rails_base 0.51.0

data/app/views/rails_base/shared/_logged_in_header.html.erb

@@ -0,0 +1,123 @@
+<nav class="navbar navbar-expand-lg navbar-light bg-light">
+  <a class="navbar-brand" href="#"><%= RailsBase.config.app.web_title_logged_in(current_user)%></a>
+  <button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#navbarSupportedContent" aria-controls="navbarSupportedContent" aria-expanded="false" aria-label="Toggle navigation">
+    <span class="navbar-toggler-icon"></span>
+  </button>
+
+  <div class="collapse navbar-collapse" id="navbarSupportedContent">
+    <ul class="navbar-nav mr-auto">
+      <% Rails.application.config.n_logged_in.each_with_index do |link_helper, index| %>
+      <% next unless link_helper.display?(current_user) %>
+      <li class="nav-item  <%= 'active' if index==0 %>">
+        <a class="nav-link" href="<%= link_helper.url %>" <%= "target='_blank'" if link_helper.blank? %> >
+          <%= link_helper.title %>
+          <% if index==0 %>
+          <span class="sr-only">(current)</span>
+          <% end %>
+        </a>
+      </li>
+      <% end %>
+    </ul>
+    <% if defined?(@error_page)%>
+      <button onclick="goBack()" class="btn btn_warning">
+        &#8592; Return to Previous page
+      </button>
+    <%else%>
+    <button type="button" class="btn btn_secondary" data-toggle="modal" data-target="#settings_modal">
+      My Settings
+    </button>
+    <%end%>
+  </div>
+</nav>
+
+<!-- Modal -->
+<div class="modal fade" id="settings_modal" tabindex="-1" role="dialog" aria-labelledby="appearance_mode_selectorTitle" aria-hidden="true">
+  <div class="modal-dialog modal-dialog-centered" role="document">
+    <div class="modal-content">
+      <div class="modal-header">
+        <h5 class="modal-title" id="appearance_mode_selectorTitle">My Settings</h5>
+        <button type="button" class="close" data-dismiss="modal" aria-label="Close">
+          <span aria-hidden="true">&times;</span>
+        </button>
+      </div>
+      <div class="modal-body ">
+        <div class='row'>
+          <div class='col'>
+            <% if RailsBase.config.mfa.enable? %>
+              <% if current_user.mfa_enabled %>
+                <button type="button" class="btn btn-block btn_info close-me" data-toggle="modal" data-target="#modifyMfamodal">
+                    Modify 2fa Auth
+                </button>
+              <% else %>
+                <button type="button" class="btn btn-block btn_info close-me" data-toggle="modal" data-target="#enableMfamodal">
+                  Enable 2fa Auth
+                </button>
+              <% end %>
+            <% end %>
+          </div>
+        </div>
+        </br>
+        <div class='row'>
+          <div class='col'>
+            <a class="btn btn_info btn-block" href="<%=RailsBase.url_routes.user_settings_path%>" role="button">Modify User</a>
+          </div>
+        </div>
+        </br>
+        <div class='row'>
+          <div class='col'>
+          <%= render partial: 'rails_base/shared/appearance_mode_selector', locals: { btn: 'btn-block', display: true } %>
+          </div>
+        </div>
+        </br>
+          <div class="dropdown-divider"></div>
+        <div class='row'>
+          <div class='col'>
+          <%= button_to 'Logout', RailsBase.url_routes.signout_path, method: :delete, class: 'btn btn_danger btn-block'  %>
+          </div>
+        </div>
+      </div>
+    </div>
+  </div>
+</div>
+
+<% if RailsBase.config.mfa.enable? %>
+  <% if current_user.mfa_enabled %>
+    <%= render partial: 'rails_base/shared/modify_mfa_auth_modal'%>
+  <% else %>
+    <%= render partial: 'rails_base/shared/enable_mfa_auth_modal'%>
+  <% end %>
+<% end %>
+
+<% if @__admin_actions_array && @__admin_actions_array.present? %>
+  <%= render partial: 'rails_base/shared/admin_actions_modal'%>
+<% end %>
+
+<% if session[RailsBase::Authentication::Constants::ADMIN_REMEMBER_REASON].present? %>
+  <div class="alert alert-warning" role="alert">
+    <%= render partial: 'rails_base/shared/admin_warning_alert' %>
+  </div>
+<% end %>
+
+<% if RailsBase.config.auth.session_timeout %>
+  <% show_warning = RailsBase.config.auth.session_timeout_warning %>
+  <% if show_warning %>
+    <%= render partial: 'rails_base/shared/session_timeout_modal'%>
+  <% end %>
+<script type="text/javascript">
+  <%
+  # this is to account for the delay
+  timeout = RailsBase.config.auth.session_timeout
+  %>
+  sessionManager.init(<%= timeout %>, '<%= RailsBase.url_routes.heartbeat_without_auth_path %>', '<%= RailsBase.url_routes.heartbeat_with_auth_path %>' ,$('meta[name="csrf-token"]').attr('content'), <%= show_warning %>)
+
+  $('.close-me').on('click', function (e) {
+    $("#settings_modal").modal('hide');
+  })
+  $('#settings_modal').on('shown.bs.modal', function (e) {
+    $('.navbar-collapse').collapse('hide');
+  });
+</script>
+<% end%>
+
+
+

data/app/views/rails_base/shared/_logged_out_header.html.erb

@@ -0,0 +1,14 @@
+<nav class="navbar navbar-expand-lg navbar-light bg-light">
+  <a class="navbar-brand" href="#"><%= RailsBase.config.app.web_title_logged_out %></a>
+  <button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#navbarSupportedContent" aria-controls="navbarSupportedContent" aria-expanded="false" aria-label="Toggle navigation">
+    <span class="navbar-toggler-icon"></span>
+  </button>
+
+  <div class="collapse navbar-collapse" id="navbarSupportedContent">
+    <div class="mr-auto">
+    </div>
+    <a class="btn btn_primary my-2 my-sm-0" href="<%=Rails.application.routes.url_helpers.new_user_registration_path%>" role="button">Sign Up</a>
+  </div>
+</nav>
+
+<%= render partial: 'rails_base/shared/appearance_mode_selector', locals: { btn: 'btn', display: false } %>

data/app/views/rails_base/shared/_mfa_input_layout.html.erb

@@ -0,0 +1,5 @@
+<% if !mfa_fallback? %>
+<%= render partial: 'rails_base/shared/mfa_input_layout_fallback', locals: { url: url, size: size, masked_phone: masked_phone}%>
+<% else %>
+  <%= render partial: 'rails_base/shared/mfa_input_layout_default', locals: { url: url, size: size, masked_phone: masked_phone}%>
+<% end %>

data/app/views/rails_base/shared/_mfa_input_layout_default.html.erb

@@ -0,0 +1,97 @@
+<%= form_for :mfa, url: url do |f| %>
+  <div class="form-group text-center">
+    <div class="text-center" style="font-size: <%= size %>px">
+      Please enter the MFA code you received at <%= masked_phone %>
+    </div>
+    <span>
+      <div class style="font-size: <%= size %>px;">
+        <% RailsBase::Authentication::Constants::MFA_LENGTH.times do |index| %>
+          <%= f.text_field "#{RailsBase::Authentication::Constants::MV_BASE_NAME}#{index}", type: "tel", style: "caret-color: transparent; text-align: center;", class: "numbersOnly digit mfa-validator", size: 1, maxlength: 1, autofocus: index==0 %>
+        <% end %>
+      </div>
+    </span>
+  </div>
+  <div class="text-center">
+    <% unless defined?(disable) %>
+    <%= f.submit "submit", class: "submit-mfa btn btn_success", style: "width: 50%;", disabled: true %>
+    <%end%>
+  </div>
+<% end %>
+
+
+<script type="text/javascript">
+  $('.mfa-validator').keyup(function(event){
+    this.value = this.value.replace(/[^0-9\.]/g,'');
+    var valid_char = this.value != '';
+    if(valid_char){
+      var next_mfa_id = get_next_mfa($(this).attr('id'));
+      if(next_mfa_id==undefined){
+        $(this).focus();
+        return
+      }
+      $(`#${next_mfa_id}`).focus();
+    } else {
+      $(this).focus();
+    }
+    submit_button_prop();
+  })
+
+  $(".mfa-validator").click(function(event){
+    var next_mfa_id = $(this).attr('id');
+    $(`#${next_mfa_id}`).val('');
+    while (next_mfa_id = get_next_mfa(next_mfa_id)) {
+      $(`#${next_mfa_id}`).val('');
+    }
+    $('.submit-mfa').prop('disabled', true);
+  });
+
+  function submit_button_prop(){
+    var disabled = false
+    var inputs = $(".mfa-validator");
+    for(var i = 0; i < inputs.length; i++){
+      if($(inputs[i]).val().length==0){
+        disabled = true;
+        break;
+      }
+    }
+    $('.submit-mfa').prop('disabled', disabled);
+  }
+
+  function get_next_mfa(elem_id) {
+    var max_length = <%= RailsBase::Authentication::Constants::MFA_LENGTH %>;
+    var elem_array = elem_id.split('_');
+    var last_elem = elem_array.pop();
+    if(isNaN(last_elem)){
+      return undefined
+    }
+    var last_elem_as_int = parseInt(last_elem)
+    if(last_elem_as_int>=max_length){
+      return undefined
+    }
+    elem_array.push(last_elem_as_int + 1)
+    return elem_array.join('_')
+  }
+
+  function paste_mfa_input(pastedData){
+    var pastedDataOg = e.originalEvent.clipboardData.getData('text');
+    if(pastedDataOg.length != <%= RailsBase::Authentication::Constants::MFA_LENGTH %>){
+      return;
+    }
+    pastedData = pastedDataOg.split('');
+    pastedDataIsNotANumber = pastedData.every(function (pos) {
+      return isNaN(pos)
+    });
+
+    if(pastedDataIsNotANumber) {
+      return;
+    }
+
+    <% # We know pasted data is correct length %>
+    <% # We know pasted data is all numbers %>
+    <% # Paste it into the correct boxes %>
+
+    <% RailsBase::Authentication::Constants::MFA_LENGTH.times do |index| %>
+    $("#<%= "mfa_#{RailsBase::Authentication::Constants::MV_BASE_NAME}#{index}"%>").val(pastedData[<%= index %>])
+    <% end %>
+  }
+</script>

data/app/views/rails_base/shared/_mfa_input_layout_fallback.html.erb

@@ -0,0 +1,55 @@
+<%= form_for :mfa, url: url, html: { class: 'mfa_submission', novalidate: true} do |f| %>
+  <div class="form-group text-center">
+    <div class="text-center" style="font-size: <%= size %>px">
+      Please enter the MFA code you received at <%= masked_phone %>
+    </div>
+    <div class='row justify-content-center' style="font-size: <%= size %>px;">
+      <div class="col-xs-2">
+        <%= text_field_tag 'alternate_mfa', nil, maxlength: RailsBase::Authentication::Constants::MFA_LENGTH, class: 'text-center form-control', autofocus: true, type: "tel", style: "font-size:#{size}px;"  %>
+        <div class="invalid-feedback">
+          2FA code must be <%= RailsBase::Authentication::Constants::MFA_LENGTH %> numbers
+        </div>
+      </div>
+    </div>
+    <% RailsBase::Authentication::Constants::MFA_LENGTH.times do |index| %>
+      <%= f.hidden_field "#{RailsBase::Authentication::Constants::MV_BASE_NAME}#{index}", style: "caret-color: transparent; text-align: center;", class: "numbersOnly digit mfa-validator form-control", size: 1, maxlength: 1, autofocus: index==0 %>
+    <% end %>
+  </div>
+  <div class="text-center">
+    <%= f.submit "submit", class: "submit-mfa btn btn_success", style: "width: 50%;"%>
+  </div>
+<% end %>
+
+<script type="text/javascript">
+  $('.mfa_submission').submit(function( event ) {
+    console.log($('#alternate_mfa').val())
+    var length_match = $('#alternate_mfa').val().length === <%= RailsBase::Authentication::Constants::MFA_LENGTH %>;
+    var valid_data = !invalidate_data($('#alternate_mfa').val());
+    if (length_match && valid_data){
+      set_values($('#alternate_mfa').val())
+      return
+    }
+
+    event.preventDefault();
+    event.stopPropagation();
+    $('#alternate_mfa').addClass('is-invalid');
+    $('#alternate_mfa').val('')
+    $('#alternate_mfa').focus();
+  });
+
+  function set_values(data) {
+    var dataArr = data.split('')
+    <% RailsBase::Authentication::Constants::MFA_LENGTH.times do |index| %>
+    $('#<%="mfa_#{RailsBase::Authentication::Constants::MV_BASE_NAME}#{index}"%>').val(data[<%=index%>])
+    <% end %>
+  }
+
+  function invalidate_data(data) {
+    dataArr = data.split('');
+    var dataIsNotANumber = dataArr.every(function (pos) {
+      return isNaN(pos)
+    });
+    console.log(dataIsNotANumber)
+    return dataIsNotANumber
+  }
+</script>

data/app/views/rails_base/shared/_modify_mfa_auth_modal.html.erb

@@ -0,0 +1,20 @@
+<% confirm = "Disabling 2fa on your account will make it more vulnerable. Are you sure you want to disable two factor authentication via SMS text?" %>
+
+<div class="modal fade" id="modifyMfamodal" tabindex="-1" role="dialog" aria-labelledby="exampleModalLabel" aria-hidden="true">
+  <div class="modal-dialog modal-lg" role="document">
+    <div class="modal-content">
+      <div class="modal-header">
+        <h5 class="modal-title" id="exampleModalLabel">Disable MFA via SMS</h5>
+        <button type="button" class="close" data-dismiss="modal" aria-label="Close">
+          <span aria-hidden="true">&times;</span>
+        </button>
+      </div>
+      <div class="modal-body">
+        <%= button_to "Disable 2fa", RailsBase.url_routes.remove_phone_registration_mfa_path, data: { confirm: confirm }, method: :delete, class: "btn btn_danger btn-block" %>
+      </div>
+      <div class="modal-footer">
+        <button type="button" class="mr-auto btn btn_secondary" data-dismiss="modal">Close</button>
+      </div>
+    </div>
+  </div>
+</div>

data/app/views/rails_base/shared/_password_confirm_javascript.html.erb

@@ -0,0 +1,71 @@
+<script type="text/javascript">
+  function user_password_validity(){
+    var value = $('#<%= id_password %>').val()
+    if (value < <%= RailsBase::Authentication::Constants::MP_MIN_LENGTH %>){
+      return false
+    }
+
+    var numbers = value.replace(/[a-zA-Z]/g,'')
+    if(numbers.length < <%= RailsBase::Authentication::Constants::MP_MIN_NUMS %>){
+      return false
+    }
+
+    var chars = value.replace(/[0-9]/g,'')
+    if(chars.length < <%= RailsBase::Authentication::Constants::MP_MIN_ALPHA %>){
+      return false
+    }
+
+    var unknown = value.replace(/[0-9a-zA-Z]/g,'')
+    if(unknown.length > 0) {
+      return false
+    }
+    true
+  };
+
+  $('#<%= id_password %>').focus(function() {
+    if(<%= enable_submit %>){
+      $('.<%= submit_klass %>').prop('disabled', false);
+    };
+    $('#<%= id_password_conf %>').val('')
+    $('#<%= id_password_conf %>').removeClass('is-invalid')
+    $('#<%= id_password_conf %>').removeClass('is-valid')
+    $('#<%= id_password %>').removeClass('is-valid')
+    $('#<%= id_password %>').removeClass('is-invalid')
+  });
+
+  $('#<%= id_password %>').blur(function() {
+    if (user_password_validity() === false) {
+      $('#<%= id_password %>').focus();
+      $('#<%= id_password %>').val('');
+      $('#<%= id_password %>').addClass('is-invalid');
+    } else {
+      $('#<%= id_password %>').removeClass('is-invalid');
+      if(<%= enable_submit %>){
+        $('.<%= submit_klass %>').prop('disabled', false);
+      };
+    }
+  });
+
+  $('.<%= form_klass %>').submit(function( event ) {
+    if ($('#<%= id_password_conf %>').val() === $('#<%= id_password %>').val()){
+      return
+    }
+
+    event.preventDefault();
+    event.stopPropagation();
+    $('#<%= id_password_conf %>').addClass('is-invalid');
+    $('#<%= id_password_conf %>').val('')
+    $('#<%= id_password_conf %>').focus();
+  });
+
+  $('#<%= id_password_conf %>').keyup(function(event){
+    if ($('#<%= id_password_conf %>').val() === $('#<%= id_password %>').val()){
+      $('#<%= id_password_conf %>').addClass('is-valid');
+      $('#<%= id_password_conf %>').removeClass('is-invalid');
+      $('#<%= id_password %>').addClass('is-valid');
+    } else {
+      $('#<%= id_password_conf %>').removeClass('is-valid')
+      $('#<%= id_password %>').removeClass('is-valid');
+    }
+  });
+</script>

data/app/views/rails_base/shared/_reset_password_form.html.erb

@@ -0,0 +1,111 @@
+<%= form_for(:user, as: :user, url: url, html: { method: :post, class: 'password-reset-needs-validation', id: 'password-reset-confirmation', novalidate: true }) do |f| %>
+	<div class="field form-group row">
+	  <div class="col-md-10 offset-md-1">
+      <%= f.password_field :password, autofocus: true, autocomplete: "new-password", placeholder: "Password", class: 'form-control', required: true %>
+      <div class="invalid-feedback">
+        <%= RailsBase::Authentication::Constants::MP_REQ_MESSAGE %>
+      </div>
+	  </div>
+  </div>
+  <div class="field form-group row">
+    <div class="col-md-10 offset-md-1">
+      <%= f.password_field :password_confirmation, autocomplete: "new-password", placeholder: "Password Confirmation", class: 'form-control', required: true %>
+      <div class="invalid-feedback">
+        Password Confirmation does not match Password
+      </div>
+      <div class="valid-feedback">
+        Password and Password Confirmation match!
+      </div>
+    </div>
+	</div>
+
+  <% if sign_in_flow %>
+    <div class="actions row">
+      <div class="col-md-10 offset-md-1 text-center">
+        <div class="row">
+          <div class="col-md-9">
+            <%= f.submit "Reset Password", class: "reset-password-submit btn btn_success btn-block", disabled: true %>
+          </div>
+          <div class="col-md-3">
+            <a class="btn btn_primary btn-block" href="<%=RailsBase.url_routes.new_user_session_path%>" role="button">Sign in</a>
+          </div>
+        </div>
+      </div>
+    </div>
+  <% else %>
+  <div class="actions row">
+    <div class="col-md-10 offset-md-1 text-center">
+      <%= f.submit "Reset Password", class: "btn btn_success btn-block" %>
+    </div>
+  </div>
+  <% end %>
+<% end %>
+
+
+<script type="text/javascript">
+  function user_password_validity(){
+    var value = $('#user_password').val()
+    if (value < <%= RailsBase::Authentication::Constants::MP_MIN_LENGTH %>){
+      return false
+    }
+
+    var numbers = value.replace(/[a-zA-Z]/g,'')
+    if(numbers.length < <%= RailsBase::Authentication::Constants::MP_MIN_NUMS %>){
+      return false
+    }
+
+    var chars = value.replace(/[0-9]/g,'')
+    if(chars.length < <%= RailsBase::Authentication::Constants::MP_MIN_ALPHA %>){
+      return false
+    }
+
+    var unknown = value.replace(/[0-9a-zA-Z]/g,'')
+    if(unknown.length > 0) {
+      return false
+    }
+    true
+  };
+
+  $('#user_password').focus(function() {
+    $('.reset-password-submit').prop('disabled', true);
+    $('#user_password_confirmation').val('')
+    $('#user_password_confirmation').removeClass('is-invalid')
+    $('#user_password_confirmation').removeClass('is-valid')
+    $('#user_password').removeClass('is-valid')
+    $('#user_password').removeClass('is-invalid')
+  });
+
+  $('#user_password').blur(function() {
+    if (user_password_validity() === false) {
+      $('#user_password').focus();
+      $('#user_password').val('');
+      $('#user_password').addClass('is-invalid');
+    } else {
+      $('#user_password').removeClass('is-invalid');
+      $('.reset-password-submit').prop('disabled', false);
+    }
+  });
+
+  $('.password-reset-needs-validation').submit(function( event ) {
+    if ($('#user_password_confirmation').val() === $('#user_password').val()){
+      return
+    }
+
+    event.preventDefault();
+    event.stopPropagation();
+    $('#user_password_confirmation').addClass('is-invalid');
+    $('#user_password_confirmation').val('')
+    $('#user_password_confirmation').focus();
+  });
+
+  $("#user_password_confirmation").keyup(function(event){
+    if ($('#user_password_confirmation').val() === $('#user_password').val()){
+      $('#user_password_confirmation').addClass('is-valid');
+      $('#user_password_confirmation').removeClass('is-invalid');
+      $('#user_password').addClass('is-valid');
+    } else {
+      $('#user_password_confirmation').removeClass('is-valid')
+      $('#user_password').removeClass('is-valid');
+    }
+  });
+</script>