Permalink
Browse files

deleted and re-generated the restful_authentication framework. I've r…

…emoved the user signup process as it isn't currently needed.
  • Loading branch information...
GavinJoyce committed Dec 13, 2008
1 parent 23d1e23 commit 8b96de49e2924f3f92459238778f0fbf093cbcb2
@@ -2,8 +2,8 @@
# Likewise, all the methods added will be available for all controllers.
class ApplicationController < ActionController::Base
- include AuthenticatedSystem
helper :all # include all helpers, all the time
+ include AuthenticatedSystem
# See ActionController::RequestForgeryProtection for details
# Uncomment the :secret if you're not using the cookie session store
@@ -1,5 +1,6 @@
# This controller handles the login/logout function of the site.
class SessionsController < ApplicationController
+ # Be sure to include AuthenticationSystem in Application Controller instead
# render new.rhtml
def new
@@ -17,7 +18,7 @@ def create
new_cookie_flag = (params[:remember_me] == "1")
handle_remember_cookie! new_cookie_flag
redirect_back_or_default('/')
- flash[:success] = "Welcome back #{h(user.login)}"
+ flash[:notice] = "Logged in successfully"
else
note_failed_signin
@login = params[:login]
@@ -1,73 +0,0 @@
-class UsersController < ApplicationController
-
- # Protect these actions behind an admin login
- # before_filter :admin_required, :only => [:suspend, :unsuspend, :destroy, :purge]
- before_filter :find_user, :only => [:suspend, :unsuspend, :destroy, :purge]
-
-
- # render new.rhtml
- def new
- @user = User.new
- end
-
- def create
- logout_keeping_session!
- @user = User.new(params[:user])
- @user.register! if @user && @user.valid?
- success = @user && @user.valid?
- if success && @user.errors.empty?
- redirect_back_or_default('/')
- flash[:notice] = "Thanks for signing up! We're sending you an email with your activation code."
- else
- flash[:error] = "We couldn't set up that account, sorry. Please try again, or contact an admin (link is above)."
- render :action => 'new'
- end
- end
-
- def activate
- logout_keeping_session!
- user = User.find_by_activation_code(params[:activation_code]) unless params[:activation_code].blank?
- case
- when (!params[:activation_code].blank?) && user && !user.active?
- user.activate!
- self.current_user = user
- flash[:notice] = "That's it! Welcome aboard."
- redirect_to '/' #TODO: GJ: redirect to user page when we have added it
- when params[:activation_code].blank?
- flash[:error] = "The activation code was missing. Please follow the URL from your email."
- redirect_back_or_default('/')
- else
- flash[:error] = "We couldn't find a user with that activation code -- check your email? Or maybe you've already activated -- try signing in."
- redirect_back_or_default('/')
- end
- end
-
- def suspend
- @user.suspend!
- redirect_to users_path
- end
-
- def unsuspend
- @user.unsuspend!
- redirect_to users_path
- end
-
- def destroy
- @user.delete!
- redirect_to users_path
- end
-
- def purge
- @user.destroy
- redirect_to users_path
- end
-
- # There's no page here to update or destroy a user. If you add those, be
- # smart -- make sure you check that the visitor is authorized to do so, that they
- # supply their old password along with a new one to update it, etc.
-
-protected
- def find_user
- @user = User.find(params[:id])
- end
-end
@@ -17,77 +17,4 @@ def if_authorized?(action, resource, &block)
end
end
- #
- # Link to user's page ('users/1')
- #
- # By default, their login is used as link text and link title (tooltip)
- #
- # Takes options
- # * :content_text => 'Content text in place of user.login', escaped with
- # the standard h() function.
- # * :content_method => :user_instance_method_to_call_for_content_text
- # * :title_method => :user_instance_method_to_call_for_title_attribute
- # * as well as link_to()'s standard options
- #
- # Examples:
- # link_to_user @user
- # # => <a href="/users/3" title="barmy">barmy</a>
- #
- # # if you've added a .name attribute:
- # content_tag :span, :class => :vcard do
- # (link_to_user user, :class => 'fn n', :title_method => :login, :content_method => :name) +
- # ': ' + (content_tag :span, user.email, :class => 'email')
- # end
- # # => <span class="vcard"><a href="/users/3" title="barmy" class="fn n">Cyril Fotheringay-Phipps</a>: <span class="email">barmy@blandings.com</span></span>
- #
- # link_to_user @user, :content_text => 'Your user page'
- # # => <a href="/users/3" title="barmy" class="nickname">Your user page</a>
- #
- def link_to_user(user, options={})
- raise "Invalid user" unless user
- options.reverse_merge! :content_method => :login, :title_method => :login, :class => :nickname
- content_text = options.delete(:content_text)
- content_text ||= user.send(options.delete(:content_method))
- options[:title] ||= user.send(options.delete(:title_method))
- link_to h(content_text), user_path(user), options
- end
-
- #
- # Link to login page using remote ip address as link content
- #
- # The :title (and thus, tooltip) is set to the IP address
- #
- # Examples:
- # link_to_login_with_IP
- # # => <a href="/login" title="169.69.69.69">169.69.69.69</a>
- #
- # link_to_login_with_IP :content_text => 'not signed in'
- # # => <a href="/login" title="169.69.69.69">not signed in</a>
- #
- def link_to_login_with_IP content_text=nil, options={}
- ip_addr = request.remote_ip
- content_text ||= ip_addr
- options.reverse_merge! :title => ip_addr
- if tag = options.delete(:tag)
- content_tag tag, h(content_text), options
- else
- link_to h(content_text), login_path, options
- end
- end
-
- #
- # Link to the current user's page (using link_to_user) or to the login page
- # (using link_to_login_with_IP).
- #
- def link_to_current_user(options={})
- if current_user
- link_to_user current_user, options
- else
- content_text = options.delete(:content_text) || 'not signed in'
- # kill ignored options from link_to_user
- [:content_method, :title_method].each{|opt| options.delete(opt)}
- link_to_login_with_IP content_text, options
- end
- end
-
end
View
@@ -4,7 +4,6 @@ class User < ActiveRecord::Base
include Authentication
include Authentication::ByPassword
include Authentication::ByCookieToken
- include Authorization::AasmRoles
validates_presence_of :login
validates_length_of :login, :within => 3..40
@@ -36,7 +35,7 @@ class User < ActiveRecord::Base
#
def self.authenticate(login, password)
return nil if login.blank? || password.blank?
- u = find_in_state :first, :active, :conditions => {:login => login} # need to get the salt
+ u = find_by_login(login) # need to get the salt
u && u.authenticated?(password) ? u : nil
end
@@ -50,10 +49,6 @@ def email=(value)
protected
- def make_activation_code
- self.deleted_at = nil
- self.activation_code = self.class.make_token
- end
end
View
@@ -1,24 +0,0 @@
-class UserMailer < ActionMailer::Base
- def signup_notification(user)
- setup_email(user)
- @subject += 'Please activate your new account'
-
- @body[:url] = "http://YOURSITE/activate/#{user.activation_code}"
-
- end
-
- def activation(user)
- setup_email(user)
- @subject += 'Your account has been activated!'
- @body[:url] = "http://YOURSITE/"
- end
-
- protected
- def setup_email(user)
- @recipients = "#{user.email}"
- @from = "ADMINEMAIL"
- @subject = "[YOURSITE] "
- @sent_on = Time.now
- @body[:user] = user
- end
-end
@@ -1,11 +0,0 @@
-class UserObserver < ActiveRecord::Observer
- def after_create(user)
- UserMailer.deliver_signup_notification(user)
- end
-
- def after_save(user)
-
- UserMailer.deliver_activation(user) if user.recently_activated?
-
- end
-end
@@ -10,13 +10,6 @@
<div id="container">
<div id="header">
<h1><%= link_to 'RubyJobs', :root %></h1>
- <p>
- <% if logged_in? %>
- Hi <%= current_user.login %> <%= link_to 'logout', :logout %>
- <% else %>
- <%= link_to 'login', :login %> / <%= link_to 'signup', :signup %>
- <% end %>
- </p>
</div>
<div id="navigation">
<ul>
@@ -1,3 +0,0 @@
-<%=h @user.login %>, your account has been activated. Welcome aboard!
-
- <%=h @url %>
@@ -1,8 +0,0 @@
-Your account has been created.
-
- Username: <%=h @user.login %>
- Password: <%=h @user.password %>
-
-Visit this url to activate your account:
-
- <%=h @url %>
@@ -1,8 +0,0 @@
-<% if logged_in? -%>
- <div id="user-bar-greeting">Logged in as <%= link_to_current_user :content_method => :login %></div>
- <div id="user-bar-action" >(<%= link_to "Log out", logout_path, { :title => "Log out" } %>)</div>
-<% else -%>
- <div id="user-bar-greeting"><%= link_to_login_with_IP 'Not logged in', :style => 'border: none;' %></div>
- <div id="user-bar-action" ><%= link_to "Log in", login_path, { :title => "Log in" } %> /
- <%= link_to "Sign up", signup_path, { :title => "Create an account" } %></div>
-<% end -%>
@@ -1,19 +0,0 @@
-<h1>Sign up as a new user</h1>
-<% @user.password = @user.password_confirmation = nil %>
-
-<%= error_messages_for :user %>
-<% form_for :user, :url => users_path do |f| -%>
-<p><%= label_tag 'login' %><br/>
-<%= f.text_field :login %></p>
-
-<p><%= label_tag 'email' %><br/>
-<%= f.text_field :email %></p>
-
-<p><%= label_tag 'password' %><br/>
-<%= f.password_field :password %></p>
-
-<p><%= label_tag 'password_confirmation', 'Confirm Password' %><br/>
-<%= f.password_field :password_confirmation %></p>
-
-<p><%= submit_tag 'Sign up' %></p>
-<% end -%>
View
@@ -11,10 +11,7 @@
require File.join(File.dirname(__FILE__), 'boot')
Rails::Initializer.run do |config|
-
- config.gem "rubyist-aasm", :source => "http://gems.github.com", :lib => 'aasm'
-
- config.active_record.observers = :user_observer
+
config.time_zone = 'UTC'
config.action_controller.session = {
@@ -1,4 +1,3 @@
-#NOTE: GJ: I'll remove this file and change key once we are close to deployment, but I'll leave it here for now.
# A Site key gives additional protection against a dictionary attack if your
# DB is ever compromised. With no site key, we store
@@ -17,7 +16,7 @@
# Please note: if you change this, all the passwords will be invalidated, so DO
# keep it someplace secure. Use the random value given or type in the lyrics to
# your favorite Jay-Z song or something; any moderately long, unpredictable text.
-REST_AUTH_SITE_KEY = 'c4693a7a8637f52082c5bf24d894b9053e7bca3d'
+REST_AUTH_SITE_KEY = 'dbfa36bab66046775b676fcec6115ef13d5e14fc'
# Repeated applications of the hash make brute force (even with a compromised
# database and site key) harder, and scale with Moore's law.
View
@@ -3,10 +3,12 @@
map.login '/login', :controller => 'sessions', :action => 'new'
map.register '/register', :controller => 'users', :action => 'create'
map.signup '/signup', :controller => 'users', :action => 'new'
- map.activate '/activate/:activation_code', :controller => 'users', :action => 'activate', :activation_code => nil
-
+ map.resources :users
+
map.resource :session
- map.resources :users, :member => { :suspend => :put, :unsuspend => :put, :purge => :delete }
+
+ map.activate '/activate/:activation_code', :controller => 'users', :action => 'activate', :activation_code => nil
+ map.resources :users, :member => { :suspend => :put, :unsuspend => :put, :purge => :delete }
map.root :controller => "home"
end
@@ -10,10 +10,8 @@ def self.up
t.column :updated_at, :datetime
t.column :remember_token, :string, :limit => 40
t.column :remember_token_expires_at, :datetime
- t.column :activation_code, :string, :limit => 40
- t.column :activated_at, :datetime
- t.column :state, :string, :null => :no, :default => 'passive'
- t.column :deleted_at, :datetime
+
+
end
add_index :users, :login, :unique => true
end
@@ -77,10 +77,6 @@ body {
font-size: 2em;
}
- #header p {
- float: right;
- }
-
#navigation {
background-color: #ccc;
padding: 4px;
@@ -44,6 +44,7 @@ def do_create
it "kills existing login" do controller.should_receive(:logout_keeping_session!); do_create; end
it "authorizes me" do do_create; controller.send(:authorized?).should be_true; end
it "logs me in" do do_create; controller.send(:logged_in?).should be_true end
+ it "greets me nicely" do do_create; response.flash[:notice].should =~ /success/i end
it "sets/resets/expires cookie" do controller.should_receive(:handle_remember_cookie!).with(want_remember_me); do_create end
it "sends a cookie" do controller.should_receive(:send_remember_cookie!); do_create end
it 'redirects to the home page' do do_create; response.should redirect_to('/') end
Oops, something went wrong.

0 comments on commit 8b96de4

Please sign in to comment.