diff --git a/Gemfile b/Gemfile index 71a2441b..b0de8b5b 100644 --- a/Gemfile +++ b/Gemfile @@ -7,8 +7,7 @@ gem 'compass', '~> 0.10.1' gem 'haml', '~> 3.0.18' gem 'rdiscount', '~> 1.6.5' gem 'will_paginate', '~> 3.0.pre2' -gem 'warden', '~> 1.0.1' -gem 'rails_warden', '~> 0.5.2' +gem 'devise', '~> 1.1.5' # unstable version of RocketAMF interprets info registry as a hash instead of an array gem 'RocketAMF', :git => 'git://github.com/warhammerkid/rocket-amf.git' diff --git a/Gemfile.lock b/Gemfile.lock index 1498a327..bfd6fa09 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -71,11 +71,15 @@ GEM activesupport (3.0.3) addressable (2.2.1) arel (2.0.3) + bcrypt-ruby (2.1.2) builder (2.1.2) closure-compiler (0.3.3) compass (0.10.5) haml (>= 3.0.4) daemons (1.1.0) + devise (1.1.5) + bcrypt-ruby (~> 2.1.2) + warden (~> 1.0.2) diff-lcs (1.1.2) erubis (2.6.6) abstract (>= 1.0.0) @@ -116,8 +120,6 @@ GEM activesupport (= 3.0.3) bundler (~> 1.0) railties (= 3.0.3) - rails_warden (0.5.2) - warden railties (3.0.3) actionpack (= 3.0.3) activesupport (= 3.0.3) @@ -146,7 +148,7 @@ GEM treetop (1.4.9) polyglot (>= 0.3.1) tzinfo (0.3.23) - warden (1.0.1) + warden (1.0.3) rack (>= 1.0.0) whenever (0.6.2) aaronh-chronic (>= 0.3.9) @@ -161,6 +163,7 @@ DEPENDENCIES RocketAMF! addressable compass (~> 0.10.1) + devise (~> 1.1.5) em-http-request! em-mysqlplus! em-synchrony! @@ -175,10 +178,8 @@ DEPENDENCIES openneo-auth-signatory (~> 0.1.0) rack-fiber_pool rails (= 3.0.3) - rails_warden (~> 0.5.2) rdiscount (~> 1.6.5) rspec-rails (~> 2.0.0.beta.22) thin (~> 1.2.7) - warden (~> 1.0.1) whenever (~> 0.6.2) will_paginate (~> 3.0.pre2) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 6a7cd602..e8065d95 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -1,19 +1,3 @@ class ApplicationController < ActionController::Base protect_from_forgery - - helper_method :current_user, :user_signed_in? - - protected - - def current_user - @current_user ||= warden.authenticate - end - - def user_signed_in? - current_user ? true : false - end - - def warden - env['warden'] - end end diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index 18c02cd0..68db5aff 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -17,8 +17,7 @@ class SessionsController < ApplicationController end def destroy - warden.logout - cookies.delete :remember_me + sign_out(:user) redirect_to (params[:return_to] || root_path) end diff --git a/app/models/user.rb b/app/models/user.rb index d3f043db..e843180c 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -7,6 +7,8 @@ class User < ActiveRecord::Base scope :top_contributors, order('points DESC').where(arel_table[:points].gt(0)) + devise :rememberable + def contribute!(pet) new_contributions = [] new_points = 0 diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb new file mode 100644 index 00000000..4c0915ea --- /dev/null +++ b/config/initializers/devise.rb @@ -0,0 +1,146 @@ +# Use this hook to configure devise mailer, warden hooks and so forth. The first +# four configuration values can also be set straight in your models. +Devise.setup do |config| + # ==> Mailer Configuration + # Configure the e-mail address which will be shown in DeviseMailer. + config.mailer_sender = "please-change-me@config-initializers-devise.com" + + # Configure the class responsible to send e-mails. + # config.mailer = "Devise::Mailer" + + # ==> ORM configuration + # Load and configure the ORM. Supports :active_record (default) and + # :mongoid (bson_ext recommended) by default. Other ORMs may be + # available as additional gems. + require 'devise/orm/active_record' + + # ==> Configuration for any authentication mechanism + # Configure which keys are used when authenticating an user. By default is + # just :email. You can configure it to use [:username, :subdomain], so for + # authenticating an user, both parameters are required. Remember that those + # parameters are used only when authenticating and not when retrieving from + # session. If you need permissions, you should implement that in a before filter. + # config.authentication_keys = [ :email ] + + # Tell if authentication through request.params is enabled. True by default. + # config.params_authenticatable = true + + # Tell if authentication through HTTP Basic Auth is enabled. False by default. + # config.http_authenticatable = false + + # Set this to true to use Basic Auth for AJAX requests. True by default. + # config.http_authenticatable_on_xhr = true + + # The realm used in Http Basic Authentication + # config.http_authentication_realm = "Application" + + # ==> Configuration for :database_authenticatable + # For bcrypt, this is the cost for hashing the password and defaults to 10. If + # using other encryptors, it sets how many times you want the password re-encrypted. + config.stretches = 10 + + # Define which will be the encryption algorithm. Devise also supports encryptors + # from others authentication tools as :clearance_sha1, :authlogic_sha512 (then + # you should set stretches above to 20 for default behavior) and :restful_authentication_sha1 + # (then you should set stretches to 10, and copy REST_AUTH_SITE_KEY to pepper) + config.encryptor = :bcrypt + + # Setup a pepper to generate the encrypted password. + config.pepper = "f6a7bb49e6d2348d529bf4c64c09af1491284e90087d282713825f09b8ac0d78be1d3e5fb65b4f95115da90a8b6be60a9d4da68ae60a6174a6c238976b52b848" + + # ==> Configuration for :confirmable + # The time you want to give your user to confirm his account. During this time + # he will be able to access your application without confirming. Default is nil. + # When confirm_within is zero, the user won't be able to sign in without confirming. + # You can use this to let your user access some features of your application + # without confirming the account, but blocking it after a certain period + # (ie 2 days). + # config.confirm_within = 2.days + + # ==> Configuration for :rememberable + # The time the user will be remembered without asking for credentials again. + # config.remember_for = 2.weeks + + # If true, a valid remember token can be re-used between multiple browsers. + # config.remember_across_browsers = true + + # If true, extends the user's remember period when remembered via cookie. + # config.extend_remember_period = false + + # ==> Configuration for :validatable + # Range for password length + # config.password_length = 6..20 + + # Regex to use to validate the email address + # config.email_regexp = /^([\w\.%\+\-]+)@([\w\-]+\.)+([\w]{2,})$/i + + # ==> Configuration for :timeoutable + # The time you want to timeout the user session without activity. After this + # time the user will be asked for credentials again. + # config.timeout_in = 10.minutes + + # ==> Configuration for :lockable + # Defines which strategy will be used to lock an account. + # :failed_attempts = Locks an account after a number of failed attempts to sign in. + # :none = No lock strategy. You should handle locking by yourself. + # config.lock_strategy = :failed_attempts + + # Defines which strategy will be used to unlock an account. + # :email = Sends an unlock link to the user email + # :time = Re-enables login after a certain amount of time (see :unlock_in below) + # :both = Enables both strategies + # :none = No unlock strategy. You should handle unlocking by yourself. + # config.unlock_strategy = :both + + # Number of authentication tries before locking an account if lock_strategy + # is failed attempts. + # config.maximum_attempts = 20 + + # Time interval to unlock the account if :time is enabled as unlock_strategy. + # config.unlock_in = 1.hour + + # ==> Configuration for :token_authenticatable + # Defines name of the authentication token params key + # config.token_authentication_key = :auth_token + + # ==> Scopes configuration + # Turn scoped views on. Before rendering "sessions/new", it will first check for + # "users/sessions/new". It's turned off by default because it's slower if you + # are using only default views. + # config.scoped_views = true + + # Configure the default scope given to Warden. By default it's the first + # devise role declared in your routes. + # config.default_scope = :user + + # Configure sign_out behavior. + # By default sign_out is scoped (i.e. /users/sign_out affects only :user scope). + # In case of sign_out_all_scopes set to true any logout action will sign out all active scopes. + # config.sign_out_all_scopes = false + + # ==> Navigation configuration + # Lists the formats that should be treated as navigational. Formats like + # :html, should redirect to the sign in page when the user does not have + # access, but formats like :xml or :json, should return 401. + # If you have any extra navigational formats, like :iphone or :mobile, you + # should add them to the navigational formats lists. Default is [:html] + # config.navigational_formats = [:html, :iphone] + + # ==> Warden configuration + # If you want to use other strategies, that are not (yet) supported by Devise, + # you can configure them inside the config.warden block. The example below + # allows you to setup OAuth, using http://github.com/roman/warden_oauth + # + # config.warden do |manager| + # manager.oauth(:twitter) do |twitter| + # twitter.consumer_secret = + # twitter.consumer_key = + # twitter.options :site => 'http://twitter.com' + # end + # manager.default_strategies(:scope => :user).unshift :twitter_oauth + # end + + config.warden do |manager| + manager.default_strategies(:scope => :user).unshift(:openneo_auth_token) + end +end diff --git a/config/initializers/warden.rb b/config/initializers/openneo_auth.rb similarity index 65% rename from config/initializers/warden.rb rename to config/initializers/openneo_auth.rb index aba444fe..1a204c82 100644 --- a/config/initializers/warden.rb +++ b/config/initializers/openneo_auth.rb @@ -1,8 +1,3 @@ -Rails.configuration.middleware.use RailsWarden::Manager do |manager| - manager.default_strategies :openneo_auth_remember, :openneo_auth_token - manager.failure_app = SessionsController.action(:failure) -end - require 'openneo-auth' require 'yaml' diff --git a/config/locales/devise.en.yml b/config/locales/devise.en.yml new file mode 100644 index 00000000..5e4e4332 --- /dev/null +++ b/config/locales/devise.en.yml @@ -0,0 +1,39 @@ +en: + errors: + messages: + not_found: "not found" + already_confirmed: "was already confirmed" + not_locked: "was not locked" + + devise: + failure: + unauthenticated: 'You need to sign in or sign up before continuing.' + unconfirmed: 'You have to confirm your account before continuing.' + locked: 'Your account is locked.' + invalid: 'Invalid email or password.' + invalid_token: 'Invalid authentication token.' + timeout: 'Your session expired, please sign in again to continue.' + inactive: 'Your account was not activated yet.' + sessions: + signed_in: 'Signed in successfully.' + signed_out: 'Signed out successfully.' + passwords: + send_instructions: 'You will receive an email with instructions about how to reset your password in a few minutes.' + updated: 'Your password was changed successfully. You are now signed in.' + confirmations: + send_instructions: 'You will receive an email with instructions about how to confirm your account in a few minutes.' + confirmed: 'Your account was successfully confirmed. You are now signed in.' + registrations: + signed_up: 'You have signed up successfully. If enabled, a confirmation was sent to your e-mail.' + updated: 'You updated your account successfully.' + destroyed: 'Bye! Your account was successfully cancelled. We hope to see you again soon.' + unlocks: + send_instructions: 'You will receive an email with instructions about how to unlock your account in a few minutes.' + unlocked: 'Your account was successfully unlocked. You are now signed in.' + mailer: + confirmation_instructions: + subject: 'Confirmation instructions' + reset_password_instructions: + subject: 'Reset password instructions' + unlock_instructions: + subject: 'Unlock Instructions' diff --git a/config/routes.rb b/config/routes.rb index 0d515229..5f9bf67d 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -1,5 +1,7 @@ OpenneoImpressItems::Application.routes.draw do |map| root :to => 'outfits#new' + + devise_for :users match '/item_zone_sets.json' => 'ItemZoneSets#index' diff --git a/db/migrate/20110126180835_users_devise.rb b/db/migrate/20110126180835_users_devise.rb new file mode 100644 index 00000000..08a0882d --- /dev/null +++ b/db/migrate/20110126180835_users_devise.rb @@ -0,0 +1,14 @@ +class UsersDevise < ActiveRecord::Migration + def self.up + change_table :users do |t| + t.rememberable + end + end + + def self.down + change_table :users do |t| + t.remove :remember_token + t.remove :remember_created_at + end + end +end diff --git a/db/schema.rb b/db/schema.rb index 43029800..05fa9a5e 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -10,7 +10,7 @@ # # It's strongly recommended to check this file into your version control system. -ActiveRecord::Schema.define(:version => 20101125160843) do +ActiveRecord::Schema.define(:version => 20110126180835) do create_table "auth_servers", :force => true do |t| t.string "short_name", :limit => 10, :null => false @@ -133,11 +133,13 @@ ActiveRecord::Schema.define(:version => 20101125160843) do add_index "swf_assets", ["zone_id"], :name => "idx_swf_assets_zone_id" create_table "users", :force => true do |t| - t.string "name", :limit => 20, :null => false - t.integer "auth_server_id", :limit => 1, :null => false - t.integer "remote_id", :null => false - t.integer "points", :default => 0, :null => false - t.boolean "beta", :default => false, :null => false + t.string "name", :limit => 20, :null => false + t.integer "auth_server_id", :limit => 1, :null => false + t.integer "remote_id", :null => false + t.integer "points", :default => 0, :null => false + t.boolean "beta", :default => false, :null => false + t.string "remember_token" + t.datetime "remember_created_at" end create_table "zones", :force => true do |t| diff --git a/lib/openneo-auth.rb b/lib/openneo-auth.rb index 2599def2..c1ebea7f 100644 --- a/lib/openneo-auth.rb +++ b/lib/openneo-auth.rb @@ -2,7 +2,6 @@ require 'openneo-auth/session' require 'openneo-auth/strategy' Warden::Strategies.add :openneo_auth_token, Openneo::Auth::Strategies::Token -Warden::Strategies.add :openneo_auth_remember, Openneo::Auth::Strategies::Remember module Openneo module Auth diff --git a/lib/openneo-auth/strategy.rb b/lib/openneo-auth/strategy.rb index f32aa5e0..b303f5bb 100644 --- a/lib/openneo-auth/strategy.rb +++ b/lib/openneo-auth/strategy.rb @@ -15,26 +15,11 @@ module Openneo fail! e.message else auth_session.destroy! - cookies.permanent.signed[:remember_me] = auth_session.user.id + auth_session.user.remember_me! success! auth_session.user end end end - - class Remember < Warden::Strategies::Base - def valid? - cookies.signed[:remember_me] - end - - def authenticate! - user = Auth.config.find_user_by_remembering cookies.signed[:remember_me] - if user - success! user - else - fail! - end - end - end end end end diff --git a/vendor/cache/bcrypt-ruby-2.1.2.gem b/vendor/cache/bcrypt-ruby-2.1.2.gem new file mode 100644 index 00000000..0abc707f Binary files /dev/null and b/vendor/cache/bcrypt-ruby-2.1.2.gem differ diff --git a/vendor/cache/devise-1.1.5.gem b/vendor/cache/devise-1.1.5.gem new file mode 100644 index 00000000..17ca8751 Binary files /dev/null and b/vendor/cache/devise-1.1.5.gem differ diff --git a/vendor/cache/rails_warden-0.5.2.gem b/vendor/cache/rails_warden-0.5.2.gem deleted file mode 100644 index 373c1902..00000000 Binary files a/vendor/cache/rails_warden-0.5.2.gem and /dev/null differ diff --git a/vendor/cache/warden-1.0.1.gem b/vendor/cache/warden-1.0.1.gem deleted file mode 100644 index 727afe7c..00000000 Binary files a/vendor/cache/warden-1.0.1.gem and /dev/null differ diff --git a/vendor/cache/warden-1.0.3.gem b/vendor/cache/warden-1.0.3.gem new file mode 100644 index 00000000..61209a9e Binary files /dev/null and b/vendor/cache/warden-1.0.3.gem differ