twitter-auth-with-mongo-mapper 0.0.9

data/CHANGELOG.markdown

@@ -0,0 +1,11 @@
+Change Log
+==========
+
+== 0.1.22 - June 19, 2009
+
+- Merged in @pengwynn's OAuth 1.0a support patch. Thanks!
+
+== 0.1.19 - April 23, 2009
+
+- Added this changelog to keep track of additions to TwitterAuth
+- All authentication is now keyed via `id` instead of `screen_name`

data/README.markdown

@@ -0,0 +1,5 @@
+TwitterAuth is an awesome gem written by mbleigh, which you can check out [here](http://github.com/mbleigh/twitter-auth/).
+
+MongoMapper is an awesome gem written by jnunemaker, which you can check out [here](http://github.com/jnunemaker).
+
+This was a proof of concept for using them together. Really very little needed to be changed.

data/Rakefile

@@ -0,0 +1,31 @@
+require 'rake'
+require 'spec/rake/spectask'
+
+desc 'Default: run specs.'
+task :default => :spec
+
+desc 'Run the specs'
+Spec::Rake::SpecTask.new(:spec) do |t|
+  t.spec_opts = ['--colour --format progress --loadby mtime --reverse']
+  t.spec_files = FileList['spec/**/*_spec.rb']
+end
+
+begin
+  require 'jeweler'
+  Jeweler::Tasks.new do |s|
+    s.name = "twitter-auth-with-mongo-mapper"
+    s.summary = "TwitterAuth is a Rails plugin gem that provides Single Sign-On capabilities for Rails applications via Twitter."
+    s.email = "michael@intridea.com"
+    s.homepage = "http://github.com/mbleigh/twitter-auth"
+    s.description = "TwitterAuth is a Rails plugin gem that provides Single Sign-On capabilities for Rails applications via Twitter. Both OAuth and HTTP Basic are supported."
+s.files =  FileList["[A-Z]*", "{bin,generators,lib,spec,config,app,rails}/**/*"] - FileList["**/*.log"]
+    
+    s.authors = ["Michael Bleigh"]
+    s.add_dependency('oauth', '>= 0.3.1')
+    s.add_dependency('ezcrypto', '>= 0.7.2')
+    s.rubyforge_project = 'twitter-auth'
+  end
+rescue LoadError
+  puts "Jeweler not available. Install it with: sudo gem install technicalpickles-jeweler -s http://gems.github.com"
+end
+

data/VERSION.yml

@@ -0,0 +1,4 @@
+--- 
+:patch: 9
+:major: 0
+:minor: 0

data/app/controllers/sessions_controller.rb

@@ -0,0 +1,81 @@
+class SessionsController < ApplicationController
+  #unloadable
+
+  def new
+    if TwitterAuth.oauth?
+      oauth_callback = request.protocol + request.host_with_port + '/oauth_callback'
+      @request_token = TwitterAuth.consumer.get_request_token({:oauth_callback=>oauth_callback})
+      session[:request_token] = @request_token.token
+      session[:request_token_secret] = @request_token.secret
+     
+      url = @request_token.authorize_url
+      url << "&oauth_callback=#{CGI.escape(TwitterAuth.oauth_callback)}" if TwitterAuth.oauth_callback?      
+      redirect_to url
+    else
+      # we don't have to do anything, it's just a simple form for HTTP basic!
+    end
+  end
+
+  def create
+    logout_keeping_session!
+    if user = User.authenticate(params[:login], params[:password])
+      self.current_user = user
+      authentication_succeeded and return
+    else
+      authentication_failed('Unable to verify your credentials through Twitter. Please try again.', '/login') and return
+    end
+  end
+
+  def oauth_callback
+    unless session[:request_token] && session[:request_token_secret] 
+      authentication_failed('No authentication information was found in the session. Please try again.') and return
+    end
+
+   unless params[:oauth_token].blank? || session[:request_token] ==  params[:oauth_token]
+     authentication_failed('Authentication information does not match session information. Please try again.') and return
+   end
+
+    @request_token = OAuth::RequestToken.new(TwitterAuth.consumer, session[:request_token], session[:request_token_secret])
+
+    oauth_verifier = params["oauth_verifier"]
+    @access_token = @request_token.get_access_token(:oauth_verifier => oauth_verifier)
+    
+    # The request token has been invalidated
+    # so we nullify it in the session.
+    session[:request_token] = nil
+    session[:request_token_secret] = nil
+
+    @user = User.identify_or_create_from_access_token(@access_token)
+    
+    if @user.onboard_status == 0
+        authentication_failed("You need to be vowched for before you can sign up.")
+    elsif @user.onboard_status == 1
+        @user.update_attributes(:onboard_status => 2)
+        session[:user_id] = @user.id    
+        cookies[:remember_token] = { :value => @user.remember_me, :expires => 1.year.from_now}
+        onboard_user 
+    else    
+      session[:user_id] = @user.id    
+      cookies[:remember_token] = { :value => @user.remember_me, :expires => 1.year.from_now}    
+      if @user.onboard_status == 2
+        #onboard_user       
+        authentication_succeeded   
+      else        
+        authentication_succeeded       
+      end    
+    end
+    
+  rescue Net::HTTPServerException => e
+    case e.message
+      when '401 "Unauthorized"'
+        authentication_failed('This authentication request is no longer valid. Please try again.') and return
+      else
+        authentication_failed('There was a problem trying to authenticate you. Please try again.') and return
+    end 
+  end
+  
+  def destroy
+    logout_keeping_session!
+    redirect_back_or_default('/')
+  end
+end

data/app/models/twitter_auth/basic_user.rb

@@ -0,0 +1,64 @@
+require 'net/http'
+
+module TwitterAuth
+  module BasicUser
+    def self.included(base)
+      base.class_eval do
+        attr_accessor :crypted_password, :salt
+      end
+
+      base.extend TwitterAuth::BasicUser::ClassMethods
+    end
+
+    module ClassMethods
+      def verify_credentials(login, password)
+        response = TwitterAuth.net.start { |http|
+          request = Net::HTTP::Get.new('/account/verify_credentials.json')
+          request.basic_auth login, password
+          http.request(request)
+        }
+
+        if response.code == '200'
+          JSON.parse(response.body)
+        else
+          false
+        end
+      end
+
+      def authenticate(login, password)
+        if twitter_hash = verify_credentials(login, password)
+          user = identify_or_create_from_twitter_hash_and_password(twitter_hash, password)
+          user
+        else
+          nil
+        end
+      end
+
+      def identify_or_create_from_twitter_hash_and_password(twitter_hash, password)
+        if user = User.find_by_twitter_id(twitter_hash['id'].to_s)
+          user.login = twitter_hash['screen_name']
+          user.assign_twitter_attributes(twitter_hash)
+          user.password = password
+          user.save
+          user
+        else
+          user = User.new_from_twitter_hash(twitter_hash)
+          user.password = password
+          user.save
+          user
+        end
+      end
+    end
+   
+    def password=(new_password)
+      encrypted = TwitterAuth::Cryptify.encrypt(new_password)
+      self.crypted_password = encrypted[:encrypted_data]
+      self.salt = encrypted[:salt]
+    end
+
+    def password
+      TwitterAuth::Cryptify.decrypt(self.crypted_password, self.salt)
+    end
+  end
+end
+

data/app/models/twitter_auth/generic_user.rb

@@ -0,0 +1,135 @@
+module TwitterAuth
+  class GenericUser
+    include MongoMapper::Document
+    
+    attr_accessor :twitter_id, :remember_token, :remember_token_expires_at
+    
+   key :access_secret, String 
+   key :access_token, String 
+   key :created_at, String 
+   key :crypted_password, String 
+   key :description, String 
+   key :favourites_count, String 
+   key :followers_count, String 
+   key :friends_count, String 
+   key :location, String 
+   key :login, String 
+   key :name, String 
+   key :profile_background_color, String 
+   key :profile_background_image_url, String 
+   key :profile_background_tile, String 
+   key :profile_image_url, String 
+   key :profile_link_color, String 
+   key :profile_sidebar_border_color, String 
+   key :profile_sidebar_fill_color, String 
+   key :profile_text_color, String 
+   key :protected, String 
+   key :remember_token, String 
+   key :remember_token_expires_at, String 
+   key :salt, String 
+   key :statuses_count, String 
+   key :time_zone, String 
+   key :twitter_id, String 
+   key :updated_at, String 
+   key :url, String 
+   key :utc_offset, String 
+    
+    TWITTER_ATTRIBUTES = [
+      :name,
+      :location,
+      :description,
+      :profile_image_url,
+      :url,
+      :protected,
+      :profile_background_color,
+      :profile_sidebar_fill_color,
+      :profile_link_color,
+      :profile_sidebar_border_color,
+      :profile_text_color,
+      :profile_background_image_url,
+      :profile_background_tile,
+      :friends_count,
+      :statuses_count,
+      :followers_count,      
+      :favourites_count,
+      :time_zone,
+      :utc_offset
+    ]
+    
+    with_options :if => :utilize_default_validations do |v|
+      # v.validates_presence_of :login, :twitter_id
+      #       v.validates_format_of :login, :with => /\A[a-z0-9_]+\z/i
+      #       v.validates_length_of :login, :in => 1..15
+      #       v.validates_uniqueness_of :login, :case_sensitive => false
+      #       v.validates_uniqueness_of :twitter_id, :message => "ID has already been taken."
+      #       v.validates_uniqueness_of :remember_token, :allow_blank => true
+    end
+    
+    def self.table_name; 'users' end
+
+    def self.new_from_twitter_hash(hash)
+      raise ArgumentError, 'Invalid hash: must include screen_name.' unless hash.key?('screen_name')
+
+      raise ArgumentError, 'Invalid hash: must include id.' unless hash.key?('id')
+
+      user = User.new
+      user.twitter_id = hash['id'].to_s
+      user.login = hash['screen_name']
+
+      TWITTER_ATTRIBUTES.each do |att|
+        user.send("#{att}=", hash[att.to_s]) if user.respond_to?("#{att}=")
+      end
+
+      user
+    end
+
+    def self.from_remember_token(token)
+      first(:conditions => ["remember_token = ? AND remember_token_expires_at > ?", token, Time.now])
+    end
+      
+    def assign_twitter_attributes(hash)
+      TWITTER_ATTRIBUTES.each do |att|
+        send("#{att}=", hash[att.to_s]) if respond_to?("#{att}=")
+      end
+    end
+
+    def update_twitter_attributes(hash)
+      assign_twitter_attributes(hash)
+      save
+    end
+
+    if TwitterAuth.oauth?
+      include TwitterAuth::OauthUser
+    else
+      include TwitterAuth::BasicUser
+    end
+
+    def utilize_default_validations
+      true
+    end
+
+    def twitter
+      if TwitterAuth.oauth?
+        TwitterAuth::Dispatcher::Oauth.new(self)
+      else
+        TwitterAuth::Dispatcher::Basic.new(self)
+      end
+    end
+
+    def remember_me
+      return false unless respond_to?(:remember_token)
+
+      self.remember_token = ActiveSupport::SecureRandom.hex(10)
+      self.remember_token_expires_at = Time.now + TwitterAuth.remember_for.days
+      
+      save
+
+      {:value => self.remember_token, :expires => self.remember_token_expires_at}
+    end
+
+    def forget_me
+      self.remember_token = self.remember_token_expires_at = nil
+      self.save
+    end
+  end
+end

data/app/models/twitter_auth/oauth_user.rb

@@ -0,0 +1,50 @@
+module TwitterAuth
+  module OauthUser
+    def self.included(base)
+      base.class_eval do
+        attr_accessor :access_token, :access_secret
+      end
+
+      base.extend TwitterAuth::OauthUser::ClassMethods
+      base.extend TwitterAuth::Dispatcher::Shared
+    end
+    
+    module ClassMethods
+      def identify_or_create_from_access_token(token, secret=nil)
+        raise ArgumentError, 'Must authenticate with an OAuth::AccessToken or the string access token and secret.' unless (token && secret) || token.is_a?(OAuth::AccessToken)
+        
+        token = OAuth::AccessToken.new(TwitterAuth.consumer, token, secret) unless token.is_a?(OAuth::AccessToken)
+        
+        response = token.get(TwitterAuth.path_prefix + '/account/verify_credentials.json')
+        user_info = handle_response(response)
+        
+        if user = User.find_by_login(user_info['screen_name'].to_s)
+          if user.onboard_status == 1
+            user.onboard_status = 2 
+          end
+            user.login = user_info['screen_name']
+            user.assign_twitter_attributes(user_info)
+            user.access_token = token.token
+            user.access_secret = token.secret
+            user.save
+            user
+        else
+          User.create_from_twitter_hash_and_token(user_info, token) 
+        end
+      end
+
+      def create_from_twitter_hash_and_token(user_info, access_token)
+        user = User.new_from_twitter_hash(user_info)
+        user.access_token = access_token.token
+        user.access_secret = access_token.secret
+        user.onboard_status = 0
+        user.save
+        user
+      end
+    end
+
+    def token
+      OAuth::AccessToken.new(TwitterAuth.consumer, access_token, access_secret)
+    end 
+  end
+end

data/app/views/sessions/_login_form.html.erb

@@ -0,0 +1,17 @@
+<% form_tag session_path, :id => 'login_form' do %>
+  <div class='field'>
+    <label for='login'>Twitter Username:</label>
+    <%= text_field_tag 'login', nil, :class => 'text_field' %>
+  </div>
+  <div class='field'>
+    <label for='password'>Password:</label>
+    <%= password_field_tag 'password', nil, :class => 'password_field' %>
+  </div>
+  <!--<div class='checkbox-field'>
+<%= check_box_tag 'remember_me' %> <label for='remember_me'>Keep Me Logged In</label>
+</div>-->
+  <div class='field submit'>
+    <%= submit_tag 'Log In', :class => 'submit' %>
+  </div>
+<% end %>
+

data/app/views/sessions/new.html.erb

@@ -0,0 +1,5 @@
+<h1>Log In Via Twitter</h1>
+
+<p>This application utilizes your Twitter username and password for authentication; you do not have to create a separate account here. To log in, just enter your Twitter credentials in the form below.</p>
+
+<%= render :partial => 'login_form' %>

data/config/routes.rb

@@ -0,0 +1,6 @@
+ActionController::Routing::Routes.draw do |map|
+  map.login '/login', :controller => 'sessions', :action => 'new'
+  map.logout '/logout', :controller => 'sessions', :action => 'destroy'
+  map.resource :session
+  map.oauth_callback '/oauth_callback', :controller => 'sessions', :action => 'oauth_callback'
+end

data/generators/twitter_auth/USAGE

@@ -0,0 +1,12 @@
+TwitterAuth Generator
+=====================
+
+The TwitterAuth generator allows you to generate the components necessary to implement Twitter as a Single Sign-On provider for your site.
+
+To run it, you simply need to call it:
+
+script/generate twitter_auth
+
+This will generate the migration necessary for the users table as well as generate a User model that extends the appropriate TwitterAuth model template and a config/twitter.yml that allows you to set your OAuth consumer key and secret. 
+
+By default, TwitterAuth uses OAuth as its authentication strategy. If you wish to use HTTP Basic you can pass in the --basic option.

data/generators/twitter_auth/templates/migration.rb

@@ -0,0 +1,49 @@
+class TwitterAuthMigration < ActiveRecord::Migration
+  def self.up
+    create_table :users do |t|
+      t.string :twitter_id
+      t.string :login
+<% if options[:oauth] -%>
+      t.string :access_token
+      t.string :access_secret
+<% elsif options[:basic] -%>
+      t.binary :crypted_password
+      t.string :salt
+<% end -%>
+
+      t.string :remember_token
+      t.datetime :remember_token_expires_at
+
+      # This information is automatically kept
+      # in-sync at each login of the user. You
+      # may remove any/all of these columns.
+      t.string :name
+      t.string :location
+      t.string :description
+      t.string :profile_image_url
+      t.string :url
+      t.boolean :protected
+      t.string :profile_background_color
+      t.string :profile_sidebar_fill_color
+      t.string :profile_link_color
+      t.string :profile_sidebar_border_color
+      t.string :profile_text_color
+      t.string :profile_background_image_url
+      t.boolean :profile_background_tile
+      t.integer :friends_count
+      t.integer :statuses_count
+      t.integer :followers_count
+      t.integer :favourites_count
+
+      # Probably don't need both, but they're here.
+      t.integer :utc_offset
+      t.string :time_zone
+
+      t.timestamps
+    end
+  end
+
+  def self.down
+    drop_table :users
+  end
+end