shield 0.1.0 → 1.0.0.rc1

data/LICENSE

@@ -0,0 +1,19 @@
+Copyright (c) 2009 Michel Martens, Damian Janowski and Cyril David
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,230 @@
+# Shield
+
+Shield
+
+_n. A solid piece of metal code used to protect your application._
+
+## Why another authentication library?
+
+1. Because most of the other libraries are too huge.
+2. Extending other libraries is a pain.
+3. Writing code is fun :-)
+
+## What shield is
+
+1. Simple (~ 110 lines of Ruby code)
+2. Doesn't get in the way
+3. Treats you like a grown up
+
+## What shield is not
+
+- is _not_ a ready-made end-to-end authentication solution.
+- is _not_ biased towards any kind of ORM.
+
+## Understanding Shield in 15 minutes
+
+### Shield::Model
+
+`Shield::Model` is a very basic protocol for doing authentication
+against your model. It doesn't assume a lot, apart from the following:
+
+1. You will implement `User.fetch` which receives the login string.
+2. You have an attribute `crypted_password` which is able to store
+   up to __192__ characters.
+
+And that's it.
+
+In order to implement the model protocol, you start by
+including `Shield::Model`.
+
+```ruby
+class User < Struct.new(:email, :crypted_password)
+  include Shield::Model
+
+  def self.fetch(email)
+    user = new(email)
+    user.password = "pass1234"
+
+    return user
+  end
+end
+```
+
+By including `Shield::Model`, you get all the general methods needed
+in order to do authentication.
+
+1. You get `User.authenticate` which receives the login string and
+   password as the two parameters.
+2. You get `User#password=` which automatically converts the clear text
+   password into a hashed form and assigns it into `#crypted_password`.
+
+```ruby
+u = User.new("foo@bar.com")
+
+# A password accessor has been added which manages `crypted_password`.
+u.password = "pass1234"
+
+Shield::Password.check("pass1234", u.crypted_password)
+# => true
+
+# Since we've hard coded all passwords to pass1234
+# we're able to authenticate properly.
+nil == User.authenticate("foo@bar.com", "pass1234")
+# => false
+
+# If we try a different password on the other hand,
+# we get `nil`.
+nil == User.authenicate("foo@bar.com", "wrong")
+# => true
+```
+
+Shield includes tests for [ohm][ohm] and [sequel][sequel] and makes sure
+that each release works with the latest respective versions.
+
+Take a look at [test/ohm.rb][ohm-test] and [test/sequel.rb][sequel-test]
+to learn more.
+
+### Logging in with an email and username?
+
+If your requirements dictate that you need to be able to support logging
+in using either username or email, then you can simply extend `User.fetch`
+a bit by doing:
+
+```ruby
+# in Sequel
+class User < Sequel::Model
+  def self.fetch(identifier)
+    filter(email: identifier).first || filter(username: identifier).first
+  end
+end
+
+# in Ohm
+class User < Ohm::Model
+  attribute :email
+  attribute :username
+
+  unique :email
+  unique :username
+
+  def self.fetch(identifier)
+    with(:email, identifier) || with(:username, identifier)
+  end
+end
+```
+
+If you want to allow case-insensitive logins for some reason, you can
+simply normalize the values to their lowercase form.
+
+[ohm]: http://ohm.keyvalue.org
+[sequel]: http://sequel.rubyforge.org
+
+[ohm-test]: https://github.com/cyx/shield/blob/master/test/ohm.rb
+[sequel-test]: https://github.com/cyx/shield/blob/master/test/sequel.rb
+
+### Shield::Helpers
+
+As the name suggests, `Shield::Helpers` is out there to aid you a bit,
+but this time it aids you in the context of your Rack application.
+
+`Shield::Helpers` assumes only the following:
+
+1. You have included in your application a Session handler,
+   (e.g. Rack::Session::Cookie)
+2. You have an `env` method which returns the environment hash as
+   was passed in Rack.
+
+**Note:** As of this writing, Sinatra, Cuba & Rails adhere to having an `env`
+method in the handler / controller context. Shield also ships with tests for
+both Cuba and Sinatra.
+
+```ruby
+require "sinatra"
+
+# Satisifies assumption number 1 above.
+use Rack::Session::Cookie
+
+# Mixes `Shield::Helpers` into your routes context.
+helpers Shield::Helpers
+
+get "/private" do
+  error(401) unless authenticated(User)
+
+  "Private"
+end
+
+get "/login" do
+  erb :login
+end
+
+post "/login" do
+  if login(User, params[:login], params[:password], params[:remember_me])
+    redirect(params[:return] || "/")
+  else
+    redirect "/login"
+  end
+end
+
+get "/logout" do
+  logout(User)
+  redirect "/"
+end
+
+__END__
+
+@@ login
+<h1>Login</h1>
+
+<form action='/login' method='post'>
+<input type='text' name='login' placeholder='Email'>
+<input type='password' name='password' placeholder='Password'>
+<input type='submit' name='proceed' value='Login'>
+```
+
+**Note for the reader**: The redirect to `params[:return]` in the example
+is vulnerable to URL hijacking. You can whitelist redirectable urls, or
+simply make sure the URL matches the pattern `/\A[\/a-z0-9\-]+\z/i`.
+
+### Shield::Middleware
+
+If you have a keen eye you might have noticed that instead of redirecting
+away to the login URL in the example above, we instead chose to do a
+`401 Unauthorized`. In strict HTTP Status code terms, this is the proper
+approach. The redirection is simply the user experience pattern that has
+emerged in web applications.
+
+But don't despair! If you want to do redirects simply add
+`Shield::Middleware` to your middleware stack like so:
+
+```ruby
+# taken from example above
+use Shield::Middleware, "/login"
+use Rack::Session::Cookie
+
+# rest of code follows here
+# ...
+```
+
+Now when your application responds with a `401`, `Shield::Middleware`
+will be responsible for doing the redirect to `/login`.
+
+If you try and do a `curl --head http://localhost:4567/private` with
+`Shield::Middleware`, you'll get a response similar to the following:
+
+```
+HTTP/1.1 302 Found
+Location: http://localhost:4567/login?return=%2Fprivate
+Content-Type: text/html
+```
+
+Notice that it specifies `/private` as the return URL.
+
+## Jump starting your way.
+
+For people interested in using Cuba, Ohm, Shield and Bootstrap we've
+created a starting point that includes **Login**, **Signup** and
+**Forgot Password** functionality.
+
+Head on over to the [cuba-app][cuba-app] repository if you want
+to know more.
+
+[cuba-app]: http://github.com/citrusbyte/cuba-app

data/Rakefile

@@ -0,0 +1,6 @@
+desc "Run all tests using cutest."
+task :test do
+  system("cutest -r ./test/helper ./test/*.rb")
+end
+
+task :default => :test

data/lib/shield.rb

@@ -1,5 +1,130 @@
+require "pbkdf2"
+require "uri"
+
 module Shield
-  autoload :Password, "shield/password"
-  autoload :Helpers,  "shield/helpers"
-  autoload :Model,    "shield/model"
-end
+  class Middleware
+    attr :url
+
+    def initialize(app, url = "/login")
+      @app = app
+      @url = url
+    end
+
+    def call(env)
+      tuple = @app.call(env)
+
+      if tuple[0] == 401
+        [302, headers(env["PATH_INFO"]), []]
+      else
+        tuple
+      end
+    end
+
+  private
+    def headers(path)
+      { "Location" => "%s?return=%s" % [url, encode(path)],
+        "Content-Type" => "text/html",
+        "Content-Length" => "0"
+      }
+    end
+
+    def encode(str)
+      URI.encode_www_form_component(str)
+    end
+  end
+
+  module Helpers
+    def persist_session!
+      if session[:remember_for]
+        env["rack.session.options"][:expire_after] = session[:remember_for]
+      end
+    end
+
+    def authenticated(model)
+      @_shield ||= {}
+      @_shield[model] ||= session[model.to_s] && model[session[model.to_s]]
+    end
+
+    def authenticate(user)
+      session[user.class.to_s] = user.id
+    end
+
+    def login(model, username, password, remember = false, expire = 1209600)
+      return unless user = model.authenticate(username, password)
+
+      session[:remember_for] = expire if remember
+      authenticate(user)
+    end
+
+    def logout(model)
+      session.delete(model.to_s)
+      session.delete(:remember_for)
+
+      @_shield.delete(model) if defined?(@_shield)
+    end
+  end
+
+  module Model
+    def self.included(model)
+      model.extend(ClassMethods)
+    end
+
+    class FetchMissing < StandardError; end
+
+    module ClassMethods
+      def authenticate(username, password)
+        user = fetch(username)
+
+        if user and is_valid_password?(user, password)
+          return user
+        end
+      end
+
+      def fetch(login)
+        raise FetchMissing, "#{self}.fetch not implemented"
+      end
+
+      def is_valid_password?(user, password)
+        Shield::Password.check(password, user.crypted_password)
+      end
+    end
+
+    def password=(password)
+      self.crypted_password = Shield::Password.encrypt(password.to_s)
+    end
+  end
+
+  module Password
+    def self.iterations
+      @iterations ||= 5000
+    end
+
+    def self.iterations=(iterations)
+      @iterations = iterations
+    end
+
+    def self.encrypt(password, salt = generate_salt)
+      digest(password, salt) + salt
+    end
+
+    def self.check(password, encrypted)
+      sha512, salt = encrypted.to_s[0..127], encrypted.to_s[128..-1]
+
+      digest(password, salt) == sha512
+    end
+
+  protected
+    def self.digest(password, salt)
+      PBKDF2.new do |p|
+        p.password = password
+        p.salt = salt
+        p.iterations = iterations
+        p.hash_function = :sha512
+      end.hex_string
+    end
+
+    def self.generate_salt
+      Digest::SHA512.hexdigest(Time.now.to_f.to_s)[0, 64]
+    end
+  end
+end

data/test/cuba.rb

@@ -2,6 +2,7 @@ require File.expand_path("helper", File.dirname(__FILE__))
 require File.expand_path("user", File.dirname(__FILE__))
 
 Cuba.use Rack::Session::Cookie
+Cuba.use Shield::Middleware
 Cuba.plugin Shield::Helpers
 
 Cuba.define do
@@ -10,9 +11,11 @@ Cuba.define do
   end
 
   on get, "private" do
-    ensure_authenticated(User)
-
-    res.write "Private"
+    if authenticated(User)
+      res.write "Private"
+    else
+      res.status = 401
+    end
   end
 
   on get, "login" do
@@ -21,7 +24,7 @@ Cuba.define do
 
   on post, "login", param("login"), param("password") do |u, p|
     if login(User, u, p, req[:remember_me])
-      res.redirect(session[:return_to] || "/")
+      res.redirect(req[:return] || "/")
     else
       res.redirect "/login"
     end
@@ -50,10 +53,10 @@ scope do
   test "successful logging in" do
     get "/private"
 
-    assert_redirected_to "/login"
-    assert "/private" == session[:return_to]
+    assert_equal "/login?return=%2Fprivate", redirection_url
+
+    post "/login", login: "quentin", password: "password", return: "/private"
 
-    post "/login", :login => "quentin", :password => "password"
     assert_redirected_to "/private"
 
     assert 1001 == session["User"]
@@ -72,7 +75,6 @@ scope do
     get "/logout"
 
     assert nil == session["User"]
-    assert nil == session[:return_to]
   end
 
   test "remember functionality" do

data/test/helper.rb

@@ -16,6 +16,10 @@ class Cutest::Scope
     assert_equal path, URI(last_response.headers["Location"]).path
   end
 
+  def redirection_url
+    last_response.headers["Location"]
+  end
+
   def session
     last_request.env["rack.session"]
   end

data/test/middleware.rb

@@ -0,0 +1,29 @@
+require File.expand_path("helper", File.dirname(__FILE__))
+require File.expand_path("user", File.dirname(__FILE__))
+
+Cuba.use Rack::Session::Cookie
+Cuba.use Shield::Middleware
+
+Cuba.plugin Shield::Helpers
+
+Cuba.define do
+  on "secured" do
+    if not authenticated(User)
+      halt [401, { "Content-Type" => "text/html" }, []]
+    end
+
+    res.write "You're in"
+  end
+
+  on "foo" do
+    puts env.inspect
+  end
+end
+
+test do
+  env = { "PATH_INFO" => "/secured", "SCRIPT_NAME" => "" }
+  status, headers, body = Cuba.call(env)
+
+  assert_equal 302, status
+  assert_equal "/login?return=%2Fsecured", headers["Location"]
+end

data/test/model.rb

@@ -1,7 +1,7 @@
 require File.expand_path("helper", File.dirname(__FILE__))
 
 class User < Struct.new(:crypted_password)
-  extend Shield::Model
+  include Shield::Model
 end
 
 test "fetch" do
@@ -9,12 +9,11 @@ test "fetch" do
 
   begin
     User.fetch("quentin")
-  rescue Exception => e
-    ex = e
+  rescue Exception => ex
   end
 
   assert ex.kind_of?(Shield::Model::FetchMissing)
-  assert Shield::Model::FetchMissing.new.message == ex.message
+  assert "User.fetch not implemented" == ex.message
 end
 
 test "is_valid_password?" do
@@ -43,3 +42,10 @@ test "authenticate" do
   assert nil == User.authenticate("unknown", "pass")
   assert nil == User.authenticate("quentin", "wrongpass")
 end
+
+test "#password=" do
+  u = User.new
+  u.password = "pass1234"
+
+  assert Shield::Password.check("pass1234", u.crypted_password)
+end

data/test/ohm.rb

@@ -0,0 +1,30 @@
+require_relative "helper"
+require "ohm"
+
+class User < Ohm::Model
+  include Shield::Model
+
+  attribute :email
+  attribute :crypted_password
+  index :email
+
+  def self.fetch(email)
+    find(email: email).first
+  end
+end
+
+prepare do
+  Ohm.flush
+end
+
+setup do
+  User.create(email: "foo@bar.com", password: "pass1234")
+end
+
+test "fetch" do |user|
+  assert_equal user, User.fetch("foo@bar.com")
+end
+
+test "authenticate" do |user|
+  assert_equal user, User.authenticate("foo@bar.com", "pass1234")
+end

data/test/password.rb

@@ -1,6 +1,5 @@
 require File.expand_path("helper", File.dirname(__FILE__))
 
-# Shield::Password::Simple
 scope do
   test "encrypt" do
     encrypted = Shield::Password.encrypt("password")
@@ -11,33 +10,4 @@ scope do
     encrypted = Shield::Password.encrypt("password", "A" * 64)
     assert Shield::Password.check("password", encrypted)
   end
-
-  test "nil password doesn't raise" do
-    ex = nil
-
-    begin
-      encrypted = Shield::Password.encrypt(nil)
-    rescue Exception => e
-      ex = e
-    end
-
-    assert nil == ex
-  end
 end
-
-# Shield::Password::PBKDF2
-scope do
-  setup do
-    Shield::Password.strategy = Shield::Password::PBKDF2
-  end
-
-  test "encrypt" do
-    encrypted = Shield::Password.encrypt("password")
-    assert Shield::Password.check("password", encrypted)
-  end
-
-  test "with custom 64 character salt" do
-    encrypted = Shield::Password.encrypt("password", "A" * 64)
-    assert Shield::Password.check("password", encrypted)
-  end
-end

data/test/sequel.rb

@@ -0,0 +1,36 @@
+require_relative "helper"
+require "sequel"
+
+DB = Sequel.sqlite
+
+DB.run(%(
+  CREATE TABLE users (
+    id INTEGER PRIMARY KEY,
+    email VARCHAR(255) UNIQUE,
+    crypted_password VARCHAR(255)
+  )
+))
+
+class User < Sequel::Model
+  include Shield::Model
+
+  def self.fetch(email)
+    filter(email: email).first
+  end
+end
+
+prepare do
+  User.truncate
+end
+
+setup do
+  User.create(email: "foo@bar.com", password: "pass1234")
+end
+
+test "fetch" do |user|
+  assert_equal user, User.fetch("foo@bar.com")
+end
+
+test "authenticate" do |user|
+  assert_equal user, User.authenticate("foo@bar.com", "pass1234")
+end

data/test/shield.rb

@@ -44,19 +44,6 @@ setup do
   Context.new("/events/1")
 end
 
-test "ensure_authenticated when logged out" do |context|
-  context.ensure_authenticated(User)
-  assert "/events/1" == context.session[:return_to]
-  assert "/login" == context.redirect
-end
-
-test "ensure_authenticated when logged in" do |context|
-  context.session["User"] = 1
-  assert true == context.ensure_authenticated(User)
-  assert nil == context.redirect
-  assert nil == context.session[:return_to]
-end
-
 class Admin < Struct.new(:id)
   def self.[](id)
     new(id) unless id.to_s.empty?
@@ -70,11 +57,11 @@ test "authenticated" do |context|
   assert nil == context.authenticated(Admin)
 end
 
-test "caches authenticated in @_authenticated" do |context|
+test "caches authenticated in @_shield" do |context|
   context.session["User"] = 1
   context.authenticated(User)
 
-  assert User.new(1) == context.instance_variable_get(:@_authenticated)[User]
+  assert User.new(1) == context.instance_variable_get(:@_shield)[User]
 end
 
 test "login success" do |context|
@@ -83,13 +70,12 @@ test "login success" do |context|
 end
 
 test "login failure" do |context|
-  assert false == context.login(User, "wrong", "creds")
+  assert ! context.login(User, "wrong", "creds")
   assert nil == context.session["User"]
 end
 
 test "logout" do |context|
   context.session["User"] = 1001
-  context.session[:return_to] = "/foo"
 
   # Now let's make it memoize the User
   context.authenticated(User)
@@ -97,7 +83,6 @@ test "logout" do |context|
   context.logout(User)
 
   assert nil == context.session["User"]
-  assert nil == context.session[:return_to]
   assert nil == context.authenticated(User)
 end
 
@@ -105,4 +90,4 @@ test "authenticate" do |context|
   context.authenticate(User[1001])
 
   assert User[1] == context.authenticated(User)
-end
+end

data/test/sinatra.rb

@@ -2,6 +2,7 @@ require File.expand_path("helper", File.dirname(__FILE__))
 require File.expand_path("user", File.dirname(__FILE__))
 
 class SinatraApp < Sinatra::Base
+  use Shield::Middleware
   enable :sessions
   helpers Shield::Helpers
 
@@ -10,7 +11,7 @@ class SinatraApp < Sinatra::Base
   end
 
   get "/private" do
-    ensure_authenticated(User)
+    error(401) unless authenticated(User)
 
     "Private"
   end
@@ -21,7 +22,7 @@ class SinatraApp < Sinatra::Base
 
   post "/login" do
     if login(User, params[:login], params[:password], params[:remember_me])
-      redirect(session[:return_to] || "/")
+      redirect(params[:return] || "/")
     else
       redirect "/login"
     end
@@ -50,10 +51,11 @@ scope do
   test "successful logging in" do
     get "/private"
 
-    assert_redirected_to "/login"
-    assert_equal "/private", session[:return_to]
+    assert_equal "/login?return=%2Fprivate", redirection_url
+
+    post "/login", :login => "quentin", :password => "password",
+                   :return => "/private"
 
-    post "/login", :login => "quentin", :password => "password"
     assert_redirected_to "/private"
 
     assert 1001 == session["User"]
@@ -72,7 +74,6 @@ scope do
     get "/logout"
 
     assert nil == session["User"]
-    assert nil == session[:return_to]
   end
 
   test "remember functionality" do
@@ -85,3 +86,7 @@ scope do
     assert_equal nil, session[:remember_for]
   end
 end
+
+if $0 == __FILE__
+  SinatraApp.run!
+end

data/test/user.rb

@@ -1,5 +1,5 @@
 class User
-  extend Shield::Model
+  include Shield::Model
 
   def self.[](id)
     User.new(1001) unless id.to_s.empty?

metadata

@@ -1,8 +1,8 @@
 --- !ruby/object:Gem::Specification
 name: shield
 version: !ruby/object:Gem::Version
-  version: 0.1.0
-  prerelease: 
+  version: 1.0.0.rc1
+  prerelease: 6
 platform: ruby
 authors:
 - Michel Martens
@@ -11,11 +11,22 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2012-03-28 00:00:00.000000000 Z
+date: 2012-03-30 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: pbkdf2
+  requirement: &70325933980460 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: *70325933980460
 - !ruby/object:Gem::Dependency
   name: cutest
-  requirement: &70247759932460 !ruby/object:Gem::Requirement
+  requirement: &70325933977700 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -23,10 +34,10 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *70247759932460
+  version_requirements: *70325933977700
 - !ruby/object:Gem::Dependency
   name: cuba
-  requirement: &70247759931940 !ruby/object:Gem::Requirement
+  requirement: &70325933976980 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -34,10 +45,10 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *70247759931940
+  version_requirements: *70325933976980
 - !ruby/object:Gem::Dependency
   name: sinatra
-  requirement: &70247759931460 !ruby/object:Gem::Requirement
+  requirement: &70325933976340 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -45,10 +56,10 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *70247759931460
+  version_requirements: *70325933976340
 - !ruby/object:Gem::Dependency
   name: rack-test
-  requirement: &70247759930920 !ruby/object:Gem::Requirement
+  requirement: &70325933975460 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -56,7 +67,29 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *70247759930920
+  version_requirements: *70325933975460
+- !ruby/object:Gem::Dependency
+  name: sequel
+  requirement: &70325933974800 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: *70325933974800
+- !ruby/object:Gem::Dependency
+  name: ohm
+  requirement: &70325933973720 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '0.1'
+  type: :development
+  prerelease: false
+  version_requirements: *70325933973720
 description: ! "\n    Provides all the protocol you need in order to do authentication
   on\n    your rack application. The implementation specifics can be found in\n    http://github.com/cyx/shield-contrib\n
   \ "
@@ -68,16 +101,17 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- lib/shield/helpers.rb
-- lib/shield/model.rb
-- lib/shield/password/pbkdf2.rb
-- lib/shield/password/simple.rb
-- lib/shield/password.rb
+- README.md
+- LICENSE
+- Rakefile
 - lib/shield.rb
 - test/cuba.rb
 - test/helper.rb
+- test/middleware.rb
 - test/model.rb
+- test/ohm.rb
 - test/password.rb
+- test/sequel.rb
 - test/shield.rb
 - test/sinatra.rb
 - test/user.rb
@@ -96,11 +130,11 @@ required_ruby_version: !ruby/object:Gem::Requirement
 required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
   requirements:
-  - - ! '>='
+  - - ! '>'
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 1.3.1
 requirements: []
-rubyforge_project: shield
+rubyforge_project: 
 rubygems_version: 1.8.11
 signing_key: 
 specification_version: 3

data/lib/shield/helpers.rb

@@ -1,67 +0,0 @@
-module Shield
-  module Helpers
-    class NoSessionError < StandardError; end
-
-    def session
-      env["rack.session"] || raise(NoSessionError)
-    end
-
-    def redirect(path, status = 302)
-      if defined?(super)
-        # If the application context has defined a proper redirect
-        # we can simply use that definition.
-        super
-      else
-        # We implement the Cuba redirect here, being Cuba users we
-        # are biased towards it of course.
-        halt [status, { "Location" => path, "Content-Type" => "text/html" }, []]
-      end
-    end
-
-    def ensure_authenticated(model, login_url = "/login")
-      if authenticated(model)
-        return true
-      else
-        # If you've ever used request.path, it just so happens
-        # to be SCRIPT_NAME + PATH_INFO.
-        session[:return_to] = env["SCRIPT_NAME"] + env["PATH_INFO"]
-        redirect login_url
-        return false
-      end
-    end
-
-    def authenticated(model)
-      @_authenticated ||= {}
-      @_authenticated[model] ||= session[model.to_s] && model[session[model.to_s]]
-    end
-
-    def persist_session!
-      if session[:remember_for]
-        env["rack.session.options"][:expire_after] = session[:remember_for]
-      end
-    end
-
-    def login(model, username, password, remember = false, expire = 1209600)
-      instance = model.authenticate(username, password)
-
-      if instance
-        session[:remember_for] = expire if remember
-        session[model.to_s] = instance.id
-      else
-        return false
-      end
-    end
-
-    def logout(model)
-      session.delete(model.to_s)
-      session.delete(:return_to)
-      session.delete(:remember_for)
-
-      @_authenticated.delete(model) if defined?(@_authenticated)
-    end
-
-    def authenticate(user)
-      session[user.class.to_s] = user.id
-    end
-  end
-end

data/lib/shield/model.rb

@@ -1,35 +0,0 @@
-module Shield
-  module Model
-    def authenticate(username, password)
-      user = fetch(username)
-
-      if user and is_valid_password?(user, password)
-        return user
-      end
-    end
-
-    def fetch(login)
-      raise FetchMissing
-    end
-
-    def is_valid_password?(user, password)
-      Shield::Password.check(password, user.crypted_password)
-    end
-
-    class FetchMissing < Class.new(StandardError)
-      def message
-        %{
-          !! You need to implement `fetch`.
-          Below is a quick example implementation (in Ohm):
-
-            def fetch(email)
-              find(:email => email).first
-            end
-
-          For more example implementations, check out
-          http://github.com/cyx/shield-contrib
-        }.gsub(/^ {10}/, "")
-      end
-    end
-  end
-end

data/lib/shield/password.rb

@@ -1,28 +0,0 @@
-require "digest/sha2"
-
-module Shield
-  module Password
-    autoload :Simple, "shield/password/simple"
-    autoload :PBKDF2, "shield/password/pbkdf2"
-
-    def self.strategy=(s)
-      @strategy = s
-    end
-
-    def self.strategy
-      @strategy ||= Shield::Password::Simple
-    end
-
-    def self.encrypt(password, salt = generate_salt)
-      strategy.encrypt(password, salt)
-    end
-
-    def self.check(password, encrypted)
-      strategy.check(password, encrypted)
-    end
-
-    def self.generate_salt
-      Digest::SHA512.hexdigest(Time.now.to_f.to_s)[0, 64]
-    end
-  end
-end

data/lib/shield/password/pbkdf2.rb

@@ -1,23 +0,0 @@
-require "pbkdf2"
-
-module Shield
-  module Password
-    module PBKDF2
-      extend Shield::Password::Simple
-
-      def self.digest(password, salt)
-        ::PBKDF2.new do |p|
-          p.password = password
-          p.salt = salt
-          p.iterations = iterations
-          p.hash_function = :sha512
-        end.hex_string
-      end
-
-      class << self
-        attr_accessor :iterations
-      end
-      @iterations = 5000
-    end
-  end
-end

data/lib/shield/password/simple.rb

@@ -1,22 +0,0 @@
-module Shield
-  module Password
-    module Simple
-      extend self
-
-      def encrypt(password, salt)
-        digest(password, salt) + salt
-      end
-
-      def check(password, encrypted)
-        sha512, salt = encrypted.to_s[0..127], encrypted.to_s[128..-1]
-
-        digest(password, salt) == sha512
-      end
-
-    private
-      def digest(password, salt)
-        Digest::SHA512.hexdigest("#{ password }#{ salt }")
-      end
-    end
-  end
-end