authentification forum améliorée

2014-06-19 12:16:51 +02:00 · 2014-06-19 12:16:51 +02:00 · 1c8ef315d1
commit 1c8ef315d1
parent 1ebac02e7f
12 changed files with 179 additions and 22 deletions
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@ -25,11 +25,15 @@ class ApplicationController < ActionController::Base
  private
    def current_fuser
-      if session[:forum_user_id] and ForumUser.exists?(session[:forum_user_id])
+      
-        @current_fuser = ForumUser.find(session[:forum_user_id])
+      @current_fuser ||= ForumUser.find_by_auth_token!(cookies[:forum_auth_token]) if cookies[:forum_auth_token]
-      else
+      
-        nil
+      
-      end
+      #if session[:forum_user_id] and ForumUser.exists?(session[:forum_user_id])
      #  @current_fuser = ForumUser.find(session[:forum_user_id])
      #else
      #  nil
      #end
    end
--- a/app/controllers/forum/auths_controller.rb
+++ b/app/controllers/forum/auths_controller.rb
@ -10,8 +10,20 @@ class Forum::AuthsController < ApplicationController
    @forum = true
    user = ForumUser.find_by_email(params[:email])
    if user && user.authenticate(params[:password])
-      session[:forum_user_id] = user.id
+      #session[:forum_user_id] = user.id
      if params[:remember_me]
        cookies.permanent[:forum_auth_token] = user.auth_token
      else
        cookies[:forum_auth_token] = user.auth_token
      end
      redirect_to forum_forum_topics_path, notice: "Connecté !"
    else
      flash.now.alert = "Email ou mot de passe incorect"
      render "new"
@ -19,7 +31,7 @@ class Forum::AuthsController < ApplicationController
  end
  def destroy
-    session[:forum_user_id] = nil
+    cookies.delete(:forum_auth_token)
    redirect_to forum_forum_users_path, notice: "Déconnecté."
  end
 end
--- a/app/controllers/forum/password_resets_controller.rb
+++ b/app/controllers/forum/password_resets_controller.rb
@ -0,0 +1,52 @@
 # -*- encoding : utf-8 -*-
 class Forum::PasswordResetsController < ApplicationController
  layout "connexion"
  def new
    @forum = true
  end
  def create
    @forum = true
    forum_user = ForumUser.find_by_email(params[:email])
    if forum_user
      forum_user.reset_password_token = SecureRandom.urlsafe_base64(nil, false)
      forum_user.reset_password_sent_at  = Time.now
      forum_user.save
      ForumMails.reset_password(forum_user).deliver
      redirect_to forum_forum_topics_path, notice: "Un message vient de vous être envoyé avec un lien pour réinitialiser votre mot de passe."
    else
      flash.now.alert = "Email incorect"
      render "new"
    end
  end
  def edit
    @forum = true
    @forum_user = ForumUser.find_by_reset_password_token(params[:id])
    if @forum_user and @forum_user.reset_password_sent_at > Time.now - 1.day
    else
    end
  end
  def update
    @forum = true
    @forum_user = ForumUser.find_by_reset_password_token(params[:id])
    if @forum_user.update_attributes(params.require(:forum_user).permit(:password, :password_confirmation))
      redirect_to forum_forum_topics_path, :notice => "Votre mot de passe a bien été changé, vous pouvez vous connecter dès maintenant."
  	else
  		render :action => "edit" 
  	end
  end
 end
--- a/app/mailers/forum_mails.rb
+++ b/app/mailers/forum_mails.rb
@ -0,0 +1,16 @@
 class ForumMails < ActionMailer::Base
  layout 'mail'
  default from: "Le Pic Vert <contact@lepicvert.asso.fr>"
  def reset_password(forum_user, options = {})
    @forum_user = forum_user
    @options = options
    mail(:to => forum_user.email, :from => @from, :subject => "Réinitialisation de votre mot de passe.")
  end
 end
--- a/app/models/forum_user.rb
+++ b/app/models/forum_user.rb
@ -14,27 +14,39 @@ class ForumUser < ActiveRecord::Base
  has_many :images, :class_name => "ForumUserImage", :order => "created_at DESC"
  belongs_to :sheet
  before_create { generate_token(:auth_token) }
  attr_accessor :skip_sheet_validation
  def generate_token(column)
    begin
      self[column] = SecureRandom.urlsafe_base64
    end while ForumUser.exists?(column => self[column])
  end
  before_validation do
-    if sheet_number?
+    if !skip_sheet_validation
-      @sheet = Sheet.where(:sheet_number => sheet_number).first
+      if sheet_number?
-      if !@sheet
+        @sheet = Sheet.where(:sheet_number => sheet_number).first
-        errors.add :sheet_number, "Votre numéro adhérent n'est pas valide."
+        if !@sheet
          errors.add :sheet_number, "Votre numéro adhérent n'est pas valide."
-      else
+        else
-        self.sheet_id = @sheet.id
+          self.sheet_id = @sheet.id
-        if @sheet.last_year < Date.today.year
+          if @sheet.last_year < Date.today.year
-          errors.add :sheet_number, "Votre cotisation n'est pas à jour, merci de nous contacter."
+            errors.add :sheet_number, "Votre cotisation n'est pas à jour, merci de nous contacter."
-        end
+          end
        end
      elsif self.id
      else
        errors.add :sheet_number, "Vous devez saisir votre numéro adhérent (présent en bas de chaque mails)."
      end
    elsif self.id
    else
      errors.add :sheet_number, "Vous devez saisir votre numéro adhérent (présent en bas de chaque mails)."
    end
  end
 end
--- a/app/views/forum/auths/new.haml
+++ b/app/views/forum/auths/new.haml
@ -9,10 +9,15 @@
  %p
    = label_tag :password, "Mot de passe :"
    = password_field_tag :password 
  %p
    =check_box_tag :remember_me, 1,params[:remember_me]
    = label_tag :password, "Rester connecter ?"
  %p= submit_tag "Se connecter", :class => "btn btn-primary" 
  %p
    Pas encore inscrit ?
    =link_to "M'inscrire.", new_forum_forum_user_path
    ="-"
    =link_to "Mot de passe perdu ?", new_forum_password_reset_path
--- a/app/views/forum/password_resets/edit.haml
+++ b/app/views/forum/password_resets/edit.haml
@ -0,0 +1,13 @@
 =image_tag("logo.png", :style => "width:200px;display:block;margin:auto;margin-bottom:2em;")
 %h1 Mot de passe perdu
 %p Vous pouvez définir votre nouveau mot de passe ci-dessous :
 = semantic_form_for @forum_user, :url => forum_password_reset_path(params[:id]) do |f| 
  =f.inputs do 
    = f.input :password, :label => "Mot de passe"
    = f.input :password_confirmation, :label => "Confirmation"
  %br
  =f.submit "Sauvegarder", :class => "btn btn-primary"
--- a/app/views/forum/password_resets/new.haml
+++ b/app/views/forum/password_resets/new.haml
@ -0,0 +1,17 @@
 =image_tag("logo.png", :style => "width:200px;display:block;margin:auto;margin-bottom:2em;")
 %h1 Mot de passe perdu
 = form_tag forum_password_resets_path do
  %p
    = label_tag :email, "email :"
    = text_field_tag :email, params[:email]
  %p= submit_tag "Se connecter", :class => "btn btn-primary" 
  %p
    =link_to "Pas encore inscrit ?", new_forum_forum_user_path
    ="-"
    =link_to "Connexion", new_forum_auth_path
--- a/app/views/forum_mails/reset_password.html.haml
+++ b/app/views/forum_mails/reset_password.html.haml
@ -0,0 +1,11 @@
 %p
  Bonjour,
 %p
  Vous avez fait une demande sur le forum de l'association "Le Pic Vert" pour réinitialiser votre mot de passe.
 %p
  Vous pouvez suivre ce lien pour définir votre nouveau mot de passe :
 %p{:style => "text-align:center;"}
  -url = edit_forum_password_reset_url(:id => @forum_user.reset_password_token)
  =link_to url, url
 %p A bientôt !
 %p L'équipe du forum.
--- a/config/routes.rb
+++ b/config/routes.rb
@ -71,6 +71,7 @@ Survey::Application.routes.draw do
    resources :forums
    resources :forum_categories
    resources :forum_users
    resources :password_resets
    resources :forum_user_images do
      member do
        get :rotate
--- a/db/migrate/20140619095558_add_auth_token_to_forum_users.rb
+++ b/db/migrate/20140619095558_add_auth_token_to_forum_users.rb
@ -0,0 +1,13 @@
 class AddAuthTokenToForumUsers < ActiveRecord::Migration
  def change
    add_column :forum_users, :auth_token, :string
    ForumUser.all.each do |fu|
      fu.generate_token(:auth_token)
      fu.skip_sheet_validation = true
      fu.save
    end
  end
 end
--- a/db/schema.rb
+++ b/db/schema.rb
@ -11,7 +11,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
-ActiveRecord::Schema.define(version: 20140413122412) do
+ActiveRecord::Schema.define(version: 20140619095558) do
  create_table "admins", force: true do |t|
    t.string   "email",                  default: "", null: false
@ -131,6 +131,7 @@ ActiveRecord::Schema.define(version: 20140413122412) do
    t.datetime "last_new_message_notification"
    t.boolean  "new_message_on_my_topics_notification"
    t.datetime "last_new_message_on_my_topics_notification"
    t.string   "auth_token"
  end
  create_table "forums", force: true do |t|