authpro 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: c0f2599c0163c3a7578cb89b7f650a77292515d8
+  data.tar.gz: eb8cab72f96c3dd8b847146ffb99e5108e464a90
+SHA512:
+  metadata.gz: 00b8593ebe8a0759789eb5fd6fb9e7214b6a18c10d83a279afd8b88f5f21a0a2ae09e6be5ce6c9a36c76e14742a2ce85cb2faa29caa0800cb309c440fbe916ce
+  data.tar.gz: 4256104fbeac2e17869bd1372a136ad5dc12f4a62f1e7e64ab60887a8fff80bb721ed87d5027dd84d5865a2c37d5e94f95f078012414c3c7075b06c47d04bc28

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright 2013 Richard Nyström
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/Rakefile

@@ -0,0 +1,28 @@
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+
+require 'rdoc/task'
+
+RDoc::Task.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'Authpro'
+  rdoc.options << '--line-numbers'
+  rdoc.rdoc_files.include('README.rdoc')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+Bundler::GemHelper.install_tasks
+
+require 'rake/testtask'
+
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'lib'
+  t.libs << 'test'
+  t.pattern = 'test/**/*_test.rb'
+  t.verbose = false
+end
+
+task default: :test

data/lib/authpro.rb

@@ -0,0 +1,2 @@
+module Authpro
+end

data/lib/authpro/version.rb

@@ -0,0 +1,3 @@
+module Authpro
+  VERSION = "0.1.0"
+end

data/lib/generators/authpro/USAGE

@@ -0,0 +1,8 @@
+Description:
+    Explain the generator
+
+Example:
+    rails generate nobullshit_auth Thing
+
+    This will create:
+        what/will/it/create

data/lib/generators/authpro/authpro_generator.rb

@@ -0,0 +1,59 @@
+class AuthproGenerator < Rails::Generators::Base
+  source_root File.expand_path('../templates', __FILE__)
+
+  def generate_model
+    generate(:model, "user email:string password_digest:string auth_token:string password_reset_token:string password_reset_sent_at:datetime --force")
+  end
+
+  def copy_models
+    copy_file "user.rb", "app/models/user.rb"
+  end
+
+  def copy_controllers
+    copy_file "users_controller.rb", "app/controllers/users_controller.rb"
+    copy_file "sessions_controller.rb", "app/controllers/sessions_controller.rb"
+    copy_file "password_resets_controller.rb", "app/controllers/password_resets_controller.rb"
+    copy_file "home_controller.rb", "app/controllers/home_controller.rb"
+    
+    inject_into_file "app/controllers/application_controller.rb", :after => "protect_from_forgery with: :exception\n" do
+      "\n" +
+      "  private\n\n" +
+      "  def current_user\n" +
+      "    @current_user ||= User.find_by_auth_token( cookies[:auth_token]) if cookies[:auth_token]\n" +
+      "  end\n\n" +
+      "  helper_method :current_user\n"
+    end
+  end
+
+  def copy_views
+    copy_file "new_user.html.erb", "app/views/users/new.html.erb"
+    copy_file "new_password_resets.html.erb", "app/views/password_resets/new.html.erb"
+    copy_file "password_resets_edit.html.erb", "app/views/password_resets/edit.html.erb"
+    copy_file "new_sessions.html.erb", "app/views/sessions/new.html.erb"
+    copy_file "application.html.erb", "app/views/layouts/application.html.erb"
+    copy_file "index.html.erb", "app/views/home/index.html.erb"
+    copy_file "password_reset.text.erb", "app/views/user_mailer/password_reset.text.erb"
+  end
+
+  def add_routes
+    route "resources :password_resets"
+    route "resources :sessions"
+    route "resources :users"
+    route "get 'login' => 'sessions#new', :as => 'login'"
+    route "get 'signup' => 'users#new', :as => 'signup'"
+    route "get 'logout' => 'sessions#destroy', :as => 'logout'"
+    route "root to: 'home#index'"
+  end
+
+  def copy_mailers
+    copy_file "user_mailer.rb", "app/mailers/user_mailer.rb"
+  end
+
+  def inject_default_mailer_url_to_dev_env
+    inject_into_file "config/environments/development.rb", :after => "config.assets.debug = true\n" do
+      "  config.action_mailer.default_url_options = { host: \"localhost:3000\" }\n"
+    end
+  end
+
+  # $ rails g model user email:string password_digest:string auth_token:string password_reset_token:string password_reset_sent_at:datetime
+end

data/lib/generators/authpro/templates/application.html.erb

@@ -0,0 +1,26 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>Home</title>
+  <%= stylesheet_link_tag    "application", media: "all", "data-turbolinks-track" => true %>
+  <%= javascript_include_tag "application", "data-turbolinks-track" => true %>
+  <%= csrf_meta_tags %>
+</head>
+<body>
+  <div id="user_nav">
+    <% if current_user %>
+      Logged in as <%= current_user.email %>.
+      <%= link_to "Log out", logout_path %>
+    <% else %>
+      <%= link_to "Sign up", signup_path %> or
+      <%= link_to "Log in", login_path %>
+    <% end %>
+  </div>
+
+  <% flash.each do |name, msg| %>
+    <%= content_tag :div, msg, :id => "flash_#{name}" %>
+  <% end %>
+
+  <%= yield %>
+</body>
+</html>

data/lib/generators/authpro/templates/home_controller.rb

@@ -0,0 +1,4 @@
+class HomeController < ApplicationController
+  def index
+  end
+end

data/lib/generators/authpro/templates/index.html.erb

@@ -0,0 +1 @@
+<p>Home</p>

data/lib/generators/authpro/templates/new_password_resets.html.erb

@@ -0,0 +1,9 @@
+<h1>Reset password</h1>
+
+<%= form_tag password_resets_path, method: :post do %>
+  <div class="field">
+    <%= label_tag :email %> <br />
+    <%= text_field_tag :email, params[:email] %>
+  </div>
+  <div class="actions"><%= submit_tag "Reset password" %></div>
+<% end %>

data/lib/generators/authpro/templates/new_sessions.html.erb

@@ -0,0 +1,16 @@
+<h1>Log in</h1>
+
+<%= form_tag sessions_path do %>
+  <p>
+    <%= label_tag :email %><br />
+    <%= text_field_tag :email, params[:email] %>
+  </p>
+  <p>
+    <%= label_tag :password %><br />
+    <%= password_field_tag :password %>
+  </p>
+  <p>
+    <%= link_to "Forgot your password?", new_password_reset_path %>
+  </p>
+  <p class="button"><%= submit_tag "Log in" %></p>
+<% end %>

data/lib/generators/authpro/templates/new_user.html.erb

@@ -0,0 +1,27 @@
+<h1>Sign up</h1>
+
+<%= form_for @user do |f| %>
+  <% if @user.errors.any? %>
+    <div class="error_messages">
+      <h2>Form is invalid</h2>
+      <ul>
+        <% for message in @user.errors.full_messages %>
+          <li><%= message %></li>
+        <% end %>
+      </ul>
+    </div>
+  <% end %>
+  <div class="field">
+    <%= f.label :email %><br />
+    <%= f.text_field :email %>
+  </div>
+  <div class="field">
+    <%= f.label :password %><br />
+    <%= f.password_field :password %>
+  </div>
+  <div class="field">
+    <%= f.label :password_confirmation %><br />
+    <%= f.password_field :password_confirmation %>
+  </div>
+  <div class="actions"><%= f.submit "Sign up" %></div>
+<% end %>

data/lib/generators/authpro/templates/password_reset.text.erb

@@ -0,0 +1,5 @@
+To reset your password, click the URL below.
+
+<%= edit_password_reset_url(@user.password_reset_token) %>
+
+If you did not request your password to be reset, just ignore this email and your password will continue to stay the same.

data/lib/generators/authpro/templates/password_resets_controller.rb

@@ -0,0 +1,37 @@
+class PasswordResetsController < ApplicationController
+  def new
+  end
+
+  def create
+    user = User.find_by email: params[:email]
+
+    if user
+      user.send_password_reset
+      redirect_to root_url, notice: "Email sent with password reset instructions."
+    else
+      flash.now.alert = "We could not find anyone with that email address."
+      render "new"
+    end
+  end
+
+  def edit
+    @user = User.find_by! password_reset_token: params[:id]
+  end
+
+  def update
+    @user = User.find_by! password_reset_token: params[:id]
+    if @user.password_reset_sent_at < 20.hours.ago
+      redirect_to new_password_reset_path, alert: "Password reset has expired."
+    elsif @user.update_attributes(user_params)
+      redirect_to root_url, notice: "Password has been reset."
+    else
+      render :edit
+    end
+  end
+
+  private
+  # Never trust parameters from the scary internet, only allow the white list through.
+  def user_params
+    params.require(:user).permit(:password, :password_confirmation)
+  end
+end

data/lib/generators/authpro/templates/password_resets_edit.html.erb

@@ -0,0 +1,23 @@
+<h1>Reset password</h1>
+
+<%= form_for @user, url: password_reset_path(params[:id]) do |f| %>
+  <% if @user.errors.any? %>
+    <div class="error_messages">
+      <h2>Form is invalid</h2>
+      <ul>
+        <% for message in @user.errors.full_messages %>
+          <li><%= message %></li>
+        <% end %>
+      </ul>
+    </div>
+  <% end %>
+  <div class="field">
+    <%= f.label :password %><br />
+    <%= f.password_field :password %>
+  </div>
+  <div class="field">
+    <%= f.label :password_confirmation %><br />
+    <%= f.password_field :password_confirmation %>
+  </div>
+  <div class="actions"><%= f.submit "Change password" %></div>
+<% end %>

data/lib/generators/authpro/templates/sessions_controller.rb

@@ -0,0 +1,26 @@
+class SessionsController < ApplicationController
+  
+  def new
+  end
+
+  def create
+    @user = User.authenticate(params[:email], params[:password])
+    if @user
+      if params[:remember_me]
+        cookies.permanent[:auth_token] = @user.auth_token
+      else
+        cookies[:auth_token] = @user.auth_token  
+      end
+
+      redirect_to root_url, notice: "Logged in!"
+    else
+      flash.now.alert = "Invalid email or password"
+      render "new"
+    end
+  end
+
+  def destroy
+    cookies.delete(:auth_token)
+    redirect_to root_url, notice: "Logged out!"
+  end
+end

data/lib/generators/authpro/templates/user.rb

@@ -0,0 +1,25 @@
+class User < ActiveRecord::Base
+  has_secure_password
+  
+  validates_presence_of :password, on: :create
+
+  before_create { generate_token(:auth_token) }
+  
+  def self.authenticate(email, password)
+    user = find_by email: email
+    user if user && user.authenticate(password)
+  end
+    
+  def generate_token(column)
+    begin
+      self[column] = SecureRandom.urlsafe_base64
+    end while User.exists?(column => self[column])
+  end
+
+  def send_password_reset
+    generate_token(:password_reset_token)
+    self.password_reset_sent_at = Time.zone.now
+    save!
+    UserMailer.password_reset(self).deliver
+  end
+end

data/lib/generators/authpro/templates/user_mailer.rb

@@ -0,0 +1,8 @@
+class UserMailer < ActionMailer::Base
+  default from: "from@example.com"
+
+  def password_reset(user)
+    @user = user
+    mail to: user.email, subject: "Password Reset"
+  end
+end

data/lib/generators/authpro/templates/users_controller.rb

@@ -0,0 +1,21 @@
+class UsersController < ApplicationController
+  
+  def new
+    @user = User.new
+  end
+
+  def create
+    @user = User.new(user_params)
+    if @user.save
+      redirect_to root_url, notice: "Signed up!"
+    else
+      render "new"
+    end
+  end
+
+  private
+  # Never trust parameters from the scary internet, only allow the white list through.
+  def user_params
+    params.require(:user).permit(:email, :password, :password_confirmation)
+  end
+end

data/lib/tasks/authpro_tasks.rake

@@ -0,0 +1,4 @@
+# desc "Explaining what the task does"
+# task :authpro do
+#   # Task goes here
+# end

data/test/authpro_generator_test.rb

@@ -0,0 +1,35 @@
+require 'test_helper'
+
+# Docs: http://rdoc.info/github/rails/rails/master/Rails/Generators/TestCase
+class AuthproGeneratorTest < Rails::Generators::TestCase
+  tests AuthproGenerator
+  destination File.expand_path(File.join(File.dirname(__FILE__), "rails", "dummy"))
+
+  test "file creation" do 
+    run_generator(["--force"])
+    
+    # models
+    assert_file "app/models/user.rb"
+
+    # migrations
+    assert_migration "db/migrate/create_users.rb"
+
+    # controllers
+    assert_file "app/controllers/users_controller.rb"
+    assert_file "app/controllers/sessions_controller.rb"
+    assert_file "app/controllers/password_resets_controller.rb"
+    assert_file "app/controllers/home_controller.rb"
+
+    # views
+    assert_file "app/views/users/new.html.erb"
+    assert_file "app/views/password_resets/new.html.erb"
+    assert_file "app/views/password_resets/edit.html.erb"
+    assert_file "app/views/sessions/new.html.erb"
+    assert_file "app/views/layouts/application.html.erb"
+    assert_file "app/views/home/index.html.erb"
+    assert_file "app/views/user_mailer/password_reset.text.erb"
+
+    # mailers
+    assert_file "app/mailers/user_mailer.rb"
+  end
+end

data/test/authpro_integration_test.rb

@@ -0,0 +1,144 @@
+require "test_helper"
+require "uri"
+
+class AuthproIntegrationTest < ActionDispatch::IntegrationTest
+  
+  setup do
+    # We should really run the generator here
+    ActiveRecord::Migration.verbose = false
+    ActiveRecord::Migrator.migrate("#{Rails.root}/db/migrate")
+    Dummy::Application.reload_routes!
+    @user = User.create!(email: "master@example.com", password: "sekret123", password_confirmation: "sekret123")
+  end
+
+  test "Visit home" do
+    visit "/"
+    assert page.body.include? "Home"
+  end
+
+  test "signup" do
+    visit "/"
+    click_link "Sign up"
+    fill_in "Email", with: "user@example.com"
+    pass = "sekret123"
+    fill_in "user_password", with: pass
+    fill_in "user_password_confirmation", with: pass
+    click_button "Sign up"
+    assert page.body.include? "Signed up!"    
+  end
+
+  test "signup failing" do
+    visit "/"
+    click_link "Sign up"
+    fill_in "Email", with: "user@example.com"
+    fill_in "user_password", with: "sekret123"
+    fill_in "user_password_confirmation", with: "another password"
+    click_button "Sign up"
+    assert page.body.include? "Form is invalid"
+  end
+
+  test "login" do
+    visit "/"
+    click_link "Log in"
+    fill_in "Email", with: @user.email
+    fill_in "Password", with: "sekret123"
+    click_button "Log in"
+    assert page.body.include?("Logged in!")
+  end
+
+  test "login failing" do
+    visit "/"
+    click_link "Log in"
+    fill_in "Email", with: @user.email
+    fill_in "Password", with: "wrong_password!"
+    click_button "Log in"
+    assert page.body.include?("Invalid email or password")
+  end
+
+  test "logout" do
+    visit "/login"
+    fill_in "Email", with: @user.email
+    fill_in "Password", with: "sekret123"
+    click_button "Log in"
+    click_link "Log out"
+    assert page.body.include?("Logged out!")
+  end
+
+  test "Reset password" do
+    visit "/login"
+    click_link "Forgot your password?"
+    fill_in "Email", with: @user.email
+    click_button "Reset password"
+    assert page.body.include?("Email sent with password reset instructions.")
+    
+    # The e-mail part
+    mail = ActionMailer::Base.deliveries.last
+    assert "from@example.com" == mail["from"].to_s
+    assert @user.email == mail["to"].to_s
+    assert "Password Reset" == mail["subject"].to_s
+    body = mail.body.to_s
+    url = URI.extract(body).first
+    
+    visit url
+    fill_in "user_password", with: "new_password!"
+    fill_in "user_password_confirmation", with: "new_password!"
+    click_button "Change password"
+    assert page.body.include?("Password has been reset.")   
+  end
+
+  test "Reset password failing because email does not exist" do
+    visit "/login"
+    click_link "Forgot your password?"
+    fill_in "Email", with: "nosense@example.com"
+    click_button "Reset password"
+    assert page.body.include?("We could not find anyone with that email address.")
+  end
+
+  test "Reset password failing because we enter a new invalid password" do
+    visit "/login"
+    click_link "Forgot your password?"
+    fill_in "Email", with: @user.email
+    click_button "Reset password"
+    assert page.body.include?("Email sent with password reset instructions.")
+    
+    # The e-mail part
+    mail = ActionMailer::Base.deliveries.last
+    assert "from@example.com" == mail["from"].to_s
+    assert @user.email == mail["to"].to_s
+    assert "Password Reset" == mail["subject"].to_s
+    body = mail.body.to_s
+    url = URI.extract(body).first
+    
+    visit url
+    fill_in "user_password", with: "new_password!"
+    fill_in "user_password_confirmation", with: "missmatch!!!"
+    click_button "Change password"
+    assert page.body.include?("Form is invalid")
+  end
+
+  test "Reset password failing because of expiration" do
+    visit "/login"
+    click_link "Forgot your password?"
+    fill_in "Email", with: @user.email
+    click_button "Reset password"
+    assert page.body.include?("Email sent with password reset instructions.")
+    
+    # The e-mail part
+    mail = ActionMailer::Base.deliveries.last
+    assert "from@example.com" == mail["from"].to_s
+    assert @user.email == mail["to"].to_s
+    assert "Password Reset" == mail["subject"].to_s
+    body = mail.body.to_s
+    url = URI.extract(body).first
+    
+    # Travel forward in time
+    Timecop.freeze(Date.today + 2) do
+      visit url
+      fill_in "user_password", with: "new_password!"
+      fill_in "user_password_confirmation", with: "new_password!"
+      click_button "Change password"
+      assert page.body.include?("Password reset has expired.")
+    end
+
+  end
+end