devise-edge 1.2.rc

data/lib/devise/models/encryptable.rb

@@ -0,0 +1,65 @@
+require 'devise/strategies/database_authenticatable'
+
+module Devise
+  module Models
+    # Encryptable Module adds support to several encryptors.
+    #
+    # == Options
+    #
+    # Encryptable adds the following options to devise_for:
+    #
+    #   * +pepper+: a random string used to provide a more secure hash.
+    #
+    #   * +encryptor+: the encryptor going to be used. By default is nil.
+    #
+    # == Examples
+    #
+    #    User.find(1).valid_password?('password123') # returns true/false
+    #
+    module Encryptable
+      extend ActiveSupport::Concern
+
+      included do
+        attr_reader :password, :current_password
+        attr_accessor :password_confirmation
+      end
+
+      # Generates password salt.
+      def password=(new_password)
+        self.password_salt = self.class.password_salt if new_password.present?
+        super
+      end
+
+      def authenticatable_salt
+        self.password_salt
+      end
+
+      # Verifies whether an incoming_password (ie from sign in) is the user password.
+      def valid_password?(incoming_password)
+        password_digest(incoming_password) == self.encrypted_password
+      end
+
+    protected
+
+      # Digests the password using the configured encryptor.
+      def password_digest(password)
+        if self.password_salt.present?
+          self.class.encryptor_class.digest(password, self.class.stretches, self.password_salt, self.class.pepper)
+        end
+      end
+
+      module ClassMethods
+        Devise::Models.config(self, :pepper, :encryptor)
+
+        # Returns the class for the configured encryptor.
+        def encryptor_class
+          @encryptor_class ||= ::Devise::Encryptors.const_get(encryptor.to_s.classify)
+        end
+
+        def password_salt
+          self.encryptor_class.salt(self.stretches)
+        end
+      end
+    end
+  end
+end

data/lib/devise/models/lockable.rb

@@ -0,0 +1,168 @@
+module Devise
+  module Models
+    # Handles blocking a user access after a certain number of attempts.
+    # Lockable accepts two different strategies to unlock a user after it's
+    # blocked: email and time. The former will send an email to the user when
+    # the lock happens, containing a link to unlock it's account. The second
+    # will unlock the user automatically after some configured time (ie 2.hours).
+    # It's also possible to setup lockable to use both email and time strategies.
+    #
+    # == Options
+    #
+    # Lockable adds the following options to devise_for:
+    #
+    #   * +maximum_attempts+: how many attempts should be accepted before blocking the user.
+    #   * +lock_strategy+: lock the user account by :failed_attempts or :none.
+    #   * +unlock_strategy+: unlock the user account by :time, :email, :both or :none.
+    #   * +unlock_in+: the time you want to lock the user after to lock happens. Only available when unlock_strategy is :time or :both.
+    #
+    module Lockable
+      extend  ActiveSupport::Concern
+
+      delegate :lock_strategy_enabled?, :unlock_strategy_enabled?, :to => "self.class"
+
+      # Lock an user setting it's locked_at to actual time.
+      def lock_access!
+        self.locked_at = Time.now
+
+        if unlock_strategy_enabled?(:email)
+          generate_unlock_token
+          send_unlock_instructions
+        end
+
+        save(:validate => false)
+      end
+
+      # Unlock an user by cleaning locket_at and failed_attempts.
+      def unlock_access!
+        if_access_locked do
+          self.locked_at = nil
+          self.failed_attempts = 0 if respond_to?(:failed_attempts=)
+          self.unlock_token = nil  if respond_to?(:unlock_token=)
+          save(:validate => false)
+        end
+      end
+
+      # Verifies whether a user is locked or not.
+      def access_locked?
+        locked_at && !lock_expired?
+      end
+
+      # Send unlock instructions by email
+      def send_unlock_instructions
+        ::Devise.mailer.unlock_instructions(self).deliver
+      end
+
+      # Resend the unlock instructions if the user is locked.
+      def resend_unlock_token
+        if_access_locked { send_unlock_instructions }
+      end
+
+      # Overwrites active? from Devise::Models::Activatable for locking purposes
+      # by verifying whether an user is active to sign in or not based on locked?
+      def active?
+        super && !access_locked?
+      end
+
+      # Overwrites invalid_message from Devise::Models::Authenticatable to define
+      # the correct reason for blocking the sign in.
+      def inactive_message
+        access_locked? ? :locked : super
+      end
+
+      # Overwrites valid_for_authentication? from Devise::Models::Authenticatable
+      # for verifying whether an user is allowed to sign in or not. If the user
+      # is locked, it should never be allowed.
+      def valid_for_authentication?
+        return super unless persisted? && lock_strategy_enabled?(:failed_attempts)
+
+        case (result = super)
+        when Symbol
+          return result
+        when TrueClass
+          self.failed_attempts = 0
+        when FalseClass
+          # PostgreSQL uses nil as the default value for integer columns set to 0
+          self.failed_attempts ||= 0
+          self.failed_attempts += 1
+          if attempts_exceeded?
+            lock_access!
+            return :locked
+          end
+        end
+
+        save(:validate => false) if changed?
+        result
+      end
+
+      protected
+
+        def attempts_exceeded?
+          self.failed_attempts > self.class.maximum_attempts
+        end
+
+        # Generates unlock token
+        def generate_unlock_token
+          self.unlock_token = self.class.unlock_token
+        end
+
+        # Tells if the lock is expired if :time unlock strategy is active
+        def lock_expired?
+          if unlock_strategy_enabled?(:time)
+            locked_at && locked_at < self.class.unlock_in.ago
+          else
+            false
+          end
+        end
+
+        # Checks whether the record is locked or not, yielding to the block
+        # if it's locked, otherwise adds an error to email.
+        def if_access_locked
+          if access_locked?
+            yield
+          else
+            self.errors.add(:email, :not_locked)
+            false
+          end
+        end
+
+      module ClassMethods
+        # Attempt to find a user by it's email. If a record is found, send new
+        # unlock instructions to it. If not user is found, returns a new user
+        # with an email not found error.
+        # Options must contain the user email
+        def send_unlock_instructions(attributes={})
+         lockable = find_or_initialize_with_errors(authentication_keys, attributes, :not_found)
+         lockable.resend_unlock_token if lockable.persisted?
+         lockable
+        end
+
+        # Find a user by it's unlock token and try to unlock it.
+        # If no user is found, returns a new user with an error.
+        # If the user is not locked, creates an error for the user
+        # Options must have the unlock_token
+        def unlock_access_by_token(unlock_token)
+          lockable = find_or_initialize_with_error_by(:unlock_token, unlock_token)
+          lockable.unlock_access! if lockable.persisted?
+          lockable
+        end
+
+        # Is the unlock enabled for the given unlock strategy?
+        def unlock_strategy_enabled?(strategy)
+          [:both, strategy].include?(self.unlock_strategy)
+        end
+
+        # Is the lock enabled for the given lock strategy?
+        def lock_strategy_enabled?(strategy)
+          self.lock_strategy == strategy
+        end
+
+        def unlock_token
+          Devise.friendly_token
+        end
+
+        Devise::Models.config(self, :maximum_attempts, :lock_strategy, :unlock_strategy, :unlock_in)
+      end
+    end
+  end
+end

data/lib/devise/models/oauthable.rb

@@ -0,0 +1,49 @@
+module Devise
+  module Models
+    # Adds OAuth support to your model. The whole workflow is deeply discussed in the
+    # README. This module adds just a class +oauth_access_token+ helper to your model
+    # which assists you on creating an access token. All the other OAuth hooks in
+    # Devise must be implemented by yourself in your application.
+    #
+    # == Options
+    #
+    # Oauthable adds the following options to devise_for:
+    #
+    #   * +oauth_providers+: Which providers are avaialble to this model. It expects an array:
+    #
+    #       devise_for :database_authenticatable, :oauthable, :oauth_providers => [:twitter]
+    #
+    module Oauthable
+      extend ActiveSupport::Concern
+
+      module ClassMethods
+        def oauth_configs #:nodoc:
+          Devise.oauth_configs.slice(*oauth_providers)
+        end
+
+        # Pass a token stored in the database to this object to get an OAuth2::AccessToken
+        # object back, as the one received in your model hook.
+        #
+        # For each provider you add, you may want to add a hook to retrieve the token based
+        # on the column you stored the token in the database. For example, you may want to
+        # the following for twitter:
+        #
+        #   def oauth_twitter_token
+        #     @oauth_twitter_token ||= self.class.oauth_access_token(:twitter, twitter_token)
+        #   end
+        #
+        # You can call get, post, put and delete in this object to access Twitter's API.
+        def oauth_access_token(provider, token)
+          oauth_configs[provider].access_token_by_token(token)
+        end
+
+        # TODO Implement this method in the future.
+        # def refresh_oauth_token(provider, refresh_token)
+        #   returns access_token
+        # end
+
+        Devise::Models.config(self, :oauth_providers)
+      end
+    end
+  end
+end

data/lib/devise/models/recoverable.rb

@@ -0,0 +1,83 @@
+module Devise
+  module Models
+
+    # Recoverable takes care of reseting the user password and send reset instructions.
+    #
+    # == Examples
+    #
+    #   # resets the user password and save the record, true if valid passwords are given, otherwise false
+    #   User.find(1).reset_password!('password123', 'password123')
+    #
+    #   # only resets the user password, without saving the record
+    #   user = User.find(1)
+    #   user.reset_password('password123', 'password123')
+    #
+    #   # creates a new token and send it with instructions about how to reset the password
+    #   User.find(1).send_reset_password_instructions
+    #
+    module Recoverable
+      extend ActiveSupport::Concern
+
+      # Update password saving the record and clearing token. Returns true if
+      # the passwords are valid and the record was saved, false otherwise.
+      def reset_password!(new_password, new_password_confirmation)
+        self.password = new_password
+        self.password_confirmation = new_password_confirmation
+        clear_reset_password_token if valid?
+        save
+      end
+
+      # Resets reset password token and send reset password instructions by email
+      def send_reset_password_instructions
+        generate_reset_password_token!
+        ::Devise.mailer.reset_password_instructions(self).deliver
+      end
+
+      protected
+
+        # Generates a new random token for reset password
+        def generate_reset_password_token
+          self.reset_password_token = self.class.reset_password_token
+        end
+
+        # Resets the reset password token with and save the record without
+        # validating
+        def generate_reset_password_token!
+          generate_reset_password_token && save(:validate => false)
+        end
+
+        # Removes reset_password token
+        def clear_reset_password_token
+          self.reset_password_token = nil
+        end
+
+      module ClassMethods
+        # Attempt to find a user by it's email. If a record is found, send new
+        # password instructions to it. If not user is found, returns a new user
+        # with an email not found error.
+        # Attributes must contain the user email
+        def send_reset_password_instructions(attributes={})
+          recoverable = find_or_initialize_with_errors(authentication_keys, attributes, :not_found)
+          recoverable.send_reset_password_instructions if recoverable.persisted?
+          recoverable
+        end
+
+        # Generate a token checking if one does not already exist in the database.
+        def reset_password_token
+          generate_token(:reset_password_token)
+        end
+
+        # Attempt to find a user by it's reset_password_token to reset it's
+        # password. If a user is found, reset it's password and automatically
+        # try saving the record. If not user is found, returns a new user
+        # containing an error in reset_password_token attribute.
+        # Attributes must contain reset_password_token, password and confirmation
+        def reset_password_by_token(attributes={})
+          recoverable = find_or_initialize_with_error_by(:reset_password_token, attributes[:reset_password_token])
+          recoverable.reset_password!(attributes[:password], attributes[:password_confirmation]) if recoverable.persisted?
+          recoverable
+        end
+      end
+    end
+  end
+end

data/lib/devise/models/registerable.rb

@@ -0,0 +1,21 @@
+module Devise
+  module Models
+    # Registerable is responsible for everything related to registering a new
+    # resource (ie user sign up).
+    module Registerable
+      extend ActiveSupport::Concern
+
+      module ClassMethods
+        # A convenience method that receives both parameters and session to
+        # initialize an user. This can be used by OAuth, for example, to send
+        # in the user token and be stored on initialization.
+        #
+        # By default discards all information sent by the session by calling
+        # new with params.
+        def new_with_session(params, session)
+          new(params)
+        end
+      end
+    end
+  end
+end

data/lib/devise/models/rememberable.rb

@@ -0,0 +1,122 @@
+require 'devise/strategies/rememberable'
+require 'devise/hooks/rememberable'
+require 'devise/hooks/forgetable'
+
+module Devise
+  module Models
+    # Rememberable manages generating and clearing token for remember the user
+    # from a saved cookie. Rememberable also has utility methods for dealing
+    # with serializing the user into the cookie and back from the cookie, trying
+    # to lookup the record based on the saved information.
+    # You probably wouldn't use rememberable methods directly, they are used
+    # mostly internally for handling the remember token.
+    #
+    # == Options
+    #
+    # Rememberable adds the following options in devise_for:
+    #
+    #   * +remember_for+: the time you want the user will be remembered without
+    #     asking for credentials. After this time the user will be blocked and
+    #     will have to enter his credentials again. This configuration is also
+    #     used to calculate the expires time for the cookie created to remember
+    #     the user. By default remember_for is 2.weeks.
+    #
+    #   * +remember_across_browsers+: if a valid remember token can be re-used
+    #     between multiple browsers. By default remember_across_browsers is true
+    #     and cannot be turned off if you are using password salt instead of remember
+    #     token.
+    #
+    #   * +extend_remember_period+: if true, extends the user's remember period
+    #     when remembered via cookie. False by default.
+    #
+    #   * +cookie_options+: configuration options passed to the created cookie.
+    #
+    # == Examples
+    #
+    #   User.find(1).remember_me!  # regenerating the token
+    #   User.find(1).forget_me!    # clearing the token
+    #
+    #   # generating info to put into cookies
+    #   User.serialize_into_cookie(user)
+    #
+    #   # lookup the user based on the incoming cookie information
+    #   User.serialize_from_cookie(cookie_string)
+    module Rememberable
+      extend ActiveSupport::Concern
+
+      included do
+        # Remember me option available in after_authentication hook.
+        attr_accessor :remember_me
+      end
+
+      # Generate a new remember token and save the record without validations
+      # unless remember_across_browsers is true and the user already has a valid token.
+      def remember_me!(extend_period=false)
+        self.remember_token = self.class.remember_token if respond_to?(:remember_token) && generate_remember_token?
+        self.remember_created_at = Time.now.utc if generate_remember_timestamp?(extend_period)
+        save(:validate => false)
+      end
+
+      # Removes the remember token only if it exists, and save the record
+      # without validations.
+      def forget_me!
+        self.remember_token = nil if respond_to?(:remember_token)
+        self.remember_created_at = nil
+        save(:validate => false)
+      end
+
+      # Remember token should be expired if expiration time not overpass now.
+      def remember_expired?
+        remember_created_at.nil? || (remember_expires_at <= Time.now.utc)
+      end
+
+      # Remember token expires at created time + remember_for configuration
+      def remember_expires_at
+        remember_created_at + self.class.remember_for
+      end
+
+      def rememberable_value
+        respond_to?(:remember_token) ? self.remember_token : self.authenticatable_salt
+      end
+
+      def cookie_options
+        self.class.cookie_options
+      end
+
+    protected
+
+      # Generate a token unless remember_across_browsers is true and there is
+      # an existing remember_token or the existing remember_token has expried.
+      def generate_remember_token? #:nodoc:
+        !(self.class.remember_across_browsers && remember_token) || remember_expired?
+      end
+
+      # Generate a timestamp if extend_remember_period is true, if no remember_token
+      # exists, or if an existing remember token has expired.
+      def generate_remember_timestamp?(extend_period) #:nodoc:
+        extend_period || remember_created_at.nil? || remember_expired?
+      end
+
+      module ClassMethods
+        # Create the cookie key using the record id and remember_token
+        def serialize_into_cookie(record)
+          [record.id, record.rememberable_value]
+        end
+
+        # Recreate the user based on the stored cookie
+        def serialize_from_cookie(id, remember_token)
+          record = find(:first, :conditions => { :id => id })
+          record if record && record.rememberable_value == remember_token && !record.remember_expired?
+        end
+
+        # Generate a token checking if one does not already exist in the database.
+        def remember_token
+          generate_token(:remember_token)
+        end
+
+        Devise::Models.config(self, :remember_for, :remember_across_browsers,
+          :extend_remember_period, :cookie_options)
+      end
+    end
+  end
+end