Commit 34b572e59e11d4ca287b0db896e6071b631d0cbe
Exists in
master
and in
21 other branches
Merge branch 'api_private_token' into 'api'
Change private_token from session to user creation See merge request !645
Showing
5 changed files
with
35 additions
and
5 deletions
Show diff stats
app/controllers/my_profile/profile_editor_controller.rb
| @@ -132,6 +132,13 @@ class ProfileEditorController < MyProfileController | @@ -132,6 +132,13 @@ class ProfileEditorController < MyProfileController | ||
| 132 | redirect_to_previous_location | 132 | redirect_to_previous_location |
| 133 | end | 133 | end |
| 134 | 134 | ||
| 135 | + def reset_private_token | ||
| 136 | + profile = environment.profiles.find(params[:id]) | ||
| 137 | + profile.user.generate_private_token! | ||
| 138 | + | ||
| 139 | + redirect_to_previous_location | ||
| 140 | + end | ||
| 141 | + | ||
| 135 | protected | 142 | protected |
| 136 | 143 | ||
| 137 | def redirect_to_previous_location | 144 | def redirect_to_previous_location |
app/controllers/public/account_controller.rb
| @@ -16,7 +16,7 @@ class AccountController < ApplicationController | @@ -16,7 +16,7 @@ class AccountController < ApplicationController | ||
| 16 | def activate | 16 | def activate |
| 17 | @user = User.find_by_activation_code(params[:activation_code]) if params[:activation_code] | 17 | @user = User.find_by_activation_code(params[:activation_code]) if params[:activation_code] |
| 18 | if @user | 18 | if @user |
| 19 | - unless @user.environment.enabled?('admin_must_approve_new_users') | 19 | + unless @user.environment.enabled?('admin_must_approve_new_users') |
| 20 | if @user.activate | 20 | if @user.activate |
| 21 | @message = _("Your account has been activated, now you can log in!") | 21 | @message = _("Your account has been activated, now you can log in!") |
| 22 | check_redirection | 22 | check_redirection |
| @@ -30,7 +30,7 @@ class AccountController < ApplicationController | @@ -30,7 +30,7 @@ class AccountController < ApplicationController | ||
| 30 | @user.activation_code = nil | 30 | @user.activation_code = nil |
| 31 | @user.save! | 31 | @user.save! |
| 32 | redirect_to :controller => :home | 32 | redirect_to :controller => :home |
| 33 | - end | 33 | + end |
| 34 | end | 34 | end |
| 35 | else | 35 | else |
| 36 | session[:notice] = _("It looks like you're trying to activate an account. Perhaps have already activated this account?") | 36 | session[:notice] = _("It looks like you're trying to activate an account. Perhaps have already activated this account?") |
app/models/user.rb
| @@ -113,6 +113,7 @@ class User < ActiveRecord::Base | @@ -113,6 +113,7 @@ class User < ActiveRecord::Base | ||
| 113 | validates_uniqueness_of :login, :email, :case_sensitive => false, :scope => :environment_id | 113 | validates_uniqueness_of :login, :email, :case_sensitive => false, :scope => :environment_id |
| 114 | before_save :encrypt_password | 114 | before_save :encrypt_password |
| 115 | before_save :normalize_email, if: proc{ |u| u.email.present? } | 115 | before_save :normalize_email, if: proc{ |u| u.email.present? } |
| 116 | + before_save :generate_private_token_if_not_exist | ||
| 116 | validates_format_of :email, :with => Noosfero::Constants::EMAIL_FORMAT, :if => (lambda {|user| !user.email.blank?}) | 117 | validates_format_of :email, :with => Noosfero::Constants::EMAIL_FORMAT, :if => (lambda {|user| !user.email.blank?}) |
| 117 | 118 | ||
| 118 | validates_inclusion_of :terms_accepted, :in => [ '1' ], :if => lambda { |u| ! u.terms_of_use.blank? }, :message => N_('{fn} must be checked in order to signup.').fix_i18n | 119 | validates_inclusion_of :terms_accepted, :in => [ '1' ], :if => lambda { |u| ! u.terms_of_use.blank? }, :message => N_('{fn} must be checked in order to signup.').fix_i18n |
| @@ -122,19 +123,33 @@ class User < ActiveRecord::Base | @@ -122,19 +123,33 @@ class User < ActiveRecord::Base | ||
| 122 | environment ||= Environment.default | 123 | environment ||= Environment.default |
| 123 | u = self.first :conditions => ['(login = ? OR email = ?) AND environment_id = ? AND activated_at IS NOT NULL', | 124 | u = self.first :conditions => ['(login = ? OR email = ?) AND environment_id = ? AND activated_at IS NOT NULL', |
| 124 | login, login, environment.id] # need to get the salt | 125 | login, login, environment.id] # need to get the salt |
| 125 | - u && u.authenticated?(password) ? u : nil | 126 | + if u && u.authenticated?(password) |
| 127 | + u.generate_private_token_if_not_exist | ||
| 128 | + return u | ||
| 129 | + end | ||
| 130 | + return nil | ||
| 126 | end | 131 | end |
| 127 | 132 | ||
| 128 | def register_login | 133 | def register_login |
| 129 | self.update_attribute :last_login_at, Time.now | 134 | self.update_attribute :last_login_at, Time.now |
| 130 | end | 135 | end |
| 131 | 136 | ||
| 132 | - def generate_private_token! | 137 | + def generate_private_token |
| 133 | self.private_token = SecureRandom.hex | 138 | self.private_token = SecureRandom.hex |
| 134 | self.private_token_generated_at = DateTime.now | 139 | self.private_token_generated_at = DateTime.now |
| 140 | + end | ||
| 141 | + | ||
| 142 | + def generate_private_token! | ||
| 143 | + self.generate_private_token | ||
| 135 | save(:validate => false) | 144 | save(:validate => false) |
| 136 | end | 145 | end |
| 137 | 146 | ||
| 147 | + def generate_private_token_if_not_exist | ||
| 148 | + unless self.private_token | ||
| 149 | + self.generate_private_token | ||
| 150 | + end | ||
| 151 | + end | ||
| 152 | + | ||
| 138 | TOKEN_VALIDITY = 2.weeks | 153 | TOKEN_VALIDITY = 2.weeks |
| 139 | def private_token_expired? | 154 | def private_token_expired? |
| 140 | self.private_token.nil? || (self.private_token_generated_at + TOKEN_VALIDITY < DateTime.now) | 155 | self.private_token.nil? || (self.private_token_generated_at + TOKEN_VALIDITY < DateTime.now) |
app/views/profile_editor/_person_form.html.erb
| 1 | <% @person ||= @profile %> | 1 | <% @person ||= @profile %> |
| 2 | 2 | ||
| 3 | +<div class="formfieldline"> | ||
| 4 | + <%= label_tag("private_token", _("Private Token")) %> | ||
| 5 | + <div class="formfield type-text"> | ||
| 6 | + <%= text_field_tag("a", @profile.user.private_token, :size => 30) %> | ||
| 7 | + </div> | ||
| 8 | +</div> | ||
| 9 | + | ||
| 10 | +<%= link_to("Reset token", {:controller => :profile_editor, :action => :reset_private_token, :id => @person.id}, :class => "button with-text") %> | ||
| 11 | + | ||
| 3 | <% optional_field(@person, 'nickname') do %> | 12 | <% optional_field(@person, 'nickname') do %> |
| 4 | <%= f.text_field(:nickname, :maxlength => 16, :size => 30, :rel => _('Nickname')) %> | 13 | <%= f.text_field(:nickname, :maxlength => 16, :size => 30, :rel => _('Nickname')) %> |
| 5 | <div> | 14 | <div> |
lib/noosfero/api/session.rb
| @@ -17,7 +17,6 @@ module Noosfero | @@ -17,7 +17,6 @@ module Noosfero | ||
| 17 | user ||= User.authenticate(params[:login], params[:password], environment) | 17 | user ||= User.authenticate(params[:login], params[:password], environment) |
| 18 | 18 | ||
| 19 | return unauthorized! unless user | 19 | return unauthorized! unless user |
| 20 | - user.generate_private_token! | ||
| 21 | @current_user = user | 20 | @current_user = user |
| 22 | present user, :with => Entities::UserLogin | 21 | present user, :with => Entities::UserLogin |
| 23 | end | 22 | end |