userbin 0.2.4 → 0.3.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: ce994049ebc7d12cc3311da706d0555a26441ffb
-  data.tar.gz: 95713e6b62ab30d76ca1f269908caedc61c01116
+  metadata.gz: b8e6296ed0a839326618e50de24bdc44370bd0b5
+  data.tar.gz: 0780de9c998812f4b60d7f6df082cfa8168c5633
 SHA512:
-  metadata.gz: aacffa1023b35ae8e94a695ead4ed09a75c059dd03bbef68272e1dc06ace938303e6d4033694115abded0de2e348e7d0b639535faa7ff0e8f7a3774962386369
-  data.tar.gz: 2575916c9ffadbb9d9dfa2f33cb92135f5460a4308203e0e78777ff8963db5297cfed726e64a2988edebd6cd1dae2f674580a509bcdcd41d240df5284144f8ce
+  metadata.gz: 34e266fbe71560862f5d21095f27c73ec9ab50927a7ccb6c657490114cd6e417f397e3a3f1367f17ab6792d0a2867786241762d4b348e4de8c2c935ea9b7b743
+  data.tar.gz: bfaa4aa0595a9ed47f77e37306463d98974cf4391e33bfa361c63c2825f768155d006a0d382a4590ddc33d5c3fc4ebd2d4122e70e179373149692d34de40ef19

data/README.md

@@ -3,7 +3,9 @@ Userbin for Ruby
 
 Userbin for Ruby adds user authentication, login flows and user management to your **Rails**, **Sinatra** or **Rack** app.
 
-[Userbin](https://userbin.com) provides a set of login, signup, and password reset forms that drop right into your application without any need of styling or writing markup. Connect your users via traditional logins or third party social networks. We take care of linking accounts across networks, resetting passwords, and keeping everything safe and secure. [Create a free account](https://userbin.com) to start accepting users in your application.
+[Userbin](https://userbin.com) provides a set of login, signup, and password reset forms that drop right into your application without any need of styling or writing markup. Connect your users via traditional logins or third party social networks. We take care of linking accounts across networks, resetting passwords, and keeping everything safe and secure.
+
+[Create a free account](https://userbin.com) at Userbin to start accepting users in your application.
 
 Installation
 ------------
@@ -19,72 +21,140 @@ Installation
     ```shell
     bundle install
     ```
-    
+
 2.  Configure the Userbin module with the credentials you got from signing up.
 
-    In a Rails app, put the following code into a new file at `config/initializers/userbin.rb`
+    In a Rails app, put the following code into a new file at `config/initializers/userbin.rb`, and in Sinatra put it in your main application file and add `require "userbin"`.
 
     ```ruby
     Userbin.configure do |config|
       config.app_id = "YOUR_APP_ID"
       config.api_secret = "YOUR_API_SECRET"
-      config.restricted_path = "/admin"
     end
     ```
 
     If you don't configure the `app_id` and `api_secret`, the Userbin module will read the `USERBIN_APP_ID` and `USERBIN_API_SECRET` environment variables. This may come in handy on Heroku.
-    
-    Set up your `restricted_path` to which users will be redirected on a successful login. Browsing to this path or a sub-path will require the user to login. Logging out redirects the user back to the root path.
 
 3.  **Rack/Sinatra apps only**: Activate the Userbin Rack middleware
 
     ```ruby
     use Userbin::Authentication
     ```
-    
-That's it! People are now able sign up and log in to your application.
+
 
 Usage
 -----
 
-### Signup, login and logout
+### Forms
 
-NOTE: To make installation as easy as possible, markup required for the Userbin UI are automatically inserted before the closing </body> and </head> tags in your HTML. It is therefore important that these tags are present on all pages where you want to use the links below.
+An easy way to integrate Userbin is via the [Widget](https://userbin.com/docs/javascript#widget), which will take care of building forms, validating input and provides a drop-in design that adapts nicely to all devices.
 
-These links will open up the [Userbin Widget](https://userbin.com/docs/javascript#widget) with either the login or signup form.
+The Widget is fairly high level, so remember that you can still use Userbin with your [own forms](https://userbin.com) if it doesn't fit your use-case.
+
+The following links will open up the Widget with the login or the signup form respectively.
 
 ```html
-<!-- put this on a public page -->
 <a class="ub-login">Log in</a>
-or
+```
+
+```html
 <a class="ub-signup">Sign up</a>
 ```
 
 The logout link will clear the session and redirect the user back to your root path:
 
 ```html
-<!-- put this on a restricted page -->
 <a class="ub-logout">Log out</a>
 ```
 
-See the [Javascript reference](https://userbin.com/docs/javascript#markup) for more info on this markup.
-
 ### The current user
 
-Userbin keeps track of the currently logged in user:
+Userbin keeps track of the currently logged in user which can be accessed through the `current_user` property. This automatically taps into libraries such as the authorization solution [CanCan](https://github.com/ryanb/cancan).
 
 ```erb
-Welcome to your account, <%= Userbin.user.email %>
+Welcome to your account, <%= current_user.email %>
 ```
 
-To check if a user is logged in, use the following helper:
+To check if a user is logged in, use `user_logged_in?` (or its alias `user_signed_in?` if you prefer Devise conventions)
 
 ```erb
-<% if Userbin.authenticated? %>
+<% if user_logged_in? %>
   You are logged in!
 <% end %>
 ```
 
+**Rack/Sinatra apps only**: Since above helpers aren't available outside Rails, instead use `Userbin.current_user` and `Userbin.user_logged_in?`.
+
+Configuration
+-------------
+
+The `Userbin.configure` block supports a range of options additional to the Userbin credentials. None of the following options are mandatory.
+
+### protected_path
+
+By default, Userbin reloads the current page on a successful login. If you set the `protected_path` option, users will be redirected to this path instead.
+
+Once set, this path and any sub-path of it will be protected from unauthenticated users by instead rendering a login form.
+
+```ruby
+config.protected_path = '/dashboard'
+```
+
+### root_path
+
+By default, Userbin reloads the current page on a successful logout. If you set the `root_path` option, users will be redirected to this path instead.
+
+```ruby
+config.root_path = '/login'
+```
+
+### create_user and find_user
+
+By default, `current_user` will reference a *limited* Userbin profile, enabling you to work without a database. If you override the functions `create_user` and `find_user`, the current user will instead reference one of your models. The `profile` object is an *extended* Userbin profile. For more information about the available attributes in the profile see the [Userbin profile](https://userbin.com/docs/concepts) documentation.
+
+```ruby
+config.create_user = Proc.new { |profile|
+  User.create! do |user|
+    user.userbin_id = profile.id
+    user.email      = profile.email
+    user.photo      = profile.image
+  end
+}
+
+config.find_user = Proc.new { |userbin_id|
+  User.find_by_userbin_id(userbin_id)
+}
+```
+
+You'll need to migrate your users and add a reference to the Userbin profile:
+
+```ruby
+rails g migration AddUserbinIdToUsers userbin_id:integer:index
+```
+
+### auto_include_tags
+
+By default, the Userbin middleware will automatically insert a `<script>` tag before the closing `</body>` in your HTML files in order to handle forms, sessions and user tracking. This script loads everything asynchronously, so it won't affect your page load speed. However if you want to have control of this procedure, set `auto_include_tags` to false and initialize the library yourself. To do that, checkout the [Userbin.js configuration guide](https://userbin.com/docs/javascript#configuration).
+
+```ruby
+config.auto_include_tags = false
+```
+
+
+Further configuration and customization
+---------------------------------------
+
+Your Userbin dashboard gives you access to a range of functionality:
+
+- Configure the appearance of the login widget to feel more integrated with your service
+- Connect 10+ OAuth providers like Facebook, Github and Google.
+- Use Markdown to generate mobile-ready transactional emails
+- Invite users to your application
+- See who is logging in and when
+- User management: block, remove and impersonate users
+- Export all your user data from Userbin
+
+
 Documentation
 -------------
 For complete documentation go to [userbin.com/docs](https://userbin.com/docs)

data/lib/userbin/authentication.rb

@@ -1,7 +1,6 @@
 module Userbin
   class Authentication
 
-    CLOSING_HEAD_TAG = %r{</head>}
     CLOSING_BODY_TAG = %r{</body>}
 
     def initialize(app, options = {})
@@ -25,9 +24,10 @@ module Userbin
         else
           signature, data = Userbin.authenticate!(request)
 
-          if restrict && env["PATH_INFO"].start_with?(restrict) &&
-             !Userbin.authenticated?
-            return render_gateway(env["REQUEST_PATH"])
+          if !Userbin.authenticated? && Userbin.config.protected_path &&
+            env["PATH_INFO"].start_with?(Userbin.config.protected_path)
+
+            return render_gateway(env["PATH_INFO"])
           end
 
           generate_response(env, signature, data)
@@ -36,8 +36,7 @@ module Userbin
         message =
           'Userbin::SecurityError: Invalid signature. Refresh to try again.'
         headers = {
-          'Content-Type' => 'text/text',
-          'Content-Length' => message.length.to_s
+          'Content-Type' => 'text/text'
         }
 
         Rack::Utils.delete_cookie_header!(
@@ -49,28 +48,36 @@ module Userbin
       end
     end
 
-    def restrict
-      Userbin.config.restricted_path
-    end
-
-    def link_tags(login_path)
-      <<-LINK_TAGS
-<link rel="userbin:root" href="/" />
-<link rel="userbin:login" href="#{login_path}" />
-      LINK_TAGS
-    end
-
-    def script_tag
+    def script_tag(login_path)
       script_url = ENV.fetch('USERBIN_SCRIPT_URL') {
         "//js.userbin.com"
       }
-      str = <<-SCRIPT_TAG
-<script src="#{script_url}?#{Userbin.config.app_id}"></script>
-      SCRIPT_TAG
+      path = login_path || Userbin.config.protected_path
+
+      tag =  "<script src='#{script_url}?#{Userbin.config.app_id}'></script>\n"
+      tag += "<script type='text/javascript'>\n"
+      tag += "  Userbin.config({\n"
+      if Userbin.config.root_path
+        tag += "    logoutRedirectUrl: '#{Userbin.config.root_path}',\n"
+      end
+      tag += "    loginRedirectUrl: '#{path}',\n" if path
+      tag += "    reloadOnSuccess: true\n"
+      tag += "  });\n"
+      tag += "</script>\n"
+    end
+
+    def inject_tags(body, login_path = nil)
+      if body[CLOSING_BODY_TAG]
+        body = body.gsub(CLOSING_BODY_TAG, script_tag(login_path) + '\\0')
+      end
+      body
     end
 
     def render_gateway(current_path)
+      script_url = ENV["USERBIN_SCRIPT_URL"] || '//js.userbin.com'
+
       login_page = <<-LOGIN_PAGE
+<!DOCTYPE html>
 <html>
 <head>
   <title>Log in</title>
@@ -80,44 +87,34 @@ module Userbin
 </body>
 </html>
       LOGIN_PAGE
+
       login_page = inject_tags(login_page, current_path)
-      [ 403,
-        { 'Content-Type' => 'text/html',
-          'Content-Length' => login_page.length.to_s },
-        [login_page]
-      ]
-    end
 
-    def inject_tags(body, login_path = restrict)
-      if body[CLOSING_HEAD_TAG]
-        body = body.gsub(CLOSING_HEAD_TAG, link_tags(login_path) + '\\0')
-      end
-      if body[CLOSING_BODY_TAG]
-        body = body.gsub(CLOSING_BODY_TAG, script_tag + '\\0')
-      end
-      body
+      headers = { 'Content-Type' => 'text/html' }
+
+      [403, headers, [login_page]]
     end
 
     def generate_response(env, signature, data)
       status, headers, response = @app.call(env)
-      if headers['Content-Type'] && headers['Content-Type']['text/html']
-        if response.respond_to?(:body)
-          body = [*response.body]
-        else
-          body = response
-        end
-
-        if Userbin.config.auto_include_tags
-          body = body.each.map do |chunk|
-            inject_tags(chunk)
-          end
-        end
 
-        if response.respond_to?(:body)
-          response.body = body
-        else
-          response = body
-        end
+      if headers['Content-Type'] && headers['Content-Type']['text/html']
+       if response.respond_to?(:body)
+         body = [*response.body]
+       else
+         body = response
+       end
+       if Userbin.config.auto_include_tags
+         body = body.each.map do |chunk|
+           inject_tags(chunk)
+         end
+       end
+       if response.respond_to?(:body)
+         response.body = body
+       else
+         response = body
+       end
+        headers['Content-Length'] = body.flatten[0].length.to_s
       end
 
       if signature && data

data/lib/userbin/configuration.rb

@@ -2,9 +2,15 @@ module Userbin
   class Configuration
     attr_accessor :app_id
     attr_accessor :api_secret
-    attr_accessor :current_user
     attr_accessor :auto_include_tags
-    attr_accessor :restricted_path
+    attr_accessor :create_user
+    attr_accessor :find_user
+    attr_accessor :protected_path
+    attr_accessor :root_path
+
+    # restricted_path is obsolete
+    alias :restricted_path :protected_path
+    alias :restricted_path= :protected_path=
 
     def initialize
       self.app_id = ENV["USERBIN_APP_ID"]

data/lib/userbin/rails/auth_helpers.rb

@@ -1,12 +1,15 @@
 module Userbin
   module AuthHelpers
     def current_user
-      return unless Userbin.authenticated?
-      if Userbin.config.current_user
-        @current_user ||= Userbin.config.current_user.call(Userbin.current_user)
-      else
-        raise "Userbin: No method configured for returning 'current_user'"
-      end
+      Userbin.current_user
+    end
+
+    def user_logged_in?
+      Userbin.user_logged_in?
+    end
+
+    def user_signed_in?
+      Userbin.user_signed_in?
     end
   end
 end

data/lib/userbin/userbin.rb

@@ -18,10 +18,8 @@ module Userbin
 
       current = Userbin::Session.new(MultiJson.decode(data))
 
-      if current.authenticated?
-        if now > Time.at(current.expires_at / 1000)
-          signature, data = refresh_session(current.id)
-        end
+      if now > Time.at(current.expires_at / 1000)
+        signature, data = refresh_session(current.id)
       end
     end
 
@@ -53,10 +51,34 @@ module Userbin
     current.authenticated? rescue false
   end
 
-  def self.current_user
+  def self.user_logged_in?
+    authenticated?
+  end
+
+  def self.user_signed_in?
+    authenticated?
+  end
+
+  def self._current_user
     current.user if current
   end
 
+  def self.current_user
+    if Userbin.config.find_user
+      u = Userbin.config.find_user.call(_current_user.id)
+      return u if u
+      if Userbin.config.create_user
+        u = Userbin.config.create_user.call(_current_user)
+        return u if u
+        _current_user
+      else
+        raise UnimplementedError, "You need to implement create_user"
+      end
+    else
+      _current_user
+    end
+  end
+
   def self.user
     current_user
   end

data/lib/userbin/version.rb

@@ -1,3 +1,3 @@
 module Userbin
-  VERSION = "0.2.4"
+  VERSION = "0.3.1"
 end

data/lib/userbin.rb

@@ -8,7 +8,7 @@ require "userbin/basic_auth"
 
 require "userbin/railtie" if defined?(Rails::Railtie)
 
-api_endpoint = ENV.fetch('USERBIN_API_ENDPOINT') {
+api_endpoint = ENV.fetch('USERBIN_API_ENDPOINT') {3
   "https://api.userbin.com"
 }
 
@@ -28,6 +28,7 @@ require "userbin/authentication"
 
 class Userbin::Error < Exception; end
 class Userbin::SecurityError < Userbin::Error; end
+class Userbin::UnimplementedError < Userbin::Error; end
 
 module Userbin
   class << self

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: userbin
 version: !ruby/object:Gem::Version
-  version: 0.2.4
+  version: 0.3.1
 platform: ruby
 authors:
 - Johan