dangerzone 0.0.0 → 0.5.0

data/README.md

@@ -4,20 +4,30 @@
 Dangerzone handles sign-in, sign-out, creating new accounts, confirmation emails, reset password emails,
 and user authentification stuff that pretty much every web app needs.
 
-It's pretty much a really stripped down Devise. While Devise is designed for people with a lot of experience,
-Dangerzone is more for beginners. All of the files it generates and logic it appends are easy to find and
-explore (hopefully, anyway), so if you're new to Rails you can use Dangerzone to learn (also hopefully).
+It's pretty much a really stripped down and above the board Devise. While Devise is designed for people with a
+lot of experience, Dangerzone is more for beginners. All of the files it generates and logic it appends are
+easy to find and explore (hopefully, anyway), so if you're new to Rails you can use Dangerzone to learn
+(also hopefully).
 
 It's also for people who maybe have more experience and don't want to spend time writing all of this stuff
 out by hand but don't want to use Devise for whatever reason (ie those with some experience but still
 don't understand Devise)
 
+At some point there'll be more options, like a version that's a bit more explicit in what it's doing and a version
+with a ton of comments that explain what's going on ('this is a ternary operator' or 'methods that end with question marks
+usually return true or false'). Also, a version where you can opt out of generating the specs.
+
 ## Dependencies
-You'll need these gems (and the gems that they depend on) to use Dangerzone:
+You'll need these gems to use Dangerzone:
 
 * Rails 3.2
 * Bcrypt-ruby 3.0
-* Thor
+
+Dangerzone also generates some specs and a factory for you. You'll need these gems if you actually want to use them.
+
+* Rspec-rails 2.13
+* Factory_Girl_Rails 4.2
+
 
 ## How to install
 You can do one of these in your command line (if you have the RubyGems command line stuff installed):
@@ -32,17 +42,16 @@ Alternatively, you can just add this to your app's GemFile:
 gem 'dangerzone'
 ```
 
-And then bundle or bundle install.
+And then ```bundle``` or ```bundle install```.
 
 ## How to use
-
 First, add this to your Gemfile:
 
 ```ruby
 gem 'dangerzone'
 ```
 
-Then bundle or bundle install.
+Then ```bundle``` or ````bundle install```.
 
 Then run this command from your app's root directory:
 
@@ -50,7 +59,7 @@ Then run this command from your app's root directory:
 rails generate dangerzone
 ```
 
-You can also put '```g```'' instead of '```generate```' if you're really in a hurry. Anyway, you should see something that
+You can also put '```g```' instead of '```generate```' if you're really in a hurry. Anyway, you should see something that
 looks like this:
 
 ```ruby
@@ -65,7 +74,7 @@ looks like this:
       [etc...]
 ```
 
-Now, if you're in a fresh app, all you really have to do is ```rake db:migrate```
+Now, if you're in a fresh app, all you really have to do is ```rake db:migrate```.
 
 Note: If you're adding Dangerzone to an existing app then things can be a bit more tricky. For instance,
 if you've changed your code in certain places Dangerzone may not edit the files correctly. It may
@@ -141,7 +150,8 @@ can add them to before\_filters)
 * app/views/create\_accounts/new.html.erb
 * app/views/create\_accounts/dangerzone.html.erb
 * app/views/dangerzone\_mailer/account\_confirmation\_email.html.erb
-* app/views/dangerzone\_mailer/account\_confirmation\_email.text.erb
+* app/views/dangerzone\_mailer/account\_confirmation\_email.text
+.erb
 * app/views/dangerzone\_mailer/reset\_password\_email.html.erb
 * app/views/dangerzone\_mailer/reset\_password\_email.text.erb
 * app/views/layouts/\_dangerzone\_nav.html.erb

data/lib/dangerzone/dangerzone_generator.rb

@@ -3,114 +3,117 @@ class DangerzoneGenerator < Rails::Generators::Base
 
   source_root File.expand_path('../templates', __FILE__)
 
+  include Rails::Generators::Migration
+  # desc "add the migrations"
+
+  def self.next_migration_number(path)
+    unless @prev_migration_nr
+      @prev_migration_nr = Time.now.utc.strftime('%Y%m%d%H%M%S').to_i
+    else
+      @prev_migration_nr += 1
+    end
+    @prev_migration_nr.to_s
+  end
+
+  def generate_the_create_users_migration_file
+    migration_template 'migration.rb', 'db/migrate/create_users_table_via_dangerzone.rb'
+  end
+
   def edit_the_routes_file
     routes = IO.read(get_directory + '/templates/routes.rb')
-    line = "::Application.routes.draw do"
+    line = '::Application.routes.draw do'
     gsub_file 'config/routes.rb', /.+(#{Regexp.escape(line)})/mi do |match|
     "#{match}\n\n#{routes}\n"
     end
   end
 
   def get_rid_of_rails_default_index_page_in_index
-    remove_file "public/index.html"
+    remove_file 'public/index.html'
+  end
+
+  def generate_user_model_file
+    copy_files_to_app_dir %w(user.rb), 'models'
   end
 
   def generate_the_nav_partial
-    copy_file "views/nav.html.erb", "app/views/layouts/_dangerzone_nav.html.erb"
+    copy_files_to_app_dir %w(_dangerzone_nav.html.erb), 'views/layouts'
   end
 
   def add_nav_partial_and_notice_to_application_html_erb
     nav = "<%= render 'layouts/dangerzone_nav' %>\n\n<%= notice %>"
-    line = "<body>"
+    line = '<body>'
     gsub_file 'app/views/layouts/application.html.erb', /(#{Regexp.escape(line)})/mi do |match|
       "#{match}\n#{nav}\n"
     end
   end
 
-  def generate_user_model_file
-    copy_file "models/user.rb", "app/models/user.rb"
-  end
-
   def generate_the_controllers
-    copy_file "controllers/create_accounts_controller.rb", "app/controllers/create_accounts_controller.rb"
-    copy_file "controllers/reset_passwords_controller.rb", "app/controllers/reset_passwords_controller.rb"
-    copy_file "controllers/sessions_controller.rb", "app/controllers/sessions_controller.rb"
+    file_names = %w(create_accounts_controller.rb reset_passwords_controller.rb sessions_controller.rb)
+    copy_files_to_app_dir file_names, 'controllers'
   end
 
   def add_methods_to_application_controller
     app_controller_methods = IO.read(get_directory + '/templates/controllers/application_controller.rb')
-    line = "protect_from_forgery"
+    line = 'protect_from_forgery'
     gsub_file 'app/controllers/application_controller.rb', /.+(#{Regexp.escape(line)})/mi do |match|
       "#{match}\n\n#{app_controller_methods}\n"
     end
   end
 
+  def generate_spec_folder
+    empty_directory 'spec'
+    empty_directory 'spec/models'
+    empty_directory 'spec/factories'
+    empty_directory 'spec/controllers'
+  end
+
+  def generate_the_specs
+    copy_files_to_spec_dir %w(users_factory.rb), 'factories'
+    file_names =  %w(create_accounts_controller_spec.rb reset_passwords_controller_spec.rb sessions_controller_spec.rb)
+    copy_files_to_spec_dir file_names, 'controllers'
+    copy_files_to_spec_dir %w(user_spec.rb), 'models'
+    copy_file 'spec/spec_helper.rb', 'spec/spec_helper.rb'
+  end
+
   def generate_mailer
-    copy_file "mailers/dangerzone_mailer.rb", "app/mailers/dangerzone_mailer.rb"
+    copy_files_to_app_dir %w(dangerzone_mailer.rb), 'mailers'
   end
 
-  def add_mailer_config_to_development
-    comment = "# Via dangerzone: configures actionmailer to use localhost:3000 as its default url"
+  def add_mailer_config_to_development_and_test
+    comment = '# Via dangerzone: configures actionmailer to use localhost:3000 as its default url'
     config_stuff = "config.action_mailer.default_url_options = { :host => 'localhost:3000' }"
-    line = "config.assets.debug = true"
+    line = 'config.assets.debug = true'
     gsub_file 'config/environments/development.rb', /.+(#{Regexp.escape(line)})/mi do |match|
       "#{match}\n\n  #{comment}\n  #{config_stuff}\n\n"
     end
-  end
-
-  def uncomment_bcrypt_in_gemfile
-    uncommented = "gem 'bcrypt-ruby'"
-    line = "# gem 'bcrypt-ruby'"
-    gsub_file 'Gemfile', /(#{Regexp.escape(line)})/mi do |match|
-      "#{uncommented}"
+    line = 'config.active_support.deprecation = :stderr'
+    gsub_file 'config/environments/test.rb', /.+(#{Regexp.escape(line)})/mi do |match|
+      "#{match}\n\n  #{comment}\n  #{config_stuff}\n\n"
     end
   end
 
   def generate_view_directories
-    empty_directory "app/views/create_accounts"
-    empty_directory "app/views/dangerzone_mailer"
-    empty_directory "app/views/reset_passwords"
-    empty_directory "app/views/sessions"
+    file_names = %w(create_accounts dangerzone_mailer reset_passwords sessions)
+    file_names.each { |f| empty_directory "app/views/#{f}" }
   end
 
   def fill_view_directories
-    copy_file "views/create_accounts/check_your_email.html.erb", "app/views/create_accounts/check_your_email.html.erb"
-    copy_file "views/create_accounts/new.html.erb", "app/views/create_accounts/new.html.erb"
-    copy_file "views/create_accounts/dangerzone.html.erb", "app/views/create_accounts/dangerzone.html.erb"
-
-    copy_file "views/dangerzone_mailer/account_confirmation_email.html.erb", "app/views/dangerzone_mailer/account_confirmation_email.html.erb"
-    copy_file "views/dangerzone_mailer/account_confirmation_email.text.erb", "app/views/dangerzone_mailer/account_confirmation_email.text.erb"
-    copy_file "views/dangerzone_mailer/reset_password_email.html.erb", "app/views/dangerzone_mailer/reset_password_email.html.erb"
-    copy_file "views/dangerzone_mailer/reset_password_email.text.erb", "app/views/dangerzone_mailer/reset_password_email.text.erb"
-
-    copy_file "views/reset_passwords/new.html.erb", "app/views/reset_passwords/new.html.erb"
-    copy_file "views/reset_passwords/reset_password_form.html.erb", "app/views/reset_passwords/reset_password_form.html.erb"
-
-    copy_file "views/sessions/new.html.erb", "app/views/sessions/new.html.erb"
-  end
-
-  include Rails::Generators::Migration
-  desc "add the migrations"
-
-  def self.next_migration_number(path)
-    unless @prev_migration_nr
-      @prev_migration_nr = Time.now.utc.strftime("%Y%m%d%H%M%S").to_i
-    else
-      @prev_migration_nr += 1
-    end
-    @prev_migration_nr.to_s
-  end
-
-  def generate_the_users_migration_file
-    migration_template "migration.rb", "db/migrate/create_users_table_via_dangerzone.rb"
+    file_names = %w(check_your_email.html.erb new.html.erb dangerzone.html.erb)
+    copy_files_to_app_dir(file_names, "views/create_accounts")
+    file_names = %w(account_confirmation_email.html.erb
+                    account_confirmation_email.text.erb
+                    reset_password_email.html.erb
+                    reset_password_email.text.erb)
+    copy_files_to_app_dir(file_names, "views/dangerzone_mailer")
+    copy_files_to_app_dir(%w(new.html.erb reset_password_form.html.erb), 'views/reset_passwords')
+    copy_files_to_app_dir(%w(new.html.erb), 'views/sessions')
   end
 
   private
 
   def gsub_file(relative_destination, regexp, *args, &block)
-    path = relative_destination
-    content = File.read(path).gsub(regexp, *args, &block)
-    File.open(path, 'wb') { |file| file.write(content) }
+    content = File.read(relative_destination).gsub(regexp, *args, &block)
+    File.open(relative_destination, 'wb') { |file| file.write(content) }
   end
 
   def get_directory
@@ -119,4 +122,15 @@ class DangerzoneGenerator < Rails::Generators::Base
     directory.join('/')
   end
 
+  def copy_files_to_app_dir(file_names, gem_path)
+    copy_files_to_specific_dir(file_names, gem_path, 'app')
+  end
+
+  def copy_files_to_spec_dir(file_names, gem_path)
+    file_names.each { |f| copy_file "spec/#{gem_path}/#{f}", "spec/#{gem_path}/#{f}" }
+  end
+
+  def copy_files_to_specific_dir(file_names, gem_path, directory)
+    file_names.each { |f| copy_file "#{gem_path}/#{f}", "#{directory}/#{gem_path}/#{f}" }
+  end
 end

data/lib/dangerzone/templates/controllers/application_controller.rb

@@ -1,11 +1,10 @@
+  private
+
   def current_user
-    @current_user = User.find_by_remember_token(cookies[:remember_token])
-    @current_user ||= User.find_by_id(session[:user_id])
-    @current_user = nil if @current_user && request.remote_ip != @current_user.sign_in_ip
-    @current_user
+    @current_user = User.find_by_id(session[:user_id]) || User.find_by_remember_token(cookies[:remember_token])
+    request.remote_ip == @current_user.try(:sign_in_ip) ? @current_user : @current_user ||= User.new(sign_in_ip: request.remote_ip)
   end
 
   def authorize_user
-    redirect_to sign_in_url if current_user.nil?
+    redirect_to :sign_in if current_user.new_record?
   end
-

data/lib/dangerzone/templates/controllers/create_accounts_controller.rb

@@ -1,42 +1,38 @@
 class CreateAccountsController < ApplicationController
 
   def create
-    session[:email] = params[:user][:email]
     @user = User.new(params[:user])
-    @user.email = @user.email.downcase
-    @user.remember_token = SecureRandom.urlsafe_base64
+    @user.confirmed = false
     if @user.update_reset_password_credentials
       DangerzoneMailer.account_confirmation_email(@user).deliver
-      redirect_to check_your_email_url, notice: "Registration successful."
+      redirect_to :check_your_email, notice: "Registration successful."
     else
-      redirect_to sign_up_url, notice: "Registration unsuccessful"
+      redirect_to :sign_up, notice: "Registration unsuccessful"
     end
   end
 
   def resend_confirmation_email
-    @user = User.find_by_email(params[:email].downcase)
-    if @user && !@user.confirmed
-      @user.update_reset_password_credentials
+    @user = User.find_by_email(params[:email].try(:downcase))
+    if @user.try(:update_reset_password_credentials) && !@user.confirmed
       DangerzoneMailer.account_confirmation_email(@user).deliver
-      redirect_to check_your_email_url, notice: "Resent confirmation email."
+      redirect_to :check_your_email, notice: 'Resent confirmation email.'
     else
-      redirect_to check_your_email_url, notice: "Something went wrong."
+      redirect_to :check_your_email, notice: 'Unable to resend confirmation email.'
     end
   end
 
   def confirm
     @user = User.find_by_id(params[:id])
-    if @user && (Time.now - @user.reset_password_sent_at) < 60.minutes && @user.reset_password_token == params[:reset_password_token]
+    if @user.try(:in_time?) && @user.token_matches?(params[:reset_password_token])
       reset_session
-      @user.confirm(request.remote_ip)
+      @user.confirm!(request.remote_ip)
       session[:user_id] = @user.id
-      redirect_to root_url, notice: "User confirmation successful."
+      redirect_to :root, notice: "User confirmation successful."
     else
-      redirect_to sign_up_url, notice: "User confirmation unsuccessful."
+      redirect_to :sign_up, notice: "User confirmation unsuccessful."
     end
   end
 
   def new
   end
-
 end

data/lib/dangerzone/templates/controllers/reset_passwords_controller.rb

@@ -1,43 +1,39 @@
 class ResetPasswordsController < ApplicationController
 
-  def send_reset_password
-    @user = User.find_by_email(params[:email].downcase)
-    if @user.update_reset_password_credentials
+  def requested_reset_password
+    @user = User.find_by_email(params[:email].try(:downcase))
+    if @user.try(:update_reset_password_credentials)
       DangerzoneMailer.reset_password_email(@user).deliver
-      redirect_to forgot_password_url, notice: "Reset password email successfully sent."
+      redirect_to :forgot_password, notice: "Reset password email successfully sent."
     else
-      redirect_to forgot_password_url, notice: "Reset password email failed to send."
+      redirect_to :forgot_password, notice: "Reset password email failed to send."
     end
   end
 
   def reset_password_form
     @user = User.find_by_id(params[:id])
-    if @user && (Time.now - @user.reset_password_sent_at) < 60.minutes && @user.reset_password_token == params[:reset_password_token]
-      session[:reset_password_user_id] = @user.id
-    else
-      redirect_to forgot_password_url, notice: "There was a problem, try having the email resent to you."
+    unless @user.try(:in_time?) && @user.token_matches?(params[:reset_password_token])
+      redirect_to :forgot_password, notice: "There was a problem, try having the email resent to you."
     end
   end
 
   def update_password
-    @user = User.find_by_id(session[:reset_password_user_id])
-    if @user && (Time.now - @user.reset_password_sent_at) < 60.minutes
+    @user = User.find_by_id(params[:id])
+    if @user.try(:in_time?)
       @user.password = params[:password]
       @user.password_confirmation = params[:password_confirmation]
-      @user.reset_password_token = SecureRandom.urlsafe_base64
       if @user.save
         reset_session
         session[:user_id] = @user.id
-        redirect_to root_url, notice: "Password successfully updated."
+        redirect_to :root, notice: "Password successfully updated."
       else
-        redirect_to send_reset_password_url, notice: "Update password unsuccessful."
+        redirect_to reset_password_form_path(@user.id, @user.reset_password_token), notice: "Update password unsuccessful: password confirmation did not match password."
       end
     else
-      redirect_to send_reset_password_url, notice: "Update password unsuccessful."
+      redirect_to :forgot_password, notice: "Update password unsuccessful."
     end
   end
 
   def new
   end
-
 end

data/lib/dangerzone/templates/controllers/sessions_controller.rb

@@ -1,30 +1,33 @@
 class SessionsController < ApplicationController
 
   def create
-    @user = User.find_by_email(params[:email].downcase)
-    if @user && @user.authenticate(params[:password]) && @user.confirmed
-      @user.sign_in_ip = request.remote_ip
-      @user.sign_in_count = @user.sign_in_count + 1
-      if params[:remember_me] == '1'
-        @user.remember_token = SecureRandom.urlsafe_base64
-        cookies.permanent[:remember_token] = @user.remember_token
-      else
-        session[:user_id] = @user.id
-      end
-      @user.save
-      redirect_to root_url, :notice => "Sign-in successful."
+    clear_cookies
+    @user = User.find_by_email(params[:email].try(:downcase))
+    if @user.try(:sign_in!, request.remote_ip, params[:password])
+      set_cookies(params[:remember_me])
+      redirect_to :root, notice: "Sign-in successful."
     else
-      redirect_to sign_in_url, :notice => "Sign-in unsuccessful."
+      redirect_to :sign_in, notice: "Sign-in unsuccessful."
     end
   end
 
   def destroy
-    cookies.delete(:remember_token)
-    reset_session
-    redirect_to sign_in_url, :notice => "Sign-out successful."
+    clear_cookies
+    redirect_to :sign_in, notice: "Sign-out successful."
   end
 
   def new
+    redirect_to :root if session[:user_id] || cookies[:remember_token]
+  end
+
+  private
+
+  def set_cookies(remember_me)
+    remember_me.present? ? cookies.permanent[:remember_token] = @user.remember_token : session[:user_id] = @user.id
   end
 
+  def clear_cookies
+    cookies.delete(:remember_token)
+    reset_session
+  end
 end