openstax_accounts 0.1.0

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright 2013 Rice University
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,123 @@
+accounts-rails
+=============
+
+A rails engine for interfacing with OpenStax's accounts server.
+
+Usage
+-----
+
+Add the engine to your Gemfile and then run `bundle install`.  
+
+Mount the engine your application's `routes.rb` file:
+
+    MyApplication::Application.routes.draw do
+      ...
+      mount OpenStax::Accounts::Engine, at: "/accounts"
+      ...
+     end
+
+You can use whatever path you want instead of `/accounts`, just make sure to make the appropriate changes below.
+
+Create an `openstax_accounts.rb` initializer in `config/initializers`, with the following contents:
+
+    OpenStax::Accounts.configure do |config|
+      config.openstax_application_id = 'value_from_openstax_accounts_here'
+      config.openstax_application_secret = 'value_from_openstax_accounts_here'
+    end
+
+If you're running OpenStax Accounts in a dev instance on your machine, you can specify that instance's local URL with:
+
+    config.openstax_accounts_url = 'http://localhost:2999/'
+
+To have users login, direct them to `/accounts/sessions/new`.  This is also available through the `openstax_accounts.login` route helper, e.g. `<%= link_to 'Sign in!', openstax_accounts.login_path %>`.
+
+There is also a logout path helper for `/accounts/sessions/destroy`, given by `logout_path`.  By default this expects a `GET` request.  If you'd prefer a `DELETE` request, add this configuration:
+
+    config.logout_via = :delete
+
+OpenStax Accounts provides you with an `OpenStax::Accounts::User` object.  You can
+use this as your app's User object without modification, you can modify it to suit
+your app's needs (not recommended), or you can provide your own custom User object
+that references the OpenStax Accounts User object.  
+
+OpenStax Accounts also provides you methods for getting and setting the current 
+signed in user (`current_user` and `current_user=` methods).  If you choose to create 
+your own custom User object that references the User object provided by Accounts, 
+you can teach OpenStax Accounts how to translate between your app's custom User 
+object and OpenStax Accounts's built-in User object.
+
+To do this, you need to set a `user_provider` in this configuration.  
+
+    config.user_provider = MyUserProvider
+
+The user_provider is a class that provides two class methods:
+
+    def self.accounts_user_to_app_user(accounts_user)
+      # Converts the given accounts user to an app user.
+      # If you want to cache the accounts_user in the app user,
+      # this is the place to do it.
+      # If no app user exists for this accounts user, one should
+      # be created.
+    end
+  
+    def self.app_user_to_accounts_user(app_user)
+      # Converts the given app user to an accounts user.
+    end 
+
+Accounts users are never nil.  When a user is signed out, the current accounts user 
+is an anonymous user (responding true to `is_anonymous?`).  You can follow the same
+pattern in your app or you can use nil for the current user.  Just remember to check
+the anonymous status of accounts users when doing your accounts <-> app translations.
+
+The default `user_provider` just uses OpenStax::Accounts::User as the app user.
+
+Make sure to install the engine's migrations:
+
+    rake openstax_accounts:install:migrations
+
+Accounts API
+------------
+
+OpenStax::Accounts provides convenience methods for accessing the OpenStax Accounts API.
+
+`OpenStax:: Accounts.create_application_user(accounts_user, version = nil)` takes
+an OpenStax::Accounts::User and, optionally, an API version argument, and creates
+an ApplicationUser for the configured application and the given user. Call this method
+when users finish the registration process in your app. This lets Accounts know that the given user is using your app, allowing Accounts to push user information to it whenever it changes.
+
+`OpenStax::Accounts.api_call(http_method, url, options = {})` provides a generic
+convenience method capable of making API calls to Accounts. `http_method` can be
+any valid HTTP method, and `url` is the desired API URL, without the 'api/' prefix.
+Options is a hash that can contain any option that OAuth2 requests accept, such
+as :headers, :params, :body, etc, plus the optional values :api_version (to specify
+an API version) and :access_token (to specify an OAuth access token).
+
+Example Application
+-------------------
+
+There is an example application included in the gem in the `example` folder.
+Here are the steps to follow:
+
+1. Download (clone) the OpenStax Accounts site from github.com/openstax/accounts.  
+1. In the site's `config` folder put a `secret_settings.yml` file that has values for the 
+following keys: `facebook_app_id`, `facebook_app_secret`, `twitter_consumer_key`, `twitter_consumer_secret`.  If you don't have access to these values, you can always make dummy apps on facebook and twitter.
+2. Do the normal steps to get this site online:
+    1. Run `bundle install --without production`
+    2. Run `bundle exec rake db:migrate`
+    3. Run `bundle exec rails server`
+2. Open this accounts site in a web browser (defaults to http://localhost:2999)
+3. Navigate to http://localhost:2999/oauth/applications
+4. Click `New application`
+    5. Set the callback URL to `http://localhost:4000/accounts/auth/openstax/callback`.  
+Port 4000 is where you'll be running the example application.
+    1. The name can be whatever.
+    2. Click the `Trusted?` checkbox.
+    3. Click `Submit`.
+    4. Keep this window open so you can copy the application ID and secret into the example app
+5. Leave the accounts app running
+6. Download (clone) the OpenStax Accounts gem from github.com/openstax/accounts-rails. 
+The example application is in the `example` folder.
+In that folder's config folder, create a `secret_settings.yml` file according to the
+instructions in `secret_settings.yml.example`. Run the example server in the normal way (bundle install..., migrate db, rails server).
+7. Navigate to the home page, http://localhost:4000.  Click log in and play around.  You can also refresh the accounts site and see yourself logged in, log out, etc.
+8. For fun, change example/config/openstax_accounts.rb to set `enable_stubbing` to `true`.  Now when you click login you'll be taken to a developer-only page where you can login as other users, generate new users, create new users, etc.

data/Rakefile

@@ -0,0 +1,22 @@
+#!/usr/bin/env rake
+
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+
+APP_RAKEFILE = File.expand_path('../spec/dummy/Rakefile', __FILE__)
+load 'rails/tasks/engine.rake'
+
+Bundler::GemHelper.install_tasks
+
+Dir[File.join(File.dirname(__FILE__), 'tasks/**/*.rake')].each {|f| load f }
+
+require 'rspec/core'
+require 'rspec/core/rake_task'
+
+desc 'Run all specs in spec directory (excluding plugin specs)'
+RSpec::Core::RakeTask.new(:spec => 'app:db:test:prepare')
+
+task :default => :spec

data/app/assets/javascripts/openstax/accounts/application.js

@@ -0,0 +1,15 @@
+// This is a manifest file that'll be compiled into application.js, which will include all the files
+// listed below.
+//
+// Any JavaScript/Coffee file within this directory, lib/assets/javascripts, vendor/assets/javascripts,
+// or vendor/assets/javascripts of plugins, if any, can be referenced here using a relative path.
+//
+// It's not advisable to add code directly here, but if you do, it'll appear at the bottom of the
+// the compiled file.
+//
+// WARNING: THE FIRST BLANK LINE MARKS THE END OF WHAT'S TO BE PROCESSED, ANY BLANK LINE SHOULD
+// GO AFTER THE REQUIRES BELOW.
+//
+//= require jquery
+//= require jquery_ujs
+//= require_tree .

data/app/assets/stylesheets/openstax/accounts/application.css

@@ -0,0 +1,13 @@
+/*
+ * This is a manifest file that'll be compiled into application.css, which will include all the files
+ * listed below.
+ *
+ * Any CSS and SCSS file within this directory, lib/assets/stylesheets, vendor/assets/stylesheets,
+ * or vendor/assets/stylesheets of plugins, if any, can be referenced here using a relative path.
+ *
+ * You're free to add application-wide styles to this file and they'll appear at the top of the
+ * compiled file, but it's generally better to create a new file per style scope.
+ *
+ *= require_self
+ *= require_tree .
+ */

data/app/assets/stylesheets/openstax/accounts/dev.css.scss

@@ -0,0 +1,31 @@
+@mixin section-block-base($heading_font_size) {
+  margin:  5px 0px;
+
+  .section-block-heading {
+
+    color:     black;
+    font-size: $heading_font_size;
+
+    a { 
+      font-size: $heading_font_size; 
+    }
+  }
+
+  .section-block-body {
+    margin:  $heading_font_size/2 0px 0px;
+    padding: 0px 0px 0px $heading_font_size;
+  }
+}
+
+.section-block-section {
+  @include section-block-base(22px);
+}
+
+
+.section-block-section.nesting-2 {
+  @include section-block-base(14px);
+
+  .section-block-heading {
+    font-style: italic;
+  }
+}

data/app/controllers/openstax/accounts/application_controller.rb

@@ -0,0 +1,24 @@
+module OpenStax
+  module Accounts
+
+    class ApplicationController < ActionController::Base
+      include Lev::HandleWith
+
+      # Override current_user to always return an OpenStax::Accounts::User
+      def current_user
+        current_user_manager.accounts_current_user
+      end
+
+    protected
+
+      def return_url(include_referrer=false)
+        referrer = include_referrer ? request.referrer : nil
+        # Always clear the session
+        session_return_to = session.delete(:return_to)
+        params[:return_to] || session_return_to || referrer || main_app.root_url
+      end
+
+    end
+
+  end
+end

data/app/controllers/openstax/accounts/dev/dev_controller.rb

@@ -0,0 +1,13 @@
+module OpenStax
+  module Accounts
+    module Dev
+      class DevController < OpenStax::Accounts::ApplicationController
+
+        before_filter Proc.new{ 
+          raise SecurityTransgression if Rails.env.production?
+        }
+        
+      end
+    end
+  end
+end

data/app/controllers/openstax/accounts/dev/users_controller.rb

@@ -0,0 +1,21 @@
+module OpenStax
+  module Accounts
+    module Dev
+      class UsersController < OpenStax::Accounts::Dev::DevController
+        
+        def login; end
+
+        def search
+          handle_with(OpenStax::Accounts::Dev::UsersSearch,
+                      complete: lambda { render 'search' })
+        end
+
+        def become
+          sign_in(User.find(params[:user_id]))
+          redirect_to return_url(true)
+        end
+
+      end
+    end
+  end
+end

data/app/controllers/openstax/accounts/sessions_controller.rb

@@ -0,0 +1,41 @@
+module OpenStax
+  module Accounts
+    class SessionsController < OpenStax::Accounts::ApplicationController
+
+      def new
+        session[:return_to] ||= request.referrer
+        redirect_to RouteHelper.get_path(:login)
+      end
+
+      def omniauth_authenticated
+        handle_with(SessionsOmniauthAuthenticated,
+                    success: lambda {
+                      sign_in(@handler_result.outputs[:accounts_user_to_sign_in])
+                      # referrer is in Accounts, so don't include it
+                      redirect_to return_url
+                    },
+                    failure: lambda {
+                      failure
+                    })
+      end
+
+      def destroy
+        sign_out!
+
+        # If we're using the Accounts server, need to sign out of it so can't 
+        # log back in automagically
+        redirect_to OpenStax::Accounts.configuration.enable_stubbing? ?
+                      return_url :
+                      OpenStax::Utilities.generate_url(
+                        OpenStax::Accounts.configuration.openstax_accounts_url + "/logout",
+                        return_to: return_url
+                      )
+      end
+
+      def failure
+        redirect_to return_url, alert: "Authentication failed, please try again."
+      end
+
+    end
+  end
+end

data/app/handlers/openstax/accounts/dev/users_search.rb

@@ -0,0 +1,38 @@
+module OpenStax
+  module Accounts
+    module Dev
+      class UsersSearch
+
+        lev_handler transaction: :no_transaction
+        
+        paramify :search do
+          attribute :search_type, type: String
+          validates :search_type, presence: true,
+                                  inclusion: { in: %w(Name Username Any),
+                                               message: "is not valid" }
+
+          attribute :search_terms, type: String
+          validates :search_terms, presence: true                               
+        end
+
+        uses_routine OpenStax::Accounts::SearchUsers, 
+                     as: :search_users,
+                     translations: { outputs: {type: :verbatim} }
+
+      protected
+
+        def authorized?
+          !Rails.env.production? || caller.is_administrator?
+        end
+
+        def handle
+          terms = search_params.search_terms
+          type = search_params.search_type
+
+          run(:search_users, terms, type.downcase.to_sym)
+        end
+
+      end
+    end
+  end
+end

data/app/handlers/openstax/accounts/sessions_omniauth_authenticated.rb

@@ -0,0 +1,47 @@
+module OpenStax
+  module Accounts
+
+    class SessionsOmniauthAuthenticated
+      lev_handler
+
+    protected
+
+      def setup
+        @auth_data = request.env['omniauth.auth']
+      end
+
+      def authorized?
+        @auth_data.provider == "openstax"
+      end
+
+      def handle
+        outputs[:accounts_user_to_sign_in] = user_to_sign_in
+      end
+
+      def user_to_sign_in
+        return caller if 
+          !caller.nil? && 
+          !caller.is_anonymous? &&
+          caller.openstax_uid == @auth_data.uid
+
+        existing_user = User.where(openstax_uid: @auth_data.uid).first
+        return existing_user if !existing_user.nil?
+
+        new_user = User.create do |user|
+          user.openstax_uid = @auth_data.uid
+          user.username     = @auth_data.info.nickname
+          user.first_name   = @auth_data.info.first_name
+          user.last_name    = @auth_data.info.last_name
+          user.full_name    = @auth_data.info.name
+          user.title        = @auth_data.info.title
+          user.access_token = @auth_data.credentials.token
+        end
+
+        transfer_errors_from(new_user, {type: :verbatim})
+
+        new_user
+      end
+    end
+
+  end
+end

data/app/helpers/openstax/accounts/application_helper.rb

@@ -0,0 +1,20 @@
+module OpenStax
+  module Accounts
+    module ApplicationHelper
+
+      def unless_errors(options={}, &block)
+        options[:errors] ||= @handler_result.errors
+        options[:errors_html_id] ||= OpenStax::Accounts.configuration.default_errors_html_id
+        options[:errors_partial] ||= OpenStax::Accounts.configuration.default_errors_partial
+        options[:trigger] ||= OpenStax::Accounts.configuration.default_errors_added_trigger
+
+        if options[:errors].any? || flash[:alert]
+          "$('##{options[:errors_html_id]}').html('#{ j(render options[:errors_partial], errors: options[:errors]) }').trigger('#{options[:trigger]}');".html_safe
+        else
+          ("$('##{options[:errors_html_id]}').html('');" + capture(&block)).html_safe
+        end
+      end
+
+    end
+  end
+end

data/app/models/openstax/accounts/user.rb

@@ -0,0 +1,42 @@
+module OpenStax
+  module Accounts
+    class User < ActiveRecord::Base
+
+      validates :username, uniqueness: true
+      validates :username, presence: true
+      validates :openstax_uid, presence: true
+
+      # first and last names are not required
+
+      def name
+        (first_name || last_name) ? [first_name, last_name].compact.join(" ") : username
+      end
+
+      def casual_name
+        first_name || username
+      end    
+
+      def is_anonymous?
+        is_anonymous == true
+      end
+
+      attr_accessor :is_anonymous
+
+      def self.anonymous
+        @@anonymous ||= AnonymousUser.new
+      end
+
+      class AnonymousUser < User
+        before_save { false } 
+        def initialize(attributes=nil)
+          super
+          self.is_anonymous = true
+          self.first_name   = 'Guest'
+          self.last_name    = 'User'
+          self.openstax_uid = nil
+        end
+      end
+
+    end
+  end
+end

data/app/routines/openstax/accounts/dev/create_user.rb

@@ -0,0 +1,37 @@
+module OpenStax
+  module Accounts
+    module Dev
+      class CreateUser
+        lev_routine
+
+      protected
+
+        def exec(inputs={})
+
+          username = inputs[:username]
+
+          if username.nil? || inputs[:ensure_no_errors]
+            loop do 
+              break if !username.nil? && OpenStax::Accounts::User.where(username: username).none?
+              username = "#{inputs[:username] || 'user'}#{rand(1000000)}"
+            end
+          end
+
+          outputs[:user] = OpenStax::Accounts::User.create do |user|
+            user.first_name = inputs[:first_name]
+            user.last_name = inputs[:last_name]
+            user.username = username
+            user.openstax_uid = available_negative_openstax_uid
+          end
+        
+          transfer_errors_from(outputs[:user], {type: :verbatim})
+        end
+
+        def available_negative_openstax_uid
+          (OpenStax::Accounts::User.order("openstax_uid DESC").last.try(:openstax_uid) || 0) - 1
+        end
+
+      end
+    end
+  end
+end

data/app/routines/openstax/accounts/search_users.rb

@@ -0,0 +1,47 @@
+require 'squeel'
+
+module OpenStax
+  module Accounts
+
+    class SearchUsers
+      lev_routine transaction: :no_transaction
+
+    protected
+
+      def exec(terms, type=:any)
+        # Return empty results if no search terms
+        return User.where{id == nil}.where{id != nil} if terms.blank?
+
+        # Note: % is the wildcard. This allows the user to search
+        # for stuff that "begins with" but not "ends with".
+        case type
+        when :name
+          users = User.scoped
+          terms.gsub(/[%,]/, '').split.each do |t|
+            next if t.blank?
+            query = t + '%'
+            users = users.where{(first_name =~ query) | (last_name =~ query)}
+          end
+        when :username
+          query = terms.gsub('%', '') + '%'
+          users = User.where{username =~ query}
+        when :any
+          users = User.scoped
+          terms.gsub(/[%,]/, '').split.each do |t|
+            next if t.blank?
+            query = t + '%'
+            users = users.where{(first_name =~ query) | 
+                        (last_name =~ query) |
+                        (username =~ query)}
+          end
+        else
+          fatal_error(:unknown_user_search_type, data: type)
+        end
+
+        outputs[:users] = users
+      end
+
+    end
+
+  end
+end

data/app/views/layouts/openstax/accounts/application.html.erb

@@ -0,0 +1,14 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>Accounts</title>
+  <%= stylesheet_link_tag    "openstax/accounts/application", :media => "all" %>
+  <%= javascript_include_tag "openstax/accounts/application" %>
+  <%= csrf_meta_tags %>
+</head>
+<body>
+
+<%= yield %>
+
+</body>
+</html>

data/app/views/openstax/accounts/dev/users/login.html.erb

@@ -0,0 +1,17 @@
+
+<div class="openstax-accounts development-login">
+
+  <% handler_errors.each do |error| %>
+    <%= error.translate %>
+  <% end %>
+
+  <%= osu.section_block "Development Login" do %>
+
+    <p>You need to login, but we're not connected to the Accounts server. Search for a user below 
+       and click the sign in link next to him or her.</p>
+
+    <%= render 'openstax/accounts/users/action_search', action_search_path: search_dev_users_path %>
+
+  <% end %>
+
+</div>

data/app/views/openstax/accounts/dev/users/search.js.erb

@@ -0,0 +1,21 @@
+
+<%= render template: 'openstax/accounts/users/action_search',
+           locals: {
+             users: @handler_result.outputs[:users],
+             list: OpenStax::Accounts::ActionList.new(
+                     headings: ['First Name', 'Last Name', 'Username', ''],
+                     widths: ['25%', '25%', '25%', '25%'],
+                     data_procs:
+                       [
+                         Proc.new { |user| user.first_name },
+                         Proc.new { |user| user.last_name },
+                         Proc.new { |user| user.username },
+                         Proc.new { |user| 
+                          link_to 'Sign in as', 
+                                  become_dev_users_path(:user_id => user.id), 
+                                  method: :post 
+                         }
+                       ]
+                   )
+           }
+%>

data/app/views/openstax/accounts/shared/_attention.html.erb

@@ -0,0 +1,3 @@
+<% handler_errors.each do |error| %>
+  <%= error.translate %>
+<% end %>

data/app/views/openstax/accounts/users/_action_create_form.html.erb

@@ -0,0 +1,9 @@
+<%# Copyright 2011-2012 Rice University. Licensed under the Affero General Public 
+    License version 3 or later.  See the COPYRIGHT file for details. %>
+
+<%# Callers must supply a 'user' local variable %>
+
+<%= form_for target, :method => :post, :remote => true do |f| %>
+  <%= f.hidden_field :user_id, :value => user.id %>
+  <%= f.submit "Add", :onclick => please_wait_js %>
+<% end %>

data/app/views/openstax/accounts/users/_action_dialog.html.erb

@@ -0,0 +1,10 @@
+<%# Copyright 2011-2012 Rice University. Licensed under the Affero General Public 
+    License version 3 or later.  See the COPYRIGHT file for details. %>
+
+<div id="user_action_dialog" style="display:none" title="<%= @action_dialog_title %>">
+  <div id="user_action_dialog_errors"></div>
+  
+  <%= render :partial => 'users/action_search', 
+             :locals => { :action_search_path => @action_search_path } %>
+                          
+</div>