db/migrate/20081019163427_add_open_id_authentication_tables.rb db/migrate/20081019163720_add_open_id_url_to_people.rb db/migrate/20081019180856_add_unique_indexes_to_people_on_email_and_open_id_url.rb @@ -7,4 +7,21 @@ class PeopleController < ResourceController::Base flash "Thanks for signing up!" wants.html { redirect_back_or_default(root_url) } end + + def signup_with_open_id + authenticate_with_open_id do |result, identity_url| + @person = Person.new(params[:person]) + @person.open_id_url = identity_url + + @person.open_id_url_authenticated = true if result.successful? + @person.open_id_url_message = result.message + + if @person.save + self.current_person = @person + redirect_back_or_default(root_url) + else + render :action => 'new' + end + end + end end app/controllers/people_controller.rb @@ -3,13 +3,9 @@ class SessionsController < ApplicationController def create logout_keeping_session! person = Person.authenticate(params[:email], params[:password]) + if person - self.current_person = person - new_cookie_flag = (params[:remember_me] == "1") - handle_remember_cookie! new_cookie_flag - - flash[:notice] = "Logged in successfully" - redirect_back_or_default root_url + successful_login(person) else note_failed_signin @email = params[:email] @@ -18,6 +14,21 @@ class SessionsController < ApplicationController end end + def create_with_open_id + logout_keeping_session! + + authenticate_with_open_id do |result, identity_url| + if result.successful? && person = Person.find_by_open_id_url(identity_url) + successful_login(person) + else + flash[:error] = "Could not log you in as #{identity_url}." + flash[:error] << " Message: #{result.message}" unless result.successful? + + render :action => 'new' + end + end + end + def destroy logout_killing_session! flash[:notice] = "You have been logged out." @@ -30,4 +41,13 @@ protected flash[:error] = "Couldn't log you in as '#{params[:email]}'" logger.warn "Failed login for '#{params[:email]}' from #{request.remote_ip} at #{Time.now.utc}" end + + def successful_login(person) + self.current_person = person + new_cookie_flag = (params[:remember_me] == "1") + handle_remember_cookie! new_cookie_flag + + flash[:notice] = "Logged in successfully" + redirect_back_or_default root_url + end end app/controllers/sessions_controller.rb @@ -13,31 +13,44 @@ class Person < ActiveRecord::Base validates_uniqueness_of :email, :case_sensitive => false validates_format_of :email, :with => RE_EMAIL_OK, :message => MSG_EMAIL_BAD - attr_accessible :email, :name, :password, :password_confirmation + validates_uniqueness_of :open_id_url, :if => :open_id_url? + validate :validate_open_id_url_authentication, :if => :open_id_url? + + attr_accessible :email, :name, :password, :password_confirmation, :open_id_url + attr_accessor :open_id_url_authenticated, :open_id_url_message class << self def authenticate(email, password) u = find_by_email(email) # need to get the salt u && u.authenticated?(password) ? u : nil end - + def find_by_valid_password_reset_code(code) u = find_by_password_reset_code(code) u && u.password_reset_code_expires && u.password_reset_code_expires.after?(Time.now) ? u : nil end end - + def create_password_reset_code self[:password_reset_code] = self.class.make_token self[:password_reset_code_expires] = 1.week.from_now save(false) - + PasswordResetMailer.deliver_password_reset(self) end - + def expire_password_reset_code self[:password_reset_code] = nil self[:password_reset_code_expires] = nil save(false) end + + def open_id_url_authenticated? + !!open_id_url_authenticated + end + + protected + def validate_open_id_url_authentication + errors.add(:open_id_url, open_id_url_message) if new_record? && !open_id_url_authenticated? + end end app/models/person.rb @@ -12,6 +12,7 @@ ActionController::Routing::Routes.draw do |map| map.connect '/account', :controller => 'accounts', :action => 'edit' - map.resources :people - map.resource :session, :account + map.resource :account + map.resources :people, :collection => {:signup_with_open_id => :any} + map.resource :session, :member => {:create_with_open_id => :any} end config/routes.rb @@ -9,7 +9,22 @@ # # It's strongly recommended to check this file into your version control system. -ActiveRecord::Schema.define(:version => 20080922172907) do +ActiveRecord::Schema.define(:version => 20081019180856) do + + create_table "open_id_authentication_associations", :force => true do |t| + t.integer "issued" + t.integer "lifetime" + t.string "handle" + t.string "assoc_type" + t.binary "server_url" + t.binary "secret" + end + + create_table "open_id_authentication_nonces", :force => true do |t| + t.integer "timestamp", :null => false + t.string "server_url" + t.string "salt", :null => false + end create_table "people", :force => true do |t| t.string "name", :limit => 100, :default => "" @@ -22,6 +37,10 @@ ActiveRecord::Schema.define(:version => 20080922172907) do t.datetime "remember_token_expires_at" t.string "password_reset_code" t.datetime "password_reset_code_expires" + t.string "open_id_url" end + add_index "people", ["email"], :name => "index_people_on_email", :unique => true + add_index "people", ["open_id_url"], :name => "index_people_on_open_id_url", :unique => true + end db/schema.rb @@ -6,6 +6,10 @@ Factory.sequence :email do |n| "name#{n}@host.com" end +Factory.sequence :open_id_url do |n| + "http://openid#{n}.factory.com" +end + Factory.define :person do |p| p.name { Factory.next :name } p.email { Factory.next :email } @@ -13,6 +17,11 @@ Factory.define :person do |p| p.password_confirmation "monkey" end +Factory.define :person_with_open_id, :parent => :person do |p| + p.open_id_url { Factory.next :open_id_url } + p.open_id_url_authenticated true +end + Factory.define :remembered_person, :parent => :person do |p| p.remember_token { Person.make_token } p.remember_token_expires_at 10.days.from_now test/factories.rb @@ -35,5 +35,31 @@ class PeopleControllerTest < ActionController::TestCase assert_not_nil session[:person_id] end end + + context "Signing up with a valid OpenID" do + setup do + stub_open_id(true, 'you rock') + post :signup_with_open_id, :openid_url => 'http://jamesgolick.com', :person => {:email => "james@giraffesoft.ca", :name => "james", :password => "monkey", :password_confirmation => "monkey"} + end + + should "create a person and associate the OpenID URL with that person" do + assert_not_nil Person.find_by_open_id_url('http://jamesgolick.com') + end + + should_redirect_to("the homepage") { root_url } + end + + context "When signing up with an invalid openid url" do + setup do + Person.find_by_open_id_url('http://jamesgolick.com').andand.destroy + stub_open_id(false, 'you suck') + post :signup_with_open_id, :openid_url => 'http://jamesgolick.com' + end + + should_respond_with :success + should_render_template 'new' + + should_not_change "Person.count" + end end end test/functional/people_controller_test.rb @@ -6,9 +6,7 @@ class SessionsControllerTest < ActionController::TestCase assert_equal @person, current_person end - should "redirect" do - assert_response :redirect - end + should_respond_with :redirect end context "Given an existing person" do @@ -40,27 +38,27 @@ class SessionsControllerTest < ActionController::TestCase end end - context "on get to :destroy" do + context "when already logged in and with a remembered cookie" do setup do @request.cookies["auth_token"] = cookie_for(@person) login_as @person - get :destroy end - should "redirect" do - assert_response :redirect - end + context "on get to :destroy" do + setup do + get :destroy + end - should "log the user out" do - assert_nil session[:person_id] - end + should_respond_with :redirect + should_change "session[:person_id]", :to => nil - should "delete the login token" do - assert @response.cookies["auth_token"].blank? + should "delete the login token" do + assert @response.cookies["auth_token"].blank? + end end end end - + context "on POST to create with invalid credentials" do setup do post :create, :email => 'whatever', :password => 'nothign' @@ -73,7 +71,7 @@ class SessionsControllerTest < ActionController::TestCase assert_nil session[:person_id] end end - + context "Given a remembered person" do setup do @person = Factory(:remembered_person) @@ -113,6 +111,48 @@ class SessionsControllerTest < ActionController::TestCase end end + context "Given a user with OpenID credentials stored" do + setup do + @person = Factory(:person_with_open_id) + end + + context "with a valid openid_url" do + setup do + stub_open_id(true, '', @person.open_id_url) + post :create_with_open_id, :openid_url => @person.open_id_url + end + + should "log that user in" do + assert_equal @person, current_person + end + + should_respond_with :redirect + should_redirect_to("the homepage") { root_url } + end + + context "with an invalid openid_url" do + setup do + stub_open_id(false, 'fail') + post :create_with_open_id, :openid_url => 'http://whatever.com' + end + + should_respond_with :success + should_render_template 'new' + should_set_the_flash_to(/fail/i) + end + + context "With a valid openid that has no user associated with it" do + setup do + stub_open_id(true, '') + post :create_with_open_id, :openid_url => 'http://nobodyhasthisurl.com' + end + + should_respond_with :success + should_render_template 'new' + should_set_the_flash_to(/could not log you in as/i) + end + end + protected def auth_token(token) CGI::Cookie.new('name' => 'auth_token', 'value' => token) test/functional/sessions_controller_test.rb @@ -18,4 +18,8 @@ class ActiveSupport::TestCase def set_mailer_host ActionMailer::Base.default_url_options[:host] = 'test.blankapp.com' end + + def stub_open_id(success, message, url = 'http://jamesgolick.com') + @controller.stubs(:authenticate_with_open_id).yields(stub(:successful? => success, :message => message), url) + end end test/test_helper.rb @@ -5,12 +5,12 @@ class PersonTest < ActiveSupport::TestCase should "set remember_token" do assert_not_nil @person.remember_token end - + should "set remember_token_expires_at" do assert_not_nil @person.remember_token_expires_at end end - + context "With a new person" do setup do @person = Person.new @@ -19,6 +19,14 @@ class PersonTest < ActiveSupport::TestCase should_validate_presence_of :password, :password_confirmation end + context "Given a person using OpenID" do + setup do + @person = Factory(:person_with_open_id) + end + + should_validate_uniqueness_of :open_id_url + end + context "Given an existing person" do setup do @person = Factory(:person) @@ -154,4 +162,20 @@ class PersonTest < ActiveSupport::TestCase end end end + + context "An unauthenticated person using OpenID" do + setup do + @person = Person.new(:open_id_url => 'http://some.openid.provider.net') + @person.open_id_url_message = "you suck" + @person.save + end + + should "NOT save" do + assert @person.new_record? + end + + should "have errors on open_id_url matching the open_id_url_message" do + assert_match /you suck/i, [@person.errors.on(:open_id_url)].flatten.to_sentence + end + end end test/unit/person_test.rb 491e79a1658995ec13db34762430f2e8042851b6 François Beausoleil francois@teksol.info http://github.com/giraffesoft/blank/commit/9308552c2536cfc5a9cbd4022baf284f6e859b79 9308552c2536cfc5a9cbd4022baf284f6e859b79 2009-05-22T09:02:19-07:00 2009-05-22T09:02:19-07:00 Added OpenID authentication & registration 2bc345377a6365aa191e1bfc47a180f472cf9cb1 François Beausoleil francois@teksol.info