devision 0.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 43c30705818f3d105f21c7270c92e7f1824225b0
+  data.tar.gz: aa8bb3b3b720f5336b42f13e7ff1ad18450c76cd
+SHA512:
+  metadata.gz: c9da084babbbe7878ca794570626f27b8d4b15d02b91c1b209be41de3edcca642809bc0ad96fc908abfd1752a9628e75cb7f1517c06a916850853beabf974bfc
+  data.tar.gz: 73f23e9e1aeb2f8c8bcabd1444a9c97dabe0745938e641fdc099e2b3c37ca5b340a5c7e729218a3031c260cbad66b6615892de251bbfcc783ae01cf3f2e4930f

data/.gitignore

@@ -0,0 +1,23 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp
+*.bundle
+*.so
+*.o
+*.a
+mkmf.log
+*.sw[op]

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in devision.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2014 John Faucett
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,39 @@
+# Devision
+
+This is a gem that is heavily based off of Devise, think of it as Devise's little cousin.
+Basically, it provides a lot of the functionality but doesn't make many assumptions about
+how you want to want to structure your app, especially on the session handling end.
+
+Here's some of the things it does not provide.
+1. No routing
+2. No automatic mailing or setup for mailers
+3. No controller helpers and session/cookie stuff.
+
+So what does it provide, is probably your next question. It basically covers just the domain
+model end, things like reset_password, etc.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+    gem 'devision'
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install devision
+
+## Usage
+
+TODO: Write usage instructions here
+
+## Contributing
+
+1. Fork it ( https://github.com/[my-github-username]/devision/fork )
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create a new Pull Request

data/Rakefile

@@ -0,0 +1,2 @@
+require "bundler/gem_tasks"
+

data/devision.gemspec

@@ -0,0 +1,29 @@
+# encoding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$:.unshift(lib) unless $:.include?(lib)
+require 'devision/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = 'devision'
+  spec.version       = Devision::VERSION::STRING
+  spec.authors       = ['John Faucett']
+  spec.email         = ['jwaterfaucett@gmail.com']
+  spec.summary       = 'Devise on a Diet'
+  spec.license       = 'MIT'
+
+  spec.files         = `git ls-files -z`.split("\x0")
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(spec|features)/})
+  spec.require_paths = ["lib"]
+
+  spec.add_development_dependency 'bundler', '~> 1.6'
+  spec.add_development_dependency 'rake'
+
+  spec.add_development_dependency 'rspec', '~> 3.0.0'
+
+  spec.add_dependency 'railties', '>= 3.2.6', '< 5'
+  spec.add_dependency 'orm_adapter', '~> 0.5'
+  spec.add_dependency 'bcrypt', '~> 3.1'
+  spec.add_dependency 'thread_safe', '~> 0.3'
+
+end

data/lib/devision.rb

@@ -0,0 +1,47 @@
+require 'active_support'
+require 'orm_adapter'
+require 'active_support/core_ext/numeric/time'
+require 'securerandom'
+
+module Devision
+  autoload :TokenGenerator, 'devision/token_generator'
+
+  module Models
+    autoload :Config, 'devision/models/config'
+    autoload :Confirmable, 'devision/models/confirmable'
+    autoload :DatabaseAuthenticatable, 'devision/models/database_authenticatable'
+    autoload :Recoverable, 'devision/models/recoverable'
+    autoload :Rememberable, 'devision/models/rememberable'
+  end
+
+  # Devision configuration settings (for initializers)
+  require 'devision/configuration_options'
+
+
+  # Generate a user friendly 'nice' string randomly to be used as token.
+  def self.nice_token
+    SecureRandom.urlsafe_base64(15).tr('lIO0', 'sxyz')
+  end
+
+  # constant-time comparison algorithm to prevent timing attacks
+  def self.secure_compare(a, b)
+    return false if a.blank? || b.blank? || a.bytesize != b.bytesize
+    l = a.unpack "C#{a.bytesize}"
+
+    res = 0
+    b.each_byte { |byte| res |= byte ^ l.shift }
+    res == 0
+  end
+
+  # Digests a password using bcrypt.
+  def self.bcrypt(klass, password)
+    ::BCrypt::Password.create("#{password}#{klass.pepper}", cost: klass.stretches).to_s
+  end
+
+  # Default way to setup Devision. Just call this in an initializer
+  def self.setup
+    yield(self)
+  end
+
+
+end

data/lib/devision/configuration_options.rb

@@ -0,0 +1,118 @@
+module Devision
+
+  # =========================
+  # AUTHENTICATABLE OPTIONS
+  # =========================
+
+  # Keys used when authenticating a user.
+  mattr_accessor :authentication_keys
+  @@authentication_keys = [ :email ]
+
+  # =========================
+  # RECOVERABLE OPTIONS
+  # =========================
+
+  # Defines which key will be used when recovering the password for an account
+  mattr_accessor :reset_password_keys
+  @@reset_password_keys = [ :email ]
+
+  # Time interval you can reset your password with a reset password key
+  mattr_accessor :reset_password_within
+  @@reset_password_within = 6.hours
+
+  
+  # Email regex used to validate email formats. It simply asserts that
+  # an one (and only one) @ exists in the given string. This is mainly
+  # to give user feedback and not to assert the e-mail validity.
+  mattr_accessor :email_regexp
+  @@email_regexp = /\A[^@\s]+@([^@\s]+\.)+[^@\s]+\z/
+
+  # Range validation for password length
+  mattr_accessor :password_length
+  @@password_length = 6..128
+
+  # ======================
+  # REMEMBERABLE OPTIONS
+  # ======================
+
+  # Custom domain or key for cookies. Not set by default
+  # mattr_accessor :rememberable_options
+  # @@rememberable_options = {}
+
+  # The time the user will be remembered without asking for credentials again.
+  mattr_accessor :remember_for
+  @@remember_for = 2.weeks
+
+  # If true, extends the user's remember period when remembered via cookie.
+  mattr_accessor :extend_remember_period
+  @@extend_remember_period = false
+
+  # ========================
+  # CONFIRMABLE OPTIONS
+  # ========================
+
+  # Time interval you can access your account before confirming your account.
+  # nil - allows unconfirmed access for unlimited time
+  mattr_accessor :allow_unconfirmed_access_for
+  @@allow_unconfirmed_access_for = 0.days
+
+  # Time interval the confirmation token is valid. nil = unlimited
+  mattr_accessor :confirm_within
+  @@confirm_within = nil
+
+  # Defines which key will be used when confirming an account.
+  mattr_accessor :confirmation_keys
+  @@confirmation_keys = [ :email ]
+
+  # Defines if email should be reconfirmable.
+  # False by default for backwards compatibility.
+  mattr_accessor :reconfirmable
+  @@reconfirmable = false
+
+  # ====================
+  # LOCKABLE OPTIONS
+  # ====================
+
+  # Defines which strategy can be used to lock an account.
+  # Values: :failed_attempts, :none
+  mattr_accessor :lock_strategy
+  @@lock_strategy = :failed_attempts
+
+  # Defines which key will be used when locking and unlocking an account
+  mattr_accessor :unlock_keys
+  @@unlock_keys = [ :email ]
+
+  # Defines which strategy can be used to unlock an account.
+  # Values: :email, :time, :both
+  mattr_accessor :unlock_strategy
+  @@unlock_strategy = :both
+
+  # Number of authentication tries before locking an account
+  mattr_accessor :maximum_attempts
+  @@maximum_attempts = 20
+
+  # Time interval to unlock the account if :time is defined as unlock_strategy.
+  mattr_accessor :unlock_in
+  @@unlock_in = 1.hour
+
+  # ======================
+  # ENCRYPTION OPTIONS
+  # ======================
+
+  # Stores the token generator
+  mattr_accessor :token_generator
+  @@token_generator = nil
+
+  # Secret key used by the key generator
+  mattr_accessor :secret_key
+  @@secret_key = nil
+
+  # The number of times to encrypt password.
+  mattr_accessor :stretches
+  @@stretches = 10
+
+  # Used to encrypt password. Please generate one with rake secret.
+  mattr_accessor :pepper
+  @@pepper = nil
+
+end

data/lib/devision/models/authenticatable.rb

@@ -0,0 +1,44 @@
+module Devision
+  module Authenticatable
+
+    extend ActiveSupport::Concern
+
+    def self.required_fields(klass)
+      []
+    end
+    
+
+    module ClassMethods
+
+      def find_first_by_auth_conditions(tainted_conditions, options = {})
+        to_adapter.find_first(tainted_conditions.merge(options))
+      end
+
+      def find_or_initialize_with_error_by(attribute, value, error=:invalid)
+        find_or_initialize_with_errors([attribute], { attribute => value }, error)
+      end
+      
+      def find_or_initialize_with_errors(required_attributes, attributes, error=:invalid)
+        attributes = attributes.slice(*required_attributes)
+        attributes.delete_if { |key, value| value.blank? }
+        
+        if attributes.size == required_attributes.size
+          record = find_first_by_auth_conditions(attributes)
+        end
+
+        unless record
+          record = new
+          required_attributes.each do |key|
+            value = attributes[key]
+            record.public_send("#{key}=", value)
+            record.errors.add(key, value.present? ? error : :blank)
+          end
+        end
+        
+        record
+      end
+
+    end
+
+  end
+end

data/lib/devision/models/config.rb

@@ -0,0 +1,32 @@
+module Devision
+  module Models
+
+    module Config
+
+      def self.add_options(mod, *accessors)
+        class << mod; attr_accessor :available_configs; end
+        mod.available_configs = accessors
+
+        accessors.each do |accessor|
+          mod.class_eval <<-METHOD, __FILE__, __LINE__ + 1
+            def #{accessor}
+              if defined?(@#{accessor})
+                @#{accessor}
+              elsif superclass.respond_to?(:#{accessor})
+                superclass.#{accessor}
+              else
+                Devise.#{accessor}
+              end
+            end
+
+            def #{accessor}=(value)
+              @#{accessor} = value
+            end
+          METHOD
+        end
+      end
+
+    end # Config
+
+  end # Models
+end # Devision

data/lib/devision/models/confirmable.rb

@@ -0,0 +1,86 @@
+module Devision
+  module Models
+    module Confirmable
+      extend ActiveSupport::Concern
+
+      # Fields required on the target Model
+      def self.required_fields(klass)
+        [:confirmation_token, :confirmed_at, :confirmation_sent_at]
+      end
+
+      included do
+
+        attr_reader :raw_confirmation_token
+
+        def confirm!
+          pending_any_confirmation do
+            if confirmation_period_expired?
+              self.errors.add(:email, :confirmation_period_expired)
+              return false
+            end
+            self.confirmation_token = nil
+            self.confirmed_at = Time.now.utc
+            save(validate: false)
+          end
+        end
+
+        def confirmed?
+          !!confirmed_at
+        end
+
+        def generate_confirmation_tokens
+          raw, enc = Devision.token_generator.generate(self.class, :confirmation_token)
+          @raw_confirmation_token = raw
+          self.confirmation_token = enc
+          self.confirmation_sent_at = Time.now.utc
+        end
+
+        def generate_confirmation_tokens!
+          generate_confirmation_tokens && save(validate: false)
+        end
+
+        def clear_confirmation_token
+          @raw_confirmation_token = nil
+          self.confirmation_token = nil
+          self.confirmation_sent_at = nil
+        end
+
+        # Checks whether the record requires any confirmation.
+        def pending_any_confirmation
+          if !confirmed?
+            yield
+          else
+            self.errors.add(:email, :already_confirmed)
+            false
+          end
+        end
+
+        def confirmation_period_expired?
+          self.class.confirm_within && (Time.now > self.confirmation_sent_at + self.class.confirm_within )
+        end
+
+        def confirmation_period_valid?
+          self.class.allow_unconfirmed_access_for.nil? || (confirmation_sent_at && confirmation_sent_at.utc >= self.class.allow_unconfirmed_access_for.ago)
+        end
+
+      end
+
+      module ClassMethods
+
+        def confirm_by_token(raw_confirmation_token)
+          original_token     = raw_confirmation_token
+          saved_token = Devision.token_generator.digest(self, :confirmation_token, original_token)
+
+          confirmable = find_or_initialize_by(confirmation_token: saved_token)
+          confirmable.confirm! if confirmable.persisted?
+          confirmable.confirmation_token = original_token
+          confirmable
+        end
+
+        Devision::Models::Config.add_options(self, :allow_unconfirmed_access_for, :confirmation_keys, :reconfirmable, :confirm_within)
+      end
+
+
+    end # Confirmable
+  end # Models
+end # Devision

data/lib/devision/models/database_authenticatable.rb

@@ -0,0 +1,81 @@
+require 'bcrypt'
+
+module Devision
+
+  module Models
+    # Authenticatable Module, responsible for encrypting password and validating
+    # authenticity of a user while signing in.
+    #
+    # == Options
+    #
+    # == Examples
+    #
+    #    User.find(1).valid_password?('password123')         # returns true/false
+    #
+    module DatabaseAuthenticatable
+      extend ActiveSupport::Concern
+
+      # Fields required on the target Model
+      def self.required_fields(klass)
+        [:encrypted_password] + klass.authentication_keys
+      end
+
+      included do
+        attr_reader :password, :current_password
+        attr_accessor :password_confirmation
+      end
+
+      # Generates password encryption based on the given value.
+      def password=(new_password)
+        @password = new_password
+        self.encrypted_password = password_digest(@password) if @password.present?
+      end
+
+      # Verifies whether an password (ie from sign in) is the user password.
+      def valid_password?(password)
+        return false if encrypted_password.blank?
+        bcrypt   = ::BCrypt::Password.new(encrypted_password)
+        password = ::BCrypt::Engine.hash_secret("#{password}#{self.class.pepper}", bcrypt.salt)
+        Devision.secure_compare(password, encrypted_password)
+      end
+
+      # Set password and password confirmation to nil
+      def clean_up_passwords
+        self.password = self.password_confirmation = nil
+      end
+
+      # A callback initiated after successfully authenticating. This can be
+      # used to insert your own logic that is only run after the user successfully
+      # authenticates.
+      #
+      # Example:
+      #
+      #   def after_database_authentication
+      #     self.update_attribute(:invite_code, nil)
+      #   end
+      #
+      def after_database_authentication
+      end
+
+      # A reliable way to expose the salt regardless of the implementation.
+      def authenticatable_salt
+        encrypted_password[0,29] if encrypted_password
+      end
+
+    protected
+
+      # Digests the password using bcrypt. Custom encryption should override
+      # this method to apply their own algorithm.
+      #
+      # See https://github.com/plataformatec/devise-encryptable for examples
+      # of other encryption engines.
+      def password_digest(password)
+        Devision.bcrypt(self.class, password)
+      end
+
+      module ClassMethods
+        Devision::Models::Config.add_options(self, :pepper, :stretches)
+      end
+    end
+  end
+end

data/lib/devision/models/lockable.rb

@@ -0,0 +1,67 @@
+module Devision
+  module Lockable
+    extend ActiveSupport::Concern
+
+    delegate :lock_strategy_enabled?, :unlock_strategy_enabled?, to: 'self.class'
+
+    def self.required_fields(klass)
+      attributes = []
+      attributes << :failed_attempts if klass.lock_strategy_enabled?(:failed_attempts)
+      attributes << :locked_at if klass.unlock_strategy_enabled?(:time)
+      attributes << :unlock_token if klass.unlock_strategy_enabled?(:email)
+      attributes
+    end
+
+    def lock_access!
+      self.locked_at = Time.now.utc
+      save(validate: false)
+    end
+
+    def unlock_access!
+      self.locked_at = nil
+      self.failed_attempts = 0 if respond_to?(:failed_attempts=)
+      self.unlock_token = nil if respond_to?(:unlock_token=)
+      save(validate: false)
+    end
+
+    def access_locked?
+      !!locked_at && !lock_expired?
+    end
+
+    protected
+      def attempts_exceeded?
+        self.failed_attempts >= self.class.maximum_attempts
+      end
+
+      def last_attempt?
+        self.failed_attempts == (self.class.maximum_attempts - 1)
+      end
+
+      def lock_expired?
+        if unlock_strategy_enabled?(:time)
+          locked_at && locked_at < self.class.unlock_in.ago
+        else
+          false
+        end
+      end
+
+    module ClassMethods
+      def unlock_access_by_token(unlock_token)
+        original_token = unlock_token
+        unlock_token = Devision.token_generator.digest(self, :unlock_token, unlock_token)
+        
+        lockable = find_or_initialize_with_error_by(:unlock_token, unlock_token)
+        lockable.unlock_access! if lockable.persisted?
+        lockable.unlock_token = original_token
+        lockable
+      end
+
+      def unlock_strategy_enabled?(strategy)
+        self.lock_strategy == strategy
+      end
+
+      Devision::Models::Config.add_options(self, :maximum_attempts, :lock_strategy, :unlock_strategy, :unlock_in, :unlock_keys)
+    end
+
+  end
+end

data/lib/devision/models/recoverable.rb

@@ -0,0 +1,137 @@
+module Devision
+  module Models
+
+    # Recoverable takes care of resetting the user password and send reset instructions.
+    #
+    # ==Options
+    #
+    # Recoverable adds the following options to a model
+    #
+    #   * +reset_password_keys+: the keys you want to use when recovering the password for an account
+    #
+    # == Examples
+    #
+    #   # resets the user password and save the record, true if valid passwords are given, otherwise false
+    #   User.find(1).reset_password!('password123', 'password123')
+    #
+    #   # only resets the user password, without saving the record
+    #   user = User.find(1)
+    #   user.reset_password('password123', 'password123')
+    #
+    #   # creates a new token and send it with instructions about how to reset the password
+    #   User.find(1).send_reset_password_instructions
+    #
+    module Recoverable
+      extend ActiveSupport::Concern
+
+      def self.required_fields(klass)
+        [:reset_password_sent_at, :reset_password_token]
+      end
+
+      included do
+        attr_accessor :raw_reset_password_token
+      end
+
+      # Update password saving the record and clearing token. Returns true if
+      # the passwords are valid and the record was saved, false otherwise.
+      def reset_password!(new_password, new_password_confirmation)
+        self.password = new_password
+        self.password_confirmation = new_password_confirmation
+
+        if valid?
+          clear_reset_password_token
+          after_password_reset
+        end
+
+        save
+      end
+
+      # Resets reset password token and send reset password instructions by email.
+      # Returns the token which can then be sent via email
+      def generate_password_tokens
+        @raw_password_reset_token, enc = Devision.token_generator.generate(self.class, :reset_password_token)
+
+        self.reset_password_token   = enc
+        self.reset_password_sent_at = Time.now.utc
+        @raw_password_reset_token
+      end
+
+      def generate_password_tokens!
+        generate_password_tokens && save(validate: false)
+      end
+
+      # Checks if the reset password token sent is within the limit time.
+      # We do this by calculating if the difference between today and the
+      # sending date does not exceed the confirm in time configured.
+      # Returns true if the resource is not responding to reset_password_sent_at at all.
+      # reset_password_within is a model configuration, must always be an integer value.
+      #
+      # Example:
+      #
+      #   # reset_password_within = 1.day and reset_password_sent_at = today
+      #   reset_password_period_valid?   # returns true
+      #
+      #   # reset_password_within = 5.days and reset_password_sent_at = 4.days.ago
+      #   reset_password_period_valid?   # returns true
+      #
+      #   # reset_password_within = 5.days and reset_password_sent_at = 5.days.ago
+      #   reset_password_period_valid?   # returns false
+      #
+      #   # reset_password_within = 0.days
+      #   reset_password_period_valid?   # will always return false
+      #
+      def reset_password_period_valid?
+        reset_password_sent_at && reset_password_sent_at.utc >= self.class.reset_password_within.ago
+      end
+
+      protected
+
+        # Removes reset_password token
+        def clear_reset_password_token
+          self.raw_reset_password_token = nil
+          self.reset_password_token = nil
+          self.reset_password_sent_at = nil
+        end
+
+        def after_password_reset
+        end
+
+      module ClassMethods
+        # Attempt to find a user by its email. If a record is found, send new
+        # password instructions to it. If user is not found, returns a new user
+        # with an email not found error.
+        # Attributes must contain the user's email
+        def send_reset_password_instructions(attributes={})
+          recoverable = find_or_initialize_with_errors(reset_password_keys, attributes, :not_found)
+          recoverable.send_reset_password_instructions if recoverable.persisted?
+          recoverable
+        end
+
+        # Attempt to find a user by its reset_password_token to reset its
+        # password. If a user is found and token is still valid, reset its password and automatically
+        # try saving the record. If not user is found, returns a new user
+        # containing an error in reset_password_token attribute.
+        # Attributes must contain reset_password_token, password and confirmation
+        def reset_password_by_token(attributes={})
+          original_token       = attributes[:reset_password_token]
+          reset_password_token = Devision.token_generator.digest(self, :reset_password_token, original_token)
+
+          recoverable = find_or_initialize_with_errors(:reset_password_token, reset_password_token)
+
+          if recoverable.persisted?
+            if recoverable.reset_password_period_valid?
+              recoverable.reset_password!(attributes[:password], attributes[:password_confirmation])
+            else
+              recoverable.errors.add(:reset_password_token, :expired)
+            end
+          end
+
+          recoverable.reset_password_token = original_token
+          recoverable
+        end
+
+        Devision::Models::Config.add_options(self, :reset_password_keys, :reset_password_within)
+      end
+    end
+  end
+end

data/lib/devision/models/rememberable.rb

@@ -0,0 +1,114 @@
+module Devision
+  module Models
+    # Rememberable manages generating and clearing token for remember the user
+    # from a saved cookie. Rememberable also has utility methods for dealing
+    # with serializing the user into the cookie and back from the cookie, trying
+    # to lookup the record based on the saved information.
+    # You probably wouldn't use rememberable methods directly, they are used
+    # mostly internally for handling the remember token.
+    #
+    # == Options
+    #
+    # Rememberable adds the following options in devise_for:
+    #
+    #   * +remember_for+: the time you want the user will be remembered without
+    #     asking for credentials. After this time the user will be blocked and
+    #     will have to enter their credentials again. This configuration is also
+    #     used to calculate the expires time for the cookie created to remember
+    #     the user. By default remember_for is 2.weeks.
+    #
+    #   * +extend_remember_period+: if true, extends the user's remember period
+    #     when remembered via cookie. False by default.
+    #
+    #   * +rememberable_options+: configuration options passed to the created cookie.
+    #
+    # == Examples
+    #
+    #   User.find(1).remember_me!  # regenerating the token
+    #   User.find(1).forget_me!    # clearing the token
+    #
+    #   # generating info to put into cookies
+    #   User.serialize_into_cookie(user)
+    #
+    #   # lookup the user based on the incoming cookie information
+    #   User.serialize_from_cookie(cookie_string)
+    module Rememberable
+      extend ActiveSupport::Concern
+
+      attr_accessor :remember_me, :extend_remember_period
+
+      def self.required_fields(klass)
+        [:remember_created_at]
+      end
+
+      # Generate a new remember token and save the record without validations
+      # unless remember_across_browsers is true and the user already has a valid token.
+      def remember_me!(extend_period=false)
+        self.remember_token = self.class.remember_token if generate_remember_token?
+        self.remember_created_at = Time.now.utc if generate_remember_timestamp?(extend_period)
+        save(validate: false) if self.changed?
+      end
+
+      # If the record is persisted, remove the remember token (but only if
+      # it exists), and save the record without validations.
+      def forget_me!
+        return unless persisted?
+        self.remember_token = nil if respond_to?(:remember_token=)
+        self.remember_created_at = nil
+        save(validate: false)
+      end
+
+      # Remember token should be expired if expiration time not overpass now.
+      def remember_expired?
+        remember_created_at.nil? || (remember_expires_at <= Time.now.utc)
+      end
+
+      # Remember token expires at created time + remember_for configuration
+      def remember_expires_at
+        remember_created_at + self.class.remember_for
+      end
+
+      def rememberable_value
+        if respond_to?(:remember_token)
+          remember_token
+        elsif respond_to?(:authenticatable_salt) && (salt = authenticatable_salt)
+          salt
+        else
+          raise "authenticable_salt returned nil for the #{self.class.name} model. " \
+            "In order to use rememberable, you must ensure a password is always set " \
+            "or have a remember_token column in your model or implement your own " \
+            "rememberable_value in the model with custom logic."
+        end
+      end
+
+      def rememberable_options
+        self.class.rememberable_options
+      end
+
+    protected
+
+      def generate_remember_token? #:nodoc:
+        respond_to?(:remember_token) && remember_expired?
+      end
+
+      # Generate a timestamp if extend_remember_period is true, if no remember_token
+      # exists, or if an existing remember token has expired.
+      def generate_remember_timestamp?(extend_period) #:nodoc:
+        extend_period || remember_created_at.nil? || remember_expired?
+      end
+
+      module ClassMethods
+
+        # Generate a token checking if one does not already exist in the database.
+        def remember_token #:nodoc:
+          loop do
+            token = Devision.nice_token
+            break token unless to_adapter.find_first({ remember_token: token })
+          end
+        end
+
+        Devise::Models::Config.add_options(self, :remember_for, :extend_remember_period, :rememberable_options)
+      end
+    end
+  end
+end

data/lib/devision/token_generator.rb

@@ -0,0 +1,72 @@
+# Deprecate: Copied verbatim from Rails source, remove once we move to Rails 4 only.
+require 'thread_safe'
+require 'openssl'
+require 'securerandom'
+
+module Devision
+
+  class TokenGenerator
+    def initialize(key_generator, digest="SHA256")
+      @key_generator = key_generator
+      @digest = digest
+    end
+
+    def digest(klass, column, value)
+      value.present? && OpenSSL::HMAC.hexdigest(@digest, key_for(column), value.to_s)
+    end
+
+    def generate(klass, column)
+      key = key_for(column)
+
+      loop do
+        raw = Devision.nice_token
+        enc = OpenSSL::HMAC.hexdigest(@digest, key, raw)
+        break [raw, enc] unless klass.to_adapter.find_first({ column => enc })
+      end
+    end
+
+    private
+
+      def key_for(column)
+        @key_generator.generate_key("Devision #{column}")
+      end
+  end # TokenGenerator
+
+  # KeyGenerator is a simple wrapper around OpenSSL's implementation of PBKDF2
+  # It can be used to derive a number of keys for various purposes from a given secret.
+  # This lets Rails applications have a single secure secret, but avoid reusing that
+  # key in multiple incompatible contexts.
+  class KeyGenerator
+    def initialize(secret, options = {})
+      @secret = secret
+      # The default iterations are higher than required for our key derivation uses
+      # on the off chance someone uses this for password storage
+      @iterations = options[:iterations] || 2**16
+    end
+
+    # Returns a derived key suitable for use.  The default key_size is chosen
+    # to be compatible with the default settings of ActiveSupport::MessageVerifier.
+    # i.e. OpenSSL::Digest::SHA1#block_length
+    def generate_key(salt, key_size=64)
+      OpenSSL::PKCS5.pbkdf2_hmac_sha1(@secret, salt, @iterations, key_size)
+    end
+  end # KeyGenerator
+
+  # CachingKeyGenerator is a wrapper around KeyGenerator which allows users to avoid
+  # re-executing the key generation process when it's called using the same salt and
+  # key_size
+  class CachingKeyGenerator
+    def initialize(key_generator)
+      @key_generator = key_generator
+      @cache_keys = ThreadSafe::Cache.new
+    end
+
+    # Returns a derived key suitable for use.  The default key_size is chosen
+    # to be compatible with the default settings of ActiveSupport::MessageVerifier.
+    # i.e. OpenSSL::Digest::SHA1#block_length
+    def generate_key(salt, key_size=64)
+      @cache_keys["#{salt}#{key_size}"] ||= @key_generator.generate_key(salt, key_size)
+    end
+  end # CachingKeyGenerator
+
+end # Devision

data/lib/devision/version.rb

@@ -0,0 +1,13 @@
+module Devision
+  module VERSION
+
+    def self.gem_version
+      @gem_version ||= Gem::Version.new(STRING)
+    end
+
+    MAJOR = 0
+    MINOR = 0
+    PATCH = 0
+    STRING = [MAJOR,MINOR,PATCH].join('.').freeze
+  end
+end

metadata

@@ -0,0 +1,165 @@
+--- !ruby/object:Gem::Specification
+name: devision
+version: !ruby/object:Gem::Version
+  version: 0.0.0
+platform: ruby
+authors:
+- John Faucett
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2014-08-12 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.6'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.6'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.0.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.0.0
+- !ruby/object:Gem::Dependency
+  name: railties
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.2.6
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '5'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.2.6
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '5'
+- !ruby/object:Gem::Dependency
+  name: orm_adapter
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.5'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.5'
+- !ruby/object:Gem::Dependency
+  name: bcrypt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.1'
+- !ruby/object:Gem::Dependency
+  name: thread_safe
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.3'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.3'
+description: 
+email:
+- jwaterfaucett@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- devision.gemspec
+- lib/devision.rb
+- lib/devision/configuration_options.rb
+- lib/devision/models/authenticatable.rb
+- lib/devision/models/config.rb
+- lib/devision/models/confirmable.rb
+- lib/devision/models/database_authenticatable.rb
+- lib/devision/models/lockable.rb
+- lib/devision/models/recoverable.rb
+- lib/devision/models/rememberable.rb
+- lib/devision/token_generator.rb
+- lib/devision/version.rb
+homepage: 
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.4.1
+signing_key: 
+specification_version: 4
+summary: Devise on a Diet
+test_files: []