sparkly-auth 1.0.0

data/generators/sparkly/templates/accounts_controller.rb

@@ -0,0 +1,65 @@
+class <%=model.accounts_controller.camelize%>Controller < SparklyController
+  require_login_for :show, :edit, :update, :destroy
+
+  # GET new_model_url
+  def new
+  end
+
+  # POST model_url
+  def create
+    if model.save       
+      login!(model)
+      redirect_back_or_default Auth.default_destination, Auth.account_created_message
+    else
+      render :action => 'new'
+    end
+  end
+
+  # GET model_url
+  def show
+  end
+
+  # GET edit_model_url
+  def edit
+  end
+
+  # PUT model_url
+  def update
+    if !model_params[:password].blank? || !model_params[:password_confirmation].blank?
+      model.password = model_params[:password]
+      model.password_confirmation = model_params[:password_confirmation]
+    end
+    
+    if model.save
+      redirect_back_or_default user_path, Auth.account_updated_message
+    else
+      render :action => 'edit'
+    end
+  end
+
+  # DELETE model_url
+  def destroy
+    current_user && current_user.destroy
+    logout!
+    @current_user = nil
+    flash[:notice] = Auth.account_deleted_message
+    redirect_back_or_default Auth.default_destination
+  end
+
+  protected
+  def find_user_model
+    # password fields are protected attrs, so we need to exclude them then add them explicitly.
+    self.model_instance = current_user ||
+            returning(model_class.new(model_params.without(:password, :password_confirmation))) { |model|
+              model.password = model_params[:password]
+              model.password_confirmation = model_params[:password_confirmation]
+            }
+  end
+
+  # Uncomment if you don't trust the params[:model] set up by Sparkly routing, or if you've
+  # disabled them.
+  #
+  #def model_name
+  #  <%=model.name.inspect%>
+  #end
+end

data/generators/sparkly/templates/accounts_helper.rb

@@ -0,0 +1,2 @@
+module <%=model.accounts_controller.camelize%>Helper
+end

data/generators/sparkly/templates/help_file.txt

@@ -0,0 +1,56 @@
+I'll assume you know what Sparkly Authentication is since it seems
+to be installed. If that assumption is incorrect, you should check
+out the Sparkly Authentication readme instead.
+
+So let's get right into usage. This text was generated by the Sparkly
+command-line generator, invoked via:
+
+  script/generate sparkly help
+
+Depending on what arguments are attached, this generator is capable
+of producing various different results. So let's go through them one
+at a time, in the most common order...
+
+0. Usually the first thing you'll want to do is generate the models
+   which will actually be authenticated, such as a User model. See
+   the Rails Guides for more details on that. You don't need to
+   actually run the migrations yet, however.
+
+1. After you know which models will be authenticated, you're ready
+   to invoke the Sparkly Config generator:
+
+   script/generate sparkly config
+   
+   This will generate a Rails Initializer in config/initializers that
+   will be used to set up Sparkly during runtime. This tells it what
+   encryption type to use, which models to authenticate, and so on.
+   You should take a look at this file to make sure the configuration
+   is what you are expecting. Do that. Now.
+   
+2. You also need to generate the database table which stores the 
+   password information -- I'm talking about migrations!
+   
+   script/generate sparkly migrations
+   
+4. Run the server and try it out. See how things feel. If you want
+   more control over the views (and you should), you can generate
+   them like so:
+   
+     script/generate sparkly views
+     
+   Their final resting place basically depends on what your Sparkly
+   config from Step 1 looks like. So I hope you double checked it.
+
+5. Finally, if you need control over the, er, controllers, you can go
+   ahead and generate them like so:
+   
+   script/generate sparkly controllers
+   
+   Note that exactly which controllers and how many of them will be
+   generated depends, once again, on your Sparkly config. Note also
+   that this will generate the corresponding views for you, so you
+   can skip step 4 if you already know you need to customize the
+   controllers.
+
+This file has been saved to doc/sparkly_authentication.txt for your
+reference.

data/generators/sparkly/templates/initializer.rb

@@ -0,0 +1,30 @@
+# This file sets up Sparkly Auth to work properly with Rails. It was generated
+# by "script/generate sparkly config" and can be regenerated with that command, though 
+# you may not want to actually do that if you've made changes to this file.
+#
+# You are also HIGHLY encouraged to check out the Auth::Configuration class documentation
+# for a list of all the options you can set here. There are a LOT of them.
+#
+Auth.configure do |config|
+  config.authenticate :user
+    # Adds a model to be authenticated. See the Auth::Model class for information on
+    # what options you can pass. Here are some common examples:
+    #  
+    #   config.authenticate :user, :accounts_controller => "users", :sessions_controller => "user_sessions"
+    #   config.authenticate :user, :key => "login"
+    #
+    # By default, :key is "email" and the controllers are Sparkly's internal controllers.
+    # (Don't forget you can also script/generate controllers or script/generate views to
+    # remove the overhead of setting up your own.)
+    #
+  
+  # You can also configure the various behaviors (as long as they support configurations):
+  #  config.remember_me.token_theft_message =
+  #      "Your account may have been hijacked recently! Verify that all settings are correct."
+  #
+  #  config.remember_me.duration = 6.months
+  #
+  # See the class documentation for the behaviors' configurations themselves for details
+  # about these options. (For example, see Auth::Behaviors::RememberMe::Configuration for
+  # the Remember Me configuration options.)
+end

data/generators/sparkly/templates/migrations/add_confirmed_to_sparkly_passwords.rb

@@ -0,0 +1,9 @@
+class AddConfirmedToSparklyPasswords < ActiveRecord::Migration
+  def self.up
+    add_column :passwords, :confirmed, :boolean
+  end
+
+  def self.down
+    remove_column :passwords, :confirmed
+  end
+end

data/generators/sparkly/templates/migrations/create_sparkly_passwords.rb

@@ -0,0 +1,19 @@
+class CreateSparklyPasswords < ActiveRecord::Migration
+  def self.up
+    create_table :passwords do |t|
+      t.string :secret
+      t.string :salt
+      
+      t.string :persistence_token   # the token stored in cookies to persist the user's session
+      t.string :single_access_token # used to authenticate a user for a single request. This is not persisted.
+      t.string :perishable_token    # used in confirming an account, usually via email
+      
+      t.references :authenticatable, :polymorphic => true
+      t.timestamps
+    end
+  end
+
+  def self.down
+    drop_table :passwords
+  end
+end

data/generators/sparkly/templates/migrations/create_sparkly_remembered_tokens.rb

@@ -0,0 +1,15 @@
+class CreateSparklyRememberedTokens < ActiveRecord::Migration
+  def self.up
+    create_table :remembrance_tokens do |t|
+      t.string :series_token
+      t.string :remembrance_token
+      
+      t.references :authenticatable, :polymorphic => true
+      t.timestamps
+    end
+  end
+
+  def self.down
+    drop_table :remembrance_tokens
+  end
+end

data/generators/sparkly/templates/sessions_controller.rb

@@ -0,0 +1,45 @@
+class <%=model.sessions_controller.camelize%>Controller < SparklyController
+  # GET new_model_session_url
+  def new
+  end
+
+  # POST model_session_url
+  def create
+    if session[:locked_out_at] && session[:locked_out_at] > Auth.account_lock_duration.ago
+      flash[:error] = Auth.account_locked_message
+      render :action => 'new'
+      return
+    end
+    
+    model = model_class.find(:first, :conditions => { model_config.key => model_params[model_config.key] },
+                             :include => :passwords)
+    
+    if model && model.password_matches?(model_params[:password])
+      login! model
+      redirect_back_or_default Auth.default_destination, Auth.login_successful_message
+    else
+      session[:login_failures] = session[:login_failures].to_i + 1
+      if Auth.max_login_failures && session[:login_failures] >= Auth.max_login_failures
+        session[:locked_out_at] = Time.now
+        flash[:error] = Auth.account_locked_message
+      else
+        flash[:error] = Auth.invalid_credentials_message
+      end
+      render :action => "new"
+    end
+  end
+
+  # DELETE model_session_url
+  def destroy
+    logout!
+    redirect_back_or_default Auth.default_destination, Auth.logout_message
+  end
+  
+  protected
+  # Uncomment if you don't trust the params[:model] set up by Sparkly routing, or if you've
+  # disabled them.
+  #
+  #def model_name
+  #  <%=model.name.inspect%>
+  #end
+end

data/generators/sparkly/templates/sessions_helper.rb

@@ -0,0 +1,2 @@
+module <%=model.sessions_controller.camelize%>Helper
+end

data/generators/sparkly/templates/tasks/migrations.rb

@@ -0,0 +1 @@
+require 'auth/tasks/migrations'

data/generators/sparkly/templates/views/sparkly_accounts/edit.html.erb

@@ -0,0 +1,24 @@
+<%form_for model, :url => model_path do |f|%>
+  <p>
+    <%=f.error_messages%>
+  </p>
+  
+  <p>
+    <%=f.label model_config.key%><br/>
+    <%=f.text_field model_config.key%>
+  </p>
+  
+  <p>
+    <%=f.label :password%><br/>
+    <%=f.password_field :password, :value => ''%>
+  </p>
+  
+  <p>
+    <%=f.label :password_confirmation%><br/>
+    <%=f.password_field :password_confirmation, :value => ''%>
+  </p>
+  
+  <p>
+    <%=f.submit "Update Profile"%>
+  </p>
+<%end%>

data/generators/sparkly/templates/views/sparkly_accounts/new.html.erb

@@ -0,0 +1,24 @@
+<%form_for model, :url => model_path do |f|%>
+  <p>
+    <%=f.error_messages%>
+  </p>
+  
+  <p>
+    <%=f.label model_config.key%><br/>
+    <%=f.text_field model_config.key%>
+  </p>
+  
+  <p>
+    <%=f.label :password%><br/>
+    <%=f.password_field :password, :value => ''%>
+  </p>
+  
+  <p>
+    <%=f.label :password_confirmation%><br/>
+    <%=f.password_field :password_confirmation, :value => ''%>
+  </p>
+  
+  <p>
+    <%=f.submit "Sign up"%>
+  </p>
+<%end%>

data/generators/sparkly/templates/views/sparkly_sessions/new.html.erb

@@ -0,0 +1,22 @@
+<%form_for model, :url => model_session_path do |f|%>
+  <p>
+    <%=f.label model_config.key%><br/>
+    <%=f.text_field model_config.key%>
+  </p>
+  
+  <p>
+    <%=f.label :password%><br/>
+    <%=f.password_field :password, :value => ''%>
+  </p>
+  
+  <%if Auth.remember_me.enabled?%>
+    <p>
+      <%=f.check_box :remember_me, :checked => false%>
+      <%=f.label :remember_me%>
+    </p>
+  <%end%>
+  
+  <p>
+    <%=f.submit "Sign in"%>
+  </p>
+<%end%>

data/init.rb

@@ -0,0 +1,44 @@
+require File.expand_path("../dependencies", __FILE__)
+require File.expand_path("../lib/auth", __FILE__)
+
+$LOAD_PATH << Auth.path
+ActiveSupport::Dependencies.load_paths << Auth.path
+ActiveSupport::Dependencies.load_once_paths << Auth.path
+#ActiveSupport::Dependencies.load_once_paths.delete(Auth.path)
+
+# Kick auth after initialize and do it again before every request in development
+Rails.configuration.to_prepare do
+  Auth.kick!
+end
+
+# FIXME HACK extension to ActiveRecord::Errors to allow error attributes to be renamed. This is
+# because otherwise we'll end up producing very confusing error messages complaining about :secret,
+# :encrypted_secret, and so forth when all the user really cares about is :password.
+class ActiveRecord::Errors
+  def rename_attribute(original_name, new_name)
+    original_name, new_name = original_name.to_s, new_name.to_s
+    return if original_name == new_name
+    
+    @errors.each do |attribute, old_errors|
+      if attribute.to_s == original_name
+        original_name = attribute # because some are strings, some are symbols.
+        
+        old_errors.each do |error|
+          new_error = error.dup
+          new_error.attribute = new_name
+          unless @errors[new_name] && @errors[new_name].include?(new_error)
+            @errors[new_name] ||= []
+            @errors[new_name] << new_error
+          end
+        end
+        @errors.delete(original_name)
+      end
+    end
+  end
+end
+
+class ActiveRecord::Error
+  def ==(other)
+    other.kind_of?(ActiveRecord::Error) && attribute.to_s == other.attribute.to_s && message == other.message
+  end
+end

data/lib/auth.rb

@@ -0,0 +1,52 @@
+module Auth
+  class << self
+    public :delegate
+    delegate :path, :encryptor, :default_accounts_controller_name, :default_sessions_controller_name,
+             :password_update_frequency, :base_controller, :login_required_message, :logout_required_message,
+             :default_destination, :session_duration, :invalid_credentials_message, :login_successful_message,
+             :logout_message, :session_timeout_message, :default_login_path, :account_deleted_message,
+             :account_created_message, :account_updated_message, :account_locked_message, :max_login_failures,
+             :generate_routes?, :disable_route_generation!, :password_uniqueness_message,
+             :password_history_length, :base_controller_name, :account_lock_duration,
+             :password_format, :password_format_message, :minimum_password_length, :behaviors, :behavior_classes,
+             :to => :configuration
+    
+    def configuration
+      @configuration ||= Auth::Configuration.new
+    end
+    
+    def configure
+      yield configuration
+    end
+    
+    # Applies all configuration settings. This is done by the Auth system after it has been configured but before
+    # it processes any requests.
+    def configure!
+      begin
+        configuration.apply!
+      rescue NameError
+        puts
+        puts "WARNING: #{$!.message}"
+        puts
+        puts "This happened while trying to configure Sparkly Authentication."
+        puts "You should verify that /config/initializers/sparkly_authentication.rb"
+        puts "is set up properly. It could be that you just haven't created the"
+        puts "model yet. If so, this error will disappear when the model exists."
+        puts
+        if ENV['AUTH_BACKTRACE']
+          puts $!.backtrace
+        else
+          puts "(Run with AUTH_BACKTRACE=true to see a full bactrace.)"
+        end
+        puts
+      end
+    end
+    
+    # Useful for cleaning up after tests, but probably not much else.
+    def reset_configuration!
+      @configuration = Auth::Configuration.new
+    end
+    
+    alias_method :kick!, :configure!
+  end
+end

data/lib/auth/behavior/base.rb

@@ -0,0 +1,64 @@
+class Auth::Behavior::Base
+  class_inheritable_array :migrations
+  read_inheritable_attribute(:migrations) || write_inheritable_attribute(:migrations, [])
+  
+  class << self
+    def apply_to_controllers
+      # Add additional methods to ApplicationController (or whatever controller Sparkly is told to use)
+      Auth.base_controller.send(:include, "#{name}::ControllerExtensions".constantize)
+      # why this doesn't work in cuke?
+  #    if (container = self.class).const_defined?(:ControllerExtensions)
+  #      Auth.base_controller.send(:include, container.const_get(:ControllerExtensions))
+  #    end
+    #rescue NameError
+    end
+  end
+  
+  def apply_to(model)
+    track_behavior(model.target) do
+      apply_to_accounts(model)
+      apply_to_passwords(Password)
+    end
+  end
+
+  def apply_to_passwords(password_model)
+    raise NotImplementedError, "Be sure to override #apply_to_passwords(passwords_model) in your Auth Behavior"
+  end
+  
+  def apply_to_accounts(model_config)
+    raise NotImplementedError, "Be sure to override #apply_to_accounts(model_config) in your Auth Behavior"
+  end
+  
+  private
+  def track_behavior(model)
+    if !behavior_tracked?(model)
+      track_behavior!(model)
+      yield
+    end
+  end  
+
+  def behavior_tracked?(model)
+    behavior_tracker(model).include? behavior_name  
+  end
+    
+  def track_behavior!(model)
+    behavior_tracker(model) << behavior_name
+  end
+  
+  def behavior_tracker(model)
+    model.instance_variable_get("@__behavior_tracker") || model.instance_variable_set("@__behavior_tracker", [])
+  end
+  
+  def behavior_name
+    self.class.name
+  end
+
+  public
+  class << self
+    # Declares a migration template for a behavior. If sourcedir is given, it will be used as the location
+    # in which to find the template.
+    def migration(filename)
+      migrations << filename unless migrations.include?(filename)
+    end
+  end
+end