locomotivecms_steam 1.3.0.rc2 → 1.3.0

data/lib/locomotive/steam/services/auth_service.rb

@@ -6,26 +6,50 @@ module Locomotive
       MIN_PASSWORD_LENGTH   = 6
       RESET_TOKEN_LIFETIME  = 1 * 3600 # 6 hours in seconds
 
-      attr_accessor_initialize :entries, :email_service
+      attr_accessor_initialize :site, :entries, :email_service
 
       def find_authenticated_resource(type, id)
         entries.find(type, id)
       end
 
-      def sign_in(options)
+      def sign_up(options, context, request = nil)
+        entry = entries.create(options.type, options.entry) do |_entry|
+          _entry.extend(ContentEntryAuth)
+          _entry[:_password_field] = options.password_field.to_sym
+        end
+
+        if entry.errors.empty?
+          notify(:signed_up, entry, request)
+          context[options.type.singularize] = entry
+          send_welcome_email(options, context)
+        end
+
+        [entry.errors.empty? ? :entry_created : :invalid_entry, entry]
+      end
+
+      def sign_in(options, request)
         entry = entries.all(options.type, options.id_field => options.id).first
 
-        if entry
+        if entry && entry.send(options.password_field)
           hashed_password = entry[:"#{options.password_field}_hash"]
           password        = ::BCrypt::Engine.hash_secret(options.password, entry.send(options.password_field).try(:salt))
           same_password   = secure_compare(password, hashed_password)
 
-          return [:signed_in, entry] if same_password
+          if same_password
+            notify(:signed_in, entry, request)
+            return [:signed_in, entry]
+          end
         end
 
         :wrong_credentials
       end
 
+      def sign_out(entry, request)
+        notify(:signed_out, entry, request)
+
+        :signed_out
+      end
+
       # options is an instance of the AuthOptions class
       def forgot_password(options, context)
         entry = entries.all(options.type, options.id_field => options.id).first
@@ -73,17 +97,31 @@ module Locomotive
 
       private
 
+      def send_welcome_email(options, context)
+        return if options.disable_email
+
+        send_email options, context, <<-EMAIL
+Hi,
+You've been successfully registered.
+Thanks!
+EMAIL
+      end
+
       def send_reset_password_instructions(options, context)
+        send_email options, context, <<-EMAIL
+Hi,
+To reset your password please follow the link below: #{context['reset_password_url']}.
+Thanks!
+EMAIL
+      end
+
+      def send_email(options, context, default_body)
         email_options = { from: options.from, to: options.id, subject: options.subject, smtp: options.smtp }
 
         if options.email_handle
           email_options[:page_handle] = options.email_handle
         else
-          email_options[:body] = <<-EMAIL
-Hi,
-To reset your password please follow the link below: #{context['reset_password_url']}.
-Thanks!
-EMAIL
+          email_options[:body] = default_body
         end
 
         email_service.send_email(email_options, context)
@@ -99,6 +137,52 @@ EMAIL
         res == 0
       end
 
+      def notify(action, entry, request)
+        ActiveSupport::Notifications.instrument("steam.auth.#{action}",
+          site:     site,
+          entry:    entry,
+          locale:   entries.locale,
+          request:  request
+        )
+      end
+
+      # Module inject to the content entry to enable
+      # related authentication methods.
+      #
+      module ContentEntryAuth
+
+        def valid?
+          super
+
+          name          = self[:_password_field]
+          password      = self[name]
+          confirmation  = self["#{name}_confirmation"]
+
+          if password.to_s.size < Locomotive::Steam::AuthService::MIN_PASSWORD_LENGTH
+            self.errors.add(name, :too_short, count: Locomotive::Steam::AuthService::MIN_PASSWORD_LENGTH)
+          end
+
+          if !password.blank? && password != confirmation
+            self.errors.add("#{name}_confirmation", :confirmation, attribute: self._label_of(name))
+          end
+
+          set_password(password) if self.errors.empty?
+
+          self.errors.empty?
+        end
+
+        private
+
+        def set_password(password)
+          self[:"#{self[:_password_field]}_hash"] = BCrypt::Password.create(password)
+
+          name = self.attributes.delete(:_password_field)
+
+          self.attributes.delete_if { |_name| _name == name || _name == "#{name}_confirmation" }
+        end
+
+      end
+
     end
 
   end

data/lib/locomotive/steam/services/content_entry_service.rb

@@ -28,6 +28,9 @@ module Locomotive
       def create(type_slug, attributes, as_json = false)
         with_repository(type_slug) do |_repository|
           entry = _repository.build(clean_attributes(attributes))
+
+          yield(entry) if block_given?
+
           decorated_entry = i18n_decorate { entry }
 
           if validate(_repository, decorated_entry)
@@ -130,7 +133,7 @@ module Locomotive
         # fields marked as unique
         content_type_repository.look_for_unique_fields(entry.content_type).each do |name, _|
           if _repository.exists?(name => entry.send(name))
-            entry.errors.add(name, :unique)
+            entry.errors.add(name, :taken)
           end
         end
 

data/lib/locomotive/steam/version.rb

@@ -3,6 +3,6 @@
 # 1.0.0-alpha < 1.0.0-alpha.1 < 1.0.0-alpha.beta < 1.0.0-beta < 1.0.0-beta.2 < 1.0.0-beta.11 < 1.0.0-rc.1 < 1.0.0
 module Locomotive
   module Steam
-    VERSION = '1.3.0.rc2'
+    VERSION = '1.3.0'
   end
 end

data/locomotivecms_steam.gemspec

@@ -18,35 +18,35 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency 'bundler',    '~> 1.7'
   spec.add_development_dependency 'rake',       '~> 10.4.2'
 
-  spec.add_development_dependency 'mongo',      '~> 2.4.1'
-  spec.add_development_dependency 'origin',     '~> 2.3.0'
+  spec.add_development_dependency 'mongo',      '~> 2.4.3'
+  spec.add_development_dependency 'origin',     '~> 2.3.1'
 
-  spec.add_dependency 'nokogiri',               '~> 1.7.0.1'
-  spec.add_dependency 'sanitize',               '~> 4.4.0'
+  spec.add_dependency 'nokogiri',               '~> 1.8.1'
+  spec.add_dependency 'sanitize',               '~> 4.5.0'
   spec.add_dependency 'morphine',               '~> 0.1.1'
-  spec.add_dependency 'httparty',               '~> 0.14.0'
+  spec.add_dependency 'httparty',               '~> 0.15.6'
   spec.add_dependency 'chronic',                '~> 0.10.2'
   spec.add_dependency 'bcrypt',                 '~> 3.1.11'
 
   spec.add_dependency 'rack-rewrite',           '~> 1.5.1'
   spec.add_dependency 'rack-cache',             '~> 1.7.0'
   spec.add_dependency 'rack_csrf',              '~> 2.6.0'
-  spec.add_dependency 'dragonfly',              '~> 1.1.1'
+  spec.add_dependency 'dragonfly',              '~> 1.1.4'
   spec.add_dependency 'moneta',                 '~> 1.0.0'
 
   spec.add_dependency 'sprockets',              '~> 3.7.1'
-  spec.add_dependency 'sass',                   '~> 3.4.23'
-  spec.add_dependency 'uglifier',               '~> 3.1.6'
+  spec.add_dependency 'sass',                   '~> 3.4.25'
+  spec.add_dependency 'uglifier',               '~> 4.1.3'
   spec.add_dependency 'coffee-script',          '~> 2.4.1'
   spec.add_dependency 'compass',                '~> 1.0.3'
   spec.add_dependency 'autoprefixer-rails',     '~> 6.7.2'
 
-  spec.add_dependency 'kramdown',               '~> 1.13.2'
+  spec.add_dependency 'kramdown',               '~> 1.16.2'
   spec.add_dependency 'RedCloth',               '~> 4.3.2'
   spec.add_dependency 'mimetype-fu',            '~> 0.1.2'
   spec.add_dependency 'mime-types',             '~> 3.1.0'
   spec.add_dependency 'duktape',                '~> 1.6.1.0'
-  spec.add_dependency 'pony',                   '~> 1.11'
+  spec.add_dependency 'pony',                   '~> 1.12'
 
   spec.add_dependency 'locomotivecms-solid',      '~> 4.0.1'
   spec.add_dependency 'locomotivecms_common',     '~> 0.2.0'

data/spec/fixtures/default/app/content_types/accounts.yml

@@ -47,7 +47,8 @@ fields:
 - email: # The lowercase, underscored name of the field
     label: Email # Human readable name of the field
     type: email
-    required: false
+    required: true
+    unique: true
     hint: Explanatory text displayed in the back office
     localized: false
 

data/spec/fixtures/default/app/content_types/songs.yml

@@ -14,8 +14,8 @@ fields:
 - cover:
     label: Cover
     type: file
-    required: true
-    # localized: true # required when pushing the site with Wagon
+    required: false
+    #localized: true # required when pushing the site with Wagon
 - short_description:
     type: text
     text_formatting: html

data/spec/fixtures/default/app/views/pages/account/sign_up.liquid

@@ -0,0 +1,52 @@
+---
+title: Sign up
+listed: false
+published: true
+handle: sign_up
+---
+{% extends 'index' %}
+
+{% block content %}
+
+<h1>Sign up</h1>
+
+{% if current_account %}
+  <div class="alert alert-warning">
+    You're already authenticated!
+  </div>
+{% else %}
+
+  <form action="{% path_to 'sign_up' %}" method="POST">
+    <input type="hidden" name="auth_action" value="sign_up" />
+    <input type="hidden" name="auth_content_type" value="accounts" />
+    <input type="hidden" name="auth_id_field" value="email" />
+    <input type="hidden" name="auth_password_field" value="password" />
+    <input type="hidden" name="auth_callback" value="{% path_to sign_in %}" />
+
+    <div class="form-group">
+      <label for="auth-name">Your name</label>
+      <input type="text" name="auth_entry[name]" class="form-control" id="auth-name" placeholder="Name">
+    </div>
+    <div class="form-group">
+      <label for="auth-email">Your E-mail</label>
+      <input type="email" name="auth_entry[email]" class="form-control" id="auth-email" placeholder="Email">
+    </div>
+    <div class="form-group">
+      <label for="auth-password">Password</label>
+      {% if auth_entry.errors.password.size > 0 %}
+      <span class="inline-error">{{ auth_entry.errors.password.first }}</span>
+      {% endif %}
+      <input type="password" name="auth_entry[password]" class="form-control" id="auth-password" placeholder="Password">
+    </div>
+    <div class="form-group">
+      <label for="auth-password">Password confirmation</label>
+      {% if auth_entry.errors.password_confirmation.size > 0 %}
+      <span class="inline-error">{{ auth_entry.errors.password_confirmation.first }}</span>
+      {% endif %}
+      <input type="password" name="auth_entry[password_confirmation]" class="form-control" id="auth-password" placeholder="Password confirmation">
+    </div>
+    <button type="submit" class="btn btn-default">Create account</button>
+  </form>
+{% endif %}
+
+{% endblock %}

data/spec/fixtures/default/config/translations.yml

@@ -25,3 +25,7 @@ auth_invalid_token:
 auth_password_too_short:
   en: "Your password is too short"
   fr: "Votre mot de passe est trop court"
+
+auth_password_different_from_confirmation:
+  en: "Your password doesn't match the confirmation"
+  fr: "Votre mot de passe ne correspond à la confirmation"

data/spec/fixtures/default/data/accounts.yml

@@ -3,7 +3,7 @@
     password: 'easyone'
 
 - "Jane":
-    email: 'john@doe.net'
+    email: 'jane@doe.net'
     password: 'anotherone'
     _auth_reset_token: '420000000000000'
     _auth_reset_sent_at: '2020-01-01T15:00:00.000Z'

data/spec/fixtures/default/data/songs.yml

@@ -11,6 +11,7 @@
     cover:
       en: /samples/asset_collections/cover.jpg
       fr: /samples/photo_2.jpg
+      nb: /samples/photo_2.jpg
     band: pearl-jam
 - "Song #3":
     duration: "6:28"

data/spec/fixtures/mongodb/locomotive_accounts.metadata.json

@@ -1 +1 @@
-{"options":{},"indexes":[{"v":1,"key":{"_id":1},"name":"_id_","ns":"locomotive_engine_dev.locomotive_accounts"}]}
+{"options":{},"indexes":[{"v":1,"key":{"_id":1},"name":"_id_","ns":"locomotive_engine_wagon_dev.locomotive_accounts"}]}

data/spec/fixtures/mongodb/locomotive_activities.metadata.json

@@ -1 +1 @@
-{"options":{},"indexes":[{"v":1,"key":{"_id":1},"name":"_id_","ns":"locomotive_engine_dev.locomotive_activities"}]}
+{"options":{},"indexes":[{"v":1,"key":{"_id":1},"name":"_id_","ns":"locomotive_engine_wagon_dev.locomotive_activities"}]}

data/spec/fixtures/mongodb/locomotive_content_assets.metadata.json

@@ -1 +1 @@
-{"options":{},"indexes":[{"v":1,"key":{"_id":1},"name":"_id_","ns":"locomotive_engine_dev.locomotive_content_assets"}]}
+{"options":{},"indexes":[{"v":1,"key":{"_id":1},"name":"_id_","ns":"locomotive_engine_wagon_dev.locomotive_content_assets"}]}

data/spec/fixtures/mongodb/locomotive_content_entries.metadata.json

@@ -1 +1 @@
-{"options":{},"indexes":[{"v":1,"key":{"_id":1},"name":"_id_","ns":"locomotive_engine_dev.locomotive_content_entries"}]}
+{"options":{},"indexes":[{"v":1,"key":{"_id":1},"name":"_id_","ns":"locomotive_engine_wagon_dev.locomotive_content_entries"}]}

data/spec/fixtures/mongodb/locomotive_content_types.metadata.json

@@ -1 +1 @@
-{"options":{},"indexes":[{"v":1,"key":{"_id":1},"name":"_id_","ns":"locomotive_engine_dev.locomotive_content_types"}]}
+{"options":{},"indexes":[{"v":1,"key":{"_id":1},"name":"_id_","ns":"locomotive_engine_wagon_dev.locomotive_content_types"}]}

data/spec/fixtures/mongodb/locomotive_pages.metadata.json

@@ -1 +1 @@
-{"options":{},"indexes":[{"v":1,"key":{"_id":1},"name":"_id_","ns":"locomotive_engine_dev.locomotive_pages"}]}
+{"options":{},"indexes":[{"v":1,"key":{"_id":1},"name":"_id_","ns":"locomotive_engine_wagon_dev.locomotive_pages"}]}

data/spec/fixtures/mongodb/locomotive_sites.metadata.json

@@ -1 +1 @@
-{"options":{},"indexes":[{"v":1,"key":{"_id":1},"name":"_id_","ns":"locomotive_engine_dev.locomotive_sites"}]}
+{"options":{},"indexes":[{"v":1,"key":{"_id":1},"name":"_id_","ns":"locomotive_engine_wagon_dev.locomotive_sites"}]}

data/spec/fixtures/mongodb/locomotive_snippets.metadata.json

@@ -1 +1 @@
-{"options":{},"indexes":[{"v":1,"key":{"_id":1},"name":"_id_","ns":"locomotive_engine_dev.locomotive_snippets"}]}
+{"options":{},"indexes":[{"v":1,"key":{"_id":1},"name":"_id_","ns":"locomotive_engine_wagon_dev.locomotive_snippets"}]}

data/spec/fixtures/mongodb/locomotive_theme_assets.metadata.json

@@ -1 +1 @@
-{"options":{},"indexes":[{"v":1,"key":{"_id":1},"name":"_id_","ns":"locomotive_engine_dev.locomotive_theme_assets"}]}
+{"options":{},"indexes":[{"v":1,"key":{"_id":1},"name":"_id_","ns":"locomotive_engine_wagon_dev.locomotive_theme_assets"}]}

data/spec/fixtures/mongodb/locomotive_translations.metadata.json

@@ -1 +1 @@
-{"options":{},"indexes":[{"v":1,"key":{"_id":1},"name":"_id_","ns":"locomotive_engine_dev.locomotive_translations"}]}
+{"options":{},"indexes":[{"v":1,"key":{"_id":1},"name":"_id_","ns":"locomotive_engine_wagon_dev.locomotive_translations"}]}

data/spec/integration/repositories/content_entry_repository_spec.rb

@@ -116,7 +116,7 @@ describe Locomotive::Steam::ContentEntryRepository do
 
       let(:site_id)   { mongodb_site_id }
       let(:adapter)   { Locomotive::Steam::MongoDBAdapter.new(database: 'steam_test', hosts: ['127.0.0.1:27017']) }
-      let(:entry_id)  { BSON::ObjectId.from_string('5829ffa087f6435971756881') }
+      let(:entry_id)  { BSON::ObjectId.from_string('5943b4dd87f6430cf23b814d') }
 
     end
 

data/spec/integration/repositories/page_repository_spec.rb

@@ -14,7 +14,7 @@ describe Locomotive::Steam::PageRepository do
     describe '#all' do
       let(:conditions) { {} }
       subject { repository.all(conditions) }
-      it { expect(subject.size).to eq 33 }
+      it { expect(subject.size).to eq 34 }
 
       context 'with conditions' do
         let(:conditions) { { fullpath: 'index', 'slug.ne' => '404' } }
@@ -34,7 +34,7 @@ describe Locomotive::Steam::PageRepository do
 
     describe '#only_handle_and_fullpath' do
       subject { repository.only_handle_and_fullpath }
-      it { expect(subject.size).to eq 8 }
+      it { expect(subject.size).to eq 9 }
     end
 
     describe '#by_fullpath' do

data/spec/integration/repositories/theme_asset_repository_spec.rb

@@ -26,7 +26,7 @@ describe Locomotive::Steam::ThemeAssetRepository do
     describe '#checksums' do
       subject { repository.checksums }
       it { expect(subject.size).to eq 16 }
-      it { expect(subject['stylesheets/application.css']).to eq 'f431407c21db339b7759c2d7ded2553f' }
+      it { expect(subject['stylesheets/application.css']).to eq 'f06835e254f0d1b8363aae754525c723' }
     end
 
   end

data/spec/integration/repositories/translation_repository_spec.rb

@@ -13,7 +13,7 @@ describe Locomotive::Steam::TranslationRepository do
 
     describe '#all' do
       subject { repository.all }
-      it { expect(subject.size).to eq 7 }
+      it { expect(subject.size).to eq 8 }
     end
 
     describe '#by_key' do

data/spec/integration/server/assets_spec.rb

@@ -21,7 +21,7 @@ describe Locomotive::Steam::Server do
     subject { get '/all'; last_response.body }
 
     it { is_expected.to include('<link href="/stylesheets/application.css" media="screen" rel="stylesheet" type="text/css" />') }
-    it { is_expected.to include('<script src="/javascripts/application.js" type=\'text/javascript\'></script>') }
+    it { is_expected.to include("<script src='/javascripts/application.js' type=\'text/javascript\'></script>") }
     it { is_expected.to include('<link rel="alternate" type="application/atom+xml" title="A title" href="/foo/bar" />') }
 
   end

data/spec/integration/server/auth_spec.rb

@@ -8,6 +8,76 @@ describe 'Authentication' do
     run_server
   end
 
+  describe 'sign up action' do
+
+    it 'renders the form' do
+      get '/account/sign-up'
+      expect(last_response.body).to include '/account/sign-up'
+    end
+
+    describe 'press the sign up button' do
+
+      let(:params) { {
+        auth_action:          'sign_up',
+        auth_content_type:    'accounts',
+        auth_id_field:        'email',
+        auth_password_field:  'password',
+        auth_callback:        '/account/me',
+        auth_entry: {
+          name:                   'Chris Cornell',
+          email:                  'chris@soundgarden.band',
+          password:               'easyone',
+          password_confirmation:  'easyone'
+        }
+      } }
+
+      it 'redirects to the callback' do
+        sign_up(params)
+        expect(last_response.status).to eq 301
+        expect(last_response.location).to eq '/account/me'
+      end
+
+      it 'displays the profile page as described in the params' do
+        params[:auth_entry][:email] = 'chris.cornell@soundgarden.band'
+        sign_up(params, true)
+        expect(last_response.body).to include "My name is Chris Cornell and I'm logged in!"
+      end
+
+      context 'wrong parameters' do
+
+        let(:params) { {
+          auth_action:          'sign_up',
+          auth_content_type:    'accounts',
+          auth_id_field:        'email',
+          auth_password_field:  'password',
+          auth_callback:        '/account/me',
+          auth_entry: {
+            name:                   'Chris Cornell',
+            email:                  'chris@soundgarden.band',
+            password:               'easyone',
+            password_confirmation:  'easyone2'
+          }
+        } }
+
+        it 'renders the sign up page with an error message' do
+          sign_up(params)
+          expect(last_response.status).to eq 200
+          expect(last_response.body).to include '/account/sign-up'
+          expect(last_response.body).to include "doesn't match password"
+        end
+
+      end
+
+      def sign_up(params, follow_redirect = false)
+        post '/account/sign-up', params
+        follow_redirect! if follow_redirect
+        last_response
+      end
+
+    end
+
+  end
+
   describe 'sign in action' do
 
     it 'renders the form' do