pillowfort 0.1.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: dc163e24085705f50d12a3a32b6e117d5d9bbad4
+  data.tar.gz: 854b47f3081729b9d72d0fda086d370b561083e5
+SHA512:
+  metadata.gz: ee784476931c9b559307ef274d36da12a320dd103e84a3b2d5c86528afc6abe524f819fd4c4ca24fb782c460518deb96dff9e11077e0a8dea9d275f6b1e91c2b
+  data.tar.gz: 8b72dd59a2514733e3277967690e2f0c929428786cd8519b93a160bcfca8e6bcd5c0c559fa5d9aad46a9501795413eff1d875db288cd0ff3e0f25aca128c5ab2

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright 2015 Tim Lowrimore
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/Rakefile

@@ -0,0 +1,24 @@
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+
+require 'rdoc/task'
+
+RDoc::Task.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'Pillowfort'
+  rdoc.options << '--line-numbers'
+  rdoc.rdoc_files.include('README.rdoc')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+
+
+load 'rails/tasks/statistics.rake'
+
+
+
+Bundler::GemHelper.install_tasks
+

data/app/controllers/pillowfort/concerns/controller_authentication.rb

@@ -0,0 +1,46 @@
+require 'pillowfort/model_context'
+
+module Pillowfort
+  module Concerns::ControllerAuthentication
+    extend ActiveSupport::Concern
+    include ActionController::HttpAuthentication::Basic::ControllerMethods
+
+    included do
+      before_filter :authenticate_from_account_token!
+    end
+
+    private
+
+    def authenticate_from_account_token!
+      context         = Pillowfort::ModelContext
+      resource_class  = context.model_class
+
+      ensure_resource_reader(context)
+
+      authenticate_or_request_with_http_basic do |email, token|
+        resource_class.authenticate_securely(email, token) do |resource|
+          @authentication_resource = resource
+        end
+      end
+
+      allow_client_to_handle_unauthorized_status
+    end
+
+    def ensure_resource_reader(context)
+      reader_name = context.resource_reader_name
+      return if respond_to? reader_name
+
+      self.class.send :define_method, reader_name do
+        @authentication_resource
+      end
+    end
+
+    # This is necessary, as it allows Cordova to properly delegate 401 response
+    # handling to our application.  If we keep this header, Cordova will defer
+    # handling to iOS, and we'll never see the 401 status in the app... it'll just
+    # do nothing.
+    def allow_client_to_handle_unauthorized_status
+      headers.delete('WWW-Authenticate')
+    end
+  end
+end

data/app/models/pillowfort/concerns/model_authentication.rb

@@ -0,0 +1,111 @@
+require 'bcrypt'
+require 'pillowfort/model_context'
+
+module Pillowfort
+  module Concerns::ModelAuthentication
+    extend ActiveSupport::Concern
+    include BCrypt
+
+    MIN_PASSWORD_LENGTH = 8
+
+    included do
+      Pillowfort::ModelContext.model_class = self
+
+      # Provided by Rails
+      has_secure_password
+
+      validates :email, presence: true, uniqueness: true
+      validates :password, length: { minimum: MIN_PASSWORD_LENGTH }
+
+      before_save :ensure_auth_token
+
+      def ensure_auth_token
+        reset_auth_token if auth_token.blank?
+      end
+
+      def reset_auth_token
+        self.auth_token             = generate_auth_token
+        self.auth_token_expires_at  = 1.day.from_now
+      end
+
+      def reset_auth_token!
+        reset_auth_token
+        save validate: false
+      end
+
+      def token_expired?
+        auth_token_expires_at <= Time.now
+      end
+
+      private
+
+      def touch_token_expiry!
+        update_column :auth_token_expires_at, 1.day.from_now
+      end
+
+      def generate_auth_token
+        resource_class = self.class
+        loop do
+          token = resource_class.friendly_token
+          break token unless resource_class.where(auth_token: token).first
+        end
+      end
+    end
+
+    module ClassMethods
+      def authenticate_securely(email, token)
+        return false if email.blank? || token.blank?
+
+        transaction do
+          resource = find_by_email(email)
+
+          if resource
+
+            # if the resource token is expired, reset it and
+            # return false, triggering a 401
+            if resource.token_expired?
+              resource.reset_auth_token!
+              return false
+            else
+              if secure_compare(resource.auth_token, token)
+
+                # If the resource successfully authenticates within the alotted window
+                # of time, we'll extend the window.
+                resource.send :touch_token_expiry!
+                yield resource
+              end
+            end
+          end
+        end
+      end
+
+      def find_and_authenticate(email, password)
+        resource = find_by_email(email)
+
+        if resource && resource.authenticate(password)
+          resource.tap do |u|
+            u.reset_auth_token!
+          end
+        else
+          return false
+        end
+      end
+
+      # constant-time comparison algorithm to prevent timing attacks.  Lifted
+      # from Devise.
+      def secure_compare(a, b)
+        return false if a.blank? || b.blank? || a.bytesize != b.bytesize
+        l = a.unpack "C#{a.bytesize}"
+
+        res = 0
+        b.each_byte { |byte| res |= byte ^ l.shift }
+        res == 0
+      end
+
+      # Generates a value for our auth token.  Lifted from Devise.
+      def friendly_token
+        SecureRandom.base64(32).tr('+/=lIO0', 'pqrsxyz')
+      end
+    end
+  end
+end

data/config/routes.rb

@@ -0,0 +1,2 @@
+Rails.application.routes.draw do
+end

data/lib/pillowfort.rb

@@ -0,0 +1,4 @@
+require "pillowfort/engine"
+
+module Pillowfort
+end

data/lib/pillowfort/engine.rb

@@ -0,0 +1,7 @@
+module Pillowfort
+  class Engine < ::Rails::Engine
+    config.generators do |g|
+      g.test_framework :rspec
+    end
+  end
+end

data/lib/pillowfort/model_context.rb

@@ -0,0 +1,32 @@
+require "pillowfort/pillow_fight"
+
+module Pillowfort::ModelContext
+  mattr_accessor :model_class
+
+  def self.resource_reader_name
+    begin
+      "current_#{model_class.name.underscore}"
+    rescue NoMethodError => nme
+      Pillowfort::PillowFight.error_message <<-EOF
+      It seems no `model_class` can be found.  The likely culprit is:
+
+      1.) You forgot to include Pillowfort::Concerns::ModelAuthentication into
+      the model of your choosing.
+      2.) You forgot to set `config.eager_load` to `true`, in your environment
+      config (e.g. development.rb)
+
+      If neither of the aforementioned options are the issue, you've likely
+      found a bug.  Please report it at:
+
+      https://github.com/coroutine/pillowfort/issues
+
+      Cheers!
+      Coroutine
+
+      EOF
+
+      # rethrow
+      raise nme
+    end
+  end
+end

data/lib/pillowfort/pillow_fight.rb

@@ -0,0 +1,11 @@
+module Pillowfort::PillowFight
+  def self.error_message(msg)
+    puts "\e[31m"
+    puts '*'*80
+    puts "#{' '*34}Pillow Fight!"
+    puts '*'*80
+    puts msg
+    puts '*'*80
+    puts "\e[0m"
+  end
+end

data/lib/pillowfort/version.rb

@@ -0,0 +1,3 @@
+module Pillowfort
+  VERSION = "0.1.1"
+end

data/lib/tasks/pillowfort_tasks.rake

@@ -0,0 +1,4 @@
+# desc "Explaining what the task does"
+# task :pillowfort do
+#   # Task goes here
+# end

metadata

@@ -0,0 +1,125 @@
+--- !ruby/object:Gem::Specification
+name: pillowfort
+version: !ruby/object:Gem::Version
+  version: 0.1.1
+platform: ruby
+authors:
+- Tim Lowrimore
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2015-01-29 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 4.2.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 4.2.0
+- !ruby/object:Gem::Dependency
+  name: bcrypt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.1.7
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.1.7
+- !ruby/object:Gem::Dependency
+  name: sqlite3
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec-rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: factory_girl_rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Opinionated, session-less API authentication
+email:
+- tlowrimore@coroutine.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- MIT-LICENSE
+- Rakefile
+- app/controllers/pillowfort/concerns/controller_authentication.rb
+- app/models/pillowfort/concerns/model_authentication.rb
+- config/routes.rb
+- lib/pillowfort.rb
+- lib/pillowfort/engine.rb
+- lib/pillowfort/model_context.rb
+- lib/pillowfort/pillow_fight.rb
+- lib/pillowfort/version.rb
+- lib/tasks/pillowfort_tasks.rake
+homepage: https://github.com/coroutine/pillowfort
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.4.5
+signing_key: 
+specification_version: 4
+summary: Opinionated, session-less API authentication
+test_files: []