## fix_user_compat_with_mephisto.diff [diff]Index: test/unit/user_test.rb===

1. ## fix_user_compat_with_mephisto.diff [diff]
2. Index: test/unit/user_test.rb
3. ===================================================================
4. --- test/unit/user_test.rb (revision 1929)
5. test/unit/user_test.rb (working copy)
6. @@ -54,12 54,12 @@
7. assert ! u.admin?
8. end
9.  
10. - def test_login_token
11. - assert_nil users(:aaron).login_key
12. - assert_nil users(:aaron).login_key_expires_at
13. - users(:aaron).reset_login_key!
14. - assert users(:aaron).login_key.length == 32
15. - assert users(:aaron).login_key_expires_at < Time.now.utc 1.year 1.minute
16. - assert users(:aaron).login_key_expires_at > Time.now.utc 1.year-1.minute
17. def test_remember_token
18. assert_nil users(:aaron).remember_token
19. assert_nil users(:aaron).remember_token_expires_at
20. users(:aaron).remember_me
21. assert users(:aaron).remember_token.length == 40
22. assert users(:aaron).remember_token_expires_at < Time.now.utc 2.weeks
23. assert users(:aaron).remember_token_expires_at > Time.now.utc-1.minute
24. end
25. end
26. Index: test/functional/forums_controller_test.rb
27. ===================================================================
28. --- test/functional/forums_controller_test.rb (revision 1929)
29. test/functional/forums_controller_test.rb (working copy)
30. @@ -14,16 14,16 @@
31. end
32.  
33. def test_remember_me_logs_into_home
34. - @request.cookies['login_token'] = CGI::Cookie.new('login_token',"2;8305f94ab2b92f99137abbc235ee28e5")
35. @request.cookies['auth_token'] = CGI::Cookie.new('auth_token',"265777ed4a11f9867382a1fbe2868c8a2bce37b2")
36. get :index
37. assert_equal 2, session[:user_id]
38. end
39.  
40. def test_remember_me_logs_in_when_login_required
41. - users(:aaron).login_key="8305f94ab2b92f99137abbc235ee28e5"
42. - users(:aaron).login_key_expires_at=Time.now.utc 1.week
43. users(:aaron).remember_token="3c82fc7450acf8bc20a0c9f23bdb849cb13adf4e"
44. users(:aaron).remember_token_expires_at=Time.now.utc 2.weeks
45. users(:aaron).save!
46. - @request.cookies['login_token'] = CGI::Cookie.new('login_token',"1;8305f94ab2b92f99137abbc235ee28e5")
47. @request.cookies['auth_token'] = CGI::Cookie.new('auth_token',"3c82fc7450acf8bc20a0c9f23bdb849cb13adf4e")
48. get :edit, :id => 1
49. assert_equal 1, session[:user_id]
50. end
51. Index: test/functional/sessions_controller_test.rb
52. ===================================================================
53. --- test/functional/sessions_controller_test.rb (revision 1929)
54. test/functional/sessions_controller_test.rb (working copy)
55. @@ -25,22 25,22 @@
56. post :create, :login => 'aaron', :password => 'testy', :remember_me => "1"
57. users(:aaron).reload
58.  
59. - assert cookies['login_token']
60. - assert_equal("1;#{users(:aaron).login_key}", cookies['login_token'].first)
61. - assert_not_nil users(:aaron).login_key
62. - assert_not_nil users(:aaron).login_key_expires_at
63. assert cookies['auth_token']
64. assert_equal("#{users(:aaron).remember_token}", cookies['auth_token'].first)
65. assert_not_nil users(:aaron).remember_token
66. assert_not_nil users(:aaron).remember_token_expires_at
67.  
68. #log off
69. post :destroy
70. - assert cookies['login_token'].empty?
71. assert cookies['auth_token'].empty?
72.  
73. # make sure it change if log in again
74. sleep 1
75. old = users(:aaron).clone
76. post :create, :login => 'aaron', :password => 'testy', :remember_me => "1"
77. users(:aaron).reload
78. - assert_not_equal(old.login_key, users(:aaron).login_key)
79. - assert_not_equal(old.login_key_expires_at, users(:aaron).login_key_expires_at)
80. assert_not_equal(old.remember_token, users(:aaron).remember_token)
81. assert_not_equal(old.remember_token_expires_at, users(:aaron).remember_token_expires_at)
82. end
83.  
84. def test_should_fail_login
85. Index: test/fixtures/users.yml
86. ===================================================================
87. --- test/fixtures/users.yml (revision 1929)
88. test/fixtures/users.yml (working copy)
89. @@ -2,7 2,8 @@
90. id: 1
91. login: aaron
92. email: aaron@email.com
93. - password: testy
94. crypted_password: f3b0ba77ac3e3196e5fc5ce82eb9ba276a64fa02 # testy
95. salt: 0a0f0d417e897bba35e24ed7ad5ad48981eaf7fa
96. created_at: <%= 5.days.ago.to_s :db %>
97. posts_count: 2
98. last_login_at: <%= 5.minutes.ago.to_s :db %>
99. @@ -14,10 15,11 @@
100. login: sam
101. display_name: sam
102. email: sam@email.com
103. - password: testy
104. crypted_password: 33b78c4246ee1e25f3c98597acf47a706ba9d374 # testy
105. salt: fefa0dd004b8a840e1352a9d860c0349c61f682e
106. created_at: <%= 4.days.ago.to_s :db %>
107. posts_count: 2
108. last_login_at: <%= 4.minutes.ago.to_s :db %>
109. last_seen_at: <%= 4.minutes.ago.to_s :db %>
110. - login_key: 8305f94ab2b92f99137abbc235ee28e5
111. - login_key_expires_at: <%= Time.now.utc 1.week %>
112. \ No newline at end of file
113. remember_token: 265777ed4a11f9867382a1fbe2868c8a2bce37b2
114. remember_token_expires_at: <%= Time.now.utc 2.weeks %>
115. Index: app/models/user.rb
116. ===================================================================
117. --- app/models/user.rb (revision 1929)
118. app/models/user.rb (working copy)
119. @@ -1,26 1,9 @@
120. -require 'md5'
121. -
122. -class User < ActiveRecord::Base
123. class User < UserAuth
124. has_many :moderatorships, :dependent => :destroy
125. has_many :forums, :through => :moderatorships, :order => 'forums.name'
126.  
127. has_many :posts
128. - validates_presence_of :login, :email, :password
129. - validates_uniqueness_of :login, :email, :case_sensitive => false
130. - # names that start with #s really upset me for some reason
131. - validates_format_of :login, :with => /^[a-zA-Z]{2}(?:\w )?$/
132. - validates_length_of :login, :minimum => 2
133.  
134. - # names that start with #s really upset me for some reason
135. - validates_format_of :display_name, :with => /^[a-zA-Z]{2}(?:[.'\w ] )?$/
136. - validates_uniqueness_of :display_name, :case_sensitive => false
137. -
138. - validates_confirmation_of :password, :on => :create
139. - validates_length_of :password, :minimum => 5
140. - before_validation { |u| u.display_name = u.login if u.display_name.blank? }
141. - # first user becomes admin automatically
142. - before_create { |u| u.admin = true if User.count == 0 }
143. -
144. attr_protected :admin, :posts_count, :login, :created_at, :updated_at, :last_login_at, :topics_count
145.  
146. def self.currently_online
147. @@ -28,16 11,7 @@
148. User.find(user_ids)
149. end
150.  
151. - def reset_login_key!
152. - self.login_key = MD5.md5(Time.now.to_s password rand(123456789).to_s).to_s
153. - # this is not currently honored
154. - self.login_key_expires_at = Time.now.utc 1.year
155. - save!
156. - login_key
157. - end
158. -
159. def moderator_of?(forum)
160. moderatorships.count(:all, :conditions => ['forum_id = ?', (forum.is_a?(Forum) ? forum.id : forum)]) == 1
161. end
162. -
163. end
164. Index: app/models/user_auth.rb
165. ===================================================================
166. --- app/models/user_auth.rb (revision 0)
167. app/models/user_auth.rb (revision 0)
168. @@ -0,0 1,77 @@
169. require 'digest/sha1'
170. class UserAuth < ActiveRecord::Base
171. set_table_name 'users'
172. self.abstract_class = true
173. # Virtual attribute for the unencrypted password
174. attr_accessor :password
175.  
176. validates_presence_of :login, :email
177. validates_presence_of :password, :if => :password_required?
178. validates_presence_of :password_confirmation, :if => :password_required?
179. validates_length_of :password, :within => 5..40, :if => :password_required?
180. validates_confirmation_of :password, :if => :password_required?
181. validates_length_of :login, :within => 3..40
182. validates_length_of :email, :within => 3..100
183. validates_uniqueness_of :login, :email, :case_sensitve => false
184. # names that start with #s really upset me for some reason
185. validates_format_of :login, :with => /^[a-zA-Z]{2}(?:\w )?$/
186. validates_length_of :login, :minimum => 2
187.  
188. # names that start with #s really upset me for some reason
189. validates_format_of :display_name, :with => /^[a-zA-Z]{2}(?:[.'\w ] )?$/
190. validates_uniqueness_of :display_name, :case_sensitive => false
191.  
192. before_validation { |u| u.display_name = u.login if u.display_name.blank? }
193. # first user becomes admin automatically
194. before_create { |u| u.admin = true if User.count == 0 }
195.  
196. before_save :encrypt_password
197.  
198. # Authenticates a user by their login name and unencrypted password. Returns the user or nil.
199. def self.authenticate(login, password)
200. u = find_by_login(login) # need to get the salt
201. u && u.authenticated?(password) ? u : nil
202. end
203.  
204. # Encrypts some data with the salt.
205. def self.encrypt(password, salt)
206. Digest::SHA1.hexdigest("--#{salt}--#{password}--")
207. end
208.  
209. # Encrypts the password with the user salt
210. def encrypt(password)
211. self.class.encrypt(password, salt)
212. end
213.  
214. def authenticated?(password)
215. crypted_password == encrypt(password)
216. end
217.  
218. def remember_token?
219. remember_token_expires_at && Time.now.utc < remember_token_expires_at
220. end
221.  
222. # These create and unset the fields required for remembering users between browser closes
223. def remember_me
224. self.remember_token_expires_at = 2.weeks.from_now.utc
225. self.remember_token = encrypt("#{email}--#{remember_token_expires_at}")
226. save(false)
227. end
228.  
229. def forget_me
230. self.remember_token_expires_at = nil
231. self.remember_token = nil
232. save(false)
233. end
234.  
235. protected
236. def encrypt_password
237. return if password.blank?
238. self.salt = Digest::SHA1.hexdigest("--#{Time.now.to_s}--#{login}--") if new_record?
239. self.crypted_password = encrypt(password)
240. end
241.  
242. def password_required?
243. crypted_password.nil? || !password.blank?
244. end
245. end
246. Index: app/controllers/application.rb
247. ===================================================================
248. --- app/controllers/application.rb (revision 1929)
249. app/controllers/application.rb (working copy)
250. @@ -1,22 1,17 @@
251. class ApplicationController < ActionController::Base
252. include AuthenticatedSystem
253. session :session_key => '_beast_session_id'
254.  
255. helper_method :current_user, :logged_in?, :admin?, :last_login
256. - before_filter :login_by_token
257. before_filter :login_from_cookie
258.  
259. protected
260.  
261. def login_required
262. - login_by_token unless logged_in?
263. login_from_cookie unless logged_in?
264. redirect_to login_path unless logged_in? && authorized?
265. end
266.  
267. - def login_by_token
268. - if not logged_in? and cookies[:login_token]
269. - self.current_user=User.find_by_id_and_login_key(*cookies[:login_token].split(";"))
270. - end
271. - end
272. -
273. def authorized?; true; end
274.  
275. # this is used to keep track of the last time a user has been seen (reading a topic)
276. Index: app/controllers/sessions_controller.rb
277. ===================================================================
278. --- app/controllers/sessions_controller.rb (revision 1929)
279. app/controllers/sessions_controller.rb (working copy)
280. @@ -1,10 1,13 @@
281. class SessionsController < ApplicationController
282. # skip_before_filter :update_online
283. def create
284. - self.current_user = User.find_by_login_and_password(params[:login], params[:password])
285. self.current_user = User.authenticate(params[:login], params[:password])
286. if logged_in?
287. flash[:notice] = "Logged in successfully."
288. - cookies[:login_token]={ :value => "#{current_user.id};#{current_user.reset_login_key!}", :expires => Time.now.utc 1.year } if params[:remember_me]=="1"
289. if params[:remember_me] == "1"
290. self.current_user.remember_me
291. cookies[:auth_token] = { :value => self.current_user.remember_token , :expires => self.current_user.remember_token_expires_at }
292. end
293. redirect_to home_path and return
294. end
295. flash.now[:notice] = "Invalid login or password, try again please."
296. @@ -13,7 16,7 @@
297.  
298. def destroy
299. reset_session
300. - cookies.delete :login_token
301. cookies.delete :auth_token
302. flash[:notice] = "You have been logged out."
303. redirect_to home_path
304. end
305. Index: app/views/users/_form.rhtml
306. ===================================================================
307. --- app/views/users/_form.rhtml (revision 1929)
308. app/views/users/_form.rhtml (working copy)
309. @@ -24,4 24,4 @@
310. <p>
311. <label for="user_password_confirmation">Password Confirmation</label><br />
312. <%= form.password_field :password_confirmation %>
313. -</p>
314. \ No newline at end of file
315. </p>
316. Index: db/schema.rb
317. ===================================================================
318. --- db/schema.rb (revision 1929)
319. db/schema.rb (working copy)
320. @@ -2,7 2,7 @@
321. # migrations feature of ActiveRecord to incrementally modify your database, and
322. # then regenerate this schema definition.
323.  
324. -ActiveRecord::Schema.define(:version => 29) do
325. ActiveRecord::Schema.define(:version => 31) do
326.  
327. create_table "forums", :force => true do |t|
328. t.column "name", :string
329. @@ -33,7 33,7 @@
330. t.column "user_id", :integer
331. end
332.  
333. - add_index "sessions", ["session_id"], :name => "sessions_session_id_index"
334. add_index "sessions", ["session_id"], :name => "index_sessions_on_session_id"
335.  
336. create_table "topics", :force => true do |t|
337. t.column "forum_id", :integer
338. @@ -48,23 48,24 @@
339. end
340.  
341. create_table "users", :force => true do |t|
342. - t.column "login", :string
343. - t.column "email", :string
344. - t.column "password", :string
345. - t.column "created_at", :datetime
346. - t.column "last_login_at", :datetime
347. - t.column "admin", :boolean
348. - t.column "posts_count", :integer, :default => 0
349. - t.column "last_seen_at", :datetime
350. - t.column "display_name", :string
351. - t.column "updated_at", :datetime
352. - t.column "aim", :string
353. - t.column "yahoo", :string
354. - t.column "google_talk", :string
355. - t.column "msn", :string
356. - t.column "website", :string
357. - t.column "login_key", :string
358. - t.column "login_key_expires_at", :datetime
359. t.column "login", :string
360. t.column "email", :string
361. t.column "crypted_password", :string
362. t.column "created_at", :datetime
363. t.column "last_login_at", :datetime
364. t.column "admin", :boolean
365. t.column "posts_count", :integer, :default => 0
366. t.column "last_seen_at", :datetime
367. t.column "display_name", :string
368. t.column "updated_at", :datetime
369. t.column "aim", :string
370. t.column "yahoo", :string
371. t.column "google_talk", :string
372. t.column "msn", :string
373. t.column "website", :string
374. t.column "remember_token", :string
375. t.column "remember_token_expires_at", :datetime
376. t.column "salt", :string, :limit => 40
377. end
378.  
379. end
380. Index: db/migrate/031_align_users_with_mephisto.rb
381. ===================================================================
382. --- db/migrate/031_align_users_with_mephisto.rb (revision 0)
383. db/migrate/031_align_users_with_mephisto.rb (revision 0)
384. @@ -0,0 1,15 @@
385. class AlignUsersWithMephisto < ActiveRecord::Migration
386. def self.up
387. rename_column :users, :password, :crypted_password
388. rename_column :users, :login_key, :remember_token
389. rename_column :users, :login_key_expires_at, :remember_token_expires_at
390. add_column :users, :salt, :string, :limit => 40
391. end
392.  
393. def self.down
394. rename_column :users, :crypted_password, :password
395. rename_column :users, :remember_token, :login_key
396. rename_column :users, :remember_token_expires_at, :login_key_expires_at
397. remove_column :users, :salt
398. end
399. end
400. Index: lib/authenticated_system.rb
401. ===================================================================
402. --- lib/authenticated_system.rb (revision 0)
403. lib/authenticated_system.rb (revision 0)
404. @@ -0,0 1,98 @@
405. module AuthenticatedSystem
406. protected
407. def logged_in?
408. (@current_user ||= session[:user_id] ? User.find_by_id(session[:user_id]) : :false).is_a?(User)
409. end
410.  
411. def current_user
412. @current_user if logged_in?
413. end
414.  
415. def current_user=(new_user)
416. session[:user_id] = (new_user.nil? || new_user.is_a?(Symbol)) ? nil : new_user.id
417. @current_user = new_user
418. end
419.  
420. def authorized?
421. true
422. end
423.  
424. def login_required
425. username, passwd = get_auth_data
426. self.current_user ||= User.authenticate(username, passwd) || :false if username && passwd
427. logged_in? && authorized? ? true : access_denied
428. end
429.  
430. def access_denied
431. respond_to do |accepts|
432. accepts.html do
433. store_location
434. redirect_to :controller=>"/account", :action =>"login"
435. end
436. accepts.xml { access_denied_with_basic_auth }
437. end
438. false
439. end
440.  
441. # store current uri in the session.
442. # we can return to this location by calling return_location
443. def store_location
444. session[:return_to] = request.request_uri
445. end
446.  
447. # move to the last store_location call or to the passed default one
448. def redirect_back_or_default(default)
449. session[:return_to] ? redirect_to_url(session[:return_to]) : redirect_to(default)
450. session[:return_to] = nil
451. end
452.  
453. def basic_auth_required
454. unless session[:user_id] = User.authenticate(*get_auth_data)
455. access_denied_with_basic_auth
456. end
457. end
458.  
459. # adds ActionView helper methods
460. def self.included(base)
461. base.send :helper_method, :current_user, :logged_in?
462. end
463.  
464. # When called with before_filter :login_from_cookie will check for an :auth_token
465. # cookie and log the user back in if apropriate
466. def login_from_cookie
467. return unless cookies[:auth_token] && !logged_in?
468. user = User.find_by_remember_token(cookies[:auth_token])
469. if user && user.remember_token?
470. user.remember_me
471. self.current_user = user
472. cookies[:auth_token] = { :value => self.current_user.remember_token , :expires => self.current_user.remember_token_expires_at }
473. flash[:notice] = "Logged in successfully"
474. end
475. end
476.  
477. private
478. def access_denied_with_basic_auth
479. headers["Status"] = "Unauthorized"
480. headers["WWW-Authenticate"] = %(Basic realm="Web Password")
481. render :text => "Could't authenticate you", :status => '401 Unauthorized'
482. end
483.  
484. # gets BASIC auth info
485. def get_auth_data
486. user, pass = '', ''
487. # extract authorisation credentials
488. if request.env.has_key? 'X-HTTP_AUTHORIZATION'
489. # try to get it where mod_rewrite might have put it
490. authdata = request.env['X-HTTP_AUTHORIZATION'].to_s.split
491. elsif request.env.has_key? 'HTTP_AUTHORIZATION'
492. # this is the regular location
493. authdata = request.env['HTTP_AUTHORIZATION'].to_s.split
494. end
495.  
496. # at the moment we only support basic authentication
497. if authdata && authdata[0] == 'Basic'
498. user, pass = Base64.decode64(authdata[1]).split(':')[0..1]
499. end
500. return [user, pass]
501. end
502. end