obscured-doorman 0.4.0

data/lib/obscured-doorman.rb

@@ -0,0 +1,69 @@
+# frozen_string_literal: true
+
+require 'bcrypt'
+require 'geocoder'
+require 'haml'
+require 'mail'
+require 'mongoid'
+require 'sinatra'
+require 'sinatra/contrib'
+require 'sinatra/flash'
+require 'sinatra/partial'
+require 'rack'
+require 'rack/contrib'
+require 'rack/contrib/cookies'
+require 'rest-client'
+require 'warden'
+
+require 'obscured-doorman/loggable'
+require 'obscured-doorman/configuration'
+require 'obscured-doorman/errors'
+require 'obscured-doorman/providers/bitbucket'
+require 'obscured-doorman/providers/github'
+require 'obscured-doorman/strategies/password'
+require 'obscured-doorman/strategies/forgot_password'
+require 'obscured-doorman/strategies/remember_me'
+require 'obscured-doorman/utilities/roles'
+require 'obscured-doorman/utilities/types'
+require 'obscured-doorman/helpers'
+require 'obscured-doorman/mailer'
+require 'obscured-doorman/messages'
+require 'obscured-doorman/version'
+require 'obscured-doorman/base'
+
+module Obscured
+  module Doorman
+    extend Loggable
+
+    class << self
+      # Configuration Object (instance of Obscured::Doorman::Configuration)
+      attr_writer :configuration
+
+      ##
+      # Configuration options should be set by passing a hash:
+      #
+      #   Obscured::Doorman.setup do |cfg|
+      #     cfg.confirmation   = false,
+      #     cfg.registration   = true,
+      #     cfg.smtp_domain    = 'domain.tld',
+      #     cfg.smtp_username  = 'username',
+      #     cfg.smtp_password  = 'password',
+      #   end
+      #
+      def setup
+        yield(configuration)
+
+        require 'obscured-doorman/models/user'
+        require 'obscured-doorman/models/token'
+      end
+
+      def configuration
+        @configuration ||= Configuration.new
+      end
+
+      def default_configuration
+        configuration.defaults
+      end
+    end
+  end
+end

data/lib/obscured-doorman/base.rb

@@ -0,0 +1,203 @@
+# frozen_string_literal: true
+
+module Obscured
+  module Doorman
+    class Warden::SessionSerializer
+      def serialize(user)
+        user.id
+      end
+
+      def deserialize(id)
+        User.find(id)
+      end
+    end
+
+    module Base
+      module Helpers
+        # Generates a flash message by trying to fetch a default message,
+        # if that fails just pass the message
+        def notify(type, message)
+          message = Doorman::MESSAGES[message] if message.is_a?(Symbol)
+          flash[type] = message
+        end
+
+        # Generates a url for confirm account or reset password
+        def token_link(action, token)
+          "http://#{env['HTTP_HOST']}/doorman/#{action}/#{token}"
+        end
+      end
+
+      def self.registered(app)
+        app.helpers Doorman::Base::Helpers
+        app.helpers Doorman::Helpers
+
+        # Enable Sessions
+        app.set :sessions, true unless defined?(Rack::Session::Cookie)
+
+        app.use Warden::Manager do |config|
+          config.scope_defaults :default, action: '/doorman/unauthenticated'
+
+          config.failure_app = lambda { |_env|
+            notify :error, Doorman[:auth_required]
+            [302, { 'Location' => Doorman.configuration.paths[:login] }, ['']]
+          }
+        end
+
+        Warden::Manager.before_failure do |env, _opts|
+          # Because authentication failure can happen on any request but
+          # we handle it only under "post '/doorman/unauthenticated'",
+          # we need o change request to POST
+          env['REQUEST_METHOD'] = 'POST'
+          # And we need to do the following to work with  Rack::MethodOverride
+          env.each do |key, _value|
+            env[key]['_method'] = 'post' if key == 'rack.request.form_hash'
+          end
+        end
+        Warden::Strategies.add(:password, Doorman::Strategies::Password)
+
+        app.post '/doorman/unauthenticated' do
+          status 401
+          session[:return_to] = env['warden.options'][:attempted_path] if session[:return_to].nil?
+          redirect(Doorman.configuration.paths[:login])
+        end
+
+        app.get '/doorman/register/?' do
+          redirect(Doorman.configuration.paths[:success]) if authenticated?
+
+          unless Doorman.configuration.registration
+            notify :error, :signup_disabled
+            redirect(Doorman.configuration.paths[:login])
+          end
+
+          haml :register
+        end
+
+        app.post '/doorman/register' do
+          redirect(Doorman.configuration.paths[:success]) if authenticated?
+
+          unless Doorman.configuration[:registration]
+            notify :error, :signup_disabled
+            redirect(Doorman.configuration.paths[:login])
+          end
+
+          begin
+            if User.registered?(params[:user][:username])
+              notify :error, :register_account_exists
+              redirect(Doorman.configuration.paths[:login])
+            end
+
+            user = User.make(
+              username: params[:user][:username],
+              password: params[:user][:password],
+              confirmed: !Doorman.configuration[:confirmation]
+            )
+            user.name = {
+              first_name: params[:user][:first_name],
+              last_name: params[:user][:last_name]
+            }
+            user.save
+
+            if Doorman.configuration[:confirmation]
+              token = user.confirm if Doorman.configuration[:confirmation]
+
+              if File.exist?('views/doorman/templates/account_activation.haml')
+                template = haml :'/templates/account_activation', layout: false, locals: {
+                  user: user.username,
+                  link: token_link('confirm', token.token)
+                }
+                Doorman::Mailer.new(
+                  to: user.username,
+                  subject: 'Account activation request',
+                  text: "You have to activate your account (#{user.username}) before using this service. " + token_link('confirm', token.token),
+                  html: template
+                ).deliver!
+              else
+                Doorman.logger.warn "Template not found (views/doorman/templates/account_activation.haml), account activation at #{token_link('confirm', token.token)}"
+              end
+            end
+
+            # Login when registration is completed
+            warden.authenticate(:password)
+
+            # Set cookie
+            cookies[:email] = params[:user][:username]
+
+            notify :success, :signup_success
+            redirect(Doorman.configuration.paths[:success])
+          rescue => e
+            notify :error, e.message
+            redirect(Doorman.configuration.paths[:login])
+          end
+        end
+
+        app.get '/doorman/confirm/:token/?' do
+          redirect(Doorman.configuration.paths[:success]) if authenticated?
+
+          if params[:token].nil? || params[:token].empty?
+            notify :error, :token_not_found
+            redirect(back)
+          end
+
+          token = Token.where(token: params[:token]).first
+          if token.nil? && !token&.type.eql?(:confirm)
+            notify :error, :token_not_found
+            redirect(back)
+          end
+          if token&.used?
+            notify :error, :token_used
+            redirect(back)
+          end
+
+          user = token&.user
+          if user.nil?
+            notify :error, :confirm_no_user
+            redirect(Doorman.config.paths[:login])
+          end
+
+          user&.confirm!
+          notify :success, :confirm_success
+          redirect(Doorman.configuration.paths[:login])
+        end
+
+        app.get '/doorman/login/?' do
+          redirect(Doorman.configuration.paths[:success]) if authenticated?
+
+          email = cookies[:email]
+          email = params[:email] if email.nil?
+
+          haml :login, locals: { email: email }
+        end
+
+        app.post '/doorman/login' do
+          warden.authenticate(:password)
+
+          # Set cookie
+          cookies[:email] = params[:user][:username]
+
+          # Notify if there are any messages from Warden.
+          notify :error, warden.message unless warden.message.blank?
+
+          redirect(Doorman.configuration.use_referrer && session[:return_to] ? session.delete(:return_to) : Doorman.configuration.paths[:success])
+        end
+
+        app.get '/doorman/logout/?' do
+          warden.logout(:default)
+
+          notify :success, :logout_success
+          redirect(Doorman.configuration.paths[:login])
+        end
+      end
+    end
+
+    class Middleware < Sinatra::Base
+      helpers Sinatra::Cookies
+      register Sinatra::Flash
+      register Sinatra::Partial
+      register Strategies::ForgotPassword
+      register Strategies::RememberMe
+      register Doorman::Base
+      register Doorman::Providers::Bitbucket
+      register Doorman::Providers::GitHub
+    end
+  end
+end

data/lib/obscured-doorman/configuration.rb

@@ -0,0 +1,123 @@
+# frozen_string_literal: true
+
+module Obscured
+  module Doorman
+    class Configuration
+      def self.config_option(name)
+        define_method(name) do
+          read_value(name)
+        end
+
+        define_method("#{name}=") do |value|
+          set_value(name, value)
+        end
+      end
+
+      #def self.proc_config_option(name)
+      #  define_method(name) do |&block|
+      #    set_value(name, block) unless block.nil?
+      #    read_value(name)
+      #  end
+      #
+      #  define_method("#{name}=") do |value|
+      #    set_value(name, value)
+      #  end
+      #end
+
+      # Set log level
+      config_option :log_level
+
+      # Enables/disables user confirmation
+      config_option :confirmation
+      # Enables/disables user registration
+      config_option :registration
+      # Enables/disables the usage of referrer redirection
+      config_option :use_referrer
+
+      # Remember me cookie name
+      config_option :remember_cookie
+      # Remember me for x-days
+      config_option :remember_for
+
+      # Database name
+      config_option :db_name
+      # Database client
+      config_option :db_client
+
+      # SMTP Domain
+      config_option :smtp_domain
+      # SMTP Server
+      config_option :smtp_server
+      # SMTP Server PSort
+      config_option :smtp_port
+      # SMTP Sender Username
+      config_option :smtp_username
+      # SMTP Sender Password
+      config_option :smtp_password
+
+      # Authentication Providers
+      config_option :providers
+
+      # Authentication Providers
+      config_option :paths
+
+      attr_reader :defaults
+
+      def initialize
+        @config_values = {}
+
+        # set default attribute values
+        @defaults = _defaults
+      end
+
+      def [](key)
+        read_value(key)
+      end
+
+      def []=(key, value)
+        set_value(key, value)
+      end
+
+      private
+
+      def read_value(name)
+        if @config_values.key?(name)
+          @config_values[name]
+        else
+          @defaults.send(name)
+        end
+      end
+
+      def set_value(name, value)
+        @config_values[name] = value
+      end
+
+      def _defaults
+        OpenStruct.new(
+          log_level: Logger::DEBUG,
+          confirmation: false,
+          registration: false,
+          use_referrer: true,
+          remember_cookie: 'sinatra.doorman.remember',
+          remember_for: 30,
+          db_name: 'doorman',
+          db_client: :doorman,
+          smtp_domain: 'doorman.local',
+          smtp_server: '127.0.0.1',
+          smtp_port: 587,
+          smtp_username: nil,
+          smtp_password: nil,
+          providers: [],
+          paths: {
+            success: '/home',
+            login: '/doorman/login',
+            logout: '/doorman/logout',
+            forgot: '/doorman/forgot',
+            reset: '/doorman/reset',
+            register: '/doorman/register'
+          }
+        )
+      end
+    end
+  end
+end

data/lib/obscured-doorman/errors.rb

@@ -0,0 +1,44 @@
+# frozen_string_literal: true
+
+module Obscured
+  module Doorman
+    class Error < StandardError
+      attr_reader :code
+      attr_reader :field
+      attr_reader :error
+
+      ERRORS = {
+        invalid_api_method: 'No method parameter was supplied',
+        unspecified_error: 'Unspecified error',
+        already_exists: '{what}',
+        does_not_exist: '{what}',
+        does_not_match: '{what}',
+        account: '{what}',
+        invalid_date: 'Cannot parse {what} from: {date}',
+        invalid_type: '{what}',
+        not_active: 'Not active',
+        required_field_missing: 'Required field {field} is missing'
+      }.freeze
+
+      def initialize(code, params = {})
+        field = params.delete(:field)
+        error = params.delete(:error)
+
+        super(parse(code, params))
+        @code = code || :unspecified_error
+        @field = field || :unspecified_field
+        @error = error
+      end
+
+      private
+
+      def parse(code, params = {})
+        message = ERRORS[code]
+        params.each_pair do |key, value|
+          message = message.sub("{#{key}}", value)
+        end
+        message
+      end
+    end
+  end
+end

data/lib/obscured-doorman/helpers.rb

@@ -0,0 +1,66 @@
+# frozen_string_literal: true
+
+module Obscured
+  module Doorman
+    module Helpers
+      # The main accessor to the warden middleware
+      def warden
+        request.env['warden']
+      end
+
+      # Check the current session is authenticated to a given scope
+      def authenticated?(scope = nil)
+        scope ? warden.authenticated?(scope: scope) : warden.authenticated?
+      end
+      alias logged_in? authenticated?
+
+      # Authenticate a user against defined strategies
+      def authenticate(*args)
+        warden.authenticate!(*args)
+      end
+      alias login authenticate
+
+      # Return session info
+      #
+      # @param [Symbol] scope the scope to retrieve session info for
+      def session_info(scope = nil)
+        scope ? warden.session(scope) : scope
+      end
+
+      # Terminate the current session
+      #
+      # @param [Symbol] scopes the session scope to terminate
+      def logout(scopes = nil)
+        scopes ? warden.logout(scopes) : warden.logout(warden.config.default_scope)
+      end
+
+      # Access the user from the current session
+      #
+      # @param [Symbol] scope for the logged in user
+      def user(scope = nil)
+        scope ? warden.user(scope) : warden.user
+      end
+      alias current_user user
+
+      # Require authorization for an action
+      #
+      # @param [String] failure_path path to redirect to if user is unauthenticated
+      def authorize!(failure_path = nil)
+        unless authenticated?
+          session[:return_to] = request.path if Doorman.configuration.use_referrer
+          redirect(failure_path || Doorman.configuration.paths[:login])
+        end
+      end
+
+      # Require authorization for example ajax calls, returns 403 is not authenticated
+      #
+      # @param [Symbol] format
+      def authorized?(format = :json)
+        unless authenticated?
+          halt 403, { 'Content-Type' => 'application/json' }, { message: 'Unauthorized' }.to_json if format == :json
+          halt 403
+        end
+      end
+    end
+  end
+end