change devise config in routes.rb + clean code + fix broken tests

Gemfile

@@ -9,9 +9,10 @@ gem "bson_ext", ">= 1.0.1"
 gem "mongo_ext"
 gem "mongoid", ">= 2.0.0.beta6" 
 gem "mongoid_acts_as_tree", ">= 0.1.2"
+gem "mongo_session_store", :git => 'git://github.com/nmerouze/mongo_session_store.git'
 gem "warden"
-gem "devise", ">= 1.1.rc0"
-gem "haml", ">= 3.0.1"
+gem "devise", ">= 1.1.rc1"
+gem "haml", "3.0.1"
 gem "rmagick", "2.12.2"
 gem "aws"
 gem "jeweler"

app/controllers/admin/base_controller.rb

@@ -5,7 +5,7 @@ module Admin
   
     layout 'admin/application'
   
-    before_filter :authenticate_account!
+    before_filter :authenticate_admin!
       
     before_filter :require_site
     
@@ -48,7 +48,7 @@ module Admin
     end
   
     def set_locale
-      I18n.locale = current_account.locale
+      I18n.locale = current_admin.locale
     end
   
   end

app/controllers/admin/my_accounts_controller.rb

@@ -4,11 +4,11 @@ module Admin
     sections 'settings', 'account'
     
     def edit
-      @account = current_account
+      @account = current_admin
     end
     
     def update
-      @account = current_account
+      @account = current_admin
       if @account.update_attributes(params[:account])
         flash_success!      
         redirect_to edit_admin_my_account_url

app/controllers/admin/sites_controller.rb

@@ -11,7 +11,7 @@ module Admin
       @site = Site.new(params[:site])
 
       if @site.save
-        @site.memberships.create :account => @current_account, :admin => true
+        @site.memberships.create :account => @current_admin, :admin => true
         flash_success!
         redirect_to edit_admin_my_account_url
       else
@@ -21,7 +21,7 @@ module Admin
     end
   
     def destroy
-      @site = current_account.sites.detect { |s| s._id == params[:id] }
+      @site = current_admin.sites.detect { |s| s._id == params[:id] }
     
       if @site != current_site
         @site.destroy

app/helpers/admin/accounts_helper.rb

@@ -1,7 +1,7 @@
 module Admin::AccountsHelper
   
   def admin_on?(site = current_site)
-    site.memberships.detect { |a| a.admin? && a.account == current_account }
+    site.memberships.detect { |a| a.admin? && a.account == current_admin }
   end
   
 end

app/views/admin/current_sites/_form.html.haml

@@ -40,6 +40,6 @@
     %li{ :class => "item #{'last' if index == @site.memberships.size - 1}" }
       %strong= account.name
       %em= account.email
-      - if account != current_account
+      - if account != current_admin
         %span.actions
           = link_to image_tag('admin/form/icons/trash.png'), admin_membership_url(membership), :class => 'remove first', :confirm => t('admin.messages.confirm'), :method => :delete

app/views/admin/passwords/edit.html.haml

@@ -1,6 +1,6 @@
 - title t('.title')
 
-= semantic_form_for(resource, :as => resource_name, :url => password_path, :html => { :method => :put }) do |f|
+= semantic_form_for(resource, :as => resource_name, :url => password_path(resource_name), :html => { :method => :put }) do |f|
 
   = f.hidden_field :reset_password_token
 
@@ -12,7 +12,7 @@
       = f.input :password_confirmation, :label => t('.password_confirmation'), :required => false
   
     %p.link
-      = link_to t('.link'), new_account_session_path
+      = link_to t('.link'), new_admin_session_path
         
   .footer
     = login_button_tag t('admin.buttons.change_password')

app/views/admin/passwords/new.html.haml

@@ -1,6 +1,6 @@
 - title t('.title')
 
-= semantic_form_for(resource, :as => resource_name, :url => password_path) do |f|
+= semantic_form_for(resource, :as => resource_name, :url => password_path(resource_name)) do |f|
   
   = f.hidden_field :reset_password_token
   
@@ -11,7 +11,7 @@
       = f.input :email, :label => t('.email'), :required => false
     
     %p.link
-      = link_to t('.link'), new_account_session_path
+      = link_to t('.link'), new_admin_session_path
         
   .footer
     = login_button_tag t('admin.buttons.send_password')

app/views/admin/sessions/new.html.haml

@@ -9,7 +9,7 @@
       = f.input :password, :label => t('.password'), :required => false
 
     %p.link
-      = link_to t('.link'), new_password_path
+      = link_to t('.link'), new_admin_password_path
         
   .footer
     = login_button_tag t('admin.buttons.login')

app/views/admin/shared/_header.html.haml

@@ -1,8 +1,8 @@
 %h1= link_to current_site.name, '#'
 
 #global-actions-bar
-  = t('.welcome', :name => link_to(current_account.name, edit_admin_my_account_url))
+  = t('.welcome', :name => link_to(current_admin.name, edit_admin_my_account_url))
   %span= '|'
   = link_to t('.see'), main_site_url
   %span= '|'
-  = link_to t('.logout'), destroy_account_session_url, :confirm => t('admin.messages.confirm')
+  = link_to t('.logout'), destroy_admin_session_url, :confirm => t('admin.messages.confirm')

app/views/devise/confirmations/new.html.haml

@@ -1,12 +0,0 @@
-%h2
-  Resend confirmation instructions
-= form_for(resource_name, resource, :url => confirmation_path(resource_name)) do |f|
-= f.error_messages
-%p
-  = f.label :email
-%p
-  = f.text_field :email
-%p
-  = f.submit "Resend confirmation instructions"
-- end
-= render :partial => "devise/shared/links"

app/views/devise/mailer/reset_password_instructions.html.haml

@@ -5,7 +5,7 @@
 %p
   Someone has requested a link to change your password, and you can do this through the link below.
 %p
-  = link_to 'Change my password', edit_password_url(@resource, :reset_password_token => @resource.reset_password_token)
+  = link_to 'Change my password', edit_admin_password_url(@resource, :reset_password_token => @resource.reset_password_token)
 %p
   If you didn't request this, please ignore this email.
 %p

app/views/devise/registrations/edit.html.haml

@@ -1,35 +0,0 @@
-%h2
-  Edit
-  = resource_name.to_s.humanize
-= form_for(resource_name, resource, :url => registration_path(resource_name), :html => { :method => :put }) do |f|
-= f.error_messages
-%p
-  = f.label :email
-%p
-  = f.text_field :email
-%p
-  = f.label :password
-  %i
-    (leave blank if you don't want to change it)
-%p
-  = f.password_field :password
-%p
-  = f.label :password_confirmation
-%p
-  = f.password_field :password_confirmation
-%p
-  = f.label :current_password
-  %i
-    (we need your current password to confirm your changes)
-%p
-  = f.password_field :current_password
-%p
-  = f.submit "Update"
-- end
-%h3
-  Cancel my account
-%p
-  Unhappy?
-  = link_to "Cancel my account", registration_path(resource_name), :confirm => "Are you sure?", :method => :delete
-  \.
-= link_to "Back", :back

app/views/devise/registrations/new.html.haml

@@ -1,20 +0,0 @@
-%h2
-  Sign up
-= form_for(resource_name, resource, :url => registration_path(resource_name)) do |f|
-= f.error_messages
-%p
-  = f.label :email
-%p
-  = f.text_field :email
-%p
-  = f.label :password
-%p
-  = f.password_field :password
-%p
-  = f.label :password_confirmation
-%p
-  = f.password_field :password_confirmation
-%p
-  = f.submit "Sign up"
-- end
-= render :partial => "devise/shared/links"

app/views/devise/sessions/new.html.haml

@@ -1,22 +0,0 @@
-
-
-/ = form_for(resource, :as => resource_name, :url => session_path(resource_name)) do |f|
-/   %p 
-/     = f.label :email
-/   %p 
-/     = f.text_field :email
-/   
-/   %p 
-/     = f.label :password
-/   %p 
-/     = f.password_field :password
-/ 
-/   - if devise_mapping.rememberable?
-/     %p 
-/       = f.check_box :remember_me
-/       = f.label :remember_me
-/ 
-/   %p 
-/     = f.submit "Sign in"
-/ 
-/ = link_to "Forgot your password?", new_password_path(resource_name)

app/views/devise/shared/_links.haml

@@ -1,20 +0,0 @@
-- if controller_name != 'sessions'
-= link_to "Sign in", new_session_path(resource_name)
-%br
-- end
-- if devise_mapping.registerable? && controller_name != 'registrations'
-= link_to "Sign up", new_registration_path(resource_name)
-%br
-- end
-- if devise_mapping.recoverable? && controller_name != 'passwords'
-= link_to "Forgot your password?", new_password_path(resource_name)
-%br
-- end
-- if devise_mapping.confirmable? && controller_name != 'confirmations'
-= link_to "Didn't receive confirmation instructions?", new_confirmation_path(resource_name)
-%br
-- end
-- if devise_mapping.lockable? && controller_name != 'unlocks'
-= link_to "Didn't receive unlock instructions?", new_unlock_path(resource_name)
-%br
-- end

app/views/devise/unlocks/new.html.haml

@@ -1,12 +0,0 @@
-%h2
-  Resend unlock instructions
-= form_for(resource_name, resource, :url => unlock_path(resource_name)) do |f|
-= f.error_messages
-%p
-  = f.label :email
-%p
-  = f.text_field :email
-%p
-  = f.submit "Resend unlock instructions"
-- end
-= render :partial => "devise/shared/links"

config/application.rb

@@ -41,9 +41,13 @@ module Locomotive
     #   g.test_framework  :test_unit, :fixture => true
     # end
     
+    # Configure the default encoding used in templates for Ruby 1.9.
+    config.encoding = "utf-8"
+
     # Configure sensitive parameters which will be filtered from the log file.
     config.filter_parameters << :password    
         
-    config.secret_token = '968a457262807c64e3ed5609882e17a774b917f5bcf2d308bd37eac4ba4d416d5692e6b13d77523fddb94c1dd603f160db8492b86b5e0203240bf339fe2aeae4'
+    # config.action_controller.session_store :cookie_store, { :key => "_myapp_session" }
+    # config.secret_token = '968a457262807c64e3ed5609882e17a774b917f5bcf2d308bd37eac4ba4d416d5692e6b13d77523fddb94c1dd603f160db8492b86b5e0203240bf339fe2aeae4'    
   end
 end

config/boot.rb

@@ -1,17 +1,6 @@
-# Use Bundler (preferred)
-begin
-  require File.expand_path('../../.bundle/environment', __FILE__)
-rescue LoadError
 require 'rubygems'
+# Set up gems listed in the Gemfile.
+if File.exist?(File.expand_path('../../Gemfile', __FILE__))
   require 'bundler'
   Bundler.setup
-
-  # To use 2.x style vendor/rails and RubyGems
-  #
-  # vendor_rails = File.expand_path('../../vendor/rails', __FILE__)
-  # if File.exist?(vendor_rails)
-  #   Dir["#{vendor_rails}/*/lib"].each { |path| $:.unshift(path) }
-  # end
-  #
-  # require 'rubygems'
 end

config/initializers/mongoid.rb

@@ -15,21 +15,10 @@ module Mongoid #:nodoc:
           end
         end
       
-        # Rails.logger.debug "conditions = #{conditions.inspect} / #{options[:scope].inspect}"
-        
         return if document.class.where(conditions).empty?
       
-        # if document.new_record? || key_changed?(document)
         document.errors.add(attribute, :taken, :default => options[:message], :value => value)
-        # end
       end
-
-      # protected
-      # def key_changed?(document)
-      #   (document.primary_key || {}).each do |key|
-      #     return true if document.send("#{key}_changed?")
-      #   end; false
-      # end
     end
   end
   
@@ -42,4 +31,14 @@ module Mongoid #:nodoc:
       end      
     end
   end
+  
+  # FIX BUG about accepts_nested_attributes_for  
+  module Document
+    module InstanceMethods
+      def remove(child)
+        name = child.association_name
+        @attributes.remove(name, child.raw_attributes)
+      end
+    end
+  end
 end

config/initializers/secret_token.rb

@@ -0,0 +1,7 @@
+# Be sure to restart your server when you modify this file.
+
+# Your secret key for verifying the integrity of signed cookies.
+# If you change this key, all old signed cookies will become invalid!
+# Make sure the secret is at least 30 characters and all random, 
+# no regular words or you'll be exposed to dictionary attacks.
+Rails.application.config.secret_token = 'aa84844b97e90edda8e005a686d82c3bef1f8e20a1255301f1d0886fc592a45ef2393d64b0c3d3ea858b1f6406ad6f15305666264716a79fcfa17de93ad0d69d'

config/routes.rb

@@ -6,13 +6,7 @@ Rails.application.routes.draw do |map|
   end
   
   # admin authentication
-  Devise.register(:accounts, :controllers => { :sessions => 'admin/sessions', :passwords => 'admin/passwords' }) # bypass the devise_for :accounts  
-  scope '/admin' do
-    get 'login' => 'admin/sessions#new', :as => :new_account_session
-    post 'login' => 'admin/sessions#create', :as => :account_session
-    get 'logout' => 'admin/sessions#destroy', :as => :destroy_account_session    
-    resource :password, :only => [:new, :create, :edit, :update], :controller => 'admin/passwords'
-  end
+  devise_for :admin, :class_name => 'Account', :controllers => { :sessions => 'admin/sessions', :passwords => 'admin/passwords' }
     
   # admin interface for each website
   namespace 'admin' do

doc/TODO

@@ -1,17 +1,16 @@
 BOARD:  
   
 - deploy on Heroku
-- password resets (url is not handled correctly)
-- mongoid hack for nested attributes
+- convert 2 plugins into gems (mongo_session_store / actionmailer_with_request)
   
 BACKLOG:
 
-- devise messages in French
+- localize application in French
+  - admin
+  - devise
+  - carrierwave
   - localize devise emails
 
-- cucumber features for admin pages
-- refactoring admin crud (pages + layouts + snippets)
-
 - theme assets: disable version if not image
 
 - new custom field types
@@ -19,7 +18,9 @@ BACKLOG:
   - boolean
   - date
 
+- refactoring admin crud (pages + layouts + snippets)
 - refactor slugify method (use parameterize + create a module)
+- cucumber features for admin pages
 
 BUGS:
 
@@ -118,3 +119,5 @@ x make an engine:
   x helpers do not work
 x missing translation in english
 x api security option in content types
+x password resets (url is not handled correctly)
+x mongoid hack for nested attributes

features/admin/login.feature

@@ -6,14 +6,14 @@ Feature: Login
 
 Scenario: Successful authentication
   When I go to login
-  And I fill in "account_email" with "admin@locomotiveapp.org"
-  And I fill in "account_password" with "easyone"
+  And I fill in "admin_email" with "admin@locomotiveapp.org"
+  And I fill in "admin_password" with "easyone"
   And I press "Log in"
   Then I should see "Listing pages"
   
 Scenario: Failed authentication
   When I go to login
-  And I fill in "account_email" with "admin@locomotiveapp.org"
-  And I fill in "account_password" with ""
+  And I fill in "admin_email" with "admin@locomotiveapp.org"
+  And I fill in "admin_password" with ""
   And I press "Log in"
   Then I should not see "Listing pages"

features/step_definitions/admin_steps.rb

@@ -10,14 +10,14 @@ end
 ### Authentication
 
 Given /^I am not authenticated$/ do
-  visit('/admin/logout')
+  visit('/admin/sign_out')
 end
 
 
 Given /^I am an authenticated user$/ do
   Given %{I go to login}
-  And %{I fill in "account_email" with "admin@locomotiveapp.org"}
-  And %{I fill in "account_password" with "easyone"}
+  And %{I fill in "admin_email" with "admin@locomotiveapp.org"}
+  And %{I fill in "admin_password" with "easyone"}
   And %{I press "Log in"}
 end
 

features/support/env.rb

@@ -37,23 +37,11 @@ require 'factory_girl'
 require 'spec/factories'
 
 Before do
-  Mongoid.master.collections.each(&:drop)
+  Mongoid.master.collections.select { |c| c.name != 'system.indexes' }.each(&:drop)
 end
 
 Locomotive.configure do |config|
   config.default_domain = 'example.com'
 end
 
-# class ActionController::Integration::Session
-#   def reset_with_test_subdomain!
-#     self.reset_without_test_subdomain!
-#     self.host = "test.example.com"
-#   end  
-#   alias_method_chain :reset!, :test_subdomain  
-# end
-# 
-# class ActionDispatch::Integration::Session
-#   DEFAULT_HOST = 'test.example.com'
-# end
-
 Capybara.default_host = 'test.example.com'

features/support/paths.rb

@@ -11,9 +11,9 @@ module NavigationHelpers
     when /the home\s?page/
       '/'
     when /login/
-      new_account_session_path
+      new_admin_session_path
     when /logout/
-      destroy_account_session_path
+      destroy_admin_session_path
     when /pages/
       admin_pages_path
 

lib/locomotive.rb

@@ -3,6 +3,8 @@ require 'locomotive/configuration'
 require 'locomotive/liquid'
 require 'locomotive/mongoid'
 
+require 'mongo_session_store/mongoid'
+
 module Locomotive
   
   class << self
@@ -26,7 +28,7 @@ module Locomotive
     
     ActionMailer::Base.default_url_options[:host] = Locomotive.config.default_domain + (Rails.env.development? ? ':3000' : '')
 
-    Rails.application.config.session_store :cookie_store, {
+    Rails.application.config.session_store :mongoid_store, {
       :key => Locomotive.config.cookie_key,
       :domain => ".#{Locomotive.config.default_domain}"
     }

lib/locomotive/render.rb

@@ -24,7 +24,7 @@ module Locomotive
         path = 'index' if path.blank?
         
         if page = current_site.pages.where(:fullpath => path).first
-          if not page.published? and current_account.nil?
+          if not page.published? and current_admin.nil?
             page = nil
           end
         end

lib/locomotive/routing/site_dispatcher.rb

@@ -31,7 +31,7 @@ module Locomotive
         end
         
         def validate_site_membership
-          return if current_site && current_site.accounts.include?(current_account)          
+          return if current_site && current_site.accounts.include?(current_admin)
           redirect_to application_root_url
         end
         

spec/lib/locomotive/render_spec.rb

@@ -61,7 +61,7 @@ describe 'Locomotive rendering system' do
       
       before(:each) do
         @page.published = false
-        @controller.current_account = nil
+        @controller.current_admin = nil
       end
     
       it 'should return the 404 page if the page has not been published yet' do
@@ -72,7 +72,7 @@ describe 'Locomotive rendering system' do
       end
       
       it 'should not return the 404 page if the page has not been published yet and admin is logged in' do
-        @controller.current_account = true
+        @controller.current_admin = true
         @controller.request.fullpath = '/contact'
         @controller.current_site.pages.expects(:where).with({ :fullpath => 'contact' }).returns([@page])
         @controller.send(:locomotive_page).should == @page

spec/spec_helper.rb

@@ -12,6 +12,6 @@ Rspec.configure do |config|
   config.mock_with :mocha
   
   config.before(:each) do
-    Mongoid.master.collections.each(&:drop)
+    Mongoid.master.collections.select { |c| c.name != 'system.indexes' }.each(&:drop)
   end
 end

spec/support/locomotive.rb

@@ -7,7 +7,7 @@ module Locomotive
    
     include Locomotive::Render
    
-    attr_accessor :output, :current_site, :current_account
+    attr_accessor :output, :current_site, :current_admin
    
     def render(options = {})
       self.output = options[:text]

vendor/plugins/custom_fields/Gemfile

@@ -3,7 +3,7 @@ source "http://gemcutter.org"
 gem "bson_ext", ">= 1.0.1"
 gem "mongo_ext"
 gem "mongoid", ">= 2.0.0.beta6"
-gem "activesupport", ">= 3.0.0.beta3"
+gem "activesupport", ">= 3.0.0.beta4"
 
 group :test do
   gem 'rspec', '>= 2.0.0.beta.10'