authkit 0.4.0 → 0.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 8a50e83ce52b25ebf0d07f9582f6d58485ff4b67
-  data.tar.gz: 1f817df72d8bbcde3524b5da618c00ccaa48b8b3
+  metadata.gz: 628f696a515e94589ec7097aa85063e3c040b835
+  data.tar.gz: 0ac0ee2390c87494d4ebff3405379832d3f6c33a
 SHA512:
-  metadata.gz: 78a53378ab13f476cb291fdc648114a3dc0500f8e92a541e6f8f253e4f35ce0732aafe0de35b953729ec9580f49e957cb793193405512c71fdc1e6f801e794f7
-  data.tar.gz: bfa4d0d452bc397d2c8fc5c206182d1bbad95eece55250ad646b53faaf1d26eecf33f6285a41fa28f64178579a8ce879062f35a7093749449bbff165a0bbe1d4
+  metadata.gz: fa7b50d0f155153eca2da938d59a6e5c1765f7394406c577cfde13d2f161b413590dcfe9fdfd95f3f9ff3e9be9fd259c7691324b453a0fe23878ec4d30c68ba0
+  data.tar.gz: 2deaf4c89a911b6dc7c037c511530370823fab69d2306e07c304b30e88f14bbe42d80d42a944e66a873c257e14bdb1776d27ccd271a7939fa3479672cc16ccfe

data/README.md

@@ -144,7 +144,6 @@ Authkit has a number of conventions and requirements that should be noted.
 * SSL expected
 * secure cookies
 * password complexity is not robust
-* username resrictions are not implemented
 * users do not need to confirm their email address to proceed
 * need a root route
 
@@ -158,8 +157,6 @@ There is only a minimal amount of validation on the password. Because of this us
 
     validates :password, presence: true, confirmation: true, length: {minimum: 6}, if: :password_set?
 
-Likewise, there are no restrictions on `username`. If you want to use this field within the URL you will need to constrain the format of the `username` field. Additionally, there may be some user names you want to explicitly disallow based on your routing setup.
-
 ### Confirmation not required by default
 
 By default, users can begin using the system without confirming their email address. This simplifies the onboarding process, however it means that malicious users may be operating under false pretense. You can change this by adding a check to `ApplicationController#require_login`:

data/Rakefile

@@ -33,7 +33,7 @@ namespace :generator do
 
     FileUtils.mkdir_p("spec/tmp")
 
-    system "cd spec/tmp && rails new sample"
+    system "cd spec/tmp && rails new sample --skip-spring"
 
     # bundle
     gem_root = File.expand_path(File.dirname(__FILE__))
@@ -60,7 +60,8 @@ namespace :generator do
 
   desc "Run the #{gem_name} generator"
   task gem_name do
-    system "cd spec/tmp/sample && rails g #{gem_name}:install --force && rake db:migrate db:test:prepare"
+    system "cd spec/tmp/sample && rails g #{gem_name}:install --force #{'--oauth --google' if ENV['SKIP_OAUTH'].nil?}  #{'--skip-username' unless ENV['SKIP_USERNAME'].nil?} && rake db:migrate"
+    system "cd spec/tmp/sample && rake db:migrate RAILS_ENV=test"
   end
 
 end

data/lib/authkit/version.rb

@@ -1,3 +1,3 @@
 module Authkit
-  VERSION = "0.4.0"
+  VERSION = "0.5.0"
 end

data/lib/generators/authkit/install_generator.rb

@@ -11,25 +11,66 @@ module Authkit
       @source_root ||= File.join(File.dirname(__FILE__), 'templates')
     end
 
+    class_option :username, type: :boolean, default: true
+    class_option :oauth, type: :boolean
+    class_option :amazon, type: :boolean
+    class_option :facebook, type: :boolean
+    class_option :flickr, type: :boolean
+    class_option :foursquare, type: :boolean
+    class_option :github, type: :boolean
+    class_option :google, type: :boolean
+    class_option :instagram, type: :boolean
+    class_option :linkedin, type: :boolean
+    class_option :paypal, type: :boolean
+    class_option :soundcloud, type: :boolean
+    class_option :tumblr, type: :boolean
+    class_option :twitter, type: :boolean
+    class_option :vimeo, type: :boolean
+    class_option :shopify, type: :boolean
+    class_option :all, type: :boolean
+
+    def self.source_root
+      @source_root ||= File.join(File.dirname(__FILE__), 'templates')
+    end
+
     def generate_authkit
+      generate_migrations
+      install_templates
+      install_routes
+      install_gems
+    end
+
+    protected
+
+    def generate_migrations
       generate_migration("create_users")
       generate_migration("add_authkit_fields_to_users")
+      generate_migration("create_auths") if oauth?
+    end
 
+    def ensure_destination
       # Ensure the destination structure
-      empty_directory "app"
-      empty_directory "app/models"
-      empty_directory "app/forms"
-      empty_directory "app/controllers"
-      empty_directory "app/views"
-      empty_directory "app/views/users"
-      empty_directory "app/views/sessions"
-      empty_directory "app/views/password_reset"
-      empty_directory "app/views/password_change"
-      empty_directory "spec"
-      empty_directory "spec/factories"
-      empty_directory "spec/models"
-      empty_directory "spec/controllers"
-      empty_directory "lib"
+      ["app",
+       "app/models",
+       "app/forms",
+       "app/controllers",
+       "app/helpers",
+       "app/views",
+       "app/views/users",
+       "app/views/sessions",
+       "app/views/password_reset",
+       "app/views/password_change",
+       "spec",
+       "spec/factories",
+       "spec/models",
+       "spec/controllers",
+       "lib"].each do |dir|
+        empty_directory dir
+      end
+    end
+
+    def install_templates
+      ensure_destination
 
       # Fill out some templates (for now, this is just straight copy)
       template "app/models/user.rb", "app/models/user.rb"
@@ -40,6 +81,12 @@ module Authkit
       template "app/controllers/password_change_controller.rb", "app/controllers/password_change_controller.rb"
       template "app/controllers/email_confirmation_controller.rb", "app/controllers/email_confirmation_controller.rb"
 
+      if oauth?
+        template "app/models/auth.rb", "app/models/auth.rb"
+        template "app/controllers/auths_controller.rb", "app/controllers/auths_controller.rb"
+        template "app/helpers/auths_helper.rb", "app/helpers/auths_helper.rb"
+      end
+
       template "app/forms/signup.rb", "app/forms/signup.rb"
 
       template "spec/factories/user.rb", "spec/factories/user.rb"
@@ -54,22 +101,27 @@ module Authkit
       template "spec/controllers/email_confirmation_controller_spec.rb", "spec/controllers/email_confirmation_controller_spec.rb"
 
       template "lib/email_format_validator.rb", "lib/email_format_validator.rb"
+      template "lib/username_format_validator.rb", "lib/username_format_validator.rb" if username?
+      template "lib/full_name_splitter.rb", "lib/full_name_splitter.rb"
 
-      # Don't treat these like templates
-      copy_file "app/views/signup/new.html.erb", "app/views/signup/new.html.erb"
-      copy_file "app/views/users/edit.html.erb", "app/views/users/edit.html.erb"
-      copy_file "app/views/sessions/new.html.erb", "app/views/sessions/new.html.erb"
-      copy_file "app/views/password_reset/show.html.erb", "app/views/password_reset/show.html.erb"
-      copy_file "app/views/password_change/show.html.erb", "app/views/password_change/show.html.erb"
+      template "config/initializers/omniauth.rb", "config/initializers/omniauth.rb" if oauth?
+
+      template "app/views/signup/new.html.erb", "app/views/signup/new.html.erb"
+      template "app/views/sessions/new.html.erb", "app/views/sessions/new.html.erb"
+
+      template "app/views/users/edit.html.erb", "app/views/users/edit.html.erb"
+      template "app/views/users/complete.html.erb", "app/views/users/complete.html.erb"
+      template "app/views/password_reset/show.html.erb", "app/views/password_reset/show.html.erb"
+      template "app/views/password_change/show.html.erb", "app/views/password_change/show.html.erb"
+      template "app/views/auths/connect.html.erb", "app/views/auths/connect.html.erb" if oauth?
 
       # We don't want to overwrite this file and we may have a protected section so we want it at the bottom
       insert_at_end_of_class "app/controllers/application_controller.rb", "app/controllers/application_controller.rb"
 
-      # Technically, we aren't inserting this at the end of the class, but the end of the RSpec::Configure
-      insert_at_end_of_class "spec/spec_helper.rb", "spec/spec_helper.rb"
-
       insert_at_end_of_file "config/initializers/filter_parameter_logging.rb", "config/initializers/filter_parameter_logging.rb"
+    end
 
+    def install_routes
       # Setup the routes
       route "get   '/email/confirm/:token', to: 'email_confirmation#show', as: :confirm"
 
@@ -78,21 +130,28 @@ module Authkit
       route "post  '/password/change/:token', to: 'password_change#create'"
       route "get   '/password/change/:token', to: 'password_change#show', as: :password_change"
 
+      if oauth?
+        route "get   '/connect', to: 'auths#connect', as: :connect"
+        route "get   '/auth/:provider/callback', to: 'auths#callback', as: :callback"
+        route "get   '/auth/failure', to: 'auths#failure', as: :failure"
+        route "get   '/auth/disconnect/:id', to: 'auths#disconnect', as: :disconnect"
+      end
+
       route "post  '/signup', to: 'signup#create'"
       route "get   '/signup', to: 'signup#new', as: :signup"
+      route "get   '/signup/complete', to: 'users#complete', as: :users_complete"
       route "get   '/logout', to: 'sessions#destroy', as: :logout"
       route "post  '/login', to: 'sessions#create'"
       route "get   '/login', to: 'sessions#new', as: :login"
 
       route "patch '/account', to: 'users#update'"
       route "get   '/account', to: 'users#edit', as: :user"
+    end
 
-      route "resources :sessions, only: [:new, :create, :destroy]"
-      route "resources :users, only: [:create]"
-
+    def install_gems
       # Support for has_secure_password and has_one_time_password
       gem "active_model_otp"
-      gem "bcrypt-ruby", '~> 3.1.2'
+      gem "bcrypt"
 
       # RSpec needs to be in the development group to be used in generators
       gem_group :test, :development do
@@ -100,26 +159,109 @@ module Authkit
         gem "shoulda-matchers"
         gem "factory_girl_rails"
       end
+
+      if oauth?
+        gem 'omniauth'
+        gem 'omniauth-google-oauth2' if provider?(:google)
+        gem 'omniauth-facebook' if provider?(:facebook)
+        gem 'omniauth-twitter' if provider?(:twitter)
+        gem 'omniauth-tumblr' if provider?(:tumblr)
+        gem 'omniauth-soundcloud' if provider?(:soundcloud)
+        gem 'omniauth-shopify-oauth2' if provider?(:shopify)
+
+        # Support for google client apis
+        if provider?(:google)
+          gem 'google-api-client', :require => 'google/api_client'
+          gem 'faraday', '~> 0.9.0'
+          gem 'faraday_middleware'
+        end
+      end
     end
 
-    def self.next_migration_number(dirname)
-      ActiveRecord::Generators::Base.next_migration_number(dirname)
+    def username?
+      options[:username]
     end
 
-    protected
+    def oauth?
+      options[:oauth]
+    end
+
+    def provider?(service)
+      options[service] || options[:all]
+    end
+
+    def providers
+      result = []
+      %w(amazon
+         facebook
+         flickr
+         foursquare
+         github
+         google
+         instagram
+         linkedin
+         paypal
+         soundcloud
+         tumblr
+         twitter
+         vimeo
+         shopify).each do |provider|
+        result << provider.to_sym if provider?(provider.to_sym)
+      end
+      result
+    end
+
+    def formatted_providers
+      {
+        amazon: "Amazon",
+        facebook: "Facebook",
+        flickr: "Flickr",
+        foursquare: "Foursquare",
+        github: "GitHub",
+        google: "Google",
+        instagram: "Instagram",
+        linkedin: "LinkedIn",
+        paypal: "Paypal",
+        soundcloud: "SoundCloud",
+        tumblr: "Tumblr",
+        twitter: "Twitter",
+        vimeo: "Vimeo",
+        shopify: "Shopify"
+      }
+    end
+
+    def font_awesome_icons
+      {
+        amazon: "amazon",
+        facebook: "facebook",
+        flickr: "flickr",
+        foursquare: "foursquare",
+        github: "github",
+        google: "google",
+        instagram: "instagram",
+        linkedin: "linkedin",
+        paypal: "paypal",
+        soundcloud: "soundcloud",
+        tumblr: "tumblr",
+        twitter: "twitter",
+        vimeo: "vimeo",
+        shopify: "shopify"
+      }
+    end
 
     def insert_at_end_of_file(filename, source)
-      source = File.expand_path(find_in_source_paths(source.to_s))
-      context = instance_eval('binding')
-      content = ERB.new(::File.binread(source), nil, '-', '@output_buffer').result(context)
-      insert_into_file filename, "#{content}\n", before: /\z/
+      insert_before filename, source, /\z/
     end
 
     def insert_at_end_of_class(filename, source)
+      insert_before filename, source, /end\n*\z/
+    end
+
+    def insert_before(filename, source, before)
       source = File.expand_path(find_in_source_paths(source.to_s))
       context = instance_eval('binding')
       content = ERB.new(::File.binread(source), nil, '-', '@output_buffer').result(context)
-      insert_into_file filename, "#{content}\n", before: /end\n*\z/
+      insert_into_file filename, "#{content}\n", before: before
     end
 
     def generate_migration(filename)
@@ -129,5 +271,9 @@ module Authkit
         migration_template "db/migrate/#{filename}.rb", "db/migrate/#{filename}.rb"
       end
     end
+
+    def self.next_migration_number(dirname)
+      ActiveRecord::Generators::Base.next_migration_number(dirname)
+    end
   end
 end

data/lib/generators/authkit/templates/app/controllers/application_controller.rb

@@ -37,6 +37,11 @@
 
   def require_login
     deny_user(nil, login_path) unless logged_in?
+    deny_user("Your account has been suspended, please contact support", login_path) if logged_in? && current_user.suspended?
+  end
+
+  def require_completed_login
+    redirect_to users_complete_path if current_user.incomplete?
   end
 
   def login(user, remember=false)
@@ -87,6 +92,7 @@
     session[:return_url] = request.fullpath
     respond_to do |format|
       format.json { render(status: 403, nothing: true) }
+      format.text { redirect_to(location) }
       format.html do
         flash[:error] = message || "Sorry, you must be logged in to do that"
         redirect_to(location)

data/lib/generators/authkit/templates/app/controllers/auths_controller.rb

@@ -0,0 +1,144 @@
+# The AuthsController is used for connecting accounts only. The user must be logged
+# in for the connection to work. This controller is not used for creating a new
+# session.
+class AuthsController < ApplicationController
+  before_filter :require_login, only: [:connect]
+  before_filter :require_login_when_connecting, only: [:callback]
+  before_filter :require_completed_login, only: [:disconnect]
+  before_filter :require_auth_hash, only: [:callback]
+
+  # Adjust scope here for particular sets of user using the session
+  #
+  #   session[:google_oauth_scope] = 'userinfo.email, userinfo.profile, adsense, adsense.readonly'
+  #
+  #  You can also reset it to the default using nil
+  def connect
+  end
+
+  def callback
+    # If we are not connecting we want to logout any existing user
+    logout unless connecting?
+
+    if connecting?
+      if auth && auth.user == current_user
+        # This is an auth that is already connected to this user (success, noop)
+        redirect_to settings_path
+      elsif auth && auth.user_id != current_user.id
+        # This is an auth that is connected to another user (error)
+        deny_user("Sorry, this account is already connected to another account", settings_path)
+      else
+        # Success, add the auth and redirect to settings
+        @auth ||= current_user.auths.build(auth_params)
+
+        if current_user.save
+          redirect_to account_path
+        else
+          flash[:error] = "Sorry, there was an error connecting this account"
+          redirect_to accounts_path
+        end
+      end
+    else
+      # Could have a check here for login/sign up action to be explicit
+      #
+      # If login and auth does not exist, confirm that they want to signup (not attach)
+      # If signup and auth exists, confirm that they have selected the right account (already exists)
+      if auth
+        login(auth.user)
+        redirect_to account_path
+      elsif auth_email.present? && User.where(email: auth_email.downcase).count > 0
+        deny_user("Sorry, the email address associated with this account is already connected to an existing user", signup_path)
+      else
+        @signup = Signup.new_with_oauth(auth_params, {kind: @kind})
+
+        if signup.save
+          login(signup.user)
+          redirect_to account_path
+        else
+          flash[:error] = "Sorry, there was an error connecting this account (#{@signup.errors.full_messages.to_sentence})"
+          redirect_to signup_path
+        end
+      end
+    end
+  end
+
+  def disconnect
+    # TODO: you may want to change this lookup to use uid and provider
+    @auth = current_user.auths.where(params[:id])
+    @auth.destroy
+    respond_to do |format|
+      format.json { head :no_content }
+      format.html {
+        redirect_to accounts_path
+      }
+    end
+  end
+
+  def failure
+    flash[:error] = "Sorry, there was an error connecting this account: #{params[:message]}"
+    if connecting?
+      redirect_to settings_path
+    elsif signing_up?
+      redirect_to signup_path
+    else
+      redirect_to login_path
+    end
+  end
+
+  protected
+
+  def signup
+    return @signup if defined?(@signup)
+  end
+
+  def auth
+    return @auth if defined?(@auth)
+    @auth = Auth.where(uid: auth_hash.uid, provider: auth_hash.provider).first
+  end
+
+  def auth_hash
+    @auth_hash ||= request.env["omniauth.auth"]
+  end
+
+  def auth_email
+    auth_hash.info.try(:email) || auth_hash.extra.try(:raw_info).try(:verified_email)
+  end
+
+  def auth_params
+    HashWithIndifferentAccess.new({
+      uid: auth_hash.uid,
+      provider: auth_hash.provider,
+      email: auth_hash.info.try(:email),
+      verified_email: auth_hash.extra.try(:raw_info).try(:verified_email),
+      token: auth_hash.credentials.try(:token),
+      token_expires_at: auth_hash.credentials.try(:expires_at),
+      refresh_token: auth_hash.credentials.try(:refresh_token),
+      secret_token: auth_hash.credentials.try(:secret_token),
+      env: auth_hash.to_json
+    })
+  end
+
+  def require_auth_hash
+    if auth_hash.blank? || auth_hash.uid.blank? || auth_hash.provider.blank?
+      deny_user("Sorry, there was an error connecting this account", root_path)
+    end
+  end
+
+  def require_login_when_connecting
+    if connecting? && !logged_in?
+      deny_user("Sorry, you must be logged in to connect this account", login_path)
+    end
+  end
+
+  def connecting?
+    env['omniauth.params']['connect'].present?
+  end
+
+  def logging_in?
+    env['omniauth.params']['login'].present?
+  end
+
+  def signing_up?
+    env['omniauth.params']['signup'].present?
+  end
+end
+