clearance 0.8.2

data/app/controllers/clearance/confirmations_controller.rb

@@ -0,0 +1,75 @@
+class Clearance::ConfirmationsController < ApplicationController
+  unloadable
+
+  before_filter :redirect_signed_in_confirmed_user,  :only => [:new, :create]
+  before_filter :redirect_signed_out_confirmed_user, :only => [:new, :create]
+  before_filter :forbid_missing_token,               :only => [:new, :create]
+  before_filter :forbid_non_existent_user,           :only => [:new, :create]
+
+  filter_parameter_logging :token
+
+  def new
+    create
+  end
+
+  def create
+    @user = ::User.find_by_id_and_confirmation_token(
+                   params[:user_id], params[:token])
+    @user.confirm_email!
+
+    sign_in(@user)
+    flash_success_after_create
+    redirect_to(url_after_create)
+  end
+
+  private
+
+  def redirect_signed_in_confirmed_user
+    user = ::User.find_by_id(params[:user_id])
+    if user && user.email_confirmed? && current_user == user
+      flash_success_after_create
+      redirect_to(url_after_create)
+    end
+  end
+
+  def redirect_signed_out_confirmed_user
+    user = ::User.find_by_id(params[:user_id])
+    if user && user.email_confirmed? && signed_out?
+      flash_already_confirmed
+      redirect_to(url_already_confirmed)
+    end
+  end
+
+  def forbid_missing_token
+    if params[:token].blank?
+      raise ActionController::Forbidden, "missing token"
+    end
+  end
+
+  def forbid_non_existent_user
+    unless ::User.find_by_id_and_confirmation_token(
+                  params[:user_id], params[:token])
+      raise ActionController::Forbidden, "non-existent user"
+    end
+  end
+
+  def flash_success_after_create
+    flash[:success] = translate(:confirmed_email,
+      :scope   => [:clearance, :controllers, :confirmations],
+      :default => "Confirmed email and signed in.")
+  end
+
+  def flash_already_confirmed
+    flash[:success] = translate(:already_confirmed_email,
+      :scope   => [:clearance, :controllers, :confirmations],
+      :default => "Already confirmed email. Please sign in.")
+  end
+
+  def url_after_create
+    root_url
+  end
+
+  def url_already_confirmed
+    sign_in_url
+  end
+end

data/app/controllers/clearance/passwords_controller.rb

@@ -0,0 +1,84 @@
+class Clearance::PasswordsController < ApplicationController
+  unloadable
+
+  before_filter :forbid_missing_token,     :only => [:edit, :update]
+  before_filter :forbid_non_existent_user, :only => [:edit, :update]
+  filter_parameter_logging :password, :password_confirmation
+
+  def new
+    render :template => 'passwords/new'
+  end
+
+  def create
+    if user = ::User.find_by_email(params[:password][:email])
+      user.forgot_password!
+      ::ClearanceMailer.deliver_change_password user
+      flash_notice_after_create
+      redirect_to(url_after_create)
+    else
+      flash_failure_after_create
+      render :template => 'passwords/new'
+    end
+  end
+
+  def edit
+    @user = ::User.find_by_id_and_confirmation_token(
+                   params[:user_id], params[:token])
+    render :template => 'passwords/edit'
+  end
+
+  def update
+    @user = ::User.find_by_id_and_confirmation_token(
+                   params[:user_id], params[:token])
+
+    if @user.update_password(params[:user][:password],
+                             params[:user][:password_confirmation])
+      @user.confirm_email!
+      sign_in(@user)
+      flash_success_after_update
+      redirect_to(url_after_update)
+    else
+      render :template => 'passwords/edit'
+    end
+  end
+
+  private
+
+  def forbid_missing_token
+    if params[:token].blank?
+      raise ActionController::Forbidden, "missing token"
+    end
+  end
+
+  def forbid_non_existent_user
+    unless ::User.find_by_id_and_confirmation_token(
+                  params[:user_id], params[:token])
+      raise ActionController::Forbidden, "non-existent user"
+    end
+  end
+
+  def flash_notice_after_create
+    flash[:notice] = translate(:deliver_change_password,
+      :scope   => [:clearance, :controllers, :passwords],
+      :default => "You will receive an email within the next few minutes. " <<
+                  "It contains instructions for changing your password.")
+  end
+
+  def flash_failure_after_create
+    flash.now[:failure] = translate(:unknown_email,
+      :scope   => [:clearance, :controllers, :passwords],
+      :default => "Unknown email.")
+  end
+
+  def url_after_create
+    new_session_url
+  end
+
+  def flash_success_after_update
+    flash[:success] = translate(:signed_in, :default => "Signed in.")
+  end
+
+  def url_after_update
+    root_url
+  end
+end

data/app/controllers/clearance/sessions_controller.rb

@@ -0,0 +1,66 @@
+class Clearance::SessionsController < ApplicationController
+  unloadable
+
+  protect_from_forgery :except => :create
+  filter_parameter_logging :password
+
+  def new
+    render :template => 'sessions/new'
+  end
+
+  def create
+    @user = ::User.authenticate(params[:session][:email],
+                                params[:session][:password])
+    if @user.nil?
+      flash_failure_after_create
+      render :template => 'sessions/new', :status => :unauthorized
+    else
+      if @user.email_confirmed?
+        sign_in(@user)
+        flash_success_after_create
+        redirect_back_or(url_after_create)
+      else
+        ::ClearanceMailer.deliver_confirmation(@user)
+        flash_notice_after_create
+        redirect_to(new_session_url)
+      end
+    end
+  end
+
+  def destroy
+    sign_out
+    flash_success_after_destroy
+    redirect_to(url_after_destroy)
+  end
+
+  private
+
+  def flash_failure_after_create
+    flash.now[:failure] = translate(:bad_email_or_password,
+      :scope   => [:clearance, :controllers, :sessions],
+      :default => "Bad email or password.")
+  end
+
+  def flash_success_after_create
+    flash[:success] = translate(:signed_in, :default =>  "Signed in.")
+  end
+
+  def flash_notice_after_create
+    flash[:notice] = translate(:unconfirmed_email,
+      :scope   => [:clearance, :controllers, :sessions],
+      :default => "User has not confirmed email. " <<
+                  "Confirmation email will be resent.")
+  end
+
+  def url_after_create
+    root_url
+  end
+
+  def flash_success_after_destroy
+    flash[:success] = translate(:signed_out, :default =>  "Signed out.")
+  end
+
+  def url_after_destroy
+    new_session_url
+  end
+end

data/app/controllers/clearance/users_controller.rb

@@ -0,0 +1,35 @@
+class Clearance::UsersController < ApplicationController
+  unloadable
+
+  before_filter :redirect_to_root, :only => [:new, :create], :if => :signed_in?
+  filter_parameter_logging :password
+
+  def new
+    @user = ::User.new(params[:user])
+    render :template => 'users/new'
+  end
+
+  def create
+    @user = ::User.new params[:user]
+    if @user.save
+      ::ClearanceMailer.deliver_confirmation @user
+      flash_notice_after_create
+      redirect_to(url_after_create)
+    else
+      render :template => 'users/new'
+    end
+  end
+
+  private
+
+  def flash_notice_after_create
+    flash[:notice] = translate(:deliver_confirmation,
+      :scope   => [:clearance, :controllers, :users],
+      :default => "You will receive an email within the next few minutes. " <<
+                  "It contains instructions for confirming your account.")
+  end
+
+  def url_after_create
+    new_session_url
+  end
+end

data/app/models/clearance_mailer.rb

@@ -0,0 +1,23 @@
+class ClearanceMailer < ActionMailer::Base
+
+  default_url_options[:host] = HOST
+
+  def change_password(user)
+    from       DO_NOT_REPLY
+    recipients user.email
+    subject    I18n.t(:change_password,
+                      :scope   => [:clearance, :models, :clearance_mailer],
+                      :default => "Change your password")
+    body       :user => user
+  end
+
+  def confirmation(user)
+    from       DO_NOT_REPLY
+    recipients user.email
+    subject    I18n.t(:confirmation,
+                      :scope   => [:clearance, :models, :clearance_mailer],
+                      :default => "Account confirmation")
+    body      :user => user
+  end
+
+end

data/app/views/clearance_mailer/change_password.html.erb

@@ -0,0 +1,9 @@
+Someone, hopefully you, has requested that we send you a link to change your password.
+
+Here's the link:
+
+<%= edit_user_password_url(@user,
+      :token  => @user.confirmation_token,
+      :escape => false) %>
+
+If you didn't request this, ignore this email. Don't worry. Your password hasn't been changed.

data/app/views/clearance_mailer/confirmation.html.erb

@@ -0,0 +1,5 @@
+
+<%= new_user_confirmation_url(
+      :user_id => @user,
+      :token   => @user.confirmation_token,
+      :encode  => false) %>

data/app/views/passwords/edit.html.erb

@@ -0,0 +1,23 @@
+<h2>Change your password</h2>
+
+<p>
+  Your password has been reset. Choose a new password below.
+</p>
+
+<%= error_messages_for :user %>
+
+<% form_for(:user,
+            :url => user_password_path(@user, :token => @user.confirmation_token),
+            :html => { :method => :put }) do |form| %>
+  <div class="password_field">
+    <%= form.label :password, "Choose password" %>
+    <%= form.password_field :password %>
+  </div>
+  <div class="password_field">
+    <%= form.label :password_confirmation, "Confirm password" %>
+    <%= form.password_field :password_confirmation %>
+  </div>
+  <div class="submit_field">
+    <%= form.submit "Save this password", :disable_with => "Please wait..." %>
+  </div>
+<% end %>

data/app/views/passwords/new.html.erb

@@ -0,0 +1,15 @@
+<h2>Change your password</h2>
+
+<p>
+  We will email you a link to change your password.
+</p>
+
+<% form_for :password, :url => passwords_path do |form| %>
+  <div class="text_field">
+    <%= form.label :email, "Email address" %>
+    <%= form.text_field :email %>
+  </div>
+  <div class="submit_field">
+    <%= form.submit "Reset password", :disable_with => "Please wait..." %>
+  </div>
+<% end %>

data/app/views/sessions/new.html.erb

@@ -0,0 +1,24 @@
+<h2>Sign in</h2>
+
+<% form_for :session, :url => session_path do |form| %>
+  <div class="text_field">
+    <%= form.label :email %>
+    <%= form.text_field :email %>
+  </div>
+  <div class="text_field">
+    <%= form.label :password %>
+    <%= form.password_field :password %>
+  </div>
+  <div class="submit_field">
+    <%= form.submit "Sign in", :disable_with => "Please wait..." %>
+  </div>
+<% end %>
+
+<ul>
+  <li>
+    <%= link_to "Sign up", new_user_path %>
+  </li>
+  <li>
+    <%= link_to "Forgot password?", new_password_path %>
+  </li>
+</ul>

data/app/views/users/_form.html.erb

@@ -0,0 +1,13 @@
+<%= form.error_messages %>
+<div class="text_field">
+  <%= form.label :email %>
+  <%= form.text_field :email %>
+</div>
+<div class="password_field">
+  <%= form.label :password %>
+  <%= form.password_field :password %>
+</div>
+<div class="password_field">
+  <%= form.label :password_confirmation, "Confirm password" %>
+  <%= form.password_field :password_confirmation %>
+</div>

data/app/views/users/new.html.erb

@@ -0,0 +1,6 @@
+<h2>Sign up</h2>
+
+<% form_for @user do |form| %>
+  <%= render :partial => '/users/form', :object => form %>
+  <%= form.submit 'Sign up', :disable_with => 'Please wait...' %>
+<% end %>

data/config/clearance_routes.rb

@@ -0,0 +1,30 @@
+ActionController::Routing::Routes.draw do |map|
+  map.resources :passwords,
+    :controller => 'clearance/passwords',
+    :only       => [:new, :create]
+
+  map.resource  :session,
+    :controller => 'clearance/sessions',
+    :only       => [:new, :create, :destroy]
+
+  map.resources :users, :controller => 'clearance/users' do |users|
+    users.resource :password,
+      :controller => 'clearance/passwords',
+      :only       => [:create, :edit, :update]
+
+    users.resource :confirmation,
+      :controller => 'clearance/confirmations',
+      :only       => [:new, :create]
+  end
+
+  map.sign_up  'sign_up',
+    :controller => 'clearance/users',
+    :action     => 'new'
+  map.sign_in  'sign_in',
+    :controller => 'clearance/sessions',
+    :action     => 'new'
+  map.sign_out 'sign_out',
+    :controller => 'clearance/sessions',
+    :action     => 'destroy',
+    :method     => :delete
+end

data/generators/clearance/USAGE

@@ -0,0 +1 @@
+script/generate clearance

data/generators/clearance/clearance_generator.rb

@@ -0,0 +1,41 @@
+require File.expand_path(File.dirname(__FILE__) + "/lib/insert_commands.rb")
+require File.expand_path(File.dirname(__FILE__) + "/lib/rake_commands.rb")
+require 'factory_girl'
+
+class ClearanceGenerator < Rails::Generator::Base
+
+  def manifest
+    record do |m|
+      m.insert_into "app/controllers/application_controller.rb",
+                    "include Clearance::Authentication"
+
+      user_model = "app/models/user.rb"
+      if File.exists?(user_model)
+        m.insert_into user_model, "include Clearance::User"
+      else
+        m.directory File.join("app", "models")
+        m.file "user.rb", user_model
+      end
+
+      m.directory File.join("test", "factories")
+      m.file "factories.rb", "test/factories/clearance.rb"
+
+      m.migration_template "migrations/#{migration_name}.rb",
+                           'db/migrate',
+                           :migration_file_name => "clearance_#{migration_name}"
+
+      m.readme "README"
+    end
+  end
+
+  private
+
+  def migration_name
+    if ActiveRecord::Base.connection.table_exists?(:users)
+      'update_users'
+    else
+      'create_users'
+    end
+  end
+
+end