trusty-cms 3.8.0 → 3.8.1

data/app/assets/stylesheets/admin/partials/_forms.scss

@@ -11,6 +11,45 @@
   }
 }
 
+.login-form-content {
+  display: flex;
+  flex-flow: wrap;
+  justify-content: center;
+  margin-top: 5em;
+  .visual {
+    img {
+      height: 300px;
+      float: right;
+    }
+  }
+
+  .login {
+    form {
+      padding: 1em;
+      .field #user_email, .field #user_password, .field #user_password_confirmation {
+        padding: 1em;
+        margin-bottom: 1em;
+        width: 200px;
+      }
+
+      input[type='submit'] {
+        border-radius: 0;
+        background-color: #3c3a4b;
+
+        &:hover {
+          color: #fff;
+          cursor: pointer;
+        }
+      }
+    }
+  }
+}
+.error {
+  background-color: #f8d7da;
+  color: #721c24;
+  padding: 1em;
+}
+
 #content {
   form {
     p {

data/app/assets/stylesheets/admin/partials/_layout.scss

@@ -11,3 +11,11 @@ body.single_form {
     }
   }
 }
+
+body.reversed.login_form {
+  background-color: #fff;
+}
+
+body.reversed.password_form {
+  background-color: #fff;
+}

data/app/assets/stylesheets/admin/partials/_validations.scss

@@ -1,18 +1,11 @@
 #content {
-  span.error-with-field {
-    input, select {
-      background: #f3c2c2;
-    }
-  }
   span.error {
-    line-height: 1.4;
-    background-color: #cc0000;
-    color: white;
-    padding: 3px 6px;
-    margin: 0 0 0 6px;
-    background-color: #b30000;
-    border-radius: 5px;
-    box-shadow: 0 5px #333;
+    display: block;
+    margin: 1em 0;
+    background-color: #f8d7da;
+    color: #721c24;
+    padding: 1em;
+    font-size: 1em;
     a.closer {
       margin-left: 10px;
       color: #ffcccc;

data/app/controllers/admin/assets_controller.rb

@@ -38,6 +38,7 @@ class Admin::AssetsController < Admin::ResourceController
       else
         uploaded_asset = compress(uploaded_asset) if $kraken.api_key.present? && COMPRESS_FILE_TYPE.include?(uploaded_asset.content_type) && compress
         @asset = Asset.create(:asset => uploaded_asset, :caption => asset_params[:asset][:caption])
+        set_owner_or_editor
         if params[:for_attachment]
           @page = Page.find_by_id(params[:page_id]) || Page.new
           @page_attachments << @page_attachment = @asset.page_attachments.build(:page => @page)
@@ -81,6 +82,12 @@ private
     uploaded_asset
   end
 
+  def set_owner_or_editor
+    @asset.created_by_id = current_user.id 
+    @asset.updated_by_id = current_user.id 
+    @asset.save! if @asset.id.present?
+  end
+
   def asset_params
     params.permit(:id, :for_attachment, :asset => [:caption, :for_attachment, :asset => []])
   end

data/app/controllers/admin/preferences_controller.rb

@@ -28,6 +28,6 @@ class Admin::PreferencesController < ApplicationController
   end
 
   def preferences_params
-    params.require(:user).permit(:name, :email, :login, :password, :password_confirmation, :locale)
+    params.require(:user).permit(:first_name, :last_name, :email, :password, :password_confirmation, :locale)
   end
 end

data/app/controllers/admin/resource_controller.rb

@@ -7,6 +7,7 @@ class Admin::ResourceController < ApplicationController
   before_action :never_cache
   before_action :load_models, :only => :index
   before_action :load_model, :only => [:new, :create, :edit, :update, :remove, :destroy]
+  before_action :set_owner_or_editor, :only => [:new, :create, :update]
   after_action :clear_model_cache, :only => [:create, :update, :destroy]
 
   cattr_reader :paginated
@@ -134,6 +135,11 @@ class Admin::ResourceController < ApplicationController
       self.class.model_class
     end
 
+    def set_owner_or_editor
+      self.model.created_by_id = current_user.id if self.model.id == nil
+      self.model.updated_by_id = current_user.id 
+    end
+
     def model
       instance_variable_get("@#{model_symbol}") || load_model
     end

data/app/controllers/admin/users_controller.rb

@@ -15,8 +15,9 @@ class Admin::UsersController < Admin::ResourceController
     user_params = params[model_symbol].permit!
     if user_params && user_params['admin'] == false && model == current_user
       user_params.delete('admin')
-      annouce_cannot_remove_self_from_admin_role
+      announce_cannot_remove_self_from_admin_role
     end
+    model.skip_password_validation = true unless user_params[:password_confirmation].present?
     model.update_attributes!(user_params)
     response_for :update
   end
@@ -34,7 +35,7 @@ class Admin::UsersController < Admin::ResourceController
       flash[:error] = t('users_controller.cannot_delete_self')
     end
 
-    def annouce_cannot_remove_self_from_admin_role
+    def announce_cannot_remove_self_from_admin_role
       flash[:error] = 'You cannot remove yourself from the admin role.'
     end
 end

data/app/controllers/application_controller.rb

@@ -3,12 +3,10 @@ require 'login_system'
 
 class ApplicationController < ActionController::Base
   include LoginSystem
-  # TODO: Add an ActionView::PathSet.new([paths]) for all extension view paths
   prepend_view_path("#{TRUSTY_CMS_ROOT}/app/views")
   
   protect_from_forgery with: :exception
-
-  before_action :set_current_user
+  before_action :authenticate_user!
   before_action :set_timezone
   before_action :set_user_locale
   before_action :set_javascripts_and_stylesheets
@@ -25,6 +23,10 @@ class ApplicationController < ActionController::Base
     @trusty_config = TrustyCms::Config
   end
 
+  def after_sign_in_path_for(resource)
+    admin_pages_path
+  end
+
   def template_name
     case self.action_name
     when 'index'
@@ -48,10 +50,6 @@ class ApplicationController < ActionController::Base
       ActionMailer::Base.default_url_options[:host] = request.host_with_port
     end
 
-    def set_current_user
-      UserActionObserver.instance.current_user = current_user
-    end
-
     def set_user_locale
       I18n.locale = current_user && !current_user.locale.blank? ? current_user.locale : TrustyCms::Config['default_locale']
     end

data/app/controllers/site_controller.rb

@@ -2,7 +2,8 @@ require 'trusty_cms/pagination/controller'
 class SiteController < ApplicationController
   include TrustyCms::Pagination::Controller
 
-  no_login_required
+  #  no_login_required
+  skip_before_action :authenticate_user!
 
   def self.cache_timeout=(val)
     TrustyCms::PageResponseCacheDirector.cache_timeout=(val)

data/app/controllers/social_mailer_controller.rb

@@ -1,7 +1,8 @@
 class SocialMailerController < ApplicationController
   include ShareLayouts::Controllers::ActionController
   trusty_layout "default", {:only => :create_social_mail}
-  no_login_required
+  #  no_login_required
+  skip_before_action :authenticate_user!
 
   def create_social_mail
 

data/app/models/legacy_user.rb

@@ -0,0 +1,6 @@
+class LegacyUser < ActiveRecord::Base
+  self.table_name = 'users'
+
+  # this is a legacy class 
+  # this table formally held user information for when TrustyCMS had a handwritten authentication system
+end  

data/app/models/user.rb

@@ -1,96 +1,67 @@
-require 'digest/sha1'
-
 class User < ActiveRecord::Base
   has_many :pages, :foreign_key => :created_by_id
+  self.table_name = 'admins'
 
-  # Default Order
-  default_scope {order("name")}
-
-  # Associations
-  belongs_to :created_by, :class_name => 'User'
-  belongs_to :updated_by, :class_name => 'User'
-
-  # Validations
-  validates_uniqueness_of :login
+  # :confirmable, :lockable, :timeoutable and :omniauthable
+  devise :database_authenticatable, :registerable,
+    :recoverable, :rememberable, :trackable, :validatable
 
-  validates_confirmation_of :password, :if => :confirm_password?
+  alias_attribute :created_by_id, :id
 
-  validates_presence_of :name, :login
-  validates_presence_of :password, :password_confirmation, :if => :new_record?
+  attr_accessor :skip_password_validation
 
+  validate :password_complexity
 
-  validates_length_of :name, :maximum => 100, :allow_nil => true
-  validates_length_of :login, :within => 3..40, :allow_nil => true
-  validates_length_of :password, :within => 5..40, :allow_nil => true, :if => :validate_length_of_password?
-  validates_length_of :email, :maximum => 255, :allow_nil => true
+  # Default Order
+  default_scope {order('last_name')}
 
-  attr_writer :confirm_password
+  # Associations
+  belongs_to :created_by, :class_name => 'User'
+  belongs_to :updated_by, :class_name => 'User'
 
   def has_role?(role)
-    respond_to?("#{role}?") && send("#{role}?")
-  end
-
-  def sha1(phrase)
-    Digest::SHA1.hexdigest("--#{salt}--#{phrase}--")
-  end
-
-  def self.authenticate(login_or_email, password)
-    user = where(["login = ? OR email = ?", login_or_email, login_or_email]).first
-    user if user && user.authenticated?(password)
-  end
-
-  def authenticated?(password)
-    self.password == sha1(password)
-  end
-
-  def after_initialize
-    @confirm_password = true
+    case role
+    when :admin
+      self.admin?
+    when :designer
+      self.designer?
+    when :content_editor
+      self.content_editor?  
+    else
+      false
+    end
   end
 
-  def confirm_password?
-    @confirm_password
+  def admin?
+    self.admin
   end
 
-  def remember_me
-    update_attribute(:session_token, sha1(Time.now + TrustyCms::Config['session_timeout'].to_i)) unless self.session_token?
+  def designer?
+    self.designer
   end
 
-  def forget_me
-    update_attribute(:session_token, nil)
+  def content_editor?
+    self.content_editor
   end
 
-  def send_password_reset
-    generate_token(:password_reset_token)
-    update_attribute(:password_reset_sent_at, Time.zone.now)
-    PasswordMailer.password_reset(self).deliver_now
+  def locale 
+    'en'
   end
 
-  private
-
-  def generate_token(column)
-    self[column] = SecureRandom.urlsafe_base64 if User.exists?(column => self[column])
+  def name
+    "#{self.first_name} #{self.last_name}"
   end
 
-  def validate_length_of_password?
-    new_record? or not password.to_s.empty?
+  def password_required?
+    return false if skip_password_validation
+    super
   end
 
-  before_create :encrypt_password
-  def encrypt_password
-    self.salt = Digest::SHA1.hexdigest("--#{Time.now}--#{login}--sweet harmonious biscuits--")
-    self.password = sha1(password)
-  end
+  def password_complexity
+    # Regexp extracted from https://stackoverflow.com/questions/19605150/regex-for-password-must-contain-at-least-eight-characters-at-least-one-number-a
+    return if password.blank? || password =~ /^(?=.*?[A-Z])(?=.*?[a-z])(?=.*?[0-9])(?=.*?[#?!@$%^&*-]).{8,70}$/
 
-  before_update :encrypt_password_unless_empty_or_unchanged
-  def encrypt_password_unless_empty_or_unchanged
-    user = self.class.find(self.id)
-    case password
-    when ''
-      self.password = user.password
-    when user.password
-    else
-      encrypt_password
-    end
+    errors.add :password, 'Complexity requirement not met. Length should be 12 characters and include: 1 uppercase, 1 lowercase, 1 digit and 1 special character.'
   end
 
 end

data/app/models/user_action_observer.rb

@@ -4,6 +4,7 @@ class UserActionObserver < ActiveRecord::Observer
   def current_user=(user)
     self.class.current_user = user
   end
+  
   def self.current_user=(user)
     Thread.current[:current_user] = user
   end
@@ -11,15 +12,16 @@ class UserActionObserver < ActiveRecord::Observer
   def current_user
     self.class.current_user
   end
+
   def self.current_user
     Thread.current[:current_user]
   end
 
   def before_create(model)
-    model.created_by = self.current_user
+    #model.created_by = self.current_user
   end
 
   def before_update(model)
-    model.updated_by = self.current_user
+    #model.updated_by = self.current_user
   end
 end

data/app/views/admin/configuration/show.html.haml

@@ -5,7 +5,7 @@
     - user.preferences do
       %h3
         .actions
-          = button_to t("edit_preferences"), "/admin/preferences", :method => :get
+          = button_to t("edit_preferences"), edit_user_registration_path, :method => :get
         = t('personal_preferences')
       = image_tag(gravatar_url(@user.email, :size=>"64px"), :class=>"avatar", :width=>64, :height=>64, :alt=>"")
       %p.ruled
@@ -18,11 +18,6 @@
           = t('email_address')
         %span.uri
           = current_user.email
-      %p.ruled
-        %label
-          = t('login')
-        %span
-          = current_user.login
       %p.ruled
         %label
           = t('password')
@@ -37,7 +32,7 @@
   - render_region :trusty_config do |config|
     - config.site do
       %h3
-        - if admin?
+        - if current_user.admin?
           .actions
             = button_to t("edit_configuration"), edit_admin_configuration_path, :method => :get
         Configuration

data/app/views/admin/layouts/_site_chooser.html.haml

@@ -1,4 +1,4 @@
-- if admin? && defined?(Site) && defined?(controller) && controller.sited_model? && controller.template_name == 'index' && Site.several?
+- if current_user.admin? && defined?(Site) && defined?(controller) && controller.sited_model? && controller.template_name == 'index' && Site.several?
   %nav#site_chooser
     %ul#nav
       %li

data/app/views/admin/pages/_node.html.haml

@@ -18,5 +18,5 @@
       - unless simple
         %td.actions
           = page.add_child_option
-          - if current_user.has_role?('admin')
-            = page.remove_option
+          - if current_user.admin?
+            = page.remove_option

data/app/views/admin/preferences/edit.html.haml

@@ -13,32 +13,27 @@
         = render_region :form_top, :locals => {:f => f}
 
         - render_region :form, :locals => {:f => f} do |form|
-          - form.edit_name do
+          - form.edit_first_name do
             %p
-              = f.label :name, t("name")
-              = f.text_field :name, :class => "textbox", :size => 32, :maxlength => 100
+              = f.label :name, t("first_name")
+              = f.text_field :first_name, :class => "textbox", :size => 32, :maxlength => 100
+
+          - form.edit_last_name do
+            %p
+              = f.label :name, t("last_name")
+              = f.text_field :last_name, :class => "textbox", :size => 32, :maxlength => 100    
 
           - form.edit_email do
             %p
               = f.label :email,  t("email_address"), :class => "optional"
               = f.text_field "email", :class => 'textbox', :size => 32, :maxlength => 255
 
-          - form.edit_username do
-            %p
-              = f.label :login, t("username")
-              = f.text_field "login", :class => "textbox", :size => 32, :maxlength => 40, :required => true
-
           - form.edit_password do
             = render "admin/users/password_fields", :f => f
 
-          - form.edit_locale do
-            %p
-              = f.label :locale, t('language')
-              = f.select "locale", available_locales_select
-
         - render_region :form_bottom, :locals => {:f => f} do |form_bottom|
           - form_bottom.edit_buttons do
             .buttons
               = save_model_button @user
               = t('or')
-              = link_to t('cancel'), admin_url, class: 'alt'
+              = link_to t('cancel'), admin_pages_url, class: 'alt'