authentasaurus 0.4.1

data/lib/action_view/authorization.rb

@@ -0,0 +1,123 @@
+# Defines authorization helpers for ActionController
+module ActionView::Authorization
+  
+  def self.included(base) # :nodoc:
+    base.send :include, InstanceMethods
+  end
+  
+  module InstanceMethods
+    private
+    # Returns an object of the current user
+    def current_user(user_model = nil)
+      user_model = User if user_model.nil?
+      return user_model.find session[:user_id] if session[:user_id]
+    end
+    
+    # Checks if the current user is logged in and redirects to the login path if the user is not logged in.
+    # 
+    # If skip_request is set to true, the user won't be redirected to the original url after he/she logs in.
+    def check_logged_in(skip_request = false, user_model = nil)
+      unless is_logged_in?(user_model)
+        login_required skip_request
+      end
+    end
+    
+    # Checks if the current user is logged in and has write permission over the current controller, redirects to no access
+    # page if the user hasn't the permissions and redirects to the login path if the user is not logged in
+    #
+    # If skip_request is set to true, the user won't be redirected to the original url after he/she logs in.
+    def check_write_permissions(skip_request = false, user_model = nil)
+      if is_logged_in?(user_model)
+        user_permissions = session[:user_permissions]
+        check = user_permissions[:write].find { |perm| perm==self.controller_name || perm=="all" }
+        unless check
+          redirect_to no_access_sessions_path
+        end
+      else
+        login_required skip_request
+      end
+    end
+
+    # Checks if the current user is logged in and has read permission over the current controller, redirects to no access
+    # page if the user hasn't the permissions and redirects to the login path if the user is not logged in
+    #
+    # If skip_request is set to true, the user won't be redirected to the original url after he/she logs in.    
+    def check_read_permissions(skip_request = false, user_model = nil)
+      if is_logged_in?(user_model)
+        user_permissions = session[:user_permissions]
+        check = user_permissions[:read].find { |perm| perm==self.controller_name || perm=="all" }
+        unless check
+          redirect_to no_access_sessions_path
+        end
+      else
+        login_required skip_request
+      end
+    end
+    
+    # Checks if the current user is logged in but takes no further action
+    def is_logged_in?(user_model)
+      user_model = User if user_model.nil?
+      unless user_model.find_by_id(session[:user_id])
+        return cookie_login?(user_model)
+      end
+			return true
+    end
+    
+    # Logs in the user through a remember me cookie
+    def cookie_login?(user_model)
+      user_model = User if user_model.nil?
+      
+      if cookies[:remember_me_token]
+        user = user_model.find_by_remember_me_token cookies[:remember_me_token]
+        if user.nil?
+          cookies.delete :remember_me_token
+          return false
+        else
+          session[:user_id] = user.id
+          session[:user_permissions] = {:read => user.permissions.collect{|per| per.area.name if per.read}, :write => user.permissions.collect{|per| per.area.name if per.write}}
+          return true
+        end
+      else
+        return false
+      end
+    end
+    
+    # Redirects the user to the login page
+    #
+    # If skip_request is set to true, the user won't be redirected to the original url after he/she logs in.
+    def login_required(skip_request)
+      unless(skip_request)
+        session[:original_url]=request.url
+      end
+      flash[:notice] = t(:login_required, :scope => [:authentasaurus, :action_controller, :errors, :messages])
+      redirect_to new_session_path
+    end
+    
+    # Checks if the current user has the appropriate permission
+    # 
+    # *ex*: has?(:write) or has?(:read, :users)
+    def has?(permission, area = nil, user_model = User)
+      return false unless is_logged_in? user_model
+      check = false
+      case permission
+      when :write
+        unless area
+          user_permissions = session[:user_permissions]
+          check = user_permissions[:write].find { |perm| perm==self.controller_name || perm=="all" }
+        else
+          user_permissions = session[:user_permissions]
+          check = user_permissions[:write].find { |perm| perm==area.to_s || perm=="all" }
+        end
+      when :read
+        unless area
+          user_permissions = session[:user_permissions]
+          check = user_permissions[:read].find { |perm| perm==self.controller_name || perm=="all" }
+        else
+          user_permissions = session[:user_permissions]
+          check = user_permissions[:read].find { |perm| perm==area.to_s || perm=="all" }
+        end
+      end
+      return check
+    end
+  end
+end

data/lib/active_record/acts_as_authenticatable.rb

@@ -0,0 +1,80 @@
+module ActiveRecord::ActsAsAuthenticatable
+  def self.included(base)
+    base.send :extend, ClassMethods
+    base.send :include, InstanceMethods
+  end
+  
+  module ClassMethods
+    require 'digest/sha1'
+    ## Authenticates the username and password
+    def authenticate(username, password)
+      user=self.find_by_username username
+      if user
+        expected_password=encrypt_password(password, user.password_seed)
+        user = nil unless expected_password == user.hashed_password && user.active
+      end
+      return user
+    end
+    
+    ## Encrypts the password using the given seed
+		def encrypt_password(password, password_seed)
+			pass_to_hash=password + "Securasaurus" + password_seed
+			Digest::SHA1.hexdigest(pass_to_hash)
+		end
+  end
+  
+  module InstanceMethods
+    ## Password attribute (used when creating a user)
+    def password
+      return @password
+    end
+  
+    def password=(pwd)
+      @password = pwd
+      return if pwd.blank?
+      create_salt
+      self.hashed_password = self.class.encrypt_password(@password, self.password_seed)
+    end
+  
+    ## New password attribute (used when editing a user)
+    def new_password
+      return @new_password
+    end
+    
+    def new_password=(pwd)
+      @new_password = pwd
+      return if pwd.blank?
+      create_salt
+      self.hashed_password = self.class.encrypt_password(@new_password, self.password_seed)
+    end
+    
+    def activate
+      self.update_attribute :active, true
+    end
+    
+    def deactivate
+      self.update_attribute :active, false
+    end
+
+    def create_remember_me_token
+      pass_to_hash=Time.now.to_i.to_s + "Securasaurus" + password_seed
+      self.update_attribute :remember_me_token, Digest::SHA1.hexdigest(pass_to_hash)
+      self.remember_me_token
+    end
+    
+    private
+		def new_password_blank? 
+			self.new_password.blank?
+		end
+		
+		## Creates password seed (salt)
+		def create_salt
+			self.password_seed = self.object_id.to_s + rand.to_s
+		end
+		
+		## Dont delete the last user
+		def dont_delete_admin
+		  raise "You cannot delete the last admin" if self.id == 1 || User.count == 1
+	  end
+  end
+end

data/lib/active_record/acts_as_authenticatable_validatable.rb

@@ -0,0 +1,32 @@
+module ActiveRecord::ActsAsAuthenticatableValidatable
+  def self.included(base)
+    base.send :extend, ActiveRecord::ActsAsAuthenticatable::ClassMethods
+    base.send :include, ActiveRecord::ActsAsAuthenticatable::InstanceMethods
+    base.send :extend, ClassMethods
+    base.send :include, InstanceMethods
+  end
+  
+  module ClassMethods
+    ## Authenticates the username and password
+    def authenticate(username, password)
+      user=self.find_by_username username
+      if user
+        expected_password=encrypt_password(password, user.password_seed)
+        user = nil unless expected_password == user.hashed_password && user.active && user.validation.nil?    
+      end
+      return user
+    end
+  end
+  
+  module InstanceMethods
+    private
+		def create_validation
+			unless self.active
+				validation = Validation.new(:user => self, :email => self.email, :validation_code => User.encrypt_password(self.username,self.password_seed))
+				unless validation.save
+					raise "Could not create validation record"
+				end
+			end
+		end
+  end
+end

data/lib/active_record/authenticatable.rb

@@ -0,0 +1,56 @@
+module ActiveRecord::Authenticatable
+  def self.included(base)
+    base.send :extend, ClassMethods
+  end
+  
+  module ClassMethods
+    def authenticatable(*args)
+      options = args.extract_options!
+      args = args.flatten
+      # Associations
+      belongs_to :group
+      has_many :permissions, :through => :group
+      # Validation
+      # basic attributes
+      validates_presence_of :username, :hashed_password, :password_seed, :email, :name
+      validates_uniqueness_of :username, :email
+      validates_format_of :email, :with => %r{[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,4}}
+      # password validations
+      validates_confirmation_of :password, :on => :create
+      validates_presence_of :password, :on => :create
+      validates_length_of :password, :minimum => 6, :on => :create
+      # new password
+      validates_confirmation_of :new_password, :on => :update, :unless => :new_password_blank?
+      validates_length_of :new_password, :minimum => 6, :on => :update, :unless => :new_password_blank?
+      # format of password
+      if args.include?(:strong_password)
+        validates_format_of :password, :with => %r{[a-z]}, :on => :create, :message => :"authenticatable.lower_case_password"
+        validates_format_of :password, :with => %r{[A-Z]}, :on => :create, :message => :"authenticatable.upper_case_password"
+        validates_format_of :password, :with => %r{[0-9]}, :on => :create, :message => :"authenticatable.digit_password"
+        validates_format_of :password, :with => %r{[@$%!&]}, :on => :create, :message => :"authenticatable.symbol_password"
+        # new password
+        validates_format_of :new_password, :with => %r{[a-z]}, :on => :update, :message => :"authenticatable.lower_case_password", :unless => :new_password_blank?
+        validates_format_of :new_password, :with => %r{[A-Z]}, :on => :update, :message => :"authenticatable.upper_case_password", :unless => :new_password_blank?
+        validates_format_of :new_password, :with => %r{[0-9]}, :on => :update, :message => :"authenticatable.digit_password", :unless => :new_password_blank?
+        validates_format_of :new_password, :with => %r{[@$%!&]}, :on => :update, :message => :"authenticatable.symbol_password", :unless => :new_password_blank?
+      end
+      
+      # Accessors
+      attr_accessor :password_confirmation, :new_password_confirmation
+      
+      # dont delete admin
+      before_destroy :dont_delete_admin
+      
+      #validation
+      if args.include?(:validatable)
+        has_one :validation, :as => :user
+        before_create :create_validation
+        # include authentication methods including validation
+        include ActiveRecord::ActsAsAuthenticatableValidatable
+      else
+        # include authentication methods
+        include ActiveRecord::ActsAsAuthenticatable
+      end
+    end
+  end
+end

data/lib/active_resource/acts_as_authenticatable.rb

@@ -0,0 +1,42 @@
+module ActiveResource::ActsAsAuthenticatable
+  def self.included(base)
+    base.send :extend, ClassMethods
+    base.send :include, InstanceMethods
+  end
+  
+  module ClassMethods
+    ## Authenticates the username and password
+    def authenticate(username, password)
+      
+      if self.sync_to
+        user = self.new Hash.from_xml(self.post(:signin,:username => username, :password => password).body).values.first
+      end
+      
+      unless user.nil?
+        if self.sync && !self.sync_to.nil?
+          last_update = user.attributes.delete "updated_at"
+          local_user = self.sync_to.find_or_initialize_by_username user.username, user.attributes
+          
+          if local_user.updated_at < last_update
+            local_user.update_attributes user.attributes            
+          end
+        end
+      end
+      return user
+    end
+  end
+  
+  module InstanceMethods
+    def sync
+      if self.class.sync && !self.class.sync_to.nil?
+        user = self.dup
+        last_update = user.attributes.delete "updated_at"
+        local_user = self.class.sync_to.find_or_initialize_by_username user.username, user.attributes
+        
+        local_user.update_attributes user.attributes            
+      else
+        false
+      end
+    end
+  end
+end

data/lib/active_resource/authenticatable.rb

@@ -0,0 +1,22 @@
+require 'active_resource/acts_as_authenticatable'
+module ActiveResource::Authenticatable
+  def self.included(base)
+    base.send :extend, ClassMethods
+  end
+  
+  module ClassMethods
+    
+    def authenticatable(*args)
+      options = args.extract_options!
+      
+      self.site = options[:site] || AUTHENTASAURUS[:modules][:remote][self.name.underscore.gsub(/_sync/, "").to_sym][:site]
+      self.element_name = options[:session_element].try(:to_s) || AUTHENTASAURUS[:modules][:remote][self.name.underscore.gsub(/_sync/, "").to_sym][:session_element]
+      self.sync = options[:sync] || AUTHENTASAURUS[:modules][:remote][self.name.underscore.gsub(/_sync/, "").to_sym][:sync]
+      self.sync_to = options[:sync_to].try(:to_s).try(:camelize).try(:constantize) #|| AUTHENTASAURUS[:modules][:remote][self.name.underscore.gsub(/_sync/, "").to_sym][:sync_to].camelize.constantize
+      
+    
+      # include authentication methods
+      include ActiveResource::ActsAsAuthenticatable
+    end
+  end
+end

data/lib/authentasaurus.rb

@@ -0,0 +1,21 @@
+module Authentasaurus
+  def self.evaluate_method(method, *args, &block)
+    case method
+      when Symbol
+        object = args.shift
+        object.send(method, *args, &block)
+      when String
+        eval(method, args.first.instance_eval { binding })
+      when Proc, Method
+        method.call(*args, &block)
+      else
+        if method == true || method == false
+          return method
+        else
+          raise ArgumentError,
+            "Callbacks must be a symbol denoting the method to call, a string to be evaluated, " +
+            "a block to be invoked, or a condition."
+        end
+    end
+  end
+end

data/lib/authentasaurus/areas_controller.rb

@@ -0,0 +1,71 @@
+class Authentasaurus::AreasController < Authentasaurus::AuthentasaurusController
+	
+	def index
+		@areas= Area.find :all
+		
+		respond_to do |format|
+			format.html
+		end
+	end
+	
+	def show
+		@area = Area.find params[:id]
+		
+		respond_to do |format|
+			format.html
+		end
+	end
+	
+	def new
+		@area = Area.new
+		
+		respond_to do |format|
+			format.html
+		end
+	end
+	
+	def create
+		@area = Area.new params[:area]
+		
+		respond_to do |format|
+			if @area.save
+				flash.now[:notice] = "Area created" 
+				format.html { redirect_to :action=>:index }
+			else
+				flash.now[:notice] = "Error creating area"
+				format.html { render :new }
+			end
+		end
+	end
+	
+	def edit
+		@area = Area.find params[:id]
+		
+		respond_to do |format|
+			format.html
+		end
+	end
+	
+	def update
+		@area = Area.find params[:id]
+		
+		respond_to do |format|
+			if @area.update_attributes(params[:area])
+				flash.now[:notice] = "Area updated"
+				format.html { redirect_to @area }
+			else
+				flash.now[:notice] = "Error updating area"
+				format.html { render :edit }
+			end
+		end
+	end
+	
+	def destroy
+		@area = Area.find params[:id]
+		@area.destroy
+		
+		respond_to do |format|
+			format.html { redirect_to :action=>:index }
+		end
+	end
+end