Skip to content

Commit

Permalink
Merge branch 'master' of git://github.com/necrodome/vanilla-rb
Browse files Browse the repository at this point in the history
  • Loading branch information
@lazyatom
lazyatom committed Dec 12, 2008
2 parents d9ab665 + 8853ac9 commit f893755
Show file tree
Hide file tree
Showing 7 changed files with 53 additions and 13 deletions.
34 changes: 31 additions & 3 deletions Rakefile
View file
Expand Up @@ -71,7 +71,8 @@ task :upgrade => ["upgrade:dynasnips"]
desc 'Add a user (or change an existing password)'
task :add_user => :prepare do
puts "Adding a new user"
credentials = YAML.load(File.open("vanilla-authorization.yml")) rescue {}
credential_file = File.join(Vanilla::App.root,'config','vanilla-authorization.yml')
credentials = YAML.load(File.open(credential_file)) rescue {}
print "Username: "
username = STDIN.gets.chomp.strip
print "Password: "
Expand All @@ -82,11 +83,31 @@ task :add_user => :prepare do
raise "Passwords don't match!"
else
credentials[username] = MD5.md5(password).to_s
File.open("vanilla-authorization.yml", "w") { |f| f.write credentials.to_yaml }
File.open(credential_file, "w") { |f| f.write credentials.to_yaml }
puts "User '#{username}' added."
end
end

desc 'Generate file containing secret for cookie-based session storage'
task :generate_secret_file do
# Adapted from old rails secret generator.
require 'openssl'
if !File.exist?("/dev/urandom")
# OpenSSL transparently seeds the random number generator with
# data from /dev/urandom. On platforms where that is not
# available, such as Windows, we have to provide OpenSSL with
# our own seed. Unfortunately there's no way to provide a
# secure seed without OS support, so we'll have to do with
# rand() and Time.now.usec().
OpenSSL::Random.seed(rand(0).to_s + Time.now.usec.to_s)
end
data = OpenSSL::BN.rand(2048, -1, false).to_s
secret = OpenSSL::Digest::SHA512.new(data).hexdigest
File.open(File.join(Vanilla::App.root,'config','secret.yml'),'w') {|f| f.write({"secret" => secret}.to_yaml)}
puts "Secret file generated."
end


desc 'Prepare a new vanilla.rb installation'
task :setup do
puts <<-EOM
Expand All @@ -99,6 +120,13 @@ Lets get started. Firstly, I'm going to cook you some soup:
EOM
Rake::Task[:bootstrap].invoke

puts <<-EOM
Generating the file that will contain the secret for cookie-based session storage.
EOM
Rake::Task[:generate_secret_file].invoke

puts <<-EOM
Expand Down Expand Up @@ -131,4 +159,4 @@ Spec::Rake::SpecTask.new do |t|
t.libs = ["spec"]
end

task :default => :spec
task :default => :spec
3 changes: 2 additions & 1 deletion config.ru
View file
Expand Up @@ -3,6 +3,7 @@ require 'vanilla'

use Rack::Session::Cookie, :key => 'vanilla.session',
:path => '/',
:expire_after => 2592000
:expire_after => 2592000,
:secret => YAML.load(File.read(File.join(Vanilla::App.root,'config','secret.yml')))['secret']
use Rack::Static, :urls => ["/public"], :root => File.join(File.dirname(__FILE__), *%w[vanilla])
run Vanilla::App.new
6 changes: 5 additions & 1 deletion lib/vanilla/app.rb
View file
Expand Up @@ -83,5 +83,9 @@ def render_missing_snip(snip_name)
"[snip '#{snip_name}' cannot be found]"
end

def self.root
File.dirname(__FILE__)
end

end
end
end
2 changes: 2 additions & 0 deletions lib/vanilla/config/secret.yml.example
View file
@@ -0,0 +1,2 @@
---
secret: "run rake generate_secret_file to generate a (mostly) secure secret"
2 changes: 2 additions & 0 deletions lib/vanilla/config/vanilla-authorization.yml.example
View file
@@ -0,0 +1,2 @@
---
test: 098f6bcd4621d373cade4e832627b4f6
13 changes: 6 additions & 7 deletions lib/vanilla/dynasnips/login.rb
View file
Expand Up @@ -9,7 +9,7 @@ def logged_in?
end

def current_user
app.request.cookies['logged_in_as']
app.request.session['logged_in_as']
end

def login_required
Expand All @@ -27,18 +27,17 @@ def get(*args)
end

def post(*args)
credentials = YAML.load(File.open("vanilla-authorization.yml"))
credentials = YAML.load(File.open(File.join(Vanilla::App.root,'config','vanilla-authorization.yml')))
if credentials[cleaned_params[:name]] == MD5.md5(cleaned_params[:password]).to_s
app.response.set_cookie('logged_in_as', cleaned_params[:name])
app.request.cookies['logged_in_as'] = cleaned_params[:name]
app.request.session['logged_in_as'] = cleaned_params[:name]
login_controls
else
"login fail!"
end
end

def delete(*args)
app.response.delete_cookie('logged_in_as')
app.request.session['logged_in_as'] = nil
"Logged out"
end

Expand All @@ -53,6 +52,6 @@ def delete(*args)
private

def login_controls
"logged in as {link_to #{app.request.cookies['logged_in_as']}}; <a href='/login?_method=delete'>logout</a>"
"logged in as {link_to #{app.request.session['logged_in_as']}}; <a href='/login?_method=delete'>logout</a>"
end
end
end
6 changes: 5 additions & 1 deletion lib/vanilla/request.rb
View file
Expand Up @@ -30,6 +30,10 @@ def ip
@rack_request.env["REMOTE_ADDR"]
end

def session
@rack_request.env["rack.session"]
end

private

def determine_request_uri_parts
Expand Down Expand Up @@ -61,4 +65,4 @@ def request_uri_parts(request)
end

end
end
end

0 comments on commit f893755

Please sign in to comment.