@@ -5,4 +5,4 @@ This authentication system allows for an easy, plug and play solution to all you authentication and privilege needs. * The currently logged in user's id is stored in the sessionas :current_user_id. - * When creating fixture data, you can use User.hash_password( 'password' ) \ No newline at end of file + * When creating fixture data, you can use User.hash_password('password') \ No newline at end of file README @@ -1,3 +1,5 @@ +Replaces SHA1 with SecureRandom + Overall ! Add Tests TODO @@ -5,25 +5,25 @@ class MhsAuthenticationSystemGenerator < Rails::Generator::Base #TODO: Add tests def manifest record do |m| - m.directory File.join( *%w{ app controllers } ) - m.directory File.join( *%w{ app models } ) - m.directory File.join( *%w{ app views user_reminder_mailer } ) - m.directory File.join( *%w{ app views users } ) - m.directory File.join( *%w{ spec fixtures } ) - m.directory File.join( *%w{ db migrate } ) + m.directory File.join(*%w{ app controllers }) + m.directory File.join(*%w{ app models }) + m.directory File.join(*%w{ app views user_reminder_mailer }) + m.directory File.join(*%w{ app views users }) + m.directory File.join(*%w{ spec fixtures }) + m.directory File.join(*%w{ db migrate }) - m.template 'app/controllers/login_controller.rb', File.join( *%w{ app controllers users_controller.rb } ) - m.template 'app/models/model.rb', File.join( *%w{ app models user.rb } ) - m.template 'app/views/user_reminder_mailer/reminder.html.erb', File.join( *%W{ app views user_reminder_mailer reminder.html.erb } ) - m.template 'app/views/users/login.html.erb', File.join( *%W{ app views users login.html.erb } ) - m.template 'app/views/users/profile.html.erb', File.join( *%W{ app views users profile.html.erb } ) - m.template 'app/views/users/reminder.html.erb', File.join( *%W{ app views users reminder.html.erb } ) - m.template 'app/views/users/signup.html.erb', File.join( *%W{ app views users signup.html.erb } ) - m.template 'spec/fixtures/roles.yml', File.join( *%w{ spec fixtures roles.yml } ) - m.template 'spec/fixtures/privileges_roles.yml', File.join( *%w{ spec fixtures privileges_roles.yml } ) - m.template 'spec/fixtures/privileges.yml', File.join( *%w{ spec fixtures privileges.yml } ) - m.template 'spec/fixtures/users.yml', File.join( *%w{ spec fixtures users.yml } ) - m.migration_template 'db/migrate/migration.rb', File.join( *%w{ db migrate } ), :migration_file_name => "add_mhs_authentication_system" + m.template 'app/controllers/login_controller.rb', File.join(*%w{ app controllers users_controller.rb }) + m.template 'app/models/model.rb', File.join(*%w{ app models user.rb }) + m.template 'app/views/user_reminder_mailer/reminder.html.erb', File.join(*%W{ app views user_reminder_mailer reminder.html.erb }) + m.template 'app/views/users/login.html.erb', File.join(*%W{ app views users login.html.erb }) + m.template 'app/views/users/profile.html.erb', File.join(*%W{ app views users profile.html.erb }) + m.template 'app/views/users/reminder.html.erb', File.join(*%W{ app views users reminder.html.erb }) + m.template 'app/views/users/signup.html.erb', File.join(*%W{ app views users signup.html.erb }) + m.template 'spec/fixtures/roles.yml', File.join(*%w{ spec fixtures roles.yml }) + m.template 'spec/fixtures/privileges_roles.yml', File.join(*%w{ spec fixtures privileges_roles.yml }) + m.template 'spec/fixtures/privileges.yml', File.join(*%w{ spec fixtures privileges.yml }) + m.template 'spec/fixtures/users.yml', File.join(*%w{ spec fixtures users.yml }) + m.migration_template 'db/migrate/migration.rb', File.join(*%w{ db migrate }), :migration_file_name => "add_mhs_authentication_system" end end end generators/mhs_authentication_system/mhs_authentication_system_generator.rb @@ -1,4 +1,4 @@ -dir = File.join( File.dirname( __FILE__), 'lib') +dir = File.join(File.dirname(__FILE__), 'lib') require File.join(dir, 'model') require File.join(dir, 'controller') init.rb @@ -2,7 +2,7 @@ module Mhs module AuthenticationSystem module Controller - def self.included base #:nodoc: + def self.included(base) #:nodoc: base.extend ClassMethods base.send :include, InstanceMethods @@ -15,7 +15,7 @@ module Mhs base.set_login_controller :users_controller base.on_not_logged_in do - redirect_to :controller => self.class.login_controller_name.gsub( /_controller$/, '' ), :action => 'login' + redirect_to :controller => self.class.login_controller_name.gsub(/_controller$/, ''), :action => 'login' end base.on_permission_denied do @@ -40,16 +40,16 @@ module Mhs # This method takes a list of privileges which should be allowes, as well as the options # hash which will be passed to before_filter. def restrict_to *privileges, &blk - options = privileges.last.is_a?( Hash ) ? privileges.pop : {} - - before_filter( options ) do |c| - if !c.current_user.is_a? self.login_model - c.session[:pre_login_url] = c.url_for( c.params ) - c.instance_eval &c.class.not_logged_in - elsif c.current_user.has_privilege?( *privileges ) or (blk and c.instance_eval &blk) - c.instance_eval &c.class.permission_granted + options = privileges.extract_options! + + before_filter(options) do |c| + if !c.current_user.is_a? login_model + c.session[:pre_login_url] = c.url_for(c.params) + c.instance_eval(&c.class.not_logged_in) + elsif c.current_user.has_privilege?(*privileges) or (blk and c.instance_eval(&blk)) + c.instance_eval(&c.class.permission_granted) else - c.instance_eval &c.class.permission_denied + c.instance_eval(&c.class.permission_denied) end end end @@ -100,7 +100,7 @@ module Mhs end def restrict_to *privileges, &blk - if current_user.is_a?( self.class.login_model ) and current_user.has_privilege?( *privileges ) + if current_user.is_a?(self.class.login_model) and current_user.has_privilege?(*privileges) blk.call end end @@ -117,17 +117,18 @@ module Mhs def find_and_set_current_user if session[:current_user_id] - set_current_user self.instance_eval(&self.class.login_model_scope).find(session[:current_user_id]) + set_current_user instance_eval(&self.class.login_model_scope).find(session[:current_user_id]) elsif cookies[:remember_me_token] - model = self.instance_eval(&self.class.login_model_scope).find(:first, :conditions => ["remember_me_token = ? AND remember_me_token_expires_at >= ?", cookies[:remember_me_token], Time.now]) + model = instance_eval(&self.class.login_model_scope).first(:conditions => ["remember_me_token = ? AND remember_me_token_expires_at >= ?", cookies[:remember_me_token], Time.now]) if model model.remember_me! cookies[:remember_me_token] = { :value => model.remember_me_token , :expires => model.remember_me_token_expires_at } end set_current_user model elsif not ActionController::HttpAuthentication::Basic.authorization(request).blank? - model = authenticate_with_http_basic do |email_address, password| - self.instance_eval(&self.class.login_model_scope).login(:email_address => email_address, :password => password) + model = authenticate_with_http_basic do |login_attribute_value, password| + login_attribute = self.class.login_model.mhs_authentication_system_options[:login_attribute] + instance_eval(&self.class.login_model_scope).login(login_attribute => login_attribute_value, :password => password) end if model lib/controller.rb @@ -22,7 +22,7 @@ module Mhs # page before logging in, after logging in they will be redirected to # the page they initially requested rather then the page defined by the # after_login_redirect. Defatut: true - def acts_as_login_controller( options = {} ) + def acts_as_login_controller(options = {}) include Mhs::AuthenticationSystem::LoginController::InstanceMethods extend Mhs::AuthenticationSystem::LoginController::SingletonMethods @@ -43,7 +43,7 @@ module Mhs :signup_email_subject => "Welcome", :track_pre_login_url => true, :reset_session_after_logout => true - }.merge( options ) + }.merge(options) if mhs_authentication_system_options[:allow_signup] include Mhs::AuthenticationSystem::LoginController::SignupInstanceMethods @@ -63,8 +63,8 @@ module Mhs attr_accessor :mhs_authentication_system_options # Update restrict_to to automatically ignore the login, logout, reminder, profile, and signup actions - def restrict_to *privileges, &blk - options = privileges.last.is_a?( Hash ) ? privileges.pop : {} + def restrict_to(*privileges, &blk) + options = privileges.extract_options! if not options[:only] options[:except] = Array(options[:except]) + [:login, :logout, :reminder, :profile, :signup] @@ -79,36 +79,36 @@ module Mhs # successfully logs in. The block will be evaluated in the scope # of the controller. def redirect_after_login &blk - self.mhs_authentication_system_options[:redirect_after_login] = blk + mhs_authentication_system_options[:redirect_after_login] = blk end # Sets the arguments to be passed to redirect_to after a user # successfully logs in. The block will be evaluated in the scope # of the controller. def redirect_after_reminder_login &blk - self.mhs_authentication_system_options[:redirect_after_reminder_login] = blk + mhs_authentication_system_options[:redirect_after_reminder_login] = blk end # Sets the arguments to be passed to redirect_to after a user # successfully logs out. The block will be evaluated in the scope # of the controller. def redirect_after_logout &blk - self.mhs_authentication_system_options[:redirect_after_logout] = blk + mhs_authentication_system_options[:redirect_after_logout] = blk end def after_successful_signup &blk - self.mhs_authentication_system_options[:after_successful_signup] = blk + mhs_authentication_system_options[:after_successful_signup] = blk end def after_failed_signup &blk - self.mhs_authentication_system_options[:after_failed_signup] = blk + mhs_authentication_system_options[:after_failed_signup] = blk end # Sets the arguments to be passed to redirect_to after a user # successfully signs up. The block will be evaluated in the scope # of the controller. def redirect_after_signup &blk - self.mhs_authentication_system_options[:redirect_after_signup] = blk + mhs_authentication_system_options[:redirect_after_signup] = blk end end @@ -123,7 +123,7 @@ module Mhs # - Else, the login template will be rendered. def login if request.post? - instance_variable_set("@#{self.class.login_model_name}", model = self.instance_eval(&self.class.login_model_scope).login(params[self.class.login_model_name.to_sym])) + instance_variable_set("@#{self.class.login_model_name}", model = instance_eval(&self.class.login_model_scope).login(params[self.class.login_model_name])) if model if model.active? if not params[:remember_me].blank? @@ -139,17 +139,17 @@ module Mhs else flash.now[:error] = self.class.mhs_authentication_system_options[:invalid_login_flash] end - elsif params[:id] and params[:token] and reminder = UserReminder.find(:first, :conditions => ["user_id = ? AND token = ? AND expires_at >= ? ", params[:id], params[:token], Time.now]) - model = self.instance_eval(&self.class.login_model_scope).find(reminder.user_id) + elsif params[:id] and params[:token] and reminder = UserReminder.first(:conditions => ["user_id = ? AND token = ? AND expires_at >= ? ", params[:id], params[:token], Time.now]) + model = instance_eval(&self.class.login_model_scope).find(reminder.user_id) model.update_attribute :active, true - self.set_current_user model + set_current_user model reminder.destroy do_redirect_after_reminder_login - elsif self.current_user + elsif current_user do_redirect_after_login return else - instance_variable_set("@#{self.class.login_model_name}", self.instance_eval(&self.class.login_model_scope).new) + instance_variable_set("@#{self.class.login_model_name}", instance_eval(&self.class.login_model_scope).new) flash.now[:notice] ||= self.class.mhs_authentication_system_options[:login_flash] end end @@ -163,13 +163,14 @@ module Mhs set_current_user nil reset_session if self.class.mhs_authentication_system_options[:reset_session_after_logout] end - redirect_to self.instance_eval(&self.class.mhs_authentication_system_options[:redirect_after_logout]) + redirect_to instance_eval(&self.class.mhs_authentication_system_options[:redirect_after_logout]) end def reminder if request.post? - email_address = params[self.class.login_model_name.to_sym][:email_address] - if email_address.blank? || (model = self.instance_eval(&self.class.login_model_scope).find_by_email_address(email_address)).nil? + login_attribute = self.class.login_model.mhs_authentication_system_options[:login_attribute] + login_attribute_value = params[self.class.login_model_name][login_attribute] + if login_model_name.blank? || (model = instance_eval(&self.class.login_model_scope).first(:conditions => { login_attribute => login_attribute_value })).nil? flash.now[:error] = self.class.mhs_authentication_system_options[:reminder_error_flash] else reminder = UserReminder.create_for_user(model, Time.now + self.class.mhs_authentication_system_options[:reminder_login_duration]) @@ -181,7 +182,7 @@ module Mhs redirect_to :action => "login" end else - instance_variable_set("@#{self.class.login_model_name}", self.instance_eval(&self.class.login_model_scope).new) + instance_variable_set("@#{self.class.login_model_name}", instance_eval(&self.class.login_model_scope).new) flash.now[:notice] = self.class.mhs_authentication_system_options[:reminder_flash] end end @@ -192,7 +193,7 @@ module Mhs if request.put? respond_to do |format| - if current_user.update_attributes(params[self.class.login_model_name.to_sym]) + if current_user.update_attributes(params[self.class.login_model_name]) flash[:notice] = 'Your profile was successfully updated.' format.html { do_redirect_after_login } format.xml { head :ok } @@ -210,7 +211,7 @@ module Mhs private def do_redirect_after_reminder_login if blk = self.class.mhs_authentication_system_options[:redirect_after_reminder_login] - redirect_to self.instance_eval(&blk) + redirect_to instance_eval(&blk) else do_redirect_after_login end @@ -221,25 +222,26 @@ module Mhs redirect_to session[:pre_login_url] session[:pre_login_url] = nil else - redirect_to self.instance_eval(&self.class.mhs_authentication_system_options[:redirect_after_login]) + redirect_to instance_eval(&self.class.mhs_authentication_system_options[:redirect_after_login]) end end end module SignupInstanceMethods def signup - instance_variable_set( "@#{self.class.login_model_name}", model = self.instance_eval(&self.class.login_model_scope).new( params[self.class.login_model_name.to_sym] ) ) + instance_variable_set("@#{self.class.login_model_name}", model = instance_eval(&self.class.login_model_scope).new(params[self.class.login_model_name])) if request.post? model.active = self.class.mhs_authentication_system_options[:require_activation] ? false : true if model.save - reminder = UserReminder.create_for_user( model, Time.now + self.class.mhs_authentication_system_options[:reminder_login_duration] ) + reminder = UserReminder.create_for_user(model, Time.now + self.class.mhs_authentication_system_options[:reminder_login_duration]) url = url_for(:action => 'login', :id => model, :token => reminder.token) UserReminderMailer.deliver_signup(model, reminder, url, :from => self.class.mhs_authentication_system_options[:email_from], - :subject => self.class.mhs_authentication_system_options[:signup_email_subject] ) + :subject => self.class.mhs_authentication_system_options[:signup_email_subject] + ) flash[:notice] = self.class.mhs_authentication_system_options[:successful_signup_flash] instance_eval(&self.class.mhs_authentication_system_options[:after_successful_signup]) if self.class.mhs_authentication_system_options[:after_successful_signup] - redirect_to self.instance_eval(&self.class.mhs_authentication_system_options[:redirect_after_signup]) + redirect_to instance_eval(&self.class.mhs_authentication_system_options[:redirect_after_signup]) else instance_eval(&self.class.mhs_authentication_system_options[:after_failed_signup]) if self.class.mhs_authentication_system_options[:after_failed_signup] end lib/login_controller.rb @@ -40,20 +40,23 @@ module Mhs include Mhs::AuthenticationSystem::Model::InstanceMethods self.mhs_authentication_system_options = { - :role_validation => {}, + :login_attribute => :email_address, + :login_validation => {}, + :login_unique_validation => {}, :email_address_validation => {}, :email_address_unique_validation => {}, + :role_validation => {}, :password_validation => "can't be blank", :password_matching_validation => "must match" - }.merge(options.except(:role_validation, :email_address_validation, :email_address_unique_validation)) + }.merge(options.except(:login_validation, :login_unique_validation, :email_address_validation, :email_address_unique_validation, :role_validation)) - options.slice(:role_validation, :email_address_validation, :email_address_unique_validation).each do |key, value| + options.slice(:login_validation, :login_unique_validation, :email_address_validation, :email_address_unique_validation, :role_validation).each do |key, value| if value.is_a?(String) - self.mhs_authentication_system_options[key].merge(:message => value) + mhs_authentication_system_options[key].merge(:message => value) elsif value.is_a?(Hash) - self.mhs_authentication_system_options[key].merge(value) + mhs_authentication_system_options[key].merge(value) elsif value == false - self.mhs_authentication_system_options[key] = false + mhs_authentication_system_options[key] = false else raise ArgumentError, "Expected a String, a Hash, or false but got a #{value.class.name}" end @@ -66,8 +69,14 @@ module Mhs belongs_to :role - if options = mhs_authentication_system_options[:role_validation] - validates_presence_of :role_id, options + if mhs_authentication_system_options[:login_attribute] != :email_address + if options = mhs_authentication_system_options[:login_validation] + validates_presence_of mhs_authentication_system_options[:login_attribute], options + end + + if options = mhs_authentication_system_options[:login_unique_validation] + validates_uniqueness_of mhs_authentication_system_options[:login_attribute], options + end end if options = mhs_authentication_system_options[:email_address_validation] @@ -78,20 +87,24 @@ module Mhs validates_uniqueness_of :email_address, options end - if self.mhs_authentication_system_options[:password_validation] + if options = mhs_authentication_system_options[:role_validation] + validates_presence_of :role_id, options + end + + if mhs_authentication_system_options[:password_validation] validate do |user| password, password_confirmation = user.instance_variable_get("@password"), user.instance_variable_get("@password_confirmation") if password.blank? and password_confirmation.blank? and user.password_hash.blank? - user.errors.add(:password, self.mhs_authentication_system_options[:password_validation]) + user.errors.add(:password, mhs_authentication_system_options[:password_validation]) end end end - if self.mhs_authentication_system_options[:password_matching_validation] + if mhs_authentication_system_options[:password_matching_validation] validate do |user| password, password_confirmation = user.instance_variable_get("@password"), user.instance_variable_get("@password_confirmation") if (password or password_confirmation) and password != password_confirmation - user.errors.add(:password, self.mhs_authentication_system_options[:password_matching_validation]) + user.errors.add(:password, mhs_authentication_system_options[:password_matching_validation]) end end end @@ -100,7 +113,7 @@ module Mhs if user.instance_variable_get("@password") require 'digest/sha1' user.salt ||= Digest::SHA1.hexdigest("--#{Time.now}--#{user.email_address}--") - user.password_hash = self.hash_password(user.instance_variable_get( "@password" ), user.salt) + user.password_hash = hash_password(user.instance_variable_get("@password"), user.salt) end end end @@ -112,8 +125,9 @@ module Mhs # Attempts to find a user by the passed in attributes. The param :password will # be removed and will be checked against the password of the user found (if any). def login(params) - if not params.blank? and user = self.find_by_email_address(params[:email_address]) - self.hash_password(params[:password], user.salt) == user.password_hash ? user : nil + login_attribute = mhs_authentication_system_options[:login_attribute] + if not params.blank? and not params[login_attribute].blank? and user = first(:conditions => { login_attribute => params[login_attribute] }) + hash_password(params[:password], user.salt) == user.password_hash ? user : nil end end @@ -123,9 +137,9 @@ module Mhs # - Else, the stored block is called, giving passing it all arguments def hash_password(*args, &blk) if blk - self.mhs_authentication_system_options[:hash_password] = blk + mhs_authentication_system_options[:hash_password] = blk else - self.mhs_authentication_system_options[:hash_password].call *args + mhs_authentication_system_options[:hash_password].call *args end end end @@ -169,7 +183,7 @@ module Mhs # passed in privileges. Default: false def has_privilege?(*requested_privileges) return false unless role - options = requested_privileges.last.is_a?(Hash) ? requested_privileges.pop : {} + options = requested_privileges.extract_options! matched_privileges = requested_privileges.map(&:to_s) & role.privileges.map(&:name) options[:match_all] ? matched_privileges.size == requested_privileges.size : !matched_privileges.empty? end lib/model.rb @@ -1,10 +1,10 @@ -if( Privilege rescue true ) +if(Privilege rescue true) class ::Privilege < ActiveRecord::Base end end Privilege.class_eval do has_and_belongs_to_many :roles unless Role.reflect_on_association :roles - + validates_presence_of :name end lib/privilege_model.rb @@ -1,4 +1,4 @@ -if( Role rescue true ) +if(Role rescue true) class ::Role < ActiveRecord::Base end end lib/role_model.rb @@ -1,17 +1,17 @@ -if( UserReminderMailer rescue true ) +if(UserReminderMailer rescue true) class ::UserReminderMailer < ActionMailer::Base end end UserReminderMailer.class_eval do - def reminder( user, reminder, url, options = {} ) + def reminder(user, reminder, url, options = {}) recipients user.email_address from options[:from] subject options[:subject] body :user => user, :reminder => reminder, :url => url end - def signup( user, reminder, url, options = {} ) + def signup(user, reminder, url, options = {}) recipients user.email_address from options[:from] subject options[:subject] lib/user_reminder_mailer_model.rb @@ -1,4 +1,4 @@ -if( UserReminder rescue true ) +if(UserReminder rescue true) class ::UserReminder < ActiveRecord::Base end end @@ -16,6 +16,6 @@ private def self.generate_token require 'md5' - MD5.hexdigest( rand.to_s ) + MD5.hexdigest(rand.to_s) end end lib/user_reminder_model.rb @@ -1,4 +1,4 @@ -require File.join(File.dirname( __FILE__ ), '../spec_helper') +require File.join(File.dirname(__FILE__), '../spec_helper') describe DefaultActiveRecordModel, "responds to methods added by Mhs::AuthenticationSystem::Model::ClassMethods" do it "responds to acts_as_login_model" do spec/models/default_active_record_model_spec.rb @@ -1,4 +1,4 @@ -require File.join( File.dirname( __FILE__ ), '../spec_helper' ) +require File.join(File.dirname(__FILE__), '../spec_helper') describe MhsAuthenticationSystemModel, "responds to methods added by Mhs::AuthenticationSystem::Model::ClassMethods" do it "responds to acts_as_login_model" do @@ -108,7 +108,7 @@ describe MhsAuthenticationSystemModel, "validations" do end it "validates the uniqueness of a email address" do - saved_model = MhsAuthenticationSystemModel.create! :email_address => "user@example.com", :role_id => 1 + saved_model = MhsAuthenticationSystemModel.create! :email_address => "user@example.com", :role_id => 1, :password => "password", :password_confirmation => "password" model = MhsAuthenticationSystemModel.new :email_address => "user@example.com" model.should_not be_valid model.errors.on(:email_address).should == "has already been taken" spec/models/mhs_authentication_system_model_spec.rb @@ -21,9 +21,9 @@ ActionController::Routing::Routes.draw {|m| m.connect ':controller/:action/:id' ActionController::Routing.use_controllers! %w(users account admin/users) # Setup logging and db connection -FileUtils.mkdir( File.join( plugin_spec_directory, 'tmp' ) ) unless File.exists?( File.join( plugin_spec_directory, 'tmp' ) ) -ActiveRecord::Base.logger = Logger.new File.join( plugin_spec_directory, 'tmp/test.log' ) -ActiveRecord::Base.establish_connection :adapter => 'sqlite3', :database => File.join( plugin_spec_directory, 'tmp/test.db' ) +FileUtils.mkdir(File.join(plugin_spec_directory, 'tmp')) unless File.exists?(File.join(plugin_spec_directory, 'tmp')) +ActiveRecord::Base.logger = Logger.new File.join(plugin_spec_directory, 'tmp/test.log') +ActiveRecord::Base.establish_connection :adapter => 'sqlite3', :database => File.join(plugin_spec_directory, 'tmp/test.db') # Load schema ActiveRecord::Schema.suppress_messages do spec/spec_helper.rb e9c6d4628538874101f37d79217ee4af3a7e97e8 Mark Van Holstyn mvanholstyn@gmail.com http://github.com/mvanholstyn/mhs_authentication_system/commit/8be1164fc06d3b1dbc8d9922fb230374d8852978 8be1164fc06d3b1dbc8d9922fb230374d8852978 2009-03-04T11:27:38-08:00 2009-03-04T11:27:38-08:00 * Lots of code cleanup (spaces, unnecessary self's, parens) * Added the ability to configure the login attribute (eg. username instead of email_address) 6cf067eb4f978bd323604d07f2a5ae9bc6846da0 Mark Van Holstyn mvanholstyn@gmail.com