model_security_generator 0.0.1

data/templates/user_mailer.rb

@@ -0,0 +1,29 @@
+ActionMailer::Base.delivery_method = :sendmail
+
+# Send mail to a user to administer that user's login. Called by UserController.
+class UserMailer < ActionMailer::Base
+
+  # Send a forgot-password email, allowing the user to regain their login name
+  # and password.
+  def forgot_password(user, url)
+    @body['user'] = user
+    @body['url'] = url
+
+    recipients	user.email
+    subject	'Login and password recovery.'
+    from	'bruce@perens.com'
+
+  end
+
+  # Send a new-user email, providing the user with a URL used to validate
+  # that user's login.
+  def new_user(user, url)
+    @body['user'] = user
+    @body['url'] = url
+
+    recipients	user.email
+    subject	'Your new login is ready'
+    from	'bruce@perens.com'
+
+  end
+end

data/templates/user_support.rb

@@ -0,0 +1,124 @@
+# UserSupport provides methods are intended to be included by
+# ApplicationController to support the user system across the
+# entire application. They are companions to the User model.
+#
+# The HTTP authorization code is
+# derived from an example published by Maximillian Dornseif at
+# http://blogs.23.nu/c0re/stories/7409/
+# which was released for use under any license.
+#
+module UserSupport
+end
+
+require 'user'
+require 'modal'
+
+module UserSupport
+  # Return true if the currently-logged-in user is the administrator.
+  def admin?
+    User.admin?
+  end
+
+  
+  # This is meant to be used as a before_filter. It requires an
+  # administrative login, putting up a login panel if the administrator
+  # isn't currently logged in. Once the administrator logs in, it resumes
+  # the action it was protecting.
+  def require_admin
+    if admin?
+      return true
+    else
+      store_location
+      redirect_to :controller => 'user', :action => 'login_admin'
+      return false
+    end
+  end
+
+  # This is meant to be used as a before_filter. It requires a
+  # login, putting up a login panel if the session isn't currently
+  # logged in. Once a user logs in, it resumes the action it was
+  # protecting.
+  def require_login
+    if User.current
+      true
+    else
+      store_location
+      redirect_to :controller => 'user', :action => 'login'
+      false
+    end
+  end
+
+  # This is a before filter for the entire application, used to set up the
+  # current user from the session or from various forms of authentication.
+  # It's mandiatory that your application declare this filter if it's using
+  # the User model, as this is responsible for maintaining the application's
+  # idea of the currently-logged-in user.
+  #
+  # It will always return true, and thus will not block your actions. Use
+  # require_login or require_admin if you want to block actions.
+  #
+  # This filter must be called before require_login, require_admin,
+  # security tests of ModelSecurity that are based on User, or anything
+  # that expects login information.
+  #
+  def user_setup
+    user = login = password = nil
+
+    r = @request.env
+
+    # If the request contains an HTTP authentication, decode it.
+    # Don't use it to authenticate the user yet.
+    if (authdata = r['HTTP_AUTHORIZATION'] or r['X-HTTP_AUTHORIZATION'])
+      authdata = authdata.to_s.split
+
+      # FIX: At the moment we only support Basic authentication. It's
+      # prone to sniffing. Change to Digest authentication.
+      if not authdata.nil? and authdata[0] == 'Basic' 
+        login, password = Base64.decode64(authdata[1]).split(':')[0..1]
+      end
+    end
+
+    # If the user is already logged into the session, get the user record.
+    if (id = @session[:user_id])
+      user = User.sign_on_by_session(id)
+    end
+
+    # If the HTTP authentication is for a different user name, the user wants
+    # to change logins. This can happen if an operation requires an
+    # administrative login and the current user isn't the administrator but
+    # also has an administrative login. It can also happen with command-line
+    # tools like "wget" or web services clients that operate on behalf of
+    # several users.
+    #
+    # Note that HTTP authentication (at least Basic) can be sent without
+    # the server first asking for it, and that's valid according to the
+    # HTTP specification. So, I can get here without having asked the browser
+    # to put up a login panel.
+    #
+    # Allow re-log-in if the user name and password authenticate properly.
+    #
+    if login and (user.nil? or login != user.login)
+      user = User.sign_on(login, password)
+    end
+
+    # Sign on the user via a web form.
+    if @request.method == :post and (p = @params['user']) != nil
+      if p['login'] and p['password']
+        user = User.sign_on(p['login'], p['password'])
+      end
+    end
+
+    # Sign on the user via a security token.
+    if @params[:id] and @params['token']
+      user = User.sign_on_by_token(@params[:id], @params['token'])
+    end
+
+    if user
+      User.current = user
+      @session[:user_id] = user.id
+    end
+    logger.info("Current user is #{User.current.inspect}.")
+
+    true
+  end
+end

data/templates/user_test.rb

@@ -0,0 +1,10 @@
+require File.dirname(__FILE__) + '/../test_helper'
+
+class UserTest < Test::Unit::TestCase
+  fixtures :users
+
+  def test_true
+    true
+  end
+  
+end

data/templates/users.sql

@@ -0,0 +1,17 @@
+create table users (
+	id		integer unsigned not null auto_increment primary key,
+  	login		varchar(40) not null,
+	name		varchar(128) not null,
+	admin		integer(1) not null default 0,
+	activated	integer(1) not null default 0,
+	email		varchar(80) not null,
+  	cypher		varchar(512) not null,
+	salt		char(40) not null,
+	token		char(10) not null,
+	token_expiry	timestamp not null,
+	created_on	timestamp not null,
+	updated_on	timestamp not null,
+	lock_version	integer not null default 0,
+	index (login),
+	index (email)
+);

data/templates/users.yml

@@ -0,0 +1,41 @@
+# Read about fixtures at http://ar.rubyonrails.org/classes/Fixtures.html
+
+bob:
+  id: 1000001
+  login: bob
+  cypher: ef94c16f6c124a4e84cc215c164767bfa25f6e92 # atest
+  salt: 7f8b036f9b647d46d22abdbfc8113f44a88f9889
+  email: bob@test.com
+  activated: 1
+  
+existingbob:
+  id: 1000002
+  login: existingbob
+  cypher: 99d6b680d4bfa81cbd383ffa0390bb03323a0b9a # atest
+  salt: fc76daa7bc4e4b7833375cf9deca38beee4c5581
+  email: existingbob@test.com
+  activated: 1  
+
+longbob:
+  id: 1000003
+  login: longbob
+  cypher: c841391e1d29100a4920de7a8fbb4b0fd180c6c0 # alongtest
+  salt: c068e3671780f16898c0a8295ae8d82cc59713e2
+  email: longbob@test.com
+  activated: 1
+
+deletebob1:
+  id: 1000004
+  login: deletebob1
+  cypher: c841391e1d29100a4920de7a8fbb4b0fd180c6c0 # alongtest
+  salt: c068e3671780f16898c0a8295ae8d82cc59713e2
+  email: deletebob1@test.com
+  activated: 1
+
+deletebob2:
+  id: 1000005
+  login: deletebob2
+  cypher: c841391e1d29100a4920de7a8fbb4b0fd180c6c0 # alongtest
+  salt: c068e3671780f16898c0a8295ae8d82cc59713e2
+  email: deletebob2@test.com
+  activated: 1

data/templates/view_activate.rhtml

@@ -0,0 +1 @@
+Your account is now activated.

data/templates/view_edit.rhtml

@@ -0,0 +1,10 @@
+<h1>Editing user</h1>
+
+<% error_messages_for 'user' %>
+<%= start_form_tag :action => 'edit', :id => @user %>
+  <%= render_partial 'form' %>
+  <%= submit_tag 'Edit' %>
+<%= end_form_tag %>
+
+<%= link_to 'Show', :action => 'show', :id => @user %> |
+<%= link_to 'Back', :action => 'list' %>

data/templates/view_forgot_password_done.rhtml

@@ -0,0 +1,5 @@
+<h1>Recovery Message Sent</h1>
+<p>
+Thank You. A login and password recovery message has been sent to
+<%= @user.email %> . Please allow some time for it to be delivered.
+</p>

data/templates/view_list.rhtml

@@ -0,0 +1,35 @@
+<h1>Listing users</h1>
+
+<table>
+  <tr>
+    <% for column in User.content_columns %>
+      <% if User.display?(column.name) %>
+        <th><%= column.human_name %></th>
+      <% end %>
+    <% end %>
+  </tr>
+  
+<% for user in @users %>
+  <tr>
+    <% for column in User.content_columns %>
+      <% if User.display?(column.name) %>
+        <% if user.readable?(column.name)  %>
+          <td><%= user.send(column.name) %></td>
+        <% else %>
+          <td></td>
+        <% end %>
+      <% end %>
+    <% end %>
+    <td><%= link_to 'Show', :action => 'show', :id => user %></td>
+    <td><%= link_to 'Edit', :action => 'edit', :id => user %></td>
+    <td><%= link_to 'Destroy', {:action => 'destroy', :id => user}, :confirm => 'Are you sure?' %></td>
+  </tr>
+<% end %>
+</table>
+
+<%= link_to 'Previous page', { :page => @user_pages.current.previous } if @user_pages.current.previous %>
+<%= link_to 'Next page', { :page => @user_pages.current.next } if @user_pages.current.next %> 
+
+<br />
+
+<%= link_to 'New user', :action => 'new' %>

data/templates/view_login.rhtml

@@ -0,0 +1,11 @@
+<h1>Please login</h1>
+
+<%= start_form_tag :action => 'login' %>
+  <p><label for="user_login">User ID</label><br/>
+  <%= text_field 'user', 'login'  %></p>
+  
+  <p><label for="user_password">Password</label><br/>
+  <%= password_field 'user', 'password'  %></p>
+
+  <%= submit_tag 'Login' %>
+<%= end_form_tag %>

data/templates/view_login_admin.rhtml

@@ -0,0 +1,16 @@
+<p>
+You must have the administrator role to proceed.<br/>
+If you aren't an administrator, please use the "back" button in your browser to exit this action.
+</p>
+<p>
+<b>Administrator login</b>
+</p>
+<%= start_form_tag %>
+  <p><label for="user_login">User ID</label><br/>
+  <%= text_field 'user', 'login'  %></p>
+  
+  <p><label for="user_password">Password</label><br/>
+  <%= password_field 'user', 'password'  %></p>
+
+  <%= submit_tag 'Login' %>
+<%= end_form_tag %>

data/templates/view_logout.rhtml

@@ -0,0 +1 @@
+OK.

data/templates/view_new.rhtml

@@ -0,0 +1,30 @@
+<h1>New user</h1>
+
+<%= error_messages_for 'user' %>
+<%= start_form_tag :action => 'new' %>
+  <table>
+    <tr>
+      <th><label for="user_login">Login</label></th>
+      <td><%= text_field 'user', 'login' %></td>
+    </tr>
+    <tr>
+      <th><label for="user_name">Name</label></th>
+      <td><%= text_field 'user', 'name' %></td>
+    </tr>
+    <tr>
+      <th><label for="user_email">Email</label></th>
+      <td><%= text_field 'user', 'email' %></td>
+    </tr>
+    <tr>
+      <th><label for="user_password">Password</label></th>
+      <td><%= password_field 'user', 'password' %></td>
+    </tr>
+    <tr>
+      <th><label for="user_password_confirmation">Password again</label></th>
+      <td><%= password_field 'user', 'password_confirmation' %></td>
+    </tr>
+  </table>
+  <%= submit_tag "Create" %>
+<%= end_form_tag %>
+
+<%= link_to 'Back', :action => 'list' %>

data/templates/view_show.rhtml

@@ -0,0 +1,10 @@
+<% for column in User.content_columns %>
+  <% if User.display?(column.name) and @user.readable?(column.name) %>
+    <p>
+      <b><%= column.human_name %>:</b> <%=h @user.send(column.name) %>
+    </p>
+  <% end %>
+<% end %>
+
+<%= link_to 'Edit', :action => 'edit', :id => @user %> |
+<%= link_to 'Back', :action => 'list' %>

data/templates/view_success.rhtml

@@ -0,0 +1 @@
+OK.

metadata

@@ -0,0 +1,83 @@
+--- !ruby/object:Gem::Specification 
+rubygems_version: 0.8.8
+specification_version: 1
+name: model_security_generator
+version: !ruby/object:Gem::Version 
+  version: 0.0.1
+date: 2005-08-12
+summary: "[Rails] Model security and authentication generator."
+require_paths: 
+  - "."
+email: ''
+homepage: 
+rubyforge_project: 
+description: Generates Rails code implementing a model security and authentication system for your Rails app.
+autorequire: 
+default_executable: 
+bindir: bin
+has_rdoc: false
+required_ruby_version: !ruby/object:Gem::Version::Requirement 
+  requirements: 
+    - 
+      - ">"
+      - !ruby/object:Gem::Version 
+        version: 0.0.0
+  version: 
+platform: ruby
+authors: 
+  - Bruce Perens
+  - Joe Hosteny
+files: 
+  - USAGE
+  - README
+  - model_security_generator.rb
+  - templates/modal.rb
+  - templates/modal_helper.rb
+  - templates/model_security.rb
+  - templates/model_security_helper.rb
+  - templates/once.rb
+  - templates/user_support.rb
+  - templates/user.rb
+  - templates/user_controller.rb
+  - templates/user_mailer.rb
+  - templates/user_controller_test.rb
+  - templates/user_test.rb
+  - templates/mock_mailer.rb
+  - templates/mock_time.rb
+  - templates/users.yml
+  - templates/schema.sql
+  - templates/users.sql
+  - templates/scaffold.css
+  - templates/scaffold.rhtml
+  - templates/standard.css
+  - templates/standard.rhtml
+  - templates/_view_form.rhtml
+  - templates/mailer_forgot_password.rhtml
+  - templates/mailer_new_user.rhtml
+  - templates/view_activate.rhtml
+  - templates/view_edit.rhtml
+  - templates/view_forgot_password_done.rhtml
+  - templates/view_list.rhtml
+  - templates/view_login.rhtml
+  - templates/view_login_admin.rhtml
+  - templates/view_logout.rhtml
+  - templates/view_new.rhtml
+  - templates/view_show.rhtml
+  - templates/view_success.rhtml
+test_files: []
+rdoc_options: []
+extra_rdoc_files: []
+executables: []
+extensions: []
+requirements: []
+dependencies: 
+  - !ruby/object:Gem::Dependency 
+    name: rails
+    version_requirement: 
+    version_requirements: !ruby/object:Gem::Version::Requirement 
+      requirements: 
+        - 
+          - ">="
+          - !ruby/object:Gem::Version 
+            version: 0.13.1
+      version: