omniauth-identity2 2.0

data/lib/omniauth/identity/models/active_record.rb

@@ -0,0 +1,24 @@
+require 'active_record'
+
+module OmniAuth
+  module Identity
+    module Models
+      class ActiveRecord < ::ActiveRecord::Base
+        include OmniAuth::Identity::Model
+        include OmniAuth::Identity::SecurePassword
+
+        self.abstract_class = true
+        has_secure_password
+
+        def self.auth_key=(key)
+          super
+          validates_uniqueness_of key, :case_sensitive => false
+        end
+
+        def self.locate(search_hash)
+          where(search_hash).first
+        end
+      end
+    end
+  end
+end

data/lib/omniauth/identity/models/couch_potato.rb

@@ -0,0 +1,31 @@
+require 'couch_potato'
+
+module OmniAuth
+  module Identity
+    module Models
+      # can not be named CouchPotato since there is a class with that name
+      module CouchPotatoModule
+
+        def self.included(base)
+
+          base.class_eval do
+
+            include ::OmniAuth::Identity::Model
+            include ::OmniAuth::Identity::SecurePassword
+
+            has_secure_password
+
+            def self.auth_key=(key)
+              super
+              validates_uniqueness_of key, :case_sensitive => false
+            end
+
+            def self.locate(search_hash)
+              where(search_hash).first
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/omniauth/identity/models/data_mapper.rb

@@ -0,0 +1,32 @@
+require 'dm-core'
+require 'dm-validations'
+
+module OmniAuth
+  module Identity
+    module Models
+      module DataMapper
+        def self.included(base)
+          base.class_eval do
+            include OmniAuth::Identity::Model
+            include OmniAuth::Identity::SecurePassword
+
+            # http://api.rubyonrails.org/classes/ActiveRecord/Persistence.html#method-i-persisted-3F
+            # http://rubydoc.info/github/mongoid/mongoid/master/Mongoid/State#persisted%3F-instance_method
+            alias persisted? valid?
+
+            has_secure_password
+
+            def self.auth_key=(key)
+              super
+              validates_uniqueness_of :key
+            end
+
+            def self.locate(search_hash)
+              all(search_hash).first
+            end
+          end
+        end
+      end # DataMapper
+    end
+  end
+end

data/lib/omniauth/identity/models/mongoid.rb

@@ -0,0 +1,33 @@
+require 'mongoid'
+
+module OmniAuth
+  module Identity
+    module Models
+      module Mongoid
+
+        def self.included(base)
+
+          base.class_eval do
+
+            include ::OmniAuth::Identity::Model
+            include ::OmniAuth::Identity::SecurePassword
+
+            has_secure_password
+
+            def self.auth_key=(key)
+              super
+              validates_uniqueness_of key, :case_sensitive => false
+            end
+
+            def self.locate(search_hash)
+              where(search_hash).first
+            end
+
+          end
+
+        end
+
+      end
+    end
+  end
+end

data/lib/omniauth/identity/secure_password.rb

@@ -0,0 +1,78 @@
+require 'bcrypt'
+
+module OmniAuth
+  module Identity
+    # This is taken directly from Rails 3.1 code and is used if
+    # the version of ActiveModel that's being used does not
+    # include SecurePassword. The only difference is that instead of
+    # using ActiveSupport::Concern, it checks to see if there is already
+    # a has_secure_password method.
+    module SecurePassword
+      def self.included(base)
+        unless base.respond_to?(:has_secure_password)
+          base.extend ClassMethods
+        end
+      end
+
+      module ClassMethods
+        # Adds methods to set and authenticate against a BCrypt password.
+        # This mechanism requires you to have a password_digest attribute.
+        #
+        # Validations for presence of password, confirmation of password (using
+        # a "password_confirmation" attribute) are automatically added.
+        # You can add more validations by hand if need be.
+        #
+        # Example using Active Record (which automatically includes ActiveModel::SecurePassword):
+        #
+        #   # Schema: User(name:string, password_digest:string)
+        #   class User < ActiveRecord::Base
+        #     has_secure_password
+        #   end
+        #
+        #   user = User.new(:name => "david", :password => "", :password_confirmation => "nomatch")
+        #   user.save                                                      # => false, password required
+        #   user.password = "mUc3m00RsqyRe"
+        #   user.save                                                      # => false, confirmation doesn't match
+        #   user.password_confirmation = "mUc3m00RsqyRe"
+        #   user.save                                                      # => true
+        #   user.authenticate("notright")                                  # => false
+        #   user.authenticate("mUc3m00RsqyRe")                             # => user
+        #   User.find_by_name("david").try(:authenticate, "notright")      # => nil
+        #   User.find_by_name("david").try(:authenticate, "mUc3m00RsqyRe") # => user
+        def has_secure_password
+          attr_reader   :password
+
+          validates_confirmation_of :password
+          validates_presence_of     :password_digest
+
+          include InstanceMethodsOnActivation
+
+          if respond_to?(:attributes_protected_by_default)
+            def self.attributes_protected_by_default
+              super + ['password_digest']
+            end
+          end
+        end
+      end
+
+      module InstanceMethodsOnActivation
+        # Returns self if the password is correct, otherwise false.
+        def authenticate(unencrypted_password)
+          if BCrypt::Password.new(password_digest) == unencrypted_password
+            self
+          else
+            false
+          end
+        end
+
+        # Encrypts the password into the password_digest attribute.
+        def password=(unencrypted_password)
+          @password = unencrypted_password
+          if unencrypted_password && !unencrypted_password.empty?
+            self.password_digest = BCrypt::Password.create(unencrypted_password)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/omniauth/strategies/identity.rb

@@ -0,0 +1,103 @@
+module OmniAuth
+  module Strategies
+    # The identity strategy allows you to provide simple internal
+    # user authentication using the same process flow that you
+    # use for external OmniAuth providers.
+    class Identity
+      include OmniAuth::Strategy
+
+      option :fields, [:name, :email]
+      option :on_login, nil
+      option :on_registration, nil
+      option :on_failed_registration, nil
+      option :locate_conditions, lambda{|req| {model.auth_key => req['auth_key']} }
+
+      def request_phase
+        if options[:on_login]
+          options[:on_login].call(self.env)
+        else
+          OmniAuth::Form.build(
+            :title => (options[:title] || "Identity Verification"),
+            :url => callback_path
+          ) do |f|
+            f.text_field 'Login', 'auth_key'
+            f.password_field 'Password', 'password'
+            f.html "<p align='center'><a href='#{registration_path}'>Create an Identity</a></p>"
+          end.to_response
+        end
+      end
+
+      def callback_phase
+        return fail!(:invalid_credentials) unless identity
+        super
+      end
+
+      def other_phase
+        if on_registration_path?
+          if request.get?
+            registration_form
+          elsif request.post?
+            registration_phase
+          end
+        else
+          call_app!
+        end
+      end
+
+      def registration_form
+        if options[:on_registration]
+          options[:on_registration].call(self.env)
+        else
+          OmniAuth::Form.build(:title => 'Register Identity') do |f|
+            options[:fields].each do |field|
+              f.text_field field.to_s.capitalize, field.to_s
+            end
+            f.password_field 'Password', 'password'
+            f.password_field 'Confirm Password', 'password_confirmation'
+          end.to_response
+        end
+      end
+
+      def registration_phase
+        attributes = (options[:fields] + [:password, :password_confirmation]).inject({}){|h,k| h[k] = request[k.to_s]; h}
+        @identity = model.create(attributes)
+        if @identity.persisted?
+          env['PATH_INFO'] = callback_path
+          callback_phase
+        else
+          if options[:on_failed_registration]
+            self.env['omniauth.identity'] = @identity
+            options[:on_failed_registration].call(self.env)
+          else
+            registration_form
+          end
+        end
+      end
+
+      uid{ identity.uid }
+      info{ identity.info }
+
+      def registration_path
+        options[:registration_path] || "#{path_prefix}/#{name}/register"
+      end
+
+      def on_registration_path?
+        on_path?(registration_path)
+      end
+
+      def identity
+        if options.locate_conditions.is_a? Proc
+          conditions = instance_exec(request, &options.locate_conditions)
+          conditions.to_hash
+        else
+          conditions = options.locate_conditions.to_hash
+        end
+        @identity ||= model.authenticate(conditions, request['password'] )
+      end
+
+      def model
+        options[:model] || ::Identity
+      end
+    end
+  end
+end

data/omniauth-identity.gemspec

@@ -0,0 +1,33 @@
+# -*- encoding: utf-8 -*-
+require File.dirname(__FILE__) + '/lib/omniauth-identity/version'
+
+Gem::Specification.new do |gem|
+  gem.add_runtime_dependency 'omniauth'
+  gem.add_runtime_dependency 'bcrypt'
+
+  gem.add_development_dependency 'maruku'
+  gem.add_development_dependency 'simplecov'
+  gem.add_development_dependency 'rack-test'
+  gem.add_development_dependency 'rake'
+  gem.add_development_dependency 'rspec', '~> 3'
+  gem.add_development_dependency 'activerecord'
+  gem.add_development_dependency 'mongoid'
+  gem.add_development_dependency 'datamapper'
+  gem.add_development_dependency 'bson_ext'
+  gem.add_development_dependency 'byebug'
+  gem.add_development_dependency 'couch_potato'
+
+  gem.name = 'omniauth-identity2'
+  gem.version = OmniAuth::Identity::VERSION
+  gem.description = %q{Internal authentication handlers for OmniAuth. A modern version of the Omniauth Identity strategy.}
+  gem.summary = gem.description
+  gem.email = ['andy.roberts.uk@gmail.com']
+  gem.homepage = 'https://github.com/Jellybooks/omniauth-identity2'
+  gem.authors = ['Andrew Roberts', 'Michael Bleigh']
+  gem.license     = 'MIT'
+  gem.executables = `git ls-files -- bin/*`.split("\n").map{|f| File.basename(f)}
+  gem.files = `git ls-files`.split("\n")
+  gem.test_files = `git ls-files -- {test,spec,features}/*`.split("\n")
+  gem.require_paths = ['lib']
+  gem.required_rubygems_version = Gem::Requirement.new('>= 1.3.6') if gem.respond_to? :required_rubygems_version=
+end

data/spec/omniauth/identity/model_spec.rb

@@ -0,0 +1,121 @@
+class ExampleModel
+  include OmniAuth::Identity::Model
+end
+
+describe OmniAuth::Identity::Model do
+  context 'Class Methods' do
+    subject{ ExampleModel }
+
+    describe '.locate' do
+      it('should be abstract'){ expect{ subject.locate('abc') }.to raise_error(NotImplementedError) }
+    end
+
+    describe '.authenticate' do
+      it 'should call locate and then authenticate' do
+        mocked_instance = double('ExampleModel', :authenticate => 'abbadoo')
+        allow(subject).to receive(:locate).with('email' => 'example').and_return(mocked_instance)
+        expect(subject.authenticate({'email' => 'example'},'pass')).to eq('abbadoo')
+      end
+
+      it 'should call locate with additional scopes when provided' do
+        mocked_instance = double('ExampleModel', :authenticate => 'abbadoo')
+        allow(subject).to receive(:locate).with('email' => 'example', 'user_type' => 'admin').and_return(mocked_instance)
+        expect(subject.authenticate({'email' => 'example', 'user_type' => 'admin'}, 'pass')).to eq('abbadoo')
+      end
+
+      it 'should recover gracefully if locate is nil' do
+        allow(subject).to receive(:locate).and_return(nil)
+        expect(subject.authenticate('blah','foo')).to be false
+      end
+    end
+  end
+
+  context 'Instance Methods' do
+    subject{ ExampleModel.new }
+
+    describe '#authenticate' do
+      it('should be abstract'){ expect{ subject.authenticate('abc') }.to raise_error(NotImplementedError) }
+    end
+
+    describe '#uid' do
+      it 'should default to #id' do
+        allow(subject).to receive(:respond_to?).with(:id).and_return(true)
+        allow(subject).to receive(:id).and_return 'wakka-do'
+        expect(subject.uid).to eq('wakka-do')
+      end
+
+      it 'should stringify it' do
+        allow(subject).to receive(:id).and_return 123
+        expect(subject.uid).to eq('123')
+      end
+
+      it 'should raise NotImplementedError if #id is not defined' do
+        allow(subject).to receive(:respond_to?).with(:id).and_return(false)
+        expect{ subject.uid }.to raise_error(NotImplementedError)
+      end
+    end
+
+    describe '#auth_key' do
+      it 'should default to #email' do
+        allow(subject).to receive(:respond_to?).with(:email).and_return(true)
+        allow(subject).to receive(:email).and_return('bob@bob.com')
+        expect(subject.auth_key).to eq('bob@bob.com')
+      end
+
+      it 'should use the class .auth_key' do
+        subject.class.auth_key 'login'
+        allow(subject).to receive(:login).and_return 'bob'
+        expect(subject.auth_key).to eq('bob')
+        subject.class.auth_key nil
+      end
+
+      it 'should raise a NotImplementedError if the auth_key method is not defined' do
+        expect{ subject.auth_key }.to raise_error(NotImplementedError)
+      end
+    end
+
+    describe '#auth_key=' do
+      it 'should default to setting email' do
+        allow(subject).to receive(:respond_to?).with(:email=).and_return(true)
+        expect(subject).to receive(:email=).with 'abc'
+        
+        subject.auth_key = 'abc'
+      end
+
+      it 'should use a custom .auth_key if one is provided' do
+        subject.class.auth_key 'login'
+        allow(subject).to receive(:respond_to?).with(:login=).and_return(true)
+        expect(subject).to receive(:login=).with('abc')
+
+        subject.auth_key = 'abc'
+      end
+
+      it 'should raise a NotImplementedError if the autH_key method is not defined' do
+        expect{ subject.auth_key = 'broken' }.to raise_error(NotImplementedError)
+      end
+    end
+
+    describe '#info' do
+      it 'should include attributes that are set' do
+        allow(subject).to receive(:name).and_return('Bob Bobson')
+        allow(subject).to receive(:nickname).and_return('bob')
+
+        expect(subject.info).to eq({
+          'name' => 'Bob Bobson',
+          'nickname' => 'bob'
+        })
+      end
+
+      it 'should automatically set name off of nickname' do
+        allow(subject).to receive(:nickname).and_return('bob')
+        subject.info['name'] == 'bob'
+      end
+
+      it 'should not overwrite a provided name' do
+        allow(subject).to receive(:name).and_return('Awesome Dude')
+        allow(subject).to receive(:first_name).and_return('Frank')
+        expect(subject.info['name']).to eq('Awesome Dude')
+      end
+    end
+  end
+end