auth_eng 0.0.1

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright 2012 Gustavo Lobo
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,12 @@
+AuthEng
+=======
+
+Motivation
+----------
+What led me to the creation of this engine was the fact that on several projects that I have worked on, always have the same problems with the gem devise, and almost always because I want that the authentication follows a flow that devise doesn't follow by default.
+
+For example, I don't want people to be able to register themselves, I want it to be done by an authenticated user. And then, these people should receive an account confirmation/activation email, and when they click the link in that email, they can choose their own password.
+
+So, I decided to create an engine, trying to make it as easy as possible to integrate with a newly created application.
+
+Later I will try to clarify the flow of this engine. Any suggestion, thanks.

data/Rakefile

@@ -0,0 +1,40 @@
+#!/usr/bin/env rake
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+begin
+  require 'rdoc/task'
+rescue LoadError
+  require 'rdoc/rdoc'
+  require 'rake/rdoctask'
+  RDoc::Task = Rake::RDocTask
+end
+
+RDoc::Task.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'AuthEng'
+  rdoc.options << '--line-numbers'
+  rdoc.rdoc_files.include('README.rdoc')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+APP_RAKEFILE = File.expand_path("../test/dummy/Rakefile", __FILE__)
+load 'rails/tasks/engine.rake'
+
+
+
+Bundler::GemHelper.install_tasks
+
+require 'rake/testtask'
+
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'lib'
+  t.libs << 'test'
+  t.pattern = 'test/**/*_test.rb'
+  t.verbose = false
+end
+
+
+task :default => :test

data/app/assets/javascripts/auth_eng/application.js

@@ -0,0 +1,15 @@
+// This is a manifest file that'll be compiled into application.js, which will include all the files
+// listed below.
+//
+// Any JavaScript/Coffee file within this directory, lib/assets/javascripts, vendor/assets/javascripts,
+// or vendor/assets/javascripts of plugins, if any, can be referenced here using a relative path.
+//
+// It's not advisable to add code directly here, but if you do, it'll appear at the bottom of the
+// the compiled file.
+//
+// WARNING: THE FIRST BLANK LINE MARKS THE END OF WHAT'S TO BE PROCESSED, ANY BLANK LINE SHOULD
+// GO AFTER THE REQUIRES BELOW.
+//
+//= require jquery
+//= require jquery_ujs
+//= require_tree .

data/app/assets/javascripts/auth_eng/users.js

@@ -0,0 +1,2 @@
+// Place all the behaviors and hooks related to the matching controller here.
+// All this logic will automatically be available in application.js.

data/app/assets/stylesheets/auth_eng/application.css

@@ -0,0 +1,13 @@
+/*
+ * This is a manifest file that'll be compiled into application.css, which will include all the files
+ * listed below.
+ *
+ * Any CSS and SCSS file within this directory, lib/assets/stylesheets, vendor/assets/stylesheets,
+ * or vendor/assets/stylesheets of plugins, if any, can be referenced here using a relative path.
+ *
+ * You're free to add application-wide styles to this file and they'll appear at the top of the
+ * compiled file, but it's generally better to create a new file per style scope.
+ *
+ *= require_self
+ *= require_tree .
+ */

data/app/assets/stylesheets/auth_eng/users.css

@@ -0,0 +1,4 @@
+/*
+  Place all the styles related to the matching controller here.
+  They will automatically be included in application.css.
+*/

data/app/controllers/auth_eng/application_controller.rb

@@ -0,0 +1,4 @@
+module AuthEng
+  class ApplicationController < ActionController::Base
+  end
+end

data/app/controllers/auth_eng/confirmations_controller.rb

@@ -0,0 +1,69 @@
+require_dependency "auth_eng/application_controller"
+
+module AuthEng
+  class ConfirmationsController < Devise::PasswordsController
+    # Remove the first skip_before_filter (:require_no_authentication) if you
+    # don't want to enable logged users to access the confirmation page.
+    skip_before_filter :require_no_authentication
+    skip_before_filter :authenticate_user!
+    
+    # PUT /resource/confirmation
+    def update
+      params[:confirmation_token] ||= params[:user][:confirmation_token]
+      @confirmation_token = params[:user][:confirmation_token]
+      with_unconfirmed_confirmable do
+        if @confirmable.has_no_password?
+          @confirmable.attempt_set_password(params[:user])
+          if @confirmable.valid?
+            do_confirm
+          else
+            do_show
+            @confirmable.errors.clear #so that we wont render :new
+          end
+        else
+          self.class.add_error_on(self, :email, :password_allready_set)
+        end
+      end
+      if !@confirmable.errors.empty?
+        do_show #Change this if you don't have the views on default path
+      end
+    end
+    
+    # GET /resource/confirmation?confirmation_token=abcdef
+    def show
+      params[:confirmation_token] ||= params[:user][:confirmation_token]
+      with_unconfirmed_confirmable do
+        if @confirmable.has_no_password?
+          do_show
+        else
+          do_confirm
+        end
+      end
+      if !@confirmable.errors.empty?
+        render 'auth_eng/confirmations/show' #Change this if you don't have the views on default path 
+      end
+    end
+    
+    protected
+    
+    def with_unconfirmed_confirmable
+      @confirmable = User.find_or_initialize_with_error_by(:confirmation_token, params[:confirmation_token])
+      if !@confirmable.new_record?
+        @confirmable.only_if_unconfirmed {yield}
+      end
+    end
+    
+    def do_show
+      @confirmation_token = params[:confirmation_token]
+      @requires_password = true
+      self.resource = @confirmable
+      render 'auth_eng/confirmations/show' #Change this if you don't have the views on default path
+    end
+    
+    def do_confirm
+      @confirmable.confirm!
+      set_flash_message :notice, :confirmed
+      sign_in_and_redirect(resource_name, @confirmable)
+    end
+  end
+end

data/app/controllers/auth_eng/users_controller.rb

@@ -0,0 +1,77 @@
+require_dependency "auth_eng/application_controller"
+
+module AuthEng
+  class UsersController < ApplicationController
+    
+    before_filter :authenticate_user!
+    
+    def index
+      @users = User.all
+
+      respond_to do |format|
+        format.html # index.html.erb
+        format.json { render json: @users }
+      end
+    end
+    
+    def show
+      @user = User.find(params[:id])
+
+      respond_to do |format|
+        format.html # show.html.erb
+        format.json { render json: @user }
+      end
+    end
+  
+    def new
+      @user = User.new
+
+      respond_to do |format|
+        format.html # new.html.erb
+        format.json { render json: @user }
+      end
+    end
+    
+    def edit
+      @user = User.find(params[:id])
+    end
+  
+    def create
+      @user = User.new(params[:user])
+
+      respond_to do |format|
+        if @user.save
+          format.html { redirect_to @user, notice: 'User was successfully created.' }
+          format.json { render json: @user, status: :created, location: @user }
+        else
+          format.html { render action: "new" }
+          format.json { render json: @user.errors, status: :unprocessable_entity }
+        end
+      end
+    end
+  
+    def update
+      @user = User.find(params[:id])
+
+      respond_to do |format|
+        if @user.update_attributes(params[:user])
+          format.html { redirect_to @user, notice: 'User was successfully updated.' }
+          format.json { head :no_content }
+        else
+          format.html { render action: "edit" }
+          format.json { render json: @user.errors, status: :unprocessable_entity }
+        end
+      end
+    end
+  
+    def destroy
+      @user = User.find(params[:id])
+      @user.destroy
+
+      respond_to do |format|
+        format.html { redirect_to users_url }
+        format.json { head :no_content }
+      end
+    end
+  end
+end

data/app/helpers/auth_eng/application_helper.rb

@@ -0,0 +1,4 @@
+module AuthEng
+  module ApplicationHelper
+  end
+end

data/app/helpers/auth_eng/users_helper.rb

@@ -0,0 +1,4 @@
+module AuthEng
+  module UsersHelper
+  end
+end

data/app/models/auth_eng/user.rb

@@ -0,0 +1,45 @@
+module AuthEng
+  class User < ActiveRecord::Base
+    # Include default devise modules. Others available are:
+    # :token_authenticatable, :confirmable,
+    # :lockable, :timeoutable and :omniauthable
+    devise :database_authenticatable, :confirmable,
+           :recoverable, :rememberable, :trackable, :validatable
+  
+    # Setup accessible (or protected) attributes for your model
+    attr_accessible :name, :email, :password, :password_confirmation, :remember_me
+    # attr_accessible :title, :body
+    
+    acts_as_paranoid :column => 'deleted_at', :type => 'time'
+    
+    def only_if_unconfirmed
+      pending_any_confirmation {yield}
+    end
+    
+    # new function to set the password without knowing the current password used in our confirmation controller. 
+    def attempt_set_password(params)
+      p = {}
+      p[:password] = params[:password]
+      p[:password_confirmation] = params[:password_confirmation]
+      update_attributes(p)
+    end
+    
+    # new function to return whether a password has been set
+    def has_no_password?
+      self.encrypted_password.blank?
+    end
+    
+    # Password is required if it is being set, but not for new records
+    def password_required?
+      if !persisted? 
+        false
+      else
+        !password.nil? || !password_confirmation.nil?
+      end
+    end
+    
+    def send_on_create_confirmation_instructions
+      Devise::Mailer.delay.confirmation_instructions(self)
+    end
+  end
+end

data/app/views/auth_eng/confirmations/show.html.haml

@@ -0,0 +1,12 @@
+#dashboard
+	%h1.blue= "Account Activation"
+	#ics_form
+		.ics_form
+			= semantic_form_for resource, :as => resource_name, :url => update_user_confirmation_path, :html => {:method => 'put'} do |f|
+				= f.inputs do
+					= f.input :password
+					= f.input :password_confirmation
+					= f.input :confirmation_token, :input_html => {:value => @confirmation_token}
+					
+				.group.navform.wat-cf
+					= f.submit

data/app/views/auth_eng/devise/confirmations/new.html.erb

@@ -0,0 +1,12 @@
+<h2>Resend confirmation instructions</h2>
+
+<%= form_for(resource, :as => resource_name, :url => confirmation_path(resource_name), :html => { :method => :post }) do |f| %>
+  <%= devise_error_messages! %>
+
+  <div><%= f.label :email %><br />
+  <%= f.email_field :email %></div>
+
+  <div><%= f.submit "Resend confirmation instructions" %></div>
+<% end %>
+
+<%= render "devise/shared/links" %>

data/app/views/auth_eng/devise/confirmations/show.html.haml

@@ -0,0 +1,12 @@
+#dashboard
+	%h1.blue= "Account Activation"
+	#ics_form
+		.ics_form
+			= semantic_form_for resource, :as => resource_name, :url => update_user_confirmation_path, :html => {:method => 'put'} do |f|
+				= f.inputs do
+					= f.input :password
+					= f.input :password_confirmation
+					= f.input :confirmation_token, :value => @confirmation_token, :as => :hidden
+					
+				.group.navform.wat-cf
+					= f.submit

data/app/views/auth_eng/devise/mailer/confirmation_instructions.html.erb

@@ -0,0 +1,5 @@
+<p>Welcome <%= @resource.email %>!</p>
+
+<p>You can confirm your account email through the link below:</p>
+
+<p><%= link_to 'Confirm my account', confirmation_url(@resource, :confirmation_token => @resource.confirmation_token) %></p>

data/app/views/auth_eng/devise/mailer/reset_password_instructions.html.erb

@@ -0,0 +1,8 @@
+<p>Hello <%= @resource.email %>!</p>
+
+<p>Someone has requested a link to change your password, and you can do this through the link below.</p>
+
+<p><%= link_to 'Change my password', edit_password_url(@resource, :reset_password_token => @resource.reset_password_token) %></p>
+
+<p>If you didn't request this, please ignore this email.</p>
+<p>Your password won't change until you access the link above and create a new one.</p>

data/app/views/auth_eng/devise/mailer/unlock_instructions.html.erb

@@ -0,0 +1,7 @@
+<p>Hello <%= @resource.email %>!</p>
+
+<p>Your account has been locked due to an excessive amount of unsuccessful sign in attempts.</p>
+
+<p>Click the link below to unlock your account:</p>
+
+<p><%= link_to 'Unlock my account', unlock_url(@resource, :unlock_token => @resource.unlock_token) %></p>

data/app/views/auth_eng/devise/passwords/edit.html.erb

@@ -0,0 +1,16 @@
+<h2>Change your password</h2>
+
+<%= form_for(resource, :as => resource_name, :url => password_path(resource_name), :html => { :method => :put }) do |f| %>
+  <%= devise_error_messages! %>
+  <%= f.hidden_field :reset_password_token %>
+
+  <div><%= f.label :password, "New password" %><br />
+  <%= f.password_field :password %></div>
+
+  <div><%= f.label :password_confirmation, "Confirm new password" %><br />
+  <%= f.password_field :password_confirmation %></div>
+
+  <div><%= f.submit "Change my password" %></div>
+<% end %>
+
+<%= render "devise/shared/links" %>

data/app/views/auth_eng/devise/passwords/new.html.erb

@@ -0,0 +1,12 @@
+<h2>Forgot your password?</h2>
+
+<%= form_for(resource, :as => resource_name, :url => password_path(resource_name), :html => { :method => :post }) do |f| %>
+  <%= devise_error_messages! %>
+
+  <div><%= f.label :email %><br />
+  <%= f.email_field :email %></div>
+
+  <div><%= f.submit "Send me reset password instructions" %></div>
+<% end %>
+
+<%= render "devise/shared/links" %>

data/app/views/auth_eng/devise/registrations/edit.html.erb

@@ -0,0 +1,25 @@
+<h2>Edit <%= resource_name.to_s.humanize %></h2>
+
+<%= form_for(resource, :as => resource_name, :url => registration_path(resource_name), :html => { :method => :put }) do |f| %>
+  <%= devise_error_messages! %>
+
+  <div><%= f.label :email %><br />
+  <%= f.email_field :email %></div>
+
+  <div><%= f.label :password %> <i>(leave blank if you don't want to change it)</i><br />
+  <%= f.password_field :password, :autocomplete => "off" %></div>
+
+  <div><%= f.label :password_confirmation %><br />
+  <%= f.password_field :password_confirmation %></div>
+
+  <div><%= f.label :current_password %> <i>(we need your current password to confirm your changes)</i><br />
+  <%= f.password_field :current_password %></div>
+
+  <div><%= f.submit "Update" %></div>
+<% end %>
+
+<h3>Cancel my account</h3>
+
+<p>Unhappy? <%= link_to "Cancel my account", registration_path(resource_name), :data => { :confirm => "Are you sure?" }, :method => :delete %>.</p>
+
+<%= link_to "Back", :back %>