login_generator 1.1.0 → 1.2.0

data/templates/README

@@ -30,29 +30,29 @@ The model :user is required when you are hitting problems to the degree of
 
 You need a database table corresponding to the User model. 
 
-  mysql syntax:
-  CREATE TABLE users (
-    id int(11) NOT NULL auto_increment,
-    login varchar(80) default NULL,
-    password varchar(40) default NULL,
-    PRIMARY KEY  (id)
-  );
+mysql syntax:
+CREATE TABLE users (
+  id int(11) NOT NULL auto_increment,
+  login varchar(80) default NULL,
+  password varchar(40) default NULL,
+  PRIMARY KEY  (id)
+);
  
-  postgres :
-  CREATE TABLE "users" (
-   "id" SERIAL NOT NULL UNIQUE,
-   "login" VARCHAR(80),
-   "password" VARCHAR,
-   PRIMARY KEY("id")
-  ) WITH OIDS;
-
-
-  sqlite:
-  CREATE TABLE 'users' (
-    'id' INTEGER PRIMARY KEY NOT NULL,
-    'user' VARCHAR(80) DEFAULT NULL,
-    'password' VARCHAR(40) DEFAULT NULL
-  );
+postgres :
+CREATE TABLE "users" (
+ "id" SERIAL NOT NULL UNIQUE,
+ "login" VARCHAR(80),
+ "password" VARCHAR,
+ PRIMARY KEY("id")
+) WITH OIDS;
+
+
+sqlite:
+CREATE TABLE 'users' (
+  'id' INTEGER PRIMARY KEY NOT NULL,
+  'user' VARCHAR(80) DEFAULT NULL,
+  'password' VARCHAR(40) DEFAULT NULL
+);
 
 Of course your user model can have any amount of extra fields. This is just a
 starting point
@@ -77,43 +77,20 @@ controller which you requested earlier. Simple huh?
 
 How do I...
 
-  ... access the user who is currently logged in
-
-  A: You can get the user object from the session using @session['user']
-     Example: 
-       Welcome <%%= @session[:user].name %> 
-
   ... restrict access to only a few methods? 
   
   A: Use before_filters build in scoping. 
      Example: 
-       before_filter :login_required, :only => [:myaccount, :changepassword]
-       before_filter :login_required, :except => [:index]
+       before_filter :login_required :only => [:myaccount, :changepassword]
+       before_filter :login_required :except => [:index]
      
   ... check if a user is logged-in in my views?
   
-  A: @session[:user] will tell you. Here is an example helper which you can use to make this more pretty:
+  A: @session['user'] will tell you. Here is an example helper which you can use to make this more pretty:
      Example: 
        def user?
-         !@session[:user].nil?
+         !@session['user'].nil?
        end
 
-  ... return a user to the page they came from before logging in?
-
-  A: The user will be send back to the last url which called the method "store_location"
-     Example:
-       User was at /articles/show/1, wants to log in.
-       in articles_controller.rb, add store_location to the show function and send the user
-       to the login form. 
-       After he logs in he will be send back to /articles/show/1
-
-
-You can find more help at http://wiki.rubyonrails.com/rails/show/LoginGenerator
-
-== Changelog
 
-1.1.0 Major security bugfix and modernisation
-1.0.5 Bugfix in generator code
-1.0.2 Updated the readme with more tips&tricks
-1.0.1 Fixed problem in the readme
-1.0.0 First gem release
+You can find more help at http://wiki.rubyonrails.com/rails/show/LoginGenerator

data/templates/controller.rb

@@ -1,33 +1,46 @@
 class <%= class_name %>Controller < ApplicationController
+  model   :user
   layout  'scaffold'
 
   def login
     case @request.method
       when :post
-      if @session[:user] = User.authenticate(@params[:user_login], @params[:user_password])
+        if @session['user'] = User.authenticate(@params['user_login'], @params['user_password'])
 
-        flash['notice']  = "Login successful"
-        redirect_back_or_default :action => "welcome"
-      else
-        flash.now['notice']  = "Login unsuccessful"
-
-        @login = @params[:user_login]
+          flash['notice']  = "Login successful"
+          redirect_back_or_default :action => "welcome"
+        else
+          @login    = @params['user_login']
+          @message  = "Login unsuccessful"
       end
     end
   end
   
   def signup
-    @user = User.new(@params[:user])
-
-    if @request.post? and @user.save
-      @session[:user] = User.authenticate(@user.login, @params[:user][:password])
-      flash['notice']  = "Signup successful"
-      redirect_back_or_default :action => "welcome"
+    case @request.method
+      when :post
+        @user = User.new(@params['user'])
+        
+        if @user.save      
+          @session['user'] = User.authenticate(@user.login, @params['user']['password'])
+          flash['notice']  = "Signup successful"
+          redirect_back_or_default :action => "welcome"          
+        end
+      when :get
+        @user = User.new
     end      
   end  
   
+  def delete
+    if @params['id']
+      @user = User.find(@params['id'])
+      @user.destroy
+    end
+    redirect_back_or_default :action => "welcome"
+  end  
+    
   def logout
-    @session[:user] = nil
+    @session['user'] = nil
   end
     
   def welcome

data/templates/controller_test.rb

@@ -1,9 +1,6 @@
 require File.dirname(__FILE__) + '/../test_helper'
 require '<%= file_name  %>_controller'
 
-# Set salt to 'change-me' because thats what the fixtures assume. 
-User.salt = 'change-me'
-
 # Raise errors beyond the default web-based presentation
 class <%= class_name %>Controller; def rescue_action(e) raise e end; end
 
@@ -18,56 +15,57 @@ class <%= class_name %>ControllerTest < Test::Unit::TestCase
   end
   
   def test_auth_bob
-    @request.session[:return_to] = "/bogus/location"
+    @request.session['return-to'] = "/bogus/location"
 
-    post :login, :user_login => "bob", :user_password => "test"
-    assert_session_has :user
+    post :login, "user_login" => "bob", "user_password" => "test"
+    assert_session_has "user"
 
-    assert_equal @bob, @response.session[:user]
+    assert_equal @bob, @response.session["user"]
     
     assert_redirect_url "/bogus/location"
   end
   
   def test_signup
-    @request.session[:return_to] = "/bogus/location"
+    @request.session['return-to'] = "/bogus/location"
 
-    post :signup, :user => { :login => "newbob", :password => "newpassword", :password_confirmation => "newpassword" }
-    assert_session_has :user
+    post :signup, "user" => { "login" => "newbob", "password" => "newpassword", "password_confirmation" => "newpassword" }
+    assert_session_has "user"
     
     assert_redirect_url "/bogus/location"
   end
 
   def test_bad_signup
-    @request.session[:return_to] = "/bogus/location"
+    @request.session['return-to'] = "/bogus/location"
 
-    post :signup, :user => { :login => "newbob", :password => "newpassword", :password_confirmation => "wrong" }
-    assert_invalid_column_on_record "user", :password
+    post :signup, "user" => { "login" => "newbob", "password" => "newpassword", "password_confirmation" => "wrong" }
+    assert_invalid_column_on_record "user", "password"
     assert_success
     
-    post :signup, :user => { :login => "yo", :password => "newpassword", :password_confirmation => "newpassword" }
-    assert_invalid_column_on_record "user", :login
+    post :signup, "user" => { "login" => "yo", "password" => "newpassword", "password_confirmation" => "newpassword" }
+    assert_invalid_column_on_record "user", "login"
     assert_success
 
-    post :signup, :user => { :login => "yo", :password => "newpassword", :password_confirmation => "wrong" }
-    assert_invalid_column_on_record "user", [:login, :password]
+    post :signup, "user" => { "login" => "yo", "password" => "newpassword", "password_confirmation" => "wrong" }
+    assert_invalid_column_on_record "user", ["login", "password"]
     assert_success
   end
 
   def test_invalid_login
-    post :login, :user_login => "bob", :user_password => "not_correct"
+    post :login, "user_login" => "bob", "user_password" => "not_correct"
      
-    assert_session_has_no :user
+    assert_session_has_no "user"
     
+    assert_template_has "message"
     assert_template_has "login"
   end
   
   def test_login_logoff
 
-    post :login, :user_login => "bob", :user_password => "test"
-    assert_session_has :user
+    post :login, "user_login" => "bob", "user_password" => "test"
+    assert_session_has "user"
 
     get :logout
-    assert_session_has_no :user
+    assert_session_has_no "user"
 
   end
   

data/templates/login_system.rb

@@ -46,7 +46,7 @@ module LoginSystem
       return true  
     end
 
-    if @session[:user] and authorize?(@session[:user])
+    if @session['user'] and authorize?(@session['user'])
       return true
     end
 
@@ -71,16 +71,16 @@ module LoginSystem
   # store current uri in  the session.
   # we can return to this location by calling return_location
   def store_location
-    @session[:return_to] = @request.request_uri
+    @session['return-to'] = @request.request_uri
   end
 
   # move to the last store_location call or to the passed default one
   def redirect_back_or_default(default)
-    if @session[:return_to].nil?
+    if @session['return-to'].nil?
       redirect_to default
     else
-      redirect_to_url @session[:return_to]
-      @session[:return_to] = nil
+      redirect_to_url @session['return-to']
+      @session['return-to'] = nil
     end
   end
 

data/templates/user.rb

@@ -3,57 +3,29 @@ require 'digest/sha1'
 # this model expects a certain database layout and its based on the name/login pattern. 
 class User < ActiveRecord::Base
 
-  # Please change the salt to something else, 
-  # Every application should use a different one 
-  @@salt = 'change-me'
-  cattr_accessor :salt
-
-  # Authenticate a user. 
-  #
-  # Example:
-  #   @user = User.authenticate('bob', 'bobpass')
-  #
   def self.authenticate(login, pass)
     find_first(["login = ? AND password = ?", login, sha1(pass)])
   end  
-  
 
+  def change_password(pass)
+    update_attribute "password", self.class.sha1(pass)
+  end
+    
   protected
 
-  # Apply SHA1 encryption to the supplied password. 
-  # We will additionally surround the password with a salt 
-  # for additional security. 
   def self.sha1(pass)
-    Digest::SHA1.hexdigest("#{salt}--#{pass}--")
+    Digest::SHA1.hexdigest("change-me--#{pass}--")
   end
     
   before_create :crypt_password
   
-  # Before saving the record to database we will crypt the password 
-  # using SHA1. 
-  # We never store the actual password in the DB.
   def crypt_password
-    write_attribute "password", self.class.sha1(password)
+    write_attribute("password", self.class.sha1(password))
   end
-  
-  before_update :crypt_unless_empty
-  
-  # If the record is updated we will check if the password is empty.
-  # If its empty we assume that the user didn't want to change his
-  # password and just reset it to the old value.
-  def crypt_unless_empty
-    if password.empty?      
-      user = self.class.find(self.id)
-      self.password = user.password
-    else
-      write_attribute "password", self.class.sha1(password)
-    end        
-  end  
-  
-  validates_uniqueness_of :login, :on => :create
 
-  validates_confirmation_of :password
   validates_length_of :login, :within => 3..40
   validates_length_of :password, :within => 5..40
   validates_presence_of :login, :password, :password_confirmation
+  validates_uniqueness_of :login, :on => :create
+  validates_confirmation_of :password, :on => :create     
 end

data/templates/user_test.rb

@@ -1,21 +1,30 @@
 require File.dirname(__FILE__) + '/../test_helper'
 
-# Set salt to 'change-me' because thats what the fixtures assume. 
-User.salt = 'change-me'
-
 class UserTest < Test::Unit::TestCase
+  self.use_instantiated_fixtures  = true
   
   fixtures :users
     
-  def test_auth
-    
+  def test_auth  
     assert_equal  @bob, User.authenticate("bob", "test")    
     assert_nil    User.authenticate("nonbob", "test")
-    
+
   end
 
+
+  def test_passwordchange
+        
+    @longbob.change_password("nonbobpasswd")
+    assert_equal @longbob, User.authenticate("longbob", "nonbobpasswd")
+    assert_nil   User.authenticate("longbob", "longtest")
+    @longbob.change_password("longtest")
+    assert_equal @longbob, User.authenticate("longbob", "longtest")
+    assert_nil   User.authenticate("longbob", "nonbobpasswd")
+        
+  end
+  
   def test_disallowed_passwords
-    
+
     u = User.new    
     u.login = "nonbob"
 
@@ -84,7 +93,8 @@ class UserTest < Test::Unit::TestCase
     u.password = u.password_confirmation = "bobs_secure_password"
     assert u.save
         
-    assert_equal '98740ff87bade6d895010bceebbd9f718e7856bb', u.password    
+    assert_equal '98740ff87bade6d895010bceebbd9f718e7856bb', u.password
+    
   end
 
   

data/templates/user_test.rb.orig

@@ -0,0 +1,101 @@
+require File.dirname(__FILE__) + '/../test_helper'
+
+class UserTest < Test::Unit::TestCase
+  
+  fixtures :users
+    
+  def test_auth
+    
+    assert_equal  @bob, User.authenticate("bob", "test")    
+    assert_nil    User.authenticate("nonbob", "test")
+    
+  end
+
+
+  def test_passwordchange
+        
+    @longbob.change_password("nonbobpasswd")
+    assert_equal @longbob, User.authenticate("longbob", "nonbobpasswd")
+    assert_nil   User.authenticate("longbob", "longtest")
+    @longbob.change_password("longtest")
+    assert_equal @longbob, User.authenticate("longbob", "longtest")
+    assert_nil   User.authenticate("longbob", "nonbobpasswd")
+        
+  end
+  
+  def test_disallowed_passwords
+    
+    u = User.new    
+    u.login = "nonbob"
+
+    u.password = u.password_confirmation = "tiny"
+    assert !u.save     
+    assert u.errors.invalid?('password')
+
+    u.password = u.password_confirmation = "hugehugehugehugehugehugehugehugehugehugehugehugehugehugehugehugehugehugehugehugehugehugehugehugehugehugehugehugehugehugehugehugehugehugehugehugehugehugehugehugehugehugehuge"
+    assert !u.save     
+    assert u.errors.invalid?('password')
+        
+    u.password = u.password_confirmation = ""
+    assert !u.save    
+    assert u.errors.invalid?('password')
+        
+    u.password = u.password_confirmation = "bobs_secure_password"
+    assert u.save     
+    assert u.errors.empty?
+        
+  end
+  
+  def test_bad_logins
+
+    u = User.new  
+    u.password = u.password_confirmation = "bobs_secure_password"
+
+    u.login = "x"
+    assert !u.save     
+    assert u.errors.invalid?('login')
+    
+    u.login = "hugebobhugebobhugebobhugebobhugebobhugebobhugebobhugebobhugebobhugebobhugebobhugebobhugebobhugebobhugebobhugebobhugebobhugebobhugebobhugebobhugebobhugebobhugebobhugebobhugebobhugebobhug"
+    assert !u.save     
+    assert u.errors.invalid?('login')
+
+    u.login = ""
+    assert !u.save
+    assert u.errors.invalid?('login')
+
+    u.login = "okbob"
+    assert u.save  
+    assert u.errors.empty?
+      
+  end
+
+
+  def test_collision
+    u = User.new
+    u.login      = "existingbob"
+    u.password = u.password_confirmation = "bobs_secure_password"
+    assert !u.save
+  end
+
+
+  def test_create
+    u = User.new
+    u.login      = "nonexistingbob"
+    u.password = u.password_confirmation = "bobs_secure_password"
+      
+    assert u.save  
+    
+  end
+  
+  def test_sha1
+    u = User.new
+    u.login      = "nonexistingbob"
+    u.password = u.password_confirmation = "bobs_secure_password"
+    assert u.save
+        
+    assert_equal '98740ff87bade6d895010bceebbd9f718e7856bb', u.password
+    
+  end
+
+  
+end

data/templates/view_login.rhtml

@@ -3,8 +3,8 @@
 <div title="Account login" id="loginform" class="form">
     <h3>Please login</h3>
     
-    <%% if @flash['notice'] %>
-      <div id="message"><%%= @flash['notice'] %></div>
+    <%% if @message %>
+      <div id="message"><%%= @message %></div>
     <%% end %>
 
     <label for="user_login">Login:</label><br/>

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification 
-rubygems_version: 0.8.10.1
+rubygems_version: 0.8.11
 specification_version: 1
 name: login_generator
 version: !ruby/object:Gem::Version 
-  version: 1.1.0
-date: 2005-04-09
+  version: 1.2.0
+date: 2006-04-17 00:00:00 -04:00
 summary: "[Rails] Login generator."
 require_paths: 
-  - "."
+- .
 email: tobi@leetsoft.com
 homepage: http://www.rubyonrails.org/show/Generators
 rubyforge_project: 
@@ -18,43 +18,50 @@ bindir: bin
 has_rdoc: false
 required_ruby_version: !ruby/object:Gem::Version::Requirement 
   requirements: 
-    - 
-      - ">"
-      - !ruby/object:Gem::Version 
-        version: 0.0.0
+  - - ">"
+    - !ruby/object:Gem::Version 
+      version: 0.0.0
   version: 
 platform: ruby
+signing_key: 
+cert_chain: 
 authors: 
-  - Tobias Luetke
+- Tobias Luetke
 files: 
-  - USAGE
-  - login_generator.rb
-  - templates/controller.rb
-  - templates/controller_test.rb
-  - templates/helper.rb
-  - templates/login_system.rb
-  - templates/README
-  - templates/user.rb
-  - templates/user_test.rb
-  - templates/users.yml
-  - templates/view_login.rhtml
-  - templates/view_logout.rhtml
-  - templates/view_signup.rhtml
-  - templates/view_welcome.rhtml
+- USAGE
+- login_generator.rb
+- templates/controller.rb
+- templates/controller_test.rb
+- templates/helper.rb
+- templates/login_system.rb
+- templates/README
+- templates/user.rb
+- templates/user_test.rb
+- templates/user_test.rb.orig
+- templates/users.yml
+- templates/view_login.rhtml
+- templates/view_logout.rhtml
+- templates/view_signup.rhtml
+- templates/view_welcome.rhtml
 test_files: []
+
 rdoc_options: []
+
 extra_rdoc_files: []
+
 executables: []
+
 extensions: []
+
 requirements: []
+
 dependencies: 
-  - !ruby/object:Gem::Dependency 
-    name: rails
-    version_requirement: 
-    version_requirements: !ruby/object:Gem::Version::Requirement 
-      requirements: 
-        - 
-          - ">="
-          - !ruby/object:Gem::Version 
-            version: 0.10.0
-      version: 
+- !ruby/object:Gem::Dependency 
+  name: rails
+  version_requirement: 
+  version_requirements: !ruby/object:Gem::Version::Requirement 
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: 0.10.0
+    version: