sorcery 0.7.0 → 0.7.1

data/lib/{sorcery/initializers → generators/sorcery/templates}/initializer.rb

@@ -18,6 +18,9 @@ Rails.application.config.sorcery.configure do |config|
                                                                       # and send him there after login, using
                                                                       # 'redirect_back_or_to'.
 
+  # config.cookie_domain = nil                                        # set domain option for cookies
+                                                                      # Useful for remember_me submodule
+
   # -- session timeout --
   # config.session_timeout = 3600                                     # how long in seconds to keep the session alive.
   # config.session_timeout_from_last_action = false                   # use the last action as the beginning of
@@ -54,9 +57,6 @@ Rails.application.config.sorcery.configure do |config|
   # config.github.callback_url = "http://0.0.0.0:3000/oauth/callback?provider=github"
   # config.github.user_info_mapping = {:email => "name"}
 
-  # config.sinatra_cookie_secret = 'ch4ng3M3plz'                      # key used to sign cookies in Sinatra
-                                                                      # changing it will invalidate all signed cookies!        
-
   # --- user config ---
   config.user_config do |user|
     # -- core --
@@ -194,6 +194,6 @@ Rails.application.config.sorcery.configure do |config|
   end
 
   # This line must come after the 'user config' block.
-  config.user_class = "User"                                                          # define which model authenticates
+  config.user_class = "<%= model_class_name %>"                                       # define which model authenticates
                                                                                       # with sorcery.
 end

data/lib/generators/sorcery/templates/migration/activity_logging.rb

@@ -0,0 +1,17 @@
+class SorceryActivityLogging < ActiveRecord::Migration
+  def self.up
+    add_column :<%= model_class_name.tableize %>, :last_login_at,     :datetime, :default => nil
+    add_column :<%= model_class_name.tableize %>, :last_logout_at,    :datetime, :default => nil
+    add_column :<%= model_class_name.tableize %>, :last_activity_at,  :datetime, :default => nil
+    
+    add_index :<%= model_class_name.tableize %>, [:last_logout_at, :last_activity_at]
+  end
+
+  def self.down
+    remove_index :<%= model_class_name.tableize %>, [:last_logout_at, :last_activity_at]
+    
+    remove_column :<%= model_class_name.tableize %>, :last_activity_at
+    remove_column :<%= model_class_name.tableize %>, :last_logout_at
+    remove_column :<%= model_class_name.tableize %>, :last_login_at
+  end
+end

data/lib/generators/sorcery/templates/migration/brute_force_protection.rb

@@ -0,0 +1,11 @@
+class SorceryBruteForceProtection < ActiveRecord::Migration
+  def self.up
+    add_column :<%= model_class_name.tableize %>, :failed_logins_count, :integer, :default => 0
+    add_column :<%= model_class_name.tableize %>, :lock_expires_at, :datetime, :default => nil
+  end
+
+  def self.down
+    remove_column :<%= model_class_name.tableize %>, :lock_expires_at
+    remove_column :<%= model_class_name.tableize %>, :failed_logins_count
+  end
+end

data/lib/generators/{sorcery_migration/templates → sorcery/templates/migration}/core.rb

@@ -1,6 +1,6 @@
 class SorceryCore < ActiveRecord::Migration
   def self.up
-    create_table :users do |t|
+    create_table :<%= model_class_name.tableize %> do |t|
       t.string :username,         :null => false  # if you use another field as a username, for example email, you can safely remove this field.
       t.string :email,            :default => nil # if you use this field as a username, you might want to make it :null => false.
       t.string :crypted_password, :default => nil
@@ -11,6 +11,6 @@ class SorceryCore < ActiveRecord::Migration
   end
 
   def self.down
-    drop_table :users
+    drop_table :<%= model_class_name.tableize %>
   end
 end

data/lib/generators/{sorcery_migration/templates → sorcery/templates/migration}/external.rb

@@ -1,7 +1,7 @@
 class SorceryExternal < ActiveRecord::Migration
   def self.up
     create_table :authentications do |t|
-      t.integer :user_id, :null => false
+      t.integer :<%= model_class_name.tableize.singularize %>_id, :null => false
       t.string :provider, :uid, :null => false
 
       t.timestamps

data/lib/generators/sorcery/templates/migration/remember_me.rb

@@ -0,0 +1,15 @@
+class SorceryRememberMe < ActiveRecord::Migration
+  def self.up
+    add_column :<%= model_class_name.tableize %>, :remember_me_token, :string, :default => nil
+    add_column :<%= model_class_name.tableize %>, :remember_me_token_expires_at, :datetime, :default => nil
+    
+    add_index :<%= model_class_name.tableize %>, :remember_me_token
+  end
+
+  def self.down
+    remove_index :<%= model_class_name.tableize %>, :remember_me_token
+    
+    remove_column :<%= model_class_name.tableize %>, :remember_me_token_expires_at
+    remove_column :<%= model_class_name.tableize %>, :remember_me_token
+  end
+end

data/lib/generators/sorcery/templates/migration/reset_password.rb

@@ -0,0 +1,17 @@
+class SorceryResetPassword < ActiveRecord::Migration
+  def self.up
+    add_column :<%= model_class_name.tableize %>, :reset_password_token, :string, :default => nil
+    add_column :<%= model_class_name.tableize %>, :reset_password_token_expires_at, :datetime, :default => nil
+    add_column :<%= model_class_name.tableize %>, :reset_password_email_sent_at, :datetime, :default => nil
+    
+    add_index :<%= model_class_name.tableize %>, :reset_password_token
+  end
+
+  def self.down
+    remove_index :users, :reset_password_token
+    
+    remove_column :<%= model_class_name.tableize %>, :reset_password_email_sent_at
+    remove_column :<%= model_class_name.tableize %>, :reset_password_token_expires_at
+    remove_column :<%= model_class_name.tableize %>, :reset_password_token
+  end
+end

data/lib/generators/sorcery/templates/migration/user_activation.rb

@@ -0,0 +1,17 @@
+class SorceryUserActivation < ActiveRecord::Migration
+  def self.up
+    add_column :<%= model_class_name.tableize %>, :activation_state, :string, :default => nil
+    add_column :<%= model_class_name.tableize %>, :activation_token, :string, :default => nil
+    add_column :<%= model_class_name.tableize %>, :activation_token_expires_at, :datetime, :default => nil
+    
+    add_index :<%= model_class_name.tableize %>, :activation_token
+  end
+
+  def self.down
+    remove_index :<%= model_class_name.tableize %>, :activation_token
+    
+    remove_column :<%= model_class_name.tableize %>, :activation_token_expires_at
+    remove_column :<%= model_class_name.tableize %>, :activation_token
+    remove_column :<%= model_class_name.tableize %>, :activation_state
+  end
+end

data/lib/sorcery.rb

@@ -5,6 +5,7 @@ module Sorcery
     module Adapters
       autoload :ActiveRecord, 'sorcery/model/adapters/active_record'
       autoload :Mongoid, 'sorcery/model/adapters/mongoid'
+      autoload :MongoMapper, 'sorcery/model/adapters/mongo_mapper'
     end
     module Submodules
       autoload :UserActivation, 'sorcery/model/submodules/user_activation'
@@ -36,9 +37,6 @@ module Sorcery
         end
       end
     end
-    module Adapters
-      autoload :Sinatra, 'sorcery/controller/adapters/sinatra'
-    end
   end
   module CryptoProviders
     autoload :Common, 'sorcery/crypto_providers/common'
@@ -52,12 +50,9 @@ module Sorcery
   autoload :TestHelpers, 'sorcery/test_helpers'
   module TestHelpers
     autoload :Rails, 'sorcery/test_helpers/rails'
-    autoload :Sinatra, 'sorcery/test_helpers/sinatra'
     autoload :Internal, 'sorcery/test_helpers/internal'
     module Internal
       autoload :Rails, 'sorcery/test_helpers/internal/rails'
-      autoload :Sinatra, 'sorcery/test_helpers/internal/sinatra'
-      autoload :SinatraModular, 'sorcery/test_helpers/internal/sinatra_modular'
     end
 
   end
@@ -77,6 +72,9 @@ module Sorcery
     end
   end
 
+  if defined?(MongoMapper)
+    MongoMapper::Document.send(:plugin, Sorcery::Model::Adapters::MongoMapper)
+  end
+
   require 'sorcery/engine' if defined?(Rails) && Rails::VERSION::MAJOR == 3
-  require 'sorcery/sinatra' if defined?(Sinatra)
 end

data/lib/sorcery/controller.rb

@@ -5,7 +5,7 @@ module Sorcery
         include InstanceMethods
         Config.submodules.each do |mod|
           begin
-            include Submodules.const_get(mod.to_s.split("_").map {|p| p.capitalize}.join("")) 
+            include Submodules.const_get(mod.to_s.split("_").map {|p| p.capitalize}.join(""))
           rescue NameError
             # don't stop on a missing submodule.
           end
@@ -14,7 +14,7 @@ module Sorcery
       Config.update!
       Config.configure!
     end
-    
+
     module InstanceMethods
       # To be used as before_filter.
       # Will trigger auto-login attempts via the call to logged_in?
@@ -22,10 +22,10 @@ module Sorcery
       def require_login
         if !logged_in?
           session[:return_to_url] = request.url if Config.save_return_to_url
-          self.send(Config.not_authenticated_action) 
+          self.send(Config.not_authenticated_action)
         end
       end
-      
+
       # Takes credentials and returns a user on successful authentication.
       # Runs hooks after login or failed login.
       def login(*credentials)
@@ -42,43 +42,44 @@ module Sorcery
           nil
         end
       end
-      
+
       # Resets the session and runs hooks before and after.
       def logout
         if logged_in?
           before_logout!(current_user)
           reset_session
           after_logout!
+          @current_user = nil
         end
       end
-      
+
       def logged_in?
         !!current_user
       end
-      
+
       # attempts to auto-login from the sources defined (session, basic_auth, cookie, etc.)
       # returns the logged in user if found, false if not (using old restful-authentication trick, nil != false).
       def current_user
         @current_user ||= login_from_session || login_from_other_sources unless @current_user == false
       end
-      
+
       def current_user=(user)
         @current_user = user
       end
-      
-      # used when a user tries to access a page while logged out, is asked to login, 
+
+      # used when a user tries to access a page while logged out, is asked to login,
       # and we want to return him back to the page he originally wanted.
       def redirect_back_or_to(url, flash_hash = {})
         redirect_to(session[:return_to_url] || url, :flash => flash_hash)
       end
-      
+
       # The default action for denying non-authenticated users.
       # You can override this method in your controllers,
       # or provide a different method in the configuration.
       def not_authenticated
         redirect_to root_path
       end
-      
+
       # login a user instance
       #
       # @param [<User-Model>] user the user instance.
@@ -87,16 +88,16 @@ module Sorcery
         session[:user_id] = user.id
         @current_user = user
       end
-      
+
       # Overwrite Rails' handle unverified request
       def handle_unverified_request
         cookies[:remember_me_token] = nil
         @current_user = nil
         super # call the default behaviour which resets the session
       end
-      
+
       protected
-      
+
       # Tries all available sources (methods) until one doesn't return false.
       def login_from_other_sources
         result = nil
@@ -105,51 +106,51 @@ module Sorcery
         end
         result || false
       end
-      
+
       def login_from_session
         @current_user = (user_class.find_by_id(session[:user_id]) if session[:user_id]) || false
       end
-      
+
       def after_login!(user, credentials)
         Config.after_login.each {|c| self.send(c, user, credentials)}
       end
-      
+
       def after_failed_login!(credentials)
         Config.after_failed_login.each {|c| self.send(c, credentials)}
       end
-      
+
       def before_logout!(user)
         Config.before_logout.each {|c| self.send(c, user)}
       end
-      
+
       def after_logout!
         Config.after_logout.each {|c| self.send(c)}
       end
-      
+
       def user_class
         @user_class ||= Config.user_class.to_s.constantize
       end
-      
+
     end
-    
+
     module Config
       class << self
         attr_accessor :submodules,
-                      :user_class,                    # what class to use as the user class. 
+                      :user_class,                    # what class to use as the user class.
                       :not_authenticated_action,      # what controller action to call for non-authenticated users.
-                      
+
                       :save_return_to_url,            # when a non logged in user tries to enter a page that requires
-                                                      # login, save the URL he wanted to reach, 
+                                                      # login, save the URL he wanted to reach,
                                                       # and send him there after login.
-                                                      
-                      :sinatra_cookie_secret,         # used to sign cookies in Sinatra.
-                      
+
+                      :cookie_domain,                 # set domain option for cookies
+
                       :login_sources,
                       :after_login,
                       :after_failed_login,
                       :before_logout,
-                      :after_logout             
-        
+                      :after_logout
+
         def init!
           @defaults = {
             :@user_class                           => nil,
@@ -161,31 +162,31 @@ module Sorcery
             :@before_logout                        => [],
             :@after_logout                         => [],
             :@save_return_to_url                   => true,
-            :@sinatra_cookie_secret                => 'ch4ng3M3plz'
+            :@cookie_domain                        => nil
           }
         end
-        
+
         # Resets all configuration options to their default values.
         def reset!
           @defaults.each do |k,v|
             instance_variable_set(k,v)
-          end       
+          end
         end
-        
+
         def update!
           @defaults.each do |k,v|
             instance_variable_set(k,v) if !instance_variable_defined?(k)
           end
         end
-        
+
         def user_config(&blk)
           block_given? ? @user_config = blk : @user_config
         end
-        
+
         def configure(&blk)
           @configure_blk = blk
         end
-        
+
         def configure!
           @configure_blk.call(self) if @configure_blk
         end
@@ -194,4 +195,4 @@ module Sorcery
       reset!
     end
   end
-end
+end

data/lib/sorcery/controller/submodules/activity_logging.rb

@@ -21,15 +21,15 @@ module Sorcery
               attr_accessor :register_last_activity_time
             
               def merge_activity_logging_defaults!
-                @defaults.merge!(:@register_login_time  => true,
-                                 :@register_logout_time => true,
+                @defaults.merge!(:@register_login_time         => true,
+                                 :@register_logout_time        => true,
                                  :@register_last_activity_time => true)
               end
             end
             merge_activity_logging_defaults!
           end
-          Config.after_login << :register_login_time_to_db
-          Config.before_logout << :register_logout_time_to_db
+          Config.after_login    << :register_login_time_to_db
+          Config.before_logout  << :register_logout_time_to_db
           base.after_filter :register_last_activity_time_to_db
         end
         
@@ -52,16 +52,14 @@ module Sorcery
           # This runs as a hook just after a successful login.
           def register_login_time_to_db(user, credentials)
             return unless Config.register_login_time
-            user.send(:"#{user.sorcery_config.last_login_at_attribute_name}=", Time.now.utc.to_s(:db))
-            user.save!(:validate => false)
+            user.update_attributes!(user.sorcery_config.last_login_at_attribute_name => Time.now.utc)
           end
           
           # registers last logout time on every logout.
           # This runs as a hook just before a logout.
           def register_logout_time_to_db(user)
             return unless Config.register_logout_time
-            user.send(:"#{user.sorcery_config.last_logout_at_attribute_name}=", Time.now.utc.to_s(:db))
-            user.save!(:validate => false)
+            user.update_attributes!(user.sorcery_config.last_logout_at_attribute_name => Time.now.utc)
           end
           
           # Updates last activity time on every request.
@@ -69,8 +67,7 @@ module Sorcery
           def register_last_activity_time_to_db
             return unless Config.register_last_activity_time
             return unless logged_in?
-            current_user.send(:"#{current_user.sorcery_config.last_activity_at_attribute_name}=", Time.now.utc.to_s(:db))
-            current_user.save!(:validate => false)
+            current_user.update_attributes!(current_user.sorcery_config.last_activity_at_attribute_name => Time.now.utc)
           end
         end
       end

data/lib/sorcery/controller/submodules/external/protocols/oauth2.rb

@@ -8,19 +8,34 @@ module Sorcery
             def oauth_version
               "2.0"
             end
-          
+            
             def authorize_url(options = {})
               defaults = {
-                  :site => @site,
-                  :ssl => { :ca_file => Config.ca_file }
+                :site => @site,
+                :ssl => { :ca_file => Config.ca_file }
               }
-              client = ::OAuth2::Client.new(@key, @secret, defaults.merge!(options))
-              client.authorize_url(:redirect_uri => @callback_url, :scope => @scope)
+              client = ::OAuth2::Client.new(
+                @key,
+                @secret,
+                defaults.merge!(options)
+              )
+              client.web_server.authorize_url(
+                :redirect_uri => @callback_url,
+                :scope => @scope
+              )
             end
-          
+            
             def get_access_token(args)
-              client = ::OAuth2::Client.new(@key, @secret, :site => @site, :ssl => { :ca_file => Config.ca_file })
-              client.get_token(args[:code], :redirect_uri => @callback_url)
+              client = ::OAuth2::Client.new(
+                @key,
+                @secret,
+                :site => @site,
+                :ssl => { :ca_file => Config.ca_file }
+              )
+              client.web_server.get_access_token(
+                args[:code],
+                :redirect_uri => @callback_url
+              )
             end
           end
         end