-
Notifications
You must be signed in to change notification settings - Fork 3
/
modular.rb
190 lines (162 loc) · 4.41 KB
/
modular.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
require 'logger'
require 'sinatra/base'
# establish DB connection
require 'sqlite3'
require 'active_record'
ActiveRecord::Base.establish_connection(
:adapter => "sqlite3",
:database => "dummy",
:verbosity => "quiet"
)
ActiveRecord::Base.logger = Logger.new(STDOUT)
# mailer
require 'action_mailer'
ActionMailer::Base.perform_deliveries = true
ActionMailer::Base.raise_delivery_errors = true
ActionMailer::Base.smtp_settings = {
:address => "smtp.gmail.com",
:port => 587,
:domain => 'example.com',
:user_name => 'nbenari',# put your real username here to send emails.
:password => 'secret', # put your real password here to send emails.
:authentication => 'plain',
:enable_starttls_auto => true
}
ActionMailer::Base.view_paths = File.join(File.dirname(__FILE__), 'views')
require File.join(File.dirname(__FILE__),'models','sorcery_mailer')
# models
autoload :Authentication, File.join(File.dirname(__FILE__),'models','authentication')
autoload :User, File.join(File.dirname(__FILE__),'models','user')
# sorcery
require 'sorcery'
require_relative 'sorcery_config'
# helpers
module MyHelpers
def current_users_list
current_users.map {|u| u.email}.join(", ")
end
def not_authenticated
halt "You must login to see this page!"
end
end
# filters
class Modular < Sinatra::Base
set :sessions, true
helpers MyHelpers
['/logout'].each do |pattern|
before pattern do
require_login
end
end
before '/login/http' do
require_login_from_http_basic
end
before do
@notice = session[:notice]
@alert = session[:alert]
session[:notice] = nil
session[:alert] = nil
end
# actions
get '/' do
@users = User.all
erb :'users/index'
end
# registration
get '/users/new' do
@user = User.new
erb :'users/new'
end
post '/users' do
@user = User.new(params[:user])
if @user.save
session[:notice] = "Success!"
redirect '/'
else
session[:alert] = "Failed!"
redirect '/'
end
end
get '/users/:id/activate' do
if @user = User.load_from_activation_token(params[:id])
@user.activate!
session[:notice] = 'User was successfully activated.'
redirect '/login'
else
not_authenticated
end
end
# login/logout
get '/login' do
erb :'user_sessions/new'
end
get '/logout' do
logout
session[:notice] = "Logged out!"
redirect '/'
end
post '/login' do
@user = login(params[:email],params[:password],params[:remember])
if @user
session[:notice] = "Login Success!"
else
session[:alert] = "Login Failed!"
end
redirect '/'
end
# password reset
post '/password_resets' do
@user = User.find_by_email(params[:email])
# This line sends an email to the user with instructions on how to reset their password (a url with a random token)
@user.deliver_reset_password_instructions! if @user
# Tell the user instructions have been sent whether or not email was found.
# This is to not leak information to attackers about which emails exist in the system.
session[:notice] = 'Instructions have been sent to your email.'
redirect '/'
end
get '/password_resets/:token/edit' do
@user = User.load_from_reset_password_token(params[:token])
@token = params[:token]
not_authenticated if !@user
erb :'password_resets/edit'
end
put '/password_resets/:id' do
@user = User.load_from_reset_password_token(params[:token])
not_authenticated if !@user
# the next line clears the temporary token and updates the password
if @user.reset_password!(params[:user])
session[:notice] = 'Password was successfully updated.'
redirect '/'
else
erb :'password_resets/edit'
end
end
# HTTP Basic Auth
get '/login/http' do
erb "HTTP Basic Auth"
end
# External
get '/auth_at_provider' do
login_at(params[:provider])
end
get '/oauth/callback' do
provider = params[:provider]
@user = login_from(provider)
if @user
session[:notice] = "Success!"
redirect '/'
else
if @user = create_from(provider)
@user.activate!
session.clear # protect from session fixation attack
login_user(@user)
session[:notice] = "User created!"
redirect '/'
else
session[:alert] = "Failed!"
redirect '/'
end
end
end
run! if app_file == $1
end