summaryrefslogtreecommitdiff
path: root/users/app
diff options
context:
space:
mode:
authorAzul <azul@leap.se>2014-05-16 08:42:36 +0200
committerAzul <azul@leap.se>2014-05-16 08:42:36 +0200
commit8fbbb8717f0578536b97c2dc0883c632f120e976 (patch)
tree17aeb2b48ada703ac916a9a65fbf3c75a5dadb86 /users/app
parent81555ec6244ed76f92e3629880f68104b8705817 (diff)
parenta4f7a410c536d88c91c834cab6ee950c71005ddd (diff)
Merge remote-tracking branch 'origin/develop'
Conflicts: app/assets/javascripts/srp test/nagios/soledad_sync.py test/nagios/webapp_login.py
Diffstat (limited to 'users/app')
-rw-r--r--users/app/assets/images/leap_web_users/.gitkeep0
-rw-r--r--users/app/assets/javascripts/leap_web_users/.gitkeep0
m---------users/app/assets/javascripts/srp0
-rw-r--r--users/app/assets/javascripts/users.js132
-rw-r--r--users/app/assets/stylesheets/leap_web_users/.gitkeep0
-rw-r--r--users/app/controllers/.gitkeep0
-rw-r--r--users/app/controllers/account_settings_controller.rb0
-rw-r--r--users/app/controllers/controller_extension/authentication.rb68
-rw-r--r--users/app/controllers/controller_extension/token_authentication.rb23
-rw-r--r--users/app/controllers/keys_controller.rb18
-rw-r--r--users/app/controllers/sessions_controller.rb27
-rw-r--r--users/app/controllers/users_base_controller.rb18
-rw-r--r--users/app/controllers/users_controller.rb68
-rw-r--r--users/app/controllers/v1/sessions_controller.rb44
-rw-r--r--users/app/controllers/v1/users_controller.rb32
-rw-r--r--users/app/controllers/webfinger_controller.rb19
-rw-r--r--users/app/helpers/.gitkeep0
-rw-r--r--users/app/helpers/email_aliases_helper.rb11
-rw-r--r--users/app/helpers/sessions_helper.rb2
-rw-r--r--users/app/helpers/users_helper.rb14
-rw-r--r--users/app/mailers/.gitkeep0
-rw-r--r--users/app/models/.gitkeep0
-rw-r--r--users/app/models/account.rb68
-rw-r--r--users/app/models/email.rb26
-rw-r--r--users/app/models/identity.rb136
-rw-r--r--users/app/models/local_email.rb68
-rw-r--r--users/app/models/login_format_validation.rb21
-rw-r--r--users/app/models/pgp_key.rb48
-rw-r--r--users/app/models/service_level.rb19
-rw-r--r--users/app/models/session.rb32
-rw-r--r--users/app/models/token.rb61
-rw-r--r--users/app/models/unauthenticated_user.rb6
-rw-r--r--users/app/models/user.rb143
-rw-r--r--users/app/views/.gitkeep0
-rw-r--r--users/app/views/emails/_email.html.haml6
-rw-r--r--users/app/views/sessions/new.html.haml10
-rw-r--r--users/app/views/sessions/new.json.erb3
-rw-r--r--users/app/views/users/_change_password.html.haml21
-rw-r--r--users/app/views/users/_change_pgp_key.html.haml13
-rw-r--r--users/app/views/users/_change_service_level.html.haml18
-rw-r--r--users/app/views/users/_destroy_account.html.haml27
-rw-r--r--users/app/views/users/_edit.html.haml14
-rw-r--r--users/app/views/users/_user.html.haml4
-rw-r--r--users/app/views/users/_warnings.html.haml12
-rw-r--r--users/app/views/users/edit.html.haml1
-rw-r--r--users/app/views/users/index.html.haml13
-rw-r--r--users/app/views/users/new.html.haml19
-rw-r--r--users/app/views/users/show.html.haml25
-rw-r--r--users/app/views/v1/sessions/new.json.erb3
-rw-r--r--users/app/views/webfinger/host_meta.xml.erb11
-rw-r--r--users/app/views/webfinger/search.xml.erb7
51 files changed, 0 insertions, 1311 deletions
diff --git a/users/app/assets/images/leap_web_users/.gitkeep b/users/app/assets/images/leap_web_users/.gitkeep
deleted file mode 100644
index e69de29..0000000
--- a/users/app/assets/images/leap_web_users/.gitkeep
+++ /dev/null
diff --git a/users/app/assets/javascripts/leap_web_users/.gitkeep b/users/app/assets/javascripts/leap_web_users/.gitkeep
deleted file mode 100644
index e69de29..0000000
--- a/users/app/assets/javascripts/leap_web_users/.gitkeep
+++ /dev/null
diff --git a/users/app/assets/javascripts/srp b/users/app/assets/javascripts/srp
deleted file mode 160000
-Subproject 8f33d32d40b1e21ae7fb9a92c78a275422af421
diff --git a/users/app/assets/javascripts/users.js b/users/app/assets/javascripts/users.js
deleted file mode 100644
index 8486756..0000000
--- a/users/app/assets/javascripts/users.js
+++ /dev/null
@@ -1,132 +0,0 @@
-(function() {
- //
- // LOCAL FUNCTIONS
- //
-
- var poll_users,
- prevent_default,
- form_failed,
- form_passed,
- clear_errors,
- update_user;
-
- prevent_default = function(event) {
- return event.preventDefault();
- };
-
- poll_users = function(query, process) {
- return $.get("/1/users.json", {
- query: query
- }).done(process);
- };
-
- clear_errors = function() {
- return $('#messages').empty();
- };
-
- update_user = function(submitEvent) {
- var form = submitEvent.target;
- var token = form.dataset.token;
- var url = form.action;
- var req = $.ajax({
- url: url,
- type: 'PUT',
- headers: { Authorization: 'Token token="' + token + '"' },
- data: $(form).serialize()
- });
- req.done( function() {
- $(form).find('input[type="submit"]').button('reset');
- });
- };
-
- markAsSubmitted = function(submitEvent) {
- var form = submitEvent.target;
- $(form).addClass('submitted')
- // bootstrap loading state:
- $(form).find('input[type="submit"]').button('loading');
- };
-
- resetButtons = function(submitEvent) {
- var form = $('form.submitted')
- // bootstrap loading state:
- $(form).find('input[type="submit"]').button('reset');
- $(form).removeClass('submitted')
- };
-
- //
- // PUBLIC FUNCTIONS
- //
-
- srp.session = new srp.Session();
-
- srp.signedUp = function() {
- return srp.login();
- };
-
- srp.loggedIn = function() {
- return window.location = '/';
- };
-
- srp.updated = function() {
- return window.location = '/users/' + srp.session.id();
- };
-
- //
- // if a json request returns an error, this function gets called and
- // decorates the appropriate fields with the error messages.
- //
- srp.error = function(message) {
- clear_errors();
- var errors = extractErrors(message);
- displayErrors(errors);
- resetButtons();
- }
-
- function extractErrors(message) {
- if ($.isPlainObject(message) && message.errors) {
- return message.errors;
- } else {
- return {
- base: (message.error || JSON.stringify(message))
- };
- }
- }
-
- function displayErrors(errors) {
- for (var field in errors) {
- var error = errors[field];
- if (field === 'base') {
- alert_message(error);
- } else {
- displayFieldError(field, error);
- }
- }
- }
-
- function displayFieldError(field, error) {
- var element = $('form input[name$="[' + field + ']"]');
- if (element) {
- element.trigger('element:validate:fail.ClientSideValidations', error).data('valid', false);
- }
- };
-
- //
- // INIT
- //
-
- $(document).ready(function() {
- $('form').submit(markAsSubmitted);
- $('#new_user').submit(prevent_default);
- $('#new_user').submit(srp.signup);
- $('#new_session').submit(prevent_default);
- $('#new_session').submit(srp.login);
- $('#update_login_and_password').submit(prevent_default);
- $('#update_login_and_password').submit(srp.update);
- $('#update_pgp_key').submit(prevent_default);
- $('#update_pgp_key').submit(update_user);
- return $('#user-typeahead').typeahead({
- source: poll_users
- });
- });
-
-}).call(this);
diff --git a/users/app/assets/stylesheets/leap_web_users/.gitkeep b/users/app/assets/stylesheets/leap_web_users/.gitkeep
deleted file mode 100644
index e69de29..0000000
--- a/users/app/assets/stylesheets/leap_web_users/.gitkeep
+++ /dev/null
diff --git a/users/app/controllers/.gitkeep b/users/app/controllers/.gitkeep
deleted file mode 100644
index e69de29..0000000
--- a/users/app/controllers/.gitkeep
+++ /dev/null
diff --git a/users/app/controllers/account_settings_controller.rb b/users/app/controllers/account_settings_controller.rb
deleted file mode 100644
index e69de29..0000000
--- a/users/app/controllers/account_settings_controller.rb
+++ /dev/null
diff --git a/users/app/controllers/controller_extension/authentication.rb b/users/app/controllers/controller_extension/authentication.rb
deleted file mode 100644
index d831fbe..0000000
--- a/users/app/controllers/controller_extension/authentication.rb
+++ /dev/null
@@ -1,68 +0,0 @@
-module ControllerExtension::Authentication
- extend ActiveSupport::Concern
-
- private
-
- included do
- helper_method :current_user, :logged_in?, :admin?
- end
-
- def current_user
- @current_user ||= token_authenticate || warden.user
- end
-
- def logged_in?
- !!current_user
- end
-
- def authorize
- access_denied unless logged_in?
- end
-
- def access_denied
- respond_to do |format|
- format.html do
- if logged_in?
- redirect_to home_url, :alert => t(:not_authorized)
- else
- redirect_to login_url, :alert => t(:not_authorized_login)
- end
- end
- format.json do
- render :json => {'error' => t(:not_authorized)}, status: :unprocessable_entity
- end
- end
- end
-
- def admin?
- current_user && current_user.is_admin?
- end
-
- def authorize_admin
- access_denied unless admin?
- end
-
- def authentication_errors
- return unless attempted_login?
- errors = get_warden_errors
- errors.inject({}) do |translated,err|
- translated[err.first] = I18n.t(err.last)
- translated
- end
- end
-
- def get_warden_errors
- if strategy = warden.winning_strategy
- message = strategy.message
- # in case we get back the default message to fail!
- message.respond_to?(:inject) ? message : { base: message }
- else
- { login: :all_strategies_failed }
- end
- end
-
- def attempted_login?
- request.env['warden.options'] &&
- request.env['warden.options'][:attempted_path]
- end
-end
diff --git a/users/app/controllers/controller_extension/token_authentication.rb b/users/app/controllers/controller_extension/token_authentication.rb
deleted file mode 100644
index 530294a..0000000
--- a/users/app/controllers/controller_extension/token_authentication.rb
+++ /dev/null
@@ -1,23 +0,0 @@
-module ControllerExtension::TokenAuthentication
- extend ActiveSupport::Concern
-
- def token_authenticate
- authenticate_with_http_token do |token_id, options|
- @token = Token.find(token_id)
- end
- @token.authenticate if @token
- end
-
- def logout
- super
- clear_token
- end
-
- def clear_token
- authenticate_with_http_token do |token_id, options|
- @token = Token.find(token_id)
- @token.destroy if @token
- end
- end
-end
-
diff --git a/users/app/controllers/keys_controller.rb b/users/app/controllers/keys_controller.rb
deleted file mode 100644
index fb28901..0000000
--- a/users/app/controllers/keys_controller.rb
+++ /dev/null
@@ -1,18 +0,0 @@
-class KeysController < ApplicationController
-
- #
- # Render the user's key as plain text, without a layout.
- #
- # We will show blank page if user doesn't have key (which shouldn't generally occur)
- # and a 404 error if user doesn't exist
- #
- def show
- user = User.find_by_login(params[:login])
- if user
- render text: user.public_key, content_type: 'text/text'
- else
- raise ActionController::RoutingError.new('Not Found')
- end
- end
-
-end
diff --git a/users/app/controllers/sessions_controller.rb b/users/app/controllers/sessions_controller.rb
deleted file mode 100644
index 0195f30..0000000
--- a/users/app/controllers/sessions_controller.rb
+++ /dev/null
@@ -1,27 +0,0 @@
-class SessionsController < ApplicationController
-
- def new
- redirect_to home_url if logged_in?
- @session = Session.new
- if authentication_errors
- @errors = authentication_errors
- render :status => 422
- end
- end
-
- def destroy
- logout
- redirect_to home_url
- end
-
- #
- # this is a bad hack, but user_url(user) is not available
- # also, this doesn't work because the redirect happens as a PUT. no idea why.
- #
- #Warden::Manager.after_authentication do |user, auth, opts|
- # response = Rack::Response.new
- # response.redirect "/users/#{user.id}"
- # throw :warden, response.finish
- #end
-
-end
diff --git a/users/app/controllers/users_base_controller.rb b/users/app/controllers/users_base_controller.rb
deleted file mode 100644
index 9becf0d..0000000
--- a/users/app/controllers/users_base_controller.rb
+++ /dev/null
@@ -1,18 +0,0 @@
-#
-# common base class for all user related controllers
-#
-
-class UsersBaseController < ApplicationController
-
- protected
-
- def fetch_user
- @user = User.find(params[:user_id] || params[:id])
- if !@user && admin?
- redirect_to users_url, :alert => t(:no_such_thing, :thing => 'user')
- elsif !admin? && @user != current_user
- access_denied
- end
- end
-
-end
diff --git a/users/app/controllers/users_controller.rb b/users/app/controllers/users_controller.rb
deleted file mode 100644
index a5461cd..0000000
--- a/users/app/controllers/users_controller.rb
+++ /dev/null
@@ -1,68 +0,0 @@
-#
-# This is an HTML-only controller. For the JSON-only controller, see v1/users_controller.rb
-#
-
-class UsersController < UsersBaseController
-
- before_filter :authorize, :only => [:show, :edit, :update, :destroy]
- before_filter :fetch_user, :only => [:show, :edit, :update, :destroy, :deactivate, :enable]
- before_filter :authorize_admin, :only => [:index, :deactivate, :enable]
-
- respond_to :html
-
- def index
- if params[:query]
- if @user = User.find_by_login(params[:query])
- redirect_to @user
- return
- else
- @users = User.by_login.startkey(params[:query]).endkey(params[:query].succ)
- end
- else
- @users = User.by_created_at.descending
- end
- @users = @users.limit(100)
- end
-
- def new
- @user = User.new
- end
-
- def show
- end
-
- def edit
- end
-
- ## added so updating service level works, but not sure we will actually want this. also not sure that this is place to prevent user from updating own effective service level, but here as placeholder:
- def update
- @user.update_attributes(params[:user]) unless (!admin? and params[:user][:effective_service_level])
- respond_with @user
- end
-
- def deactivate
- @user.enabled = false
- @user.save
- respond_with @user
- end
-
- def enable
- @user.enabled = true
- @user.save
- respond_with @user
- end
-
- def destroy
- @user.account.destroy
- flash[:notice] = I18n.t(:account_destroyed)
- # admins can destroy other users
- if @user != current_user
- redirect_to users_url
- else
- # let's remove the invalid session
- logout
- redirect_to bye_url
- end
- end
-
-end
diff --git a/users/app/controllers/v1/sessions_controller.rb b/users/app/controllers/v1/sessions_controller.rb
deleted file mode 100644
index eb6c322..0000000
--- a/users/app/controllers/v1/sessions_controller.rb
+++ /dev/null
@@ -1,44 +0,0 @@
-module V1
- class SessionsController < ApplicationController
-
- skip_before_filter :verify_authenticity_token
-
- def new
- @session = Session.new
- if authentication_errors
- @errors = authentication_errors
- render :status => 422
- end
- end
-
- def create
- logout if logged_in?
- if params['A']
- authenticate!
- else
- @user = User.find_by_login(params['login'])
- render :json => {salt: @user.salt}
- end
- end
-
- def update
- authenticate!
- @token = Token.create(:user_id => current_user.id)
- session[:token] = @token.id
- render :json => login_response
- end
-
- def destroy
- logout
- head :no_content
- end
-
- protected
-
- def login_response
- handshake = session.delete(:handshake) || {}
- handshake.to_hash.merge(:id => current_user.id, :token => @token.id)
- end
-
- end
-end
diff --git a/users/app/controllers/v1/users_controller.rb b/users/app/controllers/v1/users_controller.rb
deleted file mode 100644
index 0903888..0000000
--- a/users/app/controllers/v1/users_controller.rb
+++ /dev/null
@@ -1,32 +0,0 @@
-module V1
- class UsersController < UsersBaseController
-
- skip_before_filter :verify_authenticity_token
- before_filter :fetch_user, :only => [:update]
- before_filter :authorize, :only => [:update]
- before_filter :authorize_admin, :only => [:index]
-
- respond_to :json
-
- # used for autocomplete for admins in the web ui
- def index
- if params[:query]
- @users = User.by_login.startkey(params[:query]).endkey(params[:query].succ)
- respond_with @users.map(&:login).sort
- else
- render :json => {'error' => 'query required', 'status' => :unprocessable_entity}
- end
- end
-
- def create
- @user = Account.create(params[:user])
- respond_with @user # return ID instead?
- end
-
- def update
- @user.account.update params[:user]
- respond_with @user
- end
-
- end
-end
diff --git a/users/app/controllers/webfinger_controller.rb b/users/app/controllers/webfinger_controller.rb
deleted file mode 100644
index 8872802..0000000
--- a/users/app/controllers/webfinger_controller.rb
+++ /dev/null
@@ -1,19 +0,0 @@
-class WebfingerController < ApplicationController
-
- respond_to :xml, :json
- layout false
-
- def host_meta
- @host_meta = Webfinger::HostMetaPresenter.new(request)
- respond_with @host_meta
- end
-
- def search
- username = params[:q].split('@')[0].to_s.downcase
- user = User.find_by_login(username)
- raise RECORD_NOT_FOUND, 'User not found' unless user.present?
- @presenter = Webfinger::UserPresenter.new(user, request)
- respond_with @presenter
- end
-
-end
diff --git a/users/app/helpers/.gitkeep b/users/app/helpers/.gitkeep
deleted file mode 100644
index e69de29..0000000
--- a/users/app/helpers/.gitkeep
+++ /dev/null
diff --git a/users/app/helpers/email_aliases_helper.rb b/users/app/helpers/email_aliases_helper.rb
deleted file mode 100644
index b56b068..0000000
--- a/users/app/helpers/email_aliases_helper.rb
+++ /dev/null
@@ -1,11 +0,0 @@
-module EmailAliasesHelper
-
- def email_alias_form(options = {})
- simple_form_for [@user, EmailAlias.new()],
- :html => {:class => "form-horizontal email-alias form"},
- :validate => true do |f|
- yield f
- end
- end
-
-end
diff --git a/users/app/helpers/sessions_helper.rb b/users/app/helpers/sessions_helper.rb
deleted file mode 100644
index 309f8b2..0000000
--- a/users/app/helpers/sessions_helper.rb
+++ /dev/null
@@ -1,2 +0,0 @@
-module SessionsHelper
-end
diff --git a/users/app/helpers/users_helper.rb b/users/app/helpers/users_helper.rb
deleted file mode 100644
index f56faab..0000000
--- a/users/app/helpers/users_helper.rb
+++ /dev/null
@@ -1,14 +0,0 @@
-module UsersHelper
-
- def user_form_class(*classes)
- (classes + ['user', 'form', (@user.new_record? ? 'new' : 'edit')]).compact.join(' ')
- end
-
- def wrapped(item, options = {})
- options[:as] ||= :div
- content_tag options[:as], :class => dom_class(item), :id => dom_id(item) do
- yield
- end
- end
-
-end
diff --git a/users/app/mailers/.gitkeep b/users/app/mailers/.gitkeep
deleted file mode 100644
index e69de29..0000000
--- a/users/app/mailers/.gitkeep
+++ /dev/null
diff --git a/users/app/models/.gitkeep b/users/app/models/.gitkeep
deleted file mode 100644
index e69de29..0000000
--- a/users/app/models/.gitkeep
+++ /dev/null
diff --git a/users/app/models/account.rb b/users/app/models/account.rb
deleted file mode 100644
index cf998e4..0000000
--- a/users/app/models/account.rb
+++ /dev/null
@@ -1,68 +0,0 @@
-#
-# The Account model takes care of the livecycle of a user.
-# It composes a User record and it's identity records.
-# It also allows for other engines to hook into the livecycle by
-# monkeypatching the create, update and destroy methods.
-# There's an ActiveSupport load_hook at the end of this file to
-# make this more easy.
-#
-class Account
-
- attr_reader :user
-
- def initialize(user = nil)
- @user = user
- end
-
- # Returns the user record so it can be used in views.
- def self.create(attrs)
- @user = User.create(attrs).tap do |user|
- Identity.create_for user
- end
- end
-
- def update(attrs)
- if attrs[:password_verifier].present?
- update_login(attrs[:login])
- @user.update_attributes attrs.slice(:password_verifier, :password_salt)
- end
- # TODO: move into identity controller
- key = update_pgp_key(attrs[:public_key])
- @user.errors.set :public_key, key.errors.full_messages
- @user.save && save_identities
- @user.refresh_identity
- end
-
- def destroy
- return unless @user
- Identity.disable_all_for(@user)
- @user.destroy
- end
-
- protected
-
- def update_login(login)
- return unless login.present?
- @old_identity = Identity.for(@user)
- @user.login = login
- @new_identity = Identity.for(@user) # based on the new login
- @old_identity.destination = @user.email_address # alias old -> new
- end
-
- def update_pgp_key(key)
- PgpKey.new(key).tap do |key|
- if key.present? && key.valid?
- @new_identity ||= Identity.for(@user)
- @new_identity.set_key(:pgp, key)
- end
- end
- end
-
- def save_identities
- @new_identity.try(:save) && @old_identity.try(:save)
- end
-
- # You can hook into the account lifecycle from different engines using
- # ActiveSupport.on_load(:account) do ...
- ActiveSupport.run_load_hooks(:account, self)
-end
diff --git a/users/app/models/email.rb b/users/app/models/email.rb
deleted file mode 100644
index a9a503f..0000000
--- a/users/app/models/email.rb
+++ /dev/null
@@ -1,26 +0,0 @@
-class Email < String
- include ActiveModel::Validations
-
- validates :email,
- :format => {
- :with => /\A([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})\Z/, #local part of email is case-sensitive, so allow uppercase letter.
- :message => "needs to be a valid email address"
- }
-
- def to_partial_path
- "emails/email"
- end
-
- def to_param
- to_s
- end
-
- def email
- self
- end
-
- def handle
- self.split('@').first
- end
-
-end
diff --git a/users/app/models/identity.rb b/users/app/models/identity.rb
deleted file mode 100644
index 9b97b51..0000000
--- a/users/app/models/identity.rb
+++ /dev/null
@@ -1,136 +0,0 @@
-class Identity < CouchRest::Model::Base
- include LoginFormatValidation
-
- use_database :identities
-
- belongs_to :user
-
- property :address, LocalEmail
- property :destination, Email
- property :keys, HashWithIndifferentAccess
-
- validate :unique_forward
- validate :alias_available
- validate :address_local_email
- validate :destination_email
-
- design do
- view :by_user_id
- view :by_address_and_destination
- view :by_address
- view :pgp_key_by_email,
- map: <<-EOJS
- function(doc) {
- if (doc.type != 'Identity') {
- return;
- }
- if (typeof doc.keys === "object") {
- emit(doc.address, doc.keys["pgp"]);
- }
- }
- EOJS
- view :disabled,
- map: <<-EOJS
- function(doc) {
- if (doc.type != 'Identity') {
- return;
- }
- if (typeof doc.user_id === "undefined") {
- emit(doc._id, 1);
- }
- }
- EOJS
-
- end
-
- def self.for(user, attributes = {})
- find_for(user, attributes) || build_for(user, attributes)
- end
-
- def self.find_for(user, attributes = {})
- attributes.reverse_merge! attributes_from_user(user)
- find_by_address_and_destination [attributes[:address], attributes[:destination]]
- end
-
- def self.build_for(user, attributes = {})
- attributes.reverse_merge! attributes_from_user(user)
- Identity.new(attributes)
- end
-
- def self.create_for(user, attributes = {})
- identity = build_for(user, attributes)
- identity.save
- identity
- end
-
- def self.disable_all_for(user)
- Identity.by_user_id.key(user.id).each do |identity|
- identity.disable
- identity.save
- end
- end
-
- def self.destroy_all_disabled
- Identity.disabled.each do |identity|
- identity.destroy
- end
- end
-
- def self.attributes_from_user(user)
- { user_id: user.id,
- address: user.email_address,
- destination: user.email_address
- }
- end
-
- def enabled?
- self.destination && self.user_id
- end
-
- def disable
- self.destination = nil
- self.user_id = nil
- end
-
- def keys
- read_attribute('keys') || HashWithIndifferentAccess.new
- end
-
- def set_key(type, key)
- return if keys[type] == key.to_s
- write_attribute('keys', keys.merge(type => key.to_s))
- end
-
- # for LoginFormatValidation
- def login
- self.address.handle
- end
-
- protected
-
- def unique_forward
- same = Identity.find_by_address_and_destination([address, destination])
- if same && same != self
- errors.add :base, "This alias already exists"
- end
- end
-
- def alias_available
- same = Identity.find_by_address(address)
- if same && same.user != self.user
- errors.add :base, "This email has already been taken"
- end
- end
-
- def address_local_email
- return if address.valid? #this ensures it is LocalEmail
- self.errors.add(:address, address.errors.messages[:email].first) #assumes only one error
- end
-
- def destination_email
- return if destination.nil? # this identity is disabled
- return if destination.valid? # this ensures it is Email
- self.errors.add(:destination, destination.errors.messages[:email].first) #assumes only one error #TODO
- end
-
-end
diff --git a/users/app/models/local_email.rb b/users/app/models/local_email.rb
deleted file mode 100644
index 2b4c65e..0000000
--- a/users/app/models/local_email.rb
+++ /dev/null
@@ -1,68 +0,0 @@
-class LocalEmail < Email
-
- BLACKLIST_FROM_RFC2142 = [
- 'postmaster', 'hostmaster', 'domainadmin', 'webmaster', 'www',
- 'abuse', 'noc', 'security', 'usenet', 'news', 'uucp',
- 'ftp', 'sales', 'marketing', 'support', 'info'
- ]
-
- def self.domain
- APP_CONFIG[:domain]
- end
-
- validates :email,
- :format => {
- :with => /@#{domain}\Z/i,
- :message => "needs to end in @#{domain}"
- }
-
- validate :handle_allowed
-
- def initialize(s)
- super
- append_domain_if_needed
- end
-
- def to_key
- [handle]
- end
-
- def domain
- LocalEmail.domain
- end
-
- protected
-
- def append_domain_if_needed
- unless self.index('@')
- self << '@' + domain
- end
- end
-
- def handle_allowed
- errors.add(:handle, "is reserved.") if handle_reserved?
- end
-
- def handle_reserved?
- # *ARRAY in a case statement tests if ARRAY includes the handle.
- case handle
- when *APP_CONFIG[:handle_blacklist]
- true
- when *APP_CONFIG[:handle_whitelist]
- false
- when *BLACKLIST_FROM_RFC2142
- true
- else
- handle_in_passwd?
- end
- end
-
- def handle_in_passwd?
- begin
- !!Etc.getpwnam(handle)
- rescue ArgumentError
- # handle was not found
- return false
- end
- end
-end
diff --git a/users/app/models/login_format_validation.rb b/users/app/models/login_format_validation.rb
deleted file mode 100644
index c1fcf70..0000000
--- a/users/app/models/login_format_validation.rb
+++ /dev/null
@@ -1,21 +0,0 @@
-module LoginFormatValidation
- extend ActiveSupport::Concern
-
- #TODO: Probably will replace this. Playing with using it for aliases too, but won't want it connected to login field.
-
- included do
- # Have multiple regular expression validations so we can get specific error messages:
- validates :login,
- :format => { :with => /\A.{2,}\z/,
- :message => "Must have at least two characters"}
- validates :login,
- :format => { :with => /\A[a-z\d_\.-]+\z/,
- :message => "Only lowercase letters, digits, . - and _ allowed."}
- validates :login,
- :format => { :with => /\A[a-z].*\z/,
- :message => "Must begin with a lowercase letter"}
- validates :login,
- :format => { :with => /\A.*[a-z\d]\z/,
- :message => "Must end with a letter or digit"}
- end
-end
diff --git a/users/app/models/pgp_key.rb b/users/app/models/pgp_key.rb
deleted file mode 100644
index 66f8660..0000000
--- a/users/app/models/pgp_key.rb
+++ /dev/null
@@ -1,48 +0,0 @@
-class PgpKey
- include ActiveModel::Validations
-
- KEYBLOCK_IDENTIFIERS = [
- '-----BEGIN PGP PUBLIC KEY BLOCK-----',
- '-----END PGP PUBLIC KEY BLOCK-----',
- ]
-
- # mostly for testing.
- attr_accessor :keyblock
-
- validate :validate_keyblock_format
-
- def initialize(keyblock = nil)
- @keyblock = keyblock
- end
-
- def to_s
- @keyblock
- end
-
- def present?
- @keyblock.present?
- end
-
- # allow comparison with plain keyblock strings.
- def ==(other)
- self.equal?(other) or
- # relax the comparison on line ends.
- self.to_s.tr_s("\n\r", '') == other.tr_s("\r\n", '')
- end
-
- protected
-
- def validate_keyblock_format
- if keyblock_identifier_missing?
- errors.add :public_key_block,
- "does not look like an armored pgp public key block"
- end
- end
-
- def keyblock_identifier_missing?
- KEYBLOCK_IDENTIFIERS.find do |identify|
- !@keyblock.include?(identify)
- end
- end
-
-end
diff --git a/users/app/models/service_level.rb b/users/app/models/service_level.rb
deleted file mode 100644
index 299aaf1..0000000
--- a/users/app/models/service_level.rb
+++ /dev/null
@@ -1,19 +0,0 @@
-class ServiceLevel
-
- def initialize(attributes = {})
- @id = attributes[:id] || APP_CONFIG[:default_service_level]
- end
-
- def self.authenticated_select_options
- APP_CONFIG[:service_levels].map { |id,config_hash| [config_hash[:description], id] if config_hash[:name] != 'anonymous'}.compact
- end
-
- def id
- @id
- end
-
- def config_hash
- APP_CONFIG[:service_levels][@id]
- end
-
-end
diff --git a/users/app/models/session.rb b/users/app/models/session.rb
deleted file mode 100644
index 0d7e10e..0000000
--- a/users/app/models/session.rb
+++ /dev/null
@@ -1,32 +0,0 @@
-class Session < SRP::Session
- include ActiveModel::Validations
- include LoginFormatValidation
-
- attr_accessor :login
-
- validates :login, :presence => true
-
- def initialize(user = nil, aa = nil)
- super(user, aa) if user
- end
-
- def persisted?
- false
- end
-
- def new_record?
- true
- end
-
- def to_model
- self
- end
-
- def to_key
- [object_id]
- end
-
- def to_param
- nil
- end
-end
diff --git a/users/app/models/token.rb b/users/app/models/token.rb
deleted file mode 100644
index 001eb40..0000000
--- a/users/app/models/token.rb
+++ /dev/null
@@ -1,61 +0,0 @@
-class Token < CouchRest::Model::Base
-
- use_database :tokens
-
- belongs_to :user
-
- # timestamps! does not create setters and only sets updated_at
- # if the object has changed and been saved. Instead of triggering
- # that we rather use our own property we have control over:
- property :last_seen_at, Time, accessible: false
-
- validates :user_id, presence: true
-
- design do
- view :by_last_seen_at
- end
-
- def self.expires_after
- APP_CONFIG[:auth] && APP_CONFIG[:auth][:token_expires_after]
- end
-
- def self.expired
- return [] unless expires_after
- by_last_seen_at.endkey(expires_after.minutes.ago)
- end
-
- def self.destroy_all_expired
- self.expired.each do |token|
- token.destroy
- end
- end
-
- def authenticate
- if expired?
- destroy
- return nil
- else
- touch
- return user
- end
- end
-
- def touch
- self.last_seen_at = Time.now
- save
- end
-
- def expired?
- Token.expires_after and
- last_seen_at < Token.expires_after.minutes.ago
- end
-
- def initialize(*args)
- super
- if new_record?
- self.id = SecureRandom.urlsafe_base64(32).gsub(/^_*/, '')
- self.last_seen_at = Time.now
- end
- end
-end
-
diff --git a/users/app/models/unauthenticated_user.rb b/users/app/models/unauthenticated_user.rb
deleted file mode 100644
index 0fc17d2..0000000
--- a/users/app/models/unauthenticated_user.rb
+++ /dev/null
@@ -1,6 +0,0 @@
-# The nil object for the user class
-class UnauthenticatedUser < Object
-
- # will probably want something here to return service level as APP_CONFIG[:service_levels][0] but not sure how will be accessing.
-
-end
diff --git a/users/app/models/user.rb b/users/app/models/user.rb
deleted file mode 100644
index 720f5a9..0000000
--- a/users/app/models/user.rb
+++ /dev/null
@@ -1,143 +0,0 @@
-class User < CouchRest::Model::Base
- include LoginFormatValidation
-
- use_database :users
-
- property :login, String, :accessible => true
- property :password_verifier, String, :accessible => true
- property :password_salt, String, :accessible => true
-
- property :enabled, TrueClass, :default => true
-
- # these will be null by default but we shouldn't ever pull them directly, but only via the methods that will return the full ServiceLevel
- property :desired_service_level_code, Integer, :accessible => true
- property :effective_service_level_code, Integer, :accessible => true
-
- before_save :update_effective_service_level
-
- validates :login, :password_salt, :password_verifier,
- :presence => true
-
- validates :login,
- :uniqueness => true,
- :if => :serverside?
-
- validate :login_is_unique_alias
-
- validates :password_salt, :password_verifier,
- :format => { :with => /\A[\dA-Fa-f]+\z/, :message => "Only hex numbers allowed" }
-
- validates :password, :presence => true,
- :confirmation => true,
- :format => { :with => /.{8}.*/, :message => "needs to be at least 8 characters long" }
-
- timestamps!
-
- design do
- own_path = Pathname.new(File.dirname(__FILE__))
- load_views(own_path.join('..', 'designs', 'user'))
- view :by_login
- view :by_created_at
- end # end of design
-
- def to_json(options={})
- {
- :login => login,
- :ok => valid?
- }.to_json(options)
- end
-
- def salt
- password_salt.hex
- end
-
- def verifier
- password_verifier.hex
- end
-
- def username
- login
- end
-
- def email_address
- LocalEmail.new(login)
- end
-
- # Since we are storing admins by login, we cannot allow admins to change their login.
- def is_admin?
- APP_CONFIG['admins'].include? self.login
- end
-
- def most_recent_tickets(count=3)
- Ticket.for_user(self).limit(count).all #defaults to having most recent updated first
- end
-
- # DEPRECATED
- #
- # Please set the key on the identity directly
- # WARNING: This will not be serialized with the user record!
- # It is only a workaround for the key form.
- def public_key=(value)
- identity.set_key(:pgp, value)
- end
-
- # DEPRECATED
- #
- # Please access identity.keys[:pgp] directly
- def public_key
- identity.keys[:pgp]
- end
-
- def account
- Account.new(self)
- end
-
- def identity
- @identity ||= Identity.for(self)
- end
-
- def refresh_identity
- @identity = Identity.for(self)
- end
-
- def desired_service_level
- code = self.desired_service_level_code || APP_CONFIG[:default_service_level]
- ServiceLevel.new({id: code})
- end
-
- def effective_service_level
- code = self.effective_service_level_code || self.desired_service_level.id
- ServiceLevel.new({id: code})
- end
-
- protected
-
- ##
- # Validation Functions
- ##
-
- def login_is_unique_alias
- alias_identity = Identity.find_by_address(self.email_address)
- return if alias_identity.blank?
- if alias_identity.user != self
- errors.add(:login, "has already been taken")
- end
- end
-
- def password
- password_verifier
- end
-
- # used as a condition for validations that are server side only
- def serverside?
- true
- end
-
- def update_effective_service_level
- # TODO: Is this always the case? Might there be a situation where the admin has set the effective service level and we don't want it changed to match the desired one?
- if self.desired_service_level_code_changed?
- self.effective_service_level_code = self.desired_service_level_code
- end
- end
-
-end
diff --git a/users/app/views/.gitkeep b/users/app/views/.gitkeep
deleted file mode 100644
index e69de29..0000000
--- a/users/app/views/.gitkeep
+++ /dev/null
diff --git a/users/app/views/emails/_email.html.haml b/users/app/views/emails/_email.html.haml
deleted file mode 100644
index ea59cec..0000000
--- a/users/app/views/emails/_email.html.haml
+++ /dev/null
@@ -1,6 +0,0 @@
-= wrapped(email, local_assigns) do
- = email
- - if local_assigns[:with].try(:include?, :delete)
- = link_to(user_email_alias_path(@user, email), :method => :delete) do
- %i.icon-remove
-
diff --git a/users/app/views/sessions/new.html.haml b/users/app/views/sessions/new.html.haml
deleted file mode 100644
index 771dc97..0000000
--- a/users/app/views/sessions/new.html.haml
+++ /dev/null
@@ -1,10 +0,0 @@
-.span1
-.span9
- = render :partial => 'users/warnings'
- %h2=t :login
- = simple_form_for [:api, @session], :validate => true, :html => { :id => :new_session, :class => 'form-horizontal' } do |f|
- = f.input :login, :required => false, :label => t(:username), :input_html => { :id => :srp_username }
- = f.input :password, :required => false, :input_html => { :id => :srp_password }
- .form-actions
- = f.button :submit, :value => t(:login), :class => 'btn-primary'
- = link_to t(:cancel), home_path, :class => 'btn'
diff --git a/users/app/views/sessions/new.json.erb b/users/app/views/sessions/new.json.erb
deleted file mode 100644
index 36154b8..0000000
--- a/users/app/views/sessions/new.json.erb
+++ /dev/null
@@ -1,3 +0,0 @@
-{
-"errors": <%= raw @errors.to_json %>
-}
diff --git a/users/app/views/users/_change_password.html.haml b/users/app/views/users/_change_password.html.haml
deleted file mode 100644
index 425e3ee..0000000
--- a/users/app/views/users/_change_password.html.haml
+++ /dev/null
@@ -1,21 +0,0 @@
--#
--# CHANGE PASSWORD
--#
--# * everything about this form is handled with javascript. So take care when changing any ids.
--# * the login is required when changing the password because it is used as part of the salt when calculating the password verifier.
--# however, we don't want the user to change their login without generating a new key, so we hide the ui for this
--# (although it works perfectly fine to change username if the field was visible).
--#
-
-- form_options = {:url => '/not-used', :html => {:class => user_form_class('form-horizontal'), :id => 'update_login_and_password', :data => {token: session[:token]}}, :validate => true}
-= simple_form_for @user, form_options do |f|
- %legend= t(:change_password)
- = hidden_field_tag 'user_param', @user.to_param
- .hidden
- = f.input :login, :label => t(:username), :required => false, :input_html => {:id => :srp_username}
- = f.input :password, :required => false, :validate => true, :input_html => { :id => :srp_password }
- = f.input :password_confirmation, :required => false, :input_html => { :id => :srp_password_confirmation }
- .control-group
- .controls
- = f.submit t(:save), :class => 'btn btn-primary'
-
diff --git a/users/app/views/users/_change_pgp_key.html.haml b/users/app/views/users/_change_pgp_key.html.haml
deleted file mode 100644
index e465125..0000000
--- a/users/app/views/users/_change_pgp_key.html.haml
+++ /dev/null
@@ -1,13 +0,0 @@
--#
--# CHANGE PGP KEY
--#
--# this will be replaced by a identities controller/view at some point
--#
-
-- form_options = {:html => {:class => user_form_class('form-horizontal'), :id => 'update_pgp_key', :data => {token: session[:token]}}, :validate => true}
-= simple_form_for [:api, @user], form_options do |f|
- %legend= t(:advanced_options)
- = f.input :public_key, :as => :text, :hint => t(:use_ascii_key), :input_html => {:class => "full-width", :rows => 4}
- .control-group
- .controls
- = f.submit t(:save), :class => 'btn', :data => {"loading-text" => "Saving..."}
diff --git a/users/app/views/users/_change_service_level.html.haml b/users/app/views/users/_change_service_level.html.haml
deleted file mode 100644
index 61e67d9..0000000
--- a/users/app/views/users/_change_service_level.html.haml
+++ /dev/null
@@ -1,18 +0,0 @@
--# TODO: probably won't want here, but here for now. Also, we will need way to ensure payment if they pick a non-free plan.
--#
--# SERVICE LEVEL
--#
-- if APP_CONFIG[:service_levels]
- - form_options = {:html => {:class => user_form_class('form-horizontal'), :id => 'update_service_level', :data => {token: session[:token]}}, :validate => true}
- = simple_form_for @user, form_options do |f|
- %legend= t(:service_level)
- - if @user != current_user
- = t(:desired_service_level)
- = f.select :desired_service_level_code, ServiceLevel.authenticated_select_options, :selected => @user.desired_service_level.id
- - if @user != current_user
- %p
- = t(:effective_service_level)
- = f.select :effective_service_level_code, ServiceLevel.authenticated_select_options, :selected => @user.effective_service_level.id
- .control-group
- .controls
- = f.submit t(:save), :class => 'btn', :data => {"loading-text" => "Saving..."}
diff --git a/users/app/views/users/_destroy_account.html.haml b/users/app/views/users/_destroy_account.html.haml
deleted file mode 100644
index 445f3c4..0000000
--- a/users/app/views/users/_destroy_account.html.haml
+++ /dev/null
@@ -1,27 +0,0 @@
--#
--# DESTROY ACCOUNT
--#
-
-%legend
- - if @user == current_user
- = t(:destroy_my_account)
- - else
- = t(:admin_destroy_account, :username => @user.login)
-%p= t(:destroy_account_info)
-= link_to user_path(@user), :method => :delete, :confirm => t(:are_you_sure), :class => "btn btn-danger" do
- %i.icon-remove.icon-white
- = t(:destroy_my_account)
-- if @user != current_user and @user.enabled?
- %legend
- = t(:deactivate_account, :username => @user.login)
- %p= t(:deactivate_description)
- = link_to deactivate_user_path(@user), :method => :post, :class => "btn btn-warning" do
- %i.icon-pause.icon-white
- = t(:deactivate)
-- elsif @user != current_user and !@user.enabled?
- %legend
- = t(:enable_account, :username => @user.login)
- %p= t(:enable_description)
- = link_to enable_user_path(@user), :method => :post, :class => "btn btn-warning" do
- %i.icon-ok.icon-white
- = t(:enable)
diff --git a/users/app/views/users/_edit.html.haml b/users/app/views/users/_edit.html.haml
deleted file mode 100644
index 1d2b68a..0000000
--- a/users/app/views/users/_edit.html.haml
+++ /dev/null
@@ -1,14 +0,0 @@
--#
--# edit user form, used by both show and edit actions.
--#
--# We render a bunch of forms here. Which we use depends upon config settings
--# user_actions and admin_actions. They both include an array of actions
--# allowed to users and admins.
--# Possible forms are:
--# 'change_password'
--# 'change_pgp_key'
--# 'change_service_level'
--# 'destroy_account'
-- actions = APP_CONFIG[admin? ? :admin_actions : :user_actions] || []
-- actions.each do |action|
- = render action
diff --git a/users/app/views/users/_user.html.haml b/users/app/views/users/_user.html.haml
deleted file mode 100644
index 583d22f..0000000
--- a/users/app/views/users/_user.html.haml
+++ /dev/null
@@ -1,4 +0,0 @@
-%tr
- %td= link_to user.login, user
- %td= l(user.created_at, :format => :short)
- %td= l(user.updated_at, :format => :short)
diff --git a/users/app/views/users/_warnings.html.haml b/users/app/views/users/_warnings.html.haml
deleted file mode 100644
index 79ab103..0000000
--- a/users/app/views/users/_warnings.html.haml
+++ /dev/null
@@ -1,12 +0,0 @@
-%noscript
- %div.alert.alert-error=t :js_required_html
-#cookie_warning.alert.alert-error{:style => "display:none"}
- =t :cookie_disabled_warning
-:javascript
- document.cookie = "testing=cookies_enabled; path=/";
- if(document.cookie.indexOf("testing=cookies_enabled") < 0)
- {
- document.getElementById('cookie_warning').style.display = 'block';
- } else {
- document.getElementById('cookie_warning').style.display = 'none';
- } \ No newline at end of file
diff --git a/users/app/views/users/edit.html.haml b/users/app/views/users/edit.html.haml
deleted file mode 100644
index 434c025..0000000
--- a/users/app/views/users/edit.html.haml
+++ /dev/null
@@ -1 +0,0 @@
-= render 'edit'
diff --git a/users/app/views/users/index.html.haml b/users/app/views/users/index.html.haml
deleted file mode 100644
index fc1001e..0000000
--- a/users/app/views/users/index.html.haml
+++ /dev/null
@@ -1,13 +0,0 @@
-- @show_navigation = false
-
-= form_tag users_path, :method => :get, :class => "form-search" do
- .input-append
- = text_field_tag :query, params[:query], :id => 'user-typeahead', :class => "search-query", :autocomplete => :off
- %button.btn{:type => :submit}= t(:search)
-
-%table.table.table-striped
- %tr
- %th= t(:username)
- %th= t(:created)
- %th= t(:updated)
- = render @users.all
diff --git a/users/app/views/users/new.html.haml b/users/app/views/users/new.html.haml
deleted file mode 100644
index aecf831..0000000
--- a/users/app/views/users/new.html.haml
+++ /dev/null
@@ -1,19 +0,0 @@
--#
--# This form is handled entirely by javascript, so take care when changing element ids.
--#
-
-- form_options = {:url => '/not-used', :html => {:id => 'new_user', :class => user_form_class('form-horizontal')}, :validate => true}
-
-.span1
-.span9
- = render :partial => 'warnings'
- %h2=t :signup
- = simple_form_for(@user, form_options) do |f|
- %legend= t(:signup_message)
- = f.input :login, :label => t(:username), :required => false, :input_html => { :id => :srp_username }
- = f.input :password, :required => false, :validate => true, :input_html => { :id => :srp_password }
- = f.input :password_confirmation, :required => false, :validate => true, :input_html => { :id => :srp_password_confirmation }
- .form-actions
- = f.button :submit, :value => t(:signup), :class => 'btn btn-primary'
- = link_to t(:cancel), home_path, :class => 'btn'
-
diff --git a/users/app/views/users/show.html.haml b/users/app/views/users/show.html.haml
deleted file mode 100644
index c587017..0000000
--- a/users/app/views/users/show.html.haml
+++ /dev/null
@@ -1,25 +0,0 @@
-.overview
-
- %h2.first= t(:overview_welcome, :username => @user.login)
-
- - if admin?
- %p
- = t(:created)
- = @user.created_at
- %br
- = t(:updated)
- = @user.updated_at
- %br
- = t(:enabled)
- = @user.enabled?
-
- %p= t(:overview_intro)
-
- %ul.unstyled
- %li= icon('user') + link_to(t(:overview_account), edit_user_path(@user))
- - # %li= icon('envelope') + link_to(t(:overview_email), {insert path for user identities, presuambly}
- %li= icon('question-sign') + link_to(t(:overview_tickets), user_tickets_path(@user))
- %li= icon('shopping-cart') + link_to(t(:overview_billing), billing_top_link(@user)) if APP_CONFIG[:billing]
- .container-fluid
- .row-fluid
- = home_page_buttons(true) \ No newline at end of file
diff --git a/users/app/views/v1/sessions/new.json.erb b/users/app/views/v1/sessions/new.json.erb
deleted file mode 100644
index 36154b8..0000000
--- a/users/app/views/v1/sessions/new.json.erb
+++ /dev/null
@@ -1,3 +0,0 @@
-{
-"errors": <%= raw @errors.to_json %>
-}
diff --git a/users/app/views/webfinger/host_meta.xml.erb b/users/app/views/webfinger/host_meta.xml.erb
deleted file mode 100644
index cfcbcc0..0000000
--- a/users/app/views/webfinger/host_meta.xml.erb
+++ /dev/null
@@ -1,11 +0,0 @@
-<?xml version='1.0' encoding='UTF-8'?>
- <XRD xmlns='http://docs.oasis-open.org/ns/xri/xrd-1.0'>
-
- <Subject><%= @host_meta.subject %></Subject>
-
- <%- @host_meta.links.each do |rel, link| %>
- <Link rel='<%= rel %>'
- type='<%= link[:type] %>'
- template='<%= link[:template] %>' />
- <%- end %>
- </XRD>
diff --git a/users/app/views/webfinger/search.xml.erb b/users/app/views/webfinger/search.xml.erb
deleted file mode 100644
index 7328552..0000000
--- a/users/app/views/webfinger/search.xml.erb
+++ /dev/null
@@ -1,7 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<XRD xmlns="http://docs.oasis-open.org/ns/xri/xrd-1.0">
- <Subject><%= @presenter.subject %></Subject>
- <%- @presenter.links.each do |rel, link| %>
- <Link rel=<%=rel%> type=<%=link[:type]%> href="<%= link[:key] %>"/>
- <% end %>
-</XRD>