Small controller for generating an auth token, if you are an authable user

app/controllers/admins_controller.rb

@@ -29,12 +29,6 @@ class AdminsController < ApplicationController
     redirect_to :back, :notice => notice, :user => {:id => u.id}
   end
 
-  def generate_new_token
-    current_user.reset_authentication_token!
-    current_user.authentication_token
-    redirect_to user_search_path, :notice => "auth token reset" 
-  end
-  
   def admin_inviter
     opts = {:service => 'email', :identifier => params[:identifier]}
     existing_user = Invitation.find_existing_user('email', params[:identifier])

app/controllers/tokens_controller.rb

@@ -0,0 +1,12 @@
+class TokensController < ApplicationController
+  before_filter :redirect_unless_tokenable
+  def redirect_unless_tokenable
+    redirect_to root_url unless current_user.auth_tokenable?
+  end
+
+  def create
+    current_user.reset_authentication_token!
+    current_user.authentication_token
+    redirect_to token_path, :notice => "Authentication token reset."
+  end
+end

app/models/user.rb

@@ -326,6 +326,10 @@ class User < ActiveRecord::Base
     AppConfig[:admins].present? && AppConfig[:admins].include?(self.username)
   end
 
+  def auth_tokenable?
+    admin? || (AppConfig[:auth_tokenable].present? && AppConfig[:auth_tokenable].include?(self.username))
+  end
+
   protected
 
   def remove_person

app/views/admins/user_search.html.haml

@@ -41,9 +41,6 @@
   %br
   %br
   %br
-%h3 your auth token
-%h2= current_user.authentication_token
-= link_to "reset auth token", new_auth_token_path
 %br
 = javascript_include_tag 'apiconsole'
 #query

app/views/aspects/index.html.haml

@@ -22,6 +22,8 @@
 
   %h4.section.invite_friends
     != t('bookmarklet.explanation', :link => link_to(t('bookmarklet.explanation_link_text'), bookmarklet))
+  - if current_user.auth_tokenable?
+    %h4.section.invite_friends= link_to "Generate an authentication token for Cubbi.es", token_path
   - if @invites > 0
     .section.invite_friends
       %h4= t('shared.invitations.invite_your_friends')

app/views/tokens/show.html.haml

@@ -0,0 +1,16 @@
+%h3
+  This is a temporary hack while we develop a more general application framework.
+%div
+  - if current_user.authentication_token
+    %h4= current_user.authentication_token
+  - else
+    %h4 No authentication token set.
+%div
+  = form_tag(token_path) do
+    =submit_tag "Generate new authentication token"
+%br
+%div
+  %h4
+    Click settings on
+    = link_to "Cubbi.es", 'http://cubbi.es'
+    to share your internet folder with the internet!

config/app.yml.example

@@ -87,6 +87,11 @@ default:
   admins:
     - 'example_user1dsioaioedfhgoiesajdigtoearogjaidofgjo'
 
+  #List of users who can generate auth tokens
+  #Temporary so we can work on apps while oauth is being developed
+  auth_tokenable:
+    - 'iknowthatthismanualauthtokenthingisnoteasyorsecure'
+
   #s3 config, if set, carrierwave will store your photos on s3
   #s3_key: 'key'
   #s3_secret: 'secret'

config/routes.rb

@@ -67,6 +67,8 @@ Diaspora::Application.routes.draw do
     resources :photos, :controller => "photos", :only => [:create, :show, :destroy]
   end
 
+  #Temporary token_authenticable route
+  resource :token, :only => [:show, :create]
 
   get 'login' => redirect('/users/sign_in')
 
@@ -74,7 +76,6 @@ Diaspora::Application.routes.draw do
     match 'user_search'   => :user_search
     get   'admin_inviter' => :admin_inviter
     get   'add_invites'   => :add_invites, :as => 'add_invites'
-    get   'generate_new_token' => :generate_new_token, :as => 'new_auth_token'
   end
 
   resource :profile

lib/app_config.rb

@@ -23,7 +23,7 @@ class AppConfig
     generate_pod_uri
     normalize_pod_url
     check_pod_uri
-    downcase_admins
+    downcase_usernames
   end
 
   def self.load_config_for_environment(env)
@@ -77,9 +77,11 @@ class AppConfig
   end
 
 
-  def self.downcase_admins
+  def self.downcase_usernames
-    self.config_vars[:admins] ||= []
+    [:admins, :auth_tokenable].each do |key|
-    self.config_vars[:admins].collect! { |admin| admin.downcase }
+      self.config_vars[key] ||= []
+      self.config_vars[key].collect! { |username| username.downcase }
+    end
   end
 
   def self.load_config_yaml filename

spec/controllers/admins_controller_spec.rb

@@ -59,24 +59,6 @@ describe AdminsController do
     end
   end
 
-  describe '#generate_new_token' do
-    before do
-      AppConfig[:admins] = [@user.username]
-    end
-
-    it 'generates a new token for the current user' do
-      lambda { 
-        get 'generate_new_token' 
-      }.should change{ @user.reload.authentication_token }
-    end
-
-    it 'displays a token' do
-      get 'generate_new_token' 
-      get :user_search
-      response.body.should include(@user.reload.authentication_token)
-    end
-  end
-
   describe '#admin_inviter' do
     context 'admin signed in' do
       before do

spec/controllers/tokens_controller_spec.rb

@@ -0,0 +1,27 @@
+describe TokensController do
+  before do
+    AppConfig[:admins] = [bob.username]
+    AppConfig[:auth_tokenable] = [eve.username]
+  end
+  describe '#create' do
+    it 'generates a new token for the current user' do
+      sign_in bob
+      lambda {
+        get :create
+      }.should change{ bob.reload.authentication_token }
+    end
+    it 'redirects normal users away' do
+      sign_in alice
+      get :create
+      response.should redirect_to root_url
+    end
+  end
+  describe '#edit' do
+    it 'displays a token' do
+      sign_in bob
+      get :create
+      get :show
+      response.body.should include(bob.reload.authentication_token)
+    end
+  end
+end