app/controllers/open_id_registrations_controller.rb app/helpers/open_id_registrations_helper.rb app/models/facebook_identity.rb app/views/open_id_registrations/error.html.erb config/facebooker.yml db/migrate/20090107200544_create_facebook_identities.rb lib/facebook_utils.rb public/javascripts/facebooker.js public/xd_receiver.html spec/controllers/open_id_registrations_controller_spec.rb spec/fixtures/facebook_identities.yml spec/helpers/open_id_registrations_helper_spec.rb spec/models/facebook_identity_spec.rb @@ -1,5 +1,7 @@ class AjaxValidationsController < ApplicationController + skip_before_filter :load_user + def validate_email respond_to do |wants| wants.html { } app/controllers/ajax_validations_controller.rb @@ -19,15 +19,33 @@ class ApplicationController < ActionController::Base # from your application log (in this case, all fields with names like "password"). filter_parameter_logging :password, :password_confirmation, :old_password + before_filter :set_facebook_session before_filter :load_user + helper_method :facebook_session private def load_user @user_session = UserSession.find @current_user = @user_session && @user_session.record + + if @current_user.nil? && (params[:controller] != 'third_party_registrations_controller') + load_facebook_user + end end + def load_facebook_user + # if the session isn't secured, we don't have a good user id + if facebook_session and facebook_session.secured? and !request_is_facebook_tab? + if face_id = FacebookIdentity.find_by_facebook_id( facebook_session.user.id ) + @current_user = face_id.user + else + # we have a facebook_session not associated with a user so redirect to complete registration page. + redirect_to :action => 'edit', :controller => :third_party_registrations + end + end + end + def store_location session[:return_to] = request.request_uri end app/controllers/application.rb @@ -1,73 +1,31 @@ class ThirdPartyRegistrationsController < ApplicationController - include OpenIdUtils - layout 'full_width' before_filter :require_no_user + # skip_filter :load_user, :only => [:edit, :update] # GET /third_party_registration/new + # Displays the third party registration form. That view will then post to the correct controller for the + # specific kind of registration method selected. def new @openid_identifier = params[:openid_identifier] end - # The entry point action for User and UserSession creation. - # Applies business rules to determine if open_id_authentication should be used vs. the regular un/pw process. - # - # if the user entered an email - # if the email matches an account - # error - user already exists - # else no account - # if EAUT returns an openid - # do openid - # else - # do un/pw - # else - # try openid with whatever the user provided - def create - - if using_open_id? - open_id_authentication( :required => [ :email ], :optional => [ :nickname ] ) - - else # the field entered is an email - - if user = User.find_by_email( params[:openid_identifier] ) - flash[:error] = 'An account with this email already exists.' - @openid_identifier = params[:openid_identifier] - render :action => :new - - else - # try EAUT # TODO: Refactor acts_as_eaut to yield a result wrapping status and error messages - begin - eaut_id = get_openid_for_email( params[:openid_identifier], :use_fallback_service => false ) - rescue - end - - if eaut_id - params[:openid_identifier] = eaut_id - open_id_authentication( :required => [ :email ], :optional => [ :nickname ] ) - - else - # TODO check what they want to do here? display error page : redirect to un/pw - redirect_to new_user_path # do un/pw signup - - end # if eaut_id - end # if user exists - end # if using_open_id? - end - - + # This action displays the complete registration form. def edit @user = User.new params[:user] end def update - redirect_to( :action => 'new' ) and return unless session[:openid_identifier] + redirect_to( :action => 'new' ) and return unless ( session[:openid_identifier] || ( facebook_session && facebook_session.user ) ) @user = User.new params[:user] - @user.open_ids << OpenId.new( :openid_identifier => session[:openid_identifier] ) + + @user.open_ids << OpenId.new( :openid_identifier => session[:openid_identifier] ) if session[:openid_identifier] + @user.facebook_identity = FacebookIdentity.new( :facebook_id => facebook_session.user.id ) if ( facebook_session && facebook_session.user ) respond_to do |format| if @user.save @@ -82,21 +40,4 @@ class ThirdPartyRegistrationsController < ApplicationController end end end - - private - - def successful_openid_authentication( openid_identifier, registration = {} ) - if user = User.find_by_open_id(openid_identifier) - flash[:error] = "This OpenID is already in use." - render :action => 'new' - else - session[:openid_identifier] = openid_identifier - redirect_to :action => 'edit', :user => { :screen_name => registration['nickname'], :email => registration['email'] } - end - end - - def failed_openid_authentication( message ) - render :template => 'third_party_registrations/error' - end - end app/controllers/third_party_registrations_controller.rb @@ -18,7 +18,15 @@ class UserSessionsController < ApplicationController # Logs the user out. # Mapped to route /logout def destroy - @user_session.destroy + @user_session.destroy if @user_session + + # handle facebook cookies + cookies.keys.each do |key| + if key =~ Regexp.new( Facebooker.api_key ) + cookies.delete key + end + end + flash[:notice] = 'Logout successful!' redirect_to login_url end @@ -40,7 +48,7 @@ class UserSessionsController < ApplicationController # else # try openid with whatever the user provided def create - + if using_open_id? open_id_authentication :using_ajax => true app/controllers/user_sessions_controller.rb @@ -1,10 +1,11 @@ # == Schema Information -# Schema version: 20081119192750 +# Schema version: 20090107200544 # # Table name: users # # id :integer(4) not null, primary key # screen_name :string(50) +# first_name :string(50) # email :string(255) # crypted_password :string(255) # password_salt :string(255) @@ -37,6 +38,7 @@ class User < ActiveRecord::Base attr_accessor :password_confirmation has_many :open_ids, :dependent => :destroy + has_one :facebook_identity, :dependent => :destroy def to_param screen_name @@ -110,9 +112,9 @@ class User < ActiveRecord::Base def validate_password # TODO: Check if we should do any pw length or contents validation... - if password.to_s.empty? and open_ids.empty? # and self.facebook_identity.nil? + if password.to_s.empty? && open_ids.empty? && self.facebook_identity.nil? errors.add_to_base( "You didn't choose a password. Please enter a password and try again.") - elsif open_ids.empty? and (password.to_s != password_confirmation.to_s && !password_confirmation.nil?) + elsif open_ids.empty? && self.facebook_identity.nil? && (password.to_s != password_confirmation.to_s && !password_confirmation.nil?) errors.add_to_base( "Your password and confirmation did not match. Please re-enter them and try again.") end end app/models/user.rb @@ -9,7 +9,12 @@ <%= stylesheet_link_tag :defaults, :cache => true %> <%= javascript_include_tag :defaults, :cache => true %> <%= javascript_include_tag( @page_specific_js, :cache => 'page_specific' ) if @page_specific_js %> - + +<% if facebook_session -%> +<%= fb_connect_javascript_tag %> +<%= init_fb_connect ["XFBML"], "{\"ifUserNotConnected\":\"/login\"}" %> +<% end -%> + <%= yield :head %> </head> \ No newline at end of file app/views/layout_components/_head.html.erb @@ -1,6 +1,6 @@ <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> -<html xmlns="http://www.w3.org/1999/xhtml"> +<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml" > <%= render :partial => "layout_components/head" %> app/views/layouts/basic.html.erb @@ -1,6 +1,6 @@ <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> -<html xmlns="http://www.w3.org/1999/xhtml"> +<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml"> <%= render :partial => "layout_components/head" %> app/views/layouts/full_width.html.erb @@ -1,6 +1,6 @@ <h1>Join Ma.gnolia</h1> -<% form_tag( third_party_registration_path ) do %> +<% form_tag( open_id_registration_path ) do %> <div id='third_party_instructions' style='float: right; width: 450px; border: 1px dashed grey; padding: 1em;'> <p> @@ -17,7 +17,9 @@ :style => 'margin-left: 3em;', :id => 'instruction_link' %> </p> -<p>or use your <%= link_to 'Facebook account', root_url %> </p> +<%= fb_connect_javascript_tag %> +<%= init_fb_connect ["XFBML"] %> +<p>or sign up with Facebook: <span style='position: relative; top: 7.5px;'><%= fb_login_button 'doFacebookLogin()' %></span></p> <% javascript_tag do -%> $('instruction_link').show(); $('third_party_instructions').hide(); app/views/third_party_registrations/new.html.erb @@ -26,6 +26,9 @@ <p><%= f.check_box :remember_me, :style => 'vertical-align: middle;' %><%= f.label :remember_me, 'Keep me signed in' %></p> + <%= fb_connect_javascript_tag %> + <%= init_fb_connect ["XFBML"] %> + <p>You can also sign in with Facebook: <span style='position: relative; top: 7.5px;'><%= fb_login_button 'doFacebookLogin()' %></span></p> <% end %> <p>Not a member? You can <%= link_to 'Join Free', signup_url %>.</p> app/views/user_sessions/new.html.erb @@ -36,7 +36,7 @@ Rails::Initializer.run do |config| # config.gem "aws-s3", :lib => "aws/s3" config.gem 'rubyist-aasm', :lib => 'aasm' config.gem 'ruby-openid', :lib => 'openid' - config.gem 'authlogic' + # config.gem 'authlogic' # Only load the plugins named here, in the order given. By default, all plugins # in vendor/plugins are loaded in alphabetical order. config/environment.rb @@ -7,15 +7,21 @@ ActionController::Routing::Routes.draw do |map| map.resources :users map.resource :user_session map.resource :third_party_registration + map.resource :open_id_registration map.resources :user_activations map.resources :password_resets + # facebook application + map.resources :seeds, :conditions => { :canvas => true } + # ================== # = Administration = # ================== # map.namespace :admin do |admin| # end + map.connect 'connect', :controller => 'connect', :action => 'index' + map.validate_screen_name 'registration/check_screen_name', :controller => 'ajax_validations', :action => 'validate_screen_name' map.validate_email 'registration/check_email', :controller => 'ajax_validations', :action => 'validate_email' @@ -24,5 +30,4 @@ ActionController::Routing::Routes.draw do |map| map.orientation 'orientation', :controller => 'pages', :action => 'show', :page => 'orientation' map.root :controller => 'pages', :action => 'show', :page => 'home' - end config/routes.rb @@ -9,7 +9,17 @@ # # It's strongly recommended to check this file into your version control system. -ActiveRecord::Schema.define(:version => 20081119192750) do +ActiveRecord::Schema.define(:version => 20090107200544) do + + create_table "facebook_identities", :force => true do |t| + t.integer "facebook_id" + t.integer "user_id" + t.datetime "created_at" + t.datetime "updated_at" + end + + add_index "facebook_identities", ["facebook_id"], :name => "index_facebook_identities_on_facebook_id" + add_index "facebook_identities", ["user_id"], :name => "index_facebook_identities_on_user_id" create_table "open_id_authentication_associations", :force => true do |t| t.integer "issued" db/schema.rb @@ -1,7 +1,7 @@ module BeforeFilterRequirements - LOGGED_IN_ERROR_MESSAGE = 'You must be logged in to access this page.' - LOGGED_OUT_ERROR_MESSAGE = 'You must be logged out to access this page.' + LOGGED_IN_ERROR_MESSAGE = 'You must be logged in to access the page you requested.' + LOGGED_OUT_ERROR_MESSAGE = 'You must be logged out to access the page you requested.' private lib/before_filter_requirements.rb @@ -711,6 +711,9 @@ Object.extend(Object.extend(Magnolia.Bookmark.prototype, Blueprint.Basic), { } }); +// =========================== +// = Registration Validation = +// =========================== function checkScreenName(name, element, token){ $(element).update("<img src=\"/images/chrome/spinner_on_b.gif\" class=\"status_icon\" /> Checking..."); @@ -731,3 +734,13 @@ function checkPasswords(element) { element.update("<img src=\"/images/icons/green_accept.gif\" class=\"status_icon\"/> Password verified."); else element.update("<img src=\"/images/icons/yellow_reject.gif\" class=\"status_icon\"/> Passwords do not match."); } + +// ============================== +// = Facebook Connect Callbacks = +// ============================== + +// called from the login page. just redirects to root. the presence of the facebook connect cookies will +// then be detected by the set_facebook_session and load_user before_filters +function doFacebookLogin() { + window.location="/"; +} public/javascripts/application.js @@ -24,118 +24,6 @@ describe ThirdPartyRegistrationsController do end - describe "responding to POST create" do - - describe "with an open_id_identifier" do - - describe "which is valid and not an email" do - it "should do OpenId authentication" do - @controller.should_receive(:using_open_id?).and_return(true) - @controller.should_receive(:open_id_authentication) - post :create, :openid_identifier => 'foo.myopenid.com' - end - end - - describe "which is an email" do - - describe "that is already in use" do - - before(:each) do - @controller.should_receive(:using_open_id?).and_return(false) - end - - it "should return an error message" do - User.should_receive(:find_by_email).with('foo@myopenid.com').and_return(mock_user) - post :create, :openid_identifier => 'foo@myopenid.com' - flash[:error].should match( /email/ ) - end - - it "should re-render the new form" do - User.should_receive(:find_by_email).with('foo@myopenid.com').and_return(mock_user) - post :create, :openid_identifier => 'foo@myopenid.com' - response.should render_template('new') - end - end - - describe "that is not in use" do - - it "should try to translate the email to an OpenId" do - @controller.should_receive(:get_openid_for_email).with( 'foo@myopenid.com', :use_fallback_service => false ) - post :create, :openid_identifier => 'foo@myopenid.com' - end - - it "should do OpenId authentication if the email could be translated to an OpenId" do - @controller.should_receive(:get_openid_for_email).and_return('foo.myopenid.com') - @controller.should_receive(:open_id_authentication) - post :create, :openid_identifier => 'foo@myopenid.com' - end - - it "should redirect to un/pw registration if the email could NOT be translated to an OpenId" do - @controller.should_receive(:get_openid_for_email).and_return(nil) - post :create, :openid_identifier => 'foo@myopenid.com' - response.should redirect_to(new_user_path) - end - end - - end # with email - end # with openid_identifier - - describe "with OpenId complete callback" do - - describe "successful" do - - before(:each) do - result = mock_model( OpenIdAuthentication::Result, { :successful? => true, :message => 'pass' } ) - sreg = mock_model( OpenID::SReg::Request ) - sreg.stub!(:[]).with( 'email' ).and_return( 'foo@myopenid.com' ) - sreg.stub!(:[]).with( 'nickname' ).and_return( 'foo' ) - @controller.should_receive(:authenticate_with_open_id).with( - 'foo.myopenid.com', - :required => [ :email ], - :optional => [ :nickname ] - ).and_yield( result, 'foo.myopenid.com', sreg ) - end - - describe "but OpenId is already in use" do - - before(:each) do - User.should_receive( :find_by_open_id ).with( 'foo.myopenid.com' ).and_return( mock_user ) - end - - it "should alert user that OpenId is in use" do - post :create, :openid_identifier => 'foo.myopenid.com' - flash[:error].should match( /in use/ ) - end - - it "should re-render to the new page" do - post :create, :openid_identifier => 'foo.myopenid.com' - response.should render_template( 'new' ) - end - - end - - describe "and OpenId is not in use" do - - before(:each) do - User.should_receive( :find_by_open_id ).with( 'foo.myopenid.com' ).and_return( nil ) - end - - it "should set the openid_identifier in the session" do - post :create, :openid_identifier => 'foo.myopenid.com' - @controller.session[:openid_identifier].should ==('foo.myopenid.com') - end - - it "should redirect to edit action with user params" do - post :create, :openid_identifier => 'foo.myopenid.com' - response.should redirect_to( edit_third_party_registration_url( :user => { :screen_name => 'foo', :email => 'foo@myopenid.com' } ) ) - end - end - - end # successful - end # with OpenId complete callback - - end # POST create - describe "responding to PUT update" do describe "without an authenticated openid_identifier" do spec/controllers/third_party_registrations_controller_spec.rb @@ -1,10 +1,11 @@ # == Schema Information -# Schema version: 20081119192750 +# Schema version: 20090107200544 # # Table name: users # # id :integer(4) not null, primary key # screen_name :string(50) +# first_name :string(50) # email :string(255) # crypted_password :string(255) # password_salt :string(255) spec/fixtures/users.yml @@ -2,7 +2,7 @@ module BeforeFilterSpecHelper # Returns an Array containing the actions for the current controller to which the given filter has been applied def get_actions_to_test(filter_method) - + current_filter = controller.class.filter_chain.detect do |f| f.kind_of?( ActionController::Filters::BeforeFilter ) && f.method == filter_method end spec/spec_helpers/before_filter_spec_helper.rb @@ -11,7 +11,7 @@ module Authlogic # without establishing a DB connection. In your framework environment this is done for you, but if you are using Authlogic outside of your frameword, you need to assign a controller # object to Authlogic via Authlogic::Session::Base.controller = obj. def activated? - !controller.blank? + !controller.nil? end def controller=(value) # :nodoc: vendor/plugins/authlogic/lib/authlogic/session/base.rb @@ -7,11 +7,16 @@ module Facebooker javascript_include_tag "http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" end - def init_fb_connect(*required_features) - init_string = "FB.Facebook.init('#{Facebooker.api_key}','/xd_receiver.html');" + # See: http://wiki.developers.facebook.com/index.php/JS_API_M_FB.Facebook.Init_2 + # See: http://wiki.developers.facebook.com/index.php/JS_API_M_FB.Bootstrap.requireFeatures + # - required_features: an array of strings for the Facebook Features to be loaded by the FB JS API + # - app_settings: Needs to be a string containing a json hash. + # We can't use to_json for the app_settings because that would prevent passing in callback method references... + def init_fb_connect(required_features = ['Api'], app_settings = '{}') + init_string = "FB.Facebook.init('#{Facebooker.api_key}', '/xd_receiver.html', #{app_settings});" unless required_features.blank? init_string = <<-FBML - Element.observe(window,'load', function() { + Element.observe(window, 'load', function() { FB_RequireFeatures(#{required_features.to_json}, function() { #{init_string} }); vendor/plugins/facebooker/lib/facebooker/rails/helpers/fb_connect.rb app/helpers/open_id_registration_helper.rb app/views/third_party_registrations/error.html.erb 88125f407d153927afd469c19b16fd5d779d0af3 Jesse Clark jesse@jesseclark.com http://github.com/magnolia/magnolia/commit/8ff89bfdbcd86817106800cc70e1782ca0b53065 8ff89bfdbcd86817106800cc70e1782ca0b53065 2009-01-19T12:45:12-08:00 2009-01-19T12:45:12-08:00 facebook connect implemented 483d9e0be25c23d86d398bf11b767cf0d44b65a9 Jesse Clark jesse@jesseclark.com