From 193bf6446b384dce1699e8fb82be6f16cb8cb5f6 Mon Sep 17 00:00:00 2001
From: Azul <azul@leap.se>
Date: Mon, 23 Sep 2013 19:55:22 +0200
Subject: use token auth when accessing the api from webapp

One failing integration test still needs to be fixed
---
 users/app/assets/javascripts/srp                |  2 +-
 users/app/assets/javascripts/users.js           | 20 ++++++++++++++-
 users/app/controllers/v1/sessions_controller.rb |  1 +
 users/app/views/users/_edit.html.haml           |  5 ++--
 users/test/integration/browser/account_test.rb  | 33 +++++++++++++++++++++++++
 5 files changed, 57 insertions(+), 4 deletions(-)

(limited to 'users')

diff --git a/users/app/assets/javascripts/srp b/users/app/assets/javascripts/srp
index 9c61d52..d22bf3b 160000
--- a/users/app/assets/javascripts/srp
+++ b/users/app/assets/javascripts/srp
@@ -1 +1 @@
-Subproject commit 9c61d52f1f975ec0eefe5b4a0b71ac529300cbe7
+Subproject commit d22bf3b9fe2fd31192e1e1b358e97e5a0f3f90b3
diff --git a/users/app/assets/javascripts/users.js b/users/app/assets/javascripts/users.js
index 4c9b510..9d1a0f0 100644
--- a/users/app/assets/javascripts/users.js
+++ b/users/app/assets/javascripts/users.js
@@ -3,7 +3,12 @@
   // LOCAL FUNCTIONS
   //
 
-  var poll_users, prevent_default, form_failed, form_passed, clear_errors;
+  var poll_users, 
+      prevent_default, 
+      form_failed, 
+      form_passed, 
+      clear_errors,
+      update_user;
 
   prevent_default = function(event) {
     return event.preventDefault();
@@ -19,6 +24,17 @@
     return $('#messages').empty();
   };
 
+  update_user = function(submitEvent) {
+    var form = submitEvent.target;
+    var token = form.dataset.token;
+    var url = form.action;
+    return $.ajax({
+      url: url,
+      type: 'PUT',
+      headers: { Authorization: 'Token token="' + token + '"' },
+      data: $(form).serialize()
+    });
+  };
 
   //
   // PUBLIC FUNCTIONS
@@ -76,6 +92,8 @@
     $('#new_session').submit(srp.login);
     $('#update_login_and_password').submit(prevent_default);
     $('#update_login_and_password').submit(srp.update);
+    $('#update_pgp_key').submit(prevent_default);
+    $('#update_pgp_key').submit(update_user);
     return $('#user-typeahead').typeahead({
       source: poll_users
     });
diff --git a/users/app/controllers/v1/sessions_controller.rb b/users/app/controllers/v1/sessions_controller.rb
index 1b20a82..eb6c322 100644
--- a/users/app/controllers/v1/sessions_controller.rb
+++ b/users/app/controllers/v1/sessions_controller.rb
@@ -24,6 +24,7 @@ module V1
     def update
       authenticate!
       @token = Token.create(:user_id => current_user.id)
+      session[:token] = @token.id
       render :json => login_response
     end
 
diff --git a/users/app/views/users/_edit.html.haml b/users/app/views/users/_edit.html.haml
index 5f74d32..ae3f32d 100644
--- a/users/app/views/users/_edit.html.haml
+++ b/users/app/views/users/_edit.html.haml
@@ -10,7 +10,8 @@
 -#   however, we don't want the user to change their login without generating a new key, so we hide the ui for this
 -#   (although it works perfectly fine to change username if the field was visible).
 -#
-- form_options = {:url => '/not-used', :html => {:class => user_form_class('form-horizontal'), :id =>  'update_login_and_password'}, :validate => true}
+
+- form_options = {:url => '/not-used', :html => {:class => user_form_class('form-horizontal'), :id =>  'update_login_and_password', :data => {token: session[:token]}}, :validate => true}
 = simple_form_for @user, form_options do |f|
   %legend= t(:change_password)
   = hidden_field_tag 'user_param', @user.to_param
@@ -28,7 +29,7 @@
 -# this will be replaced by a identities controller/view at some point
 -#
 
-- form_options = {:html => {:class => user_form_class('form-horizontal'), :id => 'update_pgp_key'}, :validate => true}
+- form_options = {:html => {:class => user_form_class('form-horizontal'), :id => 'update_pgp_key', :data => {token: session[:token]}}, :validate => true}
 = simple_form_for [:api, @user], form_options do |f|
   %legend= t(:advanced_options)
   = f.input :public_key, :as => :text, :hint => t(:use_ascii_key), :input_html => {:class => "full-width", :rows => 4}
diff --git a/users/test/integration/browser/account_test.rb b/users/test/integration/browser/account_test.rb
index 8c2c997..3434557 100644
--- a/users/test/integration/browser/account_test.rb
+++ b/users/test/integration/browser/account_test.rb
@@ -24,8 +24,41 @@ class AccountTest < BrowserIntegrationTest
     fill_in 'Password', with: password
     click_on 'Log In'
     assert page.has_content?("Welcome #{username}")
+    User.find_by_login(username).account.destroy
   end
 
+  test "change password" do
+    username, password = submit_signup
+    click_on "Account Settings"
+    within('#update_login_and_password') do
+      fill_in 'Password', with: "other password"
+      fill_in 'Password confirmation', with: "other password"
+      click_on 'Save'
+    end
+    click_on 'Logout'
+    click_on 'Log In'
+    fill_in 'Username', with: username
+    fill_in 'Password', with: "other password"
+    click_on 'Log In'
+    assert page.has_content?("Welcome #{username}")
+    User.find_by_login(username).account.destroy
+  end
+
+  test "change pgp key" do
+    pgp_key = "My PGP Key Stub"
+    username, password = submit_signup
+    click_on "Account Settings"
+    within('#update_pgp_key') do
+      fill_in 'Public key', with: pgp_key
+      click_on 'Save'
+    end
+    debugger
+    assert user = User.find_by_login(username)
+    assert_equal pgp_key, user.public_key
+    user.account.destroy
+  end
+
+
   # trying to seed an invalid A for srp login
   test "detects attempt to circumvent SRP" do
     user = FactoryGirl.create :user
-- 
cgit v1.2.3


From 4f8414298750193b6de3daff08364ec745a6a761 Mon Sep 17 00:00:00 2001
From: Azul <azul@leap.se>
Date: Wed, 25 Sep 2013 10:12:08 +0200
Subject: visual feedback when submitting forms (#3164)

This also helps with the failing integration test. We needed a way to tell the ajax request was back. Observing the button state now works for that.
---
 users/app/assets/javascripts/users.js          | 13 ++++++++++++-
 users/app/views/users/_edit.html.haml          |  2 +-
 users/test/integration/browser/account_test.rb |  7 +++++--
 3 files changed, 18 insertions(+), 4 deletions(-)

(limited to 'users')

diff --git a/users/app/assets/javascripts/users.js b/users/app/assets/javascripts/users.js
index 9d1a0f0..aaeba6e 100644
--- a/users/app/assets/javascripts/users.js
+++ b/users/app/assets/javascripts/users.js
@@ -28,12 +28,22 @@
     var form = submitEvent.target;
     var token = form.dataset.token;
     var url = form.action;
-    return $.ajax({
+    var req = $.ajax({
       url: url,
       type: 'PUT',
       headers: { Authorization: 'Token token="' + token + '"' },
       data: $(form).serialize()
     });
+    req.done( function() {
+      $(form).find('input[type="submit"]').button('reset');
+    });
+  };
+
+  markAsSubmitted = function(submitEvent) {
+    var form = submitEvent.target;
+    $(form).addClass('submitted')
+    // bootstrap loading state:
+    $(form).find('input[type="submit"]').button('loading');
   };
 
   //
@@ -86,6 +96,7 @@
   //
 
   $(document).ready(function() {
+    $('form').submit(markAsSubmitted);
     $('#new_user').submit(prevent_default);
     $('#new_user').submit(srp.signup);
     $('#new_session').submit(prevent_default);
diff --git a/users/app/views/users/_edit.html.haml b/users/app/views/users/_edit.html.haml
index ae3f32d..9d2473b 100644
--- a/users/app/views/users/_edit.html.haml
+++ b/users/app/views/users/_edit.html.haml
@@ -35,7 +35,7 @@
   = f.input :public_key, :as => :text, :hint => t(:use_ascii_key), :input_html => {:class => "full-width", :rows => 4}
   .control-group
     .controls
-      = f.submit t(:save), :class => 'btn'
+      = f.submit t(:save), :class => 'btn', :data => {"loading-text" => "Saving..."}
 
 -#
 -# DESTROY ACCOUNT
diff --git a/users/test/integration/browser/account_test.rb b/users/test/integration/browser/account_test.rb
index 3434557..1deda45 100644
--- a/users/test/integration/browser/account_test.rb
+++ b/users/test/integration/browser/account_test.rb
@@ -52,8 +52,11 @@ class AccountTest < BrowserIntegrationTest
       fill_in 'Public key', with: pgp_key
       click_on 'Save'
     end
-    debugger
-    assert user = User.find_by_login(username)
+    page.assert_selector 'input[value="Saving..."]'
+    # at some point we're done:
+    page.assert_no_selector 'input[value="Saving..."]'
+    assert page.has_field? 'Public key', with: pgp_key
+    user = User.find_by_login(username)
     assert_equal pgp_key, user.public_key
     user.account.destroy
   end
-- 
cgit v1.2.3