Fixed the long standing issue where tags that are only related to unpublished posts are still shown in navigation by way of the NavigationHelper#category_links_for_navigation helper method. Now making use of the cached_tag_list attribute on the Post model in order to reduce the number of database queries generated by the NavigationHelper#category_links_for_navigation helper method. Removed NavigationHelper#class_for_tab helper method as it does not appear to be used anywhere. Fixed/updated specs and reverted back to previous behaviour where a request for an unpublished tag will result in an ActiveRecord::RecordNotFound exception. Also minor code clean up for consistency/readability.
The open_id_authentication gem is no longer used. This commit includes a migration that removes the two tables used by the open_id_authentication gem (i.e. the open_id_authentication_nonces and open_id_authentication_associations tables). Enki now supports Google OpenID Connect (OAuth 2.0 for Login) and OpenID 2.0 by default. But further OmniAuth strategies can be added if desired. Closes #97.
Tag names can now only contain alphanumeric, underscore, space, dot and dash characters. Other characters will be filtered out, ampersands will be expanded to 'and'. This limitation has been enforced to avoid complications with routing where tag names are involved. Updated specs accordingly.
Tags can now be viewed in HTML and Atom format regardless of whether the tag name contains a dot character or not. The regular expression that matches tag names currently allows upper/lower case letters, numbers, dots, dashes, underscores and spaces (URL encoded or not). Updated relevant specs. Moved routing specs into posts_routing_spec.rb as this seems like a more fitting place for them.
When a tag name contains a dot character, Rails interprets this as the separator for a formatted route and splits the tag name into the section before the dot which is interpreted as the expected :tag parameter, and the section after the dot which is interpreted as an unexpected :format parameter. This commit restores correct behaviour in the event that a tag name contains a dot character and includes spec coverage. Fixes #93.
Rails now contains code that resets the session if the CSRF request forgery check fails. This was happening on the OpenID callback when logging in to the Enki admin area, which broke OpenID login. This commit disables the CSRF check only for OpenID callbacks when logging in to the Enki admin area. Fixes #91.
Added factory_girl factories for use with update specs on: admin/comments_controller_spec.rb admin/posts_controller_spec.rb
Start making use of the comment_params method in admin/comments_controller.rb. Removed author_url and author_email from the params whitelist in comments_controller.rb as according to the spec, these should not be able to be set from the front end anyway.
The move to Rails 4 and strong parameters necessitates whitelisting of parameters being processed by the controller. The exclusion of the :tag_list, :published_at_natural and :slug parameters from the whitelist means that these data are not being saved to the db and hence no new post will be displayed on the front end, no new tags will be saved and the post slug cannot be updated after initial creation. This commit fixes these issues.