Permalink
Browse files

New spree_auth gem which allows for pluggable authentication.

[#1582 state:resolved]
  • Loading branch information...
1 parent 6ee351d commit 44d631966596284e4a0d70d60e79f0eacf58867b @schof schof committed Aug 10, 2010
View
@@ -5,23 +5,6 @@ module SpreeApi
class Engine < Rails::Engine
def self.activate
lambda{
- User.class_eval do
-
- def clear_api_key!
- self.update_attribute(:api_key, "")
- end
-
- def generate_api_key!
- self.update_attribute(:api_key, secure_digest(Time.now, (1..10).map{ rand.to_s }))
- end
-
- private
-
- def secure_digest(*args)
- Digest::SHA1.hexdigest(args.flatten.join('--'))
- end
-
- end
Admin::UsersController.class_eval do
@@ -31,12 +14,6 @@ def generate_api_key
end
redirect_to edit_object_path
end
- def clear_api_key
- if object.clear_api_key!
- flash.notice = t('api.key_cleared')
- end
- redirect_to edit_object_path
- end
end
View
@@ -0,0 +1 @@
+--colour
View
@@ -0,0 +1,26 @@
+Copyright (c) 2007-2010, Rails Dog LLC and other contributors
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+ * Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+ * Redistributions in binary form must reproduce the above copyright notice,
+ this list of conditions and the following disclaimer in the documentation
+ and/or other materials provided with the distribution.
+ * Neither the name Spree nor the names of its contributors may be used to
+ endorse or promote products derived from this software without specific
+ prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
@@ -0,0 +1,12 @@
+Spree::BaseController.class_eval do
+ private
+ def current_user_session
+ return @current_user_session if defined?(@current_user_session)
+ @current_user_session = UserSession.find
+ end
+
+ def current_user
+ return @current_user if defined?(@current_user)
+ @current_user = current_user_session && current_user_session.user
+ end
+end
@@ -7,19 +7,19 @@ def initialize(user)
can :manage, :all
else
#############################
- can :read, User do |resource, token|
+ can :read, User do |resource|
resource == user
end
- can :update, User do |resource, token|
+ can :update, User do |resource|
resource == user
end
can :create, User
#############################
- can :read, Order do |order, token|
- order.user == user || (order.token == token && token)
+ can :read, Order do |order|
+ order.user == user
end
- can :update, Order do |order, token|
- order.user == user || (order.token == token && token)
+ can :update, Order do |order|
+ order.user == user
end
can :create, Order
#############################
@@ -0,0 +1,17 @@
+User.class_eval do
+ alias_attribute :token, :api_key
+ before_save :generate_token
+
+ def generate_token
+ self.token = secure_digest(Time.now, (1..10).map{ rand.to_s })
+ end
+
+ def regenerate_token!
+ self.update_attribute(:token, secure_digest(Time.now, (1..10).map{ rand.to_s }))
+ end
+
+ private
+ def secure_digest(*args)
+ Digest::SHA1.hexdigest(args.flatten.join('--'))
+ end
+end
View
@@ -0,0 +1,12 @@
+require 'spree_core'
+
+module SpreeAuth
+ class Engine < Rails::Engine
+ def self.activate
+ Dir.glob(File.join(File.dirname(__FILE__), "../app/**/*_decorator*.rb")) do |c|
+ Rails.env == "production" ? require(c) : load(c)
+ end
+ end
+ config.to_prepare &method(:activate).to_proc
+ end
+end
@@ -9,49 +9,49 @@
shared_examples_for "access granted" do
it "should allow read" do
- ability.should be_able_to(:read, resource, token)
+ ability.should be_able_to(:read, resource)
end
it "should allow create" do
- ability.should be_able_to(:create, resource, token)
+ ability.should be_able_to(:create, resource)
end
it "should allow update" do
- ability.should be_able_to(:update, resource, token)
+ ability.should be_able_to(:update, resource)
end
end
shared_examples_for "access denied" do
it "should not allow read" do
- ability.should_not be_able_to(:read, resource, token)
+ ability.should_not be_able_to(:read, resource)
end
it "should not allow create" do
- ability.should_not be_able_to(:create, resource, token)
+ ability.should_not be_able_to(:create, resource)
end
it "should not allow update" do
- ability.should_not be_able_to(:update, resource, token)
+ ability.should_not be_able_to(:update, resource)
end
end
shared_examples_for "create only" do
it "should allow create" do
- ability.should be_able_to(:create, resource, token)
+ ability.should be_able_to(:create, resource)
end
it "should not allow read" do
- ability.should_not be_able_to(:read, resource, token)
+ ability.should_not be_able_to(:read, resource)
end
it "should not allow update" do
- ability.should_not be_able_to(:update, resource, token)
+ ability.should_not be_able_to(:update, resource)
end
end
shared_examples_for "read only" do
it "should not allow create" do
- ability.should_not be_able_to(:create, resource, token)
+ ability.should_not be_able_to(:create, resource)
end
it "should allow read" do
- ability.should be_able_to(:read, resource, token)
+ ability.should be_able_to(:read, resource)
end
it "should not allow update" do
- ability.should_not be_able_to(:update, resource, token)
+ ability.should_not be_able_to(:update, resource)
end
end
@@ -83,11 +83,6 @@
before(:each) { resource.user = user }
it_should_behave_like "access granted"
end
- context "requested by same user (with token)" do
- let(:token) { "foo-token" }
- before(:each) { resource.token = "foo-token" }
- it_should_behave_like "access granted"
- end
context "requested by other user" do
before(:each) { resource.user = User.new }
it_should_behave_like "create only"
@@ -0,0 +1,14 @@
+require 'spec_helper'
+
+describe User do
+ context "#create" do
+ let(:user) { User.new(:email => "foo@bar.com", :password => "secret", :password_confirmation => "secret") }
+ it "should create a token when saving" do
+ user.save!
+ user.token.should_not be_nil
+ end
+ end
+ context "#regenerate_token!" do
+ it "should change the token"
+ end
+end
View
@@ -0,0 +1,27 @@
+# This file is copied to ~/spec when you run 'ruby script/generate rspec'
+# from the project root directory.
+ENV["RAILS_ENV"] ||= 'test'
+require File.expand_path("../../../sandbox/config/environment", __FILE__)
+require 'rspec/rails'
+
+# Requires supporting files with custom matchers and macros, etc,
+# in ./support/ and its subdirectories.
+Dir["#{File.dirname(__FILE__)}/support/**/*.rb"].each {|f| require f}
+
+RSpec.configure do |config|
+ # == Mock Framework
+ #
+ # If you prefer to use mocha, flexmock or RR, uncomment the appropriate line:
+ #
+ # config.mock_with :mocha
+ # config.mock_with :flexmock
+ # config.mock_with :rr
+ config.mock_with :rspec
+
+ config.fixture_path = "#{::Rails.root}/spec/fixtures"
+
+ # If you're not using ActiveRecord, or you'd prefer not to run each of your
+ # examples within a transaction, comment the following line or assign false
+ # instead of true.
+ config.use_transactional_fixtures = true
+end
View
@@ -0,0 +1,23 @@
+version = File.read(File.expand_path("../../SPREE_VERSION", __FILE__)).strip
+
+Gem::Specification.new do |s|
+ s.platform = Gem::Platform::RUBY
+ s.name = 'spree_auth'
+ s.version = version
+ s.summary = 'Provides authentication and authorization services for a Spree store.'
+ #s.description = 'Email on Rails. Compose, deliver, receive, and test emails using the familiar controller/view pattern. First-class support for multipart email and attachments.'
+ s.required_ruby_version = '>= 1.8.7'
+
+ # s.author = 'David Heinemeier Hansson'
+ # s.email = 'david@loudthinking.com'
+ # s.homepage = 'http://www.rubyonrails.org'
+ # s.rubyforge_project = 'actionmailer'
+
+ s.files = Dir['README', 'LICENSE', 'lib/**/*']
+ s.require_path = 'lib'
+ s.requirements << 'none'
+
+ s.has_rdoc = true
+
+ s.add_dependency('spree_core', version)
+end
@@ -93,34 +93,6 @@ def render_404(exception)
end
private
- def current_user_session
- return @current_user_session if defined?(@current_user_session)
- @current_user_session = UserSession.find
- end
-
- def current_user
- return @current_user if defined?(@current_user)
- @current_user = current_user_session && current_user_session.user
- end
-
- def require_user
- unless current_user
- store_location
- flash.notice = I18n.t("page_only_viewable_when_logged_in")
- redirect_to new_user_session_url
- return false
- end
- end
-
- def require_no_user
- if current_user
- store_location
- flash.notice = I18n.t("page_only_viewable_when_logged_out")
- redirect_to root_url
- return false
- end
- end
-
def store_location
# disallow return to login, logout, signup pages
disallowed_urls = [signup_url, login_url, logout_url]
View
@@ -20,6 +20,7 @@ Gem::Specification.new do |s|
#s.default_executable = 'spree'
s.add_dependency('spree_core', version)
+ s.add_dependency('spree_auth', version)
s.add_dependency('spree_payment_gateway', version)
s.add_dependency('spree_api', version)
s.add_dependency('spree_dashboard', version)

0 comments on commit 44d6319

Please sign in to comment.