sinatra-authentication-dmeiz 0.3.2

data/lib/models/abstract_user.rb

@@ -0,0 +1,54 @@
+if Object.const_defined?("DataMapper")
+  #require 'dm-core'
+  require 'dm-timestamps'
+  require 'dm-validations'
+  require Pathname(__FILE__).dirname.expand_path + "datamapper_user.rb"
+  require Pathname(__FILE__).dirname.expand_path + "dm_adapter.rb"
+elsif Object.const_defined?("Rufus") && Rufus.const_defined?("Tokyo")
+  require Pathname(__FILE__).dirname.expand_path + "rufus_tokyo_user.rb"
+  require Pathname(__FILE__).dirname.expand_path + "tc_adapter.rb"
+elsif Object.const_defined?("MongoMapper")
+  require Pathname(__FILE__).dirname.expand_path + "mongomapper_user.rb"
+  require Pathname(__FILE__).dirname.expand_path + "mm_adapter.rb"
+end
+
+class User
+  if Object.const_defined?("DataMapper")
+    include DmAdapter
+  elsif Object.const_defined?("Rufus")
+    include TcAdapter
+  elsif Object.const_defined?("MongoMapper")
+    include MmAdapter 
+  else
+    throw "you need to require either 'dm-core', 'mongo_mapper', or 'rufus-tokyo' for sinatra-authentication to work"
+  end
+
+  def initialize(interfacing_class_instance)
+    @instance = interfacing_class_instance
+  end
+
+  def id
+    @instance.id
+  end
+
+  def self.authenticate(email, pass)
+    current_user = get(:email => email)
+    return nil if current_user.nil?
+    return current_user if User.encrypt(pass, current_user.salt) == current_user.hashed_password
+    nil
+  end
+
+  protected
+
+  def self.encrypt(pass, salt)
+    Digest::SHA1.hexdigest(pass+salt)
+  end
+
+  def self.random_string(len)
+    #generate a random password consisting of strings and digits
+    chars = ("a".."z").to_a + ("A".."Z").to_a + ("0".."9").to_a
+    newpass = ""
+    1.upto(len) { |i| newpass << chars[rand(chars.size-1)] }
+    return newpass
+  end
+end

data/lib/models/datamapper_user.rb

@@ -0,0 +1,42 @@
+class DmUser
+  include DataMapper::Resource
+
+  property :id, Serial
+  property :email, String, :length => (5..40), :unique => true, :format => :email_address
+  property :hashed_password, String
+  property :salt, String
+  property :created_at, DateTime
+  property :permission_level, Integer, :default => 1
+  if Sinatra.const_defined?('FacebookObject')
+    property :fb_uid, String
+  end
+
+  attr_accessor :password, :password_confirmation
+  #protected equievelant? :protected => true doesn't exist in dm 0.10.0
+  #protected :id, :salt
+  #doesn't behave correctly, I'm not even sure why I did this.
+
+  validates_presence_of :password_confirmation, :unless => Proc.new { |t| t.hashed_password }
+  validates_presence_of :password, :unless => Proc.new { |t| t.hashed_password }
+  validates_confirmation_of :password
+
+  def password=(pass)
+    @password = pass
+    self.salt = User.random_string(10) if !self.salt
+    self.hashed_password = User.encrypt(@password, self.salt)
+  end
+
+  def admin?
+    self.permission_level == -1 || self.id == 1
+  end
+
+  def site_admin?
+    self.id == 1
+  end
+
+  protected
+
+  def method_missing(m, *args)
+    return false
+  end
+end

data/lib/models/dm_adapter.rb

@@ -0,0 +1,50 @@
+module DmAdapter
+  def self.included(base)
+    base.extend ClassMethods
+    base.class_eval { include DmAdapter::InstanceMethods }
+  end
+
+  module ClassMethods
+    #pass all args to this
+    def all(*args)
+      result = DmUser.all(*args)
+      result.collect {|instance| self.new instance}
+    end
+
+    def get(hash)
+      if user = DmUser.first(hash)
+        self.new user
+      else
+        nil
+      end
+    end
+
+    def set(attributes)
+      user = DmUser.new attributes
+      user.save
+      user
+    end
+
+    def set!(attributes)
+      user = DmUser.new attributes
+      user.save!
+      user
+    end
+
+    def delete(pk)
+      user = DmUser.first(:id => pk)
+      user.destroy
+    end
+  end
+
+  module InstanceMethods
+    def update(attributes)
+      @instance.update attributes
+    end
+
+    def method_missing(meth, *args, &block)
+      #cool I just found out * on an array turns the array into a list of args for a function
+      @instance.send(meth, *args, &block)
+    end
+  end
+end

data/lib/models/mm_adapter.rb

@@ -0,0 +1,53 @@
+module MmAdapter 
+  def self.included(base)
+    base.extend ClassMethods
+    base.class_eval { include MmAdapter::InstanceMethods }
+  end
+
+  module ClassMethods
+    def all
+      result = MmUser.all
+      result.collect {|instance| self.new instance}
+    end
+
+    def get(hash)
+      if user = MmUser.first(hash)
+        self.new user
+      else
+        nil
+      end
+    end
+
+    def set(attributes)
+      puts attributes.inspect
+      user = MmUser.new attributes
+      puts user.inspect
+      puts user.to_json
+      user.id = nil unless user.save
+      user
+    end
+
+    def set!(attributes)
+      user = MmUser.new attributes
+      user.save!
+      user
+    end
+
+    def delete(pk)
+      user = User.first(:id => pk)
+      user.destroy
+    end
+  end
+
+  module InstanceMethods
+    def update(attributes)
+      @instance.update_attributes attributes
+      @instance.save
+    end
+
+    def method_missing(meth, *args, &block)
+      #cool I just found out * on an array turns the array into a list of args for a function
+      @instance.send(meth, *args, &block)
+    end
+  end
+end

data/lib/models/mongomapper_user.rb

@@ -0,0 +1,42 @@
+class MmUser 
+  include MongoMapper::Document
+
+  key :email, String, :length => (5..40), :unique => true 
+  key :hashed_password, String
+  key :salt, String
+  key :permission_level, Integer, :default => 1
+  if Sinatra.const_defined?('FacebookObject')
+    key :fb_uid, String
+  end
+
+  timestamps!
+
+  attr_accessor :password, :password_confirmation
+  #protected equievelant? :protected => true doesn't exist in dm 0.10.0
+  #protected :id, :salt
+  #doesn't behave correctly, I'm not even sure why I did this.
+
+  #validates_presence_of :password_confirmation, :unless => Proc.new { |t| t.hashed_password }
+  #validates_presence_of :password, :unless => Proc.new { |t| t.hashed_password }
+  #validates_is_confirmed :password
+
+  def password=(pass)
+    @password = pass
+    self.salt = User.random_string(10) if !self.salt
+    self.hashed_password = User.encrypt(@password, self.salt)
+  end
+
+  def admin?
+    self.permission_level == -1 || self.id == 1
+  end
+
+  def site_admin?
+    self.id == 1
+  end
+
+  protected
+
+  def method_missing(m, *args)
+    return false
+  end
+end

data/lib/models/rufus_tokyo_user.rb

@@ -0,0 +1,177 @@
+class TcUser
+  #include RufusOrm
+
+  #custom_attribute :salt
+  #custom_attribute :hashed_password
+  #custom_attribute :hashed_permission_level
+  #custom_attribute :created_at
+  #custom_attribute :created_at_i
+
+  #attribute method?
+  #if I'm gonna write all this, I might as well create a tinyyyy
+  #orm, that's more just like a way to define custom attributes for cabinets
+  #something worth noting though is that even datamapper defines custom
+  #attributes by allowing the developer to override setter methods.
+  #and it just calls all the setter methods defined in the model.
+  #the only trouble with this route is it assumes a predefined schema.
+  #and thus it knows what setter methods to call.
+  #I would write a class method that allows you to declare attributes like
+  #attribute :salt, with an optional block (which gets passed a hash of attributes)
+  #if a block isn't defined, it looks in the class for a salt=(attributes) function, calls it and marges the
+  #result into the hash going into the database, like 'attributes.merge{"salt" => result}'
+  #so my 'set' method or whatever I choose to call it, has to somehow look through each
+  #declared attribute, call the method associated with it, and merge the result into the hash going
+  #into the database.
+  #
+  #but what if I don't want an attribute passed in to be stored into the database? What if I just want to
+  #create a virtual attribute, for declaring other attributes?
+  #I might create a class variable that I store all the attributes in, and the I can get to it from any setter,
+  #and then after I've called all the setters, I store that class variable into the database.
+  #or, I do all of this on the instance level, and have a save method.
+
+  def initialize(attributes)
+    @attributes = attributes
+  end
+
+  def self.query(&block)
+    connection = TcUserTable.new
+    result_set = connection.query(&block)
+    output = result_set.collect { |result_hash| TcUser.new(result_hash) }
+    connection.close
+    output
+  end
+
+  def self.get(key)
+    connection = TcUserTable.new
+    result = connection[key]
+    connection.close
+    if result
+      self.new(result.merge({:pk => key}))
+    else
+      false
+    end
+  end
+
+  def self.set(attributes)
+    #this way of validating is real crap, replace it with Validator maybe
+    #and maybe replace all this hash merging with setters for the various attributes that update @attributes, and then I can call save to store to the database
+    #or maybe just write a little method that makes hash merger look a little cleaner
+    pk = attributes.delete(:pk) if attributes[:pk]
+
+    email_regexp = /(\A(\s*)\Z)|(\A([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})\Z)/i
+    if attributes['email'] =~ email_regexp
+      if attributes['password'] == attributes.delete('password_confirmation') && attributes['password'] != nil
+        password = attributes.delete('password')
+        attributes.merge!({'salt' => User.random_string(10)}) if !attributes['salt']
+        attributes.merge!('hashed_password' => User.encrypt(password, attributes['salt']))
+        permission_level = attributes['permission_level'] ? attributes['permission_level'] : '1'
+        attributes.merge!('permission_level' => permission_level)
+        unless attributes['created_at']
+          attributes.merge!('created_at' => Time.now.to_s)
+          attributes.merge!('created_at_i' => Time.now.to_i.to_s)
+        end
+      end
+
+      existing_user = TcUser.query do |q|
+        q.add 'email', :streq, attributes['email']
+      end[0]
+
+      if existing_user && existing_user['pk'] != attributes['pk']
+        return false
+      else
+        connection = TcUserTable.new
+        pk ||= connection.genuid.to_s
+        #site admin if their first
+        attributes.merge!({'permission_level' => '-2'}) if pk == '1'
+        result = connection[pk] = attributes
+        #might not need this in newer version of rufus
+        result.merge!({:pk => pk})
+        connection.close
+        self.new(result)
+      end
+    else
+      false
+    end
+  end
+
+  def self.set!(attributes)
+    connection = TcUserTable.new
+    pk = connection.genuid.to_s
+    result = connection[pk] = attributes
+    result.merge!({:pk => pk})
+    connection.close
+    self.new(result)
+  end
+
+  def self.delete(pk)
+    connection = TcUserTable.new
+    connection.delete(pk)
+    connection.close
+  end
+
+  def update(attributes)
+    new_attributes = @attributes.merge(attributes)
+    TcUser.set(new_attributes)
+  end
+
+  def [](key)
+    @attributes[key]
+  end
+
+  #saves to database and returns self
+  def []=(key, value)
+    @attributes[key] = value
+    #change so that it sets the attributes and then you call save to save to the database?
+    connection = TcUserTable.new
+    connection[@attributes[:pk]] = @attributes.merge!({key => value})
+    connection.close
+    self
+  end
+
+  def id
+    @attributes[:pk]
+  end
+
+  def admin?
+    #-2 is the site admin
+    @attributes['permission_level'] == '-1' || @attributes['permission_level'] == '-2'
+  end
+
+  def site_admin?
+    @attributes['permission_level'] == '-2'
+  end
+
+  #from hash extension for making hashes like javascript objects
+  def method_missing(meth,*args)
+    if /=$/=~(meth=meth.id2name) then
+      self[meth[0...-1]] = (args.length<2 ? args[0] : args)
+    elsif @attributes[meth]
+      @attributes[meth]
+    else
+      false
+    end
+  end
+end
+
+if Rufus::Tokyo.const_defined?('Table')
+  class TokyoTableDad < Rufus::Tokyo::Table
+  end
+elsif Rufus::Edo.const_defined?('Table')
+  class TokyoTableDad < Rufus::Edo::Table
+  end
+else
+  throw 'wtf?'
+end
+
+class TcUserTable < TokyoTableDad
+  @@path = false
+  def initialize
+    #make this path configurable somehow
+    raise "you need to define a path for the user cabinet to be stored at, like so: TcUserTable.cabinet_path = 'folder/where/you/wanna/store/your/database'" unless @@path
+    super(@@path + '/users.tct')
+  end
+
+  def self.cabinet_path=(path)
+    @@path = path
+  end
+end

data/lib/models/tc_adapter.rb

@@ -0,0 +1,83 @@
+module TcAdapter
+  def self.included(base)
+    base.extend ClassMethods
+    base.class_eval {
+      include TcAdapter::InstanceMethods
+      alias :class_id :id
+    }
+  end
+
+  module ClassMethods
+    #TODO add pagination
+    def all
+      result = TcUser.query do |q|
+        q.order_by 'created_at_i', :numdesc
+      end
+
+      #these will be the same for all adapters, they should be defined in the user class, and these methods should have a different name?
+      result.collect {|instance| self.new instance }
+    end
+
+    def get(hash)
+      if hash[:id]
+        pk = hash[:id]
+        result = TcUser.get(pk)
+      else
+        result = TcUser.query do |q|
+          hash.each do |key, value|
+            q.add key.to_s, :streq, value.to_s
+          end
+        end[0]
+      end
+      #elsif hash[:email]
+      #  result = TcUser.query do |q|
+      #    q.add 'email', :streq, hash[:email]
+      #  end[0]
+        #the zero is because this returns an array but get should return the first result
+      #end
+
+      if result
+        self.new result
+      else
+        nil
+      end
+    end
+
+    def set(attributes)
+      user = TcUser.query do |q|
+        q.add 'email', :streq, attributes['email']
+      end
+
+      if user == [] #no user
+        self.new TcUser.set(attributes)
+      else
+        false
+      end
+    end
+
+    def set!(attributes)
+      self.new TcUser.set!(attributes)
+    end
+
+    def delete(pk)
+      #true or false
+      !!TcUser.delete(pk)
+    end
+  end
+
+  module InstanceMethods
+    def update(attributes)
+      @instance.update attributes
+    end
+
+    def method_missing(meth, *args, &block)
+      #cool I just found out * on an array turn the array into a list of args for a function
+      @instance.send(meth, *args, &block)
+    end
+
+    #this was the only thing that didn't get passed on to method_missing because this is a method of object doh
+    def id
+      @instance.id
+    end
+  end
+end