From 67166aadd1657c94f8b003c69a60da89934ee7b0 Mon Sep 17 00:00:00 2001 From: Maxim Colls Date: Wed, 13 Jun 2018 19:36:24 +0100 Subject: [PATCH 1/5] Updated devise --- Gemfile.lock | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 77f77a7bd..ce5d48de6 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -60,7 +60,7 @@ GEM autoprefixer-rails (6.3.1) execjs json - bcrypt (3.1.11) + bcrypt (3.1.12) better_errors (2.4.0) coderay (>= 1.0.0) erubi (>= 1.0.0) @@ -113,14 +113,14 @@ GEM columnize (0.9.0) concurrent-ruby (1.0.5) connection_pool (2.2.1) - crass (1.0.3) + crass (1.0.4) dalli (2.7.2) database_cleaner (1.6.2) debug_inspector (0.0.3) - devise (4.4.1) + devise (4.4.3) bcrypt (~> 3.0) orm_adapter (~> 0.1) - railties (>= 4.1.0, < 5.2) + railties (>= 4.1.0, < 6.0) responders warden (~> 1.2.3) diff-lcs (1.3) @@ -241,7 +241,7 @@ GEM public_suffix (2.0.5) pundit (0.3.0) activesupport (>= 3.0.0) - rack (1.6.9) + rack (1.6.10) rack-protection (2.0.1) rack rack-test (0.6.3) @@ -280,7 +280,7 @@ GEM thor (>= 0.18.1, < 2.0) rainbow (3.0.0) raindrops (0.16.0) - rake (12.3.0) + rake (12.3.1) ransack (1.8.6) actionpack (>= 3.0) activerecord (>= 3.0) @@ -289,8 +289,9 @@ GEM polyamorous (~> 1.3.2) rdiscount (2.1.7.1) redis (4.0.1) - responders (2.0.2) - railties (>= 4.2.0.alpha, < 5) + responders (2.4.0) + actionpack (>= 4.2.0, < 5.3) + railties (>= 4.2.0, < 5.3) rest-client (2.0.1) http-cookie (>= 1.0.2, < 2.0) mime-types (>= 1.16, < 4.0) @@ -364,7 +365,7 @@ GEM sshkit (1.8.1) net-scp (>= 1.1.2) net-ssh (>= 2.8.0) - thor (0.19.4) + thor (0.20.0) thread_safe (0.3.6) tilt (2.0.8) ttfunk (1.5.1) From 6c73f86d110f7d8e82d583c77d8429a535fd6909 Mon Sep 17 00:00:00 2001 From: Maxim Colls Date: Wed, 13 Jun 2018 19:36:52 +0100 Subject: [PATCH 2/5] Added authentication check in posts controller --- app/controllers/posts_controller.rb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/app/controllers/posts_controller.rb b/app/controllers/posts_controller.rb index 220d68715..2ad1acd2f 100644 --- a/app/controllers/posts_controller.rb +++ b/app/controllers/posts_controller.rb @@ -1,4 +1,6 @@ class PostsController < ApplicationController + before_action :authenticate_user! + has_scope :by_category, as: :cat has_scope :tagged_with, as: :tag has_scope :by_organization, as: :org From d03726cb54654417c188a801051733385a006996 Mon Sep 17 00:00:00 2001 From: Maxim Colls Date: Wed, 13 Jun 2018 19:37:44 +0100 Subject: [PATCH 3/5] Added timeoutable devise option in User to replace the hard session expiration at store level --- app/assets/stylesheets/application.css.scss | 31 ++------------------- app/helpers/messages_helper.rb | 13 +++++++++ app/models/user.rb | 3 +- app/views/layouts/_messages.html.erb | 4 ++- config/initializers/devise.rb | 2 +- config/initializers/session_store.rb | 2 +- 6 files changed, 22 insertions(+), 33 deletions(-) create mode 100644 app/helpers/messages_helper.rb diff --git a/app/assets/stylesheets/application.css.scss b/app/assets/stylesheets/application.css.scss index c135e8ef0..40aa4efdb 100644 --- a/app/assets/stylesheets/application.css.scss +++ b/app/assets/stylesheets/application.css.scss @@ -294,38 +294,11 @@ ul.statistics li{ } /*flash*/ -.alert > p, .alert > ul { +.alert > ul { + list-style: none; padding-left: 1.5rem; } -.alert-error { - background-color: #f2dede; - border-color: #eed3d7; - color: #b94a48; - text-align: left; - } - -.alert-alert { - background-color: #f2dede; - border-color: #eed3d7; - color: #b94a48; - text-align: left; - } - -.alert-success { - background-color: #dff0d8; - border-color: #d6e9c6; - color: #468847; - text-align: left; - } - -.alert-notice { - background-color: #dff0d8; - border-color: #d6e9c6; - color: #468847; - text-align: left; -} - // if not navbar hidden datepicker in small windows .ui-datepicker{ z-index: 1000 !important; diff --git a/app/helpers/messages_helper.rb b/app/helpers/messages_helper.rb new file mode 100644 index 000000000..18a2aea43 --- /dev/null +++ b/app/helpers/messages_helper.rb @@ -0,0 +1,13 @@ +module MessagesHelper + def alert_class(alert) + if alert == 'error' || alert == 'alert' + 'alert-danger' + elsif alert == 'success' + 'alert-success' + elsif alert == 'notice' + 'alert-info' + else + 'alert-info' + end + end +end diff --git a/app/models/user.rb b/app/models/user.rb index 4a75173ad..b3e7d3252 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -8,7 +8,8 @@ class User < ActiveRecord::Base :rememberable, :confirmable, :lockable, - :trackable + :trackable, + :timeoutable ] GENDERS = %w[male female] diff --git a/app/views/layouts/_messages.html.erb b/app/views/layouts/_messages.html.erb index 2884e0e91..b5e081551 100644 --- a/app/views/layouts/_messages.html.erb +++ b/app/views/layouts/_messages.html.erb @@ -1,5 +1,7 @@ <% flash.each do |key, value| %> -
+ <% next if key == 'timedout' %> + +
  • diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb index 7e935c423..24a002979 100644 --- a/config/initializers/devise.rb +++ b/config/initializers/devise.rb @@ -148,7 +148,7 @@ # ==> Configuration for :timeoutable # The time you want to timeout the user session without activity. After this # time the user will be asked for credentials again. Default is 30 minutes. - # config.timeout_in = 30.minutes + config.timeout_in = 1.hour # If true, expires auth token on session timeout. # config.expire_auth_token_on_timeout = false diff --git a/config/initializers/session_store.rb b/config/initializers/session_store.rb index 93ca53982..3de777e44 100644 --- a/config/initializers/session_store.rb +++ b/config/initializers/session_store.rb @@ -1,3 +1,3 @@ # Be sure to restart your server when you modify this file. -Rails.application.config.session_store :cookie_store, key: '_timeoverflow_session', expire_after: 1.hour +Rails.application.config.session_store :cookie_store, key: '_timeoverflow_session' From 4a318ec728e0d0e6a7d03a74e92e78061a24c67e Mon Sep 17 00:00:00 2001 From: Maxim Colls Date: Wed, 13 Jun 2018 19:38:06 +0100 Subject: [PATCH 4/5] Remember users for 4 weeks if they check the option --- config/initializers/devise.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb index 24a002979..b26fd5bae 100644 --- a/config/initializers/devise.rb +++ b/config/initializers/devise.rb @@ -127,7 +127,7 @@ # ==> Configuration for :rememberable # The time the user will be remembered without asking for credentials again. - config.remember_for = 2.weeks + config.remember_for = 4.weeks # If true, extends the user's remember period when remembered via cookie. config.extend_remember_period = false From e7990fbd0128182c4b1c3487f6417358202e6eda Mon Sep 17 00:00:00 2001 From: Maxim Colls Date: Tue, 19 Jun 2018 15:22:04 +0100 Subject: [PATCH 5/5] Removed authentication before filter from posts controller --- app/controllers/posts_controller.rb | 2 -- 1 file changed, 2 deletions(-) diff --git a/app/controllers/posts_controller.rb b/app/controllers/posts_controller.rb index 2ad1acd2f..220d68715 100644 --- a/app/controllers/posts_controller.rb +++ b/app/controllers/posts_controller.rb @@ -1,6 +1,4 @@ class PostsController < ApplicationController - before_action :authenticate_user! - has_scope :by_category, as: :cat has_scope :tagged_with, as: :tag has_scope :by_organization, as: :org