scottmotte-merb-auth-remember-me 0.0.2 → 0.1.3.2

data/README.markdown

@@ -0,0 +1,51 @@
+### PnMerbAuthRememberMe
+
+This plugin provides a remember me function based on MerbAuth. Most of codes are from [RestfulAuthentication on Rails](http://github.com/technoweenie/restful-authentication/tree/master)  
+
+This plugin adds a mixin that you should include in your user model to provide 2 fields to remember the token and time to expire. The mixin will automatically select the correct sub mixin for all supported orms.  
+ 
+<pre><code>class User
+  include DataMapper::Resource
+  include Merb::Authentication::Mixins::AuthenticatedUser
+
+  property :id,    Serial
+end
+</code></pre>
+
+### Migration Requirements
+
+The mixin requires some fields to be in-place on your model.  Where needed include these in your migrations.  
+<pre><code>  :remember_token_expires_at, DateTime
+  :remember_token, String
+</code></pre>
+
+### Configuration Options
+
+declare in your _merb/merb-auth/strategies.rb_ file  
+
+    Merb::Authentication.activate!(:remember_me) 
+    
+
+------------------------------------------------------------------------------  
+
+### Instructions for installation:
+
+Rake tasks to package/install the gem - edit this to modify the manifest.  
+
+file: config/dependencies.rb
+
+\# add the plugin as a regular dependency
+
+    dependency 'merb-auth-remember-me'
+
+file: slice/merb-auth-slice-password/app/controllers/sessions.rb or the logout action  
+
+\# clear :auth\_token after log out
+
+    cookies.delete :auth_token
+
+In your unauthenticated.html.erb(Login page)  
+
+    %input#rememberme{ :name => "remember_me" , :type => "checkbox", :value => "1"}
+        Remember Me
+

data/Rakefile

@@ -1,15 +1,15 @@
 require 'rubygems'
 require 'rake/gempackagetask'
-require 'spec/rake/spectask'
 
 require 'merb-core'
 require 'merb-core/tasks/merb'
 
 GEM_NAME = "merb-auth-remember-me"
-GEM_VERSION = "0.0.2"
-AUTHOR = "Surasit Liangpornrattana"
-EMAIL = "punneng@gmail.com"
-HOMEPAGE = "https://github.com/PunNeng/pn-merb-auth-remember-me"
+GEM_VERSION = "0.1.3.2"
+AUTHOR = "Jacques Crocker"
+ORIGINAL_AUTHOR = "Surasit Liangpornrattana"
+EMAIL = "merbjedi@gmail.com"
+HOMEPAGE = "https://github.com/merbjedi/merb-auth-remember-me"
 SUMMARY = "Merb plugin that provides remember me for merb-auth-slice-password"
 
 spec = Gem::Specification.new do |s|
@@ -18,15 +18,16 @@ spec = Gem::Specification.new do |s|
   s.version = GEM_VERSION
   s.platform = Gem::Platform::RUBY
   s.has_rdoc = true
-  s.extra_rdoc_files = ["README", "LICENSE", 'TODO']
+  s.extra_rdoc_files = ["README.markdown", "LICENSE", 'TODO']
   s.summary = SUMMARY
   s.description = s.summary
-  s.author = AUTHOR
+  s.authors = [AUTHOR, ORIGINAL_AUTHOR]
   s.email = EMAIL
   s.homepage = HOMEPAGE
-  s.add_dependency('merb-core', '>= 1.0')
+  s.add_dependency('merb-core', '>= 1.0.9')
   s.require_path = 'lib'
-  s.files = %w(LICENSE README Rakefile TODO) + Dir.glob("{lib,spec}/**/*")
+  s.files = %w(LICENSE README.markdown Rakefile TODO) + Dir.glob("{lib,spec}/**/*")
+  
 end
 
 Rake::GemPackageTask.new(spec) do |pkg|
@@ -49,9 +50,3 @@ task :gemspec do
     file.puts spec.to_ruby
   end
 end
-
-Spec::Rake::SpecTask.new do |t|
-   t.warning = true
-   t.spec_opts = ["--format", "specdoc", "--colour"]
-   t.spec_files = Dir['spec/**/*_spec.rb'].sort   
-end

data/TODO

@@ -1,2 +0,0 @@
-TODO:
-make token refresh with each request ??

data/lib/merb-auth-remember-me.rb

@@ -1,35 +1,35 @@
+# make sure we're running inside Merb
 if defined?(Merb::Plugins)
+
   $:.unshift File.dirname(__FILE__)
 
-  # register the authentication strategy
   require(File.expand_path(File.dirname(__FILE__) / "merb-auth-remember-me" / "mixins") / "authenticated_user")
   strategy_path = File.expand_path(File.dirname(__FILE__)) / "merb-auth-remember-me" / "strategies"
-  Merb.logger.info('Registering and activating RememberMe strategy')
+
   Merb::Authentication.register(:remember_me, strategy_path / "remember_me.rb")
-  Merb::Authentication.activate!(:remember_me) # and activate it
+  # require(strategy_path / "remember_me.rb")
   
-  # Plugin configurations
-  Merb::Plugins.config[:merb_auth_remember_me] = {:include_model_methods => true }
+  Merb::Plugins.add_rakefiles "merb-auth-remember-me/merbtasks"#, "merb-auth-remember-me/slicetasks", "merb-auth-remember-me/spectasks"
+
+  # Merb gives you a Merb::Plugins.config hash...feel free to put your stuff in your piece of it
+  Merb::Plugins.config[:pn_merb_auth_remember_me] = {
+    :chickens => false
+  }
+  
+  Merb::BootLoader.before_app_loads do
+    # require code that must be loaded before the application
+  end
   
   Merb::BootLoader.after_app_loads do
+    # code that can be required after the application loads
     Merb::Authentication.after_authentication do |user,request,params|
       if params[:remember_me] == "1" 
         user.remember_me
-        request.cookies.set_cookie(
-          :auth_token, 
-          user.remember_token, 
-          :expires => user.remember_token_expires_at.to_time
-        )
+        request.cookies.set_cookie(:auth_token, user.remember_token, :expires => user.remember_token_expires_at.to_time)
       end
       user 
-    end # Merb::Authentication.after_authentication
-    
-    Merb::Authentication.user_class.class_eval do
-      if Merb::Plugins.config[:merb_auth_remember_me][:include_model_methods]
-        Merb.logger.info("Including RememberMe Mixin in #{Merb::Authentication.user_class}. 
-        To avoid this inclusion add 'Merb::Plugins.config[:merb_auth_remember_me][:include_model_methods] = false' in your config/init.rb before_app_loads method")
-        include Merb::Authentication::Mixins::AuthenticatedUser
-      end  
-    end # Merb::Authentication.user_class.class_eval
-  end # Merb::BootLoader.after_app_loads
-end # if defined?(Merb::Plugins)
+    end
+  end
+  
+  Merb::Plugins.add_rakefiles "merb-auth-remember-me/merbtasks"
+end

data/lib/merb-auth-remember-me/merbtasks.rb

@@ -0,0 +1,6 @@
+namespace :pn_remember_me do
+  desc "Do something for merb-auth-remember-me"
+  task :default do
+    puts "merb-auth-remember-me doesn't do anything"
+  end
+end

data/lib/merb-auth-remember-me/mixins/authenticated_user.rb

@@ -57,7 +57,7 @@ module Merb
         module InstanceMethods
           def remember_token?
             (!remember_token.blank?) && 
-              remember_token_expires_at && (Time.now.utc < remember_token_expires_at.utc)
+              remember_token_expires_at && (DateTime.now < remember_token_expires_at)
           end
 
           # These create and unset the fields required for remembering users between browser closes

data/lib/merb-auth-remember-me/mixins/authenticated_user/mm_authenticated_user.rb

@@ -14,4 +14,4 @@ module Merb
       end # AuthenticatedUser
     end # Mixins
   end # Authentication
-end #Merb
+end #Merb

data/lib/merb-auth-remember-me/strategies/remember_me.rb

@@ -1,12 +1,53 @@
-module Merb::Authentication::Strategies
-  class RememberMeStrategy < Merb::Authentication::Strategy
-    def run!
-      if cookies[:auth_token]
-        user = Merb::Authentication.user_class.first(
-          :conditions => [ "remember_token = ?", cookies[:auth_token] ]
-        )
-      end  
-      user && user.remembered? ? user : nil
-    end # run!
-  end # RememberMeStrategy
-end # Merb::Authentication::Strategies
+class RememberMe < Merb::Authentication::Strategy
+
+  # Called from #current_user.  Finaly, attempt to login by an expiring token in the cookie.
+  # for the paranoid: we _should_ be storing user_token = hash(cookie_token, request IP)
+  def run!
+    current_user = cookies[:auth_token] && Merb::Authentication.user_class.first(:conditions => ["remember_token = ?", cookies[:auth_token]])
+    if current_user && current_user.remember_token?
+      handle_remember_cookie! false # freshen cookie token (keeping date)
+      current_user
+    end
+  end
+
+  def current_user
+    @current_user
+  end
+  
+  def current_user=(new_user)
+    @current_user = new_user
+  end
+  
+  #
+  # Remember_me Tokens
+  #
+  # Cookies shouldn't be allowed to persist past their freshness date,
+  # and they should be changed at each login
+
+  # Cookies shouldn't be allowed to persist past their freshness date,
+  # and they should be changed at each login
+
+  def valid_remember_cookie?
+    return nil unless current_user
+    (current_user.remember_token?) && 
+      (cookies[:auth_token] == current_user.remember_token)
+  end
+  
+  # Refresh the cookie auth token if it exists, create it otherwise
+  def handle_remember_cookie! new_cookie_flag
+    return unless current_user
+    case
+    when valid_remember_cookie? then current_user.refresh_token # keeping same expiry date
+    when new_cookie_flag        then current_user.remember_me 
+    else                             current_user.forget_me
+    end
+    send_remember_cookie!
+  end
+  
+  def send_remember_cookie!
+    cookies.set_cookie(:auth_token, current_user.remember_token, :expires => current_user.remember_token_expires_at.to_time)
+  end
+
+
+end
+

metadata

@@ -1,9 +1,10 @@
 --- !ruby/object:Gem::Specification 
 name: scottmotte-merb-auth-remember-me
 version: !ruby/object:Gem::Version 
-  version: 0.0.2
+  version: 0.1.3.2
 platform: ruby
 authors: 
+- Jacques Crocker
 - Surasit Liangpornrattana
 autorequire: 
 bindir: bin
@@ -20,24 +21,25 @@ dependencies:
     requirements: 
     - - ">="
       - !ruby/object:Gem::Version 
-        version: "1.0"
+        version: 1.0.9
     version: 
 description: Merb plugin that provides remember me for merb-auth-slice-password
-email: punneng@gmail.com
+email: merbjedi@gmail.com
 executables: []
 
 extensions: []
 
 extra_rdoc_files: 
-- README
+- README.markdown
 - LICENSE
 - TODO
 files: 
 - LICENSE
-- README
+- README.markdown
 - Rakefile
 - TODO
 - lib/merb-auth-remember-me
+- lib/merb-auth-remember-me/merbtasks.rb
 - lib/merb-auth-remember-me/mixins
 - lib/merb-auth-remember-me/mixins/authenticated_user
 - lib/merb-auth-remember-me/mixins/authenticated_user/ar_authenticated_user.rb
@@ -55,7 +57,7 @@ files:
 - spec/strategies
 - spec/strategies/remember_me_spec.rb
 has_rdoc: false
-homepage: https://github.com/PunNeng/pn-merb-auth-remember-me
+homepage: https://github.com/merbjedi/merb-auth-remember-me
 post_install_message: 
 rdoc_options: []
 

data/README

@@ -1,43 +0,0 @@
-### MerbAuthRememberMe
-
-This plugin provides a remember me strategy for Merb Auth. The original plugin was built by Pun Neng (http://github.com/PunNeng/).
-
-The plugin also provides some Merb::Authentication.user_class mixins to keep the models fat and the strategy code thin. The mixins are added to the user class by default. If you choose not to include these and would rather roll your own set the plugin configuration in your config/init.rb file like so:
-<pre><code>
-  Merb::Plugins.config[:merb_auth_remember_me][:include_model_methods] = false
-</code></pre>
-
-This plugin automatically registers and activates the remember_me strategy with Merb Auth, so no additional configuration is necessary.
-
-### Migration Requirements
-
-The plugin requires some fields your user authentication model. Right now there is ORM specific inclusions for Datamapper. The Sequel one needs to be built and a migration needs to be made for ActiveRecord. No migration generators are included but the plugin requires the following fields
-<pre><code>  
-  DateTime  :remember_token_expires_at
-  String    :remember_token
-</code></pre>
-
-------------------------------------------------------------------------------  
-
-### Instructions for installation:
-
-# Add the plugin as a regular dependency in your dependency.rb file
-
-    dependency 'rughetto-merb-auth-remember-me', :require_as => 'merb-auth-remember-me'
-
-# To clear the :auth\_token after log out
-
-Unpack the merb-auth-password application code if it hasn't been done already:
-<pre><code>
-  bin/rake slices:merb-auth-slice-password:freeze  
-</code></pre>    
-   
-Change the #destroy method in slices/merb-auth-slice-password/app/controllers/session_override.rb to include     
-<pre><code>
-  cookies.delete :auth_token
-</code></pre>
-    
-# Add the right form inputs into your unauthenticated.html.erb (login) page 
-
-  <input type="checkbox" id="remember_me" name="remember_me" value="1">
-