diff --git a/.env.example b/.env.example index be66839..256ffca 100644 --- a/.env.example +++ b/.env.example @@ -1,7 +1,10 @@ TOPSEKRIT_AUTHORISATION_SETTING='open' TOPSEKRIT_AUTHORISED_DOMAIN='reinteractive.net' GOOGLE_OAUTH_CALLBACK_PATH='/auth/google_oauth2/callback' -GOOGLE_CLIENT_ID='' -GOOGLE_CLIENT_SECRET='' +GOOGLE_OAUTH_CLIENT_ID='' +GOOGLE_OAUTH_CLIENT_SECRET='' BASE_URL='http://localhost:3000' -TOPSEKRIT_EXPIRY_DAYS='14' \ No newline at end of file +TOPSEKRIT_EXPIRY_DAYS='14' +RECAPTCHA_SITE_KEY='' +RECAPTCHA_SECRET_KEY='' +2FA_KEY='' diff --git a/Gemfile b/Gemfile index e26bcf1..70c1f70 100644 --- a/Gemfile +++ b/Gemfile @@ -25,6 +25,12 @@ gem "bugsnag" gem "okcomputer" gem "skylight" gem 'rails_12factor', group: :production +gem "devise" +gem "devise-two-factor" +gem "rqrcode-rails3" +gem "mini_magick" +gem "local_time" +gem "trix" gem 'sdoc', '~> 0.4.0', group: :doc @@ -41,14 +47,16 @@ group :test do gem "capybara" gem "poltergeist" gem "rspec-rails" - gem "factory_girl_rails" + gem "factory_bot_rails" gem "database_cleaner" gem "faker" gem "launchy" gem "show_me_the_cookies", "~> 3.1.0" + gem "timecop" end group :development, :test do gem "byebug" gem "dotenv-rails" + gem 'pry' end diff --git a/Gemfile.lock b/Gemfile.lock index d489b0d..a10ef9d 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -43,6 +43,7 @@ GEM encryptor (~> 3.0.0) autoprefixer-rails (6.7.7.1) execjs + bcrypt (3.1.11) better_errors (2.1.1) coderay (>= 1.0.0) erubis (>= 2.6.6) @@ -66,11 +67,24 @@ GEM activemodel (>= 4.0.0) activesupport (>= 4.0.0) mime-types (>= 1.16) + chunky_png (1.3.11) cliver (0.3.2) coderay (1.1.1) concurrent-ruby (1.0.5) database_cleaner (1.5.3) debug_inspector (0.0.2) + devise (4.4.0) + bcrypt (~> 3.0) + orm_adapter (~> 0.1) + railties (>= 4.1.0, < 5.2) + responders + warden (~> 1.2.3) + devise-two-factor (3.0.3) + activesupport (< 5.3) + attr_encrypted (>= 1.3, < 4, != 2) + devise (~> 4.0) + railties (< 5.3) + rotp (~> 2.0) diff-lcs (1.3) dotenv (2.2.0) dotenv-rails (2.2.0) @@ -81,11 +95,11 @@ GEM encryptor (3.0.0) erubis (2.7.0) execjs (2.7.0) - factory_girl (4.8.0) - activesupport (>= 3.0.0) - factory_girl_rails (4.8.0) - factory_girl (~> 4.8.0) - railties (>= 3.0.0) + factory_bot (5.0.2) + activesupport (>= 4.2.0) + factory_bot_rails (5.0.2) + factory_bot (~> 5.0.2) + railties (>= 4.2.0) faker (1.7.3) i18n (~> 0.5) faraday (0.11.0) @@ -106,6 +120,7 @@ GEM kgio (2.11.0) launchy (2.4.3) addressable (~> 2.3) + local_time (2.1.0) logstash-event (1.2.02) logstasher (0.6.5) logstash-event (~> 1.2.0) @@ -114,9 +129,11 @@ GEM nokogiri (>= 1.5.9) mail (2.6.4) mime-types (>= 1.16, < 4) + method_source (0.9.2) mime-types (3.1) mime-types-data (~> 3.2015) mime-types-data (3.2016.0521) + mini_magick (4.9.3) mini_portile2 (2.1.0) minitest (5.10.1) multi_json (1.12.1) @@ -142,6 +159,7 @@ GEM omniauth-oauth2 (1.4.0) oauth2 (~> 1.0) omniauth (~> 1.2) + orm_adapter (0.5.0) parser (2.4.0.0) ast (~> 2.2) pg (0.20.0) @@ -152,6 +170,9 @@ GEM cliver (~> 0.3.1) websocket-driver (>= 0.2.0) powerpack (0.1.1) + pry (0.12.2) + coderay (~> 1.1.0) + method_source (~> 0.9.0) public_suffix (2.0.5) quiet_assets (1.1.0) railties (>= 3.1, < 5.0) @@ -194,6 +215,14 @@ GEM recaptcha (4.10.0) json request_store (1.3.2) + responders (2.4.0) + actionpack (>= 4.2.0, < 5.3) + railties (>= 4.2.0, < 5.3) + rotp (2.1.2) + rqrcode (0.10.1) + chunky_png (~> 1.0) + rqrcode-rails3 (0.1.7) + rqrcode (>= 0.4.2) rspec-core (3.5.4) rspec-support (~> 3.5.0) rspec-expectations (3.5.0) @@ -245,6 +274,9 @@ GEM thor (0.19.4) thread_safe (0.3.6) tilt (2.0.7) + timecop (0.9.1) + trix (0.11.1) + rails (> 4.1, < 5.2) tzinfo (1.2.3) thread_safe (~> 0.1) uglifier (3.2.0) @@ -256,6 +288,8 @@ GEM unicorn-rails (2.2.1) rack unicorn + warden (1.2.7) + rack (>= 1.0) web-console (2.3.0) activemodel (>= 4.0) binding_of_caller (>= 0.7.2) @@ -280,23 +314,29 @@ DEPENDENCIES capybara carrierwave database_cleaner + devise + devise-two-factor dotenv-rails email_validator - factory_girl_rails + factory_bot_rails faker jbuilder (~> 2.0) jquery-rails launchy + local_time logstasher (~> 0.6.5) + mini_magick okcomputer omniauth-google-oauth2 pg pickadate-rails poltergeist + pry quiet_assets rails (~> 4.2.8) rails_12factor recaptcha + rqrcode-rails3 rspec-rails rubocop sass-rails (~> 5.0) @@ -304,6 +344,8 @@ DEPENDENCIES show_me_the_cookies (~> 3.1.0) simple_form skylight + timecop + trix uglifier (>= 1.3.0) unicorn unicorn-rails diff --git a/README.md b/README.md index f592457..0ee136c 100644 --- a/README.md +++ b/README.md @@ -145,4 +145,3 @@ Some helpful commands: heroku restart -a rei-secretlink-production heroku logs --tail -a rei-secretlink-production - diff --git a/app/assets/images/apple-app-store.png b/app/assets/images/apple-app-store.png new file mode 100644 index 0000000..77a11d3 Binary files /dev/null and b/app/assets/images/apple-app-store.png differ diff --git a/app/assets/images/google-play-store.png b/app/assets/images/google-play-store.png new file mode 100644 index 0000000..21cc539 Binary files /dev/null and b/app/assets/images/google-play-store.png differ diff --git a/app/assets/images/icons/locked-icon.svg b/app/assets/images/icons/locked-icon.svg new file mode 100644 index 0000000..4444717 --- /dev/null +++ b/app/assets/images/icons/locked-icon.svg @@ -0,0 +1,32 @@ + + + + + + + + + + + diff --git a/app/assets/images/icons/unlocked-icon.svg b/app/assets/images/icons/unlocked-icon.svg new file mode 100644 index 0000000..749a413 --- /dev/null +++ b/app/assets/images/icons/unlocked-icon.svg @@ -0,0 +1,41 @@ + + + + + + + + + + + diff --git a/app/assets/javascripts/application.js b/app/assets/javascripts/application.js index 1ac51c7..1529336 100644 --- a/app/assets/javascripts/application.js +++ b/app/assets/javascripts/application.js @@ -10,8 +10,17 @@ // Read Sprockets README (https://github.com/rails/sprockets#sprockets-directives) for details // about supported directives. //= require jquery +//= require jquery_ujs //= require pickadate/picker //= require pickadate/picker.date //= require bootstrap-sprockets //= require topsekrit //= require ui-functions +//= require local-time +//= require trix + +// Components +//= require components/header +//= require components/secret-item +//= require components/two-factor-fields +//= require components/new-secret-form diff --git a/app/assets/javascripts/components/header.js b/app/assets/javascripts/components/header.js new file mode 100644 index 0000000..593f9f7 --- /dev/null +++ b/app/assets/javascripts/components/header.js @@ -0,0 +1,25 @@ +$(function() { + // Add smooth scrolling to all header links + $('.main-nav__links a[href^="/home#"], .footer-links a[href^="/home#"]').on('click', function(event) { + smoothScrolling(event); + }); +}); + +function smoothScrolling(event) { + var link = event.target; + + if (link.hash !== "") { + var hash = link.hash; + var target = $(hash).length > 0; + + // Scroll a little higher to account for the sticky header + var headerHeight = 50; + var yValue = $(hash).offset().top - headerHeight; + + if (target) { + $('html, body').animate({ + scrollTop: yValue + }, 800); + } + } +} diff --git a/app/assets/javascripts/components/new-secret-form.js b/app/assets/javascripts/components/new-secret-form.js new file mode 100644 index 0000000..4a7c209 --- /dev/null +++ b/app/assets/javascripts/components/new-secret-form.js @@ -0,0 +1,32 @@ +$(function() { + function NewSecretForm(rootDom) { + this.$root = $(rootDom); + this.$noEmailToggle = this.$root.find('.no-email-toggle'); + this.$fromEmailField = this.$root.find('.secret_from_email'); + this.$toEmailField = this.$root.find('.secret_to_email'); + this.$toEmailInput = this.$root.find("input[name='secret[to_email]']") + this.init(); + } + + NewSecretForm.prototype.init = function () { + this.$noEmailToggle.change(function() { + this.toggleEmailFields(!this.withoutEmail()); + }.bind(this)); + } + + NewSecretForm.prototype.toggleEmailFields = function (showField) { + this.$fromEmailField.toggle(showField); + this.$toEmailField.toggle(showField); + this.$toEmailInput.val(''); + } + + NewSecretForm.prototype.withoutEmail = function () { + return this.$noEmailToggle.is(':checked'); + } + + //Intialization code + const $newSecretForm = $(this).find(".js-new-secret-form"); + $newSecretForm.each(function () { + new NewSecretForm(this) + }) +}); diff --git a/app/assets/javascripts/components/secret-item.js b/app/assets/javascripts/components/secret-item.js new file mode 100644 index 0000000..d40069b --- /dev/null +++ b/app/assets/javascripts/components/secret-item.js @@ -0,0 +1,22 @@ +$(function() { + function SecretItem(rootDom) { + this.$root = $(rootDom); + this.$notes = this.$root.find('.notes'); + this.init(); + } + + SecretItem.prototype.init = function () { + this.$seeNoteBtn = this.$root.find('.notes-trigger'); + this.$seeNoteBtn.on('click', this.toggleNote.bind(this)); + } + + SecretItem.prototype.toggleNote = function () { + this.$notes.toggle('fast'); + } + + //Intialization code + const $secretItems = $(this).find(".secret-item"); + $secretItems.each(function () { + new SecretItem(this) + }) +}); diff --git a/app/assets/javascripts/components/two-factor-fields.js b/app/assets/javascripts/components/two-factor-fields.js new file mode 100644 index 0000000..b6699b0 --- /dev/null +++ b/app/assets/javascripts/components/two-factor-fields.js @@ -0,0 +1,26 @@ +$(function () { + function TwoFactorFields(rootDom) { + this.$root = $(rootDom); + this.$otpRequiredCheckbox = this.$root.find('.otp-required-for-login'); + this.$enableOtpFields = this.$root.find('.enable-otp-fields'); + this.init(); + } + + TwoFactorFields.prototype.init = function () { + this.$enableOtpFields.toggle(this.isOtpRequired()); + + this.$otpRequiredCheckbox.change(function() { + this.$enableOtpFields.toggle(this.isOtpRequired()); + }.bind(this)); + } + + TwoFactorFields.prototype.isOtpRequired = function () { + return this.$otpRequiredCheckbox.is(':checked'); + } + + //Intialization code + const $hooks = $(this).find(".two-factor-fields"); + $hooks.each(function () { + new TwoFactorFields(this) + }) +}); diff --git a/app/assets/stylesheets/application.sass b/app/assets/stylesheets/application.sass deleted file mode 100644 index 0460441..0000000 --- a/app/assets/stylesheets/application.sass +++ /dev/null @@ -1,57 +0,0 @@ -@import "variables" -@import "pickadate/default" -@import "pickadate/default.date" -@import "bootstrap-sprockets" -@import "bootstrap" -@import "topsekrit" -@import "header-and-footer" -@import "home" -@import "secrets" - -body - min-height: 100vh - display: flex - flex-direction: column - -* - font-family: "Open Sans", sans-serif - -h1,h2,h3,h4,h5,h6,p - line-height: 1.5 - margin-top: 0 - -ul.nostyle - margin: 0 - padding: 0 - list-style: none - -.application-container - max-width: 1200px - width: 100% - margin: 0 auto - padding: 0 20px 50px - flex: 1 0 0 - -.button - display: inline-block - padding: 6px 12px - font-weight: 600 - border-radius: 5px - border: 2px solid transparent - +transition(all linear 50ms) - - &.white - color: white - border-color: white - background-color: transparent - &:hover - color: white - background-color: rgba(255,255,255,.25) - &.green - color: white - border-color: $green2 - background-color: $green2 - &:hover - background-color: $green3 - border-color: $green3 - \ No newline at end of file diff --git a/app/assets/stylesheets/application.scss b/app/assets/stylesheets/application.scss new file mode 100644 index 0000000..7f6bff9 --- /dev/null +++ b/app/assets/stylesheets/application.scss @@ -0,0 +1,35 @@ +@import "base/variables"; +@import "base/tools"; +@import "pickadate/default"; +@import "pickadate/default.date"; +@import "bootstrap-sprockets"; +@import "bootstrap"; +@import "base/normalize"; +@import "base/body"; +@import "base/typography"; + + +@import "objects/alerts"; +@import "objects/buttons"; + +@import "trix"; + +// Layouts +@import "layouts/dashboard"; +@import "layouts/devise"; +@import "layouts/home"; +@import "layouts/secrets"; +@import "layouts/topsekrit"; + +// Components +@import "components/footer"; +@import "components/header"; +@import "components/banner"; +@import "components/panels"; + +@import "components/two-factor-fields"; +@import "components/email-preview"; +@import "components/steps"; + +// Helpers +@import "base/helpers"; diff --git a/app/assets/stylesheets/base/body.scss b/app/assets/stylesheets/base/body.scss new file mode 100644 index 0000000..f5b0a4a --- /dev/null +++ b/app/assets/stylesheets/base/body.scss @@ -0,0 +1,45 @@ +html, body { + width: 100%; + background-color: white; + font-weight: normal; +} + +body { + min-height: 100vh; + display: flex; + flex-direction: column; +} + +html, body, div, span, applet, object, iframe, +h1, h2, h3, h4, h5, h6, p, blockquote, pre, +a, abbr, acronym, address, big, cite, code, +del, dfn, em, img, ins, kbd, q, s, samp, +small, strike, strong, sub, sup, tt, var, +b, u, i, center, +dl, dt, dd, ol, ul, li, +fieldset, form, label, legend, +input, textarea, button, +table, caption, tbody, tfoot, thead, tr, th, td, +article, aside, canvas, details, embed, +figure, figcaption, footer, header, hgroup, +menu, nav, output, ruby, section, summary, +time, mark, audio, video { + font-size: 16px; + font-family: $font-family; + line-height: 1.1; + color: $text-default-color; +} + +iframe { + border: 0; +} + +.container-fluid { + padding-left: 0; + padding-right: 0; + padding-bottom: 90px; +} +.row { + margin-left: 0; + margin-right: 0; +} diff --git a/app/assets/stylesheets/base/helpers.scss b/app/assets/stylesheets/base/helpers.scss new file mode 100644 index 0000000..c176fdc --- /dev/null +++ b/app/assets/stylesheets/base/helpers.scss @@ -0,0 +1,7 @@ +.top-buffer { + margin-top: 30px; +} + +.hidden { + display: none; +} diff --git a/app/assets/stylesheets/base/normalize.scss b/app/assets/stylesheets/base/normalize.scss new file mode 100644 index 0000000..192eb9c --- /dev/null +++ b/app/assets/stylesheets/base/normalize.scss @@ -0,0 +1,349 @@ +/*! normalize.css v8.0.1 | MIT License | github.com/necolas/normalize.css */ + +/* Document + ========================================================================== */ + +/** + * 1. Correct the line height in all browsers. + * 2. Prevent adjustments of font size after orientation changes in iOS. + */ + +html { + line-height: 1.15; /* 1 */ + -webkit-text-size-adjust: 100%; /* 2 */ +} + +/* Sections + ========================================================================== */ + +/** + * Remove the margin in all browsers. + */ + +body { + margin: 0; +} + +/** + * Render the `main` element consistently in IE. + */ + +main { + display: block; +} + +/** + * Correct the font size and margin on `h1` elements within `section` and + * `article` contexts in Chrome, Firefox, and Safari. + */ + +h1 { + font-size: 2em; + margin: 0.67em 0; +} + +/* Grouping content + ========================================================================== */ + +/** + * 1. Add the correct box sizing in Firefox. + * 2. Show the overflow in Edge and IE. + */ + +hr { + box-sizing: content-box; /* 1 */ + height: 0; /* 1 */ + overflow: visible; /* 2 */ +} + +/** + * 1. Correct the inheritance and scaling of font size in all browsers. + * 2. Correct the odd `em` font sizing in all browsers. + */ + +pre { + font-family: monospace, monospace; /* 1 */ + font-size: 1em; /* 2 */ +} + +/* Text-level semantics + ========================================================================== */ + +/** + * Remove the gray background on active links in IE 10. + */ + +a { + background-color: transparent; +} + +/** + * 1. Remove the bottom border in Chrome 57- + * 2. Add the correct text decoration in Chrome, Edge, IE, Opera, and Safari. + */ + +abbr[title] { + border-bottom: none; /* 1 */ + text-decoration: underline; /* 2 */ + text-decoration: underline dotted; /* 2 */ +} + +/** + * Add the correct font weight in Chrome, Edge, and Safari. + */ + +b, +strong { + font-weight: bolder; +} + +/** + * 1. Correct the inheritance and scaling of font size in all browsers. + * 2. Correct the odd `em` font sizing in all browsers. + */ + +code, +kbd, +samp { + font-family: monospace, monospace; /* 1 */ + font-size: 1em; /* 2 */ +} + +/** + * Add the correct font size in all browsers. + */ + +small { + font-size: 80%; +} + +/** + * Prevent `sub` and `sup` elements from affecting the line height in + * all browsers. + */ + +sub, +sup { + font-size: 75%; + line-height: 0; + position: relative; + vertical-align: baseline; +} + +sub { + bottom: -0.25em; +} + +sup { + top: -0.5em; +} + +/* Embedded content + ========================================================================== */ + +/** + * Remove the border on images inside links in IE 10. + */ + +img { + border-style: none; +} + +/* Forms + ========================================================================== */ + +/** + * 1. Change the font styles in all browsers. + * 2. Remove the margin in Firefox and Safari. + */ + +button, +input, +optgroup, +select, +textarea { + font-family: inherit; /* 1 */ + font-size: 100%; /* 1 */ + line-height: 1.15; /* 1 */ + margin: 0; /* 2 */ +} + +/** + * Show the overflow in IE. + * 1. Show the overflow in Edge. + */ + +button, +input { /* 1 */ + overflow: visible; +} + +/** + * Remove the inheritance of text transform in Edge, Firefox, and IE. + * 1. Remove the inheritance of text transform in Firefox. + */ + +button, +select { /* 1 */ + text-transform: none; +} + +/** + * Correct the inability to style clickable types in iOS and Safari. + */ + +button, +[type="button"], +[type="reset"], +[type="submit"] { + -webkit-appearance: button; +} + +/** + * Remove the inner border and padding in Firefox. + */ + +button::-moz-focus-inner, +[type="button"]::-moz-focus-inner, +[type="reset"]::-moz-focus-inner, +[type="submit"]::-moz-focus-inner { + border-style: none; + padding: 0; +} + +/** + * Restore the focus styles unset by the previous rule. + */ + +button:-moz-focusring, +[type="button"]:-moz-focusring, +[type="reset"]:-moz-focusring, +[type="submit"]:-moz-focusring { + outline: 1px dotted ButtonText; +} + +/** + * Correct the padding in Firefox. + */ + +fieldset { + padding: 0.35em 0.75em 0.625em; +} + +/** + * 1. Correct the text wrapping in Edge and IE. + * 2. Correct the color inheritance from `fieldset` elements in IE. + * 3. Remove the padding so developers are not caught out when they zero out + * `fieldset` elements in all browsers. + */ + +legend { + box-sizing: border-box; /* 1 */ + color: inherit; /* 2 */ + display: table; /* 1 */ + max-width: 100%; /* 1 */ + padding: 0; /* 3 */ + white-space: normal; /* 1 */ +} + +/** + * Add the correct vertical alignment in Chrome, Firefox, and Opera. + */ + +progress { + vertical-align: baseline; +} + +/** + * Remove the default vertical scrollbar in IE 10+. + */ + +textarea { + overflow: auto; +} + +/** + * 1. Add the correct box sizing in IE 10. + * 2. Remove the padding in IE 10. + */ + +[type="checkbox"], +[type="radio"] { + box-sizing: border-box; /* 1 */ + padding: 0; /* 2 */ +} + +/** + * Correct the cursor style of increment and decrement buttons in Chrome. + */ + +[type="number"]::-webkit-inner-spin-button, +[type="number"]::-webkit-outer-spin-button { + height: auto; +} + +/** + * 1. Correct the odd appearance in Chrome and Safari. + * 2. Correct the outline style in Safari. + */ + +[type="search"] { + -webkit-appearance: textfield; /* 1 */ + outline-offset: -2px; /* 2 */ +} + +/** + * Remove the inner padding in Chrome and Safari on macOS. + */ + +[type="search"]::-webkit-search-decoration { + -webkit-appearance: none; +} + +/** + * 1. Correct the inability to style clickable types in iOS and Safari. + * 2. Change font properties to `inherit` in Safari. + */ + +::-webkit-file-upload-button { + -webkit-appearance: button; /* 1 */ + font: inherit; /* 2 */ +} + +/* Interactive + ========================================================================== */ + +/* + * Add the correct display in Edge, IE 10+, and Firefox. + */ + +details { + display: block; +} + +/* + * Add the correct display in all browsers. + */ + +summary { + display: list-item; +} + +/* Misc + ========================================================================== */ + +/** + * Add the correct display in IE 10+. + */ + +template { + display: none; +} + +/** + * Add the correct display in IE 10. + */ + +[hidden] { + display: none; +} diff --git a/app/assets/stylesheets/base/tools.scss b/app/assets/stylesheets/base/tools.scss new file mode 100644 index 0000000..a971b9b --- /dev/null +++ b/app/assets/stylesheets/base/tools.scss @@ -0,0 +1,21 @@ +//Sizing +$mobile-switch: 768px; +$tablet-switch: 1024px; + +@mixin mobile-media-query { + @media(max-width: $mobile-switch) { + @content; + } +} + +@mixin tablet-media-query { + @media(max-width: $tablet-switch) { + @content; + } +} + +@mixin desktop-media-query { + @media(min-width: $mobile-switch) { + @content; + } +} diff --git a/app/assets/stylesheets/base/typography.scss b/app/assets/stylesheets/base/typography.scss new file mode 100644 index 0000000..11e104f --- /dev/null +++ b/app/assets/stylesheets/base/typography.scss @@ -0,0 +1,61 @@ +h1,h2,h3,h4,h5,h6,p { + margin-top: 0; +} + +h2 { + margin-bottom: 1.5em; +} + +h1, h2 { + font-size: 30px; +} + +h3, h4 { + font-size: 24px; +} + +h5, h5 { + font-size: 16px; +} + +p, ul li, ol li, time { + font-size: 14px; + line-height: 1.5; +} + +ul.nostyle { + margin: 0; + padding: 0; + list-style: none; +} + +a { + color: $blue; + text-decoration: underline; + font-size: inherit; + &:hover, &:focus { + text-decoration: none + } +} + +strong, b { + font-size: inherit; + font-weight: bold; +} + +em { + font-size: inherit; + font-weight: inherit; + font-style: italic; +} + + +small { + font-size: 80%; + color: inherit; +} + +span { + font-size: inherit; + color: inherit; +} diff --git a/app/assets/stylesheets/base/variables.scss b/app/assets/stylesheets/base/variables.scss new file mode 100644 index 0000000..e36ef3a --- /dev/null +++ b/app/assets/stylesheets/base/variables.scss @@ -0,0 +1,20 @@ +//Colors + +$green1: #33A3A2; +$green2: #1C7279; +$green3: #1C5050; +$green4: #132D2D; +$green5: #062B2F; + +$red: #F44336; +$blue: #337AB7; + +$primary-color: $green2; +$text-default-color: #333333; +$text-grey: #666666; +$default_border: thin solid #797979; + + +$font-family: "Open Sans", sans-serif; + +$banner-background: image-url("homepage-hero.jpg"); diff --git a/app/assets/stylesheets/components/banner.scss b/app/assets/stylesheets/components/banner.scss new file mode 100644 index 0000000..5044f5f --- /dev/null +++ b/app/assets/stylesheets/components/banner.scss @@ -0,0 +1,61 @@ +.banner { + background: black $banner-background no-repeat 50% 50%; + color: white; + background-size: cover; + display: flex; + min-height: 200px; + padding: 50px 20px; + flex-direction: column; + align-items: center; + justify-content: center; + &-large { + min-height: 400px; + h1, h2 { + margin: 0 0 1em; + } + } + h1, h2 { + color: white; + font-weight: bold; + margin: 0; + line-height: 1.2em; + max-width: 700px; + text-align: center; + } + h3 { + color: white; + font-weight: 500; + } + + &_form { + display: flex; + justify-content: center; + flex-direction: column; + align-items: center; + padding: 0 20px; + width: 100%; + max-width: 500px; + + input[type="email"] { + border: 3px solid black; + height: auto; + padding: 10px 20px; + } + .button.white { + margin-bottom: 1em; + } + .form-group { + width: 100%; + } + .google-link { + color: white; + padding-left: 20px; + background: transparent image-url("homepage-icons/google-g.svg") no-repeat 0 50%; + background-size: 15px; + text-decoration: none; + &:hover, &:focus { + text-decoration: underline; + } + } + } +} diff --git a/app/assets/stylesheets/components/email-preview.scss b/app/assets/stylesheets/components/email-preview.scss new file mode 100644 index 0000000..f8010c5 --- /dev/null +++ b/app/assets/stylesheets/components/email-preview.scss @@ -0,0 +1,27 @@ +.email-preview { + padding: 20px; + background-color: #fffde0; + border-radius: 5px; + margin-bottom: 30px; + + &__heading { + font-size: 1.5rem; + border-bottom: $default-border; + margin-bottom: 30px; + border-color: lightgrey; + } + + &__body { + margin: 15px 0; + } + + &__additional-content { + margin-top: 30px; + font-style: italic; + font-weight: 700; + } +} + +.trix-editor-wrapper { + max-width: 100%; +} diff --git a/app/assets/stylesheets/components/footer.scss b/app/assets/stylesheets/components/footer.scss new file mode 100644 index 0000000..d5f3739 --- /dev/null +++ b/app/assets/stylesheets/components/footer.scss @@ -0,0 +1,44 @@ +.footer { + // Keeps footer at the bottom at all times (even if content is short) + margin-top: auto; + .container-fluid { + padding: 0; + font-size: 90%; + background-color: $green5; + } + + &-content { + padding: 0 3.5em 2.5em 0; + } + + &-logo { + background-color: #fff; + border-radius: 6px; + padding: 1em; + } + &-links { + padding: 1em 1em 1.5em 1em; + li { + display: inline-block; + padding: 0.5em 1em; + line-height: 1.5; + a { + text-transform: uppercase; + } + @include mobile-media-query { + display: block; + } + } + } + .attribution { + margin: 1em 0 0 0; + color: #ddd; + } + a { + color: #fff; + text-decoration: none; + &:hover, &:focus { + text-decoration: underline; + } + } +} diff --git a/app/assets/stylesheets/components/header.scss b/app/assets/stylesheets/components/header.scss new file mode 100644 index 0000000..2f14ccc --- /dev/null +++ b/app/assets/stylesheets/components/header.scss @@ -0,0 +1,68 @@ +.main-header { + display: flex; + align-items: center; + padding: 20px 0; + margin: 0; +} + +.main-nav { + position: sticky; + top: 0; + display: flex; + align-items: center; + background-color: white; + border-bottom: $default_border; + width: 100%; + padding: 0 20px; + z-index: 100; + @include mobile-media-query { + padding: 0 10px; + justify-content: space-between; + } + .navbar-brand { + padding: 15px 15px 15px 0; + white-space: nowrap; + text-decoration: none; + @include mobile-media-query { + height: auto; + padding: 0 10px 0 0; + font-size: 16px; + } + .glyphicon-lg { + font-size: 24px; + font-weight: 500; + vertical-align: top; + padding-right: 0.5em; + line-height: 0.75; + } + } + + &__links { + margin: 0 0 0 auto; + padding: 0; + list-style: none; + text-align: right; + @include mobile-media-query { + font-size: .9em; + padding: 10px 0; + margin: 0px; + } + li { + display: inline-block; + margin-left: 10px; + &:first-child { + margin-left: 0; + } + a { + text-decoration: none; + } + } + } +} + +.dropdown-menu { + li { + display: block; + margin: 0px; + } +} diff --git a/app/assets/stylesheets/components/panels.scss b/app/assets/stylesheets/components/panels.scss new file mode 100644 index 0000000..6758b58 --- /dev/null +++ b/app/assets/stylesheets/components/panels.scss @@ -0,0 +1,56 @@ +.panel { + display: flex; + flex-direction: column; + justify-content: space-between; + max-width: 500px; + border: $default_border; + margin: 0 auto 40px; + &.large { + max-width: 600px; + } + + + &__header { + background-color: $primary-color; + padding: 15px; + text-align: center; + &.light-green { + background-color: $green1; + } + &.mail-icon { + display: flex; + justify-content: space-between; + align-items: center; + text-align: left; + img { + width: 62px; + } + div { + width: calc(100% - 70px); + } + } + p.viewed-status { + color: white; + margin: 10px 0 0 0; + } + } + + &__title { + color: white; + font-size: 24px; + margin-bottom: 0; + } + + &__body { + flex-grow: 1; + padding: 20px; + } + + &__footer { + display: flex; + justify-content: space-between; + align-items: center; + padding: 10px 20px; + border-top: $default_border; + } +} diff --git a/app/assets/stylesheets/components/steps.scss b/app/assets/stylesheets/components/steps.scss new file mode 100644 index 0000000..40584ed --- /dev/null +++ b/app/assets/stylesheets/components/steps.scss @@ -0,0 +1,166 @@ +.homepage-steps { + display: flex; + width: 100%; + padding: 50px 20px; + justify-content: center; + background: black image-url("homepage-features-bg.jpg"); + @include mobile-media-query { + flex-direction: column; + align-items: center; + } + &__step { + width: 225px; + background: white; + display: flex; + flex-direction: column; + border-radius: 5px 5px 0 0; + @include mobile-media-query { + width: 100%; + position: relative; + border-radius: 0; + } + header { + color: white; + text-align: center; + padding: 30px 20px; + height: 160px; + position: relative; + border-radius: 5px 5px 0 0; + @include mobile-media-query { + position: static; + border-radius: 0; + height: auto; + display: flex; + align-items: center; + padding-bottom: 0; + } + + &:after { + left: 100%; + top: 50%; + content: " "; + height: 0; + width: 0; + position: absolute; + pointer-events: none; + border: solid transparent; + border-color: rgba(136, 183, 213, 0); + border-width: 30px; + margin-top: -55px; + z-index: 50; + @include mobile-media-query { + top: 100%; + left: 50%; + margin-left: -30px; + margin-top: 0; + border: transparent solid; + border-width: 30px; + border-left-color: transparent !important; + border-top-color: $green1; + } + } + + h3 { + font-size: 3.5em; + font-weight: 600; + margin: 0 0 10px; + line-height: 1em; + color: white; + @include mobile-media-query { + margin: 0 10px 0 0; + } + } + h4 { + font-size: 1em; + font-weight: 600; + margin: 0; + color: white; + } + } + + .body { + padding: 20px; + border-right: 1px solid #ccc; + flex: 1 0 0; + img { + height: 65px; + max-width: 70px; + margin: 0 auto 20px; + display: block; + @include mobile-media-query { + display: none; + } + } + p { + @include mobile-media-query { + color: white; + } + } + } + + &.first { + border-radius: 5px 5px 0 5px; + @include mobile-media-query { + border-radius: 5px 5px 0 0; + background-color: $green1; + } + + header { + background-color: $green1; + @include mobile-media-query { + border-radius: 5px 5px 0 0; + } + &:after { + border-left-color: $green1; + @include mobile-media-query { + border-top-color: $green1; + } + } + } + } + + &.second { + @include mobile-media-query { + background-color: $green2; + } + header { + background-color: $green2; + &:after { + border-left-color: $green2; + @include mobile-media-query { + border-top-color: $green2; + } + } + } + } + &.third { + @include mobile-media-query { + background-color: $green3; + } + header { + background-color: $green3; + &:after { + display: none; + @include mobile-media-query { + border-top-color: $green3; + } + } + } + } + + &.fourth { + border-radius: 5px 5px 5px 0; + @include mobile-media-query { + border-radius: 0 0 5px 5px; + background-color: $green4; + } + .body { + border-right: none; + @include mobile-media-query { + border: none; + color: white; + } + } + } + } +} diff --git a/app/assets/stylesheets/components/two-factor-fields.scss b/app/assets/stylesheets/components/two-factor-fields.scss new file mode 100644 index 0000000..1297401 --- /dev/null +++ b/app/assets/stylesheets/components/two-factor-fields.scss @@ -0,0 +1,31 @@ +.two-factor-fields { + .form-group.boolean { + width: 100%; + text-align: left; + .checkbox { + cursor: pointer; + @include mobile-media-query { + width: 100%; + } + label { + width: auto; + } + } + @include mobile-media-query { + width: auto; + } + } + .otp-step { + margin: 20px 0; + } + .qrcode { + display: block; + width: 250px; + height: 250px; + border: 20px solid white; + margin: 0 auto; + } + .enable-otp-fields { + display: none; + } +} diff --git a/app/assets/stylesheets/header-and-footer.sass b/app/assets/stylesheets/header-and-footer.sass deleted file mode 100644 index a9ef4ed..0000000 --- a/app/assets/stylesheets/header-and-footer.sass +++ /dev/null @@ -1,23 +0,0 @@ -header.main-nav - width: 100% - display: flex - max-width: 1200px - margin: 0 auto - align-items: center - padding: 0 20px - .navbar-brand - padding: 15px 15px 15px 0 - white-space: nowrap - -.main-nav__links - margin: 0 0 0 auto - padding: 0 - list-style: none - text-align: right - li - display: inline-block - margin-left: 10px - li:first-child - margin-left: 0 - +mobile-media-query - font-size: .9em \ No newline at end of file diff --git a/app/assets/stylesheets/home.sass b/app/assets/stylesheets/home.sass deleted file mode 100644 index 1dc3243..0000000 --- a/app/assets/stylesheets/home.sass +++ /dev/null @@ -1,256 +0,0 @@ -.homepage-hero - background: black image-url("homepage-hero.jpg") no-repeat 50% 50% - background-size: cover - display: flex - min-height: 400px - padding: 50px 20px - flex-direction: column - align-items: center - justify-content: center - h2 - color: white - font-weight: bold - margin: 0 0 1em - line-height: 1.2em - max-width: 700px - text-align: center - h3 - color: white - font-weight: 500 - form - display: flex - justify-content: center - flex-direction: column - align-items: center - padding: 0 20px - width: 100% - max-width: 500px - .hidden - display: none - input[type="email"] - border: 3px solid black - height: auto - padding: 10px 20px - .button.white - margin-bottom: 1em - .form-group - width: 100% - .google-link - color: white - padding-left: 20px - background: transparent image-url("homepage-icons/google-g.svg") no-repeat 0 50% - background-size: 15px - &:hover - text-decoration: underline - -.homepage-features ul.nostyle - display: flex - justify-content: center - width: 100% - padding: 50px 20px - li - max-width: 350px - text-align: center - padding: 20px - img - max-height: 50px - margin-bottom: 20px - h3 - font-size: 1em - color: $green2 - font-weight: 700 - p - color: $text-grey - +mobile-media-query - flex-direction: column - align-items: center - img - width: 100% - -.homepage-steps - display: flex - width: 100% - padding: 50px 20px - justify-content: center - background: black image-url("homepage-features-bg.jpg") - -.homepage-steps__step - width: 225px - background: white - display: flex - flex-direction: column - border-radius: 5px 5px 0 0 - header - color: white - text-align: center - padding: 30px 20px - height: 160px - position: relative - border-radius: 5px 5px 0 0 - &:after - left: 100% - top: 50% - content: " " - height: 0 - width: 0 - position: absolute - pointer-events: none - border: solid transparent - border-color: rgba(136, 183, 213, 0) - border-width: 30px - margin-top: -55px - z-index: 50 - h3 - font-size: 3.5em - font-weight: 600 - margin: 0 0 10px - line-height: 1em - h4 - font-size: 1em - font-weight: 600 - margin: 0 - &.first header - background-color: $green1 - &:after - border-left-color: $green1 - &.second header - background-color: $green2 - &:after - border-left-color: $green2 - &.third header - background-color: $green3 - &:after - display: none - - .body - padding: 20px - border-right: 1px solid #ccc - flex: 1 0 0 - img - height: 65px - max-width: 70px - margin: 0 auto 20px - display: block - &.first - border-radius: 5px 5px 0 5px - &.fourth - border-radius: 5px 5px 5px 0 - .body - border-right: none - -+mobile-media-query - .homepage-steps - flex-direction: column - align-items: center - .homepage-steps__step - width: 100% - position: relative - border-radius: 0 - header - position: static - border-radius: 0 - height: auto - display: flex - align-items: center - padding-bottom: 0 - h3 - margin: 0 10px 0 0 - header:after - top: 100% - left: 50% - margin-left: -30px - margin-top: 0 - border: transparent solid - border-width: 30px - border-left-color: transparent !important - border-top-color: $green1 - &.first - border-radius: 5px 5px 0 0 - background-color: $green1 - header - border-radius: 5px 5px 0 0 - header:after - border-top-color: $green1 - &.second - background-color: $green2 - header:after - border-top-color: $green2 - &.third - background-color: $green3 - header:after - border-top-color: $green3 - &.fourth - border-radius: 0 0 5px 5px - background-color: $green4 - .body - border: none - color: white - .body img - display: none - - - -.homepage-behind-the-scenes - text-align: center - padding: 60px 20px - color: $text-grey - h2 - font-weight: 600 - margin-bottom: 10px - p - margin-bottom: 20px - -.homepage-faq - background-color: $green2 - padding: 50px 20px - color: white - .flex-wrapper - max-width: 900px - margin: 0 auto - display: flex - flex-wrap: wrap - justify-content: center - a - color: white - text-decoration: underline - &:hover - color: $green1 - -.homepage-faq__question - width: 50% - min-width: 310px - padding: 20px - h3 - font-weight: 600 - +mobile-media-query - width: 100% - padding: 0 20px - h3[data-slideTarget] - font-size: 1.3em - padding-left: 25px - background: transparent image-url("icons/plus-white.svg") no-repeat 0 50% - background-size: 15px - cursor: pointer - div[data-slide] - display: none - margin-bottom: 20px - -.homepage-about-us - padding: 50px 20px - .flex-wrapper - max-width: 900px - margin: 0 auto - display: flex - flex-wrap: wrap - justify-content: center - h3.full-width - width: 100% - font-weight: 600 - padding: 0 20px - .flex-column - width: 50% - min-width: 310px - padding: 20px - +mobile-media-query - width: 100% - padding: 0 20px diff --git a/app/assets/stylesheets/layouts/dashboard.scss b/app/assets/stylesheets/layouts/dashboard.scss new file mode 100644 index 0000000..e43e70f --- /dev/null +++ b/app/assets/stylesheets/layouts/dashboard.scss @@ -0,0 +1,72 @@ +.dashboard { + padding: 40px 0; + &__secrets-list { + display: flex; + flex-wrap: wrap; + justify-content: space-between; + @include mobile-media-query { + flex-direction: column; + } + .secret-item { + @include desktop-media-query { + display: grid; + grid-template-columns: 1fr 2fr 160px; + flex-direction: row; + width: 100%; + max-width: 100%; + margin-bottom: 20px; + } + @include mobile-media-query { + width: 90%; + margin: 0 auto 20px; + flex-direction: column; + } + .panel__header { + @include desktop-media-query { + background: linear-gradient(to right, $primary-color, $primary-color 95px, white 95px); + } + &.light-green { + @include desktop-media-query { + background: linear-gradient(to right, $green1, $green1 95px, white 95px); + } + } + .panel__title, p.viewed-status { + @include desktop-media-query { + color: $text-default-color; + margin-left: 20px; + } + } + } + .panel__body { + @include desktop-media-query { + display: flex; + flex-wrap: wrap; + align-items: center; + justify-content: space-between; + padding: 10px; + } + p { + @include desktop-media-query { + width: 30%; + word-break: break-word; + } + @include tablet-media-query { + width: auto; + } + } + .notes { + display: none; + } + } + .panel__footer { + @include desktop-media-query { + flex-direction: column; + justify-content: space-around; + text-align: center; + border-top: 0; + padding: 10px; + } + } + } + } +} diff --git a/app/assets/stylesheets/layouts/devise.scss b/app/assets/stylesheets/layouts/devise.scss new file mode 100644 index 0000000..adb4ed9 --- /dev/null +++ b/app/assets/stylesheets/layouts/devise.scss @@ -0,0 +1,76 @@ +$label-width: 120px; + +.devise_page { + width: 80%; + max-width: 1200px; + margin: 40px auto; + @include mobile-media-query { + width: 95% + } + &.two-column { + display: flex; + flex-wrap: wrap; + justify-content: space-around; + @include mobile-media-query { + flex-direction: column; + } + .panel, .secret__instructions { + width: 48%; + max-width: 100%; + @include mobile-media-query { + width: 95%; + margin: 20px auto; + } + &.large { + width: auto; + } + } + } + + &__form { + .form-group { + display: flex; + flex-direction: row-reverse; + align-items: center; + flex-wrap: wrap; + + label { + width: $label-width; + text-align: right; + font-weight: bold; + cursor: pointer; + margin-right: 10px; + } + .form-control { + flex-grow: 1; + width: auto; + } + .checkbox { + width: calc(100% - #{$label-width} + 10px); + label { + width: auto; + } + } + .help-block { + width: 100%; + } + } + + .form-actions { + margin-left: calc(#{$label-width} + 10px); + } + } + + &__links { + width: 100%; + text-align: center; + a { + display: inline-block; + padding: 0 1em; + border-right: $default_border; + &:last-child { + border-right: 0; + } + } + } +} diff --git a/app/assets/stylesheets/layouts/home.scss b/app/assets/stylesheets/layouts/home.scss new file mode 100644 index 0000000..465db36 --- /dev/null +++ b/app/assets/stylesheets/layouts/home.scss @@ -0,0 +1,131 @@ +.application-container { + width: 80%; + max-width: 1200px; + margin: 40px auto; + @include mobile-media-query { + width: 95% + } +} + +.homepage-features ul.nostyle { + display: flex; + justify-content: center; + width: 100%; + padding: 50px 20px; + @include mobile-media-query { + flex-direction: column; + align-items: center; + } + + li { + max-width: 350px; + text-align: center; + padding: 20px; + } + img { + max-height: 50px; + margin-bottom: 20px; + @include mobile-media-query { + width: 100%; + } + } + h3 { + font-size: 1em; + color: $green2; + font-weight: 700; + } + p { + color: $text-grey; + } +} + +.homepage-behind-the-scenes { + text-align: center; + padding: 60px 20px; + color: $text-grey; + h2 { + font-weight: 600; + margin-bottom: 10px; + color: currentColor; + } + p { + margin-bottom: 20px; + color: currentColor; + } +} + +.homepage-faq { + background-color: $green2; + padding: 50px 20px; + color: white; + .flex-wrapper { + max-width: 900px; + margin: 0 auto; + display: flex; + flex-wrap: wrap; + justify-content: center; + } + a { + color: white; + text-decoration: underline; + &:hover, &:focus { + color: $green1; + } + } + &__question { + width: 50%; + min-width: 310px; + padding: 20px; + color: white; + @include mobile-media-query { + width: 100%; + padding: 0 20px; + } + + h3[data-slideTarget] { + font-weight: 600; + color: currentColor; + @include mobile-media-query { + font-size: 1.3em; + padding-left: 25px; + background: transparent image-url("icons/plus-white.svg") no-repeat 0 50%; + background-size: 15px; + cursor: pointer; + } + } + div[data-slide] { + @include mobile-media-query { + display: none; + margin-bottom: 20px; + } + p { + color: white; + } + } + } +} + +.homepage-about-us { + padding: 50px 20px; + .flex-wrapper { + max-width: 900px; + margin: 0 auto; + display: flex; + flex-wrap: wrap; + justify-content: center; + } + h3.full-width { + width: 100%; + font-weight: 600; + padding: 0 20px; + } + .flex-column { + width: 50%; + min-width: 310px; + padding: 20px; + @include mobile-media-query { + width: 100%; + padding: 0 20px; + } + } +} diff --git a/app/assets/stylesheets/layouts/secrets.scss b/app/assets/stylesheets/layouts/secrets.scss new file mode 100644 index 0000000..c717dff --- /dev/null +++ b/app/assets/stylesheets/layouts/secrets.scss @@ -0,0 +1,56 @@ +.secret { + &__flex-container { + display: flex; + @include mobile-media-query { + flex-wrap: wrap; + flex-direction: column-reverse; + } + } + + &__form { + width: 100%; + padding: 0 20px; + } + + &__instructions { + width: 100%; + max-width: 300px; + margin: 0 0 0 20px; + @include mobile-media-query { + margin: 0 0 20px; + max-width: 100%; + } + ol { + background: #e6ebec; + border: 3px solid #ced9db; + padding: 15px; + list-style: none; + li { + padding-left: 25px; + background: transparent image-url("ol-numbers/1.svg") no-repeat 0 2px; + background-size: 20px 20px; + &.two { + background-image: image-url("ol-numbers/2.svg"); + } + &.three { + background-image: image-url("ol-numbers/3.svg"); + } + } + } + + li { + margin-bottom: 10px; + font-size: 1.1em; + line-height: 1.5; + a { + text-decoration: none; + } + .store-icon { + margin-right: 10px; + @include mobile-media-query { + margin-bottom: 10px; + } + } + } + } +} diff --git a/app/assets/stylesheets/topsekrit.scss b/app/assets/stylesheets/layouts/topsekrit.scss similarity index 57% rename from app/assets/stylesheets/topsekrit.scss rename to app/assets/stylesheets/layouts/topsekrit.scss index 37bde57..5eb31bd 100644 --- a/app/assets/stylesheets/topsekrit.scss +++ b/app/assets/stylesheets/layouts/topsekrit.scss @@ -1,26 +1,3 @@ -@import url(https://fonts.googleapis.com/css?family=Oxygen:400,700,300); - -$primary-color: #1C7279; - -body { - font-family: 'Oxygen', sans-serif; -} -.container-fluid { - padding-left: 0; - padding-right: 0; - padding-bottom: 90px; -} -.row { - margin-left: 0; - margin-right: 0; -} -h2 { - margin-bottom: 1.5em; -} -a:hover { - text-decoration: none; -} - form.send-secret-form { abbr { display: none; @@ -30,62 +7,6 @@ form.send-secret-form { // } } -.flash { - margin-bottom: 20px; - span { - margin-left: 15px; - padding: 10px; - } -} - -.field_with_errors .error { - color: red; -} - -/***** NAVBAR *****/ - -.navbar { - background-color: #fff; - margin-bottom: 0; - padding: 0.75em 0; - font-size: 20px; - border: none; -} -.navbar .navbar-brand, -.glyphicon-lg { - font-size: 24px; - font-weight: 500; - vertical-align: top; -} -.glyphicon-lg { - padding-right: 0.5em; - line-height: 0.75; -} -.navbar-default .navbar-brand, -.navbar-default .navbar-nav > li > a { - color: $primary-color; -} -.navbar-toggle { - border: none; -} -.navbar-default .navbar-toggle:hover, -.navbar-default .navbar-toggle:focus { - background-color: #fff; -} -.navbar-default .navbar-toggle .icon-bar { - background-color: $primary-color; -} - -.navbar { - a.github { - line-height: 1.5; - display: none; - } - img { - height: 32px; - width: 32px; - } -} /***** INTRODUCTION *****/ @@ -131,21 +52,7 @@ form.send-secret-form { line-height: 3; } -.btn-lead-outline { - margin: 1.5em 0; -} -.btn-lead { - background-color: $primary-color; - border-radius: 6px; - padding: 0.5em 2em; - color: #fff; - cursor: pointer; -} -.btn-lead:hover { - background-color: #fff; - color: $primary-color; - font-weight: 400; -} + .auth-form { background-color: #fff; margin: 3em 0; @@ -246,43 +153,6 @@ form.send-secret-form { text-decoration: underline; } -/***** FOOTER *****/ - -.footer .container-fluid { - padding: 0; - font-size: 90%; - background-color: #062B2F; -} -.footer-content { - padding: 0 3.5em 2.5em 0; -} -.footer-logo { - background-color: #fff; - border-radius: 6px; - padding: 1em; -} -.footer-links { - padding: 1em 1em 1.5em 1em; - li { - display: inline-block; - padding: 0.5em 1em; - line-height: 1.5; - } -} - -.attribution { - margin: 1em 0 0 0; - color: #ddd; - a { - color: #fff; - } -} - -.footer-links a { - color: #fff; - text-transform: uppercase; -} - /***** SECRET *****/ div.secret_secret textarea, div.secret_comments textarea { diff --git a/app/assets/stylesheets/objects/alerts.scss b/app/assets/stylesheets/objects/alerts.scss new file mode 100644 index 0000000..c332b4a --- /dev/null +++ b/app/assets/stylesheets/objects/alerts.scss @@ -0,0 +1,9 @@ +.flash { + position: absolute; + width: 100%; + margin-bottom: 0; +} + +.field_with_errors .error { + color: $red; +} diff --git a/app/assets/stylesheets/objects/buttons.scss b/app/assets/stylesheets/objects/buttons.scss new file mode 100644 index 0000000..cb9a326 --- /dev/null +++ b/app/assets/stylesheets/objects/buttons.scss @@ -0,0 +1,70 @@ +.button { + display: inline-block; + padding: 6px 12px; + font-weight: 600; + border-radius: 5px; + border: 2px solid transparent; + text-decoration: none; + @include transition(all linear 50ms); + + &.white { + color: white; + border-color: white; + background-color: transparent; + &:hover, &:focus { + color: white; + background-color: rgba(255,255,255,.25); + } + } + &.green { + color: white; + border-color: $green2; + background-color: $green2; + &:hover, &:focus { + background-color: $green3; + border-color: $green3; + } + } + &.blue { + color: white; + border-color: $blue; + background-color: $blue; + &:hover, &:focus { + background-color: darken($blue, 20%); + border-color: darken($blue, 20%); + } + } + &.red { + color: white; + border-color: $red; + background-color: $red; + &:hover, &:focus { + background-color: darken($red, 20%); + border-color: darken($red, 20%); + } + } + &.notes-trigger { + padding: 3px 6px; + font-size: 14px; + border-color: $blue; + color: $blue; + } +} + +.btn-lead { + background-color: $primary-color; + color: #fff; + border-radius: 6px; + padding: 0.5em 2em; + + font-weight: 400; + cursor: pointer; + &:hover, &:focus { + background-color: #fff; + color: $primary-color; + } + + &-outline { + margin: 1.5em 0; + } +} diff --git a/app/assets/stylesheets/secrets.sass b/app/assets/stylesheets/secrets.sass deleted file mode 100644 index 59ae768..0000000 --- a/app/assets/stylesheets/secrets.sass +++ /dev/null @@ -1,51 +0,0 @@ -.secret__title - width: 100% - padding: 50px 20px - background: black image-url("homepage-hero.jpg") no-repeat 50% 50% - background-size: cover - text-align: center - margin-bottom: 50px - h2 - color: white - margin: 0 - +mobile-media-query - margin-bottom: 20px - h2 - font-size: 1.7em - -.secret__flex-container - display: flex - +mobile-media-query - flex-wrap: wrap - flex-direction: column-reverse - -.secret__form - width: 100% - padding: 0 20px - -.secret__instructions - width: 100% - max-width: 300px - margin: 0 0 0 20px - +mobile-media-query - margin: 0 0 20px - max-width: 100% - ol - background: #e6ebec - border: 3px solid #ced9db - padding: 15px - list-style: none - li - padding-left: 25px - background: transparent image-url("ol-numbers/1.svg") no-repeat 0 2px - background-size: 20px 20px - li.two - background-image: image-url("ol-numbers/2.svg") - li.three - background-image: image-url("ol-numbers/3.svg") - - - li - margin-bottom: 10px - font-size: 1.1em - line-height: 1.5 \ No newline at end of file diff --git a/app/assets/stylesheets/variables.sass b/app/assets/stylesheets/variables.sass deleted file mode 100644 index 82f7978..0000000 --- a/app/assets/stylesheets/variables.sass +++ /dev/null @@ -1,16 +0,0 @@ -//Colors - -$green1: #33A3A2 -$green2: #1c7279 -$green3: #1C5050 -$green4: #132D2D - -$text-grey: #666666 - - -//Sizing -$mobile-switch: 675px - -=mobile-media-query - @media(max-width:675px) - @content \ No newline at end of file diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index d2e1a8b..02de5c0 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -1,22 +1,7 @@ class ApplicationController < ActionController::Base - protect_from_forgery with: :exception - helper_method :validated_email - - def require_validated_email - redirect_to new_auth_token_path unless validated_email? - end + before_action :configure_permitted_parameters, if: :devise_controller? - def validated_email - session[:validated_email] - end - - def validated_email? - session[:validated_email].present? - end - - def validate_email!(email) - session[:validated_email] = email - end + protect_from_forgery with: :exception def notify_exception(exception) if Rails.env.production? @@ -26,4 +11,9 @@ def notify_exception(exception) end end + private + + def configure_permitted_parameters + devise_parameter_sanitizer.permit(:sign_in, keys: [:otp_attempt]) + end end diff --git a/app/controllers/auth_tokens_controller.rb b/app/controllers/auth_tokens_controller.rb deleted file mode 100644 index 6f629cf..0000000 --- a/app/controllers/auth_tokens_controller.rb +++ /dev/null @@ -1,47 +0,0 @@ -class AuthTokensController < ApplicationController - before_action :check_recaptcha, only: :create - - def show - auth_token = AuthToken.find_by(hashed_token: params[:id]) - if auth_token.present? - validate_email!(auth_token.email) - auth_token.delete - redirect_to new_secret_path - else - flash[:message] = "Sorry, we don't know who you are, try sending a new token!" - render :new - end - end - - def new - if validated_email? - # TODO: Remove the HTML formatting and let the view handle it. - flash.now[:message] = "You have already verified your email as #{validated_email}.
- If you want, you can just go ahead and create another secret with this address." - end - end - - def create - auth_token = AuthTokenService.generate(auth_token_params) - if auth_token.valid? - flash.now[:message] = "A token has been generated and sent to #{auth_token_params['email']}" - else - # TODO: Remove the HTML formatting and let the view handle it. - flash.now[:message] = auth_token.errors.full_messages.join("
".html_safe) - end - render :new - end - - private - - def auth_token_params - params.require(:auth_token).permit(:email) - end - - def check_recaptcha - unless verify_recaptcha - flash[:error] = flash[:recaptcha_error] - render :new - end - end -end diff --git a/app/controllers/authenticated_controller.rb b/app/controllers/authenticated_controller.rb new file mode 100644 index 0000000..f9ed256 --- /dev/null +++ b/app/controllers/authenticated_controller.rb @@ -0,0 +1,3 @@ +class AuthenticatedController < ApplicationController + before_action :authenticate_user! +end diff --git a/app/controllers/concerns/retrieve_secret.rb b/app/controllers/concerns/retrieve_secret.rb index a1f1e10..f1587fe 100644 --- a/app/controllers/concerns/retrieve_secret.rb +++ b/app/controllers/concerns/retrieve_secret.rb @@ -6,14 +6,14 @@ def retrieve_secret @secret = Secret.find_by(uuid: params[:id]) case when @secret.expired? - flash[:error] = "Sorry, that secret has expired, please ask the person who sent it to you to send it again." - redirect_to(new_auth_token_path) + flash[:error] = t('secrets.expired_error', from_email: @secret.from_email) + redirect_to(root_path) when @secret.present? && SecretService.correct_key?(@secret, params[:key]) @secret else flash[:error] = "Sorry, we couldn't find that secret" - redirect_to(new_auth_token_path) + redirect_to(root_path) end end end -end \ No newline at end of file +end diff --git a/app/controllers/dashboard_controller.rb b/app/controllers/dashboard_controller.rb new file mode 100644 index 0000000..f206f1f --- /dev/null +++ b/app/controllers/dashboard_controller.rb @@ -0,0 +1,10 @@ +class DashboardController < AuthenticatedController + def index + @secrets = current_user.secrets.order(created_at: :desc).first(10) + + if @secrets.empty? + flash[:notice] = t('welcome') + redirect_to new_secret_path + end + end +end diff --git a/app/controllers/decrypted_secrets_controller.rb b/app/controllers/decrypted_secrets_controller.rb index d462886..d50d745 100644 --- a/app/controllers/decrypted_secrets_controller.rb +++ b/app/controllers/decrypted_secrets_controller.rb @@ -1,11 +1,10 @@ class DecryptedSecretsController < ApplicationController include RetrieveSecret before_filter :retrieve_secret - before_filter :require_validated_email def create begin - @unencrypted_secret = SecretService.decrypt_secret!(@secret, params[:key]) + @unencrypted_secret = SecretService.decrypt_secret!(@secret, params[:key], activity_logger) rescue => e notify_exception(e) flash.now[:error] = "An error occurred while trying to decrypt the secret, please ask #{@secret.from_email} to send it again." @@ -13,4 +12,9 @@ def create render 'secrets/show' end + def activity_logger + user = User.find_by(email: @secret.from_email) + @activity_logger ||= ActivityLogger.new(user) + end + end diff --git a/app/controllers/email_template_controller.rb b/app/controllers/email_template_controller.rb new file mode 100644 index 0000000..5e9bd41 --- /dev/null +++ b/app/controllers/email_template_controller.rb @@ -0,0 +1,27 @@ +class EmailTemplateController < AuthenticatedController + def edit + @settings = current_user.settings + + unless @settings.send_secret_email_template.present? + @settings.send_secret_email_template = build_default_email + end + end + + def update + current_user.settings.update!(settings_params) # This step should never fail + redirect_to edit_email_template_path, notice: t('.success') + end + + def build_default_email + @secret = Secret.new(from_email: current_user.email) + + ViewBuilder.new( + UserSetting::DEFAULT_SEND_SECRET_EMAIL_TEMPLATE_PATH, + view_context.instance_eval { binding } + ).run + end + + def settings_params + params.require(:user_setting).permit(:send_secret_email_template) + end +end diff --git a/app/controllers/extended_secrets_controller.rb b/app/controllers/extended_secrets_controller.rb new file mode 100644 index 0000000..b353300 --- /dev/null +++ b/app/controllers/extended_secrets_controller.rb @@ -0,0 +1,14 @@ +class ExtendedSecretsController < AuthenticatedController + def update + @secret = current_user.secrets.find(params[:id]) + + if @secret.expired? && !@secret.extended? + @secret.extend_expiry! + ActivityLogger.new(current_user).perform(Secret::ACTIVITY_LOG_KEYS[:extended], @secret) + redirect_to dashboard_path, notice: t('secrets.extended_expiry', title: @secret.title) + else + # This case should not happen base on UI + redirect_to dashboard_path + end + end +end diff --git a/app/controllers/oauth_callbacks_controller.rb b/app/controllers/oauth_callbacks_controller.rb index c360865..11c7498 100644 --- a/app/controllers/oauth_callbacks_controller.rb +++ b/app/controllers/oauth_callbacks_controller.rb @@ -3,19 +3,66 @@ class OauthCallbacksController < ApplicationController def google email = request.env['omniauth.auth'] && request.env['omniauth.auth']['info'] && request.env['omniauth.auth']['info']['email'] - if email - flash[:message] = "Authenticated as \"#{email}\" via google" - validate_email!(email) - redirect_to new_secret_path + + user = User.find_or_initialize_by(email: email) + if user.persisted? + handle_persisted_user(user) else - flash[:error] = 'Authentication via google failed' - redirect_to new_auth_token_path + handle_new_user(user) end end def auth_failure - flash[:error] = 'Authentication failed' - redirect_to new_auth_token_path + flash[:error] = t('oauth.failed') + redirect_to root_path + end + + private + + def handle_persisted_user(user) + if !user.confirmed? + redirect_to user_confirmation_path(confirmation_token: user.confirmation_token) + elsif user.confirmed? && user.encrypted_password.blank? + token = update_password_token(user) + redirect_to edit_user_setup_url(reset_password_token: token) + else + flash[:error] = t('oauth.already_registered') + redirect_to new_user_session_path + end + end + + def handle_new_user(user) + user.skip_confirmation_notification! + if user.save + redirect_to user_confirmation_path(confirmation_token: user.confirmation_token) + else + handle_unauthorised and return if user.errors.added?(:email, t('field_errors.unauthorised')) + # This may not be necessary because a failed oauth calls directly + # to auth_failure, but keeping this here as a safeguard + auth_failure and return if user.errors.added?(:email, :blank) + handle_unknown_error(user) + end + end + + def handle_unknown_error(user) + # We're intentionally raising an error here + # So tests will catch when creation of user with email only fails + raise user.errors.full_messages.to_s + end + + def handle_unauthorised + flash[:error] = "Email #{t('field_errors.unauthorised')}" + redirect_to root_path + end + + def update_password_token(user) + raw, enc = Devise.token_generator.generate(User, :reset_password_token) + + user.reset_password_token = enc + user.reset_password_sent_at = Time.current.utc + user.save(validate: false) + user.reload + raw end -end \ No newline at end of file +end diff --git a/app/controllers/pages_controller.rb b/app/controllers/pages_controller.rb index e319e07..eb33e63 100644 --- a/app/controllers/pages_controller.rb +++ b/app/controllers/pages_controller.rb @@ -1,4 +1,7 @@ class PagesController < ApplicationController + def home + @user = User.new + end def copyright end @@ -8,5 +11,4 @@ def privacy_policy def terms_and_conditions end - -end \ No newline at end of file +end diff --git a/app/controllers/secrets_controller.rb b/app/controllers/secrets_controller.rb index 91fe1b3..c068b73 100644 --- a/app/controllers/secrets_controller.rb +++ b/app/controllers/secrets_controller.rb @@ -1,37 +1,65 @@ -class SecretsController < ApplicationController +class SecretsController < AuthenticatedController include RetrieveSecret before_filter :retrieve_secret, only: :show - before_filter :require_validated_email, only: [:new, :create] + before_action :authenticate_user!, except: [:show] def show - # As the receipient has now clicked a link, we know their email address is also - # valid, so we will validate them so they can painlessly send a new secret if - # they like as well. - validate_email!(@secret.to_email) + # TODO: Should we add a button to encourage the user to register? end def new - @secret = Secret.new(from_email: validated_email) + base_secret = current_user.secrets.find_by(uuid: params[:base_id]) + + if base_secret.present? + @secret = Secret.new( + title: base_secret.title, + from_email: base_secret.from_email, + to_email: base_secret.to_email, + comments: base_secret.comments + ) + else + @secret = Secret.new(from_email: current_user.email) + end end def create - @secret = SecretService.encrypt_new_secret(secret_params) + @secret = SecretService.encrypt_new_secret( + secret_params, + current_user.settings.send_secret_email_template, + activity_logger + ) + if @secret.persisted? - flash[:message] = "The secret has been encrypted and an email sent to the recipient, feel free to send another secret!" - redirect_to new_secret_path + if @secret.no_email? + CopySecretService.new(session).prepare!(@secret) + + flash[:message] = t('secrets.create.success.without_email') + redirect_to copy_secrets_path + else + flash[:message] = t('secrets.create.success.with_email') + redirect_to dashboard_path + end else - flash.now[:message] = @secret.errors.full_messages.join("
".html_safe) + flash.now[:error] = @secret.errors.full_messages.join("
".html_safe) render :new end end + def copy + @data = CopySecretService.new(session).perform! + redirect_to root_path unless @data + end + private def secret_params params.require(:secret).permit(:title, :to_email, :secret, :comments, - :expire_at, :secret_file).tap do |p| - p[:from_email] = validated_email + :expire_at, :secret_file, :no_email).tap do |p| + p[:from_email] = current_user.email end end + def activity_logger + @activity_logger ||= ActivityLogger.new(current_user) + end end diff --git a/app/controllers/two_factor_auth_controller.rb b/app/controllers/two_factor_auth_controller.rb new file mode 100644 index 0000000..4db5cc0 --- /dev/null +++ b/app/controllers/two_factor_auth_controller.rb @@ -0,0 +1,42 @@ +class TwoFactorAuthController < AuthenticatedController + def edit + @tfa_service = TwoFactorService.new(current_user) + @tfa_service.issue_otp_secret + @otp_provisioning_uri = @tfa_service.generate_otp_provisioning_uri + end + + def update + @tfa_service = TwoFactorService.new(current_user) + + valid = + if enabling_otp? + @tfa_service.enable_otp( + two_factor_params[:otp_secret], + two_factor_params[:otp_attempt], + two_factor_params[:current_password] + ) + else + @tfa_service.disable_otp(two_factor_params[:current_password]) + end + + if valid + verb = @tfa_service.user.otp_required_for_login ? 'enabled' : 'disabled' + redirect_to root_path, notice: t('two_factor.update_success', verb: verb) + else + flash[:error] = t('two_factor.update_failed') + + @otp_provisioning_uri = @tfa_service.generate_otp_provisioning_uri + render :edit + end + end + + private + + def enabling_otp? + two_factor_params[:otp_required_for_login] == '1' + end + + def two_factor_params + params.require(:user).permit(:otp_required_for_login, :otp_secret, :otp_attempt, :current_password) + end +end diff --git a/app/controllers/user_setups_controller.rb b/app/controllers/user_setups_controller.rb new file mode 100644 index 0000000..e7dbedf --- /dev/null +++ b/app/controllers/user_setups_controller.rb @@ -0,0 +1,51 @@ +class UserSetupsController < ApplicationController + before_action :set_original_token + + def edit + @user = User.with_reset_password_token(@original_token) + + if @user + @tfa_service = TwoFactorService.new(@user) + @tfa_service.issue_otp_secret + @otp_provisioning_uri = @tfa_service.generate_otp_provisioning_uri + else + redirect_to root_path, notice: t('devise.passwords.no_token') + end + end + + def update + @setup_service = UserSetupService.new( + password_params[:reset_password_token], + TwoFactorService + ) + + if @setup_service.run(password_params, two_factor_params) + @setup_service.user.after_database_authentication + flash[:notice] = t('devise.passwords.updated') + sign_in(@setup_service.user) + + redirect_to dashboard_path + else + @tfa_service = @setup_service.tfa_service + @tfa_service.user.otp_required_for_login = two_factor_params[:otp_required_for_login] + @tfa_service.user.otp_secret = two_factor_params[:otp_secret] + @otp_provisioning_uri = @tfa_service.generate_otp_provisioning_uri + + render :edit + end + end + + private + + def password_params + params.require(:user).permit(:password, :password_confirmation, :reset_password_token) + end + + def two_factor_params + params.require(:user).permit(:otp_required_for_login, :otp_secret, :otp_attempt) + end + + def set_original_token + @original_token ||= params[:reset_password_token] + end +end diff --git a/app/controllers/users/confirmations_controller.rb b/app/controllers/users/confirmations_controller.rb new file mode 100644 index 0000000..0353df8 --- /dev/null +++ b/app/controllers/users/confirmations_controller.rb @@ -0,0 +1,31 @@ +# frozen_string_literal: true + +class Users::ConfirmationsController < Devise::ConfirmationsController + # GET /resource/confirmation/new + # def new + # super + # end + + # POST /resource/confirmation + # def create + # super + # end + + # GET /resource/confirmation?confirmation_token=abcdef + # def show + # super + # end + + # protected + + # The path used after resending confirmation instructions. + # def after_resending_confirmation_instructions_path_for(resource_name) + # super(resource_name) + # end + + # The path used after confirmation. + def after_confirmation_path_for(resource_name, resource) + token = resource.send(:set_reset_password_token) + edit_user_setup_url(reset_password_token: token) + end +end diff --git a/app/controllers/users/passwords_controller.rb b/app/controllers/users/passwords_controller.rb new file mode 100644 index 0000000..093ac71 --- /dev/null +++ b/app/controllers/users/passwords_controller.rb @@ -0,0 +1,38 @@ +# frozen_string_literal: true + +class Users::PasswordsController < Devise::PasswordsController + # GET /resource/password/new + # def new + # super + # end + + # POST /resource/password + # def create + # super + # end + + # GET /resource/password/edit?reset_password_token=abcdef + # def edit + # super + # end + + # PUT /resource/password + # def update + # super + # end + + # protected + + def after_resetting_password_path_for(resource) + # TODO: this path is also being used by user registration flow + # (After confirming the account, the user is asked to edit/set the password) + # Please fix accordingly if the path is not desired + # when editing password out of registration's context + dashboard_path + end + + # The path used after sending reset password instructions + # def after_sending_reset_password_instructions_path_for(resource_name) + # super(resource_name) + # end +end diff --git a/app/controllers/users/registrations_controller.rb b/app/controllers/users/registrations_controller.rb new file mode 100644 index 0000000..e195e2e --- /dev/null +++ b/app/controllers/users/registrations_controller.rb @@ -0,0 +1,84 @@ +# frozen_string_literal: true + +class Users::RegistrationsController < Devise::RegistrationsController + before_action :check_recaptcha, only: :create + # before_action :configure_sign_up_params, only: [:create] + # before_action :configure_account_update_params, only: [:update] + + # GET /resource/sign_up + # def new + # super + # end + + # POST /resource + def create + user = User.find_by(email: params[:user][:email]) + + if user.present? && !user.confirmed? + user.send_confirmation_instructions + redirect_to root_path, notice: t('devise.registrations.signed_up_but_unconfirmed') + elsif user.present? && user.confirmed? && user.encrypted_password.blank? + user.send_reset_password_instructions + redirect_to root_path, notice: t('devise.registrations.signed_up_confirmed_without_password') + else + super + end + end + + # GET /resource/edit + # def edit + # super + # end + + # PUT /resource + # def update + # super + # end + + # DELETE /resource + # def destroy + # super + # end + + # GET /resource/cancel + # Forces the session data which is usually expired after sign + # in to be expired now. This is useful if the user wants to + # cancel oauth signing in/up in the middle of the process, + # removing all OAuth session data. + # def cancel + # super + # end + + # protected + + # If you have extra params to permit, append them to the sanitizer. + # def configure_sign_up_params + # devise_parameter_sanitizer.permit(:sign_up, keys: [:attribute]) + # end + + # If you have extra params to permit, append them to the sanitizer. + # def configure_account_update_params + # devise_parameter_sanitizer.permit(:account_update, keys: [:attribute]) + # end + + # The path used after sign up. + # def after_sign_up_path_for(resource) + # super(resource) + # end + + # The path used after sign up for inactive accounts. + # def after_inactive_sign_up_path_for(resource) + # super(resource) + # end + + private + + def check_recaptcha + unless verify_recaptcha + self.resource = resource_class.new sign_up_params + resource.validate # Look for any other validation errors besides Recaptcha + resource.errors.add(:base, 'reCAPTCHA verification failed, please try again') + respond_with resource + end + end +end diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb index caccb42..fd74c1d 100644 --- a/app/helpers/application_helper.rb +++ b/app/helpers/application_helper.rb @@ -9,7 +9,7 @@ def to_email_placeholder end def from_email_placeholder - validated_email + current_user.email end # A closed system only allows secrets to be sent to and from email @@ -32,4 +32,7 @@ def auth_new_page? request.path == '/auth_tokens/new' end + def flash_display_type(key) + HashWithIndifferentAccess.new(alert: 'danger', error: 'danger')[key] || 'success' + end end diff --git a/app/mailers/secret_mailer.rb b/app/mailers/secret_mailer.rb index 420a4e8..889a39a 100644 --- a/app/mailers/secret_mailer.rb +++ b/app/mailers/secret_mailer.rb @@ -1,7 +1,11 @@ class SecretMailer < BaseMailer - def secret_notification(secret) + def secret_notification(secret, custom_message = nil) @secret = secret + + #We're also checking for blank string + @editable_content = custom_message.present? ? custom_message : load_default_content + mail(to: @secret.to_email, reply_to: @secret.from_email, subject: "SecretLink.org: A secret has been shared with you - Reference #{@secret.uuid}") @@ -14,4 +18,12 @@ def consumnation_notification(secret) subject: "Your secret was consumed on SecretLink.org - Reference #{@secret.uuid}") end + private + + def load_default_content + ViewBuilder.new( + UserSetting::DEFAULT_SEND_SECRET_EMAIL_TEMPLATE_PATH, + view_context.instance_eval { binding } + ).run + end end diff --git a/app/models/activity_log.rb b/app/models/activity_log.rb new file mode 100644 index 0000000..b612461 --- /dev/null +++ b/app/models/activity_log.rb @@ -0,0 +1,17 @@ +class ActivityLog < ActiveRecord::Base + validates :key, :owner, :trackable, presence: true + validate :valid_key + + belongs_to :owner, polymorphic: true + belongs_to :trackable, polymorphic: true + belongs_to :recipient, polymorphic: true + + private + + def valid_key + if key.present? && trackable.present? + trackable_keys = trackable.class::ACTIVITY_LOG_KEYS.values + errors.add(:key, :invalid) unless trackable_keys.include?(key) + end + end +end diff --git a/app/models/auth_token.rb b/app/models/auth_token.rb index a339305..dfd0939 100644 --- a/app/models/auth_token.rb +++ b/app/models/auth_token.rb @@ -4,17 +4,11 @@ class AuthToken < ActiveRecord::Base before_validation :set_defaults - # TODO: Model shouldn't be sending the email. - # TODO: Emails should be in background worker. - def notify - AuthTokenMailer.auth_token(email, hashed_token).deliver_now - end - private def set_defaults self.hashed_token = SecureRandom.hex - self.expire_at = Time.now + 7.days + self.expire_at = Time.current + 7.days end def email_domain_authorised diff --git a/app/models/secret.rb b/app/models/secret.rb index c84d9de..811b3ef 100644 --- a/app/models/secret.rb +++ b/app/models/secret.rb @@ -1,4 +1,7 @@ class Secret < ActiveRecord::Base + ACTIVITY_LOG_KEYS = { created: 'created', consumed: 'consumed', + extended: 'extended', deleted: 'deleted' }.freeze + attr_accessor :secret_key attr_encrypted :secret, key: :secret_key, mode: :per_attribute_iv_and_salt @@ -9,8 +12,8 @@ class Secret < ActiveRecord::Base } validates :to_email, presence: { - message: "Please enter the senders's email address" - } + message: "Please enter the senders's email address" + }, unless: :no_email validates :secret, presence: { message: "Please enter a secret to share with the recipient", @@ -23,24 +26,44 @@ class Secret < ActiveRecord::Base where('from_email = ? and access_key = ?', email, access_key) } + belongs_to :user, primary_key: 'email', foreign_key: 'from_email' + has_many :activity_logs, as: :trackable + + def sent_at + # We're using creted_at as the send date + created_at + end + def delete_encrypted_information update_attribute(:secret, nil) end def mark_as_consumed - update_attribute(:consumed_at, Time.now) + update_attribute(:consumed_at, Time.current) end def expired? - expire_at.present? && expire_at < Time.now + expire_at.present? && expire_at < Time.current + end + + def extend_expiry! + # We need to use update_columns to bypass reencryption + update_columns( + expire_at: Time.current + 1.week, + extended_at: Time.current + ) + end + + def extended? + extended_at.present? end def expire_at_within_limit if Rails.application.config.topsekrit_maximum_expiry_time - max_expiry_in_config = (Time.now + Rails.application.config.topsekrit_maximum_expiry_time).to_i + max_expiry_in_config = (Time.current + Rails.application.config.topsekrit_maximum_expiry_time).to_i if expire_at.blank? || (expire_at && expire_at.to_i > max_expiry_in_config) errors.add(:expire_at, "Maximum expiry allowed is " + - (Time.now + Rails.application.config.topsekrit_maximum_expiry_time).strftime('%d %B %Y')) + (Time.current + Rails.application.config.topsekrit_maximum_expiry_time).strftime('%d %B %Y')) end end end @@ -66,7 +89,7 @@ def email_domain_does_not_match? def self.expire_at_hint if Rails.application.config.topsekrit_maximum_expiry_time (Date.today + 1).strftime('%d %B %Y') + ' - ' + - (Time.now + Rails.application.config.topsekrit_maximum_expiry_time).strftime('%d %B %Y') + (Time.current + Rails.application.config.topsekrit_maximum_expiry_time).strftime('%d %B %Y') end end end diff --git a/app/models/user.rb b/app/models/user.rb new file mode 100644 index 0000000..e537a31 --- /dev/null +++ b/app/models/user.rb @@ -0,0 +1,39 @@ +class User < ActiveRecord::Base + # Include default devise modules. Others available are: + # :lockable, :timeoutable and :omniauthable + after_create :create_settings + + devise :registerable, :confirmable, + :recoverable, :rememberable, :trackable, :validatable + + devise :two_factor_authenticatable, + otp_secret_encryption_key: Rails.configuration.topsekrit_2fa_key + + validate :email_authorised?, on: :create + + has_one :settings, class_name: 'UserSetting' + has_many :secrets, primary_key: 'email', foreign_key: 'from_email' + has_many :activities, as: :owner, class_name: 'ActivityLog' + + protected + + def password_required? + confirmed? ? super : false + end + + def email_authorised? + unless AuthorisedEmailService.authorised_to_register?(email) + errors.add(:email, I18n.t('field_errors.unauthorised')) + end + end + + def self.with_reset_password_token(token) + reset_password_token = Devise.token_generator.digest(self, :reset_password_token, token) + to_adapter.find_first(reset_password_token: reset_password_token) + end + + # hooks + def create_settings + UserSetting.create(user: self) + end +end diff --git a/app/models/user_setting.rb b/app/models/user_setting.rb new file mode 100644 index 0000000..c888836 --- /dev/null +++ b/app/models/user_setting.rb @@ -0,0 +1,6 @@ +class UserSetting < ActiveRecord::Base + DEFAULT_SEND_SECRET_EMAIL_TEMPLATE_PATH = + 'secret_mailer/secret_notification_editable.html.erb'.freeze + + belongs_to :user +end diff --git a/app/services/activity_logger.rb b/app/services/activity_logger.rb new file mode 100644 index 0000000..93966fd --- /dev/null +++ b/app/services/activity_logger.rb @@ -0,0 +1,22 @@ +class ActivityLogger + attr_reader :owner + + def initialize(owner) + @owner = owner + end + + def perform(key, trackable, recipient = nil) + # Right now this is just a method call wrapped in a class + # But still we're doing it to hide the implementation details + # We may consider to change logging in the future + # And this is the only place we will go to + + # And also, it pays to make sure that we're always calling the bang(!) + # This step should not fail in production + ActivityLog.create!( + key: key, + owner: owner, + trackable: trackable, + recipient: recipient) + end +end diff --git a/app/services/auth_token_service.rb b/app/services/auth_token_service.rb deleted file mode 100644 index e0980d8..0000000 --- a/app/services/auth_token_service.rb +++ /dev/null @@ -1,10 +0,0 @@ -class AuthTokenService - - def self.generate(auth_hash) - auth_token = AuthToken.create(auth_hash) - # TODO: Model shouldn't be sending the email - auth_token.notify if auth_token.persisted? - auth_token - end - -end diff --git a/app/services/authorised_email_service.rb b/app/services/authorised_email_service.rb index 9d9328b..104b66e 100644 --- a/app/services/authorised_email_service.rb +++ b/app/services/authorised_email_service.rb @@ -1,12 +1,45 @@ -class AuthorisedEmailService +module AuthorisedEmailService + class << self + def closed_system? + authorisation == :closed + end - def self.email_domain_matches?(email) - regexp = Regexp.new(".+#{Rails.configuration.topsekrit_authorised_domain}\\z") - email.to_s.match(regexp) - end + def limited_system? + authorisation == :limited + end + + def open_system? + authorisation == :open + end + + def closed_or_limited_system? + closed_system? || limited_system? + end + + def authorised_to_register?(email) + if closed_or_limited_system? + email_domain_matches?(email).present? + else + true + end + end + + def email_domain_matches?(email) + regexp = Regexp.new(".+#{authorised_domain}\\z") + email.to_s.match(regexp) + end + + def email_domain_does_not_match?(email) + !email_domain_matches?(email) + end + + def authorisation + Rails.configuration.topsekrit_authorisation_setting + end - def self.email_domain_does_not_match?(email) - !email_domain_matches?(email) + def authorised_domain + Rails.configuration.topsekrit_authorised_domain + end end -end \ No newline at end of file +end diff --git a/app/services/copy_secret_service.rb b/app/services/copy_secret_service.rb new file mode 100644 index 0000000..9947940 --- /dev/null +++ b/app/services/copy_secret_service.rb @@ -0,0 +1,27 @@ +class CopySecretService + attr_reader :session + + KEY = :copy_secret_key + UUID = :copy_secret_uuid + + def initialize(session) + @session = session + end + + def prepare!(secret) + session[KEY] = secret.secret_key + session[UUID] = secret.uuid + end + + def perform! + if session[KEY] && session[UUID] + data = {key: session[KEY], uuid: session[UUID]} + + session.delete(KEY) + session.delete(UUID) + data + else + false + end + end +end diff --git a/app/services/secret_service.rb b/app/services/secret_service.rb index e345efc..ee5b7b3 100644 --- a/app/services/secret_service.rb +++ b/app/services/secret_service.rb @@ -1,10 +1,18 @@ class SecretService - def self.encrypt_new_secret(params) + # TODO: Instantiate the service instead and assign the logger + # as instance property + def self.encrypt_new_secret(params, email_template = nil, logger = nil) secret = Secret.create(params.merge(uuid: SecureRandom.uuid, secret_key: SecureRandom.hex(16))) - if secret.persisted? + if secret.persisted? && !secret.no_email? + + logger.perform(Secret::ACTIVITY_LOG_KEYS[:created], secret) if logger + # TODO: Mailers should be in the background - SecretMailer.secret_notification(secret).deliver_now + SecretMailer.secret_notification( + secret, + email_template + ).deliver_now end secret end @@ -20,11 +28,21 @@ def self.correct_key?(secret, password) end end - def self.decrypt_secret!(secret, password) + def self.decrypt_secret!(secret, password, logger = nil) secret.secret_key = password s = secret.secret - secret.delete_encrypted_information secret.mark_as_consumed + secret.delete_encrypted_information + + if logger + # In this case, this happens at almost the same time + # Later we will have a script that deletes expired + # but unconsumed secrets + logger.perform(Secret::ACTIVITY_LOG_KEYS[:consumed], secret) + logger.perform(Secret::ACTIVITY_LOG_KEYS[:deleted], secret) + end + + # TODO: Mailers should be in the background SecretMailer.consumnation_notification(secret).deliver_now s diff --git a/app/services/two_factor_service.rb b/app/services/two_factor_service.rb new file mode 100644 index 0000000..372c934 --- /dev/null +++ b/app/services/two_factor_service.rb @@ -0,0 +1,56 @@ +class TwoFactorService + attr_reader :user + + def initialize(user) + @user = user + end + + def issue_otp_secret + secret = User.generate_otp_secret + user.otp_secret = secret + secret + end + + def generate_otp_provisioning_uri + issuer = 'Secret Link' + issuer += ' (dev)' if Rails.env.development? + label = "#{issuer}:#{user.email}" + user.otp_provisioning_uri(label, issuer: issuer) + end + + # Update model with params only if otp_attempt and current_password are correct + def enable_otp(otp_secret, otp_attempt, current_password) + user.assign_attributes(otp_secret: otp_secret, otp_required_for_login: true) + + result = + if user.valid_password?(current_password) + validate_and_consume_otp(otp_attempt, otp_secret) + else + user.errors.add(:current_password, current_password.blank? ? :blank : :invalid) + false + end + + user.clean_up_passwords + result + end + + def enable_otp_without_password(otp_secret, otp_attempt) + validate_and_consume_otp(otp_attempt, otp_secret) + end + + def disable_otp(current_password) + user.update_with_password(current_password: current_password, otp_required_for_login: false) + end + + private + + def validate_and_consume_otp(otp_attempt, otp_secret) + if user.validate_and_consume_otp!(otp_attempt, otp_secret: otp_secret) + user.update_attributes(otp_secret: otp_secret, otp_required_for_login: true) + true + else + user.errors.add(:otp_attempt, otp_attempt.blank? ? :blank : :invalid) + false + end + end +end diff --git a/app/services/user_setup_service.rb b/app/services/user_setup_service.rb new file mode 100644 index 0000000..d6d4d52 --- /dev/null +++ b/app/services/user_setup_service.rb @@ -0,0 +1,46 @@ +class UserSetupService + attr_reader :user, :tfa_service + + def initialize(token, tfa_service_klass) + reset_password_token = Devise.token_generator.digest(User, :reset_password_token, token) + + @user = User.find_or_initialize_with_error_by(:reset_password_token, reset_password_token) + @tfa_service = tfa_service_klass.new(@user) + end + + def run(password_params, tfa_params) + password, confirmation = password_params.values_at :password, :password_confirmation + otp_required, otp_secret, otp_attempt = tfa_params.values_at :otp_required_for_login, :otp_secret, :otp_attempt + + if token_valid? && user_valid?(password, confirmation) + return enable_otp(otp_secret, otp_attempt) if otp_required == '1' + user.save! # This should never raise an errror + else + false + end + end + + private + + def enable_otp(secret, attempt) + if tfa_service.enable_otp_without_password(secret, attempt) + user.save! # This should never raise an errror + else + false + end + end + + def user_valid?(password, confirmation) + if password.present? + user.assign_attributes(password: password, password_confirmation: confirmation) + user.valid? + else + user.errors.add(:password, :blank) + false + end + end + + def token_valid? + user.persisted? && user.reset_password_period_valid? + end +end diff --git a/app/views/auth_token_mailer/auth_token.html.erb b/app/views/auth_token_mailer/auth_token.html.erb deleted file mode 100644 index 74a44a6..0000000 --- a/app/views/auth_token_mailer/auth_token.html.erb +++ /dev/null @@ -1,21 +0,0 @@ -

- Hello <%= @email %> -

- -

- Here is the requested authentication token that will allow you to access <%= link_to("SecretLink.org", "https://secretlink.org") %>: -

-

- <%= link_to auth_token_url(@token), auth_token_url(@token) %> -

- -

- Thank you for using <%= link_to("SecretLink.org", "https://secretlink.org") %>! -

- - - -

-

- If you didn't expect to receive this message, please contact <%= mail_to "info@secretlink.org" %>. -

diff --git a/app/views/auth_token_mailer/auth_token.text.erb b/app/views/auth_token_mailer/auth_token.text.erb deleted file mode 100644 index 0d874ab..0000000 --- a/app/views/auth_token_mailer/auth_token.text.erb +++ /dev/null @@ -1,11 +0,0 @@ -Hello <%= @email %> - -Here is the requested authentication token that will allow you to access https://SecretLink.org/ - -<%= "#{@request_host}/auth_tokens/#{@token}" %> - -Thank you for using <%= link_to("SecretLink.org", "https://secretlink.org") %>! - - - -If you didn't expect to receive this message, please contact info@secretlink.org diff --git a/app/views/dashboard/_secret_item.erb b/app/views/dashboard/_secret_item.erb new file mode 100644 index 0000000..656c710 --- /dev/null +++ b/app/views/dashboard/_secret_item.erb @@ -0,0 +1,67 @@ +<% secret %> + +
+ +
+ <% if secret.consumed_at? %> + <%= image_tag 'icons/unlocked-icon.svg', alt: 'Unlocked email', width: 62 %> + <% else %> + <%= image_tag 'icons/locked-icon.svg', alt: 'Locked Mail', width: 62 %> + <% end %> + +
+

<%= secret.title %>

+ <% if secret.consumed_at.blank? %> +

Not Viewed

+ <% else %> +

Viewed

+ <% end %> +
+
+ +
+ <% if secret.no_email? %> +

+ This secret was sent manually + (no email sent) +

+ <% else %> +

From: <%= secret.from_email %>

+

To: <%= secret.to_email %>

+ <% end %> + + +

+ <% if secret.no_email? %> + Created: <%= local_time(secret.created_at, t('date.formats.dashboard_time')) %> + <% else %> + Sent: <%= local_time(secret.sent_at, t('date.formats.dashboard_time')) %> + <% end %> +

+ +

+ <% if secret.consumed_at? %> + Viewed: <%= local_time(secret.consumed_at, t('date.formats.dashboard_time')) %> + <% elsif secret.expired? %> + Not viewed: expired: <%= local_time(secret.expire_at, t('date.formats.dashboard_time')) %> + <% else %> + Not viewed: expiry: <%= local_time(secret.expire_at, t('date.formats.dashboard_time')) %> + <% end %> +

+

+ + <%= secret.comments %> +

+

+ +
+ <% if secret.consumed_at? %> +
Viewed and Deleted
+ <% elsif secret.expired? && !secret.extended?%> + <%= link_to "Extend", extended_secret_path(secret), class: 'extend-btn button blue', method: :put %> + <% elsif secret.extended? %> +
Extended
+ <% end %> + <%= link_to "Send Another".html_safe, new_secret_path(base_id: secret.uuid), class: 'button green' %> +
+
diff --git a/app/views/dashboard/index.html.erb b/app/views/dashboard/index.html.erb new file mode 100644 index 0000000..7757b77 --- /dev/null +++ b/app/views/dashboard/index.html.erb @@ -0,0 +1,12 @@ + + +
+
+ <% @secrets.each do |secret| %> + <%= render 'secret_item', secret: secret %> + <% end %> +
+
diff --git a/app/views/devise/confirmations/new.html.erb b/app/views/devise/confirmations/new.html.erb new file mode 100644 index 0000000..37362cb --- /dev/null +++ b/app/views/devise/confirmations/new.html.erb @@ -0,0 +1,27 @@ + + +
+
+
+

Resend confirmation instructions

+
+
+ <%= simple_form_for(resource, as: resource_name, url: confirmation_path(resource_name), html: { method: :post, class: "devise_page__form" }) do |f| %> + <%= f.error_notification %> + <%= f.full_error :confirmation_token %> + + <%= f.input :email, required: true, autofocus: true %> + +
+ <%= f.button :submit, "Resend", class: "button green" %> +
+ <% end %> +
+
+ +
+ <%= render "devise/shared/links" %> +
+
diff --git a/app/views/devise/mailer/confirmation_instructions.html.erb b/app/views/devise/mailer/confirmation_instructions.html.erb new file mode 100644 index 0000000..dc55f64 --- /dev/null +++ b/app/views/devise/mailer/confirmation_instructions.html.erb @@ -0,0 +1,5 @@ +

Welcome <%= @email %>!

+ +

You can confirm your account email through the link below:

+ +

<%= link_to 'Confirm my account', confirmation_url(@resource, confirmation_token: @token) %>

diff --git a/app/views/devise/mailer/email_changed.html.erb b/app/views/devise/mailer/email_changed.html.erb new file mode 100644 index 0000000..32f4ba8 --- /dev/null +++ b/app/views/devise/mailer/email_changed.html.erb @@ -0,0 +1,7 @@ +

Hello <%= @email %>!

+ +<% if @resource.try(:unconfirmed_email?) %> +

We're contacting you to notify you that your email is being changed to <%= @resource.unconfirmed_email %>.

+<% else %> +

We're contacting you to notify you that your email has been changed to <%= @resource.email %>.

+<% end %> diff --git a/app/views/devise/mailer/password_change.html.erb b/app/views/devise/mailer/password_change.html.erb new file mode 100644 index 0000000..b41daf4 --- /dev/null +++ b/app/views/devise/mailer/password_change.html.erb @@ -0,0 +1,3 @@ +

Hello <%= @resource.email %>!

+ +

We're contacting you to notify you that your password has been changed.

diff --git a/app/views/devise/mailer/reset_password_instructions.html.erb b/app/views/devise/mailer/reset_password_instructions.html.erb new file mode 100644 index 0000000..f667dc1 --- /dev/null +++ b/app/views/devise/mailer/reset_password_instructions.html.erb @@ -0,0 +1,8 @@ +

Hello <%= @resource.email %>!

+ +

Someone has requested a link to change your password. You can do this through the link below.

+ +

<%= link_to 'Change my password', edit_password_url(@resource, reset_password_token: @token) %>

+ +

If you didn't request this, please ignore this email.

+

Your password won't change until you access the link above and create a new one.

diff --git a/app/views/devise/mailer/unlock_instructions.html.erb b/app/views/devise/mailer/unlock_instructions.html.erb new file mode 100644 index 0000000..41e148b --- /dev/null +++ b/app/views/devise/mailer/unlock_instructions.html.erb @@ -0,0 +1,7 @@ +

Hello <%= @resource.email %>!

+ +

Your account has been locked due to an excessive number of unsuccessful sign in attempts.

+ +

Click the link below to unlock your account:

+ +

<%= link_to 'Unlock my account', unlock_url(@resource, unlock_token: @token) %>

diff --git a/app/views/devise/passwords/edit.html.erb b/app/views/devise/passwords/edit.html.erb new file mode 100644 index 0000000..c2f8e59 --- /dev/null +++ b/app/views/devise/passwords/edit.html.erb @@ -0,0 +1,31 @@ + + +
+
+
+

Set your password

+
+
+ + <%= simple_form_for(resource, as: resource_name, url: password_path(resource_name), html: { method: :put, class: "devise_page__form" }) do |f| %> + <%= f.error_notification %> + + <%= f.input :reset_password_token, as: :hidden %> + <%= f.full_error :reset_password_token %> + + <%= f.input :password, label: "New password", required: true, autofocus: true, hint: ("#{@minimum_password_length} characters minimum" if @minimum_password_length) %> + <%= f.input :password_confirmation, label: "Confirm your new password", required: true %> + +
+ <%= f.button :submit, "Set password", class: "button green" %> +
+ <% end %> +
+
+ +
+ <%= render "devise/shared/links" %> +
+
diff --git a/app/views/devise/passwords/new.html.erb b/app/views/devise/passwords/new.html.erb new file mode 100644 index 0000000..51509ab --- /dev/null +++ b/app/views/devise/passwords/new.html.erb @@ -0,0 +1,26 @@ + + +
+
+
+

Forgot your password?

+
+
+ <%= simple_form_for(resource, as: resource_name, url: password_path(resource_name), html: { method: :post, class: "devise_page__form" }) do |f| %> + <%= f.error_notification %> + + <%= f.input :email, required: true, autofocus: true %> + +
+ <%= f.button :submit, "Reset password", class: "button green" %> +
+ <% end %> +
+
+ +
+ <%= render "devise/shared/links" %> +
+
diff --git a/app/views/devise/registrations/edit.html.erb b/app/views/devise/registrations/edit.html.erb new file mode 100644 index 0000000..a7c2fa9 --- /dev/null +++ b/app/views/devise/registrations/edit.html.erb @@ -0,0 +1,38 @@ + + +
+
+
+

Edit <%= resource_name.to_s.humanize %>

+
+
+ <%= simple_form_for(resource, as: resource_name, url: registration_path(resource_name), html: { method: :put, class: "devise_page__form" }) do |f| %> + <%= f.error_notification %> + + <%= f.input :email, required: true, autofocus: true %> + + <% if devise_mapping.confirmable? && resource.pending_reconfirmation? %> +

Currently waiting confirmation for: <%= resource.unconfirmed_email %>

+ <% end %> + + <%= f.input :password, autocomplete: "off", hint: "leave it blank if you don't want to change it", required: false %> + <%= f.input :password_confirmation, required: false %> + <%= f.input :current_password, hint: "we need your current password to confirm your changes", required: true %> + +
+ <%= f.button :submit, "Update", class: "button green" %> +
+ <% end %> +
+
+ +
+

Cancel my account

+ +

Unhappy? <%= link_to "Cancel my account", registration_path(resource_name), data: { confirm: "Are you sure?" }, method: :delete, class: "button red" %>

+ + <%= link_to "Back", :back %> +
+
diff --git a/app/views/devise/registrations/new.html.erb b/app/views/devise/registrations/new.html.erb new file mode 100644 index 0000000..1c1012c --- /dev/null +++ b/app/views/devise/registrations/new.html.erb @@ -0,0 +1,26 @@ + + +
+
+
+

New User? Create an Account

+
+
+ <%= simple_form_for(resource, as: resource_name, url: registration_path(resource_name), html: { class: "devise_page__form"}) do |f| %> + <%= f.error_notification %> + + <%= f.input :email, required: true, autofocus: true %> + +
+ <%= invisible_recaptcha_tags text: 'Register', class: 'button green' %> +
+ <% end %> +
+
+ +
+ <%= render "devise/shared/links" %> +
+
diff --git a/app/views/devise/sessions/new.html.erb b/app/views/devise/sessions/new.html.erb new file mode 100644 index 0000000..2526976 --- /dev/null +++ b/app/views/devise/sessions/new.html.erb @@ -0,0 +1,27 @@ + + +
+
+
+

Returning User? Sign in

+
+
+ <%= simple_form_for(resource, as: resource_name, url: session_path(resource_name), html: { class: "devise_page__form"}) do |f| %> + <%= f.input :email, required: false, autofocus: true %> + <%= f.input :password, required: false %> + <%= f.input :otp_attempt, required: false, label: "2FA
(for configured accounts)".html_safe %> + <%= f.input :remember_me, as: :boolean if devise_mapping.rememberable? %> + +
+ <%= f.button :submit, "Sign In", class: "button green" %> +
+ <% end %> +
+
+ +
+ <%= render "devise/shared/links" %> +
+
diff --git a/app/views/devise/shared/_links.html.erb b/app/views/devise/shared/_links.html.erb new file mode 100644 index 0000000..6f8d97f --- /dev/null +++ b/app/views/devise/shared/_links.html.erb @@ -0,0 +1,25 @@ +<%- if controller_name != 'sessions' %> + <%= link_to "Sign In", new_session_path(resource_name) %> +<% end -%> + +<%- if devise_mapping.registerable? && controller_name != 'registrations' %> + <%= link_to "Register", new_registration_path(resource_name) %> +<% end -%> + +<%- if devise_mapping.recoverable? && controller_name != 'passwords' && controller_name != 'registrations' %> + <%= link_to "Forgot your password?", new_password_path(resource_name) %> +<% end -%> + +<%- if devise_mapping.confirmable? && controller_name != 'confirmations' %> + <%= link_to "Didn't receive confirmation instructions?", new_confirmation_path(resource_name) %> +<% end -%> + +<%- if devise_mapping.lockable? && resource_class.unlock_strategy_enabled?(:email) && controller_name != 'unlocks' %> + <%= link_to "Didn't receive unlock instructions?", new_unlock_path(resource_name) %> +<% end -%> + +<%- if devise_mapping.omniauthable? %> + <%- resource_class.omniauth_providers.each do |provider| %> + <%= link_to "Sign in with #{OmniAuth::Utils.camelize(provider)}", omniauth_authorize_path(resource_name, provider) %> + <% end -%> +<% end -%> diff --git a/app/views/devise/unlocks/new.html.erb b/app/views/devise/unlocks/new.html.erb new file mode 100644 index 0000000..788f62e --- /dev/null +++ b/app/views/devise/unlocks/new.html.erb @@ -0,0 +1,16 @@ +

Resend unlock instructions

+ +<%= simple_form_for(resource, as: resource_name, url: unlock_path(resource_name), html: { method: :post }) do |f| %> + <%= f.error_notification %> + <%= f.full_error :unlock_token %> + +
+ <%= f.input :email, required: true, autofocus: true %> +
+ +
+ <%= f.button :submit, "Resend unlock instructions" %> +
+<% end %> + +<%= render "devise/shared/links" %> diff --git a/app/views/email_template/edit.html.erb b/app/views/email_template/edit.html.erb new file mode 100644 index 0000000..8faba67 --- /dev/null +++ b/app/views/email_template/edit.html.erb @@ -0,0 +1,36 @@ + + +
+
+
+

Email Template

+
+
+ <%= simple_form_for(@settings, url: email_template_path, html: { class:"devise_page__form" }) do |f| %> +
+ <%= f.input :send_secret_email_template, label: false, as: :trix_editor %> +
+ +
+ <%= f.button :submit, value: t('buttons.update'), class: "button green" %> +
+ <% end %> +
+
+ + + +
+ <%= render "shared/two_factor_links" %> +
+
diff --git a/app/views/layouts/application.html.erb b/app/views/layouts/application.html.erb index b75556c..5522823 100644 --- a/app/views/layouts/application.html.erb +++ b/app/views/layouts/application.html.erb @@ -1,18 +1,21 @@ - + SecretLink.org <%= stylesheet_link_tag 'application', media: 'all', 'data-turbolinks-track' => true %> <%= csrf_meta_tags %> - + <%= render partial: 'shared/header' %> <%= render partial: 'shared/flash_messages' %> - <%= yield %> + +
+ <%= yield %> +
<%= render partial: 'shared/footer' %> <%= javascript_include_tag 'application', 'data-turbolinks-track' => true %> diff --git a/app/views/pages/copyright.html.erb b/app/views/pages/copyright.html.erb index 583cd35..3eb26a9 100644 --- a/app/views/pages/copyright.html.erb +++ b/app/views/pages/copyright.html.erb @@ -1,6 +1,8 @@ -
-

Copyright & Trademark Information

+ +

© Copyright <%= Time.zone.now.to_date.year %> reinteractive Pty Ltd.

diff --git a/app/views/auth_tokens/new.html.erb b/app/views/pages/home.html.erb similarity index 91% rename from app/views/auth_tokens/new.html.erb rename to app/views/pages/home.html.erb index 4ed8a2f..3ed5973 100644 --- a/app/views/auth_tokens/new.html.erb +++ b/app/views/pages/home.html.erb @@ -1,12 +1,15 @@ -
-

Share secrets such as passwords, API keys, and SSL certificates simply and securely.

- <%= simple_form_for :auth_token, url: auth_tokens_url, html: { class: '' } do |f| %> -

Share a secret now...

- <%= f.input :email, label: false, placeholder: 'To send a secret, enter your email address...', input_html: { class: 'form-control center-block' } %> - <%= invisible_recaptcha_tags text: 'Send SecretLink.org Token', class: 'button white' %> - <%= link_to "Send using Google", '/auth/google_oauth2', id: 'oauth-google', class: "google-link" %> - <% end %> +
diff --git a/app/views/pages/privacy_policy.html.erb b/app/views/pages/privacy_policy.html.erb index 0777355..d057847 100644 --- a/app/views/pages/privacy_policy.html.erb +++ b/app/views/pages/privacy_policy.html.erb @@ -1,6 +1,8 @@ -
-

Privacy Policy

+ +

SecretLink.org is a service offered to you by reinteractive pty ltd (ABN 62 160 446 453) of Level 32, 101 Miller Street, North Sydney, NSW, 2060 Australia. We are the owner and author of the SecretLink.org Software as a Service (the Service).

diff --git a/app/views/pages/terms_and_conditions.html.erb b/app/views/pages/terms_and_conditions.html.erb index 8ba4bcd..5d8631c 100644 --- a/app/views/pages/terms_and_conditions.html.erb +++ b/app/views/pages/terms_and_conditions.html.erb @@ -1,6 +1,8 @@ -
-

Terms & Conditions for Envisage

+ +

WARNING: YOU MAY ONLY ACCESS, BROWSE AND USE THIS WEBSITE IF YOU ACCEPT THESE TERMS OF USE. BY ACCESSING, BROWSING AND/OR USING THIS WEBSITE, YOU CONFIRM THAT YOU HAVE READ AND UNDERSTAND AND WHOLLY AND UNCONDITIONALLY AGREE TO BE LEGALLY BOUND BY AND ACCEPT THESE TERMS OF USE. WE MAY MODIFY AND/OR REPLACE THESE TERMS OF USE FROM TIME TO TIME WITHOUT NOTICE. WE WILL UPLOAD THE LATEST VERSION TO THIS WEBPAGE. IT IS YOUR RESPONSIBILITY TO CHECK THESE TERMS OF USE EACH TIME YOU ACCESS, USE OR BROWSE THIS WEBSITE TO ENSURE YOU HAVE READ AND UNDERSTAND THE LATEST VERSION OF THESE TERMS OF USE. IF YOU DO NOT WISH TO ACCEPT THESE TERMS OF USE, YOU MUST NOT AND CANNOT USE THIS WEBSITE AND MUST IMMEDIATELY LEAVE THIS WEBSITE.

@@ -507,4 +509,4 @@ 17.8. Jurisdiction: These Terms of Use will be interpreted in accordance with the laws in force in the state or territory in which Our principal place of business is located. You and Us irrevocably submit to the non-exclusive jurisdiction of the courts situated in that state or territory.

-
\ No newline at end of file +
diff --git a/app/views/secret_mailer/secret_notification.html.erb b/app/views/secret_mailer/secret_notification.html.erb index c7a98b5..f1c096b 100644 --- a/app/views/secret_mailer/secret_notification.html.erb +++ b/app/views/secret_mailer/secret_notification.html.erb @@ -3,7 +3,7 @@

- <%= @secret.from_email %> has shared a secret with you via <%= link_to("SecretLink.org", "https://SecretLink.org") %>.
+ <%= sanitize @editable_content %>

<% if @secret.title.present? %> @@ -39,4 +39,3 @@

Thank you for using <%= link_to("SecretLink.org", "https://SecretLink.org") %>!

- diff --git a/app/views/secret_mailer/secret_notification.text.erb b/app/views/secret_mailer/secret_notification.text.erb index e1dfe98..e0d38e0 100644 --- a/app/views/secret_mailer/secret_notification.text.erb +++ b/app/views/secret_mailer/secret_notification.text.erb @@ -1,7 +1,7 @@ Hello <%= @secret.to_email %> -<%= @secret.from_email %> has shared a secret with you via SecretLink.org. +<%= HTMLToTextParser.new(sanitize(@editable_content)).run %> <% if @secret.title.present? %> Title: <%= @secret.title %> diff --git a/app/views/secret_mailer/secret_notification_editable.html.erb b/app/views/secret_mailer/secret_notification_editable.html.erb new file mode 100644 index 0000000..ed58794 --- /dev/null +++ b/app/views/secret_mailer/secret_notification_editable.html.erb @@ -0,0 +1 @@ +<%= @secret.from_email %> has shared a secret with you via <%= link_to("SecretLink.org", "https://SecretLink.org") %>. diff --git a/app/views/secrets/copy.html.erb b/app/views/secrets/copy.html.erb new file mode 100644 index 0000000..8215ea1 --- /dev/null +++ b/app/views/secrets/copy.html.erb @@ -0,0 +1,11 @@ +
+
+

Copy Link

+
+
+ 
<%= secret_url(@data[:uuid], key: @data[:key]) %>
+
+ Make sure you copied the link before hitting the close button. You cannot go back to this page. +
+
+
diff --git a/app/views/secrets/new.html.erb b/app/views/secrets/new.html.erb index 430010f..e31a3de 100644 --- a/app/views/secrets/new.html.erb +++ b/app/views/secrets/new.html.erb @@ -1,11 +1,15 @@ -
-

Create a new secret to send

-
-
+ + +
- <%= simple_form_for @secret, url: secrets_url, wrapper: 'horizontal_form', html: {class: 'form-horizontal secret__form'} do |f| %> + <%= simple_form_for @secret, url: secrets_url, wrapper: 'horizontal_form', html: {class: 'form-horizontal secret__form js-new-secret-form'} do |f| %>
<%= f.input :title, input_html: { class: 'form-control' } %> +
+ <%= f.input :no_email, label: "Copy the link (don't send email)", input_html: { class: 'no-email-toggle' } %> +
<%= f.input :from_email, label: "Sender:", input_html: { disabled: true, placeholder: from_email_placeholder, class: 'form-control' } %> <%= f.input :to_email, label: "Recipient:", input_html: { placeholder: to_email_placeholder, class: 'form-control' } %> <%= f.input :secret, as: :text, input_html: { class: 'form-control' } %> @@ -20,12 +24,12 @@
<% end %> -
+
+
-
\ No newline at end of file +
diff --git a/app/views/secrets/show.html.erb b/app/views/secrets/show.html.erb index df6302f..9ef5345 100644 --- a/app/views/secrets/show.html.erb +++ b/app/views/secrets/show.html.erb @@ -1,6 +1,6 @@ -
-

Hello <%= @secret.to_email %>

-
+
@@ -43,7 +43,13 @@ <% end %> <% end %>

- +
+ <% unless current_user.present? %> +
+ Start sending your secret. + <%= link_to 'Register Here', new_user_registration_path %> +
+ <% end %>
diff --git a/app/views/shared/_flash_messages.html.erb b/app/views/shared/_flash_messages.html.erb index 51487aa..7fb9e9f 100644 --- a/app/views/shared/_flash_messages.html.erb +++ b/app/views/shared/_flash_messages.html.erb @@ -1,15 +1,10 @@ -<% if flash[:error] %> -
- <%= flash[:error] %> -
-<% end %> -<% if flash[:message] %> +<% flash.each do |type, message| %>
-
-<% end %> \ No newline at end of file +<% end %> diff --git a/app/views/shared/_footer.html.erb b/app/views/shared/_footer.html.erb index 491c0d2..78250d4 100644 --- a/app/views/shared/_footer.html.erb +++ b/app/views/shared/_footer.html.erb @@ -1,16 +1,30 @@ diff --git a/app/views/shared/_header.html.erb b/app/views/shared/_header.html.erb index 8dbdfba..cc0e9a4 100644 --- a/app/views/shared/_header.html.erb +++ b/app/views/shared/_header.html.erb @@ -1,8 +1,26 @@
- SecretLink.org + + + SecretLink.org +
    -
  • How it works
    • -
  • FAQ
    • -
  • About
    • +
  • <%= link_to "How it works", home_path(anchor: "homepage-steps") %>
    • +
  • <%= link_to "FAQ", home_path(anchor: "homepage-faq") %>
    • +
  • <%= link_to "About", home_path(anchor: "homepage-about") %>
    • + <% if user_signed_in? %> +
  • + +
      +
    • <%= link_to 'Dashboard', dashboard_path %>
      • +
    • <%= link_to 'Settings', edit_two_factor_auth_path %>
      • + +
    • <%= link_to 'Sign out', destroy_user_session_path, method: :delete %>
      • +
    +
    • + <% else %> +
  • <%= link_to('Sign In', new_user_session_path) %>
    • + <% end %>
diff --git a/app/views/shared/_two_factor_fields.html.erb b/app/views/shared/_two_factor_fields.html.erb new file mode 100644 index 0000000..9ed1d3a --- /dev/null +++ b/app/views/shared/_two_factor_fields.html.erb @@ -0,0 +1,22 @@ +
+ <%= f.hidden_field(:otp_secret) %> + <%= f.input :otp_required_for_login, + label: 'Enable two factor authentication', + input_html: { class: 'otp-required-for-login' } + %> + +
+
+ +
+ + <%= f.input :otp_attempt, + label: '6 digit code', + value: '', + autocomplete: 'off' + %> +
+
diff --git a/app/views/shared/_two_factor_links.html.erb b/app/views/shared/_two_factor_links.html.erb new file mode 100644 index 0000000..0e85533 --- /dev/null +++ b/app/views/shared/_two_factor_links.html.erb @@ -0,0 +1,2 @@ +<%= link_to 'Two Factor Auth (2FA)', edit_two_factor_auth_path %> +<%= link_to 'Email Template', edit_email_template_path %> diff --git a/app/views/two_factor_auth/edit.html.erb b/app/views/two_factor_auth/edit.html.erb new file mode 100644 index 0000000..81ccffb --- /dev/null +++ b/app/views/two_factor_auth/edit.html.erb @@ -0,0 +1,56 @@ + + +
+
+
+

Two Factor Auth (2FA)

+
+
+ <%= simple_form_for(@tfa_service.user, url: two_factor_auth_path, html: {class: "devise_page__form"}) do |f| %> + <%= render partial: 'shared/two_factor_fields', locals: { + f: f, + resource: @tfa_service.user, + otp_provisioning_uri: @otp_provisioning_uri + } %> + + <%= f.input :current_password, + label: "Current password".html_safe, + input_html: { autocomplete: "off" } %> + +
+ <%= f.button :submit, name: :two_factor, value: 'Save Settings', class: 'btn-enable-2fa button green' %> +
+ <% end %> +
+
+ + + +
+ <%= render "shared/two_factor_links" %> +
+
diff --git a/app/views/user_setups/edit.html.erb b/app/views/user_setups/edit.html.erb new file mode 100644 index 0000000..4174890 --- /dev/null +++ b/app/views/user_setups/edit.html.erb @@ -0,0 +1,32 @@ + + +
+
+
+

Setup login credentials

+
+
+ <%= simple_form_for(@tfa_service.user, url: user_setup_path(reset_password_token: @original_token), html: { method: :put, class: "devise_page__form" }) do |f| %> + <%= f.error_notification %> + + <%= f.input :reset_password_token, as: :hidden, input_html: { value: @original_token }%> + <%= f.full_error :reset_password_token %> + + <%= f.input :password, label: "New password", required: true, autofocus: true, hint: ("#{@minimum_password_length} characters minimum" if @minimum_password_length) %> + <%= f.input :password_confirmation, label: "Confirm your new password", required: true %> + + <%= render partial: 'shared/two_factor_fields', locals: { + f: f, + resource: @tfa_service.user, + otp_provisioning_uri: @otp_provisioning_uri + } %> + +
+ <%= f.button :submit, "Save", class: "button green" %> +
+ <% end %> +
+
+
diff --git a/config/application.rb b/config/application.rb index 8b90522..9873142 100644 --- a/config/application.rb +++ b/config/application.rb @@ -9,6 +9,8 @@ module Topsekrit class Application < Rails::Application + config.autoload_paths << Rails.root.join('lib') + config.skylight.environments += ['staging'] config.skylight.alert_log_file = true diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb new file mode 100644 index 0000000..27ae7a6 --- /dev/null +++ b/config/initializers/devise.rb @@ -0,0 +1,283 @@ +# frozen_string_literal: true + +# Use this hook to configure devise mailer, warden hooks and so forth. +# Many of these configuration options can be set straight in your model. +Devise.setup do |config| + config.warden do |manager| + manager.default_strategies(:scope => :user).unshift :two_factor_authenticatable + end + + # The secret key used by Devise. Devise uses this key to generate + # random tokens. Changing this key will render invalid all existing + # confirmation, reset password and unlock tokens in the database. + # Devise will use the `secret_key_base` as its `secret_key` + # by default. You can change it below and use your own secret key. + # config.secret_key = '00f45515be77f3097584762be03209d6e585bf0c7f7ce5b0b9239a494f5b335d276a87816dcaaf62bd1ffa6d147879e8579dfd6a4ff1e6ab0effa8f31f1efd12' + + # ==> Mailer Configuration + # Configure the e-mail address which will be shown in Devise::Mailer, + # note that it will be overwritten if you use your own mailer class + # with default "from" parameter. + config.mailer_sender = 'hi@secretlink.org' + + # Configure the class responsible to send e-mails. + # config.mailer = 'Devise::Mailer' + + # Configure the parent class responsible to send e-mails. + # config.parent_mailer = 'ActionMailer::Base' + + # ==> ORM configuration + # Load and configure the ORM. Supports :active_record (default) and + # :mongoid (bson_ext recommended) by default. Other ORMs may be + # available as additional gems. + require 'devise/orm/active_record' + + # ==> Configuration for any authentication mechanism + # Configure which keys are used when authenticating a user. The default is + # just :email. You can configure it to use [:username, :subdomain], so for + # authenticating a user, both parameters are required. Remember that those + # parameters are used only when authenticating and not when retrieving from + # session. If you need permissions, you should implement that in a before filter. + # You can also supply a hash where the value is a boolean determining whether + # or not authentication should be aborted when the value is not present. + # config.authentication_keys = [:email] + + # Configure parameters from the request object used for authentication. Each entry + # given should be a request method and it will automatically be passed to the + # find_for_authentication method and considered in your model lookup. For instance, + # if you set :request_keys to [:subdomain], :subdomain will be used on authentication. + # The same considerations mentioned for authentication_keys also apply to request_keys. + # config.request_keys = [] + + # Configure which authentication keys should be case-insensitive. + # These keys will be downcased upon creating or modifying a user and when used + # to authenticate or find a user. Default is :email. + config.case_insensitive_keys = [:email] + + # Configure which authentication keys should have whitespace stripped. + # These keys will have whitespace before and after removed upon creating or + # modifying a user and when used to authenticate or find a user. Default is :email. + config.strip_whitespace_keys = [:email] + + # Tell if authentication through request.params is enabled. True by default. + # It can be set to an array that will enable params authentication only for the + # given strategies, for example, `config.params_authenticatable = [:database]` will + # enable it only for database (email + password) authentication. + # config.params_authenticatable = true + + # Tell if authentication through HTTP Auth is enabled. False by default. + # It can be set to an array that will enable http authentication only for the + # given strategies, for example, `config.http_authenticatable = [:database]` will + # enable it only for database authentication. The supported strategies are: + # :database = Support basic authentication with authentication key + password + # config.http_authenticatable = false + + # If 401 status code should be returned for AJAX requests. True by default. + # config.http_authenticatable_on_xhr = true + + # The realm used in Http Basic Authentication. 'Application' by default. + # config.http_authentication_realm = 'Application' + + # It will change confirmation, password recovery and other workflows + # to behave the same regardless if the e-mail provided was right or wrong. + # Does not affect registerable. + # config.paranoid = true + + # By default Devise will store the user in session. You can skip storage for + # particular strategies by setting this option. + # Notice that if you are skipping storage for all authentication paths, you + # may want to disable generating routes to Devise's sessions controller by + # passing skip: :sessions to `devise_for` in your config/routes.rb + config.skip_session_storage = [:http_auth] + + # By default, Devise cleans up the CSRF token on authentication to + # avoid CSRF token fixation attacks. This means that, when using AJAX + # requests for sign in and sign up, you need to get a new CSRF token + # from the server. You can disable this option at your own risk. + # config.clean_up_csrf_token_on_authentication = true + + # When false, Devise will not attempt to reload routes on eager load. + # This can reduce the time taken to boot the app but if your application + # requires the Devise mappings to be loaded during boot time the application + # won't boot properly. + # config.reload_routes = true + + # ==> Configuration for :database_authenticatable + # For bcrypt, this is the cost for hashing the password and defaults to 11. If + # using other algorithms, it sets how many times you want the password to be hashed. + # + # Limiting the stretches to just one in testing will increase the performance of + # your test suite dramatically. However, it is STRONGLY RECOMMENDED to not use + # a value less than 10 in other environments. Note that, for bcrypt (the default + # algorithm), the cost increases exponentially with the number of stretches (e.g. + # a value of 20 is already extremely slow: approx. 60 seconds for 1 calculation). + config.stretches = Rails.env.test? ? 1 : 11 + + # Set up a pepper to generate the hashed password. + # config.pepper = 'b916c16973a45d824cf0f9d2e2020377193d88e11cf47b419fa1a4d47e4ea0c7d088809b06362357dc2aa1ce3d47c3331c6fecdd42eab158ac917a766f328a37' + + # Send a notification to the original email when the user's email is changed. + # config.send_email_changed_notification = false + + # Send a notification email when the user's password is changed. + # config.send_password_change_notification = false + + # ==> Configuration for :confirmable + # A period that the user is allowed to access the website even without + # confirming their account. For instance, if set to 2.days, the user will be + # able to access the website for two days without confirming their account, + # access will be blocked just in the third day. Default is 0.days, meaning + # the user cannot access the website without confirming their account. + # config.allow_unconfirmed_access_for = 2.days + + # A period that the user is allowed to confirm their account before their + # token becomes invalid. For example, if set to 3.days, the user can confirm + # their account within 3 days after the mail was sent, but on the fourth day + # their account can't be confirmed with the token any more. + # Default is nil, meaning there is no restriction on how long a user can take + # before confirming their account. + # config.confirm_within = 3.days + + # If true, requires any email changes to be confirmed (exactly the same way as + # initial account confirmation) to be applied. Requires additional unconfirmed_email + # db field (see migrations). Until confirmed, new email is stored in + # unconfirmed_email column, and copied to email column on successful confirmation. + config.reconfirmable = true + + # Defines which key will be used when confirming an account + # config.confirmation_keys = [:email] + + # ==> Configuration for :rememberable + # The time the user will be remembered without asking for credentials again. + # config.remember_for = 2.weeks + + # Invalidates all the remember me tokens when the user signs out. + config.expire_all_remember_me_on_sign_out = true + + # If true, extends the user's remember period when remembered via cookie. + # config.extend_remember_period = false + + # Options to be passed to the created cookie. For instance, you can set + # secure: true in order to force SSL only cookies. + # config.rememberable_options = {} + + # ==> Configuration for :validatable + # Range for password length. + config.password_length = 6..128 + + # Email regex used to validate email formats. It simply asserts that + # one (and only one) @ exists in the given string. This is mainly + # to give user feedback and not to assert the e-mail validity. + config.email_regexp = /\A[^@\s]+@[^@\s]+\z/ + + # ==> Configuration for :timeoutable + # The time you want to timeout the user session without activity. After this + # time the user will be asked for credentials again. Default is 30 minutes. + # config.timeout_in = 30.minutes + + # ==> Configuration for :lockable + # Defines which strategy will be used to lock an account. + # :failed_attempts = Locks an account after a number of failed attempts to sign in. + # :none = No lock strategy. You should handle locking by yourself. + # config.lock_strategy = :failed_attempts + + # Defines which key will be used when locking and unlocking an account + # config.unlock_keys = [:email] + + # Defines which strategy will be used to unlock an account. + # :email = Sends an unlock link to the user email + # :time = Re-enables login after a certain amount of time (see :unlock_in below) + # :both = Enables both strategies + # :none = No unlock strategy. You should handle unlocking by yourself. + # config.unlock_strategy = :both + + # Number of authentication tries before locking an account if lock_strategy + # is failed attempts. + # config.maximum_attempts = 20 + + # Time interval to unlock the account if :time is enabled as unlock_strategy. + # config.unlock_in = 1.hour + + # Warn on the last attempt before the account is locked. + # config.last_attempt_warning = true + + # ==> Configuration for :recoverable + # + # Defines which key will be used when recovering the password for an account + # config.reset_password_keys = [:email] + + # Time interval you can reset your password with a reset password key. + # Don't put a too small interval or your users won't have the time to + # change their passwords. + config.reset_password_within = 6.hours + + # When set to false, does not sign a user in automatically after their password is + # reset. Defaults to true, so a user is signed in automatically after a reset. + # config.sign_in_after_reset_password = true + + # ==> Configuration for :encryptable + # Allow you to use another hashing or encryption algorithm besides bcrypt (default). + # You can use :sha1, :sha512 or algorithms from others authentication tools as + # :clearance_sha1, :authlogic_sha512 (then you should set stretches above to 20 + # for default behavior) and :restful_authentication_sha1 (then you should set + # stretches to 10, and copy REST_AUTH_SITE_KEY to pepper). + # + # Require the `devise-encryptable` gem when using anything other than bcrypt + # config.encryptor = :sha512 + + # ==> Scopes configuration + # Turn scoped views on. Before rendering "sessions/new", it will first check for + # "users/sessions/new". It's turned off by default because it's slower if you + # are using only default views. + # config.scoped_views = false + + # Configure the default scope given to Warden. By default it's the first + # devise role declared in your routes (usually :user). + # config.default_scope = :user + + # Set this configuration to false if you want /users/sign_out to sign out + # only the current scope. By default, Devise signs out all scopes. + # config.sign_out_all_scopes = true + + # ==> Navigation configuration + # Lists the formats that should be treated as navigational. Formats like + # :html, should redirect to the sign in page when the user does not have + # access, but formats like :xml or :json, should return 401. + # + # If you have any extra navigational formats, like :iphone or :mobile, you + # should add them to the navigational formats lists. + # + # The "*/*" below is required to match Internet Explorer requests. + # config.navigational_formats = ['*/*', :html] + + # The default HTTP method used to sign out a resource. Default is :delete. + config.sign_out_via = :delete + + # ==> OmniAuth + # Add a new OmniAuth provider. Check the wiki for more information on setting + # up on your models and hooks. + # config.omniauth :github, 'APP_ID', 'APP_SECRET', scope: 'user,public_repo' + + # ==> Warden configuration + # If you want to use other strategies, that are not supported by Devise, or + # change the failure app, you can configure them inside the config.warden block. + # + # config.warden do |manager| + # manager.intercept_401 = false + # manager.default_strategies(scope: :user).unshift :some_external_strategy + # end + + # ==> Mountable engine configurations + # When using Devise inside an engine, let's call it `MyEngine`, and this engine + # is mountable, there are some extra configurations to be taken into account. + # The following options are available, assuming the engine is mounted as: + # + # mount MyEngine, at: '/my_engine' + # + # The router that invoked `devise_for`, in the example above, would be: + # config.router_name = :my_engine + # + # When using OmniAuth, Devise cannot automatically set OmniAuth path, + # so you need to do it manually. For the users scope, it would be: + # config.omniauth_path_prefix = '/my_engine/users/auth' +end diff --git a/config/initializers/filter_parameter_logging.rb b/config/initializers/filter_parameter_logging.rb index 4a994e1..edc6623 100644 --- a/config/initializers/filter_parameter_logging.rb +++ b/config/initializers/filter_parameter_logging.rb @@ -1,4 +1,4 @@ # Be sure to restart your server when you modify this file. # Configure sensitive parameters which will be filtered from the log file. -Rails.application.config.filter_parameters += [:password] +Rails.application.config.filter_parameters += [:password, :otp_attempt] diff --git a/config/initializers/omniauth.rb b/config/initializers/omniauth.rb index a82ff6e..1ce0c04 100644 --- a/config/initializers/omniauth.rb +++ b/config/initializers/omniauth.rb @@ -5,6 +5,9 @@ Rails.application.config.middleware.use OmniAuth::Builder do provider :google_oauth2, Rails.configuration.topsekrit_google_oauth_client_id, - Rails.configuration.topsekrit_google_oauth_client_secret + Rails.configuration.topsekrit_google_oauth_client_secret, + { + redirect_uri: URI::join(Rails.configuration.topsekrit_base_url, + Rails.configuration.topsekrit_google_oauth_callback_path).to_s + } end - diff --git a/config/initializers/topsekrit.rb b/config/initializers/topsekrit.rb index 0ea6990..fddbf08 100644 --- a/config/initializers/topsekrit.rb +++ b/config/initializers/topsekrit.rb @@ -33,4 +33,8 @@ # Base URL for the running site. For the production site at https://SecretLink.org/ the # Base URL would be: https://SecretLink.org/, for development this might be http://lvh.me:3000/ Rails.configuration.topsekrit_base_url = ENV['BASE_URL'] + + # 2FA Encryption key used by devise-two-factor gem + # https://github.com/tinfoil/devise-two-factor + Rails.configuration.topsekrit_2fa_key = ENV['2FA_KEY'] end diff --git a/config/locales/devise.en.yml b/config/locales/devise.en.yml new file mode 100644 index 0000000..917156e --- /dev/null +++ b/config/locales/devise.en.yml @@ -0,0 +1,65 @@ +# Additional translations at https://github.com/plataformatec/devise/wiki/I18n + +en: + devise: + confirmations: + confirmed: "Your email address has been successfully confirmed." + send_instructions: "You will receive an email with instructions for how to confirm your email address in a few minutes." + send_paranoid_instructions: "If your email address exists in our database, you will receive an email with instructions for how to confirm your email address in a few minutes." + failure: + already_authenticated: "You are already signed in." + inactive: "Your account is not activated yet." + invalid: "Invalid %{authentication_keys} or password." + locked: "Your account is locked." + last_attempt: "You have one more attempt before your account is locked." + not_found_in_database: "Invalid %{authentication_keys} or password." + timeout: "Your session expired. Please sign in again to continue." + unauthenticated: "You need to sign in or sign up before continuing." + unconfirmed: "You have to confirm your email address before continuing." + mailer: + confirmation_instructions: + subject: "Confirmation instructions" + reset_password_instructions: + subject: "Reset password instructions" + unlock_instructions: + subject: "Unlock instructions" + email_changed: + subject: "Email Changed" + password_change: + subject: "Password Changed" + omniauth_callbacks: + failure: "Could not authenticate you from %{kind} because \"%{reason}\"." + success: "Successfully authenticated from %{kind} account." + passwords: + no_token: "You can't access this page without coming from a password reset email. If you do come from a password reset email, please make sure you used the full URL provided." + send_instructions: "You will receive an email with instructions on how to reset your password in a few minutes." + send_paranoid_instructions: "If your email address exists in our database, you will receive a password recovery link at your email address in a few minutes." + updated: "Your password has been changed successfully. You are now signed in." + updated_not_active: "Your password has been changed successfully." + registrations: + destroyed: "Bye! Your account has been successfully cancelled. We hope to see you again soon." + signed_up: "Welcome! You have signed up successfully." + signed_up_but_inactive: "You have signed up successfully. However, we could not sign you in because your account is not yet activated." + signed_up_but_locked: "You have signed up successfully. However, we could not sign you in because your account is locked." + signed_up_but_unconfirmed: "A message with a confirmation link has been sent to your email address. Please follow the link to activate your account." + signed_up_confirmed_without_password: "You appear to have registered with us but failed to set your password. We will email you a password reset link shortly." + update_needs_confirmation: "You updated your account successfully, but we need to verify your new email address. Please check your email and follow the confirm link to confirm your new email address." + updated: "Your account has been updated successfully." + sessions: + signed_in: "Signed in successfully." + signed_out: "Signed out successfully." + already_signed_out: "Signed out successfully." + unlocks: + send_instructions: "You will receive an email with instructions for how to unlock your account in a few minutes." + send_paranoid_instructions: "If your account exists, you will receive an email with instructions for how to unlock it in a few minutes." + unlocked: "Your account has been unlocked successfully. Please sign in to continue." + errors: + messages: + already_confirmed: "was already confirmed, please try signing in" + confirmation_period_expired: "needs to be confirmed within %{period}, please request a new one" + expired: "has expired, please request a new one" + not_found: "not found" + not_locked: "was not locked" + not_saved: + one: "1 error prohibited this %{resource} from being saved:" + other: "%{count} errors prohibited this %{resource} from being saved:" diff --git a/config/locales/en.yml b/config/locales/en.yml index 0653957..50932f8 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -20,4 +20,27 @@ # available at http://guides.rubyonrails.org/i18n.html. en: - hello: "Hello world" + welcome: "Welcome! Start sending your first secret." + oauth: + already_registered: 'You are already registered with this account. Please login instead.' + failed: 'Authentication failed' + field_errors: + unauthorised: 'is unauthorised' + two_factor: + update_success: 'Two-factor authentication %{verb}.' + update_failed: 'Failed to update two-factor authentication. Please see errors below.' + secrets: + create: + success: + with_email: 'The secret has been encrypted and an email sent to the recipient, feel free to send another secret!' + without_email: 'The secret has been encrypted. Send the link below safely.' + extended_expiry: 'Extended %{title} expiry for 1 week' + expired_error: 'Sorry, this secret has expired, please contact %{from_email} to extend it for you.' + email_template: + update: + success: 'Successfully updated email template.' + buttons: + update: 'Update' + date: + formats: + dashboard_time: "%m/%d/%y, %l.%M%P" diff --git a/config/routes.rb b/config/routes.rb index 1bbef90..07e6f18 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -1,7 +1,24 @@ Rails.application.routes.draw do - resources :auth_tokens, only: [:show, :new, :create] - resources :secrets, only: [:show, :new, :create, :edit, :update] + devise_for :users, controllers: { + registrations: 'users/registrations', + confirmations: 'users/confirmations', + passwords: 'users/passwords' + } + + get '/', to: 'dashboard#index', as: 'admin_root', constraints: lambda { |request| + request.env['warden'].user.present? + } + + get '/', to: 'pages#home', as: 'root' + + resource :two_factor_auth, only: [:edit, :update], controller: 'two_factor_auth' + resource :email_template, only: [:edit, :update], controller: 'email_template' + resource :user_setup, only: [:edit, :update] + resources :secrets, only: [:show, :new, :create, :edit, :update] do + collection { get :copy } + end resources :decrypted_secrets, only: :create + resources :extended_secrets, only: :update post '/decrypt_secret', to: 'decrypted_secrets#create' @@ -9,10 +26,10 @@ get '/auth/failure', to: 'oauth_callbacks#auth_failure' - get '/auth/new', to: 'auth_tokens#new' - root 'auth_tokens#new' - + get '/home', to: 'pages#home' get '/copyright', to: 'pages#copyright' get '/privacy_policy', to: 'pages#privacy_policy' get '/terms_and_conditions', to: 'pages#terms_and_conditions' + + get 'dashboard' , to: 'dashboard#index' end diff --git a/db/migrate/20190611063450_devise_create_users.rb b/db/migrate/20190611063450_devise_create_users.rb new file mode 100644 index 0000000..2f735e1 --- /dev/null +++ b/db/migrate/20190611063450_devise_create_users.rb @@ -0,0 +1,44 @@ +# frozen_string_literal: true + +class DeviseCreateUsers < ActiveRecord::Migration + def change + create_table :users do |t| + ## Database authenticatable + t.string :email, null: false, default: "" + t.string :encrypted_password, null: false, default: "" + + ## Recoverable + t.string :reset_password_token + t.datetime :reset_password_sent_at + + ## Rememberable + t.datetime :remember_created_at + + ## Trackable + t.integer :sign_in_count, default: 0, null: false + t.datetime :current_sign_in_at + t.datetime :last_sign_in_at + t.inet :current_sign_in_ip + t.inet :last_sign_in_ip + + ## Confirmable + t.string :confirmation_token + t.datetime :confirmed_at + t.datetime :confirmation_sent_at + t.string :unconfirmed_email # Only if using reconfirmable + + ## Lockable + # t.integer :failed_attempts, default: 0, null: false # Only if lock strategy is :failed_attempts + # t.string :unlock_token # Only if unlock strategy is :email or :both + # t.datetime :locked_at + + + t.timestamps null: false + end + + add_index :users, :email, unique: true + add_index :users, :reset_password_token, unique: true + add_index :users, :confirmation_token, unique: true + # add_index :users, :unlock_token, unique: true + end +end diff --git a/db/migrate/20190701235914_add_extended_at_to_secret.rb b/db/migrate/20190701235914_add_extended_at_to_secret.rb new file mode 100644 index 0000000..9c73592 --- /dev/null +++ b/db/migrate/20190701235914_add_extended_at_to_secret.rb @@ -0,0 +1,5 @@ +class AddExtendedAtToSecret < ActiveRecord::Migration + def change + add_column :secrets, :extended_at, :datetime + end +end diff --git a/db/migrate/20190702044234_add_devise_two_factor_to_users.rb b/db/migrate/20190702044234_add_devise_two_factor_to_users.rb new file mode 100644 index 0000000..61fe494 --- /dev/null +++ b/db/migrate/20190702044234_add_devise_two_factor_to_users.rb @@ -0,0 +1,9 @@ +class AddDeviseTwoFactorToUsers < ActiveRecord::Migration + def change + add_column :users, :encrypted_otp_secret, :string + add_column :users, :encrypted_otp_secret_iv, :string + add_column :users, :encrypted_otp_secret_salt, :string + add_column :users, :consumed_timestep, :integer + add_column :users, :otp_required_for_login, :boolean + end +end diff --git a/db/migrate/20190709014931_add_no_email_to_secrets.rb b/db/migrate/20190709014931_add_no_email_to_secrets.rb new file mode 100644 index 0000000..7405698 --- /dev/null +++ b/db/migrate/20190709014931_add_no_email_to_secrets.rb @@ -0,0 +1,5 @@ +class AddNoEmailToSecrets < ActiveRecord::Migration + def change + add_column :secrets, :no_email, :boolean + end +end diff --git a/db/migrate/20190710042019_create_user_settings.rb b/db/migrate/20190710042019_create_user_settings.rb new file mode 100644 index 0000000..bcf390b --- /dev/null +++ b/db/migrate/20190710042019_create_user_settings.rb @@ -0,0 +1,8 @@ +class CreateUserSettings < ActiveRecord::Migration + def change + create_table :user_settings do |t| + t.text :send_secret_email_template + t.belongs_to :user, index: true, foreign_key: true + end + end +end diff --git a/db/migrate/20190711044517_create_activity_logs.rb b/db/migrate/20190711044517_create_activity_logs.rb new file mode 100644 index 0000000..b8b2f53 --- /dev/null +++ b/db/migrate/20190711044517_create_activity_logs.rb @@ -0,0 +1,12 @@ +class CreateActivityLogs < ActiveRecord::Migration + def change + create_table :activity_logs do |t| + t.string :key + t.references :owner, polymorphic: true, index: true + t.references :trackable, polymorphic: true, index: true + t.references :recipient, polymorphic: true, index: true + + t.timestamps null: false + end + end +end diff --git a/db/schema.rb b/db/schema.rb index 4fafe2a..c3a347f 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -11,11 +11,27 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema.define(version: 20170408130142) do +ActiveRecord::Schema.define(version: 20190711044517) do # These are extensions that must be enabled in order to support this database enable_extension "plpgsql" + create_table "activity_logs", force: :cascade do |t| + t.string "key" + t.integer "owner_id" + t.string "owner_type" + t.integer "trackable_id" + t.string "trackable_type" + t.integer "recipient_id" + t.string "recipient_type" + t.datetime "created_at", null: false + t.datetime "updated_at", null: false + end + + add_index "activity_logs", ["owner_type", "owner_id"], name: "index_activity_logs_on_owner_type_and_owner_id", using: :btree + add_index "activity_logs", ["recipient_type", "recipient_id"], name: "index_activity_logs_on_recipient_type_and_recipient_id", using: :btree + add_index "activity_logs", ["trackable_type", "trackable_id"], name: "index_activity_logs_on_trackable_type_and_trackable_id", using: :btree + create_table "auth_tokens", force: :cascade do |t| t.string "email" t.string "hashed_token" @@ -39,6 +55,44 @@ t.datetime "created_at", null: false t.datetime "updated_at", null: false t.string "access_key" + t.datetime "extended_at" + t.boolean "no_email" + end + + create_table "user_settings", force: :cascade do |t| + t.text "send_secret_email_template" + t.integer "user_id" end + add_index "user_settings", ["user_id"], name: "index_user_settings_on_user_id", using: :btree + + create_table "users", force: :cascade do |t| + t.string "email", default: "", null: false + t.string "encrypted_password", default: "", null: false + t.string "reset_password_token" + t.datetime "reset_password_sent_at" + t.datetime "remember_created_at" + t.integer "sign_in_count", default: 0, null: false + t.datetime "current_sign_in_at" + t.datetime "last_sign_in_at" + t.inet "current_sign_in_ip" + t.inet "last_sign_in_ip" + t.string "confirmation_token" + t.datetime "confirmed_at" + t.datetime "confirmation_sent_at" + t.string "unconfirmed_email" + t.datetime "created_at", null: false + t.datetime "updated_at", null: false + t.string "encrypted_otp_secret" + t.string "encrypted_otp_secret_iv" + t.string "encrypted_otp_secret_salt" + t.integer "consumed_timestep" + t.boolean "otp_required_for_login" + end + + add_index "users", ["confirmation_token"], name: "index_users_on_confirmation_token", unique: true, using: :btree + add_index "users", ["email"], name: "index_users_on_email", unique: true, using: :btree + add_index "users", ["reset_password_token"], name: "index_users_on_reset_password_token", unique: true, using: :btree + + add_foreign_key "user_settings", "users" end diff --git a/db/seeds.rb b/db/seeds.rb index 4edb1e8..9e6eac5 100644 --- a/db/seeds.rb +++ b/db/seeds.rb @@ -5,3 +5,75 @@ # # cities = City.create([{ name: 'Chicago' }, { name: 'Copenhagen' }]) # Mayor.create(name: 'Emanuel', city: cities.first) + +if Rails.env.development? + puts "Seeding user with secrets" + user = User.find_or_initialize_by(email: 'user@secretlink.org').tap do |u| + u.password = 'password' + u.password_confirmation = 'password' + u.confirmed_at = Time.current + u.save + end + + secret_key = '3d000ea44a98b640028d6e446ad6e98b' + secrets = [ + { + title: 'Sample Secret', + uuid: '123', + secret_key: secret_key, + from_email: user.email, + to_email: 'recipient@secretlink.org', + secret: 'abc', + comments:'This is a sample secret', + expire_at: Time.current + 10.days + }, + { + title: 'Consumed Secret', + uuid: '456', + secret_key: secret_key, + from_email: user.email, + to_email: 'recipient@secretlink.org', + secret: 'abc', + comments:'This is a consumed secret', + expire_at: Time.current + 10.days, + consumed_at: Time.current + }, + { + title: 'Expired Secret', + uuid: '789', + secret_key: secret_key, + from_email: user.email, + to_email: 'recipient@secretlink.org', + secret: 'abc', + comments:'This is an expired secret', + expire_at: Time.current - 10.days + }, + { + title: 'Expired and Extended Secret', + uuid: '101112', + secret_key: secret_key, + from_email: user.email, + to_email: 'recipient@secretlink.org', + secret: 'abc', + comments:'This is an expired secret', + expire_at: Time.current - 10.days, + extended_at: Time.current - 10.days + } + ] + + secrets.each do |secret| + Secret.find_or_initialize_by(uuid: secret[:uuid]) do |s| + s.title = secret[:title] + s.uuid = secret[:uuid] + s.secret_key = secret[:secret_key] + s.from_email = secret[:from_email] + s.to_email = secret[:to_email] + s.secret = secret[:secret] + s.comments = secret[:comments] + s.expire_at = secret[:expire_at] + s.consumed_at = secret[:consumed_at] + s.extended_at = secret[:extended_at] + s.save! + end + end +end diff --git a/lib/html_to_text_parser.rb b/lib/html_to_text_parser.rb new file mode 100644 index 0000000..a0fc038 --- /dev/null +++ b/lib/html_to_text_parser.rb @@ -0,0 +1,22 @@ +class HTMLToTextParser + attr_accessor :doc + + def initialize(html) + @doc = Nokogiri::HTML(html) + end + + def run + handle_br + convert_to_text + end + + def handle_br + doc.css('br').each do |node| + node.replace(Nokogiri::XML::Text.new("\n #{node.text}", doc)) + end + end + + def convert_to_text + @doc.text + end +end diff --git a/lib/view_builder.rb b/lib/view_builder.rb new file mode 100644 index 0000000..92908dd --- /dev/null +++ b/lib/view_builder.rb @@ -0,0 +1,25 @@ +class ViewBuilder + DEFAULT_DIR = 'app/views' + + attr_accessor :view_path, :view_binding + + def initialize(view_path, view_binding) + @view_path = view_path + @view_binding = view_binding + end + + def run + parse_template(load_template) + end + + private + + def parse_template(template) + ERB.new(template).result(view_binding) + end + + def load_template + path = Rails.root.join(DEFAULT_DIR, view_path) + File.read(path) + end +end diff --git a/spec/factories/secret.rb b/spec/factories/secret.rb new file mode 100644 index 0000000..4794107 --- /dev/null +++ b/spec/factories/secret.rb @@ -0,0 +1,24 @@ +FactoryBot.define do + factory :secret do + uuid { SecureRandom.uuid } + secret_key { SecureRandom.hex(16) } + title { 'Sample Secret' } + from_email { 'someone@secretlink.org' } + to_email { 'user@random.com' } + secret { 'abc' } + comments { 'This is a sample secret' } + expire_at { Time.current + 10.days } + + trait :consumed do + consumed_at { Time.current } + end + + trait :expired do + expire_at { Time.current - 10.days } + end + + trait :extended do + extended_at { Time.current } + end + end +end diff --git a/spec/factories/users.rb b/spec/factories/users.rb new file mode 100644 index 0000000..b2d7b04 --- /dev/null +++ b/spec/factories/users.rb @@ -0,0 +1,39 @@ +FactoryBot.define do + factory :user do + email { 'user@secretlink.org' } + password { 'password' } + password_confirmation { 'password' } + confirmed_at { Time.current } + otp_required_for_login { false } + + trait :unconfirmed do + password { nil } + password_confirmation { nil } + confirmation_token { 'token' } + confirmed_at { nil } + otp_required_for_login { false } + end + + trait :confirmed_without_password do + password { nil } + password_confirmation { nil } + confirmation_token { 'token' } + confirmed_at { nil } + + after :create do |user| + user.update(confirmed_at: Time.current) + end + end + + trait :with_secret do + after :create do |user| + create_list(:secret, 1, user: user) + end + end + + trait :otp_enabled do + otp_required_for_login { true } + otp_secret { User.generate_otp_secret } + end + end +end diff --git a/spec/features/auth_token_spec.rb b/spec/features/auth_token_spec.rb deleted file mode 100644 index 1919a9f..0000000 --- a/spec/features/auth_token_spec.rb +++ /dev/null @@ -1,75 +0,0 @@ -require "rails_helper" - -describe AuthToken do - - let(:from_email) { "from@example.com" } - - it "allows sending a token without javascript support" do - visit root_path - expect(page).to have_content("Share a secret now...") - fill_in "auth_token[email]", with: from_email - expect { - click_button "Send SecretLink.org Token" - }.to change(AuthToken, :count).by(1) - end - - it "generates an auth token", js: true do - visit root_path - expect(page).to have_content("Share a secret now...") - fill_in "auth_token[email]", with: from_email - page.driver.scroll_to(0, 500) - expect { - click_button "Send SecretLink.org Token" - }.to change(AuthToken, :count).by(1) - end - - it "provides a message if a token is invalid" do - visit "/auth_tokens/ijustmadethisup" - expect(page).to have_content("Sorry, we don't know who you are, try sending a new token!") - end - - describe "with an existing auth token saved to the database" do - - let!(:auth_token) { - AuthToken.create( - email: from_email - ) - } - - it "finds the token and deletes it" do - expect { - visit auth_token_path(auth_token.hashed_token) - }.to change(AuthToken.where(hashed_token: auth_token.hashed_token), :count).by(-1) - end - - it "redirects to the new secret page with the sender's address filled in" do - visit auth_token_path(auth_token.hashed_token) - expect(current_path).to eq(new_secret_path) - expect(find("#secret_from_email").value).to eq(from_email) - end - - end - - describe "trying to create an auth token from a non approved domain" do - - let!(:auth_token) { - AuthToken.create( - email: from_email - ) - } - - it "finds the token and deletes it" do - expect { - visit auth_token_path(auth_token.hashed_token) - }.to change(AuthToken.where(hashed_token: auth_token.hashed_token), :count).by(-1) - end - - it "redirects to the new secret page with the sender's address filled in" do - visit auth_token_path(auth_token.hashed_token) - expect(current_path).to eq(new_secret_path) - expect(find("#secret_from_email").value).to eq(from_email) - end - - end - -end diff --git a/spec/features/closed_system_spec.rb b/spec/features/closed_system_spec.rb index 7521e5d..8fa5986 100644 --- a/spec/features/closed_system_spec.rb +++ b/spec/features/closed_system_spec.rb @@ -2,7 +2,7 @@ describe "Generating auth tokens on a closed system" do - let(:from_email) { "from@example.com" } + let(:user) { create :user, email: "user@example.com" } let(:authorised_domain) { "example.com" } before(:each) do @@ -11,8 +11,8 @@ allow(Rails.configuration).to \ receive(:topsekrit_authorised_domain).and_return(authorised_domain) - auth_token = AuthToken.create!(email: from_email) - visit auth_token_path(auth_token.hashed_token) + login_as(user) + visit new_secret_path fill_in "Title", with: "Super Secret" fill_in "Recipient", with: to_email @@ -46,4 +46,4 @@ end -end \ No newline at end of file +end diff --git a/spec/features/extending_secret_spec.rb b/spec/features/extending_secret_spec.rb new file mode 100644 index 0000000..c3032ff --- /dev/null +++ b/spec/features/extending_secret_spec.rb @@ -0,0 +1,81 @@ +require 'rails_helper' + +describe 'Extending secret' do + let!(:user) { create :user } + let!(:secret) { create :secret, title: 'Valid Secret', user: user } + let!(:extended_secret) { create :secret, :extended, title: 'Extended Secret', user: user } + let!(:consumed_secret) { create :secret, :consumed, title: 'Consumed Secret', user: user } + let!(:expired_secret) { create :secret, :expired, title: 'Expired Secret', user: user } + let!(:expired_and_extended) { create :secret, :expired, :extended, title: 'Expired and Extended', user: user } + + before do + login_as(user) + visit dashboard_path + end + + it 'shows the correct label for secrets' do + within(:css, "##{secret.id}.secret-item") do + expect(page).to have_content(secret.title) + expect(page).to_not have_content('Extended') + expect(page).to_not have_content('Viewed and Deleted') + expect(page).to_not have_css('.extend-btn') + end + end + + it 'shows the correct label for consumed secrets' do + within(:css, "##{consumed_secret.id}.secret-item") do + expect(page).to have_content(consumed_secret.title) + expect(page).to have_content('Viewed and Deleted') + expect(page).to_not have_content('Extended') + expect(page).to_not have_css('.extend-btn') + end + end + + it 'shows the extend button for expired secrets' do + within(:css, "##{expired_secret.id}.secret-item") do + expect(page).to have_content(expired_secret.title) + expect(page).to have_css('.extend-btn') + expect(page).to_not have_content('Viewed and Deleted') + expect(page).to_not have_content('Extended') + end + end + + it 'shows the correct label for expired and extended secrets' do + within(:css, "##{expired_and_extended.id}.secret-item") do + expect(page).to have_content(expired_and_extended.title) + expect(page).to have_content('Extended') + expect(page).to_not have_content('Viewed and Deleted') + expect(page).to_not have_css('.extend-btn') + end + end + + describe 'successful' do + before do + Timecop.freeze + + within(:css, "##{expired_secret.id}.secret-item") do + expect(page).to have_content('Expired Secret') + click_on 'Extend' + end + end + + after { Timecop.return } + + it 'allows to extend expiry of unconsumed and expired secret' do + expect(page).to have_content(I18n.t('secrets.extended_expiry', title: expired_secret.title)) + expect(expired_secret.reload.expire_at).to eq Time.current + 1.week + end + + it 'sets the extended_at column' do + expect(expired_secret.reload.extended_at).to eq Time.current + end + + it 'logs the activity' do + log = ActivityLog.last + + expect(log.owner).to eq user + expect(log.key).to eq 'extended' + expect(log.trackable).to eq expired_secret + end + end +end diff --git a/spec/features/limited_system_spec.rb b/spec/features/limited_system_spec.rb deleted file mode 100644 index ec4ba4e..0000000 --- a/spec/features/limited_system_spec.rb +++ /dev/null @@ -1,67 +0,0 @@ -require "rails_helper" - -describe "Generating auth tokens on a limited system" do - - let(:from_email) { "from@example.com" } - let(:disapproved_email) { "from@example.org" } - let(:authorised_domain) { "example.com" } - - before(:each) do - allow(Rails.configuration).to \ - receive(:topsekrit_authorisation_setting).and_return(:limited) - - allow(Rails.configuration).to \ - receive(:topsekrit_authorised_domain).and_return(authorised_domain) - - allow_any_instance_of(AuthToken).to receive(:notify).and_return(true) - - visit new_auth_token_path - end - - context "using an approved email domain" do - - it "generates an auth token without javascript" do - visit root_path - expect(page).to have_content("Share a secret now...") - fill_in "auth_token[email]", with: from_email - expect { - click_button "Send SecretLink.org Token" - }.to change(AuthToken, :count).by(1) - end - - it "generates an auth token with javascript", js: true do - visit root_path - expect(page).to have_content("Share a secret now...") - fill_in "auth_token[email]", with: from_email - page.driver.scroll_to(0, 500) - expect { - click_button "Send SecretLink.org Token" - }.to change(AuthToken, :count).by(1) - end - end - - context "trying to use a disapproved email domain" do - - it "returns an error without javascript" do - visit root_path - expect(page).to have_content("Share a secret now...") - fill_in "auth_token[email]", with: disapproved_email - expect { - click_button "Send SecretLink.org Token" - }.to_not change(AuthToken, :count) - expect(page).to have_content("Only email addresses from #{authorised_domain} are authorised to create secrets") - end - - it "returns an error with javascript", js: true do - visit root_path - expect(page).to have_content("Share a secret now...") - fill_in "auth_token[email]", with: disapproved_email - page.driver.scroll_to(0, 500) - expect { - click_button "Send SecretLink.org Token" - }.to_not change(AuthToken, :count) - expect(page).to have_content("Only email addresses from #{authorised_domain} are authorised to create secrets") - end - end - -end diff --git a/spec/features/oauth_feature_spec.rb b/spec/features/oauth_feature_spec.rb index 0d2bd6b..4c48ee8 100644 --- a/spec/features/oauth_feature_spec.rb +++ b/spec/features/oauth_feature_spec.rb @@ -2,49 +2,128 @@ describe 'oauth via google' do - before do - OmniAuth.config.test_mode = true - end + before { OmniAuth.config.test_mode = true } + after { OmniAuth.config.mock_auth[:google_oauth2] = nil } - after do - OmniAuth.config.mock_auth[:google_oauth2] = nil - end + let!(:info) { { first_name: 'John', last_name: 'Smith', email: 'a@google.com' } } describe 'successful auth' do + before do + OmniAuth.config.add_mock(:google_oauth2, info: info) + + visit root_path + find('a#oauth-google').click + end + + it 'creates a confirmed user without password' do + user = User.find_by(email: info[:email]) + + expect(user).to_not be_nil + expect(user.encrypted_password).to be_blank + expect(user.confirmed_at).to_not be_nil + end + + it 'redirects to password update page' do + expect(page).to have_content I18n.t('devise.confirmations.confirmed') + expect(page).to have_content 'Setup login credentials' + end + end + + describe 'user is already in the system but unconfirmed' do + let!(:user) { create :user, :unconfirmed, email: info[:email] } before do - OmniAuth.config.add_mock(:google_oauth2, - info: { first_name: 'John', last_name: 'Smith', email: 'a@google.com' } - ) + OmniAuth.config.add_mock(:google_oauth2, info: info) + visit root_path + find('a#oauth-google').click end - it 'signs me in' do - visit new_auth_token_path + it 'confirms the user' do + expect(user.reload.confirmed_at).to_not be_nil + end + + it 'redirects user to enter password' do + expect(page).to have_content('Setup login credentials') + + fill_in 'user[password]', with: 'password' + fill_in 'user[password_confirmation]', with: 'password' + click_on 'Save' + + expect(page).to have_content I18n.t('welcome') + expect(page).to have_content 'Create a new secret to send' + expect(user.reload.encrypted_password).to_not be_blank + end + end + + describe 'user is already in the system but failed to set password' do + let!(:user) { create :user, :confirmed_without_password, email: info[:email] } + + before do + OmniAuth.config.add_mock(:google_oauth2, info: info) + visit root_path find('a#oauth-google').click - expect(page).to have_content('Authenticated as "a@google.com" via google') end + it 'redirects user to enter password' do + expect(page).to have_content('Setup login credentials') + + fill_in 'user[password]', with: 'password' + fill_in 'user[password_confirmation]', with: 'password' + click_on 'Save' + + expect(page).to have_content I18n.t('welcome') + expect(page).to have_content 'Create a new secret to send' + expect(user.reload.encrypted_password).to_not be_blank + end end describe 'unsuccessful auth' do - let!(:previous_logger) { OmniAuth.config.logger } - before do - OmniAuth.config.mock_auth[:google_oauth2] = :invalid_credentials - OmniAuth.config.logger = Logger.new("/dev/null") + context 'user is already registered' do + let!(:existing_user) { create :user, email: info[:email] } + before { OmniAuth.config.add_mock(:google_oauth2, info: info) } + + it 'redirects to login page' do + visit root_path + find('a#oauth-google').click + + expect(page).to have_content I18n.t('oauth.already_registered') + expect(page).to have_current_path(user_session_path) + end end - it 'does not sign me in' do - visit new_auth_token_path - find('a#oauth-google').click - expect(page).to have_content('Authentication failed') + context 'google failed to authenticate' do + before do + OmniAuth.config.mock_auth[:google_oauth2] = :invalid_credentials + OmniAuth.config.logger = Logger.new("/dev/null") + end + + it 'does not register the user' do + visit root_path + find('a#oauth-google').click + + expect(User.count).to eq 0 + expect(page).to have_content I18n.t('oauth.failed') + end + + after { OmniAuth.config.logger = previous_logger } end - after do - OmniAuth.config.logger = previous_logger + context 'system is closed and user is not authorised' do + before do + configure_authorisation(:closed, 'strict.com') + OmniAuth.config.add_mock(:google_oauth2, info: info) + end + + it 'does not register the user' do + visit root_path + find('a#oauth-google').click + + expect(User.count).to eq 0 + expect(page).to have_content I18n.t('field_errors.unauthorised') + end end end - -end \ No newline at end of file +end diff --git a/spec/features/sending_another_secret_spec.rb b/spec/features/sending_another_secret_spec.rb new file mode 100644 index 0000000..fa9dba6 --- /dev/null +++ b/spec/features/sending_another_secret_spec.rb @@ -0,0 +1,23 @@ +require 'rails_helper' + +describe 'Sending another secret' do + let!(:user) { create :user } + let!(:secret) { create :secret, user: user } + + before do + login_as(user) + visit dashboard_path + click_on "Send\u00a0Another" + end + + it 'navigates to new secret page' do + expect(page).to have_current_path(new_secret_path(base_id: secret.uuid)) + end + + it 'copies details of old secrets' do + expect(page).to have_selector("input[value='#{secret.title}']") + expect(page).to have_selector("input[value='#{secret.from_email}']") + expect(page).to have_selector("input[value='#{secret.to_email}']") + expect(page).to have_content(secret.comments) + end +end diff --git a/spec/features/sending_secret_spec.rb b/spec/features/sending_secret_spec.rb index aa29d75..6a4e5d0 100644 --- a/spec/features/sending_secret_spec.rb +++ b/spec/features/sending_secret_spec.rb @@ -2,36 +2,27 @@ describe "Sending a secret" do + let(:user) { create :user } let(:to_email) { "to@example.com" } - let(:from_email) { "from@example.com" } - - before(:each) do - allow_any_instance_of(AuthToken).to receive(:notify).and_return(true) - end describe "creating a secret" do - - let(:auth_token_params) { { email: from_email } } - let!(:auth_token) { - AuthTokenService.generate(auth_token_params) - AuthToken.where(email: from_email).first - } let(:secret) { Secret.last } before do - visit auth_token_path(auth_token.hashed_token) + login_as(user) + visit new_secret_path fill_in "Title", with: "Super Secret" fill_in "Recipient", with: to_email fill_in "Secret", with: "AbC123" fill_in "Comments", with: "Some super secret info" fill_in "Expire at", with: (Time.current + 1.day).strftime("%d %B, %Y") click_button "Send your Secret" - expect(current_path).to eql(new_secret_path) + expect(current_path).to eql(dashboard_path) end it "allows a secret to be created" do expect(secret.title).to eq("Super Secret") - expect(secret.from_email).to eq(from_email) + expect(secret.from_email).to eq(user.email) expect(secret.to_email).to eq(to_email) expect(secret.comments).to eq("Some super secret info") expect(secret.expire_at).to eq((Date.current + 1).strftime("%Y-%m-%d")) @@ -41,7 +32,7 @@ it "sends an email to the recipient" do email = ActionMailer::Base.deliveries.last expect(email.to).to eq([to_email]) - expect(email.reply_to).to eq([from_email]) + expect(email.reply_to).to eq([user.email]) expect(email.subject).to eq("SecretLink.org: A secret has been shared with you - Reference #{Secret.last.uuid}") expect(email.from).to eq(["info@SecretLink.org"]) expect(email.to_s).to match("This link will show you the secret:") @@ -56,14 +47,21 @@ expect(secret.secret_key).to be_nil end - it "allows oauth to authenticate when creating a secret" + it "logs the activity" do + log = ActivityLog.last + expect(log.owner).to eq user + expect(log.key).to eq 'created' + expect(log.trackable).to eq secret + end + + it "allows oauth to authenticate when creating a secret" end describe "accessing a secret" do let!(:secret) { - SecretService.encrypt_new_secret({from_email: from_email, + SecretService.encrypt_new_secret({from_email: user.email, to_email: to_email, secret: "Super Secret Message", expire_at: Time.current + 7.days}) @@ -88,6 +86,13 @@ expect(Secret.find(secret.id).encrypted_secret).to_not be_nil end + it "shows the user a link to registration" do + expect(page).to have_content("Start sending your secret. Register Here") + + click_on "Register Here" + expect(page).to have_current_path(new_user_registration_path) + end + it "retrieves and decrypts the secret" do click_button "Click here to show the secret" expect(page).to have_content("Super Secret Message") @@ -109,32 +114,74 @@ click_button "Click here to show the secret" expect(page).to have_content("Super Secret Message") email = ActionMailer::Base.deliveries.last - expect(email.to).to eq([from_email]) + expect(email.to).to eq([user.email]) expect(email.reply_to).to eq([to_email]) expect(email.subject).to eq("Your secret was consumed on SecretLink.org - Reference #{Secret.last.uuid}") expect(email.from).to eq(["info@SecretLink.org"]) - expect(email.text_part.to_s).to match("from@example.com") + expect(email.text_part.to_s).to match(user.email) expect(email.text_part.to_s).to match("The encrypted information has now been deleted from the database") end + it "logs the activity" do + click_button "Click here to show the secret" + expect(page).to have_content("Super Secret Message") + + first, second = ActivityLog.last(2) + + expect(first.owner).to eq user + expect(first.key).to eq 'consumed' + expect(first.trackable).to eq secret + + expect(second.owner).to eq user + expect(second.key).to eq 'deleted' + expect(second.trackable).to eq secret + end + end describe "trying to access an expired secret" do let!(:secret) { - SecretService.encrypt_new_secret({from_email: from_email, + SecretService.encrypt_new_secret({from_email: user.email, to_email: to_email, secret: "Super Secret Message", - expire_at: Time.now - 1}) + expire_at: Time.current - 1}) } let!(:link_to_secret) { ActionMailer::Base.deliveries.last.text_part.to_s.match(/http[\S]+/)} # Even if the expired secret worker isn't working the secret shouldn't be accessible it "informs the secret is expired and ensures the encrypted secret is removed" do visit link_to_secret - expect(page).to have_content("Sorry, that secret has expired, please ask the person who sent it to you to send it again.") + expect(page).to have_content I18n.t('secrets.expired_error', from_email: secret.from_email) expect(page).to_not have_content("Super Secret Message") end end + + describe 'creating secret without sending an email', js: true do + let(:secret) { Secret.last } + + before do + login_as(user) + visit new_secret_path + fill_in "Title", with: "Super Secret" + check("Copy the link (don't send email)") + fill_in "Secret", with: "AbC123" + fill_in "Comments", with: "Some super secret info" + end + + it 'redirects to copy page' do + click_button "Send your Secret" + + expect(page).to have_current_path(copy_secrets_path) + expect(page).to have_content I18n.t('secrets.create.success.without_email') + expect(page).to have_content('Copy Link') + expect(page).to have_content(/\/secrets\/#{secret.uuid}\?key=\w+/) + end + + it 'does not send an email' do + expect { click_button "Send your Secret" } + .to_not change { ActionMailer::Base.deliveries.count } + end + end end diff --git a/spec/features/two_factor_auth_setup_spec.rb b/spec/features/two_factor_auth_setup_spec.rb new file mode 100644 index 0000000..809272e --- /dev/null +++ b/spec/features/two_factor_auth_setup_spec.rb @@ -0,0 +1,77 @@ +require 'rails_helper' + +describe 'Two Factor Auth Setup', js: true do + describe 'enable' do + let!(:user) { create :user, :with_secret } + + before do + login_as(user) + visit edit_two_factor_auth_path + end + + context 'successful' do + it 'enable users two factor authentication' do + expect(page).to_not have_css("img.qrcode") + + check('Enable two factor authentication') + expect(page).to have_css("img.qrcode") + fill_in 'user[otp_attempt]', with: user.current_otp + fill_in 'user[current_password]', with: 'password' + click_on 'Save Settings' + + expect(page).to have_content I18n.t('two_factor.update_success', verb: 'enabled') + expect(user.reload.otp_required_for_login).to be true + end + end + + context 'failed' do + it 'does not enable two factor authentication' do + expect(page).to_not have_css("img.qrcode") + + check('Enable two factor authentication') + expect(page).to have_css("img.qrcode") + fill_in 'user[otp_attempt]', with: user.current_otp + fill_in 'user[current_password]', with: 'wrong password' + click_on 'Save Settings' + + expect(page).to have_content I18n.t('two_factor.update_failed') + expect(user.reload.otp_required_for_login).to be false + end + end + end + + describe 'disable' do + let!(:user) { create :user, :otp_enabled, :with_secret } + + before do + login_as(user) + visit edit_two_factor_auth_path + end + + context 'successful' do + it 'disables users two factor authentication' do + expect(page).to have_content('Use the form to connect a new device') + + uncheck('Enable two factor authentication') + fill_in 'user[current_password]', with: 'password' + click_on 'Save Settings' + + expect(page).to have_content I18n.t('two_factor.update_success', verb: 'disabled') + expect(user.reload.otp_required_for_login).to be false + end + end + + context 'failed' do + it 'does not enable users two factor authentication' do + expect(page).to have_content('Use the form to connect a new device') + + uncheck('Enable two factor authentication') + fill_in 'user[current_password]', with: 'wrong password' + click_on 'Save Settings' + + expect(page).to have_content I18n.t('two_factor.update_failed') + expect(user.reload.otp_required_for_login).to be true + end + end + end +end diff --git a/spec/features/updating_email_template_spec.rb b/spec/features/updating_email_template_spec.rb new file mode 100644 index 0000000..03ba9bc --- /dev/null +++ b/spec/features/updating_email_template_spec.rb @@ -0,0 +1,49 @@ +require 'rails_helper' + +describe 'Updating email template', js: true do + let!(:user) { create :user } + + before do + login_as(user) + visit edit_email_template_path + end + + describe 'successfully' do + it 'updates the default email template' do + expect(page).to have_content('Email Template') + + editor = find('trix-editor') + editor.assert_text("#{user.email} has shared a secret with you via SecretLink.org") + + editor.click.set('Edited email template') + click_on I18n.t('buttons.update') + + expect(page).to have_content I18n.t('email_template.update.success') + expect(user.settings.reload.send_secret_email_template).to match /Edited email template./ + end + end + + describe 'Sending with updated email template' do + let(:user) { create :user } + let(:to_email) { "to@example.com" } + + before do + user.settings.update!(send_secret_email_template: 'Updated email template.') + + login_as(user) + visit new_secret_path + fill_in "Title", with: "Super Secret" + fill_in "Recipient", with: to_email + fill_in "Secret", with: "AbC123" + fill_in "Comments", with: "Some super secret info" + fill_in "Expire at", with: (Time.current + 1.day).strftime("%d %B, %Y") + click_button "Send your Secret" + end + + it 'is sent with the secret message' do + mail = ActionMailer::Base.deliveries.last + expect(mail.html_part.body.to_s).to match(/Updated email template./) + expect(mail.text_part.body.to_s).to match(/Updated email template./) + end + end +end diff --git a/spec/features/user_confirmation_spec.rb b/spec/features/user_confirmation_spec.rb new file mode 100644 index 0000000..22600ed --- /dev/null +++ b/spec/features/user_confirmation_spec.rb @@ -0,0 +1,103 @@ +require 'rails_helper' + +describe 'User confirmation', js: true do + let!(:user) { create :user, :unconfirmed } + let!(:otp_secret) { "jk5ap26gyp255cmseomnttmm" } + + before do + user.otp_secret = otp_secret + allow(User).to receive(:generate_otp_secret).and_return(otp_secret) + + visit user_confirmation_path(confirmation_token: user.confirmation_token) + end + + describe 'successful' do + it 'confirms the user' do + expect(page).to have_content I18n.t('devise.confirmations.confirmed') + expect(user.reload.confirmed_at).to_not be_nil + end + + it 'asks the user to set the password' do + expect(page).to have_content('Setup login credentials') + expect(user.encrypted_password).to be_blank + + fill_in 'user[password]', with: 'password' + fill_in 'user[password_confirmation]', with: 'password' + click_on 'Save' + + expect(page).to have_content I18n.t('welcome') + expect(page).to have_content 'Create a new secret to send' + + expect(user.reload.encrypted_password).to_not be_blank + end + + it 'allows the user to enable 2FA' do + expect(page).to have_content('Setup login credentials') + expect(user.encrypted_password).to be_blank + expect(user.otp_required_for_login).to be false + + fill_in 'user[password]', with: 'password' + fill_in 'user[password_confirmation]', with: 'password' + + check('Enable two factor authentication') + expect(page).to have_content('Enable two factor authentication') + fill_in 'user[otp_attempt]', with: user.current_otp + + click_on 'Save' + + expect(page).to have_content I18n.t('welcome') + expect(page).to have_content 'Create a new secret to send' + user.reload + + expect(user.encrypted_password).to_not be_blank + expect(user.otp_required_for_login).to be true + end + end + + describe 'token is nonexistent' do + it 'shows error' do + visit user_confirmation_path(confirmation_token: 'nonexistent') + expect(page).to have_content 'Confirmation token is invalid' + end + end + + describe 'password does not match' do + it 'it fails to update and shows errors' do + expect(page).to have_content('Setup login credentials') + expect(user.encrypted_password).to be_blank + expect(user.otp_required_for_login).to be false + + fill_in 'user[password]', with: 'password' + fill_in 'user[password_confirmation]', with: 'wrong password' + + check('Enable two factor authentication') + expect(page).to have_content('Enable two factor authentication') + fill_in 'user[otp_attempt]', with: user.current_otp + click_on 'Save' + + expect(page).to have_content "password doesn't match" + expect(user.reload.encrypted_password).to be_blank + expect(user.reload.otp_required_for_login).to be false + end + end + + describe 'otp is wrong' do + it 'it fails to update and shows errors' do + expect(page).to have_content('Setup login credentials') + expect(user.encrypted_password).to be_blank + expect(user.otp_required_for_login).to be false + + fill_in 'user[password]', with: 'password' + fill_in 'user[password_confirmation]', with: 'password' + + check('Enable two factor authentication') + expect(page).to have_content('Enable two factor authentication') + fill_in 'user[otp_attempt]', with: 'wrong otp' + click_on 'Save' + + expect(page).to have_content "is invalid" + expect(user.reload.encrypted_password).to be_blank + expect(user.reload.otp_required_for_login).to be false + end + end +end diff --git a/spec/features/user_registration_spec.rb b/spec/features/user_registration_spec.rb new file mode 100644 index 0000000..c77a019 --- /dev/null +++ b/spec/features/user_registration_spec.rb @@ -0,0 +1,110 @@ +require 'rails_helper' + +describe 'User registration with email' do + before { configure_authorisation(:open) } + + describe 'successful' do + let(:email) { "user@secretlink.org" } + + before do + visit root_path + fill_in "user[email]", with: email + end + + it 'creates an unconfirmed user' do + expect { click_on "Register" }.to change { User.count }.by(1) + + user = User.last + expect(user.email).to eq email + expect(user.confirmation_token).to_not be_nil + expect(user.confirmed_at).to be_nil + end + + it 'shows a confirmation message' do + click_on "Register" + expect(page).to have_content I18n.t('devise.registrations.signed_up_but_unconfirmed') + end + + it 'sends a confirmation email' do + click_on "Register" + + mail = ActionMailer::Base.deliveries.last + expect(mail.to).to match_array([email]) + expect(mail.subject).to eq "Confirmation instructions" + end + end + + describe 'user is already in the system but unconfirmed' do + let!(:email) { 'user@secretlink.org' } + let!(:user) { create :user, :unconfirmed, email: email } + + before do + visit root_path + fill_in 'user[email]', with: email + end + + it 'resends a confirmation email' do + expect { click_on 'Register' }.to_not change { User.count } + expect(page).to have_content I18n.t('devise.registrations.signed_up_but_unconfirmed') + + mail = ActionMailer::Base.deliveries.last + expect(mail.to).to match_array([email]) + expect(mail.subject).to eq 'Confirmation instructions' + end + end + + describe 'user is already in the system but failed to set password' do + let!(:email) { 'user@secretlink.org' } + let!(:user) { create :user, :confirmed_without_password, email: email } + + before do + visit root_path + fill_in 'user[email]', with: email + end + + it 'resends a password reset email' do + expect { click_on 'Register' }.to_not change { User.count } + expect(page).to have_content I18n.t('devise.registrations.signed_up_confirmed_without_password') + + mail = ActionMailer::Base.deliveries.last + expect(mail.to).to match_array([email]) + expect(mail.subject).to eq 'Reset password instructions' + end + end + + describe 'unsuccessful' do + let (:invalid_email) { "invalidemail" } + + it 'does not create a user' do + visit root_path + + expect(page).to have_content("Register") + fill_in "user[email]", with: invalid_email + + expect { click_on "Register" }.to_not change { User.count } + end + end + + context 'system is limited/closed' do + let!(:authorised_email) { 'authorised@secretlink.org' } + let!(:unauthorised_email) { 'unauthorised@domain.com' } + let!(:domain) { "secretlink.org" } + + before do + configure_authorisation(:closed, domain) + visit root_path + end + + it 'allows emails with authorised domain' do + fill_in "user[email]", with: authorised_email + expect { click_on "Register" }.to change { User.count }.by(1) + end + + it 'does not allow emails with unauthorised domains' do + fill_in "user[email]", with: unauthorised_email + expect { click_on "Register" }.to_not change { User.count } + expect(page).to have_content I18n.t('field_errors.unauthorised') + end + end + +end diff --git a/spec/features/user_session_spec.rb b/spec/features/user_session_spec.rb new file mode 100644 index 0000000..5c679d4 --- /dev/null +++ b/spec/features/user_session_spec.rb @@ -0,0 +1,64 @@ +require 'rails_helper' +describe 'User session' do + describe 'without otp' do + let(:user) { create :user, :with_secret } + + before do + visit new_user_session_path + end + + context 'successful' do + it 'signs in the user' do + fill_in "Email", with: user.email + fill_in "Password", with: user.password + click_button "Sign In" + + expect(page).to have_content(I18n.t('devise.sessions.signed_in')) + expect(page).to have_current_path(root_path) + end + end + + context 'failed' do + it 'does not sign in the user' do + fill_in "Email", with: user.email + fill_in "Password", with: "wrong password" + click_button "Sign In" + + expect(page).to have_content(I18n.t('devise.failure.invalid', authentication_keys: 'Email')) + expect(page).to have_current_path(new_user_session_path) + end + end + end + + describe 'with otp' do + let(:user) { create :user, :otp_enabled, :with_secret } + + before do + visit new_user_session_path + end + + context 'successful' do + it 'signs in the user' do + fill_in "Email", with: user.email + fill_in "Password", with: user.password + fill_in "user[otp_attempt]", with: user.current_otp + click_button "Sign In" + + expect(page).to have_content(I18n.t('devise.sessions.signed_in')) + expect(page).to have_current_path(root_path) + end + end + + context 'failed' do + it 'does not sign in the user' do + fill_in "Email", with: user.email + fill_in "Password", with: user.password + fill_in "user[otp_attempt]", with: 'wrong otp' + click_button "Sign In" + + expect(page).to have_content(I18n.t('devise.failure.invalid', authentication_keys: 'Email')) + expect(page).to have_current_path(new_user_session_path) + end + end + end +end diff --git a/spec/features/viewing_dashboard_spec.rb b/spec/features/viewing_dashboard_spec.rb new file mode 100644 index 0000000..d707d5e --- /dev/null +++ b/spec/features/viewing_dashboard_spec.rb @@ -0,0 +1,70 @@ +require 'rails_helper' + +describe 'Viewing Dashboard' do + let!(:user) { create :user } + let!(:dashboard_time_format) { I18n.t('date.formats.dashboard_time') } + + before do + login_as(user) + Timecop.freeze + end + + after { Timecop.return } + + context 'user has not sent a secret yet' do + it 'redirects to secrets_new_path' do + visit dashboard_path + expect(page).to have_current_path(new_secret_path) + expect(page).to have_content('Create a new secret') + expect(page).to have_content(I18n.t('welcome')) + end + end + + context 'user has already sent his first secret' do + let!(:secret) { create :secret, user: user } + let!(:consumed_secret) { + create :secret, :consumed, + to_email: 'activeuser@random.com', + title: 'Consumed Secret', + comments: 'This is a consumed secret', + user: user + } + + before do + visit dashboard_path + end + + it 'displays the unconsumed secret' do + within(:css, "##{secret.id}.secret-item") do + expect(page).to have_content('Sample Secret') + expect(page).to have_content(user.email) + expect(page).to have_content('user@random.com') + expect(page).to have_content("Sent: #{secret.created_at.strftime(dashboard_time_format)}") + expect(page).to have_content('Not viewed:') + expect(page).to have_content("expiry: #{secret.expire_at.strftime(dashboard_time_format)}") + + find('.notes-trigger').click + expect(page).to have_content('This is a sample secret') + end + end + + it 'displays the consumed secret' do + within(:css, "##{consumed_secret.id}.secret-item") do + expect(page).to have_content('Consumed Secret') + expect(page).to have_content(user.email) + expect(page).to have_content('activeuser@random.com') + expect(page).to have_content("Sent: #{consumed_secret.created_at.strftime(dashboard_time_format)}") + expect(page).to have_content("Viewed: #{consumed_secret.consumed_at.strftime(dashboard_time_format)}") + + find('.notes-trigger').click + expect(page).to have_content('This is a consumed secret') + end + end + + it 'has a link to create new secret' do + click_on 'Create New' + expect(page).to have_current_path(new_secret_path) + expect(page).to have_content('Create a new secret') + end + end +end diff --git a/spec/features/viewing_settings_spec.rb b/spec/features/viewing_settings_spec.rb new file mode 100644 index 0000000..b617aea --- /dev/null +++ b/spec/features/viewing_settings_spec.rb @@ -0,0 +1,18 @@ +require 'rails_helper' + +describe 'Viewing settings spec', js: true do + let!(:user) { create :user } + + before do + login_as(user) + visit dashboard_path + end + + it 'shows the account settings page' do + click_on 'Account' + click_on 'Settings' + + expect(page).to have_content('Account Settings') + expect(page).to have_link(nil, href: edit_two_factor_auth_path) + end +end diff --git a/spec/lib/html_to_text_parser_spec.rb b/spec/lib/html_to_text_parser_spec.rb new file mode 100644 index 0000000..71b0792 --- /dev/null +++ b/spec/lib/html_to_text_parser_spec.rb @@ -0,0 +1,10 @@ +require "rails_helper" + +describe HTMLToTextParser do + let!(:html) { "
First line.
Second line.
" } + let!(:parser) { HTMLToTextParser.new html } + + it "converts html to text" do + expect(parser.run).to eq "First line.\n Second line." + end +end diff --git a/spec/lib/view_builder_spec.rb b/spec/lib/view_builder_spec.rb new file mode 100644 index 0000000..3e2eaf4 --- /dev/null +++ b/spec/lib/view_builder_spec.rb @@ -0,0 +1,22 @@ +require "rails_helper" + +class SampleContext + attr_accessor :user + def initialize + @user = User.new(email: 'user@test.com' ) + end +end + +describe ViewBuilder do + let!(:template) { 'sample_template.html.erb' } + let!(:context) { SampleContext.new } + + before { ViewBuilder::DEFAULT_DIR = 'spec/support' } + after { ViewBuilder::DEFAULT_DIR = 'app/views' } + + it "loads the template and converts to string" do + view = ViewBuilder.new(template, context.instance_eval { binding }).run + expect(view).to match(/This is a sample template/) + expect(view).to match(/This depends on a user user@test.com/) + end +end diff --git a/spec/models/activity_log_spec.rb b/spec/models/activity_log_spec.rb new file mode 100644 index 0000000..6522f17 --- /dev/null +++ b/spec/models/activity_log_spec.rb @@ -0,0 +1,23 @@ +require 'rails_helper' + +describe ActivityLog do + describe 'validations' do + let!(:trackable) { create :secret } + + it 'validates presence of key, owner, trackable' do + log = ActivityLog.new + + expect(log).to_not be_valid + expect(log.errors.messages[:key]).to include "can't be blank" + expect(log.errors.messages[:owner]).to include "can't be blank" + expect(log.errors.messages[:trackable]).to include "can't be blank" + end + + it 'validates for the key based on trackable' do + log = ActivityLog.new(key: 'wrong key', trackable: trackable) + + expect(log).to_not be_valid + expect(log.errors.messages[:key]).to include "is invalid" + end + end +end diff --git a/spec/models/auth_token_spec.rb b/spec/models/auth_token_spec.rb index ff054ff..f050bb1 100644 --- a/spec/models/auth_token_spec.rb +++ b/spec/models/auth_token_spec.rb @@ -24,22 +24,6 @@ end - describe '#notify' do - - let!(:auth_token) { AuthToken.create!(email: from_email) } - - before do - auth_token.notify - end - - let(:email) { ActionMailer::Base.deliveries.last } - - it 'sends an email to the recipient with a link auth link' do - expect(email.to).to eq([from_email]) - expect(email.to_s).to match(/http:\/\/localhost:3000\/auth_tokens\/\S+/) - end - end - describe '#email_domain_authorised' do let(:auth_token) { AuthToken.new(email: from_email) } diff --git a/spec/models/secret_spec.rb b/spec/models/secret_spec.rb index c3f18af..48c92cb 100644 --- a/spec/models/secret_spec.rb +++ b/spec/models/secret_spec.rb @@ -5,7 +5,7 @@ describe "#expired?" do let!(:secret) { SecretService.encrypt_new_secret({from_email: 'a@a.com', to_email: 'b@b.com', - secret: 'cdefg', expire_at: Time.now - 7.days}) + secret: 'cdefg', expire_at: Time.current - 7.days}) } it 'is true if the expiry date is in the past' do @@ -13,7 +13,7 @@ end it 'is false if the expiry is in the future' do - secret.update_attributes(expire_at: Time.now + 2.days) + secret.update_attributes(expire_at: Time.current + 2.days) expect(secret.expired?).to be(false) end @@ -27,7 +27,7 @@ describe '#expire_at_within_limit' do let(:secret) { SecretService.encrypt_new_secret({from_email: 'a@a.com', to_email: 'b@b.com', - secret: 'cdefg', expire_at: Time.now + 7.days}) + secret: 'cdefg', expire_at: Time.current + 7.days}) } before do @@ -38,7 +38,7 @@ it 'does not allow secrets with a longer expiry than specified in the config' do expect(secret).to_not be_valid expect(secret.errors[:expire_at]).to eq([ - "Maximum expiry allowed is #{(Time.now + 6.days).strftime('%d %B %Y')}" + "Maximum expiry allowed is #{(Time.current + 6.days).strftime('%d %B %Y')}" ]) end @@ -51,7 +51,7 @@ secret.expire_at = nil expect(secret).to_not be_valid expect(secret.errors[:expire_at]).to eq([ - "Maximum expiry allowed is #{(Time.now + 6.days).strftime('%d %B %Y')}" + "Maximum expiry allowed is #{(Time.current + 6.days).strftime('%d %B %Y')}" ]) end @@ -60,7 +60,7 @@ describe 'email_domain_authorised' do let(:secret) { SecretService.encrypt_new_secret({from_email: 'a@a.com', to_email: 'b@b.com', - secret: 'cdefg', expire_at: Time.now + 7.days}) + secret: 'cdefg', expire_at: Time.current + 7.days}) } before do @@ -97,4 +97,26 @@ end end + + describe '#extend_expiry!' do + let!(:secret) { + SecretService.encrypt_new_secret({from_email: 'a@a.com', to_email: 'b@b.com', + secret: 'cdefg', expire_at: Time.current - 7.days}) + } + + before do + Timecop.freeze + secret.extend_expiry! + end + + after { Timecop.return } + + it 'extends the expire_at for 1 week' do + expect(secret.reload.expire_at).to eq Time.current + 1.week + end + + it 'sets the extended_at to today' do + expect(secret.reload.extended_at).to eq Time.current + end + end end diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb new file mode 100644 index 0000000..6bdb641 --- /dev/null +++ b/spec/models/user_spec.rb @@ -0,0 +1,54 @@ +require 'rails_helper' + +describe User do + describe 'hooks' do + it 'creates user settings after creation' do + user = User.create(email: 'user@test.com') + expect(user.settings).to_not be nil + end + end + + describe 'validations' do + let!(:domain) { 'reinteractive.net' } + let!(:authorised_user) { build :user, email: 'authorised@reinteractive.net' } + let!(:unauthorised_user) { build :user, email: 'unauthorised@example.com' } + + context 'system is closed' do + before { configure_authorisation(:closed, domain) } + + it 'validates if email is allowed for the system' do + expect(authorised_user).to be_valid + expect(unauthorised_user).to_not be_valid + expect(unauthorised_user.errors.messages[:email]).to include I18n.t('field_errors.unauthorised') + end + end + + context 'system is limited' do + before { configure_authorisation(:limited, domain) } + + it 'validates if email is allowed for the system' do + expect(authorised_user).to be_valid + expect(unauthorised_user).to_not be_valid + expect(unauthorised_user.errors.messages[:email]).to include I18n.t('field_errors.unauthorised') + end + end + + context 'system is open' do + before { configure_authorisation(:open, domain) } + + it 'does not validate if email is allowed for the system' do + expect(authorised_user).to be_valid + expect(unauthorised_user).to be_valid + end + end + end + + describe '#set_reset_password_token' do + it 'returns the plaintext token' do + potential_token = subject.send(:set_reset_password_token) + potential_token_digest = Devise.token_generator.digest(subject, :reset_password_token, potential_token) + actual_token_digest = subject.reset_password_token + expect(potential_token_digest).to eql(actual_token_digest) + end + end +end diff --git a/spec/rails_helper.rb b/spec/rails_helper.rb index 6101940..48b62fa 100644 --- a/spec/rails_helper.rb +++ b/spec/rails_helper.rb @@ -52,6 +52,5 @@ # Add commands to the rspec DSL for manipulating cookies config.include ShowMeTheCookies, :type => :feature - + config.include AuthorisationHelpers end - diff --git a/spec/services/activity_logger_spec.rb b/spec/services/activity_logger_spec.rb new file mode 100644 index 0000000..de13edd --- /dev/null +++ b/spec/services/activity_logger_spec.rb @@ -0,0 +1,21 @@ +require 'rails_helper' + +describe ActivityLogger do + let!(:user) { create :user } + let!(:secret) { create :secret } + let!(:logger) { ActivityLogger.new(user) } + + it 'logs the activity' do + expect { logger.perform('created', secret) } + .to change { ActivityLog.count }.by(1) + end + + it 'logs the correct data' do + logger.perform('created', secret) + log = ActivityLog.last + + expect(log.key).to eq 'created' + expect(log.owner).to eq user + expect(log.trackable).to eq secret + end +end diff --git a/spec/services/auth_token_service_spec.rb b/spec/services/auth_token_service_spec.rb deleted file mode 100644 index 2fc97f2..0000000 --- a/spec/services/auth_token_service_spec.rb +++ /dev/null @@ -1,38 +0,0 @@ -require "rails_helper" - -describe AuthTokenService do - let(:sender) { "sender@email.com" } - let(:hash) { { email: sender }} - let!(:auth_token) { AuthToken.new(hash) } - - describe "#generate" do - let(:params) { { email: "superman@gmail.com" } } - let(:request_host) { "http://localhost:3000" } - - it "creates a token" do - expect { - AuthTokenService.generate(params) - }.to change(AuthToken, :count).by(1) - end - - context "valid auth_token" do - - it "tells the auth_token to notify if persisted" do - expect_any_instance_of(AuthToken).to receive(:notify).once - AuthTokenService.generate(params) - end - - end - - context "invalid auth_token" do - - it "does not tell the auth_token to notify" do - expect_any_instance_of(AuthToken).to_not receive(:notify) - AuthTokenService.generate(params.merge!(email: '')) - end - - end - - end - -end diff --git a/spec/services/authorised_email_service_spec.rb b/spec/services/authorised_email_service_spec.rb new file mode 100644 index 0000000..f63e3f6 --- /dev/null +++ b/spec/services/authorised_email_service_spec.rb @@ -0,0 +1,141 @@ +require 'rails_helper' + +describe AuthorisedEmailService do + describe '.closed_system?' do + it 'returns true when system is closed' do + configure_authorisation(:closed) + expect(AuthorisedEmailService.closed_system?).to eq(true) + end + + it 'returns false when system is open/limited' do + configure_authorisation(:open) + expect(AuthorisedEmailService.closed_system?).to eq(false) + + configure_authorisation(:limited) + expect(AuthorisedEmailService.closed_system?).to eq(false) + end + end + + describe '.limited_system?' do + it 'returns true when system is limited' do + configure_authorisation(:limited) + expect(AuthorisedEmailService.limited_system?).to eq(true) + end + + it 'returns false when system is open/closed' do + configure_authorisation(:open) + expect(AuthorisedEmailService.limited_system?).to eq(false) + + configure_authorisation(:closed) + expect(AuthorisedEmailService.limited_system?).to eq(false) + end + end + + describe '.open_system?' do + it 'returns true when system is open' do + configure_authorisation(:open) + expect(AuthorisedEmailService.open_system?).to eq(true) + end + + it 'returns false when system is limited/closed' do + configure_authorisation(:limited) + expect(AuthorisedEmailService.open_system?).to eq(false) + + configure_authorisation(:closed) + expect(AuthorisedEmailService.open_system?).to eq(false) + end + end + + describe '.closed_or_limited_system?' do + it 'returns true when system is closed/limited' do + configure_authorisation(:limited) + expect(AuthorisedEmailService.closed_or_limited_system?).to eq(true) + + configure_authorisation(:closed) + expect(AuthorisedEmailService.closed_or_limited_system?).to eq(true) + end + + it 'returns false when system is open' do + configure_authorisation(:open) + expect(AuthorisedEmailService.closed_or_limited_system?).to eq(false) + end + end + + describe '.authorised_to_register?' do + let!(:domain) { 'example.com' } + let!(:authorised_email) { 'authorised@example.com' } + let!(:unauthorised_email) { 'unauthorised@domain.com' } + + context 'system is closed' do + before { configure_authorisation(:closed, domain) } + + it 'returns true if email belongs to authorised domain' do + expect(AuthorisedEmailService.authorised_to_register?(authorised_email)).to eq(true) + end + + it 'returns false if email does not belong to authorised domain' do + expect(AuthorisedEmailService.authorised_to_register?(unauthorised_email)).to eq(false) + end + end + + context 'system is limited' do + before { configure_authorisation(:limited, domain) } + + it 'returns true if email belongs to authorised domain' do + expect(AuthorisedEmailService.authorised_to_register?(authorised_email)).to eq(true) + end + + it 'returns false if email does not belong to authorised domain' do + expect(AuthorisedEmailService.authorised_to_register?(unauthorised_email)).to eq(false) + end + end + + context 'system is open' do + before { configure_authorisation(:open, domain) } + + it 'returns true if email belongs to authorised domain' do + expect(AuthorisedEmailService.authorised_to_register?(authorised_email)).to eq(true) + end + + it 'returns true if email does not belong to authorised domain' do + expect(AuthorisedEmailService.authorised_to_register?(unauthorised_email)).to eq(true) + end + end + end + + describe '.email_domain_matches?' do + let!(:domain) { 'example.com' } + let!(:authorised_email) { 'authorised@example.com' } + let!(:unauthorised_email) { 'unauthorised@domain.com' } + + before { configure_authorisation(:open, domain) } + + it 'returns matched emails for authorised domain' do + matches = AuthorisedEmailService.email_domain_matches?(authorised_email) + expect(matches).to be_truthy + end + + it 'does not return matched emails for authorised domain' do + matches = AuthorisedEmailService.email_domain_matches?(unauthorised_email) + expect(matches).to be_falsey + end + end + + describe '.email_domain_does_not_match?' do + let!(:domain) { 'example.com' } + let!(:authorised_email) { 'authorised@example.com' } + let!(:unauthorised_email) { 'unauthorised@domain.com' } + + before { configure_authorisation(:open, domain) } + + it 'returns true if email does not belong to authorised domain' do + matches = AuthorisedEmailService.email_domain_does_not_match?(unauthorised_email) + expect(matches).to be true + end + + it 'returns false if email belongs to authorised domain' do + matches = AuthorisedEmailService.email_domain_does_not_match?(authorised_email) + expect(matches).to be false + end + end +end diff --git a/spec/services/copy_secret_service_spec.rb b/spec/services/copy_secret_service_spec.rb new file mode 100644 index 0000000..0132bb3 --- /dev/null +++ b/spec/services/copy_secret_service_spec.rb @@ -0,0 +1,51 @@ +require 'rails_helper' + +describe CopySecretService do + let!(:secret) { create :secret } + let!(:session) { Hash.new } + let!(:service) { CopySecretService.new(session) } + + describe '#prepare!' do + it 'sets the sessions key and uuid' do + service.prepare!(secret) + + expect(session[:copy_secret_key]).to eq secret.secret_key + expect(session[:copy_secret_uuid]).to eq secret.uuid + end + end + + describe '#perform!' do + context 'key and uuid are set' do + before do + session[:copy_secret_key] = 'secret_key' + session[:copy_secret_uuid] = 'secret_uuid' + end + + it 'returns key and uuid data' do + data = service.perform! + + expect(data[:key]).to eq 'secret_key' + expect(data[:uuid]).to eq 'secret_uuid' + end + + it 'deletes key and uuid from session' do + service.perform! + + expect(session[:copy_secret_key]).to be nil + expect(session[:copy_secret_uuid]).to be nil + end + end + + context 'key and uuid are not set' do + before do + session[:copy_secret_key] = nil + session[:copy_secret_uuid] = nil + end + + it 'returns false' do + result = service.perform! + expect(result).to be false + end + end + end +end diff --git a/spec/services/secret_service_spec.rb b/spec/services/secret_service_spec.rb index 7fd4f3c..484665d 100644 --- a/spec/services/secret_service_spec.rb +++ b/spec/services/secret_service_spec.rb @@ -38,7 +38,7 @@ SecretService.encrypt_new_secret( { secret: secret_info, to_email: to_email, from_email: from_email, - expire_at: Time.now + 7.days}) + expire_at: Time.current + 7.days}) } let!(:retrieved_secret) { Secret.find(secret.id) } let(:secret_key) { ActionMailer::Base.deliveries.last.to_s.match(/\?key=(\w+)/)[1] } diff --git a/spec/services/two_factor_service_spec.rb b/spec/services/two_factor_service_spec.rb new file mode 100644 index 0000000..ac9ef03 --- /dev/null +++ b/spec/services/two_factor_service_spec.rb @@ -0,0 +1,134 @@ +require 'rails_helper' + +describe TwoFactorService do + let(:user) { create :user } + let(:tfa) { TwoFactorService.new(user) } + + describe '#issue_otp_secret' do + it 'sets the users otp_secret' do + expect(tfa.user.otp_secret).to be_nil + + tfa.issue_otp_secret + expect(tfa.user.otp_secret).to_not be_nil + end + end + + describe '#generate_otp_provisioning_uri' do + it 'returns a qrcode source' do + source = 'otpauth://totp/Secret%20Link:user@secretlink.org?issuer=Secret+Link' + expect(tfa.generate_otp_provisioning_uri).to eq source + end + end + + describe '#enable_otp' do + let!(:otp_secret) { tfa.issue_otp_secret } + + context 'successful' do + it 'returns true' do + result = tfa.enable_otp(otp_secret, tfa.user.current_otp, 'password') + expect(result).to be true + end + + it 'sets otp_secret and otp_required_for_login' do + tfa.enable_otp(otp_secret, tfa.user.current_otp, 'password') + + user.reload + expect(user.otp_secret).to eq otp_secret + expect(user.otp_required_for_login).to be true + expect(user.changed?).to be false + end + end + + context 'wrong password' do + let!(:result) { tfa.enable_otp(otp_secret, tfa.user.current_otp, 'wrong password') } + + it 'returns false' do + expect(result).to be false + end + + it 'adds current password error' do + expect(tfa.user.errors.added?(:current_password, :invalid)).to be true + end + + it 'does not update the user' do + user.reload + expect(user.otp_secret).to be nil + expect(user.otp_required_for_login).to be false + expect(tfa.user.changed?).to be true + end + end + + context 'wrong otp secret' do + let!(:result) { tfa.enable_otp(otp_secret, 'wrong otp_secret', 'password') } + + it 'returns false' do + expect(result).to be false + end + + it 'adds otp_attempt error' do + expect(tfa.user.errors.added?(:otp_attempt, :invalid)).to be true + end + + it 'does not update the user' do + user.reload + expect(user.otp_secret).to be nil + expect(user.otp_required_for_login).to be false + expect(tfa.user.changed?).to be true + end + end + end + + describe '#enable_otp_without_password' do + let!(:otp_secret) { tfa.issue_otp_secret } + + context 'successful' do + it 'returns true' do + result = tfa.enable_otp_without_password(otp_secret, tfa.user.current_otp) + expect(result).to be true + end + + it 'sets otp_secret and otp_required_for_login' do + tfa.enable_otp_without_password(otp_secret, tfa.user.current_otp) + + user.reload + expect(user.otp_secret).to eq otp_secret + expect(user.otp_required_for_login).to be true + expect(user.changed?).to be false + end + end + end + + describe '#disable_otp' do + let!(:otp_secret) { tfa.issue_otp_secret } + + context 'successful' do + before do + tfa.enable_otp(otp_secret, tfa.user.current_otp, 'password') + end + + it 'returns true' do + expect(tfa.disable_otp("password")).to eq true + end + + it 'sets otp_required_for_login to false' do + tfa.disable_otp("password") + expect(user.reload.otp_required_for_login).to eq false + end + end + + context 'failed' do + before do + tfa.enable_otp(otp_secret, tfa.user.current_otp, 'password') + end + + it 'returns false' do + expect(tfa.disable_otp("wrong password")).to eq false + end + + it 'it does not set otp_required_for_login' do + tfa.disable_otp("wrong password") + expect(user.reload.otp_required_for_login).to eq true + end + end + end +end diff --git a/spec/services/user_setup_service_spec.rb b/spec/services/user_setup_service_spec.rb new file mode 100644 index 0000000..4b82731 --- /dev/null +++ b/spec/services/user_setup_service_spec.rb @@ -0,0 +1,111 @@ +require 'rails_helper' + +describe UserSetupService do + let!(:user) { create :user, :unconfirmed } + let!(:token) { issue_reset_password_token!(user) } + + before do + user.reload + end + + describe '#initialize' do + let!(:setup_service) { UserSetupService.new(token, TwoFactorService) } + + it 'sets the user' do + expect(setup_service.user).to eq user + end + + it 'initializes a TwoFactorService' do + expect(setup_service.tfa_service).to be_a TwoFactorService + end + end + + describe '#run' do + let!(:tfa_service) { TwoFactorService.new(user) } + let!(:secret) { tfa_service.issue_otp_secret } + let!(:otp_user) { tfa_service.user } + let!(:setup_service) { UserSetupService.new(token, TwoFactorService) } + + context 'successful without otp' do + let!(:password_params) { {password: 'password', password_confirmation: 'password', reset_password_token: token} } + let!(:tfa_params) { {otp_required_for_login: '0'} } + + it 'returns true' do + result = setup_service.run(password_params, tfa_params) + expect(result).to be true + end + + it 'updates the users password' do + expect(user.encrypted_password).to be_blank + + setup_service.run(password_params, tfa_params) + expect(user.reload.encrypted_password).to_not be_blank + end + end + + context 'successful with otp' do + let!(:password_params) { {password: 'password', password_confirmation: 'password', reset_password_token: token} } + let!(:tfa_params) { {otp_required_for_login: '1', otp_secret: secret, otp_attempt: otp_user.current_otp} } + + it 'returns true' do + result = setup_service.run(password_params, tfa_params) + expect(result).to be true + end + + it 'sets the users password' do + expect(user.encrypted_password).to be_blank + + setup_service.run(password_params, tfa_params) + expect(user.reload.encrypted_password).to_not be_blank + end + + it 'enables the users otp' do + expect(user.otp_required_for_login).to be false + + setup_service.run(password_params, tfa_params) + user.reload + + expect(user.otp_required_for_login).to be true + expect(user.otp_secret).to eq secret + end + end + + context 'token is invalid' do + let!(:setup_service) { UserSetupService.new('abc', TwoFactorService) } + + it 'returns false' do + result = setup_service.run({}, {}) + expect(result).to eq false + end + end + + context 'password has errors' do + let!(:password_params) { {password: '', password_confirmation: '', reset_password_token: token} } + let!(:tfa_params) { {otp_required_for_login: '1', otp_secret: secret, otp_attempt: otp_user.current_otp} } + + it 'returns false' do + result = setup_service.run(password_params, tfa_params) + expect(result).to eq false + end + + it 'will not update the users password' do + expect(user.encrypted_password).to be_blank + + result = setup_service.run(password_params, tfa_params) + expect(result).to eq false + + expect(user.reload.encrypted_password).to be_blank + end + + it 'doesn not enable the users otp' do + expect(user.otp_required_for_login).to be false + + setup_service.run(password_params, tfa_params) + user.reload + + expect(user.otp_required_for_login).to be false + expect(user.otp_secret).to be nil + end + end + end +end diff --git a/spec/support/authorisation_helpers.rb b/spec/support/authorisation_helpers.rb new file mode 100644 index 0000000..0d1f787 --- /dev/null +++ b/spec/support/authorisation_helpers.rb @@ -0,0 +1,12 @@ +module AuthorisationHelpers + def configure_authorisation(system_type, domain = "") + allow(Rails.configuration).to receive(:topsekrit_authorisation_setting).and_return(system_type) + allow(Rails.configuration).to receive(:topsekrit_authorised_domain).and_return(domain) + end + + def issue_reset_password_token!(user) + raw, enc = Devise.token_generator.generate(User, :reset_password_token) + user.update_attributes(reset_password_token: enc, reset_password_sent_at: Time.current.utc) + raw + end +end diff --git a/spec/support/capybara.rb b/spec/support/capybara.rb index fb506ab..a92c826 100644 --- a/spec/support/capybara.rb +++ b/spec/support/capybara.rb @@ -3,6 +3,7 @@ require 'capybara/poltergeist' Capybara.default_max_wait_time = 15 +Capybara.ignore_hidden_elements = true Capybara.register_driver :poltergeist do |app| Capybara::Poltergeist::Driver.new(app, debug: false) diff --git a/spec/support/devise.rb b/spec/support/devise.rb new file mode 100644 index 0000000..2abb184 --- /dev/null +++ b/spec/support/devise.rb @@ -0,0 +1,7 @@ +RSpec.configure do |config| + config.include Warden::Test::Helpers + + config.after :each do + Warden.test_reset! + end +end diff --git a/spec/support/factory_bot.rb b/spec/support/factory_bot.rb new file mode 100644 index 0000000..c7890e4 --- /dev/null +++ b/spec/support/factory_bot.rb @@ -0,0 +1,3 @@ +RSpec.configure do |config| + config.include FactoryBot::Syntax::Methods +end diff --git a/spec/support/sample_template.html.erb b/spec/support/sample_template.html.erb new file mode 100644 index 0000000..13fdffd --- /dev/null +++ b/spec/support/sample_template.html.erb @@ -0,0 +1,4 @@ +
+

This is a sample template

+

This depends on a user <%= @user.email %>

+
diff --git a/spec/support/share_db_connection.rb b/spec/support/share_db_connection.rb new file mode 100644 index 0000000..e2bac1d --- /dev/null +++ b/spec/support/share_db_connection.rb @@ -0,0 +1,17 @@ +# We're adding this because using login_as with Poltergeist(js enabled) doesn't work +# please see: +# https://github.com/plataformatec/devise/wiki/How-To:-Test-with-Capybara +# https://github.com/railscasts/391-testing-javascript-with-phantomjs/blob/master/checkout-after/spec/support/share_db_connection.rb +# Thanks Ryan Bates! +class ActiveRecord::Base + mattr_accessor :shared_connection + @@shared_connection = nil + + def self.connection + @@shared_connection || retrieve_connection + end +end + +# Forces all threads to share the same connection. This works on +# Capybara because it starts the web server in a thread. +ActiveRecord::Base.shared_connection = ActiveRecord::Base.connection diff --git a/vendor/cache/actionmailer-4.2.8.gem b/vendor/cache/actionmailer-4.2.8.gem new file mode 100644 index 0000000..a25b5a3 Binary files /dev/null and b/vendor/cache/actionmailer-4.2.8.gem differ diff --git a/vendor/cache/actionpack-4.2.8.gem b/vendor/cache/actionpack-4.2.8.gem new file mode 100644 index 0000000..1b99d2e Binary files /dev/null and b/vendor/cache/actionpack-4.2.8.gem differ diff --git a/vendor/cache/actionview-4.2.8.gem b/vendor/cache/actionview-4.2.8.gem new file mode 100644 index 0000000..c6e4eaf Binary files /dev/null and b/vendor/cache/actionview-4.2.8.gem differ diff --git a/vendor/cache/activejob-4.2.8.gem b/vendor/cache/activejob-4.2.8.gem new file mode 100644 index 0000000..04c0b32 Binary files /dev/null and b/vendor/cache/activejob-4.2.8.gem differ diff --git a/vendor/cache/activemodel-4.2.8.gem b/vendor/cache/activemodel-4.2.8.gem new file mode 100644 index 0000000..c9b07e2 Binary files /dev/null and b/vendor/cache/activemodel-4.2.8.gem differ diff --git a/vendor/cache/activerecord-4.2.8.gem b/vendor/cache/activerecord-4.2.8.gem new file mode 100644 index 0000000..439b60f Binary files /dev/null and b/vendor/cache/activerecord-4.2.8.gem differ diff --git a/vendor/cache/activesupport-4.2.8.gem b/vendor/cache/activesupport-4.2.8.gem new file mode 100644 index 0000000..14ce44c Binary files /dev/null and b/vendor/cache/activesupport-4.2.8.gem differ diff --git a/vendor/cache/addressable-2.5.1.gem b/vendor/cache/addressable-2.5.1.gem new file mode 100644 index 0000000..7fa3a07 Binary files /dev/null and b/vendor/cache/addressable-2.5.1.gem differ diff --git a/vendor/cache/arel-6.0.4.gem b/vendor/cache/arel-6.0.4.gem new file mode 100644 index 0000000..69b9d24 Binary files /dev/null and b/vendor/cache/arel-6.0.4.gem differ diff --git a/vendor/cache/ast-2.3.0.gem b/vendor/cache/ast-2.3.0.gem new file mode 100644 index 0000000..668d7a8 Binary files /dev/null and b/vendor/cache/ast-2.3.0.gem differ diff --git a/vendor/cache/attr_encrypted-3.0.3.gem b/vendor/cache/attr_encrypted-3.0.3.gem new file mode 100644 index 0000000..7f37bff Binary files /dev/null and b/vendor/cache/attr_encrypted-3.0.3.gem differ diff --git a/vendor/cache/autoprefixer-rails-6.7.7.1.gem b/vendor/cache/autoprefixer-rails-6.7.7.1.gem new file mode 100644 index 0000000..dcf2e39 Binary files /dev/null and b/vendor/cache/autoprefixer-rails-6.7.7.1.gem differ diff --git a/vendor/cache/bcrypt-3.1.11.gem b/vendor/cache/bcrypt-3.1.11.gem new file mode 100644 index 0000000..53fa448 Binary files /dev/null and b/vendor/cache/bcrypt-3.1.11.gem differ diff --git a/vendor/cache/better_errors-2.1.1.gem b/vendor/cache/better_errors-2.1.1.gem new file mode 100644 index 0000000..0590d96 Binary files /dev/null and b/vendor/cache/better_errors-2.1.1.gem differ diff --git a/vendor/cache/binding_of_caller-0.7.2.gem b/vendor/cache/binding_of_caller-0.7.2.gem new file mode 100644 index 0000000..a8332f1 Binary files /dev/null and b/vendor/cache/binding_of_caller-0.7.2.gem differ diff --git a/vendor/cache/bootstrap-sass-3.3.7.gem b/vendor/cache/bootstrap-sass-3.3.7.gem new file mode 100644 index 0000000..d17a313 Binary files /dev/null and b/vendor/cache/bootstrap-sass-3.3.7.gem differ diff --git a/vendor/cache/bugsnag-5.3.0.gem b/vendor/cache/bugsnag-5.3.0.gem new file mode 100644 index 0000000..dcbf369 Binary files /dev/null and b/vendor/cache/bugsnag-5.3.0.gem differ diff --git a/vendor/cache/builder-3.2.3.gem b/vendor/cache/builder-3.2.3.gem new file mode 100644 index 0000000..3500c80 Binary files /dev/null and b/vendor/cache/builder-3.2.3.gem differ diff --git a/vendor/cache/byebug-9.0.6.gem b/vendor/cache/byebug-9.0.6.gem new file mode 100644 index 0000000..d97290e Binary files /dev/null and b/vendor/cache/byebug-9.0.6.gem differ diff --git a/vendor/cache/capybara-2.13.0.gem b/vendor/cache/capybara-2.13.0.gem new file mode 100644 index 0000000..a58f88d Binary files /dev/null and b/vendor/cache/capybara-2.13.0.gem differ diff --git a/vendor/cache/carrierwave-1.0.0.gem b/vendor/cache/carrierwave-1.0.0.gem new file mode 100644 index 0000000..da2a1aa Binary files /dev/null and b/vendor/cache/carrierwave-1.0.0.gem differ diff --git a/vendor/cache/chunky_png-1.3.11.gem b/vendor/cache/chunky_png-1.3.11.gem new file mode 100644 index 0000000..cd1c46c Binary files /dev/null and b/vendor/cache/chunky_png-1.3.11.gem differ diff --git a/vendor/cache/cliver-0.3.2.gem b/vendor/cache/cliver-0.3.2.gem new file mode 100644 index 0000000..3635c7e Binary files /dev/null and b/vendor/cache/cliver-0.3.2.gem differ diff --git a/vendor/cache/coderay-1.1.1.gem b/vendor/cache/coderay-1.1.1.gem new file mode 100644 index 0000000..269f549 Binary files /dev/null and b/vendor/cache/coderay-1.1.1.gem differ diff --git a/vendor/cache/concurrent-ruby-1.0.5.gem b/vendor/cache/concurrent-ruby-1.0.5.gem new file mode 100644 index 0000000..4119d3a Binary files /dev/null and b/vendor/cache/concurrent-ruby-1.0.5.gem differ diff --git a/vendor/cache/database_cleaner-1.5.3.gem b/vendor/cache/database_cleaner-1.5.3.gem new file mode 100644 index 0000000..8bc7a32 Binary files /dev/null and b/vendor/cache/database_cleaner-1.5.3.gem differ diff --git a/vendor/cache/debug_inspector-0.0.2.gem b/vendor/cache/debug_inspector-0.0.2.gem new file mode 100644 index 0000000..e1fcdeb Binary files /dev/null and b/vendor/cache/debug_inspector-0.0.2.gem differ diff --git a/vendor/cache/devise-4.4.0.gem b/vendor/cache/devise-4.4.0.gem new file mode 100644 index 0000000..389bab7 Binary files /dev/null and b/vendor/cache/devise-4.4.0.gem differ diff --git a/vendor/cache/devise-two-factor-3.0.3.gem b/vendor/cache/devise-two-factor-3.0.3.gem new file mode 100644 index 0000000..0bb89b2 Binary files /dev/null and b/vendor/cache/devise-two-factor-3.0.3.gem differ diff --git a/vendor/cache/diff-lcs-1.3.gem b/vendor/cache/diff-lcs-1.3.gem new file mode 100644 index 0000000..ae5a5f9 Binary files /dev/null and b/vendor/cache/diff-lcs-1.3.gem differ diff --git a/vendor/cache/dotenv-2.2.0.gem b/vendor/cache/dotenv-2.2.0.gem new file mode 100644 index 0000000..609631c Binary files /dev/null and b/vendor/cache/dotenv-2.2.0.gem differ diff --git a/vendor/cache/dotenv-rails-2.2.0.gem b/vendor/cache/dotenv-rails-2.2.0.gem new file mode 100644 index 0000000..585f210 Binary files /dev/null and b/vendor/cache/dotenv-rails-2.2.0.gem differ diff --git a/vendor/cache/email_validator-1.6.0.gem b/vendor/cache/email_validator-1.6.0.gem new file mode 100644 index 0000000..3c13702 Binary files /dev/null and b/vendor/cache/email_validator-1.6.0.gem differ diff --git a/vendor/cache/encryptor-3.0.0.gem b/vendor/cache/encryptor-3.0.0.gem new file mode 100644 index 0000000..e026ddf Binary files /dev/null and b/vendor/cache/encryptor-3.0.0.gem differ diff --git a/vendor/cache/erubis-2.7.0.gem b/vendor/cache/erubis-2.7.0.gem new file mode 100644 index 0000000..4acd2e7 Binary files /dev/null and b/vendor/cache/erubis-2.7.0.gem differ diff --git a/vendor/cache/execjs-2.7.0.gem b/vendor/cache/execjs-2.7.0.gem new file mode 100644 index 0000000..1247cce Binary files /dev/null and b/vendor/cache/execjs-2.7.0.gem differ diff --git a/vendor/cache/factory_bot-5.0.2.gem b/vendor/cache/factory_bot-5.0.2.gem new file mode 100644 index 0000000..f5155de Binary files /dev/null and b/vendor/cache/factory_bot-5.0.2.gem differ diff --git a/vendor/cache/factory_bot_rails-5.0.2.gem b/vendor/cache/factory_bot_rails-5.0.2.gem new file mode 100644 index 0000000..12fa460 Binary files /dev/null and b/vendor/cache/factory_bot_rails-5.0.2.gem differ diff --git a/vendor/cache/faker-1.7.3.gem b/vendor/cache/faker-1.7.3.gem new file mode 100644 index 0000000..6b55e1a Binary files /dev/null and b/vendor/cache/faker-1.7.3.gem differ diff --git a/vendor/cache/faraday-0.11.0.gem b/vendor/cache/faraday-0.11.0.gem new file mode 100644 index 0000000..d215486 Binary files /dev/null and b/vendor/cache/faraday-0.11.0.gem differ diff --git a/vendor/cache/globalid-0.3.7.gem b/vendor/cache/globalid-0.3.7.gem new file mode 100644 index 0000000..d07f478 Binary files /dev/null and b/vendor/cache/globalid-0.3.7.gem differ diff --git a/vendor/cache/hashie-3.5.5.gem b/vendor/cache/hashie-3.5.5.gem new file mode 100644 index 0000000..0acf9b7 Binary files /dev/null and b/vendor/cache/hashie-3.5.5.gem differ diff --git a/vendor/cache/i18n-0.8.1.gem b/vendor/cache/i18n-0.8.1.gem new file mode 100644 index 0000000..2c832de Binary files /dev/null and b/vendor/cache/i18n-0.8.1.gem differ diff --git a/vendor/cache/jbuilder-2.6.3.gem b/vendor/cache/jbuilder-2.6.3.gem new file mode 100644 index 0000000..0b29444 Binary files /dev/null and b/vendor/cache/jbuilder-2.6.3.gem differ diff --git a/vendor/cache/jquery-rails-4.3.1.gem b/vendor/cache/jquery-rails-4.3.1.gem new file mode 100644 index 0000000..9ebca8a Binary files /dev/null and b/vendor/cache/jquery-rails-4.3.1.gem differ diff --git a/vendor/cache/json-1.8.6.gem b/vendor/cache/json-1.8.6.gem new file mode 100644 index 0000000..2a7d664 Binary files /dev/null and b/vendor/cache/json-1.8.6.gem differ diff --git a/vendor/cache/jwt-1.5.6.gem b/vendor/cache/jwt-1.5.6.gem new file mode 100644 index 0000000..70970d7 Binary files /dev/null and b/vendor/cache/jwt-1.5.6.gem differ diff --git a/vendor/cache/kgio-2.11.0.gem b/vendor/cache/kgio-2.11.0.gem new file mode 100644 index 0000000..c5c7c99 Binary files /dev/null and b/vendor/cache/kgio-2.11.0.gem differ diff --git a/vendor/cache/launchy-2.4.3.gem b/vendor/cache/launchy-2.4.3.gem new file mode 100644 index 0000000..e7b99df Binary files /dev/null and b/vendor/cache/launchy-2.4.3.gem differ diff --git a/vendor/cache/local_time-2.1.0.gem b/vendor/cache/local_time-2.1.0.gem new file mode 100644 index 0000000..9dd2c47 Binary files /dev/null and b/vendor/cache/local_time-2.1.0.gem differ diff --git a/vendor/cache/logstash-event-1.2.02.gem b/vendor/cache/logstash-event-1.2.02.gem new file mode 100644 index 0000000..0eaea6c Binary files /dev/null and b/vendor/cache/logstash-event-1.2.02.gem differ diff --git a/vendor/cache/logstasher-0.6.5.gem b/vendor/cache/logstasher-0.6.5.gem new file mode 100644 index 0000000..d467768 Binary files /dev/null and b/vendor/cache/logstasher-0.6.5.gem differ diff --git a/vendor/cache/loofah-2.0.3.gem b/vendor/cache/loofah-2.0.3.gem new file mode 100644 index 0000000..1aa5e84 Binary files /dev/null and b/vendor/cache/loofah-2.0.3.gem differ diff --git a/vendor/cache/mail-2.6.4.gem b/vendor/cache/mail-2.6.4.gem new file mode 100644 index 0000000..4fa553a Binary files /dev/null and b/vendor/cache/mail-2.6.4.gem differ diff --git a/vendor/cache/method_source-0.9.2.gem b/vendor/cache/method_source-0.9.2.gem new file mode 100644 index 0000000..c12e342 Binary files /dev/null and b/vendor/cache/method_source-0.9.2.gem differ diff --git a/vendor/cache/mime-types-3.1.gem b/vendor/cache/mime-types-3.1.gem new file mode 100644 index 0000000..142b7d6 Binary files /dev/null and b/vendor/cache/mime-types-3.1.gem differ diff --git a/vendor/cache/mime-types-data-3.2016.0521.gem b/vendor/cache/mime-types-data-3.2016.0521.gem new file mode 100644 index 0000000..7b90077 Binary files /dev/null and b/vendor/cache/mime-types-data-3.2016.0521.gem differ diff --git a/vendor/cache/mini_magick-4.9.3.gem b/vendor/cache/mini_magick-4.9.3.gem new file mode 100644 index 0000000..375f697 Binary files /dev/null and b/vendor/cache/mini_magick-4.9.3.gem differ diff --git a/vendor/cache/mini_portile2-2.1.0.gem b/vendor/cache/mini_portile2-2.1.0.gem new file mode 100644 index 0000000..bb3fbc7 Binary files /dev/null and b/vendor/cache/mini_portile2-2.1.0.gem differ diff --git a/vendor/cache/minitest-5.10.1.gem b/vendor/cache/minitest-5.10.1.gem new file mode 100644 index 0000000..2cb0773 Binary files /dev/null and b/vendor/cache/minitest-5.10.1.gem differ diff --git a/vendor/cache/multi_json-1.12.1.gem b/vendor/cache/multi_json-1.12.1.gem new file mode 100644 index 0000000..bf1ffad Binary files /dev/null and b/vendor/cache/multi_json-1.12.1.gem differ diff --git a/vendor/cache/multi_xml-0.6.0.gem b/vendor/cache/multi_xml-0.6.0.gem new file mode 100644 index 0000000..77c5d00 Binary files /dev/null and b/vendor/cache/multi_xml-0.6.0.gem differ diff --git a/vendor/cache/multipart-post-2.0.0.gem b/vendor/cache/multipart-post-2.0.0.gem new file mode 100644 index 0000000..abfff3d Binary files /dev/null and b/vendor/cache/multipart-post-2.0.0.gem differ diff --git a/vendor/cache/nokogiri-1.7.1.gem b/vendor/cache/nokogiri-1.7.1.gem new file mode 100644 index 0000000..b54ed58 Binary files /dev/null and b/vendor/cache/nokogiri-1.7.1.gem differ diff --git a/vendor/cache/oauth2-1.3.1.gem b/vendor/cache/oauth2-1.3.1.gem new file mode 100644 index 0000000..063ed64 Binary files /dev/null and b/vendor/cache/oauth2-1.3.1.gem differ diff --git a/vendor/cache/okcomputer-1.14.2.gem b/vendor/cache/okcomputer-1.14.2.gem new file mode 100644 index 0000000..74cdfda Binary files /dev/null and b/vendor/cache/okcomputer-1.14.2.gem differ diff --git a/vendor/cache/omniauth-1.6.1.gem b/vendor/cache/omniauth-1.6.1.gem new file mode 100644 index 0000000..9dcf675 Binary files /dev/null and b/vendor/cache/omniauth-1.6.1.gem differ diff --git a/vendor/cache/omniauth-google-oauth2-0.4.1.gem b/vendor/cache/omniauth-google-oauth2-0.4.1.gem new file mode 100644 index 0000000..681fd16 Binary files /dev/null and b/vendor/cache/omniauth-google-oauth2-0.4.1.gem differ diff --git a/vendor/cache/omniauth-oauth2-1.4.0.gem b/vendor/cache/omniauth-oauth2-1.4.0.gem new file mode 100644 index 0000000..1fc2048 Binary files /dev/null and b/vendor/cache/omniauth-oauth2-1.4.0.gem differ diff --git a/vendor/cache/orm_adapter-0.5.0.gem b/vendor/cache/orm_adapter-0.5.0.gem new file mode 100644 index 0000000..fbc5b17 Binary files /dev/null and b/vendor/cache/orm_adapter-0.5.0.gem differ diff --git a/vendor/cache/parser-2.4.0.0.gem b/vendor/cache/parser-2.4.0.0.gem new file mode 100644 index 0000000..12f42c9 Binary files /dev/null and b/vendor/cache/parser-2.4.0.0.gem differ diff --git a/vendor/cache/pg-0.20.0.gem b/vendor/cache/pg-0.20.0.gem new file mode 100644 index 0000000..ce96510 Binary files /dev/null and b/vendor/cache/pg-0.20.0.gem differ diff --git a/vendor/cache/pickadate-rails-3.5.6.0.gem b/vendor/cache/pickadate-rails-3.5.6.0.gem new file mode 100644 index 0000000..07a22e8 Binary files /dev/null and b/vendor/cache/pickadate-rails-3.5.6.0.gem differ diff --git a/vendor/cache/poltergeist-1.14.0.gem b/vendor/cache/poltergeist-1.14.0.gem new file mode 100644 index 0000000..bb03306 Binary files /dev/null and b/vendor/cache/poltergeist-1.14.0.gem differ diff --git a/vendor/cache/powerpack-0.1.1.gem b/vendor/cache/powerpack-0.1.1.gem new file mode 100644 index 0000000..f7561fc Binary files /dev/null and b/vendor/cache/powerpack-0.1.1.gem differ diff --git a/vendor/cache/pry-0.12.2.gem b/vendor/cache/pry-0.12.2.gem new file mode 100644 index 0000000..e7c4ee1 Binary files /dev/null and b/vendor/cache/pry-0.12.2.gem differ diff --git a/vendor/cache/public_suffix-2.0.5.gem b/vendor/cache/public_suffix-2.0.5.gem new file mode 100644 index 0000000..7511d95 Binary files /dev/null and b/vendor/cache/public_suffix-2.0.5.gem differ diff --git a/vendor/cache/quiet_assets-1.1.0.gem b/vendor/cache/quiet_assets-1.1.0.gem new file mode 100644 index 0000000..e0ae38f Binary files /dev/null and b/vendor/cache/quiet_assets-1.1.0.gem differ diff --git a/vendor/cache/rack-1.6.5.gem b/vendor/cache/rack-1.6.5.gem new file mode 100644 index 0000000..aea5dd7 Binary files /dev/null and b/vendor/cache/rack-1.6.5.gem differ diff --git a/vendor/cache/rack-test-0.6.3.gem b/vendor/cache/rack-test-0.6.3.gem new file mode 100644 index 0000000..914afe9 Binary files /dev/null and b/vendor/cache/rack-test-0.6.3.gem differ diff --git a/vendor/cache/rails-4.2.8.gem b/vendor/cache/rails-4.2.8.gem new file mode 100644 index 0000000..7375122 Binary files /dev/null and b/vendor/cache/rails-4.2.8.gem differ diff --git a/vendor/cache/rails-deprecated_sanitizer-1.0.3.gem b/vendor/cache/rails-deprecated_sanitizer-1.0.3.gem new file mode 100644 index 0000000..56bbe9e Binary files /dev/null and b/vendor/cache/rails-deprecated_sanitizer-1.0.3.gem differ diff --git a/vendor/cache/rails-dom-testing-1.0.8.gem b/vendor/cache/rails-dom-testing-1.0.8.gem new file mode 100644 index 0000000..324b388 Binary files /dev/null and b/vendor/cache/rails-dom-testing-1.0.8.gem differ diff --git a/vendor/cache/rails-html-sanitizer-1.0.3.gem b/vendor/cache/rails-html-sanitizer-1.0.3.gem new file mode 100644 index 0000000..a419361 Binary files /dev/null and b/vendor/cache/rails-html-sanitizer-1.0.3.gem differ diff --git a/vendor/cache/rails_12factor-0.0.3.gem b/vendor/cache/rails_12factor-0.0.3.gem new file mode 100644 index 0000000..26b17bf Binary files /dev/null and b/vendor/cache/rails_12factor-0.0.3.gem differ diff --git a/vendor/cache/rails_serve_static_assets-0.0.5.gem b/vendor/cache/rails_serve_static_assets-0.0.5.gem new file mode 100644 index 0000000..dfe349c Binary files /dev/null and b/vendor/cache/rails_serve_static_assets-0.0.5.gem differ diff --git a/vendor/cache/rails_stdout_logging-0.0.5.gem b/vendor/cache/rails_stdout_logging-0.0.5.gem new file mode 100644 index 0000000..f09bc21 Binary files /dev/null and b/vendor/cache/rails_stdout_logging-0.0.5.gem differ diff --git a/vendor/cache/railties-4.2.8.gem b/vendor/cache/railties-4.2.8.gem new file mode 100644 index 0000000..78d3bd1 Binary files /dev/null and b/vendor/cache/railties-4.2.8.gem differ diff --git a/vendor/cache/rainbow-2.2.1.gem b/vendor/cache/rainbow-2.2.1.gem new file mode 100644 index 0000000..9520ffb Binary files /dev/null and b/vendor/cache/rainbow-2.2.1.gem differ diff --git a/vendor/cache/raindrops-0.18.0.gem b/vendor/cache/raindrops-0.18.0.gem new file mode 100644 index 0000000..6e6fa04 Binary files /dev/null and b/vendor/cache/raindrops-0.18.0.gem differ diff --git a/vendor/cache/rake-12.0.0.gem b/vendor/cache/rake-12.0.0.gem new file mode 100644 index 0000000..b8dd163 Binary files /dev/null and b/vendor/cache/rake-12.0.0.gem differ diff --git a/vendor/cache/rdoc-4.3.0.gem b/vendor/cache/rdoc-4.3.0.gem new file mode 100644 index 0000000..0c1239f Binary files /dev/null and b/vendor/cache/rdoc-4.3.0.gem differ diff --git a/vendor/cache/recaptcha-4.10.0.gem b/vendor/cache/recaptcha-4.10.0.gem new file mode 100644 index 0000000..37559d5 Binary files /dev/null and b/vendor/cache/recaptcha-4.10.0.gem differ diff --git a/vendor/cache/request_store-1.3.2.gem b/vendor/cache/request_store-1.3.2.gem new file mode 100644 index 0000000..67a96d2 Binary files /dev/null and b/vendor/cache/request_store-1.3.2.gem differ diff --git a/vendor/cache/responders-2.4.0.gem b/vendor/cache/responders-2.4.0.gem new file mode 100644 index 0000000..715a95d Binary files /dev/null and b/vendor/cache/responders-2.4.0.gem differ diff --git a/vendor/cache/rotp-2.1.2.gem b/vendor/cache/rotp-2.1.2.gem new file mode 100644 index 0000000..71c1a2a Binary files /dev/null and b/vendor/cache/rotp-2.1.2.gem differ diff --git a/vendor/cache/rqrcode-0.10.1.gem b/vendor/cache/rqrcode-0.10.1.gem new file mode 100644 index 0000000..f63bf36 Binary files /dev/null and b/vendor/cache/rqrcode-0.10.1.gem differ diff --git a/vendor/cache/rqrcode-rails3-0.1.7.gem b/vendor/cache/rqrcode-rails3-0.1.7.gem new file mode 100644 index 0000000..884495e Binary files /dev/null and b/vendor/cache/rqrcode-rails3-0.1.7.gem differ diff --git a/vendor/cache/rspec-core-3.5.4.gem b/vendor/cache/rspec-core-3.5.4.gem new file mode 100644 index 0000000..8350edc Binary files /dev/null and b/vendor/cache/rspec-core-3.5.4.gem differ diff --git a/vendor/cache/rspec-expectations-3.5.0.gem b/vendor/cache/rspec-expectations-3.5.0.gem new file mode 100644 index 0000000..03eadfb Binary files /dev/null and b/vendor/cache/rspec-expectations-3.5.0.gem differ diff --git a/vendor/cache/rspec-mocks-3.5.0.gem b/vendor/cache/rspec-mocks-3.5.0.gem new file mode 100644 index 0000000..17d4817 Binary files /dev/null and b/vendor/cache/rspec-mocks-3.5.0.gem differ diff --git a/vendor/cache/rspec-rails-3.5.2.gem b/vendor/cache/rspec-rails-3.5.2.gem new file mode 100644 index 0000000..bff0082 Binary files /dev/null and b/vendor/cache/rspec-rails-3.5.2.gem differ diff --git a/vendor/cache/rspec-support-3.5.0.gem b/vendor/cache/rspec-support-3.5.0.gem new file mode 100644 index 0000000..feba67f Binary files /dev/null and b/vendor/cache/rspec-support-3.5.0.gem differ diff --git a/vendor/cache/rubocop-0.48.1.gem b/vendor/cache/rubocop-0.48.1.gem new file mode 100644 index 0000000..4c65eeb Binary files /dev/null and b/vendor/cache/rubocop-0.48.1.gem differ diff --git a/vendor/cache/ruby-progressbar-1.8.1.gem b/vendor/cache/ruby-progressbar-1.8.1.gem new file mode 100644 index 0000000..6f8065a Binary files /dev/null and b/vendor/cache/ruby-progressbar-1.8.1.gem differ diff --git a/vendor/cache/sass-3.4.23.gem b/vendor/cache/sass-3.4.23.gem new file mode 100644 index 0000000..051ddfe Binary files /dev/null and b/vendor/cache/sass-3.4.23.gem differ diff --git a/vendor/cache/sass-rails-5.0.6.gem b/vendor/cache/sass-rails-5.0.6.gem new file mode 100644 index 0000000..7968639 Binary files /dev/null and b/vendor/cache/sass-rails-5.0.6.gem differ diff --git a/vendor/cache/sdoc-0.4.2.gem b/vendor/cache/sdoc-0.4.2.gem new file mode 100644 index 0000000..9454925 Binary files /dev/null and b/vendor/cache/sdoc-0.4.2.gem differ diff --git a/vendor/cache/show_me_the_cookies-3.1.0.gem b/vendor/cache/show_me_the_cookies-3.1.0.gem new file mode 100644 index 0000000..cb4729b Binary files /dev/null and b/vendor/cache/show_me_the_cookies-3.1.0.gem differ diff --git a/vendor/cache/simple_form-3.4.0.gem b/vendor/cache/simple_form-3.4.0.gem new file mode 100644 index 0000000..8904b4a Binary files /dev/null and b/vendor/cache/simple_form-3.4.0.gem differ diff --git a/vendor/cache/skylight-1.1.0.gem b/vendor/cache/skylight-1.1.0.gem new file mode 100644 index 0000000..b9eb59b Binary files /dev/null and b/vendor/cache/skylight-1.1.0.gem differ diff --git a/vendor/cache/sprockets-3.7.1.gem b/vendor/cache/sprockets-3.7.1.gem new file mode 100644 index 0000000..8dcd850 Binary files /dev/null and b/vendor/cache/sprockets-3.7.1.gem differ diff --git a/vendor/cache/sprockets-rails-3.2.0.gem b/vendor/cache/sprockets-rails-3.2.0.gem new file mode 100644 index 0000000..8957cde Binary files /dev/null and b/vendor/cache/sprockets-rails-3.2.0.gem differ diff --git a/vendor/cache/thor-0.19.4.gem b/vendor/cache/thor-0.19.4.gem new file mode 100644 index 0000000..6f42cc2 Binary files /dev/null and b/vendor/cache/thor-0.19.4.gem differ diff --git a/vendor/cache/thread_safe-0.3.6.gem b/vendor/cache/thread_safe-0.3.6.gem new file mode 100644 index 0000000..7ee950f Binary files /dev/null and b/vendor/cache/thread_safe-0.3.6.gem differ diff --git a/vendor/cache/tilt-2.0.7.gem b/vendor/cache/tilt-2.0.7.gem new file mode 100644 index 0000000..11d57a7 Binary files /dev/null and b/vendor/cache/tilt-2.0.7.gem differ diff --git a/vendor/cache/timecop-0.9.1.gem b/vendor/cache/timecop-0.9.1.gem new file mode 100644 index 0000000..7c3eb5e Binary files /dev/null and b/vendor/cache/timecop-0.9.1.gem differ diff --git a/vendor/cache/trix-0.11.1.gem b/vendor/cache/trix-0.11.1.gem new file mode 100644 index 0000000..f83d0e7 Binary files /dev/null and b/vendor/cache/trix-0.11.1.gem differ diff --git a/vendor/cache/tzinfo-1.2.3.gem b/vendor/cache/tzinfo-1.2.3.gem new file mode 100644 index 0000000..8992649 Binary files /dev/null and b/vendor/cache/tzinfo-1.2.3.gem differ diff --git a/vendor/cache/uglifier-3.2.0.gem b/vendor/cache/uglifier-3.2.0.gem new file mode 100644 index 0000000..42f463a Binary files /dev/null and b/vendor/cache/uglifier-3.2.0.gem differ diff --git a/vendor/cache/unicode-display_width-1.2.0.gem b/vendor/cache/unicode-display_width-1.2.0.gem new file mode 100644 index 0000000..b840c9d Binary files /dev/null and b/vendor/cache/unicode-display_width-1.2.0.gem differ diff --git a/vendor/cache/unicorn-5.3.0.gem b/vendor/cache/unicorn-5.3.0.gem new file mode 100644 index 0000000..e65c3b2 Binary files /dev/null and b/vendor/cache/unicorn-5.3.0.gem differ diff --git a/vendor/cache/unicorn-rails-2.2.1.gem b/vendor/cache/unicorn-rails-2.2.1.gem new file mode 100644 index 0000000..6caaaeb Binary files /dev/null and b/vendor/cache/unicorn-rails-2.2.1.gem differ diff --git a/vendor/cache/warden-1.2.7.gem b/vendor/cache/warden-1.2.7.gem new file mode 100644 index 0000000..49fb808 Binary files /dev/null and b/vendor/cache/warden-1.2.7.gem differ diff --git a/vendor/cache/web-console-2.3.0.gem b/vendor/cache/web-console-2.3.0.gem new file mode 100644 index 0000000..d0d61cc Binary files /dev/null and b/vendor/cache/web-console-2.3.0.gem differ diff --git a/vendor/cache/websocket-driver-0.6.5.gem b/vendor/cache/websocket-driver-0.6.5.gem new file mode 100644 index 0000000..e3a0776 Binary files /dev/null and b/vendor/cache/websocket-driver-0.6.5.gem differ diff --git a/vendor/cache/websocket-extensions-0.1.2.gem b/vendor/cache/websocket-extensions-0.1.2.gem new file mode 100644 index 0000000..59ad4be Binary files /dev/null and b/vendor/cache/websocket-extensions-0.1.2.gem differ diff --git a/vendor/cache/xpath-2.0.0.gem b/vendor/cache/xpath-2.0.0.gem new file mode 100644 index 0000000..fedf0e2 Binary files /dev/null and b/vendor/cache/xpath-2.0.0.gem differ