Skip to content
Browse files

updated restful authentication plugin

  • Loading branch information...
1 parent 69ea2ae commit d13c483e43e6b528855ba48cdade03eafedf815a activefx committed Sep 3, 2008
View
2 app/controllers/application.rb
@@ -13,7 +13,7 @@ class ApplicationController < ActionController::Base
# See ActionController::RequestForgeryProtection for details
# Uncomment the :secret if you're not using the cookie session store
- protect_from_forgery # :secret => 'b724d22075f44391eda9cbfdc8fc6ec0'
+ protect_from_forgery
# See ActionController::Base for details
# Uncomment this to filter the contents of submitted sensitive data parameters
View
5 app/controllers/sessions_controller.rb
@@ -2,13 +2,14 @@
class SessionsController < ApplicationController
before_filter :login_prohibited, :only => [:new, :create]
before_filter :login_required, :only => [:destroy]
+ protect_from_forgery :only => [ :new, :destroy ]
# render new.html.erb
def new
end
- def create
- logout_keeping_session!
+ def create
+ logout_keeping_session!
if using_open_id?
open_id_authentication(params[:openid_identifier])
else
View
1 app/controllers/user/activations_controller.rb
@@ -2,6 +2,7 @@ class User::ActivationsController < ApplicationController
before_filter :login_prohibited
def activate
+ logout_keeping_session!
begin
if user = User.find_with_activation_code(params[:activation_code])
user.activate!
View
8 app/views/sessions/new.html.erb
@@ -1,20 +1,20 @@
<h1>Log In</h1>
<% form_tag session_path do -%>
-<p><label for="login">Login</label><br/>
+<p><%= label_tag 'login' %><br />
<%= text_field_tag 'login', @login %></p>
-<p><label for="password">Password</label><br/>
+<p><%= label_tag 'password' %><br/>
<%= password_field_tag 'password', nil %><br/>
<%= link_to 'Forgot Password?', forgot_password_path %></p>
<p>Or use OpenID:</p>
-<p><label for="openid_identifier">OpenID:</label><br/>
+<p><%= label_tag 'openid_indentifier', 'OpenID' %><br/>
<%= text_field_tag "openid_identifier", @openid_identifier %></p>
<p>Stay logged in on this computer:<br/>
-<label for="remember_me">Remember me:</label>
+<%= label_tag 'remember_me', 'Remember me' %>
<%= check_box_tag 'remember_me', '1', @remember_me %></p>
<p><%= submit_tag 'Log in', :disable_with => "Signing in&hellip;" %></p>
View
0 app/views/user_mailer/activation.html.erb → app/views/user_mailer/activation.erb
File renamed without changes.
View
0 ...iews/user_mailer/forgot_password.html.erb → app/views/user_mailer/forgot_password.erb
File renamed without changes.
View
0 ...views/user_mailer/reset_password.html.erb → app/views/user_mailer/reset_password.erb
File renamed without changes.
View
0 .../user_mailer/signup_notification.html.erb → ...views/user_mailer/signup_notification.erb
File renamed without changes.
View
3 config/routes.rb
@@ -8,7 +8,8 @@
map.forgot_password '/forgot_password', :controller => 'user/passwords', :action => 'new'
map.reset_password '/reset_password/:id', :controller => 'user/passwords', :action => 'edit', :id => nil
map.resend_activation '/resend_activation', :controller => 'user/activations', :action => 'edit'
-
+
+
map.namespace :admin do |admin|
admin.resources :users, :member => { :enable => :put } do |users|
users.resources :roles
View
9 lib/authenticated_system.rb
@@ -31,7 +31,7 @@ def current_user=(new_user)
# current_user.login != "bob"
# end
#
- def authorized?(action=nil, resource=nil, *args)
+ def authorized?(action = action_name, resource = nil)
logged_in? && current_user.enabled?
end
@@ -76,8 +76,9 @@ def access_denied
redirect_to new_session_path
end
# format.any doesn't work in rails version < http://dev.rubyonrails.org/changeset/8987
- # you may want to change format.any to e.g. format.any(:js, :xml)
- format.any do
+ # Add any other API formats here. Some browsers send Accept: */* and
+ # trigger the 'format.any' block incorrectly.
+ format.any(:json, :xml) do
request_http_basic_authentication 'Web Password'
end
end
@@ -172,7 +173,7 @@ def valid_remember_cookie?
end
# Refresh the cookie auth token if it exists, create it otherwise
- def handle_remember_cookie! new_cookie_flag
+ def handle_remember_cookie!(new_cookie_flag)
return unless @current_user
case
when valid_remember_cookie? then @current_user.refresh_token # keeping same expiry date
View
41 lib/authentication/user_abstraction.rb
@@ -16,18 +16,22 @@ def self.included( recipient )
recipient.class_eval do
include ModelInstanceMethods
- validates_presence_of :login
- validates_length_of :login, :within => 3..40
- validates_uniqueness_of :login, :case_sensitive => false
- validates_format_of :login, :with => RE_LOGIN_OK, :message => MSG_LOGIN_BAD
-
- validates_format_of :name, :with => RE_NAME_OK, :message => MSG_NAME_BAD, :allow_nil => true
- validates_length_of :name, :maximum => 100
-
- validates_presence_of :email
- validates_length_of :email, :within => 6..100 #r@a.wk
- validates_uniqueness_of :email, :case_sensitive => false
- validates_format_of :email, :with => RE_EMAIL_OK, :message => MSG_EMAIL_BAD
+ validates_presence_of :login
+ validates_length_of :login, :within => 3..40
+ validates_uniqueness_of :login
+ validates_format_of :login, :with => Authentication.login_regex,
+ :message => Authentication.bad_login_message
+
+ validates_format_of :name, :with => Authentication.name_regex,
+ :message => Authentication.bad_name_message,
+ :allow_nil => true
+ validates_length_of :name, :maximum => 100
+
+ validates_presence_of :email
+ validates_length_of :email, :within => 6..100 #r@a.wk
+ validates_uniqueness_of :email
+ validates_format_of :email, :with => Authentication.email_regex,
+ :message => Authentication.bad_email_message
before_create :make_activation_code
@@ -48,8 +52,8 @@ module ModelClassMethods
# This will also let us return a human error message.
#
def authenticate(login, password)
+ return nil if login.blank? || password.blank?
u = find :first, :conditions => ['login = ?', login] # need to get the salt
- #u && u.authenticated?(password) ? u : nil
return nil unless (u && u.authenticated?(password))
raise NotActivated unless u.active?
raise NotEnabled unless u.enabled?
@@ -104,6 +108,14 @@ def find_for_forget(email)
#
module ModelInstanceMethods
+ def login=(value)
+ write_attribute :login, (value ? value.downcase : nil)
+ end
+
+ def email=(value)
+ write_attribute :email, (value ? value.downcase : nil)
+ end
+
def has_role?(role_in_question)
@_list ||= self.roles.collect(&:name)
#Users with role "admin" can access any role protected resource
@@ -122,18 +134,19 @@ def change_password!(old_password, new_password, new_confirmation)
# Activates the user in the database.
def activate!
+ @activated = true
self.activated_at = Time.now.utc
#Leave activation code in place to determine if already activated.
#self.activation_code = nil
save(false)
- @activated = true
end
def recently_activated?
@activated
end
def active?
+ # If the activated_at date has not been set the user is not active
!activated_at.blank?
end
View
1 spec/controllers/authenticated_system_spec.rb
@@ -4,6 +4,7 @@
# Then, you can remove it from this and the units test.
include AuthenticatedTestHelper
include AuthenticatedSystem
+def action_name() end
describe SessionsController do
fixtures :users
View
6 spec/controllers/sessions_controller_spec.rb
@@ -42,8 +42,8 @@ def do_create
end
end
it "kills existing login" do controller.should_receive(:logout_keeping_session!); do_create; end
- it "authorizes me" do do_create; controller.authorized?().should be_true; end
- it "logs me in" do do_create; controller.logged_in?().should be_true end
+ it "authorizes me" do do_create; controller.send(:authorized?).should be_true; end
+ it "logs me in" do do_create; controller.send(:logged_in?).should be_true end
it "greets me nicely" do do_create; response.flash[:notice].should =~ /success/i end
it "sets/resets/expires cookie" do controller.should_receive(:handle_remember_cookie!).with(want_remember_me); do_create end
it "sends a cookie" do controller.should_receive(:send_remember_cookie!); do_create end
@@ -78,7 +78,7 @@ def do_create
it 'logs out keeping session' do controller.should_receive(:logout_keeping_session!); do_create end
it 'flashes an error' do do_create; flash[:error].should =~ /Couldn't log you in as 'quentin'/ end
it 'renders the log in page' do do_create; response.should render_template('new') end
- it "doesn't log me in" do do_create; controller.logged_in?().should == false end
+ it "doesn't log me in" do do_create; controller.send(:logged_in?).should == false end
it "doesn't send password back" do
@login_params[:password] = 'FROBNOZZ'
do_create
View
4 spec/fixtures/users.yml
@@ -4,7 +4,7 @@ quentin:
login: quentin
email: quentin@example.com
salt: 356a192b7913b04c54574d18c28d46e6395428ab # SHA1('0')
- crypted_password: 57a27c74aad787c7cef19eef407d2fee8f116669 # 'monkey'
+ crypted_password: df42adbd0b4f7d31af495bcd170d4496686aecb1 # 'monkey'
created_at: <%= 5.days.ago.to_s :db %>
remember_token_expires_at: <%= 1.days.from_now.to_s %>
remember_token: 77de68daecd823babbb58edb1c8e14d7106e83bb
@@ -16,7 +16,7 @@ aaron:
login: aaron
email: aaron@example.com
salt: da4b9237bacccdf19c0760cab7aec4a8359010b0 # SHA1('1')
- crypted_password: b65b8a6408f61d3d4228687bec5e91a69fc022e8 # 'monkey'
+ crypted_password: 5326a08cf4f5618c9e9fb059f949e58671f74b29 # 'monkey'
created_at: <%= 1.days.ago.to_s :db %>
remember_token_expires_at:
remember_token:
View
22 spec/models/user_spec.rb
@@ -1,4 +1,4 @@
-# -*- coding: mule-utf-8 -*-
+# -*- coding: utf-8 -*-
require File.dirname(__FILE__) + '/../spec_helper'
# Be sure to include AuthenticatedTestHelper in spec/spec_helper.rb instead.
@@ -16,7 +16,7 @@
violated "#{@user.errors.full_messages.to_sentence}" if @user.new_record?
end
end
-
+
it 'increments User#count' do
@creating_user.should change(User, :count).by(1)
end
@@ -28,10 +28,10 @@
end
end
- #
+ #
# Validations
#
-
+
it 'requires login' do
lambda do
u = create_user(:login => nil)
@@ -40,7 +40,7 @@
end
describe 'allows legitimate logins:' do
- ['123', '1234567890_234567890_234567890_234567890',
+ ['123', '1234567890_234567890_234567890_234567890',
'hello.-_there@funnychar.com'].each do |login_str|
it "'#{login_str}'" do
lambda do
@@ -52,7 +52,7 @@
end
describe 'disallows illegitimate logins:' do
['12', '1234567890_234567890_234567890_234567890_', "tab\t", "newline\n",
- "Iñtërnâtiônàlizætiøn hasn't happened to ruby 1.8 yet",
+ "Iñtërnâtiônàlizætiøn hasn't happened to ruby 1.8 yet",
'semicolon;', 'quote"', 'tick\'', 'backtick`', 'percent%', 'plus+', 'space '].each do |login_str|
it "'#{login_str}'" do
lambda do
@@ -88,7 +88,7 @@
['foo@bar.com', 'foo@newskool-tld.museum', 'foo@twoletter-tld.de', 'foo@nonexistant-tld.qq',
'r@a.wk', '1234567890-234567890-234567890-234567890-234567890-234567890-234567890-234567890-234567890@gmail.com',
'hello.-_there@funnychar.com', 'uucp%addr@gmail.com', 'hello+routing-str@gmail.com',
- 'domain@can.haz.many.sub.doma.in',
+ 'domain@can.haz.many.sub.doma.in', 'student.name@university.edu'
].each do |email_str|
it "'#{email_str}'" do
lambda do
@@ -115,7 +115,7 @@
end
describe 'allows legitimate names:' do
- ['Andre The Giant (7\'4", 520 lb.) -- has a posse',
+ ['Andre The Giant (7\'4", 520 lb.) -- has a posse',
'', '1234567890_234567890_234567890_234567890_234567890_234567890_234567890_234567890_234567890_234567890',
].each do |name_str|
it "'#{name_str}'" do
@@ -157,11 +157,11 @@
User.authenticate('quentin', 'monkey').should == users(:quentin)
end
- it "doesn't authenticates user with bad password" do
- User.authenticate('quentin', 'monkey').should == users(:quentin)
+ it "doesn't authenticate user with bad password" do
+ User.authenticate('quentin', 'invalid_password').should be_nil
end
- if REST_AUTH_SITE_KEY.blank?
+ if REST_AUTH_SITE_KEY.blank?
# old-school passwords
it "authenticates a user against a hard-coded old-style password" do
User.authenticate('old_password_holder', 'test').should == users(:old_password_holder)
View
2 stories/rest_auth_stories_helper.rb
@@ -4,7 +4,7 @@
# Most of the below came out of code from Ben Mabey
# http://www.benmabey.com/2008/02/04/rspec-plain-text-stories-webrat-chunky-bacon/
-# These allow exceptions to come through as opposed to being caught and hvaing non-helpful responses returned.
+# These allow exceptions to come through as opposed to being caught and having non-helpful responses returned.
ActionController::Base.class_eval do
def perform_action
perform_action_without_rescue
2 vendor/plugins/restful_authentication
@@ -1 +1 @@
-Subproject commit 2d24dae056f4d2b68c69429ed4395cdd8b02efb2
+Subproject commit 2dc76e7cb2bef0d919f587b52f13f7a95ab7e82c

0 comments on commit d13c483

Please sign in to comment.
Something went wrong with that request. Please try again.