remove the old way of doing cross domain authentication (use the :domain => all option) + fix a couple of tiny bugs
This commit is contained in:
parent
a85db53520
commit
c9f07c823f
7
Gemfile
7
Gemfile
@ -15,7 +15,7 @@ gem 'mongoid', '~> 2.4.2'
|
||||
gem 'locomotive_mongoid_acts_as_tree', '~> 0.1.5.8'
|
||||
gem 'custom_fields', :path => '../gems/custom_fields' # DEV
|
||||
# gem 'custom_fields', :git => 'git://github.com/locomotivecms/custom_fields.git', :branch => '2.0.0.rc'
|
||||
gem 'kaminari'
|
||||
gem 'kaminari', '~> 0.13.0'
|
||||
|
||||
gem 'haml', '~> 3.1.3'
|
||||
gem 'sass-rails', '~> 3.1.5'
|
||||
@ -45,7 +45,6 @@ gem 'rack-cache', '~> 1.1', :require => 'rack/cache'
|
||||
gem 'mimetype-fu', '~> 0.1.2'
|
||||
gem 'actionmailer-with-request', '~> 0.3.0', :require => 'actionmailer_with_request'
|
||||
gem 'httparty', '~> 0.8.1'
|
||||
# gem 'delayed_job_mongoid', '~> 1.0.8'
|
||||
gem 'SystemTimer', :platforms => :ruby_18
|
||||
|
||||
# The rest of the dependencies are for use when in the locomotive dev environment
|
||||
@ -72,7 +71,3 @@ group :test do
|
||||
gem 'launchy'
|
||||
gem 'mocha', '0.9.12' # :git => 'git://github.com/floehopper/mocha.git'
|
||||
end
|
||||
|
||||
group :production do
|
||||
gem 'bushido', '0.0.35'
|
||||
end
|
||||
|
10
Gemfile.lock
10
Gemfile.lock
@ -51,11 +51,6 @@ GEM
|
||||
bson_ext (1.5.2)
|
||||
bson (= 1.5.2)
|
||||
builder (3.0.0)
|
||||
bushido (0.0.35)
|
||||
highline (>= 1.6.1)
|
||||
json (>= 1.4.6)
|
||||
orm_adapter (~> 0.0.3)
|
||||
rest-client (>= 1.6.1)
|
||||
cancan (1.6.7)
|
||||
capybara (1.1.2)
|
||||
mime-types (>= 1.16)
|
||||
@ -214,8 +209,6 @@ GEM
|
||||
rdoc (3.12)
|
||||
json (~> 1.4)
|
||||
responders (0.6.5)
|
||||
rest-client (1.6.7)
|
||||
mime-types (>= 1.16)
|
||||
rmagick (2.12.2)
|
||||
rspec (2.6.0)
|
||||
rspec-core (~> 2.6.0)
|
||||
@ -282,7 +275,6 @@ DEPENDENCIES
|
||||
actionmailer-with-request (~> 0.3.0)
|
||||
autotest
|
||||
bson_ext (~> 1.5.2)
|
||||
bushido (= 0.0.35)
|
||||
cancan (~> 1.6.7)
|
||||
capybara
|
||||
carrierwave-mongoid (~> 0.1.3)
|
||||
@ -304,7 +296,7 @@ DEPENDENCIES
|
||||
highline (~> 1.6.2)
|
||||
httparty (~> 0.8.1)
|
||||
jquery-rails (~> 1.0.16)
|
||||
kaminari
|
||||
kaminari (~> 0.13.0)
|
||||
launchy
|
||||
locomotive-aloha-rails (~> 0.20.1)
|
||||
locomotive-tinymce-rails (~> 3.4.7)
|
||||
|
@ -1,5 +1,4 @@
|
||||
#= require_self
|
||||
#= require_tree .
|
||||
#= require_tree ./utils
|
||||
#= require_tree ./models
|
||||
#= require_tree ./views
|
||||
|
@ -24,7 +24,7 @@ class Locomotive::GlobalActionsCell < ::Locomotive::MenuCell
|
||||
end
|
||||
|
||||
add :help, :url => '#', :class => 'tutorial', :id => 'help'
|
||||
add :logout, :url => destroy_locomotive_account_session_url, :confirm => t('locomotive.messages.confirm'), :method => :delete
|
||||
add :logout, :url => destroy_locomotive_session_url, :confirm => t('locomotive.messages.confirm'), :method => :delete
|
||||
end
|
||||
|
||||
def localize_label(label, options = {})
|
||||
|
@ -1,39 +0,0 @@
|
||||
module Locomotive
|
||||
class CrossDomainSessionsController < BaseController
|
||||
|
||||
layout '/locomotive/layouts/not_logged_in'
|
||||
|
||||
skip_before_filter :verify_authenticity_token
|
||||
|
||||
skip_before_filter :validate_site_membership
|
||||
|
||||
before_filter :require_account, :only => :new
|
||||
|
||||
skip_load_and_authorize_resource
|
||||
|
||||
def new
|
||||
if site = current_locomotive_account.sites.detect { |s| s._id.to_s == params[:target_id] }
|
||||
if Rails.env == 'development'
|
||||
@target = site.full_subdomain
|
||||
else
|
||||
@target = site.domains_without_subdomain.first || site.full_subdomain
|
||||
end
|
||||
|
||||
current_locomotive_account.reset_switch_site_token!
|
||||
else
|
||||
redirect_to admin_pages_path
|
||||
end
|
||||
end
|
||||
|
||||
def create
|
||||
if account = Account.find_using_switch_site_token(params[:token])
|
||||
account.reset_switch_site_token!
|
||||
sign_in(account)
|
||||
redirect_to pages_path
|
||||
else
|
||||
redirect_to new_locomotive_account_session_path, :alert => t('flash.locomotive.cross_domain_sessions.create.alert')
|
||||
end
|
||||
end
|
||||
|
||||
end
|
||||
end
|
@ -1,5 +1,3 @@
|
||||
require 'digest'
|
||||
|
||||
module Locomotive
|
||||
class Account
|
||||
|
||||
@ -10,7 +8,6 @@ module Locomotive
|
||||
## attributes ##
|
||||
field :name
|
||||
field :locale, :default => Locomotive.config.default_locale.to_s or 'en'
|
||||
field :switch_site_token
|
||||
|
||||
## validations ##
|
||||
validates_presence_of :name
|
||||
@ -26,20 +23,6 @@ module Locomotive
|
||||
@sites ||= Site.where({ 'memberships.account_id' => self._id })
|
||||
end
|
||||
|
||||
def reset_switch_site_token!
|
||||
self.switch_site_token = SecureRandom.base64(8).gsub("/", "_").gsub(/=+$/, "")
|
||||
self.save
|
||||
end
|
||||
|
||||
def self.find_using_switch_site_token(token, age = 1.minute)
|
||||
return if token.blank?
|
||||
self.where(:switch_site_token => token, :updated_at.gt => age.ago.utc).first
|
||||
end
|
||||
|
||||
def self.find_using_switch_site_token!(token, age = 1.minute)
|
||||
self.find_using_switch_site_token(token, age) || raise(::Mongoid::Errors::DocumentNotFound.new(self, token))
|
||||
end
|
||||
|
||||
# Create the API token which will be passed to all the requests to the Locomotive API.
|
||||
# It requires the credentials of an account with admin role.
|
||||
# If an error occurs (invalid account, ...etc), this method raises an exception that has
|
||||
|
@ -1,14 +0,0 @@
|
||||
- title t('.title')
|
||||
|
||||
= form_tag cross_domain_sessions_url(:host => @target, :port => request.port), :method => 'post' do
|
||||
|
||||
= hidden_field_tag 'token', current_locomotive_account.switch_site_token
|
||||
|
||||
.inner
|
||||
%p.notice= t('.notice')
|
||||
|
||||
.footer
|
||||
= submit_tag t('locomotive.buttons.switch_to_site')
|
||||
|
||||
:javascript
|
||||
$(document).ready(function() { setTimeout(function() { $('form').submit(); }, 1000); });
|
@ -4,15 +4,6 @@
|
||||
= render_cell 'locomotive/global_actions', :show, :current_locomotive_account => current_locomotive_account, :current_site_url => current_site_public_url
|
||||
|
||||
- if multi_sites? && current_locomotive_account.sites.size > 1
|
||||
#sites-picker{ :style => 'display: none' }
|
||||
%ul
|
||||
- current_locomotive_account.sites.each do |site|
|
||||
- unless current_site._id == site._id
|
||||
%li
|
||||
= link_to site.name, new_cross_domain_session_url(:target_id => site._id)
|
||||
|
||||
- if can?(:manage, Locomotive::Site)
|
||||
%p.action
|
||||
= link_to t('locomotive.sites_picker.new'), new_site_url
|
||||
= render 'locomotive/shared/site_picker'
|
||||
|
||||
= render_cell 'locomotive/content_locale_picker', :show, :site => current_site, :locale => current_content_locale
|
10
app/views/locomotive/shared/_site_picker.html.haml
Normal file
10
app/views/locomotive/shared/_site_picker.html.haml
Normal file
@ -0,0 +1,10 @@
|
||||
#sites-picker{ :style => 'display: none' }
|
||||
%ul
|
||||
- current_locomotive_account.sites.each do |site|
|
||||
- unless current_site._id == site._id
|
||||
%li
|
||||
= link_to site.name, pages_url(:host => site.full_subdomain, :port => request.port)
|
||||
|
||||
- if can?(:manage, Locomotive::Site)
|
||||
%p.action
|
||||
= link_to t('locomotive.sites_picker.new'), new_site_url
|
@ -8,6 +8,7 @@ Locomotive::Engine.routes.draw do
|
||||
:failure_app => 'Locomotive::Devise::FailureApp',
|
||||
:controllers => { :sessions => 'locomotive/sessions', :passwords => 'locomotive/passwords' } do
|
||||
match '/' => 'sessions#new'
|
||||
delete 'signout' => 'sessions#destroy', :as => :destroy_locomotive_session
|
||||
end
|
||||
|
||||
root :to => 'pages#index'
|
||||
@ -41,11 +42,6 @@ Locomotive::Engine.routes.draw do
|
||||
put :sort, :on => :collection
|
||||
end
|
||||
|
||||
# TODO
|
||||
resources :custom_fields, :path => 'custom/:parent/:slug/fields'
|
||||
|
||||
resources :cross_domain_sessions, :only => [:new, :create]
|
||||
|
||||
# installation guide
|
||||
match '/installation' => 'installation#show', :defaults => { :step => 1 }, :as => :installation
|
||||
match '/installation/:step' => 'installation#show', :as => :installation_step
|
||||
|
4
doc/TODO
4
doc/TODO
@ -106,8 +106,8 @@ x script to migrate existing site
|
||||
x i18n
|
||||
- heroku module for locomotive
|
||||
- refactoring
|
||||
- remove the cross domain authentication (use auth_token instead)
|
||||
- remove the import / export scripts
|
||||
x remove the import / export scripts
|
||||
x remove the cross domain authentication (use auth_token instead)
|
||||
- where to put Locomotive::InlineEditorMiddleware ?
|
||||
- upgrade to rails 3.2 (https://github.com/locomotivecms/engine/pull/281/files)
|
||||
|
||||
|
@ -1,24 +0,0 @@
|
||||
Feature: Cross Domain Authentication
|
||||
In order to manage a new site I created
|
||||
As an administrator signed in another site of mine
|
||||
I want to bypass the authentication
|
||||
|
||||
Background:
|
||||
Given I have the site: "test site" set up
|
||||
And I have the site: "another site" set up
|
||||
And I am an authenticated user
|
||||
|
||||
Scenario: Successful authentication
|
||||
When I go to pages
|
||||
Then I should see "Locomotive test website"
|
||||
When I follow "Locomotive test website #2"
|
||||
Then I should see "Cross-domain authentication"
|
||||
When I press "Go"
|
||||
Then I should see "Locomotive test website #2"
|
||||
|
||||
Scenario: Failed authentication because of an outdated token
|
||||
When I go to pages
|
||||
And I follow "Locomotive test website #2"
|
||||
And I forget to press the button on the cross-domain notice page
|
||||
And I press "Go"
|
||||
Then I should see "You need to sign in"
|
@ -63,7 +63,8 @@ module Locomotive
|
||||
|
||||
# cookies stored in mongodb (mongoid_store)
|
||||
Rails.application.config.session_store :mongoid_store, {
|
||||
:key => self.config.cookie_key
|
||||
:key => self.config.cookie_key,
|
||||
:domain => :all
|
||||
}
|
||||
|
||||
# add middlewares (dragonfly, font, seo, ...etc)
|
||||
|
@ -29,7 +29,7 @@ Gem::Specification.new do |s|
|
||||
|
||||
s.add_dependency 'custom_fields', '~> 2.0.0.rc2'
|
||||
|
||||
s.add_dependency 'kaminari'
|
||||
s.add_dependency 'kaminari', '~> 0.13.0'
|
||||
|
||||
s.add_dependency 'haml', '~> 3.1.3'
|
||||
s.add_dependency 'sass-rails', '~> 3.1.5'
|
||||
@ -60,7 +60,6 @@ Gem::Specification.new do |s|
|
||||
|
||||
s.add_dependency 'actionmailer-with-request', '~> 0.3.0'
|
||||
s.add_dependency 'httparty', '~> 0.8.1'
|
||||
# s.add_dependency 'delayed_job_mongoid', '~> 1.0.8'
|
||||
|
||||
s.files = Dir[ 'Gemfile',
|
||||
'{app}/**/*',
|
||||
|
@ -8,8 +8,8 @@ Locomotive.configure do |config|
|
||||
config.multi_sites do |multi_sites|
|
||||
# each new website you add will have a default entry based on a subdomain
|
||||
# and the multi_site_domain value (ex: website_1.locomotivehosting.com).
|
||||
# multi_sites.domain = 'engine.dev' #'myhostingplatform.com'
|
||||
multi_sites.domain = 'example.com'
|
||||
multi_sites.domain = 'engine.dev' #'myhostingplatform.com'
|
||||
# multi_sites.domain = 'example.com'
|
||||
|
||||
# define the reserved subdomains
|
||||
# Ex:
|
||||
|
@ -1,6 +1,6 @@
|
||||
# Be sure to restart your server when you modify this file.
|
||||
|
||||
Dummy::Application.config.session_store :cookie_store, key: '_dummy_session'
|
||||
Dummy::Application.config.session_store :cookie_store, key: '_dummy_session', :domain => :all
|
||||
|
||||
# Use the database for sessions instead of the cookie-based default,
|
||||
# which shouldn't be used to store highly confidential information
|
||||
|
@ -63,31 +63,4 @@ describe Locomotive::Account do
|
||||
|
||||
end
|
||||
|
||||
describe 'cross domain authentication' do
|
||||
|
||||
before(:each) do
|
||||
@account = FactoryGirl.build(:account)
|
||||
@account.stubs(:save).returns(true)
|
||||
end
|
||||
|
||||
it 'sets a token' do
|
||||
@account.reset_switch_site_token!.should be_true
|
||||
@account.switch_site_token.should_not be_empty
|
||||
end
|
||||
|
||||
context 'retrieving an account' do
|
||||
|
||||
it 'does not find it with an empty token' do
|
||||
Locomotive::Account.find_using_switch_site_token(nil).should be_nil
|
||||
end
|
||||
|
||||
it 'raises an exception if not found' do
|
||||
expect {
|
||||
Locomotive::Account.find_using_switch_site_token!(nil)
|
||||
}.to raise_error Mongoid::Errors::DocumentNotFound
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
end
|
||||
end
|
||||
|
Loading…
Reference in New Issue
Block a user