janus 0.5.0

data/README.rdoc

@@ -0,0 +1,144 @@
+= Janus
+
+Janus is an authentication engine for Ruby on Rails 3 and is an alternative
+to the Warden + Devise combo, without the Rack middleware. The whole project
+is inspired by the Warden and Devise API but shall eventually be quite
+different since everything happens within ActionDispatch and not at the Rack
+level.
+
+The main difference for now is the cross domain authentication --which allows
+a user to single sign in and out across top level domains-- which required
+a finer grained control over setting and unsetting a user than Warden provides.
+Janus uses +login+ and +logout+ to actually sign the user in and out, while
++set_user+ and +unset_user+ will manually set the session, without dispatching
+the +after_login+ and +after_logout+ hooks.
+
+== Features
+
+- DatabaseAuthenticatable
+- RemoteAuthenticatable
+- Confirmable
+- Rememberable
+- Trackable
+
+Note: login through Janus::Manager#set_user won't track the user.
+
+- authentication system with strategies and hooks
+- scoped authentications with parallel authentication
+- database authentication with password encryption, validation and remember me strategy
+- remote authentication for cross domain sign in / sign out
+- controllers: sessions, registrations, confirmations, passwords and their routes
+- route generation for above controllers
+- trackable hook
+
+== TODO
+
+- generators (janus:install, janus)
+- rename RemoteAuthenticatable to something like CrossDomainAuthenticatable(?)
+
+== Install
+
+There is no automated way to install Janus yet, since generators are missing.
+Please remember that Janus is only compatible with Rails 3.
+
+First add the gem to your Gemfile:
+
+  $ gem 'janus', :git => git://github.com/ysbaddaden/janus.git
+
+Configure your user models by including all or a selection of the Janus::Models
+modules:
+
+  class User < ActiveRecord::Base
+    include Janus::Models::Base
+    include Janus::Models::DatabaseAuthenticatable
+    include Janus::Models::RemoteAuthenticatable
+    include Janus::Models::Confirmable
+    include Janus::Models::Rememberable
+    include Janus::Models::Trackable
+  end
+
+  class Admin < ActiveRecord::Base
+    include Janus::Models::Base
+    include Janus::Models::DatabaseAuthenticatable
+    include Janus::Models::RemoteAuthenticatable
+  end
+
+Configure your routes:
+
+  Name::Application.routes.map do
+    janus :users,  :session => true, :registration => true, :password => true, :confirmation => true
+    janus :admins, :session => true
+    
+    root :to => "home#index"
+  end
+
+Create the required controllers:
+
+  class Users::SessionsController < Janus::SessionsController
+    respond_to :html
+  end
+
+  class Users::RegistrationsController < Janus::RegistrationsController
+    respond_to :html
+  end
+
+  class Users::PasswordsController < Janus::PasswordsController
+    respond_to :html
+  end
+
+  class Users::ConfirmationssController < Janus::ConfirmationssController
+    respond_to :html
+  end
+
+  class Admins::SessionsController < Janus::SessionsController
+    respond_to :html
+  end
+
+Copy the views from test/rails_app to your application:
+
+  mkdir name/app/views/users/
+  cp -r janus/test/rails_app/app/views/users/sessions name/app/views/users/
+  cp -r janus/test/rails_app/app/views/users/registrations name/app/views/users/
+  cp -r janus/test/rails_app/app/views/users/confirmations name/app/views/users/
+  cp -r janus/test/rails_app/app/views/users/registrations name/app/views/users/
+  
+  mkdir name/app/views/admins/
+  cp -r janus/test/rails_app/app/views/users/sessions name/app/views/users/
+
+Have a look to the test app in <tt>test/rails_app</tt> for additional help:
+
+  app/controllers/application_controller.rb
+  app/controller/users/confirmations_controller.rb
+  app/controller/users/passwords_controller.rb
+  app/controller/users/registrations_controller.rb
+  app/controller/users/sessions_controller.rb
+  app/mailers/janus_mailer.rb
+  app/models/remote_token.rb
+  app/models/user.rb
+  app/views/janus_mailer/confirmation_instructions.html.erb
+  app/views/janus_mailer/confirmation_instructions.text.erb
+  app/views/janus_mailer/reset_password_instructions.html.erb
+  app/views/janus_mailer/reset_password_instructions.text.erb
+  app/views/users/confirmations/new.html.erb
+  app/views/users/passwords/new.html.erb
+  app/views/users/passwords/edit.html.erb
+  app/views/users/registrations/new.html.erb
+  app/views/users/registrations/edit.html.erb
+  app/views/users/sessions/new.html.erb
+  config/initializers/janus.rb
+  config/locales/janus.en.yml
+  config/routes.rb
+  db/migrate/*.rb
+
+== License
+
+Janus is distributed under the MIT-License.
+
+== Authors
+
+Most of the API and some code like password encryption is copied from
+Devise: http://github.com/plataformatec/devise.git and Warden:
+http://github.com/hassox/warden
+
+- Julien Portalier <ysbaddaden@gmail.com>
+

data/lib/janus/config.rb

@@ -0,0 +1,26 @@
+require 'active_support/time'
+
+module Janus
+  module Config
+    mattr_accessor :contact_email
+    
+    # DatabaseAuthenticatable
+    mattr_accessor :authentication_keys, :stretches, :pepper
+    self.authentication_keys = [:email]
+    self.stretches = 10
+    
+    # Confirmable
+    mattr_accessor :confirmation_key
+    self.confirmation_key = :confirm_token
+    
+    # Rememberable
+    mattr_accessor :remember_for, :extend_remember_period, :remember_across_browsers
+    self.remember_for = 2.weeks
+    self.extend_remember_period = false
+#    self.remember_across_browsers = false
+    
+    # RemoteAuthenticatable
+    mattr_accessor :remote_authentication_key
+    self.remote_authentication_key = :remote_token
+  end
+end

data/lib/janus/controllers/confirmations_controller.rb

@@ -0,0 +1,56 @@
+class Janus::ConfirmationsController < ApplicationController
+  include Janus::InternalHelpers
+
+  helper JanusHelper
+
+  def show
+    self.resource = resource_class.find_for_confirmation(params[resource_class.confirmation_key])
+    
+    if resource
+      resource.confirm!
+      
+      respond_to do |format|
+        format.html { redirect_to root_url, :notice => t('flash.janus.confirmations.edit.confirmed') }
+        format.any  { head :ok }
+      end
+    else
+      respond_to do |format|
+        format.html do
+          self.resource = resource_class.new
+          resource.errors.add(:base, :invalid_token)
+          render 'new'
+        end
+        
+        format.any { head :bad_request }
+      end
+    end
+  end
+
+  def new
+    self.resource = resource_class.new
+    respond_with(resource)
+  end
+
+  def create
+    self.resource = resource_class.find_for_database_authentication(params[resource_name])
+    
+    if resource
+      JanusMailer.confirmation_instructions(resource).deliver
+      
+      respond_to do |format|
+        format.html { redirect_to root_url, :notice => t('flash.janus.confirmations.create.email_sent') }
+        format.any  { head :ok }
+      end
+    else
+      respond_to do |format|
+        format.html do
+          self.resource = resource_class.new
+          resource.errors.add(:base, :not_found)
+          render 'new'
+        end
+        
+        format.any { head :not_found }
+      end
+    end
+  end
+end

data/lib/janus/controllers/helpers.rb

@@ -0,0 +1,54 @@
+module Janus
+  module Helpers
+    extend ActiveSupport::Concern
+
+    included do
+      helper_method :signed_in?
+
+      rescue_from Janus::NotAuthenticated do |exception|
+        respond_to do |format|
+          format.html { redirect_to send("new_#{exception.scope}_session_url") }
+          format.any  { head :unauthorized }
+        end
+      end
+    end
+
+    def janus
+      @janus ||= Janus::Manager.new(request, cookies)
+    end
+
+    def handle_unverified_requests
+      janus.logout
+    end
+
+    def signed_in?(scope)
+      janus.authenticate?(scope)
+    end
+
+    module ClassMethods
+      def janus(*scopes)
+        scopes.each do |scope|
+          class_eval <<-EOV
+            helper_method :#{scope}_signed_in?, :current_#{scope}, :#{scope}_session
+            
+            def authenticate_#{scope}!
+              janus.authenticate!(:#{scope})
+            end
+            
+            def current_#{scope}
+              @current_#{scope} ||= janus.authenticate(:#{scope})
+            end
+            
+            def #{scope}_signed_in?
+              janus.authenticate?(:#{scope})
+            end
+            
+            def #{scope}_session
+              janus.session(:#{scope}) if #{scope}_signed_in?
+            end
+          EOV
+        end
+      end
+    end
+  end
+end

data/lib/janus/controllers/internal_helpers.rb

@@ -0,0 +1,33 @@
+module Janus
+  module InternalHelpers
+    extend ActiveSupport::Concern
+
+    included do
+      helper_method :janus_scope, :resource, :resource_class, :resource_name
+    end
+
+    def authenticate!
+      send("authenticate_#{janus_scope}!")
+    end
+
+    def janus_scope
+      @janus_scope ||= self.class.name.split('::', 2).first.underscore.singularize
+    end
+
+    def resource
+      instance_variable_get(:"@#{janus_scope}")
+    end
+
+    def resource=(value)
+      instance_variable_set(:"@#{janus_scope}", value)
+    end
+
+    def resource_class
+      @resource_class ||= janus_scope.camelize.constantize
+    end
+
+    def resource_name
+      janus_scope
+    end
+  end
+end

data/lib/janus/controllers/passwords_controller.rb

@@ -0,0 +1,60 @@
+class Janus::PasswordsController < ApplicationController
+  include Janus::InternalHelpers
+
+  helper JanusHelper
+
+  def new
+    self.resource = resource_class.new
+  end
+
+  def create
+    self.resource = resource_class.find_for_database_authentication(params[resource_name])
+    
+    if resource
+      resource.generate_reset_password_token!
+      JanusMailer.reset_password_instructions(resource).deliver
+      
+      respond_to do |format|
+        format.html { redirect_to root_url, :notice => t('flash.janus.passwords.create.email_sent') }
+        format.any  { head :ok }
+      end
+    else
+      respond_to do |format|
+        format.html do
+          self.resource = resource_class.new
+          resource.errors.add(:base, :not_found)
+          render "new"
+        end
+        format.any { head :precondition_failed }
+      end
+    end
+  end
+
+  def edit
+    self.resource = resource_class.find_for_password_reset(params[:token])
+    redirect_to root_url, :alert => t('flash.janus.passwords.edit.alert') unless resource
+  end
+
+  def update
+    self.resource = resource_class.find_for_password_reset(params[resource_name][:reset_password_token])
+    
+    if resource
+      if resource.reset_password!(params[resource_name])
+        respond_to do |format|
+          format.html { redirect_to root_url, :notice => t('flash.janus.passwords.update.password_updated') }
+          format.any  { head :ok }
+        end
+      else
+        respond_to do |format|
+          format.html { render 'edit' }
+          format.any  { head :precondition_failed }
+        end
+      end
+    else
+      respond_to do |format|
+        format.html { redirect_to root_url, :alert => t('flash.janus.passwords.update.invalid_token') }
+        format.any  { head :precondition_failed }
+      end
+    end
+  end
+end

data/lib/janus/controllers/registrations_controller.rb

@@ -0,0 +1,55 @@
+class Janus::RegistrationsController < ApplicationController
+  include Janus::InternalHelpers
+
+  helper JanusHelper
+
+  before_filter      :authenticate!, :except => [:new, :create]
+  skip_before_filter :authenticate!, :only   => [:new, :create]
+
+  def new
+    self.resource = resource_class.new
+    respond_with(resource)
+  end
+
+  def edit
+    self.resource = send("current_#{janus_scope}")
+    respond_with(resource)
+  end
+
+  def create
+    self.resource = resource_class.new(params[resource_name])
+    
+    if resource.save
+      janus.login(resource, :scope => janus_scope, :rememberable => true)
+      JanusMailer.confirmation_instructions(resource).deliver if resource.respond_to?(:confirm!)
+    else
+      resource.clean_up_passwords
+    end
+    
+    respond_with(resource, :location => after_sign_up_url(resource))
+  end
+
+  def update
+    params[resource_name].each do |key, value|
+      params[resource_name].delete(key) if value.blank? && [:password, :password_confirmation].include?(key.to_sym)
+    end
+    
+    self.resource = send("current_#{janus_scope}")
+    resource.current_password = ""
+    resource.clean_up_passwords unless resource.update_attributes(params[resource_name])
+    respond_with(resource, :location => after_sign_up_url(resource))
+  end
+
+  def destroy
+    self.resource = send("current_#{janus_scope}")
+    janus.unset_user(janus_scope) if resource.destroy
+    
+    respond_with(resource) do |format|
+      format.html { redirect_to root_url }
+    end
+  end
+
+  def after_sign_up_url(user)
+    user
+  end
+end

data/lib/janus/controllers/sessions_controller.rb

@@ -0,0 +1,94 @@
+require 'addressable/uri'
+
+class Janus::SessionsController < ApplicationController
+  include Janus::InternalHelpers
+#  include Janus::UrlHelpers
+
+  helper JanusHelper
+#  skip_before_filter :authenticate_user!
+
+  def new
+    params[:return_to] ||= request.env["HTTP_REFERER"]
+    
+    if signed_in?(janus_scope)
+      redirect_after_sign_in(send("current_#{janus_scope}"))
+    else
+      self.resource = resource_class.new
+      respond_with(resource)
+    end
+  end
+
+  def create
+    self.resource = resource_class.find_for_database_authentication(params[resource_name])
+    
+    if resource && resource.valid_password?(params[resource_name][:password])
+      janus.login(resource, :scope => janus_scope, :rememberable => params[:remember_me])
+      
+      respond_to do |format|
+        format.html { redirect_after_sign_in(resource) }
+        format.any  { head :ok }
+      end
+    else
+      respond_to do |format|
+        format.html do
+          self.resource ||= resource_class.new(params[resource_name])
+          resource.clean_up_passwords
+          resource.errors.add(:base, :not_found)
+          
+          render "new", :status => :unauthorized
+        end
+        format.any { head :unauthorized }
+      end
+    end
+  end
+
+  def destroy
+    janus.logout(janus_scope)
+    
+    respond_to do |format|
+      format.html { redirect_to after_sign_out_url(janus_scope) }
+      format.any  { head :ok }
+    end
+  end
+
+  def after_sign_in_url(user)
+    user
+  end
+
+  def after_sign_out_url(scope)
+    root_url
+  end
+
+  # Returns true if remote host is known and redirect with an auth_token should
+  # be allowed or not. It must be overwritten by child class since it always
+  # returns true by default.
+  def valid_remote_host?(host)
+    true
+  end
+
+  # Either redirects the user to after_sign_in_url or to
+  # <tt>params[:return_to]</tt>. If return_to is an absolute URL, and not just
+  # a path, valid_remote_host? will be invoked to check if we should redirect
+  # to this URL or not --which is moslty of use for RemoteAuthenticatable to
+  # securize auth tokens from unknown domains.
+  def redirect_after_sign_in(user)
+    unless params[:return_to].blank?
+      return_to = Addressable::URI.parse(params[:return_to])
+      
+      if return_to.host.nil? || return_to.host == request.host
+        redirect_to params[:return_to]
+        return
+      elsif valid_remote_host?(return_to.host)
+        if user.class.include?(Janus::Models::RemoteAuthenticatable)
+          query = return_to.query_values || {}
+          return_to.query_values = query.merge(user.class.remote_authentication_key => user.generate_remote_token!)
+        end
+        
+        redirect_to return_to.to_s
+        return
+      end
+    end
+    
+    redirect_to after_sign_in_url(user)
+  end
+end

data/lib/janus/controllers/url_helpers.rb

@@ -0,0 +1,61 @@
+module Janus
+  module UrlHelpers
+    extend ActiveSupport::Concern
+
+    included do
+      helper_method :session_url, :session_path, :new_session_url, :new_session_path, :destroy_session_url, :destroy_session_path,
+        :registration_url, :registration_path, :new_registration_url, :new_registration_path, :edit_registration_url, :edit_registration_path,
+        :confirmation_url, :confirmation_path, :new_confirmation_url, :new_confirmation_path,
+        :password_url, :password_path, :new_password_url, :new_password_path, :edit_password_url, :edit_password_path
+    end
+
+    [:url, :path].each do |suffix|
+      define_method("new_session_#{suffix}") do |scope, *args|
+        send("new_#{scope}_session_#{suffix}", *args)
+      end
+
+      define_method("session_#{suffix}") do |scope, *args|
+        send("#{scope}_session_#{suffix}", *args)
+      end
+
+      define_method("destroy_session_#{suffix}") do |scope, *args|
+        send("destroy_#{scope}_session_#{suffix}", *args)
+      end
+
+
+      define_method("registration_#{suffix}") do |scope, *args|
+        send("#{scope}_registration_#{suffix}", *args)
+      end
+
+      define_method("new_registration_#{suffix}") do |scope, *args|
+        send("new_#{scope}_registration_#{suffix}", *args)
+      end
+
+      define_method("edit_registration_#{suffix}") do |scope, *args|
+        send("edit_#{scope}_registration_#{suffix}", *args)
+      end
+
+
+      define_method("confirmation_#{suffix}") do |scope, *args|
+        send("#{scope}_confirmation_#{suffix}", *args)
+      end
+
+      define_method("new_confirmation_#{suffix}") do |scope, *args|
+        send("new_#{scope}_confirmation_#{suffix}", *args)
+      end
+
+
+      define_method("password_#{suffix}") do |scope, *args|
+        send("#{scope}_password_#{suffix}", *args)
+      end
+
+      define_method("new_password_#{suffix}") do |scope, *args|
+        send("new_#{scope}_password_#{suffix}", *args)
+      end
+
+      define_method("edit_password_#{suffix}") do |scope, *args|
+        send("edit_#{scope}_password_#{suffix}", *args)
+      end
+    end
+  end
+end

data/lib/janus/helper.rb

@@ -0,0 +1,11 @@
+module JanusHelper
+  def janus_error_messages
+    return "" if resource.errors.empty?
+    
+    content_tag :div, :id => 'error_explanation' do
+      content_tag :ul do
+        resource.errors.full_messages.map { |message| content_tag :li, message }.join.html_safe
+      end
+    end
+  end
+end

data/lib/janus/hooks/rememberable.rb

@@ -0,0 +1,20 @@
+Janus::Manager.after_login do |user, manager, options|
+  if options[:rememberable] && user.respond_to?(:remember_me!)
+    user.remember_me!
+    
+    remember_cookie_name = Janus::Strategies::Rememberable.remember_cookie_name(options[:scope])
+    manager.cookies[remember_cookie_name] = {
+      :value => user.remember_token,
+      :expires => user.class.remember_for.from_now
+    }
+  end
+end
+
+Janus::Manager.after_logout do |user, manager, options|
+  if user.respond_to?(:forget_me!)
+    user.forget_me!
+    
+    remember_cookie_name = Janus::Strategies::Rememberable.remember_cookie_name(options[:scope])
+    manager.cookies.delete(remember_cookie_name)
+  end
+end

data/lib/janus/hooks/remote_authenticatable.rb

@@ -0,0 +1,27 @@
+Janus::Manager.after_login do |user, manager, options|
+  if user.respond_to?(:generate_session_token!)
+    user.generate_session_token! if user.session_token.nil?
+    
+    session = manager.session(options[:scope])
+    session[:session_token] = user.session_token
+  end
+end
+
+Janus::Manager.after_authenticate do |user, manager, options|
+  if user.respond_to?(:session_token)
+    session = manager.session(options[:scope])
+    session[:session_token] = user.session_token
+  end
+end
+
+Janus::Manager.after_logout do |user, manager, options|
+  user.destroy_session_token! if user.respond_to?(:destroy_session_token!)
+end
+
+Janus::Manager.after_fetch do |user, manager, options|
+  if user.respond_to?(:session_token)
+    scope   = options[:scope]
+    session = manager.session(scope)
+    manager.unset_user(scope) unless session[:session_token] == user.session_token
+  end
+end

data/lib/janus/hooks/trackable.rb

@@ -0,0 +1,3 @@
+Janus::Manager.after_login do |user, manager, options|
+  user.track!(manager.request.remote_ip) if user.respond_to?(:track!)
+end