Class: Auth::Configuration

Inherits:

Object

• Object
• Auth::Configuration

Extended by:

BehaviorLookup

Includes:

BehaviorLookup

Defined in:

lib/auth/configuration.rb

Instance Attribute Summary

• #account_created_message ⇒ Object

  The message to display when the user creates an account.

• #account_deleted_message ⇒ Object

  The message to display when the user deletes his or her account.

• #account_lock_duration ⇒ Object

  The length of time an account is locked for, if it is locked.

• #account_locked_message ⇒ Object

  The message to display if an account has been locked.

• #account_updated_message ⇒ Object

  The message to display when user profile has been updated or the password has been changed.

• #authenticated_models ⇒ Object

  The array of Auth::Model instances which represent the models which will be authenticated.

• #base_controller_name ⇒ Object

  The NAME of the controller to use as a base controller.

• #behaviors ⇒ Object

  The array of behaviors which will be applied by default to every authenticated model.

• #default_accounts_controller_name ⇒ Object

  The name of the controller to route to for creating users, editing them, etc.

• #default_destination ⇒ Object

  If an issue would prevent the user from viewing the current page, Auth will redirect the user to the value stored in session.

• #default_login_path ⇒ Object

  The method to call in order to determine which resource to use when implicitly logging in.

• #default_sessions_controller_name ⇒ Object

  The name of the controller to route to for logging in, logging out, etc.

• #encryptor ⇒ Object

  The class to use for encryption of passwords.

• #invalid_credentials_message ⇒ Object

  Message to display if username and/or password were incorrect.

• #login_after_signup ⇒ Object

  If true, the user will be automatically logged in after registering a new account.

• #login_required_message ⇒ Object

  The message to display when the user is not allowed to view a page because s/he must log in.

• #login_successful_message ⇒ Object

  Message to display if login was successful.

• #logout_message ⇒ Object

  Message to display when user logs out.

• #logout_required_message ⇒ Object

  The message to display when the user is not allowed to view a page because s/he must log out.

• #max_login_failures ⇒ Object

  The maximum login attempts permitted before an account is locked.

• #minimum_password_length ⇒ Object

  Minimum length for passwords.

• #password_format ⇒ Object

  Regular expression which passwords must match.

• #password_format_message ⇒ Object

  When the password to be created does not conform to the above format, this error message will be shown.

• #password_history_length ⇒ Object

  The number of passwords to keep in the password change history for each user.

• #password_uniqueness_message ⇒ Object

  The message to display when password change matches one of the previous passwords.

• #password_update_frequency ⇒ Object

  How frequently should passwords be forced to change? Nil for never.

• #path ⇒ Object readonly

  The path to the Sparkly Auth libraries.

• #session_duration ⇒ Object

  The maximum session duration.

• #session_timeout_message ⇒ Object

  Message to display when the user’s session times out due to inactivity.

Class Method Summary

• .behavior_configs ⇒ Object
• .register_behavior(name) ⇒ Object

Instance Method Summary

• #apply! ⇒ Object
• #authenticate(*model_names) ⇒ Object

  Accepts a list of model names (or the models themselves) and an optional set of options which govern how the models will be authenticated.

• #base_controller ⇒ Object

  Finds the controller with the same name as #base_controller_name and returns it.

• #behavior_classes ⇒ Object

  Returns the classes which represent each behavior listed in #behaviors.

• #disable_route_generation! ⇒ Object

  Causes Sparkly Auth to not generate routes by default.

• #for_model(name_or_class_or_instance) ⇒ Object

  Returns the configuration for the given authenticated model.

• #generate_routes? ⇒ Boolean

  Returns true if Sparkly Auth is expected to generate routes for this application.

• #initialize ⇒ Configuration constructor

  A new instance of Configuration.

Methods included from BehaviorLookup

lookup_behavior

Constructor Details

#initialize ⇒ Configuration

Returns a new instance of Configuration.

# File 'lib/auth/configuration.rb', line 242

def initialize
  @password_format = /(^(?=.*\d)(?=.*[a-zA-Z]).{7,}$)/
  @password_format_message = "must contain at least 1 uppercase, 1 lowercase and 1 number"
  @minimum_password_length = 7
  @path = File.expand_path(File.join(File.dirname(__FILE__), '..'))
  @authenticated_models = Auth::TargetList.new
  @behaviors = [ :core ]
  @password_update_frequency = 30.days
  @encryptor = Auth::Encryptors::Sha512
  @password_uniqueness_message = "must not be the same as any of your recent passwords"
  @password_history_length = 4
  @default_accounts_controller_name = "sparkly_accounts"
  @default_sessions_controller_name = "sparkly_sessions"
  @login_required_message = "You must be signed in to view this page."
  @logout_required_message = "You must be signed out to view this page."
  @invalid_credentials_message = "Credentials were not valid."
  @login_successful_message = "Signed in successfully."
  @default_destination = "/"
  @base_controller_name = 'application'
  @session_duration = 30.minutes
  @logout_message = "You have been signed out."
  @session_timeout_message = "You have been signed out due to inactivity. Please sign in again."
  @default_login_path = :new_user_session_path
  @account_deleted_message = "Your account has been deleted."
  @account_created_message = "Your account has been created."
  @account_updated_message = "Your changes have been saved."
  @account_locked_message = "Account is locked due to too many invalid attempts."
  @account_lock_duration = 30.minutes
  @max_login_failures = 5
  @generate_routes = true
  @login_after_signup = false
  
  self.class.behavior_configs.each do |accessor_name, config_klass|
    instance_variable_set("@#{accessor_name}", config_klass.new(self))
    singleton = (class << self; self; end)
    singleton.send(:define_method, accessor_name) { instance_variable_get("@#{accessor_name}") }
  end
end

Instance Attribute Details

#account_created_message ⇒ Object

The message to display when the user creates an account.

Default:

"Your account has been created."

# File 'lib/auth/configuration.rb', line 37

def account_created_message
  @account_created_message
end

#account_deleted_message ⇒ Object

The message to display when the user deletes his or her account.

Default:

"Your account has been deleted."

# File 'lib/auth/configuration.rb', line 43

def account_deleted_message
  @account_deleted_message
end

#account_lock_duration ⇒ Object

The length of time an account is locked for, if it is locked.

Default:

30.minutes

# File 'lib/auth/configuration.rb', line 55

def account_lock_duration
  @account_lock_duration
end

#account_locked_message ⇒ Object

The message to display if an account has been locked.

Default:

"Account is locked due to too many invalid attempts."

# File 'lib/auth/configuration.rb', line 61

def account_locked_message
  @account_locked_message
end

#account_updated_message ⇒ Object

The message to display when user profile has been updated or the password has been changed.

Default:

"Your changes have been saved."

# File 'lib/auth/configuration.rb', line 49

def account_updated_message
  @account_updated_message
end

#authenticated_models ⇒ Object

The array of Auth::Model instances which represent the models which will be authenticated. See also #authenticate

# File 'lib/auth/configuration.rb', line 65

def authenticated_models
  @authenticated_models
end

#base_controller_name ⇒ Object

The NAME of the controller to use as a base controller. All Sparkly controllers will subclass this, and methods such as current_user will be added to it. Defaults to ‘application’.

Default:

'application'

# File 'lib/auth/configuration.rb', line 72

def base_controller_name
  @base_controller_name
end

#behaviors ⇒ Object

The array of behaviors which will be applied by default to every authenticated model. If a behavior set is specified for a given model, it will be used instead of (not in addition to) this array.

Default:

[ :core ]

# File 'lib/auth/configuration.rb', line 80

def behaviors
  @behaviors
end

#default_accounts_controller_name ⇒ Object

The name of the controller to route to for creating users, editing them, etc.

"sparkly_accounts"

# File 'lib/auth/configuration.rb', line 85

def default_accounts_controller_name
  @default_accounts_controller_name
end

#default_destination ⇒ Object

If an issue would prevent the user from viewing the current page, Auth will redirect the user to the value stored in session. If this value is not set, then Auth will default to this path.

Default:

"/"

# File 'lib/auth/configuration.rb', line 93

def default_destination
  @default_destination
end

#default_login_path ⇒ Object

The method to call in order to determine which resource to use when implicitly logging in.

If set to nil, the #default_destination will be used instead.

Default:

:new_user_session_path

# File 'lib/auth/configuration.rb', line 101

def default_login_path
  @default_login_path
end

#default_sessions_controller_name ⇒ Object

The name of the controller to route to for logging in, logging out, etc.

Default:

"sparkly_sessions"

# File 'lib/auth/configuration.rb', line 107

def default_sessions_controller_name
  @default_sessions_controller_name
end

#encryptor ⇒ Object

The class to use for encryption of passwords. This can be any class, as long as it responds to #encrypt and #matches?

Default:

Auth::Encryptors::Sha512

# File 'lib/auth/configuration.rb', line 114

def encryptor
  @encryptor
end

#invalid_credentials_message ⇒ Object

Message to display if username and/or password were incorrect.

Default:

"Credentials were not valid."

# File 'lib/auth/configuration.rb', line 120

def invalid_credentials_message
  @invalid_credentials_message
end

#login_after_signup ⇒ Object

If true, the user will be automatically logged in after registering a new account. Note that this can be modified by some behaviors.

Default:

true

# File 'lib/auth/configuration.rb', line 127

def login_after_signup
  @login_after_signup
end

#login_required_message ⇒ Object

The message to display when the user is not allowed to view a page because s/he must log in.

Default:

"You must be signed in to view this page."

# File 'lib/auth/configuration.rb', line 133

def login_required_message
  @login_required_message
end

#login_successful_message ⇒ Object

Message to display if login was successful.

Default:

"Signed in successfully."

# File 'lib/auth/configuration.rb', line 139

def login_successful_message
  @login_successful_message
end

#logout_message ⇒ Object

Message to display when user logs out.

Default:

"You have been signed out."

# File 'lib/auth/configuration.rb', line 145

def logout_message
  @logout_message
end

#logout_required_message ⇒ Object

The message to display when the user is not allowed to view a page because s/he must log out.

"You must be signed out to view this page."

# File 'lib/auth/configuration.rb', line 150

def logout_required_message
  @logout_required_message
end

#max_login_failures ⇒ Object

The maximum login attempts permitted before an account is locked. Set to nil to disable locking.

Default:

5

# File 'lib/auth/configuration.rb', line 156

def max_login_failures
  @max_login_failures
end

#minimum_password_length ⇒ Object

Minimum length for passwords.

Default:

7

# File 'lib/auth/configuration.rb', line 162

def minimum_password_length
  @minimum_password_length
end

#password_format ⇒ Object

Regular expression which passwords must match. The default forces at least 1 uppercase, lowercase and numeric character.

Default:

/(^(?=.*\d)(?=.*[a-zA-Z]).{7,}$)/

# File 'lib/auth/configuration.rb', line 169

def password_format
  @password_format
end

#password_format_message ⇒ Object

When the password to be created does not conform to the above format, this error message will be shown.

Default:

"must contain at least 1 uppercase, 1 lowercase and 1 number"

# File 'lib/auth/configuration.rb', line 176

def password_format_message
  @password_format_message
end

#password_history_length ⇒ Object

The number of passwords to keep in the password change history for each user. Any given user may not use the same password twice for at least this duration. For instance, if set to 4, then a user must change his password 4 times before s/he can reuse one of his/her previous passwords.

Default:

4

# File 'lib/auth/configuration.rb', line 185

def password_history_length
  @password_history_length
end

#password_uniqueness_message ⇒ Object

The message to display when password change matches one of the previous passwords

Default:

"must not be the same as any of your recent passwords"

# File 'lib/auth/configuration.rb', line 191

def password_uniqueness_message
  @password_uniqueness_message
end

#password_update_frequency ⇒ Object

How frequently should passwords be forced to change? Nil for never.

Default:

30.days

# File 'lib/auth/configuration.rb', line 197

def password_update_frequency
  @password_update_frequency
end

#path ⇒ Object (readonly)

The path to the Sparkly Auth libraries.

# File 'lib/auth/configuration.rb', line 200

def path
  @path
end

#session_duration ⇒ Object

The maximum session duration. Users will be logged out automatically after this period expires.

Default:

30.minutes

# File 'lib/auth/configuration.rb', line 206

def session_duration
  @session_duration
end

#session_timeout_message ⇒ Object

Message to display when the user’s session times out due to inactivity.

Default:

"You have been signed out due to inactivity. Please sign in again."

# File 'lib/auth/configuration.rb', line 212

def session_timeout_message
  @session_timeout_message
end

Class Method Details

.behavior_configs ⇒ Object

# File 'lib/auth/configuration.rb', line 8

def behavior_configs
  @behavior_configs ||= []
end

.register_behavior(name) ⇒ Object

# File 'lib/auth/configuration.rb', line 12

def register_behavior(name)
  behavior_class = lookup_behavior(name)
  # If the behavior has a configuration, add it to self.
  accessor_name = name
  name = "#{behavior_class.name}::Configuration"
  behavior_configs << [ accessor_name, name.constantize ]
  # eg Auth.remember_me.something = 5
  Auth.class.delegate accessor_name, :to => :configuration
rescue NameError
  # Presumably, the behavior does not have a configuration.
end

Instance Method Details

#apply! ⇒ Object

# File 'lib/auth/configuration.rb', line 281

def apply!
  # Apply behaviors to controllers
  behaviors.each do |behavior_name|
    behavior = lookup_behavior(behavior_name)
    behavior.apply_to_controllers
  end

  # Apply options to authenticated models
  authenticated_models.each do |model|
    model.apply_options!
  end
end

#authenticate(*model_names) ⇒ Object

Accepts a list of model names (or the models themselves) and an optional set of options which govern how the models will be authenticated.

Examples:

Auth.configure do |config|
  config.authenticate :user
  config.authenticate :admin, :key => :login
  config.authenticate :user, :admin, :with => /a password validating regexp/
end

Note that if an item is specified more than once, the options will be merged together for the entry. For instance, in the above example, the :user model will be authenticated with :password, while the :admin model will be authenticated with :password on key :login.

# File 'lib/auth/configuration.rb', line 308

def authenticate(*model_names)
  options = model_names.extract_options!
  model_names.flatten.each do |name|
    if model = authenticated_models.find(name)
      model.merge_options! options
    else
      authenticated_models << Auth::Model.new(name, options)
    end
  end
end

#base_controller ⇒ Object

Finds the controller with the same name as #base_controller_name and returns it.

# File 'lib/auth/configuration.rb', line 215

def base_controller
  "#{base_controller_name.to_s.camelize}Controller".constantize
rescue NameError => err
  begin
    base_controller_name.to_s.camelize.constantize
  rescue NameError
    raise err
  end
end

#behavior_classes ⇒ Object

Returns the classes which represent each behavior listed in #behaviors

# File 'lib/auth/configuration.rb', line 226

def behavior_classes
  behaviors.collect { |behavior| lookup_behavior(behavior) }
end

#disable_route_generation! ⇒ Object

Causes Sparkly Auth to not generate routes by default. You’ll have to map them yourself if you disable route generation.

# File 'lib/auth/configuration.rb', line 232

def disable_route_generation!
  @generate_routes = false
end

#for_model(name_or_class_or_instance) ⇒ Object

Returns the configuration for the given authenticated model.

# File 'lib/auth/configuration.rb', line 320

def for_model(name_or_class_or_instance)
  name_or_class = name_or_class_or_instance
  name_or_class = name_or_class.class if name_or_class.kind_of?(ActiveRecord::Base)
  authenticated_models.find(name_or_class)
end

#generate_routes? ⇒ Boolean

Returns true if Sparkly Auth is expected to generate routes for this application. This is true by default, and can be disabled with #disable_route_generation!

Returns:

• (Boolean)

# File 'lib/auth/configuration.rb', line 238

def generate_routes?
  @generate_routes
end