sinatra-authentication 0.3.2 → 0.4.0

data/lib/models/sequel_adapter.rb

@@ -0,0 +1,68 @@
+module SequelAdapter
+  def self.included(base)
+    base.extend ClassMethods
+    base.class_eval { include SequelAdapter::InstanceMethods }
+  end
+
+  module ClassMethods
+    def all
+      result = SequelUser.order(:created_at.desc).all
+      result.collect {|instance| self.new instance}
+    end
+
+    def get(hash)
+      if user = SequelUser.first(hash)
+        self.new user
+      else
+        nil
+      end
+    end
+
+    def set(attributes)
+      user = SequelUser.new attributes
+      if user.valid?
+        user.save
+        #false
+      end
+
+      self.new user
+    end
+
+    def set!(attributes)
+      user = SequelUser.new attributes
+      user.save!
+      self.new user
+    end
+
+    def delete(pk)
+      user = SequelUser.first(:id => pk)
+      user.destroy
+      !user.exists?
+    end
+  end
+
+  module InstanceMethods
+    def errors
+      @instance.errors.full_messages.join(', ')
+    end
+
+    def valid
+      @instance.valid?
+    end
+
+    def update(attributes)
+      @instance.set attributes
+      if @instance.valid?
+        @instance.save
+        true
+      else
+        false
+      end
+    end
+
+    def method_missing(meth, *args, &block)
+      #cool I just found out * on an array turns the array into a list of args for a function
+      @instance.send(meth, *args, &block)
+    end
+  end
+end

data/lib/models/sequel_user.rb

@@ -0,0 +1,53 @@
+unless DB.table_exists? :sequel_users
+  DB.create_table :sequel_users do
+    primary_key :id
+    String :email, :unique => true, :text => true
+    String :hashed_password
+    String :salt
+    DateTime :created_at
+    Integer :permission_level, :default => 1
+    if Sinatra.const_defined?('FacebookObject')
+      String :fb_uid
+    end
+
+    #check{{char_length(email)=>5..40}}
+  end
+end
+
+class SequelUser < Sequel::Model
+  attr_writer :password_confirmation
+  plugin :validation_helpers
+  plugin :timestamps, :create => :created_at
+
+  def validate
+    super
+    email_regexp = /(\A(\s*)\Z)|(\A([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})\Z)/i
+    validates_format email_regexp, :email
+    validates_presence :email
+    validates_unique :email
+    validates_presence :password if new?
+    errors.add :passwords, ' don\'t match' unless @password == @password_confirmation
+    #validate equality?
+  end
+  #TODO validate format of email
+
+  def password=(pass)
+    @password = pass
+    self.salt = User.random_string(10) if !self.salt
+    self.hashed_password = User.encrypt(@password, self.salt)
+  end
+
+  def admin?
+    self.permission_level == -1 || self.id == 1
+  end
+
+  def site_admin?
+    self.id == 1
+  end
+
+  protected
+
+  def method_missing(m, *args)
+    return false
+  end
+end

data/lib/models/tc_adapter.rb

@@ -21,7 +21,11 @@ module TcAdapter
     def get(hash)
       if hash[:id]
         pk = hash[:id]
-        result = TcUser.get(pk)
+        if pk.length > 0
+          result = TcUser.get(pk)
+        else
+          nil
+        end
       else
         result = TcUser.query do |q|
           hash.each do |key, value|
@@ -51,7 +55,13 @@ module TcAdapter
       if user == [] #no user
         self.new TcUser.set(attributes)
       else
-        false
+        if attributes['email'].length == 0
+          error = 'You need to provide an email address'
+        else
+          error = 'That email is already taken'
+        end
+
+        TcUser.new(attributes, error)
       end
     end
 
@@ -70,6 +80,14 @@ module TcAdapter
       @instance.update attributes
     end
 
+  def errors
+    @instance.errors.join(', ')
+  end
+
+  def valid
+    @instance.errors.length == 0
+  end
+
     def method_missing(meth, *args, &block)
       #cool I just found out * on an array turn the array into a list of args for a function
       @instance.send(meth, *args, &block)

data/lib/sinatra-authentication.rb

@@ -3,7 +3,7 @@ require 'pathname'
 require Pathname(__FILE__).dirname.expand_path + "models/abstract_user"
 
 module Sinatra
-  module LilAuthentication
+  module SinatraAuthentication
     def self.registered(app)
       #INVESTIGATE
       #the possibility of sinatra having an array of view_paths to load from
@@ -11,9 +11,9 @@ module Sinatra
       #sinatra 9.1.1 doesn't have multiple view capability anywhere
       #so to get around I have to do it totally manually by
       #loading the view from this path into a string and rendering it
-      set :sinatra_authentication_view_path, Pathname(__FILE__).dirname.expand_path + "views/"
+      app.set :sinatra_authentication_view_path, Pathname(__FILE__).dirname.expand_path + "views/"
 
-      get '/users' do
+      app.get '/users' do
         login_required
         redirect "/" unless current_user.admin?
 
@@ -25,7 +25,7 @@ module Sinatra
         end
       end
 
-      get '/users/:id' do
+      app.get '/users/:id' do
         login_required
 
         @user = User.get(:id => params[:id])
@@ -33,7 +33,7 @@ module Sinatra
       end
 
       #convenience for ajax but maybe entirely stupid and unnecesary
-      get '/logged_in' do
+      app.get '/logged_in' do
         if session[:user]
           "true"
         else
@@ -41,11 +41,15 @@ module Sinatra
         end
       end
 
-      get '/login' do
-        haml get_view_as_string("login.haml"), :layout => use_layout?
+      app.get '/login' do
+        if session[:user]
+          redirect '/'
+        else
+          haml get_view_as_string("login.haml"), :layout => use_layout?
+        end
       end
 
-      post '/login' do
+      app.post '/login' do
         if user = User.authenticate(params[:email], params[:password])
           session[:user] = user.id
 
@@ -68,7 +72,7 @@ module Sinatra
         end
       end
 
-      get '/logout' do
+      app.get '/logout' do
         session[:user] = nil
         if Rack.const_defined?('Flash')
           flash[:notice] = "Logout successful."
@@ -76,13 +80,17 @@ module Sinatra
         redirect '/'
       end
 
-      get '/signup' do
-        haml get_view_as_string("signup.haml"), :layout => use_layout?
+      app.get '/signup' do
+        if session[:user]
+          redirect '/'
+        else
+          haml get_view_as_string("signup.haml"), :layout => use_layout?
+        end
       end
 
-      post '/signup' do
+      app.post '/signup' do
         @user = User.set(params[:user])
-        if @user && @user.id
+        if @user.valid && @user.id
           session[:user] = @user.id
           if Rack.const_defined?('Flash')
             flash[:notice] = "Account created."
@@ -90,20 +98,20 @@ module Sinatra
           redirect '/'
         else
           if Rack.const_defined?('Flash')
-            flash[:notice] = 'There were some problems creating your account. Please be sure you\'ve entered all your information correctly.'
+            flash[:notice] = "There were some problems creating your account: #{@user.errors}."
           end
-          redirect '/signup'
+          redirect '/signup?' + hash_to_query_string(params['user'])
         end
       end
 
-      get '/users/:id/edit' do
+      app.get '/users/:id/edit' do
         login_required
         redirect "/users" unless current_user.admin? || current_user.id.to_s == params[:id]
         @user = User.get(:id => params[:id])
         haml get_view_as_string("edit.haml"), :layout => use_layout?
       end
 
-      post '/users/:id/edit' do
+      app.post '/users/:id/edit' do
         login_required
         redirect "/users" unless current_user.admin? || current_user.id.to_s == params[:id]
 
@@ -121,13 +129,13 @@ module Sinatra
           redirect '/'
         else
           if Rack.const_defined?('Flash')
-            flash[:notice] = 'Whoops, looks like there were some problems with your updates.'
+            flash[:notice] = "Whoops, looks like there were some problems with your updates: #{user.errors}."
           end
-          redirect "/users/#{user.id}/edit"
+          redirect "/users/#{user.id}/edit?" + hash_to_query_string(user_attributes)
         end
       end
 
-      get '/users/:id/delete' do
+      app.get '/users/:id/delete' do
         login_required
         redirect "/users" unless current_user.admin? || current_user.id.to_s == params[:id]
 
@@ -145,7 +153,7 @@ module Sinatra
 
 
       if Sinatra.const_defined?('FacebookObject')
-        get '/connect' do
+        app.get '/connect' do
           if fb[:user]
             if current_user.class != GuestUser
               user = current_user
@@ -166,7 +174,7 @@ module Sinatra
           redirect '/'
         end
 
-        get '/receiver' do
+        app.get '/receiver' do
           %[<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
             <html xmlns="http://www.w3.org/1999/xhtml" >
               <body>
@@ -179,6 +187,10 @@ module Sinatra
   end
 
   module Helpers
+    def hash_to_query_string(hash)
+      hash.collect {|k,v| "#{k}=#{v}"}.join('&')
+    end
+
     def login_required
       #not as efficient as checking the session. but this inits the fb_user if they are logged in
       if current_user.class != GuestUser
@@ -270,7 +282,7 @@ module Sinatra
     end
   end
 
-  register LilAuthentication
+  register SinatraAuthentication
 end
 
 class GuestUser

data/lib/sinatra-authentication/models.rb

@@ -0,0 +1,5 @@
+# Allows you to use the models from cron scripts etc
+if !Object.const_defined?("Sinatra")
+  class Sinatra;end # To please the testing for Sinatra.const_defined?('FacebookObject')
+  require File.expand_path(File.join(__FILE__,'../../models/') + 'abstract_user.rb')
+end

data/lib/views/edit.haml

@@ -1,5 +1,5 @@
 #sinatra_authentication
-  - if Rack.const_defined?('Flash')
+  - if Rack.const_defined?('Flash') && flash[:notice]
     #sinatra_authentication_flash= flash[:notice]
   %h1
     Edit

data/lib/views/login.haml

@@ -1,5 +1,5 @@
 #sinatra_authentication
-  - if Rack.const_defined?('Flash')
+  - if Rack.const_defined?('Flash') && flash[:notice]
     #sinatra_authentication_flash= flash[:notice]
   %h1.page_title Login
   %form{:action => "/login", :method => "post"}
@@ -12,9 +12,9 @@
         %label{:for => "user_password"} Password
       %input{:id => "user_password", :name => "password", :size => 30, :type => "password"}
     .buttons
-      %input{:value => "login", :type => "submit"}
+      %input{:value => "Login", :type => "submit"}
       %a{:href => "/signup", :class => 'sinatra_authentication_link'}
-        Signup
+        Sign up
     - if Sinatra.const_defined?('FacebookObject')
       .third_party_signup
         %h3.section_title One click login:

data/lib/views/signup.haml

@@ -1,12 +1,12 @@
 #sinatra_authentication
-  - if Rack.const_defined?('Flash')
+  - if Rack.const_defined?('Flash') && flash[:notice]
     #sinatra_authentication_flash= flash[:notice]
-  %h1.page_title Signup
+  %h1.page_title Sign Up
   %form{:action => "/signup", :method => "post"}
     .field
       .label
         %label{:for => "user_email"} Email
-      %input{ :id => "user_email", :name => "user[email]", :size => 30, :type => "text" }
+      %input{ :id => "user_email", :name => "user[email]", :size => 30, :type => "text" , :value => params[:email]}
     .field
       .label
         %label{:for => "user_password"} Password
@@ -16,7 +16,7 @@
         %label{:for => "user_password_confirmation"} Confirm Password
       %input{ :id => "user_password_confirmation", :name => "user[password_confirmation]", :size => 30, :type => "password" }
     .buttons
-      %input{ :value => "Create account", :type => "submit" }
+      %input{ :value => "Sign up", :type => "submit" }
       %a{:href => "/login", :class => 'sinatra_authentication_link'}
         Login
     - if Sinatra.const_defined?('FacebookObject')

data/readme.markdown

@@ -1,8 +1,8 @@
-### A little sinatra gem that implements user authentication, with support for datamapper, mongomapper and rufus-tokyo
+### A little sinatra gem that implements user authentication, with support for Datamapper, Mongomapper, Mongoid, Sequel and Rufus-Tokyo
 
 ## INSTALLATION:
 
-in your sinatra app simply require either "dm-core", "rufus-tokyo" or "mongo_mapper", "digest/sha1", 'rack-flash' (if you want flash messages) and then "sinatra-authentication" and turn on session storage
+in your sinatra app simply require either "dm-core", 'sequel', 'rufus-tokyo', 'mongoid' or "mongo_mapper", "digest/sha1", 'rack-flash' (if you want flash messages) and then "sinatra-authentication" and turn on session storage
 with a super secret key, like so:
 
     require "dm-core"
@@ -226,13 +226,63 @@ And then to access/update your newly defined attributes you use the User class:
       user.delete
     end
 
-the User class passes additional method calls along to the interfacing database class, so calls to Datamapper/Mongomapper/RufusTokyo functions should work as expected.
+the User class passes additional method calls along to the interfacing database class, so most calls to Datamapper/Sequel/Mongomapper/RufusTokyo functions should work as expected.
+
+If you need to get associations on current_user from the underlying ORM use current_user.db_instance, take this case for example:
+    class Brain
+      include DataMapper::Resource
+      property :type, String
+      property :iq, Integer
+    end
+
+    class DmUser
+      has n, :brains
+    end
+
+    get '/' do
+      @user_brains = current_user.db_instance.brains
+    end
 
 The database user classes are named as follows:
 
 * for Datamapper:
   > DmUser
+* for Sequel:
+  > SequelUser
 * for Rufus Tokyo:
   > TcUser
+* for Mongoid:
+  > MongoidUser
 * for Mongomapper:
   > MmUser
+
+## Deprecations
+* All database adapters now store created_at as a Time object.
+
+## Known issues
+* First user in database is not properly recognized as site admin
+  > Proposed fix: add site_admin_email option when initialization functionality is added
+
+## Roadmap
+
+* Move database adapter initialization, along with auto configuration of sinbook and rack flash functionality into a Sinatra::SinatraAuthentication.init(args) method
+* Refactor/redesign database adapter interface, make User class AbstractUser and all ORM user classes User, with corresponding specs
+* Remove Facebook connect support and add support for Omniauth
+* Provide a method for overriding specific views, and/or specifying your own form partial, (passed an instance of User)
+* Add Remember me (forever) checkbox to login form
+* Add next url parameter support for login/signup
+* Add verb selection on configuration (Sign in / Log in)
+* Provide optional support through init method for inclusion of username
+  > Where login form accepts either email or username (through the same field)
+* Add email functionality
+  > Confirmation emails
+  > Forgotten password emails
+* Look into what might be neccesary to allow for logging in using Ajax
+
+## Maybe
+
+* Allow passing custom database attributes into init method, also dynamically altering corresponding signup and user edit views. (potentially leaky abstraction)
+  > As an alternative, create a generic interface for accessing database row names through the various ORMs.
+  > So when users alter their User schemas, I can make my views 'Just Work'.
+* Add HTTP basic auth support
+* Add pluggable OAuth consumer/provider support