quo_vadis 1.3.2 → 2.0.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (190) hide show
  1. checksums.yaml +5 -5
  2. data/.gitignore +11 -7
  3. data/CHANGELOG.md +33 -0
  4. data/Gemfile +11 -1
  5. data/LICENSE.txt +21 -0
  6. data/README.md +434 -127
  7. data/Rakefile +14 -16
  8. data/app/controllers/quo_vadis/confirmations_controller.rb +56 -0
  9. data/app/controllers/quo_vadis/logs_controller.rb +20 -0
  10. data/app/controllers/quo_vadis/password_resets_controller.rb +65 -0
  11. data/app/controllers/quo_vadis/passwords_controller.rb +26 -0
  12. data/app/controllers/quo_vadis/recovery_codes_controller.rb +54 -0
  13. data/app/controllers/quo_vadis/sessions_controller.rb +50 -132
  14. data/app/controllers/quo_vadis/totps_controller.rb +72 -0
  15. data/app/controllers/quo_vadis/twofas_controller.rb +26 -0
  16. data/app/mailers/quo_vadis/mailer.rb +73 -0
  17. data/app/models/quo_vadis/account.rb +59 -0
  18. data/app/models/quo_vadis/account_confirmation_token.rb +17 -0
  19. data/app/models/quo_vadis/log.rb +57 -0
  20. data/app/models/quo_vadis/password.rb +52 -0
  21. data/app/models/quo_vadis/password_reset_token.rb +17 -0
  22. data/app/models/quo_vadis/recovery_code.rb +26 -0
  23. data/app/models/quo_vadis/session.rb +55 -0
  24. data/app/models/quo_vadis/token.rb +42 -0
  25. data/app/models/quo_vadis/totp.rb +56 -0
  26. data/bin/console +15 -0
  27. data/bin/rails +21 -0
  28. data/bin/setup +8 -0
  29. data/config/locales/quo_vadis.en.yml +51 -18
  30. data/config/routes.rb +40 -12
  31. data/db/migrate/202102150904_setup.rb +48 -0
  32. data/lib/generators/quo_vadis/install_generator.rb +4 -23
  33. data/lib/quo_vadis.rb +100 -106
  34. data/lib/quo_vadis/controller.rb +227 -0
  35. data/lib/quo_vadis/crypt.rb +43 -0
  36. data/lib/quo_vadis/current_request_details.rb +11 -0
  37. data/lib/quo_vadis/defaults.rb +18 -0
  38. data/lib/quo_vadis/encrypted_type.rb +17 -0
  39. data/lib/quo_vadis/engine.rb +9 -11
  40. data/lib/quo_vadis/hmacable.rb +26 -0
  41. data/lib/quo_vadis/ip_masking.rb +31 -0
  42. data/lib/quo_vadis/model.rb +86 -0
  43. data/lib/quo_vadis/version.rb +3 -1
  44. data/quo_vadis.gemspec +20 -24
  45. data/test/dummy/README.markdown +1 -0
  46. data/test/dummy/Rakefile +2 -6
  47. data/test/dummy/app/controllers/application_controller.rb +0 -1
  48. data/test/dummy/app/controllers/articles_controller.rb +8 -11
  49. data/test/dummy/app/controllers/sign_ups_controller.rb +42 -0
  50. data/test/dummy/app/controllers/users_controller.rb +13 -5
  51. data/test/dummy/app/models/application_record.rb +3 -0
  52. data/test/dummy/app/models/article.rb +2 -1
  53. data/test/dummy/app/models/person.rb +5 -2
  54. data/test/dummy/app/models/user.rb +4 -1
  55. data/test/dummy/app/views/articles/also_secret.html.erb +1 -0
  56. data/test/dummy/app/views/articles/index.html.erb +1 -1
  57. data/test/dummy/app/views/articles/secret.html.erb +1 -0
  58. data/test/dummy/app/views/articles/very_secret.html.erb +2 -0
  59. data/test/dummy/app/views/layouts/application.html.erb +41 -25
  60. data/test/dummy/app/views/quo_vadis/confirmations/edit.html.erb +10 -0
  61. data/test/dummy/app/views/quo_vadis/confirmations/index.html.erb +5 -0
  62. data/test/dummy/app/views/quo_vadis/confirmations/new.html.erb +16 -0
  63. data/test/dummy/app/views/quo_vadis/logs/index.html.erb +28 -0
  64. data/test/dummy/app/views/quo_vadis/mailer/account_confirmation.text.erb +4 -0
  65. data/test/dummy/app/views/quo_vadis/mailer/email_change_notification.text.erb +8 -0
  66. data/test/dummy/app/views/quo_vadis/mailer/identifier_change_notification.text.erb +8 -0
  67. data/test/dummy/app/views/quo_vadis/mailer/password_change_notification.text.erb +8 -0
  68. data/test/dummy/app/views/quo_vadis/mailer/password_reset_notification.text.erb +8 -0
  69. data/test/dummy/app/views/quo_vadis/mailer/recovery_codes_generation_notification.text.erb +8 -0
  70. data/test/dummy/app/views/quo_vadis/mailer/reset_password.text.erb +4 -0
  71. data/test/dummy/app/views/quo_vadis/mailer/totp_reuse_notification.text.erb +6 -0
  72. data/test/dummy/app/views/quo_vadis/mailer/totp_setup_notification.text.erb +8 -0
  73. data/test/dummy/app/views/quo_vadis/mailer/twofa_deactivated_notification.text.erb +8 -0
  74. data/test/dummy/app/views/quo_vadis/password_resets/edit.html.erb +25 -0
  75. data/test/dummy/app/views/quo_vadis/password_resets/index.html.erb +5 -0
  76. data/test/dummy/app/views/quo_vadis/password_resets/new.html.erb +12 -0
  77. data/test/dummy/app/views/quo_vadis/passwords/edit.html.erb +30 -0
  78. data/test/dummy/app/views/quo_vadis/recovery_codes/challenge.html.erb +11 -0
  79. data/test/dummy/app/views/quo_vadis/recovery_codes/index.html.erb +25 -0
  80. data/test/dummy/app/views/quo_vadis/sessions/index.html.erb +26 -0
  81. data/test/dummy/app/views/quo_vadis/sessions/new.html.erb +24 -0
  82. data/test/dummy/app/views/quo_vadis/totps/challenge.html.erb +11 -0
  83. data/test/dummy/app/views/quo_vadis/totps/new.html.erb +17 -0
  84. data/test/dummy/app/views/quo_vadis/twofas/show.html.erb +20 -0
  85. data/test/dummy/app/views/sign_ups/new.html.erb +37 -0
  86. data/test/dummy/app/views/sign_ups/show.html.erb +5 -0
  87. data/test/dummy/app/views/users/new.html.erb +32 -9
  88. data/test/dummy/config.ru +6 -3
  89. data/test/dummy/config/application.rb +18 -9
  90. data/test/dummy/config/boot.rb +3 -9
  91. data/test/dummy/config/database.yml +2 -14
  92. data/test/dummy/config/environment.rb +2 -3
  93. data/test/dummy/config/initializers/quo_vadis.rb +5 -82
  94. data/test/dummy/config/routes.rb +11 -3
  95. data/test/dummy/db/migrate/202102121932_create_users.rb +10 -0
  96. data/test/dummy/db/migrate/202102121935_create_people.rb +10 -0
  97. data/test/dummy/db/schema.rb +80 -21
  98. data/test/fixtures/quo_vadis/mailer/account_confirmation.text +4 -0
  99. data/test/fixtures/quo_vadis/mailer/email_change_notification.text +8 -0
  100. data/test/fixtures/quo_vadis/mailer/identifier_change_notification.text +8 -0
  101. data/test/fixtures/quo_vadis/mailer/password_change_notification.text +8 -0
  102. data/test/fixtures/quo_vadis/mailer/password_reset_notification.text +8 -0
  103. data/test/fixtures/quo_vadis/mailer/recovery_codes_generation_notification.text +8 -0
  104. data/test/fixtures/quo_vadis/mailer/reset_password.text +4 -0
  105. data/test/fixtures/quo_vadis/mailer/totp_reuse_notification.text +6 -0
  106. data/test/fixtures/quo_vadis/mailer/totp_setup_notification.text +8 -0
  107. data/test/fixtures/quo_vadis/mailer/twofa_deactivated_notification.text +8 -0
  108. data/test/integration/account_confirmation_test.rb +112 -0
  109. data/test/integration/controller_test.rb +280 -0
  110. data/test/integration/logging_test.rb +235 -0
  111. data/test/integration/password_change_test.rb +93 -0
  112. data/test/integration/password_login_test.rb +125 -0
  113. data/test/integration/password_reset_test.rb +136 -0
  114. data/test/integration/recovery_codes_test.rb +48 -0
  115. data/test/integration/sessions_test.rb +86 -0
  116. data/test/integration/sign_up_test.rb +26 -12
  117. data/test/integration/totps_test.rb +96 -0
  118. data/test/integration/twofa_test.rb +82 -0
  119. data/test/mailers/mailer_test.rb +200 -0
  120. data/test/models/account_test.rb +34 -0
  121. data/test/models/crypt_test.rb +22 -0
  122. data/test/models/log_test.rb +16 -0
  123. data/test/models/mask_ip_test.rb +27 -0
  124. data/test/models/model_test.rb +66 -0
  125. data/test/models/password_test.rb +163 -0
  126. data/test/models/recovery_code_test.rb +54 -0
  127. data/test/models/session_test.rb +67 -0
  128. data/test/models/token_test.rb +70 -0
  129. data/test/models/totp_test.rb +68 -0
  130. data/test/quo_vadis_test.rb +39 -3
  131. data/test/test_helper.rb +42 -72
  132. metadata +122 -193
  133. data/app/controllers/controller_mixin.rb +0 -109
  134. data/app/mailers/quo_vadis/notifier.rb +0 -30
  135. data/app/models/model_mixin.rb +0 -128
  136. data/lib/generators/quo_vadis/templates/migration.rb.erb +0 -18
  137. data/lib/generators/quo_vadis/templates/quo_vadis.rb.erb +0 -96
  138. data/test/dummy/.gitignore +0 -2
  139. data/test/dummy/app/helpers/application_helper.rb +0 -2
  140. data/test/dummy/app/helpers/articles_helper.rb +0 -2
  141. data/test/dummy/app/views/articles/new.html.erb +0 -11
  142. data/test/dummy/app/views/layouts/sessions.html.erb +0 -3
  143. data/test/dummy/app/views/quo_vadis/notifier/change_password.text.erb +0 -9
  144. data/test/dummy/app/views/quo_vadis/notifier/invite.text.erb +0 -8
  145. data/test/dummy/app/views/sessions/edit.html.erb +0 -11
  146. data/test/dummy/app/views/sessions/forgotten.html.erb +0 -13
  147. data/test/dummy/app/views/sessions/invite.html.erb +0 -31
  148. data/test/dummy/app/views/sessions/new.html.erb +0 -15
  149. data/test/dummy/config/environments/development.rb +0 -26
  150. data/test/dummy/config/environments/production.rb +0 -49
  151. data/test/dummy/config/environments/test.rb +0 -37
  152. data/test/dummy/config/initializers/backtrace_silencers.rb +0 -7
  153. data/test/dummy/config/initializers/inflections.rb +0 -10
  154. data/test/dummy/config/initializers/mime_types.rb +0 -5
  155. data/test/dummy/config/initializers/rack_patch.rb +0 -16
  156. data/test/dummy/config/initializers/secret_token.rb +0 -7
  157. data/test/dummy/config/initializers/session_store.rb +0 -8
  158. data/test/dummy/config/locales/en.yml +0 -5
  159. data/test/dummy/config/locales/quo_vadis.en.yml +0 -21
  160. data/test/dummy/db/migrate/20110124125037_create_users.rb +0 -13
  161. data/test/dummy/db/migrate/20110124131535_create_articles.rb +0 -14
  162. data/test/dummy/db/migrate/20110127094709_add_authentication_to_users.rb +0 -18
  163. data/test/dummy/db/migrate/20111004112209_create_people.rb +0 -13
  164. data/test/dummy/db/migrate/20111004132342_add_authentication_to_people.rb +0 -18
  165. data/test/dummy/public/404.html +0 -26
  166. data/test/dummy/public/422.html +0 -26
  167. data/test/dummy/public/500.html +0 -26
  168. data/test/dummy/public/javascripts/application.js +0 -2
  169. data/test/dummy/public/javascripts/controls.js +0 -965
  170. data/test/dummy/public/javascripts/dragdrop.js +0 -974
  171. data/test/dummy/public/javascripts/effects.js +0 -1123
  172. data/test/dummy/public/javascripts/prototype.js +0 -6001
  173. data/test/dummy/public/javascripts/rails.js +0 -175
  174. data/test/dummy/public/stylesheets/.gitkeep +0 -0
  175. data/test/dummy/script/rails +0 -6
  176. data/test/integration/activation_test.rb +0 -108
  177. data/test/integration/authenticate_test.rb +0 -39
  178. data/test/integration/blocked_test.rb +0 -23
  179. data/test/integration/config_test.rb +0 -132
  180. data/test/integration/cookie_test.rb +0 -67
  181. data/test/integration/csrf_test.rb +0 -41
  182. data/test/integration/forgotten_test.rb +0 -93
  183. data/test/integration/helper_test.rb +0 -18
  184. data/test/integration/locale_test.rb +0 -197
  185. data/test/integration/navigation_test.rb +0 -7
  186. data/test/integration/sign_in_person_test.rb +0 -26
  187. data/test/integration/sign_in_test.rb +0 -24
  188. data/test/integration/sign_out_test.rb +0 -20
  189. data/test/support/integration_case.rb +0 -11
  190. data/test/unit/user_test.rb +0 -75
data/Rakefile CHANGED
@@ -1,22 +1,20 @@
1
- require 'bundler'
2
- Bundler::GemHelper.install_tasks
1
+ require 'bundler/setup'
3
2
 
4
- require 'rake/testtask'
5
- require 'rake/rdoctask'
3
+ APP_RAKEFILE = File.expand_path('test/dummy/Rakefile', __dir__)
4
+ load 'rails/tasks/engine.rake'
5
+
6
+ load 'rails/tasks/statistics.rake'
7
+
8
+ require "bundler/gem_tasks"
9
+
10
+ require "rake/testtask"
6
11
 
7
12
  Rake::TestTask.new(:test) do |t|
8
- t.libs << 'lib'
9
- t.libs << 'test'
10
- t.pattern = 'test/**/*_test.rb'
11
- t.verbose = false
13
+ t.libs << "test"
14
+ # t.libs << "lib"
15
+ t.test_files = FileList["test/**/*_test.rb"]
16
+ # t.warning = false
12
17
  end
13
18
 
14
- Rake::RDocTask.new(:rdoc) do |rdoc|
15
- rdoc.rdoc_dir = 'rdoc'
16
- rdoc.title = 'Quo Vadis'
17
- rdoc.options << '--line-numbers' << '--inline-source'
18
- rdoc.rdoc_files.include('README.md')
19
- rdoc.rdoc_files.include('app/**/*.rb')
20
- end
19
+ task default: :test
21
20
 
22
- task :default => :test
@@ -0,0 +1,56 @@
1
+ # frozen_string_literal: true
2
+
3
+ module QuoVadis
4
+ class ConfirmationsController < ApplicationController
5
+
6
+ # holding page
7
+ def index
8
+ end
9
+
10
+
11
+ # form for requesting new confirmation email
12
+ def new
13
+ end
14
+
15
+
16
+ # send new confirmation email form submits here
17
+ def create
18
+ account = QuoVadis.find_account_by_identifier_in_params params
19
+
20
+ unless account
21
+ redirect_to new_confirmation_path, alert: QuoVadis.translate('flash.confirmation.identifier') and return
22
+ end
23
+
24
+ request_confirmation account.model
25
+ redirect_to confirmations_path
26
+ end
27
+
28
+
29
+ # emailed confirmation link points here
30
+ def edit
31
+ account = AccountConfirmationToken.find_account params[:token]
32
+
33
+ unless account # expired or already confirmed
34
+ redirect_to new_confirmation_path, alert: QuoVadis.translate('flash.confirmation.unknown') and return
35
+ end
36
+ end
37
+
38
+
39
+ # confirm the account (and login)
40
+ def update
41
+ account = AccountConfirmationToken.find_account params[:token]
42
+
43
+ unless account # expired or already confirmed
44
+ redirect_to new_confirmation_path, alert: QuoVadis.translate('flash.confirmation.unknown') and return
45
+ end
46
+
47
+ account.confirmed!
48
+
49
+ qv.log account, Log::ACCOUNT_CONFIRMATION
50
+
51
+ login account.model, true
52
+ redirect_to qv.path_after_authentication, notice: QuoVadis.translate('flash.confirmation.confirmed')
53
+ end
54
+
55
+ end
56
+ end
@@ -0,0 +1,20 @@
1
+ # frozen_string_literal: true
2
+
3
+ module QuoVadis
4
+ class LogsController < ApplicationController
5
+ before_action :require_password_authentication
6
+
7
+ PER_PAGE = 25
8
+
9
+ def index
10
+ logs = authenticated_model.qv_account.logs
11
+
12
+ page = params[:page] ? params[:page].to_i : 1
13
+ @logs = logs.new_to_old.page(page, PER_PAGE)
14
+
15
+ @prev_page = page - 1 if page > 1
16
+ @next_page = page + 1 if logs.count > page * PER_PAGE
17
+ end
18
+
19
+ end
20
+ end
@@ -0,0 +1,65 @@
1
+ # frozen_string_literal: true
2
+
3
+ module QuoVadis
4
+ class PasswordResetsController < ApplicationController
5
+
6
+ # holding page for after the create action
7
+ def index
8
+ end
9
+
10
+
11
+ def new
12
+ end
13
+
14
+
15
+ def create
16
+ flash[:notice] = QuoVadis.translate 'flash.password_reset.create'
17
+
18
+ account = QuoVadis.find_account_by_identifier_in_params params
19
+ return unless account
20
+
21
+ token = QuoVadis::PasswordResetToken.generate account
22
+ QuoVadis.deliver :reset_password, email: account.model.email, url: quo_vadis.edit_password_reset_url(token)
23
+
24
+ redirect_to password_resets_path
25
+ end
26
+
27
+
28
+ # emailed password-reset link points here
29
+ def edit
30
+ account = PasswordResetToken.find_account params[:token]
31
+
32
+ unless account # expired or password already changed
33
+ redirect_to new_password_reset_path, alert: QuoVadis.translate('flash.password_reset.unknown') and return
34
+ end
35
+
36
+ @password = QuoVadis::Password.new
37
+ end
38
+
39
+
40
+ # really reset the password
41
+ def update
42
+ account = PasswordResetToken.find_account params[:token]
43
+
44
+ unless account # expired or password already changed
45
+ redirect_to new_password_reset_path, alert: QuoVadis.translate('flash.password_reset.unknown') and return
46
+ end
47
+
48
+ @password = account.password
49
+ if @password.reset params[:password], params[:password_confirmation]
50
+ # Logout account's sessions because password has changed.
51
+ # Note model is not logged in here.
52
+ @password.account.sessions.destroy_all
53
+
54
+ qv.log @password.account, Log::PASSWORD_RESET
55
+ QuoVadis.notify :password_reset_notification, email: @password.account.model.email
56
+
57
+ login @password.account.model, true
58
+ redirect_to qv.path_after_authentication, notice: QuoVadis.translate('flash.password_reset.reset')
59
+ else
60
+ render :edit
61
+ end
62
+ end
63
+
64
+ end
65
+ end
@@ -0,0 +1,26 @@
1
+ # frozen_string_literal: true
2
+
3
+ module QuoVadis
4
+ class PasswordsController < ApplicationController
5
+
6
+ before_action :require_authentication
7
+
8
+ def edit
9
+ @password = QuoVadis::Password.new
10
+ end
11
+
12
+ def update
13
+ @password = authenticated_model.qv_account.password
14
+ if @password.change params[:password], params[:new_password], params[:new_password_confirmation]
15
+ qv.log authenticated_model.qv_account, Log::PASSWORD_CHANGE
16
+ QuoVadis.notify :password_change_notification, email: authenticated_model.email
17
+ qv.logout_other_sessions
18
+ qv.replace_session
19
+ redirect_to qv.path_after_password_change, notice: QuoVadis.translate('flash.password.update')
20
+ else
21
+ render :edit
22
+ end
23
+ end
24
+
25
+ end
26
+ end
@@ -0,0 +1,54 @@
1
+ # frozen_string_literal: true
2
+
3
+ module QuoVadis
4
+ class RecoveryCodesController < ApplicationController
5
+ before_action :require_password_authentication
6
+
7
+
8
+ def index
9
+ @codes = flash[:recovery_codes]
10
+ @recovery_code_count = account.recovery_codes.count
11
+ end
12
+
13
+
14
+ def challenge
15
+ end
16
+
17
+
18
+ def authenticate
19
+ if account.recovery_codes.detect { |rc| rc.authenticate_code params[:code] }
20
+ qv.log account, Log::RECOVERY_CODE_SUCCESS
21
+ qv.replace_session
22
+ qv.session_authenticated_with_second_factor
23
+ reset_totp
24
+ redirect_to qv.path_after_authentication,
25
+ notice: QuoVadis.translate('flash.recovery_code.success',
26
+ count: account.recovery_codes.count)
27
+ else
28
+ qv.log account, Log::RECOVERY_CODE_FAILURE
29
+ flash.now[:alert] = QuoVadis.translate('flash.recovery_code.unverified')
30
+ render :challenge
31
+ end
32
+ end
33
+
34
+
35
+ def generate
36
+ qv.log account, Log::RECOVERY_CODE_GENERATE
37
+ QuoVadis.notify :recovery_codes_generation_notification, email: authenticated_model.email
38
+ account.recovery_codes.delete_all
39
+ flash[:recovery_codes] = account.generate_recovery_codes
40
+ redirect_to quo_vadis.recovery_codes_path
41
+ end
42
+
43
+
44
+ private
45
+
46
+ def account
47
+ authenticated_model.qv_account
48
+ end
49
+
50
+ def reset_totp
51
+ account.totp&.destroy
52
+ end
53
+ end
54
+ end
@@ -1,153 +1,71 @@
1
- class QuoVadis::SessionsController < ApplicationController
2
- skip_filter :authenticate, :except => [:destroy]
3
- layout :quo_vadis_layout
1
+ # frozen_string_literal: true
4
2
 
5
- # GET sign_in_path
6
- def new
7
- render 'sessions/new'
8
- end
3
+ module QuoVadis
4
+ class SessionsController < ApplicationController
5
+
6
+ # Don't require authentication for the :destroy action so that someone
7
+ # who has logged in via password but not completed 2fa can still log out.
8
+ before_action :require_authentication, except: [:new, :create, :destroy]
9
9
 
10
- # POST sign_in_path
11
- def create
12
- if blocked?
13
- flash_if_present :alert, 'quo_vadis.flash.sign_in.blocked', :now
14
- render 'sessions/new'
15
- elsif user = QuoVadis.model_class.authenticate(params[:username], params[:password])
16
- flash_if_present :notice, 'quo_vadis.flash.sign_in.after'
17
- sign_in user
18
- else
19
- QuoVadis.failed_sign_in_hook self
20
- flash_if_present :alert, 'quo_vadis.flash.sign_in.failed', :now
21
- render 'sessions/new'
10
+ def index
11
+ @qv_session = qv.session
12
+ @qv_sessions = @qv_session.account.sessions
22
13
  end
23
- end
24
14
 
25
- # GET sign_out_path
26
- def destroy
27
- QuoVadis.signed_out_hook send(:"current_#{QuoVadis.model_instance_name}"), self
28
- self.send :"current_#{QuoVadis.model_instance_name}=", nil
29
- flash_if_present :notice, 'quo_vadis.flash.sign_out'
30
- redirect_to QuoVadis.signed_out_url(self)
31
- end
32
15
 
33
- # GET forgotten_sign_in_path
34
- # POST forgotten_sign_in_path
35
- def forgotten
36
- if request.get?
37
- render 'sessions/forgotten'
38
- elsif request.post?
39
- if params[:username].present? &&
40
- (user = QuoVadis.model_class.where(:username => params[:username]).first)
41
- if user.email.present?
42
- user.generate_token!
43
- QuoVadis::Notifier.change_password(user).deliver
44
- flash_if_present :notice, 'quo_vadis.flash.forgotten.sent_email'
45
- redirect_to :root
46
- else
47
- flash_if_present :alert, 'quo_vadis.flash.forgotten.no_email', :now
48
- render 'sessions/forgotten'
49
- end
50
- else
51
- flash_if_present :alert, 'quo_vadis.flash.forgotten.unknown', :now
52
- render 'sessions/forgotten'
53
- end
16
+ def new
54
17
  end
55
- end
56
18
 
57
- # GET change_password_path /sign-in/change-password/:token
58
- def edit
59
- if QuoVadis.model_class.valid_token(params[:token]).first
60
- render 'sessions/edit'
61
- else
62
- invalid_token :forgotten
63
- end
64
- end
65
19
 
66
- # PUT change_password_path /sign-in/change-password/:token
67
- def update
68
- if (user = QuoVadis.model_class.valid_token(params[:token]).first)
69
- if params[:password].present?
70
- user.password = params[:password]
71
- if user.save
72
- user.clear_token
73
- flash_if_present :notice, 'quo_vadis.flash.forgotten.password_changed'
74
- sign_in user
75
- else
76
- render 'sessions/edit'
77
- end
78
- else
79
- render 'sessions/edit'
20
+ def create
21
+ account = QuoVadis.find_account_by_identifier_in_params params
22
+
23
+ unless account
24
+ qv.log nil, Log::LOGIN_UNKNOWN
25
+ flash.now[:alert] = QuoVadis.translate 'flash.login.failed'
26
+ render :new
27
+ return
80
28
  end
81
- else
82
- invalid_token :forgotten
83
- end
84
- end
85
29
 
86
- # GET invitation_path /sign-in/invite/:token
87
- def invite
88
- if (@user = QuoVadis.model_class.valid_token(params[:token]).first)
89
- # When we create a user who must activate their account, we give them
90
- # a random username and password. However we want to treat them as if
91
- # they weren't set at all.
92
- @user.username = nil
93
- render 'sessions/invite'
94
- else
95
- invalid_token :activation
96
- end
97
- end
30
+ unless account.password.authenticate params[:password]
31
+ qv.log account, Log::LOGIN_FAILURE
32
+ flash.now[:alert] = QuoVadis.translate 'flash.login.failed'
33
+ render :new
34
+ return
35
+ end
98
36
 
99
- # POST activation_path /sign-in/accept/:token
100
- def accept
101
- if (@user = QuoVadis.model_class.valid_token(params[:token]).first)
102
- @user.username, @user.password = params[:username], params[:password]
103
- # When we create a user who must activate their account, we give them
104
- # a random username and password. However we want to treat them as if
105
- # they weren't set at all.
106
- @user.password_digest = nil if params[:password].blank?
107
- if @user.save
108
- @user.clear_token
109
- flash_if_present :notice, 'quo_vadis.flash.activation.accepted'
110
- sign_in @user
111
- else
112
- flash_if_present :alert, 'quo_vadis.flash.activation.invalid_credentials', :now
113
- render 'sessions/invite'
37
+ if QuoVadis.accounts_require_confirmation && !account.confirmed?
38
+ redirect_to new_confirmation_path, notice: QuoVadis.translate('flash.confirmation.required')
39
+ return
114
40
  end
115
- else
116
- invalid_token :activation
117
- end
118
- end
119
41
 
120
- # Invites a user to set up their sign-in credentials.
121
- def invite_to_activate(user, data = {})
122
- return false if user.email.blank?
123
- user.generate_token!
124
- QuoVadis::Notifier.invite(user, data).deliver
125
- true
126
- end
127
- hide_action :send_invitation
42
+ # no params[:remember] => use QuoVadis.session_lifetime
43
+ # params[:remember] == 0 => use :session
44
+ # params[:remember] == 1 => use QuoVadis.session_lifetime
45
+ browser_session = params[:remember] == '0'
46
+
47
+ flash[:notice] = QuoVadis.translate 'flash.login.success'
128
48
 
129
- private
49
+ login account.model, browser_session
130
50
 
131
- def invalid_token(workflow) # :nodoc:
132
- if workflow == :activation
133
- flash_if_present :alert, 'quo_vadis.flash.activation.invalid_token'
134
- redirect_to root_path
135
- else
136
- flash_if_present :alert, 'quo_vadis.flash.forgotten.invalid_token'
137
- redirect_to forgotten_sign_in_url
51
+ redirect_to qv.path_after_authentication
138
52
  end
139
- end
140
53
 
141
- def quo_vadis_layout # :nodoc:
142
- QuoVadis.layout
143
- end
144
54
 
145
- def flash_if_present(key, i18n_key, now = false)
146
- if now
147
- flash.now[key] = t(i18n_key) if t(i18n_key).present?
148
- else
149
- flash[key] = t(i18n_key) if t(i18n_key).present?
55
+ def destroy
56
+ if params[:id] # other session
57
+ current_qv_session = qv.session
58
+ current_qv_session.account.sessions.destroy params[:id]
59
+ qv.log current_qv_session.account, Log::LOGOUT_OTHER
60
+ flash[:notice] = QuoVadis.translate 'flash.logout.other'
61
+ redirect_to action: :index
62
+ else # this session
63
+ qv.log authenticated_model.qv_account, Log::LOGOUT
64
+ qv.logout
65
+ flash[:notice] = QuoVadis.translate 'flash.logout.self'
66
+ redirect_to main_app.root_path
67
+ end
150
68
  end
151
- end
152
69
 
70
+ end
153
71
  end