sinatra_omniauth 0.0.0

data/.document

@@ -0,0 +1,5 @@
+lib/**/*.rb
+bin/*
+- 
+features/**/*.feature
+LICENSE.txt

data/Gemfile

@@ -0,0 +1,17 @@
+source "http://rubygems.org"
+
+gem 'sinatra'
+gem 'omniauth'
+gem 'dm-core'
+gem 'dm-migrations'
+#gem 'dm-sqlite-adapter'
+gem 'dm-postgres-adapter'
+gem 'sqlite3'
+gem 'rack-flash'
+
+group :development do
+  gem "bundler", ">= 1.0.0"
+  gem "jeweler", "~> 1.6.2"
+  gem "rcov", ">= 0"
+  gem "rdoc", ">= 2.4.0"
+end

data/Gemfile.lock

@@ -0,0 +1,108 @@
+GEM
+  remote: http://rubygems.org/
+  specs:
+    addressable (2.2.6)
+    data_objects (0.10.6)
+      addressable (~> 2.1)
+    dm-core (1.1.0)
+      addressable (~> 2.2.4)
+    dm-do-adapter (1.1.0)
+      data_objects (~> 0.10.2)
+      dm-core (~> 1.1.0)
+    dm-migrations (1.1.0)
+      dm-core (~> 1.1.0)
+    dm-postgres-adapter (1.1.0)
+      dm-do-adapter (~> 1.1.0)
+      do_postgres (~> 0.10.2)
+    do_postgres (0.10.6)
+      data_objects (= 0.10.6)
+    faraday (0.6.1)
+      addressable (~> 2.2.4)
+      multipart-post (~> 1.1.0)
+      rack (>= 1.1.0, < 2)
+    git (1.2.5)
+    jeweler (1.6.4)
+      bundler (~> 1.0)
+      git (>= 1.2.5)
+      rake
+    mime-types (1.16)
+    multi_json (0.0.5)
+    multipart-post (1.1.3)
+    net-ldap (0.1.1)
+    nokogiri (1.4.7)
+    oa-basic (0.2.3)
+      multi_json (~> 0.0.2)
+      nokogiri (~> 1.4.2)
+      oa-core (= 0.2.3)
+      rest-client (~> 1.6.0)
+    oa-core (0.2.3)
+      rack (~> 1.1)
+    oa-enterprise (0.2.3)
+      net-ldap (~> 0.1.1)
+      nokogiri (~> 1.4.2)
+      oa-core (= 0.2.3)
+      pyu-ruby-sasl (~> 0.0.3.1)
+      rubyntlm (~> 0.1.1)
+    oa-more (0.2.3)
+      multi_json (~> 0.0.2)
+      oa-core (= 0.2.3)
+      rest-client (~> 1.6.0)
+    oa-oauth (0.2.3)
+      faraday (~> 0.6.1)
+      multi_json (>= 0.0.5)
+      nokogiri (~> 1.4.2)
+      oa-core (= 0.2.3)
+      oauth (~> 0.4.0)
+      oauth2 (~> 0.3.0)
+    oa-openid (0.2.3)
+      oa-core (= 0.2.3)
+      rack-openid (~> 1.2.0)
+      ruby-openid-apps-discovery
+    oauth (0.4.5)
+    oauth2 (0.3.0)
+      faraday (~> 0.6.0)
+      multi_json (~> 0.0.4)
+    omniauth (0.2.3)
+      oa-basic (= 0.2.3)
+      oa-core (= 0.2.3)
+      oa-enterprise (= 0.2.3)
+      oa-more (= 0.2.3)
+      oa-oauth (= 0.2.3)
+      oa-openid (= 0.2.3)
+    pyu-ruby-sasl (0.0.3.3)
+    rack (1.3.2)
+    rack-flash (0.1.2)
+      rack
+    rack-openid (1.2.0)
+      rack (>= 1.1.0)
+      ruby-openid (>= 2.1.8)
+    rake (0.9.2)
+    rcov (0.9.9)
+    rdoc (3.9.1)
+    rest-client (1.6.3)
+      mime-types (>= 1.16)
+    ruby-openid (2.1.8)
+    ruby-openid-apps-discovery (1.2.0)
+      ruby-openid (>= 2.1.7)
+    rubyntlm (0.1.1)
+    sinatra (1.2.6)
+      rack (~> 1.1)
+      tilt (< 2.0, >= 1.2.2)
+    sqlite3 (1.3.4)
+    tilt (1.3.2)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  bundler (>= 1.0.0)
+  dm-core
+  dm-migrations
+  dm-postgres-adapter
+  jeweler (~> 1.6.2)
+  omniauth
+  rack-flash
+  rcov
+  rdoc (>= 2.4.0)
+  sinatra
+  sqlite3

data/LICENSE.txt

@@ -0,0 +1,20 @@
+Copyright (c) 2011 Clifford Heath
+Copyright (c) 2011 Markus Proske
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.rdoc

@@ -0,0 +1,111 @@
+= sinatra_omniauth
+
+Sinatra OmniAuth provides a Sinatra extension for adding pure OmniAuth authentication
+to your Sinatra application. "Pure" here means that you don't even need a username
+on the system, let alone a password; you just sign in using one of your existing
+social media accounts.
+
+SinatraOmniAuth uses DataMapper and Haml, though you can write your own templates too.
+SinatraOmniAuth uses the wonderful icon set from <https://github.com/intridea/authbuttons>
+
+== Description
+
+Read Markus Proske's full article "Omniauth pure: Authentication with Facebook, Google, Google Apps, Twitter, Github, AOL, MyOpenID and many other OpenID providers" on CommunityGuides.
+Copyright (c) 2011 Markus Proske
+Copyright (c) 2011 Clifford Heath
+
+This article demonstrates how to set up a multi-provider authentication in Rails using the fabulous Omniauth gem. Users can add multiple providers to their account and views for sign-in, sign-up and management of linked accounts are provided. The full source code is available on Github as a basis for your own projects.
+
+This gem, sinatra_omniauth, provides a partial clone of the Omniauth_pure functionality, but as a Sinatra extension using DataMapper and various other goodies.
+
+== Using sinatra_omniauth
+
+In your Gemfile, add:
+
+    gem 'sinatra_omniauth'
+
+In the root directory of your app (same dir as config.ru), add your API keys to "omniauth.yml"
+
+In your application:
+
+    require 'sinatra/omniauth'
+
+    set :omniauth, YAML.load_file(File.dirname(__FILE__)+"/omniauth.yml")
+
+    register SinatraOmniAuth
+
+Models:
+    Copy user.rb and authentication.rb from the models directory, and add any
+    other fields and relationships you need.
+
+Routes which SinatraOmniAuth will handle (you may override these if needed):
+    /auth
+            presents a list of configured authentication services, including the
+            user's current sign-in account and any other registered accounts.
+            This page also includes a signout link and the ability to delete
+            secondary authentication methods.
+    /auth/signout
+            Signs the user out immediately and redirects to '/'
+    /auth/<provider>/callback
+            This URL is triggered when the authentication service redirects the user's
+            browser here, after a successful authentication. The handler signs in the
+            user, who may be a new user just joining, an existing user adding a new
+            authentication method, or an existing user signing in or changing to a
+            different authentication method
+    /auth/failure
+            Sets a flash saying that the authorization failed before redirecting to .
+    /auth/:id
+            A POST here with the magic _method=delete will delete this authentication
+            method from the current user's account
+
+Views:
+    Copy views/auth.haml and css/auth.css to wherever they will be found.
+
+    Note that auth.haml uses assets helpers include_javascripts and include_stylesheets
+    to load packed or unpacked JS (jQuery required) and CSS. Youy'll be wanting to
+    style it all up yourself anyhow, but when you're there, replace the helpers as needed.
+
+Images:
+    Use the authbuttons images as noted. auth.haml expects them to be in </images/authbuttons/>
+
+Helper methods:
+    authenticate_user!
+            Redirects to /auth if the user is not already signed in
+    current_user
+            The User record of the current signed-in user
+    current_auth
+            The Authentication record with which the user is signed in.
+            Note that for most authentication services, this includes the user's name
+            and email address.
+
+Make sure you add a handler for the following routes:
+    get '/auth/welcome'     - When a new user first joins
+    get '/auth/signedin'    - When the user signs in
+
+    These handlers may simply set a flash and redirect to another place.
+
+Oh, did I say flash? SinatraOmniAuth uses the "rack-flash" gem, so you can say:
+
+    flash.notice = "Welcome back!"; redirect to('/')
+    ... and also access flash.error, flash.notice, etc, in your views.
+
+== Contributing to sinatra_omniauth
+
+* Check out the latest master to make sure the feature hasn't been implemented or the bug hasn't been fixed yet
+* Check out the issue tracker to make sure someone already hasn't requested it and/or contributed it
+* Fork the project
+* Start a feature/bugfix branch
+* Commit and push until you are happy with your contribution
+* Make sure to add tests for it. This is important so I don't break it in a future version unintentionally.
+* Please try not to mess with the Rakefile, version, or history. If you want to have your own version, or is otherwise necessary, that is fine, but please isolate to its own commit so I can cherry-pick around it.
+
+== Credits:
+
+Omniauth: http://github.com/intridea/omniauth
+authbuttons: http://github.com/intridea/authbuttons
+Omniauth pure and article: Markus Proske
+
+== Copyright
+
+Copyright (c) 2011 Clifford Heath. MIT Licensed. See LICENSE.txt for further details.
+

data/Rakefile

@@ -0,0 +1,53 @@
+# encoding: utf-8
+
+require 'rubygems'
+require 'bundler'
+begin
+  Bundler.setup(:default, :development)
+rescue Bundler::BundlerError => e
+  $stderr.puts e.message
+  $stderr.puts "Run `bundle install` to install missing gems"
+  exit e.status_code
+end
+require 'rake'
+
+require 'jeweler'
+Jeweler::Tasks.new do |gem|
+  # gem is a Gem::Specification... see http://docs.rubygems.org/read/chapter/20 for more options
+  gem.name = "sinatra_omniauth"
+  gem.homepage = "http://github.com/cjheath/sinatra_omniauth"
+  gem.license = "MIT"
+  gem.summary = %Q{A Sinatra extension that provides pure OmniAuth goodness to your application (with DataMapper)}
+  gem.description = %Q{This Sinatra extension, derived from omniauth_pure by Marcus Proske, adds OmniAuth authorization to your Sinatra application, so your users can login using FaceBook, Twitter and many other authorization providers, as long as you supply the API keys. It uses DataMapper and HAML.}
+  gem.email = "clifford.heath@gmail.com"
+  gem.authors = ["Clifford Heath"]
+  # dependencies defined in Gemfile
+end
+Jeweler::RubygemsDotOrgTasks.new
+
+require 'rake/testtask'
+Rake::TestTask.new(:test) do |test|
+  test.libs << 'lib' << 'test'
+  test.pattern = 'test/**/test_*.rb'
+  test.verbose = true
+end
+
+require 'rcov/rcovtask'
+Rcov::RcovTask.new do |test|
+  test.libs << 'test'
+  test.pattern = 'test/**/test_*.rb'
+  test.verbose = true
+  test.rcov_opts << '--exclude "gems/*"'
+end
+
+task :default => :test
+
+require 'rdoc/task'
+RDoc::Task.new do |rdoc|
+  version = File.exist?('VERSION') ? File.read('VERSION') : ""
+
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title = "sinatra_omniauth #{version}"
+  rdoc.rdoc_files.include('README*')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end

data/VERSION

@@ -0,0 +1 @@
+0.0.0

data/config.ru

@@ -0,0 +1,25 @@
+#!/usr/bin/env ruby
+#
+# Driver program for Sinatra Omniauth gem.
+# You don't need to use this in your program, it just demonstrates the minimum to get things running
+#
+
+require 'sinatra'
+require 'dm-core'
+require 'dm-migrations'
+require 'dm-sqlite-adapter'
+
+DataMapper::Logger.new($stdout, :debug)
+DataMapper.setup(:default, "sqlite3://#{Dir.pwd}/omniauth_sinatra.sqlite3")
+
+DataMapper.auto_upgrade!
+
+app = Sinatra::Omniauth.new
+
+# Set up API keys:
+app.settings.set :omniauth, {
+  :facebook => []
+  # etc...
+}
+
+run app

data/css/auth.css

@@ -0,0 +1,47 @@
+/* Authentication "badge" */
+.authentication {
+	position: relative;
+	display: inline-block;
+	padding: 0.1em 0.5em 0.1em 0.5em;
+	margin: 0.5em 0.3em;
+	Xpadding: 5px;
+        min-height: 40px;
+	background-color: #EEE;
+	border-radius: 0.5em; border: 2px black;
+	-webkit-box-shadow: 0 0 5px #000; -moz-box-shadow: 0 0 5px #000; box-shadow: 0 0 5px #000;
+	background-repeat: no-repeat;
+	background-position: left center;
+	cursor: pointer;
+}
+.authentication.available {
+	padding-right: 1em;
+}
+.authentication.current {
+	padding-right: 0em;
+	cursor: default;
+}
+.authentication.available *,
+.authentication.current * {
+	margin: 3px 10px 3px 32px;
+}
+.authentication * {
+	margin: 12px 8px 12px 32px;
+}
+.authentication .provider {
+	font-weight: bold;
+}
+.authentication .remove {   /* The X to delete this authentication method */
+	position: absolute;
+	right: 0px;
+	top: 0px;
+}
+
+/* Alternate auth providers */
+.auth_provider {
+	position: relative;
+	display: inline-block;
+	text-align: center;
+}
+.auth_provider * {
+	display:block;
+}

data/lib/models/authorization.rb

@@ -0,0 +1,16 @@
+require 'dm-core'
+require 'dm-timestamps'
+
+class Authorization
+  include DataMapper::Resource
+  belongs_to :user
+
+  property :id,          Serial
+  property :user_id,     Integer
+  property :provider,    String
+  property :uid,         String
+  property :uname,       String
+  property :uemail,      String
+  property :created_at,  DateTime
+  property :updated_at,  DateTime
+end

data/lib/models/user.rb

@@ -0,0 +1,14 @@
+require 'dm-core'
+require 'dm-timestamps'
+
+class User
+  include DataMapper::Resource
+  
+  property :id,          Serial
+  property :name,        String
+  property :email,       String
+  property :created_at,  DateTime
+  property :updated_at,  DateTime
+
+  has n, :authorizations
+end

data/lib/sinatra/omniauth.rb

@@ -0,0 +1,273 @@
+#
+# Sinatra OmniAuth
+#
+# Copyright 2011 Clifford Heath.
+# License: MIT
+#
+#   Sinatra OmniAuth provides a Sinatra extension for adding pure OmniAuth authentication
+#   to your Sinatra application. "Pure" here means that you don't even need a username
+#   on the system, let alone a password; you just sign in using one of your existing
+#   social media accounts.
+#
+#   SinatraOmniAuth uses DataMapper and Haml, though you can write your own templates too.
+#   SinatraOmniAuth uses the wonderful icon set from <https://github.com/intridea/authbuttons>
+#
+# Usage:
+#   In your Gemfile, add:
+#
+#       gem 'sinatra_omniauth'
+#
+#   In the root directory of your app (same dir as config.ru), add your API keys to "omniauth.yml"
+#
+#   In your application:
+#
+#       require 'sinatra/omniauth'
+#
+#       set :omniauth, YAML.load_file(File.dirname(__FILE__)+"/omniauth.yml")
+#
+#       register SinatraOmniAuth
+#
+#   Models:
+#       Copy user.rb and authentication.rb from the models directory, and add any
+#       other fields and relationships you need.
+#
+#   Routes which SinatraOmniAuth will handle (you may override these if needed):
+#       /auth
+#               presents a list of configured authentication services, including the
+#               user's current sign-in account and any other registered accounts.
+#               This page also includes a signout link and the ability to delete
+#               secondary authentication methods.
+#       /auth/signout
+#               Signs the user out immediately and redirects to '/'
+#       /auth/<provider>/callback
+#               This URL is triggered when the authentication service redirects the user's
+#               browser here, after a successful authentication. The handler signs in the
+#               user, who may be a new user just joining, an existing user adding a new
+#               authentication method, or an existing user signing in or changing to a
+#               different authentication method
+#       /auth/failure
+#               Sets a flash saying that the authorization failed before redirecting to .
+#       /auth/:id
+#               A POST here with the magic _method=delete will delete this authentication
+#               method from the current user's account
+#
+#   Views:
+#       Copy views/auth.haml and css/auth.css to wherever they will be found.
+#
+#       Note that auth.haml uses assets helpers include_javascripts and include_stylesheets
+#       to load packed or unpacked JS (jQuery required) and CSS. Youy'll be wanting to
+#       style it all up yourself anyhow, but when you're there, replace the helpers as needed.
+#
+#   Images:
+#       Use the authbuttons images as noted. auth.haml expects them to be in </images/authbuttons/>
+#
+#   Helper methods:
+#       authenticate_user!
+#               Redirects to /auth if the user is not already signed in
+#       current_user
+#               The User record of the current signed-in user
+#       current_auth
+#               The Authentication record with which the user is signed in.
+#               Note that for most authentication services, this includes the user's name
+#               and email address.
+#
+#   Make sure you add a handler for the following routes:
+#       get '/auth/welcome'     - When a new user first joins
+#       get '/auth/signedin'    - When the user signs in
+#
+#       These handlers may simply set a flash and redirect to another place.
+#
+#   Oh, did I say flash? SinatraOmniAuth uses the "rack-flash" gem, so you can say:
+#
+#       flash.notice = "Welcome back!"; redirect to('/')
+#       ... and also access flash.error, flash.notice, etc, in your views.
+#
+#       You're welcome :)
+#
+require 'omniauth'
+require 'openid/store/filesystem'
+require 'rack-flash'
+
+module SinatraOmniAuth
+  module Helpers
+    def current_user
+      @current_user ||= User.get(session[:user_id]) if session[:user_id]
+    end
+
+    def current_auth
+      @current_auth ||= Authentication.get(session[:authentication_id]) if session[:authentication_id]
+    end
+
+    def authenticate_user!
+      if !current_user
+        flash.error = 'You need to sign in before you can access this page!'
+        redirect to('/auth')
+      end
+    end
+  end
+
+  def self.registered app
+    # Register OmniAuth Strategies and keys for all providers:
+    app.use ::OmniAuth::Builder do
+      app.settings.omniauth.each do |a|
+        provider = a['provider']
+        if key = a['key']
+          provider provider, key, a['secret'], (a['client_options'] || {})
+        else
+          name = a['name'].downcase.gsub(/ /,' ')
+          store = OpenID::Store::Filesystem.new(a['store']||'./tmp')
+          provider provider, store, :name => name, :identifier => a['identifier']
+        end
+      end
+    end
+
+    # Make _method=delete work in POST requests:
+    app.enable :method_override
+
+    # Create a flash, so we can display a message after a redirect
+    app.use Rack::Flash, :accessorize => [:notice, :error]
+    app.send(:define_method, :flash) do
+      env['x-rack.flash']
+    end
+
+    # A little help from our friends...
+    app.send(:include, Helpers)
+
+    # Display the authentication in use, registered for the current user, and available
+    app.get '/auth' do
+      @authentications_possible = settings.omniauth
+
+      if current_user
+        @authentication_current = Authentication.get(session[:authentication_id])
+        @authentications_available = current_user.authentications.all(:order => [ :provider.desc ])
+        @authentications_unused = @authentications_available.
+          reject do|a|
+            a.id == @authentication_current.id
+          end
+        @authentications_possible = @authentications_possible.dup.
+          reject do |a|
+            @authentications_available.detect{|p| p.provider == a['provider'] }
+          end
+      end
+
+      haml :auth
+    end
+
+    app.get '/auth/:authentication/callback' do
+      # callback: success
+      # This handles signing in and adding an authentication authentication to existing accounts itself
+
+      # get the authentication parameter from the Rails router
+      authentication_route = params[:authentication] ? params[:authentication] : 'No authentication recognized (invalid callback)'
+
+      # get the full hash from omniauth
+      omniauth = request.env['omniauth.auth']
+
+      # continue only if hash and parameter exist
+      unless omniauth and params[:authentication]
+        flash.error = 'Error while authenticating via ' + authentication_route.capitalize + '. The authentication did not return valid data.'
+        redirect to('/signin')
+      end
+
+      # create a new regularised authentication hash
+      @authhash = Hash.new
+      oaeuh = omniauth['extra']['user_hash']
+      oaui = omniauth['user_info']
+      if authentication_route == 'facebook'
+        @authhash[:email] = oaeuh['email'] || ''
+        @authhash[:name] = oaeuh['name'] || ''
+        @authhash[:uid] = oaeuh['name'] || ''
+        @authhash[:provider] = omniauth['provider'] || ''
+      elsif authentication_route == 'github'
+        @authhash[:email] = oaui['email'] || ''
+        @authhash[:name] = oaui['name'] || ''
+        @authhash[:uid] = (oaeuh['id'] || '').to_s
+        @authhash[:provider] = omniauth['provider'] || ''
+      elsif ['google', 'yahoo', 'linked_in', 'twitter', 'myopenid', 'openid', 'open_id'].index(authentication_route) != nil
+        @authhash[:email] = oaui['email'] || ''
+        @authhash[:name] = oaui['name'] || ''
+        @authhash[:uid] = (omniauth['uid'] || '').to_s
+        @authhash[:provider] = omniauth['provider'] || ''
+      else
+        # REVISIT: debug to output the hash that has been returned when adding new authentications
+        return '<pre>'+omniauth.to_yaml+'</pre>'
+      end
+
+      if @authhash[:uid] == '' or @authhash[:provider] == ''
+        flash.error = 'Error while authenticating via ' + authentication_route + '/' + @authhash[:provider].capitalize + '. The authentication returned invalid data for the user id.'
+        redirect to('/auth')
+      end
+
+      auth = Authentication.first(:provider => @authhash[:provider], :uid => @authhash[:uid])
+
+      # if the user is currently signed in, he/she might want to add another account to signin
+      if current_user
+        if auth
+          flash.notice = 'You are now signed in using your' + @authhash[:provider].capitalize + ' account'
+          session[:authentication_id] = auth.id     # They're now signed in using the new account
+          redirect to('/auth/signedin')  # Already signed in, and we already had this authentication
+        else
+          auth = current_user.authentications.create!(:provider => @authhash[:provider], :uid => @authhash[:uid], :user_name => @authhash[:name], :user_email => @authhash[:email])
+          flash.notice = 'Your ' + @authhash[:provider].capitalize + ' account has been added for signing in at this site.'
+          session[:authentication_id] = auth.id     # They're now signed in using the new account
+          session[:user_name] = @authhash[:name] if @authhash[:name] != ''
+          redirect to('/auth/signedin')
+        end
+      else
+        if auth
+          # Signin existing user
+          # in the session his user id and the authentication id used for signing in is stored
+          session[:user_id] = auth.user.id
+          session[:authentication_id] = auth.id
+          session[:user_name] = @authhash[:name] if @authhash[:name] != ''
+
+          flash.notice = 'Signed in successfully via ' + @authhash[:provider].capitalize + '.'
+          redirect to('/auth/signedin')
+        end
+
+        # this is a new user; add them
+        @current_user = User.create()
+        session[:user_id] = @current_user.id
+        session[:user_name] = @authhash[:name] if @authhash[:name] != ''
+        auth = current_user.authentications.create!(:provider => @authhash[:provider], :uid => @authhash[:uid], :user_name => @authhash[:name], :user_email => @authhash[:email])
+        session[:authentication_id] = auth.id
+        redirect to('/auth/welcome')
+      end
+    end
+
+    app.get '/auth/failure' do
+      flash.error = 'There was an error at the remote authentication authentication. You have not been signed in.'
+      redirect to('/')
+    end
+
+    app.get '/auth/signout' do
+      authenticate_user!
+
+      session[:user_id] = nil
+      session[:user_name] = nil
+      session[:authentication_id] = nil
+      session.delete :user_id
+      session.delete :user_name
+      session.delete :authentication_id
+      flash.notice = 'You have been signed out'
+      redirect to('/')
+    end
+
+    # authentication
+    app.delete '/auth/:id' do
+      authenticate_user!
+
+      # remove an authentication authentication linked to the current user
+      @authentication = current_user.authentications.get(params[:id])
+
+      if session[:authentication_id] == @authentication.id
+        flash.error = 'You can\'t delete this authorization because you are currently signed in with it!'
+      else
+        @authentication.destroy
+      end
+
+      redirect to('/auth')
+    end
+
+  end
+end