diff --git a/Gemfile b/Gemfile index 7668fbb52..c4bbabeaf 100644 --- a/Gemfile +++ b/Gemfile @@ -32,3 +32,5 @@ gem "mocha" gem 'rspec-rails', ">= 2.0.0.beta.8" # gem 'webrat' #end + +gem "devise", :git => "git://github.com/plataformatec/devise.git" diff --git a/app/controllers/user_sessions_controller.rb b/app/controllers/user_sessions_controller.rb deleted file mode 100644 index 3ef5602f8..000000000 --- a/app/controllers/user_sessions_controller.rb +++ /dev/null @@ -1,2 +0,0 @@ -class UserSessionsController < ApplicationController -end diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 90bd71fa2..f029dc33d 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -1,19 +1,9 @@ class UsersController < ApplicationController + + before_filter :authenticate_user! + def index @users = User.all end - - def new - @user = User.new - end - - def create - @user = User.new(params[:user]) - if @user.save - flash[:notice] = "Successfully created user." - redirect_to users_url - else - render :action => 'new' - end - end + end diff --git a/app/models/user.rb b/app/models/user.rb index 541435042..2c5c134b5 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -1,11 +1,9 @@ class User include Mongoid::Document - field :password - field :name - - - validates :password, :presence => true - validates :name, :presence =>true + # Include default devise modules. Others available are: + # :token_authenticatable, :confirmable, :lockable and :timeoutable + devise :database_authenticatable, :registerable, + :recoverable, :rememberable, :trackable, :validatable end diff --git a/app/models/user_session.rb b/app/models/user_session.rb deleted file mode 100644 index 56262b47d..000000000 --- a/app/models/user_session.rb +++ /dev/null @@ -1,8 +0,0 @@ -class UserSession - include Mongoid::Document - - def authenticates(name, password) - user = User.first(:conditions => {:name => name, :password => password}) - self.save unless user.nil? - end -end diff --git a/app/views/devise/confirmations/new.html.haml b/app/views/devise/confirmations/new.html.haml new file mode 100644 index 000000000..2c49b859a --- /dev/null +++ b/app/views/devise/confirmations/new.html.haml @@ -0,0 +1,9 @@ +%h2 Resend confirmation instructions += form_for(resource, :as => resource_name, :url => confirmation_path(resource_name)) do |f| + = devise_error_messages! + %p + = f.label :email + %br/ + = f.text_field :email + %p= f.submit "Resend confirmation instructions" += render :partial => "devise/shared/links" diff --git a/app/views/devise/mailer/confirmation_instructions.html.haml b/app/views/devise/mailer/confirmation_instructions.html.haml new file mode 100644 index 000000000..7840b9c11 --- /dev/null +++ b/app/views/devise/mailer/confirmation_instructions.html.haml @@ -0,0 +1,4 @@ +%p + Welcome #{@resource.email}! +%p You can confirm your account through the link below: +%p= link_to 'Confirm my account', confirmation_url(@resource, :confirmation_token => @resource.confirmation_token) diff --git a/app/views/devise/mailer/reset_password_instructions.html.haml b/app/views/devise/mailer/reset_password_instructions.html.haml new file mode 100644 index 000000000..4fc4743f8 --- /dev/null +++ b/app/views/devise/mailer/reset_password_instructions.html.haml @@ -0,0 +1,6 @@ +%p + Hello #{@resource.email}! +%p Someone has requested a link to change your password, and you can do this through the link below. +%p= link_to 'Change my password', edit_password_url(@resource, :reset_password_token => @resource.reset_password_token) +%p If you didn't request this, please ignore this email. +%p Your password won't change until you access the link above and create a new one. diff --git a/app/views/devise/mailer/unlock_instructions.html.haml b/app/views/devise/mailer/unlock_instructions.html.haml new file mode 100644 index 000000000..34b0e9e4e --- /dev/null +++ b/app/views/devise/mailer/unlock_instructions.html.haml @@ -0,0 +1,5 @@ +%p + Hello #{@resource.email}! +%p Your account has been locked due to an excessive amount of unsuccessful sign in attempts. +%p Click the link below to unlock your account: +%p= link_to 'Unlock my account', unlock_url(@resource, :unlock_token => @resource.unlock_token) diff --git a/app/views/devise/passwords/edit.html.haml b/app/views/devise/passwords/edit.html.haml new file mode 100644 index 000000000..543d47e55 --- /dev/null +++ b/app/views/devise/passwords/edit.html.haml @@ -0,0 +1,14 @@ +%h2 Change your password += form_for(resource, :as => resource_name, :url => password_path(resource_name), :html => { :method => :put }) do |f| + = devise_error_messages! + = f.hidden_field :reset_password_token + %p + = f.label :password + %br/ + = f.password_field :password + %p + = f.label :password_confirmation + %br/ + = f.password_field :password_confirmation + %p= f.submit "Change my password" += render :partial => "devise/shared/links" diff --git a/app/views/devise/passwords/new.html.haml b/app/views/devise/passwords/new.html.haml new file mode 100644 index 000000000..d1176b8c6 --- /dev/null +++ b/app/views/devise/passwords/new.html.haml @@ -0,0 +1,9 @@ +%h2 Forgot your password? += form_for(resource, :as => resource_name, :url => password_path(resource_name)) do |f| + = devise_error_messages! + %p + = f.label :email + %br/ + = f.text_field :email + %p= f.submit "Send me reset password instructions" += render :partial => "devise/shared/links" diff --git a/app/views/devise/registrations/edit.html.haml b/app/views/devise/registrations/edit.html.haml new file mode 100644 index 000000000..d252d9af4 --- /dev/null +++ b/app/views/devise/registrations/edit.html.haml @@ -0,0 +1,27 @@ +%h2 + Edit #{resource_name.to_s.humanize} += form_for(resource, :as => resource_name, :url => registration_path(resource_name), :html => { :method => :put }) do |f| + = devise_error_messages! + %p + = f.label :email + %br/ + = f.text_field :email + %p + = f.label :password + %i (leave blank if you don't want to change it) + %br/ + = f.password_field :password + %p + = f.label :password_confirmation + %br/ + = f.password_field :password_confirmation + %p + = f.label :current_password + %i (we need your current password to confirm your changes) + %br/ + = f.password_field :current_password + %p= f.submit "Update" +%h3 Cancel my account +%p + Unhappy? #{link_to "Cancel my account", registration_path(resource_name), :confirm => "Are you sure?", :method => :delete}. += link_to "Back", :back diff --git a/app/views/devise/registrations/new.html.haml b/app/views/devise/registrations/new.html.haml new file mode 100644 index 000000000..b03da3518 --- /dev/null +++ b/app/views/devise/registrations/new.html.haml @@ -0,0 +1,17 @@ +%h2 Sign up += form_for(resource, :as => resource_name, :url => registration_path(resource_name)) do |f| + = devise_error_messages! + %p + = f.label :email + %br/ + = f.text_field :email + %p + = f.label :password + %br/ + = f.password_field :password + %p + = f.label :password_confirmation + %br/ + = f.password_field :password_confirmation + %p= f.submit "Sign up" += render :partial => "devise/shared/links" diff --git a/app/views/devise/sessions/new.html.haml b/app/views/devise/sessions/new.html.haml new file mode 100644 index 000000000..43cd65929 --- /dev/null +++ b/app/views/devise/sessions/new.html.haml @@ -0,0 +1,16 @@ +%h2 Sign in += form_for(resource, :as => resource_name, :url => session_path(resource_name)) do |f| + %p + = f.label :email + %br/ + = f.text_field :email + %p + = f.label :password + %br/ + = f.password_field :password + - if devise_mapping.rememberable? + %p + = f.check_box :remember_me + = f.label :remember_me + %p= f.submit "Sign in" += render :partial => "devise/shared/links" diff --git a/app/views/devise/shared/_links.haml b/app/views/devise/shared/_links.haml new file mode 100644 index 000000000..a7547353f --- /dev/null +++ b/app/views/devise/shared/_links.haml @@ -0,0 +1,15 @@ +- if controller_name != 'sessions' + = link_to "Sign in", new_session_path(resource_name) + %br/ +- if devise_mapping.registerable? && controller_name != 'registrations' + = link_to "Sign up", new_registration_path(resource_name) + %br/ +- if devise_mapping.recoverable? && controller_name != 'passwords' + = link_to "Forgot your password?", new_password_path(resource_name) + %br/ +- if devise_mapping.confirmable? && controller_name != 'confirmations' + = link_to "Didn't receive confirmation instructions?", new_confirmation_path(resource_name) + %br/ +- if devise_mapping.lockable? && resource_class.unlock_strategy_enabled?(:email) && controller_name != 'unlocks' + = link_to "Didn't receive unlock instructions?", new_unlock_path(resource_name) + %br/ diff --git a/app/views/devise/unlocks/new.html.haml b/app/views/devise/unlocks/new.html.haml new file mode 100644 index 000000000..a73b9caa5 --- /dev/null +++ b/app/views/devise/unlocks/new.html.haml @@ -0,0 +1,9 @@ +%h2 Resend unlock instructions += form_for(resource, :as => resource_name, :url => unlock_path(resource_name)) do |f| + = devise_error_messages! + %p + = f.label :email + %br/ + = f.text_field :email + %p= f.submit "Resend unlock instructions" += render :partial => "devise/shared/links" diff --git a/app/views/layouts/application.html.erb b/app/views/layouts/application.html.erb deleted file mode 100644 index e656b9345..000000000 --- a/app/views/layouts/application.html.erb +++ /dev/null @@ -1,14 +0,0 @@ - - - - Diaspora - <%= stylesheet_link_tag :all %> - <%= javascript_include_tag :defaults %> - <%= csrf_meta_tag %> - - - -<%= yield %> - - - diff --git a/app/views/layouts/application.html.haml b/app/views/layouts/application.html.haml index 3dccf3d79..b2bad6ce9 100644 --- a/app/views/layouts/application.html.haml +++ b/app/views/layouts/application.html.haml @@ -12,6 +12,11 @@ %body #container + - if user_signed_in? + = link_to "log out", destroy_user_session_path + - else + = link_to "login", new_user_session_path + - flash.each do |name, msg| = content_tag :div, msg, :id => "flash_#{name}" diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb new file mode 100644 index 000000000..46d665c8b --- /dev/null +++ b/config/initializers/devise.rb @@ -0,0 +1,131 @@ +# Use this hook to configure devise mailer, warden hooks and so forth. The first +# four configuration values can also be set straight in your models. +Devise.setup do |config| + # Configure the e-mail address which will be shown in DeviseMailer. + config.mailer_sender = "please-change-me@config-initializers-devise.com" + + # ==> ORM configuration + # Load and configure the ORM. Supports :active_record (default), :mongoid + # (bson_ext recommended) and :data_mapper (experimental). + require 'devise/orm/mongoid' + + # ==> Configuration for any authentication mechanism + # Configure which keys are used when authenticating an user. By default is + # just :email. You can configure it to use [:username, :subdomain], so for + # authenticating an user, both parameters are required. Remember that those + # parameters are used only when authenticating and not when retrieving from + # session. If you need permissions, you should implement that in a before filter. + # config.authentication_keys = [ :email ] + + # Tell if authentication through request.params is enabled. True by default. + # config.params_authenticatable = true + + # Tell if authentication through HTTP Basic Auth is enabled. True by default. + # config.http_authenticatable = true + + # The realm used in Http Basic Authentication + # config.http_authentication_realm = "Application" + + # ==> Configuration for :database_authenticatable + # For bcrypt, this is the cost for hashing the password and defaults to 10. If + # using other encryptors, it sets how many times you want the password re-encrypted. + config.stretches = 10 + + # Define which will be the encryption algorithm. Devise also supports encryptors + # from others authentication tools as :clearance_sha1, :authlogic_sha512 (then + # you should set stretches above to 20 for default behavior) and :restful_authentication_sha1 + # (then you should set stretches to 10, and copy REST_AUTH_SITE_KEY to pepper) + config.encryptor = :bcrypt + + # Setup a pepper to generate the encrypted password. + config.pepper = "065eb8798b181ff0ea2c5c16aee0ff8b70e04e2ee6bd6e08b49da46924223e39127d5335e466207d42bf2a045c12be5f90e92012a4f05f7fc6d9f3c875f4c95b" + + # ==> Configuration for :confirmable + # The time you want to give your user to confirm his account. During this time + # he will be able to access your application without confirming. Default is nil. + # When confirm_within is zero, the user won't be able to sign in without confirming. + # You can use this to let your user access some features of your application + # without confirming the account, but blocking it after a certain period + # (ie 2 days). + # config.confirm_within = 2.days + + # ==> Configuration for :rememberable + # The time the user will be remembered without asking for credentials again. + # config.remember_for = 2.weeks + + # ==> Configuration for :validatable + # Range for password length + # config.password_length = 6..20 + + # Regex to use to validate the email address + # config.email_regexp = /^([\w\.%\+\-]+)@([\w\-]+\.)+([\w]{2,})$/i + + # ==> Configuration for :timeoutable + # The time you want to timeout the user session without activity. After this + # time the user will be asked for credentials again. + # config.timeout_in = 10.minutes + + # ==> Configuration for :lockable + # Defines which strategy will be used to lock an account. + # :failed_attempts = Locks an account after a number of failed attempts to sign in. + # :none = No lock strategy. You should handle locking by yourself. + # config.lock_strategy = :failed_attempts + + # Defines which strategy will be used to unlock an account. + # :email = Sends an unlock link to the user email + # :time = Re-enables login after a certain amount of time (see :unlock_in below) + # :both = Enables both strategies + # :none = No unlock strategy. You should handle unlocking by yourself. + # config.unlock_strategy = :both + + # Number of authentication tries before locking an account if lock_strategy + # is failed attempts. + # config.maximum_attempts = 20 + + # Time interval to unlock the account if :time is enabled as unlock_strategy. + # config.unlock_in = 1.hour + + # ==> Configuration for :token_authenticatable + # Defines name of the authentication token params key + # config.token_authentication_key = :auth_token + + # ==> Scopes configuration + # Turn scoped views on. Before rendering "sessions/new", it will first check for + # "sessions/users/new". It's turned off by default because it's slower if you + # are using only default views. + # config.scoped_views = true + + # By default, devise detects the role accessed based on the url. So whenever + # accessing "/users/sign_in", it knows you are accessing an User. This makes + # routes as "/sign_in" not possible, unless you tell Devise to use the default + # scope, setting true below. + # Note that devise does not generate default routes. You also have to + # specify them in config/routes.rb + # config.use_default_scope = true + + # Configure the default scope used by Devise. By default it's the first devise + # role declared in your routes. + # config.default_scope = :user + + # ==> Navigation configuration + # Lists the formats that should be treated as navigational. Formats like + # :html, should redirect to the sign in page when the user does not have + # access, but formats like :xml or :json, should return 401. + # If you have any extra navigational formats, like :iphone or :mobile, you + # should add them to the navigational formats lists. Default is [:html] + # config.navigational_formats = [:html, :iphone] + + # ==> Warden configuration + # If you want to use other strategies, that are not (yet) supported by Devise, + # you can configure them inside the config.warden block. The example below + # allows you to setup OAuth, using http://github.com/roman/warden_oauth + # + # config.warden do |manager| + # manager.oauth(:twitter) do |twitter| + # twitter.consumer_secret = + # twitter.consumer_key = + # twitter.options :site => 'http://twitter.com' + # end + # manager.default_strategies(:scope => :user).unshift :twitter_oauth + # end +end diff --git a/config/locales/devise.en.yml b/config/locales/devise.en.yml new file mode 100644 index 000000000..b70c97bb8 --- /dev/null +++ b/config/locales/devise.en.yml @@ -0,0 +1,36 @@ +en: + errors: + messages: + not_found: "not found" + already_confirmed: "was already confirmed" + not_locked: "was not locked" + + devise: + failure: + unauthenticated: 'You need to sign in or sign up before continuing.' + unconfirmed: 'You have to confirm your account before continuing.' + locked: 'Your account is locked.' + invalid: 'Invalid email or password.' + invalid_token: 'Invalid authentication token.' + timeout: 'Your session expired, please sign in again to continue.' + inactive: 'Your account was not activated yet.' + sessions: + signed_in: 'Signed in successfully.' + signed_out: 'Signed out successfully.' + passwords: + send_instructions: 'You will receive an email with instructions about how to reset your password in a few minutes.' + updated: 'Your password was changed successfully. You are now signed in.' + confirmations: + send_instructions: 'You will receive an email with instructions about how to confirm your account in a few minutes.' + confirmed: 'Your account was successfully confirmed. You are now signed in.' + registrations: + signed_up: 'You have signed up successfully. If enabled, a confirmation was sent to your e-mail.' + updated: 'You updated your account successfully.' + destroyed: 'Bye! Your account was successfully cancelled. We hope to see you again soon.' + unlocks: + send_instructions: 'You will receive an email with instructions about how to unlock your account in a few minutes.' + unlocked: 'Your account was successfully unlocked. You are now signed in.' + mailer: + confirmation_instructions: 'Confirmation instructions' + reset_password_instructions: 'Reset password instructions' + unlock_instructions: 'Unlock Instructions' diff --git a/config/routes.rb b/config/routes.rb index 10ac7a63f..bba921b33 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -1,4 +1,6 @@ Diaspora::Application.routes.draw do |map| + devise_for :users + resources :users # The priority is based upon order of creation: @@ -57,4 +59,7 @@ Diaspora::Application.routes.draw do |map| # This is a legacy wild controller route that's not recommended for RESTful applications. # Note: This route will make all actions in every controller accessible via GET requests. # match ':controller(/:action(/:id(.:format)))' + + root :to => "users#index" + end diff --git a/public/index.html b/public/index.html deleted file mode 100644 index 9fb304a66..000000000 --- a/public/index.html +++ /dev/null @@ -1,279 +0,0 @@ - - - - Ruby on Rails: Welcome aboard - - - - -
- - -
- - - - -
-

Getting started

-

Here’s how to get rolling:

- -
    -
  1. -

    Use rails generate to create your models and controllers

    -

    To see all available options, run it without parameters.

    -
    2. - -
  2. -

    Set up a default route and remove or rename this file

    -

    Routes are set up in config/routes.rb.

    -
    3. - -
  3. -

    Create your database

    -

    Run rake db:migrate to create your database. If you're not using SQLite (the default), edit config/database.yml with your username and password.

    -
    4. -
-
-
- - -
- - diff --git a/spec/controllers/user_sessions_controller.rb b/spec/controllers/user_sessions_controller.rb deleted file mode 100644 index 21d3e6bb4..000000000 --- a/spec/controllers/user_sessions_controller.rb +++ /dev/null @@ -1,17 +0,0 @@ -class UserSessionsController < ApplicationController - - def new - @user_sessions = UserSession.new - end - - def create - @user_sessions = UserSession.new(params[:username, :password]) - if @user_sessions.save - params[:user_logged_in] = params[:username] - flash[:notice] = "Successfully logged in." - redirect_to root_url - else - render :action => 'new' - end - end -end diff --git a/spec/models/user_session_spec.rb b/spec/models/user_session_spec.rb deleted file mode 100644 index 2650d9acb..000000000 --- a/spec/models/user_session_spec.rb +++ /dev/null @@ -1,19 +0,0 @@ -require 'spec_helper' - -describe UserSession do - before do - UserSession.delete_all - User.delete_all - end - - it "should authenticate an existing user" do - user = User.create(:name => "billy", :password => "bob") - puts User.first.inspect - UserSession.new.authenticates(user.name, user.password).should be true - end - - it "should not authenticate a foreign user" do - user = User.create(:name => "billy", :password => "bob") - UserSession.new.authenticates("not billy", "not bob").should be nil - end -end diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb new file mode 100644 index 000000000..0f545327b --- /dev/null +++ b/spec/models/user_spec.rb @@ -0,0 +1,4 @@ +require 'spec_helper' + +describe User do +end diff --git a/spec/user_spec.rb b/spec/user_spec.rb deleted file mode 100644 index e7bba381e..000000000 --- a/spec/user_spec.rb +++ /dev/null @@ -1,14 +0,0 @@ -require 'spec_helper' - -describe User do - before do - User.delete_all - end - - it 'should should have a valid name and password' do - pending "snow leopard issue with validation" - User.create - User.count.should == 0 - end - -end