sinatra-authentication-nedludd 0.0.1

data/.gitignore

@@ -0,0 +1,4 @@
+pkg/
+*.swp
+*.db
+*.tct

data/History.txt

@@ -0,0 +1,4 @@
+== 0.0.1 2009-04-06
+
+* 1 major enhancement:
+  * Initial release

data/Manifest

@@ -0,0 +1,26 @@
+History.txt
+Manifest
+Rakefile
+TODO
+lib/models/abstract_user.rb
+lib/models/datamapper_user.rb
+lib/models/dm_adapter.rb
+lib/models/mongomapper_user.rb
+lib/models/mm_adapter.rb
+lib/models/rufus_tokyo_user.rb
+lib/models/tc_adapter.rb
+lib/sinatra-authentication.rb
+lib/views/edit.haml
+lib/views/index.haml
+lib/views/login.haml
+lib/views/show.haml
+lib/views/signup.haml
+readme.markdown
+test/datamapper_test.rb
+test/lib/dm_app.rb
+test/lib/helper.rb
+test/lib/tc_app.rb
+test/lib/test.db
+test/lib/users.tct
+test/route_tests.rb
+test/rufus_tokyo_test.rb

data/Rakefile

@@ -0,0 +1,36 @@
+require 'rubygems'
+require 'rake'
+
+begin
+  require 'jeweler'
+  
+  Jeweler::Tasks.new do |gemspec|
+    gemspec.name           = 'sinatra-authentication-nedludd'
+    gemspec.version        = '0.0.1'
+    gemspec.description    = "Simple authentication plugin for sinatra."
+    gemspec.summary        = "Simple authentication plugin for sinatra."
+    gemspec.homepage       = "http://github.com/nedludd/sinatra-authentication"
+    gemspec.author         = ["Max Justus Spransy" "Tim Hermans"] 
+    gemspec.email          = ["maxjustus@gmail.com" "thermans@gmail.com"]
+    gemspec.add_dependency "sinatra"
+    gemspec.add_dependency "dm-core"
+    gemspec.add_dependency "dm-migrations"
+    gemspec.add_dependency "dm-validations"
+    gemspec.add_dependency "dm-timestamps"
+    gemspec.add_dependency "rack-flash"
+  end
+  Jeweler::GemcutterTasks.new
+rescue LoadError
+  puts "Jeweler (or a dependency) not available. Install it first!"
+end
+
+Dir["#{File.dirname(__FILE__)}/tasks/*.rake"].sort.each { |ext| load ext }
+
+require 'rake/testtask'
+
+Rake::TestTask.new do |t|
+  t.libs << "test"
+  t.test_files = FileList['test/mongomapper_test.rb']
+  t.verbose = true
+end
+

data/TODO

@@ -0,0 +1,53 @@
+TODO:
+    ensure all calls to new in adaptors are equivelant to "find or create by"
+      - this is done in the Tc adaptor, and essentially works in Dm adaptor
+        because I validate the uniqueness of email
+    implement some way to allow for the creation of users with different
+    permission levels in an untamperable manner. Perhaps with some secret key
+    that must be sent in the form
+  - look at other permissions systems for some feature ideas
+  - add a config method that you pass a hash for configuring it's behavior
+    - secret signup urls
+    - account activation through email
+
+  - ?implement a session store which isn't cookie based
+  - turn on sessions unless they're already on
+    - randomize the session key on every installation?
+  - clean up adapters
+    - write simple attribute declaration method for TcUser
+    - condense the adapters down to the simplest solution that could possibly work
+      - right now it's like I have two seperate goals, both which are important
+        one is to write a simple ORM for rufus tokyo, the other is to create a simple adapter
+        for different database backends. I think it would be better if I made the datamapper adapter more abstract
+        and the api simpler, and then changed the way the controllers and views work to interface with the more abstract and simpler adapter.
+        maybe make the adapter class called UserAdapter, and then TkUser and DmUser become User. All my controller method calls go to UserAdapter
+        but then for people wanting to talk to the model, they just use User, since they aren't dealing with multiple backends and thus don't need
+        a creepy adapter.
+
+  - make site admin work the same for dm and tc, because I like how permission == -2 is site admin, then you could set a user as site admin instead of it being limited to the first user created
+    and they wouldn't be deletable.
+    or maybe I just make a heirarchy for that so users with lower permissions can't delete users with higher.
+      just remember, this is supposed to be a simple authentication solution
+
+
+  - for the User adapter
+    - add pagination to all
+    - serious cleanup of rufus_tokyo_user.rb
+      - add virtual attribute declaration
+      - add validations
+      - remove the object syntax method_missing? and stick to hash accessors?
+      - or rather then use method missing, dynamically create class methods based in the contents of the hash?
+      - or create a validator tool for hashes. hash.valid?
+    - change User to AbstractUser and DmUser and TcUser to User
+
+  - add error messages for failed logins and stuff
+
+  - PROBLEM the way I have method missing working right now, it doesn't behave the same way I've documented, since I use it for attributes
+  - throw configuration errors on startup
+  - investigate why sinatra_auth doesn't seem to work unless it's the last thing required..
+
+  - add facebook connect
+    - using facebooker and frankie
+      - using the same method as datamapper vs tokyo in that the functionality is only included if the libraries are required
+        before sinatra_auth is.
+    - when a user signs in using facebook and doesn't have an email specified, an email field is included in the edit form.

data/example/dm_extend_app.rb

@@ -0,0 +1,26 @@
+require 'rubygems'
+require 'sinatra'
+require 'haml'
+require 'dm-core'
+require 'dm-migrations'
+require 'rack-flash'
+require 'sinatra-authentication'
+
+class DmUser
+  property :name, String
+end
+
+DataMapper.setup(:default, "sqlite3://#{Dir.pwd}/test.db")
+DataMapper.auto_migrate!
+
+set :sinatra_authentication_view_path, Pathname(__FILE__).dirname.expand_path + "extend_views/"
+use Rack::Session::Cookie, :secret => "heyhihello"
+use Rack::Flash
+
+set :environment, 'development'
+set :public, 'public'
+set :views,  'views'
+
+get '/' do
+  haml "= render_login_logout", :layout => :layout
+end

data/example/dm_sinbook.rb

@@ -0,0 +1,56 @@
+require 'rubygems'
+require 'sinatra'
+require 'haml'
+require 'sinbook'
+require 'dm-core'
+require 'dm-migrations'
+require 'sinatra-authentication'
+
+facebook do
+  api_key 'aa2db1b96cb7b57f0c5b1d4d3d8f0a22'
+  secret '21d94ee63969ae3b3f833689838ca00f'
+  app_id 48652736613
+  url 'peoplewithjetpacks.com:4568/'
+  callback 'peoplewithjetpacks.com:4568/'
+end
+
+set :port, 4568
+
+DataMapper.setup(:default, "sqlite3://#{Dir.pwd}/test.db")
+DataMapper.auto_migrate!
+
+use Rack::Session::Cookie, :secret => "heyhihello"
+
+set :environment, 'development'
+set :public, 'public'
+set :views,  'views'
+
+get '/' do
+  haml :main
+end
+
+get '/test' do
+  login_required
+  'hihihi'
+end
+
+__END__
+
+@@ layout
+%html{:xmlns=>"http://www.w3.org/1999/xhtml", :'xmlns:fb'=>"http://www.facebook.com/2008/fbml"}
+  %head
+    %title Welcome to my Facebook Connect website!
+    %script{:type => 'text/javascript', :src => 'http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php/en_US'}
+  %body
+    = render_login_logout
+    = yield
+    :javascript
+      FB.init("#{fb.api_key}", "/receiver")
+
+@@ main
+- if fb[:user]
+  Hi,
+  %fb:profile-pic{:uid => fb[:user]}
+  %fb:name{:uid => fb[:user], :useyou => 'false', :firstnameonly => 'true'}
+  !
+

data/example/extend_views/edit.haml

@@ -0,0 +1,42 @@
+#sinatra_authentication
+  #sinatra_authentication_flash= flash[:notice]
+  %h1
+    Edit
+    - if @user.id == current_user.id
+      account
+    - else
+      - if @user.email
+        = @user.email
+      - elsif @user.fb_uid
+        <fb:name uid=#{@user.fb_uid} linked='false' />
+      - else
+        account
+  %form{:action => "/users/#{@user.id}/edit", :method => "post"}
+    .field
+      .label
+        %label{:for => "user_email"} Email
+      %input{ :id => "user_email", :name => "user[email]", :size => 30, :type => "text", :value => @user.email }
+    .field
+      .label
+        %label{:for => "user_password"} New password
+      %input{ :id => "user_password", :name => "user[password]", :size => 30, :type => "password" }
+    .field
+      .label
+        %label{:for => "user_password_confirmation"} Confirm
+      %input{ :id => "user_password_confirmation", :name => "user[password_confirmation]", :size => 30, :type => "password" }
+    -# don't render permission field if admin and editing yourself so you don't shoot yourself in the foot
+    - if current_user.admin? && current_user.id != @user.id
+      .field
+        .label
+          %label{:for => 'permission_level'}  Permission level
+        %select{ :id => "permission_level", :name => "user[permission_level]" }
+          %option{:value => -1, :selected => @user.admin?}
+            Admin
+          %option{:value => 1, :selected => @user.permission_level == 1}
+            Authenticated user
+    .buttons
+      %input{ :value => "Update", :type => "submit" }
+      - if Sinatra.const_defined?('FacebookObject')
+        - unless @user.fb_uid
+          |
+          = render_facebook_connect_link('Link account with Facebook')

data/example/extend_views/index.haml

@@ -0,0 +1,31 @@
+#sinatra_authentication
+  %h1.page_title Users
+  %table
+    %tr
+      %th
+      - if current_user.admin?
+        %th permission level
+    - @users.each do |user|
+      %tr
+        %td
+          - if user.email
+            = user.email
+          - elsif user.fb_uid
+            <fb:name uid=#{user.fb_uid} />
+          - else
+            "user #{user.id}"
+        - if current_user.admin?
+          %td= user.permission_level
+        %td
+          = user.name
+        %td
+          %a{:href => "/users/#{user.id}"} show
+        - if current_user.admin?
+          %td
+            %a{:href => "/users/#{user.id}/edit"} edit
+          %td
+            -# this doesn't work for tk
+            - if !user.site_admin?
+              %a{:href => "/users/#{user.id}/delete", :onclick => "return confirm('you sure?')"} delete
+            - else
+              site admin

data/example/extend_views/login.haml

@@ -0,0 +1,21 @@
+#sinatra_authentication
+  #sinatra_authentication_flash= flash[:notice]
+  %h1.page_title Login
+  %form{:action => "/login", :method => "post"}
+    .field
+      .label
+        %label{:for => "user_email'"} Email
+      %input{:id => "user_email", :name => "email", :size => 30, :type => "text"}
+    .field
+      .label
+        %label{:for => "user_password"} Password
+      %input{:id => "user_password", :name => "password", :size => 30, :type => "password"}
+    .buttons
+      %input{:value => "login", :type => "submit"}
+      %a{:href => "/signup", :class => 'sinatra_authentication_link'}
+        Signup
+    - if Sinatra.const_defined?('FacebookObject')
+      .third_party_signup
+        %h3.section_title One click login:
+        .login_link.facebook_login
+          = render_facebook_connect_link('Login using facebook', :size => 'large')

data/example/extend_views/show.haml

@@ -0,0 +1,9 @@
+#sinatra_authentication
+  %h1.page_title
+    - if @user.email
+      = @user.email
+    - elsif @user.fb_uid
+      <fb:name uid=#{@user.fb_uid} linked='false' />
+  - if current_user.admin?
+    %h2 permission level
+    = @user.permission_level

data/example/extend_views/signup.haml

@@ -0,0 +1,30 @@
+%h1 This view is overridden
+#sinatra_authentication
+  #sinatra_authentication_flash= flash[:notice]
+  %h1.page_title Signup
+  %form{:action => "/signup", :method => "post"}
+    .field
+      .label
+        %label{:for => "user_email"} Email
+      %input{ :id => "user_email", :name => "user[email]", :size => 30, :type => "text" }
+    .field
+      .label
+        %label{:for => "user_password"} Password
+      %input{ :id => "user_password", :name => "user[password]", :size => 30, :type => "password" }
+    .field
+      .label
+        %label{:for => "user_name"} Name
+      %input{ :id => "user_name", :name => "user[name]", :size => 30, :type => "text" }
+    .field
+      .label
+        %label{:for => "user_password_confirmation"} Confirm Password
+      %input{ :id => "user_password_confirmation", :name => "user[password_confirmation]", :size => 30, :type => "password" }
+    .buttons
+      %input{ :value => "Create account", :type => "submit" }
+      %a{:href => "/login", :class => 'sinatra_authentication_link'}
+        Login
+    - if Sinatra.const_defined?('FacebookObject')
+      .third_party_signup
+        %h3.section_title One click signup:
+        .login_link.facebook_login
+          = render_facebook_connect_link('Signup using facebook', :size => 'large')

data/example/mm_app.rb

@@ -0,0 +1,22 @@
+require 'rubygems'
+require 'sinatra/base'
+require 'haml'
+require 'mongo_mapper'
+require 'sinatra-authentication'
+
+logger = Logger.new($stdout)
+MongoMapper.connection = Mongo::Connection.new('db.mongohq.com', 27017, :logger => logger)
+MongoMapper.database = "fdbk"
+MongoMapper.database.authenticate(ENV['mongohq_user'], ENV['mongohq_pass'])
+
+class TestApp < Sinatra::Base
+  use Rack::Session::Cookie, :secret => "heyhihello"
+
+  set :environment, 'development'
+  set :public, 'public'
+  set :views,  'views'
+
+  get '/' do
+    haml "= render_login_logout", :layout => :layout
+  end
+end

data/example/tc_app.rb

@@ -0,0 +1,16 @@
+require 'rubygems'
+require 'sinatra'
+require 'haml'
+require 'rufus/tokyo'
+require 'sinatra-authentication'
+
+use Rack::Session::Cookie, :secret => "heyhihello"
+TcUserTable.cabinet_path = File.dirname(__FILE__)
+
+set :environment, 'development'
+set :public, 'public'
+set :views,  'views'
+
+get '/' do
+  haml "= render_login_logout", :layout => :layout
+end

data/example/tc_sinbook.rb

@@ -0,0 +1,62 @@
+require 'rubygems'
+require 'haml'
+require 'sinbook'
+require 'rufus/tokyo'
+require 'sinatra'
+require 'sinatra-authentication'
+
+use Rack::Session::Cookie, :secret => "heyhihello"
+TcUserTable.cabinet_path = File.dirname(__FILE__)
+
+facebook do
+  api_key 'aa2db1b96cb7b57f0c5b1d4d3d8f0a22'
+  secret '21d94ee63969ae3b3f833689838ca00f'
+  app_id 48652736613
+  url 'peoplewithjetpacks.com:4568/'
+  callback 'peoplewithjetpacks.com:4568/'
+end
+
+set :port, 4568
+
+get '/' do
+  haml :main
+end
+
+get '/test' do
+  login_required
+  'hihihi'
+end
+
+__END__
+
+@@ layout
+%html{:xmlns=>"http://www.w3.org/1999/xhtml", :'xmlns:fb'=>"http://www.facebook.com/2008/fbml"}
+  %head
+    %title Welcome to my Facebook Connect website!
+    %script{:type => 'text/javascript', :src => 'http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php/en_US'}
+    %script{:type => 'text/javascript', :src => 'http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js'}
+    :javascript
+      $(document).ready(function(){
+        /* test facebook crap works with ajax */
+        $('.sinatra-authentication-login').click(function(){
+          $.get($(this).attr('href'), {}, function(data){
+            $('#test_box').html(data);
+          });
+          return false;
+        });
+      });
+  %body
+    = render_login_logout
+    = yield
+    :javascript
+      FB.init("#{fb.api_key}", "/receiver")
+    #test_box
+
+@@ main
+- if fb[:user]
+  Hi,
+  %fb:profile-pic{:uid => fb[:user]}
+  %fb:name{:uid => fb[:user], :useyou => 'false', :firstnameonly => 'true'}
+  !
+  %br/
+