From a6de1561461cc719fddd8175c93588a47513a4b8 Mon Sep 17 00:00:00 2001 From: jessib Date: Fri, 5 Oct 2012 15:41:03 -0700 Subject: Rough code to add & comment on tickets. --- Gemfile | 2 +- app/views/home/index.html.haml | 8 +++++ help/app/controllers/tickets_controller.rb | 41 +++++++++++++++++++++++++ help/app/models/ticket.rb | 15 ++++++--- help/app/models/ticket_comment.rb | 12 +++++--- help/app/views/tickets/_comment.html.haml | 10 ++++++ help/app/views/tickets/_new_comment.html.haml | 2 ++ help/app/views/tickets/index.html.haml | 5 +++ help/app/views/tickets/new.html.haml | 14 +++++++++ help/app/views/tickets/show.html.haml | 10 ++++++ help/config/routes.rb | 3 ++ help/test/functional/tickets_controller_test.rb | 15 +++++++++ help/test/unit/ticket_comment_test.rb | 11 ++++--- help/test/unit/ticket_test.rb | 8 +++-- users/app/models/user.rb | 4 +++ 15 files changed, 143 insertions(+), 17 deletions(-) create mode 100644 help/app/controllers/tickets_controller.rb create mode 100644 help/app/views/tickets/_comment.html.haml create mode 100644 help/app/views/tickets/_new_comment.html.haml create mode 100644 help/app/views/tickets/index.html.haml create mode 100644 help/app/views/tickets/new.html.haml create mode 100644 help/app/views/tickets/show.html.haml create mode 100644 help/test/functional/tickets_controller_test.rb diff --git a/Gemfile b/Gemfile index 0bdea00..7666805 100644 --- a/Gemfile +++ b/Gemfile @@ -16,7 +16,7 @@ group :assets do gem 'coffee-rails', '~> 3.2.2' # See https://github.com/sstephenson/execjs#readme for more supported runtimes - # gem 'therubyracer', :platforms => :ruby + gem 'therubyracer', :platforms => :ruby gem 'uglifier', '>= 1.2.7' end diff --git a/app/views/home/index.html.haml b/app/views/home/index.html.haml index 11f18de..c27ba75 100644 --- a/app/views/home/index.html.haml +++ b/app/views/home/index.html.haml @@ -2,3 +2,11 @@ Try to fetch a = link_to "cert", cert_path + +%p +Try to create a += link_to "ticket", new_ticket_path + +%p +See all += link_to "tickets", tickets_path \ No newline at end of file diff --git a/help/app/controllers/tickets_controller.rb b/help/app/controllers/tickets_controller.rb new file mode 100644 index 0000000..9383d7e --- /dev/null +++ b/help/app/controllers/tickets_controller.rb @@ -0,0 +1,41 @@ +class TicketsController < ApplicationController + + def new + @ticket = Ticket.new + end + + def create + # @ticket = Ticket.new :posted_by => current_user + @ticket = Ticket.new :created_by => User.current_test.id + @ticket.attributes = params[:ticket] + + add_comment + redirect_to @ticket + end + + def show + @ticket = Ticket.find(params[:id]) + end + + def update + @ticket = Ticket.find(params[:id]) + add_comment + redirect_to @ticket + end + + def index + @tickets = Ticket.by_title #not actually what we will want + end + + private + + def add_comment + comment = TicketComment.new(params[:comment]) + #comment.posted_by = current_user #could be nil + comment.posted_by = User.current_test.id #could be nil + comment.posted_at = Time.now # TODO: it seems strange to have this here, and not in model. + @ticket.comments << comment + @ticket.save + end + +end diff --git a/help/app/models/ticket.rb b/help/app/models/ticket.rb index 784d7ef..355ae02 100644 --- a/help/app/models/ticket.rb +++ b/help/app/models/ticket.rb @@ -29,7 +29,8 @@ class Ticket < CouchRest::Model::Base timestamps! - before_validation :set_created_by, :set_code, :on => :create + #before_validation :set_created_by, :set_code, :set_email, :on => :create + before_validation :set_code, :set_email, :on => :create design do view :by_title @@ -38,9 +39,10 @@ class Ticket < CouchRest::Model::Base validates :email, :format => /\A([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})\Z/, :if => :email #email address is optional - def set_created_by - self.created_by = User.current if User.current - end + #TODO: + #def set_created_by + # self.created_by = User.current if User.current + #end def is_creator_validated? !!created_by @@ -51,6 +53,11 @@ class Ticket < CouchRest::Model::Base self.code = SecureRandom.hex(8) if !is_creator_validated? end + + def set_email + #self.email = current users email if is_creator_validated? + end + def close self.is_open = false save diff --git a/help/app/models/ticket_comment.rb b/help/app/models/ticket_comment.rb index 652133a..6b6b4db 100644 --- a/help/app/models/ticket_comment.rb +++ b/help/app/models/ticket_comment.rb @@ -2,13 +2,13 @@ class TicketComment include CouchRest::Model::Embeddable #belongs_to :ticket #is this best way to do it? will want to access all of a tickets comments, so maybe this isn't the way? - property :posted_by, Integer, :protected => true# maybe this should be current_user if that is set, meaning the user is logged in #String # user?? + property :posted_by, Integer#, :protected => true# maybe this should be current_user if that is set, meaning the user is logged in #String # user?? # if the current user is not set, then we could just say the comment comes from an 'unauthenticated user', which would be somebody with the secret URL - property :posted_at, Time, :protected => true + property :posted_at, Time#, :protected => true #property :posted_verified, TrueClass, :protected => true #should be true if current_user is set when the comment is created property :body, String - before_validation :set_time#, :set_posted_by + #before_validation :set_time#, :set_posted_by #design do # view :by_posted_at @@ -18,10 +18,14 @@ class TicketComment def is_comment_validated? !!posted_by end - + +=begin + #TODO. + #this is resetting all comments associated with the ticket: def set_time self.posted_at = Time.now end +=end =begin def set_posted_by diff --git a/help/app/views/tickets/_comment.html.haml b/help/app/views/tickets/_comment.html.haml new file mode 100644 index 0000000..77e29b8 --- /dev/null +++ b/help/app/views/tickets/_comment.html.haml @@ -0,0 +1,10 @@ +%div + - if User.find(comment.posted_by) + Posted by + = User.find(comment.posted_by).login + %p + Posted at + = comment.posted_at + %p + = comment.body + %p \ No newline at end of file diff --git a/help/app/views/tickets/_new_comment.html.haml b/help/app/views/tickets/_new_comment.html.haml new file mode 100644 index 0000000..bf88da6 --- /dev/null +++ b/help/app/views/tickets/_new_comment.html.haml @@ -0,0 +1,2 @@ += simple_fields_for :comment do |c| + = c.input :body, :label => 'Comment', :as => :text diff --git a/help/app/views/tickets/index.html.haml b/help/app/views/tickets/index.html.haml new file mode 100644 index 0000000..55bfa79 --- /dev/null +++ b/help/app/views/tickets/index.html.haml @@ -0,0 +1,5 @@ +%h2 Tickets +- @tickets.each do |ticket| + %p + = link_to ticket.title, ticket += #render(:partial => "ticket", :collection => @tickets) \ No newline at end of file diff --git a/help/app/views/tickets/new.html.haml b/help/app/views/tickets/new.html.haml new file mode 100644 index 0000000..fd1bcd4 --- /dev/null +++ b/help/app/views/tickets/new.html.haml @@ -0,0 +1,14 @@ +%h2=t :new_ticket += simple_form_for @ticket do |f| + = f.input :title + = #f.input :email #if there is no current_user + = f.input :email if !User.current_test + = #simple_fields_for :comment do |c| + = #c.input :body, :label => 'Comment', :as => :text + = #f.input :comment + = render :partial => 'new_comment' + = # regarding_user if not logged in + = # email if not logged in + = #f.button :submit, :value => t(:submit), :class => 'btn-primary' + = f.button :submit + = link_to t(:cancel), root_url, :class => :btn diff --git a/help/app/views/tickets/show.html.haml b/help/app/views/tickets/show.html.haml new file mode 100644 index 0000000..a37f5c8 --- /dev/null +++ b/help/app/views/tickets/show.html.haml @@ -0,0 +1,10 @@ +%h2= @ticket.title +is open? += @ticket.is_open +code: += @ticket.code += render(:partial => "comment", :collection => @ticket.comments) + += simple_form_for @ticket do |f| + = render :partial => 'new_comment' + = f.button :submit \ No newline at end of file diff --git a/help/config/routes.rb b/help/config/routes.rb index 1daf9a4..5e57e02 100644 --- a/help/config/routes.rb +++ b/help/config/routes.rb @@ -1,2 +1,5 @@ Rails.application.routes.draw do + + resources :tickets, :only => [:new, :create, :index, :show, :update] + #resources :ticket, :only => [:show] end diff --git a/help/test/functional/tickets_controller_test.rb b/help/test/functional/tickets_controller_test.rb new file mode 100644 index 0000000..6d9ff09 --- /dev/null +++ b/help/test/functional/tickets_controller_test.rb @@ -0,0 +1,15 @@ +require 'test_helper' + +class TicketsControllerTest < ActionController::TestCase + # test "the truth" do + # assert true + # end + test "should get new" do + get :new + assert_equal Ticket, assigns(:ticket).class + assert_response :success + end + + + +end diff --git a/help/test/unit/ticket_comment_test.rb b/help/test/unit/ticket_comment_test.rb index 883720f..1fe1fe2 100644 --- a/help/test/unit/ticket_comment_test.rb +++ b/help/test/unit/ticket_comment_test.rb @@ -16,8 +16,8 @@ class TicketCommentTest < ActiveSupport::TestCase comment2 = TicketComment.new :body => "help my email is broken!" assert comment2.valid? - assert_not_nil comment2.posted_at - assert_nil comment2.posted_by #if not logged in + #assert_not_nil comment2.posted_at #? + #assert_nil comment2.posted_by #if not logged in #TODO #comment.ticket = testticket #Ticket.find_by_title("testing") #assert_equal testticket.title, comment.ticket.title @@ -49,9 +49,10 @@ class TicketCommentTest < ActiveSupport::TestCase testticket.comments << comment2 #this should validate comment2 testticket.valid? assert_equal testticket.comments.count, 2 - assert_not_nil comment.posted_at - assert_not_nil testticket.comments.last.posted_at - assert testticket.comments.first.posted_at < testticket.comments.last.posted_at + # where should posted_at be set? + #assert_not_nil comment.posted_at + #assert_not_nil testticket.comments.last.posted_at + #assert testticket.comments.first.posted_at < testticket.comments.last.posted_at end end diff --git a/help/test/unit/ticket_test.rb b/help/test/unit/ticket_test.rb index c3a4759..6b63a23 100644 --- a/help/test/unit/ticket_test.rb +++ b/help/test/unit/ticket_test.rb @@ -41,18 +41,20 @@ class TicketTest < ActiveSupport::TestCase assert @sample.is_creator_validated? end +=begin +# TODO: do once have current_user stuff in order test "code if & only if not creator-validated" do + User.current_test = nil t1 = Ticket.create :title => 'test title' assert_not_nil t1.code assert_nil t1.created_by - User.current = 4 + User.current_test = 4 t2 = Ticket.create :title => 'test title' assert_nil t2.code assert_not_nil t2.created_by - - end +=end end diff --git a/users/app/models/user.rb b/users/app/models/user.rb index a6aab84..33c77ce 100644 --- a/users/app/models/user.rb +++ b/users/app/models/user.rb @@ -59,4 +59,8 @@ class User < CouchRest::Model::Base Thread.current[:user] = user end + def self.current_test + User.first + end + end -- cgit v1.2.3 From c4220a167f883f31c408b55cd970761faeb53aa5 Mon Sep 17 00:00:00 2001 From: jessib Date: Mon, 8 Oct 2012 10:48:39 -0700 Subject: Adding emacs backups files to .gitignore. --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index eb3489a..3a8bd6d 100644 --- a/.gitignore +++ b/.gitignore @@ -13,3 +13,4 @@ # Ignore all logfiles and tempfiles. /log/*.log /tmp +*~ \ No newline at end of file -- cgit v1.2.3 From b077363d51de511d53c9b20ade1cb26707f3ecdf Mon Sep 17 00:00:00 2001 From: jessib Date: Mon, 8 Oct 2012 11:06:28 -0700 Subject: Want to include help engine for help_develop branch. --- Gemfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile b/Gemfile index 2aedae1..7666805 100644 --- a/Gemfile +++ b/Gemfile @@ -32,7 +32,7 @@ gem 'simple_form' gem 'leap_web_core', :path => 'core' gem 'leap_web_users', :path => 'users' gem 'leap_web_certs', :path => 'certs' -# gem 'leap_web_help', :path => 'help' +gem 'leap_web_help', :path => 'help' gem 'couchrest_session_store' -- cgit v1.2.3 From c27f2a0686db0705553eda88c799d4c486c20bac Mon Sep 17 00:00:00 2001 From: jessib Date: Wed, 10 Oct 2012 10:55:25 -0700 Subject: Pushing some tweaks as I try to get server-side validation working. --- help/app/models/ticket.rb | 16 ++++++++++++++-- help/app/models/ticket_comment.rb | 2 ++ help/app/views/tickets/index.html.haml | 5 ++++- help/app/views/tickets/new.html.haml | 15 +++++++++++---- help/app/views/tickets/show.html.haml | 5 +++-- 5 files changed, 34 insertions(+), 9 deletions(-) diff --git a/help/app/models/ticket.rb b/help/app/models/ticket.rb index 355ae02..8cec0df 100644 --- a/help/app/models/ticket.rb +++ b/help/app/models/ticket.rb @@ -15,8 +15,8 @@ class Ticket < CouchRest::Model::Base =end #belongs_to :user #from leap_web_users. doesn't necessarily belong to a user though - property :created_by, Integer #nil unless user was authenticated for ticket creation, #THIS should not be changed after being set - property :regarding_user, Integer # form cannot be submitted if they type in a username w/out corresponding ID. this field can be nil. for authenticated ticket creation by non-admins, should this just automatically be set to be same as created_by? or maybe we don't use this field unless created_by is nil? + property :created_by, String#Integer #nil unless user was authenticated for ticket creation, #THIS should not be changed after being set + property :regarding_user, String#Integer # form cannot be submitted if they type in a username w/out corresponding ID. this field can be nil. for authenticated ticket creation by non-admins, should this just automatically be set to be same as created_by? or maybe we don't use this field unless created_by is nil? #also, both created_by and regarding_user could be nil---say user forgets username, or has general question property :title, String property :email, String #verify @@ -29,6 +29,8 @@ class Ticket < CouchRest::Model::Base timestamps! + #accepts_nested_attributes_for :ticketcomments #?? + #before_validation :set_created_by, :set_code, :set_email, :on => :create before_validation :set_code, :set_email, :on => :create @@ -36,7 +38,11 @@ class Ticket < CouchRest::Model::Base view :by_title end + validates :title, :presence => true + validates :comments, :presence => true #do we want it like this? + + # html5 has built-in validation which isn't ideal, as it says 'please enter an email address' for invalid email addresses, which implies an email address is required, and it is not. validates :email, :format => /\A([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})\Z/, :if => :email #email address is optional #TODO: @@ -55,6 +61,7 @@ class Ticket < CouchRest::Model::Base def set_email + self.email = nil if self.email == "" #self.email = current users email if is_creator_validated? end @@ -68,6 +75,11 @@ class Ticket < CouchRest::Model::Base save end + #probably not useful, but trying it: + def ticket_comment_attributes=(attributes) + @ticket_comment = TicketComment.new(attributes) + end + =begin def validate if email_address and not email_address.strip =~ RFC822::EmailAddress diff --git a/help/app/models/ticket_comment.rb b/help/app/models/ticket_comment.rb index 6b6b4db..9026bc1 100644 --- a/help/app/models/ticket_comment.rb +++ b/help/app/models/ticket_comment.rb @@ -8,6 +8,8 @@ class TicketComment #property :posted_verified, TrueClass, :protected => true #should be true if current_user is set when the comment is created property :body, String + + validates :body, :presence => true #before_validation :set_time#, :set_posted_by #design do diff --git a/help/app/views/tickets/index.html.haml b/help/app/views/tickets/index.html.haml index 55bfa79..d2e0ea0 100644 --- a/help/app/views/tickets/index.html.haml +++ b/help/app/views/tickets/index.html.haml @@ -2,4 +2,7 @@ - @tickets.each do |ticket| %p = link_to ticket.title, ticket -= #render(:partial => "ticket", :collection => @tickets) \ No newline at end of file +%p +Create a += link_to "new ticket", new_ticket_path += #render(:partial => "ticket", :collection => @tickets) diff --git a/help/app/views/tickets/new.html.haml b/help/app/views/tickets/new.html.haml index fd1bcd4..d0e6939 100644 --- a/help/app/views/tickets/new.html.haml +++ b/help/app/views/tickets/new.html.haml @@ -1,12 +1,19 @@ %h2=t :new_ticket -= simple_form_for @ticket do |f| += simple_form_for (@ticket, :html => {:novalidate => true}) do |f| #turn off html5 validations to test + = @ticket.errors.messages = f.input :title = #f.input :email #if there is no current_user - = f.input :email if !User.current_test - = #simple_fields_for :comment do |c| + = f.input :email if !User.current_test #hmm--might authenticated users want to submit an alternate email? + = #f.simple_fields_for :comment do |c| = #c.input :body, :label => 'Comment', :as => :text + = #f.input :comments, :label => 'Comment', :as => :text + + = f.fields_for :comment do |c| + = c.input :body, :label => 'Comment', :as => :text + + = #f.input :comment - = render :partial => 'new_comment' + = #render :partial => 'new_comment' #what we were using = # regarding_user if not logged in = # email if not logged in = #f.button :submit, :value => t(:submit), :class => 'btn-primary' diff --git a/help/app/views/tickets/show.html.haml b/help/app/views/tickets/show.html.haml index a37f5c8..1e1fab3 100644 --- a/help/app/views/tickets/show.html.haml +++ b/help/app/views/tickets/show.html.haml @@ -5,6 +5,7 @@ code: = @ticket.code = render(:partial => "comment", :collection => @ticket.comments) -= simple_form_for @ticket do |f| += simple_form_for (@ticket, :html => {:novalidate => true}) do |f| #turn off html5 validations to test = render :partial => 'new_comment' - = f.button :submit \ No newline at end of file + = f.button :submit + = link_to t(:cancel), root_url, :class => :btn \ No newline at end of file -- cgit v1.2.3 From 0bdfbdb57ab7c29d0d87dc1a44b17eb32f98439b Mon Sep 17 00:00:00 2001 From: jessib Date: Wed, 10 Oct 2012 11:00:51 -0700 Subject: Forgot to commit controller --- help/app/controllers/tickets_controller.rb | 27 +++++++++++++++++---------- 1 file changed, 17 insertions(+), 10 deletions(-) diff --git a/help/app/controllers/tickets_controller.rb b/help/app/controllers/tickets_controller.rb index 9383d7e..2e681b2 100644 --- a/help/app/controllers/tickets_controller.rb +++ b/help/app/controllers/tickets_controller.rb @@ -1,16 +1,23 @@ class TicketsController < ApplicationController + respond_to :html #, :json + def new @ticket = Ticket.new end def create - # @ticket = Ticket.new :posted_by => current_user - @ticket = Ticket.new :created_by => User.current_test.id - @ticket.attributes = params[:ticket] - + @ticket = Ticket.new #:created_by => User.current_test.id + @ticket.attributes = params[:ticket]#.except(:comments) + @ticket.created_by = User.current_test.id if User.current_test add_comment - redirect_to @ticket + + if @ticket.save + respond_with(@ticket) + else + respond_with(@ticket, :location => new_ticket_path ) + end + end def show @@ -20,22 +27,22 @@ class TicketsController < ApplicationController def update @ticket = Ticket.find(params[:id]) add_comment + @ticket.save redirect_to @ticket end def index - @tickets = Ticket.by_title #not actually what we will want + # @tickets = Ticket.by_title #not actually what we will want + respond_with(@tickets = Ticket.all) end private def add_comment comment = TicketComment.new(params[:comment]) - #comment.posted_by = current_user #could be nil - comment.posted_by = User.current_test.id #could be nil - comment.posted_at = Time.now # TODO: it seems strange to have this here, and not in model. + comment.posted_by = User.current_test.id if User.current_test #could be nil + comment.posted_at = Time.now # TODO: it seems strange to have this here, and not in model @ticket.comments << comment - @ticket.save end end -- cgit v1.2.3 From cf9ed38ab1840092352efdbb71bfeb5bc3b9f9d5 Mon Sep 17 00:00:00 2001 From: jessib Date: Wed, 10 Oct 2012 15:52:08 -0700 Subject: Some tweaks to get server-side validation working when adding the embedded ticket comment to a new ticket. --- help/app/controllers/tickets_controller.rb | 10 +++++++--- help/app/models/ticket.rb | 11 ++++++----- help/app/views/tickets/new.html.haml | 9 ++------- 3 files changed, 15 insertions(+), 15 deletions(-) diff --git a/help/app/controllers/tickets_controller.rb b/help/app/controllers/tickets_controller.rb index 2e681b2..be07309 100644 --- a/help/app/controllers/tickets_controller.rb +++ b/help/app/controllers/tickets_controller.rb @@ -4,13 +4,14 @@ class TicketsController < ApplicationController def new @ticket = Ticket.new + @ticket.comments.build end def create @ticket = Ticket.new #:created_by => User.current_test.id @ticket.attributes = params[:ticket]#.except(:comments) @ticket.created_by = User.current_test.id if User.current_test - add_comment + #instead of calling add_comment, we are using comment_attributes= from the Ticket model if @ticket.save respond_with(@ticket) @@ -22,13 +23,14 @@ class TicketsController < ApplicationController def show @ticket = Ticket.find(params[:id]) + # build ticket comments? end def update @ticket = Ticket.find(params[:id]) - add_comment + add_comment #or should we use ticket attributes? @ticket.save - redirect_to @ticket + redirect_to @ticket #difft behavior on failure? end def index @@ -38,6 +40,8 @@ class TicketsController < ApplicationController private + # not using now when creating tickets, we are using comment_attributes= from the Ticket model + #not yet sure about updating tickets def add_comment comment = TicketComment.new(params[:comment]) comment.posted_by = User.current_test.id if User.current_test #could be nil diff --git a/help/app/models/ticket.rb b/help/app/models/ticket.rb index 8cec0df..e829a5f 100644 --- a/help/app/models/ticket.rb +++ b/help/app/models/ticket.rb @@ -29,8 +29,6 @@ class Ticket < CouchRest::Model::Base timestamps! - #accepts_nested_attributes_for :ticketcomments #?? - #before_validation :set_created_by, :set_code, :set_email, :on => :create before_validation :set_code, :set_email, :on => :create @@ -75,9 +73,12 @@ class Ticket < CouchRest::Model::Base save end - #probably not useful, but trying it: - def ticket_comment_attributes=(attributes) - @ticket_comment = TicketComment.new(attributes) + def comments_attributes=(attributes) + comment = TicketComment.new(attributes.values.first) #TicketComment.new(attributes) + comment.posted_by = User.current_test.id if User.current_test + comment.posted_at = Time.now + comments << comment + end =begin diff --git a/help/app/views/tickets/new.html.haml b/help/app/views/tickets/new.html.haml index d0e6939..0a6b25b 100644 --- a/help/app/views/tickets/new.html.haml +++ b/help/app/views/tickets/new.html.haml @@ -1,18 +1,13 @@ %h2=t :new_ticket = simple_form_for (@ticket, :html => {:novalidate => true}) do |f| #turn off html5 validations to test - = @ticket.errors.messages + = #@ticket.errors.messages = f.input :title = #f.input :email #if there is no current_user = f.input :email if !User.current_test #hmm--might authenticated users want to submit an alternate email? - = #f.simple_fields_for :comment do |c| - = #c.input :body, :label => 'Comment', :as => :text - = #f.input :comments, :label => 'Comment', :as => :text - = f.fields_for :comment do |c| + = f.simple_fields_for :comments do |c| = c.input :body, :label => 'Comment', :as => :text - - = #f.input :comment = #render :partial => 'new_comment' #what we were using = # regarding_user if not logged in = # email if not logged in -- cgit v1.2.3 From 0c79df9874c59fbaa5c845e07d8fa1b4bbc23b9c Mon Sep 17 00:00:00 2001 From: Azul Date: Thu, 11 Oct 2012 17:11:32 +0200 Subject: use ruby-srp 0.1.3 which returns the user on authenticate call Also removed a few hooks to User.current. Will replace with current_user --- Gemfile.lock | 4 ++-- users/app/controllers/sessions_controller.rb | 7 +------ users/leap_web_users.gemspec | 2 +- users/test/functional/sessions_controller_test.rb | 20 ++++++++------------ 4 files changed, 12 insertions(+), 21 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index fe49476..f731561 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -19,7 +19,7 @@ PATH specs: leap_web_users (0.1.0) leap_web_core (= 0.1.0) - ruby-srp (~> 0.1.1) + ruby-srp (~> 0.1.3) GEM remote: https://rubygems.org/ @@ -137,7 +137,7 @@ GEM ruby-debug-base (~> 0.10.4.0) ruby-debug-base (0.10.4) linecache (>= 0.3) - ruby-srp (0.1.1) + ruby-srp (0.1.3) sass (3.2.1) sass-rails (3.2.5) railties (~> 3.2.0) diff --git a/users/app/controllers/sessions_controller.rb b/users/app/controllers/sessions_controller.rb index 284c0e2..4a1107d 100644 --- a/users/app/controllers/sessions_controller.rb +++ b/users/app/controllers/sessions_controller.rb @@ -8,19 +8,15 @@ class SessionsController < ApplicationController def create @user = User.find_by_param(params[:login]) session[:handshake] = @user.initialize_auth(params['A'].hex) - User.current = @user #? render :json => session[:handshake] rescue RECORD_NOT_FOUND render :json => {:errors => {:login => ["unknown user"]}} end def update - # TODO: validate the id belongs to the session - @user = User.find_by_param(params[:id]) @srp_session = session.delete(:handshake) - @srp_session.authenticate!(params[:client_auth].hex) + @user = @srp_session.authenticate!(params[:client_auth].hex) session[:user_id] = @user.id - User.current = @user #? render :json => @srp_session rescue WRONG_PASSWORD session[:handshake] = nil @@ -29,7 +25,6 @@ class SessionsController < ApplicationController def destroy session[:user_id] = nil - User.current = nil #? redirect_to root_path end end diff --git a/users/leap_web_users.gemspec b/users/leap_web_users.gemspec index f64a76a..6d35f63 100644 --- a/users/leap_web_users.gemspec +++ b/users/leap_web_users.gemspec @@ -17,5 +17,5 @@ Gem::Specification.new do |s| s.add_dependency "leap_web_core", LeapWeb::VERSION - s.add_dependency "ruby-srp", "~> 0.1.1" + s.add_dependency "ruby-srp", "~> 0.1.3" end diff --git a/users/test/functional/sessions_controller_test.rb b/users/test/functional/sessions_controller_test.rb index b6e56a7..47d7052 100644 --- a/users/test/functional/sessions_controller_test.rb +++ b/users/test/functional/sessions_controller_test.rb @@ -3,6 +3,7 @@ require 'test_helper' class SessionsControllerTest < ActionController::TestCase def setup + @user = stub :login => "me", :id => 123 @client_hex = 'a123' @client_rnd = @client_hex.hex @server_hex = 'b123' @@ -19,14 +20,13 @@ class SessionsControllerTest < ActionController::TestCase end test "should perform handshake" do - user = stub :login => "me", :id => 123 - user.expects(:initialize_auth). + @user.expects(:initialize_auth). with(@client_rnd). returns(@server_handshake) @server_handshake.expects(:to_json). returns({'B' => @server_hex, 'salt' => @salt}.to_json) - User.expects(:find_by_param).with(user.login).returns(user) - post :create, :login => user.login, 'A' => @client_hex + User.expects(:find_by_param).with(@user.login).returns(@user) + post :create, :login => @user.login, 'A' => @client_hex assert_equal @server_handshake, session[:handshake] assert_response :success assert_json_response :B => @server_hex, :salt => @salt @@ -42,27 +42,23 @@ class SessionsControllerTest < ActionController::TestCase test "should authorize" do session[:handshake] = @server_handshake - user = stub :login => "me", :id => 123 @server_handshake.expects(:authenticate!). with(@client_rnd). - returns(@server_auth) + returns(@user) @server_handshake.expects(:to_json). returns({:M2 => @server_auth}.to_json) - User.expects(:find_by_param).with(user.login).returns(user) - post :update, :id => user.login, :client_auth => @client_hex + post :update, :id => @user.login, :client_auth => @client_hex assert_nil session[:handshake] assert_json_response :M2 => @server_auth - assert_equal user.id, session[:user_id] + assert_equal @user.id, session[:user_id] end test "should report wrong password" do session[:handshake] = @server_handshake - user = stub :login => "me", :id => 123 @server_handshake.expects(:authenticate!). with(@client_rnd). raises(WRONG_PASSWORD) - User.expects(:find_by_param).with(user.login).returns(user) - post :update, :id => user.login, :client_auth => @client_hex + post :update, :id => @user.login, :client_auth => @client_hex assert_nil session[:handshake] assert_nil session[:user_id] assert_json_response :errors => {"password" => ["wrong password"]} -- cgit v1.2.3 From 28b51dc38ad71b8a7468aa91d8ce8d3059d9bb69 Mon Sep 17 00:00:00 2001 From: Azul Date: Thu, 11 Oct 2012 17:41:00 +0200 Subject: current_user and authenticate methods --- users/app/controllers/application_controller.rb | 14 ++++++++++++++ users/config/routes.rb | 6 +++--- 2 files changed, 17 insertions(+), 3 deletions(-) create mode 100644 users/app/controllers/application_controller.rb diff --git a/users/app/controllers/application_controller.rb b/users/app/controllers/application_controller.rb new file mode 100644 index 0000000..64e1a55 --- /dev/null +++ b/users/app/controllers/application_controller.rb @@ -0,0 +1,14 @@ +class ApplicationController < ActionController::Base + protect_from_forgery + + private + + def current_user + @current_user ||= User.find(session[:user_id]) if session[:user_id] + end + helper_method :current_user + + def authorize + redirect_to login_url, alert: "Not authorized" if current_user.nil? + end +end diff --git a/users/config/routes.rb b/users/config/routes.rb index cfc0407..522c40c 100644 --- a/users/config/routes.rb +++ b/users/config/routes.rb @@ -1,10 +1,10 @@ Rails.application.routes.draw do - get "log_in" => "sessions#new", :as => "log_in" - get "log_out" => "sessions#destroy", :as => "log_out" + get "login" => "sessions#new", :as => "login" + get "logout" => "sessions#destroy", :as => "logout" resources :sessions, :only => [:new, :create, :update, :destroy] - get "sign_up" => "users#new", :as => "sign_up" + get "signup" => "users#new", :as => "signup" resources :users, :only => [:new, :create] end -- cgit v1.2.3 From 56273c13f54a872d02db286c90a8d5103cf7a663 Mon Sep 17 00:00:00 2001 From: jessib Date: Fri, 12 Oct 2012 14:42:57 -0700 Subject: more work on ticket creation/updating functionality --- help/app/controllers/tickets_controller.rb | 34 +++++++++++++++++++-------- help/app/models/ticket.rb | 2 +- help/app/views/tickets/_comment.html.haml | 3 ++- help/app/views/tickets/_new_comment.html.haml | 1 + help/app/views/tickets/new.html.haml | 2 +- help/app/views/tickets/show.html.haml | 10 ++++++-- 6 files changed, 37 insertions(+), 15 deletions(-) diff --git a/help/app/controllers/tickets_controller.rb b/help/app/controllers/tickets_controller.rb index be07309..f4b38de 100644 --- a/help/app/controllers/tickets_controller.rb +++ b/help/app/controllers/tickets_controller.rb @@ -13,24 +13,39 @@ class TicketsController < ApplicationController @ticket.created_by = User.current_test.id if User.current_test #instead of calling add_comment, we are using comment_attributes= from the Ticket model - if @ticket.save - respond_with(@ticket) - else - respond_with(@ticket, :location => new_ticket_path ) - end + flash[:notice] = 'Ticket was successfully created.' if @ticket.save + respond_with(@ticket) end +=begin + def edit + @ticket = Ticket.find(params[:id]) + @ticket.comments.build + # build ticket comments? + end +=end + def show @ticket = Ticket.find(params[:id]) + # @ticket.comments.build # build ticket comments? end def update @ticket = Ticket.find(params[:id]) - add_comment #or should we use ticket attributes? - @ticket.save - redirect_to @ticket #difft behavior on failure? + @ticket.attributes = params[:ticket] + #add_comment #or should we use ticket attributes? + # @ticket.save + if @ticket.save + flash[:notice] = 'Ticket was successfully updated.' + respond_with @ticket + else + #redirect_to [:show, @ticket] # + flash[:alert] = 'Ticket has not been changed' + redirect_to @ticket + #respond_with(@ticket) # why does this go to edit?? redirect??? + end end def index @@ -40,8 +55,7 @@ class TicketsController < ApplicationController private - # not using now when creating tickets, we are using comment_attributes= from the Ticket model - #not yet sure about updating tickets + # not using now, as we are using comment_attributes= from the Ticket model def add_comment comment = TicketComment.new(params[:comment]) comment.posted_by = User.current_test.id if User.current_test #could be nil diff --git a/help/app/models/ticket.rb b/help/app/models/ticket.rb index e829a5f..537a7c6 100644 --- a/help/app/models/ticket.rb +++ b/help/app/models/ticket.rb @@ -37,7 +37,7 @@ class Ticket < CouchRest::Model::Base end validates :title, :presence => true - validates :comments, :presence => true #do we want it like this? + #validates :comments, :presence => true #do we want it like this? # html5 has built-in validation which isn't ideal, as it says 'please enter an email address' for invalid email addresses, which implies an email address is required, and it is not. diff --git a/help/app/views/tickets/_comment.html.haml b/help/app/views/tickets/_comment.html.haml index 77e29b8..19e1ddf 100644 --- a/help/app/views/tickets/_comment.html.haml +++ b/help/app/views/tickets/_comment.html.haml @@ -1,4 +1,5 @@ -%div +- # style is super ugly but just for now +%div{:style => "border: solid 1px"} - if User.find(comment.posted_by) Posted by = User.find(comment.posted_by).login diff --git a/help/app/views/tickets/_new_comment.html.haml b/help/app/views/tickets/_new_comment.html.haml index bf88da6..a924dfd 100644 --- a/help/app/views/tickets/_new_comment.html.haml +++ b/help/app/views/tickets/_new_comment.html.haml @@ -1,2 +1,3 @@ += #do we want this partial? not using it now = simple_fields_for :comment do |c| = c.input :body, :label => 'Comment', :as => :text diff --git a/help/app/views/tickets/new.html.haml b/help/app/views/tickets/new.html.haml index 0a6b25b..d784720 100644 --- a/help/app/views/tickets/new.html.haml +++ b/help/app/views/tickets/new.html.haml @@ -13,4 +13,4 @@ = # email if not logged in = #f.button :submit, :value => t(:submit), :class => 'btn-primary' = f.button :submit - = link_to t(:cancel), root_url, :class => :btn + = link_to t(:cancel), tickets_path, :class => :btn diff --git a/help/app/views/tickets/show.html.haml b/help/app/views/tickets/show.html.haml index 1e1fab3..04dd676 100644 --- a/help/app/views/tickets/show.html.haml +++ b/help/app/views/tickets/show.html.haml @@ -1,3 +1,7 @@ +- if flash[:notice] + =flash[:notice] +- if flash[:alert] + =flash[:alert] %h2= @ticket.title is open? = @ticket.is_open @@ -6,6 +10,8 @@ code: = render(:partial => "comment", :collection => @ticket.comments) = simple_form_for (@ticket, :html => {:novalidate => true}) do |f| #turn off html5 validations to test - = render :partial => 'new_comment' + = f.simple_fields_for :comments, TicketComment.new do |c| + = c.input :body, :label => 'Comment', :as => :text + = #render :partial => 'new_comment' = f.button :submit - = link_to t(:cancel), root_url, :class => :btn \ No newline at end of file + = link_to t(:cancel), tickets_path, :class => :btn \ No newline at end of file -- cgit v1.2.3 From 42cf5141bd7743d16259b0771607ea6a8cbc0fd3 Mon Sep 17 00:00:00 2001 From: Azul Date: Mon, 15 Oct 2012 11:44:07 +0200 Subject: updated srp_js --- users/app/assets/javascripts/srp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/users/app/assets/javascripts/srp b/users/app/assets/javascripts/srp index d6a7804..6feb770 160000 --- a/users/app/assets/javascripts/srp +++ b/users/app/assets/javascripts/srp @@ -1 +1 @@ -Subproject commit d6a78049f3356d9d645143362eca74434410bf62 +Subproject commit 6feb77060140fe8026812970c4d5ea83da3cd200 -- cgit v1.2.3 From 8841958868fdd11ec49ee6de32ff79f1aa6083fa Mon Sep 17 00:00:00 2001 From: Azul Date: Mon, 15 Oct 2012 12:55:03 +0200 Subject: adding login function for srp --- users/app/assets/javascripts/users.js.coffee | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/users/app/assets/javascripts/users.js.coffee b/users/app/assets/javascripts/users.js.coffee index 160a7f0..07dbc32 100644 --- a/users/app/assets/javascripts/users.js.coffee +++ b/users/app/assets/javascripts/users.js.coffee @@ -27,7 +27,7 @@ validate_password = (event) -> insert_verifier = (event) -> # TODO: verify password confimation - srp = new SRP + srp = new SRP(jqueryRest()) salt = srp.session.getSalt() $('#srp_salt').val(salt) $('#srp_password_verifier').val(srp.session.getV().toString(16)) @@ -35,7 +35,14 @@ insert_verifier = (event) -> $('#srp_password').val('cleared out - use verifier instead') $('#srp_password_confirmation').val('using srp - store verifier') +login = (event) -> + srp = new SRP(jqueryRest()) + srp.identify() + false + + $(document).ready -> $('#new_user').submit validate_password $('#new_user').submit insert_verifier + $('#new_session').submit login -- cgit v1.2.3 From b85316cc00f53343bc6555b10c79f9aadd86e06f Mon Sep 17 00:00:00 2001 From: Azul Date: Tue, 16 Oct 2012 17:29:11 +0200 Subject: working version of srp_js --- users/app/assets/javascripts/srp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/users/app/assets/javascripts/srp b/users/app/assets/javascripts/srp index 6feb770..d21474a 160000 --- a/users/app/assets/javascripts/srp +++ b/users/app/assets/javascripts/srp @@ -1 +1 @@ -Subproject commit 6feb77060140fe8026812970c4d5ea83da3cd200 +Subproject commit d21474a0290edab1c765741d484335d83f50be75 -- cgit v1.2.3 From 48d6c2aac9ae2bf1c140e734a576e45289c99150 Mon Sep 17 00:00:00 2001 From: jessib Date: Tue, 16 Oct 2012 15:51:35 -0700 Subject: Some functional tests and other tweaks. --- help/app/controllers/tickets_controller.rb | 6 +++-- help/app/models/ticket.rb | 12 ++++++---- help/app/models/ticket_comment.rb | 4 ++-- help/app/views/tickets/_comment.html.haml | 2 ++ help/app/views/tickets/index.html.haml | 5 ++-- help/app/views/tickets/new.html.haml | 2 +- help/app/views/tickets/show.html.haml | 13 ++++++++-- help/test/functional/tickets_controller_test.rb | 32 ++++++++++++++++++++++--- 8 files changed, 59 insertions(+), 17 deletions(-) diff --git a/help/app/controllers/tickets_controller.rb b/help/app/controllers/tickets_controller.rb index f4b38de..be9a2b5 100644 --- a/help/app/controllers/tickets_controller.rb +++ b/help/app/controllers/tickets_controller.rb @@ -1,6 +1,7 @@ class TicketsController < ApplicationController respond_to :html #, :json + #has_scope :open, :type => boolean def new @ticket = Ticket.new @@ -8,9 +9,9 @@ class TicketsController < ApplicationController end def create - @ticket = Ticket.new #:created_by => User.current_test.id - @ticket.attributes = params[:ticket]#.except(:comments) + @ticket = Ticket.new(params[:ticket]) @ticket.created_by = User.current_test.id if User.current_test + @ticket.email = User.current_test.email if User.current_test.email #instead of calling add_comment, we are using comment_attributes= from the Ticket model flash[:notice] = 'Ticket was successfully created.' if @ticket.save @@ -35,6 +36,7 @@ class TicketsController < ApplicationController def update @ticket = Ticket.find(params[:id]) @ticket.attributes = params[:ticket] + #add_comment #or should we use ticket attributes? # @ticket.save if @ticket.save diff --git a/help/app/models/ticket.rb b/help/app/models/ticket.rb index 537a7c6..76fa5c8 100644 --- a/help/app/models/ticket.rb +++ b/help/app/models/ticket.rb @@ -15,8 +15,8 @@ class Ticket < CouchRest::Model::Base =end #belongs_to :user #from leap_web_users. doesn't necessarily belong to a user though - property :created_by, String#Integer #nil unless user was authenticated for ticket creation, #THIS should not be changed after being set - property :regarding_user, String#Integer # form cannot be submitted if they type in a username w/out corresponding ID. this field can be nil. for authenticated ticket creation by non-admins, should this just automatically be set to be same as created_by? or maybe we don't use this field unless created_by is nil? + property :created_by, String, :protected => true #Integer #nil unless user was authenticated for ticket creation, #THIS should not be changed after being set + #property :regarding_user, String#Integer # form cannot be submitted if they type in a username w/out corresponding ID. this field can be nil. for authenticated ticket creation by non-admins, should this just automatically be set to be same as created_by? or maybe we don't use this field unless created_by is nil? #also, both created_by and regarding_user could be nil---say user forgets username, or has general question property :title, String property :email, String #verify @@ -32,6 +32,9 @@ class Ticket < CouchRest::Model::Base #before_validation :set_created_by, :set_code, :set_email, :on => :create before_validation :set_code, :set_email, :on => :create + + #named_scope :open, :conditions => {:is_open => true} #?? + design do view :by_title end @@ -60,7 +63,7 @@ class Ticket < CouchRest::Model::Base def set_email self.email = nil if self.email == "" - #self.email = current users email if is_creator_validated? + # in controller set to be current users email if that exists end def close @@ -74,8 +77,9 @@ class Ticket < CouchRest::Model::Base end def comments_attributes=(attributes) + comment = TicketComment.new(attributes.values.first) #TicketComment.new(attributes) - comment.posted_by = User.current_test.id if User.current_test + comment.posted_by = User.current_test.id if User.current_test #should we not access User.current here? comment.posted_at = Time.now comments << comment diff --git a/help/app/models/ticket_comment.rb b/help/app/models/ticket_comment.rb index 9026bc1..a8639a1 100644 --- a/help/app/models/ticket_comment.rb +++ b/help/app/models/ticket_comment.rb @@ -2,13 +2,13 @@ class TicketComment include CouchRest::Model::Embeddable #belongs_to :ticket #is this best way to do it? will want to access all of a tickets comments, so maybe this isn't the way? - property :posted_by, Integer#, :protected => true# maybe this should be current_user if that is set, meaning the user is logged in #String # user?? + property :posted_by, String#, :protected => true #Integer#this should be current_user if that is set, meaning the user is logged in #cannot have it be protected and set via comments_attributes= # if the current user is not set, then we could just say the comment comes from an 'unauthenticated user', which would be somebody with the secret URL property :posted_at, Time#, :protected => true #property :posted_verified, TrueClass, :protected => true #should be true if current_user is set when the comment is created property :body, String - + # ? timestamps! validates :body, :presence => true #before_validation :set_time#, :set_posted_by diff --git a/help/app/views/tickets/_comment.html.haml b/help/app/views/tickets/_comment.html.haml index 19e1ddf..1ba3bd1 100644 --- a/help/app/views/tickets/_comment.html.haml +++ b/help/app/views/tickets/_comment.html.haml @@ -3,6 +3,8 @@ - if User.find(comment.posted_by) Posted by = User.find(comment.posted_by).login + - else + Unauthenticated post %p Posted at = comment.posted_at diff --git a/help/app/views/tickets/index.html.haml b/help/app/views/tickets/index.html.haml index d2e0ea0..f328ca2 100644 --- a/help/app/views/tickets/index.html.haml +++ b/help/app/views/tickets/index.html.haml @@ -1,8 +1,7 @@ +Create a += link_to "new ticket", new_ticket_path %h2 Tickets - @tickets.each do |ticket| %p = link_to ticket.title, ticket -%p -Create a -= link_to "new ticket", new_ticket_path = #render(:partial => "ticket", :collection => @tickets) diff --git a/help/app/views/tickets/new.html.haml b/help/app/views/tickets/new.html.haml index d784720..8c660c9 100644 --- a/help/app/views/tickets/new.html.haml +++ b/help/app/views/tickets/new.html.haml @@ -1,5 +1,5 @@ %h2=t :new_ticket -= simple_form_for (@ticket, :html => {:novalidate => true}) do |f| #turn off html5 validations to test += simple_form_for(@ticket, :html => {:novalidate => true}) do |f| #turn off html5 validations to test = #@ticket.errors.messages = f.input :title = #f.input :email #if there is no current_user diff --git a/help/app/views/tickets/show.html.haml b/help/app/views/tickets/show.html.haml index 04dd676..a9b994e 100644 --- a/help/app/views/tickets/show.html.haml +++ b/help/app/views/tickets/show.html.haml @@ -5,8 +5,17 @@ %h2= @ticket.title is open? = @ticket.is_open -code: -= @ticket.code +- if @ticket.code + code: + = @ticket.code +- if @ticket.email + email: + = @ticket.email +- if User.find(@ticket.created_by) + Created by + = User.find(@ticket.created_by).login +- else + Unauthenticated ticket creator = render(:partial => "comment", :collection => @ticket.comments) = simple_form_for (@ticket, :html => {:novalidate => true}) do |f| #turn off html5 validations to test diff --git a/help/test/functional/tickets_controller_test.rb b/help/test/functional/tickets_controller_test.rb index 6d9ff09..7af4c22 100644 --- a/help/test/functional/tickets_controller_test.rb +++ b/help/test/functional/tickets_controller_test.rb @@ -1,9 +1,13 @@ require 'test_helper' class TicketsControllerTest < ActionController::TestCase - # test "the truth" do - # assert true - # end + + test "should get index" do + get :index + assert_response :success + assert_not_nil assigns(:tickets) + end + test "should get new" do get :new assert_equal Ticket, assigns(:ticket).class @@ -11,5 +15,27 @@ class TicketsControllerTest < ActionController::TestCase end + test "should create authenticated ticket" do + params = {:title => "ticket test title", :comments_attributes => {"0" => {"body" =>"body of test ticket"}}} + + assert_difference('Ticket.count') do + post :create, :ticket => params + end + + assert_response :redirect + assert_equal assigns(:ticket).email, User.current_test.email + assert_equal User.find(assigns(:ticket).created_by).login, User.current_test.login + assert_equal assigns(:ticket).comments.count, 1 + end + + test "add comment to ticket" do + + t = Ticket.last + comment_count = t.comments.count + put :update, :id => t.id, :ticket => {:comments_attributes => {"0" => {"body" =>"NEWER comment"}} } + assert_equal(comment_count + 1, assigns(:ticket).comments.count) + #assert_difference block isn't working + + end end -- cgit v1.2.3 From fdfdc86eb96f670a580eb58b1b3d41560a269ac1 Mon Sep 17 00:00:00 2001 From: Azul Date: Wed, 17 Oct 2012 12:39:40 +0200 Subject: improved signup and login js --- users/app/assets/javascripts/srp | 2 +- users/app/assets/javascripts/users.js.coffee | 16 ++++++---------- 2 files changed, 7 insertions(+), 11 deletions(-) diff --git a/users/app/assets/javascripts/srp b/users/app/assets/javascripts/srp index d21474a..5a0ceeb 160000 --- a/users/app/assets/javascripts/srp +++ b/users/app/assets/javascripts/srp @@ -1 +1 @@ -Subproject commit d21474a0290edab1c765741d484335d83f50be75 +Subproject commit 5a0ceeb1ca0055719a9b8977a799362163955766 diff --git a/users/app/assets/javascripts/users.js.coffee b/users/app/assets/javascripts/users.js.coffee index 07dbc32..1c00663 100644 --- a/users/app/assets/javascripts/users.js.coffee +++ b/users/app/assets/javascripts/users.js.coffee @@ -25,24 +25,20 @@ validate_password = (event) -> return true -insert_verifier = (event) -> - # TODO: verify password confimation +signup = (event) -> srp = new SRP(jqueryRest()) - salt = srp.session.getSalt() - $('#srp_salt').val(salt) - $('#srp_password_verifier').val(srp.session.getV().toString(16)) - # clear the password so we do not submit it - $('#srp_password').val('cleared out - use verifier instead') - $('#srp_password_confirmation').val('using srp - store verifier') + srp.register() + false login = (event) -> srp = new SRP(jqueryRest()) - srp.identify() + srp.identify -> + window.location = '/' false $(document).ready -> $('#new_user').submit validate_password - $('#new_user').submit insert_verifier + $('#new_user').submit signup $('#new_session').submit login -- cgit v1.2.3 From fe23b7896a04a50980c28a8b66c08ce2885ad0d3 Mon Sep 17 00:00:00 2001 From: Azul Date: Wed, 17 Oct 2012 12:40:12 +0200 Subject: complete signup, login, logout workflow --- app/controllers/application_controller.rb | 7 +++++++ app/views/home/index.html.haml | 11 +++++++++++ users/app/views/users/new.html.haml | 2 -- 3 files changed, 18 insertions(+), 2 deletions(-) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index e8065d9..693bd86 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -1,3 +1,10 @@ class ApplicationController < ActionController::Base protect_from_forgery + + helper_method :current_user + + private + def current_user + @current_user ||= User.find(session[:user_id]) if session[:user_id] + end end diff --git a/app/views/home/index.html.haml b/app/views/home/index.html.haml index 11f18de..68e39bb 100644 --- a/app/views/home/index.html.haml +++ b/app/views/home/index.html.haml @@ -2,3 +2,14 @@ Try to fetch a = link_to "cert", cert_path + +-if current_user + %p + logged in as + = current_user.login + = link_to "logout", logout_path +-else + %p + = link_to "login", login_path + or + = link_to "signup", signup_path diff --git a/users/app/views/users/new.html.haml b/users/app/views/users/new.html.haml index f6ece3a..af53331 100644 --- a/users/app/views/users/new.html.haml +++ b/users/app/views/users/new.html.haml @@ -4,7 +4,5 @@ = f.input :login, :input_html => { :id => :srp_username } = f.input :password, :required => true, :input_html => { :id => :srp_password } = f.input :password_confirmation, :required => true, :input_html => { :id => :srp_password_confirmation } - = f.input :password_verifier, :as => :hidden, :input_html => { :id => :srp_password_verifier } - = f.input :password_salt, :as => :hidden, :input_html => { :id => :srp_salt } = f.button :submit, :value => t(:signup), :class => 'btn-primary' = link_to t(:cancel), root_url, :class => :btn -- cgit v1.2.3 From dc0584f7d993ef7c75fbdd9d341ebb3337f3448d Mon Sep 17 00:00:00 2001 From: Azul Date: Wed, 17 Oct 2012 15:19:09 +0200 Subject: UI tweaks including newer version of bootstrap --- Gemfile.lock | 4 +- app/assets/javascripts/application.js | 1 + app/assets/stylesheets/application.scss | 1 + app/views/home/index.html.haml | 12 - app/views/layouts/_navigation.html.haml | 10 + app/views/layouts/application.html.erb | 14 - app/views/layouts/application.html.haml | 23 ++ core/config/initializers/simple_form.rb | 307 ++++++++++------------ core/config/initializers/simple_form_bootstrap.rb | 45 ++++ core/config/locales/simple_form.en.yml | 26 ++ ui_dependencies.rb | 2 +- users/app/views/sessions/new.html.haml | 15 +- users/app/views/users/new.html.haml | 17 +- users/config/locales/en.yml | 6 + 14 files changed, 266 insertions(+), 217 deletions(-) create mode 100644 app/views/layouts/_navigation.html.haml delete mode 100644 app/views/layouts/application.html.erb create mode 100644 app/views/layouts/application.html.haml create mode 100644 core/config/initializers/simple_form_bootstrap.rb create mode 100644 core/config/locales/simple_form.en.yml create mode 100644 users/config/locales/en.yml diff --git a/Gemfile.lock b/Gemfile.lock index f731561..a982c2a 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -53,7 +53,7 @@ GEM i18n (~> 0.6) multi_json (~> 1.0) arel (3.0.2) - bootstrap-sass (2.0.4.2) + bootstrap-sass (2.1.0.0) builder (3.0.3) coffee-rails (3.2.2) coffee-script (>= 2.2.0) @@ -166,7 +166,7 @@ PLATFORMS ruby DEPENDENCIES - bootstrap-sass (~> 2.0.4) + bootstrap-sass (~> 2.1.0) coffee-rails (~> 3.2.2) haml (~> 3.1.7) haml-rails (~> 0.3.4) diff --git a/app/assets/javascripts/application.js b/app/assets/javascripts/application.js index a0b89db..dc975d4 100644 --- a/app/assets/javascripts/application.js +++ b/app/assets/javascripts/application.js @@ -15,3 +15,4 @@ //= require srp //= require users //= require_tree . +//= require bootstrap diff --git a/app/assets/stylesheets/application.scss b/app/assets/stylesheets/application.scss index cbd46a7..72c943a 100644 --- a/app/assets/stylesheets/application.scss +++ b/app/assets/stylesheets/application.scss @@ -1 +1,2 @@ @import "bootstrap"; +@import "bootstrap-responsive"; diff --git a/app/views/home/index.html.haml b/app/views/home/index.html.haml index 68e39bb..0be7ca2 100644 --- a/app/views/home/index.html.haml +++ b/app/views/home/index.html.haml @@ -1,15 +1,3 @@ -%h1 Leap Web Demo Try to fetch a = link_to "cert", cert_path - --if current_user - %p - logged in as - = current_user.login - = link_to "logout", logout_path --else - %p - = link_to "login", login_path - or - = link_to "signup", signup_path diff --git a/app/views/layouts/_navigation.html.haml b/app/views/layouts/_navigation.html.haml new file mode 100644 index 0000000..04d2356 --- /dev/null +++ b/app/views/layouts/_navigation.html.haml @@ -0,0 +1,10 @@ += link_to "Leap Web", root_path, :class => 'brand' +%ul.nav + - if current_user + %li + = link_to t(:logout), logout_path + - else + %li + = link_to t(:login), login_path + %li + = link_to t(:signup), signup_path diff --git a/app/views/layouts/application.html.erb b/app/views/layouts/application.html.erb deleted file mode 100644 index ce68ec8..0000000 --- a/app/views/layouts/application.html.erb +++ /dev/null @@ -1,14 +0,0 @@ - - - - LeapWeb - <%= stylesheet_link_tag "application", :media => "all" %> - <%= javascript_include_tag "application" %> - <%= csrf_meta_tags %> - - - -<%= yield %> - - - diff --git a/app/views/layouts/application.html.haml b/app/views/layouts/application.html.haml new file mode 100644 index 0000000..a57d65e --- /dev/null +++ b/app/views/layouts/application.html.haml @@ -0,0 +1,23 @@ +!!! +%html + %head + %meta{:content => "width=device-width, initial-scale=1.0", :name => "viewport"} + %title= content_for?(:title) ? yield(:title) : "Leap Web" + %meta{:content => content_for?(:description) ? yield(:description) : "Leap Web", :name => "description"} + = stylesheet_link_tag "application", :media => "all" + = javascript_include_tag "application" + = csrf_meta_tags + = yield(:head) + %body + %header.navbar.navbar-fixed-top + %nav.navbar-inner + .container + = render 'layouts/navigation' + #main{:role => "main"} + .container + .content + .row + .span12 + //= render 'layouts/messages' + = yield + %footer diff --git a/core/config/initializers/simple_form.rb b/core/config/initializers/simple_form.rb index b346dfa..e3f8d09 100644 --- a/core/config/initializers/simple_form.rb +++ b/core/config/initializers/simple_form.rb @@ -1,181 +1,142 @@ # Use this setup block to configure all options available in SimpleForm. +SimpleForm.setup do |config| + # Wrappers are used by the form builder to generate a + # complete input. You can remove any component from the + # wrapper, change the order or even add your own to the + # stack. The options given below are used to wrap the + # whole input. + config.wrappers :default, :class => :input, + :hint_class => :field_with_hint, :error_class => :field_with_errors do |b| + ## Extensions enabled by default + # Any of these extensions can be disabled for a + # given input by passing: `f.input EXTENSION_NAME => false`. + # You can make any of these extensions optional by + # renaming `b.use` to `b.optional`. + + # Determines whether to use HTML5 (:email, :url, ...) + # and required attributes + b.use :html5 + + # Calculates placeholders automatically from I18n + # You can also pass a string as f.input :placeholder => "Placeholder" + b.use :placeholder + + ## Optional extensions + # They are disabled unless you pass `f.input EXTENSION_NAME => :lookup` + # to the input. If so, they will retrieve the values from the model + # if any exists. If you want to enable the lookup for any of those + # extensions by default, you can change `b.optional` to `b.use`. + + # Calculates maxlength from length validations for string inputs + b.optional :maxlength + + # Calculates pattern from format validations for string inputs + b.optional :pattern + + # Calculates min and max from length validations for numeric inputs + b.optional :min_max + + # Calculates readonly automatically from readonly attributes + b.optional :readonly + + ## Inputs + b.use :label_input + b.use :hint, :wrap_with => { :tag => :span, :class => :hint } + b.use :error, :wrap_with => { :tag => :span, :class => :error } + end -if defined? SimpleForm - SimpleForm.setup do |config| - # Wrappers are used by the form builder to generate a - # complete input. You can remove any component from the - # wrapper, change the order or even add your own to the - # stack. The options given below are used to wrap the - # whole input. - config.wrappers :default, :class => :input, - :hint_class => :field_with_hint, :error_class => :field_with_errors do |b| - ## Extensions enabled by default - # Any of these extensions can be disabled for a - # given input by passing: `f.input EXTENSION_NAME => false`. - # You can make any of these extensions optional by - # renaming `b.use` to `b.optional`. - - # Determines whether to use HTML5 (:email, :url, ...) - # and required attributes - b.use :html5 - - # Calculates placeholders automatically from I18n - # You can also pass a string as f.input :placeholder => "Placeholder" - b.use :placeholder - - ## Optional extensions - # They are disabled unless you pass `f.input EXTENSION_NAME => :lookup` - # to the input. If so, they will retrieve the values from the model - # if any exists. If you want to enable the lookup for any of those - # extensions by default, you can change `b.optional` to `b.use`. - - # Calculates maxlength from length validations for string inputs - b.optional :maxlength - - # Calculates pattern from format validations for string inputs - b.optional :pattern - - # Calculates min and max from length validations for numeric inputs - b.optional :min_max - - # Calculates readonly automatically from readonly attributes - b.optional :readonly - - ## Inputs - b.use :label_input - b.use :hint, :wrap_with => { :tag => :span, :class => :hint } - b.use :error, :wrap_with => { :tag => :span, :class => :error } - end - - config.wrappers :bootstrap, :tag => 'div', :class => 'control-group', :error_class => 'error' do |b| - b.use :html5 - b.use :placeholder - b.use :label - b.wrapper :tag => 'div', :class => 'controls' do |ba| - ba.use :input - ba.use :error, :wrap_with => { :tag => 'span', :class => 'help-inline' } - ba.use :hint, :wrap_with => { :tag => 'p', :class => 'help-block' } - end - end - - config.wrappers :prepend, :tag => 'div', :class => "control-group", :error_class => 'error' do |b| - b.use :html5 - b.use :placeholder - b.use :label - b.wrapper :tag => 'div', :class => 'controls' do |input| - input.wrapper :tag => 'div', :class => 'input-prepend' do |prepend| - prepend.use :input - end - input.use :hint, :wrap_with => { :tag => 'span', :class => 'help-block' } - input.use :error, :wrap_with => { :tag => 'span', :class => 'help-inline' } - end - end - - config.wrappers :append, :tag => 'div', :class => "control-group", :error_class => 'error' do |b| - b.use :html5 - b.use :placeholder - b.use :label - b.wrapper :tag => 'div', :class => 'controls' do |input| - input.wrapper :tag => 'div', :class => 'input-append' do |append| - append.use :input - end - input.use :hint, :wrap_with => { :tag => 'span', :class => 'help-block' } - input.use :error, :wrap_with => { :tag => 'span', :class => 'help-inline' } - end - end - - # Wrappers for forms and inputs using the Twitter Bootstrap toolkit. - # Check the Bootstrap docs (http://twitter.github.com/bootstrap) - # to learn about the different styles for forms and inputs, - # buttons and other elements. - config.default_wrapper = :bootstrap - - # Define the way to render check boxes / radio buttons with labels. - # Defaults to :nested for bootstrap config. - # :inline => input + label - # :nested => label > input - config.boolean_style = :nested - - # Default class for buttons - config.button_class = 'btn' - - # Method used to tidy up errors. Specify any Rails Array method. - # :first lists the first message for each field. - # Use :to_sentence to list all errors for each field. - # config.error_method = :first - - # Default tag used for error notification helper. - config.error_notification_tag = :div - - # CSS class to add for error notification helper. - config.error_notification_class = 'alert alert-error' - - # ID to add for error notification helper. - # config.error_notification_id = nil - - # Series of attempts to detect a default label method for collection. - # config.collection_label_methods = [ :to_label, :name, :title, :to_s ] - - # Series of attempts to detect a default value method for collection. - # config.collection_value_methods = [ :id, :to_s ] - - # You can wrap a collection of radio/check boxes in a pre-defined tag, defaulting to none. - # config.collection_wrapper_tag = nil - - # You can define the class to use on all collection wrappers. Defaulting to none. - # config.collection_wrapper_class = nil - - # You can wrap each item in a collection of radio/check boxes with a tag, - # defaulting to :span. Please note that when using :boolean_style = :nested, - # SimpleForm will force this option to be a label. - # config.item_wrapper_tag = :span - - # You can define a class to use in all item wrappers. Defaulting to none. - # config.item_wrapper_class = nil - - # How the label text should be generated altogether with the required text. - # config.label_text = lambda { |label, required| "#{required} #{label}" } - - # You can define the class to use on all labels. Default is nil. - config.label_class = 'control-label' - - # You can define the class to use on all forms. Default is simple_form. - config.form_class = 'form-horizontal' - - # You can define which elements should obtain additional classes - # config.generate_additional_classes_for = [:wrapper, :label, :input] - - # Whether attributes are required by default (or not). Default is true. - # config.required_by_default = true - - # Tell browsers whether to use default HTML5 validations (novalidate option). - # Default is enabled. - config.browser_validations = true - - # Collection of methods to detect if a file type was given. - # config.file_methods = [ :mounted_as, :file?, :public_filename ] - - # Custom mappings for input types. This should be a hash containing a regexp - # to match as key, and the input type that will be used when the field name - # matches the regexp as value. - # config.input_mappings = { /count/ => :integer } - - # Default priority for time_zone inputs. - # config.time_zone_priority = nil + # The default wrapper to be used by the FormBuilder. + config.default_wrapper = :default - # Default priority for country inputs. - # config.country_priority = nil + # Define the way to render check boxes / radio buttons with labels. + # Defaults to :nested for bootstrap config. + # :inline => input + label + # :nested => label > input + config.boolean_style = :nested - # Default size for text inputs. - # config.default_input_size = 50 + # Default class for buttons + config.button_class = 'btn' - # When false, do not use translations for labels. - # config.translate_labels = true + # Method used to tidy up errors. Specify any Rails Array method. + # :first lists the first message for each field. + # Use :to_sentence to list all errors for each field. + # config.error_method = :first - # Automatically discover new inputs in Rails' autoload path. - # config.inputs_discovery = true + # Default tag used for error notification helper. + config.error_notification_tag = :div - # Cache SimpleForm inputs discovery - # config.cache_discovery = !Rails.env.development? - end + # CSS class to add for error notification helper. + config.error_notification_class = 'alert alert-error' + + # ID to add for error notification helper. + # config.error_notification_id = nil + + # Series of attempts to detect a default label method for collection. + # config.collection_label_methods = [ :to_label, :name, :title, :to_s ] + + # Series of attempts to detect a default value method for collection. + # config.collection_value_methods = [ :id, :to_s ] + + # You can wrap a collection of radio/check boxes in a pre-defined tag, defaulting to none. + # config.collection_wrapper_tag = nil + + # You can define the class to use on all collection wrappers. Defaulting to none. + # config.collection_wrapper_class = nil + + # You can wrap each item in a collection of radio/check boxes with a tag, + # defaulting to :span. Please note that when using :boolean_style = :nested, + # SimpleForm will force this option to be a label. + # config.item_wrapper_tag = :span + + # You can define a class to use in all item wrappers. Defaulting to none. + # config.item_wrapper_class = nil + + # How the label text should be generated altogether with the required text. + # config.label_text = lambda { |label, required| "#{required} #{label}" } + + # You can define the class to use on all labels. Default is nil. + config.label_class = 'control-label' + + # You can define the class to use on all forms. Default is simple_form. + # config.form_class = :simple_form + + # You can define which elements should obtain additional classes + # config.generate_additional_classes_for = [:wrapper, :label, :input] + + # Whether attributes are required by default (or not). Default is true. + # config.required_by_default = true + + # Tell browsers whether to use default HTML5 validations (novalidate option). + # Default is enabled. + config.browser_validations = false + + # Collection of methods to detect if a file type was given. + # config.file_methods = [ :mounted_as, :file?, :public_filename ] + + # Custom mappings for input types. This should be a hash containing a regexp + # to match as key, and the input type that will be used when the field name + # matches the regexp as value. + # config.input_mappings = { /count/ => :integer } + + # Custom wrappers for input types. This should be a hash containing an input + # type as key and the wrapper that will be used for all inputs with specified type. + # config.wrapper_mappings = { :string => :prepend } + + # Default priority for time_zone inputs. + # config.time_zone_priority = nil + + # Default priority for country inputs. + # config.country_priority = nil + + # Default size for text inputs. + # config.default_input_size = 50 + + # When false, do not use translations for labels. + # config.translate_labels = true + + # Automatically discover new inputs in Rails' autoload path. + # config.inputs_discovery = true + + # Cache SimpleForm inputs discovery + # config.cache_discovery = !Rails.env.development? end diff --git a/core/config/initializers/simple_form_bootstrap.rb b/core/config/initializers/simple_form_bootstrap.rb new file mode 100644 index 0000000..1a22967 --- /dev/null +++ b/core/config/initializers/simple_form_bootstrap.rb @@ -0,0 +1,45 @@ +# Use this setup block to configure all options available in SimpleForm. +SimpleForm.setup do |config| + config.wrappers :bootstrap, :tag => 'div', :class => 'control-group', :error_class => 'error' do |b| + b.use :html5 + b.use :placeholder + b.use :label + b.wrapper :tag => 'div', :class => 'controls' do |ba| + ba.use :input + ba.use :error, :wrap_with => { :tag => 'span', :class => 'help-inline' } + ba.use :hint, :wrap_with => { :tag => 'p', :class => 'help-block' } + end + end + + config.wrappers :prepend, :tag => 'div', :class => "control-group", :error_class => 'error' do |b| + b.use :html5 + b.use :placeholder + b.use :label + b.wrapper :tag => 'div', :class => 'controls' do |input| + input.wrapper :tag => 'div', :class => 'input-prepend' do |prepend| + prepend.use :input + end + input.use :hint, :wrap_with => { :tag => 'span', :class => 'help-block' } + input.use :error, :wrap_with => { :tag => 'span', :class => 'help-inline' } + end + end + + config.wrappers :append, :tag => 'div', :class => "control-group", :error_class => 'error' do |b| + b.use :html5 + b.use :placeholder + b.use :label + b.wrapper :tag => 'div', :class => 'controls' do |input| + input.wrapper :tag => 'div', :class => 'input-append' do |append| + append.use :input + end + input.use :hint, :wrap_with => { :tag => 'span', :class => 'help-block' } + input.use :error, :wrap_with => { :tag => 'span', :class => 'help-inline' } + end + end + + # Wrappers for forms and inputs using the Twitter Bootstrap toolkit. + # Check the Bootstrap docs (http://twitter.github.com/bootstrap) + # to learn about the different styles for forms and inputs, + # buttons and other elements. + config.default_wrapper = :bootstrap +end diff --git a/core/config/locales/simple_form.en.yml b/core/config/locales/simple_form.en.yml new file mode 100644 index 0000000..0df11fe --- /dev/null +++ b/core/config/locales/simple_form.en.yml @@ -0,0 +1,26 @@ +en: + simple_form: + "yes": 'Yes' + "no": 'No' + required: + text: 'required' + mark: '*' + # You can uncomment the line below if you need to overwrite the whole required html. + # When using html, text and mark won't be used. + # html: '*' + error_notification: + default_message: "Please review the problems below:" + # Labels and hints examples + # labels: + # defaults: + # password: 'Password' + # user: + # new: + # email: 'E-mail to sign in.' + # edit: + # email: 'E-mail.' + # hints: + # defaults: + # username: 'User name to sign in.' + # password: 'No special characters, please.' + diff --git a/ui_dependencies.rb b/ui_dependencies.rb index 21de1c6..9b9f853 100644 --- a/ui_dependencies.rb +++ b/ui_dependencies.rb @@ -1,5 +1,5 @@ gem "haml", "~> 3.1.7" -gem "bootstrap-sass", "~> 2.0.4" +gem "bootstrap-sass", "~> 2.1.0" gem "jquery-rails" gem "simple_form" diff --git a/users/app/views/sessions/new.html.haml b/users/app/views/sessions/new.html.haml index 39ee7bf..c91d3f2 100644 --- a/users/app/views/sessions/new.html.haml +++ b/users/app/views/sessions/new.html.haml @@ -1,7 +1,8 @@ -%h2=t :login -= simple_form_for :session, :url => sessions_path, :html => { :id => :new_session } do |f| - %legend=t :login_message - = f.input :login, :input_html => { :id => :srp_username } - = f.input :password, :required => true, :input_html => { :id => :srp_password } - = f.button :submit, :value => t(:login), :class => 'btn-primary' - = link_to t(:cancel), root_url, :class => :btn +.span8.offset2 + %h2=t :login + = simple_form_for :session, :url => sessions_path, :html => { :id => :new_session, :class => 'form-horizontal' } do |f| + %legend=t :login_message + = f.input :login, :input_html => { :id => :srp_username } + = f.input :password, :required => true, :input_html => { :id => :srp_password } + = f.button :submit, :value => t(:login), :class => 'btn-primary' + = link_to t(:cancel), root_url, :class => :btn diff --git a/users/app/views/users/new.html.haml b/users/app/views/users/new.html.haml index af53331..835e99a 100644 --- a/users/app/views/users/new.html.haml +++ b/users/app/views/users/new.html.haml @@ -1,8 +1,9 @@ -%h2=t :signup -= simple_form_for @user do |f| - %legend=t :signup_message - = f.input :login, :input_html => { :id => :srp_username } - = f.input :password, :required => true, :input_html => { :id => :srp_password } - = f.input :password_confirmation, :required => true, :input_html => { :id => :srp_password_confirmation } - = f.button :submit, :value => t(:signup), :class => 'btn-primary' - = link_to t(:cancel), root_url, :class => :btn +.span8.offset2 + %h2=t :signup + = simple_form_for @user, :html => {:class => 'form-horizontal'} do |f| + %legend=t :signup_message + = f.input :login, :input_html => { :id => :srp_username } + = f.input :password, :required => true, :input_html => { :id => :srp_password } + = f.input :password_confirmation, :required => true, :input_html => { :id => :srp_password_confirmation } + = f.button :submit, :value => t(:signup), :class => 'btn-primary' + = link_to t(:cancel), root_url, :class => :btn diff --git a/users/config/locales/en.yml b/users/config/locales/en.yml new file mode 100644 index 0000000..172b85f --- /dev/null +++ b/users/config/locales/en.yml @@ -0,0 +1,6 @@ +en: + signup: "Sign up" + signup_message: "Please create an account." + cancel: "Cancel" + login: "Login" + login_message: "Please login with your account." -- cgit v1.2.3 From 171d07a64d3f76e68c22f0fb4cc3795daad806d1 Mon Sep 17 00:00:00 2001 From: jessib Date: Wed, 17 Oct 2012 10:04:34 -0700 Subject: Not sure we actually want this in version control, but adding changes so long as we have it. --- Gemfile.lock | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/Gemfile.lock b/Gemfile.lock index fe49476..137e6d7 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -14,6 +14,12 @@ PATH json rails (~> 3.2.8) +PATH + remote: help + specs: + leap_web_help (0.1.0) + leap_web_core (= 0.1.0) + PATH remote: users specs: @@ -173,6 +179,7 @@ DEPENDENCIES jquery-rails leap_web_certs! leap_web_core! + leap_web_help! leap_web_users! mocha ruby-debug -- cgit v1.2.3 From 8b9d5235faed6c15e8ef2e2dc76aec7f24d0bb50 Mon Sep 17 00:00:00 2001 From: jessib Date: Thu, 18 Oct 2012 13:42:37 -0700 Subject: Uses the working authentication code. --- help/app/controllers/tickets_controller.rb | 21 ++++++++++++------- help/app/models/ticket.rb | 2 +- help/app/models/ticket_comment.rb | 2 +- help/app/views/tickets/index.html.haml | 3 +++ help/app/views/tickets/new.html.haml | 2 +- help/test/functional/tickets_controller_test.rb | 28 ++++++++++++++++++++++--- users/app/models/user.rb | 6 ++---- 7 files changed, 46 insertions(+), 18 deletions(-) diff --git a/help/app/controllers/tickets_controller.rb b/help/app/controllers/tickets_controller.rb index be9a2b5..4c7415b 100644 --- a/help/app/controllers/tickets_controller.rb +++ b/help/app/controllers/tickets_controller.rb @@ -10,9 +10,13 @@ class TicketsController < ApplicationController def create @ticket = Ticket.new(params[:ticket]) - @ticket.created_by = User.current_test.id if User.current_test - @ticket.email = User.current_test.email if User.current_test.email - #instead of calling add_comment, we are using comment_attributes= from the Ticket model + if current_user + @ticket.created_by = current_user.id + @ticket.email = current_user.email if current_user.email + @ticket.comments.last.posted_by = current_user.id + else + @ticket.comments.last.posted_by = nil #hacky, but protecting this attribute doesn't work right, so this should make sure it isn't set. + end flash[:notice] = 'Ticket was successfully created.' if @ticket.save respond_with(@ticket) @@ -37,8 +41,8 @@ class TicketsController < ApplicationController @ticket = Ticket.find(params[:id]) @ticket.attributes = params[:ticket] - #add_comment #or should we use ticket attributes? - # @ticket.save + @ticket.comments.last.posted_by = (current_user ? current_user.id : nil) #protecting posted_by isn't working, so this should protect it. + if @ticket.save flash[:notice] = 'Ticket was successfully updated.' respond_with @ticket @@ -52,17 +56,18 @@ class TicketsController < ApplicationController def index # @tickets = Ticket.by_title #not actually what we will want - respond_with(@tickets = Ticket.all) + respond_with(@tickets = Ticket.all) #we'll want only tickets that this user can access end private # not using now, as we are using comment_attributes= from the Ticket model +=begin def add_comment comment = TicketComment.new(params[:comment]) - comment.posted_by = User.current_test.id if User.current_test #could be nil + comment.posted_by = User.current.id if User.current #could be nil comment.posted_at = Time.now # TODO: it seems strange to have this here, and not in model @ticket.comments << comment end - +=end end diff --git a/help/app/models/ticket.rb b/help/app/models/ticket.rb index 76fa5c8..f38fed2 100644 --- a/help/app/models/ticket.rb +++ b/help/app/models/ticket.rb @@ -79,7 +79,7 @@ class Ticket < CouchRest::Model::Base def comments_attributes=(attributes) comment = TicketComment.new(attributes.values.first) #TicketComment.new(attributes) - comment.posted_by = User.current_test.id if User.current_test #should we not access User.current here? + #comment.posted_by = User.current.id if User.current #we want to avoid User.current, and current_user won't work here. instead will set in tickets_controller comment.posted_at = Time.now comments << comment diff --git a/help/app/models/ticket_comment.rb b/help/app/models/ticket_comment.rb index a8639a1..49e5c6c 100644 --- a/help/app/models/ticket_comment.rb +++ b/help/app/models/ticket_comment.rb @@ -2,7 +2,7 @@ class TicketComment include CouchRest::Model::Embeddable #belongs_to :ticket #is this best way to do it? will want to access all of a tickets comments, so maybe this isn't the way? - property :posted_by, String#, :protected => true #Integer#this should be current_user if that is set, meaning the user is logged in #cannot have it be protected and set via comments_attributes= + property :posted_by, String#, :protected => true #Integer#this should be current_user if that is set, meaning the user is logged in #cannot have it be protected and set via comments_attributes=. also, if it is protected and we set in the tickets_controller, it gets unset. TODO---is this okay to have it not protected and manually check it? We do not users to be able to set this. # if the current user is not set, then we could just say the comment comes from an 'unauthenticated user', which would be somebody with the secret URL property :posted_at, Time#, :protected => true #property :posted_verified, TrueClass, :protected => true #should be true if current_user is set when the comment is created diff --git a/help/app/views/tickets/index.html.haml b/help/app/views/tickets/index.html.haml index f328ca2..6db2140 100644 --- a/help/app/views/tickets/index.html.haml +++ b/help/app/views/tickets/index.html.haml @@ -1,6 +1,9 @@ +%h2 tickets index (just as space) Create a = link_to "new ticket", new_ticket_path += # below shouldn't be unless logged in %h2 Tickets += # want to have selection option to see tickets, that are open, closed or all - @tickets.each do |ticket| %p = link_to ticket.title, ticket diff --git a/help/app/views/tickets/new.html.haml b/help/app/views/tickets/new.html.haml index 8c660c9..537b97f 100644 --- a/help/app/views/tickets/new.html.haml +++ b/help/app/views/tickets/new.html.haml @@ -3,7 +3,7 @@ = #@ticket.errors.messages = f.input :title = #f.input :email #if there is no current_user - = f.input :email if !User.current_test #hmm--might authenticated users want to submit an alternate email? + = f.input :email if !current_user #hmm--might authenticated users want to submit an alternate email? = f.simple_fields_for :comments do |c| = c.input :body, :label => 'Comment', :as => :text diff --git a/help/test/functional/tickets_controller_test.rb b/help/test/functional/tickets_controller_test.rb index 7af4c22..7a03a86 100644 --- a/help/test/functional/tickets_controller_test.rb +++ b/help/test/functional/tickets_controller_test.rb @@ -15,7 +15,7 @@ class TicketsControllerTest < ActionController::TestCase end - test "should create authenticated ticket" do + test "should create unauthenticated ticket" do params = {:title => "ticket test title", :comments_attributes => {"0" => {"body" =>"body of test ticket"}}} assert_difference('Ticket.count') do @@ -23,8 +23,30 @@ class TicketsControllerTest < ActionController::TestCase end assert_response :redirect - assert_equal assigns(:ticket).email, User.current_test.email - assert_equal User.find(assigns(:ticket).created_by).login, User.current_test.login + #assert_equal assigns(:ticket).email, User.current.email + #assert_equal User.find(assigns(:ticket).created_by).login, User.current.login + assert_nil assigns(:ticket).created_by + + assert_equal assigns(:ticket).comments.count, 1 + end + + + test "should create authenticated ticket" do + + params = {:title => "ticket test title", :comments_attributes => {"0" => {"body" =>"body of test ticket"}}} + + #todo: should redo this and actually authorize + user = User.last + session[:user_id] = user.id + + assert_difference('Ticket.count') do + post :create, :ticket => params + end + + assert_response :redirect + assert_equal assigns(:ticket).created_by, user.id + assert_equal assigns(:ticket).email, user.email + assert_equal assigns(:ticket).comments.count, 1 end diff --git a/users/app/models/user.rb b/users/app/models/user.rb index 8b7c0b3..29c0b38 100644 --- a/users/app/models/user.rb +++ b/users/app/models/user.rb @@ -63,15 +63,13 @@ class User < CouchRest::Model::Base login end +=begin def self.current Thread.current[:user] end def self.current=(user) Thread.current[:user] = user end - - def self.current_test - User.first - end +=end end -- cgit v1.2.3 From 93974e99296641822c734a3c192cc6c550efc696 Mon Sep 17 00:00:00 2001 From: Azul Date: Fri, 19 Oct 2012 12:09:59 +0200 Subject: moved login navigation to the right --- app/views/layouts/_navigation.html.haml | 12 ++++-------- users/app/views/sessions/_nav.html.haml | 8 ++++++++ 2 files changed, 12 insertions(+), 8 deletions(-) create mode 100644 users/app/views/sessions/_nav.html.haml diff --git a/app/views/layouts/_navigation.html.haml b/app/views/layouts/_navigation.html.haml index 04d2356..b75eed7 100644 --- a/app/views/layouts/_navigation.html.haml +++ b/app/views/layouts/_navigation.html.haml @@ -1,10 +1,6 @@ = link_to "Leap Web", root_path, :class => 'brand' %ul.nav - - if current_user - %li - = link_to t(:logout), logout_path - - else - %li - = link_to t(:login), login_path - %li - = link_to t(:signup), signup_path + // = render '/tickets/nav' + +%ul.nav.pull-right + = render '/sessions/nav' diff --git a/users/app/views/sessions/_nav.html.haml b/users/app/views/sessions/_nav.html.haml new file mode 100644 index 0000000..a5397bd --- /dev/null +++ b/users/app/views/sessions/_nav.html.haml @@ -0,0 +1,8 @@ +- if current_user + %li + = link_to t(:logout), logout_path +- else + %li + = link_to t(:login), login_path + %li + = link_to t(:signup), signup_path -- cgit v1.2.3 From 60619169a56de26825cb55a9a845288eed50de2f Mon Sep 17 00:00:00 2001 From: Azul Date: Fri, 19 Oct 2012 12:15:28 +0200 Subject: Revert "Created deploy branch with some springbok specifics" This reverts commit 439e27ef2792a03e5e50f8b9c607fca512cb1452. Conflicts: config/cert --- config/cert | 56 ------------------------------------------ config/deploy.rb | 37 ---------------------------- public/config/eip-service.json | 14 ----------- 3 files changed, 107 deletions(-) delete mode 100644 config/cert delete mode 100644 config/deploy.rb delete mode 100644 public/config/eip-service.json diff --git a/config/cert b/config/cert deleted file mode 100644 index 27db0fd..0000000 --- a/config/cert +++ /dev/null @@ -1,56 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIFfQIBAAKCATEArnxTeU82frha6g4AchpzAA92ry0PD/FZVK5UiMsbwHfAl/XJ -udVH0+51DSC5X4p9esftRQNCaJY/4zESe15Sna7aR+FyUoE+LcPpzMpCYH61TUzj -YLQLzfay6cw1arn QC87f3tvmWI7F0zb9KWE9c -XepnHyr2QJDzMiL This is an invalid eOUK8hc+uTReTXpAtD3S3X -rC3KeJR+jOynTkJ key block for testing Sc6Cz2uJBeARNLvTBAj66q -zfvMIlBOBRCWSQf please replace with a IfExunVQnU+xbRx7W9Gg3i -NV307K4fgLJbY4b valid client key Y69SOuXgz7ECsoXy1bWQsi -TETM5TX/6dADz0z FCc8I167mT25s2HNLnZ8AI -8zqMwDMRf9x7a4GBGmm7n+YSCLy3f8fejw2ZAQIDAQABAoIBMAt3bSQ8Nz3AT20x -XfEusdn/mGSpq7Co3CprStlr+IaVixpe622FPCNOt0x1RMjR2yrzYkvzC9DZperp -mWLj7XF3X8FS3gd0Whhl4bS5yZuC8cd7Gq4bx8mGPIwqQzwOXb1mJXt5RPv+zU6X -J4cSX0GIUBNb1yVsUDouqo1q+saPgBSjhS4xr6sb38XALvzvgVvY/M7YGpSr0Vyv -ErAwxaGpdk+RppAjcxWBXLuMcIgtU+gSoEogdYzJkoJdwOfcyIllyqlaamcv4T84 -gMWRFncCgZkAzUBt1t3GpuyGVPkD2evtQrBWwg09kx1PAyoNwLDOiarmzUr/euvC -4W+BfbvmH3Q1dfyQMc/+Y2/LAhvwwkp1F66KsF1xcz6q3FCDN0BGurhIH3rsS1r8 -m+FZ324xLCYXYBDXCwa3B1YsX9d54JuzXzClr+t0xoz5lZzDLgwEEdK9bttGBL0w -ReIl7KW/TwKDbkPxe+3yCI8CgZkA2aCJUmCtkvaCIX0Udr6g3iyu6lQYbq532/FW -MNh+KJA3NqXOvGZd9T1DfjlxOqsfGD4H92ekUdy/GdX9SAH4A0RW24gUazNY9N1d -tdkq8OAxwswquvXC0U5WXsZVp6z1CFawjUiZbW8CgZkAvP9V5SOkN7LWY0pFJJad -i+oKiXdduqijR/uiXEuyc4v+KQ2lQM/1DEqu0hGKj+enYJtBGPMe+E9+XuZwYMWe -nsmR1/LNPcM0U3LdOvpviOXv7zNUPyri5sMhjuDFnzMHw1REhsnKqk+XtKJ7yLx9 -I8hiBtKUlBUhietNWEQEnQzxxKMRELaAU+1RFJ7vEVb0JUXFCGPrmbsCgZkAyZrW -4Zr+GyGz96AetksM5svDVqVed9qzxqPX7/i16F3HmIJKS8lVXLj3TDBJAQTJNhSN -m+HD6mlClBNzaa2fCTMLtzjAiYhGsRIZbpagCKPRAmcH5bBPSmi+pahBJMBxxdtx -NdhleRCuWBjM0nBAeYZNkIG3qLegqPaJif4zeJ74QWWsDePox8Xr59C6ev23nUUb -MnMW7zECgZkAwOOGuqJHyUlsVuErs5c/rLyY0NAqrGoiBp3o5fGnuINzrZSO3zvY -PcuBeQmnZbkNarfQxFz1ezcf6jmszNStktDj3tFSR8srqpcRKyUPDi1eHD81n8vv -h1jew1zPRQaQvVZ88p0xacYJeRckbKxcIPGweVqpT9ZJAEGg4J6FFcH+fOIra/7R -TgLJs443xbTO2GM/25Anc/Pj4bnL2GWqDTurTxANAtmKenuWHTcz47Pm5WNhZP/l -WWxi9MBzz/80IediLG6qrlU= ------END RSA PRIVATE KEY----- ------BEGIN CERTIFICATE----- -MIIEAzCCAlWgAwIBAgIEUFDq+zANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRU -RVNUMB4XDTEyMDkxMjIwMDUxNVoXDTEzMDkxMjIwMDUxNVowOjEPMA0GA1UEChMG -YLQLzfay6cw1arn QC87f3tvmWI7F0zb9KWE9c -XepnHyr2QJDzMiL This is an invalid eOUK8hc+uTReTXpAtD3S3X -rC3KeJR+jOynTkJ cert block for testing Sc6Cz2uJBeARNLvTBAj66q -zfvMIlBOBRCWSQf please replace with a IfExunVQnU+xbRx7W9Gg3i -NV307K4fgLJbY4b valid server cert Y69SOuXgz7ECsoXy1bWQsi -TETM5TX/6dADz0z FCc8I167mT25s2HNLnZ8AI -4GFRwh8TG6dVCdT7FtHHtb0aDeLzOozAMxF/3HtrgYEaabuf5hIIvLd/x96PDZkB -WAotdJzoLPa4kF4BE0u9MECPrqrN+8wiUE4FEJZJB+/M2WFm+pfZgp1qXx6AL0IC -AgMBAAGjdjB0MAwGA1UdEwEB/wQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDwYD -VR0PAQH/BAUDAwegADAdBgNVHQ4EFgQUU9Uc5ljBzINN4S6oj80rn+mJTLEwHwYD -AMCxt8hxLtQlSgfY4MHxlNOE/hepArRQ1KoqW8TZ3DaDZacYuHK6TkarBuVshrAa -VR0jBBgwFoAU/z1/F2dGNow5Kac+jx7NtyIM0BAwDQYJKoZIhvcNAQELBQADggGX -TkPLvTbMIeZ/DGC6snrnyspVPVun8X1NcdkqOiSWCt5Y1Li4sClXT+XUFaKES4NS -SN8LDKX0J+q2n4nRuotaOdq12qs8ZQkMsSI5ueR0soHY1XuSJCK75PFxLJKq3ydm -FhMVy/bQZgl9QAt7HNK7QoISBmkQFYey0Qq7aotloMhlIyCSN569RcKHdPhZCsCE -c/YgEkmZwOBR7ypXnT0Tcele120v+qhCRSeoZIEwtm27Dp8+My82fpx7xMKYAHn8 -VhdODq6KZ9Tk8MnYenC7SfiJ/cR0N/Yw5R8Yaa1K5qO+dyIwfXTkTr/Kg97N72jE -M6lQJXeXaD8sR9wE2nhxKnTJToebjr9mnlgavSsotnzjnm9fMt5CPGOUtG/qGNfB -GB/GF1HkbZW7VnGWjgNAozftTRCsFoCTwv/ICcW+vYEDVh+hzWjJ/KLl7PruKDPS -rBlWWdV02QtVKpKYKvynML9kyEX6HeM= ------END CERTIFICATE----- diff --git a/config/deploy.rb b/config/deploy.rb deleted file mode 100644 index 9dc058a..0000000 --- a/config/deploy.rb +++ /dev/null @@ -1,37 +0,0 @@ -require "bundler/capistrano" - -set :application, "webapp" - -set :scm, :git -set :repository, "git://leap.se/leap_web" -set :branch, "deploy" - -set :deploy_via, :remote_cache -set :deploy_to, '/home/webapp' -set :use_sudo, false - -set :normalize_asset_timestamps, false - -set :user, "webapp" - -set :git_enable_submodules, 1 # we're using an srp js submodule for now - -role :web, "94.103.43.3" # Your HTTP server, Apache/etc -role :app, "94.103.43.3" # This may be the same as your `Web` server -# role :db, "your primary db-server here", :primary => true # This is where Rails migrations will run -# role :db, "your slave db-server here" - -# if you want to clean up old releases on each deploy uncomment this: -# after "deploy:restart", "deploy:cleanup" - -# if you're still using the script/reaper helper you will need -# these http://github.com/rails/irs_process_scripts - -# If you are using Passenger mod_rails uncomment this: -# namespace :deploy do -# task :start do ; end -# task :stop do ; end -# task :restart, :roles => :app, :except => { :no_release => true } do -# run "#{try_sudo} touch #{File.join(current_path,'tmp','restart.txt')}" -# end -# end diff --git a/public/config/eip-service.json b/public/config/eip-service.json deleted file mode 100644 index 29959d7..0000000 --- a/public/config/eip-service.json +++ /dev/null @@ -1,14 +0,0 @@ -{ - "serial": 1, - "version": "0.1.0", - "capabilities": { - "transport": ["openvpn"], - "ports": ["80","53", "443", "1194"], - "protocols": ["udp"], - "static_ips": false, - "adblock": false - }, - "gateways": [ - {"country_code": "tr", "name": "turkey", "label": {"en":"Ankara, Turkey"}, "capabilities": {}, "hosts": ["94.103.43.4"]} - ] -} -- cgit v1.2.3 From 4ab1e3e465c3ad4600b55b03a2b0bb099aceff54 Mon Sep 17 00:00:00 2001 From: Azul Date: Fri, 19 Oct 2012 12:17:00 +0200 Subject: added dummy cert file for tests and illustration --- config/cert | 56 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) create mode 100644 config/cert diff --git a/config/cert b/config/cert new file mode 100644 index 0000000..27db0fd --- /dev/null +++ b/config/cert @@ -0,0 +1,56 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIFfQIBAAKCATEArnxTeU82frha6g4AchpzAA92ry0PD/FZVK5UiMsbwHfAl/XJ +udVH0+51DSC5X4p9esftRQNCaJY/4zESe15Sna7aR+FyUoE+LcPpzMpCYH61TUzj +YLQLzfay6cw1arn QC87f3tvmWI7F0zb9KWE9c +XepnHyr2QJDzMiL This is an invalid eOUK8hc+uTReTXpAtD3S3X +rC3KeJR+jOynTkJ key block for testing Sc6Cz2uJBeARNLvTBAj66q +zfvMIlBOBRCWSQf please replace with a IfExunVQnU+xbRx7W9Gg3i +NV307K4fgLJbY4b valid client key Y69SOuXgz7ECsoXy1bWQsi +TETM5TX/6dADz0z FCc8I167mT25s2HNLnZ8AI +8zqMwDMRf9x7a4GBGmm7n+YSCLy3f8fejw2ZAQIDAQABAoIBMAt3bSQ8Nz3AT20x +XfEusdn/mGSpq7Co3CprStlr+IaVixpe622FPCNOt0x1RMjR2yrzYkvzC9DZperp +mWLj7XF3X8FS3gd0Whhl4bS5yZuC8cd7Gq4bx8mGPIwqQzwOXb1mJXt5RPv+zU6X +J4cSX0GIUBNb1yVsUDouqo1q+saPgBSjhS4xr6sb38XALvzvgVvY/M7YGpSr0Vyv +ErAwxaGpdk+RppAjcxWBXLuMcIgtU+gSoEogdYzJkoJdwOfcyIllyqlaamcv4T84 +gMWRFncCgZkAzUBt1t3GpuyGVPkD2evtQrBWwg09kx1PAyoNwLDOiarmzUr/euvC +4W+BfbvmH3Q1dfyQMc/+Y2/LAhvwwkp1F66KsF1xcz6q3FCDN0BGurhIH3rsS1r8 +m+FZ324xLCYXYBDXCwa3B1YsX9d54JuzXzClr+t0xoz5lZzDLgwEEdK9bttGBL0w +ReIl7KW/TwKDbkPxe+3yCI8CgZkA2aCJUmCtkvaCIX0Udr6g3iyu6lQYbq532/FW +MNh+KJA3NqXOvGZd9T1DfjlxOqsfGD4H92ekUdy/GdX9SAH4A0RW24gUazNY9N1d +tdkq8OAxwswquvXC0U5WXsZVp6z1CFawjUiZbW8CgZkAvP9V5SOkN7LWY0pFJJad +i+oKiXdduqijR/uiXEuyc4v+KQ2lQM/1DEqu0hGKj+enYJtBGPMe+E9+XuZwYMWe +nsmR1/LNPcM0U3LdOvpviOXv7zNUPyri5sMhjuDFnzMHw1REhsnKqk+XtKJ7yLx9 +I8hiBtKUlBUhietNWEQEnQzxxKMRELaAU+1RFJ7vEVb0JUXFCGPrmbsCgZkAyZrW +4Zr+GyGz96AetksM5svDVqVed9qzxqPX7/i16F3HmIJKS8lVXLj3TDBJAQTJNhSN +m+HD6mlClBNzaa2fCTMLtzjAiYhGsRIZbpagCKPRAmcH5bBPSmi+pahBJMBxxdtx +NdhleRCuWBjM0nBAeYZNkIG3qLegqPaJif4zeJ74QWWsDePox8Xr59C6ev23nUUb +MnMW7zECgZkAwOOGuqJHyUlsVuErs5c/rLyY0NAqrGoiBp3o5fGnuINzrZSO3zvY +PcuBeQmnZbkNarfQxFz1ezcf6jmszNStktDj3tFSR8srqpcRKyUPDi1eHD81n8vv +h1jew1zPRQaQvVZ88p0xacYJeRckbKxcIPGweVqpT9ZJAEGg4J6FFcH+fOIra/7R +TgLJs443xbTO2GM/25Anc/Pj4bnL2GWqDTurTxANAtmKenuWHTcz47Pm5WNhZP/l +WWxi9MBzz/80IediLG6qrlU= +-----END RSA PRIVATE KEY----- +-----BEGIN CERTIFICATE----- +MIIEAzCCAlWgAwIBAgIEUFDq+zANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRU +RVNUMB4XDTEyMDkxMjIwMDUxNVoXDTEzMDkxMjIwMDUxNVowOjEPMA0GA1UEChMG +YLQLzfay6cw1arn QC87f3tvmWI7F0zb9KWE9c +XepnHyr2QJDzMiL This is an invalid eOUK8hc+uTReTXpAtD3S3X +rC3KeJR+jOynTkJ cert block for testing Sc6Cz2uJBeARNLvTBAj66q +zfvMIlBOBRCWSQf please replace with a IfExunVQnU+xbRx7W9Gg3i +NV307K4fgLJbY4b valid server cert Y69SOuXgz7ECsoXy1bWQsi +TETM5TX/6dADz0z FCc8I167mT25s2HNLnZ8AI +4GFRwh8TG6dVCdT7FtHHtb0aDeLzOozAMxF/3HtrgYEaabuf5hIIvLd/x96PDZkB +WAotdJzoLPa4kF4BE0u9MECPrqrN+8wiUE4FEJZJB+/M2WFm+pfZgp1qXx6AL0IC +AgMBAAGjdjB0MAwGA1UdEwEB/wQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDwYD +VR0PAQH/BAUDAwegADAdBgNVHQ4EFgQUU9Uc5ljBzINN4S6oj80rn+mJTLEwHwYD +AMCxt8hxLtQlSgfY4MHxlNOE/hepArRQ1KoqW8TZ3DaDZacYuHK6TkarBuVshrAa +VR0jBBgwFoAU/z1/F2dGNow5Kac+jx7NtyIM0BAwDQYJKoZIhvcNAQELBQADggGX +TkPLvTbMIeZ/DGC6snrnyspVPVun8X1NcdkqOiSWCt5Y1Li4sClXT+XUFaKES4NS +SN8LDKX0J+q2n4nRuotaOdq12qs8ZQkMsSI5ueR0soHY1XuSJCK75PFxLJKq3ydm +FhMVy/bQZgl9QAt7HNK7QoISBmkQFYey0Qq7aotloMhlIyCSN569RcKHdPhZCsCE +c/YgEkmZwOBR7ypXnT0Tcele120v+qhCRSeoZIEwtm27Dp8+My82fpx7xMKYAHn8 +VhdODq6KZ9Tk8MnYenC7SfiJ/cR0N/Yw5R8Yaa1K5qO+dyIwfXTkTr/Kg97N72jE +M6lQJXeXaD8sR9wE2nhxKnTJToebjr9mnlgavSsotnzjnm9fMt5CPGOUtG/qGNfB +GB/GF1HkbZW7VnGWjgNAozftTRCsFoCTwv/ICcW+vYEDVh+hzWjJ/KLl7PruKDPS +rBlWWdV02QtVKpKYKvynML9kyEX6HeM= +-----END CERTIFICATE----- -- cgit v1.2.3 From 3ba2e664a26e96a93c8640b57241af6386db361e Mon Sep 17 00:00:00 2001 From: Azul Date: Fri, 19 Oct 2012 18:03:37 +0200 Subject: login after signup right away. --- users/app/assets/javascripts/srp | 2 +- users/app/assets/javascripts/users.js.coffee | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/users/app/assets/javascripts/srp b/users/app/assets/javascripts/srp index 5a0ceeb..23350b5 160000 --- a/users/app/assets/javascripts/srp +++ b/users/app/assets/javascripts/srp @@ -1 +1 @@ -Subproject commit 5a0ceeb1ca0055719a9b8977a799362163955766 +Subproject commit 23350b54ec2723e1b2e333626567c9fe9d1e2644 diff --git a/users/app/assets/javascripts/users.js.coffee b/users/app/assets/javascripts/users.js.coffee index 1c00663..24302fe 100644 --- a/users/app/assets/javascripts/users.js.coffee +++ b/users/app/assets/javascripts/users.js.coffee @@ -27,7 +27,8 @@ validate_password = (event) -> signup = (event) -> srp = new SRP(jqueryRest()) - srp.register() + srp.register -> + window.location = '/' false login = (event) -> -- cgit v1.2.3 From 3e0a1a47c0eafb7f9b79e5f2765ea33ce1ad159b Mon Sep 17 00:00:00 2001 From: Azul Date: Wed, 24 Oct 2012 20:35:52 +0200 Subject: basic admin controller methods and helpers + tests --- .../app/controllers/application_controller.rb | 3 -- users/app/controllers/application_controller.rb | 22 +++++++++- .../test/functional/application_controller_test.rb | 44 ++++++++++++++++++++ users/test/functional/helper_methods_test.rb | 48 ++++++++++++++++++++++ users/test/support/auth_test_helper.rb | 7 ++++ users/test/test_helper.rb | 3 ++ 6 files changed, 122 insertions(+), 5 deletions(-) delete mode 100644 test/dummy/app/controllers/application_controller.rb create mode 100644 users/test/functional/application_controller_test.rb create mode 100644 users/test/functional/helper_methods_test.rb create mode 100644 users/test/support/auth_test_helper.rb diff --git a/test/dummy/app/controllers/application_controller.rb b/test/dummy/app/controllers/application_controller.rb deleted file mode 100644 index e8065d9..0000000 --- a/test/dummy/app/controllers/application_controller.rb +++ /dev/null @@ -1,3 +0,0 @@ -class ApplicationController < ActionController::Base - protect_from_forgery -end diff --git a/users/app/controllers/application_controller.rb b/users/app/controllers/application_controller.rb index 64e1a55..0d6e5d1 100644 --- a/users/app/controllers/application_controller.rb +++ b/users/app/controllers/application_controller.rb @@ -1,14 +1,32 @@ class ApplicationController < ActionController::Base protect_from_forgery - private + protected def current_user @current_user ||= User.find(session[:user_id]) if session[:user_id] end helper_method :current_user + def logged_in? + !!current_user + end + helper_method :logged_in? + def authorize - redirect_to login_url, alert: "Not authorized" if current_user.nil? + access_denied unless logged_in? + end + + def admin? + current_user && current_user.is_admin? + end + helper_method :admin? + + def authorize_admin + access_denied unless admin? + end + + def access_denied + redirect_to login_url, :alert => "Not authorized" end end diff --git a/users/test/functional/application_controller_test.rb b/users/test/functional/application_controller_test.rb new file mode 100644 index 0000000..d13a354 --- /dev/null +++ b/users/test/functional/application_controller_test.rb @@ -0,0 +1,44 @@ +require 'test_helper' + +class ApplicationControllerTest < ActionController::TestCase + + def setup + @user_id = stub + @user = stub + session[:user_id] = @user_id + # so we can test the effect on the response + @controller.response = @response + end + + def test_authorize_redirect + session[:user_id] = nil + @controller.send(:authorize) + assert_access_denied + end + + def test_current_user_with_caching + User.expects(:find).once.with(@user_id).returns(@user) + assert_equal @user, @controller.send(:current_user) + assert_equal @user, @controller.send(:current_user) # tests caching + end + + def test_authorized + User.expects(:find).once.with(@user_id).returns(@user) + @controller.send(:authorize) + end + + def test_admin + bool = stub + User.expects(:find).once.with(@user_id).returns(@user) + @user.expects(:is_admin?).returns(bool) + assert_equal bool, @controller.send(:admin?) + end + + def test_authorize_admin + User.expects(:find).once.with(@user_id).returns(@user) + @user.expects(:is_admin?).returns(false) + @controller.send(:authorize_admin) + assert_access_denied + end + +end diff --git a/users/test/functional/helper_methods_test.rb b/users/test/functional/helper_methods_test.rb new file mode 100644 index 0000000..0d76f63 --- /dev/null +++ b/users/test/functional/helper_methods_test.rb @@ -0,0 +1,48 @@ +# +# Testing and documenting the helper methods available from +# ApplicationController +# + +require 'test_helper' + +class HelperMethodsTest < ActionController::TestCase + tests ApplicationController + + # we test them right in here... + include ApplicationController._helpers + + # they all reference the controller. + def controller + @controller + end + + def setup + @user_id = stub + @user = stub + session[:user_id] = @user_id + end + + def test_current_user_with_caching + User.expects(:find).once.with(@user_id).returns(@user) + assert_equal @user, current_user + assert_equal @user, current_user # tests caching + end + + def test_logged_in + User.expects(:find).once.with(@user_id).returns(@user) + assert logged_in? + end + + def test_logged_in + User.expects(:find).once.with(@user_id).returns(nil) + assert !logged_in? + end + + def test_admin + bool = stub + User.expects(:find).once.with(@user_id).returns(@user) + @user.expects(:is_admin?).returns(bool) + assert_equal bool, admin? + end + +end diff --git a/users/test/support/auth_test_helper.rb b/users/test/support/auth_test_helper.rb new file mode 100644 index 0000000..c30421f --- /dev/null +++ b/users/test/support/auth_test_helper.rb @@ -0,0 +1,7 @@ +module AuthTestHelper + + def assert_access_denied + assert_equal({:alert => "Not authorized"}, flash.to_hash) + assert_redirected_to login_path + end +end diff --git a/users/test/test_helper.rb b/users/test/test_helper.rb index 08d4d41..ae6a35c 100644 --- a/users/test/test_helper.rb +++ b/users/test/test_helper.rb @@ -8,3 +8,6 @@ Rails.backtrace_cleaner.remove_silencers! # Load support files Dir["#{File.dirname(__FILE__)}/support/**/*.rb"].each { |f| require f } +class ActionController::TestCase + include AuthTestHelper +end -- cgit v1.2.3 From b724d53b36878c96d30676c22ee4e4369dcc37f8 Mon Sep 17 00:00:00 2001 From: Azul Date: Wed, 24 Oct 2012 20:41:30 +0200 Subject: Extraction of test support methods --- .../test/functional/application_controller_test.rb | 14 ++++++------- users/test/functional/helper_methods_test.rb | 16 +++++---------- users/test/support/auth_test_helper.rb | 24 +++++++++++++++++++--- 3 files changed, 32 insertions(+), 22 deletions(-) diff --git a/users/test/functional/application_controller_test.rb b/users/test/functional/application_controller_test.rb index d13a354..4397e1d 100644 --- a/users/test/functional/application_controller_test.rb +++ b/users/test/functional/application_controller_test.rb @@ -3,39 +3,37 @@ require 'test_helper' class ApplicationControllerTest < ActionController::TestCase def setup - @user_id = stub - @user = stub - session[:user_id] = @user_id # so we can test the effect on the response @controller.response = @response end def test_authorize_redirect - session[:user_id] = nil + stub_logged_out @controller.send(:authorize) assert_access_denied end def test_current_user_with_caching - User.expects(:find).once.with(@user_id).returns(@user) + @user = stub_logged_in assert_equal @user, @controller.send(:current_user) assert_equal @user, @controller.send(:current_user) # tests caching end def test_authorized - User.expects(:find).once.with(@user_id).returns(@user) + @user = stub_logged_in @controller.send(:authorize) + assert_access_denied(false) end def test_admin bool = stub - User.expects(:find).once.with(@user_id).returns(@user) + @user = stub_logged_in @user.expects(:is_admin?).returns(bool) assert_equal bool, @controller.send(:admin?) end def test_authorize_admin - User.expects(:find).once.with(@user_id).returns(@user) + @user = stub_logged_in @user.expects(:is_admin?).returns(false) @controller.send(:authorize_admin) assert_access_denied diff --git a/users/test/functional/helper_methods_test.rb b/users/test/functional/helper_methods_test.rb index 0d76f63..c0eaf61 100644 --- a/users/test/functional/helper_methods_test.rb +++ b/users/test/functional/helper_methods_test.rb @@ -16,31 +16,25 @@ class HelperMethodsTest < ActionController::TestCase @controller end - def setup - @user_id = stub - @user = stub - session[:user_id] = @user_id - end - def test_current_user_with_caching - User.expects(:find).once.with(@user_id).returns(@user) + @user = stub_logged_in assert_equal @user, current_user assert_equal @user, current_user # tests caching end def test_logged_in - User.expects(:find).once.with(@user_id).returns(@user) + @user = stub_logged_in assert logged_in? end - def test_logged_in - User.expects(:find).once.with(@user_id).returns(nil) + def test_logged_out + stub_logged_out assert !logged_in? end def test_admin bool = stub - User.expects(:find).once.with(@user_id).returns(@user) + @user = stub_logged_in @user.expects(:is_admin?).returns(bool) assert_equal bool, admin? end diff --git a/users/test/support/auth_test_helper.rb b/users/test/support/auth_test_helper.rb index c30421f..d5d52b1 100644 --- a/users/test/support/auth_test_helper.rb +++ b/users/test/support/auth_test_helper.rb @@ -1,7 +1,25 @@ module AuthTestHelper - def assert_access_denied - assert_equal({:alert => "Not authorized"}, flash.to_hash) - assert_redirected_to login_path + def stub_logged_in + @user_id = stub + @user = stub + session[:user_id] = @user_id + User.expects(:find).once.with(@user_id).returns(@user) + return @user + end + + def stub_logged_out + @user_id = stub + session[:user_id] = @user_id + User.expects(:find).once.with(@user_id).returns(nil) + end + + def assert_access_denied(denied = true) + if denied + assert_equal({:alert => "Not authorized"}, flash.to_hash) + assert_redirected_to login_path + else + assert flash[:alert].blank? + end end end -- cgit v1.2.3 From 2c2a80812818362d0e0c416deefd4aee2787dd9e Mon Sep 17 00:00:00 2001 From: Azul Date: Wed, 24 Oct 2012 20:50:40 +0200 Subject: removing duplicate testing of helper_methods * once tested as helper * once tested as @controller.send... --- users/test/functional/application_controller_test.rb | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/users/test/functional/application_controller_test.rb b/users/test/functional/application_controller_test.rb index 4397e1d..69bcb2f 100644 --- a/users/test/functional/application_controller_test.rb +++ b/users/test/functional/application_controller_test.rb @@ -13,25 +13,12 @@ class ApplicationControllerTest < ActionController::TestCase assert_access_denied end - def test_current_user_with_caching - @user = stub_logged_in - assert_equal @user, @controller.send(:current_user) - assert_equal @user, @controller.send(:current_user) # tests caching - end - def test_authorized @user = stub_logged_in @controller.send(:authorize) assert_access_denied(false) end - def test_admin - bool = stub - @user = stub_logged_in - @user.expects(:is_admin?).returns(bool) - assert_equal bool, @controller.send(:admin?) - end - def test_authorize_admin @user = stub_logged_in @user.expects(:is_admin?).returns(false) -- cgit v1.2.3 From a2a8caf577415ef51c0f99da43f9b47bde226fc6 Mon Sep 17 00:00:00 2001 From: Azul Date: Mon, 29 Oct 2012 12:08:25 +0100 Subject: first steps at is_admin? --- config/initializers/load_config.rb | 1 + users/app/models/user.rb | 7 ++----- 2 files changed, 3 insertions(+), 5 deletions(-) create mode 100644 config/initializers/load_config.rb diff --git a/config/initializers/load_config.rb b/config/initializers/load_config.rb new file mode 100644 index 0000000..e687429 --- /dev/null +++ b/config/initializers/load_config.rb @@ -0,0 +1 @@ +APP_CONFIG = YAML.load_file("#{Rails.root}/config/config.yml")[Rails.env] diff --git a/users/app/models/user.rb b/users/app/models/user.rb index 1afb9db..9bbf169 100644 --- a/users/app/models/user.rb +++ b/users/app/models/user.rb @@ -63,11 +63,8 @@ class User < CouchRest::Model::Base login end - def self.current - Thread.current[:user] - end - def self.current=(user) - Thread.current[:user] = user + def is_admin? + APP_CONFIG['admins'].include? self.id end end -- cgit v1.2.3 From 194e924cb7c36eafa01b68c74774505e170e47ac Mon Sep 17 00:00:00 2001 From: Azul Date: Tue, 30 Oct 2012 12:32:10 +0100 Subject: adding in warden with a basic strategy currently failing because we are not setting the content-type header. --- Gemfile.lock | 3 ++ users/app/controllers/application_controller.rb | 2 +- users/app/controllers/sessions_controller.rb | 16 ++------ users/config/initializers/warden.rb | 52 +++++++++++++++++++++++++ users/leap_web_users.gemspec | 1 + users/lib/leap_web_users/engine.rb | 1 + 6 files changed, 62 insertions(+), 13 deletions(-) create mode 100644 users/config/initializers/warden.rb diff --git a/Gemfile.lock b/Gemfile.lock index a982c2a..5b1fbf6 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -20,6 +20,7 @@ PATH leap_web_users (0.1.0) leap_web_core (= 0.1.0) ruby-srp (~> 0.1.3) + warden GEM remote: https://rubygems.org/ @@ -161,6 +162,8 @@ GEM uglifier (1.2.7) execjs (>= 0.3.0) multi_json (~> 1.3) + warden (1.2.1) + rack (>= 1.0) PLATFORMS ruby diff --git a/users/app/controllers/application_controller.rb b/users/app/controllers/application_controller.rb index 64e1a55..8388dda 100644 --- a/users/app/controllers/application_controller.rb +++ b/users/app/controllers/application_controller.rb @@ -4,7 +4,7 @@ class ApplicationController < ActionController::Base private def current_user - @current_user ||= User.find(session[:user_id]) if session[:user_id] + @current_user ||= env['warden'].user end helper_method :current_user diff --git a/users/app/controllers/sessions_controller.rb b/users/app/controllers/sessions_controller.rb index 4a1107d..3872866 100644 --- a/users/app/controllers/sessions_controller.rb +++ b/users/app/controllers/sessions_controller.rb @@ -6,21 +6,13 @@ class SessionsController < ApplicationController end def create - @user = User.find_by_param(params[:login]) - session[:handshake] = @user.initialize_auth(params['A'].hex) - render :json => session[:handshake] - rescue RECORD_NOT_FOUND - render :json => {:errors => {:login => ["unknown user"]}} + debugger + env['warden'].authenticate! end def update - @srp_session = session.delete(:handshake) - @user = @srp_session.authenticate!(params[:client_auth].hex) - session[:user_id] = @user.id - render :json => @srp_session - rescue WRONG_PASSWORD - session[:handshake] = nil - render :json => {:errors => {"password" => ["wrong password"]}} + debugger + env['warden'].authenticate! end def destroy diff --git a/users/config/initializers/warden.rb b/users/config/initializers/warden.rb new file mode 100644 index 0000000..bb7dc13 --- /dev/null +++ b/users/config/initializers/warden.rb @@ -0,0 +1,52 @@ +Rails.configuration.middleware.use Warden::Manager do |manager| + manager.default_strategies :secure_remote_password + manager.failure_app = SessionsController +end + +# Setup Session Serialization +class Warden::SessionSerializer + def serialize(record) + [record.class.name, record.id] + end + + def deserialize(keys) + klass, id = keys + klass.find(id) + end +end + +Warden::Strategies.add(:secure_remote_password) do + + def valid? + id && ( params['A'] || params['client_auth'] ) + end + + def authenticate! + if params['client_auth'] && session[:handshake] + validate! + else + initialize! + end + end + + protected + + def validate! + srp_session = session.delete(:handshake) + user = srp_session.authenticate(params['client_auth'].hex) + user.nil? ? fail!("Could not log in") : success!(u) + end + + def initialize! + user = User.find_by_param(id) + session[:handshake] = user.initialize_auth(params['A'].hex) + custom! [200, {}, [session[:handshake].to_json]] + rescue RECORD_NOT_FOUND + fail! "User not found" + end + + def id + params["id"] || params["login"] + end +end + diff --git a/users/leap_web_users.gemspec b/users/leap_web_users.gemspec index 6d35f63..477265e 100644 --- a/users/leap_web_users.gemspec +++ b/users/leap_web_users.gemspec @@ -18,4 +18,5 @@ Gem::Specification.new do |s| s.add_dependency "leap_web_core", LeapWeb::VERSION s.add_dependency "ruby-srp", "~> 0.1.3" + s.add_dependency "warden" end diff --git a/users/lib/leap_web_users/engine.rb b/users/lib/leap_web_users/engine.rb index 9b7545e..25c110e 100644 --- a/users/lib/leap_web_users/engine.rb +++ b/users/lib/leap_web_users/engine.rb @@ -1,6 +1,7 @@ # thou shall require all your dependencies in an engine. require "leap_web_core" require "leap_web_core/ui_dependencies" +require "warden" require "ruby-srp" module LeapWebUsers -- cgit v1.2.3 From bcc0f11caeef1b09712b9b62e1607237885d1af5 Mon Sep 17 00:00:00 2001 From: Azul Date: Tue, 30 Oct 2012 14:42:04 +0100 Subject: using rails_warden bit of refactoring without rails_warden the failure app action was not getting set properly. --- Gemfile.lock | 4 +++- users/app/controllers/sessions_controller.rb | 2 -- users/config/initializers/warden.rb | 35 +++++++++++++++++++++------- users/leap_web_users.gemspec | 2 +- users/lib/leap_web_users/engine.rb | 2 +- 5 files changed, 31 insertions(+), 14 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 5b1fbf6..a9ca432 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -19,8 +19,8 @@ PATH specs: leap_web_users (0.1.0) leap_web_core (= 0.1.0) + rails_warden ruby-srp (~> 0.1.3) - warden GEM remote: https://rubygems.org/ @@ -120,6 +120,8 @@ GEM activesupport (= 3.2.8) bundler (~> 1.0) railties (= 3.2.8) + rails_warden (0.5.7) + warden (>= 1.0.0) railties (3.2.8) actionpack (= 3.2.8) activesupport (= 3.2.8) diff --git a/users/app/controllers/sessions_controller.rb b/users/app/controllers/sessions_controller.rb index 3872866..7b7799c 100644 --- a/users/app/controllers/sessions_controller.rb +++ b/users/app/controllers/sessions_controller.rb @@ -6,12 +6,10 @@ class SessionsController < ApplicationController end def create - debugger env['warden'].authenticate! end def update - debugger env['warden'].authenticate! end diff --git a/users/config/initializers/warden.rb b/users/config/initializers/warden.rb index bb7dc13..98dd99c 100644 --- a/users/config/initializers/warden.rb +++ b/users/config/initializers/warden.rb @@ -1,6 +1,8 @@ -Rails.configuration.middleware.use Warden::Manager do |manager| - manager.default_strategies :secure_remote_password - manager.failure_app = SessionsController +Rails.configuration.middleware.use RailsWarden::Manager do |config| + config.default_strategies :secure_remote_password + config.failure_app = SessionsController + config.default_scope = :user + config.scope_defaults :user, :action => :new end # Setup Session Serialization @@ -18,31 +20,46 @@ end Warden::Strategies.add(:secure_remote_password) do def valid? - id && ( params['A'] || params['client_auth'] ) + handshake? || authentication? end def authenticate! - if params['client_auth'] && session[:handshake] + if authentication? validate! - else + else # handshake initialize! end end protected + def handshake? + params['A'] && params['login'] + end + + def authentication? + params['client_auth'] && session[:handshake] + end + def validate! srp_session = session.delete(:handshake) user = srp_session.authenticate(params['client_auth'].hex) - user.nil? ? fail!("Could not log in") : success!(u) + user.nil? ? fail!("Could not log in") : success!(user) end def initialize! user = User.find_by_param(id) session[:handshake] = user.initialize_auth(params['A'].hex) - custom! [200, {}, [session[:handshake].to_json]] + custom! json_response(session[:handshake]) rescue RECORD_NOT_FOUND - fail! "User not found" + fail! "User not found!" + end + + def json_response(object) + [ 200, + {"Content-Type" => "application/json; charset=utf-8"}, + [object.to_json] + ] end def id diff --git a/users/leap_web_users.gemspec b/users/leap_web_users.gemspec index 477265e..053f8dc 100644 --- a/users/leap_web_users.gemspec +++ b/users/leap_web_users.gemspec @@ -18,5 +18,5 @@ Gem::Specification.new do |s| s.add_dependency "leap_web_core", LeapWeb::VERSION s.add_dependency "ruby-srp", "~> 0.1.3" - s.add_dependency "warden" + s.add_dependency "rails_warden" end diff --git a/users/lib/leap_web_users/engine.rb b/users/lib/leap_web_users/engine.rb index 25c110e..42ca072 100644 --- a/users/lib/leap_web_users/engine.rb +++ b/users/lib/leap_web_users/engine.rb @@ -1,7 +1,7 @@ # thou shall require all your dependencies in an engine. require "leap_web_core" require "leap_web_core/ui_dependencies" -require "warden" +require "rails_warden" require "ruby-srp" module LeapWebUsers -- cgit v1.2.3 From f2825d10e6447ea766fee085841e2b92b0477976 Mon Sep 17 00:00:00 2001 From: Azul Date: Tue, 30 Oct 2012 15:36:16 +0100 Subject: sending proper error messages from warden. still need to translate these --- users/app/assets/javascripts/srp | 2 +- users/app/controllers/sessions_controller.rb | 7 +++++-- users/config/initializers/warden.rb | 8 ++++---- 3 files changed, 10 insertions(+), 7 deletions(-) diff --git a/users/app/assets/javascripts/srp b/users/app/assets/javascripts/srp index 23350b5..3bf101b 160000 --- a/users/app/assets/javascripts/srp +++ b/users/app/assets/javascripts/srp @@ -1 +1 @@ -Subproject commit 23350b54ec2723e1b2e333626567c9fe9d1e2644 +Subproject commit 3bf101bc1ef3b5a58fe2f1e2a2e7a681f6de6c09 diff --git a/users/app/controllers/sessions_controller.rb b/users/app/controllers/sessions_controller.rb index 7b7799c..06d55eb 100644 --- a/users/app/controllers/sessions_controller.rb +++ b/users/app/controllers/sessions_controller.rb @@ -3,14 +3,17 @@ class SessionsController < ApplicationController skip_before_filter :verify_authenticity_token def new + if warden.winning_strategy + @errors = warden.winning_strategy.message + end end def create - env['warden'].authenticate! + authenticate! end def update - env['warden'].authenticate! + authenticate! end def destroy diff --git a/users/config/initializers/warden.rb b/users/config/initializers/warden.rb index 98dd99c..82753ec 100644 --- a/users/config/initializers/warden.rb +++ b/users/config/initializers/warden.rb @@ -1,10 +1,10 @@ Rails.configuration.middleware.use RailsWarden::Manager do |config| config.default_strategies :secure_remote_password config.failure_app = SessionsController - config.default_scope = :user - config.scope_defaults :user, :action => :new end +RailsWarden.unauthenticated_action = :new + # Setup Session Serialization class Warden::SessionSerializer def serialize(record) @@ -44,7 +44,7 @@ Warden::Strategies.add(:secure_remote_password) do def validate! srp_session = session.delete(:handshake) user = srp_session.authenticate(params['client_auth'].hex) - user.nil? ? fail!("Could not log in") : success!(user) + user ? success!(user) : fail!(:password => "Could not log in") end def initialize! @@ -52,7 +52,7 @@ Warden::Strategies.add(:secure_remote_password) do session[:handshake] = user.initialize_auth(params['A'].hex) custom! json_response(session[:handshake]) rescue RECORD_NOT_FOUND - fail! "User not found!" + fail! :login => "User not found!" end def json_response(object) -- cgit v1.2.3 From b5738bdf7abaa671a7363e279592eae73635f572 Mon Sep 17 00:00:00 2001 From: elijah Date: Tue, 30 Oct 2012 11:38:48 -0700 Subject: new README --- README.md | 64 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Readme.md | 24 ------------------------ 2 files changed, 64 insertions(+), 24 deletions(-) create mode 100644 README.md delete mode 100644 Readme.md diff --git a/README.md b/README.md new file mode 100644 index 0000000..7e1ad1a --- /dev/null +++ b/README.md @@ -0,0 +1,64 @@ +LEAP Web +--------------------- + +"LEAP Web" is the web-based component of the LEAP Platform, providing the following services: + +* REST API for user registration. +* Admin interface to manage users. +* Client certificate distribution and renewal. +* User support help tickets. + +This web application is written in Ruby on Rails 3, using CouchDB as the backend data store. + +Original code specific to this web application is licensed under the GNU Affero General Public License (version 3.0 or higher). See http://www.gnu.org/licenses/agpl-3.0.html for more information. + +Documentation +--------------------------- + +For more information, see these files in the ``doc`` directory: + +* DEPLOY -- for notes on deployment. +* DEVELOP -- for developer notes. +* CUSTOM -- how to customize. + +Installation +--------------------------- + +Typically, this application is installed automatically as part of the LEAP Platform. To install it manually for testing or development, follow these instructions: + +### Install system requirements + + sudo apt-get install git ruby1.8 rubygems1.8 couchdb + sudo gem bundler + +On Debian Wheezy or later, there is a Debian package for bundler, so you can alternately run ``sudo apt-get install bundler``. + +### Download source + + git clone git://leap.se/leap_web + git submodule update --init + +### Install required ruby libraries + + cd leap_web + bundle + +Typically, you run ``bundle`` as a normal user and it will ask you for a sudo password when it is time to install the required gems. If you don't have sudo, run ``bundle`` as root. + +Configuration +---------------------------- + +The webapp can hand out certs for the EIP client. These certs are either picked from a pool in CouchDB or from a file. For now you can either run [Leap CA](http://github.com/leapcode/leap_ca) to fill the pool or you can put your certs file in config/cert. + +We also ship provider information through the webapp. For now please add your eip-service.json to the public/config directory. + +Running +----------------------------- + + cd leap_web + rails server + +Then open http://localhost:3000 in your web browser. + +To peruse the database, visit http://localhost:5984/_utils/ + diff --git a/Readme.md b/Readme.md deleted file mode 100644 index 8b51b4d..0000000 --- a/Readme.md +++ /dev/null @@ -1,24 +0,0 @@ -# Leap Web # - -Web application for LEAP. Currently Leap Web allows Leap providers to manage users, hand out certs for the EIP. - -## Functions ## - -### Supported ### - -* *User Management* - User Registration and Authentication -* *Cert Distribution* - Certs for the Encrypted Internet Proxy - -### Under Development ### - -* *Help Desk* - Managing Help Requests - - -## Documentation ## - -* [INSTALL](https://github.com/leapcode/leap_web/blob/master/INSTALL.md) for installation instructions -* [DEPLOY](https://github.com/leapcode/leap_web/blob/master/DEPLOY.md) for deployment -* [DEVELOP](https://github.com/leapcode/leap_web/blob/master/DEVELOP.md) for developer notes. -* [CUSTOM](https://github.com/leapcode/leap_web/blob/master/CUSTOM.md) to customize. - - -- cgit v1.2.3 From 5acc88d8a376b2e25e5230d8174667106754c786 Mon Sep 17 00:00:00 2001 From: Azul Date: Wed, 31 Oct 2012 10:40:03 +0100 Subject: user creation should send ok flag so js can start login --- users/app/models/user.rb | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/users/app/models/user.rb b/users/app/models/user.rb index 1afb9db..737e083 100644 --- a/users/app/models/user.rb +++ b/users/app/models/user.rb @@ -44,7 +44,10 @@ class User < CouchRest::Model::Base end def to_json(options={}) - super(options.merge(:only => ['login', 'password_salt'])) + { + :login => login, + :ok => valid? + }.to_json(options) end def initialize_auth(aa) -- cgit v1.2.3 From b92d418ebec6486a9e728c57f38f82d4c3343341 Mon Sep 17 00:00:00 2001 From: Azul Date: Wed, 31 Oct 2012 10:40:51 +0100 Subject: using json template for rendering the warden failures --- users/app/views/sessions/new.json.erb | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 users/app/views/sessions/new.json.erb diff --git a/users/app/views/sessions/new.json.erb b/users/app/views/sessions/new.json.erb new file mode 100644 index 0000000..36154b8 --- /dev/null +++ b/users/app/views/sessions/new.json.erb @@ -0,0 +1,3 @@ +{ +"errors": <%= raw @errors.to_json %> +} -- cgit v1.2.3 From b7cf67590042eca10381a95f8b74070d7430dbdb Mon Sep 17 00:00:00 2001 From: Azul Date: Wed, 31 Oct 2012 10:40:03 +0100 Subject: user creation should send ok flag so js can start login --- users/app/models/user.rb | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/users/app/models/user.rb b/users/app/models/user.rb index 8b7c0b3..b57af98 100644 --- a/users/app/models/user.rb +++ b/users/app/models/user.rb @@ -44,7 +44,10 @@ class User < CouchRest::Model::Base end def to_json(options={}) - super(options.merge(:only => ['login', 'password_salt'])) + { + :login => login, + :ok => valid? + }.to_json(options) end def initialize_auth(aa) -- cgit v1.2.3 From f738852867423130c49221522eb8825c161b0f5a Mon Sep 17 00:00:00 2001 From: Azul Date: Wed, 31 Oct 2012 10:46:38 +0100 Subject: minor: need to cd into leap_web before initializing submodules --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 7e1ad1a..3ea47bb 100644 --- a/README.md +++ b/README.md @@ -36,6 +36,7 @@ On Debian Wheezy or later, there is a Debian package for bundler, so you can alt ### Download source git clone git://leap.se/leap_web + cd leap_web git submodule update --init ### Install required ruby libraries -- cgit v1.2.3 From 4b7333eec8eaf0c01227ade9d77a21f7a879ff0b Mon Sep 17 00:00:00 2001 From: Azul Date: Wed, 31 Oct 2012 17:39:06 +0100 Subject: using controller extensions for application controller by hand --- app/controllers/application_controller.rb | 7 +------ users/app/controllers/application_controller.rb | 14 -------------- .../controllers/controller_extension/authentication.rb | 17 +++++++++++++++++ users/config/initializers/add_controller_methods.rb | 3 +++ 4 files changed, 21 insertions(+), 20 deletions(-) delete mode 100644 users/app/controllers/application_controller.rb create mode 100644 users/app/controllers/controller_extension/authentication.rb create mode 100644 users/config/initializers/add_controller_methods.rb diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 693bd86..be7aa1f 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -1,10 +1,5 @@ class ApplicationController < ActionController::Base protect_from_forgery - helper_method :current_user - - private - def current_user - @current_user ||= User.find(session[:user_id]) if session[:user_id] - end + ActiveSupport.run_load_hooks(:application_controller, self) end diff --git a/users/app/controllers/application_controller.rb b/users/app/controllers/application_controller.rb deleted file mode 100644 index 64e1a55..0000000 --- a/users/app/controllers/application_controller.rb +++ /dev/null @@ -1,14 +0,0 @@ -class ApplicationController < ActionController::Base - protect_from_forgery - - private - - def current_user - @current_user ||= User.find(session[:user_id]) if session[:user_id] - end - helper_method :current_user - - def authorize - redirect_to login_url, alert: "Not authorized" if current_user.nil? - end -end diff --git a/users/app/controllers/controller_extension/authentication.rb b/users/app/controllers/controller_extension/authentication.rb new file mode 100644 index 0000000..507b62f --- /dev/null +++ b/users/app/controllers/controller_extension/authentication.rb @@ -0,0 +1,17 @@ +module ControllerExtension::Authentication + extend ActiveSupport::Concern + + private + + included do + helper_method :current_user + end + + def current_user + @current_user ||= User.find(session[:user_id]) if session[:user_id] + end + + def authorize + redirect_to login_url, :alert => "Not authorized" if current_user.nil? + end +end diff --git a/users/config/initializers/add_controller_methods.rb b/users/config/initializers/add_controller_methods.rb new file mode 100644 index 0000000..2579176 --- /dev/null +++ b/users/config/initializers/add_controller_methods.rb @@ -0,0 +1,3 @@ +ActiveSupport.on_load(:application_controller) do + include ControllerExtension::Authentication +end -- cgit v1.2.3 From 6c60b179a09030da985462d15dbdf076367b5ea4 Mon Sep 17 00:00:00 2001 From: jessib Date: Wed, 31 Oct 2012 12:10:07 -0700 Subject: Code to check administration (and ugly test display.) This includes example config file. --- .gitignore | 3 +++ README.md | 3 +++ config/config.yml.example | 8 ++++++++ .../controller_extension/authentication.rb | 21 +++++++++++++++++++-- users/app/models/user.rb | 3 ++- users/app/views/sessions/_nav.html.haml | 5 ++++- 6 files changed, 39 insertions(+), 4 deletions(-) create mode 100644 config/config.yml.example diff --git a/.gitignore b/.gitignore index 93547cd..d447b54 100644 --- a/.gitignore +++ b/.gitignore @@ -20,3 +20,6 @@ */Gemfile.lock test/dummy/log/* test/dummy/tmp/* + +# Ignore configuration file. +config/config.yml \ No newline at end of file diff --git a/README.md b/README.md index 3ea47bb..fee4e60 100644 --- a/README.md +++ b/README.md @@ -53,6 +53,9 @@ The webapp can hand out certs for the EIP client. These certs are either picked We also ship provider information through the webapp. For now please add your eip-service.json to the public/config directory. +Copy the example configuration file and customize as appropriate: + cp config/config.yml.example config/config.yml + Running ----------------------------- diff --git a/config/config.yml.example b/config/config.yml.example new file mode 100644 index 0000000..e3a0112 --- /dev/null +++ b/config/config.yml.example @@ -0,0 +1,8 @@ +development: + admins: [admin, admin2] + +test: + admins: [admin, admin2] + +production + admins: [] diff --git a/users/app/controllers/controller_extension/authentication.rb b/users/app/controllers/controller_extension/authentication.rb index 507b62f..c3342f3 100644 --- a/users/app/controllers/controller_extension/authentication.rb +++ b/users/app/controllers/controller_extension/authentication.rb @@ -4,14 +4,31 @@ module ControllerExtension::Authentication private included do - helper_method :current_user + helper_method :current_user, :logged_in?, :admin? end def current_user @current_user ||= User.find(session[:user_id]) if session[:user_id] end + def logged_in? + !!current_user + end + def authorize - redirect_to login_url, :alert => "Not authorized" if current_user.nil? + access_denied unless logged_in? end + + def access_denied + redirect_to login_url, :alert => "Not authorized" + end + + def admin? + current_user && current_user.is_admin? + end + + def authorize_admin + access_denied unless admin? + end + end diff --git a/users/app/models/user.rb b/users/app/models/user.rb index 2b8ead7..0f5d650 100644 --- a/users/app/models/user.rb +++ b/users/app/models/user.rb @@ -66,8 +66,9 @@ class User < CouchRest::Model::Base login end + # Since we are storing admins by login, we cannot allow admins to change their login. def is_admin? - APP_CONFIG['admins'].include? self.id + APP_CONFIG['admins'].include? self.login end end diff --git a/users/app/views/sessions/_nav.html.haml b/users/app/views/sessions/_nav.html.haml index a5397bd..204ba88 100644 --- a/users/app/views/sessions/_nav.html.haml +++ b/users/app/views/sessions/_nav.html.haml @@ -1,6 +1,9 @@ -- if current_user +- if logged_in? %li + = 'logged in as ' + current_user.login = link_to t(:logout), logout_path + - if admin? + = 'ADMIN' # obviously not like this - else %li = link_to t(:login), login_path -- cgit v1.2.3 From 872b9fa6759d5708f5efb19ba46b3c8e2b5d4862 Mon Sep 17 00:00:00 2001 From: jessib Date: Wed, 31 Oct 2012 12:19:15 -0700 Subject: Looks like the help code has already been merged into the develop branch, and thus merging into feature-admin_users branch. --- Gemfile | 2 +- Gemfile.lock | 7 +++ help/app/controllers/tickets_controller.rb | 73 +++++++++++++++++++++++++ help/app/models/ticket.rb | 36 ++++++++++-- help/app/models/ticket_comment.rb | 14 +++-- help/app/views/tickets/_comment.html.haml | 13 +++++ help/app/views/tickets/_new_comment.html.haml | 3 + help/app/views/tickets/index.html.haml | 10 ++++ help/app/views/tickets/new.html.haml | 16 ++++++ help/app/views/tickets/show.html.haml | 26 +++++++++ help/config/routes.rb | 3 + help/test/functional/tickets_controller_test.rb | 63 +++++++++++++++++++++ help/test/unit/ticket_comment_test.rb | 11 ++-- help/test/unit/ticket_test.rb | 8 ++- 14 files changed, 266 insertions(+), 19 deletions(-) create mode 100644 help/app/controllers/tickets_controller.rb create mode 100644 help/app/views/tickets/_comment.html.haml create mode 100644 help/app/views/tickets/_new_comment.html.haml create mode 100644 help/app/views/tickets/index.html.haml create mode 100644 help/app/views/tickets/new.html.haml create mode 100644 help/app/views/tickets/show.html.haml create mode 100644 help/test/functional/tickets_controller_test.rb diff --git a/Gemfile b/Gemfile index 10c661a..40030b5 100644 --- a/Gemfile +++ b/Gemfile @@ -9,7 +9,7 @@ eval(File.read(File.dirname(__FILE__) + '/ui_dependencies.rb')) gem "leap_web_core", :path => 'core' gem 'leap_web_users', :path => 'users' gem 'leap_web_certs', :path => 'certs' -# gem 'leap_web_help', :path => 'help' +gem 'leap_web_help', :path => 'help' # To use debugger gem 'ruby-debug' diff --git a/Gemfile.lock b/Gemfile.lock index a982c2a..86cb8e8 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -14,6 +14,12 @@ PATH json rails (~> 3.2.8) +PATH + remote: help + specs: + leap_web_help (0.1.0) + leap_web_core (= 0.1.0) + PATH remote: users specs: @@ -173,6 +179,7 @@ DEPENDENCIES jquery-rails leap_web_certs! leap_web_core! + leap_web_help! leap_web_users! mocha ruby-debug diff --git a/help/app/controllers/tickets_controller.rb b/help/app/controllers/tickets_controller.rb new file mode 100644 index 0000000..4c7415b --- /dev/null +++ b/help/app/controllers/tickets_controller.rb @@ -0,0 +1,73 @@ +class TicketsController < ApplicationController + + respond_to :html #, :json + #has_scope :open, :type => boolean + + def new + @ticket = Ticket.new + @ticket.comments.build + end + + def create + @ticket = Ticket.new(params[:ticket]) + if current_user + @ticket.created_by = current_user.id + @ticket.email = current_user.email if current_user.email + @ticket.comments.last.posted_by = current_user.id + else + @ticket.comments.last.posted_by = nil #hacky, but protecting this attribute doesn't work right, so this should make sure it isn't set. + end + + flash[:notice] = 'Ticket was successfully created.' if @ticket.save + respond_with(@ticket) + + end + +=begin + def edit + @ticket = Ticket.find(params[:id]) + @ticket.comments.build + # build ticket comments? + end +=end + + def show + @ticket = Ticket.find(params[:id]) + # @ticket.comments.build + # build ticket comments? + end + + def update + @ticket = Ticket.find(params[:id]) + @ticket.attributes = params[:ticket] + + @ticket.comments.last.posted_by = (current_user ? current_user.id : nil) #protecting posted_by isn't working, so this should protect it. + + if @ticket.save + flash[:notice] = 'Ticket was successfully updated.' + respond_with @ticket + else + #redirect_to [:show, @ticket] # + flash[:alert] = 'Ticket has not been changed' + redirect_to @ticket + #respond_with(@ticket) # why does this go to edit?? redirect??? + end + end + + def index + # @tickets = Ticket.by_title #not actually what we will want + respond_with(@tickets = Ticket.all) #we'll want only tickets that this user can access + end + + private + + # not using now, as we are using comment_attributes= from the Ticket model +=begin + def add_comment + comment = TicketComment.new(params[:comment]) + comment.posted_by = User.current.id if User.current #could be nil + comment.posted_at = Time.now # TODO: it seems strange to have this here, and not in model + @ticket.comments << comment + end +=end +end diff --git a/help/app/models/ticket.rb b/help/app/models/ticket.rb index 784d7ef..f38fed2 100644 --- a/help/app/models/ticket.rb +++ b/help/app/models/ticket.rb @@ -15,8 +15,8 @@ class Ticket < CouchRest::Model::Base =end #belongs_to :user #from leap_web_users. doesn't necessarily belong to a user though - property :created_by, Integer #nil unless user was authenticated for ticket creation, #THIS should not be changed after being set - property :regarding_user, Integer # form cannot be submitted if they type in a username w/out corresponding ID. this field can be nil. for authenticated ticket creation by non-admins, should this just automatically be set to be same as created_by? or maybe we don't use this field unless created_by is nil? + property :created_by, String, :protected => true #Integer #nil unless user was authenticated for ticket creation, #THIS should not be changed after being set + #property :regarding_user, String#Integer # form cannot be submitted if they type in a username w/out corresponding ID. this field can be nil. for authenticated ticket creation by non-admins, should this just automatically be set to be same as created_by? or maybe we don't use this field unless created_by is nil? #also, both created_by and regarding_user could be nil---say user forgets username, or has general question property :title, String property :email, String #verify @@ -29,18 +29,27 @@ class Ticket < CouchRest::Model::Base timestamps! - before_validation :set_created_by, :set_code, :on => :create + #before_validation :set_created_by, :set_code, :set_email, :on => :create + before_validation :set_code, :set_email, :on => :create + + + #named_scope :open, :conditions => {:is_open => true} #?? design do view :by_title end + validates :title, :presence => true + #validates :comments, :presence => true #do we want it like this? + + # html5 has built-in validation which isn't ideal, as it says 'please enter an email address' for invalid email addresses, which implies an email address is required, and it is not. validates :email, :format => /\A([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})\Z/, :if => :email #email address is optional - def set_created_by - self.created_by = User.current if User.current - end + #TODO: + #def set_created_by + # self.created_by = User.current if User.current + #end def is_creator_validated? !!created_by @@ -51,6 +60,12 @@ class Ticket < CouchRest::Model::Base self.code = SecureRandom.hex(8) if !is_creator_validated? end + + def set_email + self.email = nil if self.email == "" + # in controller set to be current users email if that exists + end + def close self.is_open = false save @@ -61,6 +76,15 @@ class Ticket < CouchRest::Model::Base save end + def comments_attributes=(attributes) + + comment = TicketComment.new(attributes.values.first) #TicketComment.new(attributes) + #comment.posted_by = User.current.id if User.current #we want to avoid User.current, and current_user won't work here. instead will set in tickets_controller + comment.posted_at = Time.now + comments << comment + + end + =begin def validate if email_address and not email_address.strip =~ RFC822::EmailAddress diff --git a/help/app/models/ticket_comment.rb b/help/app/models/ticket_comment.rb index 652133a..49e5c6c 100644 --- a/help/app/models/ticket_comment.rb +++ b/help/app/models/ticket_comment.rb @@ -2,13 +2,15 @@ class TicketComment include CouchRest::Model::Embeddable #belongs_to :ticket #is this best way to do it? will want to access all of a tickets comments, so maybe this isn't the way? - property :posted_by, Integer, :protected => true# maybe this should be current_user if that is set, meaning the user is logged in #String # user?? + property :posted_by, String#, :protected => true #Integer#this should be current_user if that is set, meaning the user is logged in #cannot have it be protected and set via comments_attributes=. also, if it is protected and we set in the tickets_controller, it gets unset. TODO---is this okay to have it not protected and manually check it? We do not users to be able to set this. # if the current user is not set, then we could just say the comment comes from an 'unauthenticated user', which would be somebody with the secret URL - property :posted_at, Time, :protected => true + property :posted_at, Time#, :protected => true #property :posted_verified, TrueClass, :protected => true #should be true if current_user is set when the comment is created property :body, String - before_validation :set_time#, :set_posted_by + # ? timestamps! + validates :body, :presence => true + #before_validation :set_time#, :set_posted_by #design do # view :by_posted_at @@ -18,10 +20,14 @@ class TicketComment def is_comment_validated? !!posted_by end - + +=begin + #TODO. + #this is resetting all comments associated with the ticket: def set_time self.posted_at = Time.now end +=end =begin def set_posted_by diff --git a/help/app/views/tickets/_comment.html.haml b/help/app/views/tickets/_comment.html.haml new file mode 100644 index 0000000..1ba3bd1 --- /dev/null +++ b/help/app/views/tickets/_comment.html.haml @@ -0,0 +1,13 @@ +- # style is super ugly but just for now +%div{:style => "border: solid 1px"} + - if User.find(comment.posted_by) + Posted by + = User.find(comment.posted_by).login + - else + Unauthenticated post + %p + Posted at + = comment.posted_at + %p + = comment.body + %p \ No newline at end of file diff --git a/help/app/views/tickets/_new_comment.html.haml b/help/app/views/tickets/_new_comment.html.haml new file mode 100644 index 0000000..a924dfd --- /dev/null +++ b/help/app/views/tickets/_new_comment.html.haml @@ -0,0 +1,3 @@ += #do we want this partial? not using it now += simple_fields_for :comment do |c| + = c.input :body, :label => 'Comment', :as => :text diff --git a/help/app/views/tickets/index.html.haml b/help/app/views/tickets/index.html.haml new file mode 100644 index 0000000..6db2140 --- /dev/null +++ b/help/app/views/tickets/index.html.haml @@ -0,0 +1,10 @@ +%h2 tickets index (just as space) +Create a += link_to "new ticket", new_ticket_path += # below shouldn't be unless logged in +%h2 Tickets += # want to have selection option to see tickets, that are open, closed or all +- @tickets.each do |ticket| + %p + = link_to ticket.title, ticket += #render(:partial => "ticket", :collection => @tickets) diff --git a/help/app/views/tickets/new.html.haml b/help/app/views/tickets/new.html.haml new file mode 100644 index 0000000..537b97f --- /dev/null +++ b/help/app/views/tickets/new.html.haml @@ -0,0 +1,16 @@ +%h2=t :new_ticket += simple_form_for(@ticket, :html => {:novalidate => true}) do |f| #turn off html5 validations to test + = #@ticket.errors.messages + = f.input :title + = #f.input :email #if there is no current_user + = f.input :email if !current_user #hmm--might authenticated users want to submit an alternate email? + + = f.simple_fields_for :comments do |c| + = c.input :body, :label => 'Comment', :as => :text + + = #render :partial => 'new_comment' #what we were using + = # regarding_user if not logged in + = # email if not logged in + = #f.button :submit, :value => t(:submit), :class => 'btn-primary' + = f.button :submit + = link_to t(:cancel), tickets_path, :class => :btn diff --git a/help/app/views/tickets/show.html.haml b/help/app/views/tickets/show.html.haml new file mode 100644 index 0000000..a9b994e --- /dev/null +++ b/help/app/views/tickets/show.html.haml @@ -0,0 +1,26 @@ +- if flash[:notice] + =flash[:notice] +- if flash[:alert] + =flash[:alert] +%h2= @ticket.title +is open? += @ticket.is_open +- if @ticket.code + code: + = @ticket.code +- if @ticket.email + email: + = @ticket.email +- if User.find(@ticket.created_by) + Created by + = User.find(@ticket.created_by).login +- else + Unauthenticated ticket creator += render(:partial => "comment", :collection => @ticket.comments) + += simple_form_for (@ticket, :html => {:novalidate => true}) do |f| #turn off html5 validations to test + = f.simple_fields_for :comments, TicketComment.new do |c| + = c.input :body, :label => 'Comment', :as => :text + = #render :partial => 'new_comment' + = f.button :submit + = link_to t(:cancel), tickets_path, :class => :btn \ No newline at end of file diff --git a/help/config/routes.rb b/help/config/routes.rb index 1daf9a4..5e57e02 100644 --- a/help/config/routes.rb +++ b/help/config/routes.rb @@ -1,2 +1,5 @@ Rails.application.routes.draw do + + resources :tickets, :only => [:new, :create, :index, :show, :update] + #resources :ticket, :only => [:show] end diff --git a/help/test/functional/tickets_controller_test.rb b/help/test/functional/tickets_controller_test.rb new file mode 100644 index 0000000..7a03a86 --- /dev/null +++ b/help/test/functional/tickets_controller_test.rb @@ -0,0 +1,63 @@ +require 'test_helper' + +class TicketsControllerTest < ActionController::TestCase + + test "should get index" do + get :index + assert_response :success + assert_not_nil assigns(:tickets) + end + + test "should get new" do + get :new + assert_equal Ticket, assigns(:ticket).class + assert_response :success + end + + + test "should create unauthenticated ticket" do + params = {:title => "ticket test title", :comments_attributes => {"0" => {"body" =>"body of test ticket"}}} + + assert_difference('Ticket.count') do + post :create, :ticket => params + end + + assert_response :redirect + #assert_equal assigns(:ticket).email, User.current.email + #assert_equal User.find(assigns(:ticket).created_by).login, User.current.login + assert_nil assigns(:ticket).created_by + + assert_equal assigns(:ticket).comments.count, 1 + end + + + test "should create authenticated ticket" do + + params = {:title => "ticket test title", :comments_attributes => {"0" => {"body" =>"body of test ticket"}}} + + #todo: should redo this and actually authorize + user = User.last + session[:user_id] = user.id + + assert_difference('Ticket.count') do + post :create, :ticket => params + end + + assert_response :redirect + assert_equal assigns(:ticket).created_by, user.id + assert_equal assigns(:ticket).email, user.email + + assert_equal assigns(:ticket).comments.count, 1 + end + + test "add comment to ticket" do + + t = Ticket.last + comment_count = t.comments.count + put :update, :id => t.id, :ticket => {:comments_attributes => {"0" => {"body" =>"NEWER comment"}} } + assert_equal(comment_count + 1, assigns(:ticket).comments.count) + #assert_difference block isn't working + + end + +end diff --git a/help/test/unit/ticket_comment_test.rb b/help/test/unit/ticket_comment_test.rb index 883720f..1fe1fe2 100644 --- a/help/test/unit/ticket_comment_test.rb +++ b/help/test/unit/ticket_comment_test.rb @@ -16,8 +16,8 @@ class TicketCommentTest < ActiveSupport::TestCase comment2 = TicketComment.new :body => "help my email is broken!" assert comment2.valid? - assert_not_nil comment2.posted_at - assert_nil comment2.posted_by #if not logged in + #assert_not_nil comment2.posted_at #? + #assert_nil comment2.posted_by #if not logged in #TODO #comment.ticket = testticket #Ticket.find_by_title("testing") #assert_equal testticket.title, comment.ticket.title @@ -49,9 +49,10 @@ class TicketCommentTest < ActiveSupport::TestCase testticket.comments << comment2 #this should validate comment2 testticket.valid? assert_equal testticket.comments.count, 2 - assert_not_nil comment.posted_at - assert_not_nil testticket.comments.last.posted_at - assert testticket.comments.first.posted_at < testticket.comments.last.posted_at + # where should posted_at be set? + #assert_not_nil comment.posted_at + #assert_not_nil testticket.comments.last.posted_at + #assert testticket.comments.first.posted_at < testticket.comments.last.posted_at end end diff --git a/help/test/unit/ticket_test.rb b/help/test/unit/ticket_test.rb index c3a4759..6b63a23 100644 --- a/help/test/unit/ticket_test.rb +++ b/help/test/unit/ticket_test.rb @@ -41,18 +41,20 @@ class TicketTest < ActiveSupport::TestCase assert @sample.is_creator_validated? end +=begin +# TODO: do once have current_user stuff in order test "code if & only if not creator-validated" do + User.current_test = nil t1 = Ticket.create :title => 'test title' assert_not_nil t1.code assert_nil t1.created_by - User.current = 4 + User.current_test = 4 t2 = Ticket.create :title => 'test title' assert_nil t2.code assert_not_nil t2.created_by - - end +=end end -- cgit v1.2.3 From cb0ac8a9fac97341f86335ff713be8d7cb5e5e67 Mon Sep 17 00:00:00 2001 From: Azul Date: Fri, 2 Nov 2012 19:46:36 +0100 Subject: minor: it's gem install bundler --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 3ea47bb..5c53421 100644 --- a/README.md +++ b/README.md @@ -29,7 +29,7 @@ Typically, this application is installed automatically as part of the LEAP Platf ### Install system requirements sudo apt-get install git ruby1.8 rubygems1.8 couchdb - sudo gem bundler + sudo gem install bundler On Debian Wheezy or later, there is a Debian package for bundler, so you can alternately run ``sudo apt-get install bundler``. -- cgit v1.2.3 From 023d91a7ad605a9f941ad36c5d002172b25387a3 Mon Sep 17 00:00:00 2001 From: Azul Date: Fri, 2 Nov 2012 19:50:10 +0100 Subject: add debugger for ruby 1.9 so it works too. --- Gemfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Gemfile b/Gemfile index 40030b5..8b13e51 100644 --- a/Gemfile +++ b/Gemfile @@ -12,4 +12,5 @@ gem 'leap_web_certs', :path => 'certs' gem 'leap_web_help', :path => 'help' # To use debugger -gem 'ruby-debug' +gem 'debugger', :platforms => :mri_19 +gem 'ruby-debug', :platforms => :mri_18 -- cgit v1.2.3 From 2264623a445bf5c64404ef302f63e4d99ecbd97f Mon Sep 17 00:00:00 2001 From: Azul Date: Sun, 4 Nov 2012 16:23:16 +0100 Subject: minor: yaml syntax fix --- config/config.yml.example | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/config.yml.example b/config/config.yml.example index e3a0112..c34dd10 100644 --- a/config/config.yml.example +++ b/config/config.yml.example @@ -4,5 +4,5 @@ development: test: admins: [admin, admin2] -production +production: admins: [] -- cgit v1.2.3 From 5c6395d8b1a8c7cf540dae9fdd37f3e68554215c Mon Sep 17 00:00:00 2001 From: Azul Date: Sun, 4 Nov 2012 16:24:35 +0100 Subject: fixing tests, including support files from all engines --- test/dummy/app/controllers/application_controller.rb | 5 +++++ test/test_helper.rb | 3 +++ users/test/integration/api/account_flow_test.rb | 2 +- users/test/support/auth_test_helper.rb | 4 ++++ users/test/test_helper.rb | 4 ---- users/test/unit/user_test.rb | 2 +- 6 files changed, 14 insertions(+), 6 deletions(-) create mode 100644 test/dummy/app/controllers/application_controller.rb diff --git a/test/dummy/app/controllers/application_controller.rb b/test/dummy/app/controllers/application_controller.rb new file mode 100644 index 0000000..be7aa1f --- /dev/null +++ b/test/dummy/app/controllers/application_controller.rb @@ -0,0 +1,5 @@ +class ApplicationController < ActionController::Base + protect_from_forgery + + ActiveSupport.run_load_hooks(:application_controller, self) +end diff --git a/test/test_helper.rb b/test/test_helper.rb index f7d48ec..50d5159 100644 --- a/test/test_helper.rb +++ b/test/test_helper.rb @@ -4,6 +4,9 @@ require 'rails/test_help' require 'mocha' +# Load support files from all engines +Dir["#{File.dirname(__FILE__)}/../*/test/support/**/*.rb"].each { |f| require f } + class ActiveSupport::TestCase # Add more helper methods to be used by all tests here... end diff --git a/users/test/integration/api/account_flow_test.rb b/users/test/integration/api/account_flow_test.rb index 66de1e5..5800d46 100644 --- a/users/test/integration/api/account_flow_test.rb +++ b/users/test/integration/api/account_flow_test.rb @@ -39,7 +39,7 @@ class AccountFlowTest < ActionDispatch::IntegrationTest end test "signup response" do - assert_json_response @user_params.slice(:login, :password_salt) + assert_json_response :login => @login, :ok => true assert_response :success end diff --git a/users/test/support/auth_test_helper.rb b/users/test/support/auth_test_helper.rb index d5d52b1..9412058 100644 --- a/users/test/support/auth_test_helper.rb +++ b/users/test/support/auth_test_helper.rb @@ -23,3 +23,7 @@ module AuthTestHelper end end end + +class ActionController::TestCase + include AuthTestHelper +end diff --git a/users/test/test_helper.rb b/users/test/test_helper.rb index ae6a35c..e8f0125 100644 --- a/users/test/test_helper.rb +++ b/users/test/test_helper.rb @@ -7,7 +7,3 @@ Rails.backtrace_cleaner.remove_silencers! # Load support files Dir["#{File.dirname(__FILE__)}/support/**/*.rb"].each { |f| require f } - -class ActionController::TestCase - include AuthTestHelper -end diff --git a/users/test/unit/user_test.rb b/users/test/unit/user_test.rb index 822ef33..f057ca7 100644 --- a/users/test/unit/user_test.rb +++ b/users/test/unit/user_test.rb @@ -19,7 +19,7 @@ class UserTest < ActiveSupport::TestCase end test "test require alphanumerical for login" do - @user.login = "qwär" + @user.login = "qw#r" assert !@user.valid? end -- cgit v1.2.3 From cf1e7ee20f713068cadf5cfa78840115e0a8a081 Mon Sep 17 00:00:00 2001 From: Azul Date: Sun, 4 Nov 2012 16:28:58 +0100 Subject: using ruby-srp 0.1.4 - ruby 1.9.3 compatible --- Gemfile.lock | 12 ++++++++++-- users/app/assets/javascripts/srp | 2 +- users/leap_web_users.gemspec | 2 +- 3 files changed, 12 insertions(+), 4 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 86cb8e8..be3cebb 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -25,7 +25,7 @@ PATH specs: leap_web_users (0.1.0) leap_web_core (= 0.1.0) - ruby-srp (~> 0.1.3) + ruby-srp (~> 0.1.4) GEM remote: https://rubygems.org/ @@ -81,6 +81,13 @@ GEM couchrest_session_store (0.0.1) couchrest couchrest_model + debugger (1.2.1) + columnize (>= 0.3.1) + debugger-linecache (~> 1.1.1) + debugger-ruby_core_source (~> 1.1.4) + debugger-linecache (1.1.2) + debugger-ruby_core_source (>= 1.1.1) + debugger-ruby_core_source (1.1.4) erubis (2.7.0) execjs (1.4.0) multi_json (~> 1.0) @@ -143,7 +150,7 @@ GEM ruby-debug-base (~> 0.10.4.0) ruby-debug-base (0.10.4) linecache (>= 0.3) - ruby-srp (0.1.3) + ruby-srp (0.1.4) sass (3.2.1) sass-rails (3.2.5) railties (~> 3.2.0) @@ -174,6 +181,7 @@ PLATFORMS DEPENDENCIES bootstrap-sass (~> 2.1.0) coffee-rails (~> 3.2.2) + debugger haml (~> 3.1.7) haml-rails (~> 0.3.4) jquery-rails diff --git a/users/app/assets/javascripts/srp b/users/app/assets/javascripts/srp index 23350b5..d6a7804 160000 --- a/users/app/assets/javascripts/srp +++ b/users/app/assets/javascripts/srp @@ -1 +1 @@ -Subproject commit 23350b54ec2723e1b2e333626567c9fe9d1e2644 +Subproject commit d6a78049f3356d9d645143362eca74434410bf62 diff --git a/users/leap_web_users.gemspec b/users/leap_web_users.gemspec index 6d35f63..dec5a71 100644 --- a/users/leap_web_users.gemspec +++ b/users/leap_web_users.gemspec @@ -17,5 +17,5 @@ Gem::Specification.new do |s| s.add_dependency "leap_web_core", LeapWeb::VERSION - s.add_dependency "ruby-srp", "~> 0.1.3" + s.add_dependency "ruby-srp", "~> 0.1.4" end -- cgit v1.2.3 From 19008253d01fd6d7a864e98a7ae5dc216070aee1 Mon Sep 17 00:00:00 2001 From: Azul Date: Sun, 4 Nov 2012 16:28:58 +0100 Subject: using ruby-srp 0.1.4 - ruby 1.9.3 compatible --- Gemfile.lock | 4 ++-- users/leap_web_users.gemspec | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 86cb8e8..6792476 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -25,7 +25,7 @@ PATH specs: leap_web_users (0.1.0) leap_web_core (= 0.1.0) - ruby-srp (~> 0.1.3) + ruby-srp (~> 0.1.4) GEM remote: https://rubygems.org/ @@ -143,7 +143,7 @@ GEM ruby-debug-base (~> 0.10.4.0) ruby-debug-base (0.10.4) linecache (>= 0.3) - ruby-srp (0.1.3) + ruby-srp (0.1.4) sass (3.2.1) sass-rails (3.2.5) railties (~> 3.2.0) diff --git a/users/leap_web_users.gemspec b/users/leap_web_users.gemspec index 6d35f63..dec5a71 100644 --- a/users/leap_web_users.gemspec +++ b/users/leap_web_users.gemspec @@ -17,5 +17,5 @@ Gem::Specification.new do |s| s.add_dependency "leap_web_core", LeapWeb::VERSION - s.add_dependency "ruby-srp", "~> 0.1.3" + s.add_dependency "ruby-srp", "~> 0.1.4" end -- cgit v1.2.3 From e1fc3f4850ee73e0591bd67a92b104db4f63e4cb Mon Sep 17 00:00:00 2001 From: Azul Date: Sun, 4 Nov 2012 21:01:27 +0100 Subject: stubbing current_user the warden way --- .../controller_extension/authentication.rb | 2 +- .../test/functional/application_controller_test.rb | 7 +++---- users/test/functional/helper_methods_test.rb | 15 ++++++--------- users/test/integration/api/account_flow_test.rb | 4 ++-- users/test/support/auth_test_helper.rb | 21 +++++++++++---------- 5 files changed, 23 insertions(+), 26 deletions(-) diff --git a/users/app/controllers/controller_extension/authentication.rb b/users/app/controllers/controller_extension/authentication.rb index 50cf0d1..0408b77 100644 --- a/users/app/controllers/controller_extension/authentication.rb +++ b/users/app/controllers/controller_extension/authentication.rb @@ -8,7 +8,7 @@ module ControllerExtension::Authentication end def current_user - @current_user ||= env['warden'].user + @current_user ||= request.env['warden'].user end def logged_in? diff --git a/users/test/functional/application_controller_test.rb b/users/test/functional/application_controller_test.rb index 69bcb2f..857bae5 100644 --- a/users/test/functional/application_controller_test.rb +++ b/users/test/functional/application_controller_test.rb @@ -8,20 +8,19 @@ class ApplicationControllerTest < ActionController::TestCase end def test_authorize_redirect - stub_logged_out @controller.send(:authorize) assert_access_denied end def test_authorized - @user = stub_logged_in + login @controller.send(:authorize) assert_access_denied(false) end def test_authorize_admin - @user = stub_logged_in - @user.expects(:is_admin?).returns(false) + login + @current_user.expects(:is_admin?).returns(false) @controller.send(:authorize_admin) assert_access_denied end diff --git a/users/test/functional/helper_methods_test.rb b/users/test/functional/helper_methods_test.rb index c0eaf61..2b2375c 100644 --- a/users/test/functional/helper_methods_test.rb +++ b/users/test/functional/helper_methods_test.rb @@ -16,26 +16,23 @@ class HelperMethodsTest < ActionController::TestCase @controller end - def test_current_user_with_caching - @user = stub_logged_in - assert_equal @user, current_user - assert_equal @user, current_user # tests caching + def test_current_user + login + assert_equal @current_user, current_user end def test_logged_in - @user = stub_logged_in + login assert logged_in? end def test_logged_out - stub_logged_out assert !logged_in? end def test_admin - bool = stub - @user = stub_logged_in - @user.expects(:is_admin?).returns(bool) + login + @current_user.expects(:is_admin?).returns(bool = stub) assert_equal bool, admin? end diff --git a/users/test/integration/api/account_flow_test.rb b/users/test/integration/api/account_flow_test.rb index 5800d46..69e0599 100644 --- a/users/test/integration/api/account_flow_test.rb +++ b/users/test/integration/api/account_flow_test.rb @@ -4,7 +4,7 @@ class AccountFlowTest < ActionDispatch::IntegrationTest # this test wraps the api and implements the interface the ruby-srp client. def handshake(login, aa) - post "sessions", :login => login, 'A' => aa.to_s(16) + post "sessions", :login => login, 'A' => aa.to_s(16), :format => :json assert_response :success response = JSON.parse(@response.body) if response['errors'] @@ -15,7 +15,7 @@ class AccountFlowTest < ActionDispatch::IntegrationTest end def validate(m) - put "sessions/" + @login, :client_auth => m.to_s(16) + put "sessions/" + @login, :client_auth => m.to_s(16), :format => :json assert_response :success return JSON.parse(@response.body) end diff --git a/users/test/support/auth_test_helper.rb b/users/test/support/auth_test_helper.rb index 9412058..f211597 100644 --- a/users/test/support/auth_test_helper.rb +++ b/users/test/support/auth_test_helper.rb @@ -1,17 +1,18 @@ module AuthTestHelper + extend ActiveSupport::Concern - def stub_logged_in - @user_id = stub - @user = stub - session[:user_id] = @user_id - User.expects(:find).once.with(@user_id).returns(@user) - return @user + # Controller will fetch current user from warden. + # Make it pick up our current_user + included do + setup do + request.env['warden'] ||= stub :user => nil + end end - def stub_logged_out - @user_id = stub - session[:user_id] = @user_id - User.expects(:find).once.with(@user_id).returns(nil) + def login(user = nil) + @current_user = user || stub + request.env['warden'] = stub :user => @current_user + return @current_user end def assert_access_denied(denied = true) -- cgit v1.2.3 From c8f1eb55be6743fcc476d6a8f81e1244e455154a Mon Sep 17 00:00:00 2001 From: Azul Date: Sun, 4 Nov 2012 21:01:58 +0100 Subject: using new login helper and cleaning up test a bit --- help/test/functional/tickets_controller_test.rb | 27 +++++++++++++------------ 1 file changed, 14 insertions(+), 13 deletions(-) diff --git a/help/test/functional/tickets_controller_test.rb b/help/test/functional/tickets_controller_test.rb index 7a03a86..6bdb6c7 100644 --- a/help/test/functional/tickets_controller_test.rb +++ b/help/test/functional/tickets_controller_test.rb @@ -21,13 +21,13 @@ class TicketsControllerTest < ActionController::TestCase assert_difference('Ticket.count') do post :create, :ticket => params end - + assert_response :redirect #assert_equal assigns(:ticket).email, User.current.email #assert_equal User.find(assigns(:ticket).created_by).login, User.current.login assert_nil assigns(:ticket).created_by - assert_equal assigns(:ticket).comments.count, 1 + assert_equal 1, assigns(:ticket).comments.count end @@ -35,28 +35,29 @@ class TicketsControllerTest < ActionController::TestCase params = {:title => "ticket test title", :comments_attributes => {"0" => {"body" =>"body of test ticket"}}} - #todo: should redo this and actually authorize - user = User.last - session[:user_id] = user.id + login User.last assert_difference('Ticket.count') do post :create, :ticket => params end assert_response :redirect - assert_equal assigns(:ticket).created_by, user.id - assert_equal assigns(:ticket).email, user.email + ticket = assigns(:ticket) + assert ticket + assert_equal @current_user.id, ticket.created_by + assert_equal @current_user.email, ticket.email - assert_equal assigns(:ticket).comments.count, 1 + assert_equal 1, assigns(:ticket).comments.count end test "add comment to ticket" do - t = Ticket.last - comment_count = t.comments.count - put :update, :id => t.id, :ticket => {:comments_attributes => {"0" => {"body" =>"NEWER comment"}} } - assert_equal(comment_count + 1, assigns(:ticket).comments.count) - #assert_difference block isn't working + ticket = Ticket.last + assert_difference('Ticket.last.comments.count') do + put :update, :id => ticket.id, + :ticket => {:comments_attributes => {"0" => {"body" =>"NEWER comment"}} } + end + assert_equal ticket, assigns(:ticket) end -- cgit v1.2.3 From ef90c45998b33ba8606c3786875e21496ace4686 Mon Sep 17 00:00:00 2001 From: Azul Date: Sun, 4 Nov 2012 22:14:13 +0100 Subject: fixed functional tests --- .../controller_extension/authentication.rb | 4 +- users/app/controllers/sessions_controller.rb | 6 +- users/test/functional/sessions_controller_test.rb | 85 ++++++++++------------ users/test/integration/api/account_flow_test.rb | 7 +- 4 files changed, 49 insertions(+), 53 deletions(-) diff --git a/users/app/controllers/controller_extension/authentication.rb b/users/app/controllers/controller_extension/authentication.rb index 0408b77..87f7921 100644 --- a/users/app/controllers/controller_extension/authentication.rb +++ b/users/app/controllers/controller_extension/authentication.rb @@ -7,8 +7,8 @@ module ControllerExtension::Authentication helper_method :current_user, :logged_in?, :admin? end - def current_user - @current_user ||= request.env['warden'].user + def authentication_error + warden.winning_strategy.try(:message) end def logged_in? diff --git a/users/app/controllers/sessions_controller.rb b/users/app/controllers/sessions_controller.rb index 06d55eb..722265a 100644 --- a/users/app/controllers/sessions_controller.rb +++ b/users/app/controllers/sessions_controller.rb @@ -3,9 +3,7 @@ class SessionsController < ApplicationController skip_before_filter :verify_authenticity_token def new - if warden.winning_strategy - @errors = warden.winning_strategy.message - end + @errors = authentication_error end def create @@ -17,7 +15,7 @@ class SessionsController < ApplicationController end def destroy - session[:user_id] = nil + logout redirect_to root_path end end diff --git a/users/test/functional/sessions_controller_test.rb b/users/test/functional/sessions_controller_test.rb index 47d7052..4bad12f 100644 --- a/users/test/functional/sessions_controller_test.rb +++ b/users/test/functional/sessions_controller_test.rb @@ -2,74 +2,67 @@ require 'test_helper' class SessionsControllerTest < ActionController::TestCase - def setup + setup do @user = stub :login => "me", :id => 123 @client_hex = 'a123' - @client_rnd = @client_hex.hex - @server_hex = 'b123' - @server_rnd = @server_hex.hex - @server_rnd_exp = 'e123'.hex - @salt = 'stub user salt' - @server_handshake = stub :aa => @client_rnd, :bb => @server_rnd, :b => @server_rnd_exp - @server_auth = 'adfe' end test "should get login screen" do + request.env['warden'].expects(:winning_strategy) get :new assert_response :success + assert_equal "text/html", response.content_type + assert_template "sessions/new" end - test "should perform handshake" do - @user.expects(:initialize_auth). - with(@client_rnd). - returns(@server_handshake) - @server_handshake.expects(:to_json). - returns({'B' => @server_hex, 'salt' => @salt}.to_json) - User.expects(:find_by_param).with(@user.login).returns(@user) - post :create, :login => @user.login, 'A' => @client_hex - assert_equal @server_handshake, session[:handshake] + test "renders json" do + request.env['warden'].expects(:winning_strategy) + get :new, :format => :json assert_response :success - assert_json_response :B => @server_hex, :salt => @salt + assert_json_response :errors => nil end - test "should report user not found" do - unknown = "login_that_does_not_exist" - User.expects(:find_by_param).with(unknown).raises(RECORD_NOT_FOUND) - post :create, :login => unknown + test "renders warden errors" do + strategy = stub :message => "Warden auth did not work" + request.env['warden'].expects(:winning_strategy).returns(strategy) + get :new, :format => :json assert_response :success - assert_json_response :errors => {"login" => ["unknown user"]} + assert_json_response :errors => strategy.message end - test "should authorize" do - session[:handshake] = @server_handshake - @server_handshake.expects(:authenticate!). - with(@client_rnd). - returns(@user) - @server_handshake.expects(:to_json). - returns({:M2 => @server_auth}.to_json) - post :update, :id => @user.login, :client_auth => @client_hex - assert_nil session[:handshake] - assert_json_response :M2 => @server_auth - assert_equal @user.id, session[:user_id] + test "should perform handshake" do + assert_raises ActionView::MissingTemplate do + request.env['warden'].expects(:authenticate!) + post :create, :login => @user.login, 'A' => @client_hex + assert params['A'] + assert params['login'] + end end - test "should report wrong password" do - session[:handshake] = @server_handshake - @server_handshake.expects(:authenticate!). - with(@client_rnd). - raises(WRONG_PASSWORD) - post :update, :id => @user.login, :client_auth => @client_hex - assert_nil session[:handshake] - assert_nil session[:user_id] - assert_json_response :errors => {"password" => ["wrong password"]} + test "should authorize" do + assert_raises ActionView::MissingTemplate do + request.env['warden'].expects(:authenticate!) + session[:handshake] = stub + post :update, :id => @user.login, :client_auth => @client_hex + assert params['client_auth'] + assert session[:handshake] + end end - test "logout should reset sessions user_id" do - session[:user_id] = "set" + test "logout should reset warden user" do + expect_warden_logout delete :destroy - assert_nil session[:user_id] assert_response :redirect assert_redirected_to root_url end + def expect_warden_logout + raw = mock('raw session') do + expects(:inspect) + end + request.env['warden'].expects(:raw_session).returns(raw) + request.env['warden'].expects(:logout) + end + + end diff --git a/users/test/integration/api/account_flow_test.rb b/users/test/integration/api/account_flow_test.rb index 69e0599..dc475b5 100644 --- a/users/test/integration/api/account_flow_test.rb +++ b/users/test/integration/api/account_flow_test.rb @@ -1,6 +1,11 @@ require 'test_helper' class AccountFlowTest < ActionDispatch::IntegrationTest + include Warden::Test::Helpers + + def teardown + Warden.test_reset! + end # this test wraps the api and implements the interface the ruby-srp client. def handshake(login, aa) @@ -52,7 +57,7 @@ class AccountFlowTest < ActionDispatch::IntegrationTest test "signup and wrong password login attempt" do srp = SRP::Client.new(@login, "wrong password") server_auth = srp.authenticate(self) - assert_equal ["wrong password"], server_auth["errors"]['password'] + assert_equal "Could not log in", server_auth["errors"]['password'] assert_nil server_auth["M2"] end -- cgit v1.2.3 From da2804c8f8a800851fa1863f579e2b8e9a57b4cc Mon Sep 17 00:00:00 2001 From: Azul Date: Tue, 6 Nov 2012 11:51:10 +0100 Subject: first steps towards warden srp testing --- core/lib/extensions/testing.rb | 13 +++-- users/app/controllers/sessions_controller.rb | 1 + users/test/integration/api/account_flow_test.rb | 26 ++++++--- .../warden_strategy_secure_remote_password_test.rb | 61 ++++++++++++++++++++++ 4 files changed, 90 insertions(+), 11 deletions(-) create mode 100644 users/test/unit/warden_strategy_secure_remote_password_test.rb diff --git a/core/lib/extensions/testing.rb b/core/lib/extensions/testing.rb index 14a5698..86a059f 100644 --- a/core/lib/extensions/testing.rb +++ b/core/lib/extensions/testing.rb @@ -1,15 +1,22 @@ module LeapWebCore module AssertResponses + # response that works with different TestCases: + # ActionController::TestCase has @response + # ActionDispatch::IntegrationTest has @response + # Rack::Test::Methods defines last_response + def get_response + @response || last_response + end + def assert_attachement_filename(name) assert_equal %Q(attachment; filename="#{name}"), - @response.headers["Content-Disposition"] + get_response.headers["Content-Disposition"] end - def assert_json_response(object) object.stringify_keys! if object.respond_to? :stringify_keys! - assert_equal object, JSON.parse(@response.body) + assert_equal object, JSON.parse(get_response.body) end end diff --git a/users/app/controllers/sessions_controller.rb b/users/app/controllers/sessions_controller.rb index 722265a..72e2892 100644 --- a/users/app/controllers/sessions_controller.rb +++ b/users/app/controllers/sessions_controller.rb @@ -11,6 +11,7 @@ class SessionsController < ApplicationController end def update + debugger authenticate! end diff --git a/users/test/integration/api/account_flow_test.rb b/users/test/integration/api/account_flow_test.rb index dc475b5..4dcca24 100644 --- a/users/test/integration/api/account_flow_test.rb +++ b/users/test/integration/api/account_flow_test.rb @@ -1,7 +1,16 @@ require 'test_helper' -class AccountFlowTest < ActionDispatch::IntegrationTest +CONFIG_RU = (Rails.root + 'config.ru').to_s +OUTER_APP = Rack::Builder.parse_file(CONFIG_RU).first + +class AccountFlowTest < ActiveSupport::TestCase + include Rack::Test::Methods include Warden::Test::Helpers + include LeapWebCore::AssertResponses + + def app + OUTER_APP + end def teardown Warden.test_reset! @@ -9,9 +18,9 @@ class AccountFlowTest < ActionDispatch::IntegrationTest # this test wraps the api and implements the interface the ruby-srp client. def handshake(login, aa) - post "sessions", :login => login, 'A' => aa.to_s(16), :format => :json - assert_response :success - response = JSON.parse(@response.body) + post "/sessions.json", :login => login, 'A' => aa.to_s(16), :format => :json + assert last_response.successful? + response = JSON.parse(last_response.body) if response['errors'] raise RECORD_NOT_FOUND.new(response['errors']) else @@ -20,9 +29,10 @@ class AccountFlowTest < ActionDispatch::IntegrationTest end def validate(m) - put "sessions/" + @login, :client_auth => m.to_s(16), :format => :json - assert_response :success - return JSON.parse(@response.body) + debugger + put "/sessions/" + @login + '.json', :client_auth => m.to_s(16), :format => :json + assert last_response.successful? + return JSON.parse(last_response.body) end def setup @@ -45,7 +55,7 @@ class AccountFlowTest < ActionDispatch::IntegrationTest test "signup response" do assert_json_response :login => @login, :ok => true - assert_response :success + assert last_response.successful? end test "signup and login with srp via api" do diff --git a/users/test/unit/warden_strategy_secure_remote_password_test.rb b/users/test/unit/warden_strategy_secure_remote_password_test.rb new file mode 100644 index 0000000..ee68fe7 --- /dev/null +++ b/users/test/unit/warden_strategy_secure_remote_password_test.rb @@ -0,0 +1,61 @@ +class WardenStrategySecureRemotePasswordTest < ActiveSupport::TestCase + + setup do + @user = stub :login => "me", :id => 123 + @client_hex = 'a123' + @client_rnd = @client_hex.hex + @server_hex = 'b123' + @server_rnd = @server_hex.hex + @server_rnd_exp = 'e123'.hex + @salt = 'stub user salt' + @server_handshake = stub :aa => @client_rnd, :bb => @server_rnd, :b => @server_rnd_exp + @server_auth = 'adfe' + end + + + test "should perform handshake" do + @user.expects(:initialize_auth). + with(@client_rnd). + returns(@server_handshake) + @server_handshake.expects(:to_json). + returns({'B' => @server_hex, 'salt' => @salt}.to_json) + User.expects(:find_by_param).with(@user.login).returns(@user) + assert_equal @server_handshake, session[:handshake] + assert_response :success + assert_json_response :B => @server_hex, :salt => @salt + end + + test "should report user not found" do + unknown = "login_that_does_not_exist" + User.expects(:find_by_param).with(unknown).raises(RECORD_NOT_FOUND) + post :create, :login => unknown + assert_response :success + assert_json_response :errors => {"login" => ["unknown user"]} + end + + test "should authorize" do + session[:handshake] = @server_handshake + @server_handshake.expects(:authenticate!). + with(@client_rnd). + returns(@user) + @server_handshake.expects(:to_json). + returns({:M2 => @server_auth}.to_json) + post :update, :id => @user.login, :client_auth => @client_hex + assert_nil session[:handshake] + assert_json_response :M2 => @server_auth + assert_equal @user.id, session[:user_id] + end + + test "should report wrong password" do + session[:handshake] = @server_handshake + @server_handshake.expects(:authenticate!). + with(@client_rnd). + raises(WRONG_PASSWORD) + post :update, :id => @user.login, :client_auth => @client_hex + assert_nil session[:handshake] + assert_nil session[:user_id] + assert_json_response :errors => {"password" => ["wrong password"]} + end + + +end -- cgit v1.2.3 From e04dc9ab8b9f1aaaf75f327ef4fd0f7f4d755a12 Mon Sep 17 00:00:00 2001 From: Azul Date: Tue, 6 Nov 2012 11:55:18 +0100 Subject: undo accidentally reverted srp-js and ruby 1.9 debugger in gemfile --- Gemfile.lock | 8 -------- users/app/assets/javascripts/srp | 2 +- 2 files changed, 1 insertion(+), 9 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index be3cebb..6792476 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -81,13 +81,6 @@ GEM couchrest_session_store (0.0.1) couchrest couchrest_model - debugger (1.2.1) - columnize (>= 0.3.1) - debugger-linecache (~> 1.1.1) - debugger-ruby_core_source (~> 1.1.4) - debugger-linecache (1.1.2) - debugger-ruby_core_source (>= 1.1.1) - debugger-ruby_core_source (1.1.4) erubis (2.7.0) execjs (1.4.0) multi_json (~> 1.0) @@ -181,7 +174,6 @@ PLATFORMS DEPENDENCIES bootstrap-sass (~> 2.1.0) coffee-rails (~> 3.2.2) - debugger haml (~> 3.1.7) haml-rails (~> 0.3.4) jquery-rails diff --git a/users/app/assets/javascripts/srp b/users/app/assets/javascripts/srp index d6a7804..3bf101b 160000 --- a/users/app/assets/javascripts/srp +++ b/users/app/assets/javascripts/srp @@ -1 +1 @@ -Subproject commit d6a78049f3356d9d645143362eca74434410bf62 +Subproject commit 3bf101bc1ef3b5a58fe2f1e2a2e7a681f6de6c09 -- cgit v1.2.3 From ca2e1b9f379ccba068ad0ebb852d855f1639cd3a Mon Sep 17 00:00:00 2001 From: Azul Date: Fri, 9 Nov 2012 15:07:16 +0100 Subject: merged srp master into json api branch --- users/app/assets/javascripts/srp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/users/app/assets/javascripts/srp b/users/app/assets/javascripts/srp index 3bf101b..efac662 160000 --- a/users/app/assets/javascripts/srp +++ b/users/app/assets/javascripts/srp @@ -1 +1 @@ -Subproject commit 3bf101bc1ef3b5a58fe2f1e2a2e7a681f6de6c09 +Subproject commit efac662cdf31bc4b61ffb97b8c398e22a86c364b -- cgit v1.2.3 From 63c5b2cafdefbd9b13297faa57ee2f18a5c07bf5 Mon Sep 17 00:00:00 2001 From: Azul Date: Fri, 9 Nov 2012 16:05:22 +0100 Subject: got integration test and login flow to work --- users/app/controllers/sessions_controller.rb | 2 +- users/config/initializers/warden.rb | 5 ++--- users/test/integration/api/account_flow_test.rb | 1 - 3 files changed, 3 insertions(+), 5 deletions(-) diff --git a/users/app/controllers/sessions_controller.rb b/users/app/controllers/sessions_controller.rb index 72e2892..486f67e 100644 --- a/users/app/controllers/sessions_controller.rb +++ b/users/app/controllers/sessions_controller.rb @@ -11,8 +11,8 @@ class SessionsController < ApplicationController end def update - debugger authenticate! + render :json => session.delete(:handshake) end def destroy diff --git a/users/config/initializers/warden.rb b/users/config/initializers/warden.rb index 82753ec..11b950f 100644 --- a/users/config/initializers/warden.rb +++ b/users/config/initializers/warden.rb @@ -13,7 +13,7 @@ class Warden::SessionSerializer def deserialize(keys) klass, id = keys - klass.find(id) + klass.constantize.find(id) end end @@ -42,8 +42,7 @@ Warden::Strategies.add(:secure_remote_password) do end def validate! - srp_session = session.delete(:handshake) - user = srp_session.authenticate(params['client_auth'].hex) + user = session[:handshake].authenticate(params['client_auth'].hex) user ? success!(user) : fail!(:password => "Could not log in") end diff --git a/users/test/integration/api/account_flow_test.rb b/users/test/integration/api/account_flow_test.rb index 4dcca24..c9a7109 100644 --- a/users/test/integration/api/account_flow_test.rb +++ b/users/test/integration/api/account_flow_test.rb @@ -29,7 +29,6 @@ class AccountFlowTest < ActiveSupport::TestCase end def validate(m) - debugger put "/sessions/" + @login + '.json', :client_auth => m.to_s(16), :format => :json assert last_response.successful? return JSON.parse(last_response.body) -- cgit v1.2.3 From 5b300b554682c232c0955bdb0dd3d8263dde901e Mon Sep 17 00:00:00 2001 From: Azul Date: Fri, 9 Nov 2012 16:45:54 +0100 Subject: seperated the warden classes from the initializer also commented the sessions controller test a bit and fixed it --- users/config/initializers/warden.rb | 61 ---------------------- users/lib/leap_web_users/engine.rb | 3 ++ users/lib/warden/session_serializer.rb | 13 +++++ .../warden/strategies/secure_remote_password.rb | 57 ++++++++++++++++++++ users/test/functional/sessions_controller_test.rb | 29 +++++----- 5 files changed, 89 insertions(+), 74 deletions(-) create mode 100644 users/lib/warden/session_serializer.rb create mode 100644 users/lib/warden/strategies/secure_remote_password.rb diff --git a/users/config/initializers/warden.rb b/users/config/initializers/warden.rb index 11b950f..45feb6c 100644 --- a/users/config/initializers/warden.rb +++ b/users/config/initializers/warden.rb @@ -5,64 +5,3 @@ end RailsWarden.unauthenticated_action = :new -# Setup Session Serialization -class Warden::SessionSerializer - def serialize(record) - [record.class.name, record.id] - end - - def deserialize(keys) - klass, id = keys - klass.constantize.find(id) - end -end - -Warden::Strategies.add(:secure_remote_password) do - - def valid? - handshake? || authentication? - end - - def authenticate! - if authentication? - validate! - else # handshake - initialize! - end - end - - protected - - def handshake? - params['A'] && params['login'] - end - - def authentication? - params['client_auth'] && session[:handshake] - end - - def validate! - user = session[:handshake].authenticate(params['client_auth'].hex) - user ? success!(user) : fail!(:password => "Could not log in") - end - - def initialize! - user = User.find_by_param(id) - session[:handshake] = user.initialize_auth(params['A'].hex) - custom! json_response(session[:handshake]) - rescue RECORD_NOT_FOUND - fail! :login => "User not found!" - end - - def json_response(object) - [ 200, - {"Content-Type" => "application/json; charset=utf-8"}, - [object.to_json] - ] - end - - def id - params["id"] || params["login"] - end -end - diff --git a/users/lib/leap_web_users/engine.rb b/users/lib/leap_web_users/engine.rb index 42ca072..7033576 100644 --- a/users/lib/leap_web_users/engine.rb +++ b/users/lib/leap_web_users/engine.rb @@ -4,6 +4,9 @@ require "leap_web_core/ui_dependencies" require "rails_warden" require "ruby-srp" +require "warden/session_serializer" +require "warden/strategies/secure_remote_password" + module LeapWebUsers class Engine < ::Rails::Engine diff --git a/users/lib/warden/session_serializer.rb b/users/lib/warden/session_serializer.rb new file mode 100644 index 0000000..81d7076 --- /dev/null +++ b/users/lib/warden/session_serializer.rb @@ -0,0 +1,13 @@ +module Warden + # Setup Session Serialization + class SessionSerializer + def serialize(record) + [record.class.name, record.id] + end + + def deserialize(keys) + klass, id = keys + klass.constantize.find(id) + end + end +end diff --git a/users/lib/warden/strategies/secure_remote_password.rb b/users/lib/warden/strategies/secure_remote_password.rb new file mode 100644 index 0000000..8266e2d --- /dev/null +++ b/users/lib/warden/strategies/secure_remote_password.rb @@ -0,0 +1,57 @@ +module Warden + module Strategies + class SecureRemotePassword < Warden::Strategies::Base + + def valid? + handshake? || authentication? + end + + def authenticate! + if authentication? + validate! + else # handshake + initialize! + end + end + + protected + + def handshake? + params['A'] && params['login'] + end + + def authentication? + params['client_auth'] && session[:handshake] + end + + def validate! + user = session[:handshake].authenticate(params['client_auth'].hex) + user ? success!(user) : fail!(:password => "Could not log in") + end + + def initialize! + user = User.find_by_param(id) + session[:handshake] = user.initialize_auth(params['A'].hex) + custom! json_response(session[:handshake]) + rescue RECORD_NOT_FOUND + fail! :login => "User not found!" + end + + def json_response(object) + [ 200, + {"Content-Type" => "application/json; charset=utf-8"}, + [object.to_json] + ] + end + + def id + params["id"] || params["login"] + end + end + end + Warden::Strategies.add :secure_remote_password, + Warden::Strategies::SecureRemotePassword + +end + + diff --git a/users/test/functional/sessions_controller_test.rb b/users/test/functional/sessions_controller_test.rb index 4bad12f..8f2d95c 100644 --- a/users/test/functional/sessions_controller_test.rb +++ b/users/test/functional/sessions_controller_test.rb @@ -1,5 +1,8 @@ require 'test_helper' +# This is a simple controller unit test. +# We're stubbing out both warden and srp. +# There's an integration test testing the full rack stack and srp class SessionsControllerTest < ActionController::TestCase setup do @@ -30,23 +33,23 @@ class SessionsControllerTest < ActionController::TestCase assert_json_response :errors => strategy.message end + # Warden takes care of parsing the params and + # rendering the response. So not much to test here. test "should perform handshake" do - assert_raises ActionView::MissingTemplate do - request.env['warden'].expects(:authenticate!) - post :create, :login => @user.login, 'A' => @client_hex - assert params['A'] - assert params['login'] - end + request.env['warden'].expects(:authenticate!) + # make sure we don't get a template missing error: + @controller.stubs(:render) + post :create, :login => @user.login, 'A' => @client_hex end test "should authorize" do - assert_raises ActionView::MissingTemplate do - request.env['warden'].expects(:authenticate!) - session[:handshake] = stub - post :update, :id => @user.login, :client_auth => @client_hex - assert params['client_auth'] - assert session[:handshake] - end + request.env['warden'].expects(:authenticate!) + handshake = stub(:to_json => "JSON") + session[:handshake] = handshake + post :update, :id => @user.login, :client_auth => @client_hex + assert_nil session[:handshake] + assert_response :success + assert_equal handshake.to_json, @response.body end test "logout should reset warden user" do -- cgit v1.2.3 From 67dc2685a72c125b53f351c3a75bf812123e96bd Mon Sep 17 00:00:00 2001 From: Azul Date: Mon, 12 Nov 2012 13:03:13 +0100 Subject: fixed signup bug and refactored a bit --- users/app/assets/javascripts/users.js.coffee | 51 ++++++++++++++++------------ 1 file changed, 29 insertions(+), 22 deletions(-) diff --git a/users/app/assets/javascripts/users.js.coffee b/users/app/assets/javascripts/users.js.coffee index 24302fe..8a9f0e9 100644 --- a/users/app/assets/javascripts/users.js.coffee +++ b/users/app/assets/javascripts/users.js.coffee @@ -3,43 +3,50 @@ # You can use CoffeeScript in this file: http://jashkenas.github.com/coffee-script/ # -validate_password = (event) -> +preventDefault = (event) -> + event.preventDefault() - password = $('#srp_password').val() - confirmation = $('#srp_password_confirmation').val() - login = $('#srp_username').val() - - if password != confirmation - alert "Password and Confirmation do not match!" - $('#srp_password').focus() - return false - if password == login - alert "Password and Login may not match!" - $('#srp_password').focus() - return false - if password.length < 8 - alert "Password needs to be at least 8 characters long!" - $('#srp_password').focus() - return false +validOrAbort = (event) -> + errors = {} + + abortIfErrors = -> + return if $.isEmptyObject(errors) + $.each errors, (field, error) -> + alert(error) + $('#srp_password').focus() + event.stopImmediatePropagation() + + validatePassword = -> + password = $('#srp_password').val() + confirmation = $('#srp_password_confirmation').val() + login = $('#srp_username').val() + + if password != confirmation + errors.password_confirmation = "Confirmation does not match!" + if password == login + errors.password = "Password and Login may not match!" + if password.length < 8 + errors.password = "Password needs to be at least 8 characters long!" + + validatePassword() + abortIfErrors() - return true - signup = (event) -> srp = new SRP(jqueryRest()) srp.register -> window.location = '/' - false login = (event) -> srp = new SRP(jqueryRest()) srp.identify -> window.location = '/' - false $(document).ready -> - $('#new_user').submit validate_password + $('#new_user').submit preventDefault + $('#new_user').submit validOrAbort $('#new_user').submit signup + $('#new_session').submit preventDefault $('#new_session').submit login -- cgit v1.2.3 From 05ea71016fd54a14159c72299c25efbdc2f177bc Mon Sep 17 00:00:00 2001 From: Azul Date: Mon, 12 Nov 2012 19:16:19 +0100 Subject: adding client side validations to the mix --- Gemfile.lock | 6 ++++++ app/assets/javascripts/application.js | 2 ++ config/initializers/client_side_validations.rb | 14 ++++++++++++++ ui_dependencies.rb | 2 ++ users/app/views/users/new.html.haml | 2 +- 5 files changed, 25 insertions(+), 1 deletion(-) create mode 100644 config/initializers/client_side_validations.rb diff --git a/Gemfile.lock b/Gemfile.lock index 6792476..a7d110d 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -61,6 +61,10 @@ GEM arel (3.0.2) bootstrap-sass (2.1.0.0) builder (3.0.3) + client_side_validations (3.2.1) + client_side_validations-simple_form (2.0.0) + client_side_validations (~> 3.2.0) + simple_form (~> 2.0.3) coffee-rails (3.2.2) coffee-script (>= 2.2.0) railties (~> 3.2.0) @@ -173,6 +177,8 @@ PLATFORMS DEPENDENCIES bootstrap-sass (~> 2.1.0) + client_side_validations + client_side_validations-simple_form coffee-rails (~> 3.2.2) haml (~> 3.1.7) haml-rails (~> 0.3.4) diff --git a/app/assets/javascripts/application.js b/app/assets/javascripts/application.js index dc975d4..f7ca1ec 100644 --- a/app/assets/javascripts/application.js +++ b/app/assets/javascripts/application.js @@ -16,3 +16,5 @@ //= require users //= require_tree . //= require bootstrap +//= require rails.validations +//= require rails.validations.simple_form diff --git a/config/initializers/client_side_validations.rb b/config/initializers/client_side_validations.rb new file mode 100644 index 0000000..2c73fa3 --- /dev/null +++ b/config/initializers/client_side_validations.rb @@ -0,0 +1,14 @@ +# ClientSideValidations Initializer + +# Uncomment to disable uniqueness validator, possible security issue +# ClientSideValidations::Config.disabled_validators = [:uniqueness] + +# Uncomment the following block if you want each input field to have the validation messages attached. +ActionView::Base.field_error_proc = Proc.new do |html_tag, instance| + unless html_tag =~ /^