Permalink
Browse files

Baby steps in removing authentication from refinery. (woohoo!)

  • Loading branch information...
robyurkowski authored and parndt committed Oct 26, 2014
1 parent aa35b11 commit eb2a0efd25d0072c428b882a5507075fb88709a3
@@ -0,0 +1,9 @@
module Refinery
module AuthenticationHelper
def refinery_user?
true
end
end
end
@@ -21,7 +21,7 @@
</span>
<%= link_to t('.log_out', site_bar_translate_locale_args),
refinery.logout_path, :id => 'logout' %>
refinery_logout_path, :id => 'logout' %>
</div>
</div>
</div>
@@ -5,9 +5,7 @@ describe Refinery do
describe "<%= namespacing %>" do
describe "Admin" do
describe "<%= plural_name %>", type: :feature do
refinery_login_with :refinery_user
refinery_login
<% if (title = attributes.detect { |a| a.type.to_s == "string" }).present? %>
describe "<%= plural_name %> list" do
before do
@@ -20,7 +20,7 @@ module Refinery
def notification_recipients
Refinery::Setting.find_or_set(:<%= singular_name %>_notification_recipients,
(Role[:refinery].users.first.try(:email) if defined?(Role)).to_s)
(Zilch::UsersManager.instance.primary_user.try(:email)).to_s)
end
def notification_subject
@@ -7,9 +7,10 @@ module BaseController
def self.included(base)
base.layout :layout?
base.before_action :require_refinery_users!, :force_ssl!,
:authenticate_refinery_user!, :restrict_plugins,
base.before_action :force_ssl!,
:authenticate_refinery_user!,
:restrict_controller
base.after_action :store_location?, :only => [:index] # for redirect_back_or_default
base.helper_method :searching?, :group_by_date, :refinery_admin_root_path
@@ -36,6 +37,10 @@ def force_ssl!
redirect_to :protocol => 'https' if Refinery::Core.force_ssl && !request.ssl?
end
def authenticate_refinery_user!
::Zilch::AuthorisationManager.instance.authenticate!
end
def group_by_date(records)
new_records = []
@@ -48,53 +53,60 @@ def group_by_date(records)
new_records
end
def require_refinery_users!
redirect_to refinery.new_signup_path if just_installed? && controller_name != 'users'
end
def restrict_plugins
current_length = (plugins = current_refinery_user.authorized_plugins).length
# Superusers get granted access if they don't already have access.
if current_refinery_user.has_role?(:superuser)
if (plugins = plugins | ::Refinery::Plugins.registered.names).length > current_length
current_refinery_user.plugins = plugins
end
end
::Refinery::Plugins.set_active(plugins)
end
def restrict_controller
unless allow_controller? params[:controller].gsub 'admin/', ''
logger.warn "'#{current_refinery_user.username}' tried to access '#{params[:controller]}' but was rejected."
logger.warn "'#{current_refinery_user}' tried to access '#{params[:controller]}' but was rejected."
error_404
end
end
private
def allow_controller?(controller_path)
::Refinery::Plugins.active.any? do |plugin|
Regexp.new(plugin.menu_match) === controller_path
end
::Zilch::AuthorisationManager.instance.allow_access_to_controller?(controller_path)
end
def layout?
"refinery/admin#{'_dialog' if from_dialog?}"
end
# TODO: all store_location stuff should be in its own object..
# Check whether it makes sense to return the user to the last page they
# were at instead of the default e.g. refinery_admin_pages_path
# right now we just want to snap back to index actions and definitely not to dialogues.
def store_location?
store_location unless request.xhr? || from_dialog?
end
# Override authorized? so that only users with the Refinery role can admin the website.
def authorized?
refinery_user?
# Store the URI of the current request in the session.
#
# We can return to this location by calling #redirect_back_or_default.
def store_location
session[:return_to] = request.fullpath
end
# Clear and return the stored location
def pop_stored_location
session.delete(:return_to)
end
# Redirect to the URI stored by the most recent store_location call or
# to the passed default.
def redirect_back_or_default(default)
redirect_to(pop_stored_location || default)
end
# Override authorized? so that only users with the Refinery role can admin the website.
# def authorized?
# refinery_user?
# end
# def refinery_user?
# auth_manager = Refinery::AuthenticationManager.instance
# auth_manager.authenticated? && auth_manager.
# Zilch::AuthorisationManager.instance.current_user.has_role?(:refinery)
end
end
end
@@ -2,55 +2,59 @@ module Refinery
module ApplicationController
def self.included(base) # Extend controller
base.helper_method :home_page?, :local_request?, :just_installed?,
:from_dialog?, :admin?, :login?
base.helper_method :home_page?,
:local_request?,
:from_dialog?,
:admin?,
:refinery_logout_path,
:current_refinery_user
base.protect_from_forgery # See ActionController::RequestForgeryProtection
base.send :include, Refinery::Crud # basic create, read, update and delete methods
if Refinery::Core.rescue_not_found
base.rescue_from ActiveRecord::RecordNotFound,
base.rescue_from ::ActiveRecord::RecordNotFound,
::AbstractController::ActionNotFound,
ActionView::MissingTemplate,
::ActionView::MissingTemplate,
:with => :error_404
end
end
def admin?
%r{^admin/} === controller_name
%r{\Aadmin/} === controller_name
end
def error_404(exception = nil)
# fallback to the default 404.html page.
file = Rails.root.join 'public', '404.html'
file = Refinery.roots('refinery/core').join('public', '404.html') unless file.exist?
render :file => file.cleanpath.to_s.gsub(%r{#{file.extname}$}, ''),
:layout => false, :status => 404, :formats => [:html]
:layout => false, :status => 404, :formats => [:html]
return false
end
def from_dialog?
params[:dialog] == 'true' or params[:modal] == 'true'
params[:dialog] == 'true' || params[:modal] == 'true'
end
def home_page?
%r{^#{Regexp.escape(request.path)}} === refinery.root_path
end
def just_installed?
Refinery::Role[:refinery].users.empty?
end
def local_request?
Rails.env.development? || /(::1)|(127.0.0.1)|((192.168).*)/ === request.remote_ip
end
def login?
(/^(user|session)(|s)/ === controller_name && !admin?) || just_installed?
def refinery_logout_path
nil
end
def current_refinery_user
Zilch::AuthorisationManager.instance.current_user
end
protected
protected
# use a different model for the meta information.
def present(model)
@@ -3,7 +3,7 @@
module Refinery
module Admin
describe CoreController, :type => :controller do
refinery_login_with_factory :refinery_user
refinery_login
it "updates the plugin positions" do
plugins = logged_in_user.plugins.reverse.map &:name
@@ -2,7 +2,7 @@
module Refinery
describe "custom", :type => :feature do
refinery_login_with :refinery_user
refinery_login
after do
Refinery::Core.javascripts.reject! { |j| %w[custom_js].include?(j) }
Refinery::Core.stylesheets.reject! { |s| %w[custom_css].include?(s.path) }
@@ -2,7 +2,7 @@
module Refinery
describe "dialog", :type => :feature do
refinery_login_with :refinery_user
refinery_login
context "links" do
it "have iframe src" do
@@ -2,7 +2,7 @@
module Refinery
describe 'layout', :type => :feature do
refinery_login_with :refinery_user
refinery_login
let(:home_page) do
FactoryGirl.create :page, :title => 'Home', :link_url => '/'
@@ -2,7 +2,7 @@
module Refinery
describe "site bar", :type => :feature do
refinery_login_with :refinery_user
refinery_login
it "has a logout link" do
visit Refinery::Core.backend_path
@@ -4,15 +4,10 @@
config.extend Refinery::Testing::ControllerMacros::Authentication, :type => :controller
config.include Refinery::Testing::ControllerMacros::Routes, :type => :controller
config.extend Refinery::Testing::FeatureMacros::Authentication, :type => :feature
config.include Warden::Test::Helpers
# set some config values so that image and resource factories don't fail to create
config.before do
Refinery::Images.max_image_size = 5_242_880 if defined?(Refinery::Images)
Refinery::Resources.max_file_size = 52_428_800 if defined?(Refinery::Resources)
end
config.after do
Warden.test_reset!
end
end
@@ -1,15 +1,14 @@
require "spec_helper"
module Refinery
describe "the Admin Images Tab" do
refinery_login_with :refinery_user
describe "the Admin Images Tab", type: :feature do
refinery_login
include_context 'admin images tab'
context 'When there are no images' do
include_context 'no existing images'
it 'says there are no images'do
it 'says there are no images' do
visit refinery.admin_images_path
expect(page).to have_content(::I18n.t('no_images_yet', scope: 'refinery.admin.images.records'))
end
@@ -72,4 +71,3 @@ module Refinery
end
end
View
@@ -1,3 +1,3 @@
%w(core authentication images resources pages).each do |extension|
%w(core images resources pages).each do |extension|
require "refinerycms-#{extension}"
end
@@ -16,7 +16,7 @@ def expect_window_without_content(content, window: windows.last)
module Refinery
module Admin
describe "Pages", :type => :feature do
refinery_login_with :refinery_user
refinery_login
context "when no pages" do
it "invites to create one" do
View
@@ -20,7 +20,6 @@ Gem::Specification.new do |s|
s.files = `git ls-files -- lib/* templates/*`.split("\n")
s.add_dependency 'refinerycms-authentication', version
s.add_dependency 'refinerycms-core', version
s.add_dependency 'refinerycms-images', version
s.add_dependency 'refinerycms-pages', version
@@ -4,7 +4,7 @@
module Refinery
module Admin
describe "Resources", :type => :feature do
refinery_login_with :refinery_user
refinery_login
context "when no files" do
it "invites to upload file" do
@@ -2,45 +2,19 @@ module Refinery
module Testing
module ControllerMacros
module Authentication
def self.extended(base)
base.send :include, Devise::TestHelpers
end
def refinery_login_with(*roles)
roles = handle_deprecated_roles!(roles).flatten
let(:logged_in_user) do
user = FactoryGirl.create :user
roles.each do |role|
user.add_role(role)
end
user
end
before do
@request.env["devise.mapping"] = Devise.mappings[:admin]
sign_in logged_in_user
end
Refinery.deprecate('refinery_login_with', when: '3.1', replacement: 'refinery_login')
refinery_login
end
def refinery_login_with_factory(factory)
factory_user factory
end
def factory_user(factory)
let(:logged_in_user) { FactoryGirl.create factory }
before do
@request.env["devise.mapping"] = Devise.mappings[:admin]
sign_in logged_in_user
end
Refinery.deprecate('refinery_login_with_factory', when: '3.1', replacement: 'refinery_login')
refinery_login
end
private
def handle_deprecated_roles!(*roles)
mappings = {
:user => [],
:refinery_user => [:refinery],
:refinery_superuser => [:refinery, :superuser]
}
mappings[roles.first] || roles
def refinery_login
# NO-OP for now.
end
end
end
Oops, something went wrong.

0 comments on commit eb2a0ef

Please sign in to comment.