reflex 0.0.2

data/features/support/rails_root/config/boot.rb

@@ -0,0 +1,110 @@
+# Don't change this file!
+# Configure your app in config/environment.rb and config/environments/*.rb
+
+RAILS_ROOT = "#{File.dirname(__FILE__)}/.." unless defined?(RAILS_ROOT)
+
+module Rails
+  class << self
+    def boot!
+      unless booted?
+        preinitialize
+        pick_boot.run
+      end
+    end
+
+    def booted?
+      defined? Rails::Initializer
+    end
+
+    def pick_boot
+      (vendor_rails? ? VendorBoot : GemBoot).new
+    end
+
+    def vendor_rails?
+      File.exist?("#{RAILS_ROOT}/vendor/rails")
+    end
+
+    def preinitialize
+      load(preinitializer_path) if File.exist?(preinitializer_path)
+    end
+
+    def preinitializer_path
+      "#{RAILS_ROOT}/config/preinitializer.rb"
+    end
+  end
+
+  class Boot
+    def run
+      load_initializer
+      Rails::Initializer.run(:set_load_path)
+    end
+  end
+
+  class VendorBoot < Boot
+    def load_initializer
+      require "#{RAILS_ROOT}/vendor/rails/railties/lib/initializer"
+      Rails::Initializer.run(:install_gem_spec_stubs)
+      Rails::GemDependency.add_frozen_gem_path
+    end
+  end
+
+  class GemBoot < Boot
+    def load_initializer
+      self.class.load_rubygems
+      load_rails_gem
+      require 'initializer'
+    end
+
+    def load_rails_gem
+      if version = self.class.gem_version
+        gem 'rails', version
+      else
+        gem 'rails'
+      end
+    rescue Gem::LoadError => load_error
+      $stderr.puts %(Missing the Rails #{version} gem. Please `gem install -v=#{version} rails`, update your RAILS_GEM_VERSION setting in config/environment.rb for the Rails version you do have installed, or comment out RAILS_GEM_VERSION to use the latest version installed.)
+      exit 1
+    end
+
+    class << self
+      def rubygems_version
+        Gem::RubyGemsVersion rescue nil
+      end
+
+      def gem_version
+        if defined? RAILS_GEM_VERSION
+          RAILS_GEM_VERSION
+        elsif ENV.include?('RAILS_GEM_VERSION')
+          ENV['RAILS_GEM_VERSION']
+        else
+          parse_gem_version(read_environment_rb)
+        end
+      end
+
+      def load_rubygems
+        min_version = '1.3.2'
+        require 'rubygems'
+        unless rubygems_version >= min_version
+          $stderr.puts %Q(Rails requires RubyGems >= #{min_version} (you have #{rubygems_version}). Please `gem update --system` and try again.)
+          exit 1
+        end
+
+      rescue LoadError
+        $stderr.puts %Q(Rails requires RubyGems >= #{min_version}. Please install RubyGems and try again: http://rubygems.rubyforge.org)
+        exit 1
+      end
+
+      def parse_gem_version(text)
+        $1 if text =~ /^[^#]*RAILS_GEM_VERSION\s*=\s*["']([!~<>=]*\s*[\d.]+)["']/
+      end
+
+      private
+        def read_environment_rb
+          File.read("#{RAILS_ROOT}/config/environment.rb")
+        end
+    end
+  end
+end
+
+# All that for this:
+Rails.boot!

data/features/support/rails_root/config/database.yml

@@ -0,0 +1,9 @@
+test:
+  adapter: sqlite3
+  database: db/cucumber.sqlite3
+  timeout: 5000
+
+development:
+  adapter: sqlite3
+  database: db/cucumber.sqlite3
+  timeout: 5000

data/features/support/rails_root/config/environment.rb

@@ -0,0 +1,22 @@
+# Be sure to restart your server when you modify this file
+
+# Specifies gem version of Rails to use when vendor/rails is not present
+RAILS_GEM_VERSION = '2.3.5' unless defined? RAILS_GEM_VERSION
+
+# Bootstrap the Rails environment, frameworks, and default configuration
+require File.join(File.dirname(__FILE__), 'boot')
+
+Rails::Initializer.run do |config|
+  config.gem 'authlogic'
+  config.gem 'cucumber'
+  config.gem 'cucumber-rails',   :lib => false
+  config.gem 'database_cleaner', :lib => false
+  config.gem 'capybara',         :lib => false
+  config.time_zone = 'UTC'
+  config.cache_classes = true
+  config.whiny_nils = true
+  config.action_controller.consider_all_requests_local = true
+  config.action_controller.perform_caching             = false
+  config.action_controller.allow_forgery_protection    = false
+  config.action_mailer.delivery_method = :test
+end

data/features/support/rails_root/config/initializers/backtrace_silencers.rb

@@ -0,0 +1,7 @@
+# Be sure to restart your server when you modify this file.
+
+# You can add backtrace silencers for libraries that you're using but don't wish to see in your backtraces.
+# Rails.backtrace_cleaner.add_silencer { |line| line =~ /my_noisy_library/ }
+
+# You can also remove all the silencers if you're trying do debug a problem that might steem from framework code.
+Rails.backtrace_cleaner.remove_silencers!

data/features/support/rails_root/config/initializers/inflections.rb

@@ -0,0 +1,10 @@
+# Be sure to restart your server when you modify this file.
+
+# Add new inflection rules using the following format 
+# (all these examples are active by default):
+# ActiveSupport::Inflector.inflections do |inflect|
+#   inflect.plural /^(ox)$/i, '\1en'
+#   inflect.singular /^(ox)en/i, '\1'
+#   inflect.irregular 'person', 'people'
+#   inflect.uncountable %w( fish sheep )
+# end

data/features/support/rails_root/config/initializers/mime_types.rb

@@ -0,0 +1,5 @@
+# Be sure to restart your server when you modify this file.
+
+# Add new mime types for use in respond_to blocks:
+# Mime::Type.register "text/richtext", :rtf
+# Mime::Type.register_alias "text/html", :iphone

data/features/support/rails_root/config/initializers/new_rails_defaults.rb

@@ -0,0 +1,21 @@
+# Be sure to restart your server when you modify this file.
+
+# These settings change the behavior of Rails 2 apps and will be defaults
+# for Rails 3. You can remove this initializer when Rails 3 is released.
+
+if defined?(ActiveRecord)
+  # Include Active Record class name as root for JSON serialized output.
+  ActiveRecord::Base.include_root_in_json = true
+
+  # Store the full class name (including module namespace) in STI type column.
+  ActiveRecord::Base.store_full_sti_class = true
+end
+
+ActionController::Routing.generate_best_match = false
+
+# Use ISO 8601 format for JSON serialized times and dates.
+ActiveSupport.use_standard_json_time_format = true
+
+# Don't escape HTML entities in JSON, leave that for the #json_escape helper.
+# if you're including raw json in an HTML page.
+ActiveSupport.escape_html_entities_in_json = false

data/features/support/rails_root/config/initializers/session_store.rb

@@ -0,0 +1,15 @@
+# Be sure to restart your server when you modify this file.
+
+# Your secret key for verifying cookie session data integrity.
+# If you change this key, all old sessions will become invalid!
+# Make sure the secret is at least 30 characters and all random, 
+# no regular words or you'll be exposed to dictionary attacks.
+ActionController::Base.session = {
+  :key         => '_rails_root_session',
+  :secret      => '92b9078469e5a7ab43000eeb320486bf19b96757cf7fe19d01437a742a5e66890defa0d50cdad33895ed5b5d87d7fff9ea44fc8e820e95ba004b350b54a3db5d'
+}
+
+# Use the database for sessions instead of the cookie-based default,
+# which shouldn't be used to store highly confidential information
+# (create the session table with "rake db:sessions:create")
+# ActionController::Base.session_store = :active_record_store

data/features/support/rails_root/config/routes.rb

@@ -0,0 +1,9 @@
+ActionController::Routing::Routes.draw do |map|
+  map.root :controller => :users
+  map.resources :users
+  map.resources :user_sessions
+  map.with_options :controller => :user_sessions do |session|
+    session.login  '/login',  :action => :new
+    session.logout '/logout', :action => :destroy
+  end
+end

data/features/support/rails_root/db/migrate/001_create_users.rb

@@ -0,0 +1,16 @@
+class CreateUsers < ActiveRecord::Migration
+  def self.up
+    create_table :users do |t|
+      t.string :name,              :null => true
+      t.string :login,             :null => true
+      t.string :crypted_password,  :null => true
+      t.string :password_salt,     :null => true
+      t.string :persistence_token, :null => true
+      t.timestamps
+    end
+  end
+
+  def self.down
+    drop_table :users
+  end
+end

data/features/support/rails_root/db/migrate/002_create_reflex_connections.rb

@@ -0,0 +1,17 @@
+class CreateReflexConnections < ActiveRecord::Migration
+  def self.up
+    create_table :reflex_connections do |t|
+      t.string  :provider,          :null => false
+      t.string  :authorizable_type, :null => false
+      t.integer :authorizable_id,   :null => false
+      t.string  :uuid,              :null => false
+      t.timestamps
+    end
+    
+    add_index :reflex_connections, [:authorizable_type, :authorizable_id]
+  end
+  
+  def self.down
+    drop_table :reflex_connections
+  end
+end

data/features/support/rails_root/db/schema.rb

@@ -0,0 +1,35 @@
+# This file is auto-generated from the current state of the database. Instead of editing this file, 
+# please use the migrations feature of Active Record to incrementally modify your database, and
+# then regenerate this schema definition.
+#
+# Note that this schema.rb definition is the authoritative source for your database schema. If you need
+# to create the application database on another system, you should be using db:schema:load, not running
+# all the migrations from scratch. The latter is a flawed and unsustainable approach (the more migrations
+# you'll amass, the slower it'll run and the greater likelihood for issues).
+#
+# It's strongly recommended to check this file into your version control system.
+
+ActiveRecord::Schema.define(:version => 2) do
+
+  create_table "reflex_connections", :force => true do |t|
+    t.string   "provider",          :null => false
+    t.string   "authorizable_type", :null => false
+    t.integer  "authorizable_id",   :null => false
+    t.string   "uuid",              :null => false
+    t.datetime "created_at",        :null => false
+    t.datetime "updated_at",        :null => false
+  end
+
+  add_index "reflex_connections", ["authorizable_type", "authorizable_id"], :name => "index_reflex_connections_on_authorizable_type_and_authorizable_id", :unique => true
+
+  create_table "users", :force => true do |t|
+    t.string   "name",              :null => false
+    t.string   "login",             :null => true
+    t.string   "crypted_password",  :null => true
+    t.string   "password_salt",     :null => true
+    t.string   "persistence_token", :null => false
+    t.datetime "created_at",        :null => false
+    t.datetime "updated_at",        :null => false
+  end
+
+end

data/features/support/rails_root/vendor/plugins/reflex/rails/init.rb

@@ -0,0 +1 @@
+require File.join(Rails.root, '..', '..', '..', '..', 'reflex/rails/init')

data/features/traditional_registration_and_authentication.feature

@@ -0,0 +1,39 @@
+Feature: Traditional registration
+  In order to allow visitors without an account on one of our providers to create a profile
+  As a visitor
+  I want to register and login
+  
+  Scenario: Registration
+    Given I am on the homepage
+    And I follow "Register"
+    
+    When I fill in "Login" with "barney"
+    And I fill in "Name" with "Barney Stinson" 
+    And I fill in "Password" with "awesome"
+    And I fill in "user_password_confirmation" with "awesome"
+    And I press "Save"
+    
+    Then I should be on the users page
+    And I should see "Barney Stinson"
+  
+  Scenario: Logging in
+    Given a registered user exists with login: "barney", password: "awesome"
+    And I am on the homepage
+    
+    When I follow "Login"
+    And I fill in "Login" with "barney"
+    And I fill in "Password" with "awesome"
+    And I press "Login"
+    
+    Then I should be on the user page for "barney"
+    And I should be logged in
+  
+  Scenario: Logging Out
+    Given a registered user exists with login: "barney", password: "awesome"
+    And I am logged in as "barney" with password "awesome"
+    And I am on the homepage
+    
+    When I follow "Logout"
+    Then I should be on the homepage
+    And I should be logged out
+  

data/init.rb

@@ -0,0 +1,5 @@
+$LOAD_PATH.unshift(File.dirname(__FILE__))
+
+require 'lib/reflex'
+
+$LOAD_PATH.shift

data/lib/reflex/authlogic/account.rb

@@ -0,0 +1,55 @@
+module Reflex
+  module Authlogic
+    module Account
+      def self.included(base)
+        base.send(:extend, ClassMethods)
+        base.send(:include, InstanceMethods)
+        
+        base.send(:has_many, :reflex_connections, :as => :authorizable, :autosave => true,
+                             :class_name => 'Reflex::Authlogic::Connection')
+        
+        # Overwrite authlogic validation options so they are skipped when saving a react account:
+        [:validates_uniqueness_of_login_field_options,
+         :validates_length_of_password_field_options,
+         :validates_confirmation_of_password_field_options,
+         :validates_length_of_password_confirmation_field_options,
+         :validates_length_of_login_field_options,
+         :validates_format_of_login_field_options].each do |validate_options|
+          current_options = base.send(validate_options)
+          
+          base.cattr_accessor "original_#{validate_options}"
+          base.send("original_#{validate_options}=", current_options.dup)
+          
+          new_options = current_options.merge(:if => nil, :unless => :saving_for_react?)
+          
+          base.send("#{validate_options}=", new_options)
+        end        
+      end
+      
+      module InstanceMethods
+        def saving_for_react?
+          reflex_connections.present?
+        end
+      end
+      
+      module ClassMethods        
+        def find_by_react_user_id(react_id)
+          connection = Reflex::Authlogic::Connection.find_by_authorizable_type_and_uuid(class_name, react_id)
+          connection && connection.authorizable
+        end
+        
+        def create_for_react(provider, react_profile = nil)
+          record = new()
+          connection = record.reflex_connections.build(:provider => provider)
+          
+          if react_profile
+            record.react_profile = react_profile if record.respond_to?(:react_profile=)
+          end
+          
+          record.save_without_session_maintenance
+          [record, connection]
+        end        
+      end
+    end
+  end
+end

data/lib/reflex/authlogic/acts_as_authentic.rb

@@ -0,0 +1,19 @@
+require 'reflex/authlogic/connection'
+require 'reflex/authlogic/account'
+require 'reflex/authlogic/connectable'
+
+module Reflex
+  module Authlogic
+    module ActsAsAuthentic
+      # Adds in the neccesary modules for acts_as_authentic to include.
+      def self.included(base)
+        base.class_eval do
+          add_acts_as_authentic_module(Reflex::Authlogic::Account, :prepend)
+          add_acts_as_authentic_module(Reflex::Authlogic::Connectable, :prepend)
+        end
+      end
+    end
+  end
+end
+
+ActiveRecord::Base.send(:include, Reflex::Authlogic::ActsAsAuthentic)

data/lib/reflex/authlogic/authentication_process.rb

@@ -0,0 +1,40 @@
+module Reflex
+  module Authlogic
+    module AuthenticationProcess
+      private
+
+      def redirect_to_oauth_server(options = {})
+        # Request the URL to redirect to
+        result = Reflex::OAuthServer.token_request(react_provider)
+
+        # Set the request method (POST) in the session, so our 
+        # middleware can detect it and use it on the callback URL:
+        reflex_controller.session[:react_callback_method]   = reflex_controller.request.method
+        reflex_controller.session[:react_callback_location] = options[:callback_location]
+
+        # Redirect the visitor to the given URL
+        reflex_controller.redirect_to(result['redirectUrl'])
+      end
+
+      def react_provider
+       reflex_controller.params && reflex_controller.params['react_provider'] 
+      end
+
+      def react_oauth_session
+        reflex_controller.params && reflex_controller.params['ReactOAuthSession']
+      end
+
+      def redirecting_to_oauth_server?
+        reflex_controller && authenticating_via_oauth_server? && !react_oauth_session
+      end
+
+      def authenticating_via_oauth_server?
+        reflex_controller && (react_provider.present? || react_oauth_session.present?) # || did_not_allow_access
+      end
+
+      def reflex_controller
+        self.is_a?(::Authlogic::Session::Base) ? controller : session_class.controller
+      end    
+    end
+  end
+end

data/lib/reflex/authlogic/callback_filter.rb

@@ -0,0 +1,26 @@
+module Reflex
+  module Authlogic
+    class CallbackFilter
+      def initialize(app)
+        @app = app
+      end
+
+      def call(env)
+        # if :react_callback_method is available in the session and the requested URL's query
+        # contains ReactOAuthSession, change the REQUEST_METHOD to :react_callback_method
+        if env["rack.session"][:react_callback_method].present? && env["QUERY_STRING"] =~ /ReactOAuthSession/
+          env["REQUEST_METHOD"] = env["rack.session"].delete(:react_callback_method).to_s.upcase
+          
+          if env["rack.session"][:react_callback_location].present?
+            location = env["rack.session"].delete(:react_callback_location)
+            
+            env["REQUEST_URI"] = location
+            env["PATH_INFO"]   = location.split('?').first
+          end
+        end
+        
+        @app.call(env)
+      end      
+    end
+  end
+end

data/lib/reflex/authlogic/connectable.rb

@@ -0,0 +1,87 @@
+require 'reflex/authlogic/authentication_process'
+
+module Reflex
+  module Authlogic
+    module Connectable        
+      def self.included(base)
+        base.send(:extend, ClassMethods)
+        base.send(:include, InstanceMethods)
+        
+        base.validate :authenticate_oauth_session,
+                      :if => lambda { |account| !account.new_record? && account.send(:authenticating_via_oauth_server?) }
+      end
+      
+      module ClassMethods
+      end
+      
+      module InstanceMethods
+        include Reflex::Authlogic::AuthenticationProcess
+
+        def save(perform_validation = true, &block)
+          if perform_validation && block_given? && connecting_to_provider?
+            # Save attributes in session so we can use them again after authentication
+            reflex_controller.session[:authlogic_reflex_attributes] = attributes.reject!{|k, v| v.blank?}
+            
+            # Redirect to the OAuth Server, but set a callback location so we return here
+            redirect_to_oauth_server(:callback_location => reflex_controller.request.path)
+          
+            return false 
+          end               
+
+          result = super
+
+          yield(result) if block_given?
+          result    
+        end
+
+        private
+      
+        def connect_to_provider!
+          if redirecting_to_oauth_server?
+            redirect_to_oauth_server
+
+          elsif react_oauth_session
+            authenticate_oauth_session
+
+          else
+            # User did not grant access. Deal with it!
+            errors.add(:reflex, :invalid)
+          end              
+        end
+            
+        def authenticate_oauth_session(allow_retry = true)
+          # Request the React Session
+          oauth_session  = Reflex::OAuthServer.token_access(reflex_controller.params)
+          react_provider = oauth_session['connectedWithProvider']
+          react_user_id  = oauth_session['applicationUserId']
+
+          if react_user_id
+            # applicationUserId is not longer valid, so remove it's provider remotely:
+            Reflex::OAuthServer.user_remove_provider(react_user_id, react_provider)
+          end
+          
+          # Create a new connection of this provider:
+          connection = reflex_connections.create(:provider => react_provider)
+          
+          # Set the user id on react's side:
+          Reflex::OAuthServer.token_set_user_id(connection.uuid, react_oauth_session)
+          
+          # Set the attributes that were set pre redirection
+          if session_attributes = reflex_controller.session.delete(:authlogic_reflex_attributes)
+            self.attributes = session_attributes
+          end
+          
+          true
+        end
+
+        def connecting_to_provider?
+          !new_record? && react_provider
+        end
+
+        def saving_for_react?
+          connecting_to_provider? || super
+        end
+      end
+    end
+  end
+end

data/lib/reflex/authlogic/connection.rb

@@ -0,0 +1,18 @@
+module Reflex
+  module Authlogic
+    class Connection < ActiveRecord::Base
+      set_table_name 'reflex_connections'
+
+      belongs_to :authorizable, :polymorphic => true
+      validates_presence_of :uuid
+  
+      before_validation_on_create :generate_uuid
+  
+      private
+  
+      def generate_uuid
+        self.uuid = UUIDTools::UUID.random_create.to_s
+      end
+    end
+  end
+end