rack_warden 0.0.8 → 0.0.9

checksums.yaml

@@ -1,15 +1,15 @@
 ---
 !binary "U0hBMQ==":
   metadata.gz: !binary |-
-    Zjc4YzFlOTkwNzRhN2EyNjVmZWJjZDZmOGEzZTZjNjY5NmE1YjQ3OA==
+    OGI4OGQxNWNhZTkwNWNlODQ3ZTkwNWFmZTZiODFkM2MwNTMzNWZkZg==
   data.tar.gz: !binary |-
-    NzFlMzJjNmE5ZGM5ZGRhYzVkYmZhNzRmMDFlY2ExODkzMTM0MzhmYQ==
+    YWFiYWY3NmRjNzZmNjJhMzIzM2Y2YjFmY2I5OGVjMmI5OGFmMDQ4Mg==
 SHA512:
   metadata.gz: !binary |-
-    ZmVhMmMyMmI1MTI0NDRmNmEwYzA1YWQ0MTE2YjdiM2M3NGI0OTQwM2VmNDgz
-    ZTY5MGVlOGJlODY4ZjM3ZDBlNWI0YTE0MmQxN2QwN2Y1Y2I2MmI2ZmVmZjc1
-    NzIwNGFiNTM1MzBiZTM0MWI5YWIxY2VkMDYyNmM5ZjFjZjgxYTI=
+    NWVlZDdkMzczOTIwMjYzY2I4NjZiZmExNzlmYWQyZmU5OGJjYTg1YWUyZDA3
+    YzcwNDYzOGZiMzBlNDg2NjQ2ZmI1YTBkNjU3MTc0YTFiM2Y3NTgzZTQyNzNk
+    MjUyMGI2NzVlMTkwOWQ0ODdiZWRhYzVkMTI5ZDFjMWNhMzhjZGE=
   data.tar.gz: !binary |-
-    NzgyMWUwMzcwYWIzYTZkMjJkODdmODY4ZTkzYzlmYTE5OWNkMmY1NTJhOTZk
-    YTEwNTgwMTUwYjhiNDQyMzQwYmEyYTZhMzY2YzA0OTIxYjMzYzk2YjIzMWJl
-    NWM4Y2E4NzcxZmY4ZTgzYjMzNjU5ZmJkN2JlYjA4MjE4ZGYyMzk=
+    YzQ3ZTIzMjMyNWQ4YTRmMmQxMTRiNjMwNDliOTkwN2IyZTVjOGY3MjQ3MGIz
+    ODg0ZTBhMTk3ZmE4MzE3YTNiNzhjN2ExMGJmYTZhNGViZDJhYjNlOGNiZTky
+    MjhhMzE4MWFkMzAyZDUyZGMwZmYwYjQ0ZDQ5Mjk2NmE1ZDA4MWI=

data/README.md

@@ -4,17 +4,17 @@ RackWarden is a rack middleware mini-app that provides user authentication and m
 
 RackWarden uses Sinatra for the mini-app, Warden for authentication, and DataMapper for database connections. It is based on the sinatra-warden-example at https://github.com/sklise/sinatra-warden-example. If you are new to Warden or Sinatra, I highly recommend downloading and experimenting with that example.
 
-My goal in developing this software is to have drop-in authentication containing most of the features you see in user/account management sections of a typical web site. But I don't want to be strapped by this module in any of my projects, so it must be customizable. Or rather, overridable. The basics of this flexibility are already in place, and it will be a central theme throughout. See below for examples on overriding and customizing RackWarden.
+My goal in developing this software is to have drop-in authentication containing most of the features you see in user/account management sections of a typical web site. But I don't want to be strapped by this module in any of my projects, so it must be customizable. Or rather, overridable. The basics of this flexibility are already in place, and it will be a central theme throughout.
 
 Please note that RackWarden is a work-in-progress. The gemspec, the files, the code, and the documentation can and will change over time. Follow on github for the latest fixes, changes, and developments.
 
 ## What Does it Do?
 
-RackWarden acts as a self-sufficient gatekeeper for your ruby web app. Once you enable RackWarden in your rack-based project, all routes/actions in your project will require a login and will redirect browsers to an authentication page. RackWarden provides its own view & layout templates to facilitate user authentication. RackWarden also provides it's own tables to store user data.
+RackWarden is a modular gatekeeper for your ruby web app. Once you enable RackWarden in your rack-based project, all routes/actions in your project will require a login and will redirect browsers to an authentication page. RackWarden provides its own view & layout templates to facilitate user authentication. RackWarden also provides it's own database & table structure to store user data. Views, layouts, databases, and tables are easily customized and/or overridden, however.
 
 Once RackWarden authenticates a user, it gets out of the way, and the user is returned to your application. RackWarden also provides a number of user management tools for common actions like creating, updating, and deleting users.
 
-Most of the RackWarden features can be customized. You can override the views, the database, the actions, and even the authentication logic with your own templates and code. The easiest (and possibly the most dramatic) customization is to provide RackWarden with your own layout template, giving RackWarden the look-and-feel of your own application.
+Most of the RackWarden features can be customized. You can override the views, the database, the actions, and even the authentication logic with your own templates and code. The easiest (and possibly the most dramatic) customization is to provide RackWarden with your own layout template, giving RackWarden the appearane of the application you're integrating it with.
 
 
 ## Installation
@@ -39,7 +39,7 @@ A few simple steps will have your entire app protected.
 ### Sinatra
 
     class MySinatraApp < Sinatra::Base
-      use RackWarden::App
+      use RackWarden
     
       get "/" do
         erb "All routes are now protected"
@@ -50,7 +50,7 @@ A few simple steps will have your entire app protected.
 
 application.rb or environment.rb
 
-    config.middleware.use RackWarden::App
+    config.middleware.use RackWarden
     
     # All routes are now protected
     
@@ -60,19 +60,19 @@ application.rb or environment.rb
 
 RackWarden will look for a configuration file named rack\_warden.yml in your project root or in your project/config/ directory. 
 
-		---
-		database: sqlite3:///usr/local/some_other_database.sqlite3.db
-		layout: :'my_custom_layout.html.erb'
+    ---
+    database: sqlite3:///usr/local/some_other_database.sqlite3.db
+    layout: :'my_custom_layout.html.erb'
 
 
 You an also pass configuration settings to RackWarden through the ```use``` method of your framework. The params hash of ```use``` will be translated directly to RackWarden's settings. In addition to RackWarden's specific configuration options, you can also pass in any standard Sinatra settings.
 
-If you pass a block with the ```use``` method, the block will be evaluated in the context of the RackWarden::App class. Anything you do in that block is just as if you were writing code in the app class itself. While in the block, you also have access to the current instance of RackWarden::App and the current instance of the parent app.
+If you pass a block with the ```use``` method, the block will be evaluated in the context of the RackWarden::App class. Anything you do in that block is just as if you were writing code in the app class itself. While in the block, you also have access to the current instance of RackWarden::App.
 
-    use RackWarden::App do |rack_warden_app_instance, parent_app_instance|
+    use RackWarden::App do |rack_warden_app_instance|
       set :somesetting, 'some_value'
     end
-		
+    
 
 ## Configuration Options
 
@@ -154,15 +154,22 @@ Settings for Google's recaptcha service
 
 ### :log\_path
 
-		File.join(Dir.pwd, 'log', 'rack_warden.log')
+    File.join(Dir.pwd, 'log', 'rack_warden.log')
+    
+### :user\_table\_name
+
+    nil
+    
+### :views
+
+    File.expand_path("../views/", __FILE__)
+
 
 ## Customization
 
 ### Views
 
-To customize RackWarden for your specific project, you can set :views to point to a directory within your project. Then create templates that match the names of RackWarden templates, and they will be picked up and rendered. RackWarden looks for templates at the top level of your views directory as a default. You can change or add to this when you define the middleware in your project.
-
-Update: also looks in views/rack\_warden/ for view templates.
+To customize RackWarden for your specific project, you can set :views to point to a directory within your project. Then create templates that match the names of RackWarden templates, and they will be picked up and rendered. RackWarden looks for templates at the top level of your views directory and in views/rack\_warden (if it exists) as a default. You can change or add to this with the ```:views``` setting.
 
     use RackWarden::App, :views => File.join(Dir.pwd, 'app/views/another_directory')
     
@@ -175,15 +182,20 @@ Just remember that RackWarden is Sinatra, and any templates you pass must use Si
 
 ### Database
 
-As a default, RackWarden will use the database specified in your project. You can also pass a database specification with the ```:database_config``` setting.
-		
-		# As a url
-		database_config: 'sqlite3:///path/to/my/database.sqlite3.db'
-		
-		# As a hash
-		database_config: {adapter: 'sqlite3', database: '/path/to/my/database.sqlite3.db'}
+As a default, RackWarden will use a sqlite3 in-memory database (that starts fresh each time you boot your app). To use the database specified in your project, just pass ```:auto``` to the ```:database_config``` setting. Pass ```:file``` to set up a sqlite3 database in your app's working directory. Or pass your own custom database specification (a url or hash). If you use a database other than sqlite3, you will need to include the respective DataMapper extension gems in your Gemfile or in your manually installed gem list. For MySQL, use dm-mysql-adapter, for Postgres use dm-postgres-adapter. See the DataMapper site for more info on database adapters.
+    
+    # Database specification as a url
+    database_config: 'sqlite3:///path/to/my/database.sqlite3.db'
+    
+    # Database specification as a hash
+    database_config: {adapter: 'sqlite3', database: '/path/to/my/database.sqlite3.db'}
+    
+		# Use a remote MySQL database
+		database_config: {adapter: 'mysql', username: 'will', password: 'mypass',
+			host: 'somehost', database: 'my_database'}
 		
-If your project has no database, or if you pass ```false``` to the ```:database_config``` setting, RackWarden will create its own database in the working directory as 'rack_warden.sqlite3.db'.
+		# Format for database urls
+		#<adapter>://<username>:<password>@<host>:<port>/<database_name>
 
 
 

data/lib/rack_warden.rb

@@ -17,7 +17,10 @@ module RackWarden
   autoload :App, 'rack_warden/app'
   autoload :User, "rack_warden/models"
   autoload :Pref, "rack_warden/models"
+  autoload :Routes, "rack_warden/routes"
   autoload :VERSION, "rack_warden/version"
+  autoload :WardenConfig, "rack_warden/warden"
+  autoload :RackWardenHelpers, "rack_warden/helpers"
   module Frameworks
     autoload :Base, 'rack_warden/frameworks'
     autoload :Sinatra, 'rack_warden/frameworks/sinatra'
@@ -33,18 +36,22 @@ module RackWarden
 	# Utility to get middleware stack. Maybe temporary.
 	def self.middleware_classes(app=nil)                                                                                                                                              
 	  r = [app || Rack::Builder.parse_file(File.join(Dir.pwd, 'config.ru')).first]
-	
 	  while ((next_app = r.last.instance_variable_get(:@app)) != nil)
 	    r << next_app
 	  end
-	
 	  r.map{|e| e.instance_variable_defined?(:@app) ? e.class : e }
 	end
 	#app = Rack::Builder.parse_file('config.ru').first
 	#puts middleware_classes(app).inspect
 	
+	# Shortcut/sugar to app
 	def self.settings
 		App.settings
 	end
+	
+	def self.included(base)
+		puts "RW self.included into BASE #{base}, ID #{base.object_id}"
+		App.new base
+	end
   
 end

data/lib/rack_warden/app.rb

@@ -3,8 +3,6 @@
 
 module RackWarden
   class App < Sinatra::Base
-    enable :sessions
-    register Sinatra::Flash
         
     set :config_files, [ENV['RACK_WARDEN_CONFIG_FILE'], 'rack_warden.yml', 'config/rack_warden.yml'].compact.uniq
     set :layout, :'rw_layout.html'
@@ -21,10 +19,15 @@ module RackWarden
     
     # Load config from file, if any exist.
     Hash.new.tap do |hash|
-      config_files.each {|c| puts File.join(Dir.pwd, c); hash.merge!(YAML.load_file(File.join(Dir.pwd, c))) rescue nil}
+      config_files.each {|c| hash.merge!(YAML.load_file(File.join(Dir.pwd, c))) rescue nil}
       set hash
     end
     
+    
+    
+    enable :sessions
+    register Sinatra::Flash
+    
 		begin
 	    enable :logging
 	    set :log_file, File.new(settings.log_path, 'a+')
@@ -32,27 +35,31 @@ module RackWarden
 	    use Rack::CommonLogger, settings.log_file
 	  rescue
 	  end
+	  
+		include RackWarden::WardenConfig
+		include RackWarden::Routes
+		
+    helpers RackWardenHelpers
+    helpers UniversalHelpers
+  
   
   
     # WBR - This will receive params and a block from the parent "use" statement.
     # This middleware app has been modified to process the parent use-block in
     # the context of the RackWarden class. So you can set settings on RackWarden,
-    # when you call "use RackWarden::App"
+    # when you call "use RackWarden"
     # Example:
     #
-    # use RackWarden::App :layout=>:'my_layout' do |rack_warden_instance, app|
+    # use RackWarden :layout=>:'my_layout' do |rack_warden_instance, app|
   	# 	set :myvar, 'something'
   	#	end
   	#
   	def initialize(parent_app_instance=nil, *args, &block)
-  		#@app = parent_app_instance
-  		super(parent_app_instance, &Proc.new{})
+  		super(parent_app_instance, &Proc.new{}) # Must send empty proc, not original proc, since we're calling original block here.
   	  initialization_args = args.dup
-  		#puts "RW INITIALIZE middleware instance [app, self, args, block]: #{[app, self, args, block]}"
   		puts "RW new instance with parent: #{@app}"
   		# extract options.
   		opts = args.last.is_a?(Hash) ? args.pop : {}
-  		#settings = self.class
   		if app && !settings.initialized
   		  puts "RW initializing settings"
   		  
@@ -64,7 +71,7 @@ module RackWarden
   			settings.set opts if opts.any?
   			
   			# Eval the use-block from the parent app, in context of this app.
-  			settings.instance_exec(self, app, &block) if block_given?
+  			settings.instance_exec(self, &block) if block_given?
   			
   			# Do framework setup.
   			framework_module = Frameworks::Base.select_framework(binding)
@@ -74,13 +81,6 @@ module RackWarden
         
           # Manipulate views
       		new_views = []
-      		#original_views = self.class.original_views
-      		# append parent rails views folder unless opts.has_key?(:views)
-      		#new_views << framework_module.views_path unless opts[:views]==false #opts.has_key?(:views)
-      		# append original_views, if original_views
-      		#new_views << original_views if original_views
-      		#self.class.set(:views => [new_views, Array(self.class.views)].flatten.compact.uniq) if new_views.any?
-      		
       		new_views.unshift settings.original_views
       		new_views.unshift framework_module.views_path unless settings.views==false
       		new_views.unshift settings.views
@@ -90,216 +90,17 @@ module RackWarden
     		end
     		settings.set :initialized, true
   		end
-  		# finally, send parent app to super, but don't send the use-block (thus the empty proc)
-  		#super(app, &Proc.new{})
-  	end
-  	
-  	# For testing interception of request.
-  	# This might be breaking older rails installations
-		# if development?
-		#   def call(env={})  
-		#   	puts "RW instance.app #{app}"
-		#     puts "RW instance.call(env) #{env.to_yaml}"
-		#     super(env)
-		#   end 
-		# end
-	
-    use Warden::Manager do |config|
-      # Tell Warden how to save our User info into a session.
-      # Sessions can only take strings, not Ruby code, we'll store
-      # the User's `id`
-      config.serialize_into_session{|user| user.id }
-      # Now tell Warden how to take what we've stored in the session
-      # and get a User from that information.
-      config.serialize_from_session{|id| User.get(id) }
-
-      config.scope_defaults :default,
-        # "strategies" is an array of named methods with which to
-        # attempt authentication. We have to define this later.
-        :strategies => [:password],
-        # The action is a route to send the user to when
-        # warden.authenticate! returns a false answer. We'll show
-        # this route below.
-        :action => 'auth/unauthenticated'
-      # When a user tries to log in and cannot, this specifies the
-      # app to send the user to.
-      config.failure_app = self
-    end
 
-    Warden::Manager.before_failure do |env,opts|
-      env['REQUEST_METHOD'] = 'POST'
-    end
-
-    Warden::Strategies.add(:password) do
-      def valid?
-        params['user'] && params['user']['username'] && params['user']['password']
-      end
-
-      def authenticate!
-        user = User.first(['username = ? or email = ?', params['user']['username'], params['user']['username']])  #(username: params['user']['username'])
-
-        if user.nil?
-          fail!("The username you entered does not exist.")
-        elsif user.authenticate(params['user']['password'])
-          success!(user)
-        else
-          fail!("Could not log in")
-        end
-      end
-    
-    end
-  
-    # Also bring these into your main app helpers.
-    module RackWardenHelpers
-  	  # WBR - override. This passes block to be rendered to first template that matches.
-  		def find_template(views, name, engine, &block)
-  			# puts "THE VIEWS: #{views}"
-  			# puts "THE NAME: #{name}"
-  			# puts "THE ENGINE: #{engine}"
-  			# puts "THE BLOCK: #{block}"
-  	    Array(views).each { |v| super(v, name, engine, &block) }
-  	  end
-	  
-  		def require_login
-  			warden.authenticate!
-  	  end
-		
-  		def warden
-  	    request.env['warden']
-  		end
-
-  		def current_user
-  	    warden.user
-  		end
-		
-  		def logged_in?
-  	    warden.authenticated?
-  		end
-		
-		
-  	  # TODO: Shouldn't these be in warden block above? But they don't work there for some reason.
-	  
-  	  def valid_user_input?
-  	    params['user'] && params['user']['email'] && params['user']['password']
-  	  end
-	  
-      # def create_user
-      #     
-      #   verify_recaptcha if settings.recaptcha[:secret]
-      #     
-      #   #return unless valid_user_input?
-      #         
-      #         @user = User.new(params['user'])
-      #   @user.save #&& warden.set_user(@user)
-      # end
-		
-   		def verify_recaptcha(skip_redirect=false, ip=request.ip, response=params['g-recaptcha-response'])
-   		  secret = settings.recaptcha[:secret]
-  	 		_recaptcha = ActiveSupport::JSON.decode(open("https://www.google.com/recaptcha/api/siteverify?secret=#{secret}&response=#{response}&remoteip=#{ip}").read)
-  	    puts "RECAPTCHA", _recaptcha
-  	    unless _recaptcha['success']
-  	    	flash(:rwarden)[:error] = "Please confirm you are human"
-  	    	redirect back unless skip_redirect
-  	    	Halt "You appear to be a robot."
-  	    end
-  	  end
-	  
-  	  def default_page
-  	  	erb :'rw_index.html', :layout=>settings.layout
-  	  end
-		
-    end # RackWardenHelpers
-    helpers RackWardenHelpers
-  
-  	if defined? ::RACK_WARDEN_STANDALONE
-  		get '/?' do
-  			default_page
-  		end
-  	end
-	
-    get '/auth/?' do
-      default_page
-    end
-
-    get '/auth/login' do
-      if User.count > 0
-        erb :'rw_login.html', :layout=>settings.layout
-      else
-        flash(:rwarden)[:error] = warden.message || "Please create an admin account"
-        redirect url('/auth/new', false)
-      end
-    end
-
-    post '/auth/login' do
-      warden.authenticate!
-
-      flash(:rwarden)[:success] = warden.message || "Successful login"
-
-      if session[:return_to].nil?
-        redirect url(settings.default_route, false)
-      else
-        redirect session[:return_to]
-      end
-    end
-
-    get '/auth/logout' do
-      warden.raw_session.inspect
-      warden.logout
-      flash(:rwarden)[:success] = 'You have been logged out'
-      redirect url(settings.default_route, false)
-    end
-
-  	get '/auth/new' do
-  	  halt 403 unless settings.allow_public_signup or !(User.count > 0)
-      erb :'rw_new_user.html', :layout=>settings.layout, :locals=>{:recaptcha_sitekey=>settings.recaptcha['sitekey']}
-    end
-
-    post '/auth/create' do
-      verify_recaptcha if settings.recaptcha[:secret]
-      Halt "Could not create account", :layout=>settings.layout unless params[:user]
-      params[:user].delete_if {|k,v| v.nil? || v==''}
-      @user = User.new(params['user'])
-      if @user.save
-        warden.set_user(@user)
-      	flash(:rwarden)[:success] = warden.message || "Account created"
-  	    redirect session[:return_to] || url(settings.default_route, false)
-  	  else
-  	  	flash(:rwarden)[:error] = "#{warden.message} => #{@user.errors.entries.join('. ')}"
-  	  	puts "RW /auth/create #{@user.errors.entries}"
-  	  	redirect back #url('/auth/new', false)
-  	  end
-    end
-
-    post '/auth/unauthenticated' do
-    	# I had to remove the condition, since it was not updating return path when it should have.
-      session[:return_to] = env['warden.options'][:attempted_path] if !request.xhr? && !env['warden.options'][:attempted_path][/login|new|create/]
-      puts "RW attempted path: #{env['warden.options'][:attempted_path]}"
-      puts "RW will return-to #{session[:return_to]}"
-      puts warden
-      # if User.count > 0
-        flash(:rwarden)[:error] = warden.message || "Please login to continue"
-        redirect url('/auth/login', false)
-      # else
-      #   flash(:rwarden)[:error] = warden.message || "Please create an admin account"
-      #   redirect url('/auth/new', false)
-      # end
-    end
-
-    get '/auth/protected' do
-      warden.authenticate!
+  	end # initialize
+  	
+		# Store this app instance in the env.
+		def call(env)  
+			#puts "RW instance.app #{app}"
+		  #puts "RW instance.call(env) #{env.to_yaml}"
+		  env['rack_warden_instance'] = self
+		  super(env)
+		end 
 
-      erb :'rw_protected.html', :layout=>settings.layout
-    end
-    
-    get "/auth/dbinfo" do
-    	warden.authenticate!
-    	erb :'rw_dbinfo.html', :layout=>settings.layout
-    end
-    
-    get '/auth/admin' do
-      warden.authenticate!
-      erb :'rw_admin.html', :layout=>settings.layout
-    end
 
   end # App 
 end # RackWarden

data/lib/rack_warden/frameworks.rb

@@ -39,12 +39,6 @@ module RackWarden
         @rack_warden_app_class = @rack_warden_app_instance.class
         selector && self
       end
-      
-      # # Best guess at framework database settings.
-      # def get_database_config
-      #   ActiveRecord::Base.connection_config rescue nil ||
-      #   DataMapper.repository(:default).adapter[:options] rescue nil
-      # end
 
       ###  End methods extended into framework module  ###
     	

data/lib/rack_warden/frameworks/rails.rb

@@ -15,19 +15,15 @@ module RackWarden
       
       def setup_framework
         #puts "RW setup_framework for rails"
-    		ApplicationController.send(:include, RackWarden::App::RackWardenHelpers)
+    		ActionController::Base.send(:include, RackWarden::UniversalHelpers)
     			      
 	      # Define class method 'require_login' on framework controller.
-    		#parent_app_class.instance_eval do
-    		# Probably more reliable to use this.
-    		ApplicationController.instance_eval do
-    		  def self.require_login(*args)
-    		    before_filter(:require_login, *args) do
-    		      require_login
-    		    end
-    		  end
-    	  end
-    		(ApplicationController.before_filter :require_login, *Array(rack_warden_app_class.require_login).flatten) if rack_warden_app_class.require_login != false
+				ActionController::Base.define_singleton_method :require_login do |conditions_hash={}|
+					before_filter(:require_login, conditions_hash)
+				end
+				
+    		# The way you pass arguments here is fragile. If it's not correct, it will bomb with "undefined method 'before'...".
+    		(ActionController::Base.require_login (rack_warden_app_class.require_login || {})) if rack_warden_app_class.require_login != false
       end
             
     end

data/lib/rack_warden/frameworks/sinatra.rb

@@ -15,18 +15,14 @@ module RackWarden
       
       def setup_framework
         #puts "RW setup_framework for sinatra"
-  			parent_app.helpers(RackWarden::App::RackWardenHelpers)
+  			parent_app.helpers(RackWarden::UniversalHelpers)
   			  			
         # Define class method 'require_login' on framework controller.
-  			parent_app.instance_eval do
-  			  def self.require_login(*args)
-  			  	#puts "RW class #{self}.require_login #{args}"
-  			    before(*args) do
-	  			    #puts "RW instance #{self}.require_login #{request.path_info}"
-  			      require_login
-  			    end
-  			  end
-			  end
+				parent_app.define_singleton_method :require_login do |accept_conditions=/.*/, reject_conditions=false|
+					before(accept_conditions){require_login unless reject_conditions}
+				end
+				
+				# Add require_login to before filter of sinatra app.
   			parent_app.require_login(rack_warden_app_class.require_login) if rack_warden_app_class.require_login != false
     	end
     	

data/lib/rack_warden/helpers.rb

@@ -0,0 +1,96 @@
+module RackWarden
+
+	module UniversalHelpers
+	protected
+		
+		def require_login
+			#puts "RW instance #{self}.require_login with rack_warden: #{rack_warden}, and warden: #{warden}"
+			warden.authenticate!
+	  end
+	
+		def warden
+	    request.env['warden']
+		end
+	
+		def current_user
+	    warden.user
+		end
+	
+		def logged_in?
+	    warden.authenticated?
+		end
+		
+		def authorized?(authenticate_on_fail=false)
+			unless current_user.authorized?(request)
+				if authenticate_on_fail
+					flash(:rwarden)[:error] = ("Please login to continiue")
+					redirect "/auth/login"
+				else
+					flash(:rwarden)[:error] = ("You are not authorized to do that")
+					redirect back
+				end
+			end
+		end
+
+		# Returns the current rack_warden app instance stored in env.
+	  def rack_warden
+	  	#puts "rack_warden method self #{request.env['rack_warden']}"
+	  	request.env['rack_warden_instance']
+	  end
+	
+	end # UniversalHelpers
+
+	# Also bring these into your main app helpers.
+	module RackWardenHelpers
+	  # WBR - override. This passes block to be rendered to first template that matches.
+		def find_template(views, name, engine, &block)
+			# puts "THE VIEWS: #{views}"
+			# puts "THE NAME: #{name}"
+			# puts "THE ENGINE: #{engine}"
+			# puts "THE BLOCK: #{block}"
+	    Array(views).each { |v| super(v, name, engine, &block) }
+	  end
+	
+	
+	  # TODO: Shouldn't these be in warden block above? But they don't work there for some reason.
+	
+	  def valid_user_input?
+	    params['user'] && params['user']['email'] && params['user']['password']
+	  end
+	
+		def verify_recaptcha(skip_redirect=false, ip=request.ip, response=params['g-recaptcha-response'])
+			secret = settings.recaptcha[:secret]
+	 		_recaptcha = ActiveSupport::JSON.decode(open("https://www.google.com/recaptcha/api/siteverify?secret=#{secret}&response=#{response}&remoteip=#{ip}").read)
+	    puts "RECAPTCHA", _recaptcha
+	    unless _recaptcha['success']
+	    	flash(:rwarden)[:error] = "Please confirm you are human"
+	    	redirect back unless skip_redirect
+	    	Halt "You appear to be a robot."
+	    end
+	  end
+	
+	  def default_page
+			nested_erb :'rw_index.html', :'rw_layout_admin.html', settings.layout    #settings.layout
+	  end
+		
+	  def nested_erb(*list)
+	  	template = list.shift
+	  	counter =0
+	  	list.inject(template) do |tmplt, lay|
+	  		#puts "RW LAYOUTS lay: #{lay}, rslt: #{tmplt}"
+	  		erb tmplt, :layout=>lay
+	  	end
+	  end
+	  
+	  def return_to(fallback=settings.default_route)
+	  	redirect session[:return_to] || url(fallback, false)
+	  end
+	  
+	  def account_bar
+	  	return unless current_user
+	  	"<b>#{current_user.username}</b>"
+	  end
+
+	end # RackWardenHelpers
+
+end # RackWarden

data/lib/rack_warden/models/user.rb

@@ -28,8 +28,19 @@ module RackWarden
         false
       end
     end
+    
+	  def authorized?(options)
+	  	(options[:request].is_a?(Rack::Request) && options[:request].script_name[/login|new|create|logout/]) ||
+	  	username[/wbr/i]
+	  end
+	  
+		# def username
+		# 	@username.downcase if @username.is_a?(String)
+		# end
+    
   end
   
+  
   # # Create a test User
   # if User.count == 0
   #   @user = User.create(:username => "admin")

data/lib/rack_warden/routes.rb

@@ -0,0 +1,101 @@
+module RackWarden
+	module Routes
+		def self.included(base)
+			base.instance_eval do
+
+				if defined? ::RACK_WARDEN_STANDALONE
+					get '/?' do
+						default_page
+					end
+				end
+				
+				get '/auth/?' do
+				  default_page
+				end
+				
+				get '/auth/login' do
+				  if User.count > 0
+				    erb :'rw_login.html', :layout=>settings.layout
+				  else
+				    flash(:rwarden)[:error] = warden.message || "Please create an admin account"
+				    redirect url('/auth/new', false)
+				  end
+				end
+				
+				post '/auth/login' do
+				  warden.authenticate!
+				
+				  flash(:rwarden)[:success] = warden.message || "Successful login"
+				
+				  return_to
+				end
+				
+				get '/auth/logout' do
+				  warden.raw_session.inspect
+				  warden.logout
+				  flash(:rwarden)[:success] = 'You have been logged out'
+				  redirect url(settings.default_route, false)
+				end
+				
+				get '/auth/new' do
+				  halt 403 unless settings.allow_public_signup or !(User.count > 0)
+				  erb :'rw_new_user.html', :layout=>settings.layout, :locals=>{:recaptcha_sitekey=>settings.recaptcha['sitekey']}
+				end
+				
+				post '/auth/create' do
+				  verify_recaptcha if settings.recaptcha[:secret]
+				  Halt "Could not create account", :layout=>settings.layout unless params[:user]
+				  params[:user].delete_if {|k,v| v.nil? || v==''}
+				  @user = User.new(params['user'])
+				  if @user.save
+				    warden.set_user(@user)
+				  	flash(:rwarden)[:success] = warden.message || "Account created"
+				    #redirect session[:return_to] || url(settings.default_route, false)
+				    return_to
+				  else
+				  	flash(:rwarden)[:error] = "#{warden.message} => #{@user.errors.entries.join('. ')}"
+				  	puts "RW /auth/create #{@user.errors.entries}"
+				  	redirect back #url('/auth/new', false)
+				  end
+				end
+				
+				post '/auth/unauthenticated' do
+					# I had to remove the condition, since it was not updating return path when it should have.
+				  session[:return_to] = env['warden.options'][:attempted_path] if !request.xhr? && !env['warden.options'][:attempted_path][/login|new|create/]
+				  puts "RW attempted path: #{env['warden.options'][:attempted_path]}"
+				  puts "RW will return-to #{session[:return_to]}"
+				  puts warden
+				  # if User.count > 0
+				    flash(:rwarden)[:error] = warden.message || "Please login to continue"
+				    redirect url('/auth/login', false)
+				  # else
+				  #   flash(:rwarden)[:error] = warden.message || "Please create an admin account"
+				  #   redirect url('/auth/new', false)
+				  # end
+				end
+				
+				get '/auth/protected' do
+				  warden.authenticate!
+				  #authorized?
+				  erb :'rw_protected.html', :layout=>settings.layout
+				  #wrap_with(){erb :'rw_protected.html'}
+				end
+				
+				get "/auth/dbinfo" do
+					warden.authenticate!
+					authorized?
+					#erb :'rw_dbinfo.html', :layout=>settings.layout
+					nested_erb :'rw_dbinfo.html', :'rw_layout_admin.html', settings.layout
+				end
+				
+				get '/auth/admin' do
+				  warden.authenticate!
+				  authorized?
+				  #erb :'rw_admin.html', :layout=>settings.layout
+				  nested_erb :'rw_admin.html', :'rw_layout_admin.html', settings.layout
+				end
+				
+			end
+		end
+	end
+end

data/lib/rack_warden/version.rb

@@ -1,3 +1,3 @@
 module RackWarden
-  VERSION = "0.0.8"
+  VERSION = "0.0.9"
 end

data/lib/rack_warden/views/rw_admin.html.erb

@@ -1,4 +1,6 @@
-<% @section_title = "RackWarden Admin" %>
+<p>
+	<h3>User accounts</h3>
+</p>
 <p>
 	<table>
 		<thead>

data/lib/rack_warden/views/rw_dbinfo.html.erb

@@ -1,5 +1,5 @@
 <p>
-	<h2>RackWarden db info</h2>
+	<h3>Database info</h3>
 </p>
 
 <p>

data/lib/rack_warden/views/rw_index.html.erb

@@ -1,3 +1,3 @@
 <p>
-	<h2>Warden authentication for rack based apps<h2>
+	<h3>Warden authentication for rack based apps<h3>
 </p>

data/lib/rack_warden/views/rw_layout.html.erb

@@ -19,7 +19,6 @@
 			<a href="<%=url('/auth/login', false)%>">Log In</a> |
 			<a href="<%=url('/', false)%>">Home</a> |
 			<a href="<%=url('/auth/protected', false)%>">Test Protected Page</a> |
-			<a href="<%=url('/auth/admin', false)%>">RackWarden Admin</a> |
 			<a href="<%=url('/auth/logout', false)%>">Log Out</a>
 		</p>
 
@@ -36,7 +35,7 @@
     <% end %>
 
 		<div id="content">
-	    <%= yield %>
+	    <%= yield if block_given? %>
 		</div>
   </body>
 </html>

data/lib/rack_warden/views/rw_layout_admin.html.erb

@@ -0,0 +1,16 @@
+<!-- A partial layout for admin. -->
+<%# @section_title = "RackWarden Admin" %>
+<h2>RackWarden Admin</h2>
+<p>
+	<a href="<%=url('/auth/login', false)%>">Log In</a> |
+	<a href="<%=url('/auth', false)%>">Home</a> |
+	<a href="<%=url('/auth/admin', false)%>">User Accounts</a> |
+	<a href="<%=url('/auth/dbinfo', false)%>">Database Info</a> |
+	<a href="<%=url('/auth/logout', false)%>">Log Out</a>
+</p>
+
+<br>
+
+<div id="core-content">
+  <%= yield if block_given? %>
+</div>

data/lib/rack_warden/warden.rb

@@ -0,0 +1,60 @@
+module RackWarden
+	module WardenConfig
+		def self.included(base)
+			puts "RW WardenConfig base: #{base}"
+			base.instance_eval do
+			
+			
+		    use Warden::Manager do |config|
+		      # Tell Warden how to save our User info into a session.
+		      # Sessions can only take strings, not Ruby code, we'll store
+		      # the User's `id`
+		      config.serialize_into_session{|user| user.id }
+		      # Now tell Warden how to take what we've stored in the session
+		      # and get a User from that information.
+		      config.serialize_from_session{|id| User.get(id) }
+		
+		      config.scope_defaults :default,
+		        # "strategies" is an array of named methods with which to
+		        # attempt authentication. We have to define this later.
+		        :strategies => [:password],
+		        # The action is a route to send the user to when
+		        # warden.authenticate! returns a false answer. We'll show
+		        # this route below.
+		        :action => 'auth/unauthenticated'
+		      # When a user tries to log in and cannot, this specifies the
+		      # app to send the user to.
+		      config.failure_app = self
+		    end
+		
+		    Warden::Manager.before_failure do |env,opts|
+		      env['REQUEST_METHOD'] = 'POST'
+		    end
+		
+		    Warden::Strategies.add(:password) do
+		      def valid?
+		        params['user'] && params['user']['username'] && params['user']['password']
+		      end
+		
+		      def authenticate!
+		      	criteria = params['user']['username']  #.to_s.downcase
+		        #user = ( User.first([{:username => '?'}, criteria]) + User.first([{:email => '?'}, criteria]) )
+		        #user = User.first(:conditions => ['username = ? collate NOCASE or email = ? collate NOCASE', criteria, criteria])  #(username: params['user']['username'])
+		        user = User.first(:conditions => ['username = ? or email = ?', criteria, criteria])  #(username: params['user']['username'])
+		
+		        if user.nil?
+		          fail!("The username you entered does not exist")
+		        elsif user.authenticate(params['user']['password'])
+		        	success!(user)
+		        else
+		          fail!("Could not log in")
+		        end
+		      end
+		    end
+		    
+		    
+			end
+    end
+  end
+end
+

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rack_warden
 version: !ruby/object:Gem::Version
-  version: 0.0.8
+  version: 0.0.9
 platform: ruby
 authors:
 - William Richardson
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-01-08 00:00:00.000000000 Z
+date: 2015-01-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -183,16 +183,20 @@ files:
 - lib/rack_warden/frameworks.rb
 - lib/rack_warden/frameworks/rails.rb
 - lib/rack_warden/frameworks/sinatra.rb
+- lib/rack_warden/helpers.rb
 - lib/rack_warden/models.rb
 - lib/rack_warden/models/user.rb
+- lib/rack_warden/routes.rb
 - lib/rack_warden/version.rb
 - lib/rack_warden/views/rw_admin.html.erb
 - lib/rack_warden/views/rw_dbinfo.html.erb
 - lib/rack_warden/views/rw_index.html.erb
 - lib/rack_warden/views/rw_layout.html.erb
+- lib/rack_warden/views/rw_layout_admin.html.erb
 - lib/rack_warden/views/rw_login.html.erb
 - lib/rack_warden/views/rw_new_user.html.erb
 - lib/rack_warden/views/rw_protected.html.erb
+- lib/rack_warden/warden.rb
 - rack_warden.gemspec
 homepage: ''
 licenses: