simple_auth 1.5.0 → 2.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: b9ccc966be8f5d91ed83365e91fd161dd3855411
-  data.tar.gz: ddeab7fa3b0cf45404e19a06f1b8ac0860ae39e4
+  metadata.gz: 90b77901780358f8890699611f29c46dd78d844b
+  data.tar.gz: 00db8239eb7dd70a701a532f4d491d3cb8ce8110
 SHA512:
-  metadata.gz: df425ff3d123c56b312517437615d925a979eb15b001061b6b304fbfcfe2e99594486365de3dff1e45cff6138f7a7543fe1cc8b9c1f837c672bf008131df5327
-  data.tar.gz: c1a2c7e841bfd56dd870fbddc96d6045df8cb6ed6eb4cf53ffd8c1ee53160159ff3ad202d7b361ab4bf4b25bd70f3fccc28bec444822d3b6cef1d9ad92c23165
+  metadata.gz: 86bda4fb617c416cb2e669002443ea61bf88098dddd19d7725affa62c6a78753be0e8288a83cb83180c6932b4fbcf1c7df7212fea21b0d7fa14402164ff831dc
+  data.tar.gz: 5829b734bcede51e7c14859b329bb0480b47d4311cd6c72174073570e5dc60889028ebb53eb136a9567812d0c9d280acb08259b193fc9e3460615d63c47c0752

data/.rspec

@@ -1 +1 @@
---color --format documentation
+--color

data/.travis.yml

@@ -0,0 +1,11 @@
+rvm:
+  - 1.9.3
+  - 2.0.0
+  - 2.1.0
+script: bundle exec rspec
+gemfile:
+  - Gemfile
+  - gemfiles/rails_3_1.gemfile
+  - gemfiles/rails_3_2.gemfile
+  - gemfiles/rails_4_0.gemfile
+  - gemfiles/rails_4_1.gemfile

data/CHANGELOG.md

@@ -0,0 +1,5 @@
+# v2.0.0
+
+- Released version 2.0.0. This version removes support for MongoDB
+  and switches to `has_secure_password` encryption method. This
+  change requires Rails 3.1.0+.

data/Gemfile

@@ -1,4 +1,2 @@
 source "http://rubygems.org"
 gemspec
-
-gem "mongo_mapper", github: "jnunemaker/mongomapper"

data/Gemfile.lock

@@ -1,122 +1,145 @@
-GIT
-  remote: git://github.com/jnunemaker/mongomapper.git
-  revision: e0d7db141b2c330eb44773ef00d1b179bbdf9209
-  specs:
-    mongo_mapper (0.13.0.beta1)
-      activemodel (>= 3.0.0)
-      activesupport (>= 3.0)
-      mongo (~> 1.8)
-      plucky (~> 0.6.5)
-
 PATH
   remote: .
   specs:
-    simple_auth (1.5.0)
+    simple_auth (2.0.0)
+      rails (>= 3.1.0)
 
 GEM
   remote: http://rubygems.org/
   specs:
-    actionmailer (4.0.0)
-      actionpack (= 4.0.0)
-      mail (~> 2.5.3)
-    actionpack (4.0.0)
-      activesupport (= 4.0.0)
-      builder (~> 3.1.0)
-      erubis (~> 2.7.0)
+    actionmailer (4.1.0)
+      actionpack (= 4.1.0)
+      actionview (= 4.1.0)
+      mail (~> 2.5.4)
+    actionpack (4.1.0)
+      actionview (= 4.1.0)
+      activesupport (= 4.1.0)
       rack (~> 1.5.2)
       rack-test (~> 0.6.2)
-    activemodel (4.0.0)
-      activesupport (= 4.0.0)
-      builder (~> 3.1.0)
-    activerecord (4.0.0)
-      activemodel (= 4.0.0)
-      activerecord-deprecated_finders (~> 1.0.2)
-      activesupport (= 4.0.0)
-      arel (~> 4.0.0)
-    activerecord-deprecated_finders (1.0.3)
-    activesupport (4.0.0)
-      i18n (~> 0.6, >= 0.6.4)
-      minitest (~> 4.2)
-      multi_json (~> 1.3)
+    actionview (4.1.0)
+      activesupport (= 4.1.0)
+      builder (~> 3.1)
+      erubis (~> 2.7.0)
+    activemodel (4.1.0)
+      activesupport (= 4.1.0)
+      builder (~> 3.1)
+    activerecord (4.1.0)
+      activemodel (= 4.1.0)
+      activesupport (= 4.1.0)
+      arel (~> 5.0.0)
+    activesupport (4.1.0)
+      i18n (~> 0.6, >= 0.6.9)
+      json (~> 1.7, >= 1.7.7)
+      minitest (~> 5.1)
       thread_safe (~> 0.1)
-      tzinfo (~> 0.3.37)
-    arel (4.0.0)
-    atomic (1.1.12)
-    bson (1.9.1)
-    bson_ext (1.9.1)
-      bson (~> 1.9.1)
-    builder (3.1.4)
-    diff-lcs (1.2.4)
+      tzinfo (~> 1.1)
+    arel (5.0.1.20140414130214)
+    awesome_print (1.2.0)
+    bcrypt (3.1.7)
+    builder (3.2.2)
+    coderay (1.1.0)
+    columnize (0.3.6)
+    debugger (1.6.6)
+      columnize (>= 0.3.1)
+      debugger-linecache (~> 1.2.0)
+      debugger-ruby_core_source (~> 1.3.2)
+    debugger-linecache (1.2.0)
+    debugger-ruby_core_source (1.3.2)
+    diff-lcs (1.2.5)
     erubis (2.7.0)
     hike (1.2.3)
-    i18n (0.6.4)
+    i18n (0.6.9)
+    json (1.8.1)
     mail (2.5.4)
       mime-types (~> 1.16)
       treetop (~> 1.4.8)
-    mime-types (1.23)
-    minitest (4.7.5)
-    mongo (1.9.1)
-      bson (~> 1.9.1)
-    multi_json (1.7.7)
-    plucky (0.6.5)
-      mongo (~> 1.5)
-    polyglot (0.3.3)
+    method_source (0.8.2)
+    mime-types (1.25.1)
+    minitest (5.3.3)
+    multi_json (1.9.2)
+    polyglot (0.3.4)
+    pry (0.9.12.6)
+      coderay (~> 1.0)
+      method_source (~> 0.8)
+      slop (~> 3.4)
+    pry-debugger (0.2.2)
+      debugger (~> 1.3)
+      pry (~> 0.9.10)
+    pry-meta (0.0.6)
+      awesome_print
+      pry
+      pry-debugger
+      pry-remote
+    pry-remote (0.1.8)
+      pry (~> 0.9)
+      slop (~> 3.0)
     rack (1.5.2)
     rack-test (0.6.2)
       rack (>= 1.0)
-    rails (4.0.0)
-      actionmailer (= 4.0.0)
-      actionpack (= 4.0.0)
-      activerecord (= 4.0.0)
-      activesupport (= 4.0.0)
+    rails (4.1.0)
+      actionmailer (= 4.1.0)
+      actionpack (= 4.1.0)
+      actionview (= 4.1.0)
+      activemodel (= 4.1.0)
+      activerecord (= 4.1.0)
+      activesupport (= 4.1.0)
       bundler (>= 1.3.0, < 2.0)
-      railties (= 4.0.0)
-      sprockets-rails (~> 2.0.0)
-    railties (4.0.0)
-      actionpack (= 4.0.0)
-      activesupport (= 4.0.0)
+      railties (= 4.1.0)
+      sprockets-rails (~> 2.0)
+    railties (4.1.0)
+      actionpack (= 4.1.0)
+      activesupport (= 4.1.0)
       rake (>= 0.8.7)
       thor (>= 0.18.1, < 2.0)
-    rake (10.1.0)
-    rspec-core (2.14.4)
-    rspec-expectations (2.14.0)
-      diff-lcs (>= 1.1.3, < 2.0)
-    rspec-mocks (2.14.2)
-    rspec-rails (2.14.0)
+    rake (10.3.1)
+    rspec-collection_matchers (0.0.3)
+      rspec-expectations (>= 2.99.0.beta1)
+    rspec-core (3.0.0.beta2)
+      rspec-support (= 3.0.0.beta2)
+    rspec-expectations (3.0.0.beta2)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (= 3.0.0.beta2)
+    rspec-mocks (3.0.0.beta2)
+      rspec-support (= 3.0.0.beta2)
+    rspec-rails (3.0.0.beta2)
       actionpack (>= 3.0)
+      activemodel (>= 3.0)
       activesupport (>= 3.0)
       railties (>= 3.0)
-      rspec-core (~> 2.14.0)
-      rspec-expectations (~> 2.14.0)
-      rspec-mocks (~> 2.14.0)
-    sprockets (2.10.0)
+      rspec-collection_matchers
+      rspec-core (= 3.0.0.beta2)
+      rspec-expectations (= 3.0.0.beta2)
+      rspec-mocks (= 3.0.0.beta2)
+      rspec-support (= 3.0.0.beta2)
+    rspec-support (3.0.0.beta2)
+    slop (3.5.0)
+    sprockets (2.12.1)
       hike (~> 1.2)
       multi_json (~> 1.0)
       rack (~> 1.0)
       tilt (~> 1.1, != 1.3.0)
-    sprockets-rails (2.0.0)
+    sprockets-rails (2.1.3)
       actionpack (>= 3.0)
       activesupport (>= 3.0)
       sprockets (~> 2.8)
-    sqlite3 (1.3.7)
+    sqlite3 (1.3.9)
     sqlite3-ruby (1.3.3)
       sqlite3 (>= 1.3.3)
-    thor (0.18.1)
-    thread_safe (0.1.2)
-      atomic
+    thor (0.19.1)
+    thread_safe (0.3.3)
     tilt (1.4.1)
-    treetop (1.4.14)
+    treetop (1.4.15)
       polyglot
       polyglot (>= 0.3.1)
-    tzinfo (0.3.37)
+    tzinfo (1.1.0)
+      thread_safe (~> 0.1)
 
 PLATFORMS
   ruby
 
 DEPENDENCIES
-  bson_ext
-  mongo_mapper!
-  rails (>= 4.0.0)
-  rspec-rails
+  bcrypt (~> 3.1.7)
+  pry-meta
+  rspec-rails (= 3.0.0.beta2)
   simple_auth!
   sqlite3-ruby

data/README.md

@@ -0,0 +1,243 @@
+# Simple Auth
+
+[![Build Status](https://travis-ci.org/fnando/simple_auth.svg)](https://travis-ci.org/fnando/simple_auth)
+[![Code Climate](https://codeclimate.com/github/fnando/simple_auth.png)](https://codeclimate.com/github/fnando/simple_auth)
+
+SimpleAuth is an authentication library to be used when everything else is just too complicated.
+
+This library only supports in-site authentication and won't implement OpenID, Facebook Connect and like.
+
+Rails 3.1.0+ is required.
+
+## Installation
+
+Just the following line to your Gemfile:
+
+    gem "simple_auth"
+
+Then run `rails generate simple_auth:install` to copy the initializer file.
+
+## Usage
+
+Your user model should have the attribute `password_digest`. The credential field can be anything you want, but SimpleAuth uses `[:email, :login]` by default.
+
+```ruby
+class CreateUsers < ActiveRecord::Migration
+  def change
+    create_table :users do |t|
+      t.string :email, null: false
+      t.string :login, null: false
+      t.string :password_digest, null: false
+
+      t.timestamps
+    end
+
+    add_index :users, :email, unique: true
+    add_index :users, :login, unique: true
+    add_index :users, [:email, :login]
+  end
+end
+```
+
+In your model, use the `authentication` macro.
+
+```ruby
+class User < ActiveRecord::Base
+  authentication
+end
+```
+
+This will add some callbacks and password validations. It will also inject helper methods like `Model.authenticate`.
+
+Session is valid only when both `Model#authorized?` and `Controller#authorized?` methods return `true`, which is the default behavior. You can override these methods with your own rules:
+
+```ruby
+class User < ActiveRecord::Base
+  authentication
+
+  def authorized?
+    deleted_at.nil?
+  end
+end
+
+class Admin::DashboardController < ApplicationController
+  private
+  def authorized?
+    current_user.admin?
+  end
+end
+```
+
+After you set up the model, you can go to the controller.
+
+```ruby
+class SessionsController < ApplicationController
+  def new
+    @user_session = SimpleAuth::Session.new
+  end
+
+  def create
+    @user_session = SimpleAuth::Session.new(params[:session])
+
+    if @user_session.save
+      redirect_to return_to(dashboard_path)
+    else
+      flash[:alert] = "Invalid username or password"
+      render :new
+    end
+  end
+
+  def destroy
+    current_session.destroy if logged_in?
+    redirect_to root_path
+  end
+end
+```
+
+The `return_to` helper will give you the requested url (before the user logged in) or the default url.
+
+You can restrict access by using 2 macros:
+
+```ruby
+class SignupController < ApplicationController
+  redirect_logged_user :to => "/"
+end
+```
+
+Here's some usage examples:
+
+```ruby
+redirect_logged_user :to => proc { login_path }
+redirect_logged_user :to => {:controller => "dashboard"}
+redirect_logged_user :only => [:index], :to => login_path
+redirect_logged_user :except => [:public], :to => login_path
+```
+
+You can skip the `:to` option if you set it globally on your initializer:
+
+```ruby
+SimpleAuth::Config.logged_url = {:controller => "session", :action => "new"}
+SimpleAuth::Config.logged_url = proc { login_path }
+```
+
+To require a logged user, use the `require_logged_user` macro:
+
+```ruby
+class DashboardController < ApplicationController
+  require_logged_user :to => proc { login_path }
+end
+```
+
+Here's some usage examples:
+
+```ruby
+require_logged_user :to => proc { login_path }
+require_logged_user :to => {:controller => "session", :action => "new"}
+require_logged_user :only => [:index], :to => login_path
+require_logged_user :except => [:public], :to => login_path
+```
+
+You can skip the `:to` option if you set it globally on your initializer:
+
+```ruby
+SimpleAuth::Config.login_url = {:controller => "session", :action => "new"}
+SimpleAuth::Config.login_url = proc { login_path }
+```
+
+There are some helpers:
+
+```ruby
+logged_in?              # controller & views
+current_user            # controller & views
+current_session         # controller & views
+when_logged(&block)     # views
+find_by_credential      # model
+find_by_credential!     # model
+```
+
+If you're having problems to use any helper, include the module `SimpleAuth::Helper` on your `ApplicationHelper`.
+
+```ruby
+module ApplicationHelper
+  include SimpleAuth::Helper
+end
+```
+
+### Translations
+
+These are the translations you'll need:
+
+```yaml
+en:
+  simple_auth:
+    sessions:
+      need_to_be_logged: "You need to be logged"
+      invalid_credentials: "Invalid username or password"
+```
+
+### Compatibility Mode with v1
+
+The previous version was based on hashing with salt. If you want to migrate to the v2 release, you must do some things.
+
+First, add the following line to the configuration initializer (available at `config/initializers/simple_auth.rb`:
+
+```ruby
+require "simple_auth/compat"
+```
+
+Then create a field called `password_digest`. This field is required by the `ActiveRecord::Base.has_secure_password` method. You can create a migration with the following content:
+
+```ruby
+class AddPasswordDigestToUsers < ActiveRecord::Migration
+  def up
+    add_column :users, :password_digest, :string, null: true
+    SimpleAuth.migrate_passwords!
+    change_column_null :users, :password_digest, false
+  end
+
+  def down
+    remove_column :users, :password_digest
+  end
+end
+```
+
+Apply this migration with `rake db:migrate`. Go read a book; this is going to take a while.
+
+Check if your application is still working. If so, you can remove the `password_hash` column. Here's the migration to do it so.
+
+```ruby
+class RemovePasswordHashFromUsers < ActiveRecord::Migration
+  def change
+    remove_column :users, :password_hash
+  end
+end
+```
+
+Again, apply this migration with `rake db:migrate`.
+
+## Maintainer
+
+* Nando Vieira (<http://simplesideias.com.br>)
+
+## License:
+
+(The MIT License)
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+'Software'), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.