parlement 0.1

data/vendor/plugins/login_engine/app/controllers/user_controller.rb

@@ -0,0 +1,248 @@
+class UserController < ApplicationController
+  model   :user
+
+  # Override this function in your own application to define a custom home action.
+  def home
+    if user?
+      @fullname = "#{current_user.firstname} #{current_user.lastname}"
+    else
+      @fullname = "Not logged in..."
+    end # this is a bit of a hack since the home action is used to verify user
+        # keys, where noone is logged in. We should probably create a unique
+        # 'validate_key' action instead.
+  end
+
+  def login
+    return if generate_blank
+    @user = User.new(params[:user]) # what does this achieve?
+    if session[:user] = User.authenticate(params[:user][:login], params[:user][:password])
+      session[:user].logged_in_at = Time.now
+      session[:user].save
+      flash[:notice] = 'Login successful'
+      redirect_back_or_default :action => 'home'
+    else
+      @login = params[:user][:login]
+      flash.now[:warning] = 'Login unsuccessful'
+    end
+  end
+
+  def signup
+    return if generate_blank
+    params[:user].delete('form')
+    @user = User.new(params[:user])
+    begin
+      User.transaction(@user) do
+        @user.new_password = true
+        unless LoginEngine.config(:use_email_notification)
+          @user.verified = 1
+        end
+        if @user.save
+          key = @user.generate_security_token
+          url = url_for(:action => 'home', 'user[id]' => @user.id, :key => key)
+          flash[:notice] = 'Signup successful!'
+          if LoginEngine.config(:use_email_notification)
+            UserNotify.deliver_signup(@user, params[:user][:password], url)
+            flash[:notice] << ' Please check your registered email account to verify your account registration and continue with the login.'
+          end
+          redirect_to :action => 'login'
+        end
+      end
+    rescue Exception => e
+      flash.now[:notice] = nil
+      flash.now[:warning] = 'Error creating account: confirmation email not sent'
+      logger.error e
+    end
+  end
+
+  def logout
+    session[:user] = nil
+    redirect_to :action => 'login'
+  end
+
+  def change_password
+    return if generate_filled_in
+    #puts "original password: #{@user.salted_password}"
+    do_change_password_for(@user)
+    #@user.reload
+    #puts "final password value: #{@user.salted_password}"
+  end
+
+  protected
+    def do_change_password_for(user)
+      begin
+        User.transaction(user) do
+          user.change_password(params[:user][:password], params[:user][:password_confirmation])
+          if user.save
+            #@user.reload
+            #puts "changed password: #{@user.salted_password}"
+            if LoginEngine.config(:use_email_notification)
+              UserNotify.deliver_change_password(user, params[:user][:password])
+              flash[:notice] = "Updated password emailed to #{@user.email}"
+            else
+              flash[:notice] = "Password updated."
+            end
+            # since sometimes we're changing the password from within another action/template...
+            redirect_to :action => params[:back_to] if params[:back_to]
+          else
+          end
+        end
+      rescue
+        flash[:warning] = 'Password could not be changed at this time. Please retry.'
+      end
+    end
+    
+  public
+
+
+  def forgot_password
+    # Always redirect if logged in
+    if user?
+      flash[:message] = 'You are currently logged in. You may change your password now.'
+      redirect_to :action => 'change_password'
+      return
+    end
+
+    # Email disabled... we are unable to provide the password
+    if !LoginEngine.config(:use_email_notification)
+      flash[:message] = "Please contact the system admin at #{LoginEngine.config(:admin_email)} to retrieve your password."
+      redirect_back_or_default :action => 'login'
+      return
+    end
+
+    # Render on :get and render
+    return if generate_blank
+
+    # Handle the :post
+    if params[:user][:email].empty?
+      flash.now[:warning] = 'Please enter a valid email address.'
+    elsif (user = User.find_by_email(params[:user][:email])).nil?
+      flash.now[:warning] = "We could not find a user with the email address #{params[:user][:email]}"
+    else
+      begin
+        User.transaction(user) do
+          key = user.generate_security_token
+          url = url_for(:action => 'change_password', 'user[id]' => user.id, :key => key)
+          UserNotify.deliver_forgot_password(user, url)
+          flash[:notice] = "Instructions on resetting your password have been emailed to #{params[:user][:email]}"
+        end  
+        unless user?
+          redirect_to :action => 'login'
+          return
+        end
+        redirect_back_or_default :action => 'home'
+      rescue
+        flash.now[:warning] = "Your password could not be emailed to #{params[:user][:email]}"
+      end
+    end
+  end
+
+  def edit
+    return if generate_filled_in
+    do_edit_user(@user)
+  end
+  
+  protected
+    def do_edit_user(user)
+      begin
+        User.transaction(user) do
+          user.attributes = params[:user].delete_if { |k,v| not LoginEngine.config(:changeable_fields).include?(k) }
+          if user.save
+            flash[:notice] = "User details updated"
+          else
+            flash[:warning] = "Details could not be updated! Please retry."
+          end
+        end
+      rescue
+        flash.now[:warning] = "Error updating user details. Please try again later."
+      end
+    end
+  
+  public
+
+  def delete
+    get_user_to_act_on
+    do_delete_user(@user)
+  end
+  
+  protected
+    def do_delete_user(user)
+      begin
+        if LoginEngine.config(:delayed_delete)
+          User.transaction(user) do
+            key = user.set_delete_after
+            if LoginEngine.config(:use_email_notification)
+              url = url_for(:action => 'restore_deleted', 'user[id]' => user.id, :key => key)
+              UserNotify.deliver_pending_delete(user, url)
+            end
+          end
+        else
+          destroy(@user)
+        end
+        logout
+      rescue
+        if LoginEngine.config(:use_email_notification)
+          flash.now[:warning] = 'The delete instructions were not sent. Please try again later.'
+        else
+          flash.now[:notice] = 'The account has been scheduled for deletion. It will be removed in #{LoginEngine.config(:delayed_delete_days)} days.'
+        end
+        redirect_back_or_default :action => 'home'
+      end
+    end
+    
+  public
+
+  def restore_deleted
+    get_user_to_act_on
+    @user.deleted = 0
+    if not @user.save
+      flash.now[:warning] = "The account for #{@user['login']} was not restored. Please try the link again."
+      redirect_to :action => 'login'
+    else
+      redirect_to :action => 'home'
+    end
+  end
+
+  protected
+
+  def destroy(user)
+    UserNotify.deliver_delete(user) if LoginEngine.config(:use_email_notification)
+    flash[:notice] = "The account for #{user['login']} was successfully deleted."
+    user.destroy()
+  end
+
+  def protect?(action)
+    if ['login', 'signup', 'forgot_password'].include?(action)
+      return false
+    else
+      return true
+    end
+  end
+
+  # Generate a template user for certain actions on get
+  def generate_blank
+    case request.method
+    when :get
+      @user = User.new
+      render
+      return true
+    end
+    return false
+  end
+
+  # Generate a template user for certain actions on get
+  def generate_filled_in
+    get_user_to_act_on
+    case request.method
+    when :get
+      render
+      return true
+    end
+    return false
+  end
+  
+  # returns the user object this method should act upon; only really
+  # exists for other engines operating on top of this one to redefine...
+  def get_user_to_act_on
+    @user = session[:user]
+  end
+end

data/vendor/plugins/login_engine/app/helpers/user_helper.rb

@@ -0,0 +1,88 @@
+module UserHelper
+
+  # Abstraction to make views a little cleaner
+  def form_input(helper_method, prompt, field_name=nil, options = {}, form_name = nil)
+    form_name = "user" if form_name.nil?
+    case helper_method.to_s
+    when 'hidden_field'
+      self.hidden_field(form_name, field_name, options)
+    when /^.*button$/
+      #prompt = l(:"#{@controller.controller_name}_#{field_name}_button")
+      <<-EOL
+      <tr><td class="button" colspan="2">
+        #{self.send(helper_method, form_name, prompt, options)}
+      </td></tr>
+      EOL
+    else
+      field = (
+        case helper_method
+        when :select
+          self.send(helper_method, form_name, field_name, options.delete('values'), options)
+        when :password_field
+          options[:value] = ""
+          self.send(helper_method, form_name, field_name, options)
+        else
+          self.send(helper_method, form_name, field_name, options)
+        end)
+#      lname = "#{form_name}_#{field_name}_form"
+#      prompt = l(:"#{lname}")
+      if LoginEngine.config(:TwoColumnInput)
+<<-EOL
+        <tr class="two_columns">
+          <td class="prompt"><label>#{prompt}:</label></td>
+          <td class="value">#{field}</td>
+        </tr>
+        EOL
+      else
+<<-EOL
+        <tr><td class="prompt"><label>#{prompt}:</label></td></tr>
+        <tr><td class="value">#{field}</td></tr>
+        EOL
+      end
+    end
+  end
+
+#  def button_helper(name, options = {})
+#    label = l(:"#{@controller.controller_name}_#{name}_button")
+#    "#{self.send(:submit_tag, label, options)}"
+#  end
+
+#  def link_helper(name, options = {})
+#    raise ArgumentError if name.nil?
+#    label = l(:"#{@controller.controller_name}_#{name}_link")
+#    "#{self.send(:link_to, label, options)}"
+#  end
+
+  def title_helper
+    "#{@controller.controller_class_name} #{@controller.action_name}"
+  end
+
+#  def message_helper(name)
+#    l(:"#{@controller.controller_name}_#{name}_message")
+#  end
+
+  def start_form_tag_helper(options = {})
+    url = url_for(:action => "#{@controller.action_name}")
+    "#{self.send(:start_form_tag, url, options)}"
+  end
+
+  def attributes(hash)
+    hash.keys.inject("") { |attrs, key| attrs + %{#{key}="#{h(hash[key])}" } }
+  end
+
+  def read_only_field(form_name, field_name, html_options)
+    "<span #{attributes(html_options)}>#{instance_variable_get('@' + form_name)[field_name]}</span>"
+  end
+
+  def submit_button(form_name, prompt, html_options)
+    %{<input name="submit" type="submit" value="#{prompt}" />}
+  end
+
+  def changeable(user, field)
+    if user.new_record? or LoginEngine.config(:changeable_fields).include?(field)
+      :text_field
+    else
+      :read_only_field
+    end
+  end
+end

data/vendor/plugins/login_engine/app/models/user.rb

@@ -0,0 +1,7 @@
+class User < ActiveRecord::Base
+  include LoginEngine::AuthenticatedUser
+
+  # all logic has been moved into login_engine/lib/login_engine/authenticated_user.rb
+
+end
+

data/vendor/plugins/login_engine/app/models/user_notify.rb

@@ -0,0 +1,75 @@
+class UserNotify < ActionMailer::Base
+  def signup(user, password, url=nil)
+    setup_email(user)
+
+    # Email header info
+    @subject += "Welcome to #{LoginEngine.config(:app_name)}!"
+
+    # Email body substitutions
+    @body["name"] = "#{user.firstname} #{user.lastname}"
+    @body["login"] = user.login
+    @body["password"] = password
+    @body["url"] = url || LoginEngine.config(:app_url).to_s
+    @body["app_name"] = LoginEngine.config(:app_name).to_s
+  end
+
+  def forgot_password(user, url=nil)
+    setup_email(user)
+
+    # Email header info
+    @subject += "Forgotten password notification"
+
+    # Email body substitutions
+    @body["name"] = "#{user.firstname} #{user.lastname}"
+    @body["login"] = user.login
+    @body["url"] = url || LoginEngine.config(:app_url).to_s
+    @body["app_name"] = LoginEngine.config(:app_name).to_s
+  end
+
+  def change_password(user, password, url=nil)
+    setup_email(user)
+
+    # Email header info
+    @subject += "Changed password notification"
+
+    # Email body substitutions
+    @body["name"] = "#{user.firstname} #{user.lastname}"
+    @body["login"] = user.login
+    @body["password"] = password
+    @body["url"] = url || LoginEngine.config(:app_url).to_s
+    @body["app_name"] = LoginEngine.config(:app_name).to_s
+  end
+
+  def pending_delete(user, url=nil)
+    setup_email(user)
+
+    # Email header info
+    @subject += "Delete user notification"
+
+    # Email body substitutions
+    @body["name"] = "#{user.firstname} #{user.lastname}"
+    @body["url"] = url || LoginEngine.config(:app_url).to_s
+    @body["app_name"] = LoginEngine.config(:app_name).to_s
+    @body["days"] = LoginEngine.config(:delayed_delete_days).to_s
+  end
+
+  def delete(user, url=nil)
+    setup_email(user)
+
+    # Email header info
+    @subject += "Delete user notification"
+
+    # Email body substitutions
+    @body["name"] = "#{user.firstname} #{user.lastname}"
+    @body["url"] = url || LoginEngine.config(:app_url).to_s
+    @body["app_name"] = LoginEngine.config(:app_name).to_s
+  end
+
+  def setup_email(user)
+    @recipients = "#{user.email}"
+    @from       = LoginEngine.config(:email_from).to_s
+    @subject    = "[#{LoginEngine.config(:app_name)}] "
+    @sent_on    = Time.now
+    @headers['Content-Type'] = "text/plain; charset=#{LoginEngine.config(:mail_charset)}; format=flowed"
+  end
+end

data/vendor/plugins/login_engine/app/views/user/_edit.rhtml

@@ -0,0 +1,11 @@
+<div class="user_edit">
+  <table>
+    <%= form_input changeable(user, "firstname"), "First Name", "firstname" %>
+    <%= form_input changeable(user, "lastname"), "Last Name","lastname" %>
+    <%= form_input changeable(user, "login"), "Login ID", "login", :size => 30 %><br/>
+    <%= form_input changeable(user, "email"), "Email", "email" %>
+    <% if submit %>
+      <%= form_input :submit_button, (user.new_record? ? 'Signup' : 'Change Settings'), :class => 'two_columns' %>
+    <% end %>
+  </table>
+</div>

data/vendor/plugins/login_engine/app/views/user/_password.rhtml

@@ -0,0 +1,9 @@
+<div class="user_password">
+  <table>
+    <%= form_input :password_field, "Password", "password", :size => 30 %>
+    <%= form_input :password_field, "Password Confirmation", "password_confirmation", :size => 30 %>
+    <% if submit %>
+      <%= form_input :submit_button, 'Change password' %>
+    <% end %>
+  </table>
+</div>                                                                          

data/vendor/plugins/login_engine/app/views/user/change_password.rhtml

@@ -0,0 +1,17 @@
+<div title="<%= title_helper %>" class="form">
+  <h3>Change Password</h3>
+
+  <%= error_messages_for 'user' %>
+
+  <div class="form-padding">
+    <p>Enter your new password in the fields below and click 'Change Password' to have a new password sent to your email inbox.</p>
+
+    <%= start_form_tag :action => 'change_password' %>
+      <%= render_partial 'password', :user => @user, :submit => false %>
+      <div class="button-bar">
+        <%= submit_tag 'Change password' %>
+        <%= link_to 'Cancel', :action => 'home' %>
+      </div>
+    <%= end_form_tag %>
+  </div>
+</div>

data/vendor/plugins/login_engine/app/views/user/edit.rhtml

@@ -0,0 +1,23 @@
+<div title="<%= title_helper %>" class="form">
+  <h3>Edit user</h3>
+
+  <%= error_messages_for 'user' %>
+
+    <%= start_form_tag :action => 'edit' %>
+      <%= render_partial 'edit', :user => @user, :submit => true %>
+    <%= end_form_tag %>
+    <br/>
+    <%= start_form_tag :action => 'change_password' %>
+      <%= hidden_field_tag "back_to", "edit" %>
+      <%= render_partial 'password', :submit => true %>
+    <%= end_form_tag %>
+
+    <%= start_form_tag :action => 'delete' %>
+      <div class="user_delete">
+        <%= hidden_field 'user', 'form', :value => 'delete' %>
+
+        <%= form_input :submit_button, 'Delete Account' %>
+      </div>
+    <%= end_form_tag %>
+  </div>
+</div>

data/vendor/plugins/login_engine/app/views/user/forgot_password.rhtml

@@ -0,0 +1,18 @@
+<div title="<%= title_helper %>" class="form">
+  <h3>Forgotten Password</h3>
+
+  <%= error_messages_for 'user' %>
+
+  <div class="form-padding">
+    <p>Enter your email address in the field below and click 'Reset Password' to have instructions on how to retrieve your forgotten password emailed to you.</p>
+
+    <%= start_form_tag_helper %>
+      <%= form_input :text_field, 'Email Address', 'email', :size => 30 %><br/>
+
+      <div class="button-bar">
+        <%= submit_tag 'Submit request' %>
+        <%= link_to 'Cancel', :action => 'login' %>
+      </div>
+    <%= end_form_tag %>
+  </div>
+</div>

data/vendor/plugins/login_engine/app/views/user/home.rhtml

@@ -0,0 +1,7 @@
+<div title="<%= title_helper %>" class="memo">
+  <h3>Welcome</h3>
+  <p>You are now logged into the system, <%= @fullname %>...</p>
+  <p>Since you are here it's safe to assume the application never called store_location, otherwise you would have been redirected somewhere else after a successful login.</p>
+
+  <%= link_to '&#171; logout', :action => 'logout' %>
+</div>

data/vendor/plugins/login_engine/app/views/user/login.rhtml

@@ -0,0 +1,17 @@
+<div title="<%= title_helper %>" class="form">
+  <h3>Please Login</h3>
+
+  <div class="form-padding">
+    <%= start_form_tag :action => 'login'  %>
+      <table>
+        <%= form_input :text_field, "Login ID", "login", :size => 30 %><br/>
+        <%= form_input :password_field, "Password", "password", :size => 30 %><br/>
+      </table>
+
+      <div class="button-bar">
+        <%= submit_tag 'Login' %>
+        <%= link_to 'Register for an account', :action => 'signup' %> |
+        <%= link_to 'Forgot my password', :action => 'forgot_password' %>      </div>
+    <%= end_form_tag %>
+  </div>
+</div>

data/vendor/plugins/login_engine/app/views/user/logout.rhtml

@@ -0,0 +1,8 @@
+<div title="<%= title_helper %>" class="memo">
+  <h3>Logoff</h3>
+
+  <p>You are now logged out of the system...</p>
+
+  <%= link_to '&#171; login', :action => 'login' %>
+</div>
+

data/vendor/plugins/login_engine/app/views/user/signup.rhtml

@@ -0,0 +1,17 @@
+<div title="<%= title_helper %>" class="form">
+  <h3>Signup</h3>
+
+  <%= error_messages_for 'user' %>
+
+  <div class="form-padding">
+    <%= start_form_tag :action => 'signup' %>
+      <%= render_partial 'edit', :user => @user, :submit => false %><br/>
+      <%= render_partial 'password', :submit => false %>
+
+      <div class="button-bar">
+        <%= submit_tag 'Signup' %>
+        <%= link_to 'Cancel', :action => 'login' %>
+      </div>
+    <%= end_form_tag %>
+  </div>
+</div>

data/vendor/plugins/login_engine/app/views/user_notify/change_password.rhtml

@@ -0,0 +1,10 @@
+Dear <%= @name %>,
+
+At your request, <%= @app_name %> has changed your password. If it was not at your request, then you should be aware that someone has access to your account and requested this change.
+
+Your new login credentials are:
+
+  login:    <%= @login %>
+  password: <%= @password %>
+ 
+<%= @url %>

data/vendor/plugins/login_engine/app/views/user_notify/delete.rhtml

@@ -0,0 +1,5 @@
+Dear <%= @name %>,
+
+At your request, <%= @app_name %> has permanently deleted your account.
+ 
+<%= @url %>

data/vendor/plugins/login_engine/app/views/user_notify/forgot_password.rhtml

@@ -0,0 +1,11 @@
+Dear <%= @name %>,
+
+At your request, <%= @app_name %> has sent you the following URL so that you may reset your password. If it was not at your request, then you should be aware that someone has entered your email address as theirs in the forgotten password section of <%= @app_name %>.
+
+Please click on the following link to go to the change password page:
+
+<a href="<%= @url%>">Click me!</a>
+ 
+It's advisable for you to change your password as soon as you login. It's as simple as navigating to 'Preferences' and clicking on 'Change Password'.
+
+<%= @url %>

data/vendor/plugins/login_engine/app/views/user_notify/pending_delete.rhtml

@@ -0,0 +1,9 @@
+Dear <%= @name %>,
+
+At your request, <%= @app_name %> has marked your account for deletion. If it was not at your request, then you should be aware that someone has access to your account and requested this change.
+
+The following link is provided for you to restore your deleted account. If you click on this link within the next <%= @days %> days, your account will not be deleted. Otherwise, simply ignore this email and your account will be permanently deleted after that time.
+
+<a href="<%= @url%>">Click me!</a>
+ 
+<%= @url %>

data/vendor/plugins/login_engine/app/views/user_notify/signup.rhtml

@@ -0,0 +1,12 @@
+Welcome to <%= @app_name %>, <%= @name %>.
+
+Your login credentials are:
+
+  login:    <%= @login %>
+  password: <%= @password %>
+
+Please click on the following link to confirm your registration:
+
+<a href="<%= @url%>">Click me!</a>
+
+<%= @url %>

data/vendor/plugins/login_engine/db/schema.rb

@@ -0,0 +1,25 @@
+# This file is autogenerated. Instead of editing this file, please use the
+# migrations feature of ActiveRecord to incrementally modify your database, and
+# then regenerate this schema definition.
+
+ActiveRecord::Schema.define() do
+
+  create_table LoginEngine.config(:user_table), :force => true do |t|
+    t.column "login", :string, :limit => 80, :default => "", :null => false
+    t.column "salted_password", :string, :limit => 40, :default => "", :null => false
+    t.column "email", :string, :limit => 60, :default => "", :null => false
+    t.column "firstname", :string, :limit => 40
+    t.column "lastname", :string, :limit => 40
+    t.column "salt", :string, :limit => 40, :default => "", :null => false
+    t.column "verified", :integer, :default => 0
+    t.column "role", :string, :limit => 40
+    t.column "security_token", :string, :limit => 40
+    t.column "token_expiry", :datetime
+    t.column "created_at", :datetime
+    t.column "updated_at", :datetime
+    t.column "logged_in_at", :datetime
+    t.column "deleted", :integer, :default => 0
+    t.column "delete_after", :datetime
+  end
+
+end

data/vendor/plugins/login_engine/init_engine.rb

@@ -0,0 +1,10 @@
+# load up all the required files we need...
+
+require 'login_engine'
+
+# TODO: why do I have to include these here, when including them in login_engine.rb should be sufficient?
+require 'authenticated_user'
+require 'authenticated_system'
+
+#ApplicationController.send(:include, LoginEngine)
+#ApplicationHelper.send(:include, LoginEngine)