RubyGems - rodauth - Versions diffs - 0.9.0 - Mend

rodauth 0.9.0

Files changed (40) hide show

checksums.yaml +7 -0
data/CHANGELOG +3 -0
data/MIT-LICENSE +18 -0
data/README.rdoc +484 -0
data/Rakefile +91 -0
data/lib/roda/plugins/rodauth.rb +265 -0
data/lib/roda/plugins/rodauth/base.rb +428 -0
data/lib/roda/plugins/rodauth/change_login.rb +48 -0
data/lib/roda/plugins/rodauth/change_password.rb +42 -0
data/lib/roda/plugins/rodauth/close_account.rb +42 -0
data/lib/roda/plugins/rodauth/create_account.rb +92 -0
data/lib/roda/plugins/rodauth/lockout.rb +292 -0
data/lib/roda/plugins/rodauth/login.rb +77 -0
data/lib/roda/plugins/rodauth/logout.rb +36 -0
data/lib/roda/plugins/rodauth/remember.rb +226 -0
data/lib/roda/plugins/rodauth/reset_password.rb +205 -0
data/lib/roda/plugins/rodauth/verify_account.rb +228 -0
data/spec/migrate/001_tables.rb +64 -0
data/spec/migrate_password/001_tables.rb +38 -0
data/spec/rodauth_spec.rb +1114 -0
data/spec/views/layout.str +11 -0
data/spec/views/login.str +21 -0
data/templates/change-login.str +22 -0
data/templates/change-password.str +21 -0
data/templates/close-account.str +9 -0
data/templates/confirm-password.str +16 -0
data/templates/create-account.str +33 -0
data/templates/login.str +25 -0
data/templates/logout.str +9 -0
data/templates/remember.str +28 -0
data/templates/reset-password-email.str +5 -0
data/templates/reset-password-request.str +7 -0
data/templates/reset-password.str +23 -0
data/templates/unlock-account-email.str +5 -0
data/templates/unlock-account-request.str +11 -0
data/templates/unlock-account.str +11 -0
data/templates/verify-account-email.str +4 -0
data/templates/verify-account-resend.str +7 -0
data/templates/verify-account.str +11 -0
metadata +227 -0

data/Rakefile ADDED

@@ -0,0 +1,91 @@
+require "rake"
+require "rake/clean"
+CLEAN.include ["rodauth-*.gem", "rdoc", "coverage"]
+# Packaging
+desc "Build rodauth gem"
+task :package=>[:clean] do |p|
+  sh %{#{FileUtils::RUBY} -S gem build rodauth.gemspec}
+end
+### RDoc
+RDOC_DEFAULT_OPTS = ["--line-numbers", "--inline-source", '--title', 'Rodauth: Authentication framework using Roda, Sequel, and PostgreSQL']
+begin
+  gem 'hanna-nouveau'
+  RDOC_DEFAULT_OPTS.concat(['-f', 'hanna'])
+rescue Gem::LoadError
+end
+rdoc_task_class = begin
+  require "rdoc/task"
+  RDoc::Task
+rescue LoadError
+  require "rake/rdoctask"
+  Rake::RDocTask
+end
+RDOC_OPTS = RDOC_DEFAULT_OPTS + ['--main', 'README.rdoc']
+RDOC_FILES = %w"README.rdoc CHANGELOG MIT-LICENSE lib/**/*.rb" + Dir["doc/*.rdoc"] + Dir['doc/release_notes/*.txt']
+rdoc_task_class.new do |rdoc|
+  rdoc.rdoc_dir = "rdoc"
+  rdoc.options += RDOC_OPTS
+  rdoc.rdoc_files.add RDOC_FILES
+end
+# Specs
+desc "Run specs"
+task :default=>:spec
+spec = proc do |env|
+  env.each{|k,v| ENV[k] = v}
+  sh "#{FileUtils::RUBY} spec/rodauth_spec.rb"
+  env.each{|k,v| ENV.delete(k)}
+end
+desc "Run specs"
+task "spec" do
+  spec.call({})
+end
+desc "Run specs with coverage"
+task "spec_cov" do
+  ENV['COVERAGE'] = '1'
+  spec.call('COVERAGE'=>'1')
+end
+desc "Run specs with -w, some warnings filtered"
+task "spec_w" do
+  ENV['RUBYOPT'] ? (ENV['RUBYOPT'] += " -w") : (ENV['RUBYOPT'] = '-w')
+  rake = ENV['RAKE'] || "#{FileUtils::RUBY} -S rake"
+  sh %{#{rake} 2>&1 | egrep -v \": warning: instance variable @.* not initialized|: warning: method redefined; discarding old|: warning: previous definition of|: warning: statement not reached"}
+end
+desc "Setup database used for testing"
+task :db_setup do
+  sh 'echo "CREATE USER rodauth_test PASSWORD \'rodauth_test\'" | psql -U postgres'
+  sh 'echo "CREATE USER rodauth_test_password PASSWORD \'rodauth_test\'" | psql -U postgres'
+  sh 'createdb -U postgres -O rodauth_test rodauth_test'
+  sh 'echo "CREATE EXTENSION pgcrypto" | psql -U postgres rodauth_test'
+  sh 'echo "CREATE EXTENSION citext" | psql -U postgres rodauth_test'
+  require 'sequel'
+  Sequel.extension :migration
+  Sequel.postgres(:user=>'rodauth_test', :password=>'rodauth_test') do |db|
+    Sequel::Migrator.run(db, 'spec/migrate')
+  end
+  Sequel.postgres('rodauth_test', :user=>'rodauth_test_password', :password=>'rodauth_test') do |db|
+    Sequel::Migrator.run(db, 'spec/migrate_password', :table=>'schema_info_password')
+  end
+end
+desc "Teardown database used for testing"
+task :db_teardown do
+  sh 'dropdb -U postgres rodauth_test'
+  sh 'dropuser -U postgres rodauth_test_password'
+  sh 'dropuser -U postgres rodauth_test'
+end

data/lib/roda/plugins/rodauth.rb ADDED

@@ -0,0 +1,265 @@
+require 'tilt/string'
+class Roda
+  module RodaPlugins
+    module Rodauth
+      def self.load_dependencies(app, opts={})
+        app.plugin :render
+        app.plugin :flash
+        app.plugin :h
+        app.plugin :csrf
+      end
+      def self.configure(app, opts={}, &block)
+        ((app.opts[:rodauths] ||= {})[opts[:name]] ||= Class.new(Auth)).configure(&block)
+      end
+      DSL_META_TYPES = [:auth, :auth_value].freeze
+      FEATURES = {}
+      class Feature < Module
+        DSL_META_TYPES.each do |meth|
+          name = :"#{meth}_methods"
+          define_method(name) do |*v|
+            iv = :"@#{name}"
+            existing = instance_variable_get(iv) || []
+            if v.empty?
+              existing
+            else
+              instance_variable_set(iv, existing + v)
+            end
+          end
+        end
+        attr_accessor :feature_name
+        attr_accessor :dependencies
+        def self.define(name, &block)
+          feature = new
+          feature.dependencies = []
+          feature.feature_name = name
+          feature.module_eval(&block)
+          FEATURES[name] = feature
+        end
+        DEFAULT_REDIRECT_BLOCK = proc{default_redirect}
+        def redirect(&block)
+          meth = :"#{feature_name}_redirect"
+          block ||= DEFAULT_REDIRECT_BLOCK
+          define_method(meth, &block)
+          auth_value_methods meth
+        end
+        def view(page, title)
+          meth = :"#{feature_name}_view"
+          define_method(meth) do
+            view(page, title)
+          end
+          auth_methods meth
+        end
+        def depends(*deps)
+          dependencies.concat(deps)
+        end
+        def after
+          meth = :"after_#{feature_name}"
+          define_method(meth) do
+            nil
+          end
+          auth_methods meth
+        end
+        def additional_form_tags
+          meth = :"#{feature_name}_additional_form_tags"
+          define_method(meth) do
+            nil
+          end
+          auth_value_methods meth
+        end
+        def require_account
+          @account_required = true
+        end
+        def account_required?
+          @account_required
+        end
+        [:route, :notice_flash, :error_flash, :button].each do |meth|
+          define_method(meth) do |v|
+            inst_meth = :"#{feature_name}_#{meth}"
+            define_method(inst_meth){v}
+            auth_value_methods inst_meth
+          end
+        end
+        [:get, :post, :route].each do |meth|
+          define_method("#{meth}_block") do |&block|
+            if block
+              instance_variable_set("@#{meth}_block", block)
+            else
+              instance_variable_get("@#{meth}_block")
+            end
+          end
+        end
+      end
+      class Auth
+        class << self
+          attr_reader :features
+          attr_reader :route_block_methods
+        end
+        def self.inherited(subclass)
+          super
+          subclass.instance_exec do
+            @features = []
+            @route_block_methods = []
+          end
+        end
+        def self.configure(&block)
+          DSL.new(self, &block)
+        end
+        def self.freeze
+          @features.freeze
+          @route_block_methods.freeze
+          super
+        end
+        def route_block_methods
+          self.class.route_block_methods
+        end
+      end
+      class DSL
+        def def_auth_method(meth)
+          define_sclass_method(meth) do |&block|
+            _def_auth_method(meth, &block)
+          end
+        end
+        def def_auth_value_method(meth)
+          define_sclass_method(meth) do |*v, &block|
+            v = v.first
+            block ||= proc{v}
+            _def_auth_method(meth, &block)
+          end
+        end
+        def def_auth_block_method(meth)
+          define_sclass_method(meth) do |&block|
+            _def_auth_method(meth){block}
+          end
+        end
+        def initialize(auth, &block)
+          @auth = auth
+          load_feature(:base)
+          instance_exec(&block)
+        end
+        def enable(*features)
+          new_features = features - @auth.features
+          new_features.each{|f| load_feature(f)}
+          @auth.features.concat(new_features)
+        end
+        private
+        def _def_auth_method(meth, &block)
+          @auth.send(:define_method, meth, &block)
+        end
+        def define_sclass_method(meth, &block)
+          (class << self; self end).send(:define_method, meth, &block)
+        end
+        def load_feature(feature_name)
+          require "roda/plugins/rodauth/#{feature_name}"
+          feature = FEATURES[feature_name]
+          enable(*feature.dependencies)
+          DSL_META_TYPES.each do |type|
+            feature.send(:"#{type}_methods").each{|m| send(:"def_#{type}_method", m)}
+          end
+          if get_block = feature.get_block
+            def_auth_block_method :"#{feature_name}_get_block"
+            _def_auth_method(:"#{feature_name}_get_block"){get_block}
+          end
+          if post_block = feature.post_block
+            def_auth_block_method :"#{feature_name}_post_block"
+            _def_auth_method(:"#{feature_name}_post_block"){post_block}
+          end
+          route_block = feature.route_block
+          if route_block || (get_block && post_block)
+            check_before_meth = :"check_before_#{feature_name}"
+            before_meth = :"before_#{feature_name}"
+            def_auth_block_method :"#{feature_name}_route_block"
+            route_block ||= proc do |r, auth|
+              r.is auth.send(:"#{feature_name}_route") do
+                auth.check_before(feature)
+                auth.send(before_meth)
+                r.get do
+                  instance_exec(r, auth, &auth.send(:"#{feature_name}_get_block"))
+                end
+                r.post do
+                  instance_exec(r, auth, &auth.send(:"#{feature_name}_post_block"))
+                end
+              end
+            end
+            _def_auth_method(:"#{feature_name}_route_block"){route_block}
+            _def_auth_method(before_meth){nil}
+            def_auth_method(before_meth)
+            @auth.route_block_methods << :"#{feature_name}_route_block"
+          end
+          @auth.send(:include, feature)
+        end
+      end
+      module InstanceMethods
+        def rodauth(name=nil)
+          if name
+            (@_rodauths ||= {})[name] ||= self.class.rodauth(name).new(self)
+          else
+            @_rodauth ||= self.class.rodauth.new(self)
+          end
+        end
+      end
+      module ClassMethods
+        def rodauth(name=nil)
+          opts[:rodauths][name]
+        end
+        def freeze
+          if opts[:rodauths]
+            opts[:rodauths].each_value(&:freeze)
+            opts[:rodauths].freeze
+          end
+          super
+        end
+      end
+      module RequestMethods
+        def rodauth(name=nil)
+          auth = scope.rodauth(name)
+          auth.route_block_methods.each do |meth|
+            scope.instance_exec(self, auth, &auth.send(meth))
+          end
+        end
+      end
+    end
+    register_plugin(:rodauth, Rodauth)
+  end
+end

data/lib/roda/plugins/rodauth/base.rb ADDED

@@ -0,0 +1,428 @@
+class Roda
+  module RodaPlugins
+    module Rodauth
+      Base = Feature.define(:base) do
+        auth_value_methods(
+          :account_id,
+          :account_model,
+          :account_open_status_value,
+          :account_password_hash_column,
+          :account_status_id,
+          :account_unverified_status_value,
+          :default_redirect,
+          :email_from,
+          :email_subject_prefix,
+          :login_column,
+          :login_confirm_label,
+          :login_confirm_param,
+          :login_label,
+          :login_param,
+          :logins_do_not_match_message,
+          :no_matching_login_message,
+          :password_confirm_label,
+          :password_confirm_param,
+          :password_does_not_meet_requirements_message,
+          :password_hash_column,
+          :password_hash_cost,
+          :password_hash_table,
+          :password_label,
+          :password_minimum_length,
+          :password_param,
+          :passwords_do_not_match_message,
+          :prefix,
+          :require_login_notice_message,
+          :require_login_redirect,
+          :session_key,
+          :skip_status_checks?,
+          :title_instance_variable
+        )
+        auth_methods(
+          :account_from_login,
+          :account_from_session,
+          :account_id_value,
+          :account_session_value,
+          :after_close_account,
+          :already_logged_in,
+          :clear_session,
+          :create_email,
+          :email_to,
+          :logged_in?,
+          :login_errors_message,
+          :login_required,
+          :open_account?,
+          :password_hash,
+          :password_meets_requirements?,
+          :random_key,
+          :session_value,
+          :set_error_flash,
+          :set_notice_flash,
+          :set_password,
+          :set_redirect_error_flash,
+          :set_title,
+          :unverified_account_message,
+          :update_session
+        )
+        attr_reader :scope
+        attr_reader :account
+        def initialize(scope)
+          @scope = scope
+        end
+        def features
+          self.class.features
+        end
+        def request
+          scope.request
+        end
+        def response
+          scope.response
+        end
+        def session
+          scope.session
+        end
+        def flash
+          scope.flash
+        end
+        # Overridable methods
+        def account_id_value
+          account.send(account_id)
+        end
+        alias account_session_value account_id_value
+        def session_value
+          session[session_key]
+        end
+        def account_status_id_value
+          account.send(account_status_id)
+        end
+        def _account_from_login(login)
+          @account = account_from_login(login)
+        end
+        def account_from_login(login)
+          ds = account_model.where(login_column=>login)
+          ds = ds.where(account_status_id=>[account_unverified_status_value, account_open_status_value]) unless skip_status_checks?
+          ds.first
+        end
+        def open_account?
+          skip_status_checks? || account_status_id_value == account_open_status_value
+        end
+        def unverified_account_message
+          "unverified account, please verify account before logging in"
+        end
+        def update_session
+          clear_session
+          session[session_key] = account_session_value
+        end
+        def check_before(feature)
+          meth = :"check_before_#{feature.feature_name}"
+          if respond_to?(meth)
+            send(meth)
+          elsif feature.account_required?
+            require_account
+          elsif logged_in?
+            already_logged_in
+          end
+        end
+        def account_model
+          ::Account
+        end
+        def db
+          account_model.db
+        end
+        # If the account_password_hash_column is set, the password hash is verified in
+        # ruby, it will not use a database function to do so, it will check the password
+        # hash using bcrypt.
+        def account_password_hash_column
+          nil
+        end
+        def already_logged_in
+          nil
+        end
+        def clear_session
+          session.clear
+        end
+        def default_redirect
+          '/'
+        end
+        def require_login_redirect
+          "#{prefix}/login"
+        end
+        def require_login_notice_message
+          "Please login to continue"
+        end
+        def prefix
+          ''
+        end
+        def login_required
+          set_notice_flash require_login_notice_message
+          request.redirect require_login_redirect
+        end
+        def random_key
+          require 'securerandom'
+          if RUBY_VERSION >= '1.9'
+            SecureRandom.urlsafe_base64(32)
+          else
+            # :nocov:
+            SecureRandom.hex(32)
+            # :nocov:
+          end
+        end
+        def title_instance_variable
+          nil
+        end
+        def set_title(title)
+          if title_instance_variable
+            scope.instance_variable_set(title_instance_variable, title)
+          end
+        end
+        def set_error_flash(message)
+          flash.now[:error] = message
+        end
+        def set_redirect_error_flash(message)
+          flash[:error] = message
+        end
+        def set_notice_flash(message)
+          flash[:notice] = message
+        end
+        def login_column
+          :email
+        end
+        def password_hash_column
+          :password_hash
+        end
+        def password_hash_table
+          :account_password_hashes
+        end
+        def no_matching_login_message
+          "no matching login"
+        end
+        def logged_in?
+          session[session_key]
+        end
+        def require_login
+          login_required unless logged_in?
+        end
+        def require_account
+          require_login
+          unless _account_from_session
+            clear_session
+            login_required
+          end
+        end
+        def login_param
+          'login'
+        end
+        def login_confirm_param
+          'login-confirm'
+        end
+        def login_label
+          'Login'
+        end
+        def login_confirm_label
+          "Confirm #{login_label}"
+        end
+        def password_label
+          'Password'
+        end
+        def password_confirm_label
+          "Confirm #{password_label}"
+        end
+        def login_errors_message
+          if errors = account.errors.on(login_column)
+            errors.join(', ')
+          end
+        end
+        def logins_do_not_match_message
+          'logins do not match'
+        end
+        def password_param
+          'password'
+        end
+        def password_confirm_param
+          'password-confirm'
+        end
+        def session_key
+          :account_id
+        end
+        def account_id
+          :id
+        end
+        def account_status_id
+          :status_id
+        end
+        def passwords_do_not_match_message
+          'passwords do not match'
+        end
+        def password_does_not_meet_requirements_message
+          "invalid password, does not meet requirements (minimum #{password_minimum_length} characters)"
+        end
+        def password_minimum_length
+          6
+        end
+        def password_meets_requirements?(password)
+          password_minimum_length <= password.length
+        end
+        def account_unverified_status_value
+          1
+        end
+        def account_open_status_value
+          2
+        end
+        def account_initial_status_value
+          account_open_status_value
+        end
+        def _account_from_session
+          @account = account_from_session
+        end
+        def account_from_session
+          ds = account_model.where(account_id=>scope.session[session_key])
+          ds = ds.where(account_status_id=>account_open_status_value) unless skip_status_checks?
+          ds.first
+        end
+        def password_hash_cost
+          require 'bcrypt'
+          if ENV['RACK_ENV'] == 'test'
+            BCrypt::Engine::MIN_COST
+          else
+            # :nocov:
+            BCrypt::Engine::DEFAULT_COST
+            # :nocov:
+          end
+        end
+        def password_hash(password)
+          require 'bcrypt'
+          BCrypt::Password.create(password, :cost=>password_hash_cost)
+        end
+        def set_password(password)
+          hash = password_hash(password)
+          if account_password_hash_column
+            account.set(account_password_hash_column=>hash).save_changes(:raise_on_save_failure=>true)
+          else
+            if db[password_hash_table].where(account_id=>account_id_value).update(password_hash_column=>hash) == 0
+              db[password_hash_table].insert(account_id=>account_id_value, password_hash_column=>hash)
+            end
+          end
+        end
+        def transaction(&block)
+          db.transaction(&block)
+        end
+        def email_from
+          "webmaster@#{request.host}"
+        end
+        def email_to
+          account.email
+        end
+        def create_email(subject, body)
+          require 'mail'
+          m = Mail.new
+          m.from = email_from
+          m.to = email_to
+          m.subject = "#{email_subject_prefix}#{subject}"
+          m.body = body
+          m
+        end
+        def email_subject_prefix
+          nil
+        end
+        def view(page, title)
+          set_title(title)
+          _view(:view, page)
+        end
+        def render(page)
+          _view(:render, page)
+        end
+        def skip_status_checks?
+          false
+        end
+        def after_close_account
+        end
+        private
+        def _view(meth, page)
+          auth = self
+          scope.instance_exec do
+            template_opts = find_template(parse_template_opts(page, :locals=>{:rodauth=>auth}))
+            unless File.file?(template_path(template_opts))
+              template_opts[:path] = File.join(File.dirname(__FILE__), '../../../../templates', "#{page}.str")
+            end
+            send(meth, template_opts)
+          end
+        end
+      end
+    end
+  end
+end