authentication-service 0.0.1.a1

data/.gitignore

@@ -0,0 +1,4 @@
+*.gem
+.bundle
+Gemfile.lock
+pkg/*

data/.rspec

@@ -0,0 +1,2 @@
+--color
+--format progress

data/.rvmrc

@@ -0,0 +1,83 @@
+#!/usr/bin/env bash
+
+# This is an RVM Project .rvmrc file, used to automatically load the ruby
+# development environment upon cd'ing into the directory
+
+# First we specify our desired <ruby>[@<gemset>], the @gemset name is optional,
+# Only full ruby name is supported here, for short names use:
+#     echo "rvm use 1.9.3" > .rvmrc
+environment_id="ruby-1.9.3-p0@auth-svc"
+
+#
+# Uncomment the following lines if you want to verify rvm version per project
+#
+# rvmrc_rvm_version="1.10.2" # 1.10.1 seams as a safe start
+# eval "$(echo ${rvm_version}.${rvmrc_rvm_version} | awk -F. '{print "[[ "$1*65536+$2*256+$3" -ge "$4*65536+$5*256+$6" ]]"}' )" || {
+#   echo "This .rvmrc file requires at least RVM ${rvmrc_rvm_version}, aborting loading."
+#   return 1
+# }
+#
+
+#
+# Uncomment following line if you want options to be set only for given project.
+#
+# PROJECT_JRUBY_OPTS=( --1.9 )
+#
+# The variable PROJECT_JRUBY_OPTS requires the following to be run in shell:
+#
+#    chmod +x ${rvm_path}/hooks/after_use_jruby_opts
+#
+
+#
+# First we attempt to load the desired environment directly from the environment
+# file. This is very fast and efficient compared to running through the entire
+# CLI and selector. If you want feedback on which environment was used then
+# insert the word 'use' after --create as this triggers verbose mode.
+#
+if [[ -d "${rvm_path:-$HOME/.rvm}/environments" \
+  && -s "${rvm_path:-$HOME/.rvm}/environments/$environment_id" ]]
+then
+  \. "${rvm_path:-$HOME/.rvm}/environments/$environment_id"
+
+  if [[ -s "${rvm_path:-$HOME/.rvm}/hooks/after_use" ]]
+  then
+    . "${rvm_path:-$HOME/.rvm}/hooks/after_use"
+  fi
+else
+  # If the environment file has not yet been created, use the RVM CLI to select.
+  if ! rvm --create  "$environment_id"
+  then
+    echo "Failed to create RVM environment '${environment_id}'."
+    return 1
+  fi
+fi
+
+#
+# If you use an RVM gemset file to install a list of gems (*.gems), you can have
+# it be automatically loaded. Uncomment the following and adjust the filename if
+# necessary.
+#
+# filename=".gems"
+# if [[ -s "$filename" ]]
+# then
+#   rvm gemset import "$filename" | grep -v already | grep -v listed | grep -v complete | sed '/^$/d'
+# fi
+
+# If you use bundler, this might be useful to you:
+# if [[ -s Gemfile ]] && ! command -v bundle >/dev/null
+# then
+#   printf "%b" "The rubygem 'bundler' is not installed. Installing it now.\n"
+#   gem install bundler
+# fi
+# if [[ -s Gemfile ]] && command -v bundle
+# then
+#   bundle install
+# fi
+
+if [[ $- == *i* ]] # check for interactive shells
+then
+    echo "Using: $(tput setaf 2)$GEM_HOME$(tput sgr0)" # show the user the ruby and gemset they are using in green
+else 
+	echo "Using: $GEM_HOME" # don't use colors in interactive shells
+fi
+

data/Gemfile

@@ -0,0 +1,4 @@
+source "http://rubygems.org"
+
+# Specify your gem's dependencies in authentication-service.gemspec
+gemspec

data/Rakefile

@@ -0,0 +1 @@
+require "bundler/gem_tasks"

data/authentication-service.gemspec

@@ -0,0 +1,22 @@
+# -*- encoding: utf-8 -*-
+$:.push File.expand_path("../lib", __FILE__)
+require "authentication-service/version"
+
+Gem::Specification.new do |s|
+  s.name        = "authentication-service"
+  s.version     = AuthenticationService::VERSION
+  s.authors     = ["Evgeny Myasishchev"]
+  s.email       = ["evgeny.myasishchev@gmail.com"]
+  s.homepage    = ""
+  s.summary     = %q{Authentication service for Rails (and not only)}
+  s.description = %q{Provides authentication related stuff.}
+
+  s.rubyforge_project = "authentication-service"
+
+  s.files         = `git ls-files`.split("\n")
+  s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
+  s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
+  s.require_paths = ["lib"]
+
+  s.add_development_dependency "rspec"
+end

data/lib/authentication-service/account.rb

@@ -0,0 +1,17 @@
+require 'digest/sha2'
+
+class AuthenticationService::Account
+  attr_reader :account_id
+  attr_accessor :email, :password_hash
+
+  def initialize(account_id, email, password_hash)
+    @account_id, @email, @password_hash = account_id, email, password_hash
+  end
+
+  class << self
+
+    def hash_for_password(password)
+      Digest::SHA512.hexdigest(password)
+    end
+  end
+end

data/lib/authentication-service/base.rb

@@ -0,0 +1,41 @@
+class AuthenticationService::Base
+  attr_reader :accounts_repository, :sessions_repository
+  
+  def initialize(accounts_repository, sessions_repository)
+    @accounts_repository = accounts_repository
+    @sessions_repository = sessions_repository
+  end
+  
+  def register_account(email, password)
+    accounts_repository.create(email, password)
+  end
+  
+  #
+  # Returns Session instance if it exists and is valid
+  #
+  def authenticate_by_session_id(session_id, ip_address)
+    session = sessions_repository.find_by_session_id(session_id)
+    return nil unless session
+    return nil unless session.ip_address == ip_address
+    sessions_repository.touch session.session_id
+    return session
+  end
+  
+  #
+  # Validates login/password and returns new Session instance
+  # Login is email
+  #
+  def authenticate_by_login(login, password, ip_address)
+    account = accounts_repository.find_by_email(login)
+    return nil unless account
+    
+    password_hash = AuthenticationService::Account.hash_for_password(password)
+    return nil unless account.password_hash == password_hash
+    
+    sessions_repository.create AuthenticationService::Session.create_new(account, ip_address)
+  end
+  
+  def sign_out(session)
+    sessions_repository.destroy(session)
+  end  
+end

data/lib/authentication-service/persistance/accounts-repository.rb

@@ -0,0 +1,22 @@
+module AuthenticationService::Persistance
+  class AccountsRepository
+    include AuthenticationService::Persistance::ModelHelpers
+    
+    attr_reader :model_class
+    
+    def initialize(model_class)
+      @model_class = model_class
+    end
+    
+    def create(email, password)
+      rec = @model_class.create! :email => email, :password_hash => AuthenticationService::Account.hash_for_password(password)
+      to_account_model rec
+    end
+
+    def find_by_email(email)
+      rec = @model_class.find_by_email(email)
+      return nil unless rec
+      to_account_model rec
+    end    
+  end
+end

data/lib/authentication-service/persistance/sessions-repository.rb

@@ -0,0 +1,37 @@
+module AuthenticationService::Persistance
+  class SessionsRepository
+    include AuthenticationService::Persistance::ModelHelpers
+    
+    attr_reader :model_class
+    
+    def initialize(model_class)
+      @model_class = model_class
+    end
+    
+    def find_by_session_id(session_id)
+      rec = @model_class.includes(:account).find_by_session_id(session_id)
+      return nil unless rec
+      return to_session_model rec
+    end
+
+    def create(session)
+      @model_class.create! :session_id => session.session_id,
+        :account_id => session.account.account_id,
+        :ip_address => session.ip_address,
+        :created_at => session.created_at,
+        :updated_at => session.last_time_used_at
+      session
+    end
+
+    def touch(session_id)
+      rec = @model_class.find_by_session_id(session_id)
+      rec.touch
+    end
+
+    def destroy(session)
+      rec = @model_class.find_by_session_id(session.session_id)
+      rec.destroy
+      session
+    end    
+  end
+end

data/lib/authentication-service/persistance.rb

@@ -0,0 +1,19 @@
+module AuthenticationService::Persistance
+  autoload :AccountsRepository, 'authentication-service/persistance/accounts-repository'
+  autoload :SessionsRepository, 'authentication-service/persistance/sessions-repository'
+  
+  
+  module ModelHelpers
+    def to_session_model(session_record)
+      AuthenticationService::Session.new(session_record.session_id, 
+        to_account_model(session_record.account), 
+        session_record.ip_address, 
+        session_record.created_at, 
+        session_record.updated_at)
+    end
+
+    def to_account_model(account_record)
+      AuthenticationService::Account.new account_record.id, account_record.email, account_record.password_hash
+    end
+  end  
+end

data/lib/authentication-service/rails/sessions-controller-actions.rb

@@ -0,0 +1,38 @@
+module AuthenticationService::Rails::SessionsControllerActions
+  def self.included(base)
+    base.before_filter :authenticate, :only => :destroy
+  end
+  
+  def new
+  end
+
+  def create
+    authenticated_session = authentication_service.authenticate_by_login(params[:login], params[:password], request.remote_ip)
+    if authenticated_session
+      session[:authenticated_session_id] = authenticated_session.session_id
+      redirect_back
+    else
+      respond_to do |format|
+        format.html {
+          render :action => :new, :status => :unauthorized
+        }
+        format.json {
+          render :nothing => true, :status => :unauthorized
+        }
+      end
+    end
+  end
+
+  def destroy
+    authentication_service.sign_out(current_session)
+    reset_session
+    respond_to do |format|
+      format.html {
+        redirect_to(sign_in_url)
+      }
+      format.json {
+        render :json => {'navigate-to' => sign_in_url}
+      }
+    end
+  end
+end

data/lib/authentication-service/rails.rb

@@ -0,0 +1,89 @@
+module AuthenticationService::Rails
+  
+  def self.included(base)
+    base.extend ClassMethods
+  end
+    
+  module ClassMethods
+    class OptionsStore
+      class << self
+        attr_accessor :account_class, :session_class
+      end
+    end
+    
+    def account_class
+      OptionsStore.account_class
+    end
+    
+    def session_class
+      OptionsStore.session_class
+    end
+    
+    def authentication_service(options)
+      options = {
+        :account => nil,
+        :session => nil
+      }.merge(options)
+      
+      raise "Account persistance model class not assigned" unless options[:account]
+      raise "Session persistance model class not assigned" unless options[:session]
+      
+      OptionsStore.account_class = options[:account]
+      OptionsStore.session_class = options[:session]
+    end
+    
+    def behave_as_sessins_controller
+      self.send(:include, AuthenticationService::Rails::SessionsControllerActions)
+    end
+  end
+  
+  autoload :SessionsControllerActions, 'authentication-service/rails/sessions-controller-actions'
+  
+  attr_accessor :current_session
+  
+  def authenticated?
+    !current_session.blank?
+  end
+  
+  def authenticate
+    authenticate_from_session if session[:authenticated_session_id]
+    redirect_not_authenticated unless authenticated?
+  end
+  
+  def authentication_service
+    @authentication_service ||= begin
+      raise "Authentication service not configured. Please use authentication_service to configure it." unless self.class.account_class
+      raise "Authentication service not configured. Please use authentication_service to configure it." unless self.class.session_class
+      accounts_repository = AuthenticationService::Persistance::AccountsRepository.new(self.class.account_class)
+      sessions_repository = AuthenticationService::Persistance::SessionsRepository.new(self.class.session_class)
+      AuthenticationService::Base.new(accounts_repository, sessions_repository)
+    end
+  end
+  
+  def authentication_service=(value)
+    @authentication_service = value
+  end
+  
+  protected
+    def redirect_not_authenticated
+      session[:return_to] = request.fullpath
+      redirect_to sign_in_url
+    end
+  
+    def redirect_back
+      respond_to do |format|
+        format.html {
+          redirect_to(session[:return_to] || root_url)
+        }
+        format.json {
+          render :json => {'navigate-to' => (session[:return_to] || root_url)}
+        }
+      end
+      session[:return_to] = nil
+    end
+  
+  private
+    def authenticate_from_session
+      self.current_session = authentication_service.authenticate_by_session_id(session[:authenticated_session_id], request.remote_ip)
+    end
+end

data/lib/authentication-service/session.rb

@@ -0,0 +1,32 @@
+require 'securerandom'
+
+class AuthenticationService::Session
+  attr_reader :session_id
+
+  #Account instance of this session
+  attr_reader :account
+
+  #Ip address of the client that has issued the session
+  attr_reader :ip_address
+
+  #Date/Time when session has been started
+  attr_reader :created_at
+
+  #Date/Time when the session has been used last time
+  attr_reader :last_time_used_at
+
+  def initialize(session_id, account, ip_address, created_at, last_time_used_at)
+    @session_id, @account, @ip_address, @created_at, @last_time_used_at = session_id, account, ip_address, created_at, last_time_used_at
+  end
+
+  # Make sure the session has not expired and ip_address is the same as originally issued
+  def is_valid?(ip_address)
+
+  end
+
+  class << self
+    def create_new(account, ip_address)
+      new(SecureRandom.hex(32), account, ip_address, DateTime.now, DateTime.now)
+    end
+  end
+end

data/lib/authentication-service/version.rb

@@ -0,0 +1,3 @@
+module AuthenticationService
+  VERSION = "0.0.1.a1"
+end

data/lib/authentication-service.rb

@@ -0,0 +1,9 @@
+require "authentication-service/version"
+
+module AuthenticationService
+  autoload :Account, 'authentication-service/account'
+  autoload :Base, 'authentication-service/base'
+  autoload :Persistance, 'authentication-service/persistance'
+  autoload :Rails, 'authentication-service/rails'
+  autoload :Session, 'authentication-service/session'
+end

data/spec/lib/account_spec.rb

@@ -0,0 +1,10 @@
+require 'spec_helper'
+
+describe Account do
+  describe "hash_for_password" do
+    it "should use SHA512 as hashing method" do
+      sha512_hash = Digest::SHA512.hexdigest('some-password')
+      Account.hash_for_password('some-password').should eql sha512_hash
+    end
+  end
+end

data/spec/lib/base_spec.rb

@@ -0,0 +1,106 @@
+require 'spec_helper'
+
+describe AuthenticationService::Base do
+  before(:each) do
+    @sessions_repository    = mock(:sessions_repository)
+    @accounts_repository    = mock(:accounts_repository)
+    @authentication_service = AuthenticationService::Base.new(@accounts_repository, @sessions_repository)
+    
+    @account = Account.new(10, "mail@domain.com", "some-password-hash")
+    @session = Session.new("session-id", @account, "127.0.0.1", nil, nil)
+  end
+  
+  describe "register_account" do
+    it "should use accounts repository to create new account" do
+      account = Account.new(10, "mail@domain.com", "some-password-hash")
+      @accounts_repository.should_receive(:create).with("mail@domain.com", "some-password").and_return(account)
+      
+      @authentication_service.register_account "mail@domain.com", "some-password"
+    end
+    
+    it "should return created account instance" do
+      account = Account.new(10, "mail@domain.com", "some-password-hash")
+      @accounts_repository.stub(:create).and_return(account)
+      
+      @authentication_service.register_account("mail@domain.com", "some-password").should be account
+    end
+  end
+  
+  describe "authenticate_by_session_id" do
+    before(:each) do
+      @sessions_repository.stub(:find_by_session_id) { @session }
+      @sessions_repository.stub(:touch)
+    end
+    
+    it "should use sessions repository to find stored sessions" do
+      @sessions_repository.should_receive(:find_by_session_id).with("session-id").and_return(@session)
+      @authentication_service.authenticate_by_session_id("session-id", "127.0.0.1")
+    end
+    
+    it "should return nil if session does not exist" do
+      @sessions_repository.stub(:find_by_session_id) { nil }
+      @authentication_service.authenticate_by_session_id("session-id", "127.0.0.1").should be_nil
+    end
+    
+    it "should return the session if ip_address is the same as initial" do
+      @authentication_service.authenticate_by_session_id("session-id", "127.0.0.1").should be @session
+    end
+    
+    it "should return nil if ip_address is different from initial" do
+      @authentication_service.authenticate_by_session_id("session-id", "127.0.0.2").should be_nil
+    end
+    
+    it "should touch session so last_time_used_at gets updated" do
+      @sessions_repository.should_receive(:touch).with("session-id")
+      @authentication_service.authenticate_by_session_id("session-id", "127.0.0.1")
+    end
+  end
+  
+  describe "authenticate_by_login" do
+    before(:each) do
+      @accounts_repository.stub(:find_by_email) { @account }
+      Session.stub(:create_new) { @session }
+      @sessions_repository.stub(:create) { @session }
+      Account.stub(:hash_for_password) { "some-password-hash" }
+    end
+    
+    it "should use accounts repository to obtain accounts" do
+      @accounts_repository.should_receive(:find_by_email).with("mail@domain.com").and_return(@account)
+      @authentication_service.authenticate_by_login("mail@domain.com", "some-password", "127.0.0.1")
+    end
+    
+    describe "account is found and password is valid" do
+      
+      it "should return new session instance" do
+        @authentication_service.authenticate_by_login("mail@domain.com", "some-password", "127.0.0.1").should be @session
+      end
+
+      it "should create new session using sessions repository" do
+        @sessions_repository.should_receive(:create).with(@session).and_return(@session)
+        @authentication_service.authenticate_by_login("mail@domain.com", "some-password", "127.0.0.1")
+      end
+    end
+    
+    it "should return nil if account not found" do
+      @accounts_repository.stub(:find_by_email) { nil }
+      @authentication_service.authenticate_by_login("mail@domain.com", "some-password", "127.0.0.1").should be_nil
+    end
+    
+    it "should return nil if account is found but password is invalid" do
+      Account.stub(:hash_for_password) { "invalid-password-hash" }
+      @authentication_service.authenticate_by_login("mail@domain.com", "some-password", "127.0.0.1").should be_nil
+    end
+  end
+  
+  describe "sign_out" do
+    it "should destroy the session using repository" do
+      @sessions_repository.should_receive(:destroy).with(@session).and_return(@session)
+      @authentication_service.sign_out(@session)
+    end
+    
+    it "should return session object" do
+      @sessions_repository.stub(:destroy) {@session}
+      @authentication_service.sign_out(@session).should be @session
+    end
+  end
+end

data/spec/lib/persistance/accounts_repository_spec.rb

@@ -0,0 +1,52 @@
+require 'spec_helper'
+
+describe AuthenticationService::Persistance::AccountsRepository do
+  before(:each) do
+    @model_class = mock(:account_model_class)
+    @repository  = AuthenticationService::Persistance::AccountsRepository.new @model_class
+  end
+  
+  describe "create" do
+    it "should create corresponding database record" do
+      password_hash = AuthenticationService::Account.hash_for_password("some-password")
+      @model_class.should_receive(:create!).
+        with(:email => "mail@domain.com", :password_hash => password_hash).
+        and_return(mock(:account_rec, :id => 999, :email => "mail@domain.com", :password_hash => password_hash))
+      @repository.create "mail@domain.com", "some-password"
+    end
+    
+    it "return Account instance" do
+      password_hash = AuthenticationService::Account.hash_for_password("some-password")
+      @model_class.stub(:create!).
+        and_return(mock(:account_rec, :id => 999, :email => "mail@domain.com", :password_hash => password_hash))
+      account = @repository.create "mail@domain.com", "some-password"
+      account.should be_instance_of AuthenticationService::Account
+      account.account_id.should eql 999
+      account.email.should eql "mail@domain.com"
+    end
+    
+    it "should hash password" do
+      AuthenticationService::Account.should_receive(:hash_for_password).with("some-password").and_return("hashed-password")
+      @model_class.stub(:create!).
+        and_return(mock(:account_rec, :id => 999, :email => "mail@domain.com", :password_hash => "hashed-password"))
+      account = @repository.create "mail@domain.com", "some-password"
+      account.password_hash.should eql "hashed-password"
+    end
+  end
+  
+  describe "find_by_email" do
+    it "should return corresponding database record searching by email" do
+      rec = mock :account_rec, :id => 999, :email => "mail@domain.com", :password_hash => "some-hash"
+      @model_class.should_receive(:find_by_email).with("mail@domain.com").and_return(rec)
+      
+      account = @repository.find_by_email rec.email
+      account.account_id.should eql rec.id
+      account.password_hash.should eql rec.password_hash
+    end
+    
+    it "should return nil if no such account" do
+      @model_class.should_receive(:find_by_email).with("unknown-mail@domain.com").and_return(nil)
+      @repository.find_by_email("unknown-mail@domain.com").should be_nil
+    end
+  end
+end

data/spec/lib/persistance/sessions_repository_spec.rb

@@ -0,0 +1,93 @@
+require 'spec_helper'
+
+describe AuthenticationService::Persistance::SessionsRepository do
+  include AuthenticationService::Persistance::ModelHelpers
+  
+  before(:each) do
+    @model_class = mock(:session_model_class)
+    @repository  = AuthenticationService::Persistance::SessionsRepository.new(@model_class)
+    @account_rec = mock :account_rec, :id => 999, :email => "mail@domain.com", :password_hash => "password-hash"
+    @session_rec = mock :session_rec, 
+      :id         => 555, 
+      :session_id => "unique-session-id", 
+      :account_id => @account_rec.id, 
+      :account    => @account_rec,
+      :ip_address => "127.0.0.2",
+      :created_at => DateTime.now,
+      :updated_at => DateTime.now
+  end
+  
+  describe "find_by_session_id" do
+    before(:each) do
+      @model_class.stub(:includes) { @model_class }
+      @model_class.stub(:find_by_session_id) { @session_rec }
+    end
+    
+    it "should return corresponding session instance" do
+      @model_class.should_receive(:includes).with(:account) { @model_class }
+      @model_class.should_receive(:find_by_session_id).with("unique-session-id") { @session_rec }
+
+      session = @repository.find_by_session_id "unique-session-id"
+      session.should be_instance_of AuthenticationService::Session
+      session.ip_address.should eql "127.0.0.2"
+    end
+    
+    it "should return nil for not existing session_id" do
+      @model_class.stub(:find_by_session_id) { nil }
+      @repository.find_by_session_id("unknown-session-id").should be_nil
+    end
+    
+    it "should assign corresponding account" do
+      session = @repository.find_by_session_id "unique-session-id"
+      session.account.should_not be_nil
+      session.account.should be_instance_of AuthenticationService::Account
+      session.account.account_id.should eql @account_rec.id
+    end
+  end
+  
+  describe "create" do
+    it "should create corresponding database record" do
+      session = AuthenticationService::Session.create_new to_account_model(@account_rec), "127.0.0.1"
+      @model_class.should_receive(:create!).with(:session_id => session.session_id,
+        :account_id => session.account.account_id,
+        :ip_address => session.ip_address,
+        :created_at => session.created_at,
+        :updated_at => session.last_time_used_at)
+        
+      @repository.create session
+    end
+    
+    it "should return created session instance" do
+      new_session = AuthenticationService::Session.create_new to_account_model(@account_rec), "127.0.0.1"
+      @model_class.stub(:create!)
+      session = @repository.create new_session
+      session.should be(new_session)
+    end
+  end
+  
+  describe "touch" do
+    it "should set updated_at date to now" do
+      @model_class.should_receive(:find_by_session_id).with(@session_rec.session_id).and_return(@session_rec)
+      @session_rec.should_receive :touch
+      @repository.touch @session_rec.session_id
+    end
+  end  
+  
+  describe "destroy" do
+    before(:each) do
+      @session = to_session_model(@session_rec)
+    end
+    
+    it "should destroy sessions record" do
+      @model_class.should_receive(:find_by_session_id).with(@session_rec.session_id).and_return(@session_rec)
+      @session_rec.should_receive(:destroy)
+      @repository.destroy(@session)
+    end
+        
+    it "should return sessions model" do
+      @model_class.stub(:find_by_session_id).and_return(@session_rec)
+      @session_rec.stub(:destroy)
+      @repository.destroy(@session).should be @session
+    end
+  end
+end

data/spec/lib/persistance_spec.rb

@@ -0,0 +1,43 @@
+require 'spec_helper'
+
+describe AuthenticationService::Persistance do
+  describe AuthenticationService::Persistance::ModelHelpers do
+    include AuthenticationService::Persistance::ModelHelpers
+    
+    describe "to_account_model" do
+      it "should create new model instance" do
+        rec     = mock :account, :id => 999, :email => "mail@domain.com", :password_hash => "password-hash"
+        account = to_account_model(rec)
+        account.account_id.should eql rec.id
+        account.email.should eql rec.email
+        account.password_hash.should eql rec.password_hash
+      end
+    end
+
+    describe "to_session_model" do
+      before(:each) do
+        @account = mock :account, :id => 999, :email => "mail@domain.com", :password_hash => "password-hash"
+        @session = mock :session, :id => 998, :session_id => "some-session-id", 
+          :account => @account, 
+          :ip_address => "127.0.0.3",
+          :created_at => DateTime.now - 3,
+          :updated_at => DateTime.now - 2
+      end
+
+      it "should return session model with corresponding properties assigned" do
+        model = to_session_model(@session)
+        model.should be_instance_of(AuthenticationService::Session)
+        model.session_id.should eql @session.session_id
+        model.ip_address.should eql @session.ip_address
+        model.created_at.should eql @session.created_at
+        model.last_time_used_at.should eql @session.updated_at
+      end
+
+      it "should also assign account" do
+        model = to_session_model(@session)
+        model.account.should be_instance_of AuthenticationService::Account
+        model.account.email.should eql "mail@domain.com"
+      end
+    end
+  end  
+end

data/spec/lib/rails_sessions_controller_actions_spec.rb

@@ -0,0 +1,169 @@
+require 'spec_helper'
+
+class RailsSessionsControllerActionsSpecController
+  
+  class << self
+    attr_accessor :before_filter_args
+    def before_filter(sym, options)
+      @before_filter_args = {
+        :sym => sym,
+        :options => options
+      }
+    end
+  end
+  
+  include AuthenticationService::Rails::SessionsControllerActions
+  
+  attr_reader :session
+  attr_accessor :authentication_service, :current_session, :request, :params
+  
+  def initialize
+    @session = {}
+  end
+end
+
+describe RailsSessionsControllerActionsSpecController do
+  
+  before(:each) do
+    @session                           = mock(:session)
+    @authentication_service            = mock(:authentication_service)
+    @controller                        = RailsSessionsControllerActionsSpecController.new
+    @controller.request                = mock(:request)
+    @controller.authentication_service = @authentication_service
+    
+    @controller.stub(:redirect_back)
+    @controller.request.stub("remote_ip") { "localhost" }
+    @session.stub(:session_id) { "some-session-id" }
+  end
+  
+  describe "module included" do
+    it "should define filter :authenticate for destroy action" do
+      @controller.class.before_filter_args[:sym].should eql :authenticate
+      @controller.class.before_filter_args[:options][:only].should eql :destroy
+    end
+  end
+
+  describe "new" do
+    it "should do nothing" do
+      @controller.new
+    end
+  end
+
+  describe "create" do
+    describe "authentication successful" do
+      it "uses authentication_service to create new session" do
+        @authentication_service.should_receive(:authenticate_by_login).with("admin", "password", "localhost").and_return(@session)
+        
+        @controller.params = {
+          :login => "admin",
+          :password => "password"
+        }
+        @controller.create
+      end
+      
+      it "remembers new session_id in session" do
+        @authentication_service.stub(:authenticate_by_login).and_return(@session)
+        
+        @controller.params = {
+          :login => "admin",
+          :password => "password"
+        }
+        @controller.create
+        
+        @controller.session[:authenticated_session_id].should eql "some-session-id"
+      end
+
+      it "redirects redirect_back" do
+        @authentication_service.stub(:authenticate_by_login).and_return(@session)
+        
+        @controller.should_receive :redirect_back
+        
+        @controller.params = {
+          :login => "admin",
+          :password => "password"
+        }
+        @controller.create
+      end
+    end
+    
+    describe "authentication failed" do
+      before(:each) do
+        @authentication_service.stub(:authenticate_by_login).and_return(nil)
+        @format = mock(:format)
+        @format.stub(:json)
+        @format.stub(:html)
+        @controller.should_receive(:respond_to) do |&block| block.call(@format) end        
+      end
+      
+      describe "for html format" do
+        it "should render :new and return unauthorized status" do
+          @format.should_receive(:html) do |&block| block.call end
+            
+          @controller.should_receive(:render).with(:action => :new, :status => :unauthorized)
+
+          @controller.params = {
+            :login => "admin",
+            :password => "password"
+          }
+          @controller.create
+        end        
+      end
+      
+      describe "for json format" do
+        it "should render :nothing and return unauthorized status" do
+          @format.should_receive(:json) do |&block| block.call end
+            
+          @controller.should_receive(:render).with(:nothing => true, :status => :unauthorized)
+
+          @controller.params = {
+            :login => "admin",
+            :password => "password"
+          }
+          @controller.create
+        end
+      end
+    end
+  end
+
+  describe "POST 'destroy'" do
+    before(:each) do
+      @format = mock(:format)
+      @format.stub(:json)
+      @format.stub(:html)
+      @controller.should_receive(:respond_to) do |&block| block.call(@format) end        
+
+      @controller.current_session = @session
+      @authentication_service.stub(:sign_out)
+      
+      @controller.stub(:sign_in_url) { '/sign-in' }
+      @controller.stub(:reset_session)
+    end
+    
+    it "should use authentication_service to sign-off" do
+      @authentication_service.should_receive(:sign_out).with(@session)
+      @controller.destroy
+    end
+    
+    it "should reset session" do
+      @controller.should_receive(:reset_session)
+      
+      @controller.destroy
+    end
+    
+    describe "for html" do
+      it "should redirect to sign_in_url" do
+        @format.should_receive(:html) do |&block| block.call end
+        @controller.should_receive(:redirect_to).with("/sign-in")
+        @controller.destroy
+      end
+    end
+    
+    describe "for json" do
+      it "should render json with sign_in_url" do
+        @format.should_receive(:json) do |&block| block.call end
+        @controller.should_receive(:render).with(:json => {'navigate-to' => '/sign-in'})
+        @controller.destroy
+      end
+    end
+  end
+end

data/spec/lib/rails_spec.rb

@@ -0,0 +1,207 @@
+require 'spec_helper'
+
+class AuthenticationSpecController
+  include AuthenticationService::Rails
+
+  # authentication_service { :sign_in_action => '/sign-in', 
+  #   :sign_out_action => '/sign-out'}
+  
+  attr_reader :session
+  attr_accessor :request
+  
+  def initialize
+    @session = {}
+  end
+  
+  attr_accessor :respond_to_format
+  def respond_to(&block)
+    yield(@respond_to_format)
+  end
+end
+
+describe AuthenticationService::Rails do
+  before(:each) do
+    @controller         = AuthenticationSpecController.new
+    @controller.request = mock(:request)
+  end
+  
+  before(:each) do
+    @authentication_service            = mock(:authentication_service)
+    @controller.authentication_service = @authentication_service
+  end
+  
+  describe "self.class.authentication_service" do
+    it "should fail if options does not have account" do
+      session_class = mock(:session_class)
+      lambda { 
+        AuthenticationSpecController.authentication_service :account => nil, :session => session_class 
+      }.should raise_error(RuntimeError)
+    end
+    
+    it "should fail if options does not have session" do
+      account_class = mock(:account_class)
+      lambda {  
+        AuthenticationSpecController.authentication_service :account => nil, :account => account_class
+      }.should raise_error(RuntimeError)
+    end
+    
+    it "should assign account and session classes" do
+      account_class = mock(:account_class)
+      session_class = mock(:session_class)
+      AuthenticationSpecController.authentication_service :account => account_class, :session => session_class
+      AuthenticationSpecController.account_class.should be account_class
+      AuthenticationSpecController.session_class.should be session_class
+    end
+  end
+  
+  describe "authentication_service=" do
+    it "should return instance with configured account and session classes" do
+      account_class = mock(:account_class)
+      session_class = mock(:session_class)
+      AuthenticationSpecController.authentication_service :account => account_class, :session => session_class
+      @controller.authentication_service = nil
+      @controller.authentication_service.accounts_repository.model_class.should be account_class
+      @controller.authentication_service.sessions_repository.model_class.should be session_class
+    end
+  end
+  
+  describe "authenticated?" do
+    it "should return true if current sesion is not nil" do
+      @controller.current_session = mock(:session, :blank? => false)
+      @controller.authenticated?.should be_true
+    end
+    
+    it "should return false if current session is nil" do
+      @controller.current_session = mock(:session, :blank? => true)
+      @controller.authenticated?.should be_false
+    end
+  end
+  
+  describe "authenticate" do
+    it "should authenticate_from_session if there is authenticated session id" do
+      @controller.session[:authenticated_session_id] = "some-session-id"
+      @controller.should_receive(:authenticate_from_session) {
+        @controller.current_session = mock(:session, :blank? => false)
+      }
+      @controller.should_not_receive(:redirect_not_authenticated)
+      @controller.authenticate
+    end
+    
+    it "should redirect_not_authenticated if not authenticated" do
+      @controller.current_session = mock(:session, :blank? => true)
+      @controller.should_receive(:redirect_not_authenticated)
+      @controller.authenticate
+    end
+    
+    it "should not redirect if authenticated" do
+      @controller.current_session = mock(:session, :blank? => false)
+      @controller.should_not_receive(:redirect_not_authenticated)
+      @controller.authenticate      
+    end
+  end
+  
+  describe "authenticate_from_session" do
+    before(:each) do
+      @controller.authentication_service             = mock(:authentication_service)
+      @controller.session[:authenticated_session_id] = "authenticated-session-id"
+      @controller.request.stub(:remote_ip).and_return("192.168.48.1")
+    end
+    
+    it "uses authentication-service to authenticate by session-id" do
+      @controller.request.should_receive(:remote_ip).and_return("192.168.48.1")
+      @controller.authentication_service.should_receive(:authenticate_by_session_id).with("authenticated-session-id", "192.168.48.1")
+      @controller.send(:authenticate_from_session)
+    end
+    
+    it "assigns current_session" do
+      authenticated_session = mock(:authenticated_session)
+      @controller.authentication_service.
+        should_receive(:authenticate_by_session_id).
+        with("authenticated-session-id", "192.168.48.1").
+        and_return(authenticated_session)
+      @controller.send(:authenticate_from_session)
+      @controller.current_session.should be authenticated_session
+    end
+  end
+  
+  describe "redirect_not_authenticated" do
+    before(:each) do
+      @controller.request.should_receive(:fullpath).and_return('/current-path')
+      @controller.should_receive(:sign_in_url).and_return("/sign-in")
+      @controller.stub(:redirect_to)
+    end
+    
+    it "should remember current path in session" do
+      @controller.send(:redirect_not_authenticated)
+      @controller.session[:return_to].should eql '/current-path'
+    end
+    
+    it "should redirect to sign_in_url" do
+      @controller.should_receive(:redirect_to).with("/sign-in")
+      @controller.send(:redirect_not_authenticated)
+    end
+  end
+  
+  describe "redirect_back" do
+    before(:each) do
+      @format = mock(:format)
+      @format.stub(:html)
+      @format.stub(:json)
+      @controller.respond_to_format = @format
+    end
+    
+    describe "for html format" do
+      before(:each) do
+        @format.should_receive(:html) do |&block| block.call end        
+      end
+      
+      it "should redirect to previously saved return path" do
+        @controller.session[:return_to] = "/return-path"
+        @controller.should_receive(:redirect_to).with("/return-path")
+        @controller.send(:redirect_back)
+      end
+      
+      it "should redirect to root_url if no saved return path" do
+        @controller.should_receive(:root_url).and_return("/root-url")
+        @controller.should_receive(:redirect_to).with("/root-url")
+        @controller.send(:redirect_back)
+      end
+      
+      it "should clear saved return path" do
+        @controller.session[:return_to] = "/return-path"
+        @controller.stub(:redirect_to)
+        @controller.send(:redirect_back)
+        @controller.session[:return_to].should be_nil
+      end
+    end
+    
+    describe "for json format" do
+      before(:each) do
+        @format.should_receive(:json) do |&block| block.call end        
+      end
+      
+      it "should render json with previously saved return path" do
+        @controller.session[:return_to] = "/return-path"
+        @controller.should_receive(:render) do |rendered_with|
+          rendered_with[:json]['navigate-to'].should eql '/return-path'
+        end
+        @controller.send(:redirect_back)
+      end
+      
+      it "should render json with root_url if no saved return path" do
+        @controller.should_receive(:root_url).and_return("/root-url")
+        @controller.should_receive(:render) do |rendered_with|
+          rendered_with[:json]['navigate-to'].should eql '/root-url'
+        end
+        @controller.send(:redirect_back)
+      end
+      
+      it "should clear saved return path" do
+        @controller.session[:return_to] = "/return-path"
+        @controller.stub(:render)
+        @controller.send(:redirect_back)
+        @controller.session[:return_to].should be_nil
+      end
+    end
+  end
+end

data/spec/lib/session_spec.rb

@@ -0,0 +1,22 @@
+require 'spec_helper'
+
+describe Session do
+  describe "create_new" do
+    it "should assign account and ip_address" do
+      account  = mock(:account)
+      session = Session.create_new(account, "localhost")
+      session.account.should be account
+      session.ip_address.should eql "localhost"
+    end
+    
+    it "should generate new random session_id" do
+      session1 = Session.create_new(mock(:account), "localhost")
+      session2 = Session.create_new(mock(:account), "localhost")
+      
+      session1.session_id.should_not be_nil
+      session2.session_id.should_not be_nil
+      
+      session1.session_id.should_not eql session2.session_id
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,23 @@
+require 'rubygems'
+
+# Set up gems listed in the Gemfile.
+ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../Gemfile', __FILE__)
+
+require 'bundler/setup' if File.exists?(ENV['BUNDLE_GEMFILE'])
+
+require 'rspec'
+require 'authentication-service'
+
+# This file was generated by the `rspec --init` command. Conventionally, all
+# specs live under a `spec` directory, which RSpec adds to the `$LOAD_PATH`.
+# Require this file using `require "spec_helper.rb"` to ensure that it is only
+# loaded once.
+#
+# See http://rubydoc.info/gems/rspec-core/RSpec/Core/Configuration
+RSpec.configure do |config|
+  include AuthenticationService
+  
+  config.treat_symbols_as_metadata_keys_with_true_values = true
+  config.run_all_when_everything_filtered = true
+  config.filter_run :focus
+end

metadata

@@ -0,0 +1,91 @@
+--- !ruby/object:Gem::Specification
+name: authentication-service
+version: !ruby/object:Gem::Version
+  version: 0.0.1.a1
+  prerelease: 6
+platform: ruby
+authors:
+- Evgeny Myasishchev
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2012-01-27 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: &70191597925800 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: *70191597925800
+description: Provides authentication related stuff.
+email:
+- evgeny.myasishchev@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- .rspec
+- .rvmrc
+- Gemfile
+- README
+- Rakefile
+- authentication-service.gemspec
+- lib/authentication-service.rb
+- lib/authentication-service/account.rb
+- lib/authentication-service/base.rb
+- lib/authentication-service/persistance.rb
+- lib/authentication-service/persistance/accounts-repository.rb
+- lib/authentication-service/persistance/sessions-repository.rb
+- lib/authentication-service/rails.rb
+- lib/authentication-service/rails/sessions-controller-actions.rb
+- lib/authentication-service/session.rb
+- lib/authentication-service/version.rb
+- spec/lib/account_spec.rb
+- spec/lib/base_spec.rb
+- spec/lib/persistance/accounts_repository_spec.rb
+- spec/lib/persistance/sessions_repository_spec.rb
+- spec/lib/persistance_spec.rb
+- spec/lib/rails_sessions_controller_actions_spec.rb
+- spec/lib/rails_spec.rb
+- spec/lib/session_spec.rb
+- spec/spec_helper.rb
+homepage: ''
+licenses: []
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>'
+    - !ruby/object:Gem::Version
+      version: 1.3.1
+requirements: []
+rubyforge_project: authentication-service
+rubygems_version: 1.8.15
+signing_key: 
+specification_version: 3
+summary: Authentication service for Rails (and not only)
+test_files:
+- spec/lib/account_spec.rb
+- spec/lib/base_spec.rb
+- spec/lib/persistance/accounts_repository_spec.rb
+- spec/lib/persistance/sessions_repository_spec.rb
+- spec/lib/persistance_spec.rb
+- spec/lib/rails_sessions_controller_actions_spec.rb
+- spec/lib/rails_spec.rb
+- spec/lib/session_spec.rb
+- spec/spec_helper.rb