Permalink
Commits on Aug 25, 2008
  1. task to dump code so I can merge changes

    Philip (flip) Kromer committed Aug 25, 2008
Commits on Aug 21, 2008
  1. generators named right

    Philip (flip) Kromer committed Aug 21, 2008
Commits on Aug 12, 2008
  1. Incorporated a fix to insert_routes from mainline

    Philip (flip) Kromer committed Aug 12, 2008
  2. pushing other generators' files back to github without inspection -- …

    …need to merge branches. look for these files to disappear laters
    Philip (flip) Kromer committed Aug 12, 2008
Commits on Jun 2, 2008
  1. Added email verification -- still needs tests, less-crappy integratio…

    …n tho
    Philip (flip) Kromer committed Jun 2, 2008
  2. Added email verification -- still needs tests, less-crappy integratio…

    …n tho
    Philip (flip) Kromer committed Jun 2, 2008
  3. Added simple roles, simple automatic role assignment hook; minor fixes:

    * handle_login_error lives in sessions_controller, as it should
    * get_authorization takes :context => /anything extra/ (was spelled :extra)
    * security_components uses .camelize, not .classify (so that pluralization remains intact)
    * some notes on existing rails plugins, and on rule resolution / policy / authz
    Philip (flip) Kromer committed Jun 2, 2008
  4. fixed a bug in logout -- it needs to retrieve the session login (if a…

    …ny) before calling logout_chain, or cookie is never cleared
    Philip (flip) Kromer committed Jun 2, 2008
Commits on May 31, 2008
  1. Improvements to access_control.

    * added a new method become_logged_in_as, which logs in if it can but doesn't raise an error on failure (like save vs. save!).
    * Authentication.authorization_filter for use in a :before_filter -- constructs a demand_authorization! :for => current_user, :to => action, :on => self.class, :extras => params.
    * Beefed up access_control specs
    * Signup now calls become_logged_in_as (the non-failing login) instead of the awful conditional logic of before
    Philip (flip) Kromer committed May 31, 2008
  2. moving generator lib up one level so all generators can share it. Als…

    …o stripped a couple puts'es
    Philip (flip) Kromer committed May 31, 2008
Commits on May 30, 2008
  1. Updated README for newer version

    Philip (flip) Kromer committed May 30, 2008
  2. Fixed oopsie in stories runner. Now all specs tests and stories run o…

    …ut of the box for fresh rails install
    Philip (flip) Kromer committed May 30, 2008
  3. Large reorganization (v2.0b0) - User model and friends.

    * User model now mostly lives in Identity:: sub modules.  Cookie handling (controller & model) is all in authentication/by_cookie_token. Password handling (controller & model) is all in authentication/by_password. I know the MVC-pattern violation will make some squirm, but this code *should* be opaque to the model at large, and security code should be compartmentalized -- this is all properly controller code, even the parts within the model.
    
    * password and password_confirmation now have filter_parameter_logging by default.
    
    * User#authenticate is now spelled User#authenticate_by_password and now **only** checks the password.  User activation & other authorization is handled by the demand_authorization! chain -- specifically, by demand_authorization :for => user, :to => :login
    
    * Stateful Roles and Email Validation are no longer in this plugin, will get their own generator
    
    * Much stricter validation by default (from svn version): logins can only be /[\w\.\+@\-]+/, email has to look liken an email, password between 6, 40 long.
    
    * salt and remember_token now a tad more entropic (from svn version)
    Philip (flip) Kromer committed May 30, 2008
  4. Large reorganization (v2.0b0) - users controller and friends.

    * controller much skinnier, by handing almost everything off to library code
    
    * Cookie handling (controller & model) is all in authentication/by_cookie_token. Password handling (controller & model) is all in authentication/by_password. I know the MVC-pattern violation will make some squirm, but this code *should* be opaque to the model at large, and security code should be compartmentalized -- this is all properly controller code, even the parts within the model.
    
    * Logic done with exception handling and not conditional branching.  routines 'Fail-closed' (aka Positive Authentication; see http://owasp.org/index.php/Guide_to_Authentication#Positive_Authentication) -- use exception handling to route authentication/access control violations, and commit no resources until all conditions pass (or rollback on failure). handle_signin_error shows one reasonable response chain.
    
    * password and password_confirmation now have filter_parameter_logging by default.
    
    * User#authenticate is now spelled User#authenticate_by_password and now **only** checks the password.  User activation & other authorization is handled by the demand_authorization! chain -- specifically, by demand_authorization :for => user, :to => :login
    
    * Stateful Roles and Email Validation are no longer in this plugin, will get their own generator
    
    * On a failed signup, strip out the password & confirmation before kick you back to the signin screen
    Philip (flip) Kromer committed May 30, 2008
  5. Large reorganization (v2.0b0) - sessions controller and friends.

    * controller much skinnier, by handing almost everything off to library code.
    
    * Logic done with exception handling and not conditional branching. routines 'Fail-closed' (aka Positive Authentication; see http://owasp.org/index.php/Guide_to_Authentication#Positive_Authentication) -- use exception handling to route authentication/access control violations, and commit no resources until all conditions pass (or rollback on failure). handle_signin_error shows one reasonable response chain.
    
    * Cookie handling (controller & model) is all in authentication/by_cookie_token. Password handling (controller & model) is all in authentication/by_password. I know the MVC-pattern violation will make some squirm, but this code *should* be opaque to the model at large, and security code should be compartmentalized -- this is all properly controller code, even the parts within the model.
    
    * The logout routine calls a logout_chain for any resources that need to be destroyed on logout.  (Clearing the server&client cookie token, for example).
    
    * User#authenticate is now spelled User#authenticate_by_password and now **only** checks the password.  User activation & other authorization is handled by the demand_authorization! chain -- specifically, by demand_authorization :for => user, :to => :login
    Philip (flip) Kromer committed May 30, 2008
  6. Large reorganization (v2.0b0) - authenticated_system => lib/authenti…

    …cation, lib/access_control, lib/security_policy
    
    * abstract implementation is divided among lib/authentication.rb and lib/access_control.rb, with concrete code (Authentication::ByPassword, AccessControl::LoginRequired, &c) in subdirectories.
    
    * logged_in?, current_user, current_user= are basically the same. current_user's passive login behaviour now happens through the try_login_chain.  Cookie_token & basic_auth hook in automagically when included, restoring the old behaviour.
    
    * A session login is 'passive' -- it's meant to mimic the presence of state, and implies no change in logged-in status.  All other login methods should call become_logged_in_as!, and should not set current_user= directly.  (The old version of restful_authentication will let a non-activated user log in by HTTP basic).
    
    * authorize? now has a bossy friend, demand_authorization! -- where authorize returns false, demand_authorization! raises an exception. Both now take a params hash of the form
        :for => subject, :to => action, :on => resource, :extra => whatever
      and hand it off to the #get_authorization stub.  get_authorization returns something that is_denial? (false or a SecurityError exception) to say 'deny', and any other true value to say 'allow'.
    
    * handle_signin_error shows one reasonable response chain for 'fail-closed' behavior.
    
    * access_denied is now named handle_access_denied as is automatically installed as a rescue_from handler.
    
    * Cookie handling (controller & model) is all in authentication/by_cookie_token.  Password handling (controller & model) is all in authentication/by_password. I know the MVC-pattern violation will make some squirm, but this code *should* be opaque to the model at large, and security code should be compartmentalized -- this is all properly controller code, even the parts within the model.
    
    * The logout routine calls a logout_chain for any resources that need to be destroyed on logout.  (Clearing the server&client cookie token, for example).
    Philip (flip) Kromer committed May 30, 2008
  7. Large reorganization (v2.0b0) - stories: story steps now live in plug…

    …in space, not user space. Moved story_helpers into their own deal.
    Philip (flip) Kromer committed May 30, 2008
  8. Large reorganization (v2.0b0) - tests: tests still work, but there's …

    …no reason to keep using them.
    Philip (flip) Kromer committed May 30, 2008
  9. Large reorganization (v2.0b0) - views: views get their own directory …

    …in templates, new generator variables; otherwise not much changed.
    Philip (flip) Kromer committed May 30, 2008
  10. Large reorganization (v2.0b0) - users helper and friends: helper meth…

    …ods for authorization, and for giving a 'hello,bob -or- login' bar
    Philip (flip) Kromer committed May 30, 2008
  11. Large reorganization (v2.0b0) - stateful-roles and email-validation a…

    …re stripped out, will get their own plugin.
    Philip (flip) Kromer committed May 30, 2008
  12. Large reorganization (v2.0b0) - code more modular, clean hooks for ex…

    …ternal components and ~100% spec coverage.
    
    The system has been split up to give a clear distinction between authentication (who are you?), authorization (is he allowed to just take the plutonium like that?), policy (note to staff: no one is allowed to take plutonium) and access control (step away from the reactor, bubba).
    
    The plugin now generates *much* less app-space code: the controllers are super skinny now, and if any security flaws are discovered it should be less painful to stay current.
    
    Out of the box, the plugin will stay the heck out of your way, implementing the popular "users can do stuff and no-one else can" security model.  But if your security needs extend beyond that, there are clear hooks for you to add security components that play nice with restful-authentication.  It should also be easy to *decouple* components such as login-by-password or remember-me-tokens if you don't want that.
    
    There is a robust rspec test suite with near-100% coverage, along with a framework for building RSpec stories.
    
    Finally, there have been several minor security fixes, largely centered around implementing best practices recommended in the "Open Web Application Security Project":http://www.owasp.org/index.php/Guide_Table_of_Contents and other references (see notes/ for more).
    Philip (flip) Kromer committed May 30, 2008
Commits on May 29, 2008
  1. fixed the routing issues maybe?

    * model_controller_routing_path means nest/users
    * controller_routing_path means nest/session
    * model_controller_routing_name = users, (used for users_path etc and must be singularized for things like new_user_path)
    * controller_routing_name       = session (used for session_path, new_session_path, etc.)
    * controller_controller_name    = sessions, the name of the controller
    
    If any of this is wrong, at least is should hopefully be easier to resolve with the nice overly-prolix semantic generator names.
    
    I tried to make the names correct for nested resources.  However, the app explodes into horrible flames with anything like "generate Admin::User Session", and in fact with "generate users session".  I don\'t know when this broke, but I can't justify taking the time to fix it unless someone complains. Other than that, the specs and stories all pass for the three activation versions AFAICT.
    Philip (flip) Kromer committed May 29, 2008
Commits on May 28, 2008
  1. Merge branch 'master' of git://github.com/technoweenie/restful-authen…

    …tication
    
    Conflicts:
    
    	generators/authenticated/authenticated_generator.rb
    Sean O'Brien committed May 28, 2008
  2. looks like it's plural routes

    Sean O'Brien committed May 28, 2008
  3. fixed hardcoding of controller names (my bad)

    Sean O'Brien committed May 28, 2008
Commits on May 27, 2008
Commits on May 26, 2008
  1. Changed singular session resource to plural to satisfy specs

    Jason T Johnson committed May 26, 2008
  2. Merge branches 'master' and 'mainline'

    Philip (flip) Kromer committed May 26, 2008
  3. Merge git://github.com/redmar/restful-authentication into mainline

    Philip (flip) Kromer committed May 26, 2008
  4. Merge branch 'generatorfixes'

    Jason T Johnson committed May 26, 2008
  5. Merge branch 'readmefixes'

    Jason T Johnson committed May 26, 2008
  6. A few more generator and README fixes

    * Plural controller name in named routes
    * Named routes in session controller spec instead of restful routes
    Jason T Johnson committed May 26, 2008