diff --git a/Gemfile b/Gemfile index a92a25eca..cb6d11592 100644 --- a/Gemfile +++ b/Gemfile @@ -11,8 +11,8 @@ gem 'ohai', '0.5.8', :require => false #Chef dependency gem 'nokogiri', '1.4.3.1' #Security -gem 'devise', '1.1.3' -gem 'devise_invitable', :git => 'git://github.com/zhitomirskiyi/devise_invitable.git', :branch => '0.3.5' +gem 'devise', '1.3.1' +gem 'devise_invitable', '0.5.0' #Authentication gem 'omniauth', '0.1.6' diff --git a/Gemfile.lock b/Gemfile.lock index be193e65b..1312cdc57 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -50,14 +50,6 @@ GIT multi_xml (~> 0.2.0) simple_oauth (~> 0.1.2) -GIT - remote: git://github.com/zhitomirskiyi/devise_invitable.git - revision: 85abb5fef4ab4f74db818ed3d8104c2f7d24b94e - branch: 0.3.5 - specs: - devise_invitable (0.3.5) - devise (~> 1.1.0) - PATH remote: vendor/gems/jasmine specs: @@ -166,9 +158,13 @@ GEM culerity (0.2.15) daemons (1.1.2) database_cleaner (0.6.0) - devise (1.1.3) + devise (1.3.1) bcrypt-ruby (~> 2.1.2) - warden (~> 0.10.7) + orm_adapter (~> 0.0.3) + warden (~> 1.0.3) + devise_invitable (0.5.0) + devise (~> 1.3.1) + rails (>= 3.0.0, <= 3.2) diff-lcs (1.1.2) erubis (2.6.6) abstract (>= 1.0.0) @@ -301,6 +297,7 @@ GEM oa-oauth (= 0.1.6) oa-openid (= 0.1.6) open4 (1.0.1) + orm_adapter (0.0.5) polyglot (0.3.1) pyu-ruby-sasl (0.0.3.2) rack (1.2.2) @@ -391,8 +388,8 @@ GEM uuidtools (2.1.2) vegas (0.1.8) rack (>= 1.0.0) - warden (0.10.7) - rack (>= 1.0.0) + warden (1.0.4) + rack (>= 1.0) webmock (1.6.2) addressable (>= 2.2.2) crack (>= 0.1.7) @@ -418,8 +415,8 @@ DEPENDENCIES cloudfiles (= 1.4.10) cucumber-rails (= 0.3.2) database_cleaner (= 0.6.0) - devise (= 1.1.3) - devise_invitable! + devise (= 1.3.1) + devise_invitable (= 0.5.0) em-websocket! excon (= 0.2.4) factory_girl_rails diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 431259e51..b0001ad64 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -21,6 +21,7 @@ class UsersController < ApplicationController def update + password_changed = false u = params[:user] @user = current_user @@ -32,9 +33,10 @@ class UsersController < ApplicationController if u[:email_preferences] @user.update_user_preferences(u[:email_preferences]) flash[:notice] = I18n.t 'users.update.email_notifications_changed' - # change passowrd + # change password elsif u[:current_password] && u[:password] && u[:password_confirmation] if @user.update_with_password(u) + password_changed = true flash[:notice] = I18n.t 'users.update.password_changed' else flash[:error] = I18n.t 'users.update.password_not_changed' @@ -58,7 +60,11 @@ class UsersController < ApplicationController render :nothing => true, :status => 204 } format.all{ - redirect_to edit_user_path + if password_changed + redirect_to new_user_session_path + else + redirect_to edit_user_path + end } end end diff --git a/app/models/invitation.rb b/app/models/invitation.rb index 0463bc08b..80336c405 100644 --- a/app/models/invitation.rb +++ b/app/models/invitation.rb @@ -11,6 +11,7 @@ class Invitation < ActiveRecord::Base validates_presence_of :sender, :recipient, :aspect def self.invite(opts = {}) + opts[:identifier].downcase! if opts[:identifier] return false if opts[:identifier] == opts[:from].email existing_user = self.find_existing_user(opts[:service], opts[:identifier]) @@ -74,7 +75,8 @@ class Invitation < ActiveRecord::Base opts[:from].save! invitee.reload end - invitee.invite!(:email => (opts[:service] == 'email')) + invitee.skip_invitation = (opts[:service] != 'email') + invitee.invite! log_string = "event=invitation_sent to=#{opts[:identifier]} service=#{opts[:service]} " log_string << "inviter=#{opts[:from].diaspora_handle} inviter_uid=#{opts[:from].id} inviter_created_at_unix=#{opts[:from].created_at.to_i}" if opts[:from] Rails.logger.info(log_string) diff --git a/app/models/person.rb b/app/models/person.rb index 6ab4a9109..511c0ccad 100644 --- a/app/models/person.rb +++ b/app/models/person.rb @@ -20,9 +20,9 @@ class Person < ActiveRecord::Base has_one :profile delegate :last_name, :to => :profile - before_save :downcase_diaspora_handle + before_validation :downcase_diaspora_handle def downcase_diaspora_handle - diaspora_handle.downcase! + diaspora_handle.downcase! unless diaspora_handle.blank? end has_many :contacts #Other people's contacts for this person @@ -39,7 +39,7 @@ class Person < ActiveRecord::Base before_validation :clean_url validates_presence_of :url, :profile, :serialized_public_key - validates_uniqueness_of :diaspora_handle, :case_sensitive => false + validates_uniqueness_of :diaspora_handle scope :searchable, joins(:profile).where(:profiles => {:searchable => true}) @@ -230,7 +230,7 @@ class Person < ActiveRecord::Base def remove_all_traces Notification.joins(:notification_actors).where(:notification_actors => {:person_id => self.id}).all.each{ |n| n.destroy} end - + def fix_profile Webfinger.new(self.diaspora_handle).fetch self.reload diff --git a/app/models/user.rb b/app/models/user.rb index 93e0cce1b..23894a777 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -15,11 +15,11 @@ class User < ActiveRecord::Base :recoverable, :rememberable, :trackable, :validatable, :timeoutable - before_validation :strip_and_downcase_username, :on => :create + before_validation :strip_and_downcase_username before_validation :set_current_language, :on => :create validates_presence_of :username - validates_uniqueness_of :username, :case_sensitive => false + validates_uniqueness_of :username validates_format_of :username, :with => /\A[A-Za-z0-9_]+\z/ validates_length_of :username, :maximum => 32 validates_inclusion_of :language, :in => AVAILABLE_LANGUAGE_CODES @@ -76,12 +76,13 @@ class User < ActiveRecord::Base self.language = I18n.locale.to_s if self.language.blank? end - def self.find_for_authentication(conditions={}) + def self.find_for_database_authentication(conditions={}) + conditions = conditions.dup conditions[:username] = conditions[:username].downcase if conditions[:username] =~ /^([\w\.%\+\-]+)@([\w\-]+\.)+([\w]{2,})$/i # email regex conditions[:email] = conditions.delete(:username) end - super(conditions) + where(conditions).first end def can_add?(person) diff --git a/app/views/devise/mailer/invitation.html.haml b/app/views/devise/mailer/invitation_instructions.html.haml similarity index 100% rename from app/views/devise/mailer/invitation.html.haml rename to app/views/devise/mailer/invitation_instructions.html.haml diff --git a/config/locales/devise/devise.en.yml b/config/locales/devise/devise.en.yml index 4af406233..c3c86413b 100644 --- a/config/locales/devise/devise.en.yml +++ b/config/locales/devise/devise.en.yml @@ -72,7 +72,7 @@ en: account_locked: "Your account has been locked due to an excessive amount of unsuccessful sign in attempts." click_to_unlock: "Click the link below to unlock your account:" unlock: "Unlock my account" - invitation: + invitation_instructions: subject: "You've been invited to join Diaspora!" accept: "Accept invitation" ignore: "If you don't want to accept the invitation, please ignore this email." diff --git a/config/locales/diaspora/en.yml b/config/locales/diaspora/en.yml index 68dc49ff7..1c33450bf 100644 --- a/config/locales/diaspora/en.yml +++ b/config/locales/diaspora/en.yml @@ -645,7 +645,7 @@ en: find_your_friends_on_diaspora: "Would you like to find your Facebook friends on Diaspora?" skip: "Skip" update: - password_changed: "Password Changed" + password_changed: "Password Changed. You can now log in with your new password." password_not_changed: "Password Change Failed" language_changed: "Language Changed" language_not_changed: "Language Change Failed" diff --git a/db/migrate/20110513175000_eliminate_stray_user_records.rb b/db/migrate/20110513175000_eliminate_stray_user_records.rb new file mode 100644 index 000000000..7bd1ee00a --- /dev/null +++ b/db/migrate/20110513175000_eliminate_stray_user_records.rb @@ -0,0 +1,29 @@ +class EliminateStrayUserRecords < ActiveRecord::Migration + def self.up + duplicated_emails = execute("SELECT LOWER(email) from users WHERE users.email != '' GROUP BY LOWER(email) HAVING COUNT(*) > 1").to_a + duplicated_emails.each do |email| + records = execute("SELECT users.id, users.username, users.created_at from users WHERE LOWER(users.email) = '#{email}'").to_a + with_username = records.select { |r| !r[1].blank? } + if with_username.length == 1 + execute("DELETE FROM users WHERE LOWER(users.email) = '#{email}' AND users.username IS NULL") + end + if with_username.length == 0 && !email.blank? + newest_record = records.sort_by{|r| r[2].to_i}.last + execute("DELETE FROM users WHERE LOWER(users.email) = '#{email}' AND users.id != #{newest_record[0]}") + end + end + execute < 20110507212759) do +ActiveRecord::Schema.define(:version => 20110513175000) do create_table "aspect_memberships", :force => true do |t| t.integer "aspect_id", :null => false @@ -357,9 +357,11 @@ ActiveRecord::Schema.define(:version => 20110507212759) do t.string "language" t.string "email", :default => "", :null => false t.string "encrypted_password", :limit => 128, :default => "", :null => false - t.string "password_salt", :default => "", :null => false - t.string "invitation_token", :limit => 20 + t.string "invitation_token", :limit => 60 t.datetime "invitation_sent_at" + t.integer "invitation_limit" + t.integer "invited_by_id" + t.string "invited_by_type" t.string "reset_password_token" t.string "remember_token" t.datetime "remember_created_at" diff --git a/features/change_password.feature b/features/change_password.feature index d93f2c725..aeb80bad2 100644 --- a/features/change_password.feature +++ b/features/change_password.feature @@ -10,8 +10,7 @@ Feature: Change password And I fill in "user_password" with "newsecret" And I fill in "user_password_confirmation" with "newsecret" And I press "Change Password" - Then I should see "Password Changed" - When I sign out - Then I should be on the home page - And I sign in with password "newsecret" + Then I should see "Password Changed" + Then I should be on the new user session page + When I sign in with password "newsecret" Then I should be on the aspects page diff --git a/spec/models/invitation_spec.rb b/spec/models/invitation_spec.rb index 004fd6612..369c7440d 100644 --- a/spec/models/invitation_spec.rb +++ b/spec/models/invitation_spec.rb @@ -102,7 +102,7 @@ describe Invitation do end end - context 'invitated user' do + context 'invited user' do it 'by email' do @identifier = @users[3].email @type = 'email' @@ -225,10 +225,10 @@ describe Invitation do }.should_not change { @invitee.reload.serialized_private_key } end - it "changes the invitation token" do + it "does not change the invitation token" do old_token = @invitee.invitation_token Invitation.create_invitee(@valid_params) - @invitee.reload.invitation_token.should_not == old_token + @invitee.reload.invitation_token.should == old_token end end context 'with an inviter' do