cloudfoundry-devise 1.5.2

data/lib/devise/models/omniauthable.rb

@@ -0,0 +1,23 @@
+require 'devise/omniauth'
+
+module Devise
+  module Models
+    # Adds OmniAuth support to your model.
+    #
+    # == Options
+    #
+    # Oauthable adds the following options to devise_for:
+    #
+    #   * +omniauth_providers+: Which providers are avaialble to this model. It expects an array:
+    #
+    #       devise_for :database_authenticatable, :omniauthable, :omniauth_providers => [:twitter]
+    #
+    module Omniauthable
+      extend ActiveSupport::Concern
+
+      module ClassMethods
+        Devise::Models.config(self, :omniauth_providers)
+      end
+    end
+  end
+end

data/lib/devise/models/recoverable.rb

@@ -0,0 +1,136 @@
+module Devise
+  module Models
+
+    # Recoverable takes care of reseting the user password and send reset instructions.
+    #
+    # ==Options
+    #
+    # Recoverable adds the following options to devise_for:
+    #
+    #   * +reset_password_keys+: the keys you want to use when recovering the password for an account
+    #
+    # == Examples
+    #
+    #   # resets the user password and save the record, true if valid passwords are given, otherwise false
+    #   User.find(1).reset_password!('password123', 'password123')
+    #
+    #   # only resets the user password, without saving the record
+    #   user = User.find(1)
+    #   user.reset_password('password123', 'password123')
+    #
+    #   # creates a new token and send it with instructions about how to reset the password
+    #   User.find(1).send_reset_password_instructions
+    #
+    module Recoverable
+      extend ActiveSupport::Concern
+
+      # Update password saving the record and clearing token. Returns true if
+      # the passwords are valid and the record was saved, false otherwise.
+      def reset_password!(new_password, new_password_confirmation)
+        self.password = new_password
+        self.password_confirmation = new_password_confirmation
+
+        if valid?
+          clear_reset_password_token
+          after_password_reset
+        end
+
+        save
+      end
+
+      # Resets reset password token and send reset password instructions by email
+      def send_reset_password_instructions
+        generate_reset_password_token! if should_generate_token?
+        self.devise_mailer.reset_password_instructions(self).deliver
+      end
+
+      # Checks if the reset password token sent is within the limit time.
+      # We do this by calculating if the difference between today and the
+      # sending date does not exceed the confirm in time configured.
+      # Returns true if the resource is not responding to reset_password_sent_at at all.
+      # reset_password_within is a model configuration, must always be an integer value.
+      #
+      # Example:
+      #
+      #   # reset_password_within = 1.day and reset_password_sent_at = today
+      #   reset_password_period_valid?   # returns true
+      #
+      #   # reset_password_within = 5.days and reset_password_sent_at = 4.days.ago
+      #   reset_password_period_valid?   # returns true
+      #
+      #   # reset_password_within = 5.days and reset_password_sent_at = 5.days.ago
+      #   reset_password_period_valid?   # returns false
+      #
+      #   # reset_password_within = 0.days
+      #   reset_password_period_valid?   # will always return false
+      #
+      def reset_password_period_valid?
+        reset_password_sent_at && reset_password_sent_at.utc >= self.class.reset_password_within.ago
+      end
+
+      protected
+
+        def should_generate_token?
+          reset_password_token.nil? || !reset_password_period_valid?
+        end
+
+        # Generates a new random token for reset password
+        def generate_reset_password_token
+          self.reset_password_token = self.class.reset_password_token
+          self.reset_password_sent_at = Time.now.utc
+          self.reset_password_token
+        end
+
+        # Resets the reset password token with and save the record without
+        # validating
+        def generate_reset_password_token!
+          generate_reset_password_token && save(:validate => false)
+        end
+
+        # Removes reset_password token
+        def clear_reset_password_token
+          self.reset_password_token = nil
+          self.reset_password_sent_at = nil
+        end
+
+        def after_password_reset
+        end
+
+      module ClassMethods
+        # Attempt to find a user by its email. If a record is found, send new
+        # password instructions to it. If not user is found, returns a new user
+        # with an email not found error.
+        # Attributes must contain the user email
+        def send_reset_password_instructions(attributes={})
+          recoverable = find_or_initialize_with_errors(reset_password_keys, attributes, :not_found)
+          recoverable.send_reset_password_instructions if recoverable.persisted?
+          recoverable
+        end
+
+        # Generate a token checking if one does not already exist in the database.
+        def reset_password_token
+          generate_token(:reset_password_token)
+        end
+
+        # Attempt to find a user by its reset_password_token to reset its
+        # password. If a user is found and token is still valid, reset its password and automatically
+        # try saving the record. If not user is found, returns a new user
+        # containing an error in reset_password_token attribute.
+        # Attributes must contain reset_password_token, password and confirmation
+        def reset_password_by_token(attributes={})
+          recoverable = find_or_initialize_with_error_by(:reset_password_token, attributes[:reset_password_token])
+          if recoverable.persisted?
+            if recoverable.reset_password_period_valid?
+              recoverable.reset_password!(attributes[:password], attributes[:password_confirmation])
+            else
+              recoverable.errors.add(:reset_password_token, :expired)
+            end
+          end
+          recoverable
+        end
+
+        Devise::Models.config(self, :reset_password_keys, :reset_password_within)
+      end
+    end
+  end
+end

data/lib/devise/models/registerable.rb

@@ -0,0 +1,21 @@
+module Devise
+  module Models
+    # Registerable is responsible for everything related to registering a new
+    # resource (ie user sign up).
+    module Registerable
+      extend ActiveSupport::Concern
+
+      module ClassMethods
+        # A convenience method that receives both parameters and session to
+        # initialize a user. This can be used by OAuth, for example, to send
+        # in the user token and be stored on initialization.
+        #
+        # By default discards all information sent by the session by calling
+        # new with params.
+        def new_with_session(params, session)
+          new(params)
+        end
+      end
+    end
+  end
+end

data/lib/devise/models/rememberable.rb

@@ -0,0 +1,114 @@
+require 'devise/strategies/rememberable'
+require 'devise/hooks/rememberable'
+require 'devise/hooks/forgetable'
+
+module Devise
+  module Models
+    # Rememberable manages generating and clearing token for remember the user
+    # from a saved cookie. Rememberable also has utility methods for dealing
+    # with serializing the user into the cookie and back from the cookie, trying
+    # to lookup the record based on the saved information.
+    # You probably wouldn't use rememberable methods directly, they are used
+    # mostly internally for handling the remember token.
+    #
+    # == Options
+    #
+    # Rememberable adds the following options in devise_for:
+    #
+    #   * +remember_for+: the time you want the user will be remembered without
+    #     asking for credentials. After this time the user will be blocked and
+    #     will have to enter his credentials again. This configuration is also
+    #     used to calculate the expires time for the cookie created to remember
+    #     the user. By default remember_for is 2.weeks.
+    #
+    #   * +extend_remember_period+: if true, extends the user's remember period
+    #     when remembered via cookie. False by default.
+    #
+    #   * +cookie_options+: configuration options passed to the created cookie.
+    #
+    # == Examples
+    #
+    #   User.find(1).remember_me!  # regenerating the token
+    #   User.find(1).forget_me!    # clearing the token
+    #
+    #   # generating info to put into cookies
+    #   User.serialize_into_cookie(user)
+    #
+    #   # lookup the user based on the incoming cookie information
+    #   User.serialize_from_cookie(cookie_string)
+    module Rememberable
+      extend ActiveSupport::Concern
+
+      attr_accessor :remember_me, :extend_remember_period
+
+      # Generate a new remember token and save the record without validations
+      # unless remember_across_browsers is true and the user already has a valid token.
+      def remember_me!(extend_period=false)
+        self.remember_created_at = Time.now.utc if generate_remember_timestamp?(extend_period)
+        save(:validate => false)
+      end
+
+      # If the record is persisted, remove the remember token (but only if
+      # it exists), and save the record without validations.
+      def forget_me!
+        if persisted?
+          self.remember_token = nil if respond_to?(:remember_token=)
+          self.remember_created_at = nil
+          save(:validate => false)
+        end
+      end
+
+      # Remember token should be expired if expiration time not overpass now.
+      def remember_expired?
+        remember_created_at.nil? || (remember_expires_at <= Time.now.utc)
+      end
+
+      # Remember token expires at created time + remember_for configuration
+      def remember_expires_at
+        remember_created_at + self.class.remember_for
+      end
+
+      def rememberable_value
+        if respond_to?(:authenticatable_salt) && (salt = authenticatable_salt)
+          salt
+        else
+          raise "The #{self.class.name} class does not respond to remember_token and " <<
+            "authenticatable_salt returns nil. In order to use rememberable, you must " <<
+            "add a remember_token field to your model or ensure a password is always set."
+        end
+      end
+
+      def cookie_options
+        self.class.cookie_options
+      end
+
+    protected
+
+      # Generate a timestamp if extend_remember_period is true, if no remember_token
+      # exists, or if an existing remember token has expired.
+      def generate_remember_timestamp?(extend_period) #:nodoc:
+        extend_period || remember_created_at.nil? || remember_expired?
+      end
+
+      module ClassMethods
+        # Create the cookie key using the record id and remember_token
+        def serialize_into_cookie(record)
+          [record.to_key, record.rememberable_value]
+        end
+
+        # Recreate the user based on the stored cookie
+        def serialize_from_cookie(id, remember_token)
+          record = to_adapter.get(id)
+          record if record && record.rememberable_value == remember_token && !record.remember_expired?
+        end
+
+        # Generate a token checking if one does not already exist in the database.
+        def remember_token
+          generate_token(:remember_token)
+        end
+
+        Devise::Models.config(self, :remember_for, :extend_remember_period, :cookie_options)
+      end
+    end
+  end
+end

data/lib/devise/models/serializable.rb

@@ -0,0 +1,43 @@
+module Devise
+  module Models
+    # This module redefine to_xml and serializable_hash in models for more
+    # secure defaults. By default, it removes from the serializable model
+    # all attributes that are *not* accessible. You can remove this default
+    # by using :force_except and passing a new list of attributes you want
+    # to exempt. All attributes given to :except will simply add names to
+    # exempt to Devise internal list.
+    module Serializable
+      extend ActiveSupport::Concern
+
+      # TODO: to_xml does not call serializable_hash. Hopefully someone will fix this in AR.
+      %w(to_xml serializable_hash).each do |method|
+        class_eval <<-RUBY, __FILE__, __LINE__
+          def #{method}(options=nil)
+            options ||= {}
+            if options.key?(:force_except)
+              options[:except] = options.delete(:force_except)
+              super(options)
+            elsif self.class.blacklist_keys?
+              except = Array(options[:except])
+              super(options.merge(:except => except + self.class.blacklist_keys))
+            else
+              super
+            end
+          end
+        RUBY
+      end
+
+      module ClassMethods
+        # Return true if we can retrieve blacklist keys from the record.
+        def blacklist_keys?
+          @has_except_keys ||= respond_to?(:accessible_attributes) && !accessible_attributes.to_a.empty?
+        end
+
+        # Returns keys that should be removed when serializing the record.
+        def blacklist_keys
+          @blacklist_keys ||= to_adapter.column_names.map(&:to_s) - accessible_attributes.to_a.map(&:to_s)
+        end
+      end
+    end
+  end
+end

data/lib/devise/models/timeoutable.rb

@@ -0,0 +1,45 @@
+require 'devise/hooks/timeoutable'
+
+module Devise
+  module Models
+    # Timeoutable takes care of veryfing whether a user session has already
+    # expired or not. When a session expires after the configured time, the user
+    # will be asked for credentials again, it means, he/she will be redirected
+    # to the sign in page.
+    #
+    # == Options
+    #
+    # Timeoutable adds the following options to devise_for:
+    #
+    #   * +timeout_in+: the interval to timeout the user session without activity.
+    #
+    # == Examples
+    #
+    #   user.timedout?(30.minutes.ago)
+    #
+    module Timeoutable
+      extend ActiveSupport::Concern
+
+      # Checks whether the user session has expired based on configured time.
+      def timedout?(last_access)
+        return false if remember_exists_and_not_expired?
+        !timeout_in.nil? && last_access && last_access <= timeout_in.ago
+      end
+
+      def timeout_in
+        self.class.timeout_in
+      end
+
+      private
+
+      def remember_exists_and_not_expired?
+        return false unless respond_to?(:remember_created_at)
+        remember_created_at && !remember_expired?
+      end
+
+      module ClassMethods
+        Devise::Models.config(self, :timeout_in)
+      end
+    end
+  end
+end

data/lib/devise/models/token_authenticatable.rb

@@ -0,0 +1,72 @@
+require 'devise/strategies/token_authenticatable'
+
+module Devise
+  module Models
+    # The TokenAuthenticatable module is responsible for generating an authentication token and
+    # validating the authenticity of the same while signing in.
+    #
+    # This module only provides a few helpers to help you manage the token, but it is up to you
+    # to choose how to use it. For example, if you want to have a new token every time the user
+    # saves his account, you can do the following:
+    #
+    #   before_save :reset_authentication_token
+    #
+    # On the other hand, if you want to generate token unless one exists, you should use instead:
+    #
+    #   before_save :ensure_authentication_token
+    #
+    # If you want to delete the token after it is used, you can do so in the
+    # after_token_authentication callback.
+    #
+    # == Options
+    #
+    # TokenAuthenticatable adds the following options to devise_for:
+    #
+    #   * +token_authentication_key+: Defines name of the authentication token params key. E.g. /users/sign_in?some_key=...
+    #
+    #   * +stateless_token+: By default, when you sign up with a token, Devise will store the user in session
+    #     as any other authentication strategy. You can set stateless_token to true to avoid this.
+    #
+    module TokenAuthenticatable
+      extend ActiveSupport::Concern
+
+      # Generate new authentication token (a.k.a. "single access token").
+      def reset_authentication_token
+        self.authentication_token = self.class.authentication_token
+      end
+
+      # Generate new authentication token and save the record.
+      def reset_authentication_token!
+        reset_authentication_token
+        save(:validate => false)
+      end
+
+      # Generate authentication token unless already exists.
+      def ensure_authentication_token
+        reset_authentication_token if authentication_token.blank?
+      end
+
+      # Generate authentication token unless already exists and save the record.
+      def ensure_authentication_token!
+        reset_authentication_token! if authentication_token.blank?
+      end
+
+      # Hook called after token authentication.
+      def after_token_authentication
+      end
+
+      module ClassMethods
+        def find_for_token_authentication(conditions)
+          find_for_authentication(:authentication_token => conditions[token_authentication_key])
+        end
+
+        # Generate a token checking if one does not already exist in the database.
+        def authentication_token
+          generate_token(:authentication_token)
+        end
+
+        ::Devise::Models.config(self, :token_authentication_key, :stateless_token)
+      end
+    end
+  end
+end