From e8032fd9027435c57572fd0d8bab411841859cbc Mon Sep 17 00:00:00 2001 From: jessib Date: Mon, 23 Dec 2013 16:44:18 -0800 Subject: Initial start to messages API. --- users/app/controllers/v1/messages_controller.rb | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 users/app/controllers/v1/messages_controller.rb (limited to 'users/app/controllers') diff --git a/users/app/controllers/v1/messages_controller.rb b/users/app/controllers/v1/messages_controller.rb new file mode 100644 index 0000000..e67e2a3 --- /dev/null +++ b/users/app/controllers/v1/messages_controller.rb @@ -0,0 +1,25 @@ +module V1 + class MessagesController < ApplicationController + + # TODO need to add authentication + respond_to :json + + def user_messages(unseen = true) + user_messages = unseen ? UserMessage.by_user_id_and_seen(:key => [params[:user_id], false]).all : UserMessage.by_user_id(:key => params[:user_id]).all + + messages = [] + user_messages.each do |um| + messages << Message.find(um.message.id) + end + + render json: messages + end + + + # only for PUT + def mark_read + # params[:user_id] params[:message_id] + end + + end +end -- cgit v1.2.3 From a9ff52501e9c04edacd250dd94ee3f3ad28cd73d Mon Sep 17 00:00:00 2001 From: jessib Date: Tue, 24 Dec 2013 11:13:28 -0800 Subject: API method to mark a user's message as read (will refactor) --- users/app/controllers/v1/messages_controller.rb | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) (limited to 'users/app/controllers') diff --git a/users/app/controllers/v1/messages_controller.rb b/users/app/controllers/v1/messages_controller.rb index e67e2a3..a4e9aec 100644 --- a/users/app/controllers/v1/messages_controller.rb +++ b/users/app/controllers/v1/messages_controller.rb @@ -4,6 +4,7 @@ module V1 # TODO need to add authentication respond_to :json + # for now, will not pass unseen, so unseen will always be true def user_messages(unseen = true) user_messages = unseen ? UserMessage.by_user_id_and_seen(:key => [params[:user_id], false]).all : UserMessage.by_user_id(:key => params[:user_id]).all @@ -16,9 +17,17 @@ module V1 end - # only for PUT + # routes ensure this is only for PUT def mark_read - # params[:user_id] params[:message_id] + user_message = UserMessage.find_by_user_id_and_message_id([params[:user_id], params[:message_id]]) + user_message.seen = true + + # TODO what to return? + if user_message.save + render json: true + else + render json: false + end end end -- cgit v1.2.3 From e4390e2ee5b2df20038f12865db462cf1e208ee6 Mon Sep 17 00:00:00 2001 From: jessib Date: Tue, 24 Dec 2013 12:23:04 -0800 Subject: Add API tests and some refactoring of messages so we can get a user's messages within the webapp. --- users/app/controllers/v1/messages_controller.rb | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) (limited to 'users/app/controllers') diff --git a/users/app/controllers/v1/messages_controller.rb b/users/app/controllers/v1/messages_controller.rb index a4e9aec..fa98042 100644 --- a/users/app/controllers/v1/messages_controller.rb +++ b/users/app/controllers/v1/messages_controller.rb @@ -6,14 +6,8 @@ module V1 # for now, will not pass unseen, so unseen will always be true def user_messages(unseen = true) - user_messages = unseen ? UserMessage.by_user_id_and_seen(:key => [params[:user_id], false]).all : UserMessage.by_user_id(:key => params[:user_id]).all - - messages = [] - user_messages.each do |um| - messages << Message.find(um.message.id) - end - - render json: messages + user = User.find(params[:user_id]) + render json: (user ? user.messages : [] ) end -- cgit v1.2.3 From 7f12c795207ac818bffac42aa581bf1165f9e424 Mon Sep 17 00:00:00 2001 From: jessib Date: Tue, 24 Dec 2013 13:27:22 -0800 Subject: Catching some corner cases & new tests. --- users/app/controllers/v1/messages_controller.rb | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'users/app/controllers') diff --git a/users/app/controllers/v1/messages_controller.rb b/users/app/controllers/v1/messages_controller.rb index fa98042..d49b161 100644 --- a/users/app/controllers/v1/messages_controller.rb +++ b/users/app/controllers/v1/messages_controller.rb @@ -10,14 +10,13 @@ module V1 render json: (user ? user.messages : [] ) end - # routes ensure this is only for PUT def mark_read user_message = UserMessage.find_by_user_id_and_message_id([params[:user_id], params[:message_id]]) - user_message.seen = true + user_message.seen = true if user_message # TODO what to return? - if user_message.save + if user_message and user_message.save render json: true else render json: false -- cgit v1.2.3 From 16b28882aa7659fb89e1661ed8af0c0db72642c8 Mon Sep 17 00:00:00 2001 From: jessib Date: Mon, 30 Dec 2013 15:22:44 -0800 Subject: Change structure to be more no-sql-y, rather than relational. --- users/app/controllers/v1/messages_controller.rb | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'users/app/controllers') diff --git a/users/app/controllers/v1/messages_controller.rb b/users/app/controllers/v1/messages_controller.rb index d49b161..18f9f46 100644 --- a/users/app/controllers/v1/messages_controller.rb +++ b/users/app/controllers/v1/messages_controller.rb @@ -12,6 +12,7 @@ module V1 # routes ensure this is only for PUT def mark_read +=begin user_message = UserMessage.find_by_user_id_and_message_id([params[:user_id], params[:message_id]]) user_message.seen = true if user_message @@ -22,6 +23,17 @@ module V1 render json: false end end +=end + if (user = User.find(params[:user_id])) && Message.find(params[:message_id]) + user.message_ids_seen << params[:message_id] if !user.message_ids_seen.include?(params[:message_id]) #is it quicker to instead run uniq after adding? + user.message_ids_to_see.delete(params[:message_id]) + user.save + render json: true + return + else + render json: false + end + end end end -- cgit v1.2.3 From f9c96f8844205afe3c310b5b914752068728d38f Mon Sep 17 00:00:00 2001 From: jessib Date: Tue, 31 Dec 2013 11:48:18 -0800 Subject: Cleanup of code for messages API and cron job for 1 month payment warning. Authentication still remaining piece. --- users/app/controllers/v1/messages_controller.rb | 15 +++------------ 1 file changed, 3 insertions(+), 12 deletions(-) (limited to 'users/app/controllers') diff --git a/users/app/controllers/v1/messages_controller.rb b/users/app/controllers/v1/messages_controller.rb index 18f9f46..42a88f7 100644 --- a/users/app/controllers/v1/messages_controller.rb +++ b/users/app/controllers/v1/messages_controller.rb @@ -12,20 +12,11 @@ module V1 # routes ensure this is only for PUT def mark_read -=begin - user_message = UserMessage.find_by_user_id_and_message_id([params[:user_id], params[:message_id]]) - user_message.seen = true if user_message - # TODO what to return? - if user_message and user_message.save - render json: true - else - render json: false - end - end -=end + # make sure user and message exist if (user = User.find(params[:user_id])) && Message.find(params[:message_id]) - user.message_ids_seen << params[:message_id] if !user.message_ids_seen.include?(params[:message_id]) #is it quicker to instead run uniq after adding? + + user.message_ids_seen << params[:message_id] if !user.message_ids_seen.include?(params[:message_id]) #TODO: is it quicker to instead call uniq! after adding? user.message_ids_to_see.delete(params[:message_id]) user.save render json: true -- cgit v1.2.3 From 47d9b62913789358aefe769de6b7e33da8547891 Mon Sep 17 00:00:00 2001 From: jessib Date: Tue, 31 Dec 2013 12:16:43 -0800 Subject: Add authentication to API, but not sure it is best way. --- users/app/controllers/v1/messages_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'users/app/controllers') diff --git a/users/app/controllers/v1/messages_controller.rb b/users/app/controllers/v1/messages_controller.rb index 42a88f7..b58dfe9 100644 --- a/users/app/controllers/v1/messages_controller.rb +++ b/users/app/controllers/v1/messages_controller.rb @@ -1,7 +1,7 @@ module V1 class MessagesController < ApplicationController - # TODO need to add authentication + before_filter :authorize_admin # not sure this is best way respond_to :json # for now, will not pass unseen, so unseen will always be true -- cgit v1.2.3 From c7e66852324714a166dd35dc3d5873a0053dcb9b Mon Sep 17 00:00:00 2001 From: jessib Date: Tue, 7 Jan 2014 12:57:01 -0800 Subject: Some refactoring, to simplify user model, optimize, and allow messages to be sorted by date (although are not now.) Also, rather than use whenever gem, will have cron job created to call task. --- users/app/controllers/v1/messages_controller.rb | 29 +++++++++++-------------- 1 file changed, 13 insertions(+), 16 deletions(-) (limited to 'users/app/controllers') diff --git a/users/app/controllers/v1/messages_controller.rb b/users/app/controllers/v1/messages_controller.rb index b58dfe9..371b83e 100644 --- a/users/app/controllers/v1/messages_controller.rb +++ b/users/app/controllers/v1/messages_controller.rb @@ -1,30 +1,27 @@ module V1 class MessagesController < ApplicationController - before_filter :authorize_admin # not sure this is best way + skip_before_filter :verify_authenticity_token + before_filter :authorize + respond_to :json - # for now, will not pass unseen, so unseen will always be true - def user_messages(unseen = true) - user = User.find(params[:user_id]) - render json: (user ? user.messages : [] ) + def index + render json: (current_user ? current_user.messages : [] ) end - # routes ensure this is only for PUT - def mark_read - - # make sure user and message exist - if (user = User.find(params[:user_id])) && Message.find(params[:message_id]) - - user.message_ids_seen << params[:message_id] if !user.message_ids_seen.include?(params[:message_id]) #TODO: is it quicker to instead call uniq! after adding? - user.message_ids_to_see.delete(params[:message_id]) - user.save + def update + message = Message.find(params[:id]) + if (message and current_user) + message.user_ids_to_show.delete(current_user.id) + # is it necessary to keep track of what users have already seen it?: + message.user_ids_have_shown << current_user.id if !message.user_ids_have_shown.include?(current_user.id) #TODO: is it quicker to instead call uniq! after adding? + message.save render json: true - return else render json: false end - end + end end -- cgit v1.2.3 From 6c478c5a1634b5da9d269c938f67d2ac4d8f03df Mon Sep 17 00:00:00 2001 From: jessib Date: Thu, 9 Jan 2014 12:18:37 -0800 Subject: Some more cleanup, but still want to make sure by_user_ids_to_show_and_created_at view is right before issuing pull request. --- users/app/controllers/v1/messages_controller.rb | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'users/app/controllers') diff --git a/users/app/controllers/v1/messages_controller.rb b/users/app/controllers/v1/messages_controller.rb index 371b83e..1b994ca 100644 --- a/users/app/controllers/v1/messages_controller.rb +++ b/users/app/controllers/v1/messages_controller.rb @@ -14,8 +14,9 @@ module V1 message = Message.find(params[:id]) if (message and current_user) message.user_ids_to_show.delete(current_user.id) - # is it necessary to keep track of what users have already seen it?: - message.user_ids_have_shown << current_user.id if !message.user_ids_have_shown.include?(current_user.id) #TODO: is it quicker to instead call uniq! after adding? + # is it necessary to keep track of what users have already seen it? + message.user_ids_have_shown << current_user.id if !message.user_ids_have_shown.include?(current_user.id) + # TODO: is it quicker to call uniq! after adding rather than check if it is already included? message.save render json: true else -- cgit v1.2.3 From bd867c51c4d9e3d4c6b4c55d326eb9b13b89288b Mon Sep 17 00:00:00 2001 From: Azul Date: Mon, 10 Feb 2014 14:23:38 +0100 Subject: minor: move some logic from message controller into model --- users/app/controllers/v1/messages_controller.rb | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) (limited to 'users/app/controllers') diff --git a/users/app/controllers/v1/messages_controller.rb b/users/app/controllers/v1/messages_controller.rb index 1b994ca..55292ff 100644 --- a/users/app/controllers/v1/messages_controller.rb +++ b/users/app/controllers/v1/messages_controller.rb @@ -13,10 +13,7 @@ module V1 def update message = Message.find(params[:id]) if (message and current_user) - message.user_ids_to_show.delete(current_user.id) - # is it necessary to keep track of what users have already seen it? - message.user_ids_have_shown << current_user.id if !message.user_ids_have_shown.include?(current_user.id) - # TODO: is it quicker to call uniq! after adding rather than check if it is already included? + message.mark_as_read_by(current_user) message.save render json: true else -- cgit v1.2.3 From e1243d02953b4012d6bb216efc9b0606809ab4bb Mon Sep 17 00:00:00 2001 From: Azul Date: Thu, 6 Feb 2014 09:47:37 +0100 Subject: minor: refactor token auth a bit --- .../controller_extension/token_authentication.rb | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) (limited to 'users/app/controllers') diff --git a/users/app/controllers/controller_extension/token_authentication.rb b/users/app/controllers/controller_extension/token_authentication.rb index 530294a..cd5c074 100644 --- a/users/app/controllers/controller_extension/token_authentication.rb +++ b/users/app/controllers/controller_extension/token_authentication.rb @@ -1,11 +1,14 @@ module ControllerExtension::TokenAuthentication extend ActiveSupport::Concern - def token_authenticate - authenticate_with_http_token do |token_id, options| - @token = Token.find(token_id) + def token + @token ||= authenticate_with_http_token do |token_id, options| + Token.find(token_id) end - @token.authenticate if @token + end + + def token_authenticate + token.authenticate if token end def logout @@ -14,10 +17,7 @@ module ControllerExtension::TokenAuthentication end def clear_token - authenticate_with_http_token do |token_id, options| - @token = Token.find(token_id) - @token.destroy if @token - end + token.destroy if token end end -- cgit v1.2.3 From 3f9dc65636afb57fed441978dca4bf7d3209bd2d Mon Sep 17 00:00:00 2001 From: Azul Date: Fri, 7 Feb 2014 14:38:56 +0100 Subject: rename authorize to require_login authorize_admin -> require_admin also add require_token which will ensure token has been used for auth. --- users/app/controllers/controller_extension/authentication.rb | 4 ++-- users/app/controllers/controller_extension/token_authentication.rb | 4 ++++ users/app/controllers/users_controller.rb | 4 ++-- users/app/controllers/v1/users_controller.rb | 4 ++-- 4 files changed, 10 insertions(+), 6 deletions(-) (limited to 'users/app/controllers') diff --git a/users/app/controllers/controller_extension/authentication.rb b/users/app/controllers/controller_extension/authentication.rb index d831fbe..e83d6b2 100644 --- a/users/app/controllers/controller_extension/authentication.rb +++ b/users/app/controllers/controller_extension/authentication.rb @@ -15,7 +15,7 @@ module ControllerExtension::Authentication !!current_user end - def authorize + def require_login access_denied unless logged_in? end @@ -38,7 +38,7 @@ module ControllerExtension::Authentication current_user && current_user.is_admin? end - def authorize_admin + def require_admin access_denied unless admin? end diff --git a/users/app/controllers/controller_extension/token_authentication.rb b/users/app/controllers/controller_extension/token_authentication.rb index cd5c074..ee24f73 100644 --- a/users/app/controllers/controller_extension/token_authentication.rb +++ b/users/app/controllers/controller_extension/token_authentication.rb @@ -11,6 +11,10 @@ module ControllerExtension::TokenAuthentication token.authenticate if token end + def require_token + access_denied unless token + end + def logout super clear_token diff --git a/users/app/controllers/users_controller.rb b/users/app/controllers/users_controller.rb index a5461cd..6b32d49 100644 --- a/users/app/controllers/users_controller.rb +++ b/users/app/controllers/users_controller.rb @@ -4,9 +4,9 @@ class UsersController < UsersBaseController - before_filter :authorize, :only => [:show, :edit, :update, :destroy] + before_filter :require_login, :except => [:new] + before_filter :require_admin, :only => [:index, :deactivate, :enable] before_filter :fetch_user, :only => [:show, :edit, :update, :destroy, :deactivate, :enable] - before_filter :authorize_admin, :only => [:index, :deactivate, :enable] respond_to :html diff --git a/users/app/controllers/v1/users_controller.rb b/users/app/controllers/v1/users_controller.rb index 0903888..a16c6e9 100644 --- a/users/app/controllers/v1/users_controller.rb +++ b/users/app/controllers/v1/users_controller.rb @@ -3,8 +3,8 @@ module V1 skip_before_filter :verify_authenticity_token before_filter :fetch_user, :only => [:update] - before_filter :authorize, :only => [:update] - before_filter :authorize_admin, :only => [:index] + before_filter :require_login, :only => [:update, :index] + before_filter :require_admin, :only => [:index] respond_to :json -- cgit v1.2.3 From cbd757cf151cd61bfdd5637d09f43e4831fec3bb Mon Sep 17 00:00:00 2001 From: Azul Date: Sat, 8 Feb 2014 16:15:46 +0100 Subject: require token when updating user via API --- users/app/controllers/v1/users_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'users/app/controllers') diff --git a/users/app/controllers/v1/users_controller.rb b/users/app/controllers/v1/users_controller.rb index a16c6e9..8897d01 100644 --- a/users/app/controllers/v1/users_controller.rb +++ b/users/app/controllers/v1/users_controller.rb @@ -3,8 +3,8 @@ module V1 skip_before_filter :verify_authenticity_token before_filter :fetch_user, :only => [:update] - before_filter :require_login, :only => [:update, :index] before_filter :require_admin, :only => [:index] + before_filter :require_token, :only => [:update] respond_to :json -- cgit v1.2.3 From c8fcd0d26c3ad5c1c3cfbaf6b57239f907925ed6 Mon Sep 17 00:00:00 2001 From: Azul Date: Sat, 8 Feb 2014 16:20:37 +0100 Subject: require token when logging out via API --- users/app/controllers/v1/sessions_controller.rb | 1 + 1 file changed, 1 insertion(+) (limited to 'users/app/controllers') diff --git a/users/app/controllers/v1/sessions_controller.rb b/users/app/controllers/v1/sessions_controller.rb index eb6c322..eae3a1e 100644 --- a/users/app/controllers/v1/sessions_controller.rb +++ b/users/app/controllers/v1/sessions_controller.rb @@ -2,6 +2,7 @@ module V1 class SessionsController < ApplicationController skip_before_filter :verify_authenticity_token + before_filter :require_token, only: :destroy def new @session = Session.new -- cgit v1.2.3 From 3a478804aa48b08fbeded5144677744c427c112f Mon Sep 17 00:00:00 2001 From: Azul Date: Mon, 10 Feb 2014 14:29:34 +0100 Subject: require token in messages controller --- users/app/controllers/v1/messages_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'users/app/controllers') diff --git a/users/app/controllers/v1/messages_controller.rb b/users/app/controllers/v1/messages_controller.rb index 1b994ca..90986e2 100644 --- a/users/app/controllers/v1/messages_controller.rb +++ b/users/app/controllers/v1/messages_controller.rb @@ -2,7 +2,7 @@ module V1 class MessagesController < ApplicationController skip_before_filter :verify_authenticity_token - before_filter :authorize + before_filter :require_token respond_to :json -- cgit v1.2.3 From b6c8279a39f933257be11fc29f5b7d59efff743f Mon Sep 17 00:00:00 2001 From: Azul Date: Mon, 10 Feb 2014 14:34:17 +0100 Subject: require_token now checks for token and login --- users/app/controllers/controller_extension/token_authentication.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'users/app/controllers') diff --git a/users/app/controllers/controller_extension/token_authentication.rb b/users/app/controllers/controller_extension/token_authentication.rb index ee24f73..6e0a6ce 100644 --- a/users/app/controllers/controller_extension/token_authentication.rb +++ b/users/app/controllers/controller_extension/token_authentication.rb @@ -8,11 +8,11 @@ module ControllerExtension::TokenAuthentication end def token_authenticate - token.authenticate if token + @token_authenticated ||= token.authenticate if token end def require_token - access_denied unless token + access_denied unless token_authenticate end def logout -- cgit v1.2.3 From aeb5d8cf8dc6329906f14bf4595a229e002691c1 Mon Sep 17 00:00:00 2001 From: Azul Date: Fri, 4 Apr 2014 15:40:22 +0200 Subject: redirect home when logged in visits /signup (#5446) --- users/app/controllers/controller_extension/authentication.rb | 7 +++++++ users/app/controllers/sessions_controller.rb | 3 ++- users/app/controllers/users_controller.rb | 1 + 3 files changed, 10 insertions(+), 1 deletion(-) (limited to 'users/app/controllers') diff --git a/users/app/controllers/controller_extension/authentication.rb b/users/app/controllers/controller_extension/authentication.rb index e83d6b2..03d3989 100644 --- a/users/app/controllers/controller_extension/authentication.rb +++ b/users/app/controllers/controller_extension/authentication.rb @@ -19,6 +19,13 @@ module ControllerExtension::Authentication access_denied unless logged_in? end + # some actions only make sense if you are not logged in yet. + # (login, signup). If a user tries to perform these they will + # be redirected to their dashboard. + def redirect_if_logged_in + redirect_to home_url if logged_in? + end + def access_denied respond_to do |format| format.html do diff --git a/users/app/controllers/sessions_controller.rb b/users/app/controllers/sessions_controller.rb index 0195f30..8919a4d 100644 --- a/users/app/controllers/sessions_controller.rb +++ b/users/app/controllers/sessions_controller.rb @@ -1,7 +1,8 @@ class SessionsController < ApplicationController + before_filter :redirect_if_logged_in, :only => [:new] + def new - redirect_to home_url if logged_in? @session = Session.new if authentication_errors @errors = authentication_errors diff --git a/users/app/controllers/users_controller.rb b/users/app/controllers/users_controller.rb index 6b32d49..c8e09b6 100644 --- a/users/app/controllers/users_controller.rb +++ b/users/app/controllers/users_controller.rb @@ -5,6 +5,7 @@ class UsersController < UsersBaseController before_filter :require_login, :except => [:new] + before_filter :redirect_if_logged_in, :only => [:new] before_filter :require_admin, :only => [:index, :deactivate, :enable] before_filter :fetch_user, :only => [:show, :edit, :update, :destroy, :deactivate, :enable] -- cgit v1.2.3 From b6d14dc19dd350a807826e3e097738a36613e083 Mon Sep 17 00:00:00 2001 From: Azul Date: Tue, 8 Apr 2014 11:49:14 +0200 Subject: moving users: app and test files --- users/app/controllers/.gitkeep | 0 .../app/controllers/account_settings_controller.rb | 0 .../controller_extension/authentication.rb | 75 ---------------------- .../controller_extension/token_authentication.rb | 27 -------- users/app/controllers/keys_controller.rb | 18 ------ users/app/controllers/sessions_controller.rb | 28 -------- users/app/controllers/users_base_controller.rb | 18 ------ users/app/controllers/users_controller.rb | 69 -------------------- users/app/controllers/v1/messages_controller.rb | 25 -------- users/app/controllers/v1/sessions_controller.rb | 45 ------------- users/app/controllers/v1/users_controller.rb | 32 --------- users/app/controllers/webfinger_controller.rb | 19 ------ 12 files changed, 356 deletions(-) delete mode 100644 users/app/controllers/.gitkeep delete mode 100644 users/app/controllers/account_settings_controller.rb delete mode 100644 users/app/controllers/controller_extension/authentication.rb delete mode 100644 users/app/controllers/controller_extension/token_authentication.rb delete mode 100644 users/app/controllers/keys_controller.rb delete mode 100644 users/app/controllers/sessions_controller.rb delete mode 100644 users/app/controllers/users_base_controller.rb delete mode 100644 users/app/controllers/users_controller.rb delete mode 100644 users/app/controllers/v1/messages_controller.rb delete mode 100644 users/app/controllers/v1/sessions_controller.rb delete mode 100644 users/app/controllers/v1/users_controller.rb delete mode 100644 users/app/controllers/webfinger_controller.rb (limited to 'users/app/controllers') diff --git a/users/app/controllers/.gitkeep b/users/app/controllers/.gitkeep deleted file mode 100644 index e69de29..0000000 diff --git a/users/app/controllers/account_settings_controller.rb b/users/app/controllers/account_settings_controller.rb deleted file mode 100644 index e69de29..0000000 diff --git a/users/app/controllers/controller_extension/authentication.rb b/users/app/controllers/controller_extension/authentication.rb deleted file mode 100644 index 03d3989..0000000 --- a/users/app/controllers/controller_extension/authentication.rb +++ /dev/null @@ -1,75 +0,0 @@ -module ControllerExtension::Authentication - extend ActiveSupport::Concern - - private - - included do - helper_method :current_user, :logged_in?, :admin? - end - - def current_user - @current_user ||= token_authenticate || warden.user - end - - def logged_in? - !!current_user - end - - def require_login - access_denied unless logged_in? - end - - # some actions only make sense if you are not logged in yet. - # (login, signup). If a user tries to perform these they will - # be redirected to their dashboard. - def redirect_if_logged_in - redirect_to home_url if logged_in? - end - - def access_denied - respond_to do |format| - format.html do - if logged_in? - redirect_to home_url, :alert => t(:not_authorized) - else - redirect_to login_url, :alert => t(:not_authorized_login) - end - end - format.json do - render :json => {'error' => t(:not_authorized)}, status: :unprocessable_entity - end - end - end - - def admin? - current_user && current_user.is_admin? - end - - def require_admin - access_denied unless admin? - end - - def authentication_errors - return unless attempted_login? - errors = get_warden_errors - errors.inject({}) do |translated,err| - translated[err.first] = I18n.t(err.last) - translated - end - end - - def get_warden_errors - if strategy = warden.winning_strategy - message = strategy.message - # in case we get back the default message to fail! - message.respond_to?(:inject) ? message : { base: message } - else - { login: :all_strategies_failed } - end - end - - def attempted_login? - request.env['warden.options'] && - request.env['warden.options'][:attempted_path] - end -end diff --git a/users/app/controllers/controller_extension/token_authentication.rb b/users/app/controllers/controller_extension/token_authentication.rb deleted file mode 100644 index 6e0a6ce..0000000 --- a/users/app/controllers/controller_extension/token_authentication.rb +++ /dev/null @@ -1,27 +0,0 @@ -module ControllerExtension::TokenAuthentication - extend ActiveSupport::Concern - - def token - @token ||= authenticate_with_http_token do |token_id, options| - Token.find(token_id) - end - end - - def token_authenticate - @token_authenticated ||= token.authenticate if token - end - - def require_token - access_denied unless token_authenticate - end - - def logout - super - clear_token - end - - def clear_token - token.destroy if token - end -end - diff --git a/users/app/controllers/keys_controller.rb b/users/app/controllers/keys_controller.rb deleted file mode 100644 index fb28901..0000000 --- a/users/app/controllers/keys_controller.rb +++ /dev/null @@ -1,18 +0,0 @@ -class KeysController < ApplicationController - - # - # Render the user's key as plain text, without a layout. - # - # We will show blank page if user doesn't have key (which shouldn't generally occur) - # and a 404 error if user doesn't exist - # - def show - user = User.find_by_login(params[:login]) - if user - render text: user.public_key, content_type: 'text/text' - else - raise ActionController::RoutingError.new('Not Found') - end - end - -end diff --git a/users/app/controllers/sessions_controller.rb b/users/app/controllers/sessions_controller.rb deleted file mode 100644 index 8919a4d..0000000 --- a/users/app/controllers/sessions_controller.rb +++ /dev/null @@ -1,28 +0,0 @@ -class SessionsController < ApplicationController - - before_filter :redirect_if_logged_in, :only => [:new] - - def new - @session = Session.new - if authentication_errors - @errors = authentication_errors - render :status => 422 - end - end - - def destroy - logout - redirect_to home_url - end - - # - # this is a bad hack, but user_url(user) is not available - # also, this doesn't work because the redirect happens as a PUT. no idea why. - # - #Warden::Manager.after_authentication do |user, auth, opts| - # response = Rack::Response.new - # response.redirect "/users/#{user.id}" - # throw :warden, response.finish - #end - -end diff --git a/users/app/controllers/users_base_controller.rb b/users/app/controllers/users_base_controller.rb deleted file mode 100644 index 9becf0d..0000000 --- a/users/app/controllers/users_base_controller.rb +++ /dev/null @@ -1,18 +0,0 @@ -# -# common base class for all user related controllers -# - -class UsersBaseController < ApplicationController - - protected - - def fetch_user - @user = User.find(params[:user_id] || params[:id]) - if !@user && admin? - redirect_to users_url, :alert => t(:no_such_thing, :thing => 'user') - elsif !admin? && @user != current_user - access_denied - end - end - -end diff --git a/users/app/controllers/users_controller.rb b/users/app/controllers/users_controller.rb deleted file mode 100644 index c8e09b6..0000000 --- a/users/app/controllers/users_controller.rb +++ /dev/null @@ -1,69 +0,0 @@ -# -# This is an HTML-only controller. For the JSON-only controller, see v1/users_controller.rb -# - -class UsersController < UsersBaseController - - before_filter :require_login, :except => [:new] - before_filter :redirect_if_logged_in, :only => [:new] - before_filter :require_admin, :only => [:index, :deactivate, :enable] - before_filter :fetch_user, :only => [:show, :edit, :update, :destroy, :deactivate, :enable] - - respond_to :html - - def index - if params[:query] - if @user = User.find_by_login(params[:query]) - redirect_to @user - return - else - @users = User.by_login.startkey(params[:query]).endkey(params[:query].succ) - end - else - @users = User.by_created_at.descending - end - @users = @users.limit(100) - end - - def new - @user = User.new - end - - def show - end - - def edit - end - - ## added so updating service level works, but not sure we will actually want this. also not sure that this is place to prevent user from updating own effective service level, but here as placeholder: - def update - @user.update_attributes(params[:user]) unless (!admin? and params[:user][:effective_service_level]) - respond_with @user - end - - def deactivate - @user.enabled = false - @user.save - respond_with @user - end - - def enable - @user.enabled = true - @user.save - respond_with @user - end - - def destroy - @user.account.destroy - flash[:notice] = I18n.t(:account_destroyed) - # admins can destroy other users - if @user != current_user - redirect_to users_url - else - # let's remove the invalid session - logout - redirect_to bye_url - end - end - -end diff --git a/users/app/controllers/v1/messages_controller.rb b/users/app/controllers/v1/messages_controller.rb deleted file mode 100644 index f71d0f1..0000000 --- a/users/app/controllers/v1/messages_controller.rb +++ /dev/null @@ -1,25 +0,0 @@ -module V1 - class MessagesController < ApplicationController - - skip_before_filter :verify_authenticity_token - before_filter :require_token - - respond_to :json - - def index - render json: (current_user ? current_user.messages : [] ) - end - - def update - message = Message.find(params[:id]) - if (message and current_user) - message.mark_as_read_by(current_user) - message.save - render json: true - else - render json: false - end - end - - end -end diff --git a/users/app/controllers/v1/sessions_controller.rb b/users/app/controllers/v1/sessions_controller.rb deleted file mode 100644 index eae3a1e..0000000 --- a/users/app/controllers/v1/sessions_controller.rb +++ /dev/null @@ -1,45 +0,0 @@ -module V1 - class SessionsController < ApplicationController - - skip_before_filter :verify_authenticity_token - before_filter :require_token, only: :destroy - - def new - @session = Session.new - if authentication_errors - @errors = authentication_errors - render :status => 422 - end - end - - def create - logout if logged_in? - if params['A'] - authenticate! - else - @user = User.find_by_login(params['login']) - render :json => {salt: @user.salt} - end - end - - def update - authenticate! - @token = Token.create(:user_id => current_user.id) - session[:token] = @token.id - render :json => login_response - end - - def destroy - logout - head :no_content - end - - protected - - def login_response - handshake = session.delete(:handshake) || {} - handshake.to_hash.merge(:id => current_user.id, :token => @token.id) - end - - end -end diff --git a/users/app/controllers/v1/users_controller.rb b/users/app/controllers/v1/users_controller.rb deleted file mode 100644 index 8897d01..0000000 --- a/users/app/controllers/v1/users_controller.rb +++ /dev/null @@ -1,32 +0,0 @@ -module V1 - class UsersController < UsersBaseController - - skip_before_filter :verify_authenticity_token - before_filter :fetch_user, :only => [:update] - before_filter :require_admin, :only => [:index] - before_filter :require_token, :only => [:update] - - respond_to :json - - # used for autocomplete for admins in the web ui - def index - if params[:query] - @users = User.by_login.startkey(params[:query]).endkey(params[:query].succ) - respond_with @users.map(&:login).sort - else - render :json => {'error' => 'query required', 'status' => :unprocessable_entity} - end - end - - def create - @user = Account.create(params[:user]) - respond_with @user # return ID instead? - end - - def update - @user.account.update params[:user] - respond_with @user - end - - end -end diff --git a/users/app/controllers/webfinger_controller.rb b/users/app/controllers/webfinger_controller.rb deleted file mode 100644 index 8872802..0000000 --- a/users/app/controllers/webfinger_controller.rb +++ /dev/null @@ -1,19 +0,0 @@ -class WebfingerController < ApplicationController - - respond_to :xml, :json - layout false - - def host_meta - @host_meta = Webfinger::HostMetaPresenter.new(request) - respond_with @host_meta - end - - def search - username = params[:q].split('@')[0].to_s.downcase - user = User.find_by_login(username) - raise RECORD_NOT_FOUND, 'User not found' unless user.present? - @presenter = Webfinger::UserPresenter.new(user, request) - respond_with @presenter - end - -end -- cgit v1.2.3