alchemy_cms 2.5.0.b9 → 2.5.0.rc3

data/config/locales/devise.de.yml

@@ -0,0 +1,57 @@
+de:
+  errors:
+    messages:
+      expired: "ist abgelaufen, bitte neu anfordern"
+      not_found: "nicht gefunden"
+      already_confirmed: "wurde bereits bestätigt"
+      not_locked: "ist nicht gesperrt"
+      not_saved:
+        one: "Es konnte nicht fortfahren werden:"
+        other: "Es konnte nicht fortfahren werden:"
+
+  devise:
+    failure:
+      already_authenticated: 'Sie sind bereits angemeldet.'
+      unauthenticated: 'Sie müssen sich anmelden oder registrieren, bevor Sie fortfahren können.'
+      unconfirmed: 'Sie müssen Ihren Account bestätigen, bevor Sie fortfahren können.'
+      locked: 'Ihr Account ist gesperrt.'
+      invalid: 'Ungültige Anmeldedaten.'
+      invalid_token: 'Der Anmelde-Token ist ungültig.'
+      timeout: 'Ihre Sitzung ist abgelaufen, bitte melden Sie sich erneut an.'
+      inactive: 'Ihr Account ist nicht aktiv.'
+      user:
+        not_found_in_database: 'Ungültige Anmeldedaten.'
+    sessions:
+      signed_in: 'Erfolgreich angemeldet.'
+      signed_out: 'Erfolgreich abgemeldet.'
+    passwords:
+      send_instructions: 'Sie erhalten in wenigen Minuten eine E-Mail mit der Anleitung, wie Sie ihr Passwort zurücksetzen können.'
+      updated: 'Ihr Passwort wurde geändert. Sie sind jetzt angemeldet.'
+      updated_not_active: 'Ihr Passwort wurde geändert.'
+      send_paranoid_instructions: "Falls Ihre E-Mail-Adresse in unserer Datenbank existiert erhalten Sie in wenigen Minuten eine E-Mail mit der Anleitung, wie Sie Ihr Passwort zurücksetzen können."
+    confirmations:
+      send_instructions: 'Sie erhalten in wenigen Minuten eine E-Mail, mit der Sie Ihre Registrierung bestätigen können.'
+      send_paranoid_instructions: 'Falls Ihre E-Mail-Adresse in unserer Datenbank existiert erhalten Sie in wenigen Minuten eine E-Mail mit der die Sie Ihre Registrierung bestätigen können.'
+      confirmed: 'Vielen Dank für Ihre Registrierung. Sie sind jetzt angemeldet.'
+    registrations:
+      signed_up: 'Sie haben sich erfolgreich registriert.'
+      signed_up_but_unconfirmed: 'Sie haben sich erfolgreich registriert. Wir konnten Sie noch nicht anmelden, da Ihr Account noch nicht bestätigt ist. Sie erhalten in Kürze eine E-Mail mit der Anleitung, wie Sie Ihren Account freischalten können.'
+      signed_up_but_inactive: 'Sie haben sich erfolgreich registriert. Wir konnten Sie noch nicht anmelden, da Ihr Account inaktiv ist.'
+      signed_up_but_locked: 'Sie haben sich erfolgreich registriert. Wir konnten Sie noch nicht anmelden, da Ihr Account gesperrt ist.'
+      updated: 'Ihre Daten wurden aktualisiert.'
+      update_needs_confirmation: "Ihre Daten wurden aktualisiert, aber Sie müssen Ihre neue E-Mail-Adresse bestätigen. Sie erhalten in wenigen Minuten eine E-Mail, mit der Sie die Änderung Ihrer E-Mail-Adresse abschließen können."
+      destroyed: 'Ihr Account wurde gelöscht.'
+    unlocks:
+      send_instructions: 'Sie erhalten in wenigen Minuten eine E-Mail mit der Anleitung, wie Sie Ihren Account entsperren können.'
+      unlocked: 'Ihr Account wurde entsperrt. Sie sind jetzt angemeldet.'
+      send_paranoid_instructions: "Falls Ihre E-Mail-Adresse in unserer Datenbank existiert erhalten Sie in wenigen Minuten eine E-Mail mit der Anleitung, wie Sie Ihren Account entsperren können."
+    omniauth_callbacks:
+      success: 'Die haben sich erfolgreich mit Ihrem %{kind}-Account angemeldet.'
+      failure: 'Sie konnten nicht mit Ihrem %{kind}-Account angemeldet werden, weil "%{reason}".'
+    mailer:
+      confirmation_instructions:
+        subject: 'Anleitung zur Bestätigung Ihres Accounts'
+      reset_password_instructions:
+        subject: 'Anleitung um Ihr Passwort zurückzusetzen'
+      unlock_instructions:
+        subject: 'Anleitung um Ihren Account freizuschalten'

data/config/locales/devise.en.yml

@@ -0,0 +1,60 @@
+# Additional translations at https://github.com/plataformatec/devise/wiki/I18n
+
+en:
+  errors:
+    messages:
+      expired: "has expired, please request a new one"
+      not_found: "not found"
+      already_confirmed: "was already confirmed, please try signing in"
+      not_locked: "was not locked"
+      not_saved:
+        one: "1 error prohibited this %{resource} from being saved:"
+        other: "%{count} errors prohibited this %{resource} from being saved:"
+      confirmation_period_expired: "needs to be confirmed within %{period}, please request a new one"
+
+  devise:
+    failure:
+      already_authenticated: 'You are already signed in.'
+      unauthenticated: 'You need to sign in or sign up before continuing.'
+      unconfirmed: 'You have to confirm your account before continuing.'
+      locked: 'Your account is locked.'
+      not_found_in_database: 'Invalid email or password.'
+      invalid: 'Invalid email or password.'
+      invalid_token: 'Invalid authentication token.'
+      timeout: 'Your session expired, please sign in again to continue.'
+      inactive: 'Your account was not activated yet.'
+    sessions:
+      signed_in: 'Signed in successfully.'
+      signed_out: 'Signed out successfully.'
+    passwords:
+      send_instructions: 'You will receive an email with instructions about how to reset your password in a few minutes.'
+      updated: 'Your password was changed successfully. You are now signed in.'
+      updated_not_active: 'Your password was changed successfully.'
+      send_paranoid_instructions: "If your email address exists in our database, you will receive a password recovery link at your email address in a few minutes."
+      no_token: "You can't access this page without coming from a password reset email. If you do come from a password reset email, please make sure you used the full URL provided."
+    confirmations:
+      send_instructions: 'You will receive an email with instructions about how to confirm your account in a few minutes.'
+      send_paranoid_instructions: 'If your email address exists in our database, you will receive an email with instructions about how to confirm your account in a few minutes.'
+      confirmed: 'Your account was successfully confirmed. You are now signed in.'
+    registrations:
+      signed_up: 'Welcome! You have signed up successfully.'
+      signed_up_but_unconfirmed: 'A message with a confirmation link has been sent to your email address. Please open the link to activate your account.'
+      signed_up_but_inactive: 'You have signed up successfully. However, we could not sign you in because your account is not yet activated.'
+      signed_up_but_locked: 'You have signed up successfully. However, we could not sign you in because your account is locked.'
+      updated: 'You updated your account successfully.'
+      update_needs_confirmation: "You updated your account successfully, but we need to verify your new email address. Please check your email and click on the confirm link to finalize confirming your new email address."
+      destroyed: 'Bye! Your account was successfully cancelled. We hope to see you again soon.'
+    unlocks:
+      send_instructions: 'You will receive an email with instructions about how to unlock your account in a few minutes.'
+      unlocked: 'Your account has been unlocked successfully. Please sign in to continue.'
+      send_paranoid_instructions: 'If your account exists, you will receive an email with instructions about how to unlock it in a few minutes.'
+    omniauth_callbacks:
+      success: 'Successfully authenticated from %{kind} account.'
+      failure: 'Could not authenticate you from %{kind} because "%{reason}".'
+    mailer:
+      confirmation_instructions:
+        subject: 'Confirmation instructions'
+      reset_password_instructions:
+        subject: 'Reset password instructions'
+      unlock_instructions:
+        subject: 'Unlock Instructions'

data/config/routes.rb

@@ -2,40 +2,56 @@ Alchemy::Engine.routes.draw do
 
   root :to => 'pages#show'
 
-  match '/admin' => redirect(
+  get '/admin' => redirect(
     "#{Alchemy.mount_point}/admin/dashboard"
   )
-  match '/admin/login' => 'user_sessions#login',
-        :as => :login
-  match '/admin/signup' => 'user_sessions#signup',
-        :as => :signup
-  match '/admin/leave' => 'user_sessions#leave',
-        :as => :leave_admin
-  match '/admin/logout' => 'user_sessions#logout',
-        :as => :logout
-  match '/admin/dashboard' => 'admin/dashboard#index',
+
+  get '/admin/dashboard' => 'admin/dashboard#index',
         :as => :admin_dashboard
 
-  match '/attachment/:id/download(/:name)(.:format)' => 'attachments#download',
-        :as => :download_attachment
+  devise_scope :user do
+    get '/admin/login' => 'user_sessions#new', :as => :login
+    post '/admin/login' => 'user_sessions#create', :as => :login
+    delete '/admin/logout' => 'user_sessions#destroy', :as => :logout
+    get '/admin/dashboard' => 'admin/dashboard#index', :as => :user_root
+    get '/admin/leave' => 'user_sessions#leave', :as => :leave_admin
+    get '/admin/passwords' => 'passwords#new', :as => :new_password
+    get '/admin/passwords/:id/edit' => 'passwords#edit', :as => :edit_password
+    post '/admin/passwords' => 'passwords#create', :as => :password
+    put '/admin/passwords' => 'passwords#update', :as => :password
+  end
+
+  # This actualy does all the Devise magic. I.e. current_user method in ApplicationController
+  devise_for(
+    :user,
+    :class_name => 'Alchemy::User',
+    :controllers => {
+      :sessions => 'alchemy/user_sessions'
+    },
+    :skip => [:sessions, :passwords] # skipping Devise default routes.
+  )
 
-  # catching legacy download urls
-  match '/wa_files/download/:id' => 'attachments#download'
-  match '/uploads/files/0000/:id/:name(.:suffix)' => 'attachments#download'
+  get '/admin/signup' => 'users#new', :as => :signup
+  post '/admin/signup' => 'users#create', :as => :signup
 
-  match '/attachment/:id/show' => 'attachments#show',
+  get '/attachment/:id/download(/:name)(.:format)' => 'attachments#download',
+        :as => :download_attachment
+  get '/attachment/:id/show' => 'attachments#show',
         :as => :show_attachment
 
-  match "/pictures/:id/show(/:size)(/:crop)(/:crop_from/:crop_size)(/:quality)/:name.:format" => 'pictures#show',
+  # Legacy download urls
+  get '/wa_files/download/:id' => 'attachments#download'
+  get '/uploads/files/0000/:id/:name(.:suffix)' => 'attachments#download'
+
+  # Picture urls
+  get "/pictures/:id/show(/:size)(/:crop)(/:crop_from/:crop_size)(/:quality)/:name.:format" => 'pictures#show',
         :as => :show_picture
-  match '/pictures/:id/zoom/:name.:format' => 'pictures#zoom',
+  get '/pictures/:id/zoom/:name.:format' => 'pictures#zoom',
         :as => :zoom_picture
-  match "/pictures/:id/thumbnails/:size(/:crop)(/:crop_from/:crop_size)/:name.:format" => 'pictures#thumbnail',
+  get "/pictures/:id/thumbnails/:size(/:crop)(/:crop_from/:crop_size)/:name.:format" => 'pictures#thumbnail',
         :as => :thumbnail, :defaults => {:format => 'png', :name => "thumbnail"}
 
   resources :messages, :only => [:index, :new, :create]
-
-  resources :user_sessions
   resources :elements, :only => :show
 
   namespace :admin do

data/db/migrate/20130121092645_migrate_to_devise.rb

@@ -0,0 +1,24 @@
+class MigrateToDevise < ActiveRecord::Migration
+  def change
+    change_table :alchemy_users do |t|
+      t.rename :crypted_password, :encrypted_password
+      t.rename :login_count, :sign_in_count
+      t.rename :current_login_at, :current_sign_in_at
+      t.rename :last_login_at, :last_sign_in_at
+      t.rename :current_login_ip, :current_sign_in_ip
+      t.rename :last_login_ip, :last_sign_in_ip
+      t.rename :failed_login_count, :failed_attempts
+
+      t.remove :persistence_token
+      t.remove :perishable_token
+      t.remove :single_access_token
+
+      t.column :reset_password_token, :string
+      t.column :reset_password_sent_at, :datetime
+
+      t.index :email, :unique => true
+      t.index :login, :unique => true
+      t.index :reset_password_token, :unique => true
+    end
+  end
+end

data/lib/alchemy/authentication_helpers.rb

@@ -3,19 +3,6 @@ module Alchemy
 
     def self.included(base)
       base.send :alias_method, :current_alchemy_user, :current_user
-      base.send :helper_method, :current_user
-    end
-
-    def current_user
-      return @current_user if defined?(@current_user)
-      @current_user = current_user_session && current_user_session.record
-    end
-
-  private
-
-    def current_user_session
-      return @current_user_session if defined?(@current_user_session)
-      @current_user_session = UserSession.find
     end
 
   end

data/lib/alchemy/engine.rb

@@ -40,8 +40,8 @@ module Alchemy
       Alchemy::AuthEngine.get_instance.load(File.join(File.dirname(__FILE__), '../..', 'config/authorization_rules.rb'))
     end
 
-    config.to_prepare do
-      ApplicationController.send :include, Alchemy::AuthenticationHelpers
+    config.after_initialize do
+      #ApplicationController.send :include, Alchemy::AuthenticationHelpers
     end
 
   end

data/lib/alchemy/essence.rb

@@ -106,7 +106,7 @@ module Alchemy #:nodoc:
               case description['validate_format_as']
               when 'email'
               then
-                matcher = Authlogic::Regex.email
+                matcher = Devise.email_regexp
               when 'url'
               then
                 matcher = /^[a-z0-9]+([\-\.]{1}[a-z0-9]+)*\.[a-z]{2,5}(:[0-9]{1,5})?(\/.*)?$/ix
@@ -116,7 +116,7 @@ module Alchemy #:nodoc:
             else
               raise 'No validation format matcher given'
             end
-            if ingredient.match(matcher).nil?
+            if ingredient.to_s.match(matcher).nil?
               self.validation_errors << :invalid
             end
           elsif validation == 'uniqueness' && !acts_as_essence_class.send("find_by_#{ingredient_column}", ingredient).blank?

data/lib/alchemy/upgrader.rb

@@ -23,6 +23,7 @@ module Alchemy
         upgrade_to_sites
         removed_standard_set_notice
         renamed_t_method
+        migrated_to_devise
 
         display_todos
       end
@@ -265,6 +266,38 @@ WARN
         warn = <<-WARN
 We renamed alchemy's `t` method override into `_t` to avoid conflicts with Rails own t method!
 If you use the `t` method to translate alchemy scoped keys, then you have to use the `_t` method from now on.
+WARN
+        todo warn
+      end
+
+      def migrated_to_devise
+        warn = <<-WARN
+We changed the authentication provider from Authlogic to Devise.
+
+If you are upgrading from an old Alchemy version < 2.5.0, then you have to make changes to your Devise configuration.
+
+  1. Run:
+
+  $ rails g alchemy:devise
+
+  And alter the encryptor to authlogic_sha512
+  and the stretches value from 10 to 20
+
+  # config/initializers/devise.rb
+  config.stretches = Rails.env.test? ? 1 : 20
+  config.encryptor = :authlogic_sha512
+
+  2. Add the encryptable module to your Alchemy config.yml:
+
+  # config/alchemy/config.yml
+  devise_modules:
+    - :database_authenticatable
+    - :trackable
+    - :validatable
+    - :timeoutable
+    - :recoverable
+    - :encryptable
+
 WARN
         todo warn
       end

data/lib/alchemy/version.rb

@@ -1,6 +1,6 @@
 module Alchemy
 
-  VERSION = "2.5.0.b9"
+  VERSION = "2.5.0.rc3"
 
   def self.version
     VERSION

data/lib/alchemy_cms.rb

@@ -4,7 +4,8 @@ if Rails::VERSION::MAJOR == 3 && Rails::VERSION::MINOR == 2
   require 'acts_as_list'
   require 'acts-as-taggable-on'
   require 'attachment_magic'
-  require 'authlogic'
+  require 'devise'
+  require 'devise-encryptable'
   require 'awesome_nested_set'
   require 'dragonfly'
   require 'dynamic_form'

data/lib/rails/generators/alchemy/deploy_script/templates/deploy.rb.tt

@@ -63,7 +63,7 @@ before "deploy:create_symlink", "deploy:migrate"
 # after hooks
 <%- if @database_type == "mysql" -%>
 after "deploy:setup",           "alchemy:database_yml:create"
-after "deploy:assets:symlink",  "alchemy:database_yml:symlink"
+after "deploy:finalize_update", "alchemy:database_yml:symlink"
 <%- end -%>
 after "deploy",                 "deploy:cleanup"
 

data/lib/rails/generators/alchemy/devise/devise_generator.rb

@@ -0,0 +1,24 @@
+require 'rails'
+
+module Alchemy
+  module Generators
+    class DeviseGenerator < ::Rails::Generators::Base
+      desc "This generator copies the Alchemy Devise configuration into your app."
+      source_root File.expand_path('../../../../../config/initializers', File.dirname(__FILE__))
+
+      def copy_devise_config
+        copy_file "devise.rb", "#{Rails.root}/config/initializers/devise.rb"
+        msg = <<-MSG
+If your are upgrading from Alchemy < 2.5.0, alter the encryptor to authlogic_sha512
+and the stretches value from 10 to 20:
+
+  config.stretches = Rails.env.test? ? 1 : 20
+  config.encryptor = :authlogic_sha512
+
+MSG
+        puts msg
+      end
+
+    end
+  end
+end

data/lib/rails/generators/alchemy/scaffold/files/elements.yml

@@ -1,113 +1,3 @@
 # == In this configuration you setup Alchemy´s element layouts.
 #
-# Use rails generate alchemy:scaffold to generate this file for your app.
-#
-# Elements containing all necessary basic tools for displaying and editing content inside Alchemy.
-# They consists of composed contents (different essence-types) as shown in the illustration of an elements-sheme below.
-#
-# == Schema of an element
-#
-#   =================================
-#   #  Content 1 (EssenceText)      #
-#   #                               #
-#   #  Content 2 (EssencePicture)   #
-#   #                               #
-#   #  Content 3 (EssenceRichtext)  #
-#   =================================
-#
-# == Example of a basic element layout
-#
-#   - name: a_unique_name (Used for the partial name in +app/views/elements+ and translated as Element.display_name)
-#     unique: Bool //pass true if this element only can be displayed once on page
-#     contents:
-#     - name: head
-#       type: EssenceText
-#     - name: text
-#       type: EssenceRichtext
-#
-# As already mentioned above, there are different content-types wich can be defined for each content in an element.
-# Defining these types is used to render predefined views in the element.
-#
-# == Content-Types:
-#
-# * EssenceText               (Used to store a String (max. 255 Chars.) i.e. a headline, or productname. The editor is renderd as a single-lined input field. The view output will be sanitized and escaped. So it's XSS save.)
-# * EssenceRichtext           (Used to store editable richtext. Editor is rendered as a textarea with TinyMCE Editor.)
-# * EssencePicture            (Used to store picture ids from pictures assigned through the library. The editor is rendered as a picture-editor collection with a lot of options (i.e. image cropper). The view renders the assigned picture, resizes it, crops it and caches the result.)
-# * EssenceFlash              (Used to store attachment ids from attachments assigned through the library. The view renders an embeded object.)
-# * EssenceDate               (Used to store a DateTime object. The view output is passed through Rails I18n Library, so it will be fully localized.)
-# * EssenceHtml               (Used to store a String (max. 255 Chars.). The view output renders the raw, not sanitized or unescaped String. So be carefull!)
-#
-# After finishing the setup of your element layouts, you need to generate the files for the elements before using them in Alchemy.
-# For creating these files, use the following command in your terminal:
-#
-#   rails generate alchemy:elements
-#
-# All new elements will be created as two different partials in Rails.root/app/views/elements.
-# For each element there is an editor-view wich will be rendered when editing them in Alchemy and another view for the website´s frontend.
-#
-#   app/views/elements/_elements_name_editor.html.erb
-#   app/views/elements/_elements_name_view.html.erb
-#
-# For most contents of an element you can specify additional options, so they get rendered in a specific way.
-# These options can be defined as symbols, but its too much to list them up here.
-# You can find these options described in the application_helper.rb, most of them at the render_essence method.
-#
-# == Setting a content as preview-text for the element
-#
-# You can set a content-essence as preview-text for its element like this
-# take_me_for_preview: true
-#
-#
-# == Adding contents dynamically in the frontend
-#
-# You are able to add content-essences dynamically to the element from the Alchemy frontend.
-# You just have to make contents available for adding them.
-# This example enables this feature
-#
-#   - name: headline
-#     unique: false
-#     contents:
-#     - name: headline
-#       type: EssenceText
-#     - name: big_text
-#       type: EssenceRichtext
-#     available_contents:
-#     - name: big_text
-#       type: EssenceRichtext
-#
-# Now an Alchemy user can add the content 'big_text' from the element as much as desired.
-#
-#
-# == Deactivate indexing (Ferret search) for certain contents
-#
-# Contents of type EssenceText and EssenceRichtext can be excluded from being indexed by the Ferret search engine.
-#
-# Example:
-#
-#   - name: contactform
-#     unique: true
-#     contents:
-#     - name: mail_to
-#       type: EssenceText
-#       do_not_index: true
-#
-#
-# == Validate contents before updating the element
-#
-# More informations in [Content#essence_validations]
-#
-#
-# == Translate element and content names
-#
-# Element and content names are passed through the I18n library. So you can translate them in your config/locales language yml file.
-#
-# Example:
-#
-#   de:
-#     alchemy:
-#       element_names:
-#         contact: Kontakt
-#         search: Suche
-#       content_names:
-#         headline: Überschrift
-
+# For further informations please see http://guides.alchemy-cms.com/create_elements.html