forked from agueye/Matlabu-Chifai
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
git-svn-id: https://matlabulchifai.googlecode.com/svn/trunk@309 126f7…
…d6c-fee3-11dd-88c7-29a3b14d5316
- Loading branch information
amber.feng
committed
Nov 13, 2009
1 parent
fe37553
commit 88bfde4
Showing
42 changed files
with
3,140 additions
and
275 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
class DashboardController < ApplicationController | ||
before_filter :login_required | ||
|
||
def index | ||
end | ||
|
||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,43 @@ | ||
# This controller handles the login/logout function of the site. | ||
class SessionsController < ApplicationController | ||
# Be sure to include AuthenticationSystem in Application Controller instead | ||
include AuthenticatedSystem | ||
|
||
# render new.rhtml | ||
def new | ||
end | ||
|
||
def create | ||
logout_keeping_session! | ||
user = User.authenticate(params[:login], params[:password]) | ||
if user | ||
# Protects against session fixation attacks, causes request forgery | ||
# protection if user resubmits an earlier form using back | ||
# button. Uncomment if you understand the tradeoffs. | ||
# reset_session | ||
self.current_user = user | ||
new_cookie_flag = (params[:remember_me] == "1") | ||
handle_remember_cookie! new_cookie_flag | ||
redirect_back_or_default('/') | ||
flash[:notice] = "Logged in successfully" | ||
else | ||
note_failed_signin | ||
@login = params[:login] | ||
@remember_me = params[:remember_me] | ||
render :action => 'new' | ||
end | ||
end | ||
|
||
def destroy | ||
logout_killing_session! | ||
flash[:notice] = "You have been logged out." | ||
redirect_back_or_default('/') | ||
end | ||
|
||
protected | ||
# Track failed login attempts | ||
def note_failed_signin | ||
flash[:error] = "Couldn't log you in as '#{params[:login]}'" | ||
logger.warn "Failed login for '#{params[:login]}' from #{request.remote_ip} at #{Time.now.utc}" | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,44 @@ | ||
class UsersController < ApplicationController | ||
# Be sure to include AuthenticationSystem in Application Controller instead | ||
include AuthenticatedSystem | ||
|
||
|
||
# render new.rhtml | ||
def new | ||
@user = User.new | ||
end | ||
|
||
def create | ||
logout_keeping_session! | ||
@user = User.new(params[:user]) | ||
user.activate! | ||
|
||
success = @user && @user.save | ||
|
||
if success && @user.errors.empty? | ||
redirect_back_or_default('/') | ||
flash[:notice] = "Thanks for signing up! We're sending you an email with your activation code." | ||
else | ||
flash[:error] = "We couldn't set up that account, sorry. Please try again, or contact an admin (link is above)." | ||
render :action => 'new' | ||
end | ||
end | ||
|
||
def activate | ||
logout_keeping_session! | ||
user = User.find_by_activation_code(params[:activation_code]) unless params[:activation_code].blank? | ||
case | ||
when (!params[:activation_code].blank?) && user && !user.active? | ||
user.activate! | ||
flash[:notice] = "Signup complete! Please sign in to continue." | ||
redirect_to '/login' | ||
when params[:activation_code].blank? | ||
flash[:error] = "The activation code was missing. Please follow the URL from your email." | ||
redirect_back_or_default('/') | ||
else | ||
flash[:error] = "We couldn't find a user with that activation code -- check your email? Or maybe you've already activated -- try signing in." | ||
redirect_back_or_default('/') | ||
end | ||
end | ||
|
||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
module DashboardHelper | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
module SessionsHelper | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,93 @@ | ||
module UsersHelper | ||
|
||
# | ||
# Use this to wrap view elements that the user can't access. | ||
# !! Note: this is an *interface*, not *security* feature !! | ||
# You need to do all access control at the controller level. | ||
# | ||
# Example: | ||
# <%= if_authorized?(:index, User) do link_to('List all users', users_path) end %> | | ||
# <%= if_authorized?(:edit, @user) do link_to('Edit this user', edit_user_path) end %> | | ||
# <%= if_authorized?(:destroy, @user) do link_to 'Destroy', @user, :confirm => 'Are you sure?', :method => :delete end %> | ||
# | ||
# | ||
def if_authorized?(action, resource, &block) | ||
if authorized?(action, resource) | ||
yield action, resource | ||
end | ||
end | ||
|
||
# | ||
# Link to user's page ('users/1') | ||
# | ||
# By default, their login is used as link text and link title (tooltip) | ||
# | ||
# Takes options | ||
# * :content_text => 'Content text in place of user.login', escaped with | ||
# the standard h() function. | ||
# * :content_method => :user_instance_method_to_call_for_content_text | ||
# * :title_method => :user_instance_method_to_call_for_title_attribute | ||
# * as well as link_to()'s standard options | ||
# | ||
# Examples: | ||
# link_to_user @user | ||
# # => <a href="/users/3" title="barmy">barmy</a> | ||
# | ||
# # if you've added a .name attribute: | ||
# content_tag :span, :class => :vcard do | ||
# (link_to_user user, :class => 'fn n', :title_method => :login, :content_method => :name) + | ||
# ': ' + (content_tag :span, user.email, :class => 'email') | ||
# end | ||
# # => <span class="vcard"><a href="/users/3" title="barmy" class="fn n">Cyril Fotheringay-Phipps</a>: <span class="email">barmy@blandings.com</span></span> | ||
# | ||
# link_to_user @user, :content_text => 'Your user page' | ||
# # => <a href="/users/3" title="barmy" class="nickname">Your user page</a> | ||
# | ||
def link_to_user(user, options={}) | ||
raise "Invalid user" unless user | ||
options.reverse_merge! :content_method => :login, :title_method => :login, :class => :nickname | ||
content_text = options.delete(:content_text) | ||
content_text ||= user.send(options.delete(:content_method)) | ||
options[:title] ||= user.send(options.delete(:title_method)) | ||
link_to h(content_text), user_path(user), options | ||
end | ||
|
||
# | ||
# Link to login page using remote ip address as link content | ||
# | ||
# The :title (and thus, tooltip) is set to the IP address | ||
# | ||
# Examples: | ||
# link_to_login_with_IP | ||
# # => <a href="/login" title="169.69.69.69">169.69.69.69</a> | ||
# | ||
# link_to_login_with_IP :content_text => 'not signed in' | ||
# # => <a href="/login" title="169.69.69.69">not signed in</a> | ||
# | ||
def link_to_login_with_IP content_text=nil, options={} | ||
ip_addr = request.remote_ip | ||
content_text ||= ip_addr | ||
options.reverse_merge! :title => ip_addr | ||
if tag = options.delete(:tag) | ||
content_tag tag, h(content_text), options | ||
else | ||
link_to h(content_text), login_path, options | ||
end | ||
end | ||
|
||
# | ||
# Link to the current user's page (using link_to_user) or to the login page | ||
# (using link_to_login_with_IP). | ||
# | ||
def link_to_current_user(options={}) | ||
if current_user | ||
link_to_user current_user, options | ||
else | ||
content_text = options.delete(:content_text) || 'not signed in' | ||
# kill ignored options from link_to_user | ||
[:content_method, :title_method].each{|opt| options.delete(opt)} | ||
link_to_login_with_IP content_text, options | ||
end | ||
end | ||
|
||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,76 @@ | ||
require 'digest/sha1' | ||
|
||
class User < ActiveRecord::Base | ||
include Authentication | ||
include Authentication::ByPassword | ||
include Authentication::ByCookieToken | ||
|
||
validates_presence_of :login | ||
validates_length_of :login, :within => 3..40 | ||
validates_uniqueness_of :login | ||
validates_format_of :login, :with => Authentication.login_regex, :message => Authentication.bad_login_message | ||
|
||
validates_format_of :name, :with => Authentication.name_regex, :message => Authentication.bad_name_message, :allow_nil => true | ||
validates_length_of :name, :maximum => 100 | ||
|
||
validates_presence_of :email | ||
validates_length_of :email, :within => 6..100 #r@a.wk | ||
validates_uniqueness_of :email | ||
validates_format_of :email, :with => Authentication.email_regex, :message => Authentication.bad_email_message | ||
|
||
before_create :make_activation_code | ||
|
||
# HACK HACK HACK -- how to do attr_accessible from here? | ||
# prevents a user from submitting a crafted form that bypasses activation | ||
# anything else you want your user to change should be added here. | ||
attr_accessible :login, :email, :name, :password, :password_confirmation | ||
|
||
|
||
# Activates the user in the database. | ||
def activate! | ||
@activated = true | ||
self.activated_at = Time.now.utc | ||
self.activation_code = nil | ||
save(false) | ||
end | ||
|
||
# Returns true if the user has just been activated. | ||
def recently_activated? | ||
@activated | ||
end | ||
|
||
def active? | ||
# the existence of an activation code means they have not activated yet | ||
activation_code.nil? | ||
end | ||
|
||
# Authenticates a user by their login name and unencrypted password. Returns the user or nil. | ||
# | ||
# uff. this is really an authorization, not authentication routine. | ||
# We really need a Dispatch Chain here or something. | ||
# This will also let us return a human error message. | ||
# | ||
def self.authenticate(login, password) | ||
return nil if login.blank? || password.blank? | ||
u = find :first, :conditions => ['login = ? and activated_at IS NOT NULL', login] # need to get the salt | ||
u && u.authenticated?(password) ? u : nil | ||
end | ||
|
||
def login=(value) | ||
write_attribute :login, (value ? value.downcase : nil) | ||
end | ||
|
||
def email=(value) | ||
write_attribute :email, (value ? value.downcase : nil) | ||
end | ||
|
||
protected | ||
|
||
|
||
def make_activation_code | ||
|
||
self.activation_code = self.class.make_token | ||
end | ||
|
||
|
||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
class UserMailer < ActionMailer::Base | ||
def signup_notification(user) | ||
setup_email(user) | ||
@subject += 'Please activate your new account' | ||
|
||
@body[:url] = "http://YOURSITE/activate/#{user.activation_code}" | ||
|
||
end | ||
|
||
def activation(user) | ||
setup_email(user) | ||
@subject += 'Your account has been activated!' | ||
@body[:url] = "http://YOURSITE/" | ||
end | ||
|
||
protected | ||
def setup_email(user) | ||
@recipients = "#{user.email}" | ||
@from = "ADMINEMAIL" | ||
@subject = "[YOURSITE] " | ||
@sent_on = Time.now | ||
@body[:user] = user | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
class UserObserver < ActiveRecord::Observer | ||
def after_create(user) | ||
UserMailer.deliver_signup_notification(user) | ||
end | ||
|
||
def after_save(user) | ||
|
||
UserMailer.deliver_activation(user) if user.recently_activated? | ||
|
||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
<h1>Welcome!</h1> | ||
Links: <%= link_to "Alerts", patient_alerts_path %> <%= link_to "Patients", patients_path %> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
<h1>Log In</h1> | ||
|
||
<% form_tag session_path do -%> | ||
<p><%= label_tag 'login' %><br /> | ||
<%= text_field_tag 'login', @login %></p> | ||
|
||
<p><%= label_tag 'password' %><br/> | ||
<%= password_field_tag 'password', nil %></p> | ||
|
||
<!-- Uncomment this if you want this functionality | ||
<p><%= label_tag 'remember_me', 'Remember me' %> | ||
<%= check_box_tag 'remember_me', '1', @remember_me %></p> | ||
--> | ||
|
||
<p><%= submit_tag 'Log in' %></p> | ||
<% end -%> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
<%=h @user.login %>, your account has been activated. Welcome aboard! | ||
|
||
<%=h @url %> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
Your account has been created. | ||
|
||
Username: <%=h @user.login %> | ||
Password: <%=h @user.password %> | ||
|
||
Visit this url to activate your account: | ||
|
||
<%=h @url %> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
<% if logged_in? -%> | ||
<div id="user-bar-greeting">Logged in as <%= link_to_current_user :content_method => :login %></div> | ||
<div id="user-bar-action" >(<%= link_to "Log out", logout_path, { :title => "Log out" } %>)</div> | ||
<% else -%> | ||
<div id="user-bar-greeting"><%= link_to_login_with_IP 'Not logged in', :style => 'border: none;' %></div> | ||
<div id="user-bar-action" ><%= link_to "Log in", login_path, { :title => "Log in" } %> / | ||
<%= link_to "Sign up", signup_path, { :title => "Create an account" } %></div> | ||
<% end -%> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
<h1>Sign up as a new user</h1> | ||
<% @user.password = @user.password_confirmation = nil %> | ||
<%= error_messages_for :user %> | ||
<% form_for :user, :url => users_path do |f| -%> | ||
<p><%= label_tag 'login' %><br/> | ||
<%= f.text_field :login %></p> | ||
|
||
<p><%= label_tag 'email' %><br/> | ||
<%= f.text_field :email %></p> | ||
|
||
<p><%= label_tag 'password' %><br/> | ||
<%= f.password_field :password %></p> | ||
|
||
<p><%= label_tag 'password_confirmation', 'Confirm Password' %><br/> | ||
<%= f.password_field :password_confirmation %></p> | ||
|
||
<p><%= submit_tag 'Sign up' %></p> | ||
<% end -%> |
Oops, something went wrong.