salted_login_generator 1.0.4 → 1.0.5

data/USAGE

@@ -1,27 +1,34 @@
 NAME
-     login - creates a functional login system
+     salted_login - creates a functional login system
 
 SYNOPSIS
-     login [Controller name]
+     salted_login [Controller name] [Localization Name]
      
-     Good names are Account Myaccount Security
+     Good names are User, Account, Myaccount or Security and Localization
+     or LocalizationSettings.
 
 DESCRIPTION
      This generator creates a general purpose login system.
 
      Included:
-      - a User model which uses SHA1 encryption and salted hashes for passwords
-      - a Controller with signup, login, welcome and logoff actions
-      - a Notifier that integrates with the controller to prevent script based
-      	account creation (i.e., requires account verification from the registered
-	email address) and supports forgotten and changing passwords
-      - a mixin which lets you easily add advanced authentication 
+      - a model which uses SHA1 encryption and salted hashes for passwords
+      - a controller with signup, login, welcome and logoff actions
+      - a mailer that integrates with the controller to prevent script based
+      	account creation (i.e., requires account verification from the
+	registered email address) and supports forgotten and changed passwords
+      - a mixin which lets you easily add advanced authentication
         features to your abstract base controller
-      - a user_model.sql with the minimal sql required to get the model to work. 
+      - a user_model.sql with the minimal sql required to get the model
+        to work.
       - extensive unit and functional test cases to make sure nothing breaks.
+      - localization support via the localization generator
+      - token based authentication
             
 EXAMPLE
-      ./script/generate login Account
+      ./script/generate salted_login User Localization
 
-     This will generate an Account controller with login and logout methods. 
-     The model is always called User 
+     This will generate a User controller with login and logout methods. 
+     The class names are UserController, User (model), and UserNotifier
+     (mailer). It will also generate a module named UserLoginSystem, and
+     invoke the localization generator, which will produce a module named
+     Localization.

data/salted_login_generator.rb

@@ -1,22 +1,31 @@
-class SaltedLoginGenerator < Rails::Generator::NamedBase
+class SaltedLoginGenerator < LocalizationGenerator #Rails::Generator::NamedBase
   def manifest
     record do |m|
-      
+      m.dependency 'localization', [ARGV[1]]
+
+      # Check for class naming collisions.
+      #m.class_collisions class_path, "#{class_name}Controller", "#{class_name}ControllerTest", "#{class_name}Helper", "#{class_name}LoginSystem"
+
       # Login module, controller class, functional test, and helper.
-      m.template "login_system.rb", "lib/login_system.rb"
+      m.template "login_system.rb", "lib/#{file_name}_system.rb"
       m.template "controller.rb", File.join("app/controllers", class_path, "#{file_name}_controller.rb")
-      m.template "controller_test.rb", File.join("test/functional", class_path, "#{file_name}_controller_test.rb")
+      m.template "controller_test.rb", "test/functional/#{file_name}_controller_test.rb"
       m.template "helper.rb", File.join("app/helpers", class_path, "#{file_name}_helper.rb")
 
       # Model class, unit test, fixtures, and example schema.
-      m.template "user.rb", "app/models/user.rb"
-      m.template "notify.rb", File.join("app/models", "notify.rb")
-      m.template "user_test.rb", "test/unit/user_test.rb"
-      m.template "users.yml", "test/fixtures/users.yml"
-      m.template "user_model.sql", "db/user_model.sql"
-      m.template "app-config-development.yml", "config/environments/app-config-development.yml"
-      m.template "app-config-production.yml", "config/environments/app-config-production.yml"
-      m.template "app-config-test.yml", "config/environments/app-config-test.yml"
+      m.template "user.rb", File.join("app/models", class_path, "#{file_name}.rb")
+      m.template "notify.rb", File.join("app/models", class_path, "#{file_name}_notify.rb")
+      m.template "mock_notify.rb", "test/mocks/test/#{file_name}_notify.rb"
+      m.file "mock_time.rb", "test/mocks/test/time.rb"
+
+      m.template "user_test.rb", "test/unit/#{file_name}_test.rb"
+      m.template "users.yml", "test/fixtures/#{plural_name}.yml"
+      m.file "user_model.erbsql", "db/user_model.erbsql"
+
+      # Configuration and miscellaneous
+      m.template "login_environment.rb", "config/environments/#{file_name}_environment.rb"
+      m.file "create_db", "script/create_db"
+      m.template "en.yaml", "lang/en.yaml"
 
       # Layout and stylesheet.
       m.template "scaffold:layout.rhtml", "app/views/layouts/scaffold.rhtml"
@@ -29,14 +38,20 @@ class SaltedLoginGenerator < Rails::Generator::NamedBase
         File.join("app/views", class_path, file_name, "#{action}.rhtml")
       end
 
-#      raise "1: #{class_path} 2: #{file_name}"
-      m.directory File.join("app/views", "notify")
+      # Partials
+      m.directory File.join("app/views", class_path, file_name)
+      partial_views.each do |action|
+        m.template "_view_#{action}.rhtml",
+        File.join("app/views", class_path, file_name, "_#{action}.rhtml")
+      end
+
+      m.directory File.join("app/views", "#{singular_name}_notify")
       notify_views.each do |action|
         m.template "notify_#{action}.rhtml",
-        File.join("app/views", "notify", "#{action}.rhtml")
+        File.join("app/views", "#{singular_name}_notify", "#{action}_en.rhtml")
       end
 
-      m.template "README", "README_LOGIN"
+      m.template "README", "README_#{class_name.upcase}_LOGIN"
     end
   end
 
@@ -46,6 +61,10 @@ class SaltedLoginGenerator < Rails::Generator::NamedBase
     %w(welcome login logout signup forgot_password change_password)
   end
 
+  def partial_views
+    %w(edit password)
+  end
+
   def notify_views
     %w(signup forgot_password change_password)
   end

data/templates/README

@@ -1,84 +1,81 @@
 == Installation
 
-Done generating the login system. but there are still a few things you have to
-do manually. First open your application.rb and add
+After generating the login system, edit your app/controllers/application.rb
+file. The beginning of your ApplicationController should look something like
+this:
 
-  require_dependency "login_system"
-
-to the top of the file and include the login system with
-
-  include LoginSystem 
-
-The beginning of your ApplicationController.
-It should look something like this : 
-
-  require_dependency "login_system"
+  require '<%= file_name %>_system'
 
   class ApplicationController < ActionController::Base
-    include LoginSystem
-    model :user
+    include <%= class_name %>System
+    helper: <%= class_name %>
+    before_filter :login_required
 
-After you have done the modifications the the AbstractController you can import
-the user model into the database. This model is meant as an example and you
-should extend it. If you just want to get things up and running you can find
-some create table syntax in db/user_model.sql.
+After you have done the modifications the the ApplicationController and its
+helper, you can import the <%= singular_name %> model into the database. This
+model is meant as an example and you should extend it. If you just want to get
+things up and running you can find some create table syntax in
+db/user_model.sql.
 
-The model :user is required when you are hitting problems to the degree of
-"Session could not be restored becuase not all items in it are known"
+You also need to add the following at the end of your config/environment.rb
+file:
 
-You also need to addd the following at the end of your config/environment.rb file:
+require 'environments/<%= singular_name %>_environment'
 
-require 'yaml'
-CONFIG = YAML::load(File.open("#{RAILS_ROOT}/config/environments/app-config-#{RAILS_ENV}.yml"))
-
-Under the 'enviroments' subdirectory, you'll find
-app-config-{development, production, test}.yml files. Edit these as appropriate.
+Under the 'enviroments' subdirectory, you'll find <%= singular_name %>_environment.rb.
+Edit this file as necessary...
 
 == Requirements
 
-You need a database table corresponding to the User model. 
+You need a database table corresponding to the <%= class_name %> model. 
 
   mysql syntax:
-  CREATE TABLE users (
-    id int(11) NOT NULL auto_increment,
-    login varchar(80) default NULL,
-    password varchar(40) default NULL,
-    firstname varchar(40) default NULL,
-    lastname varchar(40) default NULL,
-    uuid char(32) default NULL,
-    salt char(32) default NULL,
-    verified INT default 0,    
-    PRIMARY KEY  (id)
-  );
- 
-  postgres :
-  CREATE TABLE "users" (
-   "id" SERIAL NOT NULL UNIQUE,
-   "login" VARCHAR(80),
-   "password" VARCHAR,
-   "firstname" VARCHAR(80),
-   "lastname" VARCHAR(80),
-   "uuid" CHAR(32),
-   "salt" CHAR(32),
-   "verified" INT DEFAULT 0,
-   PRIMARY KEY("id")
+  CREATE TABLE <%= plural_name %> (
+    id INTEGER UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY,
+    login VARCHAR(80) NOT NULL,
+    password VARCHAR(40) NOT NULL,
+    email VARCHAR(60) NOT NULL,
+    firstname VARCHAR(40) NOT NULL,
+    lastname VARCHAR(40) NOT NULL,
+    salt CHAR(40) NOT NULL,
+    verified INT default 0,
+    role VARCHAR(40) default NULL,
+    security_token CHAR(40) default NULL,
+    token_expiry DATETIME default NULL
+  ) TYPE=InnoDB DEFAULT CHARSET=utf8;
+
+  postgres:
+  CREATE TABLE "<%= plural_name %>" (
+    id SERIAL PRIMARY KEY
+    login VARCHAR(80) NOT NULL,
+    password VARCHAR(40) NOT NULL,
+    email VARCHAR(60) NOT NULL,
+    firstname VARCHAR(40) NOT NULL,
+    lastname VARCHAR(40) NOT NULL,
+    salt CHAR(40) NOT NULL,
+    verified INT default 0,
+    role VARCHAR(40) default NULL,
+    security_token CHAR(40) default NULL,
+    token_expiry TIMESTAMP default NULL
   ) WITH OIDS;
 
-
   sqlite:
-  CREATE TABLE 'users' (
-    'id' INTEGER PRIMARY KEY NOT NULL,
-    'user' VARCHAR(80) DEFAULT NULL,
-    'password' VARCHAR(40) DEFAULT NULL,
-    'firstname' VARCHAR(40) DEFAULT NULL,
-    'lastname' VARCHAR(40) DEFAULT NULL,
-    'uuid' CHAR(32) DEFAULT NULL,
-    'salt' CHAR(32) DEFAULT NULL,
-    'verified' INT DEFAULT 0
+  CREATE TABLE '<%= plural_name %>' (
+    id INTEGER PRIMARY KEY,
+    login VARCHAR(80) NOT NULL,
+    password VARCHAR(40) NOT NULL,
+    email VARCHAR(60) NOT NULL,
+    firstname VARCHAR(40) NOT NULL,
+    lastname VARCHAR(40) NOT NULL,
+    salt CHAR(40) NOT NULL,
+    verified INT default 0,
+    role VARCHAR(40) default NULL,
+    security_token CHAR(40) default NULL,
+    token_expiry DATETIME default NULL
   );
 
-Of course your user model can have any amount of extra fields. This is just a
-starting point
+Of course your <%= singular_name %> model can have any amount of extra fields.
+This is just a starting point
 
 == How to use it 
 
@@ -87,14 +84,14 @@ controllers which you would like to protect.
 
 After integrating the login system with your rails application navigate to your
 new controller's signup method. There you can create a new account. After you
-are done you should have a look at your DB. Your freshly created user will be
-there but the password will be a sha1 hashed 40 digit mess. I find this should
-be the minimum of security which every page offering login&password should give
-its customers. Now you can move to one of those controllers which you protected
-with the before_filter :login_required snippet. You will automatically be re-
-directed to your freshly created login controller and you are asked for a
-password. After entering valid account data you will be taken back to the
-controller which you requested earlier. Simple huh?
+are done you should have a look at your DB. Your freshly created <%= singular_name %>
+will be there but the password will be a sha1 hashed 40 digit mess. I find
+this should be the minimum of security which every page offering login &
+password should give its customers. Now you can move to one of those 
+controllers which you protected with the before_filter :login_required snippet.
+You will automatically be re-directed to your freshly created login controller
+and you are asked for a password. After entering valid account data you will be
+taken back to the controller which you requested earlier. Simple huh?
 
 == Tips & Tricks
 
@@ -102,9 +99,9 @@ How do I...
 
   ... access the user who is currently logged in
 
-  A: You can get the user object from the session using @session['user']
+  A: You can get the <%= singular_name %> object from the session using @session['<%= singular_name %>']
      Example: 
-       Welcome <%%= @session['user'].name %> 
+       Welcome <%%= @session['<%= singular_name %>'].name %> 
 
   ... restrict access to only a few methods? 
   
@@ -115,10 +112,10 @@ How do I...
      
   ... check if a user is logged-in in my views?
   
-  A: @session['user'] will tell you. Here is an example helper which you can use to make this more pretty:
+  A: @session['<%= singular_name %>'] will tell you. Here is an example helper which you can use to make this more pretty:
      Example: 
-       def user?
-         !@session['user'].nil?
+       def <%= singular_name %>?
+         !@session['<%= singular_name %>'].nil?
        end
 
   ... return a user to the page they came from before logging in?
@@ -126,16 +123,14 @@ How do I...
   A: The user will be send back to the last url which called the method "store_location"
      Example:
        User was at /articles/show/1, wants to log in.
-       in articles_controller.rb, add store_location to the show function and send the user
-       to the login form. 
+       in articles_controller.rb, add store_location to the show function and
+       send the user to the login form. 
        After he logs in he will be send back to /articles/show/1
 
 
-You can find more help at http://wiki.rubyonrails.com/rails/show/LoginGenerator
-
+You can find more help at http://wiki.rubyonrails.com/rails/show/SaltedLoginGenerator
+
 == Changelog
 
-1.0.5 Bugfix in generator code
-1.0.2 Updated the readme with more tips&tricks
-1.0.1 Fixed problem in the readme
-1.0.0 First gem release
+1.0.5 Lots of fixes and changes (see rubyforge.org/salted-login)
+1.0.0 First gem release

data/templates/_view_edit.rhtml

@@ -0,0 +1,14 @@
+<div class="<%= singular_name %>_edit">
+  <%%= form_input :hidden_field, 'form', :value => 'edit' %>
+  <%%= form_input :hidden_field, 'id' %>
+
+  <table>
+    <%%= form_input changeable(<%= singular_name %>, "firstname"), "firstname" %>
+    <%%= form_input changeable(<%= singular_name %>, "lastname"), "lastname" %>
+    <%%= form_input changeable(<%= singular_name %>, "login"), "login", :size => 30 %><br/>
+    <%%= form_input changeable(<%= singular_name %>, "email"), "email" %>
+    <%% if submit %>
+      <%%= form_input :submit_button, <%= singular_name %>.new_record? ? 'signup' : 'change_settings', :class => 'two_columns' %>
+    <%% end %>
+  </table>
+</div>

data/templates/_view_password.rhtml

@@ -0,0 +1,12 @@
+<div class="<%= singular_name %>_password">
+  <%%= form_input :hidden_field, 'form', :value => 'change_password' %>
+  <%%= form_input :hidden_field, 'id' %>
+
+  <table>
+    <%%= form_input :password_field, "password", :size => 30 %>
+    <%%= form_input :password_field, "password_confirmation", :size => 30 %>
+    <%% if submit %>
+      <%%= form_input :submit_button, 'change_password' %>
+    <%% end %>
+  </table>
+</div>                                                                          

data/templates/controller.rb

@@ -1,114 +1,154 @@
 class <%= class_name %>Controller < ApplicationController
-  model   :user
+  model   :<%= singular_name %>
   layout  'scaffold'
 
-  before_filter :login_required, :only => [:change_password]
-
   def login
-    case @request.method
-    when :post
-      @user = User.new(@params['user'])
-      if @session['user'] = User.authenticate(@params['user']['login'], @params['user']['password'])
-        flash['notice'] = "Login successful"
-        @user = nil
-        redirect_back_or_default :action => 'welcome'
-      else
-        @login = @params['user']['login']
-        flash['message'] = "Login unsuccessful"
-      end
-    when :get
-      @user = User.new
+    generate_blank
+    @<%= singular_name %> = <%= class_name %>.new(@params['<%= singular_name %>'])
+    if @session['<%= singular_name %>'] = <%= class_name %>.authenticate(@params['<%= singular_name %>']['login'], @params['<%= singular_name %>']['password'])
+      flash['notice'] = l(:<%= singular_name %>_login_succeeded)
+      redirect_back_or_default :action => 'welcome'
+    else
+      @login = @params['<%= singular_name %>']['login']
+      flash.now['message'] = l(:<%= singular_name %>_login_failed)
     end
   end
 
   def signup
-    case @request.method
-    when :post
-      @user = User.new(@params['user'])
-      begin
-        User.transaction(@user) do
-          if @user.save
-            Notify.deliver_signup(@user, @params['user']['password'])
-            flash['notice'] = "Signup successful! Please check your registered email account to verify your account registration and continue with the login."
-            @user = nil
-            redirect_to :action => 'login'
-          end
+    generate_blank
+    @params['<%= singular_name %>'].delete('form')
+    @<%= singular_name %> = <%= class_name %>.new(@params['<%= singular_name %>'])
+    begin
+      <%= class_name %>.transaction(@<%= singular_name %>) do
+        if @<%= singular_name %>.save
+          key = @<%= singular_name %>.generate_security_token
+          url = url_for(:action => 'welcome')
+          url += "?<%= singular_name %>[id]=#{@<%= singular_name %>.id}&key=#{key}"
+          <%= class_name %>Notify.deliver_signup(@<%= singular_name %>, @params['<%= singular_name %>']['password'], url)
+          flash['notice'] = l(:<%= singular_name %>_signup_succeeded)
+          redirect_to :action => 'login'
         end
-      rescue
-        flash['message'] = "Error creating account: confirmation email not sent"
       end
-    when :get
-      @user = User.new
-    end      
+    rescue
+      flash.now['message'] = l(:<%= singular_name %>_confirmation_email_error)
+    end
   end  
   
   def logout
-    @session['user'] = nil
+    @session['<%= singular_name %>'] = nil
     redirect_to :action => 'login'
   end
 
   def change_password
+    generate_filled_in
+    @params['<%= singular_name %>'].delete('form')
+    begin
+      <%= class_name %>.transaction(@<%= singular_name %>) do
+        @<%= singular_name %>.change_password(@params['<%= singular_name %>']['password'], @params['<%= singular_name %>']['password_confirmation'])
+        if @<%= singular_name %>.save
+          <%= class_name %>Notify.deliver_change_password(@<%= singular_name %>, @params['<%= singular_name %>']['password'])
+          flash.now['notice'] = l(:<%= singular_name %>_updated_password, "#{@<%= singular_name %>.email}")
+        end
+      end
+    rescue
+      flash.now['message'] = l(:<%= singular_name %>_change_password_email_error)
+    end
+  end
+
+  def forgot_password
+    # Always redirect if logged in
+    if <%= singular_name %>?
+      flash['message'] = l(:<%= singular_name %>_forgot_password_logged_in)
+      redirect_to :action => 'change_password'
+      return
+    end
+
     case @request.method
-    when :post
-      @user = @session['user']
+    # Render on :get
+    when :get
+      @user = User.new
+      render
+    end
+
+    # Handle the :post
+    if @params['<%= singular_name %>']['email'].empty?
+      flash.now['message'] = l(:<%= singular_name %>_enter_valid_email_address)
+    elsif (<%= singular_name %> = <%= class_name %>.find_by_email(@params['<%= singular_name %>']['email'])).nil?
+      flash.now['message'] = l(:<%= singular_name %>_email_address_not_found, "#{@params['<%= singular_name %>']['email']}")
+    else
       begin
-        User.transaction(@user) do
-          @user.attributes = @params['user']
-          @user.change_password(@params['user']['password'])
-          if @user.save
-            Notify.deliver_change_password(@user, @params['user']['password'])
-            flash['notice'] = "Your updated password has been emailed to #{@user.email}"
-            @user = nil
-            redirect_back_or_default :action => 'welcome'
-          end
+        <%= class_name %>.transaction(<%= singular_name %>) do
+          key = <%= singular_name %>.generate_security_token
+          url = url_for(:action => 'change_password')
+          url += "?<%= singular_name %>[id]=#{<%= singular_name %>.id}&key=#{key}"
+          <%= class_name %>Notify.deliver_forgot_password(<%= singular_name %>, url)
+          flash['notice'] = l(:<%= singular_name %>_forgotten_password_emailed, "#{@params['<%= singular_name %>']['email']}")
+          redirect_to :action => 'login' unless <%= singular_name %>?
+          redirect_back_or_default :action => 'welcome'
         end
       rescue
-        flash['message'] = "Your password could not be changed at this time. Please retry."
+        flash.now['message'] = l(:<%= singular_name %>_forgotten_password_email_error, "#{@params['<%= singular_name %>']['email']}")
       end
-    when :get
-      @user = User.new
     end
   end
 
-  def forgot_password
-    case @request.method
-    when :post
-      if @params['user']['email'].empty?
-        flash['message'] = "Please enter a valid email address"
-      else
-        @user = User.find_by_email(@params['user']['email'])
-        if @user.nil?
-          flash['message'] = "We could not find a user with the email address #{@params['user']['email']}"
+  def edit
+    generate_filled_in
+    if @params['<%= singular_name %>']['form']
+      form = @params['<%= singular_name %>'].delete('form')
+      oid = @params['<%= singular_name %>'].delete('id')
+      begin
+        case form
+        when "edit"
+          changeable_fields = ['firstname', 'lastname']
+          params = @params['<%= singular_name %>'].delete_if { |k,v| not changeable_fields.include?(k) }
+          @<%= singular_name %>.attributes = params
+          @<%= singular_name %>.save
+        when "change_password"
+          change_password
         else
-          begin
-            User.transaction(@user) do
-              pass = @user.makepass
-              @user.change_password(pass)
-              if @user.save
-                Notify.deliver_forgot_password(@user, pass)
-                flash['notice'] = "Your new password has been emailed to #{@params['user']['email']}"
-                @user = nil
-                redirect_to :action => 'login' unless !@session['user'].nil?
-                redirect_back_or_default :action => 'welcome'
-              end
-            end
-          rescue
-            flash['message'] = "Your password could not be emailed to #{@params['user']['email']}"
-          end
+          raise "unknown edit action"
         end
       end
-    when :get
-      @user = User.new
     end
   end
 
-  def verify
-    user = User.find_by_uuid(@params['id'])
-    user.verify
-    flash['notice'] = "Account verified!"
+  def delete
+    if @params['id']
+      <%= singular_name %> = <%= class_name %>.find(@params['id'])
+      <%= singular_name %>.destroy()
+    end
     redirect_to :action => 'login'
   end
-    
+
   def welcome
   end
+
+  protected
+  
+  def protect?(action)
+    if ['login', 'signup', 'forgot_password'].include?(action)
+      return false
+    else
+      return true
+    end
+  end
+
+  # Generate a template <%= singular_name %> for certain actions on get
+  def generate_blank
+    case @request.method
+    when :get
+      @<%= singular_name %> = <%= class_name %>.new
+      render
+    end
+  end
+
+  # Generate a template <%= singular_name %> for certain actions on get
+  def generate_filled_in
+    @<%= singular_name %> = @session['<%= singular_name %>']
+    case @request.method
+    when :get
+      render
+    end
+  end
 end