From adce5596db707833e3d180708582dbc7fff4f305 Mon Sep 17 00:00:00 2001 From: Martin Edenhofer Date: Fri, 20 Apr 2012 08:45:22 +0200 Subject: [PATCH 01/11] Moved to logon sessions for authentication. --- app/controllers/application_controller.rb | 12 +++++++ app/controllers/sessions_controller.rb | 43 ++++++++++++++++++++--- 2 files changed, 50 insertions(+), 5 deletions(-) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 1340239e6..6506024af 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -92,6 +92,18 @@ class ApplicationController < ActionController::Base return false end + # check logon session + if params['logon_session'] + session = ActiveRecord::SessionStore::Session.where( :session_id => params['logon_session'] ).first + if session + userdata = User.find( user_id = session.data[:user_id] ) + end + + # set logon session user to current user + current_user_set(userdata) + return true + end + # return auth not ok (no session exists) if !session[:user_id] message = 'no valid session, user_id' diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index 9bf351888..ba44038b9 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -12,6 +12,7 @@ class SessionsController < ApplicationController # auth failed if !user render :json => { :error => 'login failed' }, :status => :unprocessable_entity + return end # do not show password @@ -27,15 +28,47 @@ class SessionsController < ApplicationController # set session user_id session[:user_id] = user.id - + + # check logon session + logon_session_key = nil + if params['logon_session'] + puts 'create sessions session con' + logon_session_key = Digest::MD5.hexdigest( rand(999999).to_s + Time.new.to_s ) + ActiveRecord::SessionStore::Session.create( + :session_id => logon_session_key, + :data => { + :user_id => user.id + } + ) + end + # return new session data - render :json => { :session => user, :default_collections => default_collection }, :status => :created + render :json => { + :session => user, + :default_collections => default_collection, + :logon_session => logon_session_key, + }, + :status => :created end def show - + + user_id = nil + # no valid sessions - if !session[:user_id] + if session[:user_id] + user_id = session[:user_id] + end + + # check logon session + if params['logon_session'] + session = ActiveRecord::SessionStore::Session.where( :session_id => params['logon_session'] ).first + if session + user_id = session.data[:user_id] + end + end + + if !user_id render :json => { :error => 'no valid session', :config => config_frontend, @@ -45,7 +78,7 @@ class SessionsController < ApplicationController # Save the user ID in the session so it can be used in # subsequent requests - user = user_data_full( session[:user_id] ) + user = user_data_full( user_id ) # auto population of default collections default_collection = default_collections() From 0dd055f2eb356473cdee06b0eefc9a4a26b6d723 Mon Sep 17 00:00:00 2001 From: Martin Edenhofer Date: Fri, 20 Apr 2012 09:06:45 +0200 Subject: [PATCH 02/11] Fixed name space conflict. --- app/controllers/application_controller.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 6506024af..c2e86a545 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -94,9 +94,9 @@ class ApplicationController < ActionController::Base # check logon session if params['logon_session'] - session = ActiveRecord::SessionStore::Session.where( :session_id => params['logon_session'] ).first - if session - userdata = User.find( user_id = session.data[:user_id] ) + logon_session = ActiveRecord::SessionStore::Session.where( :session_id => params['logon_session'] ).first + if logon_session + userdata = User.find( user_id = logon_session.data[:user_id] ) end # set logon session user to current user From 335751f1333d65af63aa15d3f6e058dd4ef27ac4 Mon Sep 17 00:00:00 2001 From: Martin Edenhofer Date: Fri, 20 Apr 2012 09:07:07 +0200 Subject: [PATCH 03/11] Code cleanup. --- app/controllers/sessions_controller.rb | 1 - app/controllers/ticket_overviews_controller.rb | 2 +- app/models/user.rb | 15 --------------- 3 files changed, 1 insertion(+), 17 deletions(-) diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index ba44038b9..912d73e31 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -32,7 +32,6 @@ class SessionsController < ApplicationController # check logon session logon_session_key = nil if params['logon_session'] - puts 'create sessions session con' logon_session_key = Digest::MD5.hexdigest( rand(999999).to_s + Time.new.to_s ) ActiveRecord::SessionStore::Session.create( :session_id => logon_session_key, diff --git a/app/controllers/ticket_overviews_controller.rb b/app/controllers/ticket_overviews_controller.rb index f3be59117..bb65c3f53 100644 --- a/app/controllers/ticket_overviews_controller.rb +++ b/app/controllers/ticket_overviews_controller.rb @@ -4,7 +4,7 @@ class TicketOverviewsController < ApplicationController # GET /tickets # GET /tickets.json def show - + # build up attributes hash overview_selected = nil overviews = Overview.all diff --git a/app/models/user.rb b/app/models/user.rb index 011622bc8..2e32bc924 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -15,29 +15,15 @@ class User < ApplicationModel def self.authenticate( username, password ) user = User.where( :login => username, :active => true ).first return nil if user.nil? - logger.debug 'auth' - logger.debug username - logger.debug user.login - logger.debug password - logger.debug user.password - logger.debug user.inspect -# return user return user if user.password == password return end def self.create_from_hash!(hash) -# logger.debug(hash.inspect) -# raise hash.to_yaml -# exit url = '' if hash['info']['urls'] then url = hash['info']['urls']['Website'] || hash['info']['urls']['Twitter'] || '' end -# logger.debug(hash['info'].inspect) -# raise url.to_yaml -# exit -# logger.debug('aaaaaaaa') roles = Role.where( :name => 'Customer' ) create( :login => hash['info']['nickname'] || hash['uid'], @@ -61,7 +47,6 @@ class User < ApplicationModel user = User.find(user_id) data = user.attributes - # get linked accounts data['accounts'] = {} authorizations = user.authorizations() || [] From 8ef89f06351b541ba4a392b8e332ca13fbc90c69 Mon Sep 17 00:00:00 2001 From: Martin Edenhofer Date: Fri, 20 Apr 2012 09:22:51 +0200 Subject: [PATCH 04/11] Fixed server error with access via http basic auth. --- app/controllers/application_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index c2e86a545..a69cf48fd 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -146,7 +146,7 @@ class ApplicationController < ActionController::Base :o_id => object.id, :history_type_id => history_type.id, :history_object_id => history_object.id, - :created_by_id => session[:user_id] + :created_by_id => current_user.id ) end From cb4e9a874502f4e89d9879eb922c544b83750947 Mon Sep 17 00:00:00 2001 From: Martin Edenhofer Date: Fri, 20 Apr 2012 10:57:23 +0200 Subject: [PATCH 05/11] Code cleanup. --- .../javascripts/app/controllers/login.js.coffee | 14 +++----------- 1 file changed, 3 insertions(+), 11 deletions(-) diff --git a/app/assets/javascripts/app/controllers/login.js.coffee b/app/assets/javascripts/app/controllers/login.js.coffee index 3628921a4..ec5f18584 100644 --- a/app/assets/javascripts/app/controllers/login.js.coffee +++ b/app/assets/javascripts/app/controllers/login.js.coffee @@ -48,22 +48,14 @@ class Index extends App.Controller login: (e) -> e.preventDefault() - e.stopPropagation(); - - @log 'submit', $(e.target) - @username = $(e.target).find('[name="username"]').val() - @password = $(e.target).find('[name="password"]').val() -# @log @username, @password + params = @formParam(e.target) # session create with login/password auth = new App.Auth auth.login( - data: { - username: @username, - password: @password, - }, + data: params, success: @success - error: @error, + error: @error, ) success: (data, status, xhr) => From 47df83c4f73a57433cb68f680d094bced429cff5 Mon Sep 17 00:00:00 2001 From: Martin Edenhofer Date: Fri, 20 Apr 2012 10:58:31 +0200 Subject: [PATCH 06/11] Improved login wording (Username or email). Added functionality. --- .../javascripts/app/views/login.jst.eco | 4 ++-- app/models/user.rb | 23 ++++++++++++++++--- 2 files changed, 22 insertions(+), 5 deletions(-) diff --git a/app/assets/javascripts/app/views/login.jst.eco b/app/assets/javascripts/app/views/login.jst.eco index e4a345d1c..a8415287c 100644 --- a/app/assets/javascripts/app/views/login.jst.eco +++ b/app/assets/javascripts/app/views/login.jst.eco @@ -8,9 +8,9 @@
Sign in with
diff --git a/app/models/user.rb b/app/models/user.rb index 2e32bc924..b1b328e9e 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -13,10 +13,27 @@ class User < ApplicationModel store :preferences def self.authenticate( username, password ) + + # try to find user based on login user = User.where( :login => username, :active => true ).first - return nil if user.nil? - return user if user.password == password - return + + # try second lookup with email + if !user + user = User.where( :email => username, :active => true ).first + end + + # no user found + if !user + return nil + end + + # auth ok + if user.password == password + return user + end + + # auth failed + return false end def self.create_from_hash!(hash) From 29bd04b0bb1276a43d90bef038ef93219c0d7193 Mon Sep 17 00:00:00 2001 From: Martin Edenhofer Date: Fri, 20 Apr 2012 10:58:54 +0200 Subject: [PATCH 07/11] Fixed cancel link. --- app/assets/javascripts/app/views/signup.jst.eco | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/app/assets/javascripts/app/views/signup.jst.eco b/app/assets/javascripts/app/views/signup.jst.eco index 35ee8098c..d7e84af6c 100644 --- a/app/assets/javascripts/app/views/signup.jst.eco +++ b/app/assets/javascripts/app/views/signup.jst.eco @@ -5,8 +5,8 @@
<%- @form %> - - + Cancel +
From 2a1a78c21031a9dc663511b65747a1b7882d14ce Mon Sep 17 00:00:00 2001 From: Martin Edenhofer Date: Fri, 20 Apr 2012 10:59:54 +0200 Subject: [PATCH 08/11] Fixed missing btn class for primary buttons. --- app/assets/javascripts/app/views/agent_ticket_create.jst.eco | 2 +- app/assets/javascripts/app/views/getting_started.jst.eco | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/app/assets/javascripts/app/views/agent_ticket_create.jst.eco b/app/assets/javascripts/app/views/agent_ticket_create.jst.eco index f07b852c3..a4f088462 100644 --- a/app/assets/javascripts/app/views/agent_ticket_create.jst.eco +++ b/app/assets/javascripts/app/views/agent_ticket_create.jst.eco @@ -22,6 +22,6 @@
-   +  
diff --git a/app/assets/javascripts/app/views/getting_started.jst.eco b/app/assets/javascripts/app/views/getting_started.jst.eco index b62e5108a..061eba958 100644 --- a/app/assets/javascripts/app/views/getting_started.jst.eco +++ b/app/assets/javascripts/app/views/getting_started.jst.eco @@ -18,7 +18,7 @@

Master Agent

<%- @form_master %> - +
<% end %> @@ -26,7 +26,7 @@

Invite Agents

<%- @form_agent %> - +
From 0d26851a5e4762e952eebd35df9bb73beed70d33 Mon Sep 17 00:00:00 2001 From: Martin Edenhofer Date: Fri, 20 Apr 2012 14:24:37 +0200 Subject: [PATCH 09/11] Added remember_me feature to login page. --- .../javascripts/app/views/login.jst.eco | 5 ++++ app/assets/stylesheets/zzz.css | 9 +++++++ app/controllers/sessions_controller.rb | 27 +++++++++++-------- app/models/user.rb | 4 +++ 4 files changed, 34 insertions(+), 11 deletions(-) diff --git a/app/assets/javascripts/app/views/login.jst.eco b/app/assets/javascripts/app/views/login.jst.eco index a8415287c..645eaa34e 100644 --- a/app/assets/javascripts/app/views/login.jst.eco +++ b/app/assets/javascripts/app/views/login.jst.eco @@ -11,6 +11,11 @@ +
+ Remember me + · + Forgot password? +
diff --git a/app/assets/stylesheets/zzz.css b/app/assets/stylesheets/zzz.css index 39cd69db8..6181212bf 100644 --- a/app/assets/stylesheets/zzz.css +++ b/app/assets/stylesheets/zzz.css @@ -13,6 +13,15 @@ body { background-image: url("../assets/glyphicons-halflings.png"); } +/* + * + */ +.hero-unit .small { + font-size: 12px; + line-height: 20px; + color: #999999; +} + /* * removed margin of forms to not break the layout with submit buttons within
area e. g. for modal dialogs */ diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index 912d73e31..c62b3e094 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -5,8 +5,7 @@ class SessionsController < ApplicationController # "Create" a login, aka "log the user in" def create - logger.debug 'session create' -# logger.debug params.inspect + user = User.authenticate( params[:username], params[:password] ) # auth failed @@ -15,32 +14,34 @@ class SessionsController < ApplicationController return end + user = User.find_fulldata(user.id) + # do not show password user['password'] = '' - user['roles'] = user.roles.select('id, name').where(:active => true) - user['groups'] = user.groups.select('id, name').where(:active => true) - user['organization'] = user.organization - user['organizations'] = user.organizations.select('id, name').where(:active => true) - # auto population of default collections default_collection = default_collections() # set session user_id - session[:user_id] = user.id + session[:user_id] = user['id'] # check logon session logon_session_key = nil if params['logon_session'] logon_session_key = Digest::MD5.hexdigest( rand(999999).to_s + Time.new.to_s ) - ActiveRecord::SessionStore::Session.create( + session = ActiveRecord::SessionStore::Session.create( :session_id => logon_session_key, :data => { - :user_id => user.id + :user_id => user['id'] } ) end + # remember me - set session cookie to expire later + if params[:remember_me] + request.env['rack.session.options'][:expire_after] = 1.year.from_now + end + # return new session data render :json => { :session => user, @@ -92,10 +93,14 @@ class SessionsController < ApplicationController # "Delete" a login, aka "log the user out" def destroy - + # Remove the user id from the session @_current_user = session[:user_id] = nil + # reset session cookie (set :expire_after to '' in case remember_me is active) + request.env['rack.session.options'][:expire_after] = '' + request.env['rack.session.options'][:renew] = true + render :json => { } end diff --git a/app/models/user.rb b/app/models/user.rb index b1b328e9e..a827fee1c 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -14,6 +14,10 @@ class User < ApplicationModel def self.authenticate( username, password ) + # do not authenticate with nothing + return if !username + return if !password + # try to find user based on login user = User.where( :login => username, :active => true ).first From 575fb17964a1dc8eff5c7986d87a4299f1d014e9 Mon Sep 17 00:00:00 2001 From: Martin Edenhofer Date: Fri, 20 Apr 2012 14:25:13 +0200 Subject: [PATCH 10/11] Fixed warnings. --- app/controllers/ticket_overviews_controller.rb | 12 ++++++------ app/models/history.rb | 18 ++++++++++++------ 2 files changed, 18 insertions(+), 12 deletions(-) diff --git a/app/controllers/ticket_overviews_controller.rb b/app/controllers/ticket_overviews_controller.rb index bb65c3f53..5ec7048c2 100644 --- a/app/controllers/ticket_overviews_controller.rb +++ b/app/controllers/ticket_overviews_controller.rb @@ -376,7 +376,7 @@ class TicketOverviewsController < ApplicationController # load article ids # if item.history_object == 'Ticket' - tickets.push Ticket.find(item.o_id) + tickets.push Ticket.find( item['o_id'] ) # end # if item.history_object 'Ticket::Article' # tickets.push Ticket::Article.find(item.o_id) @@ -386,8 +386,8 @@ class TicketOverviewsController < ApplicationController # end # load users - if !users[item.created_by_id] - users[item.created_by_id] = user_data_full(item.created_by_id) + if !users[ item['created_by_id'] ] + users[ item['created_by_id'] ] = user_data_full( item['created_by_id'] ) end } @@ -411,7 +411,7 @@ class TicketOverviewsController < ApplicationController # load article ids # if item.history_object == 'Ticket' - tickets.push Ticket.find(item.o_id) + tickets.push Ticket.find( item['o_id'] ) # end # if item.history_object 'Ticket::Article' # tickets.push Ticket::Article.find(item.o_id) @@ -421,8 +421,8 @@ class TicketOverviewsController < ApplicationController # end # load users - if !users[item.created_by_id] - users[item.created_by_id] = user_data_full(item.created_by_id) + if !users[ item['created_by_id'] ] + users[ item['created_by_id'] ] = user_data_full( item['created_by_id'] ) end } diff --git a/app/models/history.rb b/app/models/history.rb index 9c52347d8..d95532c8f 100644 --- a/app/models/history.rb +++ b/app/models/history.rb @@ -25,12 +25,15 @@ class History < ActiveRecord::Base where( :history_type_id => History::Type.where( :name => ['created', 'updated']) ). order('created_at DESC, id DESC'). limit(10) + datas = [] stream.each do |item| - item['history_object'] = item.history_object - item['history_type'] = item.history_type + data = item.attributes + data['history_object'] = item.history_object + data['history_type'] = item.history_type + datas.push data # item['history_attribute'] = item.history_attribute end - return stream + return datas end def self.recent_viewed(user) @@ -40,12 +43,15 @@ class History < ActiveRecord::Base where( :history_type_id => History::Type.where( :name => ['viewed']) ). order('created_at DESC, id DESC'). limit(10) + datas = [] stream.each do |item| - item['history_object'] = item.history_object - item['history_type'] = item.history_type + data = item.attributes + data['history_object'] = item.history_object + data['history_type'] = item.history_type + datas.push data # item['history_attribute'] = item.history_attribute end - return stream + return datas end private From bcccd22ece952b83889561e917fe2138d5f09def Mon Sep 17 00:00:00 2001 From: Martin Edenhofer Date: Fri, 20 Apr 2012 16:11:37 +0200 Subject: [PATCH 11/11] Small style improvements. --- app/assets/javascripts/app/views/login.jst.eco | 4 ++-- app/assets/javascripts/app/views/signup.jst.eco | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/app/assets/javascripts/app/views/login.jst.eco b/app/assets/javascripts/app/views/login.jst.eco index 645eaa34e..25aa7364f 100644 --- a/app/assets/javascripts/app/views/login.jst.eco +++ b/app/assets/javascripts/app/views/login.jst.eco @@ -6,7 +6,7 @@
- Sign in with +

Sign in with