pager-restful_open_id_authentication 1.0.20080507

data/generators/open_id_authenticated/templates/controller.rb

@@ -0,0 +1,94 @@
+# This controller handles the login/logout function of the site.  
+class <%= controller_class_name %>Controller < ApplicationController
+  open_id_consumer :required => [:email, :nickname]
+  # Be sure to include AuthenticationSystem in Application Controller instead
+  include AuthenticatedSystem
+  # If you want "remember me" functionality, add this before_filter to Application Controller
+  before_filter :login_from_cookie
+
+  # render new.rhtml
+  def new
+    @<%= file_name %> = <%= class_name %>.new(params[:<%= file_name %>])
+  end
+
+  def create
+    self.current_<%= file_name %> = <%= class_name %>.authenticate(params[:login], params[:password])
+    if logged_in?
+      if params[:remember_me] == "1"
+        self.current_<%= file_name %>.remember_me
+        cookies[:auth_token] = { :value => self.current_<%= file_name %>.remember_token , :expires => self.current_<%= file_name %>.remember_token_expires_at }
+      end
+      redirect_back_or_default('/')
+      flash[:notice] = "Logged in successfully"
+    else
+      flash[:notice] = "Login failed"
+      render :action => 'new'
+    end
+  end
+
+  def destroy
+    self.current_<%= file_name %>.forget_me if logged_in?
+    cookies.delete :auth_token
+    reset_session
+    flash[:notice] = "You have been logged out."
+    redirect_back_or_default('/')
+  end
+  
+  def begin
+    # If the URL was unusable (either because of network conditions, a server error, 
+    # or that the response returned was not an OpenID identity page), the library 
+    # will return HTTP_FAILURE or PARSE_ERROR. Let the user know that the URL is unusable.
+    case open_id_response.status
+      when OpenID::SUCCESS
+        # The URL was a valid identity URL. Now we just need to send a redirect
+        # to the server using the redirect_url the library created for us.
+
+        # redirect to the server
+        redirect_to open_id_response.redirect_url((request.protocol + request.host_with_port + "/"), complete_<%= controller_file_name %>_url)
+      else
+        flash[:error] = "Unable to find OpenID server for <q>#{params[:open_id_url]}</q>"
+        render :action => :new
+    end
+  end
+  
+  def complete
+    case open_id_response.status
+      when OpenID::FAILURE
+        # In the case of failure, if info is non-nil, it is the URL that we were verifying. 
+        # We include it in the error message to help the user figure out what happened.
+        flash[:notice] = if open_id_response.identity_url
+          "Verification of #{open_id_response.identity_url} failed. "
+        else
+          "Verification failed. "
+        end
+        flash[:notice] += open_id_response.msg.to_s
+      when OpenID::SUCCESS
+        # Success means that the transaction completed without error. If info is nil, 
+        # it means that the user cancelled the verification.
+        flash[:notice] = "You have successfully verified #{open_id_response.identity_url} as your identity."
+        if open_id_fields.any?
+          @<%= file_name %>   = <%= class_name %>.find_by_open_id_url(open_id_response.identity_url)
+          @<%= file_name %> ||= <%= class_name %>.new(:open_id_url => open_id_response.identity_url)
+          @<%= file_name %>.login       = open_id_fields['nickname'] if open_id_fields['nickname']
+          @<%= file_name %>.email       = open_id_fields['email']    if open_id_fields['email']          
+          if @<%= file_name %>.save
+            self.current_<%= file_name %> = @<%= file_name %>
+            if params[:remember_me] == "1"
+              self.current_<%= file_name %>.remember_me
+              cookies[:auth_token] = { :value => self.current_<%= file_name %>.remember_token , :expires => self.current_<%= file_name %>.remember_token_expires_at }
+            end
+            flash[:notice] = "You have successfully verified #{open_id_response.identity_url} as your identity."
+            return redirect_back_or_default('/')
+          else
+            flash[:notice] = @<%= file_name %>.errors.full_messages.join('<br />')
+            render :action => 'new' and return
+          end
+        end
+      when OpenID::CANCEL
+        flash[:notice] = "Verification cancelled."
+      else
+        flash[:notice] = "Unknown response status: #{open_id_response.status}"
+    end
+    redirect_to :action => 'new'
+  end
+end

data/generators/open_id_authenticated/templates/fixtures.yml

@@ -0,0 +1,17 @@
+quentin:
+  id: 1
+  login: quentin
+  email: quentin@example.com
+  salt: 7e3041ebc2fc05a40c60028e2c4901a81035d3cd
+  crypted_password: 00742970dc9e6319f8019fd54864d3ea740f04b1 # test
+  created_at: <%%= 5.days.ago.to_s :db %>
+<% if options[:include_activation] %>  activation_code: 8f24789ae988411ccf33ab0c30fe9106fab32e9b <% end %>
+<% if options[:include_activation] %>  activated_at: <%%= 5.days.ago.to_s :db %> <% end %>
+aaron:
+  id: 2
+  login: aaron
+  email: aaron@example.com
+  salt: 7e3041ebc2fc05a40c60028e2c4901a81035d3cd
+  crypted_password: 00742970dc9e6319f8019fd54864d3ea740f04b1 # test
+  created_at: <%%= 1.days.ago.to_s :db %>
+<% if options[:include_activation] %>  activation_code: 8f24789ae988411ccf33ab0c30fe9106fab32e9a <% end %>

data/generators/open_id_authenticated/templates/functional_test.rb

@@ -0,0 +1,85 @@
+require File.dirname(__FILE__) + '/../test_helper'
+require '<%= controller_file_name %>_controller'
+
+# Re-raise errors caught by the controller.
+class <%= controller_class_name %>Controller; def rescue_action(e) raise e end; end
+
+class <%= controller_class_name %>ControllerTest < Test::Unit::TestCase
+  # Be sure to include AuthenticatedTestHelper in test/test_helper.rb instead
+  # Then, you can remove it from this and the units test.
+  include AuthenticatedTestHelper
+
+  fixtures :<%= table_name %>
+
+  def setup
+    @controller = <%= controller_class_name %>Controller.new
+    @request    = ActionController::TestRequest.new
+    @response   = ActionController::TestResponse.new
+  end
+
+  def test_should_login_and_redirect
+    post :create, :login => 'quentin', :password => 'test'
+    assert session[:<%= file_name %>]
+    assert_response :redirect
+  end
+
+  def test_should_fail_login_and_not_redirect
+    post :create, :login => 'quentin', :password => 'bad password'
+    assert_nil session[:<%= file_name %>]
+    assert_response :success
+  end
+
+  def test_should_logout
+    login_as :quentin
+    get :destroy
+    assert_nil session[:<%= file_name %>]
+    assert_response :redirect
+  end
+
+  def test_should_remember_me
+    post :create, :login => 'quentin', :password => 'test', :remember_me => "1"
+    assert_not_nil @response.cookies["auth_token"]
+  end
+
+  def test_should_not_remember_me
+    post :create, :login => 'quentin', :password => 'test', :remember_me => "0"
+    assert_nil @response.cookies["auth_token"]
+  end
+  
+  def test_should_delete_token_on_logout
+    login_as :quentin
+    get :destroy
+    assert_equal @response.cookies["auth_token"], []
+  end
+
+  def test_should_login_with_cookie
+    <%= table_name %>(:quentin).remember_me
+    @request.cookies["auth_token"] = cookie_for(:quentin)
+    get :new
+    assert @controller.send(:logged_in?)
+  end
+
+  def test_should_fail_expired_cookie_login
+    <%= table_name %>(:quentin).remember_me
+    <%= table_name %>(:quentin).update_attribute :remember_token_expires_at, 5.minutes.ago
+    @request.cookies["auth_token"] = cookie_for(:quentin)
+    get :new
+    assert !@controller.send(:logged_in?)
+  end
+
+  def test_should_fail_cookie_login
+    <%= table_name %>(:quentin).remember_me
+    @request.cookies["auth_token"] = auth_token('invalid_auth_token')
+    get :new
+    assert !@controller.send(:logged_in?)
+  end
+
+  protected
+    def auth_token(token)
+      CGI::Cookie.new('name' => 'auth_token', 'value' => token)
+    end
+    
+    def cookie_for(<%= file_name %>)
+      auth_token <%= table_name %>(<%= file_name %>).remember_token
+    end
+end

data/generators/open_id_authenticated/templates/helper.rb

@@ -0,0 +1,2 @@
+module <%= controller_class_name %>Helper
+end

data/generators/open_id_authenticated/templates/login.rhtml

@@ -0,0 +1,20 @@
+<h2>Sign in with OpenID</h2>
+<%%= render :partial => "<%= controller_file_name %>/open_id_form" %>
+
+<p>If you don't already have an OpenID account you can easily create one at <%%= link_to 'MyOpenID', 'http://www.myopenid.com' -%>.</p>
+
+<h2>Or use your login/password</h2>
+<%% form_tag <%= controller_singular_name %>_path do -%>
+  <p><label for="login">Login</label><br/>
+  <%%= text_field_tag 'login' %></p>
+
+  <p><label for="password">Password</label><br/>
+  <%%= password_field_tag 'password' %></p>
+
+  <!-- Uncomment this if you want this functionality
+  <p><label for="remember_me">Remember me:</label>
+  <%%= check_box_tag 'remember_me' %></p>
+  -->
+
+  <p><%%= submit_tag 'Log in' %></p>
+<%% end -%>

data/generators/open_id_authenticated/templates/migration.rb

@@ -0,0 +1,45 @@
+class <%= migration_name %> < ActiveRecord::Migration
+  def self.up
+    create_table :<%= table_name %>, :force => true do |t|
+      t.column :login,                     :string
+      t.column :email,                     :string
+      t.column :crypted_password,          :string, :limit => 40
+      t.column :salt,                      :string, :limit => 40
+      t.column :created_at,                :datetime
+      t.column :updated_at,                :datetime
+      t.column :remember_token,            :string
+      t.column :remember_token_expires_at, :datetime
+      t.column :open_id_url,               :string
+      <% if options[:include_activation] %>
+      t.column :activation_code, :string, :limit => 40
+      t.column :activated_at, :datetime<% end %>
+    end
+    
+    create_table :open_id_associations, :force => true do |t|
+      t.column :server_url,   :binary
+      t.column :handle,       :string
+      t.column :secret,       :binary
+      t.column :issued,       :integer
+      t.column :lifetime,     :integer
+      t.column :assoc_type,   :string
+    end
+
+    create_table :open_id_nonces, :force => true do |t|
+      t.column :nonce,        :string
+      t.column :created,      :integer
+    end
+
+    create_table :open_id_settings, :force => true do |t|
+      t.column :setting,      :string
+      t.column :value,        :binary
+    end
+  end
+
+  def self.down
+    drop_table :<%= table_name %>
+    drop_table :open_id_associations
+    drop_table :open_id_nonces
+    drop_table :open_id_settings
+  end
+
+end

data/generators/open_id_authenticated/templates/model.rb

@@ -0,0 +1,93 @@
+require 'digest/sha1'
+class <%= class_name %> < ActiveRecord::Base
+  # Virtual attribute for the unencrypted password
+  attr_accessor :password
+
+  validates_presence_of     :login, :email
+  validates_presence_of     :password,                   :if => :password_required?
+  validates_presence_of     :password_confirmation,      :if => :password_required?
+  validates_length_of       :password, :within => 4..40, :if => :password_required?
+  validates_confirmation_of :password,                   :if => :password_required?
+  validates_length_of       :login,    :within => 3..40
+  validates_length_of       :email,    :within => 3..100
+  validates_uniqueness_of   :login, :email, :case_sensitive => false
+  before_save :encrypt_password
+  <% if options[:include_activation] %> before_create :make_activation_code <% end %>
+  <% if options[:include_activation] %>
+  # Activates the user in the database.
+  def activate
+    @activated = true
+    self.attributes = {:activated_at => Time.now.utc, :activation_code => nil}
+    save(false)
+  end
+
+  def activated?
+    !! activation_code.nil?
+  end
+
+  # Returns true if the user has just been activated.
+  def recently_activated?
+    @activated
+  end <% end %>
+  # Authenticates a user by their login name and unencrypted password.  Returns the user or nil.
+  def self.authenticate(login, password)
+    u = <% if options[:include_activation] %>find :first, :conditions => ['login = ? and activated_at IS NOT NULL', login]<% else %>find_by_login(login)<% end %> # need to get the salt
+    u && u.authenticated?(password) ? u : nil
+  end
+
+  # Encrypts some data with the salt.
+  def self.encrypt(password, salt)
+    Digest::SHA1.hexdigest("--#{salt}--#{password}--")
+  end
+
+  # Encrypts the password with the user salt
+  def encrypt(password)
+    self.class.encrypt(password, salt)
+  end
+
+  def authenticated?(password)
+    crypted_password == encrypt(password)
+  end
+
+  def remember_token?
+    remember_token_expires_at && Time.now.utc < remember_token_expires_at 
+  end
+
+  # These create and unset the fields required for remembering users between browser closes
+  def remember_me
+    remember_me_for 2.weeks
+  end
+
+  def remember_me_for(time)
+    remember_me_until time.from_now.utc
+  end
+
+  def remember_me_until(time)
+    self.remember_token_expires_at = time
+    self.remember_token            = encrypt("#{email}--#{remember_token_expires_at}")
+    save(false)
+  end
+
+  def forget_me
+    self.remember_token_expires_at = nil
+    self.remember_token            = nil
+    save(false)
+  end
+
+  protected
+    # before filter 
+    def encrypt_password
+      return if password.blank?
+      self.salt = Digest::SHA1.hexdigest("--#{Time.now.to_s}--#{login}--") if new_record?
+      self.crypted_password = encrypt(password)
+    end
+    
+    def password_required?
+      open_id_url.nil? && (crypted_password.blank? || !password.blank?)
+    end
+
+    <% if options[:include_activation] %>
+    def make_activation_code
+      self.activation_code = Digest::SHA1.hexdigest( Time.now.to_s.split(//).sort_by {rand}.join )
+    end <% end %>
+end

data/generators/open_id_authenticated/templates/model_controller.rb

@@ -0,0 +1,30 @@
+class <%= model_controller_class_name %>Controller < ApplicationController
+  # Be sure to include AuthenticationSystem in Application Controller instead
+  include AuthenticatedSystem
+  # If you want "remember me" functionality, add this before_filter to Application Controller
+  before_filter :login_from_cookie
+
+  # render new.rhtml
+  def new
+  end
+
+  def create
+    @<%= file_name %> = <%= class_name %>.new(params[:<%= file_name %>])
+    @<%= file_name %>.save!
+    self.current_<%= file_name %> = @<%= file_name %>
+    redirect_back_or_default('/')
+    flash[:notice] = "Thanks for signing up!"
+  rescue ActiveRecord::RecordInvalid
+    render :action => 'new'
+  end
+<% if options[:include_activation] %>
+  def activate
+    self.current_<%= file_name %> = <%= class_name %>.find_by_activation_code(params[:activation_code])
+    if logged_in? && !current_<%= file_name %>.activated?
+      current_<%= file_name %>.activate
+      flash[:notice] = "Signup complete!"
+    end
+    redirect_back_or_default('/')
+  end
+<% end %>
+end

data/generators/open_id_authenticated/templates/model_functional_test.rb

@@ -0,0 +1,72 @@
+require File.dirname(__FILE__) + '/../test_helper'
+require '<%= model_controller_file_name %>_controller'
+
+# Re-raise errors caught by the controller.
+class <%= model_controller_class_name %>Controller; def rescue_action(e) raise e end; end
+
+class <%= model_controller_class_name %>ControllerTest < Test::Unit::TestCase
+  # Be sure to include AuthenticatedTestHelper in test/test_helper.rb instead
+  # Then, you can remove it from this and the units test.
+  include AuthenticatedTestHelper
+
+  fixtures :<%= table_name %>
+
+  def setup
+    @controller = <%= model_controller_class_name %>Controller.new
+    @request    = ActionController::TestRequest.new
+    @response   = ActionController::TestResponse.new
+  end
+
+  def test_should_allow_signup
+    assert_difference <%= class_name %>, :count do
+      create_<%= file_name %>
+      assert_response :redirect
+    end
+  end
+
+  def test_should_require_login_on_signup
+    assert_no_difference <%= class_name %>, :count do
+      create_<%= file_name %>(:login => nil)
+      assert assigns(:<%= file_name %>).errors.on(:login)
+      assert_response :success
+    end
+  end
+
+  def test_should_require_password_on_signup
+    assert_no_difference <%= class_name %>, :count do
+      create_<%= file_name %>(:password => nil)
+      assert assigns(:<%= file_name %>).errors.on(:password)
+      assert_response :success
+    end
+  end
+
+  def test_should_require_password_confirmation_on_signup
+    assert_no_difference <%= class_name %>, :count do
+      create_<%= file_name %>(:password_confirmation => nil)
+      assert assigns(:<%= file_name %>).errors.on(:password_confirmation)
+      assert_response :success
+    end
+  end
+
+  def test_should_require_email_on_signup
+    assert_no_difference <%= class_name %>, :count do
+      create_<%= file_name %>(:email => nil)
+      assert assigns(:<%= file_name %>).errors.on(:email)
+      assert_response :success
+    end
+  end
+  <% if options[:include_activation] %>
+  def test_should_activate_user
+    assert_nil <%= class_name %>.authenticate('aaron', 'test')
+    get :activate, :activation_code => <%= table_name %>(:aaron).activation_code
+    assert_redirected_to '/'
+    assert_not_nil flash[:notice]
+    assert_equal <%= table_name %>(:aaron), <%= class_name %>.authenticate('aaron', 'test')
+  end <% end %>
+
+  protected
+    def create_<%= file_name %>(options = {})
+      post :create, :<%= file_name %> => { :login => 'quire', :email => 'quire@example.com', 
+        :password => 'quire', :password_confirmation => 'quire' }.merge(options)
+    end
+end