model_security_generator 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,29 @@
1
+ ActionMailer::Base.delivery_method = :sendmail
2
+
3
+ # Send mail to a user to administer that user's login. Called by UserController.
4
+ class UserMailer < ActionMailer::Base
5
+
6
+ # Send a forgot-password email, allowing the user to regain their login name
7
+ # and password.
8
+ def forgot_password(user, url)
9
+ @body['user'] = user
10
+ @body['url'] = url
11
+
12
+ recipients user.email
13
+ subject 'Login and password recovery.'
14
+ from 'bruce@perens.com'
15
+
16
+ end
17
+
18
+ # Send a new-user email, providing the user with a URL used to validate
19
+ # that user's login.
20
+ def new_user(user, url)
21
+ @body['user'] = user
22
+ @body['url'] = url
23
+
24
+ recipients user.email
25
+ subject 'Your new login is ready'
26
+ from 'bruce@perens.com'
27
+
28
+ end
29
+ end
@@ -0,0 +1,124 @@
1
+ # UserSupport provides methods are intended to be included by
2
+ # ApplicationController to support the user system across the
3
+ # entire application. They are companions to the User model.
4
+ #
5
+ # The HTTP authorization code is
6
+ # derived from an example published by Maximillian Dornseif at
7
+ # http://blogs.23.nu/c0re/stories/7409/
8
+ # which was released for use under any license.
9
+ #
10
+ module UserSupport
11
+ end
12
+
13
+ require 'user'
14
+ require 'modal'
15
+
16
+ module UserSupport
17
+ # Return true if the currently-logged-in user is the administrator.
18
+ def admin?
19
+ User.admin?
20
+ end
21
+
22
+
23
+ # This is meant to be used as a before_filter. It requires an
24
+ # administrative login, putting up a login panel if the administrator
25
+ # isn't currently logged in. Once the administrator logs in, it resumes
26
+ # the action it was protecting.
27
+ def require_admin
28
+ if admin?
29
+ return true
30
+ else
31
+ store_location
32
+ redirect_to :controller => 'user', :action => 'login_admin'
33
+ return false
34
+ end
35
+ end
36
+
37
+ # This is meant to be used as a before_filter. It requires a
38
+ # login, putting up a login panel if the session isn't currently
39
+ # logged in. Once a user logs in, it resumes the action it was
40
+ # protecting.
41
+ def require_login
42
+ if User.current
43
+ true
44
+ else
45
+ store_location
46
+ redirect_to :controller => 'user', :action => 'login'
47
+ false
48
+ end
49
+ end
50
+
51
+ # This is a before filter for the entire application, used to set up the
52
+ # current user from the session or from various forms of authentication.
53
+ # It's mandiatory that your application declare this filter if it's using
54
+ # the User model, as this is responsible for maintaining the application's
55
+ # idea of the currently-logged-in user.
56
+ #
57
+ # It will always return true, and thus will not block your actions. Use
58
+ # require_login or require_admin if you want to block actions.
59
+ #
60
+ # This filter must be called before require_login, require_admin,
61
+ # security tests of ModelSecurity that are based on User, or anything
62
+ # that expects login information.
63
+ #
64
+ def user_setup
65
+ user = login = password = nil
66
+
67
+ r = @request.env
68
+
69
+ # If the request contains an HTTP authentication, decode it.
70
+ # Don't use it to authenticate the user yet.
71
+ if (authdata = r['HTTP_AUTHORIZATION'] or r['X-HTTP_AUTHORIZATION'])
72
+ authdata = authdata.to_s.split
73
+
74
+ # FIX: At the moment we only support Basic authentication. It's
75
+ # prone to sniffing. Change to Digest authentication.
76
+ if not authdata.nil? and authdata[0] == 'Basic'
77
+ login, password = Base64.decode64(authdata[1]).split(':')[0..1]
78
+ end
79
+ end
80
+
81
+ # If the user is already logged into the session, get the user record.
82
+ if (id = @session[:user_id])
83
+ user = User.sign_on_by_session(id)
84
+ end
85
+
86
+ # If the HTTP authentication is for a different user name, the user wants
87
+ # to change logins. This can happen if an operation requires an
88
+ # administrative login and the current user isn't the administrator but
89
+ # also has an administrative login. It can also happen with command-line
90
+ # tools like "wget" or web services clients that operate on behalf of
91
+ # several users.
92
+ #
93
+ # Note that HTTP authentication (at least Basic) can be sent without
94
+ # the server first asking for it, and that's valid according to the
95
+ # HTTP specification. So, I can get here without having asked the browser
96
+ # to put up a login panel.
97
+ #
98
+ # Allow re-log-in if the user name and password authenticate properly.
99
+ #
100
+ if login and (user.nil? or login != user.login)
101
+ user = User.sign_on(login, password)
102
+ end
103
+
104
+ # Sign on the user via a web form.
105
+ if @request.method == :post and (p = @params['user']) != nil
106
+ if p['login'] and p['password']
107
+ user = User.sign_on(p['login'], p['password'])
108
+ end
109
+ end
110
+
111
+ # Sign on the user via a security token.
112
+ if @params[:id] and @params['token']
113
+ user = User.sign_on_by_token(@params[:id], @params['token'])
114
+ end
115
+
116
+ if user
117
+ User.current = user
118
+ @session[:user_id] = user.id
119
+ end
120
+ logger.info("Current user is #{User.current.inspect}.")
121
+
122
+ true
123
+ end
124
+ end
@@ -0,0 +1,10 @@
1
+ require File.dirname(__FILE__) + '/../test_helper'
2
+
3
+ class UserTest < Test::Unit::TestCase
4
+ fixtures :users
5
+
6
+ def test_true
7
+ true
8
+ end
9
+
10
+ end
@@ -0,0 +1,17 @@
1
+ create table users (
2
+ id integer unsigned not null auto_increment primary key,
3
+ login varchar(40) not null,
4
+ name varchar(128) not null,
5
+ admin integer(1) not null default 0,
6
+ activated integer(1) not null default 0,
7
+ email varchar(80) not null,
8
+ cypher varchar(512) not null,
9
+ salt char(40) not null,
10
+ token char(10) not null,
11
+ token_expiry timestamp not null,
12
+ created_on timestamp not null,
13
+ updated_on timestamp not null,
14
+ lock_version integer not null default 0,
15
+ index (login),
16
+ index (email)
17
+ );
@@ -0,0 +1,41 @@
1
+ # Read about fixtures at http://ar.rubyonrails.org/classes/Fixtures.html
2
+
3
+ bob:
4
+ id: 1000001
5
+ login: bob
6
+ cypher: ef94c16f6c124a4e84cc215c164767bfa25f6e92 # atest
7
+ salt: 7f8b036f9b647d46d22abdbfc8113f44a88f9889
8
+ email: bob@test.com
9
+ activated: 1
10
+
11
+ existingbob:
12
+ id: 1000002
13
+ login: existingbob
14
+ cypher: 99d6b680d4bfa81cbd383ffa0390bb03323a0b9a # atest
15
+ salt: fc76daa7bc4e4b7833375cf9deca38beee4c5581
16
+ email: existingbob@test.com
17
+ activated: 1
18
+
19
+ longbob:
20
+ id: 1000003
21
+ login: longbob
22
+ cypher: c841391e1d29100a4920de7a8fbb4b0fd180c6c0 # alongtest
23
+ salt: c068e3671780f16898c0a8295ae8d82cc59713e2
24
+ email: longbob@test.com
25
+ activated: 1
26
+
27
+ deletebob1:
28
+ id: 1000004
29
+ login: deletebob1
30
+ cypher: c841391e1d29100a4920de7a8fbb4b0fd180c6c0 # alongtest
31
+ salt: c068e3671780f16898c0a8295ae8d82cc59713e2
32
+ email: deletebob1@test.com
33
+ activated: 1
34
+
35
+ deletebob2:
36
+ id: 1000005
37
+ login: deletebob2
38
+ cypher: c841391e1d29100a4920de7a8fbb4b0fd180c6c0 # alongtest
39
+ salt: c068e3671780f16898c0a8295ae8d82cc59713e2
40
+ email: deletebob2@test.com
41
+ activated: 1
@@ -0,0 +1 @@
1
+ Your account is now activated.
@@ -0,0 +1,10 @@
1
+ <h1>Editing user</h1>
2
+
3
+ <% error_messages_for 'user' %>
4
+ <%= start_form_tag :action => 'edit', :id => @user %>
5
+ <%= render_partial 'form' %>
6
+ <%= submit_tag 'Edit' %>
7
+ <%= end_form_tag %>
8
+
9
+ <%= link_to 'Show', :action => 'show', :id => @user %> |
10
+ <%= link_to 'Back', :action => 'list' %>
@@ -0,0 +1,5 @@
1
+ <h1>Recovery Message Sent</h1>
2
+ <p>
3
+ Thank You. A login and password recovery message has been sent to
4
+ <%= @user.email %> . Please allow some time for it to be delivered.
5
+ </p>
@@ -0,0 +1,35 @@
1
+ <h1>Listing users</h1>
2
+
3
+ <table>
4
+ <tr>
5
+ <% for column in User.content_columns %>
6
+ <% if User.display?(column.name) %>
7
+ <th><%= column.human_name %></th>
8
+ <% end %>
9
+ <% end %>
10
+ </tr>
11
+
12
+ <% for user in @users %>
13
+ <tr>
14
+ <% for column in User.content_columns %>
15
+ <% if User.display?(column.name) %>
16
+ <% if user.readable?(column.name) %>
17
+ <td><%= user.send(column.name) %></td>
18
+ <% else %>
19
+ <td></td>
20
+ <% end %>
21
+ <% end %>
22
+ <% end %>
23
+ <td><%= link_to 'Show', :action => 'show', :id => user %></td>
24
+ <td><%= link_to 'Edit', :action => 'edit', :id => user %></td>
25
+ <td><%= link_to 'Destroy', {:action => 'destroy', :id => user}, :confirm => 'Are you sure?' %></td>
26
+ </tr>
27
+ <% end %>
28
+ </table>
29
+
30
+ <%= link_to 'Previous page', { :page => @user_pages.current.previous } if @user_pages.current.previous %>
31
+ <%= link_to 'Next page', { :page => @user_pages.current.next } if @user_pages.current.next %>
32
+
33
+ <br />
34
+
35
+ <%= link_to 'New user', :action => 'new' %>
@@ -0,0 +1,11 @@
1
+ <h1>Please login</h1>
2
+
3
+ <%= start_form_tag :action => 'login' %>
4
+ <p><label for="user_login">User ID</label><br/>
5
+ <%= text_field 'user', 'login' %></p>
6
+
7
+ <p><label for="user_password">Password</label><br/>
8
+ <%= password_field 'user', 'password' %></p>
9
+
10
+ <%= submit_tag 'Login' %>
11
+ <%= end_form_tag %>
@@ -0,0 +1,16 @@
1
+ <p>
2
+ You must have the administrator role to proceed.<br/>
3
+ If you aren't an administrator, please use the "back" button in your browser to exit this action.
4
+ </p>
5
+ <p>
6
+ <b>Administrator login</b>
7
+ </p>
8
+ <%= start_form_tag %>
9
+ <p><label for="user_login">User ID</label><br/>
10
+ <%= text_field 'user', 'login' %></p>
11
+
12
+ <p><label for="user_password">Password</label><br/>
13
+ <%= password_field 'user', 'password' %></p>
14
+
15
+ <%= submit_tag 'Login' %>
16
+ <%= end_form_tag %>
@@ -0,0 +1 @@
1
+ OK.
@@ -0,0 +1,30 @@
1
+ <h1>New user</h1>
2
+
3
+ <%= error_messages_for 'user' %>
4
+ <%= start_form_tag :action => 'new' %>
5
+ <table>
6
+ <tr>
7
+ <th><label for="user_login">Login</label></th>
8
+ <td><%= text_field 'user', 'login' %></td>
9
+ </tr>
10
+ <tr>
11
+ <th><label for="user_name">Name</label></th>
12
+ <td><%= text_field 'user', 'name' %></td>
13
+ </tr>
14
+ <tr>
15
+ <th><label for="user_email">Email</label></th>
16
+ <td><%= text_field 'user', 'email' %></td>
17
+ </tr>
18
+ <tr>
19
+ <th><label for="user_password">Password</label></th>
20
+ <td><%= password_field 'user', 'password' %></td>
21
+ </tr>
22
+ <tr>
23
+ <th><label for="user_password_confirmation">Password again</label></th>
24
+ <td><%= password_field 'user', 'password_confirmation' %></td>
25
+ </tr>
26
+ </table>
27
+ <%= submit_tag "Create" %>
28
+ <%= end_form_tag %>
29
+
30
+ <%= link_to 'Back', :action => 'list' %>
@@ -0,0 +1,10 @@
1
+ <% for column in User.content_columns %>
2
+ <% if User.display?(column.name) and @user.readable?(column.name) %>
3
+ <p>
4
+ <b><%= column.human_name %>:</b> <%=h @user.send(column.name) %>
5
+ </p>
6
+ <% end %>
7
+ <% end %>
8
+
9
+ <%= link_to 'Edit', :action => 'edit', :id => @user %> |
10
+ <%= link_to 'Back', :action => 'list' %>
@@ -0,0 +1 @@
1
+ OK.
metadata ADDED
@@ -0,0 +1,83 @@
1
+ --- !ruby/object:Gem::Specification
2
+ rubygems_version: 0.8.8
3
+ specification_version: 1
4
+ name: model_security_generator
5
+ version: !ruby/object:Gem::Version
6
+ version: 0.0.1
7
+ date: 2005-08-12
8
+ summary: "[Rails] Model security and authentication generator."
9
+ require_paths:
10
+ - "."
11
+ email: ''
12
+ homepage:
13
+ rubyforge_project:
14
+ description: Generates Rails code implementing a model security and authentication system for your Rails app.
15
+ autorequire:
16
+ default_executable:
17
+ bindir: bin
18
+ has_rdoc: false
19
+ required_ruby_version: !ruby/object:Gem::Version::Requirement
20
+ requirements:
21
+ -
22
+ - ">"
23
+ - !ruby/object:Gem::Version
24
+ version: 0.0.0
25
+ version:
26
+ platform: ruby
27
+ authors:
28
+ - Bruce Perens
29
+ - Joe Hosteny
30
+ files:
31
+ - USAGE
32
+ - README
33
+ - model_security_generator.rb
34
+ - templates/modal.rb
35
+ - templates/modal_helper.rb
36
+ - templates/model_security.rb
37
+ - templates/model_security_helper.rb
38
+ - templates/once.rb
39
+ - templates/user_support.rb
40
+ - templates/user.rb
41
+ - templates/user_controller.rb
42
+ - templates/user_mailer.rb
43
+ - templates/user_controller_test.rb
44
+ - templates/user_test.rb
45
+ - templates/mock_mailer.rb
46
+ - templates/mock_time.rb
47
+ - templates/users.yml
48
+ - templates/schema.sql
49
+ - templates/users.sql
50
+ - templates/scaffold.css
51
+ - templates/scaffold.rhtml
52
+ - templates/standard.css
53
+ - templates/standard.rhtml
54
+ - templates/_view_form.rhtml
55
+ - templates/mailer_forgot_password.rhtml
56
+ - templates/mailer_new_user.rhtml
57
+ - templates/view_activate.rhtml
58
+ - templates/view_edit.rhtml
59
+ - templates/view_forgot_password_done.rhtml
60
+ - templates/view_list.rhtml
61
+ - templates/view_login.rhtml
62
+ - templates/view_login_admin.rhtml
63
+ - templates/view_logout.rhtml
64
+ - templates/view_new.rhtml
65
+ - templates/view_show.rhtml
66
+ - templates/view_success.rhtml
67
+ test_files: []
68
+ rdoc_options: []
69
+ extra_rdoc_files: []
70
+ executables: []
71
+ extensions: []
72
+ requirements: []
73
+ dependencies:
74
+ - !ruby/object:Gem::Dependency
75
+ name: rails
76
+ version_requirement:
77
+ version_requirements: !ruby/object:Gem::Version::Requirement
78
+ requirements:
79
+ -
80
+ - ">="
81
+ - !ruby/object:Gem::Version
82
+ version: 0.13.1
83
+ version: