authpwn_rails 0.9.6 → 0.10.0

data/lib/authpwn_rails/credentials/password.rb

@@ -0,0 +1,63 @@
+# :namespace
+module Credentials
+  
+# Associates a password with the user account.
+class Password < ::Credential
+  # Virtual attribute: the user's password.
+  attr_accessor :password
+  validates :password, :confirmation => true, :presence => true
+
+  # Virtual attribute: confirmation for the user's password.
+  attr_accessor :password_confirmation
+
+  # A user can have a single password
+  validates :user_id, :uniqueness => true
+
+  # Compares the given password against the user's stored password.
+  #
+  # Returns +true+ for a match, +false+ otherwise.
+  def authenticate(password)
+    return false unless key
+    key == self.class.hash_password(password, key.split('|', 2).first)
+  end
+  
+  # Password virtual attribute.
+  def password=(new_password)
+    @password = new_password
+    salt = self.class.random_salt
+    self.key = new_password && self.class.hash_password(new_password, salt)
+  end
+
+  # Resets the virtual password attributes.
+  def clear_plaintext
+    @password = @password_confirmation = nil
+  end
+
+  # The authenticated user or nil.
+  def self.authenticate_email(email, password)
+    email_cred = Credentials::Email.where(:name => email).
+                                    includes(:user => :credentials).first
+    return nil unless email_cred    
+    credential = email_cred.user.credentials.
+                            find { |c| c.kind_of? Credentials::Password }
+    credential.authenticate(password) ? email_cred.user : nil
+  end
+
+  # Computes a password hash from a raw password and a salt.
+  def self.hash_password(password, salt)
+    salt + '|' + Digest::SHA2.hexdigest(password + salt)
+  end
+  
+  # Generates a random salt value.
+  def self.random_salt
+    [(0...12).map { |i| 1 + rand(255) }.pack('C*')].pack('m').strip
+  end  
+end  # class Credentials::Password
+
+end  # namespace Credentials
+
+module Authpwn::UserModel::InstanceMethods
+  def password_credential
+    credentials.find { |c| c.instance_of?(Credentials::Password) }
+  end
+end

data/lib/authpwn_rails/engine.rb

@@ -2,13 +2,11 @@ require 'authpwn_rails'
 require 'rails'
 
 # :nodoc: namespace
-module AuthpwnRails
+module Authpwn
 
 class Engine < Rails::Engine
   generators do
-    require 'authpwn_rails/generators/facebook_generator.rb'
-    require 'authpwn_rails/generators/session_generator.rb'
-    require 'authpwn_rails/generators/users_generator.rb'
+    require 'authpwn_rails/generators/all_generator.rb'
   end
   
   initializer 'authpwn.rspec.extensions' do
@@ -16,12 +14,12 @@ class Engine < Rails::Engine
       require 'rspec'
       
       RSpec.configure do |c|
-        c.include AuthpwnRails::TestExtensions
+        c.include Authpwn::TestExtensions
       end
     rescue LoadError
       # No RSpec, no extensions.
     end
   end
-end  # class AuthpwnRails::Engine
+end  # class Authpwn::Engine
 
-end  # namespace AuthpwnRails
+end  # namespace Authpwn

data/lib/authpwn_rails/facebook_session.rb

@@ -8,13 +8,13 @@ class ActionController::Base
   # should obtain the Facebook token, using probes_facebook_access_token or
   # requires_facebook_access_token.
   def self.authenticates_using_facebook(options = {})
-    include AuthpwnRails::FacebookControllerInstanceMethods
+    include Authpwn::FacebookControllerInstanceMethods
     before_filter :authenticate_using_facebook_access_token, options
   end
-end  # module AuthpwnRails::FacebookExtensions::ControllerClassMethods
+end  # module Authpwn::FacebookExtensions::ControllerClassMethods
 
 # :nodoc: namespace
-module AuthpwnRails
+module Authpwn
 
 # Included in controllers that call authenticates_using_facebook.
 module FacebookControllerInstanceMethods
@@ -28,6 +28,6 @@ module FacebookControllerInstanceMethods
     end
   end
   private :authenticate_using_facebook_access_token
-end  # module AuthpwnRails::FacebookControllerInstanceMethods
+end  # module Authpwn::FacebookControllerInstanceMethods
 
-end  # namespace AuthpwnRails
+end  # namespace Authpwn

data/lib/authpwn_rails/generators/{session_generator.rb → all_generator.rb}

@@ -1,13 +1,36 @@
 # :nodoc: namespace
 module Authpwn
 
-# rails g authpwn:session
-class SessionGenerator < Rails::Generators::Base
+# rails g authpwn:all
+class AllGenerator < Rails::Generators::Base
   source_root File.expand_path("../templates", __FILE__)
 
-  def create_session
+  def create_user_model
+    copy_file 'user.rb', File.join('app', 'models', 'user.rb')
+    copy_file '001_create_users.rb',
+        File.join('db', 'migrate', '20100725000001_create_users.rb')
+    copy_file 'users.yml', File.join('test', 'fixtures', 'users.yml')
+  end
+  
+  def create_credential_model
+    copy_file 'credential.rb', File.join('app', 'models', 'credential.rb')
+    copy_file '002_create_credentials.rb',
+        File.join('db', 'migrate', '20100725000002_create_credentials.rb')
+    copy_file 'credentials.yml',
+        File.join('test', 'fixtures', 'credentials.yml')
+  end
+  
+  def create_session_controller
     copy_file 'session_controller.rb',
               File.join('app', 'controllers', 'session_controller.rb')    
+    copy_file File.join('session_controller_test.rb'),
+              File.join('test', 'functional', 'session_controller_test.rb')
+
+    route "resource :session, :controller => 'session'"
+    route "root :to => 'session#show'"
+  end
+  
+  def create_session_views
     copy_file File.join('session', 'forbidden.html.erb'),
               File.join('app', 'views', 'session', 'forbidden.html.erb')
     copy_file File.join('session', 'home.html.erb'),
@@ -16,11 +39,7 @@ class SessionGenerator < Rails::Generators::Base
               File.join('app', 'views', 'session', 'new.html.erb')
     copy_file File.join('session', 'welcome.html.erb'),
               File.join('app', 'views', 'session', 'welcome.html.erb')
-    copy_file File.join('session_controller_test.rb'),
-              File.join('test', 'functional', 'session_controller_test.rb')
-
-    route "resource :session, :controller => 'session'"
-  end
-end  # class Authpwn::SessionViewsGenerator
+  end  
+end  # class Authpwn::AllGenerator
 
 end  # namespace Authpwn

data/lib/authpwn_rails/generators/templates/001_create_users.rb

@@ -1,19 +1,11 @@
 class CreateUsers < ActiveRecord::Migration
-  def self.up
+  def change
     create_table :users do |t|
-      t.string :email, :limit => 128, :null => false
-      t.string :email_hash, :limit => 64, :null => false
-      t.string :password_salt, :limit => 16, :null => true
-      t.string :password_hash, :limit => 64, :null => true
+      t.string :exuid, :limit => 32, :null => false
       
       t.timestamps
     end
     
-    add_index :users, :email, :unique => true, :null => false
-    add_index :users, :email_hash, :unique => true, :null => false
-  end
-
-  def self.down
-    drop_table :users
+    add_index :users, :exuid, :unique => true, :null => false
   end
 end

data/lib/authpwn_rails/generators/templates/002_create_credentials.rb

@@ -0,0 +1,19 @@
+class CreateCredentials < ActiveRecord::Migration
+  def change
+    create_table :credentials do |t|
+      t.references :user, :null => false
+      t.string :type, :limit => 32, :null => false
+      t.string :name, :limit => 256, :null => true
+      
+      t.boolean :verified, :null => false, :default => false
+      
+      t.binary :key, :limit => 2.kilobytes, :null => true
+    end
+    
+    # All the credentials (maybe of a specific type) belonging to a user.
+    add_index :credentials, [:user_id, :type], :unique => false,
+                                               :null => false
+    # A specific credential, to find out what user it belongs to.
+    add_index :credentials, [:type, :name], :unique => true, :null => true
+  end
+end

data/lib/authpwn_rails/generators/templates/credential.rb

@@ -0,0 +1,16 @@
+# Credential used to prove the identity of a user.
+class Credential < ActiveRecord::Base
+  include Authpwn::CredentialModel
+
+  # Add your extensions to the Credential class here.
+end
+
+# Load built-in credential types, such as Email and Password.
+require 'authpwn_rails/credentials.rb'
+
+# namespace for all Credential subclasses
+module Credentials
+
+# Add your custom Credential types here.
+  
+end

data/lib/authpwn_rails/generators/templates/credentials.yml

@@ -0,0 +1,34 @@
+jane_email:
+  type: Credentials::Email
+  user: jane
+  name: jane@gmail.com
+  key: "1"
+    
+john_email:
+  type: Credentials::Email
+  user: john
+  name: john@gmail.com
+  key: "0"
+
+jane_password:
+  type: Credentials::Password
+  user: jane
+  key: <%= Credentials::Password.hash_password('pa55w0rd', '5678').inspect %>
+
+john_password:
+  type: Credentials::Password
+  user: john
+  key: <%= Credentials::Password.hash_password('password', '1234').inspect %>
+
+# Test account vic.tor@costan.us
+jane_facebook:
+  user: jane
+  type: Credentials::Facebook
+  name: 1011950666
+  key: AAAEj8jKX2a8BAA4kNheRhOs6SlECVcZCE9o5pPKMytOjjoiNAoZBGZAwuL4KrrxXWesfJRhzDZCJiqrcQG3UdjRRNtyMJQMZD
+
+john_facebook:
+  user: john
+  type: Credentials::Facebook
+  name: 702659
+  key: 702659|ffffffffffffffffffffffff-702659|ZZZZZZZZZZZZZZZZZZZZZZZZZZZZ

data/lib/authpwn_rails/generators/templates/session/forbidden.html.erb

@@ -4,8 +4,8 @@
 
 <% if current_user %>
 <p>
-  You should inform the user that they are logged in as 
-  <%= current_user.email %> and suggest them to
+  You should inform the user that they are logged in as
+  <%= current_user.exuid %> and suggest them to
   <%= link_to 'Log out', session_path, :method => :destroy %> and log in as a
   different user.  
 </p>

data/lib/authpwn_rails/generators/templates/session/home.html.erb

@@ -1,5 +1,5 @@
 <p>
   This view gets displayed when the user is logged in. Right now, 
-  <%= current_user.email %> is logged in. You should allow the user to
+  user <%= current_user.exuid %> is logged in. You should allow the user to
   <%= link_to 'Log out', session_path, :method => :destroy %>.
 </p>

data/lib/authpwn_rails/generators/templates/session/new.html.erb

@@ -11,19 +11,19 @@
 </p>
 <% end %>
 
-<%= form_for @user, :url => session_path do |f| %>
+<%= form_tag :url => session_path do %>
   <div class="field">
-    <%= f.label :email, 'Email Address' %><br />
-    <%= f.email_field :email %>
+    <%= label_tag :email, 'Email Address' %><br />
+    <%= email_field_tag :email, @email %>
   </div>
   
   <div class="field">
-    <%= f.label :password %><br />
-    <%= f.password_field :password %>
+    <%= label_tag :password %><br />
+    <%= password_field_tag :password %>
   </div>
   
   <div class="actions">
-    <%= f.submit 'Log in' %>
+    <%= submit_tag 'Log in' %>
     
     <% if @redirect_url %>
     <%= hidden_field_tag :redirect_url, @redirect_url %>

data/lib/authpwn_rails/generators/templates/session_controller.rb

@@ -1,6 +1,6 @@
 # Manages logging in and out of the application.
 class SessionController < ApplicationController
-  include AuthpwnRails::SessionController
+  include Authpwn::SessionController
   
   # Sets up the 'session/welcome' view. No user is logged in.
   def welcome

data/lib/authpwn_rails/generators/templates/session_controller_test.rb

@@ -17,8 +17,8 @@ class SessionControllerTest < ActionController::TestCase
     set_session_current_user @user
     get :show, :format => 'json'
     
-    assert_equal @user.email,
-        ActiveSupport::JSON.decode(response.body)['user']['email']
+    assert_equal @user.exuid,
+        ActiveSupport::JSON.decode(response.body)['user']['exuid']
   end
   
   test "application welcome page" do

data/lib/authpwn_rails/generators/templates/user.rb

@@ -1,6 +1,6 @@
 # An user account.
 class User < ActiveRecord::Base
-  include AuthpwnRails::UserModel
+  include Authpwn::UserModel
 
-  # Add your extensions to the User class here.  
+  # Add your extensions to the User class here.
 end

data/lib/authpwn_rails/generators/templates/users.yml

@@ -1,11 +1,8 @@
 jane:
-  email: jane@gmail.com
-  email_hash: <%= Digest::SHA2.hexdigest('jane@gmail.com') %>
-  password_salt: 5678
-  password_hash: <%= User.hash_password('pa55w0rd', '5678').inspect %>
+  exuid: 12345
 
 john:
-  email: john@gmail.com
-  email_hash: <%= Digest::SHA2.hexdigest('john@gmail.com') %>
-  password_salt: 1234
-  password_hash: <%= User.hash_password('password', '1234').inspect %>
+  exuid: 56789
+
+bill:
+  exuid: 98765

data/lib/authpwn_rails/session.rb

@@ -8,13 +8,13 @@ class ActionController::Base
   # trick. Model instances must implement id, and the model class must implement
   # find_by_id.
   def self.authenticates_using_session(options = {})
-    include AuthpwnRails::ControllerInstanceMethods
+    include Authpwn::ControllerInstanceMethods
     before_filter :authenticate_using_session, options   
   end  
 end
 
 # :nodoc: namespace
-module AuthpwnRails
+module Authpwn
 
 # Included in controllers that call authenticates_using_session.
 module ControllerInstanceMethods
@@ -23,15 +23,15 @@ module ControllerInstanceMethods
   def current_user=(user)
     @current_user = user
     if user
-      session[:current_user_pid] = user.to_param
+      session[:user_exuid] = user.to_param
     else
-      session.delete :current_user_pid
+      session.delete :user_exuid
     end
   end  
 
   def authenticate_using_session
     return true if current_user
-    user_param = session[:current_user_pid]
+    user_param = session[:user_exuid]
     user = user_param && User.find_by_param(user_param)
     self.current_user = user if user
   end
@@ -63,6 +63,6 @@ module ControllerInstanceMethods
       end
     end
   end
-end  # module AuthpwnRails::ControllerInstanceMethods
+end  # module Authpwn::ControllerInstanceMethods
 
-end  # namespace AuthpwnRails
+end  # namespace Authpwn

data/lib/authpwn_rails/session_controller.rb

@@ -1,7 +1,7 @@
 require 'active_support'
 
 # :nodoc: namespace
-module AuthpwnRails
+module Authpwn
 
 # Included by the controller that handles user authentication.
 #
@@ -14,11 +14,11 @@ module SessionController
     authenticates_using_session
   end
 
-  # Included in controllers that include AuthpwnRails::SessionController.
+  # Included in controllers that include Authpwn::SessionController.
   module InstanceMethods
     # GET /session/new
     def new
-      @user = User.new
+      @email = params[:email]
       @redirect_url = flash[:auth_redirect_url]
       redirect_to session_url if current_user
     end
@@ -52,25 +52,27 @@ module SessionController
     
     # POST /session
     def create
-      @user = User.new params[:user]
       @redirect_url = params[:redirect_url] || session_url
-      self.current_user =
-          User.find_by_email_and_password @user.email, @user.password
+      @email = params[:email]
+      self.current_user = Credentials::Password.authenticate_email(@email,
+          params[:password])
           
       respond_to do |format|
         if current_user
           format.html { redirect_to @redirect_url }
           format.json do
-            user_data = @user.as_json
-            user_data = user_data['user'] if @user.class.include_root_in_json
+            user_data = current_user.as_json
+            if current_user.class.include_root_in_json
+              user_data = user_data['user']
+            end
             render :json => { :user => user_data,
                               :csrf => form_authenticity_token }
           end
         else
           notice = 'Invalid e-mail or password'
           format.html do
-            redirect_to new_session_url, :flash => {
-              :notice => notice, :auth_redirect_url => @redirect_url }
+            redirect_to new_session_url, :flash => { :notice => notice,
+                :auth_redirect_url => @redirect_url }
           end
           format.json { render :json => { :error => notice} }
         end
@@ -95,8 +97,8 @@ module SessionController
     def welcome
     end
     private :welcome
-  end  # module AuthpwnRails::SessionController::InstanceMethods
+  end  # module Authpwn::SessionController::InstanceMethods
 
-end  # module AuthpwnRails::SessionController
+end  # module Authpwn::SessionController
 
-end  # namespace AuthpwnRails
+end  # namespace Authpwn