[Git][noosfero/noosfero][api] 2 commits: Change private_token from session to user creation
Rodrigo Souto
gitlab at gitlab.com
Thu Aug 6 17:07:54 BRT 2015
Rodrigo Souto pushed to branch api at Noosfero / noosfero
Commits:
0b70895d by Luciano Prestes Cavalcanti at 2015-08-06T20:01:52Z
Change private_token from session to user creation
Signed-off-by: Gabriela Navarro <navarro1703 at gmail.com>
Signed-off-by: Luciano Prestes Cavalcanti <luciano at luciano.luciano>
- - - - -
34b572e5 by Rodrigo Souto at 2015-08-06T20:07:51Z
Merge branch 'api_private_token' into 'api'
Change private_token from session to user creation
See merge request !645
- - - - -
5 changed files:
- app/controllers/my_profile/profile_editor_controller.rb
- app/controllers/public/account_controller.rb
- app/models/user.rb
- app/views/profile_editor/_person_form.html.erb
- lib/noosfero/api/session.rb
Changes:
=====================================
app/controllers/my_profile/profile_editor_controller.rb
=====================================
--- a/app/controllers/my_profile/profile_editor_controller.rb
+++ b/app/controllers/my_profile/profile_editor_controller.rb
@@ -132,6 +132,13 @@ class ProfileEditorController < MyProfileController
redirect_to_previous_location
end
+ def reset_private_token
+ profile = environment.profiles.find(params[:id])
+ profile.user.generate_private_token!
+
+ redirect_to_previous_location
+ end
+
protected
def redirect_to_previous_location
=====================================
app/controllers/public/account_controller.rb
=====================================
--- a/app/controllers/public/account_controller.rb
+++ b/app/controllers/public/account_controller.rb
@@ -16,7 +16,7 @@ class AccountController < ApplicationController
def activate
@user = User.find_by_activation_code(params[:activation_code]) if params[:activation_code]
if @user
- unless @user.environment.enabled?('admin_must_approve_new_users')
+ unless @user.environment.enabled?('admin_must_approve_new_users')
if @user.activate
@message = _("Your account has been activated, now you can log in!")
check_redirection
@@ -30,7 +30,7 @@ class AccountController < ApplicationController
@user.activation_code = nil
@user.save!
redirect_to :controller => :home
- end
+ end
end
else
session[:notice] = _("It looks like you're trying to activate an account. Perhaps have already activated this account?")
=====================================
app/models/user.rb
=====================================
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -113,6 +113,7 @@ class User < ActiveRecord::Base
validates_uniqueness_of :login, :email, :case_sensitive => false, :scope => :environment_id
before_save :encrypt_password
before_save :normalize_email, if: proc{ |u| u.email.present? }
+ before_save :generate_private_token_if_not_exist
validates_format_of :email, :with => Noosfero::Constants::EMAIL_FORMAT, :if => (lambda {|user| !user.email.blank?})
validates_inclusion_of :terms_accepted, :in => [ '1' ], :if => lambda { |u| ! u.terms_of_use.blank? }, :message => N_('{fn} must be checked in order to signup.').fix_i18n
@@ -122,19 +123,33 @@ class User < ActiveRecord::Base
environment ||= Environment.default
u = self.first :conditions => ['(login = ? OR email = ?) AND environment_id = ? AND activated_at IS NOT NULL',
login, login, environment.id] # need to get the salt
- u && u.authenticated?(password) ? u : nil
+ if u && u.authenticated?(password)
+ u.generate_private_token_if_not_exist
+ return u
+ end
+ return nil
end
def register_login
self.update_attribute :last_login_at, Time.now
end
- def generate_private_token!
+ def generate_private_token
self.private_token = SecureRandom.hex
self.private_token_generated_at = DateTime.now
+ end
+
+ def generate_private_token!
+ self.generate_private_token
save(:validate => false)
end
+ def generate_private_token_if_not_exist
+ unless self.private_token
+ self.generate_private_token
+ end
+ end
+
TOKEN_VALIDITY = 2.weeks
def private_token_expired?
self.private_token.nil? || (self.private_token_generated_at + TOKEN_VALIDITY < DateTime.now)
=====================================
app/views/profile_editor/_person_form.html.erb
=====================================
--- a/app/views/profile_editor/_person_form.html.erb
+++ b/app/views/profile_editor/_person_form.html.erb
@@ -1,5 +1,14 @@
<% @person ||= @profile %>
+<div class="formfieldline">
+ <%= label_tag("private_token", _("Private Token")) %>
+ <div class="formfield type-text">
+ <%= text_field_tag("a", @profile.user.private_token, :size => 30) %>
+ </div>
+</div>
+
+<%= link_to("Reset token", {:controller => :profile_editor, :action => :reset_private_token, :id => @person.id}, :class => "button with-text") %>
+
<% optional_field(@person, 'nickname') do %>
<%= f.text_field(:nickname, :maxlength => 16, :size => 30, :rel => _('Nickname')) %>
<div>
=====================================
lib/noosfero/api/session.rb
=====================================
--- a/lib/noosfero/api/session.rb
+++ b/lib/noosfero/api/session.rb
@@ -17,7 +17,6 @@ module Noosfero
user ||= User.authenticate(params[:login], params[:password], environment)
return unauthorized! unless user
- user.generate_private_token!
@current_user = user
present user, :with => Entities::UserLogin
end
View it on GitLab: https://gitlab.com/noosfero/noosfero/compare/74d578131279147a8b72ccf34f3a6aad57ebc5ef...34b572e59e11d4ca287b0db896e6071b631d0cbe
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listas.softwarelivre.org/pipermail/noosfero-dev/attachments/20150806/f8e06bff/attachment.html>
More information about the Noosfero-dev
mailing list