pipa-authmagic 0.0.1

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright (c) 2008 Igor Gunko
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.rdoc

@@ -0,0 +1,21 @@
+Authmagic
+=========
+
+Introduction goes here.
+
+Installation
+============
+
+    script/plugin install git://github.com/pipa/authmagic.git
+
+    or
+
+    git submodule add git://github.com/pipa/authmagic.git vendor/plugins/authmagic
+
+Example
+=======
+BROKEN
+    script/generate authmagic user
+
+
+Copyright (c) 2008 Igor Gunko, released under the MIT license

data/lib/authmagic.rb

@@ -0,0 +1,5 @@
+require 'forwardable'
+require 'ostruct'
+require 'authmagic/exceptions'
+require 'authmagic/context'
+require 'authmagic/modules'

data/lib/authmagic/context.rb

@@ -0,0 +1,35 @@
+module Authmagic
+  class Config < OpenStruct #:nodoc:
+    extend Forwardable
+    def_delegator :table, :fetch
+    def_delegator :table, :[]
+  end
+
+  # Represents security context.
+  class Context
+    attr_reader :config, :modules
+
+    def initialize(modules, config = {})
+      @config = Config.new(config)
+      @modules = add_deps(const_modules(modules)).uniq.map! {|m| m.new(self) }
+      yield @config if block_given?
+      @modules.each(&:enroll)
+    end
+
+    private
+    def add_deps(mods, deps = [])
+      mods.inject(deps) do |deps, mod|
+        returning deps do
+          add_deps(const_modules(mod.const_get(:DEPENDENCIES)), deps) if mod.const_defined?(:DEPENDENCIES)
+        end
+      end
+      deps.push(*mods)
+    end
+
+    def const_modules(modules)
+      modules.map do |m|
+        m.is_a?(Class) ? m : "Authmagic::Modules::#{m.to_s.camelize}".constantize
+      end
+    end
+  end
+end

data/lib/authmagic/exceptions.rb

@@ -0,0 +1,35 @@
+module Authmagic
+  class AuthenticationError < SecurityError
+  end
+
+  class AccountNotFound < AuthenticationError
+    def initialize(msg = nil)
+      super(msg || 'account not found')
+    end
+  end
+
+  class BadPassword < AuthenticationError
+    def initialize(msg = nil)
+      super(msg || 'bad password')
+    end
+  end
+
+  class LoginRequired < AuthenticationError
+    def initialize(msg = nil)
+      super(msg || 'login required')
+    end
+  end
+
+  class AuthorizationError < SecurityError
+  end
+
+  class Unauthorized < AuthorizationError
+    def initialize(msg = nil)
+      super(msg || 'access denied')
+    end
+
+    def handle_response!(response)
+      response.status = "403 #{self}"
+    end
+  end
+end

data/lib/authmagic/modules.rb

@@ -0,0 +1,4 @@
+module Authmagic
+  module Modules
+  end
+end

data/lib/authmagic/rails.rb

@@ -0,0 +1,8 @@
+require 'authmagic/rails/modules'
+
+class << ActionController::Base
+  def authmagic(*modules, &block)
+    context = Authmagic::Context.new(modules, :application_controller => self, &block)
+    define_method(:security_context) { context }
+  end
+end

data/lib/authmagic/rails/modules.rb

@@ -0,0 +1,5 @@
+module Authmagic::Modules
+  autoload :ApplicationFramework, 'authmagic/rails/modules/application_framework'
+  autoload :LoginPassword, 'authmagic/rails/modules/login_password'
+  autoload :Authorization, 'authmagic/rails/modules/authorization'
+end

data/lib/authmagic/rails/modules/application_framework.rb

@@ -0,0 +1,104 @@
+module Authmagic
+  # Base framework for RESTful authentication for Rails.
+  class Modules::ApplicationFramework
+    def initialize(context)
+      @context = context
+      context.config.session = :session
+      context.config.principal = :user
+
+      class << ActiveRecord::Base
+        def acts_as_principal(options)
+          options.freeze
+          metaclass.send(:define_method, :principal_config) { options }
+        end
+      end
+    end
+
+    def enroll
+      principal = @context.config.principal
+      principal = principal.to_s.camelize.constantize unless principal.is_a?(Class)
+      @context.config.principal_config = principal.respond_to?(:principal_config) ? principal.principal_config : {}
+
+      @context.extend(ContextMethods)
+      @context.instance_variable_set(:@principal, principal)
+
+      session = @context.config.session
+      @context.config.new_session_path ||= :"new_#{session}_path"
+      @context.config.application_controller.send(:include, ApplicationControllerMethods)
+    end
+
+    module ContextMethods
+      attr_reader :principal
+    end
+
+    module ApplicationControllerMethods
+      def self.included(other)
+        other.class_eval do
+          helper_method :current_principal_id, :current_principal, :logged_in?, :if_logged_in
+        end
+        class << other
+          private
+          def require_login(options = {})
+            before_filter(:require_login!, options)
+            rescue_from LoginRequired, :with => :redirect_to_new_session
+          end
+
+          def acts_as_session_controller
+            include SessionControllerMethods
+          end
+        end
+      end
+
+      private
+      def current_principal_id
+        session[:current_principal_id]
+      end
+
+      def current_principal
+        unless defined? @current_principal
+          id = current_principal_id
+          @current_principal = security_context.principal.first(id) if id
+        end
+        @current_principal
+      end
+
+      def require_login!
+        p = current_principal
+        return p if p
+        session[:back_url] = request.url
+        raise LoginRequired
+      end
+
+      def logged_in?
+        !!current_principal_id
+      end
+
+      def if_logged_in
+        yield current_principal if logged_in?
+      end
+
+      def redirect_to_new_session
+        sp = security_context.config.new_session_path
+        sp = send(sp) if sp.is_a?(Symbol)
+        redirect_to(sp)
+      end
+
+      def redirect_back(default = nil)
+        redirect_to(session[:back_url] || default)
+      end
+    end
+
+    module SessionControllerMethods
+      def authenticate(options = {})
+        sess = security_context.config.session
+        cfg = security_context.config.principal_config
+        login = cfg.fetch(:login_field, :login)
+        password = cfg.fetch(:password_field, :password)
+        p = security_context.principal.authenticate(
+          login => options[login] || params[sess][login],
+          password => options[password] || params[sess][password])
+        session[:current_principal_id] = p.id
+      end
+    end
+  end
+end

data/lib/authmagic/rails/modules/authorization.rb

@@ -0,0 +1,135 @@
+module Authmagic
+  # A simple authorization framework for Rails.
+  # DEPENDENCIES:: +application_framework+
+  class Modules::Authorization
+    DEPENDENCIES = [:application_framework].freeze
+
+    def initialize(context)
+      @context = context
+
+      context.config.resource_action_map = {
+        :index => :read,
+        :show => :read,
+        :new => :create,
+        :edit => :update,
+      }
+    end
+
+    def enroll
+      ActiveRecord::Base.metaclass.send(:include, ModelRestrict)
+      @context.principal.send(:include, PrincipalMethods)
+      @context.config.application_controller.metaclass.send(:include, ApplicationControllerRestrict)
+    end
+
+    module PrincipalMethods
+      def may?(action, resource)
+        resource.permitted?(action, self)
+      end
+    end
+
+    module Restrict
+      def restrict(*args, &block)
+        opts = args.extract_options!
+        routine = opts.fetch(:guests, false) ? proc {|p| p && block.call(p) } : block
+        hash = args.empty? ? {nil => routine} : args.inject({}) {|h, x| h[x.to_sym] = routine; h }
+        write_inheritable_hash(:security_permissions, hash)
+        include Permissions
+      end
+    end
+
+    module ApplicationControllerRestrict
+      include Restrict
+      def restrict_with_application_controller(*args, &block)
+        restrict_without_application_controller(*args, &block)
+        include ApplicationControllerMethods
+      end
+      alias_method_chain :restrict, :application_controller
+    end
+
+    module ModelRestrict
+      include Restrict
+      def restrict_with_model(*args, &block)
+        restrict_without_model(*args, &block)
+        include ModelMethods
+      end
+      alias_method_chain :restrict, :model
+    end
+
+    module Permissions
+      def self.included(other)
+        def other.security_permissions
+          read_inheritable_attribute(:security_permissions)
+        end
+      end
+
+      def permitted?(action, principal)
+        permissions = self.class.security_permissions
+        !(routine = permissions[action.to_sym] || permissions[nil]) || routine.call(principal)
+      end
+    end
+
+    module ApplicationControllerMethods
+      def self.included(other)
+        other.class_eval do
+          alias_method_chain :permitted?, :defaults
+          helper_method :permitted?, :permitted_on?, :if_permitted?, :if_permitted_on?
+          before_filter :check_authorization
+          rescue_from Unauthorized, :with => :handle_unauthorized
+        end
+      end
+
+      private
+      def check_authorization
+        deny! unless permitted?
+      end
+
+      def handle_unauthorized
+        render :status => :forbidden, :text => 'unauthorized'
+      end
+
+      def permitted_with_defaults?(action = action_name, principal = current_principal)
+        permitted_without_defaults?(action, principal)
+      end
+
+      def if_permitted(action = action_name, principal = current_principal)
+        yield if permitted?(action, principal)
+      end
+
+      def deny!
+        raise Unauthorized
+      end
+
+      def deny_if!(condition = nil)
+        deny! if condition
+        yield if block_given?
+      end
+
+      def permit_if!(condition = nil, &block)
+        deny_if!(!condition, &block)
+      end
+
+      def guard!(resource, action = action_name, principal = current_principal, &block)
+        resource.guard!(principal, _map_resource_action(action), &block)
+      end
+
+      def permitted_on?(resource, action = action_name, principal = current_principal)
+        resource.may?(principal, _map_resource_action(action))
+      end
+
+      def if_permitted_on(resource, action = action_name, principal = current_principal)
+        yield if permitted_on?(resource, action, principal)
+      end
+
+      def _map_resource_action(action)
+        security_context.config.resource_action_map.fetch(action, action)
+      end
+    end
+
+    module ModelMethods
+      def guard!(action, principal)
+        raise Unauthorized unless permitted?(action, principal)
+        yield if block_given?
+      end
+    end
+  end
+end

data/lib/authmagic/rails/modules/login_password.rb

@@ -0,0 +1,67 @@
+module Authmagic
+  # Login/password authentication provider for Rails.
+  # DEPENDENCIES:: +application_framework+
+  class Modules::LoginPassword
+    DEPENDENCIES = [:application_framework].freeze
+
+    def initialize(context)
+      @context = context
+    end
+
+    def enroll
+      principal = @context.principal
+
+      cfg = @context.config.principal_config
+      login = cfg.fetch(:login_field, :login)
+      password = cfg.fetch(:password_field, :password)
+      password_set = :"#{password}="
+      password_valid = :"#{password}_valid?"
+      password_hash = cfg.fetch(:password_hash_field, :"#{password}_hash")
+      password_hash_set = :"#{password_hash}="
+      salt = cfg.fetch(:password_salt_field, :"#{password}_salt")
+      salt_set = :"#{salt}="
+      encryptor = :"encrypt_#{password}"
+      generate_salt = :"generate_#{salt}"
+
+      digest = cfg.fetch(:digest) do
+        require 'digest/sha2'
+        Digest::SHA512
+      end
+      digest = "Digest::#{digest.camelize}".constantize unless digest.is_a?(Class)
+      stretches = cfg.fetch(:stretches, 20)
+      salt_length = cfg.fetch(:salt_length, 64)
+
+      principal.class_eval do
+        self.class.send(:define_method, :authenticate) do |options|
+          returning first(:conditions => {login => options[login]}) do |p|
+            raise AccountNotFound unless p
+            raise BadPassword unless p.send(password_valid, options[password])
+          end
+        end
+
+        define_method password do
+          nil
+        end
+
+        define_method password_set do |passw|
+          send(salt_set, send(generate_salt))
+          send(password_hash_set, send(encryptor, passw))
+        end
+
+        define_method password_valid do |passw|
+          send(password_hash) == send(encryptor, passw)
+        end
+
+        define_method encryptor do |plaintext|
+          hash = (digest = digest.new << send(salt) << plaintext).hexdigest
+          stretches.times { hash = digest.hexdigest(hash) }
+          hash
+        end
+
+        define_method generate_salt do
+          ActiveSupport::SecureRandom.hex(salt_length)
+        end
+      end
+    end
+  end
+end

data/rails/init.rb

@@ -0,0 +1,2 @@
+require 'authmagic'
+require 'authmagic/rails'

data/rails_generators/authmagic/USAGE

@@ -0,0 +1,11 @@
+Description:
+    Creates Authmagic security config and related files.
+
+Example:
+    ./script/generate authmagic user
+
+    This will create:
+        app/model/user.rb
+        app/controllers/users_controller.rb
+        app/controllers/sessions_controller.rb
+        config/initializers/security.rb

data/rails_generators/authmagic/authmagic_generator.rb

@@ -0,0 +1,18 @@
+class AuthmagicGenerator < Rails::Generator::NamedBase
+  default_options :skip_timestamps => false, :skip_migration => false
+
+  def manifest
+    record do |m|
+      m.directory 'config/initializers'
+      m.dependency 'resource', [name, 'login:string', 'password_hash:string', 'password_salt:string'], :collision => :skip
+      m.template 'sessions_controller.rb', 'app/controllers/sessions_controller.rb'
+      m.dependency 'controller', ['sessions'], :collision => :skip
+      m.route_resources 'session'
+    end
+  end
+
+  protected
+  def banner
+    "Usage: #{$0} #{spec.name} [PrincipalName] [options]"
+  end
+end

data/rails_generators/authmagic/templates/accounts_controller.rb

@@ -0,0 +1,35 @@
+class AccountsController < ApplicationController
+  require_login :except => [:new, :create]
+
+  def new
+    @user = User.new
+  end
+
+  def create
+    @user = User.new(params[:user])
+    if @user.save
+      flash[:notice] = "Account registered!"
+      redirect_back account_url
+    else
+      render :action => :new
+    end
+  end
+
+  def show
+    @user = current_principal
+  end
+
+  def edit
+    @user = current_principal
+  end
+
+  def update
+    @user = current_principal
+    if @user.update_attributes(params[:user])
+      flash[:notice] = "Account updated!"
+      redirect_to account_url
+    else
+      render :action => :edit
+    end
+  end
+end

data/rails_generators/authmagic/templates/sessions_controller.rb

@@ -0,0 +1,19 @@
+class SessionsController < ApplicationController
+  def new
+  end
+
+  def create
+    authenticate
+    flash[:notice] = "Login successful!"
+    redirect_back account_url
+  rescue SecurityError => e
+    flash[:notice] = "Login failed!"
+    render :action => :new
+  end
+
+  def destroy
+    destroy_session
+    flash[:notice] = "Logout successful!"
+    redirect_back new_session_url
+  end
+end

data/test/authmagic_test.rb

@@ -0,0 +1,8 @@
+require 'test_helper'
+
+class AuthmagicTest < ActiveSupport::TestCase
+  # Replace this with your real tests.
+  test "the truth" do
+    assert true
+  end
+end

data/test/test_helper.rb

@@ -0,0 +1,3 @@
+require 'rubygems'
+require 'active_support'
+require 'active_support/test_case'

metadata

@@ -0,0 +1,73 @@
+--- !ruby/object:Gem::Specification 
+name: pipa-authmagic
+version: !ruby/object:Gem::Version 
+  version: 0.0.1
+platform: ruby
+authors: 
+- Igor Gunko
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2008-12-25 00:00:00 -08:00
+default_executable: 
+dependencies: []
+
+description: Easy RESTful authentication + authorization.
+email: tekmon@gmail.com
+executables: []
+
+extensions: []
+
+extra_rdoc_files: 
+- README.rdoc
+- MIT-LICENSE
+files: 
+- README.rdoc
+- MIT-LICENSE
+- lib/authmagic.rb
+- lib/authmagic/context.rb
+- lib/authmagic/exceptions.rb
+- lib/authmagic/modules.rb
+- lib/authmagic/rails.rb
+- lib/authmagic/rails/modules.rb
+- lib/authmagic/rails/modules/application_framework.rb
+- lib/authmagic/rails/modules/login_password.rb
+- lib/authmagic/rails/modules/authorization.rb
+- rails/init.rb
+- rails_generators/authmagic/USAGE
+- rails_generators/authmagic/authmagic_generator.rb
+- rails_generators/authmagic/templates/accounts_controller.rb
+- rails_generators/authmagic/templates/sessions_controller.rb
+has_rdoc: true
+homepage: http://github.com/pipa/authmagic
+post_install_message: 
+rdoc_options: 
+- --line-numbers
+- --inline-source
+- --main
+- README.rdoc
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+  version: 
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+  version: 
+requirements: []
+
+rubyforge_project: 
+rubygems_version: 1.2.0
+signing_key: 
+specification_version: 2
+summary: Easy RESTful authentication + authorization.
+test_files: 
+- test/authmagic_test.rb
+- test/test_helper.rb