rodauth 0.10.0 → 1.0.0

data/lib/roda/plugins/rodauth/login.rb

@@ -1,81 +0,0 @@
-class Roda
-  module RodaPlugins
-    module Rodauth
-      Login = Feature.define(:login) do
-        route 'login'
-        notice_flash "You have been logged in"
-        error_flash "There was an error logging in"
-        view 'login', 'Login'
-        after
-        additional_form_tags
-        button 'Login'
-        redirect
-
-        auth_value_methods :invalid_password_message, :login_form_footer
-        auth_methods(
-          :after_login_failure,
-          :before_login_attempt,
-          :password_match?
-        )
-
-        get_block do |r, auth|
-          auth.login_view
-        end
-
-        post_block do |r, auth|
-          auth.clear_session
-
-          if auth._account_from_login(r[auth.login_param].to_s)
-            auth.before_login_attempt
-
-            if auth.open_account?
-              if auth.password_match?(r[auth.password_param].to_s)
-                auth.update_session
-                auth.after_login
-                auth.set_notice_flash auth.login_notice_flash
-                r.redirect auth.login_redirect
-              else
-                auth.after_login_failure
-                @password_error = auth.invalid_password_message
-              end
-            else
-              @login_error = auth.unverified_account_message
-            end
-          else
-            @login_error = auth.no_matching_login_message
-          end
-
-          auth.set_error_flash auth.login_error_flash
-          auth.login_view
-        end
-
-        def before_login_attempt
-        end
-
-        def after_login_failure
-        end
-
-        def login_form_footer
-          ""
-        end
-
-        def invalid_password_message
-          "invalid password"
-        end
-
-        def password_match?(password)
-          require 'bcrypt'
-          if account_password_hash_column
-            BCrypt::Password.new(account.send(account_password_hash_column)) == password
-          else
-            id = account.send(account_id)
-            if salt = db.get{rodauth_get_salt(id)}
-              hash = BCrypt::Engine.hash_secret(password, salt)
-              db.get{rodauth_valid_password_hash(id, hash)}
-            end
-          end
-        end
-      end
-    end
-  end
-end

data/lib/roda/plugins/rodauth/logout.rb

@@ -1,36 +0,0 @@
-class Roda
-  module RodaPlugins
-    module Rodauth
-      Logout = Feature.define(:logout) do
-        route 'logout'
-        notice_flash "You have been logged out"
-        view 'logout', 'Logout'
-        additional_form_tags
-        after
-        button 'Logout'
-        redirect{require_login_redirect}
-
-        auth_methods :logout
-
-        get_block do |r, auth|
-          auth.logout_view
-        end
-
-        post_block do |r, auth|
-          auth.logout
-          auth.after_logout
-          auth.set_notice_flash auth.logout_notice_flash
-          r.redirect auth.logout_redirect
-        end
-
-        def logout
-          clear_session
-        end
-
-        def check_before_logout
-          nil
-        end
-      end
-    end
-  end
-end

data/lib/roda/plugins/rodauth/remember.rb

@@ -1,226 +0,0 @@
-class Roda
-  module RodaPlugins
-    module Rodauth
-      Remember = Feature.define(:remember) do
-        depends :logout
-        route 'remember'
-        notice_flash "Your remember setting has been updated"
-        view 'remember', 'Change Remember Setting'
-        additional_form_tags
-        button 'Change Remember Setting'
-        after
-        redirect
-        require_account
-
-        auth_value_methods(
-          :extend_remember_deadline?,
-          :remember_confirm_view,
-          :remember_confirm_additional_form_tags,
-          :remember_cookie_key,
-          :remember_cookie_options,
-          :remember_deadline_column,
-          :remember_id_column,
-          :remember_key_column,
-          :remember_period,
-          :remember_table,
-          :remembered_session_key
-        )
-        auth_methods(
-          :add_remember_key,
-          :after_load_memory,
-          :after_remember_confirm,
-          :clear_remembered_session_key,
-          :disable_remember_login,
-          :forget_login,
-          :generate_remember_key_value,
-          :get_remember_key,
-          :load_memory,
-          :logged_in_via_remember_key?,
-          :remember_key_value,
-          :remember_login,
-          :remove_remember_key
-        )
-
-        get_block do |r, auth|
-          if r['confirm']
-            auth.remember_confirm_view
-          else
-            auth.remember_view
-          end
-        end
-
-        post_block do |r, auth|
-          if r['confirm']
-            if auth._account_from_session && auth.password_match?(r[auth.password_param].to_s)
-              auth.transaction do
-                auth.clear_remembered_session_key
-                auth.after_remember_confirm
-              end
-              r.redirect auth.remember_confirm_redirect
-            else
-              @password_error = auth.invalid_password_message
-              auth.remember_confirm_view
-            end
-          else
-            auth.transaction do
-              case r['remember']
-              when 'remember'
-                auth.remember_login
-              when 'forget'
-                auth.forget_login 
-              when 'disable'
-                auth.disable_remember_login 
-              end
-              auth.after_remember
-            end
-            auth.set_notice_flash auth.remember_notice_flash
-            r.redirect auth.remember_redirect
-          end
-        end
-
-        def after_logout
-          super
-          forget_login
-        end
-
-        def after_remember_confirm
-        end
-
-        def remember_confirm_view
-          view('confirm-password', 'Confirm Password')
-        end
-
-        def remember_confirm_button
-          'Confirm Password'
-        end
-
-        def remember_confirm_redirect
-          default_redirect
-        end
-
-        def remember_confirm_additional_form_tags
-        end
-
-        attr_reader :remember_key_value
-
-        def generate_remember_key_value
-          @remember_key_value = random_key
-        end
-
-        def after_load_memory
-        end
-
-        def load_memory
-          if !session[session_key] && (cookie = request.cookies[remember_cookie_key])
-            id, key = cookie.split('_', 2)
-            if id && key
-              id = id.to_i
-              if session[session_key] = active_remember_key_dataset(id).
-                  where(remember_key_column=>key.to_s).
-                  get(remember_id_column) 
-                account_from_session
-
-                session[remembered_session_key] = true
-                if extend_remember_deadline?
-                  active_remember_key_dataset(id).update(:deadline=>Sequel.expr(:deadline) + Sequel.cast(remember_period, :interval))
-                end
-                after_load_memory
-              end
-            end
-          end
-        end
-
-        def remember_login
-          get_remember_key
-          opts = Hash[remember_cookie_options]
-          opts[:value] = "#{account_id_value}_#{remember_key_value}"
-          ::Rack::Utils.set_cookie_header!(response.headers, remember_cookie_key, opts)
-        end
-
-        def remember_cookie_options
-          {}
-        end
-
-        def extend_remember_deadline?
-          false
-        end
-
-        def remember_period
-          '2 weeks'
-        end
-
-        def forget_login
-          ::Rack::Utils.delete_cookie_header!(response.headers, remember_cookie_key, remember_cookie_options)
-        end
-
-        def remember_key_dataset(id_value=account_id_value)
-          db[remember_table].
-            where(remember_id_column=>id_value)
-        end
-        def active_remember_key_dataset(id_value=account_id_value)
-          remember_key_dataset(id_value).where(Sequel.expr(remember_deadline_column) > Sequel::CURRENT_TIMESTAMP)
-        end
-
-        def get_remember_key
-          unless @remember_key_value = active_remember_key_dataset.get(remember_key_column)
-           generate_remember_key_value
-           transaction do
-             remove_remember_key
-             add_remember_key
-           end
-          end
-          nil
-        end
-
-        def disable_remember_login
-          remove_remember_key
-        end
-
-        def add_remember_key
-          remember_key_dataset.insert(remember_id_column=>account_id_value, remember_key_column=>remember_key_value)
-        end
-
-        def remove_remember_key
-          remember_key_dataset.delete
-        end
-
-        def remember_id_column
-          :id
-        end
-
-        def remember_key_column
-          :key
-        end
-
-        def remember_deadline_column
-          :deadline
-        end
-
-        def remember_table
-          :account_remember_keys
-        end
-
-        def remember_cookie_key
-          '_remember'
-        end
-
-        def clear_remembered_session_key
-          session.delete(remembered_session_key)
-        end
-
-        def logged_in_via_remember_key?
-          !!session[remembered_session_key]
-        end
-
-        def remembered_session_key
-          :remembered
-        end
-
-        def after_close_account
-          super
-          remove_remember_key
-        end
-      end
-    end
-  end
-end

data/lib/roda/plugins/rodauth/reset_password.rb

@@ -1,205 +0,0 @@
-class Roda
-  module RodaPlugins
-    module Rodauth
-      ResetPassword = Feature.define(:reset_password) do
-        depends :login
-        route 'reset-password'
-        notice_flash "Your password has been reset"
-        error_flash "There was an error resetting your password"
-        view 'reset-password', 'Reset Password'
-        additional_form_tags
-        after
-        button 'Reset Password'
-        redirect
-
-        auth_value_methods(
-          :no_matching_reset_password_key_message,
-          :reset_password_autologin?,
-          :reset_password_email_sent_notice_message,
-          :reset_password_email_sent_redirect,
-          :reset_password_email_subject,
-          :reset_password_id_column,
-          :reset_password_key_column,
-          :reset_password_key_param,
-          :reset_password_request_additional_form_tags,
-          :reset_password_request_button,
-          :reset_password_table
-        )
-        auth_methods(
-          :account_from_reset_password_key,
-          :after_reset_password_request,
-          :create_reset_password_key,
-          :create_reset_password_email,
-          :remove_reset_password_key,
-          :reset_password_email_body,
-          :reset_password_email_link,
-          :reset_password_key_insert_hash,
-          :reset_password_key_value,
-          :send_reset_password_email
-        )
-
-        get_block do |r, auth|
-          if key = r[auth.reset_password_key_param]
-            if auth._account_from_reset_password_key(key)
-              auth.reset_password_view
-            else
-              auth.set_redirect_error_flash auth.no_matching_reset_password_key_message
-              r.redirect auth.require_login_redirect
-            end
-          end
-        end
-
-        post_block do |r, auth|
-          if login = r[auth.login_param]
-            if auth._account_from_login(login.to_s) && auth.open_account?
-              auth.generate_reset_password_key_value
-              auth.transaction do
-                auth.create_reset_password_key
-                auth.send_reset_password_email
-                auth.after_reset_password_request
-              end
-              auth.set_notice_flash auth.reset_password_email_sent_notice_message
-              r.redirect auth.reset_password_email_sent_redirect
-            end
-          elsif key = r[auth.reset_password_key_param]
-            if auth._account_from_reset_password_key(key)
-              if r[auth.password_param] == r[auth.password_confirm_param]
-                if auth.password_meets_requirements?(r[auth.password_param].to_s)
-                  auth.transaction do
-                    auth.set_password(r[auth.password_param])
-                    auth.remove_reset_password_key
-                    auth.after_reset_password
-                  end
-                  if auth.reset_password_autologin?
-                    auth.update_session
-                  end
-                  auth.set_notice_flash auth.reset_password_notice_flash
-                  r.redirect(auth.reset_password_redirect)
-                else
-                  @password_error = auth.password_does_not_meet_requirements_message
-                end
-              else
-                @password_error = auth.passwords_do_not_match_message
-              end
-              auth.set_error_flash auth.reset_password_error_flash
-              auth.reset_password_view
-            end
-          end
-        end
-
-        def after_login_failure
-          super
-          scope.instance_variable_set(:@login_form_header, render("reset-password-request"))
-        end
-
-        def generate_reset_password_key_value
-          @reset_password_key_value = random_key
-        end
-
-        def create_reset_password_key
-          ds = db[reset_password_table].where(reset_password_id_column=>account_id_value)
-          transaction do
-            ds.where{deadline < Sequel::CURRENT_TIMESTAMP}.delete
-            if ds.empty?
-              ds.insert(reset_password_key_insert_hash)
-            end
-          end
-        end
-
-        def reset_password_key_insert_hash
-          {reset_password_id_column=>account_id_value, reset_password_key_column=>reset_password_key_value}
-        end
-
-        def remove_reset_password_key
-          db[reset_password_table].where(reset_password_id_column=>account_id_value).delete
-        end
-
-        def reset_password_email_sent_notice_message
-          "An email has been sent to you with a link to reset the password for your account"
-        end
-
-        def no_matching_reset_password_key_message
-          "invalid password reset key"
-        end
-
-        def _account_from_reset_password_key(key)
-          @account = account_from_reset_password_key(key)
-        end
-
-        def account_from_reset_password_key(key)
-          id, key = key.split('_', 2)
-          id_column = reset_password_id_column
-          rpds = db[reset_password_table].
-            select(id_column).
-            where(id_column=>id, reset_password_key_column=>key)
-          ds = account_model.where(account_id=>rpds)
-          ds = ds.where(account_status_id=>account_open_status_value) unless skip_status_checks?
-          ds.first
-        end
-
-        def after_reset_password_request
-          nil
-        end
-
-        def reset_password_request_button
-          'Request Password Reset'
-        end
-
-        def reset_password_request_additional_form_tags
-          nil
-        end
-        
-        def reset_password_email_sent_redirect
-          default_redirect
-        end
-
-        def reset_password_table
-          :account_password_reset_keys
-        end
-
-        def reset_password_id_column
-          :id
-        end
-
-        def reset_password_key_column
-          :key
-        end
-
-        attr_reader :reset_password_key_value
-
-        def create_reset_password_email
-          create_email(reset_password_email_subject, reset_password_email_body)
-        end
-
-        def send_reset_password_email
-          create_reset_password_email.deliver!
-        end
-
-        def reset_password_email_body
-          render('reset-password-email')
-        end
-
-        def reset_password_email_link
-          "#{request.base_url}#{prefix}/#{reset_password_route}?#{reset_password_key_param}=#{account_id_value}_#{reset_password_key_value}"
-        end
-
-        def reset_password_email_subject
-          'Reset Password'
-        end
-
-        def reset_password_key_param
-          'key'
-        end
-
-        def reset_password_autologin?
-          false
-        end
-
-        def after_close_account
-          super
-          db[reset_password_table].where(reset_password_id_column=>account_id_value).delete
-        end
-      end
-    end
-  end
-end