jashmenn-restful-authentication 2.0.0.beta1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (53) hide show
  1. data/CHANGELOG +68 -0
  2. data/README.textile +176 -0
  3. data/Rakefile +32 -0
  4. data/TODO +15 -0
  5. data/init.rb +3 -0
  6. data/lib/authentication.rb +44 -0
  7. data/lib/authentication/by_cookie_token.rb +82 -0
  8. data/lib/authentication/by_password.rb +64 -0
  9. data/lib/authorization.rb +14 -0
  10. data/lib/authorization/aasm_roles.rb +63 -0
  11. data/lib/authorization/stateful_roles.rb +62 -0
  12. data/lib/generators/authenticated/USAGE +1 -0
  13. data/lib/generators/authenticated/authenticated_generator.rb +524 -0
  14. data/lib/generators/authenticated/templates/_model_partial.html.erb +8 -0
  15. data/lib/generators/authenticated/templates/activation.erb +3 -0
  16. data/lib/generators/authenticated/templates/authenticated_system.rb +189 -0
  17. data/lib/generators/authenticated/templates/authenticated_test_helper.rb +22 -0
  18. data/lib/generators/authenticated/templates/controller.rb +41 -0
  19. data/lib/generators/authenticated/templates/features/accounts.feature +109 -0
  20. data/lib/generators/authenticated/templates/features/sessions.feature +134 -0
  21. data/lib/generators/authenticated/templates/features/step_definitions/ra_env.rb +9 -0
  22. data/lib/generators/authenticated/templates/features/step_definitions/ra_navigation_steps.rb +48 -0
  23. data/lib/generators/authenticated/templates/features/step_definitions/ra_resource_steps.rb +178 -0
  24. data/lib/generators/authenticated/templates/features/step_definitions/ra_response_steps.rb +169 -0
  25. data/lib/generators/authenticated/templates/features/step_definitions/rest_auth_features_helper.rb +81 -0
  26. data/lib/generators/authenticated/templates/features/step_definitions/user_steps.rb +131 -0
  27. data/lib/generators/authenticated/templates/helper.rb +2 -0
  28. data/lib/generators/authenticated/templates/login.html.erb +16 -0
  29. data/lib/generators/authenticated/templates/mailer.rb +26 -0
  30. data/lib/generators/authenticated/templates/migration.rb +26 -0
  31. data/lib/generators/authenticated/templates/model.rb +87 -0
  32. data/lib/generators/authenticated/templates/model_controller.rb +83 -0
  33. data/lib/generators/authenticated/templates/model_helper.rb +93 -0
  34. data/lib/generators/authenticated/templates/model_helper_spec.rb +158 -0
  35. data/lib/generators/authenticated/templates/observer.rb +11 -0
  36. data/lib/generators/authenticated/templates/signup.html.erb +19 -0
  37. data/lib/generators/authenticated/templates/signup_notification.erb +8 -0
  38. data/lib/generators/authenticated/templates/site_keys.rb +38 -0
  39. data/lib/generators/authenticated/templates/spec/controllers/access_control_spec.rb +101 -0
  40. data/lib/generators/authenticated/templates/spec/controllers/authenticated_system_spec.rb +102 -0
  41. data/lib/generators/authenticated/templates/spec/controllers/sessions_controller_spec.rb +127 -0
  42. data/lib/generators/authenticated/templates/spec/controllers/users_controller_spec.rb +131 -0
  43. data/lib/generators/authenticated/templates/spec/fixtures/users.yml +60 -0
  44. data/lib/generators/authenticated/templates/spec/helpers/users_helper_spec.rb +141 -0
  45. data/lib/generators/authenticated/templates/spec/models/user_spec.rb +227 -0
  46. data/lib/generators/authenticated/templates/test/functional_test.rb +82 -0
  47. data/lib/generators/authenticated/templates/test/mailer_test.rb +32 -0
  48. data/lib/generators/authenticated/templates/test/model_functional_test.rb +93 -0
  49. data/lib/generators/authenticated/templates/test/unit_test.rb +164 -0
  50. data/lib/tasks/auth.rake +33 -0
  51. data/lib/trustification.rb +14 -0
  52. data/lib/trustification/email_validation.rb +20 -0
  53. metadata +103 -0
@@ -0,0 +1,131 @@
1
+ RE_User = %r{(?:(?:the )? *(\w+) *)}
2
+ RE_User_TYPE = %r{(?: *(\w+)? *)}
3
+
4
+ #
5
+ # Setting
6
+ #
7
+
8
+ Given "an anonymous user" do
9
+ log_out!
10
+ end
11
+
12
+ Given "$an $user_type user with $attributes" do |_, user_type, attributes|
13
+ create_user! user_type, attributes.to_hash_from_story
14
+ end
15
+
16
+ Given "$an $user_type user named '$login'" do |_, user_type, login|
17
+ create_user! user_type, named_user(login)
18
+ end
19
+
20
+ Given "$an $user_type user logged in as '$login'" do |_, user_type, login|
21
+ create_user! user_type, named_user(login)
22
+ log_in_user!
23
+ end
24
+
25
+ Given "$actor is logged in" do |_, login|
26
+ log_in_user! @user_params || named_user(login)
27
+ end
28
+
29
+ Given "there is no $user_type user named '$login'" do |_, login|
30
+ @user = User.find_by_login(login)
31
+ @user.destroy! if @user
32
+ @user.should be_nil
33
+ end
34
+
35
+ #
36
+ # Actions
37
+ #
38
+ When "$actor logs out" do
39
+ log_out
40
+ end
41
+
42
+ When "$actor registers an account as the preloaded '$login'" do |_, login|
43
+ user = named_user(login)
44
+ user['password_confirmation'] = user['password']
45
+ create_user user
46
+ end
47
+
48
+ When "$actor registers an account with $attributes" do |_, attributes|
49
+ create_user attributes.to_hash_from_story
50
+ end
51
+
52
+
53
+ When "$actor logs in with $attributes" do |_, attributes|
54
+ log_in_user attributes.to_hash_from_story
55
+ end
56
+
57
+ #
58
+ # Result
59
+ #
60
+ Then "$actor should be invited to sign in" do |_|
61
+ response.should render_template('/sessions/new')
62
+ end
63
+
64
+ Then "$actor should not be logged in" do |_|
65
+ controller.logged_in?.should_not be_true
66
+ end
67
+
68
+ Then "$login should be logged in" do |login|
69
+ controller.logged_in?.should be_true
70
+ controller.current_user.should === @user
71
+ controller.current_user.login.should == login
72
+ end
73
+
74
+ def named_user login
75
+ user_params = {
76
+ 'admin' => {'id' => 1, 'login' => 'addie', 'password' => '1234addie', 'email' => 'admin@example.com', },
77
+ 'oona' => { 'login' => 'oona', 'password' => '1234oona', 'email' => 'unactivated@example.com'},
78
+ 'reggie' => { 'login' => 'reggie', 'password' => 'monkey', 'email' => 'registered@example.com' },
79
+ }
80
+ user_params[login.downcase]
81
+ end
82
+
83
+ #
84
+ # User account actions.
85
+ #
86
+ # The ! methods are 'just get the job done'. It's true, they do some testing of
87
+ # their own -- thus un-DRY'ing tests that do and should live in the user account
88
+ # stories -- but the repetition is ultimately important so that a faulty test setup
89
+ # fails early.
90
+ #
91
+
92
+ def log_out
93
+ get '/sessions/destroy'
94
+ end
95
+
96
+ def log_out!
97
+ log_out
98
+ response.should redirect_to('/')
99
+ follow_redirect!
100
+ end
101
+
102
+ def create_user(user_params={})
103
+ @user_params ||= user_params
104
+ post "/users", :user => user_params
105
+ @user = User.find_by_login(user_params['login'])
106
+ end
107
+
108
+ def create_user!(user_type, user_params)
109
+ user_params['password_confirmation'] ||= user_params['password'] ||= user_params['password']
110
+ create_user user_params
111
+ response.should redirect_to('/')
112
+ follow_redirect!
113
+
114
+ end
115
+
116
+
117
+
118
+ def log_in_user user_params=nil
119
+ @user_params ||= user_params
120
+ user_params ||= @user_params
121
+ post "/session", user_params
122
+ @user = User.find_by_login(user_params['login'])
123
+ controller.current_user
124
+ end
125
+
126
+ def log_in_user! *args
127
+ log_in_user *args
128
+ response.should redirect_to('/')
129
+ follow_redirect!
130
+ response.should have_flash("notice", /Logged in successfully/)
131
+ end
@@ -0,0 +1,2 @@
1
+ module <%= controller_class_name %>Helper
2
+ end
@@ -0,0 +1,16 @@
1
+ <h1>Log In</h1>
2
+
3
+ <%%= form_tag <%= controller_routing_name %>_path do -%>
4
+ <p><%%= label_tag 'login' %><br />
5
+ <%%= text_field_tag 'login', @login %></p>
6
+
7
+ <p><%%= label_tag 'password' %><br/>
8
+ <%%= password_field_tag 'password', nil %></p>
9
+
10
+ <!-- Uncomment this if you want this functionality
11
+ <p><%%= label_tag 'remember_me', 'Remember me' %>
12
+ <%%= check_box_tag 'remember_me', '1', @remember_me %></p>
13
+ -->
14
+
15
+ <p><%%= submit_tag 'Log in' %></p>
16
+ <%% end -%>
@@ -0,0 +1,26 @@
1
+ class <%= class_name %>Mailer < ActionMailer::Base
2
+
3
+ def signup_notification(<%= file_name %>)
4
+ setup_email(<%= file_name %>)
5
+ @subject += 'Please activate your new account'
6
+ @url = <% if options.include_activation? %>"http://YOURSITE/activate/#{<%= file_name %>.activation_code}"<%
7
+ else %>"http://YOURSITE/login/" <% end %>
8
+ end
9
+
10
+ def activation(<%= file_name %>)
11
+ setup_email(<%= file_name %>)
12
+ @subject += 'Your account has been activated!'
13
+ @url = "http://YOURSITE/"
14
+ end
15
+
16
+ protected
17
+
18
+ def setup_email(<%= file_name %>)
19
+ @recipients = "#{<%= file_name %>.email}"
20
+ @from = "ADMINEMAIL"
21
+ @subject = "[YOURSITE] "
22
+ @sent_on = Time.now
23
+ @<%= file_name %> = <%= file_name %>
24
+ end
25
+
26
+ end
@@ -0,0 +1,26 @@
1
+ class <%= migration_name %> < ActiveRecord::Migration
2
+ def self.up
3
+ create_table "<%= table_name %>" do |t|
4
+ t.column :login, :string, :limit => 40
5
+ t.column :name, :string, :limit => 100, :default => '', :null => true
6
+ t.column :email, :string, :limit => 100
7
+ t.column :crypted_password, :string, :limit => 40
8
+ t.column :salt, :string, :limit => 40
9
+ t.column :created_at, :datetime
10
+ t.column :updated_at, :datetime
11
+ t.column :remember_token, :string, :limit => 40
12
+ t.column :remember_token_expires_at, :datetime
13
+ <% if options.include_activation? -%>
14
+ t.column :activation_code, :string, :limit => 40
15
+ t.column :activated_at, :datetime<% end %>
16
+ <% if options.stateful? -%>
17
+ t.column :state, :string, :null => :no, :default => 'passive'
18
+ t.column :deleted_at, :datetime<% end %>
19
+ end
20
+ add_index :<%= table_name %>, :login, :unique => true
21
+ end
22
+
23
+ def self.down
24
+ drop_table "<%= table_name %>"
25
+ end
26
+ end
@@ -0,0 +1,87 @@
1
+ require 'digest/sha1'
2
+
3
+ class <%= class_name %> < ActiveRecord::Base
4
+ include Authentication
5
+ include Authentication::ByPassword
6
+ include Authentication::ByCookieToken
7
+ <% if options.aasm? -%>
8
+ include Authorization::AasmRoles
9
+ <% elsif options.stateful? -%>
10
+ include Authorization::StatefulRoles<% end %>
11
+ <% unless options.skip_migration? -%>
12
+ set_table_name '<%= table_name %>'<% end %>
13
+
14
+ validates :login, :presence => true,
15
+ :uniqueness => true,
16
+ :length => { :within => 3..40 },
17
+ :format => { :with => Authentication.login_regex, :message => Authentication.bad_login_message }
18
+
19
+ validates :name, :format => { :with => Authentication.name_regex, :message => Authentication.bad_name_message },
20
+ :length => { :maximum => 100 },
21
+ :allow_nil => true
22
+
23
+ validates :email, :presence => true,
24
+ :uniqueness => true,
25
+ :format => { :with => Authentication.email_regex, :message => Authentication.bad_email_message },
26
+ :length => { :within => 6..100 }
27
+
28
+ <% if options.include_activation? && !options.stateful? %>before_create :make_activation_code <% end %>
29
+
30
+ # HACK HACK HACK -- how to do attr_accessible from here?
31
+ # prevents a user from submitting a crafted form that bypasses activation
32
+ # anything else you want your user to change should be added here.
33
+ attr_accessible :login, :email, :name, :password, :password_confirmation
34
+
35
+ <% if options.include_activation? && !options.stateful? %>
36
+ # Activates the user in the database.
37
+ def activate!
38
+ @activated = true
39
+ self.activated_at = Time.now.utc
40
+ self.activation_code = nil
41
+ save(:validate => false)
42
+ end
43
+
44
+ # Returns true if the user has just been activated.
45
+ def recently_activated?
46
+ @activated
47
+ end
48
+
49
+ def active?
50
+ # the existence of an activation code means they have not activated yet
51
+ activation_code.nil?
52
+ end<% end %>
53
+
54
+ # Authenticates a user by their login name and unencrypted password. Returns the user or nil.
55
+ #
56
+ # uff. this is really an authorization, not authentication routine.
57
+ # We really need a Dispatch Chain here or something.
58
+ # This will also let us return a human error message.
59
+ #
60
+ def self.authenticate(login, password)
61
+ return nil if login.blank? || password.blank?
62
+ u = <% if options.stateful? %>find_in_state :first, :active, :conditions => {:login => login.downcase}<%
63
+ elsif options.include_activation? %>where(['login = ? and activated_at IS NOT NULL', login]).first<%
64
+ else %>find_by_login(login.downcase)<% end %> # need to get the salt
65
+ u && u.authenticated?(password) ? u : nil
66
+ end
67
+
68
+ def login=(value)
69
+ write_attribute :login, (value ? value.downcase : nil)
70
+ end
71
+
72
+ def email=(value)
73
+ write_attribute :email, (value ? value.downcase : nil)
74
+ end
75
+
76
+ protected
77
+
78
+ <% if options.include_activation? -%>
79
+ def make_activation_code
80
+ <% if options.stateful? -%>
81
+ self.deleted_at = nil
82
+ <% end -%>
83
+ self.activation_code = self.class.make_token
84
+ end
85
+ <% end %>
86
+
87
+ end
@@ -0,0 +1,83 @@
1
+ class <%= model_controller_class_name %>Controller < ApplicationController
2
+ # Be sure to include AuthenticationSystem in Application Controller instead
3
+ include AuthenticatedSystem
4
+ <% if options.stateful? %>
5
+ # Protect these actions behind an admin login
6
+ # before_filter :admin_required, :only => [:suspend, :unsuspend, :destroy, :purge]
7
+ before_filter :find_<%= file_name %>, :only => [:suspend, :unsuspend, :destroy, :purge]
8
+ <% end %>
9
+
10
+ # render new.rhtml
11
+ def new
12
+ @<%= file_name %> = <%= class_name %>.new
13
+ end
14
+
15
+ def create
16
+ logout_keeping_session!
17
+ @<%= file_name %> = <%= class_name %>.new(params[:<%= file_name %>])
18
+ <% if options.stateful? -%>
19
+ @<%= file_name %>.register! if @<%= file_name %> && @<%= file_name %>.valid?
20
+ success = @<%= file_name %> && @<%= file_name %>.valid?
21
+ <% else -%>
22
+ success = @<%= file_name %> && @<%= file_name %>.save
23
+ <% end -%>
24
+ if success && @<%= file_name %>.errors.empty?
25
+ <% if !options.include_activation? -%>
26
+ # Protects against session fixation attacks, causes request forgery
27
+ # protection if visitor resubmits an earlier form using back
28
+ # button. Uncomment if you understand the tradeoffs.
29
+ # reset session
30
+ self.current_<%= file_name %> = @<%= file_name %> # !! now logged in
31
+ <% end -%>redirect_back_or_default('/', :notice => "Thanks for signing up! We're sending you an email with your activation code.")
32
+ else
33
+ flash.now[:error] = "We couldn't set up that account, sorry. Please try again, or contact an admin (link is above)."
34
+ render :action => 'new'
35
+ end
36
+ end
37
+ <% if options.include_activation? %>
38
+ def activate
39
+ logout_keeping_session!
40
+ <%= file_name %> = <%= class_name %>.find_by_activation_code(params[:activation_code]) unless params[:activation_code].blank?
41
+ case
42
+ when (!params[:activation_code].blank?) && <%= file_name %> && !<%= file_name %>.active?
43
+ <%= file_name %>.activate!
44
+ redirect_to '/login', :notice => "Signup complete! Please sign in to continue."
45
+ when params[:activation_code].blank?
46
+ redirect_back_or_default('/', :flash => { :error => "The activation code was missing. Please follow the URL from your email." })
47
+ else
48
+ redirect_back_or_default('/', :flash => { :error => "We couldn't find a <%= file_name %> with that activation code -- check your email? Or maybe you've already activated -- try signing in." })
49
+ end
50
+ end
51
+ <% end %><% if options.stateful? %>
52
+ def suspend
53
+ @<%= file_name %>.suspend!
54
+ redirect_to <%= model_controller_routing_name %>_path
55
+ end
56
+
57
+ def unsuspend
58
+ @<%= file_name %>.unsuspend!
59
+ redirect_to <%= model_controller_routing_name %>_path
60
+ end
61
+
62
+ def destroy
63
+ @<%= file_name %>.delete!
64
+ redirect_to <%= model_controller_routing_name %>_path
65
+ end
66
+
67
+ def purge
68
+ @<%= file_name %>.destroy
69
+ redirect_to <%= model_controller_routing_name %>_path
70
+ end
71
+
72
+ # There's no page here to update or destroy a <%= file_name %>. If you add those, be
73
+ # smart -- make sure you check that the visitor is authorized to do so, that they
74
+ # supply their old password along with a new one to update it, etc.
75
+
76
+ protected
77
+
78
+ def find_<%= file_name %>
79
+ @<%= file_name %> = <%= class_name %>.find(params[:id])
80
+ end
81
+ <% end -%>
82
+
83
+ end
@@ -0,0 +1,93 @@
1
+ module <%= model_controller_class_name %>Helper
2
+
3
+ #
4
+ # Use this to wrap view elements that the user can't access.
5
+ # !! Note: this is an *interface*, not *security* feature !!
6
+ # You need to do all access control at the controller level.
7
+ #
8
+ # Example:
9
+ # <%%= if_authorized?(:index, User) do link_to('List all users', users_path) end %> |
10
+ # <%%= if_authorized?(:edit, @user) do link_to('Edit this user', edit_user_path) end %> |
11
+ # <%%= if_authorized?(:destroy, @user) do link_to 'Destroy', @user, :confirm => 'Are you sure?', :method => :delete end %>
12
+ #
13
+ #
14
+ def if_authorized?(action, resource, &block)
15
+ if authorized?(action, resource)
16
+ yield action, resource
17
+ end
18
+ end
19
+
20
+ #
21
+ # Link to user's page ('<%= table_name %>/1')
22
+ #
23
+ # By default, their login is used as link text and link title (tooltip)
24
+ #
25
+ # Takes options
26
+ # * :content_text => 'Content text in place of <%= file_name %>.login', escaped with
27
+ # the standard h() function.
28
+ # * :content_method => :<%= file_name %>_instance_method_to_call_for_content_text
29
+ # * :title_method => :<%= file_name %>_instance_method_to_call_for_title_attribute
30
+ # * as well as link_to()'s standard options
31
+ #
32
+ # Examples:
33
+ # link_to_<%= file_name %> @<%= file_name %>
34
+ # # => <a href="/<%= table_name %>/3" title="barmy">barmy</a>
35
+ #
36
+ # # if you've added a .name attribute:
37
+ # content_tag :span, :class => :vcard do
38
+ # (link_to_<%= file_name %> <%= file_name %>, :class => 'fn n', :title_method => :login, :content_method => :name) +
39
+ # ': ' + (content_tag :span, <%= file_name %>.email, :class => 'email')
40
+ # end
41
+ # # => <span class="vcard"><a href="/<%= table_name %>/3" title="barmy" class="fn n">Cyril Fotheringay-Phipps</a>: <span class="email">barmy@blandings.com</span></span>
42
+ #
43
+ # link_to_<%= file_name %> @<%= file_name %>, :content_text => 'Your user page'
44
+ # # => <a href="/<%= table_name %>/3" title="barmy" class="nickname">Your user page</a>
45
+ #
46
+ def link_to_<%= file_name %>(<%= file_name %>, options={})
47
+ raise "Invalid <%= file_name %>" unless <%= file_name %>
48
+ options.reverse_merge! :content_method => :login, :title_method => :login, :class => :nickname
49
+ content_text = options.delete(:content_text)
50
+ content_text ||= <%= file_name %>.send(options.delete(:content_method))
51
+ options[:title] ||= <%= file_name %>.send(options.delete(:title_method))
52
+ link_to h(content_text), <%= model_controller_routing_name.singularize %>_path(<%= file_name %>), options
53
+ end
54
+
55
+ #
56
+ # Link to login page using remote ip address as link content
57
+ #
58
+ # The :title (and thus, tooltip) is set to the IP address
59
+ #
60
+ # Examples:
61
+ # link_to_login_with_IP
62
+ # # => <a href="/login" title="169.69.69.69">169.69.69.69</a>
63
+ #
64
+ # link_to_login_with_IP :content_text => 'not signed in'
65
+ # # => <a href="/login" title="169.69.69.69">not signed in</a>
66
+ #
67
+ def link_to_login_with_IP content_text=nil, options={}
68
+ ip_addr = request.remote_ip
69
+ content_text ||= ip_addr
70
+ options.reverse_merge! :title => ip_addr
71
+ if tag = options.delete(:tag)
72
+ content_tag tag, h(content_text), options
73
+ else
74
+ link_to h(content_text), login_path, options
75
+ end
76
+ end
77
+
78
+ #
79
+ # Link to the current user's page (using link_to_<%= file_name %>) or to the login page
80
+ # (using link_to_login_with_IP).
81
+ #
82
+ def link_to_current_<%= file_name %>(options={})
83
+ if current_<%= file_name %>
84
+ link_to_<%= file_name %> current_<%= file_name %>, options
85
+ else
86
+ content_text = options.delete(:content_text) || 'not signed in'
87
+ # kill ignored options from link_to_<%= file_name %>
88
+ [:content_method, :title_method].each{|opt| options.delete(opt)}
89
+ link_to_login_with_IP content_text, options
90
+ end
91
+ end
92
+
93
+ end