authpwn_rails 0.8.3 → 0.9.0

data/VERSION

@@ -1 +1 @@
-0.8.3
+0.9.0

data/authpwn_rails.gemspec

@@ -5,11 +5,11 @@
 
 Gem::Specification.new do |s|
   s.name = %q{authpwn_rails}
-  s.version = "0.8.3"
+  s.version = "0.9.0"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = [%q{Victor Costan}]
-  s.date = %q{2011-07-01}
+  s.date = %q{2011-07-05}
   s.description = %q{Works with Facebook.}
   s.email = %q{victor@costan.us}
   s.extra_rdoc_files = [
@@ -29,7 +29,8 @@ Gem::Specification.new do |s|
     "authpwn_rails.gemspec",
     "lib/authpwn_rails.rb",
     "lib/authpwn_rails/engine.rb",
-    "lib/authpwn_rails/facebook_extensions.rb",
+    "lib/authpwn_rails/facebook_session.rb",
+    "lib/authpwn_rails/facebook_token_model.rb",
     "lib/authpwn_rails/generators/facebook_generator.rb",
     "lib/authpwn_rails/generators/session_generator.rb",
     "lib/authpwn_rails/generators/templates/001_create_users.rb",
@@ -46,6 +47,7 @@ Gem::Specification.new do |s|
     "lib/authpwn_rails/generators/templates/users.yml",
     "lib/authpwn_rails/generators/users_generator.rb",
     "lib/authpwn_rails/session.rb",
+    "lib/authpwn_rails/session_controller.rb",
     "lib/authpwn_rails/user_model.rb",
     "test/cookie_controller_test.rb",
     "test/facebook_controller_test.rb",
@@ -62,7 +64,7 @@ Gem::Specification.new do |s|
   s.homepage = %q{http://github.com/pwnall/authpwn_rails}
   s.licenses = [%q{MIT}]
   s.require_paths = [%q{lib}]
-  s.rubygems_version = %q{1.8.4}
+  s.rubygems_version = %q{1.8.5}
   s.summary = %q{User authentication for Rails 3 applications.}
 
   if s.respond_to? :specification_version then

data/lib/authpwn_rails/facebook_session.rb

@@ -0,0 +1,33 @@
+require 'action_controller'
+
+# :nodoc: add authenticates_using_facebook
+class ActionController::Base  
+  # Authenticates users via Facebook OAuth2, using fbgraph_rails.
+  #
+  # The User model class must implement for_facebook_token. The controller
+  # should obtain the Facebook token, using probes_facebook_access_token or
+  # requires_facebook_access_token.
+  def self.authenticates_using_facebook(options = {})
+    include AuthpwnRails::FacebookControllerInstanceMethods
+    before_filter :authenticate_using_facebook_access_token, options
+  end
+end  # module AuthpwnRails::FacebookExtensions::ControllerClassMethods
+
+# :nodoc: namespace
+module AuthpwnRails
+
+# Included in controllers that call authenticates_using_facebook.
+module FacebookControllerInstanceMethods
+  def authenticate_using_facebook_access_token
+    return true if current_user
+    if access_token = current_facebook_access_token
+      self.current_user = User.for_facebook_token access_token
+      # NOTE: nixing the token from the session so the user won't be logged on
+      #       immediately after logging off
+      self.current_facebook_access_token = nil
+    end
+  end
+  private :authenticate_using_facebook_access_token
+end  # module AuthpwnRails::FacebookControllerInstanceMethods
+
+end  # namespace AuthpwnRails

data/lib/authpwn_rails/facebook_token_model.rb

@@ -0,0 +1,66 @@
+require 'active_support'
+
+# :nodoc: namespace
+module AuthpwnRails
+
+# Included by the model class that represents facebook tokens.
+#
+# Right now, some parts of the codebase assume the model will be named
+# FacebookToken.
+module FacebookTokenModel
+  extend ActiveSupport::Concern
+
+  included do
+    # The user whose token this is.
+    belongs_to :user, :inverse_of => :facebook_token
+    validates :user, :presence => true
+    
+    # A unique ID on the Facebook site for the user owning this token.
+    validates :external_uid, :length => 1..32, :presence => true
+  
+    # The OAuth2 access token.
+    validates :access_token, :length => 1..128, :presence => true
+  end
+
+  # Included in the metaclass of models that call pwnauth_facebook_token_model.
+  module ClassMethods
+    # Finds or creates the model containing a token.
+    #
+    # If a model for the same user exists, the model is updated with the given
+    # token. Otherwise, a new model will be created, together with a user.
+    def for(access_token)
+      uid = uid_from_token access_token
+      token = self.where(:external_uid => uid.to_str).first
+      if token
+        token.access_token = access_token
+      else
+        token = FacebookToken.new :external_uid => uid,
+                                  :access_token => access_token
+        token.user = User.create_with_facebook_token token
+      end
+      token.save!
+      token
+    end
+    
+    # Extracts the Facebook user ID from a OAuth2 token.
+    #
+    # This is a hack. It works based on the current format, but might break at
+    # any time. Hopefully, we'll eventually have an official way of pulling the
+    # UID out of an OAuth2 token.
+    def uid_from_token(access_token)
+      access_token.split('|')[1].split('-').last
+    end
+  end  # module AuthpwnRails::FacebookTokenModel::ClassMethods
+
+  
+  # Included in models that include AuthpwnRails::FacebookTokenModel.
+  module InstanceMethods
+    # FBGraph client loaded with this access token.
+    def facebook_client
+      @client ||= FBGraphRails.fbclient(access_token)
+    end  
+  end  # module AuthpwnRails::FacebookTokenModel::InstanceMethods
+  
+end  # namespace AuthpwnRails::FacebookTokenModel
+
+end  # namespace AuthpwnRails

data/lib/authpwn_rails/generators/templates/facebook_token.rb

@@ -1,6 +1,6 @@
 # Wraps an OAuth2 access token for Facebook.
 class FacebookToken < ActiveRecord::Base
-  pwnauth_facebook_token_model
+  include AuthpwnRails::FacebookTokenModel
 
   # Add your extensions to the FacebookToken class here.  
 end

data/lib/authpwn_rails/generators/templates/session_controller.rb

@@ -1,6 +1,6 @@
 # Manages logging in and out of the application.
 class SessionController < ApplicationController
-  authpwn_session_controller
+  include AuthpwnRails::SessionController
   
   # Sets up the 'session/welcome' view. No user is logged in.
   def welcome

data/lib/authpwn_rails/generators/templates/user.rb

@@ -1,6 +1,6 @@
 # An user account.
 class User < ActiveRecord::Base
-  pwnauth_user_model
+  include AuthpwnRails::UserModel
 
   # Add your extensions to the User class here.  
 end

data/lib/authpwn_rails/session.rb

@@ -1,40 +1,21 @@
 require 'action_controller'
 
-# :nodoc: namespace
-module AuthpwnRails
-
-# :nodoc: namespace
-module Session
-
-# Mixed into ActiveController::Base
-module ControllerMixin
-  def self.included(base)
-    base.send :extend, ControllerClassMethods
-  end
-end
-
-# Methods here become ActiveController::Base class methods.
-module ControllerClassMethods  
+# :nodoc: adds authenticates_using_session
+class ActionController::Base
   # Keeps track of the currently authenticated user via the session. 
   #
   # Assumes the existence of a User model. A bare ActiveModel model will do the
   # trick. Model instances must implement id, and the model class must implement
   # find_by_id.
-  def authenticates_using_session(options = {})
-    include ControllerInstanceMethods
+  def self.authenticates_using_session(options = {})
+    include AuthpwnRails::ControllerInstanceMethods
     before_filter :authenticate_using_session, options   
-  end
-  
-  # Turns the current controller into the session processing controller.
-  #
-  # Right now, this should be called from SessionController. The controller name
-  # is hardwired in other parts of the implementation.
-  def authpwn_session_controller
-    include SessionControllerInstanceMethods
-    authenticates_using_session
-  end
+  end  
 end
 
+# :nodoc: namespace
+module AuthpwnRails
+
 # Included in controllers that call authenticates_using_session.
 module ControllerInstanceMethods
   attr_reader :current_user
@@ -82,93 +63,9 @@ module ControllerInstanceMethods
       end
     end
   end
-end
-
-# Included in controllers that call authpwn_session_controller.
-module SessionControllerInstanceMethods
-  # GET /session/new
-  def new
-    @user = User.new
-    @redirect_url = flash[:auth_redirect_url]
-    redirect_to session_url if current_user
-  end
-
-  # GET /session
-  def show
-    @user = current_user || User.new
-    if @user.new_record?
-      welcome
-      unless performed?
-        respond_to do |format|
-          format.html { render :action => :welcome }
-          format.json { render :json => {} }
-        end
-      end
-    else      
-      home
-      unless performed?
-        respond_to do |format|
-          format.html { render :action => :home }
-          format.json do
-            user_data = @user.as_json
-            user_data = user_data['user'] if @user.class.include_root_in_json
-            render :json => { :user => user_data,
-                              :csrf => form_authenticity_token }
-          end
-        end
-      end
-    end
-  end
-  
-  # POST /session
-  def create
-    @user = User.new params[:user]
-    @redirect_url = params[:redirect_url] || session_url
-    self.current_user =
-        User.find_by_email_and_password @user.email, @user.password
-        
-    respond_to do |format|
-      if current_user
-        format.html { redirect_to @redirect_url }
-        format.json do
-          user_data = @user.as_json
-          user_data = user_data['user'] if @user.class.include_root_in_json
-          render :json => { :user => user_data,
-                            :csrf => form_authenticity_token }
-        end
-      else
-        notice = 'Invalid e-mail or password'
-        format.html do
-          redirect_to new_session_url, :flash => {
-            :notice => notice, :auth_redirect_url => @redirect_url }
-        end
-        format.json { render :json => { :error => notice} }
-      end
-    end
-  end
-
-  # DELETE /session
-  def destroy
-    self.current_user = nil
-    respond_to do |format|
-      format.html { redirect_to session_url }
-      format.json { head :ok }
-    end
-  end
-
-  # Hook for setting up the home view.
-  def home
-  end
-  private :home
-  
-  # Hook for setting up the welcome view.
-  def welcome
-  end
-  private :welcome
-end  # module Authpwn::Session::SessionControllerInstanceMethods
-
-ActionController::Base.send :include, ControllerMixin
+end  # module AuthpwnRails::ControllerInstanceMethods
 
+end  # namespace AuthpwnRails
 
 # :nodoc: add session modification
 class ActionController::TestCase
@@ -183,7 +80,3 @@ class ActionController::TestCase
     User.find_by_param user_param
   end
 end
-
-end  # namespace AuthpwnRails::Session
-
-end  # namespace AuthpwnRails

data/lib/authpwn_rails/session_controller.rb

@@ -0,0 +1,102 @@
+require 'active_support'
+
+# :nodoc: namespace
+module AuthpwnRails
+
+# Included by the controller that handles user authentication.
+#
+# Right now, some parts of the codebase assume the controller will be named
+# Session.
+module SessionController
+  extend ActiveSupport::Concern
+  
+  included do
+    authenticates_using_session
+  end
+
+  # Included in controllers that include AuthpwnRails::SessionController.
+  module InstanceMethods
+    # GET /session/new
+    def new
+      @user = User.new
+      @redirect_url = flash[:auth_redirect_url]
+      redirect_to session_url if current_user
+    end
+  
+    # GET /session
+    def show
+      @user = current_user || User.new
+      if @user.new_record?
+        welcome
+        unless performed?
+          respond_to do |format|
+            format.html { render :action => :welcome }
+            format.json { render :json => {} }
+          end
+        end
+      else      
+        home
+        unless performed?
+          respond_to do |format|
+            format.html { render :action => :home }
+            format.json do
+              user_data = @user.as_json
+              user_data = user_data['user'] if @user.class.include_root_in_json
+              render :json => { :user => user_data,
+                                :csrf => form_authenticity_token }
+            end
+          end
+        end
+      end
+    end
+    
+    # POST /session
+    def create
+      @user = User.new params[:user]
+      @redirect_url = params[:redirect_url] || session_url
+      self.current_user =
+          User.find_by_email_and_password @user.email, @user.password
+          
+      respond_to do |format|
+        if current_user
+          format.html { redirect_to @redirect_url }
+          format.json do
+            user_data = @user.as_json
+            user_data = user_data['user'] if @user.class.include_root_in_json
+            render :json => { :user => user_data,
+                              :csrf => form_authenticity_token }
+          end
+        else
+          notice = 'Invalid e-mail or password'
+          format.html do
+            redirect_to new_session_url, :flash => {
+              :notice => notice, :auth_redirect_url => @redirect_url }
+          end
+          format.json { render :json => { :error => notice} }
+        end
+      end
+    end
+  
+    # DELETE /session
+    def destroy
+      self.current_user = nil
+      respond_to do |format|
+        format.html { redirect_to session_url }
+        format.json { head :ok }
+      end
+    end
+  
+    # Hook for setting up the home view.
+    def home
+    end
+    private :home
+    
+    # Hook for setting up the welcome view.
+    def welcome
+    end
+    private :welcome
+  end  # module AuthpwnRails::SessionController::InstanceMethods
+
+end  # module AuthpwnRails::SessionController
+
+end  # namespace AuthpwnRails

data/lib/authpwn_rails/user_model.rb

@@ -1,24 +1,16 @@
-require 'active_record'
+require 'active_model'
+require 'active_support'
 
 # :nodoc: namespace
 module AuthpwnRails
 
-# :nodoc: namespace
+# Included by the model class that represents users.
+#
+# Right now, some parts of the codebase assume the model will be named User.
 module UserModel
-
-
-# Mixed into ActiveRecord::Base
-module ModelMixin
-  def self.included(base)
-    base.send :extend, ModelClassMethods
-  end
-end
-
-
-# Methods here become ActiveRecord::Base class methods.
-module ModelClassMethods
-  # Extends the model with all that it needs to be PwnAuth's user model.
-  def pwnauth_user_model
+  extend ActiveSupport::Concern
+  
+  included do
     # E-mail address identifying the user account.
     validates :email, :format => /^[A-Za-z0-9.+_]+@[^@]*\.(\w+)$/,
                       :presence => true, :length => 1..128, :uniqueness => true
@@ -42,94 +34,86 @@ module ModelClassMethods
     
     # Facebook token.
     has_one :facebook_token, :dependent => :destroy, :inverse_of => :user    
-
-    extend ModelMetaclassMethods    
-    include ModelInstanceMethods
   end
-end  # module AuthpwnRails::UserModel::ModelClassMethods
 
-
-# Included in the metaclass of models that call pwnauth_user_model.
-module ModelMetaclassMethods
-  # Queries the database using the value returned by User#to_param.
-  #
-  # Returns nil if no matching User exists.
-  def find_by_param(param)
-    where(:email_hash => param).first
-  end
-  
-  # The authenticated user or nil.
-  def find_by_email_and_password(email, password)
-    user = where(:email => email).first
-    (user && user.password_matches?(password)) ? user : nil
-  end
-  
-  # Computes a password hash from a raw password and a salt.
-  def hash_password(password, salt)
-    Digest::SHA2.hexdigest(password + salt)
-  end
-  
-  # Generates a random salt value.
-  def random_salt
-    [(0...12).map { |i| 1 + rand(255) }.pack('C*')].pack('m').strip
-  end  
-  
-  # Fills out a new user's information based on a Facebook access token.
-  def create_with_facebook_token(token)
-    self.create! :email => "#{token.external_uid}@graph.facebook.com"
-  end
-  
-  # The user that owns a given Facebook OAuth2 token.
-  #
-  # A new user will be created if the token doesn't belong to any user. This is
-  # the case for a new visitor.
-  def for_facebook_token(access_token)
-    FacebookToken.for(access_token).user
-  end
-end  # module AuthpwnRails::UserModel::ModelMetaclassMethods
-
-
-# Included in models that call pwnauth_user_model.
-module ModelInstanceMethods
-  # Resets the virtual password attributes.
-  def reset_password
-    @password = @password_confirmation = nil
-  end
+  # Class methods on models that include AuthpwnRails::UserModel.
+  module ClassMethods
+    # Queries the database using the value returned by User#to_param.
+    #
+    # Returns nil if no matching User exists.
+    def find_by_param(param)
+      where(:email_hash => param).first
+    end
     
-  # Compares the given password against the user's stored password.
-  #
-  # Returns +true+ for a match, +false+ otherwise.
-  def password_matches?(passwd)
-    password_hash == self.class.hash_password(passwd, password_salt)
-  end  
-
-  # Password virtual attribute.
-  def password=(new_password)
-    @password = new_password
-    self.password_salt = self.class.random_salt
-    self.password_hash = new_password &&
-                         self.class.hash_password(new_password, password_salt)
-  end
-  
-  # Use e-mails instead of exposing ActiveRecord IDs.
-  def to_param
-    email_hash
-  end
+    # The authenticated user or nil.
+    def find_by_email_and_password(email, password)
+      user = where(:email => email).first
+      (user && user.password_matches?(password)) ? user : nil
+    end
+    
+    # Computes a password hash from a raw password and a salt.
+    def hash_password(password, salt)
+      Digest::SHA2.hexdigest(password + salt)
+    end
+    
+    # Generates a random salt value.
+    def random_salt
+      [(0...12).map { |i| 1 + rand(255) }.pack('C*')].pack('m').strip
+    end  
+    
+    # Fills out a new user's information based on a Facebook access token.
+    def create_with_facebook_token(token)
+      self.create! :email => "#{token.external_uid}@graph.facebook.com"
+    end
+    
+    # The user that owns a given Facebook OAuth2 token.
+    #
+    # A new user will be created if the token doesn't belong to any user. This
+    # is the case for a new visitor.
+    def for_facebook_token(access_token)
+      FacebookToken.for(access_token).user
+    end
+  end  # module AuthpwnRails::UserModel::ClassMethods
   
-  # :nodoc: overwrites
-  def email=(new_email)
-    super
-    self.email_hash = new_email && Digest::SHA2.hexdigest(new_email)
-  end
+  # Included in models that include AuthpwnRails::UserModel.
+  module InstanceMethods
+    # Resets the virtual password attributes.
+    def reset_password
+      @password = @password_confirmation = nil
+    end
+      
+    # Compares the given password against the user's stored password.
+    #
+    # Returns +true+ for a match, +false+ otherwise.
+    def password_matches?(passwd)
+      password_hash == self.class.hash_password(passwd, password_salt)
+    end  
   
-  # Do not expose password and ActiveRecord IDs in JSON representation.
-  def as_json(options = {})
-    options ||= {}
-    super(options.merge(:except => [:password_salt, :password_hash, :id]))
-  end
-end  # module AuthpwnRails::UserModel::ModelInstanceMethods
-
-ActiveRecord::Base.send :include, ModelMixin
+    # Password virtual attribute.
+    def password=(new_password)
+      @password = new_password
+      self.password_salt = self.class.random_salt
+      self.password_hash = new_password &&
+                           self.class.hash_password(new_password, password_salt)
+    end
+    
+    # Use e-mails instead of exposing ActiveRecord IDs.
+    def to_param
+      email_hash
+    end
+    
+    # :nodoc: overwrites
+    def email=(new_email)
+      super
+      self.email_hash = new_email && Digest::SHA2.hexdigest(new_email)
+    end
+    
+    # Do not expose password and ActiveRecord IDs in JSON representation.
+    def as_json(options = {})
+      options ||= {}
+      super(options.merge(:except => [:password_salt, :password_hash, :id]))
+    end
+  end  # module AuthpwnRails::UserModel::InstanceMethods
 
 end  # namespace AuthpwnRails::UserModel
 

data/lib/authpwn_rails.rb

@@ -2,8 +2,10 @@
 module AuthpwnRails
 end
 
-require 'authpwn_rails/facebook_extensions.rb'
+require 'authpwn_rails/facebook_session.rb'
+require 'authpwn_rails/facebook_token_model.rb'
 require 'authpwn_rails/session.rb'
+require 'authpwn_rails/session_controller.rb'
 require 'authpwn_rails/user_model.rb'
 
 if defined?(Rails)

data/test/cookie_controller_test.rb

@@ -34,7 +34,8 @@ class CookieControllerTest < ActionController::TestCase
     get :show
     assert_response :success
     assert_equal @user, assigns(:current_user)
-    assert_equal "User: #{Fixtures.identify(:john)}", response.body
+    assert_equal "User: #{ActiveRecord::Fixtures.identify(:john)}",
+                 response.body
   end
   
   test "invalid user_pid in session" do

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: authpwn_rails
 version: !ruby/object:Gem::Version 
-  hash: 57
+  hash: 59
   prerelease: 
   segments: 
   - 0
-  - 8
-  - 3
-  version: 0.8.3
+  - 9
+  - 0
+  version: 0.9.0
 platform: ruby
 authors: 
 - Victor Costan
@@ -15,11 +15,10 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2011-07-01 00:00:00 Z
+date: 2011-07-05 00:00:00 Z
 dependencies: 
 - !ruby/object:Gem::Dependency 
-  type: :runtime
-  requirement: &id001 !ruby/object:Gem::Requirement 
+  version_requirements: &id001 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ">="
@@ -30,12 +29,12 @@ dependencies:
         - 1
         - 7
         version: 0.1.7
+  type: :runtime
+  requirement: *id001
   prerelease: false
-  version_requirements: *id001
   name: fbgraph_rails
 - !ruby/object:Gem::Dependency 
-  type: :runtime
-  requirement: &id002 !ruby/object:Gem::Requirement 
+  version_requirements: &id002 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ">="
@@ -48,12 +47,12 @@ dependencies:
         - rc
         - 4
         version: 3.1.0.rc4
+  type: :runtime
+  requirement: *id002
   prerelease: false
-  version_requirements: *id002
   name: rails
 - !ruby/object:Gem::Dependency 
-  type: :development
-  requirement: &id003 !ruby/object:Gem::Requirement 
+  version_requirements: &id003 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ~>
@@ -64,12 +63,12 @@ dependencies:
         - 0
         - 0
         version: 1.0.0
+  type: :development
+  requirement: *id003
   prerelease: false
-  version_requirements: *id003
   name: bundler
 - !ruby/object:Gem::Dependency 
-  type: :development
-  requirement: &id004 !ruby/object:Gem::Requirement 
+  version_requirements: &id004 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ~>
@@ -80,12 +79,12 @@ dependencies:
         - 6
         - 0
         version: 1.6.0
+  type: :development
+  requirement: *id004
   prerelease: false
-  version_requirements: *id004
   name: jeweler
 - !ruby/object:Gem::Dependency 
-  type: :development
-  requirement: &id005 !ruby/object:Gem::Requirement 
+  version_requirements: &id005 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ">="
@@ -94,12 +93,12 @@ dependencies:
         segments: 
         - 0
         version: "0"
+  type: :development
+  requirement: *id005
   prerelease: false
-  version_requirements: *id005
   name: rcov
 - !ruby/object:Gem::Dependency 
-  type: :development
-  requirement: &id006 !ruby/object:Gem::Requirement 
+  version_requirements: &id006 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ">="
@@ -110,8 +109,9 @@ dependencies:
         - 3
         - 3
         version: 1.3.3
+  type: :development
+  requirement: *id006
   prerelease: false
-  version_requirements: *id006
   name: sqlite3
 description: Works with Facebook.
 email: victor@costan.us
@@ -135,7 +135,8 @@ files:
 - authpwn_rails.gemspec
 - lib/authpwn_rails.rb
 - lib/authpwn_rails/engine.rb
-- lib/authpwn_rails/facebook_extensions.rb
+- lib/authpwn_rails/facebook_session.rb
+- lib/authpwn_rails/facebook_token_model.rb
 - lib/authpwn_rails/generators/facebook_generator.rb
 - lib/authpwn_rails/generators/session_generator.rb
 - lib/authpwn_rails/generators/templates/001_create_users.rb
@@ -152,6 +153,7 @@ files:
 - lib/authpwn_rails/generators/templates/users.yml
 - lib/authpwn_rails/generators/users_generator.rb
 - lib/authpwn_rails/session.rb
+- lib/authpwn_rails/session_controller.rb
 - lib/authpwn_rails/user_model.rb
 - test/cookie_controller_test.rb
 - test/facebook_controller_test.rb
@@ -193,7 +195,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
 requirements: []
 
 rubyforge_project: 
-rubygems_version: 1.8.4
+rubygems_version: 1.8.5
 signing_key: 
 specification_version: 3
 summary: User authentication for Rails 3 applications.

data/lib/authpwn_rails/facebook_extensions.rb

@@ -1,121 +0,0 @@
-require 'action_controller'
-require 'active_record'
-
-# :nodoc: namespace
-module AuthpwnRails
-
-# :nodoc: namespace
-module FacebookExtensions
-
-
-# Mixed into ActiveController::Base
-module ControllerMixin
-  def self.included(base)
-    base.send :extend, ControllerClassMethods    
-  end
-end
-
-
-# Methods here become ActiveController::Base class methods.
-module ControllerClassMethods  
-  # Authenticates users via Facebook OAuth2, using fbgraph_rails.
-  #
-  # The User model class must implement for_facebook_token. The controller
-  # should obtain the Facebook token, using probes_facebook_access_token or
-  # requires_facebook_access_token.
-  def authenticates_using_facebook(options = {})
-    include ControllerInstanceMethods
-    before_filter :authenticate_using_facebook_access_token, options
-  end
-end  # module AuthpwnRails::FacebookExtensions::ControllerClassMethods
-
-
-# Included in controllers that call authenticates_using_facebook.
-module ControllerInstanceMethods
-  def authenticate_using_facebook_access_token
-    return true if current_user
-    if access_token = current_facebook_access_token
-      self.current_user = User.for_facebook_token access_token
-      # NOTE: nixing the token from the session so the user won't be logged on
-      #       immediately after logging off
-      self.current_facebook_access_token = nil
-    end
-  end
-  private :authenticate_using_facebook_access_token
-end  # module AuthpwnRails::FacebookExtensions::ControllerInstanceMethods
-
-ActionController::Base.send :include, ControllerMixin
-
-
-# Mixed into ActiveRecord::Base
-module ModelMixin
-  def self.included(base)
-    base.send :extend, ModelClassMethods
-  end
-end
-
-
-# Methods here become ActiveRecord::Base class methods.
-module ModelClassMethods
-  # Extends the model with all that it needs to be PwnAuth's user model.
-  def pwnauth_facebook_token_model
-    # The user whose token this is.
-    belongs_to :user, :inverse_of => :facebook_token
-    validates :user, :presence => true
-    
-    # A unique ID on the Facebook site for the user owning this token.
-    validates :external_uid, :length => 1..32, :presence => true
-  
-    # The OAuth2 access token.
-    validates :access_token, :length => 1..128, :presence => true
-
-    extend ModelMetaclassMethods
-    include ModelInstanceMethods
-  end
-end  # module AuthpwnRails::UserModel::ModelClassMethods
-
-
-# Included in the metaclass of models that call pwnauth_facebook_token_model.
-module ModelMetaclassMethods
-  # Finds or creates the model containing a token.
-  #
-  # If a model for the same user exists, the model is updated with the given
-  # token. Otherwise, a new model will be created, together with a user.
-  def for(access_token)
-    uid = uid_from_token access_token
-    token = self.where(:external_uid => uid.to_str).first
-    if token
-      token.access_token = access_token
-    else
-      token = FacebookToken.new :external_uid => uid,
-                                :access_token => access_token
-      token.user = User.create_with_facebook_token token
-    end
-    token.save!
-    token
-  end
-  
-  # Extracts the Facebook user ID from a OAuth2 token.
-  #
-  # This is a hack. It works based on the current format, but might break at any
-  # time. Hopefully, we'll eventually have an official way of pulling the UID
-  # out of an OAuth2 token.
-  def uid_from_token(access_token)
-    access_token.split('|')[1].split('-').last
-  end
-end  # module AuthpwnRails::UserModel::ModelMetaclassMethods
-
-
-# Included in models that call pwnauth_user_model.
-module ModelInstanceMethods
-  # FBGraph client loaded with this access token.
-  def facebook_client
-    @client ||= FBGraphRails.fbclient(access_token)    
-  end  
-end  # module AuthpwnRails::UserModel::ModelInstanceMethods
-
-ActiveRecord::Base.send :include, ModelMixin
-
-end  # namespace AuthpwnRails::FacebookExtensions
-
-end  # namespace AuthpwnRails