RubyGems - rodauth - Versions diffs - 0.9.0 - Mend

rodauth 0.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (40) hide show

checksums.yaml +7 -0
data/CHANGELOG +3 -0
data/MIT-LICENSE +18 -0
data/README.rdoc +484 -0
data/Rakefile +91 -0
data/lib/roda/plugins/rodauth.rb +265 -0
data/lib/roda/plugins/rodauth/base.rb +428 -0
data/lib/roda/plugins/rodauth/change_login.rb +48 -0
data/lib/roda/plugins/rodauth/change_password.rb +42 -0
data/lib/roda/plugins/rodauth/close_account.rb +42 -0
data/lib/roda/plugins/rodauth/create_account.rb +92 -0
data/lib/roda/plugins/rodauth/lockout.rb +292 -0
data/lib/roda/plugins/rodauth/login.rb +77 -0
data/lib/roda/plugins/rodauth/logout.rb +36 -0
data/lib/roda/plugins/rodauth/remember.rb +226 -0
data/lib/roda/plugins/rodauth/reset_password.rb +205 -0
data/lib/roda/plugins/rodauth/verify_account.rb +228 -0
data/spec/migrate/001_tables.rb +64 -0
data/spec/migrate_password/001_tables.rb +38 -0
data/spec/rodauth_spec.rb +1114 -0
data/spec/views/layout.str +11 -0
data/spec/views/login.str +21 -0
data/templates/change-login.str +22 -0
data/templates/change-password.str +21 -0
data/templates/close-account.str +9 -0
data/templates/confirm-password.str +16 -0
data/templates/create-account.str +33 -0
data/templates/login.str +25 -0
data/templates/logout.str +9 -0
data/templates/remember.str +28 -0
data/templates/reset-password-email.str +5 -0
data/templates/reset-password-request.str +7 -0
data/templates/reset-password.str +23 -0
data/templates/unlock-account-email.str +5 -0
data/templates/unlock-account-request.str +11 -0
data/templates/unlock-account.str +11 -0
data/templates/verify-account-email.str +4 -0
data/templates/verify-account-resend.str +7 -0
data/templates/verify-account.str +11 -0
metadata +227 -0

data/Rakefile ADDED

@@ -0,0 +1,91 @@
+require "rake"
+require "rake/clean"
+CLEAN.include ["rodauth-*.gem", "rdoc", "coverage"]
+# Packaging
+desc "Build rodauth gem"
+task :package=>[:clean] do |p|
+  sh %{#{FileUtils::RUBY} -S gem build rodauth.gemspec}
+end
+### RDoc
+RDOC_DEFAULT_OPTS = ["--line-numbers", "--inline-source", '--title', 'Rodauth: Authentication framework using Roda, Sequel, and PostgreSQL']
+begin
+  gem 'hanna-nouveau'
+  RDOC_DEFAULT_OPTS.concat(['-f', 'hanna'])
+rescue Gem::LoadError
+end
+rdoc_task_class = begin
+  require "rdoc/task"
+  RDoc::Task
+rescue LoadError
+  require "rake/rdoctask"
+  Rake::RDocTask
+end
+RDOC_OPTS = RDOC_DEFAULT_OPTS + ['--main', 'README.rdoc']
+RDOC_FILES = %w"README.rdoc CHANGELOG MIT-LICENSE lib/**/*.rb" + Dir["doc/*.rdoc"] + Dir['doc/release_notes/*.txt']
+rdoc_task_class.new do |rdoc|
+  rdoc.rdoc_dir = "rdoc"
+  rdoc.options += RDOC_OPTS
+  rdoc.rdoc_files.add RDOC_FILES
+end
+# Specs
+desc "Run specs"
+task :default=>:spec
+spec = proc do |env|
+  env.each{|k,v| ENV[k] = v}
+  sh "#{FileUtils::RUBY} spec/rodauth_spec.rb"
+  env.each{|k,v| ENV.delete(k)}
+end
+desc "Run specs"
+task "spec" do
+  spec.call({})
+end
+desc "Run specs with coverage"
+task "spec_cov" do
+  ENV['COVERAGE'] = '1'
+  spec.call('COVERAGE'=>'1')
+end
+desc "Run specs with -w, some warnings filtered"
+task "spec_w" do
+  ENV['RUBYOPT'] ? (ENV['RUBYOPT'] += " -w") : (ENV['RUBYOPT'] = '-w')
+  rake = ENV['RAKE'] || "#{FileUtils::RUBY} -S rake"
+  sh %{#{rake} 2>&1 | egrep -v \": warning: instance variable @.* not initialized|: warning: method redefined; discarding old|: warning: previous definition of|: warning: statement not reached"}
+end
+desc "Setup database used for testing"
+task :db_setup do
+  sh 'echo "CREATE USER rodauth_test PASSWORD \'rodauth_test\'" | psql -U postgres'
+  sh 'echo "CREATE USER rodauth_test_password PASSWORD \'rodauth_test\'" | psql -U postgres'
+  sh 'createdb -U postgres -O rodauth_test rodauth_test'
+  sh 'echo "CREATE EXTENSION pgcrypto" | psql -U postgres rodauth_test'
+  sh 'echo "CREATE EXTENSION citext" | psql -U postgres rodauth_test'
+  require 'sequel'
+  Sequel.extension :migration
+  Sequel.postgres(:user=>'rodauth_test', :password=>'rodauth_test') do |db|
+    Sequel::Migrator.run(db, 'spec/migrate')
+  end
+  Sequel.postgres('rodauth_test', :user=>'rodauth_test_password', :password=>'rodauth_test') do |db|
+    Sequel::Migrator.run(db, 'spec/migrate_password', :table=>'schema_info_password')
+  end
+end
+desc "Teardown database used for testing"
+task :db_teardown do
+  sh 'dropdb -U postgres rodauth_test'
+  sh 'dropuser -U postgres rodauth_test_password'
+  sh 'dropuser -U postgres rodauth_test'
+end

data/lib/roda/plugins/rodauth.rb ADDED

@@ -0,0 +1,265 @@
+require 'tilt/string'
+class Roda
+  module RodaPlugins
+    module Rodauth
+      def self.load_dependencies(app, opts={})
+        app.plugin :render
+        app.plugin :flash
+        app.plugin :h
+        app.plugin :csrf
+      end
+      def self.configure(app, opts={}, &block)
+        ((app.opts[:rodauths] ||= {})[opts[:name]] ||= Class.new(Auth)).configure(&block)
+      end
+      DSL_META_TYPES = [:auth, :auth_value].freeze
+      FEATURES = {}
+      class Feature < Module
+        DSL_META_TYPES.each do |meth|
+          name = :"#{meth}_methods"
+          define_method(name) do |*v|
+            iv = :"@#{name}"
+            existing = instance_variable_get(iv) || []
+            if v.empty?
+              existing
+            else
+              instance_variable_set(iv, existing + v)
+            end
+          end
+        end
+        attr_accessor :feature_name
+        attr_accessor :dependencies
+        def self.define(name, &block)
+          feature = new
+          feature.dependencies = []
+          feature.feature_name = name
+          feature.module_eval(&block)
+          FEATURES[name] = feature
+        end
+        DEFAULT_REDIRECT_BLOCK = proc{default_redirect}
+        def redirect(&block)
+          meth = :"#{feature_name}_redirect"
+          block ||= DEFAULT_REDIRECT_BLOCK
+          define_method(meth, &block)
+          auth_value_methods meth
+        end
+        def view(page, title)
+          meth = :"#{feature_name}_view"
+          define_method(meth) do
+            view(page, title)
+          end
+          auth_methods meth
+        end
+        def depends(*deps)
+          dependencies.concat(deps)
+        end
+        def after
+          meth = :"after_#{feature_name}"
+          define_method(meth) do
+            nil
+          end
+          auth_methods meth
+        end
+        def additional_form_tags
+          meth = :"#{feature_name}_additional_form_tags"
+          define_method(meth) do
+            nil
+          end
+          auth_value_methods meth
+        end
+        def require_account
+          @account_required = true
+        end
+        def account_required?
+          @account_required
+        end
+        [:route, :notice_flash, :error_flash, :button].each do |meth|
+          define_method(meth) do |v|
+            inst_meth = :"#{feature_name}_#{meth}"
+            define_method(inst_meth){v}
+            auth_value_methods inst_meth
+          end
+        end
+        [:get, :post, :route].each do |meth|
+          define_method("#{meth}_block") do |&block|
+            if block
+              instance_variable_set("@#{meth}_block", block)
+            else
+              instance_variable_get("@#{meth}_block")
+            end
+          end
+        end
+      end
+      class Auth
+        class << self
+          attr_reader :features
+          attr_reader :route_block_methods
+        end
+        def self.inherited(subclass)
+          super
+          subclass.instance_exec do
+            @features = []
+            @route_block_methods = []
+          end
+        end
+        def self.configure(&block)
+          DSL.new(self, &block)
+        end
+        def self.freeze
+          @features.freeze
+          @route_block_methods.freeze
+          super
+        end
+        def route_block_methods
+          self.class.route_block_methods
+        end
+      end
+      class DSL
+        def def_auth_method(meth)
+          define_sclass_method(meth) do |&block|
+            _def_auth_method(meth, &block)
+          end
+        end
+        def def_auth_value_method(meth)
+          define_sclass_method(meth) do |*v, &block|
+            v = v.first
+            block ||= proc{v}
+            _def_auth_method(meth, &block)
+          end
+        end
+        def def_auth_block_method(meth)
+          define_sclass_method(meth) do |&block|
+            _def_auth_method(meth){block}
+          end
+        end
+        def initialize(auth, &block)
+          @auth = auth
+          load_feature(:base)
+          instance_exec(&block)
+        end
+        def enable(*features)
+          new_features = features - @auth.features
+          new_features.each{|f| load_feature(f)}
+          @auth.features.concat(new_features)
+        end
+        private
+        def _def_auth_method(meth, &block)
+          @auth.send(:define_method, meth, &block)
+        end
+        def define_sclass_method(meth, &block)
+          (class << self; self end).send(:define_method, meth, &block)
+        end
+        def load_feature(feature_name)
+          require "roda/plugins/rodauth/#{feature_name}"
+          feature = FEATURES[feature_name]
+          enable(*feature.dependencies)
+          DSL_META_TYPES.each do |type|
+            feature.send(:"#{type}_methods").each{|m| send(:"def_#{type}_method", m)}
+          end
+          if get_block = feature.get_block
+            def_auth_block_method :"#{feature_name}_get_block"
+            _def_auth_method(:"#{feature_name}_get_block"){get_block}
+          end
+          if post_block = feature.post_block
+            def_auth_block_method :"#{feature_name}_post_block"
+            _def_auth_method(:"#{feature_name}_post_block"){post_block}
+          end
+          route_block = feature.route_block
+          if route_block || (get_block && post_block)
+            check_before_meth = :"check_before_#{feature_name}"
+            before_meth = :"before_#{feature_name}"
+            def_auth_block_method :"#{feature_name}_route_block"
+            route_block ||= proc do |r, auth|
+              r.is auth.send(:"#{feature_name}_route") do
+                auth.check_before(feature)
+                auth.send(before_meth)
+                r.get do
+                  instance_exec(r, auth, &auth.send(:"#{feature_name}_get_block"))
+                end
+                r.post do
+                  instance_exec(r, auth, &auth.send(:"#{feature_name}_post_block"))
+                end
+              end
+            end
+            _def_auth_method(:"#{feature_name}_route_block"){route_block}
+            _def_auth_method(before_meth){nil}
+            def_auth_method(before_meth)
+            @auth.route_block_methods << :"#{feature_name}_route_block"
+          end
+          @auth.send(:include, feature)
+        end
+      end
+      module InstanceMethods
+        def rodauth(name=nil)
+          if name
+            (@_rodauths ||= {})[name] ||= self.class.rodauth(name).new(self)
+          else
+            @_rodauth ||= self.class.rodauth.new(self)
+          end
+        end
+      end
+      module ClassMethods
+        def rodauth(name=nil)
+          opts[:rodauths][name]
+        end
+        def freeze
+          if opts[:rodauths]
+            opts[:rodauths].each_value(&:freeze)
+            opts[:rodauths].freeze
+          end
+          super
+        end
+      end
+      module RequestMethods
+        def rodauth(name=nil)
+          auth = scope.rodauth(name)
+          auth.route_block_methods.each do |meth|
+            scope.instance_exec(self, auth, &auth.send(meth))
+          end
+        end
+      end
+    end
+    register_plugin(:rodauth, Rodauth)
+  end
+end

data/lib/roda/plugins/rodauth/base.rb ADDED

@@ -0,0 +1,428 @@
+class Roda
+  module RodaPlugins
+    module Rodauth
+      Base = Feature.define(:base) do
+        auth_value_methods(
+          :account_id,
+          :account_model,
+          :account_open_status_value,
+          :account_password_hash_column,
+          :account_status_id,
+          :account_unverified_status_value,
+          :default_redirect,
+          :email_from,
+          :email_subject_prefix,
+          :login_column,
+          :login_confirm_label,
+          :login_confirm_param,
+          :login_label,
+          :login_param,
+          :logins_do_not_match_message,
+          :no_matching_login_message,
+          :password_confirm_label,
+          :password_confirm_param,
+          :password_does_not_meet_requirements_message,
+          :password_hash_column,
+          :password_hash_cost,
+          :password_hash_table,
+          :password_label,
+          :password_minimum_length,
+          :password_param,
+          :passwords_do_not_match_message,
+          :prefix,
+          :require_login_notice_message,
+          :require_login_redirect,
+          :session_key,
+          :skip_status_checks?,
+          :title_instance_variable
+        )
+        auth_methods(
+          :account_from_login,
+          :account_from_session,
+          :account_id_value,
+          :account_session_value,
+          :after_close_account,
+          :already_logged_in,
+          :clear_session,
+          :create_email,
+          :email_to,
+          :logged_in?,
+          :login_errors_message,
+          :login_required,
+          :open_account?,
+          :password_hash,
+          :password_meets_requirements?,
+          :random_key,
+          :session_value,
+          :set_error_flash,
+          :set_notice_flash,
+          :set_password,
+          :set_redirect_error_flash,
+          :set_title,
+          :unverified_account_message,
+          :update_session
+        )
+        attr_reader :scope
+        attr_reader :account
+        def initialize(scope)
+          @scope = scope
+        end
+        def features
+          self.class.features
+        end
+        def request
+          scope.request
+        end
+        def response
+          scope.response
+        end
+        def session
+          scope.session
+        end
+        def flash
+          scope.flash
+        end
+        # Overridable methods
+        def account_id_value
+          account.send(account_id)
+        end
+        alias account_session_value account_id_value
+        def session_value
+          session[session_key]
+        end
+        def account_status_id_value
+          account.send(account_status_id)
+        end
+        def _account_from_login(login)
+          @account = account_from_login(login)
+        end
+        def account_from_login(login)
+          ds = account_model.where(login_column=>login)
+          ds = ds.where(account_status_id=>[account_unverified_status_value, account_open_status_value]) unless skip_status_checks?
+          ds.first
+        end
+        def open_account?
+          skip_status_checks? || account_status_id_value == account_open_status_value
+        end
+        def unverified_account_message
+          "unverified account, please verify account before logging in"
+        end
+        def update_session
+          clear_session
+          session[session_key] = account_session_value
+        end
+        def check_before(feature)
+          meth = :"check_before_#{feature.feature_name}"
+          if respond_to?(meth)
+            send(meth)
+          elsif feature.account_required?
+            require_account
+          elsif logged_in?
+            already_logged_in
+          end
+        end
+        def account_model
+          ::Account
+        end
+        def db
+          account_model.db
+        end
+        # If the account_password_hash_column is set, the password hash is verified in
+        # ruby, it will not use a database function to do so, it will check the password
+        # hash using bcrypt.
+        def account_password_hash_column
+          nil
+        end
+        def already_logged_in
+          nil
+        end
+        def clear_session
+          session.clear
+        end
+        def default_redirect
+          '/'
+        end
+        def require_login_redirect
+          "#{prefix}/login"
+        end
+        def require_login_notice_message
+          "Please login to continue"
+        end
+        def prefix
+          ''
+        end
+        def login_required
+          set_notice_flash require_login_notice_message
+          request.redirect require_login_redirect
+        end
+        def random_key
+          require 'securerandom'
+          if RUBY_VERSION >= '1.9'
+            SecureRandom.urlsafe_base64(32)
+          else
+            # :nocov:
+            SecureRandom.hex(32)
+            # :nocov:
+          end
+        end
+        def title_instance_variable
+          nil
+        end
+        def set_title(title)
+          if title_instance_variable
+            scope.instance_variable_set(title_instance_variable, title)
+          end
+        end
+        def set_error_flash(message)
+          flash.now[:error] = message
+        end
+        def set_redirect_error_flash(message)
+          flash[:error] = message
+        end
+        def set_notice_flash(message)
+          flash[:notice] = message
+        end
+        def login_column
+          :email
+        end
+        def password_hash_column
+          :password_hash
+        end
+        def password_hash_table
+          :account_password_hashes
+        end
+        def no_matching_login_message
+          "no matching login"
+        end
+        def logged_in?
+          session[session_key]
+        end
+        def require_login
+          login_required unless logged_in?
+        end
+        def require_account
+          require_login
+          unless _account_from_session
+            clear_session
+            login_required
+          end
+        end
+        def login_param
+          'login'
+        end
+        def login_confirm_param
+          'login-confirm'
+        end
+        def login_label
+          'Login'
+        end
+        def login_confirm_label
+          "Confirm #{login_label}"
+        end
+        def password_label
+          'Password'
+        end
+        def password_confirm_label
+          "Confirm #{password_label}"
+        end
+        def login_errors_message
+          if errors = account.errors.on(login_column)
+            errors.join(', ')
+          end
+        end
+        def logins_do_not_match_message
+          'logins do not match'
+        end
+        def password_param
+          'password'
+        end
+        def password_confirm_param
+          'password-confirm'
+        end
+        def session_key
+          :account_id
+        end
+        def account_id
+          :id
+        end
+        def account_status_id
+          :status_id
+        end
+        def passwords_do_not_match_message
+          'passwords do not match'
+        end
+        def password_does_not_meet_requirements_message
+          "invalid password, does not meet requirements (minimum #{password_minimum_length} characters)"
+        end
+        def password_minimum_length
+          6
+        end
+        def password_meets_requirements?(password)
+          password_minimum_length <= password.length
+        end
+        def account_unverified_status_value
+          1
+        end
+        def account_open_status_value
+          2
+        end
+        def account_initial_status_value
+          account_open_status_value
+        end
+        def _account_from_session
+          @account = account_from_session
+        end
+        def account_from_session
+          ds = account_model.where(account_id=>scope.session[session_key])
+          ds = ds.where(account_status_id=>account_open_status_value) unless skip_status_checks?
+          ds.first
+        end
+        def password_hash_cost
+          require 'bcrypt'
+          if ENV['RACK_ENV'] == 'test'
+            BCrypt::Engine::MIN_COST
+          else
+            # :nocov:
+            BCrypt::Engine::DEFAULT_COST
+            # :nocov:
+          end
+        end
+        def password_hash(password)
+          require 'bcrypt'
+          BCrypt::Password.create(password, :cost=>password_hash_cost)
+        end
+        def set_password(password)
+          hash = password_hash(password)
+          if account_password_hash_column
+            account.set(account_password_hash_column=>hash).save_changes(:raise_on_save_failure=>true)
+          else
+            if db[password_hash_table].where(account_id=>account_id_value).update(password_hash_column=>hash) == 0
+              db[password_hash_table].insert(account_id=>account_id_value, password_hash_column=>hash)
+            end
+          end
+        end
+        def transaction(&block)
+          db.transaction(&block)
+        end
+        def email_from
+          "webmaster@#{request.host}"
+        end
+        def email_to
+          account.email
+        end
+        def create_email(subject, body)
+          require 'mail'
+          m = Mail.new
+          m.from = email_from
+          m.to = email_to
+          m.subject = "#{email_subject_prefix}#{subject}"
+          m.body = body
+          m
+        end
+        def email_subject_prefix
+          nil
+        end
+        def view(page, title)
+          set_title(title)
+          _view(:view, page)
+        end
+        def render(page)
+          _view(:render, page)
+        end
+        def skip_status_checks?
+          false
+        end
+        def after_close_account
+        end
+        private
+        def _view(meth, page)
+          auth = self
+          scope.instance_exec do
+            template_opts = find_template(parse_template_opts(page, :locals=>{:rodauth=>auth}))
+            unless File.file?(template_path(template_opts))
+              template_opts[:path] = File.join(File.dirname(__FILE__), '../../../../templates', "#{page}.str")
+            end
+            send(meth, template_opts)
+          end
+        end
+      end
+    end
+  end
+end