mbleigh-twitter-auth 0.1.8 → 0.1.10

data/README.markdown

@@ -76,6 +76,10 @@ TwitterAuth provides some default controller methods that may be overridden in y
 * `authentication_succeeded(message=default)`: called when Twitter authorization has completed successfully. By default, simply redirects to the site root and sets the `flash[:notice]`.
 * `access_denied`: what happens when the `login_required` before filter fails. By default it stores the current location to return to and redirects to the login process.
 
+Resources
+---------
+
+* **Bug Reports:** See the [Lighthouse Project](http://mbleigh.lighthouseapp.com/projects/27783-twitterauth) to report any problems you have using TwitterAuth.
 
 Copyright
 ---------

data/VERSION.yml

@@ -1,4 +1,4 @@
 --- 
 :minor: 1
-:patch: 8
+:patch: 10
 :major: 0

data/app/controllers/sessions_controller.rb

@@ -45,6 +45,8 @@ class SessionsController < ApplicationController
 
     session[:user_id] = @user.id
 
+    cookies[:remember_token] = @user.remember_me
+
     authentication_succeeded 
   rescue Net::HTTPServerException => e
     case e.message

data/app/models/twitter_auth/generic_user.rb

@@ -1,7 +1,7 @@
 module TwitterAuth
   class GenericUser < ActiveRecord::Base
-    attr_protected :login
-
+    attr_protected :login, :remember_token, :remember_token_expires_at
+    
     TWITTER_ATTRIBUTES = [
       :name,
       :location,
@@ -26,6 +26,7 @@ module TwitterAuth
     validates_format_of :login, :with => /\A[a-z0-9_]+\z/i
     validates_length_of :login, :in => 1..15
     validates_uniqueness_of :login, :case_sensitive => false
+    validates_uniqueness_of :remember_token, :allow_blank => true
     
     def self.table_name; 'users' end
 
@@ -41,6 +42,10 @@ module TwitterAuth
 
       user
     end
+
+    def self.from_remember_token(token)
+      first(:conditions => ["remember_token = ? AND remember_token_expires_at > ?", token, Time.now])
+    end
       
     def assign_twitter_attributes(hash)
       TWITTER_ATTRIBUTES.each do |att|
@@ -66,5 +71,21 @@ module TwitterAuth
         TwitterAuth::Dispatcher::Basic.new(self)
       end
     end
+
+    def remember_me
+      return false unless respond_to?(:remember_token)
+
+      self.remember_token = ActiveSupport::SecureRandom.hex(10)
+      self.remember_token_expires_at = Time.now + TwitterAuth.remember_for.days
+      
+      save
+
+      {:value => self.remember_token, :expires => self.remember_token_expires_at}
+    end
+
+    def forget_me
+      self.remember_token = self.remember_token_expires_at = nil
+      self.save
+    end
   end
 end

data/generators/twitter_auth/templates/migration.rb

@@ -10,6 +10,9 @@ class TwitterAuthMigration < ActiveRecord::Migration
       t.string :salt
 <% end -%>
 
+      t.string :remember_token
+      t.datetime :remember_token_expires_at
+
       # This information is automatically kept
       # in-sync at each login of the user. You
       # may remove any/all of these columns.

data/generators/twitter_auth/templates/twitter_auth.yml

@@ -1,24 +1,27 @@
 <% if options[:oauth] -%>
 development:
   strategy: oauth
-  base_url: "https://twitter.com"
-  api_timeout: 10
   oauth_consumer_key: devkey
   oauth_consumer_secret: devsecret
+  base_url: "https://twitter.com"
+  api_timeout: 10
+  remember_for: 14 # days
   oauth_callback: "http://localhost:3000/oauth_callback"
 test:
   strategy: oauth
-  base_url: "https://twitter.com"
-  api_timeout: 10
   oauth_consumer_key: testkey
   oauth_consumer_secret: testsecret
+  base_url: "https://twitter.com"
+  api_timeout: 10
+  remember_for: 14 # days
   oauth_callback: "http://localhost:3000/oauth_callback"
 production:
   strategy: oauth
-  api_timeout: 10
-  base_url: "https://twitter.com"
   oauth_consumer_key: prodkey
   oauth_consumer_secret: prodsecret
+  base_url: "https://twitter.com"
+  api_timeout: 10
+  remember_for: 14 # days
 <% else -%>
 development:
   strategy: basic
@@ -26,13 +29,16 @@ development:
   base_url: "https://twitter.com"
   # randomly generated key for encrypting Twitter passwords
   encryption_key: "<%= key = ActiveSupport::SecureRandom.hex(12) %>"
+  remember_for: 14 # days
 test:
   strategy: basic
   api_timeout: 10
   base_url: "https://twitter.com"
   encryption_key: "<%= key %>"
+  remember_for: 14 # days
 production:
   strategy: basic
   api_timeout: 10
   encryption_key: "<%= key %>"
+  remember_for: 14 # days
 <% end %>

data/lib/twitter_auth/controller_extensions.rb

@@ -20,7 +20,7 @@ module TwitterAuth
     end
 
     def current_user
-      @current_user ||= User.find_by_id(session[:user_id])
+      @current_user ||= User.find_by_id(session[:user_id]) || User.from_remember_token(cookies[:remember_token])
     end
 
     def current_user=(new_user)
@@ -57,6 +57,7 @@ module TwitterAuth
     def logout_keeping_session!
       @current_user = nil
       session[:user_id] = nil
+      cookies.delete(:remember_token)
     end
   end
 end

data/lib/twitter_auth.rb

@@ -27,6 +27,10 @@ module TwitterAuth
     config['oauth_callback']
   end
 
+  def self.remember_for
+    (config['remember_for'] || 14).to_i
+  end
+
   # The authentication strategy employed by this
   # application. Set in +config/twitter.yml+ as
   # strategy; valid options are oauth or basic.

data/spec/controllers/controller_extensions_spec.rb

@@ -35,9 +35,18 @@ class TwitterAuthTestController < ApplicationController
     logout_keeping_session!
     redirect_back_or_default('/')
   end
+
+  def current_user_action
+    @user = current_user
+    render :nothing => true
+  end
 end
 
 describe TwitterAuthTestController do
+  before do
+    controller.stub!(:cookies).and_return({})
+  end
+
   %w(authentication_failed authentication_succeeded current_user authorized? login_required access_denied store_location redirect_back_or_default logout_keeping_session!).each do |m|
     it "should respond to the extension method '#{m}'" do
       controller.should respond_to(m)
@@ -72,19 +81,21 @@ describe TwitterAuthTestController do
     it 'should find the user based on the session user_id' do
       user = Factory.create(:twitter_oauth_user)
       request.session[:user_id] = user.id
-      controller.send(:current_user).should == user
+      get(:current_user_action)
+      assigns[:user].should == user
     end
 
-    it 'should return nil if there is no user matching that id' do
-      request.session[:user_id] = 2345
-      controller.send(:current_user).should be_nil
+    it 'should log the user in through a cookie' do
+      user = Factory(:twitter_oauth_user, :remember_token => 'abc', :remember_token_expires_at => (Time.now + 10.days))
+      controller.stub!(:cookies).and_return({:remember_token => 'abc'})
+      get :current_user_action
+      assigns[:user].should == user
     end
 
-    it 'should memoize the result (and not do a double find)' do
-      user = Factory.create(:twitter_oauth_user)
-      User.should_receive(:find_by_id).once.and_return(user)
-      controller.send(:current_user).should == user
-      controller.send(:current_user).should == user
+    it 'should return nil if there is no user matching that id' do
+      request.session[:user_id] = 2345
+      get :current_user_action
+      assigns[:user].should be_nil
     end
   end
 
@@ -142,5 +153,10 @@ describe TwitterAuthTestController do
       get :logout_keeping_session_action
       controller.send(:current_user).should be_nil
     end
+
+    it 'should unset the cookie' do
+      controller.send(:cookies).should_receive(:delete).with(:remember_token)
+      get :logout_keeping_session_action
+    end
   end
 end

data/spec/controllers/sessions_controller_spec.rb

@@ -82,6 +82,12 @@ describe SessionsController do
       describe 'with proper info' do
         before do
           @user = Factory.create(:twitter_oauth_user)
+          @time = Time.now
+          @remember_token = ActiveSupport::SecureRandom.hex(10)
+          
+          Time.stub!(:now).and_return(@time)
+          ActiveSupport::SecureRandom.stub!(:hex).and_return(@remember_token)
+
           request.session[:request_token] = 'faketoken'
           request.session[:request_token_secret] = 'faketokensecret'
           get :oauth_callback, :oauth_token => 'faketoken'
@@ -116,6 +122,15 @@ describe SessionsController do
           it "should assign the user id to the session" do
             session[:user_id].should == @user.id
           end
+
+          it "should call remember me" do
+            @user.reload
+            @user.remember_token.should == @remember_token
+          end
+
+          it "should set a cookie" do
+            cookies[:remember_token].should == @remember_token
+          end
         end
 
         describe "when OAuth doesn't work" do

data/spec/models/twitter_auth/generic_user_spec.rb

@@ -5,12 +5,17 @@ describe TwitterAuth::GenericUser do
   should_validate_format_of :login, 'some_guy', 'awesome', 'cool_man'
   should_not_validate_format_of :login, 'with-dashes', 'with.periods', 'with spaces'
   should_validate_length_of :login, :in => 1..15
- 
+  
   it 'should validate uniqueness of login' do
     Factory.create(:twitter_oauth_user)
     Factory.build(:twitter_oauth_user).should have_at_least(1).errors_on(:login)
   end
 
+  it 'should validate uniqueness of remember_token' do
+    Factory.create(:twitter_oauth_user, :remember_token => 'abc')
+    Factory.build(:twitter_oauth_user, :remember_token => 'abc').should have_at_least(1).errors_on(:remember_token)
+  end
+
   it 'should allow capital letters in the username' do
     Factory.build(:twitter_oauth_user, :login => 'TwitterMan').should have(:no).errors_on(:login)
   end
@@ -54,4 +59,84 @@ describe TwitterAuth::GenericUser do
       lambda{user.update_twitter_attributes({'name' => 'Twitter Man', 'description' => 'Works.', 'whoopsy' => 'noworks.'})}.should_not raise_error
     end
   end
+
+  describe '#remember_me' do
+    before do
+      @user = Factory(:twitter_oauth_user)
+    end
+
+    it 'should check for the remember_token column' do
+      @user.should_receive(:respond_to?).with(:remember_token).and_return(false)
+      @user.remember_me
+    end
+
+    it 'should return nil if there is no remember_token column' do
+      @user.should_receive(:respond_to?).with(:remember_token).and_return(false)
+      @user.remember_me.should be_false
+    end
+    
+    describe ' with proper columns' do
+      it 'should generate a secure random token' do
+        ActiveSupport::SecureRandom.should_receive(:hex).with(10).and_return('abcdef')
+        @user.remember_me
+        @user.remember_token.should == 'abcdef'
+      end
+
+      it 'should set the expiration to the current time plus the remember_for period' do
+        TwitterAuth.stub!(:remember_for).and_return(10)
+        time = Time.now
+        Time.stub!(:now).and_return(time)
+
+        @user.remember_me
+
+        @user.remember_token_expires_at.should == Time.now + 10.days
+      end
+
+      it 'should return a hash with a :value and :expires key' do
+        result = @user.remember_me
+        result.should be_a(Hash)
+        result.key?(:value).should be_true
+        result.key?(:expires).should be_true
+      end
+
+      it 'should return a hash with appropriate values' do
+        TwitterAuth.stub!(:remember_for).and_return(10)
+        time = Time.now
+        Time.stub!(:now).and_return(time)
+        ActiveSupport::SecureRandom.stub!(:hex).and_return('abcdef')
+
+        @user.remember_me.should == {:value => 'abcdef', :expires => (Time.now + 10.days)}
+      end
+    end
+  end
+
+  describe '#forget_me' do
+    it 'should reset remember_token and remember_token_expires_at' do
+      @user = Factory(:twitter_oauth_user, :remember_token => "abcdef", :remember_token_expires_at => Time.now + 10.days)
+      @user.forget_me
+      @user.reload
+      @user.remember_token.should be_nil
+      @user.remember_token_expires_at.should be_nil
+    end
+  end
+
+  describe '.from_remember_token' do
+    before do
+      @user = Factory(:twitter_oauth_user, :remember_token => 'abcdef', :remember_token_expires_at => (Time.now + 10.days))
+    end
+
+    it 'should find the user with the specified remember_token' do
+      User.from_remember_token('abcdef').should == @user
+    end
+
+    it 'should not find a user with an expired token' do
+      user2 = Factory(:twitter_oauth_user, :login => 'walker', :remember_token => 'ghijkl', :remember_token_expires_at => (Time.now - 10.days))
+      User.from_remember_token('ghijkl').should be_nil
+    end
+
+    it 'should not find a user with a nil token and an expiration' do
+      user = Factory(:twitter_oauth_user, :login => 'stranger', :remember_token => nil, :remember_token_expires_at => (Time.now + 10.days))
+      User.from_remember_token(nil).should be_nil
+    end
+  end
 end

data/spec/schema.rb

@@ -10,6 +10,10 @@ ActiveRecord::Schema.define :version => 0 do
     t.binary :crypted_password
     t.string :salt
 
+    # Remember token fields
+    t.string :remember_token
+    t.datetime :remember_token_expires_at
+
     # This information is automatically kept
     # in-sync at each login of the user. You
     # may remove any/all of these columns.

data/spec/twitter_auth_spec.rb

@@ -13,7 +13,7 @@ describe TwitterAuth do
     end
   end
 
-  describe '#api_timeout' do
+  describe '.api_timeout' do
     it 'should default to 10' do
       TwitterAuth.stub!(:config).and_return({})
       TwitterAuth.api_timeout.should == 10
@@ -25,6 +25,18 @@ describe TwitterAuth do
     end
   end
 
+  describe '.remember_for' do
+    it 'should default to 14' do
+      TwitterAuth.stub!(:config).and_return({})
+      TwitterAuth.remember_for.should == 14
+    end
+
+    it 'should be settable via config' do
+      TwitterAuth.stub!(:config).and_return({'remember_for' => '7'})
+      TwitterAuth.remember_for.should == 7
+    end
+  end
+
   describe '.net' do
     before do
       stub_basic!

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification 
 name: mbleigh-twitter-auth
 version: !ruby/object:Gem::Version 
-  version: 0.1.8
+  version: 0.1.10
 platform: ruby
 authors: 
 - Michael Bleigh