forked from OpenNeo/impress
Merge branch 'fixleak'
This commit is contained in:
commit
bb1f10c60b
18 changed files with 224 additions and 54 deletions
3
Gemfile
3
Gemfile
|
@ -7,8 +7,7 @@ gem 'compass', '~> 0.10.1'
|
||||||
gem 'haml', '~> 3.0.18'
|
gem 'haml', '~> 3.0.18'
|
||||||
gem 'rdiscount', '~> 1.6.5'
|
gem 'rdiscount', '~> 1.6.5'
|
||||||
gem 'will_paginate', '~> 3.0.pre2'
|
gem 'will_paginate', '~> 3.0.pre2'
|
||||||
gem 'warden', '~> 1.0.1'
|
gem 'devise', '~> 1.1.5'
|
||||||
gem 'rails_warden', '~> 0.5.2'
|
|
||||||
|
|
||||||
# unstable version of RocketAMF interprets info registry as a hash instead of an array
|
# unstable version of RocketAMF interprets info registry as a hash instead of an array
|
||||||
gem 'RocketAMF', :git => 'git://github.com/warhammerkid/rocket-amf.git'
|
gem 'RocketAMF', :git => 'git://github.com/warhammerkid/rocket-amf.git'
|
||||||
|
|
11
Gemfile.lock
11
Gemfile.lock
|
@ -71,11 +71,15 @@ GEM
|
||||||
activesupport (3.0.3)
|
activesupport (3.0.3)
|
||||||
addressable (2.2.1)
|
addressable (2.2.1)
|
||||||
arel (2.0.3)
|
arel (2.0.3)
|
||||||
|
bcrypt-ruby (2.1.2)
|
||||||
builder (2.1.2)
|
builder (2.1.2)
|
||||||
closure-compiler (0.3.3)
|
closure-compiler (0.3.3)
|
||||||
compass (0.10.5)
|
compass (0.10.5)
|
||||||
haml (>= 3.0.4)
|
haml (>= 3.0.4)
|
||||||
daemons (1.1.0)
|
daemons (1.1.0)
|
||||||
|
devise (1.1.5)
|
||||||
|
bcrypt-ruby (~> 2.1.2)
|
||||||
|
warden (~> 1.0.2)
|
||||||
diff-lcs (1.1.2)
|
diff-lcs (1.1.2)
|
||||||
erubis (2.6.6)
|
erubis (2.6.6)
|
||||||
abstract (>= 1.0.0)
|
abstract (>= 1.0.0)
|
||||||
|
@ -116,8 +120,6 @@ GEM
|
||||||
activesupport (= 3.0.3)
|
activesupport (= 3.0.3)
|
||||||
bundler (~> 1.0)
|
bundler (~> 1.0)
|
||||||
railties (= 3.0.3)
|
railties (= 3.0.3)
|
||||||
rails_warden (0.5.2)
|
|
||||||
warden
|
|
||||||
railties (3.0.3)
|
railties (3.0.3)
|
||||||
actionpack (= 3.0.3)
|
actionpack (= 3.0.3)
|
||||||
activesupport (= 3.0.3)
|
activesupport (= 3.0.3)
|
||||||
|
@ -146,7 +148,7 @@ GEM
|
||||||
treetop (1.4.9)
|
treetop (1.4.9)
|
||||||
polyglot (>= 0.3.1)
|
polyglot (>= 0.3.1)
|
||||||
tzinfo (0.3.23)
|
tzinfo (0.3.23)
|
||||||
warden (1.0.1)
|
warden (1.0.3)
|
||||||
rack (>= 1.0.0)
|
rack (>= 1.0.0)
|
||||||
whenever (0.6.2)
|
whenever (0.6.2)
|
||||||
aaronh-chronic (>= 0.3.9)
|
aaronh-chronic (>= 0.3.9)
|
||||||
|
@ -161,6 +163,7 @@ DEPENDENCIES
|
||||||
RocketAMF!
|
RocketAMF!
|
||||||
addressable
|
addressable
|
||||||
compass (~> 0.10.1)
|
compass (~> 0.10.1)
|
||||||
|
devise (~> 1.1.5)
|
||||||
em-http-request!
|
em-http-request!
|
||||||
em-mysqlplus!
|
em-mysqlplus!
|
||||||
em-synchrony!
|
em-synchrony!
|
||||||
|
@ -175,10 +178,8 @@ DEPENDENCIES
|
||||||
openneo-auth-signatory (~> 0.1.0)
|
openneo-auth-signatory (~> 0.1.0)
|
||||||
rack-fiber_pool
|
rack-fiber_pool
|
||||||
rails (= 3.0.3)
|
rails (= 3.0.3)
|
||||||
rails_warden (~> 0.5.2)
|
|
||||||
rdiscount (~> 1.6.5)
|
rdiscount (~> 1.6.5)
|
||||||
rspec-rails (~> 2.0.0.beta.22)
|
rspec-rails (~> 2.0.0.beta.22)
|
||||||
thin (~> 1.2.7)
|
thin (~> 1.2.7)
|
||||||
warden (~> 1.0.1)
|
|
||||||
whenever (~> 0.6.2)
|
whenever (~> 0.6.2)
|
||||||
will_paginate (~> 3.0.pre2)
|
will_paginate (~> 3.0.pre2)
|
||||||
|
|
|
@ -1,19 +1,3 @@
|
||||||
class ApplicationController < ActionController::Base
|
class ApplicationController < ActionController::Base
|
||||||
protect_from_forgery
|
protect_from_forgery
|
||||||
|
|
||||||
helper_method :current_user, :user_signed_in?
|
|
||||||
|
|
||||||
protected
|
|
||||||
|
|
||||||
def current_user
|
|
||||||
@current_user ||= warden.authenticate
|
|
||||||
end
|
|
||||||
|
|
||||||
def user_signed_in?
|
|
||||||
current_user ? true : false
|
|
||||||
end
|
|
||||||
|
|
||||||
def warden
|
|
||||||
env['warden']
|
|
||||||
end
|
|
||||||
end
|
end
|
||||||
|
|
|
@ -17,8 +17,7 @@ class SessionsController < ApplicationController
|
||||||
end
|
end
|
||||||
|
|
||||||
def destroy
|
def destroy
|
||||||
warden.logout
|
sign_out(:user)
|
||||||
cookies.delete :remember_me
|
|
||||||
redirect_to (params[:return_to] || root_path)
|
redirect_to (params[:return_to] || root_path)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -7,6 +7,8 @@ class User < ActiveRecord::Base
|
||||||
|
|
||||||
scope :top_contributors, order('points DESC').where(arel_table[:points].gt(0))
|
scope :top_contributors, order('points DESC').where(arel_table[:points].gt(0))
|
||||||
|
|
||||||
|
devise :rememberable
|
||||||
|
|
||||||
def contribute!(pet)
|
def contribute!(pet)
|
||||||
new_contributions = []
|
new_contributions = []
|
||||||
new_points = 0
|
new_points = 0
|
||||||
|
|
146
config/initializers/devise.rb
Normal file
146
config/initializers/devise.rb
Normal file
|
@ -0,0 +1,146 @@
|
||||||
|
# Use this hook to configure devise mailer, warden hooks and so forth. The first
|
||||||
|
# four configuration values can also be set straight in your models.
|
||||||
|
Devise.setup do |config|
|
||||||
|
# ==> Mailer Configuration
|
||||||
|
# Configure the e-mail address which will be shown in DeviseMailer.
|
||||||
|
config.mailer_sender = "please-change-me@config-initializers-devise.com"
|
||||||
|
|
||||||
|
# Configure the class responsible to send e-mails.
|
||||||
|
# config.mailer = "Devise::Mailer"
|
||||||
|
|
||||||
|
# ==> ORM configuration
|
||||||
|
# Load and configure the ORM. Supports :active_record (default) and
|
||||||
|
# :mongoid (bson_ext recommended) by default. Other ORMs may be
|
||||||
|
# available as additional gems.
|
||||||
|
require 'devise/orm/active_record'
|
||||||
|
|
||||||
|
# ==> Configuration for any authentication mechanism
|
||||||
|
# Configure which keys are used when authenticating an user. By default is
|
||||||
|
# just :email. You can configure it to use [:username, :subdomain], so for
|
||||||
|
# authenticating an user, both parameters are required. Remember that those
|
||||||
|
# parameters are used only when authenticating and not when retrieving from
|
||||||
|
# session. If you need permissions, you should implement that in a before filter.
|
||||||
|
# config.authentication_keys = [ :email ]
|
||||||
|
|
||||||
|
# Tell if authentication through request.params is enabled. True by default.
|
||||||
|
# config.params_authenticatable = true
|
||||||
|
|
||||||
|
# Tell if authentication through HTTP Basic Auth is enabled. False by default.
|
||||||
|
# config.http_authenticatable = false
|
||||||
|
|
||||||
|
# Set this to true to use Basic Auth for AJAX requests. True by default.
|
||||||
|
# config.http_authenticatable_on_xhr = true
|
||||||
|
|
||||||
|
# The realm used in Http Basic Authentication
|
||||||
|
# config.http_authentication_realm = "Application"
|
||||||
|
|
||||||
|
# ==> Configuration for :database_authenticatable
|
||||||
|
# For bcrypt, this is the cost for hashing the password and defaults to 10. If
|
||||||
|
# using other encryptors, it sets how many times you want the password re-encrypted.
|
||||||
|
config.stretches = 10
|
||||||
|
|
||||||
|
# Define which will be the encryption algorithm. Devise also supports encryptors
|
||||||
|
# from others authentication tools as :clearance_sha1, :authlogic_sha512 (then
|
||||||
|
# you should set stretches above to 20 for default behavior) and :restful_authentication_sha1
|
||||||
|
# (then you should set stretches to 10, and copy REST_AUTH_SITE_KEY to pepper)
|
||||||
|
config.encryptor = :bcrypt
|
||||||
|
|
||||||
|
# Setup a pepper to generate the encrypted password.
|
||||||
|
config.pepper = "f6a7bb49e6d2348d529bf4c64c09af1491284e90087d282713825f09b8ac0d78be1d3e5fb65b4f95115da90a8b6be60a9d4da68ae60a6174a6c238976b52b848"
|
||||||
|
|
||||||
|
# ==> Configuration for :confirmable
|
||||||
|
# The time you want to give your user to confirm his account. During this time
|
||||||
|
# he will be able to access your application without confirming. Default is nil.
|
||||||
|
# When confirm_within is zero, the user won't be able to sign in without confirming.
|
||||||
|
# You can use this to let your user access some features of your application
|
||||||
|
# without confirming the account, but blocking it after a certain period
|
||||||
|
# (ie 2 days).
|
||||||
|
# config.confirm_within = 2.days
|
||||||
|
|
||||||
|
# ==> Configuration for :rememberable
|
||||||
|
# The time the user will be remembered without asking for credentials again.
|
||||||
|
# config.remember_for = 2.weeks
|
||||||
|
|
||||||
|
# If true, a valid remember token can be re-used between multiple browsers.
|
||||||
|
# config.remember_across_browsers = true
|
||||||
|
|
||||||
|
# If true, extends the user's remember period when remembered via cookie.
|
||||||
|
# config.extend_remember_period = false
|
||||||
|
|
||||||
|
# ==> Configuration for :validatable
|
||||||
|
# Range for password length
|
||||||
|
# config.password_length = 6..20
|
||||||
|
|
||||||
|
# Regex to use to validate the email address
|
||||||
|
# config.email_regexp = /^([\w\.%\+\-]+)@([\w\-]+\.)+([\w]{2,})$/i
|
||||||
|
|
||||||
|
# ==> Configuration for :timeoutable
|
||||||
|
# The time you want to timeout the user session without activity. After this
|
||||||
|
# time the user will be asked for credentials again.
|
||||||
|
# config.timeout_in = 10.minutes
|
||||||
|
|
||||||
|
# ==> Configuration for :lockable
|
||||||
|
# Defines which strategy will be used to lock an account.
|
||||||
|
# :failed_attempts = Locks an account after a number of failed attempts to sign in.
|
||||||
|
# :none = No lock strategy. You should handle locking by yourself.
|
||||||
|
# config.lock_strategy = :failed_attempts
|
||||||
|
|
||||||
|
# Defines which strategy will be used to unlock an account.
|
||||||
|
# :email = Sends an unlock link to the user email
|
||||||
|
# :time = Re-enables login after a certain amount of time (see :unlock_in below)
|
||||||
|
# :both = Enables both strategies
|
||||||
|
# :none = No unlock strategy. You should handle unlocking by yourself.
|
||||||
|
# config.unlock_strategy = :both
|
||||||
|
|
||||||
|
# Number of authentication tries before locking an account if lock_strategy
|
||||||
|
# is failed attempts.
|
||||||
|
# config.maximum_attempts = 20
|
||||||
|
|
||||||
|
# Time interval to unlock the account if :time is enabled as unlock_strategy.
|
||||||
|
# config.unlock_in = 1.hour
|
||||||
|
|
||||||
|
# ==> Configuration for :token_authenticatable
|
||||||
|
# Defines name of the authentication token params key
|
||||||
|
# config.token_authentication_key = :auth_token
|
||||||
|
|
||||||
|
# ==> Scopes configuration
|
||||||
|
# Turn scoped views on. Before rendering "sessions/new", it will first check for
|
||||||
|
# "users/sessions/new". It's turned off by default because it's slower if you
|
||||||
|
# are using only default views.
|
||||||
|
# config.scoped_views = true
|
||||||
|
|
||||||
|
# Configure the default scope given to Warden. By default it's the first
|
||||||
|
# devise role declared in your routes.
|
||||||
|
# config.default_scope = :user
|
||||||
|
|
||||||
|
# Configure sign_out behavior.
|
||||||
|
# By default sign_out is scoped (i.e. /users/sign_out affects only :user scope).
|
||||||
|
# In case of sign_out_all_scopes set to true any logout action will sign out all active scopes.
|
||||||
|
# config.sign_out_all_scopes = false
|
||||||
|
|
||||||
|
# ==> Navigation configuration
|
||||||
|
# Lists the formats that should be treated as navigational. Formats like
|
||||||
|
# :html, should redirect to the sign in page when the user does not have
|
||||||
|
# access, but formats like :xml or :json, should return 401.
|
||||||
|
# If you have any extra navigational formats, like :iphone or :mobile, you
|
||||||
|
# should add them to the navigational formats lists. Default is [:html]
|
||||||
|
# config.navigational_formats = [:html, :iphone]
|
||||||
|
|
||||||
|
# ==> Warden configuration
|
||||||
|
# If you want to use other strategies, that are not (yet) supported by Devise,
|
||||||
|
# you can configure them inside the config.warden block. The example below
|
||||||
|
# allows you to setup OAuth, using http://github.com/roman/warden_oauth
|
||||||
|
#
|
||||||
|
# config.warden do |manager|
|
||||||
|
# manager.oauth(:twitter) do |twitter|
|
||||||
|
# twitter.consumer_secret = <YOUR CONSUMER SECRET>
|
||||||
|
# twitter.consumer_key = <YOUR CONSUMER KEY>
|
||||||
|
# twitter.options :site => 'http://twitter.com'
|
||||||
|
# end
|
||||||
|
# manager.default_strategies(:scope => :user).unshift :twitter_oauth
|
||||||
|
# end
|
||||||
|
|
||||||
|
config.warden do |manager|
|
||||||
|
manager.default_strategies(:scope => :user).unshift(:openneo_auth_token)
|
||||||
|
end
|
||||||
|
end
|
|
@ -1,8 +1,3 @@
|
||||||
Rails.configuration.middleware.use RailsWarden::Manager do |manager|
|
|
||||||
manager.default_strategies :openneo_auth_remember, :openneo_auth_token
|
|
||||||
manager.failure_app = SessionsController.action(:failure)
|
|
||||||
end
|
|
||||||
|
|
||||||
require 'openneo-auth'
|
require 'openneo-auth'
|
||||||
require 'yaml'
|
require 'yaml'
|
||||||
|
|
39
config/locales/devise.en.yml
Normal file
39
config/locales/devise.en.yml
Normal file
|
@ -0,0 +1,39 @@
|
||||||
|
en:
|
||||||
|
errors:
|
||||||
|
messages:
|
||||||
|
not_found: "not found"
|
||||||
|
already_confirmed: "was already confirmed"
|
||||||
|
not_locked: "was not locked"
|
||||||
|
|
||||||
|
devise:
|
||||||
|
failure:
|
||||||
|
unauthenticated: 'You need to sign in or sign up before continuing.'
|
||||||
|
unconfirmed: 'You have to confirm your account before continuing.'
|
||||||
|
locked: 'Your account is locked.'
|
||||||
|
invalid: 'Invalid email or password.'
|
||||||
|
invalid_token: 'Invalid authentication token.'
|
||||||
|
timeout: 'Your session expired, please sign in again to continue.'
|
||||||
|
inactive: 'Your account was not activated yet.'
|
||||||
|
sessions:
|
||||||
|
signed_in: 'Signed in successfully.'
|
||||||
|
signed_out: 'Signed out successfully.'
|
||||||
|
passwords:
|
||||||
|
send_instructions: 'You will receive an email with instructions about how to reset your password in a few minutes.'
|
||||||
|
updated: 'Your password was changed successfully. You are now signed in.'
|
||||||
|
confirmations:
|
||||||
|
send_instructions: 'You will receive an email with instructions about how to confirm your account in a few minutes.'
|
||||||
|
confirmed: 'Your account was successfully confirmed. You are now signed in.'
|
||||||
|
registrations:
|
||||||
|
signed_up: 'You have signed up successfully. If enabled, a confirmation was sent to your e-mail.'
|
||||||
|
updated: 'You updated your account successfully.'
|
||||||
|
destroyed: 'Bye! Your account was successfully cancelled. We hope to see you again soon.'
|
||||||
|
unlocks:
|
||||||
|
send_instructions: 'You will receive an email with instructions about how to unlock your account in a few minutes.'
|
||||||
|
unlocked: 'Your account was successfully unlocked. You are now signed in.'
|
||||||
|
mailer:
|
||||||
|
confirmation_instructions:
|
||||||
|
subject: 'Confirmation instructions'
|
||||||
|
reset_password_instructions:
|
||||||
|
subject: 'Reset password instructions'
|
||||||
|
unlock_instructions:
|
||||||
|
subject: 'Unlock Instructions'
|
|
@ -1,5 +1,7 @@
|
||||||
OpenneoImpressItems::Application.routes.draw do |map|
|
OpenneoImpressItems::Application.routes.draw do |map|
|
||||||
root :to => 'outfits#new'
|
root :to => 'outfits#new'
|
||||||
|
|
||||||
|
devise_for :users
|
||||||
|
|
||||||
match '/item_zone_sets.json' => 'ItemZoneSets#index'
|
match '/item_zone_sets.json' => 'ItemZoneSets#index'
|
||||||
|
|
||||||
|
|
14
db/migrate/20110126180835_users_devise.rb
Normal file
14
db/migrate/20110126180835_users_devise.rb
Normal file
|
@ -0,0 +1,14 @@
|
||||||
|
class UsersDevise < ActiveRecord::Migration
|
||||||
|
def self.up
|
||||||
|
change_table :users do |t|
|
||||||
|
t.rememberable
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
def self.down
|
||||||
|
change_table :users do |t|
|
||||||
|
t.remove :remember_token
|
||||||
|
t.remove :remember_created_at
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
14
db/schema.rb
14
db/schema.rb
|
@ -10,7 +10,7 @@
|
||||||
#
|
#
|
||||||
# It's strongly recommended to check this file into your version control system.
|
# It's strongly recommended to check this file into your version control system.
|
||||||
|
|
||||||
ActiveRecord::Schema.define(:version => 20101125160843) do
|
ActiveRecord::Schema.define(:version => 20110126180835) do
|
||||||
|
|
||||||
create_table "auth_servers", :force => true do |t|
|
create_table "auth_servers", :force => true do |t|
|
||||||
t.string "short_name", :limit => 10, :null => false
|
t.string "short_name", :limit => 10, :null => false
|
||||||
|
@ -133,11 +133,13 @@ ActiveRecord::Schema.define(:version => 20101125160843) do
|
||||||
add_index "swf_assets", ["zone_id"], :name => "idx_swf_assets_zone_id"
|
add_index "swf_assets", ["zone_id"], :name => "idx_swf_assets_zone_id"
|
||||||
|
|
||||||
create_table "users", :force => true do |t|
|
create_table "users", :force => true do |t|
|
||||||
t.string "name", :limit => 20, :null => false
|
t.string "name", :limit => 20, :null => false
|
||||||
t.integer "auth_server_id", :limit => 1, :null => false
|
t.integer "auth_server_id", :limit => 1, :null => false
|
||||||
t.integer "remote_id", :null => false
|
t.integer "remote_id", :null => false
|
||||||
t.integer "points", :default => 0, :null => false
|
t.integer "points", :default => 0, :null => false
|
||||||
t.boolean "beta", :default => false, :null => false
|
t.boolean "beta", :default => false, :null => false
|
||||||
|
t.string "remember_token"
|
||||||
|
t.datetime "remember_created_at"
|
||||||
end
|
end
|
||||||
|
|
||||||
create_table "zones", :force => true do |t|
|
create_table "zones", :force => true do |t|
|
||||||
|
|
|
@ -2,7 +2,6 @@ require 'openneo-auth/session'
|
||||||
require 'openneo-auth/strategy'
|
require 'openneo-auth/strategy'
|
||||||
|
|
||||||
Warden::Strategies.add :openneo_auth_token, Openneo::Auth::Strategies::Token
|
Warden::Strategies.add :openneo_auth_token, Openneo::Auth::Strategies::Token
|
||||||
Warden::Strategies.add :openneo_auth_remember, Openneo::Auth::Strategies::Remember
|
|
||||||
|
|
||||||
module Openneo
|
module Openneo
|
||||||
module Auth
|
module Auth
|
||||||
|
|
|
@ -1,9 +1,9 @@
|
||||||
require 'warden'
|
require 'devise'
|
||||||
|
|
||||||
module Openneo
|
module Openneo
|
||||||
module Auth
|
module Auth
|
||||||
module Strategies
|
module Strategies
|
||||||
class Token < Warden::Strategies::Base
|
class Token < Devise::Strategies::Authenticatable
|
||||||
def valid?
|
def valid?
|
||||||
session && session[:session_id]
|
session && session[:session_id]
|
||||||
end
|
end
|
||||||
|
@ -12,27 +12,15 @@ module Openneo
|
||||||
begin
|
begin
|
||||||
auth_session = Session.find session[:session_id]
|
auth_session = Session.find session[:session_id]
|
||||||
rescue Session::NotFound => e
|
rescue Session::NotFound => e
|
||||||
fail! e.message
|
pass
|
||||||
else
|
else
|
||||||
auth_session.destroy!
|
auth_session.destroy!
|
||||||
cookies.permanent.signed[:remember_me] = auth_session.user.id
|
|
||||||
success! auth_session.user
|
success! auth_session.user
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
|
||||||
|
|
||||||
class Remember < Warden::Strategies::Base
|
|
||||||
def valid?
|
|
||||||
cookies.signed[:remember_me]
|
|
||||||
end
|
|
||||||
|
|
||||||
def authenticate!
|
def remember_me?
|
||||||
user = Auth.config.find_user_by_remembering cookies.signed[:remember_me]
|
true
|
||||||
if user
|
|
||||||
success! user
|
|
||||||
else
|
|
||||||
fail!
|
|
||||||
end
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
BIN
vendor/cache/bcrypt-ruby-2.1.2.gem
vendored
Normal file
BIN
vendor/cache/bcrypt-ruby-2.1.2.gem
vendored
Normal file
Binary file not shown.
BIN
vendor/cache/devise-1.1.5.gem
vendored
Normal file
BIN
vendor/cache/devise-1.1.5.gem
vendored
Normal file
Binary file not shown.
BIN
vendor/cache/rails_warden-0.5.2.gem
vendored
BIN
vendor/cache/rails_warden-0.5.2.gem
vendored
Binary file not shown.
BIN
vendor/cache/warden-1.0.1.gem
vendored
BIN
vendor/cache/warden-1.0.1.gem
vendored
Binary file not shown.
BIN
vendor/cache/warden-1.0.3.gem
vendored
Normal file
BIN
vendor/cache/warden-1.0.3.gem
vendored
Normal file
Binary file not shown.
Loading…
Reference in a new issue