devise_password_sharing_extension 0.0.1

data/lib/devise_password_sharing_extension.rb

@@ -0,0 +1,20 @@
+require 'geoip'
+require 'devise'
+require 'devise_password_sharing_extension/schema'
+require 'devise_password_sharing_extension/rails'
+
+module Devise
+  mattr_accessor :enable_banning
+  @@enable_banning = true
+
+  mattr_accessor :geoip_database
+  @@geoip_database = '/var/tmp/geoip.dat'
+
+  mattr_accessor :time_frame
+  @@time_frame = 2.hour
+
+  mattr_accessor :number_of_cities
+  @@number_of_cities = 10
+end
+
+Devise.add_module(:password_sharing, :model => 'devise_password_sharing_extension/models/password_sharing')

data/lib/devise_password_sharing_extension/hooks/password_sharing.rb

@@ -0,0 +1,12 @@
+Warden::Manager.after_set_user(:except => :fetch) do |record, warden, options|
+  if record.respond_to?(:password_sharing?) && warden.authenticated?(options[:scope])
+    record.create_login_event!(warden.request)
+
+    if record.password_sharing?
+      record.ban_for_password_sharing
+      scope = options[:scope]
+      warden.logout(scope)
+      throw :warden, :scope => scope, :message => 'Account banned for password sharing.'
+    end
+  end
+end

data/lib/devise_password_sharing_extension/models/password_sharing.rb

@@ -0,0 +1,51 @@
+require 'devise_password_sharing_extension/hooks/password_sharing'
+
+module Devise
+  module Models
+    module PasswordSharing
+      extend ActiveSupport::Concern
+
+      module ClassMethods
+        Devise::Models.config(self, :enable_banning)
+        Devise::Models.config(self, :geoip_database)
+        Devise::Models.config(self, :time_frame)
+        Devise::Models.config(self, :number_of_cities)
+        Devise::Models.config(self, :white_listed_ips)
+      end
+
+      included do
+        has_many :login_events
+
+        @@white_listed_ips = YAML::load(File.read(Rails.root.join('config', 'white_listed_ips.yml')))
+      end
+
+      def create_login_event!(request)
+        unless @@white_listed_ips.include?(request.remote_ip)
+          database = GeoIP.new(self.class.geoip_database)
+          if geo = database.city(request.remote_ip)
+            login_events.create!(
+              :ip_address => request.remote_ip,
+              :latitude => geo.latitude,
+              :longitude => geo.longitude,
+              :city => geo.city_name,
+              :country_code => geo.country_code2,
+              :region_name => geo.region_name)
+          end
+        end
+      end
+
+      def ban_for_password_sharing!
+        return unless self.class.enable_banning
+        self.banned_for_password_sharing_at = Time.now
+        save(:validate => false)
+      end
+
+      def password_sharing?
+        return true unless banned_for_password_sharing_at.nil?
+        login_events.grouped_by_city(self.class.time_frame).any? do |g|
+          g.count >= self.class.number_of_cities
+        end
+      end
+    end
+  end
+end

data/lib/devise_password_sharing_extension/rails.rb

@@ -0,0 +1,4 @@
+module DevisePasswordSharingExtension
+  class Engine < ::Rails::Engine
+  end
+end

data/lib/devise_password_sharing_extension/schema.rb

@@ -0,0 +1,9 @@
+module DevisePasswordSharingExtension
+  module Schema
+    def password_sharing
+      apply_devise_schema :banned_for_password_sharing_at, DateTime, :default => false
+    end
+  end
+end
+
+Devise::Schema.send(:include, DevisePasswordSharingExtension::Schema)

data/lib/devise_password_sharing_extension/version.rb

@@ -0,0 +1,3 @@
+module DevisePasswordSharingExtension
+  VERSION = '0.0.1'
+end

data/lib/generators/active_record/devise_password_sharing_extension_generator.rb

@@ -0,0 +1,14 @@
+require 'rails/generators/active_record'
+
+module ActiveRecord
+  module Generators
+    class DevisePasswordSharingExtensionGenerator < ActiveRecord::Generators::Base
+      source_root File.expand_path('../templates', __FILE__)
+
+      def copy_devise_migration
+        migration_template('migration.rb', "db/migrate/devise_password_sharing_add_to_#{table_name}")
+      end
+    end
+  end
+end
+

data/lib/generators/active_record/templates/migration.rb

@@ -0,0 +1,26 @@
+class DevisePasswordSharingAddTo<%= table_name.camelize %> < ActiveRecord::Migration
+  def self.up
+    change_table :<%= table_name %> do |t|
+      t.datetime :banned_for_password_sharing_at, :default => nil
+    end
+
+    create_table :login_events do |t|
+      t.integer :<%= table_name.singularize.underscore %>_id
+      t.string :ip_address
+      t.float :latitude
+      t.float :longitude
+      t.string :city
+      t.string :country_code
+      t.string :region_name
+      t.datetime :created_at
+    end
+  end
+
+  def self.down
+    change_table :<%= table_name %> do |t|
+      t.remove :banned_for_password_sharing_at
+    end
+
+    drop_table :login_events
+  end
+end

data/lib/generators/devise_password_sharing_extension/devise_password_sharing_extension_generator.rb

@@ -0,0 +1,16 @@
+module DevisePasswordSharingExtension
+  module Generators
+    class DevisePasswordSharingExtensionGenerator < Rails::Generators::NamedBase
+      namespace 'devise_password_sharing_extension'
+
+      desc 'Add :password_sharing directive in the given model. Also generate migration for ActiveRecord'
+
+      def inject_devise_password_sharing_content
+        path = File.join('app', 'models', "#{file_path}.rb")
+        inject_into_file(path, 'password_sharing, :', :after => 'devise :') if File.exists?(path)
+      end
+
+      hook_for :orm
+    end
+  end
+end

data/lib/generators/devise_password_sharing_extension/install_generator.rb

@@ -0,0 +1,23 @@
+module DevisePasswordSharingExtension
+  module Generators # :nodoc:
+    # Install Generator
+    class InstallGenerator < Rails::Generators::Base
+      source_root File.expand_path("../templates", __FILE__)
+
+      desc "Install the devise security extension"
+
+      def add_configs
+        inject_into_file "config/initializers/devise.rb", "\n  # ==> Password Sharing Extension\n" +
+        "  # config.enable_banning = true\n" +
+        "  # config.geoip_database = '/var/tmp/geoip.dat'\n" +
+        "  # config.time_frame = 2.hour\n" +
+        "  # config.number_of_cities = 10\n" +
+        "\n", :before => /end[ |\n|]+\Z/
+      end
+
+      def copy_white_listed_ips
+        copy_file("white_listed_ips.yml", "config/white_listed_ips.yml")
+      end
+    end
+  end
+end

data/lib/generators/devise_password_sharing_extension/templates/white_listed_ips.yml

@@ -0,0 +1 @@
+- '127.0.0.1'

data/spec/models/login_event_spec.rb

@@ -0,0 +1,10 @@
+require 'spec_helper'
+
+describe LoginEvent do
+  it { should validate_presence_of(:ip_address) }
+  it { should validate_presence_of(:latitude) }
+  it { should validate_presence_of(:longitude) }
+  it { should validate_presence_of(:city) }
+  it { should validate_presence_of(:country_code) }
+  it { should validate_presence_of(:region_name) }
+end

data/spec/models/password_sharing_spec.rb

@@ -0,0 +1,54 @@
+require 'spec_helper'
+
+describe Devise::Models::PasswordSharing do
+  subject { user_fixture }
+
+  it { should have_many(:login_events) }
+
+  describe "#create_login_event!" do
+    it "creates login event with ip information" do
+      lambda {
+        mock_geo_database
+        subject.create_login_event!(request_fixture)
+      }.should change(LoginEvent, :count).by(1)
+    end
+  end
+
+  describe "#ban_for_password_sharing!" do
+    context "when banning is enabled" do
+      it "sets :banned_for_password_sharing_at to the current time" do
+        subject.ban_for_password_sharing!
+        subject.banned_for_password_sharing_at.should_not be_nil
+      end
+    end
+
+    context "when banning is not enabled" do
+      it "does not ban user" do
+        User.enable_banning = false
+        subject.ban_for_password_sharing!
+        subject.banned_for_password_sharing_at.should be_nil
+      end
+    end
+  end
+
+  describe "#password_sharing?" do
+    context "when there is password sharing" do
+      before do
+        10.times do
+          mock_geo_database(:city => 'Las Vegas')
+          subject.create_login_event!(request_fixture)
+        end
+      end
+
+      it "returns true" do
+        subject.password_sharing?.should be_true
+      end
+    end
+
+    context "when there is no password sharing" do
+      it "returns false" do
+        subject.password_sharing?.should be_false
+      end
+    end
+  end
+end

data/spec/orm/active_record.rb

@@ -0,0 +1,3 @@
+ActiveRecord::Migration.verbose = false
+ActiveRecord::Base.logger = Logger.new(nil)
+ActiveRecord::Migrator.migrate(File.expand_path('../../rails_app/db/migrate/', __FILE__))

data/spec/rails_app/.gitignore

@@ -0,0 +1,5 @@
+.bundle
+db/*.sqlite3
+log/*.log
+tmp/
+.sass-cache/

data/spec/rails_app/app/assets/javascripts/application.js

@@ -0,0 +1,9 @@
+// This is a manifest file that'll be compiled into including all the files listed below.
+// Add new JavaScript/Coffee code in separate files in this directory and they'll automatically
+// be included in the compiled file accessible from http://example.com/assets/application.js
+// It's not advisable to add code directly here, but if you do, it'll appear at the bottom of the
+// the compiled file.
+//
+//= require jquery
+//= require jquery_ujs
+//= require_tree .

data/spec/rails_app/app/assets/stylesheets/application.css

@@ -0,0 +1,7 @@
+/*
+ * This is a manifest file that'll automatically include all the stylesheets available in this directory
+ * and any sub-directories. You're free to add application-wide styles to this file and they'll appear at
+ * the top of the compiled file, but it's generally better to create a new file per style scope.
+ *= require_self
+ *= require_tree . 
+*/

data/spec/rails_app/app/controllers/application_controller.rb

@@ -0,0 +1,3 @@
+class ApplicationController < ActionController::Base
+  protect_from_forgery
+end

data/spec/rails_app/app/controllers/home_controller.rb

@@ -0,0 +1,9 @@
+class HomeController < ApplicationController
+  before_filter :authenticate_user!, :only => [:secure]
+
+  def index
+  end
+
+  def secure
+  end
+end

data/spec/rails_app/app/helpers/application_helper.rb

@@ -0,0 +1,2 @@
+module ApplicationHelper
+end

data/spec/rails_app/app/models/user.rb

@@ -0,0 +1,7 @@
+class User < ActiveRecord::Base
+  devise :database_authenticatable, :password_sharing
+
+  attr_accessible :email, :username, :password, :password_confirmation
+
+  validates :username, :length => { :maximum => 20 }
+end

data/spec/rails_app/app/views/home/index.html.erb

@@ -0,0 +1 @@
+<h1>HomeController#index</h1>

data/spec/rails_app/app/views/home/secure.html.erb

@@ -0,0 +1 @@
+secure

data/spec/rails_app/app/views/layouts/application.html.erb

@@ -0,0 +1,14 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>RailsApp</title>
+  <%= stylesheet_link_tag    "application" %>
+  <%= javascript_include_tag "application" %>
+  <%= csrf_meta_tags %>
+</head>
+<body>
+
+<%= yield %>
+
+</body>
+</html>

data/spec/rails_app/config.ru

@@ -0,0 +1,4 @@
+# This file is used by Rack-based servers to start the application.
+
+require ::File.expand_path('../config/environment',  __FILE__)
+run RailsApp::Application

data/spec/rails_app/config/application.rb

@@ -0,0 +1,19 @@
+require File.expand_path('../boot', __FILE__)
+
+require "action_controller/railtie"
+require "action_mailer/railtie"
+require "active_resource/railtie"
+require "rails/test_unit/railtie"
+require "active_record/railtie"
+
+Bundler.require(:default) if defined?(Bundler)
+
+require "devise"
+require "devise_password_sharing_extension"
+
+module RailsApp
+  class Application < Rails::Application
+    config.filter_parameters << :password
+    config.action_mailer.default_url_options = { :host => "localhost:3000" }
+  end
+end

data/spec/rails_app/config/boot.rb

@@ -0,0 +1,6 @@
+require 'rubygems'
+
+# Set up gems listed in the Gemfile.
+ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../Gemfile', __FILE__)
+
+require 'bundler/setup' if File.exists?(ENV['BUNDLE_GEMFILE'])

data/spec/rails_app/config/database.yml

@@ -0,0 +1,22 @@
+# SQLite version 3.x
+#   gem install sqlite3-ruby (not necessary on OS X Leopard)
+development:
+  adapter: sqlite3
+  database: ":memory:"
+  pool: 5
+  timeout: 5000
+
+# Warning: The database defined as "test" will be erased and
+# re-generated from your development database when you run "rake".
+# Do not set this db to the same as development or production.
+test:
+  adapter: sqlite3
+  database: ":memory:"
+  pool: 5
+  timeout: 5000
+
+production:
+  adapter: sqlite3
+  database: db/production.sqlite3
+  pool: 5
+  timeout: 5000

data/spec/rails_app/config/environment.rb

@@ -0,0 +1,5 @@
+# Load the rails application
+require File.expand_path('../application', __FILE__)
+
+# Initialize the rails application
+RailsApp::Application.initialize!

data/spec/rails_app/config/environments/development.rb

@@ -0,0 +1,30 @@
+RailsApp::Application.configure do
+  # Settings specified here will take precedence over those in config/application.rb
+
+  # In the development environment your application's code is reloaded on
+  # every request.  This slows down response time but is perfect for development
+  # since you don't have to restart the web server when you make code changes.
+  config.cache_classes = false
+
+  # Log error messages when you accidentally call methods on nil.
+  config.whiny_nils = true
+
+  # Show full error reports and disable caching
+  config.consider_all_requests_local       = true
+  config.action_controller.perform_caching = false
+
+  # Don't care if the mailer can't send
+  config.action_mailer.raise_delivery_errors = false
+
+  # Print deprecation notices to the Rails logger
+  config.active_support.deprecation = :log
+
+  # Only use best-standards-support built into browsers
+  config.action_dispatch.best_standards_support = :builtin
+
+  # Do not compress assets
+  config.assets.compress = false
+
+  # Expands the lines which load the assets
+  config.assets.debug = true
+end