From 748e9ff07e330a88592a2cb2abc0ce5d2dc93c6d Mon Sep 17 00:00:00 2001 From: vsolari Date: Tue, 24 Jun 2014 01:00:24 -0400 Subject: [PATCH] Subir version --- .gitignore | 16 + Gemfile | 44 +++ Gemfile.lock | 144 +++++++++ README.md | 0 README.rdoc | 28 ++ Rakefile | 6 + app/assets/images/.keep | 0 app/assets/javascripts/application.js | 16 + app/assets/javascripts/ideas.js.coffee | 3 + app/assets/stylesheets/application.css | 15 + app/assets/stylesheets/ideas.css.scss | 3 + app/assets/stylesheets/scaffolds.css.scss | 69 ++++ app/controllers/application_controller.rb | 6 + app/controllers/concerns/.keep | 0 app/controllers/ideas_controller.rb | 74 +++++ app/helpers/application_helper.rb | 2 + app/helpers/ideas_helper.rb | 2 + app/mailers/.keep | 0 app/models/.keep | 0 app/models/concerns/.keep | 0 app/models/idea.rb | 2 + app/models/user.rb | 7 + app/views/ideas/_form.html.erb | 29 ++ app/views/ideas/edit.html.erb | 6 + app/views/ideas/index.html.erb | 29 ++ app/views/ideas/index.json.jbuilder | 4 + app/views/ideas/new.html.erb | 5 + app/views/ideas/show.html.erb | 19 ++ app/views/ideas/show.json.jbuilder | 1 + app/views/layouts/application.html.erb | 29 ++ bin/bundle | 3 + bin/rails | 4 + bin/rake | 4 + config.ru | 4 + config/application.rb | 23 ++ config/boot.rb | 4 + config/database.yml | 25 ++ config/environment.rb | 5 + config/environments/development.rb | 39 +++ config/environments/production.rb | 83 +++++ config/environments/test.rb | 39 +++ config/initializers/backtrace_silencers.rb | 7 + config/initializers/cookies_serializer.rb | 3 + config/initializers/devise.rb | 294 ++++++++++++++++++ .../initializers/filter_parameter_logging.rb | 4 + config/initializers/inflections.rb | 16 + config/initializers/mime_types.rb | 4 + config/initializers/session_store.rb | 3 + config/initializers/wrap_parameters.rb | 14 + config/locales/devise.en.yml | 59 ++++ .../locales/devise.security_extension.de.yml | 14 + .../locales/devise.security_extension.en.yml | 14 + config/locales/en.yml | 23 ++ config/routes.rb | 60 ++++ config/secrets.yml | 22 ++ db/migrate/20140617204242_create_ideas.rb | 11 + .../20140617204554_devise_create_users.rb | 42 +++ ...617210658_add_unique_session_id_to_user.rb | 5 + db/schema.rb | 43 +++ db/seeds.rb | 7 + lib/assets/.keep | 0 lib/tasks/.keep | 0 log/.keep | 0 public/404.html | 67 ++++ public/422.html | 67 ++++ public/500.html | 66 ++++ public/favicon.ico | 0 public/robots.txt | 5 + test/controllers/.keep | 0 test/controllers/ideas_controller_test.rb | 49 +++ test/fixtures/.keep | 0 test/fixtures/ideas.yml | 11 + test/fixtures/users.yml | 11 + test/helpers/.keep | 0 test/helpers/ideas_helper_test.rb | 4 + test/integration/.keep | 0 test/mailers/.keep | 0 test/models/.keep | 0 test/models/idea_test.rb | 7 + test/models/user_test.rb | 7 + test/test_helper.rb | 13 + vendor/assets/javascripts/.keep | 0 vendor/assets/stylesheets/.keep | 0 83 files changed, 1744 insertions(+) create mode 100644 .gitignore create mode 100644 Gemfile create mode 100644 Gemfile.lock create mode 100644 README.md create mode 100644 README.rdoc create mode 100644 Rakefile create mode 100644 app/assets/images/.keep create mode 100644 app/assets/javascripts/application.js create mode 100644 app/assets/javascripts/ideas.js.coffee create mode 100644 app/assets/stylesheets/application.css create mode 100644 app/assets/stylesheets/ideas.css.scss create mode 100644 app/assets/stylesheets/scaffolds.css.scss create mode 100644 app/controllers/application_controller.rb create mode 100644 app/controllers/concerns/.keep create mode 100644 app/controllers/ideas_controller.rb create mode 100644 app/helpers/application_helper.rb create mode 100644 app/helpers/ideas_helper.rb create mode 100644 app/mailers/.keep create mode 100644 app/models/.keep create mode 100644 app/models/concerns/.keep create mode 100644 app/models/idea.rb create mode 100644 app/models/user.rb create mode 100644 app/views/ideas/_form.html.erb create mode 100644 app/views/ideas/edit.html.erb create mode 100644 app/views/ideas/index.html.erb create mode 100644 app/views/ideas/index.json.jbuilder create mode 100644 app/views/ideas/new.html.erb create mode 100644 app/views/ideas/show.html.erb create mode 100644 app/views/ideas/show.json.jbuilder create mode 100644 app/views/layouts/application.html.erb create mode 100644 bin/bundle create mode 100644 bin/rails create mode 100644 bin/rake create mode 100644 config.ru create mode 100644 config/application.rb create mode 100644 config/boot.rb create mode 100644 config/database.yml create mode 100644 config/environment.rb create mode 100644 config/environments/development.rb create mode 100644 config/environments/production.rb create mode 100644 config/environments/test.rb create mode 100644 config/initializers/backtrace_silencers.rb create mode 100644 config/initializers/cookies_serializer.rb create mode 100644 config/initializers/devise.rb create mode 100644 config/initializers/filter_parameter_logging.rb create mode 100644 config/initializers/inflections.rb create mode 100644 config/initializers/mime_types.rb create mode 100644 config/initializers/session_store.rb create mode 100644 config/initializers/wrap_parameters.rb create mode 100644 config/locales/devise.en.yml create mode 100644 config/locales/devise.security_extension.de.yml create mode 100644 config/locales/devise.security_extension.en.yml create mode 100644 config/locales/en.yml create mode 100644 config/routes.rb create mode 100644 config/secrets.yml create mode 100644 db/migrate/20140617204242_create_ideas.rb create mode 100644 db/migrate/20140617204554_devise_create_users.rb create mode 100644 db/migrate/20140617210658_add_unique_session_id_to_user.rb create mode 100644 db/schema.rb create mode 100644 db/seeds.rb create mode 100644 lib/assets/.keep create mode 100644 lib/tasks/.keep create mode 100644 log/.keep create mode 100644 public/404.html create mode 100644 public/422.html create mode 100644 public/500.html create mode 100644 public/favicon.ico create mode 100644 public/robots.txt create mode 100644 test/controllers/.keep create mode 100644 test/controllers/ideas_controller_test.rb create mode 100644 test/fixtures/.keep create mode 100644 test/fixtures/ideas.yml create mode 100644 test/fixtures/users.yml create mode 100644 test/helpers/.keep create mode 100644 test/helpers/ideas_helper_test.rb create mode 100644 test/integration/.keep create mode 100644 test/mailers/.keep create mode 100644 test/models/.keep create mode 100644 test/models/idea_test.rb create mode 100644 test/models/user_test.rb create mode 100644 test/test_helper.rb create mode 100644 vendor/assets/javascripts/.keep create mode 100644 vendor/assets/stylesheets/.keep diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..6a502e9 --- /dev/null +++ b/.gitignore @@ -0,0 +1,16 @@ +# See https://help.github.com/articles/ignoring-files for more about ignoring files. +# +# If you find yourself ignoring temporary files generated by your text editor +# or operating system, you probably want to add a global ignore instead: +# git config --global core.excludesfile '~/.gitignore_global' + +# Ignore bundler config. +/.bundle + +# Ignore the default SQLite database. +/db/*.sqlite3 +/db/*.sqlite3-journal + +# Ignore all logfiles and tempfiles. +/log/*.log +/tmp diff --git a/Gemfile b/Gemfile new file mode 100644 index 0000000..b930103 --- /dev/null +++ b/Gemfile @@ -0,0 +1,44 @@ +source 'https://rubygems.org' + + +# Bundle edge Rails instead: gem 'rails', github: 'rails/rails' +gem 'rails', '4.1.0' +# Use sqlite3 as the database for Active Record +gem 'sqlite3' +# Use SCSS for stylesheets +gem 'sass-rails', '~> 4.0.3' +# Use Uglifier as compressor for JavaScript assets +gem 'uglifier', '>= 1.3.0' +# Use CoffeeScript for .js.coffee assets and views +gem 'coffee-rails', '~> 4.0.0' +# See https://github.com/sstephenson/execjs#readme for more supported runtimes +# gem 'therubyracer', platforms: :ruby + +# Use jquery as the JavaScript library +gem 'jquery-rails' +# Turbolinks makes following links in your web application faster. Read more: https://github.com/rails/turbolinks +gem 'turbolinks' +# Build JSON APIs with ease. Read more: https://github.com/rails/jbuilder +gem 'jbuilder', '~> 2.0' +# bundle exec rake doc:rails generates the API under doc/api. +gem 'sdoc', '~> 0.4.0', group: :doc + +# Use ActiveModel has_secure_password +# gem 'bcrypt', '~> 3.1.7' + +# Use unicorn as the app server +# gem 'unicorn' + +# Use Capistrano for deployment +# gem 'capistrano-rails', group: :development + +# Use debugger +# gem 'debugger', group: [:development, :test] + +# Windows does not include zoneinfo files, so bundle the tzinfo-data gem +gem 'tzinfo-data', platforms: [:mingw, :mswin] + +gem 'devise' +gem 'devise_security_extension' +#Gem para secure_validatable +gem 'rails_email_validator' diff --git a/Gemfile.lock b/Gemfile.lock new file mode 100644 index 0000000..86668ad --- /dev/null +++ b/Gemfile.lock @@ -0,0 +1,144 @@ +GEM + remote: https://rubygems.org/ + specs: + actionmailer (4.1.0) + actionpack (= 4.1.0) + actionview (= 4.1.0) + mail (~> 2.5.4) + actionpack (4.1.0) + actionview (= 4.1.0) + activesupport (= 4.1.0) + rack (~> 1.5.2) + rack-test (~> 0.6.2) + actionview (4.1.0) + activesupport (= 4.1.0) + builder (~> 3.1) + erubis (~> 2.7.0) + activemodel (4.1.0) + activesupport (= 4.1.0) + builder (~> 3.1) + activerecord (4.1.0) + activemodel (= 4.1.0) + activesupport (= 4.1.0) + arel (~> 5.0.0) + activesupport (4.1.0) + i18n (~> 0.6, >= 0.6.9) + json (~> 1.7, >= 1.7.7) + minitest (~> 5.1) + thread_safe (~> 0.1) + tzinfo (~> 1.1) + arel (5.0.1.20140414130214) + bcrypt (3.1.7-x86-mingw32) + builder (3.2.2) + coffee-rails (4.0.1) + coffee-script (>= 2.2.0) + railties (>= 4.0.0, < 5.0) + coffee-script (2.2.0) + coffee-script-source + execjs + coffee-script-source (1.7.0) + devise (3.2.4) + bcrypt (~> 3.0) + orm_adapter (~> 0.1) + railties (>= 3.2.6, < 5) + thread_safe (~> 0.1) + warden (~> 1.2.3) + devise_security_extension (0.8.0) + devise (>= 2.0.0) + rails (>= 3.1.1) + erubis (2.7.0) + execjs (2.2.0) + hike (1.2.3) + i18n (0.6.9) + jbuilder (2.1.1) + activesupport (>= 3.0.0, < 5) + multi_json (~> 1.2) + jquery-rails (3.1.0) + railties (>= 3.0, < 5.0) + thor (>= 0.14, < 2.0) + json (1.8.1) + mail (2.5.4) + mime-types (~> 1.16) + treetop (~> 1.4.8) + mime-types (1.25.1) + minitest (5.3.4) + multi_json (1.10.1) + orm_adapter (0.5.0) + polyglot (0.3.5) + rack (1.5.2) + rack-test (0.6.2) + rack (>= 1.0) + rails (4.1.0) + actionmailer (= 4.1.0) + actionpack (= 4.1.0) + actionview (= 4.1.0) + activemodel (= 4.1.0) + activerecord (= 4.1.0) + activesupport (= 4.1.0) + bundler (>= 1.3.0, < 2.0) + railties (= 4.1.0) + sprockets-rails (~> 2.0) + rails_email_validator (0.1.4) + activemodel (>= 3.0.0) + railties (4.1.0) + actionpack (= 4.1.0) + activesupport (= 4.1.0) + rake (>= 0.8.7) + thor (>= 0.18.1, < 2.0) + rake (10.3.2) + rdoc (4.1.1) + json (~> 1.4) + sass (3.2.19) + sass-rails (4.0.3) + railties (>= 4.0.0, < 5.0) + sass (~> 3.2.0) + sprockets (~> 2.8, <= 2.11.0) + sprockets-rails (~> 2.0) + sdoc (0.4.0) + json (~> 1.8) + rdoc (~> 4.0, < 5.0) + sprockets (2.11.0) + hike (~> 1.2) + multi_json (~> 1.0) + rack (~> 1.0) + tilt (~> 1.1, != 1.3.0) + sprockets-rails (2.1.3) + actionpack (>= 3.0) + activesupport (>= 3.0) + sprockets (~> 2.8) + sqlite3 (1.3.9-x86-mingw32) + thor (0.19.1) + thread_safe (0.3.4) + tilt (1.4.1) + treetop (1.4.15) + polyglot + polyglot (>= 0.3.1) + turbolinks (2.2.2) + coffee-rails + tzinfo (1.2.1) + thread_safe (~> 0.1) + tzinfo-data (1.2014.5) + tzinfo (>= 1.0.0) + uglifier (2.5.1) + execjs (>= 0.3.0) + json (>= 1.8.0) + warden (1.2.3) + rack (>= 1.0) + +PLATFORMS + x86-mingw32 + +DEPENDENCIES + coffee-rails (~> 4.0.0) + devise + devise_security_extension + jbuilder (~> 2.0) + jquery-rails + rails (= 4.1.0) + rails_email_validator + sass-rails (~> 4.0.3) + sdoc (~> 0.4.0) + sqlite3 + turbolinks + tzinfo-data + uglifier (>= 1.3.0) diff --git a/README.md b/README.md new file mode 100644 index 0000000..e69de29 diff --git a/README.rdoc b/README.rdoc new file mode 100644 index 0000000..dd4e97e --- /dev/null +++ b/README.rdoc @@ -0,0 +1,28 @@ +== README + +This README would normally document whatever steps are necessary to get the +application up and running. + +Things you may want to cover: + +* Ruby version + +* System dependencies + +* Configuration + +* Database creation + +* Database initialization + +* How to run the test suite + +* Services (job queues, cache servers, search engines, etc.) + +* Deployment instructions + +* ... + + +Please feel free to use a different markup language if you do not plan to run +rake doc:app. diff --git a/Rakefile b/Rakefile new file mode 100644 index 0000000..ba6b733 --- /dev/null +++ b/Rakefile @@ -0,0 +1,6 @@ +# Add your own tasks in files placed in lib/tasks ending in .rake, +# for example lib/tasks/capistrano.rake, and they will automatically be available to Rake. + +require File.expand_path('../config/application', __FILE__) + +Rails.application.load_tasks diff --git a/app/assets/images/.keep b/app/assets/images/.keep new file mode 100644 index 0000000..e69de29 diff --git a/app/assets/javascripts/application.js b/app/assets/javascripts/application.js new file mode 100644 index 0000000..d6925fa --- /dev/null +++ b/app/assets/javascripts/application.js @@ -0,0 +1,16 @@ +// This is a manifest file that'll be compiled into application.js, which will include all the files +// listed below. +// +// Any JavaScript/Coffee file within this directory, lib/assets/javascripts, vendor/assets/javascripts, +// or vendor/assets/javascripts of plugins, if any, can be referenced here using a relative path. +// +// It's not advisable to add code directly here, but if you do, it'll appear at the bottom of the +// compiled file. +// +// Read Sprockets README (https://github.com/sstephenson/sprockets#sprockets-directives) for details +// about supported directives. +// +//= require jquery +//= require jquery_ujs +//= require turbolinks +//= require_tree . diff --git a/app/assets/javascripts/ideas.js.coffee b/app/assets/javascripts/ideas.js.coffee new file mode 100644 index 0000000..24f83d1 --- /dev/null +++ b/app/assets/javascripts/ideas.js.coffee @@ -0,0 +1,3 @@ +# Place all the behaviors and hooks related to the matching controller here. +# All this logic will automatically be available in application.js. +# You can use CoffeeScript in this file: http://coffeescript.org/ diff --git a/app/assets/stylesheets/application.css b/app/assets/stylesheets/application.css new file mode 100644 index 0000000..a443db3 --- /dev/null +++ b/app/assets/stylesheets/application.css @@ -0,0 +1,15 @@ +/* + * This is a manifest file that'll be compiled into application.css, which will include all the files + * listed below. + * + * Any CSS and SCSS file within this directory, lib/assets/stylesheets, vendor/assets/stylesheets, + * or vendor/assets/stylesheets of plugins, if any, can be referenced here using a relative path. + * + * You're free to add application-wide styles to this file and they'll appear at the bottom of the + * compiled file so the styles you add here take precedence over styles defined in any styles + * defined in the other CSS/SCSS files in this directory. It is generally better to create a new + * file per style scope. + * + *= require_tree . + *= require_self + */ diff --git a/app/assets/stylesheets/ideas.css.scss b/app/assets/stylesheets/ideas.css.scss new file mode 100644 index 0000000..e08ef7a --- /dev/null +++ b/app/assets/stylesheets/ideas.css.scss @@ -0,0 +1,3 @@ +// Place all the styles related to the ideas controller here. +// They will automatically be included in application.css. +// You can use Sass (SCSS) here: http://sass-lang.com/ diff --git a/app/assets/stylesheets/scaffolds.css.scss b/app/assets/stylesheets/scaffolds.css.scss new file mode 100644 index 0000000..6ec6a8f --- /dev/null +++ b/app/assets/stylesheets/scaffolds.css.scss @@ -0,0 +1,69 @@ +body { + background-color: #fff; + color: #333; + font-family: verdana, arial, helvetica, sans-serif; + font-size: 13px; + line-height: 18px; +} + +p, ol, ul, td { + font-family: verdana, arial, helvetica, sans-serif; + font-size: 13px; + line-height: 18px; +} + +pre { + background-color: #eee; + padding: 10px; + font-size: 11px; +} + +a { + color: #000; + &:visited { + color: #666; + } + &:hover { + color: #fff; + background-color: #000; + } +} + +div { + &.field, &.actions { + margin-bottom: 10px; + } +} + +#notice { + color: green; +} + +.field_with_errors { + padding: 2px; + background-color: red; + display: table; +} + +#error_explanation { + width: 450px; + border: 2px solid red; + padding: 7px; + padding-bottom: 0; + margin-bottom: 20px; + background-color: #f0f0f0; + h2 { + text-align: left; + font-weight: bold; + padding: 5px 5px 5px 15px; + font-size: 12px; + margin: -7px; + margin-bottom: 0px; + background-color: #c00; + color: #fff; + } + ul li { + font-size: 12px; + list-style: square; + } +} diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb new file mode 100644 index 0000000..6a1af05 --- /dev/null +++ b/app/controllers/application_controller.rb @@ -0,0 +1,6 @@ +class ApplicationController < ActionController::Base + # Prevent CSRF attacks by raising an exception. + # For APIs, you may want to use :null_session instead. + protect_from_forgery with: :exception + before_action :authenticate_user! +end diff --git a/app/controllers/concerns/.keep b/app/controllers/concerns/.keep new file mode 100644 index 0000000..e69de29 diff --git a/app/controllers/ideas_controller.rb b/app/controllers/ideas_controller.rb new file mode 100644 index 0000000..3f6c882 --- /dev/null +++ b/app/controllers/ideas_controller.rb @@ -0,0 +1,74 @@ +class IdeasController < ApplicationController + before_action :set_idea, only: [:show, :edit, :update, :destroy] + + # GET /ideas + # GET /ideas.json + def index + @ideas = Idea.all + end + + # GET /ideas/1 + # GET /ideas/1.json + def show + end + + # GET /ideas/new + def new + @idea = Idea.new + end + + # GET /ideas/1/edit + def edit + end + + # POST /ideas + # POST /ideas.json + def create + @idea = Idea.new(idea_params) + + respond_to do |format| + if @idea.save + format.html { redirect_to @idea, notice: 'Idea was successfully created.' } + format.json { render :show, status: :created, location: @idea } + else + format.html { render :new } + format.json { render json: @idea.errors, status: :unprocessable_entity } + end + end + end + + # PATCH/PUT /ideas/1 + # PATCH/PUT /ideas/1.json + def update + respond_to do |format| + if @idea.update(idea_params) + format.html { redirect_to @idea, notice: 'Idea was successfully updated.' } + format.json { render :show, status: :ok, location: @idea } + else + format.html { render :edit } + format.json { render json: @idea.errors, status: :unprocessable_entity } + end + end + end + + # DELETE /ideas/1 + # DELETE /ideas/1.json + def destroy + @idea.destroy + respond_to do |format| + format.html { redirect_to ideas_url, notice: 'Idea was successfully destroyed.' } + format.json { head :no_content } + end + end + + private + # Use callbacks to share common setup or constraints between actions. + def set_idea + @idea = Idea.find(params[:id]) + end + + # Never trust parameters from the scary internet, only allow the white list through. + def idea_params + params.require(:idea).permit(:name, :description, :picture) + end +end diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb new file mode 100644 index 0000000..de6be79 --- /dev/null +++ b/app/helpers/application_helper.rb @@ -0,0 +1,2 @@ +module ApplicationHelper +end diff --git a/app/helpers/ideas_helper.rb b/app/helpers/ideas_helper.rb new file mode 100644 index 0000000..0a60b4e --- /dev/null +++ b/app/helpers/ideas_helper.rb @@ -0,0 +1,2 @@ +module IdeasHelper +end diff --git a/app/mailers/.keep b/app/mailers/.keep new file mode 100644 index 0000000..e69de29 diff --git a/app/models/.keep b/app/models/.keep new file mode 100644 index 0000000..e69de29 diff --git a/app/models/concerns/.keep b/app/models/concerns/.keep new file mode 100644 index 0000000..e69de29 diff --git a/app/models/idea.rb b/app/models/idea.rb new file mode 100644 index 0000000..b1b33e9 --- /dev/null +++ b/app/models/idea.rb @@ -0,0 +1,2 @@ +class Idea < ActiveRecord::Base +end diff --git a/app/models/user.rb b/app/models/user.rb new file mode 100644 index 0000000..3885725 --- /dev/null +++ b/app/models/user.rb @@ -0,0 +1,7 @@ +class User < ActiveRecord::Base + # Include default devise modules. Others available are: + # :confirmable, :lockable, :timeoutable and :omniauthable + devise :database_authenticatable, :registerable, + :recoverable, :rememberable, :trackable, :validatable, :session_limitable + #devise :password_expirable, :secure_validatable, :password_archivable, :session_limitable, :expirable +end diff --git a/app/views/ideas/_form.html.erb b/app/views/ideas/_form.html.erb new file mode 100644 index 0000000..3f9776c --- /dev/null +++ b/app/views/ideas/_form.html.erb @@ -0,0 +1,29 @@ +<%= form_for(@idea) do |f| %> + <% if @idea.errors.any? %> +
+

<%= pluralize(@idea.errors.count, "error") %> prohibited this idea from being saved:

+ + +
+ <% end %> + +
+ <%= f.label :name %>
+ <%= f.text_field :name %> +
+
+ <%= f.label :description %>
+ <%= f.text_area :description %> +
+
+ <%= f.label :picture %>
+ <%= f.text_field :picture %> +
+
+ <%= f.submit %> +
+<% end %> diff --git a/app/views/ideas/edit.html.erb b/app/views/ideas/edit.html.erb new file mode 100644 index 0000000..81ba7c2 --- /dev/null +++ b/app/views/ideas/edit.html.erb @@ -0,0 +1,6 @@ +

Editing idea

+ +<%= render 'form' %> + +<%= link_to 'Show', @idea %> | +<%= link_to 'Back', ideas_path %> diff --git a/app/views/ideas/index.html.erb b/app/views/ideas/index.html.erb new file mode 100644 index 0000000..4c8aff1 --- /dev/null +++ b/app/views/ideas/index.html.erb @@ -0,0 +1,29 @@ +

Listing ideas

+ + + + + + + + + + + + + <% @ideas.each do |idea| %> + + + + + + + + + <% end %> + +
NameDescriptionPicture
<%= idea.name %><%= idea.description %><%= idea.picture %><%= link_to 'Show', idea %><%= link_to 'Edit', edit_idea_path(idea) %><%= link_to 'Destroy', idea, method: :delete, data: { confirm: 'Are you sure?' } %>
+ +
+ +<%= link_to 'New Idea', new_idea_path %> diff --git a/app/views/ideas/index.json.jbuilder b/app/views/ideas/index.json.jbuilder new file mode 100644 index 0000000..0663c49 --- /dev/null +++ b/app/views/ideas/index.json.jbuilder @@ -0,0 +1,4 @@ +json.array!(@ideas) do |idea| + json.extract! idea, :id, :name, :description, :picture + json.url idea_url(idea, format: :json) +end diff --git a/app/views/ideas/new.html.erb b/app/views/ideas/new.html.erb new file mode 100644 index 0000000..4fc772d --- /dev/null +++ b/app/views/ideas/new.html.erb @@ -0,0 +1,5 @@ +

New idea

+ +<%= render 'form' %> + +<%= link_to 'Back', ideas_path %> diff --git a/app/views/ideas/show.html.erb b/app/views/ideas/show.html.erb new file mode 100644 index 0000000..3a84e78 --- /dev/null +++ b/app/views/ideas/show.html.erb @@ -0,0 +1,19 @@ +

<%= notice %>

+ +

+ Name: + <%= @idea.name %> +

+ +

+ Description: + <%= @idea.description %> +

+ +

+ Picture: + <%= @idea.picture %> +

+ +<%= link_to 'Edit', edit_idea_path(@idea) %> | +<%= link_to 'Back', ideas_path %> diff --git a/app/views/ideas/show.json.jbuilder b/app/views/ideas/show.json.jbuilder new file mode 100644 index 0000000..f682958 --- /dev/null +++ b/app/views/ideas/show.json.jbuilder @@ -0,0 +1 @@ +json.extract! @idea, :id, :name, :description, :picture, :created_at, :updated_at diff --git a/app/views/layouts/application.html.erb b/app/views/layouts/application.html.erb new file mode 100644 index 0000000..8f4f76f --- /dev/null +++ b/app/views/layouts/application.html.erb @@ -0,0 +1,29 @@ + + + + Lab03DeviseSecurityExtension + <%= stylesheet_link_tag 'application', media: 'all', 'data-turbolinks-track' => true %> + <%= javascript_include_tag 'application', 'data-turbolinks-track' => true %> + <%= csrf_meta_tags %> + + +

+ <% if user_signed_in? %> + Logged in as <%= current_user.email %>. + <%= link_to 'Edit profile', edit_user_registration_path, :class => 'navbar-link' %> | + <%= link_to "Logout", destroy_user_session_path, method: :delete, :class => 'navbar-link' %> + <% else %> + <%= link_to "Sign up", new_user_registration_path, :class => 'navbar-link' %> | + <%= link_to "Login", new_user_session_path, :class => 'navbar-link' %> + <% end %> +

+<% if notice %> +

<%= notice %>

+<% end %> +<% if alert %> +

<%= alert %>

+<% end %> +<%= yield %> + + + diff --git a/bin/bundle b/bin/bundle new file mode 100644 index 0000000..e3c2f62 --- /dev/null +++ b/bin/bundle @@ -0,0 +1,3 @@ +#!/usr/bin/env ruby.exe +ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../Gemfile', __FILE__) +load Gem.bin_path('bundler', 'bundle') diff --git a/bin/rails b/bin/rails new file mode 100644 index 0000000..b9f8787 --- /dev/null +++ b/bin/rails @@ -0,0 +1,4 @@ +#!/usr/bin/env ruby.exe +APP_PATH = File.expand_path('../../config/application', __FILE__) +require_relative '../config/boot' +require 'rails/commands' diff --git a/bin/rake b/bin/rake new file mode 100644 index 0000000..f6ed5a2 --- /dev/null +++ b/bin/rake @@ -0,0 +1,4 @@ +#!/usr/bin/env ruby.exe +require_relative '../config/boot' +require 'rake' +Rake.application.run diff --git a/config.ru b/config.ru new file mode 100644 index 0000000..5bc2a61 --- /dev/null +++ b/config.ru @@ -0,0 +1,4 @@ +# This file is used by Rack-based servers to start the application. + +require ::File.expand_path('../config/environment', __FILE__) +run Rails.application diff --git a/config/application.rb b/config/application.rb new file mode 100644 index 0000000..ff7a200 --- /dev/null +++ b/config/application.rb @@ -0,0 +1,23 @@ +require File.expand_path('../boot', __FILE__) + +require 'rails/all' + +# Require the gems listed in Gemfile, including any gems +# you've limited to :test, :development, or :production. +Bundler.require(*Rails.groups) + +module Lab03DeviseSecurityExtension + class Application < Rails::Application + # Settings in config/environments/* take precedence over those specified here. + # Application configuration should go into files in config/initializers + # -- all .rb files in that directory are automatically loaded. + + # Set Time.zone default to the specified zone and make Active Record auto-convert to this zone. + # Run "rake -D time" for a list of tasks for finding time zone names. Default is UTC. + # config.time_zone = 'Central Time (US & Canada)' + + # The default locale is :en and all translations from config/locales/*.rb,yml are auto loaded. + # config.i18n.load_path += Dir[Rails.root.join('my', 'locales', '*.{rb,yml}').to_s] + # config.i18n.default_locale = :de + end +end diff --git a/config/boot.rb b/config/boot.rb new file mode 100644 index 0000000..5e5f0c1 --- /dev/null +++ b/config/boot.rb @@ -0,0 +1,4 @@ +# Set up gems listed in the Gemfile. +ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../Gemfile', __FILE__) + +require 'bundler/setup' if File.exist?(ENV['BUNDLE_GEMFILE']) diff --git a/config/database.yml b/config/database.yml new file mode 100644 index 0000000..1c1a37c --- /dev/null +++ b/config/database.yml @@ -0,0 +1,25 @@ +# SQLite version 3.x +# gem install sqlite3 +# +# Ensure the SQLite 3 gem is defined in your Gemfile +# gem 'sqlite3' +# +default: &default + adapter: sqlite3 + pool: 5 + timeout: 5000 + +development: + <<: *default + database: db/development.sqlite3 + +# Warning: The database defined as "test" will be erased and +# re-generated from your development database when you run "rake". +# Do not set this db to the same as development or production. +test: + <<: *default + database: db/test.sqlite3 + +production: + <<: *default + database: db/production.sqlite3 diff --git a/config/environment.rb b/config/environment.rb new file mode 100644 index 0000000..ee8d90d --- /dev/null +++ b/config/environment.rb @@ -0,0 +1,5 @@ +# Load the Rails application. +require File.expand_path('../application', __FILE__) + +# Initialize the Rails application. +Rails.application.initialize! diff --git a/config/environments/development.rb b/config/environments/development.rb new file mode 100644 index 0000000..6c02201 --- /dev/null +++ b/config/environments/development.rb @@ -0,0 +1,39 @@ +Rails.application.configure do + # Settings specified here will take precedence over those in config/application.rb. + + # In the development environment your application's code is reloaded on + # every request. This slows down response time but is perfect for development + # since you don't have to restart the web server when you make code changes. + config.cache_classes = false + + # Do not eager load code on boot. + config.eager_load = false + + # Show full error reports and disable caching. + config.consider_all_requests_local = true + config.action_controller.perform_caching = false + + # Don't care if the mailer can't send. + config.action_mailer.raise_delivery_errors = false + + # Print deprecation notices to the Rails logger. + config.active_support.deprecation = :log + + # Raise an error on page load if there are pending migrations. + config.active_record.migration_error = :page_load + + # Debug mode disables concatenation and preprocessing of assets. + # This option may cause significant delays in view rendering with a large + # number of complex assets. + config.assets.debug = true + + # Adds additional error checking when serving assets at runtime. + # Checks for improperly declared sprockets dependencies. + # Raises helpful error messages. + config.assets.raise_runtime_errors = true + + # Raises error for missing translations + # config.action_view.raise_on_missing_translations = true + + config.action_mailer.default_url_options = { :host => 'localhost:3000' } +end diff --git a/config/environments/production.rb b/config/environments/production.rb new file mode 100644 index 0000000..47d3553 --- /dev/null +++ b/config/environments/production.rb @@ -0,0 +1,83 @@ +Rails.application.configure do + # Settings specified here will take precedence over those in config/application.rb. + + # Code is not reloaded between requests. + config.cache_classes = true + + # Eager load code on boot. This eager loads most of Rails and + # your application in memory, allowing both threaded web servers + # and those relying on copy on write to perform better. + # Rake tasks automatically ignore this option for performance. + config.eager_load = true + + # Full error reports are disabled and caching is turned on. + config.consider_all_requests_local = false + config.action_controller.perform_caching = true + + # Enable Rack::Cache to put a simple HTTP cache in front of your application + # Add `rack-cache` to your Gemfile before enabling this. + # For large-scale production use, consider using a caching reverse proxy like nginx, varnish or squid. + # config.action_dispatch.rack_cache = true + + # Disable Rails's static asset server (Apache or nginx will already do this). + config.serve_static_assets = false + + # Compress JavaScripts and CSS. + config.assets.js_compressor = :uglifier + # config.assets.css_compressor = :sass + + # Do not fallback to assets pipeline if a precompiled asset is missed. + config.assets.compile = false + + # Generate digests for assets URLs. + config.assets.digest = true + + # Version of your assets, change this if you want to expire all your assets. + config.assets.version = '1.0' + + # Specifies the header that your server uses for sending files. + # config.action_dispatch.x_sendfile_header = "X-Sendfile" # for apache + # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for nginx + + # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies. + # config.force_ssl = true + + # Set to :debug to see everything in the log. + config.log_level = :info + + # Prepend all log lines with the following tags. + # config.log_tags = [ :subdomain, :uuid ] + + # Use a different logger for distributed setups. + # config.logger = ActiveSupport::TaggedLogging.new(SyslogLogger.new) + + # Use a different cache store in production. + # config.cache_store = :mem_cache_store + + # Enable serving of images, stylesheets, and JavaScripts from an asset server. + # config.action_controller.asset_host = "http://assets.example.com" + + # Precompile additional assets. + # application.js, application.css, and all non-JS/CSS in app/assets folder are already added. + # config.assets.precompile += %w( search.js ) + + # Ignore bad email addresses and do not raise email delivery errors. + # Set this to true and configure the email server for immediate delivery to raise delivery errors. + # config.action_mailer.raise_delivery_errors = false + + # Enable locale fallbacks for I18n (makes lookups for any locale fall back to + # the I18n.default_locale when a translation cannot be found). + config.i18n.fallbacks = true + + # Send deprecation notices to registered listeners. + config.active_support.deprecation = :notify + + # Disable automatic flushing of the log to improve performance. + # config.autoflush_log = false + + # Use default logging formatter so that PID and timestamp are not suppressed. + config.log_formatter = ::Logger::Formatter.new + + # Do not dump schema after migrations. + config.active_record.dump_schema_after_migration = false +end diff --git a/config/environments/test.rb b/config/environments/test.rb new file mode 100644 index 0000000..053f5b6 --- /dev/null +++ b/config/environments/test.rb @@ -0,0 +1,39 @@ +Rails.application.configure do + # Settings specified here will take precedence over those in config/application.rb. + + # The test environment is used exclusively to run your application's + # test suite. You never need to work with it otherwise. Remember that + # your test database is "scratch space" for the test suite and is wiped + # and recreated between test runs. Don't rely on the data there! + config.cache_classes = true + + # Do not eager load code on boot. This avoids loading your whole application + # just for the purpose of running a single test. If you are using a tool that + # preloads Rails for running tests, you may have to set it to true. + config.eager_load = false + + # Configure static asset server for tests with Cache-Control for performance. + config.serve_static_assets = true + config.static_cache_control = 'public, max-age=3600' + + # Show full error reports and disable caching. + config.consider_all_requests_local = true + config.action_controller.perform_caching = false + + # Raise exceptions instead of rendering exception templates. + config.action_dispatch.show_exceptions = false + + # Disable request forgery protection in test environment. + config.action_controller.allow_forgery_protection = false + + # Tell Action Mailer not to deliver emails to the real world. + # The :test delivery method accumulates sent emails in the + # ActionMailer::Base.deliveries array. + config.action_mailer.delivery_method = :test + + # Print deprecation notices to the stderr. + config.active_support.deprecation = :stderr + + # Raises error for missing translations + # config.action_view.raise_on_missing_translations = true +end diff --git a/config/initializers/backtrace_silencers.rb b/config/initializers/backtrace_silencers.rb new file mode 100644 index 0000000..59385cd --- /dev/null +++ b/config/initializers/backtrace_silencers.rb @@ -0,0 +1,7 @@ +# Be sure to restart your server when you modify this file. + +# You can add backtrace silencers for libraries that you're using but don't wish to see in your backtraces. +# Rails.backtrace_cleaner.add_silencer { |line| line =~ /my_noisy_library/ } + +# You can also remove all the silencers if you're trying to debug a problem that might stem from framework code. +# Rails.backtrace_cleaner.remove_silencers! diff --git a/config/initializers/cookies_serializer.rb b/config/initializers/cookies_serializer.rb new file mode 100644 index 0000000..7a06a89 --- /dev/null +++ b/config/initializers/cookies_serializer.rb @@ -0,0 +1,3 @@ +# Be sure to restart your server when you modify this file. + +Rails.application.config.action_dispatch.cookies_serializer = :json \ No newline at end of file diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb new file mode 100644 index 0000000..997f9a6 --- /dev/null +++ b/config/initializers/devise.rb @@ -0,0 +1,294 @@ +# Use this hook to configure devise mailer, warden hooks and so forth. +# Many of these configuration options can be set straight in your model. +Devise.setup do |config| + # The secret key used by Devise. Devise uses this key to generate + # random tokens. Changing this key will render invalid all existing + # confirmation, reset password and unlock tokens in the database. + # config.secret_key = 'd403fc20efe799be003ccb96f43daf43d2e48d74ad6908f5c14de5523c9671cebf47e024d26dc4d2588a961d6e1535ca2bcf69524f60b7108860274f5d670e26' + + # ==> Mailer Configuration + # Configure the e-mail address which will be shown in Devise::Mailer, + # note that it will be overwritten if you use your own mailer class + # with default "from" parameter. + config.mailer_sender = 'please-change-me-at-config-initializers-devise@example.com' + + # Configure the class responsible to send e-mails. + # config.mailer = 'Devise::Mailer' + + # ==> ORM configuration + # Load and configure the ORM. Supports :active_record (default) and + # :mongoid (bson_ext recommended) by default. Other ORMs may be + # available as additional gems. + require 'devise/orm/active_record' + + # ==> Configuration for any authentication mechanism + # Configure which keys are used when authenticating a user. The default is + # just :email. You can configure it to use [:username, :subdomain], so for + # authenticating a user, both parameters are required. Remember that those + # parameters are used only when authenticating and not when retrieving from + # session. If you need permissions, you should implement that in a before filter. + # You can also supply a hash where the value is a boolean determining whether + # or not authentication should be aborted when the value is not present. + # config.authentication_keys = [ :email ] + + # Configure parameters from the request object used for authentication. Each entry + # given should be a request method and it will automatically be passed to the + # find_for_authentication method and considered in your model lookup. For instance, + # if you set :request_keys to [:subdomain], :subdomain will be used on authentication. + # The same considerations mentioned for authentication_keys also apply to request_keys. + # config.request_keys = [] + + # Configure which authentication keys should be case-insensitive. + # These keys will be downcased upon creating or modifying a user and when used + # to authenticate or find a user. Default is :email. + config.case_insensitive_keys = [ :email ] + + # Configure which authentication keys should have whitespace stripped. + # These keys will have whitespace before and after removed upon creating or + # modifying a user and when used to authenticate or find a user. Default is :email. + config.strip_whitespace_keys = [ :email ] + + # Tell if authentication through request.params is enabled. True by default. + # It can be set to an array that will enable params authentication only for the + # given strategies, for example, `config.params_authenticatable = [:database]` will + # enable it only for database (email + password) authentication. + # config.params_authenticatable = true + + # Tell if authentication through HTTP Auth is enabled. False by default. + # It can be set to an array that will enable http authentication only for the + # given strategies, for example, `config.http_authenticatable = [:database]` will + # enable it only for database authentication. The supported strategies are: + # :database = Support basic authentication with authentication key + password + # config.http_authenticatable = false + + # If http headers should be returned for AJAX requests. True by default. + # config.http_authenticatable_on_xhr = true + + # The realm used in Http Basic Authentication. 'Application' by default. + # config.http_authentication_realm = 'Application' + + # It will change confirmation, password recovery and other workflows + # to behave the same regardless if the e-mail provided was right or wrong. + # Does not affect registerable. + # config.paranoid = true + + # By default Devise will store the user in session. You can skip storage for + # particular strategies by setting this option. + # Notice that if you are skipping storage for all authentication paths, you + # may want to disable generating routes to Devise's sessions controller by + # passing skip: :sessions to `devise_for` in your config/routes.rb + config.skip_session_storage = [:http_auth] + + # By default, Devise cleans up the CSRF token on authentication to + # avoid CSRF token fixation attacks. This means that, when using AJAX + # requests for sign in and sign up, you need to get a new CSRF token + # from the server. You can disable this option at your own risk. + # config.clean_up_csrf_token_on_authentication = true + + # ==> Configuration for :database_authenticatable + # For bcrypt, this is the cost for hashing the password and defaults to 10. If + # using other encryptors, it sets how many times you want the password re-encrypted. + # + # Limiting the stretches to just one in testing will increase the performance of + # your test suite dramatically. However, it is STRONGLY RECOMMENDED to not use + # a value less than 10 in other environments. Note that, for bcrypt (the default + # encryptor), the cost increases exponentially with the number of stretches (e.g. + # a value of 20 is already extremely slow: approx. 60 seconds for 1 calculation). + config.stretches = Rails.env.test? ? 1 : 10 + + # Setup a pepper to generate the encrypted password. + # config.pepper = '60ae9a3aeb8c95a1d163d40923128a5398aac2c901ae2ba0b8843f31069eebaceefa431c167331afcbd09508726e30e428067350d172e9b1b663144b6afb9a3b' + + # ==> Configuration for :confirmable + # A period that the user is allowed to access the website even without + # confirming their account. For instance, if set to 2.days, the user will be + # able to access the website for two days without confirming their account, + # access will be blocked just in the third day. Default is 0.days, meaning + # the user cannot access the website without confirming their account. + # config.allow_unconfirmed_access_for = 2.days + + # A period that the user is allowed to confirm their account before their + # token becomes invalid. For example, if set to 3.days, the user can confirm + # their account within 3 days after the mail was sent, but on the fourth day + # their account can't be confirmed with the token any more. + # Default is nil, meaning there is no restriction on how long a user can take + # before confirming their account. + # config.confirm_within = 3.days + + # If true, requires any email changes to be confirmed (exactly the same way as + # initial account confirmation) to be applied. Requires additional unconfirmed_email + # db field (see migrations). Until confirmed, new email is stored in + # unconfirmed_email column, and copied to email column on successful confirmation. + config.reconfirmable = true + + # Defines which key will be used when confirming an account + # config.confirmation_keys = [ :email ] + + # ==> Configuration for :rememberable + # The time the user will be remembered without asking for credentials again. + # config.remember_for = 2.weeks + + # If true, extends the user's remember period when remembered via cookie. + # config.extend_remember_period = false + + # Options to be passed to the created cookie. For instance, you can set + # secure: true in order to force SSL only cookies. + # config.rememberable_options = {} + + # ==> Configuration for :validatable + # Range for password length. + config.password_length = 8..128 + + # Email regex used to validate email formats. It simply asserts that + # one (and only one) @ exists in the given string. This is mainly + # to give user feedback and not to assert the e-mail validity. + # config.email_regexp = /\A[^@]+@[^@]+\z/ + + # ==> Configuration for :timeoutable + # The time you want to timeout the user session without activity. After this + # time the user will be asked for credentials again. Default is 30 minutes. + # config.timeout_in = 30.minutes + + # If true, expires auth token on session timeout. + # config.expire_auth_token_on_timeout = false + + # ==> Configuration for :lockable + # Defines which strategy will be used to lock an account. + # :failed_attempts = Locks an account after a number of failed attempts to sign in. + # :none = No lock strategy. You should handle locking by yourself. + # config.lock_strategy = :failed_attempts + + # Defines which key will be used when locking and unlocking an account + # config.unlock_keys = [ :email ] + + # Defines which strategy will be used to unlock an account. + # :email = Sends an unlock link to the user email + # :time = Re-enables login after a certain amount of time (see :unlock_in below) + # :both = Enables both strategies + # :none = No unlock strategy. You should handle unlocking by yourself. + # config.unlock_strategy = :both + + # Number of authentication tries before locking an account if lock_strategy + # is failed attempts. + # config.maximum_attempts = 20 + + # Time interval to unlock the account if :time is enabled as unlock_strategy. + # config.unlock_in = 1.hour + + # Warn on the last attempt before the account is locked. + # config.last_attempt_warning = false + + # ==> Configuration for :recoverable + # + # Defines which key will be used when recovering the password for an account + # config.reset_password_keys = [ :email ] + + # Time interval you can reset your password with a reset password key. + # Don't put a too small interval or your users won't have the time to + # change their passwords. + config.reset_password_within = 6.hours + + # ==> Configuration for :encryptable + # Allow you to use another encryption algorithm besides bcrypt (default). You can use + # :sha1, :sha512 or encryptors from others authentication tools as :clearance_sha1, + # :authlogic_sha512 (then you should set stretches above to 20 for default behavior) + # and :restful_authentication_sha1 (then you should set stretches to 10, and copy + # REST_AUTH_SITE_KEY to pepper). + # + # Require the `devise-encryptable` gem when using anything other than bcrypt + # config.encryptor = :sha512 + + # ==> Scopes configuration + # Turn scoped views on. Before rendering "sessions/new", it will first check for + # "users/sessions/new". It's turned off by default because it's slower if you + # are using only default views. + # config.scoped_views = false + + # Configure the default scope given to Warden. By default it's the first + # devise role declared in your routes (usually :user). + # config.default_scope = :user + + # Set this configuration to false if you want /users/sign_out to sign out + # only the current scope. By default, Devise signs out all scopes. + # config.sign_out_all_scopes = true + + # ==> Navigation configuration + # Lists the formats that should be treated as navigational. Formats like + # :html, should redirect to the sign in page when the user does not have + # access, but formats like :xml or :json, should return 401. + # + # If you have any extra navigational formats, like :iphone or :mobile, you + # should add them to the navigational formats lists. + # + # The "*/*" below is required to match Internet Explorer requests. + # config.navigational_formats = ['*/*', :html] + + # The default HTTP method used to sign out a resource. Default is :delete. + config.sign_out_via = :delete + + # ==> OmniAuth + # Add a new OmniAuth provider. Check the wiki for more information on setting + # up on your models and hooks. + # config.omniauth :github, 'APP_ID', 'APP_SECRET', scope: 'user,public_repo' + + # ==> Warden configuration + # If you want to use other strategies, that are not supported by Devise, or + # change the failure app, you can configure them inside the config.warden block. + # + # config.warden do |manager| + # manager.intercept_401 = false + # manager.default_strategies(scope: :user).unshift :some_external_strategy + # end + + # ==> Mountable engine configurations + # When using Devise inside an engine, let's call it `MyEngine`, and this engine + # is mountable, there are some extra configurations to be taken into account. + # The following options are available, assuming the engine is mounted as: + # + # mount MyEngine, at: '/my_engine' + # + # The router that invoked `devise_for`, in the example above, would be: + # config.router_name = :my_engine + # + # When using omniauth, Devise cannot automatically set Omniauth path, + # so you need to do it manually. For the users scope, it would be: + # config.omniauth_path_prefix = '/my_engine/users/auth' + + # ==> Security Extension + # Configure security extension for devise + + # Should the password expire (e.g 3.months) + # config.expire_password_after = false + + # Need 1 char of A-Z, a-z and 0-9 + # config.password_regex = /(?=.*\d)(?=.*[a-z])(?=.*[A-Z])/ + + # How many passwords to keep in archive + # config.password_archiving_count = 5 + + # Deny old password (true, false, count) + # config.deny_old_passwords = true + + # enable email validation for :secure_validatable. (true, false, validation_options) + # dependency: need an email validator like rails_email_validator + # config.email_validation = true + + # captcha integration for recover form + # config.captcha_for_recover = true + + # captcha integration for sign up form + # config.captcha_for_sign_up = true + + # captcha integration for sign in form + # config.captcha_for_sign_in = true + + # captcha integration for unlock form + # config.captcha_for_unlock = true + + # captcha integration for confirmation form + # config.captcha_for_confirmation = true + + # Time period for account expiry from last_activity_at + # config.expire_after = 90.days + +end diff --git a/config/initializers/filter_parameter_logging.rb b/config/initializers/filter_parameter_logging.rb new file mode 100644 index 0000000..4a994e1 --- /dev/null +++ b/config/initializers/filter_parameter_logging.rb @@ -0,0 +1,4 @@ +# Be sure to restart your server when you modify this file. + +# Configure sensitive parameters which will be filtered from the log file. +Rails.application.config.filter_parameters += [:password] diff --git a/config/initializers/inflections.rb b/config/initializers/inflections.rb new file mode 100644 index 0000000..ac033bf --- /dev/null +++ b/config/initializers/inflections.rb @@ -0,0 +1,16 @@ +# Be sure to restart your server when you modify this file. + +# Add new inflection rules using the following format. Inflections +# are locale specific, and you may define rules for as many different +# locales as you wish. All of these examples are active by default: +# ActiveSupport::Inflector.inflections(:en) do |inflect| +# inflect.plural /^(ox)$/i, '\1en' +# inflect.singular /^(ox)en/i, '\1' +# inflect.irregular 'person', 'people' +# inflect.uncountable %w( fish sheep ) +# end + +# These inflection rules are supported but not enabled by default: +# ActiveSupport::Inflector.inflections(:en) do |inflect| +# inflect.acronym 'RESTful' +# end diff --git a/config/initializers/mime_types.rb b/config/initializers/mime_types.rb new file mode 100644 index 0000000..dc18996 --- /dev/null +++ b/config/initializers/mime_types.rb @@ -0,0 +1,4 @@ +# Be sure to restart your server when you modify this file. + +# Add new mime types for use in respond_to blocks: +# Mime::Type.register "text/richtext", :rtf diff --git a/config/initializers/session_store.rb b/config/initializers/session_store.rb new file mode 100644 index 0000000..e531353 --- /dev/null +++ b/config/initializers/session_store.rb @@ -0,0 +1,3 @@ +# Be sure to restart your server when you modify this file. + +Rails.application.config.session_store :cookie_store, key: '_Lab03_Devise_security_extension_session' diff --git a/config/initializers/wrap_parameters.rb b/config/initializers/wrap_parameters.rb new file mode 100644 index 0000000..33725e9 --- /dev/null +++ b/config/initializers/wrap_parameters.rb @@ -0,0 +1,14 @@ +# Be sure to restart your server when you modify this file. + +# This file contains settings for ActionController::ParamsWrapper which +# is enabled by default. + +# Enable parameter wrapping for JSON. You can disable this by setting :format to an empty array. +ActiveSupport.on_load(:action_controller) do + wrap_parameters format: [:json] if respond_to?(:wrap_parameters) +end + +# To enable root element in JSON for ActiveRecord objects. +# ActiveSupport.on_load(:active_record) do +# self.include_root_in_json = true +# end diff --git a/config/locales/devise.en.yml b/config/locales/devise.en.yml new file mode 100644 index 0000000..abccdb0 --- /dev/null +++ b/config/locales/devise.en.yml @@ -0,0 +1,59 @@ +# Additional translations at https://github.com/plataformatec/devise/wiki/I18n + +en: + devise: + confirmations: + confirmed: "Your account was successfully confirmed." + send_instructions: "You will receive an email with instructions about how to confirm your account in a few minutes." + send_paranoid_instructions: "If your email address exists in our database, you will receive an email with instructions about how to confirm your account in a few minutes." + failure: + already_authenticated: "You are already signed in." + inactive: "Your account is not activated yet." + invalid: "Invalid email or password." + locked: "Your account is locked." + last_attempt: "You have one more attempt before your account will be locked." + not_found_in_database: "Invalid email or password." + timeout: "Your session expired. Please sign in again to continue." + unauthenticated: "You need to sign in or sign up before continuing." + unconfirmed: "You have to confirm your account before continuing." + mailer: + confirmation_instructions: + subject: "Confirmation instructions" + reset_password_instructions: + subject: "Reset password instructions" + unlock_instructions: + subject: "Unlock Instructions" + omniauth_callbacks: + failure: "Could not authenticate you from %{kind} because \"%{reason}\"." + success: "Successfully authenticated from %{kind} account." + passwords: + no_token: "You can't access this page without coming from a password reset email. If you do come from a password reset email, please make sure you used the full URL provided." + send_instructions: "You will receive an email with instructions on how to reset your password in a few minutes." + send_paranoid_instructions: "If your email address exists in our database, you will receive a password recovery link at your email address in a few minutes." + updated: "Your password was changed successfully. You are now signed in." + updated_not_active: "Your password was changed successfully." + registrations: + destroyed: "Bye! Your account was successfully cancelled. We hope to see you again soon." + signed_up: "Welcome! You have signed up successfully." + signed_up_but_inactive: "You have signed up successfully. However, we could not sign you in because your account is not yet activated." + signed_up_but_locked: "You have signed up successfully. However, we could not sign you in because your account is locked." + signed_up_but_unconfirmed: "A message with a confirmation link has been sent to your email address. Please open the link to activate your account." + update_needs_confirmation: "You updated your account successfully, but we need to verify your new email address. Please check your email and click on the confirm link to finalize confirming your new email address." + updated: "You updated your account successfully." + sessions: + signed_in: "Signed in successfully." + signed_out: "Signed out successfully." + unlocks: + send_instructions: "You will receive an email with instructions about how to unlock your account in a few minutes." + send_paranoid_instructions: "If your account exists, you will receive an email with instructions about how to unlock it in a few minutes." + unlocked: "Your account has been unlocked successfully. Please sign in to continue." + errors: + messages: + already_confirmed: "was already confirmed, please try signing in" + confirmation_period_expired: "needs to be confirmed within %{period}, please request a new one" + expired: "has expired, please request a new one" + not_found: "not found" + not_locked: "was not locked" + not_saved: + one: "1 error prohibited this %{resource} from being saved:" + other: "%{count} errors prohibited this %{resource} from being saved:" diff --git a/config/locales/devise.security_extension.de.yml b/config/locales/devise.security_extension.de.yml new file mode 100644 index 0000000..a2e18cc --- /dev/null +++ b/config/locales/devise.security_extension.de.yml @@ -0,0 +1,14 @@ +de: + errors: + messages: + taken_in_past: "wurde bereits in der Vergangenheit verwendet!" + equal_to_current_password: "darf nicht dem aktuellen Passwort entsprechen!" + password_format: "müssen große, kleine Buchstaben und Ziffern enthalten" + devise: + invalid_captcha: "Die Captchaeingabe ist nicht gültig!" + password_expired: + updated: "Das neue Passwort wurde übernommen." + change_required: "Ihr Passwort ist abgelaufen. Bitte vergeben sie ein neues Passwort!" + failure: + session_limited: 'Ihre Anmeldedaten wurden in einem anderen Browser genutzt. Bitte melden Sie sich erneut an, um in diesem Browser fortzufahren.' + expired: 'Ihr Account ist aufgrund zu langer Inaktiviät abgelaufen. Bitte kontaktieren Sie den Administrator.' diff --git a/config/locales/devise.security_extension.en.yml b/config/locales/devise.security_extension.en.yml new file mode 100644 index 0000000..8819702 --- /dev/null +++ b/config/locales/devise.security_extension.en.yml @@ -0,0 +1,14 @@ +en: + errors: + messages: + taken_in_past: "was already taken in the past!" + equal_to_current_password: "must be different to the current password!" + password_format: "must contain big, small letters and digits" + devise: + invalid_captcha: "The captcha input is not valid!" + password_expired: + updated: "Your new password is saved." + change_required: "Your password is expired. Please renew your password!" + failure: + session_limited: 'Your login credentials were used in another browser. Please sign in again to continue in this browser.' + expired: 'Your account has expired due to inactivity. Please contact the site administrator.' diff --git a/config/locales/en.yml b/config/locales/en.yml new file mode 100644 index 0000000..0653957 --- /dev/null +++ b/config/locales/en.yml @@ -0,0 +1,23 @@ +# Files in the config/locales directory are used for internationalization +# and are automatically loaded by Rails. If you want to use locales other +# than English, add the necessary files in this directory. +# +# To use the locales, use `I18n.t`: +# +# I18n.t 'hello' +# +# In views, this is aliased to just `t`: +# +# <%= t('hello') %> +# +# To use a different locale, set it with `I18n.locale`: +# +# I18n.locale = :es +# +# This would use the information in config/locales/es.yml. +# +# To learn more, please read the Rails Internationalization guide +# available at http://guides.rubyonrails.org/i18n.html. + +en: + hello: "Hello world" diff --git a/config/routes.rb b/config/routes.rb new file mode 100644 index 0000000..6254c5b --- /dev/null +++ b/config/routes.rb @@ -0,0 +1,60 @@ +Rails.application.routes.draw do + devise_for :users + resources :ideas + + # The priority is based upon order of creation: first created -> highest priority. + # See how all your routes lay out with "rake routes". + + # You can have the root of your site routed with "root" + # root 'welcome#index' + root 'ideas#index' + + # Example of regular route: + # get 'products/:id' => 'catalog#view' + + # Example of named route that can be invoked with purchase_url(id: product.id) + # get 'products/:id/purchase' => 'catalog#purchase', as: :purchase + + # Example resource route (maps HTTP verbs to controller actions automatically): + # resources :products + + # Example resource route with options: + # resources :products do + # member do + # get 'short' + # post 'toggle' + # end + # + # collection do + # get 'sold' + # end + # end + + # Example resource route with sub-resources: + # resources :products do + # resources :comments, :sales + # resource :seller + # end + + # Example resource route with more complex sub-resources: + # resources :products do + # resources :comments + # resources :sales do + # get 'recent', on: :collection + # end + # end + + # Example resource route with concerns: + # concern :toggleable do + # post 'toggle' + # end + # resources :posts, concerns: :toggleable + # resources :photos, concerns: :toggleable + + # Example resource route within a namespace: + # namespace :admin do + # # Directs /admin/products/* to Admin::ProductsController + # # (app/controllers/admin/products_controller.rb) + # resources :products + # end +end diff --git a/config/secrets.yml b/config/secrets.yml new file mode 100644 index 0000000..718e664 --- /dev/null +++ b/config/secrets.yml @@ -0,0 +1,22 @@ +# Be sure to restart your server when you modify this file. + +# Your secret key is used for verifying the integrity of signed cookies. +# If you change this key, all old signed cookies will become invalid! + +# Make sure the secret is at least 30 characters and all random, +# no regular words or you'll be exposed to dictionary attacks. +# You can use `rake secret` to generate a secure secret key. + +# Make sure the secrets in this file are kept private +# if you're sharing your code publicly. + +development: + secret_key_base: 4aff94f041814d00b099bb451986c3b7444966819b272cb86f8cf3c7fc15f7a778df5098ff9e728b2398f37e93d89b9608bb13e24ac69e3a974a561ef32471dd + +test: + secret_key_base: 762a68575e1e325d8774574c15a81400373c16432484e8378ba1030011d5567eba51b035580c0c784f9a6930805d8be195539f6e15919c06d829586e7cfafd6a + +# Do not keep production secrets in the repository, +# instead read values from the environment. +production: + secret_key_base: <%= ENV["SECRET_KEY_BASE"] %> diff --git a/db/migrate/20140617204242_create_ideas.rb b/db/migrate/20140617204242_create_ideas.rb new file mode 100644 index 0000000..781811c --- /dev/null +++ b/db/migrate/20140617204242_create_ideas.rb @@ -0,0 +1,11 @@ +class CreateIdeas < ActiveRecord::Migration + def change + create_table :ideas do |t| + t.string :name + t.text :description + t.string :picture + + t.timestamps + end + end +end diff --git a/db/migrate/20140617204554_devise_create_users.rb b/db/migrate/20140617204554_devise_create_users.rb new file mode 100644 index 0000000..cf497c2 --- /dev/null +++ b/db/migrate/20140617204554_devise_create_users.rb @@ -0,0 +1,42 @@ +class DeviseCreateUsers < ActiveRecord::Migration + def change + create_table(:users) do |t| + ## Database authenticatable + t.string :email, null: false, default: "" + t.string :encrypted_password, null: false, default: "" + + ## Recoverable + t.string :reset_password_token + t.datetime :reset_password_sent_at + + ## Rememberable + t.datetime :remember_created_at + + ## Trackable + t.integer :sign_in_count, default: 0, null: false + t.datetime :current_sign_in_at + t.datetime :last_sign_in_at + t.string :current_sign_in_ip + t.string :last_sign_in_ip + + ## Confirmable + # t.string :confirmation_token + # t.datetime :confirmed_at + # t.datetime :confirmation_sent_at + # t.string :unconfirmed_email # Only if using reconfirmable + + ## Lockable + # t.integer :failed_attempts, default: 0, null: false # Only if lock strategy is :failed_attempts + # t.string :unlock_token # Only if unlock strategy is :email or :both + # t.datetime :locked_at + + + t.timestamps + end + + add_index :users, :email, unique: true + add_index :users, :reset_password_token, unique: true + # add_index :users, :confirmation_token, unique: true + # add_index :users, :unlock_token, unique: true + end +end diff --git a/db/migrate/20140617210658_add_unique_session_id_to_user.rb b/db/migrate/20140617210658_add_unique_session_id_to_user.rb new file mode 100644 index 0000000..505bd6e --- /dev/null +++ b/db/migrate/20140617210658_add_unique_session_id_to_user.rb @@ -0,0 +1,5 @@ +class AddUniqueSessionIdToUser < ActiveRecord::Migration + def change + add_column :users, :unique_session_id, :string, :limit => 20 + end +end diff --git a/db/schema.rb b/db/schema.rb new file mode 100644 index 0000000..c76062b --- /dev/null +++ b/db/schema.rb @@ -0,0 +1,43 @@ +# encoding: UTF-8 +# This file is auto-generated from the current state of the database. Instead +# of editing this file, please use the migrations feature of Active Record to +# incrementally modify your database, and then regenerate this schema definition. +# +# Note that this schema.rb definition is the authoritative source for your +# database schema. If you need to create the application database on another +# system, you should be using db:schema:load, not running all the migrations +# from scratch. The latter is a flawed and unsustainable approach (the more migrations +# you'll amass, the slower it'll run and the greater likelihood for issues). +# +# It's strongly recommended that you check this file into your version control system. + +ActiveRecord::Schema.define(version: 20140617210658) do + + create_table "ideas", force: true do |t| + t.string "name" + t.text "description" + t.string "picture" + t.datetime "created_at" + t.datetime "updated_at" + end + + create_table "users", force: true do |t| + t.string "email", default: "", null: false + t.string "encrypted_password", default: "", null: false + t.string "reset_password_token" + t.datetime "reset_password_sent_at" + t.datetime "remember_created_at" + t.integer "sign_in_count", default: 0, null: false + t.datetime "current_sign_in_at" + t.datetime "last_sign_in_at" + t.string "current_sign_in_ip" + t.string "last_sign_in_ip" + t.datetime "created_at" + t.datetime "updated_at" + t.string "unique_session_id", limit: 20 + end + + add_index "users", ["email"], name: "index_users_on_email", unique: true + add_index "users", ["reset_password_token"], name: "index_users_on_reset_password_token", unique: true + +end diff --git a/db/seeds.rb b/db/seeds.rb new file mode 100644 index 0000000..4edb1e8 --- /dev/null +++ b/db/seeds.rb @@ -0,0 +1,7 @@ +# This file should contain all the record creation needed to seed the database with its default values. +# The data can then be loaded with the rake db:seed (or created alongside the db with db:setup). +# +# Examples: +# +# cities = City.create([{ name: 'Chicago' }, { name: 'Copenhagen' }]) +# Mayor.create(name: 'Emanuel', city: cities.first) diff --git a/lib/assets/.keep b/lib/assets/.keep new file mode 100644 index 0000000..e69de29 diff --git a/lib/tasks/.keep b/lib/tasks/.keep new file mode 100644 index 0000000..e69de29 diff --git a/log/.keep b/log/.keep new file mode 100644 index 0000000..e69de29 diff --git a/public/404.html b/public/404.html new file mode 100644 index 0000000..b612547 --- /dev/null +++ b/public/404.html @@ -0,0 +1,67 @@ + + + + The page you were looking for doesn't exist (404) + + + + + + +
+
+

The page you were looking for doesn't exist.

+

You may have mistyped the address or the page may have moved.

+
+

If you are the application owner check the logs for more information.

+
+ + diff --git a/public/422.html b/public/422.html new file mode 100644 index 0000000..a21f82b --- /dev/null +++ b/public/422.html @@ -0,0 +1,67 @@ + + + + The change you wanted was rejected (422) + + + + + + +
+
+

The change you wanted was rejected.

+

Maybe you tried to change something you didn't have access to.

+
+

If you are the application owner check the logs for more information.

+
+ + diff --git a/public/500.html b/public/500.html new file mode 100644 index 0000000..061abc5 --- /dev/null +++ b/public/500.html @@ -0,0 +1,66 @@ + + + + We're sorry, but something went wrong (500) + + + + + + +
+
+

We're sorry, but something went wrong.

+
+

If you are the application owner check the logs for more information.

+
+ + diff --git a/public/favicon.ico b/public/favicon.ico new file mode 100644 index 0000000..e69de29 diff --git a/public/robots.txt b/public/robots.txt new file mode 100644 index 0000000..3c9c7c0 --- /dev/null +++ b/public/robots.txt @@ -0,0 +1,5 @@ +# See http://www.robotstxt.org/robotstxt.html for documentation on how to use the robots.txt file +# +# To ban all spiders from the entire site uncomment the next two lines: +# User-agent: * +# Disallow: / diff --git a/test/controllers/.keep b/test/controllers/.keep new file mode 100644 index 0000000..e69de29 diff --git a/test/controllers/ideas_controller_test.rb b/test/controllers/ideas_controller_test.rb new file mode 100644 index 0000000..f37fb12 --- /dev/null +++ b/test/controllers/ideas_controller_test.rb @@ -0,0 +1,49 @@ +require 'test_helper' + +class IdeasControllerTest < ActionController::TestCase + setup do + @idea = ideas(:one) + end + + test "should get index" do + get :index + assert_response :success + assert_not_nil assigns(:ideas) + end + + test "should get new" do + get :new + assert_response :success + end + + test "should create idea" do + assert_difference('Idea.count') do + post :create, idea: { description: @idea.description, name: @idea.name, picture: @idea.picture } + end + + assert_redirected_to idea_path(assigns(:idea)) + end + + test "should show idea" do + get :show, id: @idea + assert_response :success + end + + test "should get edit" do + get :edit, id: @idea + assert_response :success + end + + test "should update idea" do + patch :update, id: @idea, idea: { description: @idea.description, name: @idea.name, picture: @idea.picture } + assert_redirected_to idea_path(assigns(:idea)) + end + + test "should destroy idea" do + assert_difference('Idea.count', -1) do + delete :destroy, id: @idea + end + + assert_redirected_to ideas_path + end +end diff --git a/test/fixtures/.keep b/test/fixtures/.keep new file mode 100644 index 0000000..e69de29 diff --git a/test/fixtures/ideas.yml b/test/fixtures/ideas.yml new file mode 100644 index 0000000..c75a69f --- /dev/null +++ b/test/fixtures/ideas.yml @@ -0,0 +1,11 @@ +# Read about fixtures at http://api.rubyonrails.org/classes/ActiveRecord/FixtureSet.html + +one: + name: MyString + description: MyText + picture: MyString + +two: + name: MyString + description: MyText + picture: MyString diff --git a/test/fixtures/users.yml b/test/fixtures/users.yml new file mode 100644 index 0000000..937a0c0 --- /dev/null +++ b/test/fixtures/users.yml @@ -0,0 +1,11 @@ +# Read about fixtures at http://api.rubyonrails.org/classes/ActiveRecord/FixtureSet.html + +# This model initially had no columns defined. If you add columns to the +# model remove the '{}' from the fixture names and add the columns immediately +# below each fixture, per the syntax in the comments below +# +one: {} +# column: value +# +two: {} +# column: value diff --git a/test/helpers/.keep b/test/helpers/.keep new file mode 100644 index 0000000..e69de29 diff --git a/test/helpers/ideas_helper_test.rb b/test/helpers/ideas_helper_test.rb new file mode 100644 index 0000000..b500bae --- /dev/null +++ b/test/helpers/ideas_helper_test.rb @@ -0,0 +1,4 @@ +require 'test_helper' + +class IdeasHelperTest < ActionView::TestCase +end diff --git a/test/integration/.keep b/test/integration/.keep new file mode 100644 index 0000000..e69de29 diff --git a/test/mailers/.keep b/test/mailers/.keep new file mode 100644 index 0000000..e69de29 diff --git a/test/models/.keep b/test/models/.keep new file mode 100644 index 0000000..e69de29 diff --git a/test/models/idea_test.rb b/test/models/idea_test.rb new file mode 100644 index 0000000..5dce89d --- /dev/null +++ b/test/models/idea_test.rb @@ -0,0 +1,7 @@ +require 'test_helper' + +class IdeaTest < ActiveSupport::TestCase + # test "the truth" do + # assert true + # end +end diff --git a/test/models/user_test.rb b/test/models/user_test.rb new file mode 100644 index 0000000..82f61e0 --- /dev/null +++ b/test/models/user_test.rb @@ -0,0 +1,7 @@ +require 'test_helper' + +class UserTest < ActiveSupport::TestCase + # test "the truth" do + # assert true + # end +end diff --git a/test/test_helper.rb b/test/test_helper.rb new file mode 100644 index 0000000..bf95f81 --- /dev/null +++ b/test/test_helper.rb @@ -0,0 +1,13 @@ +ENV['RAILS_ENV'] ||= 'test' +require File.expand_path('../../config/environment', __FILE__) +require 'rails/test_help' + +class ActiveSupport::TestCase + # Setup all fixtures in test/fixtures/*.yml for all tests in alphabetical order. + # + # Note: You'll currently still have to declare fixtures explicitly in integration tests + # -- they do not yet inherit this setting + fixtures :all + + # Add more helper methods to be used by all tests here... +end diff --git a/vendor/assets/javascripts/.keep b/vendor/assets/javascripts/.keep new file mode 100644 index 0000000..e69de29 diff --git a/vendor/assets/stylesheets/.keep b/vendor/assets/stylesheets/.keep new file mode 100644 index 0000000..e69de29