refinerycms 0.9.0

data/vendor/plugins/authentication/app/views/users/new.html.erb

@@ -0,0 +1,28 @@
+<%= error_messages_for :user %>
+<p>
+  Fill out the form below with your details so we can get you started.
+</p>
+<% form_for :user, :url => users_path do |f| -%>
+  <div class='field'>
+    <%= f.label :login %>
+    <%= f.text_field :login %>
+  </div>
+  <div class='field'>
+    <%= f.label :email %>
+    <%= f.text_field :email %>
+  </div>
+  <div class='field'>
+    <%= f.label :password %>
+    <%= f.password_field :password %>
+  </div>
+  <div class='field'>
+    <%= f.label :password_confirmation %>
+    <%= f.password_field :password_confirmation %>
+  </div>
+  <% if just_installed? %>
+		<% Refinery::Plugins.registered.titles.each do |plugin| %>
+    	<%= hidden_field_tag 'user[plugins][]', plugin, :id => "plugins_#{plugin.downcase.gsub(" ", "_")}"  %>
+		<% end %>
+  <% end %>
+  <p><%= submit_tag 'Sign up' %></p>
+<% end -%>

data/vendor/plugins/authentication/config/routes.rb

@@ -0,0 +1,10 @@
+ActionController::Routing::Routes.draw do |map|
+  map.resources :users
+  map.resource :session
+  map.namespace(:admin) do |admin|
+    admin.resources :users
+  end
+
+  map.login  '/login', :controller => 'sessions', :action => 'new'
+  map.logout '/logout', :controller => 'sessions', :action => 'destroy'
+end

data/vendor/plugins/authentication/init.rb

@@ -0,0 +1,13 @@
+Refinery::Plugin.register do |plugin|
+  plugin.title = "Users"
+  plugin.description = "Manage users"
+  plugin.version = 1.0
+  plugin.menu_match = /admin\/(users)/
+  plugin.activity = {
+    :class => User, 
+    :url_prefix => "edit_", 
+    :title => "login", 
+    :created_image => "user_add.png", 
+    :updated_image => "user_edit.png"
+  }
+end

data/vendor/plugins/authentication/lib/authenticated_system.rb

@@ -0,0 +1,115 @@
+module AuthenticatedSystem
+  protected
+    # Returns true or false if the user is logged in.
+    # Preloads @current_user with the user model if they're logged in.
+    def logged_in?
+      !!current_user
+    end
+
+    # Accesses the current user from the session. 
+    # Future calls avoid the database because nil is not equal to false.
+    def current_user
+      @current_user ||= (login_from_session || login_from_basic_auth || login_from_cookie) unless @current_user == false
+    end
+
+    # Store the given user id in the session.
+    def current_user=(new_user)
+      session[:user_id] = new_user ? new_user.id : nil
+      @current_user = new_user || false
+    end
+
+    # Check if the user is authorized
+    #
+    # Override this method in your controllers if you want to restrict access
+    # to only a few actions or if you want to check if the user
+    # has the correct rights.
+    #
+    # Example:
+    #
+    #  # only allow nonbobs
+    #  def authorized?
+    #    current_user.login != "bob"
+    #  end
+    def authorized?
+      logged_in?
+    end
+
+    # Filter method to enforce a login requirement.
+    #
+    # To require logins for all actions, use this in your controllers:
+    #
+    #   before_filter :login_required
+    #
+    # To require logins for specific actions, use this in your controllers:
+    #
+    #   before_filter :login_required, :only => [ :edit, :update ]
+    #
+    # To skip this in a subclassed controller:
+    #
+    #   skip_before_filter :login_required
+    #
+    def login_required
+      authorized? || access_denied
+    end
+
+    # Redirect as appropriate when an access request fails.
+    #
+    # The default action is to redirect to the login screen.
+    #
+    # Override this method in your controllers if you want to have special
+    # behavior in case the user is not authorized
+    # to access the requested action.  For example, a popup window might
+    # simply close itself.
+    def access_denied
+      respond_to do |format|
+        format.html do
+          store_location
+          redirect_to new_session_path
+        end
+        format.any do
+          request_http_basic_authentication 'Web Password'
+        end
+      end
+    end
+
+    # Store the URI of the current request in the session.
+    #
+    # We can return to this location by calling #redirect_back_or_default.
+    def store_location
+      session[:return_to] = request.request_uri
+    end
+
+    # Redirect to the URI stored by the most recent store_location call or
+    # to the passed default.
+    def redirect_back_or_default(default)
+      redirect_to(session[:return_to] || default)
+      session[:return_to] = nil
+    end
+
+    # Inclusion hook to make #current_user and #logged_in?
+    # available as ActionView helper methods.
+    def self.included(base)
+      base.send :helper_method, :current_user, :logged_in?
+    end
+
+    # Called from #current_user.  First attempt to login by the user id stored in the session.
+    def login_from_session
+      self.current_user = User.find_by_id(session[:user_id]) if session[:user_id]
+    end
+
+    # Called from #current_user.  Now, attempt to login by basic authentication information.
+    def login_from_basic_auth
+      authenticate_with_http_basic do |username, password|
+        self.current_user = User.authenticate(username, password)
+      end
+    end
+
+    # Called from #current_user.  Finaly, attempt to login by an expiring token in the cookie.
+    def login_from_cookie
+      user = cookies[:auth_token] && User.find_by_remember_token(cookies[:auth_token])
+      if user && user.remember_token?
+        cookies[:auth_token] = { :value => user.remember_token, :expires => user.remember_token_expires_at }
+        self.current_user = user
+      end
+    end
+end

data/vendor/plugins/authentication/lib/authenticated_test_helper.rb

@@ -0,0 +1,10 @@
+module AuthenticatedTestHelper
+  # Sets the current user in the session from the user fixtures.
+  def login_as(user)
+    @request.session[:user_id] = user ? users(user).id : nil
+  end
+
+  def authorize_as(user)
+    @request.env["HTTP_AUTHORIZATION"] = user ? ActionController::HttpAuthentication::Basic.encode_credentials(users(user).login, 'test') : nil
+  end
+end

data/vendor/plugins/authentication/test/fixtures/users.yml

@@ -0,0 +1,19 @@
+quentin:
+  id: 1
+  login: quentin
+  email: quentin@example.com
+  salt: 7e3041ebc2fc05a40c60028e2c4901a81035d3cd
+  crypted_password: 00742970dc9e6319f8019fd54864d3ea740f04b1 # test
+  created_at: <%= 5.days.ago.to_s :db %>
+  activation_code: 8f24789ae988411ccf33ab0c30fe9106fab32e9b 
+  activated_at: <%= 5.days.ago.to_s :db %> 
+  state: active
+aaron:
+  id: 2
+  login: aaron
+  email: aaron@example.com
+  salt: 7e3041ebc2fc05a40c60028e2c4901a81035d3cd
+  crypted_password: 00742970dc9e6319f8019fd54864d3ea740f04b1 # test
+  created_at: <%= 1.days.ago.to_s :db %>
+  activation_code: 8f24789ae988411ccf33ab0c30fe9106fab32e9a 
+  state: pending

data/vendor/plugins/authentication/test/functional/admin/base_controller_test.rb

@@ -0,0 +1,8 @@
+require 'test_helper'
+
+class Admin::BaseControllerTest < ActionController::TestCase
+  # Replace this with your real tests.
+  def test_truth
+    assert true
+  end
+end

data/vendor/plugins/authentication/test/functional/admin/dashboard_controller_test.rb

@@ -0,0 +1,8 @@
+require 'test_helper'
+
+class Admin::DashboardControllerTest < ActionController::TestCase
+  # Replace this with your real tests.
+  def test_truth
+    assert true
+  end
+end

data/vendor/plugins/authentication/test/functional/admin/pages_controller_test.rb

@@ -0,0 +1,8 @@
+require 'test_helper'
+
+class Admin::PagesControllerTest < ActionController::TestCase
+  # Replace this with your real tests.
+  def test_truth
+    assert true
+  end
+end

data/vendor/plugins/authentication/test/functional/sessions_controller_test.rb

@@ -0,0 +1,85 @@
+require File.dirname(__FILE__) + '/../test_helper'
+require 'sessions_controller'
+
+# Re-raise errors caught by the controller.
+class SessionsController; def rescue_action(e) raise e end; end
+
+class SessionsControllerTest < Test::Unit::TestCase
+  # Be sure to include AuthenticatedTestHelper in test/test_helper.rb instead
+  # Then, you can remove it from this and the units test.
+  include AuthenticatedTestHelper
+
+  fixtures :users
+
+  def setup
+    @controller = SessionsController.new
+    @request    = ActionController::TestRequest.new
+    @response   = ActionController::TestResponse.new
+  end
+
+  def test_should_login_and_redirect
+    post :create, :login => 'quentin', :password => 'test'
+    assert session[:user_id]
+    assert_response :redirect
+  end
+
+  def test_should_fail_login_and_not_redirect
+    post :create, :login => 'quentin', :password => 'bad password'
+    assert_nil session[:user_id]
+    assert_response :success
+  end
+
+  def test_should_logout
+    login_as :quentin
+    get :destroy
+    assert_nil session[:user_id]
+    assert_response :redirect
+  end
+
+  def test_should_remember_me
+    post :create, :login => 'quentin', :password => 'test', :remember_me => "1"
+    assert_not_nil @response.cookies["auth_token"]
+  end
+
+  def test_should_not_remember_me
+    post :create, :login => 'quentin', :password => 'test', :remember_me => "0"
+    assert_nil @response.cookies["auth_token"]
+  end
+  
+  def test_should_delete_token_on_logout
+    login_as :quentin
+    get :destroy
+    assert_equal @response.cookies["auth_token"], []
+  end
+
+  def test_should_login_with_cookie
+    users(:quentin).remember_me
+    @request.cookies["auth_token"] = cookie_for(:quentin)
+    get :new
+    assert @controller.send(:logged_in?)
+  end
+
+  def test_should_fail_expired_cookie_login
+    users(:quentin).remember_me
+    users(:quentin).update_attribute :remember_token_expires_at, 5.minutes.ago
+    @request.cookies["auth_token"] = cookie_for(:quentin)
+    get :new
+    assert !@controller.send(:logged_in?)
+  end
+
+  def test_should_fail_cookie_login
+    users(:quentin).remember_me
+    @request.cookies["auth_token"] = auth_token('invalid_auth_token')
+    get :new
+    assert !@controller.send(:logged_in?)
+  end
+
+  protected
+    def auth_token(token)
+      CGI::Cookie.new('name' => 'auth_token', 'value' => token)
+    end
+    
+    def cookie_for(user)
+      auth_token users(user).remember_token
+    end
+end

data/vendor/plugins/authentication/test/functional/users_controller_test.rb

@@ -0,0 +1,99 @@
+require File.dirname(__FILE__) + '/../test_helper'
+require 'users_controller'
+
+# Re-raise errors caught by the controller.
+class UsersController; def rescue_action(e) raise e end; end
+
+class UsersControllerTest < Test::Unit::TestCase
+  # Be sure to include AuthenticatedTestHelper in test/test_helper.rb instead
+  # Then, you can remove it from this and the units test.
+  include AuthenticatedTestHelper
+
+  fixtures :users
+
+  def setup
+    @controller = UsersController.new
+    @request    = ActionController::TestRequest.new
+    @response   = ActionController::TestResponse.new
+  end
+
+  def test_should_allow_signup
+    assert_difference 'User.count' do
+      create_user
+      assert_response :redirect
+    end
+  end
+
+  def test_should_require_login_on_signup
+    assert_no_difference 'User.count' do
+      create_user(:login => nil)
+      assert assigns(:user).errors.on(:login)
+      assert_response :success
+    end
+  end
+
+  def test_should_require_password_on_signup
+    assert_no_difference 'User.count' do
+      create_user(:password => nil)
+      assert assigns(:user).errors.on(:password)
+      assert_response :success
+    end
+  end
+
+  def test_should_require_password_confirmation_on_signup
+    assert_no_difference 'User.count' do
+      create_user(:password_confirmation => nil)
+      assert assigns(:user).errors.on(:password_confirmation)
+      assert_response :success
+    end
+  end
+
+  def test_should_require_email_on_signup
+    assert_no_difference 'User.count' do
+      create_user(:email => nil)
+      assert assigns(:user).errors.on(:email)
+      assert_response :success
+    end
+  end
+  
+  def test_should_sign_up_user_in_pending_state
+    create_user
+    assigns(:user).reload
+    assert assigns(:user).pending?
+  end
+
+  
+  def test_should_sign_up_user_with_activation_code
+    create_user
+    assigns(:user).reload
+    assert_not_nil assigns(:user).activation_code
+  end
+
+  def test_should_activate_user
+    assert_nil User.authenticate('aaron', 'test')
+    get :activate, :activation_code => users(:aaron).activation_code
+    assert_redirected_to '/'
+    assert_not_nil flash[:notice]
+    assert_equal users(:aaron), User.authenticate('aaron', 'test')
+  end
+  
+  def test_should_not_activate_user_without_key
+    get :activate
+    assert_nil flash[:notice]
+  rescue ActionController::RoutingError
+    # in the event your routes deny this, we'll just bow out gracefully.
+  end
+
+  def test_should_not_activate_user_with_blank_key
+    get :activate, :activation_code => ''
+    assert_nil flash[:notice]
+  rescue ActionController::RoutingError
+    # well played, sir
+  end
+
+  protected
+    def create_user(options = {})
+      post :create, :user => { :login => 'quire', :email => 'quire@example.com',
+        :password => 'quire', :password_confirmation => 'quire' }.merge(options)
+    end
+end

data/vendor/plugins/authentication/test/test_helper.rb

@@ -0,0 +1,38 @@
+ENV["RAILS_ENV"] = "test"
+require File.expand_path(File.dirname(__FILE__) + "/../config/environment")
+require 'test_help'
+
+class Test::Unit::TestCase
+  # Transactional fixtures accelerate your tests by wrapping each test method
+  # in a transaction that's rolled back on completion.  This ensures that the
+  # test database remains unchanged so your fixtures don't have to be reloaded
+  # between every test method.  Fewer database queries means faster tests.
+  #
+  # Read Mike Clark's excellent walkthrough at
+  #   http://clarkware.com/cgi/blosxom/2005/10/24#Rails10FastTesting
+  #
+  # Every Active Record database supports transactions except MyISAM tables
+  # in MySQL.  Turn off transactional fixtures in this case; however, if you
+  # don't care one way or the other, switching from MyISAM to InnoDB tables
+  # is recommended.
+  #
+  # The only drawback to using transactional fixtures is when you actually 
+  # need to test transactions.  Since your test is bracketed by a transaction,
+  # any transactions started in your code will be automatically rolled back.
+  self.use_transactional_fixtures = true
+
+  # Instantiated fixtures are slow, but give you @david where otherwise you
+  # would need people(:david).  If you don't want to migrate your existing
+  # test cases which use the @david style and don't mind the speed hit (each
+  # instantiated fixtures translates to a database query per test method),
+  # then set this back to true.
+  self.use_instantiated_fixtures  = false
+
+  # Setup all fixtures in test/fixtures/*.(yml|csv) for all tests in alphabetical order.
+  #
+  # Note: You'll currently still have to declare fixtures explicitly in integration tests
+  # -- they do not yet inherit this setting
+  fixtures :all
+
+  # Add more helper methods to be used by all tests here...
+end