jashmenn-restful-authentication 2.0.0.beta1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (53) hide show
  1. data/CHANGELOG +68 -0
  2. data/README.textile +176 -0
  3. data/Rakefile +32 -0
  4. data/TODO +15 -0
  5. data/init.rb +3 -0
  6. data/lib/authentication.rb +44 -0
  7. data/lib/authentication/by_cookie_token.rb +82 -0
  8. data/lib/authentication/by_password.rb +64 -0
  9. data/lib/authorization.rb +14 -0
  10. data/lib/authorization/aasm_roles.rb +63 -0
  11. data/lib/authorization/stateful_roles.rb +62 -0
  12. data/lib/generators/authenticated/USAGE +1 -0
  13. data/lib/generators/authenticated/authenticated_generator.rb +524 -0
  14. data/lib/generators/authenticated/templates/_model_partial.html.erb +8 -0
  15. data/lib/generators/authenticated/templates/activation.erb +3 -0
  16. data/lib/generators/authenticated/templates/authenticated_system.rb +189 -0
  17. data/lib/generators/authenticated/templates/authenticated_test_helper.rb +22 -0
  18. data/lib/generators/authenticated/templates/controller.rb +41 -0
  19. data/lib/generators/authenticated/templates/features/accounts.feature +109 -0
  20. data/lib/generators/authenticated/templates/features/sessions.feature +134 -0
  21. data/lib/generators/authenticated/templates/features/step_definitions/ra_env.rb +9 -0
  22. data/lib/generators/authenticated/templates/features/step_definitions/ra_navigation_steps.rb +48 -0
  23. data/lib/generators/authenticated/templates/features/step_definitions/ra_resource_steps.rb +178 -0
  24. data/lib/generators/authenticated/templates/features/step_definitions/ra_response_steps.rb +169 -0
  25. data/lib/generators/authenticated/templates/features/step_definitions/rest_auth_features_helper.rb +81 -0
  26. data/lib/generators/authenticated/templates/features/step_definitions/user_steps.rb +131 -0
  27. data/lib/generators/authenticated/templates/helper.rb +2 -0
  28. data/lib/generators/authenticated/templates/login.html.erb +16 -0
  29. data/lib/generators/authenticated/templates/mailer.rb +26 -0
  30. data/lib/generators/authenticated/templates/migration.rb +26 -0
  31. data/lib/generators/authenticated/templates/model.rb +87 -0
  32. data/lib/generators/authenticated/templates/model_controller.rb +83 -0
  33. data/lib/generators/authenticated/templates/model_helper.rb +93 -0
  34. data/lib/generators/authenticated/templates/model_helper_spec.rb +158 -0
  35. data/lib/generators/authenticated/templates/observer.rb +11 -0
  36. data/lib/generators/authenticated/templates/signup.html.erb +19 -0
  37. data/lib/generators/authenticated/templates/signup_notification.erb +8 -0
  38. data/lib/generators/authenticated/templates/site_keys.rb +38 -0
  39. data/lib/generators/authenticated/templates/spec/controllers/access_control_spec.rb +101 -0
  40. data/lib/generators/authenticated/templates/spec/controllers/authenticated_system_spec.rb +102 -0
  41. data/lib/generators/authenticated/templates/spec/controllers/sessions_controller_spec.rb +127 -0
  42. data/lib/generators/authenticated/templates/spec/controllers/users_controller_spec.rb +131 -0
  43. data/lib/generators/authenticated/templates/spec/fixtures/users.yml +60 -0
  44. data/lib/generators/authenticated/templates/spec/helpers/users_helper_spec.rb +141 -0
  45. data/lib/generators/authenticated/templates/spec/models/user_spec.rb +227 -0
  46. data/lib/generators/authenticated/templates/test/functional_test.rb +82 -0
  47. data/lib/generators/authenticated/templates/test/mailer_test.rb +32 -0
  48. data/lib/generators/authenticated/templates/test/model_functional_test.rb +93 -0
  49. data/lib/generators/authenticated/templates/test/unit_test.rb +164 -0
  50. data/lib/tasks/auth.rake +33 -0
  51. data/lib/trustification.rb +14 -0
  52. data/lib/trustification/email_validation.rb +20 -0
  53. metadata +103 -0
@@ -0,0 +1,9 @@
1
+
2
+ Before do
3
+ Fixtures.reset_cache
4
+ fixtures_folder = File.join(RAILS_ROOT, 'spec', 'fixtures')
5
+ Fixtures.create_fixtures(fixtures_folder, "users")
6
+ end
7
+
8
+ # Make visible for testing
9
+ ApplicationController.send(:public, :logged_in?, :current_user, :authorized?)
@@ -0,0 +1,48 @@
1
+ #
2
+ # Where to go
3
+ #
4
+
5
+ #
6
+ # GET
7
+ # Go to a given page.
8
+ When "$actor goes to $path" do |actor, path|
9
+ case path
10
+ when 'the home page' then get '/'
11
+ else get path
12
+ end
13
+ end
14
+
15
+ # POST -- Ex:
16
+ # When she creates a book with ISBN: '0967539854' and comment: 'I love this book' and rating: '4'
17
+ # When she creates a singular session with login: 'reggie' and password: 'i_haxxor_joo'
18
+ # Since I'm not smart enough to do it right, explicitly specify singular resources
19
+ When /^(\w+) creates an? ([\w ]+) with ([\w: \',]+)$/ do |actor, resource, attributes|
20
+ attributes = attributes.to_hash_from_story
21
+ if resource =~ %r{singular ([\w/]+)}
22
+ resource = $1.downcase.singularize
23
+ post "/#{resource}", attributes
24
+ else
25
+ post "/#{resource.downcase.pluralize}", { resource.downcase.singularize => attributes }
26
+ end
27
+ end
28
+
29
+ # PUT
30
+ When %r{$actor asks to update '$resource' with $attributes} do |_, resource, attributes|
31
+ attributes = attributes.to_hash_from_story
32
+ put "#{resource}", attributes
33
+ dump_response
34
+ end
35
+
36
+ # DELETE -- Slap together the POST-form-as-fake-HTTP-DELETE submission
37
+ When %r{$actor asks to delete '$resource'} do |_, resource|
38
+ post "/#{resource.downcase.pluralize}", { :_method => :delete }
39
+ dump_response
40
+ end
41
+
42
+
43
+ # Redirect --
44
+ # Rather than coding in get/get_via_redirect's and past/p_v_r's,
45
+ # let's just demand that in the story itself.
46
+ When "$actor follows that redirect!" do |actor|
47
+ follow_redirect!
48
+ end
@@ -0,0 +1,178 @@
1
+ # The flexible code for resource testing came out of code from Ben Mabey
2
+ # http://www.benmabey.com/2008/02/04/rspec-plain-text-stories-webrat-chunky-bacon/
3
+
4
+ #
5
+ # Construct resources
6
+ #
7
+
8
+ #
9
+ # Build a resource as described, store it as an @instance variable. Ex:
10
+ # "Given a user with login: 'mojojojo'"
11
+ # produces a User instance stored in @user with 'mojojojo' as its login
12
+ # attribute.
13
+ #
14
+ Given "a $resource instance with $attributes" do |resource, attributes|
15
+ klass, instance, attributes = parse_resource_args resource, attributes
16
+ instance = klass.new(attributes)
17
+ instance.save!
18
+ find_resource(resource, attributes).should_not be_nil
19
+ keep_instance! resource, instance
20
+ end
21
+
22
+ #
23
+ # Stuff attributes into a preexisting @resource
24
+ # "And the user has thac0: 3"
25
+ # takes the earlier-defined @user instance and sets its thac0 to '3'.
26
+ #
27
+ Given "the $resource has $attributes" do |resource, attributes|
28
+ klass, instance, attributes = parse_resource_args resource, attributes
29
+ attributes.each do |attr, val|
30
+ instance.send("#{attr}=", val)
31
+ end
32
+ instance.save!
33
+ find_resource(resource, attributes).should_not be_nil
34
+ keep_instance! resource, instance
35
+ end
36
+
37
+ #
38
+ # Destroy all for this resource
39
+ #
40
+ Given "no $resource with $attr: '$val' exists" do |resource, attr, val|
41
+ klass, instance = parse_resource_args resource
42
+ klass.destroy_all(attr.to_sym => val)
43
+ instance = find_resource resource, attr.to_sym => val
44
+ instance.should be_nil
45
+ keep_instance! resource, instance
46
+ end
47
+
48
+ #
49
+ # Then's for resources
50
+ #
51
+
52
+ # Resource like this DOES exist
53
+ Then /^a (\w+) with ([\w: \']+) should exist$/ do |resource, attributes|
54
+ instance = find_resource resource, attributes
55
+ instance.should_not be_nil
56
+ keep_instance! resource, instance
57
+ end
58
+ # Resource like this DOES NOT exist
59
+ Then /^no (\w+) with ([\w: \']+) should exist$/ do |resource, attributes|
60
+ instance = find_resource resource, attributes
61
+ instance.should be_nil
62
+ end
63
+
64
+ # Resource has attributes with given values
65
+ Then "the $resource should have $attributes" do |resource, attributes|
66
+ klass, instance, attributes = parse_resource_args resource, attributes
67
+ attributes.each do |attr, val|
68
+ instance.send(attr).should == val
69
+ end
70
+ end
71
+
72
+ # Resource attributes should / should not be nil
73
+ Then "the $resource's $attr should be nil" do |resource, attr|
74
+ klass, instance = parse_resource_args resource
75
+ instance.send(attr).should be_nil
76
+ end
77
+ Then "the $resource's $attr should not be nil" do |resource, attr|
78
+ klass, instance = parse_resource_args resource
79
+ instance.send(attr).should_not be_nil
80
+ end
81
+
82
+ #
83
+ # Bank each of the @resource's listed attributes for later.
84
+ #
85
+ Given "we try hard to remember the $resource's $attributes" do |resource, attributes|
86
+ attributes = attributes.to_array_from_story
87
+ attributes.each do |attr|
88
+ memorize_resource_value resource, attr
89
+ end
90
+ end
91
+ #
92
+ # Bank each of the @resource's listed attributes for later.
93
+ #
94
+ Given "we don't remember anything about the past" do
95
+ memorize_forget_all!
96
+ end
97
+
98
+ #
99
+ # Compare @resource.attr to its earlier-memorized value.
100
+ # Specify ' using method_name' (abs, to_s, &c) to coerce before comparing.
101
+ # For important and mysterious reasons, timestamps want to_i or to_s.
102
+ #
103
+ Then /^the (\w+)\'s (\w+) should stay the same under (\w+)$/ do |resource, attr, func|
104
+ klass, instance = parse_resource_args resource
105
+ # Get the values
106
+ old_value = recall_resource_value(resource, attr)
107
+ new_value = instance.send(attr)
108
+ # Transform each value, maybe, using value.func
109
+ if func then new_value = new_value.send(func); old_value = old_value.send(func) end
110
+ # Compare
111
+ old_value.should eql(new_value)
112
+ end
113
+
114
+ #
115
+ # Look for each for the given attributes in the page's text
116
+ #
117
+ Then "page should have the $resource's $attributes" do |resource, attributes|
118
+ actual_resource = instantize(resource)
119
+ attributes.split(/, and |, /).each do |attribute|
120
+ response.should have_text(/#{actual_resource.send(attribute.strip.gsub(" ","_"))}/)
121
+ end
122
+ end
123
+
124
+ #
125
+ # Turn a resource name and a to_hash_from_story string like
126
+ # "attr: 'value', attr2: 'value2', ... , and attrN: 'valueN'"
127
+ # into
128
+ # * klass -- the class matching that Resource
129
+ # * instance -- the possibly-preexisting local instance value @resource
130
+ # * attributes -- a hash matching the given attribute-list string
131
+ #
132
+ def parse_resource_args resource, attributes=nil
133
+ instance = instantize resource
134
+ klass = resource.classify.constantize
135
+ attributes = attributes.to_hash_from_story if attributes
136
+ [klass, instance, attributes]
137
+ end
138
+
139
+ #
140
+ # Given a class name 'resource' and a hash of conditsion, find a model
141
+ #
142
+ def find_resource resource, conditions
143
+ klass, instance = parse_resource_args resource
144
+ conditions = conditions.to_hash_from_story unless (conditions.is_a? Hash)
145
+ klass.find(:first, :conditions => conditions)
146
+ end
147
+
148
+ #
149
+ # Simple, brittle, useful: store the given resource's attribute
150
+ # so we can compare it later.
151
+ #
152
+ def memorize_resource_value resource, attr
153
+ klass, instance = parse_resource_args resource
154
+ value = instance.send(attr)
155
+ @_memorized ||= {}
156
+ @_memorized[resource] ||= {}
157
+ @_memorized[resource][attr] = value
158
+ value
159
+ end
160
+ def recall_resource_value resource, attr
161
+ @_memorized[resource][attr]
162
+ end
163
+ def memorize_forget_all!
164
+ @_memorized = {}
165
+ end
166
+
167
+ #
168
+ # Keep the object around in a local instance variable @resource.
169
+ #
170
+ # So, for instance,
171
+ # klass, instance = parse_resource_args 'user'
172
+ # instance = klass.new({login => 'me', password => 'monkey', ...})
173
+ # keep_instance! resource, instance
174
+ # keeps the just-constructed User model in the @user instance variable.
175
+ #
176
+ def keep_instance! resource, object
177
+ instance_variable_set("@#{resource}", object)
178
+ end
@@ -0,0 +1,169 @@
1
+ #
2
+ # What you should see when you get there
3
+ #
4
+
5
+ #
6
+ # Destinations. Ex:
7
+ # She should be at the new kids page
8
+ # Tarkin should be at the destroy alderaan page
9
+ # The visitor should be at the '/lolcats/download' form
10
+ # The visitor should be redirected to '/hi/mom'
11
+ #
12
+ # It doesn't know anything about actual routes -- it just
13
+ # feeds its output to render_template or redirect_to
14
+ #
15
+ Then "$actor should be at $path" do |_, path|
16
+ response.should render_template(grok_path(path))
17
+ end
18
+
19
+ Then "$actor should be redirected to $path" do |_, path|
20
+ response.should redirect_to(grok_path(path))
21
+ end
22
+
23
+ Then "the page should look AWESOME" do
24
+ response.should have_tag('head>title')
25
+ response.should have_tag('h1')
26
+ # response.should be_valid_xhtml
27
+ end
28
+
29
+ #
30
+ # Tags
31
+ #
32
+
33
+ Then "the page should contain '$text'" do |_, text|
34
+ response.should have_text(/#{text}/)
35
+ end
36
+
37
+ # please note: this enforces the use of a <label> field
38
+ Then "$actor should see a <$container> containing a $attributes" do |_, container, attributes|
39
+ attributes = attributes.to_hash_from_story
40
+ response.should have_tag(container) do
41
+ attributes.each do |tag, label|
42
+ case tag
43
+ when "textfield" then with_tag "input[type='text']"; with_tag("label", label)
44
+ when "password" then with_tag "input[type='password']"; with_tag("label", label)
45
+ when "submit" then with_tag "input[type='submit'][value='#{label}']"
46
+ else with_tag tag, label
47
+ end
48
+ end
49
+ end
50
+ end
51
+
52
+ #
53
+ # Session, cookie variables
54
+ #
55
+ Then "$actor $token cookie should include $attrlist" do |_, token, attrlist|
56
+ attrlist = attrlist.to_array_from_story
57
+ cookies.include?(token).should be_true
58
+ attrlist.each do |val|
59
+ cookies[token].include?(val).should be_true
60
+ end
61
+ end
62
+
63
+ Then "$actor $token cookie should exist but not include $attrlist" do |_, token, attrlist|
64
+ attrlist = attrlist.to_array_from_story
65
+ cookies.include?(token).should be_true
66
+ puts [cookies, attrlist, token].to_yaml
67
+ attrlist.each do |val|
68
+ cookies[token].include?(val).should_not be_true
69
+ end
70
+ end
71
+
72
+ Then "$actor should have $an $token cookie" do |_, _, token|
73
+ cookies[token].should_not be_blank
74
+ end
75
+ Then "$actor should not have $an $token cookie" do |_, _, token|
76
+ cookies[token].should be_blank
77
+ end
78
+
79
+ Given "$actor has $an cookie jar with $attributes" do |_, _, attributes|
80
+ attributes = attributes.to_hash_from_story
81
+ attributes.each do |attr, val|
82
+ cookies[attr] = val
83
+ end
84
+ end
85
+ Given "$actor session store has no $attrlist" do |_, attrlist|
86
+ attrlist = attrlist.to_array_from_story
87
+ attrlist.each do |attr|
88
+ # Note that the comparison passes through 'to_s'
89
+ session[attr.to_sym] = nil
90
+ end
91
+ end
92
+
93
+ Then "$actor session store should have $attributes" do |_, attributes|
94
+ attributes = attributes.to_hash_from_story
95
+ attributes.each do |attr, val|
96
+ # Note that the comparison passes through 'to_s'
97
+ session[attr.to_sym].to_s.should eql(val)
98
+ end
99
+ end
100
+
101
+ Then "$actor session store should not have $attrlist" do |_, attrlist|
102
+ attrlist = attrlist.to_array_from_story
103
+ attrlist.each do |attr|
104
+ session[attr.to_sym].blank?.should be_true
105
+ end
106
+ end
107
+
108
+ #
109
+ # Flash messages
110
+ #
111
+
112
+ Then /^she should +see an? (\w+) message '([\w !\']+)'$/ do |notice, message|
113
+ response.should have_flash(notice, %r{#{message}})
114
+ end
115
+
116
+ Then "$actor should not see $an $notice message '$message'" do |_, _, notice, message|
117
+ response.should_not have_flash(notice, %r{#{message}})
118
+ end
119
+
120
+ Then "$actor should see no messages" do |_|
121
+ ['error', 'warning', 'notice'].each do |notice|
122
+ response.should_not have_flash(notice)
123
+ end
124
+ end
125
+
126
+ RE_POLITENESS = /(?:please|sorry|thank(?:s| you))/i
127
+ Then %r{we should be polite about it} do
128
+ response.should have_tag("div.error,div.notice", RE_POLITENESS)
129
+ end
130
+ Then %r{we should not even be polite about it} do
131
+ response.should_not have_tag("div.error,div.notice", RE_POLITENESS)
132
+ end
133
+
134
+ #
135
+ # Resource's attributes
136
+ #
137
+ # "Then page should have the $resource's $attributes" is in resource_steps
138
+
139
+ # helpful debug step
140
+ Then "we dump the response" do
141
+ dump_response
142
+ end
143
+
144
+
145
+ def have_flash notice, *args
146
+ have_tag("div.#{notice}", *args)
147
+ end
148
+
149
+ RE_PRETTY_RESOURCE = /the (index|show|new|create|edit|update|destroy) (\w+) (page|form)/i
150
+ RE_THE_FOO_PAGE = /the '?([^']*)'? (page|form)/i
151
+ RE_QUOTED_PATH = /^'([^']*)'$/i
152
+ def grok_path path
153
+ path.gsub(/\s+again$/,'') # strip trailing ' again'
154
+ case
155
+ when path == 'the home page' then dest = '/'
156
+ when path =~ RE_PRETTY_RESOURCE then dest = template_for $1, $2
157
+ when path =~ RE_THE_FOO_PAGE then dest = $1
158
+ when path =~ RE_QUOTED_PATH then dest = $1
159
+ else dest = path
160
+ end
161
+ dest
162
+ end
163
+
164
+ # turns 'new', 'road bikes' into 'road_bikes/new'
165
+ # note that it's "action resource"
166
+ def template_for(action, resource)
167
+ "#{resource.gsub(" ","_")}/#{action}"
168
+ end
169
+
@@ -0,0 +1,81 @@
1
+ # If you have a global stories helper, move this line there:
2
+ include AuthenticatedTestHelper
3
+
4
+ # Most of the below came out of code from Ben Mabey
5
+ # http://www.benmabey.com/2008/02/04/rspec-plain-text-stories-webrat-chunky-bacon/
6
+
7
+ # These allow exceptions to come through as opposed to being caught and having non-helpful responses returned.
8
+ ActionController::Base.class_eval do
9
+ def perform_action
10
+ perform_action_without_rescue
11
+ end
12
+ end
13
+ Dispatcher.class_eval do
14
+ def self.failsafe_response(output, status, exception = nil)
15
+ raise exception
16
+ end
17
+ end
18
+
19
+ #
20
+ # Sugar for turning a story's attribute list into list, array, etc.
21
+ #
22
+ module ToFooFromStory
23
+ def ToFooFromStory.fix_key key
24
+ key.downcase.gsub(/\s+/, '_')
25
+ end
26
+ def ToFooFromStory.fix_value value
27
+ return '' if !value
28
+ value.strip!
29
+ case
30
+ when value =~ /^'(.*)'$/ then value = $1
31
+ when value =~ /^"(.*)"$/ then value = $1
32
+ when value == 'nil!' then value = nil
33
+ when value == 'non-nil!' then value = be_nil
34
+ when value =~ /^#\{(.*)\}$/ then value = eval($1)
35
+ end
36
+ value
37
+ end
38
+ # Converts a key: value list found in the steps into a hash.
39
+ # Example:
40
+ # ISBN: '0967539854' and comment: 'I love this book' and Quality rating: '4'
41
+ # # => {"quality_rating"=>"4", "isbn"=>"0967539854", "comment"=>"I love this book"}
42
+ def to_hash_from_story
43
+ hsh = self.split(/,? and |, /).inject({}) do |hash_so_far, key_value|
44
+ key, value = key_value.split(":")
45
+ if !value then warn "Couldn't understand story '#{self}': only understood up to the part '#{hash_so_far.to_yaml}'" end
46
+ hash_so_far.merge(ToFooFromStory::fix_key(key) => ToFooFromStory::fix_value(value))
47
+ end
48
+ end
49
+ # Coverts an attribute list found in the steps into an array
50
+ # Example:
51
+ # login, email, updated_at, and gravatar
52
+ # # => ['login', 'email', 'updated_at', 'gravatar']
53
+ def to_array_from_story
54
+ self.split(/,? and |, /).map do |value|
55
+ ToFooFromStory::fix_value(value)
56
+ end
57
+ end
58
+ end
59
+ class String
60
+ include ToFooFromStory
61
+ end
62
+
63
+ def instantize(string)
64
+ instance_variable_get("@#{string}")
65
+ end
66
+
67
+ #
68
+ # Spew response onto screen -- painful but scrolling >> debugger
69
+ #
70
+ def dump_response
71
+ # note that @request and @template won't to_yaml and that @session includes @cgi
72
+ response_methods = response.instance_variables - ['@request', '@template', '@cgi']
73
+ request_methods = response.request.instance_variables - ['@session_options_with_string_keys', '@cgi', '@session']
74
+ response_methods.map!{|attr| attr.gsub(/^@/,'')}.sort!
75
+ request_methods.map!{ |attr| attr.gsub(/^@/,'')}.sort!
76
+ puts '', '*' * 75,
77
+ response.instance_values.slice(*response_methods).to_yaml,
78
+ "*" * 75, '',
79
+ response.request.instance_values.slice(*request_methods).to_yaml,
80
+ "*" * 75, ''
81
+ end