pipa-authmagic 0.0.9 → 0.1
Sign up to get free protection for your applications and to get access to all the features.
- data/lib/authmagic/rails/modules.rb +2 -0
- data/lib/authmagic/rails/modules/application_framework.rb +7 -76
- data/lib/authmagic/rails/modules/authorization.rb +19 -104
- data/lib/authmagic/rails/modules/login_password.rb +19 -3
- data/rails_generators/authmagic/templates/sessions_controller.rb +2 -2
- metadata +2 -2
@@ -2,4 +2,6 @@ module Authmagic::Modules
|
|
2
2
|
autoload :ApplicationFramework, 'authmagic/rails/modules/application_framework'
|
3
3
|
autoload :LoginPassword, 'authmagic/rails/modules/login_password'
|
4
4
|
autoload :Authorization, 'authmagic/rails/modules/authorization'
|
5
|
+
autoload :LoginRedirector, 'authmagic/rails/modules/login_redirector'
|
6
|
+
autoload :Aliaser, 'authmagic/rails/modules/aliaser'
|
5
7
|
end
|
@@ -4,38 +4,21 @@ module Authmagic
|
|
4
4
|
def initialize(context)
|
5
5
|
@context = context
|
6
6
|
context.config.session = :session
|
7
|
-
|
8
|
-
|
9
|
-
class << ActiveRecord::Base
|
10
|
-
def acts_as_principal(options)
|
11
|
-
options.freeze
|
12
|
-
metaclass.send(:define_method, :principal_config) { options }
|
13
|
-
end
|
14
|
-
end
|
7
|
+
context.config.principal = Config.new(:class_name => :user)
|
15
8
|
end
|
16
9
|
|
17
10
|
def enroll
|
18
|
-
principal = @context.config.principal
|
11
|
+
principal = @context.config.principal.class_name
|
19
12
|
principal = principal.to_s.camelize.constantize unless principal.is_a?(Class)
|
20
|
-
@context.config.principal_config = principal.respond_to?(:principal_config) ? principal.principal_config : {}
|
21
13
|
|
22
14
|
@context.extend(ContextMethods)
|
23
15
|
@context.instance_variable_set(:@principal, principal)
|
24
16
|
|
25
|
-
|
26
|
-
|
27
|
-
context = @context
|
17
|
+
@context.config.session_controller_name ||= "#{@context.config.session.to_s.camelize.pluralize}Controller"
|
18
|
+
@context.config.new_session_path ||= :"new_#{@context.config.session}_path"
|
28
19
|
@context.config.application_controller.class_eval do
|
29
20
|
include ApplicationControllerMethods
|
30
|
-
|
31
|
-
unless bn == 'principal'
|
32
|
-
cp = "current_#{bn}"
|
33
|
-
cpid = "#{cp}_id"
|
34
|
-
private
|
35
|
-
alias_method cp, :current_principal
|
36
|
-
alias_method cpid, :current_principal_id
|
37
|
-
helper_method cp, cpid
|
38
|
-
end
|
21
|
+
helper_method :current_principal_id, :current_principal, :logged_in?, :if_logged_in
|
39
22
|
end
|
40
23
|
end
|
41
24
|
|
@@ -44,75 +27,23 @@ module Authmagic
|
|
44
27
|
end
|
45
28
|
|
46
29
|
module ApplicationControllerMethods
|
47
|
-
def self.included(other)
|
48
|
-
other.class_eval do
|
49
|
-
helper_method :current_principal_id, :current_principal, :logged_in?, :if_logged_in
|
50
|
-
end
|
51
|
-
class << other
|
52
|
-
private
|
53
|
-
def require_login(options = {})
|
54
|
-
before_filter(:require_login!, options)
|
55
|
-
rescue_from LoginRequired, :with => :redirect_to_new_session
|
56
|
-
end
|
57
|
-
|
58
|
-
def acts_as_session_controller
|
59
|
-
include SessionControllerMethods
|
60
|
-
end
|
61
|
-
end
|
62
|
-
end
|
63
|
-
|
64
30
|
private
|
65
31
|
def current_principal_id
|
66
32
|
session[:current_principal_id]
|
67
33
|
end
|
68
34
|
|
69
|
-
def current_principal
|
35
|
+
def current_principal(options = {})
|
70
36
|
id = current_principal_id
|
71
|
-
id && security_context.principal.find(id) rescue ActiveRecord::RecordNotFound nil
|
72
|
-
end
|
73
|
-
|
74
|
-
def require_login!
|
75
|
-
p = current_principal
|
76
|
-
return p if p
|
77
|
-
session[:back_url] = request.url
|
78
|
-
raise LoginRequired
|
37
|
+
id && security_context.principal.find(id, options) rescue ActiveRecord::RecordNotFound nil
|
79
38
|
end
|
80
39
|
|
81
40
|
def logged_in?
|
82
41
|
!!current_principal_id
|
83
42
|
end
|
84
43
|
|
85
|
-
def if_logged_in
|
86
|
-
yield current_principal if logged_in?
|
87
|
-
end
|
88
|
-
|
89
|
-
def redirect_to_new_session
|
90
|
-
sp = security_context.config.new_session_path
|
91
|
-
sp = send(sp) if sp.is_a?(Symbol)
|
92
|
-
redirect_to(sp)
|
93
|
-
end
|
94
|
-
|
95
|
-
def redirect_back(default = nil)
|
96
|
-
u, session[:back_url] = session[:back_url], nil
|
97
|
-
redirect_to(u || default)
|
98
|
-
end
|
99
|
-
|
100
44
|
def unauthenticate
|
101
45
|
session[:current_principal_id] = nil
|
102
46
|
end
|
103
47
|
end
|
104
|
-
|
105
|
-
module SessionControllerMethods
|
106
|
-
def authenticate(options = {})
|
107
|
-
sess = security_context.config.session
|
108
|
-
cfg = security_context.config.principal_config
|
109
|
-
login = cfg.fetch(:login_field, :login)
|
110
|
-
password = cfg.fetch(:password_field, :password)
|
111
|
-
p = security_context.principal.authenticate(
|
112
|
-
login => options[login] || params[sess][login],
|
113
|
-
password => options[password] || params[sess][password])
|
114
|
-
session[:current_principal_id], session[:current_principal] = p.id, p
|
115
|
-
end
|
116
|
-
end
|
117
48
|
end
|
118
49
|
end
|
@@ -6,130 +6,45 @@ module Authmagic
|
|
6
6
|
|
7
7
|
def initialize(context)
|
8
8
|
@context = context
|
9
|
-
|
10
|
-
context.config.resource_action_map = {
|
11
|
-
:index => :read,
|
12
|
-
:show => :read,
|
13
|
-
:new => :create,
|
14
|
-
:edit => :update,
|
15
|
-
}
|
16
9
|
end
|
17
10
|
|
18
11
|
def enroll
|
19
|
-
|
20
|
-
@context.principal.send(:include, PrincipalMethods)
|
21
|
-
@context.config.application_controller.metaclass.send(:include, ApplicationControllerRestrict)
|
22
|
-
end
|
23
|
-
|
24
|
-
module PrincipalMethods
|
25
|
-
def may?(action, resource)
|
26
|
-
resource.permitted?(action, self)
|
27
|
-
end
|
28
|
-
end
|
29
|
-
|
30
|
-
module Restrict
|
31
|
-
def restrict(*args, &block)
|
32
|
-
opts = args.extract_options!
|
33
|
-
routine = opts.fetch(:guests, false) ? proc {|p| p && block.call(p) } : block
|
34
|
-
hash = args.empty? ? {nil => routine} : args.inject({}) {|h, x| h[x.to_sym] = routine; h }
|
35
|
-
write_inheritable_hash(:security_permissions, hash)
|
36
|
-
include Permissions
|
37
|
-
end
|
38
|
-
end
|
39
|
-
|
40
|
-
module ApplicationControllerRestrict
|
41
|
-
include Restrict
|
42
|
-
def restrict_with_application_controller(*args, &block)
|
43
|
-
restrict_without_application_controller(*args, &block)
|
44
|
-
include ApplicationControllerMethods
|
45
|
-
end
|
46
|
-
alias_method_chain :restrict, :application_controller
|
12
|
+
@context.config.application_controller.send(:include, ControllerMethods)
|
47
13
|
end
|
48
14
|
|
49
|
-
module
|
50
|
-
|
51
|
-
|
52
|
-
|
53
|
-
|
15
|
+
module ControllerClassMethods
|
16
|
+
private
|
17
|
+
def require_principal(opts = {}, &block)
|
18
|
+
before_filter opts do |controller|
|
19
|
+
controller.instance_eval { deny_action! unless block && block.call(current_principal) }
|
20
|
+
end
|
54
21
|
end
|
55
|
-
alias_method_chain :restrict, :model
|
56
|
-
end
|
57
22
|
|
58
|
-
|
59
|
-
|
60
|
-
def other.security_permissions
|
61
|
-
read_inheritable_attribute(:security_permissions)
|
62
|
-
end
|
23
|
+
def require_known_principal(opts = {}, &block)
|
24
|
+
require_principal(opts) {|p| p && (!block || block.call(p)) }
|
63
25
|
end
|
64
26
|
|
65
|
-
|
66
|
-
|
67
|
-
|
68
|
-
|
69
|
-
end
|
27
|
+
def require_login(opts = {})
|
28
|
+
require_known_principal(opts)
|
29
|
+
end
|
30
|
+
end
|
70
31
|
|
71
|
-
|
32
|
+
module ControllerMethods
|
72
33
|
def self.included(other)
|
73
34
|
other.class_eval do
|
74
|
-
|
75
|
-
|
76
|
-
before_filter :check_authorization
|
77
|
-
rescue_from Unauthorized, :with => :handle_unauthorized
|
35
|
+
extend ControllerClassMethods
|
36
|
+
rescue_from Unauthorized, :with => :forbid!
|
78
37
|
end
|
79
38
|
end
|
80
39
|
|
81
40
|
private
|
82
|
-
def
|
83
|
-
|
41
|
+
def deny_action!
|
42
|
+
raise Unauthorized
|
84
43
|
end
|
85
44
|
|
86
|
-
def
|
45
|
+
def forbid!
|
87
46
|
head :forbidden
|
88
47
|
end
|
89
|
-
|
90
|
-
def permitted_with_defaults?(action = action_name, principal = current_principal)
|
91
|
-
permitted_without_defaults?(action, principal)
|
92
|
-
end
|
93
|
-
|
94
|
-
def if_permitted(action = action_name, principal = current_principal)
|
95
|
-
yield if permitted?(action, principal)
|
96
|
-
end
|
97
|
-
|
98
|
-
def deny!
|
99
|
-
raise Unauthorized
|
100
|
-
end
|
101
|
-
|
102
|
-
def deny_if!(condition = nil)
|
103
|
-
deny! if condition
|
104
|
-
yield if block_given?
|
105
|
-
end
|
106
|
-
|
107
|
-
def permit_if!(condition = nil, &block)
|
108
|
-
deny_if!(!condition, &block)
|
109
|
-
end
|
110
|
-
|
111
|
-
def guard!(resource, action = action_name, principal = current_principal, &block)
|
112
|
-
resource.guard!(principal, _map_resource_action(action), &block)
|
113
|
-
end
|
114
|
-
|
115
|
-
def permitted_on?(resource, action = action_name, principal = current_principal)
|
116
|
-
resource.may?(principal, _map_resource_action(action))
|
117
|
-
end
|
118
|
-
|
119
|
-
def if_permitted_on(resource, action = action_name, principal = current_principal)
|
120
|
-
yield if permitted_on?(resource, action, principal)
|
121
|
-
end
|
122
|
-
|
123
|
-
def _map_resource_action(action)
|
124
|
-
security_context.config.resource_action_map.fetch(action, action)
|
125
|
-
end
|
126
|
-
end
|
127
|
-
|
128
|
-
module ModelMethods
|
129
|
-
def guard!(action, principal)
|
130
|
-
raise Unauthorized unless permitted?(action, principal)
|
131
|
-
yield if block_given?
|
132
|
-
end
|
133
48
|
end
|
134
49
|
end
|
135
50
|
end
|
@@ -11,11 +11,11 @@ module Authmagic
|
|
11
11
|
def enroll
|
12
12
|
principal = @context.principal
|
13
13
|
|
14
|
-
cfg = @context.config.
|
14
|
+
cfg = @context.config.principal
|
15
15
|
login = cfg.fetch(:login_field, :login)
|
16
16
|
case_sensitive = case cfg.fetch(:compare, :case_sensitive)
|
17
|
-
when :case_sensitive then true
|
18
|
-
when :case_insensitive then false
|
17
|
+
when :cs, :case_sensitive then true
|
18
|
+
when :ci, :case_insensitive then false
|
19
19
|
else raise 'bad :compare value'
|
20
20
|
end
|
21
21
|
password = cfg.fetch(:password_field, :password)
|
@@ -91,6 +91,22 @@ module Authmagic
|
|
91
91
|
define_method generate_salt do
|
92
92
|
ActiveSupport::SecureRandom.send(secran_salt, salt_length)
|
93
93
|
end
|
94
|
+
end
|
95
|
+
|
96
|
+
@context.config.session_controller_name.constantize.send(:include, SessionControllerMethods)
|
97
|
+
end
|
98
|
+
|
99
|
+
module SessionControllerMethods
|
100
|
+
private
|
101
|
+
def authenticate_with_login_password(options = {})
|
102
|
+
sess = security_context.config.session
|
103
|
+
cfg = security_context.config.principal
|
104
|
+
login = cfg.fetch(:login_field, :login)
|
105
|
+
password = cfg.fetch(:password_field, :password)
|
106
|
+
p = security_context.principal.authenticate(
|
107
|
+
login => options[login] || params[sess][login],
|
108
|
+
password => options[password] || params[sess][password])
|
109
|
+
session[:current_principal_id] = p.id
|
94
110
|
end
|
95
111
|
end
|
96
112
|
end
|
@@ -3,7 +3,7 @@ class SessionsController < ApplicationController
|
|
3
3
|
end
|
4
4
|
|
5
5
|
def create
|
6
|
-
|
6
|
+
authenticate_with_login_password
|
7
7
|
flash[:notice] = "Login successful!"
|
8
8
|
redirect_back account_url
|
9
9
|
rescue SecurityError => e
|
@@ -12,7 +12,7 @@ class SessionsController < ApplicationController
|
|
12
12
|
end
|
13
13
|
|
14
14
|
def destroy
|
15
|
-
|
15
|
+
unauthenticate
|
16
16
|
flash[:notice] = "Logout successful!"
|
17
17
|
redirect_back new_session_url
|
18
18
|
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: pipa-authmagic
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: "0.1"
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Igor Gunko
|
@@ -9,7 +9,7 @@ autorequire:
|
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
11
|
|
12
|
-
date: 2009-01-
|
12
|
+
date: 2009-01-21 00:00:00 -08:00
|
13
13
|
default_executable:
|
14
14
|
dependencies:
|
15
15
|
- !ruby/object:Gem::Dependency
|