From 5e721e11c012899287755406352aaea2b07c3c67 Mon Sep 17 00:00:00 2001 From: hab278 Date: Wed, 8 Jul 2015 13:51:42 -0400 Subject: [PATCH 01/25] Update Gemfile to use Omniauth and Devise instead of Authlogic --- Gemfile | 6 ++-- Gemfile.lock | 82 +++++++++++++++++++++++----------------------------- 2 files changed, 38 insertions(+), 50 deletions(-) diff --git a/Gemfile b/Gemfile index e0c21131..8fd52542 100644 --- a/Gemfile +++ b/Gemfile @@ -21,10 +21,8 @@ gem 'mustache-rails', github: 'NYULibraries/mustache-rails', require: 'mustache/ # None of these gems should be included in a real production instance. # This entire auth process should be handled by login -gem 'authlogic', github: 'binarylogic/authlogic', ref: 'e4b2990d6282f3f7b50249b4f639631aef68b939' -gem 'exlibris-aleph', github: 'barnabyalter/exlibris-aleph' -gem 'authpds', github: 'barnabyalter/authpds' -gem 'authpds-nyu', github: 'barnabyalter/authpds-nyu' +gem 'omniauth-nyulibraries', github: 'NYULibraries/omniauth-nyulibraries', tag: 'v1.1.2' +gem 'devise', '~> 3.4.1' gem 'nyulibraries-assets', github: 'NYULibraries/nyulibraries-assets', tag: 'v4.0.0' # gem 'nyulibraries-assets', path: '/apps/nyulibraries-assets' diff --git a/Gemfile.lock b/Gemfile.lock index 6d979c7c..1b9ec7dc 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -33,45 +33,12 @@ GIT institutions (~> 0.1.3) GIT - remote: git://github.com/barnabyalter/authpds-nyu.git - revision: 71959075baf098c969f5dd5b11cb9859bb4a3f6c + remote: git://github.com/NYULibraries/omniauth-nyulibraries.git + revision: 73e527844b90a7fdf3faf4a7a57d39fb1566f4c7 + tag: v1.1.2 specs: - authpds-nyu (1.1.3) - require_all (~> 1.3.1) - -GIT - remote: git://github.com/barnabyalter/authpds.git - revision: 92069180f48c3dba085295798c64d30c24fbfc27 - specs: - authpds (1.1.3) - activerecord (>= 3.2.14) - activesupport (>= 3.2.14) - authlogic (>= 3.3.0) - institutions (~> 0.1.3) - nokogiri (~> 1.6.0) - require_all (~> 1.3.1) - -GIT - remote: git://github.com/barnabyalter/exlibris-aleph.git - revision: 216a72a2cc40d6b0263e4963ae77138c6fd536e9 - specs: - exlibris-aleph (1.1.0) - activesupport (>= 3.2.14) - builder (>= 3.0.0) - httparty (~> 0.11.0) - marc (~> 0.7.1) - nokogiri (~> 1.6.0) - rake (~> 10.1.0) - require_all (~> 1.3.1) - -GIT - remote: git://github.com/binarylogic/authlogic.git - revision: e4b2990d6282f3f7b50249b4f639631aef68b939 - ref: e4b2990d6282f3f7b50249b4f639631aef68b939 - specs: - authlogic (3.3.0) - activerecord (>= 3.2) - activesupport (>= 3.2) + omniauth-nyulibraries (1.1.0) + omniauth-oauth2 (~> 1.2.0) GIT remote: git://github.com/code4lib/ruby-oai.git @@ -129,6 +96,7 @@ GEM tzinfo (~> 1.1) addressable (2.3.6) arel (5.0.1.20140414130214) + bcrypt (3.1.10) better_errors (2.0.0) coderay (>= 1.0.0) erubis (>= 2.6.6) @@ -213,6 +181,13 @@ GEM debug_inspector (0.0.2) deprecation (0.1.0) activesupport + devise (3.4.1) + bcrypt (~> 3.0) + orm_adapter (~> 0.1) + railties (>= 3.2.6, < 5) + responders + thread_safe (~> 0.1) + warden (~> 1.2.3) diff-lcs (1.2.5) docile (1.1.5) ebnf (0.3.6) @@ -242,14 +217,12 @@ GEM git (1.2.9.1) haml (4.0.5) tilt + hashie (3.4.2) highline (1.7.2) hike (1.2.3) hooks (0.3.6) uber (~> 0.0.4) htmlentities (4.3.2) - httparty (0.11.0) - multi_json (~> 1.0) - multi_xml (>= 0.5.2) hydra (7.1.0) active-fedora (~> 7.1.0) blacklight (~> 5.5.1) @@ -301,6 +274,7 @@ GEM json (1.8.3) json-ld (1.1.7) rdf (~> 1.1, >= 1.1.4) + jwt (1.5.1) kaminari (0.16.1) actionpack (>= 3.0.0) activesupport (>= 3.0.0) @@ -325,7 +299,6 @@ GEM logger (1.2.8) mail (2.6.3) mime-types (>= 1.16, < 3) - marc (0.7.1) method_source (0.8.2) mime-types (2.6.1) mini_portile (0.6.0) @@ -352,11 +325,26 @@ GEM activesupport i18n nokogiri + oauth2 (1.0.0) + faraday (>= 0.8, < 0.10) + jwt (~> 1.0) + multi_json (~> 1.3) + multi_xml (~> 0.5) + rack (~> 1.2) om (3.1.0) activemodel activesupport nokogiri (>= 1.4.2) solrizer (~> 3.3) + omniauth (1.2.2) + hashie (>= 1.2, < 4) + rack (~> 1.0) + omniauth-oauth2 (1.2.0) + faraday (>= 0.8, < 0.10) + multi_json (~> 1.3) + oauth2 (~> 1.0) + omniauth (~> 1.2) + orm_adapter (0.5.0) phantomjs (1.9.7.1) pickle (0.4.11) cucumber (>= 0.8) @@ -429,6 +417,8 @@ GEM rdf (~> 1.1) ref (1.0.5) require_all (1.3.2) + responders (1.1.2) + railties (>= 3.2, < 4.2) rest-client (1.7.2) mime-types (>= 1.16, < 3.0) netrc (~> 0.7) @@ -529,6 +519,8 @@ GEM json (>= 1.8.0) unicode (0.4.4.1) vcr (2.9.3) + warden (1.2.3) + rack (>= 1.0) webmock (1.19.0) addressable (>= 2.3.6) crack (>= 0.3.2) @@ -542,9 +534,6 @@ PLATFORMS ruby DEPENDENCIES - authlogic! - authpds! - authpds-nyu! better_errors (~> 2.0.0) binding_of_caller coffee-rails (~> 4.0.0) @@ -552,7 +541,7 @@ DEPENDENCIES coveralls (~> 0.7.0) cucumber-rails database_cleaner (~> 1.3.0) - exlibris-aleph! + devise (~> 3.4.1) factory_girl_rails (~> 4.4.0) faraday (~> 0.9.0) formaggio! @@ -570,6 +559,7 @@ DEPENDENCIES mysql2 (~> 0.3.15) nyulibraries-assets! oai! + omniauth-nyulibraries! phantomjs (>= 1.9.0) pickle (~> 0.4.11) poltergeist (~> 1.5.0) From 11ee1d1894055662db7fe3ba3f2b3f962f0f561d Mon Sep 17 00:00:00 2001 From: hab278 Date: Wed, 8 Jul 2015 15:34:22 -0400 Subject: [PATCH 02/25] Remove all mentions of UserSession. We do not use UserSession anymore --- app/controllers/user_sessions_controller.rb | 11 ------- app/models/user_session.rb | 12 ------- features/support/authlogic.rb | 32 +++++++++---------- .../user_sessions_controller_spec.rb | 12 ------- spec/models/user_session_spec.rb | 5 --- 5 files changed, 16 insertions(+), 56 deletions(-) delete mode 100644 app/controllers/user_sessions_controller.rb delete mode 100644 app/models/user_session.rb delete mode 100644 spec/controllers/user_sessions_controller_spec.rb delete mode 100644 spec/models/user_session_spec.rb diff --git a/app/controllers/user_sessions_controller.rb b/app/controllers/user_sessions_controller.rb deleted file mode 100644 index be89077a..00000000 --- a/app/controllers/user_sessions_controller.rb +++ /dev/null @@ -1,11 +0,0 @@ -class UserSessionsController < ApplicationController - include Authpds::Controllers::AuthpdsSessionsController - - # GET /validate - def validate - # Only create a new one if it doesn't exist - @user_session ||= UserSession.create(params[:user_session]) - redirect_to root_url - end - -end diff --git a/app/models/user_session.rb b/app/models/user_session.rb deleted file mode 100644 index fed2eafa..00000000 --- a/app/models/user_session.rb +++ /dev/null @@ -1,12 +0,0 @@ -class UserSession < Authlogic::Session::Base - - pds_url(ENV['PDS_URL'] || 'https://logindev.library.nyu.edu') - - calling_system "hydra" - anonymous true - redirect_logout_url "http://bobcat.library.nyu.edu" - - def attempt_sso? - (Rails.env.development? || Rails.env.test? || Rails.env.cucumber?) ? false : super - end -end diff --git a/features/support/authlogic.rb b/features/support/authlogic.rb index ecd705f3..0a6c196a 100644 --- a/features/support/authlogic.rb +++ b/features/support/authlogic.rb @@ -8,19 +8,19 @@ # end # 2) Open up UserSession and set pds_handle to a handle which we have previously recorded a VHS for -UserSession.class_eval do - - # Override pds_handle to use ENV['PDS_HANDLE'] if it's available - def pds_handle - # Set PDS handle in an environment variable if you want to - # override super, e.g. ENV['PDS_HANDLE'] = 'GIS_Cataloger' - pds_handle_lambda.call || super - end - - # Read PDS handle from an evironment variable, PDS_HANDLE - # It will return nil if ENV['PDS_HANDLE'] is not set - def pds_handle_lambda - -> { ENV['PDS_HANDLE'] } - end - private :pds_handle_lambda -end +# UserSession.class_eval do +# +# # Override pds_handle to use ENV['PDS_HANDLE'] if it's available +# def pds_handle +# # Set PDS handle in an environment variable if you want to +# # override super, e.g. ENV['PDS_HANDLE'] = 'GIS_Cataloger' +# pds_handle_lambda.call || super +# end +# +# # Read PDS handle from an evironment variable, PDS_HANDLE +# # It will return nil if ENV['PDS_HANDLE'] is not set +# def pds_handle_lambda +# -> { ENV['PDS_HANDLE'] } +# end +# private :pds_handle_lambda +# end diff --git a/spec/controllers/user_sessions_controller_spec.rb b/spec/controllers/user_sessions_controller_spec.rb deleted file mode 100644 index 09420ae9..00000000 --- a/spec/controllers/user_sessions_controller_spec.rb +++ /dev/null @@ -1,12 +0,0 @@ -require 'spec_helper' - -describe UserSessionsController do - describe "GET /validate" do - it "should create a new user session" do - get :validate, user_session: { username: "dev123" } - expect(assigns(:user_session)).to_not be_nil - expect(assigns(:user_session).username).to eql("dev123") - expect(response).to redirect_to root_url - end - end -end diff --git a/spec/models/user_session_spec.rb b/spec/models/user_session_spec.rb deleted file mode 100644 index 0628d7d0..00000000 --- a/spec/models/user_session_spec.rb +++ /dev/null @@ -1,5 +0,0 @@ -require 'spec_helper' - -describe UserSession do - -end From 4ab4b36775777d799c5f206f2cbde9d3f19f43b7 Mon Sep 17 00:00:00 2001 From: hab278 Date: Wed, 8 Jul 2015 15:39:19 -0400 Subject: [PATCH 03/25] Remove Authpds controller --- app/controllers/application_controller.rb | 1 - 1 file changed, 1 deletion(-) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 644b6235..876ebe38 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -5,7 +5,6 @@ class ApplicationController < ActionController::Base # Please be sure to impelement current_user and user_session. Blacklight depends on # these methods in order to perform user specific actions. - include Authpds::Controllers::AuthpdsController layout Proc.new{ |controller| (controller.request.xhr?) ? false : "application" } # Prevent CSRF attacks by raising an exception. From cf2db5ca3afcee231e225034b10f408a10e3bdc9 Mon Sep 17 00:00:00 2001 From: hab278 Date: Wed, 8 Jul 2015 15:42:34 -0400 Subject: [PATCH 04/25] Remove authlogic from User --- app/models/user.rb | 7 ----- ...1853_remove_authlogic_fields_from_users.rb | 29 +++++++++++++++++++ 2 files changed, 29 insertions(+), 7 deletions(-) create mode 100644 db/migrate/20150702221853_remove_authlogic_fields_from_users.rb diff --git a/app/models/user.rb b/app/models/user.rb index cd621b98..81786101 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -21,13 +21,6 @@ def to_s email end - # Configure authlogic - acts_as_authentic do |c| - c.validations_scope = :username - c.validate_password_field = false - c.require_password_confirmation = false - c.disable_perishable_token_maintenance = true - end # Override core Hydra functions which use Devise hardcoded def user_key diff --git a/db/migrate/20150702221853_remove_authlogic_fields_from_users.rb b/db/migrate/20150702221853_remove_authlogic_fields_from_users.rb new file mode 100644 index 00000000..2cf744a6 --- /dev/null +++ b/db/migrate/20150702221853_remove_authlogic_fields_from_users.rb @@ -0,0 +1,29 @@ +class RemoveAuthlogicFieldsFromUsers < ActiveRecord::Migration + def up + remove_column :users, :mobile_phone + remove_column :users, :crypted_password + remove_column :users, :password_salt + remove_column :users, :session_id + remove_column :users, :persistence_token + remove_column :users, :login_count + remove_column :users, :last_request_at + remove_column :users, :current_login_at + remove_column :users, :last_login_at + remove_column :users, :last_login_ip + remove_column :users, :current_login_ip + end + + def down + add_column :users, :mobile_phone + add_column :users, :crypted_password + add_column :users, :password_salt + add_column :users, :session_id + add_column :users, :persistence_token + add_column :users, :login_count + add_column :users, :last_request_at + add_column :users, :current_login_at + add_column :users, :last_login_at + add_column :users, :last_login_ip + add_column :users, :current_login_ip + end +end From b38f0c30728b18c97a581938b55f602926a9d896 Mon Sep 17 00:00:00 2001 From: hab278 Date: Wed, 8 Jul 2015 15:44:55 -0400 Subject: [PATCH 05/25] Prep user by adding fields for login --- .../20150708185150_add_login_fields_to_users.rb | 15 +++++++++++++++ ...185217_add_username_provider_index_to_users.rb | 9 +++++++++ 2 files changed, 24 insertions(+) create mode 100644 db/migrate/20150708185150_add_login_fields_to_users.rb create mode 100644 db/migrate/20150708185217_add_username_provider_index_to_users.rb diff --git a/db/migrate/20150708185150_add_login_fields_to_users.rb b/db/migrate/20150708185150_add_login_fields_to_users.rb new file mode 100644 index 00000000..3b606818 --- /dev/null +++ b/db/migrate/20150708185150_add_login_fields_to_users.rb @@ -0,0 +1,15 @@ +class AddLoginFieldsToUsers < ActiveRecord::Migration + def up + add_column :users, :provider, :string, null: false, default: "" + add_column :users, :aleph_id, :string + add_column :users, :institution_code, :string + add_column :users, :patron_status, :string + end + + def down + remove_column :users, :provider + remove_column :users, :aleph_id + remove_column :users, :institution_code + remove_column :users, :patron_status + end +end diff --git a/db/migrate/20150708185217_add_username_provider_index_to_users.rb b/db/migrate/20150708185217_add_username_provider_index_to_users.rb new file mode 100644 index 00000000..19346daf --- /dev/null +++ b/db/migrate/20150708185217_add_username_provider_index_to_users.rb @@ -0,0 +1,9 @@ +class AddUsernameProviderIndexToUsers < ActiveRecord::Migration + def up + add_index :users, [:username, :provider], unique: true + end + + def down + remove_index :users, [:username, :provider] + end +end From 0a9d1e01c89662e3970ded2489740b54d6ed351d Mon Sep 17 00:00:00 2001 From: hab278 Date: Wed, 8 Jul 2015 15:45:56 -0400 Subject: [PATCH 06/25] Add devise initializer --- config/initializers/devise.rb | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 config/initializers/devise.rb diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb new file mode 100644 index 00000000..5dfb2a3a --- /dev/null +++ b/config/initializers/devise.rb @@ -0,0 +1,13 @@ +Devise.setup do |config| + config.mailer_sender = 'no-reply@library.nyu.edu' + require 'devise/orm/active_record' + config.secret_key = ENV['SECRET_TOKEN'] + config.strip_whitespace_keys = [ :email ] + config.skip_session_storage = [:http_auth] + config.stretches = Rails.env.test? ? 1 : 10 + config.reconfirmable = true + config.password_length = 8..128 + config.reset_password_within = 60.minutes + config.sign_out_via = :get + config.omniauth :nyulibraries, ENV['APP_ID'], ENV['APP_SECRET'] +end From 20a12061104ba9e87a035076c821aee01ae96fe5 Mon Sep 17 00:00:00 2001 From: hab278 Date: Wed, 8 Jul 2015 15:46:20 -0400 Subject: [PATCH 07/25] Add omniauth callback controller --- .../users/omniauth_callbacks_controller.rb | 95 +++++++++++++++++++ 1 file changed, 95 insertions(+) create mode 100644 app/controllers/users/omniauth_callbacks_controller.rb diff --git a/app/controllers/users/omniauth_callbacks_controller.rb b/app/controllers/users/omniauth_callbacks_controller.rb new file mode 100644 index 00000000..7208e66a --- /dev/null +++ b/app/controllers/users/omniauth_callbacks_controller.rb @@ -0,0 +1,95 @@ +class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController + before_filter :require_valid_omniauth, only: :nyulibraries + def nyulibraries + # Find existing or initialize new user, + # and save new attributes each time + @user = find_user_with_or_without_provider.first_or_initialize(attributes_from_omniauth) + @user.update_attributes(attributes_from_omniauth) + + if @user.persisted? + sign_in_and_redirect @user, event: :authentication + logger.info(find_message(:success, kind: "NYU Libraries")) + else + session["devise.nyulibraries_data"] = request.env["omniauth.auth"] + redirect_to root_path + end + end + + def find_user_with_or_without_provider + @find_user_with_or_without_provider ||= (find_user_with_provider.present?) ? find_user_with_provider : find_user_without_provider + end + + def find_user_with_provider + @find_user_with_provider ||= User.where(username: omniauth.uid, provider: omniauth.provider) + end + + def find_user_without_provider + @find_user_without_provider ||= User.where(username: omniauth.uid, provider: "") + end + + def require_valid_omniauth + head :bad_request unless valid_omniauth? + end + + def valid_omniauth? + omniauth.present? && omniauth.provider.to_s == 'nyulibraries' + end + + def omniauth + @omniauth ||= request.env["omniauth.auth"] + end + + def omniauth_provider + @omniauth_provider ||= omniauth.provider + end + + def attributes_from_omniauth + { + provider: omniauth_provider, + email: omniauth_email, + firstname: omniauth_firstname, + lastname: omniauth_lastname, + institution_code: omniauth_institution, + aleph_id: omniauth_aleph_id, + patron_status: omniauth_patron_status + } + end + + def omniauth_email + @omniauth_email ||= omniauth.info.email + end + + def omniauth_firstname + @omniauth_firstname ||= omniauth.info.first_name + end + + def omniauth_lastname + @omniauth_lastname ||= omniauth.info.last_name + end + + def omniauth_institution + @omniauth_institution ||= omniauth.extra.institution_code + end + + def omniauth_identities + @omniauth_identities ||= omniauth.extra.identities + end + + def omniauth_aleph_identity + @omniauth_aleph_identity ||= omniauth_identities.find do |omniauth_identity| + omniauth_identity.provider == 'aleph' + end + end + + def omniauth_aleph_id + unless omniauth_aleph_identity.blank? + @omniauth_aleph_id ||= omniauth_aleph_identity.uid + end + end + + def omniauth_patron_status + unless omniauth_aleph_identity.blank? + @omniauth_patron_status ||= omniauth_aleph_identity.properties.patron_status + end + end +end From 63d5cc3449b1422dba0708a5a002f3bb12ec90e4 Mon Sep 17 00:00:00 2001 From: hab278 Date: Wed, 8 Jul 2015 15:47:11 -0400 Subject: [PATCH 08/25] Use the devise routes --- config/routes.rb | 10 ++++----- spec/routing/user_routes_spec.rb | 35 ++++++++++++++++++++++++++++++++ 2 files changed, 40 insertions(+), 5 deletions(-) create mode 100644 spec/routing/user_routes_spec.rb diff --git a/config/routes.rb b/config/routes.rb index 2f669290..48f98cd3 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -4,9 +4,9 @@ root :to => "catalog#index" Blacklight.add_routes(self) - get 'login', :to => 'user_sessions#new', :as => :login - get 'logout', :to => 'user_sessions#destroy', :as => :logout - get 'validate', :to => 'user_sessions#validate', :as => :validate - resources :user_sessions - + devise_for :users, controllers: { omniauth_callbacks: 'users/omniauth_callbacks' } + devise_scope :user do + get 'logout', to: 'devise/sessions#destroy', as: :logout + get 'login', to: redirect("#{Rails.application.config.relative_url_root}/users/auth/nyulibraries"), as: :login + end end diff --git a/spec/routing/user_routes_spec.rb b/spec/routing/user_routes_spec.rb new file mode 100644 index 00000000..d776b928 --- /dev/null +++ b/spec/routing/user_routes_spec.rb @@ -0,0 +1,35 @@ +require "spec_helper" + +describe 'routes for users' do + describe 'GET /users/auth/nyulibraries' do + subject { get('/users/auth/nyulibraries') } + it do + should route_to({ + controller: 'users/omniauth_callbacks', + action: 'passthru', + provider: 'nyulibraries' + }) + end + end + + describe 'POST /users/auth/nyulibraries' do + subject { post('/users/auth/nyulibraries') } + it do + should route_to({ + controller: 'users/omniauth_callbacks', + action: 'passthru', + provider: 'nyulibraries' + }) + end + end + + describe 'GET /users/auth/nyulibraries/callback' do + subject { get('/users/auth/nyulibraries/callback') } + it { should route_to({controller: 'users/omniauth_callbacks', action: 'nyulibraries'}) } + end + + describe 'POST /users/auth/nyulibraries/callback' do + subject { post('/users/auth/nyulibraries/callback') } + it { should route_to({controller: 'users/omniauth_callbacks', action: 'nyulibraries'}) } + end +end From 5dfd99e42cc689fa5caf6b2ad0d25da2eb70f57b Mon Sep 17 00:00:00 2001 From: hab278 Date: Wed, 8 Jul 2015 15:48:14 -0400 Subject: [PATCH 09/25] Remove user attributes and port over the data --- app/models/user.rb | 1 - ...9_populate_user_fields_from_user_attributes.rb | 15 +++++++++++++++ ...708185305_remove_user_attributes_from_users.rb | 9 +++++++++ spec/factories/users.rb | 1 - spec/models/user_spec.rb | 5 ----- 5 files changed, 24 insertions(+), 7 deletions(-) create mode 100644 db/migrate/20150708185249_populate_user_fields_from_user_attributes.rb create mode 100644 db/migrate/20150708185305_remove_user_attributes_from_users.rb diff --git a/app/models/user.rb b/app/models/user.rb index 81786101..44f04f5a 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -12,7 +12,6 @@ class User < ActiveRecord::Base #devise :database_authenticatable, :registerable, # :recoverable, :rememberable, :trackable, :validatable - serialize :user_attributes # Method added by Blacklight; Blacklight uses #to_s on your # user class to get a user-displayable login/identifier for diff --git a/db/migrate/20150708185249_populate_user_fields_from_user_attributes.rb b/db/migrate/20150708185249_populate_user_fields_from_user_attributes.rb new file mode 100644 index 00000000..1abc9a83 --- /dev/null +++ b/db/migrate/20150708185249_populate_user_fields_from_user_attributes.rb @@ -0,0 +1,15 @@ +class PopulateUserFieldsFromUserAttributes < ActiveRecord::Migration + def up + say_with_time "Migrating User Attributes" do + User.class_eval { serialize :user_attributes } + User.all.each do |user| + user.update_attribute :aleph_id, user.user_attributes[:nyuidn] + user.update_attribute :status, user.user_attributes[:bor_status] + user.update_attribute :institution_code, user.user_attributes[:primary_institution] + end + end + end + + def down + end +end diff --git a/db/migrate/20150708185305_remove_user_attributes_from_users.rb b/db/migrate/20150708185305_remove_user_attributes_from_users.rb new file mode 100644 index 00000000..e8f2186b --- /dev/null +++ b/db/migrate/20150708185305_remove_user_attributes_from_users.rb @@ -0,0 +1,9 @@ +class RemoveUserAttributesFromUsers < ActiveRecord::Migration + def up + remove_column :users, :user_attributes + end + + def down + add_column :users, :user_attributes, :text + end +end diff --git a/spec/factories/users.rb b/spec/factories/users.rb index 07638b58..7deea8bd 100644 --- a/spec/factories/users.rb +++ b/spec/factories/users.rb @@ -2,7 +2,6 @@ factory :user do sequence(:username) { |n| "user#{n}" } sequence(:email) { |n| "user#{n}@nyu.edu" } - user_attributes {{ :some_field => "test" }} factory :gis_cataloger do username "gis_admin" diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb index 7f7a661a..43f07389 100644 --- a/spec/models/user_spec.rb +++ b/spec/models/user_spec.rb @@ -7,11 +7,6 @@ subject { User.new } it { should be_a User } - describe "#user_attributes" do - subject { user.user_attributes } - it { should be_instance_of(Hash) } - end - describe "#to_s" do subject { user.to_s } it { should eql(user.email) } From b5c887d0020b6898d417e1057023ac28963800f9 Mon Sep 17 00:00:00 2001 From: hab278 Date: Wed, 8 Jul 2015 15:50:51 -0400 Subject: [PATCH 10/25] Make user omniauthable --- app/models/user.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/models/user.rb b/app/models/user.rb index 44f04f5a..3df1e1fa 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -1,9 +1,9 @@ class User < ActiveRecord::Base + devise :omniauthable, omniauth_providers: [:nyulibraries] # Connects this user object to Hydra behaviors. include Hydra::User # Connects this user object to Role-management behaviors. #include Hydra::RoleManagement::UserRoles - # Connects this user object to Blacklights Bookmarks. include Blacklight::User # Include default devise modules. Others available are: From 79512520e755f8b8633ca17724c908ec93376ce5 Mon Sep 17 00:00:00 2001 From: hab278 Date: Wed, 8 Jul 2015 15:51:29 -0400 Subject: [PATCH 11/25] Change session cookie domain to :all --- config/initializers/session_store.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/initializers/session_store.rb b/config/initializers/session_store.rb index c469af56..2ecc5c9a 100644 --- a/config/initializers/session_store.rb +++ b/config/initializers/session_store.rb @@ -1,3 +1,3 @@ # Be sure to restart your server when you modify this file. -Ichabod::Application.config.session_store :cookie_store, key: '_ichabod_session' +Ichabod::Application.config.session_store :cookie_store, key: '_ichabod_session', domain: :all From d68e5a28e1b7fe79b2fc2525917e51aa08a90aa1 Mon Sep 17 00:00:00 2001 From: hab278 Date: Wed, 8 Jul 2015 15:51:47 -0400 Subject: [PATCH 12/25] Run migrations --- db/schema.rb | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/db/schema.rb b/db/schema.rb index f9356b10..6c81d506 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -11,7 +11,7 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema.define(version: 20141001211059) do +ActiveRecord::Schema.define(version: 20150708185305) do create_table "bookmarks", force: true do |t| t.integer "user_id", null: false @@ -63,11 +63,15 @@ t.string "last_login_at" t.string "last_login_ip" t.string "current_login_ip" - t.text "user_attributes" t.datetime "refreshed_at" + t.string "provider", default: "", null: false + t.string "aleph_id" + t.string "institution_code" + t.string "patron_status" end add_index "users", ["email"], name: "index_users_on_email", unique: true, using: :btree add_index "users", ["reset_password_token"], name: "index_users_on_reset_password_token", unique: true, using: :btree + add_index "users", ["username", "provider"], name: "index_users_on_username_and_provider", unique: true, using: :btree end From cf926eb6ab0ea9961261d6e1759353bb9e8f2874 Mon Sep 17 00:00:00 2001 From: hab278 Date: Wed, 8 Jul 2015 17:38:49 -0400 Subject: [PATCH 13/25] Add logout option and the new_session_path method for Devise --- app/controllers/application_controller.rb | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 876ebe38..59bd9419 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -5,6 +5,20 @@ class ApplicationController < ActionController::Base # Please be sure to impelement current_user and user_session. Blacklight depends on # these methods in order to perform user specific actions. + def new_session_path(scope) + login_path + end + + # After signing out from the local application, + # redirect to the logout path for the Login app + def after_sign_out_path_for(resource_or_scope) + if ENV['SSO_LOGOUT_URL'].present? + ENV['SSO_LOGOUT_URL'] + else + super(resource_or_scope) + end + end + layout Proc.new{ |controller| (controller.request.xhr?) ? false : "application" } # Prevent CSRF attacks by raising an exception. From a4b2c267f12e5573269af4f84d38f6f8d5f86a13 Mon Sep 17 00:00:00 2001 From: hab278 Date: Wed, 8 Jul 2015 17:37:33 -0400 Subject: [PATCH 14/25] Update Gemfile for latest NYULibraries-assets --- Gemfile | 2 +- Gemfile.lock | 9 ++++++--- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/Gemfile b/Gemfile index 8fd52542..988a312a 100644 --- a/Gemfile +++ b/Gemfile @@ -24,7 +24,7 @@ gem 'mustache-rails', github: 'NYULibraries/mustache-rails', require: 'mustache/ gem 'omniauth-nyulibraries', github: 'NYULibraries/omniauth-nyulibraries', tag: 'v1.1.2' gem 'devise', '~> 3.4.1' -gem 'nyulibraries-assets', github: 'NYULibraries/nyulibraries-assets', tag: 'v4.0.0' +gem 'nyulibraries-assets', github: 'NYULibraries/nyulibraries-assets', tag: 'v4.4.1' # gem 'nyulibraries-assets', path: '/apps/nyulibraries-assets' gem 'formaggio', github: 'NYULibraries/formaggio', tag: 'v1.4.2' diff --git a/Gemfile.lock b/Gemfile.lock index 1b9ec7dc..ae2031f3 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -24,12 +24,13 @@ GIT GIT remote: git://github.com/NYULibraries/nyulibraries-assets.git - revision: f479591db3dc65fc25dec30b1196932c0f780975 - tag: v4.0.0 + revision: 23d39747f81ed7c3ad6d2ede2ff25a21eb58ba70 + tag: v4.4.1 specs: - nyulibraries-assets (4.0.0) + nyulibraries-assets (4.4.1) bootstrap-sass (~> 3.2.0.2) compass (~> 1.0.1) + font-awesome-rails (~> 4.2.0.0) institutions (~> 0.1.3) GIT @@ -212,6 +213,8 @@ GEM figs (2.0.3) git (~> 1.2.6) rake (~> 10.1) + font-awesome-rails (4.2.0.0) + railties (>= 3.2, < 5.0) gherkin (2.12.2) multi_json (~> 1.3) git (1.2.9.1) From 88e2f1e598d0e0c56d7c2ff1ee42637cefa25cc2 Mon Sep 17 00:00:00 2001 From: hab278 Date: Wed, 8 Jul 2015 17:38:06 -0400 Subject: [PATCH 15/25] Use the new NYULibraries-assets's InstitutionHelper --- app/controllers/application_controller.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 59bd9419..b68ac568 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -1,5 +1,6 @@ class ApplicationController < ActionController::Base + include Nyulibraries::Assets::InstitutionsHelper # Adds a few additional behaviors into the application controller include Blacklight::Controller # Please be sure to impelement current_user and user_session. Blacklight depends on From a2140289cf1b71b46951038600231df941736616 Mon Sep 17 00:00:00 2001 From: hab278 Date: Wed, 8 Jul 2015 17:39:19 -0400 Subject: [PATCH 16/25] Mark all login jobs as WIP --- features/destroy_button_on_results.feature | 4 ++-- features/edit_button_on_results.feature | 6 +++--- features/edit_metadata_authorization.feature | 8 ++++---- features/immutable_source.feature | 8 ++++---- features/login.feature | 2 +- features/metadata_remediation.feature | 8 ++++---- 6 files changed, 18 insertions(+), 18 deletions(-) diff --git a/features/destroy_button_on_results.feature b/features/destroy_button_on_results.feature index 7f9ae738..23bfe295 100644 --- a/features/destroy_button_on_results.feature +++ b/features/destroy_button_on_results.feature @@ -3,7 +3,7 @@ Feature: Delete button on the main and detailed search results pages I want to be able to use the existing search interface to find records to delete And then use the "Delete" link to delete the record - @loggedin + @loggedin @wip Scenario: authorized user can delete record from the main search page and return to search results Given I am logged in as an admin And "12" records with title "The Crab" exists @@ -13,7 +13,7 @@ Feature: Delete button on the main and detailed search results pages Then the number of records should decrease to "11" And I should return to the page "1" of the search results - @loggedin + @loggedin @wip Scenario: authorized user can delete record from the details display page and return to search results Given I am logged in as an admin And "12" records with title "Einen einzigen Wert" exists diff --git a/features/edit_button_on_results.feature b/features/edit_button_on_results.feature index b6050212..41359f21 100644 --- a/features/edit_button_on_results.feature +++ b/features/edit_button_on_results.feature @@ -2,8 +2,8 @@ Feature: Edit button on the detailed search results page As an authorized Ichabod user I want to be able to use the existing search interface to find records to edit And then click an "edit" link on the resulting detail page - - @loggedin + + @loggedin @wip Scenario:authorized user can call edit form and edit a record using search interface Given I am logged in as an admin And the record "Story" exists @@ -18,7 +18,7 @@ Feature: Edit button on the detailed search results page When I search on the phrase "Advice" Then I should see search results - @loggedin + @loggedin @wip Scenario:authorized user can call edit form and edit a record using search interface Given I am logged in as an admin And the record "Big Novel" exists diff --git a/features/edit_metadata_authorization.feature b/features/edit_metadata_authorization.feature index bd4a0863..8eef89f1 100644 --- a/features/edit_metadata_authorization.feature +++ b/features/edit_metadata_authorization.feature @@ -3,7 +3,7 @@ Feature: Permission to edit metadata only to authorized users As a logged in cataloger I want to have permission to edit metadata only for items of which I am an authorized user - @loggedin + @loggedin @wip Scenario: Edit option for GIS records is available to GIS cataloger Given I am logged in as "GIS Cataloger" And I view record with id "sdr:DSS-NYCDCP_Mappluto_Test_11v1-DSS-jam_mappluto_7OR" @@ -20,7 +20,7 @@ Feature: Permission to edit metadata only to authorized users And I view record with id "sdr:DSS-NYCDCP_Mappluto_Test_11v1-DSS-jam_mappluto_7OR" Then the record should not have link "Edit" - @loggedin + @loggedin @wip Scenario: Edit option is available to AFC group for ArchiveIt ACCW records Given I am logged in as "AFC Group" And I view record with id "ai-accw:388fe27b78485746b132fe4448ba2042" @@ -37,13 +37,13 @@ Feature: Permission to edit metadata only to authorized users And I view record with id "ai-accw:388fe27b78485746b132fe4448ba2042" Then the record should not have link "Edit" - @loggedin + @loggedin @wip Scenario: Edit option for GIS records is available to GIS cataloger on the main search page Given I am logged in as "GIS Cataloger" And I search for "MapPluto" Then the record should have link "Edit" - @loggedin + @loggedin @wip Scenario: Edit option for GIS records is available to GIS cataloger on the details display search page Given I am logged in as "GIS Cataloger" And I search for "MapPluto" diff --git a/features/immutable_source.feature b/features/immutable_source.feature index 6aedbc7a..23150bbc 100644 --- a/features/immutable_source.feature +++ b/features/immutable_source.feature @@ -9,7 +9,7 @@ Feature: Source fields immutable, edit native fields When I navigate to details display of the first result Then I should see the value "New York City Department of City Planning" in the "Publisher:" field - @loggedin + @loggedin @wip Scenario: Check that source metadata fields are not editable Given I am logged in as "GIS Cataloger" And I view record with id "sdr:DSS-NYCDCP_Admin_Bndry_10cav-DSS-nyfb_05R" @@ -25,7 +25,7 @@ Feature: Source fields immutable, edit native fields | Series | NYCDCP_ADMIN_BNDRY_10CAV | | Version | DSS.NYCDCP_Admin_Bndry_10cav\DSS.nyfb_05R | - @loggedin + @loggedin @wip Scenario: Check that native metadata fields are editable Given I am logged in as "GIS Cataloger" And I view record with id "sdr:DSS-NYCDCP_Admin_Bndry_10cav-DSS-nyfb_05R" @@ -39,7 +39,7 @@ Feature: Source fields immutable, edit native fields When I search on the phrase "A Pile of Monkeys" Then I should see search results - @loggedin + @loggedin @wip Scenario: Check that native metadata multiples are editable Given I am logged in as "GIS Cataloger" And I view record with id "sdr:DSS-NYCDCP_Admin_Bndry_10cav-DSS-nyfb_05R" @@ -58,7 +58,7 @@ Feature: Source fields immutable, edit native fields When I search on the phrase "Echidna" Then I should see search results - @loggedin + @loggedin @wip Scenario: Check that native doesn't overwrite source metadata Given I am logged in as "GIS Cataloger" And I view record with id "sdr:DSS-NYCDCP_Admin_Bndry_10cav-DSS-nyfb_05R" diff --git a/features/login.feature b/features/login.feature index 73580435..dad04fd5 100644 --- a/features/login.feature +++ b/features/login.feature @@ -1,3 +1,4 @@ +@wip Feature: Login as a user In order to have permissions specific to me As a valid NYU user @@ -28,4 +29,3 @@ Feature: Login as a user Given I am logged in as "AFC Group" And I am on the default search page Then I should see "Log-out" - diff --git a/features/metadata_remediation.feature b/features/metadata_remediation.feature index 76f4496f..9664baee 100644 --- a/features/metadata_remediation.feature +++ b/features/metadata_remediation.feature @@ -3,7 +3,7 @@ Feature: Add, edit and delete records As a record maintainer I want to be able to add, edit and delete records locally - @loggedin + @loggedin @wip Scenario: Adding a record Given I am logged in as an admin And I am on the "New Item" form @@ -30,7 +30,7 @@ Feature: Add, edit and delete records When I search on the phrase "A Comedy of Errors" Then I should see search results - @loggedin + @loggedin @wip Scenario: Adding a record with multiple values in all multiple fields Given I am logged in as an admin And I am on the "New Item" form @@ -90,7 +90,7 @@ Feature: Add, edit and delete records | nyucore_citation | B Shakes, SPC | | nyucore_citation1 | B Shakes, SPC1 | - @loggedin + @loggedin @wip Scenario: Editing a record Given I am logged in as an admin And the record "Cymbeline" exists @@ -102,7 +102,7 @@ Feature: Add, edit and delete records When I search on the phrase "The Tale of Imogen" Then I should see search results - @loggedin + @loggedin @wip Scenario: Deleting a record Given I am logged in as an admin And the record "The Tempest" exists From ccb40f3aa79cf088ebe28f4a4e603aa3046b94f6 Mon Sep 17 00:00:00 2001 From: hab278 Date: Wed, 8 Jul 2015 17:46:45 -0400 Subject: [PATCH 17/25] A changelog was added to illustrate what changed --- CHANGELOG.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 CHANGELOG.md diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 00000000..1e6bccb4 --- /dev/null +++ b/CHANGELOG.md @@ -0,0 +1,12 @@ +# Changelog +## What's changed. + +### Wed Jul 8 2015 +- Using the new [Login](https://github.com/NYULibraries/login/blob/development/CONTRACT.md) system + - Throws away AuthLogic + - Uses Devise and Omniauth + - Discard the UserSession model and controller + - Changes the current user model to remove AuthLogic specific fields and adds fields for Devise + - Also does way with the `user_attributes` hash, now we just store information as extra data in the model +- Using new NYULibraries-assets - Gives us a brand new InstitutionsHelper +- Features that required login are now WIP From 9c109eadc64270898668996f314104e4a165b0a5 Mon Sep 17 00:00:00 2001 From: hab278 Date: Thu, 9 Jul 2015 14:33:27 -0400 Subject: [PATCH 18/25] Accidently called a field by the wrong name --- .../20150708185249_populate_user_fields_from_user_attributes.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/db/migrate/20150708185249_populate_user_fields_from_user_attributes.rb b/db/migrate/20150708185249_populate_user_fields_from_user_attributes.rb index 1abc9a83..919fa621 100644 --- a/db/migrate/20150708185249_populate_user_fields_from_user_attributes.rb +++ b/db/migrate/20150708185249_populate_user_fields_from_user_attributes.rb @@ -4,7 +4,7 @@ def up User.class_eval { serialize :user_attributes } User.all.each do |user| user.update_attribute :aleph_id, user.user_attributes[:nyuidn] - user.update_attribute :status, user.user_attributes[:bor_status] + user.update_attribute :patron_status, user.user_attributes[:bor_status] user.update_attribute :institution_code, user.user_attributes[:primary_institution] end end From e46eb6138ad3f81ad9a149a4b4941f8ea030cda7 Mon Sep 17 00:00:00 2001 From: hab278 Date: Thu, 9 Jul 2015 15:42:55 -0400 Subject: [PATCH 19/25] Mark one extra story as WIP --- features/immutable_source.feature | 3 +++ 1 file changed, 3 insertions(+) diff --git a/features/immutable_source.feature b/features/immutable_source.feature index 23150bbc..a97fb505 100644 --- a/features/immutable_source.feature +++ b/features/immutable_source.feature @@ -75,6 +75,9 @@ Feature: Source fields immutable, edit native fields Then I should see the value "New York City Department of City Planning" in the "Publisher:" field And I should see the value "Penguin Publishing" in the "Publisher:" field + # This is marked WIP, but this isn't a login scenario. This relies on a + # previous scenario, which turns out to be a login scenario. + @wip Scenario: Check that source doesn't overwrite native metadata Given I revert the "Spatial Data Repository" source data in the "publisher" field to "New York City Department of City Planning" for the record identified by "DSS.NYCDCP_Admin_Bndry_10cav\DSS.nyfb_05R" And I reload the "Spatial Data Repository" source data into Ichabod From f301c2d1a6d94d97eec9a5bbdc2864b51e895727 Mon Sep 17 00:00:00 2001 From: hab278 Date: Thu, 9 Jul 2015 15:44:16 -0400 Subject: [PATCH 20/25] Reflect WIP scenarios in changelog --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1e6bccb4..999acfe0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,4 +9,4 @@ - Changes the current user model to remove AuthLogic specific fields and adds fields for Devise - Also does way with the `user_attributes` hash, now we just store information as extra data in the model - Using new NYULibraries-assets - Gives us a brand new InstitutionsHelper -- Features that required login are now WIP +- Features that required login are now WIP. Some feature scenarios that are dependent on other scenarios are marked WIP as well From f9c7e0eb040e4fe6185efc3647ca9eb158d4acc9 Mon Sep 17 00:00:00 2001 From: hab278 Date: Thu, 9 Jul 2015 16:10:49 -0400 Subject: [PATCH 21/25] In ichabod, we call it SECRET_KEY_BASE, not SECRET_TOKEN --- config/initializers/devise.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb index 5dfb2a3a..731c5705 100644 --- a/config/initializers/devise.rb +++ b/config/initializers/devise.rb @@ -1,7 +1,7 @@ Devise.setup do |config| config.mailer_sender = 'no-reply@library.nyu.edu' require 'devise/orm/active_record' - config.secret_key = ENV['SECRET_TOKEN'] + config.secret_key = ENV['SECRET_KEY_BASE'] config.strip_whitespace_keys = [ :email ] config.skip_session_storage = [:http_auth] config.stretches = Rails.env.test? ? 1 : 10 From 94a4f8b87359a8c4994fd63611ca5456c28ebbae Mon Sep 17 00:00:00 2001 From: B Alter Date: Mon, 28 Sep 2015 16:19:03 -0400 Subject: [PATCH 22/25] Fixed rollback migrations so we can more seemlessly go from pre user table changes to post ones and visa versa --- ...1853_remove_authlogic_fields_from_users.rb | 22 ++++++++-------- ...pulate_user_fields_from_user_attributes.rb | 8 +++--- db/schema.rb | 25 ++++++++++--------- 3 files changed, 29 insertions(+), 26 deletions(-) diff --git a/db/migrate/20150702221853_remove_authlogic_fields_from_users.rb b/db/migrate/20150702221853_remove_authlogic_fields_from_users.rb index 2cf744a6..b8297152 100644 --- a/db/migrate/20150702221853_remove_authlogic_fields_from_users.rb +++ b/db/migrate/20150702221853_remove_authlogic_fields_from_users.rb @@ -14,16 +14,16 @@ def up end def down - add_column :users, :mobile_phone - add_column :users, :crypted_password - add_column :users, :password_salt - add_column :users, :session_id - add_column :users, :persistence_token - add_column :users, :login_count - add_column :users, :last_request_at - add_column :users, :current_login_at - add_column :users, :last_login_at - add_column :users, :last_login_ip - add_column :users, :current_login_ip + add_column :users, :mobile_phone, :string + add_column :users, :crypted_password, :string + add_column :users, :password_salt, :string + add_column :users, :session_id, :string + add_column :users, :persistence_token, :string + add_column :users, :login_count, :integer + add_column :users, :last_request_at, :string + add_column :users, :current_login_at, :string + add_column :users, :last_login_at, :string + add_column :users, :last_login_ip, :string + add_column :users, :current_login_ip, :string end end diff --git a/db/migrate/20150708185249_populate_user_fields_from_user_attributes.rb b/db/migrate/20150708185249_populate_user_fields_from_user_attributes.rb index 919fa621..66538689 100644 --- a/db/migrate/20150708185249_populate_user_fields_from_user_attributes.rb +++ b/db/migrate/20150708185249_populate_user_fields_from_user_attributes.rb @@ -3,9 +3,11 @@ def up say_with_time "Migrating User Attributes" do User.class_eval { serialize :user_attributes } User.all.each do |user| - user.update_attribute :aleph_id, user.user_attributes[:nyuidn] - user.update_attribute :patron_status, user.user_attributes[:bor_status] - user.update_attribute :institution_code, user.user_attributes[:primary_institution] + unless user.user_attributes.blank? + user.update_attribute :aleph_id, user.user_attributes[:nyuidn] + user.update_attribute :patron_status, user.user_attributes[:bor_status] + user.update_attribute :institution_code, user.user_attributes[:primary_institution] + end end end end diff --git a/db/schema.rb b/db/schema.rb index 6c81d506..203e6028 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -11,7 +11,7 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema.define(version: 20150708185305) do +ActiveRecord::Schema.define(version: 20150823040400) do create_table "bookmarks", force: true do |t| t.integer "user_id", null: false @@ -25,6 +25,18 @@ add_index "bookmarks", ["user_id"], name: "index_bookmarks_on_user_id", using: :btree + create_table "collections", force: true do |t| + t.string "identifier" + t.string "title" + t.string "creator" + t.string "publisher" + t.string "description" + t.string "available" + t.string "rights" + t.datetime "created_at" + t.datetime "updated_at" + end + create_table "searches", force: true do |t| t.text "query_params" t.integer "user_id" @@ -52,17 +64,6 @@ t.string "username" t.string "firstname" t.string "lastname" - t.string "mobile_phone" - t.string "crypted_password" - t.string "password_salt" - t.string "session_id" - t.string "persistence_token" - t.integer "login_count" - t.string "last_request_at" - t.string "current_login_at" - t.string "last_login_at" - t.string "last_login_ip" - t.string "current_login_ip" t.datetime "refreshed_at" t.string "provider", default: "", null: false t.string "aleph_id" From 487b40a5d088897b82a93fcb92f92dbbfcf69058 Mon Sep 17 00:00:00 2001 From: hab278 Date: Mon, 5 Oct 2015 16:33:31 -0400 Subject: [PATCH 23/25] Much more compatible migrations --- ...1853_remove_authlogic_fields_from_users.rb | 29 ------------------- ...pulate_user_fields_from_user_attributes.rb | 6 ++-- ...85305_remove_user_attributes_from_users.rb | 9 ------ db/schema.rb | 24 +++++++-------- spec/factories/users.rb | 1 + spec/models/user_spec.rb | 5 ++++ 6 files changed, 21 insertions(+), 53 deletions(-) delete mode 100644 db/migrate/20150702221853_remove_authlogic_fields_from_users.rb delete mode 100644 db/migrate/20150708185305_remove_user_attributes_from_users.rb diff --git a/db/migrate/20150702221853_remove_authlogic_fields_from_users.rb b/db/migrate/20150702221853_remove_authlogic_fields_from_users.rb deleted file mode 100644 index b8297152..00000000 --- a/db/migrate/20150702221853_remove_authlogic_fields_from_users.rb +++ /dev/null @@ -1,29 +0,0 @@ -class RemoveAuthlogicFieldsFromUsers < ActiveRecord::Migration - def up - remove_column :users, :mobile_phone - remove_column :users, :crypted_password - remove_column :users, :password_salt - remove_column :users, :session_id - remove_column :users, :persistence_token - remove_column :users, :login_count - remove_column :users, :last_request_at - remove_column :users, :current_login_at - remove_column :users, :last_login_at - remove_column :users, :last_login_ip - remove_column :users, :current_login_ip - end - - def down - add_column :users, :mobile_phone, :string - add_column :users, :crypted_password, :string - add_column :users, :password_salt, :string - add_column :users, :session_id, :string - add_column :users, :persistence_token, :string - add_column :users, :login_count, :integer - add_column :users, :last_request_at, :string - add_column :users, :current_login_at, :string - add_column :users, :last_login_at, :string - add_column :users, :last_login_ip, :string - add_column :users, :current_login_ip, :string - end -end diff --git a/db/migrate/20150708185249_populate_user_fields_from_user_attributes.rb b/db/migrate/20150708185249_populate_user_fields_from_user_attributes.rb index 66538689..63a7d999 100644 --- a/db/migrate/20150708185249_populate_user_fields_from_user_attributes.rb +++ b/db/migrate/20150708185249_populate_user_fields_from_user_attributes.rb @@ -4,9 +4,9 @@ def up User.class_eval { serialize :user_attributes } User.all.each do |user| unless user.user_attributes.blank? - user.update_attribute :aleph_id, user.user_attributes[:nyuidn] - user.update_attribute :patron_status, user.user_attributes[:bor_status] - user.update_attribute :institution_code, user.user_attributes[:primary_institution] + user.update_attribute :aleph_id, user.user_attributes[:nyuidn] rescue '' + user.update_attribute :patron_status, user.user_attributes[:bor_status] rescue '' + user.update_attribute :institution_code, user.user_attributes[:primary_institution] rescue '' end end end diff --git a/db/migrate/20150708185305_remove_user_attributes_from_users.rb b/db/migrate/20150708185305_remove_user_attributes_from_users.rb deleted file mode 100644 index e8f2186b..00000000 --- a/db/migrate/20150708185305_remove_user_attributes_from_users.rb +++ /dev/null @@ -1,9 +0,0 @@ -class RemoveUserAttributesFromUsers < ActiveRecord::Migration - def up - remove_column :users, :user_attributes - end - - def down - add_column :users, :user_attributes, :text - end -end diff --git a/db/schema.rb b/db/schema.rb index 203e6028..4c7ecfc0 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -25,18 +25,6 @@ add_index "bookmarks", ["user_id"], name: "index_bookmarks_on_user_id", using: :btree - create_table "collections", force: true do |t| - t.string "identifier" - t.string "title" - t.string "creator" - t.string "publisher" - t.string "description" - t.string "available" - t.string "rights" - t.datetime "created_at" - t.datetime "updated_at" - end - create_table "searches", force: true do |t| t.text "query_params" t.integer "user_id" @@ -64,6 +52,18 @@ t.string "username" t.string "firstname" t.string "lastname" + t.string "mobile_phone" + t.string "crypted_password" + t.string "password_salt" + t.string "session_id" + t.string "persistence_token" + t.integer "login_count" + t.string "last_request_at" + t.string "current_login_at" + t.string "last_login_at" + t.string "last_login_ip" + t.string "current_login_ip" + t.text "user_attributes" t.datetime "refreshed_at" t.string "provider", default: "", null: false t.string "aleph_id" diff --git a/spec/factories/users.rb b/spec/factories/users.rb index 7deea8bd..07638b58 100644 --- a/spec/factories/users.rb +++ b/spec/factories/users.rb @@ -2,6 +2,7 @@ factory :user do sequence(:username) { |n| "user#{n}" } sequence(:email) { |n| "user#{n}@nyu.edu" } + user_attributes {{ :some_field => "test" }} factory :gis_cataloger do username "gis_admin" diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb index 43f07389..7f7a661a 100644 --- a/spec/models/user_spec.rb +++ b/spec/models/user_spec.rb @@ -7,6 +7,11 @@ subject { User.new } it { should be_a User } + describe "#user_attributes" do + subject { user.user_attributes } + it { should be_instance_of(Hash) } + end + describe "#to_s" do subject { user.to_s } it { should eql(user.email) } From 4902beb2045881699ce0c9298584725967ee31ef Mon Sep 17 00:00:00 2001 From: hab278 Date: Mon, 5 Oct 2015 16:33:51 -0400 Subject: [PATCH 24/25] New Logout path method --- app/controllers/application_controller.rb | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index f2f6d445..46e5a94b 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -13,8 +13,8 @@ def new_session_path(scope) # After signing out from the local application, # redirect to the logout path for the Login app def after_sign_out_path_for(resource_or_scope) - if ENV['SSO_LOGOUT_URL'].present? - ENV['SSO_LOGOUT_URL'] + if logout_path.present? + logout_path else super(resource_or_scope) end @@ -36,5 +36,11 @@ def current_user_dev flash[:notice] ||= exception.message.html_safe redirect_to root_url end - + private + + def logout_path + if ENV['LOGIN_URL'].present? && ENV['SSO_LOGOUT_PATH'].present? + "#{ENV['LOGIN_URL']}#{ENV['SSO_LOGOUT_PATH']}" + end + end end From cbcba15c5bbdab9425768c4424efd15b874ead3a Mon Sep 17 00:00:00 2001 From: hab278 Date: Mon, 5 Oct 2015 16:34:27 -0400 Subject: [PATCH 25/25] Marked some more loggedin stories as wip --- features/collection.feature | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/features/collection.feature b/features/collection.feature index 647d32eb..05120b98 100644 --- a/features/collection.feature +++ b/features/collection.feature @@ -3,7 +3,7 @@ Feature: Add, edit and delete collections I want to see my resources organized in Ichabod by collection, which I can add, delete and edit - @loggedin + @loggedin @wip Scenario: New Collection form Given I am logged in as an admin And I am on the "New Collection" form @@ -11,7 +11,7 @@ Feature: Add, edit and delete collections And field "discoverable" should be marked as required And field "discoverable" should be checked - @loggedin + @loggedin @wip Scenario: Adding a collection Given I am logged in as an admin And I am on the "New Collection" form @@ -25,7 +25,7 @@ Feature: Add, edit and delete collections And I click on "Create Collection" Then I should see the message "Collection was successfully created." - @loggedin + @loggedin @wip Scenario: Editing a record Given I am logged in as an admin And the collection "Audio Collection" exists @@ -37,7 +37,7 @@ Feature: Add, edit and delete collections When I am on the collections list Then I should see title "The Underground Soviet Rock" in the collections list - @loggedin + @loggedin @wip Scenario: Editing a collection with multiple values in all multiple fields Given I am logged in as an admin And the collection "Collection of Old Videos" exists @@ -54,11 +54,11 @@ Feature: Add, edit and delete collections | collection_publisher1 | DLTS | | collection_publisher2 | Video Archive | - @loggedin + @loggedin @wip Scenario: Deleting a record Given I am logged in as an admin And the collection "The Photo Collection" exists When I am on the collections list And I click on the "Delete" link for "The Photo Collection" Then I should see the message "Collection was successfully deleted." - And I should not see title "The Photo Collection" in the collections list \ No newline at end of file + And I should not see title "The Photo Collection" in the collections list