Permalink
Browse files

initial rails application setup

  • Loading branch information...
1 parent 861be3a commit 418b19285e47918325b7877459384224a7bf0894 activefx committed Aug 5, 2008
Showing 609 changed files with 48,293 additions and 0 deletions.
View
@@ -0,0 +1,18 @@
+[submodule "vendor/plugins/will_paginate"]
+ path = vendor/plugins/will_paginate
+ url = git://github.com/mislav/will_paginate.git
+[submodule "vendor/plugins/permalink_fu"]
+ path = vendor/plugins/permalink_fu
+ url = git://github.com/technoweenie/permalink_fu.git
+[submodule "vendor/plugins/uberkit"]
+ path = vendor/plugins/uberkit
+ url = git://github.com/mbleigh/uberkit.git
+[submodule "vendor/plugins/open_id_authentication"]
+ path = vendor/plugins/open_id_authentication
+ url = git://github.com/rails/open_id_authentication.git
+[submodule "vendor/plugins/restful_authentication"]
+ path = vendor/plugins/restful_authentication
+ url = git://github.com/technoweenie/restful-authentication.git
+[submodule "vendor/plugins/role_requirement"]
+ path = vendor/plugins/role_requirement
+ url = git://github.com/timcharper/role_requirement.git
@@ -2,6 +2,12 @@
# Likewise, all the methods added will be available for all controllers.
class ApplicationController < ActionController::Base
+ # AuthenticatedSystem must be included for RoleRequirement, and is provided by installing acts_as_authenticates and running 'script/generate authenticated account user'.
+ include AuthenticatedSystem
+ # You can move this into a different controller, if you wish. This module gives you the require_role helpers, and others.
+ include RoleRequirementSystem
+
+
helper :all # include all helpers, all the time
# See ActionController::RequestForgeryProtection for details
@@ -0,0 +1,43 @@
+# This controller handles the login/logout function of the site.
+class SessionsController < ApplicationController
+ # Be sure to include AuthenticationSystem in Application Controller instead
+ include AuthenticatedSystem
+
+ # render new.rhtml
+ def new
+ end
+
+ def create
+ logout_keeping_session!
+ user = User.authenticate(params[:login], params[:password])
+ if user
+ # Protects against session fixation attacks, causes request forgery
+ # protection if user resubmits an earlier form using back
+ # button. Uncomment if you understand the tradeoffs.
+ # reset_session
+ self.current_user = user
+ new_cookie_flag = (params[:remember_me] == "1")
+ handle_remember_cookie! new_cookie_flag
+ redirect_back_or_default('/')
+ flash[:notice] = "Logged in successfully"
+ else
+ note_failed_signin
+ @login = params[:login]
+ @remember_me = params[:remember_me]
+ render :action => 'new'
+ end
+ end
+
+ def destroy
+ logout_killing_session!
+ flash[:notice] = "You have been logged out."
+ redirect_back_or_default('/')
+ end
+
+protected
+ # Track failed login attempts
+ def note_failed_signin
+ flash[:error] = "Couldn't log you in as '#{params[:login]}'"
+ logger.warn "Failed login for '#{params[:login]}' from #{request.remote_ip} at #{Time.now.utc}"
+ end
+end
@@ -0,0 +1,40 @@
+class UsersController < ApplicationController
+ # Be sure to include AuthenticationSystem in Application Controller instead
+ include AuthenticatedSystem
+
+
+ # render new.rhtml
+ def new
+ @user = User.new
+ end
+
+ def create
+ logout_keeping_session!
+ @user = User.new(params[:user])
+ success = @user && @user.save
+ if success && @user.errors.empty?
+ redirect_back_or_default('/')
+ flash[:notice] = "Thanks for signing up! We're sending you an email with your activation code."
+ else
+ flash[:error] = "We couldn't set up that account, sorry. Please try again, or contact an admin (link is above)."
+ render :action => 'new'
+ end
+ end
+
+ def activate
+ logout_keeping_session!
+ user = User.find_by_activation_code(params[:activation_code]) unless params[:activation_code].blank?
+ case
+ when (!params[:activation_code].blank?) && user && !user.active?
+ user.activate!
+ flash[:notice] = "Signup complete! Please sign in to continue."
+ redirect_to '/login'
+ when params[:activation_code].blank?
+ flash[:error] = "The activation code was missing. Please follow the URL from your email."
+ redirect_back_or_default('/')
+ else
+ flash[:error] = "We couldn't find a user with that activation code -- check your email? Or maybe you've already activated -- try signing in."
+ redirect_back_or_default('/')
+ end
+ end
+end
@@ -0,0 +1,2 @@
+module SessionsHelper
+end
@@ -0,0 +1,93 @@
+module UsersHelper
+
+ #
+ # Use this to wrap view elements that the user can't access.
+ # !! Note: this is an *interface*, not *security* feature !!
+ # You need to do all access control at the controller level.
+ #
+ # Example:
+ # <%= if_authorized?(:index, User) do link_to('List all users', users_path) end %> |
+ # <%= if_authorized?(:edit, @user) do link_to('Edit this user', edit_user_path) end %> |
+ # <%= if_authorized?(:destroy, @user) do link_to 'Destroy', @user, :confirm => 'Are you sure?', :method => :delete end %>
+ #
+ #
+ def if_authorized?(action, resource, &block)
+ if authorized?(action, resource)
+ yield action, resource
+ end
+ end
+
+ #
+ # Link to user's page ('users/1')
+ #
+ # By default, their login is used as link text and link title (tooltip)
+ #
+ # Takes options
+ # * :content_text => 'Content text in place of user.login', escaped with
+ # the standard h() function.
+ # * :content_method => :user_instance_method_to_call_for_content_text
+ # * :title_method => :user_instance_method_to_call_for_title_attribute
+ # * as well as link_to()'s standard options
+ #
+ # Examples:
+ # link_to_user @user
+ # # => <a href="/users/3" title="barmy">barmy</a>
+ #
+ # # if you've added a .name attribute:
+ # content_tag :span, :class => :vcard do
+ # (link_to_user user, :class => 'fn n', :title_method => :login, :content_method => :name) +
+ # ': ' + (content_tag :span, user.email, :class => 'email')
+ # end
+ # # => <span class="vcard"><a href="/users/3" title="barmy" class="fn n">Cyril Fotheringay-Phipps</a>: <span class="email">barmy@blandings.com</span></span>
+ #
+ # link_to_user @user, :content_text => 'Your user page'
+ # # => <a href="/users/3" title="barmy" class="nickname">Your user page</a>
+ #
+ def link_to_user(user, options={})
+ raise "Invalid user" unless user
+ options.reverse_merge! :content_method => :login, :title_method => :login, :class => :nickname
+ content_text = options.delete(:content_text)
+ content_text ||= user.send(options.delete(:content_method))
+ options[:title] ||= user.send(options.delete(:title_method))
+ link_to h(content_text), user_path(user), options
+ end
+
+ #
+ # Link to login page using remote ip address as link content
+ #
+ # The :title (and thus, tooltip) is set to the IP address
+ #
+ # Examples:
+ # link_to_login_with_IP
+ # # => <a href="/login" title="169.69.69.69">169.69.69.69</a>
+ #
+ # link_to_login_with_IP :content_text => 'not signed in'
+ # # => <a href="/login" title="169.69.69.69">not signed in</a>
+ #
+ def link_to_login_with_IP content_text=nil, options={}
+ ip_addr = request.remote_ip
+ content_text ||= ip_addr
+ options.reverse_merge! :title => ip_addr
+ if tag = options.delete(:tag)
+ content_tag tag, h(content_text), options
+ else
+ link_to h(content_text), login_path, options
+ end
+ end
+
+ #
+ # Link to the current user's page (using link_to_user) or to the login page
+ # (using link_to_login_with_IP).
+ #
+ def link_to_current_user(options={})
+ if current_user
+ link_to_user current_user, options
+ else
+ content_text = options.delete(:content_text) || 'not signed in'
+ # kill ignored options from link_to_user
+ [:content_method, :title_method].each{|opt| options.delete(opt)}
+ link_to_login_with_IP content_text, options
+ end
+ end
+
+end
View
@@ -0,0 +1,3 @@
+class Role < ActiveRecord::Base
+
+end
View
@@ -0,0 +1,80 @@
+require 'digest/sha1'
+
+class User < ActiveRecord::Base
+
+
+
+ # ---------------------------------------
+ # The following code has been generated by role_requirement.
+ # You may wish to modify it to suit your need
+ has_and_belongs_to_many :roles
+
+ # has_role? simply needs to return true or false whether a user has a role or not.
+ # It may be a good idea to have "admin" roles return true always
+ def has_role?(role_in_question)
+ @_list ||= self.roles.collect(&:name)
+ return true if @_list.include?("admin")
+ (@_list.include?(role_in_question.to_s) )
+ end
+ # ---------------------------------------
+
+
+
+
+ include Authentication
+ include Authentication::ByPassword
+ include Authentication::ByCookieToken
+
+ validates_presence_of :login
+ validates_length_of :login, :within => 3..40
+ validates_uniqueness_of :login, :case_sensitive => false
+ validates_format_of :login, :with => RE_LOGIN_OK, :message => MSG_LOGIN_BAD
+
+ validates_format_of :name, :with => RE_NAME_OK, :message => MSG_NAME_BAD, :allow_nil => true
+ validates_length_of :name, :maximum => 100
+
+ validates_presence_of :email
+ validates_length_of :email, :within => 6..100 #r@a.wk
+ validates_uniqueness_of :email, :case_sensitive => false
+ validates_format_of :email, :with => RE_EMAIL_OK, :message => MSG_EMAIL_BAD
+
+ before_create :make_activation_code
+
+ # HACK HACK HACK -- how to do attr_accessible from here?
+ # prevents a user from submitting a crafted form that bypasses activation
+ # anything else you want your user to change should be added here.
+ attr_accessible :login, :email, :name, :password, :password_confirmation
+
+
+ # Activates the user in the database.
+ def activate!
+ @activated = true
+ self.activated_at = Time.now.utc
+ self.activation_code = nil
+ save(false)
+ end
+
+ def active?
+ # the existence of an activation code means they have not activated yet
+ activation_code.nil?
+ end
+
+ # Authenticates a user by their login name and unencrypted password. Returns the user or nil.
+ #
+ # uff. this is really an authorization, not authentication routine.
+ # We really need a Dispatch Chain here or something.
+ # This will also let us return a human error message.
+ #
+ def self.authenticate(login, password)
+ u = find :first, :conditions => ['login = ? and activated_at IS NOT NULL', login] # need to get the salt
+ u && u.authenticated?(password) ? u : nil
+ end
+
+ protected
+
+ def make_activation_code
+ self.activation_code = self.class.make_token
+ end
+
+
+end
View
@@ -0,0 +1,24 @@
+class UserMailer < ActionMailer::Base
+ def signup_notification(user)
+ setup_email(user)
+ @subject += 'Please activate your new account'
+
+ @body[:url] = "http://YOURSITE/activate/#{user.activation_code}"
+
+ end
+
+ def activation(user)
+ setup_email(user)
+ @subject += 'Your account has been activated!'
+ @body[:url] = "http://YOURSITE/"
+ end
+
+ protected
+ def setup_email(user)
+ @recipients = "#{user.email}"
+ @from = "ADMINEMAIL"
+ @subject = "[YOURSITE] "
+ @sent_on = Time.now
+ @body[:user] = user
+ end
+end
@@ -0,0 +1,11 @@
+class UserObserver < ActiveRecord::Observer
+ def after_create(user)
+ UserMailer.deliver_signup_notification(user)
+ end
+
+ def after_save(user)
+
+ UserMailer.deliver_activation(user) if user.recently_activated?
+
+ end
+end
@@ -0,0 +1,16 @@
+<h1>Log In</h1>
+
+<% form_tag session_path do -%>
+<p><label for="login">Login</label><br/>
+<%= text_field_tag 'login', @login %></p>
+
+<p><label for="password">Password</label><br/>
+<%= password_field_tag 'password', nil %></p>
+
+<!-- Uncomment this if you want this functionality
+<p><label for="remember_me">Remember me:</label>
+<%= check_box_tag 'remember_me', '1', @remember_me %></p>
+-->
+
+<p><%= submit_tag 'Log in' %></p>
+<% end -%>
@@ -0,0 +1,3 @@
+<%=h @user.login %>, your account has been activated. Welcome aboard!
+
+ <%=h @url %>
@@ -0,0 +1,8 @@
+Your account has been created.
+
+ Username: <%=h @user.login %>
+ Password: <%=h @user.password %>
+
+Visit this url to activate your account:
+
+ <%=h @url %>
@@ -0,0 +1,8 @@
+<% if logged_in? -%>
+ <div id="user-bar-greeting">Logged in as <%= link_to_current_user :content_method => :login %></div>
+ <div id="user-bar-action" >(<%= link_to "log out", logout_path, { :title => "Log out" } %>)</div>
+<% else -%>
+ <div id="user-bar-greeting"><%= abbr_tag_with_IP 'Not logged in', :style => 'border: none;' %></div>
+ <div id="user-bar-action" ><%= link_to "Log in", login_path, { :title => "Log in" } %> /
+ <%= link_to "Sign up", signup_path, { :title => "Create an account" } %></div>
+<% end -%>
@@ -0,0 +1,19 @@
+<h1>Sign up as a new user</h1>
+<% @user.password = @user.password_confirmation = nil %>
+
+<%= error_messages_for :user %>
+<% form_for :user, :url => users_path do |f| -%>
+<p><label for="login">Login</label><br/>
+<%= f.text_field :login %></p>
+
+<p><label for="email">Email</label><br/>
+<%= f.text_field :email %></p>
+
+<p><label for="password">Password</label><br/>
+<%= f.password_field :password %></p>
+
+<p><label for="password_confirmation">Confirm Password</label><br/>
+<%= f.password_field :password_confirmation %></p>
+
+<p><%= submit_tag 'Sign up' %></p>
+<% end -%>
Oops, something went wrong.

0 comments on commit 418b192

Please sign in to comment.