sinatra-authentication-dmeiz 0.3.2

data/lib/sinatra-authentication.rb

@@ -0,0 +1,290 @@
+require 'sinatra/base'
+require 'pathname'
+require Pathname(__FILE__).dirname.expand_path + "models/abstract_user"
+
+module Sinatra
+  module LilAuthentication
+    def self.registered(app)
+      #INVESTIGATE
+      #the possibility of sinatra having an array of view_paths to load from
+      #PROBLEM
+      #sinatra 9.1.1 doesn't have multiple view capability anywhere
+      #so to get around I have to do it totally manually by
+      #loading the view from this path into a string and rendering it
+      set :sinatra_authentication_view_path, Pathname(__FILE__).dirname.expand_path + "views/"
+
+      get '/users' do
+        login_required
+        redirect "/" unless current_user.admin?
+
+        @users = User.all
+        if @users != []
+          haml get_view_as_string("index.haml"), :layout => use_layout?
+        else
+          redirect '/signup'
+        end
+      end
+
+      get '/users/:id' do
+        login_required
+
+        @user = User.get(:id => params[:id])
+        haml get_view_as_string("show.haml"), :layout => use_layout?
+      end
+
+      #convenience for ajax but maybe entirely stupid and unnecesary
+      get '/logged_in' do
+        if session[:user]
+          "true"
+        else
+          "false"
+        end
+      end
+
+      get '/login' do
+        haml get_view_as_string("login.haml"), :layout => use_layout?
+      end
+
+      post '/login' do
+        if user = User.authenticate(params[:email], params[:password])
+          session[:user] = user.id
+
+          if Rack.const_defined?('Flash')
+            flash[:notice] = "Login successful."
+          end
+
+          if session[:return_to]
+            redirect_url = session[:return_to]
+            session[:return_to] = false
+            redirect redirect_url
+          else
+            redirect '/'
+          end
+        else
+          if Rack.const_defined?('Flash')
+            flash[:notice] = "The email or password you entered is incorrect."
+          end
+          redirect '/login'
+        end
+      end
+
+      get '/logout' do
+        session[:user] = nil
+        if Rack.const_defined?('Flash')
+          flash[:notice] = "Logout successful."
+        end
+        redirect '/'
+      end
+
+      get '/signup' do
+        haml get_view_as_string("signup.haml"), :layout => use_layout?
+      end
+
+      post '/signup' do
+        @user = User.set(params[:user])
+        if @user && @user.id
+          session[:user] = @user.id
+          if Rack.const_defined?('Flash')
+            flash[:notice] = "Account created."
+          end
+          redirect '/'
+        else
+          if Rack.const_defined?('Flash')
+            flash[:notice] = 'There were some problems creating your account. Please be sure you\'ve entered all your information correctly.'
+          end
+          redirect '/signup'
+        end
+      end
+
+      get '/users/:id/edit' do
+        login_required
+        redirect "/users" unless current_user.admin? || current_user.id.to_s == params[:id]
+        @user = User.get(:id => params[:id])
+        haml get_view_as_string("edit.haml"), :layout => use_layout?
+      end
+
+      post '/users/:id/edit' do
+        login_required
+        redirect "/users" unless current_user.admin? || current_user.id.to_s == params[:id]
+
+        user = User.get(:id => params[:id])
+        user_attributes = params[:user]
+        if params[:user][:password] == ""
+            user_attributes.delete("password")
+            user_attributes.delete("password_confirmation")
+        end
+
+        if user.update(user_attributes)
+          if Rack.const_defined?('Flash')
+            flash[:notice] = 'Account updated.'
+          end
+          redirect '/'
+        else
+          if Rack.const_defined?('Flash')
+            flash[:notice] = 'Whoops, looks like there were some problems with your updates.'
+          end
+          redirect "/users/#{user.id}/edit"
+        end
+      end
+
+      get '/users/:id/delete' do
+        login_required
+        redirect "/users" unless current_user.admin? || current_user.id.to_s == params[:id]
+
+        if User.delete(params[:id])
+          if Rack.const_defined?('Flash')
+            flash[:notice] = "User deleted."
+          end
+        else
+          if Rack.const_defined?('Flash')
+            flash[:notice] = "Deletion failed."
+          end
+        end
+        redirect '/'
+      end
+
+
+      if Sinatra.const_defined?('FacebookObject')
+        get '/connect' do
+          if fb[:user]
+            if current_user.class != GuestUser
+              user = current_user
+            else
+              user = User.get(:fb_uid => fb[:user])
+            end
+
+            if user
+              if !user.fb_uid || user.fb_uid != fb[:user]
+                user.update :fb_uid => fb[:user]
+              end
+              session[:user] = user.id
+            else
+              user = User.set!(:fb_uid => fb[:user])
+              session[:user] = user.id
+            end
+          end
+          redirect '/'
+        end
+
+        get '/receiver' do
+          %[<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+            <html xmlns="http://www.w3.org/1999/xhtml" >
+              <body>
+                <script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/XdCommReceiver.js" type="text/javascript"></script>
+              </body>
+            </html>]
+        end
+      end
+    end
+  end
+
+  module Helpers
+    def login_required
+      #not as efficient as checking the session. but this inits the fb_user if they are logged in
+      if current_user.class != GuestUser
+        return true
+      else
+        session[:return_to] = request.fullpath
+        redirect '/login'
+        return false
+      end
+    end
+
+    def current_user
+      if session[:user]
+        User.get(:id => session[:user])
+      else
+        GuestUser.new
+      end
+    end
+
+    def logged_in?
+      !!session[:user]
+    end
+
+    def use_layout?
+      !request.xhr?
+    end
+
+    #BECAUSE sinatra 9.1.1 can't load views from different paths properly
+    def get_view_as_string(filename)
+      view = options.sinatra_authentication_view_path + filename
+      data = ""
+      f = File.open(view, "r")
+      f.each_line do |line|
+        data += line
+      end
+      return data
+    end
+
+    def render_login_logout(html_attributes = {:class => ""})
+    css_classes = html_attributes.delete(:class)
+    parameters = ''
+    html_attributes.each_pair do |attribute, value|
+      parameters += "#{attribute}=\"#{value}\" "
+    end
+
+      result = "<div id='sinatra-authentication-login-logout' >"
+      if logged_in?
+        logout_parameters = html_attributes
+        # a tad janky?
+        logout_parameters.delete(:rel)
+        result += "<a href='/users/#{current_user.id}/edit' class='#{css_classes} sinatra-authentication-edit' #{parameters}>Edit account</a> "
+        if Sinatra.const_defined?('FacebookObject')
+          if fb[:user]
+            result += "<a href='javascript:FB.Connect.logoutAndRedirect(\"/logout\");' class='#{css_classes} sinatra-authentication-logout' #{logout_parameters}>Logout</a>"
+          else
+            result += "<a href='/logout' class='#{css_classes} sinatra-authentication-logout' #{logout_parameters}>Logout</a>"
+          end
+        else
+          result += "<a href='/logout' class='#{css_classes} sinatra-authentication-logout' #{logout_parameters}>Logout</a>"
+        end
+      else
+        result += "<a href='/signup' class='#{css_classes} sinatra-authentication-signup' #{parameters}>Signup</a> "
+        result += "<a href='/login' class='#{css_classes} sinatra-authentication-login' #{parameters}>Login</a>"
+      end
+
+      result += "</div>"
+    end
+
+    if Sinatra.const_defined?('FacebookObject')
+      def render_facebook_connect_link(text = 'Login using facebook', options = {:size => 'small'})
+          if options[:size] == 'small'
+            size = 'Small'
+          elsif options[:size] == 'medium'
+            size = 'Medium'
+          elsif options[:size] == 'large'
+            size = 'Large'
+          elsif options[:size] == 'xlarge'
+            size = 'BigPun'
+          else
+            size = 'Small'
+          end
+
+          %[<a href="#" onclick="FB.Connect.requireSession(function(){document.location = '/connect';}); return false;" class="fbconnect_login_button FBConnectButton FBConnectButton_#{size}">
+              <span id="RES_ID_fb_login_text" class="FBConnectButton_Text">
+                #{text}
+              </span>
+            </a>]
+      end
+    end
+  end
+
+  register LilAuthentication
+end
+
+class GuestUser
+  def guest?
+    true
+  end
+
+  def permission_level
+    0
+  end
+
+  # current_user.admin? returns false. current_user.has_a_baby? returns false.
+  # (which is a bit of an assumption I suppose)
+  def method_missing(m, *args)
+    return false
+  end
+end

data/lib/views/edit.haml

@@ -0,0 +1,43 @@
+#sinatra_authentication
+  - if Rack.const_defined?('Flash')
+    #sinatra_authentication_flash= flash[:notice]
+  %h1
+    Edit
+    - if @user.id == current_user.id
+      account
+    - else
+      - if @user.email
+        = @user.email
+      - elsif @user.fb_uid
+        <fb:name uid=#{@user.fb_uid} linked='false' />
+      - else
+        account
+  %form{:action => "/users/#{@user.id}/edit", :method => "post"}
+    .field
+      .label
+        %label{:for => "user_email"} Email
+      %input{ :id => "user_email", :name => "user[email]", :size => 30, :type => "text", :value => @user.email }
+    .field
+      .label
+        %label{:for => "user_password"} New password
+      %input{ :id => "user_password", :name => "user[password]", :size => 30, :type => "password" }
+    .field
+      .label
+        %label{:for => "user_password_confirmation"} Confirm
+      %input{ :id => "user_password_confirmation", :name => "user[password_confirmation]", :size => 30, :type => "password" }
+    -# don't render permission field if admin and editing yourself so you don't shoot yourself in the foot
+    - if current_user.admin? && current_user.id != @user.id
+      .field
+        .label
+          %label{:for => 'permission_level'}  Permission level
+        %select{ :id => "permission_level", :name => "user[permission_level]" }
+          %option{:value => -1, :selected => @user.admin?}
+            Admin
+          %option{:value => 1, :selected => @user.permission_level == 1}
+            Authenticated user
+    .buttons
+      %input{ :value => "Update", :type => "submit" }
+      - if Sinatra.const_defined?('FacebookObject')
+        - unless @user.fb_uid
+          |
+          = render_facebook_connect_link('Link account with Facebook')

data/lib/views/index.haml

@@ -0,0 +1,29 @@
+#sinatra_authentication
+  %h1.page_title Users
+  %table
+    %tr
+      %th
+      - if current_user.admin?
+        %th permission level
+    - @users.each do |user|
+      %tr
+        %td
+          - if user.email
+            = user.email
+          - elsif user.fb_uid
+            <fb:name uid=#{user.fb_uid} />
+          - else
+            "user #{user.id}"
+        - if current_user.admin?
+          %td= user.permission_level
+        %td
+          %a{:href => "/users/#{user.id}"} show
+        - if current_user.admin?
+          %td
+            %a{:href => "/users/#{user.id}/edit"} edit
+          %td
+            -# this doesn't work for tk
+            - if !user.site_admin?
+              %a{:href => "/users/#{user.id}/delete", :onclick => "return confirm('you sure?')"} delete
+            - else
+              site admin

data/lib/views/login.haml

@@ -0,0 +1,22 @@
+#sinatra_authentication
+  - if Rack.const_defined?('Flash')
+    #sinatra_authentication_flash= flash[:notice]
+  %h1.page_title Login
+  %form{:action => "/login", :method => "post"}
+    .field
+      .label
+        %label{:for => "user_email'"} Email
+      %input{:id => "user_email", :name => "email", :size => 30, :type => "text"}
+    .field
+      .label
+        %label{:for => "user_password"} Password
+      %input{:id => "user_password", :name => "password", :size => 30, :type => "password"}
+    .buttons
+      %input{:value => "login", :type => "submit"}
+      %a{:href => "/signup", :class => 'sinatra_authentication_link'}
+        Signup
+    - if Sinatra.const_defined?('FacebookObject')
+      .third_party_signup
+        %h3.section_title One click login:
+        .login_link.facebook_login
+          = render_facebook_connect_link('Login using facebook', :size => 'large')

data/lib/views/show.haml

@@ -0,0 +1,9 @@
+#sinatra_authentication
+  %h1.page_title
+    - if @user.email
+      = @user.email
+    - elsif @user.fb_uid
+      <fb:name uid=#{@user.fb_uid} linked='false' />
+  - if current_user.admin?
+    %h2 permission level
+    = @user.permission_level

data/lib/views/signup.haml

@@ -0,0 +1,26 @@
+#sinatra_authentication
+  - if Rack.const_defined?('Flash')
+    #sinatra_authentication_flash= flash[:notice]
+  %h1.page_title Signup
+  %form{:action => "/signup", :method => "post"}
+    .field
+      .label
+        %label{:for => "user_email"} Email
+      %input{ :id => "user_email", :name => "user[email]", :size => 30, :type => "text" }
+    .field
+      .label
+        %label{:for => "user_password"} Password
+      %input{ :id => "user_password", :name => "user[password]", :size => 30, :type => "password" }
+    .field
+      .label
+        %label{:for => "user_password_confirmation"} Confirm Password
+      %input{ :id => "user_password_confirmation", :name => "user[password_confirmation]", :size => 30, :type => "password" }
+    .buttons
+      %input{ :value => "Create account", :type => "submit" }
+      %a{:href => "/login", :class => 'sinatra_authentication_link'}
+        Login
+    - if Sinatra.const_defined?('FacebookObject')
+      .third_party_signup
+        %h3.section_title One click signup:
+        .login_link.facebook_login
+          = render_facebook_connect_link('Signup using facebook', :size => 'large')

data/readme.markdown

@@ -0,0 +1,238 @@
+### A little sinatra gem that implements user authentication, with support for datamapper, mongomapper and rufus-tokyo
+
+## INSTALLATION:
+
+in your sinatra app simply require either "dm-core", "rufus-tokyo" or "mongo_mapper", "digest/sha1", 'rack-flash' (if you want flash messages) and then "sinatra-authentication" and turn on session storage
+with a super secret key, like so:
+
+    require "dm-core"
+    #for using auto_migrate!
+    require "dm-migrations"
+    require "digest/sha1"
+    require 'rack-flash'
+    require "sinatra-authentication"
+
+    use Rack::Session::Cookie, :secret => 'A1 sauce 1s so good you should use 1t on a11 yr st34ksssss'
+    #if you want flash messages
+    use Rack::Flash
+
+  If you're using rufus-tokyo, you also need to set the database path for Users. like so:
+
+    require "rufus_tokyo"
+    require "digest/sha1"
+    require 'rack-flash'
+    require "sinatra-authentication"
+
+    #Setting the database path for Users
+    TcUserTable.cabinet_path = File.dirname(__FILE__) + 'folder/where/you/wanna/store/your/database'
+
+    use Rack::Session::Cookie, :secret => 'A1 sauce 1s so good you should use 1t on a11 yr st34ksssss'
+    #if you want flash messages
+    use Rack::Flash
+
+## DEFAULT ROUTES:
+
+* get      '/login'
+* get      '/logout'
+* get      '/signup'
+* get/post '/users'
+* get       '/users/:id'
+* get/post  '/users/:id/edit'
+* get       '/users/:id/delete'
+
+If you fetch any of the user pages using ajax, they will automatically render without a layout
+
+## ADDITIONAL ROUTES WHEN USING SINBOOK FOR FACEBOOK INTEGRATION:
+
+* get      '/reciever'
+* get      '/connect'
+
+## FLASH MESSAGES
+
+Flash messages are implemented using rack-flash. To set them up add this to your code:
+
+    require 'rack-flash'
+
+    #be sure and do this after after 'use Rack:Session:Cookie...'
+    use Rack::Flash
+
+And then sinatra-authentication related flash messages will be made available through flash[:notice]
+
+    -# somewhere in a haml view:
+    = flash[:notice]
+
+## HELPER METHODS:
+
+This plugin provides the following helper methods for your sinatra app:
+
+* login_required
+  > which you place at the beginning of any routes you want to be protected
+* current_user
+* logged_in?
+* render_login_logout(html_attributes)
+  > Which renders login/logout and singup/edit account links.
+If you pass a hash of html parameters to render_login_logout all the links will get set to them.
+Which is useful for if you're using some sort of lightbox
+
+## SIMPLE PERMISSIONS:
+
+By default the user class includes a method called admin? which simply checks
+if user.permission_level == -1.
+
+you can take advantage of  this method in your views or controllers by calling
+current_user.admin?
+i.e.
+
+    - if current_user.admin?
+      %a{:href => "/adminey_link_route_thing"} do something adminey
+
+(these view examples are in HAML, by the way)
+
+You can also extend the user class with any convenience methods for determining permissions.
+i.e.
+
+    #somewhere in the murky depths of your sinatra app
+    class User
+      def peasant?
+        self.permission_level == 0
+      end
+    end
+
+then in your views you can do
+
+    - if current_user.peasant?
+      %h1 hello peasant!
+      %p Welcome to the caste system! It's very depressing.
+
+if no one is logged in, current_user returns a GuestUser instance, which responds to current_user.guest?
+with true, current_user.permission_level with 0 and any other method calls with false
+
+This makes some view logic easier since you don't always have to check if the user is logged in,
+although a logged_in? helper method is still provided
+
+## RUFUS TOKYO
+
+when using rufus-tokyo, current_user returns a hash, so to get the primary key of the current_user you would do current_user[:pk].
+if you wanna set an attribute, you can do something like current_user["has_a_dog"] = true
+and if you want to open a connection with the cabinet directly, you can do something like
+
+    user_connection = TcUser.new
+    users_with_gmail = user_connection.query do |q|
+      q.add 'email', :strinc, 'gmail'
+    end
+    user_connection.close
+
+## FACEBOOK
+
+# at present, sinatra authentication supports sinbook for interacting with the facebook api.
+
+If you want to allow users to login using facebook, just require 'sinbook' before requiring 'sinatra-authentication'.
+The routes '/reciever' and '/connect' will be added. as well as connect links on the login and edit account pages.
+You'll still have to include and initialize the facebook connect javascript in your layout yourself, like so:
+
+(This example layout assumes you're using sinbook)
+
+    !!!
+      %head
+        %title Welcome to my Facebook Connect website!
+        %script{:type => 'text/javascript', :src => 'http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php/en_US'}
+      %body
+        = yield
+        :javascript
+          FB.init("#{fb.api_key}", "/receiver")
+
+Just remember to specify '/reciever' as the path to the xd-receiver file in your call to 'FB.init'.
+
+The render_login_logout helper 'logout' link will log the user out of facebook and your app.
+
+I've also included a little helper method 'render_facebook_connect_link' for rendering the facebook connect link with the correct 'onconnect' javascript callback.
+The callback redirects to '/connect'.
+This is important because the way I've implemented facebook connect support is by pinging '/connect' after the user
+successfully connects with facebook.
+
+If you choose to render the connect button yourself, be sure to have the 'onconnect' callback include "window.location = '/connect'".
+
+'/connect' redirects to '/' on completion.
+
+The 'render_facebook_connect_link' helper uses html instead of fbml, so ajax requests to '/login' or "/users/#{user.id}/edit"
+will render the connect link without you needing to parse any fbml.
+
+If the user is already logged into the app and connects with facebook via the user edit page,
+it adds their fb_uid to their profile in the database,
+which will allow them to log in using their email and password, OR their facebook account.
+
+If they aren't already logged in to the app through the normal login form,
+it creates a new user in the database without an email address or password.
+They can later add this data by going to "/users/#{current_user.id}/edit",
+which will allow them to log in using their email address and password, OR their facebook account.
+
+## OVERRIDING DEFAULT VIEWS
+
+Right now if you're going to override sinatra-authentication's views, you have to override all of them.
+This is something I hope to change in a future release.
+
+To override the default view path do something like this:
+
+    set :sinatra_authentication_view_path, Pathname(__FILE__).dirname.expand_path + "my_views/"
+
+And then the views you'll need to define are:
+
+* show.haml
+* index.haml
+* signup.haml
+* login.haml
+* edit.haml
+
+The signup and edit form fields are named so they pass a hash called 'user' to the server:
+
+    %input{:name => "user[email]", :size => 30, :type => "text", :value => @user.email}
+    %input{:name => "user[password]", :size => 30, :type => "password"}
+    %input{:name => "user[password_confirmation]", :size => 30, :type => "password"}
+
+    %select{:name => "user[permission_level]"}
+      %option{:value => -1, :selected => @user.admin?}
+        Admin
+      %option{:value => 1, :selected => @user.permission_level == 1}
+        Authenticated user
+
+if you add attributes to the User class and pass them in the user hash your new attributes will be set along with the others.
+
+The login form fields just pass a field called email and a field called password:
+
+    %input{:name => "email", :size => 30, :type => "text"}
+    %input{:name => "password", :size => 30, :type => "password"}
+
+To add methods or properties to the User class, you have to access the underlying database user class, like so:
+
+    class DmUser
+      property :name, String
+      property :has_dog, Boolean, :default => false
+    end
+
+And then to access/update your newly defined attributes you use the User class:
+
+    current_user.name
+    current_user.has_dog
+
+    current_user.update({:has_dog => true})
+
+    new_user = User.set({:email => 'max@max.com' :password => 'hi', :password_confirmation => 'hi', :name => 'Max', :has_dog => false})
+
+    User.all(:has_dog => true).each do |user|
+      user.update({has_dog => false})
+    end
+
+    User.all(:has_dog => false).each do |user|
+      user.delete
+    end
+
+the User class passes additional method calls along to the interfacing database class, so calls to Datamapper/Mongomapper/RufusTokyo functions should work as expected.
+
+The database user classes are named as follows:
+
+* for Datamapper:
+  > DmUser
+* for Rufus Tokyo:
+  > TcUser
+* for Mongomapper:
+  > MmUser