From dbc148b7a6d0f06e40d4906190efd809787d1d9a Mon Sep 17 00:00:00 2001 From: Junyu Wang Date: Sat, 8 Oct 2016 03:34:18 +0000 Subject: [PATCH 01/60] updated travis ci badges & iter0 doc --- README.md | 2 +- iterations/iter0.md | 18 ++++++++++++++++++ 2 files changed, 19 insertions(+), 1 deletion(-) create mode 100644 iterations/iter0.md diff --git a/README.md b/README.md index a5a0024..8d170b8 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,5 @@ - + # MVP dashboard for ProjectScope A dashboard to show project metrics such as those supported by gems like diff --git a/iterations/iter0.md b/iterations/iter0.md new file mode 100644 index 0000000..696e509 --- /dev/null +++ b/iterations/iter0.md @@ -0,0 +1,18 @@ +## Iteration 0 + +Entry video +--- +URL: https://youtu.be/0qMtzclG9Is + +Development Environment Setup Screencast +--- +Junyu Wang: https://youtu.be/pPfSiQsZm5I + +Jiacheng Wu: https://youtu.be/x8AOtKAzmaQ + +Shuotong Wu: http://youtu.be/-65Oz8VtzDw?hd=1 + +Yibing Chen: https://youtu.be/U1Z-9KzoL7c + +Jiawei Jiang: + From 79445f8ae62fbe993833a7ed773fdfac425c7259 Mon Sep 17 00:00:00 2001 From: Junyu Wang Date: Sat, 8 Oct 2016 03:46:25 +0000 Subject: [PATCH 02/60] updated code climate badge & iter0 doc --- README.md | 4 ++-- db/schema.rb | 2 +- iterations/iter0.md | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 8d170b8..32f1e89 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,5 @@ - - + + # MVP dashboard for ProjectScope A dashboard to show project metrics such as those supported by gems like diff --git a/db/schema.rb b/db/schema.rb index 1a2ae0c..1d9183a 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -30,9 +30,9 @@ t.text "encrypted_raw_data" t.datetime "created_at", null: false t.datetime "updated_at", null: false + t.string "encrypted_raw_data_iv" t.float "score" t.text "image" - t.string "encrypted_raw_data_iv" end add_index "metric_samples", ["project_id", "metric_name"], name: "index_metric_samples_on_project_id_and_metric_name" diff --git a/iterations/iter0.md b/iterations/iter0.md index 696e509..5373c54 100644 --- a/iterations/iter0.md +++ b/iterations/iter0.md @@ -14,5 +14,5 @@ Shuotong Wu: http://youtu.be/-65Oz8VtzDw?hd=1 Yibing Chen: https://youtu.be/U1Z-9KzoL7c -Jiawei Jiang: +Jiawei Jiang: https://youtu.be/ClqYbe2Ipnc From 089e1eb53a35d724de70b29e2819938f98df1a81 Mon Sep 17 00:00:00 2001 From: Junyu Wang Date: Sat, 8 Oct 2016 03:54:42 +0000 Subject: [PATCH 03/60] added pivotal tracker project url --- iterations/iter0.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/iterations/iter0.md b/iterations/iter0.md index 5373c54..2ab20b1 100644 --- a/iterations/iter0.md +++ b/iterations/iter0.md @@ -16,3 +16,7 @@ Yibing Chen: https://youtu.be/U1Z-9KzoL7c Jiawei Jiang: https://youtu.be/ClqYbe2Ipnc +Pivotal Tracker Project +--- +URL: https://www.pivotaltracker.com/n/projects/1886749 + From 703b0beea9c3e18ea5ac07a6a1522e53fb5c05d6 Mon Sep 17 00:00:00 2001 From: GamaWu Date: Fri, 14 Oct 2016 15:35:32 -0700 Subject: [PATCH 04/60] iter 1: cucumber --- features/dashboard_drag.feature | 23 ++++++++++++++++++ features/dashboard_sort.feature | 35 +++++++++++++++++++++++++++ features/login.feature | 19 +++++++++++++++ features/whitelist_management.feature | 21 ++++++++++++++++ 4 files changed, 98 insertions(+) create mode 100644 features/dashboard_drag.feature create mode 100644 features/dashboard_sort.feature create mode 100644 features/login.feature create mode 100644 features/whitelist_management.feature diff --git a/features/dashboard_drag.feature b/features/dashboard_drag.feature new file mode 100644 index 0000000..7da6d03 --- /dev/null +++ b/features/dashboard_drag.feature @@ -0,0 +1,23 @@ +Feature: sort projects by metrics + As a coach or admin on the dashboard page + So that I can drag projects in table + +Background: projects in database + + Given the following projects exist: + | project name | code_climate | github | slack | pivotal tracker | + | project scope | 1 | 10 | 6 | 8 | + | city dog | 2 | 9 | 3 | 5 | + | esential | 3 | 7 | 1 | 9 | + | faludi design | 5 | 8 | 10 | 4 | + | oram | 4 | 6 | 9 | 10 | + + Scenario: drag upwards + Given I am on the dashboard page + And I drag oram before city dog + Then I should see oram before city dog + + Scenario: drag downwards + Given I am on the dashboard page + And I drag project scope after faludi design + Then I should see project scope after faludi design \ No newline at end of file diff --git a/features/dashboard_sort.feature b/features/dashboard_sort.feature new file mode 100644 index 0000000..bce28f2 --- /dev/null +++ b/features/dashboard_sort.feature @@ -0,0 +1,35 @@ +Feature: sort projects by metrics + As a coach or admin on the dashboard page + So that I can sort the projects by different metrics + +Background: projects in database + + Given the following projects exist: + | project name | code_climate | github | slack | pivotal tracker | + | project scope | 1 | 10 | 6 | 8 | + | city dog | 2 | 9 | 3 | 5 | + | esential | 3 | 7 | 1 | 9 | + | faludi design | 5 | 8 | 10 | 4 | + | oram | 4 | 6 | 9 | 10 | + + Scenario: sort by code_climate + Given I am on the dashboard page + And I sort projects by code_climate + Then projects should be sorted by code_climate + + Scenario: sort by github + Given I am on the dashboard page + And I sort projects by github + Then projects should be sorted by github + + Scenario: sort by slack + Given I am on the dashboard page + And I sort projects by slack + Then projects should be sorted by slack + + Scenario: sort by pivotal tracker + Given I am on the dashboard page + And I sort projects by pivotal tracker + Then projects should be sorted by pivotal tracker + + diff --git a/features/login.feature b/features/login.feature new file mode 100644 index 0000000..e6f336c --- /dev/null +++ b/features/login.feature @@ -0,0 +1,19 @@ +Feature: login + Scenario: authrozied admin login + Given I am on the login page + And I fill in authroized credentials as admin + Then I should be on the dashboard page + And I should see whitelist management + + Scenario: authrozied coach login + Given I am on the login page + And I fill in authroized credentials as coach + Then I should be on the dashboard page + And I should not see whitelist management + + Scenario: unauthrozied user login + Given I am on the login page + And I fill in unauthroized credentials + Then I should not be on the dashboard page + And I should be on the login page + And I should see "You are not authroized." diff --git a/features/whitelist_management.feature b/features/whitelist_management.feature new file mode 100644 index 0000000..ee192cd --- /dev/null +++ b/features/whitelist_management.feature @@ -0,0 +1,21 @@ +Feature: manage whitelist + As an admin + So that I can add or drop people from whitelist + Given the following account exist in whitelist: + | Github Account | + | cyb | + | junyu Wang | + + Scenario: add people to whitelist + Given I am logged in as an admin + And I click whitelist managment + And whitelist has the following entries: + When I add "shuotong" to whitelist + Then I should see "shuotong" in whitelist + + Scenario: drop people from whitelist + Given I am logged in as an admin + And I click whitelist managment + And whitelist has the following entries: + When I drop "cyb" from whitelist + Then I should not see "cyb" in whitelist \ No newline at end of file From ac82d6f91c1e70b661de951b48f8ff758b3ed64f Mon Sep 17 00:00:00 2001 From: DrakeW Date: Sat, 15 Oct 2016 00:18:10 -0700 Subject: [PATCH 05/60] added status of both main repo and forked repo to readme --- README.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/README.md b/README.md index 34d8e13..cb79177 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,13 @@ +Main Repo Status: + + + + +CS169 Group Forked Repo Status: + + # MVP dashboard for ProjectScope A dashboard to show project metrics such as those supported by gems like From a3ada8b0c0dc47623ee4841baefe039f25309229 Mon Sep 17 00:00:00 2001 From: DrakeW Date: Sat, 15 Oct 2016 02:15:48 -0700 Subject: [PATCH 06/60] added heroku staging url --- iterations/iter0.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/iterations/iter0.md b/iterations/iter0.md index 2ab20b1..07f8e13 100644 --- a/iterations/iter0.md +++ b/iterations/iter0.md @@ -20,3 +20,7 @@ Pivotal Tracker Project --- URL: https://www.pivotaltracker.com/n/projects/1886749 +Heroku +--- +URL: https://projectscope-cs169-junyu.herokuapp.com/ + From acad4666fb125c6fb4e2e303fcc4c9d3923fe96d Mon Sep 17 00:00:00 2001 From: DrakeW Date: Wed, 19 Oct 2016 18:52:19 -0700 Subject: [PATCH 07/60] added github login functionality --- Gemfile | 3 + Gemfile.lock | 37 ++- app/controllers/projects_controller.rb | 5 +- .../users/confirmations_controller.rb | 28 ++ .../users/omniauth_callbacks_controller.rb | 33 +++ app/controllers/users/passwords_controller.rb | 32 ++ .../users/registrations_controller.rb | 60 ++++ app/controllers/users/sessions_controller.rb | 25 ++ app/controllers/users/unlocks_controller.rb | 28 ++ app/models/user.rb | 15 + app/views/devise/confirmations/new.html.erb | 16 + .../mailer/confirmation_instructions.html.erb | 5 + .../devise/mailer/password_change.html.erb | 3 + .../reset_password_instructions.html.erb | 8 + .../mailer/unlock_instructions.html.erb | 7 + app/views/devise/passwords/edit.html.erb | 25 ++ app/views/devise/passwords/new.html.erb | 16 + app/views/devise/registrations/edit.html.erb | 43 +++ app/views/devise/registrations/new.html.erb | 29 ++ app/views/devise/sessions/new.html.erb | 27 ++ app/views/devise/shared/_links.html.erb | 25 ++ app/views/devise/unlocks/new.html.erb | 16 + app/views/layouts/application.html.erb | 6 +- config/application.yml.asc | 22 +- config/environments/development.rb | 4 + config/initializers/devise.rb | 277 ++++++++++++++++++ config/locales/devise.en.yml | 62 ++++ config/routes.rb | 1 + .../20161019233104_devise_create_users.rb | 42 +++ .../20161019234426_add_omniauth_to_users.rb | 6 + db/schema.rb | 22 +- 31 files changed, 916 insertions(+), 12 deletions(-) create mode 100644 app/controllers/users/confirmations_controller.rb create mode 100644 app/controllers/users/omniauth_callbacks_controller.rb create mode 100644 app/controllers/users/passwords_controller.rb create mode 100644 app/controllers/users/registrations_controller.rb create mode 100644 app/controllers/users/sessions_controller.rb create mode 100644 app/controllers/users/unlocks_controller.rb create mode 100644 app/models/user.rb create mode 100644 app/views/devise/confirmations/new.html.erb create mode 100644 app/views/devise/mailer/confirmation_instructions.html.erb create mode 100644 app/views/devise/mailer/password_change.html.erb create mode 100644 app/views/devise/mailer/reset_password_instructions.html.erb create mode 100644 app/views/devise/mailer/unlock_instructions.html.erb create mode 100644 app/views/devise/passwords/edit.html.erb create mode 100644 app/views/devise/passwords/new.html.erb create mode 100644 app/views/devise/registrations/edit.html.erb create mode 100644 app/views/devise/registrations/new.html.erb create mode 100644 app/views/devise/sessions/new.html.erb create mode 100644 app/views/devise/shared/_links.html.erb create mode 100644 app/views/devise/unlocks/new.html.erb create mode 100644 config/initializers/devise.rb create mode 100644 config/locales/devise.en.yml create mode 100644 db/migrate/20161019233104_devise_create_users.rb create mode 100644 db/migrate/20161019234426_add_omniauth_to_users.rb diff --git a/Gemfile b/Gemfile index 5369951..3bd5a23 100644 --- a/Gemfile +++ b/Gemfile @@ -46,6 +46,9 @@ gem 'sdoc', '~> 0.4.0', group: :doc # Use Capistrano for deployment # gem 'capistrano-rails', group: :development +gem 'devise' +gem 'omniauth-github', :git => 'git@github.com:intridea/omniauth-github.git' + group :development, :test do gem 'sqlite3' # Call 'byebug' anywhere in the code to stop execution and get a debugger console diff --git a/Gemfile.lock b/Gemfile.lock index 1002592..3bfa874 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,3 +1,11 @@ +GIT + remote: git@github.com:intridea/omniauth-github.git + revision: 45f2fc73d6d06f30863adac0e6aa112bcaaadf67 + specs: + omniauth-github (1.1.2) + omniauth (~> 1.0) + omniauth-oauth2 (>= 1.1.1, < 2.0) + GIT remote: https://github.com/AgileVentures/ProjectMetrics/ revision: 8ddb909abe2396cb2b9f454aa35821a5d1a6ff9c @@ -87,6 +95,7 @@ GEM descendants_tracker (~> 0.0.4) ice_nine (~> 0.11.0) thread_safe (~> 0.3, >= 0.3.1) + bcrypt (3.1.11) binding_of_caller (0.7.2) debug_inspector (>= 0.0.1) builder (3.2.2) @@ -136,6 +145,12 @@ GEM uber (>= 0.0.15) descendants_tracker (0.0.4) thread_safe (~> 0.3, >= 0.3.1) + devise (4.2.0) + bcrypt (~> 3.0) + orm_adapter (~> 0.1) + railties (>= 4.1.0, < 5.1) + responders + warden (~> 1.2.3) diff-lcs (1.2.5) docile (1.1.5) dotenv (2.1.1) @@ -178,6 +193,7 @@ GEM railties (>= 4.2.0) thor (>= 0.14, < 2.0) json (1.8.3) + jwt (1.5.6) launchy (2.4.3) addressable (~> 2.3) loofah (2.0.3) @@ -196,8 +212,21 @@ GEM nokogiri (1.6.8) mini_portile2 (~> 2.1.0) pkg-config (~> 1.1.7) + oauth2 (1.2.0) + faraday (>= 0.8, < 0.10) + jwt (~> 1.0) + multi_json (~> 1.3) + multi_xml (~> 0.5) + rack (>= 1.2, < 3) octokit (4.3.0) sawyer (~> 0.7.0, >= 0.5.3) + omniauth (1.3.1) + hashie (>= 1.2, < 4) + rack (>= 1.0, < 3) + omniauth-oauth2 (1.4.0) + oauth2 (~> 1.0) + omniauth (~> 1.2) + orm_adapter (0.5.0) pg (0.18.4) phantomjs (2.1.1.0) pkg-config (1.1.7) @@ -246,6 +275,8 @@ GEM representable (3.0.0) declarative (~> 0.0.5) uber (~> 0.0.15) + responders (2.3.0) + railties (>= 4.2.0, < 5.1) rspec-core (3.5.3) rspec-support (~> 3.5.0) rspec-expectations (3.5.0) @@ -324,6 +355,8 @@ GEM coercible (~> 1.0) descendants_tracker (~> 0.0, >= 0.0.3) equalizer (~> 0.0, >= 0.0.9) + warden (1.2.6) + rack (>= 1.0) web-console (2.3.0) activemodel (>= 4.0) binding_of_caller (>= 0.7.2) @@ -349,6 +382,7 @@ DEPENDENCIES cucumber-rails cucumber-rails-training-wheels database_cleaner + devise dotenv-rails factory_girl_rails figaro @@ -356,6 +390,7 @@ DEPENDENCIES jbuilder (~> 2.0) jquery-rails launchy + omniauth-github! pg phantomjs poltergeist @@ -384,4 +419,4 @@ RUBY VERSION ruby 2.3.1p112 BUNDLED WITH - 1.12.5 + 1.13.3 diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb index 43fb48b..992df8c 100644 --- a/app/controllers/projects_controller.rb +++ b/app/controllers/projects_controller.rb @@ -1,11 +1,14 @@ class ProjectsController < ApplicationController before_action :set_project, only: [:show, :edit, :update, :destroy] - http_basic_authenticate_with name: "cs169", password: ENV['PROJECTSCOPE_PASSWORD'] + # http_basic_authenticate_with name: "cs169", password: ENV['PROJECTSCOPE_PASSWORD'] # GET /projects # GET /projects.json def index + if current_user.nil? + redirect_to new_user_session_path + end @projects = Project.all @metric_names = ProjectMetrics.metric_names end diff --git a/app/controllers/users/confirmations_controller.rb b/app/controllers/users/confirmations_controller.rb new file mode 100644 index 0000000..1126e23 --- /dev/null +++ b/app/controllers/users/confirmations_controller.rb @@ -0,0 +1,28 @@ +class Users::ConfirmationsController < Devise::ConfirmationsController + # GET /resource/confirmation/new + # def new + # super + # end + + # POST /resource/confirmation + # def create + # super + # end + + # GET /resource/confirmation?confirmation_token=abcdef + # def show + # super + # end + + # protected + + # The path used after resending confirmation instructions. + # def after_resending_confirmation_instructions_path_for(resource_name) + # super(resource_name) + # end + + # The path used after confirmation. + # def after_confirmation_path_for(resource_name, resource) + # super(resource_name, resource) + # end +end diff --git a/app/controllers/users/omniauth_callbacks_controller.rb b/app/controllers/users/omniauth_callbacks_controller.rb new file mode 100644 index 0000000..cad93af --- /dev/null +++ b/app/controllers/users/omniauth_callbacks_controller.rb @@ -0,0 +1,33 @@ +class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController + # You should configure your model like this: + # devise :omniauthable, omniauth_providers: [:twitter] + + # You should also create an action method in this controller like this: + # def twitter + # end + + # More info at: + # https://github.com/plataformatec/devise#omniauth + + # GET|POST /resource/auth/twitter + # def passthru + # super + # end + + # GET|POST /users/auth/twitter/callback + # def failure + # super + # end + + # protected + + # The path used when OmniAuth fails + # def after_omniauth_failure_path_for(scope) + # super(scope) + # end + + def github + @user = User.from_omniauth(request.env["omniauth.auth"]) + sign_in_and_redirect @user + end +end diff --git a/app/controllers/users/passwords_controller.rb b/app/controllers/users/passwords_controller.rb new file mode 100644 index 0000000..53cc34e --- /dev/null +++ b/app/controllers/users/passwords_controller.rb @@ -0,0 +1,32 @@ +class Users::PasswordsController < Devise::PasswordsController + # GET /resource/password/new + # def new + # super + # end + + # POST /resource/password + # def create + # super + # end + + # GET /resource/password/edit?reset_password_token=abcdef + # def edit + # super + # end + + # PUT /resource/password + # def update + # super + # end + + # protected + + # def after_resetting_password_path_for(resource) + # super(resource) + # end + + # The path used after sending reset password instructions + # def after_sending_reset_password_instructions_path_for(resource_name) + # super(resource_name) + # end +end diff --git a/app/controllers/users/registrations_controller.rb b/app/controllers/users/registrations_controller.rb new file mode 100644 index 0000000..a6c8824 --- /dev/null +++ b/app/controllers/users/registrations_controller.rb @@ -0,0 +1,60 @@ +class Users::RegistrationsController < Devise::RegistrationsController +# before_action :configure_sign_up_params, only: [:create] +# before_action :configure_account_update_params, only: [:update] + + # GET /resource/sign_up + # def new + # super + # end + + # POST /resource + # def create + # super + # end + + # GET /resource/edit + # def edit + # super + # end + + # PUT /resource + # def update + # super + # end + + # DELETE /resource + # def destroy + # super + # end + + # GET /resource/cancel + # Forces the session data which is usually expired after sign + # in to be expired now. This is useful if the user wants to + # cancel oauth signing in/up in the middle of the process, + # removing all OAuth session data. + # def cancel + # super + # end + + # protected + + # If you have extra params to permit, append them to the sanitizer. + # def configure_sign_up_params + # devise_parameter_sanitizer.permit(:sign_up, keys: [:attribute]) + # end + + # If you have extra params to permit, append them to the sanitizer. + # def configure_account_update_params + # devise_parameter_sanitizer.permit(:account_update, keys: [:attribute]) + # end + + # The path used after sign up. + # def after_sign_up_path_for(resource) + # super(resource) + # end + + # The path used after sign up for inactive accounts. + # def after_inactive_sign_up_path_for(resource) + # super(resource) + # end +end diff --git a/app/controllers/users/sessions_controller.rb b/app/controllers/users/sessions_controller.rb new file mode 100644 index 0000000..753ab7a --- /dev/null +++ b/app/controllers/users/sessions_controller.rb @@ -0,0 +1,25 @@ +class Users::SessionsController < Devise::SessionsController +# before_action :configure_sign_in_params, only: [:create] + + # GET /resource/sign_in + # def new + # super + # end + + # POST /resource/sign_in + # def create + # super + # end + + # DELETE /resource/sign_out + # def destroy + # super + # end + + # protected + + # If you have extra params to permit, append them to the sanitizer. + # def configure_sign_in_params + # devise_parameter_sanitizer.permit(:sign_in, keys: [:attribute]) + # end +end diff --git a/app/controllers/users/unlocks_controller.rb b/app/controllers/users/unlocks_controller.rb new file mode 100644 index 0000000..8b9ef86 --- /dev/null +++ b/app/controllers/users/unlocks_controller.rb @@ -0,0 +1,28 @@ +class Users::UnlocksController < Devise::UnlocksController + # GET /resource/unlock/new + # def new + # super + # end + + # POST /resource/unlock + # def create + # super + # end + + # GET /resource/unlock?unlock_token=abcdef + # def show + # super + # end + + # protected + + # The path used after sending unlock password instructions + # def after_sending_unlock_instructions_path_for(resource) + # super(resource) + # end + + # The path used after unlocking the resource + # def after_unlock_path_for(resource) + # super(resource) + # end +end diff --git a/app/models/user.rb b/app/models/user.rb new file mode 100644 index 0000000..4b30c85 --- /dev/null +++ b/app/models/user.rb @@ -0,0 +1,15 @@ +class User < ActiveRecord::Base + # Include default devise modules. Others available are: + # :confirmable, :lockable, :timeoutable and :omniauthable + devise :database_authenticatable, :registerable, + :recoverable, :rememberable, :trackable, :validatable, :omniauthable, :omniauth_providers => [:github] + + def self.from_omniauth(auth) + User.where(provider: auth.provider, uid: auth.uid).first_or_create do |user| + user.provider = auth.provider + user.uid = auth.uid + user.email = auth.extra.raw_info.email + user.password = Devise.friendly_token[0,20] + end + end +end diff --git a/app/views/devise/confirmations/new.html.erb b/app/views/devise/confirmations/new.html.erb new file mode 100644 index 0000000..2dc668f --- /dev/null +++ b/app/views/devise/confirmations/new.html.erb @@ -0,0 +1,16 @@ +

Resend confirmation instructions

+ +<%= form_for(resource, as: resource_name, url: confirmation_path(resource_name), html: { method: :post }) do |f| %> + <%= devise_error_messages! %> + +
+ <%= f.label :email %>
+ <%= f.email_field :email, autofocus: true, value: (resource.pending_reconfirmation? ? resource.unconfirmed_email : resource.email) %> +
+ +
+ <%= f.submit "Resend confirmation instructions" %> +
+<% end %> + +<%= render "devise/shared/links" %> diff --git a/app/views/devise/mailer/confirmation_instructions.html.erb b/app/views/devise/mailer/confirmation_instructions.html.erb new file mode 100644 index 0000000..dc55f64 --- /dev/null +++ b/app/views/devise/mailer/confirmation_instructions.html.erb @@ -0,0 +1,5 @@ +

Welcome <%= @email %>!

+ +

You can confirm your account email through the link below:

+ +

<%= link_to 'Confirm my account', confirmation_url(@resource, confirmation_token: @token) %>

diff --git a/app/views/devise/mailer/password_change.html.erb b/app/views/devise/mailer/password_change.html.erb new file mode 100644 index 0000000..b41daf4 --- /dev/null +++ b/app/views/devise/mailer/password_change.html.erb @@ -0,0 +1,3 @@ +

Hello <%= @resource.email %>!

+ +

We're contacting you to notify you that your password has been changed.

diff --git a/app/views/devise/mailer/reset_password_instructions.html.erb b/app/views/devise/mailer/reset_password_instructions.html.erb new file mode 100644 index 0000000..f667dc1 --- /dev/null +++ b/app/views/devise/mailer/reset_password_instructions.html.erb @@ -0,0 +1,8 @@ +

Hello <%= @resource.email %>!

+ +

Someone has requested a link to change your password. You can do this through the link below.

+ +

<%= link_to 'Change my password', edit_password_url(@resource, reset_password_token: @token) %>

+ +

If you didn't request this, please ignore this email.

+

Your password won't change until you access the link above and create a new one.

diff --git a/app/views/devise/mailer/unlock_instructions.html.erb b/app/views/devise/mailer/unlock_instructions.html.erb new file mode 100644 index 0000000..41e148b --- /dev/null +++ b/app/views/devise/mailer/unlock_instructions.html.erb @@ -0,0 +1,7 @@ +

Hello <%= @resource.email %>!

+ +

Your account has been locked due to an excessive number of unsuccessful sign in attempts.

+ +

Click the link below to unlock your account:

+ +

<%= link_to 'Unlock my account', unlock_url(@resource, unlock_token: @token) %>

diff --git a/app/views/devise/passwords/edit.html.erb b/app/views/devise/passwords/edit.html.erb new file mode 100644 index 0000000..6a796b0 --- /dev/null +++ b/app/views/devise/passwords/edit.html.erb @@ -0,0 +1,25 @@ +

Change your password

+ +<%= form_for(resource, as: resource_name, url: password_path(resource_name), html: { method: :put }) do |f| %> + <%= devise_error_messages! %> + <%= f.hidden_field :reset_password_token %> + +
+ <%= f.label :password, "New password" %>
+ <% if @minimum_password_length %> + (<%= @minimum_password_length %> characters minimum)
+ <% end %> + <%= f.password_field :password, autofocus: true, autocomplete: "off" %> +
+ +
+ <%= f.label :password_confirmation, "Confirm new password" %>
+ <%= f.password_field :password_confirmation, autocomplete: "off" %> +
+ +
+ <%= f.submit "Change my password" %> +
+<% end %> + +<%= render "devise/shared/links" %> diff --git a/app/views/devise/passwords/new.html.erb b/app/views/devise/passwords/new.html.erb new file mode 100644 index 0000000..3d6d11a --- /dev/null +++ b/app/views/devise/passwords/new.html.erb @@ -0,0 +1,16 @@ +

Forgot your password?

+ +<%= form_for(resource, as: resource_name, url: password_path(resource_name), html: { method: :post }) do |f| %> + <%= devise_error_messages! %> + +
+ <%= f.label :email %>
+ <%= f.email_field :email, autofocus: true %> +
+ +
+ <%= f.submit "Send me reset password instructions" %> +
+<% end %> + +<%= render "devise/shared/links" %> diff --git a/app/views/devise/registrations/edit.html.erb b/app/views/devise/registrations/edit.html.erb new file mode 100644 index 0000000..1e66f3d --- /dev/null +++ b/app/views/devise/registrations/edit.html.erb @@ -0,0 +1,43 @@ +

Edit <%= resource_name.to_s.humanize %>

+ +<%= form_for(resource, as: resource_name, url: registration_path(resource_name), html: { method: :put }) do |f| %> + <%= devise_error_messages! %> + +
+ <%= f.label :email %>
+ <%= f.email_field :email, autofocus: true %> +
+ + <% if devise_mapping.confirmable? && resource.pending_reconfirmation? %> +
Currently waiting confirmation for: <%= resource.unconfirmed_email %>
+ <% end %> + +
+ <%= f.label :password %> (leave blank if you don't want to change it)
+ <%= f.password_field :password, autocomplete: "off" %> + <% if @minimum_password_length %> +
+ <%= @minimum_password_length %> characters minimum + <% end %> +
+ +
+ <%= f.label :password_confirmation %>
+ <%= f.password_field :password_confirmation, autocomplete: "off" %> +
+ +
+ <%= f.label :current_password %> (we need your current password to confirm your changes)
+ <%= f.password_field :current_password, autocomplete: "off" %> +
+ +
+ <%= f.submit "Update" %> +
+<% end %> + +

Cancel my account

+ +

Unhappy? <%= button_to "Cancel my account", registration_path(resource_name), data: { confirm: "Are you sure?" }, method: :delete %>

+ +<%= link_to "Back", :back %> diff --git a/app/views/devise/registrations/new.html.erb b/app/views/devise/registrations/new.html.erb new file mode 100644 index 0000000..2f38efb --- /dev/null +++ b/app/views/devise/registrations/new.html.erb @@ -0,0 +1,29 @@ +

Sign up

+ +<%= form_for(resource, as: resource_name, url: registration_path(resource_name)) do |f| %> + <%= devise_error_messages! %> + + +<% end %> + +<%= render "devise/shared/links" %> diff --git a/app/views/devise/sessions/new.html.erb b/app/views/devise/sessions/new.html.erb new file mode 100644 index 0000000..0e196eb --- /dev/null +++ b/app/views/devise/sessions/new.html.erb @@ -0,0 +1,27 @@ +

Log in

+ +<%= form_for(resource, as: resource_name, url: session_path(resource_name)) do |f| %> + + <%= link_to "Sign in with GitHub", user_github_omniauth_authorize_path %> +<% end %> + +<%= render "devise/shared/links" %> diff --git a/app/views/devise/shared/_links.html.erb b/app/views/devise/shared/_links.html.erb new file mode 100644 index 0000000..e6a3e41 --- /dev/null +++ b/app/views/devise/shared/_links.html.erb @@ -0,0 +1,25 @@ +<%- if controller_name != 'sessions' %> + <%= link_to "Log in", new_session_path(resource_name) %>
+<% end -%> + +<%- if devise_mapping.registerable? && controller_name != 'registrations' %> + <%= link_to "Sign up", new_registration_path(resource_name) %>
+<% end -%> + +<%- if devise_mapping.recoverable? && controller_name != 'passwords' && controller_name != 'registrations' %> + <%= link_to "Forgot your password?", new_password_path(resource_name) %>
+<% end -%> + +<%- if devise_mapping.confirmable? && controller_name != 'confirmations' %> + <%= link_to "Didn't receive confirmation instructions?", new_confirmation_path(resource_name) %>
+<% end -%> + +<%- if devise_mapping.lockable? && resource_class.unlock_strategy_enabled?(:email) && controller_name != 'unlocks' %> + <%= link_to "Didn't receive unlock instructions?", new_unlock_path(resource_name) %>
+<% end -%> + +<%- if devise_mapping.omniauthable? %> + <%- resource_class.omniauth_providers.each do |provider| %> + <%= link_to "Sign in with #{OmniAuth::Utils.camelize(provider)}", omniauth_authorize_path(resource_name, provider) %>
+ <% end -%> +<% end -%> diff --git a/app/views/devise/unlocks/new.html.erb b/app/views/devise/unlocks/new.html.erb new file mode 100644 index 0000000..16586bc --- /dev/null +++ b/app/views/devise/unlocks/new.html.erb @@ -0,0 +1,16 @@ +

Resend unlock instructions

+ +<%= form_for(resource, as: resource_name, url: unlock_path(resource_name), html: { method: :post }) do |f| %> + <%= devise_error_messages! %> + +
+ <%= f.label :email %>
+ <%= f.email_field :email, autofocus: true %> +
+ +
+ <%= f.submit "Resend unlock instructions" %> +
+<% end %> + +<%= render "devise/shared/links" %> diff --git a/app/views/layouts/application.html.erb b/app/views/layouts/application.html.erb index c4d63a5..ffd0670 100644 --- a/app/views/layouts/application.html.erb +++ b/app/views/layouts/application.html.erb @@ -7,8 +7,8 @@ <%= csrf_meta_tags %> - -<%= yield %> - +

<%= notice %>

+

<%= alert %>

+ <%= yield %> diff --git a/config/application.yml.asc b/config/application.yml.asc index de3dbe0..8a2ec24 100644 --- a/config/application.yml.asc +++ b/config/application.yml.asc @@ -1,9 +1,19 @@ -----BEGIN PGP MESSAGE----- +Version: GnuPG v2 -jA0EBwMCxdph80I4HQhg0sABAYK4UG1AnL3wy0TvTiV8hcrNZkUxH/eRGvGNZvMP -TZr/eOuFMUVnOU94162lvh13TJCHtThD5/sP/VgFHwYlqwKWFpy7S0X5qm7viwKk -9mtxAxRi9WMCs7BE69oOMXmInKsEHP9AInDY6UjqWDL1rD1/p49wsoueZcDsjuv+ -ctdnavNKlDG8kUsvpw4AHwRYjpFsX8ceI6eHEM9xiHwKfWxEIBRTuN7P2JH65atI -hvoiulsTJ//B/KjDcdlLhHV+Kg== -=miLo +hQEMA7YaI9ARhVG0AQgAkFVVcwv2MBzWNZlm9sE7Sq8H3KQAHLzsMJXa1YC5AmUa +BIPiN12JFNnIJLfT5cdJHWBuVERXjWYx9HrtfUKWoxVYd7yhJ1ZRAeqW+Qb5ldJe +WZigKBHNlNkOAIn/BCqlkHdJ6gw4Y6zRHIKQzYB4dkknvnQNL7iFwdcdHjh8vLoY +dmRxNCd1n1ZURxnOlh0sp5xwt67lSfm2m1yLh23F26VTe1/Uon2ofI8nPK4X+tUs +yJMeZjgy03uL00Hiqecbr+6Lk89ndnMLXZlXXydA0p9kCpup172RmWamBz98vv6f +Xcm6bv6E7LT37xEsRFmmfBJ0vEBtPDmO23AmgAGMrIwuBAMDAt7rD+rPcZND4CBw +CIvHQX5/+d86NhTjQxRnfaFK8FL1jKRplt+YpKjGQ9LAjAFM2kSVDfWmH5EKaat0 +eoEyFwknnJkSUb/Tz/kyg+U8KT3w7DXFSsTMyYFhNbi9dQkJ9TYq0CBizZYbodqn +nO6chNEIFPdwAxps4syctm3hl8snm5aCfdrpIOVn6vlsjmfirCmEemk0YUOzXpqI +hUVyLNH0jmjVRCBCxvZSpJ5Lw5qvp9tLAoBGMVU96fPF16BcJBR0/CDIq53npzH1 +twfREWNBeRmfSMw6qaUcGtiU5ntDFsBRA9STOyPArY00OoG0X1ipA0dlqvTs2E9T +Q5psh0PyhmihikoZa9kRFoPA3FyYXxg5ZJ/bNWsHEfO/lm0n1/N+E4tUU8G3gxYn +PeeE2sVOvH/+Fhloi1wCnLJJPC/Wause84Vo8F/iDegdHnb6UjQuM929Q+G0NIvA +RYIkGZD5fXsPBiI27FlQtkEN7iHCbIL4mF6iT5Fr +=f2MO -----END PGP MESSAGE----- diff --git a/config/environments/development.rb b/config/environments/development.rb index 9f4577a..1b8be30 100644 --- a/config/environments/development.rb +++ b/config/environments/development.rb @@ -40,4 +40,8 @@ # config.action_view.raise_on_missing_translations = true ENV['attr_encrypted_key'] = '123456789012345678901234567890123456789012345678901234567890' + + # set up according to devise instruction + config.action_mailer.default_url_options = { host: 'localhost', port: 3000 } + end diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb new file mode 100644 index 0000000..1ef8f5e --- /dev/null +++ b/config/initializers/devise.rb @@ -0,0 +1,277 @@ +# Use this hook to configure devise mailer, warden hooks and so forth. +# Many of these configuration options can be set straight in your model. +Devise.setup do |config| + # The secret key used by Devise. Devise uses this key to generate + # random tokens. Changing this key will render invalid all existing + # confirmation, reset password and unlock tokens in the database. + # Devise will use the `secret_key_base` as its `secret_key` + # by default. You can change it below and use your own secret key. + # config.secret_key = 'ee99d8f0b73c44ec8c3471149638794ac1fff4aa5cfc2aa53e09652c0fece199e121779597a4ff7eb66863156a8d147a96557002bf65c01a57c15b0fe401d2e1' + + # ==> Mailer Configuration + # Configure the e-mail address which will be shown in Devise::Mailer, + # note that it will be overwritten if you use your own mailer class + # with default "from" parameter. + config.mailer_sender = 'please-change-me-at-config-initializers-devise@example.com' + + # Configure the class responsible to send e-mails. + # config.mailer = 'Devise::Mailer' + + # Configure the parent class responsible to send e-mails. + # config.parent_mailer = 'ActionMailer::Base' + + # ==> ORM configuration + # Load and configure the ORM. Supports :active_record (default) and + # :mongoid (bson_ext recommended) by default. Other ORMs may be + # available as additional gems. + require 'devise/orm/active_record' + + # ==> Configuration for any authentication mechanism + # Configure which keys are used when authenticating a user. The default is + # just :email. You can configure it to use [:username, :subdomain], so for + # authenticating a user, both parameters are required. Remember that those + # parameters are used only when authenticating and not when retrieving from + # session. If you need permissions, you should implement that in a before filter. + # You can also supply a hash where the value is a boolean determining whether + # or not authentication should be aborted when the value is not present. + # config.authentication_keys = [:email] + + # Configure parameters from the request object used for authentication. Each entry + # given should be a request method and it will automatically be passed to the + # find_for_authentication method and considered in your model lookup. For instance, + # if you set :request_keys to [:subdomain], :subdomain will be used on authentication. + # The same considerations mentioned for authentication_keys also apply to request_keys. + # config.request_keys = [] + + # Configure which authentication keys should be case-insensitive. + # These keys will be downcased upon creating or modifying a user and when used + # to authenticate or find a user. Default is :email. + config.case_insensitive_keys = [:email] + + # Configure which authentication keys should have whitespace stripped. + # These keys will have whitespace before and after removed upon creating or + # modifying a user and when used to authenticate or find a user. Default is :email. + config.strip_whitespace_keys = [:email] + + # Tell if authentication through request.params is enabled. True by default. + # It can be set to an array that will enable params authentication only for the + # given strategies, for example, `config.params_authenticatable = [:database]` will + # enable it only for database (email + password) authentication. + # config.params_authenticatable = true + + # Tell if authentication through HTTP Auth is enabled. False by default. + # It can be set to an array that will enable http authentication only for the + # given strategies, for example, `config.http_authenticatable = [:database]` will + # enable it only for database authentication. The supported strategies are: + # :database = Support basic authentication with authentication key + password + # config.http_authenticatable = false + + # If 401 status code should be returned for AJAX requests. True by default. + # config.http_authenticatable_on_xhr = true + + # The realm used in Http Basic Authentication. 'Application' by default. + # config.http_authentication_realm = 'Application' + + # It will change confirmation, password recovery and other workflows + # to behave the same regardless if the e-mail provided was right or wrong. + # Does not affect registerable. + # config.paranoid = true + + # By default Devise will store the user in session. You can skip storage for + # particular strategies by setting this option. + # Notice that if you are skipping storage for all authentication paths, you + # may want to disable generating routes to Devise's sessions controller by + # passing skip: :sessions to `devise_for` in your config/routes.rb + config.skip_session_storage = [:http_auth] + + # By default, Devise cleans up the CSRF token on authentication to + # avoid CSRF token fixation attacks. This means that, when using AJAX + # requests for sign in and sign up, you need to get a new CSRF token + # from the server. You can disable this option at your own risk. + # config.clean_up_csrf_token_on_authentication = true + + # When false, Devise will not attempt to reload routes on eager load. + # This can reduce the time taken to boot the app but if your application + # requires the Devise mappings to be loaded during boot time the application + # won't boot properly. + # config.reload_routes = true + + # ==> Configuration for :database_authenticatable + # For bcrypt, this is the cost for hashing the password and defaults to 11. If + # using other algorithms, it sets how many times you want the password to be hashed. + # + # Limiting the stretches to just one in testing will increase the performance of + # your test suite dramatically. However, it is STRONGLY RECOMMENDED to not use + # a value less than 10 in other environments. Note that, for bcrypt (the default + # algorithm), the cost increases exponentially with the number of stretches (e.g. + # a value of 20 is already extremely slow: approx. 60 seconds for 1 calculation). + config.stretches = Rails.env.test? ? 1 : 11 + + # Set up a pepper to generate the hashed password. + # config.pepper = '642386cf3cd7fc653bbef7cfe38c2e49c5a55689fcfa7966dfeaa50905e109ab33f90840305a257eb286148acba7025ac024041a32a61b7df8a312cd5623f5d2' + + # Send a notification email when the user's password is changed + # config.send_password_change_notification = false + + # ==> Configuration for :confirmable + # A period that the user is allowed to access the website even without + # confirming their account. For instance, if set to 2.days, the user will be + # able to access the website for two days without confirming their account, + # access will be blocked just in the third day. Default is 0.days, meaning + # the user cannot access the website without confirming their account. + # config.allow_unconfirmed_access_for = 2.days + + # A period that the user is allowed to confirm their account before their + # token becomes invalid. For example, if set to 3.days, the user can confirm + # their account within 3 days after the mail was sent, but on the fourth day + # their account can't be confirmed with the token any more. + # Default is nil, meaning there is no restriction on how long a user can take + # before confirming their account. + # config.confirm_within = 3.days + + # If true, requires any email changes to be confirmed (exactly the same way as + # initial account confirmation) to be applied. Requires additional unconfirmed_email + # db field (see migrations). Until confirmed, new email is stored in + # unconfirmed_email column, and copied to email column on successful confirmation. + config.reconfirmable = true + + # Defines which key will be used when confirming an account + # config.confirmation_keys = [:email] + + # ==> Configuration for :rememberable + # The time the user will be remembered without asking for credentials again. + # config.remember_for = 2.weeks + + # Invalidates all the remember me tokens when the user signs out. + config.expire_all_remember_me_on_sign_out = true + + # If true, extends the user's remember period when remembered via cookie. + # config.extend_remember_period = false + + # Options to be passed to the created cookie. For instance, you can set + # secure: true in order to force SSL only cookies. + # config.rememberable_options = {} + + # ==> Configuration for :validatable + # Range for password length. + config.password_length = 6..128 + + # Email regex used to validate email formats. It simply asserts that + # one (and only one) @ exists in the given string. This is mainly + # to give user feedback and not to assert the e-mail validity. + config.email_regexp = /\A[^@\s]+@[^@\s]+\z/ + + # ==> Configuration for :timeoutable + # The time you want to timeout the user session without activity. After this + # time the user will be asked for credentials again. Default is 30 minutes. + # config.timeout_in = 30.minutes + + # ==> Configuration for :lockable + # Defines which strategy will be used to lock an account. + # :failed_attempts = Locks an account after a number of failed attempts to sign in. + # :none = No lock strategy. You should handle locking by yourself. + # config.lock_strategy = :failed_attempts + + # Defines which key will be used when locking and unlocking an account + # config.unlock_keys = [:email] + + # Defines which strategy will be used to unlock an account. + # :email = Sends an unlock link to the user email + # :time = Re-enables login after a certain amount of time (see :unlock_in below) + # :both = Enables both strategies + # :none = No unlock strategy. You should handle unlocking by yourself. + # config.unlock_strategy = :both + + # Number of authentication tries before locking an account if lock_strategy + # is failed attempts. + # config.maximum_attempts = 20 + + # Time interval to unlock the account if :time is enabled as unlock_strategy. + # config.unlock_in = 1.hour + + # Warn on the last attempt before the account is locked. + # config.last_attempt_warning = true + + # ==> Configuration for :recoverable + # + # Defines which key will be used when recovering the password for an account + # config.reset_password_keys = [:email] + + # Time interval you can reset your password with a reset password key. + # Don't put a too small interval or your users won't have the time to + # change their passwords. + config.reset_password_within = 6.hours + + # When set to false, does not sign a user in automatically after their password is + # reset. Defaults to true, so a user is signed in automatically after a reset. + # config.sign_in_after_reset_password = true + + # ==> Configuration for :encryptable + # Allow you to use another hashing or encryption algorithm besides bcrypt (default). + # You can use :sha1, :sha512 or algorithms from others authentication tools as + # :clearance_sha1, :authlogic_sha512 (then you should set stretches above to 20 + # for default behavior) and :restful_authentication_sha1 (then you should set + # stretches to 10, and copy REST_AUTH_SITE_KEY to pepper). + # + # Require the `devise-encryptable` gem when using anything other than bcrypt + # config.encryptor = :sha512 + + # ==> Scopes configuration + # Turn scoped views on. Before rendering "sessions/new", it will first check for + # "users/sessions/new". It's turned off by default because it's slower if you + # are using only default views. + # config.scoped_views = false + + # Configure the default scope given to Warden. By default it's the first + # devise role declared in your routes (usually :user). + # config.default_scope = :user + + # Set this configuration to false if you want /users/sign_out to sign out + # only the current scope. By default, Devise signs out all scopes. + # config.sign_out_all_scopes = true + + # ==> Navigation configuration + # Lists the formats that should be treated as navigational. Formats like + # :html, should redirect to the sign in page when the user does not have + # access, but formats like :xml or :json, should return 401. + # + # If you have any extra navigational formats, like :iphone or :mobile, you + # should add them to the navigational formats lists. + # + # The "*/*" below is required to match Internet Explorer requests. + # config.navigational_formats = ['*/*', :html] + + # The default HTTP method used to sign out a resource. Default is :delete. + config.sign_out_via = :delete + + # ==> OmniAuth + # Add a new OmniAuth provider. Check the wiki for more information on setting + # up on your models and hooks. + # config.omniauth :github, 'APP_ID', 'APP_SECRET', scope: 'user,public_repo' + + # ==> Warden configuration + # If you want to use other strategies, that are not supported by Devise, or + # change the failure app, you can configure them inside the config.warden block. + # + # config.warden do |manager| + # manager.intercept_401 = false + # manager.default_strategies(scope: :user).unshift :some_external_strategy + # end + + # ==> Mountable engine configurations + # When using Devise inside an engine, let's call it `MyEngine`, and this engine + # is mountable, there are some extra configurations to be taken into account. + # The following options are available, assuming the engine is mounted as: + # + # mount MyEngine, at: '/my_engine' + # + # The router that invoked `devise_for`, in the example above, would be: + # config.router_name = :my_engine + # + # When using OmniAuth, Devise cannot automatically set OmniAuth path, + # so you need to do it manually. For the users scope, it would be: + # config.omniauth_path_prefix = '/my_engine/users/auth' + + config.omniauth :github, Figaro.env.github_app_id, Figaro.env.github_app_secret, + callback_url: "https://myapp.com/users/auth/facebook/callback" +end diff --git a/config/locales/devise.en.yml b/config/locales/devise.en.yml new file mode 100644 index 0000000..bd4c3eb --- /dev/null +++ b/config/locales/devise.en.yml @@ -0,0 +1,62 @@ +# Additional translations at https://github.com/plataformatec/devise/wiki/I18n + +en: + devise: + confirmations: + confirmed: "Your email address has been successfully confirmed." + send_instructions: "You will receive an email with instructions for how to confirm your email address in a few minutes." + send_paranoid_instructions: "If your email address exists in our database, you will receive an email with instructions for how to confirm your email address in a few minutes." + failure: + already_authenticated: "You are already signed in." + inactive: "Your account is not activated yet." + invalid: "Invalid %{authentication_keys} or password." + locked: "Your account is locked." + last_attempt: "You have one more attempt before your account is locked." + not_found_in_database: "Invalid %{authentication_keys} or password." + timeout: "Your session expired. Please sign in again to continue." + unauthenticated: "You need to sign in or sign up before continuing." + unconfirmed: "You have to confirm your email address before continuing." + mailer: + confirmation_instructions: + subject: "Confirmation instructions" + reset_password_instructions: + subject: "Reset password instructions" + unlock_instructions: + subject: "Unlock instructions" + password_change: + subject: "Password Changed" + omniauth_callbacks: + failure: "Could not authenticate you from %{kind} because \"%{reason}\"." + success: "Successfully authenticated from %{kind} account." + passwords: + no_token: "You can't access this page without coming from a password reset email. If you do come from a password reset email, please make sure you used the full URL provided." + send_instructions: "You will receive an email with instructions on how to reset your password in a few minutes." + send_paranoid_instructions: "If your email address exists in our database, you will receive a password recovery link at your email address in a few minutes." + updated: "Your password has been changed successfully. You are now signed in." + updated_not_active: "Your password has been changed successfully." + registrations: + destroyed: "Bye! Your account has been successfully cancelled. We hope to see you again soon." + signed_up: "Welcome! You have signed up successfully." + signed_up_but_inactive: "You have signed up successfully. However, we could not sign you in because your account is not yet activated." + signed_up_but_locked: "You have signed up successfully. However, we could not sign you in because your account is locked." + signed_up_but_unconfirmed: "A message with a confirmation link has been sent to your email address. Please follow the link to activate your account." + update_needs_confirmation: "You updated your account successfully, but we need to verify your new email address. Please check your email and follow the confirm link to confirm your new email address." + updated: "Your account has been updated successfully." + sessions: + signed_in: "Signed in successfully." + signed_out: "Signed out successfully." + already_signed_out: "Signed out successfully." + unlocks: + send_instructions: "You will receive an email with instructions for how to unlock your account in a few minutes." + send_paranoid_instructions: "If your account exists, you will receive an email with instructions for how to unlock it in a few minutes." + unlocked: "Your account has been unlocked successfully. Please sign in to continue." + errors: + messages: + already_confirmed: "was already confirmed, please try signing in" + confirmation_period_expired: "needs to be confirmed within %{period}, please request a new one" + expired: "has expired, please request a new one" + not_found: "not found" + not_locked: "was not locked" + not_saved: + one: "1 error prohibited this %{resource} from being saved:" + other: "%{count} errors prohibited this %{resource} from being saved:" diff --git a/config/routes.rb b/config/routes.rb index 2540f57..5ce6370 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -1,4 +1,5 @@ Rails.application.routes.draw do + devise_for :users, :controllers => { :omniauth_callbacks => "users/omniauth_callbacks" } resources :projects root 'projects#index' end diff --git a/db/migrate/20161019233104_devise_create_users.rb b/db/migrate/20161019233104_devise_create_users.rb new file mode 100644 index 0000000..9200e8b --- /dev/null +++ b/db/migrate/20161019233104_devise_create_users.rb @@ -0,0 +1,42 @@ +class DeviseCreateUsers < ActiveRecord::Migration + def change + create_table :users do |t| + ## Database authenticatable + t.string :email, null: false, default: "" + t.string :encrypted_password, null: false, default: "" + + ## Recoverable + t.string :reset_password_token + t.datetime :reset_password_sent_at + + ## Rememberable + t.datetime :remember_created_at + + ## Trackable + t.integer :sign_in_count, default: 0, null: false + t.datetime :current_sign_in_at + t.datetime :last_sign_in_at + t.string :current_sign_in_ip + t.string :last_sign_in_ip + + ## Confirmable + # t.string :confirmation_token + # t.datetime :confirmed_at + # t.datetime :confirmation_sent_at + # t.string :unconfirmed_email # Only if using reconfirmable + + ## Lockable + # t.integer :failed_attempts, default: 0, null: false # Only if lock strategy is :failed_attempts + # t.string :unlock_token # Only if unlock strategy is :email or :both + # t.datetime :locked_at + + + t.timestamps null: false + end + + add_index :users, :email, unique: true + add_index :users, :reset_password_token, unique: true + # add_index :users, :confirmation_token, unique: true + # add_index :users, :unlock_token, unique: true + end +end diff --git a/db/migrate/20161019234426_add_omniauth_to_users.rb b/db/migrate/20161019234426_add_omniauth_to_users.rb new file mode 100644 index 0000000..9c23c47 --- /dev/null +++ b/db/migrate/20161019234426_add_omniauth_to_users.rb @@ -0,0 +1,6 @@ +class AddOmniauthToUsers < ActiveRecord::Migration + def change + add_column :users, :provider, :string + add_column :users, :uid, :string + end +end diff --git a/db/schema.rb b/db/schema.rb index 1d9183a..187d016 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -11,7 +11,7 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema.define(version: 20160804055752) do +ActiveRecord::Schema.define(version: 20161019234426) do create_table "configs", force: :cascade do |t| t.integer "project_id" @@ -46,4 +46,24 @@ add_index "projects", ["name"], name: "index_projects_on_name" + create_table "users", force: :cascade do |t| + t.string "email", default: "", null: false + t.string "encrypted_password", default: "", null: false + t.string "reset_password_token" + t.datetime "reset_password_sent_at" + t.datetime "remember_created_at" + t.integer "sign_in_count", default: 0, null: false + t.datetime "current_sign_in_at" + t.datetime "last_sign_in_at" + t.string "current_sign_in_ip" + t.string "last_sign_in_ip" + t.datetime "created_at", null: false + t.datetime "updated_at", null: false + t.string "provider" + t.string "uid" + end + + add_index "users", ["email"], name: "index_users_on_email", unique: true + add_index "users", ["reset_password_token"], name: "index_users_on_reset_password_token", unique: true + end From e594d45b2ee010da9a20c3bc6e67df1fa47ddd42 Mon Sep 17 00:00:00 2001 From: DrakeW Date: Wed, 19 Oct 2016 18:59:41 -0700 Subject: [PATCH 08/60] removed copied sample code --- config/initializers/devise.rb | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb index 1ef8f5e..bd0d895 100644 --- a/config/initializers/devise.rb +++ b/config/initializers/devise.rb @@ -272,6 +272,5 @@ # so you need to do it manually. For the users scope, it would be: # config.omniauth_path_prefix = '/my_engine/users/auth' - config.omniauth :github, Figaro.env.github_app_id, Figaro.env.github_app_secret, - callback_url: "https://myapp.com/users/auth/facebook/callback" + config.omniauth :github, Figaro.env.github_app_id, Figaro.env.github_app_secret end From 65dee307ffd2a1cc7e6b179a7a226f6d071e4fea Mon Sep 17 00:00:00 2001 From: DrakeW Date: Wed, 19 Oct 2016 19:21:40 -0700 Subject: [PATCH 09/60] added bootstrap gems --- Gemfile | 2 ++ Gemfile.lock | 6 ++++++ app/assets/javascripts/application.js | 1 + .../stylesheets/{application.css => application.scss} | 4 ++-- app/views/devise/sessions/new.html.erb | 1 - 5 files changed, 11 insertions(+), 3 deletions(-) rename app/assets/stylesheets/{application.css => application.scss} (92%) diff --git a/Gemfile b/Gemfile index 3bd5a23..92cf613 100644 --- a/Gemfile +++ b/Gemfile @@ -49,6 +49,8 @@ gem 'sdoc', '~> 0.4.0', group: :doc gem 'devise' gem 'omniauth-github', :git => 'git@github.com:intridea/omniauth-github.git' +gem 'bootstrap-sass', '~> 3.3.6' + group :development, :test do gem 'sqlite3' # Call 'byebug' anywhere in the code to stop execution and get a debugger console diff --git a/Gemfile.lock b/Gemfile.lock index 3bfa874..b59a044 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -91,6 +91,8 @@ GEM arel (6.0.3) attr_encrypted (3.0.3) encryptor (~> 3.0.0) + autoprefixer-rails (6.5.1) + execjs axiom-types (0.1.1) descendants_tracker (~> 0.0.4) ice_nine (~> 0.11.0) @@ -98,6 +100,9 @@ GEM bcrypt (3.1.11) binding_of_caller (0.7.2) debug_inspector (>= 0.0.1) + bootstrap-sass (3.3.7) + autoprefixer-rails (>= 5.2.1) + sass (>= 3.3.4) builder (3.2.2) byebug (9.0.5) capybara (2.8.1) @@ -377,6 +382,7 @@ PLATFORMS DEPENDENCIES attr_encrypted + bootstrap-sass (~> 3.3.6) byebug coffee-rails (~> 4.1.0) cucumber-rails diff --git a/app/assets/javascripts/application.js b/app/assets/javascripts/application.js index e07c5a8..f0abf5e 100644 --- a/app/assets/javascripts/application.js +++ b/app/assets/javascripts/application.js @@ -12,5 +12,6 @@ // //= require jquery //= require jquery_ujs +//= require bootstrap-sprockets //= require turbolinks //= require_tree . diff --git a/app/assets/stylesheets/application.css b/app/assets/stylesheets/application.scss similarity index 92% rename from app/assets/stylesheets/application.css rename to app/assets/stylesheets/application.scss index f9cd5b3..e458dac 100644 --- a/app/assets/stylesheets/application.css +++ b/app/assets/stylesheets/application.scss @@ -10,6 +10,6 @@ * defined in the other CSS/SCSS files in this directory. It is generally better to create a new * file per style scope. * - *= require_tree . - *= require_self */ +@import "bootstrap-sprockets"; +@import "bootstrap"; \ No newline at end of file diff --git a/app/views/devise/sessions/new.html.erb b/app/views/devise/sessions/new.html.erb index 0e196eb..c328df3 100644 --- a/app/views/devise/sessions/new.html.erb +++ b/app/views/devise/sessions/new.html.erb @@ -21,7 +21,6 @@
<%= f.submit "Log in" %>
--> - <%= link_to "Sign in with GitHub", user_github_omniauth_authorize_path %> <% end %> <%= render "devise/shared/links" %> From aeb22e1f2cb45cab2eb085415beb28c2c3cc196f Mon Sep 17 00:00:00 2001 From: DrakeW Date: Wed, 19 Oct 2016 19:28:33 -0700 Subject: [PATCH 10/60] added annotate gem and better error gem --- Gemfile | 3 +++ Gemfile.lock | 11 +++++++++++ app/models/config.rb | 13 +++++++++++++ app/models/metric_sample.rb | 15 +++++++++++++++ app/models/project.rb | 10 ++++++++++ app/models/user.rb | 21 +++++++++++++++++++++ spec/models/config_spec.rb | 13 +++++++++++++ 7 files changed, 86 insertions(+) diff --git a/Gemfile b/Gemfile index 92cf613..48d9e15 100644 --- a/Gemfile +++ b/Gemfile @@ -56,6 +56,9 @@ group :development, :test do # Call 'byebug' anywhere in the code to stop execution and get a debugger console gem 'byebug' gem 'dotenv-rails' + gem 'annotate' + gem 'better_errors' + gem 'binding_of_caller' end group :test do diff --git a/Gemfile.lock b/Gemfile.lock index b59a044..fbfb89e 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -88,6 +88,9 @@ GEM thread_safe (~> 0.3, >= 0.3.4) tzinfo (~> 1.1) addressable (2.4.0) + annotate (2.7.1) + activerecord (>= 3.2, < 6.0) + rake (>= 10.4, < 12.0) arel (6.0.3) attr_encrypted (3.0.3) encryptor (~> 3.0.0) @@ -98,6 +101,10 @@ GEM ice_nine (~> 0.11.0) thread_safe (~> 0.3, >= 0.3.1) bcrypt (3.1.11) + better_errors (2.1.1) + coderay (>= 1.0.0) + erubis (>= 2.6.6) + rack (>= 0.9.0) binding_of_caller (0.7.2) debug_inspector (>= 0.0.1) bootstrap-sass (3.3.7) @@ -113,6 +120,7 @@ GEM rack-test (>= 0.5.4) xpath (~> 2.0) cliver (0.3.2) + coderay (1.1.1) coercible (1.0.0) descendants_tracker (~> 0.0.1) coffee-rails (4.1.1) @@ -381,7 +389,10 @@ PLATFORMS ruby DEPENDENCIES + annotate attr_encrypted + better_errors + binding_of_caller bootstrap-sass (~> 3.3.6) byebug coffee-rails (~> 4.1.0) diff --git a/app/models/config.rb b/app/models/config.rb index 85c6923..d988655 100644 --- a/app/models/config.rb +++ b/app/models/config.rb @@ -1,3 +1,16 @@ +# == Schema Information +# +# Table name: configs +# +# id :integer not null, primary key +# project_id :integer +# metric_name :string +# encrypted_options :text +# created_at :datetime not null +# updated_at :datetime not null +# encrypted_options_iv :string +# + class Config < ActiveRecord::Base belongs_to :project scope :for, ->(metric_name) { where(:metric_name => metric_name).first } diff --git a/app/models/metric_sample.rb b/app/models/metric_sample.rb index 41360df..deb647a 100644 --- a/app/models/metric_sample.rb +++ b/app/models/metric_sample.rb @@ -1,3 +1,18 @@ +# == Schema Information +# +# Table name: metric_samples +# +# id :integer not null, primary key +# project_id :integer +# metric_name :string +# encrypted_raw_data :text +# created_at :datetime not null +# updated_at :datetime not null +# encrypted_raw_data_iv :string +# score :float +# image :text +# + class MetricSample < ActiveRecord::Base belongs_to :project scope :latest_for, ->(metric_name) { where(:metric_name => metric_name).last } diff --git a/app/models/project.rb b/app/models/project.rb index de67b4d..002d238 100644 --- a/app/models/project.rb +++ b/app/models/project.rb @@ -1,3 +1,13 @@ +# == Schema Information +# +# Table name: projects +# +# id :integer not null, primary key +# name :string +# created_at :datetime not null +# updated_at :datetime not null +# + class Project < ActiveRecord::Base has_many :configs has_many :metric_samples diff --git a/app/models/user.rb b/app/models/user.rb index 4b30c85..3bf1e8a 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -1,3 +1,24 @@ +# == Schema Information +# +# Table name: users +# +# id :integer not null, primary key +# email :string default(""), not null +# encrypted_password :string default(""), not null +# reset_password_token :string +# reset_password_sent_at :datetime +# remember_created_at :datetime +# sign_in_count :integer default(0), not null +# current_sign_in_at :datetime +# last_sign_in_at :datetime +# current_sign_in_ip :string +# last_sign_in_ip :string +# created_at :datetime not null +# updated_at :datetime not null +# provider :string +# uid :string +# + class User < ActiveRecord::Base # Include default devise modules. Others available are: # :confirmable, :lockable, :timeoutable and :omniauthable diff --git a/spec/models/config_spec.rb b/spec/models/config_spec.rb index d054c4b..040eb4c 100644 --- a/spec/models/config_spec.rb +++ b/spec/models/config_spec.rb @@ -1,3 +1,16 @@ +# == Schema Information +# +# Table name: configs +# +# id :integer not null, primary key +# project_id :integer +# metric_name :string +# encrypted_options :text +# created_at :datetime not null +# updated_at :datetime not null +# encrypted_options_iv :string +# + require 'rails_helper' describe Config do From a59f53d1d93091e01770ba10cf72820953999c42 Mon Sep 17 00:00:00 2001 From: DrakeW Date: Wed, 19 Oct 2016 20:48:01 -0700 Subject: [PATCH 11/60] added role attr to users --- app/models/user.rb | 9 +++++++++ .../20161020034239_add_role_to_users.rb | 5 +++++ db/schema.rb | 19 +++++++++++++------ 3 files changed, 27 insertions(+), 6 deletions(-) create mode 100644 db/migrate/20161020034239_add_role_to_users.rb diff --git a/app/models/user.rb b/app/models/user.rb index 3bf1e8a..d746faa 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -17,6 +17,7 @@ # updated_at :datetime not null # provider :string # uid :string +# role :string default("coach"), not null # class User < ActiveRecord::Base @@ -25,6 +26,9 @@ class User < ActiveRecord::Base devise :database_authenticatable, :registerable, :recoverable, :rememberable, :trackable, :validatable, :omniauthable, :omniauth_providers => [:github] + ADMIN = "admin" + COACH = "coach" + def self.from_omniauth(auth) User.where(provider: auth.provider, uid: auth.uid).first_or_create do |user| user.provider = auth.provider @@ -33,4 +37,9 @@ def self.from_omniauth(auth) user.password = Devise.friendly_token[0,20] end end + + def is_admin? + self.role == ADMIN + end + end diff --git a/db/migrate/20161020034239_add_role_to_users.rb b/db/migrate/20161020034239_add_role_to_users.rb new file mode 100644 index 0000000..ea24805 --- /dev/null +++ b/db/migrate/20161020034239_add_role_to_users.rb @@ -0,0 +1,5 @@ +class AddRoleToUsers < ActiveRecord::Migration + def change + add_column :users, :role, :string, null: false, default: "coach" + end +end diff --git a/db/schema.rb b/db/schema.rb index 187d016..a56745d 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -11,7 +11,7 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema.define(version: 20161019234426) do +ActiveRecord::Schema.define(version: 20161020034239) do create_table "configs", force: :cascade do |t| t.integer "project_id" @@ -46,21 +46,28 @@ add_index "projects", ["name"], name: "index_projects_on_name" + create_table "roles", force: :cascade do |t| + t.string "name" + t.datetime "created_at", null: false + t.datetime "updated_at", null: false + end + create_table "users", force: :cascade do |t| - t.string "email", default: "", null: false - t.string "encrypted_password", default: "", null: false + t.string "email", default: "", null: false + t.string "encrypted_password", default: "", null: false t.string "reset_password_token" t.datetime "reset_password_sent_at" t.datetime "remember_created_at" - t.integer "sign_in_count", default: 0, null: false + t.integer "sign_in_count", default: 0, null: false t.datetime "current_sign_in_at" t.datetime "last_sign_in_at" t.string "current_sign_in_ip" t.string "last_sign_in_ip" - t.datetime "created_at", null: false - t.datetime "updated_at", null: false + t.datetime "created_at", null: false + t.datetime "updated_at", null: false t.string "provider" t.string "uid" + t.string "role", default: "coach", null: false end add_index "users", ["email"], name: "index_users_on_email", unique: true From 210605a8bfc3edfa9c2e67812a6351fd4a47934c Mon Sep 17 00:00:00 2001 From: DrakeW Date: Wed, 19 Oct 2016 21:22:00 -0700 Subject: [PATCH 12/60] added migration to create root user --- app/views/devise/sessions/new.html.erb | 6 +++--- app/views/layouts/application.html.erb | 14 ++++++++++---- db/migrate/20161020040440_create_root_user.rb | 10 ++++++++++ db/schema.rb | 2 +- 4 files changed, 24 insertions(+), 8 deletions(-) create mode 100644 db/migrate/20161020040440_create_root_user.rb diff --git a/app/views/devise/sessions/new.html.erb b/app/views/devise/sessions/new.html.erb index c328df3..26b7867 100644 --- a/app/views/devise/sessions/new.html.erb +++ b/app/views/devise/sessions/new.html.erb @@ -1,7 +1,7 @@

Log in

<%= form_for(resource, as: resource_name, url: session_path(resource_name)) do |f| %> - + <%= f.submit "Admin Log in" %> + <% end %> <%= render "devise/shared/links" %> diff --git a/app/views/layouts/application.html.erb b/app/views/layouts/application.html.erb index ffd0670..865747a 100644 --- a/app/views/layouts/application.html.erb +++ b/app/views/layouts/application.html.erb @@ -1,14 +1,20 @@ - ProjectscopeMvp + Projectscope <%= stylesheet_link_tag 'application', media: 'all', 'data-turbolinks-track' => true %> <%= javascript_include_tag 'application', 'data-turbolinks-track' => true %> <%= csrf_meta_tags %> -

<%= notice %>

-

<%= alert %>

- <%= yield %> +
+

<%= notice %>

+

<%= alert %>

+ + <% if user_signed_in? %> + <%= link_to('Logout', destroy_user_session_path, :method => :delete, :class => "btn btn-md btn-primary") %> + <% end %> + <%= yield %> +
diff --git a/db/migrate/20161020040440_create_root_user.rb b/db/migrate/20161020040440_create_root_user.rb new file mode 100644 index 0000000..f5ef7f9 --- /dev/null +++ b/db/migrate/20161020040440_create_root_user.rb @@ -0,0 +1,10 @@ +class CreateRootUser < ActiveRecord::Migration + def up + User.create!(email: Figaro.env.root_user_email, password: Figaro.env.root_user_password) + end + + def down + user = User.find_by_email(Figaro.env.root_user_email) + user.destroy + end +end diff --git a/db/schema.rb b/db/schema.rb index a56745d..c317469 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -11,7 +11,7 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema.define(version: 20161020034239) do +ActiveRecord::Schema.define(version: 20161020040440) do create_table "configs", force: :cascade do |t| t.integer "project_id" From 7abeb4d9fcb07f332f41b37d1723f26ce85f39c6 Mon Sep 17 00:00:00 2001 From: DrakeW Date: Wed, 19 Oct 2016 21:26:40 -0700 Subject: [PATCH 13/60] changed omniauth github path --- Gemfile | 2 +- Gemfile.lock | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Gemfile b/Gemfile index 48d9e15..126c1db 100644 --- a/Gemfile +++ b/Gemfile @@ -47,7 +47,7 @@ gem 'sdoc', '~> 0.4.0', group: :doc # gem 'capistrano-rails', group: :development gem 'devise' -gem 'omniauth-github', :git => 'git@github.com:intridea/omniauth-github.git' +gem 'omniauth-github', github: 'intridea/omniauth-github' gem 'bootstrap-sass', '~> 3.3.6' diff --git a/Gemfile.lock b/Gemfile.lock index fbfb89e..b44d302 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,5 +1,5 @@ GIT - remote: git@github.com:intridea/omniauth-github.git + remote: git://github.com/intridea/omniauth-github.git revision: 45f2fc73d6d06f30863adac0e6aa112bcaaadf67 specs: omniauth-github (1.1.2) From d78f7b19e2f2bc6ebab9d11f1a0cd0913fdd1d9a Mon Sep 17 00:00:00 2001 From: DrakeW Date: Wed, 19 Oct 2016 21:33:06 -0700 Subject: [PATCH 14/60] added updated application.yml.asc file --- config/application.yml.asc | 32 +++++++++++++++++--------------- 1 file changed, 17 insertions(+), 15 deletions(-) diff --git a/config/application.yml.asc b/config/application.yml.asc index 8a2ec24..9720e18 100644 --- a/config/application.yml.asc +++ b/config/application.yml.asc @@ -1,19 +1,21 @@ -----BEGIN PGP MESSAGE----- Version: GnuPG v2 -hQEMA7YaI9ARhVG0AQgAkFVVcwv2MBzWNZlm9sE7Sq8H3KQAHLzsMJXa1YC5AmUa -BIPiN12JFNnIJLfT5cdJHWBuVERXjWYx9HrtfUKWoxVYd7yhJ1ZRAeqW+Qb5ldJe -WZigKBHNlNkOAIn/BCqlkHdJ6gw4Y6zRHIKQzYB4dkknvnQNL7iFwdcdHjh8vLoY -dmRxNCd1n1ZURxnOlh0sp5xwt67lSfm2m1yLh23F26VTe1/Uon2ofI8nPK4X+tUs -yJMeZjgy03uL00Hiqecbr+6Lk89ndnMLXZlXXydA0p9kCpup172RmWamBz98vv6f -Xcm6bv6E7LT37xEsRFmmfBJ0vEBtPDmO23AmgAGMrIwuBAMDAt7rD+rPcZND4CBw -CIvHQX5/+d86NhTjQxRnfaFK8FL1jKRplt+YpKjGQ9LAjAFM2kSVDfWmH5EKaat0 -eoEyFwknnJkSUb/Tz/kyg+U8KT3w7DXFSsTMyYFhNbi9dQkJ9TYq0CBizZYbodqn -nO6chNEIFPdwAxps4syctm3hl8snm5aCfdrpIOVn6vlsjmfirCmEemk0YUOzXpqI -hUVyLNH0jmjVRCBCxvZSpJ5Lw5qvp9tLAoBGMVU96fPF16BcJBR0/CDIq53npzH1 -twfREWNBeRmfSMw6qaUcGtiU5ntDFsBRA9STOyPArY00OoG0X1ipA0dlqvTs2E9T -Q5psh0PyhmihikoZa9kRFoPA3FyYXxg5ZJ/bNWsHEfO/lm0n1/N+E4tUU8G3gxYn -PeeE2sVOvH/+Fhloi1wCnLJJPC/Wause84Vo8F/iDegdHnb6UjQuM929Q+G0NIvA -RYIkGZD5fXsPBiI27FlQtkEN7iHCbIL4mF6iT5Fr -=f2MO +hQEMA7YaI9ARhVG0AQgAwrMXn+ZmWgt25TPlOC8Po8eqfkVT47pKbPPAJFQwfwWZ +zGtymYCjS5t8guWI+Zj/EiBjBqBUP7GcmNsBs5Mcd1ho+9e8F6O+QB6JGSulQPi/ +IfJL636kQpNwV3M8MLRpOmRDILpHW3/dutU/6VLbmOZ6wlkombnHGUaTMNWPM9iz +dBdwo0am/lbmJNtU2xlPO8gbe353THYoYivCT0hXj/dB9kFCoeH01T5QagdcSTje +fCzGtQ7fO5kdG2Rlhd0LERfSL/S6WXgTwQsJycjXc6nH4pseV6uY5/g3OUKo4j2Z +Bfq7FQl9/jH+dY+Adkalh/uhA3TPny8dDt48h6Oyf4wuBAMDAq0lV3bSkEgf4WAp +90H8GwCH9dviuTKkRVnhJ6VpYKvtpB6v9wCpd3KmpNLA2AHQRQC5DkZgKrLfrgYM +Nc8Ua/c05yx9wz10SJSQIANNzebo5I2a2kb/T9SdMU+ou0IsVb7S8BsyODVkK2oU +/iUK6xiiWUhSXyObFFFYCK2LRAlZ3VrkB4GPyoYggw7ihdyCod8mRX3EU9KyEd1q +meTJ07mgcrH5v9AbbrWHHnvIcNFGydEITNQV/FU7LHYNORPwR0Y6zS6B5swx+WFT +YwwMsMn1mdUk39JMYg7FqY9UyCUhlLOwe5W3YBfx41/q27tmlydAb4x62U9peDOF +j0mhy6UqOIuFzX3U5tWH37jVbjaO1INe6SRRvXb5Hj3tw+4X/2icI/Owo9EZv6qh +H23N0TjB1bVtq5knPaus5ghSHmvVSc+dzezyJREyDmLJF+EjHqhiI8onAy6hi0cf +suZD1t+fProoZl+jPrYKskuiHiR50nSF/0nJBu+/nzBN20rmYq4thczKrMUgdRP+ +JL/4zwXvVechoiMt2AYREm9aN6im3GiP/alQk+CdYGR5QssWq/+DcUr1WY7im98i +dLKgoVEetrJb6Q== +=boqA -----END PGP MESSAGE----- From b94d7fdd8adcb38d72194d6e728f7dc67d3c6825 Mon Sep 17 00:00:00 2001 From: DrakeW Date: Wed, 19 Oct 2016 21:46:03 -0700 Subject: [PATCH 15/60] added credential for test env --- config/application.yml.asc | 33 ++++++++++++++++----------------- 1 file changed, 16 insertions(+), 17 deletions(-) diff --git a/config/application.yml.asc b/config/application.yml.asc index 9720e18..92fcef8 100644 --- a/config/application.yml.asc +++ b/config/application.yml.asc @@ -1,21 +1,20 @@ -----BEGIN PGP MESSAGE----- Version: GnuPG v2 -hQEMA7YaI9ARhVG0AQgAwrMXn+ZmWgt25TPlOC8Po8eqfkVT47pKbPPAJFQwfwWZ -zGtymYCjS5t8guWI+Zj/EiBjBqBUP7GcmNsBs5Mcd1ho+9e8F6O+QB6JGSulQPi/ -IfJL636kQpNwV3M8MLRpOmRDILpHW3/dutU/6VLbmOZ6wlkombnHGUaTMNWPM9iz -dBdwo0am/lbmJNtU2xlPO8gbe353THYoYivCT0hXj/dB9kFCoeH01T5QagdcSTje -fCzGtQ7fO5kdG2Rlhd0LERfSL/S6WXgTwQsJycjXc6nH4pseV6uY5/g3OUKo4j2Z -Bfq7FQl9/jH+dY+Adkalh/uhA3TPny8dDt48h6Oyf4wuBAMDAq0lV3bSkEgf4WAp -90H8GwCH9dviuTKkRVnhJ6VpYKvtpB6v9wCpd3KmpNLA2AHQRQC5DkZgKrLfrgYM -Nc8Ua/c05yx9wz10SJSQIANNzebo5I2a2kb/T9SdMU+ou0IsVb7S8BsyODVkK2oU -/iUK6xiiWUhSXyObFFFYCK2LRAlZ3VrkB4GPyoYggw7ihdyCod8mRX3EU9KyEd1q -meTJ07mgcrH5v9AbbrWHHnvIcNFGydEITNQV/FU7LHYNORPwR0Y6zS6B5swx+WFT -YwwMsMn1mdUk39JMYg7FqY9UyCUhlLOwe5W3YBfx41/q27tmlydAb4x62U9peDOF -j0mhy6UqOIuFzX3U5tWH37jVbjaO1INe6SRRvXb5Hj3tw+4X/2icI/Owo9EZv6qh -H23N0TjB1bVtq5knPaus5ghSHmvVSc+dzezyJREyDmLJF+EjHqhiI8onAy6hi0cf -suZD1t+fProoZl+jPrYKskuiHiR50nSF/0nJBu+/nzBN20rmYq4thczKrMUgdRP+ -JL/4zwXvVechoiMt2AYREm9aN6im3GiP/alQk+CdYGR5QssWq/+DcUr1WY7im98i -dLKgoVEetrJb6Q== -=boqA +hQEMA7YaI9ARhVG0AQf+Jd67FEDi7YqyKRc21A52vt4Cx/4TKh/drZxNxXWJvyay +4FPlQGuOZKvlcuDxJlbchFgZO4wp7w9Znkc/H6D3JAYdLttnwSqVFJkvzQCW292X +5ngDZNGogzUdy38z/cQLRJbRBVq2CjvPt1w1awMGFMo/e6QyS8gjwuQO6u5+NnNo +Y2FcRCutGU87AJZp3t1p2lOhrWfTIvYdsMkYxelEG6rSnmDhoVrY0DSCgCNgNQTG +TUGl7RxUY5e8CyZyzGzKRKQ8GF+I3IwZBMjorzisyRC79SGALwFt33WUZ0x9KvuP +9+Gujb9wsIobI9f2+oRbhHZzET/i57+UN23qxUoj3YwuBAMDAt00ZFHIO5fO4HVr +UqGcPfGgoC0IBwqkECYxZ6EE8MYjylBOYR7hdQ9J89LAugEqHV1vJY9aakpPL4N1 +xWrIkfkuquqmMGGKntY3IzijiVil/enG0aetsLRbdlHiDROwmtUySZb1sNeOFb03 +TZldJHrFIBdmd9E2TixWks9EUclHpHPk7sJD369xjtRGUcupIL3ka0p3HabidIl2 +ggobDNvODF5BA+vi8H1PuDZJIwD6ebUPtZBILgs/W2k9jYEUS3mVgbHKMFMQpyRl +d0XNYWAUX1TcdaA2n+f5/L89w1bfjtnEzF0WSesdpaHsi8LUwJVe5xEljveBby4+ +pbkveHNGB7Sj6/Wx82+t71o14xtgc3NXLRZjzL8FrHJxLc3LmGtjt5I0yZfWx/Sy +Y0S4ilLyBuL6TJu8Kf0LXzD7OF5KjBbm1j8wQs6XXMMJ3YfakQRUKrdYPmcO7o7W +gGuP/plLKioq2NId8zyTZ4c449lMqW3fuLIs6TAtgwKchGkyldw2V17TICV5K4Q6 +LZ0SpIF93CqraDkBjng/hX7L7RikEEPNznJ8AA== +=3dfk -----END PGP MESSAGE----- From d71c2da5984f3e95f093182038b3c9286abe0acf Mon Sep 17 00:00:00 2001 From: DrakeW Date: Wed, 19 Oct 2016 22:20:49 -0700 Subject: [PATCH 16/60] added whitelist authorized user checking during login --- .../users/omniauth_callbacks_controller.rb | 7 ++++++- app/models/user.rb | 16 +++++++++------- 2 files changed, 15 insertions(+), 8 deletions(-) diff --git a/app/controllers/users/omniauth_callbacks_controller.rb b/app/controllers/users/omniauth_callbacks_controller.rb index cad93af..a0f8ecf 100644 --- a/app/controllers/users/omniauth_callbacks_controller.rb +++ b/app/controllers/users/omniauth_callbacks_controller.rb @@ -28,6 +28,11 @@ class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController def github @user = User.from_omniauth(request.env["omniauth.auth"]) - sign_in_and_redirect @user + if @user.nil? + flash[:alert] = "You are not authorized." + redirect_to new_user_session_path + else + sign_in_and_redirect @user + end end end diff --git a/app/models/user.rb b/app/models/user.rb index d746faa..5f25519 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -30,16 +30,18 @@ class User < ActiveRecord::Base COACH = "coach" def self.from_omniauth(auth) - User.where(provider: auth.provider, uid: auth.uid).first_or_create do |user| - user.provider = auth.provider - user.uid = auth.uid - user.email = auth.extra.raw_info.email - user.password = Devise.friendly_token[0,20] - end + email = auth.extra.raw_info.email + if !email.nil? and Whitelist.has_email? email + User.where(provider: auth.provider, uid: auth.uid).first_or_create do |user| + user.provider = auth.provider + user.uid = auth.uid + user.email = email + user.password = Devise.friendly_token[0,20] + end + end end def is_admin? self.role == ADMIN end - end From 5c127d4961b22c876d85feb5f05e012f2faa0426 Mon Sep 17 00:00:00 2001 From: DrakeW Date: Thu, 20 Oct 2016 00:04:45 -0700 Subject: [PATCH 17/60] fixed root user migration & added success msg for github signing in --- app/controllers/users/omniauth_callbacks_controller.rb | 1 + db/migrate/20161020040440_create_root_user.rb | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/app/controllers/users/omniauth_callbacks_controller.rb b/app/controllers/users/omniauth_callbacks_controller.rb index a0f8ecf..8fa9982 100644 --- a/app/controllers/users/omniauth_callbacks_controller.rb +++ b/app/controllers/users/omniauth_callbacks_controller.rb @@ -32,6 +32,7 @@ def github flash[:alert] = "You are not authorized." redirect_to new_user_session_path else + flash[:notice] = "Signed in successfully." sign_in_and_redirect @user end end diff --git a/db/migrate/20161020040440_create_root_user.rb b/db/migrate/20161020040440_create_root_user.rb index f5ef7f9..5ad7c85 100644 --- a/db/migrate/20161020040440_create_root_user.rb +++ b/db/migrate/20161020040440_create_root_user.rb @@ -1,6 +1,6 @@ class CreateRootUser < ActiveRecord::Migration def up - User.create!(email: Figaro.env.root_user_email, password: Figaro.env.root_user_password) + User.create!(email: Figaro.env.root_user_email, password: Figaro.env.root_user_password, role: "admin") end def down From fa7c364c7ccd10d445454735cbc2756f95608e14 Mon Sep 17 00:00:00 2001 From: DrakeW Date: Thu, 20 Oct 2016 00:32:58 -0700 Subject: [PATCH 18/60] updated env file --- config/application.yml.asc | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/config/application.yml.asc b/config/application.yml.asc index 92fcef8..32a9e1d 100644 --- a/config/application.yml.asc +++ b/config/application.yml.asc @@ -1,20 +1,20 @@ -----BEGIN PGP MESSAGE----- Version: GnuPG v2 -hQEMA7YaI9ARhVG0AQf+Jd67FEDi7YqyKRc21A52vt4Cx/4TKh/drZxNxXWJvyay -4FPlQGuOZKvlcuDxJlbchFgZO4wp7w9Znkc/H6D3JAYdLttnwSqVFJkvzQCW292X -5ngDZNGogzUdy38z/cQLRJbRBVq2CjvPt1w1awMGFMo/e6QyS8gjwuQO6u5+NnNo -Y2FcRCutGU87AJZp3t1p2lOhrWfTIvYdsMkYxelEG6rSnmDhoVrY0DSCgCNgNQTG -TUGl7RxUY5e8CyZyzGzKRKQ8GF+I3IwZBMjorzisyRC79SGALwFt33WUZ0x9KvuP -9+Gujb9wsIobI9f2+oRbhHZzET/i57+UN23qxUoj3YwuBAMDAt00ZFHIO5fO4HVr -UqGcPfGgoC0IBwqkECYxZ6EE8MYjylBOYR7hdQ9J89LAugEqHV1vJY9aakpPL4N1 -xWrIkfkuquqmMGGKntY3IzijiVil/enG0aetsLRbdlHiDROwmtUySZb1sNeOFb03 -TZldJHrFIBdmd9E2TixWks9EUclHpHPk7sJD369xjtRGUcupIL3ka0p3HabidIl2 -ggobDNvODF5BA+vi8H1PuDZJIwD6ebUPtZBILgs/W2k9jYEUS3mVgbHKMFMQpyRl -d0XNYWAUX1TcdaA2n+f5/L89w1bfjtnEzF0WSesdpaHsi8LUwJVe5xEljveBby4+ -pbkveHNGB7Sj6/Wx82+t71o14xtgc3NXLRZjzL8FrHJxLc3LmGtjt5I0yZfWx/Sy -Y0S4ilLyBuL6TJu8Kf0LXzD7OF5KjBbm1j8wQs6XXMMJ3YfakQRUKrdYPmcO7o7W -gGuP/plLKioq2NId8zyTZ4c449lMqW3fuLIs6TAtgwKchGkyldw2V17TICV5K4Q6 -LZ0SpIF93CqraDkBjng/hX7L7RikEEPNznJ8AA== -=3dfk +hQEMA7YaI9ARhVG0AQf9FVENtT2rPfOPjfgOvn/lAHUwIquuYFw/eywuCSFya18y +wL/isr8h3PnLfcFqrwz+kBBF5YLtVLK1T3shlhP1JBNqpUhUC1G312fF/LtPIZ6p +L8r4GzJdTzjMttq95E7UyWVHUOpgKmb1BjX3mNLv/x4VIau8itk2vYlj7Mc37XIW +xX7kB/RksXVdzVnj/hHFC5LUF0Z3wDrinyU+hv+N09HMj9x4NYw5kSAcfX1PhMmT +ebiYqLRT9lrBqu5m1vcO/ourqW245mR7QTJaN1EzU528GtIGg4ZqNZbuILxrJZme +1eYvWOAXYrYlSezLiY2/4+VylSxhb9h7iRRbqBN1L4wuBAMDAgK9au7TaEB44Xpc +HFtIHChB6x34A7rOUkpSamB8iPA+/xH3wK5AXzzmMNLAtwFlCQcIiQcFi93YwYAt +BWxkwZjUX3drVpbLM3hgxTFWwIvxiMzT1nB7E/zzQ35FgneGCoR4I7JjOLG8CPN3 +LfwKW/GjfOdzczKeRe4/Rgrpo91wAjAZk1eXqB+TKIG+ODmytwyxD+6zpE65i2ie +c+5wxheAfDLtWiweb0bUxeXyHqUHtCw4Gm5gna9nG3xuo70S5soNyJklgDjhaY84 +a4KG6DLClGc5igBztb40YtaUW+AffsMCkwiGIMEHfhlz+3X/Vqbs+B36yzlmzWLM +wJtI5VXVecuAbdkkufda2PVjN05XDlxchDO1xcxib2rtdLkfW7Pwi7l+d7tzQ/bE +FqupH7ssqU6vtyo1Hl/JjmJWodTcIe4cUPk4fTJW3FYw9Eb+zngw+/tXPD2p2I6B +DJYxIsTP+Aw4UcnFSfOW2kilqBIKXzb9GjxC9Gdlymsr7UTJK2Sde0c1kzNoGypV +y4qWHjPpqwGdYutDBn27y55g7kqOWW7xBg== +=6CCH -----END PGP MESSAGE----- From 3d0caf75aa89906ba8ad4dbaf6ccb3c14fc9320a Mon Sep 17 00:00:00 2001 From: DrakeW Date: Thu, 20 Oct 2016 01:16:21 -0700 Subject: [PATCH 19/60] passed tests assumed no whitelist functionality --- app/models/user.rb | 2 +- features/login.feature | 19 ------------- features/step_definitions/user_login_steps.rb | 26 ++++++++++++++++++ features/support/env.rb | 9 +++++++ features/support/paths.rb | 2 ++ features/user_login.feature | 27 +++++++++++++++++++ 6 files changed, 65 insertions(+), 20 deletions(-) delete mode 100644 features/login.feature create mode 100644 features/step_definitions/user_login_steps.rb create mode 100644 features/user_login.feature diff --git a/app/models/user.rb b/app/models/user.rb index 5f25519..38f6375 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -30,7 +30,7 @@ class User < ActiveRecord::Base COACH = "coach" def self.from_omniauth(auth) - email = auth.extra.raw_info.email + email = auth.info.email.nil? ? auth.extra.raw_info.email : auth.info.email if !email.nil? and Whitelist.has_email? email User.where(provider: auth.provider, uid: auth.uid).first_or_create do |user| user.provider = auth.provider diff --git a/features/login.feature b/features/login.feature deleted file mode 100644 index e6f336c..0000000 --- a/features/login.feature +++ /dev/null @@ -1,19 +0,0 @@ -Feature: login - Scenario: authrozied admin login - Given I am on the login page - And I fill in authroized credentials as admin - Then I should be on the dashboard page - And I should see whitelist management - - Scenario: authrozied coach login - Given I am on the login page - And I fill in authroized credentials as coach - Then I should be on the dashboard page - And I should not see whitelist management - - Scenario: unauthrozied user login - Given I am on the login page - And I fill in unauthroized credentials - Then I should not be on the dashboard page - And I should be on the login page - And I should see "You are not authroized." diff --git a/features/step_definitions/user_login_steps.rb b/features/step_definitions/user_login_steps.rb new file mode 100644 index 0000000..c0308bb --- /dev/null +++ b/features/step_definitions/user_login_steps.rb @@ -0,0 +1,26 @@ +Given /^admin with email "(.*)" and password "(.*)" exists/ do |email, password| + User.create!(email: email, password: password, role: "admin") +end + +Given /^coach with email "(.*)" is in the whitelist/ do |email| + # Whitelist.create!(email: email) +end + +When /^I sign in as admin with email "(.*)" and password "(.*)"/ do |email, password| + fill_in "Email", :with => email + fill_in "Password", :with => password + click_button "Admin Log in" +end + +When /^I sign in as coach with github email "(.*)"/ do |email| + OmniAuth.config.add_mock(:github, { + :uid => '12345', + :extra => { + :raw_info => { + :email => email + } + } + }) + click_link "Sign in with GitHub" +end + \ No newline at end of file diff --git a/features/support/env.rb b/features/support/env.rb index f41841a..e196704 100644 --- a/features/support/env.rb +++ b/features/support/env.rb @@ -60,3 +60,12 @@ Cucumber::Rails::Database.javascript_strategy = :truncation World(FactoryGirl::Syntax::Methods) + +# for cucumber omniauth test +Before('@omniauth_test') do + OmniAuth.config.test_mode = true +end + +After('@omniauth_test') do + OmniAuth.config.test_mode = false +end diff --git a/features/support/paths.rb b/features/support/paths.rb index 55c3239..429951b 100644 --- a/features/support/paths.rb +++ b/features/support/paths.rb @@ -19,6 +19,8 @@ def path_to(page_name) '/projects' when /^the edit page for project "(.*)"$/ then "/projects/#{Project.find_by(name: $1).id}/edit" + when /^the login page/ then + '/users/sign_in' # Add more mappings here. # Here is an example that pulls values out of the Regexp: # diff --git a/features/user_login.feature b/features/user_login.feature new file mode 100644 index 0000000..b03b9a6 --- /dev/null +++ b/features/user_login.feature @@ -0,0 +1,27 @@ +Feature: User Login + As a user of projectscope, I should be able to login if I am + on the whitelist or I am an admin. Otherwise I should be blocked. + +Background: + Given admin with email "test-admin@test.com" and password "testadminofprojectscope" exists + And coach with email "test-coach@test.com" is in the whitelist + +Scenario: authrozied admin login + Given I am on the login page + When I sign in as admin with email "test-admin@test.com" and password "testadminofprojectscope" + Then I should be on the home page + And I should see "Signed in successfully." + +@omniauth_test +Scenario: authrozied coach login + Given I am on the login page + When I sign in as coach with github email "test-coach@test.com" + Then I should be on the home page + And I should see "Signed in successfully." + +@omniauth_test +Scenario: unauthrozied user login + Given I am on the login page + When I sign in as coach with email "test-coach-not-exist@test.com" + Then I should be on the login page + And I should see "You are not authroized." From bab3832bd7ea95bc3412bd42f945dc72fc1c7265 Mon Sep 17 00:00:00 2001 From: DrakeW Date: Thu, 20 Oct 2016 01:22:32 -0700 Subject: [PATCH 20/60] removed test from env file --- config/application.yml.asc | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/config/application.yml.asc b/config/application.yml.asc index 32a9e1d..d29ab94 100644 --- a/config/application.yml.asc +++ b/config/application.yml.asc @@ -1,20 +1,20 @@ -----BEGIN PGP MESSAGE----- Version: GnuPG v2 -hQEMA7YaI9ARhVG0AQf9FVENtT2rPfOPjfgOvn/lAHUwIquuYFw/eywuCSFya18y -wL/isr8h3PnLfcFqrwz+kBBF5YLtVLK1T3shlhP1JBNqpUhUC1G312fF/LtPIZ6p -L8r4GzJdTzjMttq95E7UyWVHUOpgKmb1BjX3mNLv/x4VIau8itk2vYlj7Mc37XIW -xX7kB/RksXVdzVnj/hHFC5LUF0Z3wDrinyU+hv+N09HMj9x4NYw5kSAcfX1PhMmT -ebiYqLRT9lrBqu5m1vcO/ourqW245mR7QTJaN1EzU528GtIGg4ZqNZbuILxrJZme -1eYvWOAXYrYlSezLiY2/4+VylSxhb9h7iRRbqBN1L4wuBAMDAgK9au7TaEB44Xpc -HFtIHChB6x34A7rOUkpSamB8iPA+/xH3wK5AXzzmMNLAtwFlCQcIiQcFi93YwYAt -BWxkwZjUX3drVpbLM3hgxTFWwIvxiMzT1nB7E/zzQ35FgneGCoR4I7JjOLG8CPN3 -LfwKW/GjfOdzczKeRe4/Rgrpo91wAjAZk1eXqB+TKIG+ODmytwyxD+6zpE65i2ie -c+5wxheAfDLtWiweb0bUxeXyHqUHtCw4Gm5gna9nG3xuo70S5soNyJklgDjhaY84 -a4KG6DLClGc5igBztb40YtaUW+AffsMCkwiGIMEHfhlz+3X/Vqbs+B36yzlmzWLM -wJtI5VXVecuAbdkkufda2PVjN05XDlxchDO1xcxib2rtdLkfW7Pwi7l+d7tzQ/bE -FqupH7ssqU6vtyo1Hl/JjmJWodTcIe4cUPk4fTJW3FYw9Eb+zngw+/tXPD2p2I6B -DJYxIsTP+Aw4UcnFSfOW2kilqBIKXzb9GjxC9Gdlymsr7UTJK2Sde0c1kzNoGypV -y4qWHjPpqwGdYutDBn27y55g7kqOWW7xBg== -=6CCH +hQEMA7YaI9ARhVG0AQf+LZ5bAdY4J8w5Vpk2j4B6D/aLice4yGxBSygz2y+U5O/L +xeLkoXo4W49eg7SrnnzxnK6IYE2WdAtD82XO1cks+lh2JZ3u1MdPGa8RbmX5yObi +zrkVvOsvT11VEJKOti0ORRqewraJW9ZdLaeiHNg1kQCKV/NK+8QYNqvkZJo1dK/Y +ekPGobtiFTBBrpaeiS7BWCjLKUdC4EOn7qbB3+bRL/AAQgLlHkfblWM8yLSrn9Vv +G+N6p41kgjKzQnAQcQSLy/cOKC/yqEPDbkvZDBoBYOPWXfClXSzwAOdeczqEpKwB +AjxhbnzuCHXZESNcR4q0aU9upwSmUsL0k6sP7ve4mowuBAMDAvkthw50AyNT4wrG +uPHyjW4HxxS4nkVtHNN/xELmFZEFWuBbnJinMIvQ4tLAsgGGV8xzGGR0Yvw3hZAX +Ff1tughyDCrrIoCRJIs/oap4cd5kAh0qarw0PBVKUaMI/H7rZgKI94lwNm41xckk +rTBtxJS5QDws7DVoR00H1iqoR6hYyzhA2NR+Sd/piQ4buE+3llrY1Lb3pL/C31yr +cfpwwRiiGYy36+o84nfAdhcXH9p/xNmCfNrgoP3udThFTf4LZW5AiQpRn12HYyuN +GSOX4ECEEjnRFe9PH+E1DlF+2qDPtjY7NaATxJmkcj0zI2djGpq5ukikKva+5wOk +2lZ9nPHFHpc+5qNMjYeUlzA8sc5/zbV2ew1dhQdo/eCyzdZbIKMf05uxqLb6487C +TaBHr+gwuB7YnpImniNYPzwKJ6Gy0t+dZldSFDFV/Cd9WH2VNXHxHfm62JZjjYma +P6dTw+ukga9RQ7hOK1cqu67pNteSdF3zp+rdkzkonbgqT9FVhD7NVqUY237Unk2S +oUcW8Qa/wXKihj88VYXVZ5+buRg= +=vycT -----END PGP MESSAGE----- From a70594da359224e0cab8431f6143f535e0c4644c Mon Sep 17 00:00:00 2001 From: DrakeW Date: Thu, 20 Oct 2016 10:31:07 -0700 Subject: [PATCH 21/60] fixed bug in user login feature --- features/user_login.feature | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/features/user_login.feature b/features/user_login.feature index b03b9a6..6383f19 100644 --- a/features/user_login.feature +++ b/features/user_login.feature @@ -22,6 +22,6 @@ Scenario: authrozied coach login @omniauth_test Scenario: unauthrozied user login Given I am on the login page - When I sign in as coach with email "test-coach-not-exist@test.com" + When I sign in as coach with github email "test-coach-not-exist@test.com" Then I should be on the login page And I should see "You are not authroized." From 1a1b511d054064250e1d83a3584eaa7b12ba374f Mon Sep 17 00:00:00 2001 From: DrakeW Date: Thu, 20 Oct 2016 10:46:51 -0700 Subject: [PATCH 22/60] removed duplicated notice msg --- app/views/projects/index.html.haml | 2 -- app/views/projects/show.html.haml | 2 -- 2 files changed, 4 deletions(-) diff --git a/app/views/projects/index.html.haml b/app/views/projects/index.html.haml index f86c3a4..d3f8d02 100644 --- a/app/views/projects/index.html.haml +++ b/app/views/projects/index.html.haml @@ -1,5 +1,3 @@ -%p#notice= notice - %h1 Project List %table diff --git a/app/views/projects/show.html.haml b/app/views/projects/show.html.haml index b8d6341..d2a8300 100644 --- a/app/views/projects/show.html.haml +++ b/app/views/projects/show.html.haml @@ -1,5 +1,3 @@ -%p#notice= notice - %p %strong Name: = @project.name From f99a57dfb1d7f29787c3158c1382454dd00bbbbb Mon Sep 17 00:00:00 2001 From: DrakeW Date: Thu, 20 Oct 2016 17:55:24 -0700 Subject: [PATCH 23/60] updated env file to include staging environment --- config/application.yml.asc | 33 +++++++++++++++++---------------- 1 file changed, 17 insertions(+), 16 deletions(-) diff --git a/config/application.yml.asc b/config/application.yml.asc index d29ab94..aa54929 100644 --- a/config/application.yml.asc +++ b/config/application.yml.asc @@ -1,20 +1,21 @@ -----BEGIN PGP MESSAGE----- Version: GnuPG v2 -hQEMA7YaI9ARhVG0AQf+LZ5bAdY4J8w5Vpk2j4B6D/aLice4yGxBSygz2y+U5O/L -xeLkoXo4W49eg7SrnnzxnK6IYE2WdAtD82XO1cks+lh2JZ3u1MdPGa8RbmX5yObi -zrkVvOsvT11VEJKOti0ORRqewraJW9ZdLaeiHNg1kQCKV/NK+8QYNqvkZJo1dK/Y -ekPGobtiFTBBrpaeiS7BWCjLKUdC4EOn7qbB3+bRL/AAQgLlHkfblWM8yLSrn9Vv -G+N6p41kgjKzQnAQcQSLy/cOKC/yqEPDbkvZDBoBYOPWXfClXSzwAOdeczqEpKwB -AjxhbnzuCHXZESNcR4q0aU9upwSmUsL0k6sP7ve4mowuBAMDAvkthw50AyNT4wrG -uPHyjW4HxxS4nkVtHNN/xELmFZEFWuBbnJinMIvQ4tLAsgGGV8xzGGR0Yvw3hZAX -Ff1tughyDCrrIoCRJIs/oap4cd5kAh0qarw0PBVKUaMI/H7rZgKI94lwNm41xckk -rTBtxJS5QDws7DVoR00H1iqoR6hYyzhA2NR+Sd/piQ4buE+3llrY1Lb3pL/C31yr -cfpwwRiiGYy36+o84nfAdhcXH9p/xNmCfNrgoP3udThFTf4LZW5AiQpRn12HYyuN -GSOX4ECEEjnRFe9PH+E1DlF+2qDPtjY7NaATxJmkcj0zI2djGpq5ukikKva+5wOk -2lZ9nPHFHpc+5qNMjYeUlzA8sc5/zbV2ew1dhQdo/eCyzdZbIKMf05uxqLb6487C -TaBHr+gwuB7YnpImniNYPzwKJ6Gy0t+dZldSFDFV/Cd9WH2VNXHxHfm62JZjjYma -P6dTw+ukga9RQ7hOK1cqu67pNteSdF3zp+rdkzkonbgqT9FVhD7NVqUY237Unk2S -oUcW8Qa/wXKihj88VYXVZ5+buRg= -=vycT +hQEMA7YaI9ARhVG0AQf8Csdox/23eVa025xEquZcPKIR+O52Pd8DLsDtSHstq2se +SGk7CPqg/zFQSLLP+95XMoy1iaID1MPgYifM/7AS9VIWUwprPXWX71XGyRLFXwk8 +CLwxxLVfmGUfBJwC5agJ0myyWgo3X87DnuX8EGgo3lj9mMNY4wfztUVRJYhYbCPe +tJ2Mma/b+QOmBebHFUQvSTOOUMEUppOPAdW84Dhu/lXzJH6YAW3137/TVc7SQsZL +XeL/qXH+DnZ0HwZZ7GmiNMXRYOL4BVbAxxj7Z9BkgjF0Igi1pzXjDAorrgImZ/V/ +tLYqTeEnnN9Uq/dzouDjEIdyYR8Qli2pGrdJwkVbyYwuBAMDArzUmJX+AvTY4Kj8 +vyGXuA1kATgdRZAyx2xoXLR4gNvRTdABR7yASfWpIdLA6wGx7ZsS8kqEaxBLNvxZ +OyaC05ZPwLQZpg6kviYmktHlUiJy2RK4xZYNRHZ2omndMGRuFvmeSFjte4+ZQKzY +5pPDEbtJbesg5XUkbZoueEzWa3mt3IlT4+f000xdU6P6m6LEgAOvtY+H74Gs9BL4 +HQEK7w2U7Wxi588URgPvkyRCRxau3Q86ijoHUiYJWm8PtlRAT17UZO4UHlX5Io4K +l7M2zrS+KpyPqNMIFwIssskV0zH2TIQpQ9bsgPxc1Qddp0wbIsegNeMqspuxgCXS +2SdROp2QPYXOrYFSGvIXkcFaEghafYMHnbVPjQijCOC5UQA9tkW1RunRMEQLEHiO +TAr9VH3MPYFdQ6NKiIY25TRoe3LQCJDDMh7/+jBhaGCcZll05lS+j4iL3TJK5+NO +0GtcbJ7yK9PEs3QeuHfO8GZFzuFvUcQOPQQ8ewWVgWjOf4/cVr2UQ8I/4gdox1/Z +DfeCAO7zOPKml1S7haPs8VvLeWnkwweJygeG+3ILfNDHOYOt2DL6L7uL20Ri3GSs +gaxo025SsOLLbJS6hCEsmWdbL8cjF9gerpSUqss= +=46Ko -----END PGP MESSAGE----- From d9eba9a6ff20cbb323e60f080712b1c6ea6575cd Mon Sep 17 00:00:00 2001 From: DrakeW Date: Thu, 20 Oct 2016 19:35:28 -0700 Subject: [PATCH 24/60] removed whitelist checking --- app/models/user.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/models/user.rb b/app/models/user.rb index 38f6375..3fdf9c9 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -31,7 +31,7 @@ class User < ActiveRecord::Base def self.from_omniauth(auth) email = auth.info.email.nil? ? auth.extra.raw_info.email : auth.info.email - if !email.nil? and Whitelist.has_email? email + if !email.nil? User.where(provider: auth.provider, uid: auth.uid).first_or_create do |user| user.provider = auth.provider user.uid = auth.uid From 8e3e1bdea49c4c816096295ee5e360a4eba44dcf Mon Sep 17 00:00:00 2001 From: DrakeW Date: Thu, 20 Oct 2016 19:47:30 -0700 Subject: [PATCH 25/60] added user uid validation --- app/models/user.rb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/app/models/user.rb b/app/models/user.rb index 3fdf9c9..a457da6 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -26,6 +26,8 @@ class User < ActiveRecord::Base devise :database_authenticatable, :registerable, :recoverable, :rememberable, :trackable, :validatable, :omniauthable, :omniauth_providers => [:github] + validates :uid, presence: true, uniqueness: true + ADMIN = "admin" COACH = "coach" From 327480a8ddece7f8c97a38ea637dacc9180776f3 Mon Sep 17 00:00:00 2001 From: DrakeW Date: Thu, 20 Oct 2016 20:07:22 -0700 Subject: [PATCH 26/60] removed uid validation because of conflict with admin --- app/models/user.rb | 2 -- 1 file changed, 2 deletions(-) diff --git a/app/models/user.rb b/app/models/user.rb index a457da6..3fdf9c9 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -26,8 +26,6 @@ class User < ActiveRecord::Base devise :database_authenticatable, :registerable, :recoverable, :rememberable, :trackable, :validatable, :omniauthable, :omniauth_providers => [:github] - validates :uid, presence: true, uniqueness: true - ADMIN = "admin" COACH = "coach" From f9959abc7c6bae6ecff3b293422974dc1a6e6b2b Mon Sep 17 00:00:00 2001 From: DrakeW Date: Thu, 20 Oct 2016 21:22:43 -0700 Subject: [PATCH 27/60] front-end added --- app/views/devise/sessions/new.html.erb | 61 ++++++++++++------- app/views/devise/shared/_links.html.erb | 12 ++-- app/views/layouts/application.html.erb | 27 +++++--- features/step_definitions/user_login_steps.rb | 2 +- 4 files changed, 66 insertions(+), 36 deletions(-) diff --git a/app/views/devise/sessions/new.html.erb b/app/views/devise/sessions/new.html.erb index 26b7867..84ff4c6 100644 --- a/app/views/devise/sessions/new.html.erb +++ b/app/views/devise/sessions/new.html.erb @@ -1,26 +1,43 @@ -

Log in

+
+
+
+
+
+

Welcome to ProjectScope

+
+
+ <%= form_for(resource, as: resource_name, url: session_path(resource_name)) do |f| %> +
+
+ <%= f.label :email %>
+ <%= f.email_field :email, {autofocus: true, class: "form-control"} %> +
+
+ +
+
+ <%= f.label :password %>
+ <%= f.password_field :password, {autocomplete: "off", class: "form-control"} %> +
+
-<%= form_for(resource, as: resource_name, url: session_path(resource_name)) do |f| %> -
- <%= f.label :email %>
- <%= f.email_field :email, autofocus: true %> -
- -
- <%= f.label :password %>
- <%= f.password_field :password, autocomplete: "off" %> -
- - <% if devise_mapping.rememberable? -%> -
- <%= f.check_box :remember_me %> - <%= f.label :remember_me %> +
+ <% if devise_mapping.rememberable? -%> +
+ <%= f.check_box :remember_me %> + <%= f.label :remember_me %> +
+ <% end -%> +
+ +
+ <%= f.submit "Admin Sign in", class: "btn btn-default" %> +
+ <% end %> + <%= render "devise/shared/links" %> +
- <% end -%> - -
- <%= f.submit "Admin Log in" %>
-<% end %> +
+
-<%= render "devise/shared/links" %> diff --git a/app/views/devise/shared/_links.html.erb b/app/views/devise/shared/_links.html.erb index e6a3e41..c2b7418 100644 --- a/app/views/devise/shared/_links.html.erb +++ b/app/views/devise/shared/_links.html.erb @@ -1,3 +1,9 @@ +<%- if devise_mapping.omniauthable? %> + <%- resource_class.omniauth_providers.each do |provider| %> + <%= link_to "Sign in with #{OmniAuth::Utils.camelize(provider)}", omniauth_authorize_path(resource_name, provider), class: "btn btn-default" %>
+ <% end -%> +<% end -%> + <%- if controller_name != 'sessions' %> <%= link_to "Log in", new_session_path(resource_name) %>
<% end -%> @@ -17,9 +23,3 @@ <%- if devise_mapping.lockable? && resource_class.unlock_strategy_enabled?(:email) && controller_name != 'unlocks' %> <%= link_to "Didn't receive unlock instructions?", new_unlock_path(resource_name) %>
<% end -%> - -<%- if devise_mapping.omniauthable? %> - <%- resource_class.omniauth_providers.each do |provider| %> - <%= link_to "Sign in with #{OmniAuth::Utils.camelize(provider)}", omniauth_authorize_path(resource_name, provider) %>
- <% end -%> -<% end -%> diff --git a/app/views/layouts/application.html.erb b/app/views/layouts/application.html.erb index 865747a..0c28ac7 100644 --- a/app/views/layouts/application.html.erb +++ b/app/views/layouts/application.html.erb @@ -8,13 +8,26 @@
-

<%= notice %>

-

<%= alert %>

- - <% if user_signed_in? %> - <%= link_to('Logout', destroy_user_session_path, :method => :delete, :class => "btn btn-md btn-primary") %> - <% end %> - <%= yield %> +
+
+
+
+ <% unless notice.nil? %> +
<%= notice %>
+ <% end%> + <% unless alert.nil? %> +
<%= alert %>
+ <% end %> +
+
+
+
+ <% if user_signed_in? %> + <%= link_to('Logout', destroy_user_session_path, :method => :delete, :class => "btn btn-md btn-primary") %> + <% end %> + <%= yield %> +
+
diff --git a/features/step_definitions/user_login_steps.rb b/features/step_definitions/user_login_steps.rb index c0308bb..0f91c24 100644 --- a/features/step_definitions/user_login_steps.rb +++ b/features/step_definitions/user_login_steps.rb @@ -9,7 +9,7 @@ When /^I sign in as admin with email "(.*)" and password "(.*)"/ do |email, password| fill_in "Email", :with => email fill_in "Password", :with => password - click_button "Admin Log in" + click_button "Admin Sign in" end When /^I sign in as coach with github email "(.*)"/ do |email| From 76378afe8ded9304a2f61ee8414d95aa6acdc0af Mon Sep 17 00:00:00 2001 From: DrakeW Date: Fri, 21 Oct 2016 02:48:40 -0700 Subject: [PATCH 28/60] added user authentication --- app/controllers/projects_controller.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb index 992df8c..386661e 100644 --- a/app/controllers/projects_controller.rb +++ b/app/controllers/projects_controller.rb @@ -1,5 +1,6 @@ class ProjectsController < ApplicationController before_action :set_project, only: [:show, :edit, :update, :destroy] + before_action :authenticate_user! # http_basic_authenticate_with name: "cs169", password: ENV['PROJECTSCOPE_PASSWORD'] From c47f8dd4016467f44e03ca3c520920d5065c1afe Mon Sep 17 00:00:00 2001 From: DrakeW Date: Fri, 21 Oct 2016 03:41:09 -0700 Subject: [PATCH 29/60] updated schema & staging env encryption key --- config/application.yml.asc | 35 ++++++++++++++++++----------------- db/schema.rb | 6 ------ 2 files changed, 18 insertions(+), 23 deletions(-) diff --git a/config/application.yml.asc b/config/application.yml.asc index aa54929..01cbaa6 100644 --- a/config/application.yml.asc +++ b/config/application.yml.asc @@ -1,21 +1,22 @@ -----BEGIN PGP MESSAGE----- Version: GnuPG v2 -hQEMA7YaI9ARhVG0AQf8Csdox/23eVa025xEquZcPKIR+O52Pd8DLsDtSHstq2se -SGk7CPqg/zFQSLLP+95XMoy1iaID1MPgYifM/7AS9VIWUwprPXWX71XGyRLFXwk8 -CLwxxLVfmGUfBJwC5agJ0myyWgo3X87DnuX8EGgo3lj9mMNY4wfztUVRJYhYbCPe -tJ2Mma/b+QOmBebHFUQvSTOOUMEUppOPAdW84Dhu/lXzJH6YAW3137/TVc7SQsZL -XeL/qXH+DnZ0HwZZ7GmiNMXRYOL4BVbAxxj7Z9BkgjF0Igi1pzXjDAorrgImZ/V/ -tLYqTeEnnN9Uq/dzouDjEIdyYR8Qli2pGrdJwkVbyYwuBAMDArzUmJX+AvTY4Kj8 -vyGXuA1kATgdRZAyx2xoXLR4gNvRTdABR7yASfWpIdLA6wGx7ZsS8kqEaxBLNvxZ -OyaC05ZPwLQZpg6kviYmktHlUiJy2RK4xZYNRHZ2omndMGRuFvmeSFjte4+ZQKzY -5pPDEbtJbesg5XUkbZoueEzWa3mt3IlT4+f000xdU6P6m6LEgAOvtY+H74Gs9BL4 -HQEK7w2U7Wxi588URgPvkyRCRxau3Q86ijoHUiYJWm8PtlRAT17UZO4UHlX5Io4K -l7M2zrS+KpyPqNMIFwIssskV0zH2TIQpQ9bsgPxc1Qddp0wbIsegNeMqspuxgCXS -2SdROp2QPYXOrYFSGvIXkcFaEghafYMHnbVPjQijCOC5UQA9tkW1RunRMEQLEHiO -TAr9VH3MPYFdQ6NKiIY25TRoe3LQCJDDMh7/+jBhaGCcZll05lS+j4iL3TJK5+NO -0GtcbJ7yK9PEs3QeuHfO8GZFzuFvUcQOPQQ8ewWVgWjOf4/cVr2UQ8I/4gdox1/Z -DfeCAO7zOPKml1S7haPs8VvLeWnkwweJygeG+3ILfNDHOYOt2DL6L7uL20Ri3GSs -gaxo025SsOLLbJS6hCEsmWdbL8cjF9gerpSUqss= -=46Ko +hQEMA7YaI9ARhVG0AQgAjUxk4YhdiVOnwFvGC7AQNMAAdSXT3/johzknO2tjj1BT +nbK/jxs5cGq70ZRTUo+ovcHJIWi3YbiKTEwm1IhZboIY0P5dXS9vBirVUf4GOPzG +x++Q/yy2H/iAWkLzwgzvud4nKXC8wI7MTX7/IO4KNkzfjEhlCMcL0+M4TEJ2PIHv +6Gn8Bpie7dNAjPz/nwA1zw/wfUJ55iF+VydIkIBrjjRtYlZEhy2P5qugDWKvaBhP +ITocLvlbEglwosiVUiPyWZTAbhkAeuZ7fVwEXknR7XbQg8dTUJYo5ByL9S1/d+DD +1MCedwVo9Nlz7pk6BZpf3Rm+XJeM9o/yGfHupUmuWYwuBAMDAjEPt4YVZcF24800 +7mK6qmMqcrw5xWxGGZ1bQ4sxqsiesPYWwMDebSWO1dLBDwFtNpTRWZzJr2dvWu9s +mra6ZE3C9RvzgiJD4gS3KeLsiqG1fj2FoRoUk35B+UdgF1dzs+ItRr/Y/Ke4ypaG +dov0ENLxUKK8uXsc5KlbRKyQ1UQ804xQnit6Y3rVyFrKIids2xjv1I4BB/stCHy3 +gftWLZkhs0635BrxweneL3uIfsjQoKHH6vgWKVzdm+8C1TjSUgQSmwoFflZv7jdt +zMNIVTSlxVFikS0Mo+YCAL/mxB/7odgaN77Qa7dM3RvB3gS5BuSfraBCyjZEzQOl +zxDwJBa2VkToFtAXFS4wsRdVEIxHpen41kWDr6HRonVEbgKcOJvuqN3PUuG45kAS +d27L9B5mXP5K6L5kMFYZAsjJtAaTXU+1sss0YkTvKpfLRAGfxjsfmzf+tRdxiwX7 +gcSOldqEqVZ0XhPCzK0U4cW9Wh3QAWmFarIolx13gVXjmy+XBR6tbFfQ8V5AUhyc +mV9uwJdjHgXEmHUT+q1ZwxvihBDFn5/ai0uD3/HEXnHf4cvnO11uaf1nlRuSoHsG +7WriiS3v8HVOQPE/zG2JvUWGPYm+1tMeKNhCr8TwPbK6IlysTE5/DHolevNQpYVi +krLceyPpwgKtvNk2w9bhtZ8= +=BRNF -----END PGP MESSAGE----- diff --git a/db/schema.rb b/db/schema.rb index c317469..3f2d30b 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -46,12 +46,6 @@ add_index "projects", ["name"], name: "index_projects_on_name" - create_table "roles", force: :cascade do |t| - t.string "name" - t.datetime "created_at", null: false - t.datetime "updated_at", null: false - end - create_table "users", force: :cascade do |t| t.string "email", default: "", null: false t.string "encrypted_password", default: "", null: false From d81616066231ab5195a29b4f7f7cab070127ea21 Mon Sep 17 00:00:00 2001 From: Jiacheng Wu Date: Fri, 21 Oct 2016 09:39:04 +0000 Subject: [PATCH 30/60] Add whitelist feature --- app/controllers/whitelist_controller.rb | 95 +++++++++++++++++++ app/models/authorized_user.rb | 26 +++++ app/views/projects/index.html.haml | 4 + app/views/whitelist/index.html.haml | 19 ++++ config/routes.rb | 2 + .../20160720004301_create_basic_tables.rb | 6 ++ db/migrate/20161020040440_create_root_user.rb | 4 +- .../20161021104336_create_authorized_user.rb | 10 ++ db/schema.rb | 15 +-- db/seeds.rb | 1 + users | 0 11 files changed, 173 insertions(+), 9 deletions(-) create mode 100644 app/controllers/whitelist_controller.rb create mode 100644 app/models/authorized_user.rb create mode 100644 app/views/whitelist/index.html.haml create mode 100644 db/migrate/20161021104336_create_authorized_user.rb create mode 100644 users diff --git a/app/controllers/whitelist_controller.rb b/app/controllers/whitelist_controller.rb new file mode 100644 index 0000000..1161f32 --- /dev/null +++ b/app/controllers/whitelist_controller.rb @@ -0,0 +1,95 @@ +class WhitelistController < ApplicationController + before_action :set_whitelist, only: [:show, :add, :destroy] + + # http_basic_authenticate_with name: "cs169", password: ENV['PROJECTSCOPE_PASSWORD'] + + # GET /whitelist + def index + if current_user.is_admin? + @permitted_users = Authorized_user.all + + else + redirect_to root + end + end + + # GET /whitelist/1 + # GET /projects/1.json + def show + @readonly = true + render :template => 'whitelist/index' + end + +# # GET /projects/new +# def new +# @project = Project.new +# end + +# # GET /projects/1/edit +# def edit +# end + +# # POST /projects +# # POST /projects.json +# def create +# @project = Project.new(project_params) +# respond_to do |format| +# if @project.save +# format.html { redirect_to @project, notice: 'Project was successfully created.' } +# format.json { render :show, status: :created, location: @project } +# else +# format.html { render :new } +# format.json { render json: @project.errors, status: :unprocessable_entity } +# end +# end +# end + +# # PATCH/PUT /projects/1 +# # PATCH/PUT /projects/1.json +# def update +# @project.attributes = project_params +# respond_to do |format| +# if @project.save +# format.html { redirect_to projects_path, notice: 'Project was successfully updated.' } +# format.json { render :show, status: :ok, location: @project } +# else +# format.html { render :edit } +# format.json { render json: @project.errors, status: :unprocessable_entity } +# end +# end +# end + +# # DELETE /projects/1 +# # DELETE /projects/1.json +# def destroy +# @project.destroy +# respond_to do |format| +# format.html { redirect_to projects_url, notice: 'Project was successfully destroyed.' } +# format.json { head :no_content } +# end +# end + +# private + +# # Use callbacks to share common setup or constraints between actions. +# def set_project +# @project = Project.includes(:configs).find(params[:id]) +# end + +# # Never trust parameters from the scary internet, only allow the white list through. +# def project_params +# # Grab new option keys/vals from params, and incorporate them into +# # the configs existing keys/vals. +# # Example: given params['config']['code_climate'] +# # BEFORE: {"options"=>{"token"=>"xyz", "user"=>"fox"}, "new"=>["a", "2", "b", "3"]} +# # AFTER: {"options"=>{"token"=>"xyz", "user"=>"fox", "a" => "2", "b" => "3"} +# params['project']['configs_attributes'].each_pair do |index, v| +# v['options'] ||= {} +# # ingest new options from new[] array +# v['options'].merge!(Hash[*(v.delete('new'))]) +# # delete options with blank values +# v['options'].delete_if { |k,v| v.blank? } +# end +# params['project'] +# end +end diff --git a/app/models/authorized_user.rb b/app/models/authorized_user.rb new file mode 100644 index 0000000..957fe03 --- /dev/null +++ b/app/models/authorized_user.rb @@ -0,0 +1,26 @@ +# == Schema Information +# +# Table name: Authorized_users +# +# id :integer not null, primary key +# email :string default(""), not null +# role :string default("coach"), not null +# + +class Authorized_user < ActiveRecord::Base + + ADMIN = "admin" + COACH = "coach" + + def self.has_email? + if self.email.blank? + return false + else + return true + end + end + + def is_admin? + self.role == ADMIN + end +end diff --git a/app/views/projects/index.html.haml b/app/views/projects/index.html.haml index d3f8d02..47aeab8 100644 --- a/app/views/projects/index.html.haml +++ b/app/views/projects/index.html.haml @@ -21,3 +21,7 @@ %br/ = link_to 'New Project', new_project_path + +%br/ + += link_to 'Whitelist', whitelist_index_path diff --git a/app/views/whitelist/index.html.haml b/app/views/whitelist/index.html.haml new file mode 100644 index 0000000..1e86258 --- /dev/null +++ b/app/views/whitelist/index.html.haml @@ -0,0 +1,19 @@ +%h1 Whitelist + +%table + %thead + %tr + %th Authorized User Accounts + %th Role + + %tbody + - @permitted_users.each do |user| + %tr + %td= user.email + %td= user.role + +%br/ + += link_to 'Back to project page', projects_url + + diff --git a/config/routes.rb b/config/routes.rb index 5ce6370..481d400 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -2,4 +2,6 @@ devise_for :users, :controllers => { :omniauth_callbacks => "users/omniauth_callbacks" } resources :projects root 'projects#index' + # resources :whitelist + get '/whitelist/index', to: 'whitelist#index' end diff --git a/db/migrate/20160720004301_create_basic_tables.rb b/db/migrate/20160720004301_create_basic_tables.rb index 930413e..ce65415 100644 --- a/db/migrate/20160720004301_create_basic_tables.rb +++ b/db/migrate/20160720004301_create_basic_tables.rb @@ -22,5 +22,11 @@ def change end add_index :metric_samples, :project_id add_index :metric_samples, [:project_id, :metric_name] + + create_table :authorized_users, :force => true do |t| + t.string :email # default: "", null: false + t.string :role # default: "coach", null: false + end + add_index :authorized_users, :email end end diff --git a/db/migrate/20161020040440_create_root_user.rb b/db/migrate/20161020040440_create_root_user.rb index 5ad7c85..246d800 100644 --- a/db/migrate/20161020040440_create_root_user.rb +++ b/db/migrate/20161020040440_create_root_user.rb @@ -1,9 +1,9 @@ class CreateRootUser < ActiveRecord::Migration - def up + def self.up User.create!(email: Figaro.env.root_user_email, password: Figaro.env.root_user_password, role: "admin") end - def down + def self.down user = User.find_by_email(Figaro.env.root_user_email) user.destroy end diff --git a/db/migrate/20161021104336_create_authorized_user.rb b/db/migrate/20161021104336_create_authorized_user.rb new file mode 100644 index 0000000..67d4243 --- /dev/null +++ b/db/migrate/20161021104336_create_authorized_user.rb @@ -0,0 +1,10 @@ +class CreateAuthorizedUser < ActiveRecord::Migration + def up + Authorized_user.create!(email: Figaro.env.root_user_email, role: "admin") + end + + def down + user = Authorized_user.find_by_email(Figaro.env.root_user_email) + user.destroy + end +end diff --git a/db/schema.rb b/db/schema.rb index c317469..fdfb00d 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -11,7 +11,14 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema.define(version: 20161020040440) do +ActiveRecord::Schema.define(version: 20161021104336) do + + create_table "authorized_users", force: :cascade do |t| + t.string "email" + t.string "role" + end + + add_index "authorized_users", ["email"], name: "index_authorized_users_on_email" create_table "configs", force: :cascade do |t| t.integer "project_id" @@ -46,12 +53,6 @@ add_index "projects", ["name"], name: "index_projects_on_name" - create_table "roles", force: :cascade do |t| - t.string "name" - t.datetime "created_at", null: false - t.datetime "updated_at", null: false - end - create_table "users", force: :cascade do |t| t.string "email", default: "", null: false t.string "encrypted_password", default: "", null: false diff --git a/db/seeds.rb b/db/seeds.rb index 2b2e8d1..caeba45 100644 --- a/db/seeds.rb +++ b/db/seeds.rb @@ -12,4 +12,5 @@ ]) + diff --git a/users b/users new file mode 100644 index 0000000..e69de29 From 3a2ce5e666a720b9950183f282025cef96049be3 Mon Sep 17 00:00:00 2001 From: DrakeW Date: Fri, 21 Oct 2016 13:55:01 -0700 Subject: [PATCH 31/60] fixed old tests except for view metric sample with secrets & removed unrelated tests --- features/dashboard_drag.feature | 23 -------------- features/dashboard_sort.feature | 35 ---------------------- features/step_definitions/project_steps.rb | 6 +++- features/whitelist_management.feature | 21 ------------- 4 files changed, 5 insertions(+), 80 deletions(-) delete mode 100644 features/dashboard_drag.feature delete mode 100644 features/dashboard_sort.feature delete mode 100644 features/whitelist_management.feature diff --git a/features/dashboard_drag.feature b/features/dashboard_drag.feature deleted file mode 100644 index 7da6d03..0000000 --- a/features/dashboard_drag.feature +++ /dev/null @@ -1,23 +0,0 @@ -Feature: sort projects by metrics - As a coach or admin on the dashboard page - So that I can drag projects in table - -Background: projects in database - - Given the following projects exist: - | project name | code_climate | github | slack | pivotal tracker | - | project scope | 1 | 10 | 6 | 8 | - | city dog | 2 | 9 | 3 | 5 | - | esential | 3 | 7 | 1 | 9 | - | faludi design | 5 | 8 | 10 | 4 | - | oram | 4 | 6 | 9 | 10 | - - Scenario: drag upwards - Given I am on the dashboard page - And I drag oram before city dog - Then I should see oram before city dog - - Scenario: drag downwards - Given I am on the dashboard page - And I drag project scope after faludi design - Then I should see project scope after faludi design \ No newline at end of file diff --git a/features/dashboard_sort.feature b/features/dashboard_sort.feature deleted file mode 100644 index bce28f2..0000000 --- a/features/dashboard_sort.feature +++ /dev/null @@ -1,35 +0,0 @@ -Feature: sort projects by metrics - As a coach or admin on the dashboard page - So that I can sort the projects by different metrics - -Background: projects in database - - Given the following projects exist: - | project name | code_climate | github | slack | pivotal tracker | - | project scope | 1 | 10 | 6 | 8 | - | city dog | 2 | 9 | 3 | 5 | - | esential | 3 | 7 | 1 | 9 | - | faludi design | 5 | 8 | 10 | 4 | - | oram | 4 | 6 | 9 | 10 | - - Scenario: sort by code_climate - Given I am on the dashboard page - And I sort projects by code_climate - Then projects should be sorted by code_climate - - Scenario: sort by github - Given I am on the dashboard page - And I sort projects by github - Then projects should be sorted by github - - Scenario: sort by slack - Given I am on the dashboard page - And I sort projects by slack - Then projects should be sorted by slack - - Scenario: sort by pivotal tracker - Given I am on the dashboard page - And I sort projects by pivotal tracker - Then projects should be sorted by pivotal tracker - - diff --git a/features/step_definitions/project_steps.rb b/features/step_definitions/project_steps.rb index 791c40f..2f5de75 100644 --- a/features/step_definitions/project_steps.rb +++ b/features/step_definitions/project_steps.rb @@ -56,7 +56,11 @@ end And(/^I am logged in$/) do - page.driver.basic_authorize('cs169', ENV['PROJECTSCOPE_PASSWORD']) + steps %Q{ + Given admin with email "test-admin@test.com" and password "testadminofprojectscope" exists + Given I am on the login page + When I sign in as admin with email "test-admin@test.com" and password "testadminofprojectscope" + } end Then(/^the config value "([^"]*)" should not appear in the page$/) do |value| diff --git a/features/whitelist_management.feature b/features/whitelist_management.feature deleted file mode 100644 index ee192cd..0000000 --- a/features/whitelist_management.feature +++ /dev/null @@ -1,21 +0,0 @@ -Feature: manage whitelist - As an admin - So that I can add or drop people from whitelist - Given the following account exist in whitelist: - | Github Account | - | cyb | - | junyu Wang | - - Scenario: add people to whitelist - Given I am logged in as an admin - And I click whitelist managment - And whitelist has the following entries: - When I add "shuotong" to whitelist - Then I should see "shuotong" in whitelist - - Scenario: drop people from whitelist - Given I am logged in as an admin - And I click whitelist managment - And whitelist has the following entries: - When I drop "cyb" from whitelist - Then I should not see "cyb" in whitelist \ No newline at end of file From 10790f9d28a8749d8153e749f610e6c4f4506db9 Mon Sep 17 00:00:00 2001 From: DrakeW Date: Fri, 21 Oct 2016 14:36:01 -0700 Subject: [PATCH 32/60] removed redundant user session check --- app/controllers/projects_controller.rb | 3 --- 1 file changed, 3 deletions(-) diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb index 386661e..5ff54d7 100644 --- a/app/controllers/projects_controller.rb +++ b/app/controllers/projects_controller.rb @@ -7,9 +7,6 @@ class ProjectsController < ApplicationController # GET /projects # GET /projects.json def index - if current_user.nil? - redirect_to new_user_session_path - end @projects = Project.all @metric_names = ProjectMetrics.metric_names end From a1f8e7048003b15d93ef59ea23aebbf3de6ca03c Mon Sep 17 00:00:00 2001 From: Jiacheng Wu Date: Fri, 21 Oct 2016 21:59:37 +0000 Subject: [PATCH 33/60] add createe user in whitelist --- app/controllers/whitelist_controller.rb | 38 +++++++++++++++++-- app/models/authorized_user.rb | 4 +- app/views/whitelist/_add.html.haml | 19 ++++++++++ app/views/whitelist/index.html.haml | 4 ++ app/views/whitelist/new.html.erb | 6 +++ config/routes.rb | 3 ++ .../20161021113555_create_normal_user.rb | 10 +++++ db/schema.rb | 2 +- 8 files changed, 79 insertions(+), 7 deletions(-) create mode 100644 app/views/whitelist/_add.html.haml create mode 100644 app/views/whitelist/new.html.erb create mode 100644 db/migrate/20161021113555_create_normal_user.rb diff --git a/app/controllers/whitelist_controller.rb b/app/controllers/whitelist_controller.rb index 1161f32..aa8b2a3 100644 --- a/app/controllers/whitelist_controller.rb +++ b/app/controllers/whitelist_controller.rb @@ -1,7 +1,10 @@ class WhitelistController < ApplicationController - before_action :set_whitelist, only: [:show, :add, :destroy] +# before_action :set_whitelist, only: [:show, :add, :destroy] # http_basic_authenticate_with name: "cs169", password: ENV['PROJECTSCOPE_PASSWORD'] + VALID_EMAIL_REGEX = /\A[\w+\-.]+@[a-z\d\-]+(\.[a-z\d\-]+)*\.[a-z]+\z/i + ADMIN_ROLE = "admin" + COACH_ROLE = "coach" # GET /whitelist def index @@ -9,16 +12,43 @@ def index @permitted_users = Authorized_user.all else - redirect_to root + flash[:notice] = "You are not authorized to manipulate whitelist." + redirect_to projects_url end end - # GET /whitelist/1 - # GET /projects/1.json + # GET /whitelist/index def show @readonly = true render :template => 'whitelist/index' end + + # GET /whitelist/new + def new + @authorized_user = Authorized_user.new + end + + # POST /whitelist/add + def add + if current_user.is_admin? + email = params[:email] + role = params[:role] + unless (email =~ VALID_EMAIL_REGEX) + flash[:notice] = "Invalid Email." + redirect_to whitelist_add_path + end + unless (role.eql?(ADMIN_ROLE) or role.eql?(COACH_ROLE)) + flash[:notice] = "Invalid Role: Role should be 'admin' or 'coach'. " + redirect_to whitelist_add_path + end + Authorized_user.create!(email: email, role: role) + flash[:notice] = "Add user #{email} successfully. " + redirect_to whitelist_index_path + else + flash[:notice] = "You are not authorized to manipulate whitelist." + redirect_to projects_url + end + end # # GET /projects/new # def new diff --git a/app/models/authorized_user.rb b/app/models/authorized_user.rb index 957fe03..b98f90f 100644 --- a/app/models/authorized_user.rb +++ b/app/models/authorized_user.rb @@ -12,8 +12,8 @@ class Authorized_user < ActiveRecord::Base ADMIN = "admin" COACH = "coach" - def self.has_email? - if self.email.blank? + def self.has_email?(email) + if self.find_by_email(email).nil? return false else return true diff --git a/app/views/whitelist/_add.html.haml b/app/views/whitelist/_add.html.haml new file mode 100644 index 0000000..271c227 --- /dev/null +++ b/app/views/whitelist/_add.html.haml @@ -0,0 +1,19 @@ +// %form{ :action => "/whitelist/add", :method => "post"} +// %fieldset +// %ol +// %li +// %label{:for => "email"} Email: +// %input{:type => "text", :name => "email", :class => "text"} +// %li +// %label{:for => "role"} Role: +// %input{:type => "text", :name => "role", :class => "text"} +// %input{:type => "submit", :value => "Add", :class => "button"} + + += form_tag '/whitelist/add' do + = field_set_tag do + = label_tag :email, 'Email' + = text_field_tag :email + = label_tag :role, 'Role' + = text_field_tag :role + = submit_tag 'Add' \ No newline at end of file diff --git a/app/views/whitelist/index.html.haml b/app/views/whitelist/index.html.haml index 1e86258..e77a49d 100644 --- a/app/views/whitelist/index.html.haml +++ b/app/views/whitelist/index.html.haml @@ -16,4 +16,8 @@ = link_to 'Back to project page', projects_url +%br/ + += link_to 'Add user to whitelist', whitelist_new_path + diff --git a/app/views/whitelist/new.html.erb b/app/views/whitelist/new.html.erb new file mode 100644 index 0000000..02067d1 --- /dev/null +++ b/app/views/whitelist/new.html.erb @@ -0,0 +1,6 @@ +

Authorize Users to have access to ProjectScope

+ +<%= render 'add' %> + + +<%= link_to 'Back', whitelist_index_path %> diff --git a/config/routes.rb b/config/routes.rb index 481d400..52c65b0 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -3,5 +3,8 @@ resources :projects root 'projects#index' # resources :whitelist + get '/whitelist', to: 'whitelist#index' get '/whitelist/index', to: 'whitelist#index' + post '/whitelist/add', to: 'whitelist#add' + get '/whitelist/new', to: 'whitelist#new' end diff --git a/db/migrate/20161021113555_create_normal_user.rb b/db/migrate/20161021113555_create_normal_user.rb new file mode 100644 index 0000000..0bb50c4 --- /dev/null +++ b/db/migrate/20161021113555_create_normal_user.rb @@ -0,0 +1,10 @@ +class CreateNormalUser < ActiveRecord::Migration + def self.up + User.create!(email: "test@berkeley.edu", password: "asdf1234", role: "coach") + end + + def self.down + user = User.find_by_email("test@berkeley.edu") + user.destroy + end +end diff --git a/db/schema.rb b/db/schema.rb index fdfb00d..3cab5c6 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -11,7 +11,7 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema.define(version: 20161021104336) do +ActiveRecord::Schema.define(version: 20161021113555) do create_table "authorized_users", force: :cascade do |t| t.string "email" From de004bdae264594d12573df50fa3391252f66436 Mon Sep 17 00:00:00 2001 From: Jiacheng Wu Date: Fri, 21 Oct 2016 23:28:52 +0000 Subject: [PATCH 34/60] add feature: delete accounts from whitelist --- app/controllers/whitelist_controller.rb | 36 ++++++++++++++++++++----- app/views/whitelist/index.html.haml | 3 ++- config/routes.rb | 12 +++++---- 3 files changed, 38 insertions(+), 13 deletions(-) diff --git a/app/controllers/whitelist_controller.rb b/app/controllers/whitelist_controller.rb index aa8b2a3..ef05225 100644 --- a/app/controllers/whitelist_controller.rb +++ b/app/controllers/whitelist_controller.rb @@ -1,5 +1,5 @@ class WhitelistController < ApplicationController -# before_action :set_whitelist, only: [:show, :add, :destroy] + # before_action :set_whitelist, only: [:show, :add, :delete, ] # http_basic_authenticate_with name: "cs169", password: ENV['PROJECTSCOPE_PASSWORD'] VALID_EMAIL_REGEX = /\A[\w+\-.]+@[a-z\d\-]+(\.[a-z\d\-]+)*\.[a-z]+\z/i @@ -25,7 +25,12 @@ def show # GET /whitelist/new def new + if current_user.is_admin? @authorized_user = Authorized_user.new + else + flash[:notice] = "You are not authorized to manipulate whitelist." + redirect_to projects_url + end end # POST /whitelist/add @@ -35,11 +40,13 @@ def add role = params[:role] unless (email =~ VALID_EMAIL_REGEX) flash[:notice] = "Invalid Email." - redirect_to whitelist_add_path + redirect_to whitelist_new_path + return end unless (role.eql?(ADMIN_ROLE) or role.eql?(COACH_ROLE)) flash[:notice] = "Invalid Role: Role should be 'admin' or 'coach'. " - redirect_to whitelist_add_path + redirect_to whitelist_new_path + return end Authorized_user.create!(email: email, role: role) flash[:notice] = "Add user #{email} successfully. " @@ -49,11 +56,26 @@ def add redirect_to projects_url end end + + # DELETE /whitelist/delete + def destroy + user = params[:id] + if current_user.is_admin? + Authorized_user.find(user).destroy! + respond_to do |format| + format.html { redirect_to whitelist_index_path, notice: 'User account was successfully deleted.' } + end + else + flash[:notice] = "You are not authorized to manipulate whitelist." + redirect_to projects_url + end + + + end + + def set_whitelist + end -# # GET /projects/new -# def new -# @project = Project.new -# end # # GET /projects/1/edit # def edit diff --git a/app/views/whitelist/index.html.haml b/app/views/whitelist/index.html.haml index e77a49d..f897aa4 100644 --- a/app/views/whitelist/index.html.haml +++ b/app/views/whitelist/index.html.haml @@ -11,6 +11,7 @@ %tr %td= user.email %td= user.role + %td= link_to "Delete", whitelist_path(user), :method => :delete, data: { confirm: "Do you want to delete user #{user.email} from the whitelist?" }, :user => user %br/ @@ -18,6 +19,6 @@ %br/ -= link_to 'Add user to whitelist', whitelist_new_path += link_to 'Add user to whitelist', new_whitelist_path diff --git a/config/routes.rb b/config/routes.rb index 52c65b0..2d64b82 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -2,9 +2,11 @@ devise_for :users, :controllers => { :omniauth_callbacks => "users/omniauth_callbacks" } resources :projects root 'projects#index' - # resources :whitelist - get '/whitelist', to: 'whitelist#index' - get '/whitelist/index', to: 'whitelist#index' - post '/whitelist/add', to: 'whitelist#add' - get '/whitelist/new', to: 'whitelist#new' + resources :whitelist + # get '/whitelist', to: 'whitelist#index' + # get '/whitelist/index', to: 'whitelist#index' + # post '/whitelist/add', to: 'whitelist#add' + # get '/whitelist/new', to: 'whitelist#new' + # delete '/whitelist/delete/', to: 'whitelist#delete' + end From 65ce3df97157d0eb44c5131e0fea9b59273d4b9f Mon Sep 17 00:00:00 2001 From: Jiacheng Wu Date: Fri, 21 Oct 2016 23:28:52 +0000 Subject: [PATCH 35/60] add feature: delete accounts from whitelist --- app/controllers/whitelist_controller.rb | 100 ++++++------------------ app/views/whitelist/_add.html.haml | 12 --- app/views/whitelist/index.html.haml | 5 +- config/routes.rb | 7 +- 4 files changed, 30 insertions(+), 94 deletions(-) diff --git a/app/controllers/whitelist_controller.rb b/app/controllers/whitelist_controller.rb index aa8b2a3..478c778 100644 --- a/app/controllers/whitelist_controller.rb +++ b/app/controllers/whitelist_controller.rb @@ -1,5 +1,4 @@ class WhitelistController < ApplicationController -# before_action :set_whitelist, only: [:show, :add, :destroy] # http_basic_authenticate_with name: "cs169", password: ENV['PROJECTSCOPE_PASSWORD'] VALID_EMAIL_REGEX = /\A[\w+\-.]+@[a-z\d\-]+(\.[a-z\d\-]+)*\.[a-z]+\z/i @@ -25,7 +24,12 @@ def show # GET /whitelist/new def new + if current_user.is_admin? @authorized_user = Authorized_user.new + else + flash[:notice] = "You are not authorized to manipulate whitelist." + redirect_to projects_url + end end # POST /whitelist/add @@ -35,11 +39,13 @@ def add role = params[:role] unless (email =~ VALID_EMAIL_REGEX) flash[:notice] = "Invalid Email." - redirect_to whitelist_add_path + redirect_to whitelist_new_path + return end unless (role.eql?(ADMIN_ROLE) or role.eql?(COACH_ROLE)) flash[:notice] = "Invalid Role: Role should be 'admin' or 'coach'. " - redirect_to whitelist_add_path + redirect_to whitelist_new_path + return end Authorized_user.create!(email: email, role: role) flash[:notice] = "Add user #{email} successfully. " @@ -49,77 +55,21 @@ def add redirect_to projects_url end end + + # DELETE /whitelist/ + def destroy + user = params[:id] + if current_user.is_admin? + Authorized_user.find(user).destroy! + respond_to do |format| + format.html { redirect_to whitelist_index_path, notice: 'User account was successfully deleted.' } + end + else + flash[:notice] = "You are not authorized to manipulate whitelist." + redirect_to projects_url + end + + + end -# # GET /projects/new -# def new -# @project = Project.new -# end - -# # GET /projects/1/edit -# def edit -# end - -# # POST /projects -# # POST /projects.json -# def create -# @project = Project.new(project_params) -# respond_to do |format| -# if @project.save -# format.html { redirect_to @project, notice: 'Project was successfully created.' } -# format.json { render :show, status: :created, location: @project } -# else -# format.html { render :new } -# format.json { render json: @project.errors, status: :unprocessable_entity } -# end -# end -# end - -# # PATCH/PUT /projects/1 -# # PATCH/PUT /projects/1.json -# def update -# @project.attributes = project_params -# respond_to do |format| -# if @project.save -# format.html { redirect_to projects_path, notice: 'Project was successfully updated.' } -# format.json { render :show, status: :ok, location: @project } -# else -# format.html { render :edit } -# format.json { render json: @project.errors, status: :unprocessable_entity } -# end -# end -# end - -# # DELETE /projects/1 -# # DELETE /projects/1.json -# def destroy -# @project.destroy -# respond_to do |format| -# format.html { redirect_to projects_url, notice: 'Project was successfully destroyed.' } -# format.json { head :no_content } -# end -# end - -# private - -# # Use callbacks to share common setup or constraints between actions. -# def set_project -# @project = Project.includes(:configs).find(params[:id]) -# end - -# # Never trust parameters from the scary internet, only allow the white list through. -# def project_params -# # Grab new option keys/vals from params, and incorporate them into -# # the configs existing keys/vals. -# # Example: given params['config']['code_climate'] -# # BEFORE: {"options"=>{"token"=>"xyz", "user"=>"fox"}, "new"=>["a", "2", "b", "3"]} -# # AFTER: {"options"=>{"token"=>"xyz", "user"=>"fox", "a" => "2", "b" => "3"} -# params['project']['configs_attributes'].each_pair do |index, v| -# v['options'] ||= {} -# # ingest new options from new[] array -# v['options'].merge!(Hash[*(v.delete('new'))]) -# # delete options with blank values -# v['options'].delete_if { |k,v| v.blank? } -# end -# params['project'] -# end end diff --git a/app/views/whitelist/_add.html.haml b/app/views/whitelist/_add.html.haml index 271c227..f8d3920 100644 --- a/app/views/whitelist/_add.html.haml +++ b/app/views/whitelist/_add.html.haml @@ -1,15 +1,3 @@ -// %form{ :action => "/whitelist/add", :method => "post"} -// %fieldset -// %ol -// %li -// %label{:for => "email"} Email: -// %input{:type => "text", :name => "email", :class => "text"} -// %li -// %label{:for => "role"} Role: -// %input{:type => "text", :name => "role", :class => "text"} -// %input{:type => "submit", :value => "Add", :class => "button"} - - = form_tag '/whitelist/add' do = field_set_tag do = label_tag :email, 'Email' diff --git a/app/views/whitelist/index.html.haml b/app/views/whitelist/index.html.haml index e77a49d..b860162 100644 --- a/app/views/whitelist/index.html.haml +++ b/app/views/whitelist/index.html.haml @@ -11,13 +11,14 @@ %tr %td= user.email %td= user.role + %td= link_to "Delete", whitelist_path(user), :method => :delete, data: { confirm: "Do you want to delete user #{user.email} from the whitelist?" }, :user => user %br/ = link_to 'Back to project page', projects_url -%br/ +%br/s -= link_to 'Add user to whitelist', whitelist_new_path += link_to 'Add user to whitelist', new_whitelist_path diff --git a/config/routes.rb b/config/routes.rb index 52c65b0..a4d2e5c 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -2,9 +2,6 @@ devise_for :users, :controllers => { :omniauth_callbacks => "users/omniauth_callbacks" } resources :projects root 'projects#index' - # resources :whitelist - get '/whitelist', to: 'whitelist#index' - get '/whitelist/index', to: 'whitelist#index' - post '/whitelist/add', to: 'whitelist#add' - get '/whitelist/new', to: 'whitelist#new' + resources :whitelist + end From 263c8ac078470e7052cb9357bc555a40d56852d8 Mon Sep 17 00:00:00 2001 From: Jiacheng Wu Date: Sat, 22 Oct 2016 00:22:00 +0000 Subject: [PATCH 36/60] Fix bugs for whitelist --- app/controllers/whitelist_controller.rb | 10 ++++++---- app/models/authorized_user.rb | 2 +- app/models/user.rb | 2 +- app/views/whitelist/_add.html.haml | 2 +- app/views/whitelist/index.html.haml | 5 +++-- db/migrate/20161021104336_create_authorized_user.rb | 1 + 6 files changed, 13 insertions(+), 9 deletions(-) diff --git a/app/controllers/whitelist_controller.rb b/app/controllers/whitelist_controller.rb index d57f07d..eaf4852 100644 --- a/app/controllers/whitelist_controller.rb +++ b/app/controllers/whitelist_controller.rb @@ -32,8 +32,8 @@ def new end end - # POST /whitelist/add - def add + # POST /whitelist/ + def create if current_user.is_admin? email = params[:email] role = params[:role] @@ -48,6 +48,8 @@ def add return end Authorized_user.create!(email: email, role: role) + privilegeUser = User.find_by_email(email); + privilegeUser.update(role: role) flash[:notice] = "Add user #{email} successfully. " redirect_to whitelist_index_path else @@ -58,9 +60,9 @@ def add # DELETE /whitelist/ def destroy - user = params[:id] + user = Authorized_user.find(params[:id]) if current_user.is_admin? - Authorized_user.find(user).destroy! + user.destroy! respond_to do |format| format.html { redirect_to whitelist_index_path, notice: 'User account was successfully deleted.' } end diff --git a/app/models/authorized_user.rb b/app/models/authorized_user.rb index b98f90f..0ecedd2 100644 --- a/app/models/authorized_user.rb +++ b/app/models/authorized_user.rb @@ -13,7 +13,7 @@ class Authorized_user < ActiveRecord::Base COACH = "coach" def self.has_email?(email) - if self.find_by_email(email).nil? + if self.find_by(email: email).nil? return false else return true diff --git a/app/models/user.rb b/app/models/user.rb index 3fdf9c9..5e55cbb 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -31,7 +31,7 @@ class User < ActiveRecord::Base def self.from_omniauth(auth) email = auth.info.email.nil? ? auth.extra.raw_info.email : auth.info.email - if !email.nil? + if !email.nil? and Authorized_user.has_email? email User.where(provider: auth.provider, uid: auth.uid).first_or_create do |user| user.provider = auth.provider user.uid = auth.uid diff --git a/app/views/whitelist/_add.html.haml b/app/views/whitelist/_add.html.haml index f8d3920..957b569 100644 --- a/app/views/whitelist/_add.html.haml +++ b/app/views/whitelist/_add.html.haml @@ -1,4 +1,4 @@ -= form_tag '/whitelist/add' do += form_tag '/whitelist' do = field_set_tag do = label_tag :email, 'Email' = text_field_tag :email diff --git a/app/views/whitelist/index.html.haml b/app/views/whitelist/index.html.haml index b860162..45d0d47 100644 --- a/app/views/whitelist/index.html.haml +++ b/app/views/whitelist/index.html.haml @@ -3,8 +3,9 @@ %table %thead %tr - %th Authorized User Accounts + %th Authorized Users %th Role + %th Action %tbody - @permitted_users.each do |user| @@ -17,7 +18,7 @@ = link_to 'Back to project page', projects_url -%br/s +%br/ = link_to 'Add user to whitelist', new_whitelist_path diff --git a/db/migrate/20161021104336_create_authorized_user.rb b/db/migrate/20161021104336_create_authorized_user.rb index 67d4243..087d3c4 100644 --- a/db/migrate/20161021104336_create_authorized_user.rb +++ b/db/migrate/20161021104336_create_authorized_user.rb @@ -1,6 +1,7 @@ class CreateAuthorizedUser < ActiveRecord::Migration def up Authorized_user.create!(email: Figaro.env.root_user_email, role: "admin") + Authorized_user.create!(email: "test@berkeley.edu", role: "coach") end def down From 0153f321c95a09803fef19e1898d4612d7744656 Mon Sep 17 00:00:00 2001 From: Jiacheng Wu Date: Sat, 22 Oct 2016 02:30:43 +0000 Subject: [PATCH 37/60] Fix bugs --- app/controllers/whitelist_controller.rb | 2 +- app/models/user.rb | 1 + features/step_definitions/user_login_steps.rb | 2 +- features/user_login.feature | 2 +- 4 files changed, 4 insertions(+), 3 deletions(-) diff --git a/app/controllers/whitelist_controller.rb b/app/controllers/whitelist_controller.rb index eaf4852..b57b251 100644 --- a/app/controllers/whitelist_controller.rb +++ b/app/controllers/whitelist_controller.rb @@ -49,7 +49,7 @@ def create end Authorized_user.create!(email: email, role: role) privilegeUser = User.find_by_email(email); - privilegeUser.update(role: role) + privilegeUser.update(role: role) if !privilegeUser.nil? flash[:notice] = "Add user #{email} successfully. " redirect_to whitelist_index_path else diff --git a/app/models/user.rb b/app/models/user.rb index 5e55cbb..9ae4402 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -32,6 +32,7 @@ class User < ActiveRecord::Base def self.from_omniauth(auth) email = auth.info.email.nil? ? auth.extra.raw_info.email : auth.info.email if !email.nil? and Authorized_user.has_email? email + puts email User.where(provider: auth.provider, uid: auth.uid).first_or_create do |user| user.provider = auth.provider user.uid = auth.uid diff --git a/features/step_definitions/user_login_steps.rb b/features/step_definitions/user_login_steps.rb index 0f91c24..2f7a40e 100644 --- a/features/step_definitions/user_login_steps.rb +++ b/features/step_definitions/user_login_steps.rb @@ -3,7 +3,7 @@ end Given /^coach with email "(.*)" is in the whitelist/ do |email| - # Whitelist.create!(email: email) + Authorized_user.create!(email: email, role: "coach") end When /^I sign in as admin with email "(.*)" and password "(.*)"/ do |email, password| diff --git a/features/user_login.feature b/features/user_login.feature index 6383f19..3d596c3 100644 --- a/features/user_login.feature +++ b/features/user_login.feature @@ -24,4 +24,4 @@ Scenario: unauthrozied user login Given I am on the login page When I sign in as coach with github email "test-coach-not-exist@test.com" Then I should be on the login page - And I should see "You are not authroized." + And I should see "You are not authorized." From 45bb9f50e2a70c0829c6f62f713cec88d0d15391 Mon Sep 17 00:00:00 2001 From: Jiacheng Wu Date: Sat, 22 Oct 2016 05:41:15 +0000 Subject: [PATCH 38/60] Fix migration issues --- db/migrate/20160720004301_create_basic_tables.rb | 6 ------ db/migrate/20161022053537_create_authorized_users.rb | 10 ++++++++++ ...ser.rb => 20161022053828_create_authorized_user.rb} | 0 db/schema.rb | 2 +- 4 files changed, 11 insertions(+), 7 deletions(-) create mode 100644 db/migrate/20161022053537_create_authorized_users.rb rename db/migrate/{20161021104336_create_authorized_user.rb => 20161022053828_create_authorized_user.rb} (100%) diff --git a/db/migrate/20160720004301_create_basic_tables.rb b/db/migrate/20160720004301_create_basic_tables.rb index ce65415..930413e 100644 --- a/db/migrate/20160720004301_create_basic_tables.rb +++ b/db/migrate/20160720004301_create_basic_tables.rb @@ -22,11 +22,5 @@ def change end add_index :metric_samples, :project_id add_index :metric_samples, [:project_id, :metric_name] - - create_table :authorized_users, :force => true do |t| - t.string :email # default: "", null: false - t.string :role # default: "coach", null: false - end - add_index :authorized_users, :email end end diff --git a/db/migrate/20161022053537_create_authorized_users.rb b/db/migrate/20161022053537_create_authorized_users.rb new file mode 100644 index 0000000..b97c25f --- /dev/null +++ b/db/migrate/20161022053537_create_authorized_users.rb @@ -0,0 +1,10 @@ +class CreateAuthorizedUsers < ActiveRecord::Migration + def change + create_table :authorized_users, :force => true do |t| + t.string :email # default: "", null: false + t.string :role # default: "coach", null: false + end + add_index :authorized_users, :email + end +end + diff --git a/db/migrate/20161021104336_create_authorized_user.rb b/db/migrate/20161022053828_create_authorized_user.rb similarity index 100% rename from db/migrate/20161021104336_create_authorized_user.rb rename to db/migrate/20161022053828_create_authorized_user.rb diff --git a/db/schema.rb b/db/schema.rb index 3cab5c6..637b7f5 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -11,7 +11,7 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema.define(version: 20161021113555) do +ActiveRecord::Schema.define(version: 20161022053828) do create_table "authorized_users", force: :cascade do |t| t.string "email" From 3615568647fdc24e6da895f07c21d0afe7353cd4 Mon Sep 17 00:00:00 2001 From: Jiacheng Wu Date: Mon, 24 Oct 2016 17:28:42 +0000 Subject: [PATCH 39/60] Fix features as the pull request comments suggested --- app/controllers/whitelist_controller.rb | 40 +++++-------------- app/models/authorized_user.rb | 17 +++----- app/models/user.rb | 3 +- app/views/whitelist/_add.html.haml | 4 +- app/views/whitelist/index.html.haml | 2 - db/migrate/20161020040440_create_root_user.rb | 4 +- .../20161022053537_create_authorized_users.rb | 1 - .../20161022053828_create_authorized_user.rb | 5 +-- db/schema.rb | 1 - features/step_definitions/user_login_steps.rb | 2 +- 10 files changed, 23 insertions(+), 56 deletions(-) diff --git a/app/controllers/whitelist_controller.rb b/app/controllers/whitelist_controller.rb index b57b251..fbb743e 100644 --- a/app/controllers/whitelist_controller.rb +++ b/app/controllers/whitelist_controller.rb @@ -1,31 +1,22 @@ class WhitelistController < ApplicationController # http_basic_authenticate_with name: "cs169", password: ENV['PROJECTSCOPE_PASSWORD'] - VALID_EMAIL_REGEX = /\A[\w+\-.]+@[a-z\d\-]+(\.[a-z\d\-]+)*\.[a-z]+\z/i - ADMIN_ROLE = "admin" - COACH_ROLE = "coach" - + # GET /whitelist def index if current_user.is_admin? - @permitted_users = Authorized_user.all + @permitted_users = AuthorizedUser.all else flash[:notice] = "You are not authorized to manipulate whitelist." redirect_to projects_url end end - - # GET /whitelist/index - def show - @readonly = true - render :template => 'whitelist/index' - end # GET /whitelist/new def new if current_user.is_admin? - @authorized_user = Authorized_user.new + @authorized_user = AuthorizedUser.new else flash[:notice] = "You are not authorized to manipulate whitelist." redirect_to projects_url @@ -36,20 +27,12 @@ def new def create if current_user.is_admin? email = params[:email] - role = params[:role] - unless (email =~ VALID_EMAIL_REGEX) - flash[:notice] = "Invalid Email." - redirect_to whitelist_new_path - return - end - unless (role.eql?(ADMIN_ROLE) or role.eql?(COACH_ROLE)) - flash[:notice] = "Invalid Role: Role should be 'admin' or 'coach'. " - redirect_to whitelist_new_path - return + if AuthorizedUser.has_email?(email) + flash[:notice] = "User #{email} already exists in whitelist. " + redirect_to whitelist_index_path + return end - Authorized_user.create!(email: email, role: role) - privilegeUser = User.find_by_email(email); - privilegeUser.update(role: role) if !privilegeUser.nil? + AuthorizedUser.create!(email: email) flash[:notice] = "Add user #{email} successfully. " redirect_to whitelist_index_path else @@ -60,12 +43,11 @@ def create # DELETE /whitelist/ def destroy - user = Authorized_user.find(params[:id]) + user = AuthorizedUser.find(params[:id]) if current_user.is_admin? user.destroy! - respond_to do |format| - format.html { redirect_to whitelist_index_path, notice: 'User account was successfully deleted.' } - end + flash[:notice] = "User is deleted successfully. " + redirect_to whitelist_index_path else flash[:notice] = "You are not authorized to manipulate whitelist." redirect_to projects_url diff --git a/app/models/authorized_user.rb b/app/models/authorized_user.rb index 0ecedd2..06f13a4 100644 --- a/app/models/authorized_user.rb +++ b/app/models/authorized_user.rb @@ -1,26 +1,19 @@ # == Schema Information # -# Table name: Authorized_users +# Table name: authorized_users # # id :integer not null, primary key # email :string default(""), not null -# role :string default("coach"), not null # -class Authorized_user < ActiveRecord::Base - - ADMIN = "admin" - COACH = "coach" - +class AuthorizedUser < ActiveRecord::Base + validates_format_of :email,:with => Devise::email_regexp + def self.has_email?(email) - if self.find_by(email: email).nil? + if self.find_by_email(email).nil? return false else return true end end - - def is_admin? - self.role == ADMIN - end end diff --git a/app/models/user.rb b/app/models/user.rb index 9ae4402..7f3e5a3 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -31,8 +31,7 @@ class User < ActiveRecord::Base def self.from_omniauth(auth) email = auth.info.email.nil? ? auth.extra.raw_info.email : auth.info.email - if !email.nil? and Authorized_user.has_email? email - puts email + if !email.nil? and AuthorizedUser.has_email? email User.where(provider: auth.provider, uid: auth.uid).first_or_create do |user| user.provider = auth.provider user.uid = auth.uid diff --git a/app/views/whitelist/_add.html.haml b/app/views/whitelist/_add.html.haml index 957b569..aaa6ec7 100644 --- a/app/views/whitelist/_add.html.haml +++ b/app/views/whitelist/_add.html.haml @@ -1,7 +1,5 @@ -= form_tag '/whitelist' do += form_tag whitelist_index_path do = field_set_tag do = label_tag :email, 'Email' = text_field_tag :email - = label_tag :role, 'Role' - = text_field_tag :role = submit_tag 'Add' \ No newline at end of file diff --git a/app/views/whitelist/index.html.haml b/app/views/whitelist/index.html.haml index 45d0d47..cdfd28b 100644 --- a/app/views/whitelist/index.html.haml +++ b/app/views/whitelist/index.html.haml @@ -4,14 +4,12 @@ %thead %tr %th Authorized Users - %th Role %th Action %tbody - @permitted_users.each do |user| %tr %td= user.email - %td= user.role %td= link_to "Delete", whitelist_path(user), :method => :delete, data: { confirm: "Do you want to delete user #{user.email} from the whitelist?" }, :user => user %br/ diff --git a/db/migrate/20161020040440_create_root_user.rb b/db/migrate/20161020040440_create_root_user.rb index 246d800..5ad7c85 100644 --- a/db/migrate/20161020040440_create_root_user.rb +++ b/db/migrate/20161020040440_create_root_user.rb @@ -1,9 +1,9 @@ class CreateRootUser < ActiveRecord::Migration - def self.up + def up User.create!(email: Figaro.env.root_user_email, password: Figaro.env.root_user_password, role: "admin") end - def self.down + def down user = User.find_by_email(Figaro.env.root_user_email) user.destroy end diff --git a/db/migrate/20161022053537_create_authorized_users.rb b/db/migrate/20161022053537_create_authorized_users.rb index b97c25f..02fa6c4 100644 --- a/db/migrate/20161022053537_create_authorized_users.rb +++ b/db/migrate/20161022053537_create_authorized_users.rb @@ -2,7 +2,6 @@ class CreateAuthorizedUsers < ActiveRecord::Migration def change create_table :authorized_users, :force => true do |t| t.string :email # default: "", null: false - t.string :role # default: "coach", null: false end add_index :authorized_users, :email end diff --git a/db/migrate/20161022053828_create_authorized_user.rb b/db/migrate/20161022053828_create_authorized_user.rb index 087d3c4..170db60 100644 --- a/db/migrate/20161022053828_create_authorized_user.rb +++ b/db/migrate/20161022053828_create_authorized_user.rb @@ -1,11 +1,10 @@ class CreateAuthorizedUser < ActiveRecord::Migration def up - Authorized_user.create!(email: Figaro.env.root_user_email, role: "admin") - Authorized_user.create!(email: "test@berkeley.edu", role: "coach") + AuthorizedUser.create!(email: Figaro.env.root_user_email) end def down - user = Authorized_user.find_by_email(Figaro.env.root_user_email) + user = AuthorizedUser.find_by_email(Figaro.env.root_user_email) user.destroy end end diff --git a/db/schema.rb b/db/schema.rb index 637b7f5..ed2a471 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -15,7 +15,6 @@ create_table "authorized_users", force: :cascade do |t| t.string "email" - t.string "role" end add_index "authorized_users", ["email"], name: "index_authorized_users_on_email" diff --git a/features/step_definitions/user_login_steps.rb b/features/step_definitions/user_login_steps.rb index 2f7a40e..7133583 100644 --- a/features/step_definitions/user_login_steps.rb +++ b/features/step_definitions/user_login_steps.rb @@ -3,7 +3,7 @@ end Given /^coach with email "(.*)" is in the whitelist/ do |email| - Authorized_user.create!(email: email, role: "coach") + AuthorizedUser.create!(email: email) end When /^I sign in as admin with email "(.*)" and password "(.*)"/ do |email, password| From b81d931f8f98369f371824126c3cab01c3ff49ed Mon Sep 17 00:00:00 2001 From: Jiacheng Wu Date: Mon, 24 Oct 2016 19:35:07 +0000 Subject: [PATCH 40/60] Fix issues in previous pull request --- app/controllers/whitelist_controller.rb | 61 ++++++++----------- app/models/user.rb | 2 +- .../{authorized_user.rb => whitelist.rb} | 7 +-- .../20161022053537_create_authorized_users.rb | 9 --- .../20161022053537_create_whitelists.rb | 9 +++ .../20161022053828_create_authorized_user.rb | 4 +- db/schema.rb | 12 ++-- features/step_definitions/user_login_steps.rb | 2 +- 8 files changed, 46 insertions(+), 60 deletions(-) rename app/models/{authorized_user.rb => whitelist.rb} (73%) delete mode 100644 db/migrate/20161022053537_create_authorized_users.rb create mode 100644 db/migrate/20161022053537_create_whitelists.rb diff --git a/app/controllers/whitelist_controller.rb b/app/controllers/whitelist_controller.rb index fbb743e..08defcc 100644 --- a/app/controllers/whitelist_controller.rb +++ b/app/controllers/whitelist_controller.rb @@ -1,59 +1,46 @@ class WhitelistController < ApplicationController - - # http_basic_authenticate_with name: "cs169", password: ENV['PROJECTSCOPE_PASSWORD'] + include ActiveModel::Validations + before_action :check_if_admin # GET /whitelist def index - if current_user.is_admin? - @permitted_users = AuthorizedUser.all - - else - flash[:notice] = "You are not authorized to manipulate whitelist." - redirect_to projects_url - end + @permitted_users = Whitelist.all end # GET /whitelist/new def new - if current_user.is_admin? - @authorized_user = AuthorizedUser.new - else - flash[:notice] = "You are not authorized to manipulate whitelist." - redirect_to projects_url - end + @authorized_user = Whitelist.new end # POST /whitelist/ def create - if current_user.is_admin? - email = params[:email] - if AuthorizedUser.has_email?(email) - flash[:notice] = "User #{email} already exists in whitelist. " - redirect_to whitelist_index_path - return - end - AuthorizedUser.create!(email: email) - flash[:notice] = "Add user #{email} successfully. " - redirect_to whitelist_index_path + email = params[:email] + if Whitelist.has_email?(email) + flash[:notice] = "User #{email} already exists in whitelist. " else - flash[:notice] = "You are not authorized to manipulate whitelist." - redirect_to projects_url + begin + Whitelist.create!(email: email) + flash[:notice] = "Add user #{email} successfully." + rescue ActiveRecord::RecordInvalid + flash[:notice] = "Invalid Email format." + end end + redirect_to whitelist_index_path end # DELETE /whitelist/ def destroy - user = AuthorizedUser.find(params[:id]) - if current_user.is_admin? - user.destroy! - flash[:notice] = "User is deleted successfully. " - redirect_to whitelist_index_path - else - flash[:notice] = "You are not authorized to manipulate whitelist." + user = Whitelist.find(params[:id]) + user.destroy! + flash[:notice] = "User is deleted successfully. " + redirect_to whitelist_index_path + end + + def check_if_admin + unless current_user.is_admin? + flash[:notice] = "You are not authorized to manipulate whitelist." redirect_to projects_url end - - end - + end diff --git a/app/models/user.rb b/app/models/user.rb index 7f3e5a3..38f6375 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -31,7 +31,7 @@ class User < ActiveRecord::Base def self.from_omniauth(auth) email = auth.info.email.nil? ? auth.extra.raw_info.email : auth.info.email - if !email.nil? and AuthorizedUser.has_email? email + if !email.nil? and Whitelist.has_email? email User.where(provider: auth.provider, uid: auth.uid).first_or_create do |user| user.provider = auth.provider user.uid = auth.uid diff --git a/app/models/authorized_user.rb b/app/models/whitelist.rb similarity index 73% rename from app/models/authorized_user.rb rename to app/models/whitelist.rb index 06f13a4..e4a3694 100644 --- a/app/models/authorized_user.rb +++ b/app/models/whitelist.rb @@ -1,16 +1,15 @@ # == Schema Information # -# Table name: authorized_users +# Table name: whitelist # # id :integer not null, primary key # email :string default(""), not null # -class AuthorizedUser < ActiveRecord::Base +class Whitelist < ActiveRecord::Base validates_format_of :email,:with => Devise::email_regexp - def self.has_email?(email) - if self.find_by_email(email).nil? + if Whitelist.find_by_email(email).nil? return false else return true diff --git a/db/migrate/20161022053537_create_authorized_users.rb b/db/migrate/20161022053537_create_authorized_users.rb deleted file mode 100644 index 02fa6c4..0000000 --- a/db/migrate/20161022053537_create_authorized_users.rb +++ /dev/null @@ -1,9 +0,0 @@ -class CreateAuthorizedUsers < ActiveRecord::Migration - def change - create_table :authorized_users, :force => true do |t| - t.string :email # default: "", null: false - end - add_index :authorized_users, :email - end -end - diff --git a/db/migrate/20161022053537_create_whitelists.rb b/db/migrate/20161022053537_create_whitelists.rb new file mode 100644 index 0000000..6363ff8 --- /dev/null +++ b/db/migrate/20161022053537_create_whitelists.rb @@ -0,0 +1,9 @@ +class CreateWhitelists < ActiveRecord::Migration + def change + create_table :whitelists, :force => true do |t| + t.string :email # default: "", null: false + end + add_index :whitelists, :email + end +end + diff --git a/db/migrate/20161022053828_create_authorized_user.rb b/db/migrate/20161022053828_create_authorized_user.rb index 170db60..5482643 100644 --- a/db/migrate/20161022053828_create_authorized_user.rb +++ b/db/migrate/20161022053828_create_authorized_user.rb @@ -1,10 +1,10 @@ class CreateAuthorizedUser < ActiveRecord::Migration def up - AuthorizedUser.create!(email: Figaro.env.root_user_email) + Whitelist.create!(email: Figaro.env.root_user_email) end def down - user = AuthorizedUser.find_by_email(Figaro.env.root_user_email) + user = Whitelist.find_by_email(Figaro.env.root_user_email) user.destroy end end diff --git a/db/schema.rb b/db/schema.rb index ed2a471..6144107 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -13,12 +13,6 @@ ActiveRecord::Schema.define(version: 20161022053828) do - create_table "authorized_users", force: :cascade do |t| - t.string "email" - end - - add_index "authorized_users", ["email"], name: "index_authorized_users_on_email" - create_table "configs", force: :cascade do |t| t.integer "project_id" t.string "metric_name" @@ -73,4 +67,10 @@ add_index "users", ["email"], name: "index_users_on_email", unique: true add_index "users", ["reset_password_token"], name: "index_users_on_reset_password_token", unique: true + create_table "whitelists", force: :cascade do |t| + t.string "email" + end + + add_index "whitelists", ["email"], name: "index_whitelists_on_email" + end diff --git a/features/step_definitions/user_login_steps.rb b/features/step_definitions/user_login_steps.rb index 7133583..cb994c1 100644 --- a/features/step_definitions/user_login_steps.rb +++ b/features/step_definitions/user_login_steps.rb @@ -3,7 +3,7 @@ end Given /^coach with email "(.*)" is in the whitelist/ do |email| - AuthorizedUser.create!(email: email) + Whitelist.create!(email: email) end When /^I sign in as admin with email "(.*)" and password "(.*)"/ do |email, password| From ec692724f2af188557d533caa59daada2ad26420 Mon Sep 17 00:00:00 2001 From: Jiacheng Wu Date: Mon, 24 Oct 2016 19:41:07 +0000 Subject: [PATCH 41/60] Fix issues in migration file --- db/migrate/20161021113555_create_normal_user.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/db/migrate/20161021113555_create_normal_user.rb b/db/migrate/20161021113555_create_normal_user.rb index 0bb50c4..5c23ba9 100644 --- a/db/migrate/20161021113555_create_normal_user.rb +++ b/db/migrate/20161021113555_create_normal_user.rb @@ -1,9 +1,9 @@ class CreateNormalUser < ActiveRecord::Migration - def self.up + def up User.create!(email: "test@berkeley.edu", password: "asdf1234", role: "coach") end - def self.down + def down user = User.find_by_email("test@berkeley.edu") user.destroy end From 4293e6353f5df5a3a435d53bf47d0df9a27b8e07 Mon Sep 17 00:00:00 2001 From: Jiacheng Wu Date: Mon, 24 Oct 2016 19:43:21 +0000 Subject: [PATCH 42/60] Deleted unused files --- db/migrate/20161021113555_create_normal_user.rb | 10 ---------- 1 file changed, 10 deletions(-) delete mode 100644 db/migrate/20161021113555_create_normal_user.rb diff --git a/db/migrate/20161021113555_create_normal_user.rb b/db/migrate/20161021113555_create_normal_user.rb deleted file mode 100644 index 5c23ba9..0000000 --- a/db/migrate/20161021113555_create_normal_user.rb +++ /dev/null @@ -1,10 +0,0 @@ -class CreateNormalUser < ActiveRecord::Migration - def up - User.create!(email: "test@berkeley.edu", password: "asdf1234", role: "coach") - end - - def down - user = User.find_by_email("test@berkeley.edu") - user.destroy - end -end From d1c233ee8e06f82d4d3d566ac6458e00a128ff91 Mon Sep 17 00:00:00 2001 From: Jiacheng Wu Date: Mon, 24 Oct 2016 20:05:50 +0000 Subject: [PATCH 43/60] Fix issues --- ...ist_controller.rb => whitelists_controller.rb} | 15 +++++++-------- app/models/whitelist.rb | 6 +++--- app/views/projects/index.html.haml | 2 +- .../{whitelist => whitelists}/_add.html.haml | 2 +- .../{whitelist => whitelists}/index.html.haml | 0 app/views/{whitelist => whitelists}/new.html.erb | 2 +- config/routes.rb | 2 +- 7 files changed, 14 insertions(+), 15 deletions(-) rename app/controllers/{whitelist_controller.rb => whitelists_controller.rb} (77%) rename app/views/{whitelist => whitelists}/_add.html.haml (74%) rename app/views/{whitelist => whitelists}/index.html.haml (100%) rename app/views/{whitelist => whitelists}/new.html.erb (78%) diff --git a/app/controllers/whitelist_controller.rb b/app/controllers/whitelists_controller.rb similarity index 77% rename from app/controllers/whitelist_controller.rb rename to app/controllers/whitelists_controller.rb index 08defcc..4ce1a9c 100644 --- a/app/controllers/whitelist_controller.rb +++ b/app/controllers/whitelists_controller.rb @@ -1,18 +1,17 @@ -class WhitelistController < ApplicationController - include ActiveModel::Validations +class WhitelistsController < ApplicationController before_action :check_if_admin - # GET /whitelist + # GET /whitelists def index @permitted_users = Whitelist.all end - # GET /whitelist/new + # GET /whitelists/new def new @authorized_user = Whitelist.new end - # POST /whitelist/ + # POST /whitelists/ def create email = params[:email] if Whitelist.has_email?(email) @@ -25,15 +24,15 @@ def create flash[:notice] = "Invalid Email format." end end - redirect_to whitelist_index_path + redirect_to whitelists_path end - # DELETE /whitelist/ + # DELETE /whitelists/ def destroy user = Whitelist.find(params[:id]) user.destroy! flash[:notice] = "User is deleted successfully. " - redirect_to whitelist_index_path + redirect_to whitelists_path end def check_if_admin diff --git a/app/models/whitelist.rb b/app/models/whitelist.rb index e4a3694..890e190 100644 --- a/app/models/whitelist.rb +++ b/app/models/whitelist.rb @@ -1,9 +1,9 @@ # == Schema Information # -# Table name: whitelist +# Table name: whitelists # -# id :integer not null, primary key -# email :string default(""), not null +# id :integer not null, primary key +# email :string # class Whitelist < ActiveRecord::Base diff --git a/app/views/projects/index.html.haml b/app/views/projects/index.html.haml index 47aeab8..c52a214 100644 --- a/app/views/projects/index.html.haml +++ b/app/views/projects/index.html.haml @@ -24,4 +24,4 @@ %br/ -= link_to 'Whitelist', whitelist_index_path += link_to 'Whitelist', whitelists_path diff --git a/app/views/whitelist/_add.html.haml b/app/views/whitelists/_add.html.haml similarity index 74% rename from app/views/whitelist/_add.html.haml rename to app/views/whitelists/_add.html.haml index aaa6ec7..5b35e69 100644 --- a/app/views/whitelist/_add.html.haml +++ b/app/views/whitelists/_add.html.haml @@ -1,4 +1,4 @@ -= form_tag whitelist_index_path do += form_tag whitelists_path do = field_set_tag do = label_tag :email, 'Email' = text_field_tag :email diff --git a/app/views/whitelist/index.html.haml b/app/views/whitelists/index.html.haml similarity index 100% rename from app/views/whitelist/index.html.haml rename to app/views/whitelists/index.html.haml diff --git a/app/views/whitelist/new.html.erb b/app/views/whitelists/new.html.erb similarity index 78% rename from app/views/whitelist/new.html.erb rename to app/views/whitelists/new.html.erb index 02067d1..5a87a72 100644 --- a/app/views/whitelist/new.html.erb +++ b/app/views/whitelists/new.html.erb @@ -3,4 +3,4 @@ <%= render 'add' %> -<%= link_to 'Back', whitelist_index_path %> +<%= link_to 'Back', whitelists_path %> diff --git a/config/routes.rb b/config/routes.rb index a4d2e5c..e8342bc 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -2,6 +2,6 @@ devise_for :users, :controllers => { :omniauth_callbacks => "users/omniauth_callbacks" } resources :projects root 'projects#index' - resources :whitelist + resources :whitelists end From 0907a2f3b7adcf9f13cbae292c0daed42eac58ff Mon Sep 17 00:00:00 2001 From: Jiacheng Wu Date: Mon, 31 Oct 2016 02:19:31 +0000 Subject: [PATCH 44/60] adjust whitelist --- db/migrate/20161022053537_create_whitelists.rb | 4 ++-- .../20161022053828_create_authorized_user.rb | 7 ++++--- db/schema.rb | 15 +++------------ 3 files changed, 9 insertions(+), 17 deletions(-) diff --git a/db/migrate/20161022053537_create_whitelists.rb b/db/migrate/20161022053537_create_whitelists.rb index 6363ff8..b385a78 100644 --- a/db/migrate/20161022053537_create_whitelists.rb +++ b/db/migrate/20161022053537_create_whitelists.rb @@ -1,9 +1,9 @@ class CreateWhitelists < ActiveRecord::Migration def change create_table :whitelists, :force => true do |t| - t.string :email # default: "", null: false + t.string :username # default: "", null: false end - add_index :whitelists, :email + add_index :whitelists, :username end end diff --git a/db/migrate/20161022053828_create_authorized_user.rb b/db/migrate/20161022053828_create_authorized_user.rb index 5482643..a933bf1 100644 --- a/db/migrate/20161022053828_create_authorized_user.rb +++ b/db/migrate/20161022053828_create_authorized_user.rb @@ -1,10 +1,11 @@ class CreateAuthorizedUser < ActiveRecord::Migration def up - Whitelist.create!(email: Figaro.env.root_user_email) + Whitelist.create!(username: "DrakeW") + Whitelist.create!(username: "armandofox") end def down - user = Whitelist.find_by_email(Figaro.env.root_user_email) - user.destroy + Whitelist.where(username: "DrakeW").first.destroy + Whitelist.where(username: "armandofox").first.destroy end end diff --git a/db/schema.rb b/db/schema.rb index ffed28d..56d407b 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -47,10 +47,7 @@ add_index "projects", ["name"], name: "index_projects_on_name" create_table "users", force: :cascade do |t| -<<<<<<< HEAD -======= t.string "provider_username", default: "", null: false ->>>>>>> bd78074f0cf5bfc8c5de0a81a4ecd57b3da8472f t.string "email", default: "", null: false t.string "encrypted_password", default: "", null: false t.string "reset_password_token" @@ -69,18 +66,12 @@ end add_index "users", ["email"], name: "index_users_on_email", unique: true -<<<<<<< HEAD + add_index "users", ["provider_username"], name: "index_users_on_provider_username", unique: true add_index "users", ["reset_password_token"], name: "index_users_on_reset_password_token", unique: true create_table "whitelists", force: :cascade do |t| - t.string "email" + t.string "username" end - add_index "whitelists", ["email"], name: "index_whitelists_on_email" - -======= - add_index "users", ["provider_username"], name: "index_users_on_provider_username", unique: true - add_index "users", ["reset_password_token"], name: "index_users_on_reset_password_token", unique: true - ->>>>>>> bd78074f0cf5bfc8c5de0a81a4ecd57b3da8472f + add_index "whitelists", ["username"], name: "index_whitelists_on_username" end From 077a0cfaf8cf18aec35e3a725fbe583c013fc39f Mon Sep 17 00:00:00 2001 From: Jiacheng Wu Date: Fri, 4 Nov 2016 02:02:06 +0000 Subject: [PATCH 45/60] functionality complete --- app/controllers/whitelists_controller.rb | 12 ++++++------ app/models/user.rb | 2 +- app/models/whitelist.rb | 11 ++++++----- app/views/whitelists/_add.html.haml | 4 ++-- app/views/whitelists/index.html.haml | 4 ++-- db/schema.rb | 3 ++- 6 files changed, 19 insertions(+), 17 deletions(-) diff --git a/app/controllers/whitelists_controller.rb b/app/controllers/whitelists_controller.rb index 4ce1a9c..ed29098 100644 --- a/app/controllers/whitelists_controller.rb +++ b/app/controllers/whitelists_controller.rb @@ -13,15 +13,15 @@ def new # POST /whitelists/ def create - email = params[:email] - if Whitelist.has_email?(email) - flash[:notice] = "User #{email} already exists in whitelist. " + username = params[:username] + if Whitelist.has_username?(username) + flash[:notice] = "User #{username} already exists in whitelist. " else begin - Whitelist.create!(email: email) - flash[:notice] = "Add user #{email} successfully." + Whitelist.create!(username: username) + flash[:notice] = "Add user #{username} successfully." rescue ActiveRecord::RecordInvalid - flash[:notice] = "Invalid Email format." + flash[:notice] = "Invalid username format." end end redirect_to whitelists_path diff --git a/app/models/user.rb b/app/models/user.rb index 490a341..c296a1a 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -32,7 +32,7 @@ class User < ActiveRecord::Base def self.from_omniauth(auth) email = auth.info.email.nil? ? auth.extra.raw_info.email : auth.info.email login = auth.extra.raw_info.login - unless login.nil? + unless login.nil? or !Whitelist.has_username?(login) User.where(provider: auth.provider, provider_username: login).first_or_create do |user| user.provider = auth.provider user.uid = auth.uid diff --git a/app/models/whitelist.rb b/app/models/whitelist.rb index 890e190..54f85c6 100644 --- a/app/models/whitelist.rb +++ b/app/models/whitelist.rb @@ -2,14 +2,15 @@ # # Table name: whitelists # -# id :integer not null, primary key -# email :string +# id :integer not null, primary key +# username :string # class Whitelist < ActiveRecord::Base - validates_format_of :email,:with => Devise::email_regexp - def self.has_email?(email) - if Whitelist.find_by_email(email).nil? + validates_format_of :username,:with => /\A[a-z0-9\-_]+\z/i + + def self.has_username?(username) + if Whitelist.find_by_username(username).nil? return false else return true diff --git a/app/views/whitelists/_add.html.haml b/app/views/whitelists/_add.html.haml index 5b35e69..0e811ed 100644 --- a/app/views/whitelists/_add.html.haml +++ b/app/views/whitelists/_add.html.haml @@ -1,5 +1,5 @@ = form_tag whitelists_path do = field_set_tag do - = label_tag :email, 'Email' - = text_field_tag :email + = label_tag :username, 'GitHub username' + = text_field_tag :username = submit_tag 'Add' \ No newline at end of file diff --git a/app/views/whitelists/index.html.haml b/app/views/whitelists/index.html.haml index cdfd28b..6cb7dd7 100644 --- a/app/views/whitelists/index.html.haml +++ b/app/views/whitelists/index.html.haml @@ -9,8 +9,8 @@ %tbody - @permitted_users.each do |user| %tr - %td= user.email - %td= link_to "Delete", whitelist_path(user), :method => :delete, data: { confirm: "Do you want to delete user #{user.email} from the whitelist?" }, :user => user + %td= user.username + %td= link_to "Delete", whitelist_path(user), :method => :delete, data: { confirm: "Do you want to delete user #{user.username} from the whitelist?" }, :user => user %br/ diff --git a/db/schema.rb b/db/schema.rb index d3c7fb0..243b4de 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -11,7 +11,7 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema.define(version: 20161020040440) do +ActiveRecord::Schema.define(version: 20161022053828) do create_table "configs", force: :cascade do |t| t.integer "project_id" @@ -74,4 +74,5 @@ end add_index "whitelists", ["username"], name: "index_whitelists_on_username" + end From 2e5118bd31f7fab35271a79521d4b5f3618eeb8f Mon Sep 17 00:00:00 2001 From: Jiacheng Wu Date: Fri, 4 Nov 2016 06:37:24 +0000 Subject: [PATCH 46/60] Change the whitelist to contain github username --- app/controllers/whitelists_controller.rb | 6 +- features/github_user_login.feature | 2 + features/step_definitions/project_steps.rb | 1 + features/step_definitions/whitelist_steps.rb | 16 +++++ features/support/paths.rb | 4 ++ features/user_login.feature | 27 -------- features/whitelist.feature | 73 ++++++++++++++++++++ 7 files changed, 99 insertions(+), 30 deletions(-) create mode 100644 features/step_definitions/whitelist_steps.rb delete mode 100644 features/user_login.feature create mode 100644 features/whitelist.feature diff --git a/app/controllers/whitelists_controller.rb b/app/controllers/whitelists_controller.rb index ed29098..84b3305 100644 --- a/app/controllers/whitelists_controller.rb +++ b/app/controllers/whitelists_controller.rb @@ -1,5 +1,5 @@ class WhitelistsController < ApplicationController - before_action :check_if_admin + before_action :check_if_in_whitelist # GET /whitelists def index @@ -35,8 +35,8 @@ def destroy redirect_to whitelists_path end - def check_if_admin - unless current_user.is_admin? + def check_if_in_whitelist + unless Whitelist.has_username?(current_user.provider_username) flash[:notice] = "You are not authorized to manipulate whitelist." redirect_to projects_url end diff --git a/features/github_user_login.feature b/features/github_user_login.feature index e0c86ec..8331dcd 100644 --- a/features/github_user_login.feature +++ b/features/github_user_login.feature @@ -5,6 +5,7 @@ Feature: GitHub User Login Scenario: github user login with email Given I am on the login page + And "test-coach" is in the whitelist And I have a valid github account with email "test-coach@test.com" username "test-coach" When I follow "Sign in with GitHub" Then I should be on the home page @@ -12,6 +13,7 @@ Scenario: github user login with email Scenario: github user login without email Given I am on the login page + And "test-coach" is in the whitelist And I have a valid github account with email "" username "test-coach" When I follow "Sign in with GitHub" Then I should be on the home page diff --git a/features/step_definitions/project_steps.rb b/features/step_definitions/project_steps.rb index a996a57..0bac409 100644 --- a/features/step_definitions/project_steps.rb +++ b/features/step_definitions/project_steps.rb @@ -56,6 +56,7 @@ end And(/^I am logged in$/) do + Whitelist.create :username => "test-coach" visit path_to("the login page") OmniAuth.config.mock_auth[:github] = OmniAuth::AuthHash.new( { diff --git a/features/step_definitions/whitelist_steps.rb b/features/step_definitions/whitelist_steps.rb new file mode 100644 index 0000000..aedb525 --- /dev/null +++ b/features/step_definitions/whitelist_steps.rb @@ -0,0 +1,16 @@ +Given(/^"([^"]*)" is in the whitelist$/) do |username| + Whitelist.create!(username: username) +end + +Then /^I should be admin$/ do + expect(current_user.role).to eq "admin" +end + +Given /^I enter the whitelist page$/ do + visit path_to("the whitelist page") + sleep(1) +end + +When /^I follow the first "Delete"$/ do + first(:link, "Delete").click +end \ No newline at end of file diff --git a/features/support/paths.rb b/features/support/paths.rb index 429951b..69cfb86 100644 --- a/features/support/paths.rb +++ b/features/support/paths.rb @@ -21,6 +21,10 @@ def path_to(page_name) "/projects/#{Project.find_by(name: $1).id}/edit" when /^the login page/ then '/users/sign_in' + when /^the whitelist page/ then + '/whitelists' + when /^the add user to whitelist page/ then + '/whitelists/new' # Add more mappings here. # Here is an example that pulls values out of the Regexp: # diff --git a/features/user_login.feature b/features/user_login.feature deleted file mode 100644 index 3d596c3..0000000 --- a/features/user_login.feature +++ /dev/null @@ -1,27 +0,0 @@ -Feature: User Login - As a user of projectscope, I should be able to login if I am - on the whitelist or I am an admin. Otherwise I should be blocked. - -Background: - Given admin with email "test-admin@test.com" and password "testadminofprojectscope" exists - And coach with email "test-coach@test.com" is in the whitelist - -Scenario: authrozied admin login - Given I am on the login page - When I sign in as admin with email "test-admin@test.com" and password "testadminofprojectscope" - Then I should be on the home page - And I should see "Signed in successfully." - -@omniauth_test -Scenario: authrozied coach login - Given I am on the login page - When I sign in as coach with github email "test-coach@test.com" - Then I should be on the home page - And I should see "Signed in successfully." - -@omniauth_test -Scenario: unauthrozied user login - Given I am on the login page - When I sign in as coach with github email "test-coach-not-exist@test.com" - Then I should be on the login page - And I should see "You are not authorized." diff --git a/features/whitelist.feature b/features/whitelist.feature new file mode 100644 index 0000000..23beb7f --- /dev/null +++ b/features/whitelist.feature @@ -0,0 +1,73 @@ +@omniauth +Feature: Whitelist + As an admin of ProjectScope, I will be able to see the whitelist, add user to the whitelist, and delete user from the whitelist. + As a coach of ProjectScope, I will not be able to access the whitelist. + +Background: + Given "test-admin" is in the whitelist + And "ysiad" is in the whitelist + +Scenario: Users in the whitelist should be able to login + Given I am on the login page + And I have a valid github account with email "test-coach@test.com" username "test-admin" + When I follow "Sign in with GitHub" + Then I should be on the home page + And I should see "Signed in successfully." + +Scenario: Users that are not in the whitelist will not be able to login + Given I am on the login page + And I have a valid github account with email "test-coach@test.com" username "test-coach" + When I follow "Sign in with GitHub" + Then I should be on the login page + And I should see "You are not authorized." + +Scenario: Not whitelist user cannot see the whitelist + Given I am on the login page + When I go to the whitelist page + Then I should see "You are not authorized to manipulate whitelist." + +Scenario: Whitelist users can see the whitelist + Given I am logged in + Then I should be on the home page + And I should see "Whitelist" + When I follow "Whitelist" + Then I should be on the whitelist page + Then I should see "ysiad" + Then I should see "test-admin" + +Scenario: Whitelist users add a user to the whitelist + Given I am logged in + And I enter the whitelist page + Then I should see "Add user to whitelist" + When I follow "Add user to whitelist" + Then I should be on the add user to whitelist page + When I fill in "username" with "daisy" + And I press "Add" + Then I should be on the whitelist page + And I should see "daisy" + + Scenario: Whitelist users delete a user from the whitelist + Given I am logged in + And I enter the whitelist page + Then I should see "test-admin" + When I follow the first "Delete" + Then I should see "User is deleted successfully." + And I should not see "test-admin" + + Scenario: Whitelist user delete himself from the whitelist + Given I am logged in + And I enter the whitelist page + Then I should see "test-admin" + Then I should see "ysiad" + Then I should see "test-coach" + When I follow the first "Delete" + Then I should not see "test-admin" + When I follow the first "Delete" + Then I should not see "ysiad" + When I follow the first "Delete" + Then I should not see "test-coach" + Then I should be on the projects page + Then I should see "You are not authorized to manipulate whitelist." + + + From c0fefccab70d5a7d2a23d43847a833eac8490c23 Mon Sep 17 00:00:00 2001 From: Jiacheng Wu Date: Fri, 4 Nov 2016 06:43:09 +0000 Subject: [PATCH 47/60] modify the description for feature test --- features/whitelist.feature | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/features/whitelist.feature b/features/whitelist.feature index 23beb7f..ced9fd0 100644 --- a/features/whitelist.feature +++ b/features/whitelist.feature @@ -1,7 +1,7 @@ @omniauth Feature: Whitelist - As an admin of ProjectScope, I will be able to see the whitelist, add user to the whitelist, and delete user from the whitelist. - As a coach of ProjectScope, I will not be able to access the whitelist. + As a whitelist user, I will be able to login to the projectscope and see the whitelist. + If I am not a whitelist user, I will not be able to login and manipulate the whitelist. Background: Given "test-admin" is in the whitelist From 47a7c623e197c440d5ec5ab5e5db8b28a832790f Mon Sep 17 00:00:00 2001 From: Jiacheng Wu Date: Fri, 4 Nov 2016 09:28:15 +0000 Subject: [PATCH 48/60] Fix issues as the comments suggested --- .../users/confirmations_controller.rb | 28 --------- app/controllers/users/passwords_controller.rb | 32 ---------- .../users/registrations_controller.rb | 60 ------------------- app/controllers/users/sessions_controller.rb | 25 -------- app/controllers/users/unlocks_controller.rb | 28 --------- app/models/whitelist.rb | 6 +- .../20161019233104_devise_create_users.rb | 3 - features/support/paths.rb | 2 +- features/whitelist.feature | 2 +- 9 files changed, 3 insertions(+), 183 deletions(-) delete mode 100644 app/controllers/users/confirmations_controller.rb delete mode 100644 app/controllers/users/passwords_controller.rb delete mode 100644 app/controllers/users/registrations_controller.rb delete mode 100644 app/controllers/users/sessions_controller.rb delete mode 100644 app/controllers/users/unlocks_controller.rb diff --git a/app/controllers/users/confirmations_controller.rb b/app/controllers/users/confirmations_controller.rb deleted file mode 100644 index 1126e23..0000000 --- a/app/controllers/users/confirmations_controller.rb +++ /dev/null @@ -1,28 +0,0 @@ -class Users::ConfirmationsController < Devise::ConfirmationsController - # GET /resource/confirmation/new - # def new - # super - # end - - # POST /resource/confirmation - # def create - # super - # end - - # GET /resource/confirmation?confirmation_token=abcdef - # def show - # super - # end - - # protected - - # The path used after resending confirmation instructions. - # def after_resending_confirmation_instructions_path_for(resource_name) - # super(resource_name) - # end - - # The path used after confirmation. - # def after_confirmation_path_for(resource_name, resource) - # super(resource_name, resource) - # end -end diff --git a/app/controllers/users/passwords_controller.rb b/app/controllers/users/passwords_controller.rb deleted file mode 100644 index 53cc34e..0000000 --- a/app/controllers/users/passwords_controller.rb +++ /dev/null @@ -1,32 +0,0 @@ -class Users::PasswordsController < Devise::PasswordsController - # GET /resource/password/new - # def new - # super - # end - - # POST /resource/password - # def create - # super - # end - - # GET /resource/password/edit?reset_password_token=abcdef - # def edit - # super - # end - - # PUT /resource/password - # def update - # super - # end - - # protected - - # def after_resetting_password_path_for(resource) - # super(resource) - # end - - # The path used after sending reset password instructions - # def after_sending_reset_password_instructions_path_for(resource_name) - # super(resource_name) - # end -end diff --git a/app/controllers/users/registrations_controller.rb b/app/controllers/users/registrations_controller.rb deleted file mode 100644 index a6c8824..0000000 --- a/app/controllers/users/registrations_controller.rb +++ /dev/null @@ -1,60 +0,0 @@ -class Users::RegistrationsController < Devise::RegistrationsController -# before_action :configure_sign_up_params, only: [:create] -# before_action :configure_account_update_params, only: [:update] - - # GET /resource/sign_up - # def new - # super - # end - - # POST /resource - # def create - # super - # end - - # GET /resource/edit - # def edit - # super - # end - - # PUT /resource - # def update - # super - # end - - # DELETE /resource - # def destroy - # super - # end - - # GET /resource/cancel - # Forces the session data which is usually expired after sign - # in to be expired now. This is useful if the user wants to - # cancel oauth signing in/up in the middle of the process, - # removing all OAuth session data. - # def cancel - # super - # end - - # protected - - # If you have extra params to permit, append them to the sanitizer. - # def configure_sign_up_params - # devise_parameter_sanitizer.permit(:sign_up, keys: [:attribute]) - # end - - # If you have extra params to permit, append them to the sanitizer. - # def configure_account_update_params - # devise_parameter_sanitizer.permit(:account_update, keys: [:attribute]) - # end - - # The path used after sign up. - # def after_sign_up_path_for(resource) - # super(resource) - # end - - # The path used after sign up for inactive accounts. - # def after_inactive_sign_up_path_for(resource) - # super(resource) - # end -end diff --git a/app/controllers/users/sessions_controller.rb b/app/controllers/users/sessions_controller.rb deleted file mode 100644 index 753ab7a..0000000 --- a/app/controllers/users/sessions_controller.rb +++ /dev/null @@ -1,25 +0,0 @@ -class Users::SessionsController < Devise::SessionsController -# before_action :configure_sign_in_params, only: [:create] - - # GET /resource/sign_in - # def new - # super - # end - - # POST /resource/sign_in - # def create - # super - # end - - # DELETE /resource/sign_out - # def destroy - # super - # end - - # protected - - # If you have extra params to permit, append them to the sanitizer. - # def configure_sign_in_params - # devise_parameter_sanitizer.permit(:sign_in, keys: [:attribute]) - # end -end diff --git a/app/controllers/users/unlocks_controller.rb b/app/controllers/users/unlocks_controller.rb deleted file mode 100644 index 8b9ef86..0000000 --- a/app/controllers/users/unlocks_controller.rb +++ /dev/null @@ -1,28 +0,0 @@ -class Users::UnlocksController < Devise::UnlocksController - # GET /resource/unlock/new - # def new - # super - # end - - # POST /resource/unlock - # def create - # super - # end - - # GET /resource/unlock?unlock_token=abcdef - # def show - # super - # end - - # protected - - # The path used after sending unlock password instructions - # def after_sending_unlock_instructions_path_for(resource) - # super(resource) - # end - - # The path used after unlocking the resource - # def after_unlock_path_for(resource) - # super(resource) - # end -end diff --git a/app/models/whitelist.rb b/app/models/whitelist.rb index 54f85c6..455fcd6 100644 --- a/app/models/whitelist.rb +++ b/app/models/whitelist.rb @@ -10,10 +10,6 @@ class Whitelist < ActiveRecord::Base validates_format_of :username,:with => /\A[a-z0-9\-_]+\z/i def self.has_username?(username) - if Whitelist.find_by_username(username).nil? - return false - else - return true - end + return !Whitelist.find_by_username(username).nil? end end diff --git a/db/migrate/20161019233104_devise_create_users.rb b/db/migrate/20161019233104_devise_create_users.rb index 61a550b..0db2716 100644 --- a/db/migrate/20161019233104_devise_create_users.rb +++ b/db/migrate/20161019233104_devise_create_users.rb @@ -35,10 +35,7 @@ def change t.timestamps null: false end -<<<<<<< HEAD -======= add_index :users, :provider_username, unique: true ->>>>>>> bd78074f0cf5bfc8c5de0a81a4ecd57b3da8472f add_index :users, :email, unique: true add_index :users, :reset_password_token, unique: true # add_index :users, :confirmation_token, unique: true diff --git a/features/support/paths.rb b/features/support/paths.rb index 69cfb86..8fea221 100644 --- a/features/support/paths.rb +++ b/features/support/paths.rb @@ -23,7 +23,7 @@ def path_to(page_name) '/users/sign_in' when /^the whitelist page/ then '/whitelists' - when /^the add user to whitelist page/ then + when /^the whitelist management page/ then '/whitelists/new' # Add more mappings here. # Here is an example that pulls values out of the Regexp: diff --git a/features/whitelist.feature b/features/whitelist.feature index ced9fd0..fc4a208 100644 --- a/features/whitelist.feature +++ b/features/whitelist.feature @@ -40,7 +40,7 @@ Scenario: Whitelist users add a user to the whitelist And I enter the whitelist page Then I should see "Add user to whitelist" When I follow "Add user to whitelist" - Then I should be on the add user to whitelist page + Then I should be on the whitelist management page When I fill in "username" with "daisy" And I press "Add" Then I should be on the whitelist page From effd2c2580053c8291f333532fcee4d0ec47f15b Mon Sep 17 00:00:00 2001 From: Jiacheng Wu Date: Fri, 4 Nov 2016 18:00:03 +0000 Subject: [PATCH 49/60] Add session destroy for whitelist --- app/controllers/whitelists_controller.rb | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/app/controllers/whitelists_controller.rb b/app/controllers/whitelists_controller.rb index 84b3305..9ae169f 100644 --- a/app/controllers/whitelists_controller.rb +++ b/app/controllers/whitelists_controller.rb @@ -32,7 +32,11 @@ def destroy user = Whitelist.find(params[:id]) user.destroy! flash[:notice] = "User is deleted successfully. " - redirect_to whitelists_path + if Whitelist.has_username?(current_user.username) + redirect_to whitelists_path + else + redirect_to destroy_user_session + end end def check_if_in_whitelist From 2e6a5da3ab02dfcb54a5981829dcc93c1ff24e0f Mon Sep 17 00:00:00 2001 From: ysiad Date: Fri, 4 Nov 2016 21:04:34 -0700 Subject: [PATCH 50/60] Fix whitelist delete identity issues --- app/controllers/whitelists_controller.rb | 10 +++++----- app/views/whitelists/index.html.haml | 3 ++- features/whitelist.feature | 7 ++----- 3 files changed, 9 insertions(+), 11 deletions(-) diff --git a/app/controllers/whitelists_controller.rb b/app/controllers/whitelists_controller.rb index 9ae169f..064db7d 100644 --- a/app/controllers/whitelists_controller.rb +++ b/app/controllers/whitelists_controller.rb @@ -30,13 +30,13 @@ def create # DELETE /whitelists/ def destroy user = Whitelist.find(params[:id]) - user.destroy! - flash[:notice] = "User is deleted successfully. " - if Whitelist.has_username?(current_user.username) - redirect_to whitelists_path + if user.username.eql?(current_user.provider_username) + flash[:notice] = "We just saved you from being an idiot. " else - redirect_to destroy_user_session + user.destroy! + flash[:notice] = "User is deleted successfully." end + redirect_to whitelists_path end def check_if_in_whitelist diff --git a/app/views/whitelists/index.html.haml b/app/views/whitelists/index.html.haml index 6cb7dd7..c65c21c 100644 --- a/app/views/whitelists/index.html.haml +++ b/app/views/whitelists/index.html.haml @@ -10,7 +10,8 @@ - @permitted_users.each do |user| %tr %td= user.username - %td= link_to "Delete", whitelist_path(user), :method => :delete, data: { confirm: "Do you want to delete user #{user.username} from the whitelist?" }, :user => user + - unless user.username.eql?(current_user.provider_username) + %td= link_to "Delete", whitelist_path(user), :method => :delete, data: { confirm: "Do you want to delete user #{user.username} from the whitelist?" }, :user => user %br/ diff --git a/features/whitelist.feature b/features/whitelist.feature index fc4a208..9ea4567 100644 --- a/features/whitelist.feature +++ b/features/whitelist.feature @@ -54,7 +54,7 @@ Scenario: Whitelist users add a user to the whitelist Then I should see "User is deleted successfully." And I should not see "test-admin" - Scenario: Whitelist user delete himself from the whitelist + Scenario: Whitelist users are unable to delete themselves from the whitelist Given I am logged in And I enter the whitelist page Then I should see "test-admin" @@ -64,10 +64,7 @@ Scenario: Whitelist users add a user to the whitelist Then I should not see "test-admin" When I follow the first "Delete" Then I should not see "ysiad" - When I follow the first "Delete" - Then I should not see "test-coach" - Then I should be on the projects page - Then I should see "You are not authorized to manipulate whitelist." + Then I should not see "Delete" From 14a16f1fc33daad4681ea113d3bf494a730ed339 Mon Sep 17 00:00:00 2001 From: Jiacheng Wu Date: Sat, 5 Nov 2016 04:31:58 +0000 Subject: [PATCH 51/60] Fix issues in readme --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 9e1d997..5461733 100644 --- a/README.md +++ b/README.md @@ -7,7 +7,6 @@ CS169 Group Forked Repo Status: - # MVP dashboard for ProjectScope From 87d53e7b663c3013c84c9a0991a054a7447617be Mon Sep 17 00:00:00 2001 From: Jiacheng Wu Date: Sat, 5 Nov 2016 06:02:50 +0000 Subject: [PATCH 52/60] Add the line back in Readme --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 5461733..9e1d997 100644 --- a/README.md +++ b/README.md @@ -7,6 +7,7 @@ CS169 Group Forked Repo Status: + # MVP dashboard for ProjectScope From ce6ad7bf01c22e5030ba0aea8aba2b4f257056b0 Mon Sep 17 00:00:00 2001 From: ysiad Date: Sat, 19 Nov 2016 21:05:48 -0800 Subject: [PATCH 53/60] better formatting --- app/views/whitelists/index.html.haml | 31 +++++++++++++++++++++++++++- 1 file changed, 30 insertions(+), 1 deletion(-) diff --git a/app/views/whitelists/index.html.haml b/app/views/whitelists/index.html.haml index c65c21c..ec4a95f 100644 --- a/app/views/whitelists/index.html.haml +++ b/app/views/whitelists/index.html.haml @@ -1,6 +1,33 @@ +:css + #whitelist{ + border-collapse: collapse; + width: 80%; + margin-right: auto; + } + + #whitelist td, #whitelist th { + border: 1px solid #ddd; + padding: 8px; + } + + #whitelist tr:nth-child(even){background-color: #f2f2f2;} + + #whitelist tr:hover {background-color: #ddd;} + + #whitelist th { + padding-top: 12px; + padding-bottom: 12px; + text-align: left; + background-color: #337ab7; + color: white; + } + #whitelist tr { + text-align: left; + } + %h1 Whitelist -%table +%table#whitelist %thead %tr %th Authorized Users @@ -12,6 +39,8 @@ %td= user.username - unless user.username.eql?(current_user.provider_username) %td= link_to "Delete", whitelist_path(user), :method => :delete, data: { confirm: "Do you want to delete user #{user.username} from the whitelist?" }, :user => user + -else + %td %br/ From fbc4f3046fc90be71cd875a103796b5b1c444b67 Mon Sep 17 00:00:00 2001 From: ysiad Date: Sat, 19 Nov 2016 21:35:57 -0800 Subject: [PATCH 54/60] change the order of the link --- app/views/whitelists/index.html.haml | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/app/views/whitelists/index.html.haml b/app/views/whitelists/index.html.haml index ec4a95f..3ea0484 100644 --- a/app/views/whitelists/index.html.haml +++ b/app/views/whitelists/index.html.haml @@ -24,7 +24,7 @@ #whitelist tr { text-align: left; } - + %h1 Whitelist %table#whitelist @@ -44,10 +44,8 @@ %br/ -= link_to 'Back to project page', projects_url - -%br/ - = link_to 'Add user to whitelist', new_whitelist_path +%br/ += link_to 'Back to project page', projects_url From 82ac558aacfb47ab3d691a7268b4e2db375a2633 Mon Sep 17 00:00:00 2001 From: ysiad Date: Sat, 19 Nov 2016 21:42:57 -0800 Subject: [PATCH 55/60] Modified column name --- app/views/whitelists/index.html.haml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/views/whitelists/index.html.haml b/app/views/whitelists/index.html.haml index 3ea0484..b73a75f 100644 --- a/app/views/whitelists/index.html.haml +++ b/app/views/whitelists/index.html.haml @@ -30,7 +30,7 @@ %table#whitelist %thead %tr - %th Authorized Users + %th Authorized GitHub Accounts %th Action %tbody From fddb6a1e2608e6da6e883478b289f2b4a3a358b7 Mon Sep 17 00:00:00 2001 From: ysiad Date: Sat, 19 Nov 2016 22:07:55 -0800 Subject: [PATCH 56/60] set attr_accessible --- app/controllers/whitelists_controller.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/app/controllers/whitelists_controller.rb b/app/controllers/whitelists_controller.rb index 064db7d..2d72347 100644 --- a/app/controllers/whitelists_controller.rb +++ b/app/controllers/whitelists_controller.rb @@ -1,5 +1,6 @@ class WhitelistsController < ApplicationController before_action :check_if_in_whitelist + attr_accessible :username # GET /whitelists def index From 644302a29f3ff40d147eb967969d4da3f0dea5d4 Mon Sep 17 00:00:00 2001 From: ysiad Date: Sat, 19 Nov 2016 22:15:07 -0800 Subject: [PATCH 57/60] fix accessor --- app/controllers/whitelists_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/controllers/whitelists_controller.rb b/app/controllers/whitelists_controller.rb index 2d72347..ced218f 100644 --- a/app/controllers/whitelists_controller.rb +++ b/app/controllers/whitelists_controller.rb @@ -1,6 +1,6 @@ class WhitelistsController < ApplicationController before_action :check_if_in_whitelist - attr_accessible :username + attr_accessor :username # GET /whitelists def index From 7fb3aaeb38e240545bc51f780cc005ccfe17b6af Mon Sep 17 00:00:00 2001 From: ysiad Date: Mon, 5 Dec 2016 00:31:36 -0800 Subject: [PATCH 58/60] 1. set role default to student; 2.change whitelist to privilege control; 3. delete whitelist check before login; --- app/controllers/whitelists_controller.rb | 53 ++++++++++++++++--- app/models/user.rb | 8 ++- app/views/whitelists/index.html.haml | 35 ++++++------ config/routes.rb | 5 +- .../20161020034239_add_role_to_users.rb | 2 +- db/migrate/20161020040440_create_root_user.rb | 8 ++- 6 files changed, 81 insertions(+), 30 deletions(-) diff --git a/app/controllers/whitelists_controller.rb b/app/controllers/whitelists_controller.rb index ced218f..2b621fc 100644 --- a/app/controllers/whitelists_controller.rb +++ b/app/controllers/whitelists_controller.rb @@ -1,15 +1,14 @@ class WhitelistsController < ApplicationController - before_action :check_if_in_whitelist - attr_accessor :username + before_action :check_if_coach # GET /whitelists def index - @permitted_users = Whitelist.all + @permitted_users = User.all end # GET /whitelists/new def new - @authorized_user = Whitelist.new + @authorized_user = Whitelist.new(user_params) end # POST /whitelists/ @@ -32,7 +31,7 @@ def create def destroy user = Whitelist.find(params[:id]) if user.username.eql?(current_user.provider_username) - flash[:notice] = "We just saved you from being an idiot. " + flash[:notice] = "Delete yourself from the whitelist is not allowed. " else user.destroy! flash[:notice] = "User is deleted successfully." @@ -40,11 +39,49 @@ def destroy redirect_to whitelists_path end - def check_if_in_whitelist - unless Whitelist.has_username?(current_user.provider_username) - flash[:notice] = "You are not authorized to manipulate whitelist." + def check_if_coach + unless current_user.role.eql?("admin") or current_user.role.eql?("coach") + flash[:notice] = "You have no privilege to manipulate privilege control." redirect_to projects_url end end + + def upgrade + unless current_user.role.eql?("admin") or current_user.role.eql?("coach") + flash[:alert] = "You do not have privilege to change other user's role. " + redirect_to whitelists_path + return + end + user = User.find(params[:id]) + if user.role.eql?("admin") + flash[:alert] = "Admin role cannot be changed." + end + if user.role.eql?("student") + user.change_role("coach") + end + redirect_to whitelists_path + end + + def downgrade + unless current_user.role.eql?("admin") or current_user.role.eql?("coach") + flash[:alert] = "You do not have privilege to change other user's role. " + redirect_to whitelists_path + return + end + user = User.find(params[:id]) + if user.role.eql?("admin") + flash[:alert] = "Admin role cannot be changed." + end + if user.role.eql?("coach") + user.change_role("student") + end + redirect_to whitelists_path + end + + private + + def user_params + params.require(:whitelist).permit(:username) + end end diff --git a/app/models/user.rb b/app/models/user.rb index 2d2b4a5..ecbfc8e 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -36,11 +36,12 @@ class User < ActiveRecord::Base ADMIN = "admin" COACH = "coach" + STUDENT = "student" def self.from_omniauth(auth) email = auth.info.email.nil? ? auth.extra.raw_info.email : auth.info.email login = auth.extra.raw_info.login - unless login.nil? or !Whitelist.has_username?(login) + unless login.nil? User.where(provider: auth.provider, provider_username: login).first_or_create do |user| user.provider = auth.provider user.uid = auth.uid @@ -59,6 +60,11 @@ def is_admin? self.role == ADMIN end + def change_role(role) + self.role = role + self.save! + end + def preferred_projects self.selected_projects = Project.all if self.selected_projects.empty? self.selected_projects diff --git a/app/views/whitelists/index.html.haml b/app/views/whitelists/index.html.haml index b73a75f..8d7eb22 100644 --- a/app/views/whitelists/index.html.haml +++ b/app/views/whitelists/index.html.haml @@ -1,51 +1,50 @@ :css - #whitelist{ + #Users{ border-collapse: collapse; width: 80%; margin-right: auto; } - #whitelist td, #whitelist th { + #Users td, #Users th { border: 1px solid #ddd; padding: 8px; } - #whitelist tr:nth-child(even){background-color: #f2f2f2;} + #Users tr:nth-child(even){background-color: #f2f2f2;} - #whitelist tr:hover {background-color: #ddd;} + #Users tr:hover {background-color: #ddd;} - #whitelist th { + #Users th { padding-top: 12px; padding-bottom: 12px; text-align: left; background-color: #337ab7; color: white; } - #whitelist tr { + #Users tr { text-align: left; } -%h1 Whitelist +%h1 Privilege Control -%table#whitelist +%table#Users %thead %tr - %th Authorized GitHub Accounts + %th GitHub Account + %th Role %th Action %tbody - @permitted_users.each do |user| %tr - %td= user.username - - unless user.username.eql?(current_user.provider_username) - %td= link_to "Delete", whitelist_path(user), :method => :delete, data: { confirm: "Do you want to delete user #{user.username} from the whitelist?" }, :user => user + %td= user.provider_username + %td= user.role + -if user.role.eql?("coach") + %td= link_to "Downgrade to student", downgrade_user_path(user), :method => :get, data: { confirm: "Do you want to downgrade user #{user.id} from the whitelist?" }, :user => user + -elsif user.role.eql?("student") + %td= link_to "Upgrade to coach", upgrade_user_path(user), :method => :get, data: { confirm: "Do you want to downgrade user #{user.id} from the whitelist?" }, :user => user -else - %td + %td %br/ - -= link_to 'Add user to whitelist', new_whitelist_path - -%br/ - = link_to 'Back to project page', projects_url diff --git a/config/routes.rb b/config/routes.rb index 3d79a8c..c293161 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -1,9 +1,12 @@ Rails.application.routes.draw do resources :users, :only => [:show, :update], :path => "u" devise_for :users, :controllers => { :omniauth_callbacks => "users/omniauth_callbacks" }, :skip => [:password] - + resources :projects root 'projects#index' resources :whitelists + + get '/whitelists/upgrade/:id', :to => 'whitelists#upgrade', :as => 'upgrade_user' + get '/whitelists/downgrade/:id', :to => 'whitelists#downgrade', :as => 'downgrade_user' end diff --git a/db/migrate/20161020034239_add_role_to_users.rb b/db/migrate/20161020034239_add_role_to_users.rb index ea24805..b785826 100644 --- a/db/migrate/20161020034239_add_role_to_users.rb +++ b/db/migrate/20161020034239_add_role_to_users.rb @@ -1,5 +1,5 @@ class AddRoleToUsers < ActiveRecord::Migration def change - add_column :users, :role, :string, null: false, default: "coach" + add_column :users, :role, :string, null: false, default: "student" end end diff --git a/db/migrate/20161020040440_create_root_user.rb b/db/migrate/20161020040440_create_root_user.rb index d9bf218..64fb5ab 100644 --- a/db/migrate/20161020040440_create_root_user.rb +++ b/db/migrate/20161020040440_create_root_user.rb @@ -4,16 +4,22 @@ def up password: Devise.friendly_token[0,20], provider_username: "DrakeW", provider: "github", - role: "admin") + role: "coach") User.create!(email: "fox@cs.berkeley.edu", password: Devise.friendly_token[0,20], provider_username: "armandofox", provider: "github", role: "admin") + User.create!(email: "jiachengwu@berkeley.edu", + password: Devise.friendly_token[0,20], + provider_username: "ysiad", + provider: "github", + role: "coach") end def down User.where(email: "junyuw@berkeley.edu", provider: "github").first.destroy User.where(email: "fox@cs.berkeley.edu", provider: "github").first.destroy + User.where(email: "jiachengwu@berkeley.edu", provider: "github").first.destroy end end From 5a81b40453f3bbc50a985512c698729793dd07b1 Mon Sep 17 00:00:00 2001 From: ysiad Date: Mon, 5 Dec 2016 01:26:56 -0800 Subject: [PATCH 59/60] change the prompt sentence --- app/views/whitelists/index.html.haml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/views/whitelists/index.html.haml b/app/views/whitelists/index.html.haml index 8d7eb22..0248014 100644 --- a/app/views/whitelists/index.html.haml +++ b/app/views/whitelists/index.html.haml @@ -40,7 +40,7 @@ %td= user.provider_username %td= user.role -if user.role.eql?("coach") - %td= link_to "Downgrade to student", downgrade_user_path(user), :method => :get, data: { confirm: "Do you want to downgrade user #{user.id} from the whitelist?" }, :user => user + %td= link_to "Downgrade to student", downgrade_user_path(user), :method => :get, data: { confirm: "Do you want to downgrade user #{user.provider_username} from the whitelist?" }, :user => user -elsif user.role.eql?("student") %td= link_to "Upgrade to coach", upgrade_user_path(user), :method => :get, data: { confirm: "Do you want to downgrade user #{user.id} from the whitelist?" }, :user => user -else From 8410cbeb34d440c8d78f72ad7a79481bf8a35249 Mon Sep 17 00:00:00 2001 From: ysiad Date: Mon, 5 Dec 2016 01:38:50 -0800 Subject: [PATCH 60/60] modified the prompt message --- app/views/whitelists/index.html.haml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/views/whitelists/index.html.haml b/app/views/whitelists/index.html.haml index 0248014..e7af39f 100644 --- a/app/views/whitelists/index.html.haml +++ b/app/views/whitelists/index.html.haml @@ -42,7 +42,7 @@ -if user.role.eql?("coach") %td= link_to "Downgrade to student", downgrade_user_path(user), :method => :get, data: { confirm: "Do you want to downgrade user #{user.provider_username} from the whitelist?" }, :user => user -elsif user.role.eql?("student") - %td= link_to "Upgrade to coach", upgrade_user_path(user), :method => :get, data: { confirm: "Do you want to downgrade user #{user.id} from the whitelist?" }, :user => user + %td= link_to "Upgrade to coach", upgrade_user_path(user), :method => :get, data: { confirm: "Do you want to upgrade user #{user.provider_username} from the whitelist?" }, :user => user -else %td