card 1.96.0 → 1.96.1

data/lib/card.rb

@@ -144,9 +144,9 @@ class Card < ApplicationRecord
     :only_storage_phase,          # used to save subcards
     :changed_attributes,
     :skip,                        # skip event(s) for all cards in act
-    :skip_in_action,               # skip event for just this card
+    :skip_in_action,              # skip event for just this card
     :trigger,                     # trigger event(s) for all cards in act
-    :trigger_in_action             # trigger event for just this card
+    :trigger_in_action            # trigger event for just this card
   )
 
   alias_method :skip_event, :skip

data/lib/card/act_manager.rb

@@ -169,7 +169,7 @@ class Card
       # controller's params hash and the Card::Env's params hash with the
       # effect that params changes in the CardController get lost
       # (a crucial example are success params that are processed in
-      # CardController#update_params_for_success)
+      # CardController#soft_redirect)
       def contextualize_delayed_event act_id, card, env, auth
         if delaying?
           contextualize_for_delay(act_id, card, env, auth) { yield }

data/lib/card/env/success.rb

@@ -1,28 +1,40 @@
 class Card
   module Env
+    # Success objects
     class Success
       include Card::Env::Location
 
       attr_accessor :params, :redirect, :id, :name, :card, :name_context
 
-      def initialize name_context=nil, success_params=nil
+      def initialize name_context=nil, success_args=nil
         @name_context = name_context
         @new_args = {}
         @params = OpenStruct.new
-        case success_params
-        when Hash
-          apply(success_params)
+        self << normalize_success_args(success_args)
+      end
+
+      def in_context name_context
+        self.name_context = name_context
+        self
+      end
+
+      def normalize_success_args success_args
+        case success_args
+        when nil
+          self.mark = "_self"
+          {}
         when ActionController::Parameters
-          apply(success_params.to_unsafe_h)
-        when nil then  self.name = "_self"
-        else;  self.target = success_params
+          success_args.to_unsafe_h
+        else
+          success_args
         end
       end
 
       def << value
-        case value
-        when Hash then apply value
-        else; self.target = value
+        if value.is_a? Hash
+          apply value
+        else
+          self.target = value
         end
       end
 
@@ -35,6 +47,7 @@ class Card
         @redirect == :soft
       end
 
+      # TODO: refactor to use cardish
       def mark= value
         case value
         when Integer then @id = value
@@ -45,6 +58,7 @@ class Card
         end
       end
 
+      # @deprecated
       def id= id
         # for backwards compatibility use mark here.
         # id was often used for the card name
@@ -73,7 +87,6 @@ class Card
         when ""                     then ""
         when "*previous", :previous then :previous
         when %r{^(http|/)}          then value
-        when /^TEXT:\s*(.+)/        then Regexp.last_match(1)
         when /^REDIRECT:\s*(.+)/
           @redirect = true
           process_target Regexp.last_match(1)
@@ -81,8 +94,8 @@ class Card
         end
       end
 
-      def apply args
-        args.each_pair do |key, value|
+      def apply hash
+        hash.each_pair do |key, value|
           self[key] = value
         end
       end

data/lib/card/format/nest/fetch.rb

@@ -19,10 +19,15 @@ class Card
         def not_found_codename cardish
           @view = :not_found
           c = Card.new name: Array.wrap(cardish).join(Card::Name.joint).to_s
-          c.errors.add :codename, "unknown codename in #{cardish}"
+          c.errors.add :codename, not_found_codename_error(cardish)
           c
         end
 
+        def not_found_codename_error codename
+          ::I18n.t :exception_unknown_codename, codename: codename,
+                                                scope: "lib.card.codename"
+        end
+
         def new_card cardish
           view_opts[:nest_name] = Card::Name[cardish].to_s
           Card.fetch cardish, new: new_card_args

data/lib/card/migration/import/import_data/card_content.rb

@@ -20,7 +20,7 @@ class Card
           end
 
           def content_path data
-            filename = data[:key] || data[:name].to_name.key
+            filename = (data[:key] || data[:name]).to_name.safe_key
             File.join @card_content_dir, filename
           end
         end

data/mod/account/set/right/account.rb

@@ -8,6 +8,68 @@ card_accessor :salt
 card_accessor :status
 card_accessor :token
 
+#### ON CREATE
+
+# legal to add +*account card
+event :validate_accountability, :prepare_to_validate, on: :create do
+  errors.add :content, tr(:error_not_allowed) unless left&.accountable?
+end
+
+event :require_email, :prepare_to_validate,
+      after: :validate_accountability, on: :create do
+  errors.add :email, "required" unless subfield(:email)
+end
+
+event :set_default_salt, :prepare_to_validate, on: :create do
+  salt = Digest::SHA1.hexdigest "--#{Time.zone.now}--"
+  Env[:salt] = salt # HACK!!! need viable mechanism to get this to password
+  add_subfield :salt, content: salt
+end
+
+event :set_default_status, :prepare_to_validate, on: :create do
+  default_status = Auth.needs_setup? ? "active" : "pending"
+  add_subfield :status, content: default_status
+end
+
+event :generate_confirmation_token,
+      :prepare_to_store, on: :create, when: :can_approve? do
+  add_subfield :token, content: generate_token
+end
+
+event :send_account_verification_email, :integrate,
+      on: :create, when: proc { |c| c.token.present? } do
+  Card[:verification_email].deliver self, to: email
+end
+
+# ON UPDATE
+
+# reset password emails contain a link to update the +*account card
+# and trigger this event
+event :reset_password, :prepare_to_validate, on: :update, trigger: :required do
+  reset_password_with_token Env.params[:token]
+end
+
+# STANDALONE EVENTS
+# only triggered when called directly (as methods)
+
+event :reset_token do
+  token = generate_token
+  Auth.as_bot { token_card.update_attributes! content: token }
+  token
+end
+
+event :send_welcome_email do
+  welcome = Card[:welcome_email]
+  welcome.deliver self, to: email if welcome&.type_code == :email_template
+end
+
+event :send_reset_password_token do
+  Auth.as_bot do
+    token_card.update_attributes! content: generate_token
+  end
+  Card[:password_reset_email].deliver self, to: email
+end
+
 def active?
   status == "active"
 end
@@ -31,6 +93,19 @@ def validate_token! test_token
   errors.empty?
 end
 
+def reset_password_with_token token
+  aborting do
+    if !token
+      errors.add :token, "is required"
+    elsif !validate_token!(token)
+      # FIXME: isn't this an error??
+      success << reset_password_try_again
+    else
+      success << reset_password_success
+    end
+  end
+end
+
 def refreshed_token
   if token_card.id
     token_card.refresh(true).db_content # TODO: explain why refresh is needed
@@ -39,9 +114,43 @@ def refreshed_token
   end
 end
 
+def can_approve?
+  Card.new(type_id: Card.default_accounted_type_id).ok? :create
+end
+
+def ok_to_read
+  own_account? ? true : super
+end
+
+def reset_password_success
+  token_card.used!
+  Auth.signin left_id
+  { id: left.name,
+    view: :related,
+    slot: { items: { nest_name: :account.cardname.prepend_joint,
+                     view: :edit } } }
+end
+
+def reset_password_try_again
+  send_reset_password_token
+  { id: "_self",
+    view: "message",
+    message: tr(:sorry_email_reset, error_msg: errors.first.last) }
+end
+
+# FIXME: explain or remove.
+def edit_password_success_args; end
+
+def changes_visible? act
+  act.actions_affecting(act.card).each do |action|
+    return true if action.card.ok? :read
+  end
+  false
+end
+
 format do
   view :verify_url, cache: :never do
-    card_url path({ mark: card.name.left }.merge(token_path_opts))
+    card_url path(token_path_opts.merge(mark: card.name.left))
   end
 
   view :verify_days, cache: :never do
@@ -49,16 +158,16 @@ format do
   end
 
   view :reset_password_url do
-    card_url path({ mark: card, event: :reset_password }.merge(token_path_opts))
-  end
-
-  def token_path_opts
-    { action: :update, live_token: true, token: card.refreshed_token }
+    card_url path(token_path_opts.merge(card: { trigger: :reset_password }))
   end
 
   view :reset_password_days do
     (Card.config.token_expiry / 1.day).to_s
   end
+
+  def token_path_opts
+    { action: :update, live_token: true, token: card.refreshed_token }
+  end
 end
 
 format :html do
@@ -84,101 +193,6 @@ format :html do
   end
 end
 
-event :validate_accountability, :prepare_to_validate, on: :create do
-  unless left && left.accountable?
-    errors.add :content, tr(:error_not_allowed)
-  end
-end
-
-event :require_email, :prepare_to_validate,
-      after: :validate_accountability, on: :create do
-  errors.add :email, "required" unless subfield(:email)
-end
-
-event :set_default_salt, :prepare_to_validate, on: :create do
-  salt = Digest::SHA1.hexdigest "--#{Time.zone.now}--"
-  Env[:salt] = salt # HACK!!! need viable mechanism to get this to password
-  add_subfield :salt, content: salt
-end
-
-event :set_default_status, :prepare_to_validate, on: :create do
-  default_status = Auth.needs_setup? ? "active" : "pending"
-  add_subfield :status, content: default_status
-end
-
-def can_approve?
-  Card.new(type_id: Card.default_accounted_type_id).ok? :create
-end
-
-event :generate_confirmation_token,
-      :prepare_to_store, on: :create, when: :can_approve? do
-  add_subfield :token, content: generate_token
-end
-
-event :reset_password,
-      :prepare_to_validate, on: :update, when: :reset_password? do
-  valid = validate_token! @env_token
-  success << (valid ? reset_password_success : reset_password_try_again)
-  abort :success
-end
-
-def reset_password_success
-  token_card.used!
-  Auth.signin left_id
-  { id: left.name,
-    view: :related,
-    slot: { items: { nest_name: :account.cardname.prepend_joint,
-                     view: :edit } } }
-end
-
-def reset_password_try_again
-  send_reset_password_token
-  { id: "_self",
-    view: "message",
-    message: tr(:sorry_email_reset, error_msg: errors.first.last) }
-end
-
-def edit_password_success_args; end
-
-def reset_password?
-  @env_token = Env.params[:token]
-  @env_token && Env.params[:event] == "reset_password"
-end
-
-event :reset_token do
-  Auth.as_bot do
-    token_card.update_attributes! content: generate_token
-  end
-end
-
-event :send_welcome_email do
-  welcome = Card[:welcome_email]
-  welcome.deliver self, to: email if welcome&.type_code == :email_template
-end
-
-event :send_account_verification_email, :integrate,
-      on: :create, when: proc { |c| c.token.present? } do
-  Card[:verification_email].deliver self, to: email
-end
-
-event :send_reset_password_token do
-  Auth.as_bot do
-    token_card.update_attributes! content: generate_token
-  end
-  Card[:password_reset_email].deliver self, to: email
-end
-
-def ok_to_read
-  own_account? ? true : super
-end
-
-def changes_visible? act
-  act.actions_affecting(act.card).each do |action|
-    return true if action.card.ok? :read
-  end
-  false
-end
-
 format :email do
   def mail context, fields
     super context, fields.reverse_merge(to: card.email)

data/mod/account/set/self/signin.rb

@@ -1,8 +1,93 @@
+
+# The Sign In card manages logging in and out of the site.
+#
+# /:signin (core view) gives the login ui
+# /:signin?view=edit gives the forgot password ui
+
+# /update/:signin is the login action
+# /delete/:signin is the logout action
+
+# authentication event
+event :signin, :validate, on: :update do
+  email = subfield :email
+  email &&= email.content
+  pword = subfield :password
+  pword &&= pword.content
+
+  authenticate_or_abort email, pword
+end
+
+# abort after successful signin (do not save card)
+event :signin_success, after: :signin do
+  abort :success
+end
+
+event :signout, :validate, on: :delete do
+  Auth.signin nil
+  abort :success
+end
+
+# triggered by clicking "Reset my Password", this sends out the verification password
+# and aborts (does not sign in)
+event :send_reset_password_token, before: :signin, on: :update, trigger: :required do
+  email = subfield(:email)&.content
+  account = Auth.find_account_by_email email
+  send_reset_password_email_or_fail account
+end
+
 def consider_recaptcha?
   false
 end
 
+def i18n_signin key
+  I18n.t key, scope: "mod.account.set.self.signin"
+end
+
+def authenticate_or_abort email, pword
+  abort :failure, i18n_signin(:abort_bad_signin_args) unless email && pword
+  if (account = Auth.authenticate(email, pword))
+    Auth.signin account.left_id
+  else
+    account = Auth.find_account_by_email email
+    errors.add :signin, signin_error_message(account)
+    abort :failure
+  end
+end
+
+def signin_error_message account
+  case
+  when account.nil?     then i18n_signin(:error_unknown_email)
+  when !account.active? then i18n_signin(:error_not_active)
+  else                       i18n_signin(:error_wrong_password)
+  end
+end
+
+def send_reset_password_email_or_fail account
+  aborting do
+    if account && account.active?
+      account.send_reset_password_token
+    elsif account
+      errors.add :account, i18n_signin(:error_not_active)
+    else
+      errors.add :email, i18n_signin(:error_not_recognized)
+    end
+  end
+end
+
 format :html do
+  view :core, cache: :never do
+    voo.edit_structure = [signin_field(:email), signin_field(:password)]
+    with_nest_mode :edit do
+      card_form :update, recaptcha: :off do
+        [
+          hidden_signin_fields,
+          _render_content_formgroup,
+          _render_signin_buttons
+        ]
+      end
+    end
+  end
+
   view :open do
     voo.show :help
     super()
@@ -23,21 +108,9 @@ format :html do
     ""
   end
 
-  view :core, cache: :never do
-    voo.edit_structure = [signin_field(:email), signin_field(:password)]
-    with_nest_mode :edit do
-      card_form :update, recaptcha: :off do
-        [
-          hidden_signin_fields,
-          _render_content_formgroup,
-          _render_signin_buttons
-        ]
-      end
-    end
-  end
-
-  def hidden_signin_fields
-    hidden_field_tag :success, "REDIRECT: #{Env.interrupted_action || '*previous'}"
+  view :reset_password_success do
+    # 'Check your email for a link to reset your password'
+    frame { I18n.t(:check_email, scope: "mod.account.set.self.signin") }
   end
 
   view :signin_buttons do
@@ -46,6 +119,23 @@ format :html do
     end
   end
 
+  # FORGOT PASSWORD
+  view :edit do
+    voo.title ||= card.i18n_signin(:forgot_password)
+    voo.edit_structure = [signin_field(:email)]
+    voo.hide :help
+    Auth.as_bot { super() }
+  end
+
+  view :edit_buttons do
+    text = I18n.t :reset_my_password, scope: "mod.account.set.self.signin"
+    button_tag text, situation: "primary"
+  end
+
+  def hidden_signin_fields
+    hidden_field_tag :success, "REDIRECT: #{Env.interrupted_action || '*previous'}"
+  end
+
   def signin_button
     text = I18n.t :sign_in, scope: "mod.account.set.self.signin"
     button_tag text, situation: "primary"
@@ -63,96 +153,16 @@ format :html do
     raw("<div style='float:right'>#{reset_link}</div>")
   end
 
-  # FORGOT PASSWORD
-  view :edit do
-    voo.title ||= card.i18n_signin(:forgot_password)
-    voo.edit_structure = [signin_field(:email)]
-    voo.hide :help
-    Auth.as_bot { super() }
-  end
-
   def edit_view_hidden
     hidden_tags(
-      reset_password: true,
+      card: { trigger: :send_reset_password_token },
       success: { view: :reset_password_success }
     )
   end
 
-  view :edit_buttons do
-    text = I18n.t :reset_my_password, scope: "mod.account.set.self.signin"
-    button_tag text, situation: "primary"
-  end
-
   def signin_field name
     nest_name = "".to_name.trait(name)
     [nest_name, { title: name.to_s, view: "titled",
                   nest_name: nest_name, skip_perms: true }]
   end
-
-  view :reset_password_success do
-    # 'Check your email for a link to reset your password'
-    frame { I18n.t(:check_email, scope: "mod.account.set.self.signin") }
-  end
-end
-
-event :signin, :validate, on: :update do
-  email = subfield :email
-  email &&= email.content
-  pword = subfield :password
-  pword &&= pword.content
-
-  authenticate_or_abort email, pword
-end
-
-def authenticate_or_abort email, pword
-  abort :failure, i18n_signin(:abort_bad_signin_args) unless email && pword
-  if (account = Auth.authenticate(email, pword))
-    Auth.signin account.left_id
-  else
-    account = Auth.find_account_by_email email
-    errors.add :signin, signin_error_message(account)
-    abort :failure
-  end
-end
-
-def signin_error_message account
-  case
-  when account.nil?     then i18n_signin(:error_unknown_email)
-  when !account.active? then i18n_signin(:error_not_active)
-  else                       i18n_signin(:error_wrong_password)
-  end
-end
-
-def i18n_signin key
-  I18n.t key, scope: "mod.account.set.self.signin"
-end
-
-event :signin_success, after: :signin do
-  abort :success
-end
-
-event :send_reset_password_token, before: :signin, on: :update,
-                                  when: proc { Env.params[:reset_password] } do
-  email = subfield :email
-  email &&= email.content
-
-  account = Auth.find_account_by_email email
-  send_reset_password_email_or_fail account
-end
-
-def send_reset_password_email_or_fail account
-  if account && account.active?
-    account.send_reset_password_token
-    abort :success
-  elsif account
-    errors.add :account, i18n_signin(:error_not_active)
-  else
-    errors.add :email, i18n_signin(:error_not_recognized)
-  end
-  abort :failure
-end
-
-event :signout, :validate, on: :delete do
-  Auth.signin nil
-  abort :success
 end