cb-sorcery 0.8.6

data/lib/generators/sorcery/templates/migration/activity_logging.rb

@@ -0,0 +1,10 @@
+class SorceryActivityLogging < ActiveRecord::Migration
+  def change
+    add_column :<%= model_class_name.tableize %>, :last_login_at,     :datetime, :default => nil
+    add_column :<%= model_class_name.tableize %>, :last_logout_at,    :datetime, :default => nil
+    add_column :<%= model_class_name.tableize %>, :last_activity_at,  :datetime, :default => nil
+    add_column :<%= model_class_name.tableize %>, :last_login_from_ip_address, :string, :default => nil
+
+    add_index :<%= model_class_name.tableize %>, [:last_logout_at, :last_activity_at]
+  end
+end

data/lib/generators/sorcery/templates/migration/brute_force_protection.rb

@@ -0,0 +1,9 @@
+class SorceryBruteForceProtection < ActiveRecord::Migration
+  def change
+    add_column :<%= model_class_name.tableize %>, :failed_logins_count, :integer, :default => 0
+    add_column :<%= model_class_name.tableize %>, :lock_expires_at, :datetime, :default => nil
+    add_column :<%= model_class_name.tableize %>, :unlock_token, :string, :default => nil
+
+    add_index :<%= model_class_name.tableize %>, :unlock_token
+  end
+end

data/lib/generators/sorcery/templates/migration/core.rb

@@ -0,0 +1,13 @@
+class SorceryCore < ActiveRecord::Migration
+  def change
+    create_table :<%= model_class_name.tableize %> do |t|
+      t.string :email,            :null => false
+      t.string :crypted_password, :null => false
+      t.string :salt,             :null => false
+
+      t.timestamps
+    end
+
+    add_index :<%= model_class_name.tableize %>, :email, unique: true
+  end
+end

data/lib/generators/sorcery/templates/migration/external.rb

@@ -0,0 +1,12 @@
+class SorceryExternal < ActiveRecord::Migration
+  def change
+    create_table :authentications do |t|
+      t.integer :<%= model_class_name.tableize.singularize %>_id, :null => false
+      t.string :provider, :uid, :null => false
+
+      t.timestamps
+    end
+
+    add_index :<%= model_class_name.tableize %>, [:provider, :uid]
+  end
+end

data/lib/generators/sorcery/templates/migration/remember_me.rb

@@ -0,0 +1,8 @@
+class SorceryRememberMe < ActiveRecord::Migration
+  def change
+    add_column :<%= model_class_name.tableize %>, :remember_me_token, :string, :default => nil
+    add_column :<%= model_class_name.tableize %>, :remember_me_token_expires_at, :datetime, :default => nil
+
+    add_index :<%= model_class_name.tableize %>, :remember_me_token
+  end
+end

data/lib/generators/sorcery/templates/migration/reset_password.rb

@@ -0,0 +1,9 @@
+class SorceryResetPassword < ActiveRecord::Migration
+  def change
+    add_column :<%= model_class_name.tableize %>, :reset_password_token, :string, :default => nil
+    add_column :<%= model_class_name.tableize %>, :reset_password_token_expires_at, :datetime, :default => nil
+    add_column :<%= model_class_name.tableize %>, :reset_password_email_sent_at, :datetime, :default => nil
+
+    add_index :<%= model_class_name.tableize %>, :reset_password_token
+  end
+end

data/lib/generators/sorcery/templates/migration/user_activation.rb

@@ -0,0 +1,9 @@
+class SorceryUserActivation < ActiveRecord::Migration
+  def change
+    add_column :<%= model_class_name.tableize %>, :activation_state, :string, :default => nil
+    add_column :<%= model_class_name.tableize %>, :activation_token, :string, :default => nil
+    add_column :<%= model_class_name.tableize %>, :activation_token_expires_at, :datetime, :default => nil
+
+    add_index :<%= model_class_name.tableize %>, :activation_token
+  end
+end

data/lib/sorcery.rb

@@ -0,0 +1,85 @@
+require 'sorcery/version'
+
+module Sorcery
+
+  require 'sorcery/model'
+
+  module Adapters
+    require 'sorcery/adapters/base_adapter'
+  end
+
+  module Model
+    require 'sorcery/model/temporary_token'
+    require 'sorcery/model/config'
+
+
+    module Submodules
+      require 'sorcery/model/submodules/user_activation'
+      require 'sorcery/model/submodules/reset_password'
+      require 'sorcery/model/submodules/remember_me'
+      require 'sorcery/model/submodules/activity_logging'
+      require 'sorcery/model/submodules/brute_force_protection'
+      require 'sorcery/model/submodules/external'
+    end
+  end
+
+  require 'sorcery/controller'
+
+  module Controller
+    autoload :Config, 'sorcery/controller/config'
+    module Submodules
+      require 'sorcery/controller/submodules/remember_me'
+      require 'sorcery/controller/submodules/session_timeout'
+      require 'sorcery/controller/submodules/brute_force_protection'
+      require 'sorcery/controller/submodules/http_basic_auth'
+      require 'sorcery/controller/submodules/activity_logging'
+      require 'sorcery/controller/submodules/external'
+    end
+  end
+
+  module Protocols
+    require 'sorcery/protocols/oauth'
+    require 'sorcery/protocols/oauth2'
+  end
+
+  module CryptoProviders
+    require 'sorcery/crypto_providers/common'
+    require 'sorcery/crypto_providers/aes256'
+    require 'sorcery/crypto_providers/bcrypt'
+    require 'sorcery/crypto_providers/md5'
+    require 'sorcery/crypto_providers/sha1'
+    require 'sorcery/crypto_providers/sha256'
+    require 'sorcery/crypto_providers/sha512'
+  end
+
+  module TestHelpers
+    require 'sorcery/test_helpers/internal'
+
+    module Rails
+      require 'sorcery/test_helpers/rails/controller'
+      require 'sorcery/test_helpers/rails/integration'
+    end
+
+    module Internal
+      require 'sorcery/test_helpers/internal/rails'
+    end
+
+  end
+
+  require 'sorcery/adapters/base_adapter'
+
+  if defined?(ActiveRecord)
+    require 'sorcery/adapters/active_record_adapter'
+    ActiveRecord::Base.extend Sorcery::Model
+
+    ActiveRecord::Base.send :define_method, :sorcery_adapter do
+      @sorcery_adapter ||= Sorcery::Adapters::ActiveRecordAdapter.new(self)
+    end
+
+    ActiveRecord::Base.send :define_singleton_method, :sorcery_adapter do
+      Sorcery::Adapters::ActiveRecordAdapter.from(self)
+    end
+  end
+
+  require 'sorcery/engine' if defined?(Rails)
+end

data/lib/sorcery/adapters/active_record_adapter.rb

@@ -0,0 +1,120 @@
+module Sorcery
+  module Adapters
+    class ActiveRecordAdapter < BaseAdapter
+      def update_attributes(attrs)
+        attrs.each do |name, value|
+          @model.send(:"#{name}=", value)
+        end
+        primary_key = @model.class.primary_key
+        @model.class.where(:"#{primary_key}" => @model.send(:"#{primary_key}")).update_all(attrs)
+      end
+
+      def save(options = {})
+        mthd = options.delete(:raise_on_failure) ? :save! : :save
+        @model.send(mthd, options)
+      end
+
+      def increment(field)
+        @model.increment!(field)
+      end
+
+      def find_authentication_by_oauth_credentials(relation_name, provider, uid)
+        @user_config ||= ::Sorcery::Controller::Config.user_class.to_s.constantize.sorcery_config
+        conditions = {
+          @user_config.provider_uid_attribute_name => uid,
+          @user_config.provider_attribute_name     => provider
+        }
+
+        @model.public_send(relation_name).where(conditions).first
+      end
+
+      class << self
+        def define_field(name, type, options={})
+          # AR fields are defined through migrations, only validator here
+        end
+
+        def define_callback(time, event, method_name, options={})
+          @klass.send "#{time}_#{event}", method_name, options.slice(:if)
+        end
+
+        def find_by_oauth_credentials(provider, uid)
+          @user_config ||= ::Sorcery::Controller::Config.user_class.to_s.constantize.sorcery_config
+          conditions = {
+            @user_config.provider_uid_attribute_name => uid,
+            @user_config.provider_attribute_name     => provider
+          }
+
+          @klass.where(conditions).first
+        end
+
+        def find_by_remember_me_token(token)
+          @klass.where(@klass.sorcery_config.remember_me_token_attribute_name => token).first
+        end
+
+        def find_by_credentials(credentials)
+          relation = nil
+
+          @klass.sorcery_config.username_attribute_names.each do |attribute|
+            if @klass.sorcery_config.downcase_username_before_authenticating
+              condition = @klass.arel_table[attribute].lower.eq(@klass.arel_table.lower(credentials[0]))
+            else
+              condition = @klass.arel_table[attribute].eq(credentials[0])
+            end
+
+            if relation.nil?
+              relation = condition
+            else
+              relation = relation.or(condition)
+            end
+          end
+
+          @klass.where(relation).first
+        end
+
+        def find_by_token(token_attr_name, token)
+          condition = @klass.arel_table[token_attr_name].eq(token)
+
+          @klass.where(condition).first
+        end
+
+        def find_by_activation_token(token)
+          @klass.where(@klass.sorcery_config.activation_token_attribute_name => token).first
+        end
+
+        def find_by_id(id)
+          @klass.find_by_id(id)
+        end
+
+        def find_by_username(username)
+          @klass.sorcery_config.username_attribute_names.each do |attribute|
+            if @klass.sorcery_config.downcase_username_before_authenticating
+              username = username.downcase
+            end
+
+            result = @klass.where(attribute => username).first
+            return result if result
+          end
+        end
+
+        def find_by_email(email)
+          @klass.where(@klass.sorcery_config.email_attribute_name => email).first
+        end
+
+        def get_current_users
+          config = @klass.sorcery_config
+
+          @klass
+            .where("#{config.last_activity_at_attribute_name} IS NOT NULL") \
+            .where("#{config.last_logout_at_attribute_name} IS NULL OR #{config.last_activity_at_attribute_name} > #{config.last_logout_at_attribute_name}") \
+            .where("#{config.last_activity_at_attribute_name} > ? ", config.activity_timeout.seconds.ago.utc.to_s(:db))
+        end
+
+        def transaction(&blk)
+          @klass.tap(&blk)
+        end
+      end
+    end
+
+
+  end
+end

data/lib/sorcery/adapters/base_adapter.rb

@@ -0,0 +1,30 @@
+module Sorcery
+  module Adapters
+    class BaseAdapter
+      def initialize(model)
+        @model = model
+      end
+
+      def self.from(klass)
+        @klass = klass
+        self
+      end
+
+      def self.delete_all
+        @klass.delete_all
+      end
+
+      def self.find(id)
+        find_by_id(id)
+      end
+
+      def increment(field)
+        @model.increment(field)
+      end
+
+      def update_attribute(name, value)
+        update_attributes(name => value)
+      end
+    end
+  end
+end

data/lib/sorcery/controller.rb

@@ -0,0 +1,157 @@
+module Sorcery
+  module Controller
+    def self.included(klass)
+      klass.class_eval do
+        include InstanceMethods
+        Config.submodules.each do |mod|
+          begin
+            include Submodules.const_get(mod.to_s.split('_').map { |p| p.capitalize }.join)
+          rescue NameError
+            # don't stop on a missing submodule.
+          end
+        end
+      end
+      Config.update!
+      Config.configure!
+    end
+
+    module InstanceMethods
+      # To be used as before_filter.
+      # Will trigger auto-login attempts via the call to logged_in?
+      # If all attempts to auto-login fail, the failure callback will be called.
+      def require_login
+        if !logged_in?
+          session[:return_to_url] = request.url if Config.save_return_to_url && request.get?
+          self.send(Config.not_authenticated_action)
+        end
+      end
+
+      # Takes credentials and returns a user on successful authentication.
+      # Runs hooks after login or failed login.
+      def login(*credentials)
+        @current_user = nil
+        user = user_class.authenticate(*credentials)
+        if user
+          old_session = session.dup.to_hash
+          reset_sorcery_session
+          old_session.each_pair do |k,v|
+            session[k.to_sym] = v
+          end
+          form_authenticity_token
+
+          auto_login(user)
+          after_login!(user, credentials)
+          current_user
+        else
+          after_failed_login!(credentials)
+          nil
+        end
+      end
+
+      # put this into the catch block to rescue undefined method `destroy_session'
+      # hotfix for https://github.com/NoamB/sorcery/issues/464
+      # can be removed when Rails 4.1 is out
+      def reset_sorcery_session
+        reset_session # protect from session fixation attacks
+      rescue NoMethodError
+      end
+
+      # Resets the session and runs hooks before and after.
+      def logout
+        if logged_in?
+          @current_user = current_user if @current_user.nil?
+          before_logout!(@current_user)
+          reset_sorcery_session
+          after_logout!
+          @current_user = nil
+        end
+      end
+
+      def logged_in?
+        !!current_user
+      end
+
+      # attempts to auto-login from the sources defined (session, basic_auth, cookie, etc.)
+      # returns the logged in user if found, nil if not
+      def current_user
+        unless defined?(@current_user)
+          @current_user = login_from_session || login_from_other_sources || nil
+        end
+        @current_user
+      end
+
+      def current_user=(user)
+        @current_user = user
+      end
+
+      # used when a user tries to access a page while logged out, is asked to login,
+      # and we want to return him back to the page he originally wanted.
+      def redirect_back_or_to(url, flash_hash = {})
+        redirect_to(session[:return_to_url] || url, :flash => flash_hash)
+        session[:return_to_url] = nil
+      end
+
+      # The default action for denying non-authenticated users.
+      # You can override this method in your controllers,
+      # or provide a different method in the configuration.
+      def not_authenticated
+        redirect_to root_path
+      end
+
+      # login a user instance
+      #
+      # @param [<User-Model>] user the user instance.
+      # @return - do not depend on the return value.
+      def auto_login(user, should_remember = false)
+        session[:user_id] = user.id.to_s
+        @current_user = user
+      end
+
+      # Overwrite Rails' handle unverified request
+      def handle_unverified_request
+        cookies[:remember_me_token] = nil
+        @current_user = nil
+        super # call the default behaviour which resets the session
+      end
+
+      protected
+
+      # Tries all available sources (methods) until one doesn't return false.
+      def login_from_other_sources
+        result = nil
+        Config.login_sources.find do |source|
+          result = send(source)
+        end
+        result || false
+      end
+
+      def login_from_session
+        @current_user = if session[:user_id]
+                          user_class.sorcery_adapter.find_by_id(session[:user_id])
+                        end
+      end
+
+      def after_login!(user, credentials = [])
+        Config.after_login.each {|c| self.send(c, user, credentials)}
+      end
+
+      def after_failed_login!(credentials)
+        Config.after_failed_login.each {|c| self.send(c, credentials)}
+      end
+
+      def before_logout!(user)
+        Config.before_logout.each {|c| self.send(c, user)}
+      end
+
+      def after_logout!
+        Config.after_logout.each {|c| self.send(c)}
+      end
+
+      def user_class
+        @user_class ||= Config.user_class.to_s.constantize
+      end
+
+    end
+
+	end
+end