shield 0.0.0

data/LICENSE

@@ -0,0 +1,19 @@
+Copyright (c) 2009 Michel Martens, Damian Janowski and Cyril David
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.markdown

@@ -0,0 +1,5 @@
+# Shield
+
+See the [one file tutorial][tut] for info on getting started.
+
+[tut]: http://cyx.github.com/shield

data/README.rb

@@ -0,0 +1,73 @@
+## Shield
+
+# A simple authentication framework for use with a basic Rack application.
+# It doesn't try to be generic and instead has the following assertions:
+
+# 1. You use [Ohm][ohm] for your persistence layer.
+# 2. That your app has some form of a Helper plugin system.
+
+## Usage
+
+# The fastest way to get started with `Shield` is to use it as a [Sinatra][sin]
+# extension on top of your main application.
+
+# We simply have to require sinatra, shield, and [Ohm][ohm].
+require "sinatra/base"
+require "shield"
+require "ohm"
+
+# We then define a `User` class on the top-level namespace:
+class User < Shield::User
+end
+
+# Our sinatra application can be a classic style, but for this example,
+# we'll use the more modular style extending from `Sinatra::Base`.
+class App < Sinatra::Base
+  # One very very important detail to remember is that you need to
+  # have session support for all of Shield to work.
+  enable :sessions
+
+  # Now for the main highlight: This line simply does two things:
+  #
+  # 1. It adds `Shield::Helpers` to your Sinatra app's helpers.
+  # 2. It adds `Shield::Login` as a middleware for your application.
+  #
+  register Shield
+
+  # This is a normal Sinatra route. No authentication is needed here.
+  get "/public" do
+    "Public"
+  end
+
+  # This is a private Sinatra route, which we enforce using
+  # `ensure_authenticated`. This method comes from `Shield::Helpers` along
+  # with some other helper methods:
+  #
+  # 1. `current_user`         - ain't this the standard nowadays?
+  # 2. `logged_in?`           - simple sugar to verify if the user is logged in.
+  # 3. `ensure_authenticated` - as shown here.
+  # 4. `redirect_to_stored`   - redirects to the previous url the user was
+  #                             trying to access prior to authenticating.
+  get "/private" do
+    ensure_authenticated
+
+    "Private"
+  end
+end
+
+# If this file was run directly i.e. ruby README.rb.
+if __FILE__ == $0
+  # For the purposes of this quick script, let's create a User. You'll use that
+  # to quickly verify that you can indeed login to the application.
+  if User.all.size == 0
+    User.create(:email => "quentin@test.com",
+                :password => "password",
+                :password_confirmation => "password")
+  end
+
+  # Let Sinatra take the stage.
+  App.run!
+end
+
+# [ohm]: http://ohm.keyvalue.org
+# [sin]: http://sinatrarb.com

data/Rakefile

@@ -0,0 +1,6 @@
+desc "Run all tests using cutest."
+task :test do
+  system("cutest -r ./test/helper ./test/*_test.rb")
+end
+
+task :default => :test

data/lib/shield.rb

@@ -0,0 +1,18 @@
+module Shield
+  VERSION = "0.0.0"
+
+  autoload :BasicUser, "shield/template/basic_user"
+  autoload :User,      "shield/template/user"
+  autoload :FlexiUser, "shield/template/flexi_user"
+  autoload :Password,  "shield/password"
+  autoload :Login,     "shield/login"
+  autoload :Helpers,   "shield/helpers"
+
+  def self.registered(app)
+    app.helpers Helpers
+
+    app.use Login do |m|
+      m.settings.set :views, app.views if app.views
+    end
+  end
+end

data/lib/shield/helpers.rb

@@ -0,0 +1,22 @@
+module Shield
+  module Helpers
+    def ensure_authenticated
+      return if logged_in?
+
+      session[:return_to] = request.fullpath
+      redirect "/login"
+    end
+
+    def logged_in?
+      !! current_user
+    end
+
+    def current_user
+      @_current_user ||= ::User[session[:user]]
+    end
+
+    def redirect_to_stored(default = "/")
+      redirect(session.delete(:return_to) || default)
+    end
+  end
+end

data/lib/shield/login.rb

@@ -0,0 +1,38 @@
+require "sinatra/base"
+
+module Shield
+  class Login < Sinatra::Base
+    enable :sessions
+    helpers Helpers
+
+    set :views, File.join(File.dirname(__FILE__), "..", "..", "views")
+
+    set :auth_success_message, "You have successfully logged in."
+    set :auth_failure_message, "Wrong Username and/or Password combination."
+
+    get "/login/?" do
+      haml :login
+    end
+
+    post "/login/?" do
+      user = ::User.authenticate(params[:login], params[:password])
+
+      if user
+        session[:success] = settings.auth_success_message
+        session[:user] = user.id
+
+        redirect_to_stored
+      else
+        session[:error] = settings.auth_failure_message
+        redirect "/login"
+      end
+    end
+
+    get "/logout/?" do
+      session.delete(:user)
+      session.delete(:return_to)
+
+      redirect "/"
+    end
+  end
+end

data/lib/shield/password.rb

@@ -0,0 +1,24 @@
+require "digest/sha2"
+
+module Shield
+  module Password
+    def self.encrypt(password, salt = generate_salt)
+      digest(password, salt) + salt
+    end
+
+    def self.check(password, encrypted)
+      sha512, salt = encrypted.to_s[0..127], encrypted.to_s[128..-1]
+
+      digest(password, salt) == sha512
+    end
+
+  private
+    def self.digest(password, salt)
+      Digest::SHA512.hexdigest("#{ password }#{ salt }")
+    end
+
+    def self.generate_salt
+      Digest::SHA512.hexdigest(Time.now.to_f.to_s)[0, 64]
+    end
+  end
+end

data/lib/shield/template/basic_user.rb

@@ -0,0 +1,37 @@
+module Shield
+  class BasicUser < Ohm::Model
+    Unimplemented = Class.new(StandardError)
+
+    def self.inherited(model)
+      model.attribute :crypted_password
+    end
+
+    # TODO : change this if Ohm decides on implementing subclassing.
+    def self._copy_attributes_indices_counters(model)
+      attributes.each { |att| model.attribute(att) }
+      indices.each    { |att| model.index(att)     }
+      counters.each   { |att| model.counter(att)   }
+    end
+
+    attr_reader :password, :password_confirmation
+    attr_writer :password_confirmation
+
+    def self.authenticate(login, password)
+      user = find_by_login(login)
+
+      if user && Shield::Password.check(password, user.crypted_password)
+        return user
+      end
+    end
+
+    def self.find_by_login(login)
+      raise Unimplemented
+    end
+
+    def password=(password)
+      write_local :crypted_password, Shield::Password.encrypt(password)
+
+      @password = password
+    end
+  end
+end

data/lib/shield/template/flexi_user.rb

@@ -0,0 +1,22 @@
+module Shield
+  class FlexiUser < User
+    def self.inherited(model)
+      model.attribute :username
+      model.index :username
+
+      _copy_attributes_indices_counters(model)
+    end
+
+    def self.find_by_login(login)
+      super or find(:username => login).first
+    end
+
+    def validate
+      super
+
+      assert_present(:username) &&
+        assert_format(:username, /\A[a-z][a-z0-9\-\_\.]{2,}\z/) &&
+        assert_unique(:username)
+    end
+  end
+end

data/lib/shield/template/user.rb

@@ -0,0 +1,32 @@
+require "ohm/contrib"
+
+module Shield
+  class User < BasicUser
+    include Ohm::WebValidations
+
+    def self.inherited(model)
+      model.attribute :email
+      model.index :email
+
+      _copy_attributes_indices_counters(model)
+    end
+
+    def self.find_by_login(login)
+      find(:email => login).first
+    end
+
+    def validate
+      super
+
+      assert_present(:email) && assert_email(:email) && assert_unique(:email)
+
+      if new?
+        assert_present :password
+      end
+
+      unless password.to_s.empty?
+        assert password == password_confirmation, [:password, :not_confirmed]
+      end
+    end
+  end
+end

data/test/basic_user_test.rb

@@ -0,0 +1,37 @@
+require File.expand_path("helper", File.dirname(__FILE__))
+
+class BasicUser < Shield::BasicUser
+end
+
+setup do
+  BasicUser.create(:password => "password")
+end
+
+test "allows password checks at the minimum" do |u|
+  assert Shield::Password.check("password", u.crypted_password)
+end
+
+test "no find_by_login" do
+  assert_raise Shield::BasicUser::Unimplemented do
+    BasicUser.authenticate("quentin", "password")
+  end
+
+  assert_raise Shield::BasicUser::Unimplemented do
+    BasicUser.find_by_login("quentin")
+  end
+end
+
+test "has password confirmation accesors" do |u|
+  u.password_confirmation = "pass"
+
+  assert "pass" == u.password_confirmation
+end
+
+test "writes the new crypted password on set" do
+  u = BasicUser.new(:password => "mypass")
+  assert Shield::Password.check("mypass", u.crypted_password)
+
+  u.save
+  u = BasicUser[u.id]
+  assert Shield::Password.check("mypass", u.crypted_password)
+end

data/test/flexi_user_test.rb

@@ -0,0 +1,40 @@
+require File.expand_path("helper", File.dirname(__FILE__))
+
+class FlexiUser < Shield::FlexiUser
+end
+
+setup do
+  FlexiUser.create(:email => "quentin@test.com",
+                   :username => "quentin",
+                   :password => "password",
+                   :password_confirmation => "password")
+end
+
+test "find_by_login" do |u|
+  assert u == FlexiUser.find_by_login("quentin@test.com")
+  assert u == FlexiUser.find_by_login("quentin")
+end
+
+test "authenticate" do |u|
+  assert u == FlexiUser.authenticate("quentin", "password")
+  assert u == FlexiUser.authenticate("quentin@test.com", "password")
+end
+
+test "username validation" do |u|
+  u.username = nil
+  assert ! u.valid?
+  assert u.errors.include?([:username, :not_present])
+
+  ["1foo", "fo", "foo^", "foo&", "foo#"].each do |username|
+    u.username = username
+    assert ! u.valid?
+    assert u.errors.include?([:username, :format])
+  end
+
+  u.username = "foo"
+  assert u.valid?
+
+  newuser = FlexiUser.new(:username => "quentin")
+  assert ! newuser.valid?
+  assert newuser.errors.include?([:username, :not_unique])
+end

data/test/helper.rb

@@ -0,0 +1,25 @@
+$:.unshift(File.expand_path("../lib", File.dirname(__FILE__)))
+
+require "shield"
+require "cutest"
+require "rack/test"
+require "sinatra/base"
+require "nokogiri"
+require "haml"
+require "ohm"
+require "ohm/contrib"
+
+prepare { Ohm.flush }
+
+class Cutest::Scope
+  include Rack::Test::Methods
+
+  def assert_redirected_to(path)
+    assert 302  == last_response.status
+    assert path == last_response.headers["Location"]
+  end
+
+  def session
+    last_request.env["rack.session"]
+  end
+end

data/test/login_middleware_test.rb

@@ -0,0 +1,59 @@
+require File.expand_path("helper", File.dirname(__FILE__))
+
+class User < Shield::User
+end
+
+class Main < Sinatra::Base
+  enable :sessions
+  helpers Shield::Helpers
+
+  get "/public" do
+    "Public"
+  end
+
+  get "/private" do
+    ensure_authenticated
+
+    "Private"
+  end
+
+  use Shield::Login do |login|
+    login.settings.auth_success_message = "Booya!"
+    login.settings.auth_failure_message = "BOOM!"
+  end
+end
+
+scope do
+  def app
+    Main.new
+  end
+
+  setup do
+    clear_cookies
+
+    User.create(:email => "quentin@test.com",
+                :password => "password",
+                :password_confirmation => "password")
+  end
+
+  test "public" do
+    get "/public"
+    assert "Public" == last_response.body
+  end
+
+  test "logging in" do
+    post "/login", :login => "quentin@test.com", :password => "password"
+
+    get "/private"
+    assert "Private" == last_response.body
+    assert "Booya!" == session[:success]
+  end
+
+  test "login, logout, login failure" do
+    post "/login", :login => "quentin@test.com", :password => "password"
+    get "/logout"
+
+    post "/login"
+    assert "BOOM!" == session[:error]
+  end
+end

data/test/login_rack_mounting_test.rb

@@ -0,0 +1,63 @@
+require File.expand_path("helper", File.dirname(__FILE__))
+
+class User < Shield::User
+end
+
+class Main < Sinatra::Base
+  enable :sessions
+  helpers Shield::Helpers
+
+  get "/public" do
+    "Public"
+  end
+
+  get "/private" do
+    ensure_authenticated
+
+    "Private"
+  end
+end
+
+$app = Rack::Builder.app {
+  use Shield::Login
+
+  map "/" do
+    run Main
+  end
+}
+
+scope do
+  def app
+    $app
+  end
+
+  setup do
+    clear_cookies
+
+    User.create(:email => "quentin@test.com",
+                :password => "password",
+                :password_confirmation => "password")
+  end
+
+  test "public" do
+    get "/public"
+
+    assert "Public" == last_response.body
+  end
+
+  test "logging in" do
+    post "/login", :login => "quentin@test.com",
+                   :password => "password"
+
+    get "/private"
+    assert "Private" == last_response.body
+  end
+
+  test "being redirected and then logging in" do
+    get "/private"
+    assert_redirected_to "/login"
+
+    post "/login", :login => "quentin@test.com", :password => "password"
+    assert_redirected_to "/private"
+  end
+end

data/test/mounted_middleware_test.rb

@@ -0,0 +1,96 @@
+require File.expand_path("helper", File.dirname(__FILE__))
+
+class User < Shield::User
+end
+
+class App < Sinatra::Base
+  enable :sessions
+
+  helpers Shield::Helpers
+end
+
+class Main < App
+  get "/public" do
+    "Public"
+  end
+
+  get "/private" do
+    ensure_authenticated
+
+    "Private"
+  end
+end
+
+class Admin < App
+  before do
+    ensure_authenticated unless request.fullpath == "/admin/login"
+  end
+
+  get "/events" do
+    "Events"
+  end
+
+  get "/sponsors" do
+    "Sponsors"
+  end
+
+  post "/login" do
+    user = User.authenticate(params[:login], params[:password])
+
+    if user
+      session[:success] = "Success"
+      session[:user] = user.id
+
+      redirect_to_stored
+    else
+      session[:error] = "Failure"
+      redirect "/login"
+    end
+  end
+end
+
+$app = Rack::Builder.app {
+  map "/" do
+    run Main
+  end
+
+  map "/admin" do
+    run Admin
+  end
+}
+
+scope do
+  def app
+    $app
+  end
+
+  setup do
+    User.create(:email => "quentin@test.com",
+                :password => "password",
+                :password_confirmation => "password")
+  end
+
+  test "public" do
+    get "/public"
+
+    assert "Public" == last_response.body
+  end
+
+  test "all admin routes" do
+    get "/admin/events"
+    assert_redirected_to "/login"
+    assert "/admin/events" == session[:return_to]
+
+    get "/admin/sponsors"
+    assert_redirected_to "/login"
+    assert "/admin/sponsors" == session[:return_to]
+  end
+
+  test "single sign on" do
+    post "/admin/login", :login => "quentin@test.com",
+                         :password => "password"
+
+    get "/private"
+    assert "Private" == last_response.body
+  end
+end

data/test/password_hash_test.rb

@@ -0,0 +1,23 @@
+require File.expand_path("helper", File.dirname(__FILE__))
+
+test "encrypt" do
+  encrypted = Shield::Password.encrypt("password")
+  assert Shield::Password.check("password", encrypted)
+end
+
+test "with custom 64 character salt" do
+  encrypted = Shield::Password.encrypt("password", "A" * 64)
+  assert Shield::Password.check("password", encrypted)
+end
+
+test "nil password doesn't raise" do
+  ex = nil
+
+  begin
+    encrypted = Shield::Password.encrypt(nil)
+  rescue Exception => e
+    ex = e
+  end
+
+  assert nil == ex
+end

data/test/shield_test.rb

@@ -0,0 +1 @@
+require File.expand_path("helper", File.dirname(__FILE__))

data/test/sinatra_test.rb

@@ -0,0 +1,73 @@
+require File.expand_path("helper", File.dirname(__FILE__))
+
+class User < Shield::User
+end
+
+class SinatraApp < Sinatra::Base
+  enable :sessions
+  register Shield
+
+  get "/public" do
+    "Public"
+  end
+
+  get "/private" do
+    ensure_authenticated
+
+    "Private"
+  end
+end
+
+scope do
+  def app
+    SinatraApp.new
+  end
+
+  setup do
+    User.create(:email => "quentin@test.com",
+                :password => "password",
+                :password_confirmation => "password")
+  end
+
+  test "public" do
+    get "/public"
+    assert "Public" == last_response.body
+  end
+
+  test "private" do
+    get "/private"
+    assert_redirected_to "/login"
+    assert "/private" == session[:return_to]
+
+    post "/login", :login => "quentin@test.com", :password => "password"
+    assert_redirected_to "/private"
+  end
+
+  test "GET /login response" do
+    get "/login"
+
+    doc = Nokogiri(%{<div>#{last_response.body}</div>})
+
+    assert 2 == doc.search("form > fieldset > label > input").size
+    assert 1 == doc.search("form > fieldset > button").size
+  end
+end
+
+class LoginCustomized < Sinatra::Base
+  enable :sessions
+  set :views, File.join(File.dirname(__FILE__), "fixtures", "views")
+
+  register Shield
+end
+
+scope do
+  def app
+    LoginCustomized.new
+  end
+
+  test "login response" do
+    get "/login"
+
+    assert "<h1>Login</h1>" == last_response.body.strip
+  end
+end

data/test/user_test.rb

@@ -0,0 +1,33 @@
+require File.expand_path("helper", File.dirname(__FILE__))
+
+class User < Shield::User
+end
+
+setup do
+  User.create(:email => "quentin@email.com", :password => "password",
+              :password_confirmation => "password")
+end
+
+test "authentication default" do |u|
+  assert u == User.authenticate("quentin@email.com", "password")
+
+  assert nil == User.authenticate("quentin@email.com", "pass")
+  assert nil == User.authenticate("quentin@email.co.uk", "password")
+end
+
+test "email validation" do |u|
+  u.email = nil
+  assert ! u.valid?
+  assert u.errors.include?([:email, :not_present])
+
+  u.email = "foobar"
+  assert ! u.valid?
+  assert u.errors.include?([:email, :not_email])
+
+  u.email = "foo@bar.com"
+  u.save
+
+  foo = User.new(:email => "foo@bar.com")
+  assert ! foo.valid?
+  assert foo.errors.include?([:email, :not_unique])
+end

metadata

@@ -0,0 +1,179 @@
+--- !ruby/object:Gem::Specification 
+name: shield
+version: !ruby/object:Gem::Version 
+  prerelease: false
+  segments: 
+  - 0
+  - 0
+  - 0
+  version: 0.0.0
+platform: ruby
+authors: 
+- Michel Martens
+- Damian Janowski
+- Cyril David
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2010-10-15 00:00:00 +08:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: cutest
+  prerelease: false
+  requirement: &id001 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        segments: 
+        - 0
+        version: "0"
+  type: :development
+  version_requirements: *id001
+- !ruby/object:Gem::Dependency 
+  name: sinatra
+  prerelease: false
+  requirement: &id002 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        segments: 
+        - 0
+        version: "0"
+  type: :development
+  version_requirements: *id002
+- !ruby/object:Gem::Dependency 
+  name: haml
+  prerelease: false
+  requirement: &id003 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        segments: 
+        - 0
+        version: "0"
+  type: :development
+  version_requirements: *id003
+- !ruby/object:Gem::Dependency 
+  name: rack-test
+  prerelease: false
+  requirement: &id004 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        segments: 
+        - 0
+        version: "0"
+  type: :development
+  version_requirements: *id004
+- !ruby/object:Gem::Dependency 
+  name: ohm
+  prerelease: false
+  requirement: &id005 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        segments: 
+        - 0
+        version: "0"
+  type: :development
+  version_requirements: *id005
+- !ruby/object:Gem::Dependency 
+  name: ohm-contrib
+  prerelease: false
+  requirement: &id006 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        segments: 
+        - 0
+        version: "0"
+  type: :development
+  version_requirements: *id006
+- !ruby/object:Gem::Dependency 
+  name: nokogiri
+  prerelease: false
+  requirement: &id007 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        segments: 
+        - 0
+        version: "0"
+  type: :development
+  version_requirements: *id007
+description: "\n    Gets you 80-90% of the way regarding your authentication\n    requirements. Provides convenience helper functions which you can\n    use with your favorite web framework of choice.\n  "
+email: 
+- michel@soveran.com
+- djanowski@dimaion.com
+- cyx@pipetodevnull.com
+executables: []
+
+extensions: []
+
+extra_rdoc_files: []
+
+files: 
+- lib/shield/helpers.rb
+- lib/shield/login.rb
+- lib/shield/password.rb
+- lib/shield/template/basic_user.rb
+- lib/shield/template/flexi_user.rb
+- lib/shield/template/user.rb
+- lib/shield.rb
+- README.markdown
+- README.rb
+- LICENSE
+- Rakefile
+- test/basic_user_test.rb
+- test/flexi_user_test.rb
+- test/helper.rb
+- test/login_middleware_test.rb
+- test/login_rack_mounting_test.rb
+- test/mounted_middleware_test.rb
+- test/password_hash_test.rb
+- test/shield_test.rb
+- test/sinatra_test.rb
+- test/user_test.rb
+has_rdoc: true
+homepage: http://github.com/cyx/shield
+licenses: []
+
+post_install_message: 
+rdoc_options: []
+
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      segments: 
+      - 0
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      segments: 
+      - 0
+      version: "0"
+requirements: []
+
+rubyforge_project: shield
+rubygems_version: 1.3.7
+signing_key: 
+specification_version: 3
+summary: Ohm specific authentication solution.
+test_files: []
+