vanilla 1.9.11.1 → 1.9.12

data/Rakefile

@@ -25,7 +25,7 @@ if Object.const_defined?(:Gem)
 
     # Change these as appropriate
     s.name              = "vanilla"
-    s.version           = "1.9.11.1"
+    s.version           = "1.9.12"
     s.summary           = "A bliki-type web content thing."
     s.author            = "James Adam"
     s.email             = "james@lazyatom.com.com"
@@ -47,6 +47,7 @@ if Object.const_defined?(:Gem)
     s.add_dependency("RedCloth", ">= 4.1.1")
     s.add_dependency("BlueCloth", ">= 1.0.0")
     s.add_dependency("treetop", ">= 1.4.1")
+    s.add_dependency("warden", ">= 0.5.2")
 
     s.add_development_dependency("rspec") # add any other gems for testing/development
 

data/config.ru

@@ -2,9 +2,19 @@ $:.unshift File.join(File.dirname(__FILE__), *%w[lib])
 require 'vanilla'
 
 app = Vanilla::App.new(ENV['VANILLA_CONFIG'])
+
 use Rack::Session::Cookie, :key => 'vanilla.session',
                            :path => '/',
                            :expire_after => 2592000,
                            :secret => app.config[:secret]
+
+require 'vanilla/authentication/warden'
+app.authenticator = Vanilla::Authentication::Warden.new(app)
+use Warden::Manager do |manager|
+  manager.default_strategies :vanilla
+  manager.failure_app = lambda{|e| [401, {"Content-Type" => "text/plain"}, ["Fail App"]]}
+end
+
 use Rack::Static, :urls => ["/public"], :root => File.join(File.dirname(__FILE__))
-run app
+
+run app

data/lib/vanilla/app.rb

@@ -1,4 +1,5 @@
 require 'vanilla/request'
+require 'vanilla/authentication'
 require 'vanilla/routes'
 require 'vanilla/soup_with_timestamps'
 
@@ -11,16 +12,19 @@ require 'vanilla/renderers/erb'
 module Vanilla
   class App
     include Routes
-    
+
     attr_reader :request, :response, :config, :soup
-    
+    attr_accessor :authenticator
+
     def initialize(config_file=nil)
       prepare_configuration(config_file)
       @soup = SoupWithTimestamps.new(config[:soup])
+      @authenticator = Vanilla::Authentication::Base.new(self)
     end
-    
+
     # Returns a Rack-appropriate 3-element array (via Rack::Response#finish)
     def call(env)
+      env['vanilla.app'] = self
       @request = Vanilla::Request.new(env, self)
       @response = Rack::Response.new
 
@@ -30,7 +34,7 @@ module Vanilla
         @response.status = 500
         output = e.to_s
       end
-      response_format = request.format      
+      response_format = request.format
       response_format = 'plain' if response_format == 'raw'
       @response['Content-Type'] = "text/#{response_format}"
       @response.write(output)
@@ -59,34 +63,34 @@ module Vanilla
       end
     end
 
-    # Given the snip and parameters, yield an instance of the appropriate 
+    # Given the snip and parameters, yield an instance of the appropriate
     # Vanilla::Render::Base subclass
     def rendering(snip)
       renderer_instance = renderer_for(snip).new(self)
       yield renderer_instance
     rescue Exception => e
-      "<pre>[Error rendering '#{snip.name}' - \"" + 
-        e.message.gsub("<", "&lt;").gsub(">", "&gt;") + "\"]\n" + 
+      "<pre>[Error rendering '#{snip.name}' - \"" +
+        e.message.gsub("<", "&lt;").gsub(">", "&gt;") + "\"]\n" +
         e.backtrace.join("\n").gsub("<", "&lt;").gsub(">", "&gt;") + "</pre>"
     end
-    
+
     # Returns the renderer class for a given snip
     def renderer_for(snip)
       return Renderers::Base unless snip.render_as && !snip.render_as.empty?
       Vanilla::Renderers.const_get(snip.render_as)
     end
-    
+
     # Other things can call this when a snip cannot be loaded.
     def render_missing_snip(snip_name)
       "[snip '#{snip_name}' cannot be found]"
     end
-    
+
     def snip(attributes)
       @soup.new_snip(attributes)
     end
-    
+
     private
-    
+
     def prepare_configuration(config_file)
       config_file ||= "config.yml"
       @config = YAML.load(File.open(config_file)) rescue {}

data/lib/vanilla/authentication/warden.rb

@@ -0,0 +1,42 @@
+require 'warden'
+
+module Vanilla
+  module Authentication
+    class Warden < Base
+      def initialize(app)
+        super
+        ::Warden::Strategies.add(:vanilla, Vanilla::Authentication::Warden::Strategy)
+      end
+
+      def authenticated?
+        @app.request.env['warden'].authenticated?
+      end
+
+      def user
+        @app.request.env['warden'].user
+      end
+
+      def authenticate!
+        @app.request.env['warden'].authenticate!
+      end
+
+      def logout
+        @app.request.env['warden'].logout
+      end
+
+      class Strategy < ::Warden::Strategies::Base
+        def valid?
+          params["name"] || params["password"]
+        end
+
+        def authenticate!
+          if env['vanilla.app'].config[:credentials][params["name"]] == MD5.md5(params["password"]).to_s
+            success!(params["name"])
+          else
+            redirect!("/login")
+          end
+        end
+      end
+    end
+  end
+end

data/lib/vanilla/authentication.rb

@@ -0,0 +1,24 @@
+module Vanilla
+  module Authentication
+    # A pass-through authenticator, which never
+    # requires a login
+    class Base
+      def initialize(app)
+        @app = app
+      end
+
+      def authenticated?
+        true
+      end
+
+      def user
+      end
+
+      def authenticate!
+      end
+
+      def logout
+      end
+    end
+  end
+end

data/lib/vanilla/dynasnips/edit.rb

@@ -4,18 +4,18 @@ require 'vanilla/dynasnips/login'
 # The edit dyna will load the snip given in the 'snip_to_edit' part of the
 # params
 class EditSnip < Dynasnip
-  include Login::Helper
-  
   snip_name "edit"
-  
+
   def get(snip_name=nil)
-    return login_required unless logged_in?
+    app.request.authenticate!
+
     snip = app.soup[snip_name || app.request.params[:name]]
     edit(snip)
   end
-  
+
   def post(*args)
-    return login_required unless logged_in?
+    app.request.authenticate!
+
     snip_attributes = cleaned_params
     snip_attributes.delete(:save_button)
     return 'no params' if snip_attributes.empty?
@@ -29,20 +29,20 @@ class EditSnip < Dynasnip
     app.soup << snip_attributes
     %{Created snip #{link_to snip_attributes[:name]} ok}
   end
-  
+
   def edit(snip)
     renderer = Vanilla::Renderers::Erb.new(app)
     renderer.instance_eval { @snip_to_edit = snip } # hacky!
     snip_in_edit_template = renderer.render_without_including_snips(app.soup['edit'], :template)
     prevent_snip_inclusion(snip_in_edit_template)
   end
-  
+
   private
-  
+
   def prevent_snip_inclusion(content)
     content.gsub("{", "&#123;").gsub("}" ,"&#125;")
   end
-  
+
   attribute :template, %{
     <form action="<%= url_to 'edit' %>" method="post">
     <dl class="attributes">
@@ -57,4 +57,4 @@ class EditSnip < Dynasnip
     <button name='save_button'>Save</button>
     </form>
   }
-end
+end

data/lib/vanilla/dynasnips/login.rb

@@ -3,43 +3,27 @@ require 'yaml'
 require 'md5'
 
 class Login < Dynasnip
-  module Helper
-    def logged_in?
-      !current_user.nil?
-    end
-    
-    def current_user
-      app.request.session['logged_in_as']
-    end
-  
-    def login_required
-      "You need to <a href='/login'>login</a> to do that."
-    end
-  end
-  include Helper
-  
   def get(*args)
-    if logged_in?
+    if app.request.authenticated?
       login_controls
     else
       render(self, 'template')
     end
   end
-  
+
   def post(*args)
-    if app.config[:credentials][cleaned_params[:name]] == MD5.md5(cleaned_params[:password]).to_s
-      app.request.session['logged_in_as'] = cleaned_params[:name]
+    if app.request.authenticate!
       login_controls
     else
       "login fail!"
     end
   end
-  
+
   def delete(*args)
-    app.request.session['logged_in_as'] = nil
+    app.request.logout
     "Logged out"
   end
-  
+
   attribute :template, <<-EHTML
     <form action='/login' method='post'>
     <label>Name: <input type="text" name="name"></input></label>
@@ -47,10 +31,10 @@ class Login < Dynasnip
     <button>login</button>
     </form>
   EHTML
-  
+
   private
-  
+
   def login_controls
-    "logged in as {link_to #{app.request.session['logged_in_as']}}; <a href='/login?_method=delete'>logout</a>"
+    "logged in as #{link_to app.request.user}; <a href='/login?_method=delete'>logout</a>"
   end
 end

data/lib/vanilla/dynasnips/new.rb

@@ -2,13 +2,14 @@ require 'vanilla/dynasnip'
 require 'vanilla/dynasnips/login'
 
 class NewSnip < Dynasnip
-  include Login::Helper
-  
+  # include Login::Helper
+
   snip_name :new
-  
+
   def handle(*arg)
-    return login_required unless logged_in?
+    app.request.authenticate!
+
     base_params = {:render_as => '', :content => '', :author => current_user}.update(app.request.params)
     editor = EditSnip.new(app).edit(Snip.new(base_params))
   end
-end
+end

data/lib/vanilla/request.rb

@@ -4,9 +4,10 @@ module Vanilla
   # Create a request with symbolised access to the params, and some special
   # accessors to the snip, part and format based on our routing.
   class Request
-    attr_reader :snip_name, :part, :format, :method
-    
+    attr_reader :snip_name, :part, :format, :method, :env
+
     def initialize(env, app)
+      @env = env
       @rack_request = Rack::Request.new(env)
       @app = app
       determine_request_uri_parts
@@ -16,41 +17,57 @@ module Vanilla
       # Don't you just love how terse functional programming tends to look like maths?
       @symbolised_params ||= @rack_request.params.inject({}) { |p, (k,v)| p[k.to_sym] = v; p }
     end
-    
+
     # Returns the snip referenced by the request's URL. Performs no exception
     # handling, so if the snip does not exist, an exception will be thrown.
     def snip
       @app.soup[snip_name]
     end
-    
+
     def cookies
       @rack_request.cookies
     end
-    
+
     def ip
       @rack_request.env["REMOTE_ADDR"]
     end
-    
+
     def session
       @rack_request.env["rack.session"]
     end
-    
+
+    def authenticated?
+      @app.authenticator.authenticated?
+    end
+
+    def user
+      @app.authenticator.user
+    end
+
+    def authenticate!
+      @app.authenticator.authenticate!
+    end
+
+    def logout
+      @app.authenticator.logout
+    end
+
     private
-    
+
     def determine_request_uri_parts
       @snip_name, @part, @format = request_uri_parts(@rack_request)
       @format ||= 'html'
       @method = (params.delete(:_method) || @rack_request.request_method).downcase
     end
-    
+
     def uri_path(request)
       request.path_info
     end
-    
+
     URL_ROOT          = /\A\/\Z/                                  # i.e. /
     URL_SNIP          = /\A\/([\w\-\s]+)(\/|\.(\w+))?\Z/            # i.e. /start, /start.html
     URL_SNIP_AND_PART = /\A\/([\w\-\s]+)\/([\w\-\s]+)(\/|\.(\w+))?\Z/ # i.e. /blah/part, /blah/part.raw
-    
+
     # Returns an array of the requested snip, part and format
     def request_uri_parts(request)
       case CGI.unescape(uri_path(request))
@@ -64,6 +81,6 @@ module Vanilla
         []
       end
     end
-    
+
   end
-end  
+end

data/lib/vanilla/snips/system.rb

@@ -9,6 +9,7 @@ system.main_template = <<-HTML
   <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
   <title>{current_snip name}</title>
   <script language="javascript" src="/public/javascripts/jquery.js"></script>
+  <script language="javascript" src="/public/javascripts/jquery.autogrow-textarea.js"></script>
   <script language="javascript" src="/public/javascripts/vanilla.js"></script>
   <link rel="stylesheet" type="text/css" media="screen"  href="<%= url_to("system", "css.css") %>" />
 </head>

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification 
 name: vanilla
 version: !ruby/object:Gem::Version 
-  version: 1.9.11.1
+  version: 1.9.12
 platform: ruby
 authors: 
 - James Adam
@@ -9,7 +9,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2009-10-16 00:00:00 +01:00
+date: 2009-11-10 00:00:00 +00:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -72,6 +72,16 @@ dependencies:
       - !ruby/object:Gem::Version 
         version: 1.4.1
     version: 
+- !ruby/object:Gem::Dependency 
+  name: warden
+  type: :runtime
+  version_requirement: 
+  version_requirements: !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: 0.5.2
+    version: 
 - !ruby/object:Gem::Dependency 
   name: rspec
   type: :development
@@ -113,6 +123,8 @@ files:
 - lib/defensio.rb
 - lib/tasks/vanilla.rake
 - lib/vanilla/app.rb
+- lib/vanilla/authentication/warden.rb
+- lib/vanilla/authentication.rb
 - lib/vanilla/console.rb
 - lib/vanilla/dynasnip.rb
 - lib/vanilla/dynasnips/comments.rb