Merge pull request 4clojure#183 from ckirkendall/develop

added sec msgs and extended msgs to take formatted strings

resources/error-messages.properties

@@ -1,6 +1,4 @@
 
-
-
 #######################################
 # error messages used in registration #
 # and when updating user settings     #
@@ -16,4 +14,11 @@ settings.npwd-match=New password was not entered identically twice
 settings.pwd-incorrect=Current password incorrect
 settings.email-invalid=Please enter a valid email address
 settings.email-exists=User with this email address already exists
-
+
+#######################################
+# security related error messages     #
+#######################################
+
+security.login-required=You must %s to do this
+security.err-reset-email=Something went wrong emailing your new password! Please contact <a href='mailto:team@4clojure.com?subject=Password Reset: %s'>team@4clojure.com</a> - we'll reset it manually and look into the problem. When you do, please mention your username.
+security.email-unknown=We don't know anyone with that email address!

src/foreclojure/login.clj

@@ -5,6 +5,7 @@
   (:use     [hiccup.form-helpers      :only [form-to label text-field password-field check-box]]
             [foreclojure.utils        :only [from-mongo flash-error flash-msg form-row assuming send-email login-url]]
             [foreclojure.template     :only [def-page content-page]]
+            [foreclojure.messages     :only [err-msg]]
             [compojure.core           :only [defroutes GET POST]]
             [useful.map               :only [keyed]]
             [clojail.core             :only [thunk-timeout]]
@@ -110,9 +111,9 @@
               "Your password has been reset! You should receive an email soon."))
         (do (spit (str name ".pwd") diagnostics)
             (flash-error "/login/reset"
-              (str "Something went wrong emailing your new password! Please contact <a href='mailto:team@4clojure.com?subject=Password Reset: " name "'>team@4clojure.com</a> - we'll reset it manually and look into the problem. When you do, please mention your username.")))))
+              (err-msg "security.err-pwd-email" name)))))
     (flash-error "/login/reset"
-      "We don't know anyone with that email address!")))
+      (err-msg "security.err-unknown"))))
 
 (defroutes login-routes
   (GET  "/login" [location] (my-login-page location))

src/foreclojure/messages.clj

@@ -5,5 +5,8 @@
              (.load (-> (Thread/currentThread)
              (.getContextClassLoader)
              (.getResourceAsStream file))))))
+
+(def err-msg-map  (load-props "error-messages.properties"))             
 
-(def err-msgs (load-props "error-messages.properties"))
+(defn err-msg [key & args]
+      (apply format (cons (get err-msg-map key) args)))

src/foreclojure/register.clj

@@ -6,7 +6,7 @@
             [compojure.core           :only [defroutes GET POST]]
             [foreclojure.utils        :only [form-row assuming flash-error plausible-email?]]
             [foreclojure.template     :only [def-page]]
-            [foreclojure.messages     :only [err-msgs]]
+            [foreclojure.messages     :only [err-msg]]
             [somnium.congomongo       :only [insert! fetch-one]]))
 
 (def-page register-page []
@@ -27,20 +27,20 @@
 (defn do-register [user pwd repeat-pwd email]
   (let [lower-user (.toLowerCase user)]
     (assuming [(nil? (fetch-one :users :where {:user lower-user}))
-               (err-msgs "settings.user-exists"),
+               (err-msg "settings.user-exists"),
                (< 3 (.length lower-user) 14)
-               (err-msgs "settings.uname-size"),
+               (err-msg "settings.uname-size"),
                (= lower-user
                   (first (re-seq #"[A-Za-z0-9_]+" lower-user)))
-               (err-msgs "settings.uname-alphanum")
+               (err-msg "settings.uname-alphanum")
                (< 6 (.length pwd))
-               (err-msgs "settings.pwd-size"),
+               (err-msg "settings.pwd-size"),
                (= pwd repeat-pwd)
-               (err-msgs "settings.pwd-match"),
+               (err-msg "settings.pwd-match"),
                (plausible-email? email)
-               (err-msgs "settings.email-invalid")
+               (err-msg "settings.email-invalid")
                (nil? (fetch-one :users :where {:email email}))
-               (err-msgs "settings.email-exists")]
+               (err-msg "settings.email-exists")]
       (do
         (insert! :users
                  {:user lower-user

src/foreclojure/settings.clj

@@ -6,7 +6,7 @@
             [foreclojure.utils        :only [from-mongo flash-error flash-msg with-user form-row assuming send-email login-url plausible-email?]]
             [foreclojure.template     :only [def-page content-page]]
             [foreclojure.users        :only [disable-codebox? hide-solutions? gravatar-img]]
-            [foreclojure.messages     :only [err-msgs]]
+            [foreclojure.messages     :only [err-msg]]
             [compojure.core           :only [defroutes GET POST]]
             [useful.map               :only [keyed]]
             [clojail.core             :only [thunk-timeout]]
@@ -71,23 +71,23 @@
           new-pwd-hash (.encryptPassword encryptor new-pwd)
           new-lower-user (.toLowerCase new-username)]
       (assuming [(or (= new-lower-user user) (nil? (fetch-one :users :where {:user new-lower-user})))
-                 (err-msgs "settings.user-exists"),
+                 (err-msg "settings.user-exists"),
                  (< 3 (.length new-lower-user) 14)
-                 (err-msgs "settings.uname-size"),
+                 (err-msg "settings.uname-size"),
                  (= new-lower-user
                     (first (re-seq #"[A-Za-z0-9_]+" new-lower-user)))
-                 (err-msgs "settings.uname-alphanum")
+                 (err-msg "settings.uname-alphanum")
                  (or (empty? new-pwd) (< 6 (.length new-pwd)))
-                 (err-msgs "settings.npwd-size"),
+                 (err-msg "settings.npwd-size"),
                  (= new-pwd repeat-pwd)
-                 (err-msgs "settings.npwd-match")
+                 (err-msg "settings.npwd-match")
                  (or (empty? new-pwd)
                      (.checkPassword encryptor old-pwd pwd))
-                 (err-msgs "settings.pwd-incorrect")
+                 (err-msg "settings.pwd-incorrect")
                  (plausible-email? email)
-                 (err-msgs "settings.email-invalid")
+                 (err-msg "settings.email-invalid")
                  (nil? (fetch-one :users :where {:email email :user {:$ne user}}))
-                 (err-msgs "settings.email-exists")]
+                 (err-msg "settings.email-exists")]
           (do
             (update! :users {:user user}
                      {:$set {:pwd (if (seq new-pwd) new-pwd-hash pwd)

src/foreclojure/utils.clj

@@ -2,6 +2,7 @@
   (:require [sandbar.stateful-session :as   session]
             [ring.util.response       :as   response]
             [foreclojure.config       :as   config]
+            [foreclojure.messages     :as   msg]
             [clojure.walk             :as   walk]
             [clojure.string           :as   string]
             [foreclojure.git          :as   git]
@@ -146,7 +147,7 @@
 (defmacro with-user [[binding expr] & body]
   `(if-user [~binding ~expr]
      (do ~@body)
-     [:span.error "You must " (login-link) " to do this."]))
+     [:span.error (msg/err-msg "security.login-required" (login-link))]))
 
 (defn flash-fn [type]
   (fn [url msg]

test/foreclojure/test/messages.clj

@@ -0,0 +1,12 @@
+(ns foreclojure.test.messages
+  (:use [foreclojure.messages     :only [err-msg]])
+  (:use [clojure.test])
+  (:use [midje.sweet]))
+
+(def filler "BAKE ME COOKIES")
+
+(deftest test-err-msg
+   (fact "about err-msg - format" 
+      (err-msg "security.login-required" filler) => "You must BAKE ME COOKIES to do this")
+   (fact "about err-msg - standard"
+      (err-msg "settings.user-exists") => "User already exists"))

test/foreclojure/test/register.clj

@@ -2,7 +2,7 @@
   (:require [sandbar.stateful-session :as   session]
             [ring.util.response       :as   response])
   (:use [foreclojure.register])
-  (:use [foreclojure.messages     :only [err-msgs]])
+  (:use [foreclojure.messages     :only [err-msg]])
   (:use [clojure.test])
   (:use [midje.sweet])
   (:use [foreclojure.utils :only [form-row assuming flash-error]])
@@ -35,30 +35,30 @@
           (do-register uname pwd pwd email) => truthy
             (provided
               (fetch-one :users :where {:user uname}) => {:user "username"}
-              (flash-error "/register" (err-msgs "settings.user-exists")) => 1))
+              (flash-error "/register" (err-msg "settings.user-exists")) => 1))
       (fact "about do-register - username too long"
           (do-register lngname pwd pwd email) => truthy
             (provided
-              (flash-error "/register" (err-msgs "settings.uname-size")) => 1))
+              (flash-error "/register" (err-msg "settings.uname-size")) => 1))
       (fact "about do-register - username not alphanumeric"
           (do-register bname pwd pwd email) => truthy
             (provided
-              (flash-error "/register" (err-msgs "settings.uname-alphanum")) => 1))
+              (flash-error "/register" (err-msg "settings.uname-alphanum")) => 1))
       (fact "about do-register - short password"
           (do-register uname shpwd shpwd email) => truthy
             (provided
-              (flash-error "/register" (err-msgs "settings.pwd-size")) => 1))
+              (flash-error "/register" (err-msg "settings.pwd-size")) => 1))
       (fact "about do-register - passwords don't match"
           (do-register uname pwd shpwd email) => truthy
             (provided
-              (flash-error "/register" (err-msgs "settings.pwd-match")) => 1))
+              (flash-error "/register" (err-msg "settings.pwd-match")) => 1))
       (fact "about do-register - bad email"
           (do-register uname pwd pwd bemail) => truthy
             (provided
-              (flash-error "/register" (err-msgs "settings.email-invalid")) => 1))
+              (flash-error "/register" (err-msg "settings.email-invalid")) => 1))
       (fact "about do-register - email exists"
           (do-register uname pwd pwd email) => truthy
             (provided
               (fetch-one :users :where {:user uname}) => nil
               (fetch-one :users :where {:email email}) => {:user "username"}
-              (flash-error "/register" (err-msgs "settings.email-exists")) => 1)))))
+              (flash-error "/register" (err-msg "settings.email-exists")) => 1)))))

test/foreclojure/test/settings.clj

@@ -3,7 +3,7 @@
             [ring.util.response       :as   response])
   (:import  [org.jasypt.util.password StrongPasswordEncryptor])
   (:use [foreclojure.settings])
-  (:use [foreclojure.messages     :only [err-msgs]])
+  (:use [foreclojure.messages     :only [err-msg]])
   (:use [clojure.test])
   (:use [midje.sweet])
   (:use [foreclojure.utils :only [get-user assuming flash-error flash-msg]])
@@ -42,36 +42,36 @@
           (do-update-settings! new-name old-pwd new-pwd new-pwd email false false) => truthy
             (provided 
               (fetch-one :users :where {:user new-name}) => {:user "username-new"}
-              (flash-error "/settings" (err-msgs "settings.user-exists")) => 1))
+              (flash-error "/settings" (err-msg "settings.user-exists")) => 1))
       (fact "about do-update-settings! - username too long"
           (do-update-settings! lngname old-pwd new-pwd new-pwd email false false) => truthy
             (provided 
-              (flash-error "/settings" (err-msgs "settings.uname-size")) => 1))
+              (flash-error "/settings" (err-msg "settings.uname-size")) => 1))
       (fact "about do-update-settings! - username not alphanumeric"
           (do-update-settings! bname old-pwd new-pwd new-pwd email false false) => truthy
             (provided 
-              (flash-error "/settings" (err-msgs "settings.uname-alphanum")) => 1))
+              (flash-error "/settings" (err-msg "settings.uname-alphanum")) => 1))
       (fact "about do-update-settings! - short password"
           (do-update-settings! new-name old-pwd short-pwd short-pwd email false false) => truthy
             (provided 
-              (flash-error "/settings" (err-msgs "settings.npwd-size")) => 1))
+              (flash-error "/settings" (err-msg "settings.npwd-size")) => 1))
       (fact "about do-update-settings! - passwords don't match"
           (do-update-settings! new-name old-pwd new-pwd old-pwd email false false) => truthy
             (provided 
-              (flash-error "/settings" (err-msgs "settings.npwd-match")) => 1))
+              (flash-error "/settings" (err-msg "settings.npwd-match")) => 1))
       (fact "about do-update-settings! - old password doesn't match"
           (do-update-settings! new-name new-pwd new-pwd new-pwd email false false) => truthy
             (provided 
-              (flash-error "/settings" (err-msgs "settings.pwd-incorrect")) => 1))
+              (flash-error "/settings" (err-msg "settings.pwd-incorrect")) => 1))
       (fact "about do-update-settings! - bad email"
           (do-update-settings! new-name old-pwd new-pwd new-pwd bad-email false false) => truthy
             (provided 
-              (flash-error "/settings" (err-msgs "settings.email-invalid")) => 1))
+              (flash-error "/settings" (err-msg "settings.email-invalid")) => 1))
       (fact "about do-update-settings! - email exists"
           (do-update-settings! new-name old-pwd new-pwd new-pwd email false false) => truthy
             (provided 
               ;you have to specify both because midje can't tell them apart
               (fetch-one :users :where {:user new-name}) => nil
               (fetch-one :users :where {:email email :user {:$ne old-name}}) => {:user old-name}
-              (flash-error "/settings" (err-msgs "settings.email-exists")) => 1)))))
+              (flash-error "/settings" (err-msg "settings.email-exists")) => 1)))))