diff options
-rw-r--r-- | app/views/layouts/_navigation.html.haml | 9 | ||||
m--------- | users/app/assets/javascripts/srp | 0 | ||||
-rw-r--r-- | users/app/assets/javascripts/users.js.coffee | 26 | ||||
-rw-r--r-- | users/app/controllers/controller_extension/authentication.rb | 8 | ||||
-rw-r--r-- | users/app/controllers/sessions_controller.rb | 6 | ||||
-rw-r--r-- | users/app/models/session.rb | 34 | ||||
-rw-r--r-- | users/app/models/user.rb | 2 | ||||
-rw-r--r-- | users/app/views/sessions/new.html.haml | 2 | ||||
-rw-r--r-- | users/config/locales/en.yml | 2 | ||||
-rw-r--r-- | users/lib/warden/strategies/secure_remote_password.rb | 4 | ||||
-rw-r--r-- | users/test/functional/sessions_controller_test.rb | 9 | ||||
-rw-r--r-- | users/test/integration/api/account_flow_test.rb | 39 |
12 files changed, 96 insertions, 45 deletions
diff --git a/app/views/layouts/_navigation.html.haml b/app/views/layouts/_navigation.html.haml index e72586a..b75eed7 100644 --- a/app/views/layouts/_navigation.html.haml +++ b/app/views/layouts/_navigation.html.haml @@ -1,7 +1,6 @@ = link_to "Leap Web", root_path, :class => 'brand' -.nav-collapse.collapse - %ul.nav - // = render '/tickets/nav' +%ul.nav + // = render '/tickets/nav' - %ul.nav.pull-right - = render '/sessions/nav' +%ul.nav.pull-right + = render '/sessions/nav' diff --git a/users/app/assets/javascripts/srp b/users/app/assets/javascripts/srp -Subproject efac662cdf31bc4b61ffb97b8c398e22a86c364 +Subproject 076d6e251e4caf826787d87b11434e535960455 diff --git a/users/app/assets/javascripts/users.js.coffee b/users/app/assets/javascripts/users.js.coffee index ab437f6..d0ec32f 100644 --- a/users/app/assets/javascripts/users.js.coffee +++ b/users/app/assets/javascripts/users.js.coffee @@ -27,21 +27,27 @@ validOrAbort = (event) -> abortIfErrors() -signup = (event) -> - srp = new SRP(jqueryRest()) - srp.register -> - window.location = '/' -login = (event) -> - srp = new SRP(jqueryRest()) - srp.identify -> - window.location = '/' +srp.session = new srp.Session() +srp.signedUp = -> + window.location = '/' +srp.loggedIn = -> + window.location = '/' + +srp.error = (message) -> + if $.isPlainObject(message) && message.errors + for field, error of message.errors + element = $('form input[name="session['+field+']"]') + next unless element + element.trigger('element:validate:fail.ClientSideValidations', error).data('valid', false) + else + alert(message) $(document).ready -> $('#new_user').submit preventDefault $('#new_user').submit validOrAbort - $('#new_user').submit signup + $('#new_user').submit srp.signup $('#new_session').submit preventDefault - $('#new_session').submit login + $('#new_session').submit srp.login diff --git a/users/app/controllers/controller_extension/authentication.rb b/users/app/controllers/controller_extension/authentication.rb index 87f7921..6ac7a5b 100644 --- a/users/app/controllers/controller_extension/authentication.rb +++ b/users/app/controllers/controller_extension/authentication.rb @@ -7,8 +7,12 @@ module ControllerExtension::Authentication helper_method :current_user, :logged_in?, :admin? end - def authentication_error - warden.winning_strategy.try(:message) + def authentication_errors + return unless errors = warden.winning_strategy.try(:message) + errors.inject({}) do |translated,err| + translated[err.first] = I18n.t(err.last) + translated + end end def logged_in? diff --git a/users/app/controllers/sessions_controller.rb b/users/app/controllers/sessions_controller.rb index 486f67e..bc910b5 100644 --- a/users/app/controllers/sessions_controller.rb +++ b/users/app/controllers/sessions_controller.rb @@ -3,7 +3,11 @@ class SessionsController < ApplicationController skip_before_filter :verify_authenticity_token def new - @errors = authentication_error + @session = Session.new + if authentication_errors + @errors = authentication_errors + render :status => 422 + end end def create diff --git a/users/app/models/session.rb b/users/app/models/session.rb new file mode 100644 index 0000000..a9fdb1b --- /dev/null +++ b/users/app/models/session.rb @@ -0,0 +1,34 @@ +class Session < SRP::Session + include ActiveModel::Validations + + attr_accessor :login + + validates :login, + :presence => true, + :format => { :with => /\A[A-Za-z\d_]+\z/, + :message => "Only letters, digits and _ allowed" } + + def initialize(user = nil, aa = nil) + super(user, aa) if user + end + + def persisted? + false + end + + def new_record? + true + end + + def to_model + self + end + + def to_key + [object_id] + end + + def to_param + nil + end +end diff --git a/users/app/models/user.rb b/users/app/models/user.rb index 824c439..507eda5 100644 --- a/users/app/models/user.rb +++ b/users/app/models/user.rb @@ -36,7 +36,7 @@ class User < CouchRest::Model::Base # valid set of attributes for testing def valid_attributes_hash { :login => "me", - :password_verifier => "1234ABC", + :password_verifier => "1234ABCD", :password_salt => "4321AB" } end diff --git a/users/app/views/sessions/new.html.haml b/users/app/views/sessions/new.html.haml index c91d3f2..a04f584 100644 --- a/users/app/views/sessions/new.html.haml +++ b/users/app/views/sessions/new.html.haml @@ -1,6 +1,6 @@ .span8.offset2 %h2=t :login - = simple_form_for :session, :url => sessions_path, :html => { :id => :new_session, :class => 'form-horizontal' } do |f| + = simple_form_for @session, :validate => true, :html => { :id => :new_session, :class => 'form-horizontal' } do |f| %legend=t :login_message = f.input :login, :input_html => { :id => :srp_username } = f.input :password, :required => true, :input_html => { :id => :srp_password } diff --git a/users/config/locales/en.yml b/users/config/locales/en.yml index 172b85f..be3f28e 100644 --- a/users/config/locales/en.yml +++ b/users/config/locales/en.yml @@ -4,3 +4,5 @@ en: cancel: "Cancel" login: "Login" login_message: "Please login with your account." + wrong_password: "wrong password" + user_not_found: "could not be found" diff --git a/users/lib/warden/strategies/secure_remote_password.rb b/users/lib/warden/strategies/secure_remote_password.rb index 8266e2d..95570e0 100644 --- a/users/lib/warden/strategies/secure_remote_password.rb +++ b/users/lib/warden/strategies/secure_remote_password.rb @@ -26,7 +26,7 @@ module Warden def validate! user = session[:handshake].authenticate(params['client_auth'].hex) - user ? success!(user) : fail!(:password => "Could not log in") + user ? success!(user) : fail!(:password => "wrong_password") end def initialize! @@ -34,7 +34,7 @@ module Warden session[:handshake] = user.initialize_auth(params['A'].hex) custom! json_response(session[:handshake]) rescue RECORD_NOT_FOUND - fail! :login => "User not found!" + fail! :login => "user_not_found" end def json_response(object) diff --git a/users/test/functional/sessions_controller_test.rb b/users/test/functional/sessions_controller_test.rb index 8f2d95c..93cc032 100644 --- a/users/test/functional/sessions_controller_test.rb +++ b/users/test/functional/sessions_controller_test.rb @@ -26,11 +26,12 @@ class SessionsControllerTest < ActionController::TestCase end test "renders warden errors" do - strategy = stub :message => "Warden auth did not work" - request.env['warden'].expects(:winning_strategy).returns(strategy) + strategy = stub :message => {:field => :translate_me} + request.env['warden'].stubs(:winning_strategy).returns(strategy) + I18n.expects(:t).with(:translate_me).at_least_once.returns("translation stub") get :new, :format => :json - assert_response :success - assert_json_response :errors => strategy.message + assert_response 422 + assert_json_response :errors => {"field" => "translation stub"} end # Warden takes care of parsing the params and diff --git a/users/test/integration/api/account_flow_test.rb b/users/test/integration/api/account_flow_test.rb index c9a7109..4135485 100644 --- a/users/test/integration/api/account_flow_test.rb +++ b/users/test/integration/api/account_flow_test.rb @@ -16,24 +16,6 @@ class AccountFlowTest < ActiveSupport::TestCase Warden.test_reset! end - # this test wraps the api and implements the interface the ruby-srp client. - def handshake(login, aa) - post "/sessions.json", :login => login, 'A' => aa.to_s(16), :format => :json - assert last_response.successful? - response = JSON.parse(last_response.body) - if response['errors'] - raise RECORD_NOT_FOUND.new(response['errors']) - else - return response['B'].hex - end - end - - def validate(m) - put "/sessions/" + @login + '.json', :client_auth => m.to_s(16), :format => :json - assert last_response.successful? - return JSON.parse(last_response.body) - end - def setup @login = "integration_test_user" User.find_by_login(@login).tap{|u| u.destroy if u} @@ -52,6 +34,22 @@ class AccountFlowTest < ActiveSupport::TestCase @user.destroy if @user # make sure we can run this test again end + # this test wraps the api and implements the interface the ruby-srp client. + def handshake(login, aa) + post "/sessions.json", :login => login, 'A' => aa.to_s(16), :format => :json + response = JSON.parse(last_response.body) + if response['errors'] + raise RECORD_NOT_FOUND.new(response['errors']) + else + return response['B'].hex + end + end + + def validate(m) + put "/sessions/" + @login + '.json', :client_auth => m.to_s(16), :format => :json + return JSON.parse(last_response.body) + end + test "signup response" do assert_json_response :login => @login, :ok => true assert last_response.successful? @@ -59,6 +57,7 @@ class AccountFlowTest < ActiveSupport::TestCase test "signup and login with srp via api" do server_auth = @srp.authenticate(self) + assert last_response.successful? assert_nil server_auth["errors"] assert server_auth["M2"] end @@ -66,7 +65,8 @@ class AccountFlowTest < ActiveSupport::TestCase test "signup and wrong password login attempt" do srp = SRP::Client.new(@login, "wrong password") server_auth = srp.authenticate(self) - assert_equal "Could not log in", server_auth["errors"]['password'] + assert !last_response.successful? + assert_equal "wrong password", server_auth["errors"]['password'] assert_nil server_auth["M2"] end @@ -76,6 +76,7 @@ class AccountFlowTest < ActiveSupport::TestCase assert_raises RECORD_NOT_FOUND do server_auth = srp.authenticate(self) end + assert !last_response.successful? assert_nil server_auth end |