devise_wind 0.1.0

data/app/controllers/sessions_controller.rb

@@ -0,0 +1,7 @@
+class SessionsController < Devise::SessionsController
+  protect_from_forgery
+  def new
+    create
+    redirect_to root_path
+  end
+end

data/app/helpers/application_helper.rb

@@ -0,0 +1,2 @@
+module ApplicationHelper
+end

data/app/models/role.rb

@@ -0,0 +1,3 @@
+class Role < ActiveRecord::Base
+  has_and_belongs_to_many :users
+end

data/app/models/user.rb

@@ -0,0 +1,5 @@
+class User
+  devise :wind_authenticatable
+  
+  has_and_belongs_to_many :roles
+end

data/app/views/sessions/new.html.erb

@@ -0,0 +1 @@
+We shouldn't ever be here.

data/config/initializers/devise.rb

@@ -0,0 +1,211 @@
+# Use this hook to configure devise mailer, warden hooks and so forth.
+# Many of these configuration options can be set straight in your model.
+Devise.setup do |config|
+  # ==> Mailer Configuration
+  # Configure the e-mail address which will be shown in Devise::Mailer,
+  # note that it will be overwritten if you use your own mailer class with default "from" parameter.
+  config.mailer_sender = "please-change-me-at-config-initializers-devise@example.com"
+
+  # Configure the class responsible to send e-mails.
+  # config.mailer = "Devise::Mailer"
+
+  # ==> ORM configuration
+  # Load and configure the ORM. Supports :active_record (default) and
+  # :mongoid (bson_ext recommended) by default. Other ORMs may be
+  # available as additional gems.
+  require 'devise/orm/active_record'
+
+  # ==> Configuration for any authentication mechanism
+  # Configure which keys are used when authenticating a user. The default is
+  # just :email. You can configure it to use [:username, :subdomain], so for
+  # authenticating a user, both parameters are required. Remember that those
+  # parameters are used only when authenticating and not when retrieving from
+  # session. If you need permissions, you should implement that in a before filter.
+  # You can also supply a hash where the value is a boolean determining whether
+  # or not authentication should be aborted when the value is not present.
+  # config.authentication_keys = [ :email ]
+  config.authentication_keys = [ :login ]
+
+  # Configure parameters from the request object used for authentication. Each entry
+  # given should be a request method and it will automatically be passed to the
+  # find_for_authentication method and considered in your model lookup. For instance,
+  # if you set :request_keys to [:subdomain], :subdomain will be used on authentication.
+  # The same considerations mentioned for authentication_keys also apply to request_keys.
+  # config.request_keys = []
+
+  # Configure which authentication keys should be case-insensitive.
+  # These keys will be downcased upon creating or modifying a user and when used
+  # to authenticate or find a user. Default is :email.
+  config.case_insensitive_keys = [ :email ]
+
+  # Configure which authentication keys should have whitespace stripped.
+  # These keys will have whitespace before and after removed upon creating or
+  # modifying a user and when used to authenticate or find a user. Default is :email.
+  config.strip_whitespace_keys = [ :email ]
+
+  # Tell if authentication through request.params is enabled. True by default.
+  # config.params_authenticatable = true
+
+  # Tell if authentication through HTTP Basic Auth is enabled. False by default.
+  # config.http_authenticatable = false
+
+  # If http headers should be returned for AJAX requests. True by default.
+  # config.http_authenticatable_on_xhr = true
+
+  # The realm used in Http Basic Authentication. "Application" by default.
+  # config.http_authentication_realm = "Application"
+
+  # It will change confirmation, password recovery and other workflows
+  # to behave the same regardless if the e-mail provided was right or wrong.
+  # Does not affect registerable.
+  # config.paranoid = true
+
+  # ==> Configuration for :database_authenticatable
+  # For bcrypt, this is the cost for hashing the password and defaults to 10. If
+  # using other encryptors, it sets how many times you want the password re-encrypted.
+  #
+  # Limiting the stretches to just one in testing will increase the performance of
+  # your test suite dramatically. However, it is STRONGLY RECOMMENDED to not use
+  # a value less than 10 in other environments.
+  config.stretches = 20
+
+  # Setup a pepper to generate the encrypted password.
+  # config.pepper = "82a9c0e7569255f2c12a5ea52cbc6f9e6e8ab72c94583d60622f7bd49f9f509dfc2c9902654d67a4d1bdb3d604680576c26e1de6b283f6bbd33cedab0b722222"
+
+  # ==> Configuration for :confirmable
+  # A period that the user is allowed to access the website even without
+  # confirming his account. For instance, if set to 2.days, the user will be
+  # able to access the website for two days without confirming his account,
+  # access will be blocked just in the third day. Default is 0.days, meaning
+  # the user cannot access the website without confirming his account.
+  # config.confirm_within = 2.days
+
+  # Defines which key will be used when confirming an account
+  # config.confirmation_keys = [ :email ]
+
+  # ==> Configuration for :rememberable
+  # The time the user will be remembered without asking for credentials again.
+  # config.remember_for = 2.weeks
+
+  # If true, a valid remember token can be re-used between multiple browsers.
+  # config.remember_across_browsers = true
+
+  # If true, extends the user's remember period when remembered via cookie.
+  # config.extend_remember_period = false
+
+  # If true, uses the password salt as remember token. This should be turned
+  # to false if you are not using database authenticatable.
+  config.use_salt_as_remember_token = true
+
+  # Options to be passed to the created cookie. For instance, you can set
+  # :secure => true in order to force SSL only cookies.
+  # config.cookie_options = {}
+
+  # ==> Configuration for :validatable
+  # Range for password length. Default is 6..128.
+  # config.password_length = 6..128
+
+  # Email regex used to validate email formats. It simply asserts that
+  # an one (and only one) @ exists in the given string. This is mainly
+  # to give user feedback and not to assert the e-mail validity.
+  # config.email_regexp = /\A[^@]+@[^@]+\z/
+
+  # ==> Configuration for :timeoutable
+  # The time you want to timeout the user session without activity. After this
+  # time the user will be asked for credentials again. Default is 30 minutes.
+  # config.timeout_in = 30.minutes
+
+  # ==> Configuration for :lockable
+  # Defines which strategy will be used to lock an account.
+  # :failed_attempts = Locks an account after a number of failed attempts to sign in.
+  # :none            = No lock strategy. You should handle locking by yourself.
+  # config.lock_strategy = :failed_attempts
+
+  # Defines which key will be used when locking and unlocking an account
+  # config.unlock_keys = [ :email ]
+
+  # Defines which strategy will be used to unlock an account.
+  # :email = Sends an unlock link to the user email
+  # :time  = Re-enables login after a certain amount of time (see :unlock_in below)
+  # :both  = Enables both strategies
+  # :none  = No unlock strategy. You should handle unlocking by yourself.
+  # config.unlock_strategy = :both
+
+  # Number of authentication tries before locking an account if lock_strategy
+  # is failed attempts.
+  # config.maximum_attempts = 20
+
+  # Time interval to unlock the account if :time is enabled as unlock_strategy.
+  # config.unlock_in = 1.hour
+
+  # ==> Configuration for :recoverable
+  #
+  # Defines which key will be used when recovering the password for an account
+  # config.reset_password_keys = [ :email ]
+
+  # Time interval you can reset your password with a reset password key.
+  # Don't put a too small interval or your users won't have the time to
+  # change their passwords.
+  config.reset_password_within = 2.hours
+
+  # ==> Configuration for :encryptable
+  # Allow you to use another encryption algorithm besides bcrypt (default). You can use
+  # :sha1, :sha512 or encryptors from others authentication tools as :clearance_sha1,
+  # :authlogic_sha512 (then you should set stretches above to 20 for default behavior)
+  # and :restful_authentication_sha1 (then you should set stretches to 10, and copy
+  # REST_AUTH_SITE_KEY to pepper)
+  # config.encryptor = :sha512
+  config.encryptor = :authlogic_sha512
+
+  # ==> Configuration for :token_authenticatable
+  # Defines name of the authentication token params key
+  # config.token_authentication_key = :auth_token
+
+  # If true, authentication through token does not store user in session and needs
+  # to be supplied on each request. Useful if you are using the token as API token.
+  # config.stateless_token = false
+
+  # ==> Scopes configuration
+  # Turn scoped views on. Before rendering "sessions/new", it will first check for
+  # "users/sessions/new". It's turned off by default because it's slower if you
+  # are using only default views.
+  # config.scoped_views = false
+
+  # Configure the default scope given to Warden. By default it's the first
+  # devise role declared in your routes (usually :user).
+  # config.default_scope = :user
+
+  # Configure sign_out behavior.
+  # Sign_out action can be scoped (i.e. /users/sign_out affects only :user scope).
+  # The default is true, which means any logout action will sign out all active scopes.
+  # config.sign_out_all_scopes = true
+
+  # ==> Navigation configuration
+  # Lists the formats that should be treated as navigational. Formats like
+  # :html, should redirect to the sign in page when the user does not have
+  # access, but formats like :xml or :json, should return 401.
+  #
+  # If you have any extra navigational formats, like :iphone or :mobile, you
+  # should add them to the navigational formats lists.
+  #
+  # The :"*/*" and "*/*" formats below is required to match Internet
+  # Explorer requests.
+  # config.navigational_formats = [:"*/*", "*/*", :html]
+
+  # The default HTTP method used to sign out a resource. Default is :delete.
+  config.sign_out_via = :get
+
+  # ==> OmniAuth
+  # Add a new OmniAuth provider. Check the wiki for more information on setting
+  # up on your models and hooks.
+  # config.omniauth :github, 'APP_ID', 'APP_SECRET', :scope => 'user,public_repo'
+
+  # ==> Warden configuration
+  # If you want to use other strategies, that are not supported by Devise, or
+  # change the failure app, you can configure them inside the config.warden block.
+  #
+  # config.warden do |manager|
+  #   manager.intercept_401 = false
+  #   manager.default_strategies(:scope => :user).unshift :some_external_strategy
+  # end
+end

data/config/locales/devise.en.yml

@@ -0,0 +1,58 @@
+# Additional translations at https://github.com/plataformatec/devise/wiki/I18n
+
+en:
+  errors:
+    messages:
+      expired: "has expired, please request a new one"
+      not_found: "not found"
+      already_confirmed: "was already confirmed, please try signing in"
+      not_locked: "was not locked"
+      not_saved:
+        one: "1 error prohibited this %{resource} from being saved:"
+        other: "%{count} errors prohibited this %{resource} from being saved:"
+
+  devise:
+    failure:
+      already_authenticated: 'You are already signed in.'
+      unauthenticated: 'You need to sign in or sign up before continuing.'
+      unconfirmed: 'You have to confirm your account before continuing.'
+      locked: 'Your account is locked.'
+      invalid: 'Invalid email or password.'
+      invalid_token: 'Invalid authentication token.'
+      timeout: 'Your session expired, please sign in again to continue.'
+      inactive: 'Your account was not activated yet.'
+    sessions:
+      signed_in: 'Signed in successfully.'
+      signed_out: 'Signed out successfully.'
+    passwords:
+      send_instructions: 'You will receive an email with instructions about how to reset your password in a few minutes.'
+      updated: 'Your password was changed successfully. You are now signed in.'
+      updated_not_active: 'Your password was changed successfully.'
+      send_paranoid_instructions: "If your e-mail exists on our database, you will receive a password recovery link on your e-mail"
+    confirmations:
+      send_instructions: 'You will receive an email with instructions about how to confirm your account in a few minutes.'
+      send_paranoid_instructions: 'If your e-mail exists on our database, you will receive an email with instructions about how to confirm your account in a few minutes.'
+      confirmed: 'Your account was successfully confirmed. You are now signed in.'
+    registrations:
+      signed_up: 'Welcome! You have signed up successfully.'
+      inactive_signed_up: 'You have signed up successfully. However, we could not sign you in because your account is %{reason}.'
+      updated: 'You updated your account successfully.'
+      destroyed: 'Bye! Your account was successfully cancelled. We hope to see you again soon.'
+      reasons:
+        inactive: 'inactive'
+        unconfirmed: 'unconfirmed'
+        locked: 'locked'
+    unlocks:
+      send_instructions: 'You will receive an email with instructions about how to unlock your account in a few minutes.'
+      unlocked: 'Your account was successfully unlocked. You are now signed in.'
+      send_paranoid_instructions: 'If your account exists, you will receive an email with instructions about how to unlock it in a few minutes.'
+    omniauth_callbacks:
+      success: 'Successfully authorized from %{kind} account.'
+      failure: 'Could not authorize you from %{kind} because "%{reason}".'
+    mailer:
+      confirmation_instructions:
+        subject: 'Confirmation instructions'
+      reset_password_instructions:
+        subject: 'Reset password instructions'
+      unlock_instructions:
+        subject: 'Unlock Instructions'

data/config/locales/en.yml

@@ -0,0 +1,5 @@
+# Sample localization file for English. Add more files in this directory for other locales.
+# See http://github.com/svenfuchs/rails-i18n/tree/master/rails%2Flocale for starting points.
+
+en:
+  hello: "Hello world"

data/config/routes.rb

@@ -0,0 +1,3 @@
+Rails.application.routes.draw do
+  # devise_for :users, :controllers => {:sessions => 'sessions'}
+end

data/lib/devise_wind.rb

@@ -0,0 +1,19 @@
+require 'devise'
+
+require 'devise_wind/engine'
+require 'devise_wind/mixins/urls'
+require 'devise_wind/model'
+require 'devise_wind/schema'
+require 'devise_wind/strategy'
+require 'devise_wind/version'
+module DeviseWind
+  def self.add_routes(router, options={})
+    router.devise_for :users, :controllers => {:sessions => 'sessions'}
+  end
+end
+
+Devise.add_module :wind_authenticatable,
+  :strategy => true,
+  :model => 'devise_wind/model',
+  :controller => :sessions,
+  :route => :session

data/lib/devise_wind/controllers/sessions.rb

@@ -0,0 +1,40 @@
+module DeviseWind::Controllers::Sessions
+
+  def authenticating_with_wind?
+    # Controller isn't available in all contexts (e.g. irb)
+    return false unless session_class.controller
+    
+    # Initial request when user presses one of the button helpers
+    (session_class.controller.params && !session_class.controller.params[:login_with_wind].blank?) ||
+    # When the oauth provider responds and we made the initial request
+    (defined?(wind_response) && wind_response && session_class.controller.session && session_class.controller.session[:wind_request_class] == self.class.name)
+  end
+  
+  def validate_password_with_wind?
+    !using_wind? && require_password?
+  end
+
+  def using_wind?
+    !wind_login.blank?
+  end
+
+  def generate_verified_login
+    validate_path = "/validate?ticketid=#{wind_controller.params['ticketid']}"
+    wind_validate = Net::HTTP.new("wind.columbia.edu",443)
+    wind_validate.use_ssl = true
+    wind_validate.start
+    wind_resp = wind_validate.get(validate_path)
+    wind_validate.finish
+    #puts wind_resp.body
+    authdoc = Nokogiri::XML(wind_resp.body)
+    ns = {'wind'=>'http://www.columbia.edu/acis/rad/authmethods/wind'}
+    _user = authdoc.xpath('//wind:authenticationSuccess/wind:user', ns)
+    wind_data = nil
+    if _user.length > 0
+      wind_data = {}
+      wind_data[:uni] =  _user[0].content
+      wind_data[:affils] = authdoc.xpath('//wind:authenticationSuccess/wind:affiliations/wind:affil',ns).collect {|x| x.content}
+    end
+    wind_data
+  end
+end

data/lib/devise_wind/controllers/users.rb

@@ -0,0 +1,26 @@
+module DeviseWind::Controllers::Users
+  before_filter :verify_user, :only => :show # can't show without a logged in user
+  
+  def show
+  end
+  
+  def new
+    @user ||= User.new(params[:user])
+  end
+  
+  def create
+    @user ||= User.new(params[:user])
+    if @user.save
+      flash[:notice] = "Welcome #{@user.login}"
+      redirect_to user_path(@user.id)
+    else
+      render :action => "new"
+    end    
+  end
+        
+  protected
+  def verify_user
+    flash[:notice] = "Please log in to view your profile." and raise Blacklight::Exceptions::AccessDenied  unless current_user
+  end
+
+end

data/lib/devise_wind/engine.rb

@@ -0,0 +1,4 @@
+module DeviseWind
+  class Engine < Rails::Engine
+  end
+end

data/lib/devise_wind/mixins/urls.rb

@@ -0,0 +1,40 @@
+module Warden::Mixins
+  module Urls
+    def sanitize_query_string
+      query_hash = env["rack.request.query_hash"]
+      query_hash.delete("_method")
+      query_hash.delete_if do |key, value|
+        key =~ /^openid\./
+      end
+
+      env["QUERY_STRING"] = env["rack.request.query_string"] =
+        Rack::Utils.build_query(env["rack.request.query_hash"])
+
+      qs = env["QUERY_STRING"]
+      request_uri = (env["PATH_INFO"] || "").dup
+      request_uri << "?" + qs unless qs == ""
+      env["REQUEST_URI"] = request_uri
+    end
+
+    def realm_url
+      url = request.scheme + "://"
+      url << request.host
+
+      scheme, port = request.scheme, request.port
+      if scheme == "https" && port != 443 ||
+          scheme == "http" && port != 80
+        url << ":#{port}"
+      end
+
+      url
+    end
+
+    def request_url
+      url = realm_url
+      url << request.script_name
+      url << request.path_info
+      url << "?#{request.query_string}" if request.query_string.to_s.length > 0
+      url
+    end
+  end
+end

data/lib/devise_wind/model.rb

@@ -0,0 +1,92 @@
+module Devise
+  module Models
+    module WindAuthenticatable
+      extend ActiveSupport::Concern
+      
+      included do
+        @wind_config = {}
+      end
+      
+      module InstanceMethods
+        def affiliations=(affils)
+          # do nothing with affiliations by default, let implementers override this
+        end
+        
+        def wind_login
+          self.send self.class.wind_login_field
+        end
+        
+      end # InstanceMethods
+
+      module ClassMethods
+        # The name of the wind login field in the database.
+        #
+        # * <tt>Default:</tt> :wind_login, :login, or :username, if they exist
+        # * <tt>Accepts:</tt> Symbol
+        def wind_login_field(value = nil)
+          configure_property(:wind_login_field, value, first_column_to_exist(nil, :wind_login, :login, :username))
+        end
+        alias_method :wind_login_field=, :wind_login_field
+
+        def wind_service(value=nil)
+          configure_property(:wind_service, value)
+        end
+        alias_method :wind_service=, :wind_login_field
+        
+        def wind_host(value=nil)
+          configure_property(:wind_host, value)
+        end
+        alias_method :wind_host=, :wind_host
+        # Whether or not to validate the wind_login field. If set to false ALL wind validation will need to be
+        # handled by you.
+        #
+        # * <tt>Default:</tt> true
+        # * <tt>Accepts:</tt> Boolean
+        def validate_wind_login(value = true)
+          self.validates wind_login_field, :presence => value
+        end
+        alias_method :validate_wind_login=, :validate_wind_login
+
+        def find_by_wind_login_field(login)
+          # we should create a user here if login was valid but record is missing?
+          self.send( ("find_by_" + wind_login_field.to_s).to_sym, login )
+        end
+
+        def find_or_create_by_wind_login_field(login)
+          # we should create a user here if login was valid but record is missing
+          mname = ("find_or_create_by_" + wind_login_field.to_s)
+          logger.debug "#{self.name}.#{mname}(#{login})"
+          self.send mname.to_sym, login
+        end
+
+        private
+          def configure_property(prop, value=nil, default=nil)
+            value ||= default
+            if value
+              @wind_config[prop] = value
+            else
+              @wind_config[prop]
+            end
+          end
+          # shamelessly riped from authlogic
+          def db_setup?
+            begin
+              column_names
+              true
+            rescue Exception
+              false
+            end
+          end
+          
+          def first_column_to_exist(*columns_to_check)
+            if db_setup?
+              columns_to_check.each { |column_name| return column_name.to_sym if column_names.include?(column_name.to_s) }
+            end
+            columns_to_check.first && columns_to_check.first.to_sym
+          end  
+
+      end # ClassMethods
+      
+    end # WindAuthenticatable
+  end # Models
+end # Devise

data/lib/devise_wind/schema.rb

@@ -0,0 +1,5 @@
+Devise::Schema.class_eval do
+  def wind_authenticatable
+    # do some stuff
+  end
+end

data/lib/devise_wind/strategy.rb

@@ -0,0 +1,108 @@
+class Devise::Strategies::WindAuthenticatable < Devise::Strategies::Authenticatable
+  include Warden::Mixins::Urls
+  # :stopdoc:
+
+  HTTP_METHODS = %w(GET HEAD PUT POST DELETE OPTIONS)
+
+  RESPONSE = "rack.wind.response"
+  AUTHENTICATE_HEADER = "WWW-Authenticate"
+  AUTHENTICATE_REGEXP = /^Wind/
+
+  URL_FIELD_SELECTOR = lambda { |field| field.to_s =~ %r{^https?://} }
+
+  # :startdoc:  
+  
+  # Helper method for building the "WWW-Authenticate" header value.
+  #
+  #   Rack::Wind.build_header(:server => "http://josh.openid.com/")
+  #     #=> Wind server="https://wind.columbia.edu/"
+  def self.build_header(params = {})
+    'Wind ' + params.map { |key, value|
+      if value.is_a?(Array)
+        "#{key}=\"#{value.join(',')}\""
+      else
+        "#{key}=\"#{value}\""
+      end
+    }.join(', ')
+  end
+
+  # Helper method for parsing "WWW-Authenticate" header values into
+  # a hash.
+  #
+  #   Rack::Wind.parse_header("Wind identifier='http://josh.openid.com/'")
+  #     #=> {:identifier => "http://josh.openid.com/"}
+  def self.parse_header(str)
+    params = {}
+    if str =~ AUTHENTICATE_REGEXP
+      str = str.gsub(/#{AUTHENTICATE_REGEXP}\s+/, '')
+      str.split(', ').each { |pair|
+        key, *value = pair.split('=')
+        value = value.join('=')
+        value.gsub!(/^\"/, '').gsub!(/\"$/, "")
+        value = value.split(',')
+        params[key] = value.length > 1 ? value : value.first
+      }
+    end
+    params
+  end
+  
+  # valid? indicates the applicability of this strategy to the authn request
+  def valid?
+    valid_mapping? # apply to any request for a wind user
+  end
+  
+  def valid_mapping?
+    mapping.to.respond_to?(:find_by_wind_login_field)
+  end
+  
+  def wind_response?
+    not wind_response.nil?
+  end
+  
+  def wind_response
+    params['ticketid']
+  end
+  
+  def authenticate!
+    logger.debug("Authenticating with WIND for mapping #{mapping.to}")
+
+    if wind_response
+      handle_response!
+    else # redirect to WIND login with a 30x status
+      redirect! wind_redirect_url
+    end
+  end
+  
+  def wind_redirect_url
+    "https://#{mapping.to.wind_host}/login?destination=#{CGI.escapeHTML(request_url)}&service=#{CGI.escapeHTML(mapping.to.wind_service)}"
+  end
+  
+  def handle_response!
+    ticket_id = params['ticketid']
+    validate_path = "/validate?ticketid=#{ticket_id}"
+    wind_validate = Net::HTTP.new("wind.columbia.edu",443)
+    wind_validate.use_ssl = true
+    wind_validate.start
+    wind_resp = wind_validate.get(validate_path)
+    wind_validate.finish
+    #puts wind_resp.body
+    authdoc = Nokogiri::XML(wind_resp.body)
+    ns = {'wind'=>'http://www.columbia.edu/acis/rad/authmethods/wind'}
+    _user = authdoc.xpath('//wind:authenticationSuccess/wind:user', ns)
+    wind_data = nil
+    if _user.length > 0
+      wind_data = {}
+      wind_data[:uni] =  _user[0].content
+      wind_data[:affils] = authdoc.xpath('//wind:authenticationSuccess/wind:affiliations/wind:affil',ns).collect {|x| x.content}
+      logger.debug wind_data.inspect
+      _resource = mapping.to.find_or_create_by_wind_login_field(wind_data[:uni])
+      _resource.affiliations= wind_data[:affils]
+      _resource.save!
+      success! _resource
+    #else
+    #  fail!
+    end
+  end    
+end
+
+Warden::Strategies.add :wind_authenticatable, Devise::Strategies::WindAuthenticatable

data/lib/devise_wind/version.rb

@@ -0,0 +1,3 @@
+module DeviseWind
+  VERSION = '0.1.0'
+end

data/lib/generators/devise_wind/install/install_generator.rb

@@ -0,0 +1,23 @@
+module DeviseWind
+  module Generators
+    class InstallGenerator < ::Rails::Generators::Base
+      include Rails::Generators::Migration
+      source_root File.expand_path('../templates', __FILE__)
+      desc "add the migrations"
+
+      def self.next_migration_number(path)
+        unless @prev_migration_nr
+          @prev_migration_nr = Time.now.utc.strftime("%Y%m%d%H%M%S").to_i
+        else
+          @prev_migration_nr += 1
+        end
+        @prev_migration_nr.to_s
+      end
+
+      def copy_migrations
+        migration_template "add_roles.rb", "db/migrate/add_roles.rb"
+        migration_template "add_users_roles.rb", "db/migrate/add_users_roles.rb"
+      end
+    end
+  end
+end

data/lib/generators/devise_wind/install/templates/add_roles.rb

@@ -0,0 +1,14 @@
+class AddRoles < ActiveRecord::Migration
+  def self.up
+    create_table :roles do |t|
+      t.string :role_sym, :null => false
+      t.timestamps
+    end
+
+    add_index :roles, :role_sym, :unique => true
+  end
+
+  def self.down
+    drop_table :roles
+  end
+end

data/lib/generators/devise_wind/install/templates/add_users_roles.rb

@@ -0,0 +1,14 @@
+class AddUsersRoles < ActiveRecord::Migration
+  def self.up
+    create_table :roles_users, :id => false do |t|
+      t.column :user_id, :integer, :null => false
+      t.column :role_id, :integer, :null => false
+    end
+    add_index :roles_users, :user_id, :unique => false
+    add_index :roles_users, :role_id, :unique => false
+  end
+
+  def self.down
+    drop_table :roles_users
+  end
+end

metadata

@@ -0,0 +1,264 @@
+--- !ruby/object:Gem::Specification 
+name: devise_wind
+version: !ruby/object:Gem::Version 
+  hash: 27
+  prerelease: 
+  segments: 
+  - 0
+  - 1
+  - 0
+  version: 0.1.0
+platform: ruby
+authors: 
+- Benjamin Armintor, James Stuart
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2012-05-08 00:00:00 Z
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: rails
+  prerelease: false
+  requirement: &id001 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        hash: 19
+        segments: 
+        - 3
+        - 0
+        - 10
+        version: 3.0.10
+  type: :runtime
+  version_requirements: *id001
+- !ruby/object:Gem::Dependency 
+  name: devise
+  prerelease: false
+  requirement: &id002 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 5
+        segments: 
+        - 1
+        - 5
+        - 3
+        version: 1.5.3
+  type: :runtime
+  version_requirements: *id002
+- !ruby/object:Gem::Dependency 
+  name: yard
+  prerelease: false
+  requirement: &id003 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 3
+        segments: 
+        - 0
+        version: "0"
+  type: :development
+  version_requirements: *id003
+- !ruby/object:Gem::Dependency 
+  name: ruby-debug
+  prerelease: false
+  requirement: &id004 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 3
+        segments: 
+        - 0
+        version: "0"
+  type: :development
+  version_requirements: *id004
+- !ruby/object:Gem::Dependency 
+  name: ruby-debug-base
+  prerelease: false
+  requirement: &id005 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 3
+        segments: 
+        - 0
+        version: "0"
+  type: :development
+  version_requirements: *id005
+- !ruby/object:Gem::Dependency 
+  name: rspec-rails
+  prerelease: false
+  requirement: &id006 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 19
+        segments: 
+        - 2
+        - 7
+        - 0
+        version: 2.7.0
+  type: :development
+  version_requirements: *id006
+- !ruby/object:Gem::Dependency 
+  name: mocha
+  prerelease: false
+  requirement: &id007 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 3
+        segments: 
+        - 0
+        version: "0"
+  type: :development
+  version_requirements: *id007
+- !ruby/object:Gem::Dependency 
+  name: cucumber
+  prerelease: false
+  requirement: &id008 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 53
+        segments: 
+        - 0
+        - 8
+        - 5
+        version: 0.8.5
+  type: :development
+  version_requirements: *id008
+- !ruby/object:Gem::Dependency 
+  name: cucumber-rails
+  prerelease: false
+  requirement: &id009 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 23
+        segments: 
+        - 1
+        - 0
+        - 0
+        version: 1.0.0
+  type: :development
+  version_requirements: *id009
+- !ruby/object:Gem::Dependency 
+  name: gherkin
+  prerelease: false
+  requirement: &id010 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 3
+        segments: 
+        - 0
+        version: "0"
+  type: :development
+  version_requirements: *id010
+- !ruby/object:Gem::Dependency 
+  name: factory_girl
+  prerelease: false
+  requirement: &id011 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 3
+        segments: 
+        - 0
+        version: "0"
+  type: :development
+  version_requirements: *id011
+- !ruby/object:Gem::Dependency 
+  name: rake
+  prerelease: false
+  requirement: &id012 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 3
+        segments: 
+        - 0
+        version: "0"
+  type: :development
+  version_requirements: *id012
+description: some stuff
+email: 
+- armintor@gmail.com
+executables: []
+
+extensions: []
+
+extra_rdoc_files: []
+
+files: 
+- lib/devise_wind/controllers/sessions.rb
+- lib/devise_wind/controllers/users.rb
+- lib/devise_wind/engine.rb
+- lib/devise_wind/mixins/urls.rb
+- lib/devise_wind/model.rb
+- lib/devise_wind/schema.rb
+- lib/devise_wind/strategy.rb
+- lib/devise_wind/version.rb
+- lib/devise_wind.rb
+- lib/generators/devise_wind/install/install_generator.rb
+- lib/generators/devise_wind/install/templates/add_roles.rb
+- lib/generators/devise_wind/install/templates/add_users_roles.rb
+- app/controllers/sessions_controller.rb
+- app/helpers/application_helper.rb
+- app/models/role.rb
+- app/models/user.rb
+- app/views/sessions/new.html.erb
+- config/initializers/devise.rb
+- config/locales/devise.en.yml
+- config/locales/en.yml
+- config/routes.rb
+homepage: http://github.com/cul/devise_wind
+licenses: []
+
+post_install_message: 
+rdoc_options: []
+
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+requirements: []
+
+rubyforge_project: 
+rubygems_version: 1.8.15
+signing_key: 
+specification_version: 3
+summary: Devise/WIND Rails Engine (requires Rails3)
+test_files: []
+
+has_rdoc: