sinatra-authentication-nedludd 0.0.1

data/lib/models/abstract_user.rb

@@ -0,0 +1,44 @@
+if Object.const_defined?("DataMapper")
+  #require 'dm-core'
+  require 'dm-timestamps'
+  require 'dm-validations'
+  require Pathname(__FILE__).dirname.expand_path + "datamapper_user.rb"
+  require Pathname(__FILE__).dirname.expand_path + "dm_adapter.rb"
+end
+
+class User
+  if Object.const_defined?("DataMapper")
+    include DmAdapter
+  else
+    throw "you need to require 'dm-core' for sinatra-authentication to work"
+  end
+
+  def initialize(interfacing_class_instance)
+    @instance = interfacing_class_instance
+  end
+
+  def id
+    @instance.id
+  end
+
+  def self.authenticate(email, pass)
+    current_user = get(:email => email)
+    return nil if current_user.nil?
+    return current_user if User.encrypt(pass, current_user.salt) == current_user.hashed_password
+    nil
+  end
+
+  protected
+
+  def self.encrypt(pass, salt)
+    Digest::SHA1.hexdigest(pass+salt)
+  end
+
+  def self.random_string(len)
+    #generate a random password consisting of strings and digits
+    chars = ("a".."z").to_a + ("A".."Z").to_a + ("0".."9").to_a
+    newpass = ""
+    1.upto(len) { |i| newpass << chars[rand(chars.size-1)] }
+    return newpass
+  end
+end

data/lib/models/datamapper_user.rb

@@ -0,0 +1,39 @@
+class DmUser
+  include DataMapper::Resource
+
+  property :id, Serial
+  property :email, String, :length => (5..40), :unique => true, :format => :email_address
+  property :hashed_password, String
+  property :salt, String
+  property :created_at, DateTime
+  property :permission_level, Integer, :default => 1
+
+  attr_accessor :password, :password_confirmation
+  #protected equievelant? :protected => true doesn't exist in dm 0.10.0
+  #protected :id, :salt
+  #doesn't behave correctly, I'm not even sure why I did this.
+
+  validates_presence_of :password_confirmation, :unless => Proc.new { |t| t.hashed_password }
+  validates_presence_of :password, :unless => Proc.new { |t| t.hashed_password }
+  validates_confirmation_of :password
+
+  def password=(pass)
+    @password = pass
+    self.salt = User.random_string(10) if !self.salt
+    self.hashed_password = User.encrypt(@password, self.salt)
+  end
+
+  def admin?
+    self.permission_level == -1 || self.id == 1
+  end
+
+  def site_admin?
+    self.id == 1
+  end
+
+  protected
+
+  def method_missing(m, *args)
+    return false
+  end
+end

data/lib/models/dm_adapter.rb

@@ -0,0 +1,50 @@
+module DmAdapter
+  def self.included(base)
+    base.extend ClassMethods
+    base.class_eval { include DmAdapter::InstanceMethods }
+  end
+
+  module ClassMethods
+    #pass all args to this
+    def all(*args)
+      result = DmUser.all(*args)
+      result.collect {|instance| self.new instance}
+    end
+
+    def get(hash)
+      if user = DmUser.first(hash)
+        self.new user
+      else
+        nil
+      end
+    end
+
+    def set(attributes)
+      user = DmUser.new attributes
+      user.save
+      user
+    end
+
+    def set!(attributes)
+      user = DmUser.new attributes
+      user.save!
+      user
+    end
+
+    def delete(pk)
+      user = DmUser.first(:id => pk)
+      user.destroy
+    end
+  end
+
+  module InstanceMethods
+    def update(attributes)
+      @instance.update attributes
+    end
+
+    def method_missing(meth, *args, &block)
+      #cool I just found out * on an array turns the array into a list of args for a function
+      @instance.send(meth, *args, &block)
+    end
+  end
+end

data/lib/sinatra-authentication.rb

@@ -0,0 +1,227 @@
+require 'sinatra/base'
+require 'pathname'
+require Pathname(__FILE__).dirname.expand_path + "models/abstract_user"
+
+module Sinatra
+  module LilAuthentication
+    def self.registered(app)
+      #INVESTIGATE
+      #the possibility of sinatra having an array of view_paths to load from
+      #PROBLEM
+      #sinatra 9.1.1 doesn't have multiple view capability anywhere
+      #so to get around I have to do it totally manually by
+      #loading the view from this path into a string and rendering it
+      set :sinatra_authentication_view_path, Pathname(__FILE__).dirname.expand_path + "views/"
+
+      get '/users' do
+        login_required
+        redirect "/" unless current_user.admin?
+
+        @users = User.all
+        if @users != []
+          haml get_view_as_string("index.haml"), :layout => use_layout?
+        else
+          redirect '/signup'
+        end
+      end
+
+      get '/users/:id' do
+        login_required
+
+        @user = User.get(:id => params[:id])
+        haml get_view_as_string("show.haml"), :layout => use_layout?
+      end
+
+      #convenience for ajax but maybe entirely stupid and unnecesary
+      get '/logged_in' do
+        if session[:user]
+          "true"
+        else
+          "false"
+        end
+      end
+
+      get '/login' do
+        haml get_view_as_string("login.haml"), :layout => use_layout?
+      end
+
+      post '/login' do
+        if user = User.authenticate(params[:email], params[:password])
+          session[:user] = user.id
+
+          if Rack.const_defined?('Flash')
+            flash[:notice] = "Login successful."
+          end
+
+          if session[:return_to]
+            redirect_url = session[:return_to]
+            session[:return_to] = false
+            redirect redirect_url
+          else
+            redirect '/'
+          end
+        else
+          if Rack.const_defined?('Flash')
+            flash[:notice] = "The email or password you entered is incorrect."
+          end
+          redirect '/login'
+        end
+      end
+
+      get '/logout' do
+        session[:user] = nil
+        if Rack.const_defined?('Flash')
+          flash[:notice] = "Logout successful."
+        end
+        redirect '/'
+      end
+
+      get '/signup' do
+        haml get_view_as_string("signup.haml"), :layout => use_layout?
+      end
+
+      post '/signup' do
+        @user = User.set(params[:user])
+        if @user && @user.id
+          session[:user] = @user.id
+          if Rack.const_defined?('Flash')
+            flash[:notice] = "Account created."
+          end
+          redirect '/'
+        else
+          if Rack.const_defined?('Flash')
+            flash[:notice] = 'There were some problems creating your account. Please be sure you\'ve entered all your information correctly.'
+          end
+          redirect '/signup'
+        end
+      end
+
+      get '/users/:id/edit' do
+        login_required
+        redirect "/users" unless current_user.admin? || current_user.id.to_s == params[:id]
+        @user = User.get(:id => params[:id])
+        haml get_view_as_string("edit.haml"), :layout => use_layout?
+      end
+
+      post '/users/:id/edit' do
+        login_required
+        redirect "/users" unless current_user.admin? || current_user.id.to_s == params[:id]
+
+        user = User.get(:id => params[:id])
+        user_attributes = params[:user]
+        if params[:user][:password] == ""
+            user_attributes.delete("password")
+            user_attributes.delete("password_confirmation")
+        end
+
+        if user.update(user_attributes)
+          if Rack.const_defined?('Flash')
+            flash[:notice] = 'Account updated.'
+          end
+          redirect '/'
+        else
+          if Rack.const_defined?('Flash')
+            flash[:notice] = 'Whoops, looks like there were some problems with your updates.'
+          end
+          redirect "/users/#{user.id}/edit"
+        end
+      end
+
+      get '/users/:id/delete' do
+        login_required
+        redirect "/users" unless current_user.admin? || current_user.id.to_s == params[:id]
+
+        if User.delete(params[:id])
+          if Rack.const_defined?('Flash')
+            flash[:notice] = "User deleted."
+          end
+        else
+          if Rack.const_defined?('Flash')
+            flash[:notice] = "Deletion failed."
+          end
+        end
+        redirect '/'
+      end
+    end
+  end
+
+  module Helpers
+    def login_required
+      #not as efficient as checking the session. but this inits the fb_user if they are logged in
+      if current_user.class != GuestUser
+        return true
+      else
+        session[:return_to] = request.fullpath
+        redirect '/login'
+        return false
+      end
+    end
+
+    def current_user
+      if session[:user]
+        User.get(:id => session[:user])
+      else
+        GuestUser.new
+      end
+    end
+
+    def logged_in?
+      !!session[:user]
+    end
+
+    def use_layout?
+      !request.xhr?
+    end
+
+    #BECAUSE sinatra 9.1.1 can't load views from different paths properly
+    def get_view_as_string(filename)
+      view = options.sinatra_authentication_view_path + filename
+      data = ""
+      f = File.open(view, "r")
+      f.each_line do |line|
+        data += line
+      end
+      return data
+    end
+
+    def render_login_logout(html_attributes = {:class => ""})
+    css_classes = html_attributes.delete(:class)
+    parameters = ''
+    html_attributes.each_pair do |attribute, value|
+      parameters += "#{attribute}=\"#{value}\" "
+    end
+
+      result = "<div id='sinatra-authentication-login-logout' >"
+      if logged_in?
+        logout_parameters = html_attributes
+        # a tad janky?
+        logout_parameters.delete(:rel)
+        result += "<a href='/users/#{current_user.id}/edit' class='#{css_classes} sinatra-authentication-edit' #{parameters}>Edit account</a> "
+        result += "<a href='/logout' class='#{css_classes} sinatra-authentication-logout' #{logout_parameters}>Logout</a>"
+      else
+        result += "<a href='/signup' class='#{css_classes} sinatra-authentication-signup' #{parameters}>Signup</a> "
+        result += "<a href='/login' class='#{css_classes} sinatra-authentication-login' #{parameters}>Login</a>"
+      end
+
+      result += "</div>"
+    end
+  end
+
+  register LilAuthentication
+end
+
+class GuestUser
+  def guest?
+    true
+  end
+
+  def permission_level
+    0
+  end
+
+  # current_user.admin? returns false. current_user.has_a_baby? returns false.
+  # (which is a bit of an assumption I suppose)
+  def method_missing(m, *args)
+    return false
+  end
+end

data/lib/views/edit.haml

@@ -0,0 +1,38 @@
+#sinatra_authentication
+  - if Rack.const_defined?('Flash')
+    #sinatra_authentication_flash= flash[:notice]
+  %h1
+    Edit
+    - if @user.id == current_user.id
+      account
+    - else
+      - if @user.email
+        = @user.email
+      - else
+        account
+  %form{:action => "/users/#{@user.id}/edit", :method => "post"}
+    .field
+      .label
+        %label{:for => "user_email"} Email
+      %input{ :id => "user_email", :name => "user[email]", :size => 30, :type => "text", :value => @user.email }
+    .field
+      .label
+        %label{:for => "user_password"} New password
+      %input{ :id => "user_password", :name => "user[password]", :size => 30, :type => "password" }
+    .field
+      .label
+        %label{:for => "user_password_confirmation"} Confirm
+      %input{ :id => "user_password_confirmation", :name => "user[password_confirmation]", :size => 30, :type => "password" }
+    -# don't render permission field if admin and editing yourself so you don't shoot yourself in the foot
+    - if current_user.admin? && current_user.id != @user.id
+      .field
+        .label
+          %label{:for => 'permission_level'}  Permission level
+        %select{ :id => "permission_level", :name => "user[permission_level]" }
+          %option{:value => -1, :selected => @user.admin?}
+            Admin
+          %option{:value => 1, :selected => @user.permission_level == 1}
+            Authenticated user
+    .buttons
+      %input{ :value => "Update", :type => "submit" }
+

data/lib/views/index.haml

@@ -0,0 +1,27 @@
+#sinatra_authentication
+  %h1.page_title Users
+  %table
+    %tr
+      %th
+      - if current_user.admin?
+        %th permission level
+    - @users.each do |user|
+      %tr
+        %td
+          - if user.email
+            = user.email
+          - else
+            "user #{user.id}"
+        - if current_user.admin?
+          %td= user.permission_level
+        %td
+          %a{:href => "/users/#{user.id}"} show
+        - if current_user.admin?
+          %td
+            %a{:href => "/users/#{user.id}/edit"} edit
+          %td
+            -# this doesn't work for tk
+            - if !user.site_admin?
+              %a{:href => "/users/#{user.id}/delete", :onclick => "return confirm('you sure?')"} delete
+            - else
+              site admin

data/lib/views/login.haml

@@ -0,0 +1,18 @@
+#sinatra_authentication
+  - if Rack.const_defined?('Flash')
+    #sinatra_authentication_flash= flash[:notice]
+  %h1.page_title Login
+  %form{:action => "/login", :method => "post"}
+    .field
+      .label
+        %label{:for => "user_email'"} Email
+      %input{:id => "user_email", :name => "email", :size => 30, :type => "text"}
+    .field
+      .label
+        %label{:for => "user_password"} Password
+      %input{:id => "user_password", :name => "password", :size => 30, :type => "password"}
+    .buttons
+      %input{:value => "login", :type => "submit"}
+      %a{:href => "/signup", :class => 'sinatra_authentication_link'}
+        Signup
+