rad_users 0.0.1

data/Rakefile

@@ -0,0 +1,24 @@
+require 'rake_ext'
+require 'ruby_ext'
+
+# Paths
+tasks_dir = "#{__FILE__.dirname}/tasks"
+$LOAD_PATH << tasks_dir unless $LOAD_PATH.include? tasks_dir
+
+#
+# Project
+#
+project(
+  name: "users",
+  official_name: 'rad_users',
+  summary: "User Management for RadKit Framework",
+  gem: true,
+
+  author: "Alexey Petrushin",
+  homepage: "http://github.com/alexeypetrushin/rad_users"
+)
+
+#
+# Other
+#
+require 'users/tasks'

data/lib/_http_controller/authenticated.rb

@@ -0,0 +1,142 @@
+module Rad::Controller::Authenticated
+  module RoutingHelper
+    %w(login logout signup).each do |path|
+      define_method "#{path}_path" do |*args|
+        options = parse_routing_arguments *args
+
+        options = {
+          host: rad.users.host,
+          port: rad.users.port,
+          url_root: rad.users.url_root,
+
+          l: I18n.locale,
+          _return_to: (workspace.params[:_return_to] || workspace.request.url)
+        }.merge(options)
+
+        url_for_path "/#{path}", options
+      end
+    end
+
+    def user_path *args
+      options = parse_routing_arguments *args
+
+      options = {
+        # host: rad.users.host,
+        # port: rad.users.port,
+        url_root: rad.users.url_root,
+
+        l: I18n.locale
+      }.merge(options)
+
+      name = options.delete(:id)
+      # options[:url_root] = rad.config.users!.url_root! unless options.include? :url_root
+
+      url_for_path "/profiles/#{name}/show", options
+    end
+  end
+
+  protected
+    rad.extension :prepare_current_user, self do
+      define_method :prepare_current_user do
+        user = login_from_basic_auth || login_from_session || login_from_cookie || login_as_anonymous
+        raise "You probably don't create Anonymous User!" if user.nil?
+        Models::User.current = user
+      end
+    end
+
+
+    #
+    # Authentication Methods
+    #
+    def login_from_basic_auth
+      # TODO3 basic auth
+      # authenticate_with_http_controller_basic do |login, password|
+      #   User.authenticate_by_password login, password unless login.blank? or password.blank?
+      # end
+      # username, password = request.credentials
+      # User.authenticate_by_password username, password unless username.blank? or password.blank?
+    end
+
+    def login_from_cookie
+      token = !request.cookies['auth_token'].blank? && Models::SecureToken.by_token(request.cookies['auth_token'])
+      if token and !token[:user_id].blank?
+        id = BSON::ObjectId.from_string token[:user_id]
+        if user = Models::User.first(_id: id, state: 'active')
+          request.session['user_id'] = user._id.to_s
+          user
+        end
+      end
+    end
+
+    def login_from_session
+      id = request.session['user_id']
+      Models::User.by_id BSON::ObjectId.from_string(id) unless id.blank?
+    end
+
+    def login_as_anonymous
+      request.session['user_id'] = Models::User.anonymous._id.to_s
+      Models::User.anonymous
+    end
+
+    def return_to_path_for_login
+      return_to_path
+    end
+
+    def return_to_path_for_logout
+      return_to_path
+    end
+
+    def set_current_user_with_updating_session user
+      current_user = Models::User.current
+      user.must_not == current_user
+
+      # Clear
+      clear_session!
+      unless current_user.anonymous?
+        Models::SecureToken.delete_all user_id: current_user._id.to_s
+        response.delete_cookie 'auth_token'
+      end
+
+      # Set session and cookie token
+      request.session['user_id'] = user._id.to_s
+      unless user.anonymous?
+        token = Models::SecureToken.new
+        token[:user_id] = user._id.to_s
+        token[:type] = 'cookie_auth'
+        token.expires_at = 2.weeks.from_now
+        token.save!
+
+        response.set_cookie 'auth_token', value: token.token, expires: token.expires_at
+      end
+
+      Models::User.current = user
+    end
+
+
+    #
+    # Special
+    #
+    PRESERVE_SESSION_KEYS = %w{authenticity_token}
+    rad.after :http, bang: false do
+      if rad.http.session
+        session_id = rad.http.session.stringify_keys['key'] || raise("session key not defined!")
+        PRESERVE_SESSION_KEYS << session_id unless PRESERVE_SESSION_KEYS.include? session_id
+      end
+    end
+
+
+    def clear_session!
+      session = request.session
+
+      session['dumb_key'] # hack, need this to initialize session, othervise it's empty
+      to_delete = session.keys.select{|key| !PRESERVE_SESSION_KEYS.include?(key.to_s)}
+      to_delete.each{|key| session.delete key}
+    end
+
+end
+
+Rad::Controller::Http.inherit Rad::Controller::Authenticated
+
+[Rad::Controller::Abstract, Rad::Controller::Context].each do |klass|
+  klass.inherit Rad::Controller::Authenticated::RoutingHelper
+end

data/lib/_models/open_id_authentication.rb

@@ -0,0 +1,19 @@
+module Models::OpenIdAuthentication
+  attr_writer :open_ids
+  def open_ids; @open_ids ||= [] end
+
+  inherited do
+    validates_uniqueness_of :open_ids, allow_blank: true
+  end
+
+  def authenticated_by_open_id? open_id
+    self.open_id == open_id
+  end
+
+  module ClassMethods
+    def authenticate_by_open_id open_id
+      return nil if open_id.blank?
+      Models::User.first state: 'active', open_ids: open_id
+    end
+  end
+end

data/lib/_models/password_authentication.rb

@@ -0,0 +1,88 @@
+module Models::PasswordAuthentication
+  # TODO1 remove this key
+  SITE_KEY = '3eed5a60c1bf8d43de5d0560e9fc2442fe74fdad'
+  DIGEST_STRETCHES = 10
+  PASSWORD_LENGTH = 3..40
+
+  attr_accessor :crypted_password, :salt
+
+  attr_reader :password
+  def password= password
+    @password = password
+    encrypt_password!
+  end
+
+  inherited do
+    validates_confirmation_of :password, if: :validate_password?
+    validates_length_of :password, in: PASSWORD_LENGTH, if: :validate_password?
+  end
+
+  def authenticated_by_password? password
+    return false if crypted_password.blank? or password.blank?
+    self.crypted_password == self.class.encrypt_password(password, salt)
+  end
+
+  def update_password password, password_confirmation, old_password
+    if crypted_password.blank?
+      self.password, self.password_confirmation = password, password_confirmation
+    elsif authenticated_by_password? old_password
+      self.password, self.password_confirmation = password, password_confirmation
+      true
+    else
+      errors.add :base, t(:invalid_old_password)
+      false
+    end
+  end
+
+  protected
+    def encrypt_password!
+      if password.blank?
+        self.crypted_password = ""
+      else
+        self.salt ||= self.class.generate_token
+        self.crypted_password = self.class.encrypt_password password, salt
+      end
+    end
+
+    def validate_password?
+      !password.nil?
+      # crypted_password.blank? or !password.blank?
+    end
+
+  module ClassMethods
+    def authenticate_by_password name, password
+      return nil if name.blank? or password.blank?
+      u = Models::User.first state: 'active', name: name
+      u && u.authenticated_by_password?(password) ? u : nil
+    end
+
+    # def by_secure_token token
+    #   first conditions: {
+    #     secure_token: token,
+    #     secure_token_expires_at: {:$gt => Time.now.utc}
+    #   }
+    # end
+    #
+    # def by_open_id id
+    #   return nil if id.blank?
+    #   first open_ids: id
+    # end
+
+    def encrypt_password password, salt
+      digest = SITE_KEY
+      DIGEST_STRETCHES.times do
+        digest = secure_digest(digest, salt, password, SITE_KEY)
+      end
+      digest
+    end
+
+    def generate_token
+      secure_digest Time.now, (1..10).map{ rand.to_s }
+    end
+
+    protected
+      def secure_digest *args
+        Digest::SHA1.hexdigest(args.flatten.join('--'))
+      end
+  end
+end

data/lib/_open_id_authentication.rb

@@ -0,0 +1,128 @@
+require 'uri'
+require 'openid'
+require 'rack/openid'
+
+module OpenIdAuthentication
+  def self.new(app)
+    store = OpenIdAuthentication.store
+    if store.nil?
+      rad.logger.warn "OpenIdAuthentication.store is nil. Using in-memory store."
+    end
+
+    ::Rack::OpenID.new(app, OpenIdAuthentication.store)
+  end
+
+  def self.store
+    @@store
+  end
+
+  def self.store=(*store_option)
+    store, *parameters = *([ store_option ].flatten)
+
+    @@store = case store
+    when :memory
+      require 'openid/store/memory'
+      OpenID::Store::Memory.new
+    when :file
+      require 'openid/store/filesystem'
+      OpenID::Store::Filesystem.new("#{rad.runtime_path}/tmp/openids")
+    when :memcache
+      require 'memcache'
+      require 'openid/store/memcache'
+      OpenID::Store::Memcache.new(MemCache.new(parameters))
+    else
+      raise "Unknown store!"
+    end
+  end
+
+  # self.store = nil
+
+  class Result
+    ERROR_MESSAGES = {
+      :missing      => "Sorry, the OpenID server couldn't be found",
+      :invalid      => "Sorry, but this does not appear to be a valid OpenID",
+      :canceled     => "OpenID verification was canceled",
+      :failed       => "OpenID verification failed",
+      :setup_needed => "OpenID verification needs setup"
+    }
+
+    def self.[](code)
+      new(code)
+    end
+
+    def initialize(code)
+      @code = code
+    end
+
+    def status
+      @code
+    end
+
+    ERROR_MESSAGES.keys.each { |state| define_method("#{state}?") { @code == state } }
+
+    def successful?
+      @code == :successful
+    end
+
+    def unsuccessful?
+      ERROR_MESSAGES.keys.include?(@code)
+    end
+
+    def message
+      ERROR_MESSAGES[@code]
+    end
+  end
+
+  protected
+    # The parameter name of "openid_identifier" is used rather than
+    # the Rails convention "open_id_identifier" because that's what
+    # the specification dictates in order to get browser auto-complete
+    # working across sites
+    def using_open_id?(identifier = nil) #:doc:
+      identifier ||= open_id_identifier
+      !identifier.blank? || workspace.env[Rack::OpenID::RESPONSE]
+    end
+
+    def authenticate_with_open_id(identifier = nil, options = {}, &block) #:doc:
+      identifier ||= open_id_identifier
+
+      if workspace.env[Rack::OpenID::RESPONSE]
+        complete_open_id_authentication(&block)
+      else
+        begin_open_id_authentication(identifier, options, &block)
+      end
+    end
+
+  private
+    def open_id_identifier
+      params[:openid_identifier] || params[:openid_url]
+    end
+
+    def begin_open_id_authentication(identifier, options = {})
+      options[:identifier] = identifier
+      value = Rack::OpenID.build_header(options)
+      response.headers[Rack::OpenID::AUTHENTICATE_HEADER] = value
+      head :unauthorized
+    end
+
+    def complete_open_id_authentication
+      response   = workspace.env[Rack::OpenID::RESPONSE]
+      identifier = response.display_identifier
+
+      case response.status
+      when OpenID::Consumer::SUCCESS
+        yield Result[:successful], identifier,
+          OpenID::SReg::Response.from_success_response(response)
+      when :missing
+        yield Result[:missing], identifier, nil
+      when :invalid
+        yield Result[:invalid], identifier, nil
+      when OpenID::Consumer::CANCEL
+        yield Result[:canceled], identifier, nil
+      when OpenID::Consumer::FAILURE
+        yield Result[:failed], identifier, nil
+      when OpenID::Consumer::SETUP_NEEDED
+        yield Result[:setup_needed], response.setup_url, nil
+      end
+    end
+end

data/lib/components/user.rb

@@ -0,0 +1,3 @@
+rad.register :user, scope: :cycle do
+  Models::User.new
+end

data/lib/components/users.rb

@@ -0,0 +1,21 @@
+users_dir = "#{__FILE__}/../../.."
+
+rad.register :users, depends_on: :kit do
+  require 'users/_require'
+
+  rad.configure :web, users_dir do |c|
+    # c.config blank: true, override: false
+    c.locales
+    c.asset_paths 'app/static'
+    c.template_paths 'app/views'
+    c.autoload_paths %w(lib app)
+  end
+  Rad::Users.new
+end
+rad.after :users do
+  OpenIdAuthentication.store = rad.users.open_id_store
+
+  rad.configure :web, users_dir do |c|
+    c.routes
+  end
+end

data/lib/components/users.yml

@@ -0,0 +1,5 @@
+open_id_store: :file
+url_root: /users
+email: admin@localhost
+host: localhost
+open_id_store: :file

data/lib/users/_require.rb

@@ -0,0 +1,35 @@
+require 'users/gems'
+
+#
+# Libraries
+#
+%w(
+  open_id_authentication
+  password_authentication
+).each{|f| require "_models/#{f}"}
+
+%w(
+  authenticated
+).each{|f| require "_http_controller/#{f}"}
+
+
+class Rad::Users
+  attr_accessor :open_id_store
+  attr_writer :email, :host, :url_root, :port
+  attr_required :email, :open_id_store
+  def host; @host || rad.http.host end
+  def url_root; @url_root || rad.http.url_root end
+  def port; @port || rad.http.port end
+
+  attr_accessor :avatars_path
+end
+
+
+#
+# Open ID
+#
+require '_open_id_authentication'
+
+rad.http.stack.push(-> builder {
+  builder.use OpenIdAuthentication
+})

data/lib/users/controller_helper.rb

@@ -0,0 +1,29 @@
+module ControllerHelper
+  module ClassMethods
+    #
+    # Navigation
+    #
+    def logo opt = {}, &block
+      before opt do |controller|
+        controller.instance_variable_set "@logo", controller.instance_eval(&block)
+      end
+    end
+
+    def breadcrumb opt = {}, &block
+      before opt do |controller|
+        controller.instance_variable_set "@breadcrumb", controller.instance_eval(&block)
+      end
+    end
+
+    def active_menu opt = {}, &block
+      before opt do |controller|
+        controller.instance_variable_set "@active_menu", controller.instance_eval(&block)
+      end
+    end
+  end
+
+  protected
+    def set_theme
+      @theme = "simplicity"
+    end
+end

data/lib/users/factories.rb

@@ -0,0 +1,48 @@
+require 'factory_girl'
+
+#
+# User
+#
+Factory.define :blank_user, class: 'Models::User' do |u|
+  u.sequence(:name){|i| "user#{i}"}
+end
+
+Factory.define :new_user, class: 'Models::User' do |u|
+  u.sequence(:name){|i| "user#{i}"}
+  u.sequence(:email){|i| "user#{i}@email.com"}
+  u.sequence(:password){|i| "user#{i}"}
+  u.password_confirmation{|_self| _self.password}
+end
+
+Factory.define :user, parent: :new_user do |u|
+  u.state 'active'
+end
+
+Factory.define :open_id_user, class: 'Models::User' do |u|
+  u.sequence(:name){|i| "user#{i}"}
+  u.sequence(:open_ids){|i| ["open_id_#{i}"]}
+  u.state 'active'
+end
+
+Factory.define :anonymous, parent: :new_user do |u|
+  u.name 'anonymous'
+  u.email "anonymous@mail.com"
+  u.password "anonymous_password"
+  u.password_confirmation{|_self| _self.password}
+end
+
+Factory.define :admin, parent: :new_user do |u|
+  u.admin true
+end
+
+Factory.define :member, parent: :new_user do |u|
+  u.roles{%w{member}}
+end
+
+Factory.define :manager, parent: :member do |u|
+  u.roles{%w{manager}}
+end
+
+Factory.define :global_admin, parent: :new_user do |u|
+  u.global_admin true
+end

data/lib/users/gems.rb

@@ -0,0 +1,9 @@
+# core gem dependencies
+gem 'ruby-openid', '2.1.8'
+
+# core gems
+gem 'rack-openid', '1.3.1'
+
+if respond_to? :fake_gem
+  fake_gem 'rad_kit'
+end

data/lib/users/indexes.rb

@@ -0,0 +1,8 @@
+Models::User.collection.instance_eval do
+  create_index [[:open_ids, 1]]
+  create_index [[:name, 1]], unique: true
+  create_index [[:email, 1]], unique: true
+  create_index [[:state, 1]]
+  create_index [[:created_at]]
+  create_index [[:updated_at]]
+end

data/lib/users/spec.rb

@@ -0,0 +1,60 @@
+require 'kit/spec'
+
+
+#
+# Factories
+#
+rad.users
+require 'users/factories'
+
+
+#
+# Routing helpers
+#
+rspec.include Rad::Controller::Authenticated::RoutingHelper
+
+
+#
+# User helpers
+#
+Models::User.class_eval do
+  def self.anonymous
+    @anonymous ||= Factory.build :anonymous
+  end
+end
+
+
+#
+# Authorization stub
+#
+AUTHENTICATION_CONTROLLERS = rad.extension :authentication_controllers do
+  [::Rad::Controller::Authenticated]
+end
+
+AUTHENTICATION_CONTROLLERS.each do |auth|
+  auth.class_eval do
+    alias_method :prepare_current_user_without_test, :prepare_current_user
+    def prepare_current_user_with_test; end
+    alias_method :prepare_current_user, :prepare_current_user_with_test
+  end
+end
+
+rspec do
+  def self.with_auth
+    before :all do
+      AUTHENTICATION_CONTROLLERS.each do |auth|
+        auth.class_eval do
+          alias_method :prepare_current_user, :prepare_current_user_without_test
+        end
+      end
+    end
+
+    after :all do
+      AUTHENTICATION_CONTROLLERS.each do |auth|
+        auth.class_eval do
+          alias_method :prepare_current_user, :prepare_current_user_with_test
+        end
+      end
+    end
+  end
+end

data/lib/users/tasks.rb

@@ -0,0 +1,33 @@
+require 'rad/tasks'
+
+namespace :users do
+  desc "Creates :anonymous and :admin (name: admin, password: admin) users"
+  task initialize: :environment do
+    # Anonymous User
+    Models::User.destroy_all({name: 'anonymous'}, validate: false)
+    Models::User.new.set!(
+      name: 'anonymous',
+      email: "anonymous@mail.com",
+      password: "anonymous_password",
+      password_confirmation: "anonymous_password",
+      state: 'active'
+    ).save! validate: false
+
+    # Admin User
+    Models::User.destroy_all({name: 'admin'}, validate: false)
+    admin = Models::User.new
+    admin.set!(
+      name: 'admin',
+      email: "admin@mail.com",
+      password: 'admin',
+      password_confirmation: 'admin',
+      state: 'active'
+    )
+    if admin.respond_to? :global_admin=
+      admin.global_admin = true
+    else
+      admin.admin = true
+    end
+    admin.save! validate: false
+  end
+end

data/readme.md

@@ -0,0 +1,3 @@
+# User Management module for Rad Kit Framework
+
+Copyright (c) Alexey Petrushin http://petrush.in, released under the MIT license.

data/spec/controllers/identities_spec.rb

@@ -0,0 +1,163 @@
+require 'controllers/spec_helper'
+
+describe "Identities" do
+  with_controllers
+  set_controller Controllers::Identities
+
+  describe "Signup using Mail and Password" do
+    before{login_as Models::User.anonymous}
+
+    it "enter_email_form" do
+      call :enter_email_form
+      response.should be_ok
+    end
+
+    it "enter_email" do
+      pcall :enter_email, token: {email: "some@mail.com"}, l: 'ru', _return_to: 'http://town.com'
+      response.should redirect_to(follow_email_link_identities_path(l: 'ru', _return_to: 'http://town.com'))
+
+      Models::User::EmailVerificationToken.count.should == 1
+      token = Models::User::EmailVerificationToken.first
+
+      token.email.should == "some@mail.com"
+
+      sent_letters.size.should == 1
+      mail = sent_letters.first
+
+      mail.body.should include(finish_email_registration_form_identities_path(token: token.token, l: 'ru', _return_to: 'http://town.com'))
+    end
+
+    it "finish_email_registration_form" do
+      token = Models::User::EmailVerificationToken.create! email: "some@mail.com"
+      call :finish_email_registration_form, token: token.token
+      response.should be_ok
+    end
+
+    it "finish_email_registration" do
+      return_to = 'http://town.com'
+      token = Models::User::EmailVerificationToken.create! email: "some@mail.com"
+      user_attrs = {name: "user1", password: "user1", password_confirmation: "user1"}.stringify_keys
+      pcall :finish_email_registration, token: token.token, user: user_attrs, l: 'ru', _return_to: return_to
+      response.should redirect_to(login_path(_return_to: return_to))
+    end
+  end
+
+  describe "Registered Users should be able to reset Password" do
+    before do
+      @user = Factory.create :user
+    end
+
+    it "forgot_password_form" do
+      login_as Models::User.anonymous
+      call :forgot_password_form
+      response.should be_ok
+    end
+
+    it "forgot_password" do
+      login_as Models::User.anonymous
+      pcall :forgot_password, email: @user.email
+
+      Models::User::ForgotPasswordToken.count.should == 1
+      token = Models::User::ForgotPasswordToken.first
+
+      sent_letters.size.should == 1
+      mail = sent_letters.last
+      mail.body.should include(reset_password_form_identities_path(token: token.token))
+
+      response.should redirect_to(default_path)
+    end
+
+    it "reset_password_form" do
+      token = Models::User::ForgotPasswordToken.create! user: @user
+
+      login_as Models::User.anonymous
+      call :reset_password_form, token: token.token
+      response.should be_ok
+    end
+
+    it "reset_password" do
+      token = Models::User::ForgotPasswordToken.create! user: @user
+
+      login_as Models::User.anonymous
+      pcall :reset_password, user: {password: "new password", password_confirmation: "new password"}.stringify_keys, token: token.token
+      response.should redirect_to(login_path(_return_to: nil))
+
+      @user.reload
+      @user.should be_authenticated_by_password("new password")
+    end
+
+    it "reset_password shouldn't reset password if token is invalid" do
+      token = Models::User::ForgotPasswordToken.create! user: @user
+
+      login_as Models::User.anonymous
+      pcall :reset_password, user: {password: "new password", password_confirmation: "new password"}.stringify_keys, token: 'invalid token'
+      response.should redirect_to(default_path)
+
+      @user.reload
+      @user.should_not be_authenticated_by_password("new password")
+    end
+  end
+
+  describe "Registered Users should be able to change Password" do
+    login_as :user
+
+    it "update_password_form" do
+      call :update_password_form
+    end
+
+    it "update_password" do
+      pcall :update_password, old_password: @user.password, user: {password: "new password", password_confirmation: "new password"}.stringify_keys
+      response.should redirect_to(default_path)
+      @user.should be_authenticated_by_password("new password")
+    end
+
+    it "Should't allow to change Password if Old Password is Invalid" do
+      pcall :update_password, old_password: 'invalid password', user: {password: "new password", password_confirmation: "new password"}.stringify_keys
+      @user.should_not be_authenticated_by_password("new password")
+    end
+  end
+
+  describe "Signup using OpenId" do
+    before do
+      @token = Models::SecureToken.new
+      @token[:open_id] = "some_id"
+      @token.save!
+
+      @return_to = "http://some.com/some".freeze
+      @escaped_return_to = "http%3A%2F%2Fsome.com%2Fsome".freeze
+
+      login_as Models::User.anonymous
+    end
+
+    def form_action_should_include_return_to
+      Nokogiri::XML(response.body).css("form").first[:action].should include(@escaped_return_to)
+    end
+
+    it "finish_open_id_registration_form" do
+      call :finish_open_id_registration_form, token: @token.token, _return_to: @return_to
+      response.should be_ok
+      form_action_should_include_return_to
+    end
+
+    it "finish_open_id_registration" do
+      pcall :finish_open_id_registration, user: {name: 'user1'}.stringify_keys, token: @token.token, _return_to: @return_to
+
+      # cas_token = Models::SecureToken.first type: 'cas'
+      # cas_token.should_not be_nil
+      # response.should redirect_to(@return_to + "?cas_token=#{cas_token.token}")
+
+      response.should redirect_to(@return_to)
+
+      user = Models::User.find_by_name 'user1'
+      user.should be_active
+      user.should_not be_nil
+      Models::User.current.should == user
+    end
+
+    it "should preserve _return_to if invalid form submited (from error)" do
+      pcall :finish_open_id_registration, user: {name: 'invalid name'}.stringify_keys, token: @token.token, _return_to: @return_to
+      response.should be_ok
+      form_action_should_include_return_to
+    end
+  end
+end

data/spec/controllers/profiles_spec.rb

@@ -0,0 +1,7 @@
+require 'controllers/spec_helper'
+
+describe "Profiles" do
+  with_controllers
+  set_controller Controllers::Profiles
+  login_as :admin
+end

data/spec/controllers/sessions_spec.rb

@@ -0,0 +1,154 @@
+require 'controllers/spec_helper'
+
+describe "Authentication" do
+  with_controllers
+  with_auth
+
+  def form_action_should_include_return_to
+    Nokogiri::XML(response.body_as_string).css("form").first[:action].should include(@escaped_return_to)
+  end
+
+  before :all do
+    class SomeDomain < Controllers::UserManagement
+      def all; end
+    end
+  end
+
+  after :all do
+    remove_constants :SomeDomain
+  end
+
+  before do
+    Models::User.current = NotDefined
+    @return_to = "http://some.com/some".freeze
+    @escaped_return_to = "http%3A%2F%2Fsome.com%2Fsome".freeze
+  end
+
+  describe "By defautl should logged in as Anonymous" do
+    it do
+      pcall SomeDomain, :all
+      response.should be_ok
+      Models::User.current.should == Models::User.anonymous
+    end
+  end
+
+  describe "Login by Password" do
+    it "Should display Log In Form" do
+      pcall Controllers::Sessions, :login, _return_to: @return_to
+      response.should be_ok
+      form_action_should_include_return_to
+    end
+
+    it "Registered Users should be able to Log In" do
+      user = Factory.create :user
+      pcall Controllers::Sessions, :login, name: user.name, password: user.password, _return_to: @return_to
+      response.location.start_with?(@return_to).should be_true
+      Models::User.current.should == user
+    end
+
+    it "Users shouldn't be able to login with invalid password" do
+      user = Factory.create :user
+      pcall Controllers::Sessions, :login, name: user.name, password: 'invalid', _return_to: @return_to
+      response.should be_ok
+      form_action_should_include_return_to
+      Models::User.current.should == Models::User.anonymous
+    end
+
+    it "Not activated users should'not be able to login" do
+      user = Factory.create :new_user
+      pcall Controllers::Sessions, :login, name: user.name, password: user.password, _return_to: @return_to
+      response.should be_ok
+      form_action_should_include_return_to
+      Models::User.current.should == Models::User.anonymous
+    end
+  end
+
+  describe "Login by OpenID" do
+    it "if user doesn't exists redirect to registration" do
+      pcall Controllers::Sessions, :login, openid_identifier: "http://some_id.com", _return_to: @return_to
+
+      token = Models::SecureToken.first
+      token.should_not be_nil
+
+      response.should redirect_to(finish_open_id_registration_form_identities_path(token: token.token, _return_to: @return_to))
+    end
+
+    it "if user exists login" do
+      open_id = "http://some_id.com"
+
+      user = Factory.build :user
+      user.open_ids << open_id
+      user.save!
+
+      pcall Controllers::Sessions, :login, openid_identifier: open_id, _return_to: @return_to
+
+      # token = Models::SecureToken.first type: 'cas'
+      # token.should_not be_nil
+      # response.should redirect_to(@return_to + "?cas_token=#{token.token}")
+
+      response.should redirect_to(@return_to)
+
+      Models::User.current.should == user
+    end
+  end
+
+  describe "Log Out" do
+    it "Registered Users should be able to Log Out" do
+      user = Factory.create :user
+      Models::User.current = user
+      call Controllers::Sessions, :logout, _return_to: @return_to
+      response.should redirect_to(@return_to)
+
+      Models::User.current.should == Models::User.anonymous
+    end
+
+    it "Should not loose session variables (from error)" do
+      pcall Controllers::Sessions, :login do |c|
+        request.session[:variable] = true
+        c.call
+        request.session[:variable].should be_true
+      end
+      response.should be_ok
+    end
+  end
+
+  describe "Set Cookie Token" do
+    it "should set remember me token" do
+      user = Factory.create :user
+      pcall Controllers::Sessions, :login, name: user.name, password: user.password do |c|
+        c.call
+
+        Models::SecureToken.count.should == 1
+        token = Models::SecureToken.first
+        token[:user_id].should == user._id.to_s
+
+        response.cookies.should =~ /auth_token=#{token.token}/
+      end
+    end
+  end
+
+  describe "Restore user from Cookie Token" do
+    it "any action in domain controller" do
+      user = Factory.create :user
+
+      token = Models::SecureToken.new
+      token[:user_id] = user._id.to_s
+      token.expires_at = 2.weeks.from_now
+      token.save!
+
+      pcall SomeDomain, :all do |c|
+        request.cookies['auth_token'] = token.token
+        c.call
+      end
+
+      Models::User.current.name.should == user.name
+    end
+  end
+
+  describe "Miscellaneous" do
+    it "should show status" do
+      call Controllers::Sessions, :status
+      response.should be_ok
+    end
+  end
+end

data/spec/controllers/spec_helper.rb

@@ -0,0 +1,13 @@
+require 'spec_helper'
+
+OpenIdAuthentication.class_eval do
+  def authenticate_with_open_id identifier = nil, options = {}, &block
+    openid_identifier = params[:openid_identifier]
+    raise 'invalid usage' if openid_identifier.nil?
+    block.call(
+      {successful: true}.to_openobject,
+      openid_identifier,
+      "some not used parameters"
+    )
+  end
+end

data/spec/models/user_spec.rb

@@ -0,0 +1,80 @@
+require 'spec_helper'
+
+describe "User" do
+  with_models
+
+  it "blank user" do
+    user = Factory.build(:blank_user)
+    user.should_not be_valid
+    user.should be_inactive
+  end
+
+  describe "Authentication by Password" do
+    it "registering user" do
+      user = Factory.build(:new_user)
+      user.crypted_password.should_not be_blank
+      user.should be_valid
+      user.should be_inactive
+      user.should be_authenticated_by_password(user.password)
+    end
+
+    it "authentication" do
+      user = Factory.create :user
+      Models::User.authenticate_by_password(user.name, user.password).should == user
+    end
+
+    it "email uniquiness" do
+      user = Factory.build :user
+      user.email = "some@email.com"
+      user.save.should be_true
+
+      user = Factory.build :user
+      user.email = "some@email.com"
+      user.save.should be_false
+      user.errors[:email].should_not be_blank
+    end
+
+    it "update_password" do
+      user = Factory.create :user
+      user.update_password('new_password', 'new_password', 'invalid').should be_false
+      user.update_password('new_password', 'new_password', user.password).should be_true
+    end
+  end
+
+  describe "Authentication by OpenID" do
+    it "registering user" do
+      user = Factory.build(:blank_user)
+      user.open_ids << "open_id"
+      user.crypted_password.should be_blank
+      user.should be_valid
+      user.should be_inactive
+
+      user.save.should be_true
+      user.reload
+      user.crypted_password.should be_blank
+    end
+
+    it "authentication" do
+      user = Factory.create :open_id_user
+      Models::User.authenticate_by_open_id(user.open_ids.first).should == user
+    end
+
+    # it "open_id uniquiness" do
+    #   user = Factory.build :open_id_user
+    #   user.open_ids = ['some_id']
+    #   user.save.should be_true
+    #
+    #   user = Factory.build :open_id_user
+    #   user.open_ids = ['some_id']
+    #   user.save.should be_false
+    #   user.errors[:open_ids].should_not be_blank
+    # end
+  end
+
+  it "add password to OpenID" do
+    user = Factory.create :open_id_user
+    user.update_password('new_password', 'new_password', '').should be_true
+    user.save.should be_true
+    Models::User.authenticate_by_password(user.name, user.password).should == user
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,9 @@
+require 'rspec_ext'
+
+require 'rad'
+require 'rad/spec'
+
+rad.kit
+
+require 'kit/spec'
+require 'users/spec'

metadata

@@ -0,0 +1,99 @@
+--- !ruby/object:Gem::Specification
+name: rad_users
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+  prerelease: 
+platform: ruby
+authors:
+- Alexey Petrushin
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2011-09-22 00:00:00.000000000Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: ruby-openid
+  requirement: &2833150 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - =
+      - !ruby/object:Gem::Version
+        version: 2.1.8
+  type: :runtime
+  prerelease: false
+  version_requirements: *2833150
+- !ruby/object:Gem::Dependency
+  name: rack-openid
+  requirement: &2832910 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - =
+      - !ruby/object:Gem::Version
+        version: 1.3.1
+  type: :runtime
+  prerelease: false
+  version_requirements: *2832910
+- !ruby/object:Gem::Dependency
+  name: rad_kit
+  requirement: &2832670 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: *2832670
+description: 
+email: 
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- Rakefile
+- readme.md
+- lib/_http_controller/authenticated.rb
+- lib/_models/open_id_authentication.rb
+- lib/_models/password_authentication.rb
+- lib/_open_id_authentication.rb
+- lib/components/user.rb
+- lib/components/users.rb
+- lib/components/users.yml
+- lib/users/_require.rb
+- lib/users/controller_helper.rb
+- lib/users/factories.rb
+- lib/users/gems.rb
+- lib/users/indexes.rb
+- lib/users/spec.rb
+- lib/users/tasks.rb
+- spec/controllers/identities_spec.rb
+- spec/controllers/profiles_spec.rb
+- spec/controllers/sessions_spec.rb
+- spec/controllers/spec_helper.rb
+- spec/models/user_spec.rb
+- spec/spec_helper.rb
+homepage: http://github.com/alexeypetrushin/rad_users
+licenses: []
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 1.8.6
+signing_key: 
+specification_version: 3
+summary: User Management for RadKit Framework
+test_files: []