people_user_generator 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: a7d7ec2965c69cf947ae5fd9368f05a40b08db66
+  data.tar.gz: baa3feb307bf4bd0a86abffd9062f34f73cd3a1f
+SHA512:
+  metadata.gz: fd4e48af8b1720d09c39649f1014b035cf0d04102face5d7301d967442230305e5c8a08374f13fba08e3a5c2962cab7f8925f95730e7769bab20791c23e409dc
+  data.tar.gz: dc8ee608304c60fe43821159d4f8d290f81bbf98ddc1e94c0f1fdc54cb0106625f55a0205fcaf3f79d3fccf31af428db8b7bb6cb92c4c06f8c55be76f44e662f

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright 2014 YOURNAME
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/Rakefile

@@ -0,0 +1,34 @@
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+
+require 'rdoc/task'
+
+RDoc::Task.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'People'
+  rdoc.options << '--line-numbers'
+  rdoc.rdoc_files.include('README.rdoc')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+APP_RAKEFILE = File.expand_path("../test/dummy/Rakefile", __FILE__)
+load 'rails/tasks/engine.rake'
+
+
+
+Bundler::GemHelper.install_tasks
+
+require 'rake/testtask'
+
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'lib'
+  t.libs << 'test'
+  t.pattern = 'test/**/*_test.rb'
+  t.verbose = false
+end
+
+
+task default: :test

data/app/assets/javascripts/people/account.js

@@ -0,0 +1,2 @@
+// Place all the behaviors and hooks related to the matching controller here.
+// All this logic will automatically be available in application.js.

data/app/assets/javascripts/people/application.js

@@ -0,0 +1,13 @@
+// This is a manifest file that'll be compiled into application.js, which will include all the files
+// listed below.
+//
+// Any JavaScript/Coffee file within this directory, lib/assets/javascripts, vendor/assets/javascripts,
+// or vendor/assets/javascripts of plugins, if any, can be referenced here using a relative path.
+//
+// It's not advisable to add code directly here, but if you do, it'll appear at the bottom of the
+// compiled file.
+//
+// Read Sprockets README (https://github.com/sstephenson/sprockets#sprockets-directives) for details
+// about supported directives.
+//
+//= require_tree .

data/app/assets/stylesheets/people/account.css

@@ -0,0 +1,7 @@
+/*
+  Place all the styles related to the matching controller here.
+  They will automatically be included in application.css.
+*/
+.text-center {
+	text-align: center;
+}

data/app/assets/stylesheets/people/application.css

@@ -0,0 +1,15 @@
+/*
+ * This is a manifest file that'll be compiled into application.css, which will include all the files
+ * listed below.
+ *
+ * Any CSS and SCSS file within this directory, lib/assets/stylesheets, vendor/assets/stylesheets,
+ * or vendor/assets/stylesheets of plugins, if any, can be referenced here using a relative path.
+ *
+ * You're free to add application-wide styles to this file and they'll appear at the bottom of the
+ * compiled file so the styles you add here take precedence over styles defined in any styles
+ * defined in the other CSS/SCSS files in this directory. It is generally better to create a new
+ * file per style scope.
+ *
+ *= require_tree .
+ *= require_self
+ */

data/app/assets/stylesheets/scaffold.css

@@ -0,0 +1,56 @@
+body { background-color: #fff; color: #333; }
+
+body, p, ol, ul, td {
+  font-family: verdana, arial, helvetica, sans-serif;
+  font-size:   13px;
+  line-height: 18px;
+}
+
+pre {
+  background-color: #eee;
+  padding: 10px;
+  font-size: 11px;
+}
+
+a { color: #000; }
+a:visited { color: #666; }
+a:hover { color: #fff; background-color:#000; }
+
+div.field, div.actions {
+  margin-bottom: 10px;
+}
+
+#notice {
+  color: green;
+}
+
+.field_with_errors {
+  padding: 2px;
+  background-color: red;
+  display: table;
+}
+
+#error_explanation {
+  width: 450px;
+  border: 2px solid red;
+  padding: 7px;
+  padding-bottom: 0;
+  margin-bottom: 20px;
+  background-color: #f0f0f0;
+}
+
+#error_explanation h2 {
+  text-align: left;
+  font-weight: bold;
+  padding: 5px 5px 5px 15px;
+  font-size: 12px;
+  margin: -7px;
+  margin-bottom: 0px;
+  background-color: #c00;
+  color: #fff;
+}
+
+#error_explanation ul li {
+  font-size: 12px;
+  list-style: square;
+}

data/app/controllers/people/account_controller.rb

@@ -0,0 +1,86 @@
+require_dependency "people/application_controller"
+
+module People
+  class AccountController < ApplicationController
+    before_action :set_email_hash, only: [:email_confirm, :new_password, :change_password]
+    before_action :set_user, only: [:email_confirm, :new_password, :change_password]
+
+    # GET /account/email_confirm?eh_id=:id&token=:token
+    def email_confirm
+      check_type(::People::EmailHash.email_confirm)
+      @user.confirmed = true
+      @user.save
+      #Shows a page that says email confirmed
+      render :email_confirm
+      #Delete all of this users previous confirm emails sent
+      ::People::EmailHash.delete_all({:user_id => ["user_id = ?", @user.id],
+        :email_type => ["email_type = ?", ::People::EmailHash.email_confirm]})
+      ::People::AccountMailer.you_confirmed_email(@user).deliver
+    end
+
+    # GET /account/forgotten_password
+    #Creates the form to enter your email
+    def forgotten_password
+      #Shows a page that says enter email and posts to posted_email
+      render :forgotten_password
+    end
+
+    # POST /account/posted_email
+    def posted_email
+      @user = ::People::V1::User.find_by(email: params[:email].downcase)
+      if !@user.nil?
+        ::People::AccountMailer.forgot_password(@user).deliver
+      end
+      render :posted_email_sent
+    end
+
+    # GET /account/new_password?eh_id=:id&token=:token
+    #Shows the form to enter password and password_confirmation
+    def new_password
+      check_type(::People::EmailHash.forgotten_password)
+      render :new_password
+    end
+
+    # POST /account/change_password?eh_id=:id&token=:token
+    #Tries to update the user, if doesn't validate, send back to new_password
+    def change_password
+      check_type(::People::EmailHash.forgotten_password)
+      #Shows a page that says enter new password
+      #Changes the current password if it matches
+      if @user.update({password: params[:password],
+        password_confirmation: params[:password_confirmation]})
+        @user.locked = false
+        @user.attempts = 0
+        @user.confirmed = true
+        @user.save
+        render :changed_password
+        #Changing a password inadvertantly confirms your email. All other
+        #Requests to change your password should be destroyed. So every
+        #Email hash that belongs to a user needs to be destroyed.
+        ::People::EmailHash.delete_all(:user_id => ["user_id = ?", @user.id])
+        ::People::AccountMailer.password_reset(@user).deliver
+      else
+        render :new_password
+      end
+    end
+
+    private
+
+      def set_user
+        @user = ::People::V1::User.find(@email_hash.user_id)
+      end
+      
+      def set_email_hash
+        @email_hash = ::People::EmailHash.find(params[:eh_id])
+        if @email_hash.token != params[:token] || ::People::EmailHash.expired?(@email_hash)
+          raise ::ActionController::RoutingError.new('Not Found')
+        end
+      end
+
+      def check_type(email_type)
+        if @email_hash.email_type != email_type
+          raise ::ActionController::RoutingError.new('Not Found')
+        end
+      end
+  end
+end

data/app/controllers/people/api/v1/application_controller.rb

@@ -0,0 +1,5 @@
+module People
+  class Api::V1::ApplicationController < ::Api::V1::ApiController
+
+  end
+end

data/app/controllers/people/api/v1/authentication_controller.rb

@@ -0,0 +1,140 @@
+require_dependency "people/api/v1/application_controller"
+require 'authorization'
+
+module People
+  class Api::V1::AuthenticationController < Api::V1::ApplicationController
+    
+    skip_before_filter :authenticate_user, :only => [:register, :login]
+    before_action :register_authorize, only: [:register]
+    before_action :login_authorize, only: [:login]
+    before_action :logout_authorize, only: [:logout]
+
+    # POST /api/1/authentication/register
+    def register
+      #Create a new user
+      user = ::People::V1::User.new(user_params)
+      if user.save
+        #If the user is saved, return a token
+        successful_login(user,user.tokens[0])
+        #Send confirmation email here
+        ::People::AccountMailer.welcome_email(user).deliver
+        ::People::AccountMailer.email_confirmation(user).deliver
+      else
+        #Return an error if not saved
+        render :json => {errors: user.errors.full_messages}, status: :unprocessable_entity
+      end
+    end
+
+    # POST /api/1/authentication/login
+    def login
+      errors = "Email and/or Password is incorrect"
+      user = ::People::V1::User.find_by(email: get_email)
+      if is_locked?(user)
+        return
+      end
+      if user && user.authenticate(params[:user][:password])
+        successful_login(user,user.tokens.create)
+      else
+        if unsuccessful_login?(user)
+          errors = "Account is locked due to too many failed login attempts"
+        end
+        render :json => {errors: errors}, status: :unauthorized 
+      end
+    end
+
+    # POST /api/1/authentication/logout
+    def logout
+      #Destroy the current token
+      token = current_token
+      token.destroy
+      render json: {}
+    end
+
+    # GET /api/1/authentication/login_status
+    def login_status
+      # Will give an unauthorized if not logged in
+      render json: {}
+    end
+    
+    # POST /api/1/authentication/authenticate
+    def authenticate
+      if authenticate_password
+        render :json => {errors: "Email and/or Password is incorrect"}, status: :unauthorized 
+        return
+      end
+      render json: {}
+    end
+
+    private
+
+      # Only allow a trusted parameter "white list" through.
+
+      def user_params
+        params.require(:user).permit(:username, :email, :password, :password_confirmation)
+      end
+
+      def unsuccessful_login?(user)
+        if !user.nil?
+          user.attempts = user.attempts + 1
+          if ::People::V1::User.over_max_attempts?(user.attempts)
+            user.locked = true
+            #Send locked email here
+            ::People::AccountMailer.unlock_account(user).deliver
+          end
+          user.save
+          return true
+        else
+          return false
+        end
+      end
+
+      def successful_login(user,token)
+        user.attempts = 0
+        user.save
+        #Could possibly create a remember me option to set this number
+        ::Arcadex::Create.set_token(token,20000,request,nil)
+        userHash = {id: user.id, username: user.username, email: user.email}
+        tokenHash = {auth_token: token.auth_token}
+        render :json => {user: userHash,token: tokenHash}
+      end
+
+      def get_email
+        if !params[:user][:email].nil?
+          return params[:user][:email].downcase
+        else
+          return nil
+        end
+      end
+
+      def is_locked?(user)
+        if !user.nil?
+          if user.locked
+            errors = "Account is locked"
+            render :json => {errors: errors}, status: :unauthorized
+            return true
+          else
+            return false
+          end
+        end
+      end
+
+      def register_authorize
+        if !::Authorization::People::V1::Authentication.register?
+          render :json => {errors: "User is not authorized for this action"}, status: :forbidden
+        end
+      end
+
+      def login_authorize
+        if !::Authorization::People::V1::Authentication.login?
+          render :json => {errors: "User is not authorized for this action"}, status: :forbidden
+        end
+      end
+
+      def logout_authorize
+        if !::Authorization::People::V1::Authentication.logout?(current_user)
+          render :json => {errors: "User is not authorized for this action"}, status: :forbidden
+        end
+      end
+      
+  end
+end

data/app/controllers/people/api/v1/users_controller.rb

@@ -0,0 +1,120 @@
+require_dependency "people/api/v1/application_controller"
+require 'authorization'
+
+module People
+  class Api::V1::UsersController < Api::V1::ApplicationController
+    
+    before_action :set_user, only: [:show, :update, :destroy]
+    before_action :index_authorize, only: [:index]
+    before_action :show_authorize, only: [:show]
+    before_action :update_authorize, only: [:update]
+    before_action :destroy_authorize, only: [:destroy]
+    before_action :user_authenticate, only: [:update, :destroy]
+
+    # GET /api/1/users
+    def index
+      @users = ::People::V1::User.all
+      render json: @users
+    end
+
+    # GET /api/1/users/1
+    def show
+      render json: @user
+    end
+
+    # PATCH/PUT /api/1/users/1
+    def update
+      change_password
+      before_email = @user.email
+      if @user.update(user_params)
+        if email_changed?(before_email.downcase,@user.email.downcase)
+          #The email changed, reconfirm email address
+          ::People::AccountMailer.email_confirmation(@user).deliver
+        end
+        render json: @user
+      else
+        render :json => {errors: @user.errors.full_messages}, status: :unprocessable_entity
+      end
+    end
+
+    # DELETE /api/1/users/1
+    def destroy
+      @user.destroy
+      render json: {}
+    end
+
+    private
+
+      # Only allow a trusted parameter "white list" through.
+
+      def user_params
+        params.require(:user).permit(:username, :email, :password, :password_confirmation)
+      end
+
+      def user_authenticate
+        if authenticate_password
+          render :json => {errors: "Current password is incorrect"}, status: :unauthorized 
+          return
+        end
+      end
+
+      def email_changed?(old_email,new_email)
+        if old_email != new_email
+          @user.confirmed = false
+          @user.save
+          #Delete all previous emails
+          ::People::EmailHash.delete_all(:user_id => ["user_id = ?", @user.id])
+          return true 
+        else
+          return false
+        end
+      end
+
+      #If password is being changed, need to change it over to fit user_params
+      #Need new_password and new_password_confirmation to change password
+      def change_password
+        if params[:user].nil?
+          return
+        end
+        if !params[:user][:new_password].nil? && !params[:user][:new_password_confirmation].nil?
+          params[:user][:password] = params[:user][:new_password]
+          params[:user][:password_confirmation] = params[:user][:new_password_confirmation]
+        end
+      end
+
+      # Use callbacks to share common setup or constraints between actions.
+
+      def set_user
+        @user = ::People::V1::User.find_by_id(params[:id])
+        if @user.nil?
+          render :json => {errors: "User was not found"}, status: :not_found
+        end
+      end
+
+      # Authorizations below here
+
+      def index_authorize
+        if !::Authorization::People::V1::User.index?(current_user)
+          render :json => {errors: "User is not authorized for this action"}, status: :forbidden
+        end
+      end
+
+      def show_authorize
+        if !::Authorization::People::V1::User.show?(@user,current_user)
+          render :json => {errors: "User is not authorized for this action"}, status: :forbidden
+        end
+      end
+
+      def update_authorize
+        if !::Authorization::People::V1::User.update?(@user,current_user)
+          render :json => {errors: "User is not authorized for this action"}, status: :forbidden
+        end  
+      end
+
+      def destroy_authorize
+        if !::Authorization::People::V1::User.destroy?(@user,current_user)
+          render :json => {errors: "User is not authorized for this action"}, status: :forbidden
+        end  
+      end
+  end
+end