shingara-devise 0.4.3

data/lib/devise/encryptors/sha512.rb

@@ -0,0 +1,34 @@
+require "digest/sha2"
+
+module Devise
+  # Implements a way of adding different encryptions.
+  # The class should implement a self.digest method that taks the following params:
+  #   - password
+  #   - stretches: the number of times the encryption will be applied
+  #   - salt: the password salt as defined by devise
+  #   - pepper: Devise config option
+  #
+  module Encryptors
+    # = Sha512
+    # Uses the Sha512 hash algorithm to encrypt passwords.
+    class Sha512
+      
+      # Gererates a default password digest based on salt, pepper and the
+      # incoming password.
+      def self.digest(password, stretches, salt, pepper)
+        digest = pepper
+        stretches.times { digest = self.secure_digest(salt, digest, password, pepper) }
+        digest
+      end
+
+      private
+
+        # Generate a Sha512 digest joining args. Generated token is something like
+        #   --arg1--arg2--arg3--argN--
+        def self.secure_digest(*tokens)
+          ::Digest::SHA512.hexdigest('--' << tokens.flatten.join('--') << '--')
+        end        
+      
+    end
+  end
+end

data/lib/devise/failure.rb

@@ -0,0 +1,36 @@
+module Devise
+  module Failure
+    mattr_accessor :default_url
+
+    # Failure application that will be called every time :warden is thrown from
+    # any strategy or hook. Responsible for redirect the user to the sign in
+    # page based on current scope and mapping. If no scope is given, redirect
+    # to the default_url.
+    def self.call(env)
+      options = env['warden.options']
+      scope   = options[:scope]
+      params  = case env['warden'].try(:message)
+        when Symbol
+          { env['warden'].message => true }
+        when String
+          { :message => env['warden'].message }
+        else
+          options[:params]
+      end
+
+      redirect_path = if mapping = Devise.mappings[scope]
+        "#{mapping.parsed_path}/#{mapping.path_names[:sign_in]}"
+      else
+        "/#{default_url}"
+      end
+
+      headers = {}
+      headers["Location"] = redirect_path
+      headers["Location"] << "?" << Rack::Utils.build_query(params) if params
+      headers["Content-Type"] = 'text/plain'
+
+      message = options[:message] || "You are being redirected to #{redirect_path}"
+      [302, headers, [message]]
+    end
+  end
+end

data/lib/devise/hooks/confirmable.rb

@@ -0,0 +1,11 @@
+# Each time the user is set we verify if it is still able to really sign in.
+# This is done by checking the time frame the user is able to sign in without
+# confirming it's account. If the user has not confirmed it's account during
+# this time frame, he/she will not able to sign in anymore.
+Warden::Manager.after_set_user do |record, auth, options|
+  if record && record.respond_to?(:active?) && !record.active?
+    scope = options[:scope]
+    auth.logout(scope)
+    throw :warden, :scope => scope, :params => { :unconfirmed => true }
+  end
+end

data/lib/devise/hooks/rememberable.rb

@@ -0,0 +1,27 @@
+# After authenticate hook to verify if the user in the given scope asked to be
+# remembered while he does not sign out. Generates a new remember token for
+# that specific user and adds a cookie with this user info to sign in this user
+# automatically without asking for credentials. Refer to rememberable strategy
+# for more info.
+Warden::Manager.after_authentication do |record, auth, options|
+  scope = options[:scope]
+  remember_me = auth.params[scope].try(:fetch, :remember_me, nil)
+
+  if Devise::TRUE_VALUES.include?(remember_me) && record.respond_to?(:remember_me!)
+    record.remember_me!
+    auth.cookies['remember_token'] = {
+      :value => record.class.serialize_into_cookie(record),
+      :expires => record.remember_expires_at
+    }
+  end
+end
+
+# Before logout hook to forget the user in the given scope, only if rememberable
+# is activated for this scope. Also clear remember token to ensure the user
+# won't be remembered again.
+Warden::Manager.before_logout do |record, auth, scope|
+  if record.respond_to?(:forget_me!)
+    record.forget_me!
+    auth.cookies.delete('remember_token')
+  end
+end

data/lib/devise/locales/en.yml

@@ -0,0 +1,18 @@
+en:
+  devise:
+    sessions:
+      signed_in: 'Signed in successfully.'
+      signed_out: 'Signed out successfully.'
+      unauthenticated: 'You need to sign in or sign up before continuing.'
+      unconfirmed: 'You have to confirm your account before continuing.'
+      invalid: 'Invalid email or password.'
+    passwords:
+      send_instructions: 'You will receive an email with instructions about how to reset your password in a few minutes.'
+      updated: 'Your password was changed successfully. You are now signed in.'
+    confirmations:
+      send_instructions: 'You will receive an email with instructions about how to confirm your account in a few minutes.'
+      confirmed: 'Your account was successfully confirmed. You are now signed in.'
+    mailer:
+      confirmation_instructions: 'Confirmation instructions'
+      reset_password_instructions: 'Reset password instructions'
+

data/lib/devise/mapping.rb

@@ -0,0 +1,120 @@
+module Devise
+  # Responsible for handling devise mappings and routes configuration. Each
+  # resource configured by devise_for in routes is actually creating a mapping
+  # object. You can refer to devise_for in routes for usage options.
+  #
+  # The required value in devise_for is actually not used internally, but it's
+  # inflected to find all other values.
+  #
+  #   map.devise_for :users
+  #   mapping = Devise.mappings[:user]
+  #
+  #   mapping.name #=> :user
+  #   # is the scope used in controllers and warden, given in the route as :singular.
+  #
+  #   mapping.as   #=> "users"
+  #   # how the mapping should be search in the path, given in the route as :as.
+  #
+  #   mapping.to   #=> User
+  #   # is the class to be loaded from routes, given in the route as :class_name.
+  #
+  #   mapping.for  #=> [:authenticatable]
+  #   # is the modules included in the class
+  #
+  class Mapping #:nodoc:
+    attr_reader :name, :as, :path_names, :path_prefix
+
+    # Loop through all mappings looking for a map that matches with the requested
+    # path (ie /users/sign_in). If a path prefix is given, it's taken into account.
+    def self.find_by_path(path)
+      Devise.mappings.each_value do |mapping|
+        route = path.split("/")[mapping.as_position]
+        return mapping if mapping.as == route.to_sym
+      end
+      nil
+    end
+
+    # Default url options which can be used as prefix.
+    def self.default_url_options
+      {}
+    end
+
+    def initialize(name, options) #:nodoc:
+      options.assert_valid_keys(:class_name, :as, :path_names, :singular, :path_prefix)
+
+      @as    = (options[:as] || name).to_sym
+      @klass = (options[:class_name] || name.to_s.classify).to_s
+      @name  = (options[:singular] || name.to_s.singularize).to_sym
+      @path_names  = options[:path_names] || {}
+      @path_prefix = options[:path_prefix] || ""
+      @path_prefix << "/" unless @path_prefix[-1] == ?/
+
+      setup_path_names
+    end
+
+    # Return modules for the mapping.
+    def for
+      @for ||= to.devise_modules
+    end
+
+    # Reload mapped class each time when cache_classes is false.
+    def to
+      return @to if @to
+      klass = @klass.constantize
+      @to = klass if Rails.configuration.cache_classes
+      klass
+    end
+
+    # Check if the respective controller has a module in the mapping class.
+    def allows?(controller)
+      self.for.include?(CONTROLLERS[controller.to_sym])
+    end
+
+    # Return in which position in the path prefix devise should find the as mapping.
+    def as_position
+      self.path_prefix.count("/")
+    end
+
+    # Returns the raw path using path_prefix and as.
+    def raw_path
+      path_prefix + as.to_s
+    end
+
+    # Returns the parsed path. If you need meta information in your path_prefix,
+    # you should overwrite this method to use it. The only information supported
+    # by default is I18n.locale.
+    #
+    def parsed_path
+      returning raw_path do |path|
+        self.class.default_url_options.each do |key, value|
+          path.gsub!(key.inspect, value.to_s)
+        end
+      end
+    end
+
+    # Create magic predicates for verifying what module is activated by this map.
+    # Example:
+    #
+    #   def confirmable?
+    #     self.for.include?(:confirmable)
+    #   end
+    #
+    ALL.each do |m|
+      class_eval <<-METHOD, __FILE__, __LINE__
+        def #{m}?
+          self.for.include?(:#{m})
+        end
+      METHOD
+    end
+
+    private
+
+      # Configure default path names, allowing the user overwrite defaults by
+      # passing a hash in :path_names.
+      def setup_path_names
+        [:sign_in, :sign_out, :password, :confirmation].each do |path_name|
+          @path_names[path_name] ||= path_name.to_s
+        end
+      end
+  end
+end

data/lib/devise/migrations.rb

@@ -0,0 +1,57 @@
+module Devise
+  # Helpers to migration:
+  #
+  #   create_table :accounts do |t|
+  #     t.authenticatable
+  #     t.confirmable
+  #     t.recoverable
+  #     t.rememberable
+  #     t.timestamps
+  #   end
+  #
+  # However this method does not add indexes. If you need them, here is the declaration:
+  #
+  #   add_index "accounts", ["email"],                :name => "email",                :unique => true
+  #   add_index "accounts", ["confirmation_token"],   :name => "confirmation_token",   :unique => true
+  #   add_index "accounts", ["reset_password_token"], :name => "reset_password_token", :unique => true
+  #
+  module Migrations
+
+    # Creates email, encrypted_password and password_salt.
+    #
+    # == Options
+    # * :null when true, allow columns to be null
+    # * :encryptor The encryptor going to be used, necessary for setting the proper encrypter password length
+    #
+    def authenticatable(options={})
+      null = options[:null] || false
+      encryptor = options[:encryptor] || :sha1
+
+      string :email,              :null => null, :limit => 100
+      string :encrypted_password, :null => null, :limit => Devise::ENCRYPTORS_LENGTH[encryptor]
+      string :password_salt,      :null => null, :limit => 20
+    end
+
+    # Creates confirmation_token, confirmed_at and confirmation_sent_at.
+    #
+    def confirmable
+      string   :confirmation_token, :limit => 20
+      datetime :confirmed_at
+      datetime :confirmation_sent_at
+    end
+
+    # Creates reset_password_token.
+    #
+    def recoverable
+      string :reset_password_token, :limit => 20
+    end
+
+    # Creates remember_token and remember_created_at.
+    #
+    def rememberable
+      string   :remember_token, :limit => 20
+      datetime :remember_created_at
+    end
+
+  end
+end

data/lib/devise/models/authenticatable.rb

@@ -0,0 +1,87 @@
+require 'devise/strategies/authenticatable'
+
+module Devise
+  module Models
+
+    # Authenticable Module, responsible for encrypting password and validating
+    # authenticity of a user while signing in.
+    #
+    # Configuration:
+    #
+    # You can overwrite configuration values by setting in globally in Devise,
+    # using devise method or overwriting the respective instance method.
+    #
+    #   pepper: encryption key used for creating encrypted password. Each time
+    #           password changes, it's gonna be encrypted again, and this key
+    #           is added to the password and salt to create a secure hash.
+    #           Always use `rake secret' to generate a new key.
+    #
+    #   stretches: defines how many times the password will be encrypted.
+    #
+    # Examples:
+    #
+    #    User.authenticate('email@test.com', 'password123')  # returns authenticated user or nil
+    #    User.find(1).valid_password?('password123')         # returns true/false
+    #
+    module Authenticatable
+      def self.included(base)
+        base.class_eval do
+          extend ClassMethods
+
+          attr_reader :password
+          attr_accessor :password_confirmation
+        end
+      end
+
+      # Regenerates password salt and encrypted password each time password is
+      # setted.
+      def password=(new_password)
+        @password = new_password
+        self.password_salt = friendly_token
+        self.encrypted_password = password_digest(@password)
+      end
+
+      # Verifies whether an incoming_password (ie from login) is the user
+      # password.
+      def valid_password?(incoming_password)
+        password_digest(incoming_password) == encrypted_password
+      end
+
+      protected
+      
+        # Digests the password using the configured encryptor
+        def password_digest(password)
+          encryptor.digest(password, stretches, password_salt, pepper)
+        end
+      
+        # Generate a friendly string randomically to be used as token.
+        def friendly_token
+          ActiveSupport::SecureRandom.base64(15).tr('+/=', '-_ ').strip.delete("\n")
+        end
+
+      module ClassMethods
+        # Authenticate a user based on email and password. Returns the
+        # authenticated user if it's valid or nil.
+        # Attributes are :email and :password
+        def authenticate(attributes={})
+          authenticatable = find_by_email(attributes[:email])
+          authenticatable if authenticatable.try(:valid_password?, attributes[:password])
+        end
+
+        # Attempt to find a user by it's email. If not user is found, returns a
+        # new user with an email not found error.
+        def find_or_initialize_with_error_by_email(email)
+          perishable = find_or_initialize_by_email(email)
+          if perishable.new_record?
+            perishable.errors.add(:email, :not_found, :default => 'not found')
+          end
+          perishable
+        end
+      end
+
+      Devise::Models.config(self, :pepper)
+      Devise::Models.config(self, :stretches)
+      Devise::Models.config(self, :encryptor)
+    end
+  end
+end

data/lib/devise/models/confirmable.rb

@@ -0,0 +1,156 @@
+require 'devise/hooks/confirmable'
+
+module Devise
+  module Models
+
+    # Confirmable is responsible to verify if an account is already confirmed to
+    # sign in, and to send emails with confirmation instructions.
+    # Confirmation instructions are sent to the user email after creating a
+    # record, after updating it's email and also when manually requested by
+    # a new confirmation instruction request.
+    # Whenever the user update it's email, his account is automatically unconfirmed,
+    # it means it won't be able to sign in again without confirming the account
+    # again through the email that was sent.
+    #
+    # Configuration:
+    #
+    #   confirm_within: the time you want the user will have to confirm it's account
+    #                   without blocking his access. When confirm_within is zero, the
+    #                   user won't be able to sign in without confirming. You can
+    #                   use this to let your user access some features of your
+    #                   application without confirming the account, but blocking it
+    #                   after a certain period (ie 7 days). By default confirm_within is
+    #                   zero, it means users always have to confirm to sign in.
+    #
+    # Examples:
+    #
+    #   User.find(1).confirm!      # returns true unless it's already confirmed
+    #   User.find(1).confirmed?    # true/false
+    #   User.find(1).send_confirmation_instructions # manually send instructions
+    #   User.find(1).reset_confirmation! # reset confirmation status and send instructions
+    module Confirmable
+
+      def self.included(base)
+        base.class_eval do
+          extend ClassMethods
+
+          before_create :generate_confirmation_token
+          after_create  :send_confirmation_instructions
+        end
+      end
+
+      # Confirm a user by setting it's confirmed_at to actual time. If the user
+      # is already confirmed, add en error to email field
+      def confirm!
+        unless_confirmed do
+          self.confirmation_token = nil
+          self.confirmed_at = Time.now
+          save(false)
+        end
+      end
+
+      # Verifies whether a user is confirmed or not
+      def confirmed?
+        !new_record? && confirmed_at?
+      end
+
+      # Send confirmation instructions by email
+      def send_confirmation_instructions
+        ::DeviseMailer.deliver_confirmation_instructions(self)
+      end
+
+      # Remove confirmation date and send confirmation instructions, to ensure
+      # after sending these instructions the user won't be able to sign in without
+      # confirming it's account
+      def reset_confirmation!
+        unless_confirmed do
+          generate_confirmation_token
+          save(false)
+          send_confirmation_instructions
+        end
+      end
+
+      # Verify whether a user is active to sign in or not. If the user is
+      # already confirmed, it should never be blocked. Otherwise we need to
+      # calculate if the confirm time has not expired for this user, in other
+      # words, if the confirmation is still valid.
+      def active?
+        confirmed? || confirmation_period_valid?
+      end
+
+      protected
+
+        # Checks if the confirmation for the user is within the limit time.
+        # We do this by calculating if the difference between today and the
+        # confirmation sent date does not exceed the confirm in time configured.
+        # Confirm_in is a model configuration, must always be an integer value.
+        #
+        # Example:
+        #
+        #   # confirm_within = 1.day and confirmation_sent_at = today
+        #   confirmation_period_valid?   # returns true
+        #
+        #   # confirm_within = 5.days and confirmation_sent_at = 4.days.ago
+        #   confirmation_period_valid?   # returns true
+        #
+        #   # confirm_within = 5.days and confirmation_sent_at = 5.days.ago
+        #   confirmation_period_valid?   # returns false
+        #
+        #   # confirm_within = 0.days
+        #   confirmation_period_valid?   # will always return false
+        #
+        def confirmation_period_valid?
+          confirmation_sent_at? &&
+            (Time.now.utc - confirmation_sent_at.utc) < confirm_within
+        end
+
+        # Checks whether the record is confirmed or not, yielding to the block
+        # if it's already confirmed, otherwise adds an error to email.
+        def unless_confirmed
+          unless confirmed?
+            yield
+          else
+            errors.add(:email, :already_confirmed, :default => 'already confirmed')
+            false
+          end
+        end
+
+        # Generates a new random token for confirmation, and stores the time
+        # this token is being generated
+        def generate_confirmation_token
+          self.confirmed_at = nil
+          self.confirmation_token = friendly_token
+          self.confirmation_sent_at = Time.now.utc
+        end
+
+      module ClassMethods
+
+        # Attempt to find a user by it's email. If a record is found, send new
+        # confirmation instructions to it. If not user is found, returns a new user
+        # with an email not found error.
+        # Options must contain the user email
+        def send_confirmation_instructions(attributes={})
+          confirmable = find_or_initialize_with_error_by_email(attributes[:email])
+          confirmable.reset_confirmation! unless confirmable.new_record?
+          confirmable
+        end
+
+        # Find a user by it's confirmation token and try to confirm it.
+        # If no user is found, returns a new user with an error.
+        # If the user is already confirmed, create an error for the user
+        # Options must have the confirmation_token
+        def confirm!(attributes={})
+          confirmable = find_or_initialize_by_confirmation_token(attributes[:confirmation_token])
+          if confirmable.new_record?
+            confirmable.errors.add(:confirmation_token, :invalid)
+          else
+            confirmable.confirm!
+          end
+          confirmable
+        end
+      end
+
+      Devise::Models.config(self, :confirm_within)
+    end
+  end
+end

data/lib/devise/models/recoverable.rb

@@ -0,0 +1,88 @@
+module Devise
+  module Models
+
+    # Recoverable takes care of reseting the user password and send reset instructions
+    # Examples:
+    #
+    #   # resets the user password and save the record, true if valid passwords are given, otherwise false
+    #   User.find(1).reset_password!('password123', 'password123')
+    #   # only resets the user password, without saving the record
+    #   user = User.find(1)
+    #   user.reset_password('password123', 'password123')
+    #   # creates a new token and send it with instructions about how to reset the password
+    #   User.find(1).send_reset_password_instructions
+    module Recoverable
+      def self.included(base)
+        base.class_eval do
+          extend ClassMethods
+        end
+      end
+
+      # Update password
+      def reset_password(new_password, new_password_confirmation)
+        self.password = new_password
+        self.password_confirmation = new_password_confirmation
+      end
+
+      # Update password saving the record and clearing token. Returns true if
+      # the passwords are valid and the record was saved, false otherwise.
+      def reset_password!(new_password, new_password_confirmation)
+        reset_password(new_password, new_password_confirmation)
+        clear_reset_password_token if valid?
+        save
+      end
+
+      # Resets reset password token and send reset password instructions by email
+      def send_reset_password_instructions
+        generate_reset_password_token!
+        ::DeviseMailer.deliver_reset_password_instructions(self)
+      end
+
+      protected
+
+        # Generates a new random token for reset password
+        def generate_reset_password_token
+          self.reset_password_token = friendly_token
+        end
+
+        # Resets the reset password token with and save the record without
+        # validating
+        def generate_reset_password_token!
+          generate_reset_password_token && save(false)
+        end
+
+        # Removes reset_password token
+        def clear_reset_password_token
+          self.reset_password_token = nil
+        end
+
+      module ClassMethods
+
+        # Attempt to find a user by it's email. If a record is found, send new
+        # password instructions to it. If not user is found, returns a new user
+        # with an email not found error.
+        # Attributes must contain the user email
+        def send_reset_password_instructions(attributes={})
+          recoverable = find_or_initialize_with_error_by_email(attributes[:email])
+          recoverable.send_reset_password_instructions unless recoverable.new_record?
+          recoverable
+        end
+
+        # Attempt to find a user by it's reset_password_token to reset it's
+        # password. If a user is found, reset it's password and automatically
+        # try saving the record. If not user is found, returns a new user
+        # containing an error in reset_password_token attribute.
+        # Attributes must contain reset_password_token, password and confirmation
+        def reset_password!(attributes={})
+          recoverable = find_or_initialize_by_reset_password_token(attributes[:reset_password_token])
+          if recoverable.new_record?
+            recoverable.errors.add(:reset_password_token, :invalid)
+          else
+            recoverable.reset_password!(attributes[:password], attributes[:password_confirmation])
+          end
+          recoverable
+        end
+      end
+    end
+  end
+end