From a6de1561461cc719fddd8175c93588a47513a4b8 Mon Sep 17 00:00:00 2001 From: jessib Date: Fri, 5 Oct 2012 15:41:03 -0700 Subject: Rough code to add & comment on tickets. --- users/app/models/user.rb | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'users/app') diff --git a/users/app/models/user.rb b/users/app/models/user.rb index a6aab84..33c77ce 100644 --- a/users/app/models/user.rb +++ b/users/app/models/user.rb @@ -59,4 +59,8 @@ class User < CouchRest::Model::Base Thread.current[:user] = user end + def self.current_test + User.first + end + end -- cgit v1.2.3 From 0c79df9874c59fbaa5c845e07d8fa1b4bbc23b9c Mon Sep 17 00:00:00 2001 From: Azul Date: Thu, 11 Oct 2012 17:11:32 +0200 Subject: use ruby-srp 0.1.3 which returns the user on authenticate call Also removed a few hooks to User.current. Will replace with current_user --- users/app/controllers/sessions_controller.rb | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) (limited to 'users/app') diff --git a/users/app/controllers/sessions_controller.rb b/users/app/controllers/sessions_controller.rb index 284c0e2..4a1107d 100644 --- a/users/app/controllers/sessions_controller.rb +++ b/users/app/controllers/sessions_controller.rb @@ -8,19 +8,15 @@ class SessionsController < ApplicationController def create @user = User.find_by_param(params[:login]) session[:handshake] = @user.initialize_auth(params['A'].hex) - User.current = @user #? render :json => session[:handshake] rescue RECORD_NOT_FOUND render :json => {:errors => {:login => ["unknown user"]}} end def update - # TODO: validate the id belongs to the session - @user = User.find_by_param(params[:id]) @srp_session = session.delete(:handshake) - @srp_session.authenticate!(params[:client_auth].hex) + @user = @srp_session.authenticate!(params[:client_auth].hex) session[:user_id] = @user.id - User.current = @user #? render :json => @srp_session rescue WRONG_PASSWORD session[:handshake] = nil @@ -29,7 +25,6 @@ class SessionsController < ApplicationController def destroy session[:user_id] = nil - User.current = nil #? redirect_to root_path end end -- cgit v1.2.3 From 28b51dc38ad71b8a7468aa91d8ce8d3059d9bb69 Mon Sep 17 00:00:00 2001 From: Azul Date: Thu, 11 Oct 2012 17:41:00 +0200 Subject: current_user and authenticate methods --- users/app/controllers/application_controller.rb | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 users/app/controllers/application_controller.rb (limited to 'users/app') diff --git a/users/app/controllers/application_controller.rb b/users/app/controllers/application_controller.rb new file mode 100644 index 0000000..64e1a55 --- /dev/null +++ b/users/app/controllers/application_controller.rb @@ -0,0 +1,14 @@ +class ApplicationController < ActionController::Base + protect_from_forgery + + private + + def current_user + @current_user ||= User.find(session[:user_id]) if session[:user_id] + end + helper_method :current_user + + def authorize + redirect_to login_url, alert: "Not authorized" if current_user.nil? + end +end -- cgit v1.2.3 From 42cf5141bd7743d16259b0771607ea6a8cbc0fd3 Mon Sep 17 00:00:00 2001 From: Azul Date: Mon, 15 Oct 2012 11:44:07 +0200 Subject: updated srp_js --- users/app/assets/javascripts/srp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'users/app') diff --git a/users/app/assets/javascripts/srp b/users/app/assets/javascripts/srp index d6a7804..6feb770 160000 --- a/users/app/assets/javascripts/srp +++ b/users/app/assets/javascripts/srp @@ -1 +1 @@ -Subproject commit d6a78049f3356d9d645143362eca74434410bf62 +Subproject commit 6feb77060140fe8026812970c4d5ea83da3cd200 -- cgit v1.2.3 From 8841958868fdd11ec49ee6de32ff79f1aa6083fa Mon Sep 17 00:00:00 2001 From: Azul Date: Mon, 15 Oct 2012 12:55:03 +0200 Subject: adding login function for srp --- users/app/assets/javascripts/users.js.coffee | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'users/app') diff --git a/users/app/assets/javascripts/users.js.coffee b/users/app/assets/javascripts/users.js.coffee index 160a7f0..07dbc32 100644 --- a/users/app/assets/javascripts/users.js.coffee +++ b/users/app/assets/javascripts/users.js.coffee @@ -27,7 +27,7 @@ validate_password = (event) -> insert_verifier = (event) -> # TODO: verify password confimation - srp = new SRP + srp = new SRP(jqueryRest()) salt = srp.session.getSalt() $('#srp_salt').val(salt) $('#srp_password_verifier').val(srp.session.getV().toString(16)) @@ -35,7 +35,14 @@ insert_verifier = (event) -> $('#srp_password').val('cleared out - use verifier instead') $('#srp_password_confirmation').val('using srp - store verifier') +login = (event) -> + srp = new SRP(jqueryRest()) + srp.identify() + false + + $(document).ready -> $('#new_user').submit validate_password $('#new_user').submit insert_verifier + $('#new_session').submit login -- cgit v1.2.3 From b85316cc00f53343bc6555b10c79f9aadd86e06f Mon Sep 17 00:00:00 2001 From: Azul Date: Tue, 16 Oct 2012 17:29:11 +0200 Subject: working version of srp_js --- users/app/assets/javascripts/srp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'users/app') diff --git a/users/app/assets/javascripts/srp b/users/app/assets/javascripts/srp index 6feb770..d21474a 160000 --- a/users/app/assets/javascripts/srp +++ b/users/app/assets/javascripts/srp @@ -1 +1 @@ -Subproject commit 6feb77060140fe8026812970c4d5ea83da3cd200 +Subproject commit d21474a0290edab1c765741d484335d83f50be75 -- cgit v1.2.3 From fdfdc86eb96f670a580eb58b1b3d41560a269ac1 Mon Sep 17 00:00:00 2001 From: Azul Date: Wed, 17 Oct 2012 12:39:40 +0200 Subject: improved signup and login js --- users/app/assets/javascripts/srp | 2 +- users/app/assets/javascripts/users.js.coffee | 16 ++++++---------- 2 files changed, 7 insertions(+), 11 deletions(-) (limited to 'users/app') diff --git a/users/app/assets/javascripts/srp b/users/app/assets/javascripts/srp index d21474a..5a0ceeb 160000 --- a/users/app/assets/javascripts/srp +++ b/users/app/assets/javascripts/srp @@ -1 +1 @@ -Subproject commit d21474a0290edab1c765741d484335d83f50be75 +Subproject commit 5a0ceeb1ca0055719a9b8977a799362163955766 diff --git a/users/app/assets/javascripts/users.js.coffee b/users/app/assets/javascripts/users.js.coffee index 07dbc32..1c00663 100644 --- a/users/app/assets/javascripts/users.js.coffee +++ b/users/app/assets/javascripts/users.js.coffee @@ -25,24 +25,20 @@ validate_password = (event) -> return true -insert_verifier = (event) -> - # TODO: verify password confimation +signup = (event) -> srp = new SRP(jqueryRest()) - salt = srp.session.getSalt() - $('#srp_salt').val(salt) - $('#srp_password_verifier').val(srp.session.getV().toString(16)) - # clear the password so we do not submit it - $('#srp_password').val('cleared out - use verifier instead') - $('#srp_password_confirmation').val('using srp - store verifier') + srp.register() + false login = (event) -> srp = new SRP(jqueryRest()) - srp.identify() + srp.identify -> + window.location = '/' false $(document).ready -> $('#new_user').submit validate_password - $('#new_user').submit insert_verifier + $('#new_user').submit signup $('#new_session').submit login -- cgit v1.2.3 From fe23b7896a04a50980c28a8b66c08ce2885ad0d3 Mon Sep 17 00:00:00 2001 From: Azul Date: Wed, 17 Oct 2012 12:40:12 +0200 Subject: complete signup, login, logout workflow --- users/app/views/users/new.html.haml | 2 -- 1 file changed, 2 deletions(-) (limited to 'users/app') diff --git a/users/app/views/users/new.html.haml b/users/app/views/users/new.html.haml index f6ece3a..af53331 100644 --- a/users/app/views/users/new.html.haml +++ b/users/app/views/users/new.html.haml @@ -4,7 +4,5 @@ = f.input :login, :input_html => { :id => :srp_username } = f.input :password, :required => true, :input_html => { :id => :srp_password } = f.input :password_confirmation, :required => true, :input_html => { :id => :srp_password_confirmation } - = f.input :password_verifier, :as => :hidden, :input_html => { :id => :srp_password_verifier } - = f.input :password_salt, :as => :hidden, :input_html => { :id => :srp_salt } = f.button :submit, :value => t(:signup), :class => 'btn-primary' = link_to t(:cancel), root_url, :class => :btn -- cgit v1.2.3 From dc0584f7d993ef7c75fbdd9d341ebb3337f3448d Mon Sep 17 00:00:00 2001 From: Azul Date: Wed, 17 Oct 2012 15:19:09 +0200 Subject: UI tweaks including newer version of bootstrap --- users/app/views/sessions/new.html.haml | 15 ++++++++------- users/app/views/users/new.html.haml | 17 +++++++++-------- 2 files changed, 17 insertions(+), 15 deletions(-) (limited to 'users/app') diff --git a/users/app/views/sessions/new.html.haml b/users/app/views/sessions/new.html.haml index 39ee7bf..c91d3f2 100644 --- a/users/app/views/sessions/new.html.haml +++ b/users/app/views/sessions/new.html.haml @@ -1,7 +1,8 @@ -%h2=t :login -= simple_form_for :session, :url => sessions_path, :html => { :id => :new_session } do |f| - %legend=t :login_message - = f.input :login, :input_html => { :id => :srp_username } - = f.input :password, :required => true, :input_html => { :id => :srp_password } - = f.button :submit, :value => t(:login), :class => 'btn-primary' - = link_to t(:cancel), root_url, :class => :btn +.span8.offset2 + %h2=t :login + = simple_form_for :session, :url => sessions_path, :html => { :id => :new_session, :class => 'form-horizontal' } do |f| + %legend=t :login_message + = f.input :login, :input_html => { :id => :srp_username } + = f.input :password, :required => true, :input_html => { :id => :srp_password } + = f.button :submit, :value => t(:login), :class => 'btn-primary' + = link_to t(:cancel), root_url, :class => :btn diff --git a/users/app/views/users/new.html.haml b/users/app/views/users/new.html.haml index af53331..835e99a 100644 --- a/users/app/views/users/new.html.haml +++ b/users/app/views/users/new.html.haml @@ -1,8 +1,9 @@ -%h2=t :signup -= simple_form_for @user do |f| - %legend=t :signup_message - = f.input :login, :input_html => { :id => :srp_username } - = f.input :password, :required => true, :input_html => { :id => :srp_password } - = f.input :password_confirmation, :required => true, :input_html => { :id => :srp_password_confirmation } - = f.button :submit, :value => t(:signup), :class => 'btn-primary' - = link_to t(:cancel), root_url, :class => :btn +.span8.offset2 + %h2=t :signup + = simple_form_for @user, :html => {:class => 'form-horizontal'} do |f| + %legend=t :signup_message + = f.input :login, :input_html => { :id => :srp_username } + = f.input :password, :required => true, :input_html => { :id => :srp_password } + = f.input :password_confirmation, :required => true, :input_html => { :id => :srp_password_confirmation } + = f.button :submit, :value => t(:signup), :class => 'btn-primary' + = link_to t(:cancel), root_url, :class => :btn -- cgit v1.2.3 From 8b9d5235faed6c15e8ef2e2dc76aec7f24d0bb50 Mon Sep 17 00:00:00 2001 From: jessib Date: Thu, 18 Oct 2012 13:42:37 -0700 Subject: Uses the working authentication code. --- users/app/models/user.rb | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) (limited to 'users/app') diff --git a/users/app/models/user.rb b/users/app/models/user.rb index 8b7c0b3..29c0b38 100644 --- a/users/app/models/user.rb +++ b/users/app/models/user.rb @@ -63,15 +63,13 @@ class User < CouchRest::Model::Base login end +=begin def self.current Thread.current[:user] end def self.current=(user) Thread.current[:user] = user end - - def self.current_test - User.first - end +=end end -- cgit v1.2.3 From 93974e99296641822c734a3c192cc6c550efc696 Mon Sep 17 00:00:00 2001 From: Azul Date: Fri, 19 Oct 2012 12:09:59 +0200 Subject: moved login navigation to the right --- users/app/views/sessions/_nav.html.haml | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 users/app/views/sessions/_nav.html.haml (limited to 'users/app') diff --git a/users/app/views/sessions/_nav.html.haml b/users/app/views/sessions/_nav.html.haml new file mode 100644 index 0000000..a5397bd --- /dev/null +++ b/users/app/views/sessions/_nav.html.haml @@ -0,0 +1,8 @@ +- if current_user + %li + = link_to t(:logout), logout_path +- else + %li + = link_to t(:login), login_path + %li + = link_to t(:signup), signup_path -- cgit v1.2.3 From 3ba2e664a26e96a93c8640b57241af6386db361e Mon Sep 17 00:00:00 2001 From: Azul Date: Fri, 19 Oct 2012 18:03:37 +0200 Subject: login after signup right away. --- users/app/assets/javascripts/srp | 2 +- users/app/assets/javascripts/users.js.coffee | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) (limited to 'users/app') diff --git a/users/app/assets/javascripts/srp b/users/app/assets/javascripts/srp index 5a0ceeb..23350b5 160000 --- a/users/app/assets/javascripts/srp +++ b/users/app/assets/javascripts/srp @@ -1 +1 @@ -Subproject commit 5a0ceeb1ca0055719a9b8977a799362163955766 +Subproject commit 23350b54ec2723e1b2e333626567c9fe9d1e2644 diff --git a/users/app/assets/javascripts/users.js.coffee b/users/app/assets/javascripts/users.js.coffee index 1c00663..24302fe 100644 --- a/users/app/assets/javascripts/users.js.coffee +++ b/users/app/assets/javascripts/users.js.coffee @@ -27,7 +27,8 @@ validate_password = (event) -> signup = (event) -> srp = new SRP(jqueryRest()) - srp.register() + srp.register -> + window.location = '/' false login = (event) -> -- cgit v1.2.3 From 3e0a1a47c0eafb7f9b79e5f2765ea33ce1ad159b Mon Sep 17 00:00:00 2001 From: Azul Date: Wed, 24 Oct 2012 20:35:52 +0200 Subject: basic admin controller methods and helpers + tests --- users/app/controllers/application_controller.rb | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) (limited to 'users/app') diff --git a/users/app/controllers/application_controller.rb b/users/app/controllers/application_controller.rb index 64e1a55..0d6e5d1 100644 --- a/users/app/controllers/application_controller.rb +++ b/users/app/controllers/application_controller.rb @@ -1,14 +1,32 @@ class ApplicationController < ActionController::Base protect_from_forgery - private + protected def current_user @current_user ||= User.find(session[:user_id]) if session[:user_id] end helper_method :current_user + def logged_in? + !!current_user + end + helper_method :logged_in? + def authorize - redirect_to login_url, alert: "Not authorized" if current_user.nil? + access_denied unless logged_in? + end + + def admin? + current_user && current_user.is_admin? + end + helper_method :admin? + + def authorize_admin + access_denied unless admin? + end + + def access_denied + redirect_to login_url, :alert => "Not authorized" end end -- cgit v1.2.3 From a2a8caf577415ef51c0f99da43f9b47bde226fc6 Mon Sep 17 00:00:00 2001 From: Azul Date: Mon, 29 Oct 2012 12:08:25 +0100 Subject: first steps at is_admin? --- users/app/models/user.rb | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) (limited to 'users/app') diff --git a/users/app/models/user.rb b/users/app/models/user.rb index 1afb9db..9bbf169 100644 --- a/users/app/models/user.rb +++ b/users/app/models/user.rb @@ -63,11 +63,8 @@ class User < CouchRest::Model::Base login end - def self.current - Thread.current[:user] - end - def self.current=(user) - Thread.current[:user] = user + def is_admin? + APP_CONFIG['admins'].include? self.id end end -- cgit v1.2.3 From 194e924cb7c36eafa01b68c74774505e170e47ac Mon Sep 17 00:00:00 2001 From: Azul Date: Tue, 30 Oct 2012 12:32:10 +0100 Subject: adding in warden with a basic strategy currently failing because we are not setting the content-type header. --- users/app/controllers/application_controller.rb | 2 +- users/app/controllers/sessions_controller.rb | 16 ++++------------ 2 files changed, 5 insertions(+), 13 deletions(-) (limited to 'users/app') diff --git a/users/app/controllers/application_controller.rb b/users/app/controllers/application_controller.rb index 64e1a55..8388dda 100644 --- a/users/app/controllers/application_controller.rb +++ b/users/app/controllers/application_controller.rb @@ -4,7 +4,7 @@ class ApplicationController < ActionController::Base private def current_user - @current_user ||= User.find(session[:user_id]) if session[:user_id] + @current_user ||= env['warden'].user end helper_method :current_user diff --git a/users/app/controllers/sessions_controller.rb b/users/app/controllers/sessions_controller.rb index 4a1107d..3872866 100644 --- a/users/app/controllers/sessions_controller.rb +++ b/users/app/controllers/sessions_controller.rb @@ -6,21 +6,13 @@ class SessionsController < ApplicationController end def create - @user = User.find_by_param(params[:login]) - session[:handshake] = @user.initialize_auth(params['A'].hex) - render :json => session[:handshake] - rescue RECORD_NOT_FOUND - render :json => {:errors => {:login => ["unknown user"]}} + debugger + env['warden'].authenticate! end def update - @srp_session = session.delete(:handshake) - @user = @srp_session.authenticate!(params[:client_auth].hex) - session[:user_id] = @user.id - render :json => @srp_session - rescue WRONG_PASSWORD - session[:handshake] = nil - render :json => {:errors => {"password" => ["wrong password"]}} + debugger + env['warden'].authenticate! end def destroy -- cgit v1.2.3 From bcc0f11caeef1b09712b9b62e1607237885d1af5 Mon Sep 17 00:00:00 2001 From: Azul Date: Tue, 30 Oct 2012 14:42:04 +0100 Subject: using rails_warden bit of refactoring without rails_warden the failure app action was not getting set properly. --- users/app/controllers/sessions_controller.rb | 2 -- 1 file changed, 2 deletions(-) (limited to 'users/app') diff --git a/users/app/controllers/sessions_controller.rb b/users/app/controllers/sessions_controller.rb index 3872866..7b7799c 100644 --- a/users/app/controllers/sessions_controller.rb +++ b/users/app/controllers/sessions_controller.rb @@ -6,12 +6,10 @@ class SessionsController < ApplicationController end def create - debugger env['warden'].authenticate! end def update - debugger env['warden'].authenticate! end -- cgit v1.2.3 From f2825d10e6447ea766fee085841e2b92b0477976 Mon Sep 17 00:00:00 2001 From: Azul Date: Tue, 30 Oct 2012 15:36:16 +0100 Subject: sending proper error messages from warden. still need to translate these --- users/app/assets/javascripts/srp | 2 +- users/app/controllers/sessions_controller.rb | 7 +++++-- 2 files changed, 6 insertions(+), 3 deletions(-) (limited to 'users/app') diff --git a/users/app/assets/javascripts/srp b/users/app/assets/javascripts/srp index 23350b5..3bf101b 160000 --- a/users/app/assets/javascripts/srp +++ b/users/app/assets/javascripts/srp @@ -1 +1 @@ -Subproject commit 23350b54ec2723e1b2e333626567c9fe9d1e2644 +Subproject commit 3bf101bc1ef3b5a58fe2f1e2a2e7a681f6de6c09 diff --git a/users/app/controllers/sessions_controller.rb b/users/app/controllers/sessions_controller.rb index 7b7799c..06d55eb 100644 --- a/users/app/controllers/sessions_controller.rb +++ b/users/app/controllers/sessions_controller.rb @@ -3,14 +3,17 @@ class SessionsController < ApplicationController skip_before_filter :verify_authenticity_token def new + if warden.winning_strategy + @errors = warden.winning_strategy.message + end end def create - env['warden'].authenticate! + authenticate! end def update - env['warden'].authenticate! + authenticate! end def destroy -- cgit v1.2.3 From 5acc88d8a376b2e25e5230d8174667106754c786 Mon Sep 17 00:00:00 2001 From: Azul Date: Wed, 31 Oct 2012 10:40:03 +0100 Subject: user creation should send ok flag so js can start login --- users/app/models/user.rb | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'users/app') diff --git a/users/app/models/user.rb b/users/app/models/user.rb index 1afb9db..737e083 100644 --- a/users/app/models/user.rb +++ b/users/app/models/user.rb @@ -44,7 +44,10 @@ class User < CouchRest::Model::Base end def to_json(options={}) - super(options.merge(:only => ['login', 'password_salt'])) + { + :login => login, + :ok => valid? + }.to_json(options) end def initialize_auth(aa) -- cgit v1.2.3 From b92d418ebec6486a9e728c57f38f82d4c3343341 Mon Sep 17 00:00:00 2001 From: Azul Date: Wed, 31 Oct 2012 10:40:51 +0100 Subject: using json template for rendering the warden failures --- users/app/views/sessions/new.json.erb | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 users/app/views/sessions/new.json.erb (limited to 'users/app') diff --git a/users/app/views/sessions/new.json.erb b/users/app/views/sessions/new.json.erb new file mode 100644 index 0000000..36154b8 --- /dev/null +++ b/users/app/views/sessions/new.json.erb @@ -0,0 +1,3 @@ +{ +"errors": <%= raw @errors.to_json %> +} -- cgit v1.2.3 From b7cf67590042eca10381a95f8b74070d7430dbdb Mon Sep 17 00:00:00 2001 From: Azul Date: Wed, 31 Oct 2012 10:40:03 +0100 Subject: user creation should send ok flag so js can start login --- users/app/models/user.rb | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'users/app') diff --git a/users/app/models/user.rb b/users/app/models/user.rb index 8b7c0b3..b57af98 100644 --- a/users/app/models/user.rb +++ b/users/app/models/user.rb @@ -44,7 +44,10 @@ class User < CouchRest::Model::Base end def to_json(options={}) - super(options.merge(:only => ['login', 'password_salt'])) + { + :login => login, + :ok => valid? + }.to_json(options) end def initialize_auth(aa) -- cgit v1.2.3 From 4b7333eec8eaf0c01227ade9d77a21f7a879ff0b Mon Sep 17 00:00:00 2001 From: Azul Date: Wed, 31 Oct 2012 17:39:06 +0100 Subject: using controller extensions for application controller by hand --- users/app/controllers/application_controller.rb | 14 -------------- .../controllers/controller_extension/authentication.rb | 17 +++++++++++++++++ 2 files changed, 17 insertions(+), 14 deletions(-) delete mode 100644 users/app/controllers/application_controller.rb create mode 100644 users/app/controllers/controller_extension/authentication.rb (limited to 'users/app') diff --git a/users/app/controllers/application_controller.rb b/users/app/controllers/application_controller.rb deleted file mode 100644 index 64e1a55..0000000 --- a/users/app/controllers/application_controller.rb +++ /dev/null @@ -1,14 +0,0 @@ -class ApplicationController < ActionController::Base - protect_from_forgery - - private - - def current_user - @current_user ||= User.find(session[:user_id]) if session[:user_id] - end - helper_method :current_user - - def authorize - redirect_to login_url, alert: "Not authorized" if current_user.nil? - end -end diff --git a/users/app/controllers/controller_extension/authentication.rb b/users/app/controllers/controller_extension/authentication.rb new file mode 100644 index 0000000..507b62f --- /dev/null +++ b/users/app/controllers/controller_extension/authentication.rb @@ -0,0 +1,17 @@ +module ControllerExtension::Authentication + extend ActiveSupport::Concern + + private + + included do + helper_method :current_user + end + + def current_user + @current_user ||= User.find(session[:user_id]) if session[:user_id] + end + + def authorize + redirect_to login_url, :alert => "Not authorized" if current_user.nil? + end +end -- cgit v1.2.3 From 6c60b179a09030da985462d15dbdf076367b5ea4 Mon Sep 17 00:00:00 2001 From: jessib Date: Wed, 31 Oct 2012 12:10:07 -0700 Subject: Code to check administration (and ugly test display.) This includes example config file. --- .../controller_extension/authentication.rb | 21 +++++++++++++++++++-- users/app/models/user.rb | 3 ++- users/app/views/sessions/_nav.html.haml | 5 ++++- 3 files changed, 25 insertions(+), 4 deletions(-) (limited to 'users/app') diff --git a/users/app/controllers/controller_extension/authentication.rb b/users/app/controllers/controller_extension/authentication.rb index 507b62f..c3342f3 100644 --- a/users/app/controllers/controller_extension/authentication.rb +++ b/users/app/controllers/controller_extension/authentication.rb @@ -4,14 +4,31 @@ module ControllerExtension::Authentication private included do - helper_method :current_user + helper_method :current_user, :logged_in?, :admin? end def current_user @current_user ||= User.find(session[:user_id]) if session[:user_id] end + def logged_in? + !!current_user + end + def authorize - redirect_to login_url, :alert => "Not authorized" if current_user.nil? + access_denied unless logged_in? end + + def access_denied + redirect_to login_url, :alert => "Not authorized" + end + + def admin? + current_user && current_user.is_admin? + end + + def authorize_admin + access_denied unless admin? + end + end diff --git a/users/app/models/user.rb b/users/app/models/user.rb index 2b8ead7..0f5d650 100644 --- a/users/app/models/user.rb +++ b/users/app/models/user.rb @@ -66,8 +66,9 @@ class User < CouchRest::Model::Base login end + # Since we are storing admins by login, we cannot allow admins to change their login. def is_admin? - APP_CONFIG['admins'].include? self.id + APP_CONFIG['admins'].include? self.login end end diff --git a/users/app/views/sessions/_nav.html.haml b/users/app/views/sessions/_nav.html.haml index a5397bd..204ba88 100644 --- a/users/app/views/sessions/_nav.html.haml +++ b/users/app/views/sessions/_nav.html.haml @@ -1,6 +1,9 @@ -- if current_user +- if logged_in? %li + = 'logged in as ' + current_user.login = link_to t(:logout), logout_path + - if admin? + = 'ADMIN' # obviously not like this - else %li = link_to t(:login), login_path -- cgit v1.2.3 From cf1e7ee20f713068cadf5cfa78840115e0a8a081 Mon Sep 17 00:00:00 2001 From: Azul Date: Sun, 4 Nov 2012 16:28:58 +0100 Subject: using ruby-srp 0.1.4 - ruby 1.9.3 compatible --- users/app/assets/javascripts/srp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'users/app') diff --git a/users/app/assets/javascripts/srp b/users/app/assets/javascripts/srp index 23350b5..d6a7804 160000 --- a/users/app/assets/javascripts/srp +++ b/users/app/assets/javascripts/srp @@ -1 +1 @@ -Subproject commit 23350b54ec2723e1b2e333626567c9fe9d1e2644 +Subproject commit d6a78049f3356d9d645143362eca74434410bf62 -- cgit v1.2.3 From e1fc3f4850ee73e0591bd67a92b104db4f63e4cb Mon Sep 17 00:00:00 2001 From: Azul Date: Sun, 4 Nov 2012 21:01:27 +0100 Subject: stubbing current_user the warden way --- users/app/controllers/controller_extension/authentication.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'users/app') diff --git a/users/app/controllers/controller_extension/authentication.rb b/users/app/controllers/controller_extension/authentication.rb index 50cf0d1..0408b77 100644 --- a/users/app/controllers/controller_extension/authentication.rb +++ b/users/app/controllers/controller_extension/authentication.rb @@ -8,7 +8,7 @@ module ControllerExtension::Authentication end def current_user - @current_user ||= env['warden'].user + @current_user ||= request.env['warden'].user end def logged_in? -- cgit v1.2.3 From ef90c45998b33ba8606c3786875e21496ace4686 Mon Sep 17 00:00:00 2001 From: Azul Date: Sun, 4 Nov 2012 22:14:13 +0100 Subject: fixed functional tests --- users/app/controllers/controller_extension/authentication.rb | 4 ++-- users/app/controllers/sessions_controller.rb | 6 ++---- 2 files changed, 4 insertions(+), 6 deletions(-) (limited to 'users/app') diff --git a/users/app/controllers/controller_extension/authentication.rb b/users/app/controllers/controller_extension/authentication.rb index 0408b77..87f7921 100644 --- a/users/app/controllers/controller_extension/authentication.rb +++ b/users/app/controllers/controller_extension/authentication.rb @@ -7,8 +7,8 @@ module ControllerExtension::Authentication helper_method :current_user, :logged_in?, :admin? end - def current_user - @current_user ||= request.env['warden'].user + def authentication_error + warden.winning_strategy.try(:message) end def logged_in? diff --git a/users/app/controllers/sessions_controller.rb b/users/app/controllers/sessions_controller.rb index 06d55eb..722265a 100644 --- a/users/app/controllers/sessions_controller.rb +++ b/users/app/controllers/sessions_controller.rb @@ -3,9 +3,7 @@ class SessionsController < ApplicationController skip_before_filter :verify_authenticity_token def new - if warden.winning_strategy - @errors = warden.winning_strategy.message - end + @errors = authentication_error end def create @@ -17,7 +15,7 @@ class SessionsController < ApplicationController end def destroy - session[:user_id] = nil + logout redirect_to root_path end end -- cgit v1.2.3 From da2804c8f8a800851fa1863f579e2b8e9a57b4cc Mon Sep 17 00:00:00 2001 From: Azul Date: Tue, 6 Nov 2012 11:51:10 +0100 Subject: first steps towards warden srp testing --- users/app/controllers/sessions_controller.rb | 1 + 1 file changed, 1 insertion(+) (limited to 'users/app') diff --git a/users/app/controllers/sessions_controller.rb b/users/app/controllers/sessions_controller.rb index 722265a..72e2892 100644 --- a/users/app/controllers/sessions_controller.rb +++ b/users/app/controllers/sessions_controller.rb @@ -11,6 +11,7 @@ class SessionsController < ApplicationController end def update + debugger authenticate! end -- cgit v1.2.3 From e04dc9ab8b9f1aaaf75f327ef4fd0f7f4d755a12 Mon Sep 17 00:00:00 2001 From: Azul Date: Tue, 6 Nov 2012 11:55:18 +0100 Subject: undo accidentally reverted srp-js and ruby 1.9 debugger in gemfile --- users/app/assets/javascripts/srp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'users/app') diff --git a/users/app/assets/javascripts/srp b/users/app/assets/javascripts/srp index d6a7804..3bf101b 160000 --- a/users/app/assets/javascripts/srp +++ b/users/app/assets/javascripts/srp @@ -1 +1 @@ -Subproject commit d6a78049f3356d9d645143362eca74434410bf62 +Subproject commit 3bf101bc1ef3b5a58fe2f1e2a2e7a681f6de6c09 -- cgit v1.2.3 From ca2e1b9f379ccba068ad0ebb852d855f1639cd3a Mon Sep 17 00:00:00 2001 From: Azul Date: Fri, 9 Nov 2012 15:07:16 +0100 Subject: merged srp master into json api branch --- users/app/assets/javascripts/srp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'users/app') diff --git a/users/app/assets/javascripts/srp b/users/app/assets/javascripts/srp index 3bf101b..efac662 160000 --- a/users/app/assets/javascripts/srp +++ b/users/app/assets/javascripts/srp @@ -1 +1 @@ -Subproject commit 3bf101bc1ef3b5a58fe2f1e2a2e7a681f6de6c09 +Subproject commit efac662cdf31bc4b61ffb97b8c398e22a86c364b -- cgit v1.2.3 From 63c5b2cafdefbd9b13297faa57ee2f18a5c07bf5 Mon Sep 17 00:00:00 2001 From: Azul Date: Fri, 9 Nov 2012 16:05:22 +0100 Subject: got integration test and login flow to work --- users/app/controllers/sessions_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'users/app') diff --git a/users/app/controllers/sessions_controller.rb b/users/app/controllers/sessions_controller.rb index 72e2892..486f67e 100644 --- a/users/app/controllers/sessions_controller.rb +++ b/users/app/controllers/sessions_controller.rb @@ -11,8 +11,8 @@ class SessionsController < ApplicationController end def update - debugger authenticate! + render :json => session.delete(:handshake) end def destroy -- cgit v1.2.3 From 67dc2685a72c125b53f351c3a75bf812123e96bd Mon Sep 17 00:00:00 2001 From: Azul Date: Mon, 12 Nov 2012 13:03:13 +0100 Subject: fixed signup bug and refactored a bit --- users/app/assets/javascripts/users.js.coffee | 51 ++++++++++++++++------------ 1 file changed, 29 insertions(+), 22 deletions(-) (limited to 'users/app') diff --git a/users/app/assets/javascripts/users.js.coffee b/users/app/assets/javascripts/users.js.coffee index 24302fe..8a9f0e9 100644 --- a/users/app/assets/javascripts/users.js.coffee +++ b/users/app/assets/javascripts/users.js.coffee @@ -3,43 +3,50 @@ # You can use CoffeeScript in this file: http://jashkenas.github.com/coffee-script/ # -validate_password = (event) -> +preventDefault = (event) -> + event.preventDefault() - password = $('#srp_password').val() - confirmation = $('#srp_password_confirmation').val() - login = $('#srp_username').val() - - if password != confirmation - alert "Password and Confirmation do not match!" - $('#srp_password').focus() - return false - if password == login - alert "Password and Login may not match!" - $('#srp_password').focus() - return false - if password.length < 8 - alert "Password needs to be at least 8 characters long!" - $('#srp_password').focus() - return false +validOrAbort = (event) -> + errors = {} + + abortIfErrors = -> + return if $.isEmptyObject(errors) + $.each errors, (field, error) -> + alert(error) + $('#srp_password').focus() + event.stopImmediatePropagation() + + validatePassword = -> + password = $('#srp_password').val() + confirmation = $('#srp_password_confirmation').val() + login = $('#srp_username').val() + + if password != confirmation + errors.password_confirmation = "Confirmation does not match!" + if password == login + errors.password = "Password and Login may not match!" + if password.length < 8 + errors.password = "Password needs to be at least 8 characters long!" + + validatePassword() + abortIfErrors() - return true - signup = (event) -> srp = new SRP(jqueryRest()) srp.register -> window.location = '/' - false login = (event) -> srp = new SRP(jqueryRest()) srp.identify -> window.location = '/' - false $(document).ready -> - $('#new_user').submit validate_password + $('#new_user').submit preventDefault + $('#new_user').submit validOrAbort $('#new_user').submit signup + $('#new_session').submit preventDefault $('#new_session').submit login -- cgit v1.2.3 From 05ea71016fd54a14159c72299c25efbdc2f177bc Mon Sep 17 00:00:00 2001 From: Azul Date: Mon, 12 Nov 2012 19:16:19 +0100 Subject: adding client side validations to the mix --- users/app/views/users/new.html.haml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'users/app') diff --git a/users/app/views/users/new.html.haml b/users/app/views/users/new.html.haml index 835e99a..3e7d06d 100644 --- a/users/app/views/users/new.html.haml +++ b/users/app/views/users/new.html.haml @@ -1,6 +1,6 @@ .span8.offset2 %h2=t :signup - = simple_form_for @user, :html => {:class => 'form-horizontal'} do |f| + = simple_form_for @user, :validate => true, :html => {:class => 'form-horizontal'} do |f| %legend=t :signup_message = f.input :login, :input_html => { :id => :srp_username } = f.input :password, :required => true, :input_html => { :id => :srp_password } -- cgit v1.2.3 From 6ba3366f778340ebeaa73fd53372368b16de6c98 Mon Sep 17 00:00:00 2001 From: Azul Date: Tue, 13 Nov 2012 12:00:13 +0100 Subject: using client side validations during signup --- users/app/assets/javascripts/users.js.coffee | 11 +++-------- users/app/models/user.rb | 11 +++++++++-- users/app/views/users/new.html.haml | 2 +- 3 files changed, 13 insertions(+), 11 deletions(-) (limited to 'users/app') diff --git a/users/app/assets/javascripts/users.js.coffee b/users/app/assets/javascripts/users.js.coffee index 8a9f0e9..ab437f6 100644 --- a/users/app/assets/javascripts/users.js.coffee +++ b/users/app/assets/javascripts/users.js.coffee @@ -1,8 +1,3 @@ -# Place all the behaviors and hooks related to the matching controller here. -# All this logic will automatically be available in application.js. -# You can use CoffeeScript in this file: http://jashkenas.github.com/coffee-script/ -# - preventDefault = (event) -> event.preventDefault() @@ -11,9 +6,9 @@ validOrAbort = (event) -> abortIfErrors = -> return if $.isEmptyObject(errors) - $.each errors, (field, error) -> - alert(error) - $('#srp_password').focus() + # we're relying on client_side_validations here instead of printing + # our own errors. This gets us translatable error messages. + $('.control-group.error input, .control-group.error select, control-group.error textarea').first().focus() event.stopImmediatePropagation() validatePassword = -> diff --git a/users/app/models/user.rb b/users/app/models/user.rb index 0f5d650..824c439 100644 --- a/users/app/models/user.rb +++ b/users/app/models/user.rb @@ -16,8 +16,11 @@ class User < CouchRest::Model::Base :message => "Only letters, digits and _ allowed" } validates :password_salt, :password_verifier, - :format => { :with => /\A[\dA-Fa-f]+\z/, - :message => "Only hex numbers allowed" } + :format => { :with => /\A[\dA-Fa-f]+\z/, :message => "Only hex numbers allowed" } + + validates :password, :presence => true, + :confirmation => true, + :format => { :with => /.{8}.*/, :message => "needs to be at least 8 characters long" } timestamps! @@ -71,4 +74,8 @@ class User < CouchRest::Model::Base APP_CONFIG['admins'].include? self.login end + protected + def password + password_verifier + end end diff --git a/users/app/views/users/new.html.haml b/users/app/views/users/new.html.haml index 3e7d06d..be14c52 100644 --- a/users/app/views/users/new.html.haml +++ b/users/app/views/users/new.html.haml @@ -3,7 +3,7 @@ = simple_form_for @user, :validate => true, :html => {:class => 'form-horizontal'} do |f| %legend=t :signup_message = f.input :login, :input_html => { :id => :srp_username } - = f.input :password, :required => true, :input_html => { :id => :srp_password } + = f.input :password, :required => true, :validate => true, :input_html => { :id => :srp_password } = f.input :password_confirmation, :required => true, :input_html => { :id => :srp_password_confirmation } = f.button :submit, :value => t(:signup), :class => 'btn-primary' = link_to t(:cancel), root_url, :class => :btn -- cgit v1.2.3 From 13f53593551549d8e95e382fd42a92efc170943d Mon Sep 17 00:00:00 2001 From: Azul Date: Tue, 20 Nov 2012 10:34:13 +0100 Subject: ui tweaks to the menu --- users/app/views/sessions/_nav.html.haml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'users/app') diff --git a/users/app/views/sessions/_nav.html.haml b/users/app/views/sessions/_nav.html.haml index 204ba88..b738504 100644 --- a/users/app/views/sessions/_nav.html.haml +++ b/users/app/views/sessions/_nav.html.haml @@ -1,8 +1,10 @@ - if logged_in? %li = 'logged in as ' + current_user.login + %li = link_to t(:logout), logout_path - - if admin? + - if admin? + %li = 'ADMIN' # obviously not like this - else %li -- cgit v1.2.3 From 7e5db2a28ba872154e5f5002bb84d149a512e36e Mon Sep 17 00:00:00 2001 From: Azul Date: Thu, 22 Nov 2012 10:33:21 +0100 Subject: using the new srp.js api --- users/app/assets/javascripts/srp | 2 +- users/app/assets/javascripts/users.js.coffee | 20 ++++++++++---------- users/app/controllers/sessions_controller.rb | 4 +++- 3 files changed, 14 insertions(+), 12 deletions(-) (limited to 'users/app') diff --git a/users/app/assets/javascripts/srp b/users/app/assets/javascripts/srp index efac662..635ea47 160000 --- a/users/app/assets/javascripts/srp +++ b/users/app/assets/javascripts/srp @@ -1 +1 @@ -Subproject commit efac662cdf31bc4b61ffb97b8c398e22a86c364b +Subproject commit 635ea47f1c19d7985a8f5107c070ae19edf9dd54 diff --git a/users/app/assets/javascripts/users.js.coffee b/users/app/assets/javascripts/users.js.coffee index ab437f6..75440ea 100644 --- a/users/app/assets/javascripts/users.js.coffee +++ b/users/app/assets/javascripts/users.js.coffee @@ -27,21 +27,21 @@ validOrAbort = (event) -> abortIfErrors() -signup = (event) -> - srp = new SRP(jqueryRest()) - srp.register -> - window.location = '/' -login = (event) -> - srp = new SRP(jqueryRest()) - srp.identify -> - window.location = '/' +srp.session = new srp.Session() +srp.signedUp = -> + window.location = '/' +srp.loggedIn = -> + window.location = '/' + +srp.error = (message) -> + alert(message) $(document).ready -> $('#new_user').submit preventDefault $('#new_user').submit validOrAbort - $('#new_user').submit signup + $('#new_user').submit srp.signup $('#new_session').submit preventDefault - $('#new_session').submit login + $('#new_session').submit srp.login diff --git a/users/app/controllers/sessions_controller.rb b/users/app/controllers/sessions_controller.rb index 486f67e..66c1c4f 100644 --- a/users/app/controllers/sessions_controller.rb +++ b/users/app/controllers/sessions_controller.rb @@ -3,7 +3,9 @@ class SessionsController < ApplicationController skip_before_filter :verify_authenticity_token def new - @errors = authentication_error + if @errors = authentication_error + render :status => 422 + end end def create -- cgit v1.2.3 From cec9ad7c514f2f3c767bd12bfc3df28db4d1a98b Mon Sep 17 00:00:00 2001 From: Azul Date: Thu, 22 Nov 2012 11:36:25 +0100 Subject: using client side validations for login --- users/app/assets/javascripts/users.js.coffee | 8 ++++++- users/app/controllers/sessions_controller.rb | 1 + users/app/models/session.rb | 34 ++++++++++++++++++++++++++++ users/app/views/sessions/new.html.haml | 2 +- 4 files changed, 43 insertions(+), 2 deletions(-) create mode 100644 users/app/models/session.rb (limited to 'users/app') diff --git a/users/app/assets/javascripts/users.js.coffee b/users/app/assets/javascripts/users.js.coffee index 75440ea..6d1dda2 100644 --- a/users/app/assets/javascripts/users.js.coffee +++ b/users/app/assets/javascripts/users.js.coffee @@ -36,7 +36,13 @@ srp.loggedIn = -> window.location = '/' srp.error = (message) -> - alert(message) + if $.isPlainObject(message) && message.errors + for key, value of message.errors + element = $('form input[name="session['+key+']"]') + next unless element + element.trigger('element:validate:fail.ClientSideValidations', value).data('valid', false) + else + alert(message) $(document).ready -> $('#new_user').submit preventDefault diff --git a/users/app/controllers/sessions_controller.rb b/users/app/controllers/sessions_controller.rb index 66c1c4f..32d1ddc 100644 --- a/users/app/controllers/sessions_controller.rb +++ b/users/app/controllers/sessions_controller.rb @@ -3,6 +3,7 @@ class SessionsController < ApplicationController skip_before_filter :verify_authenticity_token def new + @session = Session.new if @errors = authentication_error render :status => 422 end diff --git a/users/app/models/session.rb b/users/app/models/session.rb new file mode 100644 index 0000000..a9fdb1b --- /dev/null +++ b/users/app/models/session.rb @@ -0,0 +1,34 @@ +class Session < SRP::Session + include ActiveModel::Validations + + attr_accessor :login + + validates :login, + :presence => true, + :format => { :with => /\A[A-Za-z\d_]+\z/, + :message => "Only letters, digits and _ allowed" } + + def initialize(user = nil, aa = nil) + super(user, aa) if user + end + + def persisted? + false + end + + def new_record? + true + end + + def to_model + self + end + + def to_key + [object_id] + end + + def to_param + nil + end +end diff --git a/users/app/views/sessions/new.html.haml b/users/app/views/sessions/new.html.haml index c91d3f2..a04f584 100644 --- a/users/app/views/sessions/new.html.haml +++ b/users/app/views/sessions/new.html.haml @@ -1,6 +1,6 @@ .span8.offset2 %h2=t :login - = simple_form_for :session, :url => sessions_path, :html => { :id => :new_session, :class => 'form-horizontal' } do |f| + = simple_form_for @session, :validate => true, :html => { :id => :new_session, :class => 'form-horizontal' } do |f| %legend=t :login_message = f.input :login, :input_html => { :id => :srp_username } = f.input :password, :required => true, :input_html => { :id => :srp_password } -- cgit v1.2.3 From 6d5f8d0f993093b51d1f11bb528c535dcf88a969 Mon Sep 17 00:00:00 2001 From: Azul Date: Thu, 22 Nov 2012 13:05:32 +0100 Subject: beautify login workflow * translating error messages * not caching login and password in js anymore * catching non responses --- users/app/assets/javascripts/srp | 2 +- users/app/assets/javascripts/users.js.coffee | 6 +++--- users/app/controllers/controller_extension/authentication.rb | 8 ++++++-- users/app/controllers/sessions_controller.rb | 3 ++- 4 files changed, 12 insertions(+), 7 deletions(-) (limited to 'users/app') diff --git a/users/app/assets/javascripts/srp b/users/app/assets/javascripts/srp index 635ea47..076d6e2 160000 --- a/users/app/assets/javascripts/srp +++ b/users/app/assets/javascripts/srp @@ -1 +1 @@ -Subproject commit 635ea47f1c19d7985a8f5107c070ae19edf9dd54 +Subproject commit 076d6e251e4caf826787d87b11434e535960455c diff --git a/users/app/assets/javascripts/users.js.coffee b/users/app/assets/javascripts/users.js.coffee index 6d1dda2..d0ec32f 100644 --- a/users/app/assets/javascripts/users.js.coffee +++ b/users/app/assets/javascripts/users.js.coffee @@ -37,10 +37,10 @@ srp.loggedIn = -> srp.error = (message) -> if $.isPlainObject(message) && message.errors - for key, value of message.errors - element = $('form input[name="session['+key+']"]') + for field, error of message.errors + element = $('form input[name="session['+field+']"]') next unless element - element.trigger('element:validate:fail.ClientSideValidations', value).data('valid', false) + element.trigger('element:validate:fail.ClientSideValidations', error).data('valid', false) else alert(message) diff --git a/users/app/controllers/controller_extension/authentication.rb b/users/app/controllers/controller_extension/authentication.rb index 87f7921..6ac7a5b 100644 --- a/users/app/controllers/controller_extension/authentication.rb +++ b/users/app/controllers/controller_extension/authentication.rb @@ -7,8 +7,12 @@ module ControllerExtension::Authentication helper_method :current_user, :logged_in?, :admin? end - def authentication_error - warden.winning_strategy.try(:message) + def authentication_errors + return unless errors = warden.winning_strategy.try(:message) + errors.inject({}) do |translated,err| + translated[err.first] = I18n.t(err.last) + translated + end end def logged_in? diff --git a/users/app/controllers/sessions_controller.rb b/users/app/controllers/sessions_controller.rb index 32d1ddc..bc910b5 100644 --- a/users/app/controllers/sessions_controller.rb +++ b/users/app/controllers/sessions_controller.rb @@ -4,7 +4,8 @@ class SessionsController < ApplicationController def new @session = Session.new - if @errors = authentication_error + if authentication_errors + @errors = authentication_errors render :status => 422 end end -- cgit v1.2.3 From ec87ccfa185a4c063386d385de7af15f993b77d8 Mon Sep 17 00:00:00 2001 From: Azul Date: Thu, 22 Nov 2012 16:22:18 +0100 Subject: fixed tests --- users/app/models/user.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'users/app') diff --git a/users/app/models/user.rb b/users/app/models/user.rb index 824c439..507eda5 100644 --- a/users/app/models/user.rb +++ b/users/app/models/user.rb @@ -36,7 +36,7 @@ class User < CouchRest::Model::Base # valid set of attributes for testing def valid_attributes_hash { :login => "me", - :password_verifier => "1234ABC", + :password_verifier => "1234ABCD", :password_salt => "4321AB" } end -- cgit v1.2.3 From 33c124aa67788d5c64906f7b3e21ad383577b2a8 Mon Sep 17 00:00:00 2001 From: Azul Date: Thu, 22 Nov 2012 17:31:18 +0100 Subject: basic user edit form and actions --- users/app/controllers/users_controller.rb | 10 ++++++++++ users/app/views/sessions/_nav.html.haml | 2 +- users/app/views/users/_form.html.haml | 8 ++++++++ users/app/views/users/edit.html.haml | 3 +++ users/app/views/users/new.html.haml | 8 +------- 5 files changed, 23 insertions(+), 8 deletions(-) create mode 100644 users/app/views/users/_form.html.haml create mode 100644 users/app/views/users/edit.html.haml (limited to 'users/app') diff --git a/users/app/controllers/users_controller.rb b/users/app/controllers/users_controller.rb index 82d2eac..46ecc32 100644 --- a/users/app/controllers/users_controller.rb +++ b/users/app/controllers/users_controller.rb @@ -15,4 +15,14 @@ class UsersController < ApplicationController @user = e.document respond_with(@user, :location => new_user_path) end + + def edit + @user = current_user + end + + def update + @user = current_user + @user.update!(params[:user]) + respond_with(@user, :location => edit_user_path(@user)) + end end diff --git a/users/app/views/sessions/_nav.html.haml b/users/app/views/sessions/_nav.html.haml index b738504..dab865e 100644 --- a/users/app/views/sessions/_nav.html.haml +++ b/users/app/views/sessions/_nav.html.haml @@ -1,6 +1,6 @@ - if logged_in? %li - = 'logged in as ' + current_user.login + = link_to current_user.login, edit_user_path(current_user) %li = link_to t(:logout), logout_path - if admin? diff --git a/users/app/views/users/_form.html.haml b/users/app/views/users/_form.html.haml new file mode 100644 index 0000000..8914241 --- /dev/null +++ b/users/app/views/users/_form.html.haml @@ -0,0 +1,8 @@ += simple_form_for @user, :validate => true, :html => {:class => 'form-horizontal'} do |f| + %legend + = @user.new_record? ? t(:signup_message) : t(:edit_settings) + = f.input :login, :input_html => { :id => :srp_username } + = f.input :password, :required => true, :validate => true, :input_html => { :id => :srp_password } + = f.input :password_confirmation, :required => true, :input_html => { :id => :srp_password_confirmation } + = f.button :submit, :class => 'btn-primary' + = link_to t(:cancel), root_url, :class => :btn diff --git a/users/app/views/users/edit.html.haml b/users/app/views/users/edit.html.haml new file mode 100644 index 0000000..8298443 --- /dev/null +++ b/users/app/views/users/edit.html.haml @@ -0,0 +1,3 @@ +.span8.offset2 + %h2=t :settings + = render 'form' diff --git a/users/app/views/users/new.html.haml b/users/app/views/users/new.html.haml index be14c52..c1c4208 100644 --- a/users/app/views/users/new.html.haml +++ b/users/app/views/users/new.html.haml @@ -1,9 +1,3 @@ .span8.offset2 %h2=t :signup - = simple_form_for @user, :validate => true, :html => {:class => 'form-horizontal'} do |f| - %legend=t :signup_message - = f.input :login, :input_html => { :id => :srp_username } - = f.input :password, :required => true, :validate => true, :input_html => { :id => :srp_password } - = f.input :password_confirmation, :required => true, :input_html => { :id => :srp_password_confirmation } - = f.button :submit, :value => t(:signup), :class => 'btn-primary' - = link_to t(:cancel), root_url, :class => :btn + = render 'form' -- cgit v1.2.3 From 3ce5a25afef3b938c2bbbe8ce481f2af9e0c24dc Mon Sep 17 00:00:00 2001 From: Azul Date: Fri, 23 Nov 2012 10:24:46 +0100 Subject: test editing user settings --- users/app/controllers/users_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'users/app') diff --git a/users/app/controllers/users_controller.rb b/users/app/controllers/users_controller.rb index 46ecc32..ecab53b 100644 --- a/users/app/controllers/users_controller.rb +++ b/users/app/controllers/users_controller.rb @@ -22,7 +22,7 @@ class UsersController < ApplicationController def update @user = current_user - @user.update!(params[:user]) + @user.update(params[:user]) respond_with(@user, :location => edit_user_path(@user)) end end -- cgit v1.2.3 From ee3c9146e4bbe93ec1f00ee45386a82ec4363c4d Mon Sep 17 00:00:00 2001 From: Azul Date: Fri, 23 Nov 2012 12:11:11 +0100 Subject: identify user by id so rerendering the form does not use new invalid login --- users/app/controllers/users_controller.rb | 15 +++++++++++---- users/app/models/user.rb | 8 ++------ 2 files changed, 13 insertions(+), 10 deletions(-) (limited to 'users/app') diff --git a/users/app/controllers/users_controller.rb b/users/app/controllers/users_controller.rb index ecab53b..3913d0d 100644 --- a/users/app/controllers/users_controller.rb +++ b/users/app/controllers/users_controller.rb @@ -1,6 +1,8 @@ class UsersController < ApplicationController - skip_before_filter :verify_authenticity_token + skip_before_filter :verify_authenticity_token, :only => [:create] + + before_filter :fetch_user, :only => [:edit, :update] respond_to :json, :html @@ -17,12 +19,17 @@ class UsersController < ApplicationController end def edit - @user = current_user end def update - @user = current_user - @user.update(params[:user]) + @user.update_attributes(params[:user]) respond_with(@user, :location => edit_user_path(@user)) end + + protected + + def fetch_user + @user = User.find_by_param(params[:id]) + access_denied unless @user == current_user + end end diff --git a/users/app/models/user.rb b/users/app/models/user.rb index 507eda5..624754b 100644 --- a/users/app/models/user.rb +++ b/users/app/models/user.rb @@ -29,9 +29,7 @@ class User < CouchRest::Model::Base end class << self - def find_by_param(login) - return find_by_login(login) || raise(RECORD_NOT_FOUND) - end + alias_method :find_by_param, :find # valid set of attributes for testing def valid_attributes_hash @@ -42,9 +40,7 @@ class User < CouchRest::Model::Base end - def to_param - self.login - end + alias_method :to_param, :id def to_json(options={}) { -- cgit v1.2.3 From 76a3b91ad78d12ef82a0c01ca702720a510f1e22 Mon Sep 17 00:00:00 2001 From: Azul Date: Sun, 25 Nov 2012 13:21:23 +0100 Subject: basic changing of password and login working --- users/app/assets/javascripts/srp | 2 +- users/app/assets/javascripts/users.js.coffee | 36 ++++++---------------------- users/app/views/users/_form.html.haml | 3 ++- 3 files changed, 10 insertions(+), 31 deletions(-) (limited to 'users/app') diff --git a/users/app/assets/javascripts/srp b/users/app/assets/javascripts/srp index 076d6e2..fff770a 160000 --- a/users/app/assets/javascripts/srp +++ b/users/app/assets/javascripts/srp @@ -1 +1 @@ -Subproject commit 076d6e251e4caf826787d87b11434e535960455c +Subproject commit fff770a866b44abce6fe0fc5d5ffde034225436d diff --git a/users/app/assets/javascripts/users.js.coffee b/users/app/assets/javascripts/users.js.coffee index d0ec32f..5663161 100644 --- a/users/app/assets/javascripts/users.js.coffee +++ b/users/app/assets/javascripts/users.js.coffee @@ -1,40 +1,17 @@ preventDefault = (event) -> event.preventDefault() -validOrAbort = (event) -> - errors = {} - - abortIfErrors = -> - return if $.isEmptyObject(errors) - # we're relying on client_side_validations here instead of printing - # our own errors. This gets us translatable error messages. - $('.control-group.error input, .control-group.error select, control-group.error textarea').first().focus() - event.stopImmediatePropagation() - - validatePassword = -> - password = $('#srp_password').val() - confirmation = $('#srp_password_confirmation').val() - login = $('#srp_username').val() - - if password != confirmation - errors.password_confirmation = "Confirmation does not match!" - if password == login - errors.password = "Password and Login may not match!" - if password.length < 8 - errors.password = "Password needs to be at least 8 characters long!" - - validatePassword() - abortIfErrors() - - - srp.session = new srp.Session() srp.signedUp = -> - window.location = '/' + srp.login srp.loggedIn = -> window.location = '/' +#// TODO: not sure this is what we want. +srp.updated = -> + window.location = '/' + srp.error = (message) -> if $.isPlainObject(message) && message.errors for field, error of message.errors @@ -46,8 +23,9 @@ srp.error = (message) -> $(document).ready -> $('#new_user').submit preventDefault - $('#new_user').submit validOrAbort $('#new_user').submit srp.signup $('#new_session').submit preventDefault $('#new_session').submit srp.login + $('.user.form.edit').submit srp.update + $('.user.form.edit').submit preventDefault diff --git a/users/app/views/users/_form.html.haml b/users/app/views/users/_form.html.haml index 8914241..d26d17d 100644 --- a/users/app/views/users/_form.html.haml +++ b/users/app/views/users/_form.html.haml @@ -1,4 +1,5 @@ -= simple_form_for @user, :validate => true, :html => {:class => 'form-horizontal'} do |f| +- html = {:class => 'form-horizontal user form ' + (@user.new_record? ? 'new' : 'edit')} += simple_form_for @user, :validate => true, :html => html do |f| %legend = @user.new_record? ? t(:signup_message) : t(:edit_settings) = f.input :login, :input_html => { :id => :srp_username } -- cgit v1.2.3 From ce0999ead0d61db1f6534ee9d8114c4551542e80 Mon Sep 17 00:00:00 2001 From: Azul Date: Mon, 26 Nov 2012 10:59:50 +0100 Subject: minor: client side validations fixed + .json request --- users/app/assets/javascripts/users.js.coffee | 2 +- users/app/models/user.rb | 8 +++++++- users/app/views/users/_form.html.haml | 2 +- 3 files changed, 9 insertions(+), 3 deletions(-) (limited to 'users/app') diff --git a/users/app/assets/javascripts/users.js.coffee b/users/app/assets/javascripts/users.js.coffee index 5663161..f0bb3dd 100644 --- a/users/app/assets/javascripts/users.js.coffee +++ b/users/app/assets/javascripts/users.js.coffee @@ -15,7 +15,7 @@ srp.updated = -> srp.error = (message) -> if $.isPlainObject(message) && message.errors for field, error of message.errors - element = $('form input[name="session['+field+']"]') + element = $('form input[name$="['+field+']"]') next unless element element.trigger('element:validate:fail.ClientSideValidations', error).data('valid', false) else diff --git a/users/app/models/user.rb b/users/app/models/user.rb index 624754b..39d079a 100644 --- a/users/app/models/user.rb +++ b/users/app/models/user.rb @@ -9,7 +9,8 @@ class User < CouchRest::Model::Base :presence => true validates :login, - :uniqueness => true + :uniqueness => true, + :if => :serverside? validates :login, :format => { :with => /\A[A-Za-z\d_]+\z/, @@ -74,4 +75,9 @@ class User < CouchRest::Model::Base def password password_verifier end + + # used as a condition for validations that are server side only + def serverside? + true + end end diff --git a/users/app/views/users/_form.html.haml b/users/app/views/users/_form.html.haml index d26d17d..fc835af 100644 --- a/users/app/views/users/_form.html.haml +++ b/users/app/views/users/_form.html.haml @@ -1,5 +1,5 @@ - html = {:class => 'form-horizontal user form ' + (@user.new_record? ? 'new' : 'edit')} -= simple_form_for @user, :validate => true, :html => html do |f| += simple_form_for @user, :validate => true, :format => :json, :html => html do |f| %legend = @user.new_record? ? t(:signup_message) : t(:edit_settings) = f.input :login, :input_html => { :id => :srp_username } -- cgit v1.2.3 From 595518684b9c4364f96c97a84cc481b5ae0da981 Mon Sep 17 00:00:00 2001 From: Azul Date: Mon, 26 Nov 2012 11:54:11 +0100 Subject: simplified controller and adjusted tests Also added #assert_json_error to tests. --- users/app/controllers/users_controller.rb | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) (limited to 'users/app') diff --git a/users/app/controllers/users_controller.rb b/users/app/controllers/users_controller.rb index 3913d0d..5be1fa9 100644 --- a/users/app/controllers/users_controller.rb +++ b/users/app/controllers/users_controller.rb @@ -11,11 +11,8 @@ class UsersController < ApplicationController end def create - @user = User.create!(params[:user]) - respond_with(@user, :location => root_url, :notice => "Signed up!") - rescue VALIDATION_FAILED => e - @user = e.document - respond_with(@user, :location => new_user_path) + @user = User.create(params[:user]) + respond_with @user end def edit @@ -23,7 +20,7 @@ class UsersController < ApplicationController def update @user.update_attributes(params[:user]) - respond_with(@user, :location => edit_user_path(@user)) + respond_with @user end protected -- cgit v1.2.3 From bf74255d1530fe5852dc6e6c27ef975ce9aa8d3c Mon Sep 17 00:00:00 2001 From: Azul Date: Mon, 26 Nov 2012 14:32:50 +0100 Subject: added admin menu and user index action --- users/app/controllers/users_controller.rb | 5 +++++ users/app/views/sessions/_admin_nav.html.haml | 6 ++++++ users/app/views/sessions/_nav.html.haml | 6 +++--- users/app/views/users/index.html.haml | 1 + 4 files changed, 15 insertions(+), 3 deletions(-) create mode 100644 users/app/views/sessions/_admin_nav.html.haml create mode 100644 users/app/views/users/index.html.haml (limited to 'users/app') diff --git a/users/app/controllers/users_controller.rb b/users/app/controllers/users_controller.rb index 5be1fa9..4912ac8 100644 --- a/users/app/controllers/users_controller.rb +++ b/users/app/controllers/users_controller.rb @@ -3,9 +3,14 @@ class UsersController < ApplicationController skip_before_filter :verify_authenticity_token, :only => [:create] before_filter :fetch_user, :only => [:edit, :update] + before_filter :authorize_admin, :only => [:index] respond_to :json, :html + def index + @users = User.all + end + def new @user = User.new end diff --git a/users/app/views/sessions/_admin_nav.html.haml b/users/app/views/sessions/_admin_nav.html.haml new file mode 100644 index 0000000..14dfbdc --- /dev/null +++ b/users/app/views/sessions/_admin_nav.html.haml @@ -0,0 +1,6 @@ +%a#admin-menu{"data-toggle" => "dropdown", :role => :button} + Admin +%ul.dropdown-menu{:role => "menu", "aria-labelledby" => "admin-menu"} + %li + = link_to Ticket.model_name.human(:count => ""), tickets_path, {:tabindex => -1} + = link_to User.model_name.human(:count => ""), users_path, {:tabindex => -1} diff --git a/users/app/views/sessions/_nav.html.haml b/users/app/views/sessions/_nav.html.haml index dab865e..5306d0e 100644 --- a/users/app/views/sessions/_nav.html.haml +++ b/users/app/views/sessions/_nav.html.haml @@ -1,11 +1,11 @@ - if logged_in? + - if admin? + %li.dropdown + = render 'sessions/admin_nav' %li = link_to current_user.login, edit_user_path(current_user) %li = link_to t(:logout), logout_path - - if admin? - %li - = 'ADMIN' # obviously not like this - else %li = link_to t(:login), login_path diff --git a/users/app/views/users/index.html.haml b/users/app/views/users/index.html.haml new file mode 100644 index 0000000..7db6038 --- /dev/null +++ b/users/app/views/users/index.html.haml @@ -0,0 +1 @@ +%h1= User.model_name.human(:count =>@users.count) -- cgit v1.2.3 From 51ba799f98113b7112f2968fc80e4d291924b3bf Mon Sep 17 00:00:00 2001 From: Azul Date: Mon, 26 Nov 2012 16:34:46 +0100 Subject: basic users index with typeahead search --- users/app/assets/javascripts/users.js.coffee | 4 ++++ users/app/controllers/users_controller.rb | 8 +++++++- users/app/models/user.rb | 1 + users/app/views/users/index.html.haml | 18 +++++++++++++++++- 4 files changed, 29 insertions(+), 2 deletions(-) (limited to 'users/app') diff --git a/users/app/assets/javascripts/users.js.coffee b/users/app/assets/javascripts/users.js.coffee index f0bb3dd..61d4121 100644 --- a/users/app/assets/javascripts/users.js.coffee +++ b/users/app/assets/javascripts/users.js.coffee @@ -21,6 +21,9 @@ srp.error = (message) -> else alert(message) +pollUsers = (query, process) -> + $.get( "/users.json", query: query).done(process); + $(document).ready -> $('#new_user').submit preventDefault $('#new_user').submit srp.signup @@ -28,4 +31,5 @@ $(document).ready -> $('#new_session').submit srp.login $('.user.form.edit').submit srp.update $('.user.form.edit').submit preventDefault + $('.user.typeahead').typeahead({source: pollUsers}); diff --git a/users/app/controllers/users_controller.rb b/users/app/controllers/users_controller.rb index 4912ac8..09199f0 100644 --- a/users/app/controllers/users_controller.rb +++ b/users/app/controllers/users_controller.rb @@ -8,7 +8,13 @@ class UsersController < ApplicationController respond_to :json, :html def index - @users = User.all + if params[:query] + @users = User.by_login.startkey(params[:query]).endkey(params[:query].succ) + else + @users = User.by_created_at.descending + end + @users = @users.limit(5) + respond_with @users.map(&:login).sort end def new diff --git a/users/app/models/user.rb b/users/app/models/user.rb index 39d079a..325c981 100644 --- a/users/app/models/user.rb +++ b/users/app/models/user.rb @@ -27,6 +27,7 @@ class User < CouchRest::Model::Base design do view :by_login + view :by_created_at end class << self diff --git a/users/app/views/users/index.html.haml b/users/app/views/users/index.html.haml index 7db6038..65e99af 100644 --- a/users/app/views/users/index.html.haml +++ b/users/app/views/users/index.html.haml @@ -1 +1,17 @@ -%h1= User.model_name.human(:count =>@users.count) +.page-header + %h1= User.model_name.human(:count =>User.count) +.row + .span8 + %h2 Last users who signed up + %table.table.table-hover + %tr + %th Login + %th Created + %th Action + = render @users.all + .span4 + %h4 Find user + %form.form-search + .input-append + %input.user.typeahead.span2.search-query{:type => :text} + %button.btn{:type => :submit} Search -- cgit v1.2.3 From a941c89293bcbb067c6152b63765ead38a484b81 Mon Sep 17 00:00:00 2001 From: Azul Date: Mon, 26 Nov 2012 18:06:21 +0100 Subject: basic typeahead and user querying working --- users/app/assets/javascripts/users.js.coffee | 2 +- users/app/controllers/users_controller.rb | 2 +- users/app/views/users/index.html.haml | 8 ++++---- 3 files changed, 6 insertions(+), 6 deletions(-) (limited to 'users/app') diff --git a/users/app/assets/javascripts/users.js.coffee b/users/app/assets/javascripts/users.js.coffee index 61d4121..76a6d79 100644 --- a/users/app/assets/javascripts/users.js.coffee +++ b/users/app/assets/javascripts/users.js.coffee @@ -22,7 +22,7 @@ srp.error = (message) -> alert(message) pollUsers = (query, process) -> - $.get( "/users.json", query: query).done(process); + $.get( "/users.json", query: query).done(process) $(document).ready -> $('#new_user').submit preventDefault diff --git a/users/app/controllers/users_controller.rb b/users/app/controllers/users_controller.rb index 09199f0..925b584 100644 --- a/users/app/controllers/users_controller.rb +++ b/users/app/controllers/users_controller.rb @@ -13,7 +13,7 @@ class UsersController < ApplicationController else @users = User.by_created_at.descending end - @users = @users.limit(5) + @users = @users.limit(10) respond_with @users.map(&:login).sort end diff --git a/users/app/views/users/index.html.haml b/users/app/views/users/index.html.haml index 65e99af..9e6a179 100644 --- a/users/app/views/users/index.html.haml +++ b/users/app/views/users/index.html.haml @@ -2,7 +2,7 @@ %h1= User.model_name.human(:count =>User.count) .row .span8 - %h2 Last users who signed up + %h2= params[:query] ? "Users starting with '#{params[:query]}'" : "Last users who signed up" %table.table.table-hover %tr %th Login @@ -11,7 +11,7 @@ = render @users.all .span4 %h4 Find user - %form.form-search + = form_tag users_path, :method => :get, :class => "form-search" do .input-append - %input.user.typeahead.span2.search-query{:type => :text} - %button.btn{:type => :submit} Search + = text_field_tag :query, "", :class => "user typeahead span2 search-query", :autocomplete => :off + %button.btn{:type => :submit} Search -- cgit v1.2.3 From 1d7ea661ca0cc03ffb10026e306d4e451e085cfa Mon Sep 17 00:00:00 2001 From: Azul Date: Mon, 26 Nov 2012 19:25:59 +0100 Subject: forgot the user partial --- users/app/views/users/_user.html.haml | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 users/app/views/users/_user.html.haml (limited to 'users/app') diff --git a/users/app/views/users/_user.html.haml b/users/app/views/users/_user.html.haml new file mode 100644 index 0000000..5eb7941 --- /dev/null +++ b/users/app/views/users/_user.html.haml @@ -0,0 +1,7 @@ +%tr + %td= user.login + %td= time_ago_in_words(user.created_at) + " ago" + %td + = link_to user_path(user), :method => :delete, :class => "btn btn-danger btn-mini" do + %i.icon-remove.icon-white + Remove -- cgit v1.2.3 From 277b9f98bfbe2ef0217dfd17c8d9d6597369b903 Mon Sep 17 00:00:00 2001 From: Azul Date: Wed, 28 Nov 2012 15:13:47 +0100 Subject: admins can destroy users I changed the permissions a little to be more consistent. Now: * admins can edit users * users can destroy themselves. There's no ui for either of them but theoretically they could. Not sure this is what we want though. --- users/app/controllers/users_controller.rb | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) (limited to 'users/app') diff --git a/users/app/controllers/users_controller.rb b/users/app/controllers/users_controller.rb index 925b584..3407191 100644 --- a/users/app/controllers/users_controller.rb +++ b/users/app/controllers/users_controller.rb @@ -2,7 +2,7 @@ class UsersController < ApplicationController skip_before_filter :verify_authenticity_token, :only => [:create] - before_filter :fetch_user, :only => [:edit, :update] + before_filter :fetch_user, :only => [:edit, :update, :destroy] before_filter :authorize_admin, :only => [:index] respond_to :json, :html @@ -34,10 +34,15 @@ class UsersController < ApplicationController respond_with @user end + def destroy + @user.destroy + redirect_to users_path + end + protected def fetch_user @user = User.find_by_param(params[:id]) - access_denied unless @user == current_user + access_denied unless admin? or (@user == current_user) end end -- cgit v1.2.3 From 1de597b338f0622a7732676907365de673c34dfb Mon Sep 17 00:00:00 2001 From: Azul Date: Mon, 3 Dec 2012 10:24:49 +0100 Subject: enable admin to edit users --- users/app/views/users/_user.html.haml | 3 +++ 1 file changed, 3 insertions(+) (limited to 'users/app') diff --git a/users/app/views/users/_user.html.haml b/users/app/views/users/_user.html.haml index 5eb7941..7db0041 100644 --- a/users/app/views/users/_user.html.haml +++ b/users/app/views/users/_user.html.haml @@ -2,6 +2,9 @@ %td= user.login %td= time_ago_in_words(user.created_at) + " ago" %td + = link_to edit_user_path(user), :class => "btn btn-mini btn-primary" do + %i.icon-edit.icon-white + Edit = link_to user_path(user), :method => :delete, :class => "btn btn-danger btn-mini" do %i.icon-remove.icon-white Remove -- cgit v1.2.3 From 2a928455f9dcefa465b80b79768ba1d1a423e6e9 Mon Sep 17 00:00:00 2001 From: Azul Date: Mon, 3 Dec 2012 10:52:01 +0100 Subject: enable users to cancel their account --- users/app/controllers/users_controller.rb | 2 +- users/app/views/users/edit.html.haml | 7 +++++++ 2 files changed, 8 insertions(+), 1 deletion(-) (limited to 'users/app') diff --git a/users/app/controllers/users_controller.rb b/users/app/controllers/users_controller.rb index 3407191..cffc8c6 100644 --- a/users/app/controllers/users_controller.rb +++ b/users/app/controllers/users_controller.rb @@ -36,7 +36,7 @@ class UsersController < ApplicationController def destroy @user.destroy - redirect_to users_path + redirect_to admin? ? users_path : login_path end protected diff --git a/users/app/views/users/edit.html.haml b/users/app/views/users/edit.html.haml index 8298443..cfcf220 100644 --- a/users/app/views/users/edit.html.haml +++ b/users/app/views/users/edit.html.haml @@ -1,3 +1,10 @@ .span8.offset2 %h2=t :settings = render 'form' + - if @user == current_user + %legend + =t :cancel_account + %small You will not be able to login anymore. + = link_to user_path(@user), :method => :delete, :class => "btn btn-danger" do + %i.icon-remove.icon-white + Remove my Account -- cgit v1.2.3 From 059b6fca8468e7b9a2507f24b84e09ce4b8c3ddd Mon Sep 17 00:00:00 2001 From: Azul Date: Thu, 6 Dec 2012 16:03:59 +0100 Subject: seperated login and password changes in settings --- users/app/views/users/_form.html.haml | 18 ++++++++++++------ users/app/views/users/edit.html.haml | 11 +++-------- 2 files changed, 15 insertions(+), 14 deletions(-) (limited to 'users/app') diff --git a/users/app/views/users/_form.html.haml b/users/app/views/users/_form.html.haml index fc835af..39e26a6 100644 --- a/users/app/views/users/_form.html.haml +++ b/users/app/views/users/_form.html.haml @@ -1,9 +1,15 @@ +- only = local_assigns[:only] - html = {:class => 'form-horizontal user form ' + (@user.new_record? ? 'new' : 'edit')} = simple_form_for @user, :validate => true, :format => :json, :html => html do |f| %legend - = @user.new_record? ? t(:signup_message) : t(:edit_settings) - = f.input :login, :input_html => { :id => :srp_username } - = f.input :password, :required => true, :validate => true, :input_html => { :id => :srp_password } - = f.input :password_confirmation, :required => true, :input_html => { :id => :srp_password_confirmation } - = f.button :submit, :class => 'btn-primary' - = link_to t(:cancel), root_url, :class => :btn + = t(only || :signup_message) + - if !only || only == :change_login + = f.input :login, :input_html => { :id => :srp_username } + - if !only || only == :change_password + = f.input :password, :required => true, :validate => true, :input_html => { :id => :srp_password } + = f.input :password_confirmation, :required => true, :input_html => { :id => :srp_password_confirmation } + .pull-right + = f.button :submit, :class => 'btn-primary' + - unless only + = link_to t(:cancel), root_url, :class => :btn + .clearfix diff --git a/users/app/views/users/edit.html.haml b/users/app/views/users/edit.html.haml index cfcf220..25da71a 100644 --- a/users/app/views/users/edit.html.haml +++ b/users/app/views/users/edit.html.haml @@ -1,10 +1,5 @@ .span8.offset2 %h2=t :settings - = render 'form' - - if @user == current_user - %legend - =t :cancel_account - %small You will not be able to login anymore. - = link_to user_path(@user), :method => :delete, :class => "btn btn-danger" do - %i.icon-remove.icon-white - Remove my Account + = render :partial => 'form', :locals => {:only => :change_login} + = render :partial => 'form', :locals => {:only => :change_password} + = render 'cancel_account' if @user == current_user -- cgit v1.2.3 From f65b0bc32fd2785458d4076faf89683effca5031 Mon Sep 17 00:00:00 2001 From: Azul Date: Thu, 6 Dec 2012 17:00:53 +0100 Subject: forgot to add new partial --- users/app/views/users/_cancel_account.html.haml | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 users/app/views/users/_cancel_account.html.haml (limited to 'users/app') diff --git a/users/app/views/users/_cancel_account.html.haml b/users/app/views/users/_cancel_account.html.haml new file mode 100644 index 0000000..41580b0 --- /dev/null +++ b/users/app/views/users/_cancel_account.html.haml @@ -0,0 +1,6 @@ +%legend + =t :cancel_account + %small You will not be able to login anymore. += link_to user_path(@user), :method => :delete, :class => "btn btn-danger" do + %i.icon-remove.icon-white + Remove my Account -- cgit v1.2.3