summaryrefslogtreecommitdiff
path: root/users
diff options
context:
space:
mode:
Diffstat (limited to 'users')
m---------users/app/assets/javascripts/srp0
-rw-r--r--users/app/assets/javascripts/users.js.coffee26
-rw-r--r--users/app/controllers/controller_extension/authentication.rb8
-rw-r--r--users/app/controllers/sessions_controller.rb6
-rw-r--r--users/app/models/session.rb34
-rw-r--r--users/app/models/user.rb2
-rw-r--r--users/app/views/sessions/new.html.haml2
-rw-r--r--users/config/locales/en.yml2
-rw-r--r--users/lib/warden/strategies/secure_remote_password.rb4
-rw-r--r--users/test/functional/sessions_controller_test.rb9
-rw-r--r--users/test/integration/api/account_flow_test.rb39
11 files changed, 92 insertions, 40 deletions
diff --git a/users/app/assets/javascripts/srp b/users/app/assets/javascripts/srp
-Subproject efac662cdf31bc4b61ffb97b8c398e22a86c364
+Subproject 076d6e251e4caf826787d87b11434e535960455
diff --git a/users/app/assets/javascripts/users.js.coffee b/users/app/assets/javascripts/users.js.coffee
index ab437f6..d0ec32f 100644
--- a/users/app/assets/javascripts/users.js.coffee
+++ b/users/app/assets/javascripts/users.js.coffee
@@ -27,21 +27,27 @@ validOrAbort = (event) ->
abortIfErrors()
-signup = (event) ->
- srp = new SRP(jqueryRest())
- srp.register ->
- window.location = '/'
-login = (event) ->
- srp = new SRP(jqueryRest())
- srp.identify ->
- window.location = '/'
+srp.session = new srp.Session()
+srp.signedUp = ->
+ window.location = '/'
+srp.loggedIn = ->
+ window.location = '/'
+
+srp.error = (message) ->
+ if $.isPlainObject(message) && message.errors
+ for field, error of message.errors
+ element = $('form input[name="session['+field+']"]')
+ next unless element
+ element.trigger('element:validate:fail.ClientSideValidations', error).data('valid', false)
+ else
+ alert(message)
$(document).ready ->
$('#new_user').submit preventDefault
$('#new_user').submit validOrAbort
- $('#new_user').submit signup
+ $('#new_user').submit srp.signup
$('#new_session').submit preventDefault
- $('#new_session').submit login
+ $('#new_session').submit srp.login
diff --git a/users/app/controllers/controller_extension/authentication.rb b/users/app/controllers/controller_extension/authentication.rb
index 87f7921..6ac7a5b 100644
--- a/users/app/controllers/controller_extension/authentication.rb
+++ b/users/app/controllers/controller_extension/authentication.rb
@@ -7,8 +7,12 @@ module ControllerExtension::Authentication
helper_method :current_user, :logged_in?, :admin?
end
- def authentication_error
- warden.winning_strategy.try(:message)
+ def authentication_errors
+ return unless errors = warden.winning_strategy.try(:message)
+ errors.inject({}) do |translated,err|
+ translated[err.first] = I18n.t(err.last)
+ translated
+ end
end
def logged_in?
diff --git a/users/app/controllers/sessions_controller.rb b/users/app/controllers/sessions_controller.rb
index 486f67e..bc910b5 100644
--- a/users/app/controllers/sessions_controller.rb
+++ b/users/app/controllers/sessions_controller.rb
@@ -3,7 +3,11 @@ class SessionsController < ApplicationController
skip_before_filter :verify_authenticity_token
def new
- @errors = authentication_error
+ @session = Session.new
+ if authentication_errors
+ @errors = authentication_errors
+ render :status => 422
+ end
end
def create
diff --git a/users/app/models/session.rb b/users/app/models/session.rb
new file mode 100644
index 0000000..a9fdb1b
--- /dev/null
+++ b/users/app/models/session.rb
@@ -0,0 +1,34 @@
+class Session < SRP::Session
+ include ActiveModel::Validations
+
+ attr_accessor :login
+
+ validates :login,
+ :presence => true,
+ :format => { :with => /\A[A-Za-z\d_]+\z/,
+ :message => "Only letters, digits and _ allowed" }
+
+ def initialize(user = nil, aa = nil)
+ super(user, aa) if user
+ end
+
+ def persisted?
+ false
+ end
+
+ def new_record?
+ true
+ end
+
+ def to_model
+ self
+ end
+
+ def to_key
+ [object_id]
+ end
+
+ def to_param
+ nil
+ end
+end
diff --git a/users/app/models/user.rb b/users/app/models/user.rb
index 824c439..507eda5 100644
--- a/users/app/models/user.rb
+++ b/users/app/models/user.rb
@@ -36,7 +36,7 @@ class User < CouchRest::Model::Base
# valid set of attributes for testing
def valid_attributes_hash
{ :login => "me",
- :password_verifier => "1234ABC",
+ :password_verifier => "1234ABCD",
:password_salt => "4321AB" }
end
diff --git a/users/app/views/sessions/new.html.haml b/users/app/views/sessions/new.html.haml
index c91d3f2..a04f584 100644
--- a/users/app/views/sessions/new.html.haml
+++ b/users/app/views/sessions/new.html.haml
@@ -1,6 +1,6 @@
.span8.offset2
%h2=t :login
- = simple_form_for :session, :url => sessions_path, :html => { :id => :new_session, :class => 'form-horizontal' } do |f|
+ = simple_form_for @session, :validate => true, :html => { :id => :new_session, :class => 'form-horizontal' } do |f|
%legend=t :login_message
= f.input :login, :input_html => { :id => :srp_username }
= f.input :password, :required => true, :input_html => { :id => :srp_password }
diff --git a/users/config/locales/en.yml b/users/config/locales/en.yml
index 172b85f..be3f28e 100644
--- a/users/config/locales/en.yml
+++ b/users/config/locales/en.yml
@@ -4,3 +4,5 @@ en:
cancel: "Cancel"
login: "Login"
login_message: "Please login with your account."
+ wrong_password: "wrong password"
+ user_not_found: "could not be found"
diff --git a/users/lib/warden/strategies/secure_remote_password.rb b/users/lib/warden/strategies/secure_remote_password.rb
index 8266e2d..95570e0 100644
--- a/users/lib/warden/strategies/secure_remote_password.rb
+++ b/users/lib/warden/strategies/secure_remote_password.rb
@@ -26,7 +26,7 @@ module Warden
def validate!
user = session[:handshake].authenticate(params['client_auth'].hex)
- user ? success!(user) : fail!(:password => "Could not log in")
+ user ? success!(user) : fail!(:password => "wrong_password")
end
def initialize!
@@ -34,7 +34,7 @@ module Warden
session[:handshake] = user.initialize_auth(params['A'].hex)
custom! json_response(session[:handshake])
rescue RECORD_NOT_FOUND
- fail! :login => "User not found!"
+ fail! :login => "user_not_found"
end
def json_response(object)
diff --git a/users/test/functional/sessions_controller_test.rb b/users/test/functional/sessions_controller_test.rb
index 8f2d95c..93cc032 100644
--- a/users/test/functional/sessions_controller_test.rb
+++ b/users/test/functional/sessions_controller_test.rb
@@ -26,11 +26,12 @@ class SessionsControllerTest < ActionController::TestCase
end
test "renders warden errors" do
- strategy = stub :message => "Warden auth did not work"
- request.env['warden'].expects(:winning_strategy).returns(strategy)
+ strategy = stub :message => {:field => :translate_me}
+ request.env['warden'].stubs(:winning_strategy).returns(strategy)
+ I18n.expects(:t).with(:translate_me).at_least_once.returns("translation stub")
get :new, :format => :json
- assert_response :success
- assert_json_response :errors => strategy.message
+ assert_response 422
+ assert_json_response :errors => {"field" => "translation stub"}
end
# Warden takes care of parsing the params and
diff --git a/users/test/integration/api/account_flow_test.rb b/users/test/integration/api/account_flow_test.rb
index c9a7109..4135485 100644
--- a/users/test/integration/api/account_flow_test.rb
+++ b/users/test/integration/api/account_flow_test.rb
@@ -16,24 +16,6 @@ class AccountFlowTest < ActiveSupport::TestCase
Warden.test_reset!
end
- # this test wraps the api and implements the interface the ruby-srp client.
- def handshake(login, aa)
- post "/sessions.json", :login => login, 'A' => aa.to_s(16), :format => :json
- assert last_response.successful?
- response = JSON.parse(last_response.body)
- if response['errors']
- raise RECORD_NOT_FOUND.new(response['errors'])
- else
- return response['B'].hex
- end
- end
-
- def validate(m)
- put "/sessions/" + @login + '.json', :client_auth => m.to_s(16), :format => :json
- assert last_response.successful?
- return JSON.parse(last_response.body)
- end
-
def setup
@login = "integration_test_user"
User.find_by_login(@login).tap{|u| u.destroy if u}
@@ -52,6 +34,22 @@ class AccountFlowTest < ActiveSupport::TestCase
@user.destroy if @user # make sure we can run this test again
end
+ # this test wraps the api and implements the interface the ruby-srp client.
+ def handshake(login, aa)
+ post "/sessions.json", :login => login, 'A' => aa.to_s(16), :format => :json
+ response = JSON.parse(last_response.body)
+ if response['errors']
+ raise RECORD_NOT_FOUND.new(response['errors'])
+ else
+ return response['B'].hex
+ end
+ end
+
+ def validate(m)
+ put "/sessions/" + @login + '.json', :client_auth => m.to_s(16), :format => :json
+ return JSON.parse(last_response.body)
+ end
+
test "signup response" do
assert_json_response :login => @login, :ok => true
assert last_response.successful?
@@ -59,6 +57,7 @@ class AccountFlowTest < ActiveSupport::TestCase
test "signup and login with srp via api" do
server_auth = @srp.authenticate(self)
+ assert last_response.successful?
assert_nil server_auth["errors"]
assert server_auth["M2"]
end
@@ -66,7 +65,8 @@ class AccountFlowTest < ActiveSupport::TestCase
test "signup and wrong password login attempt" do
srp = SRP::Client.new(@login, "wrong password")
server_auth = srp.authenticate(self)
- assert_equal "Could not log in", server_auth["errors"]['password']
+ assert !last_response.successful?
+ assert_equal "wrong password", server_auth["errors"]['password']
assert_nil server_auth["M2"]
end
@@ -76,6 +76,7 @@ class AccountFlowTest < ActiveSupport::TestCase
assert_raises RECORD_NOT_FOUND do
server_auth = srp.authenticate(self)
end
+ assert !last_response.successful?
assert_nil server_auth
end