monban 0.0.1

data/lib/monban.rb

@@ -0,0 +1,38 @@
+require "monban/version"
+require "monban/configuration"
+require "monban/controller_helpers"
+require "monban/railtie"
+require "monban/warden_setup"
+require "monban/field_map"
+require "monban/strategies/password_strategy"
+require "active_support/core_ext/module/attribute_accessors"
+
+module Monban
+  mattr_accessor :warden_config
+  mattr_accessor :config
+
+  def self.initialize warden_config
+    self.warden_config = warden_config
+    self.config = Monban::Configuration.new
+    if block_given?
+      yield config
+    end
+  end
+
+  def self.compare_token(digest, token)
+    config.token_comparison.call(digest, token)
+  end
+
+  def self.encrypt_token(token)
+    config.encryption_method.call(token)
+  end
+
+  def self.user_class
+    config.user_class.constantize
+  end
+
+  def self.lookup(params, field_map)
+    fields = FieldMap.new(params, field_map).to_fields
+    user_class.where(fields).first
+  end
+end

data/lib/monban/configuration.rb

@@ -0,0 +1,27 @@
+module Monban
+  class Configuration
+    attr_accessor :user_class, :user_token_field, :user_token_store_field
+    attr_accessor :encryption_method, :token_comparison, :user_lookup_field
+    attr_accessor :sign_in_notice
+
+    def initialize
+      @user_class = 'User'
+      @user_token_field = 'password'
+      @user_token_store_field = 'password_digest'
+      @user_lookup_field = 'email'
+      @encryption_method = default_encryption_method
+      @token_comparison = default_password_comparison
+      @sign_in_notice = 'You must be signed in'
+    end
+
+    def default_encryption_method
+      ->(token) { BCrypt::Password.create(token) }
+    end
+
+    def default_password_comparison
+      ->(digest, unencrypted_token) do
+        BCrypt::Password.new(digest) == unencrypted_token
+      end
+    end
+  end
+end

data/lib/monban/controller_helpers.rb

@@ -0,0 +1,56 @@
+require 'bcrypt'
+require 'monban/controller_helpers/sign_in'
+require 'monban/controller_helpers/sign_out'
+require 'monban/controller_helpers/sign_up'
+require 'monban/controller_helpers/authentication'
+require 'active_support/concern'
+
+module Monban
+  module ControllerHelpers
+    extend ActiveSupport::Concern
+    included do
+      helper_method :current_user, :signed_in?
+    end
+
+    def sign_in user
+      SignIn.new(user, warden).perform
+    end
+
+    def sign_out
+      SignOut.new(warden).perform
+    end
+
+    def sign_up user_params
+      SignUp.new(user_params).perform
+    end
+
+    def authenticate_session session_params, field_map = nil
+      user = Monban.lookup(session_params, field_map)
+      password = session_params.delete(Monban.config.user_token_field)
+      authenticate(user, password)
+    end
+
+    def authenticate user, password
+      Authentication.new(user, password).perform
+    end
+
+    def warden
+      env['warden']
+    end
+
+    def current_user
+      warden.user
+    end
+
+    def signed_in?
+      current_user
+    end
+
+    def require_login
+      unless signed_in?
+        flash.notice = Monban.config.sign_in_notice
+        redirect_to '/sign_in'
+      end
+    end
+  end
+end

data/lib/monban/controller_helpers/authentication.rb

@@ -0,0 +1,26 @@
+module Monban
+  class Authentication
+    def initialize user, unencrypted_token
+      @user = user
+      @unencrypted_token = unencrypted_token
+    end
+
+    def perform
+      if authenticated?
+        @user
+      else
+        false
+      end
+    end
+
+    private
+
+    def authenticated?
+      @user && Monban.compare_token(@user.send(token_store_field), @unencrypted_token)
+    end
+
+    def token_store_field
+      Monban.config.user_token_store_field
+    end
+  end
+end

data/lib/monban/controller_helpers/sign_in.rb

@@ -0,0 +1,12 @@
+module Monban
+  class SignIn
+    def initialize user, warden
+      @user = user
+      @warden = warden
+    end
+
+    def perform
+      @warden.set_user(@user)
+    end
+  end
+end

data/lib/monban/controller_helpers/sign_out.rb

@@ -0,0 +1,11 @@
+module Monban
+  class SignOut
+    def initialize warden
+      @warden = warden
+    end
+
+    def perform
+      @warden.logout
+    end
+  end
+end

data/lib/monban/controller_helpers/sign_up.rb

@@ -0,0 +1,23 @@
+module Monban
+  class SignUp
+    def initialize user_params
+      unencrypted_token = user_params.delete(token_field)
+      token_digest = Monban.encrypt_token(unencrypted_token)
+      @user_params = user_params.merge(token_store_field.to_sym => token_digest)
+    end
+
+    def perform
+      Monban.user_class.create(@user_params.to_hash)
+    end
+
+    private
+
+    def token_store_field
+      Monban.config.user_token_store_field
+    end
+
+    def token_field
+      Monban.config.user_token_field
+    end
+  end
+end

data/lib/monban/field_map.rb

@@ -0,0 +1,38 @@
+module Monban
+  class FieldMap
+    def initialize params, field_map
+      @params = params
+      @field_map = field_map
+    end
+
+    def to_fields
+      if @field_map
+        params_from_field_map
+      else
+        @params
+      end
+    end
+
+    private
+
+    def params_from_field_map
+      [query_string, *([value] * lookup_keys.length)]
+    end
+
+    def query_string
+      lookup_keys.map { |key| "#{key} = ?" }.join(" OR ")
+    end
+
+    def session_key
+      @field_map.keys.first
+    end
+
+    def lookup_keys
+      @field_map.values.first
+    end
+
+    def value
+      @params[session_key]
+    end
+  end
+end

data/lib/monban/railtie.rb

@@ -0,0 +1,9 @@
+require 'warden'
+
+module Monban
+  class Railtie < Rails::Railtie
+    config.app_middleware.use Warden::Manager do |config|
+      Monban.initialize(config)
+    end
+  end
+end

data/lib/monban/strategies/password_strategy.rb

@@ -0,0 +1,15 @@
+module Monban
+  module Strategies
+    class PasswordStrategy < ::Warden::Strategies::Base
+      def valid?
+        params[:email] || params[:password]
+      end
+
+      def authenticate!
+        user = User.find_by_email(params[:email])
+        auth = Authentication.new(user, params[:password])
+        auth.authenticated? ? success!(user) : fail!("Could not log in")
+      end
+    end
+  end
+end

data/lib/monban/version.rb

@@ -0,0 +1,3 @@
+module Monban
+  VERSION = "0.0.1"
+end

data/lib/monban/warden_setup.rb

@@ -0,0 +1,11 @@
+require "monban/strategies/password_strategy"
+
+Warden::Manager.serialize_into_session do |user|
+  user.id
+end
+
+Warden::Manager.serialize_from_session do |id|
+  User.find(id)
+end
+
+Warden::Strategies.add(:password_strategy, Monban::Strategies::PasswordStrategy)

data/monban.gemspec

@@ -0,0 +1,29 @@
+# -*- encoding: utf-8 -*-
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'monban/version'
+
+Gem::Specification.new do |gem|
+  gem.name          = "monban"
+  gem.version       = Monban::VERSION
+  gem.authors       = ["halogenandtoast", "calebthompson"]
+  gem.email         = ["halogenandtoast@gmail.com"]
+  gem.description   = %q{simple rails authentication}
+  gem.summary       = %q{Making rails authentication as simple as possible}
+  gem.homepage      = ""
+
+  gem.files         = `git ls-files`.split($/)
+  gem.executables   = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
+  gem.test_files    = gem.files.grep(%r{^(test|spec|features)/})
+  gem.require_paths = ["lib"]
+
+  gem.add_dependency 'rails'
+  gem.add_dependency 'bcrypt-ruby'
+  gem.add_dependency 'warden'
+  gem.add_development_dependency 'rspec'
+  gem.add_development_dependency 'rspec-rails'
+  gem.add_development_dependency 'capybara'
+  gem.add_development_dependency 'pry'
+  gem.add_development_dependency 'sqlite3'
+  gem.add_development_dependency 'active_hash'
+end

data/spec/features/visitor/visitor_signs_up_spec.rb

@@ -0,0 +1,12 @@
+require 'spec_helper'
+
+feature 'Visitor signs up' do
+  scenario 'with an email and password' do
+    visit sign_up_path
+    fill_in 'user_email', with: 'email@example.com'
+    fill_in 'user_password', with: 'password'
+    click_on 'go'
+
+    page.current_path.should eq(posts_path)
+  end
+end

data/spec/monban/controller_helpers/authentication_spec.rb

@@ -0,0 +1,25 @@
+require 'spec_helper'
+require 'monban/controller_helpers/authentication'
+
+describe Monban::Authentication, '#authentication' do
+  it 'is authenticated for a valid password' do
+    password_digest = BCrypt::Password.create('password')
+    user = stub(password_digest: password_digest)
+    auth = Monban::Authentication.new(user, 'password')
+
+    expect(auth.perform).to eq(user)
+  end
+
+  it 'is not authenticated for the wrong password' do
+    password_digest = BCrypt::Password.create('password')
+    user = stub(password_digest: password_digest)
+    auth = Monban::Authentication.new(user, 'drowssap')
+
+    expect(auth.perform).to eq(false)
+  end
+
+  it 'is not authenticated without a user' do
+    auth = Monban::Authentication.new(nil, 'password')
+    expect(auth.perform).to eq(false)
+  end
+end

data/spec/monban/controller_helpers/sign_in_spec.rb

@@ -0,0 +1,12 @@
+require 'spec_helper'
+require 'monban/controller_helpers/sign_in'
+
+describe Monban::SignIn, '#perform' do
+  it 'signs the user in' do
+    user = double()
+    warden = double()
+    warden.should_receive(:set_user).with(user)
+
+    Monban::SignIn.new(user, warden).perform
+  end
+end

data/spec/monban/controller_helpers/sign_out_spec.rb

@@ -0,0 +1,11 @@
+require 'spec_helper'
+require 'monban/controller_helpers/sign_out'
+
+describe Monban::SignOut, '#perform' do
+  it 'signs out the user' do
+    warden = double()
+    warden.should_receive(:logout)
+
+    Monban::SignOut.new(warden).perform
+  end
+end

data/spec/monban/controller_helpers/sign_up_spec.rb

@@ -0,0 +1,17 @@
+require 'spec_helper'
+require 'monban/controller_helpers/sign_up'
+
+describe Monban::SignUp, '#perform' do
+  it 'creates a user with the right parameters' do
+    create = double
+    stub_const('User', create)
+    user_params = { email: 'email@example.com', password: 'password' }
+
+    create.should_receive(:create) do |args|
+      args[:email].should eq(user_params[:email])
+      args.should have_key(:password_digest)
+    end
+
+    Monban::SignUp.new(user_params).perform
+  end
+end

data/spec/monban/controller_helpers_spec.rb

@@ -0,0 +1,124 @@
+require 'spec_helper'
+
+module Monban
+  describe ControllerHelpers do
+    class WardenMock
+      def user; end
+    end
+    class Flash < Struct.new(:notice)
+    end
+
+    class Dummy
+      attr_reader :redirected, :flash
+      def initialize warden
+        @warden = warden
+        @flash = Flash.new
+        @redirected = false
+      end
+      def redirect_to path
+        @redirected = true
+      end
+      def env
+        { "warden" => @warden }
+      end
+    end
+
+    before(:each) do
+      @warden = WardenMock.new
+      @dummy = Dummy.new(@warden)
+      @dummy.extend(ControllerHelpers)
+    end
+
+    it 'performs a sign in' do
+      user = double()
+      sign_in = double()
+      sign_in.should_receive(:perform)
+      SignIn.should_receive(:new).with(user, @warden).and_return(sign_in)
+      @dummy.sign_in user
+    end
+
+    it 'performs a sign out' do
+      sign_out = double()
+      sign_out.should_receive(:perform)
+      SignOut.should_receive(:new).with(@warden).and_return(sign_out)
+      @dummy.sign_out
+    end
+
+    it 'performs a sign_up' do
+      user_params = double()
+      sign_up = double()
+      sign_up.should_receive(:perform)
+      SignUp.should_receive(:new).with(user_params).and_return(sign_up)
+      @dummy.sign_up user_params
+    end
+
+    it 'authenticates a session' do
+      session_params = double()
+      session_params.should_receive(:delete).with('password').and_return('password')
+      user = double()
+      authentication = double()
+      authentication.should_receive(:perform).and_return(user)
+      Monban.should_receive(:lookup).with(session_params, nil).and_return(user)
+      Authentication.should_receive(:new).with(user, 'password').and_return(authentication)
+      @dummy.authenticate_session(session_params).should == user
+    end
+
+    it 'authenticates a session against multiple fields' do
+      session_params = { 'email_or_username' => 'foo', 'password' => 'password' }
+      field_map = { email_or_username: [:email, :username] }
+      user = double()
+      authentication = double()
+      authentication.should_receive(:perform).and_return(user)
+      Monban.should_receive(:lookup).with(session_params, field_map).and_return(user)
+      Authentication.should_receive(:new).with(user, 'password').and_return(authentication)
+      @dummy.authenticate_session(session_params, field_map).should == user
+    end
+
+    it 'returns false when it could not authenticate the user' do
+      session_params = double()
+      session_params.should_receive(:delete).with('password').and_return('password')
+      user = double()
+      authentication = double()
+      authentication.should_receive(:perform).and_return(false)
+      Monban.should_receive(:lookup).with(session_params, nil).and_return(user)
+      Authentication.should_receive(:new).with(user, 'password').and_return(authentication)
+      @dummy.authenticate_session(session_params).should == false
+    end
+
+    it 'performs an authenticate' do
+      user = double()
+      password = double()
+      authentication = double()
+      authentication.should_receive(:perform)
+      Authentication.should_receive(:new).with(user, password).and_return(authentication)
+      @dummy.authenticate user, password
+    end
+
+    it 'returns the current user' do
+      @warden.should_receive(:user)
+      @dummy.current_user
+    end
+
+    it 'returns signed_in?' do
+      @warden.should_receive(:user)
+      @dummy.signed_in?
+    end
+
+    it 'redirects when not signed_in' do
+      @warden.should_receive(:user).and_return(false)
+      @dummy.require_login
+      expect(@dummy.redirected).to eq(true)
+      expect(@dummy.flash.notice).to eq(Monban.config.sign_in_notice)
+    end
+
+    it 'does not redirect when signed_in' do
+      @warden.should_receive(:user).and_return(true)
+      @dummy.require_login
+      expect(@dummy.redirected).to eq(false)
+    end
+
+    it 'returns warden' do
+      @dummy.warden.should == @warden
+    end
+  end
+end