diff --git a/.env.example b/.env.example index 4bf6b30..cf01e61 100644 --- a/.env.example +++ b/.env.example @@ -1,3 +1,4 @@ SECRET_KEY_BASE= IMAP_SERVER= DEFAULT_FROM= +DEVISE_PEPPER= diff --git a/.rubocop.yml b/.rubocop.yml index febceec..980b6f0 100644 --- a/.rubocop.yml +++ b/.rubocop.yml @@ -12,3 +12,7 @@ Metrics/MethodLength: Exclude: - 'db/schema.rb' - 'db/migrate/*.rb' + +Metrics/BlockLength: + Exclude: + - 'config/initializers/devise.rb' diff --git a/Gemfile b/Gemfile index 0a0406f..578a8ae 100644 --- a/Gemfile +++ b/Gemfile @@ -22,9 +22,11 @@ gem 'uglifier', '>= 1.3.0' # See https://github.com/rails/execjs#readme for more supported runtimes # gem 'therubyracer', platforms: :ruby -# Turbolinks makes navigating your web application faster. Read more: https://github.com/turbolinks/turbolinks +# Turbolinks makes navigating your web application faster. Read more: +# https://github.com/turbolinks/turbolinks gem 'turbolinks', '~> 5' -# Build JSON APIs with ease. Read more: https://github.com/rails/jbuilder +# Build JSON APIs with ease. Read more: +# https://github.com/rails/jbuilder gem 'jbuilder', '~> 2.5' # Use ActiveModel has_secure_password gem 'bcrypt', '~> 3.1.7' @@ -37,6 +39,8 @@ gem 'carrierwave' gem 'carrierwave-bombshelter' gem 'carrierwave-i18n' gem 'commonmarker' +gem 'devise' +gem 'devise-i18n' gem 'email_address' gem 'exception_notification' gem 'font-awesome-rails' @@ -56,10 +60,12 @@ group :development, :test do end group :development do - # Access an IRB console on exception pages or by using <%= console %> anywhere in the code. + # Access an IRB console on exception pages or by using <%= console %> + # anywhere in the code. gem 'listen', '>= 3.0.5', '< 3.2' gem 'web-console', '>= 3.3.0' - # Spring speeds up development by keeping your application running in the background. Read more: https://github.com/rails/spring + # Spring speeds up development by keeping your application running in + # the background. Read more: https://github.com/rails/spring gem 'bcrypt_pbkdf' gem 'capistrano' gem 'capistrano-bundler' diff --git a/Gemfile.lock b/Gemfile.lock index 49fb3de..a9572c0 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -98,6 +98,14 @@ GEM ruby-enum (~> 0.5) concurrent-ruby (1.1.5) crass (1.0.4) + devise (4.6.2) + bcrypt (~> 3.0) + orm_adapter (~> 0.1) + railties (>= 4.1.0, < 6.0) + responders + warden (~> 1.2.3) + devise-i18n (1.8.0) + devise (>= 4.6) dotenv (2.7.2) dotenv-rails (2.7.2) dotenv (= 2.7.2) @@ -200,6 +208,7 @@ GEM nio4r (2.3.1) nokogiri (1.10.2) mini_portile2 (~> 2.4.0) + orm_adapter (0.5.0) parallel (1.16.0) parser (2.6.2.0) ast (~> 2.4.0) @@ -250,6 +259,9 @@ GEM ffi (~> 1.0) rbnacl (4.0.2) ffi + responders (3.0.0) + actionpack (>= 5.0) + railties (>= 5.0) rouge (3.3.0) rubocop (0.66.0) jaro_winkler (~> 1.5.1) @@ -347,6 +359,8 @@ DEPENDENCIES carrierwave-bombshelter carrierwave-i18n commonmarker + devise + devise-i18n dotenv-rails ed25519 email_address @@ -377,4 +391,4 @@ DEPENDENCIES whenever BUNDLED WITH - 1.17.1 + 1.17.3 diff --git a/app/views/devise/confirmations/new.haml b/app/views/devise/confirmations/new.haml new file mode 100644 index 0000000..cb4c1d7 --- /dev/null +++ b/app/views/devise/confirmations/new.haml @@ -0,0 +1,10 @@ +%h2= t('.resend_confirmation_instructions') += form_for(resource, as: resource_name, url: confirmation_path(resource_name), html: { method: :post }) do |f| + = render "devise/shared/error_messages", resource: resource + .field + = f.label :email + %br/ + = f.email_field :email, autofocus: true, autocomplete: "email", value: (resource.pending_reconfirmation? ? resource.unconfirmed_email : resource.email) + .actions + = f.submit t('.resend_confirmation_instructions') += render "devise/shared/links" diff --git a/app/views/devise/mailer/confirmation_instructions.haml b/app/views/devise/mailer/confirmation_instructions.haml new file mode 100644 index 0000000..46706c4 --- /dev/null +++ b/app/views/devise/mailer/confirmation_instructions.haml @@ -0,0 +1,3 @@ +%p= t('.greeting', recipient: @email) +%p= t('.instruction') +%p= link_to t('.action'), confirmation_url(@resource, confirmation_token: @token) diff --git a/app/views/devise/mailer/email_changed.haml b/app/views/devise/mailer/email_changed.haml new file mode 100644 index 0000000..8ae4d38 --- /dev/null +++ b/app/views/devise/mailer/email_changed.haml @@ -0,0 +1,5 @@ +%p= t('.greeting', recipient: @email) +- if @resource.try(:unconfirmed_email?) + %p= t('.message', email: @resource.unconfirmed_email) +- else + %p= t('.message', email: @resource.email) diff --git a/app/views/devise/mailer/password_change.haml b/app/views/devise/mailer/password_change.haml new file mode 100644 index 0000000..ebb43d0 --- /dev/null +++ b/app/views/devise/mailer/password_change.haml @@ -0,0 +1,2 @@ +%p= t('.greeting', recipient: @resource.email) +%p= t('.message') diff --git a/app/views/devise/mailer/reset_password_instructions.haml b/app/views/devise/mailer/reset_password_instructions.haml new file mode 100644 index 0000000..ccc4aa5 --- /dev/null +++ b/app/views/devise/mailer/reset_password_instructions.haml @@ -0,0 +1,5 @@ +%p= t('.greeting', recipient: @resource.email) +%p= t('.instruction') +%p= link_to t('.action'), edit_password_url(@resource, reset_password_token: @token) +%p= t('.instruction_2') +%p= t('.instruction_3') diff --git a/app/views/devise/mailer/unlock_instructions.haml b/app/views/devise/mailer/unlock_instructions.haml new file mode 100644 index 0000000..d68bf7c --- /dev/null +++ b/app/views/devise/mailer/unlock_instructions.haml @@ -0,0 +1,4 @@ +%p= t('.greeting', recipient: @resource.email) +%p= t('.message') +%p= t('.instruction') +%p= link_to t('.action'), unlock_url(@resource, unlock_token: @token) diff --git a/app/views/devise/passwords/edit.haml b/app/views/devise/passwords/edit.haml new file mode 100644 index 0000000..f492ff8 --- /dev/null +++ b/app/views/devise/passwords/edit.haml @@ -0,0 +1,18 @@ +%h2= t('.change_your_password') += form_for(resource, as: resource_name, url: password_path(resource_name), html: { method: :put }) do |f| + = render "devise/shared/error_messages", resource: resource + = f.hidden_field :reset_password_token + .field + = f.label :password, t('.new_password') + %br/ + - if @minimum_password_length + %em= t('devise.shared.minimum_password_length', count: @minimum_password_length) + %br/ + = f.password_field :password, autofocus: true, autocomplete: "new-password" + .field + = f.label :password_confirmation, t('.confirm_new_password') + %br/ + = f.password_field :password_confirmation, autocomplete: "off" + .actions + = f.submit t('.change_my_password') += render "devise/shared/links" diff --git a/app/views/devise/passwords/new.haml b/app/views/devise/passwords/new.haml new file mode 100644 index 0000000..39936f3 --- /dev/null +++ b/app/views/devise/passwords/new.haml @@ -0,0 +1,10 @@ +%h2= t('.forgot_your_password') += form_for(resource, as: resource_name, url: password_path(resource_name), html: { method: :post }) do |f| + = render "devise/shared/error_messages", resource: resource + .field + = f.label :email + %br/ + = f.email_field :email, autofocus: true, autocomplete: "email" + .actions + = f.submit t('.send_me_reset_password_instructions') += render "devise/shared/links" diff --git a/app/views/devise/registrations/edit.haml b/app/views/devise/registrations/edit.haml new file mode 100644 index 0000000..9b7f4f0 --- /dev/null +++ b/app/views/devise/registrations/edit.haml @@ -0,0 +1,35 @@ +%h2= t('.title', resource: resource.model_name.human) += form_for(resource, as: resource_name, url: registration_path(resource_name), html: { method: :put }) do |f| + = render "devise/shared/error_messages", resource: resource + .field + = f.label :email + %br/ + = f.email_field :email, autofocus: true, autocomplete: "email" + - if devise_mapping.confirmable? && resource.pending_reconfirmation? + %div= t('.currently_waiting_confirmation_for_email', email: resource.unconfirmed_email) + .field + = f.label :password + %i + (#{t('.leave_blank_if_you_don_t_want_to_change_it')}) + %br/ + = f.password_field :password, autocomplete: "new-password" + - if @minimum_password_length + %br/ + %em= t('devise.shared.minimum_password_length', count: @minimum_password_length) + .field + = f.label :password_confirmation + %br/ + = f.password_field :password_confirmation, autocomplete: "new-password" + .field + = f.label :current_password + %i + (#{t('.we_need_your_current_password_to_confirm_your_changes')}) + %br/ + = f.password_field :current_password, autocomplete: "current-password" + .actions + = f.submit t('.update') +%h3= t('.cancel_my_account') +%p + = t('.unhappy') + = button_to t('.cancel_my_account'), registration_path(resource_name), data: { confirm: t('.are_you_sure') }, method: :delete += link_to t('devise.shared.links.back'), :back diff --git a/app/views/devise/registrations/new.haml b/app/views/devise/registrations/new.haml new file mode 100644 index 0000000..21fec96 --- /dev/null +++ b/app/views/devise/registrations/new.haml @@ -0,0 +1,20 @@ +%h2= t('.sign_up') += form_for(resource, as: resource_name, url: registration_path(resource_name)) do |f| + = render "devise/shared/error_messages", resource: resource + .field + = f.label :email + %br/ + = f.email_field :email, autofocus: true, autocomplete: "email" + .field + = f.label :password + - if @minimum_password_length + %em= t('devise.shared.minimum_password_length', count: @minimum_password_length) + %br/ + = f.password_field :password, autocomplete: "new-password" + .field + = f.label :password_confirmation + %br/ + = f.password_field :password_confirmation, autocomplete: "new-password" + .actions + = f.submit t('.sign_up') += render "devise/shared/links" diff --git a/app/views/devise/sessions/new.haml b/app/views/devise/sessions/new.haml new file mode 100644 index 0000000..625e380 --- /dev/null +++ b/app/views/devise/sessions/new.haml @@ -0,0 +1,17 @@ +%h2= t('.sign_in') += form_for(resource, as: resource_name, url: session_path(resource_name)) do |f| + .field + = f.label :email + %br/ + = f.email_field :email, autofocus: true, autocomplete: "email" + .field + = f.label :password + %br/ + = f.password_field :password, autocomplete: "current-password" + - if devise_mapping.rememberable? + .field + = f.check_box :remember_me + = f.label :remember_me + .actions + = f.submit t('.sign_in') += render "devise/shared/links" diff --git a/app/views/devise/shared/_error_messages.haml b/app/views/devise/shared/_error_messages.haml new file mode 100644 index 0000000..a921fd6 --- /dev/null +++ b/app/views/devise/shared/_error_messages.haml @@ -0,0 +1,9 @@ +- if resource.errors.any? + #error_explanation + %h2 + = I18n.t("errors.messages.not_saved", | + count: resource.errors.count, | + resource: resource.class.model_name.human.downcase) | + %ul + - resource.errors.full_messages.each do |message| + %li= message diff --git a/app/views/devise/shared/_links.haml b/app/views/devise/shared/_links.haml new file mode 100644 index 0000000..5577592 --- /dev/null +++ b/app/views/devise/shared/_links.haml @@ -0,0 +1,19 @@ +- if controller_name != 'sessions' + = link_to t(".sign_in"), new_session_path(resource_name) + %br/ +- if devise_mapping.registerable? && controller_name != 'registrations' + = link_to t(".sign_up"), new_registration_path(resource_name) + %br/ +- if devise_mapping.recoverable? && controller_name != 'passwords' && controller_name != 'registrations' + = link_to t(".forgot_your_password"), new_password_path(resource_name) + %br/ +- if devise_mapping.confirmable? && controller_name != 'confirmations' + = link_to t('.didn_t_receive_confirmation_instructions'), new_confirmation_path(resource_name) + %br/ +- if devise_mapping.lockable? && resource_class.unlock_strategy_enabled?(:email) && controller_name != 'unlocks' + = link_to t('.didn_t_receive_unlock_instructions'), new_unlock_path(resource_name) + %br/ +- if devise_mapping.omniauthable? + - resource_class.omniauth_providers.each do |provider| + = link_to t('.sign_in_with_provider', provider: OmniAuth::Utils.camelize(provider)), omniauth_authorize_path(resource_name, provider) + %br/ diff --git a/app/views/devise/unlocks/new.haml b/app/views/devise/unlocks/new.haml new file mode 100644 index 0000000..f381615 --- /dev/null +++ b/app/views/devise/unlocks/new.haml @@ -0,0 +1,10 @@ +%h2= t('.resend_unlock_instructions') += form_for(resource, as: resource_name, url: unlock_path(resource_name), html: { method: :post }) do |f| + = render "devise/shared/error_messages", resource: resource + .field + = f.label :email + %br/ + = f.email_field :email, autofocus: true, autocomplete: "email" + .actions + = f.submit t('.resend_unlock_instructions') += render "devise/shared/links" diff --git a/app/views/layouts/mailer.haml b/app/views/layouts/mailer.haml new file mode 100644 index 0000000..cbf6b8e --- /dev/null +++ b/app/views/layouts/mailer.haml @@ -0,0 +1,8 @@ +!!! +%html + %head + %meta{:content => "text/html; charset=utf-8", "http-equiv" => "Content-Type"}/ + :css + /* Email styles need to be inline */ + %body + = yield diff --git a/app/views/layouts/mailer.html.erb b/app/views/layouts/mailer.html.erb deleted file mode 100644 index cbd34d2..0000000 --- a/app/views/layouts/mailer.html.erb +++ /dev/null @@ -1,13 +0,0 @@ - - - - - - - - - <%= yield %> - - diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb new file mode 100644 index 0000000..256b37e --- /dev/null +++ b/config/initializers/devise.rb @@ -0,0 +1,336 @@ +# frozen_string_literal: true + +# Use this hook to configure devise mailer, warden hooks and so forth. +# Many of these configuration options can be set straight in your model. +Devise.setup do |config| + # The secret key used by Devise. Devise uses this key to generate + # random tokens. Changing this key will render invalid all existing + # confirmation, reset password and unlock tokens in the database. + # Devise will use the `secret_key_base` as its `secret_key` + # by default. You can change it below and use your own secret key. + # config.secret_key = '' + + # ==> Controller configuration + # Configure the parent class to the devise controllers. + # config.parent_controller = 'DeviseController' + + # ==> Mailer Configuration + # Configure the e-mail address which will be shown in Devise::Mailer, + # note that it will be overwritten if you use your own mailer class + # with default "from" parameter. + config.mailer_sender = ENV['DEFAULT_FROM'] + + # Configure the class responsible to send e-mails. + # config.mailer = 'Devise::Mailer' + + # Configure the parent class responsible to send e-mails. + # config.parent_mailer = 'ActionMailer::Base' + + # ==> ORM configuration + # Load and configure the ORM. Supports :active_record (default) and + # :mongoid (bson_ext recommended) by default. Other ORMs may be + # available as additional gems. + require 'devise/orm/active_record' + + # ==> Configuration for any authentication mechanism + # + # Configure which keys are used when authenticating a user. The + # default is just :email. You can configure it to use [:username, + # :subdomain], so for authenticating a user, both parameters are + # required. Remember that those parameters are used only when + # authenticating and not when retrieving from session. If you need + # permissions, you should implement that in a before filter. You can + # also supply a hash where the value is a boolean determining whether + # or not authentication should be aborted when the value is not + # present. + # config.authentication_keys = [:email] + + # Configure parameters from the request object used for + # authentication. Each entry given should be a request method and it + # will automatically be passed to the find_for_authentication method + # and considered in your model lookup. For instance, if you set + # :request_keys to [:subdomain], :subdomain will be used on + # authentication. The same considerations mentioned for + # authentication_keys also apply to request_keys. + # config.request_keys = [] + + # Configure which authentication keys should be case-insensitive. + # These keys will be downcased upon creating or modifying a user and + # when used to authenticate or find a user. Default is :email. + config.case_insensitive_keys = [:email] + + # Configure which authentication keys should have whitespace stripped. + # These keys will have whitespace before and after removed upon + # creating or modifying a user and when used to authenticate or find a + # user. Default is :email. + config.strip_whitespace_keys = [:email] + + # Tell if authentication through request.params is enabled. True by + # default. It can be set to an array that will enable params + # authentication only for the given strategies, for example, + # `config.params_authenticatable = [:database]` will enable it only + # for database (email + password) authentication. + # config.params_authenticatable = true + + # Tell if authentication through HTTP Auth is enabled. False by + # default. It can be set to an array that will enable http + # authentication only for the given strategies, for example, + # `config.http_authenticatable = [:database]` will enable it only for + # database authentication. The supported strategies are: :database + # = Support basic authentication with authentication key + password + # config.http_authenticatable = false + + # If 401 status code should be returned for AJAX requests. True by + # default. + # config.http_authenticatable_on_xhr = true + + # The realm used in Http Basic Authentication. 'Application' by + # default. + # config.http_authentication_realm = 'Application' + + # It will change confirmation, password recovery and other workflows + # to behave the same regardless if the e-mail provided was right or + # wrong. Does not affect registerable. + # config.paranoid = true + + # By default Devise will store the user in session. You can skip + # storage for particular strategies by setting this option. + # Notice that if you are skipping storage for all authentication + # paths, you may want to disable generating routes to Devise's + # sessions controller by passing skip: :sessions to `devise_for` in + # your config/routes.rb + config.skip_session_storage = [:http_auth] + + # By default, Devise cleans up the CSRF token on authentication to + # avoid CSRF token fixation attacks. This means that, when using AJAX + # requests for sign in and sign up, you need to get a new CSRF token + # from the server. You can disable this option at your own risk. + # config.clean_up_csrf_token_on_authentication = true + + # When false, Devise will not attempt to reload routes on eager load. + # This can reduce the time taken to boot the app but if your + # application requires the Devise mappings to be loaded during boot + # time the application won't boot properly. + # config.reload_routes = true + + # ==> Configuration for :database_authenticatable + # For bcrypt, this is the cost for hashing the password and defaults + # to 11. If using other algorithms, it sets how many times you want + # the password to be hashed. + # + # Limiting the stretches to just one in testing will increase the + # performance of your test suite dramatically. However, it is STRONGLY + # RECOMMENDED to not use a value less than 10 in other environments. + # Note that, for bcrypt (the default algorithm), the cost increases + # exponentially with the number of stretches (e.g. a value of 20 is + # already extremely slow: approx. 60 seconds for 1 calculation). + config.stretches = Rails.env.test? ? 1 : 11 + + # Set up a pepper to generate the hashed password. + config.pepper = ENV['DEVISE_PEPPER'] + + # Send a notification to the original email when the user's email is + # changed. + config.send_email_changed_notification = true + + # Send a notification email when the user's password is changed. + config.send_password_change_notification = true + + # ==> Configuration for :confirmable + # A period that the user is allowed to access the website even without + # confirming their account. For instance, if set to 2.days, the user + # will be able to access the website for two days without confirming + # their account, access will be blocked just in the third day. + # You can also set it to nil, which will allow the user to access the + # website without confirming their account. + # Default is 0.days, meaning the user cannot access the website + # without confirming their account. + config.allow_unconfirmed_access_for = 2.days + + # A period that the user is allowed to confirm their account before + # their token becomes invalid. For example, if set to 3.days, the user + # can confirm their account within 3 days after the mail was sent, but + # on the fourth day their account can't be confirmed with the token + # any more. Default is nil, meaning there is no restriction on how + # long a user can take before confirming their account. + config.confirm_within = 3.days + + # If true, requires any email changes to be confirmed (exactly the + # same way as initial account confirmation) to be applied. Requires + # additional unconfirmed_email db field (see migrations). Until + # confirmed, new email is stored in unconfirmed_email column, and + # copied to email column on successful confirmation. + config.reconfirmable = true + + # Defines which key will be used when confirming an account + # config.confirmation_keys = [:email] + + # ==> Configuration for :rememberable + # The time the user will be remembered without asking for credentials + # again. + # config.remember_for = 2.weeks + + # Invalidates all the remember me tokens when the user signs out. + config.expire_all_remember_me_on_sign_out = true + + # If true, extends the user's remember period when remembered via + # cookie. + # config.extend_remember_period = false + + # Options to be passed to the created cookie. For instance, you can + # set secure: true in order to force SSL only cookies. + # config.rememberable_options = {} + + # ==> Configuration for :validatable + # Range for password length. + config.password_length = 8..128 + + # Email regex used to validate email formats. It simply asserts that + # one (and only one) @ exists in the given string. This is mainly + # to give user feedback and not to assert the e-mail validity. + config.email_regexp = /\A[^@\s]+@[^@\s]+\z/ + + # ==> Configuration for :timeoutable + # The time you want to timeout the user session without activity. + # After this time the user will be asked for credentials again. + # Default is 30 minutes. + # config.timeout_in = 30.minutes + + # ==> Configuration for :lockable + # + # Defines which strategy will be used to lock an account. + # :failed_attempts = Locks an account after a number of failed + # attempts to sign in. + # :none = No lock strategy. You should handle locking by + # yourself. + config.lock_strategy = :failed_attempts + + # Defines which key will be used when locking and unlocking an account + # config.unlock_keys = [:email] + + # Defines which strategy will be used to unlock an account. + # :email = Sends an unlock link to the user email + # :time = Re-enables login after a certain amount of time (see + # :unlock_in below) + # :both = Enables both strategies + # :none = No unlock strategy. You should handle unlocking by + # yourself. + config.unlock_strategy = :both + + # Number of authentication tries before locking an account if + # lock_strategy is failed attempts. + config.maximum_attempts = 20 + + # Time interval to unlock the account if :time is enabled as + # unlock_strategy. + config.unlock_in = 1.hour + + # Warn on the last attempt before the account is locked. + # config.last_attempt_warning = true + + # ==> Configuration for :recoverable + # + # Defines which key will be used when recovering the password for an + # account + # config.reset_password_keys = [:email] + + # Time interval you can reset your password with a reset password key. + # Don't put a too small interval or your users won't have the time to + # change their passwords. + config.reset_password_within = 6.hours + + # When set to false, does not sign a user in automatically after their + # password is reset. Defaults to true, so a user is signed in + # automatically after a reset. + config.sign_in_after_reset_password = true + + # ==> Configuration for :encryptable + # Allow you to use another hashing or encryption algorithm besides + # bcrypt (default). You can use :sha1, :sha512 or algorithms from + # others authentication tools as :clearance_sha1, :authlogic_sha512 + # (then you should set stretches above to 20 for default behavior) and + # :restful_authentication_sha1 (then you should set stretches to 10, + # and copy REST_AUTH_SITE_KEY to pepper). + # + # Require the `devise-encryptable` gem when using anything other than + # bcrypt + # config.encryptor = :sha512 + + # ==> Scopes configuration + # Turn scoped views on. Before rendering "sessions/new", it will first + # check for "users/sessions/new". It's turned off by default because + # it's slower if you are using only default views. + # config.scoped_views = false + + # Configure the default scope given to Warden. By default it's the + # first devise role declared in your routes (usually :user). + # config.default_scope = :user + + # Set this configuration to false if you want /users/sign_out to sign + # out only the current scope. By default, Devise signs out all scopes. + # config.sign_out_all_scopes = true + + # ==> Navigation configuration + # Lists the formats that should be treated as navigational. Formats + # like :html, should redirect to the sign in page when the user does + # not have access, but formats like :xml or :json, should return 401. + # + # If you have any extra navigational formats, like :iphone or :mobile, + # you should add them to the navigational formats lists. + # + # The "*/*" below is required to match Internet Explorer requests. + # config.navigational_formats = ['*/*', :html] + + # The default HTTP method used to sign out a resource. Default is + # :delete. + config.sign_out_via = :delete + + # ==> OmniAuth + # Add a new OmniAuth provider. Check the wiki for more information on + # setting up on your models and hooks. + # + # config.omniauth :github, 'APP_ID', 'APP_SECRET', scope: + # 'user,public_repo' + + # ==> Warden configuration + # + # If you want to use other strategies, that are not supported by + # Devise, or change the failure app, you can configure them inside the + # config.warden block. + # + # config.warden do |manager| + # manager.intercept_401 = false + # manager.default_strategies(scope: :user) + # .unshift :some_external_strategy + # end + + # ==> Mountable engine configurations + # + # When using Devise inside an engine, let's call it `MyEngine`, and + # this engine is mountable, there are some extra configurations to be + # taken into account. The following options are available, assuming + # the engine is mounted as: + # + # mount MyEngine, at: '/my_engine' + # + # The router that invoked `devise_for`, in the example above, would + # be: config.router_name = :my_engine + # + # When using OmniAuth, Devise cannot automatically set OmniAuth path, + # so you need to do it manually. For the users scope, it would be: + # config.omniauth_path_prefix = '/my_engine/users/auth' + + # ==> Turbolinks configuration + # + # If your app is using Turbolinks, Turbolinks::Controller needs to be + # included to make redirection work correctly: + ActiveSupport.on_load(:devise_failure_app) do + include Turbolinks::Controller + end + + # ==> Configuration for :registerable + # When set to false, does not sign a user in automatically after their + # password is changed. Defaults to true, so a user is signed in + # automatically after changing a password. + config.sign_in_after_change_password = true +end diff --git a/config/locales/devise.en.yml b/config/locales/devise.en.yml new file mode 100644 index 0000000..55617bd --- /dev/null +++ b/config/locales/devise.en.yml @@ -0,0 +1,65 @@ +# Additional translations at https://github.com/plataformatec/devise/wiki/I18n + +en: + devise: + confirmations: + confirmed: "Your email address has been successfully confirmed." + send_instructions: "You will receive an email with instructions for how to confirm your email address in a few minutes." + send_paranoid_instructions: "If your email address exists in our database, you will receive an email with instructions for how to confirm your email address in a few minutes." + failure: + already_authenticated: "You are already signed in." + inactive: "Your account is not activated yet." + invalid: "Invalid %{authentication_keys} or password." + locked: "Your account is locked." + last_attempt: "You have one more attempt before your account is locked." + not_found_in_database: "Invalid %{authentication_keys} or password." + timeout: "Your session expired. Please sign in again to continue." + unauthenticated: "You need to sign in or sign up before continuing." + unconfirmed: "You have to confirm your email address before continuing." + mailer: + confirmation_instructions: + subject: "Confirmation instructions" + reset_password_instructions: + subject: "Reset password instructions" + unlock_instructions: + subject: "Unlock instructions" + email_changed: + subject: "Email Changed" + password_change: + subject: "Password Changed" + omniauth_callbacks: + failure: "Could not authenticate you from %{kind} because \"%{reason}\"." + success: "Successfully authenticated from %{kind} account." + passwords: + no_token: "You can't access this page without coming from a password reset email. If you do come from a password reset email, please make sure you used the full URL provided." + send_instructions: "You will receive an email with instructions on how to reset your password in a few minutes." + send_paranoid_instructions: "If your email address exists in our database, you will receive a password recovery link at your email address in a few minutes." + updated: "Your password has been changed successfully. You are now signed in." + updated_not_active: "Your password has been changed successfully." + registrations: + destroyed: "Bye! Your account has been successfully cancelled. We hope to see you again soon." + signed_up: "Welcome! You have signed up successfully." + signed_up_but_inactive: "You have signed up successfully. However, we could not sign you in because your account is not yet activated." + signed_up_but_locked: "You have signed up successfully. However, we could not sign you in because your account is locked." + signed_up_but_unconfirmed: "A message with a confirmation link has been sent to your email address. Please follow the link to activate your account." + update_needs_confirmation: "You updated your account successfully, but we need to verify your new email address. Please check your email and follow the confirm link to confirm your new email address." + updated: "Your account has been updated successfully." + updated_but_not_signed_in: "Your account has been updated successfully, but since your password was changed, you need to sign in again" + sessions: + signed_in: "Signed in successfully." + signed_out: "Signed out successfully." + already_signed_out: "Signed out successfully." + unlocks: + send_instructions: "You will receive an email with instructions for how to unlock your account in a few minutes." + send_paranoid_instructions: "If your account exists, you will receive an email with instructions for how to unlock it in a few minutes." + unlocked: "Your account has been unlocked successfully. Please sign in to continue." + errors: + messages: + already_confirmed: "was already confirmed, please try signing in" + confirmation_period_expired: "needs to be confirmed within %{period}, please request a new one" + expired: "has expired, please request a new one" + not_found: "not found" + not_locked: "was not locked" + not_saved: + one: "1 error prohibited this %{resource} from being saved:" + other: "%{count} errors prohibited this %{resource} from being saved:" diff --git a/config/locales/devise.views.en.yml b/config/locales/devise.views.en.yml new file mode 100644 index 0000000..aa0697c --- /dev/null +++ b/config/locales/devise.views.en.yml @@ -0,0 +1,146 @@ +en: + activerecord: + attributes: + user: + confirmation_sent_at: Confirmation sent at + confirmation_token: Confirmation token + confirmed_at: Confirmed at + created_at: Created at + current_password: Current password + current_sign_in_at: Current sign in at + current_sign_in_ip: Current sign in IP + email: Email + encrypted_password: Encrypted password + failed_attempts: Failed attempts + last_sign_in_at: Last sign in at + last_sign_in_ip: Last sign in IP + locked_at: Locked at + password: Password + password_confirmation: Password confirmation + remember_created_at: Remember created at + remember_me: Remember me + reset_password_sent_at: Reset password sent at + reset_password_token: Reset password token + sign_in_count: Sign in count + unconfirmed_email: Unconfirmed email + unlock_token: Unlock token + updated_at: Updated at + models: + user: + one: User + other: Users + devise: + confirmations: + confirmed: Your email address has been successfully confirmed. + new: + resend_confirmation_instructions: Resend confirmation instructions + send_instructions: You will receive an email with instructions for how to confirm your email address in a few minutes. + send_paranoid_instructions: If your email address exists in our database, you will receive an email with instructions for how to confirm your email address in a few minutes. + failure: + already_authenticated: You are already signed in. + inactive: Your account is not activated yet. + invalid: Invalid %{authentication_keys} or password. + last_attempt: You have one more attempt before your account is locked. + locked: Your account is locked. + not_found_in_database: Invalid %{authentication_keys} or password. + timeout: Your session expired. Please sign in again to continue. + unauthenticated: You need to sign in or sign up before continuing. + unconfirmed: You have to confirm your email address before continuing. + mailer: + confirmation_instructions: + action: Confirm my account + greeting: Welcome %{recipient}! + instruction: 'You can confirm your account email through the link below:' + subject: Confirmation instructions + email_changed: + greeting: Hello %{recipient}! + message: We're contacting you to notify you that your email has been changed to %{email}. + subject: Email Changed + password_change: + greeting: Hello %{recipient}! + message: We're contacting you to notify you that your password has been changed. + subject: Password Changed + reset_password_instructions: + action: Change my password + greeting: Hello %{recipient}! + instruction: Someone has requested a link to change your password. You can do this through the link below. + instruction_2: If you didn't request this, please ignore this email. + instruction_3: Your password won't change until you access the link above and create a new one. + subject: Reset password instructions + unlock_instructions: + action: Unlock my account + greeting: Hello %{recipient}! + instruction: 'Click the link below to unlock your account:' + message: Your account has been locked due to an excessive number of unsuccessful sign in attempts. + subject: Unlock instructions + omniauth_callbacks: + failure: Could not authenticate you from %{kind} because "%{reason}". + success: Successfully authenticated from %{kind} account. + passwords: + edit: + change_my_password: Change my password + change_your_password: Change your password + confirm_new_password: Confirm new password + new_password: New password + new: + forgot_your_password: Forgot your password? + send_me_reset_password_instructions: Send me reset password instructions + no_token: You can't access this page without coming from a password reset email. If you do come from a password reset email, please make sure you used the full URL provided. + send_instructions: You will receive an email with instructions on how to reset your password in a few minutes. + send_paranoid_instructions: If your email address exists in our database, you will receive a password recovery link at your email address in a few minutes. + updated: Your password has been changed successfully. You are now signed in. + updated_not_active: Your password has been changed successfully. + registrations: + destroyed: Bye! Your account has been successfully cancelled. We hope to see you again soon. + edit: + are_you_sure: Are you sure? + cancel_my_account: Cancel my account + currently_waiting_confirmation_for_email: 'Currently waiting confirmation for: %{email}' + leave_blank_if_you_don_t_want_to_change_it: leave blank if you don't want to change it + title: Edit %{resource} + unhappy: Unhappy? + update: Update + we_need_your_current_password_to_confirm_your_changes: we need your current password to confirm your changes + new: + sign_up: Sign up + signed_up: Welcome! You have signed up successfully. + signed_up_but_inactive: You have signed up successfully. However, we could not sign you in because your account is not yet activated. + signed_up_but_locked: You have signed up successfully. However, we could not sign you in because your account is locked. + signed_up_but_unconfirmed: A message with a confirmation link has been sent to your email address. Please follow the link to activate your account. + update_needs_confirmation: You updated your account successfully, but we need to verify your new email address. Please check your email and follow the confirm link to confirm your new email address. + updated: Your account has been updated successfully. + updated_but_not_signed_in: Your account has been updated successfully, but since your password was changed, you need to sign in again + sessions: + already_signed_out: Signed out successfully. + new: + sign_in: Log in + signed_in: Signed in successfully. + signed_out: Signed out successfully. + shared: + links: + back: Back + didn_t_receive_confirmation_instructions: Didn't receive confirmation instructions? + didn_t_receive_unlock_instructions: Didn't receive unlock instructions? + forgot_your_password: Forgot your password? + sign_in: Log in + sign_in_with_provider: Sign in with %{provider} + sign_up: Sign up + minimum_password_length: + one: "(%{count} character minimum)" + other: "(%{count} characters minimum)" + unlocks: + new: + resend_unlock_instructions: Resend unlock instructions + send_instructions: You will receive an email with instructions for how to unlock your account in a few minutes. + send_paranoid_instructions: If your account exists, you will receive an email with instructions for how to unlock it in a few minutes. + unlocked: Your account has been unlocked successfully. Please sign in to continue. + errors: + messages: + already_confirmed: was already confirmed, please try signing in + confirmation_period_expired: needs to be confirmed within %{period}, please request a new one + expired: has expired, please request a new one + not_found: not found + not_locked: was not locked + not_saved: + one: '1 error prohibited this %{resource} from being saved:' + other: "%{count} errors prohibited this %{resource} from being saved:" diff --git a/config/locales/devise.views.es.yml b/config/locales/devise.views.es.yml new file mode 100644 index 0000000..4a631e8 --- /dev/null +++ b/config/locales/devise.views.es.yml @@ -0,0 +1,146 @@ +es: + activerecord: + attributes: + user: + confirmation_sent_at: Confirmación enviada a + confirmation_token: Código de confirmación + confirmed_at: Confirmado en + created_at: Creado en + current_password: Contraseña actual + current_sign_in_at: Fecha del ingreso actual + current_sign_in_ip: IP del ingreso actual + email: Email + encrypted_password: Contraseña cifrada + failed_attempts: Intentos fallidos + last_sign_in_at: Fecha del último ingreso + last_sign_in_ip: IP del último inicio + locked_at: Fecha de bloqueo + password: Contraseña + password_confirmation: Confirmación de la contraseña + remember_created_at: Fecha de 'Recordarme' + remember_me: Recordarme + reset_password_sent_at: Fecha de envío de código para contraseña + reset_password_token: Código para restablecer contraseña + sign_in_count: Cantidad de ingresos + unconfirmed_email: Email no confirmado + unlock_token: Código de desbloqueo + updated_at: Actualizado en + models: + user: + one: Usuario + other: Usuarios + devise: + confirmations: + confirmed: Tu cuenta ha sido confirmada satisfactoriamente. + new: + resend_confirmation_instructions: Reenviar instrucciones de confirmación + send_instructions: Vas a recibir un correo con instrucciones sobre cómo confirmar tu cuenta en unos minutos. + send_paranoid_instructions: Si tu correo existe en nuestra base de datos, en unos minutos recibirás un correo con instrucciones sobre cómo confirmar tu cuenta. + failure: + already_authenticated: Ya has iniciado sesión. + inactive: Tu cuenta aún no ha sido activada. + invalid: "%{authentication_keys} o contraseña inválidos." + last_attempt: Tienes un intento más antes de que tu cuenta sea bloqueada. + locked: Tu cuenta está bloqueada. + not_found_in_database: "%{authentication_keys} o contraseña inválidos." + timeout: Tu sesión expiró. Por favor, inicia sesión nuevamente para continuar. + unauthenticated: Tienes que iniciar sesión o registrarte para poder continuar. + unconfirmed: Tienes que confirmar tu cuenta para poder continuar. + mailer: + confirmation_instructions: + action: Confirmar mi cuenta + greeting: "¡Bienvenido %{recipient}!" + instruction: 'Usted puede confirmar el correo electrónico de su cuenta a través de este enlace:' + subject: Instrucciones de confirmación + email_changed: + greeting: "¡Hola %{recipient}! " + message: Estamos contactando contigo para notificarte que tu email ha sido cambiado a %{email}. + subject: Email cambiado + password_change: + greeting: Hola %{recipient}! + message: Le estamos contactando para notificarle que su contraseña ha sido cambiada. + subject: Contraseña cambiada + reset_password_instructions: + action: Cambiar mi contraseña + greeting: "¡Hola %{recipient}!" + instruction: Alguien ha solicitado un enlace para cambiar su contraseña, lo que se puede realizar a través del siguiente enlace. + instruction_2: Si usted no lo ha solicitado, por favor ignore este correo electrónico. + instruction_3: Su contraseña no será cambiada hasta que usted acceda al enlace y cree una nueva. + subject: Instrucciones de recuperación de contraseña + unlock_instructions: + action: Desbloquear mi cuenta + greeting: "¡Hola %{recipient}!" + instruction: 'Haga click en el siguiente enlace para desbloquear su cuenta:' + message: Su cuenta ha sido bloqueada debido a una cantidad excesiva de intentos infructuosos para ingresar. + subject: Instrucciones para desbloquear + omniauth_callbacks: + failure: No has sido autorizado en la cuenta %{kind} porque "%{reason}". + success: Has sido autorizado satisfactoriamente en la cuenta %{kind}. + passwords: + edit: + change_my_password: Cambiar mi contraseña + change_your_password: Cambie su contraseña + confirm_new_password: Confirme la nueva contraseña + new_password: Nueva contraseña + new: + forgot_your_password: "¿Ha olvidado su contraseña?" + send_me_reset_password_instructions: Envíeme las instrucciones para resetear mi contraseña + no_token: No puedes acceder a esta página si no es a través de un enlace para resetear tu contraseña. Si has llegado hasta aquí desde el email para resetear tu contraseña, por favor asegúrate de que la URL introducida está completa. + send_instructions: Recibirás un correo con instrucciones sobre cómo resetear tu contraseña en unos pocos minutos. + send_paranoid_instructions: Si tu correo existe en nuestra base de datos, recibirás un correo con instrucciones sobre cómo resetear tu contraseña en tu bandeja de entrada. + updated: Se ha cambiado tu contraseña. Ya iniciaste sesión. + updated_not_active: Tu contraseña fue cambiada. + registrations: + destroyed: "¡Adiós! Tu cuenta ha sido cancelada correctamente. Esperamos verte pronto." + edit: + are_you_sure: "¿Está usted seguro?" + cancel_my_account: Anular mi cuenta + currently_waiting_confirmation_for_email: 'Actualmente esperando la confirmacion de: %{email} ' + leave_blank_if_you_don_t_want_to_change_it: dejar en blanco si no desea cambiarlo + title: Editar %{resource} + unhappy: "¿Disconforme?" + update: Actualizar + we_need_your_current_password_to_confirm_your_changes: necesitamos su contraseña actual para confirmar los cambios + new: + sign_up: Registrarse + signed_up: Bienvenido. Tu cuenta fue creada. + signed_up_but_inactive: Tu cuenta ha sido creada correctamente. Sin embargo, no hemos podido iniciar la sesión porque tu cuenta aún no está activada. + signed_up_but_locked: Tu cuenta ha sido creada correctamente. Sin embargo, no hemos podido iniciar la sesión porque que tu cuenta está bloqueada. + signed_up_but_unconfirmed: Se ha enviado un mensaje con un enlace de confirmación a tu correo electrónico. Abre el enlace para activar tu cuenta. + update_needs_confirmation: Has actualizado tu cuenta correctamente, pero es necesario confirmar tu nuevo correo electrónico. Por favor, comprueba tu correo y sigue el enlace de confirmación para finalizar la comprobación del nuevo correo electrónico. + updated: Tu cuenta se ha actualizado. + updated_but_not_signed_in: + sessions: + already_signed_out: Sesión finalizada. + new: + sign_in: Iniciar sesión + signed_in: Sesión iniciada. + signed_out: Sesión finalizada. + shared: + links: + back: Atrás + didn_t_receive_confirmation_instructions: "¿No ha recibido las instrucciones de confirmación?" + didn_t_receive_unlock_instructions: "¿No ha recibido instrucciones para desbloquear?" + forgot_your_password: "¿Ha olvidado su contraseña?" + sign_in: Iniciar sesión + sign_in_with_provider: Iniciar sesión con %{provider} + sign_up: Registrarse + minimum_password_length: + one: "(%{count} caractere como mínimo)" + other: "(%{count} caracteres como mínimo)" + unlocks: + new: + resend_unlock_instructions: Reenviar instrucciones para desbloquear + send_instructions: Vas a recibir instrucciones para desbloquear tu cuenta en unos pocos minutos. + send_paranoid_instructions: Si tu cuenta existe, vas a recibir instrucciones para desbloquear tu cuenta en unos pocos minutos. + unlocked: Tu cuenta ha sido desbloqueada. Ya puedes iniciar sesión. + errors: + messages: + already_confirmed: ya ha sido confirmada, por favor intenta iniciar sesión + confirmation_period_expired: necesita confirmarse dentro de %{period}, por favor solicita una nueva + expired: ha expirado, por favor solicita una nueva + not_found: no se ha encontrado + not_locked: no estaba bloqueada + not_saved: + one: 'Ocurrió un error al tratar de guardar %{resource}:' + other: 'Ocurrieron %{count} errores al tratar de guardar %{resource}:' diff --git a/doc/autenticacion.md b/doc/autenticacion.md new file mode 100644 index 0000000..b83ed84 --- /dev/null +++ b/doc/autenticacion.md @@ -0,0 +1,23 @@ +# Autenticación de usuaries + +Estamos pasando de un modelo integrado donde Usuarias son usuaries de +una red IMAP e Invitadxs son usuaries locales de la plataforma, a una +más "monolítica" donde las cuentas se gestionan desde la plataforma +misma. + +Entonces, Usuaria e Invitadx se fusionan y su diferencia es solo de +privilegios sobre un sitio (puede hacer todo / solo puede cargar +artículos y modificar los propios). + +No nos gusta la idea de implementar todo un sistema de privilegios, +primero porque queremos que Sutty sea una plataforma democrática y +segundo porque en nuestra experiencia nadie los usa y prefieren usar una +cuenta de administración. + +La migración a Devise nos va a permitir tener recuperación de +contraseñas, registro independiente, correos de bienvenida y varias +cosas más. + +Planeamos que Sutty también sea un proveedor de oAuth, para poder +integrarla con otras plataformas comunitarias +(rocket.chat/mattermost.com principalmente).