ramaze 0.3.9.1 → 2008.06

data/lib/ramaze/helper/identity.rb

@@ -4,6 +4,7 @@
 require 'openid'
 require 'openid/store/filesystem'
 require 'openid/extensions/pape'
+require 'openid/extensions/sreg'
 
 module Ramaze
 
@@ -16,79 +17,103 @@ module Ramaze
   # It provides a nice and simple way to provide and control access over the
   # OpenID authentication model.
 
-  module Helper::Identity
+  module Helper
+    module Identity
+      LOOKUP << self
 
-    # Simple form for use or overwriting.
-    # Has to provide the same functionality when overwritten or directly
-    # embedded into a page.
-    def openid_login_form(caption="login")
-      %{
+      # Simple form for use or overwriting.
+      # Has to provide the same functionality when overwritten or directly
+      # embedded into a page.
+      def openid_login_form(caption="login")
+        %{
 <form method="GET" action="#{Rs(:openid_begin)}">
   Identity URL: <input type="text" name="url" />
   <input type="submit" value="#{caption}"/>
 </form>
-      }
-    end
-
-    # We land here from the openid_login_form and if we can find a matching
-    # OpenID server we redirect the user to it, the browser will return to
-    # openid_complete when the authentication is complete.
-    def openid_begin
-      url = request['url']
-      redirect_referrer if url.to_s.empty?
-      session[:openid_entry] = request.referrer
-
-      openid_request = openid_consumer.begin(url)
-
-      papereq = OpenID::PAPE::Request.new
-      papereq.add_policy_uri(OpenID::PAPE::AUTH_PHISHING_RESISTANT)
-      papereq.max_auth_age = 2*60*60
-      openid_request.add_extension(papereq)
-      openid_request.return_to_args['did_pape'] = 'y'
-
-      root         = "http://#{request.http_host}/"
-      return_to    = root[0..-2] + Rs(:openid_complete)
-      immediate = false
-      if openid_request.send_redirect?(root, return_to, immediate)
-        redirect_url = openid_request.redirect_url(root, return_to, immediate)
-        raw_redirect redirect_url
-      else
-        # what the hell is @form_text ?
+        }
       end
 
-    rescue OpenID::OpenIDError => ex
-      flash[:error] = "Discovery failed for #{url}: #{ex}"
-      raw_redirect Rs(:/)
-    end
-
-    # After having authenticated at the OpenID server browsers are redirected
-    # back here and on success we set the session[:openid_identity] and a little
-    # default flash message. Then we redirect to wherever session[:openid_entry]
-    # points us to, which was set on openid_begin to the referrer
-    #
-    # TODO:
-    #   - maybe using StackHelper, but this is a really minimal overlap?
-    def openid_complete
-      openid_response = openid_consumer.complete(request.params, request.request_uri)
-
-      case openid_response.status
-      when OpenID::Consumer::FAILURE
-        flash[:error] = 'OpenID - Verification failed.'
-      when OpenID::Consumer::SUCCESS
-        session[:openid_identity] = openid_response.identity_url
-        flash[:success] = 'OpenID - Verification done.'
+      # We land here from the openid_login_form and if we can find a matching
+      # OpenID server we redirect the user to it, the browser will return to
+      # openid_complete when the authentication is complete.
+      def openid_begin
+        # The OpenID URL pointing to a user's OpenID page,
+        # for example: http://username.myopenid.com)
+        url = request['url']
+        redirect_referrer if url.to_s.empty?
+        session[:openid] ||= {}
+        session[:openid][:entry] = request.referrer
+
+        openid_request = openid_consumer.begin(url)
+
+        # We want these communications to be a secure as the server can
+        # support!
+        papereq = OpenID::PAPE::Request.new
+        papereq.add_policy_uri(OpenID::PAPE::AUTH_PHISHING_RESISTANT)
+        papereq.max_auth_age = 2*60*60
+        openid_request.add_extension(papereq)
+
+        # Request information about the person
+        sregreq = OpenID::SReg::Request.new
+        sregreq.request_fields(['fullname', 'nickname', 'dob', 'email',
+                               'gender', 'postcode', 'country', 'language',
+                               'timezone'])
+        openid_request.add_extension(sregreq)
+        openid_request.return_to_args['did_pape'] = 'y'
+
+        root      = "http://#{request.http_host}/"
+        return_to = request.domain(Rs(:openid_complete)).to_s
+        immediate = false
+
+        if openid_request.send_redirect?(root, return_to, immediate)
+          redirect_url =
+            openid_request.redirect_url(root, return_to, immediate)
+          raw_redirect redirect_url
+        else
+          # what the hell is @form_text ?
+        end
+
+      rescue OpenID::OpenIDError => ex
+        flash[:error] = "Discovery failed for #{url}: #{ex}"
+        raw_redirect Rs(:/)
       end
 
-      session.delete(:_openid_consumer_service)
-
-      raw_redirect session[:openid_entry]
-    end
+      # After having authenticated at the OpenID server browsers are redirected
+      # back here and on success we set the session[:openid][:identity] and a little
+      # default flash message. Then we redirect to wherever session[:openid][:entry]
+      # points us to, which was set on openid_begin to the referrer
+      #
+      # TODO:
+      #   - maybe using StackHelper, but this is a really minimal overlap?
+      def openid_complete
+        openid_response = openid_consumer.complete(request.params, request.url)
+
+        case openid_response.status
+        when OpenID::Consumer::FAILURE
+          flash[:error] = "OpenID - Verification failed: #{openid_response.message}"
+        when OpenID::Consumer::SUCCESS
+          # Backwards compatibility
+          session[:openid][:identity] = openid_response.identity_url
+          session[:openid][:sreg] = OpenID::SReg::Response.from_success_response(openid_response)
+
+          # Forward compatibility :)
+          session[:openid_identity] = openid_response.identity_url
+          session[:openid_sreg] = OpenID::SReg::Response.from_success_response(openid_response)
+
+          flash[:success] = 'OpenID - Verification done.'
+        end
+
+        session.delete(:_openid_consumer_service)
+
+        raw_redirect session[:openid][:entry]
+      end
 
-    private
+      private
 
-    # Fetch/Create a OpenID::Consumer for current session.
-    def openid_consumer
-      OpenID::Consumer.new(session, Ramaze::OpenIDStore)
+      # Fetch/Create a OpenID::Consumer for current session.
+      def openid_consumer
+        OpenID::Consumer.new(session, Ramaze::OpenIDStore)
+      end
     end
   end
 end

data/lib/ramaze/helper/partial.rb

@@ -33,17 +33,23 @@ module Ramaze
     # options:  optional, will be used as request parameters.
 
     def render_partial(url, options = {})
+      # Save any request params that clash with the ones we're about to add in.
       saved = {}
       options.keys.each {|x| saved[x] = Request.current.params[x] }
 
-      Request.current.params.update(options)
+      # Add/overwrite with the specified params. Ensure keys are strings since
+      # request[:foo] converts key to string when performing lookup.
+      options.each do |key, value|
+        Request.current.params[key.to_s] = value
+      end
 
       Controller.handle(url)
     ensure
+      # Always reinstate the original
       options.keys.each {|x| Request.current.params[x] = saved[x] }
     end
 
-    # Render the template file in template_root of the
+    # Render the template file in view_root of the
     # current controller.
 
     def render_template(file, vars = {})
@@ -72,6 +78,9 @@ module Ramaze
       end
 
       binding = options[:instance].scope
+      
+      # For Ruby 1.9/1.8.7
+      binding = binding.binding if binding.respond_to?(:binding)
 
       vars.each do |name, value|
         options[:instance].instance_variable_set("@#{name}", value)

data/lib/ramaze/helper/redirect.rb

@@ -23,9 +23,15 @@ module Ramaze
   module Helper::Redirect
 
     # render to the browser directly, ignoring any templates
-    def respond *args
+    #
+    # Usage:
+    #   respond 'Page not found', 404
+    #   respond render_template('forbidden.erb'), 403
+    #   respond File.open('file.jpg'), 200, 'Content-Type' => 'image/jpeg'
+
+    def respond(*args)
       response.build(*args)
-      throw :respond
+      throw(:respond)
     end
 
     # Usage:
@@ -35,7 +41,7 @@ module Ramaze
     #   redirect 'foo/bar'
     #   redirect 'foo/bar', :status => 301
 
-    def redirect target, opts = {}
+    def redirect(target, opts = {})
       target = target.to_s
 
       unless target =~ %r!^https?://!
@@ -48,6 +54,8 @@ module Ramaze
       raw_redirect(target, opts)
     end
 
+    # Do not perform any mutations on the target like #redirect does.
+    # Suitable if you have to redirect to a different subdomain or host.
     def raw_redirect(target, opts = {})
       target = target.to_s
       header = {'Location' => target}
@@ -59,6 +67,7 @@ module Ramaze
       throw(:redirect, [body, status, header])
     end
 
+    # Are we being redirected?
     def redirected?
       request[:redirected]
     end

data/lib/ramaze/helper/rest.rb

@@ -0,0 +1,43 @@
+module Ramaze
+  module Helper
+    module REST
+      def self.included(klass)
+        klass.class_eval do
+          trait :REST => {
+            'GET' => [], 'PUT' => [],
+            'POST' => [], 'DELETE' => [],
+            :any => [],
+          }
+          extend Indicate
+
+          def self.method_added(name)
+            name = name.to_s
+            active = trait[:REST][:active] ||= :any
+            trait[:REST][active] << name
+          end
+        end
+      end
+
+      module Indicate
+        def on(http_method)
+          hm = http_method.to_s.upcase
+          trait[:REST][hm] = []
+          trait[:REST][:active] = hm
+        end
+
+        (%w[GET PUT POST DELETE] << :any).each do |http_method|
+          define_method("on_#{http_method.downcase}") do |*args|
+            if args.empty?
+              on(http_method)
+            else
+              trait[:REST][http_method] += args.flatten
+            end
+          end
+        end
+      end
+    end
+  end
+end
+
+# POST /foo/bar
+# methods_on_post[/foo/bar]

data/lib/ramaze/helper/sendfile.rb

@@ -10,9 +10,7 @@ module Ramaze
     # it, then throws :respond to finish off the request.
 
     def send_file(file, mime_type = Tool::MIME.type_for(file))
-      response.header["Content-Type"] = mime_type
-      response.body = File.open(file)
-      throw(:respond)
+      respond File.open(file, 'rb'), 200, 'Content-Type' => mime_type
     end
   end
 end

data/lib/ramaze/helper/sequel.rb

@@ -3,6 +3,9 @@
 
 module Ramaze
   module Helper::Sequel
+
+    # Very crude paginator, may contain serious bugs, please fix :)
+    # pass it the result of YourModel.paginate, target is where links point to.
     def paginator(paginated, target)
       page_count = paginated.page_count
       prev_page = paginated.prev_page

data/lib/ramaze/helper/simple_captcha.rb

@@ -0,0 +1,31 @@
+module Ramaze
+  module Helper
+    module SimpleCaptcha
+      def simple_captcha
+        question, answer = generate_captcha
+        session[:CAPTCHA] = {
+          :question => question, :answer => answer.to_s
+        }
+        question
+      end
+
+      def check_captcha(answer)
+        if captcha = session[:CAPTCHA]
+          should = captcha[:answer].to_s
+          should == answer.to_s.strip
+        end
+      end
+
+      def generate_captcha
+        n = [5, 10, 15, 20]
+        ns = Array.new(2){ n.sort_by{rand}.first }.sort
+        op = rand > 0.42 ? [ns[0], :+, ns[1]] : [ns[1], :-, ns[0]]
+
+        question = op.join(' ')
+        answer = op[0].send(op[1], op[2])
+
+        [question, answer]
+      end
+    end
+  end
+end

data/lib/ramaze/helper/stack.rb

@@ -18,8 +18,7 @@ module Ramaze
   #   def login pass
   #     if pass == 'password'
   #       session[:logged_in] = true
-  #       answer if inside_stack?
-  #       redirect '/'
+  #       answer '/'
   #     else
   #       "failed"
   #     end
@@ -43,19 +42,29 @@ module Ramaze
     # redirect to another location and pushing the current location
     # on the session[:STACK]
 
-    def call this
-      (session[:STACK] ||= []) << request.fullpath
+    def push(frame)
+      (session[:STACK] ||= []) << frame
+    end
+
+    def call(this)
+      push request.fullpath
       redirect this
     end
 
     # return to the last location on session[:STACK]
+    # The optional alternative paramter will be used to redirect in case you
+    # are not inside_stack?
+    # If the session has no stack and no alternative is given this won't do
+    # anything
 
-    def answer
+    def answer(alternative = nil)
       if inside_stack?
         stack = session[:STACK]
         target = stack.pop
         session.delete(:STACK) if stack.empty?
         redirect target
+      elsif alternative
+        redirect alternative
       end
     end
 

data/lib/ramaze/helper/user.rb

@@ -1,61 +1,113 @@
 module Ramaze
   module Helper
+
+    # This helper provides a convenience wrapper for handling authentication
+    # and persistence of users.
+    #
+    # Example:
+    #
+    # class MainController < Ramaze::Controller
+    #   def index
+    #     if user?
+    #       A('login', :href => Rs(:login))
+    #     else
+    #       "Hello #{user.name}"
+    #     end
+    #   end
+    #
+    #   def login
+    #     user_login if reuqest.post?
+    #   end
+    # end
+
     module User
-      def self.inherited(klass)
-        klass.trait :user_model => ::User
+      # return existing or instantiate User::Wrapper
+      def user
+        model = ancestral_trait[:user_model] ||= ::User
+        callback = ancestral_trait[:user_callback] ||= nil
+        Thread.current[:user] ||= Wrapper.new(model, callback)
       end
 
-      def user
-        if instance_variable_defined?('@user_helper')
-          @user_helper
-        else
-          @user_helper = Wrapper.new ancestral_trait[:user_model]
-        end
+      # shortcut for user.user_login but default argument are request.params
+
+      def user_login(creds = request.params)
+        user._login(creds)
+      end
+
+      # shortcut for user.user_logout
+
+      def user_logout
+        user._logout
+      end
+
+      def logged_in?
+        user._logged_in?
       end
 
+      # Wrapper for the ever-present "user" in your application.
+      # It wraps around an arbitrary instance and worries about authentication
+      # and storing information about the user in the session.
+      #
+      # In order to not interfere with the wrapped instance/model we start our
+      # methods with an underscore.
+      # Suggestions on improvements as usual welcome.
       class Wrapper
-        thread_accessor :session
-        attr_accessor :user
+        # make it a BlankSlate
+        instance_methods.each do |meth|
+          undef_method(meth) unless meth.to_s =~ /^__.+__$/
+        end
 
-        def initialize(model)
-          raise ArgumentError, "No model defined for Helper::User" unless model
-          @model = model
-          @user = nil
-          login(persist)
+        attr_accessor :_model, :_callback, :_user
+
+        def initialize(model, callback)
+          @_model, @_callback = model, callback
+          @_user = nil
+          _login
         end
 
-        def logged_in?
-          !!@user
+        def _login(creds = _persistence)
+          if @_user = _would_login?(creds)
+            self._persistence = creds
+          end
         end
 
-        def login?(hash)
-          credentials = {}
-          hash.each{|k,v| credentials[k.to_sym] = v.to_s }
-          @model[credentials]
+        # The callback should return an instance of the user, otherwise it
+        # should answer with nil.
+        #
+        # This will not actually login, just check whether the credentials
+        # would result in a user.
+        def _would_login?(creds)
+          if c = @_callback
+            c.call(creds)
+          elsif _model.respond_to?(:authenticate)
+            _model.authenticate(creds)
+          else
+            Log.warn("Helper::User has no callback and model doesn't respond to #authenticate")
+            nil
+          end
         end
 
-        def persist
-          session[:USER] ||= {}
+        def _logout
+          _persistence.clear
+          Thread.current[:user] = nil
         end
 
-        def persist=(hash)
-          session[:USER] = hash
+        def _logged_in?
+          !!_user
         end
 
-        def login(hash = Request.current.params)
-          return if hash.empty?
-          if found = login?(hash)
-            @user = found
-            self.persist = hash
-          end
+        def _persistence=(creds)
+          Current.session[:USER] = creds
         end
 
-        def logout
-          persist.clear
+        def _persistence
+          Current.session[:USER] || {}
         end
 
+        # Refer everything not known
         def method_missing(meth, *args, &block)
-          @user.send(meth, *args, &block)
+          return unless _user
+          _user.send(meth, *args, &block)
         end
       end
     end