merb-auth 0.1.0

data/LICENSE

@@ -0,0 +1,20 @@
+Copyright (c) 2008 PragmaQuest Inc
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README

@@ -0,0 +1,64 @@
+MerbAuth
+=========
+
+An user authentication slice for Merb, with support for ActiveRecord and DataMapper.  
+See http://github.com/ctran/merb-skel for an example application that uses this slice
+
+== Installation:
+
+> gem install merb
+> gem install merb-slices
+
+To use activerecord adapter
+> gem install activerecord
+> gem merb_activerecord
+
+To use datamapper adapter
+> gem install datamapper
+> gem install merb_datamapper
+
+=== config/init.rb
+
+# add the slice as a regular dependency
+dependency 'merb-auth'
+
+=== config/router.rb
+
+# This will add the following routes /login, /logout and /signup
+r.slice(:MerbAuth)
+
+# This will add the following routes /merb-auth/login, /merb-auth/logout and /merb-auth/signup
+r.add_slice(:MerbAuth)
+
+# This will add the following routes /user/login, /user/logout and /user/signup
+r.add_slice(:MerbAuth, 'user') # same as :path => 'user'
+
+=== Normally you should also run the following rake task:
+> rake slices:merb_auth:install
+
+== Customization/Overrides
+
+By default, the user model class MerbAuth::User is aliased to User. 
+
+You can also put your application-level overrides in:
+
+host-app/slices/merb-auth/app - controllers, models, views ...
+
+Templates are located in this order:
+
+1. host-app/slices/merb-auth/app/views/*
+2. gems/merb-auth/app/views/*
+3. host-app/app/views/*
+
+You can use the host application's layout by configuring the
+merb-auth slice in a before_app_loads block:
+
+Merb::Slices.config[:merb_auth] = { :layout => :application }
+
+By default :merb_auth is used. If you need to override
+stylesheets or javascripts, just specify your own files in your layout
+instead/in addition to the ones supplied (if any) in 
+host-app/public/slices/merb-auth.
+
+In any case don't edit those files directly as they may be clobbered any time
+rake merb_auth:install is run.

data/Rakefile

@@ -0,0 +1,47 @@
+require 'rubygems'
+require 'rake/gempackagetask'
+require 'spec/rake/spectask'
+require 'merb-core/version'
+require 'merb-core/test/tasks/spectasks'
+
+PLUGIN = "merb-auth"
+NAME = "merb-auth"
+AUTHOR = "Cuong Tran"
+EMAIL = "ctran@pragmaquest.com"
+HOMEPAGE = "http://merb-slices.rubyforge.org/merb-auth/"
+SUMMARY = "Merb Slice that provides user authentication"
+SLICE_VERSION = "0.1.0"
+
+spec = Gem::Specification.new do |s|
+  s.name = NAME
+  s.version = SLICE_VERSION
+  s.platform = Gem::Platform::RUBY
+  s.has_rdoc = true
+  s.extra_rdoc_files = ["README", "LICENSE"]
+  s.summary = SUMMARY
+  s.description = s.summary
+  s.author = AUTHOR
+  s.email = EMAIL
+  s.homepage = HOMEPAGE
+  s.add_dependency('merb-slices', '>= 0.9.4')
+  s.require_path = 'lib'
+  s.files = %w(LICENSE README Rakefile) + Dir.glob("{lib,spec,app,public}/**/*")
+end
+
+Rake::GemPackageTask.new(spec) do |pkg|
+  pkg.gem_spec = spec
+end
+
+desc "Install Foo as a gem"
+task :install => [:package] do
+  sh %{sudo gem install pkg/#{NAME}-#{SLICE_VERSION} --no-update-sources --local}
+end
+
+namespace :jruby do
+
+  desc "Run :package and install the resulting .gem with jruby"
+  task :install => :package do
+    sh %{#{SUDO} jruby -S gem install pkg/#{NAME}-#{VERSION}.gem --no-rdoc --no-ri}
+  end
+
+end

data/app/controllers/application.rb

@@ -0,0 +1,4 @@
+class MerbAuth::Application < Merb::Controller
+  controller_for_slice
+  include MerbAuth::ControllerMixin
+end

data/app/controllers/controller_mixin.rb

@@ -0,0 +1,150 @@
+module MerbAuth
+  module ControllerMixin
+    protected
+      # Returns true or false if the user is logged in.
+      # Preloads @current_user with the user model if they're logged in.
+      def logged_in?
+        current_user != :false
+      end
+    
+      # Accesses the current user from the session.  Set it to :false if login fails
+      # so that future calls do not hit the database.
+      def current_user
+        @current_user ||= (login_from_session || login_from_basic_auth || login_from_cookie || :false)
+      end
+    
+      # Store the given user in the session.
+      def current_user=(new_user)
+        session[:user] = (new_user.nil? || new_user.is_a?(Symbol)) ? nil : new_user.id
+        @current_user = new_user
+      end
+    
+      # Check if the user is authorized
+      #
+      # Override this method in your controllers if you want to restrict access
+      # to only a few actions or if you want to check if the user
+      # has the correct rights.
+      #
+      # Example:
+      #
+      #  # only allow nonbobs
+      #  def authorized?
+      #    current_user.username != "bob"
+      #  end
+      def authorized?
+        logged_in?
+      end
+
+      # Filter method to enforce a login requirement.
+      #
+      # To require logins for all actions, use this in your controllers:
+      #
+      #   before_filter :login_required
+      #
+      # To require logins for specific actions, use this in your controllers:
+      #
+      #   before_filter :login_required, :only => [ :edit, :update ]
+      #
+      # To skip this in a subclassed controller:
+      #
+      #   skip_before_filter :login_required
+      #
+      def login_required
+        authorized? || throw(:halt, :access_denied)
+      end
+
+      # Redirect as appropriate when an access request fails.
+      #
+      # The default HTML action is to redirect to the login screen.
+      #
+      # The default XML action is to render the text Couldn't authenticate you.
+      # To provide this response wrapped in XML, make sure to specify an
+      # XML layout, such as /app/views/layouts/application.xml.builder.
+      #
+      # Override this method in your controllers if you want to have special
+      # behavior in case the user is not authorized
+      # to access the requested action.  For example, a popup window might
+      # simply close itself.
+      def access_denied
+        case content_type
+        when :html
+          store_location
+          redirect url(:login)
+        when :xml
+          headers["Status"]             = "Unauthorized"
+          headers["WWW-Authenticate"]   = %(Basic realm="Web Password")
+          self.status = 401
+          render "Couldn't authenticate you"
+        end
+      end
+    
+      # Store the URI of the current request in the session.
+      #
+      # We can return to this location by calling #redirect_back_or_default.
+      def store_location
+        session[:return_to] = request.uri
+      end
+    
+      # Redirect to the URI stored by the most recent store_location call or
+      # to the passed default.
+      def redirect_back_or_default(default)
+        loc = session[:return_to] || default
+        session[:return_to] = nil
+        redirect loc
+      end
+    
+      # Inclusion hook to make #current_user and #logged_in?
+      # available as ActionView helper methods.
+      # def self.included(base)
+      #   base.send :helper_method, :current_user, :logged_in?
+      # end
+
+      # Called from #current_user.  First attempt to login by the user id stored in the session.
+      def login_from_session
+        self.current_user = find_user_by_id(session[:user]) if session[:user]
+      end
+
+      # Called from #current_user.  Now, attempt to login by basic authentication information.
+      def login_from_basic_auth
+        username, passwd = get_auth_data
+        self.current_user = verify_login(username, passwd) if username && passwd
+      end
+
+      # Called from #current_user.  Finaly, attempt to login by an expiring token in the cookie.
+      def login_from_cookie     
+        user = cookies[:auth_token] && find_user_by_remember_token(cookies[:auth_token])
+        if user && user.remember_token?
+          user.remember_me
+          cookies[:auth_token] = { :value => user.remember_token, :expires => Time.parse(user.remember_token_expires_at.strftime) }
+          self.current_user = user
+        end
+      end
+    
+      def reset_session
+        session.data.each{|k,v| session.data.delete(k)}
+      end
+
+    protected
+      def verify_login(username, password)
+        MerbAuth::User.authenticate(username, password)
+      end
+      
+      def find_user_by_id(user_id)
+        MerbAuth::User.find_by_id(user_id)
+      end
+      
+      def find_user_by_remember_token(token)
+        MerbAuth::User.find_by_remember_token(token)
+      end
+
+    private
+      @@http_auth_headers = %w(Authorization HTTP_AUTHORIZATION X-HTTP_AUTHORIZATION X_HTTP_AUTHORIZATION REDIRECT_X_HTTP_AUTHORIZATION)
+
+      # gets BASIC auth info
+      def get_auth_data
+        auth_key  = @@http_auth_headers.detect { |h| request.env.has_key?(h) }
+        auth_data = request.env[auth_key].to_s.split unless auth_key.blank?
+        return auth_data && auth_data[0] == 'Basic' ? Base64.decode64(auth_data[1]).split(':')[0..1] : [nil, nil] 
+      end
+  end
+end

data/app/controllers/users.rb

@@ -0,0 +1,41 @@
+class MerbAuth::Users < MerbAuth::Application
+  provides :html
+
+  skip_before :login_required
+  
+  def login
+    if request.post?
+      self.current_user = verify_login(params[:username], params[:password])
+      if logged_in?
+        if params[:remember_me] == "1"
+          self.current_user.remember_me
+          cookies[:auth_token] = {
+            :value => self.current_user.remember_token, 
+            :expires => Time.parse(current_user.remember_token_expires_at.strftime)
+          }
+        end
+        return redirect_back_or_default('/')
+      end
+    end
+    
+    render
+  end
+
+  def logout
+    self.current_user.forget_me if logged_in?
+    cookies.delete :auth_token
+    reset_session
+    redirect_back_or_default('/')
+  end
+
+  def signup
+    cookies.delete :auth_token
+    @user = MerbAuth::User.new(params['merb_auth::user'] || {})
+    
+    if request.post? && @user.save
+      return redirect_back_or_default('/')
+    end
+    
+    render
+  end
+end

data/app/helpers/application_helper.rb

@@ -0,0 +1,64 @@
+module Merb
+  module MerbAuth
+    module ApplicationHelper
+      
+      # @param *segments<Array[#to_s]> Path segments to append.
+      #
+      # @return <String> 
+      #  A path relative to the public directory, with added segments.
+      def image_path(*segments)
+        public_path_for(:image, *segments)
+      end
+      
+      # @param *segments<Array[#to_s]> Path segments to append.
+      #
+      # @return <String> 
+      #  A path relative to the public directory, with added segments.
+      def javascript_path(*segments)
+        public_path_for(:javascript, *segments)
+      end
+      
+      # @param *segments<Array[#to_s]> Path segments to append.
+      #
+      # @return <String> 
+      #  A path relative to the public directory, with added segments.
+      def stylesheet_path(*segments)
+        public_path_for(:stylesheet, *segments)
+      end
+      
+      # Construct a path relative to the public directory
+      # 
+      # @param <Symbol> The type of component.
+      # @param *segments<Array[#to_s]> Path segments to append.
+      #
+      # @return <String> 
+      #  A path relative to the public directory, with added segments.
+      def public_path_for(type, *segments)
+        File.join(::MerbAuth.public_dir_for(type), *segments)
+      end
+      
+      # Construct an app-level path.
+      # 
+      # @param <Symbol> The type of component.
+      # @param *segments<Array[#to_s]> Path segments to append.
+      #
+      # @return <String> 
+      #  A path within the host application, with added segments.
+      def app_path_for(type, *segments)
+        File.join(::MerbAuth.app_dir_for(type), *segments)
+      end
+      
+      # Construct a slice-level path.
+      # 
+      # @param <Symbol> The type of component.
+      # @param *segments<Array[#to_s]> Path segments to append.
+      #
+      # @return <String> 
+      #  A path within the slice source (Gem), with added segments.
+      def slice_path_for(type, *segments)
+        File.join(::MerbAuth.dir_for(type), *segments)
+      end
+      
+    end
+  end
+end

data/app/views/layout/merb_auth.html.erb

@@ -0,0 +1,47 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-us" lang="en-us">
+  <head>
+    <title>Auth::Slice Sample Layout</title>
+    <meta http-equiv="content-type" content="text/html; charset=utf-8" />
+    <link rel="stylesheet" type="text/css" href="http://yui.yahooapis.com/2.5.1/build/reset-fonts-grids/reset-fonts-grids.css"> 
+    <link rel="stylesheet" type="text/css" href="http://yui.yahooapis.com/2.5.1/build/base/base-min.css"> 
+    <link href="<%= public_path_for :stylesheet, 'master.css' %>" type="text/css" charset="utf-8" rel="stylesheet" media="all"/>    
+    <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.2.6/jquery.min.js"></script>
+    <script type="text/javascript">
+      (function($) {
+        $(document).ready(function() {
+          $(":text:visible:enabled:first").focus(); 
+        });
+      })(jQuery);
+    </script>
+  </head>
+  <body>
+    <div id="container">
+      <div id="header-container">
+        <span style="float:right;margin-right:50px">
+        <% if logged_in? %>
+          Welcome <%= current_user.name %>
+          | <a href="<%= url(:logout) %>">Sign out</a>
+        <% else %>
+          <a href="<%= url(:signup) %>">Join now</a>
+          | <a href="<%= url(:login) %>">Sign in</a>
+        <% end %>
+        </span>
+        <h1>Sample MerbAuth App</h1>
+        <hr />
+      </div>
+
+      <div id="main-container">
+        <%= catch_content :for_layout %>
+      </div>
+
+      <hr />
+      
+      <div id="footer-container">
+        <div class="left"><%= __FILE__ %></div>
+        <div class="right">&copy; 2008 PragmaQuest Inc.  All rights reserved.</div>
+      </div>
+    </div>
+  </body>
+</html>
+

data/app/views/users/login.html.erb

@@ -0,0 +1,31 @@
+
+<div>
+  <div class="form_description">
+  	<h2>Member sign in</h2>
+  </div>
+
+  <form action="<%= url(:login) %>" method="post">
+    <% if request.post? -%>
+    <div class="error">
+      <h2>Incorrect username and password</h2>
+    </div>
+    <% end -%>
+    
+    <p><label for="username">Username or e-mail</label>
+    <input type="text" name="username" value="<%= params[:username] %>"/></p>
+
+    <p><label for="password">Password</label>
+    <input type="password" name="password"/></p>
+
+    <p><input type="checkbox" name='remember_me' id='remember_me' value="1"/>
+      <label id='remember_me_lb' for="remember_me">Keep me signed in</label></p>
+
+    <p><input type="submit" value="Sign in"/> <span style="margin-left:20px"><a href="#">Forgot password?</a></span></p>
+  </form>
+  
+  <form action="#" method="post" style="display:none">
+    <p><label for="openid_url">OpenID</label>
+    <input type="text" value="" size="40" id="openid_url" name="openid_url"/>  <small>(e.g. http://username.myopenid.com)</small>
+    </p>
+  </form>
+</div>

data/app/views/users/signup.html.erb

@@ -0,0 +1,29 @@
+
+<div>
+  <div class="form_description">
+  	<h2>Sign up here (it's absolutely free)</h2>
+  </div>
+
+  <% form_for @user, :action => url(:signup) do %>
+    <%= error_messages_for :user, lambda{|err| "<li>#{err.join('<br/>')}</li>"} %>
+
+    <p>
+      <%= text_control :name, :label => "Name" %>
+    </p>
+    <p>
+      <%= text_control :username, :label => "Username" %>
+    </p>
+    <p>
+      <%= text_control :email, :label => "E-mail" %>
+    </p>
+    <p>
+      <%= password_control :password, :label => "Password" %>
+    </p>
+    <p>
+      <%= password_control :password_confirmation, :label => "Password Confirmation" %>
+    </p>
+    <p>
+      <%= submit_button "Sign up" %> <span style="margin-left:20px">Already a member?  <a href="<%= url(:login) %>">Sign in here</a></span>
+    </p>
+  <% end %>
+</div>

data/lib/merb-auth/adapter/activerecord.rb

@@ -0,0 +1,52 @@
+module MerbAuth
+  module Adapter
+    module Activerecord
+      def self.included(base)
+        base.class_eval do
+          include MerbAuth::BaseModel
+          extend ClassMethods
+          
+          validates_presence_of     :name
+          validates_presence_of     :username
+          validates_presence_of     :email
+          validates_length_of       :username, :within => 3..40
+          validates_length_of       :password, :within => 4..40, :if => :password_required?
+          validates_presence_of     :password_confirmation, :if => :password_required?
+          validates_confirmation_of :password, :if => :password_required?
+          validates_uniqueness_of   :username, :case_sensitive => false, :if => lambda { |u| !u.username.blank? }
+          validates_uniqueness_of   :email, :case_sensitive => false, :if => lambda { |u| !u.email.blank? }
+
+          before_save :encrypt_password
+          
+          def username=(value)
+            self[:username] = value.downcase if value
+          end
+        end
+      end
+      
+      module ClassMethods
+        def drop_db_table
+          self.connection.drop_table("users")
+        end
+        
+        def create_db_table
+          self.connection.create_table("users") do |t|
+            t.string :name, :limit => 40, :null => false
+            t.string :username, :limit => 40, :null => false
+            t.string :email, :null => false
+            t.string :crypted_password, :limit => 40
+            t.string :salt, :limit => 40, :null => false
+            t.string :remember_token
+            t.date :remember_token_expires_at
+            t.timestamps
+          end
+        end  
+      end
+    end
+  end
+end
+
+MerbAuth.send(:remove_const, :User) if defined? MerbAuth::User
+class MerbAuth::User < ActiveRecord::Base
+  include MerbAuth::Adapter::Activerecord
+end

data/lib/merb-auth/adapter/datamapper.rb

@@ -0,0 +1,78 @@
+require 'dm-core'
+require 'dm-validations'
+require 'dm-timestamps'
+require 'dm-aggregates'
+
+module MerbAuth
+  module Adapter
+    module Datamapper
+      def self.included(base)
+        base.class_eval do
+          include ::DataMapper::Resource
+          include MerbAuth::BaseModel
+          extend ClassMethods
+          
+          storage_names[:default] = 'users'
+          
+          property :id, Integer, :serial => true
+          property :name, String, :length => 3..40, :nullable => false
+          property :username, String, :length => 3..40, :nullable => false
+          property :email, String, :format => :email_address, :nullable => false
+          property :crypted_password, String, :length => 40
+          property :salt, String, :length => 40
+          property :remember_token_expires_at, Date
+          property :remember_token, String
+          property :created_at, DateTime
+          property :updated_at, DateTime
+  
+          validates_is_unique :username, :email
+          validates_length :password, :in => 4..40, :if => :password_required?
+          validates_is_confirmed :password, :groups => :create
+
+          before :save, :encrypt_password
+          
+          def username=(value)
+            attribute_set(:username, value.downcase) if value
+          end
+        end
+      end
+      
+      module ClassMethods
+        def create_db_table
+          self.auto_migrate!
+        end
+        
+        def drop_db_table
+          self.repository do |r|
+            r.adapter.destroy_model_storage(r, self)
+          end
+        end
+        
+        def find_by_id(id)
+          MerbAuth::User.first(:id => id)
+        end
+
+        def find_by_remember_token(rt)
+          MerbAuth::User.first(:remember_token => rt)
+        end
+
+        def find_by_username(username)
+          if MerbAuth::User.properties[:activated_at]
+            MerbAuth::User.first(:username => username, :activated_at.not => nil)
+          else
+            MerbAuth::User.first(:username => username)
+          end
+        end
+
+        def find_by_activiation_code(activation_code)
+          MerbAuth::User.first(:activation_code => activation_code)
+        end
+      end
+    end
+  end
+end
+
+MerbAuth.send(:remove_const, :User) if defined? MerbAuth::User
+class MerbAuth::User
+  include MerbAuth::Adapter::Datamapper
+end