RubyGems - aerogel-users - Versions diffs - 1.4.3 - Mend

aerogel-users 1.4.3

Files changed (80) hide show

checksums.yaml +7 -0
data/.gitignore +19 -0
data/Gemfile +4 -0
data/LICENSE.txt +22 -0
data/README.md +16 -0
data/Rakefile +1 -0
data/aerogel-users.gemspec +30 -0
data/app/helpers/access_control.rb +32 -0
data/app/helpers/auth.rb +58 -0
data/app/helpers/auth_login_providers.rb +18 -0
data/app/mailers/user.rb +43 -0
data/app/routes/access_control.rb +15 -0
data/app/routes/auth.rb +53 -0
data/app/routes/user.rb +192 -0
data/assets/README.md +1 -0
data/assets/javascripts/.gitkeep +0 -0
data/assets/stylesheets/.gitkeep +0 -0
data/config/auth.conf +43 -0
data/config/development/.keep +0 -0
data/config/production/.keep +0 -0
data/db/model/access.rb +67 -0
data/db/model/authentication.rb +54 -0
data/db/model/role.rb +17 -0
data/db/model/user.rb +223 -0
data/db/model/user_email.rb +24 -0
data/db/model/user_registration_form.rb +23 -0
data/db/model/user_request_account_activation_form.rb +30 -0
data/db/model/user_request_email_confirmation_form.rb +40 -0
data/db/model/user_request_password_reset_form.rb +37 -0
data/db/model/user_reset_password_form.rb +41 -0
data/db/seed/01_user_role.seed +8 -0
data/db/seed/02_access_user.seed +25 -0
data/db/seed/development/.keep +0 -0
data/db/seed/development/test-user.seed +77 -0
data/db/seed/production/.keep +0 -0
data/lib/aerogel/users.rb +22 -0
data/lib/aerogel/users/auth.rb +67 -0
data/lib/aerogel/users/omniauth-failure_endpoint_ex.rb +21 -0
data/lib/aerogel/users/omniauth-password.rb +63 -0
data/lib/aerogel/users/secure_password.rb +55 -0
data/lib/aerogel/users/version.rb +5 -0
data/locales/actions/en.yml +18 -0
data/locales/actions/ru.yml +17 -0
data/locales/auth/en.yml +22 -0
data/locales/auth/ru.yml +22 -0
data/locales/mailers/en.yml +69 -0
data/locales/mailers/ru.yml +73 -0
data/locales/models/en.yml +65 -0
data/locales/models/ru.yml +64 -0
data/locales/views/en.yml +122 -0
data/locales/views/ru.yml +126 -0
data/public/README.md +1 -0
data/rake/README.md +3 -0
data/views/mailers/user/account_activation.html.erb +3 -0
data/views/mailers/user/account_activation.text.erb +3 -0
data/views/mailers/user/email_confirmation.html.erb +3 -0
data/views/mailers/user/email_confirmation.text.erb +3 -0
data/views/mailers/user/password_reset.html.erb +3 -0
data/views/mailers/user/password_reset.text.erb +3 -0
data/views/user/activate_account.html.erb +3 -0
data/views/user/activate_account_failure.html.erb +3 -0
data/views/user/confirm_email.html.erb +3 -0
data/views/user/confirm_email_failure.html.erb +3 -0
data/views/user/edit.html.erb +6 -0
data/views/user/index.html.erb +19 -0
data/views/user/login.html.erb +3 -0
data/views/user/login/_form.html.erb +28 -0
data/views/user/login/_provider.html.erb +5 -0
data/views/user/logout.html.erb +3 -0
data/views/user/register.html.erb +10 -0
data/views/user/register_success.html.erb +3 -0
data/views/user/request_account_activation.html.erb +9 -0
data/views/user/request_account_activation_success.html.erb +3 -0
data/views/user/request_email_confirmation.html.erb +8 -0
data/views/user/request_email_confirmation_success.html.erb +3 -0
data/views/user/request_password_reset.html.erb +8 -0
data/views/user/request_password_reset_success.html.erb +3 -0
data/views/user/reset_password.html.erb +9 -0
data/views/user/reset_password_success.html.erb +3 -0
metadata +234 -0

checksums.yaml ADDED

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 38e3f2209b78bded716b72e0d6fc1c3c018dce08
+  data.tar.gz: 15d5df47c1147bab9404240b00aebf2416ba642f
+SHA512:
+  metadata.gz: 2fe81054db3c0fb713768328bc76632b45f4a0663b85a7961dbfb0cd468e58dadd61f3f14572c3d95e578c45e001738548bd877a538ac4235b6cebca49f8a0ab
+  data.tar.gz: 897182d5dac0d2e39d9f672eb02f4b4111d76fd8dfccf38b504284f75a9aeaae7542ee92aceb86275b41215fbe50dac1cad0976ea0551091569808a4ef1e7962

data/.gitignore ADDED

@@ -0,0 +1,19 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp
+.ruby-version
+.ruby-gemset

data/Gemfile ADDED

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+# Specify your gem's dependencies in aerogel-module123.gemspec
+gemspec

data/LICENSE.txt ADDED

@@ -0,0 +1,22 @@
+Copyright (c) 2013 Alex Kukushkin
+MIT License
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md ADDED

@@ -0,0 +1,16 @@
+# aerogel-users
+User management for aerogel CMS.
+Provides user models, helpers and routs for user registration, authentication,
+roles and access management.
+## Usage
+In your application's config.ru:
+```ruby
+require 'aerogel/core'
+require 'aerogel/users'
+run Aerogel::Application.load
+```

data/Rakefile ADDED

	@@ -0,0 +1 @@
1	+ require "bundler/gem_tasks"

data/aerogel-users.gemspec ADDED

@@ -0,0 +1,30 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'aerogel/users/version'
+Gem::Specification.new do |spec|
+  spec.name          = "aerogel-users"
+  spec.version       = Aerogel::Users::VERSION
+  spec.authors       = ["Alex Kukushkin"]
+  spec.email         = ["alex@kukushk.in"]
+  spec.description   = %q{User management for aerogel}
+  spec.summary       = %q{User management for aerogel}
+  spec.homepage      = ""
+  spec.license       = "MIT"
+  spec.files         = `git ls-files`.split($/)
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ["lib"]
+  spec.add_dependency "aerogel-core", "~> 1.4"
+  spec.add_dependency "aerogel-forms", "~> 0.1"
+  spec.add_dependency "aerogel-mailer", "~> 1.1"
+  spec.add_dependency "aerogel-font_awesome"
+  spec.add_dependency "omniauth"
+  spec.add_dependency "bcrypt"
+  spec.add_development_dependency "bundler", "~> 1.3"
+  spec.add_development_dependency "rake"
+end

data/app/helpers/access_control.rb ADDED

@@ -0,0 +1,32 @@
+# Returns +true+ is user allowed to access +path+ with operation +access+.
+#
+def can? path, access = Access::READ
+  applied_rules = Access.rules_for_path path
+  # no rules for the path mean the access is not restricted
+  return true if applied_rules.blank?
+  # there are rules for the path, but the user is not authenticated
+  return false unless current_user?
+  # check if any rule grants access to path/access/user roles.
+  applied_rules.each do |access_rule|
+    return true if access_rule.grants?( path, access, current_user.roles )
+  end
+  # no luck
+  return false
+end
+# Returns constructed link if READ access to +url+ is allowed, returns empty string otherwise.
+#
+def link_to_if_can( url, text = url, opts = {} )
+  link_to( url, text, opts ) if can?( url )
+end
+def on_access_denied( &block )
+  @on_access_denied_callback = block if block_given?
+  @on_access_denied_callback
+end

data/app/helpers/auth.rb ADDED

@@ -0,0 +1,58 @@
+# Redirects after authentication process to the most appropriate origin URL.
+#
+# Possible origins (URLs to redirect to) are tried in following order:
+#   explicit_origin
+#   request.env['omniauth.origin']
+#   request.params['origin']
+#   default_origin
+#
+def auth_redirect_to_origin( explicit_origin, default_origin = "/" )
+  url = explicit_origin || request.env['omniauth.origin'] || request.params['origin'] || default_origin
+  redirect url
+end
+def auth_login( user, opts = {} )
+  session[:user_id] = user.id
+  session[:remember_me] = opts[:remember_me].present?
+  user.authenticated!( opts )
+  auth_keepalive_session
+end
+def auth_logout
+  session[:user_id] = nil
+  session[:remember_me] = nil
+  session.options[:expire_after] = nil
+end
+def auth_keepalive_session
+  session.options[:expire_after] = 2592000 if session[:remember_me]
+end
+# Returns User object of the current authenticated user or +nil+.
+#
+def current_user
+  auth_keepalive_session
+  @current_user ||= ( session[:user_id] ? User.find( session[:user_id] ) : nil )
+end
+# Returns +true+ if user is authenticated, +false+ otherwise.
+#
+def current_user?
+  !current_user.nil?
+end
+# Gets or sets auth state.
+# 'auth state' is a one-time used Hash used to store auth system data between requests.
+#
+def auth_state( value = nil )
+  if value
+    @auth_state = value
+    session[:auth_state] = value.to_json
+    return @auth_state
+  end
+  unless @auth_state
+    @auth_state = session[:auth_state].nil? ? {} : JSON.parse( session[:auth_state] )
+    session[:auth_state] = nil
+  end
+  @auth_state
+end

data/app/helpers/auth_login_providers.rb ADDED

@@ -0,0 +1,18 @@
+# Returns A HREF link to a login using given provider.
+#
+def link_to_social_login( provider_key, text = nil, on_success = nil )
+  provider = Aerogel::Auth.providers[provider_key] || {}
+  text ||= provider[:name]
+  link_to url_to_social_login( provider_key, on_success ), text.to_s, title: "log in using #{provider[:name]}"
+end
+# Returns URL to a login using given provider.
+#
+def url_to_social_login( provider_key, on_success = nil )
+  provider = Aerogel::Auth.providers[provider_key] || {}
+  origin = on_success || params['on_success']
+  query_string = origin ? "?origin=#{origin}" : ''
+  "/auth/#{provider_key}#{query_string}"
+end

data/app/mailers/user.rb ADDED

@@ -0,0 +1,43 @@
+mailer 'user/email_confirmation' do |user_email|
+  user = user_email.user
+  url = url_to( "/user/confirm_email",
+    fqdn: true,
+    email: user_email.email,
+    token: user_email.confirmation_token
+  )
+  to user_email.email
+  subject t.aerogel.users.mailers.email_confirmation.subject
+  locals full_name: h(user.full_name), url: url
+end
+mailer 'user/account_activation' do |user|
+  user_email = user.emails.first
+  url = url_to( "/user/activate_account",
+    fqdn: true,
+    email: user_email.email,
+    token: user_email.confirmation_token
+  )
+  to user_email.email
+  subject t.aerogel.users.mailers.account_activation.subject
+  locals full_name: h(user.full_name), url: url
+end
+mailer 'user/password_reset' do |authentication|
+  user_email = authentication.email
+  user = user_email.user
+  url = url_to( "/user/reset_password",
+    fqdn: true,
+    email: user_email.email,
+    token: authentication.password_reset_token
+  )
+  user_email = authentication.email
+  to user_email.email
+  subject t.aerogel.users.mailers.password_reset.subject
+  locals full_name: h(user.full_name), url: url
+end

data/app/routes/access_control.rb ADDED

@@ -0,0 +1,15 @@
+# Before serving any route check for access permissions.
+#
+before do
+  access = %w(GET HEAD).include?( request.request_method.upcase.to_s ) ? Access::READ : Access::WRITE
+  unless can? request.path_info, access
+    flash[:error] = t.aerogel.auth.actions.access_denied path: request.path_info, access: access
+    # on_access_denied callback redefines flash[:error] and raises redirect exception
+    on_access_denied.call( request.path_info, access ) if on_access_denied.present?
+    redirect "/"
+  end
+end

data/app/routes/auth.rb ADDED

@@ -0,0 +1,53 @@
+# Authentication system routes
+route :get, :post, "/auth/:provider/callback" do
+  # flash[:debug] = "params.inspect: #{params.inspect}"
+  user = User.find_by_authentication( params[:provider].to_sym, request.env['omniauth.auth']['uid'] )
+  if params[:provider] == 'password' && !user.activated?( request.env['omniauth.auth']['uid'] )
+    auth_state params.merge(
+      result: 'error',
+      error: 'account_not_activated'
+    )
+    auth_redirect_to_origin( params['on_failure'] )
+    halt
+  end
+  if user
+    # registered user
+    auth_login( user, remember_me: !!params['remember_me'], provider: params[:provider], uid: request.env['omniauth.auth']['uid'] )
+    logger.debug( "successfully authenticated: #{params.inspect} ")
+    logger.debug( "user: #{user} ")
+    auth_state result: :success
+    flash[:notice] = t.aerogel.auth.welcome full_name: user.full_name
+    auth_redirect_to_origin( params["on_success"] )
+  else
+    user = User.create_from_omniauth request.env['omniauth.auth']
+    unless user.save
+      flash[:error] = t.aerogel.auth.errors.create_from_omniauth errors: user.errors.inspect
+      auth_redirect_to_origin( params["on_failure"] )
+    end
+    auth_login( user, remember_me: !!params['remember_me'], provider: params[:provider], uid: request.env['omniauth.auth']['uid'] )
+    flash[:notice] = t.aerogel.auth.welcome_new_user full_name: user.full_name
+    redirect "/user/edit"
+  end
+end
+get "/auth/failure" do
+  logger.debug( "failed to authenticate: #{params.inspect} ")
+  flash[:debug] = "params.inspect: #{params.inspect}"
+  auth_state params.merge(
+    result: 'error',
+    error: 'invalid_credentials',
+    provider: params['provider'] || params['strategy']
+  )
+  auth_redirect_to_origin( params['on_failure'] )
+end
+# Retrieves auth_state
+#
+before do
+  auth_state
+end

data/app/routes/user.rb ADDED

@@ -0,0 +1,192 @@
+namespace '/user' do
+  before do
+    on_access_denied do |path|
+      unless current_user?
+        redirect "/user/login?on_success=#{path}"
+      end
+    end
+  end
+  get '/login' do
+    @error_message = nil
+    params['on_success'] ||= auth_state['on_success'] || '/'
+    params['on_failure'] ||= auth_state['on_failure'] || '/user/login'
+    params['email'] ||= auth_state['email']
+    if auth_state['result'] == 'error'
+      auth_state['provider'] ||= "i_think_its_password"
+      # error messages are looked up in the following order:
+      # aerogel.auth.<provider>.errors.<message>
+      # aerogel.auth.errors.<message>
+      # aerogel.auth.errors.unknown
+      @error_message = t.aerogel.auth.send( auth_state['provider'].to_sym ).errors.send(
+          auth_state['error'].to_sym,
+          default: [ "aerogel.auth.errors.#{auth_state['error']}".to_sym, :'aerogel.auth.errors.unknown' ],
+          provider: auth_state['provider'],
+          message: auth_state['error']
+      )
+    end
+    pass
+  end
+  get '/logout' do
+    auth_logout
+    flash.now[:notice] = t.aerogel.users.actions.logged_out
+    pass
+  end
+  #
+  # Account management routes
+  #
+  get '/register' do
+    @user_registration_form = UserRegistrationForm.new
+    pass
+  end
+  post '/register' do
+    @user_registration_form = UserRegistrationForm.new( params[:user_registration_form] )
+    pass unless @user_registration_form.valid?
+    user = User.create_from @user_registration_form
+    unless user.save
+      flash[:error] = t.aerogel.db.errors.failed_to_save name: user.model_name.human,
+        errors: user.errors.full_messages.join(', ')
+      pass
+    end
+    user.request_activation!
+    email 'user/account_activation', user
+    view "user/register_success"
+  end
+  get '/request_account_activation' do
+    @user_request_account_activation_form = UserRequestAccountActivationForm.new
+    pass
+  end
+  post '/request_account_activation' do
+    @user_request_account_activation_form = UserRequestAccountActivationForm.new(
+      params[:user_request_account_activation_form]
+    )
+    pass unless @user_request_account_activation_form.valid?
+    user = @user_request_account_activation_form.user
+    user.request_activation!
+    email 'user/account_activation', user
+    view 'user/request_account_activation_success'
+  end
+  get '/activate_account' do
+    begin
+      @user = User.activate!( params['email'], params['token'] )
+      pass
+    rescue StandardError => e
+      flash.now[:error] = e.to_s
+      view 'user/activate_account_failure'
+    end
+  end
+  get '/request_email_confirmation' do
+    @user_request_email_confirmation_form = UserRequestEmailConfirmationForm.new
+    pass
+  end
+  post '/request_email_confirmation' do
+    @user_request_email_confirmation_form = UserRequestEmailConfirmationForm.new(
+      params[:user_request_email_confirmation_form]
+    )
+    pass unless @user_request_email_confirmation_form.valid?
+    user_email = @user_request_email_confirmation_form.user_email
+    user_email.user.request_email_confirmation! @user_request_email_confirmation_form.email
+    email 'user/email_confirmation', user_email
+    view 'user/request_email_confirmation_success'
+  end
+  get '/confirm_email' do
+    begin
+      user = User.confirm_email!( params['email'], params['token'] )
+      pass
+    rescue StandardError => e
+      flash.now[:error] = e.to_s
+      view 'user/confirm_email_failure'
+    end
+  end
+  get '/request_password_reset' do
+    @user_request_password_reset_form = UserRequestPasswordResetForm.new
+    pass
+  end
+  post '/request_password_reset' do
+    @user_request_password_reset_form = UserRequestPasswordResetForm.new(
+      params[:user_request_password_reset_form]
+    )
+    pass unless @user_request_password_reset_form.valid?
+    user = @user_request_password_reset_form.user
+    authentication = user.request_password_reset! @user_request_password_reset_form.email
+    email 'user/password_reset', authentication
+    view 'user/request_password_reset_success'
+  end
+  get '/reset_password' do
+    @user_reset_password_form = UserResetPasswordForm.new(
+      email: params['email'],
+      password_reset_token: params['token']
+    )
+    pass
+  end
+  post '/reset_password' do
+    @user_reset_password_form = UserResetPasswordForm.new(
+      params[:user_reset_password_form]
+    )
+    pass unless @user_reset_password_form.valid?
+    begin
+      user = User.reset_password!(
+        @user_reset_password_form.email,
+        @user_reset_password_form.password_reset_token,
+        @user_reset_password_form.password,
+        @user_reset_password_form.password_confirmation
+      )
+      view 'user/reset_password_success'
+    rescue StandardError => e
+      flash.now[:error] = e.to_s
+      pass
+    end
+  end
+  #
+  # Edit user profile
+  #
+  get '/edit' do
+    @user = current_user
+    pass
+  end
+  post '/edit' do
+    @user = User.find( params[:id] )
+    unless @user
+      flash.now[:error] = t.error.messages.user_not_found
+      pass
+    end
+    unless @user.id == current_user.id
+      redirect '/user', error: "Access denied, user profile does not belong to you"
+    end
+    unless @user.update_attributes params[:user].except( :roles )
+      flash.now[:error] = t.aerogel.db.errors.failed_to_save name: User.model_name.human,
+        errors: @user.errors.full_messages.join(", ")
+      pass
+    end
+    redirect '/user'
+  end
+  #
+  # Common User controller routes
+  #
+  route :get, :post, ['', '/:action'] do
+    action = params[:action] || 'index'
+    view "user/#{action}"
+  end
+end # namespace '/user'