current_user 0.0.1

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright 2012 Pavel Mitin
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,72 @@
+# CurrentUser
+
+Dev phase auth for Rails.
+
+## What it is
+
+* A simple authentication gem for the development (pre-production) phase
+* Familiar rails conventions: #current_user, #signed_in?
+* A minimalistic signin page with a list of all available users (just click on a user and you will be logged in under the user)
+* An opportunity to replace it with one of the mature solution (assuming Devise)
+
+## What it is not
+
+* An authentication solution for the production phase of the application lifecycle
+* An authorization gem (although in the future it might get some authorization features to mimic Devise)
+
+## Getting started
+
+CurrentUser works with Rails 3.2. Add to your Gemfile:
+
+```ruby
+gem 'current_user', :git => 'git://github.com/MitinPavel/current_user.git'
+```
+
+Install it using bundler:
+
+```console
+bundle install
+```
+
+__Note__: CurrentUser assumes your application already has a few users.
+So if the assumption is false, create User active record class AND/OR add several users to the database. 
+
+Run the generator:
+
+```console
+rails generate current_user:install
+```
+
+The generator:
+* creates a file with a unique authentication key for your application
+* creates an initializer
+* inject routing to your application
+* show README
+
+Specify root in `config/routes.rb`:
+
+```ruby
+root :to => 'dashboards#show'
+```
+
+Add before filter to `app/controllers/application_controller.rb`:
+
+ ```ruby
+before_filter :authenticate_user!
+ ```
+
+Try to visit one of protected pages of your application (for example root). You will see "Unauthorized" error page.
+
+Run a rake task what shows a path to your sign in page:
+```console
+rake current_user:sign_in_path
+```
+
+Visit your sign in page. You will see a list of users of your application. Click on a user and the link
+will take you to the root page of the application.
+
+Congratulations. Your application has a simple authentication solution.
+
+## License
+
+It uses MIT license. See MIT-LICENSE file in the root directory.

data/Rakefile

@@ -0,0 +1,40 @@
+#!/usr/bin/env rake
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+begin
+  require 'rdoc/task'
+rescue LoadError
+  require 'rdoc/rdoc'
+  require 'rake/rdoctask'
+  RDoc::Task = Rake::RDocTask
+end
+
+RDoc::Task.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'CurrentUser'
+  rdoc.options << '--line-numbers'
+  rdoc.rdoc_files.include('README.rdoc')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+APP_RAKEFILE = File.expand_path("../test/dummy/Rakefile", __FILE__)
+load 'rails/tasks/engine.rake'
+
+
+
+Bundler::GemHelper.install_tasks
+
+require 'rake/testtask'
+
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'lib'
+  t.libs << 'test'
+  t.pattern = 'test/**/*_test.rb'
+  t.verbose = false
+end
+
+
+task :default => :test

data/app/assets/stylesheets/current_user/application.css

@@ -0,0 +1,13 @@
+/*
+ * This is a manifest file that'll be compiled into application.css, which will include all the files
+ * listed below.
+ *
+ * Any CSS and SCSS file within this directory, lib/assets/stylesheets, vendor/assets/stylesheets,
+ * or vendor/assets/stylesheets of plugins, if any, can be referenced here using a relative path.
+ *
+ * You're free to add application-wide styles to this file and they'll appear at the top of the
+ * compiled file, but it's generally better to create a new file per style scope.
+ *
+ *= require_self
+ *= require_tree .
+ */

data/app/controllers/current_user/application_controller.rb

@@ -0,0 +1,4 @@
+module CurrentUser
+  class ApplicationController < ActionController::Base
+  end
+end

data/app/controllers/current_user/sessions_controller.rb

@@ -0,0 +1,44 @@
+require_dependency "current_user/application_controller"
+
+module CurrentUser
+  class SessionsController < ApplicationController
+    before_filter :check_key, :except => :destroy
+
+    def new
+      sign_out
+      @users = users
+    end
+
+    def create
+      user = ::User.find params[:user_id]
+      sign_in user
+      redirect_to main_app.root_url
+    end
+
+    def destroy
+      new
+      render :new
+    end
+
+    private
+
+    def check_key
+      key = ::CurrentUser.authentication_key
+
+      if key.blank? || key != params[:key]
+        render_unauthorized
+      end
+    end
+
+    # TODO: move it from the controller
+    def users
+      identifier = ::CurrentUser.identifier
+
+      if identifier.respond_to? :call
+        ::User.all.sort { |x,y| identifier.call(x) <=> identifier.call(y) }
+      else
+        ::User.order identifier.to_s
+      end
+    end
+  end
+end

data/app/helpers/current_user/application_helper.rb

@@ -0,0 +1,4 @@
+module CurrentUser
+  module ApplicationHelper
+  end
+end

data/app/views/current_user/sessions/new.html.erb

@@ -0,0 +1,44 @@
+<style type="text/css">
+  /* Grabbed from here: http://www.456bereastreet.com/archive/201110/styling_button_elements_to_look_like_links/ */
+  .current_user_signin_button {
+      overflow:visible; /* Shrinkwrap the text in IE7- */
+      margin:0;
+      padding:0;
+      border:0;
+      background:transparent;
+      font:inherit; /* Inherit font settings (doesn’t work in IE7-) */
+      line-height:normal; /* Override line-height to avoid spacing issues */
+      text-decoration:underline; /* Make it look linky */
+      cursor:pointer; /* Buttons don’t make the cursor change in all browsers */
+      -moz-user-select:text; /* Make button text selectable in Gecko */
+  }
+  /* Make sure keyboard users get visual feedback */
+  .current_user_signin_button:hover,
+  .current_user_signin_button:focus {
+      color:#800000;
+      background-color:#e3e0d1;
+  }
+  /* Remove mystery padding in Gecko browsers.
+   * See https://bugzilla.mozilla.org/show_bug.cgi?id=140562
+   */
+  .current_user_signin_button::-moz-focus-inner {
+      padding:0;
+      border:0;
+  }
+</style>
+
+
+<% if @users.any? %>
+    <h1>Sign in as</h1>
+
+    <% @users.each do |user| %>
+      <%= form_tag request.path do %>
+        <%= hidden_field_tag 'user_id', user.id %>
+        <%= submit_tag ::CurrentUser.identifier_for(user), :class => 'current_user_signin_button' %>
+      <% end %>
+    <% end %>
+ <% else %>
+    <h1>Sign in</h1>
+
+    Your database doesn't contain users. Please insert a few and reload the page.
+ <% end %>

data/app/views/layouts/current_user/application.html.erb

@@ -0,0 +1,12 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>Sign in</title>
+  <%= csrf_meta_tags %>
+</head>
+<body>
+
+<%= yield %>
+
+</body>
+</html>

data/config/initializers/extend_controllers.rb

@@ -0,0 +1 @@
+ActionController::Base.send :include, ::CurrentUser::Controller::Helpers

data/config/routes.rb

@@ -0,0 +1,6 @@
+CurrentUser::Engine.routes.draw do
+  match ':key/sign_in' => 'sessions#new', :via => :get, :as => 'sign_in'
+  match ':key/sign_in' => 'sessions#create', :via => :post
+  match :destroy, :path => 'sign_out', :controller => 'sessions', :action =>  'destroy', :as => "destroy", :via => :get
+
+end

data/lib/current_user.rb

@@ -0,0 +1,32 @@
+require 'current_user/constants'
+require 'current_user/controller/helpers'
+require 'current_user/engine'
+
+module CurrentUser
+  def self.setup
+    yield self
+  end
+
+  mattr_accessor :authentication_key
+
+  mattr_accessor :identifier
+
+  def identifier_for(user)
+    identifier = ::CurrentUser.identifier
+
+    if identifier.respond_to? :call
+      identifier.call user
+    else
+      user.send identifier
+    end
+  end
+  module_function :identifier_for
+
+  def read_authentication_key
+    key_file_path = File.expand_path 'config/current_user/key', Rails.root
+    if File.exist? key_file_path
+      File.open(key_file_path) { |f| f.readline }
+    end
+  end
+  module_function :read_authentication_key
+end

data/lib/current_user/constants.rb

@@ -0,0 +1,3 @@
+module CurrentUser
+  USER_SESSION_KEY = '__current_user_session_key__'
+end

data/lib/current_user/controller/helpers.rb

@@ -0,0 +1,40 @@
+module CurrentUser
+  module Controller
+    module Helpers
+      def self.included(base)
+        helpers = %w(authenticate_user! current_user sign_in sign_out signed_in? user_signed_in?)
+        base.hide_action *helpers
+        base.helper_method *helpers
+      end
+
+      def authenticate_user!
+        if current_user.nil?
+          render_unauthorized
+        end
+      end
+
+      def current_user
+        user_id = session[::CurrentUser::USER_SESSION_KEY]
+
+        ::User.find_by_id user_id
+      end
+
+      def sign_in(user)
+        session[::CurrentUser::USER_SESSION_KEY] = user.id
+      end
+
+      def sign_out
+        session[::CurrentUser::USER_SESSION_KEY] = nil
+      end
+
+      def signed_in?; end
+      def user_signed_in?; end
+
+      private
+
+      def render_unauthorized
+        render :text => 'Unauthorized', :status => :unauthorized
+      end
+    end
+  end
+end

data/lib/current_user/engine.rb

@@ -0,0 +1,5 @@
+module CurrentUser
+  class Engine < ::Rails::Engine
+    isolate_namespace CurrentUser
+  end
+end

data/lib/current_user/version.rb

@@ -0,0 +1,3 @@
+module CurrentUser
+  VERSION = "0.0.1"
+end

data/lib/generators/current_user/install_generator.rb

@@ -0,0 +1,29 @@
+require 'rails/generators/base'
+
+module CurrentUser
+  module Generators
+    class InstallGenerator < Rails::Generators::Base
+      source_root File.expand_path("../../templates", __FILE__)
+
+      desc "Creates a CurrentUser initializer and a authentication key file to your application."
+
+      def create_authentication_key
+        create_file "config/current_user/key", ::SecureRandom.hex(20)
+      end
+
+      def copy_initializer
+        template "current_user.rb", "config/initializers/current_user.rb"
+      end
+
+      def mount_routing
+        inject_into_file 'config/routes.rb', :after => "routes.draw do" do
+          "\n  mount CurrentUser::Engine => '/current_user'\n\n"
+        end
+      end
+
+      def show_readme
+        readme "README" if behavior == :invoke
+      end
+    end
+  end
+end

data/lib/generators/templates/README

@@ -0,0 +1,14 @@
+===============================================================================
+
+1. Ensure you have root_url in your config/routes.rb.
+   For example: root :to => "home#index"
+
+2. Run 'rake current_user:sign_in_path' to see a path to your sign in page.
+
+3. Customize configuration using 'config/initializers/current_user.rb'
+
+4. Customize a unique authentication token for your application
+   by changing 'config/current_user/key'
+   Note: only the first line of the key file will be taken into account.
+
+===============================================================================

data/lib/generators/templates/current_user.rb

@@ -0,0 +1,13 @@
+::CurrentUser.setup do |config|
+
+  # Setup an authentication key.
+  # If you want to have a custom key, it might look like:
+  # config.authentication_key = '4242424242424242'
+  config.authentication_key = ::CurrentUser.read_authentication_key
+
+  # Setup how users might be distinguished via UI.
+  # It might be a symbol, a string or a lambda.
+  # For the last case it might be:
+  # config.identifier = lambda { |u| "User with email #{u.email}" }
+  config.identifier = :email
+end

data/lib/tasks/current_user_tasks.rake

@@ -0,0 +1,13 @@
+namespace :current_user do
+  desc "Show a path to the sign in page"
+  task :sign_in_path => :environment  do
+    key =  ::CurrentUser.authentication_key
+
+    unless key.blank?
+      # TODO: use route helpers.
+      puts "/current_user/#{key}/sign_in"
+    else
+      puts 'Error: there is no authentication key. Check out config/current_user/key file.'
+    end
+  end
+end

data/test/dummy/README.rdoc

@@ -0,0 +1,261 @@
+== Welcome to Rails
+
+Rails is a web-application framework that includes everything needed to create
+database-backed web applications according to the Model-View-Control pattern.
+
+This pattern splits the view (also called the presentation) into "dumb"
+templates that are primarily responsible for inserting pre-built data in between
+HTML tags. The model contains the "smart" domain objects (such as Account,
+Product, Person, Post) that holds all the business logic and knows how to
+persist themselves to a database. The controller handles the incoming requests
+(such as Save New Account, Update Product, Show Post) by manipulating the model
+and directing data to the view.
+
+In Rails, the model is handled by what's called an object-relational mapping
+layer entitled Active Record. This layer allows you to present the data from
+database rows as objects and embellish these data objects with business logic
+methods. You can read more about Active Record in
+link:files/vendor/rails/activerecord/README.html.
+
+The controller and view are handled by the Action Pack, which handles both
+layers by its two parts: Action View and Action Controller. These two layers
+are bundled in a single package due to their heavy interdependence. This is
+unlike the relationship between the Active Record and Action Pack that is much
+more separate. Each of these packages can be used independently outside of
+Rails. You can read more about Action Pack in
+link:files/vendor/rails/actionpack/README.html.
+
+
+== Getting Started
+
+1. At the command prompt, create a new Rails application:
+       <tt>rails new myapp</tt> (where <tt>myapp</tt> is the application name)
+
+2. Change directory to <tt>myapp</tt> and start the web server:
+       <tt>cd myapp; rails server</tt> (run with --help for options)
+
+3. Go to http://localhost:3000/ and you'll see:
+       "Welcome aboard: You're riding Ruby on Rails!"
+
+4. Follow the guidelines to start developing your application. You can find
+the following resources handy:
+
+* The Getting Started Guide: http://guides.rubyonrails.org/getting_started.html
+* Ruby on Rails Tutorial Book: http://www.railstutorial.org/
+
+
+== Debugging Rails
+
+Sometimes your application goes wrong. Fortunately there are a lot of tools that
+will help you debug it and get it back on the rails.
+
+First area to check is the application log files. Have "tail -f" commands
+running on the server.log and development.log. Rails will automatically display
+debugging and runtime information to these files. Debugging info will also be
+shown in the browser on requests from 127.0.0.1.
+
+You can also log your own messages directly into the log file from your code
+using the Ruby logger class from inside your controllers. Example:
+
+  class WeblogController < ActionController::Base
+    def destroy
+      @weblog = Weblog.find(params[:id])
+      @weblog.destroy
+      logger.info("#{Time.now} Destroyed Weblog ID ##{@weblog.id}!")
+    end
+  end
+
+The result will be a message in your log file along the lines of:
+
+  Mon Oct 08 14:22:29 +1000 2007 Destroyed Weblog ID #1!
+
+More information on how to use the logger is at http://www.ruby-doc.org/core/
+
+Also, Ruby documentation can be found at http://www.ruby-lang.org/. There are
+several books available online as well:
+
+* Programming Ruby: http://www.ruby-doc.org/docs/ProgrammingRuby/ (Pickaxe)
+* Learn to Program: http://pine.fm/LearnToProgram/ (a beginners guide)
+
+These two books will bring you up to speed on the Ruby language and also on
+programming in general.
+
+
+== Debugger
+
+Debugger support is available through the debugger command when you start your
+Mongrel or WEBrick server with --debugger. This means that you can break out of
+execution at any point in the code, investigate and change the model, and then,
+resume execution! You need to install ruby-debug to run the server in debugging
+mode. With gems, use <tt>sudo gem install ruby-debug</tt>. Example:
+
+  class WeblogController < ActionController::Base
+    def index
+      @posts = Post.all
+      debugger
+    end
+  end
+
+So the controller will accept the action, run the first line, then present you
+with a IRB prompt in the server window. Here you can do things like:
+
+  >> @posts.inspect
+  => "[#<Post:0x14a6be8
+          @attributes={"title"=>nil, "body"=>nil, "id"=>"1"}>,
+       #<Post:0x14a6620
+          @attributes={"title"=>"Rails", "body"=>"Only ten..", "id"=>"2"}>]"
+  >> @posts.first.title = "hello from a debugger"
+  => "hello from a debugger"
+
+...and even better, you can examine how your runtime objects actually work:
+
+  >> f = @posts.first
+  => #<Post:0x13630c4 @attributes={"title"=>nil, "body"=>nil, "id"=>"1"}>
+  >> f.
+  Display all 152 possibilities? (y or n)
+
+Finally, when you're ready to resume execution, you can enter "cont".
+
+
+== Console
+
+The console is a Ruby shell, which allows you to interact with your
+application's domain model. Here you'll have all parts of the application
+configured, just like it is when the application is running. You can inspect
+domain models, change values, and save to the database. Starting the script
+without arguments will launch it in the development environment.
+
+To start the console, run <tt>rails console</tt> from the application
+directory.
+
+Options:
+
+* Passing the <tt>-s, --sandbox</tt> argument will rollback any modifications
+  made to the database.
+* Passing an environment name as an argument will load the corresponding
+  environment. Example: <tt>rails console production</tt>.
+
+To reload your controllers and models after launching the console run
+<tt>reload!</tt>
+
+More information about irb can be found at:
+link:http://www.rubycentral.org/pickaxe/irb.html
+
+
+== dbconsole
+
+You can go to the command line of your database directly through <tt>rails
+dbconsole</tt>. You would be connected to the database with the credentials
+defined in database.yml. Starting the script without arguments will connect you
+to the development database. Passing an argument will connect you to a different
+database, like <tt>rails dbconsole production</tt>. Currently works for MySQL,
+PostgreSQL and SQLite 3.
+
+== Description of Contents
+
+The default directory structure of a generated Ruby on Rails application:
+
+  |-- app
+  |   |-- assets
+  |       |-- images
+  |       |-- javascripts
+  |       `-- stylesheets
+  |   |-- controllers
+  |   |-- helpers
+  |   |-- mailers
+  |   |-- models
+  |   `-- views
+  |       `-- layouts
+  |-- config
+  |   |-- environments
+  |   |-- initializers
+  |   `-- locales
+  |-- db
+  |-- doc
+  |-- lib
+  |   `-- tasks
+  |-- log
+  |-- public
+  |-- script
+  |-- test
+  |   |-- fixtures
+  |   |-- functional
+  |   |-- integration
+  |   |-- performance
+  |   `-- unit
+  |-- tmp
+  |   |-- cache
+  |   |-- pids
+  |   |-- sessions
+  |   `-- sockets
+  `-- vendor
+      |-- assets
+          `-- stylesheets
+      `-- plugins
+
+app
+  Holds all the code that's specific to this particular application.
+
+app/assets
+  Contains subdirectories for images, stylesheets, and JavaScript files.
+
+app/controllers
+  Holds controllers that should be named like weblogs_controller.rb for
+  automated URL mapping. All controllers should descend from
+  ApplicationController which itself descends from ActionController::Base.
+
+app/models
+  Holds models that should be named like post.rb. Models descend from
+  ActiveRecord::Base by default.
+
+app/views
+  Holds the template files for the view that should be named like
+  weblogs/index.html.erb for the WeblogsController#index action. All views use
+  eRuby syntax by default.
+
+app/views/layouts
+  Holds the template files for layouts to be used with views. This models the
+  common header/footer method of wrapping views. In your views, define a layout
+  using the <tt>layout :default</tt> and create a file named default.html.erb.
+  Inside default.html.erb, call <% yield %> to render the view using this
+  layout.
+
+app/helpers
+  Holds view helpers that should be named like weblogs_helper.rb. These are
+  generated for you automatically when using generators for controllers.
+  Helpers can be used to wrap functionality for your views into methods.
+
+config
+  Configuration files for the Rails environment, the routing map, the database,
+  and other dependencies.
+
+db
+  Contains the database schema in schema.rb. db/migrate contains all the
+  sequence of Migrations for your schema.
+
+doc
+  This directory is where your application documentation will be stored when
+  generated using <tt>rake doc:app</tt>
+
+lib
+  Application specific libraries. Basically, any kind of custom code that
+  doesn't belong under controllers, models, or helpers. This directory is in
+  the load path.
+
+public
+  The directory available for the web server. Also contains the dispatchers and the
+  default HTML files. This should be set as the DOCUMENT_ROOT of your web
+  server.
+
+script
+  Helper scripts for automation and generation.
+
+test
+  Unit and functional tests along with fixtures. When using the rails generate
+  command, template test files will be generated for you and placed in this
+  directory.
+
+vendor
+  External libraries that the application depends on. Also includes the plugins
+  subdirectory. If the app has frozen rails, those gems also go here, under
+  vendor/rails/. This directory is in the load path.