people_user_generator 0.0.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/MIT-LICENSE +20 -0
- data/Rakefile +34 -0
- data/app/assets/javascripts/people/account.js +2 -0
- data/app/assets/javascripts/people/application.js +13 -0
- data/app/assets/stylesheets/people/account.css +7 -0
- data/app/assets/stylesheets/people/application.css +15 -0
- data/app/assets/stylesheets/scaffold.css +56 -0
- data/app/controllers/people/account_controller.rb +86 -0
- data/app/controllers/people/api/v1/application_controller.rb +5 -0
- data/app/controllers/people/api/v1/authentication_controller.rb +140 -0
- data/app/controllers/people/api/v1/users_controller.rb +120 -0
- data/app/controllers/people/application_controller.rb +4 -0
- data/app/helpers/people/account_helper.rb +4 -0
- data/app/helpers/people/application_helper.rb +4 -0
- data/app/helpers/people/users_helper.rb +4 -0
- data/app/mailers/people/account_mailer.rb +68 -0
- data/app/models/people/email_hash.rb +44 -0
- data/app/models/people/user.rb +9 -0
- data/app/models/people/v1/user.rb +54 -0
- data/app/serializers/people/v1/user_serializer.rb +61 -0
- data/app/views/layouts/people/application.html.erb +14 -0
- data/app/views/layouts/people/default/application.html.erb +14 -0
- data/app/views/people/account/changed_password.html.erb +3 -0
- data/app/views/people/account/email_confirm.html.erb +3 -0
- data/app/views/people/account/forgotten_password.html.erb +12 -0
- data/app/views/people/account/new_password.html.erb +25 -0
- data/app/views/people/account/posted_email_sent.html.erb +3 -0
- data/app/views/people/account_mailer/email_confirmation.html.erb +14 -0
- data/app/views/people/account_mailer/email_confirmation.text.erb +5 -0
- data/app/views/people/account_mailer/forgot_password.html.erb +15 -0
- data/app/views/people/account_mailer/forgot_password.text.erb +8 -0
- data/app/views/people/account_mailer/password_reset.html.erb +10 -0
- data/app/views/people/account_mailer/password_reset.text.erb +3 -0
- data/app/views/people/account_mailer/unlock_account.html.erb +14 -0
- data/app/views/people/account_mailer/unlock_account.text.erb +7 -0
- data/app/views/people/account_mailer/welcome_email.html.erb +15 -0
- data/app/views/people/account_mailer/welcome_email.text.erb +6 -0
- data/app/views/people/account_mailer/you_confirmed_email.html.erb +10 -0
- data/app/views/people/account_mailer/you_confirmed_email.text.erb +3 -0
- data/config/routes.rb +29 -0
- data/db/migrate/20141021150908_create_people_users.rb +13 -0
- data/db/migrate/20141022145945_create_people_email_hashes.rb +11 -0
- data/db/migrate/20141022161442_add_confirmed_to_people_users.rb +5 -0
- data/db/migrate/20141022161524_add_locked_to_people_users.rb +5 -0
- data/db/migrate/20141022161543_add_attempts_to_people_users.rb +5 -0
- data/db/migrate/20141023203747_remove_hash_from_people_email_hash.rb +5 -0
- data/db/migrate/20141023203806_add_token_to_people_email_hash.rb +5 -0
- data/db/migrate/20141024042651_remove_type_from_people_email_hash.rb +5 -0
- data/db/migrate/20141024042708_add_email_type_to_people_email_hash.rb +5 -0
- data/lib/generators/people/admin/USAGE +8 -0
- data/lib/generators/people/admin/admin_generator.rb +17 -0
- data/lib/generators/people/admin/templates/active_admin.rb +100 -0
- data/lib/generators/people/admin/templates/email_hash.rb +82 -0
- data/lib/generators/people/all/USAGE +8 -0
- data/lib/generators/people/all/all_generator.rb +18 -0
- data/lib/generators/people/authorizations/USAGE +8 -0
- data/lib/generators/people/authorizations/authorizations_generator.rb +19 -0
- data/lib/generators/people/authorizations/templates/authentication_authorization.rb +25 -0
- data/lib/generators/people/authorizations/templates/authorization.rb +106 -0
- data/lib/generators/people/tests/USAGE +8 -0
- data/lib/generators/people/tests/templates/account_routing.rb +37 -0
- data/lib/generators/people/tests/templates/authentication_requests.rb +166 -0
- data/lib/generators/people/tests/templates/authentication_routing.rb +37 -0
- data/lib/generators/people/tests/templates/email_hash_factory.rb +7 -0
- data/lib/generators/people/tests/templates/email_hash_model.rb +14 -0
- data/lib/generators/people/tests/templates/email_hash_request.rb +174 -0
- data/lib/generators/people/tests/templates/factory.rb +17 -0
- data/lib/generators/people/tests/templates/models.rb +61 -0
- data/lib/generators/people/tests/templates/requests.rb +180 -0
- data/lib/generators/people/tests/templates/routing.rb +47 -0
- data/lib/generators/people/tests/tests_generator.rb +25 -0
- data/lib/people.rb +4 -0
- data/lib/people/engine.rb +5 -0
- data/lib/people/version.rb +3 -0
- data/lib/tasks/people_tasks.rake +4 -0
- data/test/controllers/people/account_controller_test.rb +21 -0
- data/test/controllers/people/users_controller_test.rb +51 -0
- data/test/dummy/README.rdoc +28 -0
- data/test/dummy/Rakefile +6 -0
- data/test/dummy/app/assets/javascripts/application.js +13 -0
- data/test/dummy/app/assets/stylesheets/application.css +13 -0
- data/test/dummy/app/controllers/application_controller.rb +5 -0
- data/test/dummy/app/helpers/application_helper.rb +2 -0
- data/test/dummy/app/views/layouts/application.html.erb +14 -0
- data/test/dummy/bin/bundle +3 -0
- data/test/dummy/bin/rails +4 -0
- data/test/dummy/bin/rake +4 -0
- data/test/dummy/config.ru +4 -0
- data/test/dummy/config/application.rb +23 -0
- data/test/dummy/config/boot.rb +5 -0
- data/test/dummy/config/database.yml +25 -0
- data/test/dummy/config/environment.rb +5 -0
- data/test/dummy/config/environments/development.rb +29 -0
- data/test/dummy/config/environments/production.rb +80 -0
- data/test/dummy/config/environments/test.rb +36 -0
- data/test/dummy/config/initializers/backtrace_silencers.rb +7 -0
- data/test/dummy/config/initializers/filter_parameter_logging.rb +4 -0
- data/test/dummy/config/initializers/inflections.rb +16 -0
- data/test/dummy/config/initializers/mime_types.rb +5 -0
- data/test/dummy/config/initializers/secret_token.rb +12 -0
- data/test/dummy/config/initializers/session_store.rb +3 -0
- data/test/dummy/config/initializers/wrap_parameters.rb +14 -0
- data/test/dummy/config/locales/en.yml +23 -0
- data/test/dummy/config/routes.rb +4 -0
- data/test/dummy/db/development.sqlite3 +0 -0
- data/test/dummy/db/schema.rb +38 -0
- data/test/dummy/log/development.log +122 -0
- data/test/dummy/public/404.html +58 -0
- data/test/dummy/public/422.html +58 -0
- data/test/dummy/public/500.html +57 -0
- data/test/dummy/public/favicon.ico +0 -0
- data/test/fixtures/people/email_hashes.yml +11 -0
- data/test/fixtures/people/users.yml +11 -0
- data/test/helpers/people/account_helper_test.rb +6 -0
- data/test/helpers/people/users_helper_test.rb +6 -0
- data/test/integration/navigation_test.rb +10 -0
- data/test/mailers/people/account_mailer_test.rb +9 -0
- data/test/mailers/previews/people/account_mailer_preview.rb +6 -0
- data/test/models/people/email_hash_test.rb +9 -0
- data/test/models/people/user_test.rb +9 -0
- data/test/people_test.rb +7 -0
- data/test/test_helper.rb +15 -0
- metadata +353 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: a7d7ec2965c69cf947ae5fd9368f05a40b08db66
|
4
|
+
data.tar.gz: baa3feb307bf4bd0a86abffd9062f34f73cd3a1f
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: fd4e48af8b1720d09c39649f1014b035cf0d04102face5d7301d967442230305e5c8a08374f13fba08e3a5c2962cab7f8925f95730e7769bab20791c23e409dc
|
7
|
+
data.tar.gz: dc8ee608304c60fe43821159d4f8d290f81bbf98ddc1e94c0f1fdc54cb0106625f55a0205fcaf3f79d3fccf31af428db8b7bb6cb92c4c06f8c55be76f44e662f
|
data/MIT-LICENSE
ADDED
@@ -0,0 +1,20 @@
|
|
1
|
+
Copyright 2014 YOURNAME
|
2
|
+
|
3
|
+
Permission is hereby granted, free of charge, to any person obtaining
|
4
|
+
a copy of this software and associated documentation files (the
|
5
|
+
"Software"), to deal in the Software without restriction, including
|
6
|
+
without limitation the rights to use, copy, modify, merge, publish,
|
7
|
+
distribute, sublicense, and/or sell copies of the Software, and to
|
8
|
+
permit persons to whom the Software is furnished to do so, subject to
|
9
|
+
the following conditions:
|
10
|
+
|
11
|
+
The above copyright notice and this permission notice shall be
|
12
|
+
included in all copies or substantial portions of the Software.
|
13
|
+
|
14
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
15
|
+
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
16
|
+
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
17
|
+
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
18
|
+
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
19
|
+
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
20
|
+
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
data/Rakefile
ADDED
@@ -0,0 +1,34 @@
|
|
1
|
+
begin
|
2
|
+
require 'bundler/setup'
|
3
|
+
rescue LoadError
|
4
|
+
puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
|
5
|
+
end
|
6
|
+
|
7
|
+
require 'rdoc/task'
|
8
|
+
|
9
|
+
RDoc::Task.new(:rdoc) do |rdoc|
|
10
|
+
rdoc.rdoc_dir = 'rdoc'
|
11
|
+
rdoc.title = 'People'
|
12
|
+
rdoc.options << '--line-numbers'
|
13
|
+
rdoc.rdoc_files.include('README.rdoc')
|
14
|
+
rdoc.rdoc_files.include('lib/**/*.rb')
|
15
|
+
end
|
16
|
+
|
17
|
+
APP_RAKEFILE = File.expand_path("../test/dummy/Rakefile", __FILE__)
|
18
|
+
load 'rails/tasks/engine.rake'
|
19
|
+
|
20
|
+
|
21
|
+
|
22
|
+
Bundler::GemHelper.install_tasks
|
23
|
+
|
24
|
+
require 'rake/testtask'
|
25
|
+
|
26
|
+
Rake::TestTask.new(:test) do |t|
|
27
|
+
t.libs << 'lib'
|
28
|
+
t.libs << 'test'
|
29
|
+
t.pattern = 'test/**/*_test.rb'
|
30
|
+
t.verbose = false
|
31
|
+
end
|
32
|
+
|
33
|
+
|
34
|
+
task default: :test
|
@@ -0,0 +1,13 @@
|
|
1
|
+
// This is a manifest file that'll be compiled into application.js, which will include all the files
|
2
|
+
// listed below.
|
3
|
+
//
|
4
|
+
// Any JavaScript/Coffee file within this directory, lib/assets/javascripts, vendor/assets/javascripts,
|
5
|
+
// or vendor/assets/javascripts of plugins, if any, can be referenced here using a relative path.
|
6
|
+
//
|
7
|
+
// It's not advisable to add code directly here, but if you do, it'll appear at the bottom of the
|
8
|
+
// compiled file.
|
9
|
+
//
|
10
|
+
// Read Sprockets README (https://github.com/sstephenson/sprockets#sprockets-directives) for details
|
11
|
+
// about supported directives.
|
12
|
+
//
|
13
|
+
//= require_tree .
|
@@ -0,0 +1,15 @@
|
|
1
|
+
/*
|
2
|
+
* This is a manifest file that'll be compiled into application.css, which will include all the files
|
3
|
+
* listed below.
|
4
|
+
*
|
5
|
+
* Any CSS and SCSS file within this directory, lib/assets/stylesheets, vendor/assets/stylesheets,
|
6
|
+
* or vendor/assets/stylesheets of plugins, if any, can be referenced here using a relative path.
|
7
|
+
*
|
8
|
+
* You're free to add application-wide styles to this file and they'll appear at the bottom of the
|
9
|
+
* compiled file so the styles you add here take precedence over styles defined in any styles
|
10
|
+
* defined in the other CSS/SCSS files in this directory. It is generally better to create a new
|
11
|
+
* file per style scope.
|
12
|
+
*
|
13
|
+
*= require_tree .
|
14
|
+
*= require_self
|
15
|
+
*/
|
@@ -0,0 +1,56 @@
|
|
1
|
+
body { background-color: #fff; color: #333; }
|
2
|
+
|
3
|
+
body, p, ol, ul, td {
|
4
|
+
font-family: verdana, arial, helvetica, sans-serif;
|
5
|
+
font-size: 13px;
|
6
|
+
line-height: 18px;
|
7
|
+
}
|
8
|
+
|
9
|
+
pre {
|
10
|
+
background-color: #eee;
|
11
|
+
padding: 10px;
|
12
|
+
font-size: 11px;
|
13
|
+
}
|
14
|
+
|
15
|
+
a { color: #000; }
|
16
|
+
a:visited { color: #666; }
|
17
|
+
a:hover { color: #fff; background-color:#000; }
|
18
|
+
|
19
|
+
div.field, div.actions {
|
20
|
+
margin-bottom: 10px;
|
21
|
+
}
|
22
|
+
|
23
|
+
#notice {
|
24
|
+
color: green;
|
25
|
+
}
|
26
|
+
|
27
|
+
.field_with_errors {
|
28
|
+
padding: 2px;
|
29
|
+
background-color: red;
|
30
|
+
display: table;
|
31
|
+
}
|
32
|
+
|
33
|
+
#error_explanation {
|
34
|
+
width: 450px;
|
35
|
+
border: 2px solid red;
|
36
|
+
padding: 7px;
|
37
|
+
padding-bottom: 0;
|
38
|
+
margin-bottom: 20px;
|
39
|
+
background-color: #f0f0f0;
|
40
|
+
}
|
41
|
+
|
42
|
+
#error_explanation h2 {
|
43
|
+
text-align: left;
|
44
|
+
font-weight: bold;
|
45
|
+
padding: 5px 5px 5px 15px;
|
46
|
+
font-size: 12px;
|
47
|
+
margin: -7px;
|
48
|
+
margin-bottom: 0px;
|
49
|
+
background-color: #c00;
|
50
|
+
color: #fff;
|
51
|
+
}
|
52
|
+
|
53
|
+
#error_explanation ul li {
|
54
|
+
font-size: 12px;
|
55
|
+
list-style: square;
|
56
|
+
}
|
@@ -0,0 +1,86 @@
|
|
1
|
+
require_dependency "people/application_controller"
|
2
|
+
|
3
|
+
module People
|
4
|
+
class AccountController < ApplicationController
|
5
|
+
before_action :set_email_hash, only: [:email_confirm, :new_password, :change_password]
|
6
|
+
before_action :set_user, only: [:email_confirm, :new_password, :change_password]
|
7
|
+
|
8
|
+
# GET /account/email_confirm?eh_id=:id&token=:token
|
9
|
+
def email_confirm
|
10
|
+
check_type(::People::EmailHash.email_confirm)
|
11
|
+
@user.confirmed = true
|
12
|
+
@user.save
|
13
|
+
#Shows a page that says email confirmed
|
14
|
+
render :email_confirm
|
15
|
+
#Delete all of this users previous confirm emails sent
|
16
|
+
::People::EmailHash.delete_all({:user_id => ["user_id = ?", @user.id],
|
17
|
+
:email_type => ["email_type = ?", ::People::EmailHash.email_confirm]})
|
18
|
+
::People::AccountMailer.you_confirmed_email(@user).deliver
|
19
|
+
end
|
20
|
+
|
21
|
+
# GET /account/forgotten_password
|
22
|
+
#Creates the form to enter your email
|
23
|
+
def forgotten_password
|
24
|
+
#Shows a page that says enter email and posts to posted_email
|
25
|
+
render :forgotten_password
|
26
|
+
end
|
27
|
+
|
28
|
+
# POST /account/posted_email
|
29
|
+
def posted_email
|
30
|
+
@user = ::People::V1::User.find_by(email: params[:email].downcase)
|
31
|
+
if !@user.nil?
|
32
|
+
::People::AccountMailer.forgot_password(@user).deliver
|
33
|
+
end
|
34
|
+
render :posted_email_sent
|
35
|
+
end
|
36
|
+
|
37
|
+
# GET /account/new_password?eh_id=:id&token=:token
|
38
|
+
#Shows the form to enter password and password_confirmation
|
39
|
+
def new_password
|
40
|
+
check_type(::People::EmailHash.forgotten_password)
|
41
|
+
render :new_password
|
42
|
+
end
|
43
|
+
|
44
|
+
# POST /account/change_password?eh_id=:id&token=:token
|
45
|
+
#Tries to update the user, if doesn't validate, send back to new_password
|
46
|
+
def change_password
|
47
|
+
check_type(::People::EmailHash.forgotten_password)
|
48
|
+
#Shows a page that says enter new password
|
49
|
+
#Changes the current password if it matches
|
50
|
+
if @user.update({password: params[:password],
|
51
|
+
password_confirmation: params[:password_confirmation]})
|
52
|
+
@user.locked = false
|
53
|
+
@user.attempts = 0
|
54
|
+
@user.confirmed = true
|
55
|
+
@user.save
|
56
|
+
render :changed_password
|
57
|
+
#Changing a password inadvertantly confirms your email. All other
|
58
|
+
#Requests to change your password should be destroyed. So every
|
59
|
+
#Email hash that belongs to a user needs to be destroyed.
|
60
|
+
::People::EmailHash.delete_all(:user_id => ["user_id = ?", @user.id])
|
61
|
+
::People::AccountMailer.password_reset(@user).deliver
|
62
|
+
else
|
63
|
+
render :new_password
|
64
|
+
end
|
65
|
+
end
|
66
|
+
|
67
|
+
private
|
68
|
+
|
69
|
+
def set_user
|
70
|
+
@user = ::People::V1::User.find(@email_hash.user_id)
|
71
|
+
end
|
72
|
+
|
73
|
+
def set_email_hash
|
74
|
+
@email_hash = ::People::EmailHash.find(params[:eh_id])
|
75
|
+
if @email_hash.token != params[:token] || ::People::EmailHash.expired?(@email_hash)
|
76
|
+
raise ::ActionController::RoutingError.new('Not Found')
|
77
|
+
end
|
78
|
+
end
|
79
|
+
|
80
|
+
def check_type(email_type)
|
81
|
+
if @email_hash.email_type != email_type
|
82
|
+
raise ::ActionController::RoutingError.new('Not Found')
|
83
|
+
end
|
84
|
+
end
|
85
|
+
end
|
86
|
+
end
|
@@ -0,0 +1,140 @@
|
|
1
|
+
require_dependency "people/api/v1/application_controller"
|
2
|
+
require 'authorization'
|
3
|
+
|
4
|
+
module People
|
5
|
+
class Api::V1::AuthenticationController < Api::V1::ApplicationController
|
6
|
+
|
7
|
+
skip_before_filter :authenticate_user, :only => [:register, :login]
|
8
|
+
before_action :register_authorize, only: [:register]
|
9
|
+
before_action :login_authorize, only: [:login]
|
10
|
+
before_action :logout_authorize, only: [:logout]
|
11
|
+
|
12
|
+
# POST /api/1/authentication/register
|
13
|
+
def register
|
14
|
+
#Create a new user
|
15
|
+
user = ::People::V1::User.new(user_params)
|
16
|
+
if user.save
|
17
|
+
#If the user is saved, return a token
|
18
|
+
successful_login(user,user.tokens[0])
|
19
|
+
#Send confirmation email here
|
20
|
+
::People::AccountMailer.welcome_email(user).deliver
|
21
|
+
::People::AccountMailer.email_confirmation(user).deliver
|
22
|
+
else
|
23
|
+
#Return an error if not saved
|
24
|
+
render :json => {errors: user.errors.full_messages}, status: :unprocessable_entity
|
25
|
+
end
|
26
|
+
end
|
27
|
+
|
28
|
+
# POST /api/1/authentication/login
|
29
|
+
def login
|
30
|
+
errors = "Email and/or Password is incorrect"
|
31
|
+
user = ::People::V1::User.find_by(email: get_email)
|
32
|
+
if is_locked?(user)
|
33
|
+
return
|
34
|
+
end
|
35
|
+
if user && user.authenticate(params[:user][:password])
|
36
|
+
successful_login(user,user.tokens.create)
|
37
|
+
else
|
38
|
+
if unsuccessful_login?(user)
|
39
|
+
errors = "Account is locked due to too many failed login attempts"
|
40
|
+
end
|
41
|
+
render :json => {errors: errors}, status: :unauthorized
|
42
|
+
end
|
43
|
+
end
|
44
|
+
|
45
|
+
# POST /api/1/authentication/logout
|
46
|
+
def logout
|
47
|
+
#Destroy the current token
|
48
|
+
token = current_token
|
49
|
+
token.destroy
|
50
|
+
render json: {}
|
51
|
+
end
|
52
|
+
|
53
|
+
# GET /api/1/authentication/login_status
|
54
|
+
def login_status
|
55
|
+
# Will give an unauthorized if not logged in
|
56
|
+
render json: {}
|
57
|
+
end
|
58
|
+
|
59
|
+
# POST /api/1/authentication/authenticate
|
60
|
+
def authenticate
|
61
|
+
if authenticate_password
|
62
|
+
render :json => {errors: "Email and/or Password is incorrect"}, status: :unauthorized
|
63
|
+
return
|
64
|
+
end
|
65
|
+
render json: {}
|
66
|
+
end
|
67
|
+
|
68
|
+
private
|
69
|
+
|
70
|
+
# Only allow a trusted parameter "white list" through.
|
71
|
+
|
72
|
+
def user_params
|
73
|
+
params.require(:user).permit(:username, :email, :password, :password_confirmation)
|
74
|
+
end
|
75
|
+
|
76
|
+
def unsuccessful_login?(user)
|
77
|
+
if !user.nil?
|
78
|
+
user.attempts = user.attempts + 1
|
79
|
+
if ::People::V1::User.over_max_attempts?(user.attempts)
|
80
|
+
user.locked = true
|
81
|
+
#Send locked email here
|
82
|
+
::People::AccountMailer.unlock_account(user).deliver
|
83
|
+
end
|
84
|
+
user.save
|
85
|
+
return true
|
86
|
+
else
|
87
|
+
return false
|
88
|
+
end
|
89
|
+
end
|
90
|
+
|
91
|
+
def successful_login(user,token)
|
92
|
+
user.attempts = 0
|
93
|
+
user.save
|
94
|
+
#Could possibly create a remember me option to set this number
|
95
|
+
::Arcadex::Create.set_token(token,20000,request,nil)
|
96
|
+
userHash = {id: user.id, username: user.username, email: user.email}
|
97
|
+
tokenHash = {auth_token: token.auth_token}
|
98
|
+
render :json => {user: userHash,token: tokenHash}
|
99
|
+
end
|
100
|
+
|
101
|
+
def get_email
|
102
|
+
if !params[:user][:email].nil?
|
103
|
+
return params[:user][:email].downcase
|
104
|
+
else
|
105
|
+
return nil
|
106
|
+
end
|
107
|
+
end
|
108
|
+
|
109
|
+
def is_locked?(user)
|
110
|
+
if !user.nil?
|
111
|
+
if user.locked
|
112
|
+
errors = "Account is locked"
|
113
|
+
render :json => {errors: errors}, status: :unauthorized
|
114
|
+
return true
|
115
|
+
else
|
116
|
+
return false
|
117
|
+
end
|
118
|
+
end
|
119
|
+
end
|
120
|
+
|
121
|
+
def register_authorize
|
122
|
+
if !::Authorization::People::V1::Authentication.register?
|
123
|
+
render :json => {errors: "User is not authorized for this action"}, status: :forbidden
|
124
|
+
end
|
125
|
+
end
|
126
|
+
|
127
|
+
def login_authorize
|
128
|
+
if !::Authorization::People::V1::Authentication.login?
|
129
|
+
render :json => {errors: "User is not authorized for this action"}, status: :forbidden
|
130
|
+
end
|
131
|
+
end
|
132
|
+
|
133
|
+
def logout_authorize
|
134
|
+
if !::Authorization::People::V1::Authentication.logout?(current_user)
|
135
|
+
render :json => {errors: "User is not authorized for this action"}, status: :forbidden
|
136
|
+
end
|
137
|
+
end
|
138
|
+
|
139
|
+
end
|
140
|
+
end
|
@@ -0,0 +1,120 @@
|
|
1
|
+
require_dependency "people/api/v1/application_controller"
|
2
|
+
require 'authorization'
|
3
|
+
|
4
|
+
module People
|
5
|
+
class Api::V1::UsersController < Api::V1::ApplicationController
|
6
|
+
|
7
|
+
before_action :set_user, only: [:show, :update, :destroy]
|
8
|
+
before_action :index_authorize, only: [:index]
|
9
|
+
before_action :show_authorize, only: [:show]
|
10
|
+
before_action :update_authorize, only: [:update]
|
11
|
+
before_action :destroy_authorize, only: [:destroy]
|
12
|
+
before_action :user_authenticate, only: [:update, :destroy]
|
13
|
+
|
14
|
+
# GET /api/1/users
|
15
|
+
def index
|
16
|
+
@users = ::People::V1::User.all
|
17
|
+
render json: @users
|
18
|
+
end
|
19
|
+
|
20
|
+
# GET /api/1/users/1
|
21
|
+
def show
|
22
|
+
render json: @user
|
23
|
+
end
|
24
|
+
|
25
|
+
# PATCH/PUT /api/1/users/1
|
26
|
+
def update
|
27
|
+
change_password
|
28
|
+
before_email = @user.email
|
29
|
+
if @user.update(user_params)
|
30
|
+
if email_changed?(before_email.downcase,@user.email.downcase)
|
31
|
+
#The email changed, reconfirm email address
|
32
|
+
::People::AccountMailer.email_confirmation(@user).deliver
|
33
|
+
end
|
34
|
+
render json: @user
|
35
|
+
else
|
36
|
+
render :json => {errors: @user.errors.full_messages}, status: :unprocessable_entity
|
37
|
+
end
|
38
|
+
end
|
39
|
+
|
40
|
+
# DELETE /api/1/users/1
|
41
|
+
def destroy
|
42
|
+
@user.destroy
|
43
|
+
render json: {}
|
44
|
+
end
|
45
|
+
|
46
|
+
private
|
47
|
+
|
48
|
+
# Only allow a trusted parameter "white list" through.
|
49
|
+
|
50
|
+
def user_params
|
51
|
+
params.require(:user).permit(:username, :email, :password, :password_confirmation)
|
52
|
+
end
|
53
|
+
|
54
|
+
def user_authenticate
|
55
|
+
if authenticate_password
|
56
|
+
render :json => {errors: "Current password is incorrect"}, status: :unauthorized
|
57
|
+
return
|
58
|
+
end
|
59
|
+
end
|
60
|
+
|
61
|
+
def email_changed?(old_email,new_email)
|
62
|
+
if old_email != new_email
|
63
|
+
@user.confirmed = false
|
64
|
+
@user.save
|
65
|
+
#Delete all previous emails
|
66
|
+
::People::EmailHash.delete_all(:user_id => ["user_id = ?", @user.id])
|
67
|
+
return true
|
68
|
+
else
|
69
|
+
return false
|
70
|
+
end
|
71
|
+
end
|
72
|
+
|
73
|
+
#If password is being changed, need to change it over to fit user_params
|
74
|
+
#Need new_password and new_password_confirmation to change password
|
75
|
+
def change_password
|
76
|
+
if params[:user].nil?
|
77
|
+
return
|
78
|
+
end
|
79
|
+
if !params[:user][:new_password].nil? && !params[:user][:new_password_confirmation].nil?
|
80
|
+
params[:user][:password] = params[:user][:new_password]
|
81
|
+
params[:user][:password_confirmation] = params[:user][:new_password_confirmation]
|
82
|
+
end
|
83
|
+
end
|
84
|
+
|
85
|
+
# Use callbacks to share common setup or constraints between actions.
|
86
|
+
|
87
|
+
def set_user
|
88
|
+
@user = ::People::V1::User.find_by_id(params[:id])
|
89
|
+
if @user.nil?
|
90
|
+
render :json => {errors: "User was not found"}, status: :not_found
|
91
|
+
end
|
92
|
+
end
|
93
|
+
|
94
|
+
# Authorizations below here
|
95
|
+
|
96
|
+
def index_authorize
|
97
|
+
if !::Authorization::People::V1::User.index?(current_user)
|
98
|
+
render :json => {errors: "User is not authorized for this action"}, status: :forbidden
|
99
|
+
end
|
100
|
+
end
|
101
|
+
|
102
|
+
def show_authorize
|
103
|
+
if !::Authorization::People::V1::User.show?(@user,current_user)
|
104
|
+
render :json => {errors: "User is not authorized for this action"}, status: :forbidden
|
105
|
+
end
|
106
|
+
end
|
107
|
+
|
108
|
+
def update_authorize
|
109
|
+
if !::Authorization::People::V1::User.update?(@user,current_user)
|
110
|
+
render :json => {errors: "User is not authorized for this action"}, status: :forbidden
|
111
|
+
end
|
112
|
+
end
|
113
|
+
|
114
|
+
def destroy_authorize
|
115
|
+
if !::Authorization::People::V1::User.destroy?(@user,current_user)
|
116
|
+
render :json => {errors: "User is not authorized for this action"}, status: :forbidden
|
117
|
+
end
|
118
|
+
end
|
119
|
+
end
|
120
|
+
end
|