fx-auth 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 57a67abeea5df179fa62f86a82ba34b0c1a08b81
+  data.tar.gz: 5c0516ed115cb9629c306322c970077e1feb988c
+SHA512:
+  metadata.gz: 17fd49fa8252c7f5724cff8c608b48b416e78daf1819a0ff9fa6f2b4000271c51785d3212a11ecc625eb9075cce6dc7b18b493e9ed6d21bf2e4315c20e6b2612
+  data.tar.gz: ea8287ffd64bc9c3adf7ac72d2d57b69b7966c88fc6ad5261ecbdaf3634aedf0936078ec4244c000b181befb974e62887e7d31f0984058d6957867d25738266c

data/.gitignore

@@ -0,0 +1,18 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+.idea
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp

data/Gemfile

@@ -0,0 +1,3 @@
+source 'https://rubygems.org'
+
+gemspec

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2012 Dave Jackson
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,29 @@
+# AuthFx
+
+TODO: Write a gem description
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+    gem 'fx-auth'
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install fx-auth
+
+## Usage
+
+TODO: Write usage instructions here
+
+## Contributing
+
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request

data/Rakefile

@@ -0,0 +1,9 @@
+require 'bundler/gem_tasks'
+require 'rubygems'
+require 'cucumber'
+require 'cucumber/rake/task'
+
+
+Cucumber::Rake::Task.new :test do |task|
+  task.cucumber_opts = 'features --format pretty'
+end

data/features/authenticate.feature

@@ -0,0 +1,8 @@
+Feature: Authenticate
+
+  Scenario: Session Times Out
+
+    Given I have a User Profile
+    And   I sign on with valid credentials
+    When  My session times out
+    Then  I am offline

data/features/sign_off.feature

@@ -0,0 +1,9 @@
+Feature: Sign Off
+
+  Scenario: Sign Off
+
+    Given I have a User Profile
+    And   I sign on with valid credentials
+    And   I am online
+    When  I sign off
+    Then  I am offline

data/features/sign_on.feature

@@ -0,0 +1,25 @@
+Feature: Sign On
+
+  Scenario: Valid Credentials
+
+    Given I have a User Profile
+    When  I sign on with valid credentials
+    Then  I am online
+
+
+
+  Scenario: Invalid Credentials
+
+    Given I have a User Profile
+    When  I try to sign on with invalid credentials
+    Then  I am offline
+
+
+
+  Scenario: Locked Account
+
+    Given I have a User Profile
+    When  I try to sign on with invalid credentials
+    And   I try to sign on with invalid credentials
+    And   I try to sign on with invalid credentials
+    Then  I am locked out

data/features/sign_up.feature

@@ -0,0 +1,34 @@
+Feature: Sign Up
+
+  Scenario: Valid Sign Up
+
+    When I sign up with valid credentials
+    Then I am online
+
+
+
+  Scenario: Sign Up with Duplicate Email
+
+    When I try to sign up with a duplicate email
+    Then I receive a duplicate email error
+
+
+
+  Scenario: Sign Up with Invalid Email
+
+    When I try to sign up with an invalid email address
+    Then I receive an invalid email error
+
+
+
+  Scenario: Sign Up with Missing Email
+
+    When I try to sign up with a missing email address
+    Then I receive an missing email error
+
+
+
+#  Scenario: Sign Up with Missing Password
+#
+#    When I try to sign up with a missing password
+#    Then I receive a missing password error

data/features/step_definitions/authenticate/session_times_out.rb

@@ -0,0 +1,4 @@
+
+When /^My session times out$/ do
+  @user.pass_key.expires_at = Time.now - 30 * 60 # expired 30 minutes ago
+end

data/features/step_definitions/sign_off/sign_off.rb

@@ -0,0 +1,10 @@
+
+When /^I sign off$/ do
+  @user.sign_off
+end
+
+
+Then /^I am offline$/ do
+  @user.status.should == :offline
+end
+

data/features/step_definitions/sign_on/invalid_credentials.rb

@@ -0,0 +1,8 @@
+
+When /^I try to sign on with invalid credentials$/ do
+  begin
+    @user.sign_on 'bad@email.com', 'bad-password'
+  rescue => e
+    puts e.message
+  end
+end

data/features/step_definitions/sign_on/locked_account.rb

@@ -0,0 +1,3 @@
+Then /^I am locked out$/ do
+  @user.status.should == :locked
+end

data/features/step_definitions/sign_on/valid_credentials.rb

@@ -0,0 +1,15 @@
+
+Given /^I have a User Profile$/ do
+  @user = FactoryGirl.create :user_profile
+  @user.save # TODO Determine why this is necessary
+end
+
+
+When /^I sign on with valid credentials$/ do
+  @user.sign_on @user.email, 'password'
+end
+
+
+Then /^I am online$/ do
+  @user.status.should == :online
+end

data/features/step_definitions/sign_up/duplicate_email.rb

@@ -0,0 +1,15 @@
+When /^I try to sign up with a duplicate email$/ do
+  email = FactoryGirl.generate :email
+
+  begin
+    @user = AuthFx::UserProfile.sign_up email, 'password'
+    @user = AuthFx::UserProfile.sign_up email, 'password'
+  rescue => e
+    @message = e.message
+  end
+end
+
+
+Then /^I receive a duplicate email error$/ do
+  @message.should == 'We already have that email.'
+end

data/features/step_definitions/sign_up/invalid_email.rb

@@ -0,0 +1,11 @@
+
+When /^I try to sign up with an invalid email address$/ do
+  @user = AuthFx::UserProfile.sign_up 'bad.email.com', 'password'
+end
+
+
+Then /^I receive an invalid email error$/ do
+  received = JSON.parse({:errors => @user.errors.to_h}.to_json)
+  expected = JSON.parse({:errors => {:email => ['Doesn''t look like an email address to me ...']}}.to_json)
+  received.should == expected
+end

data/features/step_definitions/sign_up/missing_credentials.rb

@@ -0,0 +1,24 @@
+
+When /^I try to sign up with a missing email address$/ do
+  @user = AuthFx::UserProfile.sign_up '', 'password'
+end
+
+
+Then /^I receive an missing email error$/ do
+  received = JSON.parse({:errors => @user.errors.to_h}.to_json)
+  expected = JSON.parse({:errors => {:email => ['We need your email address.']}}.to_json)
+  received.should == expected
+end
+
+
+When /^I try to sign up with a missing password$/ do
+  email = FactoryGirl.generate :email
+  @user = AuthFx::UserProfile.sign_up email, ''
+end
+
+
+Then /^I receive a missing password error$/ do
+  received = JSON.parse({:errors => @user.errors.to_h}.to_json)
+  expected = JSON.parse({:errors => {:pass_phrase => ['Pass phrase must be between 5 and 50 characters long']}}.to_json)
+  received.should == expected
+end

data/features/step_definitions/sign_up/valid_sign_up.rb

@@ -0,0 +1,5 @@
+
+Given /^I sign up with valid credentials$/ do
+  email = FactoryGirl.generate :email
+  @user = AuthFx::UserProfile.sign_up email, 'password'
+end

data/features/support/env.rb

@@ -0,0 +1,2 @@
+require 'lib/fx-auth/models'
+require './test/factories'

data/fx-auth.gemspec

@@ -0,0 +1,31 @@
+# -*- encoding: utf-8 -*-
+
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+
+require 'fx-auth/version'
+
+
+Gem::Specification.new do |gem|
+  gem.name          = 'fx-auth'
+  gem.version       = AuthFx::VERSION
+
+  gem.authors       = ['Dave Jackson']
+  gem.email         = %w(dave.jackson@anywarefx.com)
+  gem.description   = %q{AuthFx - DataMapper models for RESTful Authentication}
+  gem.summary       = %q{AuthFx - DataMapper models for RESTful Authentication}
+  gem.homepage      = ''
+
+  gem.files         = `git ls-files`.split($/)
+  gem.executables   = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
+  gem.test_files    = gem.files.grep(%r{^(features|spec|features)/})
+  gem.require_paths = %w(lib)
+
+  gem.add_dependency 'data_mapper'
+
+  gem.add_development_dependency 'rake'
+  gem.add_development_dependency 'cucumber'
+  gem.add_development_dependency 'rspec'
+  gem.add_development_dependency 'factory_girl'
+  gem.add_development_dependency 'dm-sqlite-adapter'
+end

data/lib/fx-auth/errors.rb

@@ -0,0 +1,35 @@
+module AuthFx
+
+  class UserError < StandardError
+  end
+
+
+  class MissingUserError < UserError
+    def initialize
+      super "We can't find a user with that ID." # TODO localize
+    end
+  end
+
+
+  class DuplicateUserError < UserError
+    def initialize
+      super "We already have that email." # TODO localize
+    end
+  end
+
+
+  class InvalidUserError < UserError
+    def initialize
+      super "The email or pass phrase you provided doesn't match our records." # TODO localize
+    end
+  end
+
+
+  class LockedUserError < UserError
+    def initialize locked_until
+      super "Your account is locked. You can try to sign on again in 30 minutes." # TODO localize
+      @locked_until = locked_until # TODO display time in message?
+    end
+  end
+
+end

data/lib/fx-auth/models.rb

@@ -0,0 +1,15 @@
+require 'data_mapper'
+require 'uuidtools'
+
+
+%w(
+
+  errors
+  pass_key
+  role
+  user_profile
+
+).each do |model|
+
+  require "#{File.dirname(__FILE__)}/#{model}"
+end

data/lib/fx-auth/pass_key.rb

@@ -0,0 +1,48 @@
+module AuthFx
+
+  class PassKey
+    include DataMapper::Resource
+
+    belongs_to :user_profile
+
+    property :id, Serial
+    property :created_at, DateTime
+    property :updated_at, DateTime
+
+    property :token, String, :length => 36, :unique => true
+    property :expires_at, Time, :required => true
+
+
+    before :create do
+      self.token = UUIDTools::UUID.random_create.to_s
+      self.expires_at = Time.now + 30 * 60 # expires 30 minutes from now
+    end
+
+
+    def authenticate? token
+      self.token == token and !expired?
+    end
+
+
+    # TODO Regenerate for each request?
+    def regenerate
+      self.token = UUIDTools::UUID.random_create.to_s
+      reset_timer
+      self.token
+    end
+
+
+    def expired?
+      Time.now > self.expires_at
+    end
+
+
+    def reset_timer
+      self.expires_at = Time.now + 30 * 60 # the user has another 30 minutes - TODO make configurable
+      save
+      self.expires_at
+    end
+
+  end
+
+end

data/lib/fx-auth/role.rb

@@ -0,0 +1,29 @@
+module AuthFx
+
+  class Role
+    include DataMapper::Resource
+
+    has n, :user_roles, :constraint => :destroy
+    has n, :user_profiles, :through => :user_roles
+
+    property :id, Serial
+    property :created_at, DateTime
+    property :updated_at, DateTime
+
+    property :name, String, :required => true, :unique => true
+    property :description, Text
+  end
+
+
+  class UserRole
+    include DataMapper::Resource
+
+    belongs_to :user_profile
+    belongs_to :role
+
+    property :id, Serial
+    property :created_at, DateTime
+    property :updated_at, DateTime
+  end
+
+end

data/lib/fx-auth/user_profile.rb

@@ -0,0 +1,166 @@
+module AuthFx
+
+  class UserProfile
+    include DataMapper::Resource
+
+    has 1, :pass_key, :constraint => :destroy
+    has n, :user_roles, :constraint => :destroy
+    has n, :roles, :through => :user_roles
+
+    property :id, Serial
+    property :created_at, DateTime
+    property :updated_at, DateTime
+
+    property :email, String,
+             :required => true,
+             :unique   => true,
+             :format   => :email_address,
+             :messages => {
+                 :presence  => "We need your email address.",
+                 :is_unique => "We already have that email.",
+                 :format    => "Doesn't look like an email address to me ..."
+             }
+    property :gravatar, String, :length => 255
+
+    property :email_verification_code, String, :length => 36, :unique => true
+    property :verification_code_sent_at, DateTime
+    property :verification_code_expires_at, DateTime
+    property :email_verified_at, DateTime
+
+    property :pass_phrase, String, :length => 5..50
+    property :pass_phrase_crypt, BCryptHash
+    property :pass_phrase_expires_at, Time
+
+    property :status, Enum[:online, :offline, :locked], :default => :offline
+    property :sign_on_attempts, Integer, :default => 0
+    property :locked_until, Time
+
+
+    before :create do
+      self.email_verification_code = UUIDTools::UUID.random_create.to_s
+      user_role                    = Role.first :name => :user
+      self.roles << user_role if user_role
+    end
+
+
+    after :valid? do
+      self.gravatar = "http://www.gravatar.com/avatar/#{Digest::MD5.hexdigest self.email}"
+      if self.pass_phrase != '*****'
+        self.pass_phrase_crypt = self.pass_phrase
+        self.pass_phrase       = '*****'
+      end
+    end
+
+
+    def self.sign_up email, pass_phrase
+      user = UserProfile.first :email => email
+      raise DuplicateUserError if user
+
+      user = UserProfile.new :email => email, :pass_phrase => pass_phrase
+      if user.valid?
+        user.status = :online
+        user.save
+      end
+      user
+    end
+
+
+    def sign_on email, pass_phrase
+      self.status = :offline if self.pass_key and self.pass_key.expired?
+      self.status = :offline if self.status == :locked and self.lock_expired?
+
+      if self.status == :online
+        self.pass_key
+
+      elsif self.status == :offline
+        if self.email == email and self.pass_phrase_crypt == pass_phrase
+          self.status = :online
+          save
+          self.pass_key
+
+        else
+          self.sign_on_attempts += 1
+          save
+          raise InvalidUserError unless self.sign_on_attempts >= 3 # TODO make configurable
+
+          self.status = :locked
+          save
+          raise LockedUserError.new self.locked_until
+        end
+
+      else # :locked
+        raise LockedUserError.new self.locked_until
+      end
+    end
+
+
+    def sign_off
+      self.status = :offline
+      save
+    end
+
+
+    def status=(value)
+      if value == :online
+        self.locked_until     = Time.now - 30 * 60 # Unlocked 30 minutes ago - TODO make configurable
+        self.sign_on_attempts = 0
+        self.pass_key         = PassKey.new
+
+      elsif value == :offline
+        self.locked_until     = Time.now - 30 * 60 # Unlocked 30 minutes ago - TODO make configurable
+        self.sign_on_attempts = 0
+        self.pass_key.destroy if self.pass_key
+
+      elsif value == :locked
+        self.locked_until = Time.now + 30 * 60 # Lock for 30 minutes - TODO make configurable
+        self.pass_key.destroy if self.pass_key
+      end
+
+      super
+    end
+
+
+    def status
+      self.status = :offline if super == :online and
+          self.pass_key and
+          self.pass_key.expires_at and
+          Time.now > self.pass_key.expires_at
+      super
+    end
+
+
+    def authenticate? token
+      authenticated = (self.status == :online and
+          self.pass_key and
+          self.pass_key.authenticate? token
+      )
+      self.pass_key.reset_timer if authenticated
+      authenticated
+    end
+
+
+    def authorized? *roles
+      roles.any? { |role| self.in_role? role }
+    end
+
+
+    def in_role? role
+      found = self.roles.first :name => role
+      !found.nil?
+    end
+
+
+    def verify_email? email, code
+      self.email_verified = (self.email == email and self.email_verification_code == code)
+      save
+      self.email_verified
+    end
+
+
+    def lock_expired?
+      Time.now > self.locked_until
+    end
+
+  end
+
+end

data/lib/fx-auth/version.rb

@@ -0,0 +1,5 @@
+module AuthFx
+
+  VERSION = '0.1.0'
+
+end

data/lib/fx-auth.rb

@@ -0,0 +1,3 @@
+require 'fx-auth/version'
+require 'fx-auth/models'
+

data/test/factories.rb

@@ -0,0 +1,17 @@
+require 'factory_girl'
+require 'test/seeds'
+
+
+FactoryGirl.define do
+
+  sequence :email do |n|
+    "profile#{n}@example.com"
+  end
+
+
+  factory :user_profile, :class => AuthFx::UserProfile do
+    email
+    pass_phrase 'password'
+  end
+
+end

data/test/seeds.rb

@@ -0,0 +1,23 @@
+require 'lib/fx-auth/models'
+
+
+DataMapper::Logger.new $stdout, :debug
+DataMapper.setup :default, 'sqlite::memory:'
+DataMapper.auto_migrate!
+
+
+AuthFx::UserProfile.create(
+    {
+        :email       => 'admin@authfx.com',
+        :pass_phrase => 'password',
+
+        :roles       => [
+            {
+                :name => 'admin'
+            },
+            {
+                :name => 'user'
+            }
+        ]
+    }
+)

metadata

@@ -0,0 +1,170 @@
+--- !ruby/object:Gem::Specification
+name: fx-auth
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Dave Jackson
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2014-12-11 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  name: data_mapper
+  prerelease: false
+  type: :runtime
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  name: rake
+  prerelease: false
+  type: :development
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  name: cucumber
+  prerelease: false
+  type: :development
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  name: rspec
+  prerelease: false
+  type: :development
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  name: factory_girl
+  prerelease: false
+  type: :development
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  name: dm-sqlite-adapter
+  prerelease: false
+  type: :development
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: AuthFx - DataMapper models for RESTful Authentication
+email:
+- dave.jackson@anywarefx.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- features/authenticate.feature
+- features/sign_off.feature
+- features/sign_on.feature
+- features/sign_up.feature
+- features/step_definitions/authenticate/session_times_out.rb
+- features/step_definitions/sign_off/sign_off.rb
+- features/step_definitions/sign_on/invalid_credentials.rb
+- features/step_definitions/sign_on/locked_account.rb
+- features/step_definitions/sign_on/valid_credentials.rb
+- features/step_definitions/sign_up/duplicate_email.rb
+- features/step_definitions/sign_up/invalid_email.rb
+- features/step_definitions/sign_up/missing_credentials.rb
+- features/step_definitions/sign_up/valid_sign_up.rb
+- features/support/env.rb
+- fx-auth.gemspec
+- lib/fx-auth.rb
+- lib/fx-auth/errors.rb
+- lib/fx-auth/models.rb
+- lib/fx-auth/pass_key.rb
+- lib/fx-auth/role.rb
+- lib/fx-auth/user_profile.rb
+- lib/fx-auth/version.rb
+- test/factories.rb
+- test/seeds.rb
+homepage: ''
+licenses: []
+metadata: {}
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project:
+rubygems_version: 2.1.9
+signing_key:
+specification_version: 4
+summary: AuthFx - DataMapper models for RESTful Authentication
+test_files:
+- features/authenticate.feature
+- features/sign_off.feature
+- features/sign_on.feature
+- features/sign_up.feature
+- features/step_definitions/authenticate/session_times_out.rb
+- features/step_definitions/sign_off/sign_off.rb
+- features/step_definitions/sign_on/invalid_credentials.rb
+- features/step_definitions/sign_on/locked_account.rb
+- features/step_definitions/sign_on/valid_credentials.rb
+- features/step_definitions/sign_up/duplicate_email.rb
+- features/step_definitions/sign_up/invalid_email.rb
+- features/step_definitions/sign_up/missing_credentials.rb
+- features/step_definitions/sign_up/valid_sign_up.rb
+- features/support/env.rb