quo_vadis 1.0.4 → 1.0.5

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    quo_vadis (1.0.4)
+    quo_vadis (1.0.5)
       bcrypt-ruby (~> 2.1.4)
       rails (~> 3.0)
 

data/README.md

@@ -11,6 +11,7 @@ Features:
 * Easy to customise.
 * Uses BCrypt to encrypt passwords.
 * Sign in, sign out, forgotten password, authenticate actions, remember user between browser sessions.
+* Block accounts.
 
 Forthcoming features:
 

data/app/controllers/controller_mixin.rb

@@ -10,6 +10,11 @@ module ControllerMixin
 
   private
 
+  # Returns true if the sign-in process is blocked to the user, false otherwise.
+  def blocked?
+    QuoVadis.blocked?(self)
+  end
+
   # Remembers the authenticated <tt>user</tt> (in this session and future sessions).
   #
   # If you want to sign in a <tt>user</tt>, call <tt>QuoVadis::SessionsController#sign_in</tt>

data/app/controllers/quo_vadis/sessions_controller.rb

@@ -8,7 +8,10 @@ class QuoVadis::SessionsController < ApplicationController
 
   # POST sign_in_path
   def create
-    if user = User.authenticate(params[:username], params[:password])
+    if blocked?
+      flash.now[:alert] = t('quo_vadis.flash.sign_in.blocked') unless t('quo_vadis.flash.sign_in.blocked').blank?
+      render 'sessions/new'
+    elsif user = User.authenticate(params[:username], params[:password])
       flash[:notice] = t('quo_vadis.flash.sign_in.after') unless t('quo_vadis.flash.sign_in.after').blank?
       sign_in user
     else

data/config/initializers/quo_vadis.rb

@@ -28,7 +28,7 @@ QuoVadis.configure do |config|
   # Code to run when someone has tried but failed to sign in.  E.g.:
   #
   # config.failed_sign_in_hook = Proc.new do |controller|
-  #   logger.info "Failed sign in from #{controller.request.remote_ip}"
+  #   Rails.logger.info "Failed sign in from #{controller.request.remote_ip}"
   # end
   config.failed_sign_in_hook = nil
 
@@ -36,6 +36,14 @@ QuoVadis.configure do |config|
   # Set to <tt>nil</tt> to never remember user.
   config.remember_for = 2.weeks
 
+  # Code to run to determine whether the sign-in process is blocked to the user.  E.g.:
+  #
+  # config.blocked = Proc.new do |controller|
+  #   # Assuming a SignIn model with scopes for `failed`, `last_day`, `for_ip`.
+  #   SignIn.failed.last_day.for_ip(controller.request.remote_ip) >= 5
+  # end
+  config.blocked = false
+
 
   #
   # Sign out

data/config/locales/quo_vadis.en.yml

@@ -5,6 +5,7 @@ en:
         before: 'Please sign in first.'
         after: 'You have successfully signed in.'
         failed: 'Sorry, we did not recognise you.'
+        blocked: 'Sorry, your account is blocked.'
 
       sign_out: 'You have successfully signed out.'
 

data/lib/quo_vadis/version.rb

@@ -1,3 +1,3 @@
 module QuoVadis
-  VERSION = '1.0.4'
+  VERSION = '1.0.5'
 end

data/lib/quo_vadis.rb

@@ -45,6 +45,15 @@ module QuoVadis
   @@remember_for = 2.weeks
 
 
+  # Whether the sign-in process is blocked to the user.
+  mattr_writer :blocked
+  @@blocked = false
+
+  def self.blocked?(controller) # :nodoc:
+    @@blocked.respond_to?(:call) ? @@blocked.call(controller) : @@blocked
+  end
+
+
   #
   # Sign out
   #

data/test/dummy/config/initializers/quo_vadis.rb

@@ -1,7 +1,7 @@
 QuoVadis.configure do |config|
 
   #
-  # Redirection URLs
+  # Sign in
   #
 
   # The URL to redirect the user to after s/he signs in.
@@ -18,14 +18,6 @@ QuoVadis.configure do |config|
   # to reach when they were made to authenticate.
   config.override_original_url = false
 
-  # The URL to redirect the user to after s/he signs out.
-  config.signed_out_url = :root
-
-
-  #
-  # Hooks
-  #
-
   # Code to run when the user has signed in.  E.g.:
   #
   # config.signed_in_hook = Proc.new do |user, controller|
@@ -36,10 +28,30 @@ QuoVadis.configure do |config|
   # Code to run when someone has tried but failed to sign in.  E.g.:
   #
   # config.failed_sign_in_hook = Proc.new do |controller|
-  #   logger.info "Failed sign in from #{controller.request.remote_ip}"
+  #   Rails.logger.info "Failed sign in from #{controller.request.remote_ip}"
   # end
   config.failed_sign_in_hook = nil
 
+  # How long to remember user across browser sessions.
+  # Set to <tt>nil</tt> to never remember user.
+  config.remember_for = 2.weeks
+
+  # Code to run to determine whether the sign-in process is blocked to the user.  E.g.:
+  #
+  # config.blocked = Proc.new do |controller|
+  #   # Assuming a SignIn model with scopes for `failed`, `last_day`, `for_ip`.
+  #   SignIn.failed.last_day.for_ip(controller.request.remote_ip) >= 5
+  # end
+  config.blocked = false
+
+
+  #
+  # Sign out
+  #
+
+  # The URL to redirect the user to after s/he signs out.
+  config.signed_out_url = :root
+
   # Code to run just before the user has signed out.  E.g.:
   #
   # config.signed_out_hook = Proc.new do |user, controller|
@@ -48,6 +60,17 @@ QuoVadis.configure do |config|
   config.signed_out_hook = nil
 
 
+  #
+  # Forgotten-password Mailer
+  #
+
+  # From whom the forgotten-password email should be sent.
+  config.from = 'noreply@example.com'
+
+  # Subject of the forgotten-password email.
+  config.subject = 'Change your password'
+
+
   #
   # Miscellaneous
   #

data/test/dummy/config/locales/quo_vadis.en.yml

@@ -5,4 +5,13 @@ en:
         before: 'Please sign in first.'
         after: 'You have successfully signed in.'
         failed: 'Sorry, we did not recognise you.'
+        blocked: 'Sorry, your account is blocked.'
+
       sign_out: 'You have successfully signed out.'
+
+      forgotten:
+        unknown: "Sorry, we did not recognise you."
+        no_email: "Sorry, we don't have an email address for you."
+        sent_email: "We've emailed you a link where you can change your password."
+        invalid_token: "Sorry, this link isn't valid anymore."
+        password_changed: "You have successfully changed your password and you're now signed in."

data/test/integration/blocked_test.rb

@@ -0,0 +1,23 @@
+require 'test_helper'
+
+class BlockedTest < ActiveSupport::IntegrationCase
+
+  test 'sign-in process can be blocked' do
+    user_factory 'Bob', 'bob', 'secret'
+    user_factory 'Jim', 'jim', 'secret'
+
+    QuoVadis.blocked = Proc.new do |controller|
+      controller.params[:username] == 'bob'
+    end
+
+    sign_in_as 'bob', 'secret'
+    within '.flash' do
+      assert page.has_content?('Sorry, your account is blocked.')
+    end
+
+    sign_in_as 'jim', 'secret'
+    within '.flash' do
+      assert page.has_content?('You have successfully signed in.')
+    end
+  end
+end

data/test/integration/config_test.rb

@@ -6,11 +6,6 @@ class ConfigTest < ActiveSupport::IntegrationCase
     user_factory 'Bob', 'bob', 'secret'
   end
 
-  teardown do
-    Capybara.reset_sessions!
-    reset_quo_vadis_configuration
-  end
-
   test 'signed_in_url config' do
     sign_in_as 'bob', 'secret'
     assert_equal root_path, current_path
@@ -51,6 +46,20 @@ class ConfigTest < ActiveSupport::IntegrationCase
     assert_equal root_path, current_path
   end
 
+  test 'blocked config' do
+    QuoVadis.blocked = Proc.new do |controller|
+      controller.params[:username] == 'bob'
+    end
+    sign_in_as 'bob', 'secret'
+    within '.flash' do
+      assert page.has_content?('Sorry, your account is blocked.')
+    end
+    sign_in_as 'jim', 'secret'
+    within '.flash' do
+      assert page.has_no_content?('Sorry, your account is blocked.')
+    end
+  end
+
   test 'signed_out_url config' do
     visit sign_out_path
     assert_equal root_path, current_path

data/test/integration/cookie_test.rb

@@ -2,11 +2,6 @@ require 'test_helper'
 
 class CookieTest < ActiveSupport::IntegrationCase
 
-  teardown do
-    Capybara.reset_sessions!
-    reset_quo_vadis_configuration
-  end
-
   test 'authenticated user is remembered between browser sessions' do
     user_factory 'Bob', 'bob', 'secret'
     sign_in_as 'bob', 'secret'

data/test/integration/locale_test.rb

@@ -66,6 +66,27 @@ class LocaleTest < ActiveSupport::IntegrationCase
     end
   end
 
+  test 'sign_in.blocked flash' do
+    QuoVadis.blocked = true
+    user_factory 'Bob', 'bob', 'secret'
+    sign_in_as 'bob', 'secret'
+    within '.flash' do
+      assert page.has_content?('Sorry, your account is blocked.')
+    end
+  end
+
+  test 'sign_in.blocked flash is optional' do
+    begin
+      I18n.backend.store_translations :en, {:quo_vadis => {:flash => {:sign_in => {:blocked => ''}}}}
+      QuoVadis.blocked = true
+      user_factory 'Bob', 'bob', 'secret'
+      sign_in_as 'bob', 'secret'
+      assert page.has_no_css?('div.flash')
+    ensure
+      I18n.reload!
+    end
+  end
+
   test 'sign_out flash is optional' do
     begin
       I18n.backend.store_translations :en, {:quo_vadis => {:flash => {:sign_out => ''}}}

data/test/integration/sign_in_test.rb

@@ -2,10 +2,6 @@ require 'test_helper'
 
 class SignInTest < ActiveSupport::IntegrationCase
 
-  teardown do
-    Capybara.reset_sessions!
-  end
-
   test 'failed sign in' do
     sign_in_as 'bob', 'secret'
 

data/test/support/integration_case.rb

@@ -2,4 +2,10 @@
 class ActiveSupport::IntegrationCase < ActiveSupport::TestCase
   include Capybara
   include Rails.application.routes.url_helpers
-end
+
+  teardown do
+    Capybara.reset_sessions!
+    reset_quo_vadis_configuration
+  end
+
+end

data/test/test_helper.rb

@@ -53,6 +53,7 @@ def reset_quo_vadis_configuration
   QuoVadis.from                  = 'noreply@example.com'
   QuoVadis.subject               = 'Change your password'
   QuoVadis.remember_for          = 2.weeks
+  QuoVadis.blocked               = false
 end
 
 

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: quo_vadis
 version: !ruby/object:Gem::Version 
-  hash: 31
+  hash: 29
   prerelease: false
   segments: 
   - 1
   - 0
-  - 4
-  version: 1.0.4
+  - 5
+  version: 1.0.5
 platform: ruby
 authors: 
 - Andy Stewart
@@ -15,13 +15,12 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2011-02-22 00:00:00 +00:00
+date: 2011-02-23 00:00:00 +00:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
-  name: rails
   prerelease: false
-  requirement: &id001 !ruby/object:Gem::Requirement 
+  version_requirements: &id001 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ~>
@@ -31,12 +30,12 @@ dependencies:
         - 3
         - 0
         version: "3.0"
+  requirement: *id001
+  name: rails
   type: :runtime
-  version_requirements: *id001
 - !ruby/object:Gem::Dependency 
-  name: bcrypt-ruby
   prerelease: false
-  requirement: &id002 !ruby/object:Gem::Requirement 
+  version_requirements: &id002 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ~>
@@ -47,12 +46,12 @@ dependencies:
         - 1
         - 4
         version: 2.1.4
+  requirement: *id002
+  name: bcrypt-ruby
   type: :runtime
-  version_requirements: *id002
 - !ruby/object:Gem::Dependency 
-  name: rails
   prerelease: false
-  requirement: &id003 !ruby/object:Gem::Requirement 
+  version_requirements: &id003 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ">="
@@ -63,12 +62,12 @@ dependencies:
         - 0
         - 4
         version: 3.0.4
+  requirement: *id003
+  name: rails
   type: :development
-  version_requirements: *id003
 - !ruby/object:Gem::Dependency 
-  name: sqlite3-ruby
   prerelease: false
-  requirement: &id004 !ruby/object:Gem::Requirement 
+  version_requirements: &id004 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ">="
@@ -77,12 +76,12 @@ dependencies:
         segments: 
         - 0
         version: "0"
+  requirement: *id004
+  name: sqlite3-ruby
   type: :development
-  version_requirements: *id004
 - !ruby/object:Gem::Dependency 
-  name: capybara
   prerelease: false
-  requirement: &id005 !ruby/object:Gem::Requirement 
+  version_requirements: &id005 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ">="
@@ -93,12 +92,12 @@ dependencies:
         - 4
         - 0
         version: 0.4.0
+  requirement: *id005
+  name: capybara
   type: :development
-  version_requirements: *id005
 - !ruby/object:Gem::Dependency 
-  name: launchy
   prerelease: false
-  requirement: &id006 !ruby/object:Gem::Requirement 
+  version_requirements: &id006 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ">="
@@ -107,8 +106,9 @@ dependencies:
         segments: 
         - 0
         version: "0"
+  requirement: *id006
+  name: launchy
   type: :development
-  version_requirements: *id006
 description: Simple username/password authentication for Rails 3.
 email: 
 - boss@airbladesoftware.com
@@ -193,6 +193,7 @@ files:
 - test/dummy/tmp/capybara/capybara-20110124134214.html
 - test/dummy/tmp/capybara/capybara-20110124135435.html
 - test/integration/authenticate_test.rb
+- test/integration/blocked_test.rb
 - test/integration/config_test.rb
 - test/integration/cookie_test.rb
 - test/integration/csrf_test.rb
@@ -296,6 +297,7 @@ test_files:
 - test/dummy/tmp/capybara/capybara-20110124134214.html
 - test/dummy/tmp/capybara/capybara-20110124135435.html
 - test/integration/authenticate_test.rb
+- test/integration/blocked_test.rb
 - test/integration/config_test.rb
 - test/integration/cookie_test.rb
 - test/integration/csrf_test.rb