diff --git a/app/assets/javascripts/user_avatar.js.coffee b/app/assets/javascripts/user_avatar.js.coffee new file mode 100644 index 0000000..24f83d1 --- /dev/null +++ b/app/assets/javascripts/user_avatar.js.coffee @@ -0,0 +1,3 @@ +# Place all the behaviors and hooks related to the matching controller here. +# All this logic will automatically be available in application.js. +# You can use CoffeeScript in this file: http://coffeescript.org/ diff --git a/app/assets/stylesheets/user_avatar.css.scss b/app/assets/stylesheets/user_avatar.css.scss new file mode 100644 index 0000000..d7e24de --- /dev/null +++ b/app/assets/stylesheets/user_avatar.css.scss @@ -0,0 +1,3 @@ +// Place all the styles related to the user_avatar controller here. +// They will automatically be included in application.css. +// You can use Sass (SCSS) here: http://sass-lang.com/ diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 8e4e7be..492f9c1 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -2,7 +2,6 @@ class ApplicationController < ActionController::Base # Prevent CSRF attacks by raising an exception. # For APIs, you may want to use :null_session instead. protect_from_forgery with: :exception - before_action :configure_permitted_parameters, if: :devise_controller? rescue_from CanCan::AccessDenied do |exception| redirect_to root_path, flash: { error: exception.message } @@ -15,17 +14,4 @@ class ApplicationController < ActionController::Base def after_sign_up_path_for(resource) root_path end - - protected - - def configure_permitted_parameters - devise_parameter_sanitizer.for(:sign_up) { |u| u.permit( - :nickname, :password, :password_confirmation, - :avatar - ) } - - devise_parameter_sanitizer.for(:account_update) { |u| u.permit( - :password, :password_confirmation, :current_password, :avatar - ) } - end end diff --git a/app/controllers/callbacks_controller.rb b/app/controllers/callbacks_controller.rb index bbab5e8..e0beaa2 100644 --- a/app/controllers/callbacks_controller.rb +++ b/app/controllers/callbacks_controller.rb @@ -1,7 +1,18 @@ class CallbacksController < Devise::OmniauthCallbacksController def zeuswpi @user = User.from_omniauth(request.env["omniauth.auth"]) - @user.save - sign_in_and_redirect @user + @user.save!(validate: false) + if @user.valid? + flash[:success] = "You are now logged in." + sign_in_and_redirect @user + else + flash[:error] = "Please complete your profile first." + session[:id] = @user.id + redirect_to new_user_avatar_path + end + end + + def after_omniauth_failure_path_for(scope) + root_path end end diff --git a/app/controllers/orders_controller.rb b/app/controllers/orders_controller.rb index ed72a23..66a1223 100644 --- a/app/controllers/orders_controller.rb +++ b/app/controllers/orders_controller.rb @@ -37,7 +37,7 @@ class OrdersController < ApplicationController end def overview - @users = User.members.order(:nickname) + @users = User.members.order(:uid) end def quickpay diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb new file mode 100644 index 0000000..c5399c7 --- /dev/null +++ b/app/controllers/sessions_controller.rb @@ -0,0 +1,9 @@ +class SessionsController < Devise::SessionsController + def new + if session[:id] + redirect_to new_user_avatar_path + return + end + super + end +end diff --git a/app/controllers/user_avatar_controller.rb b/app/controllers/user_avatar_controller.rb new file mode 100644 index 0000000..cb1c9c5 --- /dev/null +++ b/app/controllers/user_avatar_controller.rb @@ -0,0 +1,35 @@ +class UserAvatarController < ApplicationController + before_action :authenticate_session_user! + + def new + end + + def create + if @user.update_attributes(user_params) + flash[:success] = "Your profile is complete. You are now logged in." + sign_in_and_redirect @user + else + render 'new' + end + end + + def destroy + reset_session + redirect_to root_path + end + + private + + def authenticate_session_user! + redirect_to root_path unless session[:id] + @user = User.find_by session[:id] + unless @user + reset_session + redirect_to root_path + end + end + + def user_params + params.require(:user).permit(:avatar) + end +end diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 786d3f3..6695eed 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -20,6 +20,19 @@ class UsersController < ApplicationController .group(:category) end + def edit + @user = User.find(params[:id]) + end + + def update + @user = User.find(params[:id]) + if @user.update_attributes(user_params) + redirect_to @user, success: "Successfully updated!" + else + render 'edit' + end + end + def index @users = User.members end @@ -63,4 +76,8 @@ class UsersController < ApplicationController @user = User.find(params[:user_id]) redirect_to root_path, error: "You are not authorized to access this page." unless @user == current_user || current_user.admin? end + + def user_params + params.require(:user).permit(:avatar) + end end diff --git a/app/helpers/user_avatar_helper.rb b/app/helpers/user_avatar_helper.rb new file mode 100644 index 0000000..52a0ddd --- /dev/null +++ b/app/helpers/user_avatar_helper.rb @@ -0,0 +1,2 @@ +module UserAvatarHelper +end diff --git a/app/models/user.rb b/app/models/user.rb index 6a4a158..0b0fc17 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -4,10 +4,8 @@ # # id :integer not null, primary key # debt_cents :integer default("0"), not null -# nickname :string # created_at :datetime # updated_at :datetime -# encrypted_password :string default(""), not null # remember_created_at :datetime # sign_in_count :integer default("0"), not null # current_sign_in_at :datetime @@ -24,10 +22,11 @@ # koelkast :boolean default("f") # provider :string # uid :string +# encrypted_password :string # class User < ActiveRecord::Base - devise :database_authenticatable, :registerable, :rememberable, :trackable, :validatable, :omniauthable, :omniauth_providers => [:zeuswpi] + devise :database_authenticatable, :trackable, :omniauthable, :omniauth_providers => [:zeuswpi] has_paper_trail only: [:debt_cents, :admin, :orders_count, :koelkast] @@ -37,7 +36,6 @@ class User < ActiveRecord::Base has_many :products, through: :orders belongs_to :dagschotel, class_name: 'Product' - validates :nickname, presence: true, uniqueness: true validates_attachment :avatar, presence: true, content_type: { content_type: ["image/jpeg", "image/gif", "image/png"] } @@ -45,10 +43,20 @@ class User < ActiveRecord::Base scope :members, -> { where koelkast: false } def self.from_omniauth(auth) - where(provider: auth.provider, uid: auth.uid).first_or_create do |user| + newuser = where(provider: auth.provider, uid: auth.uid).first_or_create do |user| user.provider = auth.provider user.uid = auth.uid end + newuser.password = Devise.friendly_token[0,20] + newuser + end + + def nickname + self.uid + end + + def nickname=(name) + self.uid = name end def debt @@ -65,14 +73,4 @@ class User < ActiveRecord::Base def to_param "#{id} #{nickname}".parameterize end - - # This is needed so Devise doesn't try to validate :email - - def email_required? - false - end - - def email_changed? - false - end end diff --git a/app/views/devise/registrations/edit.html.erb b/app/views/devise/registrations/edit.html.erb deleted file mode 100644 index 164865d..0000000 --- a/app/views/devise/registrations/edit.html.erb +++ /dev/null @@ -1,15 +0,0 @@ -

Edit <%= resource_name.to_s.humanize %>

-<%= render 'flash' %> - -<%= f_form_for(resource, :as => resource_name, :url => registration_path(resource_name), :html => { :method => :put }) do |f| %> - <%= f.error_messages %> - - <%= f.password_field :password %> - <%= f.password_field :password_confirmation %> - - <%= f.password_field :current_password %> - - <%= f.file_field :avatar %> - - <%= f.submit "Update" %> -<% end %> diff --git a/app/views/devise/registrations/new.html.erb b/app/views/devise/registrations/new.html.erb deleted file mode 100644 index 37eb96b..0000000 --- a/app/views/devise/registrations/new.html.erb +++ /dev/null @@ -1,16 +0,0 @@ -

Sign up

- -<%= f_form_for(resource, as: resource_name, url: registration_path(resource_name)) do |f| %> - <%= f.error_messages %> - - <%= f.text_field :nickname %> - - <%= f.password_field :password %> - <%= f.password_field :password_confirmation %> - - <%= f.file_field :avatar %> - - <%= f.submit "Sign up" %> -<% end %> - -<%= render "devise/shared/links" %> diff --git a/app/views/devise/sessions/new.html.erb b/app/views/devise/sessions/new.html.erb index 222f8a5..f36a0ac 100644 --- a/app/views/devise/sessions/new.html.erb +++ b/app/views/devise/sessions/new.html.erb @@ -1,17 +1,8 @@ -

Sign in

-<%= render partial: 'flash' %> +

Login

+<%= render 'flash' %> +If this is the first time you log in, an account will be created for you. -
- <%= f_form_for(resource, :as => resource_name, :url => session_path(resource_name)) do |f| %> - <%= f.text_field :nickname %> - <%= f.password_field :password %> - - <% if devise_mapping.rememberable? %> - <%= f.check_box :remember_me %> - <% end %> - - <%= f.submit "Sign in" %> - <% end %> +
+
+ <%= render 'devise/shared/links' %>
- -<%= render "devise/shared/links" %> diff --git a/app/views/devise/shared/_links.html.erb b/app/views/devise/shared/_links.html.erb index cd795ad..e4a4e2d 100644 --- a/app/views/devise/shared/_links.html.erb +++ b/app/views/devise/shared/_links.html.erb @@ -2,10 +2,6 @@ <%= link_to "Log in", new_session_path(resource_name) %>
<% end -%> -<%- if devise_mapping.registerable? && controller_name != 'registrations' %> - <%= link_to "Sign up", new_registration_path(resource_name) %>
-<% end -%> - <%- if devise_mapping.recoverable? && controller_name != 'passwords' && controller_name != 'registrations' %> <%= link_to "Forgot your password?", new_password_path(resource_name) %>
<% end -%> @@ -20,6 +16,6 @@ <%- if devise_mapping.omniauthable? %> <%- resource_class.omniauth_providers.each do |provider| %> - <%= link_to "Sign in with #{provider.to_s.titleize}", omniauth_authorize_path(resource_name, provider) %>
+ <%= link_to "Sign in with #{provider.to_s.titleize}", omniauth_authorize_path(resource_name, provider), class: "btn btn-large btn-primary" %>
<% end -%> <% end -%> diff --git a/app/views/layouts/_header.html.erb b/app/views/layouts/_header.html.erb index c7bcd90..9f8abfa 100644 --- a/app/views/layouts/_header.html.erb +++ b/app/views/layouts/_header.html.erb @@ -17,9 +17,10 @@
<% if user_signed_in? %> <%= button_to "Logout", destroy_user_session_path, class: "btn btn-default form-control", method: :delete %> + <% elsif session[:id] %> + <%= button_to "Logout", user_avatar_path(session[:id]), class: "btn btn-default form-control", method: :delete %> <% else %> <%= link_to "Login", new_user_session_path, class: "btn btn-success form-control" %> - <%= link_to "Register", new_user_registration_path, class: "btn btn-default form-control" %> <% end %>
@@ -50,7 +51,7 @@ <% end %> @@ -62,7 +63,6 @@ <%= button_to "Logout", destroy_user_session_path, class: "btn btn-default form-control", method: :delete %> <% else %> <%= link_to "Login", new_user_session_path, class: "btn btn-success form-control" %> - <%= link_to "Register", new_user_registration_path, class: "btn btn-default form-control" %> <% end %> diff --git a/app/views/user_avatar/new.html.erb b/app/views/user_avatar/new.html.erb new file mode 100644 index 0000000..38c9c39 --- /dev/null +++ b/app/views/user_avatar/new.html.erb @@ -0,0 +1,13 @@ +

Add avatar to <%= @user.uid %>

+<%= render 'flash' %> + +<%= f_form_for @user, url: '/user_avatar', method: :post do |f| %> + <%= f.error_messages %> + + + <%= f.hidden_field :generate_form, value: '1' %> + + <%= f.file_field :avatar %> + + <%= f.submit "Update" %> +<% end %> diff --git a/app/views/users/edit.html.erb b/app/views/users/edit.html.erb new file mode 100644 index 0000000..63d128c --- /dev/null +++ b/app/views/users/edit.html.erb @@ -0,0 +1,10 @@ +

Edit <%= @user.nickname %>

+<%= render 'flash' %> + +<%= f_form_for @user do |f| %> + <%= f.error_messages %> + + <%= f.file_field :avatar %> + + <%= f.submit "Update" %> +<% end %> diff --git a/app/views/users/show.html.erb b/app/views/users/show.html.erb index c8862a7..b869e1f 100644 --- a/app/views/users/show.html.erb +++ b/app/views/users/show.html.erb @@ -4,7 +4,7 @@ <% if current_user == @user %>
<%= link_to "[Edit dagschotel]" , user_edit_dagschotel_path(@user) %> - <%= link_to "[Edit profile]" , edit_user_registration_path %> + <%= link_to "[Edit profile]" , edit_user_path(@user) %>
<% end %>

<%= @user.nickname %>

diff --git a/config/initializers/bypass_ssl_verification_for_open_uri.rb b/config/initializers/bypass_ssl_verification_for_open_uri.rb new file mode 100644 index 0000000..edc39d1 --- /dev/null +++ b/config/initializers/bypass_ssl_verification_for_open_uri.rb @@ -0,0 +1 @@ +OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE diff --git a/config/initializers/zeuswpi.rb b/config/initializers/zeuswpi.rb index 8b16a5b..c1df05a 100644 --- a/config/initializers/zeuswpi.rb +++ b/config/initializers/zeuswpi.rb @@ -12,7 +12,7 @@ module OmniAuth # This is where you pass the options you would pass when # initializing your consumer from the OAuth gem. option :client_options, { - site: "http://kelder.zeus.ugent.be", + site: "https://kelder.zeus.ugent.be", authorize_url: "/oauth/oauth2/authorize/", token_url: "/oauth/oauth2/token/", } diff --git a/config/routes.rb b/config/routes.rb index 7e68b34..d49034a 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -1,9 +1,12 @@ Rails.application.routes.draw do - devise_for :users, controllers: { omniauth_callbacks: "callbacks" } + devise_for :users, controllers: { + omniauth_callbacks: "callbacks", + sessions: "sessions" + } devise_scope :user do unauthenticated :user do - root to: 'devise/sessions#new' + root to: 'sessions#new' end authenticated :user, ->(u) { u.koelkast? } do @@ -22,6 +25,8 @@ Rails.application.routes.draw do get 'dagschotel/:product_id' => 'users#update_dagschotel', as: 'dagschotel' end + resources :user_avatar + resources :products do collection do get 'stock' => 'products#stock', as: 'stock' diff --git a/config/secrets.yml b/config/secrets.yml index 226185a..f939db0 100644 --- a/config/secrets.yml +++ b/config/secrets.yml @@ -12,8 +12,8 @@ development: secret_key_base: 5d40610321e19e4f71ee2ba8af4f426fe15096c405da3800c6b33bed6779f2d11f55a0edc455974b19a01fd71f6cd508dba980305dbc55ff82521a2d12f891d8 - omniauth_client_id: "client_id" - omniauth_client_secret: "client_secret" + omniauth_client_id: tomtest + omniauth_client_secret: blargh test: secret_key_base: 961437e28e7d6055ffaad9cf1f8d614354f57f10cb2d7601c9d6ede72a03b9c9535ad9e63507e3eb31252c4895970a63117493408f2e9a46c7a0c4a5a7836b81 @@ -24,4 +24,3 @@ production: secret_key_base: <%= ENV["SECRET_KEY_BASE"] %> omniauth_client_id: "" omniauth_client_secret: "" - diff --git a/db/migrate/20150320001338_remove_fields_from_users.rb b/db/migrate/20150320001338_remove_fields_from_users.rb new file mode 100644 index 0000000..bd57eaa --- /dev/null +++ b/db/migrate/20150320001338_remove_fields_from_users.rb @@ -0,0 +1,5 @@ +class RemoveFieldsFromUsers < ActiveRecord::Migration + def change + remove_column :users, :nickname, :string + end +end diff --git a/db/schema.rb b/db/schema.rb index 9dde761..8c26e86 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -11,7 +11,7 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema.define(version: 20150319154236) do +ActiveRecord::Schema.define(version: 20150320001338) do create_table "order_items", force: :cascade do |t| t.integer "order_id" @@ -45,10 +45,8 @@ ActiveRecord::Schema.define(version: 20150319154236) do create_table "users", force: :cascade do |t| t.integer "debt_cents", default: 0, null: false - t.string "nickname" t.datetime "created_at" t.datetime "updated_at" - t.string "encrypted_password", default: "", null: false t.datetime "remember_created_at" t.integer "sign_in_count", default: 0, null: false t.datetime "current_sign_in_at" @@ -65,6 +63,7 @@ ActiveRecord::Schema.define(version: 20150319154236) do t.boolean "koelkast", default: false t.string "provider" t.string "uid" + t.string "encrypted_password" end add_index "users", ["koelkast"], name: "index_users_on_koelkast" diff --git a/db/seeds.rb b/db/seeds.rb index a79bce8..80b8d7e 100644 --- a/db/seeds.rb +++ b/db/seeds.rb @@ -37,37 +37,38 @@ end users = [ { - nickname: 'admin', + uid: 'admin', avatar: File.new('public/seeds/users/admin.jpg', 'r'), admin: true }, { - nickname: 'koelkast', + uid: 'koelkast', avatar: File.new('public/seeds/users/admin.jpg', 'r'), koelkast: true }, { - nickname: 'benji', + uid: 'benji', avatar: File.new('public/seeds/users/benji.jpg', 'r'), - dagschotel: Product.first + dagschotel: Product.first, + provider: 'zeuswpi' }, { - nickname: 'don', + uid: 'don', avatar: File.new('public/seeds/users/don.jpg', 'r') }, { - nickname: 'silox', + uid: 'silox', avatar: File.new('public/seeds/users/silox.jpg', 'r') } ] users.each do |attr| User.create( - nickname: attr[:nickname], + uid: attr[:uid], + provider: attr[:provider], avatar: attr[:avatar], dagschotel: attr[:dagschotel], password: DEFAULT_PASSWORD, - password_confirmation: DEFAULT_PASSWORD, admin: attr[:admin] || false, koelkast: attr[:koelkast] || false ) @@ -75,9 +76,8 @@ end 50.times do |i| User.create( - nickname: "testUser#{i}", + uid: "testUser#{i}", avatar: users[0][:avatar], password: DEFAULT_PASSWORD, - password_confirmation: DEFAULT_PASSWORD ) end diff --git a/test/controllers/user_avatar_controller_test.rb b/test/controllers/user_avatar_controller_test.rb new file mode 100644 index 0000000..8647cce --- /dev/null +++ b/test/controllers/user_avatar_controller_test.rb @@ -0,0 +1,7 @@ +require 'test_helper' + +class UserAvatarControllerTest < ActionController::TestCase + # test "the truth" do + # assert true + # end +end diff --git a/test/fixtures/users.yml b/test/fixtures/users.yml index d603a3d..52b2bd9 100644 --- a/test/fixtures/users.yml +++ b/test/fixtures/users.yml @@ -4,10 +4,8 @@ # # id :integer not null, primary key # debt_cents :integer default("0"), not null -# nickname :string # created_at :datetime # updated_at :datetime -# encrypted_password :string default(""), not null # remember_created_at :datetime # sign_in_count :integer default("0"), not null # current_sign_in_at :datetime @@ -24,21 +22,22 @@ # koelkast :boolean default("f") # provider :string # uid :string +# encrypted_password :string # # Read about fixtures at http://api.rubyonrails.org/classes/ActiveRecord/FixtureSet.html benji: - nickname: benji + uid: benji dagschotel_id: 1 iasoon: - nickname: iasoon + uid: iasoon admin: - nickname: admin + uid: admin admin: 1 koelkast: - nickname: koelkast + uid: koelkast koelkast: 1 diff --git a/test/models/user_test.rb b/test/models/user_test.rb index ac84d67..7860d28 100644 --- a/test/models/user_test.rb +++ b/test/models/user_test.rb @@ -4,10 +4,8 @@ # # id :integer not null, primary key # debt_cents :integer default("0"), not null -# nickname :string # created_at :datetime # updated_at :datetime -# encrypted_password :string default(""), not null # remember_created_at :datetime # sign_in_count :integer default("0"), not null # current_sign_in_at :datetime @@ -24,6 +22,7 @@ # koelkast :boolean default("f") # provider :string # uid :string +# encrypted_password :string # require 'test_helper' @@ -46,9 +45,4 @@ class UserTest < ActiveSupport::TestCase test "to_param" do assert_equal @user.to_param, "#{@user.id}-benji" end - - test "devise validatable methods" do - assert_not @user.email_required? - assert_not @user.email_changed? - end end