cops 0.2.0.6

data/LICENSE

@@ -0,0 +1,20 @@
+Copyright (c) 2009 Envy Labs LLC
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.rdoc

@@ -0,0 +1,113 @@
+= Blue Light Special
+
+Blue Light Special is a derivative from Thoughtbot's 
+{Clearance}[http://github.com/thoughtbot/clearance] gem.  It's a highly
+opinionated starting point for many of our projects at Envy Labs.
+
+In addition to the basic email and password authentication provided by
+Clearance, a default Blue Light Special installation includes:
+
+* optional support for authenticating with Facebook Connect, using {mini_fb}[http://github.com/appoxy/mini_fb]
+
+* a simple role system with built-in support for admin users
+
+* the ability for an admin to impersonate any other user
+
+* use of {MadMimi}[http://madmimi.com/r/b8599b9343f82e3bc30984ca4f3fea3f] for sending notification emails
+
+* {delayed_job}[http://github.com/tobi/delayed_job] for sending emails in the background
+	
+* a basic application layout and stylesheet
+
+== Setup
+
+After installing the Blue Light Special gem, require it in your Rails app and run
+the blue_light_special generator.
+
+In your config/environment.rb:
+
+  config.gem 'blue_light_special'
+
+Run the generators and migrate your database:
+
+  script/generate blue_light_special
+  script/generate delayed_job
+  rake db:migrate
+	
+You'll also want to take a look at Blue Light Special's configuration options
+in config/blue_light_special.yml.
+
+== Tests
+
+Blue Light Special can optionally generate integration tests that cover all
+of its basic features.  These tests require {shoulda}[http://github.com/thoughtbot/shoulda],
+{factory_girl}[http://github.com/thoughtbot/factory_girl], {webrat}[http://github.com/brynary/webrat],
+and {fakeweb}[http://github.com/chrisk/fakeweb].  To install the tests:
+
+  script/generate blue_light_special_tests
+	
+After the generator runs, you'll see  instructions for updating
+test/test_helper.rb to include some helper methods that the tests require.
+You can also use these helper methods in your own integration tests whenever
+you need to sign a user in or out.
+
+== Administration Interface
+
+The final Blue Light Special generator builds a very simple administration
+interface for your app.  This allows admins to manage and impersonate users,
+and it can be used as a starting point for building a more elaborate admin
+interface.  If you'd like to generate the admin interface, run:
+
+  script/generate blue_light_special_admin
+	
+This will generate your user admin controller and its integration test.
+
+== Mad Mimi
+
+If you'd like an overview of Mad Mimi, check out the third part of
+{this screencast}[http://railslab.newrelic.com/2009/10/23/episode-21-on-the-edge-part-3].
+In order to get Blue Light Special working with Mad Mimi, you'll need to sign
+up for an account at {madmimi.com}[http://madmimi.com/r/b8599b9343f82e3bc30984ca4f3fea3f].
+
+Your Mad Mimi account needs API access, so be sure to enable that during the signup
+process. The support people at Mad Mimi will manually authorize your account for
+API access. This usually happens within a few hours after you've signed up. Until
+your account is authorized, you'll see HTTP errors when your Rails app attempts to
+send email.
+
+After you've signed up and your API access has been approved, all you'll need to do is
+put your Mad Mimi username and API key in config/blue_light_special.yml.
+
+== Facebook Connect
+
+To set up Facebook Connect, go to the {Facebook developer page}[http://facebook.com/developers]
+and create a new Facebook app. Since you're only using this app for Facebook Connect,
+you can leave most of the fields blank. Be sure to give your app a name, and then
+head over to the Connect settings and set the Connect URL to point at your Rails app.
+In the Advanced section, you'll need to set Email Domain to the domain from which you'll
+be sending email messages.
+
+After you've finished setting up your Facebook app, grab its API key and secret key
+and put them in config/blue_light_special.yml.
+
+== To Build the Gem ==
+gem build cops.gemspec
+
+sudo gem install cops.gem
+
+gem yank cops -v 0.2.0.1
+
+== Differences from Blue Light Special ==
+1. MimiMailer was made optional. In some cases, like deploying on heroku, you won't want to use MimiMailer templates, but instead regular mailer templates. Cops does not use MimiMailer unless you've setup your login info for that service.
+2. DelayedJob is now optional. You can turn off the use of delayed job, again in the case of deploying to Heroku for example where you do not want to pay the extra fees of using a background worker. In this case emails will be sent immediately and not queued.
+3. The welcome email is not only suppressed if the email is already confirmed, but is also not sent if the user connects via Facebook. Since Facebook returns the email already, which presumably Facebook has already confirmed, Cops marks the user as already confirmed.
+4. Cops adds back into BlueLightSpecial, the email confirmation from Clearance. This is only used for non-facebook connect users
+5. Added flash notice on creation of user
+6. Using redirect_back_or in all cases so app using Cops gem has an option of where to send the user
+7. Added a facebook_logout method that facebook can call via its Post-Remove Callback, to remove user from app
+8. Changed to user can still log in even though they haven't confirmed their email (they just aren't active)
+9. The change password function was using the confirmation token instead of the password reset token in several spots
+
+== Copyright
+
+Copyright (c) 2010 Envy Labs LLC. See LICENSE for details.

data/Rakefile

@@ -0,0 +1,95 @@
+require 'rubygems'
+require 'rake'
+require 'rake/testtask'
+
+begin
+  require 'jeweler'
+  Jeweler::Tasks.new do |gem|
+    gem.name        = "blue_light_special"
+    gem.summary     = %Q{Rails authentication by email and password}
+    gem.description = %Q{Rails authentication by email and password with integrated dependencies to MadMimi. Also provides administrative user impersonation.}
+    gem.email       = "nate@envylabs.com"
+    gem.homepage    = "http://github.com/envylabs/blue_light_special"
+    gem.authors     = ["Nathaniel Bibler", "Mark Kendall", "Caike Souza"]
+    gem.files       = FileList["[A-Z]*", "{app,config,generators,lib,shoulda_macros,rails}/**/*"]
+    
+    gem.add_dependency "mini_fb", '=0.2.2'
+    gem.add_dependency "delayed_job", '=1.8.4'
+    gem.add_dependency "mad_mimi_mailer", '=0.0.7'
+    
+    gem.add_development_dependency "shoulda", ">= 0"
+  end
+  Jeweler::GemcutterTasks.new
+rescue LoadError
+  puts "Jeweler (or a dependency) not available. Install it with: gem install jeweler"
+end
+
+namespace :test do
+  Rake::TestTask.new(:basic => ["check_dependencies",
+                                "generator:cleanup",
+                                "generator:blue_light_special",
+                                "generator:blue_light_special_tests",
+                                "generator:blue_light_special_admin"]) do |task|
+    task.libs << "lib"
+    task.libs << "test"
+    task.pattern = "test/{controllers,models}/*_test.rb"
+    task.verbose = false
+  end
+end
+
+generators = %w(blue_light_special blue_light_special_tests blue_light_special_admin)
+
+namespace :generator do
+  desc "Cleans up the test app before running the generator"
+  task :cleanup do
+    FileList["test/rails_root/db/**/*"].each do |each|
+      FileUtils.rm_rf(each)
+    end
+    
+    FileUtils.rm_rf("test/rails_root/vendor/plugins/blue_light_special")
+    FileUtils.mkdir_p("test/rails_root/vendor/plugins")
+    blue_light_special_root = File.expand_path(File.dirname(__FILE__))
+    system("ln -s \"#{blue_light_special_root}\" test/rails_root/vendor/plugins/blue_light_special")
+  end
+  
+  desc "Run the blue_light_special generator"
+  task :blue_light_special do
+    system "cd test/rails_root && ./script/generate blue_light_special -f && ./script/generate delayed_job && rake gems:unpack && rake db:migrate db:test:prepare"
+  end
+
+  desc "Run the blue_light_special tests generator"
+  task :blue_light_special_tests do
+    system "cd test/rails_root && ./script/generate blue_light_special_tests -f"
+  end
+
+  desc "Run the blue_light_special admin generator"
+  task :blue_light_special_admin do
+    system "cd test/rails_root && ./script/generate blue_light_special_admin -f"
+  end
+  
+end
+
+begin
+  require 'rcov/rcovtask'
+  Rcov::RcovTask.new do |test|
+    test.libs << 'test'
+    test.pattern = 'test/**/test_*.rb'
+    test.verbose = true
+  end
+rescue LoadError
+  task :rcov do
+    abort "RCov is not available. In order to run rcov, you must: sudo gem install spicycode-rcov"
+  end
+end
+
+task :default => ['test:basic']
+
+require 'rake/rdoctask'
+Rake::RDocTask.new do |rdoc|
+  version = File.exist?('VERSION') ? File.read('VERSION') : ""
+
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = "BlueLightSpecial #{version}"
+  rdoc.rdoc_files.include('README*')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end

data/VERSION

@@ -0,0 +1 @@
+0.2.0

data/app/controllers/blue_light_special/confirmations_controller.rb

@@ -0,0 +1,76 @@
+class BlueLightSpecial::ConfirmationsController < ApplicationController
+  unloadable
+
+  skip_before_filter :authenticate,                  :only => [:new, :create]
+  before_filter :redirect_signed_in_confirmed_user,  :only => [:new, :create]
+  before_filter :redirect_signed_out_confirmed_user, :only => [:new, :create]
+  before_filter :forbid_missing_token,               :only => [:new, :create]
+  before_filter :forbid_non_existent_user,           :only => [:new, :create]
+
+  filter_parameter_logging :token
+
+  def new
+    create
+  end
+
+  def create
+    @user = ::User.find_by_id_and_confirmation_token(
+                   params[:user_id], params[:token])
+    @user.confirm_email!
+
+    sign_in(@user)
+    flash_success_after_create
+    redirect_to(url_after_create)
+  end
+
+  private
+
+  def redirect_signed_in_confirmed_user
+    user = ::User.find_by_id(params[:user_id])
+    if user && user.email_confirmed? && current_user == user
+      flash_success_after_create
+      redirect_to(url_after_create)
+    end
+  end
+
+  def redirect_signed_out_confirmed_user
+    user = ::User.find_by_id(params[:user_id])
+    if user && user.email_confirmed? && signed_out?
+      flash_already_confirmed
+      redirect_to(url_already_confirmed)
+    end
+  end
+
+  def forbid_missing_token
+    if params[:token].blank?
+      raise ActionController::Forbidden, "missing token"
+    end
+  end
+
+  def forbid_non_existent_user
+    unless ::User.find_by_id_and_confirmation_token(
+                  params[:user_id], params[:token])
+      raise ActionController::Forbidden, "non-existent user"
+    end
+  end
+
+  def flash_success_after_create
+    flash[:success] = translate(:confirmed_email,
+      :scope   => [:clearance, :controllers, :confirmations],
+      :default => "Confirmed email and signed in.")
+  end
+
+  def flash_already_confirmed
+    flash[:success] = translate(:already_confirmed_email,
+      :scope   => [:clearance, :controllers, :confirmations],
+      :default => "Already confirmed email. Please sign in.")
+  end
+
+  def url_after_create
+    '/'
+  end
+
+  def url_already_confirmed
+    sign_in_url
+  end
+end

data/app/controllers/blue_light_special/impersonations_controller.rb

@@ -0,0 +1,44 @@
+class BlueLightSpecial::ImpersonationsController < ApplicationController
+  before_filter :authenticate
+  before_filter :check_role, :except => :destroy
+  
+  
+  def index
+    @users = User.all
+    render :template => 'impersonations/index'
+  end
+  
+  def create
+    user = User.find(params[:user_id])
+    if user == current_user
+      flash[:failure] = "Cannot impersonate yourself"
+      redirect_to root_url
+    else
+      session[:admin_user_id]       = current_user.id
+      session[:impersonation_hash]  = Impersonation.hash_for(current_user.id)
+      sign_in(user)
+      redirect_to root_url
+    end
+  end
+  
+  def destroy
+    if Impersonation.valid_hash?(session[:admin_user_id], session[:impersonation_hash])
+      old_user    = current_user
+      admin_user  = User.find(session[:admin_user_id])
+      session[:admin_user_id]       = nil
+      session[:impersonation_hash]  = nil
+      sign_in(admin_user)
+      redirect_to impersonations_url
+    else
+      deny_access
+    end
+  end
+  
+  
+  private
+  
+  
+  def check_role
+    raise ActionController::Forbidden, "disallowed" unless current_user.admin?
+  end
+end

data/app/controllers/blue_light_special/passwords_controller.rb

@@ -0,0 +1,93 @@
+class BlueLightSpecial::PasswordsController < ApplicationController
+  unloadable
+
+  skip_before_filter :authenticate,        :only => [:new, :create, :edit, :update]
+  before_filter :forbid_missing_token,     :only => [:edit, :update]
+  before_filter :forbid_non_existent_user, :only => [:edit, :update]
+  filter_parameter_logging :password, :password_confirmation
+
+  def new
+    render :template => 'passwords/new'
+  end
+
+  def create
+    if user = ::User.find_by_email(params[:password][:email])
+      user.forgot_password!
+      if user.password_reset_token.present?
+        if BlueLightSpecial.configuration.use_delayed_job
+          Delayed::Job.enqueue DeliverChangePasswordJob.new(user)
+        else
+          BlueLightSpecialMailer.deliver_change_password(user)
+        end
+        flash_notice_after_create
+        redirect_to(url_after_create)
+      else
+        flash[:notice] = 'Your password was not able to be recovered. You may never have finished registration.'
+        render :template => 'passwords/new'
+      end
+    else
+      flash_failure_after_create
+      render :template => 'passwords/new'
+    end
+  end
+
+  def edit
+    @user = ::User.find_by_id_and_password_reset_token(
+                   params[:user_id], params[:token])
+    render :template => 'passwords/edit'
+  end
+
+  def update
+    @user = ::User.find_by_id_and_password_reset_token(
+                   params[:user_id], params[:token])
+
+    if @user.update_password(params[:user][:password],
+                             params[:user][:password_confirmation])
+      sign_in(@user)
+      flash_success_after_update
+      redirect_to(url_after_update)
+    else
+      render :template => 'passwords/edit'
+    end
+  end
+
+  private
+
+  def forbid_missing_token
+    if params[:token].blank?
+      raise ActionController::Forbidden, "missing token"
+    end
+  end
+
+  def forbid_non_existent_user
+    unless ::User.find_by_id_and_password_reset_token(
+                  params[:user_id], params[:token])
+      raise ActionController::Forbidden, "non-existent user"
+    end
+  end
+
+  def flash_notice_after_create
+    flash[:notice] = translate(:deliver_change_password,
+      :scope   => [:blue_light_special, :controllers, :passwords],
+      :default => "You will receive an email within the next few minutes. " <<
+                  "It contains instructions for changing your password.")
+  end
+
+  def flash_failure_after_create
+    flash.now[:failure] = translate(:unknown_email,
+      :scope   => [:blue_light_special, :controllers, :passwords],
+      :default => "Unknown email.")
+  end
+
+  def url_after_create
+    sign_in_url
+  end
+
+  def flash_success_after_update
+    flash[:success] = translate(:signed_in, :default => "Signed in.")
+  end
+
+  def url_after_update
+    '/'
+  end
+end

data/app/controllers/blue_light_special/sessions_controller.rb

@@ -0,0 +1,76 @@
+class BlueLightSpecial::SessionsController < ApplicationController
+  unloadable
+
+  skip_before_filter :authenticate, :only => [:new, :create, :destroy]
+  protect_from_forgery :except => :create
+  filter_parameter_logging :password
+
+  def new
+    render :template => 'sessions/new'
+  end
+
+  def create
+    @user = if params[:session]
+      ::User.authenticate(params[:session][:email], params[:session][:password])
+    else
+      ::User.find_facebook_user(cookies[BlueLightSpecial.configuration.facebook_api_key + "_session_key"],
+                                cookies[BlueLightSpecial.configuration.facebook_api_key + "_user"])
+    end
+      
+    if @user.nil?
+      flash_failure_after_create
+      render :template => 'sessions/new', :status => :unauthorized
+    else
+      if @user.email_confirmed?
+        flash_success_after_create
+      else
+        ::BlueLightSpecialMailer.deliver_confirmation(@user)
+        flash_notice_after_create
+      end
+      sign_in(@user)
+      reset_session
+      redirect_back_or(url_after_create)
+    end
+  end
+
+  def destroy
+    if BlueLightSpecial.configuration.use_facebook_connect
+      cookies[BlueLightSpecial.configuration.facebook_api_key + "_user"] = nil
+      cookies[BlueLightSpecial.configuration.facebook_api_key + "_session_key"] = nil
+    end
+    sign_out
+    flash_success_after_destroy
+    redirect_to(url_after_destroy)
+  end
+
+  private
+
+  def flash_failure_after_create
+    flash.now[:failure] = translate(:bad_email_or_password,
+      :scope   => [:blue_light_special, :controllers, :sessions],
+      :default => "Bad email or password.")
+  end
+
+  def flash_success_after_create
+    flash[:success] = translate(:signed_in, :default =>  "Signed in.")
+  end
+
+  def flash_notice_after_create
+    flash[:notice] = translate(:unconfirmed_email,
+      :scope   => [:blue_light_special, :controllers, :sessions],
+      :default => "User has not confirmed email. " <<
+                  "Confirmation email will be resent.")
+  end
+
+  def url_after_create
+    '/'
+  end
+
+  def flash_success_after_destroy
+    flash[:success] = translate(:signed_out, :default =>  "Signed out.")
+  end
+
+  def url_after_destroy
+    sign_in_url
+  end
+end

data/app/controllers/blue_light_special/users_controller.rb

@@ -0,0 +1,85 @@
+class BlueLightSpecial::UsersController < ApplicationController
+  unloadable
+
+  skip_before_filter :authenticate, :only => [:new, :create, :facebook_remove]
+  before_filter :redirect_to_root,  :only => [:new, :create], :if => :signed_in?
+  filter_parameter_logging :password
+  # Before Filter on *only* the 'uninstalled' method 
+  before_filter :verify_uninstall_signature, :only => [:facebook_remove] 
+
+  def facebook_remove
+    @fb_uid = params[:fb_sig_user] 
+    if @fb_uid.present?
+      # From here on it will be app specific -- given the facebook uid, destroy the user, like... 
+      @user = User.find_by_facebook_uid(@fb_uid)
+      @user.destroy if @user 
+    end
+    render :nothing => true; return 
+  end
+  
+  def show
+    @user = current_user
+    render :template => 'users/show'
+  end
+
+  def new
+    @user = ::User.new(params[:user])
+    render :template => 'users/new'
+  end
+
+  def create
+    @user = ::User.new params[:user]
+    if @user.save
+      sign_in(@user)
+      flash[:notice] = 'You have successfully signed up.'
+      redirect_back_or(url_after_create)
+    else
+      render :template => 'users/new'
+    end
+  end
+  
+  def edit
+    @user = current_user
+    render :template => 'users/edit'
+  end
+  
+  def update
+    @user = current_user
+    if @user.update_attributes(params[:user])
+      flash[:success] = 'Your profile has been updated.'
+      redirect_back_or(user_path(@user))
+    else
+      render :template => 'users/edit'
+    end
+  end
+
+  protected
+  def verify_uninstall_signature
+    signature = ''
+    keys = params.keys.sort
+    keys.each do |key|
+      next if key == 'fb_sig'
+      next unless key.include?('fb_sig')
+      key_name = key.gsub('fb_sig_', '')
+      signature += key_name
+      signature += '='
+      signature += params[key]
+    end
+    signature += BlueLightSpecial.configuration.facebook_secret_key
+    calculated_sig = Digest::MD5.hexdigest(signature)
+    #logger.info "\nUNINSTALL :: Signature (fb_sig param from facebook) :: #{params[:fb_sig]}" 
+    #logger.info "\nUNINSTALL :: Signature String (pre-hash) :: #{signature}" 
+    #logger.info "\nUNINSTALL :: MD5 Hashed Sig :: #{calculated_sig}"
+    if calculated_sig != params[:fb_sig] 
+      #logger.warn "\n\nUNINSTALL :: WARNING :: expected signatures did not match\n\n" return false else 
+      #logger.warn "\n\nUNINSTALL :: SUCCESS!! Signatures matched.\n" 
+    end
+    return true
+  end 
+    
+  private
+
+  def url_after_create
+    root_url
+  end
+end

data/app/models/blue_light_special_mailer.rb

@@ -0,0 +1,28 @@
+class BlueLightSpecialMailer
+
+  def self.deliver_change_password(user)
+    if MadMimiMailer.api_settings.present? && MadMimiMailer.api_settings[:username].present? && MadMimiMailer.api_settings[:api_key].present?
+      MimiMailer.deliver_mimi_change_password(user)
+    else
+      GenericMailer.deliver_change_password(user)
+    end
+  end
+  
+  def self.deliver_welcome(user)
+    if MadMimiMailer.api_settings.present? && MadMimiMailer.api_settings[:username].present? && MadMimiMailer.api_settings[:api_key].present?
+      MimiMailer.deliver_welcome(user)
+    else
+      GenericMailer.deliver_welcome(user)
+    end
+  end
+  
+  def self.deliver_confirmation(user)
+    if MadMimiMailer.api_settings.present? && MadMimiMailer.api_settings[:username].present? && MadMimiMailer.api_settings[:api_key].present?
+      MimiMailer.deliver_confirmation(user)
+    else
+      GenericMailer.deliver_confirmation(user)
+    end
+  end
+  
+
+end

data/app/models/deliver_change_password_job.rb

@@ -0,0 +1,19 @@
+##
+# Delivers the BlueLightSpecial.deliver_mimi_change_password to the requested 
+# User by +id+ as an asynchronous process.
+# 
+class DeliverChangePasswordJob
+  
+  attr_reader :user_id
+  
+  def initialize(user_id)
+    @user_id = user_id.kind_of?(User) ? user_id.id : user_id
+  end
+  
+  def perform
+    if user = User.find_by_id(@user_id)
+      BlueLightSpecialMailer.deliver_change_password(user)
+    end
+  end
+  
+end

data/app/models/deliver_welcome_job.rb

@@ -0,0 +1,17 @@
+##
+# Delivers the UserMailer.deliver_mimi_welcome to the requested User by +id+
+# as an asynchronous process.
+# 
+class DeliverWelcomeJob
+  
+  def initialize(user_id)
+    @user_id = user_id
+  end
+  
+  def perform
+    if user = User.find_by_id(@user_id)
+      BlueLightSpecialMailer.deliver_welcome(user)
+    end
+  end
+  
+end