From a8cefdcb896736608fcd94456b8f42c8aafd8d7f Mon Sep 17 00:00:00 2001 From: Azul Date: Thu, 22 Nov 2012 10:31:09 +0100 Subject: don't collabse the nav --- app/views/layouts/_navigation.html.haml | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/app/views/layouts/_navigation.html.haml b/app/views/layouts/_navigation.html.haml index e72586a..b75eed7 100644 --- a/app/views/layouts/_navigation.html.haml +++ b/app/views/layouts/_navigation.html.haml @@ -1,7 +1,6 @@ = link_to "Leap Web", root_path, :class => 'brand' -.nav-collapse.collapse - %ul.nav - // = render '/tickets/nav' +%ul.nav + // = render '/tickets/nav' - %ul.nav.pull-right - = render '/sessions/nav' +%ul.nav.pull-right + = render '/sessions/nav' -- cgit v1.2.3 From 7e5db2a28ba872154e5f5002bb84d149a512e36e Mon Sep 17 00:00:00 2001 From: Azul Date: Thu, 22 Nov 2012 10:33:21 +0100 Subject: using the new srp.js api --- users/app/assets/javascripts/srp | 2 +- users/app/assets/javascripts/users.js.coffee | 20 ++++++++++---------- users/app/controllers/sessions_controller.rb | 4 +++- 3 files changed, 14 insertions(+), 12 deletions(-) diff --git a/users/app/assets/javascripts/srp b/users/app/assets/javascripts/srp index efac662..635ea47 160000 --- a/users/app/assets/javascripts/srp +++ b/users/app/assets/javascripts/srp @@ -1 +1 @@ -Subproject commit efac662cdf31bc4b61ffb97b8c398e22a86c364b +Subproject commit 635ea47f1c19d7985a8f5107c070ae19edf9dd54 diff --git a/users/app/assets/javascripts/users.js.coffee b/users/app/assets/javascripts/users.js.coffee index ab437f6..75440ea 100644 --- a/users/app/assets/javascripts/users.js.coffee +++ b/users/app/assets/javascripts/users.js.coffee @@ -27,21 +27,21 @@ validOrAbort = (event) -> abortIfErrors() -signup = (event) -> - srp = new SRP(jqueryRest()) - srp.register -> - window.location = '/' -login = (event) -> - srp = new SRP(jqueryRest()) - srp.identify -> - window.location = '/' +srp.session = new srp.Session() +srp.signedUp = -> + window.location = '/' +srp.loggedIn = -> + window.location = '/' + +srp.error = (message) -> + alert(message) $(document).ready -> $('#new_user').submit preventDefault $('#new_user').submit validOrAbort - $('#new_user').submit signup + $('#new_user').submit srp.signup $('#new_session').submit preventDefault - $('#new_session').submit login + $('#new_session').submit srp.login diff --git a/users/app/controllers/sessions_controller.rb b/users/app/controllers/sessions_controller.rb index 486f67e..66c1c4f 100644 --- a/users/app/controllers/sessions_controller.rb +++ b/users/app/controllers/sessions_controller.rb @@ -3,7 +3,9 @@ class SessionsController < ApplicationController skip_before_filter :verify_authenticity_token def new - @errors = authentication_error + if @errors = authentication_error + render :status => 422 + end end def create -- cgit v1.2.3 From cec9ad7c514f2f3c767bd12bfc3df28db4d1a98b Mon Sep 17 00:00:00 2001 From: Azul Date: Thu, 22 Nov 2012 11:36:25 +0100 Subject: using client side validations for login --- users/app/assets/javascripts/users.js.coffee | 8 ++++++- users/app/controllers/sessions_controller.rb | 1 + users/app/models/session.rb | 34 ++++++++++++++++++++++++++++ users/app/views/sessions/new.html.haml | 2 +- 4 files changed, 43 insertions(+), 2 deletions(-) create mode 100644 users/app/models/session.rb diff --git a/users/app/assets/javascripts/users.js.coffee b/users/app/assets/javascripts/users.js.coffee index 75440ea..6d1dda2 100644 --- a/users/app/assets/javascripts/users.js.coffee +++ b/users/app/assets/javascripts/users.js.coffee @@ -36,7 +36,13 @@ srp.loggedIn = -> window.location = '/' srp.error = (message) -> - alert(message) + if $.isPlainObject(message) && message.errors + for key, value of message.errors + element = $('form input[name="session['+key+']"]') + next unless element + element.trigger('element:validate:fail.ClientSideValidations', value).data('valid', false) + else + alert(message) $(document).ready -> $('#new_user').submit preventDefault diff --git a/users/app/controllers/sessions_controller.rb b/users/app/controllers/sessions_controller.rb index 66c1c4f..32d1ddc 100644 --- a/users/app/controllers/sessions_controller.rb +++ b/users/app/controllers/sessions_controller.rb @@ -3,6 +3,7 @@ class SessionsController < ApplicationController skip_before_filter :verify_authenticity_token def new + @session = Session.new if @errors = authentication_error render :status => 422 end diff --git a/users/app/models/session.rb b/users/app/models/session.rb new file mode 100644 index 0000000..a9fdb1b --- /dev/null +++ b/users/app/models/session.rb @@ -0,0 +1,34 @@ +class Session < SRP::Session + include ActiveModel::Validations + + attr_accessor :login + + validates :login, + :presence => true, + :format => { :with => /\A[A-Za-z\d_]+\z/, + :message => "Only letters, digits and _ allowed" } + + def initialize(user = nil, aa = nil) + super(user, aa) if user + end + + def persisted? + false + end + + def new_record? + true + end + + def to_model + self + end + + def to_key + [object_id] + end + + def to_param + nil + end +end diff --git a/users/app/views/sessions/new.html.haml b/users/app/views/sessions/new.html.haml index c91d3f2..a04f584 100644 --- a/users/app/views/sessions/new.html.haml +++ b/users/app/views/sessions/new.html.haml @@ -1,6 +1,6 @@ .span8.offset2 %h2=t :login - = simple_form_for :session, :url => sessions_path, :html => { :id => :new_session, :class => 'form-horizontal' } do |f| + = simple_form_for @session, :validate => true, :html => { :id => :new_session, :class => 'form-horizontal' } do |f| %legend=t :login_message = f.input :login, :input_html => { :id => :srp_username } = f.input :password, :required => true, :input_html => { :id => :srp_password } -- cgit v1.2.3 From 6d5f8d0f993093b51d1f11bb528c535dcf88a969 Mon Sep 17 00:00:00 2001 From: Azul Date: Thu, 22 Nov 2012 13:05:32 +0100 Subject: beautify login workflow * translating error messages * not caching login and password in js anymore * catching non responses --- users/app/assets/javascripts/srp | 2 +- users/app/assets/javascripts/users.js.coffee | 6 +++--- users/app/controllers/controller_extension/authentication.rb | 8 ++++++-- users/app/controllers/sessions_controller.rb | 3 ++- users/config/locales/en.yml | 2 ++ users/lib/warden/strategies/secure_remote_password.rb | 4 ++-- 6 files changed, 16 insertions(+), 9 deletions(-) diff --git a/users/app/assets/javascripts/srp b/users/app/assets/javascripts/srp index 635ea47..076d6e2 160000 --- a/users/app/assets/javascripts/srp +++ b/users/app/assets/javascripts/srp @@ -1 +1 @@ -Subproject commit 635ea47f1c19d7985a8f5107c070ae19edf9dd54 +Subproject commit 076d6e251e4caf826787d87b11434e535960455c diff --git a/users/app/assets/javascripts/users.js.coffee b/users/app/assets/javascripts/users.js.coffee index 6d1dda2..d0ec32f 100644 --- a/users/app/assets/javascripts/users.js.coffee +++ b/users/app/assets/javascripts/users.js.coffee @@ -37,10 +37,10 @@ srp.loggedIn = -> srp.error = (message) -> if $.isPlainObject(message) && message.errors - for key, value of message.errors - element = $('form input[name="session['+key+']"]') + for field, error of message.errors + element = $('form input[name="session['+field+']"]') next unless element - element.trigger('element:validate:fail.ClientSideValidations', value).data('valid', false) + element.trigger('element:validate:fail.ClientSideValidations', error).data('valid', false) else alert(message) diff --git a/users/app/controllers/controller_extension/authentication.rb b/users/app/controllers/controller_extension/authentication.rb index 87f7921..6ac7a5b 100644 --- a/users/app/controllers/controller_extension/authentication.rb +++ b/users/app/controllers/controller_extension/authentication.rb @@ -7,8 +7,12 @@ module ControllerExtension::Authentication helper_method :current_user, :logged_in?, :admin? end - def authentication_error - warden.winning_strategy.try(:message) + def authentication_errors + return unless errors = warden.winning_strategy.try(:message) + errors.inject({}) do |translated,err| + translated[err.first] = I18n.t(err.last) + translated + end end def logged_in? diff --git a/users/app/controllers/sessions_controller.rb b/users/app/controllers/sessions_controller.rb index 32d1ddc..bc910b5 100644 --- a/users/app/controllers/sessions_controller.rb +++ b/users/app/controllers/sessions_controller.rb @@ -4,7 +4,8 @@ class SessionsController < ApplicationController def new @session = Session.new - if @errors = authentication_error + if authentication_errors + @errors = authentication_errors render :status => 422 end end diff --git a/users/config/locales/en.yml b/users/config/locales/en.yml index 172b85f..be3f28e 100644 --- a/users/config/locales/en.yml +++ b/users/config/locales/en.yml @@ -4,3 +4,5 @@ en: cancel: "Cancel" login: "Login" login_message: "Please login with your account." + wrong_password: "wrong password" + user_not_found: "could not be found" diff --git a/users/lib/warden/strategies/secure_remote_password.rb b/users/lib/warden/strategies/secure_remote_password.rb index 8266e2d..95570e0 100644 --- a/users/lib/warden/strategies/secure_remote_password.rb +++ b/users/lib/warden/strategies/secure_remote_password.rb @@ -26,7 +26,7 @@ module Warden def validate! user = session[:handshake].authenticate(params['client_auth'].hex) - user ? success!(user) : fail!(:password => "Could not log in") + user ? success!(user) : fail!(:password => "wrong_password") end def initialize! @@ -34,7 +34,7 @@ module Warden session[:handshake] = user.initialize_auth(params['A'].hex) custom! json_response(session[:handshake]) rescue RECORD_NOT_FOUND - fail! :login => "User not found!" + fail! :login => "user_not_found" end def json_response(object) -- cgit v1.2.3 From ec87ccfa185a4c063386d385de7af15f993b77d8 Mon Sep 17 00:00:00 2001 From: Azul Date: Thu, 22 Nov 2012 16:22:18 +0100 Subject: fixed tests --- users/app/models/user.rb | 2 +- users/test/functional/sessions_controller_test.rb | 9 +++--- users/test/integration/api/account_flow_test.rb | 39 ++++++++++++----------- 3 files changed, 26 insertions(+), 24 deletions(-) diff --git a/users/app/models/user.rb b/users/app/models/user.rb index 824c439..507eda5 100644 --- a/users/app/models/user.rb +++ b/users/app/models/user.rb @@ -36,7 +36,7 @@ class User < CouchRest::Model::Base # valid set of attributes for testing def valid_attributes_hash { :login => "me", - :password_verifier => "1234ABC", + :password_verifier => "1234ABCD", :password_salt => "4321AB" } end diff --git a/users/test/functional/sessions_controller_test.rb b/users/test/functional/sessions_controller_test.rb index 8f2d95c..93cc032 100644 --- a/users/test/functional/sessions_controller_test.rb +++ b/users/test/functional/sessions_controller_test.rb @@ -26,11 +26,12 @@ class SessionsControllerTest < ActionController::TestCase end test "renders warden errors" do - strategy = stub :message => "Warden auth did not work" - request.env['warden'].expects(:winning_strategy).returns(strategy) + strategy = stub :message => {:field => :translate_me} + request.env['warden'].stubs(:winning_strategy).returns(strategy) + I18n.expects(:t).with(:translate_me).at_least_once.returns("translation stub") get :new, :format => :json - assert_response :success - assert_json_response :errors => strategy.message + assert_response 422 + assert_json_response :errors => {"field" => "translation stub"} end # Warden takes care of parsing the params and diff --git a/users/test/integration/api/account_flow_test.rb b/users/test/integration/api/account_flow_test.rb index c9a7109..4135485 100644 --- a/users/test/integration/api/account_flow_test.rb +++ b/users/test/integration/api/account_flow_test.rb @@ -16,24 +16,6 @@ class AccountFlowTest < ActiveSupport::TestCase Warden.test_reset! end - # this test wraps the api and implements the interface the ruby-srp client. - def handshake(login, aa) - post "/sessions.json", :login => login, 'A' => aa.to_s(16), :format => :json - assert last_response.successful? - response = JSON.parse(last_response.body) - if response['errors'] - raise RECORD_NOT_FOUND.new(response['errors']) - else - return response['B'].hex - end - end - - def validate(m) - put "/sessions/" + @login + '.json', :client_auth => m.to_s(16), :format => :json - assert last_response.successful? - return JSON.parse(last_response.body) - end - def setup @login = "integration_test_user" User.find_by_login(@login).tap{|u| u.destroy if u} @@ -52,6 +34,22 @@ class AccountFlowTest < ActiveSupport::TestCase @user.destroy if @user # make sure we can run this test again end + # this test wraps the api and implements the interface the ruby-srp client. + def handshake(login, aa) + post "/sessions.json", :login => login, 'A' => aa.to_s(16), :format => :json + response = JSON.parse(last_response.body) + if response['errors'] + raise RECORD_NOT_FOUND.new(response['errors']) + else + return response['B'].hex + end + end + + def validate(m) + put "/sessions/" + @login + '.json', :client_auth => m.to_s(16), :format => :json + return JSON.parse(last_response.body) + end + test "signup response" do assert_json_response :login => @login, :ok => true assert last_response.successful? @@ -59,6 +57,7 @@ class AccountFlowTest < ActiveSupport::TestCase test "signup and login with srp via api" do server_auth = @srp.authenticate(self) + assert last_response.successful? assert_nil server_auth["errors"] assert server_auth["M2"] end @@ -66,7 +65,8 @@ class AccountFlowTest < ActiveSupport::TestCase test "signup and wrong password login attempt" do srp = SRP::Client.new(@login, "wrong password") server_auth = srp.authenticate(self) - assert_equal "Could not log in", server_auth["errors"]['password'] + assert !last_response.successful? + assert_equal "wrong password", server_auth["errors"]['password'] assert_nil server_auth["M2"] end @@ -76,6 +76,7 @@ class AccountFlowTest < ActiveSupport::TestCase assert_raises RECORD_NOT_FOUND do server_auth = srp.authenticate(self) end + assert !last_response.successful? assert_nil server_auth end -- cgit v1.2.3