login_sugar_generator 0.9.4

data/USAGE

@@ -0,0 +1,32 @@
+NAME
+     login_sugar - creates a functional login system with email validation and salted hash passwords
+
+SYNOPSIS
+     login_sugar [Controller name]
+
+     Good names are User, Account, Person, etc
+
+     See README_LOGIN_SUGAR for configuration instructions.
+
+DESCRIPTION
+     This generator creates a general purpose login system.
+
+     Included:
+      - a model which uses SHA1 encryption and salted hashes for passwords
+      - a controller with signup, login, welcome and logoff actions
+      - a mailer that integrates with the controller to prevent script based
+        account creation (i.e., requires account verification from the
+        registered email address) and supports forgotten and changed passwords
+      - a mixin which lets you easily add advanced authentication
+        features to your abstract base controller
+      - an example database migration script with the minimal sql required to
+        get the model to work.
+      - extensive unit and functional test cases to make sure nothing breaks.
+      - token based authentication
+            
+EXAMPLE
+      ./script/generate login_sugar User
+
+     This will generate a User controller with login and logout methods. 
+     The class names are UserController, User (model), and UserNotifier
+     (mailer). It will also generate a module named UserLoginSystem.

data/login_sugar_generator.rb

@@ -0,0 +1,79 @@
+class LoginSugarGenerator < Rails::Generator::NamedBase
+
+  attr_accessor :controller_class_name
+#
+#TODO
+# - rakify try_it.sh
+# - store user.id in session
+ 
+  def manifest
+    record do |m|
+      # Check for class naming collisions.
+      #m.class_collisions class_path, "#{class_name}Controller", "#{class_name}ControllerTest", "#{class_name}Helper", "#{class_name}LoginSystem"
+
+      # Login module, controller class, functional test, and helper.
+      m.template "login_system.rb", "lib/#{file_name}_system.rb"
+      m.template "controller.rb", File.join("app/controllers", class_path, "#{file_name}_controller.rb")
+      m.template "controller_test.rb", "test/functional/#{file_name}_controller_test.rb"
+      m.template "integration_test.rb", "test/integration/#{file_name}_system_test.rb"
+      m.template "helper.rb", File.join("app/helpers", class_path, "#{file_name}_helper.rb")
+
+      # Model class, unit test, fixtures, and example schema.
+      m.template "user.rb", File.join("app/models", class_path, "#{file_name}.rb")
+      m.template "notify.rb", File.join("app/models", class_path, "#{file_name}_notify.rb")
+      m.template "mock_notify.rb", "test/mocks/test/#{file_name}_notify.rb"
+      m.file "mock_clock.rb", "test/mocks/test/clock.rb"
+      m.template "clock.rb", "lib/clock.rb"
+
+      m.template "user_test.rb", "test/unit/#{file_name}_test.rb"
+      m.template "users.yml", "test/fixtures/#{plural_name}.yml"
+      m.directory "db/migrate"
+      m.template "migration_login_sugar.rb", "db/migrate/migration_login_sugar__rename_this_to_fit_your_project.rb"
+
+      # Configuration and miscellaneous
+      m.template "login_environment.rb", "config/environments/#{file_name}_environment.rb"
+      #m.file "create_db", "script/create_db"
+      #m.template "en.yaml", "lang/en.yaml"
+      m.file "default_setup.zip", "default_login_sugar_setup.zip"
+
+      # Layout and stylesheet.
+      m.template "layout.rhtml", "app/views/layouts/#{file_name}.rhtml"
+      m.directory "public/stylesheets"
+      m.template "stylesheet.css", "public/stylesheets/#{file_name}.css"
+
+      # Views. 
+      m.directory File.join("app/views", class_path, file_name)
+      login_views.each do |action|
+        m.template "view_#{action}.rhtml",
+        File.join("app/views", class_path, file_name, "#{action}.rhtml")
+      end
+
+      # Partials
+      m.directory File.join("app/views", class_path, file_name)
+      partial_views.each do |action|
+        m.template "_view_#{action}.rhtml",
+        File.join("app/views", class_path, file_name, "_#{action}.rhtml")
+      end
+
+      m.directory File.join("app/views", "#{singular_name}_notify")
+      notify_views.each do |action|
+        m.template "notify_#{action}.rhtml",
+        File.join("app/views", "#{singular_name}_notify", "#{action}.rhtml")
+      end
+
+      m.template "README", "README_LOGIN_SUGAR"
+    end
+  end
+
+  def login_views
+    %w(welcome login logout edit signup forgot_password change_password)
+  end
+
+  def partial_views
+    %w(edit password)
+  end
+
+  def notify_views
+    %w(signup forgot_password change_password)
+  end
+end

data/templates/README

@@ -0,0 +1,194 @@
+== About
+
+login_sugar is a modification of salted_login generator 1.1.1 that works
+out of the box on Rails 1.1.6
+
+Changes:
+  - tests all pass out of the box on Rails >= 1.1.4
+  - using ActiveRecord::Migrations for db setup
+  - put underscores in first_name and last_name user attributes
+  - replaced Mock Time extension with a Mock Clock.
+  - README_USER_LOGIN is a one stop readme
+  - contains a default configuration zip
+  - session references se symbols
+  - localization removed
+
+More about salted_login_generator at http://rubyforge.org/projects/salted-login
+
+== Prerequisite
+
+If you are on Windoze, see http://wiki.rubyonrails.com/rails/pages/iconv/
+
+== Installation
+
+If you are working with a fresh rails 1.1.6 project, you can unzip the included
+default_login_sugar_setup.zip file in your RAILS_ROOT directory. It contains
+preconfigured application controller, environment.rb, application_helper.rb and
+test_helper.rb that should work if you used User as your controller names when
+running the generator. If you do this, you can skip down to the PHASE II
+section below. BUT DON'T DO THIS IF YOU HAVE ALREADY MODIFIED YOUR RAILS APP
+as it will overwrite your existing files. Of course, you should have those
+under source control anyhow...
+
+-  PHASE I -
+
+After generating the login system, edit your app/controllers/application.rb
+file. The beginning of your ApplicationController should look something like
+this:
+
+  require '<%= file_name %>_system'
+
+  class ApplicationController < ActionController::Base
+    include <%= class_name %>System
+    helper :<%= singular_name %>
+    model :<%= singular_name %>
+    before_filter :authenticate_user
+
+Add the following at the end of your config/environment.rb file:
+
+  require 'environments/<%= singular_name %>_environment'
+
+Add the following line to the top of your test/test_helper.rb:
+
+  require 'user_notify'
+
+- PHASE II -
+
+Under the 'environments' subdirectory, you'll find <%= singular_name %>_environment.rb.
+Edit this file as necessary.
+
+Import the <%= singular_name %> model into the database.
+
+You'll have to create your development and test databases first and configure your
+config/database.yml appropriately. Note, if you are using mysql you will need to edit
+test/fixtures/users.yml and make the indicated change on the last fixture.
+
+You can use the provided migration script in
+db/migrate/migration_login_sugar__rename_this_to_fit_your_project.rb.
+
+This model is meant as an example and you
+can extend it, however I suggest first completing the stock installation and running
+the tests to confirm installation, then create a new migration to add your new columns.
+
+Rename db/migrate/migration_login_sugar__rename_this_to_fit_your_project.rb to
+db/migrate/###_login_sugar.rb where ### is the proper new migration level. For example,
+if this is your first migration for this rails project, use 001. If you name it something
+other than ###_login_sugar.rb then you'll need to edit the file and change the class name
+of the migration in the class definition as well.
+
+Then run:
+
+  rake migrate && rake db:test:clone
+
+Go ahead and run the unit and functional tests now:
+
+  rake
+
+These should all pass.
+
+Finally, you must properly configure ActionMailer for your mail settings. For
+example, I have the following in config/environments/development.rb (for a
+.Mac account, and without my username and password, obviously):
+
+ActionMailer::Base.server_settings = {
+  :address => "smtp.mac.com",
+  :port => 25,
+  :domain => "smtp.mac.com",
+  :user_name => "<your user name here>",
+  :password => "<your password here>",
+  :authentication => :login
+}
+
+You'll need to configure it properly so that email can be sent. One of the
+easiest ways to test your configuration is to temporarily reraise exceptions
+from the signup method (so that you get the actual mailer exception string).
+In the rescue statement, put a single "raise" statement in. Once you've
+debugged any setting problems, remove that statement to get the proper flash
+error handling back.
+
+== How to use it
+
+Now you can go around and happily add "before_filter :authenticate_user" to the
+controllers which you would like to protect. 
+
+After integrating the login system with your rails application navigate to your
+new controller's signup method. There you can create a new account. After you
+are done you should have a look at your DB. Your freshly created <%= singular_name %>
+will be there but the password will be a sha1 hashed 40 digit mess. I find
+this should be the minimum of security which every page offering login &
+password should give its customers. Now you can move to one of those 
+controllers which you protected with the before_filter :authenticate_user snippet.
+You will automatically be re-directed to your freshly created login controller
+and you are asked for a password. After entering valid account data you will be
+taken back to the controller which you requested earlier. Simple huh?
+
+== Tips & Tricks
+
+How do I...
+
+  ... access the user who is currently logged in
+
+  A: You can get the <%= singular_name %> object from the session using @session[:<%= singular_name %>]
+     Example: 
+       Welcome <%%= @session[:<%= singular_name %>].name %>
+
+  ... restrict access to only a few methods? 
+  
+  A: Use before_filters build in scoping. 
+     Example: 
+       before_filter :authenticate_user, :only => [:myaccount, :changepassword]
+       before_filter :authenticate_user, :except => [:index]
+     
+  ... check if a user is logged-in in my views?
+  
+  A: @session[:<%= singular_name %>] will tell you. Here is an example helper which you can use to make this more pretty:
+     Example: 
+       def <%= singular_name %>?
+         !@session[:<%= singular_name %>].nil?
+       end
+
+  ... return a user to the page they came from before logging in?
+F
+  A: The user will be send back to the last url which called the method "store_location"
+     Example:
+       User was at /articles/show/1, wants to log in.
+       in articles_controller.rb, add store_location to the show function and
+       send the user to the login form. 
+       After he logs in he will be send back to /articles/show/1
+
+You can find more help at http://wiki.rubyonrails.com/rails/show/SaltedLoginGenerator
+
+== Troubleshooting
+
+One of the more common problems people have seen is that after verifying an
+account by following the emailed URL, they are unable to login via the
+normal login method since the verified field is not properly set in the
+<%= singular_name %> model's row in the DB.
+
+The most common cause of this problem is that the DB and session get out of
+sync. In particular, it always happens for me after recreating the DB if I
+have run the server previously. To fix the problem, remove the /tmp/ruby*
+session files (from wherever they are for your installation) while the server
+is stopped, and then restart. This usually is the cause of the problem.
+
+A forthcoming release will probably fix this via a well placed reset_session
+call (or requirement to add it after running the generator) so that it is done
+automatically on startup.
+
+== Changelog
+
+login_sugar
+0.9.4 removed scaffold references, removed localization, added generator rake task
+0.9.3 fixed Clock.now, symbolized session references
+0.9.2 fixed localization reference for sign in form (thanks Nym)
+0.9.1 fixed double first_name replacing last_name (thanks BobF)
+0.9.0 first release, modified salted_login 1.1.1
+
+salted_login
+
+1.0.9 Fixed hardcoded generator name (in controller test and schema) and README
+1.0.8 Generator/schema fixes and some README fixes/improvements
+1.0.7 Fixed bad bug with missing attr_accessor :new_password in user class
+1.0.6 Proper delete support and bug fixes
+1.0.5 Lots of fixes and changes (see rubyforge.org/salted-login)
+1.0.0 First gem release

data/templates/_view_edit.rhtml

@@ -0,0 +1,30 @@
+<div class="<%= singular_name %>_edit">
+  <%%= hidden_field '<%= singular_name %>', 'form', :value => 'edit' %>
+  <table>
+    <tr class="two_columns">
+      <td class="prompt"><label>First Name:</label></td>
+      <td class="value"><%%= text_field '<%= singular_name %>', 'first_name' %></td>
+    </tr>
+    <tr class="two_columns">
+      <td class="prompt"><label>Last Name:</label></td>
+      <td class="value"><%%= text_field '<%= singular_name %>', 'last_name' %></td>
+    </tr>
+    <tr class="two_columns">
+      <td class="prompt"><label>Login:</label></td>
+      <td class="value">
+        <%%= @<%= singular_name %>.new_record? ? text_field( '<%= singular_name %>', 'login' ) : @<%= singular_name %>.login %>
+      </td>
+    </tr>
+    <tr class="two_columns">
+      <td class="prompt"><label>Email:</label></td>
+      <td class="value"><%%= text_field '<%= singular_name %>', 'email' %></td>
+    </tr>
+    <%% if submit %>
+     <tr>
+       <td>
+         <%%= submit_tag <%= singular_name %>.new_record? ? 'signup' : 'change_settings', :class => 'two_columns' %>
+       </td>
+     </tr>
+    <%% end %>
+  </table>
+</div>

data/templates/_view_password.rhtml

@@ -0,0 +1,21 @@
+<div class="<%= singular_name %>_password">
+  <%%= hidden_field '<%= singular_name %>', 'form', :value => 'change_password' %>
+
+  <table>
+    <tr class="two_columns">
+      <td class="prompt"><label>Password:</label></td>
+      <td class="value"><%%= password_field '<%= singular_name %>', 'password', :size => 30 %></td>
+    </tr>
+    <tr class="two_columns">
+      <td class="prompt"><label>Password confirmation:</label></td>
+      <td class="value"><%%= password_field '<%= singular_name %>', 'password_confirmation', :size => 30 %></td>
+    </tr>
+    <%% if submit %>
+    <tr>
+      <td>
+        <%%= submit_tag 'change_password' %>
+      </td>
+    </tr>
+    <%% end %>
+  </table>
+</div>                                                                          

data/templates/clock.rb

@@ -0,0 +1,14 @@
+class Clock
+  def self.at( *params )
+    #TODO fix this
+    eval("Time.at #{params.join(',')}")
+  end
+
+  def self.now
+    Time.now
+  end
+
+  def self.time=
+    raise "Cannot set real Clock class"
+  end
+end

data/templates/controller.rb

@@ -0,0 +1,179 @@
+class <%= class_name %>Controller < ApplicationController
+  layout  '<%= singular_name %>'
+
+  skip_before_filter :authenticate_<%= singular_name %>, :only => [ :login, :signup, :forgot_password ]
+
+  def login
+    return if generate_blank_form
+    @<%= singular_name %> = <%= class_name %>.new(@params['<%= singular_name %>'])
+    <%= singular_name %> = <%= class_name %>.authenticate(@params['<%= singular_name %>']['login'], @params['<%= singular_name %>']['password'])
+    if <%= singular_name %>
+      @current_<%= singular_name %> = <%= singular_name %>
+      @session[:<%= singular_name %>_id] = <%= singular_name %>.id
+      flash['notice'] = 'Login succeeded'
+      redirect_back_or_default :action => 'welcome'
+    else
+      @login = @params['<%= singular_name %>']['login']
+      flash['message'] = 'Login failed'
+    end
+  end
+
+  def signup
+    return if generate_blank_form
+    @params['<%= singular_name %>'].delete('form')
+    @<%= singular_name %> = <%= class_name %>.new(@params['<%= singular_name %>'])
+    begin
+      <%= class_name %>.transaction(@<%= singular_name %>) do
+        @<%= singular_name %>.password_needs_confirmation = true
+        if @<%= singular_name %>.save
+          key = @<%= singular_name %>.generate_security_token
+          url = url_for(:action => 'welcome')
+          url += "?<%= singular_name %>[id]=#{@<%= singular_name %>.id}&key=#{key}"
+          <%= class_name %>Notify.deliver_signup(@<%= singular_name %>, @params['<%= singular_name %>']['password'], url)
+          flash['notice'] = 'Signup successful! Please check your registered email account to verify your account registration and continue with the login.'
+          redirect_to :action => 'login'
+        end
+      end
+    rescue Exception => ex
+      report_exception ex
+      flash['message'] = 'Error creating account: confirmation email not sent'
+    end
+  end  
+  
+  def logout
+    @session[:<%= singular_name %>_id] = nil
+    @current_<%= singular_name %> = nil
+    redirect_to :action => 'login'
+  end
+
+  def change_password
+    return if generate_filled_in
+    @params['<%= singular_name %>'].delete('form')
+    begin
+      @<%= singular_name %>.change_password(@params['<%= singular_name %>']['password'], @params['<%= singular_name %>']['password_confirmation'])
+      @<%= singular_name %>.save!
+    rescue Exception => ex
+      report_exception ex
+      flash.now['message'] = 'Your password could not be changed at this time. Please retry.'
+      render and return
+    end
+    begin
+      <%= class_name %>Notify.deliver_change_password(@<%= singular_name %>, @params['<%= singular_name %>']['password'])
+    rescue Exception => ex
+      report_exception ex
+    end
+
+  end
+
+  def forgot_password
+    if authenticated_<%= singular_name %>?
+      flash['message'] = 'You are currently logged in. You may change your password now.'
+      redirect_to :action => 'change_password'
+      return
+    end
+
+    return if generate_blank_form
+
+    if @params['<%= singular_name %>']['email'].empty?
+      flash.now['message'] = 'Please enter a valid email address.'
+    elsif (<%= singular_name %> = <%= class_name %>.find_by_email(@params['<%= singular_name %>']['email'])).nil?
+      flash.now['message'] = "We could not find a <%= singular_name %> with the email address #{CGI.escapeHTML(@params['<%= singular_name %>']['email'])}"
+    else
+      begin
+        <%= class_name %>.transaction(<%= singular_name %>) do
+          key = <%= singular_name %>.generate_security_token
+          url = url_for(:action => 'change_password')
+          url += "?<%= singular_name %>[id]=#{<%= singular_name %>.id}&key=#{key}"
+          <%= class_name %>Notify.deliver_forgot_password(<%= singular_name %>, url)
+          flash['notice'] = "Instructions on resetting your password have been emailed to #{CGI.escapeHTML(@params['<%= singular_name %>']['email'])}."
+          unless authenticated_<%= singular_name %>?
+            redirect_to :action => 'login'
+            return
+          end
+          redirect_back_or_default :action => 'welcome'
+        end
+      rescue Exception => ex
+        report_exception ex
+        flash.now['message'] = "Your password could not be emailed to #{CGI.escapeHTML(@params['<%= singular_name %>']['email'])}"
+      end
+    end
+  end
+
+  def edit
+    return if generate_filled_in
+    if @params['<%= singular_name %>']['form']
+      form = @params['<%= singular_name %>'].delete('form')
+      begin
+        case form
+        when "edit"
+          changeable_fields = ['first_name', 'last_name', 'email']
+          params = @params['<%= singular_name %>'].delete_if { |k,v| not changeable_fields.include?(k) }
+          @<%= singular_name %>.attributes = params
+          @<%= singular_name %>.save
+          flash.now['notice'] = "<%= class_name %> has been updated."
+        when "change_password"
+          change_password
+        when "delete"
+          delete
+        else
+          raise "unknown edit action"
+        end
+      rescue Exception => ex
+        logger.warn ex
+        logger.warn ex.backtrace
+      end
+    end
+  end
+
+  def delete
+    @<%= singular_name %> = @current_<%= singular_name %> || <%= class_name %>.find_by_id( @session[:<%= singular_name %>_id] )
+    begin
+      @<%= singular_name %>.update_attribute( :deleted, true )
+      logout
+    rescue Exception => ex
+      flash.now['message'] = "Error: #{@ex}."
+      redirect_back_or_default :action => 'welcome'
+    end
+  end
+
+  def welcome
+  end
+
+  protected
+
+  def protect?(action)
+    if ['login', 'signup', 'forgot_password'].include?(action)
+      return false
+    else
+      return true
+    end
+  end
+
+  # Generate a template <%= singular_name %> for certain actions on get
+  def generate_blank_form
+    case @request.method
+    when :get
+      @<%= singular_name %> = <%= class_name %>.new
+      render
+      return true
+    end
+    return false
+  end
+
+  # Generate a template <%= singular_name %> for certain actions on get
+  def generate_filled_in
+    @<%= singular_name %> = @current_<%= singular_name %> || <%= class_name %>.find_by_id( @session[:<%= singular_name %>_id] )
+    case @request.method
+    when :get
+      render
+      return true
+    end
+    return false
+  end
+
+  def report_exception( ex )
+    logger.warn ex
+    logger.warn ex.backtrace.join("\n")
+  end
+
+end