Commit dde9a2ee authored by Klaus Stein's avatar Klaus Stein
Browse files

Add sorcery and user model

parent e87a5114
......@@ -29,7 +29,9 @@ gem 'jbuilder' #, '~> 2.7'
# Use Redis adapter to run Action Cable in production
# gem 'redis', '~> 4.0'
# Use Active Model has_secure_password
# gem 'bcrypt', '~> 3.1.7'
gem 'bcrypt', '~> 3.1.7'
gem 'sorcery'
# Use Active Storage variant
# gem 'image_processing', '~> 1.2'
......
......@@ -75,6 +75,7 @@ GEM
rake (>= 10.4, < 14.0)
ast (2.4.2)
awesome_print (1.9.2)
bcrypt (3.1.16)
bindex (0.8.1)
bootsnap (1.8.0)
msgpack (~> 1.0)
......@@ -98,6 +99,10 @@ GEM
edtf (3.0.6)
activesupport (>= 3.0, < 7.0)
erubi (1.10.0)
faraday (2.2.0)
faraday-net_http (~> 2.0)
ruby2_keywords (>= 0.0.4)
faraday-net_http (2.0.1)
ffi (1.15.3)
globalid (0.5.2)
activesupport (>= 5.0)
......@@ -108,6 +113,7 @@ GEM
ruby-vips (>= 2.0.17, < 3)
jbuilder (2.11.2)
activesupport (>= 5.0.0)
jwt (2.3.0)
listen (3.7.0)
rb-fsevent (~> 0.10, >= 0.10.3)
rb-inotify (~> 0.9, >= 0.9.10)
......@@ -126,10 +132,19 @@ GEM
minitest (~> 5.10)
railties (~> 6.1.0)
msgpack (1.4.2)
multi_json (1.15.0)
multi_xml (0.6.0)
nio4r (2.5.8)
nokogiri (1.12.3)
mini_portile2 (~> 2.6.1)
racc (~> 1.4)
oauth (0.5.8)
oauth2 (1.4.9)
faraday (>= 0.17.3, < 3.0)
jwt (>= 1.0, < 3.0)
multi_json (~> 1.3)
multi_xml (~> 0.5)
rack (>= 1.2, < 3)
parallel (1.20.1)
parser (3.0.2.0)
ast (~> 2.4.1)
......@@ -206,11 +221,16 @@ GEM
ruby-progressbar (1.11.0)
ruby-vips (2.1.3)
ffi (~> 1.12)
ruby2_keywords (0.0.5)
rubyzip (2.3.2)
selenium-webdriver (3.142.7)
childprocess (>= 0.5, < 4.0)
rubyzip (>= 1.2.2)
semantic_range (3.0.0)
sorcery (0.16.3)
bcrypt (~> 3.1)
oauth (~> 0.5, >= 0.5.5)
oauth2 (~> 1.0, >= 0.8.0)
spring (2.1.1)
sprockets (4.0.2)
concurrent-ruby (~> 1.0)
......@@ -255,6 +275,7 @@ DEPENDENCIES
activerecord-postgis-adapter!
annotate
awesome_print
bcrypt (~> 3.1.7)
bootsnap (>= 1.4.4)
bullet
byebug
......@@ -274,6 +295,7 @@ DEPENDENCIES
rgeo-geojson
rubocop
selenium-webdriver
sorcery
spring
turbolinks
tzinfo-data
......
class UsersController < ApplicationController
before_action :set_user, only: %i[ show edit update destroy ]
# GET /users or /users.json
def index
@users = User.all
end
# GET /users/1 or /users/1.json
def show
end
# GET /users/new
def new
@user = User.new
end
# GET /users/1/edit
def edit
end
# POST /users or /users.json
def create
@user = User.new(user_params)
respond_to do |format|
if @user.save
format.html { redirect_to @user, notice: "User was successfully created." }
format.json { render :show, status: :created, location: @user }
else
format.html { render :new, status: :unprocessable_entity }
format.json { render json: @user.errors, status: :unprocessable_entity }
end
end
end
# PATCH/PUT /users/1 or /users/1.json
def update
respond_to do |format|
if @user.update(user_params)
format.html { redirect_to @user, notice: "User was successfully updated." }
format.json { render :show, status: :ok, location: @user }
else
format.html { render :edit, status: :unprocessable_entity }
format.json { render json: @user.errors, status: :unprocessable_entity }
end
end
end
# DELETE /users/1 or /users/1.json
def destroy
@user.destroy
respond_to do |format|
format.html { redirect_to users_url, notice: "User was successfully destroyed." }
format.json { head :no_content }
end
end
private
# Use callbacks to share common setup or constraints between actions.
def set_user
@user = User.find(params[:id])
end
# Only allow a list of trusted parameters through.
def user_params
params.require(:user).permit(:username, :password, :password_confirmation)
end
end
module UsersHelper
end
class User < ApplicationRecord
authenticates_with_sorcery!
validates :password, length: { minimum: 3 }, if: -> { new_record? || changes[:crypted_password] }
validates :password, confirmation: true, if: -> { new_record? || changes[:crypted_password] }
validates :password_confirmation, presence: true, if: -> { new_record? || changes[:crypted_password] }
validates :username, presence: true, length: { maximum: 255 }, uniqueness: true
end
<%= form_with(model: user) do |form| %>
<% if user.errors.any? %>
<div id="error_explanation">
<h2><%= pluralize(user.errors.count, "error") %> prohibited this user from being saved:</h2>
<ul>
<% user.errors.each do |error| %>
<li><%= error.full_message %></li>
<% end %>
</ul>
</div>
<% end %>
<div class="field">
<%= form.label :username %>
<%= form.text_field :username %>
</div>
<div class="field">
<%= form.label :password %>
<%= form.password_field :password %>
</div>
<div class="field">
<%= form.label :password_confirmation %>
<%= form.password_field :password_confirmation %>
</div>
<div class="actions">
<%= form.submit %>
</div>
<% end %>
json.extract! user, :id, :username, :password, :password_confirmation, :created_at, :updated_at
json.url user_url(user, format: :json)
<h1>Editing User</h1>
<%= render 'form', user: @user %>
<%= link_to 'Show', @user %> |
<%= link_to 'Back', users_path %>
<p id="notice"><%= notice %></p>
<h1>Users</h1>
<table>
<thead>
<tr>
<th>Username</th>
<th colspan="3"></th>
</tr>
</thead>
<tbody>
<% @users.each do |user| %>
<tr>
<td><%= user.username %></td>
<td><%= link_to 'Show', user %></td>
<td><%= link_to 'Edit', edit_user_path(user) %></td>
<td><%= link_to 'Destroy', user, method: :delete, data: { confirm: 'Are you sure?' } %></td>
</tr>
<% end %>
</tbody>
</table>
<br>
<%= link_to 'New User', new_user_path %>
json.array! @users, partial: "users/user", as: :user
<h1>New User</h1>
<%= render 'form', user: @user %>
<%= link_to 'Back', users_path %>
<p id="notice"><%= notice %></p>
<p>
<strong>Username:</strong>
<%= @user.username %>
</p>
<p>
<strong>Password:</strong>
********
</p>
<%= link_to 'Edit', edit_user_path(@user) %> |
<%= link_to 'Back', users_path %>
json.partial! "users/user", user: @user
# The first thing you need to configure is which modules you need in your app.
# The default is nothing which will include only core features (password encryption, login/logout).
#
# Available submodules are: :user_activation, :http_basic_auth, :remember_me,
# :reset_password, :session_timeout, :brute_force_protection, :activity_logging,
# :magic_login, :external
Rails.application.config.sorcery.submodules = []
# Here you can configure each submodule's features.
Rails.application.config.sorcery.configure do |config|
# -- core --
# What controller action to call for non-authenticated users. You can also
# override the 'not_authenticated' method of course.
# Default: `:not_authenticated`
#
# config.not_authenticated_action =
# When a non logged-in user tries to enter a page that requires login, save
# the URL he wants to reach, and send him there after login, using 'redirect_back_or_to'.
# Default: `true`
#
# config.save_return_to_url =
# Set domain option for cookies; Useful for remember_me submodule.
# Default: `nil`
#
# config.cookie_domain =
# Allow the remember_me cookie to be set through AJAX
# Default: `true`
#
# config.remember_me_httponly =
# Set token randomness. (e.g. user activation tokens)
# The length of the result string is about 4/3 of `token_randomness`.
# Default: `15`
#
# config.token_randomness =
# -- session timeout --
# How long in seconds to keep the session alive.
# Default: `3600`
#
# config.session_timeout =
# Use the last action as the beginning of session timeout.
# Default: `false`
#
# config.session_timeout_from_last_action =
# Invalidate active sessions. Requires an `invalidate_sessions_before` timestamp column
# Default: `false`
#
# config.session_timeout_invalidate_active_sessions_enabled =
# -- http_basic_auth --
# What realm to display for which controller name. For example {"My App" => "Application"}
# Default: `{"application" => "Application"}`
#
# config.controller_to_realm_map =
# -- activity logging --
# Will register the time of last user login, every login.
# Default: `true`
#
# config.register_login_time =
# Will register the time of last user logout, every logout.
# Default: `true`
#
# config.register_logout_time =
# Will register the time of last user action, every action.
# Default: `true`
#
# config.register_last_activity_time =
# -- external --
# What providers are supported by this app
# i.e. [:twitter, :facebook, :github, :linkedin, :xing, :google, :liveid, :salesforce, :slack, :line].
# Default: `[]`
#
# config.external_providers =
# You can change it by your local ca_file. i.e. '/etc/pki/tls/certs/ca-bundle.crt'
# Path to ca_file. By default use a internal ca-bundle.crt.
# Default: `'path/to/ca_file'`
#
# config.ca_file =
# Linkedin requires r_emailaddress scope to fetch user's email address.
# You can skip including the email field if you use an intermediary signup form. (using build_from method).
# The r_emailaddress scope is only necessary if you are using the create_from method directly.
#
# config.linkedin.key = ""
# config.linkedin.secret = ""
# config.linkedin.callback_url = "http://0.0.0.0:3000/oauth/callback?provider=linkedin"
# config.linkedin.user_info_mapping = {
# first_name: 'localizedFirstName',
# last_name: 'localizedLastName',
# email: 'emailAddress'
# }
# config.linkedin.scope = "r_liteprofile r_emailaddress"
#
#
# For information about XING API:
# - user info fields go to https://dev.xing.com/docs/get/users/me
#
# config.xing.key = ""
# config.xing.secret = ""
# config.xing.callback_url = "http://0.0.0.0:3000/oauth/callback?provider=xing"
# config.xing.user_info_mapping = {first_name: "first_name", last_name: "last_name"}
#
#
# Twitter will not accept any requests nor redirect uri containing localhost,
# Make sure you use 0.0.0.0:3000 to access your app in development
#
# config.twitter.key = ""
# config.twitter.secret = ""
# config.twitter.callback_url = "http://0.0.0.0:3000/oauth/callback?provider=twitter"
# config.twitter.user_info_mapping = {:email => "screen_name"}
#
# config.facebook.key = ""
# config.facebook.secret = ""
# config.facebook.callback_url = "http://0.0.0.0:3000/oauth/callback?provider=facebook"
# config.facebook.user_info_path = "me?fields=email"
# config.facebook.user_info_mapping = {:email => "email"}
# config.facebook.access_permissions = ["email"]
# config.facebook.display = "page"
# config.facebook.api_version = "v2.3"
# config.facebook.parse = :json
#
# config.instagram.key = ""
# config.instagram.secret = ""
# config.instagram.callback_url = "http://0.0.0.0:3000/oauth/callback?provider=instagram"
# config.instagram.user_info_mapping = {:email => "username"}
# config.instagram.access_permissions = ["basic", "public_content", "follower_list", "comments", "relationships", "likes"]
#
# config.github.key = ""
# config.github.secret = ""
# config.github.callback_url = "http://0.0.0.0:3000/oauth/callback?provider=github"
# config.github.user_info_mapping = {:email => "name"}
# config.github.scope = ""
#
# config.paypal.key = ""
# config.paypal.secret = ""
# config.paypal.callback_url = "http://0.0.0.0:3000/oauth/callback?provider=paypal"
# config.paypal.user_info_mapping = {:email => "email"}
#
# config.wechat.key = ""
# config.wechat.secret = ""
# config.wechat.callback_url = "http://0.0.0.0:3000/oauth/callback?provider=wechat"
#
# For Auth0, site is required and should match the domain provided by Auth0.
#
# config.auth0.key = ""
# config.auth0.secret = ""
# config.auth0.callback_url = "https://0.0.0.0:3000/oauth/callback?provider=auth0"
# config.auth0.site = "https://example.auth0.com"
#
# config.google.key = ""
# config.google.secret = ""
# config.google.callback_url = "http://0.0.0.0:3000/oauth/callback?provider=google"
# config.google.user_info_mapping = {:email => "email", :username => "name"}
# config.google.scope = "https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile"
#
# For Microsoft Graph, the key will be your App ID, and the secret will be your app password/public key.
# The callback URL "can't contain a query string or invalid special characters"
# See: https://docs.microsoft.com/en-us/azure/active-directory/active-directory-v2-limitations#restrictions-on-redirect-uris
# More information at https://graph.microsoft.io/en-us/docs
#
# config.microsoft.key = ""
# config.microsoft.secret = ""
# config.microsoft.callback_url = "http://0.0.0.0:3000/oauth/callback/microsoft"
# config.microsoft.user_info_mapping = {:email => "userPrincipalName", :username => "displayName"}
# config.microsoft.scope = "openid email https://graph.microsoft.com/User.Read"
#
# config.vk.key = ""
# config.vk.secret = ""
# config.vk.callback_url = "http://0.0.0.0:3000/oauth/callback?provider=vk"
# config.vk.user_info_mapping = {:login => "domain", :name => "full_name"}
# config.vk.api_version = "5.71"
#
# config.slack.callback_url = "http://0.0.0.0:3000/oauth/callback?provider=slack"
# config.slack.key = ''
# config.slack.secret = ''
# config.slack.user_info_mapping = {email: 'email'}
#
# To use liveid in development mode you have to replace mydomain.com with
# a valid domain even in development. To use a valid domain in development
# simply add your domain in your /etc/hosts file in front of 127.0.0.1
#
# config.liveid.key = ""
# config.liveid.secret = ""
# config.liveid.callback_url = "http://mydomain.com:3000/oauth/callback?provider=liveid"
# config.liveid.user_info_mapping = {:username => "name"}
# For information about JIRA API:
# https://developer.atlassian.com/display/JIRADEV/JIRA+REST+API+Example+-+OAuth+authentication
# To obtain the consumer key and the public key you can use the jira-ruby gem https://github.com/sumoheavy/jira-ruby
# or run openssl req -x509 -nodes -newkey rsa:1024 -sha1 -keyout rsakey.pem -out rsacert.pem to obtain the public key
# Make sure you have configured the application link properly
# config.jira.key = "1234567"
# config.jira.secret = "jiraTest"
# config.jira.site = "http://localhost:2990/jira/plugins/servlet/oauth"
# config.jira.signature_method = "RSA-SHA1"
# config.jira.private_key_file = "rsakey.pem"
# For information about Salesforce API:
# https://developer.salesforce.com/signup &
# https://www.salesforce.com/us/developer/docs/api_rest/
# Salesforce callback_url must be https. You can run the following to generate self-signed ssl cert:
# openssl req -new -newkey rsa:2048 -sha1 -days 365 -nodes -x509 -keyout server.key -out server.crt
# Make sure you have configured the application link properly
# config.salesforce.key = '123123'
# config.salesforce.secret = 'acb123'
# config.salesforce.callback_url = "https://127.0.0.1:9292/oauth/callback?provider=salesforce"
# config.salesforce.scope = "full"
# config.salesforce.user_info_mapping = {:email => "email"}
# config.line.key = ""
# config.line.secret = ""
# config.line.callback_url = "http://mydomain.com:3000/oauth/callback?provider=line"
# config.line.scope = "profile"
# config.line.bot_prompt = "normal"
# config.line.user_info_mapping = {name: 'displayName'}
# For information about Discord API
# https://discordapp.com/developers/docs/topics/oauth2
# config.discord.key = "xxxxxx"
# config.discord.secret = "xxxxxx"
# config.discord.callback_url = "http://localhost:3000/oauth/callback?provider=discord"
# config.discord.scope = "email guilds"
# For information about Battlenet API
# https://develop.battle.net/documentation/guides/using-oauth
# config.battlenet.site = "https://eu.battle.net/" #See Website for other Regional Domains
# config.battlenet.key = "xxxxxx"
# config.battlenet.secret = "xxxxxx"
# config.battlenet.callback_url = "http://localhost:3000/oauth/callback?provider=battlenet"
# config.battlenet.scope = "openid"
# --- user config ---
config.user_config do |user|
# -- core --
# Specify username attributes, for example: [:username, :email].
# Default: `[:email]`
#
user.username_attribute_names = [:username]
# Change *virtual* password attribute, the one which is used until an encrypted one is generated.
# Default: `:password`
#
# user.password_attribute_name =
# Downcase the username before trying to authenticate, default is false
# Default: `false`
#
# user.downcase_username_before_authenticating =
# Change default email attribute.
# Default: `:email`
#
# user.email_attribute_name =
# Change default crypted_password attribute.
# Default: `:crypted_password`
#
# user.crypted_password_attribute_name =
# What pattern to use to join the password with the salt
# Default: `""`
#
# user.salt_join_token =
# Change default salt attribute.
# Default: `:salt`
#
# user.salt_attribute_name =
# How many times to apply encryption to the password.
# Default: 1 in test env, `nil` otherwise
#
user.stretches = 1 if Rails.env.test?
# Encryption key used to encrypt reversible encryptions such as AES256.
# WARNING: If used for users' passwords, changing this key will leave passwords undecryptable!
# Default: `nil`
#
# user.encryption_key =
# Use an external encryption class.
# Default: `nil`
#
# user.custom_encryption_provider =
# Encryption algorithm name. See 'encryption_algorithm=' for available options.
# Default: `:bcrypt`
#
# user.encryption_algorithm =
# Make this configuration inheritable for subclasses. Useful for ActiveRecord's STI.
# Default: `false`
#
# user.subclasses_inherit_config =
# -- remember_me --
# change default remember_me_token attribute.
# Default: `:remember_me_token`
#
# user.remember_me_token_attribute_name =
# change default remember_me_token_expires_at attribute.
# Default: `:remember_me_token_expires_at`
#
# user.remember_me_token_expires_at_attribute_name =
# How long in seconds the session length will be
# Default: `60 * 60 * 24 * 7`
#
# user.remember_me_for =
# When true, sorcery will persist a single remember me token for all
# logins/logouts (to support remembering on multiple browsers simultaneously).
# Default: false
#
# user.remember_me_token_persist_globally =
# -- user_activation --
# The attribute name to hold activation state (active/pending).
# Default: `:activation_state`
#
# user.activation_state_attribute_name =
# The attribute name to hold activation code (sent by email).
# Default: `:activation_token`
#
# user.activation_token_attribute_name =
# The attribute name to hold activation code expiration date.
# Default: `:activation_token_expires_at`
#
# user.activation_token_expires_at_attribute_name =
# How many seconds before the activation code expires. nil for never expires.
# Default: `nil`
#
# user.activation_token_expiration_period =
# REQUIRED:
# User activation mailer class.
# Default: `nil`
#
# user.user_activation_mailer =
# When true, sorcery will not automatically