devise_revokable 0.0.2

data/.gitignore

@@ -0,0 +1,4 @@
+.bundle
+.document
+*.swp
+pkg

data/Gemfile

@@ -0,0 +1,3 @@
+source :rubygems
+
+gemspec

data/LICENSE

@@ -0,0 +1,20 @@
+Copyright (c) 2011 e9digital
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.rdoc

@@ -0,0 +1,43 @@
+== Devise::Revokable
+
+A module for Devise[http://github.com/plataformatec/devise]
+
+This gem was created by "borrowing" heavily from Devise::Invitable[http://github.com/scambra/devise_invitable]
+
+It exists to extend Devise to provide the basis for what is essentially the reverse of the standard
+<tt>confirmable</tt> module.  Where <tt>confirmable</tt> sends an email and awaits a response, 
+before confirming a new registration, <tt>revokable</tt> allows immediate access and sends an
+email which provides a link to "revoke" the account if it was created fraudulently.
+
+This is useful if you want to lower the barrier to entry to creating accounts, and clearly, if
+account security isn't a concern.
+
+Note that tests are non-existent.  Use freely but at your own risk.
+
+=== Configuring
+
+It works like normal Devise modules.  Add the <tt>:revokable</tt> module to the declaration.
+
+  # in user.rb
+  devise :revokable # plus other devise modules
+
+Additionally, you will need to override <tt>#revoke!</tt> to actually perfom the revocation on your account, which
+is yielded to from the module's method.
+
+  # in user.rb
+  def revoke!
+    super do
+      self.some_method_that_resets_me!
+    end
+  end
+
+That's about the extent of it.  As with typical devise modules you can override the mailers and views with your own.
+Additionally you can define the module accessor <tt>@@mailer</tt> on the module with a proc to handle your mail if you need to.
+This proc is yielded two arguments, the method name (e.g. :revocation_instructions), and the affected resource.
+
+
+  # in config/initializers/devise_revocation.rb
+  require 'devise_revocation'
+  require 'my_mailer'
+
+  DeviseRevocation.mailer = proc {|method_name, resource| MyMailer.send(:method_name, resource) }

data/Rakefile

@@ -0,0 +1,2 @@
+require 'bundler'
+Bundler::GemHelper.install_tasks

data/app/controllers/devise/revocations_controller.rb

@@ -0,0 +1,34 @@
+class Devise::RevocationsController < ApplicationController
+  include Devise::Controllers::InternalHelpers
+
+  # GET /resource/revocation/confirm?revocation_token=abcdef
+  def edit
+    if params[:revocation_token] && self.resource = resource_class.find_by_revocation_token(params[:revocation_token])
+      render_with_scope :edit
+    else
+      set_error_and_redirect
+    end
+  end
+
+  # PUT /resource/revocation
+  def update
+    token = params[resource_name].try(:[], :revocation_token)
+
+    self.resource = resource_class.revoke_by_token(token)
+
+    if resource.errors.empty?
+      set_flash_message :notice, :updated
+      sign_out(self.resource)
+      render_with_scope :edit
+    else
+      set_error_and_redirect
+    end
+  end
+
+  protected
+
+    def set_error_and_redirect
+      set_flash_message(:alert, :revocation_token_invalid)
+      redirect_to after_sign_out_path_for(resource_name)
+    end
+end

data/app/views/devise/mailer/revocation_confirmation.html.erb

@@ -0,0 +1,3 @@
+<p>Hello <%= @resource.email %>!</p>
+
+<p>Your account at <%= root_url %> has been deactivated.</p>

data/app/views/devise/mailer/revocation_instructions.html.erb

@@ -0,0 +1,7 @@
+<p>Hello <%= @resource.email %>!</p>
+
+<p>You (or someone pretending to be you) has created an account at <%= root_url %>.</p>
+
+<p>If you chose to sign up with us, please disregard this email!</p>
+
+<p>However if this is not you, <%= link_to 'click here', confirm_revocation_url(@resource, :revocation_token => @resource.revocation_token) %> to take action.</p>

data/app/views/devise/revocations/_confirm_revoke.html.haml

@@ -0,0 +1,11 @@
+%h2
+  = t(:confirm_revoke_header, :scope => :"devise.revocations")
+
+= form_for resource, :as => resource_name, :url => revocation_path(resource_class), :html => { :method => :put } do |f|
+  = f.hidden_field :revocation_token
+
+  .instructions
+    = t(:confirm_revoke_instructions, :scope => :"devise.revocations")
+
+  .actions
+    = f.submit t(:confirm_revoke_submit, :scope => :"devise.revocations")

data/app/views/devise/revocations/_revoke_confirmed.html.haml

@@ -0,0 +1,5 @@
+%h2
+  = t(:revoke_confirmed_header, :scope => :"devise.revocations")
+
+.instructions
+  = t(:revoke_confirmed_instructions, :scope => :"devise.revocations")

data/app/views/devise/revocations/edit.html.haml

@@ -0,0 +1,4 @@
+- if resource.errors.any? || !resource.revoked?
+  = render 'confirm_revoke'
+- else
+  = render 'revoke_confirmed'

data/config/locales/en.yml

@@ -0,0 +1,10 @@
+en:
+  devise:
+    revocations:
+      updated: 'Your account was reset successfully.'
+      revocation_token_invalid: 'The token provided is not valid, or this account has already been revoked!'
+      revoke_confirmed_header: 'Account Reset Successfully'
+      revoke_confirmed_instructions: "This account has been reset successfully."
+      confirm_revoke_header: 'Are You Sure?'
+      confirm_revoke_instructions: "If you submit this form your account and its credentials will be reset.  Any activity that has taken place on this account will be lost."
+      confirm_revoke_submit: 'Reset this account!'

data/devise_revokable.gemspec

@@ -0,0 +1,22 @@
+# -*- encoding: utf-8 -*-
+$LOAD_PATH.unshift File.expand_path('../lib', __FILE__)
+require 'devise_revokable/version'
+
+Gem::Specification.new do |s|
+  s.name         = "devise_revokable"
+  s.version      = DeviseRevokable::VERSION.dup
+  s.platform     = Gem::Platform::RUBY
+  s.authors      = ["Travis Cox"]
+  s.email        = "travis@e9digital.com"
+  s.homepage     = "https://github.com/e9digital/devise_revokable"
+  s.summary      = "A revocation strategy for Devise"
+  s.description  = File.open('README.rdoc').read rescue ''
+
+  s.files         = `git ls-files`.split("\n")
+  s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
+  s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
+  s.require_paths = ["lib"]
+  
+  s.add_runtime_dependency('rails', '~> 3.0.0')
+  s.add_runtime_dependency('devise', '~> 1.1.5')
+end

data/lib/devise_revokable.rb

@@ -0,0 +1,37 @@
+require 'rails'
+require 'devise'
+require 'devise_revokable/routes'
+require 'devise_revokable/schema'
+require 'devise_revokable/mailer'
+require 'devise_revokable/controllers/url_helpers'
+
+module DeviseRevokable
+  autoload :VERSION, 'devise_revokable/version'
+
+  ##
+  # Allow for another mailer besides Devise
+  #
+  mattr_accessor :mailer
+  @@mailer = nil
+
+  def self.send_mail!(method_name, resource)
+    if @@mailer.respond_to?(:call)
+      @@mailer.call(method_name, resource)
+    else
+      ::Devise.mailer.send(method_name, resource).deliver
+    end
+  end
+
+  class Engine < ::Rails::Engine
+    [:action_controller, :action_view].each do |klass|
+      ActiveSupport.on_load(klass) { include DeviseRevokable::Controllers::UrlHelpers }
+    end
+
+    config.after_initialize do
+      require 'devise/mailer'
+      ::Devise::Mailer.send :include, DeviseRevokable::Mailer
+    end
+  end
+end
+
+Devise.add_module :revokable, :controller => :revocations, :model => 'devise_revokable/model', :route => :revocation

data/lib/devise_revokable/controllers/url_helpers.rb

@@ -0,0 +1,24 @@
+module DeviseRevokable
+  module Controllers
+    module UrlHelpers
+      [:path, :url].each do |path_or_url|
+        [nil, :confirm_].each do |action|
+          class_eval <<-URL_HELPERS, __FILE__, __LINE__ + 1
+            def #{action}revocation_#{path_or_url}(resource, *args)
+              resource = case resource
+                when Symbol, String
+                  resource
+                when Class
+                  resource.name.underscore
+                else
+                  resource.class.name.underscore
+              end
+              
+              send("#{action}\#{resource}_revocation_#{path_or_url}", *args)
+            end
+          URL_HELPERS
+        end
+      end
+    end
+  end
+end

data/lib/devise_revokable/mailer.rb

@@ -0,0 +1,13 @@
+module DeviseRevokable
+  module Mailer
+    
+    # Deliver an invitation email
+    def revocation_instructions(resource)
+      setup_mail(resource, :revocation_instructions)
+    end
+    
+    def revocation_confirmation(resource)
+      setup_mail(resource, :revocation_confirmation)
+    end
+  end
+end

data/lib/devise_revokable/model.rb

@@ -0,0 +1,87 @@
+module Devise
+  module Models
+    module Revokable
+      extend ActiveSupport::Concern
+
+      included do
+        after_create :send_revocation_instructions
+      end
+
+      def revoke!
+        unless_revoked do
+          self.revocation_token = nil
+          self.revoked_at = Time.now.utc
+
+          # NOTE use this yield to perform any reset necessary on the
+          #      account, e.g. reset password, change username, delete content posted
+          yield if block_given?
+
+          send_revocation_confirmation
+
+          save(:validate => false)
+        end
+      end
+
+      def revoked?
+        !!revoked_at
+      end
+
+      def active?
+        not revoked?
+      end
+
+      def inactive_message
+        super
+      end
+
+      protected
+
+        def send_revocation_instructions
+          unless_revoked do
+            generate_revocation_token! if self.revocation_token.nil?
+            DeviseRevokable.send_mail!(:revocation_instructions, self)
+          end
+        end
+
+        def send_revocation_confirmation
+          DeviseRevokable.send_mail!(:revocation_confirmation, self)
+        end
+
+        def unless_revoked
+          unless revoked?
+            yield
+          else
+            self.errors.add(:email, :already_revoked)
+          end
+        end
+       
+        def generate_revocation_token!
+          generate_revocation_token && save(:validate => false)
+        end
+
+        def generate_revocation_token
+          self.revoked_at = nil
+          self.revocation_token = self.class.revocation_token
+        end
+
+      module ClassMethods
+        def send_revocation_instructions(attributes = {})
+          return unless active?
+          revokable = find_or_initialize_with_error_by(:email, attributes[:email], :not_found)
+          revokable.send(:send_revocation_instructions) if revokable.persisted?
+          revokable
+        end
+
+        def revoke_by_token(token)
+          revokable = find_or_initialize_with_error_by(:revocation_token, token, :revocation_token_invalid)
+          revokable.revoke! if revokable.persisted?
+          revokable
+        end
+
+        def revocation_token
+          generate_token(:revocation_token)
+        end
+      end
+    end
+  end
+end

data/lib/devise_revokable/routes.rb

@@ -0,0 +1,10 @@
+module ActionDispatch::Routing
+  class Mapper
+    protected
+      def devise_revocation(mapping, controllers)
+        resource :revocation, :only => :update, :path => mapping.path_names[:revocation], :controller => controllers[:revocations] do
+          get :edit, :path => mapping.path_names[:confirm], :as => :confirm
+        end
+      end
+  end
+end

data/lib/devise_revokable/schema.rb

@@ -0,0 +1,10 @@
+module DeviseRevokable
+  module Schema
+    def revokable
+      apply_devise_schema :revocation_token, String,  :limit => 60
+      apply_devise_schema :revoked_at,       DateTime
+    end
+  end
+end
+
+Devise::Schema.send :include, DeviseRevokable::Schema

data/lib/devise_revokable/version.rb

@@ -0,0 +1,3 @@
+module DeviseRevokable
+  VERSION = '0.0.2'
+end

metadata

@@ -0,0 +1,156 @@
+--- !ruby/object:Gem::Specification 
+name: devise_revokable
+version: !ruby/object:Gem::Version 
+  prerelease: false
+  segments: 
+  - 0
+  - 0
+  - 2
+  version: 0.0.2
+platform: ruby
+authors: 
+- Travis Cox
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2011-03-18 00:00:00 -04:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: rails
+  prerelease: false
+  requirement: &id001 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        segments: 
+        - 3
+        - 0
+        - 0
+        version: 3.0.0
+  type: :runtime
+  version_requirements: *id001
+- !ruby/object:Gem::Dependency 
+  name: devise
+  prerelease: false
+  requirement: &id002 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        segments: 
+        - 1
+        - 1
+        - 5
+        version: 1.1.5
+  type: :runtime
+  version_requirements: *id002
+description: |
+  == Devise::Revokable
+  
+  A module for Devise[http://github.com/plataformatec/devise]
+  
+  This gem was created by "borrowing" heavily from Devise::Invitable[http://github.com/scambra/devise_invitable]
+  
+  It exists to extend Devise to provide the basis for what is essentially the reverse of the standard
+  <tt>confirmable</tt> module.  Where <tt>confirmable</tt> sends an email and awaits a response, 
+  before confirming a new registration, <tt>revokable</tt> allows immediate access and sends an
+  email which provides a link to "revoke" the account if it was created fraudulently.
+  
+  This is useful if you want to lower the barrier to entry to creating accounts, and clearly, if
+  account security isn't a concern.
+  
+  Note that tests are non-existent.  Use freely but at your own risk.
+  
+  === Configuring
+  
+  It works like normal Devise modules.  Add the <tt>:revokable</tt> module to the declaration.
+  
+    # in user.rb
+    devise :revokable # plus other devise modules
+  
+  Additionally, you will need to override <tt>#revoke!</tt> to actually perfom the revocation on your account, which
+  is yielded to from the module's method.
+  
+    # in user.rb
+    def revoke!
+      super do
+        self.some_method_that_resets_me!
+      end
+    end
+  
+  That's about the extent of it.  As with typical devise modules you can override the mailers and views with your own.
+  Additionally you can define the module accessor <tt>@@mailer</tt> on the module with a proc to handle your mail if you need to.
+  This proc is yielded two arguments, the method name (e.g. :revocation_instructions), and the affected resource.
+  
+  
+    # in config/initializers/devise_revocation.rb
+    require 'devise_revocation'
+    require 'my_mailer'
+  
+    DeviseRevocation.mailer = proc {|method_name, resource| MyMailer.send(:method_name, resource) }
+
+email: travis@e9digital.com
+executables: []
+
+extensions: []
+
+extra_rdoc_files: []
+
+files: 
+- .gitignore
+- Gemfile
+- LICENSE
+- README.rdoc
+- Rakefile
+- app/controllers/devise/revocations_controller.rb
+- app/views/devise/mailer/revocation_confirmation.html.erb
+- app/views/devise/mailer/revocation_instructions.html.erb
+- app/views/devise/revocations/_confirm_revoke.html.haml
+- app/views/devise/revocations/_revoke_confirmed.html.haml
+- app/views/devise/revocations/edit.html.haml
+- config/locales/en.yml
+- devise_revokable.gemspec
+- lib/devise_revokable.rb
+- lib/devise_revokable/controllers/url_helpers.rb
+- lib/devise_revokable/mailer.rb
+- lib/devise_revokable/model.rb
+- lib/devise_revokable/routes.rb
+- lib/devise_revokable/schema.rb
+- lib/devise_revokable/version.rb
+has_rdoc: true
+homepage: https://github.com/e9digital/devise_revokable
+licenses: []
+
+post_install_message: 
+rdoc_options: []
+
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      segments: 
+      - 0
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      segments: 
+      - 0
+      version: "0"
+requirements: []
+
+rubyforge_project: 
+rubygems_version: 1.3.7
+signing_key: 
+specification_version: 3
+summary: A revocation strategy for Devise
+test_files: []
+