devise_capturable 0.0.5

data/.gitignore

@@ -0,0 +1,18 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp
+.DS_Store

data/Gemfile

@@ -0,0 +1,2 @@
+source 'https://rubygems.org'
+gemspec

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2013 Rune Skjoldborg Madsen
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,165 @@
+# Devise::Capturable
+
+`Devise::Capturable` is a gem that makes it possible to use the Janrain Engage user registration widget, while still having a Devise authentication setup with a Rails `User` model.
+
+In the following I use the name `User` for the Devise user model, but it will work with any Devise-enabled model.
+
+## Flow
+
+This gem will replace the normal Devise `registrations` and `sessions` views with the Janrain user registration widget. The flow is as follows.
+
+* User clicks a login link
+* User is presented with the user registration widget and either registers or logs in
+* The gem automatically listens to the widget's `onCaptureLoginSuccess` event, grabs the oauth code, and makes a `POST` request with the OAuth code to the `sessions_controller`
+* The gem will grab the oauth token in the `session_controller`, load the user data from the Capture API (to ensure the validity of the token), and either create a new user or log in the user if the user already exists in the Rails DB.
+
+## Setup
+
+You will need to perform these steps to setup the gem.
+
+#### Add gem to Gemfile
+
+```ruby
+gem "devise_capturable", :git => "git://github.com/runemadsen/devise-capturable.git"
+```
+
+#### Add `:capturable` to your `User` model
+
+```ruby
+class User < ActiveRecord::Base
+  devise ..., :capturable
+end
+```
+
+#### Update initializer
+
+In your `config/initializers/devise.rb` initializer, add the following settings.
+
+```ruby
+Devise.setup do |config|
+  config.capturable_server = "https://myapp.janraincapture.com"  
+  config.capturable_client_id = "myclientid"
+  config.capturable_client_secret = "myclientsecret"
+end
+```
+
+#### Add Gem Javascript to you asset pipeline
+
+The gem ships with a JS file that automatically subscribes to the login event and makes a POST to the `sessions_controller`. Make sure to include it in you asset pipeline.
+
+```javascript
+//= require devise_capturable
+```
+
+#### Add Janrain Javascript
+
+Now add the script provided by Janrain with `janrainDefaultSettings()`, `janrainInitLoad()`, and all the HTML template strings to your application layout. You might need to include a different script in your development environment.
+
+Keep in mind that this script does not need to include any `onCaptureLoginSuccess` event listeners or other event code. The gem will handle that for you.
+
+```html
+<html>
+  <head>
+  	...
+    <script type="text/javascript" id="janrainCaptureDevScript">
+      // YOUR CODE HERE
+     </script>
+  </head>
+  <body>
+  	...
+  </body>
+ </html>
+```
+
+#### Add Janrain CSS
+
+Now add the Janrain CSS to your asset pipeline. Simply copy `janrain.css` and `janrain-mobile.css` to `app/assets/stylesheets`.
+
+#### Add links
+
+The gem ships with a helper method to show a link that opens the widget. You will use this to show the login / registration form, but use the normal `destroy_user_session_path` helper to log out the user. This is because Devise, not Capture, is controlling the user cookie.
+
+```erb
+<ul class="nav">
+  <% if user_signed_in? %>
+    <li><%= link_to 'Logout', destroy_user_session_path, :method=>'delete' %></li>
+  <% else %>
+    <li><%= link_to_capturable "Sign In / Sign Up" %></li>
+  <% end %>
+</ul>
+```
+
+#### Done!
+
+That's it! 
+
+By default Devise will now create a database record when the user logs in for the first time. On following logins, the user will just be logged in. The only property Devise will save in the user model is the `email` address provided by Capture. You can however change this (See "Changing Defaults")
+
+## Automated Settings
+
+The Janrain User Registration widget relies on settings that are 1) never used and 2) breaks the widget if they are not present. To circumvent this madness, this gem will automatically set a bunch of janrain setting variables for you:
+
+```javascript
+// these settings will always be the same
+janrain.settings.capture.flowName = 'signIn';
+janrain.settings.capture.responseType = 'code';
+
+// these settings are never used but crashes the widget if not present
+janrain.settings.capture.redirectUri = 'http://stupidsettings.com';
+```
+
+You can delete these settings from your embed code, as the gem will set them for you. Remember that you still need a `tokenUrl` setting with a whitelisted URL, even though this setting is never used either.
+
+## Changing defaults
+
+
+#### Overriding `set_capturable_params`
+
+There are times where you might want to save more than the `email` of your user in the Rails `User` model. You can override the `set_capturable_params` instance method to do this. Here's an example where I'm also saving the `uuid`. The `capture_data` parameter passed to the function is the Janrain Capture `entity` JSON result that has a bunch of information about the user.
+
+```ruby
+class User < ActiveRecord::Base
+  devise ..., :capturable
+  attr_accessible ..., :email, uuid
+  def set_capturable_params(capture_data)
+  	self.email = capture_data["email"]
+  	self.uuid = capture_data["uuid"]
+  end
+end
+```
+
+#### Overriding `find_with_capturable_params`
+
+When a user logs in, Devise will call the Capture API and try to find a user with the email returned by the API. You can change this by overriding the `find_with_capturable_params` instance method in your `User` model. Here's an example where I'm telling Devise to find the user by the `uuid` instead.
+
+```ruby
+def find_with_capturable_params(capture_data)
+	self.find_by_uuid(capture_data["uuid"])
+end
+```
+
+#### Disabling User Creation
+
+By default the gem will create a user if the user doesn't exist in the system. If you want to disable the creation of new users, and only allow current users to log in, you can disable automatic account creation in your `config/intitializers/devise.rb` initializer.
+
+```ruby
+Devise.setup do |config|
+	config.capturable_auto_create_account = false
+end
+```
+
+## Example Application
+
+I've made an example application that demonstrates how to integrate this gem with Rails. You can find it here.
+
+[Rails Capturable Example](https://github.com/runemadsen/capture_example)
+
+## Running the Tests
+
+Run the tests with the `rspec` command.
+
+## TODO
+
+* Ability to add the Janrain script to the asset pipeline. However, it relies on an 'id', which makes it harder.
+* Remove normal Devise sign_in routes? Or leave it up to the user?
+

data/Rakefile

@@ -0,0 +1 @@
+require "bundler/gem_tasks"

data/devise_capturable.gemspec

@@ -0,0 +1,25 @@
+# -*- encoding: utf-8 -*-
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'devise_capturable/version'
+
+Gem::Specification.new do |gem|
+  gem.name          = "devise_capturable"
+  gem.version       = Devise::Capturable::VERSION
+  gem.authors       = ["Rune Skjoldborg Madsen"]
+  gem.email         = ["rune@runemadsen.com"]
+  gem.description   = %q{Devise::Capturable is a gem that makes it possible to use the Janrain Engage user registration widget, while preserving your Devise authentication setup with your custom user model.}
+  gem.summary       = %q{Janrain Capture for Devise}
+  gem.homepage      = ""
+
+  gem.files         = `git ls-files`.split($/)
+  gem.executables   = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
+  gem.test_files    = gem.files.grep(%r{^(test|spec|features)/})
+  gem.require_paths = ["lib"]
+
+  gem.add_runtime_dependency("httparty")
+  gem.add_development_dependency("devise")
+  gem.add_development_dependency("rspec")
+  gem.add_development_dependency("rails")
+
+end

data/lib/assets/javascripts/devise_capturable.js

@@ -0,0 +1,45 @@
+function afterJanrainLogin(result)
+{
+  // create form
+  var form  = $('<form accept-charset="UTF-8" action="/users/sign_in" method="post" id="capturable-inject-form"></form>')
+  
+  // create hidden div in form
+  var hidden_els = $('<div style="margin:0;padding:0;display:inline"></div>')
+
+  // add utf
+  hidden_els.append('<input name="utf8" type="hidden" value="✓">')
+
+  // grab forgery token
+  var token_name = $("meta[name='csrf-param']").attr('content')
+  var token_val = $("meta[name='csrf-token']").attr('content')
+  if(token_name && token_val)
+  {
+    hidden_els.prepend('<input name="'+token_name +'" type="hidden" value="'+token_val+'">')
+  }
+
+  // append hidden els to form
+  form.append(hidden_els)
+
+  // add oauth code to form
+  form.append('<input id="authorization-code" name="code" type="hidden" value="'+result.authorizationCode+'">')
+
+  janrain.capture.ui.modal.close();
+  
+  $('body').append(form);
+  form.submit()
+}
+
+function janrainCaptureWidgetOnLoad() {
+  
+  // these settings will always be the same
+  janrain.settings.capture.flowName = 'signIn';
+  janrain.settings.capture.responseType = 'code';
+  
+  // these settings are never used but crashes the widget if not present
+  janrain.settings.capture.redirectUri = 'http://stupidsettings.com';
+  
+  // go go widget go
+  janrain.capture.ui.start();
+  janrain.events.onCaptureLoginSuccess.addHandler(afterJanrainLogin);
+  janrain.events.onCaptureRegistrationSuccess.addHandler(afterJanrainLogin);
+}

data/lib/devise_capturable/api.rb

@@ -0,0 +1,29 @@
+require 'httparty'
+
+module Devise
+  module Capturable
+    
+    class API
+
+      include HTTParty
+      format :json
+      #debug_output $stderr
+    
+      def self.token(code)
+        post("#{Devise.capturable_server}/oauth/token", :query => {
+          code: code,
+          redirect_uri: "http://stupidsettings.com",
+          grant_type: 'authorization_code',
+          client_id: Devise.capturable_client_id,
+          client_secret: Devise.capturable_client_secret,
+        })
+      end
+    
+      def self.entity(token)
+        post("#{Devise.capturable_server}/entity", headers: { 'Authorization' => "OAuth #{token}" })
+      end
+    end
+
+  end
+end
+

data/lib/devise_capturable/locales/en.yml

@@ -0,0 +1,5 @@
+en:
+  devise:
+    failure:
+      user:
+        capturable_invalid: "Could not login. Invalid account."

data/lib/devise_capturable/model.rb

@@ -0,0 +1,48 @@
+module Devise
+  
+  module Models
+
+    module Capturable
+
+      def self.included(base)
+        base.class_eval do
+          extend ClassMethods
+        end
+      end
+
+      # This is called from strategy and is used to fill a user model before saving
+      # It defaults to just setting the uuid, but you can override this in your user model
+      def set_capturable_params(capture_data)
+        self.email = capture_data["email"]
+      end
+
+      module ClassMethods
+
+        # Configuration params accessible within +Devise.setup+ procedure (in initalizer).
+        #
+        #   Devise.setup do |config|
+        #     config.capturable_auto_create_account = true
+        #   end
+        ::Devise::Models.config(self, :capturable_auto_create_account)
+
+        def capturable_auto_create_account?
+          self.capturable_auto_create_account
+        end
+
+        # This is called from strategy and is used to find a user when returning from janrain
+        # It defaults to find_by_uuid, but you can override this in your user model
+        def find_with_capturable_params(capture_data)
+          self.find_by_email(capture_data["email"])
+        end
+
+        protected
+
+        def valid_for_capturable(resource, attributes)
+          true
+        end
+
+      end
+
+    end
+  end
+end

data/lib/devise_capturable/strategy.rb

@@ -0,0 +1,54 @@
+require 'devise_capturable/api'
+
+module Devise
+  
+  module Capturable
+    
+    module Strategies
+
+      class Capturable < ::Devise::Strategies::Base
+
+        def valid?
+          valid_controller? && valid_params? && mapping.to.respond_to?(:find_with_capturable_params) && mapping.to.method_defined?(:set_capturable_params)
+        end
+
+        def authenticate!
+          klass = mapping.to
+
+          begin
+  
+            token = Devise::Capturable::API.token(params[:code])
+            fail!(:capturable_invalid) unless token['stat'] == 'ok'
+              
+            entity = Devise::Capturable::API.entity(token['access_token'])
+            user = klass.find_with_capturable_params(entity["result"]) 
+
+            unless klass.capturable_auto_create_account?
+              fail!(:capturable_invalid)
+              return
+            end
+            
+            user ||= klass.new
+            user.set_capturable_params(entity["result"])            
+            user.save(:validate => false)
+            success!(user)
+          rescue Exception => e
+            fail!(:capturable_invalid)
+          end
+        end
+        
+        protected
+          
+        def valid_controller?
+          params[:controller].to_s =~ /sessions/
+        end
+
+        def valid_params?
+          params[:code].present?
+        end
+
+      end
+    end
+  end
+end
+

data/lib/devise_capturable/version.rb

@@ -0,0 +1,5 @@
+module Devise
+  module Capturable
+    VERSION = "0.0.5"
+  end
+end

data/lib/devise_capturable/view_helpers.rb

@@ -0,0 +1,20 @@
+unless defined?(ActionView)
+  require 'action_view'
+end
+
+module Devise
+  module Capturable
+    module Helpers
+      
+      include ActionView::Helpers::UrlHelper
+
+      def link_to_capturable(link_text, options={})
+    		options = { :id => "capture_signin_link", :class => "capture_modal_open" }.merge(options)
+        link_to(link_text, "#", options)
+      end
+
+    end
+  end
+end
+
+::ActionView::Base.send :include, Devise::Capturable::Helpers

data/lib/devise_capturable.rb

@@ -0,0 +1,28 @@
+unless defined?(Devise)
+  require 'devise'
+end
+
+require 'devise_capturable/model'
+require 'devise_capturable/strategy'
+Warden::Strategies.add(:capturable, Devise::Capturable::Strategies::Capturable)
+require 'devise_capturable/view_helpers'
+
+module Devise
+	mattr_accessor :capturable_server
+	mattr_accessor :capturable_client_id
+	mattr_accessor :capturable_client_secret
+  mattr_accessor :capturable_auto_create_account
+  @@capturable_auto_create_account = true
+end
+
+I18n.load_path.unshift File.join(File.dirname(__FILE__), *%w[devise_capturable locales en.yml])
+Devise.add_module(:capturable, :strategy => true, :controller => :sessions, :model => 'devise_capturable/model')
+
+module Devise
+	module Capturable
+  	module Rails
+  	  class Engine < ::Rails::Engine
+  	  end
+  	end
+	end
+end

data/rails/init.rb

@@ -0,0 +1 @@
+require 'devise_capturable'

data/spec/api_spec.rb

@@ -0,0 +1,29 @@
+require "spec_helper"
+require File.join(File.dirname(__FILE__), '..', 'lib', 'devise_capturable', 'api')
+
+describe 'Devise::Capturable::API' do
+
+	before(:each) do
+		Devise.stub(:capturable_server).and_return("https://something.dev.janraincapture.com")
+    Devise.stub(:capturable_client_id).and_return("thisis")
+    Devise.stub(:capturable_client_secret).and_return("atest")
+	end
+
+  it "should get token from code" do
+  	Devise::Capturable::API.should_receive(:post).with("https://something.dev.janraincapture.com/oauth/token", :query => {
+        code: "abcdef",
+        redirect_uri: "http://stupidsettings.com",
+        grant_type: 'authorization_code',
+        client_id: "thisis",
+        client_secret: "atest",
+      }).and_return({"yeah" => "Yeah"})
+  	Devise::Capturable::API.token("abcdef")
+  end
+
+  it "should get entity from token" do
+    Devise::Capturable::API.should_receive(:post).with("https://something.dev.janraincapture.com/entity", :headers => { 
+      'Authorization' => "OAuth abcdef" }).and_return({"yeah" => "Yeah"})
+    Devise::Capturable::API.entity("abcdef")
+  end
+
+end

data/spec/spec_helper.rb

@@ -0,0 +1,12 @@
+require 'rspec'
+
+module Devise
+  class Strategies
+    class Base
+    end
+  end
+end
+
+RSpec.configure do |config|
+  config.mock_with :rspec
+end

data/spec/strategy_spec.rb

@@ -0,0 +1,57 @@
+require "spec_helper"
+require "active_support/all"
+require File.join(File.dirname(__FILE__), '..', 'lib', 'devise_capturable', 'strategy')
+
+class User
+end
+
+PARAMS = { :code => "abcdefghijklmn" }
+TOKEN = {"access_token" => "abcdefg", "stat" => "ok"}
+ENTITY = {"result" => { "uuid" => "1234", "email" => "some@email.com" }}
+
+describe 'Devise::Capturable' do
+  
+  before(:each) do
+    @strategy = Devise::Capturable::Strategies::Capturable.new
+    @mapping = mock(:mapping)
+    @mapping.should_receive(:to).and_return(User)
+    @strategy.should_receive(:mapping).and_return(@mapping)
+    @strategy.should_receive(:params).at_least(1).and_return(PARAMS)
+    @user = User.new
+    @user.stub(:set_capturable_params)
+    Devise::Capturable::API.stub(:token).and_return(TOKEN)
+    Devise::Capturable::API.stub(:entity).and_return(ENTITY)
+  end
+  
+  it "should authenticate and set capturable params if a user exists in database" do
+    User.stub(:capturable_auto_create_account?).and_return(true)
+    @user.stub(:save).and_return(true)
+    User.should_receive(:find_with_capturable_params).with(ENTITY["result"]).and_return(@user)
+    @user.should_receive(:set_capturable_params).with(ENTITY["result"]).and_return(true)
+    @strategy.should_receive(:"success!").with(@user).and_return(true)
+    lambda { @strategy.authenticate! }.should_not raise_error
+  end
+    
+  describe 'when no user exists in database' do
+    
+    before(:each) do
+      User.should_receive(:find_with_capturable_params).and_return(nil)
+    end
+              
+    it "should fail unless capturable_auto_create_account" do
+      User.should_receive(:"capturable_auto_create_account?").and_return(false)
+      @strategy.should_receive(:"fail!").with(:capturable_invalid).and_return(true)
+      lambda { @strategy.authenticate! }.should_not raise_error
+    end
+    
+    it "should create a new user and success if capturable_auto_create_account" do
+      User.should_receive(:"capturable_auto_create_account?").and_return(true)
+      User.should_receive(:new).and_return(@user)
+      @user.should_receive(:"set_capturable_params").with(ENTITY["result"]).and_return(true)
+      @user.should_receive(:save).with({ :validate => false }).and_return(true)
+      @strategy.should_receive(:"success!").with(@user).and_return(true)
+      lambda { @strategy.authenticate! }.should_not raise_error
+    end
+  end
+
+end

data/spec/view_helpers_spec.rb

@@ -0,0 +1,15 @@
+require "spec_helper"
+require File.join(File.dirname(__FILE__), '..', 'lib', 'devise_capturable', 'view_helpers')
+
+describe 'View Helpers' do
+
+  it "should generate correct link" do
+    class Testing
+      include Devise::Capturable::Helpers
+    end
+    test = Testing.new
+    link = test.link_to_capturable("Login")
+    link.should == '<a href="#" class="capture_modal_open" id="capture_signin_link">Login</a>'
+  end
+
+end

metadata

@@ -0,0 +1,135 @@
+--- !ruby/object:Gem::Specification
+name: devise_capturable
+version: !ruby/object:Gem::Version
+  version: 0.0.5
+  prerelease: 
+platform: ruby
+authors:
+- Rune Skjoldborg Madsen
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2013-11-26 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: httparty
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: devise
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Devise::Capturable is a gem that makes it possible to use the Janrain
+  Engage user registration widget, while preserving your Devise authentication setup
+  with your custom user model.
+email:
+- rune@runemadsen.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- devise_capturable.gemspec
+- lib/assets/javascripts/devise_capturable.js
+- lib/devise_capturable.rb
+- lib/devise_capturable/api.rb
+- lib/devise_capturable/locales/en.yml
+- lib/devise_capturable/model.rb
+- lib/devise_capturable/strategy.rb
+- lib/devise_capturable/version.rb
+- lib/devise_capturable/view_helpers.rb
+- rails/init.rb
+- spec/api_spec.rb
+- spec/spec_helper.rb
+- spec/strategy_spec.rb
+- spec/view_helpers_spec.rb
+homepage: ''
+licenses: []
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 1.8.24
+signing_key: 
+specification_version: 3
+summary: Janrain Capture for Devise
+test_files:
+- spec/api_spec.rb
+- spec/spec_helper.rb
+- spec/strategy_spec.rb
+- spec/view_helpers_spec.rb
+has_rdoc: