apispree_auth 0.0.0

data/config/cucumber.yml

@@ -0,0 +1,10 @@
+<%
+rerun = File.file?('rerun.txt') ? IO.read('rerun.txt') : ""
+rerun_opts = rerun.to_s.strip.empty? ? "--format #{ENV['CUCUMBER_FORMAT'] || 'progress'} features" : "--format #{ENV['CUCUMBER_FORMAT'] || 'pretty'} #{rerun}"
+std_opts = "--format #{ENV['CUCUMBER_FORMAT'] || 'progress'} --strict --tags ~@wip"
+ci_opts = "--format progress --strict"
+%>
+default: <%= std_opts %> features
+wip: --tags @wip:3 --wip features
+ci: <%= ci_opts %> features CI=true
+rerun: <%= rerun_opts %> --format rerun --out rerun.txt --strict --tags ~@wip

data/config/initializers/devise.rb

@@ -0,0 +1,136 @@
+# Use this hook to configure devise mailer, warden hooks and so forth. The first
+# four configuration values can also be set straight in your models.
+Devise.setup do |config|
+  # ==> Mailer Configuration
+  # Configure the e-mail address which will be shown in DeviseMailer.
+  config.mailer_sender = "please-change-me@config-initializers-devise.com"
+
+  # Configure the class responsible to send e-mails.
+  config.mailer = "UserMailer"
+
+  # ==> ORM configuration
+  # Load and configure the ORM. Supports :active_record (default) and
+  # :mongoid (bson_ext recommended) by default. Other ORMs may be
+  # available as additional gems.
+  require 'devise/orm/active_record'
+
+  # ==> Configuration for any authentication mechanism
+  # Configure which keys are used when authenticating an user. By default is
+  # just :email. You can configure it to use [:username, :subdomain], so for
+  # authenticating an user, both parameters are required. Remember that those
+  # parameters are used only when authenticating and not when retrieving from
+  # session. If you need permissions, you should implement that in a before filter.
+  # config.authentication_keys = [ :email ]
+
+  # Tell if authentication through request.params is enabled. True by default.
+  # config.params_authenticatable = true
+
+  # Tell if authentication through HTTP Basic Auth is enabled. False by default.
+  config.http_authenticatable = true
+
+  # Set this to true to use Basic Auth for AJAX requests.  True by default.
+  #config.http_authenticatable_on_xhr = false
+
+  # The realm used in Http Basic Authentication
+  config.http_authentication_realm = "Spree Application"
+
+  # ==> Configuration for :database_authenticatable
+  # For bcrypt, this is the cost for hashing the password and defaults to 10. If
+  # using other encryptors, it sets how many times you want the password re-encrypted.
+  config.stretches = 20
+
+  # Setup a pepper to generate the encrypted password.
+  config.pepper = "0bfa9e2cb4a5efd0d976518a3d82e345060547913d2fd1dd2f32b0c8dbbbb5d3dc20b86d0fed31aca9513bccdf51643700ea277d9c64d9ce8ef886bf39293453"
+
+  # ==> Configuration for :confirmable
+  # The time you want to give your user to confirm his account. During this time
+  # he will be able to access your application without confirming. Default is nil.
+  # When confirm_within is zero, the user won't be able to sign in without confirming.
+  # You can use this to let your user access some features of your application
+  # without confirming the account, but blocking it after a certain period
+  # (ie 2 days).
+  # config.confirm_within = 2.days
+
+  # ==> Configuration for :rememberable
+  # The time the user will be remembered without asking for credentials again.
+  # config.remember_for = 2.weeks
+
+  # If true, a valid remember token can be re-used between multiple browsers.
+  # config.remember_across_browsers = true
+
+  # If true, extends the user's remember period when remembered via cookie.
+  # config.extend_remember_period = false
+
+  # ==> Configuration for :validatable
+  # Range for password length
+  # config.password_length = 6..20
+
+  # Regex to use to validate the email address
+  config.email_regexp = /^([\w\.%\+\-]+)@([\w\-]+\.)+([\w]{2,})$/i
+
+  # ==> Configuration for :timeoutable
+  # The time you want to timeout the user session without activity. After this
+  # time the user will be asked for credentials again.
+  # config.timeout_in = 10.minutes
+
+  # ==> Configuration for :lockable
+  # Defines which strategy will be used to lock an account.
+  # :failed_attempts = Locks an account after a number of failed attempts to sign in.
+  # :none            = No lock strategy. You should handle locking by yourself.
+  # config.lock_strategy = :failed_attempts
+
+  # Defines which strategy will be used to unlock an account.
+  # :email = Sends an unlock link to the user email
+  # :time  = Re-enables login after a certain amount of time (see :unlock_in below)
+  # :both  = Enables both strategies
+  # :none  = No unlock strategy. You should handle unlocking by yourself.
+  # config.unlock_strategy = :both
+
+  # Number of authentication tries before locking an account if lock_strategy
+  # is failed attempts.
+  # config.maximum_attempts = 20
+
+  # Time interval to unlock the account if :time is enabled as unlock_strategy.
+  # config.unlock_in = 1.hour
+
+  # ==> Configuration for :token_authenticatable
+  # Defines name of the authentication token params key
+  config.token_authentication_key = :auth_token
+
+  # ==> Scopes configuration
+  # Turn scoped views on. Before rendering "sessions/new", it will first check for
+  # "users/sessions/new". It's turned off by default because it's slower if you
+  # are using only default views.
+  # config.scoped_views = true
+
+  # Configure the default scope given to Warden. By default it's the first
+  # devise role declared in your routes.
+  # config.default_scope = :user
+
+  # Configure sign_out behavior.
+  # By default sign_out is scoped (i.e. /users/sign_out affects only :user scope).
+  # In case of sign_out_all_scopes set to true any logout action will sign out all active scopes.
+  # config.sign_out_all_scopes = false
+
+  # ==> Navigation configuration
+  # Lists the formats that should be treated as navigational. Formats like
+  # :html, should redirect to the sign in page when the user does not have
+  # access, but formats like :xml or :json, should return 401.
+  # If you have any extra navigational formats, like :iphone or :mobile, you
+  # should add them to the navigational formats lists. Default is [:html]
+  config.navigational_formats = [:html, :json, :xml]
+
+  # ==> Warden configuration
+  # If you want to use other strategies, that are not (yet) supported by Devise,
+  # you can configure them inside the config.warden block. The example below
+  # allows you to setup OAuth, using http://github.com/roman/warden_oauth
+  #
+  # config.warden do |manager|
+  #   manager.oauth(:twitter) do |twitter|
+  #     twitter.consumer_secret = <YOUR CONSUMER SECRET>
+  #     twitter.consumer_key  = <YOUR CONSUMER KEY>
+  #     twitter.options :site => 'http://twitter.com'
+  #   end
+  #   manager.default_strategies(:scope => :user).unshift :twitter_oauth
+  # end
+end

data/config/locales/en.yml

@@ -0,0 +1,46 @@
+en:
+  errors:
+    messages:
+      not_found: "not found"
+      already_confirmed: "was already confirmed"
+      not_locked: "was not locked"
+      not_saved:
+        one: "1 error prohibited this %{resource} from being saved:"
+        other: "%{count} errors prohibited this %{resource} from being saved:"
+  devise:
+    failure:
+      unauthenticated: 'You need to sign in or sign up before continuing.'
+      unconfirmed: 'You have to confirm your account before continuing.'
+      locked: 'Your account is locked.'
+      invalid: 'Invalid email or password.'
+      invalid_token: 'Invalid authentication token.'
+      timeout: 'Your session expired, please sign in again to continue.'
+      inactive: 'Your account was not activated yet.'
+    user_passwords:
+      user:
+        send_instructions: 'You will receive an email with instructions about how to reset your password in a few minutes.'
+        updated: 'Your password was changed successfully. You are now signed in.'
+    confirmations:
+      send_instructions: 'You will receive an email with instructions about how to confirm your account in a few minutes.'
+      confirmed: 'Your account was successfully confirmed. You are now signed in.'
+    user_registrations:
+      signed_up: 'Welcome! You have signed up successfully.'
+      inactive_signed_up: 'You have signed up successfully. However, we could not sign you in because your account is %{reason}.'
+      updated: 'You updated your account successfully.'
+      destroyed: 'Bye! Your account was successfully cancelled. We hope to see you again soon.'
+    user_sessions:
+      signed_in: 'Signed in successfully.'
+      signed_out: 'Signed out successfully.'
+    unlocks:
+      send_instructions: 'You will receive an email with instructions about how to unlock your account in a few minutes.'
+      unlocked: 'Your account was successfully unlocked. You are now signed in.'
+    oauth_callbacks:
+      success: 'Successfully authorized from %{kind} account.'
+      failure: 'Could not authorize you from %{kind} because "%{reason}".'
+    mailer:
+      confirmation_instructions:
+        subject: 'Confirmation instructions'
+      reset_password_instructions:
+        subject: 'Reset password instructions'
+      unlock_instructions:
+        subject: 'Unlock Instructions'

data/config/routes.rb

@@ -0,0 +1,28 @@
+Rails.application.routes.draw do
+  devise_for :user,
+             :controllers => { :sessions => 'user_sessions',
+                               :registrations => 'user_registrations',
+                               :passwords => "user_passwords" },
+             :skip => [:unlocks, :omniauth_callbacks],
+             :path_names => { :sign_out => 'logout'}
+  resources :users, :only => [:edit, :update]
+
+  devise_scope :user do
+    get "/login" => "user_sessions#new", :as => :login
+    get "/signup" => "user_registrations#new", :as => :signup
+  end
+
+
+  match '/checkout/registration' => 'checkout#registration', :via => :get, :as => :checkout_registration
+  match '/checkout/registration' => 'checkout#update_registration', :via => :put, :as => :update_checkout_registration
+
+  match '/orders/:id/token/:token' => 'orders#show', :via => :get, :as => :token_order
+
+  resource :session do
+    member do
+      get :nav_bar
+    end
+  end
+  resource :account, :controller => "users"
+
+end

data/db/migrate/20101026184950_rename_columns_for_devise.rb

@@ -0,0 +1,39 @@
+class RenameColumnsForDevise < ActiveRecord::Migration
+  def self.up
+    return if column_exists?(:users, :password_salt)
+    rename_column :users, :crypted_password, :encrypted_password
+    rename_column :users, :salt, :password_salt
+    rename_column :users, :remember_token_expires_at, :remember_created_at
+    rename_column :users, :login_count, :sign_in_count
+    rename_column :users, :failed_login_count, :failed_attempts
+    rename_column :users, :single_access_token, :reset_password_token
+    rename_column :users, :current_login_at, :current_sign_in_at
+    rename_column :users, :last_login_at, :last_sign_in_at
+    rename_column :users, :current_login_ip, :current_sign_in_ip
+    rename_column :users, :last_login_ip, :last_sign_in_ip
+    add_column :users, :authentication_token, :string
+    add_column :users, :unlock_token, :string
+    add_column :users, :locked_at, :datetime
+    remove_column :users, :api_key rescue Exception
+    remove_column :users, :openid_identifier
+  end
+
+  def self.down
+    remove_column :users, :authentication_token
+    remove_column :users, :locked_at
+    remove_column :users, :unlock_token
+    rename_column :table_name, :new_column_name, :column_name
+    rename_column :users, :last_sign_in_ip, :last_login_ip
+    rename_column :users, :current_sign_in_ip, :current_login_ip
+    rename_column :users, :last_sign_in_at, :last_login_at
+    rename_column :users, :current_sign_in_at, :current_login_at
+    rename_column :users, :reset_password_token, :single_access_token
+    rename_column :users, :failed_attempts, :failed_login_count
+    rename_column :users, :sign_in_count, :login_count
+    rename_column :users, :remember_created_at, :remember_token_expires_at
+    rename_column :users, :password_salt, :salt
+    rename_column :users, :encrypted_password, :crypted_password
+    add_column :users, :unlock_token, :string
+    add_column :users, :openid_identifier, :string
+  end
+end

data/db/migrate/20101214150824_convert_user_remember_field.rb

@@ -0,0 +1,11 @@
+class ConvertUserRememberField < ActiveRecord::Migration
+  def self.up
+    remove_column :users, :remember_created_at
+    add_column :users, :remember_created_at, :datetime
+  end
+
+  def self.down
+    remove_column :users, :remember_created_at
+    add_column :users, :remember_created_at, :string
+  end
+end

data/db/migrate/20101217012656_create_tokenized_permissions.rb

@@ -0,0 +1,18 @@
+class CreateTokenizedPermissions < ActiveRecord::Migration
+
+  def self.up
+
+    create_table :tokenized_permissions do |t|
+      t.integer :permissable_id
+      t.string  :permissable_type
+      t.string  :token
+      t.timestamps
+    end
+
+    add_index "tokenized_permissions", ["permissable_id", "permissable_type"], :name => "index_tokenized_name_and_type"
+  end
+
+  def self.down
+    drop_table :tokenized_permissions
+  end
+end

data/db/migrate/20101219201531_tokens_for_legacy_orders.rb

@@ -0,0 +1,12 @@
+class TokensForLegacyOrders < ActiveRecord::Migration
+  def self.up
+    # add token permissions for legacy orders (stop relying on user persistence token)
+    Order.all.each do |order|
+      next unless order.user
+      order.create_tokenized_permission(:token => order.user.persistence_token)
+    end
+  end
+
+  def self.down
+  end
+end

data/db/sample/users.rb

@@ -0,0 +1,53 @@
+# see last line where we create an admin if there is none, asking for email and password
+def prompt_for_admin_password
+  password = ask('Password [spree123]: ', String) do |q|
+    q.echo = false
+    q.validate = /^(|.{5,40})$/
+    q.responses[:not_valid] = "Invalid password. Must be at least 5 characters long."
+    q.whitespace = :strip
+  end
+  password = "spree123" if password.blank?
+  password
+end
+
+def prompt_for_admin_email
+  email = ask('Email [spree@example.com]: ', String) do |q|
+    q.echo = true
+    q.whitespace = :strip
+  end
+  email = "spree@example.com" if email.blank?
+  email
+end
+
+def create_admin_user
+  if ENV['AUTO_ACCEPT']
+    password =  "spree123"
+    email =  "spree@example.com"
+  else
+    require 'highline/import'
+    puts "Create the admin user (press enter for defaults)."
+    #name = prompt_for_admin_name unless name
+    email = prompt_for_admin_email
+    password = prompt_for_admin_password
+  end
+  attributes = {
+    :password => password,
+    :password_confirmation => password,
+    :email => email,
+    :login => email
+  }
+
+  load 'user.rb'
+
+  if User.find_by_email(email)
+    say "\nWARNING: There is already a user with the email: #{email}, so no account changes were made.  If you wish to create an additional admin user, please run rake db:admin:create again with a different email.\n\n"
+  else
+    admin = User.create(attributes)
+    # create an admin role and and assign the admin user to that role
+    role = Role.find_or_create_by_name "admin"
+    admin.roles << role
+    admin.save
+  end
+end
+
+create_admin_user if User.where("roles.name" => 'admin').includes(:roles).empty?

data/lib/apispree_auth.rb

@@ -0,0 +1,29 @@
+require 'apispree_core'
+require 'devise'
+require 'cancan'
+
+require 'spree/auth/config'
+require 'spree/token_resource'
+require 'spree_auth_hooks'
+
+module SpreeAuth
+  class Engine < Rails::Engine
+    def self.activate
+      Dir.glob(File.join(File.dirname(__FILE__), "../app/**/*_decorator*.rb")) do |c|
+        Rails.env.production? ? require(c) : load(c)
+      end
+
+      # monkey patch until new version of devise comes out
+      # https://github.com/plataformatec/devise/commit/ec5bfe9119d0e1e633629793b0de1f58f89622dc
+      Devise::IndifferentHash.class_eval do
+        def [](key)
+          super(convert_key(key))
+        end
+        def to_hash; Hash.new.update(self) end
+      end
+    end
+
+    config.to_prepare &method(:activate).to_proc
+    ActiveRecord::Base.class_eval { include Spree::TokenResource }
+  end
+end

data/lib/spree/auth/config.rb

@@ -0,0 +1,22 @@
+module Spree
+  module Auth
+    # Singleton class to access the shipping configuration object (ActiveShippingConfiguration.first by default) and it's preferences.
+    #
+    # Usage:
+    #   Spree::Auth::Config[:foo]                  # Returns the foo preference
+    #   Spree::Auth::Config[]                      # Returns a Hash with all the tax preferences
+    #   Spree::Auth::Config.instance               # Returns the configuration object (AuthConfiguration.first)
+    #   Spree::Auth::Config.set(preferences_hash)  # Set the spree auth preferences as especified in +preference_hash+
+    class Config
+      include Singleton
+      include Spree::PreferenceAccess
+
+      class << self
+        def instance
+          return nil unless ActiveRecord::Base.connection.tables.include?('configurations')
+          SpreeAuthConfiguration.find_or_create_by_name("Default spree_auth configuration")
+        end
+      end
+    end
+  end
+end

data/lib/spree/token_resource.rb

@@ -0,0 +1,23 @@
+module Spree::TokenResource
+
+  module ClassMethods
+    def token_resource
+      has_one :tokenized_permission, :as => :permissable
+      delegate :token, :to => :tokenized_permission, :allow_nil => true
+      after_create :create_token
+    end
+  end
+
+  module InstanceMethods
+    def create_token
+      create_tokenized_permission(:token => ActiveSupport::SecureRandom::hex(8))
+      token
+    end
+  end
+
+  def self.included(receiver)
+    receiver.extend ClassMethods
+    receiver.send :include, InstanceMethods
+  end
+
+end

data/lib/spree_auth_hooks.rb

@@ -0,0 +1,6 @@
+class SpreeAuthHooks < Spree::ThemeSupport::HookListener
+
+  replace :admin_login_navigation_bar, :partial => "layouts/admin/login_nav"
+  replace :shared_login_bar, :partial => "shared/login_bar"
+
+end