Permalink
Browse files

Merge branch 'release/1.7.0'

  • Loading branch information...
2 parents 3655456 + 8c8b128 commit 89e599a864cbea10461ff26083df79ef3cf62af9 @amalloy amalloy committed Nov 25, 2011
View
@@ -1,4 +1,4 @@
-(defproject foreclojure "1.6.2"
+(defproject foreclojure "1.7.0"
:description "4clojure - a website for learning Clojure"
:dependencies [[clojure "1.2.1"]
[clojure-contrib "1.2.0"]
@@ -11,6 +11,7 @@
[cheshire "2.0.2"]
[useful "0.7.0-beta5"]
[amalloy/ring-gzip-middleware "[0.1.0,)"]
+ [amalloy/mongo-session "0.0.1"]
[clj-github "1.0.1"]
[ring "0.3.7"]
[clj-config "0.1.0"]
@@ -1,6 +1,4 @@
-
-
#######################################
# error messages used in registration #
# and when updating user settings #
@@ -16,4 +14,11 @@ settings.npwd-match=New password was not entered identically twice
settings.pwd-incorrect=Current password incorrect
settings.email-invalid=Please enter a valid email address
settings.email-exists=User with this email address already exists
-
+
+#######################################
+# security related error messages #
+#######################################
+
+security.login-required=You must %s to do this
+security.err-reset-email=Something went wrong emailing your new password! Please contact <a href='mailto:team@4clojure.com?subject=Password Reset: %s'>team@4clojure.com</a> - we'll reset it manually and look into the problem. When you do, please mention your username.
+security.email-unknown=We don't know anyone with that email address!
@@ -25,7 +25,8 @@
[ring.middleware.reload :only [wrap-reload]]
[ring.middleware.stacktrace :only [wrap-stacktrace]]
[ring.middleware.file-info :only [wrap-file-info]]
- [ring.middleware.gzip :only [wrap-gzip]]))
+ [ring.middleware.gzip :only [wrap-gzip]]
+ [mongo-session.core :only [mongo-session]]))
(def *block-server* false)
@@ -52,7 +53,7 @@
((if (:wrap-reload config)
#(wrap-reload % '(foreclojure.core))
identity))
- session/wrap-stateful-session
+ (session/wrap-stateful-session {:store (mongo-session :sessions)})
wrap-request-bindings
handler/site
wrap-strip-trailing-slash))
@@ -5,6 +5,7 @@
(:use [hiccup.form-helpers :only [form-to label text-field password-field check-box]]
[foreclojure.utils :only [from-mongo flash-error flash-msg form-row assuming send-email login-url]]
[foreclojure.template :only [def-page content-page]]
+ [foreclojure.messages :only [err-msg]]
[compojure.core :only [defroutes GET POST]]
[useful.map :only [keyed]]
[clojail.core :only [thunk-timeout]]
@@ -110,9 +111,9 @@
"Your password has been reset! You should receive an email soon."))
(do (spit (str name ".pwd") diagnostics)
(flash-error "/login/reset"
- (str "Something went wrong emailing your new password! Please contact <a href='mailto:team@4clojure.com?subject=Password Reset: " name "'>team@4clojure.com</a> - we'll reset it manually and look into the problem. When you do, please mention your username.")))))
+ (err-msg "security.err-pwd-email" name)))))
(flash-error "/login/reset"
- "We don't know anyone with that email address!")))
+ (err-msg "security.err-unknown"))))
(defroutes login-routes
(GET "/login" [location] (my-login-page location))
@@ -5,5 +5,8 @@
(.load (-> (Thread/currentThread)
(.getContextClassLoader)
(.getResourceAsStream file))))))
+
+(def err-msg-map (load-props "error-messages.properties"))
-(def err-msgs (load-props "error-messages.properties"))
+(defn err-msg [key & args]
+ (apply format (cons (get err-msg-map key) args)))
@@ -183,11 +183,11 @@ Return a map, {:message, :error, :url, :num-tests-passed}."
["Empty input is not allowed."]
(for [test tests]
(try
- (when-not (sb sb-tester
- (->> user-forms
+ (when-not (sb (->> user-forms
(s/replace test "__")
read-string-safely
first)
+ sb-tester
{#'*out* devnull
#'*err* devnull})
"You failed the unit tests")
@@ -6,7 +6,7 @@
[compojure.core :only [defroutes GET POST]]
[foreclojure.utils :only [form-row assuming flash-error plausible-email?]]
[foreclojure.template :only [def-page]]
- [foreclojure.messages :only [err-msgs]]
+ [foreclojure.messages :only [err-msg]]
[somnium.congomongo :only [insert! fetch-one]]))
(def-page register-page []
@@ -27,20 +27,20 @@
(defn do-register [user pwd repeat-pwd email]
(let [lower-user (.toLowerCase user)]
(assuming [(nil? (fetch-one :users :where {:user lower-user}))
- (err-msgs "settings.user-exists"),
+ (err-msg "settings.user-exists"),
(< 3 (.length lower-user) 14)
- (err-msgs "settings.uname-size"),
+ (err-msg "settings.uname-size"),
(= lower-user
(first (re-seq #"[A-Za-z0-9_]+" lower-user)))
- (err-msgs "settings.uname-alphanum")
+ (err-msg "settings.uname-alphanum")
(< 6 (.length pwd))
- (err-msgs "settings.pwd-size"),
+ (err-msg "settings.pwd-size"),
(= pwd repeat-pwd)
- (err-msgs "settings.pwd-match"),
+ (err-msg "settings.pwd-match"),
(plausible-email? email)
- (err-msgs "settings.email-invalid")
+ (err-msg "settings.email-invalid")
(nil? (fetch-one :users :where {:email email}))
- (err-msgs "settings.email-exists")]
+ (err-msg "settings.email-exists")]
(do
(insert! :users
{:user lower-user
@@ -6,7 +6,7 @@
[foreclojure.utils :only [from-mongo flash-error flash-msg with-user form-row assuming send-email login-url plausible-email?]]
[foreclojure.template :only [def-page content-page]]
[foreclojure.users :only [disable-codebox? hide-solutions? gravatar-img]]
- [foreclojure.messages :only [err-msgs]]
+ [foreclojure.messages :only [err-msg]]
[compojure.core :only [defroutes GET POST]]
[useful.map :only [keyed]]
[clojail.core :only [thunk-timeout]]
@@ -71,23 +71,23 @@
new-pwd-hash (.encryptPassword encryptor new-pwd)
new-lower-user (.toLowerCase new-username)]
(assuming [(or (= new-lower-user user) (nil? (fetch-one :users :where {:user new-lower-user})))
- (err-msgs "settings.user-exists"),
+ (err-msg "settings.user-exists"),
(< 3 (.length new-lower-user) 14)
- (err-msgs "settings.uname-size"),
+ (err-msg "settings.uname-size"),
(= new-lower-user
(first (re-seq #"[A-Za-z0-9_]+" new-lower-user)))
- (err-msgs "settings.uname-alphanum")
+ (err-msg "settings.uname-alphanum")
(or (empty? new-pwd) (< 6 (.length new-pwd)))
- (err-msgs "settings.npwd-size"),
+ (err-msg "settings.npwd-size"),
(= new-pwd repeat-pwd)
- (err-msgs "settings.npwd-match")
+ (err-msg "settings.npwd-match")
(or (empty? new-pwd)
(.checkPassword encryptor old-pwd pwd))
- (err-msgs "settings.pwd-incorrect")
+ (err-msg "settings.pwd-incorrect")
(plausible-email? email)
- (err-msgs "settings.email-invalid")
+ (err-msg "settings.email-invalid")
(nil? (fetch-one :users :where {:email email :user {:$ne user}}))
- (err-msgs "settings.email-exists")]
+ (err-msg "settings.email-exists")]
(do
(update! :users {:user user}
{:$set {:pwd (if (seq new-pwd) new-pwd-hash pwd)
@@ -2,6 +2,7 @@
(:require [sandbar.stateful-session :as session]
[ring.util.response :as response]
[foreclojure.config :as config]
+ [foreclojure.messages :as msg]
[clojure.walk :as walk]
[clojure.string :as string]
[foreclojure.git :as git]
@@ -146,7 +147,7 @@
(defmacro with-user [[binding expr] & body]
`(if-user [~binding ~expr]
(do ~@body)
- [:span.error "You must " (login-link) " to do this."]))
+ [:span.error (msg/err-msg "security.login-required" (login-link))]))
(defn flash-fn [type]
(fn [url msg]
@@ -0,0 +1,12 @@
+(ns foreclojure.test.messages
+ (:use [foreclojure.messages :only [err-msg]])
+ (:use [clojure.test])
+ (:use [midje.sweet]))
+
+(def filler "BAKE ME COOKIES")
+
+(deftest test-err-msg
+ (fact "about err-msg - format"
+ (err-msg "security.login-required" filler) => "You must BAKE ME COOKIES to do this")
+ (fact "about err-msg - standard"
+ (err-msg "settings.user-exists") => "User already exists"))
@@ -2,7 +2,7 @@
(:require [sandbar.stateful-session :as session]
[ring.util.response :as response])
(:use [foreclojure.register])
- (:use [foreclojure.messages :only [err-msgs]])
+ (:use [foreclojure.messages :only [err-msg]])
(:use [clojure.test])
(:use [midje.sweet])
(:use [foreclojure.utils :only [form-row assuming flash-error]])
@@ -35,30 +35,30 @@
(do-register uname pwd pwd email) => truthy
(provided
(fetch-one :users :where {:user uname}) => {:user "username"}
- (flash-error "/register" (err-msgs "settings.user-exists")) => 1))
+ (flash-error "/register" (err-msg "settings.user-exists")) => 1))
(fact "about do-register - username too long"
(do-register lngname pwd pwd email) => truthy
(provided
- (flash-error "/register" (err-msgs "settings.uname-size")) => 1))
+ (flash-error "/register" (err-msg "settings.uname-size")) => 1))
(fact "about do-register - username not alphanumeric"
(do-register bname pwd pwd email) => truthy
(provided
- (flash-error "/register" (err-msgs "settings.uname-alphanum")) => 1))
+ (flash-error "/register" (err-msg "settings.uname-alphanum")) => 1))
(fact "about do-register - short password"
(do-register uname shpwd shpwd email) => truthy
(provided
- (flash-error "/register" (err-msgs "settings.pwd-size")) => 1))
+ (flash-error "/register" (err-msg "settings.pwd-size")) => 1))
(fact "about do-register - passwords don't match"
(do-register uname pwd shpwd email) => truthy
(provided
- (flash-error "/register" (err-msgs "settings.pwd-match")) => 1))
+ (flash-error "/register" (err-msg "settings.pwd-match")) => 1))
(fact "about do-register - bad email"
(do-register uname pwd pwd bemail) => truthy
(provided
- (flash-error "/register" (err-msgs "settings.email-invalid")) => 1))
+ (flash-error "/register" (err-msg "settings.email-invalid")) => 1))
(fact "about do-register - email exists"
(do-register uname pwd pwd email) => truthy
(provided
(fetch-one :users :where {:user uname}) => nil
(fetch-one :users :where {:email email}) => {:user "username"}
- (flash-error "/register" (err-msgs "settings.email-exists")) => 1)))))
+ (flash-error "/register" (err-msg "settings.email-exists")) => 1)))))
@@ -3,7 +3,7 @@
[ring.util.response :as response])
(:import [org.jasypt.util.password StrongPasswordEncryptor])
(:use [foreclojure.settings])
- (:use [foreclojure.messages :only [err-msgs]])
+ (:use [foreclojure.messages :only [err-msg]])
(:use [clojure.test])
(:use [midje.sweet])
(:use [foreclojure.utils :only [get-user assuming flash-error flash-msg]])
@@ -42,36 +42,36 @@
(do-update-settings! new-name old-pwd new-pwd new-pwd email false false) => truthy
(provided
(fetch-one :users :where {:user new-name}) => {:user "username-new"}
- (flash-error "/settings" (err-msgs "settings.user-exists")) => 1))
+ (flash-error "/settings" (err-msg "settings.user-exists")) => 1))
(fact "about do-update-settings! - username too long"
(do-update-settings! lngname old-pwd new-pwd new-pwd email false false) => truthy
(provided
- (flash-error "/settings" (err-msgs "settings.uname-size")) => 1))
+ (flash-error "/settings" (err-msg "settings.uname-size")) => 1))
(fact "about do-update-settings! - username not alphanumeric"
(do-update-settings! bname old-pwd new-pwd new-pwd email false false) => truthy
(provided
- (flash-error "/settings" (err-msgs "settings.uname-alphanum")) => 1))
+ (flash-error "/settings" (err-msg "settings.uname-alphanum")) => 1))
(fact "about do-update-settings! - short password"
(do-update-settings! new-name old-pwd short-pwd short-pwd email false false) => truthy
(provided
- (flash-error "/settings" (err-msgs "settings.npwd-size")) => 1))
+ (flash-error "/settings" (err-msg "settings.npwd-size")) => 1))
(fact "about do-update-settings! - passwords don't match"
(do-update-settings! new-name old-pwd new-pwd old-pwd email false false) => truthy
(provided
- (flash-error "/settings" (err-msgs "settings.npwd-match")) => 1))
+ (flash-error "/settings" (err-msg "settings.npwd-match")) => 1))
(fact "about do-update-settings! - old password doesn't match"
(do-update-settings! new-name new-pwd new-pwd new-pwd email false false) => truthy
(provided
- (flash-error "/settings" (err-msgs "settings.pwd-incorrect")) => 1))
+ (flash-error "/settings" (err-msg "settings.pwd-incorrect")) => 1))
(fact "about do-update-settings! - bad email"
(do-update-settings! new-name old-pwd new-pwd new-pwd bad-email false false) => truthy
(provided
- (flash-error "/settings" (err-msgs "settings.email-invalid")) => 1))
+ (flash-error "/settings" (err-msg "settings.email-invalid")) => 1))
(fact "about do-update-settings! - email exists"
(do-update-settings! new-name old-pwd new-pwd new-pwd email false false) => truthy
(provided
;you have to specify both because midje can't tell them apart
(fetch-one :users :where {:user new-name}) => nil
(fetch-one :users :where {:email email :user {:$ne old-name}}) => {:user old-name}
- (flash-error "/settings" (err-msgs "settings.email-exists")) => 1)))))
+ (flash-error "/settings" (err-msg "settings.email-exists")) => 1)))))

0 comments on commit 89e599a

Please sign in to comment.