From c0527cc18788fc60180d9293a546c93e6a77b788 Mon Sep 17 00:00:00 2001 From: Azul Date: Fri, 19 Jul 2013 13:06:57 +0200 Subject: removed email settings controller and views PGP setting has been moved into account settings. It's using the API now issueing an Ajax request without any visual feedback. This obviously is not what we want but it hopefully suffices for uploading gpg keys for testing purposes before the Identity UI is in place. --- users/app/controllers/email_settings_controller.rb | 41 ---------------------- users/app/controllers/v1/users_controller.rb | 3 -- 2 files changed, 44 deletions(-) delete mode 100644 users/app/controllers/email_settings_controller.rb (limited to 'users/app/controllers') diff --git a/users/app/controllers/email_settings_controller.rb b/users/app/controllers/email_settings_controller.rb deleted file mode 100644 index f7d85be..0000000 --- a/users/app/controllers/email_settings_controller.rb +++ /dev/null @@ -1,41 +0,0 @@ -class EmailSettingsController < UsersBaseController - - before_filter :authorize - before_filter :fetch_user - - def edit - @email_alias = LocalEmail.new - end - - def update - @user.attributes = cleanup_params(params[:user]) - if @user.changed? - if @user.save - flash[:notice] = t(:changes_saved) - redirect - else - if @user.email_aliases.last && !@user.email_aliases.last.valid? - # display bad alias in text field: - @email_alias = @user.email_aliases.pop - end - render 'email_settings/edit' - end - else - redirect - end - end - - private - - def redirect - redirect_to edit_user_email_settings_url(@user) - end - - def cleanup_params(user) - if !user['email_forward'].nil? && user['email_forward'].empty? - user.delete('email_forward') # don't allow "" as an email forward - end - user - end - -end diff --git a/users/app/controllers/v1/users_controller.rb b/users/app/controllers/v1/users_controller.rb index fda56f2..467c9b4 100644 --- a/users/app/controllers/v1/users_controller.rb +++ b/users/app/controllers/v1/users_controller.rb @@ -24,9 +24,6 @@ module V1 def update @user.update_attributes params[:user] - if @user.valid? - flash[:notice] = t(:user_updated_successfully) - end respond_with @user end -- cgit v1.2.3 From d70c5796a2989b7b43f7e287899fb1394ae28280 Mon Sep 17 00:00:00 2001 From: Azul Date: Fri, 19 Jul 2013 16:02:02 +0200 Subject: separate signup and settings service objects for user --- users/app/controllers/v1/users_controller.rb | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) (limited to 'users/app/controllers') diff --git a/users/app/controllers/v1/users_controller.rb b/users/app/controllers/v1/users_controller.rb index 467c9b4..f380c19 100644 --- a/users/app/controllers/v1/users_controller.rb +++ b/users/app/controllers/v1/users_controller.rb @@ -18,14 +18,23 @@ module V1 end def create - @user = User.create(params[:user]) + @user = signup_service.register(params[:user]) respond_with @user # return ID instead? end def update - @user.update_attributes params[:user] + account_settings.update params[:user] respond_with @user end + protected + + def account_settings + AccountSettings.new(@user) + end + + def signup_service + SignupService.new + end end end -- cgit v1.2.3 From e325de14dd0d9878a3392051dc98a14d9811d2c9 Mon Sep 17 00:00:00 2001 From: Azul Date: Wed, 21 Aug 2013 20:35:50 +0200 Subject: return 204 NO CONTENT on API logout That's the only meaningful response. --- users/app/controllers/v1/sessions_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'users/app/controllers') diff --git a/users/app/controllers/v1/sessions_controller.rb b/users/app/controllers/v1/sessions_controller.rb index e3459d6..c99d1f3 100644 --- a/users/app/controllers/v1/sessions_controller.rb +++ b/users/app/controllers/v1/sessions_controller.rb @@ -29,7 +29,7 @@ module V1 def destroy logout - redirect_to root_path + head :no_content end protected -- cgit v1.2.3 From 53a8481e1b2307c772220293a9a4e1cc939b7e07 Mon Sep 17 00:00:00 2001 From: Azul Date: Thu, 22 Aug 2013 12:53:19 +0200 Subject: sort authentication controller extension --- .../controller_extension/authentication.rb | 47 +++++++++++----------- 1 file changed, 23 insertions(+), 24 deletions(-) (limited to 'users/app/controllers') diff --git a/users/app/controllers/controller_extension/authentication.rb b/users/app/controllers/controller_extension/authentication.rb index 5fac884..1b17589 100644 --- a/users/app/controllers/controller_extension/authentication.rb +++ b/users/app/controllers/controller_extension/authentication.rb @@ -7,30 +7,6 @@ module ControllerExtension::Authentication helper_method :current_user, :logged_in?, :admin? end - def authentication_errors - return unless attempted_login? - errors = get_warden_errors - errors.inject({}) do |translated,err| - translated[err.first] = I18n.t(err.last) - translated - end - end - - def get_warden_errors - if strategy = warden.winning_strategy - message = strategy.message - # in case we get back the default message to fail! - message.respond_to?(:inject) ? message : { base: message } - else - { login: :all_strategies_failed } - end - end - - def attempted_login? - request.env['warden.options'] && - request.env['warden.options'][:attempted_path] - end - def logged_in? !!current_user end @@ -62,4 +38,27 @@ module ControllerExtension::Authentication access_denied unless admin? end + def authentication_errors + return unless attempted_login? + errors = get_warden_errors + errors.inject({}) do |translated,err| + translated[err.first] = I18n.t(err.last) + translated + end + end + + def get_warden_errors + if strategy = warden.winning_strategy + message = strategy.message + # in case we get back the default message to fail! + message.respond_to?(:inject) ? message : { base: message } + else + { login: :all_strategies_failed } + end + end + + def attempted_login? + request.env['warden.options'] && + request.env['warden.options'][:attempted_path] + end end -- cgit v1.2.3 From 7ad6d054d72d3c76098f689e4e7890265a3604c8 Mon Sep 17 00:00:00 2001 From: Azul Date: Mon, 26 Aug 2013 10:59:18 +0200 Subject: first steps towards enabling token based auth --- users/app/controllers/controller_extension/authentication.rb | 4 ++++ .../controllers/controller_extension/token_authentication.rb | 12 ++++++++++++ 2 files changed, 16 insertions(+) create mode 100644 users/app/controllers/controller_extension/token_authentication.rb (limited to 'users/app/controllers') diff --git a/users/app/controllers/controller_extension/authentication.rb b/users/app/controllers/controller_extension/authentication.rb index 1b17589..dca3664 100644 --- a/users/app/controllers/controller_extension/authentication.rb +++ b/users/app/controllers/controller_extension/authentication.rb @@ -7,6 +7,10 @@ module ControllerExtension::Authentication helper_method :current_user, :logged_in?, :admin? end + def current_user + @current_user ||= token_authenticate || warden.user + end + def logged_in? !!current_user end diff --git a/users/app/controllers/controller_extension/token_authentication.rb b/users/app/controllers/controller_extension/token_authentication.rb new file mode 100644 index 0000000..71dbc50 --- /dev/null +++ b/users/app/controllers/controller_extension/token_authentication.rb @@ -0,0 +1,12 @@ +module ControllerExtension::TokenAuthentication + extend ActiveSupport::Concern + + def token_authenticate + token = nil + authenticate_or_request_with_http_token do |token, options| + token = Token.find(token) + end + User.find(token.user_id) if token + end +end + -- cgit v1.2.3 From e60ee749cab0f80cf23ca57e28c7de6d1b3a395b Mon Sep 17 00:00:00 2001 From: Azul Date: Tue, 27 Aug 2013 11:14:30 +0200 Subject: basic testing for token based auth in tests --- users/app/controllers/controller_extension/token_authentication.rb | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) (limited to 'users/app/controllers') diff --git a/users/app/controllers/controller_extension/token_authentication.rb b/users/app/controllers/controller_extension/token_authentication.rb index 71dbc50..06e9e04 100644 --- a/users/app/controllers/controller_extension/token_authentication.rb +++ b/users/app/controllers/controller_extension/token_authentication.rb @@ -2,11 +2,10 @@ module ControllerExtension::TokenAuthentication extend ActiveSupport::Concern def token_authenticate - token = nil - authenticate_or_request_with_http_token do |token, options| - token = Token.find(token) + authenticate_or_request_with_http_token do |token_id, options| + @token = Token.find(token_id) end - User.find(token.user_id) if token + User.find_by_param(@token.user_id) if @token end end -- cgit v1.2.3 From 420bfb326f974eec14b04d6a170ed2d28c14180f Mon Sep 17 00:00:00 2001 From: Azul Date: Tue, 27 Aug 2013 14:36:27 +0200 Subject: clear token on logout with test --- .../controllers/controller_extension/token_authentication.rb | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'users/app/controllers') diff --git a/users/app/controllers/controller_extension/token_authentication.rb b/users/app/controllers/controller_extension/token_authentication.rb index 06e9e04..e1c92e7 100644 --- a/users/app/controllers/controller_extension/token_authentication.rb +++ b/users/app/controllers/controller_extension/token_authentication.rb @@ -7,5 +7,17 @@ module ControllerExtension::TokenAuthentication end User.find_by_param(@token.user_id) if @token end + + def logout + super + clear_token + end + + def clear_token + authenticate_with_http_token do |token_id, options| + @token = Token.find(token_id) + @token.destroy if @token + end + end end -- cgit v1.2.3 From 147ccec989672f9b1314aa6dcc5ce8578e841370 Mon Sep 17 00:00:00 2001 From: Azul Date: Tue, 27 Aug 2013 14:53:35 +0200 Subject: do not redirect if no token present So far we allow two mechanisms of authentication: * session based * token based If token fails session will be atempted in most cases. So we can't just redirect here or we get a double render error. --- users/app/controllers/controller_extension/token_authentication.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'users/app/controllers') diff --git a/users/app/controllers/controller_extension/token_authentication.rb b/users/app/controllers/controller_extension/token_authentication.rb index e1c92e7..82df314 100644 --- a/users/app/controllers/controller_extension/token_authentication.rb +++ b/users/app/controllers/controller_extension/token_authentication.rb @@ -2,7 +2,7 @@ module ControllerExtension::TokenAuthentication extend ActiveSupport::Concern def token_authenticate - authenticate_or_request_with_http_token do |token_id, options| + authenticate_with_http_token do |token_id, options| @token = Token.find(token_id) end User.find_by_param(@token.user_id) if @token -- cgit v1.2.3 From 5e6a2a2995598489372676bf8e045dc2dfda6c81 Mon Sep 17 00:00:00 2001 From: Azul Date: Tue, 27 Aug 2013 14:55:43 +0200 Subject: token.user will get you the right user This way we can stub the token to return the user directly. Stubbing User.find_by_param is not a good idea as it will make all calls to User#find_by_param with a different id fail. --- users/app/controllers/controller_extension/token_authentication.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'users/app/controllers') diff --git a/users/app/controllers/controller_extension/token_authentication.rb b/users/app/controllers/controller_extension/token_authentication.rb index 82df314..3e2816d 100644 --- a/users/app/controllers/controller_extension/token_authentication.rb +++ b/users/app/controllers/controller_extension/token_authentication.rb @@ -5,7 +5,7 @@ module ControllerExtension::TokenAuthentication authenticate_with_http_token do |token_id, options| @token = Token.find(token_id) end - User.find_by_param(@token.user_id) if @token + @token.user if @token end def logout -- cgit v1.2.3