quo_vadis 1.3.2 → 2.0.1

data/app/controllers/controller_mixin.rb

@@ -1,109 +0,0 @@
-module ControllerMixin
-  def self.included(base)
-    base.helper_method :"current_#{QuoVadis.model_instance_name}", :authenticated?
-  end
-
-  protected
-
-  def handle_unverified_request
-    super
-    cookies.delete :remember_me, :domain => QuoVadis.cookie_domain
-  end
-
-  private
-
-  class_eval <<-END, __FILE__, __LINE__ + 1
-    # Returns `true` if we have an authenticated user, `false` otherwise.
-    def authenticated?
-      !!current_#{QuoVadis.model_instance_name}
-    end
-
-    # Remembers the authenticated <tt>user</tt> (in this session and future sessions).
-    #
-    # If you want to sign in a <tt>user</tt> you have just created, call <tt>sign_in</tt>
-    # instead.
-    def current_#{QuoVadis.model_instance_name}=(user)
-      remember_user_in_session user
-      remember_user_between_sessions user
-    end
-
-    # Returns the authenticated user.
-    def current_#{QuoVadis.model_instance_name}
-      @current_#{QuoVadis.model_instance_name} ||= find_authenticated_user
-    end
-
-    # Does nothing if we already have an authenticated user.  If we don't have an
-    # authenticated user, it stores the desired URL and redirects to the sign in URL.
-    def authenticate
-      unless authenticated?
-        session[:quo_vadis_original_url] = request.fullpath
-        flash[:notice] = t('quo_vadis.flash.sign_in.before') unless t('quo_vadis.flash.sign_in.before').blank?
-        redirect_to sign_in_url
-      end
-    end
-
-    # Signs in a user, i.e. remembers them in the session, runs the sign-in hook,
-    # and redirects appropriately.
-    #
-    # This method should be called when you have just authenticated a <tt>user</tt>
-    # and you need to sign them in.  For example, if a new user has just signed up,
-    # you should call this method to sign them in.
-    def sign_in(user)
-      prevent_session_fixation
-      self.current_#{QuoVadis.model_instance_name} = user
-      QuoVadis.signed_in_hook user, self
-      redirect_to QuoVadis.signed_in_url(user, original_url, self)
-    end
-
-    def remember_user_in_session(user) # :nodoc:
-      session[:current_#{QuoVadis.model_instance_name}_id] = user ? user.id : nil
-    end
-
-    def find_user_by_cookie # :nodoc:
-      #{QuoVadis.model}.find_by_salt(*cookies.signed[:remember_me]) if cookies.signed[:remember_me]
-    end
-
-    def find_user_by_session # :nodoc:
-      #{QuoVadis.model}.find(session[:current_#{QuoVadis.model_instance_name}_id]) if session[:current_#{QuoVadis.model_instance_name}_id]
-    end
-  END
-
-  # Returns true if the sign-in process is blocked to the user, false otherwise.
-  def blocked?
-    QuoVadis.blocked?(self)
-  end
-
-  def remember_user_between_sessions(user) # :nodoc:
-    if user && QuoVadis.remember_for
-      cookies.signed[:remember_me] = {
-        :value    => [user.id, user.password_salt],
-        :expires  => QuoVadis.remember_for.from_now,
-        :httponly => true,
-        :domain   => QuoVadis.cookie_domain
-      }
-    else
-      cookies.delete :remember_me, :domain => QuoVadis.cookie_domain
-    end
-  end
-
-  def find_authenticated_user # :nodoc:
-    find_user_by_session || find_user_by_cookie
-  end
-
-  # Returns the URL if any which the user tried to visit before being forced to authenticate.
-  def original_url
-    url = session[:quo_vadis_original_url]
-    session[:quo_vadis_original_url] = nil
-    url
-  end
-
-  def prevent_session_fixation # :nodoc:
-    original_flash = flash.inject({}) { |hsh, (k,v)| hsh[k] = v; hsh }
-    original_url = session[:quo_vadis_original_url]
-
-    reset_session
-
-    original_flash.each { |k,v| flash[k] = v }
-    session[:quo_vadis_original_url] = original_url
-  end
-end

data/app/mailers/quo_vadis/notifier.rb

@@ -1,30 +0,0 @@
-module QuoVadis
-  class Notifier < ActionMailer::Base
-
-    # Sends an email to <tt>user</tt> with a link to a page where they
-    # can change their password.
-    def change_password(user)
-      @username = user.username
-      @url = change_password_url user.token
-      mail :to => user.email, :from => QuoVadis.from, :subject => QuoVadis.subject_change_password
-    end
-
-    # Sends an email to <tt>user</tt> with a link to a page where they
-    # can choose their username and password.
-    #
-    # `data` - hash of data to pass to view via instance variables.  A key of `:foo`
-    #          will be available via `@foo`.  `:from` and `:subject` are deleted from
-    #          the hash and used to override `QuoVadis#from` and `#subject_invitation`.
-    def invite(user, data = {})
-      @user = user
-      @url = invitation_url user.token
-      
-      from    = data.delete(:from)    || QuoVadis.from
-      subject = data.delete(:subject) || QuoVadis.subject_invitation
-      
-      data.each { |k,v| instance_variable_set :"@#{k}", v }
-      mail :to => user.email, :from => from, :subject => subject
-    end
-
-  end
-end

data/app/models/model_mixin.rb

@@ -1,128 +0,0 @@
-require 'bcrypt'
-
-module ModelMixin
-
-  def self.included(base)
-    base.send :extend, ClassMethods
-  end
-
-  module ClassMethods
-    # Adds methods to set and authenticate against a password stored encrypted by BCrypt.
-    # Also adds methods to generate and clear a token, used to retrieve the record of a
-    # user who has forgotten their password.
-    #
-    # Note that if a password isn't supplied when creating a user, the error will be on
-    # the `password_digest` attribute.
-    def authenticates
-      send :include, InstanceMethodsOnActivation
-
-      attr_reader    :password
-      attr_protected :password_digest
-
-      validates :username,        :presence => true, :uniqueness => {case_sensitive: false}, :if => :should_authenticate?
-      validates :password_digest, :presence => true, :if => :should_authenticate?
-
-      scope :valid_token, lambda { |token| where("token = ? AND token_created_at > ?", token, 24.hours.ago) }
-
-      instance_eval <<-END, __FILE__, __LINE__ + 1
-        # Returns the user with the given <tt>username</tt> if the given password is
-        # correct, and <tt>nil</tt> otherwise.
-        def authenticate(username, plain_text_password)
-          return nil unless username.present?
-          user = where(:username => username).first
-          if user && user.has_matching_password?(plain_text_password)
-            user
-          else
-            nil
-          end
-        end
-
-        def find_by_salt(id, salt) # :nodoc:
-          user = find_by_id id
-          if user && user.has_matching_salt?(salt)
-            user
-          else
-            nil
-          end
-        end
-
-        # [Deprecated] Instantiates a user suitable for user-activation.
-        #
-        # NOTE: use instance method `#randomise_credentials` instead.
-        def new_for_activation(attributes = nil)
-          user = new attributes
-          user.randomise_credentials
-          user
-        end
-      END
-    end
-  end
-
-  module InstanceMethodsOnActivation
-    # Override this in your model if you need to bypass the Quo Vadis validations.
-    def should_authenticate?
-      true
-    end
-
-    # Sets the `username` and `password` to random values.
-    # Use this for a user who should authenticate where they need to activate
-    # themselves first.
-    def randomise_credentials
-      begin
-        self.username = SecureRandom.base64(10)
-      end while self.class.exists?(:username => username)
-      self.password = SecureRandom.base64(10)
-    end
-
-    def password=(plain_text_password) # :nodoc:
-      @password = plain_text_password
-      unless @password.blank?
-        self.password_digest = BCrypt::Password.create plain_text_password
-      end
-    end
-
-    # Generates a unique, timestamped token.
-    def generate_token # :nodoc:
-      begin
-        self.token = url_friendly_token
-      end while self.class.exists?(:token => token)
-      self.token_created_at = Time.now.utc
-    end
-
-    # Generates a unique, timestamped token which can be used in URLs, and
-    # saves the record.  This is part of the forgotten-password workflow.
-    def generate_token! # :nodoc:
-      generate_token
-      save
-    end
-
-    # Clears the user's timestamped token and saves the record.
-    # This is part of the forgotten-password workflow.
-    def clear_token # :nodoc:
-      update_attributes :token => nil, :token_created_at => nil
-    end
-
-    # Returns true if the given <tt>plain_text_password</tt> is the user's
-    # password, and false otherwise.
-    def has_matching_password?(plain_text_password) # :nodoc:
-      BCrypt::Password.new(password_digest) == plain_text_password
-    end
-
-    # Returns true if the given <tt>salt</tt> is the user's salt,
-    # and false otherwise.
-    def has_matching_salt?(salt) # :nodoc:
-      password_salt == salt
-    end
-
-    def password_salt # :nodoc:
-      BCrypt::Password.new(password_digest).salt
-    end
-
-    private
-
-    def url_friendly_token # :nodoc:
-      SecureRandom.base64(10).tr('+/=', 'xyz')
-    end
-  end
-
-end

data/lib/generators/quo_vadis/templates/migration.rb.erb

@@ -1,18 +0,0 @@
-class AddAuthenticationTo<%= model_name.pluralize.camelize %> < ActiveRecord::Migration
-  def self.up
-    add_column :<%= model_name.tableize %>, :username,         :string  # for user identification
-    add_column :<%= model_name.tableize %>, :password_digest,  :string
-
-    add_column :<%= model_name.tableize %>, :email,            :string  # for forgotten-credentials / activation
-    add_column :<%= model_name.tableize %>, :token,            :string  # for forgotten-credentials / activation
-    add_column :<%= model_name.tableize %>, :token_created_at, :string  # for forgotten-credentials / activation
-  end
-
-  def self.down
-    remove_column :<%= model_name.tableize %>, :username
-    remove_column :<%= model_name.tableize %>, :password_digest
-    remove_column :<%= model_name.tableize %>, :email
-    remove_column :<%= model_name.tableize %>, :token
-    remove_column :<%= model_name.tableize %>, :token_created_at
-  end
-end

data/lib/generators/quo_vadis/templates/quo_vadis.rb.erb

@@ -1,96 +0,0 @@
-QuoVadis.configure do |config|
-
-  # The model we want to authenticate.
-  config.model = '<%= model_name.pluralize.classify %>'
-
-
-  #
-  # Sign in
-  #
-
-  # The URL to redirect the user to after s/he signs in.
-  # Use a proc if the URL depends on the user on controller.  E.g.:
-  #
-  # config.signed_in_url = Proc.new do |user, controller|
-  #   user.admin? ? :admin : :root
-  # end
-  #
-  # See also `:override_original_url`.
-  config.signed_in_url = :root
-
-  # Whether the `:signed_in_url` should override the URL the user was trying
-  # to reach when they were made to authenticate.
-  config.override_original_url = false
-
-  # Code to run when the user has signed in.  E.g.:
-  #
-  # config.signed_in_hook = Proc.new do |user, controller|
-  #   user.increment! :sign_in_count  # assuming this attribute exists
-  # end
-  config.signed_in_hook = nil
-
-  # Code to run when someone has tried but failed to sign in.  E.g.:
-  #
-  # config.failed_sign_in_hook = Proc.new do |controller|
-  #   Rails.logger.info "Failed sign in from #{controller.request.remote_ip}"
-  # end
-  config.failed_sign_in_hook = nil
-
-  # How long to remember user across browser sessions.
-  # Set to <tt>nil</tt> to never remember user.
-  config.remember_for = 2.weeks
-
-  # The domain to use for remember-me cookies.
-  config.cookie_domain = :all
-
-  # Code to run to determine whether the sign-in process is blocked to the user.  E.g.:
-  #
-  # config.blocked = Proc.new do |controller|
-  #   # Assuming a SignIn model with scopes for `failed`, `last_day`, `for_ip`.
-  #   SignIn.failed.last_day.for_ip(controller.request.remote_ip) >= 5
-  # end
-  config.blocked = false
-
-
-  #
-  # Sign out
-  #
-
-  # The URL to redirect the user to after s/he signs out.
-  # Use a proc if the URL depends on the controller.  E.g.:
-  #
-  # config.signed_out_url = Proc.new do |controller|
-  #   controller.root_url(:subdomain => nil)
-  # end
-  config.signed_out_url = :root
-
-  # Code to run just before the user has signed out.  E.g.:
-  #
-  # config.signed_out_hook = Proc.new do |user, controller|
-  #   controller.session.reset
-  # end
-  config.signed_out_hook = nil
-
-
-  #
-  # Forgotten-password and activation Mailer
-  #
-
-  # From whom the forgotten-password email should be sent.
-  config.from = 'noreply@example.com'
-
-  # Subject of the forgotten-password email.
-  config.subject_change_password = 'Change your password'
-
-  # Subject of the invitation email.
-  config.subject_invitation = 'Activate your account'
-
-
-  #
-  # Miscellaneous
-  #
-
-  # Layout for the sign-in view.  Pass a string or a symbol.
-  config.layout = 'application'
-
-end

data/test/dummy/.gitignore

@@ -1,2 +0,0 @@
-db/*.sqlite3
-tmp

data/test/dummy/app/helpers/application_helper.rb

@@ -1,2 +0,0 @@
-module ApplicationHelper
-end

data/test/dummy/app/helpers/articles_helper.rb

@@ -1,2 +0,0 @@
-module ArticlesHelper
-end

data/test/dummy/app/views/articles/new.html.erb

@@ -1,11 +0,0 @@
-<h1>New Article</h1>
-
-<%= form_for @article do |f| %>
-  <%= f.label :title %>
-  <%= f.text_field :title %>
-
-  <%= f.label :content %>
-  <%= f.text_area :content %>
-
-  <%= f.submit %>
-<% end %>

data/test/dummy/app/views/layouts/sessions.html.erb

@@ -1,3 +0,0 @@
-<div>Sessions layout</div>
-
-<%= yield %>

data/test/dummy/app/views/quo_vadis/notifier/change_password.text.erb

@@ -1,9 +0,0 @@
-Hello <%= @username %>,
-
-We've received a request to change your password.  If this wasn't you,
-please ignore this email and your password will be left alone.
-
-If you do want to change your password, just click this link (valid for 24 hours):
-<%= @url %>
-
-Thanks!

data/test/dummy/app/views/quo_vadis/notifier/invite.text.erb

@@ -1,8 +0,0 @@
-Hello <%= @user.name %>,
-
-You can activate your account by clicking this link (valid for 24 hours):
-<%= @url %>
-
-<% if instance_variable_defined? :@foo %><%= @foo %><% end %>
-
-Thanks!

data/test/dummy/app/views/sessions/edit.html.erb

@@ -1,11 +0,0 @@
-<h1>Change your password</h1>
-
-<%= form_tag change_password_path(params[:token]), :method => :put do %>
-  <p>
-    <%= label_tag :password %>
-    <%= password_field_tag :password %>
-  </p>
-  <p>
-    <%= submit_tag 'Change my password' %>
-  </p>
-<% end %>