simple_auth 1.5.0 → 2.0.0

data/gemfiles/rails_4_1.gemfile

@@ -0,0 +1,4 @@
+source "https://rubygems.org"
+gemspec path: ".."
+
+gem "rails", "~> 4.1.0"

data/gemfiles/rails_4_1.gemfile.lock

@@ -0,0 +1,146 @@
+PATH
+  remote: ..
+  specs:
+    simple_auth (2.0.0)
+      rails (>= 3.1.0)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    actionmailer (4.1.0)
+      actionpack (= 4.1.0)
+      actionview (= 4.1.0)
+      mail (~> 2.5.4)
+    actionpack (4.1.0)
+      actionview (= 4.1.0)
+      activesupport (= 4.1.0)
+      rack (~> 1.5.2)
+      rack-test (~> 0.6.2)
+    actionview (4.1.0)
+      activesupport (= 4.1.0)
+      builder (~> 3.1)
+      erubis (~> 2.7.0)
+    activemodel (4.1.0)
+      activesupport (= 4.1.0)
+      builder (~> 3.1)
+    activerecord (4.1.0)
+      activemodel (= 4.1.0)
+      activesupport (= 4.1.0)
+      arel (~> 5.0.0)
+    activesupport (4.1.0)
+      i18n (~> 0.6, >= 0.6.9)
+      json (~> 1.7, >= 1.7.7)
+      minitest (~> 5.1)
+      thread_safe (~> 0.1)
+      tzinfo (~> 1.1)
+    arel (5.0.1.20140414130214)
+    awesome_print (1.2.0)
+    bcrypt (3.1.7)
+    builder (3.2.2)
+    coderay (1.1.0)
+    columnize (0.3.6)
+    debugger (1.6.6)
+      columnize (>= 0.3.1)
+      debugger-linecache (~> 1.2.0)
+      debugger-ruby_core_source (~> 1.3.2)
+    debugger-linecache (1.2.0)
+    debugger-ruby_core_source (1.3.2)
+    diff-lcs (1.2.5)
+    erubis (2.7.0)
+    hike (1.2.3)
+    i18n (0.6.9)
+    json (1.8.1)
+    mail (2.5.4)
+      mime-types (~> 1.16)
+      treetop (~> 1.4.8)
+    method_source (0.8.2)
+    mime-types (1.25.1)
+    minitest (5.3.3)
+    multi_json (1.9.2)
+    polyglot (0.3.4)
+    pry (0.9.12.6)
+      coderay (~> 1.0)
+      method_source (~> 0.8)
+      slop (~> 3.4)
+    pry-debugger (0.2.2)
+      debugger (~> 1.3)
+      pry (~> 0.9.10)
+    pry-meta (0.0.6)
+      awesome_print
+      pry
+      pry-debugger
+      pry-remote
+    pry-remote (0.1.8)
+      pry (~> 0.9)
+      slop (~> 3.0)
+    rack (1.5.2)
+    rack-test (0.6.2)
+      rack (>= 1.0)
+    rails (4.1.0)
+      actionmailer (= 4.1.0)
+      actionpack (= 4.1.0)
+      actionview (= 4.1.0)
+      activemodel (= 4.1.0)
+      activerecord (= 4.1.0)
+      activesupport (= 4.1.0)
+      bundler (>= 1.3.0, < 2.0)
+      railties (= 4.1.0)
+      sprockets-rails (~> 2.0)
+    railties (4.1.0)
+      actionpack (= 4.1.0)
+      activesupport (= 4.1.0)
+      rake (>= 0.8.7)
+      thor (>= 0.18.1, < 2.0)
+    rake (10.3.1)
+    rspec-collection_matchers (0.0.3)
+      rspec-expectations (>= 2.99.0.beta1)
+    rspec-core (3.0.0.beta2)
+      rspec-support (= 3.0.0.beta2)
+    rspec-expectations (3.0.0.beta2)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (= 3.0.0.beta2)
+    rspec-mocks (3.0.0.beta2)
+      rspec-support (= 3.0.0.beta2)
+    rspec-rails (3.0.0.beta2)
+      actionpack (>= 3.0)
+      activemodel (>= 3.0)
+      activesupport (>= 3.0)
+      railties (>= 3.0)
+      rspec-collection_matchers
+      rspec-core (= 3.0.0.beta2)
+      rspec-expectations (= 3.0.0.beta2)
+      rspec-mocks (= 3.0.0.beta2)
+      rspec-support (= 3.0.0.beta2)
+    rspec-support (3.0.0.beta2)
+    slop (3.5.0)
+    sprockets (2.12.1)
+      hike (~> 1.2)
+      multi_json (~> 1.0)
+      rack (~> 1.0)
+      tilt (~> 1.1, != 1.3.0)
+    sprockets-rails (2.1.3)
+      actionpack (>= 3.0)
+      activesupport (>= 3.0)
+      sprockets (~> 2.8)
+    sqlite3 (1.3.9)
+    sqlite3-ruby (1.3.3)
+      sqlite3 (>= 1.3.3)
+    thor (0.19.1)
+    thread_safe (0.3.3)
+    tilt (1.4.1)
+    treetop (1.4.15)
+      polyglot
+      polyglot (>= 0.3.1)
+    tzinfo (1.1.0)
+      thread_safe (~> 0.1)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  bcrypt (~> 3.1.7)
+  pry-meta
+  rails (~> 4.1.0)
+  rspec-rails (= 3.0.0.beta2)
+  simple_auth!
+  sqlite3-ruby

data/lib/simple_auth.rb

@@ -1,5 +1,3 @@
-require "digest/sha2"
-
 require "rails/railtie"
 require "active_support/all"
 
@@ -7,10 +5,7 @@ require "simple_auth/railtie"
 require "simple_auth/config"
 require "simple_auth/exceptions"
 require "simple_auth/action_controller"
-require "simple_auth/orm/base"
-require "simple_auth/orm/active_record"
-require "simple_auth/orm/mongo_mapper"
+require "simple_auth/active_record"
 require "simple_auth/session"
 require "simple_auth/helper"
 require "simple_auth/version"
-

data/lib/simple_auth/action_controller.rb

@@ -40,6 +40,14 @@ module SimpleAuth
         path = controller.instance_eval(&path) if path.kind_of?(Proc)
         path
       end
+
+      def request_uri
+        if request.respond_to?(:fullpath)
+          request.fullpath
+        else
+          request.request_uri
+        end
+      end
     end
 
     module ClassMethods
@@ -58,18 +66,14 @@ module SimpleAuth
       def require_logged_user(options = {})
         before_filter options.except(:to) do |controller|
           controller.instance_eval do
-            unless current_session && current_session.valid? && authorized?
-              if request.respond_to?(:fullpath)
-                return_to = request.fullpath
-              else
-                return_to = request.request_uri
-              end
+            # Already logged in, so skip validation.
+            next if current_session.try(:valid?) && authorized?
 
-              session[:return_to] = return_to if request.get?
+            session[:return_to] = request_uri if request.get?
 
-              SimpleAuth::Session.destroy!
-              redirect_to simple_auth_url_for(:login_url, controller, options[:to]), :alert => t("simple_auth.sessions.need_to_be_logged")
-            end
+            SimpleAuth::Session.destroy!
+            flash.alert = t("simple_auth.sessions.need_to_be_logged")
+            redirect_to simple_auth_url_for(:login_url, controller, options[:to])
           end
         end
       end

data/lib/simple_auth/active_record.rb

@@ -0,0 +1,86 @@
+module SimpleAuth
+  module ActiveRecord
+    def self.included(base)
+      base.class_eval { extend Macro }
+    end
+
+    module Macro
+      # Set virtual attributes, callbacks and validations.
+      # Is called automatically after setting up configuration with
+      # `SimpleAuth.setup {|config| config.model = :user}`.
+      #
+      #   class User < ActiveRecord::Base
+      #     authentication
+      #   end
+      #
+      # Can set configuration when a block is provided.
+      #
+      #   class User < ActiveRecord::Base
+      #     authentication do |config|
+      #       config.credentials = ["email"]
+      #     end
+      #   end
+      #
+      def authentication(&block)
+        SimpleAuth.setup(&block) if block_given?
+        SimpleAuth::Config.model ||= name.underscore.to_sym
+
+        # Possibly multiple calls in a given model.
+        # So, just return.
+        return if respond_to?(:authenticate)
+
+        has_secure_password
+
+        extend  ClassMethods
+        include InstanceMethods
+
+        validates_length_of :password, minimum: 4
+      end
+    end
+
+    module InstanceMethods
+    end
+
+    module ClassMethods
+      # Find user by its credential.
+      #
+      #   User.find_by_credential "john@doe.com" # using e-mail
+      #   User.find_by_credential "john" # using username
+      #
+      def find_by_credential(credential)
+        # Collect each attribute that should be used as credential.
+        query = SimpleAuth::Config.credentials.each_with_object([]) do |attr_name, buffer|
+          buffer << "#{attr_name} = :credential"
+        end.join(" or ")
+
+        # Set the scope.
+        scope = SimpleAuth::Config.model_class.where(query, credential: credential.to_s)
+
+        # Find the record using the conditions we built
+        scope.first
+      end
+
+      # Find user by its credential. If no user is found, raise
+      # SimpleAuth::RecordNotFound exception.
+      #
+      #   User.find_by_credential! "john@doe.com"
+      #
+      def find_by_credential!(credential)
+        record = find_by_credential(credential)
+        raise SimpleAuth::RecordNotFound, "couldn't find #{SimpleAuth::Config.model} using #{credential.inspect} as credential" unless record
+        record
+      end
+
+      # Receive a credential and a password and try to authenticate the specified user.
+      # If the credential is valid, then an user is returned; otherwise nil is returned.
+      #
+      #   User.authenticate "johndoe", "test"
+      #   User.authenticate "john@doe.com", "test"
+      #
+      def authenticate(credential, password)
+        record = find_by_credential(credential.to_s)
+        record.try(:authenticate, password)
+      end
+    end
+  end
+end

data/lib/simple_auth/compat.rb

@@ -0,0 +1,2 @@
+require "simple_auth/compat/config"
+require "simple_auth/compat/active_record"

data/lib/simple_auth/compat/active_record.rb

@@ -0,0 +1,31 @@
+module SimpleAuth
+  def self.migrate_passwords!
+    require "ostruct"
+
+    generator = OpenStruct.new.extend(ActiveModel::SecurePassword::InstanceMethodsOnActivation)
+
+    Config.model_class.find_each do |record|
+      generator.password = record.password_hash
+
+      Config.model_class
+        .where(id: record.id)
+        .update_all(password_digest: generator.password_digest)
+    end
+  end
+
+  module ActiveRecord
+    module InstanceMethods
+      def password=(password)
+        @password = SimpleAuth::Config.crypter.call(password, password_salt)
+      end
+
+      def password_confirmation=(password)
+        @password_confirmation = SimpleAuth::Config.crypter.call(password, password_salt)
+      end
+
+      def authenticate(password)
+        super SimpleAuth::Config.crypter.call(password, password_salt)
+      end
+    end
+  end
+end

data/lib/simple_auth/compat/config.rb

@@ -0,0 +1,17 @@
+module SimpleAuth
+  class Config
+    # Generate the password hash. The specified block should expected
+    # the plain password and the password hash as block parameters.
+    cattr_accessor :crypter
+    @@crypter = proc do |password, salt|
+      Digest::SHA256.hexdigest [password, salt].join("--")
+    end
+
+    # Generate the password salt. The specified block should expect
+    # the ActiveRecord instance as block parameter.
+    cattr_accessor :salt
+    @@salt = proc do |record|
+      Digest::SHA256.hexdigest [Time.to_s, SecureRandom.hex(32)].join("--")
+    end
+  end
+end

data/lib/simple_auth/config.rb

@@ -16,20 +16,6 @@ module SimpleAuth
     cattr_accessor :wipeout_session
     @@wipeout_session = false
 
-    # Generate the password hash. The specified block should expected
-    # the plain password and the password hash as block parameters.
-    cattr_accessor :crypter
-    @@crypter = proc do |password, salt|
-      Digest::SHA256.hexdigest [password, salt].join("--")
-    end
-
-    # Generate the password salt. The specified block should expect
-    # the ActiveRecord instance as block parameter.
-    cattr_accessor :salt
-    @@salt = proc do |record|
-      Digest::SHA256.hexdigest [Time.to_s, SecureRandom.hex(32)].join("--")
-    end
-
     # Set which attributes will be used for authentication.
     cattr_accessor :credentials
     @@credentials = [:email, :login]
@@ -51,12 +37,6 @@ module SimpleAuth
     cattr_accessor :logged_url
     @@logged_url = proc { dashboard_path }
 
-    def self.reset_session(*args) # :nodoc:
-      Kernel.warn "The SimpleAuth::Config.reset_session accessor was disabled and will be removed in future versions."
-    end
-
-    class << self; alias reset_session= reset_session; end
-
     def self.model_class
       model.to_s.classify.constantize
     end

data/lib/simple_auth/exceptions.rb

@@ -1,5 +1,4 @@
 module SimpleAuth
   class RecordNotFound < StandardError; end
   class NotAuthorized < StandardError; end
-  class AbstractMethodError < StandardError; end
 end

data/lib/simple_auth/railtie.rb

@@ -12,7 +12,7 @@ module SimpleAuth
         helper_method :current_user, :current_session, :logged_in?
       end
 
-      ::ActiveRecord::Base.class_eval { include SimpleAuth::Orm::ActiveRecord } if defined?(::ActiveRecord)
+      ::ActiveRecord::Base.class_eval { include SimpleAuth::ActiveRecord }
     end
   end
 end

data/lib/simple_auth/rspec.rb

@@ -14,9 +14,9 @@ module SimpleAuth
     #
     def simple_auth(options = {})
       options.reverse_merge!({
-        :session => mock("current_session").as_null_object,
+        :session => double("current_session").as_null_object,
         :authorized => true,
-        :user => mock("current_user").as_null_object
+        :user => double("current_user").as_null_object
       })
 
       controller.stub({

data/lib/simple_auth/session.rb

@@ -123,7 +123,7 @@ module SimpleAuth
     end
 
     def valid?
-      if record && record.authorized?
+      if record && controller.send(:authorized?)
         true
       else
         errors.add_to_base I18n.translate("simple_auth.sessions.invalid_credentials")

data/lib/simple_auth/version.rb

@@ -1,7 +1,7 @@
 module SimpleAuth
   module Version
-    MAJOR = 1
-    MINOR = 5
+    MAJOR = 2
+    MINOR = 0
     PATCH = 0
     STRING = "#{MAJOR}.#{MINOR}.#{PATCH}"
   end

data/simple_auth.gemspec

@@ -15,9 +15,9 @@ Gem::Specification.new do |s|
   s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
   s.require_paths = ["lib"]
 
-  s.add_development_dependency "rails", ">= 4.0.0"
+  s.add_dependency "rails", ">= 3.1.0"
   s.add_development_dependency "sqlite3-ruby"
-  s.add_development_dependency "rspec-rails"
-  s.add_development_dependency "mongo_mapper"
-  s.add_development_dependency "bson_ext"
+  s.add_development_dependency "rspec-rails", "3.0.0.beta2"
+  s.add_development_dependency "bcrypt", "~> 3.1.7"
+  s.add_development_dependency "pry-meta"
 end