authentasaurus 0.4.1

data/lib/authentasaurus/authentasaurus_controller.rb

@@ -0,0 +1,2 @@
+class Authentasaurus::AuthentasaurusController < ApplicationController
+end

data/lib/authentasaurus/groups_controller.rb

@@ -0,0 +1,73 @@
+class Authentasaurus::GroupsController < Authentasaurus::AuthentasaurusController
+	
+	def index
+		@groups = Group.find :all
+		
+		respond_to do |format|
+			format.html
+		end
+	end
+	
+	def show
+		@group = Group.find params[:id]
+		
+		respond_to do |format|
+			format.html
+		end
+	end
+	
+	def new
+		@group = Group.new
+		
+		respond_to do |format|
+			format.html
+		end
+	end
+	
+	def create
+		@group = Group.new params[:group]
+		
+		respond_to do |format|
+			if @group.save
+				flash.now[:notice] = "Group created"
+				format.html { redirect_to :action=>:index }
+			else
+				flash.now[:notice] = "Error creating group"
+				format.html { render :new }
+			end
+		end
+	end
+	
+	def edit
+		@group = Group.find params[:id]
+		
+		respond_to do |format|
+			format.html
+		end
+	end
+	
+	def update
+		@group = Group.find params[:id]
+		
+		respond_to do |format|
+			if @group.update_attributes(params[:group])
+				flash.now[:notice] = "Group updated"
+				format.html { redirect_to @group }
+			else
+				flash.now[:notice] = "Error updating group"
+				format.html { render :edit }
+			end
+		end
+		
+	end
+	
+	def destroy
+		@group = Group.find params[:id]
+		@group.destroy
+		
+		respond_to do |format|
+			format.html { redirect_to :action=>:index }
+		end	
+	end
+	
+end

data/lib/authentasaurus/models/area.rb

@@ -0,0 +1,8 @@
+class Authentasaurus::Models::Area < ActiveRecord::Base
+  has_many :permissions, :dependent => :destroy
+  has_many :groups, :through => :permissions
+
+  # Check that everything is there
+  validates_presence_of :name
+  
+end

data/lib/authentasaurus/models/authentasaurus_emailer.rb

@@ -0,0 +1,31 @@
+class Authentasaurus::Models::AuthentasaurusEmailer < ActionMailer::Base
+  def validation_mail(name, email, validation_code, sent_at = Time.now)
+    subject    AUTHENTASAURUS[:modules][:validatable][:mail_subject]
+    recipients email
+    from       AUTHENTASAURUS[:modules][:validatable][:mail_from]
+    sent_on    sent_at
+    
+    body       :name => name, :vcode => validation_code
+    content_type "text/html"
+  end
+  
+  def recovery_mail(user, token, sent_at = Time.now)
+    subject    AUTHENTASAURUS[:modules][:recoverable][:mail_subject]
+    recipients user.email
+    from       AUTHENTASAURUS[:modules][:recoverable][:mail_from] # dont forget to change me
+    sent_on    sent_at
+    
+    body       :name => user.name, :token => token
+    content_type "text/html"
+  end
+  
+  def invitation_mail(email, token, sent_at = Time.now)
+    subject   AUTHENTASAURUS[:modules][:invitable][:mail_subject]
+    recipients email
+    from       AUTHENTASAURUS[:modules][:invitable][:mail_from]
+    sent_on    sent_at
+    
+    body       :token => token
+    content_type "text/html"
+  end
+end

data/lib/authentasaurus/models/group.rb

@@ -0,0 +1,8 @@
+class Authentasaurus::Models::Group < ActiveRecord::Base
+  has_many :permissions, :dependent => :destroy
+  has_many :areas, :through => :permissions
+
+  # Check that everything is there
+  validates_presence_of :name
+  
+end

data/lib/authentasaurus/models/permission.rb

@@ -0,0 +1,9 @@
+class Authentasaurus::Models::Permission < ActiveRecord::Base
+  belongs_to :group
+  belongs_to :area
+
+  # Check that everything is there
+  validates_presence_of :group_id,:area_id,:read,:write
+  # Check foreign keys
+  validates_associated :group, :area
+end

data/lib/authentasaurus/models/recovery.rb

@@ -0,0 +1,23 @@
+class Authentasaurus::Models::Recovery < ActiveRecord::Base
+  require "digest/sha1"
+	belongs_to :user
+	
+	before_validation_on_create :make_token!
+	before_save :send_recovery
+	
+	named_scope :valid, lambda { { :conditions => ["updated_at <= ?", AUTHENTASAURUS[:modules][:recoverable][:token_expires_after].days.from_now] } }
+	
+	validates_uniqueness_of :user_id
+	validates_presence_of :email
+	validates_presence_of :user_id, :message => :"recovery.user_id.blank"
+	validates_format_of :email, :with => %r{[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,4}}
+	
+	
+	def make_token!
+		self.token = Digest::SHA1.hexdigest "#{Time.now.to_i} #{rand} #{self.email}"
+	end
+	
+	def send_recovery
+		AuthentasaurusEmailer.deliver_recovery_mail(self.user, self.token) if AUTHENTASAURUS[:modules][:recoverable][:send_email]
+	end
+end

data/lib/authentasaurus/models/session.rb

@@ -0,0 +1,63 @@
+# This class represents a session model, a session authenticates a username and a password.
+#
+# A session behaves just like an ActiveRecord model
+class Authentasaurus::Models::Session
+  attr_accessor :username, :password, :remember
+  attr_accessor :errors
+  attr_reader :user
+  
+  # Takes a hash of attributes keys and values just like ActiveRecord models
+  def initialize(attributes = nil)
+    self.errors = ActiveRecord::Errors.new(self)
+    if attributes
+      attributes.each do |key,value|
+        send(key.to_s + '=', value)
+      end
+    else
+      self.remember = false
+    end
+  end
+  
+  # Authenticates the information saved in the attributes
+  # Returns true or false
+  def save(*session_types)
+    session_types = session_types.flatten
+    
+    if session_types.empty?
+      session_types = [:user]
+    end
+    
+    ret = true
+    session_types.each do |type|
+      @user = type.to_s.camelize.constantize.authenticate(self.username, self.password)
+      if @user.nil?
+        self.errors.add_to_base I18n.t(:invalid_login, :scope => [:authentasaurus, :messages, :sessions]) 
+        ret &= false
+      else
+        @user.create_remember_me_token if self.remember == "1"
+        ret = true
+        break
+      end
+    end
+    ret
+  end
+  
+  # Takes a hash of attributes keys and values just like new and authenticates the information.
+  # Returns true or false
+  def self.create(*attrs)
+    attributes = attrs.extract_options!
+    attrs = attrs.flatten
+    self_obj = self.new attributes
+    self_obj.save(attrs)
+    return self_obj
+  end
+  
+  def new_record? #:nodoc:
+    true
+  end
+  
+  # Takes an id (usually from an ActiveController session) and returns a User object
+  def self.current_user(id, session_type = :user)
+    session_type.to_s.camelize.constantize.find id
+  end
+end

data/lib/authentasaurus/models/user_invitation.rb

@@ -0,0 +1,21 @@
+class Authentasaurus::Models::UserInvitation < ActiveRecord::Base
+  require 'digest/sha1'
+  validates_presence_of :email
+  validates_uniqueness_of :email, :scope => :token
+  validates_format_of :email, :with => %r{[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,4}}
+  
+  before_validation :create_token
+  #send email
+  after_create :send_invitation
+
+  def send_invitation
+    AuthentasaurusEmailer.deliver_invitation_mail(self.email, self.token) if AUTHENTASAURUS[:modules][:invitable][:send_email]
+  end
+  
+  private
+  def create_token
+    return if self.email.nil? || self.email.blank?
+    string_to_hash=self.email + "invitable.olation" + self.email.hash.to_s
+		self.token = Digest::SHA1.hexdigest(string_to_hash)
+  end
+end

data/lib/authentasaurus/models/validation.rb

@@ -0,0 +1,18 @@
+class Authentasaurus::Models::Validation < ActiveRecord::Base
+  belongs_to :user, :polymorphic => true
+  
+  # Check that everything is there
+  validates_presence_of :user_id, :validation_code, :user_type, :email
+  # Check foreign keys
+  validates_associated :user
+  # Check unique user
+  validates_uniqueness_of :user_id, :scope => [:user_type, :email]
+  validates_uniqueness_of :validation_code
+
+  #send email
+  after_create :send_validation
+
+  def send_validation
+    AuthentasaurusEmailer.deliver_validation_mail(self.user.name, self.email, self.validation_code) if AUTHENTASAURUS[:modules][:validatable][:send_email]
+  end
+end

data/lib/authentasaurus/permissions_controller.rb

@@ -0,0 +1,71 @@
+class Authentasaurus::PermissionsController < Authentasaurus::AuthentasaurusController
+	
+	def index
+		@permissions = Permission.find :all
+		
+		respond_to do |format|
+			format.html
+		end
+	end
+	
+	def show
+		@permission = Permission.find params[:id]
+		
+		respond_to do |format|
+			format.html
+		end
+	end
+	
+	def new
+		@permission = Permission.new
+		
+		respond_to do |format|
+			format.html
+		end
+	end
+	
+	def create
+		@permission = Permission.new params[:permission]
+		
+		respond_to do |format|
+			if @permission.save
+				flash.now[:notice] = "Permission created"
+				format.html { redirect_to :action=>:index }
+			else
+				flash.now[:notice] = "Error creating permission"
+				format.html { render :new }
+			end
+		end
+	end
+	
+	def edit
+		@permission = Permission.find params[:id]
+		
+		respond_to do |format|
+			format.html
+		end
+	end
+	
+	def update
+		@permission = Permission.find params[:id]
+		
+		respond_to do |format|
+			if @permission.update_attributes(params[:permission])
+				flash.now[:notice] = "Permission updated"
+				format.html { redirect_to @permission }
+			else
+				flash.now[:notice] = "Error updating permission"
+				format.html { render :edit }
+			end
+		end
+	end
+	
+	def destroy
+		@permssion = Permission.find params[:id]
+		@permission.destroy()
+		
+		respond_to do |format|
+			format.html { redirect_to :action=>:index }
+		end
+	end
+end

data/lib/authentasaurus/recoveries_controller.rb

@@ -0,0 +1,59 @@
+class Authentasaurus::RecoveriesController < Authentasaurus::AuthentasaurusController
+  def new
+    @recovery = Recovery.new
+    
+    respond_to do |format|
+      format.html
+    end
+  end
+  
+  def create
+    @recovery = Recovery.find_or_initialize_by_email :email => params[:recovery][:email]
+    
+    if @recovery.new_record?
+      @recovery.user = User.find_by_email @recovery.email
+    end
+    
+    respond_to do |format|
+      if @recovery.save
+        @recovery.touch
+        format.html { redirect_to new_session_path, :notice => t(:recovery_email_sent, :scope => [:authentasaurus, :messages, :recoveries], :email => @recovery.email) }
+      else
+        format.html {render :new}
+      end
+    end  
+  end
+
+  def edit
+    @recovery = Recovery.valid.find_by_token(params[:token])
+    
+    respond_to do |format|
+	    unless @recovery.nil?
+	    	@user = @recovery.user
+	    	format.html
+	  	else
+	    	format.html { redirect_to new_session_path, :alert => t(:recovery_failed, :scope => [:authentasaurus, :messages, :recoveries], :email => params[:email]) }
+	  	end
+  	end
+  end
+  
+  def destroy
+    @recovery = Recovery.find_by_token params[:token]
+    @user = @recovery.user
+		
+		respond_to do |format|
+			empty_fields = params[:user].select { |key, value| value.blank? }
+			if !empty_fields.empty?
+				empty_fields.each do |f|
+					@user.errors.add_to_base t(:recovery_field_blank, :scope => [:authentasaurus, :messages, :recoveries], :field => f.first.humanize)
+				end
+				format.html { render :edit }
+			elsif @user.update_attributes params[:user]
+				@recovery.destroy
+				format.html { redirect_to new_session_path, :notice => t(:recovery_successful, :scope => [:authentasaurus, :messages, :recoveries], :email => params[:email]) }
+			else
+				format.html { render :edit, :alert => t(:recovery_failed, :scope => [:authentasaurus, :messages, :recoveries], :email => params[:email]) }
+			end
+		end
+  end
+end

data/lib/authentasaurus/registrations_controller.rb

@@ -0,0 +1,32 @@
+class Authentasaurus::RegistrationsController < Authentasaurus::AuthentasaurusController
+  def new
+    @user = User.new
+    @user_invitation = UserInvitation.find_by_token params[:token]
+    
+    respond_to do |format|
+      if @user_invitation.nil?
+        format.html {redirect_to new_session_path, :alert => t(:invalid_invitation_token, :scope => [:authentasaurus, :messages, :user_invitations])}
+      else
+        @user.email = @user_invitation.email
+        format.html
+      end
+    end
+  end
+
+  def create
+    @user = User.new params[:user]
+    user_invitation = UserInvitation.find_by_token params[:token]
+    
+    respond_to do |format|
+      unless user_invitation.nil?
+        if @user.save
+          format.html {redirect_to new_session_path}
+        else
+          format.html {render :new}
+        end
+      else
+        format.html {render :new, :alert => t(:invalid_invitation_token, :scope => [:authentasaurus, :messages, :user_invitations])}
+      end
+    end
+  end
+end

data/lib/authentasaurus/sessions_controller.rb

@@ -0,0 +1,45 @@
+class Authentasaurus::SessionsController < Authentasaurus::AuthentasaurusController
+  before_filter :check_is_logged_in, :except => :destroy
+
+  def new
+    @session = Session.new
+    
+    respond_to do |format|
+      format.html
+    end
+  end
+  
+  def create
+    @session = Session.new params[:session]
+    
+    respond_to do |format|
+      if @session.save
+        if @session.remember == "1"
+          cookies.signed.permanent[:remember_me_token] = @session.user.remember_me_token
+        end
+        session[:user_id] = @session.user.id
+        session[:user_permissions] =   {:read => @session.user.permissions.collect{|per| per.area.name if per.read}, :write => @session.user.permissions.collect{|per| per.area.name if per.write}}
+        format.html { redirect_to session[:original_url] || root_url }
+      else
+        format.html { render :action => :new }
+      end
+    end
+    
+  end
+  
+  def destroy
+    session[:user_id] = nil
+    session[:user_permissions] = nil
+    cookies.delete :remember_me_token
+    
+    respond_to do |format|
+      format.html { redirect_to :action => :new }
+    end
+  end
+  
+  private
+  def check_is_logged_in
+    redirect_to root_path if session[:user_id]
+  end
+
+end