authpwn_rails 0.3.0 → 0.4.0

data/.project

@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <projectDescription>
-	<name>pwnauth_rails</name>
+	<name>authpwn_rails</name>
 	<comment></comment>
 	<projects>
 	</projects>

data/README.rdoc

@@ -4,7 +4,8 @@ User authentication for a Ruby on Rails 3 application. Works with Facebook.
 
 == Integration
 
-TBD
+Generate the structure for user accounts:
+    rails g authpwn_rails
 
 == Note on Patches/Pull Requests
  

data/Rakefile

@@ -11,9 +11,7 @@ begin
     gem.homepage = "http://github.com/costan/mini_auth_rails"
     gem.authors = ["Victor Costan"]
     gem.add_runtime_dependency "fbgraph_rails", ">= 0.1.3"
-    gem.add_development_dependency "activerecord", ">= 3.0.0.rc"
-    gem.add_development_dependency "actionpack", ">= 3.0.0.rc"
-    gem.add_development_dependency "activesupport", ">= 3.0.0.rc"
+    gem.add_runtime_dependency "rails", ">= 3.0.0.rc"
     gem.add_development_dependency "sqlite3-ruby", ">= 1.3.0"
     # gem is a Gem::Specification... see http://www.rubygems.org/read/chapter/20 for additional settings
   end

data/VERSION

@@ -1 +1 @@
-0.3.0
+0.4.0

data/app/controllers/session_controller.rb

@@ -2,9 +2,35 @@
 class SessionController < ApplicationController
   authenticates_using_session
 
+  # GET /session
+  def show
+    @user = current_user || User.new
+    if @user.new_record?
+      render :action => :welcome
+    else
+      render :action => :home
+    end
+  end
+  
+  # POST /session
+  def create
+    @user = User.new params[:user]
+    self.current_user =
+        User.find_by_email_and_password @user.email, @user.password
+        
+    respond_to do |format|
+      if current_user
+        format.html { redirect_to session_url }
+      else
+        flash[:notice] = 'Invalid e-mail or password'
+        format.html { redirect_to session_url }
+      end
+    end
+  end
+
   # DELETE /session
   def destroy
     self.current_user = nil
-    redirect_to root_url
+    redirect_to session_url
   end
 end

data/authpwn_rails.gemspec

@@ -5,11 +5,11 @@
 
 Gem::Specification.new do |s|
   s.name = %q{authpwn_rails}
-  s.version = "0.3.0"
+  s.version = "0.4.0"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["Victor Costan"]
-  s.date = %q{2010-08-02}
+  s.date = %q{2010-08-03}
   s.description = %q{Works with Facebook.}
   s.email = %q{victor@costan.us}
   s.extra_rdoc_files = [
@@ -26,22 +26,24 @@ Gem::Specification.new do |s|
      "VERSION",
      "app/controllers/session_controller.rb",
      "app/helpers/session_helper.rb",
-     "app/models/facebook_token.rb",
-     "app/models/user.rb",
      "authpwn_rails.gemspec",
      "config/routes.rb",
      "lib/authpwn_rails.rb",
      "lib/authpwn_rails/engine.rb",
-     "lib/authpwn_rails/facebook_token.rb",
-     "lib/authpwn_rails/generators/facebook_migration_generator.rb",
+     "lib/authpwn_rails/facebook_extensions.rb",
+     "lib/authpwn_rails/generators/facebook_generator.rb",
+     "lib/authpwn_rails/generators/session_views_generator.rb",
      "lib/authpwn_rails/generators/templates/001_create_users.rb",
      "lib/authpwn_rails/generators/templates/002_create_facebook_tokens.rb",
      "lib/authpwn_rails/generators/templates/facebook_token.rb",
      "lib/authpwn_rails/generators/templates/facebook_tokens.yml",
+     "lib/authpwn_rails/generators/templates/session/home.html.erb",
+     "lib/authpwn_rails/generators/templates/session/welcome.html.erb",
      "lib/authpwn_rails/generators/templates/user.rb",
      "lib/authpwn_rails/generators/templates/users.yml",
-     "lib/authpwn_rails/generators/user_migration_generator.rb",
+     "lib/authpwn_rails/generators/user_generator.rb",
      "lib/authpwn_rails/session.rb",
+     "lib/authpwn_rails/user_model.rb",
      "test/cookie_controller_test.rb",
      "test/facebook_controller_test.rb",
      "test/facebook_token_test.rb",
@@ -49,6 +51,7 @@ Gem::Specification.new do |s|
      "test/helpers/db_setup.rb",
      "test/helpers/fbgraph.rb",
      "test/helpers/routes.rb",
+     "test/helpers/view_helpers.rb",
      "test/session_controller_test.rb",
      "test/test_helper.rb",
      "test/user_test.rb"
@@ -68,7 +71,8 @@ Gem::Specification.new do |s|
      "test/helpers/application_controller.rb",
      "test/helpers/routes.rb",
      "test/helpers/fbgraph.rb",
-     "test/helpers/db_setup.rb"
+     "test/helpers/db_setup.rb",
+     "test/helpers/view_helpers.rb"
   ]
 
   if s.respond_to? :specification_version then
@@ -77,22 +81,16 @@ Gem::Specification.new do |s|
 
     if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
       s.add_runtime_dependency(%q<fbgraph_rails>, [">= 0.1.3"])
-      s.add_development_dependency(%q<activerecord>, [">= 3.0.0.rc"])
-      s.add_development_dependency(%q<actionpack>, [">= 3.0.0.rc"])
-      s.add_development_dependency(%q<activesupport>, [">= 3.0.0.rc"])
+      s.add_runtime_dependency(%q<rails>, [">= 3.0.0.rc"])
       s.add_development_dependency(%q<sqlite3-ruby>, [">= 1.3.0"])
     else
       s.add_dependency(%q<fbgraph_rails>, [">= 0.1.3"])
-      s.add_dependency(%q<activerecord>, [">= 3.0.0.rc"])
-      s.add_dependency(%q<actionpack>, [">= 3.0.0.rc"])
-      s.add_dependency(%q<activesupport>, [">= 3.0.0.rc"])
+      s.add_dependency(%q<rails>, [">= 3.0.0.rc"])
       s.add_dependency(%q<sqlite3-ruby>, [">= 1.3.0"])
     end
   else
     s.add_dependency(%q<fbgraph_rails>, [">= 0.1.3"])
-    s.add_dependency(%q<activerecord>, [">= 3.0.0.rc"])
-    s.add_dependency(%q<actionpack>, [">= 3.0.0.rc"])
-    s.add_dependency(%q<activesupport>, [">= 3.0.0.rc"])
+    s.add_dependency(%q<rails>, [">= 3.0.0.rc"])
     s.add_dependency(%q<sqlite3-ruby>, [">= 1.3.0"])
   end
 end

data/lib/authpwn_rails.rb

@@ -2,8 +2,9 @@
 module AuthpwnRails
 end
 
-require 'authpwn_rails/facebook_token.rb'
+require 'authpwn_rails/facebook_extensions.rb'
 require 'authpwn_rails/session.rb'
+require 'authpwn_rails/user_model.rb'
 
 if defined?(Rails)
   require 'authpwn_rails/engine.rb'

data/lib/authpwn_rails/engine.rb

@@ -1,4 +1,4 @@
-require 'mini_auth_rails'
+require 'authpwn_rails'
 require 'rails'
 
 # :nodoc: namespace
@@ -17,8 +17,10 @@ class Engine < Rails::Engine
   # paths.config.locales      = "config/locales"
   paths.config.routes       = "config/routes.rb"
   
-  def generators
-    require 'mini_auth_rails/generators/user_model_generator.rb'
+  generators do
+    require 'authpwn_rails/generators/facebook_generator.rb'
+    require 'authpwn_rails/generators/session_views_generator.rb'
+    require 'authpwn_rails/generators/user_generator.rb'
   end
 end  # class AuthpwnRails::Engine
 

data/lib/authpwn_rails/facebook_extensions.rb

@@ -0,0 +1,121 @@
+require 'action_controller'
+require 'active_record'
+
+# :nodoc: namespace
+module AuthpwnRails
+
+# :nodoc: namespace
+module FacebookExtensions
+
+
+# Mixed into ActiveController::Base
+module ControllerMixin
+  def self.included(base)
+    base.send :extend, ControllerClassMethods
+  end
+end
+
+
+# Methods here become ActiveController::Base class methods.
+module ControllerClassMethods  
+  # Authenticates users via Facebook OAuth2, using fbgraph_rails.
+  #
+  # The User model class must implement for_facebook_token. The controller
+  # should obtain the Facebook token, using probes_facebook_access_token or
+  # requires_facebook_access_token.
+  def authenticates_using_facebook(options = {})
+    include ControllerInstanceMethods
+    before_filter :authenticate_using_facebook_access_token, options
+  end
+end  # module AuthpwnRails::FacebookExtensions::ControllerClassMethods
+
+
+# Included in controllers that call authenticates_using_facebook.
+module ControllerInstanceMethods
+  def authenticate_using_facebook_access_token
+    return true if current_user
+    if access_token = current_facebook_access_token
+      self.current_user = User.for_facebook_token access_token
+      # NOTE: nixing the token from the session so the user won't be logged on
+      #       immediately after logging off
+      self.current_facebook_access_token = nil
+    end
+  end
+  private :authenticate_using_facebook_access_token
+end  # module AuthpwnRails::FacebookExtensions::ControllerInstanceMethods
+
+ActionController::Base.send :include, ControllerMixin
+
+
+# Mixed into ActiveRecord::Base
+module ModelMixin
+  def self.included(base)
+    base.send :extend, ModelClassMethods
+  end
+end
+
+
+# Methods here become ActiveRecord::Base class methods.
+module ModelClassMethods
+  # Extends the model with all that it needs to be PwnAuth's user model.
+  def pwnauth_facebook_token_model
+    # The user whose token this is.
+    belongs_to :user
+    validates :user, :presence => true
+    
+    # A unique ID on the Facebook site for the user owning this token.
+    validates :external_uid, :length => 1..32, :presence => true
+  
+    # The OAuth2 access token.
+    validates :access_token, :length => 1..128, :presence => true
+
+    extend ModelMetaclassMethods
+    include ModelInstanceMethods
+  end
+end  # module AuthpwnRails::UserModel::ModelClassMethods
+
+
+# Included in the metaclass of models that call pwnauth_facebook_token_model.
+module ModelMetaclassMethods
+  # Finds or creates the model containing a token.
+  #
+  # If a model for the same user exists, the model is updated with the given
+  # token. Otherwise, a new model will be created, together with a user.
+  def for(access_token)
+    uid = uid_from_token access_token
+    token = self.where(:external_uid => uid).first
+    if token
+      token.access_token = access_token
+    else
+      token = FacebookToken.new :external_uid => uid,
+                                :access_token => access_token
+      token.user = User.create_with_facebook_token token
+    end
+    token.save!
+    token
+  end
+  
+  # Extracts the Facebook user ID from a OAuth2 token.
+  #
+  # This is a hack. It works based on the current format, but might break at any
+  # time. Hopefully, we'll eventually have an official way of pulling the UID
+  # out of an OAuth2 token.
+  def uid_from_token(access_token)
+    access_token.split('|')[1].split('-').last
+  end
+end  # module AuthpwnRails::UserModel::ModelMetaclassMethods
+
+
+# Included in models that call pwnauth_user_model.
+module ModelInstanceMethods
+  # FBGraph client loaded with this access token.
+  def facebook_client
+    @client ||= FBGraphRails.fbclient(access_token)    
+  end  
+end  # module AuthpwnRails::UserModel::ModelInstanceMethods
+
+ActiveRecord::Base.send :include, ModelMixin
+
+end  # namespace AuthpwnRails::FacebookExtensions
+
+end  # namespace AuthpwnRails

data/lib/authpwn_rails/generators/facebook_generator.rb

@@ -0,0 +1,18 @@
+# :nodoc: namespace
+module AuthpwnRails
+
+
+class FacebookGenerator < Rails::Generators::Base
+  source_root File.expand_path("../templates", __FILE__)
+
+  def create_facebook_model
+    copy_file 'facebook_token.rb',
+              File.join('app', 'models', 'facebook_token.rb')
+    copy_file '002_create_facebook_tokens.rb',
+        File.join('db', 'migrations', '20100725000002_create_facebook_tokens.rb')
+    copy_file 'facebook_tokens.yml',
+              File.join('test', 'fixtures', 'facebook_tokens.yml')
+  end
+end  # class AuthpwnRails::FacebookGenerator
+
+end  # namespace AuthpwnRails

data/lib/authpwn_rails/generators/session_views_generator.rb

@@ -0,0 +1,16 @@
+# :nodoc: namespace
+module AuthpwnRails
+
+
+class SessionViewsGenerator < Rails::Generators::Base
+  source_root File.expand_path("../templates", __FILE__)
+
+  def create_session_views
+    copy_file File.join('session', 'home.html.erb'),
+              File.join('app', 'views', 'session', 'home.html.erb')
+    copy_file File.join('session', 'welcome.html.erb'),
+              File.join('app', 'views', 'session', 'welcome.html.erb')
+  end
+end  # class AuthpwnRails::SessionViewsGenerator
+
+end  # namespace AuthpwnRails

data/lib/authpwn_rails/generators/templates/facebook_token.rb

@@ -1,5 +1,6 @@
-# :nodoc: extensions
-class FacebookToken
-  # Add your extensions to the FacebookToken class here.
-  
+# Wraps an OAuth2 access token for Facebook.
+class FacebookToken < ActiveRecord::Base
+  pwnauth_facebook_token_model
+
+  # Add your extensions to the FacebookToken class here.  
 end

data/lib/authpwn_rails/generators/templates/session/home.html.erb

@@ -0,0 +1,4 @@
+<p>
+  This view gets displayed when the user is logged in. Right now, 
+  <%= @current_user.email %> is logged in.
+</p>

data/lib/authpwn_rails/generators/templates/session/welcome.html.erb

@@ -0,0 +1,4 @@
+<p>
+  This view gets displayed when the user is not logged in. Entice the user to
+  register for your application, and give them a login form. 
+</p>

data/lib/authpwn_rails/generators/templates/user.rb

@@ -1,5 +1,6 @@
-# :nodoc: extensions
-class User
-  # Add your extensions to the User class here.
-  
+# An user account.
+class User < ActiveRecord::Base
+  pwnauth_user_model
+
+  # Add your extensions to the User class here.  
 end

data/lib/authpwn_rails/generators/user_generator.rb

@@ -0,0 +1,16 @@
+# :nodoc: namespace
+module AuthpwnRails
+
+
+class UserGenerator < Rails::Generators::Base
+  source_root File.expand_path("../templates", __FILE__)
+
+  def create_user_model
+    copy_file 'user.rb', File.join('app', 'models', 'user.rb')
+    copy_file '001_create_users.rb',
+        File.join('db', 'migrations', '20100725000001_create_users.rb')
+    copy_file 'users.yml', File.join('test', 'fixtures', 'users.yml')
+  end
+end  # class AuthpwnRails::UserGenerator
+
+end  # namespace AuthpwnRails

data/lib/authpwn_rails/session.rb

@@ -56,6 +56,12 @@ class ActionController::TestCase
   def set_session_current_user(user)
     request.session[:current_user_id] = user ? user.id : nil
   end
+  
+  # The authenticated user in the test session.
+  def session_current_user
+    return nil unless user_id = request.session[:current_user_id]
+    User.find user_id
+  end
 end
 
 end  # namespace AuthpwnRails::Session

data/lib/authpwn_rails/user_model.rb

@@ -0,0 +1,105 @@
+require 'active_record'
+
+# :nodoc: namespace
+module AuthpwnRails
+
+# :nodoc: namespace
+module UserModel
+
+
+# Mixed into ActiveRecord::Base
+module ModelMixin
+  def self.included(base)
+    base.send :extend, ModelClassMethods
+  end
+end
+
+
+# Methods here become ActiveRecord::Base class methods.
+module ModelClassMethods
+  # Extends the model with all that it needs to be PwnAuth's user model.
+  def pwnauth_user_model
+    # E-mail address identifying the user account.
+    validates :email, :format => /^[A-Za-z0-9.+_]+@[^@]*\.(\w+)$/,
+                      :presence => true, :length => 1..64, :uniqueness => true
+  
+    # Random string preventing dictionary attacks on the password database.
+    validates :password_salt, :length => 1..16, :allow_nil => true
+    
+    # SHA-256 of (salt + password).
+    validates :password_hash, :length => 1..64, :allow_nil => true
+      
+    # Virtual attribute: the user's password.
+    attr_reader :password
+    validates :password, :confirmation => true
+
+    # Virtual attribute: confirmation for the user's password.
+    attr_accessor :password_confirmation
+    validates_confirmation_of :password
+
+    extend ModelMetaclassMethods    
+    include ModelInstanceMethods
+  end
+end  # module AuthpwnRails::UserModel::ModelClassMethods
+
+
+# Included in the metaclass of models that call pwnauth_user_model.
+module ModelMetaclassMethods
+  # The authenticated user or nil.
+  def find_by_email_and_password(email, password)
+    @user = where(:email => email).first
+    (@user && @user.password_matches?(password)) ? @user : nil
+  end
+    
+  # Computes a password hash from a raw password and a salt.
+  def hash_password(password, salt)
+    Digest::SHA2.hexdigest(password + salt)
+  end
+  
+  # Generates a random salt value.
+  def random_salt
+    (0...16).map { |i| 1 + rand(255) }.pack('C*')
+  end  
+  
+  # Fills out a new user's information based on a Facebook access token.
+  def create_with_facebook_token(token)
+    self.create :email => "#{token.external_uid}@graph.facebook.com"
+  end
+  
+  # The user that owns a given Facebook OAuth2 token.
+  #
+  # A new user will be created if the token doesn't belong to any user. This is
+  # the case for a new visitor.
+  def for_facebook_token(access_token)
+    FacebookToken.for(access_token).user
+  end  
+end  # module AuthpwnRails::UserModel::ModelMetaclassMethods
+
+
+# Included in models that call pwnauth_user_model.
+module ModelInstanceMethods
+  # Resets the virtual password attributes.
+  def reset_password
+    @password = @password_confirmation = nil
+  end
+    
+  # Compares the given password against the user's stored password.
+  #
+  # Returns +true+ for a match, +false+ otherwise.
+  def password_matches?(passwd)
+    password_hash == self.class.hash_password(passwd, password_salt)
+  end  
+
+  # Password virtual attribute.
+  def password=(new_password)
+    @password = new_password
+    self.password_salt = self.class.random_salt
+    self.password_hash = self.class.hash_password new_password, password_salt
+  end
+end  # module AuthpwnRails::UserModel::ModelInstanceMethods
+
+ActiveRecord::Base.send :include, ModelMixin
+
+end  # namespace AuthpwnRails::UserModel
+
+end  # namespace AuthpwnRails

data/test/helpers/application_controller.rb

@@ -1,3 +1,5 @@
 # :nodoc: stubbed, because controllers inherit from it
 class ApplicationController < ActionController::Base
+  prepend_view_path File.expand_path(
+      '../../../lib/authpwn_rails/generators/templates', __FILE__)
 end

data/test/helpers/db_setup.rb

@@ -8,8 +8,8 @@ CreateUsers.up
 require 'authpwn_rails/generators/templates/002_create_facebook_tokens.rb'
 CreateFacebookTokens.up
 
-require File.expand_path('../../../app/models/facebook_token.rb', __FILE__)
-require File.expand_path('../../../app/models/user.rb', __FILE__)
+require 'authpwn_rails/generators/templates/facebook_token.rb'
+require 'authpwn_rails/generators/templates/user.rb'
 
 # :nodoc: open TestCase to setup fixtures
 class ActiveSupport::TestCase
@@ -18,6 +18,7 @@ class ActiveSupport::TestCase
   self.fixture_path =
       File.expand_path '../../../lib/authpwn_rails/generators/templates',
                        __FILE__
+  
   self.use_transactional_fixtures = false
   self.use_instantiated_fixtures  = false
   self.pre_loaded_fixtures = false

data/test/helpers/view_helpers.rb

@@ -0,0 +1,2 @@
+require File.expand_path('../../../app/helpers/session_helper.rb', __FILE__)
+ActionController::Base.helper SessionHelper

data/test/session_controller_test.rb

@@ -6,12 +6,46 @@ class SessionControllerTest < ActionController::TestCase
   setup do
     @user = users(:john)
   end
+  
+  test "show renders welcome without a user" do
+    get :show
+    assert_template :welcome
+    assert_nil assigns(:current_user)
+  end
+  
+  test "show renders home with a user" do
+    set_session_current_user @user
+    get :show
+    assert_template :home
+    assert_equal @user, assigns(:current_user)
+  end
+  
+  test "create logs in with good account details" do
+    post :create, :user => { :email => @user.email, :password => 'password' }
+    assert_redirected_to session_url
+    assert_equal @user, assigns(:current_user), 'instance variable'
+    assert_equal @user, session_current_user, 'session'
+  end
+  
+  test "create does not log in with bad password" do
+    post :create, :user => { :email => @user.email, :password => 'fail' }
+    assert_redirected_to session_url
+    assert_nil assigns(:current_user), 'instance variable'
+    assert_nil session_current_user, 'session'
+  end
+
+  test "create does not log in with bad e-mail" do
+    post :create, :user => { :email => 'nobody@gmail.com', :password => 'no' }
+    assert_redirected_to session_url
+    assert_nil assigns(:current_user), 'instance variable'
+    assert_nil session_current_user, 'session'
+  end
 
   test "logout" do
     set_session_current_user @user
     delete :destroy
     
-    assert_redirected_to root_url
+    assert_redirected_to session_url
     assert_nil assigns(:current_user)
   end  
 end

data/test/test_helper.rb

@@ -15,3 +15,4 @@ require 'helpers/application_controller.rb'
 require 'helpers/db_setup.rb'
 require 'helpers/fbgraph.rb'
 require 'helpers/routes.rb'
+require 'helpers/view_helpers.rb'

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: authpwn_rails
 version: !ruby/object:Gem::Version 
-  hash: 19
+  hash: 15
   prerelease: false
   segments: 
   - 0
-  - 3
+  - 4
   - 0
-  version: 0.3.0
+  version: 0.4.0
 platform: ruby
 authors: 
 - Victor Costan
@@ -15,7 +15,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2010-08-02 00:00:00 -04:00
+date: 2010-08-03 00:00:00 -04:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -35,7 +35,7 @@ dependencies:
   type: :runtime
   version_requirements: *id001
 - !ruby/object:Gem::Dependency 
-  name: activerecord
+  name: rails
   prerelease: false
   requirement: &id002 !ruby/object:Gem::Requirement 
     none: false
@@ -49,46 +49,12 @@ dependencies:
         - 0
         - rc
         version: 3.0.0.rc
-  type: :development
+  type: :runtime
   version_requirements: *id002
-- !ruby/object:Gem::Dependency 
-  name: actionpack
-  prerelease: false
-  requirement: &id003 !ruby/object:Gem::Requirement 
-    none: false
-    requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
-        hash: 7712042
-        segments: 
-        - 3
-        - 0
-        - 0
-        - rc
-        version: 3.0.0.rc
-  type: :development
-  version_requirements: *id003
-- !ruby/object:Gem::Dependency 
-  name: activesupport
-  prerelease: false
-  requirement: &id004 !ruby/object:Gem::Requirement 
-    none: false
-    requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
-        hash: 7712042
-        segments: 
-        - 3
-        - 0
-        - 0
-        - rc
-        version: 3.0.0.rc
-  type: :development
-  version_requirements: *id004
 - !ruby/object:Gem::Dependency 
   name: sqlite3-ruby
   prerelease: false
-  requirement: &id005 !ruby/object:Gem::Requirement 
+  requirement: &id003 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ">="
@@ -100,7 +66,7 @@ dependencies:
         - 0
         version: 1.3.0
   type: :development
-  version_requirements: *id005
+  version_requirements: *id003
 description: Works with Facebook.
 email: victor@costan.us
 executables: []
@@ -120,22 +86,24 @@ files:
 - VERSION
 - app/controllers/session_controller.rb
 - app/helpers/session_helper.rb
-- app/models/facebook_token.rb
-- app/models/user.rb
 - authpwn_rails.gemspec
 - config/routes.rb
 - lib/authpwn_rails.rb
 - lib/authpwn_rails/engine.rb
-- lib/authpwn_rails/facebook_token.rb
-- lib/authpwn_rails/generators/facebook_migration_generator.rb
+- lib/authpwn_rails/facebook_extensions.rb
+- lib/authpwn_rails/generators/facebook_generator.rb
+- lib/authpwn_rails/generators/session_views_generator.rb
 - lib/authpwn_rails/generators/templates/001_create_users.rb
 - lib/authpwn_rails/generators/templates/002_create_facebook_tokens.rb
 - lib/authpwn_rails/generators/templates/facebook_token.rb
 - lib/authpwn_rails/generators/templates/facebook_tokens.yml
+- lib/authpwn_rails/generators/templates/session/home.html.erb
+- lib/authpwn_rails/generators/templates/session/welcome.html.erb
 - lib/authpwn_rails/generators/templates/user.rb
 - lib/authpwn_rails/generators/templates/users.yml
-- lib/authpwn_rails/generators/user_migration_generator.rb
+- lib/authpwn_rails/generators/user_generator.rb
 - lib/authpwn_rails/session.rb
+- lib/authpwn_rails/user_model.rb
 - test/cookie_controller_test.rb
 - test/facebook_controller_test.rb
 - test/facebook_token_test.rb
@@ -143,6 +111,7 @@ files:
 - test/helpers/db_setup.rb
 - test/helpers/fbgraph.rb
 - test/helpers/routes.rb
+- test/helpers/view_helpers.rb
 - test/session_controller_test.rb
 - test/test_helper.rb
 - test/user_test.rb
@@ -191,3 +160,4 @@ test_files:
 - test/helpers/routes.rb
 - test/helpers/fbgraph.rb
 - test/helpers/db_setup.rb
+- test/helpers/view_helpers.rb

data/app/models/facebook_token.rb

@@ -1,47 +0,0 @@
-require 'active_record'
-
-
-# Wraps an OAuth2 access token for Facebook.
-class FacebookToken < ActiveRecord::Base
-  # The user whose token this is.
-  belongs_to :user
-  validates :user, :presence => true
-  
-  # A unique ID on the Facebook site for the user owning this token.
-  validates :external_uid, :length => 1..32, :presence => true
-
-  # The OAuth2 access token.
-  validates :access_token, :length => 1..128, :presence => true
-  
-  # FBGraph client loaded with this access token.
-  def facebook_client
-    @client ||= FBGraphRails.fbclient(access_token)    
-  end  
-  
-  # Finds or creates the model containing a token.
-  #
-  # If a model for the same user exists, the model is updated with the given
-  # token. Otherwise, a new model will be created, together with a user.
-  def self.for(access_token)
-    uid = uid_from_token access_token
-    token = self.where(:external_uid => uid).first
-    if token
-      token.access_token = access_token
-    else
-      token = FacebookToken.new :external_uid => uid,
-                                :access_token => access_token
-      token.user = User.create_with_facebook_token token
-    end
-    token.save!
-    token
-  end
-  
-  # Extracts the Facebook user ID from a OAuth2 token.
-  #
-  # This is a hack. It works based on the current format, but might break at any
-  # time. Hopefully, we'll eventually have an official way of pulling the UID
-  # out of an OAuth2 token.
-  def self.uid_from_token(access_token)
-    access_token.split('|')[1].split('-').last
-  end
-end

data/app/models/user.rb

@@ -1,70 +0,0 @@
-require 'active_record'
-
-
-# An user account.
-class User < ActiveRecord::Base
-  # E-mail address identifying the user account.
-  validates :email, :format => /^[A-Za-z0-9.+_]+@[^@]*\.(\w+)$/,
-                    :presence => true, :length => 1..64, :uniqueness => true
-  
-  # Random string preventing dictionary attacks on the password database.
-  validates :password_salt, :length => 1..16, :allow_nil => true
-  
-  # SHA-256 of (salt + password).
-  validates :password_hash, :length => 1..64, :allow_nil => true
-    
-  # Virtual attribute: the user's password.
-  attr_reader :password
-  validates :password, :confirmation => true
-  def password=(new_password)
-    @password = new_password
-    self.password_salt = self.class.random_salt
-    self.password_hash = self.class.hash_password new_password, password_salt
-  end
-  
-  # Virtual attribute: confirmation for the user's password.
-  attr_accessor :password_confirmation
-  validates_confirmation_of :password
-  
-  # The authenticated user or nil.
-  def self.find_by_email_and_password(email, password)
-    @user = User.where(:email => email).first
-    (@user && @user.password_matches?(password)) ? @user : nil
-  end
-  
-  # Compares the given password against the user's stored password.
-  #
-  # Returns +true+ for a match, +false+ otherwise.
-  def password_matches?(passwd)
-    password_hash == User.hash_password(passwd, password_salt)
-  end  
-  
-  # Computes a password hash from a raw password and a salt.
-  def self.hash_password(password, salt)
-    Digest::SHA2.hexdigest(password + salt)
-  end
-  
-  # Generates a random salt value.
-  def self.random_salt
-    (0...16).map { |i| 1 + rand(255) }.pack('C*')
-  end    
-  
-  # Resets the virtual password attributes.
-  def reset_password
-    @password = @password_confirmation = nil
-  end
-  
-  
-  # Fills out a new user's information based on a Facebook access token.
-  def self.create_with_facebook_token(token)
-    self.create :email => "#{token.external_uid}@graph.facebook.com"
-  end
-  
-  # The user that owns a given Facebook OAuth2 token.
-  #
-  # A new user will be created if the token doesn't belong to any user. This is
-  # the case for a new visitor.
-  def self.for_facebook_token(access_token)
-    FacebookToken.for(access_token).user
-  end  
-end

data/lib/authpwn_rails/facebook_token.rb

@@ -1,44 +0,0 @@
-require 'action_controller'
-
-# :nodoc: namespace
-module AuthpwnRails
-
-# :nodoc: namespace
-module FacebookToken
-
-# Mixed into ActiveController::Base
-module ControllerMixin
-  def self.included(base)
-    base.send :extend, ControllerClassMethods
-  end
-end
-
-# Methods here become ActiveController::Base class methods.
-module ControllerClassMethods  
-  # Authenticates users via Facebook OAuth2, using fbgraph_rails.
-  #
-  # The User model class must implement for_facebook_token. The controller
-  # should obtain the Facebook token, using probes_facebook_access_token or
-  # requires_facebook_access_token.
-  def authenticates_using_facebook(options = {})
-    include ControllerInstanceMethods
-    before_filter :authenticate_using_facebook_access_token, options
-  end
-end
-
-# Included in controllers that call authenticates_using_facebook.
-module ControllerInstanceMethods
-  def authenticate_using_facebook_access_token
-    return true if current_user
-    if access_token = current_facebook_access_token
-      self.current_user = User.for_facebook_token access_token
-    end
-  end
-  private :authenticate_using_facebook_access_token
-end
-
-ActionController::Base.send :include, ControllerMixin
-
-end  # namespace AuthpwnRails::FacebookToken
-
-end  # namespace AuthpwnRails

data/lib/authpwn_rails/generators/facebook_migration_generator.rb

@@ -1,17 +0,0 @@
-# :nodoc: namespace
-module AuthpwnRails
-
-
-class FacebookMigrationGenerator < Rails::Generators::Base
-  source_root File.expand_path("../templates", __FILE__)
-
-  def create_session_model
-    template 'facebook_token.rb',
-             File.join('app/models', class_path, 'facebook_token.rb')
-    template '002_create_facebook_tokens.rb',
-        File.join('db/migrations', '20100725000002_create_facebook_tokens.rb')
-    template 'facebook_tokens.yml', File.join('test/fixtures', 'facebook_tokens.yml')
-  end
-end  # class AuthpwnRails::UserMigrationGenerator
-
-end  # namespace AuthpwnRails

data/lib/authpwn_rails/generators/user_migration_generator.rb

@@ -1,17 +0,0 @@
-# :nodoc: namespace
-module AuthpwnRails
-
-
-class UserMigrationGenerator < Rails::Generators::Base
-  source_root File.expand_path("../templates", __FILE__)
-
-  def create_session_model
-    template 'user_token.rb',
-             File.join('app/models', class_path, 'user.rb')
-    template '001_create_users.rb',
-        File.join('db/migrations', '20100725000001_create_users.rb')
-    template 'users.yml', File.join('test/fixtures', 'users.yml')
-  end
-end  # class AuthpwnRails::UserMigrationGenerator
-
-end  # namespace AuthpwnRails