sinatra-security 0.1.1 → 0.1.2

data/README.markdown

@@ -5,22 +5,21 @@ This gem just provides you with the standard authentication mechanisms you would
 
 How to use
 ==========
-  
-    # in your terminal
-    [sudo] gem install sinatra-security
+ 
+    # taken from examples/classic.rb
 
-    # in your sinatra app
-    require 'sinatra'
-    require 'sinatra/security'
+    get "/" do
+      haml :home
+    end
 
     get "/public" do
       "Hello public world"
     end
 
     get "/private" do
-      login_required
+      require_login
 
-      "Hello private world"
+      "Hello private world <a href='/logout'>Logout</a>"
     end
 
     get "/login" do

data/VERSION

@@ -1 +1 @@
-0.1.1
+0.1.2

data/examples/classic.rb

@@ -1,11 +1,19 @@
 require 'sinatra'
 require 'sinatra/security'
 
-class User
+class ::User
   attr :id
+  
+  def self.attribute(att)
+    @attributes ||= []
+    @attributes << att
+    attr_accessor att
+  end
+  include Sinatra::Security::User
 
-  def self.authenticate(user, pass)
-    User.new(42) if [ user, pass ] == [ 'quentin', 'test' ]  
+  # we override this for the sake of example
+  def self.find_by_login(login)
+    User.new(42) if login ==  'quentin'
   end
   
   def self.[](id)
@@ -14,6 +22,7 @@ class User
 
   def initialize(id = nil)
     @id = id
+    @crypted_password = Sinatra::Security::Password::Hashing.update('test')
   end
 end
 

data/lib/sinatra/security.rb

@@ -8,8 +8,12 @@ end
 
 module Sinatra
   module Security
-    autoload :Helpers, 'sinatra/security/helpers'
-    
+    autoload :Helpers,        'sinatra/security/helpers'
+    autoload :User,           'sinatra/security/user'
+    autoload :Validations,    'sinatra/security/validations'
+    autoload :Password,       'sinatra/security/password'
+    autoload :Identification, 'sinatra/security/identification'
+
     def self.registered(app)
       app.helpers Helpers
 
@@ -17,7 +21,7 @@ module Sinatra
         if authenticate(params)
           redirect_to_stored
         else
-          session[:error] = "We are sorry: the information supplied is not valid."
+          session[:error] = "Wrong Username/Email and Password combination."
           haml :login
         end
       end

data/lib/sinatra/security/helpers.rb

@@ -11,7 +11,7 @@ module Sinatra
       end
 
       def authenticate(params)
-        if user = User.authenticate(params[:username], params[:password])
+        if user = ::User.authenticate(params[:username], params[:password])
           session[:user] = user.id
         end
       end
@@ -27,7 +27,7 @@ module Sinatra
       end
 
       def current_user
-        @current_user ||= User[session[:user]] if session[:user]
+        @current_user ||= ::User[session[:user]] if session[:user]
       end
 
       def logged_in?

data/lib/sinatra/security/identification.rb

@@ -0,0 +1,17 @@
+module Sinatra
+  module Security
+    module Identification
+      def find_by_login(login)
+        find(:email => login).first
+      end
+
+      def authenticate(login, pass)
+        if user = find_by_login(login)
+          if Sinatra::Security::Password::Hashing.check(pass, user.crypted_password)
+            user
+          end
+        end
+      end
+    end
+  end
+end

data/lib/sinatra/security/password.rb

@@ -0,0 +1,69 @@
+require 'digest/sha2'
+
+module Sinatra
+  module Security
+    module Password
+      def self.included(base)
+        base.send :attribute, :crypted_password
+        base.send :attr_accessor, :password, :password_confirmation
+      end
+
+    protected
+      def write
+        if !password.to_s.empty?
+          write_local :crypted_password, Sinatra::Security::Password::Hashing.update(password)
+        end
+
+        super
+      end
+
+      module Hashing
+        extend self
+
+        # Generates a new salt and rehashes the password
+        def update(password)
+          salt = self.salt
+          hash = self.hash(password,salt)
+          self.store(hash, salt)
+        end
+
+        # Checks the password against the stored password
+        def check(password, stored)
+          hash = self.get_hash(stored)
+          salt = self.get_salt(stored)
+
+          self.hash(password, salt) == hash
+        end
+
+      protected
+        # Generates a psuedo-random 64 character string
+        def salt
+          salt = ""
+          64.times { 
+            salt << (i = Kernel.rand(62); i += ((i < 10) ? 48 : ((i < 36) ? 55 : 61 ))).chr }
+          salt
+        end
+
+        # Generates a 128 character hash
+        def hash(password, salt)
+          Digest::SHA512.hexdigest("#{ password }:#{ salt }")
+        end
+
+        # Mixes the hash and salt together for storage
+        def store(hash, salt)
+          hash + salt
+        end
+
+        # Gets the hash from a stored password
+        def get_hash(stored)
+          stored[0..127]
+        end
+
+        # Gets the salt from a stored password
+        def get_salt(stored)
+          stored[128..192]
+        end
+      end
+    end
+  end
+end

data/lib/sinatra/security/user.rb

@@ -0,0 +1,12 @@
+module Sinatra
+  module Security
+    module User
+      def self.included(user)
+        user.send :include, Validations
+        user.send :include, Password
+
+        user.extend Identification 
+      end
+    end
+  end
+end

data/lib/sinatra/security/validations.rb

@@ -0,0 +1,24 @@
+module Sinatra
+  module Security
+    module Validations
+      EMAIL_FORMAT = /\A([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})\Z/i
+
+    protected
+      def assert_login_using_email(att, error = [att, :not_email])
+        if assert_present att
+          if assert_format att, EMAIL_FORMAT, error
+            assert_unique att
+          end
+        end
+      end
+
+      def assert_password(att, error = [att, :not_present])
+        confirmation_att = :"#{ att }_confirmation"
+
+        if new? && assert_present(att) || !send(att).to_s.empty?
+          assert send(att) == send(confirmation_att), [att, :not_confirmed]
+        end
+      end
+    end
+  end
+end

data/sinatra-security.gemspec

@@ -5,11 +5,11 @@
 
 Gem::Specification.new do |s|
   s.name = %q{sinatra-security}
-  s.version = "0.1.1"
+  s.version = "0.1.2"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["Cyril David"]
-  s.date = %q{2010-04-09}
+  s.date = %q{2010-04-29}
   s.description = %q{For use with Sinatra + Monk + OHM}
   s.email = %q{cyx.ucron@gmail.com}
   s.extra_rdoc_files = [
@@ -28,10 +28,16 @@ Gem::Specification.new do |s|
      "examples/views/login.haml",
      "lib/sinatra/security.rb",
      "lib/sinatra/security/helpers.rb",
+     "lib/sinatra/security/identification.rb",
+     "lib/sinatra/security/password.rb",
+     "lib/sinatra/security/user.rb",
+     "lib/sinatra/security/validations.rb",
      "sinatra-security.gemspec",
      "test/helper.rb",
+     "test/test_password.rb",
      "test/test_sinatra-security.rb",
      "test/test_sinatra_security_helpers.rb",
+     "test/test_validations.rb",
      "views/login.haml"
   ]
   s.homepage = %q{http://github.com/cyx/sinatra-security}
@@ -41,8 +47,10 @@ Gem::Specification.new do |s|
   s.summary = %q{Sinatra authentication extension}
   s.test_files = [
     "test/helper.rb",
+     "test/test_password.rb",
      "test/test_sinatra-security.rb",
      "test/test_sinatra_security_helpers.rb",
+     "test/test_validations.rb",
      "examples/classic.rb"
   ]
 

data/test/helper.rb

@@ -25,9 +25,30 @@ end
 # Test Fixtures appear here
 class User
   attr :id
+  attr_accessor :email, :password
 
-  def initialize(id)
+  def initialize(id = nil)
     @id = id
   end
+
+  def errors
+    @errors ||= []
+  end
+
+protected
+  def assert(value, error)
+    value or errors.push(error) && false
+  end
+
+  def assert_present(att, error = [att, :not_present])
+    assert(!send(att).to_s.empty?, error)
+  end
+
+  def assert_format(att, format, error = [att, :format])
+    if assert_present(att, error)
+      assert(send(att).to_s.match(format), error)
+    end
+  end
+
 end
 

data/test/test_password.rb

@@ -0,0 +1,70 @@
+require "helper"
+
+class FakeOhm
+  def self.attribute(att)
+  end
+
+  def write
+    :real_write_response
+  end
+
+protected
+  def write_local(att, value)
+  end
+end
+
+class UserWithPassword < FakeOhm
+  include Sinatra::Security::Password
+end
+
+class TestPassword < Test::Unit::TestCase
+  include Sinatra::Security
+
+  describe "#update" do
+    should "return a 192 character string" do
+      assert_equal 192, Password::Hashing.update('123456').length
+    end
+  end
+
+  describe "#check" do
+    should "be able to match the original password given" do
+      @password = 'password100'
+
+      assert Password::Hashing.check(@password, Password::Hashing.update(@password))
+    end
+  end
+
+  describe "#write when Password is included" do
+    setup do
+      @user = UserWithPassword.new
+    end
+
+    should "return the original write response" do
+      assert_equal :real_write_response, @user.send(:write)
+    end
+
+    should "write the crypted password given and match the original via #check" do
+      @user.password = 'password'
+      @crypted_password = nil
+      @user.expects(:write_local).with() { |field, v| 
+        field == :crypted_password && !(@crypted_password = v).nil?
+      }
+
+      @user.send(:write)
+
+      assert Password::Hashing.check('password', @crypted_password)
+    end
+
+    should "not write a crypted password when the password is empty" do
+      @user.password = ''
+      @crypted_password = nil
+      @user.stubs(:write_local).raises(RuntimeError)
+      
+      assert_nothing_raised RuntimeError do
+        @user.send(:write)
+      end
+      
+      assert_nil @crypted_password
+    end
+  end
+end

data/test/test_validations.rb

@@ -0,0 +1,159 @@
+require "helper"
+
+class UserWithEmailValidation < User
+  include Sinatra::Security::Validations
+ 
+  def initialize
+    super
+
+    @password = 'password'
+    @password_confirmation = 'password'
+  end
+
+  def validate
+    assert_login_using_email :email
+  end
+  
+  def errors
+    @errors ||= []
+  end
+end
+
+class UserWithPasswordValidation < User
+  include Sinatra::Security::Validations
+  attr_accessor :password_confirmation
+
+  def initialize
+    super
+    
+    @email = 'real@email.com'
+  end
+
+  def validate
+    assert_password :password
+  end
+  
+  def errors
+    @errors ||= []
+  end
+end
+
+class TestValidations < Test::Unit::TestCase
+  context "without an email" do
+    should "require the email to be present" do
+      user = UserWithEmailValidation.new
+      user.validate
+
+      assert_equal [[:email, :not_present]], user.errors
+    end
+  end
+
+  context "with an email _not_an_email_" do
+    should "have an error in the format" do
+      user = UserWithEmailValidation.new
+      user.email = '_not_an_email_'
+      user.validate
+
+      assert_equal [[:email, :not_email]], user.errors
+    end
+  end
+
+  context "given a real deal email" do
+    should "check if it's actually unique" do
+      user = UserWithEmailValidation.new
+      user.email = 'real@email.com'
+
+      user.expects(:assert_unique).with(:email)
+      user.validate
+    end
+  end
+
+  context "without a password" do
+    context "when it's a new User" do
+      should "have a password error" do
+        user = UserWithPasswordValidation.new
+        user.stubs(:new?).returns(true)
+        user.validate
+
+        assert_equal [[:password, :not_present]], user.errors
+      end
+    end
+
+    context "when it's an existing user" do
+      should "not require a password" do
+        user = UserWithPasswordValidation.new
+        user.stubs(:new?).returns(false)
+        user.validate
+
+        assert_equal [], user.errors
+      end
+    end
+  end
+
+  context "a new User with a password and no confirmation" do
+    setup do
+      @user = UserWithPasswordValidation.new
+      @user.password = 'password'
+      @user.stubs(:new?).returns(true)
+    end
+    
+    should "have a password confirmation error" do
+      @user.validate
+      assert_equal [[:password, :not_confirmed]], @user.errors
+    end
+
+    context "when the password confirmation is filled up but mismatched" do
+      should "still have a password confirmation error" do
+        @user.password_confirmation = 'password1'
+        @user.validate
+        assert_equal [[:password, :not_confirmed]], @user.errors
+      end
+    end
+  end
+
+  context "an existing User with a password and no confirmation" do
+    setup do
+      @user = UserWithPasswordValidation.new
+      @user.password = 'password'
+      @user.stubs(:new?).returns(false)
+    end
+    
+    
+    should "have a password confirmation error" do
+      @user.validate
+      assert_equal [[:password, :not_confirmed]], @user.errors
+    end
+
+    context "when mismatched confirmation is filled up" do
+      should "still have a confirmation error" do
+        @user.password_confirmation = 'password1'
+        @user.validate
+        assert_equal [[:password, :not_confirmed]], @user.errors
+      end
+    end
+  end
+
+  context "given correct passwords" do
+    setup do
+      @user = UserWithPasswordValidation.new
+      @user.password = 'password'
+      @user.password_confirmation = 'password'
+    end
+  
+    context "when new user" do
+      should "have no errors" do
+        @user.stubs(:new?).returns(true)
+        @user.validate
+        assert @user.errors.empty?
+      end
+    end
+
+    context "when existing user" do
+      should "have no errors" do
+        @user.stubs(:new?).returns(false)
+        @user.validate
+        assert @user.errors.empty?
+      end
+    end
+  end
+end

metadata

@@ -5,8 +5,8 @@ version: !ruby/object:Gem::Version
   segments: 
   - 0
   - 1
-  - 1
-  version: 0.1.1
+  - 2
+  version: 0.1.2
 platform: ruby
 authors: 
 - Cyril David
@@ -14,7 +14,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2010-04-09 00:00:00 +08:00
+date: 2010-04-29 00:00:00 +08:00
 default_executable: 
 dependencies: []
 
@@ -39,10 +39,16 @@ files:
 - examples/views/login.haml
 - lib/sinatra/security.rb
 - lib/sinatra/security/helpers.rb
+- lib/sinatra/security/identification.rb
+- lib/sinatra/security/password.rb
+- lib/sinatra/security/user.rb
+- lib/sinatra/security/validations.rb
 - sinatra-security.gemspec
 - test/helper.rb
+- test/test_password.rb
 - test/test_sinatra-security.rb
 - test/test_sinatra_security_helpers.rb
+- test/test_validations.rb
 - views/login.haml
 has_rdoc: true
 homepage: http://github.com/cyx/sinatra-security
@@ -76,6 +82,8 @@ specification_version: 3
 summary: Sinatra authentication extension
 test_files: 
 - test/helper.rb
+- test/test_password.rb
 - test/test_sinatra-security.rb
 - test/test_sinatra_security_helpers.rb
+- test/test_validations.rb
 - examples/classic.rb