From e296a3f1220911f449ee902bc5efb2e737811dac Mon Sep 17 00:00:00 2001 From: Daniel Kehoe Date: Thu, 7 Aug 2008 20:33:54 -0700 Subject: [PATCH] updated README and changed restful-authentication to restful_authentication --- README.markdown | 4 +- .../plugins/restful-authentication/.gitignore | 20 - .../plugins/restful-authentication/CHANGELOG | 68 --- vendor/plugins/restful-authentication/README | 176 ------- .../plugins/restful-authentication/Rakefile | 22 - vendor/plugins/restful-authentication/TODO | 15 - .../generators/authenticated/USAGE | 1 - .../authenticated/authenticated_generator.rb | 478 ------------------ .../authenticated/lib/insert_routes.rb | 54 -- .../templates/_model_partial.html.erb | 8 - .../templates/activation.html.erb | 3 - .../templates/authenticated_system.rb | 187 ------- .../templates/authenticated_test_helper.rb | 22 - .../authenticated/templates/controller.rb | 43 -- .../authenticated/templates/helper.rb | 2 - .../authenticated/templates/login.html.erb | 16 - .../authenticated/templates/mailer.rb | 25 - .../authenticated/templates/migration.rb | 26 - .../authenticated/templates/model.rb | 74 --- .../templates/model_controller.rb | 86 ---- .../authenticated/templates/model_helper.rb | 93 ---- .../templates/model_helper_spec.rb | 158 ------ .../authenticated/templates/observer.rb | 11 - .../authenticated/templates/signup.html.erb | 19 - .../templates/signup_notification.html.erb | 8 - .../authenticated/templates/site_keys.rb | 38 -- .../spec/controllers/access_control_spec.rb | 90 ---- .../controllers/authenticated_system_spec.rb | 101 ---- .../controllers/sessions_controller_spec.rb | 139 ----- .../spec/controllers/users_controller_spec.rb | 198 -------- .../templates/spec/fixtures/users.yml | 60 --- .../spec/helpers/users_helper_spec.rb | 141 ------ .../templates/spec/models/user_spec.rb | 290 ----------- .../templates/stories/rest_auth_stories.rb | 22 - .../stories/rest_auth_stories_helper.rb | 81 --- .../stories/steps/ra_navigation_steps.rb | 49 -- .../stories/steps/ra_resource_steps.rb | 179 ------- .../stories/steps/ra_response_steps.rb | 171 ------- .../templates/stories/steps/user_steps.rb | 153 ------ .../templates/stories/users/accounts.story | 186 ------- .../templates/stories/users/sessions.story | 134 ----- .../templates/test/functional_test.rb | 82 --- .../templates/test/mailer_test.rb | 31 -- .../templates/test/model_functional_test.rb | 93 ---- .../authenticated/templates/test/unit_test.rb | 164 ------ vendor/plugins/restful-authentication/init.rb | 3 - .../plugins/restful-authentication/install.rb | 1 - .../lib/authentication.rb | 43 -- .../lib/authentication/by_cookie_token.rb | 85 ---- .../lib/authentication/by_password.rb | 65 --- .../lib/authorization.rb | 15 - .../lib/authorization/aasm_roles.rb | 64 --- .../lib/authorization/stateful_roles.rb | 63 --- .../lib/trustification.rb | 15 - .../lib/trustification/email_validation.rb | 20 - .../notes/AccessControl.txt | 2 - .../notes/Authentication.txt | 5 - .../notes/Authorization.txt | 154 ------ .../notes/RailsPlugins.txt | 78 --- .../notes/SecurityFramework.graffle | Bin 6112 -> 0 bytes .../notes/SecurityFramework.png | Bin 198329 -> 0 bytes .../notes/SecurityPatterns.txt | 163 ------ .../notes/Tradeoffs.txt | 126 ----- .../notes/Trustification.txt | 49 -- .../restful-authentication/tasks/auth.rake | 33 -- 65 files changed, 2 insertions(+), 5003 deletions(-) delete mode 100644 vendor/plugins/restful-authentication/.gitignore delete mode 100644 vendor/plugins/restful-authentication/CHANGELOG delete mode 100644 vendor/plugins/restful-authentication/README delete mode 100644 vendor/plugins/restful-authentication/Rakefile delete mode 100644 vendor/plugins/restful-authentication/TODO delete mode 100644 vendor/plugins/restful-authentication/generators/authenticated/USAGE delete mode 100644 vendor/plugins/restful-authentication/generators/authenticated/authenticated_generator.rb delete mode 100644 vendor/plugins/restful-authentication/generators/authenticated/lib/insert_routes.rb delete mode 100644 vendor/plugins/restful-authentication/generators/authenticated/templates/_model_partial.html.erb delete mode 100644 vendor/plugins/restful-authentication/generators/authenticated/templates/activation.html.erb delete mode 100644 vendor/plugins/restful-authentication/generators/authenticated/templates/authenticated_system.rb delete mode 100644 vendor/plugins/restful-authentication/generators/authenticated/templates/authenticated_test_helper.rb delete mode 100644 vendor/plugins/restful-authentication/generators/authenticated/templates/controller.rb delete mode 100644 vendor/plugins/restful-authentication/generators/authenticated/templates/helper.rb delete mode 100644 vendor/plugins/restful-authentication/generators/authenticated/templates/login.html.erb delete mode 100644 vendor/plugins/restful-authentication/generators/authenticated/templates/mailer.rb delete mode 100644 vendor/plugins/restful-authentication/generators/authenticated/templates/migration.rb delete mode 100644 vendor/plugins/restful-authentication/generators/authenticated/templates/model.rb delete mode 100644 vendor/plugins/restful-authentication/generators/authenticated/templates/model_controller.rb delete mode 100644 vendor/plugins/restful-authentication/generators/authenticated/templates/model_helper.rb delete mode 100644 vendor/plugins/restful-authentication/generators/authenticated/templates/model_helper_spec.rb delete mode 100644 vendor/plugins/restful-authentication/generators/authenticated/templates/observer.rb delete mode 100644 vendor/plugins/restful-authentication/generators/authenticated/templates/signup.html.erb delete mode 100644 vendor/plugins/restful-authentication/generators/authenticated/templates/signup_notification.html.erb delete mode 100644 vendor/plugins/restful-authentication/generators/authenticated/templates/site_keys.rb delete mode 100644 vendor/plugins/restful-authentication/generators/authenticated/templates/spec/controllers/access_control_spec.rb delete mode 100644 vendor/plugins/restful-authentication/generators/authenticated/templates/spec/controllers/authenticated_system_spec.rb delete mode 100644 vendor/plugins/restful-authentication/generators/authenticated/templates/spec/controllers/sessions_controller_spec.rb delete mode 100644 vendor/plugins/restful-authentication/generators/authenticated/templates/spec/controllers/users_controller_spec.rb delete mode 100644 vendor/plugins/restful-authentication/generators/authenticated/templates/spec/fixtures/users.yml delete mode 100644 vendor/plugins/restful-authentication/generators/authenticated/templates/spec/helpers/users_helper_spec.rb delete mode 100644 vendor/plugins/restful-authentication/generators/authenticated/templates/spec/models/user_spec.rb delete mode 100755 vendor/plugins/restful-authentication/generators/authenticated/templates/stories/rest_auth_stories.rb delete mode 100644 vendor/plugins/restful-authentication/generators/authenticated/templates/stories/rest_auth_stories_helper.rb delete mode 100644 vendor/plugins/restful-authentication/generators/authenticated/templates/stories/steps/ra_navigation_steps.rb delete mode 100644 vendor/plugins/restful-authentication/generators/authenticated/templates/stories/steps/ra_resource_steps.rb delete mode 100644 vendor/plugins/restful-authentication/generators/authenticated/templates/stories/steps/ra_response_steps.rb delete mode 100644 vendor/plugins/restful-authentication/generators/authenticated/templates/stories/steps/user_steps.rb delete mode 100644 vendor/plugins/restful-authentication/generators/authenticated/templates/stories/users/accounts.story delete mode 100644 vendor/plugins/restful-authentication/generators/authenticated/templates/stories/users/sessions.story delete mode 100644 vendor/plugins/restful-authentication/generators/authenticated/templates/test/functional_test.rb delete mode 100644 vendor/plugins/restful-authentication/generators/authenticated/templates/test/mailer_test.rb delete mode 100644 vendor/plugins/restful-authentication/generators/authenticated/templates/test/model_functional_test.rb delete mode 100644 vendor/plugins/restful-authentication/generators/authenticated/templates/test/unit_test.rb delete mode 100644 vendor/plugins/restful-authentication/init.rb delete mode 100644 vendor/plugins/restful-authentication/install.rb delete mode 100644 vendor/plugins/restful-authentication/lib/authentication.rb delete mode 100644 vendor/plugins/restful-authentication/lib/authentication/by_cookie_token.rb delete mode 100644 vendor/plugins/restful-authentication/lib/authentication/by_password.rb delete mode 100644 vendor/plugins/restful-authentication/lib/authorization.rb delete mode 100644 vendor/plugins/restful-authentication/lib/authorization/aasm_roles.rb delete mode 100644 vendor/plugins/restful-authentication/lib/authorization/stateful_roles.rb delete mode 100644 vendor/plugins/restful-authentication/lib/trustification.rb delete mode 100644 vendor/plugins/restful-authentication/lib/trustification/email_validation.rb delete mode 100644 vendor/plugins/restful-authentication/notes/AccessControl.txt delete mode 100644 vendor/plugins/restful-authentication/notes/Authentication.txt delete mode 100644 vendor/plugins/restful-authentication/notes/Authorization.txt delete mode 100644 vendor/plugins/restful-authentication/notes/RailsPlugins.txt delete mode 100644 vendor/plugins/restful-authentication/notes/SecurityFramework.graffle delete mode 100644 vendor/plugins/restful-authentication/notes/SecurityFramework.png delete mode 100644 vendor/plugins/restful-authentication/notes/SecurityPatterns.txt delete mode 100644 vendor/plugins/restful-authentication/notes/Tradeoffs.txt delete mode 100644 vendor/plugins/restful-authentication/notes/Trustification.txt delete mode 100644 vendor/plugins/restful-authentication/tasks/auth.rake diff --git a/README.markdown b/README.markdown index e7d859f..bc6c625 100644 --- a/README.markdown +++ b/README.markdown @@ -127,8 +127,6 @@ To run the RSpec specs: ## To Do -* Install the restful_authentication plugin -* Install the "acts as state machine" plugin * Run the restful_authentication generator * Add everything specified by "Restful Authentication With All the Bells and Whistles" * Add Google gmail support @@ -142,6 +140,8 @@ To run the RSpec specs: * Created a .gitignore file * Checked the app into GitHub * Added RSpec (version 1.1.4) +* Installed the restful_authentication plugin (version of 08/07/08) +* Installed the "acts as state machine" plugin (version 2.1) ## Documentation and Support diff --git a/vendor/plugins/restful-authentication/.gitignore b/vendor/plugins/restful-authentication/.gitignore deleted file mode 100644 index 0523cb8..0000000 --- a/vendor/plugins/restful-authentication/.gitignore +++ /dev/null @@ -1,20 +0,0 @@ -Icon? -.DS_Store -TAGS -REVISION -*.tmproj -.settings -.project -.tasks-cache -.svn -/log/*.log -/tmp/**/* -/config/database.yml -actionmailer_config_DONOTVERSION.rb -*DONOTVERSION* -/vendor/src/**/* -/db/*.sqlite* -/public/ac/* -/coverage -/doc/app -/doc/plugins diff --git a/vendor/plugins/restful-authentication/CHANGELOG b/vendor/plugins/restful-authentication/CHANGELOG deleted file mode 100644 index 5495485..0000000 --- a/vendor/plugins/restful-authentication/CHANGELOG +++ /dev/null @@ -1,68 +0,0 @@ -h1. Internal Changes to code - -As always, this is just a copy-and-pasted version of the CHANGELOG file in the source code tree. - -h2. Changes for the May, 2008 version of restful-authentication - -h3. Changes to user model - -* recently_activated? belongs only if stateful -* Gave migration a 40-char limit on remember_token & an index on users by login -* **Much** stricter login and email validation -* put length constraints in migration too -* password in 6, 40 -* salt and remember_token now much less predictability - -h3. Changes to session_controller - -* use uniform logout function -* use uniform remember_cookie functions -* avoid calling logged_in? which will auto-log-you-in (safe in the face of - logout! call, but idiot-proof) -* Moved reset_session into only the "now logged in" branch -** wherever it goes, it has to be in front of the current_user= call -** See more in README-Tradeoffs.txt -* made a place to take action on failed login attempt -* recycle login and remember_me setting on failed login -* nil'ed out the password field in 'new' view - -h3. Changes to users_controller - -* use uniform logout function -* use uniform remember_cookie functions -* Moved reset_session into only the "now logged in" branch -** wherever it goes, it has to be in front of the current_user= call -** See more in README-Tradeoffs.txt -* made the implicit login only happen for non-activationed sites -* On a failed signup, kick you back to the signin screen (but strip out the password & confirmation) -* more descriptive error messages in activate() - -h3. users_helper - -* link_to_user, link_to_current_user, link_to_signin_with_IP -* if_authorized(action, resource, &block) view function (with appropriate - warning) - -h3. authenticated_system - -* Made authorized? take optional arguments action=nil, resource=nil, *args - This makes its signature better match traditional approaches to access control - eg Reference Monitor in "Security Patterns":http://www.securitypatterns.org/patterns.html) -* authorized? should be a helper too -* added uniform logout! methods -* format.any (as found in access_denied) doesn't work until - http://dev.rubyonrails.org/changeset/8987 lands. -* cookies are now refreshed each time we cross the logged out/in barrier, as - "best":http://palisade.plynt.com/issues/2004Jul/safe-auth-practices/ - "practice":http://www.owasp.org/index.php/Session_Management#Regeneration_of_Session_Tokens - -h3. Other - -* Used escapes <%= %> in email templates (among other reasons, so courtenay's - "'dumbass' test":http://tinyurl.com/684g9t doesn't complain) -* Added site key to generator, users.yml. -* Made site key generation idempotent in the most crude and hackish way -* 100% coverage apart from the stateful code. (needed some access_control - checks, and the http_auth stuff) -* Stories! - diff --git a/vendor/plugins/restful-authentication/README b/vendor/plugins/restful-authentication/README deleted file mode 100644 index 97f591c..0000000 --- a/vendor/plugins/restful-authentication/README +++ /dev/null @@ -1,176 +0,0 @@ -h1. Restful Authentication Generator - -This widely-used plugin provides a foundation for securely managing user -authentication: -* Login / logout -* Secure password handling -* Account activation by validating email -* Account approval / disabling by admin -* Rudimentary hooks for authorization and access control. - -Several features were updated in May, 2008. The newest version of this plugin -may be found in - http://github.com/technoweenie/restful-authentication/tree/master -While a "classic" (backward-compatible) version may be found in - http://github.com/technoweenie/restful-authentication/tree/classic - - !! important: if you upgrade your site, existing user account !! - !! passwords will stop working unless you use --old-passwords !! - -This page has notes on -* "Installation":#INSTALL -* "Compatibility Warning":#COMPATIBILITY -* "New Features":#AWESOME -* "After installing":#POST-INSTALL - -See the "wiki":http://github.com/technoweenie/restful-authentication/wikis/home -(or the notes/ directory) if you want to learn more about: - -* "Security Design Patterns":Security-Patterns with "snazzy diagram":http://github.com/technoweenie/restful-authentication/tree/master/notes/SecurityFramework.png -* [[Authentication]] -- Lets a visitor identify herself (and lay claim to her corresponding Roles and measure of Trust) -* "Trust Metrics":Trustification -- Confidence we can rely on the outcomes of this visitor's actions. -* [[Authorization]] and Policy -- Based on trust and identity, what actions may this visitor perform? -* [[Access Control]] -- How the Authorization policy is actually enforced in your code (A: hopefully without turning it into a spaghetti of if thens) -* [[Rails Plugins]] for Authentication, Trust, Authorization and Access Control -* [[Tradeoffs]] -- for the paranoid or the curious, a rundown of tradeoffs made in the code -* [[CHANGELOG]] -- Summary of changes to internals -* [[TODO]] -- Ideas for how you can help - -These best version of the release notes are in the notes/ directory in the -"source code":http://github.com/technoweenie/restful-authentication/tree/master --- look there for the latest version. The wiki versions are taken (manually) -from there. - -*************************************************************************** - -h2. Exciting new features - -h3. Stories - -There are now RSpec stories that allow expressive, enjoyable tests for the -authentication code. The flexible code for resource testing in stories was -extended from "Ben Mabey's.":http://www.benmabey.com/2008/02/04/rspec-plain-text-stories-webrat-chunky-bacon/ - -h3. Modularize to match security design patterns: - -* Authentication (currently: password, browser cookie token, HTTP basic) -* Trust metric (email validation) -* Authorization (stateful roles) -* Leave a flexible framework that will play nicely with other access control / policy definition / trust metric plugins - -h3. Other - -* Added a few helper methods for linking to user pages -* Uniform handling of logout, remember_token -* Stricter email, login field validation -* Minor security fixes -- see CHANGELOG - -*************************************************************************** - -h2. Non-backwards compatible Changes - -Here are a few changes in the May 2008 release that increase "Defense in Depth" -but may require changes to existing accounts - -* If you have an existing site, none of these changes are compelling enough to - warrant migrating your userbase. -* If you are generating for a new site, all of these changes are low-impact. - You should apply them. - -h3. Passwords - -The new password encryption (using a site key salt and stretching) will break -existing user accounts' passwords. We recommend you use the --old-passwords -option or write a migration tool and submit it as a patch. See the -[[Tradeoffs]] note for more information. - -h3. Validations - -By default, - -*************************************************************************** - -h2. Installation - -This is a basic restful authentication generator for rails, taken from -acts as authenticated. Currently it requires Rails 1.2.6 or above. - -To use: - - ./script/generate authenticated user sessions \ - --include-activation \ - --stateful \ - --rspec \ - --skip-migration \ - --skip-routes \ - --old-passwords - -* The first parameter specifies the model that gets created in signup (typically - a user or account model). A model with migration is created, as well as a - basic controller with the create method. You probably want to say "User" here. - -* The second parameter specifies the session controller name. This is the - controller that handles the actual login/logout function on the site. - (probably: "Session"). - -* --include-activation: Generates the code for a ActionMailer and its respective - Activation Code through email. - -* --stateful: Builds in support for acts_as_state_machine and generates - activation code. (@--stateful@ implies @--include-activation@). Based on the - idea at [[http://www.vaporbase.com/postings/stateful_authentication]]. Passing - @--skip-migration@ will skip the user migration, and @--skip-routes@ will skip - resource generation -- both useful if you've already run this generator. - -* --aasm: Works the same as stateful but uses the updated aasm gem - -* --rspec: Generate RSpec tests and Stories in place of standard rails tests. - This requires the - "RSpec and Rspec-on-rails plugins":http://rspec.info/ - (make sure you "./script/generate rspec" after installing RSpec.) The rspec - and story suite are much more thorough than the rails tests, and changes are - unlikely to be backported. - -* --old-passwords: Use the older password scheme (see [[#COMPATIBILITY]], above) - -* --skip-migration: Don't generate a migration file for this model - -* --skip-routes: Don't generate a resource line in @config/routes.rb@ - - -*************************************************************************** - -h2. After installing - -The below assumes a Model named 'User' and a Controller named 'Session'; please -alter to suit. There are additional security minutae in @notes/README-Tradeoffs@ --- only the paranoid or the curious need bother, though. - -* Add these familiar login URLs to your @config/routes.rb@ if you like: - - map.signup '/signup', :controller => 'users', :action => 'new' @ - map.login '/login', :controller => 'sessions', :action => 'new' @ - map.logout '/logout', :controller => 'sessions', :action => 'destroy' @ - -* With @--include-activation@, also add to your @config/routes.rb@: - - map.activate '/activate/:activation_code', :controller => 'users', :action => 'activate', :activation_code => nil) - - and add an observer to @config/environment.rb@: - - config.active_record.observers = :user_observer - -* With @--stateful@, add an observer to config/environment.rb: - - config.active_record.observers = :user_observer - - and modify the users resource line to read - - map.resources :users, :member => { :suspend => :put, - :unsuspend => :put, - :purge => :delete } - -* If you use a public repository for your code (such as github, rubyforge, - gitorious, etc.) make sure to NOT post your site_keys.rb (add a line like - '/config/initializers/site_keys.rb' to your .gitignore or do the svn ignore - dance), but make sure you DO keep it backed up somewhere safe. diff --git a/vendor/plugins/restful-authentication/Rakefile b/vendor/plugins/restful-authentication/Rakefile deleted file mode 100644 index 03e0f37..0000000 --- a/vendor/plugins/restful-authentication/Rakefile +++ /dev/null @@ -1,22 +0,0 @@ -require 'rake' -require 'rake/testtask' -require 'rake/rdoctask' - -desc 'Default: run unit tests.' -task :default => :test - -desc 'Test the restful_authentication plugin.' -Rake::TestTask.new(:test) do |t| - t.libs << 'lib' - t.pattern = 'test/**/*_test.rb' - t.verbose = true -end - -desc 'Generate documentation for the restful_authentication plugin.' -Rake::RDocTask.new(:rdoc) do |rdoc| - rdoc.rdoc_dir = 'rdoc' - rdoc.title = 'RestfulAuthentication' - rdoc.options << '--line-numbers' << '--inline-source' - rdoc.rdoc_files.include('README') - rdoc.rdoc_files.include('lib/**/*.rb') -end diff --git a/vendor/plugins/restful-authentication/TODO b/vendor/plugins/restful-authentication/TODO deleted file mode 100644 index 30968ad..0000000 --- a/vendor/plugins/restful-authentication/TODO +++ /dev/null @@ -1,15 +0,0 @@ - -h3. Authentication security projects for a later date - - -* Track 'failed logins this hour' and demand a captcha after say 5 failed logins - ("RECAPTCHA plugin.":http://agilewebdevelopment.com/plugins/recaptcha) - "De-proxy-ficate IP address": http://wiki.codemongers.com/NginxHttpRealIpModule - -* Make cookie spoofing a little harder: we set the user's cookie to - (remember_token), but store digest(remember_token, request_IP). A CSRF cookie - spoofer has to then at least also spoof the user's originating IP - (see "Secure Programs HOWTO":http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/web-authentication.html) - -* Log HTTP request on authentication / authorization failures - http://palisade.plynt.com/issues/2004Jul/safe-auth-practices diff --git a/vendor/plugins/restful-authentication/generators/authenticated/USAGE b/vendor/plugins/restful-authentication/generators/authenticated/USAGE deleted file mode 100644 index 72794d7..0000000 --- a/vendor/plugins/restful-authentication/generators/authenticated/USAGE +++ /dev/null @@ -1 +0,0 @@ -./script/generate authenticated USERMODEL CONTROLLERNAME \ No newline at end of file diff --git a/vendor/plugins/restful-authentication/generators/authenticated/authenticated_generator.rb b/vendor/plugins/restful-authentication/generators/authenticated/authenticated_generator.rb deleted file mode 100644 index 9920798..0000000 --- a/vendor/plugins/restful-authentication/generators/authenticated/authenticated_generator.rb +++ /dev/null @@ -1,478 +0,0 @@ -require File.expand_path(File.dirname(__FILE__) + "/lib/insert_routes.rb") -require 'digest/sha1' -class AuthenticatedGenerator < Rails::Generator::NamedBase - default_options :skip_migration => false, - :skip_routes => false, - :old_passwords => false, - :include_activation => false - - attr_reader :controller_name, - :controller_class_path, - :controller_file_path, - :controller_class_nesting, - :controller_class_nesting_depth, - :controller_class_name, - :controller_singular_name, - :controller_plural_name, - :controller_routing_name, # new_session_path - :controller_routing_path, # /session/new - :controller_controller_name, # sessions - :controller_file_name - alias_method :controller_table_name, :controller_plural_name - attr_reader :model_controller_name, - :model_controller_class_path, - :model_controller_file_path, - :model_controller_class_nesting, - :model_controller_class_nesting_depth, - :model_controller_class_name, - :model_controller_singular_name, - :model_controller_plural_name, - :model_controller_routing_name, # new_user_path - :model_controller_routing_path, # /users/new - :model_controller_controller_name # users - alias_method :model_controller_file_name, :model_controller_singular_name - alias_method :model_controller_table_name, :model_controller_plural_name - - def initialize(runtime_args, runtime_options = {}) - super - - @rspec = has_rspec? - - @controller_name = (args.shift || 'sessions').pluralize - @model_controller_name = @name.pluralize - - # sessions controller - base_name, @controller_class_path, @controller_file_path, @controller_class_nesting, @controller_class_nesting_depth = extract_modules(@controller_name) - @controller_class_name_without_nesting, @controller_file_name, @controller_plural_name = inflect_names(base_name) - @controller_singular_name = @controller_file_name.singularize - if @controller_class_nesting.empty? - @controller_class_name = @controller_class_name_without_nesting - else - @controller_class_name = "#{@controller_class_nesting}::#{@controller_class_name_without_nesting}" - end - @controller_routing_name = @controller_singular_name - @controller_routing_path = @controller_file_path.singularize - @controller_controller_name = @controller_plural_name - - # model controller - base_name, @model_controller_class_path, @model_controller_file_path, @model_controller_class_nesting, @model_controller_class_nesting_depth = extract_modules(@model_controller_name) - @model_controller_class_name_without_nesting, @model_controller_singular_name, @model_controller_plural_name = inflect_names(base_name) - - if @model_controller_class_nesting.empty? - @model_controller_class_name = @model_controller_class_name_without_nesting - else - @model_controller_class_name = "#{@model_controller_class_nesting}::#{@model_controller_class_name_without_nesting}" - end - @model_controller_routing_name = @table_name - @model_controller_routing_path = @model_controller_file_path - @model_controller_controller_name = @model_controller_plural_name - - load_or_initialize_site_keys() - - if options[:dump_generator_attribute_names] - dump_generator_attribute_names - end - end - - def manifest - recorded_session = record do |m| - # Check for class naming collisions. - m.class_collisions controller_class_path, "#{controller_class_name}Controller", # Sessions Controller - "#{controller_class_name}Helper" - m.class_collisions model_controller_class_path, "#{model_controller_class_name}Controller", # Model Controller - "#{model_controller_class_name}Helper" - m.class_collisions class_path, "#{class_name}", "#{class_name}Mailer", "#{class_name}MailerTest", "#{class_name}Observer" - m.class_collisions [], 'AuthenticatedSystem', 'AuthenticatedTestHelper' - - # Controller, helper, views, and test directories. - m.directory File.join('app/models', class_path) - m.directory File.join('app/controllers', controller_class_path) - m.directory File.join('app/controllers', model_controller_class_path) - m.directory File.join('app/helpers', controller_class_path) - m.directory File.join('app/views', controller_class_path, controller_file_name) - m.directory File.join('app/views', class_path, "#{file_name}_mailer") if options[:include_activation] - - m.directory File.join('app/controllers', model_controller_class_path) - m.directory File.join('app/helpers', model_controller_class_path) - m.directory File.join('app/views', model_controller_class_path, model_controller_file_name) - m.directory File.join('config/initializers') - - if @rspec - m.directory File.join('spec/controllers', controller_class_path) - m.directory File.join('spec/controllers', model_controller_class_path) - m.directory File.join('spec/models', class_path) - m.directory File.join('spec/helpers', model_controller_class_path) - m.directory File.join('spec/fixtures', class_path) - m.directory File.join('stories', model_controller_file_path) - m.directory File.join('stories', 'steps') - else - m.directory File.join('test/functional', controller_class_path) - m.directory File.join('test/functional', model_controller_class_path) - m.directory File.join('test/unit', class_path) - m.directory File.join('test/fixtures', class_path) - end - - m.template 'model.rb', - File.join('app/models', - class_path, - "#{file_name}.rb") - - if options[:include_activation] - %w( mailer observer ).each do |model_type| - m.template "#{model_type}.rb", File.join('app/models', - class_path, - "#{file_name}_#{model_type}.rb") - end - end - - m.template 'controller.rb', - File.join('app/controllers', - controller_class_path, - "#{controller_file_name}_controller.rb") - - m.template 'model_controller.rb', - File.join('app/controllers', - model_controller_class_path, - "#{model_controller_file_name}_controller.rb") - - m.template 'authenticated_system.rb', - File.join('lib', 'authenticated_system.rb') - - m.template 'authenticated_test_helper.rb', - File.join('lib', 'authenticated_test_helper.rb') - - m.template 'site_keys.rb', site_keys_file - - if @rspec - # RSpec Specs - m.template 'spec/controllers/users_controller_spec.rb', - File.join('spec/controllers', - model_controller_class_path, - "#{model_controller_file_name}_controller_spec.rb") - m.template 'spec/controllers/sessions_controller_spec.rb', - File.join('spec/controllers', - controller_class_path, - "#{controller_file_name}_controller_spec.rb") - m.template 'spec/controllers/access_control_spec.rb', - File.join('spec/controllers', - controller_class_path, - "access_control_spec.rb") - m.template 'spec/controllers/authenticated_system_spec.rb', - File.join('spec/controllers', - controller_class_path, - "authenticated_system_spec.rb") - m.template 'spec/helpers/users_helper_spec.rb', - File.join('spec/helpers', - model_controller_class_path, - "#{table_name}_helper_spec.rb") - m.template 'spec/models/user_spec.rb', - File.join('spec/models', - class_path, - "#{file_name}_spec.rb") - m.template 'spec/fixtures/users.yml', - File.join('spec/fixtures', - class_path, - "#{table_name}.yml") - - # RSpec Stories - m.template 'stories/steps/ra_navigation_steps.rb', - File.join('stories/steps/ra_navigation_steps.rb') - m.template 'stories/steps/ra_response_steps.rb', - File.join('stories/steps/ra_response_steps.rb') - m.template 'stories/steps/ra_resource_steps.rb', - File.join('stories/steps/ra_resource_steps.rb') - m.template 'stories/steps/user_steps.rb', - File.join('stories/steps/', "#{file_name}_steps.rb") - m.template 'stories/users/accounts.story', - File.join('stories', model_controller_file_path, 'accounts.story') - m.template 'stories/users/sessions.story', - File.join('stories', model_controller_file_path, 'sessions.story') - m.template 'stories/rest_auth_stories_helper.rb', - File.join('stories', 'rest_auth_stories_helper.rb') - m.template 'stories/rest_auth_stories.rb', - File.join('stories', 'rest_auth_stories.rb') - - else - m.template 'test/functional_test.rb', - File.join('test/functional', - controller_class_path, - "#{controller_file_name}_controller_test.rb") - m.template 'test/model_functional_test.rb', - File.join('test/functional', - model_controller_class_path, - "#{model_controller_file_name}_controller_test.rb") - m.template 'test/unit_test.rb', - File.join('test/unit', - class_path, - "#{file_name}_test.rb") - if options[:include_activation] - m.template 'test/mailer_test.rb', File.join('test/unit', class_path, "#{file_name}_mailer_test.rb") - end - m.template 'spec/fixtures/users.yml', - File.join('test/fixtures', - class_path, - "#{table_name}.yml") - end - - m.template 'helper.rb', - File.join('app/helpers', - controller_class_path, - "#{controller_file_name}_helper.rb") - - m.template 'model_helper.rb', - File.join('app/helpers', - model_controller_class_path, - "#{model_controller_file_name}_helper.rb") - - - # Controller templates - m.template 'login.html.erb', File.join('app/views', controller_class_path, controller_file_name, "new.html.erb") - m.template 'signup.html.erb', File.join('app/views', model_controller_class_path, model_controller_file_name, "new.html.erb") - m.template '_model_partial.html.erb', File.join('app/views', model_controller_class_path, model_controller_file_name, "_#{file_name}_bar.html.erb") - - if options[:include_activation] - # Mailer templates - %w( activation signup_notification ).each do |action| - m.template "#{action}.html.erb", - File.join('app/views', "#{file_name}_mailer", "#{action}.html.erb") - end - end - - unless options[:skip_migration] - m.migration_template 'migration.rb', 'db/migrate', :assigns => { - :migration_name => "Create#{class_name.pluralize.gsub(/::/, '')}" - }, :migration_file_name => "create_#{file_path.gsub(/\//, '_').pluralize}" - end - unless options[:skip_routes] - # Note that this fails for nested classes -- you're on your own with setting up the routes. - m.route_resource controller_singular_name - m.route_resources model_controller_plural_name - m.route_name('signup', '/signup', {:controller => model_controller_plural_name, :action => 'new'}) - m.route_name('register', '/register', {:controller => model_controller_plural_name, :action => 'create'}) - m.route_name('login', '/login', {:controller => controller_controller_name, :action => 'new'}) - m.route_name('logout', '/logout', {:controller => controller_controller_name, :action => 'destroy'}) - end - end - - # - # Post-install notes - # - action = File.basename($0) # grok the action from './script/generate' or whatever - case action - when "generate" - puts "Ready to generate." - puts ("-" * 70) - puts "Once finished, don't forget to:" - puts - if options[:include_activation] - puts "- Add an observer to config/environment.rb" - puts " config.active_record.observers = :#{file_name}_observer" - end - if options[:aasm] - puts "- Install the acts_as_state_machine gem:" - puts " sudo gem sources -a http://gems.github.com (If you haven't already)" - puts " sudo gem install rubyist-aasm" - elsif options[:stateful] - puts "- Install the acts_as_state_machine plugin:" - puts " svn export http://elitists.textdriven.com/svn/plugins/acts_as_state_machine/trunk vendor/plugins/acts_as_state_machine" - end - puts "- Add routes to these resources. In config/routes.rb, insert routes like:" - puts %( map.signup '/signup', :controller => '#{model_controller_file_name}', :action => 'new') - puts %( map.login '/login', :controller => '#{controller_file_name}', :action => 'new') - puts %( map.logout '/logout', :controller => '#{controller_file_name}', :action => 'destroy') - if options[:include_activation] - puts %( map.activate '/activate/:activation_code', :controller => '#{model_controller_file_name}', :action => 'activate', :activation_code => nil) - end - if options[:stateful] - puts " and modify the map.resources :#{model_controller_file_name} line to include these actions:" - puts " map.resources :#{model_controller_file_name}, :member => { :suspend => :put, :unsuspend => :put, :purge => :delete }" - end - puts - puts ("-" * 70) - puts - if $rest_auth_site_key_from_generator.blank? - puts "You've set a nil site key. This preserves existing users' passwords," - puts "but allows dictionary attacks in the unlikely event your database is" - puts "compromised and your site code is not. See the README for more." - elsif $rest_auth_keys_are_new - puts "We've create a new site key in #{site_keys_file}. If you have existing" - puts "user accounts their passwords will no longer work (see README). As always," - puts "keep this file safe but don't post it in public." - else - puts "We've reused the existing site key in #{site_keys_file}. As always," - puts "keep this file safe but don't post it in public." - end - puts - puts ("-" * 70) - when "destroy" - puts - puts ("-" * 70) - puts - puts "Thanks for using restful_authentication" - puts - puts "Don't forget to comment out the observer line in environment.rb" - puts " (This was optional so it may not even be there)" - puts " # config.active_record.observers = :#{file_name}_observer" - puts - puts ("-" * 70) - puts - else - puts "Didn't understand the action '#{action}' -- you might have missed the 'after running me' instructions." - end - - # - # Do the thing - # - recorded_session - end - - def has_rspec? - spec_dir = File.join(RAILS_ROOT, 'spec') - options[:rspec] ||= (File.exist?(spec_dir) && File.directory?(spec_dir)) unless (options[:rspec] == false) - end - - # - # !! These must match the corresponding routines in by_password.rb !! - # - def secure_digest(*args) - Digest::SHA1.hexdigest(args.flatten.join('--')) - end - def make_token - secure_digest(Time.now, (1..10).map{ rand.to_s }) - end - def password_digest(password, salt) - digest = $rest_auth_site_key_from_generator - $rest_auth_digest_stretches_from_generator.times do - digest = secure_digest(digest, salt, password, $rest_auth_site_key_from_generator) - end - digest - end - - # - # Try to be idempotent: - # pull in the existing site key if any, - # seed it with reasonable defaults otherwise - # - def load_or_initialize_site_keys - case - when defined? REST_AUTH_SITE_KEY - if (options[:old_passwords]) && ((! REST_AUTH_SITE_KEY.blank?) || (REST_AUTH_DIGEST_STRETCHES != 1)) - raise "You have a site key, but --old-passwords will overwrite it. If this is really what you want, move the file #{site_keys_file} and re-run." - end - $rest_auth_site_key_from_generator = REST_AUTH_SITE_KEY - $rest_auth_digest_stretches_from_generator = REST_AUTH_DIGEST_STRETCHES - when options[:old_passwords] - $rest_auth_site_key_from_generator = nil - $rest_auth_digest_stretches_from_generator = 1 - $rest_auth_keys_are_new = true - else - $rest_auth_site_key_from_generator = make_token - $rest_auth_digest_stretches_from_generator = 10 - $rest_auth_keys_are_new = true - end - end - def site_keys_file - File.join("config", "initializers", "site_keys.rb") - end - -protected - # Override with your own usage banner. - def banner - "Usage: #{$0} authenticated ModelName [ControllerName]" - end - - def add_options!(opt) - opt.separator '' - opt.separator 'Options:' - opt.on("--skip-migration", - "Don't generate a migration file for this model") { |v| options[:skip_migration] = v } - opt.on("--include-activation", - "Generate signup 'activation code' confirmation via email") { |v| options[:include_activation] = true } - opt.on("--stateful", - "Use acts_as_state_machine. Assumes --include-activation") { |v| options[:include_activation] = options[:stateful] = true } - opt.on("--aasm", - "Use (gem) aasm. Assumes --include-activation") { |v| options[:include_activation] = options[:stateful] = options[:aasm] = true } - opt.on("--rspec", - "Force rspec mode (checks for RAILS_ROOT/spec by default)") { |v| options[:rspec] = true } - opt.on("--no-rspec", - "Force test (not RSpec mode") { |v| options[:rspec] = false } - opt.on("--skip-routes", - "Don't generate a resource line in config/routes.rb") { |v| options[:skip_routes] = v } - opt.on("--old-passwords", - "Use the older password encryption scheme (see README)") { |v| options[:old_passwords] = v } - opt.on("--dump-generator-attrs", - "(generator debug helper)") { |v| options[:dump_generator_attribute_names] = v } - end - - def dump_generator_attribute_names - generator_attribute_names = [ - :table_name, - :file_name, - :class_name, - :controller_name, - :controller_class_path, - :controller_file_path, - :controller_class_nesting, - :controller_class_nesting_depth, - :controller_class_name, - :controller_singular_name, - :controller_plural_name, - :controller_routing_name, # new_session_path - :controller_routing_path, # /session/new - :controller_controller_name, # sessions - :controller_file_name, - :controller_table_name, :controller_plural_name, - :model_controller_name, - :model_controller_class_path, - :model_controller_file_path, - :model_controller_class_nesting, - :model_controller_class_nesting_depth, - :model_controller_class_name, - :model_controller_singular_name, - :model_controller_plural_name, - :model_controller_routing_name, # new_user_path - :model_controller_routing_path, # /users/new - :model_controller_controller_name, # users - :model_controller_file_name, :model_controller_singular_name, - :model_controller_table_name, :model_controller_plural_name, - ] - generator_attribute_names.each do |attr| - puts "%-40s %s" % ["#{attr}:", self.send(attr)] # instance_variable_get("@#{attr.to_s}" - end - - end -end - -# ./script/generate authenticated FoonParent::Foon SporkParent::Spork -p --force --rspec --dump-generator-attrs -# table_name: foon_parent_foons -# file_name: foon -# class_name: FoonParent::Foon -# controller_name: SporkParent::Sporks -# controller_class_path: spork_parent -# controller_file_path: spork_parent/sporks -# controller_class_nesting: SporkParent -# controller_class_nesting_depth: 1 -# controller_class_name: SporkParent::Sporks -# controller_singular_name: spork -# controller_plural_name: sporks -# controller_routing_name: spork -# controller_routing_path: spork_parent/spork -# controller_controller_name: sporks -# controller_file_name: sporks -# controller_table_name: sporks -# controller_plural_name: sporks -# model_controller_name: FoonParent::Foons -# model_controller_class_path: foon_parent -# model_controller_file_path: foon_parent/foons -# model_controller_class_nesting: FoonParent -# model_controller_class_nesting_depth: 1 -# model_controller_class_name: FoonParent::Foons -# model_controller_singular_name: foons -# model_controller_plural_name: foons -# model_controller_routing_name: foon_parent_foons -# model_controller_routing_path: foon_parent/foons -# model_controller_controller_name: foons -# model_controller_file_name: foons -# model_controller_singular_name: foons -# model_controller_table_name: foons -# model_controller_plural_name: foons diff --git a/vendor/plugins/restful-authentication/generators/authenticated/lib/insert_routes.rb b/vendor/plugins/restful-authentication/generators/authenticated/lib/insert_routes.rb deleted file mode 100644 index 92b2678..0000000 --- a/vendor/plugins/restful-authentication/generators/authenticated/lib/insert_routes.rb +++ /dev/null @@ -1,54 +0,0 @@ -Rails::Generator::Commands::Create.class_eval do - def route_resource(*resources) - resource_list = resources.map { |r| r.to_sym.inspect }.join(', ') - sentinel = 'ActionController::Routing::Routes.draw do |map|' - - logger.route "map.resource #{resource_list}" - unless options[:pretend] - gsub_file 'config/routes.rb', /(#{Regexp.escape(sentinel)})/mi do |match| - "#{match}\n map.resource #{resource_list}\n" - end - end - end - - def route_name(name, path, route_options = {}) - sentinel = 'ActionController::Routing::Routes.draw do |map|' - - logger.route "map.#{name} '#{path}', :controller => '#{route_options[:controller]}', :action => '#{route_options[:action]}'" - unless options[:pretend] - gsub_file 'config/routes.rb', /(#{Regexp.escape(sentinel)})/mi do |match| - "#{match}\n map.#{name} '#{path}', :controller => '#{route_options[:controller]}', :action => '#{route_options[:action]}'" - end - end - end -end - -Rails::Generator::Commands::Destroy.class_eval do - def route_resource(*resources) - resource_list = resources.map { |r| r.to_sym.inspect }.join(', ') - look_for = "\n map.resource #{resource_list}\n" - logger.route "map.resource #{resource_list}" - unless options[:pretend] - gsub_file 'config/routes.rb', /(#{look_for})/mi, '' - end - end - - def route_name(name, path, route_options = {}) - look_for = "\n map.#{name} '#{path}', :controller => '#{route_options[:controller]}', :action => '#{route_options[:action]}'" - logger.route "map.#{name} '#{path}', :controller => '#{route_options[:controller]}', :action => '#{route_options[:action]}'" - unless options[:pretend] - gsub_file 'config/routes.rb', /(#{look_for})/mi, '' - end - end -end - -Rails::Generator::Commands::List.class_eval do - def route_resource(*resources) - resource_list = resources.map { |r| r.to_sym.inspect }.join(', ') - logger.route "map.resource #{resource_list}" - end - - def route_name(name, path, options = {}) - logger.route "map.#{name} '#{path}', :controller => '{options[:controller]}', :action => '#{options[:action]}'" - end -end diff --git a/vendor/plugins/restful-authentication/generators/authenticated/templates/_model_partial.html.erb b/vendor/plugins/restful-authentication/generators/authenticated/templates/_model_partial.html.erb deleted file mode 100644 index 0685494..0000000 --- a/vendor/plugins/restful-authentication/generators/authenticated/templates/_model_partial.html.erb +++ /dev/null @@ -1,8 +0,0 @@ -<%% if logged_in? -%> -
Logged in as <%%= link_to_current_<%= file_name %> :content_method => :login %>
-
(<%%= link_to "Log out", logout_path, { :title => "Log out" } %>)
-<%% else -%> -
<%%= abbr_tag_with_IP 'Not logged in', :style => 'border: none;' %>
-
<%%= link_to "Log in", login_path, { :title => "Log in" } %> / - <%%= link_to "Sign up", signup_path, { :title => "Create an account" } %>
-<%% end -%> diff --git a/vendor/plugins/restful-authentication/generators/authenticated/templates/activation.html.erb b/vendor/plugins/restful-authentication/generators/authenticated/templates/activation.html.erb deleted file mode 100644 index 9d4ad0b..0000000 --- a/vendor/plugins/restful-authentication/generators/authenticated/templates/activation.html.erb +++ /dev/null @@ -1,3 +0,0 @@ -<%%=h @<%= file_name %>.login %>, your account has been activated. Welcome aboard! - - <%%=h @url %> diff --git a/vendor/plugins/restful-authentication/generators/authenticated/templates/authenticated_system.rb b/vendor/plugins/restful-authentication/generators/authenticated/templates/authenticated_system.rb deleted file mode 100644 index baa285b..0000000 --- a/vendor/plugins/restful-authentication/generators/authenticated/templates/authenticated_system.rb +++ /dev/null @@ -1,187 +0,0 @@ -module AuthenticatedSystem - protected - # Returns true or false if the <%= file_name %> is logged in. - # Preloads @current_<%= file_name %> with the <%= file_name %> model if they're logged in. - def logged_in? - !!current_<%= file_name %> - end - - # Accesses the current <%= file_name %> from the session. - # Future calls avoid the database because nil is not equal to false. - def current_<%= file_name %> - @current_<%= file_name %> ||= (login_from_session || login_from_basic_auth || login_from_cookie) unless @current_<%= file_name %> == false - end - - # Store the given <%= file_name %> id in the session. - def current_<%= file_name %>=(new_<%= file_name %>) - session[:<%= file_name %>_id] = new_<%= file_name %> ? new_<%= file_name %>.id : nil - @current_<%= file_name %> = new_<%= file_name %> || false - end - - # Check if the <%= file_name %> is authorized - # - # Override this method in your controllers if you want to restrict access - # to only a few actions or if you want to check if the <%= file_name %> - # has the correct rights. - # - # Example: - # - # # only allow nonbobs - # def authorized? - # current_<%= file_name %>.login != "bob" - # end - # - def authorized?(action=nil, resource=nil, *args) - logged_in? - end - - # Filter method to enforce a login requirement. - # - # To require logins for all actions, use this in your controllers: - # - # before_filter :login_required - # - # To require logins for specific actions, use this in your controllers: - # - # before_filter :login_required, :only => [ :edit, :update ] - # - # To skip this in a subclassed controller: - # - # skip_before_filter :login_required - # - def login_required - authorized? || access_denied - end - - # Redirect as appropriate when an access request fails. - # - # The default action is to redirect to the login screen. - # - # Override this method in your controllers if you want to have special - # behavior in case the <%= file_name %> is not authorized - # to access the requested action. For example, a popup window might - # simply close itself. - def access_denied - respond_to do |format| - format.html do - store_location - redirect_to new_<%= controller_routing_name %>_path - end - # format.any doesn't work in rails version < http://dev.rubyonrails.org/changeset/8987 - # you may want to change format.any to e.g. format.any(:js, :xml) - format.any do - request_http_basic_authentication 'Web Password' - end - end - end - - # Store the URI of the current request in the session. - # - # We can return to this location by calling #redirect_back_or_default. - def store_location - session[:return_to] = request.request_uri - end - - # Redirect to the URI stored by the most recent store_location call or - # to the passed default. Set an appropriately modified - # after_filter :store_location, :only => [:index, :new, :show, :edit] - # for any controller you want to be bounce-backable. - def redirect_back_or_default(default) - redirect_to(session[:return_to] || default) - session[:return_to] = nil - end - - # Inclusion hook to make #current_<%= file_name %> and #logged_in? - # available as ActionView helper methods. - def self.included(base) - base.send :helper_method, :current_<%= file_name %>, :logged_in?, :authorized? if base.respond_to? :helper_method - end - - # - # Login - # - - # Called from #current_<%= file_name %>. First attempt to login by the <%= file_name %> id stored in the session. - def login_from_session - self.current_<%= file_name %> = <%= class_name %>.find_by_id(session[:<%= file_name %>_id]) if session[:<%= file_name %>_id] - end - - # Called from #current_<%= file_name %>. Now, attempt to login by basic authentication information. - def login_from_basic_auth - authenticate_with_http_basic do |login, password| - self.current_<%= file_name %> = <%= class_name %>.authenticate(login, password) - end - end - - # - # Logout - # - - # Called from #current_<%= file_name %>. Finaly, attempt to login by an expiring token in the cookie. - # for the paranoid: we _should_ be storing <%= file_name %>_token = hash(cookie_token, request IP) - def login_from_cookie - <%= file_name %> = cookies[:auth_token] && <%= class_name %>.find_by_remember_token(cookies[:auth_token]) - if <%= file_name %> && <%= file_name %>.remember_token? - self.current_<%= file_name %> = <%= file_name %> - handle_remember_cookie! false # freshen cookie token (keeping date) - self.current_<%= file_name %> - end - end - - # This is ususally what you want; resetting the session willy-nilly wreaks - # havoc with forgery protection, and is only strictly necessary on login. - # However, **all session state variables should be unset here**. - def logout_keeping_session! - # Kill server-side auth cookie - @current_<%= file_name %>.forget_me if @current_<%= file_name %>.is_a? <%= class_name %> - @current_<%= file_name %> = false # not logged in, and don't do it for me - kill_remember_cookie! # Kill client-side auth cookie - session[:<%= file_name %>_id] = nil # keeps the session but kill our variable - # explicitly kill any other session variables you set - end - - # The session should only be reset at the tail end of a form POST -- - # otherwise the request forgery protection fails. It's only really necessary - # when you cross quarantine (logged-out to logged-in). - def logout_killing_session! - logout_keeping_session! - reset_session - end - - # - # Remember_me Tokens - # - # Cookies shouldn't be allowed to persist past their freshness date, - # and they should be changed at each login - - # Cookies shouldn't be allowed to persist past their freshness date, - # and they should be changed at each login - - def valid_remember_cookie? - return nil unless @current_<%= file_name %> - (@current_<%= file_name %>.remember_token?) && - (cookies[:auth_token] == @current_<%= file_name %>.remember_token) - end - - # Refresh the cookie auth token if it exists, create it otherwise - def handle_remember_cookie! new_cookie_flag - return unless @current_<%= file_name %> - case - when valid_remember_cookie? then @current_<%= file_name %>.refresh_token # keeping same expiry date - when new_cookie_flag then @current_<%= file_name %>.remember_me - else @current_<%= file_name %>.forget_me - end - send_remember_cookie! - end - - def kill_remember_cookie! - cookies.delete :auth_token - end - - def send_remember_cookie! - cookies[:auth_token] = { - :value => @current_<%= file_name %>.remember_token, - :expires => @current_<%= file_name %>.remember_token_expires_at } - end - -end diff --git a/vendor/plugins/restful-authentication/generators/authenticated/templates/authenticated_test_helper.rb b/vendor/plugins/restful-authentication/generators/authenticated/templates/authenticated_test_helper.rb deleted file mode 100644 index 9cd3e45..0000000 --- a/vendor/plugins/restful-authentication/generators/authenticated/templates/authenticated_test_helper.rb +++ /dev/null @@ -1,22 +0,0 @@ -module AuthenticatedTestHelper - # Sets the current <%= file_name %> in the session from the <%= file_name %> fixtures. - def login_as(<%= file_name %>) - @request.session[:<%= file_name %>_id] = <%= file_name %> ? <%= table_name %>(<%= file_name %>).id : nil - end - - def authorize_as(<%= file_name %>) - @request.env["HTTP_AUTHORIZATION"] = <%= file_name %> ? ActionController::HttpAuthentication::Basic.encode_credentials(<%= table_name %>(<%= file_name %>).login, 'monkey') : nil - end - -<% if options[:rspec] -%> - # rspec - def mock_<%= file_name %> - <%= file_name %> = mock_model(<%= class_name %>, :id => 1, - :login => 'user_name', - :name => 'U. Surname', - :to_xml => "<%= class_name %>-in-XML", :to_json => "<%= class_name %>-in-JSON", - :errors => []) - <%= file_name %> - end -<% end -%> -end diff --git a/vendor/plugins/restful-authentication/generators/authenticated/templates/controller.rb b/vendor/plugins/restful-authentication/generators/authenticated/templates/controller.rb deleted file mode 100644 index df352ac..0000000 --- a/vendor/plugins/restful-authentication/generators/authenticated/templates/controller.rb +++ /dev/null @@ -1,43 +0,0 @@ -# This controller handles the login/logout function of the site. -class <%= controller_class_name %>Controller < ApplicationController - # Be sure to include AuthenticationSystem in Application Controller instead - include AuthenticatedSystem - - # render new.rhtml - def new - end - - def create - logout_keeping_session! - <%= file_name %> = <%= class_name %>.authenticate(params[:login], params[:password]) - if <%= file_name %> - # Protects against session fixation attacks, causes request forgery - # protection if user resubmits an earlier form using back - # button. Uncomment if you understand the tradeoffs. - # reset_session - self.current_<%= file_name %> = <%= file_name %> - new_cookie_flag = (params[:remember_me] == "1") - handle_remember_cookie! new_cookie_flag - redirect_back_or_default('/') - flash[:notice] = "Logged in successfully" - else - note_failed_signin - @login = params[:login] - @remember_me = params[:remember_me] - render :action => 'new' - end - end - - def destroy - logout_killing_session! - flash[:notice] = "You have been logged out." - redirect_back_or_default('/') - end - -protected - # Track failed login attempts - def note_failed_signin - flash[:error] = "Couldn't log you in as '#{params[:login]}'" - logger.warn "Failed login for '#{params[:login]}' from #{request.remote_ip} at #{Time.now.utc}" - end -end diff --git a/vendor/plugins/restful-authentication/generators/authenticated/templates/helper.rb b/vendor/plugins/restful-authentication/generators/authenticated/templates/helper.rb deleted file mode 100644 index ed5759e..0000000 --- a/vendor/plugins/restful-authentication/generators/authenticated/templates/helper.rb +++ /dev/null @@ -1,2 +0,0 @@ -module <%= controller_class_name %>Helper -end \ No newline at end of file diff --git a/vendor/plugins/restful-authentication/generators/authenticated/templates/login.html.erb b/vendor/plugins/restful-authentication/generators/authenticated/templates/login.html.erb deleted file mode 100644 index 997e3ab..0000000 --- a/vendor/plugins/restful-authentication/generators/authenticated/templates/login.html.erb +++ /dev/null @@ -1,16 +0,0 @@ -

Log In

- -<%% form_tag <%= controller_routing_name %>_path do -%> -

<%%= label_tag 'login' %>
-<%%= text_field_tag 'login', @login %>

- -

<%%= label_tag 'password' %>
-<%%= password_field_tag 'password', nil %>

- - - -

<%%= submit_tag 'Log in' %>

-<%% end -%> diff --git a/vendor/plugins/restful-authentication/generators/authenticated/templates/mailer.rb b/vendor/plugins/restful-authentication/generators/authenticated/templates/mailer.rb deleted file mode 100644 index f6e092b..0000000 --- a/vendor/plugins/restful-authentication/generators/authenticated/templates/mailer.rb +++ /dev/null @@ -1,25 +0,0 @@ -class <%= class_name %>Mailer < ActionMailer::Base - def signup_notification(<%= file_name %>) - setup_email(<%= file_name %>) - @subject += 'Please activate your new account' - <% if options[:include_activation] %> - @body[:url] = "http://YOURSITE/activate/#{<%= file_name %>.activation_code}" - <% else %> - @body[:url] = "http://YOURSITE/login/" <% end %> - end - - def activation(<%= file_name %>) - setup_email(<%= file_name %>) - @subject += 'Your account has been activated!' - @body[:url] = "http://YOURSITE/" - end - - protected - def setup_email(<%= file_name %>) - @recipients = "#{<%= file_name %>.email}" - @from = "ADMINEMAIL" - @subject = "[YOURSITE] " - @sent_on = Time.now - @body[:<%= file_name %>] = <%= file_name %> - end -end diff --git a/vendor/plugins/restful-authentication/generators/authenticated/templates/migration.rb b/vendor/plugins/restful-authentication/generators/authenticated/templates/migration.rb deleted file mode 100644 index afeaaaa..0000000 --- a/vendor/plugins/restful-authentication/generators/authenticated/templates/migration.rb +++ /dev/null @@ -1,26 +0,0 @@ -class <%= migration_name %> < ActiveRecord::Migration - def self.up - create_table "<%= table_name %>", :force => true do |t| - t.column :login, :string, :limit => 40 - t.column :name, :string, :limit => 100, :default => '', :null => true - t.column :email, :string, :limit => 100 - t.column :crypted_password, :string, :limit => 40 - t.column :salt, :string, :limit => 40 - t.column :created_at, :datetime - t.column :updated_at, :datetime - t.column :remember_token, :string, :limit => 40 - t.column :remember_token_expires_at, :datetime -<% if options[:include_activation] -%> - t.column :activation_code, :string, :limit => 40 - t.column :activated_at, :datetime<% end %> -<% if options[:stateful] -%> - t.column :state, :string, :null => :no, :default => 'passive' - t.column :deleted_at, :datetime<% end %> - end - add_index :<%= table_name %>, :login, :unique => true - end - - def self.down - drop_table "<%= table_name %>" - end -end diff --git a/vendor/plugins/restful-authentication/generators/authenticated/templates/model.rb b/vendor/plugins/restful-authentication/generators/authenticated/templates/model.rb deleted file mode 100644 index 7b8a37e..0000000 --- a/vendor/plugins/restful-authentication/generators/authenticated/templates/model.rb +++ /dev/null @@ -1,74 +0,0 @@ -require 'digest/sha1' - -class <%= class_name %> < ActiveRecord::Base - include Authentication - include Authentication::ByPassword - include Authentication::ByCookieToken -<% if options[:aasm] -%> - include Authorization::AasmRoles -<% elsif options[:stateful] -%> - include Authorization::StatefulRoles<% end %> - validates_presence_of :login - validates_length_of :login, :within => 3..40 - validates_uniqueness_of :login, :case_sensitive => false - validates_format_of :login, :with => RE_LOGIN_OK, :message => MSG_LOGIN_BAD - - validates_format_of :name, :with => RE_NAME_OK, :message => MSG_NAME_BAD, :allow_nil => true - validates_length_of :name, :maximum => 100 - - validates_presence_of :email - validates_length_of :email, :within => 6..100 #r@a.wk - validates_uniqueness_of :email, :case_sensitive => false - validates_format_of :email, :with => RE_EMAIL_OK, :message => MSG_EMAIL_BAD - - <% if options[:include_activation] && !options[:stateful] %>before_create :make_activation_code <% end %> - - # HACK HACK HACK -- how to do attr_accessible from here? - # prevents a user from submitting a crafted form that bypasses activation - # anything else you want your user to change should be added here. - attr_accessible :login, :email, :name, :password, :password_confirmation - -<% if options[:include_activation] && !options[:stateful] %> - # Activates the user in the database. - def activate! - @activated = true - self.activated_at = Time.now.utc - self.activation_code = nil - save(false) - end - - # Returns true if the user has just been activated. - def recently_activated? - @activated - end - - def active? - # the existence of an activation code means they have not activated yet - activation_code.nil? - end<% end %> - - # Authenticates a user by their login name and unencrypted password. Returns the user or nil. - # - # uff. this is really an authorization, not authentication routine. - # We really need a Dispatch Chain here or something. - # This will also let us return a human error message. - # - def self.authenticate(login, password) - u = <% if options[:stateful] %>find_in_state :first, :active, :conditions => {:login => login}<% - elsif options[:include_activation] %>find :first, :conditions => ['login = ? and activated_at IS NOT NULL', login]<% - else %>find_by_login(login)<% end %> # need to get the salt - u && u.authenticated?(password) ? u : nil - end - - protected - -<% if options[:include_activation] -%> - def make_activation_code - <% if options[:stateful] -%> - self.deleted_at = nil - <% end -%> - self.activation_code = self.class.make_token - end -<% end %> - -end diff --git a/vendor/plugins/restful-authentication/generators/authenticated/templates/model_controller.rb b/vendor/plugins/restful-authentication/generators/authenticated/templates/model_controller.rb deleted file mode 100644 index 56b3c9e..0000000 --- a/vendor/plugins/restful-authentication/generators/authenticated/templates/model_controller.rb +++ /dev/null @@ -1,86 +0,0 @@ -class <%= model_controller_class_name %>Controller < ApplicationController - # Be sure to include AuthenticationSystem in Application Controller instead - include AuthenticatedSystem - <% if options[:stateful] %> - # Protect these actions behind an admin login - # before_filter :admin_required, :only => [:suspend, :unsuspend, :destroy, :purge] - before_filter :find_<%= file_name %>, :only => [:suspend, :unsuspend, :destroy, :purge] - <% end %> - - # render new.rhtml - def new - @<%= file_name %> = <%= class_name %>.new - end - - def create - logout_keeping_session! - @<%= file_name %> = <%= class_name %>.new(params[:<%= file_name %>]) -<% if options[:stateful] -%> - @<%= file_name %>.register! if @<%= file_name %> && @<%= file_name %>.valid? - success = @<%= file_name %> && @<%= file_name %>.valid? -<% else -%> - success = @<%= file_name %> && @<%= file_name %>.save -<% end -%> - if success && @<%= file_name %>.errors.empty? - <% if !options[:include_activation] -%> - # Protects against session fixation attacks, causes request forgery - # protection if visitor resubmits an earlier form using back - # button. Uncomment if you understand the tradeoffs. - # reset session - self.current_<%= file_name %> = @<%= file_name %> # !! now logged in - <% end -%> - redirect_back_or_default('/') - flash[:notice] = "Thanks for signing up! We're sending you an email with your activation code." - else - flash[:error] = "We couldn't set up that account, sorry. Please try again, or contact an admin (link is above)." - render :action => 'new' - end - end -<% if options[:include_activation] %> - def activate - logout_keeping_session! - <%= file_name %> = <%= class_name %>.find_by_activation_code(params[:activation_code]) unless params[:activation_code].blank? - case - when (!params[:activation_code].blank?) && <%= file_name %> && !<%= file_name %>.active? - <%= file_name %>.activate! - flash[:notice] = "Signup complete! Please sign in to continue." - redirect_to '/login' - when params[:activation_code].blank? - flash[:error] = "The activation code was missing. Please follow the URL from your email." - redirect_back_or_default('/') - else - flash[:error] = "We couldn't find a <%= file_name %> with that activation code -- check your email? Or maybe you've already activated -- try signing in." - redirect_back_or_default('/') - end - end -<% end %><% if options[:stateful] %> - def suspend - @<%= file_name %>.suspend! - redirect_to <%= model_controller_routing_name %>_path - end - - def unsuspend - @<%= file_name %>.unsuspend! - redirect_to <%= model_controller_routing_name %>_path - end - - def destroy - @<%= file_name %>.delete! - redirect_to <%= model_controller_routing_name %>_path - end - - def purge - @<%= file_name %>.destroy - redirect_to <%= model_controller_routing_name %>_path - end - - # There's no page here to update or destroy a <%= file_name %>. If you add those, be - # smart -- make sure you check that the visitor is authorized to do so, that they - # supply their old password along with a new one to update it, etc. - -protected - def find_<%= file_name %> - @<%= file_name %> = <%= class_name %>.find(params[:id]) - end -<% end -%> -end diff --git a/vendor/plugins/restful-authentication/generators/authenticated/templates/model_helper.rb b/vendor/plugins/restful-authentication/generators/authenticated/templates/model_helper.rb deleted file mode 100644 index cc7a6b1..0000000 --- a/vendor/plugins/restful-authentication/generators/authenticated/templates/model_helper.rb +++ /dev/null @@ -1,93 +0,0 @@ -module <%= model_controller_class_name %>Helper - - # - # Use this to wrap view elements that the user can't access. - # !! Note: this is an *interface*, not *security* feature !! - # You need to do all access control at the controller level. - # - # Example: - # <%%= if_authorized?(:index, User) do link_to('List all users', users_path) end %> | - # <%%= if_authorized?(:edit, @user) do link_to('Edit this user', edit_user_path) end %> | - # <%%= if_authorized?(:destroy, @user) do link_to 'Destroy', @user, :confirm => 'Are you sure?', :method => :delete end %> - # - # - def if_authorized?(action, resource, &block) - if authorized?(action, resource) - yield action, resource - end - end - - # - # Link to user's page ('<%= table_name %>/1') - # - # By default, their login is used as link text and link title (tooltip) - # - # Takes options - # * :content_text => 'Content text in place of <%= file_name %>.login', escaped with - # the standard h() function. - # * :content_method => :<%= file_name %>_instance_method_to_call_for_content_text - # * :title_method => :<%= file_name %>_instance_method_to_call_for_title_attribute - # * as well as link_to()'s standard options - # - # Examples: - # link_to_<%= file_name %> @<%= file_name %> - # # => barmy - # - # # if you've added a .name attribute: - # content_tag :span, :class => :vcard do - # (link_to_<%= file_name %> <%= file_name %>, :class => 'fn n', :title_method => :login, :content_method => :name) + - # ': ' + (content_tag :span, <%= file_name %>.email, :class => 'email') - # end - # # => Cyril Fotheringay-Phipps: - # - # link_to_<%= file_name %> @<%= file_name %>, :content_text => 'Your user page' - # # => Your user page - # - def link_to_<%= file_name %>(<%= file_name %>, options={}) - raise "Invalid <%= file_name %>" unless <%= file_name %> - options.reverse_merge! :content_method => :login, :title_method => :login, :class => :nickname - content_text = options.delete(:content_text) - content_text ||= <%= file_name %>.send(options.delete(:content_method)) - options[:title] ||= <%= file_name %>.send(options.delete(:title_method)) - link_to h(content_text), <%= model_controller_routing_name.singularize %>_path(<%= file_name %>), options - end - - # - # Link to login page using remote ip address as link content - # - # The :title (and thus, tooltip) is set to the IP address - # - # Examples: - # link_to_login_with_IP - # # => 169.69.69.69 - # - # link_to_login_with_IP :content_text => 'not signed in' - # # => not signed in - # - def link_to_login_with_IP content_text=nil, options={} - ip_addr = request.remote_ip - content_text ||= ip_addr - options.reverse_merge! :title => ip_addr - if tag = options.delete(:tag) - content_tag tag, h(content_text), options - else - link_to h(content_text), login_path, options - end - end - - # - # Link to the current user's page (using link_to_<%= file_name %>) or to the login page - # (using link_to_login_with_IP). - # - def link_to_current_<%= file_name %>(options={}) - if current_<%= file_name %> - link_to_<%= file_name %> current_<%= file_name %>, options - else - content_text = options.delete(:content_text) || 'not signed in' - # kill ignored options from link_to_<%= file_name %> - [:content_method, :title_method].each{|opt| options.delete(opt)} - link_to_login_with_IP content_text, options - end - end - -end diff --git a/vendor/plugins/restful-authentication/generators/authenticated/templates/model_helper_spec.rb b/vendor/plugins/restful-authentication/generators/authenticated/templates/model_helper_spec.rb deleted file mode 100644 index 1d17fbd..0000000 --- a/vendor/plugins/restful-authentication/generators/authenticated/templates/model_helper_spec.rb +++ /dev/null @@ -1,158 +0,0 @@ -require File.dirname(__FILE__) + '/../spec_helper' -include ApplicationHelper -include <%= model_controller_class_name %>Helper - -describe "<%= model_controller_class_name %>Helper.link_to_<%= file_name %>" do - before do - @<%= file_name %> = <%= class_name %>.new({ - :name => '<%= class_name %> Name', - :login => '<%= file_name %>_name', - }) - @<%= file_name %>.id = 1 # set non-attr_accessible specifically - end - - it "should give an error on a nil <%= file_name %>" do - lambda { link_to_<%= file_name %>(nil) }.should raise_error('Invalid <%= file_name %>') - end - - it "should link to the given <%= file_name %>" do - link_to_<%= file_name %>(@<%= file_name %>).should have_tag("a[href='/<%= table_name %>/1']") - end - - it "should use given link text if :content_text is specified" do - link_to_<%= file_name %>(@<%= file_name %>, :content_text => 'Hello there!').should have_tag("a", 'Hello there!') - end - - it "should use the login as link text with no :content_method specified" do - link_to_<%= file_name %>(@<%= file_name %>).should have_tag("a", '<%= file_name %>_name') - end - - it "should use the name as link text with :content_method => :name" do - link_to_<%= file_name %>(@<%= file_name %>, :content_method => :name).should have_tag("a", '<%= class_name %> Name') - end - - it "should use the login as title with no :title_method specified" do - link_to_<%= file_name %>(@<%= file_name %>).should have_tag("a[title='<%= file_name %>_name']") - end - - it "should use the name as link title with :content_method => :name" do - link_to_<%= file_name %>(@<%= file_name %>, :title_method => :name).should have_tag("a[title='<%= class_name %> Name']") - end - - it "should have nickname as a class by default" do - link_to_<%= file_name %>(@<%= file_name %>).should have_tag("a.nickname") - end - - it "should take other classes and no longer have the nickname class" do - result = link_to_<%= file_name %>(@<%= file_name %>, :class => 'foo bar') - result.should have_tag("a.foo") - result.should have_tag("a.bar") - end -end - -describe "<%= model_controller_class_name %>Helper.link_to_signin_with_IP" do - before do - end - - it "should link to the signin_path" do - link_to_signin_with_IP().should have_tag("a[href='/signin']") - end - - it "should use given link text if :content_text is specified" do - link_to_signin_with_IP(:content_text => 'Hello there!').should have_tag("a", 'Hello there!') - end - - it "should use the login as link text with no :content_method specified" do - link_to_signin_with_IP().should have_tag("a", '0.0.0.0') - end - - it "should use the ip address as title" do - link_to_signin_with_IP().should have_tag("a[title='0.0.0.0']") - end - - it "should by default be like school in summer and have no class" do - link_to_signin_with_IP().should_not have_tag("a.nickname") - end - - it "should have some class if you tell it to" do - result = link_to_signin_with_IP(:class => 'foo bar') - result.should have_tag("a.foo") - result.should have_tag("a.bar") - end -end - -describe "<%= model_controller_class_name %>Helper.link_to_current_<%= file_name %>, When logged in" do - fixtures :<%= table_name %> - include AuthenticatedTestHelper - before do - login_as(:quentin) - end - - it "should link to the given <%= file_name %>" do - link_to_current_<%= file_name %>().should have_tag("a[href='/<%= table_name %>/1']") - end - - it "should use given link text if :content_text is specified" do - link_to_current_user(:content_text => 'Hello there!').should have_tag("a", 'Hello there!') - end - - it "should use the login as link text with no :content_method specified" do - link_to_current_user().should have_tag("a", 'quentin') - end - - it "should use the name as link text with :content_method => :name" do - link_to_current_user(:content_method => :name).should have_tag("a", 'Quentin') - end - - it "should use the login as title with no :title_method specified" do - link_to_current_user().should have_tag("a[title='quentin']") - end - - it "should use the name as link title with :content_method => :name" do - link_to_current_user(:title_method => :name).should have_tag("a[title='Quentin']") - end - - it "should have nickname as a class" do - link_to_current_user().should have_tag("a.nickname") - end - - it "should take other classes and no longer have the nickname class" do - result = link_to_current_user(:class => 'foo bar') - result.should have_tag("a.foo") - result.should have_tag("a.bar") - end -end - - - -describe "<%= model_controller_class_name %>Helper.link_to_current_user, When logged out" do - include AuthenticatedTestHelper - before do - end - - it "should link to the signin_path" do - link_to_current_user().should have_tag("a[href='/signin']") - end - - it "should use given link text if :content_text is specified" do - link_to_current_user(:content_text => 'Hello there!').should have_tag("a", 'Hello there!') - end - - it "should use the IP address as link text with no :content_method specified" do - link_to_current_user().should have_tag("a", '0.0.0.0') - end - - it "should use the ip address as title" do - link_to_current_user().should have_tag("a[title='0.0.0.0']") - end - - it "should by default be like school in summer and have no class" do - link_to_current_user().should_not have_tag("a.nickname") - end - - it "should have some class if you tell it to" do - result = link_to_current_user(:class => 'foo bar') - result.should have_tag("a.foo") - result.should have_tag("a.bar") - end -end diff --git a/vendor/plugins/restful-authentication/generators/authenticated/templates/observer.rb b/vendor/plugins/restful-authentication/generators/authenticated/templates/observer.rb deleted file mode 100644 index bbf6f5e..0000000 --- a/vendor/plugins/restful-authentication/generators/authenticated/templates/observer.rb +++ /dev/null @@ -1,11 +0,0 @@ -class <%= class_name %>Observer < ActiveRecord::Observer - def after_create(<%= file_name %>) - <%= class_name %>Mailer.deliver_signup_notification(<%= file_name %>) - end - - def after_save(<%= file_name %>) - <% if options[:include_activation] %> - <%= class_name %>Mailer.deliver_activation(<%= file_name %>) if <%= file_name %>.recently_activated? - <% end %> - end -end diff --git a/vendor/plugins/restful-authentication/generators/authenticated/templates/signup.html.erb b/vendor/plugins/restful-authentication/generators/authenticated/templates/signup.html.erb deleted file mode 100644 index cbaa476..0000000 --- a/vendor/plugins/restful-authentication/generators/authenticated/templates/signup.html.erb +++ /dev/null @@ -1,19 +0,0 @@ -

Sign up as a new user

-<%% @<%= file_name %>.password = @<%= file_name %>.password_confirmation = nil %> - -<%%= error_messages_for :<%= file_name %> %> -<%% form_for :<%= file_name %>, :url => <%= model_controller_routing_name %>_path do |f| -%> -

<%%= label_tag 'login' %>
-<%%= f.text_field :login %>

- -

<%%= label_tag 'email' %>
-<%%= f.text_field :email %>

- -

<%%= label_tag 'password' %>
-<%%= f.password_field :password %>

- -

<%%= label_tag 'password_confirmation', 'Confirm Password' %>
-<%%= f.password_field :password_confirmation %>

- -

<%%= submit_tag 'Sign up' %>

-<%% end -%> diff --git a/vendor/plugins/restful-authentication/generators/authenticated/templates/signup_notification.html.erb b/vendor/plugins/restful-authentication/generators/authenticated/templates/signup_notification.html.erb deleted file mode 100644 index 05afaba..0000000 --- a/vendor/plugins/restful-authentication/generators/authenticated/templates/signup_notification.html.erb +++ /dev/null @@ -1,8 +0,0 @@ -Your account has been created. - - Username: <%%=h @<%= file_name %>.login %> - Password: <%%=h @<%= file_name %>.password %> - -Visit this url to activate your account: - - <%%=h @url %> diff --git a/vendor/plugins/restful-authentication/generators/authenticated/templates/site_keys.rb b/vendor/plugins/restful-authentication/generators/authenticated/templates/site_keys.rb deleted file mode 100644 index 9de2f2b..0000000 --- a/vendor/plugins/restful-authentication/generators/authenticated/templates/site_keys.rb +++ /dev/null @@ -1,38 +0,0 @@ - -# A Site key gives additional protection against a dictionary attack if your -# DB is ever compromised. With no site key, we store -# DB_password = hash(user_password, DB_user_salt) -# If your database were to be compromised you'd be vulnerable to a dictionary -# attack on all your stupid users' passwords. With a site key, we store -# DB_password = hash(user_password, DB_user_salt, Code_site_key) -# That means an attacker needs access to both your site's code *and* its -# database to mount an "offline dictionary attack.":http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/web-authentication.html -# -# It's probably of minor importance, but recommended by best practices: 'defense -# in depth'. Needless to say, if you upload this to github or the youtubes or -# otherwise place it in public view you'll kinda defeat the point. Your users' -# passwords are still secure, and the world won't end, but defense_in_depth -= 1. -# -# Please note: if you change this, all the passwords will be invalidated, so DO -# keep it someplace secure. Use the random value given or type in the lyrics to -# your favorite Jay-Z song or something; any moderately long, unpredictable text. -REST_AUTH_SITE_KEY = '<%= $rest_auth_site_key_from_generator %>' - -# Repeated applications of the hash make brute force (even with a compromised -# database and site key) harder, and scale with Moore's law. -# -# bq. "To squeeze the most security out of a limited-entropy password or -# passphrase, we can use two techniques [salting and stretching]... that are -# so simple and obvious that they should be used in every password system. -# There is really no excuse not to use them." http://tinyurl.com/37lb73 -# Practical Security (Ferguson & Scheier) p350 -# -# A modest 10 foldings (the default here) adds 3ms. This makes brute forcing 10 -# times harder, while reducing an app that otherwise serves 100 reqs/s to 78 signin -# reqs/s, an app that does 10reqs/s to 9.7 reqs/s -# -# More: -# * http://www.owasp.org/index.php/Hashing_Java -# * "An Illustrated Guide to Cryptographic Hashes":http://www.unixwiz.net/techtips/iguide-crypto-hashes.html - -REST_AUTH_DIGEST_STRETCHES = <%= $rest_auth_digest_stretches_from_generator %> diff --git a/vendor/plugins/restful-authentication/generators/authenticated/templates/spec/controllers/access_control_spec.rb b/vendor/plugins/restful-authentication/generators/authenticated/templates/spec/controllers/access_control_spec.rb deleted file mode 100644 index ef44b7f..0000000 --- a/vendor/plugins/restful-authentication/generators/authenticated/templates/spec/controllers/access_control_spec.rb +++ /dev/null @@ -1,90 +0,0 @@ -require File.dirname(__FILE__) + '<%= ('/..'*controller_class_nesting_depth) + '/../spec_helper' %>' - # Be sure to include AuthenticatedTestHelper in spec/spec_helper.rb instead -# Then, you can remove it from this and the units test. -include AuthenticatedTestHelper - -# -# A test controller with and without access controls -# -class AccessControlTestController < ApplicationController - before_filter :login_required, :only => :login_is_required - def login_is_required - respond_to do |format| - @foo = { 'success' => params[:format]||'no fmt given'} - format.html do render :text => "success" end - format.xml do render :xml => @foo, :status => :ok end - format.json do render :json => @foo, :status => :ok end - end - end - def login_not_required - respond_to do |format| - @foo = { 'success' => params[:format]||'no fmt given'} - format.html do render :text => "success" end - format.xml do render :xml => @foo, :status => :ok end - format.json do render :json => @foo, :status => :ok end - end - end -end - -# -# Access Control -# - -ACCESS_CONTROL_FORMATS = [ - ['', "success"], - ['xml', "\n\n xml\n\n"], - ['json', "{\"success\": \"json\"}"],] -ACCESS_CONTROL_AM_I_LOGGED_IN = [ - [:i_am_logged_in, :quentin], - [:i_am_not_logged_in, nil],] -ACCESS_CONTROL_IS_LOGIN_REQD = [ - :login_not_required, - :login_is_required,] - -describe AccessControlTestController do - fixtures :<%= table_name %> - before do - # is there a better way to do this? - ActionController::Routing::Routes.add_route '/login_is_required', :controller => 'access_control_test', :action => 'login_is_required' - ActionController::Routing::Routes.add_route '/login_not_required', :controller => 'access_control_test', :action => 'login_not_required' - end - - ACCESS_CONTROL_FORMATS.each do |format, success_text| - ACCESS_CONTROL_AM_I_LOGGED_IN.each do |logged_in_status, <%= file_name %>_login| - ACCESS_CONTROL_IS_LOGIN_REQD.each do |login_reqd_status| - describe "requesting #{format.blank? ? 'html' : format}; #{logged_in_status.to_s.humanize} and #{login_reqd_status.to_s.humanize}" do - before do - logout_keeping_session! - @<%= file_name %> = format.blank? ? login_as(<%= file_name %>_login) : authorize_as(<%= file_name %>_login) - get login_reqd_status.to_s, :format => format - end - - if ((login_reqd_status == :login_not_required) || - (login_reqd_status == :login_is_required && logged_in_status == :i_am_logged_in)) - it "succeeds" do - response.should have_text(success_text) - response.code.to_s.should == '200' - end - - elsif (login_reqd_status == :login_is_required && logged_in_status == :i_am_not_logged_in) - if ['html', ''].include? format - it "redirects me to the log in page" do - response.should redirect_to('/<%= controller_routing_path %>/new') - end - else - it "returns 'Access denied' and a 406 (Access Denied) status code" do - response.should have_text("HTTP Basic: Access denied.\n") - response.code.to_s.should == '401' - end - end - - else - warn "Oops no case for #{format} and #{logged_in_status.to_s.humanize} and #{login_reqd_status.to_s.humanize}" - end - end # describe - - end - end - end # cases - -end diff --git a/vendor/plugins/restful-authentication/generators/authenticated/templates/spec/controllers/authenticated_system_spec.rb b/vendor/plugins/restful-authentication/generators/authenticated/templates/spec/controllers/authenticated_system_spec.rb deleted file mode 100644 index 2f34d6c..0000000 --- a/vendor/plugins/restful-authentication/generators/authenticated/templates/spec/controllers/authenticated_system_spec.rb +++ /dev/null @@ -1,101 +0,0 @@ -require File.dirname(__FILE__) + '<%= ('/..'*controller_class_nesting_depth) + '/../spec_helper' %>' - -# Be sure to include AuthenticatedTestHelper in spec/spec_helper.rb instead -# Then, you can remove it from this and the units test. -include AuthenticatedTestHelper -include AuthenticatedSystem - -describe <%= controller_class_name %>Controller do - fixtures :<%= table_name %> - - before do - # FIXME -- <%= controller_file_name %> controller not testing xml logins - stub!(:authenticate_with_http_basic).and_return nil - end - describe "logout_killing_session!" do - before do - login_as :quentin - stub!(:reset_session) - end - it 'resets the session' do should_receive(:reset_session); logout_killing_session! end - it 'kills my auth_token cookie' do should_receive(:kill_remember_cookie!); logout_killing_session! end - it 'nils the current <%= file_name %>' do logout_killing_session!; current_<%= file_name %>.should be_nil end - it 'kills :<%= file_name %>_id session' do - session.stub!(:[]=) - session.should_receive(:[]=).with(:<%= file_name %>_id, nil).at_least(:once) - logout_killing_session! - end - it 'forgets me' do - current_<%= file_name %>.remember_me - current_<%= file_name %>.remember_token.should_not be_nil; current_<%= file_name %>.remember_token_expires_at.should_not be_nil - <%= class_name %>.find(1).remember_token.should_not be_nil; <%= class_name %>.find(1).remember_token_expires_at.should_not be_nil - logout_killing_session! - <%= class_name %>.find(1).remember_token.should be_nil; <%= class_name %>.find(1).remember_token_expires_at.should be_nil - end - end - - describe "logout_keeping_session!" do - before do - login_as :quentin - stub!(:reset_session) - end - it 'does not reset the session' do should_not_receive(:reset_session); logout_keeping_session! end - it 'kills my auth_token cookie' do should_receive(:kill_remember_cookie!); logout_keeping_session! end - it 'nils the current <%= file_name %>' do logout_keeping_session!; current_<%= file_name %>.should be_nil end - it 'kills :<%= file_name %>_id session' do - session.stub!(:[]=) - session.should_receive(:[]=).with(:<%= file_name %>_id, nil).at_least(:once) - logout_keeping_session! - end - it 'forgets me' do - current_<%= file_name %>.remember_me - current_<%= file_name %>.remember_token.should_not be_nil; current_<%= file_name %>.remember_token_expires_at.should_not be_nil - <%= class_name %>.find(1).remember_token.should_not be_nil; <%= class_name %>.find(1).remember_token_expires_at.should_not be_nil - logout_keeping_session! - <%= class_name %>.find(1).remember_token.should be_nil; <%= class_name %>.find(1).remember_token_expires_at.should be_nil - end - end - - describe 'When logged out' do - it "should not be authorized?" do - authorized?().should be_false - end - end - - # - # Cookie Login - # - describe "Logging in by cookie" do - def set_remember_token token, time - @<%= file_name %>[:remember_token] = token; - @<%= file_name %>[:remember_token_expires_at] = time - @<%= file_name %>.save! - end - before do - @<%= file_name %> = <%= class_name %>.find(:first); - set_remember_token 'hello!', 5.minutes.from_now - end - it 'logs in with cookie' do - stub!(:cookies).and_return({ :auth_token => 'hello!' }) - logged_in?.should be_true - end - - it 'fails cookie login with bad cookie' do - should_receive(:cookies).at_least(:once).and_return({ :auth_token => 'i_haxxor_joo' }) - logged_in?.should_not be_true - end - - it 'fails cookie login with no cookie' do - set_remember_token nil, nil - should_receive(:cookies).at_least(:once).and_return({ }) - logged_in?.should_not be_true - end - - it 'fails expired cookie login' do - set_remember_token 'hello!', 5.minutes.ago - stub!(:cookies).and_return({ :auth_token => 'hello!' }) - logged_in?.should_not be_true - end - end - -end diff --git a/vendor/plugins/restful-authentication/generators/authenticated/templates/spec/controllers/sessions_controller_spec.rb b/vendor/plugins/restful-authentication/generators/authenticated/templates/spec/controllers/sessions_controller_spec.rb deleted file mode 100644 index 05a8dbe..0000000 --- a/vendor/plugins/restful-authentication/generators/authenticated/templates/spec/controllers/sessions_controller_spec.rb +++ /dev/null @@ -1,139 +0,0 @@ -require File.dirname(__FILE__) + '<%= ('/..'*controller_class_nesting_depth) + '/../spec_helper' %>' - -# Be sure to include AuthenticatedTestHelper in spec/spec_helper.rb instead -# Then, you can remove it from this and the units test. -include AuthenticatedTestHelper - -describe <%= controller_class_name %>Controller do - fixtures :<%= table_name %> - before do - @<%= file_name %> = mock_<%= file_name %> - @login_params = { :login => 'quentin', :password => 'test' } - <%= class_name %>.stub!(:authenticate).with(@login_params[:login], @login_params[:password]).and_return(@<%= file_name %>) - end - def do_create - post :create, @login_params - end - describe "on successful login," do - [ [:nil, nil, nil], - [:expired, 'valid_token', 15.minutes.ago], - [:different, 'i_haxxor_joo', 15.minutes.from_now], - [:valid, 'valid_token', 15.minutes.from_now] - ].each do |has_request_token, token_value, token_expiry| - [ true, false ].each do |want_remember_me| - describe "my request cookie token is #{has_request_token.to_s}," do - describe "and ask #{want_remember_me ? 'to' : 'not to'} be remembered" do - before do - @ccookies = mock('cookies') - controller.stub!(:cookies).and_return(@ccookies) - @ccookies.stub!(:[]).with(:auth_token).and_return(token_value) - @ccookies.stub!(:delete).with(:auth_token) - @ccookies.stub!(:[]=) - @<%= file_name %>.stub!(:remember_me) - @<%= file_name %>.stub!(:refresh_token) - @<%= file_name %>.stub!(:forget_me) - @<%= file_name %>.stub!(:remember_token).and_return(token_value) - @<%= file_name %>.stub!(:remember_token_expires_at).and_return(token_expiry) - @<%= file_name %>.stub!(:remember_token?).and_return(has_request_token == :valid) - if want_remember_me - @login_params[:remember_me] = '1' - else - @login_params[:remember_me] = '0' - end - end - it "kills existing login" do controller.should_receive(:logout_keeping_session!); do_create; end - it "authorizes me" do do_create; controller.send(:authorized?).should be_true; end - it "logs me in" do do_create; controller.send(:logged_in?).should be_true end - it "greets me nicely" do do_create; response.flash[:notice].should =~ /success/i end - it "sets/resets/expires cookie" do controller.should_receive(:handle_remember_cookie!).with(want_remember_me); do_create end - it "sends a cookie" do controller.should_receive(:send_remember_cookie!); do_create end - it 'redirects to the home page' do do_create; response.should redirect_to('/') end - it "does not reset my session" do controller.should_not_receive(:reset_session).and_return nil; do_create end # change if you uncomment the reset_session path - if (has_request_token == :valid) - it 'does not make new token' do @<%= file_name %>.should_not_receive(:remember_me); do_create end - it 'does refresh token' do @<%= file_name %>.should_receive(:refresh_token); do_create end - it "sets an auth cookie" do do_create; end - else - if want_remember_me - it 'makes a new token' do @<%= file_name %>.should_receive(:remember_me); do_create end - it "does not refresh token" do @<%= file_name %>.should_not_receive(:refresh_token); do_create end - it "sets an auth cookie" do do_create; end - else - it 'does not make new token' do @<%= file_name %>.should_not_receive(:remember_me); do_create end - it 'does not refresh token' do @<%= file_name %>.should_not_receive(:refresh_token); do_create end - it 'kills user token' do @<%= file_name %>.should_receive(:forget_me); do_create end - end - end - end # inner describe - end - end - end - end - - describe "on failed login" do - before do - <%= class_name %>.should_receive(:authenticate).with(anything(), anything()).and_return(nil) - login_as :quentin - end - it 'logs out keeping session' do controller.should_receive(:logout_keeping_session!); do_create end - it 'flashes an error' do do_create; flash[:error].should =~ /Couldn't log you in as 'quentin'/ end - it 'renders the log in page' do do_create; response.should render_template('new') end - it "doesn't log me in" do do_create; controller.send(:logged_in?).should == false end - it "doesn't send password back" do - @login_params[:password] = 'FROBNOZZ' - do_create - response.should_not have_text(/FROBNOZZ/i) - end - end - - describe "on signout" do - def do_destroy - get :destroy - end - before do - login_as :quentin - end - it 'logs me out' do controller.should_receive(:logout_killing_session!); do_destroy end - it 'redirects me to the home page' do do_destroy; response.should be_redirect end - end - -end - -describe <%= controller_class_name %>Controller do - describe "route generation" do - it "should route the new <%= controller_controller_name %> action correctly" do - route_for(:controller => '<%= controller_controller_name %>', :action => 'new').should == "/login" - end - it "should route the create <%= controller_controller_name %> correctly" do - route_for(:controller => '<%= controller_controller_name %>', :action => 'create').should == "/<%= controller_routing_path %>" - end - it "should route the destroy <%= controller_controller_name %> action correctly" do - route_for(:controller => '<%= controller_controller_name %>', :action => 'destroy').should == "/logout" - end - end - - describe "route recognition" do - it "should generate params from GET /login correctly" do - params_from(:get, '/login').should == {:controller => '<%= controller_controller_name %>', :action => 'new'} - end - it "should generate params from POST /<%= controller_routing_path %> correctly" do - params_from(:post, '/<%= controller_routing_path %>').should == {:controller => '<%= controller_controller_name %>', :action => 'create'} - end - it "should generate params from DELETE /<%= controller_routing_path %> correctly" do - params_from(:delete, '/logout').should == {:controller => '<%= controller_controller_name %>', :action => 'destroy'} - end - end - - describe "named routing" do - before(:each) do - get :new - end - it "should route <%= controller_routing_name %>_path() correctly" do - <%= controller_routing_name %>_path().should == "/<%= controller_routing_path %>" - end - it "should route new_<%= controller_routing_name %>_path() correctly" do - new_<%= controller_routing_name %>_path().should == "/<%= controller_routing_path %>/new" - end - end - -end diff --git a/vendor/plugins/restful-authentication/generators/authenticated/templates/spec/controllers/users_controller_spec.rb b/vendor/plugins/restful-authentication/generators/authenticated/templates/spec/controllers/users_controller_spec.rb deleted file mode 100644 index 5cf3cd7..0000000 --- a/vendor/plugins/restful-authentication/generators/authenticated/templates/spec/controllers/users_controller_spec.rb +++ /dev/null @@ -1,198 +0,0 @@ -require File.dirname(__FILE__) + '<%= ('/..'*model_controller_class_nesting_depth) + '/../spec_helper' %>' - -# Be sure to include AuthenticatedTestHelper in spec/spec_helper.rb instead -# Then, you can remove it from this and the units test. -include AuthenticatedTestHelper - -describe <%= model_controller_class_name %>Controller do - fixtures :<%= table_name %> - - it 'allows signup' do - lambda do - create_<%= file_name %> - response.should be_redirect - end.should change(<%= class_name %>, :count).by(1) - end - - <% if options[:stateful] %> - it 'signs up user in pending state' do - create_<%= file_name %> - assigns(:<%= file_name %>).reload - assigns(:<%= file_name %>).should be_pending - end<% end %> - -<% if options[:include_activation] -%> - it 'signs up user with activation code' do - create_<%= file_name %> - assigns(:<%= file_name %>).reload - assigns(:<%= file_name %>).activation_code.should_not be_nil - end<% end -%> - - it 'requires login on signup' do - lambda do - create_<%= file_name %>(:login => nil) - assigns[:<%= file_name %>].errors.on(:login).should_not be_nil - response.should be_success - end.should_not change(<%= class_name %>, :count) - end - - it 'requires password on signup' do - lambda do - create_<%= file_name %>(:password => nil) - assigns[:<%= file_name %>].errors.on(:password).should_not be_nil - response.should be_success - end.should_not change(<%= class_name %>, :count) - end - - it 'requires password confirmation on signup' do - lambda do - create_<%= file_name %>(:password_confirmation => nil) - assigns[:<%= file_name %>].errors.on(:password_confirmation).should_not be_nil - response.should be_success - end.should_not change(<%= class_name %>, :count) - end - - it 'requires email on signup' do - lambda do - create_<%= file_name %>(:email => nil) - assigns[:<%= file_name %>].errors.on(:email).should_not be_nil - response.should be_success - end.should_not change(<%= class_name %>, :count) - end - - <% if options[:include_activation] %> - it 'activates user' do - <%= class_name %>.authenticate('aaron', 'monkey').should be_nil - get :activate, :activation_code => <%= table_name %>(:aaron).activation_code - response.should redirect_to('/login') - flash[:notice].should_not be_nil - flash[:error ].should be_nil - <%= class_name %>.authenticate('aaron', 'monkey').should == <%= table_name %>(:aaron) - end - - it 'does not activate user without key' do - get :activate - flash[:notice].should be_nil - flash[:error ].should_not be_nil - end - - it 'does not activate user with blank key' do - get :activate, :activation_code => '' - flash[:notice].should be_nil - flash[:error ].should_not be_nil - end - - it 'does not activate user with bogus key' do - get :activate, :activation_code => 'i_haxxor_joo' - flash[:notice].should be_nil - flash[:error ].should_not be_nil - end<% end %> - - def create_<%= file_name %>(options = {}) - post :create, :<%= file_name %> => { :login => 'quire', :email => 'quire@example.com', - :password => 'quire69', :password_confirmation => 'quire69' }.merge(options) - end -end - -describe <%= model_controller_class_name %>Controller do - describe "route generation" do - it "should route <%= model_controller_controller_name %>'s 'index' action correctly" do - route_for(:controller => '<%= model_controller_controller_name %>', :action => 'index').should == "/<%= model_controller_routing_path %>" - end - - it "should route <%= model_controller_controller_name %>'s 'new' action correctly" do - route_for(:controller => '<%= model_controller_controller_name %>', :action => 'new').should == "/signup" - end - - it "should route {:controller => '<%= model_controller_controller_name %>', :action => 'create'} correctly" do - route_for(:controller => '<%= model_controller_controller_name %>', :action => 'create').should == "/register" - end - - it "should route <%= model_controller_controller_name %>'s 'show' action correctly" do - route_for(:controller => '<%= model_controller_controller_name %>', :action => 'show', :id => '1').should == "/<%= model_controller_routing_path %>/1" - end - - it "should route <%= model_controller_controller_name %>'s 'edit' action correctly" do - route_for(:controller => '<%= model_controller_controller_name %>', :action => 'edit', :id => '1').should == "/<%= model_controller_routing_path %>/1/edit" - end - - it "should route <%= model_controller_controller_name %>'s 'update' action correctly" do - route_for(:controller => '<%= model_controller_controller_name %>', :action => 'update', :id => '1').should == "/<%= model_controller_routing_path %>/1" - end - - it "should route <%= model_controller_controller_name %>'s 'destroy' action correctly" do - route_for(:controller => '<%= model_controller_controller_name %>', :action => 'destroy', :id => '1').should == "/<%= model_controller_routing_path %>/1" - end - end - - describe "route recognition" do - it "should generate params for <%= model_controller_controller_name %>'s index action from GET /<%= model_controller_routing_path %>" do - params_from(:get, '/<%= model_controller_routing_path %>').should == {:controller => '<%= model_controller_controller_name %>', :action => 'index'} - params_from(:get, '/<%= model_controller_routing_path %>.xml').should == {:controller => '<%= model_controller_controller_name %>', :action => 'index', :format => 'xml'} - params_from(:get, '/<%= model_controller_routing_path %>.json').should == {:controller => '<%= model_controller_controller_name %>', :action => 'index', :format => 'json'} - end - - it "should generate params for <%= model_controller_controller_name %>'s new action from GET /<%= model_controller_routing_path %>" do - params_from(:get, '/<%= model_controller_routing_path %>/new').should == {:controller => '<%= model_controller_controller_name %>', :action => 'new'} - params_from(:get, '/<%= model_controller_routing_path %>/new.xml').should == {:controller => '<%= model_controller_controller_name %>', :action => 'new', :format => 'xml'} - params_from(:get, '/<%= model_controller_routing_path %>/new.json').should == {:controller => '<%= model_controller_controller_name %>', :action => 'new', :format => 'json'} - end - - it "should generate params for <%= model_controller_controller_name %>'s create action from POST /<%= model_controller_routing_path %>" do - params_from(:post, '/<%= model_controller_routing_path %>').should == {:controller => '<%= model_controller_controller_name %>', :action => 'create'} - params_from(:post, '/<%= model_controller_routing_path %>.xml').should == {:controller => '<%= model_controller_controller_name %>', :action => 'create', :format => 'xml'} - params_from(:post, '/<%= model_controller_routing_path %>.json').should == {:controller => '<%= model_controller_controller_name %>', :action => 'create', :format => 'json'} - end - - it "should generate params for <%= model_controller_controller_name %>'s show action from GET /<%= model_controller_routing_path %>/1" do - params_from(:get , '/<%= model_controller_routing_path %>/1').should == {:controller => '<%= model_controller_controller_name %>', :action => 'show', :id => '1'} - params_from(:get , '/<%= model_controller_routing_path %>/1.xml').should == {:controller => '<%= model_controller_controller_name %>', :action => 'show', :id => '1', :format => 'xml'} - params_from(:get , '/<%= model_controller_routing_path %>/1.json').should == {:controller => '<%= model_controller_controller_name %>', :action => 'show', :id => '1', :format => 'json'} - end - - it "should generate params for <%= model_controller_controller_name %>'s edit action from GET /<%= model_controller_routing_path %>/1/edit" do - params_from(:get , '/<%= model_controller_routing_path %>/1/edit').should == {:controller => '<%= model_controller_controller_name %>', :action => 'edit', :id => '1'} - end - - it "should generate params {:controller => '<%= model_controller_controller_name %>', :action => update', :id => '1'} from PUT /<%= model_controller_routing_path %>/1" do - params_from(:put , '/<%= model_controller_routing_path %>/1').should == {:controller => '<%= model_controller_controller_name %>', :action => 'update', :id => '1'} - params_from(:put , '/<%= model_controller_routing_path %>/1.xml').should == {:controller => '<%= model_controller_controller_name %>', :action => 'update', :id => '1', :format => 'xml'} - params_from(:put , '/<%= model_controller_routing_path %>/1.json').should == {:controller => '<%= model_controller_controller_name %>', :action => 'update', :id => '1', :format => 'json'} - end - - it "should generate params for <%= model_controller_controller_name %>'s destroy action from DELETE /<%= model_controller_routing_path %>/1" do - params_from(:delete, '/<%= model_controller_routing_path %>/1').should == {:controller => '<%= model_controller_controller_name %>', :action => 'destroy', :id => '1'} - params_from(:delete, '/<%= model_controller_routing_path %>/1.xml').should == {:controller => '<%= model_controller_controller_name %>', :action => 'destroy', :id => '1', :format => 'xml'} - params_from(:delete, '/<%= model_controller_routing_path %>/1.json').should == {:controller => '<%= model_controller_controller_name %>', :action => 'destroy', :id => '1', :format => 'json'} - end - end - - describe "named routing" do - before(:each) do - get :new - end - - it "should route <%= model_controller_routing_name %>_path() to /<%= model_controller_routing_path %>" do - <%= model_controller_routing_name %>_path().should == "/<%= model_controller_routing_path %>" - formatted_<%= model_controller_routing_name %>_path(:format => 'xml').should == "/<%= model_controller_routing_path %>.xml" - formatted_<%= model_controller_routing_name %>_path(:format => 'json').should == "/<%= model_controller_routing_path %>.json" - end - - it "should route new_<%= model_controller_routing_name.singularize %>_path() to /<%= model_controller_routing_path %>/new" do - new_<%= model_controller_routing_name.singularize %>_path().should == "/<%= model_controller_routing_path %>/new" - formatted_new_<%= model_controller_routing_name.singularize %>_path(:format => 'xml').should == "/<%= model_controller_routing_path %>/new.xml" - formatted_new_<%= model_controller_routing_name.singularize %>_path(:format => 'json').should == "/<%= model_controller_routing_path %>/new.json" - end - - it "should route <%= model_controller_routing_name.singularize %>_(:id => '1') to /<%= model_controller_routing_path %>/1" do - <%= model_controller_routing_name.singularize %>_path(:id => '1').should == "/<%= model_controller_routing_path %>/1" - formatted_<%= model_controller_routing_name.singularize %>_path(:id => '1', :format => 'xml').should == "/<%= model_controller_routing_path %>/1.xml" - formatted_<%= model_controller_routing_name.singularize %>_path(:id => '1', :format => 'json').should == "/<%= model_controller_routing_path %>/1.json" - end - - it "should route edit_<%= model_controller_routing_name.singularize %>_path(:id => '1') to /<%= model_controller_routing_path %>/1/edit" do - edit_<%= model_controller_routing_name.singularize %>_path(:id => '1').should == "/<%= model_controller_routing_path %>/1/edit" - end - end - -end diff --git a/vendor/plugins/restful-authentication/generators/authenticated/templates/spec/fixtures/users.yml b/vendor/plugins/restful-authentication/generators/authenticated/templates/spec/fixtures/users.yml deleted file mode 100644 index 3d711fe..0000000 --- a/vendor/plugins/restful-authentication/generators/authenticated/templates/spec/fixtures/users.yml +++ /dev/null @@ -1,60 +0,0 @@ -<% - ## this code must match that in templates/model.rb - require 'digest/sha1' - def make_fake_token - @fake_token_counter ||= 0 - @fake_token_counter += 1 - Digest::SHA1.hexdigest(@fake_token_counter.to_s) - end - salts = (1..2).map{ make_fake_token } - passwds = salts.map{ |salt| password_digest('monkey', salt) } --%> - -quentin: - id: 1 - login: quentin - email: quentin@example.com - salt: <%= salts[0] %> # SHA1('0') - crypted_password: <%= passwds[0] %> # 'monkey' - created_at: <%%= 5.days.ago.to_s :db %> - remember_token_expires_at: <%%= 1.days.from_now.to_s %> - remember_token: <%= make_fake_token %> -<% if options[:include_activation] -%> - activation_code: - activated_at: <%%= 5.days.ago.to_s :db %> -<% end -%> -<% if options[:stateful] -%> - state: active -<% end -%> - -aaron: - id: 2 - login: aaron - email: aaron@example.com - salt: <%= salts[1] %> # SHA1('1') - crypted_password: <%= passwds[1] %> # 'monkey' - created_at: <%%= 1.days.ago.to_s :db %> - remember_token_expires_at: - remember_token: -<% if options[:include_activation] -%> - activation_code: <%= make_fake_token %> - activated_at: -<% end -%> -<% if options[:stateful] %> - state: pending -<% end -%> - - -old_password_holder: - id: 3 - login: old_password_holder - email: salty_dog@example.com - salt: 7e3041ebc2fc05a40c60028e2c4901a81035d3cd - crypted_password: 00742970dc9e6319f8019fd54864d3ea740f04b1 # test - created_at: <%%= 1.days.ago.to_s :db %> -<% if options[:include_activation] %> - activation_code: - activated_at: <%%= 5.days.ago.to_s :db %> -<% end %> -<% if options[:stateful] %> - state: active<% end %> diff --git a/vendor/plugins/restful-authentication/generators/authenticated/templates/spec/helpers/users_helper_spec.rb b/vendor/plugins/restful-authentication/generators/authenticated/templates/spec/helpers/users_helper_spec.rb deleted file mode 100644 index f7b09e8..0000000 --- a/vendor/plugins/restful-authentication/generators/authenticated/templates/spec/helpers/users_helper_spec.rb +++ /dev/null @@ -1,141 +0,0 @@ -require File.dirname(__FILE__) + '<%= ('/..'*model_controller_class_nesting_depth) + '/../spec_helper' %>' -include ApplicationHelper -include <%= model_controller_class_name %>Helper -include AuthenticatedTestHelper - -describe <%= model_controller_class_name %>Helper do - before do - @<%= file_name %> = mock_<%= file_name %> - end - - describe "if_authorized" do - it "yields if authorized" do - should_receive(:authorized?).with('a','r').and_return(true) - if_authorized?('a','r'){|action,resource| [action,resource,'hi'] }.should == ['a','r','hi'] - end - it "does nothing if not authorized" do - should_receive(:authorized?).with('a','r').and_return(false) - if_authorized?('a','r'){ 'hi' }.should be_nil - end - end - - describe "link_to_<%= file_name %>" do - it "should give an error on a nil <%= file_name %>" do - lambda { link_to_<%= file_name %>(nil) }.should raise_error('Invalid <%= file_name %>') - end - it "should link to the given <%= file_name %>" do - should_receive(:<%= model_controller_routing_name.singularize %>_path).at_least(:once).and_return('/<%= model_controller_file_path %>/1') - link_to_<%= file_name %>(@<%= file_name %>).should have_tag("a[href='/<%= model_controller_file_path %>/1']") - end - it "should use given link text if :content_text is specified" do - link_to_<%= file_name %>(@<%= file_name %>, :content_text => 'Hello there!').should have_tag("a", 'Hello there!') - end - it "should use the login as link text with no :content_method specified" do - link_to_<%= file_name %>(@<%= file_name %>).should have_tag("a", 'user_name') - end - it "should use the name as link text with :content_method => :name" do - link_to_<%= file_name %>(@<%= file_name %>, :content_method => :name).should have_tag("a", 'U. Surname') - end - it "should use the login as title with no :title_method specified" do - link_to_<%= file_name %>(@<%= file_name %>).should have_tag("a[title='user_name']") - end - it "should use the name as link title with :content_method => :name" do - link_to_<%= file_name %>(@<%= file_name %>, :title_method => :name).should have_tag("a[title='U. Surname']") - end - it "should have nickname as a class by default" do - link_to_<%= file_name %>(@<%= file_name %>).should have_tag("a.nickname") - end - it "should take other classes and no longer have the nickname class" do - result = link_to_<%= file_name %>(@<%= file_name %>, :class => 'foo bar') - result.should have_tag("a.foo") - result.should have_tag("a.bar") - end - end - - describe "link_to_login_with_IP" do - it "should link to the login_path" do - link_to_login_with_IP().should have_tag("a[href='/login']") - end - it "should use given link text if :content_text is specified" do - link_to_login_with_IP('Hello there!').should have_tag("a", 'Hello there!') - end - it "should use the login as link text with no :content_method specified" do - link_to_login_with_IP().should have_tag("a", '0.0.0.0') - end - it "should use the ip address as title" do - link_to_login_with_IP().should have_tag("a[title='0.0.0.0']") - end - it "should by default be like school in summer and have no class" do - link_to_login_with_IP().should_not have_tag("a.nickname") - end - it "should have some class if you tell it to" do - result = link_to_login_with_IP(nil, :class => 'foo bar') - result.should have_tag("a.foo") - result.should have_tag("a.bar") - end - it "should have some class if you tell it to" do - result = link_to_login_with_IP(nil, :tag => 'abbr') - result.should have_tag("abbr[title='0.0.0.0']") - end - end - - describe "link_to_current_<%= file_name %>, When logged in" do - before do - stub!(:current_<%= file_name %>).and_return(@<%= file_name %>) - end - it "should link to the given <%= file_name %>" do - should_receive(:<%= model_controller_routing_name.singularize %>_path).at_least(:once).and_return('/<%= model_controller_file_path %>/1') - link_to_current_<%= file_name %>().should have_tag("a[href='/<%= model_controller_file_path %>/1']") - end - it "should use given link text if :content_text is specified" do - link_to_current_<%= file_name %>(:content_text => 'Hello there!').should have_tag("a", 'Hello there!') - end - it "should use the login as link text with no :content_method specified" do - link_to_current_<%= file_name %>().should have_tag("a", 'user_name') - end - it "should use the name as link text with :content_method => :name" do - link_to_current_<%= file_name %>(:content_method => :name).should have_tag("a", 'U. Surname') - end - it "should use the login as title with no :title_method specified" do - link_to_current_<%= file_name %>().should have_tag("a[title='user_name']") - end - it "should use the name as link title with :content_method => :name" do - link_to_current_<%= file_name %>(:title_method => :name).should have_tag("a[title='U. Surname']") - end - it "should have nickname as a class" do - link_to_current_<%= file_name %>().should have_tag("a.nickname") - end - it "should take other classes and no longer have the nickname class" do - result = link_to_current_<%= file_name %>(:class => 'foo bar') - result.should have_tag("a.foo") - result.should have_tag("a.bar") - end - end - - describe "link_to_current_<%= file_name %>, When logged out" do - before do - stub!(:current_<%= file_name %>).and_return(nil) - end - it "should link to the login_path" do - link_to_current_<%= file_name %>().should have_tag("a[href='/login']") - end - it "should use given link text if :content_text is specified" do - link_to_current_<%= file_name %>(:content_text => 'Hello there!').should have_tag("a", 'Hello there!') - end - it "should use 'not signed in' as link text with no :content_method specified" do - link_to_current_<%= file_name %>().should have_tag("a", 'not signed in') - end - it "should use the ip address as title" do - link_to_current_<%= file_name %>().should have_tag("a[title='0.0.0.0']") - end - it "should by default be like school in summer and have no class" do - link_to_current_<%= file_name %>().should_not have_tag("a.nickname") - end - it "should have some class if you tell it to" do - result = link_to_current_<%= file_name %>(:class => 'foo bar') - result.should have_tag("a.foo") - result.should have_tag("a.bar") - end - end - -end diff --git a/vendor/plugins/restful-authentication/generators/authenticated/templates/spec/models/user_spec.rb b/vendor/plugins/restful-authentication/generators/authenticated/templates/spec/models/user_spec.rb deleted file mode 100644 index 5029d0c..0000000 --- a/vendor/plugins/restful-authentication/generators/authenticated/templates/spec/models/user_spec.rb +++ /dev/null @@ -1,290 +0,0 @@ -# -*- coding: utf-8 -*- -require File.dirname(__FILE__) + '<%= ('/..'*model_controller_class_nesting_depth) + '/../spec_helper' %>' - -# Be sure to include AuthenticatedTestHelper in spec/spec_helper.rb instead. -# Then, you can remove it from this and the functional test. -include AuthenticatedTestHelper - -describe <%= class_name %> do - fixtures :<%= table_name %> - - describe 'being created' do - before do - @<%= file_name %> = nil - @creating_<%= file_name %> = lambda do - @<%= file_name %> = create_<%= file_name %> - violated "#{@<%= file_name %>.errors.full_messages.to_sentence}" if @<%= file_name %>.new_record? - end - end - - it 'increments <%= class_name %>#count' do - @creating_<%= file_name %>.should change(<%= class_name %>, :count).by(1) - end -<% if options[:include_activation] %> - it 'initializes #activation_code' do - @creating_<%= file_name %>.call - @<%= file_name %>.reload - @<%= file_name %>.activation_code.should_not be_nil - end -<% end %><% if options[:stateful] %> - it 'starts in pending state' do - @creating_<%= file_name %>.call - @<%= file_name %>.reload - @<%= file_name %>.should be_pending - end -<% end %> end - - # - # Validations - # - - it 'requires login' do - lambda do - u = create_<%= file_name %>(:login => nil) - u.errors.on(:login).should_not be_nil - end.should_not change(<%= class_name %>, :count) - end - - describe 'allows legitimate logins:' do - ['123', '1234567890_234567890_234567890_234567890', - 'hello.-_there@funnychar.com'].each do |login_str| - it "'#{login_str}'" do - lambda do - u = create_<%= file_name %>(:login => login_str) - u.errors.on(:login).should be_nil - end.should change(<%= class_name %>, :count).by(1) - end - end - end - describe 'disallows illegitimate logins:' do - ['12', '1234567890_234567890_234567890_234567890_', "tab\t", "newline\n", - "Iñtërnâtiônàlizætiøn hasn't happened to ruby 1.8 yet", - 'semicolon;', 'quote"', 'tick\'', 'backtick`', 'percent%', 'plus+', 'space '].each do |login_str| - it "'#{login_str}'" do - lambda do - u = create_<%= file_name %>(:login => login_str) - u.errors.on(:login).should_not be_nil - end.should_not change(<%= class_name %>, :count) - end - end - end - - it 'requires password' do - lambda do - u = create_<%= file_name %>(:password => nil) - u.errors.on(:password).should_not be_nil - end.should_not change(<%= class_name %>, :count) - end - - it 'requires password confirmation' do - lambda do - u = create_<%= file_name %>(:password_confirmation => nil) - u.errors.on(:password_confirmation).should_not be_nil - end.should_not change(<%= class_name %>, :count) - end - - it 'requires email' do - lambda do - u = create_<%= file_name %>(:email => nil) - u.errors.on(:email).should_not be_nil - end.should_not change(<%= class_name %>, :count) - end - - describe 'allows legitimate emails:' do - ['foo@bar.com', 'foo@newskool-tld.museum', 'foo@twoletter-tld.de', 'foo@nonexistant-tld.qq', - 'r@a.wk', '1234567890-234567890-234567890-234567890-234567890-234567890-234567890-234567890-234567890@gmail.com', - 'hello.-_there@funnychar.com', 'uucp%addr@gmail.com', 'hello+routing-str@gmail.com', - 'domain@can.haz.many.sub.doma.in', 'student.name@university.edu' - ].each do |email_str| - it "'#{email_str}'" do - lambda do - u = create_<%= file_name %>(:email => email_str) - u.errors.on(:email).should be_nil - end.should change(<%= class_name %>, :count).by(1) - end - end - end - describe 'disallows illegitimate emails' do - ['!!@nobadchars.com', 'foo@no-rep-dots..com', 'foo@badtld.xxx', 'foo@toolongtld.abcdefg', - 'Iñtërnâtiônàlizætiøn@hasnt.happened.to.email', 'need.domain.and.tld@de', "tab\t", "newline\n", - 'r@.wk', '1234567890-234567890-234567890-234567890-234567890-234567890-234567890-234567890-234567890@gmail2.com', - # these are technically allowed but not seen in practice: - 'uucp!addr@gmail.com', 'semicolon;@gmail.com', 'quote"@gmail.com', 'tick\'@gmail.com', 'backtick`@gmail.com', 'space @gmail.com', 'bracket<@gmail.com', 'bracket>@gmail.com' - ].each do |email_str| - it "'#{email_str}'" do - lambda do - u = create_<%= file_name %>(:email => email_str) - u.errors.on(:email).should_not be_nil - end.should_not change(<%= class_name %>, :count) - end - end - end - - describe 'allows legitimate names:' do - ['Andre The Giant (7\'4", 520 lb.) -- has a posse', - '', '1234567890_234567890_234567890_234567890_234567890_234567890_234567890_234567890_234567890_234567890', - ].each do |name_str| - it "'#{name_str}'" do - lambda do - u = create_<%= file_name %>(:name => name_str) - u.errors.on(:name).should be_nil - end.should change(<%= class_name %>, :count).by(1) - end - end - end - describe "disallows illegitimate names" do - ["tab\t", "newline\n", - '1234567890_234567890_234567890_234567890_234567890_234567890_234567890_234567890_234567890_234567890_', - ].each do |name_str| - it "'#{name_str}'" do - lambda do - u = create_<%= file_name %>(:name => name_str) - u.errors.on(:name).should_not be_nil - end.should_not change(<%= class_name %>, :count) - end - end - end - - it 'resets password' do - <%= table_name %>(:quentin).update_attributes(:password => 'new password', :password_confirmation => 'new password') - <%= class_name %>.authenticate('quentin', 'new password').should == <%= table_name %>(:quentin) - end - - it 'does not rehash password' do - <%= table_name %>(:quentin).update_attributes(:login => 'quentin2') - <%= class_name %>.authenticate('quentin2', 'monkey').should == <%= table_name %>(:quentin) - end - - # - # Authentication - # - - it 'authenticates <%= file_name %>' do - <%= class_name %>.authenticate('quentin', 'monkey').should == <%= table_name %>(:quentin) - end - - it "doesn't authenticate <%= file_name %> with bad password" do - <%= class_name %>.authenticate('quentin', 'invalid_password').should be_nil - end - - if REST_AUTH_SITE_KEY.blank? - # old-school passwords - it "authenticates a user against a hard-coded old-style password" do - <%= class_name %>.authenticate('old_password_holder', 'test').should == <%= table_name %>(:old_password_holder) - end - else - it "doesn't authenticate a user against a hard-coded old-style password" do - <%= class_name %>.authenticate('old_password_holder', 'test').should be_nil - end - - # New installs should bump this up and set REST_AUTH_DIGEST_STRETCHES to give a 10ms encrypt time or so - desired_encryption_expensiveness_ms = 0.1 - it "takes longer than #{desired_encryption_expensiveness_ms}ms to encrypt a password" do - test_reps = 100 - start_time = Time.now; test_reps.times{ <%= class_name %>.authenticate('quentin', 'monkey'+rand.to_s) }; end_time = Time.now - auth_time_ms = 1000 * (end_time - start_time)/test_reps - auth_time_ms.should > desired_encryption_expensiveness_ms - end - end - - # - # Authentication - # - - it 'sets remember token' do - <%= table_name %>(:quentin).remember_me - <%= table_name %>(:quentin).remember_token.should_not be_nil - <%= table_name %>(:quentin).remember_token_expires_at.should_not be_nil - end - - it 'unsets remember token' do - <%= table_name %>(:quentin).remember_me - <%= table_name %>(:quentin).remember_token.should_not be_nil - <%= table_name %>(:quentin).forget_me - <%= table_name %>(:quentin).remember_token.should be_nil - end - - it 'remembers me for one week' do - before = 1.week.from_now.utc - <%= table_name %>(:quentin).remember_me_for 1.week - after = 1.week.from_now.utc - <%= table_name %>(:quentin).remember_token.should_not be_nil - <%= table_name %>(:quentin).remember_token_expires_at.should_not be_nil - <%= table_name %>(:quentin).remember_token_expires_at.between?(before, after).should be_true - end - - it 'remembers me until one week' do - time = 1.week.from_now.utc - <%= table_name %>(:quentin).remember_me_until time - <%= table_name %>(:quentin).remember_token.should_not be_nil - <%= table_name %>(:quentin).remember_token_expires_at.should_not be_nil - <%= table_name %>(:quentin).remember_token_expires_at.should == time - end - - it 'remembers me default two weeks' do - before = 2.weeks.from_now.utc - <%= table_name %>(:quentin).remember_me - after = 2.weeks.from_now.utc - <%= table_name %>(:quentin).remember_token.should_not be_nil - <%= table_name %>(:quentin).remember_token_expires_at.should_not be_nil - <%= table_name %>(:quentin).remember_token_expires_at.between?(before, after).should be_true - end -<% if options[:stateful] %> - it 'registers passive <%= file_name %>' do - <%= file_name %> = create_<%= file_name %>(:password => nil, :password_confirmation => nil) - <%= file_name %>.should be_passive - <%= file_name %>.update_attributes(:password => 'new password', :password_confirmation => 'new password') - <%= file_name %>.register! - <%= file_name %>.should be_pending - end - - it 'suspends <%= file_name %>' do - <%= table_name %>(:quentin).suspend! - <%= table_name %>(:quentin).should be_suspended - end - - it 'does not authenticate suspended <%= file_name %>' do - <%= table_name %>(:quentin).suspend! - <%= class_name %>.authenticate('quentin', 'monkey').should_not == <%= table_name %>(:quentin) - end - - it 'deletes <%= file_name %>' do - <%= table_name %>(:quentin).deleted_at.should be_nil - <%= table_name %>(:quentin).delete! - <%= table_name %>(:quentin).deleted_at.should_not be_nil - <%= table_name %>(:quentin).should be_deleted - end - - describe "being unsuspended" do - fixtures :<%= table_name %> - - before do - @<%= file_name %> = <%= table_name %>(:quentin) - @<%= file_name %>.suspend! - end - - it 'reverts to active state' do - @<%= file_name %>.unsuspend! - @<%= file_name %>.should be_active - end - - it 'reverts to passive state if activation_code and activated_at are nil' do - <%= class_name %>.update_all :activation_code => nil, :activated_at => nil - @<%= file_name %>.reload.unsuspend! - @<%= file_name %>.should be_passive - end - - it 'reverts to pending state if activation_code is set and activated_at is nil' do - <%= class_name %>.update_all :activation_code => 'foo-bar', :activated_at => nil - @<%= file_name %>.reload.unsuspend! - @<%= file_name %>.should be_pending - end - end -<% end %> -protected - def create_<%= file_name %>(options = {}) - record = <%= class_name %>.new({ :login => 'quire', :email => 'quire@example.com', :password => 'quire69', :password_confirmation => 'quire69' }.merge(options)) - record.<% if options[:stateful] %>register! if record.valid?<% else %>save<% end %> - record - end -end diff --git a/vendor/plugins/restful-authentication/generators/authenticated/templates/stories/rest_auth_stories.rb b/vendor/plugins/restful-authentication/generators/authenticated/templates/stories/rest_auth_stories.rb deleted file mode 100755 index f2ec3f9..0000000 --- a/vendor/plugins/restful-authentication/generators/authenticated/templates/stories/rest_auth_stories.rb +++ /dev/null @@ -1,22 +0,0 @@ -#!/usr/bin/env ruby -ENV["RAILS_ENV"] = "test" -require File.expand_path(File.dirname(__FILE__) + "/../config/environment") -require 'spec/rails/story_adapter' -require 'spec/story' -require File.expand_path(File.dirname(__FILE__) + "/rest_auth_stories_helper.rb") - -# Make visible for testing -ApplicationController.send(:public, :logged_in?, :current_user, :authorized?) - -this_dir = File.dirname(__FILE__) -Dir[File.join(this_dir, "steps/*.rb")].each do |file| - puts file.to_s - require file -end - -with_steps_for :ra_navigation, :ra_response, :ra_resource, :<%= file_name %> do - story_files = Dir[File.join(this_dir, "<%= table_name %>", '*.story')] - story_files.each do |file| - run file, :type => RailsStory - end -end diff --git a/vendor/plugins/restful-authentication/generators/authenticated/templates/stories/rest_auth_stories_helper.rb b/vendor/plugins/restful-authentication/generators/authenticated/templates/stories/rest_auth_stories_helper.rb deleted file mode 100644 index e725e98..0000000 --- a/vendor/plugins/restful-authentication/generators/authenticated/templates/stories/rest_auth_stories_helper.rb +++ /dev/null @@ -1,81 +0,0 @@ -# If you have a global stories helper, move this line there: -include AuthenticatedTestHelper - -# Most of the below came out of code from Ben Mabey -# http://www.benmabey.com/2008/02/04/rspec-plain-text-stories-webrat-chunky-bacon/ - -# These allow exceptions to come through as opposed to being caught and having non-helpful responses returned. -ActionController::Base.class_eval do - def perform_action - perform_action_without_rescue - end -end -Dispatcher.class_eval do - def self.failsafe_response(output, status, exception = nil) - raise exception - end -end - -# -# Sugar for turning a story's attribute list into list, array, etc. -# -module ToFooFromStory - def ToFooFromStory.fix_key key - key.downcase.gsub(/\s+/, '_') - end - def ToFooFromStory.fix_value value - return '' if !value - value.strip! - case - when value =~ /^'(.*)'$/ then value = $1 - when value =~ /^"(.*)"$/ then value = $1 - when value == 'nil!' then value = nil - when value == 'non-nil!' then value = be_nil - when value =~ /^#\{(.*)\}$/ then value = eval($1) - end - value - end - # Converts a key: value list found in the steps into a hash. - # Example: - # ISBN: '0967539854' and comment: 'I love this book' and Quality rating: '4' - # # => {"quality_rating"=>"4", "isbn"=>"0967539854", "comment"=>"I love this book"} - def to_hash_from_story - hsh = self.split(/,? and |, /).inject({}) do |hash_so_far, key_value| - key, value = key_value.split(":") - if !value then warn "Couldn't understand story '#{self}': only understood up to the part '#{hash_so_far.to_yaml}'" end - hash_so_far.merge(ToFooFromStory::fix_key(key) => ToFooFromStory::fix_value(value)) - end - end - # Coverts an attribute list found in the steps into an array - # Example: - # login, email, updated_at, and gravatar - # # => ['login', 'email', 'updated_at', 'gravatar'] - def to_array_from_story - self.split(/,? and |, /).map do |value| - ToFooFromStory::fix_value(value) - end - end -end -class String - include ToFooFromStory -end - -def instantize(string) - instance_variable_get("@#{string}") -end - -# -# Spew response onto screen -- painful but scrolling >> debugger -# -def dump_response - # note that @request and @template won't to_yaml and that @session includes @cgi - response_methods = response.instance_variables - ['@request', '@template', '@cgi'] - request_methods = response.request.instance_variables - ['@session_options_with_string_keys', '@cgi', '@session'] - response_methods.map!{|attr| attr.gsub(/^@/,'')}.sort! - request_methods.map!{ |attr| attr.gsub(/^@/,'')}.sort! - puts '', '*' * 75, - response.instance_values.slice(*response_methods).to_yaml, - "*" * 75, '', - response.request.instance_values.slice(*request_methods).to_yaml, - "*" * 75, '' -end diff --git a/vendor/plugins/restful-authentication/generators/authenticated/templates/stories/steps/ra_navigation_steps.rb b/vendor/plugins/restful-authentication/generators/authenticated/templates/stories/steps/ra_navigation_steps.rb deleted file mode 100644 index 4ee361c..0000000 --- a/vendor/plugins/restful-authentication/generators/authenticated/templates/stories/steps/ra_navigation_steps.rb +++ /dev/null @@ -1,49 +0,0 @@ -# -# Where to go -# -steps_for(:ra_navigation) do - # - # GET - # Go to a given page. - When "$actor goes to $path" do |actor, path| - case path - when 'the home page' then get '/' - else get path - end - end - - # POST -- Ex: - # When she creates a book with ISBN: '0967539854' and comment: 'I love this book' and rating: '4' - # When she creates a singular session with login: 'reggie' and password: 'i_haxxor_joo' - # Since I'm not smrt enough to do it right, explicitly specify singular resources - When %r{$actor creates an? $resource with $attributes} do |actor, resource, attributes| - attributes = attributes.to_hash_from_story - if resource =~ /singular (\w+)/ - resource = $1.downcase.singularize - post "/#{resource}", attributes - else - post "/#{resource.downcase.pluralize}", { resource.downcase.singularize => attributes } - end - end - - # PUT - When %r{$actor asks to update '$resource' with $attributes} do |_, resource, attributes| - attributes = attributes.to_hash_from_story - put "#{resource}", attributes - dump_response - end - - # DELETE -- Slap together the POST-form-as-fake-HTTP-DELETE submission - When %r{$actor asks to delete '$resource'} do |_, resource| - post "/#{resource.downcase.pluralize}", { :_method => :delete } - dump_response - end - - - # Redirect -- - # Rather than coding in get/get_via_redirect's and past/p_v_r's, - # let's just demand that in the story itself. - When "$actor follows that redirect!" do |actor| - follow_redirect! - end -end diff --git a/vendor/plugins/restful-authentication/generators/authenticated/templates/stories/steps/ra_resource_steps.rb b/vendor/plugins/restful-authentication/generators/authenticated/templates/stories/steps/ra_resource_steps.rb deleted file mode 100644 index 7403b8e..0000000 --- a/vendor/plugins/restful-authentication/generators/authenticated/templates/stories/steps/ra_resource_steps.rb +++ /dev/null @@ -1,179 +0,0 @@ -# The flexible code for resource testing came out of code from Ben Mabey -# http://www.benmabey.com/2008/02/04/rspec-plain-text-stories-webrat-chunky-bacon/ -steps_for(:ra_resource) do - # - # Construct resources - # - - # - # Build a resource as described, store it as an @instance variable. Ex: - # "Given a <%= file_name %> with login: 'mojojojo'" - # produces a <%= class_name %> instance stored in @<%= file_name %> with 'mojojojo' as its login - # attribute. - # - Given "a $resource instance with $attributes" do |resource, attributes| - klass, instance, attributes = parse_resource_args resource, attributes - instance = klass.new(attributes) - instance.save! - find_resource(resource, attributes).should_not be_nil - keep_instance! resource, instance - end - - # - # Stuff attributes into a preexisting @resource - # "And the <%= file_name %> has thac0: 3" - # takes the earlier-defined @<%= file_name %> instance and sets its thac0 to '3'. - # - Given "the $resource has $attributes" do |resource, attributes| - klass, instance, attributes = parse_resource_args resource, attributes - attributes.each do |attr, val| - instance.send("#{attr}=", val) - end - instance.save! - find_resource(resource, attributes).should_not be_nil - keep_instance! resource, instance - end - - # - # Destroy all for this resource - # - Given "no $resource with $attr: '$val' exists" do |resource, attr, val| - klass, instance = parse_resource_args resource - klass.destroy_all(attr.to_sym => val) - instance = find_resource resource, attr.to_sym => val - instance.should be_nil - keep_instance! resource, instance - end - - # - # Then's for resources - # - - # Resource like this DOES exist - Then %r{an? $resource with $attributes should exist} do |resource, attributes| - instance = find_resource resource, attributes - instance.should_not be_nil - keep_instance! resource, instance - end - # Resource like this DOES NOT exist - Then %r{no $resource with $attributes should exist} do |resource, attributes| - instance = find_resource resource, attributes - instance.should be_nil - end - - # Resource has attributes with given values - Then "the $resource should have $attributes" do |resource, attributes| - klass, instance, attributes = parse_resource_args resource, attributes - attributes.each do |attr, val| - instance.send(attr).should == val - end - end - # Resource attributes should / should not be nil - Then "the $resource's $attr should be nil" do |resource, attr| - klass, instance = parse_resource_args resource - instance.send(attr).should be_nil - end - Then "the $resource's $attr should not be nil" do |resource, attr| - klass, instance = parse_resource_args resource - instance.send(attr).should_not be_nil - end - - # - # Bank each of the @resource's listed attributes for later. - # - Given "we try hard to remember the $resource's $attributes" do |resource, attributes| - attributes = attributes.to_array_from_story - attributes.each do |attr| - memorize_resource_value resource, attr - end - end - # - # Bank each of the @resource's listed attributes for later. - # - Given "we don't remember anything about the past" do - memorize_forget_all! - end - - # - # Compare @resource.attr to its earlier-memorized value. - # Specify ' using method_name' (abs, to_s, &c) to coerce before comparing. - # For important and mysterious reasons, timestamps want to_i or to_s. - # - Then %r{the $resource\'s $attribute should stay the same(?: under $func)?} do |resource, attr, func| - klass, instance = parse_resource_args resource - # Get the values - old_value = recall_resource_value(resource, attr) - new_value = instance.send(attr) - # Transform each value, maybe, using value.func - if func then new_value = new_value.send(func); old_value = old_value.send(func) end - # Compare - old_value.should eql(new_value) - end - - # - # Look for each for the given attributes in the page's text - # - Then "page should have the $resource's $attributes" do |resource, attributes| - actual_resource = instantize(resource) - attributes.split(/, and |, /).each do |attribute| - response.should have_text(/#{actual_resource.send(attribute.strip.gsub(" ","_"))}/) - end - end - -end - -# -# Turn a resource name and a to_hash_from_story string like -# "attr: 'value', attr2: 'value2', ... , and attrN: 'valueN'" -# into -# * klass -- the class matching that Resource -# * instance -- the possibly-preexisting local instance value @resource -# * attributes -- a hash matching the given attribute-list string -# -def parse_resource_args resource, attributes=nil - instance = instantize resource - klass = resource.classify.constantize - attributes = attributes.to_hash_from_story if attributes - [klass, instance, attributes] -end - -# -# Given a class name 'resource' and a hash of conditsion, find a model -# -def find_resource resource, conditions - klass, instance = parse_resource_args resource - conditions = conditions.to_hash_from_story unless (conditions.is_a? Hash) - klass.find(:first, :conditions => conditions) -end - -# -# Simple, brittle, useful: store the given resource's attribute -# so we can compare it later. -# -def memorize_resource_value resource, attr - klass, instance = parse_resource_args resource - value = instance.send(attr) - @_memorized ||= {} - @_memorized[resource] ||= {} - @_memorized[resource][attr] = value - value -end -def recall_resource_value resource, attr - @_memorized[resource][attr] -end -def memorize_forget_all! - @_memorized = {} -end - -# -# Keep the object around in a local instance variable @resource. -# -# So, for instance, -# klass, instance = parse_resource_args '<%= file_name %>' -# instance = klass.new({login => 'me', password => 'monkey', ...}) -# keep_instance! resource, instance -# keeps the just-constructed <%= class_name %> model in the @<%= file_name %> instance variable. -# -def keep_instance! resource, object - instance_variable_set("@#{resource}", object) -end diff --git a/vendor/plugins/restful-authentication/generators/authenticated/templates/stories/steps/ra_response_steps.rb b/vendor/plugins/restful-authentication/generators/authenticated/templates/stories/steps/ra_response_steps.rb deleted file mode 100644 index a18aff3..0000000 --- a/vendor/plugins/restful-authentication/generators/authenticated/templates/stories/steps/ra_response_steps.rb +++ /dev/null @@ -1,171 +0,0 @@ -# -# What you should see when you get there -# - -steps_for(:ra_response) do - # - # Destinations. Ex: - # She should be at the new kids page - # Tarkin should be at the destroy alderaan page - # The visitor should be at the '/lolcats/download' form - # The visitor should be redirected to '/hi/mom' - # - # It doesn't know anything about actual routes -- it just - # feeds its output to render_template or redirect_to - # - Then "$actor should be at $path" do |_, path| - response.should render_template(grok_path(path)) - end - - Then "$actor should be redirected to $path" do |_, path| - response.should redirect_to(grok_path(path)) - end - - Then "the page should look AWESOME" do - response.should have_tag('head>title') - response.should have_tag('h1') - # response.should be_valid_xhtml - end - - # - # Tags - # - - Then "the page should contain '$text'" do |_, text| - response.should have_text(/#{text}/) - end - - # please note: this enforces the use of a