mongoid-devise 1.0.1

data/lib/devise/encryptors/restful_authentication_sha1.rb

@@ -0,0 +1,22 @@
+require "digest/sha1"
+
+module Devise
+  module Encryptors
+    # = RestfulAuthenticationSha1
+    # Simulates Restful Authentication's default encryption mechanism.
+    # Warning: it uses Devise's pepper to port the concept of REST_AUTH_SITE_KEY
+    # Warning: it uses Devise's stretches configuration to port the concept of REST_AUTH_DIGEST_STRETCHES. Should be set to 10 in 
+    # the initializer to silumate the default behavior.
+    class RestfulAuthenticationSha1 < Base
+      
+      # Gererates a default password digest based on salt, pepper and the
+      # incoming password.
+      def self.digest(password, stretches, salt, pepper)
+        digest = pepper
+        stretches.times { digest = Digest::SHA1.hexdigest([digest, salt, password, pepper].flatten.join('--')) }
+        digest
+      end
+
+    end
+  end
+end

data/lib/devise/encryptors/sha1.rb

@@ -0,0 +1,27 @@
+require "digest/sha1"
+
+module Devise
+  module Encryptors
+    # = Sha1
+    # Uses the Sha1 hash algorithm to encrypt passwords.
+    class Sha1 < Base
+      
+      # Gererates a default password digest based on stretches, salt, pepper and the
+      # incoming password.
+      def self.digest(password, stretches, salt, pepper)
+        digest = pepper
+        stretches.times { digest = self.secure_digest(salt, digest, password, pepper) }
+        digest
+      end
+
+      private
+
+        # Generate a SHA1 digest joining args. Generated token is something like
+        #   --arg1--arg2--arg3--argN--
+        def self.secure_digest(*tokens)
+          ::Digest::SHA1.hexdigest('--' << tokens.flatten.join('--') << '--')
+        end        
+      
+    end
+  end
+end

data/lib/devise/encryptors/sha512.rb

@@ -0,0 +1,27 @@
+require "digest/sha2"
+
+module Devise
+  module Encryptors
+    # = Sha512
+    # Uses the Sha512 hash algorithm to encrypt passwords.
+    class Sha512 < Base
+      
+      # Gererates a default password digest based on salt, pepper and the
+      # incoming password.
+      def self.digest(password, stretches, salt, pepper)
+        digest = pepper
+        stretches.times { digest = self.secure_digest(salt, digest, password, pepper) }
+        digest
+      end
+
+      private
+
+        # Generate a Sha512 digest joining args. Generated token is something like
+        #   --arg1--arg2--arg3--argN--
+        def self.secure_digest(*tokens)
+          ::Digest::SHA512.hexdigest('--' << tokens.flatten.join('--') << '--')
+        end        
+      
+    end
+  end
+end

data/lib/devise/failure_app.rb

@@ -0,0 +1,65 @@
+module Devise
+  # Failure application that will be called every time :warden is thrown from
+  # any strategy or hook. Responsible for redirect the user to the sign in
+  # page based on current scope and mapping. If no scope is given, redirect
+  # to the default_url.
+  class FailureApp
+    attr_reader :env
+    include Warden::Mixins::Common
+
+    cattr_accessor :default_url, :default_message, :instance_writer => false
+    @@default_message = :unauthenticated
+
+    def self.call(env)
+      new(env).respond!
+    end
+
+    def initialize(env)
+      @env = env
+    end
+
+    def respond!
+      options = @env['warden.options']
+      scope   = options[:scope]
+
+      redirect_path = if mapping = Devise.mappings[scope]
+        "#{mapping.parsed_path}/#{mapping.path_names[:sign_in]}"
+      else
+        "/#{default_url}"
+      end
+      query_string = query_string_for(options)
+      store_location!(scope)
+
+      headers = {}
+      headers["Location"] = redirect_path
+      headers["Location"] << "?" << query_string unless query_string.empty?
+      headers["Content-Type"] = 'text/plain'
+
+      [302, headers, ["You are being redirected to #{redirect_path}"]]
+    end
+
+    # Build the proper query string based on the given message.
+    def query_string_for(options)
+      message = @env['warden'].try(:message) || options[:message] || default_message
+
+      params = case message
+        when Symbol
+          { message => true }
+        when String
+          { :message => message }
+        else
+          {}
+      end
+
+      Rack::Utils.build_query(params)
+    end
+
+    # Stores requested uri to redirect the user after signing in. We cannot use
+    # scoped session provided by warden here, since the user is not authenticated
+    # yet, but we still need to store the uri based on scope, so different scopes
+    # would never use the same uri to redirect.
+    def store_location!(scope)
+      session[:"#{scope}.return_to"] = request.request_uri if request && request.get?
+    end
+  end
+end

data/lib/devise/hooks/activatable.rb

@@ -0,0 +1,15 @@
+# Deny user access whenever his account is not active yet.
+Warden::Manager.after_set_user do |record, warden, options|
+  if record && record.respond_to?(:active?) && !record.active?
+    scope = options[:scope]
+    warden.logout(scope)
+
+    # If winning strategy was set, this is being called after authenticate and
+    # there is no need to force a redirect.
+    if warden.winning_strategy
+      warden.winning_strategy.fail!(record.inactive_message)
+    else
+      throw :warden, :scope => scope, :message => record.inactive_message
+    end
+  end
+end

data/lib/devise/hooks/rememberable.rb

@@ -0,0 +1,30 @@
+# After authenticate hook to verify if the user in the given scope asked to be
+# remembered while he does not sign out. Generates a new remember token for
+# that specific user and adds a cookie with this user info to sign in this user
+# automatically without asking for credentials. Refer to rememberable strategy
+# for more info.
+Warden::Manager.after_authentication do |record, warden, options|
+  scope = options[:scope]
+  remember_me = warden.params[scope].try(:fetch, :remember_me, nil)
+
+  if Devise::TRUE_VALUES.include?(remember_me) &&
+     warden.authenticated?(scope) && record.respond_to?(:remember_me!)
+    record.remember_me!
+
+    warden.response.set_cookie "remember_#{scope}_token", {
+      :value => record.class.serialize_into_cookie(record),
+      :expires => record.remember_expires_at,
+      :path => "/"
+    }
+  end
+end
+
+# Before logout hook to forget the user in the given scope, only if rememberable
+# is activated for this scope. Also clear remember token to ensure the user
+# won't be remembered again.
+Warden::Manager.before_logout do |record, warden, scope|
+  if record.respond_to?(:forget_me!)
+    record.forget_me!
+    warden.response.delete_cookie "remember_#{scope}_token"
+  end
+end

data/lib/devise/hooks/timeoutable.rb

@@ -0,0 +1,18 @@
+# Each time a record is set we check whether it's session has already timed out
+# or not, based on last request time. If so, the record is logged out and
+# redirected to the sign in page. Also, each time the request comes and the
+# record is set, we set the last request time inside it's scoped session to
+# verify timeout in the following request.
+Warden::Manager.after_set_user do |record, warden, options|
+  scope = options[:scope]
+  if record && record.respond_to?(:timedout?) && warden.authenticated?(scope)
+    last_request_at = warden.session(scope)['last_request_at']
+
+    if record.timedout?(last_request_at)
+      warden.logout(scope)
+      throw :warden, :scope => scope, :message => :timeout
+    end
+
+    warden.session(scope)['last_request_at'] = Time.now.utc
+  end
+end

data/lib/devise/hooks/trackable.rb

@@ -0,0 +1,18 @@
+# After each sign in, update sign in time, sign in count and sign in IP.
+Warden::Manager.after_set_user :except => :fetch do |record, warden, options|
+  scope = options[:scope]
+  if Devise.mappings[scope].try(:trackable?) && warden.authenticated?(scope)
+    old_current, new_current  = record.current_sign_in_at, Time.now
+    record.last_sign_in_at    = old_current || new_current
+    record.current_sign_in_at = new_current
+
+    old_current, new_current  = record.current_sign_in_ip, warden.request.remote_ip
+    record.last_sign_in_ip    = old_current || new_current
+    record.current_sign_in_ip = new_current
+
+    record.sign_in_count ||= 0
+    record.sign_in_count += 1
+
+    record.save(false)
+  end
+end

data/lib/devise/locales/en.yml

@@ -0,0 +1,35 @@
+en:
+  devise:
+    sessions:
+      link: 'Sign in'
+      signed_in: 'Signed in successfully.'
+      signed_out: 'Signed out successfully.'
+      unauthenticated: 'You need to sign in or sign up before continuing.'
+      unconfirmed: 'You have to confirm your account before continuing.'
+      locked: 'Your account is locked.'
+      invalid: 'Invalid email or password.'
+      invalid_token: 'Invalid authentication token.'
+      timeout: 'Your session expired, please sign in again to continue.'
+      inactive: 'Your account was not activated yet.'
+    passwords:
+      link: 'Forgot password?'
+      send_instructions: 'You will receive an email with instructions about how to reset your password in a few minutes.'
+      updated: 'Your password was changed successfully. You are now signed in.'
+    confirmations:
+      link: "Didn't receive confirmation instructions?"
+      send_instructions: 'You will receive an email with instructions about how to confirm your account in a few minutes.'
+      confirmed: 'Your account was successfully confirmed. You are now signed in.'
+    registrations:
+      link: 'Sign up'
+      signed_up: 'You have signed up successfully.'
+      updated: 'You updated your account successfully.'
+      destroyed: 'Bye! Your account was successfully cancelled. We hope to see you again soon.'
+    unlocks:
+      link: "Didn't receive unlock instructions?"
+      send_instructions: 'You will receive an email with instructions about how to unlock your account in a few minutes.'
+      unlocked: 'Your account was successfully unlocked. You are now signed in.'
+    mailer:
+      confirmation_instructions: 'Confirmation instructions'
+      reset_password_instructions: 'Reset password instructions'
+      unlock_instructions: 'Unlock Instructions'
+

data/lib/devise/mapping.rb

@@ -0,0 +1,131 @@
+module Devise
+  # Responsible for handling devise mappings and routes configuration. Each
+  # resource configured by devise_for in routes is actually creating a mapping
+  # object. You can refer to devise_for in routes for usage options.
+  #
+  # The required value in devise_for is actually not used internally, but it's
+  # inflected to find all other values.
+  #
+  #   map.devise_for :users
+  #   mapping = Devise.mappings[:user]
+  #
+  #   mapping.name #=> :user
+  #   # is the scope used in controllers and warden, given in the route as :singular.
+  #
+  #   mapping.as   #=> "users"
+  #   # how the mapping should be search in the path, given in the route as :as.
+  #
+  #   mapping.to   #=> User
+  #   # is the class to be loaded from routes, given in the route as :class_name.
+  #
+  #   mapping.for  #=> [:authenticatable]
+  #   # is the modules included in the class
+  #
+  class Mapping #:nodoc:
+    attr_reader :name, :as, :path_names, :path_prefix, :route_options
+
+    # Loop through all mappings looking for a map that matches with the requested
+    # path (ie /users/sign_in). If a path prefix is given, it's taken into account.
+    def self.find_by_path(path)
+      Devise.mappings.each_value do |mapping|
+        route = path.split("/")[mapping.as_position]
+        return mapping if route && mapping.as == route.to_sym
+      end
+      nil
+    end
+
+    # Find a mapping by a given class. It takes into account single table inheritance as well.
+    def self.find_by_class(klass)
+      Devise.mappings.each_value do |mapping|
+        return mapping if klass <= mapping.to
+      end
+      nil
+    end
+
+    # Receives an object and find a scope for it. If a scope cannot be found,
+    # raises an error. If a symbol is given, it's considered to be the scope.
+    def self.find_scope!(duck)
+      case duck
+      when String, Symbol
+        duck
+      else
+        klass = duck.is_a?(Class) ? duck : duck.class
+        mapping = Devise::Mapping.find_by_class(klass)
+        raise "Could not find a valid mapping for #{duck}" unless mapping
+        mapping.name
+      end
+    end
+
+    # Default url options which can be used as prefix.
+    def self.default_url_options
+      {}
+    end
+
+    def initialize(name, options) #:nodoc:
+      @as    = (options.delete(:as) || name).to_sym
+      @klass = (options.delete(:class_name) || name.to_s.classify).to_s
+      @name  = (options.delete(:scope) || name.to_s.singularize).to_sym
+
+      @path_prefix   = "/#{options.delete(:path_prefix)}/".squeeze("/")
+      @route_options = options || {}
+
+      @path_names = Hash.new { |h,k| h[k] = k.to_s }
+      @path_names.merge!(options.delete(:path_names) || {})
+    end
+
+    # Return modules for the mapping.
+    def for
+      @for ||= to.devise_modules
+    end
+
+    # Reload mapped class each time when cache_classes is false.
+    def to
+      return @to if @to
+      klass = @klass.constantize
+      @to = klass if Rails.configuration.cache_classes
+      klass
+    end
+
+    # Check if the respective controller has a module in the mapping class.
+    def allows?(controller)
+      (self.for & CONTROLLERS[controller.to_sym]).present?
+    end
+
+    # Return in which position in the path prefix devise should find the as mapping.
+    def as_position
+      self.path_prefix.count("/")
+    end
+
+    # Returns the raw path using path_prefix and as.
+    def raw_path
+      path_prefix + as.to_s
+    end
+
+    # Returns the parsed path taking into account the relative url root and raw path.
+    def parsed_path
+      returning (ActionController::Base.relative_url_root.to_s + raw_path) do |path|
+        self.class.default_url_options.each do |key, value|
+          path.gsub!(key.inspect, value.to_param)
+        end
+      end
+    end
+
+    # Create magic predicates for verifying what module is activated by this map.
+    # Example:
+    #
+    #   def confirmable?
+    #     self.for.include?(:confirmable)
+    #   end
+    #
+    def self.register(*modules)
+      modules.each do |m|
+        class_eval <<-METHOD, __FILE__, __LINE__ + 1
+          def #{m}?
+            self.for.include?(:#{m})
+          end
+        METHOD
+      end
+    end
+    Devise::Mapping.register *ALL
+  end
+end

data/lib/devise/models.rb

@@ -0,0 +1,112 @@
+module Devise
+  module Models
+    autoload :Activatable, 'devise/models/activatable'
+    autoload :Authenticatable, 'devise/models/authenticatable'
+    autoload :Confirmable, 'devise/models/confirmable'
+    autoload :Lockable, 'devise/models/lockable'
+    autoload :Recoverable, 'devise/models/recoverable'
+    autoload :Rememberable, 'devise/models/rememberable'
+    autoload :Registerable, 'devise/models/registerable'
+    autoload :Timeoutable, 'devise/models/timeoutable'
+    autoload :Trackable, 'devise/models/trackable'
+    autoload :Validatable, 'devise/models/validatable'
+
+    # Creates configuration values for Devise and for the given module.
+    #
+    #   Devise::Models.config(Devise::Authenticable, :stretches, 10)
+    #
+    # The line above creates:
+    #
+    #   1) An accessor called Devise.stretches, which value is used by default;
+    #
+    #   2) Some class methods for your model Model.stretches and Model.stretches=
+    #      which have higher priority than Devise.stretches;
+    #
+    #   3) And an instance method stretches.
+    #
+    # To add the class methods you need to have a module ClassMethods defined
+    # inside the given class.
+    #
+    def self.config(mod, *accessors) #:nodoc:
+      accessors.each do |accessor|
+        mod.class_eval <<-METHOD, __FILE__, __LINE__ + 1
+          def #{accessor}
+            if defined?(@#{accessor})
+              @#{accessor}
+            elsif superclass.respond_to?(:#{accessor})
+              superclass.#{accessor}
+            else
+              Devise.#{accessor}
+            end
+          end
+
+          def #{accessor}=(value)
+            @#{accessor} = value
+          end
+        METHOD
+      end
+    end
+
+    # Include the chosen devise modules in your model:
+    #
+    #   devise :authenticatable, :confirmable, :recoverable
+    #
+    # You can also give any of the devise configuration values in form of a hash,
+    # with specific values for this model. Please check your Devise initializer
+    # for a complete description on those values.
+    #
+    def devise(*modules)
+      raise "You need to give at least one Devise module" if modules.empty?
+      options  = modules.extract_options!
+
+      @devise_modules = Devise::ALL & modules.map(&:to_sym).uniq
+
+      Devise.orm_class.included_modules_hook(self) do
+        devise_modules.each do |m|
+          include Devise::Models.const_get(m.to_s.classify)
+        end
+
+        options.each { |key, value| send(:"#{key}=", value) }
+      end
+    end
+
+    # Stores all modules included inside the model, so we are able to verify
+    # which routes are needed.
+    def devise_modules
+      @devise_modules ||= []
+    end
+
+    # Find an initialize a record setting an error if it can't be found.
+    def find_or_initialize_with_error_by(attribute, value, error=:invalid)
+      if value.present?
+        conditions = { attribute => value }
+        record = find(:first, :conditions => conditions)
+      end
+
+      unless record
+        record = new
+
+        if value.present?
+          record.send(:"#{attribute}=", value)
+        else
+          error, skip_default = :blank, true
+        end
+
+        add_error_on(record, attribute, error, !skip_default)
+      end
+
+      record
+    end
+
+    # Wraps add error logic in a method that works for different frameworks.
+    def add_error_on(record, attribute, error, add_default=true)
+      options = add_default ? { :default => error.to_s.gsub("_", " ") } : {}
+
+      begin
+        record.errors.add(attribute, error, options)
+      rescue ArgumentError
+        record.errors.add(attribute, error.to_s.gsub("_", " "))
+      end
+    end
+  end
+end