authlogic 1.0.0 → 1.1.0

data/lib/authlogic/session/callbacks.rb

@@ -4,10 +4,10 @@ module Authlogic
     #
     # Just like in ActiveRecord you have before_save, before_validation, etc. You have similar callbacks with Authlogic, see all callbacks below.
     module Callbacks
-      CALLBACKS = %w(before_create after_create before_destroy after_destroy before_save after_save before_update after_update before_validation after_validation)
+      CALLBACKS = %w(before_create after_create before_destroy after_destroy before_find after_find before_save after_save before_update after_update before_validation after_validation)
 
       def self.included(base) #:nodoc:
-        [:destroy, :save, :validate].each do |method|
+        [:destroy, :find_record, :save, :validate].each do |method|
           base.send :alias_method_chain, method, :callbacks
         end
 
@@ -15,7 +15,7 @@ module Authlogic
         base.define_callbacks *CALLBACKS
       end
       
-      # Run the following callbacks:
+      # Runs the following callbacks:
       #
       #   before_destroy
       #   destroy
@@ -27,6 +27,18 @@ module Authlogic
         result
       end
       
+      # Runs the following callbacks:
+      #
+      #   before_find
+      #   find_record
+      #   after_find # if a record was found
+      def find_record_with_callbacks
+        run_callbacks(:before_find)
+        result = find_record_without_callbacks
+        run_callbacks(:after_find) if result
+        result
+      end
+      
       # Runs the following callbacks:
       #
       #   before_save

data/lib/authlogic/session/config.rb

@@ -6,9 +6,11 @@ module Authlogic
         klass.send(:include, InstanceMethods)
       end
       
-      # = Config
+      # = Session Config
       #
-      # Configuration is simple. The configuration options are just class methods. Just put this in your config/initializers directory
+      # This deals with configuration for your session. If you are wanting to configure your model please look at Authlogic::ORMAdapters::ActiveRecord::ActsAsAuthentic
+      #
+      # Configuration for your session is simple. The configuration options are just class methods. Just put this in your config/initializers directory
       #
       #   UserSession.configure do |config|
       #     config.authenticate_with = User
@@ -46,6 +48,9 @@ module Authlogic
         # The name of the cookie or the key in the cookies hash. Be sure and use a unique name. If you have multiple sessions and they use the same cookie it will cause problems.
         # Also, if a id is set it will be inserted into the beginning of the string. Exmaple:
         #
+        #   session = UserSession.new
+        #   session.cookie_key => "user_credentials"
+        #   
         #   session = UserSession.new(:super_high_secret)
         #   session.cookie_key => "super_high_secret_user_credentials"
         #
@@ -60,12 +65,17 @@ module Authlogic
         end
         alias_method :cookie_key=, :cookie_key
         
-        # The name of the method used to find the record by the login. What's nifty about this is that you can do anything in your method, Authlogic will just pass you the login.
+        # Authlogic tries to validate the credentials passed to it. One part of validation is actually finding the user and making sure it exists. What method it uses the do this is up to you.
+        #
+        # Let's say you have a UserSession that is authenticating a User. By default UserSession will call User.find_by_login(login). You can change what method UserSession calls by specifying it here. Then
+        # in your User model you can make that method do anything you want, giving you complete control of how users are found by the UserSession.
         #
-        # Let's say you allow users to login by username or email. Set this to "find_login", or whatever method you want. Then in your model create a class method like:
+        # Let's take an example: You want to allow users to login by username or email. Set this to the name of the class method that does this in the User model. Let's call it "find_by_username_or_email"
         #
-        #   def self.find_login(login)
-        #     find_by_login(login) || find_by_email(login)
+        #   class User < ActiveRecord::Base
+        #     def self.find_by_username_or_email(login)
+        #       find_by_username(login) || find_by_email(login)
+        #     end
         #   end
         #
         # * <tt>Default:</tt> "find_by_#{login_field}"
@@ -79,13 +89,28 @@ module Authlogic
         end
         alias_method :find_by_login_method=, :find_by_login_method
         
-        # Calling UserSession.find tries to find the user session by session, then cookie, then basic http auth. This option allows you to change the order or remove any of these.
+        # Once the user confirms their openid Authlogic tries to find the record with that openod. This is the method it called on the record's
+        # class to find the record by the openid.
         #
-        # * <tt>Default:</tt> [:session, :cookie, :http_auth]
+        # * <tt>Default:</tt> "find_by_#{openid_field}"
+        # * <tt>Accepts:</tt> Symbol or String
+        def find_by_openid_method(value = nil)
+          if value.nil?
+            read_inheritable_attribute(:find_by_openid_method) || find_by_openid_method("find_by_#{openid_field}")
+          else
+            write_inheritable_attribute(:find_by_openid_method, value)
+          end
+        end
+        alias_method :find_by_openid_method=, :find_by_openid_method
+        
+        # Calling UserSession.find tries to find the user session by session, then cookie, then params, and finally by basic http auth.
+        # This option allows you to change the order or remove any of these.
+        #
+        # * <tt>Default:</tt> [:session, :cookie, :params, :http_auth]
         # * <tt>Accepts:</tt> Array, and can only use any of the 3 options above
         def find_with(*values)
           if values.blank?
-            read_inheritable_attribute(:find_with) || find_with(:session, :cookie, :http_auth)
+            read_inheritable_attribute(:find_with) || find_with(:session, :cookie, :params, :http_auth)
           else
             values.flatten!
             write_inheritable_attribute(:find_with, values)
@@ -93,28 +118,94 @@ module Authlogic
         end
         alias_method :find_with=, :find_with
         
-        # The name of the method you want Authlogic to create for storing the login / username. Keep in mind this is just for your Authlogic::Session, if you want it can be something completely different
-        # than the field in your model. So if you wanted people to login with a field called "login" and then find users by email this is compeltely doable. See the find_by_login_method configuration option for
-        # more details.
+        # Every time a session is found the last_request_at field for that record is updatd with the current time, if that field exists. If you want to limit how frequent that field is updated specify the threshold
+        # here. For example, if your user is making a request every 5 seconds, and you feel this is too frequent, and feel a minute is a good threashold. Set this to 1.minute. Once a minute has passed in between
+        # requests the field will be updated.
+        #
+        # * <tt>Default:</tt> 0
+        # * <tt>Accepts:</tt> integer representing time in seconds
+        def last_request_at_threshold(value = nil)
+          if value.nil?
+            read_inheritable_attribute(:last_request_at_threshold) || last_request_at_threshold(0)
+          else
+            write_inheritable_attribute(:last_request_at_threshold, value)
+          end
+        end
+        alias_method :last_request_at_threshold=, :last_request_at_threshold
+        
+        # The name of the method you want Authlogic to create for storing the login / username. Keep in mind this is just for your
+        # Authlogic::Session, if you want it can be something completely different than the field in your model. So if you wanted people to
+        # login with a field called "login" and then find users by email this is compeltely doable. See the find_by_login_method configuration
+        # option for more details.
         #
         # * <tt>Default:</tt> Guesses based on the model columns, tries login, username, and email. If none are present it defaults to login
         # * <tt>Accepts:</tt> Symbol or String
         def login_field(value = nil)
           if value.nil?
-            read_inheritable_attribute(:login_field) || login_field((klass.column_names.include?("login") && :login) || (klass.column_names.include?("username") && :username) || (klass.column_names.include?("email") && :email) || :login)
+            read_inheritable_attribute(:login_field) || login_field(klass.login_field)
           else
             write_inheritable_attribute(:login_field, value)
           end
         end
         alias_method :login_field=, :login_field
         
+        # The name of the method you want Authlogic to create for storing the openid url. Keep in mind this is just for your Authlogic::Session,
+        # if you want it can be something completely different than the field in your model. So if you wanted people to login with a field called
+        # "openid_url" and then find users by openid this is compeltely doable. See the find_by_openid_method configuration option for
+        # more details.
+        #
+        # * <tt>Default:</tt> Guesses based on the model columns, tries openid, openid_url, identity_url.
+        # * <tt>Accepts:</tt> Symbol or String
+        def openid_field(value = nil)
+          if value.nil?
+            read_inheritable_attribute(:openid_field) || openid_field((klass.column_names.include?("openid") && :openid) || (klass.column_names.include?("openid_url") && :openid_url) || (klass.column_names.include?("identity_url") && :identity_url))
+          else
+            write_inheritable_attribute(:openid_field, value)
+          end
+        end
+        alias_method :openid_field=, :openid_field
+        
+        # The name of the method you want Authlogic to create for storing the openid url. Keep in mind this is just for your Authlogic::Session,
+        # if you want it can be something completely different than the field in your model. So if you wanted people to login with a field called
+        # "openid_url" and then find users by openid this is compeltely doable. See the find_by_openid_method configuration option for
+        # more details.
+        #
+        # * <tt>Default:</tt> Guesses based on the model columns, tries openid, openid_url, identity_url.
+        # * <tt>Accepts:</tt> Symbol or String
+        def openid_file_store_path(value = nil)
+          if value.nil?
+            read_inheritable_attribute(:openid_file_store_path) || openid_file_store_path((defined?(RAILS_ROOT) && RAILS_ROOT + "/tmp/openids") || (defined?(Merb) && Merb.root + "/tmp/openids"))
+          else
+            write_inheritable_attribute(:openid_file_store_path, value)
+          end
+        end
+        alias_method :openid_file_store_path=, :openid_file_store_path
+        
+        # Works exactly like cookie_key, but for params. So a user can login via params just like a cookie or a session. Your URK would look like:
+        #
+        #   http://www.domain.com?user_credentials=fdsfdfd32jfksdjfdksl
+        #
+        # You can change the "user_credentials" key above with this configuration option. Keep in mind, just like cookie_key, if you supply an id
+        # the id will be appended to the front.
+        #
+        # * <tt>Default:</tt> cookie_key
+        # * <tt>Accepts:</tt> String
+        def params_key(value = nil)
+          if value.nil?
+            read_inheritable_attribute(:params_key) || params_key(cookie_key)
+          else
+            write_inheritable_attribute(:params_key, value)
+          end
+        end
+        alias_method :params_key=, :params_key
+        
         # Works exactly like login_field, but for the password instead.
         #
         # * <tt>Default:</tt> Guesses based on the model columns, tries password and pass. If none are present it defaults to password
         # * <tt>Accepts:</tt> Symbol or String
         def password_field(value = nil)
           if value.nil?
-            read_inheritable_attribute(:password_field) || password_field((klass.column_names.include?("password") && :password) || (klass.column_names.include?("pass") && :pass) || :password)
+            read_inheritable_attribute(:password_field) || password_field(klass.password_field)
           else
             write_inheritable_attribute(:password_field, value)
           end
@@ -155,14 +246,7 @@ module Authlogic
         # * <tt>Accepts:</tt> Symbol or String
         def remember_token_field(value = nil)
           if value.nil?
-            read_inheritable_attribute(:remember_token_field) ||
-            remember_token_field(
-              (klass.column_names.include?("remember_token") && :remember_token) ||
-              (klass.column_names.include?("remember_key") && :remember_key) ||
-              (klass.column_names.include?("cookie_token") && :cookie_token) ||
-              (klass.column_names.include?("cookie_key") && :cookie_key) ||
-              :remember_token
-            )
+            read_inheritable_attribute(:remember_token_field) || remember_token_field(klass.remember_token_field)
           else
             write_inheritable_attribute(:remember_token_field, value)
           end
@@ -198,21 +282,36 @@ module Authlogic
       
       module InstanceMethods # :nodoc:
         def cookie_key
-          key_parts = [id, scope[:id], self.class.cookie_key].compact
-          key_parts.join("_")
+          build_key(self.class.cookie_key)
         end
         
         def find_by_login_method
           self.class.find_by_login_method
         end
         
+        def find_by_openid_method
+          self.class.find_by_openid_method
+        end
+        
         def find_with
           self.class.find_with
         end
+        
+        def last_request_at_threshold
+          self.class.last_request_at_threshold
+        end
       
         def login_field
           self.class.login_field
         end
+        
+        def openid_field
+          self.class.openid_field
+        end
+        
+        def params_key
+          build_key(self.class.params_key)
+        end
       
         def password_field
           self.class.password_field
@@ -228,13 +327,18 @@ module Authlogic
         end
         
         def session_key
-          key_parts = [id, scope[:id], self.class.session_key].compact
-          key_parts.join("_")
+          build_key(self.class.session_key)
         end
       
         def verify_password_method
           self.class.verify_password_method
         end
+        
+        private
+          def build_key(last_part)
+            key_parts = [id, scope[:id], last_part].compact
+            key_parts.join("_")
+          end
       end
     end
   end

data/lib/authlogic/session/cookies.rb

@@ -0,0 +1,39 @@
+module Authlogic
+  module Session
+    # = Cookies
+    #
+    # Handles all authentication that deals with cookies, such as persisting a session and saving / destroying a session.
+    module Cookies
+      def self.included(klass)
+        klass.after_save :save_cookie
+        klass.after_destroy :destroy_cookie
+      end
+      
+      # Tries to validate the session from information in the cookie
+      def valid_cookie?
+        if cookie_credentials
+          self.unauthorized_record = search_for_record("find_by_#{remember_token_field}", cookie_credentials)
+          return valid?
+        end
+        
+        false
+      end
+      
+      private
+        def cookie_credentials
+          controller.cookies[cookie_key]
+        end
+        
+        def save_cookie
+          controller.cookies[cookie_key] = {
+            :value => record.send(remember_token_field),
+            :expires => remember_me_until
+          }
+        end
+        
+        def destroy_cookie
+          controller.cookies.delete cookie_key
+        end
+    end
+  end
+end

data/lib/authlogic/session/openid.rb

@@ -0,0 +1,106 @@
+module Authlogic
+  module Session
+    module OpenID
+      def self.included(klass)
+        klass.class_eval do
+          alias_method_chain :initialize, :openid
+          alias_method_chain :credentials=, :openid
+          alias_method_chain :create_configurable_methods!, :openid
+          before_validation :valid_openid?
+          attr_accessor :openid_response
+        end
+      end
+      
+      def initialize_with_openid(*args)
+        initialize_without_openid(*args)
+        self.authenticating_with = :openid if openid_verification_complete?
+      end
+      
+      def credentials_with_openid=(values)
+        result = self.credentials_without_openid = values
+        return result if openid_field.blank? || values.blank? || !values.is_a?(Hash) || values[:openid].blank?
+        self.openid = values[:openid]
+        result
+      end
+      
+      # Returns true if logging in with openid. Credentials mean username and password.
+      def authenticating_with_openid?
+        authenticating_with == :openid
+      end
+      
+      def verify_openid?
+        authenticating_with_openid? && controller.params[:openid_complete] != "1"
+      end
+      
+      def openid_verified?
+        controller.params[:openid_complete] == "1"
+      end
+      
+      def valid_openid?
+        return false if openid_field.blank?
+        
+        if openid_verification_complete?
+          case openid_response.status
+          when OpenID::Consumer::SUCCESS
+            
+          when OpenID::Consumer::CANCEL
+            errors.add_to_base("OpenID authentication was cancelled.")
+          when OpenID::Consumer::FAILURE
+            errors.add_to_base("OpenID authentication failed.")
+          when OpenID::Consumer::SETUP_NEEDED
+            errors.add_to_Base("OpenID authentication needs setup.")
+          end
+        else
+          if authenticating_with_openid?
+            if send(openid_field).blank?
+              errors.add(openid_field, "can not be blank")
+              return false
+            end
+            
+            unless search_for_record(find_by_openid_method, send(openid_field))
+              errors.add(openid_field, "did not match any records in our database")
+              return false
+            end
+          
+            begin
+              self.openid_response = openid_consumer.begin(send(openid_field))
+            rescue OpenID::OpenIDError => e
+              errors.add("The OpenID identifier #{send(openid_field)} could not be found: #{e}")
+              return false
+            end
+          
+            sregreq = OpenID::SReg::Request.new
+            # required fields
+            #sregreq.request_fields(['email','nickname'], true)
+            # optional fields
+            #sregreq.request_fields(['dob', 'fullname'], false)
+            oidreq.add_extension(sregreq)
+            oidreq.return_to_args["openid_complete"] = 1
+          end
+        end
+      end
+      
+      private
+        def create_configurable_methods_with_openid!
+          create_configurable_methods_without_openid!
+          
+          return if openid_field.blank? || respond_to?(openid_field)
+          
+          if openid_field
+            self.class.class_eval <<-"end_eval", __FILE__, __LINE__
+              attr_reader :#{openid_field}
+              
+              def #{openid_field}=(value)
+                self.authenticating_with = :openid
+                @#{openid_field} = value
+              end
+            end_eval
+          end
+        end
+        
+        def openid_consumer
+          @openid_consumer ||= OpenID::Consumer.new(controller.session, OpenID::FilesystemStore.new(openid_file_store_path))
+        end
+    end
+  end
+end

data/lib/authlogic/session/params.rb

@@ -0,0 +1,28 @@
+module Authlogic
+  module Session
+    # = Params
+    #
+    # Tries to log the user in via params. Think about cookies and sessions. They are just hashes in your controller, so are params. People never
+    # look at params as an authentication option, but it can be useful for logging into private feeds. Logging in a user is as simple as:
+    #
+    #   http://www.domain.com?user_credentials=[insert remember token here]
+    #
+    # The user_credentials is based on the name of your session, the above example assumes UserSession. Also, this can be modified via configuration.
+    module Params
+      # Tries to validate the session from information in the params token
+      def valid_params?
+        if params_credentials
+          self.unauthorized_record = search_for_record("find_by_#{remember_token_field}", params_credentials)
+          return valid?
+        end
+        
+        false
+      end
+      
+      private
+        def params_credentials
+          controller.params[params_key]
+        end
+    end
+  end
+end