scottmotte-merb-auth-remember-me 0.0.2

data/LICENSE

@@ -0,0 +1,20 @@
+Copyright (c) 2008 Surasit Liangpornrattana
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README

@@ -0,0 +1,43 @@
+### MerbAuthRememberMe
+
+This plugin provides a remember me strategy for Merb Auth. The original plugin was built by Pun Neng (http://github.com/PunNeng/).
+
+The plugin also provides some Merb::Authentication.user_class mixins to keep the models fat and the strategy code thin. The mixins are added to the user class by default. If you choose not to include these and would rather roll your own set the plugin configuration in your config/init.rb file like so:
+<pre><code>
+  Merb::Plugins.config[:merb_auth_remember_me][:include_model_methods] = false
+</code></pre>
+
+This plugin automatically registers and activates the remember_me strategy with Merb Auth, so no additional configuration is necessary.
+
+### Migration Requirements
+
+The plugin requires some fields your user authentication model. Right now there is ORM specific inclusions for Datamapper. The Sequel one needs to be built and a migration needs to be made for ActiveRecord. No migration generators are included but the plugin requires the following fields
+<pre><code>  
+  DateTime  :remember_token_expires_at
+  String    :remember_token
+</code></pre>
+
+------------------------------------------------------------------------------  
+
+### Instructions for installation:
+
+# Add the plugin as a regular dependency in your dependency.rb file
+
+    dependency 'rughetto-merb-auth-remember-me', :require_as => 'merb-auth-remember-me'
+
+# To clear the :auth\_token after log out
+
+Unpack the merb-auth-password application code if it hasn't been done already:
+<pre><code>
+  bin/rake slices:merb-auth-slice-password:freeze  
+</code></pre>    
+   
+Change the #destroy method in slices/merb-auth-slice-password/app/controllers/session_override.rb to include     
+<pre><code>
+  cookies.delete :auth_token
+</code></pre>
+    
+# Add the right form inputs into your unauthenticated.html.erb (login) page 
+
+  <input type="checkbox" id="remember_me" name="remember_me" value="1">
+

data/Rakefile

@@ -0,0 +1,57 @@
+require 'rubygems'
+require 'rake/gempackagetask'
+require 'spec/rake/spectask'
+
+require 'merb-core'
+require 'merb-core/tasks/merb'
+
+GEM_NAME = "merb-auth-remember-me"
+GEM_VERSION = "0.0.2"
+AUTHOR = "Surasit Liangpornrattana"
+EMAIL = "punneng@gmail.com"
+HOMEPAGE = "https://github.com/PunNeng/pn-merb-auth-remember-me"
+SUMMARY = "Merb plugin that provides remember me for merb-auth-slice-password"
+
+spec = Gem::Specification.new do |s|
+  s.rubyforge_project = 'merb'
+  s.name = GEM_NAME
+  s.version = GEM_VERSION
+  s.platform = Gem::Platform::RUBY
+  s.has_rdoc = true
+  s.extra_rdoc_files = ["README", "LICENSE", 'TODO']
+  s.summary = SUMMARY
+  s.description = s.summary
+  s.author = AUTHOR
+  s.email = EMAIL
+  s.homepage = HOMEPAGE
+  s.add_dependency('merb-core', '>= 1.0')
+  s.require_path = 'lib'
+  s.files = %w(LICENSE README Rakefile TODO) + Dir.glob("{lib,spec}/**/*")
+end
+
+Rake::GemPackageTask.new(spec) do |pkg|
+  pkg.gem_spec = spec
+end
+
+desc "install the plugin as a gem"
+task :install do
+  Merb::RakeHelper.install(GEM_NAME, :version => GEM_VERSION)
+end
+
+desc "Uninstall the gem"
+task :uninstall do
+  Merb::RakeHelper.uninstall(GEM_NAME, :version => GEM_VERSION)
+end
+
+desc "Create a gemspec file"
+task :gemspec do
+  File.open("#{GEM_NAME}.gemspec", "w") do |file|
+    file.puts spec.to_ruby
+  end
+end
+
+Spec::Rake::SpecTask.new do |t|
+   t.warning = true
+   t.spec_opts = ["--format", "specdoc", "--colour"]
+   t.spec_files = Dir['spec/**/*_spec.rb'].sort   
+end

data/TODO

@@ -0,0 +1,2 @@
+TODO:
+make token refresh with each request ??

data/lib/merb-auth-remember-me.rb

@@ -0,0 +1,35 @@
+if defined?(Merb::Plugins)
+  $:.unshift File.dirname(__FILE__)
+
+  # register the authentication strategy
+  require(File.expand_path(File.dirname(__FILE__) / "merb-auth-remember-me" / "mixins") / "authenticated_user")
+  strategy_path = File.expand_path(File.dirname(__FILE__)) / "merb-auth-remember-me" / "strategies"
+  Merb.logger.info('Registering and activating RememberMe strategy')
+  Merb::Authentication.register(:remember_me, strategy_path / "remember_me.rb")
+  Merb::Authentication.activate!(:remember_me) # and activate it
+  
+  # Plugin configurations
+  Merb::Plugins.config[:merb_auth_remember_me] = {:include_model_methods => true }
+  
+  Merb::BootLoader.after_app_loads do
+    Merb::Authentication.after_authentication do |user,request,params|
+      if params[:remember_me] == "1" 
+        user.remember_me
+        request.cookies.set_cookie(
+          :auth_token, 
+          user.remember_token, 
+          :expires => user.remember_token_expires_at.to_time
+        )
+      end
+      user 
+    end # Merb::Authentication.after_authentication
+    
+    Merb::Authentication.user_class.class_eval do
+      if Merb::Plugins.config[:merb_auth_remember_me][:include_model_methods]
+        Merb.logger.info("Including RememberMe Mixin in #{Merb::Authentication.user_class}. 
+        To avoid this inclusion add 'Merb::Plugins.config[:merb_auth_remember_me][:include_model_methods] = false' in your config/init.rb before_app_loads method")
+        include Merb::Authentication::Mixins::AuthenticatedUser
+      end  
+    end # Merb::Authentication.user_class.class_eval
+  end # Merb::BootLoader.after_app_loads
+end # if defined?(Merb::Plugins)

data/lib/merb-auth-remember-me/mixins/authenticated_user.rb

@@ -0,0 +1,100 @@
+require "digest/sha1"
+module Merb
+  class Authentication
+    module Mixins
+      # This mixin provides basic user remember token.
+      #
+      # Added properties:
+      #  :remember_token_expires_at, DateTime
+      #  :remember_token, String
+      #
+      # To use it simply require it and include it into your user class.
+      #
+      # class User
+      #   include Merb::Authentication::Mixins::AuthenticatedUser
+      #
+      # end
+      #
+      module AuthenticatedUser
+        def self.included(base)
+          base.class_eval do
+            include Merb::Authentication::Mixins::AuthenticatedUser::InstanceMethods
+            extend  Merb::Authentication::Mixins::AuthenticatedUser::ClassMethods
+
+            path = File.expand_path(File.dirname(__FILE__)) / "authenticated_user"
+            if defined?(DataMapper) && DataMapper::Resource > self
+              require path / "dm_authenticated_user"
+              extend(Merb::Authentication::Mixins::AuthenticatedUser::DMClassMethods)
+            elsif defined?(ActiveRecord) && ancestors.include?(ActiveRecord::Base)
+              require path / "ar_authenticated_user"
+              extend(Merb::Authentication::Mixins::AuthenticatedUser::ARClassMethods)
+            elsif defined?(Sequel) && ancestors.include?(Sequel::Model)
+              require path / "sq_authenticated_user"
+              extend(Merb::Authentication::Mixins::AuthenticatedUser::SQClassMethods)
+            elsif MongoMapper::Document > self
+              require path / "mm_authenticated_user"
+              extend(Merb::Authentication::Mixins::AuthenticatedUser::MMClassMethods)
+            end
+
+          end # base.class_eval
+        end # self.included
+
+
+        module ClassMethods
+          def secure_digest(*args)
+            Digest::SHA1.hexdigest(args.flatten.join('--'))
+          end
+
+          # Create random key.
+          #
+          # ==== Returns
+          # String:: The generated key
+          def make_token
+            secure_digest(Time.now, (1..10).map{ rand.to_s })
+          end 
+        end # ClassMethods
+
+        module InstanceMethods
+          def remember_token?
+            (!remember_token.blank?) && 
+              remember_token_expires_at && (Time.now.utc < remember_token_expires_at.utc)
+          end
+
+          # These create and unset the fields required for remembering users between browser closes
+          def remember_me(time = 2.weeks)
+            remember_me_for time
+          end
+
+          def remember_me_for(time)
+            remember_me_until time.from_now.utc
+          end
+
+          def remember_me_until(time)
+            self.remember_token_expires_at = time
+            self.remember_token            = self.class.make_token
+            save
+          end
+
+          # refresh token (keeping same expires_at) if it exists
+          def refresh_token
+            if remember_token?
+              self.remember_token = self.class.make_token 
+              save
+            end
+          end
+
+          # 
+          # Deletes the server-side record of the authentication token.  The
+          # client-side (browser cookie) and server-side (this remember_token) must
+          # always be deleted together.
+          #
+          def forget_me
+            self.remember_token_expires_at = nil
+            self.remember_token            = nil
+            save
+          end
+        end # InstanceMethods
+      end # AuthenticatedUser
+    end # Mixins
+  end # Authentication
+end # Merb

data/lib/merb-auth-remember-me/mixins/authenticated_user/ar_authenticated_user.rb

@@ -0,0 +1,14 @@
+module Merb
+  class Authentication
+    module Mixins
+      module AuthenticatedUser
+        module ARClassMethods
+          def self.extended(base)
+
+          
+          end # self.extended
+        end # ARClassMethods
+      end # ActivatedUser
+    end # Mixins
+  end # Authentication
+end # Merb

data/lib/merb-auth-remember-me/mixins/authenticated_user/dm_authenticated_user.rb

@@ -0,0 +1,17 @@
+module Merb
+  class Authentication
+    module Mixins
+      module AuthenticatedUser
+        module DMClassMethods
+          def self.extended(base)
+            base.class_eval do
+              property :remember_token_expires_at, DateTime
+              property :remember_token, String
+            end # base.class_eval
+          
+          end # self.extended
+        end # DMClassMethods
+      end # AuthenticatedUser
+    end # Mixins
+  end # Authentication
+end #Merb

data/lib/merb-auth-remember-me/mixins/authenticated_user/mm_authenticated_user.rb

@@ -0,0 +1,17 @@
+module Merb
+  class Authentication
+    module Mixins
+      module AuthenticatedUser
+        module MMClassMethods
+          def self.extended(base)
+            base.class_eval do
+              key :remember_token_expires_at, Time
+              key :remember_token, String
+            end # base.class_eval
+          
+          end # self.extended
+        end # MMClassMethods
+      end # AuthenticatedUser
+    end # Mixins
+  end # Authentication
+end #Merb

data/lib/merb-auth-remember-me/mixins/authenticated_user/sq_authenticated_user.rb

@@ -0,0 +1,19 @@
+module Merb
+  class Authentication
+    module Mixins
+      module AuthenticatedUser
+        module SQClassMethods
+          def self.extended(base)
+            base.class_eval do
+
+            end # base.class_eval
+          
+          end # self.extended
+        end # SQClassMethods
+        module SQInstanceMethods
+        end # SQInstanceMethods
+      
+      end # AuthenticatedUser
+    end # Mixins
+  end # Authentication
+end # Merb

data/lib/merb-auth-remember-me/strategies/remember_me.rb

@@ -0,0 +1,12 @@
+module Merb::Authentication::Strategies
+  class RememberMeStrategy < Merb::Authentication::Strategy
+    def run!
+      if cookies[:auth_token]
+        user = Merb::Authentication.user_class.first(
+          :conditions => [ "remember_token = ?", cookies[:auth_token] ]
+        )
+      end  
+      user && user.remembered? ? user : nil
+    end # run!
+  end # RememberMeStrategy
+end # Merb::Authentication::Strategies

data/spec/merb-auth-remember-me_spec.rb

@@ -0,0 +1,2 @@
+require File.dirname(__FILE__) + '/spec_helper'
+

data/spec/mixins/authenticated_user_spec.rb

@@ -0,0 +1,34 @@
+require File.dirname(__FILE__) + '/../spec_helper'
+
+describe "Authenticated user" do
+
+  before :all do
+    @user = user.new
+    @user.remember_token_expires_at.should be_nil
+    @user.remember_token.should be_nil
+  end
+
+  it "should add the 'remember_token_expires_at' property to the user model" do
+    @user.should respond_to(:remember_token_expires_at)
+    @user.should respond_to(:remember_token_expires_at=)
+  end
+
+  it "should add the 'remember_token' property to the user model" do
+    @user.should respond_to(:remember_token)
+    @user.should respond_to(:remember_token=)
+  end
+
+  it "should save token and expires_at" do
+    @user.remember_me
+    @user.remember_token_expires_at.should_not be_nil
+    @user.remember_token.should_not be_nil
+  end
+
+  it "should save expires_at as 2 weeks later" do
+    @user.remember_me
+    @user.remember_token_expires_at.should eql((Time.now+2.weeks).to_datetime)
+  end
+
+end
+
+

data/spec/spec_helper.rb

@@ -0,0 +1,101 @@
+$:.push File.join(File.dirname(__FILE__), '..', 'lib')
+
+require 'rubygems'
+require 'activesupport'
+require 'merb-core'
+require 'dm-core'
+require 'do_sqlite3'
+require 'merb-auth-core'
+require 'merb-auth-more'
+require 'merb-auth-more/mixins/redirect_back'
+require 'spec'
+require 'merb-auth-remember-me'
+
+Merb.start_environment(
+  :testing => true, 
+  :adapter => 'runner', 
+  :environment => ENV['MERB_ENV'] || 'test',
+#  :merb_root => Merb.root,
+  :session_store => :cookie,
+  :exception_details => true,
+  :session_secret_key => "d3a6d6f99a25004dd82b71af8bded0ab71d3ea21"
+  
+)
+
+DataMapper.setup(:default, "sqlite3::memory:")
+    
+class User
+  include DataMapper::Resource
+  include Merb::Authentication::Mixins::AuthenticatedUser
+
+  property :id, Serial
+  property :email, String
+  property :login, String
+end
+
+Merb::Authentication.user_class = User
+def user
+  Merb::Authentication.user_class
+end
+
+
+# for strategy 
+Merb::Config[:exception_details] = true
+Merb::Router.reset!
+Merb::Router.prepare do
+  match("/login", :method => :get).to(:controller => "exceptions", :action => "unauthenticated").name(:login)
+  match("/login", :method => :put).to(:controller => "sessions", :action => "update")
+  
+  authenticate do
+    match("/").to(:controller => "my_controller")
+  end
+  match("/logout", :method => :delete).to(:controller => "sessions", :action => "destroy")
+end
+
+class Merb::Authentication
+  def store_user(user); user; end
+  def fetch_user(session_info); session_info; end
+end
+
+Merb::Authentication.activate!(:remember_me)
+Merb::Authentication.activate!(:default_password_form)
+
+class MockUserStrategy < Merb::Authentication::Strategy
+  def run!
+    params[:pass_auth] = if params[:pass_auth] == "false"
+      false 
+    else
+      Merb::Authentication.user_class.first
+    end
+    params[:pass_auth]
+  end
+end
+
+class Application < Merb::Controller; end
+
+class Sessions < Merb::Controller
+  before :ensure_authenticated
+  def update
+    redirect "/"
+  end
+  
+  def destroy
+    cookies.delete :auth_token
+    session.abandon!
+  end      
+end
+
+class MyController < Application
+  def index
+    "IN MY CONTROLLER"
+  end
+end
+
+Spec::Runner.configure do |config|
+  config.include(Merb::Test::ViewHelper)
+  config.include(Merb::Test::RouteHelper)
+  config.include(Merb::Test::ControllerHelper)
+  config.before(:all){ User.auto_migrate! }
+  config.after(:all){ User.all.destroy! }
+end
+

data/spec/strategies/remember_me_spec.rb

@@ -0,0 +1,63 @@
+require File.dirname(__FILE__) + '/../spec_helper'
+
+describe "Remember me strategy" do
+  def do_valid_login
+    put("/login", {:remember_me => "1", :pass_auth => true})
+  end
+  
+  def do_valid_login_without_remember_me
+    put("/login", {:pass_auth => true})
+  end
+
+  def do_invalid_login
+    put("/login", { :pass_auth => false})
+  end
+
+  def do_home_with_auth_token
+    get("/", { :pass_auth => true} ) do |controller|
+      controller.request.cookies[:auth_token] = "auth_token_string"
+    end
+  end
+
+  before :each do
+    @user = mock(Merb::Authentication.user_class, :remember_me => true)
+    user.stub!(:first).and_return(@user)
+    @user.stub!(:remember_token?).and_return(true)
+    @user.stub!(:remember_token).and_return(Time.now + 1.week)
+    @user.stub!(:remember_token_expires_at).and_return(Time.now)
+    @user.stub!(:forget_me).and_return(true)
+  end
+
+  it "should save remember_token and remember_token_expires_at if remember_me == '1'" do
+    Merb::Authentication.user_class.should_receive(:first).and_return(@user)
+    @user.should_receive(:remember_me)
+    @user.remember_token.should_not be_nil
+    @user.remember_token_expires_at.should_not be_nil
+    do_valid_login.should redirect_to('/')
+  end
+
+  it "should not remember me unless remember_me == '1'" do 
+    Merb::Authentication.user_class.should_receive(:first).and_return(true)
+    @user.should_not_receive(:remember_me)
+    do_valid_login_without_remember_me.should redirect_to('/')
+  end
+
+  it "should log in automatically if auth_token exists" do
+    Merb::Authentication.user_class.should_receive(:first).and_return(@user)
+    do_home_with_auth_token.should be_successful
+  end
+
+  it "should raise unauthenticated if auth_token doesn't exist" do
+    lambda do
+      do_invalid_login
+    end.should raise_error(Merb::Controller::Unauthenticated, "Could not log in")
+  end
+  
+  it "should clear auth_token after loging out" do
+    delete('/logout') do |controller|
+      controller.cookies.should_receive(:delete).with(:auth_token)
+    end
+  end
+end
+
+

metadata

@@ -0,0 +1,84 @@
+--- !ruby/object:Gem::Specification 
+name: scottmotte-merb-auth-remember-me
+version: !ruby/object:Gem::Version 
+  version: 0.0.2
+platform: ruby
+authors: 
+- Surasit Liangpornrattana
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2009-07-17 00:00:00 -07:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: merb-core
+  type: :runtime
+  version_requirement: 
+  version_requirements: !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: "1.0"
+    version: 
+description: Merb plugin that provides remember me for merb-auth-slice-password
+email: punneng@gmail.com
+executables: []
+
+extensions: []
+
+extra_rdoc_files: 
+- README
+- LICENSE
+- TODO
+files: 
+- LICENSE
+- README
+- Rakefile
+- TODO
+- lib/merb-auth-remember-me
+- lib/merb-auth-remember-me/mixins
+- lib/merb-auth-remember-me/mixins/authenticated_user
+- lib/merb-auth-remember-me/mixins/authenticated_user/ar_authenticated_user.rb
+- lib/merb-auth-remember-me/mixins/authenticated_user/dm_authenticated_user.rb
+- lib/merb-auth-remember-me/mixins/authenticated_user/mm_authenticated_user.rb
+- lib/merb-auth-remember-me/mixins/authenticated_user/sq_authenticated_user.rb
+- lib/merb-auth-remember-me/mixins/authenticated_user.rb
+- lib/merb-auth-remember-me/strategies
+- lib/merb-auth-remember-me/strategies/remember_me.rb
+- lib/merb-auth-remember-me.rb
+- spec/merb-auth-remember-me_spec.rb
+- spec/mixins
+- spec/mixins/authenticated_user_spec.rb
+- spec/spec_helper.rb
+- spec/strategies
+- spec/strategies/remember_me_spec.rb
+has_rdoc: false
+homepage: https://github.com/PunNeng/pn-merb-auth-remember-me
+post_install_message: 
+rdoc_options: []
+
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+  version: 
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+  version: 
+requirements: []
+
+rubyforge_project: merb
+rubygems_version: 1.2.0
+signing_key: 
+specification_version: 3
+summary: Merb plugin that provides remember me for merb-auth-slice-password
+test_files: []
+