salted_login_generator 1.0.5 → 1.0.6

data/salted_login_generator.rb

@@ -58,7 +58,7 @@ class SaltedLoginGenerator < LocalizationGenerator #Rails::Generator::NamedBase
   attr_accessor :controller_class_name
   
   def login_views
-    %w(welcome login logout signup forgot_password change_password)
+    %w(welcome login logout edit signup forgot_password change_password)
   end
 
   def partial_views
@@ -66,6 +66,6 @@ class SaltedLoginGenerator < LocalizationGenerator #Rails::Generator::NamedBase
   end
 
   def notify_views
-    %w(signup forgot_password change_password)
+    %w(signup forgot_password change_password delete pending_delete)
   end
 end

data/templates/README

@@ -8,7 +8,7 @@ this:
 
   class ApplicationController < ActionController::Base
     include <%= class_name %>System
-    helper: <%= class_name %>
+    helper: <%= singular_name %>
     before_filter :login_required
 
 After you have done the modifications the the ApplicationController and its
@@ -132,5 +132,6 @@ You can find more help at http://wiki.rubyonrails.com/rails/show/SaltedLoginGene
 
 == Changelog
 
+1.0.6 Proper delete support and bug fixes
 1.0.5 Lots of fixes and changes (see rubyforge.org/salted-login)
 1.0.0 First gem release

data/templates/_view_edit.rhtml

@@ -1,6 +1,5 @@
 <div class="<%= singular_name %>_edit">
   <%%= form_input :hidden_field, 'form', :value => 'edit' %>
-  <%%= form_input :hidden_field, 'id' %>
 
   <table>
     <%%= form_input changeable(<%= singular_name %>, "firstname"), "firstname" %>

data/templates/_view_password.rhtml

@@ -1,6 +1,5 @@
 <div class="<%= singular_name %>_password">
   <%%= form_input :hidden_field, 'form', :value => 'change_password' %>
-  <%%= form_input :hidden_field, 'id' %>
 
   <table>
     <%%= form_input :password_field, "password", :size => 30 %>

data/templates/controller.rb

@@ -96,7 +96,6 @@ class <%= class_name %>Controller < ApplicationController
     generate_filled_in
     if @params['<%= singular_name %>']['form']
       form = @params['<%= singular_name %>'].delete('form')
-      oid = @params['<%= singular_name %>'].delete('id')
       begin
         case form
         when "edit"
@@ -106,6 +105,8 @@ class <%= class_name %>Controller < ApplicationController
           @<%= singular_name %>.save
         when "change_password"
           change_password
+        when "delete"
+          delete
         else
           raise "unknown edit action"
         end
@@ -114,11 +115,35 @@ class <%= class_name %>Controller < ApplicationController
   end
 
   def delete
-    if @params['id']
-      <%= singular_name %> = <%= class_name %>.find(@params['id'])
-      <%= singular_name %>.destroy()
+    @<%= singular_name %> = @session['<%= singular_name %>']
+    begin
+      if <%= class_name %>System::CONFIG[:delayed_delete]
+        <%= class_name %>.transaction(@<%= singular_name %>) do
+          key = @<%= singular_name %>.set_delete_after
+          url = url_for(:action => 'restore_deleted')
+          url += "?<%= singular_name %>[id]=#{@<%= singular_name %>.id}&key=#{key}"
+          <%= class_name %>Notify.deliver_pending_delete(@<%= singular_name %>, url)
+        end
+      else
+        destroy(@<%= singular_name %>)
+      end
+      logout
+      redirect_to :action => 'login'
+    rescue
+      flash.now['message'] = l(:<%= singular_name %>_delete_email_error, "#{@<%= singular_name %>['email']}")
+      redirect_back_or_default :action => 'welcome'
+    end
+  end
+
+  def restore_deleted
+    @<%= singular_name %> = @session['<%= singular_name %>']
+    @<%= singular_name %>.deleted = 0
+    if not @<%= singular_name %>.save
+      flash.now['notice'] = l(:<%= singular_name %>_restore_deleted_error, "#{@<%= singular_name %>['login']}")
+      redirect_to :action => 'login'
+    else
+      redirect_to :action => 'welcome'
     end
-    redirect_to :action => 'login'
   end
 
   def welcome
@@ -126,6 +151,12 @@ class <%= class_name %>Controller < ApplicationController
 
   protected
   
+  def destroy(user)
+    <%= class_name %>Notify.deliver_delete(<%= singular_name %>)
+    flash['notice'] = l(:<%= singular_name %>_delete_finished, "#{<%= singular_name %>['login']}")
+    <%= singular_name %>.destroy()
+  end
+
   def protect?(action)
     if ['login', 'signup', 'forgot_password'].include?(action)
       return false

data/templates/controller_test.rb

@@ -48,9 +48,9 @@ class <%= class_name %>ControllerTest < Test::Unit::TestCase
       assert_equal 0, <%= singular_name %>.verified
 
       # First past the expiration.
-      Time.advance_one_day = true
+      Time.advance_by_days = 1
       get :welcome, "<%= singular_name %>"=> { "id" => "#{<%= singular_name %>.id}" }, "key" => "#{key}"
-      Time.advance_one_day = false
+      Time.advance_by_days = 0
       <%= singular_name %> = <%= class_name %>.find_by_email("newbob@test.com")
       assert_equal 0, <%= singular_name %>.verified
 
@@ -83,6 +83,61 @@ class <%= class_name %>ControllerTest < Test::Unit::TestCase
       assert false
     end
   end
+  
+  def test_edit
+    post :login, "<%= singular_name %>" => { "login" => "bob", "password" => "atest" }
+    assert_session_has "<%= singular_name %>"
+
+    post :edit, "<%= singular_name %>" => { "firstname" => "Bob", "form" => "edit" }
+    assert_equal @response.session['<%= singular_name %>'].firstname, "Bob"
+
+    post :edit, "<%= singular_name %>" => { "firstname" => "", "form" => "edit" }
+    assert_equal @response.session['<%= singular_name %>'].firstname, ""
+
+    get :logout
+  end
+
+  def test_delete
+    ActionMailer::Base.deliveries = []
+
+    # Immediate delete
+    post :login, "<%= singular_name %>" => { "login" => "deletebob1", "password" => "alongtest" }
+    assert_session_has "<%= singular_name %>"
+
+    <%= class_name %>System::CONFIG[:delayed_delete] = false
+    post :edit, "<%= singular_name %>" => { "form" => "delete" }
+    assert_equal 1, ActionMailer::Base.deliveries.size
+
+    assert_session_has_no "<%= singular_name %>"
+    post :login, "<%= singular_name %>" => { "login" => "deletebob1", "password" => "alongtest" }
+    assert_session_has_no "<%= singular_name %>"
+
+    # Now try delayed delete
+    ActionMailer::Base.deliveries = []
+
+    post :login, "<%= singular_name %>" => { "login" => "deletebob2", "password" => "alongtest" }
+    assert_session_has "<%= singular_name %>"
+
+    <%= class_name %>System::CONFIG[:delayed_delete] = true
+    post :edit, "<%= singular_name %>" => { "form" => "delete" }
+    assert_equal 1, ActionMailer::Base.deliveries.size
+    mail = ActionMailer::Base.deliveries[0]
+    mail.encoded =~ /user\[id\]=(.*?)&key=(.*?)"/
+    id = $1
+    key = $2
+    post :restore_deleted, "<%= singular_name %>" => { "id" => "#{id}" }, "key" => "badkey"
+    assert_session_has_no "<%= singular_name %>"
+
+    # Advance the time past the delete date
+    Time.advance_by_days = <%= class_name %>System::CONFIG[:delayed_delete_days]
+    post :restore_deleted, "<%= singular_name %>" => { "id" => "#{id}" }, "key" => "#{key}"
+    assert_session_has_no "<%= singular_name %>"
+    Time.advance_by_days = 0
+
+    post :restore_deleted, "<%= singular_name %>" => { "id" => "#{id}" }, "key" => "#{key}"
+    assert_session_has "<%= singular_name %>"
+    get :logout
+  end
 
   def test_signup
     do_test_signup(true, false)

data/templates/en.yaml

@@ -15,12 +15,16 @@ active_record_errors_not_a_number: is not a number
 <%= singular_name %>_login_failed: Login unsuccessful
 <%= singular_name %>_signup_succeeded: Signup successful! Please check your registered email account to verify your account registration and continue with the login.
 <%= singular_name %>_confirmation_email_error: 'Error creating account: confirmation email not sent'
-<%= singular_name %>_updated_password: Your updated password has been emailed to %s
+<%= singular_name %>_updated_password: Your updated password has been emailed to %s.
 <%= singular_name %>_change_password_email_error: Your password could not be changed at this time. Please retry.
-<%= singular_name %>_enter_valid_email_address: Please enter a valid email address
-<%= singular_name %>_email_address_not_found: We could not find a user with the email address %s
-<%= singular_name %>_forgotten_password_emailed: Instructions on resetting your password have been emailed to %s
-<%= singular_name %>_forgotten_password_email_error: Your password could not be emailed to %s
+<%= singular_name %>_enter_valid_email_address: Please enter a valid email address.
+<%= singular_name %>_email_address_not_found: We could not find a user with the email address %s.
+<%= singular_name %>_forgotten_password_emailed: Instructions on resetting your password have been emailed to %s.
+<%= singular_name %>_forgotten_password_email_error: Your password could not be emailed to %s.
+<%= singular_name %>_delete_emailed: Instructions on deleting your account have been emailed to %s.
+<%= singular_name %>_delete_email_error: The delete instructions were not sent. Please try again later.
+<%= singular_name %>_delete_finished: The account for %s was successfully deleted.
+<%= singular_name %>_restore_deleted_error: The account for %s was not restored. Please try the link again.
 <%= singular_name %>_account_verified: Account verified!
 
 # Views
@@ -67,3 +71,4 @@ active_record_errors_not_a_number: is not a number
 # Edit
 <%= singular_name %>_edit_head: Edit <%= singular_name %>
 <%= singular_name %>_change_settings_button: Change settings
+<%= singular_name %>_delete_account_button: Delete account

data/templates/login_environment.rb

@@ -26,6 +26,15 @@ module <%= class_name %>System
     # should NOT include the email field in this array.
     :changeable_fields => [ 'firstname', 'lastname' ],
 
+    # Set to true to allow delayed deletes (i.e., delete of record
+    # doesn't happen immediately after user selects delete account,
+    # but rather after some expiration of time to allow this action
+    # to be reverted).
+    :delayed_delete => false,
+
+    # Default is one week
+    :delayed_delete_days => 7,
+
     # Server environment
     :server_env => "#{RAILS_ENV}"
   }

data/templates/mock_time.rb

@@ -1,14 +1,14 @@
 require 'time'
 
 Time.class_eval { 
-  @@advance_one_day = false
-  cattr_accessor :advance_one_day
+  @@advance_by_days = 0
+  cattr_accessor :advance_by_days
 
   class << Time
     alias now_old now
     def now
-      if Time.advance_one_day
-        return Time.at(now_old.to_i + 60 * 60 * 24 + 1)
+      if Time.advance_by_days != 0
+        return Time.at(now_old.to_i + Time.advance_by_days * 60 * 60 * 24 + 1)
       else
         now_old
       end

data/templates/notify.rb

@@ -40,6 +40,31 @@ class <%= class_name %>Notify < ActionMailer::Base
     @body["app_name"] = <%= class_name %>System::CONFIG[:app_name].to_s
   end
 
+  def pending_delete(<%= singular_name %>, url=nil)
+    setup_email(<%= singular_name %>)
+
+    # Email header info
+    @subject += "Delete <%= singular_name %> notification"
+
+    # Email body substitutions
+    @body["name"] = "#{<%= singular_name %>.firstname} #{<%= singular_name %>.lastname}"
+    @body["url"] = url || <%= class_name %>System::CONFIG[:app_url].to_s
+    @body["app_name"] = <%= class_name %>System::CONFIG[:app_name].to_s
+    @body["days"] = <%= class_name %>System::CONFIG[:delayed_delete_days].to_s
+  end
+
+  def delete(<%= singular_name %>, url=nil)
+    setup_email(<%= singular_name %>)
+
+    # Email header info
+    @subject += "Delete <%= singular_name %> notification"
+
+    # Email body substitutions
+    @body["name"] = "#{<%= singular_name %>.firstname} #{<%= singular_name %>.lastname}"
+    @body["url"] = url || <%= class_name %>System::CONFIG[:app_url].to_s
+    @body["app_name"] = <%= class_name %>System::CONFIG[:app_name].to_s
+  end
+
   def setup_email(<%= singular_name %>)
     @recipients = "#{<%= singular_name %>.email}"
     @from       = <%= class_name %>System::CONFIG[:email_from].to_s

data/templates/notify_delete.rhtml

@@ -0,0 +1,5 @@
+Dear <%%= @name %>,
+
+At your request, <%%= @app_name %> has permanently deleted your account.
+ 
+<%%= @url %>

data/templates/notify_pending_delete.rhtml

@@ -0,0 +1,9 @@
+Dear <%%= @name %>,
+
+At your request, <%%= @app_name %> has marked your account for deletion. If it was not at your request, then you should be aware that someone has access to your account and requested this change.
+
+The following link is provided for you to restore your deleted account. If you click on this link within the next <%%= @days %> days, your account will not be deleted. Otherwise, simply ignore this email and your account will be permanently deleted after that time.
+
+<a href="<%%= @url%>">Click me!</a>
+ 
+<%%= @url %>

data/templates/notify_signup.rhtml

@@ -1,4 +1,4 @@
-Welcome to logbook, <%%= @name %>.
+Welcome to <%%= @app_name %>, <%%= @name %>.
 
 Your login credentials are:
 

data/templates/user.rb

@@ -27,12 +27,14 @@ class <%= class_name %> < ActiveRecord::Base
   end
 
   def self.authenticate(login, pass)
-    u = find_first(["login = ? AND verified = 1", login])
+    u = find_first(["login = ? AND verified = 1 AND deleted = 0", login])
     return nil if u.nil?
     find_first(["login = ? AND salted_password = ? AND verified = 1", login, salted_password(u.salt, hashed(pass))])
   end
 
   def self.authenticate_by_token(id, token)
+    # Allow logins for deleted accounts, but only via this method (and
+    # not the regular authenticate call)
     u = find_first(["id = ? AND security_token = ?", id, token])
     return nil if u.nil? or u.token_expired?
     return nil if false == u.update_expiry
@@ -50,15 +52,25 @@ class <%= class_name %> < ActiveRecord::Base
     update_without_callbacks
   end
 
-  def generate_security_token
-    if self.security_token.nil? or self.token_expiry.nil? or 
+  def generate_security_token(hours = nil)
+    if not hours.nil? or self.security_token.nil? or self.token_expiry.nil? or 
         (Time.now.to_i + token_lifetime / 2) >= self.token_expiry.to_i
-      return new_security_token
+      return new_security_token(hours)
     else
       return self.security_token
     end
   end
 
+  def set_delete_after
+    hours = <%= class_name %>System::CONFIG[:delayed_delete_days] * 24
+    write_attribute('deleted', 1)
+    write_attribute('delete_after', Time.at(Time.now.to_i + hours * 60 * 60))
+
+    # Generate and return a token here, so that it expires at
+    # the same time that the account deletion takes effect.
+    return generate_security_token(hours)
+  end
+
   def change_password(pass, confirm = nil)
     self.password = pass
     self.password_confirmation = confirm.nil? ? pass : confirm
@@ -67,7 +79,7 @@ class <%= class_name %> < ActiveRecord::Base
     
   def valid?
     super
-    run_validations(:validate_on_virtual) if do_virtual_validations
+    run_validations(:validate_on_virtual) if virtual_validations?
     errors.empty?
   end
 
@@ -75,7 +87,7 @@ class <%= class_name %> < ActiveRecord::Base
 
   attr_accessor :password, :password_confirmation
 
-  def do_virtual_validations
+  def virtual_validations?
     @new_password
   end
 
@@ -92,15 +104,19 @@ class <%= class_name %> < ActiveRecord::Base
     end
   end
 
-  def new_security_token
+  def new_security_token(hours = nil)
     write_attribute('security_token', self.class.hashed(self.salted_password + Time.now.to_i.to_s + rand.to_s))
-    write_attribute('token_expiry', Time.at(Time.now.to_i + token_lifetime))
+    write_attribute('token_expiry', Time.at(Time.now.to_i + token_lifetime(hours)))
     update_without_callbacks
     return self.security_token
   end
 
-  def token_lifetime
-    <%= class_name %>System::CONFIG[:security_token_life_hours] * 60 * 60
+  def token_lifetime(hours = nil)
+    if hours.nil?
+      <%= class_name %>System::CONFIG[:security_token_life_hours] * 60 * 60
+    else
+      hours * 60 * 60
+    end
   end
 
   def self.salted_password(salt, hashed_password)

data/templates/user_model.erbsql

@@ -12,5 +12,7 @@ CREATE TABLE users (
   token_expiry <%= @datetime %> default NULL,
   created_at <%= @datetime %> default NULL,
   updated_at <%= @datetime %> default NULL,
-  logged_in_at <%= @datetime %> default NULL
+  logged_in_at <%= @datetime %> default NULL,
+  deleted INT default 0,
+  delete_after <%= @datetime %> default NULL
 ) <%= @options %>;

data/templates/users.yml

@@ -22,4 +22,20 @@ longbob:
   salted_password: c841391e1d29100a4920de7a8fbb4b0fd180c6c0 # alongtest
   salt: c068e3671780f16898c0a8295ae8d82cc59713e2
   email: longbob@test.com
+  verified: 1
+
+deletebob1:
+  id: 1000004
+  login: deletebob1
+  salted_password: c841391e1d29100a4920de7a8fbb4b0fd180c6c0 # alongtest
+  salt: c068e3671780f16898c0a8295ae8d82cc59713e2
+  email: deletebob1@test.com
+  verified: 1
+
+deletebob2:
+  id: 1000005
+  login: deletebob2
+  salted_password: c841391e1d29100a4920de7a8fbb4b0fd180c6c0 # alongtest
+  salt: c068e3671780f16898c0a8295ae8d82cc59713e2
+  email: deletebob2@test.com
   verified: 1

data/templates/view_edit.rhtml

@@ -8,5 +8,13 @@
     <%%= start_form_tag_helper %>
       <%%= render_partial 'password', :submit => true %>
     <%%= end_form_tag %>
+
+    <%%= start_form_tag_helper %>
+      <div class="<%= singular_name %>_delete">
+        <%%= form_input :hidden_field, 'form', :value => 'delete' %>
+    
+        <%%= form_input :submit_button, 'delete_account' %>
+      </div>
+    <%%= end_form_tag %>
   </div>
-</div>                                                                          
+</div>

metadata

@@ -3,8 +3,8 @@ rubygems_version: 0.8.8
 specification_version: 1
 name: salted_login_generator
 version: !ruby/object:Gem::Version 
-  version: 1.0.5
-date: 2005-04-19
+  version: 1.0.6
+date: 2005-05-04
 summary: "[Rails] Login generator with salted passwords."
 require_paths: 
   - "."
@@ -51,6 +51,8 @@ files:
   - templates/view_change_password.rhtml
   - templates/notify_signup.rhtml
   - templates/notify_forgot_password.rhtml
+  - templates/notify_pending_delete.rhtml
+  - templates/notify_delete.rhtml
   - templates/notify_change_password.rhtml
   - templates/mock_notify.rb
   - templates/mock_time.rb