clearance 0.8.2

data/generators/clearance_features/templates/features/support/paths.rb

@@ -0,0 +1,22 @@
+module NavigationHelpers
+  def path_to(page_name)
+    case page_name
+    
+    when /the homepage/i
+      root_path
+    when /the sign up page/i
+      new_user_path
+    when /the sign in page/i
+      new_session_path
+    when /the password reset request page/i
+      new_password_path
+    
+    # Add more page name => path mappings here
+    
+    else
+      raise "Can't find mapping from \"#{page_name}\" to a path."
+    end
+  end
+end
+ 
+World(NavigationHelpers)

data/generators/clearance_views/clearance_views_generator.rb

@@ -0,0 +1,27 @@
+class ClearanceViewsGenerator < Rails::Generator::Base
+
+  def manifest
+    record do |m|
+      strategy          = "formtastic"
+      template_strategy = "erb"
+
+      m.directory File.join("app", "views", "users")
+      m.file "#{strategy}/users/new.html.#{template_strategy}",
+        "app/views/users/new.html.#{template_strategy}"
+      m.file "#{strategy}/users/_inputs.html.#{template_strategy}",
+        "app/views/users/_inputs.html.#{template_strategy}"
+
+      m.directory File.join("app", "views", "sessions")
+      m.file "#{strategy}/sessions/new.html.#{template_strategy}",
+        "app/views/sessions/new.html.#{template_strategy}"
+
+      m.directory File.join("app", "views", "passwords")
+      m.file "#{strategy}/passwords/new.html.#{template_strategy}",
+        "app/views/passwords/new.html.#{template_strategy}"
+      m.file "#{strategy}/passwords/edit.html.#{template_strategy}",
+        "app/views/passwords/edit.html.#{template_strategy}"
+    end
+  end
+
+end
+

data/generators/clearance_views/templates/formtastic/passwords/edit.html.erb

@@ -0,0 +1,21 @@
+<h2>Change your password</h2>
+
+<p>
+  Your password has been reset. Choose a new password below.
+</p>
+
+<% semantic_form_for(:user,
+            :url  => user_password_path(@user, :token => @user.confirmation_token),
+            :html => { :method => :put }) do |form| %>
+  <%= form.error_messages %>
+  <% form.inputs do -%>
+    <%= form.input :password, :as => :password,
+                   :label => "Choose password" %>
+    <%= form.input :password_confirmation, :as => :password,
+                   :label => "Confirm password" %>
+  <% end -%>
+  <% form.buttons do -%>
+    <%= form.commit_button "Save this password" %>
+  <% end -%>
+<% end %>
+

data/generators/clearance_views/templates/formtastic/passwords/new.html.erb

@@ -0,0 +1,15 @@
+<h2>Reset your password</h2>
+
+<p>
+  We will email you a link to reset your password.
+</p>
+
+<% semantic_form_for :password, :url => passwords_path do |form| -%>
+  <% form.inputs do -%>
+    <%= form.input :email, :label => "Email address" %>
+  <% end -%>
+  <% form.buttons do -%>
+    <%= form.commit_button "Reset password" %>
+  <% end -%>
+<% end -%>
+

data/generators/clearance_views/templates/formtastic/sessions/new.html.erb

@@ -0,0 +1,21 @@
+<h2>Sign in</h2>
+
+<% semantic_form_for :session, :url => session_path do |form| %>
+  <% form.inputs do %>
+    <%= form.input :email %>
+    <%= form.input :password, :as => :password %>
+  <% end %>
+  <% form.buttons do %>
+    <%= form.commit_button "Sign in" %>
+  <% end %>
+<% end %>
+
+<ul>
+  <li>
+    <%= link_to "Sign up", new_user_path %>
+  </li>
+  <li>
+    <%= link_to "Forgot password?", new_password_path %>
+  </li>
+</ul>
+

data/generators/clearance_views/templates/formtastic/users/_inputs.html.erb

@@ -0,0 +1,6 @@
+<% form.inputs do %>
+  <%= form.input :email %>
+  <%= form.input :password %>
+  <%= form.input :password_confirmation, :label => "Confirm password" %>
+<% end %>
+

data/generators/clearance_views/templates/formtastic/users/new.html.erb

@@ -0,0 +1,10 @@
+<h2>Sign up</h2>
+
+<% semantic_form_for @user do |form| %>
+  <%= form.error_messages %>
+  <%= render :partial => "/users/inputs", :locals => { :form => form } %>
+  <% form.buttons do %>
+    <%= form.commit_button "Sign up" %>
+  <% end %>
+<% end %>
+

data/lib/clearance.rb

@@ -0,0 +1,6 @@
+require 'clearance/extensions/errors'
+require 'clearance/extensions/rescue'
+require 'clearance/extensions/routes'
+
+require 'clearance/authentication'
+require 'clearance/user'

data/lib/clearance/authentication.rb

@@ -0,0 +1,125 @@
+module Clearance
+  module Authentication
+
+    def self.included(controller) # :nodoc:
+      controller.send(:include, InstanceMethods)
+
+      controller.class_eval do
+        helper_method :current_user, :signed_in?, :signed_out?
+        hide_action   :current_user, :signed_in?, :signed_out?
+      end
+    end
+
+    module InstanceMethods
+      # User in the current cookie
+      #
+      # @return [User, nil]
+      def current_user
+        @_current_user ||= user_from_cookie
+      end
+
+      # Set the current user
+      #
+      # @param [User]
+      def current_user=(user)
+        @_current_user = user
+      end
+
+      # Is the current user signed in?
+      #
+      # @return [true, false]
+      def signed_in?
+        ! current_user.nil?
+      end
+
+      # Is the current user signed out?
+      #
+      # @return [true, false]
+      def signed_out?
+        current_user.nil?
+      end
+
+      # Deny the user access if they are signed out.
+      #
+      # @example
+      #   before_filter :authenticate
+      def authenticate
+        deny_access unless signed_in?
+      end
+
+      # Sign user in to cookie.
+      #
+      # @param [User]
+      #
+      # @example
+      #   sign_in(@user)
+      def sign_in(user)
+        if user
+          user.remember_me!
+          cookies[:remember_token] = {
+            :value   => user.remember_token,
+            :expires => 1.year.from_now.utc
+          }
+          current_user = user
+        end
+      end
+
+      # Sign user out of cookie.
+      #
+      # @example
+      #   sign_out
+      def sign_out
+        cookies.delete(:remember_token)
+        current_user = nil
+      end
+
+      # Store the current location.
+      # Display a flash message if included.
+      # Redirect to sign in.
+      #
+      # @param [String] optional flash message to display to denied user
+      def deny_access(flash_message = nil)
+        store_location
+        flash[:failure] = flash_message if flash_message
+        redirect_to(new_session_url)
+      end
+
+      protected
+
+      def user_from_cookie
+        if token = cookies[:remember_token]
+          ::User.find_by_remember_token(token)
+        end
+      end
+
+      def sign_user_in(user)
+        warn "[DEPRECATION] sign_user_in: unnecessary. use sign_in(user) instead."
+        sign_in(user)
+      end
+
+      def store_location
+        if request.get?
+          session[:return_to] = request.request_uri
+        end
+      end
+
+      def redirect_back_or(default)
+        redirect_to(return_to || default)
+        clear_return_to
+      end
+
+      def return_to
+        session[:return_to] || params[:return_to]
+      end
+
+      def clear_return_to
+        session[:return_to] = nil
+      end
+
+      def redirect_to_root
+        redirect_to(root_url)
+      end
+    end
+
+  end
+end

data/lib/clearance/extensions/errors.rb

@@ -0,0 +1,6 @@
+if defined?(ActionController)
+  module ActionController
+    class Forbidden < StandardError
+    end
+  end
+end

data/lib/clearance/extensions/rescue.rb

@@ -0,0 +1,3 @@
+if defined?(ActionController::Base)
+  ActionController::Base.rescue_responses.update('ActionController::Forbidden' => :forbidden)
+end

data/lib/clearance/extensions/routes.rb

@@ -0,0 +1,14 @@
+if defined?(ActionController::Routing::RouteSet)
+  class ActionController::Routing::RouteSet
+    def load_routes_with_clearance!
+      lib_path = File.dirname(__FILE__)
+      clearance_routes = File.join(lib_path, *%w[.. .. .. config clearance_routes.rb])
+      unless configuration_files.include?(clearance_routes)
+        add_configuration_file(clearance_routes)
+      end
+      load_routes_without_clearance!
+    end
+
+    alias_method_chain :load_routes!, :clearance
+  end
+end

data/lib/clearance/user.rb

@@ -0,0 +1,199 @@
+require 'digest/sha1'
+
+module Clearance
+  module User
+
+    # Hook for all Clearance::User modules.
+    #
+    # If you need to override parts of Clearance::User,
+    # extend and include à la carte.
+    #
+    # @example
+    #   extend ClassMethods
+    #   include InstanceMethods
+    #   include AttrAccessor
+    #   include Callbacks
+    #
+    # @see ClassMethods
+    # @see InstanceMethods
+    # @see AttrAccessible
+    # @see AttrAccessor
+    # @see Validations
+    # @see Callbacks
+    def self.included(model)
+      model.extend(ClassMethods)
+
+      model.send(:include, InstanceMethods)
+      model.send(:include, AttrAccessible)
+      model.send(:include, AttrAccessor)
+      model.send(:include, Validations)
+      model.send(:include, Callbacks)
+    end
+
+    module AttrAccessible
+      # Hook for attr_accessible white list.
+      #
+      # :email, :password, :password_confirmation
+      #
+      # Append other attributes that must be mass-assigned in your model.
+      #
+      # @example
+      #   include Clearance::User
+      #   attr_accessible :location, :gender
+      def self.included(model)
+        model.class_eval do
+          attr_accessible :email, :password, :password_confirmation
+        end
+      end
+    end
+
+    module AttrAccessor
+      # Hook for attr_accessor virtual attributes.
+      #
+      # :password, :password_confirmation
+      def self.included(model)
+        model.class_eval do
+          attr_accessor :password, :password_confirmation
+        end
+      end
+    end
+
+    module Validations
+      # Hook for validations.
+      #
+      # :email must be present, unique, formatted
+      #
+      # If password is required,
+      # :password must be present, confirmed
+      def self.included(model)
+        model.class_eval do
+          validates_presence_of     :email
+          validates_uniqueness_of   :email, :case_sensitive => false
+          validates_format_of       :email, :with => %r{.+@.+\..+}
+
+          validates_presence_of     :password, :if => :password_required?
+          validates_confirmation_of :password, :if => :password_required?
+        end
+      end
+    end
+
+    module Callbacks
+      # Hook for callbacks.
+      #
+      # salt, token, password encryption are handled before_save.
+      def self.included(model)
+        model.class_eval do
+          before_save :initialize_salt,
+                      :encrypt_password,
+                      :initialize_confirmation_token
+        end
+      end
+    end
+
+    module InstanceMethods
+      # Am I authenticated with given password?
+      #
+      # @param [String] plain-text password
+      # @return [true, false]
+      # @example
+      #   user.authenticated?('password')
+      def authenticated?(password)
+        encrypted_password == encrypt(password)
+      end
+
+      # Remember me for a year.
+      #
+      # @example
+      #   user.remember_me!
+      #   cookies[:remember_token] = {
+      #     :value   => user.remember_token,
+      #     :expires => user.remember_token_expires_at
+      #   }
+      def remember_me!
+        self.remember_token = encrypt("--#{Time.now.utc}--#{password}--")
+        save(false)
+      end
+
+      # Confirm my email.
+      #
+      # @example
+      #   user.confirm_email!
+      def confirm_email!
+        self.email_confirmed    = true
+        self.confirmation_token = nil
+        save(false)
+      end
+
+      # Mark my account as forgotten password.
+      #
+      # @example
+      #   user.forgot_password!
+      def forgot_password!
+        generate_confirmation_token
+        save(false)
+      end
+
+      # Update my password.
+      #
+      # @param [String, String] password and password confirmation
+      # @return [true, false] password was updated or not
+      # @example
+      #   user.update_password('new-password', 'new-password')
+      def update_password(new_password, new_password_confirmation)
+        self.password              = new_password
+        self.password_confirmation = new_password_confirmation
+        if valid?
+          self.confirmation_token = nil
+        end
+        save
+      end
+
+      protected
+
+      def generate_hash(string)
+        Digest::SHA1.hexdigest(string)
+      end
+
+      def initialize_salt
+        if new_record?
+          self.salt = generate_hash("--#{Time.now.utc}--#{password}--")
+        end
+      end
+
+      def encrypt_password
+        return if password.blank?
+        self.encrypted_password = encrypt(password)
+      end
+
+      def encrypt(string)
+        generate_hash("--#{salt}--#{string}--")
+      end
+
+      def generate_confirmation_token
+        self.confirmation_token = encrypt("--#{Time.now.utc}--#{password}--")
+      end
+
+      def initialize_confirmation_token
+        generate_confirmation_token if new_record?
+      end
+
+      def password_required?
+        encrypted_password.blank? || !password.blank?
+      end
+    end
+
+    module ClassMethods
+      # Authenticate with email and password.
+      #
+      # @param [String, String] email and password
+      # @return [User, nil] authenticated user or nil
+      # @example
+      #   User.authenticate("email@example.com", "password")
+      def authenticate(email, password)
+        return nil  unless user = find_by_email(email)
+        return user if     user.authenticated?(password)
+      end
+    end
+
+  end
+end