cbsorcery 0.8.6

data/lib/sorcery/model/submodules/external.rb

@@ -0,0 +1,100 @@
+module Sorcery
+  module Model
+    module Submodules
+      # This submodule helps you login users from external providers such as Twitter.
+      # This is the model part which handles finding the user using access tokens.
+      # For the controller options see Sorcery::Controller::External.
+      #
+      # Socery assumes (read: requires) you will create external users in the same table where
+      # you keep your regular users,
+      # but that you will have a separate table for keeping their external authentication data,
+      # and that that separate table has a few rows for each user, facebook and twitter
+      # for example (a one-to-many relationship).
+      #
+      # External users will have a null crypted_password field, since we do not hold their password.
+      # They will not be sent activation emails on creation.
+      module External
+        def self.included(base)
+          base.sorcery_config.class_eval do
+            attr_accessor :authentications_class,
+                          :authentications_user_id_attribute_name,
+                          :provider_attribute_name,
+                          :provider_uid_attribute_name
+
+          end
+
+          base.sorcery_config.instance_eval do
+            @defaults.merge!(:@authentications_class                  => nil,
+                             :@authentications_user_id_attribute_name => :user_id,
+                             :@provider_attribute_name                => :provider,
+                             :@provider_uid_attribute_name            => :uid)
+
+            reset!
+          end
+
+          base.send(:include, InstanceMethods)
+          base.extend(ClassMethods)
+
+        end
+
+        module ClassMethods
+          # takes a provider and uid and finds a user by them.
+          def load_from_provider(provider,uid)
+            config = sorcery_config
+            authentication = config.authentications_class.sorcery_adapter.find_by_oauth_credentials(provider, uid)
+            user = sorcery_adapter.find_by_id(authentication.send(config.authentications_user_id_attribute_name)) if authentication
+          end
+
+          def create_and_validate_from_provider(provider, uid, attrs)
+            user = new(attrs)
+            user.send(sorcery_config.authentications_class.to_s.downcase.pluralize).build(
+              sorcery_config.provider_uid_attribute_name => uid,
+              sorcery_config.provider_attribute_name => provider
+            )
+            saved = user.sorcery_adapter.save
+            [user, saved]
+          end
+
+          def create_from_provider(provider, uid, attrs)
+            user = new
+            attrs.each do |k,v|
+              user.send(:"#{k}=", v)
+            end
+
+            if block_given?
+              return false unless yield user
+            end
+
+            sorcery_adapter.transaction do
+              user.sorcery_adapter.save(:validate => false)
+              sorcery_config.authentications_class.create!(
+                sorcery_config.authentications_user_id_attribute_name => user.id,
+                sorcery_config.provider_attribute_name => provider,
+                sorcery_config.provider_uid_attribute_name => uid
+              )
+            end
+            user
+          end
+        end
+
+        module InstanceMethods
+          def add_provider_to_user(provider, uid)
+            authentications = sorcery_config.authentications_class.name.underscore.pluralize
+            # first check to see if user has a particular authentication already
+            if sorcery_adapter.find_authentication_by_oauth_credentials(authentications, provider, uid).nil?
+              user = send(authentications).build(sorcery_config.provider_uid_attribute_name => uid,
+                                                 sorcery_config.provider_attribute_name => provider)
+              user.sorcery_adapter.save(validate: false)
+            else
+              user = false
+            end
+
+            user
+          end
+
+        end
+
+      end
+    end
+  end
+end

data/lib/sorcery/model/submodules/remember_me.rb

@@ -0,0 +1,62 @@
+module Sorcery
+  module Model
+    module Submodules
+      # The Remember Me submodule takes care of setting the user's cookie so that he will
+      # be automatically logged in to the site on every visit,
+      # until the cookie expires.
+      module RememberMe
+        def self.included(base)
+          base.sorcery_config.class_eval do
+            attr_accessor :remember_me_token_attribute_name,              # the attribute in the model class.
+                          :remember_me_token_expires_at_attribute_name,   # the expires attribute in the model class.
+                          :remember_me_for                                # how long in seconds to remember.
+
+          end
+
+          base.sorcery_config.instance_eval do
+            @defaults.merge!(:@remember_me_token_attribute_name            => :remember_me_token,
+                             :@remember_me_token_expires_at_attribute_name => :remember_me_token_expires_at,
+                             :@remember_me_for                             => 7 * 60 * 60 * 24)
+
+            reset!
+          end
+
+          base.send(:include, InstanceMethods)
+          base.sorcery_config.after_config << :define_remember_me_fields
+
+          base.extend(ClassMethods)
+        end
+
+        module ClassMethods
+          protected
+
+          def define_remember_me_fields
+            sorcery_adapter.define_field sorcery_config.remember_me_token_attribute_name, String
+            sorcery_adapter.define_field sorcery_config.remember_me_token_expires_at_attribute_name, Time
+          end
+
+        end
+
+        module InstanceMethods
+          # You shouldn't really use this one yourself - it's called by the controller's 'remember_me!' method.
+          def remember_me!
+            config = sorcery_config
+            self.sorcery_adapter.update_attributes(config.remember_me_token_attribute_name => TemporaryToken.generate_random_token,
+                                        config.remember_me_token_expires_at_attribute_name => Time.now.in_time_zone + config.remember_me_for)
+          end
+
+          def has_remember_me_token?
+            self.send(sorcery_config.remember_me_token_attribute_name).present?
+          end
+
+          # You shouldn't really use this one yourself - it's called by the controller's 'forget_me!' method.
+          def forget_me!
+            config = sorcery_config
+            self.sorcery_adapter.update_attributes(config.remember_me_token_attribute_name => nil,
+                                        config.remember_me_token_expires_at_attribute_name => nil)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/sorcery/model/submodules/reset_password.rb

@@ -0,0 +1,131 @@
+module Sorcery
+  module Model
+    module Submodules
+      # This submodule adds the ability to reset password via email confirmation.
+      # When the user requests an email is sent to him with a url.
+      # The url includes a token, which is also saved with the user's record in the db.
+      # The token has configurable expiration.
+      # When the user clicks the url in the email, providing the token has not yet expired,
+      # he will be able to reset his password via a form.
+      #
+      # When using this submodule, supplying a mailer is mandatory.
+      module ResetPassword
+        def self.included(base)
+          base.sorcery_config.class_eval do
+            attr_accessor :reset_password_token_attribute_name,              # reset password code attribute name.
+                          :reset_password_token_expires_at_attribute_name,   # expires at attribute name.
+                          :reset_password_email_sent_at_attribute_name,      # when was email sent, used for hammering
+                                                                             # protection.
+
+                          :reset_password_mailer,                            # mailer class. Needed.
+
+                          :reset_password_mailer_disabled,                   # when true sorcery will not automatically
+                                                                             # email password reset details and allow you to
+                                                                             # manually handle how and when email is sent
+
+                          :reset_password_email_method_name,                 # reset password email method on your
+                                                                             # mailer class.
+
+                          :reset_password_expiration_period,                 # how many seconds before the reset request
+                                                                             # expires. nil for never expires.
+
+                          :reset_password_time_between_emails                # hammering protection, how long to wait
+                                                                             # before allowing another email to be sent.
+
+          end
+
+          base.sorcery_config.instance_eval do
+            @defaults.merge!(:@reset_password_token_attribute_name            => :reset_password_token,
+                             :@reset_password_token_expires_at_attribute_name => :reset_password_token_expires_at,
+                             :@reset_password_email_sent_at_attribute_name    => :reset_password_email_sent_at,
+                             :@reset_password_mailer                          => nil,
+                             :@reset_password_mailer_disabled                 => false,
+                             :@reset_password_email_method_name               => :reset_password_email,
+                             :@reset_password_expiration_period               => nil,
+                             :@reset_password_time_between_emails             => 5 * 60 )
+
+            reset!
+          end
+
+          base.extend(ClassMethods)
+
+          base.sorcery_config.after_config << :validate_mailer_defined
+          base.sorcery_config.after_config << :define_reset_password_fields
+
+          base.send(:include, InstanceMethods)
+
+        end
+
+        module ClassMethods
+          # Find user by token, also checks for expiration.
+          # Returns the user if token found and is valid.
+          def load_from_reset_password_token(token)
+            token_attr_name = @sorcery_config.reset_password_token_attribute_name
+            token_expiration_date_attr = @sorcery_config.reset_password_token_expires_at_attribute_name
+            load_from_token(token, token_attr_name, token_expiration_date_attr)
+          end
+
+          protected
+
+          # This submodule requires the developer to define his own mailer class to be used by it
+          # when reset_password_mailer_disabled is false
+          def validate_mailer_defined
+            msg = "To use reset_password submodule, you must define a mailer (config.reset_password_mailer = YourMailerClass)."
+            raise ArgumentError, msg if @sorcery_config.reset_password_mailer == nil and @sorcery_config.reset_password_mailer_disabled == false
+          end
+
+          def define_reset_password_fields
+            sorcery_adapter.define_field sorcery_config.reset_password_token_attribute_name, String
+            sorcery_adapter.define_field sorcery_config.reset_password_token_expires_at_attribute_name, Time
+            sorcery_adapter.define_field sorcery_config.reset_password_email_sent_at_attribute_name, Time
+          end
+
+        end
+
+        module InstanceMethods
+          # generates a reset code with expiration
+          def generate_reset_password_token!
+            config = sorcery_config
+            attributes = {config.reset_password_token_attribute_name => TemporaryToken.generate_random_token,
+                          config.reset_password_email_sent_at_attribute_name => Time.now.in_time_zone}
+            attributes[config.reset_password_token_expires_at_attribute_name] = Time.now.in_time_zone + config.reset_password_expiration_period if config.reset_password_expiration_period
+
+            self.sorcery_adapter.update_attributes(attributes)
+          end
+
+          # generates a reset code with expiration and sends an email to the user.
+          def deliver_reset_password_instructions!
+            config = sorcery_config
+            # hammering protection
+            return false if config.reset_password_time_between_emails.present? && self.send(config.reset_password_email_sent_at_attribute_name) && self.send(config.reset_password_email_sent_at_attribute_name) > config.reset_password_time_between_emails.seconds.ago.utc
+            self.class.sorcery_adapter.transaction do
+              generate_reset_password_token!
+              send_reset_password_email! unless config.reset_password_mailer_disabled
+            end
+          end
+
+          # Clears token and tries to update the new password for the user.
+          def change_password!(new_password)
+            clear_reset_password_token
+            self.send(:"#{sorcery_config.password_attribute_name}=", new_password)
+            sorcery_adapter.save
+          end
+
+          protected
+
+          def send_reset_password_email!
+            generic_send_email(:reset_password_email_method_name, :reset_password_mailer)
+          end
+
+          # Clears the token.
+          def clear_reset_password_token
+            config = sorcery_config
+            self.send(:"#{config.reset_password_token_attribute_name}=", nil)
+            self.send(:"#{config.reset_password_token_expires_at_attribute_name}=", nil) if config.reset_password_expiration_period
+          end
+        end
+
+      end
+    end
+  end
+end

data/lib/sorcery/model/submodules/user_activation.rb

@@ -0,0 +1,149 @@
+module Sorcery
+  module Model
+    module Submodules
+      # This submodule adds the ability to make the user activate his account via email
+      # or any other way in which he can recieve an activation code.
+      # with the activation code the user may activate his account.
+      # When using this submodule, supplying a mailer is mandatory.
+      module UserActivation
+        def self.included(base)
+          base.sorcery_config.class_eval do
+            attr_accessor :activation_state_attribute_name,               # the attribute name to hold activation state
+                                                                          # (active/pending).
+
+                          :activation_token_attribute_name,               # the attribute name to hold activation code
+                                                                          # (sent by email).
+
+                          :activation_token_expires_at_attribute_name,    # the attribute name to hold activation code
+                                                                          # expiration date.
+
+                          :activation_token_expiration_period,            # how many seconds before the activation code
+                                                                          # expires. nil for never expires.
+
+                          :user_activation_mailer,                        # your mailer class. Required when
+                                                                          # activation_mailer_disabled == false.
+
+                          :activation_mailer_disabled,                    # when true sorcery will not automatically
+                                                                          # email activation details and allow you to
+                                                                          # manually handle how and when email is sent
+
+                          :activation_needed_email_method_name,           # activation needed email method on your
+                                                                          # mailer class.
+
+                          :activation_success_email_method_name,          # activation success email method on your
+                                                                          # mailer class.
+
+                          :prevent_non_active_users_to_login              # do you want to prevent or allow users that
+                                                                          # did not activate by email to login?
+          end
+
+          base.sorcery_config.instance_eval do
+            @defaults.merge!(:@activation_state_attribute_name             => :activation_state,
+                             :@activation_token_attribute_name             => :activation_token,
+                             :@activation_token_expires_at_attribute_name  => :activation_token_expires_at,
+                             :@activation_token_expiration_period          => nil,
+                             :@user_activation_mailer                      => nil,
+                             :@activation_mailer_disabled                  => false,
+                             :@activation_needed_email_method_name         => :activation_needed_email,
+                             :@activation_success_email_method_name        => :activation_success_email,
+                             :@prevent_non_active_users_to_login           => true)
+            reset!
+          end
+
+          base.class_eval do
+            # don't setup activation if no password supplied - this user is created automatically
+            sorcery_adapter.define_callback :before, :create, :setup_activation, :if => Proc.new { |user| user.send(sorcery_config.password_attribute_name).present? }
+            # don't send activation needed email if no crypted password created - this user is external (OAuth etc.)
+            sorcery_adapter.define_callback :after, :create, :send_activation_needed_email!, :if => :send_activation_needed_email?
+          end
+
+          base.sorcery_config.after_config << :validate_mailer_defined
+          base.sorcery_config.after_config << :define_user_activation_fields
+          base.sorcery_config.before_authenticate << :prevent_non_active_login
+
+          base.extend(ClassMethods)
+          base.send(:include, InstanceMethods)
+
+
+        end
+
+        module ClassMethods
+          # Find user by token, also checks for expiration.
+          # Returns the user if token found and is valid.
+          def load_from_activation_token(token)
+            token_attr_name = @sorcery_config.activation_token_attribute_name
+            token_expiration_date_attr = @sorcery_config.activation_token_expires_at_attribute_name
+            load_from_token(token, token_attr_name, token_expiration_date_attr)
+          end
+
+          protected
+
+          # This submodule requires the developer to define his own mailer class to be used by it
+          # when activation_mailer_disabled is false
+          def validate_mailer_defined
+            msg = "To use user_activation submodule, you must define a mailer (config.user_activation_mailer = YourMailerClass)."
+            raise ArgumentError, msg if @sorcery_config.user_activation_mailer == nil and @sorcery_config.activation_mailer_disabled == false
+          end
+
+          def define_user_activation_fields
+            self.class_eval do
+              sorcery_adapter.define_field sorcery_config.activation_state_attribute_name, String
+              sorcery_adapter.define_field sorcery_config.activation_token_attribute_name, String
+              sorcery_adapter.define_field sorcery_config.activation_token_expires_at_attribute_name, Time
+            end
+          end
+        end
+
+        module InstanceMethods
+          def setup_activation
+            config = sorcery_config
+            generated_activation_token = TemporaryToken.generate_random_token
+            self.send(:"#{config.activation_token_attribute_name}=", generated_activation_token)
+            self.send(:"#{config.activation_state_attribute_name}=", "pending")
+            self.send(:"#{config.activation_token_expires_at_attribute_name}=", Time.now.in_time_zone + config.activation_token_expiration_period) if config.activation_token_expiration_period
+          end
+
+          # clears activation code, sets the user as 'active' and optionaly sends a success email.
+          def activate!
+            config = sorcery_config
+            self.send(:"#{config.activation_token_attribute_name}=", nil)
+            self.send(:"#{config.activation_state_attribute_name}=", "active")
+            send_activation_success_email! if send_activation_success_email?
+            sorcery_adapter.save(:validate => false, :raise_on_failure => true)
+          end
+
+          protected
+
+          # called automatically after user initial creation.
+          def send_activation_needed_email!
+            generic_send_email(:activation_needed_email_method_name, :user_activation_mailer)
+          end
+
+          def send_activation_success_email!
+            generic_send_email(:activation_success_email_method_name, :user_activation_mailer)
+          end
+
+          def send_activation_success_email?
+            !external? && (
+              !(sorcery_config.activation_success_email_method_name.nil? ||
+                sorcery_config.activation_mailer_disabled == true)
+            )
+          end
+
+          def send_activation_needed_email?
+            !external? && (
+              !(sorcery_config.activation_needed_email_method_name.nil? ||
+                sorcery_config.activation_mailer_disabled == true)
+            )
+          end
+
+          def prevent_non_active_login
+            config = sorcery_config
+            config.prevent_non_active_users_to_login ? self.send(config.activation_state_attribute_name) == "active" : true
+          end
+
+        end
+      end
+    end
+  end
+end

data/lib/sorcery/model/temporary_token.rb

@@ -0,0 +1,30 @@
+require 'securerandom'
+
+module Sorcery
+  module Model
+    # This module encapsulates the logic for temporary token.
+    # A temporary token is created to identify a user in scenarios
+    # such as reseting password and activating the user by email.
+    module TemporaryToken
+      def self.included(base)
+        base.extend(ClassMethods)
+      end
+
+      # Random code, used for salt and temporary tokens.
+      def self.generate_random_token
+        SecureRandom.base64(15).tr('+/=lIO0', 'pqrsxyz')
+      end
+
+      module ClassMethods
+        def load_from_token(token, token_attr_name, token_expiration_date_attr)
+          return nil if token.blank?
+          user = sorcery_adapter.find_by_token(token_attr_name,token)
+          if !user.blank? && !user.send(token_expiration_date_attr).nil?
+            return Time.now.in_time_zone < user.send(token_expiration_date_attr) ? user : nil
+          end
+          user
+        end
+      end
+    end
+  end
+end