mno-enterprise-core 2.0.0

data/config/initializers/audit_log.rb

@@ -0,0 +1,5 @@
+# Somehow the whole config/ folder is loaded twice
+# To investigate
+unless defined? AUDIT_LOG_CONFIG
+  AUDIT_LOG_CONFIG = Rails.application.config_for('audit_log') rescue {}
+end

data/config/locales/devise.en.yml

@@ -0,0 +1,60 @@
+# Additional translations at https://github.com/plataformatec/devise/wiki/I18n
+
+en:
+  devise:
+    confirmations:
+      confirmed: "Your email address has been successfully confirmed."
+      send_instructions: "You will receive an email with instructions for how to confirm your email address in a few minutes."
+      send_paranoid_instructions: "If your email address exists in our database and is unconfirmed, you will receive an email with instructions in a few minutes."
+    failure:
+      already_authenticated: "You are already signed in."
+      inactive: "Your account is not activated yet."
+      invalid: "Invalid %{authentication_keys} or password."
+      locked: "Your account is locked."
+      last_attempt: "You have one more attempt before your account is locked."
+      not_found_in_database: "Invalid %{authentication_keys} or password."
+      timeout: "Your session expired. Please sign in again to continue."
+      unauthenticated: "You need to sign in or sign up before continuing."
+      unconfirmed: "You have to confirm your email address before continuing."
+    mailer:
+      confirmation_instructions:
+        subject: "Confirmation instructions"
+      reset_password_instructions:
+        subject: "Reset password instructions"
+      unlock_instructions:
+        subject: "Unlock instructions"
+    omniauth_callbacks:
+      failure: "Could not authenticate you from %{kind} because \"%{reason}\"."
+      success: "Successfully authenticated from %{kind} account."
+    passwords:
+      no_token: "You can't access this page without coming from a password reset email. If you do come from a password reset email, please make sure you used the full URL provided."
+      send_instructions: "You will receive an email with instructions on how to reset your password in a few minutes."
+      send_paranoid_instructions: "If your email address exists in our database, you will receive a password recovery link at your email address in a few minutes."
+      updated: "Your password has been changed successfully. You are now signed in."
+      updated_not_active: "Your password has been changed successfully."
+    registrations:
+      destroyed: "Bye! Your account has been successfully cancelled. We hope to see you again soon."
+      signed_up: "Welcome! You have signed up successfully."
+      signed_up_but_inactive: "You have signed up successfully. However, we could not sign you in because your account is not yet activated."
+      signed_up_but_locked: "You have signed up successfully. However, we could not sign you in because your account is locked."
+      signed_up_but_unconfirmed: "A message with a confirmation link has been sent to your email address. Please follow the link to activate your account."
+      update_needs_confirmation: "You updated your account successfully, but we need to verify your new email address. Please check your email and follow the confirm link to confirm your new email address."
+      updated: "Your account has been updated successfully."
+    sessions:
+      signed_in: "Signed in successfully."
+      signed_out: "Signed out successfully."
+      already_signed_out: "Signed out successfully."
+    unlocks:
+      send_instructions: "You will receive an email with instructions for how to unlock your account in a few minutes."
+      send_paranoid_instructions: "If your account exists, you will receive an email with instructions for how to unlock it in a few minutes."
+      unlocked: "Your account has been unlocked successfully. Please sign in to continue."
+  errors:
+    messages:
+      already_confirmed: "was already confirmed, please try signing in"
+      confirmation_period_expired: "needs to be confirmed within %{period}, please request a new one"
+      expired: "has expired, please request a new one"
+      not_found: "not found"
+      not_locked: "was not locked"
+      not_saved:
+        one: "1 error prohibited this %{resource} from being saved:"
+        other: "%{count} errors prohibited this %{resource} from being saved:"

data/config/routes.rb

@@ -0,0 +1,2 @@
+MnoEnterprise::Engine.routes.draw do
+end

data/config/styleguide.yml

@@ -0,0 +1,106 @@
+#
+# General Design Style
+design:
+  # Whether to enable angular-material or not
+  material: false
+
+#
+# Color Theme Palette
+# This section configures the overall theme. Any fine-tuning should be performed in the
+# variable.css file
+palette:
+  # Material colors
+  # Available palettes: 
+  # red, pink, purple, deep-purple, indigo, blue, light-blue, cyan, teal, green, 
+  # light-green, lime, yellow, amber, orange, deep-orange, brown, grey, blue-grey
+  #-------------------------
+  primary: blue-grey
+  accent: deep-purple
+  warn: red
+  background: grey
+  
+  # Main regular colors
+  #-------------------------------------------
+  # Dashboard background color
+  bg_main_color:                  '#aeb5bf' # light gray
+  
+  # Elements placed on top of bg-main-color
+  decorator_main_color:           '#758192' # dark gray
+  
+  # Elements placed on top of bg-main-color (secondary)
+  decorator_alt_color:            '#977bf0' # purple
+  
+  # Used for text used in the context of bg-main-color
+  text_strong_color:              '#17262d' # dark blue
+  
+  # Main inverse colors
+  #-------------------------------------------
+  # Background color used for dashboard menu. top banners, inverse modals
+  bg_inverse_color:               '#ffffff' # white
+  
+  # Background color for elements displayed on top of inverse elements
+  bg_on_bg_inverse_color:         '#cacfd6' # lighter gray
+  
+  # Background color used for elements on top of bg-inverse-color
+  bg_inverse_intense_color:       '#17262d' # dark blue
+  
+  # Design elements (lines, borders) on top of bg-inverse-color
+  decorator_inverse_color:        '#977bf0' # purple
+  
+  # Text used on top of bg-inverse-color such as inverse modals
+  text_inverse_color:             '#17262d' # dark blue
+
+  # Color used in small/isolated elements
+  #-------------------------------------------
+  # used to reflect a positive action or point (e.g: tick icon)
+  elem_positive_color:            '#d1e55c' # green
+  
+  # stronger version of elem-positive-color (barely used)
+  elem_positive_flash_color:      '#47ff00' # fluro-green
+  
+  # used for regular design element - fits well with both main and inverse backgrounds
+  elem_cozy_color:                '#977bf0' # purple
+
+  # Impac!
+  impac:
+    positive: '#3fc4ff' # light blue
+    negative: '#1de9b6' # light green
+    pool:
+      - '#1de9b6' # light green
+      - '#7c4dff' # fluro-purple
+      - '#ffc928' # yellow-orange
+      - '#3fc4ff' # light blue
+      - '#ff8e01' # fluro-orange
+      - '#c6ff00' # fluro-green
+      - '#d500fa' # fluro-purple
+      - '#ff6e41' # red-orange
+      - '#ffeb3c' # fluro-yellow
+      - '#ff1844' # fluro-pink
+
+#
+# General Application Layout
+#
+layout:
+  # Whether to display a header on public pages
+  public_page_header: false
+  
+  # Which layout for the dashboard
+  dashboard_menu_orientation: 'vertical'
+  
+# Devise Configuration
+devise:
+  # Links
+  remember_checkbox_shown: true
+  unlock_link_shown: true
+  forgot_password_link_shown: true
+  confirmation_link_shown: true
+  omniauth_link_shown: true
+  
+  # User fields
+  phone_required: true
+  
+# Workflow configuration
+workflow:
+  # Enable/Disable Signup onboarding - a series of screens guiding users through
+  # entering more details and setting their dashboard up
+  signup_onboarding: false

data/lib/accountingjs_serializer.rb

@@ -0,0 +1,51 @@
+module AccountingjsSerializer
+
+  def self.serialize(money)
+    {
+      'value' => money.to_f,
+      'options' => {
+        'symbol' => money.symbol,
+        'decimal' => money.decimal_mark,
+        'thousand' => money.thousands_separator,
+        'precision' => 2,
+        'format' => money.currency.symbol_first ? "%s%v" : "%v%s",
+        'subunit_symbol' => subunit_symbol(money.currency),
+        'subunit_format' => subunit_symbol_first(money.currency) ? "%s%v" : "%v%s",
+        'subunit_to_unit' => money.currency.subunit_to_unit,
+        'iso_code' => money.currency_as_string
+      }
+    }
+  end
+
+  # Return whether the subunit symbol
+  # should be first or not
+  def self.subunit_symbol_first(currency)
+    if currency.id == :cny
+      return true
+    else
+      return false
+    end
+  end
+
+  # Return the symbol of the
+  # subunit
+  def self.subunit_symbol(currency)
+    if currency.subunit
+      subunit_label = currency.subunit.downcase
+
+      if subunit_label =~ /cent/i && currency.iso_code == 'EUR'
+        subunit_label = 'ct'
+      elsif subunit_label =~ /cent/i
+        subunit_label = 'c'
+      elsif subunit_label =~ /penny/i
+        subunit_label = 'p'
+      elsif subunit_label =~ /fen/i
+        subunit_label = 20998.chr
+      end
+
+      return subunit_label
+    else
+      return nil
+    end
+  end
+end

data/lib/devise/controllers/extension_helpers.rb

@@ -0,0 +1,52 @@
+module DeviseExtension
+  module Controllers
+    module Helpers
+      extend ActiveSupport::Concern
+
+      included do
+        before_filter :handle_password_change
+      end
+
+      # controller instance methods
+      private
+
+      # lookup if an password change needed
+      def handle_password_change
+        return if warden.nil?
+        if not devise_controller? and not ignore_password_expire? and not request.format.nil? #and request.format.html?
+          Devise.mappings.keys.flatten.any? do |scope|
+            if signed_in?(scope) and warden.session(scope)['password_expired']
+              # re-check to avoid infinite loop if date changed after login attempt
+              if send(:"current_#{scope}").try(:need_change_password?)
+                session["#{scope}_return_to"] = request.original_fullpath if request.get?
+                redirect_for_password_change scope
+                return
+              else
+                warden.session(scope)[:password_expired] = false
+              end
+            end
+          end
+        end
+      end
+
+      # redirect for password update with alert message
+      def redirect_for_password_change(scope)
+        redirect_to change_password_required_path_for(scope), :alert => 'Your password is expired. Please renew your password.'
+      end
+
+      # path for change password
+      def change_password_required_path_for(resource_or_scope = nil)
+        scope       = Devise::Mapping.find_scope!(resource_or_scope)
+        change_path = "#{scope}_password_expired_path"
+        send(change_path)
+      end
+
+      protected
+
+      # allow to overwrite for some special handlings
+      def ignore_password_expire?
+        false
+      end
+    end
+  end
+end

data/lib/devise/extension_routes.rb

@@ -0,0 +1,11 @@
+module ActionDispatch::Routing
+  class Mapper
+
+    protected
+
+    # route for handle expired passwords
+    def devise_password_expired(mapping, controllers)
+      resource :password_expired, only: [:show, :update], path: mapping.path_names[:password_expired], controller: controllers[:password_expired]
+    end
+  end
+end

data/lib/devise/hooks/password_expirable.rb

@@ -0,0 +1,5 @@
+Warden::Manager.after_authentication do |record, warden, options|
+  if record.respond_to?(:need_change_password?)
+    warden.session(options[:scope])['password_expired'] = record.need_change_password?
+  end
+end

data/lib/devise/models/password_expirable.rb

@@ -0,0 +1,28 @@
+require 'devise/hooks/password_expirable'
+
+module Devise
+  module Models
+    module PasswordExpirable
+      extend ActiveSupport::Concern
+
+      # is an password change required?
+      def need_change_password?
+        if self.expire_password_after.is_a? Fixnum or self.expire_password_after.is_a? Float
+          self.password_changed_at.nil? or self.password_changed_at < self.expire_password_after.ago
+        else
+          false
+        end
+      end
+
+      def expire_password_after
+        self.class.expire_password_after
+      end
+
+      private
+
+      module ClassMethods
+        Devise::Models.config(self, :expire_password_after)
+      end
+    end
+  end
+end

data/lib/devise/models/remote_authenticatable.rb

@@ -0,0 +1,48 @@
+module Devise
+  module Models
+    module RemoteAuthenticatable
+      extend ActiveSupport::Concern
+ 
+      #
+      # Here you do the request to the external webservice
+      #
+      # If the authentication is successful you should return
+      # a resource instance
+      #
+      # If the authentication fails you should return false
+      #
+      def remote_authentication(authentication_hash)
+        self.class.authenticate(authentication_hash) # call MnoEnterprise::User.authenticate
+      end
+      
+      ####################################
+      # Overriden methods from Devise::Models::Authenticatable
+      ####################################
+      module ClassMethods
+        
+        # This method is called from:
+        # Warden::SessionSerializer in devise
+        #
+        # It takes as many params as elements had the array
+        # returned in serialize_into_session
+        #
+        # Recreates a resource from session data
+        def serialize_from_session(key,salt)
+          record = Rails.cache.fetch(['user', key], expires_in: 1.minutes) do
+            to_adapter.get(key)
+          end.tap(&:clear_association_cache)
+          record if record && record.authenticatable_salt == salt
+        end
+        
+        # Here you have to return and array with the data of your resource
+        # that you want to serialize into the session
+        #
+        # You might want to include some authentication data
+        def serialize_into_session(record)
+          [record.to_key, record.authenticatable_salt]
+        end
+ 
+      end
+    end
+  end
+end

data/lib/devise/strategies/remote_authenticatable.rb

@@ -0,0 +1,44 @@
+module Devise
+  module Strategies
+    class RemoteAuthenticatable < Authenticatable
+      
+      # def valid?
+      #   true || params[scope]
+      # end
+      
+      # For an example check : https://github.com/plataformatec/devise/blob/master/lib/devise/strategies/database_authenticatable.rb
+      # Method called by warden to authenticate a resource.
+      def authenticate!
+        # authentication_hash doesn't include the password
+        auth_params = params[scope]
+        
+        # mapping.to is a wrapper over the resource model
+        resource = mapping.to.new
+
+        return fail! unless resource
+
+        # remote_authentication method is defined in Devise::Models::RemoteAuthenticatable
+        #
+        # validate is a method defined in Devise::Strategies::Authenticatable. It takes
+        # a block which must return a boolean value.
+        #
+        # If the block returns true the resource will be loged in
+        # If the block returns false the authentication will fail!
+        if validate(resource){ resource = resource.remote_authentication(auth_params) }
+          success!(resource)
+        end
+      end
+    end
+  end
+end
+
+Warden::Strategies.add :remote_authenticatable, Devise::Strategies::RemoteAuthenticatable
+Devise.add_module :remote_authenticatable, strategy: true, controller: :sessions, route: :session
+
+Warden::Manager.after_authentication do |user,auth,opts|
+  Rails.cache.delete(['user', user.to_key]) if user
+end
+
+Warden::Manager.before_logout do |user,auth,opts|
+  Rails.cache.delete(['user', user.to_key]) if user
+end

data/lib/devise_extension.rb

@@ -0,0 +1,36 @@
+require 'devise'
+require 'devise/models/password_expirable'
+require 'devise/extension_routes'
+
+module Devise
+  # Should the password expire (e.g 3.months)
+  mattr_accessor :expire_password_after
+  @@expire_password_after = 3.months
+
+  # Validate password strength
+  mattr_accessor :password_regex
+  @@password_regex = nil
+  # Need 1 char of A-Z, a-z and 0-9
+  # @@password_regex = /(?=.*\d)(?=.*[a-z])(?=.*[A-Z])/
+
+  mattr_accessor :password_regex_message
+  @@password_regex_message = 'must contains at least one uppercase letter, one lower case letter and a number'
+end
+
+# an security extension for devise
+module DeviseExtension
+  module Controllers
+    autoload :Helpers, 'devise/controllers/extension_helpers'
+  end
+end
+
+# modules
+Devise.add_module :password_expirable, controller: :password_expirable, model: 'devise/models/password_expirable', route: :password_expired
+
+module DeviseExtension
+  class Engine < ::Rails::Engine
+    ActiveSupport.on_load(:action_controller) do
+      include DeviseExtension::Controllers::Helpers
+    end
+  end
+end