openstax_accounts 0.1.0

data/app/views/openstax/accounts/users/_action_list.html.erb

@@ -0,0 +1,33 @@
+<%# Copyright 2011-2012 Rice University. Licensed under the Affero General Public 
+    License version 3 or later.  See the COPYRIGHT file for details. %>
+
+<%
+  users ||= []
+%>
+
+<% if list.num_columns > 0 %>
+  <table class="list" width="100%">
+    <% if list.has_headings? %>
+      <tr>  
+        <% for ii in 0..list.num_columns - 1 %>
+          <th><%= list.get_heading(ii) %></th>
+        <% end %>
+      </tr>
+    <% end %>
+
+    <% if users.empty? %>
+      <tr>
+        <td colspan="<%= list.num_columns %>">No results</td>
+      </tr>
+    <% else %>
+      <% users.all.each_with_index do |user, uu| %>
+        <tr>
+          <% for cc in 0..list.num_columns - 1 %>
+            <% width = uu == 0 ? list.get_width(cc) : nil %>
+            <td <%= "width=#{width}" if width %>><%= list.get_data(cc, user) %></td>
+          <% end %>
+        </tr>
+      <% end %>
+    <% end %>
+  </table>
+<% end %>

data/app/views/openstax/accounts/users/_action_search.html.erb

@@ -0,0 +1,25 @@
+<%# Copyright 2011-2012 Rice University. Licensed under the Affero General Public 
+    License version 3 or later.  See the COPYRIGHT file for details. %>
+
+<%
+   # Clients of this partial must supply the following variables:
+   #   action_search_path  
+%>
+
+<div id="action-search-errors"></div>
+
+<%= lev_form_for :search, 
+                 url: action_search_path, 
+                 html: {id: 'action-search-form'},
+                 remote: true do |f| %>
+
+  Search for 
+  <%= f.text_field :search_terms, style: 'width:300px' %> 
+  in         
+  <%= f.select :search_type, options_for_select(['Any', 'Name', 'Username']) %>
+
+  <%= submit_tag 'Search' %>
+
+<% end %>
+
+<div id="action-search-results-list"></div>

data/app/views/openstax/accounts/users/action_search.js.erb

@@ -0,0 +1,8 @@
+<%= unless_errors errors_html_id: (errors_html_id ||= 'action-search-errors') do %>
+  <% contents = render 'openstax/accounts/users/action_list', 
+                       users: users, 
+                       list: list %>
+  
+  $("#action-search-results-list").html("<%= j(contents) %>");  
+<% end %>
+

data/config/initializers/extend_builtins.rb

@@ -0,0 +1,42 @@
+class ActionController::Base
+
+  # Returns the current app user
+  def current_user
+    current_user_manager.current_user
+  end
+
+  # Signs in the given user; the argument can be either an accounts user or
+  # an app user
+  def sign_in(user)
+    current_user_manager.sign_in(user)
+  end
+
+  # Signs out the current user
+  def sign_out!
+    current_user_manager.sign_out!
+  end
+
+  # Returns true iff there is a user signed in
+  def signed_in?
+    current_user_manager.signed_in?
+  end
+
+  # Useful in before_filters
+  def authenticate_user!
+    return if signed_in?
+    session[:return_to] = "#{request.protocol}#{request.host_with_port}#{request.fullpath}"
+    redirect_to openstax_accounts.login_path
+  end
+
+protected
+
+  helper_method :current_user, :signed_in?
+
+  def current_user_manager
+    @current_user_manager ||= OpenStax::Accounts::CurrentUserManager.new(request,
+                                                                         session,
+                                                                         cookies)
+  end
+
+end
+

data/config/routes.rb

@@ -0,0 +1,25 @@
+OpenStax::Accounts::Engine.routes.draw do
+  match '/auth/openstax/callback', to: 'sessions#omniauth_authenticated' #omniauth route
+  get '/auth/openstax', :as => 'openstax_login'
+
+  get 'sessions/new', :as => 'login'
+  # See https://github.com/plataformatec/devise/commit/f3385e96abf50e80d2ae282e1fb9bdad87a83d3c
+  match 'sessions/destroy', :as => 'logout',
+                            :via => OpenStax::Accounts.configuration.logout_via
+
+  if OpenStax::Accounts.configuration.enable_stubbing?
+    namespace :dev do
+      resources :users, :only => [] do
+        collection do
+          get 'login'
+          post 'search'
+          post 'become'
+        end
+      end
+    end
+  end
+end
+
+hh = OpenStax::Accounts::Engine.routes.url_helpers
+
+OpenStax::Accounts::RouteHelper.register_path(:login, hh.openstax_login_path) { hh.login_dev_users_path }

data/db/migrate/0_create_openstax_accounts_users.rb

@@ -0,0 +1,18 @@
+class CreateOpenStaxAccountsUsers < ActiveRecord::Migration
+  def change
+    create_table :openstax_accounts_users do |t|
+      t.integer :openstax_uid
+      t.string  :username
+      t.string  :first_name
+      t.string  :last_name
+      t.string  :full_name
+      t.string  :title
+      t.string  :access_token
+
+      t.timestamps
+    end
+
+    add_index :openstax_accounts_users, :openstax_uid, :unique => true
+    add_index :openstax_accounts_users, :username, :unique => true
+  end
+end

data/lib/omniauth/strategies/openstax.rb

@@ -0,0 +1,39 @@
+require 'omniauth'
+require 'omniauth-oauth2'
+
+module OmniAuth
+  module Strategies
+    class Openstax < OAuth2
+      option :name, "openstax"
+
+      option :client_options, {
+        :site => "http://accounts.openstax.org",
+        :authorize_url => "/oauth/authorize"
+      }
+
+      uid { raw_info["id"] }
+
+      info do
+        username = raw_info["username"]
+        title = raw_info["title"]
+        first_name = raw_info["first_name"]
+        last_name = raw_info["last_name"]
+        full_name = raw_info["full_name"] || "#{first_name} #{last_name}"
+        full_name = username if full_name.blank?
+
+        # Changed to conform to the omniauth schema
+        {
+          name: full_name,
+          nickname: username,
+          first_name: first_name,
+          last_name: last_name,
+          title: title
+        }
+      end
+
+      def raw_info
+        @raw_info ||= access_token.get('/api/users/me.json').parsed
+      end
+    end
+  end
+end

data/lib/openstax/accounts/action_list.rb

@@ -0,0 +1,42 @@
+module OpenStax
+  module Accounts
+    class ActionList
+
+      def initialize(options={})
+        @options = options
+
+        raise IllegalArgument, "must supply data procs" if options[:data_procs].nil?
+
+        if options[:headings].present? && options[:data_procs].size != options[:headings].size
+          raise IllegalArgument, "if you supply headings, you must supply one for each column"
+        end
+
+        if options[:widths].present? && options[:data_procs].size != options[:widths].size
+          raise IllegalArgument, "if you supply widths, you must supply one for each column"
+        end
+
+      end
+
+      def num_columns
+        @options[:data_procs].size
+      end
+
+      def has_headings?
+        @options[:headings].present?
+      end
+
+      def get_heading(column)
+        @options[:headings].nil? ? nil : @options[:headings][column]
+      end
+
+      def get_width(column)
+        @options[:widths].nil? ? nil : @options[:widths][column]
+      end
+
+      def get_data(column, *args)
+        @options[:data_procs][column].call(*args)
+      end
+
+    end
+  end
+end

data/lib/openstax/accounts/current_user_manager.rb

@@ -0,0 +1,103 @@
+module OpenStax
+  module Accounts
+    class CurrentUserManager
+
+      # References:
+      #   http://railscasts.com/episodes/356-dangers-of-session-hijacking
+
+      def initialize(request, session, cookies)
+        @request = request
+        @session = session
+        @cookies = cookies
+      end
+
+      # Returns the current app user
+      def current_user
+        load_current_users
+        @app_current_user
+      end
+
+      # Signs in the given user; the argument can be either an accounts user or
+      # an app user
+      def sign_in(user)
+        user.is_a?(User) ?
+          self.accounts_current_user = user :
+          self.current_user = user
+      end
+
+      # Signs out the user
+      def sign_out!
+        sign_in(OpenStax::Accounts::User.anonymous)
+      end
+
+      # Returns true iff there is a user signed in
+      def signed_in?
+        !accounts_current_user.is_anonymous?
+      end
+
+      # Returns the current accounts user
+      def accounts_current_user
+        load_current_users
+        @accounts_current_user
+      end
+
+    protected
+
+      # If they are nil (unset), sets the current users based on the session state
+      def load_current_users
+        return if !@accounts_current_user.nil?
+
+        if @request.ssl? && @cookies.signed[:secure_user_id] != "secure#{@session[:user_id]}"
+          sign_out! # hijacked
+        else
+          # If there is a session user_id, load up that user, otherwise set the anonymous user.
+         
+          if @session[:user_id]
+            @accounts_current_user = User.where(id: @session[:user_id]).first
+
+            # It could happen (normally in development) that there is a session
+            # user_id that doesn't map to a User in the db.
+            # In such a case, sign_out! to reset the state
+            if @accounts_current_user.nil?
+              sign_out!
+              return
+            end
+          else
+            @accounts_current_user = User.anonymous
+          end
+
+          # Bring the app user inline with the accounts user
+          @app_current_user = user_provider.accounts_user_to_app_user(@accounts_current_user)
+        end
+      end
+
+      # Sets (signs in) the provided app user.
+      def current_user=(user)
+        self.accounts_current_user = user_provider.app_user_to_accounts_user(user)
+        @app_current_user
+      end
+
+      # Sets the current accounts user, updates the app user, and also updates
+      # the session and cookie state.
+      def accounts_current_user=(user)
+        @accounts_current_user = user || User.anonymous
+        @app_current_user = user_provider.accounts_user_to_app_user(@accounts_current_user)
+
+        if @accounts_current_user.is_anonymous?
+          @session[:user_id] = nil
+          @cookies.delete(:secure_user_id)
+        else
+          @session[:user_id] = @accounts_current_user.id
+          @cookies.signed[:secure_user_id] = {secure: true, value: "secure#{@accounts_current_user.id}"}
+        end
+
+        @accounts_current_user
+      end
+
+      def user_provider
+        OpenStax::Accounts.configuration.user_provider
+      end
+
+    end
+  end
+end

data/lib/openstax/accounts/engine.rb

@@ -0,0 +1,35 @@
+require 'omniauth'
+require 'omniauth/strategies/openstax'
+require 'lev'
+
+ActiveSupport::Inflector.inflections do |inflect|
+  inflect.acronym 'OpenStax'
+end
+
+module OpenStax
+  module Accounts
+    class Engine < ::Rails::Engine
+      isolate_namespace OpenStax::Accounts
+
+      config.generators do |g|
+        g.test_framework :rspec, :view_specs => false, :fixture => false
+        g.fixture_replacement :factory_girl, :dir => 'spec/factories'
+        g.assets false
+        g.helper false
+      end
+
+      SETUP_PROC = lambda do |env|
+        env['omniauth.strategy'].options[:client_options][:site] = OpenStax::Accounts.configuration.openstax_accounts_url
+      end
+
+      # Doesn't work to put this omniauth code in an engine initializer, instead:
+      # https://gist.github.com/pablomarti/5243118
+      middleware.use ::OmniAuth::Builder do
+        provider :openstax, 
+                 OpenStax::Accounts.configuration.openstax_application_id,
+                 OpenStax::Accounts.configuration.openstax_application_secret,
+                 :setup => SETUP_PROC
+      end
+    end
+  end
+end

data/lib/openstax/accounts/route_helper.rb

@@ -0,0 +1,34 @@
+require 'singleton'
+
+module OpenStax
+  module Accounts
+    class RouteHelper
+      
+      include Singleton
+
+      # Registers a path against a canonical name.  An optional
+      # block can be provided to give the stubbed path
+      def self.register_path(canonical_name, path, &block)
+        instance.paths[canonical_name] = path
+        if block.present? && OpenStax::Accounts.configuration.enable_stubbing?
+          instance.stubbed_paths[canonical_name] = block.call
+        end
+      end
+
+      def self.get_path(canonical_name)
+        OpenStax::Accounts.configuration.enable_stubbing? ?
+          instance.stubbed_paths[canonical_name] :
+          instance.paths[canonical_name]
+      end
+
+      def initialize
+        self.paths = {}
+        self.stubbed_paths = {}
+      end
+
+      attr_accessor :paths
+      attr_accessor :stubbed_paths
+
+    end
+  end
+end

data/lib/openstax/accounts/user_provider.rb

@@ -0,0 +1,15 @@
+module OpenStax
+  module Accounts
+    class UserProvider
+
+      def self.accounts_user_to_app_user(accounts_user)
+        accounts_user
+      end
+
+      def self.app_user_to_accounts_user(app_user)
+        app_user
+      end
+
+    end
+  end
+end

data/lib/openstax/accounts/version.rb

@@ -0,0 +1,5 @@
+module OpenStax
+  module Accounts
+    VERSION = "0.1.0"
+  end
+end

data/lib/openstax_accounts.rb

@@ -0,0 +1,130 @@
+require 'openstax/accounts/version'
+require 'openstax/accounts/engine'
+require 'openstax/accounts/route_helper'
+require 'openstax/accounts/action_list'
+require 'openstax/accounts/user_provider'
+require 'openstax/accounts/current_user_manager'
+
+require 'openstax_utilities'
+require 'uri'
+require 'oauth2'
+
+module OpenStax
+  module Accounts
+
+    class << self
+
+      ###########################################################################
+      #
+      # Configuration machinery.
+      #
+      # To configure OpenStax Accounts, put the following code in your
+      # application's initialization logic
+      # (eg. in the config/initializers in a Rails app)
+      #
+      #   OpenStax::Accounts.configure do |config|
+      #     config.<parameter name> = <parameter value>
+      #     ...
+      #   end
+      #
+      # Set enable_stubbing to true iff you want this engine to fake all 
+      #   interaction with the accounts site.
+      #
+      
+      def configure
+        yield configuration
+      end
+
+      def configuration
+        @configuration ||= Configuration.new
+      end
+
+      class Configuration
+        attr_accessor :openstax_application_id
+        attr_accessor :openstax_application_secret
+        attr_accessor :enable_stubbing
+        attr_reader :openstax_accounts_url
+        attr_accessor :logout_via
+        attr_accessor :default_errors_partial
+        attr_accessor :default_errors_html_id
+        attr_accessor :default_errors_added_trigger
+        attr_accessor :security_transgression_exception
+
+        # See the "user_provider" discussion in the README 
+        attr_accessor :user_provider
+
+        def openstax_accounts_url=(url)
+          url.gsub!(/https|http/,'https') if !(url =~ /localhost/)
+          url = url + "/" if url[url.size-1] != '/'
+          @openstax_accounts_url = url
+        end
+
+        def initialize      
+          @openstax_application_id = 'SET ME!'
+          @openstax_application_secret = 'SET ME!'
+          @openstax_accounts_url = 'https://accounts.openstax.org/'
+          @enable_stubbing = true
+          @logout_via = :get
+          @default_errors_partial = 'openstax/accounts/shared/attention'
+          @default_errors_html_id = 'openstax-accounts-attention'
+          @default_errors_added_trigger = 'openstax-accounts-errors-added'
+          @security_transgression_exception = SecurityTransgression
+          @user_provider = OpenStax::Accounts::UserProvider
+          super
+        end
+
+        def enable_stubbing?
+          !Rails.env.production? && enable_stubbing
+        end
+      end
+
+      # Executes an OpenStax Accounts API call, using the given HTTP method,
+      # API url and request options.
+      # Any options accepted by OAuth2 requests can be used, such as
+      # :params, :body, :headers, etc, plus the :access_token option, which can
+      # be used to manually specify an OAuth access token.
+      # On failure, it can throw Faraday::ConnectionFailed for connection errors
+      # or OAuth2::Error if Accounts returns an HTTP 400 error,
+      # such as 422 Unprocessable Entity.
+      # On success, returns an OAuth2::Response object.
+      def api_call(http_method, url, options = {})
+        version = options.delete(:api_version)
+        unless version.blank?
+          options[:headers] ||= {}
+          options[:headers].merge!({ 'Accept' => "application/vnd.accounts.openstax.#{version.to_s}" })
+        end
+
+        token_string = options.delete(:access_token)
+        token = token_string.blank? ? client.client_credentials.get_token :
+                OAuth2::AccessToken.new(client, token_string)
+
+        api_url = URI.join(configuration.openstax_accounts_url, 'api/', url)
+
+        token.request(http_method, api_url, options)
+      end
+
+      # Creates an ApplicationUser in Accounts for this app and the given
+      # OpenStax::Accounts::User.
+      # Also takes an optional API version parameter. Defaults to :v1.
+      # On failure, throws an Exception, just like api_call.
+      # On success, returns an OAuth2::Response object.
+      def create_application_user(user, version = nil)
+        options = {:access_token => user.access_token,
+                   :api_version => (version.nil? ? :v1 : version)}
+        api_call(:post, 'application_users', options)
+      end
+
+    protected
+
+      def client
+        @client ||= OAuth2::Client.new(
+                      configuration.openstax_application_id,
+                      configuration.openstax_application_secret,
+                      :site => configuration.openstax_accounts_url
+                    )
+      end
+
+    end
+
+  end
+end

data/spec/controllers/openstax/accounts/dev/users_controller_spec.rb

@@ -0,0 +1,20 @@
+require 'spec_helper'
+
+module OpenStax::Accounts
+  module Dev
+    describe UsersController do
+      routes { OpenStax::Accounts::Engine.routes }
+
+      let!(:user) { OpenStax::Accounts::User.create(username: 'some_user',
+                                                    openstax_uid: 1) }
+
+      it 'should allow users not in production to become other users' do
+        expect(controller.current_user).to eq(OpenStax::Accounts::User.anonymous)
+        expect(controller.current_user.is_anonymous?).to eq(true)
+        get :become, user_id: user.id
+        expect(controller.current_user).to eq(user)
+        expect(controller.current_user.is_anonymous?).to eq(false)
+      end
+    end
+  end
+end

data/spec/controllers/openstax/accounts/sessions_controller_spec.rb

@@ -0,0 +1,29 @@
+require 'spec_helper'
+
+module OpenStax::Accounts
+  describe SessionsController do
+    routes { OpenStax::Accounts::Engine.routes }
+
+    let!(:user) { OpenStax::Accounts::User.create(username: 'some_user',
+                                                  openstax_uid: 1) }
+
+    it 'should redirect users to the login path' do
+      get :new
+      expect(response).to redirect_to RouteHelper.get_path(:login)
+      expect(response.code).to eq('302')
+    end
+
+    it 'should authenticate users based on the oauth callback' do
+      # TODO
+    end
+
+    it 'should let users logout' do
+      controller.sign_in user
+      expect(controller.current_user).to eq(user)
+      expect(controller.current_user.is_anonymous?).to eq(false)
+      delete :destroy
+      expect(controller.current_user).to eq(OpenStax::Accounts::User.anonymous)
+      expect(controller.current_user.is_anonymous?).to eq(true)
+    end
+  end
+end

data/spec/dummy/README.md

@@ -0,0 +1 @@
+Dummy application used to test the OpenStax Accounts engine.

data/spec/dummy/Rakefile

@@ -0,0 +1,7 @@
+#!/usr/bin/env rake
+# Add your own tasks in files placed in lib/tasks ending in .rake,
+# for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
+
+require File.expand_path('../config/application', __FILE__)
+
+Dummy::Application.load_tasks

data/spec/dummy/app/assets/javascripts/application.js

@@ -0,0 +1,15 @@
+// This is a manifest file that'll be compiled into application.js, which will include all the files
+// listed below.
+//
+// Any JavaScript/Coffee file within this directory, lib/assets/javascripts, vendor/assets/javascripts,
+// or vendor/assets/javascripts of plugins, if any, can be referenced here using a relative path.
+//
+// It's not advisable to add code directly here, but if you do, it'll appear at the bottom of the
+// the compiled file.
+//
+// WARNING: THE FIRST BLANK LINE MARKS THE END OF WHAT'S TO BE PROCESSED, ANY BLANK LINE SHOULD
+// GO AFTER THE REQUIRES BELOW.
+//
+//= require jquery
+//= require jquery_ujs
+//= require_tree .

data/spec/dummy/app/assets/stylesheets/application.css

@@ -0,0 +1,13 @@
+/*
+ * This is a manifest file that'll be compiled into application.css, which will include all the files
+ * listed below.
+ *
+ * Any CSS and SCSS file within this directory, lib/assets/stylesheets, vendor/assets/stylesheets,
+ * or vendor/assets/stylesheets of plugins, if any, can be referenced here using a relative path.
+ *
+ * You're free to add application-wide styles to this file and they'll appear at the top of the
+ * compiled file, but it's generally better to create a new file per style scope.
+ *
+ *= require_self
+ *= require_tree .
+ */

data/spec/dummy/app/controllers/api/application_users_controller.rb

@@ -0,0 +1,7 @@
+module Api
+  class ApplicationUsersController < DummyController
+    def create
+      dummy(:create)
+    end
+  end
+end

data/spec/dummy/app/controllers/api/dummy_controller.rb

@@ -0,0 +1,11 @@
+module Api
+  class DummyController < ApplicationController
+    class << self; attr_accessor :last_action, :last_params end
+
+    def dummy(action_name = :dummy)
+      self.class.last_action = action_name
+      self.class.last_params = params
+      render :json => { :head => :no_content }
+    end
+  end
+end