tb_core 1.3.3 → 1.3.4

data/app/controllers/admin/user_sessions_controller.rb

@@ -12,36 +12,9 @@ class Admin::UserSessionsController < Admin::ApplicationController
     end
     @user_session = SpudUserSession.new
   end
-  
-  def create
-    @user_session = SpudUserSession.new(params[:spud_user_session])
-    if @user_session.save
-      flash[:notice] = "Login successful!"
-      redirect_to redirect_path_for_admin
-    else
-      render :action => :new
-    end
-  end
-  
-  def destroy
-    current_user_session.destroy unless current_user_session.blank?
-    flash[:notice] = "Logout successful!"
-    redirect_to admin_login_path
-  end
 
   def legacy_redirect
     redirect_to admin_login_path
   end
 
-private
-
-  def redirect_path_for_admin
-    back_or_default = back_or_default(admin_root_path)
-    if /\/admin\//.match(back_or_default)
-      return back_or_default
-    else
-      return admin_root_path
-    end
-  end
-
 end

data/app/controllers/admin/users_controller.rb

@@ -1,8 +1,10 @@
 class Admin::UsersController < Admin::ApplicationController
 
+  self.responder = TbCore::Responder
   belongs_to_spud_app :users
   add_breadcrumb "Users", :admin_users_path
   before_action :load_user, :only => [:edit, :update, :show, :destroy]
+  after_action :send_credentials_email, :only => [:create, :update]
   respond_to :html
 
   def index
@@ -19,7 +21,15 @@ class Admin::UsersController < Admin::ApplicationController
 
   def new
     @user = SpudUser.new
-    respond_with @user
+    respond_with @user do |format|
+      format.html{
+        if request.xhr?
+          render 'new', :layout => false
+        else
+          render 'new'
+        end
+      }
+    end
   end
 
   def create
@@ -28,17 +38,33 @@ class Admin::UsersController < Admin::ApplicationController
   end
 
   def edit
-    respond_with @user
+    respond_with @user do |format|
+      format.html{
+        if request.xhr?
+          render 'edit', :layout => false
+        else
+          render 'edit'
+        end
+      }
+    end
   end
 
   def update
-    @user.update_attributes(user_params)
+    if @user.update_attributes(user_params)
+      if @user == current_user && user_params[:password].present?
+        SpudUserSession.create(@user)
+      end
+    end
     respond_with @user, :location => admin_user_path(@user), :status => 200
   end
 
   def destroy
     @user.destroy
-    respond_with @user, :location => admin_users_path
+    respond_with @user, :location => admin_users_path do |format|
+      format.js{
+        render :nothing => true, :status => 200
+      }
+    end
   end
 
 private
@@ -56,4 +82,11 @@ private
     params.require(:spud_user).permit!
   end
 
+  def send_credentials_email
+    if params[:send_email] && user_params[:password] && !@user.errors.any?
+      TbCoreMailer.user_credentials(@user, user_params[:password]).deliver_later
+    end
+    return true
+  end
+
 end

data/app/controllers/password_resets_controller.rb

@@ -13,7 +13,7 @@ class PasswordResetsController < ApplicationController
     @user = SpudUser.find_by_email(params[:email])
     if @user
       @user.reset_perishable_token!
-      CoreMailer.forgot_password_notification(@user, password_reset_url(@user.perishable_token)).deliver_later
+      TbCoreMailer.forgot_password_notification(@user, password_reset_url(@user.perishable_token)).deliver_later
       flash[:notice] = "Password reset instructions have been sent to your email"
       redirect_to login_path
     else

data/app/controllers/spud/application_controller.rb

@@ -3,8 +3,9 @@ class Spud::ApplicationController < ActionController::Base
   ActiveSupport.run_load_hooks(:spud_application_controller, self)
 
   protect_from_forgery
-  helper_method :current_user_session, :current_user, :current_user_id
-  around_filter :set_time_zone
+  helper_method :current_user_session, :current_user, :current_user_id, :back_or_default
+  before_action :check_requires_password_change
+  around_action :set_time_zone
 
   include TbCore::ApplicationHelper
   before_action :set_mailer_default_url
@@ -43,19 +44,22 @@ private
 
   def require_user
     unless current_user
-      respond_to do |format|
-        format.html{ redirect_to login_path(:return_to => request.path) }
-        format.json{ raise Spud::AccessDeniedError.new() }
-      end
-      return false
+      raise Spud::UnauthorizedError.new()
     end
     return true
   end
 
+  # Override this in a controller to redifine where the login form is
+  #
+  def login_path_for_require_user
+    login_path(:return_to => request.path)
+  end
+
   def require_admin_user
-    if current_user.blank? || !current_user.has_admin_rights?
+    if current_user.blank?
+      raise Spud::UnauthorizedError.new()
+    elsif !current_user.has_admin_rights?
       raise Spud::AccessDeniedError.new()
-      return false
     end
   end
 
@@ -63,12 +67,19 @@ private
     redirect_to(back_or_default(default))
   end
 
-  def back_or_default(default)
+  def back_or_default(default='/')
     if params[:return_to]
       uri = URI.parse(params[:return_to].to_s)
       return uri.path
     else
-      return default  
+      return default
+    end
+  end
+
+  def check_requires_password_change
+    if current_user.present? && current_user.requires_password_change?
+      redirect_to(login_change_password_path(:return_to => request.path))
+      return false
     end
   end
 
@@ -82,6 +93,17 @@ private
 
   def handle_request_error(error)
     error.request_url = request.original_url
+    error.template = template_for_request_error() if respond_to?(:template_for_request_error, true)
+
+    if error.is_a?(Spud::UnauthorizedError)
+      if should_present_basic_auth?
+        headers["WWW-Authenticate"] = "Basic realm=\"#{Spud::Core.config.site_name}\""
+      elsif request.format.html?
+        redirect_to(login_path_for_require_user)
+        return false
+      end
+    end
+
     respond_to do |format|
       format.json{ render :json => {:errors => error.message}, :status => error.code }
       format.xml{ render :xml => {:errors => error.message}, :status => error.code }
@@ -92,6 +114,10 @@ private
     end
   end
 
+  def should_present_basic_auth?
+    return request.headers['X-TWICE-BAKED-BASIC-AUTH'].present?
+  end
+
   def handle_record_not_found(error)
     error = Spud::NotFoundError.new('record')
     handle_request_error(error)

data/app/controllers/user_sessions_controller.rb

@@ -1,27 +1,63 @@
-class UserSessionsController < ApplicationController
+  class UserSessionsController < ApplicationController
 
-  skip_before_action :require_user
-  respond_to :html
+  skip_before_action :require_user, :only => [:new, :create, :destroy]
+  skip_before_action :check_requires_password_change, :only => [:destroy, :change_password, :set_change_password]
+
+  respond_to :html, :json, :js
+  self.responder = TbCore::Responder
   layout 'user_sessions'
   
   def new
     @user_session = SpudUserSession.new
+    render 'new'
   end
   
   def create
     @user_session = SpudUserSession.new(params[:spud_user_session])
-    if @user_session.save
-      flash[:notice] = "Login successful!"
-      redirect_back_or_default('/')
-    else
-      render 'new'
+    logged_in = @user_session.save()
+    respond_with @user_session do |format|
+      format.html{
+        if logged_in
+          flash[:notice] = "Login successful!"
+          redirect_back_or_default('/')
+        else
+          render 'new'
+        end
+      }
     end
   end
   
   def destroy
     current_user_session.destroy unless current_user_session.blank?
-    flash[:notice] = "Logout successful!"
-    redirect_back_or_default(login_path)
+    respond_with({}) do |format|
+      format.html{
+        flash[:notice] = "Logout successful!"
+        redirect_back_or_default(login_path)
+      }
+    end
+  end
+
+  def change_password
+    render 'change_password'
+  end
+
+  def set_change_password
+    current_user.update_attributes(change_password_params)
+    respond_with current_user do |format|
+      format.html{
+        if current_user.errors.any?
+          render 'change_password'
+        else
+          redirect_back_or_default('/')
+        end
+      }
+    end
+  end
+
+private
+
+  def change_password_params
+    params.require(:spud_user).permit(:password, :password_confirmation)
   end
 
 end

data/app/helpers/admin/application_helper.rb

@@ -2,7 +2,14 @@ module Admin::ApplicationHelper
 
   def timestamp(timedate=nil)
     return "Never" if timedate.blank?
-    return Time.now() - timedate > 604800 ? timedate.strftime("%B %d") + ' at ' + timedate.strftime("%I:%M %p") : time_ago_in_words(timedate) + ' ago'
+
+    if Time.now() > timedate # in the past
+      return Time.now() - timedate > 604800 ? timedate.strftime("%B %d, %Y") + ' at ' + timedate.strftime("%I:%M %p") : time_ago_in_words(timedate) + ' ago'
+    elsif Time.now() < timedate # in the future
+      return timedate.strftime("%B %d, %Y") + ' at ' + timedate.strftime("%I:%M %p")
+    else
+      return "Right now"
+    end
   end
 
   def url_for_admin_dashboard_application(url)

data/app/helpers/spud/application_helper.rb

@@ -0,0 +1,36 @@
+module Spud::ApplicationHelper
+
+  def tb_page_title
+    if content_for?(:title)
+      title = content_for(:title) + ' | ' + Spud::Core.site_name
+    elsif @page_title
+      title = @page_title + ' | ' + Spud::Core.site_name
+    else
+      title = Spud::Core.site_name
+    end
+    return content_tag :title, title
+  end
+
+  def current_site_name
+    return Spud::Core.config.site_name
+  end
+
+  def cache_key_for_spud_collection(collection, key:'view', cache_params:[], for_user:false)
+    cache_keys = [controller_name, action_name, key]
+    cache_keys << collection.collect(&:updated_at).max().try(:utc).try(:to_i)
+    if for_user
+      cache_keys << current_user_id
+    end
+    if cache_params.any?
+      cache_keys += cache_params.collect{ |cache_param| params[cache_param] || 'nil' }
+    end
+    cache_keys += collection.collect(&:id)
+    cache_key = cache_keys.join('/')
+    if cache_key.length > 250
+      return Digest::SHA1.hexdigest(cache_key)
+    else
+      return cache_key
+    end
+  end
+
+end

data/app/helpers/tb_core/application_helper.rb

@@ -54,9 +54,9 @@ module TbCore::ApplicationHelper
 
   def tb_page_title
     if content_for?(:title)
-      title = content_for(:title) + ' : ' + Spud::Core.site_name
+      title = content_for(:title) + ' | ' + Spud::Core.site_name
     elsif @page_title
-      title = @page_title + ' : ' + Spud::Core.site_name
+      title = @page_title + ' | ' + Spud::Core.site_name
     else
       title = Spud::Core.site_name
     end

data/app/mailers/tb_core_mailer.rb

@@ -0,0 +1,25 @@
+class TbCoreMailer < ActionMailer::Base
+
+  layout 'mailer'
+
+  def forgot_password_notification(user, url)
+    @user = user
+    @url = url
+    mail(:from =>Spud::Core.from_address, :to => to_address_for_user(user), :subject => default_i18n_subject(:site_name => Spud::Core.site_name))
+  end
+
+  def user_credentials(user, password)
+    @user = user
+    @password = password
+    mail(:from => Spud::Core.from_address, :to => to_address_for_user(user), :subject => default_i18n_subject(:site_name => Spud::Core.site_name))
+  end
+
+private
+
+  def to_address_for_user(user)
+    address = Mail::Address.new(user.email)
+    address.display_name = user.full_name
+    return address.format
+  end
+
+end

data/app/models/spud/spud_user_model.rb

@@ -13,7 +13,10 @@ class Spud::SpudUserModel < ActiveRecord::Base
 
   belongs_to :role, :class_name => 'SpudRole', :foreign_key => 'spud_role_id'
   has_many :spud_user_settings
+
+  validates :first_name, :last_name, :presence => true
   before_validation :set_login_to_email, :if => ->{ Spud::Core.config.use_email_as_login }
+  before_update :unset_requires_password_change
 
   scope :admins, ->{
     where('super_admin = 1 OR role_id IS NOT NULL')
@@ -33,6 +36,10 @@ class Spud::SpudUserModel < ActiveRecord::Base
     return "#{self.first_name} #{self.last_name}"
   end
 
+  def full_name_with_email
+    return "#{full_name} (#{email})"
+  end
+
   # Returns true if user can view at least one dashboard app
   def has_admin_rights?
     if self.super_admin?
@@ -114,4 +121,11 @@ private
     return true
   end
 
+  def unset_requires_password_change
+    if password_changed? && !requires_password_change_changed?(:to => true)
+      self.requires_password_change = false
+    end
+    return true
+  end
+
 end

data/app/views/admin/setup/new.html.erb

@@ -4,25 +4,17 @@
 %>
 
 <% content_for :detail do %>
-	<% form_for @spud_user, :url => admin_setup_path, :html => {:class => "form-horizontal"} do |f| %>
+	<% tb_form_for @spud_user, :url => admin_setup_path do |f| %>
 		<%= tb_form_errors f.object %>
 
 		<% if !Spud::Core.config.use_email_as_login %>
-			<div class="form-group">
-				<%= f.label :login, "Login", :class => "col-sm-2 control-label" %>
-				<div class="col-sm-10">
-					<%= f.text_field :login, :class=>'form-control' %>
-				</div>
-			</div>
+			<%= f.tb_text_field :login %>
 		<% end %>
 		
-		<div class="form-group">
-			<%= f.label :email, "Email", :class => "col-sm-2 control-label" %>
-			<div class="col-sm-10">
-				<%= f.text_field :email, :class=>'form-control' %>
-			</div>
-		</div>
-		
+		<%= f.tb_text_field :email %>
+		<%= f.tb_text_field :first_name %>
+		<%= f.tb_text_field :last_name %>
+
 		<div class="form-group">
 			<%= f.label :password, "Password", :class => "col-sm-2 control-label" %>
 			<div class="col-sm-10">

data/app/views/admin/user_sessions/new.html.erb

@@ -1,25 +1 @@
-<%= form_for @user_session, :url => admin_login_path do |f| %>
-  
-  <%= tb_form_errors(f.object) %>
-
-  <% if params[:return_to] %>
-    <%= hidden_field_tag :return_to, params[:return_to] %>
-  <% end %>
-  <div class="form-group">
-    <% if Spud::Core.config.use_email_as_login %>
-      <%= f.label :email, :class => 'form-label' %>
-      <%= f.text_field :email, :placeholder => 'Email', :autofocus => 'autofocus', :autocomplete => 'username', :class => 'form-control' %>
-    <% else %>
-      <%= f.label :login, :class => 'form-label' %>
-      <%= f.text_field :login, :placeholder => 'Username', :autofocus => 'autofocus', :autocomplete => 'username', :class => 'form-control' %>
-    <% end %>
-  </div>
-  <div class="form-group">
-  	<%= f.label :password, :class => 'form-label' %>
-  	<%= f.password_field :password, :placeholder => 'Password', :autocomplete => 'current-password', :class => 'form-control' %>
-  </div>
-  <div class="form-group">
-  	<%= f.submit "Login", :class => 'btn btn-primary' %> or <%=link_to "Forgot Password?", admin_password_resets_path %>
-  </div>
-
-<% end %>
+<%= render '/user_sessions/form', :return_to => admin_root_path, :password_resets_path => admin_password_resets_path %>

data/app/views/admin/users/_form.html.erb

@@ -1,5 +1,5 @@
-<%= tb_form_for @user, :url => path, :remote => true, :data => {:errors => :inline, :success => admin_users_path} do |f| %>
-  
+<%= tb_form_for @user, :url => path, :remote => true, :data => {:errors => :inline, :success => back_or_default(admin_users_path)}, :html => {:class => 'user-form'} do |f| %>
+
   <%= tb_form_error_header(f.object) %>
 
   <h4>User Details</h4>
@@ -19,6 +19,29 @@
   <%= f.tb_password_field :password %>
   <%= f.tb_password_field :password_confirmation %>
 
+  <div class="form-group">
+    <div class="col-sm-10 col-sm-offset-2">
+      <%= link_to 'Generate Password', '#', :class => 'btn btn-default btn-sm btn-generate-password' %>
+      <span class="generated-password text-success"></span>
+    </div>
+  </div>
+
+  <div class="form-group">
+    <%= f.tb_label :requires_password_change %>
+    <div class="col-sm-10">
+      <%= f.check_box :requires_password_change %>
+      <span class="text-muted">Require the user changes their password the next time they log in.</span>
+    </div>
+  </div>
+
+  <div class="form-group user-send-email-group">
+    <%= label_tag :send_email, 'Send email', :class => 'control-label col-sm-2' %>
+    <div class="col-sm-10">
+      <%= check_box_tag :send_email %>
+      <span class="text-muted">Send the user an email containing their password.</span>
+    </div>
+  </div>
+
   <h4>Permissions</h4>
 
   <%= f.tb_check_box :super_admin, :help_block => 'The super administrator bypasses all permissions and roles.' %>

data/app/views/layouts/admin/application.html.erb

@@ -24,7 +24,7 @@
     	<div class="pull-right">
     		Hello <%= current_user.full_name %> |
         <%= link_to "Settings", admin_settings_path %> |
-        <%= link_to "Logout", admin_logout_path %>
+        <%= link_to "Logout", logout_path(:return_to => admin_login_path) %>
     	</div>
     <% end %>
   </div>
@@ -46,7 +46,7 @@
     <div class="modal-content">
       <div class="modal-header">
         <button type="button" class="close" data-dismiss="modal" aria-hidden="true">&times;</button>
-        <h4 class="modal-title"></h4>
+        <h3 class="modal-title"></h3>
       </div>
       <div class="modal-body">
         <p>One fine body&hellip;</p>

data/app/views/layouts/admin/login.html.erb

@@ -3,6 +3,7 @@
 <head>
   <title><%= Spud::Core.config.site_name %> Admin: Login</title>
   <%= stylesheet_link_tag 'admin/core/application' %>
+  <%= javascript_include_tag 'admin/core/application' %>
   <%= csrf_meta_tags %>
   <meta name="viewport" content="width=device-width, initial-scale=1" />
   <meta name="viewport" content="width=device-width"/>
@@ -10,7 +11,7 @@
 <body>
 
 <div class="container">
-  <div class="login-form col-md-6 col-md-offset-3">
+  <div class="login-container col-md-6 col-md-offset-3">
     <h1><%= @login_title || 'Login' %></h1>
     <%= yield %>
   </div>

data/app/views/layouts/mailer.html.erb

@@ -0,0 +1,23 @@
+<!DOCTYPE html>
+<html>
+  <style>
+    body{
+      font-family: "Helvetica Neue", sans-serif;
+    }
+    .container{
+      margin: 0 20px;
+    }
+    a{
+      color: #0088cc;
+      text-decoration: none;
+    }
+    a:hover{
+      text-decoration: underline;
+    }
+  </style>
+<body>
+<div class="container">
+  <%= yield %>
+</div>
+</body>
+</html>

data/app/views/tb_core_mailer/forgot_password_notification.html.erb

@@ -0,0 +1,12 @@
+<h1>Hello <%= @user.full_name %>,</h1>
+
+<p>A password reset has recently been requested for your user account on <strong><%= Spud::Core.config.site_name %></strong>. Please the link below to set your new password.</p>
+
+<p><%= link_to @url, @url %></p>
+
+<p>For reference, the username tied to your account is <strong><%= @user.login %></strong>. If you remember your password you can log in here: <%= link_to login_url, login_url %></p>
+
+<p>
+  Thanks,<br/>
+  <strong><%= Spud::Core.config.site_name %></strong>
+</p>

data/app/views/tb_core_mailer/user_credentials.html.erb

@@ -0,0 +1,19 @@
+<h1>Hello <%= @user.full_name %>,</h1>
+
+<p><%= t('tb_core_mailer.user_credentials.greeting', :site_name => Spud::Core.config.site_name) %></p>
+
+<ul>
+  <li><strong>Username:</strong> <%= @user.login %></li>
+  <li><strong>Password:</strong> <%= @password %></li>
+</ul>
+
+<p><%= link_to 'Click here', login_url %> to log in.</p>
+
+<% if @user.requires_password_change? %>
+  <p><strong>Note:</strong> You will be asked to create a new password after you log in.</p>
+<% end %>
+
+<p>
+  Thanks,<br/>
+  <strong><%= Spud::Core.config.site_name %></strong>
+</p>

data/app/views/user_sessions/_form.html.erb

@@ -0,0 +1,24 @@
+<% @user_session ||= SpudUserSession.new %>
+<% return_to = '/' if local_assigns[:return_to].nil? %>
+
+<%= form_for @user_session, :url => login_path, :html => {:class => 'login-form'}, :remote => true, :data => {:success => back_or_default(return_to), :errors => :inline} do |f| %>
+  <%= tb_form_errors(@user_session) %>
+  <%= hidden_field_tag :return_to, return_to %>
+  <div class="form-group">
+    <% if Spud::Core.config.use_email_as_login %>
+      <%= f.label :email %>
+      <%= f.text_field :email, :placeholder => 'Email', :autofocus => 'autofocus', :autocomplete => 'username', :class => 'form-control' %>
+    <% else %>
+      <%= f.label :login %>
+      <%= f.text_field :login, :placeholder => 'Username', :autofocus => 'autofocus', :autocomplete => 'username', :class => 'form-control' %>
+    <% end %>
+  </div>
+  <div class="form-group">
+    <%= f.label :password %>
+    <%= f.password_field :password, :placeholder => 'Password', :autocomplete => 'current-password', :class => 'form-control' %>
+  </div>
+  <div class="form-group">
+    <%= f.submit "Login", :class => 'btn btn-primary', :data => {:disable_with => 'Logging in...', :enable_with => 'Done!'} %>
+    <span>or</span> <%= link_to "Forgot Password?", password_resets_path %>
+  </div>
+<% end %>

data/app/views/user_sessions/change_password.html.erb

@@ -0,0 +1,21 @@
+<% @page_title = 'Login' %>
+
+<h1>Set New Password</h1>
+
+<p>You must set a new password before you may continue.</p>
+
+<%= form_for current_user, :url => login_change_password_path, :method => :post, :remote => true, :data => {:errors => :inline, :success => back_or_default('/')} do |f| %>
+  <%= hidden_field_tag :return_to, back_or_default('/') %>
+  <%= tb_form_errors(current_user) %>
+  <div class="form-group">
+    <%= f.label :password %>
+    <%= f.password_field :password, :placeholder => 'Password', :class => 'form-control' %>
+  </div>
+  <div class="form-group">
+    <%= f.label :password_confirmation %>
+    <%= f.password_field :password_confirmation, :placeholder => 'Password Confirmation', :class => 'form-control' %>
+  </div>
+  <div class="form-group">
+    <%= f.submit 'Set Password', :class => 'btn btn-primary', :data => {:disable_with => 'Setting...', :enable_with => 'Done!'} %>
+  </div>
+<% end %>