ActionItem9: adding user accounts model and controller, just generated acts_as_authenticated code

git-svn-id: https://svn.colivre.coop.br/svn/noosfero/trunk@94 3f533792-8f58-4932-b0fe-aaf55b0a4547

ActionItem9: adding user accounts model and controller, just generated acts_as_authenticated code
git-svn-id: https://svn.colivre.coop.br/svn/noosfero/trunk@94 3f533792-8f58-4932-b0fe-aaf55b0a4547
AntonioTerceiro
1 parent 4f51c61b
Showing 15 changed files with 690 additions and 0 deletions Show diff stats
app/controllers/account_controller.rb
app/helpers/account_helper.rb
app/models/user.rb
app/views/account/index.rhtml
app/views/account/login.rhtml
app/views/account/signup.rhtml
app/views/layouts/account.rhtml
config/routes.rb
db/migrate/006_create_users.rb
lib/authenticated_system.rb
lib/authenticated_test_helper.rb
test/fixtures/users.yml
test/functional/account_controller_test.rb
test/integration/routing_test.rb
test/unit/user_test.rb
@@ -0,0 +1,43 @@
+class AccountController < ApplicationController
+  # Be sure to include AuthenticationSystem in Application Controller instead
+  include AuthenticatedSystem
+  # If you want "remember me" functionality, add this before_filter to Application Controller
+  before_filter :login_from_cookie
+
+  # say something nice, you goof!  something sweet.
+  def index
+    redirect_to(:action => 'signup') unless logged_in? || User.count > 0
+  end
+
+  def login
+    return unless request.post?
+    self.current_user = User.authenticate(params[:login], params[:password])
+    if logged_in?
+      if params[:remember_me] == "1"
+        self.current_user.remember_me
+        cookies[:auth_token] = { :value => self.current_user.remember_token , :expires => self.current_user.remember_token_expires_at }
+      end
+      redirect_back_or_default(:controller => '/account', :action => 'index')
+      flash[:notice] = "Logged in successfully"
+    end
+  end
+
+  def signup
+    @user = User.new(params[:user])
+    return unless request.post?
+    @user.save!
+    self.current_user = @user
+    redirect_back_or_default(:controller => '/account', :action => 'index')
+    flash[:notice] = "Thanks for signing up!"
+  rescue ActiveRecord::RecordInvalid
+    render :action => 'signup'
+  end
+  
+  def logout
+    self.current_user.forget_me if logged_in?
+    cookies.delete :auth_token
+    reset_session
+    flash[:notice] = "You have been logged out."
+    redirect_back_or_default(:controller => '/account', :action => 'index')
+  end
+end
@@ -0,0 +1,2 @@
+module AccountHelper
+end
 \ No newline at end of file
@@ -0,0 +1,64 @@
+require 'digest/sha1'
+class User < ActiveRecord::Base
+  # Virtual attribute for the unencrypted password
+  attr_accessor :password
+
+  validates_presence_of     :login, :email
+  validates_presence_of     :password,                   :if => :password_required?
+  validates_presence_of     :password_confirmation,      :if => :password_required?
+  validates_length_of       :password, :within => 4..40, :if => :password_required?
+  validates_confirmation_of :password,                   :if => :password_required?
+  validates_length_of       :login,    :within => 3..40
+  validates_length_of       :email,    :within => 3..100
+  validates_uniqueness_of   :login, :email, :case_sensitive => false
+  before_save :encrypt_password
+
+  # Authenticates a user by their login name and unencrypted password.  Returns the user or nil.
+  def self.authenticate(login, password)
+    u = find_by_login(login) # need to get the salt
+    u && u.authenticated?(password) ? u : nil
+  end
+
+  # Encrypts some data with the salt.
+  def self.encrypt(password, salt)
+    Digest::SHA1.hexdigest("--#{salt}--#{password}--")
+  end
+
+  # Encrypts the password with the user salt
+  def encrypt(password)
+    self.class.encrypt(password, salt)
+  end
+
+  def authenticated?(password)
+    crypted_password == encrypt(password)
+  end
+
+  def remember_token?
+    remember_token_expires_at && Time.now.utc < remember_token_expires_at 
+  end
+
+  # These create and unset the fields required for remembering users between browser closes
+  def remember_me
+    self.remember_token_expires_at = 2.weeks.from_now.utc
+    self.remember_token            = encrypt("#{email}--#{remember_token_expires_at}")
+    save(false)
+  end
+
+  def forget_me
+    self.remember_token_expires_at = nil
+    self.remember_token            = nil
+    save(false)
+  end
+
+  protected
+    # before filter 
+    def encrypt_password
+      return if password.blank?
+      self.salt = Digest::SHA1.hexdigest("--#{Time.now.to_s}--#{login}--") if new_record?
+      self.crypted_password = encrypt(password)
+    end
+    
+    def password_required?
+      crypted_password.blank? || !password.blank?
+    end
+end
@@ -0,0 +1,56 @@
+<h1>In the Caboose.</h1>
+
+<% content_for 'poem' do -%>
+"Train delayed? and what's to say?" 
+"Blocked by last night's snow they say." 
+Seven hours or so to wait; 
+Well, that's pleasant! but there's the freight. 
+Depot loafing no one fancies, 
+We'll try the caboose and take our chances. 
+  
+Cool this morning in Watertown, 
+Somewhat frosty___mercury down; 
+Enter caboose___roaring fire, 
+With never an air-hole; heat so dire 
+That we shrivel and pant; we are roasted through- 
+Outside, thermometer thirty-two. 
+  
+We start with a jerk and suddenly stop. 
+"What's broke?" says one; another "What's up?", 
+"Oh, nothing," they answer, "That's our way: 
+You must stand the jerking, sorry to say." 
+We "stand it" with oft this painful thought: 
+Are our heads on yet, or are they not? 
+  
+Comrades in misery___let me see; 
+Girl like a statue opposite me; 
+Back and forth the others jostle___ 
+She never winks, nor moves a muscle; 
+See her, as she sits there now; 
+She's "well balanced," anyhow. 
+  
+Woman in trouble, tearful eyes, 
+Sits by the window, softly cries, 
+Pity___for griefs we may not know, 
+For breasts that ache, for tears that flow, 
+Though we know not why. Her eyelids red 
+Tell a sorrowful tale___some hope is dead. 
+  
+Man who follows the Golden Rule, 
+And lends his papers___a pocket full, 
+Has a blank book___once in a minute 
+Has an idea, and writes it in it. 
+Guess him? Yes, of course I can, 
+He's a___well___a newspaper man. 
+  
+Blue-eyed fairy, wrapped in fur; 
+Sweet young mother tending her. 
+Fairy thinks it's "awful far," 
+Wants to get off this "naughty car." 
+So do we, young golden-hair; 
+All this crowd are with you there!
+<% end -%>
+
+<%= simple_format @content_for_poem %>
+
+<p><a href="http://skyways.lib.ks.us/poetry/walls/caboose.html">-- Ellen P. Allerton.</a></p>
 \ No newline at end of file
@@ -0,0 +1,14 @@
+<% form_tag do -%>
+<p><label for="login">Login</label><br/>
+<%= text_field_tag 'login' %></p>
+
+<p><label for="password">Password</label><br/>
+<%= password_field_tag 'password' %></p>
+
+<!-- Uncomment this if you want this functionality
+<p><label for="remember_me">Remember me:</label>
+<%= check_box_tag 'remember_me' %></p>
+-->
+
+<p><%= submit_tag 'Log in' %></p>
+<% end -%>
@@ -0,0 +1,16 @@
+<%= error_messages_for :user %>
+<% form_for :user do |f| -%>
+<p><label for="login">Login</label><br/>
+<%= f.text_field :login %></p>
+
+<p><label for="email">Email</label><br/>
+<%= f.text_field :email %></p>
+
+<p><label for="password">Password</label><br/>
+<%= f.password_field :password %></p>
+
+<p><label for="password_confirmation">Confirm Password</label><br/>
+<%= f.password_field :password_confirmation %></p>
+
+<p><%= submit_tag 'Sign up' %></p>
+<% end -%>
@@ -0,0 +1,16 @@
+<html>
+  <head>
+    <%= javascript_include_tag :defaults %>
+    <%= javascript_include_tag_template @chosen_template %>
+    <%= stylesheet_link_tag_template @chosen_template %>
+
+  </head>
+  <body>
+
+    <div id='main'>
+      <%= yield %>
+    </div>
+
+  </body>
+
+</html>
@@ -13,6 +13,9 @@ ActionController::Routing::Routes.draw do |map|
   # -- just remember to delete public/index.html.
   map.connect '', :controller => "home"
  
+  # user account controller
+  map.connect 'account/:action', :controller => 'account'
+
   # administrative tasks for a virtual community
   map.connect 'admin/:controller/:action/:id'
  
@@ -0,0 +1,18 @@
+class CreateUsers < ActiveRecord::Migration
+  def self.up
+    create_table "users", :force => true do |t|
+      t.column :login,                     :string
+      t.column :email,                     :string
+      t.column :crypted_password,          :string, :limit => 40
+      t.column :salt,                      :string, :limit => 40
+      t.column :created_at,                :datetime
+      t.column :updated_at,                :datetime
+      t.column :remember_token,            :string
+      t.column :remember_token_expires_at, :datetime
+    end
+  end
+
+  def self.down
+    drop_table "users"
+  end
+end
@@ -0,0 +1,120 @@
+module AuthenticatedSystem
+  protected
+    # Returns true or false if the user is logged in.
+    # Preloads @current_user with the user model if they're logged in.
+    def logged_in?
+      current_user != :false
+    end
+    
+    # Accesses the current user from the session.
+    def current_user
+      @current_user ||= (session[:user] && User.find_by_id(session[:user])) || :false
+    end
+    
+    # Store the given user in the session.
+    def current_user=(new_user)
+      session[:user] = (new_user.nil? || new_user.is_a?(Symbol)) ? nil : new_user.id
+      @current_user = new_user
+    end
+    
+    # Check if the user is authorized.
+    #
+    # Override this method in your controllers if you want to restrict access
+    # to only a few actions or if you want to check if the user
+    # has the correct rights.
+    #
+    # Example:
+    #
+    #  # only allow nonbobs
+    #  def authorize?
+    #    current_user.login != "bob"
+    #  end
+    def authorized?
+      true
+    end
+
+    # Filter method to enforce a login requirement.
+    #
+    # To require logins for all actions, use this in your controllers:
+    #
+    #   before_filter :login_required
+    #
+    # To require logins for specific actions, use this in your controllers:
+    #
+    #   before_filter :login_required, :only => [ :edit, :update ]
+    #
+    # To skip this in a subclassed controller:
+    #
+    #   skip_before_filter :login_required
+    #
+    def login_required
+      username, passwd = get_auth_data
+      self.current_user ||= User.authenticate(username, passwd) || :false if username && passwd
+      logged_in? && authorized? ? true : access_denied
+    end
+    
+    # Redirect as appropriate when an access request fails.
+    #
+    # The default action is to redirect to the login screen.
+    #
+    # Override this method in your controllers if you want to have special
+    # behavior in case the user is not authorized
+    # to access the requested action.  For example, a popup window might
+    # simply close itself.
+    def access_denied
+      respond_to do |accepts|
+        accepts.html do
+          store_location
+          redirect_to :controller => '/account', :action => 'login'
+        end
+        accepts.xml do
+          headers["Status"]           = "Unauthorized"
+          headers["WWW-Authenticate"] = %(Basic realm="Web Password")
+          render :text => "Could't authenticate you", :status => '401 Unauthorized'
+        end
+      end
+      false
+    end  
+    
+    # Store the URI of the current request in the session.
+    #
+    # We can return to this location by calling #redirect_back_or_default.
+    def store_location
+      session[:return_to] = request.request_uri
+    end
+    
+    # Redirect to the URI stored by the most recent store_location call or
+    # to the passed default.
+    def redirect_back_or_default(default)
+      session[:return_to] ? redirect_to_url(session[:return_to]) : redirect_to(default)
+      session[:return_to] = nil
+    end
+    
+    # Inclusion hook to make #current_user and #logged_in?
+    # available as ActionView helper methods.
+    def self.included(base)
+      base.send :helper_method, :current_user, :logged_in?
+    end
+
+    # When called with before_filter :login_from_cookie will check for an :auth_token
+    # cookie and log the user back in if apropriate
+    def login_from_cookie
+      return unless cookies[:auth_token] && !logged_in?
+      user = User.find_by_remember_token(cookies[:auth_token])
+      if user && user.remember_token?
+        user.remember_me
+        self.current_user = user
+        cookies[:auth_token] = { :value => self.current_user.remember_token , :expires => self.current_user.remember_token_expires_at }
+        flash[:notice] = "Logged in successfully"
+      end
+    end
+
+  private
+    @@http_auth_headers = %w(X-HTTP_AUTHORIZATION HTTP_AUTHORIZATION Authorization)
+    # gets BASIC auth info
+    def get_auth_data
+      auth_key  = @@http_auth_headers.detect { |h| request.env.has_key?(h) }
+      auth_data = request.env[auth_key].to_s.split unless auth_key.blank?
+      return auth_data && auth_data[0] == 'Basic' ? Base64.decode64(auth_data[1]).split(':')[0..1] : [nil, nil] 
+    end
+end
@@ -0,0 +1,113 @@
+module AuthenticatedTestHelper
+  # Sets the current user in the session from the user fixtures.
+  def login_as(user)
+    @request.session[:user] = user ? users(user).id : nil
+  end
+
+  def content_type(type)
+    @request.env['Content-Type'] = type
+  end
+
+  def accept(accept)
+    @request.env["HTTP_ACCEPT"] = accept
+  end
+
+  def authorize_as(user)
+    if user
+      @request.env["HTTP_AUTHORIZATION"] = "Basic #{Base64.encode64("#{users(user).login}:test")}"
+      accept       'application/xml'
+      content_type 'application/xml'
+    else
+      @request.env["HTTP_AUTHORIZATION"] = nil
+      accept       nil
+      content_type nil
+    end
+  end
+
+  # http://project.ioni.st/post/217#post-217
+  #
+  #  def test_new_publication
+  #    assert_difference(Publication, :count) do
+  #      post :create, :publication => {...}
+  #      # ...
+  #    end
+  #  end
+  # 
+  def assert_difference(object, method = nil, difference = 1)
+    initial_value = object.send(method)
+    yield
+    assert_equal initial_value + difference, object.send(method), "#{object}##{method}"
+  end
+
+  def assert_no_difference(object, method, &block)
+    assert_difference object, method, 0, &block
+  end
+
+  # Assert the block redirects to the login
+  # 
+  #   assert_requires_login(:bob) { |c| c.get :edit, :id => 1 }
+  #
+  def assert_requires_login(login = nil)
+    yield HttpLoginProxy.new(self, login)
+  end
+
+  def assert_http_authentication_required(login = nil)
+    yield XmlLoginProxy.new(self, login)
+  end
+
+  def reset!(*instance_vars)
+    instance_vars = [:controller, :request, :response] unless instance_vars.any?
+    instance_vars.collect! { |v| "@#{v}".to_sym }
+    instance_vars.each do |var|
+      instance_variable_set(var, instance_variable_get(var).class.new)
+    end
+  end
+end
+
+class BaseLoginProxy
+  attr_reader :controller
+  attr_reader :options
+  def initialize(controller, login)
+    @controller = controller
+    @login      = login
+  end
+
+  private
+    def authenticated
+      raise NotImplementedError
+    end
+    
+    def check
+      raise NotImplementedError
+    end
+    
+    def method_missing(method, *args)
+      @controller.reset!
+      authenticate
+      @controller.send(method, *args)
+      check
+    end
+end
+
+class HttpLoginProxy < BaseLoginProxy
+  protected
+    def authenticate
+      @controller.login_as @login if @login
+    end
+    
+    def check
+      @controller.assert_redirected_to :controller => 'account', :action => 'login'
+    end
+end
+
+class XmlLoginProxy < BaseLoginProxy
+  protected
+    def authenticate
+      @controller.accept 'application/xml'
+      @controller.authorize_as @login if @login
+    end
+    
+    def check
+      @controller.assert_response 401
+    end
+end
 \ No newline at end of file
@@ -0,0 +1,17 @@
+quentin:
+  id: 1
+  login: quentin
+  email: quentin@example.com
+  salt: 7e3041ebc2fc05a40c60028e2c4901a81035d3cd
+  crypted_password: 00742970dc9e6319f8019fd54864d3ea740f04b1 # test
+  #crypted_password: "ce2/iFrNtQ8=\n" # quentin, use only if you're using 2-way encryption
+  created_at: <%= 5.days.ago.to_s :db %>
+  # activated_at: <%= 5.days.ago.to_s :db %> # only if you're activating new signups
+aaron:
+  id: 2
+  login: aaron
+  email: aaron@example.com
+  salt: 7e3041ebc2fc05a40c60028e2c4901a81035d3cd
+  crypted_password: 00742970dc9e6319f8019fd54864d3ea740f04b1 # test
+  # activation_code: aaronscode # only if you're activating new signups
+  created_at: <%= 1.days.ago.to_s :db %>
 \ No newline at end of file
@@ -0,0 +1,129 @@
+require File.dirname(__FILE__) + '/../test_helper'
+require 'account_controller'
+
+# Re-raise errors caught by the controller.
+class AccountController; def rescue_action(e) raise e end; end
+
+class AccountControllerTest < Test::Unit::TestCase
+  # Be sure to include AuthenticatedTestHelper in test/test_helper.rb instead
+  # Then, you can remove it from this and the units test.
+  include AuthenticatedTestHelper
+
+  fixtures :users
+
+  def setup
+    @controller = AccountController.new
+    @request    = ActionController::TestRequest.new
+    @response   = ActionController::TestResponse.new
+  end
+
+  def test_should_login_and_redirect
+    post :login, :login => 'quentin', :password => 'test'
+    assert session[:user]
+    assert_response :redirect
+  end
+
+  def test_should_fail_login_and_not_redirect
+    post :login, :login => 'quentin', :password => 'bad password'
+    assert_nil session[:user]
+    assert_response :success
+  end
+
+  def test_should_allow_signup
+    assert_difference User, :count do
+      create_user
+      assert_response :redirect
+    end
+  end
+
+  def test_should_require_login_on_signup
+    assert_no_difference User, :count do
+      create_user(:login => nil)
+      assert assigns(:user).errors.on(:login)
+      assert_response :success
+    end
+  end
+
+  def test_should_require_password_on_signup
+    assert_no_difference User, :count do
+      create_user(:password => nil)
+      assert assigns(:user).errors.on(:password)
+      assert_response :success
+    end
+  end
+
+  def test_should_require_password_confirmation_on_signup
+    assert_no_difference User, :count do
+      create_user(:password_confirmation => nil)
+      assert assigns(:user).errors.on(:password_confirmation)
+      assert_response :success
+    end
+  end
+
+  def test_should_require_email_on_signup
+    assert_no_difference User, :count do
+      create_user(:email => nil)
+      assert assigns(:user).errors.on(:email)
+      assert_response :success
+    end
+  end
+
+  def test_should_logout
+    login_as :quentin
+    get :logout
+    assert_nil session[:user]
+    assert_response :redirect
+  end
+
+  def test_should_remember_me
+    post :login, :login => 'quentin', :password => 'test', :remember_me => "1"
+    assert_not_nil @response.cookies["auth_token"]
+  end
+
+  def test_should_not_remember_me
+    post :login, :login => 'quentin', :password => 'test', :remember_me => "0"
+    assert_nil @response.cookies["auth_token"]
+  end
+  
+  def test_should_delete_token_on_logout
+    login_as :quentin
+    get :logout
+    assert_equal @response.cookies["auth_token"], []
+  end
+
+  def test_should_login_with_cookie
+    users(:quentin).remember_me
+    @request.cookies["auth_token"] = cookie_for(:quentin)
+    get :index
+    assert @controller.send(:logged_in?)
+  end
+
+  def test_should_fail_expired_cookie_login
+    users(:quentin).remember_me
+    users(:quentin).update_attribute :remember_token_expires_at, 5.minutes.ago
+    @request.cookies["auth_token"] = cookie_for(:quentin)
+    get :index
+    assert !@controller.send(:logged_in?)
+  end
+
+  def test_should_fail_cookie_login
+    users(:quentin).remember_me
+    @request.cookies["auth_token"] = auth_token('invalid_auth_token')
+    get :index
+    assert !@controller.send(:logged_in?)
+  end
+
+  protected
+    def create_user(options = {})
+      post :signup, :user => { :login => 'quire', :email => 'quire@example.com', 
+        :password => 'quire', :password_confirmation => 'quire' }.merge(options)
+    end
+    
+    def auth_token(token)
+      CGI::Cookie.new('name' => 'auth_token', 'value' => token)
+    end
+    
+    def cookie_for(user)
+      auth_token users(user).remember_token
+    end
+end
@@ -6,4 +6,8 @@ class RoutingTest &lt; ActionController::IntegrationTest
     assert_routing('admin/features', :controller => 'features', :action => 'index')
   end
  
+  def test_account_controller
+    assert_routing('account', :controller => 'account', :action => 'index')
+  end
+
 end
@@ -0,0 +1,75 @@
+require File.dirname(__FILE__) + '/../test_helper'
+
+class UserTest < Test::Unit::TestCase
+  # Be sure to include AuthenticatedTestHelper in test/test_helper.rb instead.
+  # Then, you can remove it from this and the functional test.
+  include AuthenticatedTestHelper
+  fixtures :users
+
+  def test_should_create_user
+    assert_difference User, :count do
+      user = create_user
+      assert !user.new_record?, "#{user.errors.full_messages.to_sentence}"
+    end
+  end
+
+  def test_should_require_login
+    assert_no_difference User, :count do
+      u = create_user(:login => nil)
+      assert u.errors.on(:login)
+    end
+  end
+
+  def test_should_require_password
+    assert_no_difference User, :count do
+      u = create_user(:password => nil)
+      assert u.errors.on(:password)
+    end
+  end
+
+  def test_should_require_password_confirmation
+    assert_no_difference User, :count do
+      u = create_user(:password_confirmation => nil)
+      assert u.errors.on(:password_confirmation)
+    end
+  end
+
+  def test_should_require_email
+    assert_no_difference User, :count do
+      u = create_user(:email => nil)
+      assert u.errors.on(:email)
+    end
+  end
+
+  def test_should_reset_password
+    users(:quentin).update_attributes(:password => 'new password', :password_confirmation => 'new password')
+    assert_equal users(:quentin), User.authenticate('quentin', 'new password')
+  end
+
+  def test_should_not_rehash_password
+    users(:quentin).update_attributes(:login => 'quentin2')
+    assert_equal users(:quentin), User.authenticate('quentin2', 'test')
+  end
+
+  def test_should_authenticate_user
+    assert_equal users(:quentin), User.authenticate('quentin', 'test')
+  end
+
+  def test_should_set_remember_token
+    users(:quentin).remember_me
+    assert_not_nil users(:quentin).remember_token
+    assert_not_nil users(:quentin).remember_token_expires_at
+  end
+
+  def test_should_unset_remember_token
+    users(:quentin).remember_me
+    assert_not_nil users(:quentin).remember_token
+    users(:quentin).forget_me
+    assert_nil users(:quentin).remember_token
+  end
+
+  protected
+    def create_user(options = {})
+      User.create({ :login => 'quire', :email => 'quire@example.com', :password => 'quire', :password_confirmation => 'quire' }.merge(options))
+    end
+end
...	...	@@ -0,0 +1,43 @@
	1	+class AccountController < ApplicationController
	2	+ # Be sure to include AuthenticationSystem in Application Controller instead
	3	+ include AuthenticatedSystem
	4	+ # If you want "remember me" functionality, add this before_filter to Application Controller
	5	+ before_filter :login_from_cookie
	6	+
	7	+ # say something nice, you goof! something sweet.
	8	+ def index
	9	+ redirect_to(:action => 'signup') unless logged_in? \|\| User.count > 0
	10	+ end
	11	+
	12	+ def login
	13	+ return unless request.post?
	14	+ self.current_user = User.authenticate(params[:login], params[:password])
	15	+ if logged_in?
	16	+ if params[:remember_me] == "1"
	17	+ self.current_user.remember_me
	18	+ cookies[:auth_token] = { :value => self.current_user.remember_token , :expires => self.current_user.remember_token_expires_at }
	19	+ end
	20	+ redirect_back_or_default(:controller => '/account', :action => 'index')
	21	+ flash[:notice] = "Logged in successfully"
	22	+ end
	23	+ end
	24	+
	25	+ def signup
	26	+ @user = User.new(params[:user])
	27	+ return unless request.post?
	28	+ @user.save!
	29	+ self.current_user = @user
	30	+ redirect_back_or_default(:controller => '/account', :action => 'index')
	31	+ flash[:notice] = "Thanks for signing up!"
	32	+ rescue ActiveRecord::RecordInvalid
	33	+ render :action => 'signup'
	34	+ end
	35	+
	36	+ def logout
	37	+ self.current_user.forget_me if logged_in?
	38	+ cookies.delete :auth_token
	39	+ reset_session
	40	+ flash[:notice] = "You have been logged out."
	41	+ redirect_back_or_default(:controller => '/account', :action => 'index')
	42	+ end
	43	+end
...	...
...	...	@@ -0,0 +1,2 @@
	1	+module AccountHelper
	2	+end
0	3	\ No newline at end of file
...	...
...	...	@@ -0,0 +1,64 @@
	1	+require 'digest/sha1'
	2	+class User < ActiveRecord::Base
	3	+ # Virtual attribute for the unencrypted password
	4	+ attr_accessor :password
	5	+
	6	+ validates_presence_of :login, :email
	7	+ validates_presence_of :password, :if => :password_required?
	8	+ validates_presence_of :password_confirmation, :if => :password_required?
	9	+ validates_length_of :password, :within => 4..40, :if => :password_required?
	10	+ validates_confirmation_of :password, :if => :password_required?
	11	+ validates_length_of :login, :within => 3..40
	12	+ validates_length_of :email, :within => 3..100
	13	+ validates_uniqueness_of :login, :email, :case_sensitive => false
	14	+ before_save :encrypt_password
	15	+
	16	+ # Authenticates a user by their login name and unencrypted password. Returns the user or nil.
	17	+ def self.authenticate(login, password)
	18	+ u = find_by_login(login) # need to get the salt
	19	+ u && u.authenticated?(password) ? u : nil
	20	+ end
	21	+
	22	+ # Encrypts some data with the salt.
	23	+ def self.encrypt(password, salt)
	24	+ Digest::SHA1.hexdigest("--#{salt}--#{password}--")
	25	+ end
	26	+
	27	+ # Encrypts the password with the user salt
	28	+ def encrypt(password)
	29	+ self.class.encrypt(password, salt)
	30	+ end
	31	+
	32	+ def authenticated?(password)
	33	+ crypted_password == encrypt(password)
	34	+ end
	35	+
	36	+ def remember_token?
	37	+ remember_token_expires_at && Time.now.utc < remember_token_expires_at
	38	+ end
	39	+
	40	+ # These create and unset the fields required for remembering users between browser closes
	41	+ def remember_me
	42	+ self.remember_token_expires_at = 2.weeks.from_now.utc
	43	+ self.remember_token = encrypt("#{email}--#{remember_token_expires_at}")
	44	+ save(false)
	45	+ end
	46	+
	47	+ def forget_me
	48	+ self.remember_token_expires_at = nil
	49	+ self.remember_token = nil
	50	+ save(false)
	51	+ end
	52	+
	53	+ protected
	54	+ # before filter
	55	+ def encrypt_password
	56	+ return if password.blank?
	57	+ self.salt = Digest::SHA1.hexdigest("--#{Time.now.to_s}--#{login}--") if new_record?
	58	+ self.crypted_password = encrypt(password)
	59	+ end
	60	+
	61	+ def password_required?
	62	+ crypted_password.blank? \|\| !password.blank?
	63	+ end
	64	+end
...	...
...	...	@@ -0,0 +1,56 @@
	1	+<h1>In the Caboose.</h1>
	2	+
	3	+<% content_for 'poem' do -%>
	4	+"Train delayed? and what's to say?"
	5	+"Blocked by last night's snow they say."
	6	+Seven hours or so to wait;
	7	+Well, that's pleasant! but there's the freight.
	8	+Depot loafing no one fancies,
	9	+We'll try the caboose and take our chances.
	10	+
	11	+Cool this morning in Watertown,
	12	+Somewhat frosty___mercury down;
	13	+Enter caboose___roaring fire,
	14	+With never an air-hole; heat so dire
	15	+That we shrivel and pant; we are roasted through-
	16	+Outside, thermometer thirty-two.
	17	+
	18	+We start with a jerk and suddenly stop.
	19	+"What's broke?" says one; another "What's up?",
	20	+"Oh, nothing," they answer, "That's our way:
	21	+You must stand the jerking, sorry to say."
	22	+We "stand it" with oft this painful thought:
	23	+Are our heads on yet, or are they not?
	24	+
	25	+Comrades in misery___let me see;
	26	+Girl like a statue opposite me;
	27	+Back and forth the others jostle___
	28	+She never winks, nor moves a muscle;
	29	+See her, as she sits there now;
	30	+She's "well balanced," anyhow.
	31	+
	32	+Woman in trouble, tearful eyes,
	33	+Sits by the window, softly cries,
	34	+Pity___for griefs we may not know,
	35	+For breasts that ache, for tears that flow,
	36	+Though we know not why. Her eyelids red
	37	+Tell a sorrowful tale___some hope is dead.
	38	+
	39	+Man who follows the Golden Rule,
	40	+And lends his papers___a pocket full,
	41	+Has a blank book___once in a minute
	42	+Has an idea, and writes it in it.
	43	+Guess him? Yes, of course I can,
	44	+He's a___well___a newspaper man.
	45	+
	46	+Blue-eyed fairy, wrapped in fur;
	47	+Sweet young mother tending her.
	48	+Fairy thinks it's "awful far,"
	49	+Wants to get off this "naughty car."
	50	+So do we, young golden-hair;
	51	+All this crowd are with you there!
	52	+<% end -%>
	53	+
	54	+<%= simple_format @content_for_poem %>
	55	+
	56	+<p><a href="http://skyways.lib.ks.us/poetry/walls/caboose.html">-- Ellen P. Allerton.</a></p>
0	57	\ No newline at end of file
...	...
...	...	@@ -0,0 +1,14 @@
	1	+<% form_tag do -%>
	2	+<p><label for="login">Login</label><br/>
	3	+<%= text_field_tag 'login' %></p>
	4	+
	5	+<p><label for="password">Password</label><br/>
	6	+<%= password_field_tag 'password' %></p>
	7	+
	8	+<!-- Uncomment this if you want this functionality
	9	+<p><label for="remember_me">Remember me:</label>
	10	+<%= check_box_tag 'remember_me' %></p>
	11	+-->
	12	+
	13	+<p><%= submit_tag 'Log in' %></p>
	14	+<% end -%>
...	...
...	...	@@ -0,0 +1,16 @@
	1	+<%= error_messages_for :user %>
	2	+<% form_for :user do \|f\| -%>
	3	+<p><label for="login">Login</label><br/>
	4	+<%= f.text_field :login %></p>
	5	+
	6	+<p><label for="email">Email</label><br/>
	7	+<%= f.text_field :email %></p>
	8	+
	9	+<p><label for="password">Password</label><br/>
	10	+<%= f.password_field :password %></p>
	11	+
	12	+<p><label for="password_confirmation">Confirm Password</label><br/>
	13	+<%= f.password_field :password_confirmation %></p>
	14	+
	15	+<p><%= submit_tag 'Sign up' %></p>
	16	+<% end -%>
...	...
...	...	@@ -0,0 +1,16 @@
	1	+<html>
	2	+ <head>
	3	+ <%= javascript_include_tag :defaults %>
	4	+ <%= javascript_include_tag_template @chosen_template %>
	5	+ <%= stylesheet_link_tag_template @chosen_template %>
	6	+
	7	+ </head>
	8	+ <body>
	9	+
	10	+ <div id='main'>
	11	+ <%= yield %>
	12	+ </div>
	13	+
	14	+ </body>
	15	+
	16	+</html>
...	...
...	...	@@ -13,6 +13,9 @@ ActionController::Routing::Routes.draw do \|map\|
13	13	# -- just remember to delete public/index.html.
14	14	map.connect '', :controller => "home"
15	15
	16	+ # user account controller
	17	+ map.connect 'account/:action', :controller => 'account'
	18	+
16	19	# administrative tasks for a virtual community
17	20	map.connect 'admin/:controller/:action/:id'
18	21
...	...
...	...	@@ -0,0 +1,18 @@
	1	+class CreateUsers < ActiveRecord::Migration
	2	+ def self.up
	3	+ create_table "users", :force => true do \|t\|
	4	+ t.column :login, :string
	5	+ t.column :email, :string
	6	+ t.column :crypted_password, :string, :limit => 40
	7	+ t.column :salt, :string, :limit => 40
	8	+ t.column :created_at, :datetime
	9	+ t.column :updated_at, :datetime
	10	+ t.column :remember_token, :string
	11	+ t.column :remember_token_expires_at, :datetime
	12	+ end
	13	+ end
	14	+
	15	+ def self.down
	16	+ drop_table "users"
	17	+ end
	18	+end
...	...
...	...	@@ -0,0 +1,120 @@
	1	+module AuthenticatedSystem
	2	+ protected
	3	+ # Returns true or false if the user is logged in.
	4	+ # Preloads @current_user with the user model if they're logged in.
	5	+ def logged_in?
	6	+ current_user != :false
	7	+ end
	8	+
	9	+ # Accesses the current user from the session.
	10	+ def current_user
	11	+ @current_user \|\|= (session[:user] && User.find_by_id(session[:user])) \|\| :false
	12	+ end
	13	+
	14	+ # Store the given user in the session.
	15	+ def current_user=(new_user)
	16	+ session[:user] = (new_user.nil? \|\| new_user.is_a?(Symbol)) ? nil : new_user.id
	17	+ @current_user = new_user
	18	+ end
	19	+
	20	+ # Check if the user is authorized.
	21	+ #
	22	+ # Override this method in your controllers if you want to restrict access
	23	+ # to only a few actions or if you want to check if the user
	24	+ # has the correct rights.
	25	+ #
	26	+ # Example:
	27	+ #
	28	+ # # only allow nonbobs
	29	+ # def authorize?
	30	+ # current_user.login != "bob"
	31	+ # end
	32	+ def authorized?
	33	+ true
	34	+ end
	35	+
	36	+ # Filter method to enforce a login requirement.
	37	+ #
	38	+ # To require logins for all actions, use this in your controllers:
	39	+ #
	40	+ # before_filter :login_required
	41	+ #
	42	+ # To require logins for specific actions, use this in your controllers:
	43	+ #
	44	+ # before_filter :login_required, :only => [ :edit, :update ]
	45	+ #
	46	+ # To skip this in a subclassed controller:
	47	+ #
	48	+ # skip_before_filter :login_required
	49	+ #
	50	+ def login_required
	51	+ username, passwd = get_auth_data
	52	+ self.current_user \|\|= User.authenticate(username, passwd) \|\| :false if username && passwd
	53	+ logged_in? && authorized? ? true : access_denied
	54	+ end
	55	+
	56	+ # Redirect as appropriate when an access request fails.
	57	+ #
	58	+ # The default action is to redirect to the login screen.
	59	+ #
	60	+ # Override this method in your controllers if you want to have special
	61	+ # behavior in case the user is not authorized
	62	+ # to access the requested action. For example, a popup window might
	63	+ # simply close itself.
	64	+ def access_denied
	65	+ respond_to do \|accepts\|
	66	+ accepts.html do
	67	+ store_location
	68	+ redirect_to :controller => '/account', :action => 'login'
	69	+ end
	70	+ accepts.xml do
	71	+ headers["Status"] = "Unauthorized"
	72	+ headers["WWW-Authenticate"] = %(Basic realm="Web Password")
	73	+ render :text => "Could't authenticate you", :status => '401 Unauthorized'
	74	+ end
	75	+ end
	76	+ false
	77	+ end
	78	+
	79	+ # Store the URI of the current request in the session.
	80	+ #
	81	+ # We can return to this location by calling #redirect_back_or_default.
	82	+ def store_location
	83	+ session[:return_to] = request.request_uri
	84	+ end
	85	+
	86	+ # Redirect to the URI stored by the most recent store_location call or
	87	+ # to the passed default.
	88	+ def redirect_back_or_default(default)
	89	+ session[:return_to] ? redirect_to_url(session[:return_to]) : redirect_to(default)
	90	+ session[:return_to] = nil
	91	+ end
	92	+
	93	+ # Inclusion hook to make #current_user and #logged_in?
	94	+ # available as ActionView helper methods.
	95	+ def self.included(base)
	96	+ base.send :helper_method, :current_user, :logged_in?
	97	+ end
	98	+
	99	+ # When called with before_filter :login_from_cookie will check for an :auth_token
	100	+ # cookie and log the user back in if apropriate
	101	+ def login_from_cookie
	102	+ return unless cookies[:auth_token] && !logged_in?
	103	+ user = User.find_by_remember_token(cookies[:auth_token])
	104	+ if user && user.remember_token?
	105	+ user.remember_me
	106	+ self.current_user = user
	107	+ cookies[:auth_token] = { :value => self.current_user.remember_token , :expires => self.current_user.remember_token_expires_at }
	108	+ flash[:notice] = "Logged in successfully"
	109	+ end
	110	+ end
	111	+
	112	+ private
	113	+ @@http_auth_headers = %w(X-HTTP_AUTHORIZATION HTTP_AUTHORIZATION Authorization)
	114	+ # gets BASIC auth info
	115	+ def get_auth_data
	116	+ auth_key = @@http_auth_headers.detect { \|h\| request.env.has_key?(h) }
	117	+ auth_data = request.env[auth_key].to_s.split unless auth_key.blank?
	118	+ return auth_data && auth_data[0] == 'Basic' ? Base64.decode64(auth_data[1]).split(':')[0..1] : [nil, nil]
	119	+ end
	120	+end
...	...