sparkly-auth 1.0.0

data/LICENSE

@@ -0,0 +1,20 @@
+Copyright (c) 2009 Colin MacKenzie IV
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.rdoc

@@ -0,0 +1,17 @@
+= sparkly-auth
+
+Description goes here.
+
+== Note on Patches/Pull Requests
+ 
+* Fork the project.
+* Make your feature addition or bug fix.
+* Add tests for it. This is important so I don't break it in a
+  future version unintentionally.
+* Commit, do not mess with rakefile, version, or history.
+  (if you want to have your own version, that is fine but bump version in a commit by itself I can ignore when I pull)
+* Send me a pull request. Bonus points for topic branches.
+
+== Copyright
+
+Copyright (c) 2010 Colin MacKenzie IV. See LICENSE for details.

data/Rakefile

@@ -0,0 +1,50 @@
+require 'rubygems'
+require 'rake'
+
+begin
+  require 'jeweler'
+  Jeweler::Tasks.new do |gem|
+    gem.name = "sparkly-auth"
+    gem.summary = %Q{User authentication with Sparkles!}
+    gem.description = %Q{As fate would have it, I found other authentication solutions unable to suit my needs. So I rolled my own.}
+    gem.email = "sinisterchipmunk@gmail.com"
+    gem.homepage = "http://www.thoughtsincomputation.com"
+    gem.authors = ["Colin MacKenzie IV"]
+    gem.add_dependency "sc-core-ext", ">= 1.2.0"
+    gem.add_development_dependency 'rspec-rails', '>= 1.3.2'
+    gem.add_development_dependency 'webrat', '>= 0.7.1'
+    gem.add_development_dependency 'genspec', '>= 0.1.1'
+    gem.add_development_dependency 'email_spec', '>= 0.6.2'
+    # WHY does jeweler insist on using test/* files? THEY DON'T EXIST!
+    gem.test_files = FileList['spec/**/*']
+  end
+  Jeweler::GemcutterTasks.new
+rescue LoadError
+  puts "Jeweler (or a dependency) not available. Install it with: gem install jeweler"
+end
+
+require 'spec/rake/spectask'
+Spec::Rake::SpecTask.new(:spec) do |spec|
+  spec.libs << 'lib' << 'spec'
+  spec.spec_files = FileList['spec/**/*_spec.rb']
+end
+
+Spec::Rake::SpecTask.new(:rcov) do |spec|
+  spec.libs << 'lib' << 'spec'
+  spec.pattern = 'spec/**/*_spec.rb'
+  spec.rcov = true
+end
+
+task :spec => :check_dependencies
+
+task :default => :spec
+
+require 'rake/rdoctask'
+Rake::RDocTask.new do |rdoc|
+  version = File.exist?('VERSION') ? File.read('VERSION') : ""
+
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title = "sparkly-auth #{version}"
+  rdoc.rdoc_files.include('README*')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end

data/VERSION

@@ -0,0 +1 @@
+1.0.0

data/app/controllers/sparkly_accounts_controller.rb

@@ -0,0 +1,59 @@
+class SparklyAccountsController < SparklyController
+  unloadable
+  require_login_for :show, :edit, :update, :destroy
+
+  # GET new_model_url
+  def new
+  end
+
+  # POST model_url
+  def create
+    if model.save
+      login!(model)
+      redirect_back_or_default Auth.default_destination, Auth.account_created_message
+    else
+      render :action => 'new'
+    end
+  end
+
+  # GET model_url
+  def show
+  end
+
+  # GET edit_model_url
+  def edit
+  end
+
+  # PUT model_url
+  def update
+    if !model_params[:password].blank? || !model_params[:password_confirmation].blank?
+      model.password = model_params[:password]
+      model.password_confirmation = model_params[:password_confirmation]
+    end
+    
+    if model.save
+      redirect_back_or_default user_path, Auth.account_updated_message
+    else
+      render :action => 'edit'
+    end
+  end
+
+  # DELETE model_url
+  def destroy
+    current_user && current_user.destroy
+    logout!
+    @current_user = nil
+    flash[:notice] = Auth.account_deleted_message
+    redirect_back_or_default Auth.default_destination
+  end
+
+  protected
+    def find_user_model
+      # password fields are protected attrs, so we need to exclude them then add them explicitly.
+      self.model_instance = current_user ||
+              returning(model_class.new(model_params.without(:password, :password_confirmation))) { |model|
+                model.password = model_params[:password]
+                model.password_confirmation = model_params[:password_confirmation]
+              }
+    end
+end

data/app/controllers/sparkly_controller.rb

@@ -0,0 +1,47 @@
+class SparklyController < (Auth.base_controller)
+  unloadable
+  helper_method :model_class, :model_instance, :model_name, :model, :model_path, :new_model_path, :edit_model_path,
+                :model_config, :model_session_path, :model_params
+  before_filter :find_user_model
+
+  protected
+    attr_accessor :model_instance
+    
+    def find_user_model
+      self.model_instance = current_user || model_class.new()
+    end
+    
+    def model_class
+      model_name.constantize
+    end
+    
+    def model_name
+      params[:model]
+    end
+    
+    def model_path
+      send("#{model_name.underscore}_path")
+    end
+    
+    def new_model_path
+      send("new_#{model_name.underscore}_path")
+    end
+    
+    def edit_model_path
+      send("edit_#{model_name.underscore}_path")
+    end
+  
+    def model_session_path
+      send("#{model_name.underscore}_session_path")
+    end
+    
+    def model_config
+      Auth.configuration.for_model(model_name)
+    end
+  
+    def model_params
+      params[model_name.underscore] || {}
+    end
+  
+    alias_method :model, :model_instance  
+end

data/app/controllers/sparkly_sessions_controller.rb

@@ -0,0 +1,52 @@
+class SparklySessionsController < SparklyController
+  unloadable
+
+  # GET new_model_session_url
+  def new
+  end
+
+  # POST model_session_url
+  def create
+    if session[:locked_out_at] && session[:locked_out_at] > Auth.account_lock_duration.ago
+      flash[:error] = Auth.account_locked_message
+      render :action => 'new'
+      return
+    end
+    
+    model = model_class.find(:first, :conditions => { model_config.key => model_params[model_config.key] },
+                             :include => :passwords)
+    
+    if model && model.password_matches?(model_params[:password])
+      login! model, :remember => remember_me?
+      redirect_back_or_default Auth.default_destination, Auth.login_successful_message
+    else
+      session[:login_failures] = session[:login_failures].to_i + 1
+      if Auth.max_login_failures && session[:login_failures] >= Auth.max_login_failures
+        session[:locked_out_at] = Time.now
+        flash[:error] = Auth.account_locked_message
+      else
+        flash[:error] = Auth.invalid_credentials_message
+      end
+      render :action => "new"
+    end
+  end
+
+  # DELETE model_session_url
+  def destroy
+    logout!(:forget => true)
+    redirect_back_or_default Auth.default_destination, Auth.logout_message
+  end
+  
+  private
+  def remember_me?
+    remembrance = model_params[:remember_me]
+    if remembrance.kind_of?(String)
+      return false if remembrance.blank?
+      return remembrance.to_i != 0
+    elsif remembrance.kind_of?(Numeric)
+      return remembrance != 0
+    else
+      return remembrance
+    end
+  end
+end

data/app/models/password.rb

@@ -0,0 +1,3 @@
+class Password < ActiveRecord::Base
+  unloadable
+end

data/app/models/remembrance_token.rb

@@ -0,0 +1,50 @@
+class RemembranceToken < ActiveRecord::Base
+  unloadable
+  belongs_to :authenticatable, :polymorphic => true
+  validates_presence_of :series_token
+  validates_presence_of :remembrance_token
+  validates_presence_of :authenticatable
+  
+  def value
+    "#{authenticatable_type}|#{authenticatable_id}|#{series_token}|#{remembrance_token}"
+  end
+  
+  def before_validation
+    regenerate if new_record?
+  end
+  
+  def should_equal(remembrance_token)
+    @theft = self.remembrance_token != remembrance_token
+  end
+  
+  def theft?
+    @theft
+  end
+  
+  def regenerate
+    if attributes.keys.include?('series_token')
+      # We need to only ever generate the series token once per record.
+      self.series_token ||= Auth::Token.new.to_s
+    end
+    
+    if attributes.keys.include?('remembrance_token')
+      # We need to regenerate the auth token every time the record is saved.
+      self.remembrance_token = Auth::Token.new.to_s
+    end
+  end
+  
+  class << self
+    def find_by_value(value)
+      authenticatable_type, authenticatable_id, series_token, remembrance_token = *value.split(/\|/)
+      return nil if authenticatable_type.blank? || authenticatable_id.blank? || series_token.blank?
+      
+      token = RemembranceToken.find(:first, :conditions => {
+                :authenticatable_type => authenticatable_type,
+                :authenticatable_id => authenticatable_id,
+                :series_token => series_token
+              })
+      token.should_equal(remembrance_token)
+      token
+    end
+  end
+end

data/app/views/sparkly_accounts/edit.html.erb

@@ -0,0 +1,24 @@
+<%form_for model, :url => model_path do |f|%>
+  <p>
+    <%=f.error_messages%>
+  </p>
+  
+  <p>
+    <%=f.label model_config.key%><br/>
+    <%=f.text_field model_config.key%>
+  </p>
+  
+  <p>
+    <%=f.label :password%><br/>
+    <%=f.password_field :password, :value => ''%>
+  </p>
+  
+  <p>
+    <%=f.label :password_confirmation%><br/>
+    <%=f.password_field :password_confirmation, :value => ''%>
+  </p>
+  
+  <p>
+    <%=f.submit "Update Profile"%>
+  </p>
+<%end%>

data/app/views/sparkly_accounts/new.html.erb

@@ -0,0 +1,24 @@
+<%form_for model, :url => model_path do |f|%>
+  <p>
+    <%=f.error_messages%>
+  </p>
+  
+  <p>
+    <%=f.label model_config.key%><br/>
+    <%=f.text_field model_config.key%>
+  </p>
+  
+  <p>
+    <%=f.label :password%><br/>
+    <%=f.password_field :password, :value => ''%>
+  </p>
+  
+  <p>
+    <%=f.label :password_confirmation%><br/>
+    <%=f.password_field :password_confirmation, :value => ''%>
+  </p>
+  
+  <p>
+    <%=f.submit "Sign up"%>
+  </p>
+<%end%>

data/app/views/sparkly_sessions/new.html.erb

@@ -0,0 +1,22 @@
+<%form_for model, :url => model_session_path do |f|%>
+  <p>
+    <%=f.label model_config.key%><br/>
+    <%=f.text_field model_config.key%>
+  </p>
+  
+  <p>
+    <%=f.label :password%><br/>
+    <%=f.password_field :password, :value => ''%>
+  </p>
+  
+  <%if Auth.remember_me.enabled?%>
+    <p>
+      <%=f.check_box :remember_me, :checked => false%>
+      <%=f.label :remember_me%>
+    </p>
+  <%end%>
+  
+  <p>
+    <%=f.submit "Sign in"%>
+  </p>
+<%end%>

data/dependencies.rb

@@ -0,0 +1 @@
+Rails.configuration.gem "sc-core-ext", :version => ">= 1.2.0"

data/generators/sparkly/USAGE

@@ -0,0 +1,27 @@
+Description:
+    Generates the various aspects of Sparkly Authentication:
+    
+    1. After you've created the model or models on which you wish to
+       authenticate users, you should generate your configuration:
+       
+         script/generate sparkly config
+          
+    2. After editing the generated configuration file to match your
+       goals, you should generate the necessary database migrations:
+        
+         script/generate sparkly migrations
+       
+    3. Other interesting generators:
+        
+         script/generate sparkly controllers
+           Generates resource controllers for each authenticated
+           model, which you can modify independently. Also generates
+           the corresponding views, giving you maximum customization
+           of your app. Not required.
+           
+         script/generate sparkly views
+           Generates views for the authenticated models which you
+           can then modify independently. Not required.
+
+         script/generate sparkly help
+           For much more detailed instructions.

data/generators/sparkly/sparkly_generator.rb

@@ -0,0 +1,76 @@
+class SparklyGenerator < Rails::Generator::NamedBase
+  # I'm still treating this as NamedBase because I'm not sure whether I'll need that in the future.
+  def initialize(args, options = {}) #:nodoc:
+    @options = options
+    unless args.empty?
+      which = args.first
+      @type = which.downcase
+      args << "generic" if nameless_type?
+    end
+    super(args, options)
+  end
+  
+  def manifest
+    record do |m|
+      case @type
+        when *nameless_types then send(@type, m)
+        else raise ArgumentError, "Expected type to be one of #{nameless_types.to_sentence(:connector => 'or ')}"
+      end
+    end
+  end
+  
+  private
+  def help(m)
+    m.directory 'doc'
+    m.file 'help_file.txt', 'doc/sparkly_authentication.txt'
+    logger.log '', File.read(File.join(File.dirname(__FILE__), 'templates/help_file.txt'))
+    logger.quiet = true # we plan to tell the user the file has been saved, so why tell them twice?
+  end
+  
+  def controllers(m)
+    spawn_model_generator(m, Auth::Generators::ControllersGenerator)
+  end
+  
+  def routes(m)
+    spawn_model_generator(m, Auth::Generators::RouteGenerator)
+  end
+  
+  def views(m)
+    spawn_model_generator(m, Auth::Generators::ViewsGenerator)
+  end
+  
+  def migrations(m)
+    spawn_model_generator(m, Auth::Generators::MigrationGenerator)
+  end
+  
+  def config(m)
+    spawn_generator(m, Auth::Generators::ConfigurationGenerator, [])
+  end
+  
+  def spawn_model_generator(manifest, type)
+    each_model do |model|
+      spawn_generator(manifest, type, model)
+    end
+  end
+  
+  def spawn_generator(manifest, type, args)
+    generator = type.new(args, spawned_generator_options)
+    generator.manifest.replay(manifest)
+  end
+  
+  def each_model(&block)
+    Auth.configuration.authenticated_models.each &block
+  end
+  
+  def nameless_type?
+    nameless_types.include? @type
+  end
+  
+  def nameless_types
+    %w(migrations config help views controllers)
+  end
+  
+  def spawned_generator_options
+    options.merge(:source => File.join(source_root), :destination => destination_root)
+  end
+end