RubyGems - dancroak-clearance - Versions diffs - 0.1 - Mend

dancroak-clearance 0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

data/README.textile +78 -0
data/clearance.gemspec +11 -0
data/lib/clearance.rb +8 -0
data/lib/clearance/application_controller.rb +62 -0
data/lib/clearance/model.rb +84 -0
data/lib/clearance/sessions_controller.rb +66 -0
data/lib/clearance/sessions_controller_test.rb +84 -0
data/lib/clearance/test_helper.rb +75 -0
data/lib/clearance/unit_test.rb +186 -0
data/lib/clearance/users_controller.rb +22 -0
data/lib/clearance/users_controller_test.rb +72 -0
metadata +65 -0

data/README.textile ADDED Viewed

@@ -0,0 +1,78 @@
+h1. Clearance
+Simple, complete Rails authentication.
+"We have clearance, Clarence.":http://www.youtube.com/v/mNRXJEE3Nz8
+h2. Features
+* email & password
+* modules, not a generator
+* gem, not a plugin
+* should & factory_girl tests included
+h2. Schema
+Change your User model so it has these attributes.
+    change_table(:users) do |t|
+		  t.column :email, :string
+		  t.column :crypted_password, :string, :limit => 40
+		  t.column :salt, :string, :limit => 40
+		  t.column :remember_token, :string
+		  t.column :remember_token_expires_at, :datetime
+		end
+	  add_index :users, [:email, :password]
+h2. Model
+In app/models/user.rb:
+    include Clearance::Model
+h2. Controllers
+In app/controllers/application_controller.rb:
+    include Clearance::ApplicationController
+In app/controllers/sessions_controller.rb:
+    include Clearance::SessionsController
+In app/controllers/users_controller.rb:
+    include Clearance::UsersController
+h2. Routes
+    map.login  '/login',  :controller => 'sessions', :action => 'new'
+    map.logout '/logout', :controller => 'sessions', :action => 'destroy'
+    map.resource :session
+h2. Tests
+The tests use Shoulda and Factory Girl.
+In test/test_helper.rb:
+    include Clearance::TestHelper
+In test/unit/user_test.rb:
+    include Clearance::UnitTest
+In test/functional/sessions_controller_test.rb:
+    include Clearance::SessionsControllerTest
+In test/functional/users_controller_test.rb:
+    include Clearance::UsersControllerTest
+h2. Authors
+* thoughtbot, inc.
+* Dan Croak
+* Josh Nichols

data/clearance.gemspec ADDED Viewed

@@ -0,0 +1,11 @@
+Gem::Specification.new do |s|
+  s.name = "clearance"
+  s.version = "0.1"
+  s.date = "2008-09-06"
+  s.summary = "Simple, complete Rails authentication."
+  s.email = "dcroak@thoughtbot.com"
+  s.homepage = "http://github.com/dancroak/clearance"
+  s.description = "Simple, complete Rails authentication scheme."
+  s.authors = ["thoughtbot, inc.", "Dan Croak", "Josh Nichols"]
+  s.files = ["README.textile", "clearance.gemspec", "lib/clearance.rb", "lib/clearance/application_controller.rb", "lib/clearance/model.rb", "lib/clearance/sessions_controller.rb", "lib/clearance/sessions_controller_test.rb", "lib/clearance/test_helper.rb", "lib/clearance/unit_test.rb", "lib/clearance/users_controller.rb", "lib/clearance/users_controller_test.rb"]
+end

data/lib/clearance.rb ADDED Viewed

@@ -0,0 +1,8 @@
+require 'clearance/application_controller'
+require 'clearance/sessions_controller'
+require 'clearance/users_controller'
+require 'clearance/model'
+require 'clearance/test_helper'
+require 'clearance/sessions_controller_test'
+require 'clearance/users_controller_test'
+require 'clearance/unit_test'

data/lib/clearance/application_controller.rb ADDED Viewed

@@ -0,0 +1,62 @@
+module Clearance
+  module ApplicationController
+    def self.included(base)
+      base.class_eval do
+        attr_accessor :current_user
+        helper_method :current_user
+        include InstanceMethods
+      protected
+        include ProtectedInstanceMethods
+      end
+    end
+    module InstanceMethods
+      def current_user
+        @current_user ||= (user_from_session || user_from_cookie)
+      end
+    end
+    module ProtectedInstanceMethods
+      def authenticate
+        deny_access if current_user.nil?
+      end
+      def user_from_session
+        User.find_by_id(session[:user_id])
+      end
+      def user_from_cookie
+        user = User.find_by_remember_token(cookies[:auth_token]) if cookies[:auth_token]
+        user && user.remember_token? ? user : nil
+      end
+      def login(user)
+        create_session_for user
+        @current_user = user
+      end
+      def create_session_for(user)
+        session[:user_id] = user.id if user
+      end
+      def redirect_back_or(default)
+        session[:return_to] ? redirect_to(session[:return_to]) : redirect_to(default)
+        session[:return_to] = nil
+      end
+      def store_location
+        session[:return_to] = request.request_uri
+      end
+      def deny_access(flash_message = nil, opts = {})
+        opts[:redirect] ||= login_url
+        store_location
+        flash[:error] = flash_message if flash_message
+        redirect_to opts[:redirect]
+      end
+    end
+  end
+end

data/lib/clearance/model.rb ADDED Viewed

@@ -0,0 +1,84 @@
+module Clearance
+  module Model
+    def self.included(base)
+      base.class_eval do
+        attr_accessible :email, :password, :password_confirmation
+        attr_accessor :password, :password_confirmation
+        validates_presence_of     :email
+        validates_presence_of     :password,                   :if => :password_required?
+        validates_length_of       :password, :within => 3..40, :if => :password_required?
+        validates_confirmation_of :password,                   :if => :password_required?
+        validates_uniqueness_of   :email
+        before_save :initialize_salt, :encrypt_password
+        extend ClassMethods
+        include InstanceMethods
+      protected
+        include ProtectedInstanceMethods
+      end
+    end
+    module ClassMethods
+      def authenticate(email, password)
+        user = find_by_email(email) # need to get the salt
+        user && user.authenticated?(password) ? user : nil
+      end
+      def authenticate_via_auth_token(token)
+        return nil if token.blank?
+        find_by_auth_token(token)
+      end
+    end
+    module InstanceMethods
+      def authenticated?(password)
+        crypted_password == encrypt(password)
+      end
+      def encrypt(password)
+        Digest::SHA1.hexdigest("--#{salt}--#{password}--")
+      end
+      def remember_token?
+        remember_token_expires_at && Time.now.utc < remember_token_expires_at
+      end
+      def remember_me!
+        remember_me_until 2.weeks.from_now.utc
+      end
+      def remember_me_until(time)
+        self.update_attribute :remember_token_expires_at, time
+        self.update_attribute :remember_token, encrypt("#{email}--#{remember_token_expires_at}")
+      end
+      def forget_me!
+        self.update_attribute :remember_token_expires_at, nil
+        self.update_attribute :remember_token, nil
+      end
+    end
+    module ProtectedInstanceMethods
+      def initialize_salt
+        self.salt = Digest::SHA1.hexdigest("--#{Time.now.to_s}--#{email}--") if new_record?
+      end
+      def encrypt_password
+        return if password.blank?
+        self.crypted_password = encrypt(password)
+      end
+      def password_required?
+        crypted_password.blank? || !password.blank?
+      end
+    end
+  end
+end

data/lib/clearance/sessions_controller.rb ADDED Viewed

@@ -0,0 +1,66 @@
+module Clearance
+  module SessionsController
+    def self.included(base)
+      base.class_eval do
+        skip_before_filter :authenticate
+        protect_from_forgery :except => :create
+        filter_parameter_logging :password
+        include InstanceMethods
+      protected
+        include ProtectedInstanceMethods
+      end
+    end
+    module InstanceMethods
+      def create
+        remember_me = params[:session][:remember_me] if params[:session]
+        login_via_password(params[:session][:email], params[:session][:password], remember_me)
+      end
+      def destroy
+        forget current_user
+        reset_session
+        flash[:notice] = 'You have been logged out.'
+        redirect_to login_url
+      end
+    end
+    module ProtectedInstanceMethods
+      def login_via_password(email, password, remember_me)
+        user = User.authenticate(email, password)
+        if login(user)
+          create_session_for(user)
+          remember(user) if remember_me == '1'
+          login_successful
+        else
+          login_failure
+        end
+      end
+      def login_successful
+        flash[:notice] = 'Logged in successfully'
+        redirect_back_or root_url
+      end
+      def login_failure(message = "Bad email or password.")
+        flash.now[:notice] = message
+        render :action => :new
+      end
+      def remember(user)
+        user.remember_me!
+        cookies[:auth_token] = { :value   => user.remember_token,
+                                 :expires => user.remember_token_expires_at }
+      end
+      def forget(user)
+        user.forget_me! if user
+        cookies.delete :auth_token
+      end
+    end
+  end
+end

data/lib/clearance/sessions_controller_test.rb ADDED Viewed

@@ -0,0 +1,84 @@
+module Clearance
+  module SessionsControllerTest
+    def self.included(base)
+      base.class_eval do
+        context "Given a user" do
+          setup do
+            @user = Factory(:user)
+          end
+          should_filter :password
+          # context "on GET to /sessions/new" do
+          #   setup { get :new }
+          #
+          #   should_respond_with :success
+          #   should_render_template :new
+          #   should_not_set_the_flash
+          #   should "render a login form" do
+          #     assert_select "form[action=/session]" do
+          #       assert_select "input[type=text][name=?]",     "session[email]"
+          #       assert_select "input[type=password][name=?]", "session[password]"
+          #       assert_select "input[type=checkbox][name=?]", "session[remember_me]"
+          #     end
+          #   end
+          # end
+          context "a POST to #create with good credentials" do
+            setup do
+              post :create, :session => { :email => @user.email, :password => @user.password }
+            end
+            should_set_the_flash_to /success/i
+            should_redirect_to 'root_url'
+          end
+          context "a POST to #create with bad credentials" do
+            setup do
+              post :create, :session => { :email => @user.email, :password => "bad value" }
+            end
+            should_set_the_flash_to /bad/i
+            should_render_template :new
+          end
+        end
+        context "While logged out" do
+          setup { logout }
+          context "logging out again" do
+            setup { delete :destroy }
+            should_redirect_to "login_url"
+          end
+        end
+        logged_in_user_context do
+          context "a DELETE to #destroy without a cookie" do
+            setup { delete :destroy }
+            should_set_the_flash_to(/logged out/i)
+            should_redirect_to "login_url"
+          end
+          context 'a DELETE to #destroy with a cookie' do
+            setup do
+              cookies['auth_token'] = CGI::Cookie.new 'token', 'value'
+              delete :destroy
+            end
+            should 'delete the cookie' do
+              assert cookies['auth_token'].empty?
+            end
+            should 'delete the remember me token in users table' do
+              assert_nil @current_user.reload.remember_token
+              assert_nil @current_user.reload.remember_token_expires_at
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/clearance/test_helper.rb ADDED Viewed

@@ -0,0 +1,75 @@
+module Clearance
+  module TestHelper
+    def self.included(base)
+      base.class_eval do
+        include InstanceMethods
+        extend ClassMethods
+      end
+    end
+    module InstanceMethods
+      def login_as(user = nil)
+        user ||= Factory(:user)
+        @request.session[:user_id] = user.id
+        return user
+      end
+      def logout
+        @request.session[:user_id] = nil
+      end
+    end
+    module ClassMethods
+      def should_deny_access_on(command, opts = {})
+        opts[:redirect] ||= "login_url"
+        context "on #{command}" do
+          setup { eval command }
+          should_redirect_to opts[:redirect]
+          if opts[:flash]
+            should_set_the_flash_to opts[:flash]
+          else
+            should_not_set_the_flash
+          end
+        end
+      end
+      def should_filter(*keys)
+        keys.each do |key|
+          should "filter #{key}" do
+            assert @controller.respond_to?(:filter_parameters),
+              "The key #{key} is not filtered"
+            filtered = @controller.send(:filter_parameters, {key.to_s => key.to_s})
+            assert_equal '[FILTERED]', filtered[key.to_s],
+              "The key #{key} is not filtered"
+          end
+        end
+      end
+      def should_have_user_form
+        should "have the user form" do
+          assert_select "form" do
+            %w(name email openid_url).each do |field|
+              assert_select "input[type=text][name=?]", "user[#{field}]"
+            end
+            %w(password password_confirmation).each do |field|
+              assert_select "input[type=password][name=?]", "user[#{field}]"
+            end
+          end
+        end
+      end
+      def logged_in_user_context(user_name = nil, &blk)
+        context "When logged in as a user" do
+          setup do
+            user = user_name ? instance_variable_get("@#{user_name}") : Factory(:user)
+            assert @current_user = login_as(user)
+          end
+          merge_block(&blk)
+        end
+      end
+    end
+  end
+end

data/lib/clearance/unit_test.rb ADDED Viewed

@@ -0,0 +1,186 @@
+module Clearance
+  module UnitTest
+    def self.included(base)
+      base.class_eval do
+        should_require_attributes :email, :password
+        should "require password validation on create" do
+          user = Factory.build(:user, :password => 'blah', :password_confirmation => 'boogidy')
+          assert !user.save
+          assert_match(/confirmation/i, user.errors.on(:password))
+        end
+        should "create a crypted_password on save" do
+          assert_not_nil Factory(:user, :crypted_password => nil).crypted_password
+        end
+        context 'updating a password' do
+          setup do
+            @user = Factory(:user)
+            assert_not_nil @user.crypted_password
+            @crypt = @user.crypted_password
+            assert_not_nil @user.salt
+            @salt = @user.salt
+            @user.password = 'a_new_password'
+            @user.password_confirmation = 'a_new_password'
+            assert @user.save
+          end
+          should 'update a crypted_password' do
+            @user.reload
+            assert @user.crypted_password != @crypt
+          end
+        end
+        context 'A user' do
+          setup do
+            @password = 'sekrit'
+            @salt = 'salt'
+            User.any_instance.stubs(:initialize_salt)
+            @user = Factory(:user, :password => @password, :salt => @salt)
+          end
+          should "require password validation on update" do
+            @user.update_attributes(:password => "blah", :password_confirmation => "boogidy")
+            assert !@user.save
+            assert_match(/confirmation/i, @user.errors.on(:password))
+          end
+          should_require_unique_attributes :email
+          context 'authenticating a user' do
+            context 'with good credentials' do
+              setup do
+                @result = User.authenticate @user.email, 'sekrit'
+              end
+              should 'return true' do
+                assert @result
+              end
+            end
+            context 'with bad credentials' do
+              setup do
+                @result = User.authenticate @user.email, 'horribly_wrong_password'
+              end
+              should 'return true' do
+                assert !@result
+              end
+            end
+          end
+          context 'authenticated?' do
+            context 'with good credentials' do
+              setup do
+                @result = @user.authenticated? @password
+              end
+              should 'return true' do
+                assert @result
+              end
+            end
+            context 'with bad credentials' do
+              setup do
+                @result = @user.authenticated? 'horribly_wrong_password'
+              end
+              should 'return true' do
+                assert !@result
+              end
+            end
+          end
+          context 'encrypt' do
+            setup do
+              @crypted  = @user.encrypt(@password)
+              @expected = Digest::SHA1.hexdigest("--#{@salt}--#{@password}--")
+            end
+            should 'create a Hash using SHA1 encryption' do
+              assert_equal @expected, @crypted
+              assert_not_equal @password, @crypted
+            end
+          end
+          context 'remember_me!' do
+            setup do
+              assert_nil @user.remember_token
+              assert_nil @user.remember_token_expires_at
+              @user.remember_me!
+            end
+            should 'set the remember token and expiration date' do
+              assert_not_nil @user.remember_token
+              assert_not_nil @user.remember_token_expires_at
+            end
+            should 'remember_token?' do
+              assert @user.remember_token?
+            end
+            context 'forget_me!' do
+              setup do
+                @user.forget_me!
+              end
+              should 'unset the remember token and expiration date' do
+                assert_nil @user.remember_token
+                assert_nil @user.remember_token_expires_at
+              end
+              should 'not remember_token?' do
+                assert ! @user.remember_token?
+              end
+            end
+          end
+          context 'remember_token?' do
+            context 'when token expires in the future' do
+              setup do
+                @user.update_attribute :remember_token_expires_at, 2.weeks.from_now.utc
+              end
+              should 'be true' do
+                assert @user.remember_token?
+              end
+            end
+            context 'when token expired' do
+              setup do
+                @user.update_attribute :remember_token_expires_at, 2.weeks.ago.utc
+              end
+              should 'be false' do
+                assert ! @user.remember_token?
+              end
+            end
+          end
+          context "User.authenticate with a valid email and password" do
+            setup do
+              @found_user = User.authenticate @user.email, @user.password
+            end
+            should "find that user" do
+              assert_equal @user, @found_user
+            end
+          end
+          context "When sent authenticate with an invalid email and password" do
+            setup do
+              @found_user = User.authenticate "not", "valid"
+            end
+            should "find nothing" do
+              assert_nil @found_user
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/clearance/users_controller.rb ADDED Viewed

@@ -0,0 +1,22 @@
+module Clearance
+  module UsersController
+    def self.included(base)
+      base.class_eval do
+        before_filter :authenticate
+        before_filter :ensure_user_is_accessing_self, :only => [:edit, :update, :show]
+        filter_parameter_logging :password
+      private
+        include PrivateInstanceMethods
+      end
+    end
+    module PrivateInstanceMethods
+      def ensure_user_is_accessing_self
+        deny_access 'You cannot edit that user.' unless current_user.id.to_i == params[:id].to_i
+      end
+    end
+  end
+end

data/lib/clearance/users_controller_test.rb ADDED Viewed

@@ -0,0 +1,72 @@
+module Clearance
+  module UsersControllerTest
+    def self.included(base)
+      base.class_eval do
+        logged_in_user_context do
+          should_deny_access_on "get :index"
+          should_deny_access_on "get :new"
+          should_deny_access_on "post :create, :user => {}"
+          should_filter :password
+          context "dealing with their own account" do
+            context "on GET to /users/:id/show" do
+              setup { get :show, :id => @user.to_param }
+              should_redirect_to "edit_user_url(@user)"
+              should_not_set_the_flash
+            end
+            should_deny_access_on "delete :destroy, :id => @user.to_param"
+            context "on GET to /users/:id/edit" do
+              setup { get :edit, :id => @user.to_param }
+              should_respond_with :success
+              should_render_template :edit
+              should_not_set_the_flash
+              should_assign_to :user
+              should_have_user_form
+            end
+            context "on PUT to /users/:id" do
+              setup do
+                put :update,
+                  :id => @user.to_param,
+                  :user => {:email => "none@example.com"}
+              end
+              should_set_the_flash_to /updated/i
+              should_redirect_to "root_url"
+              should_assign_to :user
+              should "update the user's attributes" do
+                assert_equal "none@example.com", assigns(:user).email
+              end
+            end
+            context "on PUT to /users/:id with invalid attributes" do
+              setup { put :update, :id => @user.to_param, :user => {:email => ''} }
+              should_not_set_the_flash
+              should_assign_to :user
+              should_render_template 'edit'
+              should "display errors" do
+                assert_select '#errorExplanation'
+              end
+            end
+          end
+          context "dealing with another user's account" do
+            setup do
+              @target_user = Factory(:user, :account => @user.account)
+              assert_equal @user.account, @target_user.account
+            end
+            should_deny_access_on "get :show, :id => @target_user.to_param",                :flash => /cannot edit/i
+            should_deny_access_on "get :edit, :id => @target_user.to_param",                :flash => /cannot edit/i
+            should_deny_access_on "put :update, :id => @target_user.to_param, :user => {}", :flash => /cannot edit/i
+          end
+        end
+      end
+    end
+  end
+end

metadata ADDED Viewed

@@ -0,0 +1,65 @@
+--- !ruby/object:Gem::Specification
+name: dancroak-clearance
+version: !ruby/object:Gem::Version
+  version: "0.1"
+platform: ruby
+authors:
+- thoughtbot, inc.
+- Dan Croak
+- Josh Nichols
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2008-09-06 00:00:00 -07:00
+default_executable:
+dependencies: []
+description: Simple, complete Rails authentication scheme.
+email: dcroak@thoughtbot.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- README.textile
+- clearance.gemspec
+- lib/clearance.rb
+- lib/clearance/application_controller.rb
+- lib/clearance/model.rb
+- lib/clearance/sessions_controller.rb
+- lib/clearance/sessions_controller_test.rb
+- lib/clearance/test_helper.rb
+- lib/clearance/unit_test.rb
+- lib/clearance/users_controller.rb
+- lib/clearance/users_controller_test.rb
+has_rdoc: false
+homepage: http://github.com/dancroak/clearance
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: "0"
+  version:
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: "0"
+  version:
+requirements: []
+rubyforge_project:
+rubygems_version: 1.2.0
+signing_key:
+specification_version: 2
+summary: Simple, complete Rails authentication.
+test_files: []