authenticate 0.1.0

data/lib/authenticate/model/trackable.rb

@@ -0,0 +1,43 @@
+require 'authenticate/callbacks/trackable'
+
+module Authenticate
+  module Model
+
+    # Track information about your user sign ins. This module is always enabled.
+    #
+    # == Columns
+    # This module expects and tracks the following columns on your user model:
+    # - sign_in_count - increase every time a sign in is made
+    # - current_sign_in_at - a timestamp updated at each sign in
+    # - last_sign_in_at - a timestamp of the previous sign in
+    # - current_sign_in_ip - the remote ip address of the user at sign in
+    # - previous_sign_in_ip - the remote ip address of the previous sign in
+    #
+    module Trackable
+      extend ActiveSupport::Concern
+
+      def self.required_fields(klass)
+        [:current_sign_in_at, :current_sign_in_ip, :last_sign_in_at, :last_sign_in_ip, :sign_in_count]
+      end
+
+      def update_tracked_fields(request)
+        old_current, new_current = self.current_sign_in_at, Time.now.utc
+        self.last_sign_in_at     = old_current || new_current
+        self.current_sign_in_at  = new_current
+
+        old_current, new_current = self.current_sign_in_ip, request.remote_ip
+        self.last_sign_in_ip     = old_current || new_current
+        self.current_sign_in_ip  = new_current
+
+        self.sign_in_count ||= 0
+        self.sign_in_count += 1
+      end
+
+      def update_tracked_fields!(request)
+        update_tracked_fields(request)
+        save(validate: false)
+      end
+
+    end
+  end
+end

data/lib/authenticate/model/username.rb

@@ -0,0 +1,45 @@
+module Authenticate
+  module Model
+
+    module Username
+      extend ActiveSupport::Concern
+
+      def self.required_fields(klass)
+        [:username]
+      end
+
+      included do
+        before_validation :normalize_username
+        validates :username,
+                  presence: true,
+                  uniqueness: { allow_blank: true }
+      end
+
+      module ClassMethods
+        def credentials(params)
+          [params[:session][:username], params[:session][:password]]
+        end
+
+        def authenticate(credentials)
+          user = find_by_credentials(credentials)
+          user && user.password_match?(credentials[1]) ? user : nil
+        end
+
+        def find_by_credentials(credentials)
+          username = credentials[0]
+          find_by_username normalize_username(username)
+        end
+
+        def normalize_username(username)
+          username.to_s.downcase.gsub(/\s+/, '')
+        end
+      end
+
+      def normalize_username
+        self.username = self.class.normalize_username(username)
+      end
+
+    end
+
+  end
+end

data/lib/authenticate/modules.rb

@@ -0,0 +1,61 @@
+module Authenticate
+  module Modules
+    extend ActiveSupport::Concern
+
+    # Methods to help your user model load Authenticate modules
+    module ClassMethods
+
+      def load_modules
+        constants = []
+        Authenticate.configuration.modules.each do |mod|
+          puts "load_modules about to load #{mod.to_s}"
+          require "authenticate/model/#{mod.to_s}" if mod.is_a?(Symbol)
+          mod = load_constant(mod) if mod.is_a?(Symbol)
+          constants << mod
+        end
+        check_fields constants
+        constants.each { |mod|
+          include mod
+        }
+      end
+
+      private
+
+      def load_constant module_symbol
+        Authenticate::Model.const_get(module_symbol.to_s.classify)
+      end
+
+      # For each module, look at the fields it requires. Ensure the User
+      # model including the module has the required fields. If it does not
+      # have all required fields, huck an exception.
+      def check_fields modules
+        failed_attributes = []
+        instance = self.new
+        modules.each do |mod|
+          if mod.respond_to?(:required_fields)
+            mod.required_fields(self).each do |field|
+              failed_attributes << field unless instance.respond_to?(field)
+            end
+          end
+        end
+
+        if failed_attributes.any?
+          fail MissingAttribute.new(failed_attributes)
+        end
+      end
+
+    end
+
+    class MissingAttribute < StandardError
+      def initialize(attributes)
+        @attributes = attributes
+      end
+
+      def message
+        "The following attribute(s) is (are) missing on your model: #{@attributes.join(", ")}"
+      end
+    end
+
+  end
+end
+

data/lib/authenticate/session.rb

@@ -0,0 +1,123 @@
+require 'authenticate/login_status'
+require 'authenticate/debug'
+
+module Authenticate
+  class Session
+    include Debug
+
+    attr_accessor :request
+
+    def initialize(request, cookies)
+      @request = request # trackable module accesses request
+      @cookies = cookies
+      @session_token = @cookies[cookie_name]
+      d 'SESSION initialize: @session_token: ' + @session_token.inspect
+    end
+
+    # consecutive_failed_logins_limit
+    # timeout - time elapsed since last thingy. last_access_at column
+    # max session lifetime
+    # confirmation / awaiting confirmation
+    # reset password
+    # change password
+    # trackable - sign_in_count, last_sign_in_at, last_sign_in_ip
+
+
+    # Finish user login process, *after* the user has been authenticated.
+    # Called when user creates an account or signs back into the app.
+    #
+    # @return [User]
+    def login(user, &block)
+      d 'session.login()'
+      @current_user = user
+      d "session.login @current_user: #{@current_user.inspect}"
+      # todo extract token gen to two different strategies
+      @current_user.generate_session_token if user.present?
+
+      message = catch(:failure) do
+        Authenticate.lifecycle.run_callbacks(:after_set_user, @current_user, self, { event: :authentication })
+        Authenticate.lifecycle.run_callbacks(:after_authentication, @current_user, self, { event: :authentication })
+      end
+
+      d "session.login after lifecycle callbacks, message: #{message}"
+      status = message.present? ? Failure.new(message) : Success.new
+      if status.success?
+        @current_user.save
+        write_cookie if @current_user.session_token
+      else
+        @current_user = nil
+      end
+
+      if block_given?
+        block.call(status)
+      end
+    end
+
+
+    # Get the user represented by this session.
+    #
+    # @return [User]
+    def current_user
+      d 'session.current_user'
+      if @session_token.present?
+        @current_user ||= load_user
+      end
+      @current_user
+    end
+
+    # Has this session successfully authenticated?
+    #
+    # @return [Boolean]
+    def authenticated?
+      d 'session.authenticated?'
+      current_user.present?
+    end
+
+
+    # Invalidate the session token, unset the current user and remove the cookie.
+    #
+    # @return [void]
+    def deauthenticate
+      # nuke session_token in db
+      if current_user.present?
+        current_user.reset_session_token!
+      end
+
+      # nuke notion of current_user
+      @current_user = nil
+
+      # # nuke cookie
+      @cookies.delete cookie_name
+    end
+
+    protected
+
+    def user_loaded?
+      !@current_user.present?
+    end
+
+    private
+
+    def write_cookie
+      cookie_hash = {
+          httponly: true,
+          value: @current_user.session_token,
+          expires: Authenticate.configuration.cookie_expiration.call
+      }
+      cookie_hash[:domain] = Authenticate.configuration.cookie_domain if Authenticate.configuration.cookie_domain
+      # @cookies.signed[cookie_name] = cookie_hash
+      @cookies[cookie_name] = cookie_hash
+      d 'session.write_cookie WROTE COOKIE I HOPE. Cookie guts:' + @cookies[cookie_name].inspect
+    end
+
+    def cookie_name
+      Authenticate.configuration.cookie_name.freeze.to_sym
+    end
+
+    def load_user
+      Authenticate.configuration.user_model_class.where(session_token: @session_token).first
+    end
+
+  end
+end
+

data/lib/authenticate/token.rb

@@ -0,0 +1,7 @@
+module Authenticate
+  class Token
+    def self.new
+      SecureRandom.hex(20).encode('UTF-8')
+    end
+  end
+end

data/lib/authenticate/user.rb

@@ -0,0 +1,50 @@
+require 'authenticate/configuration'
+require 'authenticate/token'
+require 'authenticate/callbacks/authenticatable'
+
+module Authenticate
+
+  # Required to be included in your configued user class, which is `User` by
+  # default, but can be changed with {Configuration#user_model=}.
+  #
+  #   class User
+  #     include Authenticate::User
+  #     # ...
+  #   end
+  #
+  # To change the user class from the default User, assign it :
+  #
+  #   Authenticate.configure do |config|
+  #     config.user_model = 'MyPackage::Gundan'
+  #   end
+  #
+  # The fields and methods included by Authenticate::User will depend on what modules you have included in your
+  # configuration. When your user class is loaded, User will load any modules at that time. If you have another
+  # initializer that loads User before Authenticate's initializer has run, this may cause interfere with the
+  # configuration of your user.
+  #
+  # Every user will have two methods to manage session tokens:
+  # - generate_session_token - generates and sets the Authenticate session token
+  # - reset_session_token! - calls generate_session_token and save! immediately
+  #
+  module User
+    extend ActiveSupport::Concern
+
+    included do
+      include Modules
+      load_modules
+    end
+
+    def generate_session_token
+      self.session_token = Authenticate::Token.new
+      # puts 'User.generate_session_token session_token:' + self.session_token.to_s
+    end
+
+    def reset_session_token!
+      generate_session_token
+      save validate: false
+    end
+
+  end
+end
+

data/lib/authenticate/version.rb

@@ -0,0 +1,3 @@
+module Authenticate
+  VERSION = '0.1.0'
+end

data/lib/tasks/authenticate_tasks.rake

@@ -0,0 +1,4 @@
+# desc "Explaining what the task does"
+# task :authenticate do
+#   # Task goes here
+# end

data/spec/configuration_spec.rb

@@ -0,0 +1,60 @@
+require 'spec_helper'
+
+describe Authenticate::Configuration do
+  after {restore_default_configuration}
+
+  context 'when no user_model_name is specified' do
+    before do
+      Authenticate.configure do |config|
+      end
+    end
+
+    it 'defaults to User' do
+      expect(Authenticate.configuration.user_model).to eq '::User'
+      expect(Authenticate.configuration.user_model_class).to eq ::User
+    end
+  end
+
+  context 'with a customer user_model' do
+    before do
+      MyUser = Class.new
+      Authenticate.configure do |config|
+        config.user_model = 'MyUser'
+      end
+    end
+
+    it 'is used instead of User' do
+      expect(Authenticate.configuration.user_model_class).to eq MyUser
+    end
+  end
+
+  describe '#authentication_strategy' do
+    context 'with no strategy set' do
+      it 'defaults to email' do
+        expect(Authenticate.configuration.authentication_strategy).to eq :email
+      end
+      it 'includes email in modules' do
+        expect(Authenticate.configuration.modules).to include :email
+      end
+      it 'does not include username in modules' do
+        expect(Authenticate.configuration.modules).to_not include :username
+      end
+    end
+
+    context 'with strategy set to username' do
+      before do
+        Authenticate.configure do |config|
+          config.authentication_strategy = :username
+        end
+      end
+      it 'includes username in modules' do
+        expect(Authenticate.configuration.modules).to include :username
+      end
+      it 'does not include email in modules' do
+        expect(Authenticate.configuration.modules).to_not include :email
+      end
+    end
+
+  end
+
+end

data/spec/dummy/README.rdoc

@@ -0,0 +1,28 @@
+== README
+
+This README would normally document whatever steps are necessary to get the
+application up and running.
+
+Things you may want to cover:
+
+* Ruby version
+
+* System dependencies
+
+* Configuration
+
+* Database creation
+
+* Database initialization
+
+* How to run the test suite
+
+* Services (job queues, cache servers, search engines, etc.)
+
+* Deployment instructions
+
+* ...
+
+
+Please feel free to use a different markup language if you do not plan to run
+<tt>rake doc:app</tt>.

data/spec/dummy/Rakefile

@@ -0,0 +1,6 @@
+# Add your own tasks in files placed in lib/tasks ending in .rake,
+# for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
+
+require File.expand_path('../config/application', __FILE__)
+
+Rails.application.load_tasks