merb-auth 0.1.0

data/lib/merb-auth/merbtasks.rb

@@ -0,0 +1,166 @@
+namespace :slices do
+  namespace :merb_auth do
+  
+    desc "Install MerbAuth"
+    task :install => [:preflight, :setup_directories, :copy_assets, :migrate]
+    
+    desc "Test for any dependencies"
+    task :preflight do # see slicetasks.rb
+    end
+  
+    desc "Setup directories"
+    task :setup_directories do
+      puts "Creating directories for host application"
+      MerbAuth.mirrored_components.each do |type|
+        if File.directory?(MerbAuth.dir_for(type))
+          if !File.directory?(dst_path = MerbAuth.app_dir_for(type))
+            relative_path = dst_path.relative_path_from(Merb.root)
+            puts "- creating directory :#{type} #{File.basename(Merb.root) / relative_path}"
+            mkdir_p(dst_path)
+          end
+        end
+      end
+    end
+    
+    desc "Copy stub files to host application"
+    task :stubs do
+      puts "Copying stubs for MerbAuth - resolves any collisions"
+      copied, preserved = MerbAuth.mirror_stubs!
+      puts "- no files to copy" if copied.empty? && preserved.empty?
+      copied.each { |f| puts "- copied #{f}" }
+      preserved.each { |f| puts "! preserved override as #{f}" }
+    end
+    
+    desc "Copy stub files and views to host application"
+    task :patch => [ "stubs", "freeze:views" ]
+  
+    desc "Copy public assets to host application"
+    task :copy_assets do
+      puts "Copying assets for MerbAuth - resolves any collisions"
+      copied, preserved = MerbAuth.mirror_public!
+      puts "- no files to copy" if copied.empty? && preserved.empty?
+      copied.each { |f| puts "- copied #{f}" }
+      preserved.each { |f| puts "! preserved override as #{f}" }
+    end
+    
+    desc "Migrate the database"
+    task :migrate do # see slicetasks.rb
+    end
+    
+    desc "Freeze MerbAuth into your app (only merb-auth/app)" 
+    task :freeze => [ "freeze:app" ]
+
+    namespace :freeze do
+      
+      desc "Freezes MerbAuth by installing the gem into application/gems using merb-freezer"
+      task :gem do
+        begin
+          Object.const_get(:Freezer).freeze(ENV["GEM"] || "merb-auth", ENV["UPDATE"], ENV["MODE"] || 'rubygems')
+        rescue NameError
+          puts "! dependency 'merb-freezer' missing"
+        end
+      end
+      
+      desc "Freezes MerbAuth by copying all files from merb-auth/app to your application"
+      task :app do
+        puts "Copying all merb-auth/app files to your application - resolves any collisions"
+        copied, preserved = MerbAuth.mirror_app!
+        puts "- no files to copy" if copied.empty? && preserved.empty?
+        copied.each { |f| puts "- copied #{f}" }
+        preserved.each { |f| puts "! preserved override as #{f}" }
+      end
+      
+      desc "Freeze all views into your application for easy modification" 
+      task :views do
+        puts "Copying all view templates to your application - resolves any collisions"
+        copied, preserved = MerbAuth.mirror_files_for :view
+        puts "- no files to copy" if copied.empty? && preserved.empty?
+        copied.each { |f| puts "- copied #{f}" }
+        preserved.each { |f| puts "! preserved override as #{f}" }
+      end
+      
+      desc "Freeze all models into your application for easy modification" 
+      task :models do
+        puts "Copying all models to your application - resolves any collisions"
+        copied, preserved = MerbAuth.mirror_files_for :model
+        puts "- no files to copy" if copied.empty? && preserved.empty?
+        copied.each { |f| puts "- copied #{f}" }
+        preserved.each { |f| puts "! preserved override as #{f}" }
+      end
+      
+      desc "Freezes MerbAuth as a gem and copies over merb-auth/app"
+      task :app_with_gem => [:gem, :app]
+      
+      desc "Freezes MerbAuth by unpacking all files into your application"
+      task :unpack do
+        puts "Unpacking MerbAuth files to your application - resolves any collisions"
+        copied, preserved = MerbAuth.unpack_slice!
+        puts "- no files to copy" if copied.empty? && preserved.empty?
+        copied.each { |f| puts "- copied #{f}" }
+        preserved.each { |f| puts "! preserved override as #{f}" }
+      end
+      
+    end
+    
+    desc "Run slice specs within the host application context"
+    task :spec => [ "spec:explain", "spec:default" ]
+    
+    namespace :spec do
+      
+      slice_root = File.expand_path(File.join(File.dirname(__FILE__), '..', '..'))
+      
+      task :explain do
+        puts "\nNote: By running MerbAuth specs inside the application context any\n" +
+             "overrides could break existing specs. This isn't always a problem,\n" +
+             "especially in the case of views. Use these spec tasks to check how\n" +
+             "well your application conforms to the original slice implementation."
+      end
+      
+      Spec::Rake::SpecTask.new('default') do |t|
+        t.spec_opts = ["--format", "specdoc", "--colour"]
+        t.spec_files = Dir["#{slice_root}/spec/**/*_spec.rb"].sort
+      end
+
+      desc "Run all model specs, run a spec for a specific Model with MODEL=MyModel"
+      Spec::Rake::SpecTask.new('model') do |t|
+        t.spec_opts = ["--format", "specdoc", "--colour"]
+        if(ENV['MODEL'])
+          t.spec_files = Dir["#{slice_root}/spec/models/**/#{ENV['MODEL']}_spec.rb"].sort
+        else
+          t.spec_files = Dir["#{slice_root}/spec/models/**/*_spec.rb"].sort
+        end
+      end
+
+      desc "Run all controller specs, run a spec for a specific Controller with CONTROLLER=MyController"
+      Spec::Rake::SpecTask.new('controller') do |t|
+        t.spec_opts = ["--format", "specdoc", "--colour"]
+        if(ENV['CONTROLLER'])
+          t.spec_files = Dir["#{slice_root}/spec/controllers/**/#{ENV['CONTROLLER']}_spec.rb"].sort
+        else    
+          t.spec_files = Dir["#{slice_root}/spec/controllers/**/*_spec.rb"].sort
+        end
+      end
+
+      desc "Run all view specs, run specs for a specific controller (and view) with CONTROLLER=MyController (VIEW=MyView)"
+      Spec::Rake::SpecTask.new('view') do |t|
+        t.spec_opts = ["--format", "specdoc", "--colour"]
+        if(ENV['CONTROLLER'] and ENV['VIEW'])
+          t.spec_files = Dir["#{slice_root}/spec/views/**/#{ENV['CONTROLLER']}/#{ENV['VIEW']}*_spec.rb"].sort
+        elsif(ENV['CONTROLLER'])
+          t.spec_files = Dir["#{slice_root}/spec/views/**/#{ENV['CONTROLLER']}/*_spec.rb"].sort
+        else
+          t.spec_files = Dir["#{slice_root}/spec/views/**/*_spec.rb"].sort
+        end
+      end
+
+      desc "Run all specs and output the result in html"
+      Spec::Rake::SpecTask.new('html') do |t|
+        t.spec_opts = ["--format", "html"]
+        t.libs = ['lib', 'server/lib' ]
+        t.spec_files = Dir["#{slice_root}/spec/**/*_spec.rb"].sort
+      end
+      
+    end
+    
+  end
+end

data/lib/merb-auth/model.rb

@@ -0,0 +1,80 @@
+require 'digest/sha1'
+
+module MerbAuth
+  def self.use_adapter(adapter)
+    require File.join(File.dirname(__FILE__), "adapter", adapter.to_s)
+  end
+  
+  module BaseModel
+    def self.included(base)
+      base.send(:include, InstanceMethods)
+      base.send(:extend,  ClassMethods)
+      
+      base.class_eval do
+        attr_accessor :password, :password_confirmation
+      end
+    end
+    
+    module InstanceMethods
+      def authenticated?(password)
+        crypted_password == encrypt(password)
+      end      
+
+      # before filter 
+      def encrypt_password
+        return if password.blank?
+        self.salt = Digest::SHA1.hexdigest("--#{Time.now.to_s}--#{username}--") if new_record?
+        self.crypted_password = encrypt(password)
+      end
+      
+      # Encrypts the password with the user salt
+      def encrypt(password)
+        self.class.encrypt(password, salt)
+      end
+      
+      def remember_token?
+        remember_token_expires_at && Date.today < remember_token_expires_at
+      end
+
+      def remember_me_until(time)
+        self.remember_token_expires_at = time
+        self.remember_token            = encrypt("#{email}--#{remember_token_expires_at}")
+        save
+      end
+
+      def remember_me_for(days)
+        remember_me_until (Date.today + days)
+      end
+
+      # These create and unset the fields required for remembering users between browser closes
+      # Default of 2 weeks 
+      def remember_me
+        remember_me_for(14)
+      end
+
+      def forget_me
+        self.remember_token_expires_at = nil
+        self.remember_token            = nil
+        self.save
+      end
+      
+      protected
+        def password_required?
+          crypted_password.blank? || !password.blank?
+        end      
+    end
+    
+    module ClassMethods
+      # Encrypts some data with the salt.
+      def encrypt(password, salt)
+        Digest::SHA1.hexdigest("--#{salt}--#{password}--")
+      end
+      
+      # Authenticates a user by their username and unencrypted password.  Returns the user or nil.
+      def authenticate(username, password)
+        u = find_by_username(username) # need to get the salt
+        u && u.authenticated?(password) ? u : nil
+      end
+    end
+  end
+end

data/lib/merb-auth/slicetasks.rb

@@ -0,0 +1,18 @@
+namespace :slices do
+  namespace :merb_auth do 
+    # add your own tasks here
+    
+    # implement this to test for structural/code dependencies
+    # like certain directories or availability of other files
+    desc "Test for any dependencies"
+    task :preflight do
+    end
+    
+    # implement this to perform any database related setup steps
+    desc "Migrate the database"
+    task :migrate do
+      MerbAuth::User.create_db_table
+    end
+    
+  end
+end

data/lib/merb-auth.rb

@@ -0,0 +1,72 @@
+if defined?(Merb::Plugins)
+
+  load_dependency 'merb-slices'
+  load_dependency 'merb_helpers'
+  
+  require File.join(File.dirname(__FILE__), 'merb-auth', 'model')
+
+  Merb::Plugins.add_rakefiles "merb-auth/merbtasks", "merb-auth/slicetasks"
+
+  # Register the Slice for the current host application
+  Merb::Slices::register(__FILE__)
+  
+  # Slice configuration - set this in a before_app_loads callback.
+  # By default a Slice uses its own layout.
+  Merb::Slices::config[:merb_auth][:layout] ||= :merb_auth
+  
+  # Use a short name for the user model class.  Set this to false to use MerbAuth::User
+  Merb::Slices::config[:merb_auth][:user_class_alias] = "User"
+  
+  # All Slice code is expected to be namespaced inside a module
+  module MerbAuth
+    # Slice metadata
+    self.description = "MerbAuth is an user authentication Merb slice!"
+    self.version = "0.1.0"
+    self.author = "ctran@pragmaquest.com"
+    
+    # Stub classes loaded hook - runs before LoadClasses BootLoader
+    # right after a slice's classes have been loaded internally.
+    def self.loaded
+      MerbAuth.use_adapter(Merb.orm_generator_scope) if Merb.orm_generator_scope != :merb_default
+      Object.const_set(Merb::Slices::config[:merb_auth][:user_class_alias], MerbAuth::User) if Merb::Slices::config[:merb_auth][:user_class_alias]      
+    end
+    
+    # Initialization hook - runs before AfterAppLoads BootLoader
+    def self.init
+    end
+    
+    # Activation hook - runs after AfterAppLoads BootLoader
+    def self.activate
+    end
+    
+    # Deactivation hook - triggered by Merb::Slices.deactivate(Bar)
+    def self.deactivate
+    end
+    
+    # Setup routes inside the host application
+    #
+    # @param scope<Merb::Router::Behaviour>
+    #  Routes will be added within this scope (namespace). In fact, any 
+    #  router behaviour is a valid namespace, so you can attach
+    #  routes at any level of your router setup.
+    def self.setup_router(scope)
+      scope.match('/login').to(:controller => 'users', :action => 'login').name(:login)
+      scope.match('/logout').to(:controller => 'users', :action => 'logout').name(:logout)
+      scope.match('/signup').to(:controller => 'users', :action => 'signup').name(:signup)
+    end
+  end
+  
+  # Setup the slice layout for MerbAuth
+  #
+  # Use MerbAuth.push_path and MerbAuth.push_app_path
+  # to set paths to merb-auth-level and app-level paths. Example:
+  #
+  # MerbAuth.push_path(:application, MerbAuth.root)
+  # MerbAuth.push_app_path(:application, Merb.root / 'slices' / 'merb-auth')
+  # ...
+  #
+  # Any component path that hasn't been set will default to MerbAuth.root
+  #
+  # Or just call setup_default_structure! to setup a basic Merb MVC structure.
+  MerbAuth.setup_default_structure!
+end

data/public/stylesheets/master.css

@@ -0,0 +1,157 @@
+body {
+  font-family: Arial, Verdana, sans-serif;
+  font-size: 14px;
+  background-color: #fff;
+  color: #000;
+  background-color: #fff;
+}
+
+html {
+  height: 100%;
+}
+
+hr {
+  border: 0px;
+  color: #ccc;
+  background-color: #cdcdcd;
+  height: 1px;
+  width: 100%;
+  text-align: left;
+}
+
+h1, h2, h3 {
+  color: #003399;
+  color: #09579A;
+  background-color: #fff;
+  font-family: Arial, Verdana, sans-serif;
+  font-weight: 300;
+}
+
+h1 {
+  font-size: 20px;
+}
+h2 {
+  font-size: 15px;
+}
+h3 {
+  font-size: 15px;
+}
+
+p {
+  line-height: 20px;
+  padding: 5px;
+}
+
+a, a:hover {
+  color: #0033CC;
+  background-color: #fff;
+  text-decoration: underline;
+}
+
+#container {
+  width: 95%;
+  text-align: left;
+  background-color: #fff;
+  margin-right: auto;
+  margin-left: auto;
+}
+
+#header-container {
+  width: 100%;
+  padding-top: 15px;
+}
+
+#header-container h1, #header-container h2 {
+  margin-left: 6px;
+  margin-bottom: 6px;
+}
+
+#main-container {
+  padding: 15px;
+  min-height: 400px;
+}
+
+#footer-container {
+  clear: both;
+  font-size: 12px;
+  font-family: Verdana, Arial, sans-serif;
+}
+
+#main-container ul {
+  margin-left: 3.0em;
+}
+
+.right {
+  float: right;
+  font-size: 100%;
+  margin-top: 5px;
+  color: #999;
+  background-color: #fff;
+}
+.left {
+  float: left;
+  font-size: 100%;
+  margin-top: 5px;
+  color: #999;
+  background-color: #fff;
+}
+
+a#google_signup {
+  background:transparent url(/images/btn-google-signup.png) no-repeat scroll 0% 0%;
+  color:#FFFFFF;
+  display:block;
+  font-size:14px;
+  height:67px;
+  line-height:22px;
+  margin:0pt;
+  padding:0px;
+  text-align:center;
+  text-decoration:none;
+  width:151px;
+}
+
+a#google_signup div {
+  padding-top:8px;
+}
+
+#openid_url, .openid_link {
+  background:#FFFFFF url(/images/openid-login.gif) no-repeat scroll 2px 50%;
+  padding-left:25px;
+  width:14.25em;
+}
+
+/** Form inputs **/
+label {
+  font-weight: bold;
+  display: block;
+}
+
+#remember_me {
+  margin: 2px 5px 0px 0px;
+  float: left;
+}
+
+div.error {
+  background-color:#FCECEC;
+}
+
+div.error ul {
+  padding-bottom:20px;
+}
+
+.error {
+  background-color:#FCECEC;
+}
+
+.error h2 {
+  background: #CC0000 no-repeat scroll left center;
+  border-color: #CC9999;
+  color:#FFFFFF;
+  border:1px solid #CCCCCC;
+  font-size:14px;
+  padding:5px 5px 5px 10px;
+}
+
+.error li {
+  color: #CC0000;
+}

data/spec/controllers/router_spec.rb

@@ -0,0 +1,29 @@
+require File.join(File.dirname(__FILE__), '..', 'spec_helper.rb')
+
+prefix = 'merb-auth'
+
+describe "Router.add_slice(:MerbAuth)" do
+  include Merb::Test::Rspec::RouteMatchers
+  
+  before(:all) do
+    Merb::Router.prepare { |r| r.add_slice(:MerbAuth) } if standalone?
+  end
+  
+  it "should have named routes for :login, :logout and :signup" do
+    [:login, :logout, :signup].each do |name|
+      url(name).should == "/#{prefix}/#{name}"
+    end
+  end
+
+  it "should route /#{prefix}/login to Session#new" do
+    request_to("/#{prefix}/login", :get).should route_to(MerbAuth::Users, :login)
+  end
+
+  it "should route /#{prefix}/login via post to Session#create" do
+    request_to("/#{prefix}/login", :post).should route_to(MerbAuth::Users, :login)
+  end
+
+  it "should route /#{prefix}/logout via delete to Session#destroy" do
+    request_to("/#{prefix}/logout", :delete).should route_to(MerbAuth::Users, :logout)
+  end
+end

data/spec/controllers/session_spec.rb

@@ -0,0 +1,87 @@
+require File.join(File.dirname(__FILE__), '..', 'spec_helper.rb')
+
+describe "Session Controller", "index action" do
+  before(:all) do    
+    Merb::Router.prepare { |r| r.add_slice(:MerbAuth) } if standalone?
+  end
+
+  def login_with(params = {}, &blk)
+    dispatch_to(MerbAuth::Users, :login, params, {:request_method => 'post'}, &blk)
+  end
+
+  def logout(&blk)
+    dispatch_to(MerbAuth::Users, :logout, {}, {}, &blk)
+  end
+  
+  it 'logins and redirects' do
+    controller = login_with(:username => 'quentin', :password => 'test') {|c|
+      c.should_receive(:verify_login).with('quentin', 'test').and_return(mock("User", :id => 1, :name => 'quentin'))
+    }
+    
+    controller.session[:user].should_not be_nil
+    controller.session[:user].should == 1
+    controller.should redirect_to("/")
+  end
+   
+  it 'fails login and does not redirect' do
+    controller = login_with(:username => 'quentin', :password => 'bad password') {|c|
+      c.should_receive(:verify_login).with('quentin', 'bad password').and_return(nil)
+    }
+    controller.session[:user].should be_nil
+    controller.should be_successful
+  end
+
+  it 'logs out' do
+    controller = logout {|c| 
+      c.stub!(:current_user).and_return(mock("User", :forget_me => true)) 
+    }
+    controller.session[:user].should be_nil
+    controller.should redirect
+  end
+
+  it 'remembers me' do
+    controller = login_with(:username => 'quentin', :password => 'test', :remember_me => "1") {|c|
+      user = mock("User", :id => 1)
+      c.should_receive(:verify_login).with('quentin', 'test').and_return(user)
+      user.should_receive(:remember_me)
+      user.should_receive(:remember_token).and_return("abc123")
+      user.should_receive(:remember_token_expires_at).and_return(Date.today)
+    }
+    controller.cookies["auth_token"].should_not be_nil
+  end
+ 
+  it 'does not remember me' do
+    controller = login_with(:username => 'quentin', :password => 'test', :remember_me => "0") {|c|
+      user = mock("User", :id => 1)
+      c.should_receive(:verify_login).with('quentin', 'test').and_return(user)
+    }
+    controller.cookies["auth_token"].should be_nil
+  end
+  
+  it 'deletes token on logout' do
+    controller = logout {|c| controller.stub!(:current_user).and_return(@quentin) }
+    controller.cookies["auth_token"].should == nil
+  end
+  
+  
+  it 'logs in with cookie' do
+    controller = login_with do |c|
+      c.request.env[Merb::Const::HTTP_COOKIE] = "auth_token=abc123"
+      c.should_receive(:verify_login).and_return(nil)
+      user = mock("User", :id => 1, :remember_token? => true)
+      c.should_receive(:find_user_by_remember_token).with('abc123').and_return(user)
+      user.should_receive(:remember_me)
+      user.should_receive(:remember_token).and_return("abc123")
+      user.should_receive(:remember_token_expires_at).and_return(Date.today)
+    end
+    controller.should be_logged_in
+  end
+
+  def auth_token(token)
+    CGI::Cookie.new('name' => 'auth_token', 'value' => token)
+  end
+    
+  def cookie_for(user)
+    auth_token user.remember_token
+  end
+end

data/spec/controllers/users_spec.rb

@@ -0,0 +1,41 @@
+require File.join(File.dirname(__FILE__), '..', 'spec_helper.rb')
+
+def user_hash(options = {})
+  { 'name'                   => 'ctran',
+    'username'               => "ctran",
+    'email'                  => "ctran@example.com",
+    'password'               => "sekret",
+    'password_confirmation'  => "sekret"}.merge(options)
+end
+
+describe MerbAuth::Users do
+  before(:all) do
+    require 'dm-core'
+    DataMapper.setup(:default, 'sqlite3::memory:')
+    MerbAuth.use_adapter(:datamapper)
+    
+    Merb::Router.prepare { |r| r.add_slice(:MerbAuth) } if standalone?
+  end
+  
+  before(:each) do
+    @user = mock("User", user_hash)
+    MerbAuth::User.should_receive(:new).with(user_hash).and_return(@user)
+  end
+  
+  it 'allows signup and redirect to /' do
+    @user.should_receive(:save).and_return(true)
+    
+    controller = dispatch_to(MerbAuth::Users, :signup, {'merb_auth::user' => user_hash }, {:request_method => 'post'})
+    controller.assigns(:user).should == @user
+    controller.should redirect_to('/')
+   end
+
+   it 'reject signup and render errors in template' do
+     @user.should_receive(:save).and_return(false)
+     controller = dispatch_to(MerbAuth::Users, :signup, {'merb_auth::user' => user_hash}, {:request_method => 'post'}) {|c| 
+       c.should_receive(:render)
+     }
+     controller.assigns(:user).should == @user
+     controller.should respond_successfully
+   end
+end

data/spec/controllers/view_helper_spec.rb

@@ -0,0 +1,27 @@
+require File.dirname(__FILE__) + '/../spec_helper'
+
+module MerbAuth
+  class Main < Application
+    def index
+      'index'
+    end
+  end
+end
+
+describe "MerbAuth::Main (controller)" do
+  before :all do
+    Merb::Router.prepare { |r| r.add_slice(:MerbAuth) } if standalone?
+  end
+  
+  it "should have helper methods for dealing with public paths" do
+    controller = dispatch_to(MerbAuth::Main, :index)
+    controller.public_path_for(:image).should == "/slices/merb-auth/images"
+    controller.public_path_for(:javascript).should == "/slices/merb-auth/javascripts"
+    controller.public_path_for(:stylesheet).should == "/slices/merb-auth/stylesheets"
+  end
+  
+  it "should have a slice-specific _template_root" do
+    MerbAuth::Main._template_root.should == MerbAuth.dir_for(:view)
+    MerbAuth::Main._template_root.should == MerbAuth::Application._template_root
+  end
+end