multi_auth 0.1.0 → 0.2.0

data/README

@@ -54,6 +54,15 @@ You can use default style sheet and icons.
 
   $ ruby script/generate multi_auth_public_assets
 
+Upgrade
+=======
+
+  $ ruby script/generate multi_auth_migration upgrade_multi_auth_tables
+
+Create migrations for multi_auth. Just add a table for NameCredential.
+
+  $ rake db:migrate
+
 
 Settings
 ========
@@ -67,6 +76,8 @@ Ex.
     s.from_address = 'yourname@example.com'
     s.user_model = 'YourUserModel'
     s.session_times_out_in = 1.hour
+    # if false do not display in credentials index
+    s.credentials = { :open_id => true, :email => true, :name => true }
   end
 
 You can use OpenID::CustomFetcher to use OpenID provider which uses SSL.

data/app/controllers/auth/name_controller.rb

@@ -0,0 +1,31 @@
+class Auth::NameController < ApplicationController
+  filter_parameter_logging :password
+  verify_method_post :only => [:login]
+
+  # GET /auth/name
+  def index
+    session[:user_id] = nil
+    @login_form = NameLoginForm.new
+  end
+
+  # POST /auth/name/login
+  def login
+    session[:user_id] = nil
+    @login_form = NameLoginForm.new(params[:login_form])
+
+    if @login_form.valid?
+      @name_credential = @login_form.authenticate
+    end
+
+    if @name_credential
+      @name_credential.login!
+      @login_user = @name_credential.user
+      session[:user_id] = @login_user.id
+      redirect_to(:controller => "/auth", :action => "logged_in")
+    else
+      @login_form.password = nil
+      set_error_now(p_("MultiAuth", "The name or the password is wrong."))
+      render(:action => "index")
+    end
+  end
+end

data/app/controllers/credentials/email_controller.rb

@@ -55,14 +55,14 @@ class Credentials::EmailController < ApplicationController
 
   # GET /credential/email/:email_credential_id/edit_password
   def edit_password
-    @edit_form = EmailPasswordEditForm.new
+    @edit_form = PasswordEditForm.new
   end
 
   # POST /credential/email/:email_credential_id/update_password
   def update_password
-    @edit_form = EmailPasswordEditForm.new(params[:edit_form])
+    @edit_form = PasswordEditForm.new(params[:edit_form])
 
-    @email_credential.attributes = @edit_form.to_email_credential_hash
+    @email_credential.attributes = @edit_form.to_credential_hash
 
     if @edit_form.valid? && @email_credential.save
       set_notice(p_("MultiAuth", "Password was changed."))

data/app/controllers/credentials/name_controller.rb

@@ -0,0 +1,93 @@
+# -*- coding: utf-8 -*-
+class Credentials::NameController < ApplicationController
+
+  verify_method_post :only => [:create, :update_password, :destroy, :activate]
+  before_filter :authentication
+  before_filter :authentication_required
+  before_filter :required_param_name_credential_id, :only => [:edit_password, :update_password, :delete, :destroy]
+  before_filter :specified_name_credential_belongs_to_login_user, :only => [:edit_password, :update_password, :delete, :destroy]
+
+  # GET /credentials/name/new
+  def new
+    @edit_form = NameCredentialEditForm.new
+  end
+
+  # POST /credentials/name/create
+  def create
+    @edit_form = NameCredentialEditForm.new(params[:edit_form])
+
+    @name_credential = @login_user.name_credentials.build
+    @name_credential.attributes = @edit_form.to_name_credential_hash
+
+    if @edit_form.valid? && @name_credential.save
+      # メール送信はしない
+      set_notice(p_("MultiAuth", "Name authentication credential was successfully added."))
+      redirect_to(credentials_path)
+    else
+      @edit_form.password              = nil
+      @edit_form.password_confirmation = nil
+      set_error_now(p_("MultiAuth", "Please confirm your input."))
+      render(:action => "new")
+    end
+  end
+
+  # GET /credential/name/:name_credential_id/edit_password
+  def edit_password
+    @edit_form = PasswordEditForm.new
+  end
+
+  # POST /credential/name/:name_credential_id/update_password
+  def update_password
+    @edit_form = PasswordEditForm.new(params[:edit_form])
+
+    @name_credential.attributes = @edit_form.to_credential_hash
+
+    if @edit_form.valid? && @name_credential.save
+      set_notice(p_("MultiAuth", "Password was changed."))
+      redirect_to(:controller => "/credentials")
+    else
+      @edit_form.password              = nil
+      @edit_form.password_confirmation = nil
+      set_error_now(p_("MultiAuth", "Please confirm your input."))
+      render(:action => "edit_password")
+    end
+  end
+
+  # GET /credential/name/:name_credential_id/delete
+  def delete
+    # nop
+  end
+
+  # POST /credential/email/:email_credential_id/destroy
+  def destroy
+    @name_credential.destroy
+
+    set_notice(p_("MultiAuth", "Name authentication credential was successfully deleted."))
+    redirect_to(:controller => "/credentials")
+  end
+
+  private
+
+  # FIXME: login_userに属することを同時に確認
+  def required_param_name_credential_id(name_credential_id = params[:name_credential_id])
+    @name_credential = NameCredential.find_by_id(name_credential_id)
+    if @name_credential
+      return true
+    else
+      set_error(p_("MultiAuth", "It is invalid name authentication credential."))
+      redirect_to(root_path)
+      return false
+    end
+  end
+
+  def specified_name_credential_belongs_to_login_user
+    if @name_credential.user_id == @login_user.id
+      return true
+    else
+      set_error(p_("MultiAuth", "It is invalid name authentication credential."))
+      redirect_to(root_path)
+      return false
+    end
+  end
+
+end

data/app/controllers/credentials_controller.rb

@@ -1,3 +1,4 @@
+# -*- coding: utf-8 -*-
 
 # 認証情報コントローラ
 class CredentialsController < ApplicationController
@@ -6,9 +7,10 @@ class CredentialsController < ApplicationController
 
   # GET /credentials
   def index
-    @open_id_credentials = @login_user.open_id_credentials.all(
-      :order => "open_id_credentials.identity_url ASC")
-    @email_credentials = @login_user.email_credentials.all(
-      :order => "email_credentials.email ASC")
+    @open_id_credentials =
+      @login_user.open_id_credentials.all(:order => "open_id_credentials.identity_url ASC")
+    @email_credentials =
+      @login_user.email_credentials.all(:order => "email_credentials.email ASC")
+    @name_credentials = @login_user.name_credentials.all(:order => "name_credentials.name ASC")
   end
 end

data/app/models/name_credential.rb

@@ -0,0 +1,63 @@
+# -*- coding: utf-8 -*-
+class NameCredential < ActiveRecord::Base
+
+  untranslate :created_at, :user_id, :hashed_password
+
+  NameMaximumLength = 200
+  HashedPasswordPattern = /\A([0-9a-f]{8}):([0-9a-f]{64})\z/
+  MaximumRecordsPerUser = 10
+
+  belongs_to :user, :class_name => MultiAuth.user_model, :foreign_key => 'user_id'
+
+  validates_presence_of :name
+  validates_presence_of :hashed_password
+  validates_length_of :name, :maximum => NameMaximumLength, :allow_nil => true
+  validates_format_of :hashed_password, :with => HashedPasswordPattern, :allow_nil => true
+  validates_uniqueness_of :name
+  validates_each(:user_id, :on => :create) { |record, attr, value|
+    if record.user && record.user.name_credentials(true).size >= MaximumRecordsPerUser
+      record.errors.add(attr, "これ以上%{fn}に#{_(record.class.to_s.downcase)}を追加できません。")
+    end
+  }
+
+  def self.create_hashed_password(password)
+    salt = 8.times.map { rand(16).to_s(16) }.join
+    return salt + ":" + Digest::SHA256.hexdigest(salt + ":" + password)
+  end
+
+  def self.compare_hashed_password(password, hashed_password)
+    return false unless HashedPasswordPattern =~ hashed_password
+    salt, digest = $1, $2
+    return (Digest::SHA256.hexdigest(salt + ":" + password) == digest)
+  end
+
+  def self.authenticate(name, password)
+    credential = self.find_by_name(name)
+    return nil unless credential
+    return nil unless credential.authenticated?(password)
+    return credential
+  end
+
+  def authenticated?(password)
+    return false unless self.class.compare_hashed_password(password, self.hashed_password)
+    return false unless self.activated?
+    return true
+  end
+
+  def activated?
+    true
+  end
+
+  def activate!
+    true
+  end
+
+  def login!
+    self.update_attributes!(:loggedin_at => Time.now)
+  end
+
+  def to_label
+    name
+  end
+
+end

data/app/models/name_credential_edit_form.rb

@@ -0,0 +1,40 @@
+# -*- coding: utf-8 -*-
+
+class NameCredentialEditForm < ActiveForm
+  PasswordLengthRange = 4..20
+  PasswordPattern     = /\A[\x21-\x7E]+\z/
+
+  column :name,                  :type => :text
+  column :password,              :type => :text
+  column :password_confirmation, :type => :text
+
+  N_("NameCredentialEditForm|Name")
+  N_("NameCredentialEditForm|Password")
+  N_("NameCredentialEditForm|Password confirmation")
+
+  validates_presence_of :name
+  validates_presence_of :password
+  validates_presence_of :password_confirmation
+  validates_length_of :name, :maximum => ::NameCredential::NameMaximumLength, :allow_nil => true
+  validates_length_of :password, :in => PasswordLengthRange, :allow_nil => true
+  validates_format_of :password, :with => PasswordPattern, :allow_nil => true
+  validates_each(:password) { |record, attr, value|
+    # MEMO: validates_confirmation_of は password_confirmation 属性を上書きしてしまうため、
+    #       ここでは使用できない。そのため、validates_confirmation_of を参考に独自に実装。
+    confirmation = record.__send__("#{attr}_confirmation")
+    if confirmation.blank? || value != confirmation
+      record.errors.add(attr, :confirmation)
+    end
+  }
+
+  def masked_password
+    return self.password.to_s.gsub(/./, "*")
+  end
+
+  def to_name_credential_hash
+    return {
+      :name            => self.name,
+      :hashed_password => NameCredential.create_hashed_password(self.password.to_s),
+    }
+  end
+end

data/app/models/name_login_form.rb

@@ -0,0 +1,14 @@
+class NameLoginForm < ActiveForm
+  column :name,     :type => :text
+  column :password, :type => :text
+
+  N_("NameLoginForm|Name")
+  N_("NameLoginForm|Password")
+
+  validates_presence_of :name
+  validates_presence_of :password
+
+  def authenticate
+    NameCredential.authenticate(self.name, self.password)
+  end
+end

data/app/models/{email_password_edit_form.rb → password_edit_form.rb}

@@ -1,14 +1,6 @@
-# == Schema Information
-# Schema version: 20090529051529
-#
-# Table name: active_forms
-#
-#  password              :text
-#  password_confirmation :text
-#
+# -*- coding: utf-8 -*-
 
-# メール認証情報パスワード編集フォーム
-class EmailPasswordEditForm < ActiveForm
+class PasswordEditForm < ActiveForm
   column :password,              :type => :text
   column :password_confirmation, :type => :text
 
@@ -17,8 +9,8 @@ class EmailPasswordEditForm < ActiveForm
 
   validates_presence_of :password
   validates_presence_of :password_confirmation
-  validates_length_of :password, :in => EmailCredentialEditForm::PasswordLengthRange, :allow_nil => true
-  validates_format_of :password, :with => EmailCredentialEditForm::PasswordPattern, :allow_nil => true
+  validates_length_of :password, :in => ::EmailCredentialEditForm::PasswordLengthRange, :allow_nil => true
+  validates_format_of :password, :with => ::EmailCredentialEditForm::PasswordPattern, :allow_nil => true
   validates_each(:password) { |record, attr, value|
     # MEMO: validates_confirmation_ofはpassword_confirmation属性を上書きしてしまうため、
     #       ここでは使用できない。そのため、validates_confirmation_ofを参考に独自に実装。
@@ -28,7 +20,7 @@ class EmailPasswordEditForm < ActiveForm
     end
   }
 
-  def to_email_credential_hash
+  def to_credential_hash
     return {
       :hashed_password => EmailCredential.create_hashed_password(self.password.to_s),
     }

data/app/views/auth/name/index.html.erb

@@ -0,0 +1,89 @@
+<%- @title = p_("MultiAuth", "Login") -%>
+<%- @enable_side_column = false -%>
+
+<%- additional_head { -%>
+  <style type="text/css">
+    #dialog
+    {
+        margin: 100px auto;
+        padding: 15px;
+        width: 400px;
+        border-width: 1px;
+        border-style: solid;
+        border-color: #CCCCCC;
+    }
+    #dialog h1
+    {
+        margin: 0 0 0.4em 0;
+        color: #666666;
+        font-size: 130%;
+        font-weight: bold;
+    }
+
+    table#name-login
+    {
+        margin: 0 auto;
+        border-collapse: collapse;
+        border-width: 0px;
+    }
+
+    table#name-login th,
+    table#name-login td
+    {
+        padding: 5px;
+        border-width: 0px;
+    }
+
+    table#name-login th
+    {
+        text-align: right;
+        font-size: 95%;
+        font-weight: bold;
+        vertical-align: top;
+        color: #666666;
+    }
+    table#name-login td
+    {
+        color: #333333;
+    }
+
+    div.fieldWithErrors label
+    {
+        color: #990000;
+    }
+    div.formError
+    {
+        font-size: 80%;
+        color: #990000;
+    }
+  </style>
+<%- } -%>
+
+<div id="dialog">
+  <h1><%=h p_("MultiAuth", "Login") %></h1>
+  <%- form_for(:login_form, @login_form, :url => {:action => "login"}) do |f| -%>
+    <table id="name-login">
+      <tr>
+        <th><%= f.label(:name) %></th>
+        <td>
+          <%= f.text_field(:name, :size => 30) %>
+          <%= error_message_on(:login_form, :name) %>
+        </td>
+      </tr>
+      <tr>
+        <th><%= f.label(:password) %></th>
+        <td>
+          <%= f.password_field(:password, :size => 30) %>
+          <%= error_message_on(:login_form, :password) %>
+        </td>
+      </tr>
+    </table>
+    <%= submit_tag(p_("MultiAuth", "Login")) %>
+  <%- end -%>
+</div>
+
+<%- unless production? -%>
+  <div class="debug">
+    <%= error_messages_for(:login_form) %>
+  </div>
+<%- end -%>

data/app/views/credentials/index.html.erb

@@ -1,6 +1,7 @@
 
 <%- @title = p_("MultiAuth", "Login setting") -%>
 
+<%- if MultiAuth.credentials[:open_id] -%>
 <h2><%=h p_("MultiAuth", "OpenID authentication") %></h2>
 
 <table class="list">
@@ -39,7 +40,9 @@
     <%- end -%>
   </tbody>
 </table>
+<%- end -%>
 
+<%- if MultiAuth.credentials[:email] -%>
 <h2><%=h p_("MultiAuth", "Email address authentication") %></h2>
 
 <table class="list">
@@ -84,3 +87,46 @@
     <%- end -%>
   </tbody>
 </table>
+<%- end -%>
+
+<%- if MultiAuth.credentials[:name] -%>
+<h2><%=h p_("MultiAuth", "Name authentication")  %></h2>
+
+<table class="list">
+  <thead>
+    <tr>
+      <th><%=h s_("NameCredential|Loggedin at")  %></th>
+      <th><%=h s_("NameCredential|Name") %></th>
+      <th colspan="2">&nbsp;</th>
+    </tr>
+  </thead>
+  <tfoot>
+    <tr>
+      <td colspan="4">
+        <%- can_add_name_credential = (@name_credentials.size < NameCredential::MaximumRecordsPerUser) -%>
+        <%= link_to_if(can_add_name_credential, add_icon + h(" " + p_("MultiAuth", "Add name authentication")), :controller => "credentials/name", :action => "new") %>
+      </td>
+    </tr>
+  </tfoot>
+  <tbody>
+    <%- if @name_credentials.empty? -%>
+      <tr>
+        <td colspan="4" style="padding: 1em;">
+          <%=h p_("MultiAuth", "There are no name authentication.") %>
+        </td>
+      </tr>
+    <%- else -%>
+      <%- @name_credentials.each_with_index do |name_credential, index| -%>
+        <tr class="<%= even_or_odd(index) %>">
+          <td><%=h yyyymmdd_hhmm(name_credential.loggedin_at) %></td>
+          <td>
+            <div style="font-family: monospace;"><%= name_credential.name %></div>
+          </td>
+          <td><%= link_to(icon16("icons/fam/key.png", p_("MultiAuth", "Update password")) + h(" " + p_("MultiAuth", "Update password")), :controller => "credentials/name", :action => "edit_password", :name_credential_id => name_credential.id) %></td>
+          <td><%= link_to(delete_icon + h(" " + p_("MultiAuth", "Delete")), :controller => "credentials/name", :action => "delete", :name_credential_id => name_credential.id) %></td>
+        </tr>
+      <%- end -%>
+    <% end -%>
+  </tbody>
+</table>
+<%- end -%>