devisable 0.1.0

data/lib/generators/devisable/templates/app/views/welcome/welcome_index.erb

@@ -0,0 +1,3 @@
+<h1>Site #1</h1>
+
+<p>Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.</p>

data/lib/generators/devisable/templates/config/initializers/devise_initializer.erb

@@ -0,0 +1,239 @@
+require 'warden_oauth'
+
+Devise.setup do |config|
+  # ==> Mailer Configuration
+  # Configure the e-mail address which will be shown in DeviseMailer.
+  config.mailer_sender = "please-change-me@config-initializers-devise.com"
+
+  # Configure the class responsible to send e-mails.
+  # config.mailer = "Devise::Mailer"
+
+  # ==> ORM configuration
+  # Load and configure the ORM. Supports :active_record (default) and
+  # :mongoid (bson_ext recommended) by default. Other ORMs may be
+  # available as additional gems.
+  require 'devise/orm/active_record'
+
+  # ==> Configuration for any authentication mechanism
+  # Configure which keys are used when authenticating an user. By default is
+  # just :email. You can configure it to use [:username, :subdomain], so for
+  # authenticating an user, both parameters are required. Remember that those
+  # parameters are used only when authenticating and not when retrieving from
+  # session. If you need permissions, you should implement that in a before filter.
+  # config.authentication_keys = [ :email ]
+
+  # Tell if authentication through request.params is enabled. True by default.
+  # config.params_authenticatable = true
+
+  # Tell if authentication through HTTP Basic Auth is enabled. False by default.
+  # config.http_authenticatable = false
+
+  # Set this to true to use Basic Auth for AJAX requests.  True by default.
+  # config.http_authenticatable_on_xhr = true
+
+  # The realm used in Http Basic Authentication
+  # config.http_authentication_realm = "Application"
+
+  # ==> Configuration for :database_authenticatable
+  # For bcrypt, this is the cost for hashing the password and defaults to 10. If
+  # using other encryptors, it sets how many times you want the password re-encrypted.
+  config.stretches = 10
+
+  # Define which will be the encryption algorithm. Devise also supports encryptors
+  # from others authentication tools as :clearance_sha1, :authlogic_sha512 (then
+  # you should set stretches above to 20 for default behavior) and :restful_authentication_sha1
+  # (then you should set stretches to 10, and copy REST_AUTH_SITE_KEY to pepper)
+  config.encryptor = :bcrypt
+
+  # Setup a pepper to generate the encrypted password.
+  config.pepper = "0ce0024d92881b05c5148aff8fc230f28dea8eaa889556cf2a0ec12890c620137e4ed8eb5bd1a60536dddf655405c7b00ede21e6414994193f3ff9de940035d1"
+
+  # ==> Configuration for :confirmable
+  # The time you want to give your user to confirm his account. During this time
+  # he will be able to access your application without confirming. Default is nil.
+  # When confirm_within is zero, the user won't be able to sign in without confirming. 
+  # You can use this to let your user access some features of your application 
+  # without confirming the account, but blocking it after a certain period 
+  # (ie 2 days). 
+  # config.confirm_within = 2.days
+
+  # ==> Configuration for :rememberable
+  # The time the user will be remembered without asking for credentials again.
+  # config.remember_for = 2.weeks
+
+  # If true, a valid remember token can be re-used between multiple browsers.
+  # config.remember_across_browsers = true
+
+  # If true, extends the user's remember period when remembered via cookie.
+  # config.extend_remember_period = false
+
+  # ==> Configuration for :validatable
+  # Range for password length
+  # config.password_length = 6..20
+
+  # Regex to use to validate the email address
+  # config.email_regexp = /^([\w\.%\+\-]+)@([\w\-]+\.)+([\w]{2,})$/i
+
+  # ==> Configuration for :timeoutable
+  # The time you want to timeout the user session without activity. After this
+  # time the user will be asked for credentials again.
+  # config.timeout_in = 10.minutes
+
+  # ==> Configuration for :lockable
+  # Defines which strategy will be used to lock an account.
+  # :failed_attempts = Locks an account after a number of failed attempts to sign in.
+  # :none            = No lock strategy. You should handle locking by yourself.
+  # config.lock_strategy = :failed_attempts
+
+  # Defines which strategy will be used to unlock an account.
+  # :email = Sends an unlock link to the user email
+  # :time  = Re-enables login after a certain amount of time (see :unlock_in below)
+  # :both  = Enables both strategies
+  # :none  = No unlock strategy. You should handle unlocking by yourself.
+  # config.unlock_strategy = :both
+
+  # Number of authentication tries before locking an account if lock_strategy
+  # is failed attempts.
+  # config.maximum_attempts = 20
+
+  # Time interval to unlock the account if :time is enabled as unlock_strategy.
+  # config.unlock_in = 1.hour
+
+  # ==> Configuration for :token_authenticatable
+  # Defines name of the authentication token params key
+  # config.token_authentication_key = :auth_token
+
+  # ==> Scopes configuration
+  # Turn scoped views on. Before rendering "sessions/new", it will first check for
+  # "users/sessions/new". It's turned off by default because it's slower if you
+  # are using only default views.
+  # config.scoped_views = true
+
+  # Configure the default scope given to Warden. By default it's the first
+  # devise role declared in your routes.
+  # config.default_scope = :user
+
+  # Configure sign_out behavior. 
+  # By default sign_out is scoped (i.e. /users/sign_out affects only :user scope).
+  # In case of sign_out_all_scopes set to true any logout action will sign out all active scopes.
+  # config.sign_out_all_scopes = false
+
+  # ==> Navigation configuration
+  # Lists the formats that should be treated as navigational. Formats like
+  # :html, should redirect to the sign in page when the user does not have
+  # access, but formats like :xml or :json, should return 401.
+  # If you have any extra navigational formats, like :iphone or :mobile, you
+  # should add them to the navigational formats lists. Default is [:html]
+  # config.navigational_formats = [:html, :iphone]
+
+  # ==> Warden configuration
+  # If you want to use other strategies, that are not (yet) supported by Devise,
+  # you can configure them inside the config.warden block. The example below
+  # allows you to setup OAuth, using http://github.com/roman/warden_oauth
+  #
+
+  config.warden do |manager|
+    #twitter
+    manager.oauth(:twitter) do |twitter|
+      twitter.consumer_key  = TWITTER_CONSUMER_KEY
+      twitter.consumer_secret = TWITTER_CONSUMER_SECRET
+      twitter.options({ 
+        :site => 'http://twitter.com',
+        :oauth_callback => (BASE_URL.end_with?('/') ? BASE_URL[0..-2] : BASE_URL)  + '/users', 
+        :oauth_callback_confirmed => 'true' 
+      })
+    end
+    manager.default_strategies(:scope => :user).unshift :twitter_oauth
+    
+    #facebook
+    manager.oauth2(:facebook) do |fb|
+      fb.consumer_key  = FACEBOOK_CONSUMER_KEY
+      fb.consumer_secret = FACEBOOK_CONSUMER_SECRET
+      fb.client_id = FACEBOOK_CLIENT_ID
+      fb.options({
+        :authorize_url => 'https://www.facebook.com/dialog/oauth',
+        :access_token_url => 'https://graph.facebook.com/oauth/access_token',
+        :site => 'https://graph.facebook.com',
+        :scope => 'email,offline_access',
+        :redirect_uri => (BASE_URL.end_with?('/') ? BASE_URL[0..-2] : BASE_URL)  + '/users'
+      })
+    end
+    manager.default_strategies(:scope => :user).unshift :facebook_oauth
+  end
+  
+  def find_or_save_oauth_user(options)
+    conditions = {
+      :provider => options[:provider],
+      :username => options[:username],
+      :email => options[:email]
+    }
+    oauth_profile = OauthProfile.find(:first, :conditions => conditions) || OauthProfile.create(conditions)
+    oauth_profile.token = options[:token]
+    oauth_profile.secret = options[:secret]
+    oauth_profile.name = options[:name]
+    oauth_profile.img_url = options[:img_url]
+    if oauth_profile.user
+      oauth_profile.save
+      user = oauth_profile.user
+      user.email = options[:email] if user.email.blank?
+      user.username = options[:username] if user.username.blank?
+      user.default_provider = options[:provider]
+      user.save
+    else 
+      user_fields = {
+        :email => options[:email],
+        :username => options[:username],
+        :authentication_token => access_token.token,
+        :default_provider => options[:provider]
+      }
+      user = User.create(user_fields) 
+      user.oauth_profiles << oauth_profile
+      user.save
+      if user.respond_to?('confirm!')
+        user.confirm!
+      end
+    end
+    if user.roles.empty?
+      user.roles << Role.find_by_id(3) unless User.count() == 1
+    end
+    user
+  end
+  
+  Warden::OAuth.access_token_user_finder(:twitter) do |access_token|
+    conditions = {:token => access_token.token, :secret => access_token.secret}
+    client = TwitterOAuth::Client.new(
+        :consumer_key => TWITTER_CONSUMER_KEY,
+        :consumer_secret => TWITTER_CONSUMER_SECRET,
+        :token => access_token.token, 
+        :secret => access_token.secret    
+    )
+    if client.authorized?
+      options = {
+        :provider => 'twitter',
+        :token => access_token.token,
+        :secret => access_token.secret,
+        :username => client.user.first['user']['screen_name'],
+        :email => '',
+        :name => client.user.first['user']['name'],
+        :img_url => client.user.first['user']['profile_image_url'],
+      }
+      user = find_or_save_oauth_user(options)
+    end  
+  end
+  
+  
+  Warden::OAuth2.access_token_user_finder(:facebook) do |access_token|
+    user_data = JSON.parse(access_token.get('https://graph.facebook.com/me'))
+    options = {
+      :provider => 'facebook',
+      :token => access_token.token,
+      :secret => '',
+      :username => user_data['name'],
+      :email => user_data['email'],
+      :name => user_data['name'],
+      :img_url => 'https://graph.facebook.com/' + user_data['id'] + '/picture',
+    }
+    user = find_or_save_oauth_user(options)
+  end
+end 
+

data/lib/generators/devisable/templates/cucumber/_rake_partial.rb

@@ -0,0 +1,19 @@
+task :setup_js_with_xvfb do
+  ENV['DISPLAY'] = ":99"
+  %x{Xvfb :99 -ac -screen 0 1024x768x16 2>/dev/null >/dev/null &}
+  %x{firefox --display=:99 2>/dev/null >/dev/null &}
+end 
+
+task :setup_js_with_vnc4server do
+  ENV['DISPLAY'] = ":99"
+  %x{vncserver :99 2>/dev/null >/dev/null &}
+  %x{DISPLAY=:99 firefox 2>/dev/null >/dev/null &}
+end 
+
+task :kill_js do
+  %x{killall Xvnc4}
+  %x{killall Xvfb}
+  %x{killall firefox}
+end 
+
+

data/lib/generators/devisable/templates/cucumber/devise.feature

@@ -0,0 +1,78 @@
+Feature: Devise login and registration
+
+  Scenario: First User Registration
+    Given there are no users in the system
+    And I have the default roles
+    And I am on the sign up page
+    When I fill in "user@cloudspace.com" for "Email"
+    And I fill in "password" for "Password"
+    And I fill in "password" for "Password confirmation"
+    And I press "Sign up"
+    Then I should be on the homepage
+    And I should have the role "SuperAdmin"
+
+  Scenario: Nonfirst User Registration
+    Given there are users in the system
+    And I have the default roles
+    And I am on the sign up page
+    When I fill in "user@cloudspace.com" for "Email"
+    And I fill in "password" for "Password"
+    And I fill in "password" for "Password confirmation"
+    And I press "Sign up"
+    Then I should be on the homepage
+    And I should have the role "GeneralUser"
+
+  Scenario: User Sign In
+    Given I am signed in as "user@cloudspace.com"
+
+  Scenario: User Sign Out
+    Given I am signed in as "user@cloudspace.com"
+    Given I am signed out
+
+  Scenario: User Sign In With Bad Password
+    Given I am signed in as "user@cloudspace.com"
+    And I am signed out
+    And I am on the sign in page
+    When I fill in "user@cloudspace.com" for "Email"
+    And I fill in "badpass" for "Password"
+    And I press "Sign in"
+    Then I should be on the sign in page
+    And I should see "Invalid email or password"
+
+  Scenario: Lost Password Page
+    Given I am signed in as "user@cloudspace.com"
+    And I am signed out
+    And I am on the forgot password page
+    When I fill in "user@cloudspace.com" for "Email"
+    And I press "Send me reset password instructions"
+    Then I should be on the sign in page
+    And I should see "You will receive an email with instructions about how to reset your password in a few minutes."
+
+  Scenario: Lost Password Page Bad Email Address
+    Given I am signed in as "user@cloudspace.com"
+    And I am signed out
+    And I am on the forgot password page
+    When I fill in "baduser@cloudspace.com" for "Email"
+    And I press "Send me reset password instructions"
+    Then I should be on the forgot password submitted page
+    And I should see "Email not found"
+
+  Scenario: Lost Password Page Missing Email Address
+    Given I am signed in as "user@cloudspace.com"
+    And I am signed out
+    And I am on the forgot password page
+    When I press "Send me reset password instructions"
+    Then I should be on the forgot password submitted page
+    And I should see "Email can't be blank"
+
+  Scenario: Login Link
+    Given I am on the homepage
+    When I follow "Login" within "body"
+    Then I should be on the sign in page
+
+  Scenario: Logout Link
+    Given I am signed in as "user@cloudspace.com"
+    And I am on the homepage
+    When I follow "Logout"
+    And I should be on the homepage
+    And I should see "Signed out successfully."

data/lib/generators/devisable/templates/cucumber/role.feature

@@ -0,0 +1,79 @@
+Feature: Manage Roles
+
+  Scenario: Viewing Roles as a SuperAdmin
+    Given I am signed in as "user@cloudspace.com"
+    And I only have the role "SuperAdmin"
+    When I go to the roles page
+    Then I should see "SuperAdmin"
+    And I should see "Show"
+    And I should see "Edit"
+    And I should see "Destroy"
+
+  Scenario: Viewing Roles as a GeneralUser
+    Given I am signed in as "user@cloudspace.com"
+    And I only have the role "GeneralUser"
+    When I go to the roles page
+    Then I should not see "SuperAdmin"
+    And I should not see "Show"
+    And I should not see "Edit"
+    And I should not see "Destroy"
+
+  Scenario: Creating a Role
+    Given I am signed in as "user@cloudspace.com"
+    And I have the role "SuperAdmin"
+    And I am on the roles page
+    When I follow "New Role"
+    And I fill in "Advanced User" for "Name"
+    And I fill in the following checkboxes with categories:
+    | category | permission |
+    | Roles | manage |
+    | Roles | read |
+    | Roles | create |
+    | Users | manage |
+    | Users | read |
+    And I press "Create Role"
+    Then I should be on that role's view page
+    And I should see "Role was successfully created."
+    And I should see "Advanced User"
+
+  Scenario: Editing a Role
+    Given I am signed in as "user@cloudspace.com"
+    And there is only the "SuperAdmin" role in the system
+    And I have the role "SuperAdmin"
+    And I am on the roles page
+    When I follow "Edit"
+    And I fill in "SuperDuperAdmin" for "Name"
+    And I fill in the following checkboxes with categories:
+    | category | permission |
+    | Roles | manage |
+    | Roles | read |
+    | Roles | create |
+    | Roles | update | 
+    | Roles | destroy |
+    | Users | manage |
+    | Users | read |
+    | Users | create |
+    | Users | update | 
+    | Users | destroy |
+    And I press "Update Role"
+    Then I should be on that role's view page
+    And I should see "Role was successfully updated."
+    And I should see "SuperDuperAdmin"
+
+  Scenario: Deleting a Role
+    Given I am signed in as "user@cloudspace.com"
+    And the "UnnecessaryRole" role has been added to the system
+    And I have the role "SuperAdmin"
+    And I am on the roles page
+    When I follow "Destroy" for "UnnecessaryRole"
+    Then I should be on the roles page
+    And I should see "Role was successfully deleted."
+    And I should not see "UnnecessaryRole"
+
+  Scenario: Deleting a Role With Users Associated
+    Given I am signed in as "user@cloudspace.com"
+    And there is only the "SuperAdmin" role in the system
+    And I have the role "SuperAdmin"
+    And I am on the roles page
+    Then I should see a span with the title "Roles with associated users cannot be deleted"
+

data/lib/generators/devisable/templates/cucumber/step_definitions/authentication_steps.rb

@@ -0,0 +1,33 @@
+Given /^I am signed in as "(.*)"$/ do |email|
+  @current_user = User.create!(
+    :email => email,
+    :password => 'password',
+    :password_confirmation => 'password',
+    :roles => [Role.create!(:name => 'GeneralUser')]
+  )
+
+  Given %{I am on the sign in page}
+  When %{I fill in "#{email}" for "Email"}
+  And %{I fill in "password" for "Password"}
+  And %{I press "Sign in"}
+  Then %{I should be on the homepage}
+  #And %{I should see "Sign in successful!"}
+end
+
+Given /^I have the role "(.*)"$/ do |role|
+  @current_user.roles << Role.create!(
+    :name => role
+    )
+  @current_user.save
+end
+
+Given /^I only have the role "(.*)"$/ do |role|
+  @current_user.roles = [ Role.create!( :name => role) ]
+  @current_user.save
+end
+
+Given /^I am signed out$/ do
+  Given %{I am on the sign out page}
+  Then %{I should be on the homepage page}
+  #And %{I should see "Sign out successful"}
+end