sorcery 0.1.0

data/lib/sorcery/crypto_providers/sha512.rb

@@ -0,0 +1,55 @@
+require "digest/sha2"
+
+module Sorcery
+  # The activate_sorcery method has a custom_crypto_provider configuration option. This allows you to use any type of encryption you like.
+  # Just create a class with a class level encrypt and matches? method. See example below.
+  #
+  # === Example
+  #
+  #   class MyAwesomeEncryptionMethod
+  #     def self.encrypt(*tokens)
+  #       # the tokens passed will be an array of objects, what type of object is irrelevant,
+  #       # just do what you need to do with them and return a single encrypted string.
+  #       # for example, you will most likely join all of the objects into a single string and then encrypt that string
+  #     end
+  #
+  #     def self.matches?(crypted, *tokens)
+  #       # return true if the crypted string matches the tokens.
+  #       # depending on your algorithm you might decrypt the string then compare it to the token, or you might
+  #       # encrypt the tokens and make sure it matches the crypted string, its up to you
+  #     end
+  #   end
+  module CryptoProviders
+    # = Sha512
+    #
+    # Uses the Sha512 hash algorithm to encrypt passwords.
+    class SHA512
+      class << self
+        attr_accessor :join_token
+        
+        # The number of times to loop through the encryption.
+        def stretches
+          @stretches ||= 20
+        end
+        attr_writer :stretches
+        
+        # Turns your raw password into a Sha512 hash.
+        def encrypt(*tokens)
+          digest = tokens.flatten.join(join_token)
+          stretches.times { digest = Digest::SHA512.hexdigest(digest) }
+          digest
+        end
+        
+        # Does the crypted password match the tokens? Uses the same tokens that were used to encrypt.
+        def matches?(crypted, *tokens)
+          encrypt(*tokens) == crypted
+        end
+        
+        def reset!
+          @stretches = 20
+          @join_token = nil
+        end
+      end
+    end
+  end
+end

data/lib/sorcery/engine.rb

@@ -0,0 +1,20 @@
+require 'sorcery'
+require 'rails'
+
+module Sorcery
+  # The Sorcery engine takes care of extending ActiveRecord (if used) and ActionController,
+  # With the plugin logic.
+  class Engine < Rails::Engine
+    config.sorcery = ::Sorcery::Controller::Config
+    
+    initializer "extend Model with sorcery" do |app|
+      ActiveRecord::Base.send(:include, Sorcery::Model) if defined?(ActiveRecord)
+    end
+    
+    initializer "extend Controller with sorcery" do |app|
+      ActionController::Base.send(:include, Sorcery::Controller)
+      ActionController::Base.helper_method :logged_in_user
+    end
+
+  end
+end

data/lib/sorcery/model.rb

@@ -0,0 +1,175 @@
+module Sorcery
+  # This module handles all plugin operations which are related to the Model layer in the MVC pattern.
+  # It should be included into the ORM base class.
+  # In the case of Rails this is usually ActiveRecord (actually, in that case, the plugin does this automatically).
+  #
+  # When included it defines a single method: 'activate_sorcery!' which when called adds the other capabilities to the class.
+  # This method is also the place to configure the plugin in the Model layer.
+  module Model
+    def self.included(klass)
+      klass.class_eval do
+        class << self
+          def activate_sorcery!
+            @sorcery_config = Config.new
+            self.class_eval do
+              extend ClassMethods # included here, before submodules, so they can be overriden by them.
+              include InstanceMethods
+              ::Sorcery::Controller::Config.user_class = self
+              @sorcery_config.submodules = ::Sorcery::Controller::Config.submodules
+              @sorcery_config.submodules.each do |mod|
+                begin
+                  include Submodules.const_get(mod.to_s.split("_").map {|p| p.capitalize}.join("")) 
+                rescue NameError
+                  # don't stop on a missing submodule.
+                end
+              end
+            end
+            
+            yield @sorcery_config if block_given?
+            
+            self.class_eval do
+              attr_accessor @sorcery_config.password_attribute_name
+              attr_protected @sorcery_config.crypted_password_attribute_name, @sorcery_config.salt_attribute_name
+              before_save :encrypt_password, :if => Proc.new { |record| record.send(sorcery_config.password_attribute_name).present? }
+              after_save :clear_virtual_password, :if => Proc.new { |record| record.send(sorcery_config.password_attribute_name).present? }
+            end
+            @sorcery_config.after_config.each { |c| send(c) }
+          end
+        end
+      end
+    end
+    
+    module ClassMethods
+      # Returns the class instance variable for configuration, when called by the class itself.
+      def sorcery_config
+        @sorcery_config
+      end
+      
+      # The default authentication method.
+      # Takes a username and password,
+      # Finds the user by the username and compares the user's password to the one supplied to the method.
+      # returns the user if success, nil otherwise.
+      def authenticate(*credentials)
+        raise ArgumentError, "at least 2 arguments required" if credentials.size < 2
+        user = where("#{@sorcery_config.username_attribute_name} = ?", credentials[0]).first
+        salt = user.send(@sorcery_config.salt_attribute_name) if user && !@sorcery_config.salt_attribute_name.nil?
+        user if user && @sorcery_config.before_authenticate.all? {|c| user.send(c)} && (user.send(@sorcery_config.crypted_password_attribute_name)) == encrypt(credentials[1],salt)
+      end
+      
+      def encrypt(*tokens)
+        return tokens.first if @sorcery_config.encryption_provider.nil?
+        
+        @sorcery_config.encryption_provider.stretches = @sorcery_config.stretches if @sorcery_config.encryption_provider.respond_to?(:stretches) && @sorcery_config.stretches
+        @sorcery_config.encryption_provider.join_token = @sorcery_config.salt_join_token if @sorcery_config.encryption_provider.respond_to?(:join_token) && @sorcery_config.salt_join_token
+        CryptoProviders::AES256.key = @sorcery_config.encryption_key if @sorcery_config.encryption_algorithm == :aes256
+        @sorcery_config.encryption_provider.encrypt(*tokens)
+      end
+    end
+    
+    module InstanceMethods
+      # Returns the class instance variable for configuration, when called by an instance.
+      def sorcery_config
+        self.class.sorcery_config
+      end
+      
+      protected
+      
+      # creates new salt and saves it.
+      # encrypts password with salt and save it.
+      def encrypt_password
+        config = sorcery_config
+        self.send(:"#{config.salt_attribute_name}=", generate_random_code) if !config.salt_attribute_name.nil?
+        self.send(:"#{config.crypted_password_attribute_name}=", self.class.encrypt(self.send(config.password_attribute_name),salt))
+      end
+
+      def clear_virtual_password
+        config = sorcery_config
+        self.send(:"#{config.password_attribute_name}=", nil)
+      end
+      
+      # calls the requested email method on the configured mailer
+      # supports both the ActionMailer 3 way of calling, and the plain old Ruby object way.
+      def generic_send_email(method)
+        config = sorcery_config
+        mail = config.sorcery_mailer.send(config.send(method),self)
+        if defined?(ActionMailer) and config.sorcery_mailer.superclass == ActionMailer::Base
+          mail.deliver
+        end
+      end
+      
+      # Random code, used for salt and temporary tokens.
+      def generate_random_code
+        return Digest::SHA1.hexdigest( Time.now.to_s.split(//).sort_by {rand}.join )
+      end
+    end
+
+    # Each class which calls 'activate_sorcery!' receives an instance of this class.
+    # Every submodule which gets loaded may add accessors to this class so that all options will be configured from a single place.
+    class Config
+
+      attr_accessor :username_attribute_name,           # change default username attribute, for example, to use :email as the login.
+                    :password_attribute_name,           # change *virtual* password attribute, the one which is used until an encrypted one is generated.
+                    :email_attribute_name,              # change default email attribute.
+                    :crypted_password_attribute_name,   # change default crypted_password attribute.
+                    :salt_join_token,                   # what pattern to use to join the password with the salt
+                    :salt_attribute_name,               # change default salt attribute.
+                    :stretches,                         # how many times to apply encryption to the password.
+                    :encryption_key,                    # encryption key used to encrypt reversible encryptions such as AES256.
+                    
+                    :submodules,                        # configured in config/application.rb
+                    :before_authenticate,               # an array of method names to call before authentication completes. used internally.
+                    :after_config                       # an array of method names to call after configuration by user. used internally.
+                    
+      attr_reader   :encryption_provider,               # change default encryption_provider.
+                    :custom_encryption_provider,        # use an external encryption class.
+                    :encryption_algorithm               # encryption algorithm name. See 'encryption_algorithm=' below for available options.
+
+      def initialize
+        @defaults = {
+          :@submodules                           => [],
+          :@username_attribute_name              => :username,
+          :@password_attribute_name              => :password,
+          :@email_attribute_name                 => :email,
+          :@crypted_password_attribute_name      => :crypted_password,
+          :@encryption_algorithm                 => :sha256,
+          :@encryption_provider                  => CryptoProviders::BCrypt,
+          :@custom_encryption_provider           => nil,
+          :@encryption_key                       => nil,
+          :@salt_join_token                      => "",
+          :@salt_attribute_name                  => :salt,
+          :@stretches                            => nil,
+          :@before_authenticate                  => [],
+          :@after_config                         => []
+        }
+        reset!
+      end     
+           
+      # Resets all configuration options to their default values.
+      def reset!
+        @defaults.each do |k,v|
+          instance_variable_set(k,v)
+        end       
+      end
+      
+      def custom_encryption_provider=(provider)
+        @custom_encryption_provider = @encryption_provider = provider
+      end
+      
+      def encryption_algorithm=(algo)
+        @encryption_algorithm = algo
+        @encryption_provider = case @encryption_algorithm
+        when :none   then nil
+        when :md5    then CryptoProviders::MD5
+        when :sha1   then CryptoProviders::SHA1
+        when :sha256 then CryptoProviders::SHA256
+        when :sha512 then CryptoProviders::SHA512
+        when :aes256 then CryptoProviders::AES256
+        when :bcrypt then CryptoProviders::BCrypt
+        when :custom then @custom_encryption_provider
+        end
+      end
+      
+    end
+    
+  end
+end

data/lib/sorcery/model/submodules/password_reset.rb

@@ -0,0 +1,64 @@
+module Sorcery
+  module Model
+    module Submodules
+      # This submodule adds the ability to reset password via email confirmation.
+      module PasswordReset        
+        def self.included(base)
+          base.sorcery_config.class_eval do
+            attr_accessor :reset_password_code_attribute_name,        # reset password code attribute name.
+                          :sorcery_mailer,                            # mailer class. Needed.
+                          :reset_password_email_method_name           # reset password email method on your mailer class.
+
+          end
+          
+          base.sorcery_config.instance_eval do
+            @defaults.merge!(:@reset_password_code_attribute_name => :reset_password_code,
+                             :@sorcery_mailer                     => nil,
+                             :@reset_password_email_method_name   => :reset_password_email)
+
+            reset!
+          end
+          
+          base.class_eval do
+            clear_reset_password_code_proc = Proc.new do |record|
+              record.valid? && record.send(sorcery_config.password_attribute_name)
+            end
+            
+            before_save :clear_reset_password_code, :if =>clear_reset_password_code_proc
+          end
+          
+          base.sorcery_config.after_config << :validate_mailer_defined
+          
+          base.extend(ClassMethods)
+          base.send(:include, InstanceMethods)
+        end
+        
+        module ClassMethods
+          def validate_mailer_defined
+            msg = "To use password_reset submodule, you must define a mailer (config.sorcery_mailer = YourMailerClass)."
+            raise ArgumentError, msg if @sorcery_config.sorcery_mailer == nil
+          end
+        end
+        
+        module InstanceMethods
+          def reset_password!
+            config = sorcery_config
+            self.send(:"#{config.reset_password_code_attribute_name}=", generate_random_code)
+            self.class.transaction do
+              self.save!(:validate => false)
+              generic_send_email(:reset_password_email_method_name)
+            end
+          end
+
+          protected
+
+          def clear_reset_password_code
+            config = sorcery_config
+            self.send(:"#{config.reset_password_code_attribute_name}=", nil)
+          end
+        end
+        
+      end
+    end
+  end
+end

data/lib/sorcery/model/submodules/remember_me.rb

@@ -0,0 +1,42 @@
+module Sorcery
+  module Model
+    module Submodules
+      module RememberMe
+        def self.included(base)
+          base.sorcery_config.class_eval do
+            attr_accessor :remember_me_token_attribute_name,              # the attribute in the model class.
+                          :remember_me_token_expires_at_attribute_name,   # the expires attribute in the model class.
+                          :remember_me_for                                # how long in seconds to remember.
+
+          end
+          
+          base.sorcery_config.instance_eval do
+            @defaults.merge!(:@remember_me_token_attribute_name            => :remember_me_token,
+                             :@remember_me_token_expires_at_attribute_name => :remember_me_token_expires_at,
+                             :@remember_me_for                             => 7 * 60 * 60 * 24)
+
+            reset!
+          end
+          
+          base.send(:include, InstanceMethods)
+        end
+        
+        module InstanceMethods
+          def remember_me!
+            config = sorcery_config
+            self.send(:"#{config.remember_me_token_attribute_name}=", generate_random_code)
+            self.send(:"#{config.remember_me_token_expires_at_attribute_name}=", Time.now + config.remember_me_for)
+            self.save!(:validate => false)
+          end
+
+          def forget_me!
+            config = sorcery_config
+            self.send(:"#{config.remember_me_token_attribute_name}=", nil)
+            self.send(:"#{config.remember_me_token_expires_at_attribute_name}=", nil)
+            self.save!(:validate => false)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/sorcery/model/submodules/user_activation.rb

@@ -0,0 +1,84 @@
+module Sorcery
+  module Model
+    module Submodules
+      # This submodule adds the ability to make the user activate his account via email
+      # or any other way in which he can recieve an activation code.
+      # with the activation code the user may activate his account.
+      # When using this submodule, supplying a mailer is mandatory.
+      module UserActivation
+        def self.included(base)
+          base.sorcery_config.class_eval do
+            attr_accessor :activation_state_attribute_name,         # the attribute name to hold activation state (active/pending).
+                          :activation_code_attribute_name,          # the attribute name to hold activation code (sent by email).
+                          :sorcery_mailer,                          # your mailer class. Needed.
+                          :activation_needed_email_method_name,     # activation needed email method on your mailer class.
+                          :activation_success_email_method_name,    # activation success email method on your mailer class.
+                          :prevent_non_active_users_to_login        # do you want to prevent or allow users that did not activate by email to login?
+          end
+          
+          base.sorcery_config.instance_eval do
+            @defaults.merge!(:@activation_state_attribute_name      => :activation_state,
+                             :@activation_code_attribute_name       => :activation_code,
+                             :@sorcery_mailer                       => nil,
+                             :@activation_needed_email_method_name  => :activation_needed_email,
+                             :@activation_success_email_method_name => :activation_success_email,
+                             :@prevent_non_active_users_to_login    => true)
+            reset!
+          end
+          
+          base.class_eval do
+            before_create :setup_activation
+            after_create :send_activation_needed_email!
+          end
+          
+          base.sorcery_config.after_config << :validate_mailer_defined
+          
+          base.sorcery_config.before_authenticate << :prevent_non_active_login
+          
+          base.extend(ClassMethods)
+          base.send(:include, InstanceMethods)
+        end
+        
+        module ClassMethods
+          def validate_mailer_defined
+            msg = "To use user_activation submodule, you must define a mailer (config.sorcery_mailer = YourMailerClass)."
+            raise ArgumentError, msg if @sorcery_config.sorcery_mailer == nil
+          end
+        end
+        
+        module InstanceMethods
+          def activate!
+            config = sorcery_config
+            self.send(:"#{config.activation_code_attribute_name}=", nil)
+            self.send(:"#{config.activation_state_attribute_name}=", "active")
+            send_activation_success_email!
+            save!(:validate => false) # don't run validations
+          end
+
+          protected
+
+          def setup_activation
+            config = sorcery_config
+            generated_activation_code = CryptoProviders::SHA1.encrypt( Time.now.to_s.split(//).sort_by {rand}.join )
+            self.send(:"#{config.activation_code_attribute_name}=", generated_activation_code)
+            self.send(:"#{config.activation_state_attribute_name}=", "pending")
+          end
+
+          def send_activation_needed_email!
+            generic_send_email(:activation_needed_email_method_name) unless sorcery_config.activation_needed_email_method_name.nil?
+          end
+
+          def send_activation_success_email!
+            generic_send_email(:activation_success_email_method_name) unless sorcery_config.activation_success_email_method_name.nil?
+          end
+          
+          def prevent_non_active_login
+            config = sorcery_config
+            config.prevent_non_active_users_to_login ? self.send(config.activation_state_attribute_name) == "active" : true
+          end
+
+        end
+      end
+    end
+  end
+end