RubyGems - locomotivecms_steam - Versions diffs - 1.2.1 → 1.3.0.rc1 - Mend

locomotivecms_steam 1.2.1 → 1.3.0.rc1

Files changed (117) hide show

data/lib/locomotive/steam/middlewares/redirection.rb ADDED Viewed

@@ -0,0 +1,24 @@
+module Locomotive::Steam
+  module Middlewares
+    # When rendering the page, the developer can stop it at anytime by
+    # raising an RedirectionException exception. The exception message holds
+    # the url we want the user to be redirected to.
+    # This is specifically used by the authorize liquid tag.
+    #
+    class Redirection < ThreadSafe
+      include Helpers
+      def _call
+        begin
+          self.next
+        rescue Locomotive::Steam::RedirectionException => e
+          redirect_to e.url, 302
+        end
+      end
+    end
+  end
+end

data/lib/locomotive/steam/middlewares/renderer.rb CHANGED Viewed

@@ -37,7 +37,12 @@ module Locomotive::Steam
       def parse_and_render_liquid
         document = services.liquid_parser.parse(page)
-        document.render(liquid_context)
+        begin
+          document.render(liquid_context)
+        rescue Locomotive::Steam::ParsingRenderingError => e
+          e.file = page.template_path if e.file.blank?
+          raise e
+        end
       end
       def liquid_context
@@ -62,7 +67,8 @@ module Locomotive::Steam
         _default_liquid_assigns.merge(
           _locale_liquid_assigns.merge(
             _request_liquid_assigns.merge(
-              _steam_liquid_assigns)))
+              _http_actions_liquid_assigns.merge(
+                _steam_liquid_assigns))))
       end
       def _default_liquid_assigns
@@ -100,13 +106,24 @@ module Locomotive::Steam
         {
           'base_url'    => request.base_url,
           'fullpath'    => request.fullpath,
+          'http_method' => request.request_method,
           'ip_address'  => request.ip,
           'mounted_on'  => mounted_on,
           'path'        => request.path,
-          'post?'       => request.post?,
           'referer'     => request.referer,
           'url'         => request.url,
           'user_agent'  => request.user_agent,
+          'host'        => request.host_with_port
+        }
+      end
+      def _http_actions_liquid_assigns
+        {
+          'head?'    => request.head?,
+          'get?'    => request.get?,
+          'post?'   => request.post?,
+          'put?'    => request.put?,
+          'delete?' => request.delete?
         }
       end

data/lib/locomotive/steam/middlewares/sitemap.rb CHANGED Viewed

@@ -28,7 +28,7 @@ module Locomotive::Steam
       def build_pages_to_xml
         page_repository.published.map do |page|
-          next if page.index? || page.not_found? || page.layout?
+          next if page.index? || page.not_found? || page.layout? || (!page.templatized? && !page.listed?)
           build_page_xml(page)
         end.flatten.join.strip
@@ -56,6 +56,8 @@ module Locomotive::Steam
         return nil unless build_templatized_page_xml?(page, content_type, locale)
         repositories.content_entry.with(content_type).all.map do |entry|
+          next unless entry.visible? # only visible content entry
           _entry = Locomotive::Steam::Decorators::I18nDecorator.new(entry, locale)
           next if _entry._label.blank? # should be translated

data/lib/locomotive/steam/middlewares/templatized_page.rb CHANGED Viewed

@@ -38,7 +38,7 @@ module Locomotive::Steam
           # don't accept a non localized entry in a locale other than the default one
           return nil if type.localized_names.count == 0 && locale.to_s != default_locale.to_s
-          decorate(content_entry_repository.with(type).by_slug(slug))
+          decorate_entry(content_entry_repository.with(type).by_slug(slug))
         else
           nil
         end
@@ -56,11 +56,6 @@ module Locomotive::Steam
         services.page_finder.find('404')
       end
-      def decorate(entry)
-        return nil if entry.nil?
-        Locomotive::Steam::Decorators::I18nDecorator.new(entry, locale, default_locale)
-      end
     end
   end
 end

data/lib/locomotive/steam/middlewares/thread_safe.rb CHANGED Viewed

@@ -29,6 +29,10 @@ module Locomotive::Steam::Middlewares
       @services ||= env.fetch('steam.services')
     end
+    def repositories
+      @repositories ||= services.repositories
+    end
     def request
       @request ||= env.fetch('steam.request')
     end
@@ -69,6 +73,21 @@ module Locomotive::Steam::Middlewares
       !!env['steam.live_editing']
     end
+    def decorate_entry(entry)
+      return nil if entry.nil?
+      Locomotive::Steam::Decorators::I18nDecorator.new(entry, locale, default_locale)
+    end
+    def default_liquid_context
+      ::Liquid::Context.new({ 'site' => site.to_liquid }, {}, {
+        request:        request,
+        locale:         locale,
+        site:           site,
+        services:       services,
+        repositories:   services.repositories
+      }, true)
+    end
   end
 end

data/lib/locomotive/steam/middlewares/url_redirection.rb CHANGED Viewed

@@ -13,16 +13,29 @@ module Locomotive::Steam
       def _call
         if url = redirect_url
+          emit_event
           redirect_to url
         end
       end
       protected
+      def requested_url
+        request.env['locomotive.path'] || request.fullpath
+      end
+      def emit_event
+        ActiveSupport::Notifications.instrument('steam.serve.url_redirection', {
+          site_id:  site._id,
+          url:      requested_url
+        })
+      end
       def redirect_url
         return false if site.url_redirections.nil? || site.url_redirections.size == 0
-        site.url_redirections.to_h[request.env['locomotive.path'] || request.fullpath]
+        site.url_redirections.to_h[requested_url]
       end
     end

data/lib/locomotive/steam/repositories.rb CHANGED Viewed

@@ -43,7 +43,11 @@ module Locomotive
       def build_adapter(options)
         name = ((options || {})[:name] || :filesystem).to_s
-        require_relative "adapters/#{name.downcase}"
+        begin
+          require_relative "adapters/#{name.downcase}"
+        rescue LoadError
+          puts 'Not a Steam built-in adapter'
+        end
         klass = "Locomotive::Steam::#{name.camelize}Adapter".constantize
         klass.new(options)
       end

data/lib/locomotive/steam/repositories/content_entry_repository.rb CHANGED Viewed

@@ -57,7 +57,7 @@ module Locomotive
       end
       def find(id)
-        conditions, _ = conditions_without_order_by(_id: id)
+        conditions, _ = conditions_without_order_by(_id: self.adapter.make_id(id))
         first { where(conditions) }
       end

data/lib/locomotive/steam/repositories/content_type_field_repository.rb CHANGED Viewed

@@ -26,6 +26,10 @@ module Locomotive
         query { where(type: :file) }.all
       end
+      def passwords
+        query { where(type: :password) }.all
+      end
       def dates_and_date_times
         query { where(k(:type, :in) => %i(date date_time)) }.all
       end

data/lib/locomotive/steam/server.rb CHANGED Viewed

@@ -61,6 +61,8 @@ module Locomotive::Steam
           Middlewares::EntrySubmission,
           Middlewares::Locale,
           Middlewares::LocaleRedirection,
+          Middlewares::Redirection,
+          Middlewares::Auth,
           Middlewares::PrivateAccess,
           Middlewares::Path,
           Middlewares::Page,

data/lib/locomotive/steam/services.rb CHANGED Viewed

@@ -63,7 +63,7 @@ module Locomotive
         end
         register :action do
-          Steam::ActionService.new(current_site, email, content_entry)
+          Steam::ActionService.new(current_site, email, content_entry: content_entry, api: external_api, redirection: page_redirection)
         end
         register :content_entry do
@@ -82,6 +82,10 @@ module Locomotive
           Steam::UrlBuilderService.new(current_site, locale, request)
         end
+        register :page_redirection do
+          Steam::PageRedirectionService.new(page_finder, url_builder)
+        end
         register :theme_asset_url do
           Steam::ThemeAssetUrlService.new(repositories.theme_asset, asset_host, configuration.theme_assets_checksum)
         end
@@ -118,6 +122,10 @@ module Locomotive
           Steam::EmailService.new(page_finder, liquid_parser, asset_host, configuration.mode == :test)
         end
+        register :auth do
+          Steam::AuthService.new(content_entry, email)
+        end
         register :cache do
           Steam::NoCacheService.new
         end

data/lib/locomotive/steam/services/action_service.rb CHANGED Viewed

@@ -11,6 +11,8 @@ module Locomotive
     class ActionService
+      SERVICES = %w(content_entry api redirection)
       BUILT_IN_FUNCTIONS = %w(
         getProp
         setProp
@@ -20,9 +22,11 @@ module Locomotive
         allEntries
         findEntry
         createEntry
-        updateEntry)
+        updateEntry
+        callAPI
+        redirectTo)
-      attr_accessor_initialize :site, :email, :content_entry_service
+      attr_accessor_initialize :site, :email, :services
       def run(script, params = {}, liquid_context)
         context = Duktape::Context.new
@@ -35,15 +39,22 @@ module Locomotive
           }
         JS
-        # puts script.inspect # DEBUG
-        context.exec_string script
-        context.call_prop('locomotiveAction', site.as_json, params)
+        begin
+          context.exec_string script
+          context.call_prop('locomotiveAction', site.as_json, params)
+        rescue Locomotive::Steam::RedirectionException
+          raise
+        rescue Exception => e
+          raise Locomotive::Steam::ActionError.new(e, script)
+        end
       end
       private
+      SERVICES.each do |name|
+        define_method(:"#{name}_service") { self.services[:"#{name}"] }
+      end
       def define_built_in_functions(context, liquid_context)
         BUILT_IN_FUNCTIONS.each do |name|
           context.define_function name, &send(:"#{name.underscore}_lambda", liquid_context)
@@ -86,6 +97,14 @@ module Locomotive
         -> (type, id_or_slug, attributes) { content_entry_service.update(type, id_or_slug, attributes, true) }
       end
+      def call_api_lambda(liquid_context)
+        -> (method, url, options) { api_service.consume(url, (options || {}).with_indifferent_access.merge(method: method), true) }
+      end
+      def redirect_to_lambda(liquid_context)
+        -> (page_handle, locale = nil) { redirection_service.redirect_to(page_handle, locale) }
+      end
     end
   end

data/lib/locomotive/steam/services/asset_host_service.rb CHANGED Viewed

@@ -18,13 +18,18 @@ module Locomotive
         return add_timestamp_suffix(source, timestamp) if source =~ Steam::IsHTTP
-        url = self.host ? URI.join(host, source).to_s : source
+        url = self.host ? build_url(host, source) : source
         add_timestamp_suffix(url, timestamp)
       end
       private
+      def build_url(host, source)
+        clean_source = source.sub(/\A^\//, '')
+        URI.join(host, clean_source).to_s
+      end
       def build_host(host, request, site)
         if host
           if host.respond_to?(:call)

data/lib/locomotive/steam/services/auth_service.rb ADDED Viewed

@@ -0,0 +1,105 @@
+module Locomotive
+  module Steam
+    class AuthService
+      MIN_PASSWORD_LENGTH   = 6
+      RESET_TOKEN_LIFETIME  = 1 * 3600 # 6 hours in seconds
+      attr_accessor_initialize :entries, :email_service
+      def find_authenticated_resource(type, id)
+        entries.find(type, id)
+      end
+      def sign_in(options)
+        entry = entries.all(options.type, options.id_field => options.id).first
+        if entry
+          hashed_password = entry[:"#{options.password_field}_hash"]
+          password        = ::BCrypt::Engine.hash_secret(options.password, entry.send(options.password_field).try(:salt))
+          same_password   = secure_compare(password, hashed_password)
+          return [:signed_in, entry] if same_password
+        end
+        :wrong_credentials
+      end
+      # options is an instance of the AuthOptions class
+      def forgot_password(options, context)
+        entry = entries.all(options.type, options.id_field => options.id).first
+        if entry.nil?
+          :"wrong_#{options.id_field}"
+        else
+          entries.update_decorated_entry(entry, {
+            '_auth_reset_token'   => SecureRandom.hex,
+            '_auth_reset_sent_at' => Time.zone.now.iso8601
+          })
+          context['reset_password_url'] = options.reset_password_url + '?auth_reset_token=' + entry['_auth_reset_token']
+          context[options.type.singularize] = entry
+          send_reset_password_instructions(options, context)
+          :"reset_#{options.password_field}_instructions_sent"
+        end
+      end
+      def reset_password(options)
+        return :invalid_token       if options.reset_token.blank?
+        return :password_too_short  if options.password.to_s.size < MIN_PASSWORD_LENGTH
+        entry = entries.all(options.type, '_auth_reset_token' => options.reset_token).first
+        if entry
+          sent_at = Time.parse(entry[:_auth_reset_sent_at]).to_i
+          now = Time.zone.now.to_i - RESET_TOKEN_LIFETIME
+          if sent_at >= now
+            entries.update_decorated_entry(entry, {
+              "#{options.password_field}_hash" => BCrypt::Password.create(options.password),
+              '_auth_reset_token'   => nil,
+              '_auth_reset_sent_at' => nil
+            })
+            return [:"#{options.password_field}_reset", entry]
+          end
+        end
+        :invalid_token
+      end
+      private
+      def send_reset_password_instructions(options, context)
+        email_options = { from: options.from, to: options.id, subject: options.subject, smtp: options.smtp }
+        if options.email_handle
+          email_options[:page_handle] = options.email_handle
+        else
+          email_options[:body] = <<-EMAIL
+Hi,
+To reset your password please follow the link below: #{context['reset_password_url']}.
+Thanks!
+EMAIL
+        end
+        email_service.send_email(email_options, context)
+      end
+      # https://github.com/plataformatec/devise/blob/88724e10adaf9ffd1d8dbfbaadda2b9d40de756a/lib/devise.rb#L485
+      def secure_compare(a, b)
+        return false if a.blank? || b.blank? || a.bytesize != b.bytesize
+        l = a.unpack "C#{a.bytesize}"
+        res = 0
+        b.each_byte { |byte| res |= byte ^ l.shift }
+        res == 0
+      end
+    end
+  end
+end