added reset password feature ・ c128bed ・ Gitprep

- added reset password feature;
- Browse files
- Yuki Kimoto commited on 2013-04-10
- 1 parent e5d0519
  
  commit c128bedf39bb33da67242ba570d51d8102f357fa

Showing 12 changed files with 123 additions and 48 deletions

+12 -8

lib/Gitprep.pm

@@ -174,17 +174,21 @@ EOS
   
   # User defined Routes
   {
-
-    # Reset admin password
-    $r->any('/reset-password')->name('reset-password')
-      if $conf->{admin}{reset_password};
-
     # User
-    $r->get('/:user')->name('user');
+    my $r = $r->route('/:user');
+    {
+      # Home
+      $r->get('/')->name('user');
+      
+      # Settings
+      $r->get('/_settings')->name('user-settings');
+    }
     
     # Project
     {
-      my $r = $r->route('/:user/:project');
+      my $r = $r->route('/:project');
+      
+      # Home
       $r->get('/')->name('project');
       
       # Commit
@@ -220,7 +224,7 @@ EOS
       $r->get('/compare/(#rev1)...(#rev2)')->name('compare');
       
       # Settings
-      $r->any('/settings')->name('settings');
+      $r->any('/settings')->name('project-settings');
       
       # Fork
       $r->any('/fork')->name('fork');

+20 -5

lib/Gitprep/API.pm

View

@@ -12,6 +12,21 @@ sub dirname { File::Basename::dirname(@_) }
 
 has 'cntl';
 
+sub admin_user {
+  my $self = shift;
+  
+  # DBI
+  my $dbi = $self->cntl->app->dbi;
+  
+  # Admin user
+  my $users = $dbi->model('user')->select->filter('config' => 'json')->all;
+  for my $user (@$users) {
+    return $user->{id} if $user->{config}{admin};
+  }
+  
+  return;
+}
+
 sub encrypt_password {
   my ($self, $password) = @_;
   
@@ -81,7 +96,7 @@ sub logined_admin {
   my $c = $self->cntl;
   
   # Check logined as admin
-  my $user = $c->session('user_id');
+  my $user = $c->session('user');
   
   return $self->is_admin($user) && $self->logined;
 }
@@ -99,17 +114,17 @@ sub json {
 }
 
 sub logined {
-  my ($self, $user) = @_;
+  my $self = shift;
   
   my $c = $self->cntl;
   
   my $dbi = $c->app->dbi;
   
-  my $id = $c->session('user_id');
-  my $password = $c->session('user_password');
+  my $user = $c->session('user');
+  my $password = $c->session('password');
   return unless defined $password;
   
-  my $row = $dbi->model('user')->select('config', id => $id)->one;
+  my $row = $dbi->model('user')->select('config', id => $user)->one;
   return unless $row;
   my $config = $self->json($row->{config});
   

+1 -1

templates/auto/_admin/create.html.ep

View

@@ -37,7 +37,7 @@
       }
       
       my $data = $vresult->data;
-      my $user = session('user_id');
+      my $user = session('user');
       my $project = $data->{project};
       my $description = $data->{description};
       my $readme = $data->{readme};

+14 -12

templates/auto/_admin/users.html.ep

View

@@ -18,18 +18,20 @@
     <div><h3>Admin Users</h3></div>
     <div style="margin-bottom:10px"><a class="btn" href="/_admin/user/create">Create User</a></div>
     <div class="container">
-        <table class="table">
-            % for my $user (@$users) {
-              <tr>
-                <td>
-                  <a href="#"><%= $user->{id} %></a>
-                </td>
-                <td style="text-align:right">
-                  <a class="btn btn-mini" href="<%= url_for("/_admin/user/delete?user=$user->{id}") %>">Delete</a>
-                </td>
-              </tr>
-            % }
-        </table>
+      <table class="table">
+        % for my $user (@$users) {
+          % my $uid = $user->{id};
+          <tr>
+            <td>
+              <a href="#"><%= $uid %></a>
+            </td>
+            <td style="text-align:right">
+              <a class="btn btn-mini" href="<%= url_for("/reset-password?user=$uid") %>">Reset Password</a>
+              <a class="btn btn-mini" href="<%= url_for("/_admin/user/delete?user=$uid") %>">Delete</a>
+            </td>
+          </tr>
+        % }
+      </table>
     </div>
   </div>
   <div class="text-center" style="margin-bottom:20px"><big><a href="/_admin">Admin page</a></big></div>

+2 -2

templates/auto/_login.html.ep

View

@@ -63,8 +63,8 @@
       my $config = $api->json($config_json);
       my $password_encrypted = $config->{password};
       my $admin = $config->{admin};
-      session(user_id => $id);
-      session(user_password => $password_encrypted);
+      session(user => $id);
+      session(password => $password_encrypted);
       
       # Go to admin page
       if ($admin) {

+49 -15

templates/reset-password.html.ep → templates/auto/reset-password.html.ep

View

...	...	@@ -1,5 +1,4 @@
1	1	<%
2		- use Mojo::Util 'md5_sum';
3	2
4	3	# API
5	4	my $api = gitprep_api;
...	...	@@ -7,6 +6,34 @@
7	6	# Operator
8	7	my $op = param('op') \|\| '';
9	8
	9	+ # Current user
	10	+ my $current_user = session('user');
	11	+
	12	+ # User
	13	+ my $user = param('user');
	14	+
	15	+ # Reset password
	16	+ my $reset_password_conf_on;
	17	+ my $admin_user = $api->admin_user;
	18	+ # Reset password config
	19	+ if (app->config->{admin}{reset_password}) {
	20	+ $user = $admin_user;
	21	+ $reset_password_conf_on = 1;
	22	+ }
	23	+ # Normal user can't change other user password
	24	+ elsif ($api->logined
	25	+ && $current_user ne $admin_user
	26	+ && $current_user ne $user)
	27	+ {
	28	+ $self->redirect_to('/');
	29	+ return 1;
	30	+ }
	31	+ # Not logined
	32	+ elsif (!$api->logined) {
	33	+ $self->redirect_to('/');
	34	+ return 1;
	35	+ }
	36	+
10	37	# Error
11	38	my $errors;
12	39
...	...	@@ -17,7 +44,7 @@
17	44	sleep 3;
18	45
19	46	# Check existence admin user
20		- my $admin_user = app->dbi->model('user')->select(id => 'admin')->one;
	47	+ my $admin_user = app->dbi->model('user')->select(id => $user)->one;
21	48
22	49	# Reset password
23	50	if ($admin_user) {
...	...	@@ -41,27 +68,31 @@
41	68
42	69	# Valid parameters
43	70	my $valid_params = $vresult->data;
44		- my $id = 'admin';
45	71	my ($password_encrypted, $salt)
46	72	= $api->encrypt_password($valid_params->{password});
47	73
48	74	# Create admin user
49	75	my $dbi = app->dbi;
50	76
51		- my $config_json = $dbi->model('user')->select('config', id => $id)->value;
	77	+ my $config_json = $dbi->model('user')->select('config', id => $user)->value;
52	78	if (defined $config_json) {
53	79	my $config = $api->json($config_json);
54	80	$config->{password} = $password_encrypted;
55	81	$config->{salt} = $salt;
56		- $self->app->dbi->model('user')->update({config => $config_json}, id => $id);
	82	+ $self->app->dbi->model('user')->update({config => $config_json}, id => $user);
57	83	}
58		- else { $errors = ["Admin user don't exists"] }
	84	+ else { $errors = ["User $user don't exists"] }
59	85
60	86	# Redirect
61		- my $message = "Password is reseted. Don't forget"
62		- . " to comment out reset_password option line from config file";
63		- flash(message => $message);
64		- $self->redirect_to('current');
	87	+ my $messages = [];
	88	+ push @$messages, "Success Reset Password: User $user password is changed";
	89	+ if ($reset_password_conf_on) {
	90	+ my $message = "Password is reseted. Don't forget"
	91	+ . " to comment out reset_password option line from config file";
	92	+ push @$messages, $message;
	93	+ }
	94	+ flash(messages => $messages);
	95	+ $self->redirect_to(url_for->query(user => $user));
65	96	}
66	97	else { $errors = $vresult->messages }
67	98	}
...	...	@@ -74,10 +105,12 @@
74	105	%= include '/include/header';
75	106
76	107	<div class="container">
77		- % if (my $message = flash('message')) {
	108	+ % if (my $messages = flash('messages')) {
78	109	<div class="alert alert-success">
79	110	<button type="button" class="close" data-dismiss="alert">×</button>
80		- <div><%= $message %></div>
	111	+ % for my $message (@$messages) {
	112	+ <div><%= $message %></div>
	113	+ % }
81	114	</div>
82	115	% }
83	116
...	...	@@ -89,13 +122,14 @@
89	122	% }
90	123	</div>
91	124	% }
92		- <div class="text-center"><h3>Reset Admin Password</h3></div>
	125	+ <div class="text-center"><h3>Reset Password</h3></div>
93	126	<div class="well" style="background-color:white;padding-top:15px;padding-left:60px;width:300px;margin-left:auto;margin-right:auto">
94	127	<form action="<%= url_for->query(op => 'reset') %>" method="post">
95	128	<div class="control-group">
96	129	<label class="control-label" for="user-name">User name</label>
97	130	<div>
98		- <b>admin</b>
	131	+ <b><%= $user %></b>
	132	+ %= hidden_field user => $user;
99	133	</div>
100	134	</div>
101	135	<div class="control-group">
...	...	@@ -107,7 +141,7 @@
107	141	</div>
108	142	<div class="control-group">
109	143	<div class="controls">
110		- <button type="submit" class="btn">Reset Admin Password</button>
	144	+ <button type="submit" class="btn">Reset Password</button>
111	145	</div>
112	146	</div>
113	147	</form>

+1 -1

templates/fork.html.ep

View

@@ -21,7 +21,7 @@
       return 1;
     }
     
-    my $login_user = session('user_id');
+    my $login_user = session('user');
     my $data = $vresult->data;
     my $user = $data->{user};
     my $project = $data->{project};

+2 -1

templates/include/header.html.ep

View

@@ -11,11 +11,12 @@
       % if ($api->logined) {
         <div  style="margin-top:5px">
           <div>
-            % my $user = session('user_id') || '';
+            % my $user = session('user') || '';
             <i class="icon-user"></i><a href="<%= url_for("/$user") %>"><%= $user %></a>
           </div>
           % unless ($user eq 'admin') {
             <a class="btn btn-small" href="<%= url_for("/_admin/create") %>">Create a new repo</a>
+            <a class="btn btn-small" href="<%= url_for("/$user/_settings") %>">Account settings</a>
           % }
           % my $url = url_with->to_abs;
           <a class="btn btn-small" href="<%= url_for("/_logout?from=$url") %>">Sign out</a>

+1 -1

templates/settings.html.ep → templates/project-settings.html.ep

View

@@ -1,7 +1,7 @@
 <%
   my $api = gitprep_api;
   my $logined = $api->logined;
-  my $user_is_valid = $logined && $user eq session('user_id');
+  my $user_is_valid = $logined && $user eq session('user');
 
   my $git = app->git;
 

+1 -1

templates/project.html.ep

View

@@ -119,7 +119,7 @@
         </h4>
       </div>
       <div class="span2 text-right">
-        % if ($logined && $user eq session('user_id')) {
+        % if ($logined && $user eq session('user')) {
           <a class="btn" href="<%= url_for("/$user/$project/settings") %>">Settings</a>
         % }
       </div>

+19

templates/user-settings.html.ep

View

...	...	@@ -0,0 +1,19 @@
	1	+% layout 'common';
	2	+
	3	+ %= include '/include/header';
	4	+
	5	+ <div class="container">
	6	+ <ul class="breadcrumb" style="margin-top:10px">
	7	+ <li><a href="<%= url_for('/') %>">Home</a></li>
	8	+ /
	9	+ <li><a href="<%= url_for("/$user") %>"><%= $user %></a></li>
	10	+ </ul>
	11	+ <h4>
	12	+ User Account Settings
	13	+ </h4>
	14	+ <div style="margin-bottom:30px">
	15	+ <a class="btn" href="<%= url_for("/reset-password")->query(user => $user) %>">Reset Password</a>
	16	+ </div>
	17	+ </div>
	18	+
	19	+ %= include '/include/footer';

+1 -1

templates/user.html.ep

View

...	...	@@ -13,7 +13,7 @@
13	13	<ul class="breadcrumb" style="margin-top:10px">
14	14	<li><a href="<%= url_for('/') %>">Home</a></li>
15	15	/
16		- <li><a href="<%= url_for %>"><%= $user %></a></li>
	16	+ <li><a href="<%= url_for("/$user") %>"><%= $user %></a></li>
17	17	</ul>
18	18	% if (my $message = flash('delete_message')) {
19	19	<div class="alert alert-success">

...	...	@@ -174,17 +174,21 @@ EOS
174	174
175	175	# User defined Routes
176	176	{
177		-
178		- # Reset admin password
179		- $r->any('/reset-password')->name('reset-password')
180		- if $conf->{admin}{reset_password};
181		-
182	177	# User
183		- $r->get('/:user')->name('user');
	178	+ my $r = $r->route('/:user');
	179	+ {
	180	+ # Home
	181	+ $r->get('/')->name('user');
	182	+
	183	+ # Settings
	184	+ $r->get('/_settings')->name('user-settings');
	185	+ }
184	186
185	187	# Project
186	188	{
187		- my $r = $r->route('/:user/:project');
	189	+ my $r = $r->route('/:project');
	190	+
	191	+ # Home
188	192	$r->get('/')->name('project');
189	193
190	194	# Commit
...	...	@@ -220,7 +224,7 @@ EOS
220	224	$r->get('/compare/(#rev1)...(#rev2)')->name('compare');
221	225
222	226	# Settings
223		- $r->any('/settings')->name('settings');
	227	+ $r->any('/settings')->name('project-settings');
224	228
225	229	# Fork
226	230	$r->any('/fork')->name('fork');

...	...	@@ -12,6 +12,21 @@ sub dirname { File::Basename::dirname(@_) }
12	12
13	13	has 'cntl';
14	14
	15	+sub admin_user {
	16	+ my $self = shift;
	17	+
	18	+ # DBI
	19	+ my $dbi = $self->cntl->app->dbi;
	20	+
	21	+ # Admin user
	22	+ my $users = $dbi->model('user')->select->filter('config' => 'json')->all;
	23	+ for my $user (@$users) {
	24	+ return $user->{id} if $user->{config}{admin};
	25	+ }
	26	+
	27	+ return;
	28	+}
	29	+
15	30	sub encrypt_password {
16	31	my ($self, $password) = @_;
17	32
...	...	@@ -81,7 +96,7 @@ sub logined_admin {
81	96	my $c = $self->cntl;
82	97
83	98	# Check logined as admin
84		- my $user = $c->session('user_id');
	99	+ my $user = $c->session('user');
85	100
86	101	return $self->is_admin($user) && $self->logined;
87	102	}
...	...	@@ -99,17 +114,17 @@ sub json {
99	114	}
100	115
101	116	sub logined {
102		- my ($self, $user) = @_;
	117	+ my $self = shift;
103	118
104	119	my $c = $self->cntl;
105	120
106	121	my $dbi = $c->app->dbi;
107	122
108		- my $id = $c->session('user_id');
109		- my $password = $c->session('user_password');
	123	+ my $user = $c->session('user');
	124	+ my $password = $c->session('password');
110	125	return unless defined $password;
111	126
112		- my $row = $dbi->model('user')->select('config', id => $id)->one;
	127	+ my $row = $dbi->model('user')->select('config', id => $user)->one;
113	128	return unless $row;
114	129	my $config = $self->json($row->{config});
115	130

...	...	@@ -37,7 +37,7 @@
37	37	}
38	38
39	39	my $data = $vresult->data;
40		- my $user = session('user_id');
	40	+ my $user = session('user');
41	41	my $project = $data->{project};
42	42	my $description = $data->{description};
43	43	my $readme = $data->{readme};

...	...	@@ -18,18 +18,20 @@
18	18	<div><h3>Admin Users</h3></div>
19	19	<div style="margin-bottom:10px"><a class="btn" href="/_admin/user/create">Create User</a></div>
20	20	<div class="container">
21		- <table class="table">
22		- % for my $user (@$users) {
23		- <tr>
24		- <td>
25		- <a href="#"><%= $user->{id} %></a>
26		- </td>
27		- <td style="text-align:right">
28		- <a class="btn btn-mini" href="<%= url_for("/_admin/user/delete?user=$user->{id}") %>">Delete</a>
29		- </td>
30		- </tr>
31		- % }
32		- </table>
	21	+ <table class="table">
	22	+ % for my $user (@$users) {
	23	+ % my $uid = $user->{id};
	24	+ <tr>
	25	+ <td>
	26	+ <a href="#"><%= $uid %></a>
	27	+ </td>
	28	+ <td style="text-align:right">
	29	+ <a class="btn btn-mini" href="<%= url_for("/reset-password?user=$uid") %>">Reset Password</a>
	30	+ <a class="btn btn-mini" href="<%= url_for("/_admin/user/delete?user=$uid") %>">Delete</a>
	31	+ </td>
	32	+ </tr>
	33	+ % }
	34	+ </table>
33	35	</div>
34	36	</div>
35	37	<div class="text-center" style="margin-bottom:20px"><big><a href="/_admin">Admin page</a></big></div>

...	...	@@ -63,8 +63,8 @@
63	63	my $config = $api->json($config_json);
64	64	my $password_encrypted = $config->{password};
65	65	my $admin = $config->{admin};
66		- session(user_id => $id);
67		- session(user_password => $password_encrypted);
	66	+ session(user => $id);
	67	+ session(password => $password_encrypted);
68	68
69	69	# Go to admin page
70	70	if ($admin) {

...	...	@@ -21,7 +21,7 @@
21	21	return 1;
22	22	}
23	23
24		- my $login_user = session('user_id');
	24	+ my $login_user = session('user');
25	25	my $data = $vresult->data;
26	26	my $user = $data->{user};
27	27	my $project = $data->{project};

...	...	@@ -11,11 +11,12 @@
11	11	% if ($api->logined) {
12	12	<div style="margin-top:5px">
13	13	<div>
14		- % my $user = session('user_id') \|\| '';
	14	+ % my $user = session('user') \|\| '';
15	15	<i class="icon-user"></i><a href="<%= url_for("/$user") %>"><%= $user %></a>
16	16	</div>
17	17	% unless ($user eq 'admin') {
18	18	<a class="btn btn-small" href="<%= url_for("/_admin/create") %>">Create a new repo</a>
	19	+ <a class="btn btn-small" href="<%= url_for("/$user/_settings") %>">Account settings</a>
19	20	% }
20	21	% my $url = url_with->to_abs;
21	22	<a class="btn btn-small" href="<%= url_for("/_logout?from=$url") %>">Sign out</a>

...	...	@@ -1,7 +1,7 @@
1	1	<%
2	2	my $api = gitprep_api;
3	3	my $logined = $api->logined;
4		- my $user_is_valid = $logined && $user eq session('user_id');
	4	+ my $user_is_valid = $logined && $user eq session('user');
5	5
6	6	my $git = app->git;
7	7

...	...	@@ -119,7 +119,7 @@
119	119	</h4>
120	120	</div>
121	121	<div class="span2 text-right">
122		- % if ($logined && $user eq session('user_id')) {
	122	+ % if ($logined && $user eq session('user')) {
123	123	<a class="btn" href="<%= url_for("/$user/$project/settings") %>">Settings</a>
124	124	% }
125	125	</div>