entrance 0.3.0 → 0.3.2

data/.gitignore

@@ -1,3 +1,4 @@
+*~
 .DS_Store
 pkg
 Gemfile.lock

data/lib/entrance/addons/omniauth.rb

@@ -0,0 +1,179 @@
+require 'entrance'
+require 'omniauth'
+
+=begin
+
+require 'sinatra/base'
+require 'omniauth-twitter'
+require 'entrance/omniauth'
+
+class Hello < Sinatra::Base
+  register Entrance::OmniAuth
+
+  set :auth_test, false # only true for testing
+  set :auth_providers {
+    :twitter => {
+      :key => 'foobar'
+    }
+  }
+end
+
+=end
+
+module Entrance
+
+  module OmniAuth
+
+    class << self
+
+      def registered(app)
+
+        ::Entrance.model.class_eval do
+
+          def via_omniauth?
+            send(::Entrance.config.auth_provider_attr).present? \
+              && send(::Entrance.config.auth_uid_attr).present?
+          end
+
+          def password_required?
+            !via_omniauth? && (password.blank? || @password_changed)
+          end
+
+        end
+
+        app.include ::Entrance::Controller # provides redirects, etc
+
+        app.use ::OmniAuth::Builder do
+          # this is run after the app has initialized, so it's safe to use it here.
+          ::OmniAuth.config.test_mode = true if app.settings.auth_test?
+
+          app.settings.auth_providers.each do |name, options|
+            # puts "Initializing #{name} provider: #{options.inspect}"
+            provider(name, options)
+          end
+        end
+
+        # make _method=delete work in POST requests:
+        app.enable :method_override
+
+        [:get, :post].each do |action|
+
+          app.send(action, '/auth/:provider/callback') do
+            auth = request.env['omniauth.auth']
+            user = ::Entrance::OmniAuth.auth_or_create(auth) or return return_401
+
+            if ::Entrance::OmniAuth.valid_user?(user)
+              login!(user)
+              flash[:success] = 'Welcome back!' if respond_to?(:flash)
+              redirect_to_stored_or(to('/'))
+            else
+              redirect_with('/', :error, 'Unable to authenticate. Please try again.')
+            end
+          end
+
+        end # get, post
+
+      end # registered
+
+      def logger
+        @logger ||= Logger.new('./log/omniauth.log')
+      end
+
+      def log(str)
+        logger.info(str)
+      end
+
+      def valid_user?(user)
+        if user.respond_to?(:active?) and !user.active?
+          return false
+        end
+        user.valid?
+      end
+
+      def can_authenticate_with?(service)
+        return true if OmniAuth.config.test_mode and service.to_sym == :default
+
+        options.auth_providers.keys.map(&:to_sym).include?(service.to_sym)
+      end
+
+      def find_user_with_username(username)
+        query = {}
+        query[::Entrance.config.username_attr] = username # .to_s.downcase.strip
+        ::Entrance.model.where(query).first
+      end
+
+      def find_user_with_provider_and_uid(provider, uid)
+        query = {}
+        query[::Entrance.config.auth_provider_attr] = provider
+        query[::Entrance.config.auth_uid_attr] = uid
+        ::Entrance.model.where(query).first
+      end
+
+      def set_auth_credentials(user, provider, uid)
+        user[::Entrance.config.auth_provider_attr] = provider
+        user[::Entrance.config.auth_uid_attr] = uid
+      end
+
+      def store_auth_credentials(user, provider, uid)
+        set_auth_credentials(user, provider, uid)
+        user.save && user
+      end
+
+      def create_user(name, email, provider, uid)
+        data = {}
+        data[::Entrance.config.name_attr] = name
+        data[::Entrance.config.username_attr] = email
+        user = ::Entrance.model.new(data)
+        set_auth_credentials(user, provider, uid)
+
+        if user.valid?
+          return user.save && user
+        else
+          log "Invalid user: #{user.errors.to_a.join(', ')}"
+        end
+      end
+
+      # authorizes or creates a user with the given oauth credentials.
+      # does not check if user is banned or not (the /callback route does that)
+      def auth_or_create(auth)
+        provider, uid = auth['provider'], auth['uid']
+        info = auth['info'] || {}
+
+        log "Authenticating with #{provider}"
+
+        # if running on production, make sure the provider is actually valid
+        unless ::OmniAuth.config.test_mode
+          raise "Invalid provider: #{provider}" unless can_authenticate_with?(provider)
+        end
+
+        if u = find_user_with_provider_and_uid(provider, uid)
+
+          log "Authenticated! Provider: #{provider}, UID: #{uid}"
+          return u
+
+        else # no user with that provider/uid found
+          name, email = info['name'], info['email']
+
+          if email.present? and user = find_user_with_email(email)
+
+            # if using different provider, it will update it
+            log "Found user, but with different credentials."
+            return store_auth_credentials(user, provider, uid)
+
+          else
+
+            log "Creating new user: '#{name}', email #{email}"
+            name = name.is_a?(Array) ? name[0] : name
+
+            return create_user(name, email, provider, uid)
+          end
+
+        end
+
+      end # auth_or_create
+
+    end
+
+  end
+
+end

data/lib/entrance/{sinatra.rb → addons/sinatra.rb}

@@ -1,20 +1,13 @@
 require 'entrance'
 
-module Sinatra
+module Entrance
 
-  module Entrance
+  module Sinatra
 
     def self.registered(app)
 
       app.include ::Entrance::Controller
 
-      app.helpers do
-        def redirect_with(url, type, message)
-          flash[type] = message if respond_to?(:flash)
-          redirect(to(url))
-        end
-      end
-
       app.get '/login' do
         if logged_in?
           redirect(to('/'))
@@ -34,7 +27,7 @@ module Sinatra
       end
 
       app.get '/logout' do
-        kill_session!
+        logout!
         redirect_with('/login', :notice, 'Logged out! See you soon.')
       end
 

data/lib/entrance/config.rb

@@ -9,13 +9,18 @@ module Entrance
       access_denied_redirect_to access_denied_message_key
       reset_password_mailer reset_password_method reset_password_window remember_for
       cookie_domain cookie_secure cookie_path cookie_httponly
+      name_attr auth_provider_attr auth_uid_attr
     )
 
     def initialize
       @model                      = 'User'
-      @cipher                     = Entrance::Ciphers::BCrypt # or Entrance::Ciphers::SHA1 
+
+      # strategies
+      @cipher                     = Entrance::Ciphers::BCrypt # or Entrance::Ciphers::SHA1
       @secret                     = nil
       @stretches                  = 10
+
+      # fields
       @salt_attr                  = nil
       @unique_key                 = 'id'
       @username_attr              = 'email'
@@ -24,16 +29,27 @@ module Entrance
       @remember_until_attr        = 'remember_token_expires_at'
       @reset_token_attr           = 'reset_token'
       @reset_until_attr           = 'reset_token_expires_at'
+
+      # access denied
       @access_denied_redirect_to  = '/'
       @access_denied_message_key  = nil # e.g. 'messages.access_denied'
+
+      # reset password
       @reset_password_mailer      = 'UserMailer'
       @reset_password_method      = 'reset_password_request'
       @reset_password_window      = 60 * 60 # 1.hour
+
+      # remember me & cookies
       @remember_for               = 60 * 24 * 14 # 2.weeks
       @cookie_domain              = nil
       @cookie_secure              = true
       @cookie_path                = '/'
       @cookie_httponly            = false
+
+      # for omniauth support
+      @name_attr                  = 'name'
+      @auth_provider_attr         = 'auth_provider'
+      @auth_uid_attr              = 'auth_uid'
     end
 
     def validate!
@@ -56,4 +72,4 @@ module Entrance
 
   end
 
-end
+end

data/lib/entrance/controller.rb

@@ -1,7 +1,7 @@
 module Entrance
 
   module Controller
-    
+
     REMEMBER_ME_TOKEN = 'auth_token'.freeze
 
     def self.included(base)
@@ -58,8 +58,8 @@ module Entrance
       Entrance.config.permit!(:remember)
 
       if remember_me
-        current_user.remember_me!
-        set_remember_cookie
+        token = current_user.remember_me!
+        set_remember_cookie(token) if token
       else
         current_user.forget_me!
         delete_remember_cookie
@@ -109,13 +109,13 @@ module Entrance
       common_redirect(request.env['HTTP_REFERER'] || default_path)
     end
 
-    def set_remember_cookie
+    def set_remember_cookie(token)
       values = {
         :expires  => Time.now + Entrance.config.remember_for.to_i,
         :httponly => Entrance.config.cookie_httponly,
         :path     => Entrance.config.cookie_path,
         :secure   => Entrance.config.cookie_secure,
-        :value    => current_user.send(Entrance.config.remember_token_attr)
+        :value    => token
       }
       values[:domain] = Entrance.config.cookie_domain if Entrance.config.cookie_domain
 
@@ -153,13 +153,18 @@ module Entrance
       end
     end
 
+    def redirect_with(url, type, message)
+      flash[type] = message if respond_to?(:flash)
+      common_redirect(url)
+    end
+
     def set_flash_message
       return unless respond_to?(:flash)
 
       if Entrance.config.access_denied_message_key
         flash[:notice] = I18n.t(Entrance.config.access_denied_message_key)
       else
-        flash[:notice] = 'Access denied.'
+        flash[:notice] = 'Please log in first.'
       end
     end
 
@@ -174,4 +179,4 @@ module Entrance
 
   end
 
-end
+end

data/lib/entrance/model.rb

@@ -103,8 +103,10 @@ module Entrance
     module RememberMethods
 
       def remember_me!(until_date = nil)
-        update_attribute(Entrance.config.remember_token_attr, Entrance.generate_token)
+        token = Entrance.generate_token
+        update_attribute(Entrance.config.remember_token_attr, token) or return
         update_remember_token_expiration!(until_date) if Entrance.config.remember_until_attr
+        token
       end
 
       def update_remember_token_expiration!(until_date = nil)

data/lib/entrance/version.rb

@@ -1,7 +1,7 @@
 module Entrance
   MAJOR = 0
   MINOR = 3
-  PATCH = 0
+  PATCH = 2
 
   VERSION = [MAJOR, MINOR, PATCH].join('.')
 end

metadata

@@ -1,27 +1,30 @@
 --- !ruby/object:Gem::Specification
 name: entrance
 version: !ruby/object:Gem::Version
-  version: 0.3.0
+  version: 0.3.2
+  prerelease: 
 platform: ruby
 authors:
 - Tomás Pollak
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-03-12 00:00:00.000000000 Z
+date: 2015-03-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bcrypt
   requirement: !ruby/object:Gem::Requirement
+    none: false
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: '3.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
+    none: false
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: '3.0'
 description: Doesn't fiddle with your controllers and routes.
@@ -31,7 +34,7 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- ".gitignore"
+- .gitignore
 - README.md
 - Rakefile
 - entrance.gemspec
@@ -109,34 +112,35 @@ files:
 - examples/sinatra-app/app/views/welcome.erb
 - examples/sinatra-app/config.ru
 - lib/entrance.rb
+- lib/entrance/addons/omniauth.rb
+- lib/entrance/addons/sinatra.rb
 - lib/entrance/ciphers.rb
 - lib/entrance/config.rb
 - lib/entrance/controller.rb
 - lib/entrance/model.rb
-- lib/entrance/sinatra.rb
 - lib/entrance/version.rb
 homepage: https://github.com/tomas/entrance
 licenses: []
-metadata: {}
 post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
   requirements:
-  - - ">="
+  - - ! '>='
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
   requirements:
-  - - ">="
+  - - ! '>='
     - !ruby/object:Gem::Version
       version: 1.3.6
 requirements: []
 rubyforge_project: entrance
-rubygems_version: 2.2.0
+rubygems_version: 1.8.23
 signing_key: 
-specification_version: 4
+specification_version: 3
 summary: Lean authentication alternative for Rails and Sinatra.
 test_files: []
-has_rdoc: 

checksums.yaml

@@ -1,7 +0,0 @@
----
-SHA1:
-  metadata.gz: 9db48b6f4e950ecfecf95a8c51d17fd8e29296cc
-  data.tar.gz: 7cd2766497f3634f0ba201d1360055a11201e80d
-SHA512:
-  metadata.gz: bbde9df5134233c9eee47139dd28643ed09653fd1f4509db82551e5d85b76fa6dc62bcce43e888dc55130f15525322af62920db80b5a378c34effe333b2fb18e
-  data.tar.gz: 6a2da9b7a78dcb87c790a9d1833f7d8591fb99e5bc604f5a51c02002ec70dc39655b78f436df11c5b62b4b5c54d76c5e14a7d83948cf60270d8d9d365c617487