Merge branch 'fixleak'

This commit is contained in:
Emi Matchu 2011-02-05 10:33:39 -05:00
commit bb1f10c60b
18 changed files with 224 additions and 54 deletions

View file

@ -7,8 +7,7 @@ gem 'compass', '~> 0.10.1'
gem 'haml', '~> 3.0.18'
gem 'rdiscount', '~> 1.6.5'
gem 'will_paginate', '~> 3.0.pre2'
gem 'warden', '~> 1.0.1'
gem 'rails_warden', '~> 0.5.2'
gem 'devise', '~> 1.1.5'
# unstable version of RocketAMF interprets info registry as a hash instead of an array
gem 'RocketAMF', :git => 'git://github.com/warhammerkid/rocket-amf.git'

View file

@ -71,11 +71,15 @@ GEM
activesupport (3.0.3)
addressable (2.2.1)
arel (2.0.3)
bcrypt-ruby (2.1.2)
builder (2.1.2)
closure-compiler (0.3.3)
compass (0.10.5)
haml (>= 3.0.4)
daemons (1.1.0)
devise (1.1.5)
bcrypt-ruby (~> 2.1.2)
warden (~> 1.0.2)
diff-lcs (1.1.2)
erubis (2.6.6)
abstract (>= 1.0.0)
@ -116,8 +120,6 @@ GEM
activesupport (= 3.0.3)
bundler (~> 1.0)
railties (= 3.0.3)
rails_warden (0.5.2)
warden
railties (3.0.3)
actionpack (= 3.0.3)
activesupport (= 3.0.3)
@ -146,7 +148,7 @@ GEM
treetop (1.4.9)
polyglot (>= 0.3.1)
tzinfo (0.3.23)
warden (1.0.1)
warden (1.0.3)
rack (>= 1.0.0)
whenever (0.6.2)
aaronh-chronic (>= 0.3.9)
@ -161,6 +163,7 @@ DEPENDENCIES
RocketAMF!
addressable
compass (~> 0.10.1)
devise (~> 1.1.5)
em-http-request!
em-mysqlplus!
em-synchrony!
@ -175,10 +178,8 @@ DEPENDENCIES
openneo-auth-signatory (~> 0.1.0)
rack-fiber_pool
rails (= 3.0.3)
rails_warden (~> 0.5.2)
rdiscount (~> 1.6.5)
rspec-rails (~> 2.0.0.beta.22)
thin (~> 1.2.7)
warden (~> 1.0.1)
whenever (~> 0.6.2)
will_paginate (~> 3.0.pre2)

View file

@ -1,19 +1,3 @@
class ApplicationController < ActionController::Base
protect_from_forgery
helper_method :current_user, :user_signed_in?
protected
def current_user
@current_user ||= warden.authenticate
end
def user_signed_in?
current_user ? true : false
end
def warden
env['warden']
end
end

View file

@ -17,8 +17,7 @@ class SessionsController < ApplicationController
end
def destroy
warden.logout
cookies.delete :remember_me
sign_out(:user)
redirect_to (params[:return_to] || root_path)
end

View file

@ -7,6 +7,8 @@ class User < ActiveRecord::Base
scope :top_contributors, order('points DESC').where(arel_table[:points].gt(0))
devise :rememberable
def contribute!(pet)
new_contributions = []
new_points = 0

View file

@ -0,0 +1,146 @@
# Use this hook to configure devise mailer, warden hooks and so forth. The first
# four configuration values can also be set straight in your models.
Devise.setup do |config|
# ==> Mailer Configuration
# Configure the e-mail address which will be shown in DeviseMailer.
config.mailer_sender = "please-change-me@config-initializers-devise.com"
# Configure the class responsible to send e-mails.
# config.mailer = "Devise::Mailer"
# ==> ORM configuration
# Load and configure the ORM. Supports :active_record (default) and
# :mongoid (bson_ext recommended) by default. Other ORMs may be
# available as additional gems.
require 'devise/orm/active_record'
# ==> Configuration for any authentication mechanism
# Configure which keys are used when authenticating an user. By default is
# just :email. You can configure it to use [:username, :subdomain], so for
# authenticating an user, both parameters are required. Remember that those
# parameters are used only when authenticating and not when retrieving from
# session. If you need permissions, you should implement that in a before filter.
# config.authentication_keys = [ :email ]
# Tell if authentication through request.params is enabled. True by default.
# config.params_authenticatable = true
# Tell if authentication through HTTP Basic Auth is enabled. False by default.
# config.http_authenticatable = false
# Set this to true to use Basic Auth for AJAX requests. True by default.
# config.http_authenticatable_on_xhr = true
# The realm used in Http Basic Authentication
# config.http_authentication_realm = "Application"
# ==> Configuration for :database_authenticatable
# For bcrypt, this is the cost for hashing the password and defaults to 10. If
# using other encryptors, it sets how many times you want the password re-encrypted.
config.stretches = 10
# Define which will be the encryption algorithm. Devise also supports encryptors
# from others authentication tools as :clearance_sha1, :authlogic_sha512 (then
# you should set stretches above to 20 for default behavior) and :restful_authentication_sha1
# (then you should set stretches to 10, and copy REST_AUTH_SITE_KEY to pepper)
config.encryptor = :bcrypt
# Setup a pepper to generate the encrypted password.
config.pepper = "f6a7bb49e6d2348d529bf4c64c09af1491284e90087d282713825f09b8ac0d78be1d3e5fb65b4f95115da90a8b6be60a9d4da68ae60a6174a6c238976b52b848"
# ==> Configuration for :confirmable
# The time you want to give your user to confirm his account. During this time
# he will be able to access your application without confirming. Default is nil.
# When confirm_within is zero, the user won't be able to sign in without confirming.
# You can use this to let your user access some features of your application
# without confirming the account, but blocking it after a certain period
# (ie 2 days).
# config.confirm_within = 2.days
# ==> Configuration for :rememberable
# The time the user will be remembered without asking for credentials again.
# config.remember_for = 2.weeks
# If true, a valid remember token can be re-used between multiple browsers.
# config.remember_across_browsers = true
# If true, extends the user's remember period when remembered via cookie.
# config.extend_remember_period = false
# ==> Configuration for :validatable
# Range for password length
# config.password_length = 6..20
# Regex to use to validate the email address
# config.email_regexp = /^([\w\.%\+\-]+)@([\w\-]+\.)+([\w]{2,})$/i
# ==> Configuration for :timeoutable
# The time you want to timeout the user session without activity. After this
# time the user will be asked for credentials again.
# config.timeout_in = 10.minutes
# ==> Configuration for :lockable
# Defines which strategy will be used to lock an account.
# :failed_attempts = Locks an account after a number of failed attempts to sign in.
# :none = No lock strategy. You should handle locking by yourself.
# config.lock_strategy = :failed_attempts
# Defines which strategy will be used to unlock an account.
# :email = Sends an unlock link to the user email
# :time = Re-enables login after a certain amount of time (see :unlock_in below)
# :both = Enables both strategies
# :none = No unlock strategy. You should handle unlocking by yourself.
# config.unlock_strategy = :both
# Number of authentication tries before locking an account if lock_strategy
# is failed attempts.
# config.maximum_attempts = 20
# Time interval to unlock the account if :time is enabled as unlock_strategy.
# config.unlock_in = 1.hour
# ==> Configuration for :token_authenticatable
# Defines name of the authentication token params key
# config.token_authentication_key = :auth_token
# ==> Scopes configuration
# Turn scoped views on. Before rendering "sessions/new", it will first check for
# "users/sessions/new". It's turned off by default because it's slower if you
# are using only default views.
# config.scoped_views = true
# Configure the default scope given to Warden. By default it's the first
# devise role declared in your routes.
# config.default_scope = :user
# Configure sign_out behavior.
# By default sign_out is scoped (i.e. /users/sign_out affects only :user scope).
# In case of sign_out_all_scopes set to true any logout action will sign out all active scopes.
# config.sign_out_all_scopes = false
# ==> Navigation configuration
# Lists the formats that should be treated as navigational. Formats like
# :html, should redirect to the sign in page when the user does not have
# access, but formats like :xml or :json, should return 401.
# If you have any extra navigational formats, like :iphone or :mobile, you
# should add them to the navigational formats lists. Default is [:html]
# config.navigational_formats = [:html, :iphone]
# ==> Warden configuration
# If you want to use other strategies, that are not (yet) supported by Devise,
# you can configure them inside the config.warden block. The example below
# allows you to setup OAuth, using http://github.com/roman/warden_oauth
#
# config.warden do |manager|
# manager.oauth(:twitter) do |twitter|
# twitter.consumer_secret = <YOUR CONSUMER SECRET>
# twitter.consumer_key = <YOUR CONSUMER KEY>
# twitter.options :site => 'http://twitter.com'
# end
# manager.default_strategies(:scope => :user).unshift :twitter_oauth
# end
config.warden do |manager|
manager.default_strategies(:scope => :user).unshift(:openneo_auth_token)
end
end

View file

@ -1,8 +1,3 @@
Rails.configuration.middleware.use RailsWarden::Manager do |manager|
manager.default_strategies :openneo_auth_remember, :openneo_auth_token
manager.failure_app = SessionsController.action(:failure)
end
require 'openneo-auth'
require 'yaml'

View file

@ -0,0 +1,39 @@
en:
errors:
messages:
not_found: "not found"
already_confirmed: "was already confirmed"
not_locked: "was not locked"
devise:
failure:
unauthenticated: 'You need to sign in or sign up before continuing.'
unconfirmed: 'You have to confirm your account before continuing.'
locked: 'Your account is locked.'
invalid: 'Invalid email or password.'
invalid_token: 'Invalid authentication token.'
timeout: 'Your session expired, please sign in again to continue.'
inactive: 'Your account was not activated yet.'
sessions:
signed_in: 'Signed in successfully.'
signed_out: 'Signed out successfully.'
passwords:
send_instructions: 'You will receive an email with instructions about how to reset your password in a few minutes.'
updated: 'Your password was changed successfully. You are now signed in.'
confirmations:
send_instructions: 'You will receive an email with instructions about how to confirm your account in a few minutes.'
confirmed: 'Your account was successfully confirmed. You are now signed in.'
registrations:
signed_up: 'You have signed up successfully. If enabled, a confirmation was sent to your e-mail.'
updated: 'You updated your account successfully.'
destroyed: 'Bye! Your account was successfully cancelled. We hope to see you again soon.'
unlocks:
send_instructions: 'You will receive an email with instructions about how to unlock your account in a few minutes.'
unlocked: 'Your account was successfully unlocked. You are now signed in.'
mailer:
confirmation_instructions:
subject: 'Confirmation instructions'
reset_password_instructions:
subject: 'Reset password instructions'
unlock_instructions:
subject: 'Unlock Instructions'

View file

@ -1,6 +1,8 @@
OpenneoImpressItems::Application.routes.draw do |map|
root :to => 'outfits#new'
devise_for :users
match '/item_zone_sets.json' => 'ItemZoneSets#index'
match '/bodies/:body_id/swf_assets.json' => 'swf_assets#index', :as => :body_swf_assets

View file

@ -0,0 +1,14 @@
class UsersDevise < ActiveRecord::Migration
def self.up
change_table :users do |t|
t.rememberable
end
end
def self.down
change_table :users do |t|
t.remove :remember_token
t.remove :remember_created_at
end
end
end

View file

@ -10,7 +10,7 @@
#
# It's strongly recommended to check this file into your version control system.
ActiveRecord::Schema.define(:version => 20101125160843) do
ActiveRecord::Schema.define(:version => 20110126180835) do
create_table "auth_servers", :force => true do |t|
t.string "short_name", :limit => 10, :null => false
@ -138,6 +138,8 @@ ActiveRecord::Schema.define(:version => 20101125160843) do
t.integer "remote_id", :null => false
t.integer "points", :default => 0, :null => false
t.boolean "beta", :default => false, :null => false
t.string "remember_token"
t.datetime "remember_created_at"
end
create_table "zones", :force => true do |t|

View file

@ -2,7 +2,6 @@ require 'openneo-auth/session'
require 'openneo-auth/strategy'
Warden::Strategies.add :openneo_auth_token, Openneo::Auth::Strategies::Token
Warden::Strategies.add :openneo_auth_remember, Openneo::Auth::Strategies::Remember
module Openneo
module Auth

View file

@ -1,9 +1,9 @@
require 'warden'
require 'devise'
module Openneo
module Auth
module Strategies
class Token < Warden::Strategies::Base
class Token < Devise::Strategies::Authenticatable
def valid?
session && session[:session_id]
end
@ -12,27 +12,15 @@ module Openneo
begin
auth_session = Session.find session[:session_id]
rescue Session::NotFound => e
fail! e.message
pass
else
auth_session.destroy!
cookies.permanent.signed[:remember_me] = auth_session.user.id
success! auth_session.user
end
end
end
class Remember < Warden::Strategies::Base
def valid?
cookies.signed[:remember_me]
end
def authenticate!
user = Auth.config.find_user_by_remembering cookies.signed[:remember_me]
if user
success! user
else
fail!
end
def remember_me?
true
end
end
end

BIN
vendor/cache/bcrypt-ruby-2.1.2.gem vendored Normal file

Binary file not shown.

BIN
vendor/cache/devise-1.1.5.gem vendored Normal file

Binary file not shown.

Binary file not shown.

Binary file not shown.

BIN
vendor/cache/warden-1.0.3.gem vendored Normal file

Binary file not shown.