letmein 0.0.5 → 0.0.6

data/README.md

@@ -1,26 +1,29 @@
 letmein
 =======
 
-**letmein** is a minimalistic authentication plugin for Rails applications. It doesn't have anything other than the LetMeIn::Session object that you can use to authenticate logins.
+**letmein** is a minimalistic authentication plugin for Rails 3 applications. It doesn't have anything other than the UserSession (or WhateverSession) object that you can use to authenticate logins.
 
 Setup
 =====
-Assuming the model you want to authenticate has fields: *email*, *password_hash* and *password_salt* all you need to add for that model is this:
-    
-    class User < ActiveRecord::Base
-      letmein
-    end
-    
-If you want to use *username* instead of *email* and if maybe you prefer naming from password and salt columns to something else do this:
+
+Plug the thing below into Gemfile and you know what to do after.
+
+    gem 'letmein'
+
+If you want to authenticate *User* with database fields *email*, *password_hash* and *password_salt* you don't need to do anything. If you're authenticating something else, you want something like this in your initializers:
     
-    class User < ActiveRecord::Base
-      letmein :username, :encrypted_password, :salt
-    end
+    LetMeIn.initialize(
+      :model      => 'Account',
+      :identifier => 'username',
+      :password   => 'password_crypt',
+      :salt       => 'salty_salt
+    )
     
-When creating/updating a user record you have access to *password* accessor.
+When creating/updating a record you have access to *password* accessor.
     
     >> user = User.new(:email => 'example@example.com', :password => 'letmein')
     >> user.save!
+    => true
     >> user.password_hash 
     => $2a$10$0MeSaaE3I7.0FQ5ZDcKPJeD1.FzqkcOZfEKNZ/DNN.w8xOwuFdBCm
     >> user.password_salt
@@ -29,9 +32,9 @@ When creating/updating a user record you have access to *password* accessor.
 Authentication
 ==============
 
-You authenticate using LetMeIn::Session object. Example:
+You authenticate using UserSession object. Example:
     
-    >> session = LetMeIn::Session.new(:email => 'example@example.com', :password => 'letmein')
+    >> session = UserSession.new(:email => 'example@example.com', :password => 'letmein')
     >> session.save
     => true
     >> session.user
@@ -39,7 +42,7 @@ You authenticate using LetMeIn::Session object. Example:
     
 When credentials are invalid:
     
-    >> session = LetMeIn::Session.new(:email => 'example@example.com', :password => 'bad_password')
+    >> session = UserSession.new(:email => 'example@example.com', :password => 'bad_password')
     >> session.save
     => false
     >> session.user
@@ -47,15 +50,17 @@ When credentials are invalid:
     
 Usage
 =====
+
 There are no built-in routes/controllers/views/helpers or anything. I'm confident you can do those yourself, because you're awesome. But here's an example how you can implement the controller handling the login:
 
     class SessionsController < ApplicationController
       def create
-        @session = LetMeIn::Session.new(params)
+        @session = UserSession.new(params[:user_session])
         @session.save!
         session[:user_id] = @session.user.id
         flash[:notice] = "Welcome back #{@session.user.name}!"
         redirect_to '/'
+        
       rescue LetMeIn::Error
         flash.now[:error] = 'Invalid Credentials'
         render :action => :new
@@ -64,9 +69,17 @@ There are no built-in routes/controllers/views/helpers or anything. I'm confiden
     
 Upon successful login you have access to *session[:user_id]*. The rest is up to you.
 
-Copyright
-=========
-(c) 2011 Oleg Khabarov, released under the MIT license
+Authenticating Multiple Models
+==============================
+Yes, you can do that too. Let's assume you also want to authenticate admins that don't have email addresses, but have usernames.
 
+    LetMeIn.initialize(
+      :model      => ['User', 'Admin'],
+      :identifier => ['email', 'username']
+    )
+    
+Bam! You're done. Now you have an AdminSession object that will use *username* and *password* to authenticate.
 
-    
+Copyright
+=========
+(c) 2011 Oleg Khabarov, released under the MIT license

data/VERSION

@@ -1 +1 @@
-0.0.5
+0.0.6

data/letmein.gemspec

@@ -5,11 +5,11 @@
 
 Gem::Specification.new do |s|
   s.name = %q{letmein}
-  s.version = "0.0.5"
+  s.version = "0.0.6"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["Oleg Khabarov"]
-  s.date = %q{2011-03-27}
+  s.date = %q{2011-03-28}
   s.description = %q{minimalistic authentication}
   s.email = %q{oleg@khabarov.ca}
   s.extra_rdoc_files = [

data/lib/letmein.rb

@@ -3,15 +3,7 @@ require 'bcrypt'
 
 module LetMeIn
   
-  mattr_accessor :model, :identifier, :password, :salt
-  
-  def self.initialize(params = {})
-    @@model       = params[:model]      || 'User'
-    @@identifier  = params[:identifier] || 'email'
-    @@password    = params[:password]   || 'password_hash'
-    @@salt        = params[:salt]       || 'password_salt'
-    @@model.constantize.send :include, LetMeIn::Model
-  end
+  Error = Class.new StandardError
   
   class Railtie < Rails::Railtie
     config.after_initialize do
@@ -19,7 +11,81 @@ module LetMeIn
     end
   end
   
-  class Error < StandardError
+  mattr_accessor :models, :identifiers, :passwords, :salts
+  def self.initialize(params = {})
+    @@models      = [params[:model]      || 'User'          ].flatten
+    @@identifiers = [params[:identifier] || 'email'         ].flatten
+    @@passwords   = [params[:password]   || 'password_hash' ].flatten
+    @@salts       = [params[:salt]       || 'password_salt' ].flatten
+    
+    def self.accessor(name, index = 0)
+      name = name.to_s.pluralize
+      self.send(name)[index] || self.send(name)[0]
+    end
+    
+    @@models.each do |model|
+      
+      model.constantize.send :include, LetMeIn::Model
+      
+      Object.const_set("#{model.to_s.camelize}Session", Class.new do
+        include ActiveModel::Validations
+        attr_accessor :identifier, :password, :authenticated_object
+        validate :authenticate
+        
+        def initialize(params = { })
+          unless params.blank?
+            i = LetMeIn.accessor(:identifier, LetMeIn.models.index(self.class.to_s.gsub('Session','')))
+            self.identifier = params[:identifier] || params[i.to_sym]
+            self.password   = params[:password]
+          end
+        end
+        
+        def save
+          self.valid?
+        end
+        
+        def save!
+          save || raise(LetMeIn::Error, 'Failed to authenticate')
+        end
+        
+        def self.create(params = {})
+          object = self.new(params); object.save; object
+        end
+        
+        def self.create!(params = {})
+          object = self.new(params); object.save!; object
+        end
+        
+        def method_missing(method_name, *args)
+          m = self.class.to_s.gsub('Session','')
+          i = LetMeIn.accessor(:identifier, LetMeIn.models.index(m))
+          case method_name.to_s
+            when i            then self.identifier
+            when "#{i}="      then self.identifier = args[0]
+            when m.underscore then self.authenticated_object
+            else super
+          end
+        end
+        
+        def authenticate
+          m = self.class.to_s.gsub('Session','')
+          i = LetMeIn.accessor(:identifier, LetMeIn.models.index(m))
+          p = LetMeIn.accessor(:password, LetMeIn.models.index(m))
+          s = LetMeIn.accessor(:password, LetMeIn.models.index(m))
+          object = m.constantize.send("find_by_#{i}", self.identifier)
+          self.authenticated_object = if object && object.send(p) == BCrypt::Engine.hash_secret(self.password, object.send(s))
+            object
+          else
+            errors.add :base, 'Failed to authenticate'
+            nil
+          end
+        end
+        
+        def to_key
+          nil
+        end
+      end)
+    end
   end
   
   module Model
@@ -27,74 +93,16 @@ module LetMeIn
       base.instance_eval do
         attr_accessor :password
         before_save :encrypt_password
-      end
-      base.class_eval do
-        class_eval %Q^
-          def encrypt_password
-            if password.present?
-              self.send("#{LetMeIn.salt}=", BCrypt::Engine.generate_salt)
-              self.send("#{LetMeIn.password}=", BCrypt::Engine.hash_secret(password, self.send(LetMeIn.salt)))
-            end
+        
+        define_method :encrypt_password do
+          if password.present?
+            p = LetMeIn.accessor(:password, LetMeIn.models.index(self.class.to_s))
+            s = LetMeIn.accessor(:salt, LetMeIn.models.index(self.class.to_s))
+            self.send("#{s}=", BCrypt::Engine.generate_salt)
+            self.send("#{p}=", BCrypt::Engine.hash_secret(password, self.send(s)))
           end
-        ^
-      end
-    end
-  end
-  
-  class Session
-    include ActiveModel::Validations
-    attr_accessor :identifier, :password, :authenticated_object
-    validate :authenticate
-    
-    def initialize(params = { })
-      unless params.blank?
-        self.identifier = params[:identifier] || params[LetMeIn.identifier.to_sym]
-        self.password   = params[:password]
+        end
       end
     end
-    
-    def save
-      self.valid?
-    end
-    
-    def save!
-      save || raise(LetMeIn::Error, 'Failed to authenticate')
-    end
-    
-    def self.create(params = {})
-      object = self.new(params)
-      object.save
-      object
-    end
-    
-    def self.create!(params = {})
-      object = self.new(params)
-      object.save!
-      object
-    end
-    
-    # Mapping to the identifier and authenticated object accessor
-    def method_missing(method_name, *args)
-      case method_name.to_s
-        when LetMeIn.identifier       then self.identifier
-        when "#{LetMeIn.identifier}=" then self.identifier = args[0]
-        when LetMeIn.model.underscore then self.authenticated_object
-        else super
-      end
-    end
-    
-    def authenticate
-      object = LetMeIn.model.constantize.send("find_by_#{LetMeIn.identifier}", self.identifier)
-      self.authenticated_object = if object && object.send(LetMeIn.password) == BCrypt::Engine.hash_secret(self.password, object.send(LetMeIn.salt))
-        object
-      else
-        errors.add(:base, 'Failed to authenticate')
-        nil
-      end
-    end
-    
-    def to_key
-      nil
-    end
   end
 end

data/test/letmein_test.rb

@@ -7,11 +7,8 @@ ActiveRecord::Base.establish_connection(:adapter => 'sqlite3', :database => ':me
 $stdout_orig = $stdout
 $stdout = StringIO.new
 
-class User < ActiveRecord::Base
-  # example values for password info:
-  #   pass: $2a$10$0MeSaaE3I7.0FQ5ZDcKPJeD1.FzqkcOZfEKNZ/DNN.w8xOwuFdBCm
-  #   salt: $2a$10$0MeSaaE3I7.0FQ5ZDcKPJe
-end
+class User  < ActiveRecord::Base ; end
+class Admin < ActiveRecord::Base ; end
 
 class LetMeInTest < Test::Unit::TestCase
   def setup
@@ -22,22 +19,35 @@ class LetMeInTest < Test::Unit::TestCase
         t.column :password_hash,  :string
         t.column :password_salt,  :string
       end
+      create_table :admins do |t|
+        t.column :username,   :string
+        t.column :pass_hash,  :string
+        t.column :pass_salt,  :string
+      end
     end
-    LetMeIn.initialize
+    LetMeIn.initialize(
+      :model      => ['User', 'Admin'],
+      :identifier => ['email', 'username'],
+      :password   => ['password_hash', 'pass_hash'],
+      :salt       => ['password_salt', 'pass_salt']
+    )
     User.create!(:email => 'test@test.test', :password => 'test')
+    Admin.create!(:username => 'admin', :password => 'test')
   end
   
   def teardown
     ActiveRecord::Base.connection.tables.each do |table|
       ActiveRecord::Base.connection.drop_table(table)
     end
+    Object.send(:remove_const, :UserSession)
+    Object.send(:remove_const, :AdminSession)
   end
   
   def test_configuration_initialization
-    assert_equal 'User',          LetMeIn.model
-    assert_equal 'email',         LetMeIn.identifier
-    assert_equal 'password_hash', LetMeIn.password
-    assert_equal 'password_salt', LetMeIn.salt
+    assert_equal ['User', 'Admin'],               LetMeIn.models
+    assert_equal ['email', 'username'],           LetMeIn.identifiers
+    assert_equal ['password_hash', 'pass_hash'],  LetMeIn.passwords
+    assert_equal ['password_salt', 'pass_salt'],  LetMeIn.salts
   end
   
   def test_model_password_saving
@@ -47,8 +57,15 @@ class LetMeInTest < Test::Unit::TestCase
     assert_match /.{29}/, user.password_salt
   end
   
+  def test_model_password_saving_secondary
+    user = Admin.first
+    assert_equal nil, user.password
+    assert_match /.{60}/, user.pass_hash
+    assert_match /.{29}/, user.pass_salt
+  end
+  
   def test_session_initialization
-    session = LetMeIn::Session.new(:email => 'test@test.test', :password => 'test_pass')
+    session = UserSession.new(:email => 'test@test.test', :password => 'test_pass')
     assert_equal 'test@test.test', session.identifier
     assert_equal 'test@test.test', session.email
     assert_equal 'test_pass', session.password
@@ -61,15 +78,36 @@ class LetMeInTest < Test::Unit::TestCase
     assert_equal nil, session.user
   end
   
+  def test_session_initialization_secondary
+    session = AdminSession.new(:username => 'admin', :password => 'test_pass')
+    assert_equal 'admin', session.identifier
+    assert_equal 'admin', session.username
+    assert_equal 'test_pass', session.password
+    
+    session.username = 'new_admin'
+    assert_equal 'new_admin', session.identifier
+    assert_equal 'new_admin', session.username
+    
+    assert_equal nil, session.authenticated_object
+    assert_equal nil, session.admin
+  end
+  
   def test_session_authentication
-    session = LetMeIn::Session.create(:email => User.first.email, :password => 'test')
+    session = UserSession.create(:email => User.first.email, :password => 'test')
     assert session.errors.blank?
     assert_equal User.first, session.authenticated_object
     assert_equal User.first, session.user
   end
   
+  def test_session_authentication_secondary
+    session = AdminSession.create(:username => Admin.first.username, :password => 'test')
+    assert session.errors.blank?
+    assert_equal Admin.first, session.authenticated_object
+    assert_equal Admin.first, session.admin
+  end
+  
   def test_session_authentication_failure
-    session = LetMeIn::Session.create(:email => User.first.email, :password => 'bad_pass')
+    session = UserSession.create(:email => User.first.email, :password => 'bad_pass')
     assert session.errors.present?
     assert_equal 'Failed to authenticate', session.errors[:base].first
     assert_equal nil, session.authenticated_object
@@ -77,7 +115,7 @@ class LetMeInTest < Test::Unit::TestCase
   end
   
   def test_session_authentication_exception
-    session = LetMeIn::Session.new(:email => User.first.email, :password => 'bad_pass')
+    session = UserSession.new(:email => User.first.email, :password => 'bad_pass')
     begin
       session.save!
     rescue LetMeIn::Error => e

metadata

@@ -5,8 +5,8 @@ version: !ruby/object:Gem::Version
   segments: 
   - 0
   - 0
-  - 5
-  version: 0.0.5
+  - 6
+  version: 0.0.6
 platform: ruby
 authors: 
 - Oleg Khabarov
@@ -14,7 +14,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2011-03-27 00:00:00 -04:00
+date: 2011-03-28 00:00:00 -04:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -108,7 +108,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements: 
   - - ">="
     - !ruby/object:Gem::Version 
-      hash: 2972491954571850709
+      hash: 833678063283115753
       segments: 
       - 0
       version: "0"