Small controller for generating an auth token, if you are an authable user

2011-05-19 18:29:53 -07:00 · 2011-05-19 18:29:53 -07:00 · 93be5497a7
commit 93be5497a7
parent ed61c53e09
11 changed files with 78 additions and 36 deletions
--- a/app/controllers/admins_controller.rb
+++ b/app/controllers/admins_controller.rb
@ -19,7 +19,7 @@ class AdminsController < ApplicationController
  def add_invites
    u = User.find(params[:user_id])
-    if u 
+    if u
      notice = "Great Job!"
      u.update_attributes(:invites => (u.invites += 10))
    else
@ -29,12 +29,6 @@ class AdminsController < ApplicationController
    redirect_to :back, :notice => notice, :user => {:id => u.id}
  end
  def generate_new_token
    current_user.reset_authentication_token!
    current_user.authentication_token
    redirect_to user_search_path, :notice => "auth token reset" 
  end
  def admin_inviter
    opts = {:service => 'email', :identifier => params[:identifier]}
    existing_user = Invitation.find_existing_user('email', params[:identifier])
--- a/app/controllers/tokens_controller.rb
+++ b/app/controllers/tokens_controller.rb
@ -0,0 +1,12 @@
 class TokensController < ApplicationController
  before_filter :redirect_unless_tokenable
  def redirect_unless_tokenable
    redirect_to root_url unless current_user.auth_tokenable?
  end
  def create
    current_user.reset_authentication_token!
    current_user.authentication_token
    redirect_to token_path, :notice => "Authentication token reset."
  end
 end
--- a/app/models/user.rb
+++ b/app/models/user.rb
@ -326,6 +326,10 @@ class User < ActiveRecord::Base
    AppConfig[:admins].present? && AppConfig[:admins].include?(self.username)
  end
  def auth_tokenable?
    admin? || (AppConfig[:auth_tokenable].present? && AppConfig[:auth_tokenable].include?(self.username))
  end
  protected
  def remove_person
--- a/app/views/admins/user_search.html.haml
+++ b/app/views/admins/user_search.html.haml
@ -12,11 +12,11 @@
 = form_tag 'user_search', :method => :get do
  username:
  = text_field_tag 'user[username]', params[:user][:username]
-  
+
  email:
  = text_field_tag 'user[email]', params[:user][:email]
-  invitation identifier 
+  invitation identifier
  = text_field_tag 'user[invitation_identifier]', params[:user][:invitation_identifier]
  invitation token:
@ -36,14 +36,11 @@
    - if user.person.profile
      = user.person.profile.inspect
    %br
-  = "invite token: #{accept_invitation_url(user, :invitation_token => user.invitation_token)}" if user.invitation_token 
+  = "invite token: #{accept_invitation_url(user, :invitation_token => user.invitation_token)}" if user.invitation_token
  = link_to "add 10 invites for this user", add_invites_path(:user_id => user.id)
  %br
  %br
  %br
 %h3 your auth token
 %h2= current_user.authentication_token
 = link_to "reset auth token", new_auth_token_path
 %br
 = javascript_include_tag 'apiconsole'
 #query
--- a/app/views/aspects/index.html.haml
+++ b/app/views/aspects/index.html.haml
@ -22,6 +22,8 @@
  %h4.section.invite_friends
    != t('bookmarklet.explanation', :link => link_to(t('bookmarklet.explanation_link_text'), bookmarklet))
  - if current_user.auth_tokenable?
    %h4.section.invite_friends= link_to "Generate an authentication token for Cubbi.es", token_path
  - if @invites > 0
    .section.invite_friends
      %h4= t('shared.invitations.invite_your_friends')
--- a/app/views/tokens/show.html.haml
+++ b/app/views/tokens/show.html.haml
@ -0,0 +1,16 @@
 %h3
  This is a temporary hack while we develop a more general application framework.
 %div
  - if current_user.authentication_token
    %h4= current_user.authentication_token
  - else
    %h4 No authentication token set.
 %div
  = form_tag(token_path) do
    =submit_tag "Generate new authentication token"
 %br
 %div
  %h4
    Click settings on
    = link_to "Cubbi.es", 'http://cubbi.es'
    to share your internet folder with the internet!
--- a/config/app.yml.example
+++ b/config/app.yml.example
@ -87,6 +87,11 @@ default:
  admins:
    - 'example_user1dsioaioedfhgoiesajdigtoearogjaidofgjo'
  #List of users who can generate auth tokens
  #Temporary so we can work on apps while oauth is being developed
  auth_tokenable:
    - 'iknowthatthismanualauthtokenthingisnoteasyorsecure'
  #s3 config, if set, carrierwave will store your photos on s3
  #s3_key: 'key'
  #s3_secret: 'secret'
--- a/config/routes.rb
+++ b/config/routes.rb
@ -67,6 +67,8 @@ Diaspora::Application.routes.draw do
    resources :photos, :controller => "photos", :only => [:create, :show, :destroy]
  end
  #Temporary token_authenticable route
  resource :token, :only => [:show, :create]
  get 'login' => redirect('/users/sign_in')
@ -74,7 +76,6 @@ Diaspora::Application.routes.draw do
    match 'user_search'   => :user_search
    get   'admin_inviter' => :admin_inviter
    get   'add_invites'   => :add_invites, :as => 'add_invites'
    get   'generate_new_token' => :generate_new_token, :as => 'new_auth_token'
  end
  resource :profile
--- a/lib/app_config.rb
+++ b/lib/app_config.rb
@ -23,7 +23,7 @@ class AppConfig
    generate_pod_uri
    normalize_pod_url
    check_pod_uri
-    downcase_admins
+    downcase_usernames
  end
  def self.load_config_for_environment(env)
@ -77,9 +77,11 @@ class AppConfig
  end
-  def self.downcase_admins
+  def self.downcase_usernames
-    self.config_vars[:admins] ||= []
+    [:admins, :auth_tokenable].each do |key|
-    self.config_vars[:admins].collect! { |admin| admin.downcase }
+      self.config_vars[key] ||= []
      self.config_vars[key].collect! { |username| username.downcase }
    end
  end
  def self.load_config_yaml filename
--- a/spec/controllers/admins_controller_spec.rb
+++ b/spec/controllers/admins_controller_spec.rb
@ -58,24 +58,6 @@ describe AdminsController do
      end
    end
  end
  describe '#generate_new_token' do
    before do
      AppConfig[:admins] = [@user.username]
    end
    it 'generates a new token for the current user' do
      lambda { 
        get 'generate_new_token' 
      }.should change{ @user.reload.authentication_token }
    end
    it 'displays a token' do
      get 'generate_new_token' 
      get :user_search
      response.body.should include(@user.reload.authentication_token)
    end
  end
  describe '#admin_inviter' do
    context 'admin signed in' do
--- a/spec/controllers/tokens_controller_spec.rb
+++ b/spec/controllers/tokens_controller_spec.rb
@ -0,0 +1,27 @@
 describe TokensController do
  before do
    AppConfig[:admins] = [bob.username]
    AppConfig[:auth_tokenable] = [eve.username]
  end
  describe '#create' do
    it 'generates a new token for the current user' do
      sign_in bob
      lambda {
        get :create
      }.should change{ bob.reload.authentication_token }
    end
    it 'redirects normal users away' do
      sign_in alice
      get :create
      response.should redirect_to root_url
    end
  end
  describe '#edit' do
    it 'displays a token' do
      sign_in bob
      get :create
      get :show
      response.body.should include(bob.reload.authentication_token)
    end
  end
 end