pipa-authmagic 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
data/MIT-LICENSE ADDED
@@ -0,0 +1,20 @@
1
+ Copyright (c) 2008 Igor Gunko
2
+
3
+ Permission is hereby granted, free of charge, to any person obtaining
4
+ a copy of this software and associated documentation files (the
5
+ "Software"), to deal in the Software without restriction, including
6
+ without limitation the rights to use, copy, modify, merge, publish,
7
+ distribute, sublicense, and/or sell copies of the Software, and to
8
+ permit persons to whom the Software is furnished to do so, subject to
9
+ the following conditions:
10
+
11
+ The above copyright notice and this permission notice shall be
12
+ included in all copies or substantial portions of the Software.
13
+
14
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
15
+ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
16
+ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
17
+ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
18
+ LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
19
+ OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
20
+ WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
data/README.rdoc ADDED
@@ -0,0 +1,21 @@
1
+ Authmagic
2
+ =========
3
+
4
+ Introduction goes here.
5
+
6
+ Installation
7
+ ============
8
+
9
+ script/plugin install git://github.com/pipa/authmagic.git
10
+
11
+ or
12
+
13
+ git submodule add git://github.com/pipa/authmagic.git vendor/plugins/authmagic
14
+
15
+ Example
16
+ =======
17
+ BROKEN
18
+ script/generate authmagic user
19
+
20
+
21
+ Copyright (c) 2008 Igor Gunko, released under the MIT license
data/lib/authmagic.rb ADDED
@@ -0,0 +1,5 @@
1
+ require 'forwardable'
2
+ require 'ostruct'
3
+ require 'authmagic/exceptions'
4
+ require 'authmagic/context'
5
+ require 'authmagic/modules'
@@ -0,0 +1,35 @@
1
+ module Authmagic
2
+ class Config < OpenStruct #:nodoc:
3
+ extend Forwardable
4
+ def_delegator :table, :fetch
5
+ def_delegator :table, :[]
6
+ end
7
+
8
+ # Represents security context.
9
+ class Context
10
+ attr_reader :config, :modules
11
+
12
+ def initialize(modules, config = {})
13
+ @config = Config.new(config)
14
+ @modules = add_deps(const_modules(modules)).uniq.map! {|m| m.new(self) }
15
+ yield @config if block_given?
16
+ @modules.each(&:enroll)
17
+ end
18
+
19
+ private
20
+ def add_deps(mods, deps = [])
21
+ mods.inject(deps) do |deps, mod|
22
+ returning deps do
23
+ add_deps(const_modules(mod.const_get(:DEPENDENCIES)), deps) if mod.const_defined?(:DEPENDENCIES)
24
+ end
25
+ end
26
+ deps.push(*mods)
27
+ end
28
+
29
+ def const_modules(modules)
30
+ modules.map do |m|
31
+ m.is_a?(Class) ? m : "Authmagic::Modules::#{m.to_s.camelize}".constantize
32
+ end
33
+ end
34
+ end
35
+ end
@@ -0,0 +1,35 @@
1
+ module Authmagic
2
+ class AuthenticationError < SecurityError
3
+ end
4
+
5
+ class AccountNotFound < AuthenticationError
6
+ def initialize(msg = nil)
7
+ super(msg || 'account not found')
8
+ end
9
+ end
10
+
11
+ class BadPassword < AuthenticationError
12
+ def initialize(msg = nil)
13
+ super(msg || 'bad password')
14
+ end
15
+ end
16
+
17
+ class LoginRequired < AuthenticationError
18
+ def initialize(msg = nil)
19
+ super(msg || 'login required')
20
+ end
21
+ end
22
+
23
+ class AuthorizationError < SecurityError
24
+ end
25
+
26
+ class Unauthorized < AuthorizationError
27
+ def initialize(msg = nil)
28
+ super(msg || 'access denied')
29
+ end
30
+
31
+ def handle_response!(response)
32
+ response.status = "403 #{self}"
33
+ end
34
+ end
35
+ end
@@ -0,0 +1,4 @@
1
+ module Authmagic
2
+ module Modules
3
+ end
4
+ end
@@ -0,0 +1,8 @@
1
+ require 'authmagic/rails/modules'
2
+
3
+ class << ActionController::Base
4
+ def authmagic(*modules, &block)
5
+ context = Authmagic::Context.new(modules, :application_controller => self, &block)
6
+ define_method(:security_context) { context }
7
+ end
8
+ end
@@ -0,0 +1,5 @@
1
+ module Authmagic::Modules
2
+ autoload :ApplicationFramework, 'authmagic/rails/modules/application_framework'
3
+ autoload :LoginPassword, 'authmagic/rails/modules/login_password'
4
+ autoload :Authorization, 'authmagic/rails/modules/authorization'
5
+ end
@@ -0,0 +1,104 @@
1
+ module Authmagic
2
+ # Base framework for RESTful authentication for Rails.
3
+ class Modules::ApplicationFramework
4
+ def initialize(context)
5
+ @context = context
6
+ context.config.session = :session
7
+ context.config.principal = :user
8
+
9
+ class << ActiveRecord::Base
10
+ def acts_as_principal(options)
11
+ options.freeze
12
+ metaclass.send(:define_method, :principal_config) { options }
13
+ end
14
+ end
15
+ end
16
+
17
+ def enroll
18
+ principal = @context.config.principal
19
+ principal = principal.to_s.camelize.constantize unless principal.is_a?(Class)
20
+ @context.config.principal_config = principal.respond_to?(:principal_config) ? principal.principal_config : {}
21
+
22
+ @context.extend(ContextMethods)
23
+ @context.instance_variable_set(:@principal, principal)
24
+
25
+ session = @context.config.session
26
+ @context.config.new_session_path ||= :"new_#{session}_path"
27
+ @context.config.application_controller.send(:include, ApplicationControllerMethods)
28
+ end
29
+
30
+ module ContextMethods
31
+ attr_reader :principal
32
+ end
33
+
34
+ module ApplicationControllerMethods
35
+ def self.included(other)
36
+ other.class_eval do
37
+ helper_method :current_principal_id, :current_principal, :logged_in?, :if_logged_in
38
+ end
39
+ class << other
40
+ private
41
+ def require_login(options = {})
42
+ before_filter(:require_login!, options)
43
+ rescue_from LoginRequired, :with => :redirect_to_new_session
44
+ end
45
+
46
+ def acts_as_session_controller
47
+ include SessionControllerMethods
48
+ end
49
+ end
50
+ end
51
+
52
+ private
53
+ def current_principal_id
54
+ session[:current_principal_id]
55
+ end
56
+
57
+ def current_principal
58
+ unless defined? @current_principal
59
+ id = current_principal_id
60
+ @current_principal = security_context.principal.first(id) if id
61
+ end
62
+ @current_principal
63
+ end
64
+
65
+ def require_login!
66
+ p = current_principal
67
+ return p if p
68
+ session[:back_url] = request.url
69
+ raise LoginRequired
70
+ end
71
+
72
+ def logged_in?
73
+ !!current_principal_id
74
+ end
75
+
76
+ def if_logged_in
77
+ yield current_principal if logged_in?
78
+ end
79
+
80
+ def redirect_to_new_session
81
+ sp = security_context.config.new_session_path
82
+ sp = send(sp) if sp.is_a?(Symbol)
83
+ redirect_to(sp)
84
+ end
85
+
86
+ def redirect_back(default = nil)
87
+ redirect_to(session[:back_url] || default)
88
+ end
89
+ end
90
+
91
+ module SessionControllerMethods
92
+ def authenticate(options = {})
93
+ sess = security_context.config.session
94
+ cfg = security_context.config.principal_config
95
+ login = cfg.fetch(:login_field, :login)
96
+ password = cfg.fetch(:password_field, :password)
97
+ p = security_context.principal.authenticate(
98
+ login => options[login] || params[sess][login],
99
+ password => options[password] || params[sess][password])
100
+ session[:current_principal_id] = p.id
101
+ end
102
+ end
103
+ end
104
+ end
@@ -0,0 +1,135 @@
1
+ module Authmagic
2
+ # A simple authorization framework for Rails.
3
+ # DEPENDENCIES:: +application_framework+
4
+ class Modules::Authorization
5
+ DEPENDENCIES = [:application_framework].freeze
6
+
7
+ def initialize(context)
8
+ @context = context
9
+
10
+ context.config.resource_action_map = {
11
+ :index => :read,
12
+ :show => :read,
13
+ :new => :create,
14
+ :edit => :update,
15
+ }
16
+ end
17
+
18
+ def enroll
19
+ ActiveRecord::Base.metaclass.send(:include, ModelRestrict)
20
+ @context.principal.send(:include, PrincipalMethods)
21
+ @context.config.application_controller.metaclass.send(:include, ApplicationControllerRestrict)
22
+ end
23
+
24
+ module PrincipalMethods
25
+ def may?(action, resource)
26
+ resource.permitted?(action, self)
27
+ end
28
+ end
29
+
30
+ module Restrict
31
+ def restrict(*args, &block)
32
+ opts = args.extract_options!
33
+ routine = opts.fetch(:guests, false) ? proc {|p| p && block.call(p) } : block
34
+ hash = args.empty? ? {nil => routine} : args.inject({}) {|h, x| h[x.to_sym] = routine; h }
35
+ write_inheritable_hash(:security_permissions, hash)
36
+ include Permissions
37
+ end
38
+ end
39
+
40
+ module ApplicationControllerRestrict
41
+ include Restrict
42
+ def restrict_with_application_controller(*args, &block)
43
+ restrict_without_application_controller(*args, &block)
44
+ include ApplicationControllerMethods
45
+ end
46
+ alias_method_chain :restrict, :application_controller
47
+ end
48
+
49
+ module ModelRestrict
50
+ include Restrict
51
+ def restrict_with_model(*args, &block)
52
+ restrict_without_model(*args, &block)
53
+ include ModelMethods
54
+ end
55
+ alias_method_chain :restrict, :model
56
+ end
57
+
58
+ module Permissions
59
+ def self.included(other)
60
+ def other.security_permissions
61
+ read_inheritable_attribute(:security_permissions)
62
+ end
63
+ end
64
+
65
+ def permitted?(action, principal)
66
+ permissions = self.class.security_permissions
67
+ !(routine = permissions[action.to_sym] || permissions[nil]) || routine.call(principal)
68
+ end
69
+ end
70
+
71
+ module ApplicationControllerMethods
72
+ def self.included(other)
73
+ other.class_eval do
74
+ alias_method_chain :permitted?, :defaults
75
+ helper_method :permitted?, :permitted_on?, :if_permitted?, :if_permitted_on?
76
+ before_filter :check_authorization
77
+ rescue_from Unauthorized, :with => :handle_unauthorized
78
+ end
79
+ end
80
+
81
+ private
82
+ def check_authorization
83
+ deny! unless permitted?
84
+ end
85
+
86
+ def handle_unauthorized
87
+ render :status => :forbidden, :text => 'unauthorized'
88
+ end
89
+
90
+ def permitted_with_defaults?(action = action_name, principal = current_principal)
91
+ permitted_without_defaults?(action, principal)
92
+ end
93
+
94
+ def if_permitted(action = action_name, principal = current_principal)
95
+ yield if permitted?(action, principal)
96
+ end
97
+
98
+ def deny!
99
+ raise Unauthorized
100
+ end
101
+
102
+ def deny_if!(condition = nil)
103
+ deny! if condition
104
+ yield if block_given?
105
+ end
106
+
107
+ def permit_if!(condition = nil, &block)
108
+ deny_if!(!condition, &block)
109
+ end
110
+
111
+ def guard!(resource, action = action_name, principal = current_principal, &block)
112
+ resource.guard!(principal, _map_resource_action(action), &block)
113
+ end
114
+
115
+ def permitted_on?(resource, action = action_name, principal = current_principal)
116
+ resource.may?(principal, _map_resource_action(action))
117
+ end
118
+
119
+ def if_permitted_on(resource, action = action_name, principal = current_principal)
120
+ yield if permitted_on?(resource, action, principal)
121
+ end
122
+
123
+ def _map_resource_action(action)
124
+ security_context.config.resource_action_map.fetch(action, action)
125
+ end
126
+ end
127
+
128
+ module ModelMethods
129
+ def guard!(action, principal)
130
+ raise Unauthorized unless permitted?(action, principal)
131
+ yield if block_given?
132
+ end
133
+ end
134
+ end
135
+ end
@@ -0,0 +1,67 @@
1
+ module Authmagic
2
+ # Login/password authentication provider for Rails.
3
+ # DEPENDENCIES:: +application_framework+
4
+ class Modules::LoginPassword
5
+ DEPENDENCIES = [:application_framework].freeze
6
+
7
+ def initialize(context)
8
+ @context = context
9
+ end
10
+
11
+ def enroll
12
+ principal = @context.principal
13
+
14
+ cfg = @context.config.principal_config
15
+ login = cfg.fetch(:login_field, :login)
16
+ password = cfg.fetch(:password_field, :password)
17
+ password_set = :"#{password}="
18
+ password_valid = :"#{password}_valid?"
19
+ password_hash = cfg.fetch(:password_hash_field, :"#{password}_hash")
20
+ password_hash_set = :"#{password_hash}="
21
+ salt = cfg.fetch(:password_salt_field, :"#{password}_salt")
22
+ salt_set = :"#{salt}="
23
+ encryptor = :"encrypt_#{password}"
24
+ generate_salt = :"generate_#{salt}"
25
+
26
+ digest = cfg.fetch(:digest) do
27
+ require 'digest/sha2'
28
+ Digest::SHA512
29
+ end
30
+ digest = "Digest::#{digest.camelize}".constantize unless digest.is_a?(Class)
31
+ stretches = cfg.fetch(:stretches, 20)
32
+ salt_length = cfg.fetch(:salt_length, 64)
33
+
34
+ principal.class_eval do
35
+ self.class.send(:define_method, :authenticate) do |options|
36
+ returning first(:conditions => {login => options[login]}) do |p|
37
+ raise AccountNotFound unless p
38
+ raise BadPassword unless p.send(password_valid, options[password])
39
+ end
40
+ end
41
+
42
+ define_method password do
43
+ nil
44
+ end
45
+
46
+ define_method password_set do |passw|
47
+ send(salt_set, send(generate_salt))
48
+ send(password_hash_set, send(encryptor, passw))
49
+ end
50
+
51
+ define_method password_valid do |passw|
52
+ send(password_hash) == send(encryptor, passw)
53
+ end
54
+
55
+ define_method encryptor do |plaintext|
56
+ hash = (digest = digest.new << send(salt) << plaintext).hexdigest
57
+ stretches.times { hash = digest.hexdigest(hash) }
58
+ hash
59
+ end
60
+
61
+ define_method generate_salt do
62
+ ActiveSupport::SecureRandom.hex(salt_length)
63
+ end
64
+ end
65
+ end
66
+ end
67
+ end
data/rails/init.rb ADDED
@@ -0,0 +1,2 @@
1
+ require 'authmagic'
2
+ require 'authmagic/rails'
@@ -0,0 +1,11 @@
1
+ Description:
2
+ Creates Authmagic security config and related files.
3
+
4
+ Example:
5
+ ./script/generate authmagic user
6
+
7
+ This will create:
8
+ app/model/user.rb
9
+ app/controllers/users_controller.rb
10
+ app/controllers/sessions_controller.rb
11
+ config/initializers/security.rb
@@ -0,0 +1,18 @@
1
+ class AuthmagicGenerator < Rails::Generator::NamedBase
2
+ default_options :skip_timestamps => false, :skip_migration => false
3
+
4
+ def manifest
5
+ record do |m|
6
+ m.directory 'config/initializers'
7
+ m.dependency 'resource', [name, 'login:string', 'password_hash:string', 'password_salt:string'], :collision => :skip
8
+ m.template 'sessions_controller.rb', 'app/controllers/sessions_controller.rb'
9
+ m.dependency 'controller', ['sessions'], :collision => :skip
10
+ m.route_resources 'session'
11
+ end
12
+ end
13
+
14
+ protected
15
+ def banner
16
+ "Usage: #{$0} #{spec.name} [PrincipalName] [options]"
17
+ end
18
+ end
@@ -0,0 +1,35 @@
1
+ class AccountsController < ApplicationController
2
+ require_login :except => [:new, :create]
3
+
4
+ def new
5
+ @user = User.new
6
+ end
7
+
8
+ def create
9
+ @user = User.new(params[:user])
10
+ if @user.save
11
+ flash[:notice] = "Account registered!"
12
+ redirect_back account_url
13
+ else
14
+ render :action => :new
15
+ end
16
+ end
17
+
18
+ def show
19
+ @user = current_principal
20
+ end
21
+
22
+ def edit
23
+ @user = current_principal
24
+ end
25
+
26
+ def update
27
+ @user = current_principal
28
+ if @user.update_attributes(params[:user])
29
+ flash[:notice] = "Account updated!"
30
+ redirect_to account_url
31
+ else
32
+ render :action => :edit
33
+ end
34
+ end
35
+ end
@@ -0,0 +1,19 @@
1
+ class SessionsController < ApplicationController
2
+ def new
3
+ end
4
+
5
+ def create
6
+ authenticate
7
+ flash[:notice] = "Login successful!"
8
+ redirect_back account_url
9
+ rescue SecurityError => e
10
+ flash[:notice] = "Login failed!"
11
+ render :action => :new
12
+ end
13
+
14
+ def destroy
15
+ destroy_session
16
+ flash[:notice] = "Logout successful!"
17
+ redirect_back new_session_url
18
+ end
19
+ end
@@ -0,0 +1,8 @@
1
+ require 'test_helper'
2
+
3
+ class AuthmagicTest < ActiveSupport::TestCase
4
+ # Replace this with your real tests.
5
+ test "the truth" do
6
+ assert true
7
+ end
8
+ end
@@ -0,0 +1,3 @@
1
+ require 'rubygems'
2
+ require 'active_support'
3
+ require 'active_support/test_case'
metadata ADDED
@@ -0,0 +1,73 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: pipa-authmagic
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.0.1
5
+ platform: ruby
6
+ authors:
7
+ - Igor Gunko
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+
12
+ date: 2008-12-25 00:00:00 -08:00
13
+ default_executable:
14
+ dependencies: []
15
+
16
+ description: Easy RESTful authentication + authorization.
17
+ email: tekmon@gmail.com
18
+ executables: []
19
+
20
+ extensions: []
21
+
22
+ extra_rdoc_files:
23
+ - README.rdoc
24
+ - MIT-LICENSE
25
+ files:
26
+ - README.rdoc
27
+ - MIT-LICENSE
28
+ - lib/authmagic.rb
29
+ - lib/authmagic/context.rb
30
+ - lib/authmagic/exceptions.rb
31
+ - lib/authmagic/modules.rb
32
+ - lib/authmagic/rails.rb
33
+ - lib/authmagic/rails/modules.rb
34
+ - lib/authmagic/rails/modules/application_framework.rb
35
+ - lib/authmagic/rails/modules/login_password.rb
36
+ - lib/authmagic/rails/modules/authorization.rb
37
+ - rails/init.rb
38
+ - rails_generators/authmagic/USAGE
39
+ - rails_generators/authmagic/authmagic_generator.rb
40
+ - rails_generators/authmagic/templates/accounts_controller.rb
41
+ - rails_generators/authmagic/templates/sessions_controller.rb
42
+ has_rdoc: true
43
+ homepage: http://github.com/pipa/authmagic
44
+ post_install_message:
45
+ rdoc_options:
46
+ - --line-numbers
47
+ - --inline-source
48
+ - --main
49
+ - README.rdoc
50
+ require_paths:
51
+ - lib
52
+ required_ruby_version: !ruby/object:Gem::Requirement
53
+ requirements:
54
+ - - ">="
55
+ - !ruby/object:Gem::Version
56
+ version: "0"
57
+ version:
58
+ required_rubygems_version: !ruby/object:Gem::Requirement
59
+ requirements:
60
+ - - ">="
61
+ - !ruby/object:Gem::Version
62
+ version: "0"
63
+ version:
64
+ requirements: []
65
+
66
+ rubyforge_project:
67
+ rubygems_version: 1.2.0
68
+ signing_key:
69
+ specification_version: 2
70
+ summary: Easy RESTful authentication + authorization.
71
+ test_files:
72
+ - test/authmagic_test.rb
73
+ - test/test_helper.rb