double_auth_engine 0.0.4 → 0.0.5
Sign up to get free protection for your applications and to get access to all the features.
- data/Gemfile.lock +2 -2
- data/README.md +1 -0
- data/app/views/user_sessions/new.html.erb +2 -2
- data/app/views/users/change_password.html.erb +10 -0
- data/app/views/users/new.html.erb +0 -2
- data/config/routes.rb +6 -1
- data/lib/double_auth_engine/controllers/users_controller_mixin.rb +19 -1
- data/lib/double_auth_engine/generators/double_auth_engine/templates/authorization_rules.rb +3 -2
- data/lib/double_auth_engine/version.rb +1 -1
- data/spec/dummy/config/authorization_rules.rb +1 -1
- data/spec/dummy/spec/authorizations/user_spec.rb +9 -0
- data/spec/dummy/spec/controllers/users_controller_spec.rb +22 -0
- metadata +3 -2
data/Gemfile.lock
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
double_auth_engine (0.0.
|
4
|
+
double_auth_engine (0.0.4)
|
5
5
|
declarative_authorization
|
6
6
|
friendly_id
|
7
7
|
kb-authlogic
|
@@ -37,7 +37,7 @@ GEM
|
|
37
37
|
activesupport (= 3.0.5)
|
38
38
|
activesupport (3.0.5)
|
39
39
|
arel (2.0.9)
|
40
|
-
babosa (0.3.
|
40
|
+
babosa (0.3.4)
|
41
41
|
builder (2.1.2)
|
42
42
|
capybara (0.4.1.2)
|
43
43
|
celerity (>= 0.7.9)
|
data/README.md
CHANGED
@@ -46,6 +46,7 @@ A <del>strike</del> means its done!
|
|
46
46
|
|
47
47
|
* <del>Add Authlogic</del>
|
48
48
|
* <del>Add Password Reset</del>
|
49
|
+
* <del>Change Password</del>
|
49
50
|
* <del>Update generator with ActionMailer monkey patch</del>
|
50
51
|
* <del>Update install generator to add include to ApplicationController</del>
|
51
52
|
* <del>Update README for mailer settings</del>
|
@@ -6,8 +6,8 @@
|
|
6
6
|
</head>
|
7
7
|
<body>
|
8
8
|
<%= form_for @user_session do |f| %>
|
9
|
-
<%= f.label :
|
10
|
-
<%= f.text_field :
|
9
|
+
<%= f.label :email, "Email" %>
|
10
|
+
<%= f.text_field :email %>
|
11
11
|
<%= f.label :password, "Password" %>
|
12
12
|
<%= f.password_field :password %>
|
13
13
|
<%= link_to 'Forgot Password?', forgot_password_path %>
|
@@ -0,0 +1,10 @@
|
|
1
|
+
<%= form_tag update_password_user_path(@user), :method => :put do %>
|
2
|
+
<%= label_tag :current_password, "Current Password:", :class => "required-field" %>
|
3
|
+
<%= password_field_tag :current_password %>
|
4
|
+
<%= label_tag :password, "New Password:", :class => "required-field" %>
|
5
|
+
<%= password_field_tag :password %>
|
6
|
+
<%= label_tag :password_confirmation, "Confirm New Password:", :class => "required-field" %>
|
7
|
+
<%= password_field_tag :password_confirmation %>
|
8
|
+
<%= submit_tag "Save" %>
|
9
|
+
<%= link_to "Cancel", user_path(@user) %>
|
10
|
+
<% end %>
|
data/config/routes.rb
CHANGED
@@ -3,7 +3,12 @@ Rails.application.routes.draw do
|
|
3
3
|
match 'login', :to => 'user_sessions#new'
|
4
4
|
match 'logout', :to => 'user_sessions#destroy'
|
5
5
|
|
6
|
-
resources :users
|
6
|
+
resources :users do
|
7
|
+
member do
|
8
|
+
get "change_password"
|
9
|
+
put "update_password"
|
10
|
+
end
|
11
|
+
end
|
7
12
|
resources :user_sessions
|
8
13
|
|
9
14
|
match '/forgot_password', :controller => 'password_resets', :action => 'new'
|
@@ -3,7 +3,7 @@ module DoubleAuthEngine
|
|
3
3
|
def self.included(base)
|
4
4
|
base.class_eval do
|
5
5
|
skip_before_filter :require_user, :only => [:new, :create]
|
6
|
-
filter_access_to [:edit, :update], :attribute_check => true
|
6
|
+
filter_access_to [:edit, :update, :change_password, :update_password], :attribute_check => true
|
7
7
|
respond_to :html, :json, :js
|
8
8
|
end
|
9
9
|
base.send :include, InstanceMethods
|
@@ -60,6 +60,24 @@ module DoubleAuthEngine
|
|
60
60
|
format.xml { head :ok }
|
61
61
|
end
|
62
62
|
end
|
63
|
+
|
64
|
+
def update_password
|
65
|
+
@user = User.find(params[:id])
|
66
|
+
if @user.valid_password? params[:current_password]
|
67
|
+
@user.password = params[:password]
|
68
|
+
@user.password_confirmation = params[:password_confirmation]
|
69
|
+
if @user.save
|
70
|
+
flash[:notice] = "Your password has been updated"
|
71
|
+
redirect_to user_path(@user)
|
72
|
+
else
|
73
|
+
flash[:error] = @user.errors.full_messages.first
|
74
|
+
render :action => "change_password"
|
75
|
+
end
|
76
|
+
else
|
77
|
+
flash[:error] = "Your Current Password Does not Match"
|
78
|
+
render :action => "change_password"
|
79
|
+
end
|
80
|
+
end
|
63
81
|
end
|
64
82
|
end
|
65
83
|
end
|
@@ -1,6 +1,7 @@
|
|
1
1
|
authorization do
|
2
2
|
role :guest do
|
3
|
-
has_permission_on :users, :to => [:
|
3
|
+
has_permission_on :users, :to => [:add, :read]
|
4
|
+
has_permission_on :users, :to => [:modify, :destroy, :change_password, :update_password] do
|
4
5
|
if_attribute :id => is { user.id }
|
5
6
|
end
|
6
7
|
end
|
@@ -16,4 +17,4 @@ privileges do
|
|
16
17
|
privilege :modify, :includes => [:edit, :update]
|
17
18
|
privilege :read, :includes => [:index, :show]
|
18
19
|
privilege :write, :includes => [:add, :modify]
|
19
|
-
end
|
20
|
+
end
|
@@ -1,7 +1,7 @@
|
|
1
1
|
authorization do
|
2
2
|
role :guest do
|
3
3
|
has_permission_on :users, :to => [:add, :read]
|
4
|
-
has_permission_on :users, :to => [:modify, :destroy] do
|
4
|
+
has_permission_on :users, :to => [:modify, :destroy, :change_password, :update_password] do
|
5
5
|
if_attribute :id => is { user.id }
|
6
6
|
end
|
7
7
|
end
|
@@ -47,6 +47,7 @@ describe "User Authorizations" do
|
|
47
47
|
:password_confirmation => "testing",
|
48
48
|
:email => Faker::Internet.email)
|
49
49
|
end
|
50
|
+
|
50
51
|
it "to access the 'edit' action for another user" do
|
51
52
|
should_not_be_allowed_to(:edit, @alt_user)
|
52
53
|
end
|
@@ -58,6 +59,14 @@ describe "User Authorizations" do
|
|
58
59
|
it "to access the 'destroy' action for another user" do
|
59
60
|
should_not_be_allowed_to(:update, @alt_user)
|
60
61
|
end
|
62
|
+
|
63
|
+
it "to access the 'change_password' action for another user" do
|
64
|
+
should_not_be_allowed_to(:change_password, @alt_user)
|
65
|
+
end
|
66
|
+
|
67
|
+
it "to access the 'update_password' action for another user" do
|
68
|
+
should_not_be_allowed_to(:update_password, @alt_user)
|
69
|
+
end
|
61
70
|
end
|
62
71
|
end
|
63
72
|
|
@@ -122,4 +122,26 @@ describe UsersController do
|
|
122
122
|
assigns[:users].should_not be_nil
|
123
123
|
end
|
124
124
|
end
|
125
|
+
|
126
|
+
describe "PUT 'update_password'" do
|
127
|
+
it "should render the change_password template if the current password does not match the supplied current password" do
|
128
|
+
controller.current_user.stub(:valid_password?).and_return(false)
|
129
|
+
put :update_password, :id => controller.current_user.id
|
130
|
+
response.should render_template("change_password")
|
131
|
+
end
|
132
|
+
|
133
|
+
it "should render the change_password template if the new password does not match the password_confirmation" do
|
134
|
+
controller.current_user.stub(:valid_password?).and_return(true)
|
135
|
+
controller.current_user.stub(:save).and_return(false)
|
136
|
+
put :update_password, :id => controller.current_user.id
|
137
|
+
response.should render_template("change_password")
|
138
|
+
end
|
139
|
+
|
140
|
+
it "should redirect to the user profile page if the password change is successful" do
|
141
|
+
controller.current_user.stub(:valid_password?).and_return(true)
|
142
|
+
controller.current_user.stub(:save).and_return(true)
|
143
|
+
put :update_password, :id => controller.current_user.id
|
144
|
+
response.status.should == 200
|
145
|
+
end
|
146
|
+
end
|
125
147
|
end
|
metadata
CHANGED
@@ -2,7 +2,7 @@
|
|
2
2
|
name: double_auth_engine
|
3
3
|
version: !ruby/object:Gem::Version
|
4
4
|
prerelease:
|
5
|
-
version: 0.0.
|
5
|
+
version: 0.0.5
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
8
8
|
- Kyle Bolton
|
@@ -10,7 +10,7 @@ autorequire:
|
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
12
|
|
13
|
-
date: 2011-05-
|
13
|
+
date: 2011-05-11 00:00:00 -04:00
|
14
14
|
default_executable:
|
15
15
|
dependencies:
|
16
16
|
- !ruby/object:Gem::Dependency
|
@@ -74,6 +74,7 @@ files:
|
|
74
74
|
- app/views/password_resets/edit.html.erb
|
75
75
|
- app/views/password_resets/new.html.erb
|
76
76
|
- app/views/user_sessions/new.html.erb
|
77
|
+
- app/views/users/change_password.html.erb
|
77
78
|
- app/views/users/edit.html.erb
|
78
79
|
- app/views/users/index.html.erb
|
79
80
|
- app/views/users/new.html.erb
|