diff options
| -rw-r--r-- | app/controllers/controller_extension/authentication.rb | 12 | ||||
| -rw-r--r-- | app/controllers/v1/certs_controller.rb | 38 | ||||
| -rw-r--r-- | app/controllers/v1/messages_controller.rb | 5 | ||||
| -rw-r--r-- | app/controllers/v1/services_controller.rb | 8 | ||||
| -rw-r--r-- | app/models/anonymous_service_level.rb | 30 | ||||
| -rw-r--r-- | app/models/anonymous_user.rb | 27 | ||||
| -rw-r--r-- | app/models/service_level.rb | 25 | ||||
| -rw-r--r-- | app/models/unauthenticated_user.rb | 6 | ||||
| -rw-r--r-- | app/views/users/_change_service_level.html.haml | 4 | ||||
| -rw-r--r-- | config/defaults.yml | 12 | ||||
| -rw-r--r-- | config/routes.rb | 1 | ||||
| -rw-r--r-- | engines/support/app/controllers/tickets_controller.rb | 36 | ||||
| -rw-r--r-- | engines/support/app/views/tickets/new.html.haml | 16 | ||||
| -rw-r--r-- | engines/support/app/views/tickets/show.html.haml | 2 | ||||
| -rw-r--r-- | test/functional/v1/certs_controller_test.rb | 46 | ||||
| -rw-r--r-- | test/functional/v1/services_controller_test.rb | 31 | ||||
| -rw-r--r-- | test/unit/anonymous_user_test.rb | 23 | ||||
| -rw-r--r-- | test/unit/unauthenticated_user_test.rb | 7 |
18 files changed, 214 insertions, 115 deletions
diff --git a/app/controllers/controller_extension/authentication.rb b/app/controllers/controller_extension/authentication.rb index 03d3989..1f73f38 100644 --- a/app/controllers/controller_extension/authentication.rb +++ b/app/controllers/controller_extension/authentication.rb @@ -8,11 +8,11 @@ module ControllerExtension::Authentication end def current_user - @current_user ||= token_authenticate || warden.user + @current_user ||= token_authenticate || warden.user || anonymous end def logged_in? - !!current_user + current_user.is_a? User end def require_login @@ -42,7 +42,7 @@ module ControllerExtension::Authentication end def admin? - current_user && current_user.is_admin? + current_user.is_admin? end def require_admin @@ -72,4 +72,10 @@ module ControllerExtension::Authentication request.env['warden.options'] && request.env['warden.options'][:attempted_path] end + + protected + + def anonymous + AnonymousUser.new + end end diff --git a/app/controllers/v1/certs_controller.rb b/app/controllers/v1/certs_controller.rb index 64cfa7f..73409ef 100644 --- a/app/controllers/v1/certs_controller.rb +++ b/app/controllers/v1/certs_controller.rb @@ -4,7 +4,7 @@ class V1::CertsController < ApplicationController # GET /cert def show - @cert = ClientCertificate.new(:prefix => certificate_prefix) + @cert = ClientCertificate.new(:prefix => service_level.cert_prefix) render text: @cert.to_s, content_type: 'text/plain' end @@ -13,38 +13,8 @@ class V1::CertsController < ApplicationController def anonymous_certs_allowed? APP_CONFIG[:allow_anonymous_certs] end - # - # this is some temporary logic until we store the service level in the user db. - # - # better logic might look like this: - # - # if logged_in? - # service_level = user.service_level - # elsif allow_anonymous? - # service_level = service_levels[:anonymous] - # else - # service_level = nil - # end - # - # if service_level.bandwidth == 'limited' && allow_limited? - # prefix = limited - # elsif allow_unlimited? - # prefix = unlimited - # else - # prefix = nil - # end - # - def certificate_prefix - if logged_in? - if APP_CONFIG[:allow_unlimited_certs] - APP_CONFIG[:unlimited_cert_prefix] - elsif APP_CONFIG[:allow_limited_certs] - APP_CONFIG[:limited_cert_prefix] - end - elsif !APP_CONFIG[:allow_limited_certs] - APP_CONFIG[:unlimited_cert_prefix] - else - APP_CONFIG[:limited_cert_prefix] - end + + def service_level + current_user.effective_service_level end end diff --git a/app/controllers/v1/messages_controller.rb b/app/controllers/v1/messages_controller.rb index f71d0f1..85156b7 100644 --- a/app/controllers/v1/messages_controller.rb +++ b/app/controllers/v1/messages_controller.rb @@ -7,12 +7,11 @@ module V1 respond_to :json def index - render json: (current_user ? current_user.messages : [] ) + render json: current_user.messages end def update - message = Message.find(params[:id]) - if (message and current_user) + if message = Message.find(params[:id]) message.mark_as_read_by(current_user) message.save render json: true diff --git a/app/controllers/v1/services_controller.rb b/app/controllers/v1/services_controller.rb new file mode 100644 index 0000000..594940e --- /dev/null +++ b/app/controllers/v1/services_controller.rb @@ -0,0 +1,8 @@ +class V1::ServicesController < ApplicationController + + respond_to :json + + def show + respond_with current_user.effective_service_level + end +end diff --git a/app/models/anonymous_service_level.rb b/app/models/anonymous_service_level.rb new file mode 100644 index 0000000..4366a4a --- /dev/null +++ b/app/models/anonymous_service_level.rb @@ -0,0 +1,30 @@ +class AnonymousServiceLevel + + delegate :to_json, to: :config_hash + + def cert_prefix + if APP_CONFIG[:allow_limited_certs] + APP_CONFIG[:limited_cert_prefix] + elsif APP_CONFIG[:allow_unlimited_certs] + APP_CONFIG[:unlimited_cert_prefix] + end + end + + def description + if APP_CONFIG[:allow_anonymous_certs] + "anonymous access to the VPN" + else + "please login to access our services" + end + end + + protected + + def config_hash + { name: "anonymous", + description: description, + eip_rate_limit: APP_CONFIG[:allow_limited_certs] + } + end + +end diff --git a/app/models/anonymous_user.rb b/app/models/anonymous_user.rb new file mode 100644 index 0000000..360a577 --- /dev/null +++ b/app/models/anonymous_user.rb @@ -0,0 +1,27 @@ +# The nil object for the user class +class AnonymousUser < Object + + def effective_service_level + AnonymousServiceLevel.new + end + + def is_admin? + false + end + + def id + nil + end + + def email_address + nil + end + + def login + nil + end + + def messages + [] + end +end diff --git a/app/models/service_level.rb b/app/models/service_level.rb index 299aaf1..5dd8838 100644 --- a/app/models/service_level.rb +++ b/app/models/service_level.rb @@ -4,16 +4,35 @@ class ServiceLevel @id = attributes[:id] || APP_CONFIG[:default_service_level] end - def self.authenticated_select_options - APP_CONFIG[:service_levels].map { |id,config_hash| [config_hash[:description], id] if config_hash[:name] != 'anonymous'}.compact + def self.select_options + APP_CONFIG[:service_levels].map do |id,config_hash| + [config_hash[:description], id] + end end def id @id end + delegate :to_json, to: :config_hash + + def cert_prefix + if limited_cert? + APP_CONFIG[:limited_cert_prefix] + elsif APP_CONFIG[:allow_unlimited_certs] + APP_CONFIG[:unlimited_cert_prefix] + end + end + + protected + + def limited_cert? + APP_CONFIG[:allow_limited_certs] && + (!APP_CONFIG[:allow_unlimited_certs] || config_hash[:eip_rate_limit]) + end + def config_hash - APP_CONFIG[:service_levels][@id] + @config_hash || APP_CONFIG[:service_levels][@id].with_indifferent_access end end diff --git a/app/models/unauthenticated_user.rb b/app/models/unauthenticated_user.rb deleted file mode 100644 index 0fc17d2..0000000 --- a/app/models/unauthenticated_user.rb +++ /dev/null @@ -1,6 +0,0 @@ -# The nil object for the user class -class UnauthenticatedUser < Object - - # will probably want something here to return service level as APP_CONFIG[:service_levels][0] but not sure how will be accessing. - -end diff --git a/app/views/users/_change_service_level.html.haml b/app/views/users/_change_service_level.html.haml index 61e67d9..42315a2 100644 --- a/app/views/users/_change_service_level.html.haml +++ b/app/views/users/_change_service_level.html.haml @@ -8,11 +8,11 @@ %legend= t(:service_level) - if @user != current_user = t(:desired_service_level) - = f.select :desired_service_level_code, ServiceLevel.authenticated_select_options, :selected => @user.desired_service_level.id + = f.select :desired_service_level_code, ServiceLevel.select_options, :selected => @user.desired_service_level.id - if @user != current_user %p = t(:effective_service_level) - = f.select :effective_service_level_code, ServiceLevel.authenticated_select_options, :selected => @user.effective_service_level.id + = f.select :effective_service_level_code, ServiceLevel.select_options, :selected => @user.effective_service_level.id .control-group .controls = f.submit t(:save), :class => 'btn', :data => {"loading-text" => "Saving..."} diff --git a/config/defaults.yml b/config/defaults.yml index e7d0f5e..47cb641 100644 --- a/config/defaults.yml +++ b/config/defaults.yml @@ -49,21 +49,15 @@ common: &common service_levels: &service_levels service_levels: - 0: - name: anonymous - cert_prefix: "LIMITED" - description: "anonymous account, with rate limited VPN" 1: name: free - cert_prefix: "LIMITED" description: "free account, with rate limited VPN" - cost: 0 - quota: 100 + eip_rate_limit: true + storage: 100 2: name: premium - cert_prefix: "UNLIMITED" description: "premium account, with unlimited vpn" - cost: + rate: USD: 10 EUR: 10 default_service_level: 1 diff --git a/config/routes.rb b/config/routes.rb index b930bd1..f612b47 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -25,6 +25,7 @@ LeapWeb::Application.routes.draw do resources :users, :only => [:create, :update, :destroy, :index] resources :messages, :only => [:index, :update] resource :cert, :only => [:show] + resource :service, :only => [:show] end scope "(:locale)", :locale => MATCH_LOCALE do diff --git a/engines/support/app/controllers/tickets_controller.rb b/engines/support/app/controllers/tickets_controller.rb index 4be3493..650f628 100644 --- a/engines/support/app/controllers/tickets_controller.rb +++ b/engines/support/app/controllers/tickets_controller.rb @@ -5,7 +5,8 @@ class TicketsController < ApplicationController #has_scope :open, :type => boolean before_filter :require_login, :only => [:index] - before_filter :fetch_ticket, :only => [:show, :update, :destroy] # don't now have an edit method + before_filter :fetch_ticket, :only => [:show, :update, :destroy] + before_filter :require_ticket_access, :only => [:show, :update, :destroy] before_filter :fetch_user before_filter :set_title @@ -17,11 +18,11 @@ class TicketsController < ApplicationController def create @ticket = Ticket.new(params[:ticket]) - @ticket.comments.last.posted_by = (logged_in? ? current_user.id : nil) #protecting posted_by isn't working, so this should protect it. + #protecting posted_by isn't working, so this should protect it: + @ticket.comments.last.posted_by = current_user.id @ticket.comments.last.private = false unless admin? - @ticket.created_by = current_user.id if logged_in? - @ticket.email = current_user.email_address if logged_in? and current_user.email_address - + @ticket.created_by = current_user.id + @ticket.email = current_user.email_address if current_user.email_address if @ticket.save flash[:notice] = t(:thing_was_successfully_created, :thing => t(:ticket)) @@ -58,7 +59,7 @@ class TicketsController < ApplicationController end if @ticket.comments_changed? - @ticket.comments.last.posted_by = (current_user ? current_user.id : nil) + @ticket.comments.last.posted_by = current_user.id @ticket.comments.last.private = false unless admin? end @@ -120,19 +121,28 @@ class TicketsController < ApplicationController return ticket end - def ticket_access? - @ticket and (admin? or !@ticket.created_by or (current_user and current_user.id == @ticket.created_by)) - end - def fetch_ticket @ticket = Ticket.find(params[:id]) - if !@ticket and admin? - redirect_to auto_tickets_path, :alert => t(:no_such_thing, :thing => 'ticket') - return + if !@ticket + if admin? + redirect_to auto_tickets_path, + alert: t(:no_such_thing, thing: 'ticket') + else + access_denied + end end + end + + def require_ticket_access access_denied unless ticket_access? end + def ticket_access? + admin? or + @ticket.created_by.blank? or + current_user.id == @ticket.created_by + end + def fetch_user if params[:user_id] @user = User.find(params[:user_id]) diff --git a/engines/support/app/views/tickets/new.html.haml b/engines/support/app/views/tickets/new.html.haml index ba86ac3..65ed67b 100644 --- a/engines/support/app/views/tickets/new.html.haml +++ b/engines/support/app/views/tickets/new.html.haml @@ -2,22 +2,14 @@ = render 'tickets/tabs' -- if admin? && @user - - email = @user.email_address - - regarding = @user.login -- elsif logged_in? - - email = current_user.email_address - - regarding = current_user.login +- user = @user if admin? +- user ||= current_user = simple_form_for @ticket, :validate => true, :html => {:class => 'form-horizontal'} do |f| = hidden_ticket_fields = f.input :subject - - if logged_in? - = f.input :email, input_html: {value: email} - = f.input :regarding_user, input_html: {value: regarding} - - else - = f.input :email - = f.input :regarding_user + = f.input :email, input_html: {value: user.email_address} + = f.input :regarding_user, input_html: {value: user.login} = f.simple_fields_for :comments, @comment do |c| = c.input :body, :label => t(:description), :as => :text, :input_html => {:class => "full-width", :rows=> 5} - if admin? diff --git a/engines/support/app/views/tickets/show.html.haml b/engines/support/app/views/tickets/show.html.haml index bbca4bf..4f3c127 100644 --- a/engines/support/app/views/tickets/show.html.haml +++ b/engines/support/app/views/tickets/show.html.haml @@ -7,6 +7,6 @@ = render :partial => 'tickets/comment', :collection => @ticket.comments %tr %td.user - = logged_in? ? current_user.login : t(:anonymous) + = current_user.login || t(:anonymous) %td.comment = render 'tickets/new_comment_form' diff --git a/test/functional/v1/certs_controller_test.rb b/test/functional/v1/certs_controller_test.rb index 2c70e52..fb8e9c4 100644 --- a/test/functional/v1/certs_controller_test.rb +++ b/test/functional/v1/certs_controller_test.rb @@ -2,43 +2,45 @@ require 'test_helper' class V1::CertsControllerTest < ActionController::TestCase - test "send limited cert without login" do - with_config allow_limited_certs: true, allow_anonymous_certs: true do - cert = stub :to_s => "limited cert" - ClientCertificate.expects(:new).with(:prefix => APP_CONFIG[:limited_cert_prefix]).returns(cert) + test "send unlimited cert without login" do + with_config allow_anonymous_certs: true do + cert = expect_cert('UNLIMITED') get :show assert_response :success assert_equal cert.to_s, @response.body end end - test "send unlimited cert" do - with_config allow_unlimited_certs: true do + test "send limited cert" do + with_config allow_limited_certs: true do login - cert = stub :to_s => "unlimited cert" - ClientCertificate.expects(:new).with(:prefix => APP_CONFIG[:unlimited_cert_prefix]).returns(cert) + cert = expect_cert('LIMITED') get :show assert_response :success assert_equal cert.to_s, @response.body end end - test "login required if anonymous certs disabled" do - with_config allow_anonymous_certs: false do - get :show - assert_response :redirect - end + test "send unlimited cert" do + login effective_service_level: ServiceLevel.new(id: 2) + cert = expect_cert('UNLIMITED') + get :show + assert_response :success + assert_equal cert.to_s, @response.body end - test "send limited cert" do - with_config allow_limited_certs: true, allow_unlimited_certs: false do - login - cert = stub :to_s => "real cert" - ClientCertificate.expects(:new).with(:prefix => APP_CONFIG[:limited_cert_prefix]).returns(cert) - get :show - assert_response :success - assert_equal cert.to_s, @response.body - end + test "redirect if no eip service offered" do + get :show + assert_response :redirect end + protected + + def expect_cert(prefix) + cert = stub :to_s => "#{prefix.downcase} cert" + ClientCertificate.expects(:new). + with(:prefix => prefix). + returns(cert) + return cert + end end diff --git a/test/functional/v1/services_controller_test.rb b/test/functional/v1/services_controller_test.rb new file mode 100644 index 0000000..e4058c0 --- /dev/null +++ b/test/functional/v1/services_controller_test.rb @@ -0,0 +1,31 @@ +require 'test_helper' + +class V1::ServicesControllerTest < ActionController::TestCase + + test "anonymous user gets login required service info" do + get :show, format: :json + assert_json_response name: 'anonymous', + eip_rate_limit: false, + description: 'please login to access our services' + end + + test "anonymous user gets vpn service info" do + with_config allow_anonymous_certs: true do + get :show, format: :json + assert_json_response name: 'anonymous', + eip_rate_limit: false, + description: 'anonymous access to the VPN' + end + end + + test "user can see their service info" do + login + get :show, format: :json + assert_json_response name: 'free', + eip_rate_limit: true, + description: 'free account, with rate limited VPN', + storage: 100 + end + +end + diff --git a/test/unit/anonymous_user_test.rb b/test/unit/anonymous_user_test.rb new file mode 100644 index 0000000..6e94d39 --- /dev/null +++ b/test/unit/anonymous_user_test.rb @@ -0,0 +1,23 @@ +require 'test_helper' + +class AnonymousUserTest < ActiveSupport::TestCase + + setup do + @anonymous = AnonymousUser.new + end + + test "has nil values" do + assert_nil @anonymous.id + assert_nil @anonymous.email_address + assert_nil @anonymous.login + end + + test "has no messages" do + assert_equal [], @anonymous.messages + end + + test "has anonymous service level" do + assert @anonymous.effective_service_level.is_a? AnonymousServiceLevel + end + +end diff --git a/test/unit/unauthenticated_user_test.rb b/test/unit/unauthenticated_user_test.rb deleted file mode 100644 index e5fafb8..0000000 --- a/test/unit/unauthenticated_user_test.rb +++ /dev/null @@ -1,7 +0,0 @@ -require 'test_helper' - -class UnauthenticatedUserTest < ActiveSupport::TestCase - # test "the truth" do - # assert true - # end -end |