fat_free_crm 0.18.2 → 0.19.0

data/app/controllers/authentications_controller.rb

@@ -1,53 +0,0 @@
-# frozen_string_literal: true
-
-# Copyright (c) 2008-2013 Michael Dvorkin and contributors.
-#
-# Fat Free CRM is freely distributable under the terms of MIT license.
-# See MIT-LICENSE file or http://www.opensource.org/licenses/mit-license.php
-#------------------------------------------------------------------------------
-class AuthenticationsController < ApplicationController
-  before_action :require_no_user, only: %i[new create show]
-  before_action :require_user, only: :destroy
-
-  #----------------------------------------------------------------------------
-  def new
-    @authentication = Authentication.new
-  end
-
-  #----------------------------------------------------------------------------
-  def show
-    redirect_to login_url
-  end
-
-  #----------------------------------------------------------------------------
-  def create
-    @authentication = Authentication.new(params[:authentication].permit(:username, :password, :remember_me).to_h)
-
-    if @authentication.save && !@authentication.user.suspended?
-      flash[:notice] = t(:msg_welcome)
-      if @authentication.user.login_count > 1 && @authentication.user.last_login_at?
-        flash[:notice] += " " + t(:msg_last_login, l(@authentication.user.last_login_at, format: :mmddhhss))
-      end
-      redirect_back_or_default root_url
-    else
-      if @authentication.user&.awaits_approval?
-        flash[:notice] = t(:msg_account_not_approved)
-      else
-        flash[:warning] = t(:msg_invalig_login)
-      end
-      redirect_to action: :new
-    end
-  end
-
-  # The login form gets submitted to :update action when @authentication is
-  # saved (@authentication != nil) but the user is suspended.
-  #----------------------------------------------------------------------------
-  alias update create
-
-  #----------------------------------------------------------------------------
-  def destroy
-    current_user_session.destroy
-    flash[:notice] = t(:msg_goodbye)
-    redirect_back_or_default login_url
-  end
-end

data/app/models/users/authentication.rb

@@ -1,56 +0,0 @@
-# frozen_string_literal: true
-
-# Copyright (c) 2008-2013 Michael Dvorkin and contributors.
-#
-# Fat Free CRM is freely distributable under the terms of MIT license.
-# See MIT-LICENSE file or http://www.opensource.org/licenses/mit-license.php
-#------------------------------------------------------------------------------
-class Authentication < Authlogic::Session::Base # NOTE: This is not ActiveRecord model.
-  authenticate_with User
-  after_save :check_if_suspended
-  single_access_allowed_request_types :any
-
-  def to_key
-    id ? id : nil
-  end
-
-  private
-
-  # Override Authlogic's validate_by_password() to allow blank passwords. See
-  # authlogic/lib/authlogic/session/password.rb for details.
-  #----------------------------------------------------------------------------
-  def validate_by_password
-    self.invalid_password = false
-
-    self.attempted_record = search_for_record(find_by_login_method, send(login_field))
-    if attempted_record.blank?
-      generalize_credentials_error_messages? ?
-        add_general_credentials_error :
-        errors.add(login_field, I18n.t('error_messages.login_not_found', default: "is not valid"))
-      return
-    end
-
-    unless attempted_record.send(verify_password_method, send("protected_#{password_field}"))
-      self.invalid_password = true
-      generalize_credentials_error_messages? ?
-        add_general_credentials_error :
-        errors.add(password_field, I18n.t('error_messages.password_invalid', default: "is not valid"))
-      return
-    end
-  end
-
-  # Override Authologic instance method in order to keep :login_count,
-  # :last_login_at, and :last_login_ip intact if the user is suspended.
-  # See vendor/plugin/authlogin/lib/authlogic/session/magic_columns.rb.
-  #----------------------------------------------------------------------------
-  def update_info
-    super unless user.suspended?
-  end
-
-  #----------------------------------------------------------------------------
-  def check_if_suspended
-    errors.add(:base, I18n.t(:msg_account_suspended)) if user.suspended?
-  end
-
-  ActiveSupport.run_load_hooks(:fat_free_crm_authentication, self)
-end

data/app/views/authentications/new.html.haml

@@ -1,19 +0,0 @@
-.standalone#standalone
-  -# The following form gets submitted to #create when @authentication is nil,
-  -# or to #update when @authentication is not nil (ex. suspended).
-  = form_for @authentication, url: authentication_path, html: one_submit_only do |f|
-    - if can_signup?
-      .title_tools #{t :no_account} #{link_to t(:sign_up_now), signup_path}
-    .title= t(:login)
-    .section
-      .label= t(:username) + ':'
-      = f.text_field :username
-      .label= t(:password) + ':'
-      = f.password_field :password
-
-    %div(style="margin-left:12px") #{f.check_box(:remember_me)} #{t :remember_me}
-    %br
-    .buttonbar
-      = f.submit t(:login)
-      #{t :or}
-      = link_to t(:forgot_password) << '?', new_password_path

data/app/views/passwords/edit.html.haml

@@ -1,15 +0,0 @@
-.standalone
-  = form_for(@user, url: password_path(params[:id]), html: one_submit_only, method: :put) do |f|
-    .title #{t :reset_password}
-
-    = f.error_messages object_name: t('password')
-
-    .intro #{t :confirm_password_intro}
-    .section
-      .label #{t :new_password}:
-      = f.password_field :password
-      .label #{t :password_confirmation}:
-      = f.password_field :password_confirmation
-    %br
-    .buttonbar
-      = f.submit t(:update_password_and_login)

data/app/views/passwords/new.html.haml

@@ -1,10 +0,0 @@
-.standalone
-  = form_tag(passwords_path, one_submit_only) do
-    .title #{t :forgot_password}
-    .intro #{t :password_intro}
-    .section
-      .label #{t :email}:
-      = text_field_tag :email
-    %br
-    .buttonbar
-      = submit_tag t(:reset_password), id: "passwords_submit"

data/app/views/user_mailer/password_reset_instructions.html.haml

@@ -1,6 +0,0 @@
-:plain
-  A request to reset your password has been made. If you did not make this request, simply ignore this email. If you did make this request just click the link below:
-
-  #{@edit_password_url}
-
-  If the above URL does not work try copying and pasting it into your browser. If you continue to have problem please feel free to contact us.

data/app/views/users/new.html.haml

@@ -1,19 +0,0 @@
-.standalone
-  = form_for(@user, html: one_submit_only) do |f|
-    .title_tools #{t :already_signed_up} #{link_to t(:login_now_link), login_path}
-    .title #{t :sign_up}
-
-    = f.error_messages object_name: t('user')
-
-    .section
-      .label #{t :email}:
-      = f.text_field :email
-      .label #{t :username}:
-      = f.text_field :username
-      .label #{t :password}:
-      = f.password_field :password
-      .label #{t :password_confirmation}:
-      = f.password_field :password_confirmation
-
-    .buttonbar
-      = f.submit t(:sign_up_button)

data/spec/controllers/authentications_controller_spec.rb

@@ -1,150 +0,0 @@
-# frozen_string_literal: true
-
-# Copyright (c) 2008-2013 Michael Dvorkin and contributors.
-#
-# Fat Free CRM is freely distributable under the terms of MIT license.
-# See MIT-LICENSE file or http://www.opensource.org/licenses/mit-license.php
-#------------------------------------------------------------------------------
-require File.expand_path(File.dirname(__FILE__) + '/../spec_helper')
-
-describe AuthenticationsController do
-  before(:each) do
-    activate_authlogic
-    logout
-  end
-
-  # Authentication filters
-  #----------------------------------------------------------------------------
-  describe "authentication filters" do
-    describe "user must not be logged" do
-      describe "DELETE authentication (logout form)" do
-        it "displays 'must be logged out message' and redirects to login page" do
-          delete :destroy
-          expect(flash[:notice]).not_to eq(nil)
-          expect(flash[:notice]).to match(/^You must be logged in/)
-          expect(response).to redirect_to(login_path)
-        end
-
-        it "redirects to login page" do
-          get :show
-          expect(response).to redirect_to(login_path)
-        end
-      end
-    end
-
-    describe "user must not be logged in" do
-      before(:each) do
-        @user = create(:user, username: "user", password: "pass", password_confirmation: "pass")
-        allow(@controller).to receive(:current_user).and_return(@user)
-      end
-
-      describe "GET authentication (login form)" do
-        it "displays 'must be logged out message' and redirects to profile page" do
-          get :new
-          expect(flash[:notice]).not_to eq(nil)
-          expect(flash[:notice]).to match(/^You must be logged out/)
-          expect(response).to redirect_to(profile_path)
-        end
-      end
-
-      describe "POST authentication" do
-        it "displays 'must be logged out message' and redirects to profile page" do
-          post :create, params: { authentication: @login }
-          expect(flash[:notice]).not_to eq(nil)
-          expect(flash[:notice]).to match(/^You must be logged out/)
-          expect(response).to redirect_to(profile_path)
-        end
-      end
-    end
-  end
-
-  # POST /authentications
-  # POST /authentications.xml                                              HTML
-  #----------------------------------------------------------------------------
-  describe "POST authentications" do
-    before(:each) do
-      @login = { username: "user", password: "pass", remember_me: "0" }
-      @authentication = double(Authentication, @login)
-    end
-
-    describe "successful authentication " do
-      before(:each) do
-        allow(@authentication).to receive(:save).and_return(true)
-        allow(Authentication).to receive(:new).and_return(@authentication)
-      end
-
-      it "displays welcome message and redirects to the home page" do
-        @user = create(:user, username: "user", password: "pass", password_confirmation: "pass", login_count: 0)
-        allow(@authentication).to receive(:user).and_return(@user)
-
-        post :create, params: { authentication: @login }
-        expect(flash[:notice]).not_to eq(nil)
-        expect(flash[:notice]).not_to match(/last login/)
-        expect(response).to redirect_to(root_path)
-      end
-
-      it "displays last login time if it's not the first login" do
-        @user = create(:user, username: "user", password: "pass", password_confirmation: "pass", login_count: 42)
-        allow(@authentication).to receive(:user).and_return(@user)
-
-        post :create, params: { authentication: @login }
-        expect(flash[:notice]).to match(/last login/)
-        expect(response).to redirect_to(root_path)
-      end
-    end
-
-    describe "authenticaion failure" do
-      describe "user is not suspended" do
-        it "redirects to login page if username or password are invalid" do
-          @user = create(:user, username: "user", password: "pass", password_confirmation: "pass")
-          allow(@authentication).to receive(:user).and_return(@user)
-          allow(@authentication).to receive(:save).and_return(false) # <--- Authentication failure.
-          allow(Authentication).to receive(:new).and_return(@authentication)
-
-          post :create, params: { authentication: @login }
-          expect(flash[:warning]).not_to eq(nil)
-          expect(response).to redirect_to(action: :new)
-        end
-      end
-
-      describe "user has been suspended" do
-        before(:each) do
-          allow(@authentication).to receive(:save).and_return(true)
-          allow(Authentication).to receive(:new).and_return(@authentication)
-        end
-
-        # This tests :before_save update_info callback in Authentication model.
-        it "keeps user login attributes intact" do
-          @user = create(:user, username: "user", password: "pass", password_confirmation: "pass", suspended_at: Date.yesterday, login_count: 0, last_login_at: nil, last_login_ip: nil)
-          allow(@authentication).to receive(:user).and_return(@user)
-
-          post :create, params: { authentication: @login }
-          expect(@authentication.user.login_count).to eq(0)
-          expect(@authentication.user.last_login_at).to be_nil
-          expect(@authentication.user.last_login_ip).to be_nil
-        end
-
-        it "redirects to login page if user is suspended" do
-          @user = create(:user, username: "user", password: "pass", password_confirmation: "pass", suspended_at: Date.yesterday)
-          allow(@authentication).to receive(:user).and_return(@user)
-
-          post :create, params: { authentication: @login }
-          expect(flash[:warning]).not_to eq(nil) # Invalid username/password.
-          expect(flash[:notice]).to eq(nil)      # Not approved yet.
-          expect(response).to redirect_to(action: :new)
-        end
-
-        it "redirects to login page with the message if signup needs approval and user hasn't been activated yet" do
-          allow(Setting).to receive(:user_signup).and_return(:needs_approval)
-          @user = create(:user, username: "user", password: "pass", password_confirmation: "pass", suspended_at: Date.yesterday, login_count: 0)
-          allow(@authentication).to receive(:user).and_return(@user)
-
-          post :create, params: { authentication: @login }
-          expect(flash[:warning]).to eq(nil)     # Invalid username/password.
-          expect(flash[:notice]).not_to eq(nil)  # Not approved yet.
-          expect(response).to redirect_to(action: :new)
-        end
-      end
-    end
-  end
-end

data/spec/controllers/passwords_controller_spec.rb

@@ -1,32 +0,0 @@
-# frozen_string_literal: true
-
-# Copyright (c) 2008-2013 Michael Dvorkin and contributors.
-#
-# Fat Free CRM is freely distributable under the terms of MIT license.
-# See MIT-LICENSE file or http://www.opensource.org/licenses/mit-license.php
-#------------------------------------------------------------------------------
-require 'spec_helper'
-
-describe PasswordsController do
-  let(:user) { build(:user) }
-
-  describe "update" do
-    before(:each) do
-      allow(User).to receive(:find_using_perishable_token).and_return(user)
-    end
-
-    it "should accept non-blank passwords" do
-      password = "password"
-      expect(user).to receive(:update_attributes).and_return(true)
-      put :update, params: { id: 1, user: { password: password, password_confirmation: password } }
-      expect(response).to redirect_to(profile_url)
-    end
-
-    it "should not accept blank passwords" do
-      password = "    "
-      expect(user).not_to receive(:update_attributes)
-      put :update, params: { id: 1, user: { password: password, password_confirmation: password } }
-      expect(response).to render_template('edit')
-    end
-  end
-end

data/spec/models/users/authentication_spec.rb

@@ -1,19 +0,0 @@
-# frozen_string_literal: true
-
-# Copyright (c) 2008-2013 Michael Dvorkin and contributors.
-#
-# Fat Free CRM is freely distributable under the terms of MIT license.
-# See MIT-LICENSE file or http://www.opensource.org/licenses/mit-license.php
-#------------------------------------------------------------------------------
-require File.expand_path(File.dirname(__FILE__) + '/../../spec_helper')
-
-describe Authentication do
-  before(:each) do
-    @valid_attributes = {
-    }
-  end
-
-  # it "should create a new instance given valid attributes" do
-  #   Authentication.create!(@valid_attributes)
-  # end
-end

data/spec/support/auth_macros.rb

@@ -1,49 +0,0 @@
-# frozen_string_literal: true
-
-# Copyright (c) 2008-2013 Michael Dvorkin and contributors.
-#
-# Fat Free CRM is freely distributable under the terms of MIT license.
-# See MIT-LICENSE file or http://www.opensource.org/licenses/mit-license.php
-#------------------------------------------------------------------------------
-# See vendor/plugins/authlogic/lib/authlogic/test_case.rb
-#----------------------------------------------------------------------------
-def activate_authlogic
-  require 'authlogic/test_case/rails_request_adapter'
-  require 'authlogic/test_case/mock_cookie_jar'
-  require 'authlogic/test_case/mock_request'
-
-  Authlogic::Session::Base.controller = (@request && Authlogic::TestCase::RailsRequestAdapter.new(@request)) || controller
-end
-
-# Note: Authentication is NOT ActiveRecord model, so we mock and stub it using RSpec.
-#----------------------------------------------------------------------------
-def login(user_stubs = {}, session_stubs = {})
-  User.current_user = @current_user = create(:user, user_stubs)
-  @current_user_session = double(Authentication, { record: current_user }.merge(session_stubs))
-  allow(Authentication).to receive(:find).and_return(@current_user_session)
-  # set_timezone
-  assigns[:current_user] = current_user
-end
-
-#----------------------------------------------------------------------------
-def login_admin
-  login(admin: true)
-end
-
-#----------------------------------------------------------------------------
-def logout
-  @current_user = nil
-  @current_user_session = nil
-  allow(Authentication).to receive(:find).and_return(nil)
-end
-alias require_no_user logout
-
-#----------------------------------------------------------------------------
-def current_user
-  @current_user
-end
-
-#----------------------------------------------------------------------------
-def current_user_session
-  @current_user_session
-end