quo_vadis 1.1.0 → 1.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/CHANGELOG.md +7 -0
- data/README.md +1 -1
- data/app/controllers/controller_mixin.rb +7 -2
- data/app/controllers/quo_vadis/sessions_controller.rb +9 -5
- data/app/models/model_mixin.rb +6 -2
- data/lib/quo_vadis/version.rb +1 -1
- data/test/dummy/app/views/layouts/application.html.erb +7 -8
- data/test/integration/forgotten_test.rb +3 -3
- data/test/unit/user_test.rb +13 -7
- metadata +4 -4
data/CHANGELOG.md
CHANGED
data/README.md
CHANGED
|
@@ -64,7 +64,7 @@ You have to write the view yourself because you'd inevitably want to change what
|
|
|
64
64
|
|
|
65
65
|
Remember to serve your sign in form over HTTPS -- to avoid [the credentials being stolen](http://blog.jgc.org/2011/01/code-injected-to-steal-passwords-in.html).
|
|
66
66
|
|
|
67
|
-
In your layout, use `current_user` to retrieve the signed-in user; and `sign_in_path`, `sign_out_path`, and `forgotten_sign_in_path` as appropriate.
|
|
67
|
+
In your layout, use `current_user` to retrieve the signed-in user; and `sign_in_path`, `sign_out_path`, and `forgotten_sign_in_path` as appropriate. You can also use `authenticated?`.
|
|
68
68
|
|
|
69
69
|
|
|
70
70
|
## Forgotten Password
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
module ControllerMixin
|
|
2
2
|
def self.included(base)
|
|
3
|
-
base.helper_method :"current_#{QuoVadis.model_instance_name}"
|
|
3
|
+
base.helper_method :"current_#{QuoVadis.model_instance_name}", :authenticated?
|
|
4
4
|
end
|
|
5
5
|
|
|
6
6
|
protected
|
|
@@ -13,6 +13,11 @@ module ControllerMixin
|
|
|
13
13
|
private
|
|
14
14
|
|
|
15
15
|
class_eval <<-END, __FILE__, __LINE__ + 1
|
|
16
|
+
# Returns `true` if we have an authenticated user, `false` otherwise.
|
|
17
|
+
def authenticated?
|
|
18
|
+
!!current_#{QuoVadis.model_instance_name}
|
|
19
|
+
end
|
|
20
|
+
|
|
16
21
|
# Remembers the authenticated <tt>user</tt> (in this session and future sessions).
|
|
17
22
|
#
|
|
18
23
|
# If you want to sign in a <tt>user</tt> you have just created, call <tt>sign_in</tt>
|
|
@@ -30,7 +35,7 @@ module ControllerMixin
|
|
|
30
35
|
# Does nothing if we already have an authenticated user. If we don't have an
|
|
31
36
|
# authenticated user, it stores the desired URL and redirects to the sign in URL.
|
|
32
37
|
def authenticate
|
|
33
|
-
unless
|
|
38
|
+
unless authenticated?
|
|
34
39
|
session[:quo_vadis_original_url] = request.fullpath
|
|
35
40
|
flash[:notice] = t('quo_vadis.flash.sign_in.before') unless t('quo_vadis.flash.sign_in.before').blank?
|
|
36
41
|
redirect_to sign_in_url
|
|
@@ -66,11 +66,15 @@ class QuoVadis::SessionsController < ApplicationController
|
|
|
66
66
|
# PUT change_password_path /sign-in/change-password/:token
|
|
67
67
|
def update
|
|
68
68
|
if (user = QuoVadis.model_class.valid_token(params[:token]).first)
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
user.
|
|
72
|
-
|
|
73
|
-
|
|
69
|
+
if params[:password].present?
|
|
70
|
+
user.password = params[:password]
|
|
71
|
+
if user.save
|
|
72
|
+
user.clear_token
|
|
73
|
+
flash_if_present :notice, 'quo_vadis.flash.forgotten.password_changed'
|
|
74
|
+
sign_in user
|
|
75
|
+
else
|
|
76
|
+
render 'sessions/edit'
|
|
77
|
+
end
|
|
74
78
|
else
|
|
75
79
|
render 'sessions/edit'
|
|
76
80
|
end
|
data/app/models/model_mixin.rb
CHANGED
|
@@ -10,6 +10,9 @@ module ModelMixin
|
|
|
10
10
|
# Adds methods to set and authenticate against a password stored encrypted by BCrypt.
|
|
11
11
|
# Also adds methods to generate and clear a token, used to retrieve the record of a
|
|
12
12
|
# user who has forgotten their password.
|
|
13
|
+
#
|
|
14
|
+
# Note that if a password isn't supplied when creating a user, the error will be on
|
|
15
|
+
# the `password_digest` attribute.
|
|
13
16
|
def authenticates
|
|
14
17
|
send :include, InstanceMethodsOnActivation
|
|
15
18
|
|
|
@@ -17,7 +20,6 @@ module ModelMixin
|
|
|
17
20
|
attr_protected :password_digest
|
|
18
21
|
|
|
19
22
|
validates :username, :presence => true, :uniqueness => true, :if => :should_authenticate?
|
|
20
|
-
validates :password, :presence => true, :if => Proc.new { |u| u.should_authenticate? && u.changed.include?('password_digest') }
|
|
21
23
|
validates :password_digest, :presence => true, :if => :should_authenticate?
|
|
22
24
|
|
|
23
25
|
scope :valid_token, lambda { |token| where("token = ? AND token_created_at > ?", token, 3.hours.ago) }
|
|
@@ -54,7 +56,9 @@ module ModelMixin
|
|
|
54
56
|
|
|
55
57
|
def password=(plain_text_password) # :nodoc:
|
|
56
58
|
@password = plain_text_password
|
|
57
|
-
|
|
59
|
+
unless @password.blank?
|
|
60
|
+
self.password_digest = BCrypt::Password.create plain_text_password
|
|
61
|
+
end
|
|
58
62
|
end
|
|
59
63
|
|
|
60
64
|
# Generates a unique, timestamped token which can be used in URLs, and
|
data/lib/quo_vadis/version.rb
CHANGED
|
@@ -9,17 +9,16 @@
|
|
|
9
9
|
<body>
|
|
10
10
|
|
|
11
11
|
<div id='topnav'>
|
|
12
|
-
<% if
|
|
13
|
-
You are signed in as
|
|
12
|
+
<% if authenticated? %>
|
|
13
|
+
You are signed in as
|
|
14
|
+
<% if defined?(current_user) %>
|
|
15
|
+
<%= current_user.name %>.
|
|
16
|
+
<% elsif defined?(current_person) %>
|
|
17
|
+
<%= current_person.name %>.
|
|
18
|
+
<% end %>
|
|
14
19
|
<%= link_to 'Sign out', sign_out_path %>
|
|
15
|
-
|
|
16
|
-
<% elsif defined?(current_person) && current_person %>
|
|
17
|
-
You are signed in as <%= current_person.name %>.
|
|
18
|
-
<%= link_to 'Sign out', sign_out_path %>
|
|
19
|
-
|
|
20
20
|
<% else %>
|
|
21
21
|
<%= link_to 'Sign in', sign_in_path %>
|
|
22
|
-
|
|
23
22
|
<% end %>
|
|
24
23
|
</div>
|
|
25
24
|
|
|
@@ -53,7 +53,7 @@ class ForgottenTest < ActiveSupport::IntegrationCase
|
|
|
53
53
|
test 'user can follow emailed link while valid to change password' do
|
|
54
54
|
user_factory 'Bob', 'bob', 'secret', 'bob@example.com'
|
|
55
55
|
submit_forgotten_details 'bob'
|
|
56
|
-
|
|
56
|
+
|
|
57
57
|
link_in_email = ActionMailer::Base.deliveries.last.encoded[%r{http://.*}].strip
|
|
58
58
|
visit link_in_email
|
|
59
59
|
fill_in :password, :with => 'topsecret'
|
|
@@ -69,7 +69,7 @@ class ForgottenTest < ActiveSupport::IntegrationCase
|
|
|
69
69
|
test 'user cannot change password to an invalid one' do
|
|
70
70
|
user_factory 'Bob', 'bob', 'secret', 'bob@example.com'
|
|
71
71
|
submit_forgotten_details 'bob'
|
|
72
|
-
|
|
72
|
+
|
|
73
73
|
link_in_email = ActionMailer::Base.deliveries.last.encoded[%r{http://.*}].strip
|
|
74
74
|
visit link_in_email
|
|
75
75
|
fill_in :password, :with => ''
|
|
@@ -81,7 +81,7 @@ class ForgottenTest < ActiveSupport::IntegrationCase
|
|
|
81
81
|
user_factory 'Bob', 'bob', 'secret', 'bob@example.com'
|
|
82
82
|
submit_forgotten_details 'bob'
|
|
83
83
|
User.last.update_attributes :token_created_at => 1.day.ago
|
|
84
|
-
|
|
84
|
+
|
|
85
85
|
link_in_email = ActionMailer::Base.deliveries.last.encoded[%r{http://.*}].strip
|
|
86
86
|
visit link_in_email
|
|
87
87
|
assert_equal forgotten_sign_in_path, current_path
|
data/test/unit/user_test.rb
CHANGED
|
@@ -2,10 +2,15 @@ require 'test_helper'
|
|
|
2
2
|
|
|
3
3
|
class UserTest < ActiveSupport::TestCase
|
|
4
4
|
|
|
5
|
+
test 'user must have a unique username' do
|
|
6
|
+
User.create :username => 'bob', :password => 'secret'
|
|
7
|
+
assert User.new(:username => 'bob', :password => 'secret').invalid?
|
|
8
|
+
end
|
|
9
|
+
|
|
5
10
|
test 'user must have a valid password on create' do
|
|
6
|
-
assert
|
|
7
|
-
assert
|
|
8
|
-
assert
|
|
11
|
+
assert User.create(:username => 'bob', :password => nil).invalid?
|
|
12
|
+
assert User.create(:username => 'bob', :password => '').invalid?
|
|
13
|
+
assert User.create(:username => 'bob', :password => 'secret').valid?
|
|
9
14
|
end
|
|
10
15
|
|
|
11
16
|
test 'user need not supply password when updating other attributes' do
|
|
@@ -13,13 +18,14 @@ class UserTest < ActiveSupport::TestCase
|
|
|
13
18
|
user = User.last # reload from database so password is nil
|
|
14
19
|
assert_nil user.password
|
|
15
20
|
assert user.update_attributes(:username => 'Robert')
|
|
21
|
+
assert user.update_attributes(:username => 'Robert', :password => nil)
|
|
22
|
+
assert user.update_attributes(:username => 'Robert', :password => '')
|
|
23
|
+
assert User.last.has_matching_password?('secret')
|
|
16
24
|
end
|
|
17
25
|
|
|
18
26
|
test 'user must have a valid password when updating password' do
|
|
19
27
|
user = User.create :username => 'bob', :password => 'secret'
|
|
20
|
-
assert
|
|
21
|
-
assert !user.update_attributes(:password => nil)
|
|
22
|
-
assert user.update_attributes(:password => 'topsecret')
|
|
28
|
+
assert user.update_attributes(:password => 'topsecret')
|
|
23
29
|
end
|
|
24
30
|
|
|
25
31
|
test 'has_matching_password?' do
|
|
@@ -36,7 +42,7 @@ class UserTest < ActiveSupport::TestCase
|
|
|
36
42
|
end
|
|
37
43
|
END
|
|
38
44
|
user.username = 'bob'
|
|
39
|
-
assert
|
|
45
|
+
assert user.invalid?
|
|
40
46
|
|
|
41
47
|
user.username = 'robert'
|
|
42
48
|
assert user.valid?
|
metadata
CHANGED
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: quo_vadis
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
hash:
|
|
4
|
+
hash: 17
|
|
5
5
|
prerelease:
|
|
6
6
|
segments:
|
|
7
7
|
- 1
|
|
8
8
|
- 1
|
|
9
|
-
-
|
|
10
|
-
version: 1.1.
|
|
9
|
+
- 1
|
|
10
|
+
version: 1.1.1
|
|
11
11
|
platform: ruby
|
|
12
12
|
authors:
|
|
13
13
|
- Andy Stewart
|
|
@@ -15,7 +15,7 @@ autorequire:
|
|
|
15
15
|
bindir: bin
|
|
16
16
|
cert_chain: []
|
|
17
17
|
|
|
18
|
-
date: 2011-10-
|
|
18
|
+
date: 2011-10-18 00:00:00 +02:00
|
|
19
19
|
default_executable:
|
|
20
20
|
dependencies:
|
|
21
21
|
- !ruby/object:Gem::Dependency
|