incline 0.1.5

data/app/models/incline/user.rb

@@ -0,0 +1,437 @@
+require_relative './access_group'
+require_relative './user_login_history'
+
+module Incline
+
+  ##
+  # This class represents an application user.
+  class User < ActiveRecord::Base
+
+    ANONYMOUS_EMAIL = 'anonymous@server.local'
+
+    has_many :login_histories, class_name: 'Incline::UserLoginHistory'
+
+    has_many :access_group_user_members, class_name: 'Incline::AccessGroupUserMember', foreign_key: 'member_id'
+    private :access_group_user_members, :access_group_user_members=
+
+    has_many :groups, class_name: 'Incline::AccessGroup', through: :access_group_user_members
+
+
+    before_save :downcase_email
+    before_create :create_activation_digest
+    after_save :refresh_comments
+
+    attr_accessor :recaptcha
+
+    attr_accessor :remember_token
+    attr_accessor :activation_token
+    attr_accessor :reset_token
+
+    search_attribute :email
+
+    has_secure_password
+
+    validates :name,
+              presence: true,
+              length: { maximum: 100 }
+
+    validates :email,
+              presence: true,
+              length: { maximum: 250 },
+              uniqueness: { case_sensitive: false },
+              'incline/email' => true
+
+    validates :password,
+              presence: true,
+              length: { minimum: 8 },
+              allow_nil: true
+
+    validates :disabled_by,
+              length: { maximum: 250 }
+
+    validates :disabled_reason,
+              length: { maximum: 200 }
+
+    validates :last_login_ip,
+              length: { maximum: 64 },
+              'incline/ip_address' => { no_mask: true }
+
+    validates :password_digest,
+              :activation_digest,
+              :remember_digest,
+              :reset_digest,
+              length: { maximum: 100 }
+
+    # recaptcha is only required when creating a new record.
+    validates :recaptcha,
+              presence: true,
+              'incline/recaptcha' => true,
+              on: :create
+
+
+    ##
+    # Gets all known users.
+    scope :known, ->{ where.not(email: ANONYMOUS_EMAIL) }
+
+    ##
+    # Gets all of the currently enabled users.
+    scope :enabled, ->{ where(enabled: true, activated: true) }
+
+    ##
+    # Sorts the users by name.
+    scope :sorted, ->{ order(name: :asc) }
+
+    ##
+    # Gets the email address in a partially obfuscated fashion.
+    def partial_email
+      @partial_email ||=
+          begin
+            uid,_,domain = email.partition('@')
+            if uid.length < 4
+              uid = '*' * uid.length
+            elsif uid.length < 8
+              uid = uid[0..2] + ('*' * (uid.length - 3))
+            else
+              uid = uid[0..2] + ('*' * (uid.length - 6)) + uid[-3..-1]
+            end
+            "#{uid}@#{domain}"
+          end
+    end
+
+    ##
+    # Gets the email formatted with the name.
+    def formatted_email
+      "#{name} <#{email}>"
+    end
+
+    ##
+    # Gets the IDs for the groups that the user explicitly belongs to.
+    def group_ids
+      groups.map{|g| g.id}
+    end
+
+    ##
+    # Sets the IDs for the groups that the user explicitly belongs to.
+    def group_ids=(values)
+      values ||= []
+      values = [ values ] unless values.is_a?(::Array)
+      values = values.reject{|v| v.blank?}.map{|v| v.to_i}
+      self.groups = Incline::AccessGroup.where(id: values).to_a
+    end
+
+    ##
+    # Gets the effective group membership of this user.
+    def effective_groups(refresh = false)
+      @effective_groups = nil if refresh
+      @effective_groups ||= if system_admin?
+                              AccessGroup.all.map{ |g| g.to_s.upcase }
+                            else
+                              groups
+                                  .collect{ |g| g.effective_groups }
+                                  .flatten
+                            end
+                                .map{ |g| g.to_s.upcase }
+                                .uniq
+                                .sort
+    end
+
+    ##
+    # Does this user have the equivalent of one or more of these groups?
+    def has_any_group?(*group_list)
+      return :system_admin if system_admin?
+      return false if anonymous?
+
+      r = group_list.select{|g| effective_groups.include?(g.upcase)}
+
+      r.blank? ? false : r
+    end
+
+    ##
+    # Generates a remember token and saves the digest to the user model.
+    def remember
+      self.remember_token = Incline::User::new_token
+      update_attribute(:remember_digest, Incline::User::digest(self.remember_token))
+    end
+
+    ##
+    # Removes the remember digest from the user model.
+    def forget
+      update_attribute(:remember_digest, nil)
+    end
+
+    ##
+    # Determines if the supplied token digests to the stored digest in the user model.
+    def authenticated?(attribute, token)
+      return false unless respond_to?("#{attribute}_digest")
+      digest = send("#{attribute}_digest")
+      return false if digest.blank?
+      BCrypt::Password.new(digest).is_password?(token)
+    end
+
+    ##
+    # Disables the user.
+    #
+    # The +other_user+ is required, cannot be the current user, and must be a system administrator.
+    # The +reason+ is technically optional, but should be provided.
+    def disable(other_user, reason)
+      return false unless other_user&.system_admin?
+      return false if other_user == self
+
+      update_columns(
+          disabled_by: other_user.email,
+          disabled_at: Time.now,
+          disabled_reason: reason,
+          enabled: false
+      ) && refresh_comments
+    end
+
+    ##
+    # Enables the user and removes any previous disable information.
+    def enable
+      update_columns(
+          disabled_by: nil,
+          disabled_at: nil,
+          disabled_reason: nil,
+          enabled: true
+      ) && refresh_comments
+    end
+
+    ##
+    # Marks the user as activated and removes the activation digest from the user model.
+    def activate
+      update_columns(
+          activated: true,
+          activated_at: Time.now,
+          activation_digest: nil
+      ) && refresh_comments
+    end
+
+    ##
+    # Sends the activation email to the user.
+    def send_activation_email(client_ip = '0.0.0.0')
+      Incline::UserMailer.account_activation(user: self, client_ip: client_ip).deliver_now
+    end
+
+    ##
+    # Creates a reset token and stores the digest to the user model.
+    def create_reset_digest
+      self.reset_token = Incline::User::new_token
+      update_columns(
+          reset_digest: Incline::User::digest(reset_token),
+          reset_sent_at: Time.now
+      )
+    end
+
+    ##
+    # Was the password reset requested more than 2 hours ago?
+    def password_reset_expired?
+      reset_sent_at.nil? || reset_sent_at < 2.hours.ago
+    end
+
+    ##
+    # Is this the anonymous user?
+    def anonymous?
+      email == ANONYMOUS_EMAIL
+    end
+
+    ##
+    # Gets the last successful login for this user.
+    def last_successful_login
+      @last_successful_login ||= login_histories.where(successful: true).order(created_at: :desc).first
+    end
+
+    ##
+    # Gets the last failed login for this user.
+    def last_failed_login
+      @last_failed_login ||= login_histories.where.not(successful: true).order(created_at: :desc).first
+    end
+
+    ##
+    # Gets the failed logins for a user since the last successful login.
+    def failed_login_streak
+      @failed_login_streak ||=
+          begin
+            results = login_histories.where.not(successful: true)
+            if last_successful_login
+              results = results.where('created_at > ?', last_successful_login.created_at)
+            end
+            results.order(created_at: :desc)
+          end
+    end
+
+    ##
+    # Generates some brief comments about the user account and stores them in the comments attribute.
+    #
+    # This gets updated automatically on every login attempt.
+    def refresh_comments
+      update_columns :comments => generate_comments
+      comments
+    end
+
+    ##
+    # Sends the password reset email to the user.
+    def send_password_reset_email(client_ip = '0.0.0.0')
+      Incline::UserMailer.password_reset(user: self, client_ip: client_ip).deliver_now
+    end
+
+    ##
+    # Sends a missing account message when a user requests a password reset.
+    def self.send_missing_reset_email(email, client_ip = '0.0.0.0')
+      Incline::UserMailer::invalid_password_reset(email: email, client_ip: client_ip).deliver_now
+    end
+
+    ##
+    # Sends a disabled account message when a user requests a password reset.
+    def self.send_disabled_reset_email(email, client_ip = '0.0.0.0')
+      Incline::UserMailer::invalid_password_reset(email: email, message: 'The account attached to this email address has been disabled.', client_ip: client_ip).deliver_now
+    end
+
+    ##
+    # Sends a non-activated account message when a user requests a password reset.
+    def self.send_inactive_reset_email(email, client_ip = '0.0.0.0')
+      Incline::UserMailer::invalid_password_reset(email: email, message: 'The account attached to this email has not yet been activated.', client_ip: client_ip).deliver_now
+    end
+
+    ##
+    # Returns a hash digest of the given string.
+    def self.digest(string)
+      cost = ActiveModel::SecurePassword.min_cost ? BCrypt::Engine::MIN_COST : BCrypt::Engine.cost
+      BCrypt::Password.create(string, cost: cost)
+    end
+
+    ##
+    # Generates a new random token in (url safe) base64.
+    def self.new_token
+      SecureRandom.urlsafe_base64(32)
+    end
+
+    ##
+    # Generates the necessary system administrator account.
+    #
+    # When the database is initially seeded, the only user is the system administrator.
+    #
+    # The absolute default is **admin@barkerest.com** with a password of **Password1**.
+    # These values will be used if they are not overridden for the current environment.
+    #
+    # You can override this by setting the +default_admin+ property in "config/secrets.yml".
+    #
+    #     # config/secrets.yml
+    #     development:
+    #       default_admin:
+    #         email: admin@barkerest.com
+    #         password: Password1
+    #
+    # Regardless of whether you use the absolute defaults or create your own, you will want
+    # to change the password on first login.
+    #
+    def self.ensure_admin_exists!
+      unless where(system_admin: true, enabled: true).count > 0
+
+        msg = "Creating/reactivating default administrator...\n"
+        if Rails.application.running?
+          Rails.logger.info msg
+        else
+          print msg
+        end
+
+        def_adm = (Rails.application.secrets[:default_admin] || {}).symbolize_keys
+
+        def_adm_email = def_adm[:email] || 'admin@barkerest.com'
+        def_adm_pass = def_adm[:password] || 'Password1'
+
+        user = Incline::Recaptcha::pause_for do
+          User
+              .where(
+                  email: def_adm_email
+              )
+              .first_or_create!(
+                  name: 'Default Administrator',
+                  email: def_adm_email,
+                  password: def_adm_pass,
+                  password_confirmation: def_adm_pass,
+                  enabled: true,
+                  system_admin: true,
+                  activated: true,
+                  activated_at: Time.now,
+                  recaptcha: 'na'
+              )
+        end
+
+
+        unless user.activated? && user.enabled? && user.system_admin?
+          user.password = def_adm_pass
+          user.password_confirmation = def_adm_pass
+          user.enabled = true
+          user.system_admin = true
+          user.activated = true
+          user.activated_at = Time.now
+          user.save!
+        end
+      end
+    end
+
+    ##
+    # Gets a generic anonymous user.
+    def self.anonymous
+      @anonymous = nil if Rails.env.test? # always start fresh in test environment.
+      @anonymous ||=
+          Incline::Recaptcha::pause_for do
+            pwd = new_token
+            User
+                .where(email: ANONYMOUS_EMAIL)
+                .first_or_create!(
+                    email: ANONYMOUS_EMAIL,
+                    name: 'Anonymous',
+                    enabled: false,
+                    activated: true,
+                    activated_at: Time.now,
+                    password: pwd,
+                    password_confirmation: pwd,
+                    recaptcha: 'na'
+                )
+          end
+    end
+
+    ##
+    # Gets the formatted email for this user.
+    def to_s
+      formatted_email
+    end
+
+    private
+
+    def generate_comments
+      (system_admin? ? "{ADMIN}\n" : '') +
+          if enabled?
+            if activated?
+              if failed_login_streak.count > 1
+                "Failed Login Streak: #{failed_login_streak.count}\nMost Recent Attempt: #{last_failed_login.date_and_ip}\n"
+              elsif failed_login_streak.count == 1
+                "Failed Login Attempt: #{last_failed_login.date_and_ip}\n"
+              else
+                ''
+              end +
+                  if last_successful_login
+                    "Most Recent Login: #{last_successful_login.date_and_ip}"
+                  else
+                    'Most Recent Login: Never'
+                  end
+            else
+              'Not Activated'
+            end
+          else
+            "Disabled #{disabled_at ? disabled_at.in_time_zone.strftime('%m/%d/%Y') : 'some time in the past'} by #{disabled_by.blank? ? 'somebody' : disabled_by}.\n#{disabled_reason}"
+          end
+    end
+
+    def downcase_email
+      email.downcase!
+    end
+
+    def create_activation_digest
+      self.activation_token = Incline::User::new_token
+      self.activation_digest = Incline::User::digest(activation_token)
+    end
+
+  end
+end

data/app/models/incline/user_login_history.rb

@@ -0,0 +1,30 @@
+module Incline
+  class UserLoginHistory < ActiveRecord::Base
+
+    belongs_to :user
+    after_save :update_user_comments
+
+    validates :user, presence: true
+    validates :ip_address, presence: true, length: { maximum: 64 }, 'incline/ip_address' => { no_mask: true }
+    validates :message, length: { maximum: 200 }
+
+    def time_and_ip
+      "#{created_at.in_time_zone.strftime('%m/%d/%Y %H:%M')} from #{ip_address}"
+    end
+
+    def date_and_ip
+      "#{created_at.in_time_zone.strftime('%m/%d/%Y')} from #{ip_address}"
+    end
+
+    def to_s
+      "Login #{successful ? 'succeeded' : 'failed'} on #{time_and_ip}"
+    end
+
+    private
+
+    def update_user_comments
+      user.refresh_comments
+    end
+
+  end
+end

data/app/views/incline/access_groups/_details.json.jbuilder

@@ -0,0 +1,10 @@
+unless access_group.new_record?
+  json.set! 'DT_RowId', "access_group_#{access_group.id}"
+  json.set! 'DT_Path', access_group_path(access_group)
+  if access_group.destroyed?
+    json.set! 'DT_RowAction', 'remove'
+  end
+end
+json.set! 'name', h(access_group.name)
+json.set! 'created_at', access_group.created_at
+json.set! 'updated_at', access_group.updated_at

data/app/views/incline/access_groups/_form.html.erb

@@ -0,0 +1,19 @@
+<%= error_summary(@access_group) %>
+<div class="col-md-4 col-md-offset-4">
+  <div class="panel panel-primary">
+    <div class="panel-heading">
+      <h4 class="panel-title"><%= @access_group.new_record? ? 'Create' : 'Update' %> Access Group</h4>
+    </div>
+    <div class="panel-body">
+      <%= form_for(@access_group) do |f| %>
+          <%= f.text_form_group :name %>
+          <%= f.select_form_group :user_ids, Incline::User.where.not(id: current_user.id).sorted, :id, :to_s, label_text: 'Users belonging to this group', field_class: 'form-control select2', field_multiple: true %>
+          <%= f.select_form_group :group_ids, Incline::AccessGroup.where.not(id: @access_group.id).sorted, :id, :to_s, label_text: 'Groups belonging to this group', field_class: 'form-control select2', field_multiple: true %>
+
+          <%= f.submit class: 'btn btn-primary' %>
+          <%= link_to 'Cancel', access_groups_url, class: 'btn btn-default' %>
+      <% end %>
+
+    </div>
+  </div>
+</div>

data/app/views/incline/access_groups/_list.html.erb

@@ -0,0 +1,60 @@
+<table id="dt-access_groups" class="table" style="width: 100%;">
+  <thead>
+  <tr>
+    <th>Name</th>
+    <th class="text-right"><%= link_to 'New', new_access_group_path, class: 'btn btn-success btn-xs inline_form' %></th>
+  </tr>
+  </thead>
+</table>
+
+<% provide :scripts do %>
+<script type="text/javascript">
+    //<![CDATA[
+    $(function() {
+        $('#dt-access_groups').DataTable({
+            dom: '<"panel-body"<"col-sm-6 col-sm-offset-6"fr>>t<"panel-body"<"col-sm-6"i><"col-sm-6"p>>',
+            ajax: {
+                url: '<%= api_path %>',
+                type: 'POST'
+            },
+            columns: [
+                {
+                    // the data to display.
+                    data: 'name',
+                    // can this column be used for sorting?
+                    orderable: true,
+                    // can this column be used for searching?
+                    searchable: true
+                },
+
+                {
+                    orderable: false,
+                    searchable: false,
+                    data: function (row, type, set, meta) {
+                        if (type === 'display') {
+                            var ret = '<div class="text-right">';
+
+                            // the show icon.
+                            ret += '<a href="javascript:inlineForm(\'' + row.DT_Path + '\')" title="Details" class="btn btn-default btn-xs"><i class="glyphicon glyphicon-zoom-in"></i></a>';
+
+                            // the edit icon.
+                            ret += '<a href="javascript:inlineForm(\'' + row.DT_Path + '/edit\')" title="Edit" class="btn btn-default btn-xs"><i class="glyphicon glyphicon-pencil"></i></a>';
+
+                            // the delete icon.
+                            ret += '<a href="javascript:inlineAction(\'' + row.DT_Path + '\',\'delete\')" title="Remove" class="btn btn-danger btn-xs" data-confirm="Are you sure you want to remove this access group?"><i class="glyphicon glyphicon-trash"></i></a>';
+
+                            ret += '</div>';
+                            return ret;
+                        } else {
+                            return row.DT_Path;
+                        }
+                    }
+                }
+            ],
+            responsive: true,
+            serverSide: true
+        });
+    });
+    //]]>
+</script>
+<% end %>

data/app/views/incline/access_groups/_messages.json.jbuilder

@@ -0,0 +1,6 @@
+json.messages do
+  json.array! flash.discard do |type,message|
+    json.set! 'type', type
+    json.set! 'text', message
+  end
+end

data/app/views/incline/access_groups/edit.html.erb

@@ -0,0 +1,2 @@
+<%= render 'form' %>
+

data/app/views/incline/access_groups/index.html.erb

@@ -0,0 +1,6 @@
+<div class="panel panel-primary">
+  <div class="panel-heading">
+    <h4 class="panel-title">Access Groups</h4>
+  </div>
+  <%= render partial: 'list', locals: { api_path: api_access_groups_path } %>
+</div>

data/app/views/incline/access_groups/index.json.jbuilder

@@ -0,0 +1,16 @@
+if @dt_request&.provided?
+  json.set! 'draw', @dt_request.draw
+  json.set! 'recordsTotal', @dt_request.records_total
+  json.set! 'recordsFiltered', @dt_request.records_filtered
+  json.data do
+    json.array!(@dt_request.records) do |access_group|
+      json.partial! 'details', locals: { access_group: access_group }
+    end
+  end
+  if @dt_request.error?
+    json.set! 'error', @dt_request.error
+  end
+else
+  json.set! 'error', 'No data tables request received.'
+end
+json.set! 'appInfo', h(Rails.application.app_info)

data/app/views/incline/access_groups/new.html.erb

@@ -0,0 +1,2 @@
+<%= render 'form' %>
+

data/app/views/incline/access_groups/show.html.erb

@@ -0,0 +1,9 @@
+<h1><%= @access_group.name %></h1>
+
+<p>
+<h4>Direct and indirect members:</h4>
+<%= @access_group.members.any? ? @access_group.members.map{|u| h(u.to_s)}.join('<br>').html_safe : 'None' %>
+</p>
+<br>
+
+<%= link_to 'Cancel', access_groups_path, class: 'btn btn-default' %>

data/app/views/incline/access_groups/show.json.jbuilder

@@ -0,0 +1,11 @@
+json.partial! 'messages'
+
+if @access_group.errors.any?
+  json.api_errors! 'access_group', @access_group.errors
+else
+  json.data do
+    json.array! [ @access_group ] do |access_group|
+      json.partial! 'details', locals: { access_group: access_group }
+    end
+  end
+end

data/app/views/incline/contact/new.html.erb

@@ -0,0 +1,22 @@
+<% provide :title, 'Contact Form' %>
+
+<%= error_summary(@msg) %>
+<div class="col-md-6 col-md-offset-3">
+  <div class="panel panel-primary">
+    <div class="panel-heading">
+      <h4 class="panel-title">Contact Form</h4>
+    </div>
+    <div class="panel-body">
+      <%= form_for @msg, url: contact_url, method: :post do |f| %>
+          <%= f.text_form_group :your_name %>
+          <%= f.text_form_group :your_email, field_type: 'email' %>
+          <%= f.select_form_group :related_to, [ 'Program Error', 'Broken Link', 'Feature Request', 'Other' ] %>
+          <%= f.text_form_group :subject %>
+          <%= f.textarea_form_group :body %>
+          <%= f.recaptcha :recaptcha %>
+          <%= f.submit 'Send', class: 'btn btn-success' %>
+          <%= link_to 'Cancel', root_url, class: 'btn btn-default' %>
+      <% end %>
+    </div>
+  </div>
+</div>

data/app/views/incline/contact_form/contact.html.erb

@@ -0,0 +1,16 @@
+<pre>
+From:       <%= @data[:msg].your_name %> &lt;<%= @data[:msg].your_email %>&gt;
+IP Address: <%= @data[:msg].remote_ip %>
+Date/time:  <%= Time.zone.now %>
+
+Application:
+    <%= Rails.application.app_name %> (<%= Rails.application.app_version %>)
+Key Gems:
+<% @data[:gems].each do |name,ver| %>
+    <%= name %> (<%= ver %>)
+<% end %>
+
+Message:
+<%= @data[:msg].body %>
+
+</pre>

data/app/views/incline/contact_form/contact.text.erb

@@ -0,0 +1,13 @@
+From:       <%= @data[:msg].your_name %> <<%= @data[:msg].your_email %>>
+IP Address: <%= @data[:msg].remote_ip %>
+Date/time:  <%= Time.zone.now %>
+
+Application:
+    <%= Rails.application.app_info %>
+Key Gems:
+<% @data[:gems].each do |name,ver| %>
+    <%= name %> (<%= ver %>)
+<% end %>
+
+Message:
+<%= @data[:msg].body %>