pager-restful_open_id_authentication 1.0.20080507

data/README

@@ -0,0 +1,63 @@
+RESTful OpenID Authentication 0.1
+===================
+
+A Ruby on Rails plugin for OpenID authentication and profile exchange
+
+Developed by EastMedia (http://www.eastmedia.com) for VeriSign
+Contact Matt Pelletier - matt AT eastmedia.com
+
+Thanks to atmos for working on an extension of restful_authentication that piggy-backed
+the original open_id_consumer plugin. This plugin merges some of those ideas with others
+and merged them with the open_id_consumer plugin.
+
+
+WHAT IS IT?
+-----------
+
+Installing this plugin allows you to extend your Rails application with OpenID authentication and profile exchange.
+
+
+PRE-REQUISITES
+--------------
+
+* JanRain's Yadis and OpenID 1.1 libraries in Ruby.
+  * These can be obtained using 'gem install ruby-openid'
+* Requires you have an OpenID account, such as from one of the following:
+  * http://pip.verisignlabs.com
+  * http://www.myopenid.com
+* Rails 1.2.2 (for the singular resource routes. otherwise 1.2.1 should be fine)
+* SimplyRestful plugin from Rails
+  * ./script/plugin install http://svn.rubonrails.org/rails/plugins/simply_restful
+
+
+INSTALLATION
+------------
+
+To install you need to run the generator script. This script will:
+* Create a migration to create tables for the user and OpenID-related tables
+* Generate two controllers (one for the model and one for the session)
+* Generate the user model
+
+  ./script/generate open_id_authenticated USERMODEL CONTROLLERNAME
+  
+Where USERMODEL would be 'User' and CONTROLLERNAME would be 'Session' by default
+
+You should add RESTful routes (this is also recommended in the generator output).
+For example, if your model is 'User' and your login controller is 'Session':
+
+  map.resources :users
+  map.resource  :session, :collection => { :begin => :post, :complete => :get }
+
+
+EDUCATION
+---------
+
+On the Web:
+http://www.openidenabled.com/
+http://www.openidenabled.com/openid/simple-registration-extension/
+
+On IRC:
+Freenode: #openid and ##identity
+
+More to come
+

data/Rakefile

@@ -0,0 +1,22 @@
+require 'rake'
+require 'rake/testtask'
+require 'rake/rdoctask'
+
+desc 'Default: run unit tests.'
+task :default => :test
+
+desc 'Test the restful_open_id_authentication plugin.'
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'lib'
+  t.pattern = 'test/**/*_test.rb'
+  t.verbose = true
+end
+
+desc 'Generate documentation for the restful_open_id_authentication plugin.'
+Rake::RDocTask.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'RestfulOpenIDAuthentication'
+  rdoc.options << '--line-numbers' << '--inline-source'
+  rdoc.rdoc_files.include('README')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end

data/generators/open_id_authenticated/USAGE

@@ -0,0 +1 @@
+./script/generate open_id_authenticated USERMODEL CONTROLLERNAME

data/generators/open_id_authenticated/open_id_authenticated_generator.rb

@@ -0,0 +1,215 @@
+class OpenIdAuthenticatedGenerator < Rails::Generator::NamedBase
+  attr_reader   :controller_name,
+                :controller_class_path,
+                :controller_file_path,
+                :controller_class_nesting,
+                :controller_class_nesting_depth,
+                :controller_class_name,
+                :controller_singular_name,
+                :controller_plural_name
+  alias_method  :controller_file_name,  :controller_singular_name
+  alias_method  :controller_table_name, :controller_plural_name
+  attr_reader   :model_controller_name,
+                :model_controller_class_path,
+                :model_controller_file_path,
+                :model_controller_class_nesting,
+                :model_controller_class_nesting_depth,
+                :model_controller_class_name,
+                :model_controller_singular_name,
+                :model_controller_plural_name
+  alias_method  :model_controller_file_name,  :model_controller_singular_name
+  alias_method  :model_controller_table_name, :model_controller_plural_name
+
+  def initialize(runtime_args, runtime_options = {})
+    super
+
+    @controller_name = args.shift || 'session'
+    @model_controller_name = @name.pluralize
+
+    # sessions controller
+    base_name, @controller_class_path, @controller_file_path, @controller_class_nesting, @controller_class_nesting_depth = extract_modules(@controller_name)
+    @controller_class_name_without_nesting, @controller_singular_name, @controller_plural_name = inflect_names(base_name)
+
+    if @controller_class_nesting.empty?
+      @controller_class_name = @controller_class_name_without_nesting
+    else
+      @controller_class_name = "#{@controller_class_nesting}::#{@controller_class_name_without_nesting}"
+    end
+
+    # model controller
+    base_name, @model_controller_class_path, @model_controller_file_path, @model_controller_class_nesting, @model_controller_class_nesting_depth = extract_modules(@model_controller_name)
+    @model_controller_class_name_without_nesting, @model_controller_singular_name, @model_controller_plural_name = inflect_names(base_name)
+    
+    if @model_controller_class_nesting.empty?
+      @model_controller_class_name = @model_controller_class_name_without_nesting
+    else
+      @model_controller_class_name = "#{@model_controller_class_nesting}::#{@model_controller_class_name_without_nesting}"
+    end
+  end
+
+  def manifest
+    recorded_session = record do |m|
+      # Check for class naming collisions.
+      m.class_collisions controller_class_path,       "#{controller_class_name}Controller", # Sessions Controller
+                                                      "#{controller_class_name}Helper"
+      m.class_collisions model_controller_class_path, "#{model_controller_class_name}Controller", # Model Controller
+                                                      "#{model_controller_class_name}Helper"
+      m.class_collisions class_path,                  "#{class_name}", "#{class_name}Notifier", "#{class_name}NotifierTest", "#{class_name}Observer"
+      m.class_collisions [], 'AuthenticatedSystem', 'AuthenticatedTestHelper'
+
+      # Controller, helper, views, and test directories.
+      m.directory File.join('app/models', class_path)
+      m.directory File.join('app/controllers', controller_class_path)
+      m.directory File.join('app/controllers', model_controller_class_path)
+      m.directory File.join('app/helpers', controller_class_path)
+      m.directory File.join('app/views', controller_class_path, controller_file_name)
+      m.directory File.join('app/views', class_path, "#{file_name}_notifier")
+      m.directory File.join('test/functional', controller_class_path)
+      m.directory File.join('app/controllers', model_controller_class_path)
+      m.directory File.join('app/helpers', model_controller_class_path)
+      m.directory File.join('app/views', model_controller_class_path, model_controller_file_name)
+      m.directory File.join('test/functional', model_controller_class_path)
+      m.directory File.join('test/unit', class_path)
+
+      m.template 'model.rb',
+                  File.join('app/models',
+                            class_path,
+                            "#{file_name}.rb")
+
+      if options[:include_activation]
+        %w( notifier observer ).each do |model_type|
+          m.template "#{model_type}.rb", File.join('app/models',
+                                               class_path,
+                                               "#{file_name}_#{model_type}.rb")
+        end
+      end
+
+      m.template 'controller.rb',
+                  File.join('app/controllers',
+                            controller_class_path,
+                            "#{controller_file_name}_controller.rb")
+
+      m.template 'model_controller.rb',
+                  File.join('app/controllers',
+                            model_controller_class_path,
+                            "#{model_controller_file_name}_controller.rb")
+
+      m.template 'authenticated_system.rb',
+                  File.join('lib', 'authenticated_system.rb')
+
+      m.template 'authenticated_test_helper.rb',
+                  File.join('lib', 'authenticated_test_helper.rb')
+
+      m.template 'functional_test.rb',
+                  File.join('test/functional',
+                            controller_class_path,
+                            "#{controller_file_name}_controller_test.rb")
+
+      m.template 'model_functional_test.rb',
+                  File.join('test/functional',
+                            model_controller_class_path,
+                            "#{model_controller_file_name}_controller_test.rb")
+
+      m.template 'helper.rb',
+                  File.join('app/helpers',
+                            controller_class_path,
+                            "#{controller_file_name}_helper.rb")
+
+      m.template 'model_helper.rb',
+                  File.join('app/helpers',
+                            model_controller_class_path,
+                            "#{model_controller_file_name}_helper.rb")
+
+      m.template 'unit_test.rb',
+                  File.join('test/unit',
+                            class_path,
+                            "#{file_name}_test.rb")
+
+      if options[:include_activation]
+        m.template 'notifier_test.rb', File.join('test/unit', class_path, "#{file_name}_notifier_test.rb")
+      end
+
+      m.template 'fixtures.yml',
+                  File.join('test/fixtures',
+                            "#{table_name}.yml")
+
+      # Controller templates
+      m.template 'login.rhtml',  File.join('app/views', controller_class_path, controller_file_name, "new.rhtml")
+      m.template 'open_id_form.rhtml',  File.join('app/views', controller_class_path, controller_file_name, "_open_id_form.rhtml")
+      m.template 'signup.rhtml', File.join('app/views', model_controller_class_path, model_controller_file_name, "new.rhtml")
+
+      if options[:include_activation]
+        # Mailer templates
+        %w( activation signup_notification ).each do |action|
+          m.template "#{action}.rhtml",
+                     File.join('app/views', "#{file_name}_notifier", "#{action}.rhtml")
+        end
+      end
+
+      unless options[:skip_migration]
+        m.migration_template 'migration.rb', 'db/migrate', :assigns => {
+          :migration_name => "Create#{class_name.pluralize.gsub(/::/, '')}"
+        }, :migration_file_name => "create_#{file_path.gsub(/\//, '_').pluralize}"
+      end
+    end
+
+    action = nil
+    action = $0.split("/")[1]
+    case action
+      when "generate" 
+        puts
+        puts ("-" * 70)
+        puts "Don't forget to:"
+        puts
+        puts "  - add restful routes in config/routes.rb"
+        puts "    map.resources :#{model_controller_file_name}"
+        puts "    map.resource :#{controller_file_name}, :collection => { :begin => :post, :complete => :get }"
+        if options[:include_activation]
+          puts "    map.activate '/activate/:activation_code', :controller => '#{model_controller_file_name}', :action => 'activate'"
+          puts
+          puts "  - add an observer to config/environment.rb"
+          puts "    config.active_record.observers = :#{file_name}_observer"
+        end
+        puts
+        puts "Try these for some familiar login URLs if you like:"
+        puts
+        puts "  map.signup '/signup', :controller => '#{model_controller_file_name}', :action => 'new'"
+        puts "  map.login  '/login',  :controller => '#{controller_file_name}', :action => 'new'"
+        puts "  map.logout '/logout', :controller => '#{controller_file_name}', :action => 'destroy'"
+        puts
+        puts ("-" * 70)
+        puts
+      when "destroy" 
+        puts
+        puts ("-" * 70)
+        puts
+        puts "Thanks for using restful_open_id_authentication"
+        puts
+        puts "Don't forget to comment out the observer line in environment.rb"
+        puts "  (This was optional so it may not even be there)"
+        puts "  # config.active_record.observers = :#{file_name}_observer"
+        puts
+        puts ("-" * 70)
+        puts
+      else
+        puts
+    end
+
+    recorded_session
+  end
+
+  protected
+    # Override with your own usage banner.
+    def banner
+      "Usage: #{$0} authenticated ModelName [ControllerName]"
+    end
+
+    def add_options!(opt)
+      opt.separator ''
+      opt.separator 'Options:'
+      opt.on("--skip-migration", 
+             "Don't generate a migration file for this model") { |v| options[:skip_migration] = v }
+      opt.on("--include-activation", 
+             "Generate signup 'activation code' confirmation via email") { |v| options[:include_activation] = v }
+    end
+end

data/generators/open_id_authenticated/templates/activation.rhtml

@@ -0,0 +1,3 @@
+<%%= @<%= file_name %>.login %>, your account has been activated.  You may now start adding your plugins:
+
+  <%%= @url %>

data/generators/open_id_authenticated/templates/authenticated_system.rb

@@ -0,0 +1,120 @@
+module AuthenticatedSystem
+  protected
+    # Returns true or false if the user is logged in.
+    # Preloads @current_<%= file_name %> with the user model if they're logged in.
+    def logged_in?
+      current_<%= file_name %> != :false
+    end
+    
+    # Accesses the current <%= file_name %> from the session.
+    def current_<%= file_name %>
+      @current_<%= file_name %> ||= (session[:<%= file_name %>] && <%= class_name %>.find_by_id(session[:<%= file_name %>])) || :false
+    end
+    
+    # Store the given <%= file_name %> in the session.
+    def current_<%= file_name %>=(new_<%= file_name %>)
+      session[:<%= file_name %>] = (new_<%= file_name %>.nil? || new_<%= file_name %>.is_a?(Symbol)) ? nil : new_<%= file_name %>.id
+      @current_<%= file_name %> = new_<%= file_name %>
+    end
+    
+    # Check if the <%= file_name %> is authorized.
+    #
+    # Override this method in your controllers if you want to restrict access
+    # to only a few actions or if you want to check if the <%= file_name %>
+    # has the correct rights.
+    #
+    # Example:
+    #
+    #  # only allow nonbobs
+    #  def authorize?
+    #    current_<%= file_name %>.login != "bob"
+    #  end
+    def authorized?
+      true
+    end
+
+    # Filter method to enforce a login requirement.
+    #
+    # To require logins for all actions, use this in your controllers:
+    #
+    #   before_filter :login_required
+    #
+    # To require logins for specific actions, use this in your controllers:
+    #
+    #   before_filter :login_required, :only => [ :edit, :update ]
+    #
+    # To skip this in a subclassed controller:
+    #
+    #   skip_before_filter :login_required
+    #
+    def login_required
+      username, passwd = get_auth_data
+      self.current_<%= file_name %> ||= <%= class_name %>.authenticate(username, passwd) || :false if username && passwd
+      logged_in? && authorized? ? true : access_denied
+    end
+    
+    # Redirect as appropriate when an access request fails.
+    #
+    # The default action is to redirect to the login screen.
+    #
+    # Override this method in your controllers if you want to have special
+    # behavior in case the <%= file_name %> is not authorized
+    # to access the requested action.  For example, a popup window might
+    # simply close itself.
+    def access_denied
+      respond_to do |accepts|
+        accepts.html do
+          store_location
+          redirect_to :controller => '<%= controller_file_name %>', :action => 'new'
+        end
+        accepts.xml do
+          headers["Status"]           = "Unauthorized"
+          headers["WWW-Authenticate"] = %(Basic realm="Web Password")
+          render :text => "Could't authenticate you", :status => '401 Unauthorized'
+        end
+      end
+      false
+    end  
+    
+    # Store the URI of the current request in the session.
+    #
+    # We can return to this location by calling #redirect_back_or_default.
+    def store_location
+      session[:return_to] = request.request_uri
+    end
+    
+    # Redirect to the URI stored by the most recent store_location call or
+    # to the passed default.
+    def redirect_back_or_default(default)
+      session[:return_to] ? redirect_to_url(session[:return_to]) : redirect_to(default)
+      session[:return_to] = nil
+    end
+    
+    # Inclusion hook to make #current_<%= file_name %> and #logged_in?
+    # available as ActionView helper methods.
+    def self.included(base)
+      base.send :helper_method, :current_<%= file_name %>, :logged_in?
+    end
+
+    # When called with before_filter :login_from_cookie will check for an :auth_token
+    # cookie and log the user back in if apropriate
+    def login_from_cookie
+      return unless cookies[:auth_token] && !logged_in?
+      user = <%= class_name %>.find_by_remember_token(cookies[:auth_token])
+      if user && user.remember_token?
+        user.remember_me
+        self.current_<%= file_name %> = user
+        cookies[:auth_token] = { :value => self.current_<%= file_name %>.remember_token , :expires => self.current_<%= file_name %>.remember_token_expires_at }
+        flash[:notice] = "Logged in successfully"
+      end
+    end
+
+  private
+    @@http_auth_headers = %w(X-HTTP_AUTHORIZATION HTTP_AUTHORIZATION Authorization)
+    # gets BASIC auth info
+    def get_auth_data
+      auth_key  = @@http_auth_headers.detect { |h| request.env.has_key?(h) }
+      auth_data = request.env[auth_key].to_s.split unless auth_key.blank?
+      return auth_data && auth_data[0] == 'Basic' ? Base64.decode64(auth_data[1]).split(':')[0..1] : [nil, nil] 
+    end
+end

data/generators/open_id_authenticated/templates/authenticated_test_helper.rb

@@ -0,0 +1,113 @@
+module AuthenticatedTestHelper
+  # Sets the current <%= file_name %> in the session from the <%= file_name %> fixtures.
+  def login_as(<%= file_name %>)
+    @request.session[:<%= file_name %>] = <%= file_name %> ? <%= table_name %>(<%= file_name %>).id : nil
+  end
+
+  def content_type(type)
+    @request.env['Content-Type'] = type
+  end
+
+  def accept(accept)
+    @request.env["HTTP_ACCEPT"] = accept
+  end
+
+  def authorize_as(user)
+    if user
+      @request.env["HTTP_AUTHORIZATION"] = "Basic #{Base64.encode64("#{users(user).login}:test")}"
+      accept       'application/xml'
+      content_type 'application/xml'
+    else
+      @request.env["HTTP_AUTHORIZATION"] = nil
+      accept       nil
+      content_type nil
+    end
+  end
+
+  # http://project.ioni.st/post/217#post-217
+  #
+  #  def test_new_publication
+  #    assert_difference(Publication, :count) do
+  #      post :create, :publication => {...}
+  #      # ...
+  #    end
+  #  end
+  # 
+  def assert_difference(object, method = nil, difference = 1)
+    initial_value = object.send(method)
+    yield
+    assert_equal initial_value + difference, object.send(method), "#{object}##{method}"
+  end
+
+  def assert_no_difference(object, method, &block)
+    assert_difference object, method, 0, &block
+  end
+
+  # Assert the block redirects to the login
+  # 
+  #   assert_requires_login(:bob) { |c| c.get :edit, :id => 1 }
+  #
+  def assert_requires_login(login = nil)
+    yield HttpLoginProxy.new(self, login)
+  end
+
+  def assert_http_authentication_required(login = nil)
+    yield XmlLoginProxy.new(self, login)
+  end
+
+  def reset!(*instance_vars)
+    instance_vars = [:controller, :request, :response] unless instance_vars.any?
+    instance_vars.collect! { |v| "@#{v}".to_sym }
+    instance_vars.each do |var|
+      instance_variable_set(var, instance_variable_get(var).class.new)
+    end
+  end
+end
+
+class BaseLoginProxy
+  attr_reader :controller
+  attr_reader :options
+  def initialize(controller, login)
+    @controller = controller
+    @login      = login
+  end
+
+  private
+    def authenticated
+      raise NotImplementedError
+    end
+    
+    def check
+      raise NotImplementedError
+    end
+    
+    def method_missing(method, *args)
+      @controller.reset!
+      authenticate
+      @controller.send(method, *args)
+      check
+    end
+end
+
+class HttpLoginProxy < BaseLoginProxy
+  protected
+    def authenticate
+      @controller.login_as @login if @login
+    end
+    
+    def check
+      @controller.assert_redirected_to :controller => 'sessions', :action => 'new'
+    end
+end
+
+class XmlLoginProxy < BaseLoginProxy
+  protected
+    def authenticate
+      @controller.accept 'application/xml'
+      @controller.authorize_as @login if @login
+    end
+    
+    def check
+      @controller.assert_response 401
+    end
+end