parlement 0.1

data/vendor/plugins/login_engine/lib/login_engine/authenticated_system.rb

@@ -0,0 +1,107 @@
+module LoginEngine
+  module AuthenticatedSystem
+    
+    protected
+
+    # overwrite this if you want to restrict access to only a few actions
+    # or if you want to check if the user has the correct rights  
+    # example:
+    #
+    #  # only allow nonbobs
+    #  def authorize?(user)
+    #    user.login != "bob"
+    #  end
+    def authorize?(user)
+       true
+    end
+  
+    # overwrite this method if you only want to protect certain actions of the controller
+    # example:
+    # 
+    #  # don't protect the login and the about method
+    #  def protect?(action)
+    #    if ['action', 'about'].include?(action)
+    #       return false
+    #    else
+    #       return true
+    #    end
+    #  end
+    def protect?(action)
+      true
+    end
+   
+    # login_required filter. add 
+    #
+    #   before_filter :login_required
+    #
+    # if the controller should be under any rights management. 
+    # for finer access control you can overwrite
+    #   
+    #   def authorize?(user)
+    # 
+    def login_required
+      if not protect?(action_name)
+        return true  
+      end
+
+      if user? and authorize?(session[:user])
+        return true
+      end
+
+      # store current location so that we can 
+      # come back after the user logged in
+      store_location
+  
+      # call overwriteable reaction to unauthorized access
+      access_denied
+      return false 
+    end
+
+    # overwrite if you want to have special behavior in case the user is not authorized
+    # to access the current operation. 
+    # the default action is to redirect to the login screen
+    # example use :
+    # a popup window might just close itself for instance
+    def access_denied
+      redirect_to :controller => "/user", :action => "login"
+    end  
+  
+    # store current uri in  the session.
+    # we can return to this location by calling return_location
+    def store_location
+      session['return-to'] = request.request_uri
+    end
+
+    # move to the last store_location call or to the passed default one
+    def redirect_back_or_default(default)
+      if session['return-to'].nil?
+        redirect_to default
+      else
+        redirect_to_url session['return-to']
+        session['return-to'] = nil
+      end
+    end
+
+    def user?
+      # First, is the user already authenticated?
+      return true if not session[:user].nil?
+
+      # If not, is the user being authenticated by a token?
+      return false if not params[:user]
+      id = params[:user][:id]
+      key = params[:key]
+      if id and key
+        session[:user] = User.authenticate_by_token(id, key)
+        return true if not session[:user].nil?
+      end
+
+      # Everything failed
+      return false
+    end
+  
+    # Returns the current user from the session, if any exists
+    def current_user
+      session[:user]
+    end
+  end
+end  

data/vendor/plugins/login_engine/lib/login_engine/authenticated_user.rb

@@ -0,0 +1,149 @@
+require 'digest/sha1'
+
+# this model expects a certain database layout and its based on the name/login pattern. 
+
+module LoginEngine
+  module AuthenticatedUser
+
+    def self.included(base)
+      base.class_eval do
+
+        # use the table name given
+        set_table_name LoginEngine.config(:user_table)
+
+        attr_accessor :new_password
+      
+        validates_presence_of :login, :on => :create
+        validates_length_of :login, :within => 3..40, :on => :create
+        validates_uniqueness_of :login, :on => :create
+        validates_uniqueness_of :email, :on => :create
+
+        validates_presence_of :password, :if => :validate_password?
+        validates_confirmation_of :password, :if => :validate_password?
+        validates_length_of :password, { :minimum => 5, :if => :validate_password? }
+        validates_length_of :password, { :maximum => 40, :if => :validate_password? }
+  
+        protected 
+      
+        attr_accessor :password, :password_confirmation
+      
+        after_save '@new_password = false'
+        after_validation :crypt_password
+      
+      end
+      base.extend(ClassMethods)
+    end
+
+    module ClassMethods
+    
+      def authenticate(login, pass)
+        u = find_first(["login = ? AND verified = 1 AND deleted = 0", login])
+        return nil if u.nil?
+        find_first(["login = ? AND salted_password = ? AND verified = 1", login, AuthenticatedUser.salted_password(u.salt, AuthenticatedUser.hashed(pass))])
+      end
+
+      def authenticate_by_token(id, token)
+        # Allow logins for deleted accounts, but only via this method (and
+        # not the regular authenticate call)
+        u = find_first(["id = ? AND security_token = ?", id, token])
+        return nil if u.nil? or u.token_expired?
+        return nil if false == u.update_expiry
+        u
+      end
+      
+    end
+  
+
+    protected
+    
+      def self.hashed(str)
+        # check if a salt has been set...
+        if LoginEngine.config(:salt) == nil
+          raise "You must define a :salt value in the configuration for the LoginEngine module."
+        end
+  
+        return Digest::SHA1.hexdigest("#{LoginEngine.config(:salt)}--#{str}--}")[0..39]
+      end
+    
+      def self.salted_password(salt, hashed_password)
+        hashed(salt + hashed_password)
+      end
+    
+    public
+  
+    # hmmm, how does this interact with the developer's own User model initialize?
+    # We would have to *insist* that the User.initialize method called 'super'
+    #
+    def initialize(attributes = nil)
+      super
+      @new_password = false
+    end
+
+    def token_expired?
+      self.security_token and self.token_expiry and (Time.now > self.token_expiry)
+    end
+
+    def update_expiry
+      write_attribute('token_expiry', [self.token_expiry, Time.at(Time.now.to_i + 600 * 1000)].min)
+      write_attribute('authenticated_by_token', true)
+      write_attribute("verified", 1)
+      update_without_callbacks
+    end
+
+    def generate_security_token(hours = nil)
+      if not hours.nil? or self.security_token.nil? or self.token_expiry.nil? or 
+          (Time.now.to_i + token_lifetime / 2) >= self.token_expiry.to_i
+        return new_security_token(hours)
+      else
+        return self.security_token
+      end
+    end
+
+    def set_delete_after
+      hours = LoginEngine.config(:delayed_delete_days) * 24
+      write_attribute('deleted', 1)
+      write_attribute('delete_after', Time.at(Time.now.to_i + hours * 60 * 60))
+
+      # Generate and return a token here, so that it expires at
+      # the same time that the account deletion takes effect.
+      return generate_security_token(hours)
+    end
+
+    def change_password(pass, confirm = nil)
+      self.password = pass
+      self.password_confirmation = confirm.nil? ? pass : confirm
+      @new_password = true
+    end
+    
+    protected
+
+    def validate_password?
+      @new_password
+    end
+
+
+    def crypt_password
+      if @new_password
+        write_attribute("salt", AuthenticatedUser.hashed("salt-#{Time.now}"))
+        write_attribute("salted_password", AuthenticatedUser.salted_password(salt, AuthenticatedUser.hashed(@password)))
+      end
+    end
+
+    def new_security_token(hours = nil)
+      write_attribute('security_token', AuthenticatedUser.hashed(self.salted_password + Time.now.to_i.to_s + rand.to_s))
+      write_attribute('token_expiry', Time.at(Time.now.to_i + token_lifetime(hours)))
+      update_without_callbacks
+      return self.security_token
+    end
+
+    def token_lifetime(hours = nil)
+      if hours.nil?
+        LoginEngine.config(:security_token_life_hours) * 60 * 60
+      else
+        hours * 60 * 60
+      end
+    end
+
+  end
+end
+  

data/vendor/plugins/login_engine/lib/login_engine.rb

@@ -0,0 +1,58 @@
+require 'login_engine/authenticated_user'
+require 'login_engine/authenticated_system'
+
+module LoginEngine
+ include AuthenticatedSystem # re-include the helper module
+
+  #--
+  # Define the configuration values. config sets the value of the
+  # constant ONLY if it has not already been set, i.e. by the user in
+  # environment.rb
+  #++
+
+  # Source address for user emails
+  config :email_from, 'lazyatom@lazyatom.com'
+
+  # Destination email for system errors
+  config :admin_email, 'lazyatom@lazyatom.com'
+
+  # Sent in emails to users
+  config :app_url, 'http://localhost:3000/'
+
+  # Sent in emails to users
+  config :app_name, 'TestApp'
+
+  # Email charset
+  config :mail_charset, 'utf-8'
+
+  # Security token lifetime in hours
+  config :security_token_life_hours, 24
+
+  # Two column form input
+  config :TwoColumnInput, true
+
+  # Add all changeable user fields to this array.
+  # They will then be able to be edited from the edit action. You
+  # should NOT include the email field in this array.
+  config :changeable_fields, [ 'firstname', 'lastname' ]
+
+  # Set to true to allow delayed deletes (i.e., delete of record
+  # doesn't happen immediately after user selects delete account,
+  # but rather after some expiration of time to allow this action
+  # to be reverted).
+  config :delayed_delete, false
+
+  # Default is one week
+  config :delayed_delete_days, 7
+  
+  # the table to store user information in
+  if ActiveRecord::Base.pluralize_table_names
+    config :user_table, "users"
+  else
+    config :user_table, "user"
+  end
+
+  # controls whether or not email is used
+  config :use_email_notification, true
+
+end

data/vendor/plugins/login_engine/public/stylesheets/login_engine.css

@@ -0,0 +1,81 @@
+/*
+
+  This CSS file is basically the scaffold.css file, and is only
+  included here to demonstrate using CSS files with Engines.
+
+*/
+
+body { background-color: #fff; color: #333; }
+
+body, p, ol, ul, td {
+  font-family: verdana, arial, helvetica, sans-serif;
+  font-size:   13px;
+  line-height: 18px;
+}
+
+pre {
+  background-color: #eee;
+  padding: 10px;
+  font-size: 11px;
+}
+
+a { color: #000; }
+a:visited { color: #666; }
+a:hover { color: #fff; background-color:#000; }
+
+.fieldWithErrors {
+  padding: 2px;
+  background-color: red;
+  display: table;
+}
+
+#ErrorExplanation {
+  width: 400px;
+  border: 2px solid red;
+  padding: 7px;
+  padding-bottom: 12px;
+  margin-bottom: 20px;
+  background-color: #f0f0f0;
+}
+
+#ErrorExplanation h2 {
+  text-align: left;
+  font-weight: bold;
+  padding: 5px 5px 5px 15px;
+  font-size: 12px;
+  margin: -7px;
+  background-color: #c00;
+  color: #fff;
+}
+
+#ErrorExplanation p {
+  color: #333;
+  margin-bottom: 0;
+  padding: 5px;
+}
+
+#ErrorExplanation ul li {
+  font-size: 12px;
+  list-style: square;
+}
+
+div.uploadStatus {
+  margin: 5px;
+}
+
+div.progressBar {
+  margin: 5px;
+}
+
+div.progressBar div.border {
+  background-color: #fff;
+  border: 1px solid grey;
+  width: 100%;
+}
+
+div.progressBar div.background {
+  background-color: #333;
+  height: 18px;
+  width: 0%;
+}
+

data/vendor/plugins/login_engine/tasks/tasks.rake

@@ -0,0 +1,4 @@
+desc 'Import the login engine schema'
+task :import_login_engine_schema => :environment do
+  load "#{Engines.get(:login).root}/db/schema.rb"
+end

data/vendor/plugins/login_engine/test/fixtures/templates/users.yml

@@ -0,0 +1,41 @@
+# Read about fixtures at http://ar.rubyonrails.org/classes/Fixtures.html
+
+bob:
+  id: 1000001
+  login: bob
+  salted_password: b1de1d1d2aec05df2be6f02995537c1783f08490 # atest
+  salt: bf3c47e71c0bfeb6288c9b6b5e24e15256a0e407
+  email: bob@test.com
+  verified: 1
+  
+existingbob:
+  id: 1000002
+  login: existingbob
+  salted_password: b1de1d1d2aec05df2be6f02995537c1783f08490 # atest
+  salt: bf3c47e71c0bfeb6288c9b6b5e24e15256a0e407
+  email: existingbob@test.com
+  verified: 1  
+
+longbob:
+  id: 1000003
+  login: longbob
+  salted_password: 53427dca242488e885216a579e362ee888c3ebc1 # alongtest
+  salt: d35a9cc89af83799d9a938a74cb06a11d295aa9c
+  email: longbob@test.com
+  verified: 1
+
+deletebob1:
+  id: 1000004
+  login: deletebob1
+  salted_password: 53427dca242488e885216a579e362ee888c3ebc1 # alongtest
+  salt: d35a9cc89af83799d9a938a74cb06a11d295aa9c
+  email: deletebob1@test.com
+  verified: 1
+
+deletebob2:
+  id: 1000005
+  login: deletebob2
+  salted_password: 53427dca242488e885216a579e362ee888c3ebc1 # alongtest
+  salt: d35a9cc89af83799d9a938a74cb06a11d295aa9c
+  email: deletebob2@test.com
+  verified: 1

data/vendor/plugins/login_engine/test/fixtures/users.yml

@@ -0,0 +1,41 @@
+# Read about fixtures at http://ar.rubyonrails.org/classes/Fixtures.html
+
+bob:
+  id: 1000001
+  login: bob
+  salted_password: b1de1d1d2aec05df2be6f02995537c1783f08490 # atest
+  salt: bf3c47e71c0bfeb6288c9b6b5e24e15256a0e407
+  email: bob@test.com
+  verified: 1
+  
+existingbob:
+  id: 1000002
+  login: existingbob
+  salted_password: b1de1d1d2aec05df2be6f02995537c1783f08490 # atest
+  salt: bf3c47e71c0bfeb6288c9b6b5e24e15256a0e407
+  email: existingbob@test.com
+  verified: 1  
+
+longbob:
+  id: 1000003
+  login: longbob
+  salted_password: 53427dca242488e885216a579e362ee888c3ebc1 # alongtest
+  salt: d35a9cc89af83799d9a938a74cb06a11d295aa9c
+  email: longbob@test.com
+  verified: 1
+
+deletebob1:
+  id: 1000004
+  login: deletebob1
+  salted_password: 53427dca242488e885216a579e362ee888c3ebc1 # alongtest
+  salt: d35a9cc89af83799d9a938a74cb06a11d295aa9c
+  email: deletebob1@test.com
+  verified: 1
+
+deletebob2:
+  id: 1000005
+  login: deletebob2
+  salted_password: 53427dca242488e885216a579e362ee888c3ebc1 # alongtest
+  salt: d35a9cc89af83799d9a938a74cb06a11d295aa9c
+  email: deletebob2@test.com
+  verified: 1