somatics3-generators 0.0.9 → 0.0.10

data/lib/generators/somatics/authenticated/templates/test/users.yml

@@ -1,60 +0,0 @@
-<%
-  ## this code must match that in templates/model.rb
-  require 'digest/sha1'
-  def make_fake_token
-    @fake_token_counter ||= 0
-    @fake_token_counter +=  1
-    Digest::SHA1.hexdigest(@fake_token_counter.to_s)
-  end
-  salts   = (1..2).map{ make_fake_token }
-  passwds = salts.map{ |salt| password_digest('monkey', salt) }
--%>
-
-quentin:
-  id:                        1
-  login:                     quentin
-  email:                     quentin@example.com
-  salt:                      <%= salts[0]   %> # SHA1('0')
-  crypted_password:          <%= passwds[0] %> # 'monkey'
-  created_at:                <%%= 5.days.ago.to_s :db  %>
-  remember_token_expires_at: <%%= 1.days.from_now.to_s %>
-  remember_token:            <%= make_fake_token %>
-<% if options[:include_activation] -%>
-  activation_code:           
-  activated_at:              <%%= 5.days.ago.to_s :db %>
-<% end -%>
-<% if options[:stateful] -%>
-  state:                     active
-<% end -%>
-      
-aaron:
-  id:                        2
-  login:                     aaron
-  email:                     aaron@example.com
-  salt:                      <%= salts[1]   %> # SHA1('1')
-  crypted_password:          <%= passwds[1] %> # 'monkey'
-  created_at:                <%%= 1.days.ago.to_s :db %>
-  remember_token_expires_at: 
-  remember_token:            
-<% if options[:include_activation] -%>
-  activation_code:           <%= make_fake_token %>
-  activated_at:              
-<% end -%>
-<% if options[:stateful] %>
-  state:                     pending
-<% end -%>
-
-
-old_password_holder:
-  id:                        3
-  login:                     old_password_holder
-  email:                     salty_dog@example.com
-  salt:                      7e3041ebc2fc05a40c60028e2c4901a81035d3cd
-  crypted_password:          00742970dc9e6319f8019fd54864d3ea740f04b1 # test
-  created_at:                <%%= 1.days.ago.to_s :db %>
-<% if options[:include_activation] %>
-  activation_code:           
-  activated_at:              <%%= 5.days.ago.to_s :db %>
-<% end %>
-<% if options[:stateful] %>
-  state:                     active<% end %>

data/lib/generators/somatics/authenticated_controller/templates/_model_partial.html.erb

@@ -1,8 +0,0 @@
-<%% if logged_in? -%>
-  <div id="<%= file_name %>-bar-greeting">Logged in as <%%= link_to_current_<%= file_name %> :content_method => :login %></div>
-  <div id="<%= file_name %>-bar-action"  >(<%%= link_to "Log out", logout_path, { :title => "Log out" }    %>)</div>
-<%% else -%>
-  <div id="<%= file_name %>-bar-greeting"><%%= link_to_login_with_IP 'Not logged in', :style => 'border: none;' %></div>
-  <div id="<%= file_name %>-bar-action"  ><%%= link_to "Log in",  login_path,  { :title => "Log in" } %> /
-                               <%%= link_to "Sign up", signup_path, { :title => "Create an account" } %></div>
-<%% end -%>

data/lib/generators/somatics/authenticated_controller/templates/activation.erb

@@ -1,3 +0,0 @@
-<%%=h @<%= file_name %>.login %>, your account has been activated.  Welcome aboard!
-
-  <%%=h @url %>

data/lib/generators/somatics/authenticated_controller/templates/authenticated_system.rb

@@ -1,189 +0,0 @@
-module <%= model_class_name %>AuthenticatedSystem
-  protected
-    # Returns true or false if the <%= file_name %> is logged in.
-    # Preloads @current_<%= file_name %> with the <%= file_name %> model if they're logged in.
-    def <%= file_name %>_logged_in?
-      !!current_<%= file_name %>
-    end
-
-    # Accesses the current <%= file_name %> from the session.
-    # Future calls avoid the database because nil is not equal to false.
-    def current_<%= file_name %>
-      @current_<%= file_name %> ||= (<%= file_name %>_login_from_session || <%= file_name %>_login_from_basic_auth || <%= file_name %>_login_from_cookie) unless @current_<%= file_name %> == false
-    end
-
-    # Store the given <%= file_name %> id in the session.
-    def current_<%= file_name %>=(new_<%= file_name %>)
-      session[:<%= file_name %>_id] = new_<%= file_name %> ? new_<%= file_name %>.id : nil
-      @current_<%= file_name %> = new_<%= file_name %> || false
-    end
-
-    # Check if the <%= file_name %> is authorized
-    #
-    # Override this method in your controllers if you want to restrict access
-    # to only a few actions or if you want to check if the <%= file_name %>
-    # has the correct rights.
-    #
-    # Example:
-    #
-    #  # only allow nonbobs
-    #  def authorized?
-    #    current_<%= file_name %>.login != "bob"
-    #  end
-    #
-    def <%= file_name %>_authorized?(action = action_name, resource = nil)
-      <%= file_name %>_logged_in?
-    end
-
-    # Filter method to enforce a login requirement.
-    #
-    # To require logins for all actions, use this in your controllers:
-    #
-    #   before_filter :login_required
-    #
-    # To require logins for specific actions, use this in your controllers:
-    #
-    #   before_filter :login_required, :only => [ :edit, :update ]
-    #
-    # To skip this in a subclassed controller:
-    #
-    #   skip_before_filter :login_required
-    #
-    def <%= file_name %>_login_required
-      <%= file_name %>_authorized? || <%= file_name %>_access_denied
-    end
-
-    # Redirect as appropriate when an access request fails.
-    #
-    # The default action is to redirect to the login screen.
-    #
-    # Override this method in your controllers if you want to have special
-    # behavior in case the <%= file_name %> is not authorized
-    # to access the requested action.  For example, a popup window might
-    # simply close itself.
-    def <%= file_name %>_access_denied
-      respond_to do |format|
-        format.html do
-          store_location
-          redirect_to <%= controller_routing_name %>_login_path
-        end
-        # format.any doesn't work in rails version < http://dev.rubyonrails.org/changeset/8987
-        # Add any other API formats here.  (Some browsers, notably IE6, send Accept: */* and trigger 
-        # the 'format.any' block incorrectly. See http://bit.ly/ie6_borken or http://bit.ly/ie6_borken2
-        # for a workaround.)
-        format.any(:json, :xml) do
-          request_http_basic_authentication 'Web Password'
-        end
-      end
-    end
-
-    # Store the URI of the current request in the session.
-    #
-    # We can return to this location by calling #redirect_back_or_default.
-    def store_location
-      session[:return_to] = request.request_uri
-    end
-
-    # Redirect to the URI stored by the most recent store_location call or
-    # to the passed default.  Set an appropriately modified
-    #   after_filter :store_location, :only => [:index, :new, :show, :edit]
-    # for any controller you want to be bounce-backable.
-    def redirect_back_or_default(default)
-      redirect_to(session[:return_to] || default)
-      session[:return_to] = nil
-    end
-
-    # Inclusion hook to make #current_<%= file_name %> and #logged_in?
-    # available as ActionView helper methods.
-    def self.included(base)
-      base.send :helper_method, :current_<%= file_name %>, :<%= file_name %>_logged_in?, :<%= file_name %>_authorized? if base.respond_to? :helper_method
-    end
-
-    #
-    # Login
-    #
-
-    # Called from #current_<%= file_name %>.  First attempt to login by the <%= file_name %> id stored in the session.
-    def <%= file_name %>_login_from_session
-      self.current_<%= file_name %> = <%= model_class_name %>.find_by_id(session[:<%= file_name %>_id]) if session[:<%= file_name %>_id]
-    end
-
-    # Called from #current_<%= file_name %>.  Now, attempt to login by basic authentication information.
-    def <%= file_name %>_login_from_basic_auth
-      authenticate_with_http_basic do |login, password|
-        self.current_<%= file_name %> = <%= model_class_name %>.authenticate(login, password)
-      end
-    end
-    
-    #
-    # Logout
-    #
-
-    # Called from #current_<%= file_name %>.  Finaly, attempt to login by an expiring token in the cookie.
-    # for the paranoid: we _should_ be storing <%= file_name %>_token = hash(cookie_token, request IP)
-    def <%= file_name %>_login_from_cookie
-      <%= file_name %> = cookies[:auth_token] && <%= model_class_name %>.find_by_remember_token(cookies[:auth_token])
-      if <%= file_name %> && <%= file_name %>.remember_token?
-        self.current_<%= file_name %> = <%= file_name %>
-        <%= file_name %>_handle_remember_cookie! false # freshen cookie token (keeping date)
-        self.current_<%= file_name %>
-      end
-    end
-
-    # This is ususally what you want; resetting the session willy-nilly wreaks
-    # havoc with forgery protection, and is only strictly necessary on login.
-    # However, **all session state variables should be unset here**.
-    def <%= file_name %>_logout_keeping_session!
-      # Kill server-side auth cookie
-      @current_<%= file_name %>.forget_me if @current_<%= file_name %>.is_a? <%= model_class_name %>
-      @current_<%= file_name %> = false     # not logged in, and don't do it for me
-      <%= file_name %>_kill_remember_cookie!     # Kill client-side auth cookie
-      session[:<%= file_name %>_id] = nil   # keeps the session but kill our variable
-      # explicitly kill any other session variables you set
-    end
-
-    # The session should only be reset at the tail end of a form POST --
-    # otherwise the request forgery protection fails. It's only really necessary
-    # when you cross quarantine (logged-out to logged-in).
-    def <%= file_name %>_logout_killing_session!
-      <%= file_name %>_logout_keeping_session!
-      reset_session
-    end
-    
-    #
-    # Remember_me Tokens
-    #
-    # Cookies shouldn't be allowed to persist past their freshness date,
-    # and they should be changed at each login
-
-    # Cookies shouldn't be allowed to persist past their freshness date,
-    # and they should be changed at each login
-
-    def <%= file_name %>_valid_remember_cookie?
-      return nil unless @current_<%= file_name %>
-      (@current_<%= file_name %>.remember_token?) && 
-        (cookies[:auth_token] == @current_<%= file_name %>.remember_token)
-    end
-    
-    # Refresh the cookie auth token if it exists, create it otherwise
-    def <%= file_name %>_handle_remember_cookie!(new_cookie_flag)
-      return unless @current_<%= file_name %>
-      case
-      when <%= file_name %>_valid_remember_cookie? then @current_<%= file_name %>.refresh_token # keeping same expiry date
-      when new_cookie_flag        then @current_<%= file_name %>.remember_me 
-      else                             @current_<%= file_name %>.forget_me
-      end
-      <%= file_name %>_send_remember_cookie!
-    end
-  
-    def <%= file_name %>_kill_remember_cookie!
-      cookies.delete :auth_token
-    end
-    
-    def <%= file_name %>_send_remember_cookie!
-      cookies[:auth_token] = {
-        :value   => @current_<%= file_name %>.remember_token,
-        :expires => @current_<%= file_name %>.remember_token_expires_at }
-    end
-
-end

data/lib/generators/somatics/authenticated_controller/templates/authenticated_test_helper.rb

@@ -1,10 +0,0 @@
-module <%= model_class_name %>AuthenticatedTestHelper 
-  # Sets the current <%= file_name %> in the session from the <%= file_name %> fixtures.
-  def login_as(<%= file_name %>)
-    @request.session[:<%= file_name %>_id] = <%= file_name %> ? (<%= file_name %>.is_a?(<%= file_name.camelize %>) ? <%= file_name %>.id : <%= table_name %>(<%= file_name %>).id) : nil
-  end
-
-  def authorize_as(<%= file_name %>)
-    @request.env["HTTP_AUTHORIZATION"] = <%= file_name %> ? ActionController::HttpAuthentication::Basic.encode_credentials(<%= table_name %>(<%= file_name %>).login, 'monkey') : nil
-  end
-end

data/lib/generators/somatics/authenticated_controller/templates/config/initializers/site_keys.rb

@@ -1,38 +0,0 @@
-
-# A Site key gives additional protection against a dictionary attack if your
-# DB is ever compromised.  With no site key, we store
-#   DB_password = hash(user_password, DB_user_salt)
-# If your database were to be compromised you'd be vulnerable to a dictionary
-# attack on all your stupid users' passwords.  With a site key, we store
-#   DB_password = hash(user_password, DB_user_salt, Code_site_key)
-# That means an attacker needs access to both your site's code *and* its
-# database to mount an "offline dictionary attack.":http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/web-authentication.html
-# 
-# It's probably of minor importance, but recommended by best practices: 'defense
-# in depth'.  Needless to say, if you upload this to github or the youtubes or
-# otherwise place it in public view you'll kinda defeat the point.  Your users'
-# passwords are still secure, and the world won't end, but defense_in_depth -= 1.
-# 
-# Please note: if you change this, all the passwords will be invalidated, so DO
-# keep it someplace secure.  Use the random value given or type in the lyrics to
-# your favorite Jay-Z song or something; any moderately long, unpredictable text.
-REST_AUTH_SITE_KEY         = '<%= $rest_auth_site_key_from_generator %>'
-  
-# Repeated applications of the hash make brute force (even with a compromised
-# database and site key) harder, and scale with Moore's law.
-#
-#   bq. "To squeeze the most security out of a limited-entropy password or
-#   passphrase, we can use two techniques [salting and stretching]... that are
-#   so simple and obvious that they should be used in every password system.
-#   There is really no excuse not to use them." http://tinyurl.com/37lb73
-#   Practical Security (Ferguson & Scheier) p350
-# 
-# A modest 10 foldings (the default here) adds 3ms.  This makes brute forcing 10
-# times harder, while reducing an app that otherwise serves 100 reqs/s to 78 signin
-# reqs/s, an app that does 10reqs/s to 9.7 reqs/s
-# 
-# More:
-# * http://www.owasp.org/index.php/Hashing_Java
-# * "An Illustrated Guide to Cryptographic Hashes":http://www.unixwiz.net/techtips/iguide-crypto-hashes.html
-
-REST_AUTH_DIGEST_STRETCHES = <%= $rest_auth_digest_stretches_from_generator %>

data/lib/generators/somatics/authenticated_controller/templates/controller.rb

@@ -1,55 +0,0 @@
-class <%= controller_class_name %>Controller < ApplicationController
-  # Be sure to include AuthenticationSystem in Application Controller instead
-  include <%= model_class_name %>AuthenticatedSystem
-  
-  skip_before_filter :<%= file_name %>_login_required
-
-  def new
-    @<%= file_name %> = <%= model_class_name %>.new
-  end
-
-  def create
-    <%= file_name %>_logout_keeping_session!
-    @<%= file_name %> = <%= model_class_name %>.new(params[:<%= file_name %>])
-<% if options[:stateful] -%>
-    @<%= file_name %>.register! if @<%= file_name %> && @<%= file_name %>.valid?
-    success = @<%= file_name %> && @<%= file_name %>.valid?
-<% else -%>
-    success = @<%= file_name %> && @<%= file_name %>.save
-<% end -%>
-    if success && @<%= file_name %>.errors.empty?
-<% if !options[:include_activation] -%>
-      # Protects against session fixation attacks, causes request forgery
-      # protection if visitor resubmits an earlier form using back
-      # button. Uncomment if you understand the tradeoffs.
-      # reset session
-      self.current_<%= file_name %> = @<%= file_name %> # !! now logged in
-<% end -%>
-      redirect_back_or_default('/')
-      flash[:notice] = "Thanks for signing up!  We're sending you an email with your activation code."
-    else
-      flash[:error]  = "We couldn't set up that account, sorry.  Please try again, or contact an admin (link is above)."
-      render :action => 'new'
-    end
-  end
-
-<% if options[:include_activation] -%>
-  def activate
-    <%= file_name %>_logout_keeping_session!
-    <%= file_name %> = <%= model_class_name %>.find_by_activation_code(params[:activation_code]) unless params[:activation_code].blank?
-    case
-      when (!params[:activation_code].blank?) && <%= file_name %> && !<%= file_name %>.active?
-        <%= file_name %>.activate!
-        flash[:notice] = "Signup complete! Please sign in to continue."
-        redirect_to "/#{controller_plural_name}/login"
-      when params[:activation_code].blank?
-        flash[:error] = "The activation code was missing.  Please follow the URL from your email."
-        redirect_back_or_default('/')
-      else 
-        flash[:error]  = "We couldn't find a <%= file_name %> with that activation code -- check your email? Or maybe you've already activated -- try signing in."
-        redirect_back_or_default('/')
-      end
-    end
-  end
-<% end -%>
-end

data/lib/generators/somatics/authenticated_controller/templates/helper.rb

@@ -1,91 +0,0 @@
-module <%= controller_class_name %>Helper
-  #
-  # Use this to wrap view elements that the user can't access.
-  # !! Note: this is an *interface*, not *security* feature !!
-  # You need to do all access control at the controller level.
-  #
-  # Example:
-  # <%%= if_authorized?(:index,   User)  do link_to('List all users', users_path) end %> |
-  # <%%= if_authorized?(:edit,    @user) do link_to('Edit this user', edit_user_path) end %> |
-  # <%%= if_authorized?(:destroy, @user) do link_to 'Destroy', @user, :confirm => 'Are you sure?', :method => :delete end %> 
-  #
-  #
-  def if_authorized?(action, resource, &block)
-    if authorized?(action, resource)
-      yield action, resource
-    end
-  end
-
-  #
-  # Link to user's page ('<%= table_name %>/1')
-  #
-  # By default, their login is used as link text and link title (tooltip)
-  #
-  # Takes options
-  # * :content_text => 'Content text in place of <%= file_name %>.login', escaped with
-  #   the standard h() function.
-  # * :content_method => :<%= file_name %>_instance_method_to_call_for_content_text
-  # * :title_method => :<%= file_name %>_instance_method_to_call_for_title_attribute
-  # * as well as link_to()'s standard options
-  #
-  # Examples:
-  #   link_to_<%= file_name %> @<%= file_name %>
-  #   # => <a href="/<%= table_name %>/3" title="barmy">barmy</a>
-  #
-  #   # if you've added a .name attribute:
-  #  content_tag :span, :class => :vcard do
-  #    (link_to_<%= file_name %> <%= file_name %>, :class => 'fn n', :title_method => :login, :content_method => :name) +
-  #          ': ' + (content_tag :span, <%= file_name %>.email, :class => 'email')
-  #   end
-  #   # => <span class="vcard"><a href="/<%= table_name %>/3" title="barmy" class="fn n">Cyril Fotheringay-Phipps</a>: <span class="email">barmy@blandings.com</span></span>
-  #
-  #   link_to_<%= file_name %> @<%= file_name %>, :content_text => 'Your user page'
-  #   # => <a href="/<%= table_name %>/3" title="barmy" class="nickname">Your user page</a>
-  #
-  def link_to_<%= file_name %>(<%= file_name %>, options={})
-    raise "Invalid <%= file_name %>" unless <%= file_name %>
-    options.reverse_merge! :content_method => :login, :title_method => :login, :class => :nickname
-    content_text      = options.delete(:content_text)
-    content_text    ||= <%= file_name %>.send(options.delete(:content_method))
-    options[:title] ||= <%= file_name %>.send(options.delete(:title_method))
-    link_to h(content_text), <%= controller_routing_name.singularize %>_path(<%= file_name %>), options
-  end
-
-  #
-  # Link to login page using remote ip address as link content
-  #
-  # The :title (and thus, tooltip) is set to the IP address 
-  #
-  # Examples:
-  #   link_to_login_with_IP
-  #   # => <a href="/login" title="169.69.69.69">169.69.69.69</a>
-  #
-  #   link_to_login_with_IP :content_text => 'not signed in'
-  #   # => <a href="/login" title="169.69.69.69">not signed in</a>
-  #
-  def link_to_login_with_IP content_text=nil, options={}
-    ip_addr           = request.remote_ip
-    content_text    ||= ip_addr
-    options.reverse_merge! :title => ip_addr
-    if tag = options.delete(:tag)
-      content_tag tag, h(content_text), options
-    else
-      link_to h(content_text), login_path, options
-    end
-  end
-
-  #
-  # Link to the current user's page (using link_to_<%= file_name %>) or to the login page
-  # (using link_to_login_with_IP).
-  #
-  def link_to_current_<%= file_name %>(options={})
-    if current_<%= file_name %>
-      link_to_<%= file_name %> current_<%= file_name %>, options
-    else
-      content_text = options.delete(:content_text) || 'not signed in'
-      # kill ignored options from link_to_<%= file_name %>
-      [:content_method, :title_method].each{|opt| options.delete(opt)} 
-      link_to_login_with_IP content_text, options
-    end
-  end
-end