Permalink
Browse files

nuke consumers and have an api for managing auth

  • Loading branch information...
1 parent befa1ee commit d8197524f4e0c603e95de088d9d59b7ce5d23420 @atmos committed Nov 24, 2010
View
@@ -8,3 +8,4 @@ bin
vendor
*.gemspec
.bundle
+*.rbc
View
15 Gemfile
@@ -1,19 +1,8 @@
source :gemcutter
-do_version = '~>0.10.1'
-dm_version = '~>0.10.2'
-
group :runtime do
- gem 'dm-core', dm_version
- gem 'extlib', '~>0.9.14'
gem 'sinatra', '~>1.0'
gem 'haml', '~>3.0.0'
- gem 'do_sqlite3', do_version
- gem 'dm-validations', dm_version
- gem 'dm-timestamps', dm_version
- gem 'dm-aggregates', dm_version
- gem 'dm-migrations', dm_version
- gem 'dm-types', dm_version
gem 'ruby-openid', '~>2.1.7'
gem 'guid', '~>0.1.1'
gem 'rack-contrib', '~>0.9.2'
@@ -25,10 +14,8 @@ group :test do
gem 'webrat', '~>0.7.0'
gem 'rspec', '~>1.2.9', :require => 'spec'
gem 'rake'
- gem 'rcov'
+ gem 'addressable', :require => 'addressable/uri'
gem 'cucumber', '~>0.5.1'
- gem 'dm-sweatshop', dm_version
gem 'randexp'
gem 'ParseTree', :require => 'parse_tree'
- gem 'bundler', '~>0.9.24'
end
View
@@ -1,9 +1,9 @@
require 'rubygems'
-require 'bundler'
+require 'bundler/setup'
Bundler.setup(:runtime, :test)
+
require File.expand_path(File.join('..', 'lib', 'hancock'), __FILE__)
-Bundler.require(:test)
require 'rake/gempackagetask'
require 'rubygems/specification'
require 'date'
@@ -28,10 +28,11 @@ spec = Gem::Specification.new do |s|
s.email = EMAIL
s.homepage = HOMEPAGE
- bundle = Bundler::Definition.from_gemfile("Gemfile")
- bundle.dependencies.
- select { |d| d.groups.include?(:runtime) }.
- each { |d| s.add_dependency(d.name, d.version_requirements.to_s) }
+ bundle = Bundler::Definition.build('Gemfile', 'Gemfile.lock', { })
+ bundle.dependencies.each do |dep|
+ next unless dep.groups.include?(:runtime)
+ s.add_dependency(dep.name, dep.version_requirements.to_s)
+ end
s.require_path = 'lib'
s.files = %w(LICENSE README.md Rakefile) + Dir.glob("{features,lib,spec}/**/*")
@@ -53,19 +54,10 @@ desc "Run specs"
Spec::Rake::SpecTask.new do |t|
t.spec_files = FileList['spec/**/*_spec.rb']
t.spec_opts = %w(-fp --color)
-
- t.rcov = true
- t.rcov_opts << '--text-summary'
- t.rcov_opts << '--sort' << 'coverage' << '--sort-reverse'
- t.rcov_opts << '--exclude' << '.gem,.rvm,.bundle,spec,examples'
end
require 'cucumber/rake/task'
Cucumber::Rake::Task.new do |t|
t.libs << 'lib'
t.cucumber_opts = "--format pretty"
- t.rcov = true
- t.rcov_opts << '--text-summary'
- t.rcov_opts << '--sort' << 'coverage' << '--sort-reverse'
- t.rcov_opts << '--exclude' << '.gem,.rvm,.bundle,spec,features,examples'
end
View
@@ -1,11 +1,3 @@
-require 'extlib'
-require 'dm-core'
-require 'dm-types'
-require 'dm-aggregates'
-require 'dm-migrations'
-require 'dm-timestamps'
-require 'dm-validations'
-
require 'openid'
require 'openid/store/filesystem'
require 'openid/extensions/sreg'
@@ -21,4 +13,3 @@
require File.join(lib_dir, 'hancock', 'sso')
require File.join(lib_dir, 'hancock', 'models', 'user')
-require File.join(lib_dir, 'hancock', 'models', 'consumer')
@@ -1,26 +0,0 @@
-module Hancock
- class Consumer
- include DataMapper::Resource
-
- property :id, Serial
- property :url, String, :required => true, :unique => true, :unique_index => true, :length => 2048
- property :label, String, :required => false
- property :internal, Boolean, :required => false, :default => false
-
- def self.allowed?(host)
- !first(:url => host).nil?
- end
-
- def self.visible
- all(:internal => false).select do |c|
- c.label
- end
- end
-
- def self.internal
- all(:internal => true).select do |c|
- c.label
- end
- end
- end
-end
View
@@ -1,73 +1,23 @@
module Hancock
- class User
- include DataMapper::Resource
-
- property :id, Serial
- property :first_name, String
- property :last_name, String
- property :email, String, :unique => true, :unique_index => true
- property :internal, Boolean, :default => false
- property :admin, Boolean, :default => false
-
- property :salt, String
- property :crypted_password, String
-
- property :enabled, Boolean, :default => false
- property :verified, Boolean, :default => false
- property :access_token, String
-
- attr_accessor :password, :password_confirmation
+ class UserConfigurationError < StandardError; end
- def reset_access_token
- @access_token = Digest::SHA1.hexdigest(Guid.new.to_s)
- end
-
- def authenticated?(password)
- crypted_password == encrypt(password)
- end
-
- def encrypt(password)
- self.class.encrypt(password, salt)
- end
-
- def password_required?
- crypted_password.blank? || !password.blank?
- end
-
- def encrypt_password
- return if password.blank?
- @salt = Digest::SHA1.hexdigest("--#{Guid.new.to_s}}--email--") if new?
- @crypted_password = encrypt(password)
- end
-
- validates_present :password, :if => proc{|m| m.password_required?}
- validates_is_confirmed :password, :if => proc{|m| m.password_required?}
-
- before :save, :encrypt_password
- before :save, :reset_access_token
-
- def self.encrypt(password, salt)
- Digest::SHA1.hexdigest("--#{salt}--#{password}--")
+ class AuthenticationUser
+ def self.authenticated?(password)
+ raise UserConfigurationError, "You need to setup a Hancock::User authentication class"
end
+ end
- def self.signup(params)
- pass = Digest::SHA1.hexdigest(Guid.new.to_s)
- user = new(:email => params['email'],
- :first_name => params['first_name'],
- :last_name => params['last_name'],
- :password => pass,
- :password_confirmation => pass)
- user.save
- user
+ class User
+ def self.authentication_class=(klass)
+ @authentication_class = klass
end
- def self.authenticate(email, password)
- u = first(:email => email)
- u && u.authenticated?(password) && u.enabled ? u : nil
+ def self.authentication_class
+ @authentication_class ||= AuthenticationUser
end
- def full_name
- "#{first_name} #{last_name}"
+ def self.authenticated?(username, password)
+ authentication_class.authenticated?(username, password)
end
end
end
@@ -11,7 +11,7 @@ def server
end
def url_for_user
- absolute_url("/sso/users/#{session_user.id}")
+ absolute_url("/sso/users/#{session_user}")
end
def render_response(oidresp)
@@ -60,9 +60,7 @@ def self.registered(app)
oidreq.identity = oidreq.claimed_id = url_for_user
oidresp = oidreq.answer(true, nil, oidreq.identity)
sreg_data = {
- 'last_name' => session_user.last_name,
- 'first_name' => session_user.first_name,
- 'email' => session_user.email
+ 'email' => session[Hancock::SSO::SESSION_USER_KEY]
}
oidresp.add_extension(OpenID::SReg::Response.new(sreg_data))
else # associate
@@ -3,7 +3,7 @@ module SSO
module Sessions
module Helpers
def session_user
- ::Hancock::User.get(session[Hancock::SSO::SESSION_USER_KEY])
+ session[Hancock::SSO::SESSION_USER_KEY]
end
def session_return_to
@@ -12,11 +12,6 @@ def session_return_to
end
def ensure_authenticated
- if trust_root = session_return_to
- unless ::Hancock::Consumer.allowed?(trust_root)
- raise Hancock::SSO::Forbidden
- end
- end
raise Hancock::SSO::Unauthenticated unless session_user
end
end
@@ -30,8 +25,8 @@ def self.registered(app)
end
app.post '/sso/login' do
- user = ::Hancock::User.authenticate(params['email'], params['password'])
- session[Hancock::SSO::SESSION_USER_KEY] = user && user.id
+ user = ::Hancock::User.authenticated?(params['username'], params['password'])
+ session[Hancock::SSO::SESSION_USER_KEY] = params['username']
ensure_authenticated
redirect session_return_to || raise(Hancock::SSO::RouteMeHome)
end
View
@@ -3,12 +3,7 @@ module TestApp
module Helpers
def landing_page
<<-HAML
-%h2 Hello #{session_user.first_name} #{session_user.last_name}!
-- unless @consumers.empty?
- %ul#consumers
- - @consumers.each do |consumer|
- %li
- %a{:href => consumer.url}= consumer.label
+%h2 Hello #{session_user.inspect}!
HAML
end
@@ -29,15 +24,14 @@ def unauthenticated
or
%a{:href => '/sso/signup'} Signup
HAML
- end
+ end
+
end
def self.registered(app)
app.helpers Helpers
app.get '/' do
ensure_authenticated
- @consumers = ::Hancock::Consumer.visible
- @consumers += ::Hancock::Consumer.internal if session_user.internal?
haml landing_page
end
end
@@ -50,6 +44,9 @@ def self.app
end
class SsoServer < ::Hancock::SSO::App
+ enable :raise_errors
+ disable :show_exceptions
+
error Hancock::SSO::Unauthenticated do
haml(unauthenticated)
end
View
@@ -1,42 +0,0 @@
-Hancock::User.fix {{
- :enabled => true,
- :email => /\w+@\w+.\w{2,3}/.gen.downcase,
- :first_name => /\w+/.gen.capitalize,
- :last_name => /\w+/.gen.capitalize,
- :verified => true,
- :admin => false,
- :password => (pass = /\w+/.gen.downcase),
- :password_confirmation => pass,
- :salt => (salt = Digest::SHA1.hexdigest("--#{Time.now.to_s}--email--")),
- :crypted_password => Hancock::User.encrypt(pass, salt)
-}}
-
-Hancock::User.fix(:internal) {{
- :enabled => true,
- :email => /\w+@\w+.\w{2,3}/.gen.downcase,
- :first_name => /\w+/.gen.capitalize,
- :last_name => /\w+/.gen.capitalize,
- :verified => true,
- :password => (pass = /\w+/.gen.downcase),
- :password_confirmation => pass,
- :salt => (salt = Digest::SHA1.hexdigest("--#{Time.now.to_s}--email--")),
- :crypted_password => Hancock::User.encrypt(pass, salt),
- :internal => true
-}}
-
-Hancock::Consumer.fix(:internal) {{
- :url => %r!http://(\w+).example.org/login!.gen.downcase,
- :label => /(\w+) (\w+)/.gen,
- :internal => true
-}}
-
-Hancock::Consumer.fix(:visible_to_all) {{
- :url => %r!http://(\w+).consumerapp.com/login!.gen.downcase,
- :label => /(\w+) (\w+)/.gen,
- :internal => false
-}}
-
-Hancock::Consumer.fix(:hidden) {{
- :url => 'http://localhost:9292/login',
- :internal => true
-}}
Oops, something went wrong.

0 comments on commit d819752

Please sign in to comment.