authkit 0.4.0 → 0.5.0

data/lib/generators/authkit/templates/app/controllers/email_confirmation_controller.rb

@@ -34,7 +34,7 @@ class EmailConfirmationController < ApplicationController
   # lock the account.
   def require_token
     verifier = ActiveSupport::MessageVerifier.new(Rails.application.config.secret_key_base)
-    valid = params[:token].present?
+    valid = params[:token].present? && current_user.confirmation_token.present?
     valid = valid && verifier.send(:secure_compare, params[:token], current_user.confirmation_token)
     valid = valid && !current_user.confirmation_token_expired?
     deny_user("Invalid token", root_path) unless valid

data/lib/generators/authkit/templates/app/controllers/password_reset_controller.rb

@@ -28,8 +28,14 @@ class PasswordResetController < ApplicationController
 
   def user
     return @user if defined?(@user)
+    <% if username? %>
     username_or_email = "#{params[:email]}".downcase
     return if username_or_email.blank?
-    @user = User.where('username = ? OR email = ?', username_or_email, username_or_email).first
+    @user = User.where('LOWER(username) = ? OR email = ?', username_or_email, username_or_email).first
+    <% else %>
+    email = "#{params[:email]}".downcase
+    return if email.blank?
+    @user = User.where('email = ?', email).first
+    <% end %>
   end
 end

data/lib/generators/authkit/templates/app/controllers/sessions_controller.rb

@@ -1,4 +1,8 @@
 class SessionsController < ApplicationController
+  <% if oauth? %>
+  include AuthsHelper
+  <% end %>
+
   # Login
   def new
   end
@@ -35,9 +39,14 @@ class SessionsController < ApplicationController
   protected
 
   def user
-    return @user if defined?(@user)
+    <% if username? %>
     username_or_email = "#{params[:email]}".downcase
     return if username_or_email.blank?
-    @user = User.where('username = ? OR email = ?', username_or_email, username_or_email).first
+    @user = User.where('LOWER(username) = ? OR email = ?', username_or_email, username_or_email).first
+    <% else %>
+    email = "#{params[:email]}".downcase
+    return if email.blank?
+    @user = User.where('email = ?', email).first
+    <% end %>
   end
 end

data/lib/generators/authkit/templates/app/controllers/signup_controller.rb

@@ -1,4 +1,6 @@
 class SignupController < ApplicationController
+  <% if oauth? %>include AuthsHelper
+  <% end %>
   respond_to :html, :json
 
   # Create a new Signup form model (found in app/forms/signup.rb)
@@ -32,8 +34,8 @@ class SignupController < ApplicationController
   def signup_params
     params.require(:signup).permit(
       :email,
-      :username,
-      :password,
+      <% if username? %>:username,
+      <% end %>:password,
       :password_confirmation,
       :first_name,
       :last_name,

data/lib/generators/authkit/templates/app/controllers/upload_controller.rb

@@ -0,0 +1,78 @@
+class UploadController < ApplicationController
+  before_filter :require_login
+  before_filter :require_advertiser, only: [:audio, :cover]
+  before_filter :aws_key_to_remote_url, only: [:avatar]
+
+  respond_to :json
+
+  def audio
+    @audio = current_user.audios.build(audio_params)
+
+    # Each new upload needs to be unique in case the same file is uploaded twice with different content
+    @audio.attachment_uploaded_at = Time.now
+
+    if @audio.save
+      respond_to do |format|
+        format.json { render json: @audio }
+      end
+    else
+      respond_to do |format|
+        format.json { render json: { status: 'error', errors: @audio.errors }.to_json, status: 422 }
+      end
+    end
+  end
+
+  def cover
+    @cover = current_user.covers.build(cover_params)
+
+    # Each new upload needs to be unique in case the same file is uploaded twice with different content
+    @cover.attachment_uploaded_at = Time.now
+
+    if @cover.save
+      respond_to do |format|
+        format.json { render json: @cover }
+      end
+    else
+      respond_to do |format|
+        format.json { render json: { status: 'error', errors: @cover.errors }.to_json, status: 422 }
+      end
+    end
+  end
+
+  def avatar
+    @avatar = current_user.build_avatar(avatar_params)
+
+    # Each new upload needs to be unique in case the same file is uploaded twice with different content
+    @avatar.attachment_uploaded_at = Time.now
+
+    if current_user.save
+      respond_to do |format|
+        format.json { render json: @avatar }
+      end
+    else
+      respond_to do |format|
+        format.json { render json: { status: 'error', errors: @avatar.errors }.to_json, status: 422 }
+      end
+    end
+  end
+
+  protected
+
+  def audio_params
+    params.require(:audio).permit(:attachment)
+  end
+
+  def cover_params
+    params.require(:cover).permit(:attachment)
+  end
+
+  def avatar_params
+    params.require(:avatar).permit(:attachment, :remote_url)
+  end
+
+  def aws_key_to_remote_url
+    params[:avatar] ||= {}
+    params[:avatar][:remote_url] ||= view_context.aws_url_for(params[:key]) if params[:key].present?
+  end
+
+end

data/lib/generators/authkit/templates/app/controllers/users_controller.rb

@@ -36,8 +36,8 @@ class UsersController < ApplicationController
   def user_params
     params.require(:user).permit(
       :confirmation_email,
-      :username,
-      :password,
+      <% if username? %>:username,
+      <% end %>:password,
       :password_confirmation,
       :first_name,
       :last_name,

data/lib/generators/authkit/templates/app/forms/signup.rb

@@ -3,12 +3,15 @@ class Signup
   include ActiveModel::Model
 
   attr_accessor :user
+  <% if oauth? %>
+  attr_accessor :auth
+  <% end %>
 
   # User
   attr_accessor(
     :email,
-    :username,
-    :password,
+    <% if username? %>:username,
+    <% end %>:password,
     :password_confirmation,
     :first_name,
     :last_name,
@@ -17,12 +20,27 @@ class Signup
     :phone_number,
     :time_zone)
 
+  <% if oauth? %>
+  # Auth
   attr_accessor(
+    :auth_params)
+  <% end %>
+
+  attr_accessor(
+    :skip_email_confirmation,
     :terms_of_service)
 
   validates :terms_of_service, acceptance: true
   validate :validate_models
 
+  <% if oauth? %>
+  def self.new_with_oauth(auth_params, signup_params)
+    signup = Signup.new(signup_params)
+    signup.set_auth_params(auth_params)
+    signup
+  end
+  <% end %>
+
   def persisted?
     false
   end
@@ -30,7 +48,7 @@ class Signup
   def save
     if valid?
       persist!
-      send_confirmation!
+      send_confirmation! unless skip_email_confirmation
       send_welcome!
       true
     else
@@ -44,10 +62,42 @@ class Signup
     @user
   end
 
+  <% if oauth? %>
+  def auth
+    return nil if self.auth_params.blank?
+    return @auth if @auth
+    @auth = self.user.auths.build(auth_params)
+  end
+
+  def has_auth?(provider)
+    self.auth.provider == provider.to_s if self.auth
+  end
+
+  def set_auth_params(auth_params)
+    self.auth_params = auth_params
+
+    self.email = self.auth.try(:email) if self.email.blank?
+    self.first_name = self.auth.try(:first_name) if self.first_name.blank?
+    self.last_name = self.auth.try(:last_name) if self.last_name.blank?
+    <% if username? %>self.username = self.auth.try(:username) if self.username.blank?
+    <% end %>self.skip_email_confirmation = true
+
+    # We need to reassign the user fields if the user is already created
+    self.user.attributes = user_params if self.user
+    self.auth
+  end
+  <% end %>
+
   private
 
   def validate_models
     self.user.errors.each { |k, v| errors[k] = v } unless self.user.valid?
+
+    <% if oauth? %>
+    if self.auth.present?
+      self.auth.errors.each { |k, v| errors[k] = v } unless self.auth.valid?
+    end
+    <% end %>
   end
 
   def persist!
@@ -57,18 +107,18 @@ class Signup
   end
 
   def send_confirmation!
-    self.user.send_confirmation
+    self.user.send_confirmation if self.email
   end
 
   def send_welcome!
-    self.user.send_welcome
+    self.user.send_welcome if self.email
   end
 
   def user_params
     {
       email: self.email,
-      username: self.username,
-      password: self.password,
+      <% if username? %>username: self.username,
+      <% end %>password: self.password,
       password_confirmation: self.password_confirmation,
       first_name: self.first_name,
       last_name: self.last_name,

data/lib/generators/authkit/templates/app/helpers/auths_helper.rb

@@ -0,0 +1,26 @@
+module AuthsHelper
+  def providers
+    result = []
+    <% providers.each do |provider| %>
+    result << :<%= provider %> 
+    <% end %>
+    result
+  end
+
+  def provider_font_awesome_icon(provider)
+    icon_names = HashWithIndifferentAccess.new
+    <% providers.each do |provider| %>
+    icon_names[:<%= provider %>] = "<%= font_awesome_icons[provider] %>"
+    <% end %>
+    icon_names[provider]
+  end
+
+  def provider_formatted_name(provider)
+    formatted_names = HashWithIndifferentAccess.new
+    <% providers.each do |provider| %>
+    formatted_names[:<%= provider %>] = "<%= formatted_providers[provider] %>"
+    <% end %>
+    formatted_names[provider]
+  end
+end
+

data/lib/generators/authkit/templates/app/helpers/upload_helper.rb

@@ -0,0 +1,118 @@
+# Allow direct uploads to Amazon S3. Uploads are segmented by the
+# Everything is uploaded into an separate paths based on the current user
+# so that files are not overwritten when multiple people upload different
+# files with the same name.
+#
+# In order to use this helper you must have the following environment
+# variables set:
+#
+#   aws_access_key_id
+#   aws_secret_access_key
+#   aws_bucket
+#
+# Configure the AWS bucket with the following CORS policy
+#
+#   <CORSConfiguration>
+#     <CORSRule>
+#       <AllowedOrigin>http://0.0.0.0:3000</AllowedOrigin>
+#       <AllowedOrigin><%= ENV['domain'] %></AllowedOrigin>
+#       <AllowedMethod>GET</AllowedMethod>
+#       <AllowedMethod>POST</AllowedMethod>
+#       <AllowedMethod>PUT</AllowedMethod>
+#       <MaxAgeSeconds>3600</MaxAgeSeconds>
+#       <AllowedHeader>*</AllowedHeader>
+#     </CORSRule>
+#   </CORSConfiguration>
+#
+module UploadHelper
+
+  # Use this as part of the XHR data params for the upload form
+  # Options include:
+  #
+  #   expires_at: defaults to 1 hour from now
+  #   max_file_size: defaults to 5GB (not currently used)
+  #   acl: defaults to authenticated-read
+  #   starts_with: defaults to "uploads/#{h(current_user.to_param)}/#{SecureRandom.hex}"
+  #
+  def aws_upload_params(options={})
+    expires_at = options[:expires_at] || 1.hours.from_now
+    max_file_size = options[:max_file_size] || 5.gigabyte
+    acl = options[:acl] || 'authenticated-read'
+    hash = "#{SecureRandom.hex}"
+    starts_with = options[:starts_with] || "uploads/#{hash}"
+    bucket = ENV['aws_bucket']
+    # This used to include , but it threw Server IO errors
+    policy = Base64.encode64(
+      "{'expiration': '#{expires_at.utc.strftime('%Y-%m-%dT%H:%M:%S.000Z')}',
+        'conditions': [
+          ['starts-with', '$key', '#{starts_with}'],
+          ['starts-with', '$hash', '#{hash}'],
+          ['starts-with', '$utf8', ''],
+          ['starts-with', '$x-requested-with', ''],
+          ['eq', '$success_action_status', '201'],
+          ['content-length-range', 0, #{max_file_size}],
+          {'bucket': '#{bucket}'},
+          {'acl': '#{acl}'},
+          {'success_action_status': '201'}
+        ]
+      }").gsub(/\n|\r/, '')
+
+    signature = Base64.encode64(
+                  OpenSSL::HMAC.digest(
+                    OpenSSL::Digest::Digest.new('sha1'),
+                    ENV['aws_secret_access_key'], policy)).gsub("\n","")
+
+    return {
+      "key" => "#{starts_with}/${filename}",
+      "hash" => "#{hash}",
+      "utf8" => "",
+      "x-requested-with" => "",
+      "AWSAccessKeyId" => "#{ENV['aws_access_key_id']}",
+      "acl" => "#{acl}",
+      "policy" => "#{policy}",
+      "signature" => "#{signature}",
+      "success_action_status" => "201"
+    }
+  end
+
+  # Use aws_upload_tags when embedding the upload params in a form.
+  # For example:
+  #
+  #   <form action="<%= aws_upload_url %>" method="post" enctype="multipart/form-data" id="avatar_form">
+  #     <input type="file" name="file" id="avatar_attachment">
+  #     <%= aws_upload_tags %>
+  #   </form>
+  #
+  def aws_upload_tags
+    aws_upload_params.each do |name, value|
+      concat text_field_tag(name, value)
+    end
+    nil
+  end
+
+  # The destination host for the upload always uses https even though it can be slower.
+  # Safe and sure wins the race
+  def aws_bucket_url
+    UploadHelper.aws_bucket_url
+  end
+
+  def self.aws_bucket_url
+    "https://#{ENV['aws_bucket']}.#{ENV['aws_region'] || 's3'}.amazonaws.com"
+  end
+
+  # Authenticated url for S3 objects with expiration. By default the URL will expire in
+  # 1 day. The path should not include the bucket name.
+  def aws_url_for(path, expires=nil)
+    UploadHelper.aws_url_for(path, expires)
+  end
+
+  def self.aws_url_for(path, expires=nil)
+    path = "/#{path}" unless path =~ /\A\//
+    path = URI.encode(path)
+    expires ||= 1.day.from_now
+    string_to_sign = "GET\n\n\n#{expires.to_i}\n/#{ENV['aws_bucket']}#{path}"
+    signature = Base64.encode64(OpenSSL::HMAC.digest(OpenSSL::Digest::Digest.new('sha1'), ENV['aws_secret_access_key'], string_to_sign)).gsub("\n","")
+    query_string = URI.encode_www_form("AWSAccessKeyId" => ENV['aws_access_key_id'], "Signature" => signature, "Expires" => expires.to_i)
+    "#{aws_bucket_url}#{path}?#{query_string}"
+  end
+end

data/lib/generators/authkit/templates/app/models/auth.rb

@@ -0,0 +1,81 @@
+class Auth < ActiveRecord::Base
+  belongs_to :user
+
+  def full_name
+    self.parsed_env["info"]["name"] rescue formatted_provider
+  end
+
+  def first_name
+    self.parsed_env["info"]["first_name"] rescue nil
+  end
+
+  def last_name
+    self.parsed_env["info"]["last_name"] rescue nil
+  end
+
+  def image_url
+    if <%= (providers - [:tumblr]).map{|p| "#{p}?"}.join(" || ") %>
+      self.parsed_env["info"]["image"] rescue nil
+    <% if provider?(:tumblr) %>elsif tumblr?
+      self.parsed_env["info"]["avatar"] rescue nil<% end %>
+    end
+  end
+
+  def username
+    <% if provider?(:google) %># Google does not provide a username<% end %>
+    self.parsed_env["info"]["nickname"] rescue nil
+  end
+
+  def expired?
+    self.token_expires_at && self.token_expires_at < Time.now
+  end
+
+  <% providers.each do |provider| %>
+  def <%= provider %>?
+    provider == "<%= provider %>"
+  end
+  <% end %>
+
+  def refresh!
+    return if refresh_token.blank?
+    <% if provider?(:google) %>refresh_google if google?<% end%>
+    save!
+  end
+
+  protected
+
+  <% if provider?(:google) %>
+  # https://github.com/intridea/omniauth-oauth2/issues/40#issuecomment-21275075
+  def refresh_google
+    conn = Faraday.new('https://accounts.google.com') do |faraday|
+      faraday.request  :url_encoded
+      faraday.response :json
+      faraday.response :raise_error
+      faraday.response :logger unless Rails.env.production?
+      faraday.adapter  Faraday.default_adapter
+    end
+    response = conn.post('/o/oauth2/token', {
+      grant_type:    'refresh_token',
+      refresh_token: refresh_token,
+      client_id:     ENV['google_api_client_id'],
+      client_secret: ENV['google_api_client_secret']
+    })
+
+    body = response.body
+
+    self.token = body['access_token'] if body['access_token']
+    self.token_expires_at = Time.now.utc + body['expires_in'].to_i.seconds
+  end
+  <% end %>
+
+  def formatted_provider
+    <% providers.each do |provider| %>
+    return "<%= formatted_providers[provider] %>" if <%= provider %>?
+    <% end %>
+  end
+
+  def parsed_env
+    @parsed_env ||= JSON.parse(self.env) rescue {}
+  end
+end
+