Add authentication via warden

badosu · Apr 26, 2015 · 977271e · 977271e
1 parent cbeb6c8
commit 977271e
Show file tree

Hide file tree

Showing 11 changed files with 165 additions and 1 deletion.
diff --git a/Gemfile b/Gemfile
@@ -9,6 +9,9 @@ gem 'tilt'
 gem 'yuicompressor'
 
 gem 'sequel'
+gem 'sequel_secure_password'
+
+gem 'warden'
 
 gem 'rake'
 gem 'rack-unreloader'

diff --git a/Gemfile.lock b/Gemfile.lock
@@ -1,6 +1,7 @@
 GEM
   remote: https://rubygems.org/
   specs:
+    bcrypt (3.1.10)
     better_errors (2.1.1)
       coderay (>= 1.0.0)
       erubis (>= 2.6.6)
@@ -23,13 +24,18 @@ GEM
     roda (2.2.0)
       rack
     sequel (4.21.0)
+    sequel_secure_password (0.2.12)
+      bcrypt (>= 3.1, < 4.0)
+      sequel (>= 4.1.0, < 5.0)
     slop (3.6.0)
     sqlite3 (1.3.10)
     tilt (2.0.1)
     unicorn (4.8.3)
       kgio (~> 2.6)
       rack
       raindrops (~> 0.7)
+    warden (1.2.3)
+      rack (>= 1.0)
     yuicompressor (1.3.3)
 
 PLATFORMS
@@ -43,7 +49,9 @@ DEPENDENCIES
   rake
   roda
   sequel
+  sequel_secure_password
   sqlite3
   tilt
   unicorn
+  warden
   yuicompressor
diff --git a/assets/css/signin.css b/assets/css/signin.css
@@ -0,0 +1,40 @@
+.body-signin {
+  padding-top: 40px;
+  padding-bottom: 40px;
+  background-color: #eee;
+}
+
+.form-signin {
+  max-width: 330px;
+  padding: 15px;
+  margin: 0 auto;
+}
+.form-signin .form-signin-heading,
+.form-signin .checkbox {
+  margin-bottom: 10px;
+}
+.form-signin .checkbox {
+  font-weight: normal;
+}
+.form-signin .form-control {
+  position: relative;
+  height: auto;
+  -webkit-box-sizing: border-box;
+     -moz-box-sizing: border-box;
+          box-sizing: border-box;
+  padding: 10px;
+  font-size: 16px;
+}
+.form-signin .form-control:focus {
+  z-index: 2;
+}
+.form-signin input[type="email"] {
+  margin-bottom: -1px;
+  border-bottom-right-radius: 0;
+  border-bottom-left-radius: 0;
+}
+.form-signin input[type="password"] {
+  margin-bottom: 10px;
+  border-top-left-radius: 0;
+  border-top-right-radius: 0;
+}
diff --git a/db/migrations/2_create_users.rb b/db/migrations/2_create_users.rb
@@ -0,0 +1,13 @@
+Sequel.migration do
+  change do
+    create_table(:users) do
+      primary_key :id
+
+      column :email,           String,    null: false
+      column :password_digest, String
+
+      column :created_at,      DateTime,  null: false
+      column :updated_at,      DateTime
+    end
+  end
+end
diff --git a/db/seeds.rb b/db/seeds.rb
@@ -1,7 +1,12 @@
 unless env.production?
   DB[:communities].truncate
+  DB[:users].truncate
 end
 
 
 Community.create name: "New Community",
                  description: "This is a nice community"
+
+User.new(email: 'elduderino@lebowski.com',
+         password: 'youropinionman').
+     save(validate: false)
diff --git a/models/user.rb b/models/user.rb
@@ -0,0 +1,8 @@
+class User < Sequel::Model
+  plugin :secure_password
+
+  def validate
+    super
+    errors.add(:email, 'must be present') if !email || email.empty?
+  end
+end
diff --git a/routes/communities.rb b/routes/communities.rb
@@ -2,6 +2,8 @@ class Yogurt
   route 'communities' do |r|
     set_view_subdir 'communities'
 
+    env['warden'].authenticate!
+
     r.is do
       r.get do
         @communities = Community.order(Sequel.desc(:created_at)).all

diff --git a/routes/user_sessions.rb b/routes/user_sessions.rb
@@ -0,0 +1,28 @@
+class Yogurt
+  route 'user_sessions' do |r|
+    r.is do
+      r.post do
+        env['warden'].authenticate!
+
+        r.redirect session[:return_to] || '/communities'
+      end
+
+      r.delete do
+        env['warden'].logout
+
+        r.redirect '/user_sessions/new'
+      end
+    end
+
+    r.get 'new' do
+      render '/user_sessions/new'
+    end
+
+    r.is 'unauthenticated' do
+      session[:return_to] = env['warden.options'][:attempted_path]
+      response.status = 403
+
+      render '/user_sessions/new'
+    end
+  end
+end
diff --git a/views/layout.html.erb b/views/layout.html.erb
@@ -30,6 +30,13 @@
             <li role="presentation" class="active"><a href="#">Home</a></li>
             <li role="presentation"><a href="#">About</a></li>
             <li role="presentation"><a href="#">Contact</a></li>
+            <li role="presentation">
+              <form class='inline' action='/user_sessions' method='POST'>
+                <input type='hidden' name='_method' value='DELETE'>
+
+                <button type="submit" class="btn btn-warning">Logout</button>
+              </form>
+            </li>
           </ul>
         </nav>
         <h3 class="text-muted">Project name</h3>

diff --git a/views/user_sessions/new.html.erb b/views/user_sessions/new.html.erb
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <meta charset="utf-8">
+    <meta http-equiv="X-UA-Compatible" content="IE=edge">
+    <meta name="viewport" content="width=device-width, initial-scale=1">
+    <!-- The above 3 meta tags *must* come first in the head; any other head content must come *after* these tags -->
+    <meta name="description" content="">
+    <meta name="author" content="">
+    <link rel="icon" href="/public/favicon.ico">
+
+    <title>Signin Template for Bootstrap</title>
+
+    <%= assets([:css, :yogurt]) %>
+    <%= assets([:js,  :yogurt]) %>
+
+    <!-- HTML5 shim and Respond.js for IE8 support of HTML5 elements and media queries -->
+    <!--[if lt IE 9]>
+      <script src="https://oss.maxcdn.com/html5shiv/3.7.2/html5shiv.min.js"></script>
+      <script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
+    <![endif]-->
+  </head>
+
+  <body class='body-signin'>
+    <div class="container">
+      <form class="form-signin" action='/user_sessions' method='POST'>
+        <h2 class="form-signin-heading">Please sign in</h2>
+        <label for="email" class="sr-only">Email address</label>
+        <input type="email" name='email' class="form-control" placeholder="Email address" required autofocus>
+        <label for="password" class="sr-only">Password</label>
+        <input type="password" name="password" class="form-control" placeholder="Password" required>
+        <div class="checkbox">
+          <label>
+            <input type="checkbox" value="remember-me"> Remember me
+          </label>
+        </div>
+        <button class="btn btn-lg btn-primary btn-block" type="submit">Sign in</button>
+      </form>
+    </div> <!-- /container -->
+  </body>
+</html>
diff --git a/yogurt.rb b/yogurt.rb
@@ -1,4 +1,5 @@
 require 'roda'
+require './config/warden'
 
 class Yogurt < Roda
   use Rack::Session::Cookie, secret: ENV['SECRET']
@@ -12,10 +13,17 @@ class Yogurt < Roda
   plugin :multi_route
   plugin :assets, group_subdirs: false,
          css: { home:   %w[lib/bootstrap.css jumbotron.css],
-                yogurt: %w[lib/bootstrap.css yogurt.css] },
+                yogurt: %w[lib/bootstrap.css yogurt.css signin.css] },
          js:  { yogurt: %w[lib/jquery-2.1.3.js lib/bootstrap.js] }
   plugin(:not_found) { view '/http_404' }
 
+  use Warden::Manager do |manager|
+    manager.scope_defaults :default,
+      strategies: [:password],
+      action: 'user_sessions/unauthenticated'
+    manager.failure_app = self
+  end
+
   if env.development?
     require 'better_errors'
     require 'pry'
@@ -47,3 +55,4 @@ class Yogurt < Roda
 
 Unreloader.require('routes'){}
 Unreloader.record_split_class(__FILE__, 'routes')
+Unreloader.record_split_class(__FILE__, 'config/warden')