slayer-authlogic_rpx 1.2.1

data/lib/authlogic_rpx/helper.rb

@@ -0,0 +1,54 @@
+module AuthlogicRpx
+  module Helper
+
+    # helper to insert an embedded iframe RPX login
+    # takes options hash:
+    #   * <tt>app_name:</tt> name of the application (will be prepended to RPX domain and used in RPX dialogues)
+    #   * <tt>return_url:</tt> url for the RPX callback (e.g. user_sessions_url)
+    #   * <tt>add_rpx:</tt> if true, requests RPX callback to add to current session. Else runs normal authentication process (default)
+    #
+    # The options hash may include other options as supported by rpx_now (see http://github.com/grosser/rpx_now)
+    #
+    def rpx_embed(options = {})
+      app_name = options.delete( :app_name )
+      token_url = build_token_url!( options )
+      html = RPXNow.embed_code(app_name, token_url, options )
+      if defined? raw
+        raw html
+      else
+        html
+      end
+    end
+
+    # helper to insert a link to pop-up RPX login
+    # takes options hash:
+    #   * <tt>link_text:</tt> text to use in the link
+    #   * <tt>app_name:</tt> name of the application (will be prepended to RPX domain and used in RPX dialogues)
+    #   * <tt>return_url:</tt> url for the RPX callback (e.g. user_sessions_url)
+    #   * <tt>add_rpx:</tt> if true, requests RPX callback to add to current session. Else runs normal authentication process (default)
+    #   * <tt>unobtrusive:</tt> true/false; sets javascript style for link. Default: true
+    #
+    # The options hash may include other options as supported by rpx_now (see http://github.com/grosser/rpx_now)
+    #
+    def rpx_popup(options = {})
+      options = { :unobtrusive => true, :add_rpx => false }.merge( options )
+      app_name = options.delete( :app_name )
+      link_text = options.delete( :link_text )
+      token_url = build_token_url!( options )
+      html = RPXNow.popup_code( link_text, app_name,	token_url, options	)
+      if defined? raw
+        raw html
+      else
+        html
+      end
+    end
+
+  private
+
+    def build_token_url!( options )
+      options.delete( :return_url ) + '?' + (
+        { :authenticity_token => form_authenticity_token, :add_rpx => options.delete( :add_rpx ) }.collect { |n| "#{n[0]}=#{ u(n[1]) }" if n[1] }
+      ).compact.join('&')
+    end
+  end
+end

data/lib/authlogic_rpx/rpx_identifier.rb

@@ -0,0 +1,4 @@
+class RPXIdentifier < ActiveRecord::Base
+	validates_presence_of :identifier
+	validates_uniqueness_of :identifier
+end

data/lib/authlogic_rpx/session.rb

@@ -0,0 +1,237 @@
+module AuthlogicRpx
+	# This module is responsible for adding all of the RPX goodness to the Authlogic::Session::Base class.
+	module Session
+		# Add a simple rpx_identifier attribute and some validations for the field.
+		def self.included(klass)
+			klass.class_eval do
+				extend Config
+				include Methods
+			end
+		end
+		
+		module Config
+
+			def find_by_rpx_identifier_method(value = nil)
+				rw_config(:find_by_rpx_identifier_method, value, :find_by_rpx_identifier)
+			end
+			alias_method :find_by_rpx_identifier_method=, :find_by_rpx_identifier_method
+
+			# Auto Register is enabled by default. 
+			# Add this in your Session object if you need to disable auto-registration via rpx
+			#
+			def auto_register(value=true)
+				auto_register_value(value)
+			end
+			def auto_register_value(value=nil)
+				rw_config(:auto_register,value,true)
+			end      
+			alias_method :auto_register=,:auto_register
+
+			# Add this in your Session object to set the RPX API key 
+			# RPX won't work without the API key. Set it here if not already set in your app configuration.
+			#
+			def rpx_key(value=nil)
+				rpx_key_value(value)
+			end
+			def rpx_key_value(value=nil)
+				if !inheritable_attributes.include?(:rpx_key) 
+					RPXNow.api_key = value 
+				end
+				rw_config(:rpx_key,value,false)
+			end
+			alias_method :rpx_key=,:rpx_key
+
+			# Add this in your Session object to set whether RPX returns extended user info 
+			# By default, it will not, which is enough to get username, name, email and the rpx identified
+			# if you want to map additional information into your user details, you can request extended
+			# attributes (though not all providers give them - see the RPX docs)
+			#
+			def rpx_extended_info(value=true)
+				rpx_extended_info_value(value)
+			end
+			def rpx_extended_info_value(value=nil)
+				rw_config(:rpx_extended_info,value,false)
+			end
+			alias_method :rpx_extended_info=,:rpx_extended_info
+
+		end
+		
+		module Methods
+		  
+			def self.included(klass)
+				klass.class_eval do
+					attr_accessor :new_registration
+					after_persisting :add_rpx_identifier, :if => :adding_rpx_identifier?
+					validate :validate_by_rpx, :if => :authenticating_with_rpx?
+				end
+			end
+      		  
+			# Determines if the authenticated user is also a new registration.
+			# For use in the session controller to help direct the most appropriate action to follow.
+			# 
+			def new_registration?
+				new_registration || !new_registration.nil?
+			end
+			
+			# Determines if the authenticated user has a complete registration (no validation errors)
+			# For use in the session controller to help direct the most appropriate action to follow.
+			# 
+			def registration_complete?
+				attempted_record && attempted_record.valid?
+			end
+
+      # TODO: rails 3 authlogic monkeypatch. Not sure if this code is quite right yet
+      def to_key
+        new_record? ? nil : [ self.send(self.class.primary_key) ]
+      end
+
+
+		private
+		  # Tests if current request is for RPX authentication
+		  #
+			def authenticating_with_rpx?
+				controller.params[:token] && !controller.params[:add_rpx]
+			end
+
+			# hook instance finder method to class
+			#
+			def find_by_rpx_identifier_method
+				self.class.find_by_rpx_identifier_method
+			end
+
+			# Tests if auto_registration is enabled (on by default)
+			#
+			def auto_register?
+				self.class.auto_register_value
+			end
+
+			# Tests if rpx_extended_info is enabled (off by default)
+			#
+			def rpx_extended_info?
+				self.class.rpx_extended_info_value
+			end
+
+      # Tests if current request is the special case of adding RPX to an existing account
+      #
+			def adding_rpx_identifier?
+				controller.params[:token] && controller.params[:add_rpx]
+			end
+			
+			# Handles the special case of RPX being added to an existing account. 
+			# At this point, a session has been established as a result of a "save" on the user model (which indirectly triggers user session validation).
+			# We do not directly add the RPX details to the user record here in order to avoid getting
+			# into a recursive dance between the session and user models.
+			# Rather, it uses the trick of adding the necessary RPX information to the session object, 
+			# and the user model will pluck these values out before completing its validation step.
+			#
+			def add_rpx_identifier
+				data = RPXNow.user_data(controller.params[:token], :extended=> rpx_extended_info? ) {|raw| raw }
+				controller.session['added_rpx_data'] = data if data
+			end
+			
+			# the main RPX magic. At this point, a session is being validated and we know RPX identifier
+			# has been provided. We'll callback to RPX to verify the token, and authenticate the matching 
+			# user. 
+			# If no user is found, and we have auto_register enabled (default) this method will also 
+			# create the user registration stub.
+			#
+			# On return to the controller, you can test for new_registration? and registration_complete?
+			# to determine the most appropriate action
+			#
+			def validate_by_rpx
+				@rpx_data = RPXNow.user_data(
+					controller.params[:token],
+					:extended => rpx_extended_info?) { |raw| raw }
+				
+				# If we don't have a valid sign-in, give-up at this point
+				if @rpx_data.nil? || @rpx_data['profile'].nil?
+					errors.add_to_base("Authentication failed. Please try again.")
+					return false
+				end
+				
+				rpx_id = @rpx_data['profile']['identifier']
+				rpx_provider_name = @rpx_data['profile']['providerName']
+				if rpx_id.blank?
+					errors.add_to_base("Authentication failed. Please try again.")
+					return false
+				end
+
+				self.attempted_record = klass.send(find_by_rpx_identifier_method, rpx_id)
+
+        return false unless rpx_data_valid?
+				
+				# so what do we do if we can't find an existing user matching the RPX authentication...
+				if !attempted_record
+					if auto_register?
+						self.attempted_record = klass.new()
+						map_rpx_data
+						
+						# save the new user record - without session maintenance else we
+						# get caught in a self-referential hell, since both session and
+						# user objects invoke each other upon save
+						self.new_registration = true
+						self.attempted_record.add_rpx_identifier( rpx_id, rpx_provider_name)
+						self.attempted_record.save_without_session_maintenance
+					else
+						errors.add_to_base("We did not find any accounts with that login. Enter your details and create an account.")
+						return false
+					end
+				else
+					map_rpx_data_each_login
+				end
+			
+			end
+
+			# map_rpx_data maps additional fields from the RPX response into the user object during auto-registration.
+			# Override this in your session model to change the field mapping
+			# See https://rpxnow.com/docs#profile_data for the definition of available attributes
+			#
+			# In this procedure, you will be writing to fields of the "self.attempted_record" object, pulling data from the @rpx_data object.
+			#
+			# WARNING: if you are using auto-registration, any fields you map should NOT have constraints enforced at the database level.
+			# authlogic_rpx will optimistically attempt to save the user record during registration, and 
+			# violating a database constraint will cause the authentication/registration to fail.
+			#
+			# You can/should enforce any required validations at the model level e.g.
+			#   validates_uniqueness_of   :username, :case_sensitive => false
+			# This will allow the auto-registration to proceed, and the user can be given a chance to rectify the validation errors
+			# on your user profile page.
+			#
+			# If it is not acceptable in your application to have user records created with potential validation errors in auto-populated fields, you
+			# will need to override map_rpx_data and implement whatever special handling makes sense in your case. For example:
+			#   - directly check for uniqueness and other validation requirements
+			#   - automatically "uniquify" fields like username
+			#   - save conflicting profile information to "pending user review" columns or a seperate table
+			#
+			def map_rpx_data
+				self.attempted_record.send("#{klass.login_field}=", @rpx_data['profile']['preferredUsername'] ) if attempted_record.send(klass.login_field).blank?
+				self.attempted_record.send("#{klass.email_field}=", @rpx_data['profile']['email'] ) if attempted_record.send(klass.email_field).blank?
+			end
+
+			# map_rpx_data_each_login provides a hook to allow you to map RPX profile information every time the user
+			# logs in.
+			# By default, nothing is mapped. 
+			#
+			# This would mainly be used to update relatively volatile information that you are maintaining in the user model (such as profile image url)
+			#
+			# In this procedure, you will be writing to fields of the "self.attempted_record" object, pulling data from the @rpx_data object.
+			#
+			#
+			def map_rpx_data_each_login
+
+			end
+
+			# rpx_data_valid? provides a hook to allow you to validate RPX profile information every time the user
+			# logs in.
+			# By default, no validation is performed
+      #
+      # For instance you can check if user with @rpx_data['profile']['email'] is found in database
+			#
+      def rpx_data_valid?
+        true
+      end
+	
+		end
+		
+	end
+end

data/lib/authlogic_rpx/version.rb

@@ -0,0 +1,51 @@
+module AuthlogicRpx
+  # A class for describing the current version of a library. The version
+  # consists of three parts: the +major+ number, the +minor+ number, and the
+  # +tiny+ (or +patch+) number.
+  class Version
+    include Comparable
+  
+    # A convenience method for instantiating a new Version instance with the
+    # given +major+, +minor+, and +tiny+ components.
+    def self.[](major, minor, tiny)
+      new(major, minor, tiny)
+    end
+
+    attr_reader :major, :minor, :tiny
+
+    # Create a new Version object with the given components.
+    def initialize(major, minor, tiny)
+      @major, @minor, @tiny = major, minor, tiny
+    end
+
+    # Compare this version to the given +version+ object.
+    def <=>(version)
+      to_i <=> version.to_i
+    end
+
+    # Converts this version object to a string, where each of the three
+    # version components are joined by the '.' character. E.g., 2.0.0.
+    def to_s
+      @to_s ||= [@major, @minor, @tiny].join(".")
+    end
+
+    # Converts this version to a canonical integer that may be compared
+    # against other version objects.
+    def to_i
+      @to_i ||= @major * 1_000_000 + @minor * 1_000 + @tiny
+    end
+    
+    def to_a
+      [@major, @minor, @tiny]
+    end
+
+    MAJOR = 1
+    MINOR = 2
+    TINY  = 1
+
+    # The current version as a Version instance
+    CURRENT = new(MAJOR, MINOR, TINY)
+    # The current version as a String
+    STRING = CURRENT.to_s
+  end
+end

data/rails/init.rb

@@ -0,0 +1 @@
+require "authlogic_rpx"

data/slayer-authlogic_rpx.gemspec

@@ -0,0 +1,102 @@
+# Generated by jeweler
+# DO NOT EDIT THIS FILE DIRECTLY
+# Instead, edit Jeweler::Tasks in Rakefile, and run the gemspec command
+# -*- encoding: utf-8 -*-
+
+Gem::Specification.new do |s|
+  s.name = %q{slayer-authlogic_rpx}
+  s.version = "1.2.1"
+
+  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
+  s.authors = ["Paul Gallagher / tardate <gallagher.paul@gmail.com>", "Vladislav Moskovets <github@vlad.org.ua>"]
+  s.date = %q{2011-07-06}
+  s.description = %q{Authlogic extension/plugin that provides RPX (rpxnow.com) authentication support}
+  s.email = %q{gallagher.paul@gmail.com}
+  s.extra_rdoc_files = [
+    "README.rdoc"
+  ]
+  s.files = [
+    ".gitignore",
+     "CHANGELOG.rdoc",
+     "MIT-LICENSE",
+     "Manifest",
+     "README.rdoc",
+     "Rakefile",
+     "generators/add_authlogic_rpx_migration/USAGE",
+     "generators/add_authlogic_rpx_migration/add_authlogic_rpx_migration_generator.rb",
+     "generators/add_authlogic_rpx_migration/templates/migration_internal_mapping.rb",
+     "generators/add_authlogic_rpx_migration/templates/migration_no_mapping.rb",
+     "init.rb",
+     "lib/authlogic_rpx.rb",
+     "lib/authlogic_rpx/acts_as_authentic.rb",
+     "lib/authlogic_rpx/helper.rb",
+     "lib/authlogic_rpx/rpx_identifier.rb",
+     "lib/authlogic_rpx/session.rb",
+     "lib/authlogic_rpx/version.rb",
+     "rails/init.rb",
+     "slayer-authlogic_rpx.gemspec",
+     "test/fixtures/rpxresponses.yml",
+     "test/fixtures/users.yml",
+     "test/integration/basic_authentication_and_registration_test.rb",
+     "test/integration/internal_mapping/basic_authentication_and_registration_test.rb",
+     "test/integration/internal_mapping/settings_test.rb",
+     "test/integration/no_mapping/basic_authentication_and_registration_test.rb",
+     "test/integration/no_mapping/settings_test.rb",
+     "test/libs/ext_test_unit.rb",
+     "test/libs/mock_rpx_now.rb",
+     "test/libs/rails_trickery.rb",
+     "test/libs/rpxresponse.rb",
+     "test/libs/user.rb",
+     "test/libs/user_session.rb",
+     "test/test_helper.rb",
+     "test/test_internal_mapping_helper.rb",
+     "test/unit/acts_as_authentic_settings_test.rb",
+     "test/unit/session_settings_test.rb",
+     "test/unit/session_validation_test.rb",
+     "test/unit/verify_rpx_mock_test.rb"
+  ]
+  s.homepage = %q{http://github.com/tardate/authlogic_rpx}
+  s.rdoc_options = ["--charset=UTF-8"]
+  s.require_paths = ["lib"]
+  s.rubygems_version = %q{1.3.7}
+  s.summary = %q{Authlogic plug-in for RPX support}
+  s.test_files = [
+    "test/test_internal_mapping_helper.rb",
+     "test/libs/rpxresponse.rb",
+     "test/libs/user_session.rb",
+     "test/libs/rails_trickery.rb",
+     "test/libs/mock_rpx_now.rb",
+     "test/libs/user.rb",
+     "test/libs/ext_test_unit.rb",
+     "test/unit/session_settings_test.rb",
+     "test/unit/verify_rpx_mock_test.rb",
+     "test/unit/acts_as_authentic_settings_test.rb",
+     "test/unit/session_validation_test.rb",
+     "test/test_helper.rb",
+     "test/integration/no_mapping/basic_authentication_and_registration_test.rb",
+     "test/integration/no_mapping/settings_test.rb",
+     "test/integration/internal_mapping/basic_authentication_and_registration_test.rb",
+     "test/integration/internal_mapping/settings_test.rb",
+     "test/integration/basic_authentication_and_registration_test.rb"
+  ]
+
+  if s.respond_to? :specification_version then
+    current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
+    s.specification_version = 3
+
+    if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
+      s.add_runtime_dependency(%q<authlogic>, [">= 3.0.3"])
+      s.add_runtime_dependency(%q<rpx_now>, [">= 0.6.23"])
+      s.add_development_dependency(%q<test-unit>, [">= 2.1.1"])
+    else
+      s.add_dependency(%q<authlogic>, [">= 3.0.3"])
+      s.add_dependency(%q<rpx_now>, [">= 0.6.23"])
+      s.add_dependency(%q<test-unit>, [">= 2.1.1"])
+    end
+  else
+    s.add_dependency(%q<authlogic>, [">= 3.0.3"])
+    s.add_dependency(%q<rpx_now>, [">= 0.6.23"])
+    s.add_dependency(%q<test-unit>, [">= 2.1.1"])
+  end
+end
+