authlogic_crowd 0.2.4 → 0.3.0.pre.2

data/.document

@@ -1,5 +1,5 @@
-README.rdoc
-lib/**/*.rb
-bin/*
-features/**/*.feature
-LICENSE
+README.rdoc
+lib/**/*.rb
+bin/*
+features/**/*.feature
+LICENSE

data/Gemfile

@@ -2,3 +2,6 @@ source "http://rubygems.org"
 
 # Specify your gem's dependencies in authlogic_crowd.gemspec
 gemspec
+
+group :test do
+end

data/README.markdown

@@ -0,0 +1,173 @@
+Authlogic Crowd
+===============
+
+Authlogic Crowd is an extension of the Authlogic library to add Atlassian Crowd
+support.  We have only tested this plugin with Authlogic 2.x and Rails 2.x.
+
+
+## Installation
+
+Add the gem to your Gemfile:
+
+    gem 'authlogic_crowd'
+
+and run `bundle`.
+
+
+## Configuration
+
+In your model class, add Crowd configuration:
+
+    class User < ActiveRecord::Base
+      acts_as_authentic do |c|
+        c.crowd_service_url = "http://mycrowdapp:8095/crowd"
+        c.crowd_app_name = "testapp"
+        c.crowd_app_password = "testpass"
+      end
+    end
+
+
+## Usage
+
+When a user logs in via your existing login form, the user's credentials will
+be authenticated with Crowd.  authlogic_crowd will also authenticate users with
+an existing Crowd token_key cookie.
+
+authlogic_crowd acts as an *additional* authentication plugin.  Other
+authentication plugins will be tried in the order in which they were
+registered.  Thus, if your model contains password fields used by the
+built-in `Password` authentication module, Authlogic will attempt to
+authenticate via local passwords first.  If this fails, it will move on to
+authenticate via Crowd.  If you want to skip internal password checking, you
+should set internal password fields to `nil`.
+
+
+### Re-authenticate Every x Seconds
+
+By default, authlogic_crowd authenticates the Crowd token key cookie on every
+request.  You can tell the module to cache authentication and only
+re-authenticate periodically using *crowd_auth_every*:
+
+    class UserSession < Authlogic::Session::Base
+      crowd_auth_every 10.minutes
+    end
+
+
+### Auto Registration
+
+When a Crowd user logs in with no corresponding local user, a new local user
+will be added by default.  You can disable auto-registration with the
+`auto_register` setting in your Authlogic session:
+
+    class UserSession < Authlogic::Session::Base
+      auto_register false
+    end
+
+
+### Auto Add Crowd Records
+
+When a new local user is added, authlogic_crowd can add a corresponding user to
+Crowd.  This is disabled by default.  To enable, use the `add_crowd_records`
+setting:
+
+    class User < ActiveRecord::Base
+      acts_as_authentic do |c|
+        c.add_crowd_records = true
+      end
+    end
+
+
+### Auto Update Crowd Records
+
+When a local user is updated, authlogic_crowd will update the corresponding
+Crowd user.  This is enabled by default.  To disable, use the
+`update_crowd_records` setting:
+
+    class User < ActiveRecord::Base
+      acts_as_authentic do |c|
+        c.update_crowd_records = false
+      end
+    end
+
+
+### Disable Crowd
+
+If you need to disable Crowd (in testing for example), use the `crowd_enabled`
+setting:
+
+    class User < ActiveRecord::Base
+      acts_as_authentic do |c|
+        c.crowd_enabled = false
+      end
+    end
+
+
+## Callbacks
+
+authlogic_crowd adds several callbacks that can be used to customize the
+plugin.  Callbacks execute in the following order:
+
+  before_create_from_crowd  
+  before_sync_from_crowd  
+  sync_from_crowd  
+  after_sync_from_crowd  
+  after_create_from_crowd  
+
+  before_create_crowd_record  
+  before_sync_to_crowd  
+  sync_to_crowd  
+  after_sync_to_crowd  
+  after_create_crowd_record  
+
+
+### before_sync_from_crowd, sync_from_crowd, after_sync_from_crowd
+
+Called whenever a local record should be synchronized from Crowd.  Each time a
+user logs in to your application via Crowd (with login credentials or the
+token_key cookie), the local user record is synchronized with the Crowd record.
+
+For example:
+
+    class User < ActiveRecord::Base
+      acts_as_authentic do |c|
+        c.sync_from_crowd :update_from_crowd_record
+      end
+
+      def update_from_crowd_record
+        self.email = self.crowd_record.email
+        self.name = self.crowd_record.first_name + ' ' + self.crowd_record.last_name
+      end
+    end
+
+
+### before_sync_to_crowd, sync_to_crowd, after_sync_to_crowd
+
+Called whenever Crowd should be synchornized from a local record.
+
+For example:
+
+    class User < ActiveRecord::Base
+      acts_as_authentic do |c|
+        c.sync_to_crowd :update_crowd_record
+      end
+
+      def update_crowd_record
+        self.crowd_record = self.email
+        self.crowd_record.display_name = self.name
+        self.crowd_record.first_name = self.first_name
+        self.crowd_record.last_name = self.last_name
+      end
+    end
+
+
+### before_create_from_crowd, after_create_from_crowd
+
+Called when creating a new local record from a crowd record.  When
+auto-registration is enabled new local users will be created automatically
+when existing Crowd users log in to your application.
+
+
+### before_create_crowd_record, after_create_crowd_record
+
+Called when creating a new crowd record from a new local record.  These
+callbacks are only executed if the `add_crowd_records` setting is enabled.

data/Rakefile

@@ -1,21 +1 @@
-require 'rake'
-require 'rake/testtask'
-require 'rake/rdoctask'
-require 'bundler'
-Bundler::GemHelper.install_tasks
-
-desc 'Run tests for InheritedResources.'
-Rake::TestTask.new(:test) do |t|
-  t.pattern = 'test/**/*_test.rb'
-  t.verbose = true
-end
-
-desc 'Generate documentation for InheritedResources.'
-Rake::RDocTask.new(:rdoc) do |rdoc|
-  rdoc.rdoc_dir = 'rdoc'
-  rdoc.title    = 'InheritedResources'
-  rdoc.options << '--line-numbers' << '--inline-source'
-  rdoc.rdoc_files.include('README.rdoc')
-  rdoc.rdoc_files.include('lib/**/*.rb')
-end
-
+require 'bundler/gem_tasks'

data/authlogic_crowd.gemspec

@@ -1,47 +1,27 @@
+# -*- encoding: utf-8 -*-
 $:.push File.expand_path("../lib",__FILE__)
 require 'authlogic_crowd/version'
 
 Gem::Specification.new do |s|
-  s.name = %q{authlogic_crowd}
-  s.version = AuthlogicCrowd::VERSION.dup
-  s.platform = Gem::Platform::RUBY
-  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
-  s.authors = ["Paul Strong"]
-  s.description = %q{Authlogic Crowd}
-  s.email = %q{paul@thestrongfamily.org}
-  s.extra_rdoc_files = [
-    "README.rdoc"
-  ]
-  s.files = %w(
-    .document
-    .gitignore
-    Gemfile
-    README.rdoc
-    Rakefile
-    authlogic_crowd.gemspec
-    lib/authlogic_crowd.rb
-    lib/authlogic_crowd/acts_as_authentic.rb
-    lib/authlogic_crowd/acts_as_authentic_callbacks.rb
-    lib/authlogic_crowd/session.rb
-    lib/authlogic_crowd/session_callbacks.rb
-    lib/authlogic_crowd/version.rb
-    test/helper.rb
-    test/test_authlogic_crowd.rb
-  )
-  s.test_files = %w(
-    test/helper.rb
-    test/test_authlogic_crowd.rb
-  )
-  s.homepage = %q{http://github.com/thinkwell/authlogic_crowd}
+  s.name        = %q{authlogic_crowd}
+  s.version     = AuthlogicCrowd::VERSION.dup
+  s.authors     = ["Paul Strong"]
+  s.email       = %q{paul@thestrongfamily.org}
+  s.homepage    = %q{http://github.com/thinkwell/authlogic_crowd}
+  s.summary     = %q{Atlassian Crowd support for Authlogic}
+  s.description = %q{Atlassian Crowd support for Authlogic}
+
+  s.rubyforge_project = "authlogic_crowd"
+
+  s.files         = `git ls-files`.split("\n")
+  s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
+  s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
   s.require_paths = ["lib"]
-  s.rubygems_version = %q{1.3.7}
-  s.summary = %q{Atlassian Crowd support for Authlogic}
 
-  s.add_development_dependency(%q<thoughtbot-shoulda>, [">= 0"])
-  s.add_development_dependency(%q<fcoury-matchy>, [">= 0"])
-  s.add_development_dependency(%q<rr>, [">= 0"])
   s.add_runtime_dependency(%q<authlogic>, [">= 2.1.3", "< 3.0.0"])
-  s.add_runtime_dependency(%q<simple_crowd>, [">= 1.0.0"])
+  s.add_runtime_dependency(%q<simple_crowd>, [">= 1.1.0"])
 
+  s.add_development_dependency(%q<bundler>, [">= 1.0.21"])
+  s.add_development_dependency(%q<rake>, [">= 0"])
 end
 

data/lib/authlogic_crowd.rb

@@ -1,9 +1,8 @@
-require "authlogic_crowd/acts_as_authentic"
-require "authlogic_crowd/session"
-require "authlogic_crowd/session_callbacks"
-require "authlogic_crowd/acts_as_authentic_callbacks"
-
-ActiveRecord::Base.send(:include, AuthlogicCrowd::ActsAsAuthentic)
-ActiveRecord::Base.send(:include, AuthlogicCrowd::ActsAsAuthenticCallbacks)
-Authlogic::Session::Base.send(:include, AuthlogicCrowd::Session)
-Authlogic::Session::Base.send(:include, AuthlogicCrowd::SessionCallbacks)
+require "simple_crowd"
+require "authlogic_crowd/acts_as_authentic"
+require "authlogic_crowd/session"
+require "authlogic_crowd/acts_as_authentic_callbacks"
+require "authlogic_crowd/crowd_synchronizer"
+
+ActiveRecord::Base.send(:include, AuthlogicCrowd::ActsAsAuthentic)
+Authlogic::Session::Base.send(:include, AuthlogicCrowd::Session)

data/lib/authlogic_crowd/acts_as_authentic.rb

@@ -1,138 +1,185 @@
-module AuthlogicCrowd
-  module ActsAsAuthentic
-    # Adds in the neccesary modules for acts_as_authentic to include and also disabled password validation if
-    # OpenID is being used.
-    def self.included(klass)
-      klass.class_eval do
-        extend Config
-        add_acts_as_authentic_module(Methods, :prepend)
-      end
-    end
-    module Config
-
-      # **REQUIRED**
-      #
-      # Specify your crowd service url.
-      # @param [String] url to use when calling Crowd
-      def crowd_service_url(url=nil)
-        rw_config(:crowd_service_url, url, "http://localhost:8095/crowd/services/SecurityServer")
-      end
-      alias_method :crowd_service_url=, :crowd_service_url
-
-      # **REQUIRED**
-      #
-      # Specify your crowd app name.
-      # @param [String] name of app to use when calling Crowd
-      def crowd_app_name(name=nil)
-        rw_config(:crowd_app_name, name, nil)
-      end
-      alias_method :crowd_app_name=, :crowd_app_name
-
-      # **REQUIRED**
-      #
-      # Specify your crowd app password.
-      # @param [String] password Plain-text password for crowd app validation
-      def crowd_app_password(password=nil)
-        rw_config(:crowd_app_password, password, nil)
-      end
-      alias_method :crowd_app_password=, :crowd_app_password
-
-      def crowd_user_token_field(value = nil)
-        rw_config(:crowd_user_token_field, value, :crowd_user_token)
-      end
-      alias_method :crowd_user_token_field=, :crowd_user_token_field
-
-      def crowd_enabled(value=nil)
-        rw_config(:crowd_enabled, value, true)
-      end
-
-    end
-    module Methods
-      def self.included(klass)
-        klass.class_eval do
-          validate_on_create :must_have_unique_crowd_login, :if => :using_crowd?, :unless => :crowd_record
-
-          # TODO: Cleanup and refactor into callbacks
-          def create
-            if using_crowd? && !crowd_record
-              crowd_user = self.create_crowd_user
-              if crowd_user
-                # Crowd is going to store password so clear them from local object
-                self.clear_passwords
-                result = super
-                # Delete crowd user if local creation failed
-                crowd_client.delete_user crowd_user.user unless result
-                if result
-                  user_token = crowd_client.create_user_token crowd_user.username
-                  session_class.crowd_user_token = user_token unless
-                      session_class.controller && session_class.controller.session[:"crowd.token_key"]
-                end
-                return result
-              end
-            end
-            super
-          end
-          validates_length_of_password_field_options validates_length_of_password_field_options.merge(:on => :create)
-          validates_confirmation_of_password_field_options validates_confirmation_of_password_field_options.merge(:on => :create)
-          validates_length_of_password_confirmation_field_options validates_length_of_password_confirmation_field_options.merge(:on => :create)
-        end
-      end
-
-      attr_accessor :crowd_record
-
-      protected
-
-      def create_crowd_user
-        return unless self.login && @password
-        self.crowd_record = SimpleCrowd::User.new({:username => self.login})
-        sync_on_create
-        crowd_client.add_user self.crowd_record, @password
-      end
-
-      def clear_passwords
-        @password = nil
-        @password_changed = false
-        send("#{self.class.crypted_password_field}=", nil) if self.class.crypted_password_field
-        send("#{self.class.password_salt_field}=", nil) if self.class.password_salt_field
-      end
-
-      private
-
-      def must_have_unique_crowd_login
-        login = send(self.class.login_field)
-        crowd_user = crowd_client.find_user_by_name(login)
-        errors.add(self.class.login_field, "is already taken") unless crowd_user.nil? || !errors.on(self.class.login_field).nil?
-      end
-
-      def crowd_client
-        @crowd_client ||= SimpleCrowd::Client.new(crowd_config)
-      end
-      def load_crowd_app_token
-        cached_token = Rails.cache.read('crowd_app_token')
-        crowd_client.app_token = cached_token unless cached_token.nil?
-        Rails.cache.write('crowd_app_token', crowd_client.app_token) unless cached_token == crowd_client.app_token
-      end
-      def crowd_cookie_info
-        unless @crowd_cookie_info
-          cached_info = Rails.cache.read('crowd_cookie_info')
-          @crowd_cookie_info ||= cached_info || crowd_client.get_cookie_info
-          Rails.cache.write('crowd_cookie_info', @crowd_cookie_info) unless cached_info == @crowd_cookie_info
-        end
-        @crowd_cookie_info
-      end
-      def crowd_config
-        {:service_url => self.class.crowd_service_url,
-          :app_name => self.class.crowd_app_name,
-          :app_password => self.class.crowd_app_password}
-      end
-
-      def using_crowd?
-        self.class.crowd_enabled && !(self.class.crowd_app_name.nil? || self.class.crowd_app_password.nil? || self.class.crowd_service_url.nil?)
-      end
-
-      def validate_password_with_crowd?
-        #!using_crowd? && require_password?
-      end
-    end
-  end
-end
+module AuthlogicCrowd
+  module ActsAsAuthentic
+    # Adds in the neccesary modules for acts_as_authentic to include and also disabled password validation if
+    # Crowd is being used.
+    def self.included(klass)
+      klass.class_eval do
+        extend Config
+        add_acts_as_authentic_module(ActsAsAuthenticCallbacks)
+        add_acts_as_authentic_module(Methods)
+      end
+    end
+
+    module Config
+      # **REQUIRED**
+      #
+      # Specify your crowd service url.
+      # @param [String] url to use when calling Crowd
+      def crowd_service_url(url=nil)
+        rw_config(:crowd_service_url, url, "http://localhost:8095/crowd/services/SecurityServer")
+      end
+      alias_method :crowd_service_url=, :crowd_service_url
+
+      # **REQUIRED**
+      #
+      # Specify your crowd app name.
+      # @param [String] name of app to use when calling Crowd
+      def crowd_app_name(name=nil)
+        rw_config(:crowd_app_name, name, nil)
+      end
+      alias_method :crowd_app_name=, :crowd_app_name
+
+      # **REQUIRED**
+      #
+      # Specify your crowd app password.
+      # @param [String] password Plain-text password for crowd app validation
+      def crowd_app_password(password=nil)
+        rw_config(:crowd_app_password, password, nil)
+      end
+      alias_method :crowd_app_password=, :crowd_app_password
+
+      # Should new local records be added to crowd?
+      # Default is false.
+      def add_crowd_records(value=nil)
+        rw_config(:add_crowd_records, value, false)
+      end
+      alias_method :add_crowd_records=, :add_crowd_records
+
+      # Should changes to local records be synced to crowd?
+      # Default is true
+      def update_crowd_records(value=nil)
+        rw_config(:update_crowd_records, value, true)
+      end
+      alias_method :update_crowd_records=, :update_crowd_records
+
+      def crowd_enabled(value=nil)
+        rw_config(:crowd_enabled, value, true)
+      end
+      alias_method :crowd_enabled=, :crowd_enabled
+    end
+
+    module ClassMethods
+      def crowd_config
+        {
+          :service_url => crowd_service_url,
+          :app_name => crowd_app_name,
+          :app_password => crowd_app_password,
+          :cache_store => Rails.cache,
+        }
+      end
+
+      def crowd_client
+        SimpleCrowd::Client.new(crowd_config)
+      end
+
+      def crowd_synchronizer(crowd_client=self.crowd_client, local_record=nil)
+        CrowdSynchronizer.new(self, crowd_client, local_record)
+      end
+
+      def crowd_enabled?
+        !!self.crowd_enabled
+      end
+
+      def using_crowd?
+        self.crowd_enabled? && !(self.crowd_app_name.nil? || self.crowd_app_password.nil? || self.crowd_service_url.nil?)
+      end
+    end
+
+    module Methods
+      def self.included(klass)
+        klass.class_eval do
+          extend ClassMethods
+
+          after_create(:if => [:using_crowd?, :adding_crowd_records?], :unless => :has_crowd_record?) do |r|
+            r.crowd_synchronizer.create_crowd_record
+          end
+
+          before_update :crowd_before_update_reset_password, :if => [:using_crowd?, :updating_crowd_records?, :has_crowd_record?]
+
+          after_update(:if => [:using_crowd?, :updating_crowd_records?, :has_crowd_record?]) do |r|
+            r.crowd_synchronizer.sync_to_crowd
+          end
+
+          validate_on_create :must_have_unique_crowd_login, :if => [:using_crowd?, :adding_crowd_records?], :unless => :has_crowd_record?
+        end
+      end
+
+      attr_accessor :crowd_record, :crowd_synchronizer
+
+      def crowd_client
+        @crowd_client ||= self.class.crowd_client
+      end
+
+      def crowd_synchronizer
+        @crowd_synchronizer ||= self.class.crowd_synchronizer(crowd_client, self)
+      end
+
+      def crowd_record
+        return nil unless using_crowd?
+        if @crowd_record.nil?
+          @crowd_record = false
+          begin
+            login = self.send(self.class.login_field)
+            record = crowd_client.find_user_by_name(login)
+            @crowd_record = record if record
+          rescue SimpleCrowd::CrowdError => e
+            Rails.logger.warn "CROWD[#{__method__}]: Unexpected error.  #{e}"
+          end
+        end
+        @crowd_record == false ? nil : @crowd_record
+      end
+
+      def using_crowd?
+        self.class.using_crowd?
+      end
+
+      def adding_crowd_records?
+        self.class.add_crowd_records
+      end
+
+      def updating_crowd_records?
+        self.class.update_crowd_records
+      end
+
+      def has_crowd_record?
+        !!self.crowd_record
+      end
+
+      def crowd_password
+        password
+      end
+
+      def crowd_password_changed?
+        password_changed?
+      end
+
+      def valid_crowd_password?(plaintext_password)
+        if using_crowd?
+          begin
+            token = crowd_client.authenticate_user(self.unique_id, plaintext_password)
+            return true if token
+          rescue SimpleCrowd::CrowdError => e
+            Rails.logger.warn "CROWD[#{__method__}]: Unexpected error.  #{e}"
+          end
+        end
+        false
+      end
+
+
+      private
+
+      def must_have_unique_crowd_login
+        login = send(self.class.login_field)
+        crowd_user = crowd_client.find_user_by_name(login)
+        errors.add(self.class.login_field, "is already taken") unless crowd_user.nil? || !errors.on(self.class.login_field).nil?
+      end
+
+      def crowd_before_update_reset_password
+        if crowd_password_changed?
+          send("#{password_salt_field}=", nil) if password_salt_field
+          send("#{crypted_password_field}=", nil)
+        end
+      end
+    end
+  end
+end