authengine 0.0.2

data/.gitignore

@@ -0,0 +1,10 @@
+*.gem
+.bundle
+Gemfile.lock
+spec/dummy/Gemfile.lock
+pkg/*
+.DS_Store
+spec/dummy/db/test.sqlite3
+spec/dummy/log/test.log
+
+.rvmrc

data/.rspec

@@ -0,0 +1 @@
+--color

data/Gemfile

@@ -0,0 +1,4 @@
+source "http://rubygems.org"
+
+# Specify this gem's dependencies in authengine.gemspec
+gemspec

data/README.md

@@ -0,0 +1,86 @@
+# Usage
+
+Add authengine to your Gemfile:
+
+     gem 'authengine'
+
+And in the host application run:
+
+     bundle install
+
+In config/application.rb, configure the generator for haml by including:
+
+     config.generators do |g|
+     # Configure haml to be the default templating engine for generators
+       g.template_engine :haml
+     end
+
+Then copy the authengine migrations and initializer to your application and modify your application.html.rb to use the authengine with:
+
+     rails generate authengine
+
+The database is initialized with the default username: admin and password: password be sure to delete this user once the real administrator has been created.
+
+When logged in, the preconfigured admin user is assigned to the 'developer' role, which grants permissions to all controllers and actions. Additional users, roles and permissions may then be granted.
+
+# Layout
+
+The content for the authengine views is rendered as:
+
+    content_for(:authengine_logout) # for the logout link
+
+and:
+
+    content_for(:authengine) # for the main page content
+
+In your layouts/application.html.haml template, include these view components by including:
+
+     =  yield(:authengine_logout)
+
+and to include both the application content and the authengine content:
+
+     =  content_for?(authengine) ? yield(:authengine) : yield
+
+In order to include the Administration and Logout links in pages that are not produced by authengine, include in the head element of your application.html.haml layout file:
+
+     = stylesheet_link_tag "authengine"
+
+# Admin_logout helper
+
+A helper is available called admin_logout, which should be included in all views.
+
+For non administrative users, it renders a logout link. For administrative users, it renders both a link to the admin portal, and also a logout link.
+
+The admin and logout links are wrapped in a div#authengine_logout to facilitate styling and positioning.
+
+# Roles
+
+When a user is logged in with a role that matches (case insensitive) 'admin' (e.g. Administrator, foo_admin), they will be able to see the link to the administration portal, which is a menu of links to other administration pages.
+
+# Application Name
+
+The name of the application is used in some views, and particularly in user activation emails, set the constant APPLICATION_NAME to your own application's name.
+
+# Privacy Policy
+
+If you wish to have new users read and agree to a privacy policy, then the policy should be included in app/views/authengine/users/_privacy_policy.html.haml of your application. A template is copied into this directory when the authengine generator is run. Delete this template if you do not want the user to see it.
+
+# Testing
+
+In the head section of your application's application.html.haml layout file, include
+
+    - content_for :head
+
+This will include a javascript snippet that facilitates integration testing with cucumber/capybara. The script 'bypasses' any js calls to alert or confirm.
+
+# Rspec tests
+
+cd into the root directory of the application and run
+
+    bundle exec rspec
+
+# TODO
+
+* describe feature testing
+* describe application_controller before_filter
+* copy message_block images in generator

data/Rakefile

@@ -0,0 +1,31 @@
+#!/usr/bin/env rake
+
+require 'rubygems'
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+
+require 'rake'
+require 'rake/rdoctask'
+
+require 'rspec/core'
+require 'rspec/core/rake_task'
+
+RSpec::Core::RakeTask.new(:spec)
+
+task :default => :spec
+
+Rake::RDocTask.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'Authengine'
+  rdoc.options << '--line-numbers' << '--inline-source'
+  rdoc.rdoc_files.include('README.rdoc')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+# Add your own tasks in files placed in lib/tasks ending in .rake,
+# for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
+APP_RAKEFILE = File.expand_path("../spec/dummy/Rakefile", __FILE__)
+load 'rails/tasks/engine.rake'
+

data/app/assets/stylesheets/authengine.css

@@ -0,0 +1,3 @@
+/*
+*= require message_block
+*/

data/app/assets/stylesheets/message_block.css

@@ -0,0 +1,45 @@
+.message_block {
+  clear: both;
+  margin-top: 0.2em;
+  margin-bottom: 0.3em;
+	width: 500px;
+}
+
+.message_block ul {
+  margin-bottom: 0;
+  list-style: none;
+  padding: 10px;
+}
+.message_block ul li {
+  margin-left: 4em;
+}
+
+.message_block ul.error {
+  border-top: 1px solid #ecd757;
+  border-bottom: 1px solid #ecd757;
+  background: #fcf6d0 url(/images/message_block/error_m.gif) 1em 50% no-repeat;
+}
+
+.message_block ul.info {
+  border-top: 1px solid #ecd757;
+  border-bottom: 1px solid #ecd757;
+  background: #fcf6d0 url(/images/message_block/info_m.gif) 1em 50% no-repeat;
+}
+
+.message_block ul.notice {
+  border-top: 1px solid #ecd757;
+  border-bottom: 1px solid #ecd757;
+  background: #fcf6d0 url(/images/message_block/notice_m.gif) 1em 50% no-repeat;
+}
+
+.message_block ul.confirm {
+  border-top: 1px solid #ecd757;
+  border-bottom: 1px solid #ecd757;
+  background: #fcf6d0 url(/images/message_block/confirmation_m.gif) 1em 50% no-repeat;
+}
+
+.message_block ul.warn {
+  border-top: 1px solid #ecd757;
+  border-bottom: 1px solid #ecd757;
+  background: #fcf6d0 url(/images/message_block/warn_m.gif) 1em 50% no-repeat;
+}

data/app/controllers/authengine/accounts_controller.rb

@@ -0,0 +1,56 @@
+class Authengine::AccountsController < ApplicationController
+  layout 'authengine/layouts/authengine'
+
+  # because a user cannot login until the account is activated
+  skip_before_filter :check_permissions, :only => [:show]
+
+  # Activate action
+  def show
+    # Uncomment and change paths to have user logged in after activation - not recommended
+    # self.current_user = User.find_and_activate!(params[:id])
+    logger.info "accounts show"
+    @user = User.find_with_activation_code(params[:activation_code])
+    session[:activation_code] = params[:activation_code]
+    redirect_to :controller=>:users, :action=>:signup, :id=>@user.id
+  rescue User::ArgumentError
+    flash[:notice] = 'Activation code not found. Please contact database administrator.'
+    redirect_to login_path
+  rescue User::ActivationCodeNotFound
+    flash[:notice] = 'Activation code not found. Please contact database administrator.'
+    redirect_to login_path
+  rescue User::AlreadyActivated
+    flash[:notice] = 'Your account has already been activated. You can log in below.'
+    redirect_to login_path
+  end
+
+  def edit
+  end
+
+  # Change password action
+  def update
+# removed to make restful (should actually be put)
+#    return unless request.post?
+    if User.authenticate(current_user.login, params[:old_password])
+      if ((params[:password] == params[:password_confirmation]) && !params[:password_confirmation].blank?)
+        current_user.password_confirmation = params[:password_confirmation]
+        current_user.password = params[:password]
+        if current_user.save
+          flash[:notice] = "Password updated."
+          # redirect_to user_path(current_user)
+          redirect_to :controller=>session[:referer][:controller], :action=>session[:referer][:action]
+        else
+          flash[:error] = "An error occured, your password was not changed."
+          render :action => 'edit'
+        end
+      else
+        flash[:error] = "New password does not match the password confirmation."
+        @old_password = params[:old_password]
+        render :action => 'edit'
+      end
+    else
+      flash[:error] = "Your old password is incorrect."
+      render :action => 'edit'
+    end
+  end
+
+end

data/app/controllers/authengine/action_roles_controller.rb

@@ -0,0 +1,22 @@
+class Authengine::ActionRolesController < ApplicationController
+  layout 'authengine/layouts/authengine'
+
+  def update_all
+    aa = ActionRole.all.group_by(&:role_id).inject({}){|hash,a| hash[a[0]]=a[1].collect(&:action_id); hash}
+    params[:permission].each do |role_id,permissions| # role is the role name, permissions is a hash of controller/action names
+       role_id = role_id.to_i
+       permissions.each do |action_id, val|
+         action_id = action_id.to_i
+         a = aa[role_id].nil? ? false : aa[role_id].include?(action_id) # because a new role, with no permissions granted, produces nil for aa[role_id.to_i]
+         if val=="1" && !a # a newly-checked checkbox
+           ActionRole.new(:role_id=>role_id,:action_id=>action_id).save
+         elsif val=="0" && a # a newly-unchecked checkbox
+           ActionRole.find_by_role_id_and_action_id(role_id,action_id).delete
+         end
+      end
+    end
+
+    redirect_to authengine_actions_url
+  end
+
+end

data/app/controllers/authengine/actions_controller.rb

@@ -0,0 +1,17 @@
+class Authengine::ActionsController < ApplicationController
+  layout 'authengine/layouts/authengine'
+
+  def index
+    Controller.update_table # make sure the actions table includes all current controllers/actions
+    @actions = Action.all(:include=>:controller).sort
+    @roles = Role.all(:include=>{:actions=>:controller}, :order=>:name) # this eager loading seems to produce a large number of database accesses, and I'm not sure why!!
+    @allowed = []
+    @roles.each{ |r| @allowed[r.id]= r.name=="developer" ? @actions.map(&:id) : r.actions.map{ |a| a.id unless a.nil? } }
+  end
+
+  def update
+    ActionRole.update_all(params)
+    redirect_to (authengine_actions_url)
+  end
+
+end

data/app/controllers/authengine/roles_controller.rb

@@ -0,0 +1,35 @@
+class Authengine::RolesController < ApplicationController
+  layout 'authengine/layouts/authengine'
+
+  def index
+    @all_roles = Role.find(:all, :order =>:name)
+    @roles     = Role.equal_or_lower_than(current_user.roles)
+  end
+
+  def destroy
+    @role = Role.find(params[:id])
+    if @role.destroy # note: model callback applies
+      redirect_to authengine_roles_path
+    else
+      flash[:error] = "Cannot remove a role if users are assigned.<br/>Please reassign or delete users."
+      redirect_to authengine_roles_path
+    end
+  end
+
+  def new
+    @role  = Role.new
+    @roles = Role.equal_or_lower_than(current_user.roles)
+  end
+
+  def create
+    @role = Role.new(params[:role])
+
+    if @role.save
+      redirect_to authengine_roles_path
+    else
+      @roles = Role.equal_or_lower_than(current_user.roles)
+      render :action => "new"
+    end
+  end
+
+end

data/app/controllers/authengine/sessions_controller.rb

@@ -0,0 +1,75 @@
+# This controller handles the login/logout function of the site.
+require "date"
+
+class Authengine::SessionsController < ApplicationController
+  layout 'authengine/layouts/authengine'
+
+  skip_before_filter :check_permissions, :only => [:new, :create, :destroy]
+
+
+  def new
+  end
+
+  # user logs in
+  def create
+    logger.info "session controller: create"
+    authenticate_with_password(params[:login], params[:password])
+  end
+
+  # user logs out
+  def destroy
+    self.current_user.forget_me if logged_in?
+    remove_session_user_roles
+    cookies.delete :auth_token
+    reset_session
+    flash[:notice] = "You have been logged out."
+    redirect_to login_path
+  end
+
+protected
+
+  def remove_session_user_roles
+    session[:role] = SessionRole.new
+  end
+
+  def authenticate_with_password(login, password)
+    user = User.authenticate(login, password)
+    if user == nil
+      failed_login("Your username or password is incorrect.")
+    elsif user.activated_at.blank?
+      failed_login("Your account is not active, please check your email for the activation code.")
+    elsif user.enabled == false
+      failed_login("Your account has been disabled, please contact administrator.")
+    else
+      self.current_user = user
+      session[:role] = SessionRole.new
+      session[:role].add_roles(user.role_ids)
+      successful_login
+    end
+  end
+
+private
+
+  def failed_login(message)
+    logger.info "login failed with message: #{message}"
+    flash[:error] = message
+    render :action => 'new'
+  end
+
+  def successful_login
+    # 'remember me' is not used in this application
+    #if params[:remember_me] == "1"
+      #self.current_user.remember_me
+      #cookies[:auth_token] = { :value => self.current_user.remember_token , :expires => self.current_user.remember_token_expires_at }
+    #end
+#   user is already logged-in
+    flash[:notice] = "Logged in successfully"
+    return_to = session[:return_to]
+    if return_to.nil?
+      redirect_to home_path
+    else
+      redirect_to return_to
+    end
+  end
+
+end

data/app/controllers/authengine/user_roles_controller.rb

@@ -0,0 +1,55 @@
+class Authengine::UserRolesController < ApplicationController
+  def index
+    @user = User.find(params[:user_id])
+    @all_roles = Role.all(:order => :name)
+    @user_role = UserRole.new(:user_id => @user.id)
+  end
+
+  def create
+    @user = User.find(params[:user_id])
+    # session_user_roles are created by the process of downgrading the role
+    # associated with the current session for the purpose of limiting access
+    # when configuring a session for just one purpose (e.g.) checkout
+    if params[:session_user_role]
+      @user.session_user_roles.create(params[:session_user_role].delete_if{|k,v| k == "type" })
+      role_name = Role.find(params[:session_user_role][:role_id]).name
+      flash[:info] = "Current session now has #{role_name} role"
+      redirect_to home_path
+    else
+      @user.user_roles.create(params[:user_role])
+      redirect_to authengine_user_user_roles_path(@user)
+    end
+  end
+
+  def destroy
+    user_role = UserRole.find_by_role_id_and_user_id(params[:id],params[:user_id])
+    user_role.destroy
+    redirect_to authengine_user_user_roles_path(params[:user_id])
+  end
+
+  def new
+    @user = User.find(params[:user_id])
+    @user_role = UserRole.new(:user_id => @user.id)
+    @roles = Role.lower_than(current_user.user_roles.map(&:role))
+  end
+
+  def edit
+    @user = User.find(params[:user_id])
+    @user_role = UserRole.new(:user_id => @user.id)
+    @roles = Role.lower_than(current_user.user_roles.map(&:role))
+  end
+
+  # session role is being downgraded for the logged-in user
+  def update
+    update_session_role(params[:user_role][:role_id])
+    flash[:notice] = "Current session now has #{Role.find(params[:user_role][:role_id]).name} role"
+    redirect_to new_authengine_session_path
+  end
+
+protected
+
+  def update_session_role(role_id)
+    session[:role].current_role_ids = []
+    session[:role].create(role_id.to_i)
+  end
+end