vita-clearance 0.6.2

data/config/clearance_routes.rb

@@ -0,0 +1,19 @@
+ActionController::Routing::Routes.draw do |map|
+  map.resources :passwords,
+    :controller => 'clearance/passwords',
+    :only => [:new, :create]
+
+  map.resource  :session,
+    :controller => 'clearance/sessions',
+    :only => [:new, :create, :destroy]
+
+  map.resources :users, :controller => 'clearance/users' do |users|
+    users.resource :password,
+      :controller => 'clearance/passwords',
+      :only => [:create, :edit, :update]
+
+    users.resource :confirmation,
+      :controller => 'clearance/confirmations',
+      :only => [:new, :create]
+  end
+end

data/generators/clearance/USAGE

@@ -0,0 +1 @@
+script/generate clearance

data/generators/clearance/clearance_generator.rb

@@ -0,0 +1,41 @@
+require File.expand_path(File.dirname(__FILE__) + "/lib/insert_commands.rb")
+require File.expand_path(File.dirname(__FILE__) + "/lib/rake_commands.rb")
+require 'factory_girl'
+
+class ClearanceGenerator < Rails::Generator::Base
+
+  def manifest
+    record do |m|
+      m.insert_into "app/controllers/application_controller.rb",
+                    "include Clearance::Authentication"
+
+      user_model = "app/models/user.rb"
+      if File.exists?(user_model)
+        m.insert_into user_model, "include Clearance::User"
+      else
+        m.directory File.join("app", "models")
+        m.file "user.rb", user_model
+      end
+
+      m.directory File.join("test", "factories")
+      m.file "factories.rb", "test/factories/clearance.rb"
+
+      m.migration_template "migrations/#{migration_name}.rb",
+                           'db/migrate',
+                           :migration_file_name => "clearance_#{migration_name}"
+
+      m.readme "README"
+    end
+  end
+
+  private
+
+  def migration_name
+    if ActiveRecord::Base.connection.table_exists?(:users)
+      'update_users'
+    else
+      'create_users'
+    end
+  end
+
+end

data/generators/clearance/lib/insert_commands.rb

@@ -0,0 +1,103 @@
+# Mostly pinched from http://github.com/ryanb/nifty-generators/tree/master
+
+Rails::Generator::Commands::Base.class_eval do
+  def file_contains?(relative_destination, line)
+    File.read(destination_path(relative_destination)).include?(line)
+  end
+end
+
+Rails::Generator::Commands::Create.class_eval do
+
+  def route_resources(resource_list)
+    sentinel = 'ActionController::Routing::Routes.draw do |map|'
+    
+    logger.route "map.resources #{resource_list}"
+    unless options[:pretend] || file_contains?('config/routes.rb', resource_list)
+      gsub_file 'config/routes.rb', /(#{Regexp.escape(sentinel)})/mi do |match|
+        "#{match}\n  map.resources #{resource_list}"
+      end
+    end
+  end
+
+  def route_resource(resource_list)
+    sentinel = 'ActionController::Routing::Routes.draw do |map|'
+    
+    logger.route "map.resource #{resource_list}"
+    unless options[:pretend] || file_contains?('config/routes.rb', resource_list)
+      gsub_file 'config/routes.rb', /(#{Regexp.escape(sentinel)})/mi do |match|
+        "#{match}\n  map.resource #{resource_list}"
+      end
+    end
+  end
+  
+  def route_name(name, path, route_options = {})
+    sentinel = 'ActionController::Routing::Routes.draw do |map|'
+    
+    logger.route "map.#{name} '#{path}', :controller => '#{route_options[:controller]}', :action => '#{route_options[:action]}'"
+    unless options[:pretend] 
+      gsub_file_once 'config/routes.rb', /(#{Regexp.escape(sentinel)})/mi do |match|
+        "#{match}\n  map.#{name} '#{path}', :controller => '#{route_options[:controller]}', :action => '#{route_options[:action]}'"
+      end
+    end
+  end
+  
+  def insert_into(file, line)
+    logger.insert "#{line} into #{file}"
+    unless options[:pretend] || file_contains?(file, line)
+      gsub_file file, /^(class|module) .+$/ do |match|
+        "#{match}\n  #{line}"
+      end
+    end
+  end
+end
+
+Rails::Generator::Commands::Destroy.class_eval do
+  def route_resource(resource_list)
+    look_for = "  map.resource #{resource_list}\n".gsub(/[\[\]]/, '\\\\\0')
+    logger.route "map.resource #{resource_list} #{look_for}"
+    unless options[:pretend]
+      gsub_file 'config/routes.rb', /(#{look_for})/mi, ''
+    end
+  end
+  
+  def route_resources(resource_list)
+    look_for = "  map.resources #{resource_list}\n".gsub(/[\[\]]/, '\\\\\0')
+    logger.route "map.resources #{resource_list} #{look_for}"
+    unless options[:pretend]
+      gsub_file 'config/routes.rb', /(#{look_for})/mi, ''
+    end
+  end  
+  
+  def route_name(name, path, route_options = {})
+    look_for =   "\n  map.#{name} '#{path}', :controller => '#{route_options[:controller]}', :action => '#{route_options[:action]}'"
+    logger.route "map.#{name} '#{path}',     :controller => '#{route_options[:controller]}', :action => '#{route_options[:action]}'"
+    unless options[:pretend]
+      gsub_file    'config/routes.rb', /(#{look_for})/mi, ''
+    end
+  end
+  
+  def insert_into(file, line)
+    logger.remove "#{line} from #{file}"
+    unless options[:pretend]
+      gsub_file file, "\n  #{line}", ''
+    end
+  end
+end
+
+Rails::Generator::Commands::List.class_eval do
+  def route_resource(resources_list)
+    logger.route "map.resource #{resource_list}"
+  end
+  
+  def route_resources(resources_list)
+    logger.route "map.resource #{resource_list}"
+  end  
+  
+  def route_name(name, path, options = {})
+    logger.route "map.#{name} '#{path}', :controller => '{options[:controller]}', :action => '#{options[:action]}'"
+  end
+  
+  def insert_into(file, line)
+    logger.insert "#{line} into #{file}"
+  end
+end

data/generators/clearance/lib/rake_commands.rb

@@ -0,0 +1,22 @@
+Rails::Generator::Commands::Create.class_eval do
+  def rake_db_migrate
+    logger.rake "db:migrate"
+    unless system("rake db:migrate")
+      logger.rake "db:migrate failed. Rolling back"      
+      command(:destroy).invoke!
+    end
+  end
+end
+
+Rails::Generator::Commands::Destroy.class_eval do
+  def rake_db_migrate
+    logger.rake "db:rollback"  
+    system "rake db:rollback"  
+  end
+end
+
+Rails::Generator::Commands::List.class_eval do
+  def rake_db_migrate
+    logger.rake "db:migrate"    
+  end
+end

data/generators/clearance/templates/README

@@ -0,0 +1,22 @@
+
+*******************************************************************************
+
+Ok, enough fancy automatic stuff. Time for some old school monkey copy-pasting.
+
+1. Define a HOST constant in your environments files.
+In config/environments/test.rb and config/environments/development.rb it can be:
+
+    HOST = "localhost"
+
+In production.rb it must be the actual host your application is deployed to.
+The constant is used by mailers to generate URLs in emails.
+
+2. In config/environment.rb:
+
+    DO_NOT_REPLY = "donotreply@example.com"
+
+3. Define root_url to *something* in your config/routes.rb:
+
+    map.root :controller => 'home'
+
+*******************************************************************************

data/generators/clearance/templates/factories.rb

@@ -0,0 +1,13 @@
+Factory.sequence :email do |n|
+  "user#{n}@example.com"
+end
+
+Factory.define :user do |user|
+  user.email                 { Factory.next :email }
+  user.password              { "password" }
+  user.password_confirmation { "password" }
+end
+
+Factory.define :email_confirmed_user, :parent => :user do |user|
+  user.email_confirmed { true }
+end

data/generators/clearance/templates/migrations/create_users.rb

@@ -0,0 +1,20 @@
+class ClearanceCreateUsers < ActiveRecord::Migration
+  def self.up
+    create_table(:users) do |t|
+      t.string   :email
+      t.string   :encrypted_password, :limit => 128
+      t.string   :salt,               :limit => 128
+      t.string   :token,              :limit => 128
+      t.datetime :token_expires_at
+      t.boolean  :email_confirmed, :default => false, :null => false
+    end
+
+    add_index :users, [:id, :token]
+    add_index :users, :email
+    add_index :users, :token    
+  end
+  
+  def self.down
+    drop_table :users  
+  end
+end

data/generators/clearance/templates/migrations/update_users.rb

@@ -0,0 +1,41 @@
+class ClearanceUpdateUsers < ActiveRecord::Migration
+  def self.up
+<% 
+      existing_columns = ActiveRecord::Base.connection.columns(:users).collect { |each| each.name }
+      columns = [
+        [:email,              't.string :email'],
+        [:encrypted_password, 't.string :encrypted_password, :limit => 128'],
+        [:salt,               't.string :salt, :limit => 128'],
+        [:token,              't.string :token, :limit => 128'],
+        [:token_expires_at,   't.datetime :token_expires_at'],
+        [:email_confirmed,    't.boolean :email_confirmed, :default => false, :null => false']
+      ].delete_if {|c| existing_columns.include?(c.first.to_s)} 
+-%>
+    change_table(:users) do |t|
+<% columns.each do |c| -%>
+      <%= c.last %>
+<% end -%>
+    end
+    
+<%
+    existing_indexes = ActiveRecord::Base.connection.indexes(:users)
+    index_names = existing_indexes.collect { |each| each.name }
+    new_indexes = [
+      [:index_users_on_id_and_token, 'add_index :users, [:id, :token]'],
+      [:index_users_on_email,        'add_index :users, :email'],
+      [:index_users_on_token,        'add_index :users, :token']
+    ].delete_if { |each| index_names.include?(each.first.to_s) }
+-%>
+<% new_indexes.each do |each| -%>
+    <%= each.last %>
+<% end -%>
+  end
+  
+  def self.down
+    change_table(:users) do |t|
+<% unless columns.empty? -%>
+      t.remove <%= columns.collect { |each| ":#{each.first}" }.join(',') %>
+<% end -%>
+    end
+  end
+end

data/generators/clearance/templates/user.rb

@@ -0,0 +1,3 @@
+class User < ActiveRecord::Base
+  include Clearance::User
+end

data/generators/clearance_features/USAGE

@@ -0,0 +1 @@
+script/generate clearance_features

data/generators/clearance_features/clearance_features_generator.rb

@@ -0,0 +1,20 @@
+class ClearanceFeaturesGenerator < Rails::Generator::Base
+  
+  def manifest
+    record do |m|
+      m.directory File.join("features", "step_definitions")
+      m.directory File.join("features", "support")
+      
+      ["features/step_definitions/clearance_steps.rb",
+       "features/step_definitions/factory_girl_steps.rb",
+       "features/support/paths.rb",
+       "features/sign_in.feature",
+       "features/sign_out.feature",       
+       "features/sign_up.feature",
+       "features/password_reset.feature"].each do |file|
+        m.file file, file
+       end
+    end
+  end
+  
+end

data/generators/clearance_features/templates/features/password_reset.feature

@@ -0,0 +1,31 @@
+Feature: Password reset
+  In order to sign in even if user forgot their password
+  A user
+  Should be able to reset it
+  
+    Scenario: User is not signed up
+      Given no user exists with an email of "email@person.com"
+      When I request password reset link to be sent to "email@person.com"
+      Then I should see "Unknown email"
+  
+    Scenario: User is signed up and requests password reset
+      Given I signed up with "email@person.com/password"
+      When I request password reset link to be sent to "email@person.com"
+      Then I should see "instructions for changing your password"
+      And a password reset message should be sent to "email@person.com"
+    
+    Scenario: User is signed up updated his password and types wrong confirmation
+      Given I signed up with "email@person.com/password"
+      When I follow the password reset link sent to "email@person.com"
+      And I update my password with "newpassword/wrongconfirmation"
+      Then I should see error messages
+      And I should not be signed in
+
+    Scenario: User is signed up and updates his password
+      Given I signed up with "email@person.com/password"
+      When I follow the password reset link sent to "email@person.com"
+      And I update my password with "newpassword/newpassword"
+      Then I should be signed in
+      When I sign out
+      And I sign in as "email@person.com/newpassword"
+      Then I should be signed in

data/generators/clearance_features/templates/features/sign_in.feature

@@ -0,0 +1,41 @@
+Feature: Sign in
+  In order to get access to protected sections of the site
+  A user
+  Should be able to sign in
+
+    Scenario: User is not signed up
+      Given no user exists with an email of "email@person.com"
+      When I go to the sign in page
+      And I sign in as "email@person.com/password"
+      Then I should see "Bad email or password"
+      And I should not be signed in      
+
+    Scenario: User is not confirmed
+      Given I signed up with "email@person.com/password"
+      When I go to the sign in page
+      And I sign in as "email@person.com/password"
+      Then I should see "User has not confirmed email"
+      And I should not be signed in
+
+   Scenario: User enters wrong password
+      Given I am signed up and confirmed as "email@person.com/password"
+      When I go to the sign in page
+      And I sign in as "email@person.com/wrongpassword"
+      Then I should see "Bad email or password"
+      And I should not be signed in
+
+   Scenario: User signs in successfully
+      Given I am signed up and confirmed as "email@person.com/password"
+      When I go to the sign in page
+      And I sign in as "email@person.com/password"
+      Then I should see "Signed in successfully"
+      And I should be signed in
+
+   Scenario: User signs in and checks "remember me"
+      Given I am signed up and confirmed as "email@person.com/password"
+      When I go to the sign in page
+      And I sign in with "remember me" as "email@person.com/password"
+      Then I should see "Signed in successfully"
+      And I should be signed in    
+      When I return next time
+      Then I should be signed in

data/generators/clearance_features/templates/features/sign_out.feature

@@ -0,0 +1,22 @@
+Feature: Sign out
+  To protect my account from unauthorized access
+  A signed in user
+  Should be able to sign out
+  
+    Scenario: User signs out
+      Given I am signed up and confirmed as "email@person.com/password"
+      When I sign in as "email@person.com/password"
+      Then I should be signed in
+      And I sign out
+      Then I should see "You have been signed out"     
+      And I should not be signed in
+      
+    Scenario: User who was remembered signs out
+      Given I am signed up and confirmed as "email@person.com/password"
+      When I sign in with "remember me" as "email@person.com/password"
+      Then I should be signed in
+      And I sign out
+      Then I should see "You have been signed out"     
+      And I should not be signed in
+      When I return next time
+      Then I should not be signed in  

data/generators/clearance_features/templates/features/sign_up.feature

@@ -0,0 +1,30 @@
+Feature: Sign up
+  In order to get access to protected sections of the site
+  A user
+  Should be able to sign up
+  
+    Scenario: User signs up with invalid data
+      When I go to the sign up page
+      And I fill in "Email" with "invalidemail"
+      And I fill in "Password" with "password"
+      And I fill in "Confirm password" with ""
+      And I press "Sign Up"
+      Then I should see error messages
+      
+    Scenario: User signs up with valid data
+      When I go to the sign up page
+      And I fill in "Email" with "email@person.com"
+      And I fill in "Password" with "password"
+      And I fill in "Confirm password" with "password"
+      And I press "Sign Up"
+      Then I should see "instructions for confirming"
+      And a confirmation message should be sent to "email@person.com"
+      
+    Scenario: User confirms his account
+      Given I signed up with "email@person.com/password"
+      When I follow the confirmation link sent to "email@person.com"
+      Then I should see "Confirmed email and signed in"
+      And I should be signed in      
+      
+      
+      

data/generators/clearance_features/templates/features/step_definitions/clearance_steps.rb

@@ -0,0 +1,110 @@
+# General
+
+Then /^I should see error messages$/ do
+  assert_match /error(s)? prohibited/m, response.body
+end
+
+# Database
+
+Given /^no user exists with an email of "(.*)"$/ do |email|
+  assert_nil User.find_by_email(email)
+end
+
+Given /^I signed up with "(.*)\/(.*)"$/ do |email, password|
+  user = Factory :user, 
+    :email                 => email, 
+    :password              => password,
+    :password_confirmation => password
+end 
+
+Given /^I am signed up and confirmed as "(.*)\/(.*)"$/ do |email, password|
+  user = Factory :email_confirmed_user,
+    :email                 => email, 
+    :password              => password,
+    :password_confirmation => password
+end
+
+# Session
+
+Then /^I should be signed in$/ do
+  assert_not_nil request.session[:user_id]
+end
+
+Then /^I should not be signed in$/ do
+  assert_nil request.session[:user_id]
+end
+
+When /^session is cleared$/ do
+  request.session[:user_id] = nil
+end
+
+# Emails
+
+Then /^a confirmation message should be sent to "(.*)"$/ do |email|
+  user = User.find_by_email(email)
+  sent = ActionMailer::Base.deliveries.first
+  assert_equal [user.email], sent.to
+  assert_match /confirm/i, sent.subject
+  assert !user.token.blank?
+  assert_match /#{user.token}/, sent.body
+end
+
+When /^I follow the confirmation link sent to "(.*)"$/ do |email|
+  user = User.find_by_email(email)
+  visit new_user_confirmation_path(:user_id => user, :token => user.token)
+end
+
+Then /^a password reset message should be sent to "(.*)"$/ do |email|
+  user = User.find_by_email(email)
+  sent = ActionMailer::Base.deliveries.first
+  assert_equal [user.email], sent.to
+  assert_match /password/i, sent.subject
+  assert !user.token.blank?
+  assert_match /#{user.token}/, sent.body
+end
+
+When /^I follow the password reset link sent to "(.*)"$/ do |email|
+  user = User.find_by_email(email)
+  visit edit_user_password_path(:user_id => user, :token => user.token)
+end
+
+When /^I try to change the password of "(.*)" without token$/ do |email|
+  user = User.find_by_email(email)
+  visit edit_user_password_path(:user_id => user)
+end
+
+Then /^I should be forbidden$/ do
+  assert_response :forbidden
+end
+
+
+# Actions
+
+When /^I sign in( with "remember me")? as "(.*)\/(.*)"$/ do |remember, email, password|
+  When %{I go to the sign in page}
+  And %{I fill in "Email" with "#{email}"}
+  And %{I fill in "Password" with "#{password}"}
+  And %{I check "Remember me"} if remember
+  And %{I press "Sign In"}
+end
+
+When /^I sign out$/ do
+  visit '/session', :delete
+end
+
+When /^I request password reset link to be sent to "(.*)"$/ do |email|
+  When %{I go to the password reset request page}
+  And %{I fill in "Email address" with "#{email}"}
+  And %{I press "Reset password"}
+end
+
+When /^I update my password with "(.*)\/(.*)"$/ do |password, confirmation|
+  And %{I fill in "Choose password" with "#{password}"}
+  And %{I fill in "Confirm password" with "#{confirmation}"}
+  And %{I press "Save this password"}
+end
+
+When /^I return next time$/ do
+  When %{session is cleared}
+  And %{I go to the homepage}
+end

data/generators/clearance_features/templates/features/step_definitions/factory_girl_steps.rb

@@ -0,0 +1,5 @@
+Factory.factories.each do |name, factory|
+  Given /^an? #{name} exists with an? (.*) of "([^"]*)"$/ do |attr, value|
+    Factory(name, attr.gsub(' ', '_') => value)
+  end
+end

data/generators/clearance_features/templates/features/support/paths.rb

@@ -0,0 +1,22 @@
+module NavigationHelpers
+  def path_to(page_name)
+    case page_name
+    
+    when /the homepage/i
+      root_path
+    when /the sign up page/i
+      new_user_path
+    when /the sign in page/i
+      new_session_path
+    when /the password reset request page/i
+      new_password_path
+    
+    # Add more page name => path mappings here
+    
+    else
+      raise "Can't find mapping from \"#{page_name}\" to a path."
+    end
+  end
+end
+ 
+World(NavigationHelpers)

data/lib/clearance/authentication.rb

@@ -0,0 +1,80 @@
+module Clearance
+  module Authentication
+
+    def self.included(controller)
+      controller.send(:include, InstanceMethods)
+
+      controller.class_eval do
+        helper_method :current_user
+        helper_method :signed_in?
+
+        hide_action :current_user, :signed_in?
+      end
+    end
+
+    module InstanceMethods
+      def current_user
+        @_current_user ||= (user_from_cookie || user_from_session)
+      end
+
+      def signed_in?
+        ! current_user.nil?
+      end
+
+      protected
+
+      def authenticate
+        deny_access unless signed_in?
+      end
+
+      def user_from_session
+        if session[:user_id]
+          return nil  unless user = ::User.find_by_id(session[:user_id])
+          return user if     user.email_confirmed?
+        end
+      end
+
+      def user_from_cookie
+        if token = cookies[:remember_token]
+          return nil  unless user = ::User.find_by_token(token)
+          return user if     user.remember?
+        end
+      end
+
+      def sign_user_in(user)
+        sign_in(user)
+      end
+
+      def sign_in(user)
+        if user
+          session[:user_id] = user.id
+        end
+      end
+
+      def redirect_back_or(default)
+        session[:return_to] ||= params[:return_to]
+        if session[:return_to]
+          redirect_to(session[:return_to])
+        else
+          redirect_to(default)
+        end
+        session[:return_to] = nil
+      end
+
+      def redirect_to_root
+        redirect_to root_url
+      end
+
+      def store_location
+        session[:return_to] = request.request_uri if request.get?
+      end
+
+      def deny_access(flash_message = nil, opts = {})
+        store_location
+        flash[:failure] = flash_message if flash_message
+        redirect_to new_session_url
+      end
+    end
+
+  end
+end

data/lib/clearance/extensions/errors.rb

@@ -0,0 +1,4 @@
+module ActionController
+  class Forbidden < StandardError
+  end
+end

data/lib/clearance/extensions/rescue.rb

@@ -0,0 +1 @@
+ActionController::Base.rescue_responses.update('ActionController::Forbidden' => :forbidden)