okkez-multi_auth 0.0.1

data/README

@@ -0,0 +1,36 @@
+MultiAuth
+=========
+
+This engine provides basic login functionality for your Rails applications.
+
+Install
+=======
+
+  $ sudo gem install okkez-multi_auth
+
+Setup
+=====
+
+  $ ruby script/generate open_id_authentication_tables create_open_id_authentication_tables
+
+Create migrations for open_id_authentication.
+
+  $ rake multi_auth:copy:all
+
+Copy migrations, stylesheets and images from multi_auth plugin.
+
+  $ rake db:migrate
+
+You must have a model 'User'. User model has any columns which you want to add.
+
+Customize
+=========
+
+If you want to custom views, you create RAILS_ROOT/app/view/{activation_mailer,auth,credentials,signup}/*.
+
+
+TODO
+====
+
+see TODO.ja
+

data/app/controllers/application_controller.rb

@@ -0,0 +1,11 @@
+# -*- coding: utf-8 -*-
+
+class ApplicationController < ActionController::Base
+  helper :all # include all helpers, all the time
+  protect_from_forgery # See ActionController::RequestForgeryProtection for details
+  before_filter { |c| c.instance_eval { @topic_path = [] }; true }
+
+  GetText.locale = "ja"
+  init_gettext "multi_auth"
+
+end

data/app/controllers/auth/email_controller.rb

@@ -0,0 +1,34 @@
+# -*- coding: utf-8 -*-
+
+# メール認証
+class Auth::EmailController < ApplicationController
+  filter_parameter_logging :password
+  verify_method_post :only => [:login]
+
+  # GET /auth/email
+  def index
+    session[:user_id] = nil
+    @login_form = EmailLoginForm.new
+  end
+
+  # POST /auth/email/login
+  def login
+    session[:user_id] = nil
+    @login_form = EmailLoginForm.new(params[:login_form])
+
+    if @login_form.valid?
+      @email_credential = @login_form.authenticate
+    end
+
+    if @email_credential
+      @email_credential.login!
+      @login_user = @email_credential.user
+      session[:user_id] = @login_user.id
+      redirect_to(:controller => "/auth", :action => "logged_in")
+    else
+      @login_form.password = nil
+      set_error_now("メールアドレス、またはパスワードが違います。")
+      render(:action => "index")
+    end
+  end
+end

data/app/controllers/auth/open_id_controller.rb

@@ -0,0 +1,43 @@
+# -*- coding: utf-8 -*-
+
+# OpenID認証
+# FIXME: 全体的に実装を整理
+class Auth::OpenIdController < ApplicationController
+  verify_method_post :only => [:login]
+
+  # GET /auth/open_id
+  def index
+    session[:user_id] = nil
+  end
+
+  # POST /auth/open_id/login
+  # GET  /auth/open_id/login
+  def login
+    openid_url = params[:openid_url]
+
+    authenticate_with_open_id(openid_url) { |result, identity_url, sreg|
+      if result.successful?
+        @open_id_credential = OpenIdCredential.find_by_identity_url(identity_url)
+        if @open_id_credential
+          @open_id_credential.login!
+          session[:user_id] = @open_id_credential.user.id
+          flash[:notice] = "ログインしました。"
+          redirect_to(root_path)
+        else
+          flash[:notice] = "OpenID がまだ登録されていません。"
+          redirect_to(:controller => "signup/open_id", :action => "index")
+        end
+      else
+        failed_login(result.message)
+      end
+    }
+  end
+
+  private
+
+  def failed_login(message)
+    flash[:error] = message
+    redirect_to(root_path)
+  end
+
+end

data/app/controllers/auth_controller.rb

@@ -0,0 +1,24 @@
+# -*- coding: utf-8 -*-
+
+# 認証
+class AuthController < ApplicationController
+  verify_method_post :only => [:logout]
+
+  # GET /auth/logged_in
+  def logged_in
+    @return_path = params[:return_path]
+    @return_path = root_path if @return_path.blank?
+  end
+
+  # POST /auth/logout
+  def logout
+    reset_session
+    redirect_to(:action => "logged_out")
+  end
+
+  # GET /auth/logged_out
+  def logged_out
+    @return_path = params[:return_path]
+    @return_path = root_path if @return_path.blank?
+  end
+end

data/app/controllers/credentials/email_controller.rb

@@ -0,0 +1,156 @@
+
+# メール認証情報コントローラ
+class Credentials::EmailController < ApplicationController
+  EditFormClass = EmailCredentialEditForm
+
+  verify_method_post :only => [:create, :update_password, :destroy, :activate]
+  before_filter :authentication
+  before_filter :authentication_required, :except => [:activation, :activate, :activated]
+  before_filter :required_param_email_credential_id, :only => [:created, :edit_password, :update_password, :delete, :destroy]
+  before_filter :specified_email_credential_belongs_to_login_user, :only => [:created, :edit_password, :update_password, :delete, :destroy]
+  before_filter :required_param_activation_token, :only => [:activation, :activate, :activated]
+  before_filter :only_inactive_email_credential, :only => [:activation, :activate]
+
+  # GET /credentials/email/new
+  def new
+    @edit_form = EditFormClass.new
+  end
+
+  # GET /credentials/email/create
+  def create
+    @edit_form = EditFormClass.new(params[:edit_form])
+
+    @email_credential = @login_user.email_credentials.build
+    @email_credential.attributes = @edit_form.to_email_credential_hash
+
+    if @edit_form.valid? && @email_credential.save
+      # TODO: テスト
+      @activation_url = url_for(
+        :only_path        => false,
+        :controller       => "credentials/email",
+        :action           => "activation",
+        :activation_token => @email_credential.activation_token)
+
+      # TODO: テスト
+      # MEMO: 即時性を優先し、非同期化しない
+      ActivationMailer.deliver_request_for_credential(
+        :recipients     => @email_credential.email,
+        :activation_url => @activation_url)
+
+      set_notice("メール認証情報を追加しました。")
+      redirect_to(:action => "created", :email_credential_id => @email_credential.id)
+    else
+      @edit_form.password              = nil
+      @edit_form.password_confirmation = nil
+      set_error_now("入力内容を確認してください。")
+      render(:action => "new")
+    end
+  end
+
+  # GET /credential/email/:email_credential_id/created
+  def created
+    # nop
+  end
+
+  # GET /credential/email/:email_credential_id/edit_password
+  def edit_password
+    @edit_form = EmailPasswordEditForm.new
+  end
+
+  # POST /credential/email/:email_credential_id/update_password
+  def update_password
+    @edit_form = EmailPasswordEditForm.new(params[:edit_form])
+
+    @email_credential.attributes = @edit_form.to_email_credential_hash
+
+    if @edit_form.valid? && @email_credential.save
+      set_notice("パスワードを変更しました。")
+      redirect_to(:controller => "/credentials")
+    else
+      @edit_form.password              = nil
+      @edit_form.password_confirmation = nil
+      set_error_now("入力内容を確認してください。")
+      render(:action => "edit_password")
+    end
+  end
+
+  # GET /credential/email/:email_credential_id/delete
+  def delete
+    # nop
+  end
+
+  # POST /credential/email/:email_credential_id/destroy
+  def destroy
+    @email_credential.destroy
+
+    set_notice("メール認証情報を削除しました。")
+    redirect_to(:controller => "/credentials")
+  end
+
+  # GET /credential/email/token/:activation_token/activation
+  def activation
+    # nop
+  end
+
+  # POST /credential/email/token/:activation_token/activate
+  def activate
+    @email_credential.activate!
+
+    # TODO: テスト
+    # MEMO: 即時性を優先し、非同期化しない
+    ActivationMailer.deliver_complete_for_credential(
+      :recipients => @email_credential.email)
+
+    redirect_to(:action => "activated")
+  end
+
+  # GET /credential/email/token/:activation_token/activated
+  def activated
+    # nop
+  end
+
+  private
+
+  # FIXME: login_userに属することを同時に確認
+  def required_param_email_credential_id(email_credential_id = params[:email_credential_id])
+    @email_credential = EmailCredential.find_by_id(email_credential_id)
+    if @email_credential
+      return true
+    else
+      set_error("メール認証情報IDが正しくありません。")
+      redirect_to(root_path)
+      return false
+    end
+  end
+
+  def specified_email_credential_belongs_to_login_user
+    if @email_credential.user_id == @login_user.id
+      return true
+    else
+      set_error("メール認証情報IDが正しくありません。")
+      redirect_to(root_path)
+      return false
+    end
+  end
+
+  def required_param_activation_token(activation_token = params[:activation_token])
+    @email_credential = EmailCredential.find_by_activation_token(activation_token)
+    if @email_credential
+      return true
+    else
+      set_error("アクティベーショントークンが正しくありません。")
+      redirect_to(root_path)
+      return false
+    end
+  end
+
+  def only_inactive_email_credential
+    if @email_credential.activated?
+      set_error("既にアクティベーションされています。")
+      redirect_to(root_path)
+      return false
+    else
+      return true
+    end
+  end
+end

data/app/controllers/credentials/open_id_controller.rb

@@ -0,0 +1,85 @@
+
+# OpenID認証情報コントローラ
+class Credentials::OpenIdController < ApplicationController
+  verify_method_post :only => [:destroy]
+  before_filter :authentication
+  before_filter :authentication_required
+  before_filter :required_param_open_id_credential_id, :only => [:delete, :destroy]
+  before_filter :specified_open_id_credential_belongs_to_login_user, :only => [:delete, :destroy]
+
+  # GET /credentials/open_id/new
+  def new
+    @login_form = OpenIdLoginForm.new
+  end
+
+  # POST /credentials/open_id/create
+  # GET  /credentials/open_id/create
+  def create
+    @login_form = OpenIdLoginForm.new(params[:login_form])
+
+    if params[:open_id_complete].nil? && !@login_form.valid?
+      set_error_now("入力内容を確認してください。")
+      render(:action => "new")
+      return
+    end
+
+    authenticate_with_open_id(@login_form.openid_url) { |result, identity_url|
+      @login_form.openid_url = identity_url
+      @status = result.status
+
+      if result.successful?
+        @open_id_credential = @login_user.open_id_credentials.find_or_initialize_by_identity_url(identity_url)
+
+        if @open_id_credential.new_record?
+          @open_id_credential.save!
+
+          set_notice("OpenID認証情報を追加しました。")
+          redirect_to(:controller => "/credentials", :action => "index")
+        else
+          set_error_now("既に使用されているOpenIDです。")
+          render(:action => "new")
+        end
+      else
+        set_error_now(result.message)
+        render(:action => "new")
+      end
+    }
+  end
+
+  # GET /credential/open_id/:open_id_credential_id/delete
+  def delete
+    # nop
+  end
+
+  # POST /credential/open_id/:open_id_credential_id/destroy
+  def destroy
+    @open_id_credential.destroy
+
+    set_notice("OpenID認証情報を削除しました。")
+    redirect_to(:controller => "/credentials")
+  end
+
+  private
+
+  # FIXME: login_userに属することを同時に確認
+  def required_param_open_id_credential_id(open_id_credential_id = params[:open_id_credential_id])
+    @open_id_credential = OpenIdCredential.find_by_id(open_id_credential_id)
+    if @open_id_credential
+      return true
+    else
+      set_error("OpenID認証情報IDが正しくありません。")
+      redirect_to(root_path)
+      return false
+    end
+  end
+
+  def specified_open_id_credential_belongs_to_login_user
+    if @open_id_credential.user_id == @login_user.id
+      return true
+    else
+      set_error("OpenID認証情報IDが正しくありません。")
+      redirect_to(root_path)
+      return false
+    end
+  end
+end

data/app/controllers/credentials_controller.rb

@@ -0,0 +1,14 @@
+
+# 認証情報コントローラ
+class CredentialsController < ApplicationController
+  before_filter :authentication
+  before_filter :authentication_required
+
+  # GET /credentials
+  def index
+    @open_id_credentials = @login_user.open_id_credentials.all(
+      :order => "open_id_credentials.identity_url ASC")
+    @email_credentials = @login_user.email_credentials.all(
+      :order => "email_credentials.email ASC")
+  end
+end

data/app/controllers/signup/email_controller.rb

@@ -0,0 +1,132 @@
+# -*- coding: utf-8 -*-
+
+# メール認証情報サインアップ
+class Signup::EmailController < ApplicationController
+  EditFormClass = EmailCredentialEditForm
+
+  filter_parameter_logging :password
+  verify_method_post :only => [:validate, :create, :activate]
+  before_filter :clear_session_user_id, :only => [:index, :validate, :validated, :create, :created, :activation, :activate, :activated]
+  before_filter :clear_session_signup_form, :only => [:index, :validate, :activation, :activate, :activated]
+
+  # GET /signup/email
+  def index
+    @signup_form = EditFormClass.new
+  end
+
+  # POST /signup/email/validate
+  def validate
+    @signup_form = EditFormClass.new(params[:signup_form])
+
+    if @signup_form.valid?
+      session[:signup_form] = @signup_form.attributes
+      redirect_to(:action => "validated")
+    else
+      @signup_form.password              = nil
+      @signup_form.password_confirmation = nil
+      set_error_now("入力内容を確認してください。")
+      render(:action => "index")
+    end
+  end
+
+  # GET /signup/email/validated
+  def validated
+    @signup_form = EditFormClass.new(session[:signup_form])
+
+    if @signup_form.valid?
+      render
+    else
+      set_error_now("入力内容を確認してください。")
+      render(:action => "index")
+    end
+  end
+
+  # POST /signup/email/create
+  def create
+    @signup_form = EditFormClass.new(session[:signup_form])
+
+    @user = User.new
+    @credential = @user.email_credentials.build
+    @credential.attributes = @signup_form.to_email_credential_hash
+
+    if @signup_form.valid? && @user.save
+      @activation_url = url_for(
+        :only_path        => false,
+        :controller       => "signup/email",
+        :action           => "activation",
+        :activation_token => @credential.activation_token)
+
+      # TODO: テスト
+      # MEMO: 即時性を優先し、非同期化しない
+      ActivationMailer.deliver_request_for_signup(
+        :recipients     => @credential.email,
+        :activation_url => @activation_url)
+
+      redirect_to(:action => "created")
+    else
+      set_error_now("入力内容を確認してください。")
+      render(:action => "index")
+    end
+  end
+
+  # GET /signup/email/created
+  def created
+    @signup_form = EditFormClass.new(session[:signup_form])
+    @credential  = EmailCredential.find_by_email(@signup_form.email)
+  end
+
+  # GET /signup/email/activation/:activation_token
+  # FIXME: URLの見直し
+  # FIXME: 無効なアクティベーションキー、アクティベーション済みのキーはフィルタで弾く
+  def activation
+    @credential = EmailCredential.find_by_activation_token(params[:activation_token])
+    @activated  = @credential.try(:activated?)
+  end
+
+  # POST /signup/email/activate
+  # FIXME: URLの見直し
+  # FIXME: 無効なアクティベーションキー、アクティベーション済みのキーはフィルタで弾く
+  def activate
+    @credential = EmailCredential.find_by_activation_token(params[:activation_token])
+
+    unless @credential
+      set_error("無効なアクティベーションキーです。")
+      redirect_to(root_path)
+      return
+    end
+
+    if @credential.activated?
+      set_error("既に本登録されています。")
+      redirect_to(root_path)
+      return
+    end
+
+    @credential.activate!
+
+    # TODO: テスト
+    # MEMO: 即時性を優先し、非同期化しない
+    ActivationMailer.deliver_complete_for_signup(
+      :recipients => @credential.email)
+
+    redirect_to(:action => "activated")
+  end
+
+  # GET /signup/email/activated
+  # FIXME: URLの見直し
+  # FIXME: 無効なアクティベーションキー、アクティベーション済みのキーはフィルタで弾く
+  def activated
+    # nop
+  end
+
+  private
+
+  def clear_session_user_id
+    session[:user_id] = nil
+    return true
+  end
+
+  def clear_session_signup_form
+    session[:signup_form] = nil
+    return true
+  end
+end

data/app/controllers/signup/open_id_controller.rb

@@ -0,0 +1,62 @@
+# -*- coding: utf-8 -*-
+
+# OpenID認証情報サインアップ
+# FIXME: 全体的に実装を整理
+class Signup::OpenIdController < ApplicationController
+  # GET /signup/open_id
+  def index
+    session[:identity_url] = nil
+    @openid_url = nil
+  end
+
+  # POST /signup/open_id/authenticate
+  # GET  /signup/open_id/authenticate
+  def authenticate
+    @openid_url = params[:openid_url]
+
+    failed = proc { |message|
+      flash[:error] = message
+      redirect_to(:action => "index")
+    }
+
+    authenticate_with_open_id(@openid_url) { |result, identity_url, sreg|
+      if result.successful?
+        if OpenIdCredential.exists?(:identity_url => identity_url)
+          failed["指定されたOpenIDは既に登録されているため、利用できません。"]
+        else
+          session[:identity_url] = identity_url
+          redirect_to(:action => "authenticated")
+        end
+      else
+        failed[result.message]
+      end
+    }
+  end
+
+  # GET /signup/open_id/authenticated
+  def authenticated
+    @identity_url = session[:identity_url]
+  end
+
+  # POST /signup/open_id/create
+  def create
+    @identity_url = session[:identity_url]
+
+    @user = User.new
+    @credential = @user.open_id_credentials.build
+    @credential.identity_url = @identity_url
+
+    @user.save!
+
+    # FIXME: ログイン状態にしないように変更
+    session[:identity_url] = nil
+    session[:user_id]      = @user.id
+
+    redirect_to(:action => "created")
+  end
+
+  # GET /signup/open_id/created
+  def created
+    # nop
+  end
+end

data/app/controllers/signup_controller.rb

@@ -0,0 +1,8 @@
+
+# サインアップ
+class SignupController < ApplicationController
+  # GET /signup
+  def index
+    # nop
+  end
+end

data/app/helpers/application_helper.rb

@@ -0,0 +1,5 @@
+# -*- coding: utf-8 -*-
+
+module ApplicationHelper
+  include MultiAuthHelper
+end