refinerycms-authentication 0.9.9.1

data/db/migrate/20100913234705_create_refinerycms_authentication_schema.rb

@@ -0,0 +1,43 @@
+class CreateRefinerycmsAuthenticationSchema < ActiveRecord::Migration
+  def self.up
+    # Postgres apparently requires the roles_users table to exist before creating the roles table.
+    create_table ::RolesUsers.table_name, :id => false, :force => true do |t|
+      t.integer "user_id"
+      t.integer "role_id"
+    end
+
+    create_table ::Role.table_name, :force => true do |t|
+      t.string "title"
+    end
+
+    create_table ::UserPlugin.table_name, :force => true do |t|
+      t.integer "user_id"
+      t.string  "name"
+      t.integer "position"
+    end
+
+    add_index ::UserPlugin.table_name, ["name"], :name => "index_#{::UserPlugin.table_name}_on_title"
+    add_index ::UserPlugin.table_name, ["user_id", "name"], :name => "index_unique_#{::UserPlugin.table_name}", :unique => true
+
+    create_table ::User.table_name, :force => true do |t|
+      t.string   "login",             :null => false
+      t.string   "email",             :null => false
+      t.string   "crypted_password",  :null => false
+      t.string   "password_salt",     :null => false
+      t.string   "persistence_token"
+      t.datetime "created_at"
+      t.datetime "updated_at"
+      t.string   "perishable_token"
+    end
+
+    add_index ::User.table_name, ["id"], :name => "index_#{::User.table_name}_on_id"
+  end
+
+  def self.down
+    [::User].reject{|m|
+      !(defined?(m) and m.respond_to?(:table_name))
+    }.each do |model|
+      drop_table model.table_name
+    end
+  end
+end

data/db/migrate/20100929035252_add_missing_indexes_to_roles_users.rb

@@ -0,0 +1,11 @@
+class AddMissingIndexesToRolesUsers < ActiveRecord::Migration
+  def self.up
+    add_index ::RolesUsers.table_name, [:role_id, :user_id]
+    add_index ::RolesUsers.table_name, [:user_id, :role_id]
+  end
+
+  def self.down
+    remove_index ::RolesUsers.table_name, :column => [:role_id, :user_id]
+    remove_index ::RolesUsers.table_name, :column => [:user_id, :role_id]
+  end
+end

data/db/migrate/20101206013505_change_to_devise_users_table.rb

@@ -0,0 +1,27 @@
+class ChangeToDeviseUsersTable < ActiveRecord::Migration
+  def self.up
+    add_column ::User.table_name, :current_sign_in_at, :datetime
+    add_column ::User.table_name, :last_sign_in_at, :datetime
+    add_column ::User.table_name, :current_sign_in_ip, :string
+    add_column ::User.table_name, :last_sign_in_ip, :string
+    add_column ::User.table_name, :sign_in_count, :integer
+    add_column ::User.table_name, :remember_token, :string
+    add_column ::User.table_name, :reset_password_token, :string
+
+    rename_column ::User.table_name, :crypted_password, :encrypted_password
+    rename_column ::User.table_name, :login, :username
+  end
+
+  def self.down
+    remove_column ::User.table_name, :current_sign_in_at
+    remove_column ::User.table_name, :last_sign_in_at
+    remove_column ::User.table_name, :current_sign_in_ip
+    remove_column ::User.table_name, :last_sign_in_ip
+    remove_column ::User.table_name, :sign_in_count
+    remove_column ::User.table_name, :remember_token
+    remove_column ::User.table_name, :reset_password_token
+
+    rename_column ::User.table_name, :encrypted_password, :crypted_password
+    rename_column ::User.table_name, :username, :login
+  end
+end

data/db/migrate/20110106184757_add_remember_created_at_to_users.rb

@@ -0,0 +1,9 @@
+class AddRememberCreatedAtToUsers < ActiveRecord::Migration
+  def self.up
+    add_column :users, :remember_created_at, :datetime
+  end
+
+  def self.down
+    remove_column :users, :remember_created_at
+  end
+end

data/features/lost_password.feature

@@ -0,0 +1,49 @@
+@refinerycms @users @users-password
+Feature: Lost Password
+    In order to restore my password
+    As a lost soul
+    I want to reset my password
+
+    Background:
+      Given A Refinery user exists
+
+    @users-password-forgot
+    Scenario: Forgot Password page (no email entered)
+      And I am on the forgot password page
+      When I press "Reset password"
+      Then I should see "You did not enter an email address."
+
+    @users-password-forgot
+    Scenario: Forgot Password page (non existing email entered)
+      Given I am on the forgot password page
+      And I have a user with email "green@cukes.com"
+      When I fill in "user_email" with "none@cukes.com"
+      And I press "Reset password"
+      Then I should see "Sorry, 'none@cukes.com' isn't associated with any accounts."
+      And I should see "Are you sure you typed the correct email address?"
+
+    @users-password-forgot
+    Scenario: Forgot Password page (existing email entered)
+      Given I am on the forgot password page
+      And I have a user with email "green@cukes.com"
+      When I fill in "user_email" with "green@cukes.com"
+      And I press "Reset password"
+      Then I should see "An email has been sent to you with a link to reset your password."
+
+    @users-password-reset
+    Scenario: Reset password page (invalid reset_code)
+      Given I am not requesting password reset
+      When I go to the reset password page
+      Then I should be on the forgot password page
+      And I should see "We're sorry, but this reset code has expired or is invalid."
+      And I should see "If you are having issues try copying and pasting the URL from your email into your browser or restarting the reset password process."
+
+    @users-password-reset
+    Scenario: Reset password page (valid reset_code)
+      Given I am requesting password reset
+      When I go to the reset password page
+      And I fill in "Password" with "cukes"
+      And I fill in "Password confirmation" with "cukes"
+      And I press "Reset password"
+      Then I should be on the admin root
+      And I should see "Password reset successfully for"

data/features/manage_users.feature

@@ -0,0 +1,61 @@
+@refinerycms @users @users-manage
+Feature: Manage Users
+  In order to control who can access my website's backend
+  As an administrator
+  I want to create and manage users
+
+  Background:
+    Given I have no users
+
+  Scenario: When there are no users, you are invited to create a user
+    When I go to the home page
+    Then I should see "There are no users yet, so we'll set you up first."
+
+  @users-add @add
+  Scenario: When there are no users, you can create a user
+    When I go to the home page
+    And I follow "Continue..."
+    And I should see "Fill out your details below so that we can get you started."
+    And I fill in "Username" with "cucumber"
+    And I fill in "Email" with "green@cucumber.com"
+    And I fill in "Password" with "greenandjuicy"
+    And I fill in "Password confirmation" with "greenandjuicy"
+    And I press "Sign up"
+    Then I should see "Welcome to Refinery, cucumber."
+    And I should see "Latest Activity"
+    And I should have 1 user
+
+  @users-list @list
+  Scenario: User List
+    Given I have a user named "steven"
+    And I am a logged in refinery user
+    When I go to the list of users
+    Then I should see "steven"
+
+  @users-add @add
+  Scenario: Create User
+    Given I have a user named "steven"
+    And I am a logged in refinery user
+    When I go to the list of users
+    And I follow "Add new user"
+    And I fill in "Username" with "cucumber"
+    And I fill in "Email" with "green@cucumber.com"
+    And I fill in "Password" with "greenandjuicy"
+    And I fill in "Password confirmation" with "greenandjuicy"
+    And I press "Save"
+    Then I should be on the list of users
+    And I should see "cucumber was successfully added."
+    And I should see "cucumber (green@cucumber.com)"
+
+  @users-edit @edit
+  Scenario: Edit User
+    Given I have a user named "steven"
+    And I am a logged in refinery user
+    When I go to the list of users
+    And I follow "Edit this user"
+    And I fill in "Username" with "cucumber"
+    And I fill in "Email" with "green@cucumber.com"
+    And I press "Save"
+    Then I should be on the list of users
+    And I should see "cucumber was successfully updated."
+    And I should see "cucumber (green@cucumber.com)"

data/features/step_definitions/lost_password.rb

@@ -0,0 +1,8 @@
+Given /^I have a user with email "(.*)"$/ do |email|
+  Factory(:refinery_user, :email => email)
+end
+
+Given /^I am (not )?requesting password reset$/ do |action|
+  @user = Factory(:refinery_user, :updated_at => 11.minutes.ago)
+  @user.send(:generate_reset_password_token!) if action.nil?
+end

data/features/step_definitions/user_steps.rb

@@ -0,0 +1,36 @@
+def login
+  visit new_user_session_path
+  fill_in("user_login", :with => @user.email)
+  fill_in("user_password", :with => 'greenandjuicy')
+  click_button("submit_button")
+end
+
+Given /^I am a logged in refinery user$/ do
+  @user ||= Factory(:refinery_user)
+  login
+end
+
+Given /^I am a logged in customer$/ do
+  @user ||= Factory(:user)
+  login
+end
+
+Given /^A Refinery user exists$/ do
+  @refinery_user ||= Factory(:refinery_user)
+end
+
+Given /^I have a user named "(.*)"$/ do |name|
+  Factory(:user, :username => name)
+end
+
+Given /^I have a R|refinery user named "(.*)"$/ do |name|
+  Factory(:refinery_user, :username => name)
+end
+
+Given /^I have no users$/ do
+  User.delete_all
+end
+
+Then /^I should have ([0-9]+) users?$/ do |count|
+  User.count.should == count.to_i
+end

data/features/support/factories.rb

@@ -0,0 +1,18 @@
+require 'factory_girl'
+
+Factory.define :user do |u|
+  u.sequence(:username) { |n| "person#{n}" }
+  u.sequence(:email) { |n| "person#{n}@cucumber.com" }
+  u.password  "greenandjuicy"
+  u.password_confirmation "greenandjuicy"
+end
+
+Factory.define :refinery_user, :parent => :user do |u|
+  u.roles { [ Role[:refinery] ] }
+
+  u.after_create do |user|
+    Refinery::Plugins.registered.each_with_index do |plugin, index|
+      user.plugins.create(:name => plugin.name, :position => index)
+    end
+  end
+end

data/features/support/paths.rb

@@ -0,0 +1,24 @@
+module NavigationHelpers
+  module Refinery
+    module Authentication
+      def path_to(page_name)
+        case page_name
+
+        when /the list of users/
+          admin_users_path
+
+        when /the login page/
+          new_user_session_path
+
+        when /the forgot password page/
+          new_user_password_path
+
+        when /the reset password page/
+          edit_user_password_path(:reset_password_token => @user.reset_password_token)
+        else
+          nil
+        end
+      end
+    end
+  end
+end

data/lib/authenticated_system.rb

@@ -0,0 +1,29 @@
+module AuthenticatedSystem
+  protected
+    # Store the URI of the current request in the session.
+    #
+    # We can return to this location by calling #redirect_back_or_default.
+    def store_location
+      session[:return_to] = request.fullpath
+    end
+
+    # Redirect to the URI stored by the most recent store_location call or
+    # to the passed default.
+    def redirect_back_or_default(default)
+      redirect_to(session[:return_to] || default)
+      session[:return_to] = nil
+    end
+
+    #def current_user
+      #current_user
+    #end
+
+    def refinery_user?
+      user_signed_in? && current_user.has_role?(:refinery)
+    end
+
+    def self.included(base)
+      base.send :helper_method, :current_user, :current_user_session, :user_signed_in?, :refinery_user? if base.respond_to? :helper_method
+    end
+
+end

data/lib/gemspec.rb

@@ -0,0 +1,34 @@
+require 'pathname'
+gempath = Pathname.new(File.expand_path('../../', __FILE__))
+require gempath.join('..', 'base', 'lib', 'base', 'refinery')
+
+gemspec = <<EOF
+# DO NOT EDIT THIS FILE DIRECTLY! Instead, use lib/gemspec.rb to generate it.
+
+Gem::Specification.new do |s|
+  s.name              = %q{#{gemname = 'refinerycms-authentication'}}
+  s.version           = %q{#{::Refinery.version}}
+  s.summary           = %q{Authentication engine for Refinery CMS}
+  s.description       = %q{The default authentication engine for Refinery CMS}
+  s.date              = %q{#{Time.now.strftime('%Y-%m-%d')}}
+  s.email             = %q{info@refinerycms.com}
+  s.homepage          = %q{http://refinerycms.com}
+  s.rubyforge_project = %q{refinerycms}
+  s.authors           = ['Resolve Digital', 'Philip Arndt', 'David Jones', 'Steven Heidel']
+  s.license           = %q{MIT}
+  s.require_paths     = %w(lib)
+  s.executables       = %w(#{Pathname.glob(gempath.join('bin/*')).map{|d| d.relative_path_from(gempath)}.sort.join(" ")})
+
+  s.add_dependency 'refinerycms-core', '~> #{::Refinery::Version}'
+  s.add_dependency 'devise',           '~> 1.1'
+
+  s.files             = [
+    '#{%w( **/{*,.rspec,.gitignore,.yardopts} ).map { |file| Pathname.glob(gempath.join(file)) }.flatten.reject{|f|
+      !f.exist? or f.to_s =~ /\.gem$/ or (f.directory? and f.children.empty?)
+    }.map{|d| d.relative_path_from(gempath)}.uniq.sort.join("',\n    '")}'
+  ]
+end
+EOF
+
+(gemfile = gempath.join("#{gemname}.gemspec")).open('w') {|f| f.puts(gemspec)}
+puts `cd #{gempath} && gem build #{gemfile}` if ARGV.any?{|a| a == "BUILD=true"}

data/lib/generators/refinerycms_authentication_generator.rb

@@ -0,0 +1,8 @@
+require 'refinery/generators'
+
+class RefinerycmsAuthentication < ::Refinery::Generators::EngineInstaller
+
+  source_root File.expand_path('../../../', __FILE__)
+  engine_name "authentication"
+
+end

data/lib/refinerycms-authentication.rb

@@ -0,0 +1,47 @@
+require 'devise'
+require 'refinerycms-core'
+# Attach authenticated system methods to the ::Refinery::ApplicationController
+require File.expand_path('../authenticated_system', __FILE__)
+[::Refinery::ApplicationController, ::Refinery::ApplicationHelper].each do |c|
+  c.class_eval {
+    include AuthenticatedSystem
+  }
+end
+
+module Refinery
+  module Authentication
+
+    class Engine < ::Rails::Engine
+      config.autoload_paths += %W( #{config.root}/lib )
+
+      config.after_initialize do
+        ::Refinery::Plugin.register do |plugin|
+          plugin.name = "refinery_users"
+          plugin.version = %q{0.9.9}
+          plugin.menu_match = /(refinery|admin)\/users$/
+          plugin.activity = {
+            :class => User,
+            :title => 'login'
+          }
+          plugin.url = {:controller => "/admin/users"}
+        end
+      end
+    end
+
+    class << self
+      attr_accessor :root
+      def root
+        @root ||= Pathname.new(File.expand_path('../../', __FILE__))
+      end
+    end
+  end
+
+  class << self
+    attr_accessor :authentication_login_field
+    def authentication_login_field
+      @authentication_login_field ||= 'login'
+    end
+  end
+end
+
+::Refinery.engines << 'authentication'

data/license.md

@@ -0,0 +1,21 @@
+# MIT License
+ 
+Copyright (c) 2005-2010 [Resolve Digital](http://www.resolvedigital.com)
+ 
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+ 
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+ 
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.