caboose-cms 0.6.16 → 0.6.17

data/app/assets/stylesheets/caboose/nestable.css

@@ -0,0 +1,107 @@
+/**
+ * Nestable
+ */
+
+.dd { position: relative; display: block; margin: 0; padding: 0; max-width: 600px; list-style: none; font-size: 13px; line-height: 20px; }
+
+.dd-list { display: block; position: relative; margin: 0; padding: 0; list-style: none; }
+.dd-list .dd-list { padding-left: 10px; }
+.dd-collapsed .dd-list { display: none; }
+
+.dd-item,
+.dd-empty,
+.dd-placeholder { display: block; position: relative; margin: 0; padding: 0; min-height: 20px; font-size: 13px; line-height: 20px; }
+
+.dd-handle { display: block; height: 30px; margin: 2px 0; padding: 5px 10px; color: #333; text-decoration: none; font-weight: bold; border: 1px solid #ccc;
+    background: #fafafa;
+    background: -webkit-linear-gradient(top, #fafafa 0%, #eee 100%);
+    background:    -moz-linear-gradient(top, #fafafa 0%, #eee 100%);
+    background:         linear-gradient(top, #fafafa 0%, #eee 100%);
+    -webkit-border-radius: 3px;
+            border-radius: 3px;
+    box-sizing: border-box; -moz-box-sizing: border-box;
+}
+.dd-handle:hover { color: #2ea8e5; background: #fff; }
+
+.dd-item > button { display: block; position: relative; cursor: pointer; float: left; width: 25px; height: 20px; margin: 5px 0; padding: 0; text-indent: 100%; white-space: nowrap; overflow: hidden; border: 0; background: transparent; font-size: 12px; line-height: 1; text-align: center; font-weight: bold; }
+.dd-item > button:before { content: '+'; display: block; position: absolute; width: 100%; text-align: center; text-indent: 0; }
+.dd-item > button[data-action="collapse"]:before { content: '-'; }
+
+.dd-placeholder,
+.dd-empty { margin: 5px 0; padding: 0; min-height: 30px; background: #f2fbff; border: 1px dashed #b6bcbf; box-sizing: border-box; -moz-box-sizing: border-box; }
+.dd-empty { border: 1px dashed #bbb; min-height: 100px; background-color: #e5e5e5;
+    background-image: -webkit-linear-gradient(45deg, #fff 25%, transparent 25%, transparent 75%, #fff 75%, #fff), -webkit-linear-gradient(45deg, #fff 25%, transparent 25%, transparent 75%, #fff 75%, #fff);
+    background-image:    -moz-linear-gradient(45deg, #fff 25%, transparent 25%, transparent 75%, #fff 75%, #fff),    -moz-linear-gradient(45deg, #fff 25%, transparent 25%, transparent 75%, #fff 75%, #fff);
+    background-image:         linear-gradient(45deg, #fff 25%, transparent 25%, transparent 75%, #fff 75%, #fff),         linear-gradient(45deg, #fff 25%, transparent 25%, transparent 75%, #fff 75%, #fff);
+    background-size: 60px 60px;
+    background-position: 0 0, 30px 30px;
+}
+
+.dd-dragel { position: absolute; pointer-events: none; z-index: 9999; }
+.dd-dragel > .dd-item .dd-handle { margin-top: 0; }
+.dd-dragel .dd-handle {
+    -webkit-box-shadow: 2px 4px 6px 0 rgba(0,0,0,.1);
+            box-shadow: 2px 4px 6px 0 rgba(0,0,0,.1);
+}
+
+/**
+ * Nestable Extras
+ */
+
+.nestable-lists { display: block; clear: both; padding: 30px 0; width: 100%; border: 0; border-top: 2px solid #ddd; border-bottom: 2px solid #ddd; }
+
+#categories-menu { padding: 0; margin: 20px 0; }
+
+#categories-output,
+#categories2-output { width: 100%; height: 7em; font-size: 0.75em; line-height: 1.333333em; font-family: Consolas, monospace; padding: 5px; box-sizing: border-box; -moz-box-sizing: border-box; }
+
+#categories2 .dd-handle {
+    color: #fff;
+    border: 1px solid #999;
+    background: #bbb;
+    background: -webkit-linear-gradient(top, #bbb 0%, #999 100%);
+    background:    -moz-linear-gradient(top, #bbb 0%, #999 100%);
+    background:         linear-gradient(top, #bbb 0%, #999 100%);
+}
+#categories2 .dd-handle:hover { background: #bbb; }
+#categories2 .dd-item > button:before { color: #fff; }
+
+@media only screen and (min-width: 700px) {
+
+    .dd { float: left; width: 48%; }
+    .dd + .dd { margin-left: 2%; }
+
+}
+
+.dd-hover > .dd-handle { background: #2ea8e5 !important; }
+
+/**
+ * Nestable Draggable Handles
+ */
+
+.dd3-content { display: block; height: 30px; margin: 5px 0; padding: 5px 10px 5px 40px; color: #333; text-decoration: none; font-weight: bold; border: 1px solid #ccc;
+    background: #fafafa;
+    background: -webkit-linear-gradient(top, #fafafa 0%, #eee 100%);
+    background:    -moz-linear-gradient(top, #fafafa 0%, #eee 100%);
+    background:         linear-gradient(top, #fafafa 0%, #eee 100%);
+    -webkit-border-radius: 3px;
+            border-radius: 3px;
+    box-sizing: border-box; -moz-box-sizing: border-box;
+}
+.dd3-content:hover { color: #2ea8e5; background: #fff; }
+
+.dd-dragel > .dd3-item > .dd3-content { margin: 0; }
+
+.dd3-item > button { margin-left: 30px; }
+
+.dd3-handle { position: absolute; margin: 0; left: 0; top: 0; cursor: pointer; width: 30px; text-indent: 100%; white-space: nowrap; overflow: hidden;
+    border: 1px solid #aaa;
+    background: #ddd;
+    background: -webkit-linear-gradient(top, #ddd 0%, #bbb 100%);
+    background:    -moz-linear-gradient(top, #ddd 0%, #bbb 100%);
+    background:         linear-gradient(top, #ddd 0%, #bbb 100%);
+    border-top-right-radius: 0;
+    border-bottom-right-radius: 0;
+}
+.dd3-handle:before { content: '≡'; display: block; position: absolute; left: 0; top: 3px; width: 100%; text-align: center; text-indent: 0; color: #fff; font-size: 20px; font-weight: normal; }
+.dd3-handle:hover { background: #ddd; }

data/app/controllers/caboose/login_controller.rb

@@ -31,7 +31,7 @@ module Caboose
         else          
           bouncer_class = Caboose::authenticator_class.constantize
           bouncer = bouncer_class.new
-          login_resp = bouncer.authenticate(username, password, @site)
+          login_resp = bouncer.authenticate(username, password, @site, request)
           
           if login_resp.error
             resp.error = login_resp.error

data/app/controllers/caboose/login_logs_controller.rb

@@ -0,0 +1,34 @@
+
+module Caboose
+  class LoginLogsController < ApplicationController
+    layout 'caboose/admin'
+      
+    def before_action
+      @page = Page.page_with_uri(request.host_with_port, '/admin')
+    end
+            
+    # GET /admin/login-logs
+    def index
+      return if !user_is_allowed('users', 'view')
+      
+      @gen = PageBarGenerator.new(params, {
+          'site_id'            => @site.id,
+          'username_like'      => '',
+          'user_id'            => '',
+          'date_attempted_lte' => '',
+          'date_attempted_gte' => '',
+          'ip_like'            => '',        
+          'success'            => ''              
+    		},{
+    		  'model'          => 'Caboose::LoginLog',
+    	    'sort'			     => 'date_attempted',
+    		  'desc'			     => false,
+    		  'base_url'		   => '/admin/login-logs',
+    		  'use_url_params' => false
+    	})
+    	@logs = @gen.items
+    end       
+    
+  end
+end
+

data/app/controllers/caboose/media_categories_controller.rb

@@ -16,7 +16,7 @@ module Caboose
       tree = Caboose::MediaCategory.flat_tree(@site.id, prefix)
       render :json => tree
     end
-    
+            
     # GET /admin/media-categories/options
     def admin_options
       return unless user_is_allowed('mediacategories', 'view')
@@ -25,6 +25,12 @@ module Caboose
       options = tree.collect{ |mc| { 'value' => mc[:id], 'text' => mc[:name] }}
       render :json => options
     end
+    
+    # GET /admin/media-categories/tree
+    def admin_tree
+      return unless user_is_allowed('mediacategories', 'view')      
+      render :json => Caboose::MediaCategory.tree_hash(@site.id)
+    end
 
     # POST /admin/media-categories
     def admin_add

data/app/controllers/caboose/social_controller.rb

@@ -35,6 +35,7 @@ module Caboose
           when 'google_plus_url'      then sc.google_plus_url      = value
           when 'linkedin_url'         then sc.linkedin_url         = value
           when 'google_analytics_id'  then sc.google_analytics_id  = value
+          when 'google_analytics_id2' then sc.google_analytics_id2 = value
           when 'auto_ga_js'           then sc.auto_ga_js           = value
     	  end
     	end

data/app/controllers/caboose/users_controller.rb

@@ -179,7 +179,8 @@ module Caboose
           when 'zip'                  then user.zip                 = value
           when 'phone'                then user.phone               = value
           when 'fax'                  then user.fax                 = value
-          when 'utc_offset'           then user.utc_offset          = value.to_f        
+          when 'utc_offset'           then user.utc_offset          = value.to_f
+          when 'locked'               then user.locked              = value
     	  	when "password"			  
     	  	  confirm = params[:password2]
     	  		if (value != confirm)			

data/app/mailers/caboose/login_mailer.rb

@@ -4,6 +4,11 @@ module Caboose
     def forgot_password_email(user)
       @user = user
       mail(:to => user.email, :subject => "#{Caboose::website_name} Forgot Password")
+    end
+
+    def locked_account(user)
+      @user = user
+      mail(:to => user.email, :subject => "#{Caboose::website_name} Locked Account")
     end    
 
   end

data/app/models/caboose/authenticator.rb

@@ -1,40 +1,62 @@
 
-class Caboose::Authenticator
+module Caboose
+  class Authenticator
 
-  def authenticate(username, password, site = nil)
-    resp = Caboose::StdClass.new(
-      'error' => nil,
-      'user' => nil 
-    )
-    pass = Digest::SHA1.hexdigest(Caboose::salt + password)
-    
-    user = Caboose::User.where(:username => username, :site_id => site.id).first
-    user = Caboose::User.where(:email    => username, :site_id => site.id).first if user.nil?
-            
-    valid_credentials = false
-    if user && user.password == pass 
-      valid_credentials = true
-    elsif site      
-      mp = Caboose::Setting.where(:site_id => site.id, :name => 'master_password').first
-      mp = mp ? mp.value : nil
-      if mp && mp.strip.length > 0 && mp == pass
+    def authenticate(username, password, site = nil, request = nil)
+      resp = StdClass.new        
+      pass = Digest::SHA1.hexdigest(Caboose::salt + password)
+      
+      user = User.where(:username => username, :site_id => site.id).first
+      user = User.where(:email    => username, :site_id => site.id).first if user.nil?
+      
+      ll = LoginLog.new      
+      ll.username       = username      
+      ll.date_attempted = DateTime.now.utc                    
+      ll.user_id        = user.id           if user
+      ll.site_id        = user.site_id      if user
+      ll.ip             = request.remote_ip if request
+              
+      valid_credentials = false
+      if user && user.password == pass 
         valid_credentials = true
+        resp.user = user
+        ll.success = true      
+        
+      elsif user && user.password != pass
+        
+        fail_count = Caboose::LoginLog.fail_count(user)
+        if (fail_count+1) >= user.site.login_fail_lock_count
+          user.locked = true
+          user.save        
+          LoginMailer.locked_account(user).deliver
+          resp.error = "Too many failed login attempts. Your account has been locked and the site administrator has been notified."
+          ll.success = false
+        else
+          attempts_left = user.site.login_fail_lock_count - fail_count - 1
+          resp.error = "Invalid password. You have #{attempts_left} attempt#{attempts_left == 1 ? '' : 's'} left before your account is locked."
+          ll.success = false
+        end                      
+            
+      elsif site
+        
+        mp = Setting.where(:site_id => site.id, :name => 'master_password').first
+        mp = mp ? mp.value : nil
+        if mp && mp.strip.length > 0 && mp == pass
+          resp.user = user
+          ll.success = true
+        else
+          resp.error = "Invalid credentials"
+          ll.success = false
+        end
+        
+      else
+        resp.error = "Invalid credentials"
+        ll.success = false
       end
+      
+      ll.save        
+      return resp
     end
     
-    if valid_credentials
-      resp.user = user
-    else
-      resp.error = "Invalid credentials"
-    end
-    
-    #resp.user = Caboose::User.where(:username => username, :password => pass).first    
-    #if (resp.user.nil?)
-    #  resp.user = Caboose::User.where(:email => username, :password => pass).first
-    #end                
-    #resp.error = "Invalid credentials" if resp.user.nil?
-        
-    return resp
   end
-  
 end

data/app/models/caboose/login_log.rb

@@ -0,0 +1,22 @@
+
+class Caboose::LoginLog < ActiveRecord::Base
+  self.table_name = "login_logs"
+    
+  belongs_to :site, :class_name => 'Caboose::Site'
+  belongs_to :user, :class_name => 'Caboose::User'
+  
+  attr_accessible :id,  
+    :site_id        ,
+    :username       ,
+    :user_id        ,
+    :date_attempted ,
+    :ip             ,        
+    :success
+    
+  def self.fail_count(user)
+    last_successful_login = Caboose::LoginLog.where(:user_id => user.id, :success => true).reorder("date_attempted desc").first
+    id = last_successful_login ? last_successful_login.id : 1
+    return Caboose::LoginLog.where("user_id = ? and success = ? and id > ?", user.id, false, id).count    
+  end
+
+end

data/app/models/caboose/media_category.rb

@@ -50,6 +50,20 @@ class Caboose::MediaCategory < ActiveRecord::Base
     return arr
   end
   
+  def self.tree_hash(site_id)
+    top_cat = self.where(:parent_id => nil, :site_id => site_id).first
+    return self.tree_hash_helper(top_cat)        
+  end
+  
+  def self.tree_hash_helper(cat)
+    return {
+      :id => cat.id,
+      :name => cat.name,
+      :media_count => cat.media.count,
+      :children => cat.children.collect{ |kid| self.tree_hash_helper(kid) }
+    }
+  end
+  
   def is_ancestor_of?(cat)    
     if cat.is_a?(Integer) || cat.is_a?(String)
       cat_id = cat.to_i

data/app/models/caboose/schema.rb

@@ -325,6 +325,14 @@ class Caboose::Schema < Caboose::Utilities::Schema
         [ :modification_value_id  , :integer ],
         [ :input                  , :string  ]
       ],
+      Caboose::LoginLog => [
+        [ :site_id        , :integer  ],
+        [ :username       , :string   ],
+        [ :user_id        , :integer  ],
+        [ :date_attempted , :datetime ],
+        [ :ip             , :string   ],        
+        [ :success        , :boolean   , { :default => false }]      
+      ],
       Caboose::MediaCategory => [
         [ :parent_id         , :integer ],
         [ :site_id           , :integer ],
@@ -620,11 +628,12 @@ class Caboose::Schema < Caboose::Utilities::Schema
         [ :use_fonts               , :boolean     , { :default => true  }],
         [ :logo                    , :attachment ],        
         [ :is_master               , :boolean     , { :default => false }],
-        [ :analytics_id            , :string     ],
+        [ :analytics_id            , :string     ],        
         [ :use_retargeting         , :boolean     , { :default => false }],
         [ :date_js_updated         , :datetime   ],
         [ :date_css_updated        , :datetime   ],
-        [ :default_layout_id       , :integer    ]
+        [ :default_layout_id       , :integer    ],
+        [ :login_fail_lock_count   , :integer     , { :default => 5 }]
       ],
       Caboose::SiteMembership => [
         [ :site_id     , :integer ],
@@ -653,6 +662,7 @@ class Caboose::Schema < Caboose::Utilities::Schema
         [ :google_plus_url      , :string ],
         [ :linkedin_url         , :string ],
         [ :google_analytics_id  , :string ],
+        [ :google_analytics_id2 , :string ],
         [ :auto_ga_js           , :boolean , { :default => false }]
       ],
       Caboose::StackableGroup => [       
@@ -724,16 +734,17 @@ class Caboose::Schema < Caboose::Utilities::Schema
         [ :zip                  , :string     ],
         [ :phone                , :string     ],
         [ :fax                  , :string     ],        
-        [ :timezone             , :string     , { :default => 'Central Time (US & Canada)' }],        
+        [ :timezone             , :string      , { :default => 'Central Time (US & Canada)' }],        
         [ :password             , :string     ],
         [ :password_reset_id    , :string     ],
         [ :password_reset_sent  , :datetime   ],
         [ :token                , :string     ],
         [ :date_created         , :datetime   ],
         [ :image                , :attachment ],
-        [ :is_guest             , :boolean    , { :default => false }],
+        [ :is_guest             , :boolean     , { :default => false }],
         [ :customer_profile_id  , :string     ],
-        [ :payment_profile_id   , :string     ]
+        [ :payment_profile_id   , :string     ],
+        [ :locked               , :boolean     , { :default => false }]
       ],
       Caboose::Variant => [
         [ :product_id                    , :integer  ],
@@ -745,21 +756,21 @@ class Caboose::Schema < Caboose::Utilities::Schema
         [ :date_sale_starts              , :datetime ],
         [ :date_sale_ends                , :datetime ],
         [ :date_sale_end                 , :datetime ],        
-        [ :available                     , :boolean  ],
-        [ :quantity_in_stock             , :integer   , :default => 0 ],        
-        [ :ignore_quantity               , :boolean  ],
-        [ :allow_backorder               , :boolean  ],
+        [ :available                     , :boolean   , { :default => true  }],
+        [ :quantity_in_stock             , :integer   , { :default => 0     }],        
+        [ :ignore_quantity               , :boolean   , { :default => false }],
+        [ :allow_backorder               , :boolean   , { :default => false }],
         [ :weight                        , :decimal  ],
         [ :length                        , :decimal  ],
         [ :width                         , :decimal  ],
         [ :height                        , :decimal  ],
         [ :volume                        , :decimal  ],
-        [ :cylinder                      , :boolean  ],
+        [ :cylinder                      , :boolean   , { :default => false }],
         [ :option1                       , :string   ],
         [ :option2                       , :string   ],
         [ :option3                       , :string   ],
-        [ :requires_shipping             , :boolean  ],
-        [ :taxable                       , :boolean  ],        
+        [ :requires_shipping             , :boolean   , { :default => true  }],
+        [ :taxable                       , :boolean   , { :default => true  }],        
         [ :shipping_unit_value           , :numeric  ],
         [ :flat_rate_shipping            , :boolean   , { :default => false }],
         [ :flat_rate_shipping_package_id , :integer  ],
@@ -796,6 +807,8 @@ class Caboose::Schema < Caboose::Utilities::Schema
     #  end
     #  c.remove_column(:pages, :content)
     #end
+    
+    #c.change_column :store_variants, :taxable, :boolean
 
     admin_user = nil
     if !Caboose::User.exists?(:username => 'admin')

data/app/views/caboose/blocks/_ga.html.erb

@@ -23,5 +23,23 @@ if sc.auto_ga_js && sc.google_analytics_id
     ga('send', 'event'<% arr2.each do |x| %>, <%= raw Caboose.json(x) %><% end %>);
       <% end %>    
     <% end %>
+    <% if sc.google_analytics_id2 && sc.google_analytics_id2.strip.length > 0 %> 
+      ga('create', '<%= raw sc.google_analytics_id2 %>', 'auto', {'name': 'property2'});      
+      ga('property2.send', 'pageview');
+      <% if ga_events && ga_events.count > 0 %>    
+        <% ga_events.each do |arr| %>
+          <%
+          cat    = arr[0] ? arr[0] : nil 
+          action = arr[1] ? arr[1] : nil 
+          label  = arr[2] ? arr[2] : nil 
+          value  = arr[3] ? arr[3] : nil
+          arr2 = [cat, action]
+          arr2 << (label ? label : '') if label || (label.nil? && value)    
+          arr2 << value if value          
+          %>
+      ga('property2.send', 'event'<% arr2.each do |x| %>, <%= raw Caboose.json(x) %><% end %>);
+        <% end %>    
+      <% end %>
+    <% end %>    
   </script>
 <% end %>