janus 0.5.0

data/lib/janus/hooks.rb

@@ -0,0 +1,58 @@
+module Janus
+  module Hooks # :nodoc:
+    extend ActiveSupport::Concern
+
+    # Hooks allow you the react at the different steps of a user session.
+    # All callbacks will receive the same arguments: +user+, +manager+ and
+    # +options+.
+    # 
+    # Example:
+    # 
+    #   Janus::Manager.after_login do |user, manager, options|
+    #     session = manager.session(options[:scope])
+    #     
+    #     # write some great code here
+    #   end
+    # 
+    # Options:
+    # 
+    # - +:scope+
+    # 
+    module ClassMethods
+      # Executed after a strategy succeeds to authenticate a user.
+      def after_authenticate(&block)
+        add_callback(:authenticate, block)
+      end
+
+      # Executed the first time an authenticated user is fetched from session.
+      def after_fetch(&block)
+        add_callback(:fetch, block)
+      end
+
+      # Executed after a user is logged in.
+      def after_login(&block)
+        add_callback(:login, block)
+      end
+
+      # Executed after a user is logged out. after_logout will be executed for
+      # each scope when logging out from multiple scopes at once.
+      def after_logout(&block)
+        add_callback(:logout, block)
+      end
+
+      def run_callbacks(kind, *args) # :nodoc:
+        callbacks(kind).each { |block| block.call(*args) }
+      end
+
+      private
+        def add_callback(kind, block)
+          callbacks(kind) << block
+        end
+
+        def callbacks(kind)
+          @callbacks ||= {}
+          @callbacks[kind] ||= []
+        end
+    end
+  end
+end

data/lib/janus/mailer.rb

@@ -0,0 +1,13 @@
+class Janus::Mailer < ActionMailer::Base
+  default_from = Janus::Config.contact_email
+
+  def reset_password_instructions(user)
+    @user = user
+    mail :to => @user.email, :subject => I18n.t('janus.mailer.reset_password_instructions.subject')
+  end
+
+  def confirmation_instructions(user)
+    @user = user
+    mail :to => @user.email, :subject => I18n.t('janus.mailer.confirmation_instructions.subject')
+  end
+end

data/lib/janus/manager.rb

@@ -0,0 +1,97 @@
+module Janus
+  class Manager
+    include Janus::Hooks
+    include Janus::Strategies
+
+    attr_reader :request, :cookies
+
+    def initialize(request, cookies)
+      @request, @cookies = request, cookies
+    end
+
+    # Tries to authenticate the user using strategies, before returning
+    # the current user or nil.
+    def authenticate(scope)
+      run_strategies(scope) unless authenticated?(scope)
+      user(scope)
+    end
+
+    # Raises a Janus::NotAuthenticated exception unless a user is authenticated.
+    def authenticate!(scope)
+      raise Janus::NotAuthenticated.new(scope) unless authenticate?(scope)
+    end
+
+    # Tries to authenticate the user before checking if it's authenticated.
+    def authenticate?(scope)
+      authenticate(scope)
+      authenticated?(scope)
+    end
+
+    # Returns true if a user is authenticated.
+    def authenticated?(scope) # :nodoc:
+      !!session(scope)
+    end
+
+    # Logs a user in.
+    # 
+    # FIXME: what should happen when a user signs in but a user is already signed in?!
+    def login(user, options = {})
+      options[:scope] ||= Janus.scope_for(user)
+      set_user(user, options)
+      Janus::Manager.run_callbacks(:login, user, self, options)
+    end
+
+    # Logs a user out from the given scopes or from all scopes at once
+    # if no scope is defined. If no scope is left after logout, then the
+    # whole session will be resetted.
+    def logout(*scopes)
+      scopes = janus_sessions.keys if scopes.empty?
+      
+      scopes.each do |scope|
+        _user = user(scope)
+        unset_user(scope)
+        Janus::Manager.run_callbacks(:logout, _user, self, :scope => scope)
+      end
+      
+      request.reset_session if janus_sessions.empty?
+    end
+
+    # Manually sets a user without going throught the whole login or
+    # authenticate process.
+    def set_user(user, options = {})
+      scope = options[:scope] || Janus.scope_for(user)
+      janus_sessions[scope.to_sym] = { :user_class => user.class, :user_id => user.id }
+    end
+
+    # Manually removes the user without going throught the whole logout process.
+    def unset_user(scope)
+      janus_sessions.delete(scope.to_sym)
+      @users.delete(scope.to_sym) unless @users.nil?
+    end
+
+    # Returns the currently connected user.
+    def user(scope)
+      scope = scope.to_sym
+      @users ||= {}
+      
+      if authenticated?(scope)
+        if @users[scope].nil?
+          @users[scope] = session(scope)[:user_class].find(session(scope)[:user_id])
+          Janus::Manager.run_callbacks(:fetch, @users[scope], self, :scope => scope)
+        end
+        
+        @users[scope]
+      end
+    end
+
+    # Returns the current session for user.
+    def session(scope)
+      janus_sessions[scope.to_sym]
+    end
+
+    private
+      def janus_sessions
+        request.session['janus'] ||= {}
+      end
+  end
+end

data/lib/janus/models/base.rb

@@ -0,0 +1,31 @@
+module Janus
+  module Models
+    module Base
+      extend ActiveSupport::Concern
+
+      module ClassMethods
+        def generate_token(column_name, size = 32)
+          loop do
+            token = SecureRandom.hex(size)
+            return token unless where(column_name => token).any?
+          end
+        end
+
+        def janus_config(*keys)
+          keys.each do |key|
+            class_eval <<-EOV
+            def self.#{key}
+              @#{key} || Janus::Config.#{key}
+            end
+            
+            def self.#{key}=(value)
+              @#{key} = value
+            end
+            EOV
+          end
+        end
+        
+      end
+    end
+  end
+end

data/lib/janus/models/confirmable.rb

@@ -0,0 +1,45 @@
+module Janus
+  module Models
+    # = Confirmable
+    # 
+    # Confirms an account's email by sending an email with an unique token.
+    # This is necessary to be sure the user can be contacted on that email.
+    # 
+    # IMPROVE: reconfirm whenever email changes.
+    module Confirmable
+      extend ActiveSupport::Concern
+
+      included do
+        attr_protected :confirmation_token, :confirmation_sent_at, :confirmed_at
+        janus_config(:confirmation_key)
+        
+        before_create :generate_confirmation_token
+#        before_update :generate_confirmation_token, :if => :email_changed?
+      end
+
+      # Generates the confirmation token, but won't save the record.
+      def generate_confirmation_token
+        self.confirmation_token = self.class.generate_token(:confirmation_token)
+        self.confirmation_sent_at = Time.now
+      end
+
+      # Confirms the record.
+      def confirm!
+        self.confirmation_token = self.confirmation_sent_at = nil
+        self.confirmed_at = Time.now
+        save
+      end
+
+      # Checks wether the email of this user if confirmed, or not.
+      def confirmed?
+        confirmed_at?
+      end
+
+      module ClassMethods
+        def find_for_confirmation(token)
+          where(:confirmation_token => token).first unless token.blank?
+        end
+      end
+    end
+  end
+end

data/lib/janus/models/database_authenticatable.rb

@@ -0,0 +1,98 @@
+require 'bcrypt'
+
+module Janus
+  module Models
+    # = DatabaseAuthenticatable
+    # 
+    # This is the initial part and is required for email + password registration
+    # and logins. Passwords are automatically encrypted following Devise's
+    # default encryption logic, which relies on bcrypt.
+    # 
+    # == Required columns:
+    # 
+    # - email
+    # - encrypted_password
+    # 
+    # == Configuration
+    # 
+    # - +stretches+
+    # - +pepper+
+    # - +authentication_keys+ - required keys for authenticating a user, defaults to <tt>[:email]</tt>
+    # 
+    module DatabaseAuthenticatable
+      extend ActiveSupport::Concern
+
+      included do
+        attr_protected :encrypted_password, :reset_password_token, :reset_password_sent_at
+        attr_reader   :password
+        attr_accessor :current_password
+        
+        validates :password, :presence => true, :confirmation => true, :if => :password_required?
+        validate :validate_current_password, :on => :update, :if => :current_password
+        
+        janus_config(:authentication_keys, :stretches, :pepper)
+      end
+
+      def password=(password)
+        @password = password
+        self.encrypted_password = digest_password(@password) unless @password.blank?
+      end
+
+      # Checks if a given password matches this user password.
+      def valid_password?(password)
+        ::BCrypt::Password.new(encrypted_password) == "#{password}#{self.class.pepper}"
+      end
+
+      def digest_password(password)
+        ::BCrypt::Password.create("#{password}#{self.class.pepper}", :cost => self.class.stretches).to_s
+      end
+
+      def clean_up_passwords
+        self.current_password = self.password = self.password_confirmation = nil
+      end
+
+      def generate_reset_password_token!
+        self.reset_password_token = self.class.generate_token(:reset_password_token)
+        self.reset_password_sent_at = Time.now
+        save
+      end
+
+      def reset_password!(params)
+        params.each do |key, value|
+          send("#{key}=", value) if [:password, :password_confirmation].include?(key.to_sym)
+        end
+        
+        self.reset_password_sent_at = self.reset_password_token = nil
+        save
+      end
+
+      protected
+        def password_required?
+          !persisted? || !!password || !!password_confirmation
+        end
+
+        def validate_current_password
+          errors.add(:current_password, :invalid) unless valid_password?(current_password)
+        end
+
+      module ClassMethods
+        def find_for_database_authentication(params)
+          params = params.reject { |k,v| !authentication_keys.include?(k.to_sym) }
+          where(params).first
+        end
+
+        def find_for_password_reset(token)
+          user = find_by_reset_password_token(token) unless token.blank?
+          
+          if user && user.reset_password_sent_at < 2.days.ago
+            user.reset_password_token = user.reset_password_sent_at = nil
+            user.save
+            user = nil
+          end
+          
+          user
+        end
+      end
+    end
+  end
+end

data/lib/janus/models/rememberable.rb

@@ -0,0 +1,54 @@
+module Janus
+  module Models
+    # = Rememberable
+    # 
+    # Allows a user to check a remember me check box when she logs in through
+    # DatabaseAuthenticatable. It will set a cookie with a configurable
+    # expiration date.
+    # 
+    # == Required columns
+    # 
+    # - remember_token
+    # - remember_created_at
+    # 
+    # == Configuration
+    # 
+    # - remember_for - how long to remember the user, for instance <tt>1.week</tt>.
+    # - :extend_remember_period - set to true to extend the remember cookie every time the user logs in.
+    # 
+    module Rememberable
+      extend ActiveSupport::Concern
+
+      included do
+        attr_protected :remember_token, :remember_created_at
+        janus_config :remember_for, :extend_remember_period
+      end
+
+      # Generates an unique remote_token.
+      def remember_me!
+        self.remember_token = self.class.generate_token(:remember_token)
+        self.remember_created_at = Time.now
+        save
+      end
+
+      # Nullifies remote_token.
+      def forget_me!
+        self.remember_token = self.remember_created_at = nil
+        save
+      end
+
+      module ClassMethods
+        def find_for_remember_authentication(token)
+          user = where(:remember_token => token).first unless token.blank?
+          
+          if user && user.remember_created_at < remember_for.ago
+            user.forget_me!
+            user = nil
+          end
+          
+          user
+        end
+      end
+    end
+  end
+end

data/lib/janus/models/remote_authenticatable.rb

@@ -0,0 +1,99 @@
+require 'janus/hooks/remote_authenticatable'
+
+module Janus
+  module Models
+    # = RemoteAuthenticatable
+    # 
+    # Keeping a user connected on subdomains is an easy task, all you need to do
+    # is define the session cookie to <tt>.example.com</tt> for instance. But
+    # keeping a user connected on multiple top level domains is a harder task.
+    # 
+    # Hopefully RemoteAuthenticatable takes care of all the hassle.
+    # 
+    # == Single Sign In
+    # 
+    # The authentication must happen on a single domain, for instance
+    # <tt>login.example.com</tt>, then other domains must redirect to that
+    # domain's new session url. For instance:
+    # 
+    #   redirect_to new_user_session_url(:host => "login.example.com") unless user_signed_in?
+    # 
+    # And that's it! The user shall be redirected with an unique +remote_token+,
+    # which shall log her in. Actually the user won't be logged in through
+    # Janus::Manager#login but through Janus::Manager#set_user which won't
+    # run the login hooks. This is useful for not tracking the user everytime
+    # it gets authenticated on each remote site.
+    # 
+    # == Single Sign Out
+    # 
+    # Session state is maintained across domains through the session_token
+    # column of your User model. If a session token is invalid the session
+    # is simply resetted, thus logging out the user on remote domains. Actually
+    # the user is logged out using Janus::Manager#unset_user before
+    # resetting the session.
+    # 
+    # == Required columns and models:
+    # 
+    # A +session_token+ column (string) is required, as well as a RemoteToken
+    # model like so:
+    # 
+    #   class RemoteToken < ActiveRecord::Base
+    #     include Janus::Models::RemoteToken
+    #   
+    #     belongs_to :user
+    #     validates_presence_of :user
+    #   end
+    # 
+    # With the associated table:
+    # 
+    #   create_table :remote_tokens do |t|
+    #     t.references :user
+    #     t.string     :token
+    #     t.datetime   :created_at
+    #   end
+    #   
+    #   add_index :remote_tokens, :token, :unique => true
+    module RemoteAuthenticatable
+      extend ActiveSupport::Concern
+
+      included do |klass|
+        attr_protected :session_token
+        klass.class_eval { has_many :remote_tokens }
+        janus_config :remote_authentication_key
+      end
+
+      # Generates an unique session token. This token will be used to validate
+      # the current session, and must be generated whenever a user signs in on
+      # the main site.
+      # 
+      # The token won't be regenerated if it already exists.
+      def generate_session_token!
+        update_attribute(:session_token, self.class.generate_token(:session_token)) unless session_token
+        session_token
+      end
+
+      # Destroys the session token. This must be called whenever the user signs
+      # out. Doing so will invalidate all sessions using this token at once
+      # --hence single sign out.
+      def destroy_session_token!
+        update_attribute(:session_token, nil)
+      end
+
+      # Returns a temporary token to be used with find_for_remote_authentication.
+      def generate_remote_token!
+        remote_tokens.create.token
+      end
+
+      module ClassMethods
+        def find_for_remote_authentication(token)
+          remote_token = ::RemoteToken.where(:token => token).first
+          
+          if remote_token
+            remote_token.destroy
+            remote_token.user unless remote_token.created_at < 30.seconds.ago
+          end
+        end
+      end
+    end
+  end
+end

data/lib/janus/models/remote_token.rb

@@ -0,0 +1,17 @@
+module Janus
+  module Models
+    module RemoteToken
+      def self.included(klass)
+        klass.class_eval do
+          include Janus::Models::Base
+          before_save :reset_token
+        end
+      end
+
+      # Generates an unique token.
+      def reset_token
+        self.token = self.class.generate_token(:token)
+      end
+    end
+  end
+end

data/lib/janus/models/trackable.rb

@@ -0,0 +1,37 @@
+require 'janus/hooks/trackable'
+
+module Janus
+  module Models
+    # = Trackable
+    # 
+    # Simple hook to update some columns of your model whenever a user logs in.
+    # 
+    # == Required columns
+    # 
+    # - +sign_in_count+
+    # - +current_sign_in_ip+
+    # - +current_sign_in_at+
+    # - +last_sign_in_ip+
+    # - +last_sign_in_at+
+    # 
+    module Trackable
+      extend ActiveSupport::Concern
+
+      included do
+        attr_protected :sign_in_count, :current_sign_in_at, :last_sign_in_at, :current_sign_in_ip, :last_sign_in_ip
+      end
+
+      def track!(ip)
+        self.sign_in_count += 1
+        
+        self.last_sign_in_at = self.current_sign_in_at
+        self.last_sign_in_ip = self.current_sign_in_ip
+        
+        self.current_sign_in_at = Time.now
+        self.current_sign_in_ip = ip
+        
+        save(:validate => false)
+      end
+    end
+  end
+end

data/lib/janus/routes.rb

@@ -0,0 +1,78 @@
+module ActionDispatch # :nodoc:
+  module Routing # :nodoc:
+    class Mapper
+      # Creates the routes for a Janus capable resource.
+      # 
+      # Example:
+      # 
+      #   MyApp::Application.routes.draw do
+      #     janus :users, :session => true, :registration => false
+      #   end
+      # 
+      # Options:
+      # 
+      # - +session+      - true to generate session routes
+      # - +registration+ - true to generate registration routes
+      # - +confirmation+ - true to generate confirmation routes
+      # - +password+     - true to generate password reset routes
+      # 
+      # Generated session routes:
+      # 
+      #       new_user_session GET    /users/sign_in(.:format)  {:controller=>"users/sessions", :action=>"new"}
+      #           user_session POST   /users/sign_in(.:format)  {:controller=>"users/sessions", :action=>"create"}
+      #   destroy_user_session        /users/sign_out(.:format) {:controller=>"users/sessions", :action=>"destroy"}
+      # 
+      # Generated registration routes:
+      # 
+      #    new_user_registration GET    /users/sign_up(.:format)  {:controller=>"users/registrations", :action=>"new"}
+      #        user_registration POST   /users(.:format)          {:controller=>"users/registrations", :action=>"create"}
+      #   edit_user_registration GET    /users/edit(.:format)     {:controller=>"users/registrations", :action=>"edit"}
+      #                          PUT    /users(.:format)          {:controller=>"users/registrations", :action=>"update"}
+      #                          DELETE /users(.:format)          {:controller=>"users/registrations", :action=>"destroy"}
+      # 
+      # Generated confirmation routes:
+      # 
+      #       user_confirmation POST   /users/confirmation(.:format)     {:controller=>"users/confirmations", :action=>"create"}
+      #   new_user_confirmation GET    /users/confirmation/new(.:format) {:controller=>"users/confirmations", :action=>"new"}
+      #                         GET    /users/confirmation(.:format)     {:controller=>"users/confirmations", :action=>"show"}
+      # 
+      # Generated password reset routes:
+      # 
+      #        user_password POST   /users/password(.:format)      {:controller=>"users/passwords", :action=>"create"}
+      #    new_user_password GET    /users/password/new(.:format)  {:controller=>"users/passwords", :action=>"new"}
+      #   edit_user_password GET    /users/password/edit(.:format) {:controller=>"users/passwords", :action=>"edit"}
+      #                      PUT    /users/password(.:format)      {:controller=>"users/passwords", :action=>"update"}
+      #                      DELETE /users/password(.:format)      {:controller=>"users/passwords", :action=>"destroy"}
+      # 
+      def janus(*resources)
+        ActionController::Base.send(:include, Janus::Helpers)    unless ActionController::Base.include?(Janus::Helpers)
+        ActionController::Base.send(:include, Janus::UrlHelpers) unless ActionController::Base.include?(Janus::UrlHelpers)
+        options = resources.extract_options!
+        
+        resources.each do |plural|
+          singular = plural.to_s.singularize
+          
+          if options[:session]
+            scope :path => plural, :controller => "#{plural}/sessions" do
+              match "/sign_in(.:format)", :action => "new", :via => :get, :as => "new_#{singular}_session"
+              match "/sign_in(.:format)", :action => "create", :via => :post, :as => "#{singular}_session"
+              match "/sign_out(.:format)", :action => "destroy",  :as => "destroy_#{singular}_session"
+            end
+          end
+          
+          namespace plural, :as => singular do
+            if options[:registration]
+              resource :registration, :except => [:index, :show], :path => "",
+                :path_names => { :new => 'sign_up' }
+            end
+            
+            resource :confirmation, :only => [:show, :new, :create] if options[:confirmation]
+            resource :password, :except => [:index, :show] if options[:password]
+          end
+          
+          ActionController::Base.janus(singular)
+        end
+      end
+    end
+  end
+end

data/lib/janus/strategies/base.rb

@@ -0,0 +1,40 @@
+module Janus
+  module Strategies
+    # Base class for writing authentication strategies.
+    class Base
+      attr_reader :scope, :manager, :request, :cookies, :user
+
+      def initialize(scope, manager) # :nodoc:
+        @scope, @manager = scope, manager
+        @request, @cookies = manager.request, manager.cookies
+      end
+
+      def valid?
+        true
+      end
+
+      def pass
+      end
+
+      def success!(user)
+        @user = user
+      end
+
+      def success?
+        !@user.nil?
+      end
+
+      def resource
+        @resource ||= scope.to_s.camelize.constantize
+      end
+
+      def authenticate!
+        raise StandardError.new("You must define the #{self.class.name}#authenticate! method.")
+      end
+
+      def auth_method
+        :login
+      end
+    end
+  end
+end

data/lib/janus/strategies/database_authenticatable.rb

@@ -0,0 +1,20 @@
+#module Janus
+#  module Strategies
+#    class DatabaseAuthenticatable < Base
+#      def valid?
+#        if params[scope].blank? || 
+#          false
+#        else
+#          keys = resource.authentication_keys
+#          keys << :password
+#          keys.each { |key| return false if request.params[scope][key].blank? }
+#          true
+#        end
+#      end
+
+#      def authenticate!
+#        if params[]
+#      end
+#    end
+#  end
+#end