maxjustus-sinatra-authentication 0.0.1

data/History.txt

@@ -0,0 +1,4 @@
+== 0.0.1 2009-04-06
+
+* 1 major enhancement:
+  * Initial release

data/Manifest

@@ -0,0 +1,12 @@
+lib/models/user.rb
+lib/views/signup.haml
+lib/views/edit.haml
+lib/views/login.haml
+lib/views/index.haml
+lib/views/show.haml
+lib/sinatra-authentication.rb
+History.txt
+Rakefile
+readme.rdoc
+TODO
+Manifest

data/Rakefile

@@ -0,0 +1,15 @@
+require 'rubygems'
+require 'rake'
+require 'echoe'
+
+Echoe.new('sinatra-authentication', '0.0.1') do |p|
+  p.description    = "Simple authentication plugin for sinatra."
+  p.url            = "http://github.com/maxjustus/sinatra-authentication"
+  p.author         = "Max Justus Spransy"
+  p.email          = "maxjustus@gmail.com"
+  p.ignore_pattern = []
+  p.development_dependencies = ["sinatra", "dm-core", "dm-timestamps", "dm-validations"]
+
+end
+
+Dir["#{File.dirname(__FILE__)}/tasks/*.rake"].sort.each { |ext| load ext }

data/TODO

@@ -0,0 +1,11 @@
+TODO:
+  - write rake task which creates first admin user
+    after writing this, change the User.permission_level default value to 0
+
+    implement some way to allow for the creation of users with different
+    permission levels in an untamperable manner. Perhaps with some secret key
+    that must be sent in the form
+  - look at other permissions systems for some feature ideas
+  - ?implement a session store which isn't cookie based
+  - turn on sessions unless they're already on
+    - randomize the session key on every installation

data/lib/models/user.rb

@@ -0,0 +1,50 @@
+class User
+  include DataMapper::Resource
+
+  attr_accessor :password, :password_confirmation
+
+  property :id, Serial, :protected => true
+  property :email, String, :key => true, :nullable => false, :length => (5..40), :unique => true, :format => :email_address
+  property :hashed_password, String
+  property :salt, String, :protected => true, :nullable => false
+  property :created_at, DateTime
+  property :permission_level, Integer, :default => -1
+
+  validates_present :password_confirmation, :unless => Proc.new { |t| t.hashed_password }
+  validates_present :password, :unless => Proc.new { |t| t.hashed_password }
+  validates_is_confirmed :password
+
+  def self.authenticate(email, pass)
+    current_user = first(:email => email)
+    return nil if current_user.nil?
+    return current_user if User.encrypt(pass, current_user.salt) == current_user.hashed_password
+    nil
+  end  
+
+  def password=(pass)
+    @password = pass
+    self.salt = User.random_string(10) if !self.salt
+    self.hashed_password = User.encrypt(@password, self.salt)
+  end
+
+  def admin?
+    self.permission_level == -1
+  end
+  protected
+
+  def self.encrypt(pass, salt)
+    Digest::SHA1.hexdigest(pass+salt)
+  end
+
+  def self.random_string(len)
+    #generate a random password consisting of strings and digits
+    chars = ("a".."z").to_a + ("A".."Z").to_a + ("0".."9").to_a
+    newpass = ""
+    1.upto(len) { |i| newpass << chars[rand(chars.size-1)] }
+    return newpass
+  end
+
+  def method_missing(m, *args)
+    return false
+  end
+end

data/lib/sinatra-authentication.rb

@@ -0,0 +1,210 @@
+require 'sinatra/base'
+require 'dm-core'
+require 'dm-timestamps'
+require 'dm-validations'
+require Pathname(__FILE__).dirname.expand_path + "models/user"
+
+module SinatraAuthentication
+  VERSION = "0.0.1"
+end
+
+module Sinatra
+  module LilAuthentication
+    def self.registered(app)
+      #INVESTIGATE
+      #the possibility of sinatra having an array of view_paths to load from
+      #PROBLEM
+      #sinatra 9.1.1 doesn't have multiple view capability anywhere
+      #so to get around I have to do it totally manually by
+      #loading the view from this path into a string and rendering it
+      set :lil_authentication_view_path, Pathname(__FILE__).dirname.expand_path + "views/"
+
+      #TODO write captain sinatra developer man and inform him that the documentation
+      #conserning the writing of extensions is somewhat outdaded/incorrect.
+      #you do not need to to do self.get/self.post when writing an extension
+      #In fact, it doesn't work. You have to use the plain old sinatra DSL
+
+      get '/users' do
+        @users = User.all
+        if @users != []
+          haml get_view_as_string("index.haml"), :layout => use_layout?
+        else
+          redirect '/signup'
+        end
+      end
+
+      get '/users/:id' do
+        login_required
+
+        #INVESTIGATE
+        #
+        #WHY THE HECK WON'T GET RETURN ANYTHING?
+        #if I user User.get(params[:id]) it returns nil for some inexplicable reason
+        @user = User.first(:id => params[:id])
+        haml get_view_as_string("show.haml"), :layout => use_layout?
+      end
+
+      #convenience for ajax but maybe entirely stupid and unnecesary
+      get '/logged_in' do
+        if session[:user]
+          "true"
+        else
+          "false"
+        end
+      end
+
+      get '/login' do
+        haml get_view_as_string("login.haml"), :layout => use_layout?
+      end
+
+      post '/login' do
+          if user = User.authenticate(params[:email], params[:password])
+            session[:user] = user.id
+            redirect '/'
+          else
+            redirect '/login'
+          end
+      end
+
+      get '/logout' do
+        session[:user] = nil
+        @message = "in case it weren't obvious, you've logged out"
+        redirect '/'
+      end
+
+      get '/signup' do
+        haml get_view_as_string("signup.haml"), :layout => use_layout?
+      end
+
+      post '/signup' do
+        @user = User.new(params[:user])
+        if @user.save
+          session[:user] = @user.id
+          redirect '/'
+        else
+          session[:flash] = "failure!"
+          redirect '/'
+        end
+      end
+
+      get '/users/:id/edit' do
+        login_required
+        redirect "/users" unless current_user.admin? || current_user == params[:id]
+
+        @user = User.first(:id => params[:id])
+        haml get_view_as_string("edit.haml"), :layout => use_layout?
+      end
+
+      post '/users/:id/edit' do
+        login_required
+        redirect "/users" unless current_user.admin? || current_user == params[:id]
+
+        user = User.first(:id => params[:id])
+        user_attributes = params[:user]
+        if params[:user][:password] == ""
+            user_attributes.delete("password")
+            user_attributes.delete("password_confirmation")
+        end
+
+        if user.update_attributes(user_attributes)
+          redirect "/users/#{user.id}"
+        else
+          throw user.errors
+        end
+      end
+
+      get '/users/:id/delete' do
+        login_required
+        redirect "/users" unless current_user.admin? || current_user == params[:id]
+
+        user = User.first(:id => params[:id])
+        user.destroy
+        session[:flash] = "way to go, you deleted a user"
+        redirect '/'
+      end
+    end
+
+
+  end
+
+  module Helpers
+    def login_required
+      if session[:user]
+        return true
+      else
+        session[:return_to] = request.fullpath
+        redirect '/login'
+        return false
+      end
+    end
+
+    def current_user
+      # TODO
+      # considering returning a user like object with a permission method if not logged in
+      if session[:user]
+        User.first(:id => session[:user])
+      else
+        GuestUser.new
+      end
+    end
+
+    def logged_in?
+      !!session[:user]
+    end
+
+    def use_layout?
+      !request.xhr?
+    end
+
+    #BECAUSE sinatra 9.1.1 can't load views from different paths properly
+    def get_view_as_string(filename)
+      view = options.lil_authentication_view_path + filename
+      data = ""
+      f = File.open(view, "r")
+      f.each_line do |line|
+        data += line
+      end
+      return data
+    end
+
+    def render_login_logout(html_attributes = {:class => ""})
+    css_classes = html_attributes.delete(:class)
+    parameters = ''
+    html_attributes.each_pair do |attribute, value|
+      parameters += "#{attribute}=\"#{value}\" "
+    end
+
+      result = "<div id='sinatra-authentication-login-logout' >"
+      if logged_in?
+        logout_parameters = html_attributes
+        # a tad janky?
+        logout_parameters.delete(:rel)
+        result += "<a href='/logout' class='#{css_classes} sinatra-authentication-logout' #{logout_parameters}>logout</a> "
+        result += "<a href='/users/#{current_user.id}/edit' class='#{css_classes} sinatra-authentication-edit' #{parameters}>edit account</a>"
+      else
+        result += "<a href='/login' class='#{css_classes} sinatra-authentication-login' #{parameters}>login</a> "
+        result += "<a href='/signup' class='#{css_classes} sinatra-authentication-signup' #{parameters}>signup</a>"
+      end
+
+      result += "</div>"
+    end
+  end
+
+  register LilAuthentication
+end
+
+class GuestUser
+  def guest?
+    true
+  end
+
+  def permission_level
+    0
+  end
+
+  # current_user.admin? returns false. current_user.has_a_baby? returns false.
+  # (which is a bit of an assumption I suppose)
+  def method_missing(m, *args)
+    return false
+  end
+end

data/lib/views/edit.haml

@@ -0,0 +1,21 @@
+#sinatra_authentication
+  %h1
+    Editing
+    = @user.email
+  %form{:action => "/users/#{@user.id}/edit", :method => "post"}
+    %input{ :id => "user_password", :name => "user[password]", :size => 30, :type => "password" }
+    new password
+    %br
+    %input{ :id => "user_password_confirmation", :name => "user[password_confirmation]", :size => 30, :type => "password" }
+    confirm
+    -# don't render permission field if admin and editing yourself so you don't shoot yourself in the foot
+    - if current_user.admin? && current_user.id != @user.id
+      %br
+      %select{ :id => "permission_level", :name => "user[permission_level]" }
+        %option{:value => -1}
+          admin
+        %option{:value => 1}
+          authenticated user
+      permission level
+    %br
+    %input{ :value => "update", :type => "submit" }

data/lib/views/index.haml

@@ -0,0 +1,19 @@
+#sinatra_authentication
+  %h1 Users
+  %table
+    %tr
+      %th email
+      - if current_user.admin?
+        %th permission level
+    - @users.each do |user|
+      %tr
+        %td= user.email
+        - if current_user.admin?
+          %td= user.permission_level
+        %td
+          %a{:href => "/users/#{user.id}"} show
+        - if current_user.admin?
+          %td
+            %a{:href => "/users/#{user.id}/edit"} edit
+          %td
+            %a{:href => "/users/#{user.id}/delete", :onclick => "return confirm('you sure?')"} delete

data/lib/views/login.haml

@@ -0,0 +1,10 @@
+#sinatra_authentication
+  %h1 Login
+  %form{:action => "/login", :method => "post"}
+    %input{:id => "user_email", :name => "email", :size => 30, :type => "text"}
+    email
+    %br
+    %input{:id => "user_password", :name => "password", :size => 30, :type => "password"}
+    password
+    %br
+    %input{:value => "login", :type => "submit"}

data/lib/views/show.haml

@@ -0,0 +1,5 @@
+#sinatra_authentication
+  %h1= @user.email
+  - if current_user.admin?
+    %h2 permission level
+    = @user.permission_level

data/lib/views/signup.haml

@@ -0,0 +1,13 @@
+#sinatra_authentication
+  %h1 Signup
+  %form{:action => "/signup", :method => "post"}
+    %input{ :id => "user_email", :name => "user[email]", :size => 30, :type => "text" }
+    email
+    %br
+    %input{ :id => "user_password", :name => "user[password]", :size => 30, :type => "password" }
+    password
+    %br
+    %input{ :id => "user_password_confirmation", :name => "user[password_confirmation]", :size => 30, :type => "password" }
+    confirm
+    %br
+    %input{ :value => "sign up", :type => "submit" }

data/readme.rdoc

@@ -0,0 +1,71 @@
+a little sinatra gem that implements user authentication
+
+INSTALLATION:
+
+in your sinatra app simply include "sinatra-authentication" and turn on session storage
+with a super secret key, like so:
+
+    include "sinatra-authentication"
+
+    use Rack::Session::Cookie, :secret => 'A1 sauce 1s so good you should use 1t on a11 yr st34ksssss'
+
+DEFAULT ROUTES
+
+- get      '/login'
+- get      '/logout'
+- get      '/signup'
+- get/post '/users'
+- get       '/users/:id'
+- get/post  '/users/:id/edit'
+- get       '/users/:id/delete'
+
+If you fetch any of the user pages using ajax, they will automatically render without a layout
+
+HELPER METHODS
+
+This plugin provides the following helper methods for your sinatra app:
+
+- login_required
+which you place at the beginning of any routes you want to be protected
+- current_user
+- logged_in?
+- render_login_logout(html_attributes)
+Which renders login/logout and singup/edit account links.
+If you pass a hash of html parameters to render_login_logout all the links will get set to them.
+Which useful for if you're using some sort of lightbox
+
+SIMPLE PERMISSIONS
+
+By default the user class includes a method called admin? which simply checks
+if user.permission_level == -1.
+
+you can take advantage of  this method in your views or controllers by calling
+current_user.admin?
+i.e.
+
+  - if current_user.admin?
+    %a{:href => "/adminey_link_route_thing"} do something adminey
+
+(these view examples are in HAML, by the way)
+
+You can also extend the user class with any convenience methods for determining permissions.
+i.e.
+
+  #somewhere in the murky depths of your sinatra app
+  class User
+    def peasant?
+      self.permission_level == 0
+    end
+  end
+
+then in your views you can do
+
+  - if current_user.peasant?
+    %h1 hello peasant!
+    %p Welcome to the caste system! It's very depressing.
+
+if no one is logged in, current_user returns a GuestUser instance, which responds to current_user.guest?
+with true, current_user.permission_level with 0 and any other method calls with false
+
+This makes some view logic easier since you don't always have to check if the user is logged in,
+although a logged_in? helper method is still provided

data/sinatra-authentication.gemspec

@@ -0,0 +1,43 @@
+# -*- encoding: utf-8 -*-
+
+Gem::Specification.new do |s|
+  s.name = %q{sinatra-authentication}
+  s.version = "0.0.1"
+
+  s.required_rubygems_version = Gem::Requirement.new(">= 1.2") if s.respond_to? :required_rubygems_version=
+  s.authors = ["Max Justus Spransy"]
+  s.date = %q{2009-04-21}
+  s.description = %q{Simple authentication plugin for sinatra.}
+  s.email = %q{maxjustus@gmail.com}
+  s.extra_rdoc_files = ["lib/models/user.rb", "lib/views/signup.haml", "lib/views/edit.haml", "lib/views/login.haml", "lib/views/index.haml", "lib/views/show.haml", "lib/sinatra-authentication.rb", "TODO"]
+  s.files = ["lib/models/user.rb", "lib/views/signup.haml", "lib/views/edit.haml", "lib/views/login.haml", "lib/views/index.haml", "lib/views/show.haml", "lib/sinatra-authentication.rb", "History.txt", "Rakefile", "readme.rdoc", "TODO", "Manifest", "sinatra-authentication.gemspec"]
+  s.has_rdoc = true
+  s.homepage = %q{http://github.com/maxjustus/sinatra-authentication}
+  s.rdoc_options = ["--line-numbers", "--inline-source", "--title", "Sinatra-authentication", "--main", "readme.rdoc"]
+  s.require_paths = ["lib"]
+  s.rubyforge_project = %q{sinatra-authentication}
+  s.rubygems_version = %q{1.3.1}
+  s.summary = %q{Simple authentication plugin for sinatra.}
+
+  if s.respond_to? :specification_version then
+    current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
+    s.specification_version = 2
+
+    if Gem::Version.new(Gem::RubyGemsVersion) >= Gem::Version.new('1.2.0') then
+      s.add_development_dependency(%q<sinatra>, [">= 0"])
+      s.add_development_dependency(%q<dm-core>, [">= 0"])
+      s.add_development_dependency(%q<dm-timestamps>, [">= 0"])
+      s.add_development_dependency(%q<dm-validations>, [">= 0"])
+    else
+      s.add_dependency(%q<sinatra>, [">= 0"])
+      s.add_dependency(%q<dm-core>, [">= 0"])
+      s.add_dependency(%q<dm-timestamps>, [">= 0"])
+      s.add_dependency(%q<dm-validations>, [">= 0"])
+    end
+  else
+    s.add_dependency(%q<sinatra>, [">= 0"])
+    s.add_dependency(%q<dm-core>, [">= 0"])
+    s.add_dependency(%q<dm-timestamps>, [">= 0"])
+    s.add_dependency(%q<dm-validations>, [">= 0"])
+  end
+end

metadata

@@ -0,0 +1,116 @@
+--- !ruby/object:Gem::Specification 
+name: maxjustus-sinatra-authentication
+version: !ruby/object:Gem::Version 
+  version: 0.0.1
+platform: ruby
+authors: 
+- Max Justus Spransy
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2009-04-21 00:00:00 -07:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: sinatra
+  type: :development
+  version_requirement: 
+  version_requirements: !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: "0"
+    version: 
+- !ruby/object:Gem::Dependency 
+  name: dm-core
+  type: :development
+  version_requirement: 
+  version_requirements: !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: "0"
+    version: 
+- !ruby/object:Gem::Dependency 
+  name: dm-timestamps
+  type: :development
+  version_requirement: 
+  version_requirements: !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: "0"
+    version: 
+- !ruby/object:Gem::Dependency 
+  name: dm-validations
+  type: :development
+  version_requirement: 
+  version_requirements: !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: "0"
+    version: 
+description: Simple authentication plugin for sinatra.
+email: maxjustus@gmail.com
+executables: []
+
+extensions: []
+
+extra_rdoc_files: 
+- lib/models/user.rb
+- lib/views/signup.haml
+- lib/views/edit.haml
+- lib/views/login.haml
+- lib/views/index.haml
+- lib/views/show.haml
+- lib/sinatra-authentication.rb
+- TODO
+files: 
+- lib/models/user.rb
+- lib/views/signup.haml
+- lib/views/edit.haml
+- lib/views/login.haml
+- lib/views/index.haml
+- lib/views/show.haml
+- lib/sinatra-authentication.rb
+- History.txt
+- Rakefile
+- readme.rdoc
+- TODO
+- Manifest
+- sinatra-authentication.gemspec
+has_rdoc: true
+homepage: http://github.com/maxjustus/sinatra-authentication
+post_install_message: 
+rdoc_options: 
+- --line-numbers
+- --inline-source
+- --title
+- Sinatra-authentication
+- --main
+- readme.rdoc
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+  version: 
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "1.2"
+  version: 
+requirements: []
+
+rubyforge_project: sinatra-authentication
+rubygems_version: 1.2.0
+signing_key: 
+specification_version: 2
+summary: Simple authentication plugin for sinatra.
+test_files: []
+