persistent_cookie_authentication_generator 0.0.1

data/MIT-LICENCE

@@ -0,0 +1,20 @@
+Copyright (c) 2008 Wong Liang Zan
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/USAGE

@@ -0,0 +1,22 @@
+NAME
+     persistent cookie authentication - rails authentication system with persistent cookie management
+
+SYNOPSIS
+     ruby script/generate persistent_cookie_authentication
+
+DESCRIPTION
+     This generator creates an authentication system with persistent cookie management
+
+	 Feature include
+	  - a model which uses SHA1 encryption and salted hashes for passwords
+      - a controller with signup, login, welcome and logoff actions
+      - gmail smtp server integration
+	  - account creation that requires account verification from the registered email address) and supports forgotten and changed passwords
+      - a mixin which lets you easily add advanced authentication features to your abstract base controller
+      - extensive unit and functional test cases to make sure nothing breaks.      
+      - token based authentication
+	  - persistent cookie management that allows anonymous users to be authenticated via cookies
+
+ACKNOWLEDGEMENTS
+
+	The code is heavily modified from salted_hash_login generator. 

data/persistent_cookie_authentication_generator.rb

@@ -0,0 +1,52 @@
+class PersistentCookieAuthenticationGenerator < Rails::Generator::Base
+  def manifest
+    record do |m|
+
+		#controller
+		m.file "user_controller.rb", File.join("app", "controllers", "user_controller.rb")
+
+		#models
+		m.file "identity.rb", File.join("app", "models", "identity.rb")
+		m.file "login_cookie.rb", File.join("app", "models", "login_cookie.rb")
+		m.file "user.rb", File.join("app", "models", "user.rb")
+		m.file "user_notify.rb", File.join("app", "models", "user_notify.rb")
+		
+		#user view
+		m.directory File.join("app", "views", "user")
+		m.file "user_change_password.rhtml", File.join("app", "views", "user", "change_password.rhtml")
+		m.file "user_edit.rhtml", File.join("app", "views", "user", "edit.rhtml")
+		m.file "user_forgot_password.rhtml", File.join("app", "views", "user", "forgot_password.rhtml")
+		m.file "user_login.rhtml", File.join("app", "views", "user", "login.rhtml")
+		m.file "user_show.rhtml", File.join("app", "views", "user", "show.rhtml")
+		m.file "user_signup.rhtml", File.join("app", "views", "user", "signup.rhtml")
+		
+		#user notify view
+		m.directory File.join("app", "views", "user_notify")
+		m.file "user_notify_change_password.rhtml", File.join("app", "views", "user_notify", "change_password.rhtml")
+		m.file "user_notify_forgot_password.rhtml", File.join("app", "views", "user_notify", "forgot_password.rhtml")
+		m.file "user_notify_signup.rhtml", File.join("app", "views", "user_notify", "signup.rhtml")
+      				
+		#migration
+		m.directory File.join("db", "migrate")
+		m.migration_template("migration.rb", File.join("db", "migrate"), {:migration_file_name => "create_authentication"})
+	
+		#mixins + external libs
+		m.file "smtp_tls.rb", File.join("lib", "smtp_tls.rb")
+		m.file "user_system.rb", File.join("lib", "user_system.rb")
+			
+		#environment configurations
+		m.file "user_environment.rb", File.join("config", "environments", "user_environment.rb")
+		
+		#tests
+		m.file "user_integration_test.rb", File.join("test", "integration", "user_integration_test.rb")
+		m.file "user_test.rb", File.join("test", "unit", "user_test.rb")
+
+		#test fixtures
+		m.file "identities.yml", File.join("test", "fixtures", "identities.yml")
+		m.file "login_cookies.yml", File.join("test", "fixtures", "login_cookies.yml")
+		m.file "users.yml", File.join("test", "fixtures", "users.yml")
+
+    end
+  end
+end
+

data/templates/identities.yml

@@ -0,0 +1,18 @@
+# Read about fixtures at http://ar.rubyonrails.org/classes/Fixtures.html
+identityOne:
+  id: 1
+
+identityTwo:
+  id: 2
+  
+identityThree:
+  id: 3
+
+identityFour:
+  id: 4
+
+identityFive:
+  id: 5  
+  
+identitySix:
+  id: 6    

data/templates/identity.rb

@@ -0,0 +1,4 @@
+class Identity < ActiveRecord::Base
+    has_one :user
+    has_many :login_cookies
+end

data/templates/login_cookie.rb

@@ -0,0 +1,254 @@
+class LoginCookie < ActiveRecord::Base
+    belongs_to :identity
+
+    validates_presence_of :login, :series, :token
+    validates_uniqueness_of :token
+
+    #separator for the cookie
+    @@separator = "@"
+    @@cookieSegmentLength = 10
+
+   
+
+    # exchanges the cookie or set a new cookie before entering a protected region 
+    def self.requireCookie(cookieValue)
+      if LoginCookie.authenticate(cookieValue)
+        newCookie = LoginCookie.regenerateCookie(cookieValue)
+        return newCookie
+      else
+        return LoginCookie.generateCookie
+      end
+    end
+
+
+
+    # verify the identity of a cookie
+    def self.verifyIdentity(cookieValue, identityID)
+      #defensive programming
+      if cookieValue == nil || identityID == nil
+        return false
+      end
+
+      loginValue = LoginCookie.getCookieLogin(cookieValue)
+
+      #cookie might belong to a user
+      user = User.find(:first, :conditions => ["login = ?", loginValue])
+      return identityID == user.identity_id if user != nil
+      
+      #cookie might belong to anonymous user
+      appCookie = LoginCookie.find(:first, :conditions => ["login = ?", loginValue])
+      return identityID == appCookie.identity_id if appCookie != nil
+
+      return false
+    end
+ 
+    
+
+    # setting the number of default credits
+    def self.regenerateCookie(cookieValue)
+      #defensive programming
+      if cookieValue == nil
+        raise "null inputs"
+      end
+
+      cookieFound = LoginCookie.getCookieRef(cookieValue)
+      raise "cookie not found" if cookieFound == nil
+
+      #delete the prev entry, write the new entry in
+      newCookie = self.addNewCookieEntry(cookieFound.login, 
+                                         cookieFound.series, 
+                                         self.generate_random_string(@@cookieSegmentLength),
+                                         cookieFound.identity_id)
+      cookieFound.destroy
+
+      return newCookie.login + @@separator + newCookie.series + @@separator + newCookie.token
+    end
+
+
+
+    # gets the identity of a user
+    def self.getIdentity(cookieValue)
+      #defensive programming
+      if cookieValue == nil
+        return 0
+      end
+
+      return self.getIdentityFromLogin(LoginCookie.getCookieLogin(cookieValue))
+    end
+ 
+    
+    
+    # generates a new cookie
+    def self.generateCookie(login = nil, series = nil)
+      cookieLogin = login ||= self.generate_random_string(@@cookieSegmentLength)
+      cookieSeries = series ||= self.generate_random_string(@@cookieSegmentLength)
+      cookieToken = self.generate_random_string(@@cookieSegmentLength)
+     
+      #adds it to the db
+      self.addNewCookieEntry(cookieLogin, cookieSeries, cookieToken, self.getIdentityFromLogin(login))
+
+      return cookieLogin + @@separator + cookieSeries + @@separator + cookieToken
+    end
+
+
+
+    # verify if the cookie belongs to an anonymous user
+    def self.isAnonymousIdentity(cookieValue)
+      #defensive programming
+      if cookieValue == nil 
+        return false
+      end
+
+      loginValue = LoginCookie.getCookieLogin(cookieValue)
+
+      #Indication 1: cookie must not have a login that belongs to a user
+      user = User.find(:first, :conditions => ["login = ?", loginValue])
+
+      #Indication 2: the cookie identity must not have other users
+      cookieIdentityID = self.getIdentityFromLogin(loginValue)
+      cookieIdentity = Identity.find(cookieIdentityID)
+
+      return user == nil && cookieIdentity.user == nil
+    end
+ 
+
+    
+    # verify if the cookie is anonymous
+    def self.isAnonymous(cookieValue)
+      #defensive programming
+      if cookieValue == nil 
+        return false
+      end
+
+      loginValue = LoginCookie.getCookieLogin(cookieValue)
+
+      #cookie might belong to a user
+      user = User.find(:first, :conditions => ["login = ?", loginValue])
+      return user == nil
+    end
+
+    
+    
+    # extracts the login from the cookie
+    def self.getCookieLogin(cookieValue)
+      #defensive programming
+      if cookieValue == nil
+        raise "null inputs"
+      end
+
+      cookieMatch = /([\d\w]+)@([\d\w]+)@([\d\w]+)/.match(cookieValue)
+      return cookieMatch[1]
+    end
+ 
+
+
+    # associating the cookie with the identity
+    def self.getCookieRef(cookieValue)
+      #defensive programming
+      if cookieValue == nil
+        raise "null inputs"
+      end
+
+      cookieMatch = /([\d\w]+)@([\d\w]+)@([\d\w]+)/.match(cookieValue)
+      return find(:first, :conditions => ["login = ? AND series = ? AND token = ?", cookieMatch[1], cookieMatch[2], cookieMatch[3]])
+    end
+
+
+
+    private
+    
+
+
+    # check whether the cookie exists
+    def self.authenticate(cookieValue)
+      if cookieValue == nil
+        return false
+      end
+
+      cookieMatch = /([\d\w]+)@([\d\w]+)@([\d\w]+)/.match(cookieValue)
+      cookieFound = LoginCookie.getCookieRef(cookieValue)
+        
+      if cookieFound != nil
+        return true  
+      else
+        self.verifyCookieInjection(cookieMatch[1], cookieMatch[2])
+        return false
+      end
+    end
+ 
+
+
+    # gets the identity of a user
+    def self.getIdentityFromLogin(loginValue)
+      #defensive programming
+      if loginValue == nil
+        raise "null inputs"
+      end
+      
+      #cookie might belong to a user
+      user = User.find(:first, :conditions => ["login = ?", loginValue])
+      return user.identity_id if user != nil
+      
+      #cookie might belong to anonymous user
+      appCookie = LoginCookie.find(:first, :conditions => ["login = ?", loginValue])
+      return appCookie.identity_id if appCookie != nil
+
+      #if its a new user
+      identity = Identity.new
+      identity.save
+      return identity.id
+    end
+
+
+
+    #generates a random string
+    def self.generate_random_string(length)
+      chars = ("a".."z").to_a + ("A".."Z").to_a + ("0".."9").to_a
+      newRandomStr = ""
+      1.upto(length) { |i| newRandomStr << chars[rand(chars.size-1)] }
+      return newRandomStr
+    end
+
+
+
+    #adds a new cookie to the db
+    def self.addNewCookieEntry(cookieLogin, cookieSeries, cookieToken, cookieIdentityID)
+      newLoginCookie = LoginCookie.new(:login => cookieLogin, 
+                                       :series => cookieSeries, 
+                                       :token => cookieToken, 
+                                       :identity_id => cookieIdentityID)
+      newLoginCookie.save
+      return newLoginCookie
+    end
+
+
+
+    #deletes all the cookies with the same login and series
+    def self.deleteAllCookiesOf(cookieLogin, cookieSeries)
+      #defensive programming
+      if cookieLogin == nil or cookieSeries == nil
+        raise "null inputs"
+      end
+      
+      cookiesFound = find(:all, :conditions => ["login = ? AND series = ?", cookieLogin, cookieSeries])
+      cookiesFound.each { |cookie| cookie.destroy }
+    end
+  
+
+
+    #verify if there's any cookie tampering
+    def self.verifyCookieInjection(cookieLogin, cookieSeries)
+      #defensive programming
+      if cookieLogin == nil or cookieSeries == nil
+        raise "null inputs"
+      end
+
+      cookiesFound = find(:all, :conditions => ["login = ? AND series = ?", cookieLogin, cookieSeries])
+  
+      if cookiesFound != nil
+        #SQL injection discovered, up to you to do something about it
+        self.deleteAllCookiesOf(cookieLogin, cookieSeries)
+      end
+    end
+
+end

data/templates/login_cookies.yml

@@ -0,0 +1,32 @@
+# Read about fixtures at http://ar.rubyonrails.org/classes/Fixtures.html
+#bob has 1 known cookie + 1 anonymous
+#existing bob has 1 known cookie
+#1 anonymous user cookie
+cookieOne:
+  id: 1
+  login: bob
+  series: seriesbob
+  token: tokenbob
+  identity_id: 1
+
+cookieTwo:
+  id: 2
+  login: anonymous1
+  series: seriesanonymous1
+  token: tokenanonymous1
+  identity_id: 1
+
+cookieThree:
+  id: 3
+  login: existingbob
+  series: seriesexistingbob
+  token: tokenexistingbob
+  identity_id: 2
+
+cookieFour:
+  id: 4
+  login: anonymous2
+  series: seriesanonymous2
+  token: tokenanonymous2
+  identity_id: 6
+  

data/templates/migration.rb

@@ -0,0 +1,42 @@
+class CreateAuthentication < ActiveRecord::Migration
+
+  def self.up
+    create_table "identities", :force => true do |t|
+      t.datetime "created_at"
+    end
+
+
+    create_table "users", :force => true do |t|
+      t.string   "login",           :limit => 80, :default => "",  :null => false
+      t.string   "salted_password", :limit => 40, :default => "",  :null => false
+      t.string   "email",           :limit => 60, :default => "",  :null => false
+      t.string   "salt",            :limit => 40, :default => "",  :null => false
+      t.integer  "verified",                      :default => 0
+      t.string   "security_token",  :limit => 40
+      t.datetime "created_at"
+      t.datetime "updated_at"
+      t.integer  "identity_id",                                    :null => false
+    end
+
+
+    
+    create_table "login_cookies", :force => true do |t|
+      t.string   "login",       :limit => 80, :null => false
+      t.string   "series",      :limit => 40, :null => false
+      t.string   "token",       :limit => 40, :null => false
+      t.datetime "created_at"
+      t.integer  "identity_id",               :null => false
+    end
+
+  end
+
+
+  def self.down
+    drop_table :identities
+    drop_table :users
+    drop_table :login_cookies
+  end
+
+
+ 
+end