summaryrefslogtreecommitdiff
path: root/users/app
diff options
context:
space:
mode:
authorAzul <azul@leap.se>2013-03-05 13:35:05 +0100
committerAzul <azul@leap.se>2013-03-05 13:35:05 +0100
commit27c16ccceffa1d8eaaf02612cf29a60bfe6ced01 (patch)
tree1df9d9900872cf2e97d5c27b4175816eff5cbf80 /users/app
parent733426aa3992dafaf1c58ede7e74018057a01148 (diff)
parent87c306ea212c01ecc8f98009def5971fc4d5af11 (diff)
Merge branch 'master' into feature/limit_user_leak
Conflicts: users/lib/warden/strategies/secure_remote_password.rb
Diffstat (limited to 'users/app')
-rw-r--r--users/app/controllers/sessions_controller.rb2
-rw-r--r--users/app/controllers/v1/sessions_controller.rb10
-rw-r--r--users/app/models/user.rb14
-rw-r--r--users/app/views/sessions/_nav.html.haml2
-rw-r--r--users/app/views/v1/sessions/new.json.erb3
5 files changed, 25 insertions, 6 deletions
diff --git a/users/app/controllers/sessions_controller.rb b/users/app/controllers/sessions_controller.rb
index 0345fbd..01ecff6 100644
--- a/users/app/controllers/sessions_controller.rb
+++ b/users/app/controllers/sessions_controller.rb
@@ -1,7 +1,5 @@
class SessionsController < ApplicationController
- skip_before_filter :verify_authenticity_token
-
def new
@session = Session.new
if authentication_errors
diff --git a/users/app/controllers/v1/sessions_controller.rb b/users/app/controllers/v1/sessions_controller.rb
index 27d10fb..0551ca9 100644
--- a/users/app/controllers/v1/sessions_controller.rb
+++ b/users/app/controllers/v1/sessions_controller.rb
@@ -18,12 +18,20 @@ module V1
def update
authenticate!
- render :json => session.delete(:handshake)
+ render :json => login_response
end
def destroy
logout
redirect_to root_path
end
+
+ protected
+
+ def login_response
+ handshake = session.delete(:handshake)
+ handshake.to_hash.merge(:id => current_user.id)
+ end
+
end
end
diff --git a/users/app/models/user.rb b/users/app/models/user.rb
index e41c2dc..c9b367f 100644
--- a/users/app/models/user.rb
+++ b/users/app/models/user.rb
@@ -18,9 +18,19 @@ class User < CouchRest::Model::Base
:uniqueness => true,
:if => :serverside?
+ # Have multiple regular expression validations so we can get specific error messages:
validates :login,
- :format => { :with => /\A[A-Za-z\d_\.]+\z/,
- :message => "Only letters, digits, . and _ allowed" }
+ :format => { :with => /\A.{2,}\z/,
+ :message => "Login must have at least two characters"}
+ validates :login,
+ :format => { :with => /\A[a-z\d_\.-]+\z/,
+ :message => "Only lowercase letters, digits, . - and _ allowed."}
+ validates :login,
+ :format => { :with => /\A[a-z].*\z/,
+ :message => "Login must begin with a lowercase letter"}
+ validates :login,
+ :format => { :with => /\A.*[a-z\d]\z/,
+ :message => "Login must end with a letter or digit"}
validate :login_is_unique_alias
diff --git a/users/app/views/sessions/_nav.html.haml b/users/app/views/sessions/_nav.html.haml
index 5306d0e..ac85bb5 100644
--- a/users/app/views/sessions/_nav.html.haml
+++ b/users/app/views/sessions/_nav.html.haml
@@ -5,7 +5,7 @@
%li
= link_to current_user.login, edit_user_path(current_user)
%li
- = link_to t(:logout), logout_path
+ = link_to t(:logout), logout_path, :method => :delete
- else
%li
= link_to t(:login), login_path
diff --git a/users/app/views/v1/sessions/new.json.erb b/users/app/views/v1/sessions/new.json.erb
new file mode 100644
index 0000000..36154b8
--- /dev/null
+++ b/users/app/views/v1/sessions/new.json.erb
@@ -0,0 +1,3 @@
+{
+"errors": <%= raw @errors.to_json %>
+}