entrance 0.1.1 → 0.2.0

data/examples/rails-app/config/initializers/secret_token.rb

@@ -0,0 +1,12 @@
+# Be sure to restart your server when you modify this file.
+
+# Your secret key is used for verifying the integrity of signed cookies.
+# If you change this key, all old signed cookies will become invalid!
+
+# Make sure the secret is at least 30 characters and all random,
+# no regular words or you'll be exposed to dictionary attacks.
+# You can use `rake secret` to generate a secure secret key.
+
+# Make sure your secret_key_base is kept private
+# if you're sharing your code publicly.
+RailsApp::Application.config.secret_key_base = 'c201e15ab7b6b117cc24f351cd3d19903ad98e80066bffe0903f50361278804ac891e0b192264f22f2dde1f5fed86d2cc5aa2bb8b31ea22f22699df0c4f0923f'

data/examples/rails-app/config/initializers/session_store.rb

@@ -0,0 +1,3 @@
+# Be sure to restart your server when you modify this file.
+
+RailsApp::Application.config.session_store :cookie_store, key: '_rails-app_session'

data/examples/rails-app/config/initializers/wrap_parameters.rb

@@ -0,0 +1,14 @@
+# Be sure to restart your server when you modify this file.
+
+# This file contains settings for ActionController::ParamsWrapper which
+# is enabled by default.
+
+# Enable parameter wrapping for JSON. You can disable this by setting :format to an empty array.
+ActiveSupport.on_load(:action_controller) do
+  wrap_parameters format: [:json] if respond_to?(:wrap_parameters)
+end
+
+# To enable root element in JSON for ActiveRecord objects.
+# ActiveSupport.on_load(:active_record) do
+#  self.include_root_in_json = true
+# end

data/examples/rails-app/config/locales/en.yml

@@ -0,0 +1,23 @@
+# Files in the config/locales directory are used for internationalization
+# and are automatically loaded by Rails. If you want to use locales other
+# than English, add the necessary files in this directory.
+#
+# To use the locales, use `I18n.t`:
+#
+#     I18n.t 'hello'
+#
+# In views, this is aliased to just `t`:
+#
+#     <%= t('hello') %>
+#
+# To use a different locale, set it with `I18n.locale`:
+#
+#     I18n.locale = :es
+#
+# This would use the information in config/locales/es.yml.
+#
+# To learn more, please read the Rails Internationalization guide
+# available at http://guides.rubyonrails.org/i18n.html.
+
+en:
+  hello: "Hello world"

data/examples/rails-app/config/routes.rb

@@ -0,0 +1,12 @@
+RailsApp::Application.routes.draw do
+
+  root 'welcome#index'
+
+  get  'login'  => 'sessions#new'
+  post 'login'  => 'sessions#create'
+  get  'logout' => 'sessions#destroy'
+
+  get  'signup' => 'users#new'
+  post 'signup' => 'users#create'
+
+end

data/examples/rails-app/config.ru

@@ -0,0 +1,4 @@
+# This file is used by Rack-based servers to start the application.
+
+require ::File.expand_path('../config/environment',  __FILE__)
+run Rails.application

data/examples/rails-app/db/migrate/20150107032724_create_users.rb

@@ -0,0 +1,21 @@
+class CreateUsers < ActiveRecord::Migration
+  def change
+    create_table :users do |t|
+      t.string :name
+
+      # email/password
+      t.string :email, :unique => true
+      t.string :password_hash
+
+      # 'remember me' support
+      t.string :remember_token
+      t.datetime :remember_token_expires_at
+
+      # reset password support
+      t.string :reset_token
+      t.datetime :reset_token_expires_at
+
+      t.timestamps
+    end
+  end
+end

data/examples/rails-app/db/schema.rb

@@ -0,0 +1,28 @@
+# encoding: UTF-8
+# This file is auto-generated from the current state of the database. Instead
+# of editing this file, please use the migrations feature of Active Record to
+# incrementally modify your database, and then regenerate this schema definition.
+#
+# Note that this schema.rb definition is the authoritative source for your
+# database schema. If you need to create the application database on another
+# system, you should be using db:schema:load, not running all the migrations
+# from scratch. The latter is a flawed and unsustainable approach (the more migrations
+# you'll amass, the slower it'll run and the greater likelihood for issues).
+#
+# It's strongly recommended that you check this file into your version control system.
+
+ActiveRecord::Schema.define(version: 20150107032724) do
+
+  create_table "users", force: true do |t|
+    t.string   "name"
+    t.string   "email"
+    t.string   "password_hash"
+    t.string   "remember_token"
+    t.datetime "remember_token_expires_at"
+    t.string   "reset_token"
+    t.datetime "reset_token_expires_at"
+    t.datetime "created_at"
+    t.datetime "updated_at"
+  end
+
+end

data/examples/rails-app/db/seeds.rb

@@ -0,0 +1,7 @@
+# This file should contain all the record creation needed to seed the database with its default values.
+# The data can then be loaded with the rake db:seed (or created alongside the db with db:setup).
+#
+# Examples:
+#
+#   cities = City.create([{ name: 'Chicago' }, { name: 'Copenhagen' }])
+#   Mayor.create(name: 'Emanuel', city: cities.first)

data/examples/rails-app/public/404.html

@@ -0,0 +1,58 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>The page you were looking for doesn't exist (404)</title>
+  <style>
+  body {
+    background-color: #EFEFEF;
+    color: #2E2F30;
+    text-align: center;
+    font-family: arial, sans-serif;
+  }
+
+  div.dialog {
+    width: 25em;
+    margin: 4em auto 0 auto;
+    border: 1px solid #CCC;
+    border-right-color: #999;
+    border-left-color: #999;
+    border-bottom-color: #BBB;
+    border-top: #B00100 solid 4px;
+    border-top-left-radius: 9px;
+    border-top-right-radius: 9px;
+    background-color: white;
+    padding: 7px 4em 0 4em;
+  }
+
+  h1 {
+    font-size: 100%;
+    color: #730E15;
+    line-height: 1.5em;
+  }
+
+  body > p {
+    width: 33em;
+    margin: 0 auto 1em;
+    padding: 1em 0;
+    background-color: #F7F7F7;
+    border: 1px solid #CCC;
+    border-right-color: #999;
+    border-bottom-color: #999;
+    border-bottom-left-radius: 4px;
+    border-bottom-right-radius: 4px;
+    border-top-color: #DADADA;
+    color: #666;
+    box-shadow:0 3px 8px rgba(50, 50, 50, 0.17);
+  }
+  </style>
+</head>
+
+<body>
+  <!-- This file lives in public/404.html -->
+  <div class="dialog">
+    <h1>The page you were looking for doesn't exist.</h1>
+    <p>You may have mistyped the address or the page may have moved.</p>
+  </div>
+  <p>If you are the application owner check the logs for more information.</p>
+</body>
+</html>

data/examples/rails-app/public/422.html

@@ -0,0 +1,58 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>The change you wanted was rejected (422)</title>
+  <style>
+  body {
+    background-color: #EFEFEF;
+    color: #2E2F30;
+    text-align: center;
+    font-family: arial, sans-serif;
+  }
+
+  div.dialog {
+    width: 25em;
+    margin: 4em auto 0 auto;
+    border: 1px solid #CCC;
+    border-right-color: #999;
+    border-left-color: #999;
+    border-bottom-color: #BBB;
+    border-top: #B00100 solid 4px;
+    border-top-left-radius: 9px;
+    border-top-right-radius: 9px;
+    background-color: white;
+    padding: 7px 4em 0 4em;
+  }
+
+  h1 {
+    font-size: 100%;
+    color: #730E15;
+    line-height: 1.5em;
+  }
+
+  body > p {
+    width: 33em;
+    margin: 0 auto 1em;
+    padding: 1em 0;
+    background-color: #F7F7F7;
+    border: 1px solid #CCC;
+    border-right-color: #999;
+    border-bottom-color: #999;
+    border-bottom-left-radius: 4px;
+    border-bottom-right-radius: 4px;
+    border-top-color: #DADADA;
+    color: #666;
+    box-shadow:0 3px 8px rgba(50, 50, 50, 0.17);
+  }
+  </style>
+</head>
+
+<body>
+  <!-- This file lives in public/422.html -->
+  <div class="dialog">
+    <h1>The change you wanted was rejected.</h1>
+    <p>Maybe you tried to change something you didn't have access to.</p>
+  </div>
+  <p>If you are the application owner check the logs for more information.</p>
+</body>
+</html>

data/examples/rails-app/public/500.html

@@ -0,0 +1,57 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>We're sorry, but something went wrong (500)</title>
+  <style>
+  body {
+    background-color: #EFEFEF;
+    color: #2E2F30;
+    text-align: center;
+    font-family: arial, sans-serif;
+  }
+
+  div.dialog {
+    width: 25em;
+    margin: 4em auto 0 auto;
+    border: 1px solid #CCC;
+    border-right-color: #999;
+    border-left-color: #999;
+    border-bottom-color: #BBB;
+    border-top: #B00100 solid 4px;
+    border-top-left-radius: 9px;
+    border-top-right-radius: 9px;
+    background-color: white;
+    padding: 7px 4em 0 4em;
+  }
+
+  h1 {
+    font-size: 100%;
+    color: #730E15;
+    line-height: 1.5em;
+  }
+
+  body > p {
+    width: 33em;
+    margin: 0 auto 1em;
+    padding: 1em 0;
+    background-color: #F7F7F7;
+    border: 1px solid #CCC;
+    border-right-color: #999;
+    border-bottom-color: #999;
+    border-bottom-left-radius: 4px;
+    border-bottom-right-radius: 4px;
+    border-top-color: #DADADA;
+    color: #666;
+    box-shadow:0 3px 8px rgba(50, 50, 50, 0.17);
+  }
+  </style>
+</head>
+
+<body>
+  <!-- This file lives in public/500.html -->
+  <div class="dialog">
+    <h1>We're sorry, but something went wrong.</h1>
+  </div>
+  <p>If you are the application owner check the logs for more information.</p>
+</body>
+</html>

data/examples/rails-app/public/robots.txt

@@ -0,0 +1,5 @@
+# See http://www.robotstxt.org/robotstxt.html for documentation on how to use the robots.txt file
+#
+# To ban all spiders from the entire site uncomment the next two lines:
+# User-agent: *
+# Disallow: /

data/examples/rails-app/test/fixtures/users.yml

@@ -0,0 +1,11 @@
+# Read about fixtures at http://api.rubyonrails.org/classes/ActiveRecord/FixtureSet.html
+
+# This model initially had no columns defined.  If you add columns to the
+# model remove the '{}' from the fixture names and add the columns immediately
+# below each fixture, per the syntax in the comments below
+#
+one: {}
+# column: value
+#
+two: {}
+#  column: value

data/examples/rails-app/test/models/user_test.rb

@@ -0,0 +1,7 @@
+require 'test_helper'
+
+class UserTest < ActiveSupport::TestCase
+  # test "the truth" do
+  #   assert true
+  # end
+end

data/examples/rails-app/test/test_helper.rb

@@ -0,0 +1,15 @@
+ENV["RAILS_ENV"] ||= "test"
+require File.expand_path('../../config/environment', __FILE__)
+require 'rails/test_help'
+
+class ActiveSupport::TestCase
+  ActiveRecord::Migration.check_pending!
+
+  # Setup all fixtures in test/fixtures/*.yml for all tests in alphabetical order.
+  #
+  # Note: You'll currently still have to declare fixtures explicitly in integration tests
+  # -- they do not yet inherit this setting
+  fixtures :all
+
+  # Add more helper methods to be used by all tests here...
+end

data/lib/entrance/ciphers.rb

@@ -9,8 +9,8 @@ module Entrance
 
       JOIN_STRING = '--'
 
-      def self.read(password)
-        password
+      def self.match?(stored, given, salt = nil)
+        stored === encrypt(given, salt)
       end
 
       # same logic as restful authentication
@@ -30,12 +30,14 @@ module Entrance
 
     module BCrypt
 
-      def self.read(password)
-        BCrypt::Password.new(password)
+      # https://github.com/codahale/bcrypt-ruby
+      def self.match?(stored, given, salt = nil)
+        ::BCrypt::Password.new(stored) == given
+        # ::BCrypt::Password.new(stored) == encrypt(given)
       end
 
       def self.encrypt(password, salt = nil)
-        BCrypt::Password.create(password)
+        ::BCrypt::Password.create(password)
       end
 
     end

data/lib/entrance/config.rb

@@ -4,7 +4,7 @@ module Entrance
 
     attr_accessor *%w(
       model cipher secret stretches
-      username_attr password_attr salt_attr
+      unique_key username_attr password_attr salt_attr
       remember_token_attr remember_until_attr reset_token_attr reset_until_attr
       access_denied_redirect_to access_denied_message_key
       reset_password_mailer reset_password_method reset_password_window remember_for
@@ -13,10 +13,11 @@ module Entrance
 
     def initialize
       @model                      = 'User'
-      @cipher                     = Ciphers::BCrypt # or Ciphers::SHA1 
+      @cipher                     = Entrance::Ciphers::BCrypt # or Entrance::Ciphers::SHA1 
       @secret                     = nil
       @stretches                  = 10
       @salt_attr                  = nil
+      @unique_key                 = 'id'
       @username_attr              = 'email'
       @password_attr              = 'password_hash'
       @remember_token_attr        = 'remember_token'
@@ -35,6 +36,24 @@ module Entrance
       @cookie_httponly            = false
     end
 
+    def validate!
+      if cipher == Ciphers::SHA1 && secret.nil?
+        raise "The SHA1 cipher requires a valid config.secret to be set."
+      end
+    end
+
+    def can?(what, val = nil)
+      if val
+        instance_variable_set("@can_#{what}", val)
+      else
+        !!instance_variable_get("@can_#{what}")
+      end
+    end
+
+    def permit!(option)
+      raise "#{option} is disabled!" unless can?(option)
+    end
+
   end
 
 end

data/lib/entrance/controller.rb

@@ -9,7 +9,7 @@ module Entrance
     end
 
     def authenticate_and_login(username, password, remember_me = false)
-      if user = Entrance.config.model.constantize.authenticate(username, password)
+      if user = Entrance.model.authenticate(username, password)
         login!(user, remember_me)
         user
       end
@@ -17,18 +17,19 @@ module Entrance
 
     def login!(user, remember_me = false)
       self.current_user = user
-      remember_or_forget(remember_me)
+      remember_or_forget(remember_me) if Entrance.config.can?(:remember)
     end
 
     def logout!
       if logged_in?
-        current_user.forget_me!
+        current_user.forget_me! if Entrance.config.can?(:remember)
         self.current_user = nil
       end
-      delete_remember_cookie
+      delete_remember_cookie if Entrance.config.can?(:remember)
     end
 
-    def login_required
+    def login_required(opts = {})
+      return if opts[:except] and opts[:except].include?(request.path_info)
       logged_in? || access_denied
     end
 
@@ -46,13 +47,16 @@ module Entrance
 
     private
 
+    # new_user may be nil (when logging out) or an instance of the Entrance.model class
     def current_user=(new_user)
-      raise "Invalid user: #{new_user}" unless new_user.nil? or new_user.is_a?(Entrance.config.model.constantize)
-      session[:user_id] = new_user ? new_user.id : nil
+      raise "Invalid user: #{new_user}" unless new_user.nil? or new_user.is_a?(Entrance.model)
+      session[:user_id] = new_user ? new_user.send(Entrance.config.unique_key) : nil
       @current_user = new_user # should be nil when logging out
     end
 
     def remember_or_forget(remember_me)
+      Entrance.config.permit!(:remember)
+
       if remember_me
         current_user.remember_me!
         set_remember_cookie
@@ -65,27 +69,23 @@ module Entrance
     def access_denied
       store_location
       if request.xhr?
-        render :nothing => true, :status => 401
+        return_401
       else
-        if Entrance.config.access_denied_message_key
-          flash[:notice] = I18n.t(Entrance.config.access_denied_message_key)
-        else
-          flash[:notice] = 'Access denied.'
-        end
-        redirect_to Entrance.config.access_denied_redirect_to
+        set_flash_message if respond_to?(:flash)
+        common_redirect(Entrance.config.access_denied_redirect_to)
       end
     end
 
     def login_from_session
-      self.current_user = User.find(session[:user_id]) if session[:user_id]
+      self.current_user = Entrance.model.where(session[:user_id]).first if session[:user_id]
     end
 
     def login_from_cookie
-      return unless cookies[REMEMBER_ME_TOKEN]
+      return unless Entrance.config.can?(:remember) && request.cookies[REMEMBER_ME_TOKEN]
 
       query = {}
-      query[Entrance.config.remember_token_attr] = cookies[REMEMBER_ME_TOKEN]
-      if user = User.where(query).first \
+      query[Entrance.config.remember_token_attr] = request.cookies[REMEMBER_ME_TOKEN]
+      if user = Entrance.model.where(query).first \
         and user.send(Entrance.config.remember_until_attr) > Time.now
           self.current_user = user
           # user.update_remember_token_expiration!
@@ -94,16 +94,16 @@ module Entrance
     end
 
     def store_location
-      session[:return_to] = request.path # request.request_uri
+      session[:return_to] = request.fullpath
     end
 
     def redirect_to_stored_or(default_path)
-      redirect_to(session[:return_to] || default_path)
+      common_redirect(session[:return_to] || default_path)
       session[:return_to] = nil
     end
 
     def redirect_to_back_or(default_path)
-      redirect_to(request.env['HTTP_REFERER'] || default_path)
+      common_redirect(request.env['HTTP_REFERER'] || default_path)
     end
 
     def set_remember_cookie
@@ -116,17 +116,57 @@ module Entrance
       }
       values[:domain] = Entrance.config.cookie_domain if Entrance.config.cookie_domain
 
-      cookies[REMEMBER_ME_TOKEN] = values
+      set_cookie!(REMEMBER_ME_TOKEN, values)
     end
 
     def delete_remember_cookie
-      cookies.delete(REMEMBER_ME_TOKEN)
-      # cookies.delete(REMEMBER_ME_TOKEN, :domain => Entrance.config.cookie_domain)
+      delete_cookie!(REMEMBER_ME_TOKEN)
+    end
+
+    ############################################
+    # compat stuff between rails & sinatra
+
+    def set_cookie!(name, cookie)
+      if respond_to?(:cookie)
+        cookies[name] = cookie
+      else
+        response.set_cookie(name, cookie)
+      end
+    end
+
+    def delete_cookie!(name)
+      if respond_to?(:cookie)
+        cookies.delete(name)
+      else
+        response.delete_cookie(name)
+      end
     end
 
-#    def cookies
-#      @cookies ||= @env['action_dispatch.cookies'] || Rack::Request.new(@env).cookies
-#    end
+    def return_401
+      if respond_to?(:halt) # sinatra
+        halt(401)
+      else # rails
+        render :nothing => true, :status => 401
+      end
+    end
+
+    def set_flash_message
+      return unless respond_to?(:flash)
+
+      if Entrance.config.access_denied_message_key
+        flash[:notice] = I18n.t(Entrance.config.access_denied_message_key)
+      else
+        flash[:notice] = 'Access denied.'
+      end
+    end
+
+    def common_redirect(url)
+      if respond_to?(:redirect)
+        redirect(to(url)) # sinatra
+      else
+        redirect_to(url)  # rails
+      end
+    end
 
   end