merbful_authentication 0.1.0

data/lib/merbful_authentication.rb

@@ -0,0 +1,10 @@
+# make sure we're running inside Merb
+if defined?(Merb::Plugins)
+
+  # Merb gives you a Merb::Plugins.config hash...feel free to put your stuff in your piece of it
+  Merb::Plugins.config[:merbful_authentication] = {
+    :chickens => false
+  }
+  
+  Merb::Plugins.add_rakefiles "merbful_authentication/merbtasks"
+end

data/lib/merbful_authentication/merbtasks.rb

@@ -0,0 +1,6 @@
+namespace :merbful_authentication do
+  desc "Do something for merbful_authentication"
+  task :default do
+    puts "merbful_authentication doesn't do anything"
+  end
+end

data/merb_generators/authentication/USAGE

@@ -0,0 +1,5 @@
+Description:
+  
+  
+Usage:
+  

data/merb_generators/authentication/authentication_generator.rb

@@ -0,0 +1,256 @@
+require 'merb'
+class AuthenticationGenerator < RubiGen::Base
+  
+  default_options :author => nil
+  
+  attr_reader   :name,  
+                :class_name, 
+                :class_path, 
+                :file_name, 
+                :class_nesting, 
+                :class_nesting_depth, 
+                :plural_name, 
+                :singular_name,
+                :controller_name,
+                :controller_class_path,
+                :controller_file_path,
+                :controller_class_nesting,
+                :controller_class_nesting_depth,
+                :controller_class_name,
+                :controller_singular_name,
+                :controller_plural_name
+  alias_method  :controller_file_name,  :controller_singular_name
+  alias_method  :controller_table_name, :controller_plural_name
+  attr_reader   :model_controller_name,
+                :model_controller_class_path,
+                :model_controller_file_path,
+                :model_controller_class_nesting,
+                :model_controller_class_nesting_depth,
+                :model_controller_class_name,
+                :model_controller_singular_name,
+                :model_controller_plural_name
+  alias_method  :model_controller_file_name,  :model_controller_singular_name
+  alias_method  :model_controller_table_name, :model_controller_plural_name
+  attr_reader   :include_activation
+  
+  def initialize(runtime_args, runtime_options = {})
+    usage if runtime_args.empty?
+    super
+    extract_options
+    assign_names!(runtime_args.shift)
+    @include_activation = options[:include_activation]
+    
+    @controller_name = runtime_args.shift || 'sessions'
+    @model_controller_name = @name.pluralize
+    @mailer_controller_name = @name
+    
+    # sessions controller
+    base_name, @controller_class_path, @controller_file_path, @controller_class_nesting, @controller_class_nesting_depth = extract_modules(@controller_name)
+    @controller_class_name_without_nesting, @controller_singular_name, @controller_plural_name = inflect_names(base_name)
+
+    if @controller_class_nesting.empty?
+      @controller_class_name = @controller_class_name_without_nesting
+    else
+      @controller_class_name = "#{@controller_class_nesting}::#{@controller_class_name_without_nesting}"
+    end
+
+    # model controller
+    base_name, @model_controller_class_path, @model_controller_file_path, @model_controller_class_nesting, @model_controller_class_nesting_depth = extract_modules(@model_controller_name)
+    @model_controller_class_name_without_nesting, @model_controller_singular_name, @model_controller_plural_name = inflect_names(base_name)
+    
+    if @model_controller_class_nesting.empty?
+      @model_controller_class_name = @model_controller_class_name_without_nesting
+    else
+      @model_controller_class_name = "#{@model_controller_class_nesting}::#{@model_controller_class_name_without_nesting}"
+    end    
+  end
+
+  def manifest
+    manifest_result = record do |m|
+      # Check for class naming collisions.
+      m.class_collisions controller_class_path,       "#{controller_class_name}", # Sessions Controller
+                                                      "Merb::#{controller_class_name}Helper"
+      m.class_collisions model_controller_class_path, "#{model_controller_class_name}", # Model Controller
+                                                      "Merb::#{model_controller_class_name}Helper"
+      m.class_collisions class_path,                  "#{class_name}", "#{class_name}Mailer"# , "#{class_name}MailerTest", "#{class_name}Observer"
+      m.class_collisions [], 'AuthenticatedSystem::Controller', 'AuthenticatedSystem::Model'
+
+      # Controller, helper, views, and test directories.
+      
+      m.directory File.join('app/controllers', controller_class_path)
+      m.directory File.join('app/controllers', model_controller_class_path)
+      
+      m.directory File.join('app/helpers', controller_class_path)
+      m.directory File.join('app/views', controller_class_path, controller_file_name)
+      
+      m.directory File.join('app/controllers', model_controller_class_path)
+      m.directory File.join('app/helpers', model_controller_class_path)
+      m.directory File.join('app/views', model_controller_class_path, model_controller_file_name)
+      
+      # Generate the authenticated system" libraries
+      m.directory "lib"
+      m.template "authenticated_system_controller.rb",  "lib/authenticated_system_controller.rb"
+      m.template "authenticated_system_model.rb",       "lib/authenticated_system_model.rb"
+      
+      # Mailer directory for activation
+      if options[:include_activation]
+        m.directory File.join('app/mailers/views', "#{singular_name}_mailer")
+        m.template  "mail_controller.rb",       File.join('app/mailers', 
+                                                          "#{singular_name}_mailer.rb")
+        [:html, :text].each do |format|
+          [:signup, :activation].each do |action|
+            m.template "#{action}.#{format}.erb",   File.join('app/mailers/views',
+                                                              "#{singular_name}_mailer",
+                                                              "#{action}_notification.#{format}.erb")
+          end
+        end
+      end
+      
+      # Generate the model
+      model_attributes = { 
+        :class_name           => class_name,
+        :class_path           => class_path, 
+        :file_name            => file_name, 
+        :class_nesting        => class_nesting, 
+        :class_nesting_depth  => class_nesting_depth, 
+        :plural_name          => plural_name, 
+        :singular_name        => singular_name,
+        :include_activation   => options[:include_activation]     
+      }
+      m.dependency "merbful_authentication_model", [name], model_attributes 
+
+      # Generate the sessions controller
+      m.template "session_controller.rb", File.join('app/controllers', 
+                                                    controller_class_path, 
+                                                    "#{controller_file_name}.rb")
+      
+      # Generate the model controller
+      m.template "model_controller.rb",   File.join('app/controllers',
+                                                    model_controller_class_path,
+                                                    "#{model_controller_file_name}.rb")
+                                                    
+      # Controller templates
+      m.template 'login.html.erb',  File.join('app/views', controller_class_path, controller_file_name, "new.html.erb")
+      m.template 'new_model.html.erb', File.join('app/views', model_controller_class_path, model_controller_file_name, "new.html.erb")
+      
+      
+      controller_attributes = {
+        :controller_name                          => controller_name,
+        :controller_class_path                    => controller_class_path,
+        :controller_file_path                     => controller_file_path,
+        :controller_class_nesting                 => controller_class_nesting,
+        :controller_class_nesting_depth           => controller_class_nesting_depth,
+        :controller_class_name                    => controller_class_name,
+        :controller_singular_name                 => controller_singular_name,
+        :controller_plural_name                   => controller_plural_name,
+        :model_controller_name                    => model_controller_name,
+        :model_controller_class_path              => model_controller_class_path,
+        :model_controller_file_path               => model_controller_file_path,
+        :model_controller_class_nesting           => model_controller_class_nesting,
+        :model_controller_class_nesting_depth     => model_controller_class_nesting_depth,
+        :model_controller_class_name              => model_controller_class_name,
+        :model_controller_singular_name           => model_controller_singular_name,
+        :model_controller_plural_name             => model_controller_plural_name,
+        :include_activation                       => options[:include_activation]
+      }
+      # Generate the tests
+      m.dependency "merbful_authentication_tests", [name], model_attributes.dup.merge!(controller_attributes)
+    end
+    
+    action = nil
+    action = $0.split("/")[1]
+    case action
+    when 'generate'
+      puts finishing_message
+    when 'destroy'
+      puts "Thanx for using merbful_authentication"
+    end
+    
+    manifest_result
+    
+  end
+
+  protected
+  # Override with your own usage banner.
+  def banner
+    out = <<-EOD;
+    Usage: #{$0} authenticated ModelName [ControllerName]  
+    EOD
+  end
+
+  def add_options!(opt)
+    opt.separator ''
+    opt.separator 'Options:'
+    opt.on("--skip-migration", 
+           "Don't generate a migration file for this model") { |v| options[:skip_migration] = v }
+    opt.on("--include-activation", 
+           "Generate signup 'activation code' confirmation via email") { |v| options[:include_activation] = true }
+  end
+    
+    def extract_options
+      # for each option, extract it into a local variable (and create an "attr_reader :author" at the top)
+      # Templates can access these value via the attr_reader-generated methods, but not the
+      # raw instance variable value.
+      # @author = options[:author]
+    end
+    
+    
+    # Borrowed from RailsGenerators
+    # Extract modules from filesystem-style or ruby-style path:
+    #   good/fun/stuff
+    #   Good::Fun::Stuff
+    # produce the same results.
+    def extract_modules(name)
+      modules = name.include?('/') ? name.split('/') : name.split('::')
+      name    = modules.pop
+      path    = modules.map { |m| m.underscore }
+      file_path = (path + [name.underscore]).join('/')
+      nesting = modules.map { |m| m.camelize }.join('::')
+      [name, path, file_path, nesting, modules.size]
+    end
+    
+    def inflect_names(name)
+      camel  = name.camelize
+      under  = camel.underscore
+      plural = under.pluralize
+      [camel, under, plural]
+    end
+    
+    def assign_names!(name)
+      @name = name
+      base_name, @class_path, @file_name, @class_nesting, @class_nesting_depth = extract_modules(@name)
+      @class_name_without_nesting, @singular_name, @plural_name = inflect_names(base_name)
+      @table_name = @name.pluralize
+      # @table_name = (!defined?(ActiveRecord::Base) || ActiveRecord::Base.pluralize_table_names) ? plural_name : singular_name
+      @table_name.gsub! '/', '_'
+      if @class_nesting.empty?
+        @class_name = @class_name_without_nesting
+      else
+        @table_name = @class_nesting.underscore << "_" << @table_name
+        @class_name = "#{@class_nesting}::#{@class_name_without_nesting}"
+      end
+    end
+    
+    private 
+    
+    def finishing_message
+      output = <<-EOD
+#{"-" * 70}
+Don't forget to:
+    
+  - add named routes for authentication.  These are currently required
+    In config/router.rb
+    
+      r.resources :#{plural_name}
+      r.match("/login").to(:controller => "#{controller_class_name}", :action => "create").name(:login)
+      r.match("/logout").to(:controller => "#{controller_class_name}", :action => "destroy").name(:logout)
+EOD
+    if options[:include_activation]
+      output << "      r.match(\"/#{plural_name}/activate/:activation_code\").to(:controller => \"#{model_controller_class_name}\", :action => \"activate\").name(:#{singular_name}_activation)"
+    end
+    
+    output << "\n\n" << ("-" * 70)
+  end
+
+    
+end

data/merb_generators/authentication/templates/activation.html.erb

@@ -0,0 +1 @@
+Your email has been authenticated <%%= @<%= singular_name %>.login %>

data/merb_generators/authentication/templates/activation.text.erb

@@ -0,0 +1 @@
+Your email has been authenticated <%%= @<%= singular_name %>.login %>

data/merb_generators/authentication/templates/authenticated_system_controller.rb

@@ -0,0 +1,132 @@
+module AuthenticatedSystem
+  module Controller
+    protected
+      # Returns true or false if the <%= singular_name %> is logged in.
+      # Preloads @current_<%= singular_name %> with the <%= singular_name %> model if they're logged in.
+      def logged_in?
+        current_<%= singular_name %> != :false
+      end
+    
+      # Accesses the current <%= singular_name %> from the session.  Set it to :false if login fails
+      # so that future calls do not hit the database.
+      def current_<%= singular_name %>
+        @current_<%= singular_name %> ||= (login_from_session || login_from_basic_auth || login_from_cookie || :false)
+      end
+    
+      # Store the given <%= singular_name %> in the session.
+      def current_<%= singular_name %>=(new_<%= singular_name %>)
+        session[:<%= singular_name %>] = (new_<%= singular_name %>.nil? || new_<%= singular_name %>.is_a?(Symbol)) ? nil : new_<%= singular_name %>.id
+        @current_<%= singular_name %> = new_<%= singular_name %>
+      end
+    
+      # Check if the <%= singular_name %> is authorized
+      #
+      # Override this method in your controllers if you want to restrict access
+      # to only a few actions or if you want to check if the <%= singular_name %>
+      # has the correct rights.
+      #
+      # Example:
+      #
+      #  # only allow nonbobs
+      #  def authorized?
+      #    current_<%= singular_name %>.login != "bob"
+      #  end
+      def authorized?
+        logged_in?
+      end
+
+      # Filter method to enforce a login requirement.
+      #
+      # To require logins for all actions, use this in your controllers:
+      #
+      #   before_filter :login_required
+      #
+      # To require logins for specific actions, use this in your controllers:
+      #
+      #   before_filter :login_required, :only => [ :edit, :update ]
+      #
+      # To skip this in a subclassed controller:
+      #
+      #   skip_before_filter :login_required
+      #
+      def login_required
+        authorized? || throw(:halt, :access_denied)
+      end
+
+      # Redirect as appropriate when an access request fails.
+      #
+      # The default action is to redirect to the login screen.
+      #
+      # Override this method in your controllers if you want to have special
+      # behavior in case the <%= singular_name %> is not authorized
+      # to access the requested action.  For example, a popup window might
+      # simply close itself.
+      def access_denied
+        case content_type
+        when :html
+          store_location
+          redirect url(:login)
+        when :xml
+          headers["Status"]             = "Unauthorized"
+          headers["WWW-Authenticate"]   = %(Basic realm="Web Password")
+          set_status(401)
+          render :text => "Couldn't authenticate you"
+        end
+      end
+    
+      # Store the URI of the current request in the session.
+      #
+      # We can return to this location by calling #redirect_back_or_default.
+      def store_location
+        session[:return_to] = request.uri
+      end
+    
+      # Redirect to the URI stored by the most recent store_location call or
+      # to the passed default.
+      def redirect_back_or_default(default)
+        redirect(session[:return_to] || default)
+        session[:return_to] = nil
+      end
+    
+      # Inclusion hook to make #current_<%= singular_name %> and #logged_in?
+      # available as ActionView helper methods.
+      # def self.included(base)
+      #   base.send :helper_method, :current_<%= singular_name %>, :logged_in?
+      # end
+
+      # Called from #current_<%= singular_name %>.  First attempt to login by the <%= singular_name %> id stored in the session.
+      def login_from_session
+        self.current_<%= singular_name %> = <%= class_name %>.find_authenticated_model_with_id(session[:<%= singular_name %>]) if session[:<%= singular_name %>]
+      end
+
+      # Called from #current_<%= singular_name %>.  Now, attempt to login by basic authentication information.
+      def login_from_basic_auth
+        <%= singular_name %>name, passwd = get_auth_data
+        self.current_<%= singular_name %> = <%= class_name %>.authenticate(<%= singular_name %>name, passwd) if <%= singular_name %>name && passwd
+      end
+
+      # Called from #current_<%= singular_name %>.  Finaly, attempt to login by an expiring token in the cookie.
+      def login_from_cookie     
+        <%= singular_name %> = cookies[:auth_token] && <%= class_name %>.find_authenticated_model_with_remember_token(cookies[:auth_token])
+        if <%= singular_name %> && <%= singular_name %>.remember_token?
+          <%= singular_name %>.remember_me
+          cookies[:auth_token] = { :value => <%= singular_name %>.remember_token, :expires => <%= singular_name %>.remember_token_expires_at }
+          self.current_<%= singular_name %> = <%= singular_name %>
+        end
+      end
+    
+      def reset_session
+        session.data.each{|k,v| session.data.delete(k)}
+      end
+
+    private
+      @@http_auth_headers = %w(Authorization HTTP_AUTHORIZATION X-HTTP_AUTHORIZATION X_HTTP_AUTHORIZATION REDIRECT_X_HTTP_AUTHORIZATION)
+
+      # gets BASIC auth info
+      def get_auth_data
+        auth_key  = @@http_auth_headers.detect { |h| request.env.has_key?(h) }
+        auth_data = request.env[auth_key].to_s.split unless auth_key.blank?
+        return auth_data && auth_data[0] == 'Basic' ? Base64.decode64(auth_data[1]).split(':')[0..1] : [nil, nil] 
+      end
+  end
+end

data/merb_generators/authentication/templates/authenticated_system_model.rb

@@ -0,0 +1,97 @@
+require 'authenticated_system_orm_map'
+module AuthenticatedSystem
+  module Model
+    
+    def self.included(base)
+      base.send(:include, InstanceMethods)
+      base.send(:extend,  ClassMethods)
+      base.send(:extend,  AuthenticatedSystem::OrmMap )
+    end
+    
+    module InstanceMethods
+      def authenticated?(password)
+        crypted_password == encrypt(password)
+      end      
+
+      # before filter 
+      def encrypt_password
+        return if password.blank?
+        self.salt = Digest::SHA1.hexdigest("--#{Time.now.to_s}--#{login}--") if new_record?
+        self.crypted_password = encrypt(password)
+      end
+      
+      # Encrypts the password with the <%= singular_name %> salt
+      def encrypt(password)
+        self.class.encrypt(password, salt)
+      end
+      
+      def remember_token?
+        remember_token_expires_at && DateTime.now < DateTime.parse(remember_token_expires_at.to_s)
+      end
+
+      def remember_me_until(time)
+        self.remember_token_expires_at = time
+        self.remember_token            = encrypt("#{email}--#{remember_token_expires_at}")
+        save
+      end
+
+      def remember_me_for(time)
+        remember_me_until (Time.now + time)
+      end
+
+      # These create and unset the fields required for remembering <%= singular_name %>s between browser closes
+      # Default of 2 weeks 
+      def remember_me
+        remember_me_for (Merb::Const::WEEK * 2)
+      end
+
+      def forget_me
+        self.remember_token_expires_at = nil
+        self.remember_token            = nil
+        self.save
+      end
+      <% if include_activation -%>
+      # Returns true if the <%= singular_name %> has just been activated.
+      def recently_activated?
+        @activated
+      end
+
+      def activated?
+       return false if self.new_record?
+       !! activation_code.nil?
+      end
+
+      def active?
+        # the existence of an activation code means they have not activated yet
+        activation_code.nil?
+      end
+      <% end %>
+      protected
+      <% if include_activation -%>
+      def make_activation_code
+        self.activation_code = Digest::SHA1.hexdigest( Time.now.to_s.split(//).sort_by {rand}.join )
+      end
+      <% end -%>
+
+      def password_required?
+        crypted_password.blank? || !password.blank?
+      end
+            
+    end
+    
+    module ClassMethods
+      # Encrypts some data with the salt.
+      def encrypt(password, salt)
+        Digest::SHA1.hexdigest("--#{salt}--#{password}--")
+      end
+      
+      # Authenticates a <%= singular_name %> by their login name and unencrypted password.  Returns the <%= singular_name %> or nil.
+      def authenticate(login, password)
+        u = find_activated_authenticated_model_with_login(login) # need to get the salt
+        u && u.authenticated?(password) ? u : nil
+      end
+    end
+
+    
+  end
+end