thincloud-authentication 0.1.0

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright 2012 New Leaders
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,133 @@
+# Thincloud::Authentication
+
+[![Build Status](https://secure.travis-ci.org/newleaders/thincloud-authentication.png)](http://travis-ci.org/newleaders/thincloud-authentication) [![Code Climate](https://codeclimate.com/badge.png)](https://codeclimate.com/github/newleaders/thincloud-authentication)
+
+## Description
+
+A Rails Engine to provide authentication for Thincloud applications.
+
+## Requirements
+
+This gem requires Rails 3.2+ and has been tested on the following versions:
+
+* 3.2
+
+This gem has been tested against the following Ruby versions:
+
+* MRI 1.9.2
+* MRI 1.9.3
+* JRuby 1.6+ (with `JRUBY_OPTS=--1.9`)
+* Rubinius 2.0.0dev (with `RBXOPT=-X19`)
+
+This gem has been tested against the following database versions:
+
+* MySQL 5.0, 5.5
+* PostgreSQL 9.1, 9.2
+* SQLite 3
+
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+``` ruby
+gem "thincloud-authentication"
+```
+
+* Run `bundle`
+* Copy the migrations and prepare your databases:
+
+```
+$ rake thincloud_authentication:install:migrations db:migrate db:test:prepare
+```
+
+* Mount the engine in your `config/routes.rb` file:
+
+```ruby
+mount Thincloud::Authentication::Engine => "/auth", as: "auth_engine"
+```
+
+Using the example above, you may now login or signup at [http://lvh.me:3000/auth](http://lvh.me:3000/auth).
+
+### Prerequisites
+
+The following must be true for `thincloud-authentication` to operate properly:
+
+* A `root_url` must be defined in `config/routes.rb`
+* A `User` model must exist
+
+
+## Configuration
+
+The `Thincloud::Authentication` module accepts a `configure` block with options to customize the engine behavior.
+
+
+### Mailers
+
+Set the `mailer_sender` option to customize the "From" address of the emails sent from the system:
+
+```ruby
+Thincloud::Authentication.configure do |config|
+  config.mailer_sender = "app@example.com"
+end
+```
+
+
+### Additional provider strategies
+
+Add a key to the `providers` hash with the name of the strategy, followed by additional options for `scopes` and `fields` as needed. Additionally, you will need to provide environment variables (prefixed with the provider name), with the `consumer_key` and `consumer_secret` values from your OAuth provider.
+
+To enable the [LinkedIn](https://github.com/skorks/omniauth-linkedin) provider:
+
+* Provide values for `ENV["LINKEDIN_CONSUMER_KEY"]` and `ENV["LINKEDIN_CONSUMER_SECRET"]`
+* Add the file `config/initializers/thincloud_authentication.rb` with the following contents:
+
+```ruby
+Thincloud::Authentication.configure do |config|
+  config.providers[:linkedin] = {
+    scopes: "r_emailaddress r_basicprofile",
+    fields: ["id", "email-address", "first-name", "last-name", "headline",
+             "industry", "picture-url", "location", "public-profile-url"]
+  }
+end
+```
+
+
+### Vanity Routes
+
+If you want to customize the routes (remove the `/auth` prefix), you may add the following to your `config/routes.rb` file:
+
+```ruby
+get "signup", to: "thincloud/authentication/registrations#new", as: "signup"
+get "login", to: "thincloud/authentication/sessions#new", as: "login"
+delete "logout", to: "thincloud/authentication/sessions#destroy", as: "logout"
+```
+
+Using the example above, you will have the following routes locally:
+
+* `signup_url` points to "/signup"
+* `login_url` points to "/login"
+* `logout_url` points to "/logout" - Make sure to use the `delete` method to logout.
+
+
+## TODO
+
+* Add "forgot password" functionality
+* Add multiple, configurable strategy options
+* Add a configuration option to customize the mailers
+
+
+## Contributing
+
+1. [Fork it](https://github.com/newleaders/thincloud-authentication/fork_select)
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Added some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. [Create a Pull Request](https://github.com/newleaders/thincloud-authentication/pull/new)
+
+
+## License
+
+* Freely distributable and licensed under the [MIT license](http://newleaders.mit-license.org/2012/license.html).
+* Copyright (c) 2012 New Leaders ([opensource@newleaders.com](opensource@newleaders.com))
+* [https://newleaders.com](https://newleaders.com)

data/Rakefile

@@ -0,0 +1,40 @@
+#!/usr/bin/env rake
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+begin
+  require 'rdoc/task'
+rescue LoadError
+  require 'rdoc/rdoc'
+  require 'rake/rdoctask'
+  RDoc::Task = Rake::RDocTask
+end
+
+RDoc::Task.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'Thincloud::Authentication'
+  rdoc.options << '--line-numbers'
+  rdoc.rdoc_files.include('README.rdoc')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+APP_RAKEFILE = File.expand_path("../test/dummy/Rakefile", __FILE__)
+load 'rails/tasks/engine.rake'
+
+
+
+Bundler::GemHelper.install_tasks
+
+require 'rake/testtask'
+
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'lib'
+  t.libs << 'test'
+  t.pattern = 'test/**/*_test.rb'
+  t.verbose = false
+end
+
+
+task :default => :test

data/app/assets/javascripts/thincloud/authentication/application.js

@@ -0,0 +1,15 @@
+// This is a manifest file that'll be compiled into application.js, which will include all the files
+// listed below.
+//
+// Any JavaScript/Coffee file within this directory, lib/assets/javascripts, vendor/assets/javascripts,
+// or vendor/assets/javascripts of plugins, if any, can be referenced here using a relative path.
+//
+// It's not advisable to add code directly here, but if you do, it'll appear at the bottom of the
+// the compiled file.
+//
+// WARNING: THE FIRST BLANK LINE MARKS THE END OF WHAT'S TO BE PROCESSED, ANY BLANK LINE SHOULD
+// GO AFTER THE REQUIRES BELOW.
+//
+//= require jquery
+//= require jquery_ujs
+//= require_tree .

data/app/assets/stylesheets/thincloud/authentication/application.css

@@ -0,0 +1,13 @@
+/*
+ * This is a manifest file that'll be compiled into application.css, which will include all the files
+ * listed below.
+ *
+ * Any CSS and SCSS file within this directory, lib/assets/stylesheets, vendor/assets/stylesheets,
+ * or vendor/assets/stylesheets of plugins, if any, can be referenced here using a relative path.
+ *
+ * You're free to add application-wide styles to this file and they'll appear at the top of the
+ * compiled file, but it's generally better to create a new file per style scope.
+ *
+ *= require_self
+ *= require_tree .
+ */

data/app/controllers/thincloud/authentication/application_controller.rb

@@ -0,0 +1,6 @@
+module Thincloud::Authentication
+  # Public: Primary controller settings and helpers for the engine.
+  class ApplicationController < ActionController::Base
+    layout "application"
+  end
+end

data/app/controllers/thincloud/authentication/registrations_controller.rb

@@ -0,0 +1,90 @@
+require_dependency "thincloud/authentication/application_controller"
+
+module Thincloud::Authentication
+  # Public: Handle OmniAuth callbacks.
+  class RegistrationsController < ApplicationController
+    before_filter :extract_identity, only: :create
+
+    def new
+      @identity = Identity.new
+    end
+
+    def create
+      # identity exists
+      if @identity.present?
+        login_as @identity.user
+        redirect_to main_app.root_url, notice: "You have been logged in."
+      # new identity for current_user
+      elsif current_user
+        add_omniauth_identity_to_current_user
+        redirect_to main_app.root_url, notice: "You have been logged in."
+      # failed identity login
+      elsif invalid_identity_credentials?
+        redirect_to auth_failure_url message: "invalid_credentials",
+                                     strategy: "identity"
+      # create a new identity
+      else
+        @identity = create_identity_from_request
+        render :new and return if @identity.errors.any?
+
+        if omniauth
+          login_as @identity.user
+        else
+          RegistrationsMailer.verification_token(@identity).deliver
+          flash[:alert] = "Check your email to verify your registration."
+        end
+        redirect_to main_app.root_url
+      end
+    end
+
+    def verify
+      identity = Identity.verify!(params[:token])
+      login_as identity.user
+      redirect_to main_app.root_url,
+        notice: "Thank you! Your registration has been verified."
+    end
+
+  private
+
+    # Private: Accessor for OmniAuth environment.
+    #
+    # Returns: An instance of `OmniAuth::InfoHash` or `nil`.
+    def omniauth
+      request.env["omniauth.auth"]
+    end
+
+    # Private: Set an instance varible if an `Identity` if present.
+    #
+    # Returns: An instance of `Identity` or `nil`.
+    def extract_identity
+      @identity = Identity.find_omniauth(omniauth) if omniauth
+    end
+
+    # Private: Determine if the request is from an invalid Identity login.
+    #
+    # Returns: Boolean.
+    def invalid_identity_credentials?
+      params[:provider] == "identity" && params.has_key?(:auth_key)
+    end
+
+    # Private: Add a new identity to the `current_user` from OmniAuth.
+    #
+    # Returns: Boolean.
+    def add_omniauth_identity_to_current_user
+      current_user.identities.build.apply_omniauth(omniauth).save
+    end
+
+    # Private: Create a new identity from submitted params or OmniAuth.
+    #
+    # Returns: An instance of `Identity`.
+    def create_identity_from_request
+      # params[:identity] exists when creating a local identity provider
+      Identity.new(params[:identity]).tap do |identity|
+        identity.user = User.create
+        # omniauth exists if coming from a 3rd party provider like LinkedIn
+        identity.apply_omniauth(omniauth) if omniauth
+        identity.save
+      end
+    end
+  end
+end

data/app/controllers/thincloud/authentication/sessions_controller.rb

@@ -0,0 +1,23 @@
+require_dependency "thincloud/authentication/application_controller"
+
+module Thincloud::Authentication
+  # Public: Handle login/logout behavior.
+  class SessionsController < ApplicationController
+    before_filter :authenticate!, only: [:authenticated]
+
+    def new
+      redirect_to main_app.root_url if logged_in?
+      @identity = Identity.new
+    end
+
+    def destroy
+      logout
+      redirect_to main_app.root_url, notice: "You have been logged out."
+    end
+
+    def authenticated
+      # dummy method to test the :authenticate! before_filter
+      render text: "Authenticated!"
+    end
+  end
+end

data/app/helpers/thincloud/authentication/registrations_helper.rb

@@ -0,0 +1,9 @@
+module Thincloud::Authentication
+  module RegistrationsHelper
+
+    def form_error_class_for(form, field)
+      "error" if form.object.errors[field].present?
+    end
+
+  end
+end

data/app/mailers/thincloud/authentication/registrations_mailer.rb

@@ -0,0 +1,12 @@
+module Thincloud::Authentication
+  # Public: Email methods for Registration events
+  class RegistrationsMailer < ActionMailer::Base
+    default from: Thincloud::Authentication.configuration.mailer_sender
+
+    # New registration verification token
+    def verification_token(identity)
+      @identity = identity
+      mail to: @identity.email, subject: "Identity Verification"
+    end
+  end
+end

data/app/models/thincloud/authentication/identity.rb

@@ -0,0 +1,80 @@
+module Thincloud::Authentication
+  # Public: This class represents a User identity (name, email, login provider)
+  class Identity < ::OmniAuth::Identity::Models::ActiveRecord
+    belongs_to :user
+
+    # Limit the ability to mass-assign sensitive fields.
+    attr_accessible :name, :email, :password, :password_confirmation
+
+    validates :name, presence: true
+    validates :email, presence: true, uniqueness: true, format: /@/
+
+    # Ensure that a `verification_token` exists for new records.
+    after_initialize do
+      self.verification_token = SecureRandom.urlsafe_base64 if new_record?
+    end
+
+    # Only validate password if the 'provider' is 'identity'.
+    before_validation do
+      self.password_digest = 0 unless provider == "identity"
+    end
+
+    # Public: Use a helpful attribute name when displaying errors.
+    def self.human_attribute_name(attr, options={})
+      attr == :password_digest ? "Password" : super
+    end
+
+    # Public: Find an `Identity` by OmniAuth parameters.
+    #
+    # omniauth - An instance of `OmniAuth::AuthHash`
+    #
+    # Returns: An instance of `Identity` or `nil`.
+    def self.find_omniauth(omniauth)
+      find_by_provider_and_uid omniauth["provider"], omniauth["uid"]
+    end
+
+    # Public: Mark the `Identity` as having been verified.
+    #
+    # token - A String containing the `verification_token` to look up.
+    #
+    # Returns: An instance of the found `Identity`.
+    # Raises: ActiveRecord::RecordNotFound if the `token` cannot be retrieved.
+    def self.verify!(token)
+      find_by_verification_token!(token).tap do |identity|
+        # ensure 'uid' exists, needed for 'identity' provider
+        identity.uid = identity.id if identity.uid.blank?
+        identity.verification_token = nil
+        identity.verified_at = Time.zone.now
+        identity.save
+      end
+    end
+
+    # Public: Shim to overcome odd behavior seen during testing with SQLite
+    def uid
+      read_attribute :uid
+    end
+
+    # Public: Indicate if the `Identity` has been verified.
+    #
+    # Returns: Boolean.
+    def verified?
+      verification_token.blank? && verified_at.present?
+    end
+
+    # Public: Apply attributes returned from OmniAuth.
+    #
+    # omniauth - An instance of `OmniAuth::AuthHash`.
+    def apply_omniauth(omniauth)
+      info = omniauth["info"]
+
+      user_name = %Q(#{info["first_name"]} #{info["last_name"]})
+      user_name.gsub!(/\s+/, " ").strip!
+
+      self.provider = omniauth["provider"]
+      self.uid      = omniauth["uid"]
+      self.name     = user_name if self.name.blank?
+      self.email    = info["email"] if info["email"] && self.email.blank?
+      self
+    end
+  end
+end

data/app/views/thincloud/authentication/layouts/application.html.erb

@@ -0,0 +1,14 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>Thincloud::Authentication</title>
+  <%= stylesheet_link_tag    "thincloud/authentication/application", :media => "all" %>
+  <%= javascript_include_tag "thincloud/authentication/application" %>
+  <%= csrf_meta_tags %>
+</head>
+<body>
+
+<%= yield %>
+
+</body>
+</html>

data/app/views/thincloud/authentication/registrations/_registration_form.html.erb

@@ -0,0 +1,69 @@
+<%= form_for @identity, url: registrations_path, html: { class: "form-horizontal" } do |f| %>
+  <fieldset>
+    <legend>Register</legend>
+
+    <% if @identity.errors.any? %>
+    <div class="alert alert-block alert-error">
+      <h4><i class="icon-warning-sign"></i> Error</h4>
+      Please check the following <%= pluralize @identity.errors.size, "item" %>:
+    </div>
+    <% end %>
+
+    <div class="control-group <%= form_error_class_for(f, :name) %>">
+      <%= f.label :name, "Name", class: "control-label" %>
+      <div class="controls">
+        <div class="input-prepend">
+          <span class="add-on"><i class="icon-user"></i></span>
+          <%= f.text_field :name %>
+        </div>
+        <%= content_tag :span, "#{:name.to_s.humanize} #{f.object.errors[:name].to_sentence}", class: "help-inline" %>
+      </div>
+    </div>
+
+
+    <div class="control-group <%= form_error_class_for(f, :email) %>">
+      <%= f.label :email, "Email", class: "control-label" %>
+      <div class="controls">
+        <div class="input-prepend">
+          <span class="add-on"><i class="icon-envelope"></i></span>
+          <%= f.email_field :email %>
+        </div>
+        <%= content_tag :span, "#{:email.to_s.humanize} #{f.object.errors[:email].to_sentence}", class: "help-inline" %>
+      </div>
+    </div>
+
+    <div class="control-group <%= form_error_class_for(f, :password_digest) %>">
+      <%= f.label :password, "Password", class: "control-label" %>
+      <div class="controls">
+        <div class="input-prepend">
+          <span class="add-on"><i class="icon-lock"></i></span>
+          <%= f.password_field :password %>
+        </div>
+        <%= content_tag :span, "#{:password.to_s.humanize} #{f.object.errors[:password_digest].to_sentence}", class: "help-inline" %>
+      </div>
+    </div>
+
+    <div class="control-group <%= form_error_class_for(f, :password) %>">
+      <%= f.label :password_confirmation, "Confirmation", class: "control-label" %>
+      <div class="controls">
+        <div class="input-prepend">
+          <span class="add-on"><i class="icon-lock"></i></span>
+          <%= f.password_field :password_confirmation %>
+        </div>
+        <%= content_tag :span, "#{:password.to_s.humanize} #{f.object.errors[:password].to_sentence}", class: "help-inline" %>
+      </div>
+    </div>
+
+    <div class="control-group">
+      <div class="controls">
+        <%= button_tag type: "submit", class: "btn btn-large btn-primary" do %>
+          <i class="icon-ok icon-white"></i> Register
+        <% end %>
+
+        <%= link_to root_url, class: "btn btn-large" do %>
+          <i class="icon-remove"></i> Cancel
+        <% end %>
+      </div>
+    </div>
+  </fieldset>
+<% end %>

data/app/views/thincloud/authentication/registrations/new.html.erb

@@ -0,0 +1 @@
+<%= render "registration_form" %>

data/app/views/thincloud/authentication/registrations_mailer/verification_token.text.erb

@@ -0,0 +1,5 @@
+Welcome <%= @identity.email %>!
+
+You can verify your account through the link below:
+
+<%= verify_token_url(token: @identity.verification_token) %>

data/app/views/thincloud/authentication/sessions/_login_form.html.erb

@@ -0,0 +1,46 @@
+<%= form_tag auth_callback_url(provider: "identity"), class: "form-horizontal" do %>
+  <fieldset>
+    <legend>Login</legend>
+
+    <% if params[:message].present? %>
+    <div class="alert alert-block alert-error">
+      <h4><i class="icon-warning-sign"></i> Error</h4>
+      <%= params[:message].humanize %>
+    </div>
+    <% end %>
+
+    <div class="control-group">
+      <%= label_tag :auth_key, "Email", class: "control-label" %>
+      <div class="controls">
+        <div class="input-prepend">
+          <span class="add-on"><i class="icon-envelope"></i></span>
+          <%= email_field_tag :auth_key, params[:auth_key] %>
+        </div>
+      </div>
+    </div>
+
+    <div class="control-group">
+      <%= label_tag :password, "Password", class: "control-label" %>
+      <div class="controls">
+        <div class="input-prepend">
+          <span class="add-on"><i class="icon-lock"></i></span>
+          <%= password_field_tag :password %>
+        </div>
+      </div>
+    </div>
+
+    <div class="control-group">
+      <div class="controls">
+        <%= button_tag type: "submit", class: "btn btn-large btn-primary" do %>
+          <i class="icon-ok icon-white"></i> Login
+        <% end %>
+
+        or
+
+        <%= link_to signup_url, class: "btn btn-large" do %>
+          <i class="icon-user"></i> Signup
+        <% end %>
+      </div>
+    </div>
+  </fieldset>
+<% end %>

data/app/views/thincloud/authentication/sessions/new.html.erb

@@ -0,0 +1,22 @@
+<div class="tabbable">
+  <ul class="nav nav-tabs">
+    <li class="active">
+      <a href="#login" data-toggle="tab"><i class="icon-lock"></i> Login</a>
+    </li>
+    <li>
+      <a href="#register" data-toggle="tab"><i class="icon-user"></i> Register</a>
+    </li>
+  </ul>
+
+  <div class="tab-content">
+    <!-- Login -->
+    <div class="tab-pane active" id="login">
+      <%= render "login_form" %>
+    </div>
+
+    <!-- Register -->
+    <div class="tab-pane" id="register">
+      <%= render "thincloud/authentication/registrations/registration_form" %>
+    </div>
+  </div>
+</div>

data/config/routes.rb

@@ -0,0 +1,14 @@
+Thincloud::Authentication::Engine.routes.draw do
+  match ":provider/callback" => "registrations#create", as: "auth_callback"
+  get "failure", to: "sessions#new", as: "auth_failure"
+
+  get "login", to: "sessions#new", as: "login"
+  delete "logout", to: "sessions#destroy", as: "logout"
+  get "authenticated", to: "sessions#authenticated"
+
+  resources :registrations, only: [:new, :create]
+  get "signup", to: "registrations#new", as: "signup"
+  get "verify/:token", to: "registrations#verify", as: "verify_token"
+
+  root to: "sessions#new"
+end

data/db/migrate/20120918233329_create_thincloud_authentication_identities.rb

@@ -0,0 +1,19 @@
+class CreateThincloudAuthenticationIdentities < ActiveRecord::Migration
+  def change
+    create_table :thincloud_authentication_identities do |t|
+      t.integer :user_id, null: false
+      t.string :provider, null: false, default: "identity"
+      t.string :uid
+      t.string :name, null: false
+      t.string :email, null: false
+      t.string :password_digest, null: false
+      t.string :verification_token
+      t.datetime :verified_at
+
+      t.timestamps
+    end
+    add_index :thincloud_authentication_identities, :user_id
+    add_index :thincloud_authentication_identities, [:provider, :uid], unique: true
+    add_index :thincloud_authentication_identities, :email
+  end
+end

data/lib/tasks/thincloud-authentication_tasks.rake

@@ -0,0 +1,4 @@
+# desc "Explaining what the task does"
+# task :thincloud-authentication do
+#   # Task goes here
+# end

data/lib/thincloud-authentication.rb

@@ -0,0 +1,9 @@
+require "thincloud/authentication/configuration"
+require "thincloud/authentication/engine"
+require "thincloud/authentication/authenticatable_controller"
+require "thincloud/authentication/identifiable_user"
+
+module Thincloud
+  module Authentication
+  end
+end

data/lib/thincloud/authentication/authenticatable_controller.rb

@@ -0,0 +1,64 @@
+module Thincloud
+  module Authentication
+
+    module AuthenticatableController
+      extend ActiveSupport::Concern
+
+      included do
+        helper_method :current_user
+        helper_method :logged_in?
+      end
+
+    protected
+
+      # Protected: The user that is currently logged in.
+      #
+      # This method is also available as a view helper.
+      #
+      # Returns: An instance of `User` or `nil`.
+      def current_user
+        return nil if session[:uid].blank?
+        @current_user ||= User.find(session[:uid])
+      end
+
+      # Protected:  Determine if the current request has a logged in user.
+      #
+      # This method is also available as a view helper.
+      #
+      # Returns: Boolean.
+      def logged_in?
+        current_user.present?
+      end
+
+      # Protected: Require an authenticated user to perform an action.
+      #
+      # Use in a `before_filter`.
+      #
+      # Returns: Redirect if not logged in, otherwise `nil`.
+      def authenticate!
+        unless logged_in?
+          redirect_to login_url, alert: "You must be logged in to continue."
+        end
+      end
+
+      # Protected: Set the `current_user` to the provided `User` instance.
+      #
+      # user - An instance of `User` that has been authenticated.
+      #
+      # Returns: The `id` of the provided user.
+      def login_as(user)
+        reset_session  # avoid session fixation
+        session[:uid] = user.id
+      end
+
+      # Protected: Clear the session of an authenticated user.
+      #
+      # Returns: A new empty session instance.
+      def logout
+        reset_session
+      end
+
+    end
+
+  end
+end

data/lib/thincloud/authentication/configuration.rb

@@ -0,0 +1,20 @@
+module Thincloud::Authentication
+  class << self
+    attr_accessor :configuration
+  end
+
+  def self.configure
+    self.configuration ||= Configuration.new
+    yield configuration
+  end
+
+  # Public: Configuration options for the Thincloud::Authentication module
+  class Configuration
+    attr_accessor :providers, :mailer_sender
+
+    def initialize
+      @providers = {}
+      @mailer_sender = "app@example.com"
+    end
+  end
+end

data/lib/thincloud/authentication/engine.rb

@@ -0,0 +1,67 @@
+module Thincloud
+  module Authentication
+    # Public: Initialize the Rails engine
+    class Engine < ::Rails::Engine
+      isolate_namespace Thincloud::Authentication
+
+      initializer "thincloud.authentication.omniauth.middleware" do |app|
+        require "omniauth"
+        require "omniauth-identity"
+
+        config = Thincloud::Authentication.configuration || Configuration.new
+        strategies = config.providers.keys
+        strategies.each { |strategy| require "omniauth-#{strategy}" }
+
+        app.middleware.use ::OmniAuth::Builder do
+
+          # always provide the Identity strategy
+          provider :identity, fields: [:email], model: Identity,
+            on_failed_registration: RegistrationsController.action(:new)
+
+          strategies.each do |strategy|
+            provider strategy, ENV["#{strategy.to_s.upcase}_CONSUMER_KEY"],
+              ENV["#{strategy.to_s.upcase}_CONSUMER_SECRET"],
+              fields: config.providers[strategy][:fields],
+              scope: config.providers[strategy][:scopes]
+          end
+        end
+      end
+
+      initializer "thincloud.authentication.omniauth.logger" do
+        ::OmniAuth.config.logger = ::Rails.logger
+      end
+
+      initializer "thincloud.authentication.omniauth.failure_endpoint" do
+        ::OmniAuth.config.on_failure = -> env do
+          ::OmniAuth::FailureEndpoint.new(env).redirect_to_failure
+        end
+      end
+
+      initializer "thincloud.authentication.omniauth.identity_redirects" do
+        # override default omniauth-identity forms
+        class ::OmniAuth::Strategies::Identity
+          def registration_form
+            redirect "/signup"
+          end
+
+          def request_phase
+            redirect "/login"
+          end
+        end
+      end
+
+      initializer "thincloud.authentication.user" do
+        ::User.send :include, Thincloud::Authentication::IdentifiableUser
+      end
+
+      initializer "thincloud.authentication.action_controller" do
+        ActionController::Base.send :include,
+          Thincloud::Authentication::AuthenticatableController
+      end
+
+      config.generators do |g|
+        g.test_framework :mini_test, spec: true, fixture: false
+      end
+    end
+  end
+end

data/lib/thincloud/authentication/identifiable_user.rb

@@ -0,0 +1,9 @@
+module Thincloud::Authentication
+  module IdentifiableUser
+    extend ActiveSupport::Concern
+
+    included do
+      has_many :identities, class_name: "Thincloud::Authentication::Identity"
+    end
+  end
+end

data/lib/thincloud/authentication/version.rb

@@ -0,0 +1,5 @@
+module Thincloud
+  module Authentication
+    VERSION = "0.1.0"
+  end
+end

metadata

@@ -0,0 +1,287 @@
+--- !ruby/object:Gem::Specification
+name: thincloud-authentication
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+  prerelease: 
+platform: ruby
+authors:
+- Phil Cohen
+- Robert Bousquet
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2012-09-23 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 3.2.8
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 3.2.8
+- !ruby/object:Gem::Dependency
+  name: omniauth
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 1.1.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 1.1.1
+- !ruby/object:Gem::Dependency
+  name: omniauth-identity
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 1.1.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 1.1.0
+- !ruby/object:Gem::Dependency
+  name: omniauth-linkedin
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.0.8
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.0.8
+- !ruby/object:Gem::Dependency
+  name: cane
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 2.3.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 2.3.0
+- !ruby/object:Gem::Dependency
+  name: guard
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 1.3.3
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 1.3.3
+- !ruby/object:Gem::Dependency
+  name: minitest
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 3.4.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 3.4.0
+- !ruby/object:Gem::Dependency
+  name: guard-minitest
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.5.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.5.0
+- !ruby/object:Gem::Dependency
+  name: minitest-rails
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.1.3
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.1.3
+- !ruby/object:Gem::Dependency
+  name: minitest-rails-shoulda
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.1.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.1.0
+- !ruby/object:Gem::Dependency
+  name: rb-fsevent
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.9.1
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.9.1
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.6.4
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.6.4
+- !ruby/object:Gem::Dependency
+  name: mocha
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.12.4
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.12.4
+description: Rails Engine to provide authentication for Thincloud applications
+email:
+- pcohen@newleaders.com
+- rbousquet@newleaders.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- app/assets/javascripts/thincloud/authentication/application.js
+- app/assets/stylesheets/thincloud/authentication/application.css
+- app/controllers/thincloud/authentication/application_controller.rb
+- app/controllers/thincloud/authentication/registrations_controller.rb
+- app/controllers/thincloud/authentication/sessions_controller.rb
+- app/helpers/thincloud/authentication/registrations_helper.rb
+- app/mailers/thincloud/authentication/registrations_mailer.rb
+- app/models/thincloud/authentication/identity.rb
+- app/views/thincloud/authentication/layouts/application.html.erb
+- app/views/thincloud/authentication/registrations/_registration_form.html.erb
+- app/views/thincloud/authentication/registrations/new.html.erb
+- app/views/thincloud/authentication/registrations_mailer/verification_token.text.erb
+- app/views/thincloud/authentication/sessions/_login_form.html.erb
+- app/views/thincloud/authentication/sessions/new.html.erb
+- config/routes.rb
+- db/migrate/20120918233329_create_thincloud_authentication_identities.rb
+- lib/tasks/thincloud-authentication_tasks.rake
+- lib/thincloud/authentication/authenticatable_controller.rb
+- lib/thincloud/authentication/configuration.rb
+- lib/thincloud/authentication/engine.rb
+- lib/thincloud/authentication/identifiable_user.rb
+- lib/thincloud/authentication/version.rb
+- lib/thincloud-authentication.rb
+- MIT-LICENSE
+- Rakefile
+- README.md
+homepage: https://github.com/newleaders/thincloud-authentication
+licenses: []
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+      segments:
+      - 0
+      hash: 3364386958863775653
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+      segments:
+      - 0
+      hash: 3364386958863775653
+requirements: []
+rubyforge_project: 
+rubygems_version: 1.8.24
+signing_key: 
+specification_version: 3
+summary: Rails Engine to provide authentication for Thincloud applications
+test_files: []