myobie-rails-auth 0.0.0 → 0.0.2

data/README.markdown

@@ -3,12 +3,17 @@ Note
 
 This is not anywhere near done. It's still using swaths of code just copied straight over from merb, and even some of that doesn't do anything yet.
 
+Install
+=======
+
+Add `config.gem 'myobie-rails-auth', :lib => 'rails-auth', :source => 'http://gems.github.com'` to your environment.rb file. Then `rake gems:install` or just install it yourself.
+
 About
 =====
 
 I am not satisfied with any of the current authentication strategies available for rails. I am sure Rails 3 will have something built in, but until then this is what I am going to use. I am spoiled from the way Merb does it, but even then I am not 100% happy with how it works.
 
-Currently, this is untested and very much a copy of how merb does it.
+Currently, this is untested and very much a copy of how merb does it. However, I am using it in production.
 
 All I really care about:
 
@@ -23,8 +28,8 @@ I hate how all the authentication libraries hide model, controller, view methods
 
 In my mind, the best way to solve this is to not have a ton of necessary methods on anything.
 
-All you need
-============
+All you should need
+===================
 
 1. UserModel#authenticate
 2. Use `ensure_authenticated` in your controller to make sure they are logged in.
@@ -33,6 +38,64 @@ All you need
 
 Simple.
 
+Usage
+=====
+
+After you have installed the gem, you will need to use it in the manner you see fit. I have created some examples (look in [examples/][examples] inside the gem) that come straight from how I use it right now. These are not generators.
+
+## [Initializer (authentication.rb)][init]
+
+I'll just go through the file in order. First I activate the strategies that I want (you can create/activate your own here too), then set my user model class. Then I tell `Rails::Authentication` how to store/fetch a user from the session (by id) and which session keys to keep during login/logout (like the return to url, don't want to loose that). Then I just require all available helpers and set two constants that I use in my user model to encrypt passwords. 
+
+I marked what is optional/required.
+
+## ApplicationController
+
+### [Simple Example][a-simple]
+
+The easiest way to get up and running is to include the `ensure_authenticated` helper in `ApplicationController` and then decide what you want to do when the `Rails::Authentication::Unauthenticated` error is raised.
+
+### [Complex Example][a-complex]
+
+There are some helpers you can include along with the `ensure_authenticated` helper by including `Rails::AuthenticatedControllerExtensions`. You will find helpers for remember me cookies, setting a return to url to redirect to after login, logged in? and other helpers resembling restful-authentication, and a helper for setting a custom flash message when the user is not logged in. See the [rails-auth/helpers][helpers] folder.
+
+## SessionsController
+
+You don't have to create a `SessionsController` at all, but I like the idea of creating/destroying a session when logging in/out. 
+
+### [Simple Example][s-simple]
+
+The `ensure_authenticated` helper will do the login if the correct params are present (if they are submitted from a form, basic http auth, etc). So really, all you need to do is use that method. 
+
+### [Complex Example][s-complex]
+
+This example uses `before_filters` to order method calls in the correct order each time. It keeps track of certain session data that we never want to use (like the return to url) and also handles a remember me checkbox. It really is essentially the same as the simple example, but with a ton of methods around the core action code.
+
+## User (model)
+
+### [Simple Example][m-simple]
+
+All you need in your model (for the password_form strategy) is `self.authenticate`. It can look however you want, but I have provided an example that you may not want to use, since the passwords are not encrypted. 
+
+### [Complex Example][m-complex]
+
+I'll try to hit the highlights, but essentially we aren't actually saving the password, but saving a `crypted_password` instead. This example needs some more love and I should include my `user_mailer` as well. _I will update this example soon._
+
+I put some validations to show that there are some regex's in the gem (although I am considering moving them out). Then you will see activate! which activates a user (I send activation emails out). The `authenticate` method is still pretty simple, except it delegates to an `authenticated?` instance method on the user to do it's work. 
+
+There is a lot of digest and other crap that encrypts the passwords. We save an encrypted version of the password in the db, then when the user types their password into the form field, we encrypt what they typed and compare it to the encrypted form in the db (they should be the same since it supposedly was the same word that was encrypted both times). 
+
+There is also some remember/forget stuff in there.
+
+[examples]: http://github.com/myobie/rails-auth/tree/6ba96559b3f83aef3f705bc63d0895b710f27095/examples
+[init]: http://github.com/myobie/rails-auth/blob/6ba96559b3f83aef3f705bc63d0895b710f27095/examples/initializers/authentication.rb
+[a-simple]: http://github.com/myobie/rails-auth/blob/6ba96559b3f83aef3f705bc63d0895b710f27095/examples/controllers/application_controller_simple.rb
+[a-complex]: http://github.com/myobie/rails-auth/blob/6ba96559b3f83aef3f705bc63d0895b710f27095/examples/controllers/application_controller_complex.rb
+[s-simple]: http://github.com/myobie/rails-auth/blob/6ba96559b3f83aef3f705bc63d0895b710f27095/examples/controllers/sessions_controller_simple.rb
+[s-complex]: http://github.com/myobie/rails-auth/blob/6ba96559b3f83aef3f705bc63d0895b710f27095/examples/controllers/sessions_controller_complex.rb
+[m-simple]: http://github.com/myobie/rails-auth/blob/6ba96559b3f83aef3f705bc63d0895b710f27095/examples/models/user_simple.rb
+[m-complex]: http://github.com/myobie/rails-auth/blob/6ba96559b3f83aef3f705bc63d0895b710f27095/examples/models/user_complex.rb
+
 TODO
 ====
 

data/VERSION.yml

@@ -1,4 +1,4 @@
 --- 
 :minor: 0
-:patch: 0
+:patch: 2
 :major: 0

data/lib/rails-auth/authentication.rb

@@ -40,34 +40,20 @@ module Rails
     self.email_regex       = /\A#{email_name_regex}@#{domain_head_regex}#{domain_tld_regex}\z/i
     self.bad_email_message = "should look like an email address.".freeze
     
-    def self.load_helpers(file_name)
-      require 'rails-auth/helpers' / file_name.to_s
-    end
     
     def initialize(session)
       @session = session
     end
-  
-    # Returns true if there is an authenticated user attached to this session
-    #
-    # @return <TrueClass|FalseClass>
-    # 
+    
     def authenticated?
       !!session[:user]
     end
-
-    # This method will retrieve the user object stored in the session or nil if there
-    # is no user logged in.
-    # 
-    # @return <User class>|NilClass
+    
     def user
       return nil if !session[:user]
       @user ||= fetch_user(session[:user])
     end
-
-    # This method will store the user provided into the session
-    # and set the user as the currently logged in user
-    # @return <User Class>|NilClass
+    
     def user=(user)
       session[:user] = nil && return if user.nil?
       session[:user] = store_user(user)
@@ -79,9 +65,7 @@ module Rails
     # either passed in, or in the default_strategy_order.  
     #
     # If a strategy returns some kind of user object, this will be stored
-    # in the session, otherwise a Rails::Controller::Unauthenticated exception is raised
-    #
-    # @params Rails::Request, [List,Of,Strategies, optional_options_hash]
+    # in the session, otherwise an Unauthenticated exception is raised
     #
     # Pass in a list of strategy objects to have this list take precedence over the normal defaults
     # 
@@ -189,7 +173,7 @@ module Rails
     # in the face of session.abandon! You need to maintain this state yourself
     # @public
     def self.maintain_session_keys
-      @maintain_session_keys ||= [:authentication_strategies, :return_to]
+      @maintain_session_keys ||= [:authentication_strategies]
     end
     
   private

data/lib/rails-auth/helpers/all.rb

@@ -1,3 +1,3 @@
-%w(current_user logged_in redirect_back require_login_or).each do |file|
+%w(current_user logged_in redirect_back require_login_or cookie).each do |file|
   require 'rails-auth/helpers' / file
 end

data/lib/rails-auth/helpers/cookie.rb

@@ -0,0 +1,21 @@
+module Rails
+  
+  module AuthenticatedControllerExtensions
+
+    def attempt_cookie_authentication
+      
+      # TODO: have the cookie name settable somehow
+      if !session.authenticated? && cookies[:remember_me_token]
+        user = Rails::Authentication.user_class.constantize.
+          authenticate_with_remember_token(cookies[:remember_me_token])
+        
+        if user
+          session.abandon!
+          session.user = user
+        end
+      end
+      
+    end # attempt_cookie_authentication
+
+  end
+end

data/lib/rails-auth/strategies/abstract_password.rb

@@ -26,6 +26,6 @@ class Rails::Authentication
           @login_param ||= Base.login_param
         end
       end # Base
-    end # Password
+    end # Basic
   end # Strategies
 end # Rails::Authentication

data/lib/rails-auth/strategies/password_form.rb

@@ -31,6 +31,6 @@ class Rails::Authentication
         end
         
       end # Form
-    end # Password
+    end # Basic
   end # Strategies
 end # Authentication

data/lib/rails-auth.rb

@@ -16,6 +16,6 @@ require 'rails-auth/strategy'
 
 basic_path = "rails-auth/strategies"
 
-# Rails::Authentication.register(:default_basic_auth,    basic_path / "basic_auth.rb")
-# Rails::Authentication.register(:default_openid,        basic_path / "openid.rb")
-Rails::Authentication.register(:default_password_form, basic_path / "password_form.rb")
+# Rails::Authentication.register(:basic_auth,    basic_path / "basic_auth.rb")
+# Rails::Authentication.register(:openid,        basic_path / "openid.rb")
+Rails::Authentication.register(:password_form, basic_path / "password_form.rb")

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification 
 name: myobie-rails-auth
 version: !ruby/object:Gem::Version 
-  version: 0.0.0
+  version: 0.0.2
 platform: ruby
 authors: 
 - Nathan Herald
@@ -31,6 +31,7 @@ files:
 - lib/rails-auth/errors.rb
 - lib/rails-auth/helpers
 - lib/rails-auth/helpers/all.rb
+- lib/rails-auth/helpers/cookie.rb
 - lib/rails-auth/helpers/current_user.rb
 - lib/rails-auth/helpers/logged_in.rb
 - lib/rails-auth/helpers/redirect_back.rb