minimalist_authentication 0.5

data/.gitignore

@@ -0,0 +1,5 @@
+coverage
+.svn
+.loadpath
+.project
+.redcar

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright (c) 2009 'WWIDEA, INC'
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README

@@ -0,0 +1,45 @@
+MinimalistAuthentication
+========================
+
+A Rails authentication plugin that takes a minimalist approach. It is designed to be simple to understand, use, and modify for your application.
+
+This plugin was largely inspired by the restful-authentication plugin (http://github.com/technoweenie/restful-authentication/tree/master). I selected the essential methods for password based authentication, reorganized them, trimmed them down when possible, added a couple of features, and resisted the urge to start adding more.
+
+
+Installation
+============
+script/plugin install git://github.com/aaron/minimalist_authentication.git
+
+ruby script/generate scaffold user active:boolean email:string crypted_password:string salt:string using_digest_version:integer last_logged_in_at:datetime
+
+
+Example
+=======
+
+app/models/user.rb
+class User < ActiveRecord::Base
+  include Minimalist::Authentication
+end
+
+app/controllers/application.rb
+class ApplicationController < ActionController::Base
+  include Minimalist::Authorization
+  
+  # Lock down everything by default
+  # use skip_before_filter to open up sepecific actions
+  prepend_before_filter :authorization_required
+end
+
+app/controllers/sessions_controller.rb
+class SessionsController < ApplicationController
+  include Minimalist::Sessions
+  skip_before_filter :authorization_required, :only => [:new, :create]
+end
+
+test/test_helper.rb
+class Test::Unit::TestCase
+  include Minimalist::TestHelper
+end
+
+
+Copyright (c) 2009 Aaron Baldwin, released under the MIT license

data/Rakefile

@@ -0,0 +1,35 @@
+require 'rake'
+require 'rake/testtask'
+require 'rake/rdoctask'
+
+desc 'Default: run unit tests.'
+task :default => :test
+
+desc 'Test the minimalist_authentication plugin.'
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'lib'
+  t.libs << 'test'
+  t.pattern = 'test/**/*_test.rb'
+  t.verbose = true
+end
+
+desc 'Generate documentation for the minimalist_authentication plugin.'
+Rake::RDocTask.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'MinimalistAuthentication'
+  rdoc.options << '--line-numbers' << '--inline-source'
+  rdoc.rdoc_files.include('README')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+desc 'Measures test coverage using rcov'
+task :rcov do
+  rm_f "coverage"
+  rcov = "rcov --rails --text-summary -Ilib --exclude /gems/,/app/,/Library/"
+  system("#{rcov} --html #{Dir.glob('test/**/*_test.rb').join(' ')}")
+  if PLATFORM['darwin'] #Mac
+    system("open coverage/index.html") 
+  elsif PLATFORM[/linux/] #Ubuntu, etc.
+    system("/etc/alternatives/x-www-browser coverage/index.html")
+  end
+end

data/init.rb

@@ -0,0 +1,2 @@
+# Include hook code here
+require 'minimalist_authentication'

data/lib/app/views/sessions/_form.html.erb

@@ -0,0 +1,12 @@
+<%= form_tag session_path do %>
+  <div>
+    <%= label_tag 'email' %>
+    <%= text_field_tag 'email', @email %>
+  </div>
+  <div>
+    <%= label_tag 'password' %>
+    <%= password_field_tag 'password', nil %>
+  </div>
+
+  <p><%= submit_tag 'Log in', :class =>'submit' %></p>
+<% end %>

data/lib/app/views/sessions/new.html.erb

@@ -0,0 +1 @@
+<%= render :partial => 'form' %>

data/lib/minimalist/authentication.rb

@@ -0,0 +1,124 @@
+require 'digest/sha1'
+
+module Minimalist
+  module Authentication
+    GUEST_USER_EMAIL = 'guest'
+    PREFERRED_DIGEST_VERSION = 2
+    
+    def self.included( base )
+      base.extend(ClassMethods)
+      base.class_eval do
+        include InstanceMethods
+        
+        attr_accessor :password
+        before_save :encrypt_password
+        
+        validates_presence_of     :email, :if => :validate_email_presence?
+        validates_uniqueness_of   :email, :if => :validate_email_uniqueness?
+        validates_format_of       :email, :with => /\A([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})\Z/i, :if => :validate_email_format?
+        validates_presence_of     :password,                   :if => :password_required?
+        validates_confirmation_of :password,                   :if => :password_required?
+        validates_length_of       :password, :within => 6..40, :if => :password_required?
+        
+        scope :active, :conditions => {:active => true}
+      end
+    end
+    
+    module ClassMethods
+      def authenticate(email, password)
+        return if email.blank? || password.blank?
+        user = active.first(:conditions => {:email => email})
+        return unless user && user.authenticated?(password)
+        return user
+      end
+      
+      def secure_digest(string, salt, version = 1)
+        case version
+          when 0 then Digest::MD5.hexdigest(string.to_s)
+          when 1 then Digest::SHA1.hexdigest("#{string}--#{salt}")
+          when 2 then Digest::SHA2.hexdigest("#{string}#{salt}", 512)
+        end
+      end
+
+      def make_token
+        secure_digest(Time.now, (1..10).map{ rand.to_s.gsub(/0\./,'') }.join, PREFERRED_DIGEST_VERSION)
+      end
+      
+      def guest
+        new.tap do |user|
+          user.email = GUEST_USER_EMAIL
+        end
+      end
+    end
+    
+    module InstanceMethods
+      
+      def active?
+        active
+      end
+      
+      def authenticated?(password)
+        if crypted_password == encrypt(password)
+          if self.respond_to?(:using_digest_version) and using_digest_version != PREFERRED_DIGEST_VERSION
+            new_salt = self.class.make_token
+            self.update_attribute(:crypted_password,self.class.secure_digest(password, new_salt, PREFERRED_DIGEST_VERSION))
+            self.update_attribute(:salt, new_salt)
+            self.update_attribute(:using_digest_version, PREFERRED_DIGEST_VERSION)
+          end
+          return true
+        else
+          return false
+        end
+      end
+      
+      def logged_in
+        self.class.update_all("last_logged_in_at='#{Time.now.to_s(:db)}'", "id=#{self.id}") # use update_all to avoid updated_on trigger
+      end
+      
+      def is_guest?
+        email == GUEST_USER_EMAIL
+      end
+      
+      #######
+      private
+      #######
+      
+      def password_required?
+        active? && (crypted_password.blank? || !password.blank?)
+      end
+      
+      def encrypt(password)
+        self.class.secure_digest(password, salt, digest_version)
+      end
+      
+      def encrypt_password
+        return if password.blank?
+        self.salt = self.class.make_token if new_record?
+        self.crypted_password = self.class.secure_digest(password, salt, (self.respond_to?(:using_digest_version) ? PREFERRED_DIGEST_VERSION : 1))
+        self.using_digest_version = PREFERRED_DIGEST_VERSION if self.respond_to?(:using_digest_version)
+      end
+      
+      def digest_version
+        self.respond_to?(:using_digest_version) ? (using_digest_version || 1) : 1
+      end
+      
+      # email validation
+      def validate_email?
+        # allows applications to turn off email validation
+        true
+      end
+      
+      def validate_email_presence?
+        validate_email? && active?
+      end
+      
+      def validate_email_format?
+        validate_email? && active?
+      end
+      
+      def validate_email_uniqueness?
+        validate_email? && active?
+      end
+    end
+  end
+end

data/lib/minimalist/authorization.rb

@@ -0,0 +1,49 @@
+module Minimalist
+  module Authorization
+    def self.included( base )
+      base.class_eval do
+        include InstanceMethods
+        helper_method :current_user, :logged_in?, :authorized?
+      end
+    end
+    
+    module InstanceMethods
+      #######
+      private
+      #######
+
+      def current_user
+        @current_user ||= (get_user_from_session || User.guest)
+      end
+
+      def get_user_from_session
+        User.find_by_id(session[:user_id]) if session[:user_id]
+      end
+
+      def authorization_required
+        authorized? || access_denied
+      end
+
+      def authorized?(action = action_name, resource = controller_name)
+        logged_in?
+      end
+
+      def logged_in?
+        !current_user.is_guest?
+      end
+
+      def access_denied
+        store_location if request.method == :get && !logged_in?
+        redirect_to new_session_path
+      end
+
+      def store_location
+        session[:return_to] = request.request_uri
+      end
+
+      def redirect_back_or_default(default)
+        redirect_to(session.delete(:return_to) || default)
+      end
+    end
+  end
+end

data/lib/minimalist/sessions.rb

@@ -0,0 +1,59 @@
+module Minimalist
+  module Sessions
+    def self.included( base )
+      base.class_eval do
+        include InstanceMethods
+        append_view_path File.join(File.dirname(__FILE__), '..', '/app/views')
+      end
+    end
+    
+    module InstanceMethods
+      def show
+        redirect_to new_session_path
+      end
+      
+      def new
+      end
+
+      def create
+        if user = User.authenticate(params[:email], params[:password])
+          user.logged_in
+          session[:user_id] = user.id
+          after_authentication(user)
+          redirect_back_or_default(login_redirect_to(user))
+          return
+        else
+          after_authentication_failure(user)
+          flash.now[:error] = "Couldn't log you in as '#{params[:email]}'"
+          render :action => 'new'
+        end
+      end
+
+      def destroy
+        session[:user_id] = nil
+        flash[:notice] = "You have been logged out."
+        redirect_to logout_redirect_to
+      end
+      
+      #######
+      private
+      #######
+      
+      def login_redirect_to(user)
+        '/'
+      end
+      
+      def logout_redirect_to
+        '/'
+      end
+      
+      def after_authentication(user)
+        # overide in application
+      end
+      
+      def after_authentication_failure(user)
+        # overide in application
+      end
+    end
+  end
+end

data/lib/minimalist/test_helper.rb

@@ -0,0 +1,12 @@
+module Minimalist
+  module TestHelper
+    # Sets the current user in the session from the user fixtures.
+    def login_as(user)
+      @request.session[:user_id] = user ? users(user).id : nil
+    end
+    
+    def current_user
+      @current_user ||= User.find(@request.session[:user_id])
+    end
+  end
+end

data/lib/minimalist/version.rb

@@ -0,0 +1,3 @@
+module MinimalistAuthentication
+  VERSION = '0.5'
+end

data/lib/minimalist_authentication.rb

@@ -0,0 +1,4 @@
+# MinimalistAuthentication
+require 'minimalist/authentication'
+require 'minimalist/authorization'
+require 'minimalist/sessions'

data/lib/tasks/minimalist_authentication_tasks.rake

@@ -0,0 +1,4 @@
+# desc "Explaining what the task does"
+# task :minimalist_authentication do
+#   # Task goes here
+# end

data/minimalist_authentication.gemspec

@@ -0,0 +1,15 @@
+require File.expand_path('../lib/minimalist/version', __FILE__)
+
+Gem::Specification.new do |s|
+  s.name = "minimalist_authentication"
+  s.version = MinimalistAuthentication::VERSION
+  s.platform = Gem::Platform::RUBY
+  s.authors = ['Aaron Baldwin', 'Jonathan S. Garvin', 'WWIDEA, Inc']
+  s.email = ["developers@wwidea.org"]
+  s.homepage = "https://github.com/wwidea/minimalist_authentication"
+  s.summary = %q{A Rails authentication plugin that takes a minimalist approach.}
+  s.description = %q{A Rails authentication plugin that takes a minimalist approach. It is designed to be simple to understand, use, and modify for your application.}
+  s.files = `git ls-files`.split("\n")
+  s.test_files = `git ls-files -- test/*`.split("\n")
+  s.require_paths = ["lib"]
+end

data/test/.gitignore

@@ -0,0 +1 @@
+debug.log

data/test/authentication_test.rb

@@ -0,0 +1,99 @@
+require 'test_helper'
+
+class AuthenticationTest < ActiveSupport::TestCase
+  
+  test "should not be able to set crypted_password through mass assignment" do
+    user = Factory(:user)
+    old_crypted_password = user.crypted_password
+    user.update_attributes(:crypted_password => 'should not work')
+    assert_equal(old_crypted_password, user.crypted_password)
+  end
+  
+  test "should return active user" do
+    user = Factory(:user)
+    assert_equal([user], User.active)
+  end
+  
+  test "should authenticate user" do
+    user = Factory(:user)
+    assert_equal(user, User.authenticate(user.email, 'password'))
+  end
+  
+  test "should fail to authenticate when email is blank" do
+    user = Factory(:user)
+    assert_nil(User.authenticate('', 'password'))
+  end
+  
+  test "should fail to authenticate when password is blank" do
+    user = Factory(:user)
+    assert_nil(User.authenticate(user.email, ''))
+  end  
+  
+  test "should fail to authenticate when user is not active" do
+    user = Factory(:user, :active => false)
+    assert_nil(User.authenticate(user.email, 'password'))
+  end
+  
+  test "should fail to authenticate for incorrect password" do
+    user = Factory(:user)
+    assert_nil(User.authenticate(user.email, 'incorrect_password'))
+  end
+  
+  test "should create salt and encrypted_password for new user" do
+    user = User.new(:email => 'test@testing.com', :password => 'testing')
+    assert(user.save)
+    assert_not_nil(user.salt)
+    assert_not_nil(user.crypted_password)
+    assert(user.authenticated?('testing'))
+  end
+  
+  test "should update last_logged_in_at without updating updated_at timestamp" do
+    user = Factory(:user, :updated_at => 1.day.ago)
+    updated_at = user.updated_at
+    user.logged_in
+    assert(user.updated_at == updated_at)
+  end
+  
+  test "guest should be guest" do
+    assert(User.guest.is_guest?)
+  end
+  
+  test "should allow inactive user to pass validation without an email or password" do
+    assert(User.new.valid?)
+  end
+  
+  test "should fail validation for active user without email" do
+    user = User.new(:active => true)
+    assert_equal(false, user.valid?)
+    assert(user.errors[:email])
+  end
+  
+  test "should fail validation for active user without password" do
+    user = User.new(:active => true)
+    assert_equal(false, user.valid?)
+    assert(user.errors[:password])
+  end
+  
+  test "should use latest digest version for new users" do
+    assert_equal(User::PREFERRED_DIGEST_VERSION,Factory(:user).using_digest_version)
+  end
+  
+  test "should migrate legacy users to new digest version" do
+    #Setup a user using the old digest version.
+    #This wouldn't be necessary with fixtures.
+    legacy_user = User.create(:active => true, :email => 'legacy@user.com', :password => '123456', :password_confirmation => '123456')
+    legacy_user.password = nil
+    legacy_user.salt = 'my_salt'
+    legacy_user.crypted_password = User.secure_digest('my_password', 'my_salt', 1)
+    legacy_user.using_digest_version = nil
+    assert(legacy_user.save)
+    assert_equal(nil, legacy_user.reload.using_digest_version)
+    assert_equal('86f156baf9e4868e6dcf910b65775efdeaa347d8',legacy_user.crypted_password)
+    
+    # Ok, now we can finally do the test.
+    legacy_crypted_password = legacy_user.crypted_password
+    assert(legacy_user.authenticated?('my_password'))
+    assert_equal(2,legacy_user.reload.using_digest_version)
+    assert_not_equal(legacy_crypted_password,legacy_user.crypted_password)
+  end
+end