myobie-rails-auth 0.0.0

data/README.markdown

@@ -0,0 +1,41 @@
+Note
+====
+
+This is not anywhere near done. It's still using swaths of code just copied straight over from merb, and even some of that doesn't do anything yet.
+
+About
+=====
+
+I am not satisfied with any of the current authentication strategies available for rails. I am sure Rails 3 will have something built in, but until then this is what I am going to use. I am spoiled from the way Merb does it, but even then I am not 100% happy with how it works.
+
+Currently, this is untested and very much a copy of how merb does it.
+
+All I really care about:
+
+* Authenticate the session
+* Authentication strategies
+* Let me use my own model how I want
+* Let me do my own controller how I want
+* Be easy to setup (as an initializer)
+* Don't do anything magical
+
+I hate how all the authentication libraries hide model, controller, view methods from you down in the gem file. I also hate the generators that are impossible to use to update from one version to the next. 
+
+In my mind, the best way to solve this is to not have a ton of necessary methods on anything.
+
+All you need
+============
+
+1. UserModel#authenticate
+2. Use `ensure_authenticated` in your controller to make sure they are logged in.
+3. rescue_from Rails::Authentication::Unauthenticated to catch when they are not logged in.
+4. Setup an initializer that sets the UserModel class, etc
+
+Simple.
+
+TODO
+====
+
+* Tests
+* Remove Mash
+* Decide if the status, body, etc should be set by the authentication gem or not (right now it's kinda both)

data/VERSION.yml

@@ -0,0 +1,4 @@
+--- 
+:minor: 0
+:patch: 0
+:major: 0

data/lib/rails-auth/authenticated_helper.rb

@@ -0,0 +1,23 @@
+module Rails
+  
+  class Authentication
+    class Unauthenticated < Exception; end
+  end
+  
+  module AuthenticatedHelper
+    
+    protected
+    def ensure_authenticated(*strategies)
+      session.authenticate!(request, params, *strategies) unless session.authenticated?
+      auth = session.authentication
+      if auth.halted?
+        response.headers.merge!(auth.headers)
+        response.status = auth.status
+        raise Rails::Authentication::Unauthenticated, auth.body
+      end
+      session.user
+    end
+    
+  end
+  
+end

data/lib/rails-auth/authentication.rb

@@ -0,0 +1,210 @@
+module Rails
+  class Authentication
+    module Strategies; end
+  
+    attr_accessor :session
+    attr_writer   :error_message
+    
+    class DuplicateStrategy < Exception; end
+    class MissingStrategy < Exception; end
+    class NotImplemented < Exception; end
+  
+    # This method returns the default user class to use throughout the
+    # merb-auth authentication framework.  Rails::Authentication.user_class can
+    # be used by other plugins, and by default by strategies.
+    #
+    # By Default it is set to User class.  If you need a different class
+    # The intention is that you overwrite this method
+    #
+    # @return <User Class Object>
+    #
+    # @api overwritable
+    cattr_accessor :user_class
+    
+    
+    ### copied from restful authentication
+    cattr_accessor :login_regex, :bad_login_message, :name_regex, :bad_name_message, :email_name_regex, :domain_head_regex, :domain_tld_regex, :email_regex, :bad_email_message
+    
+    self.login_regex       = /\A\w[\w\.\-_@]+\z/                     # ASCII, strict
+    # self.login_regex       = /\A[[:alnum:]][[:alnum:]\.\-_@]+\z/     # Unicode, strict
+    # self.login_regex       = /\A[^[:cntrl:]\\<>\/&]*\z/              # Unicode, permissive
+
+    self.bad_login_message = "use only letters, numbers, and .-_@ please.".freeze
+
+    self.name_regex        = /\A[^[:cntrl:]\\<>\/&]*\z/              # Unicode, permissive
+    self.bad_name_message  = "avoid non-printing characters and \\&gt;&lt;&amp;/ please.".freeze
+
+    self.email_name_regex  = '[\w\.%\+\-]+'.freeze
+    self.domain_head_regex = '(?:[A-Z0-9\-]+\.)+'.freeze
+    self.domain_tld_regex  = '(?:[A-Z]{2}|com|org|net|edu|gov|mil|biz|info|mobi|name|aero|jobs|museum)'.freeze
+    self.email_regex       = /\A#{email_name_regex}@#{domain_head_regex}#{domain_tld_regex}\z/i
+    self.bad_email_message = "should look like an email address.".freeze
+    
+    def self.load_helpers(file_name)
+      require 'rails-auth/helpers' / file_name.to_s
+    end
+    
+    def initialize(session)
+      @session = session
+    end
+  
+    # Returns true if there is an authenticated user attached to this session
+    #
+    # @return <TrueClass|FalseClass>
+    # 
+    def authenticated?
+      !!session[:user]
+    end
+
+    # This method will retrieve the user object stored in the session or nil if there
+    # is no user logged in.
+    # 
+    # @return <User class>|NilClass
+    def user
+      return nil if !session[:user]
+      @user ||= fetch_user(session[:user])
+    end
+
+    # This method will store the user provided into the session
+    # and set the user as the currently logged in user
+    # @return <User Class>|NilClass
+    def user=(user)
+      session[:user] = nil && return if user.nil?
+      session[:user] = store_user(user)
+      @user = session[:user] ? user : session[:user]  
+    end
+
+    # The workhorse of the framework.  The authentiate! method is where
+    # the work is done.  authenticate! will try each strategy in order
+    # either passed in, or in the default_strategy_order.  
+    #
+    # If a strategy returns some kind of user object, this will be stored
+    # in the session, otherwise a Rails::Controller::Unauthenticated exception is raised
+    #
+    # @params Rails::Request, [List,Of,Strategies, optional_options_hash]
+    #
+    # Pass in a list of strategy objects to have this list take precedence over the normal defaults
+    # 
+    # Use an options hash to provide an error message to be passed into the exception.
+    #
+    # @return user object of the verified user.  An exception is raised if no user is found
+    #
+    def authenticate!(request, params, *rest)
+      opts = rest.last.kind_of?(Hash) ? rest.pop : {}
+      rest = rest.flatten
+    
+      strategies = if rest.empty?
+        if request.session[:authentication_strategies] 
+          request.session[:authentication_strategies]
+        else
+          Rails::Authentication.default_strategy_order
+        end
+      else
+        request.session[:authentication_strategies] ||= []
+        request.session[:authentication_strategies] << rest
+        request.session[:authentication_strategies].flatten!.uniq!
+        request.session[:authentication_strategies]
+      end
+  
+      msg = opts[:message] || error_message
+      user = nil
+      # This one should find the first one that matches.  It should not run any other
+      strategies.detect do |s|
+        s = Rails::Authentication.lookup_strategy[s] # Get the strategy from string or class
+        unless s.abstract?
+          strategy = s.new(request, params)
+          user = strategy.run! 
+          if strategy.halted?
+            self.headers, self.status, self.body = [strategy.headers, strategy.status, strategy.body]
+            halt!
+            return
+          end
+          user
+        end
+      end
+    
+      # Finally, Raise an error if there is no user found, or set it in the session if there is.
+      raise Rails::Authentication::Unauthenticated, msg unless user
+      session[:authentication_strategies] = nil # clear the session of Failed Strategies if login is successful      
+      self.user = user
+    end
+
+    # "Logs Out" a user from the session.  Also clears out all session data
+    def abandon!
+      @user = nil
+      session.clear
+    end
+
+    # A simple error message mechanism to provide general information.  For more specific information
+    #
+    # This message is the default message passed to the Rails::Controller::Unauthenticated exception
+    # during authentication.  
+    #
+    # This is a very simple mechanism for error messages.  For more detailed control see Authenticaiton#errors
+    #
+    # @api overwritable
+    def error_message
+      @error_message || "Could not log in"
+    end
+
+    # Tells the framework how to store your user object into the session so that it can be re-created 
+    # on the next login.  
+    # You must overwrite this method for use in your projects.  Slices and plugins may set this.
+    #
+    # @api overwritable
+    def store_user(user)
+      raise NotImplemented
+    end
+
+    # Tells the framework how to reconstitute a user from the data stored by store_user.
+    #
+    # You must overwrite this method for user in your projects.  Slices and plugins may set this.
+    #
+    # @api overwritable
+    def fetch_user(session_contents = session[:user])
+      raise NotImplemented
+    end
+  
+    # Keeps track of strategies by class or string
+    # When loading from string, strategies are loaded withing the Rails::Authentication::Strategies namespace
+    # When loaded by class, the class is stored directly
+    # @private
+    def self.lookup_strategy
+      @strategy_lookup || reset_strategy_lookup!
+    end
+  
+    # Restets the strategy lookup.  Useful in specs
+    def self.reset_strategy_lookup!
+      @strategy_lookup = Mash.new do |h,k| 
+        case k
+        when Class
+          h[k] = k
+        when String, Symbol
+          h[k] = Rails::Authentication::Strategies.full_const_get(k.to_s) 
+        end
+      end
+    end
+  
+    # Maintains a list of keys to maintain when needing to keep some state 
+    # in the face of session.abandon! You need to maintain this state yourself
+    # @public
+    def self.maintain_session_keys
+      @maintain_session_keys ||= [:authentication_strategies, :return_to]
+    end
+    
+  private
+    def run_after_authentication_callbacks(user, request, params)
+      Rails::Authentication.after_callbacks.each do |cb|
+        user = case cb
+        when Proc
+          cb.call(user, request, params)
+        when Symbol, String
+          user.send(cb)
+        end
+        break unless user
+      end
+      user
+    end
+  end
+  
+end

data/lib/rails-auth/callbacks.rb

@@ -0,0 +1,13 @@
+module Rails
+  class Authentication
+    
+    cattr_accessor :after_callbacks
+    @@after_callbacks = []
+    
+    def self.after_authentication(*callbacks, &block)
+      self.after_callbacks = after_callbacks + callbacks.flatten unless callbacks.blank?
+      after_callbacks << block if block_given?
+    end
+    
+  end
+end

data/lib/rails-auth/errors.rb

@@ -0,0 +1,66 @@
+module Rails
+  class Authentication
+  
+    def errors
+      @errors ||= Errors.new
+    end
+
+    # Lifted from DataMapper's dm-validations plugin :)
+    # @author Guy van den Berg
+    # @since  DM 0.9
+    class Errors
+
+      include Enumerable
+
+      # Clear existing authentication errors.
+      def clear!
+        errors.clear
+      end
+
+      # Add a authentication error. Use the field_name :general if the errors does
+      # not apply to a specific field of the Resource.
+      #
+      # @param <Symbol> field_name the name of the field that caused the error
+      # @param <String> message    the message to add
+      def add(field_name, message)
+        (errors[field_name] ||= []) << message
+      end
+
+      # Collect all errors into a single list.
+      def full_messages
+        errors.inject([]) do |list,pair|
+          list += pair.last
+        end
+      end
+
+      # Return authentication errors for a particular field_name.
+      #
+      # @param <Symbol> field_name the name of the field you want an error for
+      def on(field_name)
+        errors_for_field = errors[field_name]
+        errors_for_field.blank? ? nil : errors_for_field
+      end
+
+      def each
+        errors.map.each do |k,v|
+          next if v.blank?
+          yield(v)
+        end
+      end
+
+      def empty?
+        entries.empty?
+      end
+
+      def method_missing(meth, *args, &block)
+        errors.send(meth, *args, &block)
+      end
+
+      private
+      def errors
+        @errors ||= {}
+      end
+
+    end # class Errors
+  end # Authentication
+end #  Rails

data/lib/rails-auth/helpers/all.rb

@@ -0,0 +1,3 @@
+%w(current_user logged_in redirect_back require_login_or).each do |file|
+  require 'rails-auth/helpers' / file
+end

data/lib/rails-auth/helpers/current_user.rb

@@ -0,0 +1,20 @@
+module Rails
+  
+  module AuthenticatedControllerExtensions
+    
+    def included(base)
+      base.send :helper_method, :current_user
+      base.send :helper_method, :current_user?
+    end
+    
+    def current_user
+      session.user
+    end
+    
+    def current_user?
+      !!current_user
+    end
+    
+  end
+  
+end

data/lib/rails-auth/helpers/logged_in.rb

@@ -0,0 +1,15 @@
+module Rails
+  
+  module AuthenticatedControllerExtensions
+    
+    def included(base)
+      base.send :helper_method, :logged_in?
+    end
+    
+    def logged_in?
+      session.authenticated?
+    end
+    
+  end
+  
+end

data/lib/rails-auth/helpers/redirect_back.rb

@@ -0,0 +1,18 @@
+module Rails
+  module AuthenticatedControllerExtensions
+    
+    def redirect_back_or(default_url, opts = {})
+      if !session[:return_to].blank?
+        redirect_to session[:return_to], opts
+        session[:return_to] = nil
+      else
+        redirect_to default_url, opts
+      end
+    end
+    
+    def set_return_to
+      session[:return_to] = request.path
+    end
+    
+  end
+end

data/lib/rails-auth/helpers/require_login_or.rb

@@ -0,0 +1,12 @@
+module Rails
+  
+  module AuthenticatedControllerExtensions
+    
+    def require_login_or(flash_type = nil, flash_message = nil)
+      flash[flash_type] = flash_message unless flash_message.blank? || flash_type.blank? || session.authenticated?
+      ensure_authenticated
+    end
+    
+  end
+  
+end

data/lib/rails-auth/mash.rb

@@ -0,0 +1,148 @@
+# This class has dubious semantics and we only have it so that people can write
+# params[:key] instead of params['key'].
+class Mash < Hash
+
+  # @param constructor<Object>
+  #   The default value for the mash. Defaults to an empty hash.
+  #
+  # @details [Alternatives]
+  #   If constructor is a Hash, a new mash will be created based on the keys of
+  #   the hash and no default value will be set.
+  def initialize(constructor = {})
+    if constructor.is_a?(Hash)
+      super()
+      update(constructor)
+    else
+      super(constructor)
+    end
+  end
+
+  # @param key<Object> The default value for the mash. Defaults to nil.
+  #
+  # @details [Alternatives]
+  #   If key is a Symbol and it is a key in the mash, then the default value will
+  #   be set to the value matching the key.
+  def default(key = nil)
+    if key.is_a?(Symbol) && include?(key = key.to_s)
+      self[key]
+    else
+      super
+    end
+  end
+
+  alias_method :regular_writer, :[]= unless method_defined?(:regular_writer)
+  alias_method :regular_update, :update unless method_defined?(:regular_update)
+
+  # @param key<Object> The key to set.
+  # @param value<Object>
+  #   The value to set the key to.
+  #
+  # @see Mash#convert_key
+  # @see Mash#convert_value
+  def []=(key, value)
+    regular_writer(convert_key(key), convert_value(value))
+  end
+
+  # @param other_hash<Hash>
+  #   A hash to update values in the mash with. The keys and the values will be
+  #   converted to Mash format.
+  #
+  # @return <Mash> The updated mash.
+  def update(other_hash)
+    other_hash.each_pair { |key, value| regular_writer(convert_key(key), convert_value(value)) }
+    self
+  end
+
+  alias_method :merge!, :update
+
+  # @param key<Object> The key to check for. This will be run through convert_key.
+  #
+  # @return <TrueClass, FalseClass> True if the key exists in the mash.
+  def key?(key)
+    super(convert_key(key))
+  end
+
+  # def include? def has_key? def member?
+  alias_method :include?, :key?
+  alias_method :has_key?, :key?
+  alias_method :member?, :key?
+
+  # @param key<Object> The key to fetch. This will be run through convert_key.
+  # @param *extras<Array> Default value.
+  #
+  # @return <Object> The value at key or the default value.
+  def fetch(key, *extras)
+    super(convert_key(key), *extras)
+  end
+
+  # @param *indices<Array>
+  #   The keys to retrieve values for. These will be run through +convert_key+.
+  #
+  # @return <Array> The values at each of the provided keys
+  def values_at(*indices)
+    indices.collect {|key| self[convert_key(key)]}
+  end
+
+  # @param hash<Hash> The hash to merge with the mash.
+  #
+  # @return <Mash> A new mash with the hash values merged in.
+  def merge(hash)
+    self.dup.update(hash)
+  end
+
+  # @param key<Object>
+  #   The key to delete from the mash.\
+  def delete(key)
+    super(convert_key(key))
+  end
+
+  # @param *rejected<Array[(String, Symbol)] The mash keys to exclude.
+  #
+  # @return <Mash> A new mash without the selected keys.
+  #
+  # @example
+  #   { :one => 1, :two => 2, :three => 3 }.except(:one)
+  #     #=> { "two" => 2, "three" => 3 }
+  def except(*keys)
+    super(*keys.map {|k| convert_key(k)})
+  end
+
+  # Used to provide the same interface as Hash.
+  #
+  # @return <Mash> This mash unchanged.
+  def stringify_keys!; self end
+
+  # @return <Hash> The mash as a Hash with string keys.
+  def to_hash
+    Hash.new(default).merge(self)
+  end
+
+  protected
+  # @param key<Object> The key to convert.
+  #
+  # @param <Object>
+  #   The converted key. If the key was a symbol, it will be converted to a
+  #   string.
+  #
+  # @api private
+  def convert_key(key)
+    key.kind_of?(Symbol) ? key.to_s : key
+  end
+
+  # @param value<Object> The value to convert.
+  #
+  # @return <Object>
+  #   The converted value. A Hash or an Array of hashes, will be converted to
+  #   their Mash equivalents.
+  #
+  # @api private
+  def convert_value(value)
+    if value.class == Hash
+      value.to_mash
+    elsif value.is_a?(Array)
+      value.collect { |e| convert_value(e) }
+    else
+      value
+    end
+  end
+end

data/lib/rails-auth/responses.rb

@@ -0,0 +1,36 @@
+module Rails
+  # These are not intended to be used directly
+  class Authentication
+    attr_accessor :body
+    
+    def redirected?
+      !!headers["Location"]
+    end
+    
+    def headers
+      @headers ||= {}
+    end
+  
+    def status
+      @status ||= 200
+    end
+    
+    def status=(sts)
+      @status = sts
+    end
+  
+    def halted?
+      !!@halt
+    end
+    
+    def headers=(headers)
+      raise ArgumentError, "Need to supply a hash to headers.  Got #{headers.class}" unless headers.kind_of?(Hash)
+      @headers = headers
+    end
+    
+    def halt!
+      @halt = true
+    end
+  
+  end # Rails::Authentication
+end # Rails

data/lib/rails-auth/session_mixin.rb

@@ -0,0 +1,43 @@
+class ActionController::Session::AbstractStore::SessionHash
+  
+  # Access to the authentication object directly.  Particularly useful
+  # for accessing the errors.
+  # 
+  # === Example
+  #
+  #    <%= error_messages_for session.authentication %>
+  # 
+  def authentication
+    @authentication ||= Rails::Authentication.new(self)
+  end
+
+  # Check to see if the current session is authenticated
+  # @return true if authenticated.  false otherwise
+  def authenticated?
+    authentication.authenticated?
+  end
+
+  # Authenticates the session via the authentication object. 
+  #
+  # See Rails::Authentication#authenticate for usage
+  def authenticate!(request, params, *rest)
+    authentication.authenticate!(request, params, *rest)
+  end
+
+  # Provides access to the currently authenticated user.
+  def user
+    authentication.user
+  end
+
+  # set the currently authenticated user manually
+  # Rails::Authentication#store_user should know how to store the object into the session
+  def user=(the_user)
+    authentication.user = the_user
+  end
+
+  # Remove the user from the session and clear all data.
+  def abandon!
+    authentication.abandon!
+  end
+  
+end

data/lib/rails-auth/strategies/abstract_password.rb

@@ -0,0 +1,31 @@
+class Rails::Authentication
+  module Strategies
+    # To use the password strategies, it is expected that you will provide
+    # an @authenticate@ method on your user class.  This should take two parameters
+    # login, and password.  It should return nil or the user object.
+    module Basic
+      
+      class Base < Rails::Authentication::Strategy
+        abstract!
+        
+        # Overwrite this method to customize the field
+        def self.password_param
+          :password
+        end
+        
+        # Overwrite this method to customize the field
+        def self.login_param
+          :email
+        end
+        
+        def password_param
+          @password_param ||= Base.password_param
+        end
+        
+        def login_param
+          @login_param ||= Base.login_param
+        end
+      end # Base
+    end # Password
+  end # Strategies
+end # Rails::Authentication

data/lib/rails-auth/strategies/password_form.rb

@@ -0,0 +1,36 @@
+require 'rails-auth/strategies/abstract_password'
+# This strategy uses a login  and password parameter.
+#
+# Overwrite the :password_param, and :login_param
+# to return the name of the field (on the form) that you're using the 
+# login with.  These can be strings or symbols
+#
+# == Required
+#
+# === Methods
+# <User>.authenticate(login_param, password_param)
+#
+class Rails::Authentication
+  module Strategies
+    module Basic
+      class Form < Base
+        
+        def run!
+          if request.params[login_param] && request.params[password_param]
+            user = user_class.authenticate(request.params[login_param], request.params[password_param])
+            if !user
+              request.session.authentication.errors.clear!
+              request.session.authentication.errors.add(login_param, strategy_error_message)
+            end
+            user
+          end
+        end # run!
+        
+        def strategy_error_message
+          "#{login_param.to_s.capitalize} or #{password_param.to_s.capitalize} were incorrect"
+        end
+        
+      end # Form
+    end # Password
+  end # Strategies
+end # Authentication

data/lib/rails-auth/strategy.rb

@@ -0,0 +1,206 @@
+module Rails
+  class Authentication
+    cattr_reader   :strategies, :default_strategy_order, :registered_strategies
+    @@strategies, @@default_strategy_order, @@registered_strategies = [], [], {}
+  
+    # Use this to set the default order of strategies 
+    # if you need to in your application.  You don't need to use all avaiable strategies
+    # in this array, but you may not include a strategy that has not yet been defined.
+    # 
+    # @params [Rails::Authentiation::Strategy,Rails::Authentication::Strategy]
+    # 
+    # @public
+    def self.default_strategy_order=(*order)
+      order = order.flatten
+      bad = order.select{|s| !s.ancestors.include?(Strategy)}
+      raise ArgumentError, "#{bad.join(",")} do not inherit from Rails::Authentication::Strategy" unless bad.empty?
+      @@default_strategy_order = order
+    end
+  
+    # Allows for the registration of strategies.
+    # @params <Symbol, String>
+    #   +label+ The label is the label to identify this strategy
+    #   +path+  The path to the file containing the strategy.  This must be an absolute path!
+    # 
+    # Registering a strategy does not add it to the list of strategies to use
+    # it simply makes it available through the Rails::Authentication.activate method
+    # 
+    # This is for plugin writers to make a strategy availalbe but this should not
+    # stop you from declaring your own strategies
+    # 
+    # @plugin
+    def self.register(label, path)
+      self.registered_strategies[label] = path
+    end
+
+    # Activates a registered strategy by it's label.
+    # Intended for use with plugin authors.  There is little
+    # need to register your own strategies.  Just declare them
+    # and they will be active.
+    def self.activate!(label)
+      path = self.registered_strategies[label]
+      raise "The #{label} Strategy is not registered" unless path
+      require path
+    end
+  
+    # The Rails::Authentication::Strategy is where all the action happens in the merb-auth framework.
+    # Inherit from this class to setup your own strategy.  The strategy will automatically
+    # be placed in the default_strategy_order array, and will be included in the strategy runs.
+    #
+    # The strategy you implment should have a YourStrategy#run! method defined that returns
+    #   1. A user object if authenticated
+    #   2. nil if no authenticated user was found.
+    #
+    # === Example
+    #
+    #    class MyStrategy < Rails::Authentication::Strategy
+    #      def run!
+    #        u = User.get(params[:login])
+    #        u if u.authentic?(params[:password])
+    #      end
+    #    end
+    #
+    #
+    class Strategy
+      attr_accessor :request
+      attr_writer   :body
+    
+      class << self
+        def inherited(klass)
+          Rails::Authentication.strategies << klass
+          Rails::Authentication.default_strategy_order << klass
+        end
+    
+        # Use this to declare the strategy should run before another strategy
+        def before(strategy)
+          order =  Rails::Authentication.default_strategy_order
+          order.delete(self)
+          index = order.index(strategy)
+          order.insert(index,self)
+        end
+    
+        # Use this to declare the strategy should run after another strategy
+        def after(strategy)
+          order = Rails::Authentication.default_strategy_order
+          order.delete(self)
+          index = order.index(strategy)
+          index == order.size ? order << self : order.insert(index + 1, self)
+        end
+      
+        # Mark a strategy as abstract.  This means that a strategy will not
+        # ever be run as part of the authentication.  Instead this 
+        # will be available to inherit from as a way to share code.
+        # 
+        # You could for example setup a strategy to check for a particular kind of login
+        # and then have a subclass for each class type of user in your system.
+        # i.e. Customer / Staff, Student / Staff etc
+        def abstract!
+          @abstract = true
+        end
+    
+        # Asks is this strategy abstract. i.e. can it be run as part of the authentication
+        def abstract?
+          !!@abstract
+        end
+    
+      end # End class << self
+    
+      def initialize(request, params)
+        @request = request
+        @params  = params
+      end
+    
+      # An alias to the request.params hash
+      # Only rely on this hash to find any router params you are looking for.
+      # If looking for paramteres use request.params
+      def params
+        @params
+      end
+    
+      # An alials to the request.cookies hash
+      def cookies
+        request.cookies
+      end
+    
+      # An alias to the request.session hash
+      def session
+        request.session
+      end
+    
+      # Redirects causes the strategy to signal a redirect
+      # to the provided url.
+      # 
+      # ====Parameters
+      # url<String>:: The url to redirect to
+      # options<Hash>:: An options hash with the following keys:
+      #   +:permanent+ Set this to true to make the redirect permanent
+      #   +:status+ Set this to an integer for the status to return
+      def redirect!(url, opts = {})
+        self.headers["Location"] = url
+        self.status = opts[:permanent] ? 301 : 302
+        self.status = opts[:status] if opts[:status]
+        self.body   = opts[:message] || "<div>You are being redirected to <a href='#{url}'>#{url}</a></div>"
+        halt!
+        return true
+      end
+    
+      # Returns ture if the strategy redirected
+      def redirected?
+        !!headers["Location"]
+      end
+      
+      # Provides a place to put the status of the response
+      attr_accessor :status
+    
+      # Provides a place to put headers
+      def headers
+        @headers ||={}
+      end
+      
+      # Mark this strategy as complete for this request.  Will cause that no other
+      # strategies will be executed.  
+      def halt!
+        @halt = true
+      end
+      
+      # Checks to see if this strategy has been halted
+      def halted?
+        !!@halt
+      end
+      
+      
+      # Allows you to provide a body of content to return when halting
+      def body
+        @body || ""
+      end
+    
+      # This is the method that is called as the test for authentication and is where
+      # you put your code.
+      # 
+      # You must overwrite this method in your strategy
+      #
+      # @api overwritable
+      def run!
+        raise NotImplemented
+      end
+    
+      # Overwrite this method to scope a strategy to a particular user type
+      # you can use this with inheritance for example to try the same strategy
+      # on different user types
+      #
+      # By default, Rails::Authentication.user_class is used.  This method allows for 
+      # particular strategies to deal with a different type of user class.
+      #
+      # For example.  If Rails::Authentication.user_class is Customer
+      # and you have a PasswordStrategy, you can subclass the PasswordStrategy
+      # and change this method to return Staff.  Giving you a PasswordStrategy strategy
+      # for first Customer(s) and then Staff.  
+      #
+      # @api overwritable
+      def user_class
+        Rails::Authentication.user_class.constantize
+      end
+      
+    end # Strategy
+  end # Rails::Authentication
+end # Rails

data/lib/rails-auth.rb

@@ -0,0 +1,21 @@
+class String
+  def /(other)
+    "#{self}/#{other}"
+  end
+end
+
+require 'rails-auth/mash'
+
+require 'rails-auth/authenticated_helper'
+require 'rails-auth/authentication'
+require 'rails-auth/callbacks'
+require 'rails-auth/errors'
+require 'rails-auth/responses'
+require 'rails-auth/session_mixin'
+require 'rails-auth/strategy'
+
+basic_path = "rails-auth/strategies"
+
+# Rails::Authentication.register(:default_basic_auth,    basic_path / "basic_auth.rb")
+# Rails::Authentication.register(:default_openid,        basic_path / "openid.rb")
+Rails::Authentication.register(:default_password_form, basic_path / "password_form.rb")

data/test/rails-auth_test.rb

@@ -0,0 +1,7 @@
+require File.dirname(__FILE__) + '/test_helper'
+
+class RailsAuthTest < Test::Unit::TestCase
+  should "probably rename this file and start testing for real" do
+    flunk "hey buddy, you should probably rename this file and start testing for real"
+  end
+end

data/test/test_helper.rb

@@ -0,0 +1,9 @@
+require 'rubygems'
+require 'bacon'
+require 'mocha'
+
+$LOAD_PATH.unshift(File.dirname(__FILE__))
+require 'rails-auth'
+
+class Test::Unit::TestCase
+end

metadata

@@ -0,0 +1,76 @@
+--- !ruby/object:Gem::Specification 
+name: myobie-rails-auth
+version: !ruby/object:Gem::Version 
+  version: 0.0.0
+platform: ruby
+authors: 
+- Nathan Herald
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2009-02-10 00:00:00 -08:00
+default_executable: 
+dependencies: []
+
+description: Authentication like merb, but for rails
+email: myobie@mac.com
+executables: []
+
+extensions: []
+
+extra_rdoc_files: []
+
+files: 
+- README.markdown
+- VERSION.yml
+- lib/rails-auth
+- lib/rails-auth/authenticated_helper.rb
+- lib/rails-auth/authentication.rb
+- lib/rails-auth/callbacks.rb
+- lib/rails-auth/errors.rb
+- lib/rails-auth/helpers
+- lib/rails-auth/helpers/all.rb
+- lib/rails-auth/helpers/current_user.rb
+- lib/rails-auth/helpers/logged_in.rb
+- lib/rails-auth/helpers/redirect_back.rb
+- lib/rails-auth/helpers/require_login_or.rb
+- lib/rails-auth/mash.rb
+- lib/rails-auth/responses.rb
+- lib/rails-auth/session_mixin.rb
+- lib/rails-auth/strategies
+- lib/rails-auth/strategies/abstract_password.rb
+- lib/rails-auth/strategies/password_form.rb
+- lib/rails-auth/strategy.rb
+- lib/rails-auth.rb
+- test/rails-auth_test.rb
+- test/test_helper.rb
+has_rdoc: true
+homepage: http://github.com/myobie/rails-auth
+post_install_message: 
+rdoc_options: 
+- --inline-source
+- --charset=UTF-8
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+  version: 
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+  version: 
+requirements: []
+
+rubyforge_project: 
+rubygems_version: 1.2.0
+signing_key: 
+specification_version: 2
+summary: Authentication like merb, but for rails
+test_files: []
+