c_meyer/thingspeak
1
0
Fork 0
Code Issues 3 Pull Requests Packages Projects Releases Wiki Activity

update authentication system to Devise

Browse Source
This commit is contained in:
Lee Lawlor 2014-03-13 19:16:35 -04:00
parent 4c9886612f
commit 774543e678
78 changed files with 1257 additions and 385 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Gemfile
View File

@ -4,7 +4,7 @@ gem 'rails', '4.0.3'
gem 'jquery-rails', '3.0.4'
gem 'rails_autolink'
gem 'mysql2'
gem 'authlogic'
gem 'devise'
gem 'twitter_oauth', git: 'git://github.com/moomerman/twitter_oauth.git'
gem 'therubyracer'
gem 'exception_notification'

17
Gemfile.lock
View File

@ -53,13 +53,13 @@ GEM
rake (>= 0.8.7)
arel (4.0.2)
atomic (1.1.14)
authlogic (3.3.0)
activerecord (>= 3.2)
activesupport (>= 3.2)
autotest (4.4.6)
ZenTest (>= 4.4.1)
autotest-rails (4.2.1)
ZenTest (~> 4.5)
bcrypt (3.1.7)
bcrypt-ruby (3.1.5)
bcrypt (>= 3.1.3)
builder (3.1.4)
capistrano (2.15.4)
highline
@ -78,6 +78,12 @@ GEM
daemons (1.1.9)
dalli (2.7.0)
database_cleaner (1.2.0)
devise (3.2.3)
bcrypt-ruby (~> 3.0)
orm_adapter (~> 0.1)
railties (>= 3.2.6, < 5)
thread_safe (~> 0.1)
warden (~> 1.2.3)
diff-lcs (1.2.5)
dynamic_form (1.1.4)
easy_translate (0.4.0)
@ -157,6 +163,7 @@ GEM
nokogiri (1.6.1)
mini_portile (~> 0.5.0)
oauth (0.4.7)
orm_adapter (0.5.0)
polyglot (0.3.4)
quiet_assets (1.0.2)
railties (>= 3.1, < 5.0)
@ -275,6 +282,8 @@ GEM
json (>= 1.8.0)
vegas (0.1.11)
rack (>= 1.0.0)
warden (1.2.3)
rack (>= 1.0)
webrat (0.7.3)
nokogiri (>= 1.2.0)
rack (>= 1.0)
@ -290,7 +299,6 @@ DEPENDENCIES
acts_as_list
acts_as_tree
annotate (~> 2.6.1)
authlogic
autotest
autotest-rails
capistrano (~> 2.15.4)
@ -298,6 +306,7 @@ DEPENDENCIES
daemons
dalli
database_cleaner (~> 1.2.0)
devise
dynamic_form
exception_notification
factory_girl_rails

13
app/assets/javascripts/custom.js
View File

@ -1,6 +1,19 @@
// when the document is ready
$(document).ready(function() {
// allow flash notices to be dismissed
if ($(".flash").length > 0) {
$(".flash").on("click", function() {
$(this).hide("slow");
});
// hide flash automatically after 15 seconds
setTimeout(function() {
if ($(".flash").length > 0) {
$(".flash").hide("slow");
}
}, 15000);
}
// show form to add a talkback command
$('#talkback_command_add').click(function() {
$(this).hide();

8
app/assets/stylesheets/custom.css
View File

@ -7,6 +7,7 @@
body { padding-top: 70px; }
.break-word { word-break: break-word; }
.col-pad { padding: 0 15px; }
.dismiss { float: right; cursor: pointer; position: relative; top: -12px; left: 7px; }
/* multiline forms */
.form-horizontal .multiline-label { margin-top: -10px; }
@ -229,10 +230,9 @@ input[type="text"].midfield { width: 120px; }
textarea.tweet { margin-top: 0.5em; width: 40em; height: 3em; }
/* error messages */
.errorExplanation { width: 95%; background-color: #ffffe0; display: table; margin-bottom: 20px; padding: 10px; border: 1px solid #aaaaaa; }
#error {
color: red;
}
.errorExplanation,
#error_explanation { padding: 15px; margin-bottom: 20px; border: 1px solid transparent; border-radius: 4px; background-color: #f2dede; border-color: #ebccd1; color: #a94442; }
#error { color: red; }
.field_with_errors { display: inline; }
/*.error_box { margin-top: 15px; padding: 5px; background-color: #f99; color: #300; border: 1px solid #f66; }*/
.warning_box { margin: 15px 0 15px 0; padding: 10px; background-color: #fc3; color: #000; border: 1px solid #f90; }

45
app/controllers/application_controller.rb
View File

@ -1,11 +1,14 @@
class ApplicationController < ActionController::Base
skip_before_filter :verify_authenticity_token
# include all helpers for controllers
helper :all
# include these helper methods for views
helper_method :current_user_session, :current_user, :logged_in?, :is_admin?, :get_header_value, :to_bytes
protect_from_forgery
before_filter :allow_cross_domain_access, :set_variables
before_filter :configure_permitted_parameters, if: :devise_controller?
after_filter :remove_headers
before_filter :authenticate_user_from_token!
# responds with blank
def respond_with_blank
@ -44,6 +47,9 @@ class ApplicationController < ActionController::Base
params[:sum] = '1440' if params[:sum] == 'daily'
end
# change default devise sign_in page
def after_sign_in_path_for(resource); channels_path; end
# get the locale, but don't fail if header value doesn't exist
def get_locale
locale = get_header_value('HTTP_ACCEPT_LANGUAGE')
@ -59,8 +65,30 @@ class ApplicationController < ActionController::Base
return locale
end
protected
def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:login, :email, :password, :password_confirmation, :remember_me) }
devise_parameter_sanitizer.for(:sign_in) { |u| u.permit(:login, :email, :password, :remember_me) }
devise_parameter_sanitizer.for(:account_update) { |u| u.permit(:login, :email, :password, :password_confirmation, :time_zone, :password_current) }
end
private
# authenticates user based on token from users#api_login
def authenticate_user_from_token!
# exit if no login or token
return false if params[:login].blank? || params[:token].blank?
# get the user by login or email
user = User.find_by_login_or_email(params[:login])
# safe compare, avoids timing attacks
if user.present? && Devise.secure_compare(user.authentication_token, params[:token])
sign_in user, store: false
end
end
# remove headers if necessary
def remove_headers
response.headers.delete_if {|key| true} if params[:headers] == 'false'
@ -80,7 +108,7 @@ class ApplicationController < ActionController::Base
# check that user's email address matches admin
def is_admin?
current_user && ADMIN_EMAILS.include?(current_user.email)
current_user.present? && ADMIN_EMAILS.include?(current_user.email)
end
def set_admin_menu
@ -104,16 +132,6 @@ class ApplicationController < ActionController::Base
def set_plugins_menu; @menu = 'plugins'; end
def set_devices_menu; @menu = 'devices'; end
def current_user_session
return @current_user_session if defined?(@current_user_session)
@current_user_session = UserSession.find
end
def current_user
return @current_user if defined?(@current_user)
@current_user = current_user_session && current_user_session.record
end
def require_user
logger.info "Require User"
if current_user.nil?
@ -273,9 +291,6 @@ class ApplicationController < ActionController::Base
# options: days = how many days ago, start = start date, end = end date, offset = timezone offset
def get_date_range(params)
# set timezone correctly
set_time_zone(params)
# allow more past data if necessary
get_old_data = (params[:results].present? || params[:start].present? || params[:days].present?) ? true : false
@ -290,8 +305,6 @@ class ApplicationController < ActionController::Base
return date_range
end
def set_time_zone(params)
# set timezone correctly
if params[:offset]

8
app/controllers/channels_controller.rb
View File

@ -35,20 +35,20 @@ class ChannelsController < ApplicationController
# get channels by ids
if params[:channel_ids].present?
flash[:notice] = t(:selected_channels)
@header = t(:selected_channels)
@channels = Channel.public_viewable.by_array(params[:channel_ids]).order('ranking desc, updated_at DESC').paginate :page => params[:page]
# get channels that match a user
elsif params[:username].present?
flash[:notice] = "#{t(:user).capitalize}: #{params[:username]}"
@header = "#{t(:user).capitalize}: #{params[:username]}"
searched_user = User.find_by_login(params[:username])
@channels = searched_user.channels.public_viewable.active.order('ranking desc, updated_at DESC').paginate :page => params[:page] if searched_user.present?
# get channels that match a tag
elsif params[:tag].present?
flash[:notice] = "#{t(:tag).capitalize}: #{params[:tag]}"
@header = "#{t(:tag).capitalize}: #{params[:tag]}"
@channels = Channel.public_viewable.active.order('ranking desc, updated_at DESC').with_tag(params[:tag]).paginate :page => params[:page]
# normal channel list
else
flash[:notice] = t(:featured_channels)
@header = t(:featured_channels)
respond_with_error(:error_resource_not_found) and return if params[:page] == '0'
@channels = Channel.public_viewable.active.order('ranking desc, updated_at DESC').paginate :page => params[:page]
end

3
app/controllers/comments_controller.rb
View File

@ -16,7 +16,7 @@ class CommentsController < ApplicationController
@comment.body = params[:comment][:body].gsub(/<\/?[^>]*>/, '').gsub(/\n/, '<br />')
# save comment
if @comment.save
flash[:success] = "Thanks for adding a comment!"
flash[:notice] = "Thanks for adding a comment!"
else
flash[:error] = "Comment can't be blank!"
end
@ -45,3 +45,4 @@ class CommentsController < ApplicationController
redirect_to :back
end
end

22
app/controllers/registrations_controller.rb Normal file
View File

@ -0,0 +1,22 @@
class RegistrationsController < Devise::RegistrationsController
include KeyUtilities
after_filter :add_api_key, :only => :create
# use defaults from devise
def new; super; end
def new; super; end
def create; super; end
private
# adds an api key to the new user
def add_api_key
@user = current_user
if @user.present?
@user.api_key = generate_api_key(16, 'user')
@user.save
end
end
end

32
app/controllers/sessions_controller.rb Normal file
View File

@ -0,0 +1,32 @@
class SessionsController < Devise::SessionsController
after_filter :log_failed_login, :only => :new
# don't modify default devise controllers
def create; super; end
def new; super; end
private
# logs failed login attempts
def log_failed_login
if failed_login?
# log to failedlogins
failed = Failedlogin.new
failed.login = params['user']['login']
failed.password = params['user']['password']
failed.ip_address = get_header_value('X_REAL_IP')
failed.save
# prevent timing and brute force password attacks
sleep 1
end
end
# true if a login fails
def failed_login?
options = env["warden.options"]
return (options.present? && options[:action] == "unauthenticated")
end
end

55
app/controllers/user_sessions_controller.rb
View File

@ -1,55 +0,0 @@
class UserSessionsController < ApplicationController
before_filter :require_no_user, :only => [:new, :create]
before_filter :require_user, :only => :destroy
def new
@title = t(:signin)
@user_session = UserSession.new
@mail_message = session[:mail_message] if !session[:mail_message].nil?
end
def show
redirect_to root_path
end
def create
if params[:userlogin].length > 0
render :text => ''
else
@user_session = UserSession.new(params[:user_session])
# remember user_id if checkbox is checked
if params[:user_session][:remember_id] == '1'
cookies['user_id'] = { :value => params[:user_session][:login], :expires => 1.month.from_now }
else
cookies.delete 'user_id'
end
if @user_session.save
# if link_back, redirect back
redirect_to session[:link_back] and return if session[:link_back]
redirect_to channels_path and return
else
# log to failedlogins
failed = Failedlogin.new
failed.login = params[:user_session][:login]
failed.password = params[:user_session][:password]
failed.ip_address = get_header_value('X_REAL_IP')
failed.save
# prevent timing and brute force password attacks
sleep 1
@failed = true
render :action => :new
end
end
end
def destroy
session[:link_back] = nil
current_user_session.destroy
reset_session
redirect_to root_path
end
end

95
app/controllers/users_controller.rb
View File

@ -1,7 +1,27 @@
class UsersController < ApplicationController
include KeyUtilities
before_filter :require_no_user, :only => [:new, :create, :forgot_password]
before_filter :require_user, :only => [:show, :edit, :update, :change_password, :edit_profile]
skip_before_filter :verify_authenticity_token, :only => [:api_login]
before_filter :require_user, :only => [:show, :edit, :update, :edit_profile]
# allow login via api
def api_login
# get the user by login or email
user = User.find_by_login_or_email(params[:login])
# exit if no user or invalid password
respond_with_error(:error_auth_required) and return if user.blank? || !user.valid_password?(params[:password])
# save new authentication token
user.authentication_token = Devise.friendly_token
user.save
# output the user with token
respond_to do |format|
format.json { render :json => user.as_json(User.private_options_plus(:authentication_token)) }
format.xml { render :xml => user.to_xml(User.private_options_plus(:authentication_token)) }
format.any { render :text => user.authentication_token }
end
end
# generates a new api key
def new_api_key
@ -34,8 +54,8 @@ class UsersController < ApplicationController
# if a json or xml request
if request.format == :json || request.format == :xml
# authenticate the user if api key matches the target user
authenticated = (User.find_by_api_key(get_apikey) == @user)
# authenticate the user if the user is logged in (can be via token) or api key matches the target user
authenticated = (current_user == @user) || (User.find_by_api_key(get_apikey) == @user)
# set options correctly
options = authenticated ? User.private_options : User.public_options(@user)
end
@ -75,27 +95,6 @@ class UsersController < ApplicationController
end
end
def new
@title = t(:signup)
@user = User.new
end
def create
@user = User.new(user_params)
@user.api_key = generate_api_key(16, 'user')
# save user
if @user.valid?
if @user.save
redirect_back_or_default channels_path and return
end
else
render :action => :new
end
end
def show
@menu = 'account'
@user = @current_user
@ -106,48 +105,18 @@ class UsersController < ApplicationController
@user = @current_user
end
# displays forgot password page
def forgot_password
@user = User.new
end
# this action is called from an email link when a password reset is requested
def reset_password
# if user has been logged in (due to previous form submission)
if !current_user.nil?
@user = current_user
@user.errors.add(:base, t(:password_problem))
@valid_link = true
else
@user = User.find_by_id(params[:id])
# make sure tokens match and password reset is within last 10 minutes
if @user.perishable_token == params[:token] && @user.updated_at > 600.seconds.ago
@valid_link = true
# log the user in
@user_session = UserSession.new(@user)
@user_session.save
end
end
end
# do the actual password change
def change_password
@user = current_user
# if no password entered, redirect
redirect_to reset_password_path and return if params[:user][:password].empty?
# check current password and update
if @user.update_attributes(user_params)
redirect_to account_path
else
redirect_to reset_password_path
end
end
def update
@menu = 'account'
@user = @current_user # makes our views "cleaner" and more consistent
# delete password and confirmation from params if not present
params[:user].delete(:password) if params[:user][:password].blank?
# check current password and update
if @user.valid_password?(params[:password_current]) && @user.update_attributes(user_params)
if @user.valid_password?(params[:user][:password_current]) && @user.update_attributes(user_params)
# sign the user back in, since devise will log the user out on update
sign_in(current_user, :bypass => true)
flash[:notice] = t('devise.registrations.updated')
redirect_to account_path
else
@user.errors.add(:base, t(:password_incorrect))

7
app/models/channel.rb
View File

@ -81,6 +81,13 @@ class Channel < ActiveRecord::Base
cattr_reader :per_page
@@per_page = 15
# how often the channel is updated
def update_rate
last_feeds = self.feeds.order('entry_id desc').limit(2)
rate = (last_feeds.first.created_at - last_feeds.last.created_at) if last_feeds.length == 2
return rate
end
# write key for a channel
def write_api_key
self.api_keys.where(:write_flag => true).first.api_key

82
app/models/user.rb
View File

@ -2,24 +2,27 @@
#
# Table name: users
#
# id :integer not null, primary key
# login :string(255) not null
# email :string(255) not null
# crypted_password :string(255) not null
# password_salt :string(255) not null
# persistence_token :string(255) not null
# perishable_token :string(255) not null
# current_login_at :datetime
# last_login_at :datetime
# current_login_ip :string(255)
# last_login_ip :string(255)
# created_at :datetime
# updated_at :datetime
# time_zone :string(255)
# public_flag :boolean default(FALSE)
# bio :text
# website :string(255)
# api_key :string(16)
# id :integer not null, primary key
# login :string(255) not null
# email :string(255) not null
# encrypted_password :string(255) not null
# password_salt :string(255)
# current_sign_in_at :datetime
# last_sign_in_at :datetime
# current_sign_in_ip :string(255)
# last_sign_in_ip :string(255)
# created_at :datetime
# updated_at :datetime
# time_zone :string(255)
# public_flag :boolean default(FALSE)
# bio :text
# website :string(255)
# api_key :string(16)
# reset_password_token :string(255)
# reset_password_sent_at :datetime
# remember_created_at :datetime
# sign_in_count :integer default(0), not null
# authentication_token :string(255)
#
####### NOTE #######
@ -28,6 +31,7 @@
####################
class User < ActiveRecord::Base
include KeyUtilities
devise :database_authenticatable, :registerable, :recoverable, :rememberable, :trackable, :validatable
has_many :channels
has_many :twitter_accounts, :dependent => :destroy
has_many :thinghttps, :dependent => :destroy
@ -42,14 +46,45 @@ class User < ActiveRecord::Base
has_many :watched_channels, :through => :watchings, :source => :channel
has_many :comments
acts_as_authentic
self.include_root_in_json = false
# pagination variables
cattr_reader :per_page
@@per_page = 50
# allow login by login name also
def self.find_first_by_auth_conditions(warden_conditions)
conditions = warden_conditions.dup
if login_param = conditions.delete(:login)
where(conditions).where(["lower(login) = :value OR lower(email) = :value", { :value => login_param.downcase }]).first
else
where(conditions).first
end
end
# allow users to sign in with passwords from old authlogic authentication
alias :devise_valid_password? :valid_password?
def valid_password?(password)
begin
devise_valid_password?(password)
rescue BCrypt::Errors::InvalidHash
stretches = 20
digest = "#{password}#{self.password_salt}"
stretches.times {digest = Digest::SHA512.hexdigest(digest)}
if digest == self.encrypted_password
#Here update old Authlogic SHA512 Password with new Devise ByCrypt password
# SOURCE: https://github.com/plataformatec/devise/blob/master/lib/devise/models/database_authenticatable.rb
# Digests the password using bcrypt.
self.encrypted_password = self.password_digest(password)
self.save
return true
else
# If not BCryt password and not old Authlogic SHA512 password don't authenticate user
return false
end
end
end
# find a user using login or email
def self.find_by_login_or_email(login)
User.find_by_login(login) || User.find_by_email(login)
@ -81,6 +116,12 @@ class User < ActiveRecord::Base
{ :only => [:id, :login, :created_at, :email, :website, :bio] }
end
# add an extra attribute to private_options
def self.private_options_plus(array)
{ :only => User.private_options[:only].push(array).flatten }
end
# set new api key
def set_new_api_key!
new_api_key = generate_api_key(16, 'user')
@ -90,4 +131,3 @@ class User < ActiveRecord::Base
end

12
app/views/api_keys/_index.html.erb
View File

@ -1,11 +1,11 @@
<div class="FL">
<h3><%= t(:api_key_write) %></h3>
<%= @write_key %>
<br /><br />
<br><br>
<%= button_to t(:api_key_write_new), channel_api_keys_path(@channel, :write => 1), :data => { :confirm => t(:confirm_new_api_key) } %>
<br /><br />
<br><br>
<h3><%= t(:api_key_read) %></h3>
<% @read_keys.each do |read_key| %>
@ -29,12 +29,12 @@
<%= button_to t(:api_key_delete), channel_api_key_path(@channel, read_key), :method => 'delete', :data => { :confirm => t(:confirm_read_key_delete) } %></td>
</tr>
</table>
<br /><br />
<br><br>
<% end %>
<%= button_to t(:api_key_read_new), channel_api_keys_path(@channel, :write => 0) %>
<br />
<br>
</div>
<div id="sidebar_old">
<ul>
@ -42,9 +42,9 @@
<div class="helplink">(<a target="_blank" href="/docs/channels#api_keys"><%= t(:help_options) %></a>)</div>
<h2><%= t(:help) %></h2>
<%= t(:help_channel_write_key) %>
<br /><br />
<br><br>
<%= t(:help_channel_read_key) %>
<br /><br />
<br><br>
<%= t(:help_channel_read_key_note) %>
</li>
</ul>

12
app/views/apps/index.html.erb
View File

@ -8,7 +8,7 @@
<div class="apps">
<%= link_to thingtweets_path do %>
<%= image_tag 'thingtweet.png', :size => '104x104' %>
<br />
<br>
<%= t(:thingtweet) %>
<% end %>
</div>
@ -16,7 +16,7 @@
<div class="apps">
<%= link_to thinghttp_index_path do %>
<%= image_tag 'thinghttp.png', :size => '104x104' %>
<br />
<br>
<%= t(:thinghttp) %>
<% end %>
</div>
@ -24,7 +24,7 @@
<div class="apps">
<%= link_to tweetcontrol_index_path do %>
<%= image_tag 'tweetcontrol.png', :size => '104x104' %>
<br />
<br>
<%= t(:tweetcontrol) %>
<% end %>
</div>
@ -32,7 +32,7 @@
<div class="apps">
<%= link_to reacts_path do %>
<%= image_tag 'react.png', :size => '104x104' %>
<br />
<br>
<%= t(:react) %>
<% end %>
</div>
@ -40,7 +40,7 @@
<div class="apps">
<%= link_to talkbacks_path do %>
<%= image_tag 'talkback.png', :size => '104x104' %>
<br />
<br>
<%= t(:talkback) %>
<% end %>
</div>
@ -49,7 +49,7 @@
<div class="apps">
<%= link_to scheduled_thinghttps_path do %>
<%= image_tag 'scheduled_thinghttp.png', :size => '104x104' %>
<br />
<br>
<%= t(:scheduled_thinghttp) %>
<% end %>
</div>

23
app/views/channels/_edit.html.erb
View File

@ -1,10 +1,5 @@
<div class="FL">
<% flash.each do |name, msg| %>
<div id="<%= name %>" class="fade" >
<p><%= msg %></p>
<div class="clear"></div>
</div>
<% end %>
<%= form_for @channel, :html => {:method => 'put'} do |c| %>
<% unless session[:errors].nil?
session[:errors].each do |attr, msg|
@ -109,12 +104,12 @@
</table>
<% end %>
<br /><br />
<br><br>
<h4><%= t(:channel_clear_message) %></h4>
<%= button_to t(:channel_clear), { :controller => 'channels', :action => 'clear', :id => @channel.id }, :data => { :confirm => t(:confirm_channel_clear) } %>
<br /><br />
<br><br>
<h4><%= t(:channel_delete_message) %></h4>
<%= button_to t(:channel_delete), channel_path(@channel.id), :method => 'delete', :data => { :confirm => t(:confirm_channel_delete) } %>
@ -124,17 +119,17 @@
<li>
<h2><%= t(:help) %></h2>
<%= t(:help_channel_public) %>
<br /><br />
<br><br>
<%= t(:help_channel_url) %>
<br /><br />
<br><br>
<%= t(:help_channel_video) %>
<br /><br />
<br><br>
<%= t(:help_channel_fields) %>
<br /><br />
<br><br>
<%= t(:help_channel_clear) %>
<br /><br />
<br><br>
<%= t(:help_channel_ranking) %>
<br /><br />
<br><br>
</li>
</ul>
</div>

19
app/views/channels/_import.html.erb
View File

@ -1,18 +1,13 @@
<div class="FL">
<%= t(:upload_select) %>
<br /><br />
<% flash.each do |name, msg| %>
<div id="<%= name %>" class="fade" >
<p><%= msg %></p>
<div class="clear"></div>
</div>
<% end %>
<br>
<%= form_for :upload, :url => upload_channel_path(@channel), :html => { :multipart => true } do |f| %>
<%= f.file_field :csv %>
<br /><br />
<br><br>
<%= t(:time_zone) %>
<%= time_zone_select 'feed', 'time_zone', nil, :default => 'UTC' %>
<br /><br />
<br><br>
<%= f.submit t(:upload), :disable_with => t(:uploading) %>
<% end %>
@ -28,14 +23,14 @@
<div class="code"><%= "#{@api_domain}update" %></div>
<%= t(:help_channel_post_example) %>
<div class="code"><%= "#{@api_domain}update?key=#{@key}&field1=0" %></div>
<br /><br />
<br><br>
<div class="helplink">(<a target="_blank" href="/docs/channels#get_feed"><%= t(:help_options) %></a>)</div>
<h2><%= t(:help_channel_feed) %></h2>
<%= t(:help_channel_view) %>
<br />
<br>
<div class="code"><%= link_to "#{@api_domain}channels/#{@channel.id}/feed.json?key=#{@key}", "#{@api_domain}channels/#{@channel.id}/feed.json?key=#{@key}", :target => '_blank' %></div>
<br />
<br>
</li>

4
app/views/channels/_public_show.html.erb
View File

@ -18,7 +18,7 @@
<%= f.error_messages %>
<input name='userlogin' class='userlogin' />
<%= f.text_area :body, :rows => 7, :cols => 54 %>
<br />
<br>
<%= submit_tag %>
<% end %>
</div>
@ -56,7 +56,7 @@ function commentflag(m_id, user_id)
type: 'POST',
data: {user_id : user_id},
success: function(data) {
$('#commentflag' + m_id).parent().parent().append("<span id='votemsg" + m_id + "'><br /><br /><%= t(:comment_reported) %></span>");
$('#commentflag' + m_id).parent().parent().append("<span id='votemsg" + m_id + "'><br><br><%= t(:comment_reported) %></span>");
$('#imgflag' + m_id).attr('src', '/images/flag_red.gif');
$('#flaglink' + m_id).removeAttr('onclick');
$('#flaglink' + m_id).unbind('mouseenter mouseleave');

8
app/views/channels/index.html.erb
View File

@ -32,7 +32,7 @@
</table>
<br />
<br>
<% end %>
@ -43,16 +43,16 @@
<% if is_admin? %>
<br /><br /><br />
<br><br><br>
<% @channels.each do |c| %>
<% if c.social %>
<%= t(:social_channel) %>: <%= link_to c.name, (Rails.env == 'production') ? "http://www.socialsensornetwork.com/#{c.slug}" : "/s/#{c.slug}" %>
<br />
<br>
<% end %>
<% end %>
<br />
<br>
<%= link_to t(:social_channel_create), :controller => 'channels', :action => 'social_new' %>
<% end %>

4
app/views/channels/public.html.erb
View File

@ -1,9 +1,9 @@
<div class="row">
<div class="col-xs-12 col-sm-9">
<h4 class="breadcrumb"><%= flash[:notice] %></h4>
<h4 class="breadcrumb"><%= @header %></h4>
<%= render :partial => 'list' %>
<br />
<br>
<%= will_paginate @channels %>
</div>

4
app/views/channels/social_new.html.erb
View File

@ -76,9 +76,9 @@
<li>
<h2><%= t(:help) %></h2>
<%= t(:help_social_channel) %>
<br /><br />
<br><br>
<div class="code">http://www.socialsensornetwork.com/<b>slug</b></div>
<br />
<br>
<%= t(:help_social_channel_public) %>
</li>
</ul>

8
app/views/channels/social_show.html.erb
View File

@ -93,7 +93,7 @@
<% if !@channel.description.blank? %>
<div class="default_text"><%= t(:channel_directions) %>: <%= @channel.description %></div>
<br />
<br>
<% end %>
<%= form_tag "#{@post_url}" do %>
@ -122,19 +122,19 @@
</table>
<% end %>
<br /><br />
<br><br>
<div style="float: left; width: 600px;">
<iframe width="600" height="300" frameborder="0" scrolling="no" style="border: 1px solid #cccccc;" src="<%= @api_domain %>channels/<%= @channel.id %>/maps/default?width=600&height=300&results=100&round=2&status=true&dynamic=true"></iframe>
<% @fields.each do |f| %>
<br /><br />
<br><br>
<iframe width="600" height="300" frameborder="0" style="border: 1px solid #cccccc;" src="<%= @api_domain %>channels/<%= @channel.id %>/charts/<%= f[-1] %>?width=600&height=300&results=100&round=2&color=C46353&location=true&dynamic=true&push=false&max=20000&min=-20000"></iframe>
<% end %>
<div id="footer">
<br /><br />
<br><br>
&copy;2011 Social Sensor Network - Powered by <a href="https://www.thingspeak.com/">ThingSpeak</a>
</div>

2
app/views/channels/watched.html.erb
View File

@ -5,7 +5,7 @@
<% if @channels.empty? %>
<%= t(:watched_empty) %>
<br /><br />
<br><br>
<%= link_to t(:watched_find), public_channels_path %>
<% else %>
<%= render :partial => 'list' %>

6
app/views/charts/_display.html.erb
View File

@ -2,10 +2,10 @@
<iframe id="iframe<%= index %>" width="<%= width %>" height="<%= height %>" style="border: 1px solid #cccccc;" src="" default_src="<%= src %>"></iframe>
<br /><br />
<br><br>
<%= t(:chart_embed_code) %>:
<br />
<br>
<textarea id="embed<%= index %>" rows="5" cols="53">&lt;iframe width="<%= width %>" height="<%= height %>" style="border: 1px solid #cccccc;" src="<%= src %>">&lt;/iframe></textarea>
<br /><br /><br />
<br><br><br>

4
app/views/charts/index.html.erb
View File

@ -46,9 +46,9 @@
<div class="helplink">(<a href="/docs/charts"><%= t(:help_options) %></a>)</div>
<h2><%= t(:help_charts) %></h2>
<%= t(:help_charts_options) %>
<br /><br />
<br><br>
<%= t(:help_charts_embed) %>
<br /><br />
<br><br>
&bull; <a href="http://community.thingspeak.com/tutorials/wordpress/how-to-embed-a-thingspeak-chart-on-your-wordpress-blog/">WordPress Tutorial</a>
</li>
</ul>

4
app/views/comments/_comment.html.erb
View File

@ -13,7 +13,7 @@
<% end %>
<span class="username"><%= link_to User.find(comment.user_id).login, list_channels_path(User.find(comment.user_id).login) %></span>
<span class="prettydate"><%= time_ago_in_words(comment.created_at) %> <%= t(:ago) %></span>
<br />
<br>
<div>
<%= auto_link_urls(comment.body) %>
</div>
@ -32,7 +32,7 @@
<input name='userlogin' class='userlogin' />
<%= hidden_field_tag :parent_id, comment.id %>
<%= f.text_area :body, :value => '', :class => 'commentarea' %>
<br />
<br>
<%= submit_tag %>
<% end %>
</div>

13
app/views/devise/confirmations/new.html.erb Normal file
View File

@ -0,0 +1,13 @@
<h2>Resend confirmation instructions</h2>
<%= form_for(resource, :as => resource_name, :url => confirmation_path(resource_name), :html => { :method => :post }) do |f| %>
<%= devise_error_messages! %>
<div><%= f.label :login %><br>
<%= f.text_field :login, :autofocus => true %></div>
<div><%= f.submit "Resend confirmation instructions" %></div>
<% end %>
<%= render "devise/shared/links" %>

5
app/views/devise/mailer/confirmation_instructions.html.erb Normal file
View File

@ -0,0 +1,5 @@
<p>Welcome <%= @email %>!</p>
<p>You can confirm your account email through the link below:</p>
<p><%= link_to 'Confirm my account', confirmation_url(@resource, :confirmation_token => @token) %></p>

8
app/views/devise/mailer/reset_password_instructions.html.erb Normal file
View File

@ -0,0 +1,8 @@
<p>Hello <%= @resource.email %>!</p>
<p>Someone has requested a link to change your password. You can do this through the link below.</p>
<p><%= link_to 'Change my password', edit_password_url(@resource, :reset_password_token => @token) %></p>
<p>If you didn't request this, please ignore this email.</p>
<p>Your password won't change until you access the link above and create a new one.</p>

7
app/views/devise/mailer/unlock_instructions.html.erb Normal file
View File

@ -0,0 +1,7 @@
<p>Hello <%= @resource.email %>!</p>
<p>Your account has been locked due to an excessive number of unsuccessful sign in attempts.</p>
<p>Click the link below to unlock your account:</p>
<p><%= link_to 'Unlock my account', unlock_url(@resource, :unlock_token => @token) %></p>

28
app/views/devise/passwords/edit.html.erb Normal file
View File

@ -0,0 +1,28 @@
<div class="row">
<div class="col-sm-6 col-xs-12">
<h4 class="breadcrumb"><%= t(:password_new) %></h4>
<%= form_for(resource, :as => resource_name, :url => password_path(resource_name), :html => { :method => :put, :class => 'form-horizontal' }) do |f| %>
<%= devise_error_messages! %>
<%= f.hidden_field :reset_password_token %>
<div class="form-group">
<label class="col-sm-4 col-xs-3 control-label"><%= t(:password) %></label>
<div class="col-sm-8 col-xs-6"><%= f.password_field :password, :autofocus => true, :class => 'form-control' %></div>
</div>
<div class="form-group">
<label class="col-sm-4 col-xs-3 control-label"><%= t(:password_confirmation) %></label>
<div class="col-sm-8 col-xs-6"><%= f.password_field :password_confirmation, :class => 'form-control' %></div>
</div>
<div class="form-group">
<label class="col-sm-4 control-label"></label>
<div class="col-sm-8"><p class="form-control-static"><%= f.submit t(:password_change), :class => 'btn btn-primary' %></p></div>
</div>
<% end %>
</div>
</div>

35
app/views/devise/passwords/new.html.erb Normal file
View File

@ -0,0 +1,35 @@
<div class="col-sm-7 col-xs-12">
<h4 class="breadcrumb"><%= t(:password_forgot) %></h4>
<div class="col-pad">
<%= t(:password_forgot_message) %>
<br><br>
<%= form_for(resource, :as => resource_name, :url => password_path(resource_name), :html => { :method => :post, :class => 'form-horizontal' }) do |f| %>
<%= devise_error_messages! %>
<input name='userlogin' class='userlogin' />
<div class="form-group">
<label class="col-sm-3 col-xs-3 control-label"><%= t(:email) %></label>
<div class="col-sm-9 col-xs-9"><%= f.text_field :login, :class => 'form-control' %></div>
</div>
<div class="form-group">
<div class="col-sm-offset-3 col-sm-9 col-xs-offset-3 col-xs-9"><p class="form-control-static"><%= f.submit t(:submit), :class => 'btn btn-primary' %></p></div>
</div>
<% end %>
</div>
</div>
<script type="text/javascript">
document.getElementById('user_login').focus();
</script>

30
app/views/devise/registrations/edit.html.erb Normal file
View File

@ -0,0 +1,30 @@
<h2>Edit <%= resource_name.to_s.humanize %></h2>
<%= form_for(resource, :as => resource_name, :url => registration_path(resource_name), :html => { :method => :put }) do |f| %>
<%= devise_error_messages! %>
<div><%= f.label :login %><br>
<%= f.text_field :login, :autofocus => true %></div>
<% if devise_mapping.confirmable? && resource.pending_reconfirmation? %>
<div>Currently waiting confirmation for: <%= resource.unconfirmed_email %></div>
<% end %>
<div><%= f.label :password %> <i>(leave blank if you don't want to change it)</i><br>
<%= f.password_field :password, :autocomplete => "off" %></div>
<div><%= f.label :password_confirmation %><br>
<%= f.password_field :password_confirmation %></div>
<div><%= f.label :current_password %> <i>(we need your current password to confirm your changes)</i><br>
<%= f.password_field :current_password %></div>
<div><%= f.submit "Update" %></div>
<% end %>
<h3>Cancel my account</h3>
<p>Unhappy? <%= button_to "Cancel my account", registration_path(resource_name), :data => { :confirm => "Are you sure?" }, :method => :delete %></p>
<%= link_to "Back", :back %>

51
app/views/devise/registrations/new.html.erb Normal file
View File

@ -0,0 +1,51 @@
<div class="row">
<div class="col-sm-8 col-xs-12">
<h4 class="breadcrumb"><%= t(:signup_header) %></h4>
<%= form_for(resource, :as => resource_name, :url => registration_path(resource_name), :html => {:class => 'form-horizontal'}) do |f| %>
<%= devise_error_messages! %>
<input name='userlogin' class='userlogin' />
<div class="form-group">
<label class="col-sm-4 col-xs-3 control-label"><%= t(:userid) %></label>
<div class="col-sm-8 col-xs-6"><%= f.text_field :login, :class => 'form-control' %></div>
</div>
<div class="form-group">
<label class="col-sm-4 col-xs-3 control-label"><%= t(:email) %></label>
<div class="col-sm-8 col-xs-6"><%= f.text_field :email, :class => 'form-control' %></div>
</div>
<div class="form-group">
<label class="col-sm-4 col-xs-3 control-label"><%= t(:time_zone) %></label>
<div class="col-sm-8 col-xs-8">
<p class="form-control-static">
<%= time_zone_select 'user', 'time_zone', nil, {:default => 'Eastern Time (US & Canada)'}, {:class => 'form-control'} %>
</p>
</div>
</div>
<div class="form-group">
<label class="col-sm-4 col-xs-3 control-label"><%= t(:password) %></label>
<div class="col-sm-8 col-xs-6"><%= f.password_field :password, :class => 'form-control' %></div>
</div>
<div class="form-group">
<label class="col-sm-4 col-xs-3 control-label"><%= t(:password_confirmation) %></label>
<div class="col-sm-8 col-xs-6"><%= f.password_field :password_confirmation, :class => 'form-control' %></div>
</div>
<div class="form-group">
<label class="col-sm-4 control-label"></label>
<div class="col-sm-8"><p class="form-control-static"><%= f.submit t(:create_account), :id => "user_submit", :class => 'btn btn-primary' %></p></div>
</div>
<% end %>
</div>
</div>
<script type="text/javascript">
document.getElementById('user_login').focus();
</script>

57
app/views/devise/sessions/new.html.erb Normal file
View File

@ -0,0 +1,57 @@
<div class="row">
<div class="col-sm-6 col-xs-12">
<h4 class="breadcrumb">
<% if @failed %>
<%= t(:signin_failure) %>
<% else %>
<%= t(:signin_please) %>
<% end %>
</h4>
<% if @failed %><%= t(:signin_try_again) %><br><br><% end %>
<% if @mail_message.present? %><%= @mail_message %><br><br><% end %>
<%= form_for(resource, :as => resource_name, :url => session_path(resource_name), :html => { :id => 'loginform', :class => 'form-horizontal' }) do |f| %>
<input name='userlogin' class='userlogin' />
<div class="form-group">
<label class="col-sm-4 col-xs-3 control-label"><%= t(:userid) %></label>
<div class="col-sm-8 col-xs-9"><%= f.text_field :login, :value => cookies['user_id'], :class => 'form-control' %></div>
</div>
<div class="form-group">
<label class="col-sm-4 col-xs-3 control-label"><%= t(:password) %></label>
<div class="col-sm-8 col-xs-9">
<%= f.password_field :password, :class => 'form-control' %>
<%= link_to t(:forgot), new_user_password_path, :id => 'forgot_password' %>
</div>
</div>
<div class="form-group">
<div class="col-sm-offset-4 col-sm-8 col-xs-offset-3 col-xs-9">
<div class="checkbox">
<label>
<%= f.check_box :remember_me, :checked => true %>
<%= t(:remember_me) %>
</label>
</div>
</div>
</div>
<div class="form-group">
<div class="col-sm-offset-4 col-sm-8 col-xs-offset-3 col-xs-9"><p class="form-control-static"><%= f.submit t(:signin), :class => 'btn btn-primary' %></p></div>
</div>
<% end %>
</div>
</div>
<script type="text/javascript">
var login = document.getElementById('user_login');
if (login.value.length == 0)
login.focus();
else
document.getElementById('user_password').focus();
</script>

12
app/views/devise/shared/_links.erb Normal file
View File

@ -0,0 +1,12 @@
<%- if controller_name != 'sessions' %>
<%= link_to t(:signin), new_session_path(resource_name) %><br>
<% end -%>
<%- if devise_mapping.registerable? && controller_name != 'registrations' %>
<%= link_to t(:signup), new_registration_path(resource_name) %><br>
<% end -%>
<%- if devise_mapping.recoverable? && controller_name != 'passwords' && controller_name != 'registrations' %>
<%= link_to t(:password_forgot), new_password_path(resource_name) %><br>
<% end -%>

12
app/views/devise/unlocks/new.html.erb Normal file
View File

@ -0,0 +1,12 @@
<h2>Resend unlock instructions</h2>
<%= form_for(resource, :as => resource_name, :url => unlock_path(resource_name), :html => { :method => :post }) do |f| %>
<%= devise_error_messages! %>
<div><%= f.label :email %><br>
<%= f.email_field :email, :autofocus => true %></div>
<div><%= f.submit "Resend unlock instructions" %></div>
<% end %>
<%= render "devise/shared/links" %>

2
app/views/layouts/_header.html.erb
View File

@ -58,7 +58,7 @@
<li><%= link_to t(:signout), logout_path %></li>
<% else %>
<li><%= link_to t(:signin), login_path %></li>
<li><%= link_to t(:signup), new_account_path %></li>
<li><%= link_to t(:signup), new_user_registration_path %></li>
<% end %>
</ul>

6
app/views/layouts/application.html.erb
View File

@ -23,6 +23,12 @@
<div id="wrap">
<%= render 'layouts/header' %>
<div class="container">
<% if notice.present? %>
<p class="flash alert alert-success"><%= notice %><span class="dismiss">X</span></p>
<% end %>
<% if alert.present? %>
<p class="flash alert alert-danger"><%= alert %><span class="dismiss">X</span></p>
<% end %>
<%= yield %>
</div>
</div>

6
app/views/mailer/password_reset.html.erb
View File

@ -6,11 +6,11 @@
<body>
<p>
<%= t(:password_reset_message1) %>
<br />
<br>
<%= t(:password_reset_message2) %>
<br />
<br>
<%= t(:password_reset_message3) %>
<br /><br />
<br><br>
<a href="<%= @webpage %>"><%= @webpage %></a>
</p>
</body>

2
app/views/pages/export.html.erb
View File

@ -111,6 +111,6 @@
</script>
<br />
<br>
<div id="chart-container" style="width: 500px; height: 260px; padding-left: 20px; float: left;"></div>

3
app/views/pages/headers.html.erb
View File

@ -1,7 +1,8 @@
<table border="1">
<% for header in request.env.select {|k,v| k.match("^HTTP.*")} %>
<tr>
<td><%=header[0].split('_',2)[1]%></td><td><%=header[1]%></td>
<td><%=header[0].split('_',2)[1]%></td><td><%=header[1]%></td>
</tr>
<% end %>
</table>

10
app/views/pages/social_home.html.erb
View File

@ -87,10 +87,10 @@
<img src='<%= "#{@api_domain}images/social_sensor_network_main.png "%>' width='600' height='415' border='0' />
<% end %>
<h2>the social sensor network is forming.</h2>
<h3>We have one thing in common. At almost all times we are connected to the web.<br />
<h3>We have one thing in common. At almost all times we are connected to the web.<br>
The Social Sensor Network allows everyone to report and share data in an open and meaningful way.</h3>
<br />
<br>
<form method=post action="https://app.icontact.com/icp/signup.php" name="icpsignup" id="icpsignup2312" accept-charset="UTF-8" onsubmit="return verifyRequired2312();" >
<input type=hidden name=redirect value="http://www.socialsensornetwork.com?invite=success" />
@ -128,12 +128,12 @@
}
</script>
<br />
<br />
<br>
<br>
<span id="demo_text">demo channels</span>
<br />
<br>
<span id="demo"><a href="http://www.socialsensornetwork.com/irs-refund">IRS Refunds</a></span>
<span id="demo"><a href="http://www.socialsensornetwork.com/online-poker">Frozen Online Poker Money</a></span>

4
app/views/pipes/index.html.erb
View File

@ -1,7 +1,7 @@
<h2>Pipes</h2>
<%= link_to 'New Pipe', new_pipe_path %>
<br /><br />
<br><br>
<table class="nicetable">
<tr class="header"><td>ID</td><td>Name</td><td>Slug</td><td>URL</td><td>Date</td></tr>
@ -15,5 +15,5 @@
</tr>
<% end %>
</table>
<br />
<br>
<%= will_paginate @pipes %>

2
app/views/plugins/edit.html.erb
View File

@ -48,7 +48,7 @@
<% end %>
<br /><br />
<br><br>
<h3><%= t(:plugin_delete_message) %></h3>
<%= button_to t(:plugin_delete), plugin_path(@plugin.id), :method => 'delete', :data => { :confirm => t(:confirm_plugin_delete) }, :class => 'btn btn-danger' %>

2
app/views/plugins/index.html.erb
View File

@ -23,7 +23,7 @@
</table>
<br /><br />
<br><br>
<% end %>
<%= form_for :plugin do |p| %>

6
app/views/status/_recent.html.erb
View File

@ -8,8 +8,8 @@
<body>
<div class="recent_status">
<% @statuses.each do |r| %>
<div ><span class="status_messages" id="<%= r.entry_id %>"><%= r.status %><br /><abbr class="timeago" title="<%= r.created_at %>"><%= r.created_at %></abbr></div>
<br />
<div ><span class="status_messages" id="<%= r.entry_id %>"><%= r.status %><br><abbr class="timeago" title="<%= r.created_at %>"><%= r.created_at %></abbr></div>
<br>
<% end %>
<div>
<script>
@ -31,7 +31,7 @@ function refreshStatus() {
$(".recent_status").prepend("<div><span class=\"status_messages\" id=\"" +
data[i].entry_id + "\">"+
data[i].status +
"</span><br /><abbr class=\"timeago\" title=\"" +
"</span><br><abbr class=\"timeago\" title=\"" +
data[i].created_at + "\">" +
data[i].created_at + "</abbr></div></br>");
}

4
app/views/tags/show.html.erb
View File

@ -6,14 +6,14 @@
<td><%= t.text_field :name %><%= t.submit t(:submit) %></td>
</tr>
</table>
<br />
<br>
<% if @tag_name %>
<% if @results %>
<% @results.each do |channel| %>
<%= link_to channel.name, channel_path(channel.id) %>
<br />
<br>
<% end %>
<% else %>

6
app/views/users/edit.html.erb
View File

@ -33,12 +33,6 @@
<div class="col-sm-8 col-xs-8"><%= f.password_field :password, :class => 'form-control' %></div>
</div>
<div class="form-group">
<label class="col-sm-4 col-xs-4 control-label"><%= t(:password_confirmation) %></label>
<div class="col-sm-8 col-xs-8"><%= f.password_field :password_confirmation, :class => 'form-control' %></div>
</div>
<div class="form-group">
<label class="col-sm-4 col-xs-4 control-label"><%= t(:password_current) %></label>
<div class="col-sm-8 col-xs-8"><%= f.password_field :password_current, :class => 'form-control' %></div>

2
app/views/users/list_channels.html.erb
View File

@ -11,7 +11,7 @@
</tr>
<% end %>
</table>
<br />
<br>
<%= will_paginate @channels %>
<% else %>
<%= t(:user_no_public_channels) %>

8
app/views/users/profile.html.erb
View File

@ -1,17 +1,17 @@
<% if @user.public_flag == true %>
<div class="FR">
<br /><br />
<br><br>
<%= gravatar_tag @user, :default => 'wavatar', :secure => true %>
</div>
<h2><%= t(:profile_for) %> <%= @user.login %></h2>
<%= link_to t(:channels_public_view), list_channels_path(@user.login) %>
<br /><br />
<br><br>
<%= t(:member_since) %> <%= @user.created_at.strftime('%B %-d, %Y') %>
<br /><br />
<br><br>
<%= t(:profile_website) %>: <%= link_to @user.website, @user.website %>
<br /><br />
<br><br>
<%= t(:profile_bio) %>: <%= @user.bio %>
<% else %>

8
app/views/users/show.html.erb
View File

@ -4,7 +4,7 @@
<div class="col-pad">
<%= link_to t(:account_edit), edit_account_path, :class => 'btn btn-primary btn-sm' %>
<br /><br />
<br><br>
<table class="table">
<tr>
<td><%= t(:userid) %></td>
@ -29,13 +29,13 @@
</table>
</div>
<br /><br />
<br><br>
<h4 class="breadcrumb"><%= t(:public_profile) %></h4>
<div class="col-pad">
<%= link_to t(:profile_edit), edit_profile_path, :class => 'btn btn-primary btn-sm' %>
<br /><br />
<br><br>
<%= link_to t(:profile_view), user_profile_path(@user.login) %>
<br /><br />
<br><br>
<% if @user.public_flag %>
<table class="table">
<tr>

3
config/environments/development.rb
View File

@ -1,6 +1,9 @@
Thingspeak::Application.configure do
# Settings specified here will take precedence over those in config/environment.rb
# required by devise
config.action_mailer.default_url_options = { :host => 'localhost:3000' }
# In the development environment your application's code is reloaded on
# every request. This slows down response time but is perfect for development
# since you don't have to restart the webserver when you make code changes.

4
config/environments/production.rb
View File

@ -1,6 +1,9 @@
Thingspeak::Application.configure do
# Settings specified here will take precedence over those in config/environment.rb
# required by devise
config.action_mailer.default_url_options = { :host => 'localhost:3000' }
# The production environment is meant for finished, "live" apps.
# Code is not reloaded between requests
config.cache_classes = true
@ -62,3 +65,4 @@ Thingspeak::Application.configure do
config.assets.js_compressor = :uglifier
config.assets.css_compressor = :scss
end

3
config/environments/test.rb
View File

@ -1,6 +1,9 @@
Thingspeak::Application.configure do
# Settings specified here will take precedence over those in config/environment.rb
# required by devise
config.action_mailer.default_url_options = { :host => 'localhost:3000' }
# The test environment is used exclusively to run your application's
# test suite. You never need to work with it otherwise. Remember that
# your test database is "scratch space" for the test suite and is wiped

255
config/initializers/devise.rb Normal file
View File

@ -0,0 +1,255 @@
# Use this hook to configure devise mailer, warden hooks and so forth.
# Many of these configuration options can be set straight in your model.
Devise.setup do |config|
# The secret key used by Devise. Devise uses this key to generate
# random tokens. Changing this key will render invalid all existing
# confirmation, reset password and unlock tokens in the database.
config.secret_key = '2314e5049a583f211f63beb16361e183db2958271f402bde78d894e4c51ca079a9762ba9723491e45f35d1bf28161b9729a2d9226a44aa22934920f6abdd9a60ffaaae4c39b8d68c7f4bc1ab4057d5daf7b0ee91293f662a5e11a79c6035ad5fec6a8863303b4d2392819aa308e40e5f2f453db4cad27a7a0338e2360eed712c'
# ==> Mailer Configuration
# Configure the e-mail address which will be shown in Devise::Mailer,
# note that it will be overwritten if you use your own mailer class
# with default "from" parameter.
config.mailer_sender = 'support@thingspeak.com'
# Configure the class responsible to send e-mails.
# config.mailer = 'Devise::Mailer'
# ==> ORM configuration
# Load and configure the ORM. Supports :active_record (default) and
# :mongoid (bson_ext recommended) by default. Other ORMs may be
# available as additional gems.
require 'devise/orm/active_record'
# ==> Configuration for any authentication mechanism
# Configure which keys are used when authenticating a user. The default is
# just :email. You can configure it to use [:username, :subdomain], so for
# authenticating a user, both parameters are required. Remember that those
# parameters are used only when authenticating and not when retrieving from
# session. If you need permissions, you should implement that in a before filter.
# You can also supply a hash where the value is a boolean determining whether
# or not authentication should be aborted when the value is not present.
config.authentication_keys = [ :login ]
# Configure parameters from the request object used for authentication. Each entry
# given should be a request method and it will automatically be passed to the
# find_for_authentication method and considered in your model lookup. For instance,
# if you set :request_keys to [:subdomain], :subdomain will be used on authentication.
# The same considerations mentioned for authentication_keys also apply to request_keys.
# config.request_keys = []
# Configure which authentication keys should be case-insensitive.
# These keys will be downcased upon creating or modifying a user and when used
# to authenticate or find a user. Default is :email.
config.case_insensitive_keys = [ :email ]
# Configure which authentication keys should have whitespace stripped.
# These keys will have whitespace before and after removed upon creating or
# modifying a user and when used to authenticate or find a user. Default is :email.
config.strip_whitespace_keys = [ :email ]
# Tell if authentication through request.params is enabled. True by default.
# It can be set to an array that will enable params authentication only for the
# given strategies, for example, `config.params_authenticatable = [:database]` will
# enable it only for database (email + password) authentication.
# config.params_authenticatable = true
# Tell if authentication through HTTP Auth is enabled. False by default.
# It can be set to an array that will enable http authentication only for the
# given strategies, for example, `config.http_authenticatable = [:database]` will
# enable it only for database authentication. The supported strategies are:
# :database = Support basic authentication with authentication key + password
# config.http_authenticatable = false
# If http headers should be returned for AJAX requests. True by default.
# config.http_authenticatable_on_xhr = true
# The realm used in Http Basic Authentication. 'Application' by default.
# config.http_authentication_realm = 'Application'
# It will change confirmation, password recovery and other workflows
# to behave the same regardless if the e-mail provided was right or wrong.
# Does not affect registerable.
config.paranoid = true
# By default Devise will store the user in session. You can skip storage for
# particular strategies by setting this option.
# Notice that if you are skipping storage for all authentication paths, you
# may want to disable generating routes to Devise's sessions controller by
# passing :skip => :sessions to `devise_for` in your config/routes.rb
config.skip_session_storage = [:http_auth]
# By default, Devise cleans up the CSRF token on authentication to
# avoid CSRF token fixation attacks. This means that, when using AJAX
# requests for sign in and sign up, you need to get a new CSRF token
# from the server. You can disable this option at your own risk.
# config.clean_up_csrf_token_on_authentication = true
# ==> Configuration for :database_authenticatable
# For bcrypt, this is the cost for hashing the password and defaults to 10. If
# using other encryptors, it sets how many times you want the password re-encrypted.
#
# Limiting the stretches to just one in testing will increase the performance of
# your test suite dramatically. However, it is STRONGLY RECOMMENDED to not use
# a value less than 10 in other environments.
config.stretches = Rails.env.test? ? 1 : 10
# Setup a pepper to generate the encrypted password.
# config.pepper = '46bc2027fc25c7e6c8795838e91f97a242f8bd88dea1b9c02eaea2b006979d1df58cbc3bc427d1f62e6a4b69e32c0c87f6ae10a548c4380a93ff429bd3005ee0'
# ==> Configuration for :confirmable
# A period that the user is allowed to access the website even without
# confirming their account. For instance, if set to 2.days, the user will be
# able to access the website for two days without confirming their account,
# access will be blocked just in the third day. Default is 0.days, meaning
# the user cannot access the website without confirming their account.
# config.allow_unconfirmed_access_for = 2.days
# A period that the user is allowed to confirm their account before their
# token becomes invalid. For example, if set to 3.days, the user can confirm
# their account within 3 days after the mail was sent, but on the fourth day
# their account can't be confirmed with the token any more.
# Default is nil, meaning there is no restriction on how long a user can take
# before confirming their account.
# config.confirm_within = 3.days
# If true, requires any email changes to be confirmed (exactly the same way as
# initial account confirmation) to be applied. Requires additional unconfirmed_email
# db field (see migrations). Until confirmed new email is stored in
# unconfirmed email column, and copied to email column on successful confirmation.
config.reconfirmable = true
# Defines which key will be used when confirming an account
config.confirmation_keys = [ :login ]
# ==> Configuration for :rememberable
# The time the user will be remembered without asking for credentials again.
config.remember_for = 2.weeks
# If true, extends the user's remember period when remembered via cookie.
config.extend_remember_period = false
# Options to be passed to the created cookie. For instance, you can set
# :secure => true in order to force SSL only cookies.
config.rememberable_options = { :secure => true }
# ==> Configuration for :validatable
# Range for password length.
config.password_length = 8..128
# Email regex used to validate email formats. It simply asserts that
# one (and only one) @ exists in the given string. This is mainly
# to give user feedback and not to assert the e-mail validity.
config.email_regexp = /\A[^@]+@[^@]+\z/
# ==> Configuration for :timeoutable
# The time you want to timeout the user session without activity. After this
# time the user will be asked for credentials again. Default is 30 minutes.
# config.timeout_in = 30.minutes
# If true, expires auth token on session timeout.
# config.expire_auth_token_on_timeout = false
# ==> Configuration for :lockable
# Defines which strategy will be used to lock an account.
# :failed_attempts = Locks an account after a number of failed attempts to sign in.
# :none = No lock strategy. You should handle locking by yourself.
# config.lock_strategy = :failed_attempts
# Defines which key will be used when locking and unlocking an account
# config.unlock_keys = [ :email ]
# Defines which strategy will be used to unlock an account.
# :email = Sends an unlock link to the user email
# :time = Re-enables login after a certain amount of time (see :unlock_in below)
# :both = Enables both strategies
# :none = No unlock strategy. You should handle unlocking by yourself.
# config.unlock_strategy = :both
# Number of authentication tries before locking an account if lock_strategy
# is failed attempts.
# config.maximum_attempts = 20
# Time interval to unlock the account if :time is enabled as unlock_strategy.
# config.unlock_in = 1.hour
# Warn on the last attempt before the account is locked.
# config.last_attempt_warning = false
# ==> Configuration for :recoverable
#
# Defines which key will be used when recovering the password for an account
config.reset_password_keys = [ :login ]
# Time interval you can reset your password with a reset password key.
# Don't put a too small interval or your users won't have the time to
# change their passwords.
config.reset_password_within = 6.hours
# ==> Configuration for :encryptable
# Allow you to use another encryption algorithm besides bcrypt (default). You can use
# :sha1, :sha512 or encryptors from others authentication tools as :clearance_sha1,
# :authlogic_sha512 (then you should set stretches above to 20 for default behavior)
# and :restful_authentication_sha1 (then you should set stretches to 10, and copy
# REST_AUTH_SITE_KEY to pepper).
#
# Require the `devise-encryptable` gem when using anything other than bcrypt
# config.encryptor = :sha512
# ==> Scopes configuration
# Turn scoped views on. Before rendering "sessions/new", it will first check for
# "users/sessions/new". It's turned off by default because it's slower if you
# are using only default views.
# config.scoped_views = false
# Configure the default scope given to Warden. By default it's the first
# devise role declared in your routes (usually :user).
# config.default_scope = :user
# Set this configuration to false if you want /users/sign_out to sign out
# only the current scope. By default, Devise signs out all scopes.
# config.sign_out_all_scopes = true
# ==> Navigation configuration
# Lists the formats that should be treated as navigational. Formats like
# :html, should redirect to the sign in page when the user does not have
# access, but formats like :xml or :json, should return 401.
#
# If you have any extra navigational formats, like :iphone or :mobile, you
# should add them to the navigational formats lists.
#
# The "*/*" below is required to match Internet Explorer requests.
# config.navigational_formats = ['*/*', :html]
# The default HTTP method used to sign out a resource. Default is :delete.
config.sign_out_via = :delete
# ==> OmniAuth
# Add a new OmniAuth provider. Check the wiki for more information on setting
# up on your models and hooks.
# config.omniauth :github, 'APP_ID', 'APP_SECRET', :scope => 'user,public_repo'
# ==> Warden configuration
# If you want to use other strategies, that are not supported by Devise, or
# change the failure app, you can configure them inside the config.warden block.
#
# config.warden do |manager|
# manager.intercept_401 = false
# manager.default_strategies(:scope => :user).unshift :some_external_strategy
# end
# ==> Mountable engine configurations
# When using Devise inside an engine, let's call it `MyEngine`, and this engine
# is mountable, there are some extra configurations to be taken into account.
# The following options are available, assuming the engine is mounted as:
#
# mount MyEngine, at: '/my_engine'
#
# The router that invoked `devise_for`, in the example above, would be:
# config.router_name = :my_engine
#
# When using omniauth, Devise cannot automatically set Omniauth path,
# so you need to do it manually. For the users scope, it would be:
# config.omniauth_path_prefix = '/my_engine/users/auth'
end

61
config/locales/en.yml
View File

@ -505,7 +505,7 @@ en:
error_auth_required:
message: "Authorization Required"
http_status: 401
details: "Please make sure that your API key is correct."
details: "Please provide proper authentication details."
error_resource_not_found:
message: "Resource Not Found"
http_status: 404
@ -677,3 +677,62 @@ en:
update: 'Update %{model}'
submit: 'Save %{model}'
# Devise translations
# Additional translations at https://github.com/plataformatec/devise/wiki/I18n
devise:
confirmations:
confirmed: "Your account was successfully confirmed."
send_instructions: "You will receive an email with instructions about how to confirm your account in a few minutes."
send_paranoid_instructions: "If your email address exists in our database, you will receive an email with instructions about how to confirm your account in a few minutes."
failure:
already_authenticated: "You are already signed in."
inactive: "Your account is not activated yet."
invalid: "Invalid login or password."
locked: "Your account is locked."
last_attempt: "You have one more attempt before your account will be locked."
not_found_in_database: "Invalid login or password."
timeout: "Your session expired. Please sign in again to continue."
unauthenticated: "You need to sign in or sign up before continuing."
unconfirmed: "You have to confirm your account before continuing."
mailer:
confirmation_instructions:
subject: "Confirmation instructions"
reset_password_instructions:
subject: "Reset password instructions"
unlock_instructions:
subject: "Unlock Instructions"
omniauth_callbacks:
failure: "Could not authenticate you from %{kind} because \"%{reason}\"."
success: "Successfully authenticated from %{kind} account."
passwords:
no_token: "You can't access this page without coming from a password reset email. If you do come from a password reset email, please make sure you used the full URL provided."
send_instructions: "You will receive an email with instructions on how to reset your password in a few minutes."
send_paranoid_instructions: "If your email address exists in our database, you will receive a password recovery link at your email address in a few minutes."
updated: "Your password was changed successfully. You are now signed in."
updated_not_active: "Your password was changed successfully."
registrations:
destroyed: "Bye! Your account was successfully cancelled. We hope to see you again soon."
signed_up: "Welcome! You have signed up successfully."
signed_up_but_inactive: "You have signed up successfully. However, we could not sign you in because your account is not yet activated."
signed_up_but_locked: "You have signed up successfully. However, we could not sign you in because your account is locked."
signed_up_but_unconfirmed: "A message with a confirmation link has been sent to your email address. Please open the link to activate your account."
update_needs_confirmation: "You updated your account successfully, but we need to verify your new email address. Please check your email and click on the confirm link to finalize confirming your new email address."
updated: "You updated your account successfully."
sessions:
signed_in: "Signed in successfully."
signed_out: "Signed out successfully."
unlocks:
send_instructions: "You will receive an email with instructions about how to unlock your account in a few minutes."
send_paranoid_instructions: "If your account exists, you will receive an email with instructions about how to unlock it in a few minutes."
unlocked: "Your account has been unlocked successfully. Please sign in to continue."
errors:
messages:
already_confirmed: "was already confirmed, please try signing in"
confirmation_period_expired: "needs to be confirmed within %{period}, please request a new one"
expired: "has expired, please request a new one"
not_found: "not found"
not_locked: "was not locked"
not_saved:
one: "1 error prohibited this %{resource} from being saved:"
other: "%{count} errors prohibited this %{resource} from being saved:"

14
config/routes.rb
View File

@ -10,6 +10,13 @@ Thingspeak::Application.routes.draw do
root :to => 'pages#home'
# for api: login and get token
match 'users/api_login', :to => 'users#api_login', :via => [:get, :post]
# devise for authentication
# override devise controllers and use custom sessions_controller and registrations_controller
devise_for :users, :controllers => {:sessions => 'sessions', :registrations => 'registrations'}
resource :pages do
collection do
get :home
@ -192,9 +199,10 @@ Thingspeak::Application.routes.draw do
get 'docs(/:action)', :to => 'docs'
# users
match 'login' => 'user_sessions#new', :as => :login, :via => [:get, :post]
match 'logout' => 'user_sessions#destroy', :as => :logout, :via => [:get, :post]
match 'forgot_password', :to => 'users#forgot_password', :as => 'forgot_password', :via => [:get, :post]
devise_scope :user do
match 'login', to: "devise/sessions#new", :via => [:get, :post]
match 'logout', to: "devise/sessions#destroy", :via => [:get, :post]
end
# add support for CORS preflighting (matches any OPTIONS route up to 4 levels deep)
# examples: /talkbacks, /talkbacks/4, /talkbacks/4/commands, /talkbacks/4/commands/6

35
db/migrate/20140303175235_add_devise_to_users.rb Normal file
View File

@ -0,0 +1,35 @@
class AddDeviseToUsers < ActiveRecord::Migration
def self.up
change_table(:users) do |t|
## Recoverable
t.string :reset_password_token
t.datetime :reset_password_sent_at
## Rememberable
t.datetime :remember_created_at
## Trackable
t.integer :sign_in_count, :default => 0, :null => false
end
# remove authlogic stuff
remove_column :users, :persistence_token
remove_column :users, :perishable_token
# modify authlogic stuff
rename_column :users, :crypted_password, :encrypted_password
rename_column :users, :current_login_at, :current_sign_in_at
rename_column :users, :last_login_at, :last_sign_in_at
rename_column :users, :current_login_ip, :current_sign_in_ip
rename_column :users, :last_login_ip, :last_sign_in_ip
add_index :users, :reset_password_token, :unique => true
end
def self.down
# By default, we don't want to make any assumption about how to roll back a migration when your
# model already existed. Please edit below which fields you would like to remove in this migration.
raise ActiveRecord::IrreversibleMigration
end
end

6
db/migrate/20140304030719_remove_notnull_from_users_password_salt.rb Normal file
View File

@ -0,0 +1,6 @@
class RemoveNotnullFromUsersPasswordSalt < ActiveRecord::Migration
def change
change_column :users, :password_salt, :string, :null => true
end
end

6
db/migrate/20140306013304_add_authentication_token_to_users.rb Normal file
View File

@ -0,0 +1,6 @@
class AddAuthenticationTokenToUsers < ActiveRecord::Migration
def change
add_column :users, :authentication_token, :string
add_index :users, :authentication_token
end
end

32
db/schema.rb
View File

@ -11,7 +11,7 @@
#
# It's strongly recommended that you check this file into your version control system.
ActiveRecord::Schema.define(version: 20140203191645) do
ActiveRecord::Schema.define(version: 20140306013304) do
create_table "api_keys", force: true do |t|
t.string "api_key", limit: 16
@ -348,29 +348,33 @@ ActiveRecord::Schema.define(version: 20140203191645) do
add_index "twitter_accounts", ["user_id"], name: "index_twitters_on_user_id", using: :btree
create_table "users", force: true do |t|
t.string "login", null: false
t.string "email", null: false
t.string "crypted_password", null: false
t.string "password_salt", null: false
t.string "persistence_token", null: false
t.string "perishable_token", null: false
t.datetime "current_login_at"
t.datetime "last_login_at"
t.string "current_login_ip"
t.string "last_login_ip"
t.string "login", null: false
t.string "email", null: false
t.string "encrypted_password", null: false
t.string "password_salt"
t.datetime "current_sign_in_at"
t.datetime "last_sign_in_at"
t.string "current_sign_in_ip"
t.string "last_sign_in_ip"
t.datetime "created_at"
t.datetime "updated_at"
t.string "time_zone"
t.boolean "public_flag", default: false
t.boolean "public_flag", default: false
t.text "bio"
t.string "website"
t.string "api_key", limit: 16
t.string "api_key", limit: 16
t.string "reset_password_token"
t.datetime "reset_password_sent_at"
t.datetime "remember_created_at"
t.integer "sign_in_count", default: 0, null: false
t.string "authentication_token"
end
add_index "users", ["api_key"], name: "index_users_on_api_key", using: :btree
add_index "users", ["authentication_token"], name: "index_users_on_authentication_token", using: :btree
add_index "users", ["email"], name: "index_users_on_email", using: :btree
add_index "users", ["login"], name: "index_users_on_login", using: :btree
add_index "users", ["persistence_token"], name: "index_users_on_persistence_token", using: :btree
add_index "users", ["reset_password_token"], name: "index_users_on_reset_password_token", unique: true, using: :btree
create_table "watchings", force: true do |t|
t.integer "user_id"

6
public/assets/application-30eca9c0618d0b22e7b6d14811e91b0c.js Normal file
View File

File diff suppressed because one or more lines are too long

BIN
public/assets/application-30eca9c0618d0b22e7b6d14811e91b0c.js.gz Normal file
View File

Binary file not shown.

6
public/assets/application-758dfe76590292f18a8ab95344e4f660.js Normal file
View File

File diff suppressed because one or more lines are too long

BIN
public/assets/application-758dfe76590292f18a8ab95344e4f660.js.gz Normal file
View File

Binary file not shown.

6
public/assets/application-7ef51bca06329cea2a440173b3074b04.js Normal file
View File

File diff suppressed because one or more lines are too long

BIN
public/assets/application-7ef51bca06329cea2a440173b3074b04.js.gz Normal file
View File

Binary file not shown.

103
public/assets/application-a653aaeb8d2aaf7bdb2e8103a3983d0a.css Normal file
View File

File diff suppressed because one or more lines are too long

BIN
public/assets/application-a653aaeb8d2aaf7bdb2e8103a3983d0a.css.gz Normal file
View File

Binary file not shown.

103
public/assets/application-b32fe30ea714a81e0cc07fd3cb589fcd.css Normal file
View File

File diff suppressed because one or more lines are too long

BIN
public/assets/application-b32fe30ea714a81e0cc07fd3cb589fcd.css.gz Normal file
View File

Binary file not shown.

2
public/assets/manifest-27c2ec8d97bd8487cae01bba17cdddb9.json
View File

File diff suppressed because one or more lines are too long

24
spec/controllers/registrations_controller_spec.rb Normal file
View File

@ -0,0 +1,24 @@
require 'spec_helper'
describe RegistrationsController do
describe "new account" do
render_views
it "should create a new user if user parameters are complete" do
@request.env["devise.mapping"] = Devise.mappings[:user]
post :create, :user => {"login"=>"xxx", "email"=>"xxx@insomnia-consulting.org", "time_zone"=>"Eastern Time (US & Canada)", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]"}
response.code.should == "302"
response.should redirect_to(channels_path)
end
it "should have a valid api_key" do
@request.env["devise.mapping"] = Devise.mappings[:user]
post :create, :user => {"login"=>"xxx", "email"=>"xxx@insomnia-consulting.org", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]"}
assigns[:user].api_key.length.should eq(16)
end
end
end

44
spec/controllers/user_sessions_controller_spec.rb
View File

@ -1,44 +0,0 @@
# -*- coding: utf-8 -*-
require 'spec_helper'
describe UserSessionsController do
before :each do
@user = FactoryGirl.create(:user)
activate_authlogic
@user_session = UserSession.create(@user)
controller.stub(:current_user).and_return(@user)
controller.stub(:current_user_session).and_return(@user_session)
end
describe "for logged in user" do
it "should logout the user" do
get 'destroy'
response.should redirect_to(root_path)
end
end
end
describe UserSessionsController do
before :each do
@user = FactoryGirl.create(:user)
activate_authlogic
# @user_session = UserSession.create(@user)
# controller.stub(:current_user).and_return(@user)
# controller.stub(:current_user_session).and_return(@user_session)
end
it "should allow a new user to login" do
get 'new'
response.should be_success
response.should render_template('new')
end
it "should create user session" do
post 'create' , {:userlogin => "", :user_session=>{"remember_me"=>"false", "login"=>@user.login, "password"=>"foobar", "remember_id"=>"1"}, "commit" => "Sign In"}
user_session = UserSession.find
user_session.should_not be_nil
user_session.user.should == @user
response.should redirect_to ('/channels')
end
end

76
spec/controllers/users_controller_spec.rb
View File

@ -3,20 +3,8 @@ require 'spec_helper'
describe UsersController do
before :each do
@user = FactoryGirl.create(:user)
# controller.stub(:current_user).and_return(@user)
# controller.stub(:current_user_session).and_return(true)
# @channel = FactoryGirl.create(:channel)
end
# create a valid authlogic session
#def create_valid_session
# activate_authlogic
# UserSession.create(@user, true) #create an authlogic session
#end
# get the curent_user
#def current_user; @current_user ||= @user; end
describe "api" do
render_views
@ -34,46 +22,42 @@ describe UsersController do
get :profile, :glob => @user.login, :format => 'json', :key => @user.api_key
JSON.parse(response.body)['email'].should eq(@user.email)
end
end
#describe "existing account" do
#render_views
#it "has a current_user" do
# create_valid_session
# current_user.should_not be_false
#end
#it "generates a new api_key" do
# create_valid_session
# old_key = @user.set_new_api_key!
# post :new_api_key
# response.should be_successful
# assigns[:user].api_key.should != old_key
#end
#end
describe "new account" do
render_views
it "assigns new user" do
get :new
response.should be_successful
response.should have_selector("#user_submit")
assigns[:user].should_not be_nil
end
it "should create a new user if user parameters are complete" do
post :create, :user => {"login"=>"xxx", "email"=>"xxx@insomnia-consulting.org", "time_zone"=>"Eastern Time (US & Canada)", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]"}
response.code.should == "302"
response.should redirect_to(channels_path)
describe "login via api" do
it "should return a token" do
post :api_login, :login => @user.login, :password => @user.password
@user.reload
response.body.should eq(@user.authentication_token)
end
it "should have a valid api_key" do
post :create, :user => {"login"=>"xxx", "email"=>"xxx@insomnia-consulting.org", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]"}
assigns[:user].api_key.length.should eq(16)
it "returns JSON" do
post :api_login, :login => @user.login, :password => @user.password, :format => 'json'
@user.reload
JSON.parse(response.body)['login'].should eq(@user.login)
JSON.parse(response.body)['authentication_token'].should eq(@user.authentication_token)
end
it "returns XML" do
post :api_login, :login => @user.login, :password => @user.password, :format => 'xml'
@user.reload
Nokogiri::XML(response.body).css('login').text.should eq(@user.login)
Nokogiri::XML(response.body).css('authentication-token').text.should eq(@user.authentication_token)
end
end
describe "authentication via api" do
it "should not allow authentication via incorrect token" do
# attempt to get private profile info
get :profile, :glob => @user.login, :format => 'json', :login => @user.login, :token => 'bad token'
JSON.parse(response.body)['email'].should eq(nil)
end
it "should allow authentication via correct token" do
# attempt to get private profile info
get :profile, :glob => @user.login, :format => 'json', :login => @user.login, :token => @user.authentication_token
JSON.parse(response.body)['email'].should eq(@user.email)
end
end
end

3
spec/factories/user.rb
View File

@ -2,12 +2,13 @@ FactoryGirl.define do
factory :user do
sequence(:login) {|n| "name#{n}" }
sequence(:email) {|n| "email#{n}@example.com" }
password "foobar"
password "foobar88"
password_confirmation {|u| u.password}
bio ""
website ""
time_zone "London"
api_key 'ED1HVHNEH2BZD0AB'
authentication_token '123456token'
end
end

22
spec/spec_helper.rb
View File

@ -2,9 +2,6 @@
ENV["RAILS_ENV"] ||= 'test'
require File.expand_path("../../config/environment", __FILE__)
require 'rspec/rails'
require 'authlogic/test_case'
include Authlogic::TestCase
# Requires supporting ruby files with custom matchers and macros, etc,
# in spec/support/ and its subdirectories.
@ -23,6 +20,9 @@ RSpec.configure do |config|
# Use color in STDOUT
config.color_enabled = true
# add devise test helpers
config.include Devise::TestHelpers, type: :controller
# Remove this line if you're not using ActiveRecord or ActiveRecord fixtures
config.fixture_path = "#{::Rails.root}/spec/fixtures"
@ -48,14 +48,14 @@ def ppp(obj)
end
def without_timestamping_of(*klasses)
if block_given?
klasses.delete_if { |klass| !klass.record_timestamps }
klasses.each { |klass| klass.record_timestamps = false }
begin
yield
ensure
klasses.each { |klass| klass.record_timestamps = true }
end
if block_given?
klasses.delete_if { |klass| !klass.record_timestamps }
klasses.each { |klass| klass.record_timestamps = false }
begin
yield
ensure
klasses.each { |klass| klass.record_timestamps = true }
end
end
end