Permalink
Browse files

Initial comment for Devise related changes. There are tests that stil…

…l need to be fixed and cruft to clean up...
  • Loading branch information...
1 parent 30b3cde commit e8e6391a88fa764072402c761178753d3dfd370b Mark Steckel committed Aug 26, 2013
Showing with 769 additions and 138 deletions.
  1. +1 −0 Gemfile
  2. +9 −0 Gemfile.lock
  3. +1 −1 app/assets/stylesheets/login_signup.css.scss
  4. +10 −5 app/controllers/application_controller.rb
  5. +2 −1 app/controllers/users_controller.rb
  6. +33 −13 app/models/user.rb
  7. +2 −1 app/validators/old_password_validator.rb
  8. +9 −0 app/views/devise/confirmations/new.html.haml
  9. +4 −0 app/views/devise/mailer/confirmation_instructions.html.haml
  10. +6 −0 app/views/devise/mailer/reset_password_instructions.html.haml
  11. +5 −0 app/views/devise/mailer/unlock_instructions.html.haml
  12. +12 −0 app/views/devise/passwords/edit.html.haml
  13. +8 −0 app/views/devise/passwords/new.html.haml
  14. +18 −0 app/views/devise/registrations/edit.html.haml
  15. +10 −0 app/views/devise/registrations/new.html.haml
  16. +24 −0 app/views/devise/sessions/new.html.haml
  17. +19 −0 app/views/devise/shared/_links.haml
  18. +9 −0 app/views/devise/unlocks/new.html.haml
  19. +2 −2 app/views/layouts/application.html.haml
  20. +1 −1 app/views/shared/_navigation.html.haml
  21. +1 −1 app/views/users/edit.html.haml
  22. +252 −0 config/initializers/devise.rb
  23. +59 −0 config/locales/devise.en.yml
  24. +12 −5 config/routes.rb
  25. +98 −0 db/migrate/20130821005215_add_devise_to_users.rb
  26. +38 −11 db/structure.sql
  27. +2 −2 spec/controllers/application_controller_spec.rb
  28. +5 −1 spec/controllers/petitions_controller_spec.rb
  29. +63 −58 spec/controllers/sessions_controller_spec.rb
  30. +6 −6 spec/controllers/users_controller_spec.rb
  31. +10 −10 spec/models/user_spec.rb
  32. +18 −10 spec/spec_helper.rb
  33. +3 −0 spec/support/devise.rb
  34. +1 −1 spec/support/request_flows.rb
  35. +16 −9 spec/support/shared_examples.rb
View
@@ -61,6 +61,7 @@ gem 'activerecord-postgres-hstore'
# To use ActiveModel has_secure_password
gem 'bcrypt-ruby', '~> 3.0.0'
+gem 'devise'
# for whiplash
gem 'redis'
View
@@ -123,6 +123,11 @@ GEM
debugger-ruby_core_source (~> 1.2.3)
debugger-linecache (1.2.0)
debugger-ruby_core_source (1.2.3)
+ devise (3.0.3)
+ bcrypt-ruby (~> 3.0)
+ orm_adapter (~> 0.1)
+ railties (>= 3.2.6, < 5)
+ warden (~> 1.2.3)
diff-lcs (1.1.3)
dkim (1.0.0)
dotenv (0.8.0)
@@ -199,6 +204,7 @@ GEM
newrelic_rpm (3.6.6.147)
nokogiri (1.5.6)
oauth (0.4.7)
+ orm_adapter (0.4.0)
pg (0.14.1)
pg-hstore (1.2.0)
polyglot (0.3.3)
@@ -349,6 +355,8 @@ GEM
rack
raindrops (~> 0.7)
uuidtools (2.1.3)
+ warden (1.2.3)
+ rack (>= 1.0)
websocket (1.0.7)
will_paginate (3.0.4)
xml-simple (1.1.2)
@@ -373,6 +381,7 @@ DEPENDENCIES
capybara-webkit
carmen-rails
dalli
+ devise
dkim
factory_girl_rails (~> 3.0)
faker (~> 1.0)
@@ -1,4 +1,4 @@
-body.users.new {
+body.users.new, body.sessions.new {
background-image: image-url('protests.jpg');
background-position: 0 0;
background-repeat: repeat-y;
@@ -1,4 +1,5 @@
class ApplicationController < ActionController::Base
+
include Whiplash
extend Memoist
helper_method :win!, :spin!, :spin_if_cool_browser!, :measure!, :is_admin
@@ -41,17 +42,21 @@ def streaming_csv_export(export)
self.response_body = export.as_csv_stream
end
+ def after_sign_in_path_for(resource)
+ sign_in_url = url_for(:action => 'new', :controller => 'sessions', :only_path => false, :protocol => 'http')
+ if request.referer == sign_in_url
+ super
+ else
+ stored_location_for(resource) || root_path
+ end
+ end
+
private
def browser_is_cool?
browser.firefox? || browser.chrome? || browser.safari?
end
- def current_user
- @current_user ||= User.find_by_id(session[:user_id]) if session[:user_id]
- end
- helper_method :current_user
-
def require_login
if current_user.nil?
session['redirect_url'] = request.url
@@ -19,7 +19,8 @@ def create
def update
@user = current_user
if @user.update_attributes(params[:user])
- flash.notice = "Password was successfully updated"
+ flash.notice = "Password was successfully updated."
+ sign_in @user, :bypass => true
redirect_to root_url
else
render action: "edit"
View
@@ -1,20 +1,40 @@
-require "old_password_validator"
-
class User < ActiveRecord::Base
- attr_accessor :old_password
+ # Include default devise modules. Others available are:
+ # :token_authenticatable, :confirmable,
+ # :lockable, :timeoutable and :omniauthable
+ devise :database_authenticatable, :registerable,
+ :recoverable, :rememberable, :trackable, :validatable #, :lockable
+
+ attr_accessor :current_password
attr_accessor :skip_validation
+
+ # Setup accessible (or protected) attributes for your model
+ attr_accessible :email, :password, :password_confirmation, :current_password, :remember_me
+ attr_accessible :is_super_user, :is_admin, :as => :admin
+
validates_presence_of :password, :unless => :skip_validation
validates_presence_of :password_confirmation, :unless => :skip_validation
- validates :old_password, :old_password => true, :presence => true, :on => :update, :if => :password_digest_changed?
- attr_accessible :email, :password, :old_password, :password_confirmation
- attr_accessible :email, :is_super_user, :is_admin, :as => :admin
-
- has_secure_password
- validates :email, :presence => true, :uniqueness => true , :email => true
-
- after_validation :remove_password_digest_errors
+ validate :check_current_password, :on => :update, :if => :encrypted_password_changed?
+
+ after_validation :remove_encrypted_password_errors
- def remove_password_digest_errors
- errors.delete :password_digest if errors.include? :password
+ def remove_encrypted_password_errors
+ errors.delete :encrypted_password if errors.include? :password
+ end
+
+ private
+
+ def check_current_password
+ # old_user = User.find(self.id)
+ if self.current_password.blank?
+ self.errors[:current_password] << " current password can not be blank"
+ else
+ u = User.find(self.id)
+ if ! u.valid_password? current_password
+ self.errors[:current_password] << " is not your previous password"
+ end
+ end
end
+
+
end
@@ -1,7 +1,8 @@
class OldPasswordValidator < ActiveModel::EachValidator
def validate_each(object, attribute, value)
old_user = User.find(object.id)
- unless old_user.authenticate value
+# unless old_user.authenticate value
+ unless sign_in old_user, attribute => value
object.errors[attribute] << (options[:message] || " is not your previous password")
end
end
@@ -0,0 +1,9 @@
+%h2 Resend confirmation instructions
+= simple_form_for(resource, :as => resource_name, :url => confirmation_path(resource_name), :html => { :method => :post }) do |f|
+ = f.error_notification
+ = f.full_error :confirmation_token
+ .form-inputs
+ = f.input :email, :required => true, :autofocus => true
+ .form-actions
+ = f.button :submit, "Resend confirmation instructions"
+= render "devise/shared/links"
@@ -0,0 +1,4 @@
+%p
+ Welcome #{@email}!
+%p You can confirm your account email through the link below:
+%p= link_to 'Confirm my account', confirmation_url(@resource, :confirmation_token => @resource.confirmation_token)
@@ -0,0 +1,6 @@
+%p
+ Hello #{@resource.email}!
+%p Someone has requested a link to change your password. You can do this through the link below.
+%p= link_to 'Change my password', edit_password_url(@resource, :reset_password_token => @resource.reset_password_token)
+%p If you didn't request this, please ignore this email.
+%p Your password won't change until you access the link above and create a new one.
@@ -0,0 +1,5 @@
+%p
+ Hello #{@resource.email}!
+%p Your account has been locked due to an excessive number of unsuccessful sign in attempts.
+%p Click the link below to unlock your account:
+%p= link_to 'Unlock my account', unlock_url(@resource, :unlock_token => @resource.unlock_token)
@@ -0,0 +1,12 @@
+%h2 Change your password
+= simple_form_for(resource, :as => resource_name, :url => password_path(resource_name), :html => { :method => :put }) do |f|
+ = f.error_notification
+ = f.input :reset_password_token, :as => :hidden
+ = f.full_error :reset_password_token
+ .form-inputs
+ = f.input :current_password, :label => "Current password", :required => true, :autofocus => true
+ = f.input :password, :label => "New password", :required => true
+ = f.input :password_confirmation, :label => "Confirm your new password", :required => true
+ .form-actions
+ = f.button :submit, "Change my password"
+/= render "devise/shared/links"
@@ -0,0 +1,8 @@
+%h2 Forgot your password?
+= simple_form_for(resource, :as => resource_name, :url => password_path(resource_name), :html => { :method => :post }) do |f|
+ = f.error_notification
+ .form-inputs
+ = f.input :email, :required => true, :autofocus => true
+ .form-actions
+ = f.button :submit, "Send me reset password instructions"
+= render "devise/shared/links"
@@ -0,0 +1,18 @@
+%h2
+ Edit #{resource_name.to_s.humanize}
+= simple_form_for(resource, :as => resource_name, :url => registration_path(resource_name), :html => { :method => :put }) do |f|
+ = f.error_notification
+ .form-inputs
+ = f.input :email, :required => true, :autofocus => true
+ - if devise_mapping.confirmable? && resource.pending_reconfirmation?
+ %p
+ Currently waiting confirmation for: #{resource.unconfirmed_email}
+ = f.input :password, :autocomplete => "off", :hint => "leave it blank if you don't want to change it", :required => false
+ = f.input :password_confirmation, :required => false
+ = f.input :current_password, :hint => "we need your current password to confirm your changes", :required => true
+ .form-actions
+ = f.button :submit, "Update"
+/ %h3 Cancel my account
+/ %p
+/ Unhappy? #{link_to "Cancel my account", registration_path(resource_name), :data => { :confirm => "Are you sure?" }, :method => :delete}
+= link_to "Back", :back
@@ -0,0 +1,10 @@
+%h2 Sign up
+= simple_form_for(resource, :as => resource_name, :url => registration_path(resource_name)) do |f|
+ = f.error_notification
+ .form-inputs
+ = f.input :email, :required => true, :autofocus => true
+ = f.input :password, :required => true
+ = f.input :password_confirmation, :required => true
+ .form-actions
+ = f.button :submit, "Sign up"
+= render "devise/shared/links"
@@ -0,0 +1,24 @@
+.row
+ .span12
+ .signup_login
+ %h1.title Win your campaign for change.
+ .row
+ .span6.offset2
+ = simple_form_for(resource, :as => resource_name, :url => session_path(resource_name), :html => {:class => 'form-horizontal'}) do |f|
+ .form-inputs
+ = f.input :email, :required => true, :autofocus => true, :input_html => { :class => "span4" }
+ = f.input :password, :required => true, :input_html => { :class => "span4" }
+ / = f.input :remember_me, :as => :boolean if devise_mapping.rememberable?
+ .control-group
+ .controls
+ = f.button :submit, :class => 'btn btn-primary', :id => 'login-submit', :value => 'Log in'
+ %br/
+ %br/
+ = render "devise/shared/links"
+ %p.privacypolicy= t 'site.privacy_policy'
+ %small.photo_credit
+ Photo credit:
+ %a{href: "http://www.flickr.com/photos/ramyraoof/5405707930"} RamyRaoof
+
+ .row
+ .span6.offset3
@@ -0,0 +1,19 @@
+- if controller_name != 'sessions'
+ = link_to "Sign in", new_session_path(resource_name)
+ %br/
+/ - if devise_mapping.registerable? && controller_name != 'registrations'
+/ = link_to "Sign up", new_registration_path(resource_name)
+/ %br/
+- if devise_mapping.recoverable? && controller_name != 'passwords'
+ = link_to "Forgot your password?", new_password_path(resource_name)
+ %br/
+- if devise_mapping.confirmable? && controller_name != 'confirmations'
+ = link_to "Didn't receive confirmation instructions?", new_confirmation_path(resource_name)
+ %br/
+/ - if devise_mapping.lockable? && resource_class.unlock_strategy_enabled?(:email) && controller_name != 'unlocks'
+/ = link_to "Didn't receive unlock instructions?", new_unlock_path(resource_name)
+/ %br/
+/ - if devise_mapping.omniauthable?
+/ - resource_class.omniauth_providers.each do |provider|
+/ = link_to "Sign in with #{provider.to_s.titleize}", omniauth_authorize_path(resource_name, provider)
+/ %br/
@@ -0,0 +1,9 @@
+%h2 Resend unlock instructions
+= simple_form_for(resource, :as => resource_name, :url => unlock_path(resource_name), :html => { :method => :post }) do |f|
+ = f.error_notification
+ = f.full_error :unlock_token
+ .form-inputs
+ = f.input :email, :required => true, :autofocus => true
+ .form-actions
+ = f.button :submit, "Resend unlock instructions"
+= render "devise/shared/links"
@@ -7,7 +7,7 @@
- if browser.ie?
%link{:href => "/assets/application_ie.css", :media => "screen", :rel => "stylesheet", :type => "text/css"}
- else
- = stylesheet_link_tag :application
+ = stylesheet_link_tag :application, :debug => false
%title= content_for?(:title) ? yield(:title) : @title
= csrf_meta_tags
= yield :meta_tags
@@ -37,6 +37,6 @@
- org_name = AppSettings.require_keys!('organization.name')
© 2013 #{org_name} (<a href="#{@contact_url}">contact us</a>)
- = javascript_include_tag :application
+ = javascript_include_tag :application, :debug => false
%script{type: "text/javascript"}
= yield :javascripts
@@ -40,6 +40,6 @@
%b.caret
%ul.dropdown-menu
%li= link_to('Change Password', edit_user_path(current_user))
- %li= link_to('Log Out', logout_path, :class => 'nodivider', :id => 'logout')
+ %li= link_to('Log Out', destroy_user_session_path, :method => :delete, :class => 'nodivider', :id => 'logout')
- elsif controller_name == 'petitions' && action_name == 'show'
.nodivider
@@ -2,7 +2,7 @@
%h1 Change Password
= simple_form_for current_user do |f|
- = f.input :old_password, :input_html => { :autocomplete => "off" }
+ = f.input :current_password, :input_html => { :autocomplete => "off" }
= f.input :password, :input_html => { :autocomplete => "off" }
= f.input :password_confirmation, :input_html => { :autocomplete => "off" }
= f.button :submit, :class => 'btn btn-primary', :value => 'Update Password'
Oops, something went wrong.

0 comments on commit e8e6391

Please sign in to comment.