dacz-authuser 0.1.2
Sign up to get free protection for your applications and to get access to all the features.
- data/CHANGELOG.textile +2 -0
- data/LICENSE +21 -0
- data/README.textile +123 -0
- data/Rakefile +72 -0
- data/TODO.textile +6 -0
- data/app/controllers/authuser/confirmations_controller.rb +48 -0
- data/app/controllers/authuser/passwords_controller.rb +69 -0
- data/app/controllers/authuser/sessions_controller.rb +50 -0
- data/app/controllers/authuser/users_controller.rb +31 -0
- data/app/models/authuser_mailer.rb +23 -0
- data/app/views/authuser_mailer/change_password.html.erb +7 -0
- data/app/views/authuser_mailer/confirmation.html.erb +2 -0
- data/app/views/passwords/edit.html.erb +23 -0
- data/app/views/passwords/new.html.erb +15 -0
- data/app/views/sessions/new.html.erb +28 -0
- data/app/views/users/_form.html.erb +13 -0
- data/app/views/users/new.html.erb +6 -0
- data/config/authuser_routes.rb +19 -0
- data/generators/authuser/USAGE +1 -0
- data/generators/authuser/authuser_generator.rb +48 -0
- data/generators/authuser/lib/insert_commands.rb +103 -0
- data/generators/authuser/lib/rake_commands.rb +22 -0
- data/generators/authuser/templates/README +22 -0
- data/generators/authuser/templates/config/initializers/authuser.rb +8 -0
- data/generators/authuser/templates/factories.rb +19 -0
- data/generators/authuser/templates/migrations/create_users.rb +26 -0
- data/generators/authuser/templates/migrations/update_users.rb +45 -0
- data/generators/authuser/templates/user.rb +3 -0
- data/generators/authuser_features/USAGE +1 -0
- data/generators/authuser_features/authuser_features_generator.rb +20 -0
- data/generators/authuser_features/templates/features/password_reset.feature +33 -0
- data/generators/authuser_features/templates/features/step_definitions/authuser_steps.rb +110 -0
- data/generators/authuser_features/templates/features/step_definitions/factory_girl_steps.rb +5 -0
- data/generators/authuser_features/templates/features/support/paths.rb +22 -0
- data/generators/authuser_features/templates/features/user_login.feature +42 -0
- data/generators/authuser_features/templates/features/user_logout.feature +23 -0
- data/generators/authuser_features/templates/features/user_register.feature +28 -0
- data/lib/authuser.rb +20 -0
- data/lib/authuser/authentication.rb +96 -0
- data/lib/authuser/extensions/errors.rb +4 -0
- data/lib/authuser/extensions/rescue.rb +1 -0
- data/lib/authuser/user.rb +143 -0
- data/lib/authuser/version.rb +7 -0
- data/rails/init.rb +1 -0
- data/shoulda_macros/authuser.rb +261 -0
- metadata +134 -0
data/CHANGELOG.textile
ADDED
data/LICENSE
ADDED
@@ -0,0 +1,21 @@
|
|
1
|
+
The MIT License
|
2
|
+
|
3
|
+
Copyright (c) 2008 thoughtbot, inc.
|
4
|
+
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
6
|
+
of this software and associated documentation files (the "Software"), to deal
|
7
|
+
in the Software without restriction, including without limitation the rights
|
8
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
9
|
+
copies of the Software, and to permit persons to whom the Software is
|
10
|
+
furnished to do so, subject to the following conditions:
|
11
|
+
|
12
|
+
The above copyright notice and this permission notice shall be included in
|
13
|
+
all copies or substantial portions of the Software.
|
14
|
+
|
15
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
16
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
17
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
18
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
19
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
20
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
21
|
+
THE SOFTWARE.
|
data/README.textile
ADDED
@@ -0,0 +1,123 @@
|
|
1
|
+
h1. Authuser
|
2
|
+
|
3
|
+
Auth User For Rails. Forked from Clearance
|
4
|
+
|
5
|
+
h2. Wiki
|
6
|
+
|
7
|
+
Most information regarding Clearance from which Authuser is forked: on the "Github Wiki":http://wiki.github.com/thoughtbot/clearance.
|
8
|
+
|
9
|
+
h2. Engine
|
10
|
+
|
11
|
+
Authuser is a Rails engine. It works with versions of Rails greater than 2.3.
|
12
|
+
|
13
|
+
In config/environment.rb:
|
14
|
+
|
15
|
+
<pre>
|
16
|
+
config.gem "thoughtbot-authuser",
|
17
|
+
:lib => 'authuser',
|
18
|
+
:source => 'http://gems.github.com',
|
19
|
+
:version => '0.6.4'
|
20
|
+
</pre>
|
21
|
+
|
22
|
+
Vendor the gem:
|
23
|
+
|
24
|
+
<pre>
|
25
|
+
rake gems:install
|
26
|
+
rake gems:unpack
|
27
|
+
</pre>
|
28
|
+
|
29
|
+
Make sure the development database exists and run the generator:
|
30
|
+
|
31
|
+
@script/generate authuser@
|
32
|
+
|
33
|
+
A number of files will be created and instructions will be printed.
|
34
|
+
|
35
|
+
You may already have some of these files. Don't worry. You'll be asked if you want to overwrite them.
|
36
|
+
|
37
|
+
Run the migration:
|
38
|
+
|
39
|
+
@rake db:migrate@
|
40
|
+
|
41
|
+
h2. Environment
|
42
|
+
|
43
|
+
Define a HOST constant in your environment files.
|
44
|
+
In config/environments/test.rb and config/environments/development.rb it can be:
|
45
|
+
|
46
|
+
@HOST = "localhost"@
|
47
|
+
|
48
|
+
In production.rb it must be the actual host your application is deployed to.
|
49
|
+
The constant is used by mailers to generate URLs in emails.
|
50
|
+
|
51
|
+
In config/environment.rb:
|
52
|
+
|
53
|
+
@DO_NOT_REPLY = "donotreply@example.com"@
|
54
|
+
|
55
|
+
Define root_url to *something* in your config/routes.rb:
|
56
|
+
|
57
|
+
@map.root :controller => 'home'@
|
58
|
+
|
59
|
+
h2. Cucumber Features
|
60
|
+
|
61
|
+
As your app evolves, you want to know that authentication still works. Authuser's opinion is that you should test its integration with your app using "Cucumber":http://cukes.info/.
|
62
|
+
|
63
|
+
In config/environments/test.rb:
|
64
|
+
|
65
|
+
<pre>
|
66
|
+
config.gem 'webrat',
|
67
|
+
:version => '= 0.4.4'
|
68
|
+
config.gem 'cucumber',
|
69
|
+
:version => '= 0.3.0'
|
70
|
+
config.gem 'thoughtbot-factory_girl',
|
71
|
+
:lib => 'factory_girl',
|
72
|
+
:source => "http://gems.github.com",
|
73
|
+
:version => '1.2.1'
|
74
|
+
</pre>
|
75
|
+
|
76
|
+
Vendor the gems:
|
77
|
+
|
78
|
+
<pre>
|
79
|
+
rake gems:install RAILS_ENV=test
|
80
|
+
rake gems:unpack RAILS_ENV=test
|
81
|
+
</pre>
|
82
|
+
|
83
|
+
Don't vendor nokogiri (due to its native extensions):
|
84
|
+
|
85
|
+
@rm -rf vendor/gems/nokogiri-1.2.3@
|
86
|
+
|
87
|
+
Run the Cucumber generator (if you haven't already) and Authuser's feature generator:
|
88
|
+
|
89
|
+
<pre>
|
90
|
+
script/generate cucumber
|
91
|
+
script/generate authuser_features
|
92
|
+
</pre>
|
93
|
+
|
94
|
+
All of the files generated should be new with the exception of the features/support/paths.rb file. If you have not modified your paths.rb then you will be okay to replace it with this one. If you need to keep your paths.rb file then add these locations in your paths.rb manually:
|
95
|
+
|
96
|
+
<pre>
|
97
|
+
def path_to(page_name)
|
98
|
+
case page_name
|
99
|
+
...
|
100
|
+
when /the sign up page/i
|
101
|
+
new_user_path
|
102
|
+
when /the sign in page/i
|
103
|
+
new_session_path
|
104
|
+
when /the password reset request page/i
|
105
|
+
new_password_path
|
106
|
+
...
|
107
|
+
end
|
108
|
+
</pre>
|
109
|
+
|
110
|
+
h2. Authors
|
111
|
+
|
112
|
+
Authuser was extracted out of "Hoptoad":http://hoptoadapp.com. We merged the authentication code from two of thoughtbot's client's Rails apps and have since used it each time we need authentication. The following people have improved the library. Thank you!
|
113
|
+
|
114
|
+
Dan Croak, Mike Burns, Jason Morrison, Joe Ferris, Eugene Bolshakov, Nick Quaranto, Josh Nichols, Mike Breen, Marcel Görner, Bence Nagy, Ben Mabey, Eloy Duran, Tim Pope, Mihai Anca, Mark Cornick, & Shay Arnett.
|
115
|
+
|
116
|
+
h2. Questions?
|
117
|
+
|
118
|
+
Ask the "mailing list":http://groups.google.com/group/thoughtbot-authuser
|
119
|
+
|
120
|
+
h2. Suggestions, Bugs, Refactoring?
|
121
|
+
|
122
|
+
Fork away and create a "Github Issue":http://github.com/thoughtbot/authuser/issues. Please don't send pull requests.
|
123
|
+
|
data/Rakefile
ADDED
@@ -0,0 +1,72 @@
|
|
1
|
+
require 'rake'
|
2
|
+
require 'rake/testtask'
|
3
|
+
require 'cucumber/rake/task'
|
4
|
+
|
5
|
+
namespace :test do
|
6
|
+
Rake::TestTask.new(:all => ["generator:cleanup",
|
7
|
+
"generator:generate"]) do |task|
|
8
|
+
task.libs << "lib"
|
9
|
+
task.libs << "test"
|
10
|
+
task.pattern = "test/**/*_test.rb"
|
11
|
+
task.verbose = false
|
12
|
+
end
|
13
|
+
|
14
|
+
end
|
15
|
+
|
16
|
+
generators = %w(authuser authuser_features)
|
17
|
+
|
18
|
+
namespace :generator do
|
19
|
+
desc "Cleans up the test app before running the generator"
|
20
|
+
task :cleanup do
|
21
|
+
generators.each do |generator|
|
22
|
+
FileList["generators/#{generator}/templates/**/*.*"].each do |each|
|
23
|
+
file = "test/rails_root/#{each.gsub("generators/#{generator}/templates/",'')}"
|
24
|
+
File.delete(file) if File.exists?(file)
|
25
|
+
end
|
26
|
+
end
|
27
|
+
|
28
|
+
FileList["test/rails_root/db/**/*"].each do |each|
|
29
|
+
FileUtils.rm_rf(each)
|
30
|
+
end
|
31
|
+
FileUtils.rm_rf("test/rails_root/vendor/plugins/authuser")
|
32
|
+
FileUtils.mkdir_p("test/rails_root/vendor/plugins")
|
33
|
+
authuser_root = File.expand_path(File.dirname(__FILE__))
|
34
|
+
system("ln -s #{authuser_root} test/rails_root/vendor/plugins/authuser")
|
35
|
+
end
|
36
|
+
|
37
|
+
desc "Run the generator on the tests"
|
38
|
+
task :generate do
|
39
|
+
generators.each do |generator|
|
40
|
+
system "cd test/rails_root && ./script/generate #{generator} && rake db:migrate db:test:prepare"
|
41
|
+
end
|
42
|
+
end
|
43
|
+
end
|
44
|
+
|
45
|
+
desc "Run the test suite"
|
46
|
+
task :default => ['test:all', 'test:features']
|
47
|
+
|
48
|
+
load 'lib/authuser/version.rb'
|
49
|
+
|
50
|
+
gem_spec = Gem::Specification.new do |gem_spec|
|
51
|
+
gem_spec.name = "authuser"
|
52
|
+
# gem_spec.version = "0.1.1"
|
53
|
+
gem_spec.version = "#{Authuser::Version::MAJOR}.#{Authuser::Version::MINOR}.#{Authuser::Version::PATCH}"
|
54
|
+
gem_spec.summary = "Auth Users For Rails"
|
55
|
+
gem_spec.email = "support@cizek.org"
|
56
|
+
gem_spec.homepage = "http://github.com/dacz/authuser"
|
57
|
+
gem_spec.description = "User Auth For Rails, forked from Clearance."
|
58
|
+
gem_spec.authors = ["Dan Croak", "Mike Burns", "Jason Morrison",
|
59
|
+
"Joe Ferris", "Eugene Bolshakov", "Nick Quaranto",
|
60
|
+
"Josh Nichols", "Mike Breen", "Marcel Görner",
|
61
|
+
"Bence Nagy", "Ben Mabey", "Eloy Duran",
|
62
|
+
"Tim Pope", "Mihai Anca", "Mark Cornick",
|
63
|
+
"Shay Arnett", "David Cizek"]
|
64
|
+
gem_spec.files = FileList["[A-Z]*", "{app,config,generators,lib,shoulda_macros,rails}/**/*"]
|
65
|
+
end
|
66
|
+
|
67
|
+
desc "Generate a gemspec file"
|
68
|
+
task :gemspec do
|
69
|
+
File.open("#{gem_spec.name}.gemspec", 'w') do |f|
|
70
|
+
f.write gem_spec.to_yaml
|
71
|
+
end
|
72
|
+
end
|
data/TODO.textile
ADDED
@@ -0,0 +1,48 @@
|
|
1
|
+
class Authuser::ConfirmationsController < ApplicationController
|
2
|
+
unloadable
|
3
|
+
|
4
|
+
before_filter :forbid_confirmed_user, :only => :new
|
5
|
+
before_filter :forbid_missing_token, :only => :new
|
6
|
+
before_filter :forbid_non_existent_user, :only => :new
|
7
|
+
filter_parameter_logging :token
|
8
|
+
|
9
|
+
def new
|
10
|
+
create
|
11
|
+
end
|
12
|
+
|
13
|
+
def create
|
14
|
+
@user = ::User.find_by_id_and_token(params[:user_id], params[:token])
|
15
|
+
@user.confirm_email!
|
16
|
+
|
17
|
+
sign_user_in(@user)
|
18
|
+
flash[:success] = translate(:confirmed_email,
|
19
|
+
:scope => [:authuser, :controllers, :confirmations],
|
20
|
+
:default => "Confirmed email and signed in.")
|
21
|
+
redirect_to url_after_create
|
22
|
+
end
|
23
|
+
|
24
|
+
private
|
25
|
+
|
26
|
+
def forbid_confirmed_user
|
27
|
+
user = ::User.find_by_id(params[:user_id])
|
28
|
+
if user && user.email_confirmed?
|
29
|
+
raise ActionController::Forbidden, "confirmed user"
|
30
|
+
end
|
31
|
+
end
|
32
|
+
|
33
|
+
def forbid_missing_token
|
34
|
+
if params[:token].blank?
|
35
|
+
raise ActionController::Forbidden, "missing token"
|
36
|
+
end
|
37
|
+
end
|
38
|
+
|
39
|
+
def forbid_non_existent_user
|
40
|
+
unless ::User.find_by_id_and_token(params[:user_id], params[:token])
|
41
|
+
raise ActionController::Forbidden, "non-existent user"
|
42
|
+
end
|
43
|
+
end
|
44
|
+
|
45
|
+
def url_after_create
|
46
|
+
root_url
|
47
|
+
end
|
48
|
+
end
|
@@ -0,0 +1,69 @@
|
|
1
|
+
class Authuser::PasswordsController < ApplicationController
|
2
|
+
unloadable
|
3
|
+
|
4
|
+
before_filter :forbid_missing_token, :only => [:edit, :update]
|
5
|
+
before_filter :forbid_non_existent_user, :only => [:edit, :update]
|
6
|
+
filter_parameter_logging :password, :password_confirmation
|
7
|
+
|
8
|
+
def new
|
9
|
+
render :template => 'passwords/new'
|
10
|
+
end
|
11
|
+
|
12
|
+
def create
|
13
|
+
if user = ::User.find_by_email(params[:password][:email])
|
14
|
+
user.forgot_password!
|
15
|
+
::AuthuserMailer.deliver_change_password user
|
16
|
+
flash[:notice] = translate(:deliver_change_password,
|
17
|
+
:scope => [:authuser, :controllers, :passwords],
|
18
|
+
:default => "You will receive an email within the next few minutes. " <<
|
19
|
+
"It contains instructions for changing your password.")
|
20
|
+
redirect_to url_after_create
|
21
|
+
else
|
22
|
+
flash.now[:failure] = translate(:unknown_email,
|
23
|
+
:scope => [:authuser, :controllers, :passwords],
|
24
|
+
:default => "Unknown email.")
|
25
|
+
render :template => 'passwords/new'
|
26
|
+
end
|
27
|
+
end
|
28
|
+
|
29
|
+
def edit
|
30
|
+
@user = ::User.find_by_id_and_token(params[:user_id], params[:token])
|
31
|
+
render :template => 'passwords/edit'
|
32
|
+
end
|
33
|
+
|
34
|
+
def update
|
35
|
+
@user = ::User.find_by_id_and_token(params[:user_id], params[:token])
|
36
|
+
|
37
|
+
if @user.update_password(params[:user][:password],
|
38
|
+
params[:user][:password_confirmation])
|
39
|
+
@user.confirm_email! unless @user.email_confirmed?
|
40
|
+
sign_user_in(@user)
|
41
|
+
flash[:success] = translate(:signed_in, :default => "Signed in.")
|
42
|
+
redirect_to url_after_update
|
43
|
+
else
|
44
|
+
render :template => 'passwords/edit'
|
45
|
+
end
|
46
|
+
end
|
47
|
+
|
48
|
+
private
|
49
|
+
|
50
|
+
def forbid_missing_token
|
51
|
+
if params[:token].blank?
|
52
|
+
raise ActionController::Forbidden, "missing token"
|
53
|
+
end
|
54
|
+
end
|
55
|
+
|
56
|
+
def forbid_non_existent_user
|
57
|
+
unless ::User.find_by_id_and_token(params[:user_id], params[:token])
|
58
|
+
raise ActionController::Forbidden, "non-existent user"
|
59
|
+
end
|
60
|
+
end
|
61
|
+
|
62
|
+
def url_after_create
|
63
|
+
new_session_url
|
64
|
+
end
|
65
|
+
|
66
|
+
def url_after_update
|
67
|
+
root_url
|
68
|
+
end
|
69
|
+
end
|
@@ -0,0 +1,50 @@
|
|
1
|
+
class Authuser::SessionsController < ApplicationController
|
2
|
+
unloadable
|
3
|
+
|
4
|
+
protect_from_forgery :except => :create
|
5
|
+
filter_parameter_logging :password
|
6
|
+
|
7
|
+
def new
|
8
|
+
render :template => 'sessions/new'
|
9
|
+
end
|
10
|
+
|
11
|
+
def create
|
12
|
+
@user = ::User.authenticate(params[:session][:email],
|
13
|
+
params[:session][:password])
|
14
|
+
if @user.nil?
|
15
|
+
flash.now[:failure] = translate(:bad_email_or_password,
|
16
|
+
:scope => [:authuser, :controllers, :sessions],
|
17
|
+
:default => "Bad email or password.")
|
18
|
+
render :template => 'sessions/new', :status => :unauthorized
|
19
|
+
else
|
20
|
+
if @user.email_confirmed?
|
21
|
+
sign_user_in(@user)
|
22
|
+
remember(@user) if remember?
|
23
|
+
flash[:success] = translate(:signed_in, :default => "Signed in.")
|
24
|
+
redirect_back_or url_after_create
|
25
|
+
else
|
26
|
+
::AuthuserMailer.deliver_confirmation(@user)
|
27
|
+
deny_access(translate(:unconfirmed_email,
|
28
|
+
:scope => [:authuser, :controllers, :sessions],
|
29
|
+
:default => "User has not confirmed email. " <<
|
30
|
+
"Confirmation email will be resent."))
|
31
|
+
end
|
32
|
+
end
|
33
|
+
end
|
34
|
+
|
35
|
+
def destroy
|
36
|
+
forget(current_user)
|
37
|
+
flash[:success] = translate(:signed_out, :default => "Signed out.")
|
38
|
+
redirect_to url_after_destroy
|
39
|
+
end
|
40
|
+
|
41
|
+
private
|
42
|
+
|
43
|
+
def url_after_create
|
44
|
+
root_url
|
45
|
+
end
|
46
|
+
|
47
|
+
def url_after_destroy
|
48
|
+
new_session_url
|
49
|
+
end
|
50
|
+
end
|
@@ -0,0 +1,31 @@
|
|
1
|
+
class Authuser::UsersController < ApplicationController
|
2
|
+
unloadable
|
3
|
+
|
4
|
+
before_filter :redirect_to_root, :only => [:new, :create], :if => :signed_in?
|
5
|
+
filter_parameter_logging :password
|
6
|
+
|
7
|
+
def new
|
8
|
+
@user = ::User.new(params[:user])
|
9
|
+
render :template => 'users/new'
|
10
|
+
end
|
11
|
+
|
12
|
+
def create
|
13
|
+
@user = ::User.new params[:user]
|
14
|
+
if @user.save
|
15
|
+
::AuthuserMailer.deliver_confirmation @user
|
16
|
+
flash[:notice] = translate(:deliver_confirmation,
|
17
|
+
:scope => [:authuser, :controllers, :users],
|
18
|
+
:default => "You will receive an email within the next few minutes. " <<
|
19
|
+
"It contains instructions for confirming your account.")
|
20
|
+
redirect_to url_after_create
|
21
|
+
else
|
22
|
+
render :template => 'users/new'
|
23
|
+
end
|
24
|
+
end
|
25
|
+
|
26
|
+
private
|
27
|
+
|
28
|
+
def url_after_create
|
29
|
+
new_session_url
|
30
|
+
end
|
31
|
+
end
|
@@ -0,0 +1,23 @@
|
|
1
|
+
class AuthuserMailer < ActionMailer::Base
|
2
|
+
|
3
|
+
default_url_options[:host] = MAILER_HOST
|
4
|
+
|
5
|
+
def change_password(user)
|
6
|
+
from MAILER_DO_NOT_REPLY
|
7
|
+
recipients user.email
|
8
|
+
subject I18n.t(:change_password,
|
9
|
+
:scope => [:authuser, :models, :authuser_mailer],
|
10
|
+
:default => "Change your password")
|
11
|
+
body :user => user
|
12
|
+
end
|
13
|
+
|
14
|
+
def confirmation(user)
|
15
|
+
from MAILER_DO_NOT_REPLY
|
16
|
+
recipients user.email
|
17
|
+
subject I18n.t(:confirmation,
|
18
|
+
:scope => [:authuser, :models, :authuser_mailer],
|
19
|
+
:default => "Account confirmation")
|
20
|
+
body :user => user
|
21
|
+
end
|
22
|
+
|
23
|
+
end
|