[Git][noosfero/noosfero][master] 4 commits: Refactory to new feature that show a specific message when a user inactive try login

Bráulio Bhavamitra gitlab at gitlab.com
Fri Aug 21 16:31:26 BRT 2015 

Bráulio Bhavamitra pushed to branch master at Noosfero / noosfero


Commits:
0623ae19 by Michel Felipe de Oliveira Ferreira at 2015-08-19T09:09:13Z
Refactory to new feature that show a specific message when a user inactive try login

- - - - -
f0214e00 by Michel Felipe de Oliveira Ferreira at 2015-08-19T13:17:17Z
Changed exception class name and message to a better legibility

- - - - -
cc44859b by Michel Felipe de Oliveira Ferreira at 2015-08-21T16:18:52Z
Apply suggestions of @brauliobo. Change the scope of UserNotActive exception to User model namespace

- - - - -
d8c77643 by Bráulio Bhavamitra at 2015-08-21T19:30:58Z
Merge branch 'user_not_active_auth' into 'master'

Login - Show a message if a user is not active

This new feature shows a message if a user that is not active try login on noosfero. A Refactory was did to allow two verifications on login: if a user exists and if him was activated!

See merge request !656

- - - - -


3 changed files:

- app/controllers/public/account_controller.rb
- app/models/user.rb
- test/functional/account_controller_test.rb


Changes:

=====================================
app/controllers/public/account_controller.rb
=====================================
--- a/app/controllers/public/account_controller.rb
+++ b/app/controllers/public/account_controller.rb
@@ -46,8 +46,12 @@ class AccountController < ApplicationController
 
     self.current_user = plugins_alternative_authentication
 
-    self.current_user ||= User.authenticate(params[:user][:login], params[:user][:password], environment) if params[:user]
-
+    begin
+      self.current_user ||= User.authenticate(params[:user][:login], params[:user][:password], environment) if params[:user]
+    rescue User::UserNotActivated => e
+      session[:notice] = e.message
+      return
+    end
     if logged_in?
       check_join_in_community(self.current_user)
 


=====================================
app/models/user.rb
=====================================
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -120,11 +120,17 @@ class User < ActiveRecord::Base
 
   validates_inclusion_of :terms_accepted, :in => [ '1' ], :if => lambda { |u| ! u.terms_of_use.blank? }, :message => N_('{fn} must be checked in order to signup.').fix_i18n
 
+  scope :has_login?, lambda { |login,email,environment_id|
+    where('login = ? OR email = ?', login, email).
+    where(environment_id: environment_id)
+  }
+
   # Authenticates a user by their login name or email and unencrypted password.  Returns the user or nil.
   def self.authenticate(login, password, environment = nil)
     environment ||= Environment.default
-    u = self.first :conditions => ['(login = ? OR email = ?) AND environment_id = ? AND activated_at IS NOT NULL',
-                                   login, login, environment.id] # need to get the salt
+
+    u = self.has_login?(login, login, environment.id)
+    u = u.first if u.is_a?(ActiveRecord::Relation)
     u && u.authenticated?(password) ? u : nil
   end
 
@@ -236,7 +242,23 @@ class User < ActiveRecord::Base
     password.crypt(salt)
   end
 
+  class UserNotActivated < StandardError
+    attr_reader :user
+
+    def initialize(message, user = nil)
+      @user = user
+
+      super(message)
+    end
+  end
+
   def authenticated?(password)
+
+    unless self.activated?
+      message = _('The user "%{login}" is not activated! Please check your email to activate your user') % {login: self.login}
+      raise UserNotActivated.new(message, self)
+    end
+
     result = (crypted_password == encrypt(password))
     if (encryption_method != User.system_encryption_method) && result
       self.password_type = User.system_encryption_method.to_s
@@ -275,9 +297,15 @@ class User < ActiveRecord::Base
   #   current password.
   # * Saves the record unless it is a new one.
   def change_password!(current, new, confirmation)
-    unless self.authenticated?(current)
-      self.errors.add(:current_password, _('does not match.'))
-      raise IncorrectPassword
+
+    begin
+      unless self.authenticated?(current)
+        self.errors.add(:current_password, _('does not match.'))
+        raise IncorrectPassword
+      end
+    rescue UserNotActivated => e
+      self.errors.add(:current_password, e.message)
+      raise UserNotActivated
     end
     self.force_change_password!(new, confirmation)
   end


=====================================
test/functional/account_controller_test.rb
=====================================
--- a/test/functional/account_controller_test.rb
+++ b/test/functional/account_controller_test.rb
@@ -40,6 +40,14 @@ class AccountControllerTest < ActionController::TestCase
     post :login, :user => { :login => 'fake', :password => 'fake' }
   end
 
+  should 'fail login if a user is inactive and show a warning message' do
+    user = User.create!(login: 'testuser', email: 'test at email.com', password:'test', password_confirmation:'test', activation_code: nil)
+    post :login, :user => { :login => 'testuser', :password => 'test' }
+
+    assert_match 'not activated', session[:notice]
+    assert_nil session[:user]
+  end
+
   def test_should_fail_login_and_not_redirect
     @request.env["HTTP_REFERER"] = 'bli'
     post :login, :user => {:login => 'johndoe', :password => 'bad password'}
@@ -273,8 +281,9 @@ class AccountControllerTest < ActionController::TestCase
     assert_template 'invalid_change_password_code'
   end
 
-  should 'require password confirmation correctly to enter new pasword' do
+  should 'require password confirmation correctly to enter new password' do
     user = create_user('testuser', :email => 'testuser at example.com', :password => 'test', :password_confirmation => 'test')
+    user.activate
     change = ChangePassword.create!(:requestor => user.person)
 
     post :new_password, :code => change.code, :change_password => { :password => 'onepass', :password_confirmation => 'another_pass' }
@@ -749,6 +758,8 @@ class AccountControllerTest < ActionController::TestCase
     get :activate
     assert_nil assigns(:message)
     post :login, :user => {:login => 'testuser', :password => 'test123'}
+
+    assert_match 'not activated', session[:notice]
     assert_nil session[:user]
   end
 
@@ -758,6 +769,8 @@ class AccountControllerTest < ActionController::TestCase
     get :activate, :activation_code => 'wrongcode'
     assert_nil assigns(:message)
     post :login, :user => {:login => 'testuser', :password => 'test123'}
+
+    assert_match 'not activated', session[:notice]
     assert_nil session[:user]
   end
 



View it on GitLab: https://gitlab.com/noosfero/noosfero/compare/950a07082d85808991b63c99f0c30386af945a86...d8c77643e546e5e82306aa6756cdf9931e008cc2
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listas.softwarelivre.org/pipermail/noosfero-dev/attachments/20150821/3a845525/attachment.html>

More information about the Noosfero-dev mailing list