devise-twitter 0.1.0

data/.gitignore

@@ -0,0 +1,5 @@
+pkg/*
+*.gem
+.bundle
+.rvmrc
+session.vim

data/Gemfile

@@ -0,0 +1,4 @@
+source :gemcutter
+
+# Specify your gem's dependencies in devise-twitter.gemspec
+gemspec

data/Gemfile.lock

@@ -0,0 +1,30 @@
+PATH
+  remote: .
+  specs:
+    devise-twitter (0.0.1)
+      devise (>= 1.1.0)
+      warden_oauth (~> 0.1.1)
+
+GEM
+  remote: http://rubygems.org/
+  specs:
+    bcrypt-ruby (2.1.2)
+    devise (1.1.2)
+      bcrypt-ruby (~> 2.1.2)
+      warden (~> 0.10.7)
+    oauth (0.4.3)
+    rack (1.2.1)
+    warden (0.10.7)
+      rack (>= 1.0.0)
+    warden_oauth (0.1.1)
+      oauth
+      warden (>= 0.8.1)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  bundler (>= 1.0.0)
+  devise (>= 1.1.0)
+  devise-twitter!
+  warden_oauth (~> 0.1.1)

data/MIT-LICENSE

@@ -0,0 +1,21 @@
+Copyright 2010 Martin Schuerrer. http://www.schuerrer.org
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+

data/README.md

@@ -0,0 +1,145 @@
+devise-twitter
+==========
+
+Devise-twitter adds **Sign in via Twitter** and **Connect your account to
+Twitter** functionality to your [devise][1] app.
+
+It requires at least Devise 1.1 and ONLY works with Rails 3.
+
+Current status
+--------------
+
+Devise-twitter currently supports *Sign in via Twitter* and *Connect your
+account to Twitter*, but no proper API for *Connect your account to Twitter*
+exists so far.
+
+This plugin is in use in an upcoming product and continues to be improved.
+
+Installation
+------------
+
+Simply add devise-twitter to your Gemfile and bundle it up:
+
+    gem 'devise-twitter'
+
+Run the generator, supplying the name of the model (e.g. User)
+
+    $ rails generate devise:twitter user
+
+Add your OAuth credentials to `config/initializers/devise_twitter.rb` 
+
+    Devise::Twitter.setup do |config|
+      config.consumer_key = <YOUR CONSUMER KEY HERE>
+      config.consumer_secret = <YOUR CONSUMER SECRET HERE>
+      config.scope = :user
+    end
+
+Modify your user model like so
+
+    class User < ActiveRecord::Base
+      # To use devise-twitter don't forget to include the :twitter_oauth module:
+      # e.g. devise :database_authenticatable, ... , :twitter_oauth
+    
+      # IMPORTANT: If you want to support sign in via twitter you MUST remove the
+      #            :validatable module, otherwise the user will never be saved
+      #            since it's email and password is blank.
+      #            :validatable checks only email and password so it's safe to remove
+    
+      # Include default devise modules. Others available are:
+      # :token_authenticatable, :confirmable, :lockable and :timeoutable
+      devise :database_authenticatable, :registerable,
+             :recoverable, :rememberable, :trackable :twitter_oauth
+    
+      # Setup accessible (or protected) attributes for your model
+      attr_accessible :email, :password, :password_confirmation, :remember_me
+    end
+
+
+Modify the generated routes (in `config/routes.rb`) to your liking
+
+    Application.routes.draw do
+      devise_for :user do
+        match '/user/sign_in/twitter' => Devise::Twitter::Rack::Signin
+        match '/user/connect/twitter' => Devise::Twitter::Rack::Connect
+      end
+      ...
+
+Run the generated migration
+
+    $ rake db:migrate
+
+
+
+Signing in via Twitter
+----------------------
+
+When signing in via Twitter, after authorizing access on www.twitter.com,
+devise-twitter will sign in an existing user or create a new one, if no user
+with these oauth credentials exists.
+
+
+Connect your account to Twitter
+-------------------------------
+
+Devise-twitter supports adding Twitter credentials to an existing user account
+(e.g. one that registered via email/password) but currently the API to expose
+this feature is far from perfect:
+
+After navigating to `/user/connect/twitter` and authorizing access on
+www.twitter.com, devise-twitter checks if there is another user with the same
+twitter handle. If not devise-twitter adds twitter handle and oauth credentials
+to the current user and saves.
+
+If another user with the same twitter handle is found devise-twitter sets the
+session variable `warden.user.twitter.connected_user.key` to the id of this
+user. Your application can check if this variable is set and display an option
+to merge the two users.
+
+    if connected_user = session['warden.user.twitter.connected_user.key'].present?
+      connected_user = User.find(connected_user)
+
+      # Ask user if she/he wants to merge her/his accounts
+      # (or just go ahead and merge them)
+    end
+
+If you have any idea how to improve it, please message me.
+
+Database changes
+----------------
+
+The generated migration adds three fields to your user model:
+
+    change_table(:users) do |t|
+      t.column :twitter_handle, :string
+      t.column :twitter_oauth_token, :string
+      t.column :twitter_oauth_secret, :string
+    end
+
+    add_index :users, :twitter_handle, :unique => true
+    add_index :users, [:twitter_oauth_token, :twitter_oauth_secret]
+
+Currently the names of these fields are hard coded, but making them
+customizable is on the roadmap.
+
+
+
+Acknowledgements
+----------------
+
+Thanks to
+
+* [Daniel Neighman](http://twitter.com/hassox) for creating warden, the framework Devise uses
+* [Jose Valim](http://twitter.com/josevalim) for creating Devise
+* [Pelle Braendgaard](http://stakeventures.com/pages/whoami) for implementing oauth support in Ruby
+* [Roman Gonzalez](http://www.romanandreg.com/) for creating warden_oauth, the framework devise-twitter uses
+* all the other giants who's shoulders this project stands on
+
+
+Meta
+----
+
+* Code: `git clone http://github.com/MSch/devise-twitter`
+* Bugs: <http://github.com/MSch/devise-twitter/issues>
+* Gems: <http://rubygems.org/gems/devise-twitter>
+
+[1]:http://github.com/plataformatec/devise

data/Rakefile

@@ -0,0 +1,2 @@
+require 'bundler'
+Bundler::GemHelper.install_tasks

data/devise-twitter.gemspec

@@ -0,0 +1,25 @@
+# -*- encoding: utf-8 -*-
+require File.expand_path("../lib/devise/twitter/version", __FILE__)
+
+Gem::Specification.new do |s|
+  s.name        = "devise-twitter"
+  s.version     = Devise::Twitter::VERSION
+  s.platform    = Gem::Platform::RUBY
+  s.authors     = ['Martin Schuerrer']
+  s.email       = ['martin@schuerrer.org']
+  s.homepage    = "http://github.com/MSch/devise-twitter"
+  s.summary     = "Sign in via Twitter and Connect your account to Twitter functionality for your Devise/Rails app"
+  s.description = "Check out the README for comprehensive documentation"
+
+  s.required_rubygems_version = ">= 1.3.6"
+  s.rubyforge_project         = "devise-twitter"
+
+  # FIXME: Seems like bundler can't handle [">= 1.1.0", "< 1.3.0"]
+  s.add_dependency "devise", ">= 1.1.0"
+  s.add_dependency "warden_oauth", "~> 0.1.1"
+  s.add_development_dependency "bundler", ">= 1.0.0"
+
+  s.files        = `git ls-files`.split("\n")
+  s.executables  = `git ls-files`.split("\n").map{|f| f =~ /^bin\/(.*)/ ? $1 : nil}.compact
+  s.require_path = 'lib'
+end

data/lib/devise-twitter.rb

@@ -0,0 +1,14 @@
+module Devise
+  module Twitter
+  end
+end
+
+require "rack"
+require "warden"
+require "oauth"
+require "warden_oauth"
+require "devise"
+require "devise/twitter"
+require "devise/twitter/rack"
+require "devise/twitter/warden"
+require "devise/twitter/version"

data/lib/devise/twitter.rb

@@ -0,0 +1,39 @@
+module Devise
+  module Twitter
+    @@setup_done = false
+
+    mattr_accessor :consumer_key
+    @@consumer_key = nil
+
+    # Private methods to interface with Warden.
+    mattr_accessor :consumer_secret
+    @@consumer_secret = nil
+
+    mattr_accessor :scope
+    @@scope = nil
+
+    # Default way to setup Devise. Run rails generate devise_install to create
+    # a fresh initializer with all configuration values.
+    def self.setup
+      raise "Can not invoke setup twice" if @@setup_done
+      yield self
+      @@setup_done = true
+
+      Devise.warden do |manager|
+        manager.oauth(:twitter) do |twitter|
+          twitter.consumer_key  = @@consumer_key
+          twitter.consumer_secret = @@consumer_secret
+          twitter.options = {
+            :site => "https://api.twitter.com",
+            :request_token_path => "/oauth/request_token",
+            :access_token_path => "/oauth/access_token",
+            :authorize_path => "/oauth/authenticate",
+            :realm => "http://api.twitter.com/"
+          }
+        end
+        manager.default_strategies(:scope => @@scope).unshift :twitter_oauth
+      end
+    end
+  end
+end
+

data/lib/devise/twitter/rack.rb

@@ -0,0 +1,64 @@
+module Devise
+  module Twitter
+    module Rack
+      Signin = proc do |env|
+        warden = env['warden']
+        session = env['rack.session']
+        request = ::Rack::Request.new(env)
+        scope = env["devise.mapping"].singular
+
+        if request.params.include?('oauth_token')
+          # We got a redirect from Twitter back
+
+          # Perform _only_ the twitter_oauth strategy.
+          # Emulate _perform_authentication in _warden/proxy.rb
+          strategy = warden.send(:_fetch_strategy, :twitter_oauth, scope)
+          strategy.authenticate!
+          if strategy.user
+            warden.set_user(strategy.user, :event => :authentication, :scope => scope)
+          end
+
+          redirect_to Warden::OAuth::Utils.host_with_port(request)
+        else
+          # Perform the redirect to Twitter
+          strategy = warden.send(:_fetch_strategy, :twitter_oauth, scope)
+
+          # warden_oauth would always redirect to / so we need to hook into it
+          request_token = strategy.consumer.get_request_token(:oauth_callback => request.url)
+          strategy.instance_variable_set(:@request_token, request_token)
+
+          # warden_oauth does exactly this if params.include? warden_oauth_provider
+          # which we also hack around
+          strategy.send(:store_request_token_on_session)
+          redirect_to request_token.authorize_url
+        end
+      end
+
+      Connect = proc do |env|
+        # Check that user exists in DB, otherwise we'll get 'user with access token not found'
+        # But since connecting to twitter only makes sense for existing users that's ok
+        # TODO: If our user is unobtrusive redirect_to :back
+        scope = env["devise.mapping"].singular
+        env["warden.#{scope}.twitter.perform_connect"] = true
+
+        Signin.call(env)
+      end
+
+      private
+
+      # Stolen from action_dispatch/routing/mapper.rb
+      def self.redirect_to(url)
+        status = 302 # Found
+        body = %(<html><body>You are being <a href="#{ERB::Util.h(url.to_s)}">redirected</a>.</body></html>)
+
+        headers = {
+          'Location' => url.to_s,
+          'Content-Type' => 'text/html',
+          'Content-Length' => body.length.to_s
+        }
+
+        [ status, headers, [body] ]
+      end
+    end
+  end
+end

data/lib/devise/twitter/version.rb

@@ -0,0 +1,5 @@
+module Devise
+  module Twitter
+    VERSION = "0.1.0"
+  end
+end

data/lib/devise/twitter/warden.rb

@@ -0,0 +1,42 @@
+Warden::OAuth.access_token_user_finder(:twitter) do |access_token|
+  perform_connect = (env["warden.#{@scope}.twitter.perform_connect"] == true)
+  twitter_handle = access_token.params[:screen_name]
+  klass = @env['devise.mapping'].class_name.constantize
+
+  if perform_connect
+    # Add twitter_handle to current user
+    already_existing_user = klass.find_by_twitter_handle(twitter_handle)
+    if already_existing_user.blank?
+      # We don't know anyone with this handle, therefore continue with connecting
+      user = @env['warden'].user
+      user.twitter_handle = twitter_handle
+      user.twitter_oauth_token = access_token.token
+      user.twitter_oauth_secret = access_token.secret
+      user.save
+      return user
+    else
+      # We already have such a user in our DB
+      session["warden.#{@scope}.twitter.connected_user.key"] = already_existing_user.id
+      return @env['warden'].user
+    end
+  else
+    previous_user = @env['warden'].user
+
+    # Try to find user by token
+    user = klass.find_by_twitter_oauth_token_and_twitter_oauth_secret(access_token.token, access_token.secret)
+
+    # Since we are logging in a new user we want to make sure the before_logout hook is called
+    @env['warden'].logout if previous_user.present?
+
+    if user.nil?
+      # Create user if we don't know him yet
+      user = klass.new
+      user.twitter_handle = twitter_handle
+      user.twitter_oauth_token = access_token.token
+      user.twitter_oauth_secret = access_token.secret
+      user.save
+    end
+
+    return user
+  end
+end

data/lib/generators/devise/USAGE

@@ -0,0 +1,8 @@
+Description:
+    Generates for the model with the given NAME a migration file and devise-twitter routes.
+
+Example:
+    rails generate devise:twitter User
+
+    This will create:
+        what/will/it/create

data/lib/generators/devise/templates/README

@@ -0,0 +1 @@
+What you need to do now

data/lib/generators/devise/templates/initializer.rb

@@ -0,0 +1,6 @@
+Devise::Twitter.setup do |config|
+  config.consumer_key = <YOUR CONSUMER KEY>
+  config.consumer_secret = <YOUR CONSUMER SECRET>
+  config.scope = :<%= singular_name %>
+end
+

data/lib/generators/devise/templates/migration.rb

@@ -0,0 +1,23 @@
+class AddDeviseTwitterFieldsTo<%= table_name.camelize %> < ActiveRecord::Migration
+  def self.up
+    change_table(:<%= table_name %>) do |t|
+      t.column :twitter_handle, :string
+      t.column :twitter_oauth_token, :string
+      t.column :twitter_oauth_secret, :string
+    end
+
+    add_index :<%= table_name %>, :twitter_handle, :unique => true
+    add_index :<%= table_name %>, [:twitter_oauth_token, :twitter_oauth_secret]
+  end
+
+  def self.down
+    remove_index :<%= table_name %>, :column => :twitter_handle
+    remove_index :<%= table_name %>, :column => [:twitter_oauth_token, :twitter_oauth_secret]
+
+    change_table(:<%= table_name %>) do |t|
+      t.remove :twitter_handle, :string
+      t.remove :twitter_oauth_token, :string
+      t.remove :twitter_oauth_secret, :string
+    end
+  end
+end

data/lib/generators/devise/twitter_generator.rb

@@ -0,0 +1,47 @@
+require 'rails/generators/active_record'
+
+module Devise
+  module Generators
+    class TwitterGenerator < ActiveRecord::Generators::Base
+      source_root File.expand_path('../templates', __FILE__)
+      def add_migration
+        migration_template "migration.rb", "db/migrate/add_devise_twitter_fields_to_#{table_name}"
+      end
+
+      def inject_devise_twitter_intomodel
+        inject_into_class model_path, class_name, <<-CONTENT
+  # To use devise-twitter don't forget to include the :twitter_oauth module:
+  # e.g. devise :database_authenticatable, ... , :twitter_oauth
+
+  # IMPORTANT: If you want to support sign in via twitter you MUST remove the
+  #            :validatable module, otherwise the user will never be saved
+  #            since it's email and password is blank.
+  #            :validatable checks only email and password so it's safe to remove
+
+CONTENT
+      end
+
+      def copy_initializer
+        template "initializer.rb", "config/initializers/devise_twitter.rb"
+      end
+
+      def add_devise_twitter_routes
+        route <<-CONTENT
+devise_for :#{singular_name} do
+    match '/#{singular_name}/sign_in/twitter' => Devise::Twitter::Rack::Signin
+    match '/#{singular_name}/connect/twitter' => Devise::Twitter::Rack::Connect
+  end
+CONTENT
+      end
+
+      def show_readme
+        readme "README" if behavior == :invoke
+      end
+
+      private
+      def model_path
+        @model_path ||= File.join("app", "models", "#{file_path}.rb")
+      end
+    end
+  end
+end

metadata

@@ -0,0 +1,127 @@
+--- !ruby/object:Gem::Specification 
+name: devise-twitter
+version: !ruby/object:Gem::Version 
+  prerelease: false
+  segments: 
+  - 0
+  - 1
+  - 0
+  version: 0.1.0
+platform: ruby
+authors: 
+- Martin Schuerrer
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2010-09-13 00:00:00 +02:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: devise
+  prerelease: false
+  requirement: &id001 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        segments: 
+        - 1
+        - 1
+        - 0
+        version: 1.1.0
+  type: :runtime
+  version_requirements: *id001
+- !ruby/object:Gem::Dependency 
+  name: warden_oauth
+  prerelease: false
+  requirement: &id002 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        segments: 
+        - 0
+        - 1
+        - 1
+        version: 0.1.1
+  type: :runtime
+  version_requirements: *id002
+- !ruby/object:Gem::Dependency 
+  name: bundler
+  prerelease: false
+  requirement: &id003 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        segments: 
+        - 1
+        - 0
+        - 0
+        version: 1.0.0
+  type: :development
+  version_requirements: *id003
+description: Check out the README for comprehensive documentation
+email: 
+- martin@schuerrer.org
+executables: []
+
+extensions: []
+
+extra_rdoc_files: []
+
+files: 
+- .gitignore
+- Gemfile
+- Gemfile.lock
+- MIT-LICENSE
+- README.md
+- Rakefile
+- devise-twitter.gemspec
+- lib/devise-twitter.rb
+- lib/devise/twitter.rb
+- lib/devise/twitter/rack.rb
+- lib/devise/twitter/version.rb
+- lib/devise/twitter/warden.rb
+- lib/generators/devise/USAGE
+- lib/generators/devise/templates/README
+- lib/generators/devise/templates/initializer.rb
+- lib/generators/devise/templates/migration.rb
+- lib/generators/devise/twitter_generator.rb
+has_rdoc: true
+homepage: http://github.com/MSch/devise-twitter
+licenses: []
+
+post_install_message: 
+rdoc_options: []
+
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      segments: 
+      - 0
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      segments: 
+      - 1
+      - 3
+      - 6
+      version: 1.3.6
+requirements: []
+
+rubyforge_project: devise-twitter
+rubygems_version: 1.3.7
+signing_key: 
+specification_version: 3
+summary: Sign in via Twitter and Connect your account to Twitter functionality for your Devise/Rails app
+test_files: []
+