+end
+def on_access_denied( &block )
+  @on_access_denied_callback = block if block_given?
+  @on_access_denied_callback
+end

data/app/helpers/auth.rb ADDED

@@ -0,0 +1,58 @@
+# Redirects after authentication process to the most appropriate origin URL.
+#
+# Possible origins (URLs to redirect to) are tried in following order:
+#   explicit_origin
+#   request.env['omniauth.origin']
+#   request.params['origin']
+#   default_origin
+#
+def auth_redirect_to_origin( explicit_origin, default_origin = "/" )
+  url = explicit_origin || request.env['omniauth.origin'] || request.params['origin'] || default_origin
+  redirect url
+end
+def auth_login( user, opts = {} )
+  session[:user_id] = user.id
+  session[:remember_me] = opts[:remember_me].present?
+  user.authenticated!( opts )
+  auth_keepalive_session
+end
+def auth_logout
+  session[:user_id] = nil
+  session[:remember_me] = nil
+  session.options[:expire_after] = nil
+end
+def auth_keepalive_session
+  session.options[:expire_after] = 2592000 if session[:remember_me]
+end
+# Returns User object of the current authenticated user or +nil+.
+#
+def current_user
+  auth_keepalive_session
+  @current_user ||= ( session[:user_id] ? User.find( session[:user_id] ) : nil )
+end
+# Returns +true+ if user is authenticated, +false+ otherwise.
+#
+def current_user?
+  !current_user.nil?
+end
+# Gets or sets auth state.
+# 'auth state' is a one-time used Hash used to store auth system data between requests.
+#
+def auth_state( value = nil )
+  if value
+    @auth_state = value
+    session[:auth_state] = value.to_json
+    return @auth_state
+  end
+  unless @auth_state
+    @auth_state = session[:auth_state].nil? ? {} : JSON.parse( session[:auth_state] )
+    session[:auth_state] = nil
+  end
+  @auth_state
+end

data/app/helpers/auth_login_providers.rb ADDED

@@ -0,0 +1,18 @@
+# Returns A HREF link to a login using given provider.
+#
+def link_to_social_login( provider_key, text = nil, on_success = nil )
+  provider = Aerogel::Auth.providers[provider_key] || {}
+  text ||= provider[:name]
+  link_to url_to_social_login( provider_key, on_success ), text.to_s, title: "log in using #{provider[:name]}"
+end
+# Returns URL to a login using given provider.
+#
+def url_to_social_login( provider_key, on_success = nil )
+  provider = Aerogel::Auth.providers[provider_key] || {}
+  origin = on_success || params['on_success']
+  query_string = origin ? "?origin=#{origin}" : ''
+  "/auth/#{provider_key}#{query_string}"
+end

data/app/mailers/user.rb ADDED

@@ -0,0 +1,43 @@
+mailer 'user/email_confirmation' do |user_email|
+  user = user_email.user
+  url = url_to( "/user/confirm_email",
+    fqdn: true,
+    email: user_email.email,
+    token: user_email.confirmation_token
+  )
+  to user_email.email
+  subject t.aerogel.users.mailers.email_confirmation.subject
+  locals full_name: h(user.full_name), url: url
+end
+mailer 'user/account_activation' do |user|
+  user_email = user.emails.first
+  url = url_to( "/user/activate_account",
+    fqdn: true,
+    email: user_email.email,
+    token: user_email.confirmation_token
+  )
+  to user_email.email
+  subject t.aerogel.users.mailers.account_activation.subject
+  locals full_name: h(user.full_name), url: url
+end
+mailer 'user/password_reset' do |authentication|
+  user_email = authentication.email
+  user = user_email.user
+  url = url_to( "/user/reset_password",
+    fqdn: true,
+    email: user_email.email,
+    token: authentication.password_reset_token
+  )
+  user_email = authentication.email
+  to user_email.email
+  subject t.aerogel.users.mailers.password_reset.subject
+  locals full_name: h(user.full_name), url: url
+end

data/app/routes/access_control.rb ADDED

@@ -0,0 +1,15 @@
+# Before serving any route check for access permissions.
+#
+before do
+  access = %w(GET HEAD).include?( request.request_method.upcase.to_s ) ? Access::READ : Access::WRITE
+  unless can? request.path_info, access
+    flash[:error] = t.aerogel.auth.actions.access_denied path: request.path_info, access: access
+    # on_access_denied callback redefines flash[:error] and raises redirect exception
+    on_access_denied.call( request.path_info, access ) if on_access_denied.present?
+    redirect "/"
+  end
+end

data/app/routes/auth.rb ADDED

@@ -0,0 +1,53 @@
+# Authentication system routes
+route :get, :post, "/auth/:provider/callback" do
+  # flash[:debug] = "params.inspect: #{params.inspect}"
+  user = User.find_by_authentication( params[:provider].to_sym, request.env['omniauth.auth']['uid'] )
+  if params[:provider] == 'password' && !user.activated?( request.env['omniauth.auth']['uid'] )
+    auth_state params.merge(
+      result: 'error',
+      error: 'account_not_activated'
+    )
+    auth_redirect_to_origin( params['on_failure'] )
+    halt
+  end
+  if user
+    # registered user
+    auth_login( user, remember_me: !!params['remember_me'], provider: params[:provider], uid: request.env['omniauth.auth']['uid'] )
+    logger.debug( "successfully authenticated: #{params.inspect} ")
+    logger.debug( "user: #{user} ")
+    auth_state result: :success
+    flash[:notice] = t.aerogel.auth.welcome full_name: user.full_name
+    auth_redirect_to_origin( params["on_success"] )
+  else
+    user = User.create_from_omniauth request.env['omniauth.auth']
+    unless user.save
+      flash[:error] = t.aerogel.auth.errors.create_from_omniauth errors: user.errors.inspect
+      auth_redirect_to_origin( params["on_failure"] )
+    end
+    auth_login( user, remember_me: !!params['remember_me'], provider: params[:provider], uid: request.env['omniauth.auth']['uid'] )
+    flash[:notice] = t.aerogel.auth.welcome_new_user full_name: user.full_name
+    redirect "/user/edit"
+  end
+end
+get "/auth/failure" do
+  logger.debug( "failed to authenticate: #{params.inspect} ")
+  flash[:debug] = "params.inspect: #{params.inspect}"
+  auth_state params.merge(
+    result: 'error',
+    error: 'invalid_credentials',
+    provider: params['provider'] || params['strategy']
+  )
+  auth_redirect_to_origin( params['on_failure'] )
+end
+# Retrieves auth_state
+#
+before do
+  auth_state
+end

data/app/routes/user.rb ADDED

@@ -0,0 +1,192 @@
+namespace '/user' do
+  before do
+    on_access_denied do |path|
+      unless current_user?
+        redirect "/user/login?on_success=#{path}"
+      end
+    end
+  end
+  get '/login' do
+    @error_message = nil
+    params['on_success'] ||= auth_state['on_success'] || '/'
+    params['on_failure'] ||= auth_state['on_failure'] || '/user/login'
+    params['email'] ||= auth_state['email']
+    if auth_state['result'] == 'error'
+      auth_state['provider'] ||= "i_think_its_password"
+      # error messages are looked up in the following order:
+      # aerogel.auth.<provider>.errors.<message>
+      # aerogel.auth.errors.<message>
+      # aerogel.auth.errors.unknown
+      @error_message = t.aerogel.auth.send( auth_state['provider'].to_sym ).errors.send(
+          auth_state['error'].to_sym,
+          default: [ "aerogel.auth.errors.#{auth_state['error']}".to_sym, :'aerogel.auth.errors.unknown' ],
+          provider: auth_state['provider'],
+          message: auth_state['error']
+      )
+    end
+    pass
+  end
+  get '/logout' do
+    auth_logout
+    flash.now[:notice] = t.aerogel.users.actions.logged_out
+    pass
+  end
+  #
+  # Account management routes
+  #
+  get '/register' do
+    @user_registration_form = UserRegistrationForm.new
+    pass
+  end
+  post '/register' do
+    @user_registration_form = UserRegistrationForm.new( params[:user_registration_form] )
+    pass unless @user_registration_form.valid?
+    user = User.create_from @user_registration_form
+    unless user.save
+      flash[:error] = t.aerogel.db.errors.failed_to_save name: user.model_name.human,
+        errors: user.errors.full_messages.join(', ')
+      pass
+    end
+    user.request_activation!
+    email 'user/account_activation', user
+    view "user/register_success"
+  end
+  get '/request_account_activation' do
+    @user_request_account_activation_form = UserRequestAccountActivationForm.new
+    pass
+  end
+  post '/request_account_activation' do
+    @user_request_account_activation_form = UserRequestAccountActivationForm.new(
+      params[:user_request_account_activation_form]
+    )
+    pass unless @user_request_account_activation_form.valid?
+    user = @user_request_account_activation_form.user
+    user.request_activation!
+    email 'user/account_activation', user
+    view 'user/request_account_activation_success'
+  end
+  get '/activate_account' do
+    begin
+      @user = User.activate!( params['email'], params['token'] )
+      pass
+    rescue StandardError => e
+      flash.now[:error] = e.to_s
+      view 'user/activate_account_failure'
+    end
+  end
+  get '/request_email_confirmation' do
+    @user_request_email_confirmation_form = UserRequestEmailConfirmationForm.new
+    pass
+  end
+  post '/request_email_confirmation' do
+    @user_request_email_confirmation_form = UserRequestEmailConfirmationForm.new(
+      params[:user_request_email_confirmation_form]
+    )
+    pass unless @user_request_email_confirmation_form.valid?
+    user_email = @user_request_email_confirmation_form.user_email
+    user_email.user.request_email_confirmation! @user_request_email_confirmation_form.email
+    email 'user/email_confirmation', user_email
+    view 'user/request_email_confirmation_success'
+  end
+  get '/confirm_email' do
+    begin
+      user = User.confirm_email!( params['email'], params['token'] )
+      pass
+    rescue StandardError => e
+      flash.now[:error] = e.to_s
+      view 'user/confirm_email_failure'
+    end
+  end
+  get '/request_password_reset' do
+    @user_request_password_reset_form = UserRequestPasswordResetForm.new
+    pass
+  end
+  post '/request_password_reset' do
+    @user_request_password_reset_form = UserRequestPasswordResetForm.new(
+      params[:user_request_password_reset_form]
+    )
+    pass unless @user_request_password_reset_form.valid?
+    user = @user_request_password_reset_form.user
+    authentication = user.request_password_reset! @user_request_password_reset_form.email
+    email 'user/password_reset', authentication
+    view 'user/request_password_reset_success'
+  end
+  get '/reset_password' do
+    @user_reset_password_form = UserResetPasswordForm.new(
+      email: params['email'],
+      password_reset_token: params['token']
+    )
+    pass
+  end
+  post '/reset_password' do
+    @user_reset_password_form = UserResetPasswordForm.new(
+      params[:user_reset_password_form]
+    )
+    pass unless @user_reset_password_form.valid?
+    begin
+      user = User.reset_password!(
+        @user_reset_password_form.email,
+        @user_reset_password_form.password_reset_token,
+        @user_reset_password_form.password,
+        @user_reset_password_form.password_confirmation
+      )
+      view 'user/reset_password_success'
+    rescue StandardError => e
+      flash.now[:error] = e.to_s
+      pass
+    end
+  end
+  #
+  # Edit user profile
+  #
+  get '/edit' do
+    @user = current_user
+    pass
+  end
+  post '/edit' do
+    @user = User.find( params[:id] )
+    unless @user
+      flash.now[:error] = t.error.messages.user_not_found
+      pass
+    end
+    unless @user.id == current_user.id
+      redirect '/user', error: "Access denied, user profile does not belong to you"
+    end
+    unless @user.update_attributes params[:user].except( :roles )
+      flash.now[:error] = t.aerogel.db.errors.failed_to_save name: User.model_name.human,
+        errors: @user.errors.full_messages.join(", ")
+      pass
+    end
+    redirect '/user'
+  end
+  #
+  # Common User controller routes
+  #
+  route :get, :post, ['', '/:action'] do
+    action = params[:action] || 'index'
+    view "user/#{action}"
+  end
+end # namespace '/user'