Merge pull request #58 from osbridge/with_omniauth

Switch to using OmniAuth for authentication
osbridge · Dec 1, 2013 · e0a5a16 · e0a5a16
2 parents fdf3119 + 5e33e77
commit e0a5a16
Show file tree

Hide file tree

Showing 100 changed files with 1,014 additions and 2,919 deletions.
diff --git a/Gemfile b/Gemfile
@@ -14,11 +14,13 @@ gem 'sqlite3', :require => false
 # gem 'mysql2',  :require => false
 # gem 'pg',      :require => false
 
+# Authentication
+gem 'omniauth-openid'
+gem 'omniauth-persona'
+
 # Selectively-loaded:
 gem 'facets',       '~> 2.8.0', :require => false # For initializers/dependencies.rb
 gem 'right_aws',    '~> 1.0',   :require => false # For paperclip
-gem 'ruby-openid',  '~> 2.1.0', :require => false # For open_id_authentication
-gem 'rack-openid',  '~> 1.3.1', :require => false # For open_id_authentication
 gem 'rwikibot',     '= 2.0.6',  :require => false,
                                 :git => 'git://github.com/reidab/rwikibot.git'
 
@@ -31,6 +33,7 @@ gem 'comma',               '~> 3.0'
 gem 'gchartrb',            '~> 0.8.0', :require => 'google_chart'
 gem 'hpricot',             '~> 0.8.2'
 gem 'paperclip',           '~> 2.3.1'
+gem 'cocaine',             '0.3.2'
 gem 'vpim-rails', :git => "https://github.com/osbridge/vpim-rails.git", :require => 'vpim/icalendar'
 gem 'action_mailer_tls',   '~> 1.1.3'
 gem 'nokogiri',            '~> 1.5.10'

diff --git a/Gemfile.lock b/Gemfile.lock
@@ -73,10 +73,7 @@ GEM
       xpath (~> 1.0.0)
     childprocess (0.3.9)
       ffi (~> 1.0, >= 1.0.11)
-    climate_control (0.0.3)
-      activesupport (>= 3.0)
-    cocaine (0.5.1)
-      climate_control (>= 0.0.3, < 1.0)
+    cocaine (0.3.2)
     coderay (1.0.9)
     color (1.4.2)
     columnize (0.3.6)
@@ -116,12 +113,15 @@ GEM
     facets (2.8.4)
     factory_girl (2.6.4)
       activesupport (>= 2.3.9)
+    faraday (0.8.8)
+      multipart-post (~> 1.2.0)
     fastercsv (1.5.5)
     ffi (1.9.0)
     gchartrb (0.8)
     gherkin (2.12.1)
       multi_json (~> 1.3)
     hashery (2.1.1)
+    hashie (2.0.5)
     highline (1.6.19)
     hike (1.2.3)
     hoe (3.7.1)
@@ -142,6 +142,7 @@ GEM
     mime-types (1.25)
     multi_json (1.8.2)
     multi_test (0.0.2)
+    multipart-post (1.2.0)
     net-scp (1.1.2)
       net-ssh (>= 2.6.5)
     net-sftp (2.1.2)
@@ -150,6 +151,16 @@ GEM
     net-ssh-gateway (1.2.0)
       net-ssh (>= 2.6.5)
     nokogiri (1.5.10)
+    omniauth (1.1.4)
+      hashie (>= 1.2, < 3)
+      rack
+    omniauth-openid (1.0.1)
+      omniauth (~> 1.0)
+      rack-openid (~> 1.3.1)
+    omniauth-persona (0.0.1)
+      faraday
+      multi_json
+      omniauth (~> 1.0)
     paperclip (2.3.16)
       activerecord (>= 2.3.0)
       activesupport (>= 2.3.2)
@@ -271,6 +282,7 @@ DEPENDENCIES
   capistrano
   capistrano-ext
   capybara (~> 2.0.0)
+  cocaine (= 0.3.2)
   color
   comma (~> 3.0)
   coveralls
@@ -287,18 +299,18 @@ DEPENDENCIES
   launchy
   memcache-client
   nokogiri (~> 1.5.10)
+  omniauth-openid
+  omniauth-persona
   paperclip (~> 2.3.1)
   prawn (= 0.11.1)
   pry
-  rack-openid (~> 1.3.1)
   rails (~> 3.2.0)
   rake
   rcov
   right_aws (~> 1.0)
   rinku
   rspec-rails
   ruby-debug
-  ruby-openid (~> 2.1.0)
   ruby18_source_location
   rwikibot (= 2.0.6)!
   simplecov

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
@@ -18,9 +18,6 @@ class ApplicationController < ActionController::Base
   # Provide access to page_title in controllers
   include PageTitleHelper
 
-  # Setup authentication (e.g., login)
-  include AuthenticatedSystem
-
   # Setup breadcrumbs
   include BreadcrumbsMixin
   add_breadcrumbs(SETTINGS.breadcrumbs)
@@ -33,6 +30,70 @@ class ApplicationController < ActionController::Base
   before_filter :log_the_current_user
   before_filter :log_the_session
 
+  #---[ Authentication ]--------------------------------------------------
+
+  # Store the given user in the session.
+  def current_user=(new_user)
+    session[:user_id] = (new_user.nil? || new_user.is_a?(Symbol)) ? nil : new_user.id
+    @current_user = new_user
+  end
+
+  # Accesses the current user from the session.
+  def current_user
+    @current_user ||= User.find(session[:user_id]) if session[:user_id]
+  rescue ActiveRecord::RecordNotFound
+    reset_session
+  end
+  helper_method :current_user
+
+  # Returns true or false if the user is logged in.
+  # Preloads @current_user with the user model if they're logged in.
+  def logged_in?
+    !!current_user
+  end
+  helper_method :logged_in?
+
+  # Filter method to enforce a login requirement.
+  def authentication_required
+    logged_in? || access_denied(:message => "Please sign in to access the requested page.")
+  end
+
+  # Redirect as appropriate when an access request fails.
+  def access_denied(opts={})
+    message = opts[:message] || "Access denied, please sign in with enough privileges to complete that operation."
+    fallback_url = opts[:fallback_url] || opts[:fallback] || sign_in_path
+
+    store_location
+    redirect_to fallback_url, :alert => message
+  end
+
+  # Store the URI of the current request in the session.
+  #
+  # We can return to this location by calling #redirect_back_or_default.
+  def store_location(path=nil)
+    session[:return_to] = path || request.fullpath
+  end
+
+  # Redirect to the URI stored by the most recent store_location call or
+  # to the passed default.
+  def redirect_back_or_default(default=nil)
+    redirect_to(session[:return_to] || default || default_path)
+    session[:return_to] = nil
+  end
+  alias_method :redirect_back_or_to, :redirect_back_or_default
+
+  def default_path
+    if @event
+      if @event.proposal_status_published?
+        event_sessions_path(@event)
+      else
+        event_proposals_path(@event)
+      end
+    else
+      proposals_path
+    end
+  end
+
 protected
 
   #---[ General ]---------------------------------------------------------
@@ -344,7 +405,7 @@ def assert_user
       if logged_in?
         @user = current_user
       else
-        return access_denied(:message => "Please login to access your user profile.")
+        return access_denied(:message => "Please sign in to access your user profile.")
       end
     else
       begin

diff --git a/app/controllers/authentications_controller.rb b/app/controllers/authentications_controller.rb
@@ -0,0 +1,40 @@
+class AuthenticationsController < ApplicationController
+  before_filter :require_auth_hash, :only => [:create]
+
+  def sign_in
+    page_title "Sign In"
+  end
+
+  def sign_out
+    cookies.delete :auth_token
+    reset_session
+    flash[:notice] = "You have been logged out."
+
+    redirect_back_or_default
+  end
+
+  def create
+    @authentication = Authentication.find_and_update_or_create_from_auth_hash(auth_hash)
+
+    if @authentication.user
+      self.current_user = @authentication.user
+    elsif logged_in?
+      @authentication.user = current_user
+      @authentication.save
+    else
+      self.current_user = User.create_from_authentication(@authentication)
+    end
+
+    redirect_back_or_default
+  end
+
+  protected
+
+  def auth_hash
+    request.env['omniauth.auth']
+  end
+
+  def require_auth_hash
+    redirect_to(sign_in_path) and return unless auth_hash
+  end
+end
diff --git a/app/controllers/browser_sessions_controller.rb b/app/controllers/browser_sessions_controller.rb