fs_auth 0.0.1

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright 2012 YOURNAME
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.rdoc

@@ -0,0 +1,3 @@
+= FsAuth
+
+This project rocks and uses MIT-LICENSE.

data/Rakefile

@@ -0,0 +1,40 @@
+#!/usr/bin/env rake
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+begin
+  require 'rdoc/task'
+rescue LoadError
+  require 'rdoc/rdoc'
+  require 'rake/rdoctask'
+  RDoc::Task = Rake::RDocTask
+end
+
+RDoc::Task.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'FsAuth'
+  rdoc.options << '--line-numbers'
+  rdoc.rdoc_files.include('README.rdoc')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+APP_RAKEFILE = File.expand_path("../test/dummy/Rakefile", __FILE__)
+load 'rails/tasks/engine.rake'
+
+
+
+Bundler::GemHelper.install_tasks
+
+require 'rake/testtask'
+
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'lib'
+  t.libs << 'test'
+  t.pattern = 'test/**/*_test.rb'
+  t.verbose = false
+end
+
+
+task :default => :test

data/app/controllers/application_controller.rb

@@ -0,0 +1,3 @@
+class ApplicationController < ActionController::Base
+  
+end

data/app/controllers/users_controller.rb

@@ -0,0 +1,125 @@
+require 'LoginRequired'
+require 'WebmasterRequired'
+
+class UsersController < ApplicationController
+  before_filter LoginRequired, :only=>[:welcome, :change_password, :hidden]
+  before_filter WebmasterRequired, :only => [:admin, :save, :edit]
+
+  def signup
+    if params[:user]
+        @user = User.new(params[:user])
+        
+        if User.count == 0
+          @user.role = 0
+        end
+        
+        if request.post? and @user.login
+          if @user.save
+            session[:user] = User.authenticate(@user.login, @user.password)
+            flash[:message] = "Signup successful"
+            redirect_to :controller => "users", :action => "welcome"
+          else
+            flash[:warning] = "Signup unsuccessful"
+          end
+        end
+    else
+        @user = User.new()
+    end
+  end
+
+  def login
+    if params[:user]
+        if @user = User.authenticate(params[:user][:login], params[:user][:password])
+            session[:user] = @user
+            session[:last_touched] = Time.now
+            flash[:message]  = "Login successful"
+            return_to_previous()
+        else
+            @user = User.new()
+            session[:user] = nil
+            reset_session
+            
+            flash[:warning] = "Login unsuccessful"
+        end
+    else
+        @user = User.new()
+    end
+  end
+
+  def logout
+    session.delete(:user)
+    flash[:message] = 'Logged out'
+    if request.referer
+        redirect_to request.referer
+    else
+        redirect_to "/"
+    end
+  end
+
+  def forgot_password
+    if request.post?
+      u= User.find_by_email(params[:user][:email])
+      if u and u.send_new_password
+        flash[:message]  = "A new password has been sent by email."
+        redirect_to :action=>'login'
+      else
+        flash[:warning]  = "Couldn't send password"
+      end
+    end
+  end
+
+  def change_password
+    @user=User.find(session[:user][:id])
+
+    if params[:user]
+      if params[:user][:password].blank?
+        @user.errors.add(:password, "is required")
+      elsif params[:user][:password_confirmation].blank?
+        @user.errors.add(:password_confirmation, "is required")
+      elsif @user.update_attributes(params[:user])
+        logger.debug "User pass: #{@user.password}"
+        
+        flash[:message]="Password Changed"
+      end
+    end
+  end
+
+  def admin
+    @users = User.all
+  end
+
+  def edit
+    @user = User.find_by_login(params[:id])
+  end
+
+  def save
+    @user = User.find_by_login(params[:id])
+    logger.debug "User login: #{params[:id]}"
+    logger.debug "User object: #{params[:user]}"
+
+    if @user.update_attributes!(params[:user])
+      flash[:message]="Successfully saved"
+    else
+      flash[:error]="Could not save user"
+    end
+
+    redirect_to request.referer
+  end
+
+
+  def welcome
+  end
+  
+  def hidden
+  end
+
+  def return_to_previous
+    if(session[:return_to])
+      return_to = session[:return_to]
+      session[:return_to] = nil
+      redirect_to return_to
+    else
+      redirect_to "/"
+    end
+  end  
+end

data/app/filters/AdminRequired.rb

@@ -0,0 +1,21 @@
+class AdminRequired
+  def self.filter(controller)
+    # Check if the user is even lgged in
+    # If not then redirect them to the login page
+    unless controller.session[:user]
+    	controller.flash[:warning] = 'Please login to continue'
+    	controller.session[:return_to] = controller.request.fullpath
+    	controller.redirect_to :controller => 'users', :action => 'login'
+    	return false
+    end
+
+    unless controller.session[:user] and controller.session[:user][:role] <= 1
+      controller.flash[:warning] = 'Please login to continue'
+      controller.session[:return_to] = controller.request.fullpath
+      controller.render :inline => "You are not authorized for this part of the application!  Return <a href='/'>home</a>"
+      return false
+    end
+    
+    return true
+  end
+end

data/app/filters/LoginRequired.rb

@@ -0,0 +1,11 @@
+class LoginRequired
+  def self.filter(controller)
+    unless controller.session[:user]
+      controller.flash[:warning] = 'Please login to continue'
+      controller.session[:return_to] = controller.request.fullpath
+      controller.redirect_to :controller => "users", :action => "login"
+      return false
+    end
+    return true
+  end
+end

data/app/filters/WebmasterRequired.rb

@@ -0,0 +1,21 @@
+class WebmasterRequired
+  def self.filter(controller)
+    # Check if the user is even lgged in
+    # If not then redirect them to the login page
+    unless controller.session[:user]
+    	controller.flash[:warning] = 'Please login to continue'
+    	controller.session[:return_to] = controller.request.fullpath
+    	controller.redirect_to :controller => 'users', :action => 'login'
+    	return false
+    end
+
+    unless controller.session[:user] and controller.session[:user][:role] <= 0
+      controller.flash[:warning] = 'You are not authorized for this part of the application!'
+      controller.session[:return_to] = controller.request.fullpath
+      controller.render :inline => "You are not authorized for this part of the application!  Return <a href='/'>home</a>"
+      return false
+    end
+    
+    return true
+  end
+end

data/app/models/user.rb

@@ -0,0 +1,62 @@
+class User < ActiveRecord::Base
+    validates_length_of :login, :within => 3..40
+    validates_length_of :password, :within => 5..40, :allow_blank => true
+    validates_presence_of :login, :email, :salt, :crypted_password
+    validates_uniqueness_of :login, :email
+    validates_confirmation_of :password
+    validates_format_of :email, :with => /^([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})$/i, :message => "Invalid email"
+    
+    validates :password, :confirmation => true
+    
+    # These are protected so they can't be forged by users
+    attr_protected :id, :salt
+    
+    attr_accessor :password
+    
+    # Assign password field encrypts into crypted_password database-backed field
+    def password=(pass)
+        @password=pass
+        self.salt = User.random_string(10) if !self.salt?
+        self.crypted_password = User.encrypt(@password, self.salt)
+    end
+
+    # Authenticate
+    def self.authenticate(login, pass)
+        u = find(:first, :conditions=>["login = ?", login])
+        return nil if u.nil?
+        return u if User.encrypt(pass, u.salt) == u.crypted_password
+        return nil
+    end
+
+    def is_webmaster
+        return self.role == 0
+    end
+
+    def is_admin
+        return self.role <= 1
+    end
+
+    # Called if the user forgets their password; sets it to a random one, emails that to the user's email address
+    def send_new_password
+        new_pass = User.random_string(10)
+        self.password = self.password_confirmation = new_pass
+        self.save
+        Notifications.deliver_forgot_password(self.email, self.login, new_pass)
+    end
+
+    protected
+
+    # Used to make salt
+    def self.random_string(len)
+        #generate a random password consisting of strings and digits
+        chars = ("a".."z").to_a + ("A".."Z").to_a + ("0".."9").to_a
+        newpass = ""
+        1.upto(len) { |i| newpass << chars[rand(chars.size-1)] }
+        return newpass
+    end
+
+    # SHA1 encrypt
+    def self.encrypt(pass, salt)
+        Digest::SHA1.hexdigest(pass+salt)
+    end
+end

data/app/views/users/_login.html.erb

@@ -0,0 +1,28 @@
+<% if session[:user] == nil -%>
+  <div class="login">
+    <div class="login_form">
+      <%= form_for(:user, :url => { :controller => 'users', :action => "login"}) do |f| %>
+
+        <div>
+          <label for="user_login">Login:</label>
+          <%= text_field "user", "login", :size => 20 %>
+        </div>
+
+        <div>
+          <label for="user_password">Password:</label>
+          <%= password_field "user", "password", :size => 20 %>
+        </div>
+
+        <div>
+          <%= submit_tag "Log in" %>
+        </div>
+
+      <% end %>
+    </div>
+    <div class="login_extras">
+      <%= link_to 'Register', :controller => 'users', :action => 'signup' %> |
+      <%= link_to 'Forgot my password', :controller => 'users', :action => 'forgot_password' %>
+    </div>
+  </div>
+
+<% end -%>

data/app/views/users/_user.html.erb

@@ -0,0 +1,11 @@
+<% if @logged_in_user != nil && @logged_in_user.login != nil %>
+
+    <span class="logged_in_user">
+    	Welcome, <%= @logged_in_user.login %>!<br />
+        <% if @logged_in_user.is_webmaster %>
+        	<%= link_to 'Administration', :controller => 'users', :action => 'admin' %> |
+        <% end %>
+        <%= link_to 'Change Password', :controller => 'users', :action => 'change_password' %> | 
+        <%= link_to 'Logout', :controller => 'users', :action => 'logout' %>
+    </span>
+<% end -%>

data/app/views/users/admin.html.erb

@@ -0,0 +1,17 @@
+<% if session[:user].is_webmaster %>
+  <% @users.each do |user| %>
+    <table>
+      <tr>
+        <th>Login</th>
+        <th>Email</th>
+        <th>Role</th>
+        <th>Actions</th>
+      <tr>
+        <td><%= user.login %></td>
+        <td><%= user.email %></td>
+        <td><%= user.role %></td>
+        <td><%= link_to 'Edit', :controller => 'users', :action => 'edit', :id => user.login %></td>
+      </tr>
+    </table>
+  <% end %>
+<% end %>

data/app/views/users/change_password.html.erb

@@ -0,0 +1,26 @@
+<h1>Change password</h1>
+<%= form_for(@user, :url => { :controller => 'users', :action => "change_password"}) do |f| %>
+    <% if @user.errors.any? %>
+        <div id="error_explanation">
+            <h2><%= pluralize(@user.errors.count, "error") %> prohibited you from registering:</h2>
+
+            <ul>
+                <% @user.errors.full_messages.each do |msg| %>
+                    <li><%= msg %></li>
+                <% end %>
+            </ul>
+        </div>
+    <% end %>
+    
+    <div class="field">
+        <%= f.label :password %><br />
+        <%= f.password_field :password %>
+    </div>
+    <div class="field">
+        <%= f.label :password_confirmation %><br />
+        <%= f.password_field :password_confirmation %>
+    </div>
+    <div class="actions">
+        <%= f.submit %>
+    </div>
+<% end %>

data/app/views/users/delete.html.erb

@@ -0,0 +1,2 @@
+<h1>User#delete</h1>
+<p>Find me in app/views/user/delete.rhtml</p>

data/app/views/users/edit.html.erb

@@ -0,0 +1,29 @@
+<%= form_for @user, :url => { :action => "save", :id => @user.login } do |f| %>
+
+  <% if flash[:message] != nil %>
+    <p id="notice">notice: <%= flash[:message] %></p>
+  <% end %>
+  <% if flash[:error] != nil %>
+    <p id="error">error: <%= flash[:error] %></p>
+  <% end %>
+
+  <div class="field">
+    <%= f.label :login %><br />
+    <%= f.text_field :login %>
+  </div>
+
+  <div class="field">
+    <%= f.label :email %><br />
+    <%= f.text_field :email %>
+  </div>
+
+  <div class="field">
+    <%= f.label :role %><br />
+    <%= f.text_field :role %>
+  </div>
+
+  <div class="actions">
+    <%= f.submit %>
+  </div>
+
+<% end %>