diff options
author | Azul <azul@leap.se> | 2013-03-05 13:35:05 +0100 |
---|---|---|
committer | Azul <azul@leap.se> | 2013-03-05 13:35:05 +0100 |
commit | 27c16ccceffa1d8eaaf02612cf29a60bfe6ced01 (patch) | |
tree | 1df9d9900872cf2e97d5c27b4175816eff5cbf80 /users/app | |
parent | 733426aa3992dafaf1c58ede7e74018057a01148 (diff) | |
parent | 87c306ea212c01ecc8f98009def5971fc4d5af11 (diff) |
Merge branch 'master' into feature/limit_user_leak
Conflicts:
users/lib/warden/strategies/secure_remote_password.rb
Diffstat (limited to 'users/app')
-rw-r--r-- | users/app/controllers/sessions_controller.rb | 2 | ||||
-rw-r--r-- | users/app/controllers/v1/sessions_controller.rb | 10 | ||||
-rw-r--r-- | users/app/models/user.rb | 14 | ||||
-rw-r--r-- | users/app/views/sessions/_nav.html.haml | 2 | ||||
-rw-r--r-- | users/app/views/v1/sessions/new.json.erb | 3 |
5 files changed, 25 insertions, 6 deletions
diff --git a/users/app/controllers/sessions_controller.rb b/users/app/controllers/sessions_controller.rb index 0345fbd..01ecff6 100644 --- a/users/app/controllers/sessions_controller.rb +++ b/users/app/controllers/sessions_controller.rb @@ -1,7 +1,5 @@ class SessionsController < ApplicationController - skip_before_filter :verify_authenticity_token - def new @session = Session.new if authentication_errors diff --git a/users/app/controllers/v1/sessions_controller.rb b/users/app/controllers/v1/sessions_controller.rb index 27d10fb..0551ca9 100644 --- a/users/app/controllers/v1/sessions_controller.rb +++ b/users/app/controllers/v1/sessions_controller.rb @@ -18,12 +18,20 @@ module V1 def update authenticate! - render :json => session.delete(:handshake) + render :json => login_response end def destroy logout redirect_to root_path end + + protected + + def login_response + handshake = session.delete(:handshake) + handshake.to_hash.merge(:id => current_user.id) + end + end end diff --git a/users/app/models/user.rb b/users/app/models/user.rb index e41c2dc..c9b367f 100644 --- a/users/app/models/user.rb +++ b/users/app/models/user.rb @@ -18,9 +18,19 @@ class User < CouchRest::Model::Base :uniqueness => true, :if => :serverside? + # Have multiple regular expression validations so we can get specific error messages: validates :login, - :format => { :with => /\A[A-Za-z\d_\.]+\z/, - :message => "Only letters, digits, . and _ allowed" } + :format => { :with => /\A.{2,}\z/, + :message => "Login must have at least two characters"} + validates :login, + :format => { :with => /\A[a-z\d_\.-]+\z/, + :message => "Only lowercase letters, digits, . - and _ allowed."} + validates :login, + :format => { :with => /\A[a-z].*\z/, + :message => "Login must begin with a lowercase letter"} + validates :login, + :format => { :with => /\A.*[a-z\d]\z/, + :message => "Login must end with a letter or digit"} validate :login_is_unique_alias diff --git a/users/app/views/sessions/_nav.html.haml b/users/app/views/sessions/_nav.html.haml index 5306d0e..ac85bb5 100644 --- a/users/app/views/sessions/_nav.html.haml +++ b/users/app/views/sessions/_nav.html.haml @@ -5,7 +5,7 @@ %li = link_to current_user.login, edit_user_path(current_user) %li - = link_to t(:logout), logout_path + = link_to t(:logout), logout_path, :method => :delete - else %li = link_to t(:login), login_path diff --git a/users/app/views/v1/sessions/new.json.erb b/users/app/views/v1/sessions/new.json.erb new file mode 100644 index 0000000..36154b8 --- /dev/null +++ b/users/app/views/v1/sessions/new.json.erb @@ -0,0 +1,3 @@ +{ +"errors": <%= raw @errors.to_json %> +} |