summaryrefslogtreecommitdiff
path: root/users/app
diff options
context:
space:
mode:
Diffstat (limited to 'users/app')
-rw-r--r--users/app/controllers/controller_extension/authentication.rb47
-rw-r--r--users/app/controllers/controller_extension/token_authentication.rb23
-rw-r--r--users/app/controllers/email_settings_controller.rb41
-rw-r--r--users/app/controllers/v1/sessions_controller.rb2
-rw-r--r--users/app/controllers/v1/users_controller.rb16
-rw-r--r--users/app/models/account_settings.rb36
-rw-r--r--users/app/models/email.rb35
-rw-r--r--users/app/models/identity.rb82
-rw-r--r--users/app/models/local_email.rb68
-rw-r--r--users/app/models/login_format_validation.rb19
-rw-r--r--users/app/models/remote_email.rb14
-rw-r--r--users/app/models/session.rb6
-rw-r--r--users/app/models/signup_service.rb9
-rw-r--r--users/app/models/token.rb4
-rw-r--r--users/app/models/user.rb71
-rw-r--r--users/app/views/email_settings/edit.html.haml38
-rw-r--r--users/app/views/users/_edit.html.haml16
-rw-r--r--users/app/views/users/_warnings.html.haml2
18 files changed, 286 insertions, 243 deletions
diff --git a/users/app/controllers/controller_extension/authentication.rb b/users/app/controllers/controller_extension/authentication.rb
index 5fac884..dca3664 100644
--- a/users/app/controllers/controller_extension/authentication.rb
+++ b/users/app/controllers/controller_extension/authentication.rb
@@ -7,28 +7,8 @@ module ControllerExtension::Authentication
helper_method :current_user, :logged_in?, :admin?
end
- def authentication_errors
- return unless attempted_login?
- errors = get_warden_errors
- errors.inject({}) do |translated,err|
- translated[err.first] = I18n.t(err.last)
- translated
- end
- end
-
- def get_warden_errors
- if strategy = warden.winning_strategy
- message = strategy.message
- # in case we get back the default message to fail!
- message.respond_to?(:inject) ? message : { base: message }
- else
- { login: :all_strategies_failed }
- end
- end
-
- def attempted_login?
- request.env['warden.options'] &&
- request.env['warden.options'][:attempted_path]
+ def current_user
+ @current_user ||= token_authenticate || warden.user
end
def logged_in?
@@ -62,4 +42,27 @@ module ControllerExtension::Authentication
access_denied unless admin?
end
+ def authentication_errors
+ return unless attempted_login?
+ errors = get_warden_errors
+ errors.inject({}) do |translated,err|
+ translated[err.first] = I18n.t(err.last)
+ translated
+ end
+ end
+
+ def get_warden_errors
+ if strategy = warden.winning_strategy
+ message = strategy.message
+ # in case we get back the default message to fail!
+ message.respond_to?(:inject) ? message : { base: message }
+ else
+ { login: :all_strategies_failed }
+ end
+ end
+
+ def attempted_login?
+ request.env['warden.options'] &&
+ request.env['warden.options'][:attempted_path]
+ end
end
diff --git a/users/app/controllers/controller_extension/token_authentication.rb b/users/app/controllers/controller_extension/token_authentication.rb
new file mode 100644
index 0000000..3e2816d
--- /dev/null
+++ b/users/app/controllers/controller_extension/token_authentication.rb
@@ -0,0 +1,23 @@
+module ControllerExtension::TokenAuthentication
+ extend ActiveSupport::Concern
+
+ def token_authenticate
+ authenticate_with_http_token do |token_id, options|
+ @token = Token.find(token_id)
+ end
+ @token.user if @token
+ end
+
+ def logout
+ super
+ clear_token
+ end
+
+ def clear_token
+ authenticate_with_http_token do |token_id, options|
+ @token = Token.find(token_id)
+ @token.destroy if @token
+ end
+ end
+end
+
diff --git a/users/app/controllers/email_settings_controller.rb b/users/app/controllers/email_settings_controller.rb
deleted file mode 100644
index f7d85be..0000000
--- a/users/app/controllers/email_settings_controller.rb
+++ /dev/null
@@ -1,41 +0,0 @@
-class EmailSettingsController < UsersBaseController
-
- before_filter :authorize
- before_filter :fetch_user
-
- def edit
- @email_alias = LocalEmail.new
- end
-
- def update
- @user.attributes = cleanup_params(params[:user])
- if @user.changed?
- if @user.save
- flash[:notice] = t(:changes_saved)
- redirect
- else
- if @user.email_aliases.last && !@user.email_aliases.last.valid?
- # display bad alias in text field:
- @email_alias = @user.email_aliases.pop
- end
- render 'email_settings/edit'
- end
- else
- redirect
- end
- end
-
- private
-
- def redirect
- redirect_to edit_user_email_settings_url(@user)
- end
-
- def cleanup_params(user)
- if !user['email_forward'].nil? && user['email_forward'].empty?
- user.delete('email_forward') # don't allow "" as an email forward
- end
- user
- end
-
-end
diff --git a/users/app/controllers/v1/sessions_controller.rb b/users/app/controllers/v1/sessions_controller.rb
index 295c327..1b20a82 100644
--- a/users/app/controllers/v1/sessions_controller.rb
+++ b/users/app/controllers/v1/sessions_controller.rb
@@ -29,7 +29,7 @@ module V1
def destroy
logout
- redirect_to root_path
+ head :no_content
end
protected
diff --git a/users/app/controllers/v1/users_controller.rb b/users/app/controllers/v1/users_controller.rb
index fda56f2..f380c19 100644
--- a/users/app/controllers/v1/users_controller.rb
+++ b/users/app/controllers/v1/users_controller.rb
@@ -18,17 +18,23 @@ module V1
end
def create
- @user = User.create(params[:user])
+ @user = signup_service.register(params[:user])
respond_with @user # return ID instead?
end
def update
- @user.update_attributes params[:user]
- if @user.valid?
- flash[:notice] = t(:user_updated_successfully)
- end
+ account_settings.update params[:user]
respond_with @user
end
+ protected
+
+ def account_settings
+ AccountSettings.new(@user)
+ end
+
+ def signup_service
+ SignupService.new
+ end
end
end
diff --git a/users/app/models/account_settings.rb b/users/app/models/account_settings.rb
new file mode 100644
index 0000000..27fa227
--- /dev/null
+++ b/users/app/models/account_settings.rb
@@ -0,0 +1,36 @@
+class AccountSettings
+
+ def initialize(user)
+ @user = user
+ end
+
+ def update(attrs)
+ if attrs[:password_verifier].present?
+ update_login(attrs[:login])
+ @user.update_attributes attrs.slice(:password_verifier, :password_salt)
+ end
+ # TODO: move into identity controller
+ update_pgp_key(attrs[:public_key]) if attrs.has_key? :public_key
+ @user.save && save_identities
+ end
+
+ protected
+
+ def update_login(login)
+ return unless login.present?
+ @old_identity = Identity.for(@user)
+ @user.login = login
+ @new_identity = Identity.for(@user) # based on the new login
+ @old_identity.destination = @user.email_address # alias old -> new
+ end
+
+ def update_pgp_key(key)
+ @new_identity ||= Identity.for(@user)
+ @new_identity.set_key(:pgp, key)
+ end
+
+ def save_identities
+ @new_identity.try(:save) && @old_identity.try(:save)
+ end
+
+end
diff --git a/users/app/models/email.rb b/users/app/models/email.rb
index 6d82f2a..1bcff1c 100644
--- a/users/app/models/email.rb
+++ b/users/app/models/email.rb
@@ -1,33 +1,22 @@
-module Email
- extend ActiveSupport::Concern
+class Email < String
+ include ActiveModel::Validations
- included do
- validates :email,
- :format => {
- :with => /\A([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})\Z/,
- :message => "needs to be a valid email address"
- }
- end
-
- def initialize(attributes = nil, &block)
- attributes = {:email => attributes} if attributes.is_a? String
- super(attributes, &block)
- end
-
- def to_s
- email
- end
-
- def ==(other)
- other.is_a?(Email) ? self.email == other.email : self.email == other
- end
+ validates :email,
+ :format => {
+ :with => /\A([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})\Z/,
+ :message => "needs to be a valid email address"
+ }
def to_partial_path
"emails/email"
end
def to_param
- email
+ to_s
+ end
+
+ def email
+ self
end
end
diff --git a/users/app/models/identity.rb b/users/app/models/identity.rb
new file mode 100644
index 0000000..355f67a
--- /dev/null
+++ b/users/app/models/identity.rb
@@ -0,0 +1,82 @@
+class Identity < CouchRest::Model::Base
+
+ use_database :identities
+
+ belongs_to :user
+
+ property :address, LocalEmail
+ property :destination, Email
+ property :keys, HashWithIndifferentAccess
+
+ validate :unique_forward
+ validate :alias_available
+
+ design do
+ view :by_user_id
+ view :by_address_and_destination
+ view :by_address
+ view :pgp_key_by_email,
+ map: <<-EOJS
+ function(doc) {
+ if (doc.type != 'Identity') {
+ return;
+ }
+ emit(doc.address, doc.keys["pgp"]);
+ }
+ EOJS
+
+ end
+
+ def self.for(user, attributes = {})
+ find_for(user, attributes) || build_for(user, attributes)
+ end
+
+ def self.find_for(user, attributes = {})
+ attributes.reverse_merge! attributes_from_user(user)
+ find_by_address_and_destination [attributes[:address], attributes[:destination]]
+ end
+
+ def self.build_for(user, attributes = {})
+ attributes.reverse_merge! attributes_from_user(user)
+ Identity.new(attributes)
+ end
+
+ def self.create_for(user, attributes = {})
+ identity = build_for(user, attributes)
+ identity.save
+ identity
+ end
+
+ def self.attributes_from_user(user)
+ { user_id: user.id,
+ address: user.email_address,
+ destination: user.email_address
+ }
+ end
+
+ def keys
+ read_attribute('keys') || HashWithIndifferentAccess.new
+ end
+
+ def set_key(type, value)
+ return if keys[type] == value
+ write_attribute('keys', keys.merge(type => value))
+ end
+
+ protected
+
+ def unique_forward
+ same = Identity.find_by_address_and_destination([address, destination])
+ if same && same != self
+ errors.add :base, "This alias already exists"
+ end
+ end
+
+ def alias_available
+ same = Identity.find_by_address(address)
+ if same && same.user != self.user
+ errors.add :base, "This email has already been taken"
+ end
+ end
+
+end
diff --git a/users/app/models/local_email.rb b/users/app/models/local_email.rb
index 69cba01..c1f7c11 100644
--- a/users/app/models/local_email.rb
+++ b/users/app/models/local_email.rb
@@ -1,63 +1,39 @@
-class LocalEmail
- include CouchRest::Model::Embeddable
- include Email
+class LocalEmail < Email
- property :username, String
- before_validation :strip_domain_if_needed
-
- validates :username,
- :presence => true,
- :format => { :with => /\A([^@\s]+)(@#{APP_CONFIG[:domain]})?\Z/i, :message => "needs to be a valid login or email address @#{APP_CONFIG[:domain]}"}
-
- validate :unique_on_server
- validate :unique_alias_for_user
- validate :differs_from_login
-
- validates :casted_by, :presence => true
-
- def email
- return '' if username.nil?
- username + '@' + APP_CONFIG[:domain]
+ def self.domain
+ APP_CONFIG[:domain]
end
- def email=(value)
- return if value.blank?
- self.username = value
- strip_domain_if_needed
+ validates :email,
+ :format => {
+ :with => /@#{domain}\Z/i,
+ :message => "needs to end in @#{domain}"
+ }
+
+ def initialize(s)
+ super
+ append_domain_if_needed
end
def to_key
- [username]
+ [handle]
end
- protected
-
- def unique_on_server
- has_email = User.find_by_login_or_alias(username)
- if has_email && has_email != self.casted_by
- errors.add :username, "has already been taken"
- end
+ def handle
+ gsub(/@#{domain}/i, '')
end
- def unique_alias_for_user
- aliases = self.casted_by.email_aliases
- if aliases.select{|a|a.username == self.username}.count > 1
- errors.add :username, "is already your alias"
- end
+ def domain
+ LocalEmail.domain
end
- def differs_from_login
- # If this has not changed but the email let's mark the email invalid instead.
- return if self.persisted?
- user = self.casted_by
- if user.login == self.username
- errors.add :username, "may not be the same as your email address"
- end
- end
+ protected
- def strip_domain_if_needed
- self.username.gsub! /@#{APP_CONFIG[:domain]}/i, ''
+ def append_domain_if_needed
+ unless self.index('@')
+ self << '@' + domain
+ end
end
end
diff --git a/users/app/models/login_format_validation.rb b/users/app/models/login_format_validation.rb
new file mode 100644
index 0000000..1d02bd1
--- /dev/null
+++ b/users/app/models/login_format_validation.rb
@@ -0,0 +1,19 @@
+module LoginFormatValidation
+ extend ActiveSupport::Concern
+
+ included do
+ # Have multiple regular expression validations so we can get specific error messages:
+ validates :login,
+ :format => { :with => /\A.{2,}\z/,
+ :message => "Login must have at least two characters"}
+ validates :login,
+ :format => { :with => /\A[a-z\d_\.-]+\z/,
+ :message => "Only lowercase letters, digits, . - and _ allowed."}
+ validates :login,
+ :format => { :with => /\A[a-z].*\z/,
+ :message => "Login must begin with a lowercase letter"}
+ validates :login,
+ :format => { :with => /\A.*[a-z\d]\z/,
+ :message => "Login must end with a letter or digit"}
+ end
+end
diff --git a/users/app/models/remote_email.rb b/users/app/models/remote_email.rb
deleted file mode 100644
index 4fe7425..0000000
--- a/users/app/models/remote_email.rb
+++ /dev/null
@@ -1,14 +0,0 @@
-class RemoteEmail
- include CouchRest::Model::Embeddable
- include Email
-
- property :email, String
-
- def username
- email.spilt('@').first
- end
-
- def domain
- email.split('@').last
- end
-end
diff --git a/users/app/models/session.rb b/users/app/models/session.rb
index a9fdb1b..0d7e10e 100644
--- a/users/app/models/session.rb
+++ b/users/app/models/session.rb
@@ -1,12 +1,10 @@
class Session < SRP::Session
include ActiveModel::Validations
+ include LoginFormatValidation
attr_accessor :login
- validates :login,
- :presence => true,
- :format => { :with => /\A[A-Za-z\d_]+\z/,
- :message => "Only letters, digits and _ allowed" }
+ validates :login, :presence => true
def initialize(user = nil, aa = nil)
super(user, aa) if user
diff --git a/users/app/models/signup_service.rb b/users/app/models/signup_service.rb
new file mode 100644
index 0000000..f316ca9
--- /dev/null
+++ b/users/app/models/signup_service.rb
@@ -0,0 +1,9 @@
+class SignupService
+
+ def register(attrs)
+ User.create(attrs).tap do |user|
+ Identity.create_for user
+ end
+ end
+
+end
diff --git a/users/app/models/token.rb b/users/app/models/token.rb
index cc62778..514b97f 100644
--- a/users/app/models/token.rb
+++ b/users/app/models/token.rb
@@ -6,6 +6,10 @@ class Token < CouchRest::Model::Base
validates :user_id, presence: true
+ def user
+ User.find(self.user_id)
+ end
+
def initialize(*args)
super
self.id = SecureRandom.urlsafe_base64(32).gsub(/^_*/, '')
diff --git a/users/app/models/user.rb b/users/app/models/user.rb
index 413b4ac..c1988f3 100644
--- a/users/app/models/user.rb
+++ b/users/app/models/user.rb
@@ -1,4 +1,5 @@
class User < CouchRest::Model::Base
+ include LoginFormatValidation
use_database :users
@@ -6,11 +7,6 @@ class User < CouchRest::Model::Base
property :password_verifier, String, :accessible => true
property :password_salt, String, :accessible => true
- property :email_forward, String, :accessible => true
- property :email_aliases, [LocalEmail]
-
- property :public_key, :accessible => true
-
property :enabled, TrueClass, :default => true
validates :login, :password_salt, :password_verifier,
@@ -20,20 +16,6 @@ class User < CouchRest::Model::Base
:uniqueness => true,
:if => :serverside?
- # Have multiple regular expression validations so we can get specific error messages:
- validates :login,
- :format => { :with => /\A.{2,}\z/,
- :message => "Login must have at least two characters"}
- validates :login,
- :format => { :with => /\A[a-z\d_\.-]+\z/,
- :message => "Only lowercase letters, digits, . - and _ allowed."}
- validates :login,
- :format => { :with => /\A[a-z].*\z/,
- :message => "Login must begin with a lowercase letter"}
- validates :login,
- :format => { :with => /\A.*[a-z\d]\z/,
- :message => "Login must end with a letter or digit"}
-
validate :login_is_unique_alias
validates :password_salt, :password_verifier,
@@ -43,10 +25,6 @@ class User < CouchRest::Model::Base
:confirmation => true,
:format => { :with => /.{8}.*/, :message => "needs to be at least 8 characters long" }
- validates :email_forward,
- :allow_blank => true,
- :format => { :with => /\A(([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,}))?\Z/, :message => "needs to be a valid email address"}
-
timestamps!
design do
@@ -54,19 +32,6 @@ class User < CouchRest::Model::Base
load_views(own_path.join('..', 'designs', 'user'))
view :by_login
view :by_created_at
- view :pgp_key_by_handle,
- map: <<-EOJS
- function(doc) {
- if (doc.type != 'User') {
- return;
- }
- emit(doc.login, doc.public_key);
- doc.email_aliases.forEach(function(alias){
- emit(alias.username, doc.public_key);
- });
- }
- EOJS
-
end # end of design
class << self
@@ -105,16 +70,30 @@ class User < CouchRest::Model::Base
APP_CONFIG['admins'].include? self.login
end
- # this currently only adds the first email address submitted.
- # All the ui needs for now.
- def email_aliases_attributes=(attrs)
- email_aliases.build(attrs.values.first) if attrs
- end
-
def most_recent_tickets(count=3)
Ticket.for_user(self).limit(count).all #defaults to having most recent updated first
end
+ # DEPRECATED
+ #
+ # Please set the key on the identity directly
+ # WARNING: This will not be serialized with the user record!
+ # It is only a workaround for the key form.
+ def public_key=(value)
+ identity.set_key(:pgp, value)
+ end
+
+ # DEPRECATED
+ #
+ # Please access identity.keys[:pgp] directly
+ def public_key
+ identity.keys[:pgp]
+ end
+
+ def identity
+ @identity ||= Identity.for(self)
+ end
+
protected
##
@@ -122,12 +101,10 @@ class User < CouchRest::Model::Base
##
def login_is_unique_alias
- has_alias = User.find_by_login_or_alias(username)
- return if has_alias.nil?
- if has_alias != self
+ alias_identity = Identity.find_by_address(self.email_address)
+ return if alias_identity.blank?
+ if alias_identity.user != self
errors.add(:login, "has already been taken")
- elsif has_alias.login != self.login
- errors.add(:login, "may not be the same as one of your aliases")
end
end
diff --git a/users/app/views/email_settings/edit.html.haml b/users/app/views/email_settings/edit.html.haml
deleted file mode 100644
index 7757a31..0000000
--- a/users/app/views/email_settings/edit.html.haml
+++ /dev/null
@@ -1,38 +0,0 @@
-- form_options = {:url => user_email_settings_path(@user), :html => {:class => 'form-horizontal'}, :validate => true}
-- alias_error_class = @email_alias.username && !@email_alias.valid? ? 'error' : ''
-
-- content_for :head do
- :css
- table.aliases tr:first-child td {
- border-top: none;
- }
-
-= simple_form_for @user, form_options.dup do |f|
- %legend= t(:email_aliases)
- .control-group
- %label.control-label= t(:current_aliases)
- .controls
- %table.table.table-condensed.no-header.slim.aliases
- - if @user.email_aliases.any?
- - @user.email_aliases.each do |email|
- %tr
- %td= email
- %td= link_to(icon(:remove) + t(:remove), user_email_alias_path(@user, email), :method => :delete)
- - else
- %tr
- %td{:colspan=>2}= t(:none)
- .control-group{:class => alias_error_class}
- %label.control-label= t(:add_email_alias)
- .controls
- = f.simple_fields_for :email_aliases, @email_alias do |e|
- .input-append
- = e.input_field :username
- = e.submit t(:add), :class => 'btn'
- = e.error :username
-
-= simple_form_for @user, form_options do |f|
- %legend= t(:advanced_options)
- = f.input :email_forward
- = f.input :public_key, :as => :text, :hint => t(:use_ascii_key), :input_html => {:class => "full-width", :rows => 4}
- .form-actions
- = f.submit t(:save), :class => 'btn btn-primary'
diff --git a/users/app/views/users/_edit.html.haml b/users/app/views/users/_edit.html.haml
index 0402f37..5f74d32 100644
--- a/users/app/views/users/_edit.html.haml
+++ b/users/app/views/users/_edit.html.haml
@@ -23,6 +23,20 @@
= f.submit t(:save), :class => 'btn btn-primary'
-#
+-# CHANGE PGP KEY
+-#
+-# this will be replaced by a identities controller/view at some point
+-#
+
+- form_options = {:html => {:class => user_form_class('form-horizontal'), :id => 'update_pgp_key'}, :validate => true}
+= simple_form_for [:api, @user], form_options do |f|
+ %legend= t(:advanced_options)
+ = f.input :public_key, :as => :text, :hint => t(:use_ascii_key), :input_html => {:class => "full-width", :rows => 4}
+ .control-group
+ .controls
+ = f.submit t(:save), :class => 'btn'
+
+-#
-# DESTROY ACCOUNT
-#
@@ -48,4 +62,4 @@
%p= t(:enable_description)
= link_to enable_user_path(@user), :method => :post, :class => "btn btn-warning" do
%i.icon-ok.icon-white
- = t(:enable) \ No newline at end of file
+ = t(:enable)
diff --git a/users/app/views/users/_warnings.html.haml b/users/app/views/users/_warnings.html.haml
index 7e0b2ce..79ab103 100644
--- a/users/app/views/users/_warnings.html.haml
+++ b/users/app/views/users/_warnings.html.haml
@@ -1,5 +1,5 @@
%noscript
- %div.alert.alert-error=t :js_required
+ %div.alert.alert-error=t :js_required_html
#cookie_warning.alert.alert-error{:style => "display:none"}
=t :cookie_disabled_warning
:javascript