locomotivecms_steam 1.5.0.beta3 → 1.5.0.rc0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: bd4a12f87c87fc5603766c1b2358615b820c4c74a1de3808afc1446289883337
-  data.tar.gz: e1c94bb3d492bd893409cd491fb74093666958286544a6f7bea749d5786ae508
+  metadata.gz: 2811bbc4085bab4ef718204d051285c1922ec6208d8173c0f2f7d21996eed632
+  data.tar.gz: dc8b0c4d1b7ec7a85006511f8aad93647e4fa7e1a12dda2fde0dc20f1cabb9b5
 SHA512:
-  metadata.gz: 4413660fd7eb9284d6c92b88830864e7507d8757f1edc198628131c889d48c5373c68e54749b6c15b1964d19536215d7e7247344bd8784cd1aae7c48f48f5afc
-  data.tar.gz: 2ef38c06b49efc2a5e3923db8935c5483618baf62f0f38699139aa339b29dbc05995eecbb7333ccca32ae20f1954dd9d535ee14cffab5fa0907516d2a3987295
+  metadata.gz: a4b744dfee082181c392bb21c56ff4f9a9d761be3066405ff17bc3007a25f3a519dc266bc409d39eb55ee6ea76ab1525b35daacdd17ef900d13637351a17c6b9
+  data.tar.gz: fc28966e95e7e9809aa7e3f153d7343d610659602d39af2c92364bd2213be064ed4b6d270b07b1eefd4c5e8fa3150e57821c5db2b58c92147708c4f911ea7b06

data/Gemfile

@@ -35,7 +35,3 @@ group :test do
   gem 'codeclimate-test-reporter',  '~> 0.4.7',   require: false
   gem 'coveralls',                  '~> 0.8.1',   require: false
 end
-
-platform :ruby do
-  ruby '2.5.0'
-end

data/Gemfile.lock

@@ -12,7 +12,7 @@ GIT
 PATH
   remote: .
   specs:
-    locomotivecms_steam (1.5.0.beta3)
+    locomotivecms_steam (1.5.0.rc0)
       RedCloth (~> 4.3.2)
       autoprefixer-rails (~> 8.0.0)
       bcrypt (~> 3.1.11)
@@ -120,7 +120,7 @@ GEM
     memory_profiler (0.9.12)
     mime-types (3.1)
       mime-types-data (~> 3.2015)
-    mime-types-data (3.2018.0812)
+    mime-types-data (3.2019.0331)
     mimetype-fu (0.1.2)
     mini_mime (1.0.1)
     mini_portile2 (2.3.0)
@@ -136,7 +136,7 @@ GEM
     nokogumbo (1.5.0)
       nokogiri
     origin (2.3.1)
-    pony (1.13)
+    pony (1.13.1)
       mail (>= 2.0)
     public_suffix (3.0.3)
     puma (3.12.0)
@@ -218,8 +218,5 @@ DEPENDENCIES
   stackprof
   timecop (~> 0.9.1)
 
-RUBY VERSION
-   ruby 2.5.0p0
-
 BUNDLED WITH
    1.17.3

data/README.md

@@ -59,6 +59,39 @@ see the list in the issues section.
 4. Push to the branch (`git push origin my-new-feature`)
 5. Create new Pull Request
 
+## Running test with docker
+
+A docker configuration is included in this repository, you can run all the tests with the following procedure
+
+First run a bash shell inside the container
+
+```
+docker-compose run steam gosu ubuntu bash
+```
+
+Now you are inside the container you can
+
+Init the database with demo data
+
+```
+rake mongodb:test:seed
+```
+
+Run all the test with
+
+```
+rake spec
+```
+
+Run specific test with rspec
+
+```
+rspec spec/unit/middlewares/locale_spec.rb
+
+```
+
+Note: you do not need to prefix with bundle exec as the docky-ruby image already add it automatically
+
 ## License
 
 Copyright (c) 2018 NoCoffee. MIT Licensed, see MIT-LICENSE for details.

data/Rakefile

@@ -13,17 +13,22 @@ namespace :mongodb do
     task :seed do
       root_path = File.expand_path(File.dirname(__FILE__))
       db_path   = File.join(root_path, 'spec', 'fixtures', 'mongodb')
+      if ENV['MONGO_HOST']
+        host = "--host=#{ENV['MONGO_HOST']}"
+      else
+        host = ""
+      end
 
       if database = ENV['DATABASE']
         dump_path = File.join(root_path, 'dump', database)
 
         `rm -rf #{db_path}`
-        `mongodump --db #{database}`
+        `mongodump --db #{database} #{host}`
         `mv #{dump_path} #{db_path}`
       end
 
-      `mongo steam_test_1_5_x --eval "db.dropDatabase()"`
-      `mongorestore -d steam_test_1_5_x #{db_path}`
+      `mongo steam_test_1_5_x --eval "db.dropDatabase()" #{host}`
+      `mongorestore -d steam_test_1_5_x #{db_path} #{host}`
 
       puts "Done! Update now the spec/support/helpers.rb file by setting the new id of the site returned by the mongodb_site_id method"
     end

data/docker-compose.yml

@@ -0,0 +1,15 @@
+services:
+  db:
+    image: mongo:3
+    volumes:
+      - ./data/db:/data/db
+  steam:
+    image: quay.io/akretion/docky-ruby:latest
+    environment:
+      - MONGO_HOST=db
+    volumes:
+      - .:/workspace
+      - ./bundle:/usr/local/bundle
+    depends_on:
+      - db
+version: '3'

data/lib/locomotive/steam/entities/content_type.rb

@@ -13,8 +13,9 @@ module Locomotive::Steam
 
     def initialize(attributes = {})
       super({
-        order_by:         '_position',
-        order_direction:  'asc'
+        order_by:           '_position',
+        order_direction:    'asc',
+        recaptcha_required: false
       }.merge(attributes))
     end
 
@@ -68,5 +69,9 @@ module Locomotive::Steam
       { name.to_sym => self.order_direction.to_s }
     end
 
+    def recaptcha_required?
+      !!self.recaptcha_required
+    end
+
   end
 end

data/lib/locomotive/steam/liquid/drops/section_content_proxy.rb

@@ -85,6 +85,10 @@ module Locomotive
             @new_window
           end
 
+          def new_window_attribute
+            !!@new_window ? 'target="_blank"' : ''
+          end
+
           def to_s
             @url
           end

data/lib/locomotive/steam/liquid/filters/translate.rb

@@ -15,6 +15,8 @@ module Locomotive
             @context.registers[:services].translator.translate(input, options) || input
           end
 
+          alias t translate
+
         end
 
         ::Liquid::Template.register_filter(Translate)

data/lib/locomotive/steam/liquid/tags/link_to.rb

@@ -18,7 +18,10 @@ module Locomotive
                 end
               end
 
-              %{<a href="#{path}">#{label}</a>}
+              tag_href  = %(href="#{path}")
+              tag_class = %( class="#{css}") if css.present?
+
+              %{<a #{tag_href}#{tag_class}>#{label}</a>}
             end
           end
 
@@ -36,6 +39,10 @@ module Locomotive
             end
           end
 
+          def css
+            @path_options[:class]
+          end
+
         end
 
         ::Liquid::Template.register_tag('link_to', LinkTo)

data/lib/locomotive/steam/liquid/tags/model_form.rb

@@ -27,7 +27,7 @@ module Locomotive
             form_attributes = prepare_form_attributes(options)
 
             html_content_tag :form,
-              content_type_html(name) + csrf_html + callbacks_html(options) + yield,
+              content_type_html(name) + csrf_html + callbacks_html(options) + recaptcha_html(options) + yield,
               form_attributes
           end
 
@@ -47,6 +47,12 @@ module Locomotive
             end.join('')
           end
 
+          def recaptcha_html(options)
+            return '' if options[:recaptcha] != true
+
+            html_tag :input, type: 'hidden', name: 'g-recaptcha-response', id: 'g-recaptcha-response'
+          end
+
           private
 
           def html_content_tag(name, content, options = {})

data/lib/locomotive/steam/middlewares/auth.rb

@@ -14,6 +14,8 @@ module Locomotive::Steam
     class Auth < ThreadSafe
 
       include Concerns::Helpers
+      include Concerns::AuthHelpers
+      include Concerns::Recaptcha
 
       def _call
         load_authenticated_entry
@@ -28,7 +30,7 @@ module Locomotive::Steam
       private
 
       def sign_up(options)
-        return if authenticated?
+        return if authenticated? || !is_recaptcha_valid?(options.type, options.recaptcha_response)
 
         status, entry = services.auth.sign_up(options, default_liquid_context, request)
 
@@ -62,6 +64,8 @@ module Locomotive::Steam
 
         store_authenticated(nil)
 
+        redirect_to options.callback || path
+
         append_message(:signed_out)
       end
 
@@ -91,26 +95,11 @@ module Locomotive::Steam
         entry_id   = request.session[:authenticated_entry_id]
 
         if entry = services.auth.find_authenticated_resource(entry_type, entry_id)
-          env['authenticated_entry'] = entry
+          env['steam.authenticated_entry'] = entry
           liquid_assigns["current_#{entry_type.singularize}"] = entry
         end
       end
 
-      def authenticated?
-        !!env['authenticated_entry']
-      end
-
-      def store_authenticated(entry)
-        type = entry ? entry.content_type.slug : request.session[:authenticated_entry_type]
-
-        request.session[:authenticated_entry_type]  = type.to_s
-        request.session[:authenticated_entry_id]    = entry.try(:_id).to_s
-
-        log "[Auth] authenticated #{type.to_s.singularize} ##{entry.try(:_id).to_s}"
-
-        liquid_assigns["current_#{type.singularize}"] = entry
-      end
-
       def append_message(message)
         log "[Auth] status message = #{message.inspect}"
 
@@ -192,6 +181,10 @@ module Locomotive::Steam
           @config ||= _read_smtp_config
         end
 
+        def recaptcha_response
+          params["g-recaptcha-response"]
+        end
+
         def smtp
           if smtp_config.blank?
             {}

data/lib/locomotive/steam/middlewares/concerns/auth_helpers.rb

@@ -0,0 +1,30 @@
+module Locomotive::Steam
+  module Middlewares
+    module Concerns
+      module AuthHelpers
+
+        def authenticated?
+          !!env['steam.authenticated_entry']
+        end
+
+        def authenticated_entry_type
+          request.session[:authenticated_entry_type]
+        end
+
+        def store_authenticated(entry)
+          type = entry ? entry.content_type.slug : authenticated_entry_type
+
+          request.session[:authenticated_entry_type]  = type.to_s
+          request.session[:authenticated_entry_id]    = entry&._id.to_s
+
+          env['steam.authenticated_entry'] = nil if entry.nil?
+
+          log "[Auth] authenticated #{type.to_s.singularize} ##{entry&._id.to_s}"
+
+          liquid_assigns["current_#{type.singularize}"] = entry
+        end
+
+      end
+    end
+  end
+end

data/lib/locomotive/steam/middlewares/concerns/helpers.rb

@@ -4,7 +4,7 @@ module Locomotive::Steam
       module Helpers
 
         def html?
-          ['text/html', 'application/x-www-form-urlencoded', 'multipart/form-data'].include?(self.request.media_type) &&
+          [nil, 'text/html', 'application/x-www-form-urlencoded', 'multipart/form-data'].include?(self.request.media_type) &&
           !self.request.xhr? &&
           !self.json?
         end
@@ -15,7 +15,7 @@ module Locomotive::Steam
 
         def render_response(content, code = 200, type = nil)
           _headers = env['steam.headers'] || {}
-
+          inject_cookies(_headers)
           @next_response = [
             code,
             { 'Content-Type' => type || 'text/html' }.merge(_headers),
@@ -28,7 +28,17 @@ module Locomotive::Steam
 
           self.log "Redirected to #{_location}".blue
 
-          @next_response = [type, { 'Content-Type' => 'text/html', 'Location' => _location }, []]
+          headers = { 'Content-Type' => 'text/html', 'Location' => _location }
+          inject_cookies(headers)
+
+          @next_response = [type, headers, []]
+        end
+
+        def inject_cookies(headers)
+          _cookies = env['steam.cookies'] || {}
+          _cookies.each do |key, vals|
+            Rack::Utils.set_cookie_header!(headers, key, vals.symbolize_keys!)
+          end
         end
 
         def modify_path(path = nil, &block)

data/lib/locomotive/steam/middlewares/concerns/liquid_context.rb

@@ -22,7 +22,7 @@ module Locomotive::Steam
             params:         params,
             session:        request.session,
             cookies:        request.cookies
-          }
+          }.merge(env['steam.liquid_registers'])
         end
 
         def liquid_assigns

data/lib/locomotive/steam/middlewares/concerns/recaptcha.rb

@@ -0,0 +1,30 @@
+module Locomotive::Steam
+  module Middlewares
+    module Concerns
+      module Recaptcha
+
+        def is_recaptcha_valid?(slug, response_code)
+          !is_recaptcha_required?(slug) || is_recaptcha_verified?(response_code)
+        end
+
+        def is_recaptcha_required?(slug)
+          type = services.content_entry.get_type(slug)
+          type&.recaptcha_required?
+        end
+
+        def is_recaptcha_verified?(response_code)
+          services.recaptcha.verify(response_code).tap do |valid|
+            liquid_assigns['recaptcha_invalid'] = !valid
+          end
+        end
+
+        def build_invalid_recaptcha_entry(slug, entry_attributes)
+          services.content_entry.build(slug, entry_attributes).tap do |entry|
+            entry.errors.add(:recaptcha_invalid, true)
+          end
+        end
+
+      end
+    end
+  end
+end

data/lib/locomotive/steam/middlewares/default_env.rb

@@ -8,9 +8,11 @@ module Locomotive::Steam
       def call(env)
         request = Rack::Request.new(env)
 
-        env['steam.request']        = request
-        env['steam.services']       = build_services(request)
-        env['steam.liquid_assigns'] = {}
+        env['steam.request']          = request
+        env['steam.services']         = build_services(request)
+        env['steam.liquid_registers'] = {}
+        env['steam.liquid_assigns']   = {}
+        env['steam.cookies'] = {}
 
         app.call(env)
       end

data/lib/locomotive/steam/middlewares/entry_submission.rb

@@ -6,6 +6,7 @@ module Locomotive::Steam
     class EntrySubmission < ThreadSafe
 
       include Concerns::Helpers
+      include Concerns::Recaptcha
 
       HTTP_REGEXP             = /^https?:\/\//o
       ENTRY_SUBMISSION_REGEXP = /^\/entry_submissions\/(\w+)/o
@@ -141,7 +142,9 @@ module Locomotive::Steam
       #
       #
       def create_entry(slug)
-        if entry = entry_submission.submit(slug, entry_attributes)
+        if !is_recaptcha_valid?(slug, params[:'g-recaptcha-response'])
+          build_invalid_recaptcha_entry(slug, entry_attributes)
+        elsif entry = entry_submission.submit(slug, entry_attributes)
           entry
         else
           raise %{Unknown content type "#{slug}" or public_submission_enabled property not true}

data/lib/locomotive/steam/middlewares/impersonated_entry.rb

@@ -0,0 +1,73 @@
+module Locomotive::Steam
+  module Middlewares
+
+    # If an account defined by a content type was impersonated from the back-office,
+    # load the entry and sign her/him in automatically.
+    #
+    # Besides, display a small banner at the top of the page in order to let
+    # the administrator stop the impersonation of the account.
+    #
+    class ImpersonatedEntry < ThreadSafe
+
+      include Concerns::Helpers
+      include Concerns::AuthHelpers
+
+      def _call
+        if params[:impersonating] == 'stop'
+          # sign out the current user
+          store_authenticated(nil)
+
+          # leave the impersonating mode
+          request.session[:authenticated_impersonation] = '0'
+
+          # redirect the user to the same page
+          redirect_to path, 302
+        elsif authenticated? && is_impersonating?
+          # useful if other middlewares need this information
+          env['steam.impersonating_authenticated_entry'] = true
+
+          # again, useful if the developer needs to add a "impersonate" button
+          # directly in her/his website in any Liquid template
+          liquid_assigns["is_impersonating_current_#{authenticated_entry_type.singularize}"] = true
+        end
+      end
+
+      def next
+        response = super
+
+        if authenticated? && is_impersonating? && html?
+          # get the authenticated entry from the Auth middleware
+          entry = env['steam.authenticated_entry']
+
+          # modify the HTML body by adding a banner at the bottom of the page
+          status, headers, body = response
+          [status, headers, [body.first.gsub(/(<body[^>]*>)/, '\1' +  banner_html(entry))]]
+        else
+          response
+        end
+      end
+
+      private
+
+      def is_impersonating?
+        request.session[:authenticated_impersonation] == '1'
+      end
+
+      def banner_html(entry)
+        <<-HTML
+<div
+  class="locomotive-impersonating-banner"
+  style="position: fixed; bottom: 0; left: 0; z-index: 9999; width: 100%;background: #61D5AB; text-align: center; color: #fff; padding: 1rem 0rem;"
+>
+  You're impersonating <b>#{entry._label}</b>.
+  <a href="?impersonating=stop" style="color: #fff; text-decoration: underline">
+    Stop impersonating
+  </a>
+</div>
+        HTML
+      end
+
+    end
+
+  end
+end