ditty 0.6.0 → 0.7.0.pre.rc1

data/lib/ditty/controllers/users.rb

@@ -131,6 +131,7 @@ module Ditty
     # Profile
     get '/profile' do
       entity = current_user
+      halt 404 unless entity
       authorize entity, :read
 
       haml :"#{view_location}/profile", locals: { entity: entity, identity: entity.identity.first, title: 'My Account' }

data/lib/ditty/helpers/component.rb

@@ -2,6 +2,7 @@
 
 require 'active_support'
 require 'active_support/inflector'
+require 'active_support/core_ext/object/blank'
 require 'will_paginate/array'
 
 module Ditty
@@ -9,18 +10,38 @@ module Ditty
     module Component
       include ActiveSupport::Inflector
 
+      # param :count, Integer, min: 1, default: 10 # Can't do this, since count can be `all`
+      def check_count
+        return 10 if params[:count].nil?
+        count = params[:count].to_i
+        return count if count >= 1
+        excp = Sinatra::Param::InvalidParameterError.new 'Parameter cannot be less than 1'
+        excp.param = :count
+        raise excp
+      end
+
       def dataset
-        search(filtered(policy_scope(settings.model_class)))
+        ds = policy_scope(settings.model_class)
+        ds = ds.where Sequel.|(*search_filters) unless search_filters.blank?
+        ds = ds.order ordering unless ordering.blank?
+        filtered(ds)
       end
 
       def list
-        count = params['count'] || 10
-        page = params['page'] || 1
+        param :q, String
+        param :page, Integer, min: 1, default: 1
+        param :sort, String
+        param :order, String, in: %w[asc desc], transform: :downcase, default: 'asc'
+        # TODO: Can we dynamically validate the search / filter fields?
+
+        ds = dataset
+        ds = ds.dataset if ds.respond_to?(:dataset)
+        return ds if params[:count] == 'all'
+        params[:count] = check_count
 
-        ds = dataset.respond_to?(:dataset) ? dataset.dataset : dataset
-        return ds if count == 'all'
         # Account for difference between sequel paginate and will paginate
-        ds.is_a?(Array) ? ds.paginate(page: page.to_i, per_page: count.to_i) : ds.paginate(page.to_i, count.to_i)
+        return ds.paginate(page: params[:page], per_page: params[:count]) if ds.is_a?(Array)
+        ds.paginate(params[:page], params[:count])
       end
 
       def heading(action = nil)
@@ -39,7 +60,7 @@ module Ditty
         settings.dehumanized || underscore(heading)
       end
 
-      def filters
+      def filter_fields
         self.class.const_defined?('FILTERS') ? self.class::FILTERS : []
       end
 
@@ -47,21 +68,32 @@ module Ditty
         self.class.const_defined?('SEARCHABLE') ? self.class::SEARCHABLE : []
       end
 
-      def filtered(dataset)
+      def filtered(ds)
         filters.each do |filter|
-          next if [nil, ''].include? params[filter[:name].to_s]
-          filter[:field] ||= filter[:name]
-          filter[:modifier] ||= :to_s
-          dataset = apply_filter(dataset, filter)
+          ds = apply_filter(ds, filter)
         end
-        dataset
+        ds
       end
 
-      def apply_filter(dataset, filter)
-        value = params[filter[:name].to_s].send(filter[:modifier])
-        return dataset.where(filter[:field] => value) unless filter[:field].to_s.include? '.'
+      def filters
+        filter_fields.map do |filter|
+          next if params[filter[:name]].blank?
+          filter[:field] ||= filter[:name]
+          filter[:modifier] ||= :to_s # TODO: Do this with Sinatra Param?
+          filter
+        end.compact
+      end
 
-        dataset.where(filter_field(filter) => filter_value(filter))
+      def ordering
+        return if params[:sort].blank?
+        Sequel.send(params[:order].to_sym, params[:sort].to_sym)
+      end
+
+      def apply_filter(ds, filter)
+        value = params[filter[:name]].send(filter[:modifier])
+        return ds.where(filter[:field] => value) unless filter[:field].to_s.include? '.'
+
+        ds.where(filter_field(filter) => filter_value(filter))
       end
 
       def filter_field(filter)
@@ -84,13 +116,9 @@ module Ditty
       end
 
       def search_filters
+        return [] if params[:q].blank?
         searchable_fields.map { |f| Sequel.ilike(f.to_sym, "%#{params[:q]}%") }
       end
-
-      def search(dataset)
-        return dataset if ['', nil].include?(params['q']) || search_filters == []
-        dataset.where Sequel.|(*search_filters)
-      end
     end
   end
 end

data/lib/ditty/helpers/response.rb

@@ -43,6 +43,7 @@ module Ditty
           format.html do
             actions = {}
             actions["#{base_path}/#{entity.id}/edit"] = "Edit #{heading}" if policy(entity).update?
+            actions["#{base_path}/new"] = "New #{heading}" if policy(entity).create?
             title = heading(:read) + (entity.respond_to?(:name) ? ": #{entity.name}" : '')
             haml :"#{view_location}/display",
                  locals: { entity: entity, title: title, actions: actions },

data/lib/ditty/helpers/views.rb

@@ -104,6 +104,16 @@ module Ditty
         }
         haml :'partials/pager', locals: locals
       end
+
+      def display(value, type = :string)
+        if [true, false].include?(value) || type.to_sym == :boolean
+          value ? 'Yes' : 'No'
+        elsif value.nil? || type.to_sym == :nil
+          '(Empty)'
+        else
+          value
+        end
+      end
     end
   end
 end

data/lib/ditty/listener.rb

@@ -17,7 +17,7 @@ module Ditty
     end
 
     def method_missing(method, *args)
-      return unless args[0].is_a?(Hash) && args[0][:target] && args[0][:target].settings.track_actions
+      return unless args[0].is_a?(Hash) && args[0][:target].is_a?(Sinatra::Base) && args[0][:target].settings.track_actions
 
       log_action({
         user: args[0][:target].current_user,

data/lib/ditty/middleware/accept_extension.rb

@@ -0,0 +1,31 @@
+module Ditty
+  module Middleware
+    # Allow requests to be responded to in JSON if the URL has .json at the end.
+    # The regex and the content_type can be customized to allow for other formats.
+    # Some inspiration from https://gist.github.com/tstachl/6264249
+    class AcceptExtension
+      attr_reader :env, :regex, :content_type
+
+      def initialize(app, regex = /\A(.*)\.json(\/?)\Z/, content_type = 'application/json')
+        # @mutex = Mutex.new
+        @app = app
+        @regex = regex
+        @content_type = content_type
+      end
+
+      def call(env)
+        @env = env
+
+        request = Rack::Request.new(env)
+        if request.path =~ regex
+          request.path_info = request.path_info.gsub(regex, '\1\2')
+          env = request.env
+          env['ACCEPT'] = content_type
+          env['CONTENT_TYPE'] = content_type
+        end
+
+        @app.call env
+      end
+    end
+  end
+end

data/lib/ditty/models/user.rb

@@ -15,7 +15,7 @@ module Ditty
     one_to_many :audit_logs
 
     def role?(check)
-      @roles ||= Hash.new do |h,k|
+      @roles ||= Hash.new do |h, k|
         h[k] = !roles_dataset.first(name: k).nil?
       end
       @roles[check]
@@ -56,10 +56,6 @@ module Ditty
       add_role Role.find_or_create(name: 'user')
     end
 
-    def index_prefix
-      email
-    end
-
     def username
       identity_dataset.first.username
     end

data/lib/ditty/policies/identity_policy.rb

@@ -4,8 +4,16 @@ require 'ditty/policies/application_policy'
 
 module Ditty
   class IdentityPolicy < ApplicationPolicy
-    def register?
-      !['1', 1, 'true', true, 'yes'].include? ENV['DITTY_REGISTERING_DISABLED']
+    def login?
+      true
+    end
+
+    def forgot_password?
+      true
+    end
+
+    def reset_password?
+      record.new? || (record.reset_requested && record.reset_requested > (Time.now - (24 * 60 * 60)))
     end
 
     def permitted_attributes

data/lib/ditty/policies/user_policy.rb

@@ -4,6 +4,11 @@ require 'ditty/policies/application_policy'
 
 module Ditty
   class UserPolicy < ApplicationPolicy
+    def register?
+      # TODO: Check email domain against settings
+      !['1', 1, 'true', true, 'yes'].include? ENV['DITTY_REGISTERING_DISABLED']
+    end
+
     def create?
       user && user.super_admin?
     end
@@ -34,8 +39,10 @@ module Ditty
       def resolve
         if user && user.super_admin?
           scope
-        else
+        elsif user
           scope.where(id: user.id)
+        else
+          scope.where(id: -1)
         end
       end
     end

data/lib/ditty/services/authentication.rb

@@ -1,11 +1,13 @@
 require 'ditty/models/identity'
-require 'ditty/controllers/main'
+require 'ditty/controllers/auth'
 require 'ditty/services/settings'
 require 'ditty/services/logger'
 
 require 'omniauth'
 OmniAuth.config.logger = Ditty::Services::Logger.instance
+OmniAuth.config.path_prefix = "#{Ditty::Application.map_path}/auth"
 OmniAuth.config.on_failure = proc { |env|
+  next [400, {}, []] if env['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest'
   OmniAuth::FailureEndpoint.new(env).redirect_to_failure
 }
 
@@ -13,13 +15,21 @@ module Ditty
   module Services
     module Authentication
       class << self
+        def [](key)
+          config[key]
+        end
+
         def providers
-          config.keys
+          config.compact.keys
         end
 
         def setup
           providers.each do |provider|
-            require "omniauth/#{provider}"
+            begin
+              require "omniauth/#{provider}"
+            rescue LoadError
+              require "omniauth-#{provider}"
+            end
           end
         end
 
@@ -37,13 +47,12 @@ module Ditty
               arguments: [
                 {
                   fields: [:username],
-                  callback_path: '/auth/identity/callback',
                   model: Ditty::Identity,
-                  on_login: Ditty::Main,
-                  on_registration: Ditty::Main,
+                  on_login: Ditty::Auth,
+                  on_registration: Ditty::Auth,
                   locate_conditions: ->(req) { { username: req['username'] } }
                 }
-              ],
+              ]
             }
           }
         end

data/lib/ditty/services/logger.rb

@@ -9,6 +9,9 @@ require 'active_support/core_ext/object/blank'
 
 module Ditty
   module Services
+    # This is the central logger for Ditty. It can be configured to log to
+    # multiple endpoints through Ditty Settings. The default configuration is to
+    # send logs to $stdout
     class Logger
       include Singleton
 
@@ -21,9 +24,7 @@ module Ditty
           klass = values[:class].constantize
           opts = tr(values[:options]) || nil
           logger = klass.new(opts)
-          if values[:level]
-            logger.level = klass.const_get(values[:level].to_sym)
-          end
+          logger.level = klass.const_get(values[:level].to_sym) if values[:level]
           @loggers << logger
         end
       end

data/lib/ditty/services/settings.rb

@@ -7,6 +7,14 @@ require 'active_support/core_ext/hash/keys'
 
 module Ditty
   module Services
+    # This is the central settings service Ditty. It is used to get the settings
+    # for various aspects of Ditty, and can also be used to configure your own
+    # application.
+    #
+    # It has the concept of sections which can either be included in the main
+    # settings.yml file, or as separate files in the `config` folder. The values
+    # in separate files will be used in preference of those in the `settings.yml`
+    # file.
     module Settings
       CONFIG_FOLDER = './config'.freeze
       CONFIG_FILE = "#{CONFIG_FOLDER}/settings.yml".freeze

data/lib/ditty/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Ditty
-  VERSION = '0.6.0'.freeze
+  VERSION = '0.7.0-rc1'.freeze
 end

data/views/400.haml

@@ -0,0 +1,2 @@
+%p.lead
+  The input you provided is invalid. Please check it and try again.

data/views/{identity/forgot.haml → auth/forgot_password.haml}

@@ -5,7 +5,7 @@
       .panel-body
         %p.text-center
           Enter your email address and we will send you a link to reset your password if you've registered on the system.
-        %form.form-horizontal{ method: 'post', action: "#{settings.map_path}/auth/identity/forgot" }
+        = form_tag("#{settings.map_path}/auth/forgot-password") do
           .form-group
             .col-sm-12
               %input.form-control{ name: 'email', type: 'text', placeholder: 'Enter your email address' }

data/views/auth/identity.haml

@@ -0,0 +1,15 @@
+= form_tag("#{settings.map_path}/auth/identity/callback", attributes: { class: '' }) do
+  .form-group
+    %label.control-label Email
+    %input.form-control.border-input{ name: 'username', tabindex: '1' }
+  .form-group
+    %label.control-label{ style: 'display: block' }
+      Password
+      %a{ href: "#{settings.map_path}/auth/forgot-password", style: 'float: right', tabindex: '5' }
+        Forgot?
+    %input.form-control.border-input{ name: 'password', type: 'password', tabindex: '2' }
+  %button.btn.btn-primary{ type: 'submit', tabindex: '3' } Log In
+  - if policy(::Ditty::User).register?
+    .pull-right
+      No account yet?
+      %a.btn.btn-default{ href: "#{settings.map_path}/auth/register", tabindex: '4' } Register

data/views/auth/login.haml

@@ -0,0 +1,18 @@
+.row
+  .col-sm-2
+  .col-sm-8
+    .panel.panel-default
+      .panel-body
+        - if Ditty::Services::Authentication.provides? 'identity'
+          = haml :'auth/identity'
+          .row
+            .col-sm-12= " "
+        .row
+          .col-sm-8.col-sm-push-2
+            - Ditty::Services::Authentication.providers.each do |name|
+              - provider = Ditty::Services::Authentication[name]
+              - next if provider[:login_prompt].nil?
+              %a.btn.btn-block.btn-default{ href: "#{settings.map_path}/auth/#{name}" }
+                %i.fa{ class: "fa-#{provider[:icon] || 'key'}"}
+                = provider[:login_prompt]
+  .col-sm-2

data/views/auth/register.haml

@@ -0,0 +1,19 @@
+/ TODO: How can we detect a google registration? Extra parameter to the callback? Or a custom callback page?
+.row
+  .col-md-2
+  .col-md-8
+    .panel.panel-default
+      .panel-body
+        - if Ditty::Services::Authentication.provides? 'identity'
+          = haml :'auth/register_identity', locals: { identity: identity }
+          .row
+            .col-sm-12= " "
+        .row
+          .col-sm-8.col-sm-push-2
+            - Ditty::Services::Authentication.providers.each do |name|
+              - provider = Ditty::Services::Authentication[name]
+              - next if provider[:register_prompt].nil?
+              %a.btn.btn-block.btn-default{ href: "#{settings.map_path}/auth/#{name}" }
+                %i.fa{ class: "fa-#{provider[:icon] || 'key'}"}
+                = provider[:register_prompt]
+  .col-md-2

data/views/auth/register_identity.haml

@@ -0,0 +1,14 @@
+= form_tag("#{settings.map_path}/auth/register/identity") do
+  = form_control(:username, identity, label: 'Email', placeholder: 'your@email.com')
+  = form_control(:password, identity, label: 'Password', type: :password)
+  = form_control(:password_confirmation, identity, label: 'Confirm Password', type: :password)
+
+  - if identity.errors[:password] && identity.errors[:password].include?('is not strong enough')
+    .alert.alert-warning
+      %p Make sure your password is at least 8 characters long, and including the following
+      %ul
+        %li Upper- and lowercase letters
+        %li Numbers
+        %li Special Characters
+
+  %button.btn.btn-primary{ type: 'submit' } Register