devise_userbin 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: a9d187a96d8b7b0e8a5b7f8b65b4858d2ce695f6
+  data.tar.gz: 8f0f15fcc67bffedc6f27d122c1d11b28f1a54ce
+SHA512:
+  metadata.gz: 0dda852d3e5db62bac675a4de00e92b7f3a6a2c9b64864261225104e4b790b8d716a09856942b2e408f73778c530b0b1231a1bd27b88f7fc96579f1bb64827bd
+  data.tar.gz: 88dcd33100f805e93197169ddff36bf72eac617b128a5e75efe3373b693c1da60c3d9def12d8e8dee7afc22edf7ec500ca6e388a3e3f84a6e2d61c705f45558c

data/app/controllers/devise/devise_userbin_controller.rb

@@ -0,0 +1,37 @@
+class Devise::DeviseUserbinController < DeviseController
+  include Devise::Controllers::Helpers
+
+  def show
+    self.resource = resource_class.new
+  end
+
+  def update
+    render :show and return if params[:code].nil?
+
+    Devise.mappings.keys.flatten.any? do |scope|
+      begin
+        session["#{scope}_userbin"] =
+          Userbin.verify_code(session["#{scope}_userbin"], params[:code])
+        set_flash_message :notice, :success
+        redirect_to after_sign_in_path_for(scope)
+      rescue Userbin::UserUnauthorizedError => error
+        set_flash_message :alert, :failed
+        self.resource = resource_class.new
+        respond_with_navigational(resource_name) { render :show }
+      rescue Userbin::Forbidden => error
+        sign_out_with_message(:no_retries_remaining, :alert)
+      rescue Userbin::Error => error
+        sign_out_with_message(:alert, :alert)
+      end
+    end
+  end
+
+  protected
+
+  def sign_out_with_message(message, kind = :notice)
+    signed_out = sign_out(resource_name)
+    set_flash_message kind, message if signed_out
+    redirect_to after_sign_out_path_for(resource_name)
+  end
+
+end

data/app/controllers/devise/security_settings_controller.rb

@@ -0,0 +1,8 @@
+class Devise::SecuritySettingsController < DeviseController
+  include Devise::Controllers::Helpers
+
+  def show
+    session_token = session["#{resource_name}_userbin"]
+    redirect_to Userbin.security_page_url(session_token)
+  end
+end

data/app/controllers/devise/two_factor_authentication_controller.rb

@@ -0,0 +1,3 @@
+module Devise
+  class TwoFactorAuthenticationController < DeviseUserbinController; end
+end

data/app/controllers/devise/two_factor_recovery_controller.rb

@@ -0,0 +1,3 @@
+module Devise
+  class TwoFactorRecoveryController < DeviseUserbinController; end
+end

data/app/views/devise/two_factor_authentication/show.html.erb

@@ -0,0 +1,15 @@
+<h2><%= t "devise.two_factor_authentication.show.header" %></h2>
+
+<p><%= t "devise.two_factor_authentication.show.instructions" %></p>
+
+<%= form_tag([resource_name, :two_factor_authentication], :method => :put) do %>
+  <%= devise_error_messages! %>
+  <p><%= label_tag :code, t("devise.two_factor_authentication.show.code_label") %><br />
+  <%= text_field_tag :code %></p>
+  <p><%= submit_tag t("devise.two_factor_authentication.show.submit_button") %></p>
+<% end -%>
+
+<p><%= t "devise.two_factor_authentication.show.recovery_message" %><br />
+<%= link_to t("devise.two_factor_authentication.show.recovery_action"), [resource_name, :two_factor_recovery] %></p>
+
+<%= link_to "Sign out", destroy_session_path(resource_name), :method => Devise.sign_out_via %>

data/app/views/devise/two_factor_recovery/show.html.erb

@@ -0,0 +1,10 @@
+<h2><%= t "devise.two_factor_recovery.show.header" %></h2>
+
+<%= form_tag([resource_name, :two_factor_recovery], :method => :put) do %>
+  <%= devise_error_messages! %>
+  <p><%= label_tag :code, t("devise.two_factor_recovery.show.code_label")%><br />
+  <%= text_field_tag :code %></p>
+  <p><%= submit_tag t("devise.two_factor_recovery.show.submit_button") %></p>
+<% end -%>
+
+<p><%= t "devise.two_factor_recovery.show.message" %></p>

data/lib/devise_userbin.rb

@@ -0,0 +1,31 @@
+require 'active_support/concern'
+require 'devise'
+require 'devise_userbin/hooks'
+require 'devise_userbin/routes'
+require 'devise_userbin/hooks'
+require 'devise_userbin/import'
+require 'userbin'
+
+if defined?(Rails::Railtie)
+  require 'devise_userbin/railtie'
+  Rails::Engine
+end
+
+module Devise
+  mattr_accessor :userbin_api_secret
+  @@userbin_api_secret = ''
+end
+
+module DeviseUserbin
+  module Controllers
+    autoload :Helpers, 'devise_userbin/controllers/helpers'
+  end
+  module Views
+    autoload :Helpers, 'devise_userbin/controllers/view_helpers'
+  end
+end
+
+Devise.add_module(:userbin,
+  :controller => :two_factor_authentication,
+  :route => :userbin,
+  :model  => 'devise_userbin/model')

data/lib/devise_userbin/controllers/helpers.rb

@@ -0,0 +1,41 @@
+module DeviseUserbin
+  module Controllers
+    module Helpers
+      extend ActiveSupport::Concern
+
+      included do
+        before_filter :handle_two_factor_authentication
+      end
+
+      private
+
+      def handle_two_factor_authentication
+        unless devise_controller?
+          Devise.mappings.keys.flatten.any? do |scope|
+            if signed_in?(scope)
+              if Userbin.two_factor_authenticate!(session["#{scope}_userbin"])
+                handle_required_two_factor_authentication(scope)
+              end
+            end
+          end
+        end
+      end
+
+      def handle_required_two_factor_authentication(scope)
+        if request.format.present? and request.format.html?
+          session["#{scope}_return_to"] = request.path if request.get?
+          redirect_to two_factor_authentication_path_for(scope)
+        else
+          render nothing: true, status: :unauthorized
+        end
+      end
+
+      def two_factor_authentication_path_for(resource_or_scope = nil)
+        scope = Devise::Mapping.find_scope!(resource_or_scope)
+        change_path = "#{scope}_two_factor_authentication_path"
+        send(change_path)
+      end
+
+    end
+  end
+end

data/lib/devise_userbin/controllers/view_helpers.rb

@@ -0,0 +1,13 @@
+module DeviseUserbin
+  module Views
+    module Helpers
+
+      def security_page_url(opts = {})
+        scope = opts[:scope] || ::Devise.default_scope
+        session_token = session["#{scope}_userbin"]
+        Userbin.security_page_url(session_token)
+      end
+
+    end
+  end
+end

data/lib/devise_userbin/hooks.rb

@@ -0,0 +1,34 @@
+# Everytime current_<scope> is prepared
+#
+Warden::Manager.after_set_user :only => :fetch do |record, warden, opts|
+  scope = opts[:scope]
+
+  begin
+    session_token = warden.request.session["#{scope}_userbin"]
+
+    session_token =
+      Userbin.authenticate(session_token, record._userbin_id, {
+        properties: {
+          email: record.email
+        },
+        context: {
+          ip: warden.request.ip,
+          user_agent: warden.request.user_agent
+        }
+      })
+
+    warden.request.session["#{scope}_userbin"] = session_token
+
+  rescue Userbin::Error => error
+    warden.logout(scope)
+    throw :warden, :scope => scope, :message => :timeout
+  end
+
+end
+
+Warden::Manager.before_logout do |record, warden, opts|
+  begin
+    session_token = warden.request.session.delete("#{opts[:scope]}_userbin")
+    Userbin.deauthenticate(session_token)
+  rescue Userbin::Error; end
+end

data/lib/devise_userbin/import.rb

@@ -0,0 +1,85 @@
+module DeviseUserbin
+  class ImportError < Exception; end
+
+  class Import
+    attr_reader :resource_class, :batch_size
+
+    def initialize(options = {})
+      begin
+        @resource_class = eval(options[:resource_class])
+      rescue NameError
+        raise ImportError, "No such class: #{options[:resource_class]}"
+      end
+
+      unless supported_orm?
+        raise ImportError, "Only ActiveRecord and Mongoid models are supported"
+      end
+
+      unless Userbin.config.api_secret.present?
+        raise ImportError, "Please add an Userbin API secret to your devise.rb"
+      end
+
+      @batch_size = [(options[:batch_size] || 100), 100].min
+    end
+
+    def self.run(*args)
+      new(*args).run
+    end
+
+    def run
+      batches do |batch, resources|
+        begin
+          users = Userbin::User.import(users: batch)
+        rescue Userbin::Error => error
+          raise ImportError, error.message
+        end
+
+        users.zip(resources).each do |user, resource|
+          resource.userbin_id = user.id
+          resource.save(validate: false)
+        end
+      end
+    end
+
+    def batches
+      if active_record?
+        resource_class.where("userbin_id IS NULL").find_in_batches(:batch_size => batch_size) do |resources|
+          resources_for_wire = map_resources_to_userbin_format(resources)
+          yield(resources_for_wire, resources) unless resources.count.zero?
+        end
+      elsif mongoid?
+        0.step(resource_class.where(:userbin_id => nil).count, batch_size) do |offset|
+          resources_for_wire = map_resources_to_userbin_format(resource_class.limit(batch_size).skip(offset))
+          yield(resources_for_wire, resources) unless resources.count.zero?
+        end
+      end
+    end
+
+    def map_resources_to_userbin_format(resources)
+      resources.map do |resource|
+        format = {}
+        format[:email] = resource.email unless resource.email.blank?
+        format[:id] = resource._userbin_id
+        format[:created_at] = resource.created_at if resource.respond_to? :created_at
+        format
+      end.compact
+    end
+
+    def prepare_batch(batch)
+      { :users => batch }.to_json
+    end
+
+    def active_record?
+      (defined?(ActiveRecord::Base) && (resource_class < ActiveRecord::Base))
+    end
+
+    def mongoid?
+      (defined?(Mongoid::Document) && (resource_class < Mongoid::Document))
+    end
+
+    def supported_orm?
+      active_record? || mongoid?
+    end
+
+  end
+end

data/lib/devise_userbin/model.rb

@@ -0,0 +1,53 @@
+module Devise
+  module Models
+    module Userbin
+      extend ActiveSupport::Concern
+
+      ::Userbin.api_secret = Devise.userbin_api_secret
+
+      included do
+        before_destroy :destroy_userbin_user
+
+        def destroy_userbin_user
+          userbin_user_block do
+            ::Userbin::User.destroy_existing(id)
+          end
+        end
+
+        def userbin_user_block
+          begin
+            yield
+          rescue ::Userbin::Error => error
+            self.errors[:base] << error.to_s
+            false
+          end
+        end
+
+        # Override this in your Devise model to use a custom identifier
+        # for the Userbin API:s
+        def userbin_id
+          id
+        end
+
+        # Since the identifier will be used in API routes, it needs to be
+        # URI encoded
+        def _userbin_id
+          URI.encode(userbin_id.to_s)
+        end
+      end
+
+      # Overwrites valid_for_authentication? from Devise::Models::Authenticatable
+      # for verifying whether a user is allowed to sign in or not.
+      def valid_for_authentication?
+        return super unless persisted?
+
+        if super
+          true
+        else
+          # TODO: track unsuccessful login
+          false
+        end
+      end
+    end
+  end
+end

data/lib/devise_userbin/railtie.rb

@@ -0,0 +1,10 @@
+module DeviseUserbin
+  class Engine < ::Rails::Engine
+    ActiveSupport.on_load(:action_controller) do
+      include DeviseUserbin::Controllers::Helpers
+    end
+    ActiveSupport.on_load(:action_view) do
+      include DeviseUserbin::Views::Helpers
+    end
+  end
+end

data/lib/devise_userbin/routes.rb

@@ -0,0 +1,13 @@
+module ActionDispatch::Routing
+  class Mapper
+    protected
+
+    def devise_userbin(mapping, controllers)
+      resource :two_factor_authentication, :only => [:show, :update], :path => mapping.path_names[:two_factor_authentication], :controller => controllers[:two_factor_authentication]
+
+      resource :two_factor_recovery, :only => [:show, :update], :path => mapping.path_names[:two_factor_recovery], :controller => controllers[:two_factor_recovery]
+
+      resource :security_settings, :only => [:show], :path => mapping.path_names[:security_settings], :controller => controllers[:security_settings]
+    end
+  end
+end

data/lib/devise_userbin/version.rb

@@ -0,0 +1,3 @@
+module DeviseUserbin
+  VERSION = "0.1.0".freeze
+end

data/lib/generators/active_record/devise_userbin_generator.rb

@@ -0,0 +1,14 @@
+require 'rails/generators/active_record'
+
+module ActiveRecord
+  module Generators
+    class DeviseUserbinGenerator < ActiveRecord::Generators::Base
+      source_root File.expand_path("../templates", __FILE__)
+
+      def copy_devise_userbin_migration
+        migration_template "migration.rb", "db/migrate/add_userbin_to_#{table_name}.rb"
+      end
+
+    end
+  end
+end

data/lib/generators/active_record/templates/migration.rb

@@ -0,0 +1,13 @@
+class AddUserbinTo<%= table_name.camelize %> < ActiveRecord::Migration
+  def up
+    change_table :<%= table_name %> do |t|
+      t.string   :userbin_id
+    end
+
+    add_index :<%= table_name %>, :userbin_id, :unique => true
+  end
+
+  def down
+    remove_column :<%= table_name %>, :userbin_id
+  end
+end

data/lib/generators/devise_userbin/devise_userbin_generator.rb

@@ -0,0 +1,18 @@
+module DeviseUserbin
+  module Generators
+    class DeviseUserbinGenerator < Rails::Generators::NamedBase
+      namespace "devise_userbin"
+
+      desc "Add :userbin directive in the given model. Also generate migration for ActiveRecord"
+
+      def inject_devise_userbin_content
+        path = File.join("app", "models", "#{file_path}.rb")
+        if File.exists?(path)
+          inject_into_file(path, "userbin, :", :after => "devise :")
+        end
+      end
+
+      hook_for :orm
+    end
+  end
+end

data/lib/generators/devise_userbin/import_generator.rb

@@ -0,0 +1,12 @@
+module DeviseUserbin
+  module Generators
+    class ImportGenerator < Rails::Generators::NamedBase
+      desc "Import users to Userbin"
+
+      def import_users_to_userbin
+        Import.run(resource_class: class_name)
+      end
+
+    end
+  end
+end

data/lib/generators/devise_userbin/install_generator.rb

@@ -0,0 +1,32 @@
+module DeviseUserbin
+  module Generators
+    class InstallGenerator < Rails::Generators::Base
+      source_root File.expand_path("../../templates", __FILE__)
+      desc "Add DeviseUserbin config variables to the Devise initializer"
+      argument :api_secret, :desc => "Your Userbin API secret, which can be found on your Userbin dashboard."
+
+      def add_config_options_to_initializer
+        devise_initializer_path = "config/initializers/devise.rb"
+        if File.exist?(devise_initializer_path)
+          old_content = File.read(devise_initializer_path)
+
+          if old_content.match(Regexp.new(/^\s*# ==> Configuration for :userbin\n/))
+            false
+          else
+            inject_into_file(devise_initializer_path, :before => "  # ==> Mailer Configuration\n") do
+<<-CONTENT
+  # ==> Configuration for :userbin
+  config.userbin_api_secret = '#{api_secret}'
+
+CONTENT
+            end
+          end
+        end
+      end
+
+      def copy_locale
+        copy_file "../../../config/locales/en.yml", "config/locales/devise_userbin.en.yml"
+      end
+    end
+  end
+end

data/lib/generators/devise_userbin/views_generator.rb

@@ -0,0 +1,19 @@
+require 'generators/devise/views_generator'
+
+module DeviseUserbin
+  module Generators
+    class ViewsGenerator < Rails::Generators::Base
+      desc 'Copies all DeviseUserbin views to your application.'
+
+      argument :scope, :required => false, :default => nil,
+                       :desc => "The scope to copy views to"
+
+      include ::Devise::Generators::ViewPathTemplates
+      source_root File.expand_path("../../../../app/views/devise", __FILE__)
+      def copy_views
+        view_directory :two_factor_authentication
+        view_directory :two_factor_recovery
+      end
+    end
+  end
+end

data/lib/generators/mongoid/devise_userbin_generator.rb

@@ -0,0 +1,8 @@
+require 'generators/devise/orm_helpers'
+
+module Mongoid
+  module Generators
+    class DeviseUserbinGenerator < Rails::Generators::NamedBase
+    end
+  end
+end

metadata

@@ -0,0 +1,136 @@
+--- !ruby/object:Gem::Specification
+name: devise_userbin
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Johan Brissmyr
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2014-05-12 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: devise
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: userbin
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.0.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.0.1
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.1.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.1.0
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.9'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.9'
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '3.1'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '3.1'
+description: Devise extension for Userbin. Secure your application with multi-factor
+  authentication, user activity monitoring, and real-time threat protection.
+email: johan@userbin.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- app/controllers/devise/devise_userbin_controller.rb
+- app/controllers/devise/security_settings_controller.rb
+- app/controllers/devise/two_factor_authentication_controller.rb
+- app/controllers/devise/two_factor_recovery_controller.rb
+- app/views/devise/two_factor_authentication/show.html.erb
+- app/views/devise/two_factor_recovery/show.html.erb
+- lib/devise_userbin.rb
+- lib/devise_userbin/controllers/helpers.rb
+- lib/devise_userbin/controllers/view_helpers.rb
+- lib/devise_userbin/hooks.rb
+- lib/devise_userbin/import.rb
+- lib/devise_userbin/model.rb
+- lib/devise_userbin/railtie.rb
+- lib/devise_userbin/routes.rb
+- lib/devise_userbin/version.rb
+- lib/generators/active_record/devise_userbin_generator.rb
+- lib/generators/active_record/templates/migration.rb
+- lib/generators/devise_userbin/devise_userbin_generator.rb
+- lib/generators/devise_userbin/import_generator.rb
+- lib/generators/devise_userbin/install_generator.rb
+- lib/generators/devise_userbin/views_generator.rb
+- lib/generators/mongoid/devise_userbin_generator.rb
+homepage: https://github.com/userbin/devise_userbin
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.2.2
+signing_key: 
+specification_version: 4
+summary: Devise extension for Userbin
+test_files: []