@@ -4,7 +4,7 @@ class SessionsController < ApplicationController def create logout_keeping_session! - user = User.authenticate(params[:login], params[:password]) + user = User.authenticate(params[:email], params[:password]) if user self.current_user = user new_cookie_flag = (params[:remember_me] == "1") @@ -13,7 +13,7 @@ class SessionsController < ApplicationController flash[:notice] = "Logged in successfully" else note_failed_signin - @login = params[:login] + @email = params[:email] @remember_me = params[:remember_me] render :action => 'new' end @@ -28,7 +28,7 @@ class SessionsController < ApplicationController protected def note_failed_signin - flash[:error] = "Couldn't log you in as '#{params[:login]}'" - logger.warn "Failed login for '#{params[:login]}' from #{request.remote_ip} at #{Time.now.utc}" + flash[:warning] = "Couldn't log you in as '#{params[:email]}'" + logger.warn "Failed login for '#{params[:email]}' from #{request.remote_ip} at #{Time.now.utc}" end end app/controllers/sessions_controller.rb @@ -45,7 +45,7 @@ module UsersHelper # def link_to_user(user, options={}) raise "Invalid user" unless user - options.reverse_merge! :content_method => :login, :title_method => :login, :class => :nickname + options.reverse_merge! :content_method => :email, :title_method => :email, :class => :nickname content_text = options.delete(:content_text) content_text ||= user.send(options.delete(:content_method)) options[:title] ||= user.send(options.delete(:title_method)) app/helpers/users_helper.rb @@ -6,10 +6,6 @@ class User < ActiveRecord::Base include Authentication::ByCookieToken include Authorization::AasmRoles - validates_presence_of :login - validates_length_of :login, :within => 3..40 - validates_uniqueness_of :login, :case_sensitive => false - validates_format_of :login, :with => RE_LOGIN_OK, :message => MSG_LOGIN_BAD validates_format_of :name, :with => RE_NAME_OK, :message => MSG_NAME_BAD, :allow_nil => true validates_length_of :name, :maximum => 100 validates_presence_of :email @@ -20,7 +16,7 @@ class User < ActiveRecord::Base # HACK HACK HACK -- how to do attr_accessible from here? # prevents a user from submitting a crafted form that bypasses activation # anything else you want your user to change should be added here. - attr_accessible :login, :email, :name, :password, :password_confirmation + attr_accessible :email, :name, :password, :password_confirmation # Authenticates a user by their login name and unencrypted password. Returns the user or nil. # @@ -28,8 +24,8 @@ class User < ActiveRecord::Base # We really need a Dispatch Chain here or something. # This will also let us return a human error message. # - def self.authenticate(login, password) - u = find_in_state :first, :active, :conditions => { :login => login } # need to get the salt + def self.authenticate(email, password) + u = find_in_state :first, :active, :conditions => { :email => email } # need to get the salt u && u.authenticated?(password) ? u : nil end app/models/user.rb @@ -1,3 +1,3 @@ -<%= @user.login %>, you can change your password at this URL: +<%= @user.name %>, you can change your password at this URL: <%= @url %> \ No newline at end of file app/views/password_mailer/forgot_password.html.erb @@ -1 +1 @@ -<%= @user.login %>, your password has been reset. \ No newline at end of file +<%= @user.name %>, your password has been reset. \ No newline at end of file app/views/password_mailer/reset_password.html.erb @@ -4,8 +4,8 @@ <legend>Your Details</legend> <ol> <li> - <%= label_tag 'login', 'Username' %> - <%= text_field_tag 'login', @login %> + <%= label_tag 'email', 'Email' %> + <%= text_field_tag 'email', @email %> </li> <li> <%= label_tag 'password' %> app/views/sessions/new.html.erb @@ -1,3 +1,3 @@ -<%= @user.login %>, your account has been activated. Welcome aboard! +<%= @user.name %>, your account has been activated. Welcome aboard! <%= @url %> app/views/user_mailer/activation.html.erb @@ -1,6 +1,6 @@ Your account has been created. -Username: <%= @user.login %> +Username: <%= @user.email %> Password: <%= @user.password %> Visit this url to activate your account: app/views/user_mailer/signup_notification.html.erb @@ -6,8 +6,8 @@ <legend>Your Details</legend> <ol> <li> - <%= f.label :login, 'Username' %> - <%= f.text_field :login %> + <%= f.label :name, 'Name' %> + <%= f.text_field :name %> </li> <li> <%= f.label :email %> app/views/users/new.html.erb @@ -1,7 +1,6 @@ class CreateUsers < ActiveRecord::Migration def self.up create_table :users do |t| - t.string :login, :limit => 40 t.string :name, :limit => 100, :default => '', :null => true t.string :email, :limit => 100 t.string :crypted_password, :limit => 40 @@ -14,7 +13,7 @@ class CreateUsers < ActiveRecord::Migration t.datetime :deleted_at t.timestamps end - add_index :users, :login, :unique => true + add_index :users, :email, :unique => true end def self.down db/migrate/20080811094730_create_users.rb @@ -108,8 +108,8 @@ module AuthenticatedSystem # Called from #current_user. Now, attempt to login by basic authentication information. def login_from_basic_auth - authenticate_with_http_basic do |login, password| - self.current_user = User.authenticate(login, password) + authenticate_with_http_basic do |email, password| + self.current_user = User.authenticate(email, password) end end lib/authenticated_system.rb @@ -5,13 +5,13 @@ module AuthenticatedTestHelper end def authorize_as(user) - @request.env["HTTP_AUTHORIZATION"] = user ? ActionController::HttpAuthentication::Basic.encode_credentials(users(user).login, 'monkey') : nil + @request.env["HTTP_AUTHORIZATION"] = user ? ActionController::HttpAuthentication::Basic.encode_credentials(users(user).email, 'monkey') : nil end # rspec def mock_user user = mock_model(User, :id => 1, - :login => 'user_name', + :email => 'user_email', :name => 'U. Surname', :to_xml => "User-in-XML", :to_json => "User-in-JSON", :errors => []) lib/authenticated_test_helper.rb @@ -8,8 +8,8 @@ describe SessionsController do fixtures :users before do @user = mock_user - @login_params = { :login => 'quentin', :password => 'test' } - User.stub!(:authenticate).with(@login_params[:login], @login_params[:password]).and_return(@user) + @login_params = { :email => 'quentin@example.com', :password => 'test' } + User.stub!(:authenticate).with(@login_params[:email], @login_params[:password]).and_return(@user) end def do_create post :create, @login_params @@ -73,10 +73,9 @@ describe SessionsController do describe "on failed login" do before do User.should_receive(:authenticate).with(anything(), anything()).and_return(nil) - login_as :quentin end it 'logs out keeping session' do controller.should_receive(:logout_keeping_session!); do_create end - it 'flashes an error' do do_create; flash[:error].should =~ /Couldn't log you in as 'quentin'/ end + it 'flashes an error' do do_create; flash[:warning].should =~ /Couldn't log you in/ end it 'renders the log in page' do do_create; response.should render_template('new') end it "doesn't log me in" do do_create; controller.send(:logged_in?).should == false end it "doesn't send password back" do spec/controllers/sessions_controller_spec.rb @@ -26,13 +26,6 @@ describe UsersController do assigns(:user).reload assigns(:user).activation_code.should_not be_nil end - it 'requires login on signup' do - lambda do - create_user(:login => nil) - assigns[:user].errors.on(:login).should_not be_nil - response.should be_success - end.should_not change(User, :count) - end it 'requires password on signup' do lambda do @@ -60,12 +53,12 @@ describe UsersController do it 'activates user' do - User.authenticate('aaron', 'monkey').should be_nil + User.authenticate('aaron@example.com', 'monkey').should be_nil get :activate, :activation_code => users(:aaron).activation_code response.should redirect_to('/login') flash[:notice].should_not be_nil flash[:error ].should be_nil - User.authenticate('aaron', 'monkey').should == users(:aaron) + User.authenticate('aaron@example.com', 'monkey').should == users(:aaron) end it 'does not activate user without key' do @@ -87,7 +80,7 @@ describe UsersController do end def create_user(options = {}) - post :create, :user => { :login => 'quire', :email => 'quire@example.com', + post :create, :user => { :email => 'quire@example.com', :password => 'quire69', :password_confirmation => 'quire69' }.merge(options) end end spec/controllers/users_controller_spec.rb @@ -1,7 +1,6 @@ quentin: id: 1 - login: quentin email: quentin@example.com salt: 356a192b7913b04c54574d18c28d46e6395428ab # SHA1('0') crypted_password: 261fd559c11e3931bd9f87fe8babb4ee8b196c56 # 'monkey' @@ -14,7 +13,6 @@ quentin: aaron: id: 2 - login: aaron email: aaron@example.com salt: da4b9237bacccdf19c0760cab7aec4a8359010b0 # SHA1('1') crypted_password: 92e0e243685cb0159b1cec342fbb9a92fc8a86fa # 'monkey' @@ -29,7 +27,6 @@ aaron: old_password_holder: id: 3 - login: old_password_holder email: salty_dog@example.com salt: 7e3041ebc2fc05a40c60028e2c4901a81035d3cd crypted_password: 00742970dc9e6319f8019fd54864d3ea740f04b1 # test spec/fixtures/users.yml @@ -31,13 +31,13 @@ describe UsersHelper do link_to_user(@user, :content_text => 'Hello there!').should have_tag("a", 'Hello there!') end it "should use the login as link text with no :content_method specified" do - link_to_user(@user).should have_tag("a", 'user_name') + link_to_user(@user).should have_tag("a", 'user_email') end it "should use the name as link text with :content_method => :name" do link_to_user(@user, :content_method => :name).should have_tag("a", 'U. Surname') end it "should use the login as title with no :title_method specified" do - link_to_user(@user).should have_tag("a[title='user_name']") + link_to_user(@user).should have_tag("a[title='user_email']") end it "should use the name as link title with :content_method => :name" do link_to_user(@user, :title_method => :name).should have_tag("a[title='U. Surname']") @@ -91,13 +91,13 @@ describe UsersHelper do link_to_current_user(:content_text => 'Hello there!').should have_tag("a", 'Hello there!') end it "should use the login as link text with no :content_method specified" do - link_to_current_user().should have_tag("a", 'user_name') + link_to_current_user().should have_tag("a", 'user_email') end it "should use the name as link text with :content_method => :name" do link_to_current_user(:content_method => :name).should have_tag("a", 'U. Surname') end it "should use the login as title with no :title_method specified" do - link_to_current_user().should have_tag("a[title='user_name']") + link_to_current_user().should have_tag("a[title='user_email']") end it "should use the name as link title with :content_method => :name" do link_to_current_user(:title_method => :name).should have_tag("a[title='U. Surname']") spec/helpers/users_helper_spec.rb @@ -38,36 +38,6 @@ describe User do # Validations # - it 'requires login' do - lambda do - u = create_user(:login => nil) - u.errors.on(:login).should_not be_nil - end.should_not change(User, :count) - end - - describe 'allows legitimate logins:' do - ['123', '1234567890_234567890_234567890_234567890', - 'hello.-_there@funnychar.com'].each do |login_str| - it "'#{login_str}'" do - lambda do - u = create_user(:login => login_str) - u.errors.on(:login).should be_nil - end.should change(User, :count).by(1) - end - end - end - describe 'disallows illegitimate logins:' do - ['12', '1234567890_234567890_234567890_234567890_', "tab\t", "newline\n", - "Iñtërnâtiônàlizætiøn hasn't happened to ruby 1.8 yet", - 'semicolon;', 'quote"', 'tick\'', 'backtick`', 'percent%', 'plus+', 'space '].each do |login_str| - it "'#{login_str}'" do - lambda do - u = create_user(:login => login_str) - u.errors.on(:login).should_not be_nil - end.should_not change(User, :count) - end - end - end it 'requires password' do lambda do @@ -147,12 +117,12 @@ describe User do it 'resets password' do users(:quentin).update_attributes(:password => 'new password', :password_confirmation => 'new password') - User.authenticate('quentin', 'new password').should == users(:quentin) + User.authenticate('quentin@example.com', 'new password').should == users(:quentin) end it 'does not rehash password' do - users(:quentin).update_attributes(:login => 'quentin2') - User.authenticate('quentin2', 'monkey').should == users(:quentin) + users(:quentin).update_attributes(:email => 'quentin2@example.com') + User.authenticate('quentin2@example.com', 'monkey').should == users(:quentin) end # @@ -160,28 +130,28 @@ describe User do # it 'authenticates user' do - User.authenticate('quentin', 'monkey').should == users(:quentin) + User.authenticate('quentin@example.com', 'monkey').should == users(:quentin) end it "doesn't authenticate user with bad password" do - User.authenticate('quentin', 'invalid_password').should be_nil + User.authenticate('quentin@example.com', 'invalid_password').should be_nil end if REST_AUTH_SITE_KEY.blank? # old-school passwords it "authenticates a user against a hard-coded old-style password" do - User.authenticate('old_password_holder', 'test').should == users(:old_password_holder) + User.authenticate('salty_dog@example.com', 'test').should == users(:old_password_holder) end else it "doesn't authenticate a user against a hard-coded old-style password" do - User.authenticate('old_password_holder', 'test').should be_nil + User.authenticate('salty_dog@example.com', 'test').should be_nil end # New installs should bump this up and set REST_AUTH_DIGEST_STRETCHES to give a 10ms encrypt time or so desired_encryption_expensiveness_ms = 0.1 it "takes longer than #{desired_encryption_expensiveness_ms}ms to encrypt a password" do test_reps = 100 - start_time = Time.now; test_reps.times{ User.authenticate('quentin', 'monkey'+rand.to_s) }; end_time = Time.now + start_time = Time.now; test_reps.times{ User.authenticate('quentin@example.com', 'monkey'+rand.to_s) }; end_time = Time.now auth_time_ms = 1000 * (end_time - start_time)/test_reps auth_time_ms.should > desired_encryption_expensiveness_ms end @@ -283,7 +253,7 @@ describe User do protected def create_user(options = {}) - record = User.new({ :login => 'quire', :email => 'quire@example.com', :password => 'quire69', :password_confirmation => 'quire69' }.merge(options)) + record = User.new({ :email => 'quire@example.com', :password => 'quire69', :password_confirmation => 'quire69' }.merge(options)) record.register! if record.valid? record end spec/models/user_spec.rb @@ -48,8 +48,8 @@ module ToFooFromStory end # Coverts an attribute list found in the steps into an array # Example: - # login, email, updated_at, and gravatar - # # => ['login', 'email', 'updated_at', 'gravatar'] + # email, updated_at, and gravatar + # # => ['email', 'updated_at', 'gravatar'] def to_array_from_story self.split(/,? and |, /).map do |value| ToFooFromStory::fix_value(value) stories/rest_auth_stories_helper.rb 560f3844ad9aff878c1e830eef851b442865154b unknown Matt@.(none) http://github.com/MattHall/bort/commit/ebe3555482a2f249ac7445cd0e3d3f094c7f1256 ebe3555482a2f249ac7445cd0e3d3f094c7f1256 2008-08-25T02:51:08-07:00 2008-08-25T02:51:08-07:00 Changed authentication to use email instead of username 960708146ab8ec491a3d43b56fdb86d3fed56cd6 unknown Matt@.(none)