quo_vadis 1.0.7 → 1.1.0

data/CHANGELOG.md

@@ -1,10 +1,31 @@
 # CHANGELOG
 
+## 1.1.0 (7 October 2011)
+
+* Correctly handle blank username in password reset.
+* Allow configuration of cookie domain.
+* Pass controller to signed_{in,out}_url to allow routes with options/parameters.
+* Fix bug where `signed_in_url` config setting was overwritten.
+* Harmonise bcrypt-ruby dependency with ActiveModel::SecurePassword.
+* Allow conditional validation of authentication attributes.
+* Allow authentication of any model.
+
+
+## 1.0.7 (4 October 2011)
+
+* Allow more recent bcrypt-ruby versions.
+
+
+## 1.0.6 (4 October 2011)
+
+* Fix sign-in hook when called outside Quo Vadis.
+
 
 ## 1.0.5 (23 February 2011)
 
 * Support blocking of sign-in process.
 
+
 ## 1.0.4 (22 February 2011)
 
 * Work with Rails' improved CSRF protection.

data/README.md

@@ -12,14 +12,14 @@ Features:
 * Uses BCrypt to encrypt passwords.
 * Sign in, sign out, forgotten password, authenticate actions, remember user between browser sessions.
 * Block accounts.
+* Let you choose which model(s) to authenticate (defaults to `User`).
 
 Forthcoming features:
 
 * Generate the views for you (for now, copy the examples given below).
-* Let you choose which model(s) to authenticate (currently `User`).
 * Let you choose the identification field (currently `username`).
 * HTTP basic/digest authentication (probably).
-* Generate (User) model plus migration if it doesn't exist.
+* Generate model plus migration if it doesn't exist.
 * Detect presence of `has_secure_password` (see below) and adapt appropriately.
 
 What it doesn't and won't do:
@@ -37,11 +37,11 @@ What it doesn't and won't do:
 
 If this takes you more than 5 minutes, you can have your money back ;)
 
-Install and run the generator: add `gem 'quo_vadis'` to your Gemfile, run `bundle install`, then `rails generate quo_vadis:install`.
+Install and run the generator: add `gem 'quo_vadis'` to your Gemfile, run `bundle install`, then `rails generate quo_vadis:install [MODEL_NAME]` (where model name is optional and defaults to `User`).
 
-Edit and run the generated migration to add the authentication columns: `rake db:migrate`.  Note the migration (currently) assumes you already have a `User` model.
+Edit and run the generated migration to add the authentication columns: `rake db:migrate`.  Note the migration (currently) assumes you already have a table for your model.
 
-In your `User` model, add `authenticates`:
+In your `User` (or whichever) model, add `authenticates`:
 
     class User < ActiveRecord::Base
       authenticates
@@ -114,6 +114,8 @@ You can customise the sign-in and sign-out redirects in `config/initializers/quo
 
 If you want to add other session management type features, go right ahead: create a `SessionsController` as normal and carry on.
 
+You can skip the validation of authentication attributes (password etc) by overriding `should_authenticate?` in your model.  Perhaps only some of the users should be able to sign in, so you don't want to force them to have a password.
+
 
 ## Sign up / user registration
 

data/app/controllers/controller_mixin.rb

@@ -1,72 +1,83 @@
 module ControllerMixin
   def self.included(base)
-    base.helper_method :current_user
+    base.helper_method :"current_#{QuoVadis.model_instance_name}"
   end
 
   protected
 
   def handle_unverified_request
     super
-    cookies.delete :remember_me
+    cookies.delete :remember_me, :domain => QuoVadis.cookie_domain
   end
 
   private
 
-  # Remembers the authenticated <tt>user</tt> (in this session and future sessions).
-  #
-  # If you want to sign in a <tt>user</tt> you have just created, call <tt>sign_in</tt>
-  # instead.
-  def current_user=(user)
-    remember_user_in_session user
-    remember_user_between_sessions user
-  end
+  class_eval <<-END, __FILE__, __LINE__ + 1
+    # Remembers the authenticated <tt>user</tt> (in this session and future sessions).
+    #
+    # If you want to sign in a <tt>user</tt> you have just created, call <tt>sign_in</tt>
+    # instead.
+    def current_#{QuoVadis.model_instance_name}=(user)
+      remember_user_in_session user
+      remember_user_between_sessions user
+    end
 
-  # Returns the authenticated user.
-  def current_user
-    @current_user ||= find_authenticated_user
-  end
+    # Returns the authenticated user.
+    def current_#{QuoVadis.model_instance_name}
+      @current_#{QuoVadis.model_instance_name} ||= find_authenticated_user
+    end
 
-  # Does nothing if we already have an authenticated user.  If we don't have an
-  # authenticated user, it stores the desired URL and redirects to the sign in URL.
-  def authenticate
-    unless current_user
-      session[:quo_vadis_original_url] = request.fullpath
-      flash[:notice] = t('quo_vadis.flash.sign_in.before') unless t('quo_vadis.flash.sign_in.before').blank?
-      redirect_to sign_in_url
+    # Does nothing if we already have an authenticated user.  If we don't have an
+    # authenticated user, it stores the desired URL and redirects to the sign in URL.
+    def authenticate
+      unless current_#{QuoVadis.model_instance_name}
+        session[:quo_vadis_original_url] = request.fullpath
+        flash[:notice] = t('quo_vadis.flash.sign_in.before') unless t('quo_vadis.flash.sign_in.before').blank?
+        redirect_to sign_in_url
+      end
     end
-  end
 
-  # Signs in a user, i.e. remembers them in the session, runs the sign-in hook,
-  # and redirects appropriately.
-  #
-  # This method should be called when you have just authenticated a <tt>user</tt>
-  # and you need to sign them in.  For example, if a new user has just signed up,
-  # you should call this method to sign them in.
-  def sign_in(user)
-    prevent_session_fixation
-    self.current_user = user
-    QuoVadis.signed_in_hook user, self
-    redirect_to QuoVadis.signed_in_url(user, original_url)
-  end
+    # Signs in a user, i.e. remembers them in the session, runs the sign-in hook,
+    # and redirects appropriately.
+    #
+    # This method should be called when you have just authenticated a <tt>user</tt>
+    # and you need to sign them in.  For example, if a new user has just signed up,
+    # you should call this method to sign them in.
+    def sign_in(user)
+      prevent_session_fixation
+      self.current_#{QuoVadis.model_instance_name} = user
+      QuoVadis.signed_in_hook user, self
+      redirect_to QuoVadis.signed_in_url(user, original_url, self)
+    end
+
+    def remember_user_in_session(user) # :nodoc:
+      session[:current_#{QuoVadis.model_instance_name}_id] = user ? user.id : nil
+    end
+
+    def find_user_by_cookie # :nodoc:
+      #{QuoVadis.model}.find_by_salt(*cookies.signed[:remember_me]) if cookies.signed[:remember_me]
+    end
+
+    def find_user_by_session # :nodoc:
+      #{QuoVadis.model}.find(session[:current_#{QuoVadis.model_instance_name}_id]) if session[:current_#{QuoVadis.model_instance_name}_id]
+    end
+  END
 
   # Returns true if the sign-in process is blocked to the user, false otherwise.
   def blocked?
     QuoVadis.blocked?(self)
   end
 
-  def remember_user_in_session(user) # :nodoc:
-    session[:current_user_id] = user ? user.id : nil
-  end
-
   def remember_user_between_sessions(user) # :nodoc:
     if user && QuoVadis.remember_for
       cookies.signed[:remember_me] = {
         :value    => [user.id, user.password_salt],
         :expires  => QuoVadis.remember_for.from_now,
-        :httponly => true
+        :httponly => true,
+        :domain   => QuoVadis.cookie_domain
       }
     else
-      cookies.delete :remember_me
+      cookies.delete :remember_me, :domain => QuoVadis.cookie_domain
     end
   end
 
@@ -74,14 +85,6 @@ module ControllerMixin
     find_user_by_session || find_user_by_cookie
   end
 
-  def find_user_by_cookie # :nodoc:
-    User.find_by_salt(*cookies.signed[:remember_me]) if cookies.signed[:remember_me]
-  end
-
-  def find_user_by_session # :nodoc:
-    User.find(session[:current_user_id]) if session[:current_user_id]
-  end
-
   # Returns the URL if any which the user tried to visit before being forced to authenticate.
   def original_url
     url = session[:quo_vadis_original_url]

data/app/controllers/quo_vadis/sessions_controller.rb

@@ -1,4 +1,5 @@
 class QuoVadis::SessionsController < ApplicationController
+  skip_filter :authenticate, :except => [:destroy]
   layout :quo_vadis_layout
 
   # GET sign_in_path
@@ -9,24 +10,24 @@ class QuoVadis::SessionsController < ApplicationController
   # POST sign_in_path
   def create
     if blocked?
-      flash.now[:alert] = t('quo_vadis.flash.sign_in.blocked') unless t('quo_vadis.flash.sign_in.blocked').blank?
+      flash_if_present :alert, 'quo_vadis.flash.sign_in.blocked', :now
       render 'sessions/new'
-    elsif user = User.authenticate(params[:username], params[:password])
-      flash[:notice] = t('quo_vadis.flash.sign_in.after') unless t('quo_vadis.flash.sign_in.after').blank?
+    elsif user = QuoVadis.model_class.authenticate(params[:username], params[:password])
+      flash_if_present :notice, 'quo_vadis.flash.sign_in.after'
       sign_in user
     else
       QuoVadis.failed_sign_in_hook self
-      flash.now[:alert] = t('quo_vadis.flash.sign_in.failed') unless t('quo_vadis.flash.sign_in.failed').blank?
+      flash_if_present :alert, 'quo_vadis.flash.sign_in.failed', :now
       render 'sessions/new'
     end
   end
 
   # GET sign_out_path
   def destroy
-    QuoVadis.signed_out_hook current_user, self
-    self.current_user = nil
-    flash[:notice] = t('quo_vadis.flash.sign_out') unless t('quo_vadis.flash.sign_out').blank?
-    redirect_to QuoVadis.signed_out_url
+    QuoVadis.signed_out_hook send(:"current_#{QuoVadis.model_instance_name}"), self
+    self.send :"current_#{QuoVadis.model_instance_name}=", nil
+    flash_if_present :notice, 'quo_vadis.flash.sign_out'
+    redirect_to QuoVadis.signed_out_url(self)
   end
 
   # GET forgotten_sign_in_path
@@ -35,18 +36,19 @@ class QuoVadis::SessionsController < ApplicationController
     if request.get?
       render 'sessions/forgotten'
     elsif request.post?
-      if (user = User.where(:username => params[:username]).first)
+      if params[:username].present? &&
+          (user = QuoVadis.model_class.where(:username => params[:username]).first)
         if user.email.present?
           user.generate_token
           QuoVadis::Notifier.change_password(user).deliver
-          flash[:notice] = t('quo_vadis.flash.forgotten.sent_email') unless t('quo_vadis.flash.forgotten.sent_email').blank?
+          flash_if_present :notice, 'quo_vadis.flash.forgotten.sent_email'
           redirect_to :root
         else
-          flash.now[:alert] = t('quo_vadis.flash.forgotten.no_email') unless t('quo_vadis.flash.forgotten.no_email').blank?
+          flash_if_present :alert, 'quo_vadis.flash.forgotten.no_email', :now
           render 'sessions/forgotten'
         end
       else
-        flash.now[:alert] = t('quo_vadis.flash.forgotten.unknown') unless t('quo_vadis.flash.forgotten.unknown').blank?
+        flash_if_present :alert, 'quo_vadis.flash.forgotten.unknown', :now
         render 'sessions/forgotten'
       end
     end
@@ -54,7 +56,7 @@ class QuoVadis::SessionsController < ApplicationController
 
   # GET change_password_path /sign-in/change-password/:token
   def edit
-    if User.valid_token(params[:token]).first
+    if QuoVadis.model_class.valid_token(params[:token]).first
       render 'sessions/edit'
     else
       invalid_token
@@ -63,11 +65,11 @@ class QuoVadis::SessionsController < ApplicationController
 
   # PUT change_password_path /sign-in/change-password/:token
   def update
-    if (user = User.valid_token(params[:token]).first)
+    if (user = QuoVadis.model_class.valid_token(params[:token]).first)
       user.password = params[:password]
       if user.save
         user.clear_token
-        flash[:notice] = t('quo_vadis.flash.forgotten.password_changed') unless t('quo_vadis.flash.forgotten.password_changed').blank?
+        flash_if_present :notice, 'quo_vadis.flash.forgotten.password_changed'
         sign_in user
       else
         render 'sessions/edit'
@@ -80,7 +82,7 @@ class QuoVadis::SessionsController < ApplicationController
   private
 
   def invalid_token # :nodoc:
-    flash[:alert] = t('quo_vadis.flash.forgotten.invalid_token') unless t('quo_vadis.flash.forgotten.invalid_token').blank?
+    flash_if_present :alert, 'quo_vadis.flash.forgotten.invalid_token'
     redirect_to forgotten_sign_in_url
   end
 
@@ -88,4 +90,12 @@ class QuoVadis::SessionsController < ApplicationController
     QuoVadis.layout
   end
 
+  def flash_if_present(key, i18n_key, now = false)
+    if now
+      flash.now[key] = t(i18n_key) if t(i18n_key).present?
+    else
+      flash[key] = t(i18n_key) if t(i18n_key).present?
+    end
+  end
+
 end

data/app/models/model_mixin.rb

@@ -16,13 +16,13 @@ module ModelMixin
       attr_reader    :password
       attr_protected :password_digest
 
-      validates :username,        :presence => true, :uniqueness => true
-      validates :password,        :presence => true, :if => Proc.new { |u| u.changed.include?('password_digest') }
-      validates :password_digest, :presence => true
+      validates :username,        :presence => true, :uniqueness => true, :if => :should_authenticate?
+      validates :password,        :presence => true, :if => Proc.new { |u| u.should_authenticate? && u.changed.include?('password_digest') }
+      validates :password_digest, :presence => true, :if => :should_authenticate?
 
       scope :valid_token, lambda { |token| where("token = ? AND token_created_at > ?", token, 3.hours.ago) }
 
-      instance_eval <<-END
+      instance_eval <<-END, __FILE__, __LINE__ + 1
         # Returns the user with the given <tt>username</tt> if the given password is
         # correct, and <tt>nil</tt> otherwise.
         def authenticate(username, plain_text_password)
@@ -35,7 +35,7 @@ module ModelMixin
         end
 
         def find_by_salt(id, salt) # :nodoc:
-          user = User.find_by_id id
+          user = find_by_id id
           if user && user.has_matching_salt?(salt)
             user
           else
@@ -47,6 +47,11 @@ module ModelMixin
   end
 
   module InstanceMethodsOnActivation
+    # Override this in your model if you need to bypass the Quo Vadis validations.
+    def should_authenticate?
+      true
+    end
+
     def password=(plain_text_password) # :nodoc:
       @password = plain_text_password
       self.password_digest = BCrypt::Password.create plain_text_password

data/lib/generators/quo_vadis/install_generator.rb

@@ -8,6 +8,7 @@ module QuoVadis
     extend ActiveRecord::Generators::Migration
 
     source_root File.expand_path('../templates', __FILE__)
+    argument :model_name, :type => :string, :default => 'User'
 
     desc 'Copies an initializer, a locale file, and a migration to your application.'
 
@@ -17,11 +18,11 @@ module QuoVadis
     end
 
     def copy_initializer_file
-      copy_file '../../../../config/initializers/quo_vadis.rb', 'config/initializers/quo_vadis.rb'
+      template 'quo_vadis.rb.erb', 'config/initializers/quo_vadis.rb'
     end
 
     def create_migration_file
-      migration_template 'migration.rb', 'db/migrate/add_authentication_to_users.rb'
+      migration_template 'migration.rb.erb', "db/migrate/add_authentication_to_#{model_name.tableize}.rb"
     end
 
   end

data/lib/generators/quo_vadis/templates/migration.rb.erb

@@ -0,0 +1,18 @@
+class AddAuthenticationTo<%= model_name.pluralize.camelize %> < ActiveRecord::Migration
+  def self.up
+    add_column :<%= model_name.tableize %>, :username,         :string  # for user identification
+    add_column :<%= model_name.tableize %>, :password_digest,  :string
+
+    add_column :<%= model_name.tableize %>, :email,            :string  # for forgotten-credentials
+    add_column :<%= model_name.tableize %>, :token,            :string  # for forgotten-credentials
+    add_column :<%= model_name.tableize %>, :token_created_at, :string  # for forgotten-credentials
+  end
+
+  def self.down
+    remove_column :<%= model_name.tableize %>, :username
+    remove_column :<%= model_name.tableize %>, :password_digest
+    remove_column :<%= model_name.tableize %>, :email
+    remove_column :<%= model_name.tableize %>, :token
+    remove_column :<%= model_name.tableize %>, :token_created_at
+  end
+end

data/{config/initializers/quo_vadis.rb → lib/generators/quo_vadis/templates/quo_vadis.rb.erb}

@@ -1,13 +1,17 @@
 QuoVadis.configure do |config|
 
+  # The model we want to authenticate.
+  config.model = '<%= model_name.pluralize.classify %>'
+
+
   #
   # Sign in
   #
 
   # The URL to redirect the user to after s/he signs in.
-  # Use a proc if the URL depends on the user.  E.g.:
+  # Use a proc if the URL depends on the user on controller.  E.g.:
   #
-  # config.signed_in_url = Proc.new do |user|
+  # config.signed_in_url = Proc.new do |user, controller|
   #   user.admin? ? :admin : :root
   # end
   #
@@ -36,6 +40,9 @@ QuoVadis.configure do |config|
   # Set to <tt>nil</tt> to never remember user.
   config.remember_for = 2.weeks
 
+  # The domain to use for remember-me cookies.
+  config.cookie_domain = :all
+
   # Code to run to determine whether the sign-in process is blocked to the user.  E.g.:
   #
   # config.blocked = Proc.new do |controller|
@@ -50,6 +57,11 @@ QuoVadis.configure do |config|
   #
 
   # The URL to redirect the user to after s/he signs out.
+  # Use a proc if the URL depends on the controller.  E.g.:
+  #
+  # config.signed_out_url = Proc.new do |controller|
+  #   controller.root_url(:subdomain => nil)
+  # end
   config.signed_out_url = :root
 
   # Code to run just before the user has signed out.  E.g.:

data/lib/quo_vadis/version.rb

@@ -1,3 +1,3 @@
 module QuoVadis
-  VERSION = '1.0.7'
+  VERSION = '1.1.0'
 end

data/lib/quo_vadis.rb

@@ -3,6 +3,19 @@ require 'active_support/core_ext/numeric/time'
 
 module QuoVadis
 
+  # The model we want to authenticate.
+  mattr_accessor :model # :nodoc:
+  @@model = 'User'
+
+  def self.model_class # :nodoc
+    @@model.constantize
+  end
+
+  def self.model_instance_name # :nodoc
+    @@model.tableize.singularize  # e.g. 'user'
+  end
+
+
   #
   # Sign in
   #
@@ -16,11 +29,11 @@ module QuoVadis
   mattr_accessor :override_original_url
   @@override_original_url = false
 
-  def self.signed_in_url(user, original_url) # :nodoc:
+  def self.signed_in_url(user, original_url, controller) # :nodoc:
     if original_url && !@@override_original_url
       original_url
     else
-      @@signed_in_url.respond_to?(:call) ?  @@signed_in_url.call(user) : @@signed_in_url
+      @@signed_in_url.respond_to?(:call) ?  @@signed_in_url.call(user, controller) : @@signed_in_url
     end
   end
 
@@ -44,6 +57,10 @@ module QuoVadis
   mattr_accessor :remember_for
   @@remember_for = 2.weeks
 
+  # The domain to use for remember-me cookies.
+  mattr_accessor :cookie_domain
+  @@cookie_domain = :all
+
 
   # Whether the sign-in process is blocked to the user.
   mattr_writer :blocked
@@ -60,7 +77,11 @@ module QuoVadis
 
   # The URL to redirect the user to after s/he signs out.
   mattr_accessor :signed_out_url
-  @@signed_in_url = :root
+  @@signed_out_url = :root
+
+  def self.signed_out_url(controller) # :nodoc:
+    @@signed_out_url.respond_to?(:call) ? @@signed_out_url.call(controller) : @@signed_out_url
+  end
 
 
   # Code to run just before the user has signed out.

data/quo_vadis.gemspec

@@ -20,7 +20,7 @@ Gem::Specification.new do |s|
   s.require_paths = ['lib']
 
   s.add_dependency 'rails',       '~>3.0'
-  s.add_dependency 'bcrypt-ruby', '>= 2.1.4'
+  s.add_dependency 'bcrypt-ruby', '~> 3.0.0'
 
   s.add_development_dependency 'rails', '>=3.0.4'  # so we can test CSRF protection
   s.add_development_dependency 'sqlite3-ruby'

data/test/dummy/.gitignore

@@ -1 +1,2 @@
 db/*.sqlite3
+tmp

data/test/dummy/app/models/person.rb

@@ -0,0 +1,3 @@
+class Person < ActiveRecord::Base
+  authenticates
+end

data/test/dummy/app/views/layouts/application.html.erb

@@ -9,11 +9,17 @@
 <body>
 
   <div id='topnav'>
-    <% if current_user %>
+    <% if defined?(current_user) && current_user %>
       You are signed in as <%= current_user.name %>.
       <%= link_to 'Sign out', sign_out_path %>
+
+    <% elsif defined?(current_person) && current_person %>
+      You are signed in as <%= current_person.name %>.
+      <%= link_to 'Sign out', sign_out_path %>
+
     <% else %>
       <%= link_to 'Sign in', sign_in_path %>
+
     <% end %>
   </div>
 

data/test/dummy/db/migrate/20111004112209_create_people.rb

@@ -0,0 +1,13 @@
+class CreatePeople < ActiveRecord::Migration
+  def self.up
+    create_table :people do |t|
+      t.string :name
+
+      t.timestamps
+    end
+  end
+
+  def self.down
+    drop_table :people
+  end
+end

data/test/dummy/db/migrate/20111004132342_add_authentication_to_people.rb

@@ -0,0 +1,18 @@
+class AddAuthenticationToPeople < ActiveRecord::Migration
+  def self.up
+    add_column :people, :username,         :string  # for user identification
+    add_column :people, :password_digest,  :string
+
+    add_column :people, :email,            :string  # for forgotten-credentials
+    add_column :people, :token,            :string  # for forgotten-credentials
+    add_column :people, :token_created_at, :string  # for forgotten-credentials
+  end
+
+  def self.down
+    remove_column :people, :username
+    remove_column :people, :password_digest
+    remove_column :people, :email
+    remove_column :people, :token
+    remove_column :people, :token_created_at
+  end
+end

data/test/integration/config_test.rb

@@ -18,13 +18,13 @@ class ConfigTest < ActiveSupport::IntegrationCase
   end
 
   test 'signed_in_url proc config' do
-    QuoVadis.signed_in_url = Proc.new do |user|
+    QuoVadis.signed_in_url = Proc.new do |user, controller|
       user.name == 'Bob' ? :articles : :root
     end
     sign_in_as 'bob', 'secret'
     assert_equal articles_path, current_path
 
-    QuoVadis.signed_in_url = Proc.new do |user|
+    QuoVadis.signed_in_url = Proc.new do |user, controller|
       user.name != 'Bob' ? :articles : :root
     end
     sign_in_as 'bob', 'secret'

data/test/integration/forgotten_test.rb

@@ -6,6 +6,16 @@ class ForgottenTest < ActiveSupport::IntegrationCase
     Capybara.reset_sessions!
   end
 
+  test 'user fills in forgotten-password form with blank username' do
+    u = user_factory 'Bob', 'bob', 'secret'
+    u.update_attribute :username, ''
+    submit_forgotten_details ''
+    assert_equal forgotten_sign_in_path, current_path
+    within '.flash.alert' do
+      assert page.has_content?("Sorry, we did not recognise you.")
+    end
+  end
+
   test 'user fills in forgotten-password form with invalid username' do
     submit_forgotten_details 'bob'
     assert_equal forgotten_sign_in_path, current_path

data/test/integration/sign_in_person_test.rb

@@ -0,0 +1,26 @@
+require 'test_helper'
+
+class SignInPersonTest < ActiveSupport::IntegrationCase
+
+  # NOTE: it would be great if I could figure out how to re-initialise the method's
+  # mixed into the controller with the new model.
+  test 'successful sign in for a non-user model' do
+    puts <<-END
+    NOTE: this test (#{__FILE__}) has to be run individually like this:
+
+    1. Change lib/quo_vadis.rb's @@model to 'Person'.
+    2. Uncomment the test code.
+    3. bundle exec ruby -Ilib:test #{__FILE__}
+
+    END
+
+    # person_factory 'James', 'jim', 'secret'
+    # sign_in_as 'jim', 'secret'
+
+    # assert_equal root_path, current_path
+    # within '.flash.notice' do
+    #   assert page.has_content?('You have successfully signed in.')
+    # end
+  end
+
+end

data/test/test_helper.rb

@@ -42,8 +42,13 @@ def user_factory(name, username, password, email = nil)
   User.create! :name => name, :username => username, :password => password, :email => email
 end
 
+def person_factory(name, username, password, email = nil)
+  Person.create! :name => name, :username => username, :password => password, :email => email
+end
+
 def reset_quo_vadis_configuration
   QuoVadis.signed_in_url         = :root
+  QuoVadis.cookie_domain         = :all
   QuoVadis.override_original_url = false
   QuoVadis.signed_out_url        = :root
   QuoVadis.signed_in_hook        = nil

data/test/unit/user_test.rb

@@ -28,4 +28,21 @@ class UserTest < ActiveSupport::TestCase
     assert user.has_matching_password?('secret')
   end
 
+  test 'conditional validation' do
+    user = User.new
+    user.class_eval <<-END
+      def should_authenticate?
+        username == 'bob'
+      end
+    END
+    user.username = 'bob'
+    assert !user.valid?
+
+    user.username = 'robert'
+    assert user.valid?
+
+    user.username = nil
+    assert user.valid?
+  end
+
 end

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: quo_vadis
 version: !ruby/object:Gem::Version 
-  hash: 25
+  hash: 19
   prerelease: 
   segments: 
   - 1
+  - 1
   - 0
-  - 7
-  version: 1.0.7
+  version: 1.1.0
 platform: ruby
 authors: 
 - Andy Stewart
@@ -15,7 +15,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2011-10-03 00:00:00 +02:00
+date: 2011-10-07 00:00:00 +02:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -39,14 +39,14 @@ dependencies:
   version_requirements: &id002 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
-    - - ">="
+    - - ~>
       - !ruby/object:Gem::Version 
-        hash: 3
+        hash: 7
         segments: 
-        - 2
-        - 1
-        - 4
-        version: 2.1.4
+        - 3
+        - 0
+        - 0
+        version: 3.0.0
   type: :runtime
   requirement: *id002
 - !ruby/object:Gem::Dependency 
@@ -128,11 +128,11 @@ files:
 - app/controllers/quo_vadis/sessions_controller.rb
 - app/mailers/quo_vadis/notifier.rb
 - app/models/model_mixin.rb
-- config/initializers/quo_vadis.rb
 - config/locales/quo_vadis.en.yml
 - config/routes.rb
 - lib/generators/quo_vadis/install_generator.rb
-- lib/generators/quo_vadis/templates/migration.rb
+- lib/generators/quo_vadis/templates/migration.rb.erb
+- lib/generators/quo_vadis/templates/quo_vadis.rb.erb
 - lib/quo_vadis.rb
 - lib/quo_vadis/engine.rb
 - lib/quo_vadis/version.rb
@@ -145,6 +145,7 @@ files:
 - test/dummy/app/helpers/application_helper.rb
 - test/dummy/app/helpers/articles_helper.rb
 - test/dummy/app/models/article.rb
+- test/dummy/app/models/person.rb
 - test/dummy/app/models/user.rb
 - test/dummy/app/views/articles/index.html.erb
 - test/dummy/app/views/articles/new.html.erb
@@ -175,6 +176,8 @@ files:
 - test/dummy/db/migrate/20110124125037_create_users.rb
 - test/dummy/db/migrate/20110124131535_create_articles.rb
 - test/dummy/db/migrate/20110127094709_add_authentication_to_users.rb
+- test/dummy/db/migrate/20111004112209_create_people.rb
+- test/dummy/db/migrate/20111004132342_add_authentication_to_people.rb
 - test/dummy/db/schema.rb
 - test/dummy/public/404.html
 - test/dummy/public/422.html
@@ -188,11 +191,6 @@ files:
 - test/dummy/public/javascripts/rails.js
 - test/dummy/public/stylesheets/.gitkeep
 - test/dummy/script/rails
-- test/dummy/tmp/capybara/capybara-20110124133149.html
-- test/dummy/tmp/capybara/capybara-20110124133340.html
-- test/dummy/tmp/capybara/capybara-20110124134001.html
-- test/dummy/tmp/capybara/capybara-20110124134214.html
-- test/dummy/tmp/capybara/capybara-20110124135435.html
 - test/integration/authenticate_test.rb
 - test/integration/blocked_test.rb
 - test/integration/config_test.rb
@@ -202,6 +200,7 @@ files:
 - test/integration/helper_test.rb
 - test/integration/locale_test.rb
 - test/integration/navigation_test.rb
+- test/integration/sign_in_person_test.rb
 - test/integration/sign_in_test.rb
 - test/integration/sign_out_test.rb
 - test/integration/sign_up_test.rb
@@ -252,6 +251,7 @@ test_files:
 - test/dummy/app/helpers/application_helper.rb
 - test/dummy/app/helpers/articles_helper.rb
 - test/dummy/app/models/article.rb
+- test/dummy/app/models/person.rb
 - test/dummy/app/models/user.rb
 - test/dummy/app/views/articles/index.html.erb
 - test/dummy/app/views/articles/new.html.erb
@@ -282,6 +282,8 @@ test_files:
 - test/dummy/db/migrate/20110124125037_create_users.rb
 - test/dummy/db/migrate/20110124131535_create_articles.rb
 - test/dummy/db/migrate/20110127094709_add_authentication_to_users.rb
+- test/dummy/db/migrate/20111004112209_create_people.rb
+- test/dummy/db/migrate/20111004132342_add_authentication_to_people.rb
 - test/dummy/db/schema.rb
 - test/dummy/public/404.html
 - test/dummy/public/422.html
@@ -295,11 +297,6 @@ test_files:
 - test/dummy/public/javascripts/rails.js
 - test/dummy/public/stylesheets/.gitkeep
 - test/dummy/script/rails
-- test/dummy/tmp/capybara/capybara-20110124133149.html
-- test/dummy/tmp/capybara/capybara-20110124133340.html
-- test/dummy/tmp/capybara/capybara-20110124134001.html
-- test/dummy/tmp/capybara/capybara-20110124134214.html
-- test/dummy/tmp/capybara/capybara-20110124135435.html
 - test/integration/authenticate_test.rb
 - test/integration/blocked_test.rb
 - test/integration/config_test.rb
@@ -309,6 +306,7 @@ test_files:
 - test/integration/helper_test.rb
 - test/integration/locale_test.rb
 - test/integration/navigation_test.rb
+- test/integration/sign_in_person_test.rb
 - test/integration/sign_in_test.rb
 - test/integration/sign_out_test.rb
 - test/integration/sign_up_test.rb

data/lib/generators/quo_vadis/templates/migration.rb

@@ -1,18 +0,0 @@
-class AddAuthenticationToUsers < ActiveRecord::Migration
-  def self.up
-    add_column :users, :username,         :string  # for user identification
-    add_column :users, :password_digest,  :string
-
-    add_column :users, :email,            :string  # for forgotten-credentials
-    add_column :users, :token,            :string  # for forgotten-credentials
-    add_column :users, :token_created_at, :string  # for forgotten-credentials
-  end
-
-  def self.down
-    remove_column :users, :username
-    remove_column :users, :password_digest
-    remove_column :users, :email
-    remove_column :users, :token
-    remove_column :users, :token_created_at
-  end
-end

data/test/dummy/tmp/capybara/capybara-20110124133149.html

@@ -1,27 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-  <title>Dummy</title>
-  
-  <script src="/Users/andy/code/src/quo_vadis/test/dummy/public/javascripts/prototype.js?1295870562" type="text/javascript"></script>
-<script src="/Users/andy/code/src/quo_vadis/test/dummy/public/javascripts/effects.js?1295870562" type="text/javascript"></script>
-<script src="/Users/andy/code/src/quo_vadis/test/dummy/public/javascripts/dragdrop.js?1295870562" type="text/javascript"></script>
-<script src="/Users/andy/code/src/quo_vadis/test/dummy/public/javascripts/controls.js?1295870562" type="text/javascript"></script>
-<script src="/Users/andy/code/src/quo_vadis/test/dummy/public/javascripts/rails.js?1295870562" type="text/javascript"></script>
-<script src="/Users/andy/code/src/quo_vadis/test/dummy/public/javascripts/application.js?1295870562" type="text/javascript"></script>
-  
-</head>
-<body>
-
-  <div id='topnav'>
-      You are signed in as Bob.
-      <a href="/sign-out">Sign out</a>
-  </div>
-
-    <div class='flash notice'>You have successfully signed in.</div>
-
-<h1>Articles</h1>
-
-
-</body>
-</html>

data/test/dummy/tmp/capybara/capybara-20110124133340.html

@@ -1,27 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-  <title>Dummy</title>
-  
-  <script src="/Users/andy/code/src/quo_vadis/test/dummy/public/javascripts/prototype.js?1295870562" type="text/javascript"></script>
-<script src="/Users/andy/code/src/quo_vadis/test/dummy/public/javascripts/effects.js?1295870562" type="text/javascript"></script>
-<script src="/Users/andy/code/src/quo_vadis/test/dummy/public/javascripts/dragdrop.js?1295870562" type="text/javascript"></script>
-<script src="/Users/andy/code/src/quo_vadis/test/dummy/public/javascripts/controls.js?1295870562" type="text/javascript"></script>
-<script src="/Users/andy/code/src/quo_vadis/test/dummy/public/javascripts/rails.js?1295870562" type="text/javascript"></script>
-<script src="/Users/andy/code/src/quo_vadis/test/dummy/public/javascripts/application.js?1295870562" type="text/javascript"></script>
-  
-</head>
-<body>
-
-  <div id='topnav'>
-      You are signed in as Bob.
-      <a href="/sign-out">Sign out</a>
-  </div>
-
-    <div class='flash notice'>You have successfully signed in.</div>
-
-<h1>Articles</h1>
-
-
-</body>
-</html>

data/test/dummy/tmp/capybara/capybara-20110124134001.html

@@ -1,27 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-  <title>Dummy</title>
-  
-  <script src="/Users/andy/code/src/quo_vadis/test/dummy/public/javascripts/prototype.js?1295870562" type="text/javascript"></script>
-<script src="/Users/andy/code/src/quo_vadis/test/dummy/public/javascripts/effects.js?1295870562" type="text/javascript"></script>
-<script src="/Users/andy/code/src/quo_vadis/test/dummy/public/javascripts/dragdrop.js?1295870562" type="text/javascript"></script>
-<script src="/Users/andy/code/src/quo_vadis/test/dummy/public/javascripts/controls.js?1295870562" type="text/javascript"></script>
-<script src="/Users/andy/code/src/quo_vadis/test/dummy/public/javascripts/rails.js?1295870562" type="text/javascript"></script>
-<script src="/Users/andy/code/src/quo_vadis/test/dummy/public/javascripts/application.js?1295870562" type="text/javascript"></script>
-  
-</head>
-<body>
-
-  <div id='topnav'>
-      You are signed in as Bob.
-      <a href="/sign-out">Sign out</a>
-  </div>
-
-    <div class='flash notice'>You have successfully signed in.</div>
-
-<h1>Articles</h1>
-
-
-</body>
-</html>

data/test/dummy/tmp/capybara/capybara-20110124134214.html

@@ -1,27 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-  <title>Dummy</title>
-  
-  <script src="/Users/andy/code/src/quo_vadis/test/dummy/public/javascripts/prototype.js?1295870562" type="text/javascript"></script>
-<script src="/Users/andy/code/src/quo_vadis/test/dummy/public/javascripts/effects.js?1295870562" type="text/javascript"></script>
-<script src="/Users/andy/code/src/quo_vadis/test/dummy/public/javascripts/dragdrop.js?1295870562" type="text/javascript"></script>
-<script src="/Users/andy/code/src/quo_vadis/test/dummy/public/javascripts/controls.js?1295870562" type="text/javascript"></script>
-<script src="/Users/andy/code/src/quo_vadis/test/dummy/public/javascripts/rails.js?1295870562" type="text/javascript"></script>
-<script src="/Users/andy/code/src/quo_vadis/test/dummy/public/javascripts/application.js?1295870562" type="text/javascript"></script>
-  
-</head>
-<body>
-
-  <div id='topnav'>
-      You are signed in as Bob.
-      <a href="/sign-out">Sign out</a>
-  </div>
-
-    <div class='flash notice'>You have successfully signed in.</div>
-
-<h1>Articles</h1>
-
-
-</body>
-</html>

data/test/dummy/tmp/capybara/capybara-20110124135435.html

@@ -1,39 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-  <title>Dummy</title>
-  
-  <script src="/Users/andy/code/src/quo_vadis/test/dummy/public/javascripts/prototype.js?1295870562" type="text/javascript"></script>
-<script src="/Users/andy/code/src/quo_vadis/test/dummy/public/javascripts/effects.js?1295870562" type="text/javascript"></script>
-<script src="/Users/andy/code/src/quo_vadis/test/dummy/public/javascripts/dragdrop.js?1295870562" type="text/javascript"></script>
-<script src="/Users/andy/code/src/quo_vadis/test/dummy/public/javascripts/controls.js?1295870562" type="text/javascript"></script>
-<script src="/Users/andy/code/src/quo_vadis/test/dummy/public/javascripts/rails.js?1295870562" type="text/javascript"></script>
-<script src="/Users/andy/code/src/quo_vadis/test/dummy/public/javascripts/application.js?1295870562" type="text/javascript"></script>
-  
-</head>
-<body>
-
-  <div id='topnav'>
-      <a href="/sign-in">Sign in</a>
-  </div>
-
-    <div class='flash notice'>Please sign in first.</div>
-
-<h1>Sign in</h1>
-
-<form accept-charset="UTF-8" action="/sign-in" method="post"><div style="margin:0;padding:0;display:inline"><input name="utf8" type="hidden" value="&#x2713;" /></div>
-  <p>
-    <label for="username">Username</label>
-    <input id="username" name="username" type="text" />
-  </p>
-  <p>
-    <label for="password">Password</label>
-    <input id="password" name="password" type="password" />
-  </p>
-  <p>
-    <input name="commit" type="submit" value="Sign in" />
-  </p>
-</form>
-
-</body>
-</html>