authkit 0.4.0 → 0.5.0

data/lib/generators/authkit/templates/app/workers/avatar_import_worker.rb

@@ -0,0 +1,12 @@
+class AvatarImportWorker
+  include Sidekiq::Worker
+
+  sidekiq_options queue: "default"
+  sidekiq_options retry: false
+
+  def perform(avatar_id)
+    avatar = Avatar.find(avatar_id)
+    avatar.import!
+  end
+end
+

data/lib/generators/authkit/templates/config/initializers/filter_parameter_logging.rb

@@ -14,8 +14,8 @@ Rails.application.config.filter_parameters += [
   :first_name,
   :last_name,
   :phone_number,
-  :username,
-  :email,
+  <% if username? %>:username,
+  <% end %>:email,
   :confirmation_email,
   :current_sign_in_ip,
   :last_sign_in_ip

data/lib/generators/authkit/templates/config/initializers/omniauth.rb

@@ -0,0 +1,59 @@
+OmniAuth.config.logger = Rails.logger
+
+Rails.application.config.middleware.use OmniAuth::Builder do
+  <% if provider?(:facebook) %>
+  # https://github.com/mkdynamic/omniauth-facebook
+  provider :facebook, ENV['FACEBOOK_KEY'], ENV['FACEBOOK_SECRET'], {
+    setup: lambda{ |env|
+      default_scope = 'email'
+      env['omniauth.strategy'].options[:scope] = env['rack.session']['facebook_oauth_scope'] || default_scope
+    },
+    display: 'popup',
+    image_size: 'square', # 50x50
+    reauthenticate: true
+  }
+  <% end %>
+
+  <% if provider?(:google) %>
+  # https://github.com/zquestz/omniauth-google-oauth2
+  provider :google_oauth2, ENV['GOOGLE_API_CLIENT_ID'], ENV['GOOGLE_API_CLIENT_SECRET'], {
+    setup: lambda{ |env|
+      default_scope = 'https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile'
+      env['omniauth.strategy'].options[:scope] = env['rack.session']['google_oauth_scope'] ||  default_scope
+    },
+    access_type: 'offline',
+    prompt: 'consent', # To get an offline access token you must specify 'consent'
+    image_aspect_ratio: 'square',
+    scope: 'https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile',
+    redirect_uri:"#{ENV['DOMAIN']}/auth/google_oauth2/callback"
+  }
+  <% end %>
+
+  <% if provider?(:soundcloud) %>
+  # https://github.com/soundcloud/omniauth-soundcloud
+  provider "soundcloud", ENV['SOUNDCLOUD_CLIENT_ID'], ENV['SOUNDCLOUD_SECRET']
+  <% end %>
+
+  <% if provider?(:tumblr) %>
+  # https://github.com/jamiew/omniauth-tumblr
+  provider :tumblr, ENV['TUMBLR_KEY'], ENV['TUMBLR_SECRET']
+  <% end %>
+
+  <% if provider?(:twitter) %>
+  # https://github.com/arunagw/omniauth-twitter
+  provider :twitter, ENV['TWITTER_CONSUMER_KEY'], ENV['TWITTER_CONSUMER_SECRET'], {
+    image_size: 'bigger', # 73x73
+    authorize_params: {
+      force_login: true
+    }
+  }
+  <% end %>
+
+  <% if provider?(:shopify) %>
+  # https://github.com/Shopify/omniauth-shopify-oauth2
+  provider :shopify, ENV['SHOPIFY_API_KEY'], ENV['SHOPIFY_SHARED_SECRET'],
+            :scope => 'read_products,read_orders,write_content,read_customers,write_themes,write_script_tags',
+            :setup => lambda { |env| params = Rack::Utils.parse_query(env['QUERY_STRING'])
+                                     env['omniauth.strategy'].options[:client_options][:site] = "https://#{params['shop']}" }
+  <% end %>
+end

data/lib/generators/authkit/templates/config/initializers/paperclip.rb

@@ -0,0 +1,68 @@
+# By default attachments are stored on S3. The path of the file is unique
+# (based on the hash which is calculated at the time of upload). We expect
+# that hash to be predictable so we set the :default_url (which usually
+# points to a missing.png) to a calculated interpolation called
+# :s3_default_url. When uploading directly we expect the signed params
+# to include the ${filename} key for Amazon uploads. This prevents
+# a variety of JavaScript filename vulnerabilities (though doesn't
+# entirely prevent bad filenames). Given that, we actually prefer to
+# use the uploaded filename in the resulting path (without escaping).
+Paperclip::Attachment.default_options.merge!(
+  storage:               :s3,
+  default_url:           ':s3_default_url',
+  url:                   ':s3_domain_url',
+  path:                  '/system/:class/:style/:hash/:filename',
+  hash_data:             ':class/:attachment/:id/:style/:uploaded_at',
+  hash_secret:           ENV['aws_hash_secret'],
+  s3_permissions:        :private,
+  s3_protocol:           'https',
+  s3_credentials:        {
+    bucket:              ENV['aws_bucket'],
+    access_key_id:       ENV['aws_access_key_id'],
+    secret_access_key:   ENV['aws_secret_access_key']
+  },
+  restricted_characters: nil,
+  escape_url:            false
+)
+
+# By default, the :hash interpolation includes the :updated_at interpolation.
+# This way, every time the model changes the hash is also changed and the
+# content is expired. This can break if the same file is uploaded at the
+# same second with different contents, but in such a case there are a number
+# of other coordinated pieces (transactions, background jobs, etc) that
+# might break and it could be expected.
+#
+# When importing, however, the updated_at key changes when the attachment_import_url is
+# actually imported into the attachment, which changes the hash. This makes
+# it impossible to predict what the ultimate URL will be because you cannot
+# know what the future updated_at will be. Instead, if you record the time
+# that the attachment_import_url was set and use that to calculate the hash the
+# hash won't change when the contents of attachment_import_url are actually imported.
+Paperclip.interpolates :uploaded_at do |attachment, style_name|
+  return attachment.instance.attachment_uploaded_at.to_i.to_s
+end
+
+# When importing, the attachment_import_url is set, but not the attachment information.
+# In order to poll for the completed processed styles (like thumb) we need
+# to know what the ultimate url will be. This interpolation is used as the
+# default_url and, if the attachment_import_url is set can assume the eventual path.
+Paperclip.interpolates :s3_default_url do |attachment, style_name|
+  return nil if attachment.instance.blank? || attachment.instance.attachment_import_url.blank?
+  uri = URI.parse(attachment.instance.attachment_import_url) rescue nil
+  return nil unless uri
+  # Currently, Paperclip doesn't pass the style to the default, it always uses 'original'
+  style_name = "thumb"
+  classname = plural_cache.underscore_and_pluralize(attachment.instance.class.to_s)
+  original_filename = File.basename(URI.decode(uri.path))
+  basename = original_filename.gsub(/#{Regexp.escape(File.extname(original_filename))}$/, "")
+  extension = ((style = attachment.styles[style_name.to_s.to_sym]) && style[:format]) || File.extname(original_filename).gsub(/^\.+/, "")
+  filename = [basename, extension].reject(&:blank?).join(".")
+  hash = attachment.hash_key(style_name)
+  path = "system/#{classname}/#{style_name}/#{hash}/#{filename}"
+  if attachment.s3_permissions(style_name) == "public-read"
+    UploadHelper.aws_bucket_url + "/" + path
+  else
+    # We still get an authenticated url for the path, it is just based on the destination rather than the current
+    UploadHelper.aws_url_for(path)
+  end
+end

data/lib/generators/authkit/templates/db/migrate/add_authkit_fields_to_users.rb

@@ -6,8 +6,8 @@ class AddAuthkitFieldsToUsers < ActiveRecord::Migration
   def self.up
     add_column :users, :email, :string, :default => "", :null => false
     add_column :users, :password_digest, :string, :default => "", :null => false
-    add_column :users, :username, :string, :limit => 64
-
+    <% if username? %>add_column :users, :username, :string, :limit => 64
+    <% end %>
     add_column :users, :time_zone, :string, :default => "Eastern Time (US & Canada)"
     add_column :users, :first_name, :string
     add_column :users, :last_name, :string
@@ -50,10 +50,12 @@ class AddAuthkitFieldsToUsers < ActiveRecord::Migration
     add_column :users, :unlock_token, :string
     add_column :users, :unlock_token_created_at, :datetime
 
+    add_column :users, :suspended_at, :datetime
+
     # Make sure the validations are enforced
     add_index :users, :email, :unique => true
-    add_index :users, :username, :unique => true
-    add_index :users, :reset_password_token, :unique => true
+    <% if username? %>add_index :users, :username, :unique => true
+    <% end %>add_index :users, :reset_password_token, :unique => true
     add_index :users, :remember_token, :unique => true
     add_index :users, :confirmation_token, :unique => true
     add_index :users, :unlock_token, :unique => true
@@ -63,8 +65,8 @@ class AddAuthkitFieldsToUsers < ActiveRecord::Migration
   def self.down
     drop_column :users, :email
     drop_column :users, :password_digest
-    drop_column :users, :username
-
+    <% if username? %>drop_column :users, :username
+    <% end %>
     drop_column :users, :time_zone
     drop_column :users, :first_name
     drop_column :users, :last_name

data/lib/generators/authkit/templates/db/migrate/create_auths.rb

@@ -0,0 +1,24 @@
+# Generated by Authkit.
+#
+# Create an auths table for managing OAuth authentication.
+class CreateAuths < ActiveRecord::Migration
+  def self.up
+    create_table :auths do |t|
+      t.integer  :user_id
+      t.string   :provider
+      t.string   :uid
+      t.string   :email
+      t.boolean  :verified_email
+      t.string   :token
+      t.datetime :token_expires_at
+      t.string   :refresh_token
+      t.string   :secret_token
+      t.text     :env
+      t.timestamps
+    end
+  end
+
+  def self.down
+    drop_table :auths
+  end
+end

data/lib/generators/authkit/templates/db/migrate/create_avatars.rb

@@ -0,0 +1,27 @@
+# Generated by Authkit.
+#
+# Create an avatars table for managing user profile images
+#
+class CreateAvatars < ActiveRecord::Migration
+  def self.up
+    create_table :avatars do |t|
+      t.integer  :user_id
+      t.integer  :top, default: 0
+      t.integer  :left, default: 0
+      t.integer  :width, default: 0
+      t.integer  :height, default: 0
+      t.text     :remote_url
+      t.string   :attachment_file_name
+      t.string   :attachment_content_type
+      t.integer  :attachment_file_size
+      t.datetime :attachment_updated_at
+      t.boolean  :attachment_importing, default: false
+      t.datetime :attachment_uploaded_at
+      t.timestamps
+    end
+  end
+
+  def self.down
+    drop_table :avatars
+  end
+end

data/lib/generators/authkit/templates/lib/full_name_splitter.rb

@@ -0,0 +1,111 @@
+class FullNameSplitter
+
+  PREFIXES = %w(de da la du del dei vda. dello della degli delle van von der den heer ten ter vande vanden vander voor ver aan mc mac ben ibn bint al).freeze
+  HONORIFICS = %w(mr mrs miss ms dr capt ofc rev prof sir cr hon).freeze
+
+  def initialize(full_name, honorific=false)
+    full_name ||= ''
+    @full_name  = full_name.to_s.strip.gsub(/\s+/, ' ')
+    @honorific = [] if honorific
+    @first_name = []
+    @last_name  = []
+    split!
+  end
+
+  def split!
+    # Reset these
+    @first_name = []
+    @last_name  = []
+    @honorific  = [] if honorific?
+
+    # deals with comma, eg. Smith, John => John Smith
+    tokens = @full_name.split(',')
+    if tokens.size == 2
+      @full_name = (tokens[1] + ' ' + tokens[0]).lstrip
+    end
+
+    @units = @full_name.split(/\s+/)
+    while @unit = @units.shift do
+      if honorific?
+        @honorific << @unit
+      elsif prefix? or with_apostrophe? or (first_name? and last_unit? and not initial?) or (has_honorific? and last_unit? and not first_name?)
+        @last_name << @unit and break
+      else
+        @first_name << @unit
+      end
+    end
+    @last_name += @units
+
+    adjust_exceptions!
+  end
+
+
+  def split_with_honorific(name)
+    split(name, true)
+  end
+
+  def split(name, honorific=false)
+  end
+
+  def honorific
+    @honorific.nil? || @honorific.empty? ? nil : @honorific[0].gsub(/[^\w]/, '')
+  end
+
+  def first_name
+    @first_name.empty? ? nil : @first_name.join(' ')
+  end
+
+  def last_name
+    @last_name.empty? ? nil : @last_name.join(' ')
+  end
+
+  private
+
+  def honorific?
+    !@honorific.nil? && HONORIFICS.include?(@unit.downcase.gsub(/[^\w]/, '')) && @honorific.empty? && @first_name.empty? && @last_name.empty?
+  end
+
+  def has_honorific?
+    not @honorific.nil? and not @honorific.empty?
+  end
+
+  def prefix?
+    PREFIXES.include?(@unit.downcase)
+  end
+
+  # M or W.
+  def initial?
+    @unit =~ /^\w\.?$/
+  end
+
+  # O'Connor, d'Artagnan match
+  # Noda' doesn't match
+  def with_apostrophe?
+    @unit =~ /\w{1}'\w+/
+  end
+
+  def last_unit?
+    @units.empty?
+  end
+
+  def first_name?
+    not @first_name.empty?
+  end
+
+  def adjust_exceptions!
+    return if @first_name.size <= 1
+
+    # Adjusting exceptions like
+    # "Ludwig Mies van der Rohe"      => ["Ludwig",         "Mies van der Rohe"   ]
+    # "Juan Martín de la Cruz Gómez"  => ["Juan Martín",    "de la Cruz Gómez"    ]
+    # "Javier Reyes de la Barrera"    => ["Javier",         "Reyes de la Barrera" ]
+    # Rosa María Pérez Martínez Vda. de la Cruz
+    #                                 => ["Rosa María",     "Pérez Martínez Vda. de la Cruz"]
+    if last_name =~ /^(van der|(vda\. )?de la \w+$)/i
+      loop do
+        @last_name.unshift @first_name.pop
+        break if @first_name.size <= 2
+      end
+    end
+  end
+end

data/lib/generators/authkit/templates/lib/username_format_validator.rb

@@ -0,0 +1,11 @@
+class UsernameFormatValidator < ActiveModel::EachValidator
+  def validate_each(object, attribute, value)
+    unless UsernameFormatValidator::is_valid_username(value)
+      object.errors[attribute] << (options[:message] || "is not a valid username")
+    end
+  end
+
+  def self.is_valid_username(value)
+    value =~ /\A[0-9A-Za-z\-\_]+\z/
+  end
+end

data/lib/generators/authkit/templates/spec/controllers/application_controller_spec.rb

@@ -1,4 +1,4 @@
-require 'spec_helper'
+require 'rails_helper'
 
 describe ApplicationController do
   let(:user) { create(:user) }
@@ -28,31 +28,27 @@ describe ApplicationController do
   describe "current_user" do
     it "returns nil if there is no current user" do
       get :new
-      controller.send(:current_user).should be_nil
+      expect(controller.send(:current_user)).to be_nil
     end
 
     it "does not perform multiple finds" do
-      where = double
-      where.stub(:first).and_return(nil)
-      User.should_receive(:where).and_return(where)
+      where = double(first: nil)
+      expect(User).to receive(:where).and_return(where)
       get :new, {}, unknown_session
-      controller.send(:current_user).should be_nil
+      expect(controller.send(:current_user)).to be_nil
     end
 
     it "finds the current user in the session" do
       get :new, {}, logged_in_session
-      controller.send(:current_user).should == user
+      expect(controller.send(:current_user)).to eq(user)
     end
 
     it "finds the current user from the remember cookie" do
       user.save
       user.set_remember_token
-      # Need to sign the cookie
-      request.env["action_dispatch.secret_token"] = "SECRET"
-      verifier = ActiveSupport::MessageVerifier.new(request.env["action_dispatch.secret_token".freeze])
-      request.cookies[:remember] = verifier.generate(user.remember_token)
+      cookies.signed[:remember] = user.remember_token
       get :index
-      controller.send(:current_user).should == user
+      expect(controller.send(:current_user)).to eq(user)
     end
 
     it "doesn't find the current user from the remember cookie if it is expired" do
@@ -61,23 +57,20 @@ describe ApplicationController do
       user.remember_token_created_at = 1.year.ago
       user.save
 
-      # Need to sign the cookie
-      request.env["action_dispatch.secret_token"] = "SECRET"
-      verifier = ActiveSupport::MessageVerifier.new(request.env["action_dispatch.secret_token".freeze])
-      request.cookies[:remember] = verifier.generate(user.remember_token)
+      cookies.signed[:remember] = user.remember_token
       get :index
-      controller.send(:current_user).should be_nil
+      expect(controller.send(:current_user)).to be_nil
     end
 
     it "sets the time zone" do
-      User.any_instance.should_receive(:time_zone).and_return("Pacific Time (US & Canada)")
+      expect_any_instance_of(User).to receive(:time_zone).and_return("Pacific Time (US & Canada)")
       get :index, {}, logged_in_session
-      Time.zone.name.should == "Pacific Time (US & Canada)"
+      expect(Time.zone.name).to eq("Pacific Time (US & Canada)")
     end
 
     it "has a logged in helper method" do
       get :new, {}, logged_in_session
-      controller.should be_logged_in
+      expect(controller.send(:logged_in?)).to eq(true)
     end
   end
 
@@ -85,42 +78,42 @@ describe ApplicationController do
     it "does not allow tracking if there is a do not track header" do
       request.headers["DNT"] = "1"
       get :new
-      controller.send(:allow_tracking?).should == false
+      expect(controller.send(:allow_tracking?)).to eq(false)
     end
 
     it "allows tracking if there is no do not track header" do
       get :new
-      controller.send(:allow_tracking?).should == true
+      expect(controller.send(:allow_tracking?)).to eq(true)
     end
   end
 
   describe "when requiring a user" do
     it "allows access if there is a user" do
       get :index, {}, logged_in_session
-      response.should be_success
+      expect(response).to be_success
     end
 
     it "stores the return path" do
       get :index, {}
-      session[:return_url].should == "/anonymous"
+      expect(session[:return_url]).to eq("/anonymous")
     end
 
     describe "when responding to html" do
       it "sets the flash message" do
         get :index, {}
-        flash.should_not be_empty
+        expect(flash).to_not be_empty
       end
 
       it "redirecs the user to login" do
         get :index, {}
-        response.should be_redirect
+        expect(response).to be_redirect
       end
     end
 
     describe "when responding to json" do
       it "returns a forbidden status" do
         get :index, {format: :json}
-        response.code.should == "403"
+        expect(response.code).to eq("403")
       end
     end
   end
@@ -128,27 +121,27 @@ describe ApplicationController do
   describe "login" do
     it "tracks the login" do
       get :new
-      user.should_receive(:track_sign_in)
+      expect(user).to receive(:track_sign_in)
       controller.send(:login, user)
     end
 
     it "remembers the user using a token and cookie" do
       get :new
-      controller.should_receive(:set_remember_cookie)
-      user.should_receive(:set_remember_token)
+      expect(controller).to receive(:set_remember_cookie)
+      expect(user).to receive(:set_remember_token)
       controller.send(:login, user, true)
     end
 
     it "does not remember the user using a token and cookie when not requested" do
       get :new
-      controller.should_not_receive(:set_remember_cookie)
-      user.should_not_receive(:set_remember_token)
+      expect(controller).to_not receive(:set_remember_cookie)
+      expect(user).to_not receive(:set_remember_token)
       controller.send(:login, user, false)
     end
 
     it "resets the session" do
       get :new
-      controller.should_receive(:reset_session)
+      expect(controller).to receive(:reset_session)
       controller.send(:login, user)
     end
   end
@@ -156,19 +149,19 @@ describe ApplicationController do
   describe "logout" do
     it "resets the session" do
       get :index, {}, logged_in_session
-      controller.should_receive(:reset_session)
+      expect(controller).to receive(:reset_session)
       controller.send(:logout)
     end
 
     it "logs the user out" do
       get :index, {}, logged_in_session
       controller.send(:logout)
-      controller.send(:current_user).should be_nil
+      expect(controller.send(:current_user)).to be_nil
     end
 
     it "clears the remember token" do
       get :index, {}, logged_in_session
-      User.any_instance.should_receive(:clear_remember_token).and_return(:true)
+      expect_any_instance_of(User).to receive(:clear_remember_token).and_return(:true)
       controller.send(:logout)
     end
   end
@@ -177,12 +170,12 @@ describe ApplicationController do
     request.env["action_dispatch.secret_token"] = "SECRET"
     get :new
     controller.send(:login, user)
-    cookies.permanent.signed[:remember].should == user.remember_token
+    expect(cookies.permanent.signed[:remember]).to eq(user.remember_token)
   end
 
   it "redirects to a stored session location if present" do
     get :new, {}, {return_url: "/return"}
-    controller.should_receive(:redirect_to).with("/return").and_return(true)
+    expect(controller).to receive(:redirect_to).with("/return").and_return(true)
     controller.send(:redirect_back_or_default)
   end
 end