app/controllers/sessions_controller.rb app/controllers/users_controller.rb app/helpers/sessions_helper.rb app/helpers/users_helper.rb app/models/user.rb app/views/sessions/new.html.erb app/views/users/new.html.erb app/views/users/show.html.erb db/migrate/20081028233726_add_open_id.rb lib/authenticated_system.rb lib/authenticated_test_helper.rb spec/controllers/access_control_spec.rb spec/controllers/authenticated_system_spec.rb spec/controllers/sessions_controller_spec.rb spec/controllers/users_controller_spec.rb spec/fixtures/users.yml spec/helpers/users_helper_spec.rb spec/models/user_spec.rb stories/rest_auth_stories.rb stories/rest_auth_stories_helper.rb stories/steps/ra_navigation_steps.rb stories/steps/ra_resource_steps.rb stories/steps/ra_response_steps.rb stories/steps/user_steps.rb stories/users/accounts.story stories/users/sessions.story vendor/plugins/open_id_authentication/CHANGELOG vendor/plugins/open_id_authentication/README vendor/plugins/open_id_authentication/Rakefile vendor/plugins/open_id_authentication/generators/open_id_authentication_tables/open_id_authentication_tables_generator.rb vendor/plugins/open_id_authentication/generators/open_id_authentication_tables/templates/migration.rb vendor/plugins/open_id_authentication/generators/upgrade_open_id_authentication_tables/templates/migration.rb vendor/plugins/open_id_authentication/generators/upgrade_open_id_authentication_tables/upgrade_open_id_authentication_tables_generator.rb vendor/plugins/open_id_authentication/init.rb vendor/plugins/open_id_authentication/lib/open_id_authentication.rb vendor/plugins/open_id_authentication/lib/open_id_authentication/association.rb vendor/plugins/open_id_authentication/lib/open_id_authentication/db_store.rb vendor/plugins/open_id_authentication/lib/open_id_authentication/mem_cache_store.rb vendor/plugins/open_id_authentication/lib/open_id_authentication/nonce.rb vendor/plugins/open_id_authentication/lib/open_id_authentication/timeout_fixes.rb vendor/plugins/open_id_authentication/tasks/open_id_authentication_tasks.rake vendor/plugins/open_id_authentication/test/mem_cache_store_test.rb vendor/plugins/open_id_authentication/test/normalize_test.rb vendor/plugins/open_id_authentication/test/open_id_authentication_test.rb vendor/plugins/open_id_authentication/test/status_test.rb vendor/plugins/open_id_authentication/test/test_helper.rb vendor/plugins/restful_authentication/.gitignore vendor/plugins/restful_authentication/CHANGELOG vendor/plugins/restful_authentication/README vendor/plugins/restful_authentication/Rakefile vendor/plugins/restful_authentication/TODO vendor/plugins/restful_authentication/generators/authenticated/USAGE vendor/plugins/restful_authentication/generators/authenticated/authenticated_generator.rb vendor/plugins/restful_authentication/generators/authenticated/lib/insert_routes.rb vendor/plugins/restful_authentication/generators/authenticated/templates/_model_partial.html.erb vendor/plugins/restful_authentication/generators/authenticated/templates/activation.html.erb vendor/plugins/restful_authentication/generators/authenticated/templates/authenticated_system.rb vendor/plugins/restful_authentication/generators/authenticated/templates/authenticated_test_helper.rb vendor/plugins/restful_authentication/generators/authenticated/templates/controller.rb vendor/plugins/restful_authentication/generators/authenticated/templates/helper.rb vendor/plugins/restful_authentication/generators/authenticated/templates/login.html.erb vendor/plugins/restful_authentication/generators/authenticated/templates/mailer.rb vendor/plugins/restful_authentication/generators/authenticated/templates/migration.rb vendor/plugins/restful_authentication/generators/authenticated/templates/model.rb vendor/plugins/restful_authentication/generators/authenticated/templates/model_controller.rb vendor/plugins/restful_authentication/generators/authenticated/templates/model_helper.rb vendor/plugins/restful_authentication/generators/authenticated/templates/model_helper_spec.rb vendor/plugins/restful_authentication/generators/authenticated/templates/observer.rb vendor/plugins/restful_authentication/generators/authenticated/templates/signup.html.erb vendor/plugins/restful_authentication/generators/authenticated/templates/signup_notification.html.erb vendor/plugins/restful_authentication/generators/authenticated/templates/site_keys.rb vendor/plugins/restful_authentication/generators/authenticated/templates/spec/controllers/access_control_spec.rb vendor/plugins/restful_authentication/generators/authenticated/templates/spec/controllers/authenticated_system_spec.rb vendor/plugins/restful_authentication/generators/authenticated/templates/spec/controllers/sessions_controller_spec.rb vendor/plugins/restful_authentication/generators/authenticated/templates/spec/controllers/users_controller_spec.rb vendor/plugins/restful_authentication/generators/authenticated/templates/spec/fixtures/users.yml vendor/plugins/restful_authentication/generators/authenticated/templates/spec/helpers/users_helper_spec.rb vendor/plugins/restful_authentication/generators/authenticated/templates/spec/models/user_spec.rb vendor/plugins/restful_authentication/generators/authenticated/templates/stories/rest_auth_stories.rb vendor/plugins/restful_authentication/generators/authenticated/templates/stories/rest_auth_stories_helper.rb vendor/plugins/restful_authentication/generators/authenticated/templates/stories/steps/ra_navigation_steps.rb vendor/plugins/restful_authentication/generators/authenticated/templates/stories/steps/ra_resource_steps.rb vendor/plugins/restful_authentication/generators/authenticated/templates/stories/steps/ra_response_steps.rb vendor/plugins/restful_authentication/generators/authenticated/templates/stories/steps/user_steps.rb vendor/plugins/restful_authentication/generators/authenticated/templates/stories/users/accounts.story vendor/plugins/restful_authentication/generators/authenticated/templates/stories/users/sessions.story vendor/plugins/restful_authentication/generators/authenticated/templates/test/functional_test.rb vendor/plugins/restful_authentication/generators/authenticated/templates/test/mailer_test.rb vendor/plugins/restful_authentication/generators/authenticated/templates/test/model_functional_test.rb vendor/plugins/restful_authentication/generators/authenticated/templates/test/unit_test.rb vendor/plugins/restful_authentication/init.rb vendor/plugins/restful_authentication/install.rb vendor/plugins/restful_authentication/lib/authentication.rb vendor/plugins/restful_authentication/lib/authentication/by_cookie_token.rb vendor/plugins/restful_authentication/lib/authentication/by_password.rb vendor/plugins/restful_authentication/lib/authorization.rb vendor/plugins/restful_authentication/lib/authorization/stateful_roles.rb vendor/plugins/restful_authentication/lib/trustification.rb vendor/plugins/restful_authentication/lib/trustification/email_validation.rb vendor/plugins/restful_authentication/notes/AccessControl.txt vendor/plugins/restful_authentication/notes/Authentication.txt vendor/plugins/restful_authentication/notes/Authorization.txt vendor/plugins/restful_authentication/notes/RailsPlugins.txt vendor/plugins/restful_authentication/notes/SecurityFramework.graffle vendor/plugins/restful_authentication/notes/SecurityFramework.png vendor/plugins/restful_authentication/notes/SecurityPatterns.txt vendor/plugins/restful_authentication/notes/Tradeoffs.txt vendor/plugins/restful_authentication/notes/Trustification.txt @@ -1,4 +1,13 @@ Flesh out the meetings function - I've generated a meetings scaffold and want to have a facility to record details about meetings like members who attended and what was discussed and links to any resources - play around with the datepicker - what about time? and customising the datepicker, maybe make it inline -- topics should probably be a nested resource of meetings \ No newline at end of file +- topics should probably be a nested resource of meetings +- fix validation/errors for adding new topics on the edit meetings view +- probably remove jrails plugin and stop using rails js helpers (which are obtrusive) and go for something more unobtrusive +- implement OpenID authentication system for admin editing of meeting info +-- maybe make it really simple, only used by admins for now (maybe for members when there is commenting) +-- only display on meetings page and it is simply a login as admins are already signed up +- add a commenting function for meetings +- provide mechanism for hosting and playing slides of presentations either on the site or through a third party service +- add a mapping facility that allows meeting locations to be graphically presented +- allow for upload of images for a meeting/event TODO @@ -2,14 +2,13 @@ # Likewise, all the methods added will be available for all controllers. class ApplicationController < ActionController::Base + include AuthenticatedSystem + helper :all # include all helpers, all the time # See ActionController::RequestForgeryProtection for details # Uncomment the :secret if you're not using the cookie session store protect_from_forgery # :secret => '505bd66a8842a7f247596f00b5637871' - # See ActionController::Base for details - # Uncomment this to filter the contents of submitted sensitive data parameters - # from your application log (in this case, all fields with names like "password"). - # filter_parameter_logging :password + filter_parameter_logging :password end app/controllers/application.rb @@ -1,2 +1,8 @@ module MeetingsHelper + + # yields content only for admins + # def admin_only + # yield if logged_in? and current_user.admin? + # end + end app/helpers/meetings_helper.rb @@ -1,3 +1,15 @@ +- content_for :sidebar do + = javascript_tag nil, { :id => "__openidselector", :src => "https://www.idselector.com/selector/35a7c32f7c9b9a1070af8f839f4b1deade415eb5", :charset =>"utf-8" } + + %h3 OpenID Login (inactive) + + %form{:action => '/login', :method => 'post'} + / %input{ :id => "openid_identifier" } + = text_field_tag 'openid_identifier' + =# submit_tag 'Go' + + = logged_in? ? link_to("Log out #{current_user.email}", session_url, :method => :delete) : link_to("Log in", new_session_url) + #next_meeting %h1 Next Meeting - unless @next_meeting.nil? @@ -20,12 +32,3 @@ There have not been any meetings yet %p= link_to 'Schedule a new meeting', new_meeting_path - -- content_for :sidebar do - - %h3 Testing OpenID Login - - %input{ :id => "openid_identifier" } - = javascript_tag nil, { :id => "__openidselector", :src => "https://www.idselector.com/selector/35a7c32f7c9b9a1070af8f839f4b1deade415eb5", :charset =>"utf-8" } - - %p (not hooked up yet) app/views/meetings/index.html.haml @@ -53,7 +53,7 @@ Rails::Initializer.run do |config| # no regular words or you'll be exposed to dictionary attacks. config.action_controller.session = { :session_key => '_crc_session', - :secret => '1dfa4bee58458352f13c498f463d4abee79b4d3f7834987d5f46ba890b73b85652efc7388474a5bfc07fe3abb2cce37cbafbf90c882c9e466274a9f7486555ee' + :secret => '93632c6ab68d540c06dbacb08642f08e387405a84c9b93c5c044ba9345d22a0d9eed89842ec27ffa0ee23178d8474e3eaf0319277081da734fbdab9c587bb680' } # Use the database for sessions instead of the cookie-based default, config/environment.rb @@ -3,6 +3,15 @@ ActionController::Routing::Routes.draw do |map| map.resources :meetings + map.resources :users + + map.open_id_complete 'opensession', :controller => "sessions", :action => "create", :requirements => { :method => :get } + map.open_id_create 'opencreate', :controller => "users", :action => "create", :requirements => { :method => :get } + map.resource :session + map.signup '/signup', :controller => 'users', :action => 'new' + map.login '/login', :controller => 'sessions', :action => 'new' + map.logout '/logout', :controller => 'sessions', :action => 'destroy' + map.commits '/hacks', :controller => 'commits' config/routes.rb @@ -9,7 +9,7 @@ # # It's strongly recommended to check this file into your version control system. -ActiveRecord::Schema.define(:version => 20081023140716) do +ActiveRecord::Schema.define(:version => 20081028233726) do create_table "attendances", :force => true do |t| t.integer "person_id", :limit => 11 @@ -71,6 +71,21 @@ ActiveRecord::Schema.define(:version => 20081023140716) do t.datetime "updated_at" end + create_table "open_id_authentication_associations", :force => true do |t| + t.integer "issued", :limit => 11 + t.integer "lifetime", :limit => 11 + t.string "handle" + t.string "assoc_type" + t.binary "server_url" + t.binary "secret" + end + + create_table "open_id_authentication_nonces", :force => true do |t| + t.integer "timestamp", :limit => 11, :null => false + t.string "server_url" + t.string "salt", :null => false + end + create_table "people", :force => true do |t| t.string "username" t.string "name" @@ -90,4 +105,19 @@ ActiveRecord::Schema.define(:version => 20081023140716) do t.datetime "updated_at" end + create_table "users", :force => true do |t| + t.string "login", :limit => 40 + t.string "name", :limit => 100, :default => "" + t.string "email", :limit => 100 + t.string "crypted_password", :limit => 40 + t.string "salt", :limit => 40 + t.datetime "created_at" + t.datetime "updated_at" + t.string "remember_token", :limit => 40 + t.datetime "remember_token_expires_at" + t.string "identity_url" + end + + add_index "users", ["login"], :name => "index_users_on_login" + end db/schema.rb @@ -8,4 +8,18 @@ describe MeetingsHelper do included_modules.should include(MeetingsHelper) end + # describe "admin_only" do + # it "should yield if logged in user is an admin" do + # @content_block = "Inside the content block" + # result = helper.admin_only { @content_block } + # result.should_not equal(@content_block) + # end + # it "should NOT yield if user is not logged in" do + # + # end + # it "should NOT yield if logged in user is not an admin" do + # + # end + # end + end spec/helpers/meetings_helper_spec.rb public/.DS_Store a2b5088f79d8061e9d0b8f74c19438272732e291 Michael MacDonald michaelm@amc.org.au http://github.com/artpop/crc_site/commit/0bca37ab7703e59522225d956f8763be4de6ade0 0bca37ab7703e59522225d956f8763be4de6ade0 2008-10-28T16:55:21-07:00 2008-10-28T16:55:21-07:00 Added OpenID Rails Kit 411eca4c15e080173e7ec6851dd3199f4b3a2084 Michael MacDonald michaelm@amc.org.au