fbdoorman 0.0.1

data/CHANGELOG.md

@@ -0,0 +1,3 @@
+0.2 (07/17/2010)
+------------------
+* Updated some minor details in the Rakefile

data/LICENSE

@@ -0,0 +1,21 @@
+The MIT License
+
+Copyright (c) 2008 thoughtbot, inc.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,142 @@
+Fbdoorman
+=========
+
+Rails authentication with facebook single sign-on...or email & password. 
+Based on the gems Clearance by Thoughtbot and MiniFB by Appoxy
+
+Help Request
+----
+
+I'm very new to rails, made the best I could! However, I'm sure it can be done better and cleaner, since I edited the clearance
+gem manually to create this.  I'm sure this gem can be very useful and I'm just trying to contribute something to OpenSource! 
+
+If you can Help drop me a line if you can help: pelaez89 {at} gmail {.} com
+
+About
+----
+This gem has been created using Clearance and MiniFB gems, for more information referr to their source code, here:
+
+* http://github.com/appoxy/mini_fb
+* http://github.com/thoughtbot/clearance
+
+I'm a Colombian design Student and pretty much a newbie in rails, this code works great and I'm using it in a soon to launch project.
+
+I was concerned about security issues using only facebook JS single sign-on and wanted to use MiniFB (thanks guys
+for such a great job) so that it could be use easily to authenticate users using their FB account, reducin sign-on/in times.
+
+However regular email & password still works fine, so the clearance url's sign-on/in still work for those users not using FB.
+
+Managing Login and Authentication
+----
+
+Authentication is managed through checking the cookie's token validity with Facebook API using an OAuth 2.0 connection, that 
+means that even if the cookie with the user information hasn't been cleared from the browser, acces will be denied when 
+such token  is no longer valid (aka the user sign-out of Facebook)
+
+The gem doesn't use MiniFB oauth_url to login, instead it provides two helpers, facebook_js and facebook_login that
+print inside your layout and inside your views the Fb login button and the JS required to point the users to the
+Facebook controller inside the gem upon sign_in or session close. The facebook_js is required for the login button to work.
+
+Installation
+------------
+Same as clearance 0.8.8 this works with versions of Rails greater than 2.3.
+
+    gem install fbdoorman
+
+Make sure the development database exists and run the generator. 
+
+    script/generate fbdoorman
+
+This:
+
+* inserts Clearance::User into your User model
+* inserts Clearance::Authentication into your ApplicationController
+* inserts Clearance::Routes.draw(map) into your config.routes.rb
+* created a migration that either creates a users table or adds only missing columns
+* prints further instructions
+
+
+Create your aplication in Facebook and set-up the information in config/facebook.yml (You'll have to create that file)
+
+Facebook.yml
+-----
+
+You should create facebook.yml inside config folder, this is what it should look like.
+
+:app_id: #Get this from http://www.facebook.com/developers/createapp.php    
+:secret: #from FB    
+:api_key: #from FB    
+:base_url: http://localhost:3000 #This is the url where you app's in, this is used to define where Fb should go after login    
+:after_login_path: /welcome/logged #Where to take your users when they login with FB    
+:after_register_path: /welcome/new #Where to go when a new user registers, use this to ask with a form for info specific to your app    
+:url_after_create: /welcome/logged  Where to go when a session is created 
+
+Usage
+-----
+
+If you want to authenticate users for a controller action, use the authenticate
+method in a before_filter.
+
+      before_filter :authenticate
+
+Known-issue with "Missing host to link to"
+---------
+
+Since Clearance tries to send confirmation mails and maybe Mailer settings are not defined in your app, you might run with and error. I'm not really sure why it happens but there's a solution if you just want to try clearance without the email confirmation.
+
+Check this link for how I solved it. If this is some mistake of mine please tell me how to solve it and I'll just edit de code right away!
+
+http://www.cherpec.com/2009/06/missing-host-to-link-to-please-provide-host-parameter-or-set-default_url_optionshost/
+
+Other helpers
+-----------
+Note: I didn't have that much time to create some fancy and useful helper's, hopefully in a next version! 
+
+The user Facebook pic url in square format is returned by the helper facebook_pic_url
+
+Also the user name is added in a column inside user, so you can get that anytime with current_user.name
+
+Using MiniFB
+-----------
+You might be interested in using Facebook API with your user, you can do that using MiniFB.
+Facebook will create a cookie with the required information naming it fb_#{FB_APP_ID}_
+you can retrieve that cookie and it's values a Hash using this helper 
+
+parse_fb_cookie 
+
+Customizing
+-----------
+
+I strongly suggest copying the views inside the gem to your views to customize them. 
+Just copy the folder inside views, paste them in your app/views and customize it, 
+Rails will load those views first before those specifies by the gem.
+
+To change any of provided actions, subclass a Clearance controller. (See clearance doc for more details)
+
+Thanks to
+-------
+
+* The Clearance team, seeeing the source code you have created I truly realize how professionally done and reliable this gem is. I'm sorry I had to cut some of your code but my knowledge until now in rails was not enough to keep it all, it just was over my current skills. It would be great if you take this into your code and begin to promote single-on cause that reduced a lot of friction to create conversions to a given web service and clearance is probably the most simple and complete authentication gem out there.
+* Appoxy and all the MiniFB team, you really made a very simple solution to use Facebook, there's not so much documentation right now but the google group proves that there's a supporting community behind no matter the size. I'm working on some documentation and examples for not so experienced users to use MiniFB, I'll send them soon, maybe you could publish this somewhere to promote the gem plus the graph support is damn simple and clean!
+* Ryan Bates from Railcasts, his tutorials have helped me a lot through my rails learning and he's banner "Give back to open source" is one of my biggest motivations to work in this project.
+
+
+MiniFb Authors
+-------
+
+Appoxy: http://www.appoxy.com/
+
+Clerance Authors
+-------
+
+Clearance was extracted out of [Hoptoad](http://hoptoadapp.com). We merged the
+authentication code from two of thoughtbot client Rails apps and have since
+used it each time we need authentication.
+
+The following people have improved the library. Thank you!
+
+Dan Croak, Mike Burns, Jason Morrison, Joe Ferris, Eugene Bolshakov,
+Nick Quaranto, Josh Nichols, Mike Breen, Marcel Görner, Bence Nagy, Ben Mabey,
+Eloy Duran, Tim Pope, Mihai Anca, Mark Cornick, Shay Arnett, Joshua Clayton,
+Mustafa Ekim, Jon Yurek, Anuj Dutta, Chad Pytel, Ben Orenstein, Bobby Wilson,
+Matthew Ford, Ryan McGeary, Claudio Poli, Joseph Holsten, and Peter Haza.

data/Rakefile

@@ -0,0 +1,27 @@
+# encoding: utf-8
+require 'rake'
+generators = %w(fbdoorman)
+
+namespace :generator do
+  desc "Run the fbdoorman generator"
+  task :minifbclearance do
+    system "cd test/rails_root && ./script/generate fbdoorman -f && rake db:migrate db:test:prepare"
+  end
+end
+
+task :default => []
+
+require 'jeweler'
+
+Jeweler::Tasks.new do |gem|
+  gem.name        = "fbdoorman"
+  gem.summary     = "Rails authentication with facebook single sign-on OR email & password."
+  gem.description = "Painless user registration and sign-in using Facebook single sign-on with JS. Typical email login still works too."
+  gem.email       = "pelaez89@gmail.com"
+  gem.version     = "0.0.1"
+  gem.homepage    = "http://github.com/davidpelaez/minifb-clearance"
+  gem.authors     = ["Fbdoorman: David Pelaez","MiniFB: Appoxy","Clearance: Thoughtbot"]
+  gem.files       = FileList["[A-Z]*", "{app,config,generators,lib,shoulda_macros,rails}/**/*"]
+end
+
+Jeweler::GemcutterTasks.new

data/VERSION

@@ -0,0 +1 @@
+0.0.1

data/app/controllers/clearance/confirmations_controller.rb

@@ -0,0 +1,76 @@
+class Clearance::ConfirmationsController < ApplicationController
+  unloadable
+
+  skip_before_filter :authenticate,                  :only => [:new, :create]
+  before_filter :redirect_signed_in_confirmed_user,  :only => [:new, :create]
+  before_filter :redirect_signed_out_confirmed_user, :only => [:new, :create]
+  before_filter :forbid_missing_token,               :only => [:new, :create]
+  before_filter :forbid_non_existent_user,           :only => [:new, :create]
+
+  filter_parameter_logging :token
+
+  def new
+    create
+  end
+
+  def create
+    @user = ::User.find_by_id_and_confirmation_token(
+                   params[:user_id], params[:token])
+    @user.confirm_email!
+
+    sign_in(@user)
+    flash_success_after_create
+    redirect_to(url_after_create)
+  end
+
+  private
+
+  def redirect_signed_in_confirmed_user
+    user = ::User.find_by_id(params[:user_id])
+    if user && user.email_confirmed? && current_user == user
+      flash_success_after_create
+      redirect_to(url_after_create)
+    end
+  end
+
+  def redirect_signed_out_confirmed_user
+    user = ::User.find_by_id(params[:user_id])
+    if user && user.email_confirmed? && signed_out?
+      flash_already_confirmed
+      redirect_to(url_already_confirmed)
+    end
+  end
+
+  def forbid_missing_token
+    if params[:token].blank?
+      raise ActionController::Forbidden, "missing token"
+    end
+  end
+
+  def forbid_non_existent_user
+    unless ::User.find_by_id_and_confirmation_token(
+                  params[:user_id], params[:token])
+      raise ActionController::Forbidden, "non-existent user"
+    end
+  end
+
+  def flash_success_after_create
+    flash[:success] = translate(:confirmed_email,
+      :scope   => [:clearance, :controllers, :confirmations],
+      :default => "Confirmed email and signed in.")
+  end
+
+  def flash_already_confirmed
+    flash[:success] = translate(:already_confirmed_email,
+      :scope   => [:clearance, :controllers, :confirmations],
+      :default => "Already confirmed email. Please sign in.")
+  end
+
+  def url_after_create
+    '/'
+  end
+
+  def url_already_confirmed
+    sign_in_url
+  end
+end

data/app/controllers/clearance/facebook_controller.rb

@@ -0,0 +1,66 @@
+class Clearance::FacebookController < ApplicationController
+
+  #Js is informing that the cookie was created
+  def index
+    if signed_in? then 
+        redirect_to FB_LOGGED_PATH #Evita multiples logins y hace que solo tenga sentido llamar el metodo con un nuevo cookie
+    else #If there's no signed in user
+        #The code arrives here
+        @fbcookie = parse_fb_cookie
+        ##Works sometimes, others sends: JSON::ParserError Exception: source did not contain any JSON!  
+        #Bucle posiblemente infinito y chambon para lidiar con la excepcion mientras se soluciona  
+        incomplete = true
+        while incomplete do
+              begin  
+                incomplete = false #Intento salir del bucle
+                fbu = MiniFB::OAuthSession.new(@fbcookie["access_token"], 'es_ES').get "me" 
+              rescue JSON::ParserError
+                incomplete = true #Reingreso en el bucle
+              end
+        end
+        @user = find_fbuser(fbu.id) #The one from the DB
+        #If the user exists
+        if @user then
+          sign_in_fbu(@user)
+        else #If theres no user with that id
+          #Register this user
+          register_fbu(fbu)
+        end   
+    end 
+  end
+  
+  #Js is informing that the query as cleared
+  def closed
+    sign_out
+    render :template => "facebook/closed"
+  end
+  
+  def sign_in_fbu(myuser)
+      sign_in(myuser)
+      redirect_to FB_LOGGED_PATH and return
+  end
+  
+  #Here I reply the create the new user, I changed te verifications so that fbid is unique and password is optional
+  # when fbid isn't blank
+  def register_fbu(new_user)
+    @user = ::User.new
+    @user.fbid = new_user.id
+    @user.name = new_user.name 
+    if @user.save
+      sign_in_fbu(@user)
+    else
+      render :text => "No se pudo registrar su usuario de FB"
+    end    
+  end
+  
+  #This method return nil if theres no such user and the user if there is
+  def find_fbuser(myfbuid)
+    return ::User.find_by_fbid(myfbuid)
+  end
+  
+  def fbtoken(mycode)
+    access_token_hash = MiniFB.oauth_access_token(FB_APP_ID, FB_CALLBACK_URL, FB_SECRET, mycode)
+    return access_token = access_token_hash["access_token"]
+  end
+  
+end

data/app/controllers/clearance/passwords_controller.rb

@@ -0,0 +1,85 @@
+class Clearance::PasswordsController < ApplicationController
+  unloadable
+
+  skip_before_filter :authenticate,        :only => [:new, :create, :edit, :update]
+  before_filter :forbid_missing_token,     :only => [:edit, :update]
+  before_filter :forbid_non_existent_user, :only => [:edit, :update]
+  filter_parameter_logging :password, :password_confirmation
+
+  def new
+    render :template => 'passwords/new'
+  end
+
+  def create
+    if user = ::User.find_by_email(params[:password][:email])
+      user.forgot_password!
+      ::ClearanceMailer.deliver_change_password user
+      flash_notice_after_create
+      redirect_to(url_after_create)
+    else
+      flash_failure_after_create
+      render :template => 'passwords/new'
+    end
+  end
+
+  def edit
+    @user = ::User.find_by_id_and_confirmation_token(
+                   params[:user_id], params[:token])
+    render :template => 'passwords/edit'
+  end
+
+  def update
+    @user = ::User.find_by_id_and_confirmation_token(
+                   params[:user_id], params[:token])
+
+    if @user.update_password(params[:user][:password],
+                             params[:user][:password_confirmation])
+      @user.confirm_email!
+      sign_in(@user)
+      flash_success_after_update
+      redirect_to(url_after_update)
+    else
+      render :template => 'passwords/edit'
+    end
+  end
+
+  private
+
+  def forbid_missing_token
+    if params[:token].blank?
+      raise ActionController::Forbidden, "missing token"
+    end
+  end
+
+  def forbid_non_existent_user
+    unless ::User.find_by_id_and_confirmation_token(
+                  params[:user_id], params[:token])
+      raise ActionController::Forbidden, "non-existent user"
+    end
+  end
+
+  def flash_notice_after_create
+    flash[:notice] = translate(:deliver_change_password,
+      :scope   => [:clearance, :controllers, :passwords],
+      :default => "You will receive an email within the next few minutes. " <<
+                  "It contains instructions for changing your password.")
+  end
+
+  def flash_failure_after_create
+    flash.now[:failure] = translate(:unknown_email,
+      :scope   => [:clearance, :controllers, :passwords],
+      :default => "Unknown email.")
+  end
+
+  def url_after_create
+    sign_in_url
+  end
+
+  def flash_success_after_update
+    flash[:success] = translate(:signed_in, :default => "Signed in.")
+  end
+
+  def url_after_update
+    '/'
+  end
+end

data/app/controllers/clearance/sessions_controller.rb

@@ -0,0 +1,67 @@
+class Clearance::SessionsController < ApplicationController
+  unloadable
+
+  skip_before_filter :authenticate, :only => [:new, :create, :destroy]
+  protect_from_forgery :except => :create
+  filter_parameter_logging :password
+
+  def new
+    if !signed_in? then render :template => 'sessions/new'
+    else redirect_back_or(url_after_create) end
+  end
+
+  def create
+    @user = ::User.authenticate(params[:session][:email], params[:session][:password])
+    if @user.nil?
+      flash_failure_after_create
+      render :template => 'sessions/new', :status => :unauthorized
+    else
+      if @user.email_confirmed?
+        sign_in(@user)
+        flash_success_after_create
+        redirect_back_or(url_after_create)
+      else
+        ::ClearanceMailer.deliver_confirmation(@user)
+        flash_notice_after_create
+        redirect_to(sign_in_url)
+      end
+    end
+  end
+
+  def destroy
+    sign_out
+    flash_success_after_destroy
+    redirect_to(url_after_destroy)
+  end
+
+  private
+
+  def flash_failure_after_create
+    flash.now[:failure] = translate(:bad_email_or_password,
+      :scope   => [:clearance, :controllers, :sessions],
+      :default => "Bad email or password.")
+  end
+
+  def flash_success_after_create
+    flash[:success] = translate(:signed_in, :default =>  "Signed in.")
+  end
+
+  def flash_notice_after_create
+    flash[:notice] = translate(:unconfirmed_email,
+      :scope   => [:clearance, :controllers, :sessions],
+      :default => "User has not confirmed email. " <<
+                  "Confirmation email will be resent.")
+  end
+
+  def url_after_create
+    URL_AFTER_CREATE
+  end
+
+  def flash_success_after_destroy
+    flash[:success] = translate(:signed_out, :default =>  "Signed out.")
+  end
+
+  def url_after_destroy
+    sign_in_url
+  end
+end

data/app/controllers/clearance/users_controller.rb

@@ -0,0 +1,36 @@
+class Clearance::UsersController < ApplicationController
+  unloadable
+
+  skip_before_filter :authenticate, :only => [:new, :create]
+  before_filter :redirect_to_root,  :only => [:new, :create], :if => :signed_in?
+  filter_parameter_logging :password
+
+  def new
+    @user = ::User.new(params[:user])
+    render :template => 'users/new'
+  end
+
+  #Here the email login users are created, FB user creation is managed in the fb controller
+  def create
+    @user = ::User.new params[:user]
+    if @user.save
+      flash_notice_after_create
+      redirect_to(url_after_create)
+    else
+      render :template => 'users/new'
+    end
+  end
+
+  private
+
+  def flash_notice_after_create
+    flash[:notice] = translate(:deliver_confirmation,
+      :scope   => [:clearance, :controllers, :users],
+      :default => "You will receive an email within the next few minutes. " <<
+                  "It contains instructions for confirming your account.")
+  end
+
+  def url_after_create
+    sign_in_url
+  end
+end

data/app/models/clearance_mailer.rb

@@ -0,0 +1,21 @@
+class ClearanceMailer < ActionMailer::Base
+
+  def change_password(user)
+    from       Clearance.configuration.mailer_sender
+    recipients user.email
+    subject    I18n.t(:change_password,
+                      :scope   => [:clearance, :models, :clearance_mailer],
+                      :default => "Change your password")
+    body       :user => user
+  end
+
+  def confirmation(user)
+    from       Clearance.configuration.mailer_sender
+    recipients user.email
+    subject    I18n.t(:confirmation,
+                      :scope   => [:clearance, :models, :clearance_mailer],
+                      :default => "Account confirmation")
+    body      :user => user
+  end
+
+end

data/app/views/clearance_mailer/change_password.html.erb

@@ -0,0 +1,9 @@
+Someone, hopefully you, has requested that we send you a link to change your password.
+
+Here's the link:
+
+<%= edit_user_password_url(@user,
+      :token  => @user.confirmation_token,
+      :escape => false) %>
+
+If you didn't request this, ignore this email. Don't worry. Your password hasn't been changed.

data/app/views/clearance_mailer/confirmation.html.erb

@@ -0,0 +1,5 @@
+
+<%= new_user_confirmation_url(
+      :user_id => @user,
+      :token   => @user.confirmation_token,
+      :encode  => false) %>

data/app/views/facebook/_fbjs.html.erb

@@ -0,0 +1,14 @@
+<div id="fb-root"></div>
+<script src="http://connect.facebook.net/en_US/all.js"></script>
+<script>
+  FB.init({appId: '<%=FB_APP_ID%>', status: true, cookie: true, xfbml: true});
+  FB.Event.subscribe('auth.sessionChange', function(response) {
+    if (response.session) {
+      // A user has logged in, and a new cookie has been saved
+		window.location="<%=FB_CALLBACK_URL%>";
+    } else {
+      // The user has logged out, and the cookie has been cleared
+		window.location="<%=FB_CLOSED_URL%>";
+    }
+  });
+</script>

data/app/views/facebook/closed.html.erb

@@ -0,0 +1 @@
+Seems like you closed your facebook session, you need to log in to continue <%=facebook_login%>

data/app/views/passwords/edit.html.erb

@@ -0,0 +1,23 @@
+<h2>Change your password</h2>
+
+<p>
+  Your password has been reset. Choose a new password below.
+</p>
+
+<%= error_messages_for :user %>
+
+<% form_for(:user,
+            :url => user_password_path(@user, :token => @user.confirmation_token),
+            :html => { :method => :put }) do |form| %>
+  <div class="password_field">
+    <%= form.label :password, "Choose password" %>
+    <%= form.password_field :password %>
+  </div>
+  <div class="password_field">
+    <%= form.label :password_confirmation, "Confirm password" %>
+    <%= form.password_field :password_confirmation %>
+  </div>
+  <div class="submit_field">
+    <%= form.submit "Save this password", :disable_with => "Please wait..." %>
+  </div>
+<% end %>

data/app/views/passwords/new.html.erb

@@ -0,0 +1,15 @@
+<h2>Change your password</h2>
+
+<p>
+  We will email you a link to change your password.
+</p>
+
+<% form_for :password, :url => passwords_path do |form| %>
+  <div class="text_field">
+    <%= form.label :email, "Email address" %>
+    <%= form.text_field :email %>
+  </div>
+  <div class="submit_field">
+    <%= form.submit "Reset password", :disable_with => "Please wait..." %>
+  </div>
+<% end %>

data/app/views/sessions/new.html.erb

@@ -0,0 +1,25 @@
+<h2>Sign in</h2>
+
+<% form_for :session, :url => session_path do |form| %>
+  <div class="text_field">
+    <%= form.label :email %>
+    <%= form.text_field :email %>
+  </div>
+  <div class="text_field">
+    <%= form.label :password %>
+    <%= form.password_field :password %>
+  </div>
+  <div class="submit_field">
+    <%= form.submit "Sign in", :disable_with => "Please wait..." %>
+  </div>
+<% end %>
+
+Or sign-in or create your account using Facebook  <%= facebook_login %>
+<ul>
+  <li>
+    <%= link_to "Sign up", sign_up_path %>
+  </li>
+  <li>
+    <%= link_to "Forgot password?", new_password_path %>
+  </li>
+</ul>

data/app/views/users/_form.html.erb

@@ -0,0 +1,13 @@
+<%= form.error_messages %>
+<div class="text_field">
+  <%= form.label :email %>
+  <%= form.text_field :email %>
+</div>
+<div class="password_field">
+  <%= form.label :password %>
+  <%= form.password_field :password %>
+</div>
+<div class="password_field">
+  <%= form.label :password_confirmation, "Confirm password" %>
+  <%= form.password_field :password_confirmation %>
+</div>

data/app/views/users/new.html.erb

@@ -0,0 +1,6 @@
+<h2>Sign up</h2>
+
+<% form_for @user do |form| %>
+  <%= render :partial => '/users/form', :object => form %>
+  <%= form.submit 'Sign up', :disable_with => 'Please wait...' %>
+<% end %>