wristband 0.0.0 → 1.0.2

data/Gemfile

@@ -2,9 +2,10 @@ source 'http://rubygems.org'
 
 gem 'rails', '3.0.3'
 gem 'haml', '3.0.25'
+gem 'formatted_form', '1.0.0'
 
 group :development, :test do
-  gem 'sqlite3-ruby', :require => 'sqlite3'
+  gem 'sqlite3'
   gem "jeweler"
 end
 

data/Gemfile.lock

@@ -34,6 +34,7 @@ GEM
       abstract (>= 1.0.0)
     faker (0.9.4)
       i18n (~> 0.4)
+    formatted_form (1.0.0)
     git (1.2.5)
     haml (3.0.25)
     i18n (0.5.0)
@@ -68,8 +69,6 @@ GEM
       thor (~> 0.14.4)
     rake (0.8.7)
     sqlite3 (1.3.3)
-    sqlite3-ruby (1.3.3)
-      sqlite3 (>= 1.3.3)
     test_dummy (0.2.6)
     thor (0.14.6)
     treetop (1.4.9)
@@ -81,8 +80,9 @@ PLATFORMS
 
 DEPENDENCIES
   faker
+  formatted_form (= 1.0.0)
   haml (= 3.0.25)
   jeweler
   rails (= 3.0.3)
-  sqlite3-ruby
+  sqlite3
   test_dummy

data/README.md

@@ -11,6 +11,7 @@ It handles:
 
 * Login and logout
 * Password storage with encryption
+* Password recovery
 * Remember me functionality
 * Authority definitions
   
@@ -25,30 +26,6 @@ It handles:
     
     bundle install
 
-### 3. (optional) Run the wristband generator:
-
-    rails g wristband
-
-This will output something like:
-
-    create  app/models/user.rb
-    create  app/models/session_user.rb
-    create  app/controllers/users_controller.rb
-    create  app/controllers/sessions_controller.rb
-    create  app/views/users/show.html.haml
-    create  app/views/sessions/new.html.haml
-    create  app/mailers/user_mailer.rb
-    create  app/views/user_mailer/forgot_password.text.html.rhtml
-    create  app/views/user_mailer/forgot_password.text.plain.rhtml
-    create  app/views/user_mailer/email_verification.text.html.rhtml
-    create  app/views/user_mailer/email_verification.text.plain.rhtml
-    create  db/migrate/20110123214541_create_users_table.rb
-
-### 4. (optional) Run migrations:
-
-    rake db:migrate
-
-
 ## Configuration
 
 
@@ -60,32 +37,32 @@ This will output something like:
 
 ### Options:
 
-**:login_with** - Array of fields you want to authenticate the user with. Default: email 
+**:login_with** - Array of fields you want to authenticate the user with. *Default: `:email`*
   
     wristband :login_with => [:username, :email]
 
 
-**:before_authentication** - Array of functions run after the user authentication takes place. Default: [] 
+**:before_authentication** - Array of functions run after the user authentication takes place. *Default: `[]`*
 
     wristband :before_authentication => :do_something
 
 
-**:after_authentication** - Array of functions run before the user authentication takes place. Default: [] 
+**:after_authentication** - Array of functions run before the user authentication takes place. *Default: `[]`*
 
     wristband :after_authentication => :do_something
 
-
-**:has_authorities** - The different user authorities are defined in a separate class so as to reduce clutter in the User model itself. Default: false 
-
-    wristband :has_authorities => true
-
-**:roles** - Use this to define the different roles the user can assume. Make sure you have a role column on your users table. It will generate functions like `is_<role>?` for each one of the roles youdefine.
+**:roles** - Use this to define the different roles the user can assume. Make sure you have a role column on your users table. It will generate functions like `is_<role>?` for each one of the roles you define.
   
     wristband :roles => [:regular_user, :admin]
   
   will generate `user.is_regular_user?` and `user.is_admin?`
 
 
+**:has_authorities** - The different user authorities are defined in a separate class so as to reduce clutter in the User model itself. *Default: `false`*
+
+    wristband :has_authorities => true
+
+Look for more details below.
 
 ## Notes
 
@@ -93,21 +70,127 @@ This will output something like:
 2. **Authority Definitions** - Checkout the documentation on wristband/authority_check_rb
 
 
-## Database configuration
 
-The generator gives you a head start.
+## Personalization
+  
+Wristband comes with a generator that provides you with all the files you need to get started
+
+    rails g wristband
+
+This will output something like:
+
+    == Models ==
+    create  app/models/user.rb
+    create  app/models/session_user.rb
+    == Controllers ==
+    create  app/controllers/users_controller.rb
+    create  app/controllers/sessions_controller.rb
+    create  app/controllers/passwords_controller.rb
+    == Views ==
+    create  app/views/users/show.html.haml
+    create  app/views/sessions/new.html.haml
+    create  app/views/passwords/new.html.haml
+    create  app/views/passwords/edit.html.haml
+    == User Mailer ==
+    create  app/mailers/user_mailer.rb
+    create  app/views/user_mailer/password_reset.html.haml
+    create  app/views/user_mailer/password_reset.text.haml
+    == Test helper and Dummies ==
+    create  test/test_helper.rb
+    create  test/dummy/user.rb
+    == Unit tests ==
+    create  test/unit/user_test.rb
+    create  test/unit/session_user_test.rb
+    create  test/unit/user_mailer_test.rb
+    == Functional tests ==
+    create  test/functional/sessions_controller_test.rb
+    create  test/functional/passwords_controller_test.rb
+    == Migration ==
+    create  db/migrate/20110123214541_create_users_table.rb
+
+### Database configuration
+
 The basic columns are defined as such:
 
     create_table :users do |t|
       t.string :email
-      t.string :email_validation_key
-      t.datetime :validated_at
-      t.string :password_crypt, :limit => 40
+      t.string :password_hash, :limit => 40
       t.string :password_salt,  :limit => 40
+      t.string :perishable_token
       t.string :remember_token
       t.string :role
       t.timestamps
     end
 
 
+# AuthorityCheck
+
+First you need to tell Wristband that you you want to define permissions for your user:
+
+    class User < ActiveRecord::Base
+      wristband :has_authorities => true
+    end
+  
+This will refer to the class `UserAuthorityCheck` for all authority tests, but the name of this module can be defined as required:
+
+    class User < ActiveRecord::Base
+      has_authorities => :permissions
+    end
+
+That would reference the class `UserPermissions` instead for all tests.
+
+A sample authority checking class is defined as:
+
+    class UserAuthorityCheck < AuthorityCheck
+      def wear_shoes?
+        unless (@user.name.match(/^a/i))
+          fail!("Only people with names that start with 'A' can wear shoes.")
+        end
+      end
+    end
+
+**Note the syntax:** All authority checks are defined as ending with a trailing question mark character.
+
+A check is considered to have passed if
+
+* a call to `allow!` has been made, or
+* no calls to `fail!` have been made.
+
+Once defined, the user authorities are checked via a call to a `User` instance:
+
+    user.has_authority_to?(:wear_shoes)
+
+While the `has_authority_to?` method returns only true or false, a call to `has_objections_to?` will return nil on success or any error messages if there is a failure.
+
+
+## Passing parameters to the authority methods
+
+Any call to these tests may include options in the form of a Hash:
+
+    user.has_authority_to?(:send_message, :text => "Foo bar")
+  
+These options can be acted upon within the authority check:
+
+    def send_message?
+      if (options[:text].match(/foo/i))
+        fail!("Messages may not contain forbidden words.")
+      end
+    end
+
+## Before chains
+
+In addition to defining straight tests, a chain can be defined to run before
+any of the tests themselves. This allows certain calls to be over-ruled. For
+example:
+
+    before_check :allow_if_admin!
+  
+    def allow_if_admin!
+      if (@user.is_admin?)
+        allow!
+      end
+    end
+  
+In this case, the 'allow_if_admin!` method will be called before any checks are performed. If the `allow!` method is executed, all subsequent tests are halted and the check is considered to have passed.
+
 Have fun!!

data/Rakefile

@@ -14,6 +14,7 @@ begin
     gem.authors     = ['Jack Neto', 'The Working Group Inc']
     gem.add_dependency('rails', '>=3.0.3')
     gem.add_dependency('haml', '>=3.0.25')
+    gem.add_dependency('formatted_form', '>=1.0.0')
   end
   Jeweler::GemcutterTasks.new
 rescue LoadError

data/VERSION

@@ -1 +1 @@
-0.0.0
+1.0.2

data/app/controllers/application_controller.rb

@@ -1,10 +1,4 @@
 class ApplicationController < ActionController::Base
   protect_from_forgery
 
-  before_filter :login_required
-
-protected
-  def login_required
-    redirect_to login_path unless logged_in?
-  end
 end

data/app/controllers/passwords_controller.rb

@@ -0,0 +1,43 @@
+class PasswordsController < ApplicationController
+  before_filter :redirect_if_logged_in, :only => [ :new, :create ]
+  before_filter :load_user_by_perishable_token, :only => [:edit, :update]
+  
+  def new
+    # ...
+  end
+  
+  def create
+    user = User.find_by_email!(params[:email])
+    user.reset_perishable_token!
+    UserMailer.password_reset(user).deliver
+    redirect_to login_path, :notice => 'Email to reset password successfully sent.'
+  rescue ActiveRecord::RecordNotFound
+    flash.now[:alert] = 'Your email was not found. Did you mistype?'
+    render :action => :new
+  end
+  
+  def edit
+    # ...
+  end
+  
+  def update
+    @user.update_attributes!(params[:user].merge(:perishable_token => nil))
+    login_as_user(@user)
+    redirect_to user_path(@user), :notice => 'Your password was successfully updated!'
+  rescue ActiveRecord::RecordInvalid
+    flash[:notice] = 'An error occurred. Please try again.'
+    redirect_to login_path
+  end
+  
+  
+protected
+  def load_user_by_perishable_token
+    @user = User.find_by_perishable_token!(params[:id])
+  rescue ActiveRecord::RecordNotFound
+    redirect_to login_path
+  end
+  
+  def redirect_if_logged_in
+    redirect_to user_path(current_user) if logged_in?
+  end
+end

data/app/controllers/sessions_controller.rb

@@ -1,31 +1,30 @@
 class SessionsController < ApplicationController
   before_filter :login_required,  :only => :destroy
-  before_filter :redirect_if_logged_in, :only => [ :new, :create, :forgot_password ]
+  before_filter :redirect_if_logged_in, :only => [ :new, :create ]
   before_filter :build_user_session,  :only => [ :new, :create ]
   
   def create
     if @session_user.save
       login(@session_user)
-      flash[:notice] = "Welcome, you are now logged in."
-      redirect_to user_path(current_user)
+      redirect_to(user_path(current_user), :notice => "Welcome, you are now logged in.")
     else
-      flash[:error] = 'Login failed. Did you mistype?'
+      flash[:alert] = 'Login failed. Did you mistype?'
       render :action => :new
     end
   end
   
   def destroy
     logout
-    redirect_to root_path
+    redirect_to login_path
   end
   
-private
+protected
   def build_user_session
     @session_user = SessionUser.new(params[:session_user])
   end
   
   def redirect_if_logged_in
-    redirect_to root_path if logged_in?
+    redirect_to user_path(current_user) if logged_in?
   end
   
   def login_required

data/app/controllers/users_controller.rb

@@ -1,32 +1,7 @@
 class UsersController < ApplicationController
   before_filter :login_required
   
-  def verify_email
-    @user = User.verify_email!(params[:email_validation_key])
-    flash[:notice] = 'Your email address has been verified. You may now login to your account.'
-    redirect_to login_path
-  rescue UserVerificationError => error
-    flash[:error] = error.message
-    redirect_to login_path
-  end
-  
-  def forgot_password
-    if request.post?
-      if @user = User.find_by_email(params[:user][:email])
-        @user.password = Wristband::Support.random_string(6)
-        @user.save!
-        UserNotifier::deliver_forgot_password(@user)
-        flash[:notice] = 'A new password has been generated and emailed to the address you entered.'
-        redirect_to login_path and return
-      else
-        @user = User.new
-        @user.errors.add("email", "Cannot find that email address, did you mistype?")
-      end
-    end
-  end
-  
-  
-private
+protected
   def login_required
     redirect_to login_path unless logged_in?
   end

data/app/helpers/form_helper.rb

@@ -0,0 +1,8 @@
+module FormHelper  
+  def formatted_form_for(record_or_name_or_array, *args, &proc)
+    options = args.extract_options!
+    options.merge!(:builder => FormattedFormBuilder)
+    (options[:html] ||= { }).merge!(:class => "#{options[:html][:class]} formatted")
+    form_for(record_or_name_or_array, *(args << options), &proc)
+  end
+end

data/app/mailers/user_mailer.rb

@@ -1,33 +1,11 @@
 class UserMailer < ActionMailer::Base
   default :from => "from@example.com"
   
-  default_url_options[:host] = HOST_NAME
-  
-  def email_verification(user)
-    setup_email(user)
-    @subject         += "Your account has been created. Please verify your email address"
-  end  
+  default_url_options[:host] = 'open-porch.local'
 
-  def forgot_password(user)
-    setup_email(user)
-    @subject          += "You have requested a new password"
+  def password_reset(user)
+    @user = user
+    mail(:to => user.email, :subject => "You have requested a new password")
   end
   
-
-protected
-  # Change YourApp to whatever you application is called
-  def setup_email(user)
-    @recipients  = user.email
-    @body[:user] = user
-    @from        = FROM_EMAIL
-    @subject = case ENV['RAILS_ENV'] 
-      when 'development' 
-        "[YourApp Development] "
-      when 'staging' 
-        "[YourApp Staging] "
-      else "[YourApp] "
-    end
-    @sent_on     = Time.now
-    headers       "Reply-to" => FROM_EMAIL
-  end
 end

data/app/models/user.rb

@@ -2,7 +2,7 @@ class User < ActiveRecord::Base
   
   # == Constants ============================================================
   
-  ROLES = [:admin, :regular_user]
+  ROLES = %W{admin regular_user}
   
   # == Extensions ===========================================================
 
@@ -48,5 +48,4 @@ class User < ActiveRecord::Base
   def password_required?
     self.new_record?
   end
-
 end

data/app/views/passwords/edit.html.haml

@@ -0,0 +1,7 @@
+%h1 Enter a new Password
+
+= formatted_form_for @user, :url => { :action => :update, :id => params[:id] } do |form|
+  = form.error_messages
+  = form.password_field :password, :autocomplete => :off
+  = form.password_field :password_confirmation, :label => 'Password Confim'
+  = form.submit 'Update'

data/app/views/passwords/new.html.haml

@@ -0,0 +1,15 @@
+%h1 Reset your password
+
+= form_tag passwords_path, :class => 'formatted' do
+  .form_element.text_field_element
+    .label Email
+    .value= text_field_tag :email
+  
+  .form_element.submit_element
+    = submit_tag 'Send Reset Password Email'
+    
+    
+    
+%p
+  Already have an account?
+  = link_to 'Login', login_path

data/app/views/sessions/new.html.haml

@@ -8,8 +8,4 @@
 
 %p
   Did you forget your password?
-  = link_to 'Recover it here.', forgot_password_path
-%p 
-  If you don't have a login yet, click
-  = link_to 'here', register_path
-  to register.
+  = link_to 'Recover it here.', new_password_path

data/app/views/user_mailer/password_reset.html.haml

@@ -0,0 +1,7 @@
+%p
+  Hi
+%p
+  A new password was requested for this email address. Please ignore this if you think this email is sent to you in error.
+
+%h2
+  = link_to 'Reset your password', edit_password_url(:id => @user.perishable_token)

data/app/views/user_mailer/password_reset.text.haml

@@ -0,0 +1,6 @@
+Hi,
+
+A new password was requested for this email address. Please ignore this if you think this email is sent to you in error.
+
+To reset your password please follow this link:
+= edit_password_url(:id => @user.perishable_token)

data/config/environment.rb

@@ -3,3 +3,4 @@ require File.expand_path('../application', __FILE__)
 
 # Initialize the rails application
 Wristband::Application.initialize!
+

data/config/initializers/formatted_form_builder.rb

@@ -0,0 +1,141 @@
+class FormattedFormBuilder < ActionView::Helpers::FormBuilder
+  
+  %w[ date_select text_field password_field text_area file_field datetime_select ].each do |selector|
+    src = <<-end_src
+      def #{selector}(method, options = {})
+        if (options[:simple] == true)
+          super(method, options)
+        else
+          options.merge!(:size=> '') if #{%w{text_field password_field}.include?(selector)}
+          standard_field('#{selector}', method, options) { super(method, options) } 
+        end
+      end
+    end_src
+    class_eval src, __FILE__, __LINE__
+  end
+  
+  def standard_field(type, method, options={}, &block)
+    description = options.delete(:desc)
+    content = options.delete(:content)
+    prev_content = options.delete(:prev_content)
+    label = label_for(method, options)
+    required = options.delete(:required)
+    check_box_details = options.delete(:check_box_details)
+    text_snippet = options.delete(:text_snippet)
+    %{
+      <div class='form_element #{type}_element'>
+        #{"<div class='text_snippet'>"+text_snippet+"</div>" if text_snippet}
+        <div class='label'>
+          #{description(description) || '&nbsp;' if type == 'check_box' }
+          #{label if type != 'check_box' }
+          #{@template.content_tag(:span, '*', :class => 'required_ind') if required }
+        </div>
+        <div class='value'>
+          #{prev_content}#{yield}#{content}
+          #{error_messages_for(method)}
+          #{description(description) if type != 'check_box'}
+          #{description(check_box_details) if type == 'check_box'}
+        </div>
+      </div>
+    }.html_safe
+  end
+
+  # generic container for all things form
+  def element(label = '&nbsp;', value = '', type = 'text_field', &block)
+    value += @template.capture(&block) if block_given?
+    %{
+      <div class='form_element #{type}_element'>
+        <div class='label'>
+          #{label}
+        </div>
+        <div class='value'>
+          #{value}
+        </div>
+      </div>
+    }.html_safe
+  end
+  
+  def check_box(method, options = {}, checked_value = "1", unchecked_value = "0")
+    options[:content] = label_for(method, options)
+    options[:label] = ''
+    standard_field('check_box', method, options) { super(method, options, checked_value, unchecked_value) }     
+  end
+  
+  def radio_button(method, tag_value, options = {})
+    if options && options[:choices]
+      radios = options.delete(:choices).collect{|choice| %{<div class="radio_button">}+super(method, choice[0], options) + %{<label for="#{object_name.to_s.gsub(']', '').gsub('[', '_')}_#{method}_#{choice[0]}">#{choice[1]}</label></div>}}.join.html_safe
+      standard_field('radio_button', method, options) { radios }
+    elsif options && options[:value_name]
+        standard_field('radio_button', method, options) { super(method, tag_value) + %{<label for="#{object_name}_#{method}_#{tag_value}">#{options[:value_name]}</label><div class="clearfloat"></div>}.html_safe}
+    else
+      standard_field('radio_button', method, options) { super(method, tag_value, options = {}) }
+    end
+  end
+  
+  def select(method, choices, options = {}, html_options = {})
+    standard_field('select', method, options) { super(method, choices, options, html_options) } 
+  end
+    
+  def hidden_field(method, options = {}, html_options = {})
+    super(method, options)
+  end
+  
+  def submit(value, options={}, &block)
+    cancel_link = @template.capture(&block) if block_given?
+    cancel_link ||= options[:cancel_url] ? ' or ' + options.delete(:cancel_url) : ''
+    if options[:show_ajax_loader]
+      options[:onclick] = "$(this).parent().next().css('display', 'block');$(this).parent().hide();"
+    end
+    if options[:image_button] == true
+      submit_id = Time.now.usec
+      out = @template.content_tag(:div,
+        %{
+          #{super(value, options.merge(:style=>'visibility:hidden;position: absolute', :id => submit_id)).html_safe}
+          <a class="red_button" href="" onclick="$('##{submit_id}').closest('form').submit();return false"><span>#{value}</span></a>
+          #{cancel_link.html_safe}
+        }.html_safe, :class => 'form_element submit_element').html_safe
+      
+    else
+      out = @template.content_tag(:div, super(value, options) + cancel_link.html_safe, :class => 'form_element submit_element').html_safe
+    end
+    
+    if options[:show_ajax_loader]
+      out << %{
+        <div class="form_element submit_element" style="display:none">
+          <div class="submit_ajax_loader">#{options[:show_ajax_loader]}</div>
+        </div>
+      }.html_safe
+    end
+    out.html_safe
+  end
+  
+  def label_for(method, options)
+    label = options.delete(:label) || method.to_s.titleize.capitalize
+    "<label for=\"#{object_name}_#{method}\">#{label}</label>"
+  end  
+  
+  def description(description)
+    "<div class='description'>#{description}</div>" unless description.nil?
+  end
+  
+  def error_messages
+    if object && !object.errors.empty?
+      message = object.errors[:base].present? ? object.errors[:base]: 'There were some problems submitting this form. Please correct all the highlighted fields and try again'
+      @template.content_tag(:div, message, :class => 'form_error')
+    end
+  end
+  
+  def error_messages_for(method)
+    if (object and object.respond_to?(:errors) and errors = object.errors[method])
+      "<div class='errors'>#{errors.is_a?(Array) ? errors.first : errors}</div>"
+    else
+      ''
+    end
+  end
+  
+  def formatted_fields_for(record_or_name_or_array, *args, &block)
+    options = args.extract_options!
+    options.merge!(:builder => FormattedFormBuilder)
+    fields_for(record_or_name_or_array, *(args << options), &block)
+  end
+end

data/config/routes.rb

@@ -1,11 +1,8 @@
-Rails::Application.routes.draw do
-
-  post '/login', :to => 'sessions#create'
-  get '/login', :to => 'sessions#new'
-  get '/logout', :to => 'sessions#destroy'
-  match '/forgot_password', :to => 'sessions#forgot_password'
-
-  resources :users
-  match '/register', :to => 'users#new'
+Rails.application.routes.draw do
+  post '/login' => 'sessions#create'
+  get '/login' => 'sessions#new'
+  get '/logout' => 'sessions#destroy'
 
+  resources :users  
+  resources :passwords, :only => [:new, :create, :edit, :update]
 end