merb_auth_slice_multisite 0.8.6

data/app/views/layout/merb_auth_slice_multisite.html.erb

@@ -0,0 +1,16 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-us" lang="en-us">
+  <head>
+    <meta http-equiv="content-type" content="text/html; charset=utf-8" />
+    <title>Fresh MerbAuthSliceMultisite Slice</title>
+    <link href="<%= public_path_for :stylesheet, 'master.css' %>" type="text/css" charset="utf-8" rel="stylesheet" media="all" />
+    <script src="<%= public_path_for :javascript, 'master.js' %>" type="text/javascript" charset="utf-8"></script>
+  </head>
+  <!-- you can override this layout at slices/merb_auth_slice_multisite/app/views/layout/merb_auth_slice_multisite.html.erb -->
+  <body class="merb_auth_slice_multisite-slice">
+  <div id="container">
+	  <h1>MerbAuthSliceMultisite Slice</h1>
+    <div id="main"><%= catch_content :for_layout %></div>
+  </div>
+  </body>
+</html>

data/config/database.yml

@@ -0,0 +1,33 @@
+---
+# This is a sample database file for the DataMapper ORM
+development: &defaults
+  # These are the settings for repository :default
+  adapter:  sqlite3
+  database: sample_development.db
+ 
+  # Add more repositories
+  # repositories:
+  #   repo1:
+  #     adapter:  sqlite3
+  #     database: sample_1_development.db
+  #   repo2:
+  #     ...
+ 
+test:
+  <<:       *defaults
+  database: sample_test.db
+ 
+  # repositories:
+  #   repo1:
+  #     database: sample_1_test.db
+ 
+production:
+  <<:       *defaults
+  database: production.db
+ 
+  # repositories:
+  #   repo1:
+  #     database: sample_production.db
+ 
+rake:
+  <<: *defaults

data/config/dependencies.rb

@@ -0,0 +1,33 @@
+# dependencies are generated using a strict version, don't forget to edit the dependency versions when upgrading.
+merb_gems_version = "1.0.11"
+dm_gems_version   = "0.9.11"
+do_gems_version   = "0.9.11"
+
+# For more information about each component, please read http://wiki.merbivore.com/faqs/merb_components
+dependency "merb-core", merb_gems_version 
+dependency "merb-action-args", merb_gems_version
+dependency "merb-assets", merb_gems_version  
+dependency("merb-cache", merb_gems_version) do
+  Merb::Cache.setup do
+    register(Merb::Cache::FileStore) unless Merb.cache
+  end
+end
+dependency "merb-helpers", merb_gems_version 
+dependency "merb-mailer", merb_gems_version  
+dependency "merb-slices", merb_gems_version  
+dependency "merb-auth-core", merb_gems_version
+dependency "merb-auth-more", merb_gems_version
+dependency "merb-auth-slice-password", merb_gems_version
+dependency "merb-param-protection", merb_gems_version
+dependency "merb-exceptions", merb_gems_version
+
+dependency "data_objects", do_gems_version
+dependency "dm-core", dm_gems_version         
+dependency "dm-aggregates", dm_gems_version   
+dependency "dm-migrations", dm_gems_version   
+dependency "dm-timestamps", dm_gems_version   
+dependency "dm-types", dm_gems_version        
+dependency "dm-validations", dm_gems_version  
+dependency "dm-serializer", dm_gems_version   
+
+dependency "merb_datamapper", merb_gems_version

data/config/init.rb

@@ -0,0 +1,84 @@
+#
+# ==== Standalone MerbAuthSliceMultisite configuration
+# 
+# This configuration/environment file is only loaded by bin/slice, which can be 
+# used during development of the slice. It has no effect on this slice being
+# loaded in a host application. To run your slice in standalone mode, just
+# run 'slice' from its directory. The 'slice' command is very similar to
+# the 'merb' command, and takes all the same options, including -i to drop 
+# into an irb session for example.
+#
+# The usual Merb configuration directives and init.rb setup methods apply,
+# including use_orm and before_app_loads/after_app_loads.
+#
+# If you need need different configurations for different environments you can 
+# even create the specific environment file in config/environments/ just like
+# in a regular Merb application. 
+#
+# In fact, a slice is no different from a normal # Merb application - it only
+# differs by the fact that seamlessly integrates into a so called 'host'
+# application, which in turn can override or finetune the slice implementation
+# code and views.
+#
+require(File.join(File.expand_path(File.dirname(__FILE__)),"..","lib","merb_auth_slice_multisite"))
+
+require 'config/dependencies.rb'
+use_orm :datamapper
+use_test :rspec
+use_template_engine :erb
+
+# Setup the required configuration for the slice
+Merb::Slices::config[:merb_auth_slice_multisite][:send_password_from_email] = "no-reply@yourapp.com"
+Merb::Slices::config[:merb_auth_slice_multisite][:domain] = "example.com"
+
+
+Merb::BootLoader.before_app_loads do
+  DataMapper.setup(:default, "sqlite3::memory:")
+  
+  class User
+    include DataMapper::Resource
+    include Merb::Authentication::Mixins::UserBelongsToSite
+    include Merb::Authentication::Mixins::AuthenticatedUser
+ 
+    property :id,    Serial
+    property :email, String
+    property :login, String
+    property :password, String
+    
+    belongs_to :site
+  end
+ 
+  class Merb::Authentication
+    def self.user_class
+      ::User
+    end
+ 
+    def store_user(user)
+      return nil if user.nil?
+      user.login
+    end
+    def fetch_user(user_id)
+      User.first(:login => login)
+    end
+  end
+end
+
+
+Merb::Config.use do |c|
+  # Sets up a custom session id key which is used for the session persistence
+  # cookie name.  If not specified, defaults to '_session_id'.
+  # c[:session_id_key] = '_session_id'
+  
+  # The session_secret_key is only required for the cookie session store.
+  c[:session_secret_key]  = 'ef573d4e2d6f9bf3a713cd45eb4f9411dfba94ef'
+  
+  # There are various options here, by default Merb comes with 'cookie', 
+  # 'memory', 'memcache' or 'container'.  
+  # You can of course use your favorite ORM instead: 
+  # 'datamapper', 'sequel' or 'activerecord'.
+  c[:session_store] = 'cookie'
+  
+  # When running a slice standalone, you're usually developing it,
+  # so enable template reloading by default.
+  c[:reload_templates] = true
+end

data/config/router.rb

@@ -0,0 +1,5 @@
+# This file is here so slice can be testing as a stand alone application.
+
+#Merb::Router.prepare do
+#  ... 
+#end

data/lib/merb-auth-more/strategies/multisite/multisite_password_form.rb

@@ -0,0 +1,77 @@
+require 'merb-auth-more/strategies/abstract_password'
+# This strategy uses a login, password, and site_id parameter.
+#
+# Overwrite the :password_param, :login_param, and :site_id_param
+# to return the name of the field (on the form) that you're using the 
+# login with.  These can be strings or symbols
+#
+# == Required
+#
+# === Methods
+# <User>.authenticate(login_param, password_param)
+#
+class Merb::Authentication
+  module Strategies
+    module Multisite
+      
+      # add site_id to base params.
+      # http://github.com/wycats/merb/blob/784ac7d71780d1a7cfb9152ba4cb0e
+      # 18a990ab7a/merb-auth/merb-auth-more/lib/merb-auth-more/
+      # strategies/abstract_password.rb
+      class Base < Merb::Authentication::Strategy
+        abstract!
+        
+        # Overwrite this method to customize the field
+        def self.password_param
+          (Merb::Plugins.config[:"merb-auth"][:password_param] || :password).to_s.to_sym
+        end
+        
+        # Overwrite this method to customize the field
+        def self.login_param
+          (Merb::Plugins.config[:"merb-auth"][:login_param] || :login).to_s.to_sym
+        end
+        
+        # http://scottmotte.com/archives/194.html
+        def self.site_id_param
+          (Merb::Plugins.config[:"merb-auth"][:site_id_param] || :site_id).to_s.to_sym
+        end
+                
+        def password_param
+          @password_param ||= Base.password_param
+        end
+        
+        def login_param
+          @login_param ||= Base.login_param
+        end
+        
+        # http://scottmotte.com/archives/194.html
+        def site_id_param
+          @site_id_param ||= Base.site_id_param
+        end
+      end
+      
+      # custom strategy taking into account site_id and authenticating with it
+      # the authenticate method is already well defined so for now I made a muck of
+      # if/else statements
+      class Form < Base
+        
+        def run!
+          if (login = request.params[login_param]) && (password = request.params[password_param]) && (site_id = request.params[site_id_param])
+            user = user_class.all(site_id_param => site_id).authenticate(login, password)
+            if !user
+              errors = request.session.authentication.errors
+              errors.clear!
+              errors.add(login_param, strategy_error_message)
+            end
+            user
+          end
+        end # run!
+        
+        def strategy_error_message
+          "#{login_param.to_s.capitalize} or #{password_param.to_s.capitalize} were incorrect"
+        end
+        
+      end # Form
+    end # Multisite Password
+  end # Strategies
+end # Authentication

data/lib/merb-auth-remember-me/mixins/authenticated_user.rb

@@ -0,0 +1,97 @@
+require "digest/sha1"
+module Merb
+  class Authentication
+    module Mixins
+      # This mixin provides basic user remember token.
+      #
+      # Added properties:
+      #  :remember_token_expires_at, DateTime
+      #  :remember_token, String
+      #
+      # To use it simply require it and include it into your user class.
+      #
+      # class User
+      #   include Merb::Authentication::Mixins::AuthenticatedUser
+      #
+      # end
+      #
+      module AuthenticatedUser
+        def self.included(base)
+          base.class_eval do
+            include Merb::Authentication::Mixins::AuthenticatedUser::InstanceMethods
+            extend  Merb::Authentication::Mixins::AuthenticatedUser::ClassMethods
+
+            path = File.expand_path(File.dirname(__FILE__)) / "authenticated_user"
+            if defined?(DataMapper) && DataMapper::Resource > self
+              require path / "dm_authenticated_user"
+              extend(Merb::Authentication::Mixins::AuthenticatedUser::DMClassMethods)
+            elsif defined?(ActiveRecord) && ancestors.include?(ActiveRecord::Base)
+              require path / "ar_authenticated_user"
+              extend(Merb::Authentication::Mixins::AuthenticatedUser::ARClassMethods)
+            elsif defined?(Sequel) && ancestors.include?(Sequel::Model)
+              require path / "sq_authenticated_user"
+              extend(Merb::Authentication::Mixins::AuthenticatedUser::SQClassMethods)
+            end
+
+          end # base.class_eval
+        end # self.included
+
+
+        module ClassMethods
+          def secure_digest(*args)
+            Digest::SHA1.hexdigest(args.flatten.join('--'))
+          end
+
+          # Create random key.
+          #
+          # ==== Returns
+          # String:: The generated key
+          def make_token
+            secure_digest(Time.now, (1..10).map{ rand.to_s })
+          end 
+        end # ClassMethods
+
+        module InstanceMethods
+          def remember_token?
+            (!remember_token.blank?) && 
+              remember_token_expires_at && (Time.now.utc < remember_token_expires_at.to_time)
+          end
+
+          # These create and unset the fields required for remembering users between browser closes
+          def remember_me(time = 2.weeks)
+            remember_me_for time
+          end
+
+          def remember_me_for(time)
+            remember_me_until time.from_now.utc
+          end
+
+          def remember_me_until(time)
+            self.remember_token_expires_at = time
+            self.remember_token            = self.class.make_token
+            save
+          end
+
+          # refresh token (keeping same expires_at) if it exists
+          def refresh_token
+            if remember_token?
+              self.remember_token = self.class.make_token 
+              save
+            end
+          end
+
+          # 
+          # Deletes the server-side record of the authentication token.  The
+          # client-side (browser cookie) and server-side (this remember_token) must
+          # always be deleted together.
+          #
+          def forget_me
+            self.remember_token_expires_at = nil
+            self.remember_token            = nil
+            save
+          end
+        end # InstanceMethods
+      end # AuthenticatedUser
+    end # Mixins
+  end # Authentication
+end # Merb

data/lib/merb-auth-remember-me/mixins/authenticated_user/dm_authenticated_user.rb

@@ -0,0 +1,17 @@
+module Merb
+  class Authentication
+    module Mixins
+      module AuthenticatedUser
+        module DMClassMethods
+          def self.extended(base)
+            base.class_eval do
+              property :remember_token_expires_at, DateTime
+              property :remember_token, String
+            end # base.class_eval
+          
+          end # self.extended
+        end # DMClassMethods
+      end # AuthenticatedUser
+    end # Mixins
+  end # Authentication
+end #Merb

data/lib/merb-auth-remember-me/strategies/remember_me.rb

@@ -0,0 +1,55 @@
+class RememberMe < Merb::Authentication::Strategy
+  def run!
+    login_from_cookie
+  end
+
+  def current_user
+    @current_user
+  end
+  
+  def current_user=(new_user)
+    @current_user = new_user
+  end
+  
+  # Called from #current_user.  Finaly, attempt to login by an expiring token in the cookie.
+  # for the paranoid: we _should_ be storing user_token = hash(cookie_token, request IP)
+  def login_from_cookie
+    current_user = cookies[:auth_token] && Merb::Authentication.user_class.first(:conditions => ["remember_token = ?", cookies[:auth_token]])
+    if current_user && current_user.remember_token?
+      handle_remember_cookie! false # freshen cookie token (keeping date)
+      current_user
+    end
+  end
+  
+  #
+  # Remember_me Tokens
+  #
+  # Cookies shouldn't be allowed to persist past their freshness date,
+  # and they should be changed at each login
+
+  # Cookies shouldn't be allowed to persist past their freshness date,
+  # and they should be changed at each login
+
+  def valid_remember_cookie?
+    return nil unless current_user
+    (current_user.remember_token?) && 
+      (cookies[:auth_token] == current_user.remember_token)
+  end
+  
+  # Refresh the cookie auth token if it exists, create it otherwise
+  def handle_remember_cookie! new_cookie_flag
+    return unless current_user
+    case
+    when valid_remember_cookie? then current_user.refresh_token # keeping same expiry date
+    when new_cookie_flag        then current_user.remember_me 
+    else                             current_user.forget_me
+    end
+    send_remember_cookie!
+  end
+  
+  def send_remember_cookie!
+    cookies.set_cookie(:auth_token, current_user.remember_token, :expires => current_user.remember_token_expires_at.to_time)
+  end
+
+
+end

data/lib/merb_auth_slice_multisite.rb

@@ -0,0 +1,107 @@
+if defined?(Merb::Plugins)
+
+  $:.unshift File.dirname(__FILE__)
+
+  dependency 'merb-mailer'
+  dependency 'merb-slices', :immediate => true
+  dependency 'merb-auth-core'
+  dependency 'merb-auth-more'
+  require(File.expand_path(File.dirname(__FILE__) / "merb_auth_slice_multisite" / "mixins") / "user_belongs_to_site")
+  require(File.expand_path(File.dirname(__FILE__) / "merb-auth-remember-me" / "mixins") / "authenticated_user")
+  
+  Merb::Plugins.add_rakefiles "merb_auth_slice_multisite/merbtasks", "merb_auth_slice_multisite/slicetasks", "merb_auth_slice_multisite/spectasks"
+
+  # Register the Slice for the current host application
+  Merb::Slices::register(__FILE__)
+  
+  # Slice configuration - set this in a before_app_loads callback.
+  # By default a Slice uses its own layout, so you can swicht to 
+  # the main application layout or no layout at all if needed.
+  # 
+  # Configuration options:
+  # :layout - the layout to use; defaults to :merb_auth_slice_multisite
+  # :mirror - which path component types to use on copy operations; defaults to all
+  Merb::Slices::config[:merb_auth_slice_multisite][:layout] ||= :application
+  
+  # All Slice code is expected to be namespaced inside a module
+  module MerbAuthSliceMultisite
+    
+    # Slice metadata
+    self.description = "see gem description"
+    self.version = "see gem version"
+    self.author = "see gem authors"
+    
+    # Stub classes loaded hook - runs before LoadClasses BootLoader
+    # right after a slice's classes have been loaded internally.
+    def self.loaded
+    end
+    
+    # Initialization hook - runs before AfterAppLoads BootLoader
+    def self.init
+      require 'merb-auth-more/mixins/redirect_back'      
+      unless MerbAuthSliceMultisite[:no_default_strategies]
+        # Register the custom strategy so that this slice may utilize it
+        # from http://github.com/wycats/merb/blob/784ac7d71780d1a7cfb9152ba4cb0
+        # e18a990ab7a/merb-auth/merb-auth-more/lib/merb-auth-more.rb
+        merb_auth_more_path = File.expand_path(File.dirname(__FILE__)) / "merb-auth-more" / "strategies" / "multisite"
+        merb_auth_remember_me_path = File.expand_path(File.dirname(__FILE__)) / "merb-auth-remember-me" / "strategies"
+        Merb::Authentication.register(:multisite_password_form, merb_auth_more_path / "multisite_password_form.rb")
+        Merb::Authentication.register(:remember_me, merb_auth_remember_me_path / "remember_me.rb")
+        # activate the strategies
+        ::Merb::Authentication.activate!(:multisite_password_form)
+        ::Merb::Authentication.activate!(:remember_me)
+        
+        Merb::Authentication.after_authentication do |user,request,params|
+          if params[:remember_me] == "1" 
+            user.remember_me
+            request.cookies.set_cookie(:auth_token, user.remember_token, :expires => user.remember_token_expires_at.to_time)
+          end
+          user
+        end # Merb::Authentication.after_authentication
+      end
+    end
+    
+    # Activation hook - runs after AfterAppLoads BootLoader
+    def self.activate
+    end
+    
+    # Deactivation hook - triggered by Merb::Slices.deactivate(MerbAuthSliceMultisite)
+    def self.deactivate
+    end
+    
+    # Setup routes inside the host application
+    #
+    # @param scope<Merb::Router::Behaviour>
+    #  Routes will be added within this scope (namespace). In fact, any 
+    #  router behaviour is a valid namespace, so you can attach
+    #  routes at any level of your router setup.
+    #
+    # @note prefix your named routes with :merb_auth_slice_multisite_
+    #   to avoid potential conflicts with global named routes.
+    def self.setup_router(scope)
+      scope.match("/send_password", :method => :post).to(:controller => "passwords", :action => "send_password").name(:send_password)
+      scope.match("/login", :method => :get ).to(:controller => "/exceptions", :action => "unauthenticated").name(:login)
+      scope.match("/login", :method => :put ).to(:controller => "sessions", :action => "update").name(:perform_login)
+      scope.match("/logout").to(:controller => "sessions", :action => "destroy").name(:logout)
+    end
+    
+  end
+  
+  # Setup the slice layout for MerbAuthSliceMultisite
+  #
+  # Use MerbAuthSliceMultisite.push_path and MerbAuthSliceMultisite.push_app_path
+  # to set paths to merb_auth_slice_multisite-level and app-level paths. Example:
+  #
+  # MerbAuthSliceMultisite.push_path(:application, MerbAuthSliceMultisite.root)
+  # MerbAuthSliceMultisite.push_app_path(:application, Merb.root / 'slices' / 'merb_auth_slice_multisite')
+  # ...
+  #
+  # Any component path that hasn't been set will default to MerbAuthSliceMultisite.root
+  #
+  # Or just call setup_default_structure! to setup a basic Merb MVC structure.
+  MerbAuthSliceMultisite.setup_default_structure!
+  
+  # Add dependencies for other MerbAuthSliceMultisite classes below. Example:
+  # dependency "merb_auth_slice_multisite/other"
+  
+end