rughetto-merb-auth-remember-me 0.0.1

data/LICENSE

@@ -0,0 +1,20 @@
+Copyright (c) 2008 Surasit Liangpornrattana
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/Rakefile

@@ -0,0 +1,57 @@
+require 'rubygems'
+require 'rake/gempackagetask'
+require 'spec/rake/spectask'
+
+require 'merb-core'
+require 'merb-core/tasks/merb'
+
+GEM_NAME = "merb-auth-remember-me"
+GEM_VERSION = "0.0.1"
+AUTHOR = "Surasit Liangpornrattana"
+EMAIL = "punneng@gmail.com"
+HOMEPAGE = "https://github.com/PunNeng/pn-merb-auth-remember-me"
+SUMMARY = "Merb plugin that provides remember me for merb-auth-slice-password"
+
+spec = Gem::Specification.new do |s|
+  s.rubyforge_project = 'merb'
+  s.name = GEM_NAME
+  s.version = GEM_VERSION
+  s.platform = Gem::Platform::RUBY
+  s.has_rdoc = true
+  s.extra_rdoc_files = ["README", "LICENSE", 'TODO']
+  s.summary = SUMMARY
+  s.description = s.summary
+  s.author = AUTHOR
+  s.email = EMAIL
+  s.homepage = HOMEPAGE
+  s.add_dependency('merb-core', '>= 1.0')
+  s.require_path = 'lib'
+  s.files = %w(LICENSE README Rakefile TODO) + Dir.glob("{lib,spec}/**/*")
+end
+
+Rake::GemPackageTask.new(spec) do |pkg|
+  pkg.gem_spec = spec
+end
+
+desc "install the plugin as a gem"
+task :install do
+  Merb::RakeHelper.install(GEM_NAME, :version => GEM_VERSION)
+end
+
+desc "Uninstall the gem"
+task :uninstall do
+  Merb::RakeHelper.uninstall(GEM_NAME, :version => GEM_VERSION)
+end
+
+desc "Create a gemspec file"
+task :gemspec do
+  File.open("#{GEM_NAME}.gemspec", "w") do |file|
+    file.puts spec.to_ruby
+  end
+end
+
+Spec::Rake::SpecTask.new do |t|
+   t.warning = true
+   t.spec_opts = ["--format", "specdoc", "--colour"]
+   t.spec_files = Dir['spec/**/*_spec.rb'].sort   
+end

data/TODO

@@ -0,0 +1,5 @@
+TODO:
+Fix LICENSE with your name
+Fix Rakefile with your name and contact info
+Add your code to lib/pn-remember-me.rb
+Add your Merb rake tasks to lib/pn-remember-me/merbtasks.rb

data/lib/merb-auth-remember-me.rb

@@ -0,0 +1,27 @@
+# make sure we're running inside Merb
+if defined?(Merb::Plugins)
+
+  $:.unshift File.dirname(__FILE__)
+
+  # register the authentication strategy
+  require(File.expand_path(File.dirname(__FILE__) / "merb-auth-remember-me" / "mixins") / "authenticated_user")
+  strategy_path = File.expand_path(File.dirname(__FILE__)) / "merb-auth-remember-me" / "strategies"
+  Merb::Authentication.register(:remember_me, strategy_path / "remember_me.rb")
+  
+  # Plugin configurations
+  Merb::Plugins.config[:merb_auth_remember_me] = { }
+  
+  Merb::BootLoader.before_app_loads do
+  end
+  
+  Merb::BootLoader.after_app_loads do
+    Merb::Authentication.after_authentication do |user,request,params|
+      if params[:remember_me] == "1" 
+        user.remember_me
+        request.cookies.set_cookie(:auth_token, user.remember_token, :expires => user.remember_token_expires_at.to_time)
+      end
+      true if user 
+    end
+  end
+  
+end

data/lib/merb-auth-remember-me/mixins/authenticated_user.rb

@@ -0,0 +1,97 @@
+require "digest/sha1"
+module Merb
+  class Authentication
+    module Mixins
+      # This mixin provides basic user remember token.
+      #
+      # Added properties:
+      #  :remember_token_expires_at, DateTime
+      #  :remember_token, String
+      #
+      # To use it simply require it and include it into your user class.
+      #
+      # class User
+      #   include Merb::Authentication::Mixins::AuthenticatedUser
+      #
+      # end
+      #
+      module AuthenticatedUser
+        def self.included(base)
+          base.class_eval do
+            include Merb::Authentication::Mixins::AuthenticatedUser::InstanceMethods
+            extend  Merb::Authentication::Mixins::AuthenticatedUser::ClassMethods
+
+            path = File.expand_path(File.dirname(__FILE__)) / "authenticated_user"
+            if defined?(DataMapper) && DataMapper::Resource > self
+              require path / "dm_authenticated_user"
+              extend(Merb::Authentication::Mixins::AuthenticatedUser::DMClassMethods)
+            elsif defined?(ActiveRecord) && ancestors.include?(ActiveRecord::Base)
+              require path / "ar_authenticated_user"
+              extend(Merb::Authentication::Mixins::AuthenticatedUser::ARClassMethods)
+            elsif defined?(Sequel) && ancestors.include?(Sequel::Model)
+              require path / "sq_authenticated_user"
+              extend(Merb::Authentication::Mixins::AuthenticatedUser::SQClassMethods)
+            end
+
+          end # base.class_eval
+        end # self.included
+
+
+        module ClassMethods
+          def secure_digest(*args)
+            Digest::SHA1.hexdigest(args.flatten.join('--'))
+          end
+
+          # Create random key.
+          #
+          # ==== Returns
+          # String:: The generated key
+          def make_token
+            secure_digest(Time.now, (1..10).map{ rand.to_s })
+          end 
+        end # ClassMethods
+
+        module InstanceMethods
+          def remember_token?
+            (!remember_token.blank?) && 
+              remember_token_expires_at && (Time.now.utc < remember_token_expires_at.utc)
+          end
+
+          # These create and unset the fields required for remembering users between browser closes
+          def remember_me(time = 2.weeks)
+            remember_me_for time
+          end
+
+          def remember_me_for(time)
+            remember_me_until time.from_now.utc
+          end
+
+          def remember_me_until(time)
+            self.remember_token_expires_at = time
+            self.remember_token            = self.class.make_token
+            save
+          end
+
+          # refresh token (keeping same expires_at) if it exists
+          def refresh_token
+            if remember_token?
+              self.remember_token = self.class.make_token 
+              save
+            end
+          end
+
+          # 
+          # Deletes the server-side record of the authentication token.  The
+          # client-side (browser cookie) and server-side (this remember_token) must
+          # always be deleted together.
+          #
+          def forget_me
+            self.remember_token_expires_at = nil
+            self.remember_token            = nil
+            save
+          end
+        end # InstanceMethods
+      end # AuthenticatedUser
+    end # Mixins
+  end # Authentication
+end # Merb

data/lib/merb-auth-remember-me/mixins/authenticated_user/ar_authenticated_user.rb

@@ -0,0 +1,14 @@
+module Merb
+  class Authentication
+    module Mixins
+      module AuthenticatedUser
+        module ARClassMethods
+          def self.extended(base)
+
+          
+          end # self.extended
+        end # ARClassMethods
+      end # ActivatedUser
+    end # Mixins
+  end # Authentication
+end # Merb

data/lib/merb-auth-remember-me/mixins/authenticated_user/dm_authenticated_user.rb

@@ -0,0 +1,17 @@
+module Merb
+  class Authentication
+    module Mixins
+      module AuthenticatedUser
+        module DMClassMethods
+          def self.extended(base)
+            base.class_eval do
+              property :remember_token_expires_at, DateTime
+              property :remember_token, String
+            end # base.class_eval
+          
+          end # self.extended
+        end # DMClassMethods
+      end # AuthenticatedUser
+    end # Mixins
+  end # Authentication
+end #Merb

data/lib/merb-auth-remember-me/mixins/authenticated_user/sq_authenticated_user.rb

@@ -0,0 +1,19 @@
+module Merb
+  class Authentication
+    module Mixins
+      module AuthenticatedUser
+        module SQClassMethods
+          def self.extended(base)
+            base.class_eval do
+
+            end # base.class_eval
+          
+          end # self.extended
+        end # SQClassMethods
+        module SQInstanceMethods
+        end # SQInstanceMethods
+      
+      end # AuthenticatedUser
+    end # Mixins
+  end # Authentication
+end # Merb

data/lib/merb-auth-remember-me/strategies/remember_me.rb

@@ -0,0 +1,56 @@
+class RememberMe < Merb::Authentication::Strategy
+  def run!
+    login_from_cookie
+  end
+
+  def current_user
+    @current_user
+  end
+  
+  def current_user=(new_user)
+    @current_user = new_user
+  end
+  
+  # Called from #current_user.  Finaly, attempt to login by an expiring token in the cookie.
+  # for the paranoid: we _should_ be storing user_token = hash(cookie_token, request IP)
+  def login_from_cookie
+    current_user = cookies[:auth_token] && Merb::Authentication.user_class.first(:conditions => ["remember_token = ?", cookies[:auth_token]])
+    if current_user && current_user.remember_token?
+      handle_remember_cookie! false # freshen cookie token (keeping date)
+      current_user
+    end
+  end
+  
+  #
+  # Remember_me Tokens
+  #
+  # Cookies shouldn't be allowed to persist past their freshness date,
+  # and they should be changed at each login
+
+  # Cookies shouldn't be allowed to persist past their freshness date,
+  # and they should be changed at each login
+
+  def valid_remember_cookie?
+    return nil unless current_user
+    (current_user.remember_token?) && 
+      (cookies[:auth_token] == current_user.remember_token)
+  end
+  
+  # Refresh the cookie auth token if it exists, create it otherwise
+  def handle_remember_cookie! new_cookie_flag
+    return unless current_user
+    case
+    when valid_remember_cookie? then current_user.refresh_token # keeping same expiry date
+    when new_cookie_flag        then current_user.remember_me 
+    else                             current_user.forget_me
+    end
+    send_remember_cookie!
+  end
+  
+  def send_remember_cookie!
+    cookies.set_cookie(:auth_token, current_user.remember_token, :expires => current_user.remember_token_expires_at.to_time)
+  end
+
+
+end
+

data/spec/merb-auth-remember-me_spec.rb

@@ -0,0 +1,2 @@
+require File.dirname(__FILE__) + '/spec_helper'
+

data/spec/mixins/authenticated_user_spec.rb

@@ -0,0 +1,34 @@
+require File.dirname(__FILE__) + '/../spec_helper'
+
+describe "Authenticated user" do
+
+  before :all do
+    @user = user.new
+    @user.remember_token_expires_at.should be_nil
+    @user.remember_token.should be_nil
+  end
+
+  it "should add the 'remember_token_expires_at' property to the user model" do
+    @user.should respond_to(:remember_token_expires_at)
+    @user.should respond_to(:remember_token_expires_at=)
+  end
+
+  it "should add the 'remember_token' property to the user model" do
+    @user.should respond_to(:remember_token)
+    @user.should respond_to(:remember_token=)
+  end
+
+  it "should save token and expires_at" do
+    @user.remember_me
+    @user.remember_token_expires_at.should_not be_nil
+    @user.remember_token.should_not be_nil
+  end
+
+  it "should save expires_at as 2 weeks later" do
+    @user.remember_me
+    @user.remember_token_expires_at.should eql((Time.now+2.weeks).to_datetime)
+  end
+
+end
+
+

data/spec/spec_helper.rb

@@ -0,0 +1,101 @@
+$:.push File.join(File.dirname(__FILE__), '..', 'lib')
+
+require 'rubygems'
+require 'activesupport'
+require 'merb-core'
+require 'dm-core'
+require 'do_sqlite3'
+require 'merb-auth-core'
+require 'merb-auth-more'
+require 'merb-auth-more/mixins/redirect_back'
+require 'spec'
+require 'merb-auth-remember-me'
+
+Merb.start_environment(
+  :testing => true, 
+  :adapter => 'runner', 
+  :environment => ENV['MERB_ENV'] || 'test',
+#  :merb_root => Merb.root,
+  :session_store => :cookie,
+  :exception_details => true,
+  :session_secret_key => "d3a6d6f99a25004dd82b71af8bded0ab71d3ea21"
+  
+)
+
+DataMapper.setup(:default, "sqlite3::memory:")
+    
+class User
+  include DataMapper::Resource
+  include Merb::Authentication::Mixins::AuthenticatedUser
+
+  property :id, Serial
+  property :email, String
+  property :login, String
+end
+
+Merb::Authentication.user_class = User
+def user
+  Merb::Authentication.user_class
+end
+
+
+# for strategy 
+Merb::Config[:exception_details] = true
+Merb::Router.reset!
+Merb::Router.prepare do
+  match("/login", :method => :get).to(:controller => "exceptions", :action => "unauthenticated").name(:login)
+  match("/login", :method => :put).to(:controller => "sessions", :action => "update")
+  
+  authenticate do
+    match("/").to(:controller => "my_controller")
+  end
+  match("/logout", :method => :delete).to(:controller => "sessions", :action => "destroy")
+end
+
+class Merb::Authentication
+  def store_user(user); user; end
+  def fetch_user(session_info); session_info; end
+end
+
+Merb::Authentication.activate!(:remember_me)
+Merb::Authentication.activate!(:default_password_form)
+
+class MockUserStrategy < Merb::Authentication::Strategy
+  def run!
+    params[:pass_auth] = if params[:pass_auth] == "false"
+      false 
+    else
+      Merb::Authentication.user_class.first
+    end
+    params[:pass_auth]
+  end
+end
+
+class Application < Merb::Controller; end
+
+class Sessions < Merb::Controller
+  before :ensure_authenticated
+  def update
+    redirect "/"
+  end
+  
+  def destroy
+    cookies.delete :auth_token
+    session.abandon!
+  end      
+end
+
+class MyController < Application
+  def index
+    "IN MY CONTROLLER"
+  end
+end
+
+Spec::Runner.configure do |config|
+  config.include(Merb::Test::ViewHelper)
+  config.include(Merb::Test::RouteHelper)
+  config.include(Merb::Test::ControllerHelper)
+  config.before(:all){ User.auto_migrate! }
+  config.after(:all){ User.all.destroy! }
+end
+

data/spec/strategies/remember_me_spec.rb

@@ -0,0 +1,63 @@
+require File.dirname(__FILE__) + '/../spec_helper'
+
+describe "Remember me strategy" do
+  def do_valid_login
+    put("/login", {:remember_me => "1", :pass_auth => true})
+  end
+  
+  def do_valid_login_without_remember_me
+    put("/login", {:pass_auth => true})
+  end
+
+  def do_invalid_login
+    put("/login", { :pass_auth => false})
+  end
+
+  def do_home_with_auth_token
+    get("/", { :pass_auth => true} ) do |controller|
+      controller.request.cookies[:auth_token] = "auth_token_string"
+    end
+  end
+
+  before :each do
+    @user = mock(Merb::Authentication.user_class, :remember_me => true)
+    user.stub!(:first).and_return(@user)
+    @user.stub!(:remember_token?).and_return(true)
+    @user.stub!(:remember_token).and_return(Time.now + 1.week)
+    @user.stub!(:remember_token_expires_at).and_return(Time.now)
+    @user.stub!(:forget_me).and_return(true)
+  end
+
+  it "should save remember_token and remember_token_expires_at if remember_me == '1'" do
+    Merb::Authentication.user_class.should_receive(:first).and_return(@user)
+    @user.should_receive(:remember_me)
+    @user.remember_token.should_not be_nil
+    @user.remember_token_expires_at.should_not be_nil
+    do_valid_login.should redirect_to('/')
+  end
+
+  it "should not remember me unless remember_me == '1'" do 
+    Merb::Authentication.user_class.should_receive(:first).and_return(true)
+    @user.should_not_receive(:remember_me)
+    do_valid_login_without_remember_me.should redirect_to('/')
+  end
+
+  it "should log in automatically if auth_token exists" do
+    Merb::Authentication.user_class.should_receive(:first).and_return(@user)
+    do_home_with_auth_token.should be_successful
+  end
+
+  it "should raise unauthenticated if auth_token doesn't exist" do
+    lambda do
+      do_invalid_login
+    end.should raise_error(Merb::Controller::Unauthenticated, "Could not log in")
+  end
+  
+  it "should clear auth_token after loging out" do
+    delete('/logout') do |controller|
+      controller.cookies.should_receive(:delete).with(:auth_token)
+    end
+  end
+end
+
+

metadata

@@ -0,0 +1,84 @@
+--- !ruby/object:Gem::Specification 
+name: rughetto-merb-auth-remember-me
+version: !ruby/object:Gem::Version 
+  version: 0.0.1
+platform: ruby
+authors: 
+- Surasit Liangpornrattana
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2009-02-27 00:00:00 -08:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: merb-core
+  type: :runtime
+  version_requirement: 
+  version_requirements: !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: "1.0"
+    version: 
+description: Merb plugin that provides remember me for merb-auth-slice-password
+email: punneng@gmail.com
+executables: []
+
+extensions: []
+
+extra_rdoc_files: 
+- README
+- LICENSE
+- TODO
+files: 
+- LICENSE
+- README
+- Rakefile
+- TODO
+- lib/merb-auth-remember-me
+- lib/merb-auth-remember-me/merbtasks.rb
+- lib/merb-auth-remember-me/mixins
+- lib/merb-auth-remember-me/mixins/authenticated_user
+- lib/merb-auth-remember-me/mixins/authenticated_user/ar_authenticated_user.rb
+- lib/merb-auth-remember-me/mixins/authenticated_user/dm_authenticated_user.rb
+- lib/merb-auth-remember-me/mixins/authenticated_user/sq_authenticated_user.rb
+- lib/merb-auth-remember-me/mixins/authenticated_user.rb
+- lib/merb-auth-remember-me/strategies
+- lib/merb-auth-remember-me/strategies/remember_me.rb
+- lib/merb-auth-remember-me.rb
+- spec/merb-auth-remember-me_spec.rb
+- spec/mixins
+- spec/mixins/authenticated_user_spec.rb
+- spec/spec_helper.rb
+- spec/strategies
+- spec/strategies/remember_me_spec.rb
+has_rdoc: true
+homepage: https://github.com/PunNeng/pn-merb-auth-remember-me
+post_install_message: 
+rdoc_options: []
+
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+  version: 
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+  version: 
+requirements: []
+
+rubyforge_project: merb
+rubygems_version: 1.2.0
+signing_key: 
+specification_version: 2
+summary: Merb plugin that provides remember me for merb-auth-slice-password
+test_files: []
+