diff --git a/.env.example b/.env.example index be66839..e9342a8 100644 --- a/.env.example +++ b/.env.example @@ -1,7 +1,13 @@ TOPSEKRIT_AUTHORISATION_SETTING='open' TOPSEKRIT_AUTHORISED_DOMAIN='reinteractive.net' GOOGLE_OAUTH_CALLBACK_PATH='/auth/google_oauth2/callback' -GOOGLE_CLIENT_ID='' -GOOGLE_CLIENT_SECRET='' +GOOGLE_OAUTH_CLIENT_ID='' +GOOGLE_OAUTH_CLIENT_SECRET='' BASE_URL='http://localhost:3000' -TOPSEKRIT_EXPIRY_DAYS='14' \ No newline at end of file +TOPSEKRIT_EXPIRY_DAYS='14' +RECAPTCHA_SITE_KEY='' +RECAPTCHA_SECRET_KEY='' +2FA_KEY='' +STRIPE_PUBLISHABLE_KEY='' +STRIPE_SECRET_KEY='' +STRIPE_SUBSCRIPTION_PLAN_ID='' diff --git a/Architecture.md b/Architecture.md new file mode 100644 index 0000000..3691f8d --- /dev/null +++ b/Architecture.md @@ -0,0 +1,19 @@ +# Architecture +* Last update: July 25, 2019 +* This is a living document. Please update this whenever you can. +* This is not 100% complete, the intention is to give you an overview of the system + +## Models +### User +``` +has_many :subscriptions +``` + +### Subscription +``` +code: string +status: integer # enum + +cached_metadata: json +cached_transaction_details: json +``` diff --git a/Gemfile b/Gemfile index e26bcf1..dbb02d4 100644 --- a/Gemfile +++ b/Gemfile @@ -25,6 +25,13 @@ gem "bugsnag" gem "okcomputer" gem "skylight" gem 'rails_12factor', group: :production +gem "devise" +gem "devise-two-factor" +gem "rqrcode-rails3" +gem "mini_magick" +gem "local_time" +gem "trix" +gem "stripe" gem 'sdoc', '~> 0.4.0', group: :doc @@ -41,14 +48,16 @@ group :test do gem "capybara" gem "poltergeist" gem "rspec-rails" - gem "factory_girl_rails" + gem "factory_bot_rails" gem "database_cleaner" gem "faker" gem "launchy" gem "show_me_the_cookies", "~> 3.1.0" + gem "timecop" end group :development, :test do gem "byebug" gem "dotenv-rails" + gem 'pry' end diff --git a/Gemfile.lock b/Gemfile.lock index d489b0d..13bdbf0 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -43,6 +43,7 @@ GEM encryptor (~> 3.0.0) autoprefixer-rails (6.7.7.1) execjs + bcrypt (3.1.11) better_errors (2.1.1) coderay (>= 1.0.0) erubis (>= 2.6.6) @@ -66,11 +67,25 @@ GEM activemodel (>= 4.0.0) activesupport (>= 4.0.0) mime-types (>= 1.16) + chunky_png (1.3.11) cliver (0.3.2) coderay (1.1.1) concurrent-ruby (1.0.5) + connection_pool (2.2.2) database_cleaner (1.5.3) debug_inspector (0.0.2) + devise (4.4.0) + bcrypt (~> 3.0) + orm_adapter (~> 0.1) + railties (>= 4.1.0, < 5.2) + responders + warden (~> 1.2.3) + devise-two-factor (3.0.3) + activesupport (< 5.3) + attr_encrypted (>= 1.3, < 4, != 2) + devise (~> 4.0) + railties (< 5.3) + rotp (~> 2.0) diff-lcs (1.3) dotenv (2.2.0) dotenv-rails (2.2.0) @@ -81,14 +96,14 @@ GEM encryptor (3.0.0) erubis (2.7.0) execjs (2.7.0) - factory_girl (4.8.0) - activesupport (>= 3.0.0) - factory_girl_rails (4.8.0) - factory_girl (~> 4.8.0) - railties (>= 3.0.0) + factory_bot (5.0.2) + activesupport (>= 4.2.0) + factory_bot_rails (5.0.2) + factory_bot (~> 5.0.2) + railties (>= 4.2.0) faker (1.7.3) i18n (~> 0.5) - faraday (0.11.0) + faraday (0.15.4) multipart-post (>= 1.2, < 3) globalid (0.3.7) activesupport (>= 4.1.0) @@ -106,6 +121,7 @@ GEM kgio (2.11.0) launchy (2.4.3) addressable (~> 2.3) + local_time (2.1.0) logstash-event (1.2.02) logstasher (0.6.5) logstash-event (~> 1.2.0) @@ -114,19 +130,23 @@ GEM nokogiri (>= 1.5.9) mail (2.6.4) mime-types (>= 1.16, < 4) + method_source (0.9.2) mime-types (3.1) mime-types-data (~> 3.2015) mime-types-data (3.2016.0521) + mini_magick (4.9.3) mini_portile2 (2.1.0) minitest (5.10.1) - multi_json (1.12.1) + multi_json (1.13.1) multi_xml (0.6.0) - multipart-post (2.0.0) + multipart-post (2.1.1) + net-http-persistent (3.0.1) + connection_pool (~> 2.2) nokogiri (1.7.1) mini_portile2 (~> 2.1.0) - oauth2 (1.3.1) - faraday (>= 0.8, < 0.12) - jwt (~> 1.0) + oauth2 (1.4.1) + faraday (>= 0.8, < 0.16.0) + jwt (>= 1.0, < 3.0) multi_json (~> 1.3) multi_xml (~> 0.5) rack (>= 1.2, < 3) @@ -142,6 +162,7 @@ GEM omniauth-oauth2 (1.4.0) oauth2 (~> 1.0) omniauth (~> 1.2) + orm_adapter (0.5.0) parser (2.4.0.0) ast (~> 2.2) pg (0.20.0) @@ -152,10 +173,13 @@ GEM cliver (~> 0.3.1) websocket-driver (>= 0.2.0) powerpack (0.1.1) + pry (0.12.2) + coderay (~> 1.1.0) + method_source (~> 0.9.0) public_suffix (2.0.5) quiet_assets (1.1.0) railties (>= 3.1, < 5.0) - rack (1.6.5) + rack (1.6.11) rack-test (0.6.3) rack (>= 1.0) rails (4.2.8) @@ -194,6 +218,14 @@ GEM recaptcha (4.10.0) json request_store (1.3.2) + responders (2.4.0) + actionpack (>= 4.2.0, < 5.3) + railties (>= 4.2.0, < 5.3) + rotp (2.1.2) + rqrcode (0.10.1) + chunky_png (~> 1.0) + rqrcode-rails3 (0.1.7) + rqrcode (>= 0.4.2) rspec-core (3.5.4) rspec-support (~> 3.5.0) rspec-expectations (3.5.0) @@ -242,9 +274,15 @@ GEM actionpack (>= 4.0) activesupport (>= 4.0) sprockets (>= 3.0.0) + stripe (4.21.2) + faraday (~> 0.13) + net-http-persistent (~> 3.0) thor (0.19.4) thread_safe (0.3.6) tilt (2.0.7) + timecop (0.9.1) + trix (0.11.1) + rails (> 4.1, < 5.2) tzinfo (1.2.3) thread_safe (~> 0.1) uglifier (3.2.0) @@ -256,6 +294,8 @@ GEM unicorn-rails (2.2.1) rack unicorn + warden (1.2.7) + rack (>= 1.0) web-console (2.3.0) activemodel (>= 4.0) binding_of_caller (>= 0.7.2) @@ -280,23 +320,29 @@ DEPENDENCIES capybara carrierwave database_cleaner + devise + devise-two-factor dotenv-rails email_validator - factory_girl_rails + factory_bot_rails faker jbuilder (~> 2.0) jquery-rails launchy + local_time logstasher (~> 0.6.5) + mini_magick okcomputer omniauth-google-oauth2 pg pickadate-rails poltergeist + pry quiet_assets rails (~> 4.2.8) rails_12factor recaptcha + rqrcode-rails3 rspec-rails rubocop sass-rails (~> 5.0) @@ -304,6 +350,9 @@ DEPENDENCIES show_me_the_cookies (~> 3.1.0) simple_form skylight + stripe + timecop + trix uglifier (>= 1.3.0) unicorn unicorn-rails diff --git a/README.md b/README.md index f592457..0ee136c 100644 --- a/README.md +++ b/README.md @@ -145,4 +145,3 @@ Some helpful commands: heroku restart -a rei-secretlink-production heroku logs --tail -a rei-secretlink-production - diff --git a/app/assets/images/apple-app-store.png b/app/assets/images/apple-app-store.png new file mode 100644 index 0000000..77a11d3 Binary files /dev/null and b/app/assets/images/apple-app-store.png differ diff --git a/app/assets/images/google-play-store.png b/app/assets/images/google-play-store.png new file mode 100644 index 0000000..21cc539 Binary files /dev/null and b/app/assets/images/google-play-store.png differ diff --git a/app/assets/images/locked-icon.svg b/app/assets/images/locked-icon.svg new file mode 100644 index 0000000..e55bf0d --- /dev/null +++ b/app/assets/images/locked-icon.svg @@ -0,0 +1,32 @@ + + + + + + + + + + + diff --git a/app/assets/images/unlocked-icon.svg b/app/assets/images/unlocked-icon.svg new file mode 100644 index 0000000..88d1343 --- /dev/null +++ b/app/assets/images/unlocked-icon.svg @@ -0,0 +1,41 @@ + + + + + + + + + + + diff --git a/app/assets/javascripts/application.js b/app/assets/javascripts/application.js index 1ac51c7..c37004e 100644 --- a/app/assets/javascripts/application.js +++ b/app/assets/javascripts/application.js @@ -10,8 +10,17 @@ // Read Sprockets README (https://github.com/rails/sprockets#sprockets-directives) for details // about supported directives. //= require jquery +//= require jquery_ujs //= require pickadate/picker //= require pickadate/picker.date //= require bootstrap-sprockets //= require topsekrit //= require ui-functions +//= require local-time +//= require trix + +// Components +//= require components/secret-item +//= require components/two-factor-fields +//= require components/new-secret-form +//= require components/stripe-form diff --git a/app/assets/javascripts/components/new-secret-form.js b/app/assets/javascripts/components/new-secret-form.js new file mode 100644 index 0000000..4a7c209 --- /dev/null +++ b/app/assets/javascripts/components/new-secret-form.js @@ -0,0 +1,32 @@ +$(function() { + function NewSecretForm(rootDom) { + this.$root = $(rootDom); + this.$noEmailToggle = this.$root.find('.no-email-toggle'); + this.$fromEmailField = this.$root.find('.secret_from_email'); + this.$toEmailField = this.$root.find('.secret_to_email'); + this.$toEmailInput = this.$root.find("input[name='secret[to_email]']") + this.init(); + } + + NewSecretForm.prototype.init = function () { + this.$noEmailToggle.change(function() { + this.toggleEmailFields(!this.withoutEmail()); + }.bind(this)); + } + + NewSecretForm.prototype.toggleEmailFields = function (showField) { + this.$fromEmailField.toggle(showField); + this.$toEmailField.toggle(showField); + this.$toEmailInput.val(''); + } + + NewSecretForm.prototype.withoutEmail = function () { + return this.$noEmailToggle.is(':checked'); + } + + //Intialization code + const $newSecretForm = $(this).find(".js-new-secret-form"); + $newSecretForm.each(function () { + new NewSecretForm(this) + }) +}); diff --git a/app/assets/javascripts/components/secret-item.js b/app/assets/javascripts/components/secret-item.js new file mode 100644 index 0000000..d40069b --- /dev/null +++ b/app/assets/javascripts/components/secret-item.js @@ -0,0 +1,22 @@ +$(function() { + function SecretItem(rootDom) { + this.$root = $(rootDom); + this.$notes = this.$root.find('.notes'); + this.init(); + } + + SecretItem.prototype.init = function () { + this.$seeNoteBtn = this.$root.find('.notes-trigger'); + this.$seeNoteBtn.on('click', this.toggleNote.bind(this)); + } + + SecretItem.prototype.toggleNote = function () { + this.$notes.toggle('fast'); + } + + //Intialization code + const $secretItems = $(this).find(".secret-item"); + $secretItems.each(function () { + new SecretItem(this) + }) +}); diff --git a/app/assets/javascripts/components/stripe-form.js b/app/assets/javascripts/components/stripe-form.js new file mode 100644 index 0000000..0425ac8 --- /dev/null +++ b/app/assets/javascripts/components/stripe-form.js @@ -0,0 +1,87 @@ +$(function() { + function StripeForm (rootDom, key) { + this.$root = $(rootDom); + this.$cardElement = this.$root.find("#card-element") + this.$errorView = this.$root.find("#card-errors"); + + this.stripe = Stripe(key); + this.elements = this.stripe.elements(); + + this.init(); + } + + StripeForm.prototype.init = function () { + var card = this.initCard(); + this.handleSumbit(card); + this.handleErrors(card); + }; + + StripeForm.prototype.initCard = function () { + var styles = this.cardStyles(); + var card = this.elements.create('card', {style: styles}); + card.mount(this.$cardElement[0]); + return card; + } + + StripeForm.prototype.handleErrors = function (card) { + card.addEventListener("change", function(event) { + if (event.error) { + this.showError(event.error.message); + } else { + this.clearError(); + } + }.bind(this)); + } + + StripeForm.prototype.handleSumbit = function (card) { + this.$root.on("submit", function(event) { + event.preventDefault(); + + this.stripe.createSource(card).then(function(result) { + if (result.error) { + this.showError(result.error.message); + } else { + this.$root.off("submit"); + this.submitSourceResponse(result.source); + } + }.bind(this)); + }.bind(this)); + } + + StripeForm.prototype.submitSourceResponse = function (source) { + // Insert the source ID into the form so it gets submitted to the server + // TODO: Don't we need client_secret in server? + var form = this.$root; + var hiddenInput = document.createElement('input'); + hiddenInput.setAttribute('type', 'hidden'); + hiddenInput.setAttribute('name', 'stripe_source'); + hiddenInput.setAttribute('value', source.id); + form.append(hiddenInput); + + form.submit(); + } + + StripeForm.prototype.showError = function (text) { + this.$errorView.text(text); + }; + + StripeForm.prototype.clearError = function () { + this.$errorView.text(''); + }; + + StripeForm.prototype.cardStyles = function () { + return { + base: { + fontSize: '16px', + color: "#32325d", + } + }; + }; + + //Intialization code + const $newStripeForms = $(this).find(".js-stripe-form"); + $newStripeForms.each(function () { + var key = $(this).data('key'); + new StripeForm(this, key); + }) +}); diff --git a/app/assets/javascripts/components/two-factor-fields.js b/app/assets/javascripts/components/two-factor-fields.js new file mode 100644 index 0000000..b6699b0 --- /dev/null +++ b/app/assets/javascripts/components/two-factor-fields.js @@ -0,0 +1,26 @@ +$(function () { + function TwoFactorFields(rootDom) { + this.$root = $(rootDom); + this.$otpRequiredCheckbox = this.$root.find('.otp-required-for-login'); + this.$enableOtpFields = this.$root.find('.enable-otp-fields'); + this.init(); + } + + TwoFactorFields.prototype.init = function () { + this.$enableOtpFields.toggle(this.isOtpRequired()); + + this.$otpRequiredCheckbox.change(function() { + this.$enableOtpFields.toggle(this.isOtpRequired()); + }.bind(this)); + } + + TwoFactorFields.prototype.isOtpRequired = function () { + return this.$otpRequiredCheckbox.is(':checked'); + } + + //Intialization code + const $hooks = $(this).find(".two-factor-fields"); + $hooks.each(function () { + new TwoFactorFields(this) + }) +}); diff --git a/app/assets/stylesheets/application.sass b/app/assets/stylesheets/application.sass index 0460441..9ff8970 100644 --- a/app/assets/stylesheets/application.sass +++ b/app/assets/stylesheets/application.sass @@ -5,14 +5,35 @@ @import "bootstrap" @import "topsekrit" @import "header-and-footer" +@import "trix" + +// Pages @import "home" @import "secrets" +@import "dashboard" + +// Layouts +@import "layouts/devise" +@import "layouts/settings" + +// Components +@import "components/devise-form" +@import "components/secret-item" +@import "components/two-factor-fields" +@import "components/email-preview" + +// Helpers +@import "helpers" body min-height: 100vh display: flex flex-direction: column + // We still need to do other adjustments + // To change the background color + // background-color: #F2F2F2 + * font-family: "Open Sans", sans-serif @@ -54,4 +75,15 @@ ul.nostyle &:hover background-color: $green3 border-color: $green3 - \ No newline at end of file + +// Shared component styles + +footer + // Keeps footer at the bottom at all times (even if content is short) + margin-top: auto + +.main-header + display: flex + align-items: center + padding: 20px 0 + margin: 0 diff --git a/app/assets/stylesheets/components/devise-form.sass b/app/assets/stylesheets/components/devise-form.sass new file mode 100644 index 0000000..3c341c6 --- /dev/null +++ b/app/assets/stylesheets/components/devise-form.sass @@ -0,0 +1,11 @@ +.devise-form + .heading + margin: 20px 0px + .body + margin: 40px 0px + label + margin-right: 5px + .help-block + display: inline-block + .shared-links + margin: 20px 0px diff --git a/app/assets/stylesheets/components/email-preview.sass b/app/assets/stylesheets/components/email-preview.sass new file mode 100644 index 0000000..ae19212 --- /dev/null +++ b/app/assets/stylesheets/components/email-preview.sass @@ -0,0 +1,18 @@ +.email-preview + padding: 20px + background-color: #fffde0 + border-radius: 5px + +.email-preview__heading + font-size: 1.5rem + border-bottom: $default-border + margin-bottom: 30px + border-color: lightgrey + +.email-preview__body + margin: 15px 0 + +.email-preview__additional-content + margin-top: 30px + font-style: italic + font-weight: 700 diff --git a/app/assets/stylesheets/components/secret-item.sass b/app/assets/stylesheets/components/secret-item.sass new file mode 100644 index 0000000..9735085 --- /dev/null +++ b/app/assets/stylesheets/components/secret-item.sass @@ -0,0 +1,74 @@ +.secret-item + display: flex + flex-direction: column + padding: 10px + border: $default_border + + .header + display: flex + padding: 0 10px + margin-bottom: 5px + .title + font-size: 1.8rem + font-weight: 700px + margin-right: 10px + .viewed-status + padding: 3px 5px + border: $default_border + font-size: 1.3rem + text-transform: uppercase + + .body + display: flex + align-items: center + padding: 10px + justify-content: space-evenly + .emails + display: flex + align-items: center + flex-basis: 40% + padding: 0 5px + .mail-icon + margin-right: 30px + .email-group + div + padding: 3px 0 + .metadata + flex-basis: 40% + padding: 0 5px + div + padding: 3px 0 + .actions + display: flex + flex-direction: column + justify-content: space-around + flex-basis: 20% + padding: 0 5px + text-align: center + .extend-label + border: none + padding: 5px + font-style: italic + .extend-label.extend-btn + border: medium solid + .grouped-actions + display: flex + margin: 10px + justify-content: space-around + .notes-trigger + text-decoration: underline + cursor: pointer + .send-another + text-decoration: underline + + .notes + display: none + background-color: #F2F2F2 + padding: 10px + margin-top: 5px + +@media screen and (max-width: 576px) + .body + flex-direction: column + align-items: flex-start !important + min-height: 230px diff --git a/app/assets/stylesheets/components/two-factor-fields.sass b/app/assets/stylesheets/components/two-factor-fields.sass new file mode 100644 index 0000000..d362968 --- /dev/null +++ b/app/assets/stylesheets/components/two-factor-fields.sass @@ -0,0 +1,17 @@ +.two-factor-fields + margin: 20px 0 + .otp-step + margin: 20px 0 + .qrcode + display: block + width: 250px + height: 250px + border: 20px solid white + .enable-otp-fields + display: none + .instructions + padding: 20px + background-color: #F2F2F2 + .store-icon + width: 30% + margin-right: 10px diff --git a/app/assets/stylesheets/dashboard.sass b/app/assets/stylesheets/dashboard.sass new file mode 100644 index 0000000..fc6e4b4 --- /dev/null +++ b/app/assets/stylesheets/dashboard.sass @@ -0,0 +1,11 @@ +.dashboard + > .header + display: flex + align-items: center + padding: 20px 0 + h2 + display: inline-block + margin: 0 20px 0 0 + .secrets-list + .secret-item + margin: 20px 0 diff --git a/app/assets/stylesheets/header-and-footer.sass b/app/assets/stylesheets/header-and-footer.sass index a9ef4ed..819e77a 100644 --- a/app/assets/stylesheets/header-and-footer.sass +++ b/app/assets/stylesheets/header-and-footer.sass @@ -20,4 +20,17 @@ header.main-nav li:first-child margin-left: 0 +mobile-media-query - font-size: .9em \ No newline at end of file + font-size: .9em + +.dropdown-menu + li + display: block + margin: 0px + +@media screen and (max-width: 576px) + .main-nav + flex-direction: column + align-items: flex-start !important + .main-nav__links + padding: 10px 0 + margin: 0px diff --git a/app/assets/stylesheets/helpers.sass b/app/assets/stylesheets/helpers.sass new file mode 100644 index 0000000..a55e1db --- /dev/null +++ b/app/assets/stylesheets/helpers.sass @@ -0,0 +1,2 @@ +.top-buffer + margin-top: 30px diff --git a/app/assets/stylesheets/layouts/devise.sass b/app/assets/stylesheets/layouts/devise.sass new file mode 100644 index 0000000..459440e --- /dev/null +++ b/app/assets/stylesheets/layouts/devise.sass @@ -0,0 +1,11 @@ +body.devise-layout + min-height: 100vh + display: flex + flex-direction: column + + .container + margin-top: 20px + + .footer + //This makes the footer stay at bottom + margin-top: auto diff --git a/app/assets/stylesheets/layouts/settings.sass b/app/assets/stylesheets/layouts/settings.sass new file mode 100644 index 0000000..05526b3 --- /dev/null +++ b/app/assets/stylesheets/layouts/settings.sass @@ -0,0 +1,34 @@ +@media screen and (max-width: 576px) + body.settings-layout + .sidebar + margin: 0 0 10px 0 !important + +body.settings-layout + min-height: 100vh + display: flex + + h2 + margin-bottom: 1.2rem + + .sidebar + display: flex + flex-direction: column + align-items: flex-end + margin-top: 50px + h2 + font-size: 1.9rem + margin: 15px + ul + display: flex + flex-direction: column + align-items: flex-end + border-right: $default-border + li + list-style-type: none + padding: 10px 15px + a + color: $text-default-color + + .footer + //This makes the footer stay at bottom + margin-top: auto diff --git a/app/assets/stylesheets/secrets.sass b/app/assets/stylesheets/secrets.sass index 59ae768..aa6bd3f 100644 --- a/app/assets/stylesheets/secrets.sass +++ b/app/assets/stylesheets/secrets.sass @@ -12,7 +12,7 @@ margin-bottom: 20px h2 font-size: 1.7em - + .secret__flex-container display: flex +mobile-media-query @@ -43,9 +43,9 @@ background-image: image-url("ol-numbers/2.svg") li.three background-image: image-url("ol-numbers/3.svg") - + li margin-bottom: 10px font-size: 1.1em - line-height: 1.5 \ No newline at end of file + line-height: 1.5 diff --git a/app/assets/stylesheets/topsekrit.scss b/app/assets/stylesheets/topsekrit.scss index 37bde57..98d8b97 100644 --- a/app/assets/stylesheets/topsekrit.scss +++ b/app/assets/stylesheets/topsekrit.scss @@ -31,11 +31,7 @@ form.send-secret-form { } .flash { - margin-bottom: 20px; - span { - margin-left: 15px; - padding: 10px; - } + margin-bottom: 5px; } .field_with_errors .error { diff --git a/app/assets/stylesheets/variables.sass b/app/assets/stylesheets/variables.sass index 82f7978..61b4190 100644 --- a/app/assets/stylesheets/variables.sass +++ b/app/assets/stylesheets/variables.sass @@ -5,12 +5,13 @@ $green2: #1c7279 $green3: #1C5050 $green4: #132D2D +$text-default-color: #333333 $text-grey: #666666 - +$default_border: thin solid #797979 //Sizing $mobile-switch: 675px =mobile-media-query @media(max-width:675px) - @content \ No newline at end of file + @content diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index d2e1a8b..1649d56 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -1,22 +1,8 @@ class ApplicationController < ActionController::Base - protect_from_forgery with: :exception - helper_method :validated_email - - def require_validated_email - redirect_to new_auth_token_path unless validated_email? - end - - def validated_email - session[:validated_email] - end - - def validated_email? - session[:validated_email].present? - end + before_action :configure_permitted_parameters, if: :devise_controller? - def validate_email!(email) - session[:validated_email] = email - end + protect_from_forgery with: :exception + layout :layout_by_resource def notify_exception(exception) if Rails.env.production? @@ -26,4 +12,17 @@ def notify_exception(exception) end end + private + + def layout_by_resource + if devise_controller? + "devise" + else + "application" + end + end + + def configure_permitted_parameters + devise_parameter_sanitizer.permit(:sign_in, keys: [:otp_attempt]) + end end diff --git a/app/controllers/auth_tokens_controller.rb b/app/controllers/auth_tokens_controller.rb deleted file mode 100644 index 6f629cf..0000000 --- a/app/controllers/auth_tokens_controller.rb +++ /dev/null @@ -1,47 +0,0 @@ -class AuthTokensController < ApplicationController - before_action :check_recaptcha, only: :create - - def show - auth_token = AuthToken.find_by(hashed_token: params[:id]) - if auth_token.present? - validate_email!(auth_token.email) - auth_token.delete - redirect_to new_secret_path - else - flash[:message] = "Sorry, we don't know who you are, try sending a new token!" - render :new - end - end - - def new - if validated_email? - # TODO: Remove the HTML formatting and let the view handle it. - flash.now[:message] = "You have already verified your email as #{validated_email}.
- If you want, you can just go ahead and create another secret with this address." - end - end - - def create - auth_token = AuthTokenService.generate(auth_token_params) - if auth_token.valid? - flash.now[:message] = "A token has been generated and sent to #{auth_token_params['email']}" - else - # TODO: Remove the HTML formatting and let the view handle it. - flash.now[:message] = auth_token.errors.full_messages.join("
".html_safe) - end - render :new - end - - private - - def auth_token_params - params.require(:auth_token).permit(:email) - end - - def check_recaptcha - unless verify_recaptcha - flash[:error] = flash[:recaptcha_error] - render :new - end - end -end diff --git a/app/controllers/authenticated_controller.rb b/app/controllers/authenticated_controller.rb new file mode 100644 index 0000000..f9ed256 --- /dev/null +++ b/app/controllers/authenticated_controller.rb @@ -0,0 +1,3 @@ +class AuthenticatedController < ApplicationController + before_action :authenticate_user! +end diff --git a/app/controllers/concerns/retrieve_secret.rb b/app/controllers/concerns/retrieve_secret.rb index a1f1e10..f1587fe 100644 --- a/app/controllers/concerns/retrieve_secret.rb +++ b/app/controllers/concerns/retrieve_secret.rb @@ -6,14 +6,14 @@ def retrieve_secret @secret = Secret.find_by(uuid: params[:id]) case when @secret.expired? - flash[:error] = "Sorry, that secret has expired, please ask the person who sent it to you to send it again." - redirect_to(new_auth_token_path) + flash[:error] = t('secrets.expired_error', from_email: @secret.from_email) + redirect_to(root_path) when @secret.present? && SecretService.correct_key?(@secret, params[:key]) @secret else flash[:error] = "Sorry, we couldn't find that secret" - redirect_to(new_auth_token_path) + redirect_to(root_path) end end end -end \ No newline at end of file +end diff --git a/app/controllers/dashboard_controller.rb b/app/controllers/dashboard_controller.rb new file mode 100644 index 0000000..f206f1f --- /dev/null +++ b/app/controllers/dashboard_controller.rb @@ -0,0 +1,10 @@ +class DashboardController < AuthenticatedController + def index + @secrets = current_user.secrets.order(created_at: :desc).first(10) + + if @secrets.empty? + flash[:notice] = t('welcome') + redirect_to new_secret_path + end + end +end diff --git a/app/controllers/decrypted_secrets_controller.rb b/app/controllers/decrypted_secrets_controller.rb index d462886..5cb1af2 100644 --- a/app/controllers/decrypted_secrets_controller.rb +++ b/app/controllers/decrypted_secrets_controller.rb @@ -1,7 +1,6 @@ class DecryptedSecretsController < ApplicationController include RetrieveSecret before_filter :retrieve_secret - before_filter :require_validated_email def create begin diff --git a/app/controllers/email_template_controller.rb b/app/controllers/email_template_controller.rb new file mode 100644 index 0000000..52fbb7b --- /dev/null +++ b/app/controllers/email_template_controller.rb @@ -0,0 +1,29 @@ +class EmailTemplateController < AuthenticatedController + layout 'settings' + + def edit + @settings = current_user.settings + + unless @settings.send_secret_email_template.present? + @settings.send_secret_email_template = build_default_email + end + end + + def update + current_user.settings.update!(settings_params) # This step should never fail + redirect_to edit_email_template_path, notice: t('.success') + end + + def build_default_email + @secret = Secret.new(from_email: current_user.email) + + ViewBuilder.new( + UserSetting::DEFAULT_SEND_SECRET_EMAIL_TEMPLATE_PATH, + view_context.__binding__ + ).run + end + + def settings_params + params.require(:user_setting).permit(:send_secret_email_template) + end +end diff --git a/app/controllers/extended_secrets_controller.rb b/app/controllers/extended_secrets_controller.rb new file mode 100644 index 0000000..a7fae31 --- /dev/null +++ b/app/controllers/extended_secrets_controller.rb @@ -0,0 +1,13 @@ +class ExtendedSecretsController < AuthenticatedController + def update + @secret = current_user.secrets.find(params[:id]) + + if @secret.expired? && !@secret.extended? + @secret.extend_expiry! + redirect_to dashboard_path, notice: t('secrets.extended_expiry', title: @secret.title) + else + # This case should not happen base on UI + redirect_to dashboard_path + end + end +end diff --git a/app/controllers/oauth_callbacks_controller.rb b/app/controllers/oauth_callbacks_controller.rb index c360865..11c7498 100644 --- a/app/controllers/oauth_callbacks_controller.rb +++ b/app/controllers/oauth_callbacks_controller.rb @@ -3,19 +3,66 @@ class OauthCallbacksController < ApplicationController def google email = request.env['omniauth.auth'] && request.env['omniauth.auth']['info'] && request.env['omniauth.auth']['info']['email'] - if email - flash[:message] = "Authenticated as \"#{email}\" via google" - validate_email!(email) - redirect_to new_secret_path + + user = User.find_or_initialize_by(email: email) + if user.persisted? + handle_persisted_user(user) else - flash[:error] = 'Authentication via google failed' - redirect_to new_auth_token_path + handle_new_user(user) end end def auth_failure - flash[:error] = 'Authentication failed' - redirect_to new_auth_token_path + flash[:error] = t('oauth.failed') + redirect_to root_path + end + + private + + def handle_persisted_user(user) + if !user.confirmed? + redirect_to user_confirmation_path(confirmation_token: user.confirmation_token) + elsif user.confirmed? && user.encrypted_password.blank? + token = update_password_token(user) + redirect_to edit_user_setup_url(reset_password_token: token) + else + flash[:error] = t('oauth.already_registered') + redirect_to new_user_session_path + end + end + + def handle_new_user(user) + user.skip_confirmation_notification! + if user.save + redirect_to user_confirmation_path(confirmation_token: user.confirmation_token) + else + handle_unauthorised and return if user.errors.added?(:email, t('field_errors.unauthorised')) + # This may not be necessary because a failed oauth calls directly + # to auth_failure, but keeping this here as a safeguard + auth_failure and return if user.errors.added?(:email, :blank) + handle_unknown_error(user) + end + end + + def handle_unknown_error(user) + # We're intentionally raising an error here + # So tests will catch when creation of user with email only fails + raise user.errors.full_messages.to_s + end + + def handle_unauthorised + flash[:error] = "Email #{t('field_errors.unauthorised')}" + redirect_to root_path + end + + def update_password_token(user) + raw, enc = Devise.token_generator.generate(User, :reset_password_token) + + user.reset_password_token = enc + user.reset_password_sent_at = Time.current.utc + user.save(validate: false) + user.reload + raw end -end \ No newline at end of file +end diff --git a/app/controllers/pages_controller.rb b/app/controllers/pages_controller.rb index e319e07..eb33e63 100644 --- a/app/controllers/pages_controller.rb +++ b/app/controllers/pages_controller.rb @@ -1,4 +1,7 @@ class PagesController < ApplicationController + def home + @user = User.new + end def copyright end @@ -8,5 +11,4 @@ def privacy_policy def terms_and_conditions end - -end \ No newline at end of file +end diff --git a/app/controllers/secrets_controller.rb b/app/controllers/secrets_controller.rb index 91fe1b3..19a3a1c 100644 --- a/app/controllers/secrets_controller.rb +++ b/app/controllers/secrets_controller.rb @@ -1,37 +1,58 @@ -class SecretsController < ApplicationController +class SecretsController < AuthenticatedController include RetrieveSecret before_filter :retrieve_secret, only: :show - before_filter :require_validated_email, only: [:new, :create] + before_action :authenticate_user!, except: [:show] def show - # As the receipient has now clicked a link, we know their email address is also - # valid, so we will validate them so they can painlessly send a new secret if - # they like as well. - validate_email!(@secret.to_email) + # TODO: Should we add a button to encourage the user to register? end def new - @secret = Secret.new(from_email: validated_email) + base_secret = current_user.secrets.find_by(uuid: params[:base_id]) + + if base_secret.present? + @secret = Secret.new( + title: base_secret.title, + from_email: base_secret.from_email, + to_email: base_secret.to_email, + comments: base_secret.comments + ) + else + @secret = Secret.new(from_email: current_user.email) + end end def create - @secret = SecretService.encrypt_new_secret(secret_params) + @secret = SecretService.encrypt_new_secret(secret_params, + current_user.settings.send_secret_email_template) + if @secret.persisted? - flash[:message] = "The secret has been encrypted and an email sent to the recipient, feel free to send another secret!" - redirect_to new_secret_path + if @secret.no_email? + CopySecretService.new(session).prepare!(@secret) + + flash[:message] = t('secrets.create.success.without_email') + redirect_to copy_secrets_path + else + flash[:message] = t('secrets.create.success.with_email') + redirect_to dashboard_path + end else - flash.now[:message] = @secret.errors.full_messages.join("
".html_safe) + flash.now[:error] = @secret.errors.full_messages.join("
".html_safe) render :new end end + def copy + @data = CopySecretService.new(session).perform! + redirect_to root_path unless @data + end + private def secret_params params.require(:secret).permit(:title, :to_email, :secret, :comments, - :expire_at, :secret_file).tap do |p| - p[:from_email] = validated_email + :expire_at, :secret_file, :no_email).tap do |p| + p[:from_email] = current_user.email end end - end diff --git a/app/controllers/subscriptions_controller.rb b/app/controllers/subscriptions_controller.rb new file mode 100644 index 0000000..3bcef07 --- /dev/null +++ b/app/controllers/subscriptions_controller.rb @@ -0,0 +1,11 @@ +class SubscriptionsController < AuthenticatedController + layout 'settings' + + def new + end + + def create + SubscriptionService.new(current_user) + .perform(params[:stripe_source]) + end +end diff --git a/app/controllers/two_factor_auth_controller.rb b/app/controllers/two_factor_auth_controller.rb new file mode 100644 index 0000000..f20249e --- /dev/null +++ b/app/controllers/two_factor_auth_controller.rb @@ -0,0 +1,44 @@ +class TwoFactorAuthController < AuthenticatedController + layout 'settings' + + def edit + @tfa_service = TwoFactorService.new(current_user) + @tfa_service.issue_otp_secret + @otp_provisioning_uri = @tfa_service.generate_otp_provisioning_uri + end + + def update + @tfa_service = TwoFactorService.new(current_user) + + valid = + if enabling_otp? + @tfa_service.enable_otp( + two_factor_params[:otp_secret], + two_factor_params[:otp_attempt], + two_factor_params[:current_password] + ) + else + @tfa_service.disable_otp(two_factor_params[:current_password]) + end + + if valid + verb = @tfa_service.user.otp_required_for_login ? 'enabled' : 'disabled' + redirect_to root_path, notice: t('two_factor.update_success', verb: verb) + else + flash[:error] = t('two_factor.update_failed') + + @otp_provisioning_uri = @tfa_service.generate_otp_provisioning_uri + render :edit + end + end + + private + + def enabling_otp? + two_factor_params[:otp_required_for_login] == '1' + end + + def two_factor_params + params.require(:user).permit(:otp_required_for_login, :otp_secret, :otp_attempt, :current_password) + end +end diff --git a/app/controllers/user_setups_controller.rb b/app/controllers/user_setups_controller.rb new file mode 100644 index 0000000..e7dbedf --- /dev/null +++ b/app/controllers/user_setups_controller.rb @@ -0,0 +1,51 @@ +class UserSetupsController < ApplicationController + before_action :set_original_token + + def edit + @user = User.with_reset_password_token(@original_token) + + if @user + @tfa_service = TwoFactorService.new(@user) + @tfa_service.issue_otp_secret + @otp_provisioning_uri = @tfa_service.generate_otp_provisioning_uri + else + redirect_to root_path, notice: t('devise.passwords.no_token') + end + end + + def update + @setup_service = UserSetupService.new( + password_params[:reset_password_token], + TwoFactorService + ) + + if @setup_service.run(password_params, two_factor_params) + @setup_service.user.after_database_authentication + flash[:notice] = t('devise.passwords.updated') + sign_in(@setup_service.user) + + redirect_to dashboard_path + else + @tfa_service = @setup_service.tfa_service + @tfa_service.user.otp_required_for_login = two_factor_params[:otp_required_for_login] + @tfa_service.user.otp_secret = two_factor_params[:otp_secret] + @otp_provisioning_uri = @tfa_service.generate_otp_provisioning_uri + + render :edit + end + end + + private + + def password_params + params.require(:user).permit(:password, :password_confirmation, :reset_password_token) + end + + def two_factor_params + params.require(:user).permit(:otp_required_for_login, :otp_secret, :otp_attempt) + end + + def set_original_token + @original_token ||= params[:reset_password_token] + end +end diff --git a/app/controllers/users/confirmations_controller.rb b/app/controllers/users/confirmations_controller.rb new file mode 100644 index 0000000..0353df8 --- /dev/null +++ b/app/controllers/users/confirmations_controller.rb @@ -0,0 +1,31 @@ +# frozen_string_literal: true + +class Users::ConfirmationsController < Devise::ConfirmationsController + # GET /resource/confirmation/new + # def new + # super + # end + + # POST /resource/confirmation + # def create + # super + # end + + # GET /resource/confirmation?confirmation_token=abcdef + # def show + # super + # end + + # protected + + # The path used after resending confirmation instructions. + # def after_resending_confirmation_instructions_path_for(resource_name) + # super(resource_name) + # end + + # The path used after confirmation. + def after_confirmation_path_for(resource_name, resource) + token = resource.send(:set_reset_password_token) + edit_user_setup_url(reset_password_token: token) + end +end diff --git a/app/controllers/users/passwords_controller.rb b/app/controllers/users/passwords_controller.rb new file mode 100644 index 0000000..093ac71 --- /dev/null +++ b/app/controllers/users/passwords_controller.rb @@ -0,0 +1,38 @@ +# frozen_string_literal: true + +class Users::PasswordsController < Devise::PasswordsController + # GET /resource/password/new + # def new + # super + # end + + # POST /resource/password + # def create + # super + # end + + # GET /resource/password/edit?reset_password_token=abcdef + # def edit + # super + # end + + # PUT /resource/password + # def update + # super + # end + + # protected + + def after_resetting_password_path_for(resource) + # TODO: this path is also being used by user registration flow + # (After confirming the account, the user is asked to edit/set the password) + # Please fix accordingly if the path is not desired + # when editing password out of registration's context + dashboard_path + end + + # The path used after sending reset password instructions + # def after_sending_reset_password_instructions_path_for(resource_name) + # super(resource_name) + # end +end diff --git a/app/controllers/users/registrations_controller.rb b/app/controllers/users/registrations_controller.rb new file mode 100644 index 0000000..e195e2e --- /dev/null +++ b/app/controllers/users/registrations_controller.rb @@ -0,0 +1,84 @@ +# frozen_string_literal: true + +class Users::RegistrationsController < Devise::RegistrationsController + before_action :check_recaptcha, only: :create + # before_action :configure_sign_up_params, only: [:create] + # before_action :configure_account_update_params, only: [:update] + + # GET /resource/sign_up + # def new + # super + # end + + # POST /resource + def create + user = User.find_by(email: params[:user][:email]) + + if user.present? && !user.confirmed? + user.send_confirmation_instructions + redirect_to root_path, notice: t('devise.registrations.signed_up_but_unconfirmed') + elsif user.present? && user.confirmed? && user.encrypted_password.blank? + user.send_reset_password_instructions + redirect_to root_path, notice: t('devise.registrations.signed_up_confirmed_without_password') + else + super + end + end + + # GET /resource/edit + # def edit + # super + # end + + # PUT /resource + # def update + # super + # end + + # DELETE /resource + # def destroy + # super + # end + + # GET /resource/cancel + # Forces the session data which is usually expired after sign + # in to be expired now. This is useful if the user wants to + # cancel oauth signing in/up in the middle of the process, + # removing all OAuth session data. + # def cancel + # super + # end + + # protected + + # If you have extra params to permit, append them to the sanitizer. + # def configure_sign_up_params + # devise_parameter_sanitizer.permit(:sign_up, keys: [:attribute]) + # end + + # If you have extra params to permit, append them to the sanitizer. + # def configure_account_update_params + # devise_parameter_sanitizer.permit(:account_update, keys: [:attribute]) + # end + + # The path used after sign up. + # def after_sign_up_path_for(resource) + # super(resource) + # end + + # The path used after sign up for inactive accounts. + # def after_inactive_sign_up_path_for(resource) + # super(resource) + # end + + private + + def check_recaptcha + unless verify_recaptcha + self.resource = resource_class.new sign_up_params + resource.validate # Look for any other validation errors besides Recaptcha + resource.errors.add(:base, 'reCAPTCHA verification failed, please try again') + respond_with resource + end + end +end diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb index caccb42..fd74c1d 100644 --- a/app/helpers/application_helper.rb +++ b/app/helpers/application_helper.rb @@ -9,7 +9,7 @@ def to_email_placeholder end def from_email_placeholder - validated_email + current_user.email end # A closed system only allows secrets to be sent to and from email @@ -32,4 +32,7 @@ def auth_new_page? request.path == '/auth_tokens/new' end + def flash_display_type(key) + HashWithIndifferentAccess.new(alert: 'danger', error: 'danger')[key] || 'success' + end end diff --git a/app/mailers/secret_mailer.rb b/app/mailers/secret_mailer.rb index 420a4e8..01cd868 100644 --- a/app/mailers/secret_mailer.rb +++ b/app/mailers/secret_mailer.rb @@ -1,7 +1,11 @@ class SecretMailer < BaseMailer - def secret_notification(secret) + def secret_notification(secret, custom_message = nil) @secret = secret + + #We're also checking for blank string + @editable_content = custom_message.present? ? custom_message : load_default_content + mail(to: @secret.to_email, reply_to: @secret.from_email, subject: "SecretLink.org: A secret has been shared with you - Reference #{@secret.uuid}") @@ -14,4 +18,12 @@ def consumnation_notification(secret) subject: "Your secret was consumed on SecretLink.org - Reference #{@secret.uuid}") end + private + + def load_default_content + ViewBuilder.new( + UserSetting::DEFAULT_SEND_SECRET_EMAIL_TEMPLATE_PATH, + view_context.__binding__ + ).run + end end diff --git a/app/models/auth_token.rb b/app/models/auth_token.rb index a339305..dfd0939 100644 --- a/app/models/auth_token.rb +++ b/app/models/auth_token.rb @@ -4,17 +4,11 @@ class AuthToken < ActiveRecord::Base before_validation :set_defaults - # TODO: Model shouldn't be sending the email. - # TODO: Emails should be in background worker. - def notify - AuthTokenMailer.auth_token(email, hashed_token).deliver_now - end - private def set_defaults self.hashed_token = SecureRandom.hex - self.expire_at = Time.now + 7.days + self.expire_at = Time.current + 7.days end def email_domain_authorised diff --git a/app/models/secret.rb b/app/models/secret.rb index c84d9de..8711943 100644 --- a/app/models/secret.rb +++ b/app/models/secret.rb @@ -9,8 +9,8 @@ class Secret < ActiveRecord::Base } validates :to_email, presence: { - message: "Please enter the senders's email address" - } + message: "Please enter the senders's email address" + }, unless: :no_email validates :secret, presence: { message: "Please enter a secret to share with the recipient", @@ -23,24 +23,43 @@ class Secret < ActiveRecord::Base where('from_email = ? and access_key = ?', email, access_key) } + belongs_to :user, primary_key: 'email', foreign_key: 'from_email' + + def sent_at + # We're using creted_at as the send date + created_at + end + def delete_encrypted_information update_attribute(:secret, nil) end def mark_as_consumed - update_attribute(:consumed_at, Time.now) + update_attribute(:consumed_at, Time.current) end def expired? - expire_at.present? && expire_at < Time.now + expire_at.present? && expire_at < Time.current + end + + def extend_expiry! + # We need to use update_columns to bypass reencryption + update_columns( + expire_at: Time.current + 1.week, + extended_at: Time.current + ) + end + + def extended? + extended_at.present? end def expire_at_within_limit if Rails.application.config.topsekrit_maximum_expiry_time - max_expiry_in_config = (Time.now + Rails.application.config.topsekrit_maximum_expiry_time).to_i + max_expiry_in_config = (Time.current + Rails.application.config.topsekrit_maximum_expiry_time).to_i if expire_at.blank? || (expire_at && expire_at.to_i > max_expiry_in_config) errors.add(:expire_at, "Maximum expiry allowed is " + - (Time.now + Rails.application.config.topsekrit_maximum_expiry_time).strftime('%d %B %Y')) + (Time.current + Rails.application.config.topsekrit_maximum_expiry_time).strftime('%d %B %Y')) end end end @@ -66,7 +85,7 @@ def email_domain_does_not_match? def self.expire_at_hint if Rails.application.config.topsekrit_maximum_expiry_time (Date.today + 1).strftime('%d %B %Y') + ' - ' + - (Time.now + Rails.application.config.topsekrit_maximum_expiry_time).strftime('%d %B %Y') + (Time.current + Rails.application.config.topsekrit_maximum_expiry_time).strftime('%d %B %Y') end end end diff --git a/app/models/subscription.rb b/app/models/subscription.rb new file mode 100644 index 0000000..bba8816 --- /dev/null +++ b/app/models/subscription.rb @@ -0,0 +1,5 @@ +class Subscription < ActiveRecord::Base + PLANS = YAML.load_file(Rails.root.join("db", "data", "subscription_plans.yml")) + + enum status: [:active, :inactive] +end diff --git a/app/models/user.rb b/app/models/user.rb new file mode 100644 index 0000000..e198c45 --- /dev/null +++ b/app/models/user.rb @@ -0,0 +1,38 @@ +class User < ActiveRecord::Base + # Include default devise modules. Others available are: + # :lockable, :timeoutable and :omniauthable + after_create :create_settings + + devise :registerable, :confirmable, + :recoverable, :rememberable, :trackable, :validatable + + devise :two_factor_authenticatable, + otp_secret_encryption_key: Rails.configuration.topsekrit_2fa_key + + validate :email_authorised?, on: :create + + has_one :settings, class_name: 'UserSetting' + has_many :secrets, primary_key: 'email', foreign_key: 'from_email' + + protected + + def password_required? + confirmed? ? super : false + end + + def email_authorised? + unless AuthorisedEmailService.authorised_to_register?(email) + errors.add(:email, I18n.t('field_errors.unauthorised')) + end + end + + def self.with_reset_password_token(token) + reset_password_token = Devise.token_generator.digest(self, :reset_password_token, token) + to_adapter.find_first(reset_password_token: reset_password_token) + end + + # hooks + def create_settings + UserSetting.create(user: self) + end +end diff --git a/app/models/user_setting.rb b/app/models/user_setting.rb new file mode 100644 index 0000000..c888836 --- /dev/null +++ b/app/models/user_setting.rb @@ -0,0 +1,6 @@ +class UserSetting < ActiveRecord::Base + DEFAULT_SEND_SECRET_EMAIL_TEMPLATE_PATH = + 'secret_mailer/secret_notification_editable.html.erb'.freeze + + belongs_to :user +end diff --git a/app/services/auth_token_service.rb b/app/services/auth_token_service.rb deleted file mode 100644 index e0980d8..0000000 --- a/app/services/auth_token_service.rb +++ /dev/null @@ -1,10 +0,0 @@ -class AuthTokenService - - def self.generate(auth_hash) - auth_token = AuthToken.create(auth_hash) - # TODO: Model shouldn't be sending the email - auth_token.notify if auth_token.persisted? - auth_token - end - -end diff --git a/app/services/authorised_email_service.rb b/app/services/authorised_email_service.rb index 9d9328b..104b66e 100644 --- a/app/services/authorised_email_service.rb +++ b/app/services/authorised_email_service.rb @@ -1,12 +1,45 @@ -class AuthorisedEmailService +module AuthorisedEmailService + class << self + def closed_system? + authorisation == :closed + end - def self.email_domain_matches?(email) - regexp = Regexp.new(".+#{Rails.configuration.topsekrit_authorised_domain}\\z") - email.to_s.match(regexp) - end + def limited_system? + authorisation == :limited + end + + def open_system? + authorisation == :open + end + + def closed_or_limited_system? + closed_system? || limited_system? + end + + def authorised_to_register?(email) + if closed_or_limited_system? + email_domain_matches?(email).present? + else + true + end + end + + def email_domain_matches?(email) + regexp = Regexp.new(".+#{authorised_domain}\\z") + email.to_s.match(regexp) + end + + def email_domain_does_not_match?(email) + !email_domain_matches?(email) + end + + def authorisation + Rails.configuration.topsekrit_authorisation_setting + end - def self.email_domain_does_not_match?(email) - !email_domain_matches?(email) + def authorised_domain + Rails.configuration.topsekrit_authorised_domain + end end -end \ No newline at end of file +end diff --git a/app/services/copy_secret_service.rb b/app/services/copy_secret_service.rb new file mode 100644 index 0000000..9947940 --- /dev/null +++ b/app/services/copy_secret_service.rb @@ -0,0 +1,27 @@ +class CopySecretService + attr_reader :session + + KEY = :copy_secret_key + UUID = :copy_secret_uuid + + def initialize(session) + @session = session + end + + def prepare!(secret) + session[KEY] = secret.secret_key + session[UUID] = secret.uuid + end + + def perform! + if session[KEY] && session[UUID] + data = {key: session[KEY], uuid: session[UUID]} + + session.delete(KEY) + session.delete(UUID) + data + else + false + end + end +end diff --git a/app/services/secret_service.rb b/app/services/secret_service.rb index e345efc..61441d9 100644 --- a/app/services/secret_service.rb +++ b/app/services/secret_service.rb @@ -1,10 +1,13 @@ class SecretService - def self.encrypt_new_secret(params) + def self.encrypt_new_secret(params, email_template = nil) secret = Secret.create(params.merge(uuid: SecureRandom.uuid, secret_key: SecureRandom.hex(16))) - if secret.persisted? + if secret.persisted? && !secret.no_email? # TODO: Mailers should be in the background - SecretMailer.secret_notification(secret).deliver_now + SecretMailer.secret_notification( + secret, + email_template + ).deliver_now end secret end diff --git a/app/services/subscription_service.rb b/app/services/subscription_service.rb new file mode 100644 index 0000000..1c4c5ec --- /dev/null +++ b/app/services/subscription_service.rb @@ -0,0 +1,54 @@ +require 'ostruct' + +class SubscriptionService + attr_reader :user, :plan + + def initialize(user) + @user = user + + # Right now we're just supporting 1 type of plan + @plan = OpenStruct.new(Subscription::PLANS['default_monthly']) + end + + def perform(source_id) + customer = create_customer(source_id) + + # TODO: Use same customer id when present + # Or Persist if customer is new + result = subscribe_to_plan(customer["id"]) + + # TODO: + # Persist subscription + build_subscription(result) + end + + private + + def create_customer(source_id) + Stripe::Customer.create({ + email: user.email, + source: source_id + }) + end + + def subscribe_to_plan(customer_id) + Stripe::Subscription.create({ + customer: customer_id, + items: [{ + plan: plan.stripe_id + }], + }) + end + + def build_subscription(stripe_subscription) + # TODO: Handle failure + if stripe_subscription.status == "active" + Subscription.create!( + code: plan.code, + status: :active, + cached_metadata: plan.to_h, + cached_transaction_details: stripe_subscription.to_json + ) + end + end +end diff --git a/app/services/two_factor_service.rb b/app/services/two_factor_service.rb new file mode 100644 index 0000000..372c934 --- /dev/null +++ b/app/services/two_factor_service.rb @@ -0,0 +1,56 @@ +class TwoFactorService + attr_reader :user + + def initialize(user) + @user = user + end + + def issue_otp_secret + secret = User.generate_otp_secret + user.otp_secret = secret + secret + end + + def generate_otp_provisioning_uri + issuer = 'Secret Link' + issuer += ' (dev)' if Rails.env.development? + label = "#{issuer}:#{user.email}" + user.otp_provisioning_uri(label, issuer: issuer) + end + + # Update model with params only if otp_attempt and current_password are correct + def enable_otp(otp_secret, otp_attempt, current_password) + user.assign_attributes(otp_secret: otp_secret, otp_required_for_login: true) + + result = + if user.valid_password?(current_password) + validate_and_consume_otp(otp_attempt, otp_secret) + else + user.errors.add(:current_password, current_password.blank? ? :blank : :invalid) + false + end + + user.clean_up_passwords + result + end + + def enable_otp_without_password(otp_secret, otp_attempt) + validate_and_consume_otp(otp_attempt, otp_secret) + end + + def disable_otp(current_password) + user.update_with_password(current_password: current_password, otp_required_for_login: false) + end + + private + + def validate_and_consume_otp(otp_attempt, otp_secret) + if user.validate_and_consume_otp!(otp_attempt, otp_secret: otp_secret) + user.update_attributes(otp_secret: otp_secret, otp_required_for_login: true) + true + else + user.errors.add(:otp_attempt, otp_attempt.blank? ? :blank : :invalid) + false + end + end +end diff --git a/app/services/user_setup_service.rb b/app/services/user_setup_service.rb new file mode 100644 index 0000000..d6d4d52 --- /dev/null +++ b/app/services/user_setup_service.rb @@ -0,0 +1,46 @@ +class UserSetupService + attr_reader :user, :tfa_service + + def initialize(token, tfa_service_klass) + reset_password_token = Devise.token_generator.digest(User, :reset_password_token, token) + + @user = User.find_or_initialize_with_error_by(:reset_password_token, reset_password_token) + @tfa_service = tfa_service_klass.new(@user) + end + + def run(password_params, tfa_params) + password, confirmation = password_params.values_at :password, :password_confirmation + otp_required, otp_secret, otp_attempt = tfa_params.values_at :otp_required_for_login, :otp_secret, :otp_attempt + + if token_valid? && user_valid?(password, confirmation) + return enable_otp(otp_secret, otp_attempt) if otp_required == '1' + user.save! # This should never raise an errror + else + false + end + end + + private + + def enable_otp(secret, attempt) + if tfa_service.enable_otp_without_password(secret, attempt) + user.save! # This should never raise an errror + else + false + end + end + + def user_valid?(password, confirmation) + if password.present? + user.assign_attributes(password: password, password_confirmation: confirmation) + user.valid? + else + user.errors.add(:password, :blank) + false + end + end + + def token_valid? + user.persisted? && user.reset_password_period_valid? + end +end diff --git a/app/views/auth_token_mailer/auth_token.html.erb b/app/views/auth_token_mailer/auth_token.html.erb deleted file mode 100644 index 74a44a6..0000000 --- a/app/views/auth_token_mailer/auth_token.html.erb +++ /dev/null @@ -1,21 +0,0 @@ -

- Hello <%= @email %> -

- -

- Here is the requested authentication token that will allow you to access <%= link_to("SecretLink.org", "https://secretlink.org") %>: -

-

- <%= link_to auth_token_url(@token), auth_token_url(@token) %> -

- -

- Thank you for using <%= link_to("SecretLink.org", "https://secretlink.org") %>! -

- - - -

-

- If you didn't expect to receive this message, please contact <%= mail_to "info@secretlink.org" %>. -

diff --git a/app/views/auth_token_mailer/auth_token.text.erb b/app/views/auth_token_mailer/auth_token.text.erb deleted file mode 100644 index 0d874ab..0000000 --- a/app/views/auth_token_mailer/auth_token.text.erb +++ /dev/null @@ -1,11 +0,0 @@ -Hello <%= @email %> - -Here is the requested authentication token that will allow you to access https://SecretLink.org/ - -<%= "#{@request_host}/auth_tokens/#{@token}" %> - -Thank you for using <%= link_to("SecretLink.org", "https://secretlink.org") %>! - - - -If you didn't expect to receive this message, please contact info@secretlink.org diff --git a/app/views/dashboard/_secret_item.erb b/app/views/dashboard/_secret_item.erb new file mode 100644 index 0000000..04169e4 --- /dev/null +++ b/app/views/dashboard/_secret_item.erb @@ -0,0 +1,63 @@ +<% secret %> + +
+
+
<%= secret.title %>
+ <% if secret.consumed_at.blank? %> +
Not Viewed
+ <% end %> +
+
+
+ <% if secret.consumed_at? %> + <%= image_tag 'unlocked-icon.svg', class: 'mail-icon' %> + <% else %> + <%= image_tag 'locked-icon.svg', class: 'mail-icon' %> + <% end %> + +
+
+
+ <% if secret.no_email? %> + Created: <%= local_time(secret.created_at, t('date.formats.dashboard_time')) %> + <% else %> + Sent: <%= local_time(secret.sent_at, t('date.formats.dashboard_time')) %> + <% end %> +
+
+ <% if secret.consumed_at? %> +
Viewed: <%= local_time(secret.consumed_at, t('date.formats.dashboard_time')) %>
+ <% elsif secret.expired? %> +
not viewed, expired: <%= local_time(secret.expire_at, t('date.formats.dashboard_time')) %>
+ <% else %> +
not viewed, expiry: <%= local_time(secret.expire_at, t('date.formats.dashboard_time')) %>
+ <% end %> +
+
+
+ <% if secret.consumed_at? %> +
Viewed and Deleted
+ <% elsif secret.expired? && !secret.extended?%> + <%= link_to "Extend", extended_secret_path(secret), class: 'extend-label extend-btn', method: :put %> + <% elsif secret.extended? %> +
Extended
+ <% end %> +
+
See Notes
+
|
+
+ <%= link_to "Send Another", new_secret_path(base_id: secret.uuid) %> +
+
+
+
+
<%= secret.comments %>
+
diff --git a/app/views/dashboard/index.html.erb b/app/views/dashboard/index.html.erb new file mode 100644 index 0000000..32567b2 --- /dev/null +++ b/app/views/dashboard/index.html.erb @@ -0,0 +1,11 @@ +
+
+

All Secrets

+ <%= link_to 'Create New', new_secret_path, class: 'button green' %> +
+
+ <% @secrets.each do |secret| %> + <%= render 'secret_item', secret: secret %> + <% end %> +
+
diff --git a/app/views/devise/confirmations/new.html.erb b/app/views/devise/confirmations/new.html.erb new file mode 100644 index 0000000..e8f4415 --- /dev/null +++ b/app/views/devise/confirmations/new.html.erb @@ -0,0 +1,22 @@ +
+

Resend confirmation instructions

+ +
+ <%= simple_form_for(resource, as: resource_name, url: confirmation_path(resource_name), html: { method: :post }) do |f| %> + <%= f.error_notification %> + <%= f.full_error :confirmation_token %> + +
+ <%= f.input :email, required: true, autofocus: true %> +
+ +
+ <%= f.button :submit, "Resend confirmation instructions" %> +
+ <% end %> +
+ +
+ <%= render "devise/shared/links" %> +
+
diff --git a/app/views/devise/mailer/confirmation_instructions.html.erb b/app/views/devise/mailer/confirmation_instructions.html.erb new file mode 100644 index 0000000..dc55f64 --- /dev/null +++ b/app/views/devise/mailer/confirmation_instructions.html.erb @@ -0,0 +1,5 @@ +

Welcome <%= @email %>!

+ +

You can confirm your account email through the link below:

+ +

<%= link_to 'Confirm my account', confirmation_url(@resource, confirmation_token: @token) %>

diff --git a/app/views/devise/mailer/email_changed.html.erb b/app/views/devise/mailer/email_changed.html.erb new file mode 100644 index 0000000..32f4ba8 --- /dev/null +++ b/app/views/devise/mailer/email_changed.html.erb @@ -0,0 +1,7 @@ +

Hello <%= @email %>!

+ +<% if @resource.try(:unconfirmed_email?) %> +

We're contacting you to notify you that your email is being changed to <%= @resource.unconfirmed_email %>.

+<% else %> +

We're contacting you to notify you that your email has been changed to <%= @resource.email %>.

+<% end %> diff --git a/app/views/devise/mailer/password_change.html.erb b/app/views/devise/mailer/password_change.html.erb new file mode 100644 index 0000000..b41daf4 --- /dev/null +++ b/app/views/devise/mailer/password_change.html.erb @@ -0,0 +1,3 @@ +

Hello <%= @resource.email %>!

+ +

We're contacting you to notify you that your password has been changed.

diff --git a/app/views/devise/mailer/reset_password_instructions.html.erb b/app/views/devise/mailer/reset_password_instructions.html.erb new file mode 100644 index 0000000..f667dc1 --- /dev/null +++ b/app/views/devise/mailer/reset_password_instructions.html.erb @@ -0,0 +1,8 @@ +

Hello <%= @resource.email %>!

+ +

Someone has requested a link to change your password. You can do this through the link below.

+ +

<%= link_to 'Change my password', edit_password_url(@resource, reset_password_token: @token) %>

+ +

If you didn't request this, please ignore this email.

+

Your password won't change until you access the link above and create a new one.

diff --git a/app/views/devise/mailer/unlock_instructions.html.erb b/app/views/devise/mailer/unlock_instructions.html.erb new file mode 100644 index 0000000..41e148b --- /dev/null +++ b/app/views/devise/mailer/unlock_instructions.html.erb @@ -0,0 +1,7 @@ +

Hello <%= @resource.email %>!

+ +

Your account has been locked due to an excessive number of unsuccessful sign in attempts.

+ +

Click the link below to unlock your account:

+ +

<%= link_to 'Unlock my account', unlock_url(@resource, unlock_token: @token) %>

diff --git a/app/views/devise/passwords/edit.html.erb b/app/views/devise/passwords/edit.html.erb new file mode 100644 index 0000000..4734c35 --- /dev/null +++ b/app/views/devise/passwords/edit.html.erb @@ -0,0 +1,25 @@ +
+

Set your password

+ +
+ <%= simple_form_for(resource, as: resource_name, url: password_path(resource_name), html: { method: :put }) do |f| %> + <%= f.error_notification %> + + <%= f.input :reset_password_token, as: :hidden %> + <%= f.full_error :reset_password_token %> + +
+ <%= f.input :password, label: "New password", required: true, autofocus: true, hint: ("#{@minimum_password_length} characters minimum" if @minimum_password_length) %> + <%= f.input :password_confirmation, label: "Confirm your new password", required: true %> +
+ +
+ <%= f.button :submit, "Set my password" %> +
+ <% end %> +
+ +
+ <%= render "devise/shared/links" %> +
+
diff --git a/app/views/devise/passwords/new.html.erb b/app/views/devise/passwords/new.html.erb new file mode 100644 index 0000000..375bb0e --- /dev/null +++ b/app/views/devise/passwords/new.html.erb @@ -0,0 +1,21 @@ +
+

Forgot your password?

+ +
+ <%= simple_form_for(resource, as: resource_name, url: password_path(resource_name), html: { method: :post }) do |f| %> + <%= f.error_notification %> + +
+ <%= f.input :email, required: true, autofocus: true %> +
+ +
+ <%= f.button :submit, "Send me reset password instructions" %> +
+ <% end %> +
+ +
+ <%= render "devise/shared/links" %> +
+
diff --git a/app/views/devise/registrations/edit.html.erb b/app/views/devise/registrations/edit.html.erb new file mode 100644 index 0000000..5db350b --- /dev/null +++ b/app/views/devise/registrations/edit.html.erb @@ -0,0 +1,27 @@ +

Edit <%= resource_name.to_s.humanize %>

+ +<%= simple_form_for(resource, as: resource_name, url: registration_path(resource_name), html: { method: :put }) do |f| %> + <%= f.error_notification %> + +
+ <%= f.input :email, required: true, autofocus: true %> + + <% if devise_mapping.confirmable? && resource.pending_reconfirmation? %> +

Currently waiting confirmation for: <%= resource.unconfirmed_email %>

+ <% end %> + + <%= f.input :password, autocomplete: "off", hint: "leave it blank if you don't want to change it", required: false %> + <%= f.input :password_confirmation, required: false %> + <%= f.input :current_password, hint: "we need your current password to confirm your changes", required: true %> +
+ +
+ <%= f.button :submit, "Update" %> +
+<% end %> + +

Cancel my account

+ +

Unhappy? <%= link_to "Cancel my account", registration_path(resource_name), data: { confirm: "Are you sure?" }, method: :delete %>

+ +<%= link_to "Back", :back %> diff --git a/app/views/devise/registrations/new.html.erb b/app/views/devise/registrations/new.html.erb new file mode 100644 index 0000000..55a4fde --- /dev/null +++ b/app/views/devise/registrations/new.html.erb @@ -0,0 +1,21 @@ +
+

Sign up

+ +
+ <%= simple_form_for(resource, as: resource_name, url: registration_path(resource_name)) do |f| %> + <%= f.error_notification %> + +
+ <%= f.input :email, required: true, autofocus: true %> +
+ +
+ <%= invisible_recaptcha_tags text: 'Sign Up', class: 'btn btn-default' %> +
+ <% end %> +
+ +
+ <%= render "devise/shared/links" %> +
+
diff --git a/app/views/devise/sessions/new.html.erb b/app/views/devise/sessions/new.html.erb new file mode 100644 index 0000000..5868952 --- /dev/null +++ b/app/views/devise/sessions/new.html.erb @@ -0,0 +1,22 @@ +
+

Log in

+ +
+ <%= simple_form_for(resource, as: resource_name, url: session_path(resource_name)) do |f| %> +
+ <%= f.input :email, required: false, autofocus: true %> + <%= f.input :password, required: false %> + <%= f.input :otp_attempt, required: false, label: "2FA (for configured accounts)" %> + <%= f.input :remember_me, as: :boolean if devise_mapping.rememberable? %> +
+ +
+ <%= f.button :submit, "Log in" %> +
+ <% end %> +
+ +
+ <%= render "devise/shared/links" %> +
+
diff --git a/app/views/devise/shared/_links.html.erb b/app/views/devise/shared/_links.html.erb new file mode 100644 index 0000000..e6a3e41 --- /dev/null +++ b/app/views/devise/shared/_links.html.erb @@ -0,0 +1,25 @@ +<%- if controller_name != 'sessions' %> + <%= link_to "Log in", new_session_path(resource_name) %>
+<% end -%> + +<%- if devise_mapping.registerable? && controller_name != 'registrations' %> + <%= link_to "Sign up", new_registration_path(resource_name) %>
+<% end -%> + +<%- if devise_mapping.recoverable? && controller_name != 'passwords' && controller_name != 'registrations' %> + <%= link_to "Forgot your password?", new_password_path(resource_name) %>
+<% end -%> + +<%- if devise_mapping.confirmable? && controller_name != 'confirmations' %> + <%= link_to "Didn't receive confirmation instructions?", new_confirmation_path(resource_name) %>
+<% end -%> + +<%- if devise_mapping.lockable? && resource_class.unlock_strategy_enabled?(:email) && controller_name != 'unlocks' %> + <%= link_to "Didn't receive unlock instructions?", new_unlock_path(resource_name) %>
+<% end -%> + +<%- if devise_mapping.omniauthable? %> + <%- resource_class.omniauth_providers.each do |provider| %> + <%= link_to "Sign in with #{OmniAuth::Utils.camelize(provider)}", omniauth_authorize_path(resource_name, provider) %>
+ <% end -%> +<% end -%> diff --git a/app/views/devise/unlocks/new.html.erb b/app/views/devise/unlocks/new.html.erb new file mode 100644 index 0000000..788f62e --- /dev/null +++ b/app/views/devise/unlocks/new.html.erb @@ -0,0 +1,16 @@ +

Resend unlock instructions

+ +<%= simple_form_for(resource, as: resource_name, url: unlock_path(resource_name), html: { method: :post }) do |f| %> + <%= f.error_notification %> + <%= f.full_error :unlock_token %> + +
+ <%= f.input :email, required: true, autofocus: true %> +
+ +
+ <%= f.button :submit, "Resend unlock instructions" %> +
+<% end %> + +<%= render "devise/shared/links" %> diff --git a/app/views/email_template/edit.html.erb b/app/views/email_template/edit.html.erb new file mode 100644 index 0000000..8332893 --- /dev/null +++ b/app/views/email_template/edit.html.erb @@ -0,0 +1,26 @@ +
+
+

Email Template

+ + + + <%= simple_form_for(@settings, url: email_template_path, html: { class:"top-buffer" }) do |f| %> +
+ <%= f.input :send_secret_email_template, label: false, as: :trix_editor %> +
+ +
+ <%= f.button :submit, value: t('buttons.update') %> +
+ <% end %> +
+
diff --git a/app/views/layouts/application.html.erb b/app/views/layouts/application.html.erb index b75556c..195a670 100644 --- a/app/views/layouts/application.html.erb +++ b/app/views/layouts/application.html.erb @@ -6,7 +6,7 @@ <%= stylesheet_link_tag 'application', media: 'all', 'data-turbolinks-track' => true %> <%= csrf_meta_tags %> - + diff --git a/app/views/layouts/devise.html.erb b/app/views/layouts/devise.html.erb new file mode 100644 index 0000000..f656730 --- /dev/null +++ b/app/views/layouts/devise.html.erb @@ -0,0 +1,25 @@ + + + + SecretLink.org + + + <%= stylesheet_link_tag 'application', media: 'all', 'data-turbolinks-track' => true %> + <%= csrf_meta_tags %> + + + + + <%= render partial: 'shared/header' %> + <%= render partial: 'shared/flash_messages' %> +
+
+
+ <%= yield %> +
+
+
+ <%= render partial: 'shared/footer' %> + <%= javascript_include_tag 'application', 'data-turbolinks-track' => true %> + + diff --git a/app/views/layouts/settings.html.erb b/app/views/layouts/settings.html.erb new file mode 100644 index 0000000..30211b0 --- /dev/null +++ b/app/views/layouts/settings.html.erb @@ -0,0 +1,40 @@ + + + + SecretLink.org + + + + <%= stylesheet_link_tag 'application', media: 'all', 'data-turbolinks-track' => true %> + <%= csrf_meta_tags %> + + + + <%= render partial: 'shared/header' %> + <%= render partial: 'shared/flash_messages' %> +
+
+
+

Account Settings

+
    +
  • + <%= link_to 'Two Factor Auth (2FA)', edit_two_factor_auth_path %> +
    • +
  • + <%= link_to 'Email Template', edit_email_template_path %> +
    • +
  • + <%= link_to 'Subscription', new_subscription_path %> +
    • +
+
+
+ <%= yield %> +
+
+
+ + <%= render partial: 'shared/footer' %> + <%= javascript_include_tag 'application', 'data-turbolinks-track' => true %> + + diff --git a/app/views/auth_tokens/new.html.erb b/app/views/pages/home.html.erb similarity index 93% rename from app/views/auth_tokens/new.html.erb rename to app/views/pages/home.html.erb index 4ed8a2f..13f99c6 100644 --- a/app/views/auth_tokens/new.html.erb +++ b/app/views/pages/home.html.erb @@ -1,12 +1,15 @@

Share secrets such as passwords, API keys, and SSL certificates simply and securely.

- <%= simple_form_for :auth_token, url: auth_tokens_url, html: { class: '' } do |f| %> -

Share a secret now...

- <%= f.input :email, label: false, placeholder: 'To send a secret, enter your email address...', input_html: { class: 'form-control center-block' } %> - <%= invisible_recaptcha_tags text: 'Send SecretLink.org Token', class: 'button white' %> - <%= link_to "Send using Google", '/auth/google_oauth2', id: 'oauth-google', class: "google-link" %> - <% end %> + <% unless user_signed_in? %> + <%= simple_form_for(@user, url: registration_path(@user)) do |f| %> +

Share a secret now...

+ <%= f.input :email, required: true, label: false, placeholder: 'Enter your email address', input_html: { class: 'form-control center-block' } %> + <%= invisible_recaptcha_tags text: 'Register', class: 'button white' %> + + <%= link_to "Register with a Google Account", '/auth/google_oauth2', id: 'oauth-google', class: "google-link" %> + <% end %> + <% end %>
diff --git a/app/views/secret_mailer/secret_notification.html.erb b/app/views/secret_mailer/secret_notification.html.erb index c7a98b5..f1c096b 100644 --- a/app/views/secret_mailer/secret_notification.html.erb +++ b/app/views/secret_mailer/secret_notification.html.erb @@ -3,7 +3,7 @@

- <%= @secret.from_email %> has shared a secret with you via <%= link_to("SecretLink.org", "https://SecretLink.org") %>.
+ <%= sanitize @editable_content %>

<% if @secret.title.present? %> @@ -39,4 +39,3 @@

Thank you for using <%= link_to("SecretLink.org", "https://SecretLink.org") %>!

- diff --git a/app/views/secret_mailer/secret_notification.text.erb b/app/views/secret_mailer/secret_notification.text.erb index e1dfe98..e0d38e0 100644 --- a/app/views/secret_mailer/secret_notification.text.erb +++ b/app/views/secret_mailer/secret_notification.text.erb @@ -1,7 +1,7 @@ Hello <%= @secret.to_email %> -<%= @secret.from_email %> has shared a secret with you via SecretLink.org. +<%= HTMLToTextParser.new(sanitize(@editable_content)).run %> <% if @secret.title.present? %> Title: <%= @secret.title %> diff --git a/app/views/secret_mailer/secret_notification_editable.html.erb b/app/views/secret_mailer/secret_notification_editable.html.erb new file mode 100644 index 0000000..ed58794 --- /dev/null +++ b/app/views/secret_mailer/secret_notification_editable.html.erb @@ -0,0 +1 @@ +<%= @secret.from_email %> has shared a secret with you via <%= link_to("SecretLink.org", "https://SecretLink.org") %>. diff --git a/app/views/secrets/copy.html.erb b/app/views/secrets/copy.html.erb new file mode 100644 index 0000000..8215ea1 --- /dev/null +++ b/app/views/secrets/copy.html.erb @@ -0,0 +1,11 @@ +
+
+

Copy Link

+
+
+ 
<%= secret_url(@data[:uuid], key: @data[:key]) %>
+
+ Make sure you copied the link before hitting the close button. You cannot go back to this page. +
+
+
diff --git a/app/views/secrets/new.html.erb b/app/views/secrets/new.html.erb index 430010f..f11247e 100644 --- a/app/views/secrets/new.html.erb +++ b/app/views/secrets/new.html.erb @@ -3,9 +3,12 @@
- <%= simple_form_for @secret, url: secrets_url, wrapper: 'horizontal_form', html: {class: 'form-horizontal secret__form'} do |f| %> + <%= simple_form_for @secret, url: secrets_url, wrapper: 'horizontal_form', html: {class: 'form-horizontal secret__form js-new-secret-form'} do |f| %>
<%= f.input :title, input_html: { class: 'form-control' } %> +
+ <%= f.input :no_email, label: "Copy the link (don't send email)", input_html: { class: 'no-email-toggle' } %> +
<%= f.input :from_email, label: "Sender:", input_html: { disabled: true, placeholder: from_email_placeholder, class: 'form-control' } %> <%= f.input :to_email, label: "Recipient:", input_html: { placeholder: to_email_placeholder, class: 'form-control' } %> <%= f.input :secret, as: :text, input_html: { class: 'form-control' } %> @@ -28,4 +31,4 @@
-
\ No newline at end of file + diff --git a/app/views/secrets/show.html.erb b/app/views/secrets/show.html.erb index df6302f..ebca175 100644 --- a/app/views/secrets/show.html.erb +++ b/app/views/secrets/show.html.erb @@ -43,7 +43,13 @@ <% end %> <% end %>

- +
+ <% unless current_user.present? %> +
+ Start sending your secret. + <%= link_to 'Register Here', new_user_registration_path %> +
+ <% end %> diff --git a/app/views/shared/_flash_messages.html.erb b/app/views/shared/_flash_messages.html.erb index 51487aa..7fb9e9f 100644 --- a/app/views/shared/_flash_messages.html.erb +++ b/app/views/shared/_flash_messages.html.erb @@ -1,15 +1,10 @@ -<% if flash[:error] %> -
- <%= flash[:error] %> -
-<% end %> -<% if flash[:message] %> +<% flash.each do |type, message| %>
-
-<% end %> \ No newline at end of file +<% end %> diff --git a/app/views/shared/_footer.html.erb b/app/views/shared/_footer.html.erb index 491c0d2..3e28997 100644 --- a/app/views/shared/_footer.html.erb +++ b/app/views/shared/_footer.html.erb @@ -5,9 +5,9 @@

  • SecretLink.org
    • -
  • How it works
    • -
  • FAQ
    • -
  • About
    • +
  • <%= link_to "How it works", home_path(anchor: "homepage-steps") %>
    • +
  • <%= link_to "FAQ", home_path(anchor: "homepage-faq") %>
    • +
  • <%= link_to "About", home_path(anchor: "homepage-about") %>
  • Copyright
  • Privacy Policy
  • Terms & Conditions
    • diff --git a/app/views/shared/_header.html.erb b/app/views/shared/_header.html.erb index 8dbdfba..e78bc3d 100644 --- a/app/views/shared/_header.html.erb +++ b/app/views/shared/_header.html.erb @@ -1,8 +1,23 @@
    SecretLink.org
      -
    • How it works
      • -
    • FAQ
      • -
    • About
      • +
    • <%= link_to "How it works", home_path(anchor: "homepage-steps") %>
      • +
    • <%= link_to "FAQ", home_path(anchor: "homepage-faq") %>
      • +
    • <%= link_to "About", home_path(anchor: "homepage-about") %>
      • + <% if user_signed_in? %> +
    • + +
        +
      • <%= link_to 'Dashboard', dashboard_path %>
        • +
      • <%= link_to 'Settings', edit_two_factor_auth_path %>
        • + +
      • <%= link_to 'Logout', destroy_user_session_path, method: :delete %>
        • +
      +
      • + <% else %> +
    • <%= link_to('Login', new_user_session_path) %>
      • + <% end %>
    diff --git a/app/views/shared/_stripe_form.html.erb b/app/views/shared/_stripe_form.html.erb new file mode 100644 index 0000000..68f6a04 --- /dev/null +++ b/app/views/shared/_stripe_form.html.erb @@ -0,0 +1,25 @@ +<% + charge_path + key = local_assigns.fetch :key, Rails.configuration.topsekrit_stripe_publishable_key +%> + +<%= simple_form_for(:subscription, url: charge_path, + html: { class: "js-stripe-form", id: "payment-form", data: {key: key} }) do |form| %> + +
    + +
    + +
    + + + +
    + +
    + /> +
    + +<% end %> diff --git a/app/views/shared/_two_factor_fields.html.erb b/app/views/shared/_two_factor_fields.html.erb new file mode 100644 index 0000000..f857aa6 --- /dev/null +++ b/app/views/shared/_two_factor_fields.html.erb @@ -0,0 +1,39 @@ +
    +
    + <%= f.hidden_field(:otp_secret) %> + <%= f.input :otp_required_for_login, label: 'Enable two factor authentication', input_html: { class: 'otp-required-for-login' } %> +
    + +
    +
    + <% if resource.otp_required_for_login %> + <%# User is already enrolled for 2fa. %> +

    Use the form below to connect a new device (this will disconnect your previous device).

    + <% else %> + <%# User is not enrolled for 2fa; show them how to get set up %> +

    Install a two-factor app, such as Google Authenticator, on your smartphone.

    + + <% end %> +
    + +
    + + +
    + +
    + + <%= f.input :otp_attempt, label: false, value: '', autocomplete: 'off' %> +
    +
    +
    diff --git a/app/views/subscriptions/new.html.erb b/app/views/subscriptions/new.html.erb new file mode 100644 index 0000000..3fc31fb --- /dev/null +++ b/app/views/subscriptions/new.html.erb @@ -0,0 +1 @@ + <%= render "shared/stripe_form", charge_path: subscriptions_path %> diff --git a/app/views/two_factor_auth/edit.html.erb b/app/views/two_factor_auth/edit.html.erb new file mode 100644 index 0000000..7579fb1 --- /dev/null +++ b/app/views/two_factor_auth/edit.html.erb @@ -0,0 +1,22 @@ +
    +
    +

    Two Factor Auth (2FA)

    + + <%= simple_form_for(@tfa_service.user, url: two_factor_auth_path) do |f| %> + <%= render partial: 'shared/two_factor_fields', locals: { + f: f, + resource: @tfa_service.user, + otp_provisioning_uri: @otp_provisioning_uri + } %> + +
    + + <%= f.input :current_password, label: false, input_html: { autocomplete: "off" } %> +
    + +
    + <%= f.button :submit, name: :two_factor, value: 'Save Settings', class: 'btn-enable-2fa' %> +
    + <% end %> +
    +
    diff --git a/app/views/user_setups/edit.html.erb b/app/views/user_setups/edit.html.erb new file mode 100644 index 0000000..6018f94 --- /dev/null +++ b/app/views/user_setups/edit.html.erb @@ -0,0 +1,27 @@ +
    +
    +
    +

    Setup login credentials

    + + <%= simple_form_for(@tfa_service.user, url: user_setup_path(reset_password_token: @original_token), html: { method: :put }) do |f| %> + <%= f.error_notification %> + + <%= f.input :reset_password_token, as: :hidden, input_html: { value: @original_token }%> + <%= f.full_error :reset_password_token %> + + <%= f.input :password, label: "New password", required: true, autofocus: true, hint: ("#{@minimum_password_length} characters minimum" if @minimum_password_length) %> + <%= f.input :password_confirmation, label: "Confirm your new password", required: true %> + + <%= render partial: 'shared/two_factor_fields', locals: { + f: f, + resource: @tfa_service.user, + otp_provisioning_uri: @otp_provisioning_uri + } %> + +
    + <%= f.button :submit, "Save" %> +
    + <% end %> +
    +
    +
    diff --git a/config/application.rb b/config/application.rb index 8b90522..9873142 100644 --- a/config/application.rb +++ b/config/application.rb @@ -9,6 +9,8 @@ module Topsekrit class Application < Rails::Application + config.autoload_paths << Rails.root.join('lib') + config.skylight.environments += ['staging'] config.skylight.alert_log_file = true diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb new file mode 100644 index 0000000..27ae7a6 --- /dev/null +++ b/config/initializers/devise.rb @@ -0,0 +1,283 @@ +# frozen_string_literal: true + +# Use this hook to configure devise mailer, warden hooks and so forth. +# Many of these configuration options can be set straight in your model. +Devise.setup do |config| + config.warden do |manager| + manager.default_strategies(:scope => :user).unshift :two_factor_authenticatable + end + + # The secret key used by Devise. Devise uses this key to generate + # random tokens. Changing this key will render invalid all existing + # confirmation, reset password and unlock tokens in the database. + # Devise will use the `secret_key_base` as its `secret_key` + # by default. You can change it below and use your own secret key. + # config.secret_key = '00f45515be77f3097584762be03209d6e585bf0c7f7ce5b0b9239a494f5b335d276a87816dcaaf62bd1ffa6d147879e8579dfd6a4ff1e6ab0effa8f31f1efd12' + + # ==> Mailer Configuration + # Configure the e-mail address which will be shown in Devise::Mailer, + # note that it will be overwritten if you use your own mailer class + # with default "from" parameter. + config.mailer_sender = 'hi@secretlink.org' + + # Configure the class responsible to send e-mails. + # config.mailer = 'Devise::Mailer' + + # Configure the parent class responsible to send e-mails. + # config.parent_mailer = 'ActionMailer::Base' + + # ==> ORM configuration + # Load and configure the ORM. Supports :active_record (default) and + # :mongoid (bson_ext recommended) by default. Other ORMs may be + # available as additional gems. + require 'devise/orm/active_record' + + # ==> Configuration for any authentication mechanism + # Configure which keys are used when authenticating a user. The default is + # just :email. You can configure it to use [:username, :subdomain], so for + # authenticating a user, both parameters are required. Remember that those + # parameters are used only when authenticating and not when retrieving from + # session. If you need permissions, you should implement that in a before filter. + # You can also supply a hash where the value is a boolean determining whether + # or not authentication should be aborted when the value is not present. + # config.authentication_keys = [:email] + + # Configure parameters from the request object used for authentication. Each entry + # given should be a request method and it will automatically be passed to the + # find_for_authentication method and considered in your model lookup. For instance, + # if you set :request_keys to [:subdomain], :subdomain will be used on authentication. + # The same considerations mentioned for authentication_keys also apply to request_keys. + # config.request_keys = [] + + # Configure which authentication keys should be case-insensitive. + # These keys will be downcased upon creating or modifying a user and when used + # to authenticate or find a user. Default is :email. + config.case_insensitive_keys = [:email] + + # Configure which authentication keys should have whitespace stripped. + # These keys will have whitespace before and after removed upon creating or + # modifying a user and when used to authenticate or find a user. Default is :email. + config.strip_whitespace_keys = [:email] + + # Tell if authentication through request.params is enabled. True by default. + # It can be set to an array that will enable params authentication only for the + # given strategies, for example, `config.params_authenticatable = [:database]` will + # enable it only for database (email + password) authentication. + # config.params_authenticatable = true + + # Tell if authentication through HTTP Auth is enabled. False by default. + # It can be set to an array that will enable http authentication only for the + # given strategies, for example, `config.http_authenticatable = [:database]` will + # enable it only for database authentication. The supported strategies are: + # :database = Support basic authentication with authentication key + password + # config.http_authenticatable = false + + # If 401 status code should be returned for AJAX requests. True by default. + # config.http_authenticatable_on_xhr = true + + # The realm used in Http Basic Authentication. 'Application' by default. + # config.http_authentication_realm = 'Application' + + # It will change confirmation, password recovery and other workflows + # to behave the same regardless if the e-mail provided was right or wrong. + # Does not affect registerable. + # config.paranoid = true + + # By default Devise will store the user in session. You can skip storage for + # particular strategies by setting this option. + # Notice that if you are skipping storage for all authentication paths, you + # may want to disable generating routes to Devise's sessions controller by + # passing skip: :sessions to `devise_for` in your config/routes.rb + config.skip_session_storage = [:http_auth] + + # By default, Devise cleans up the CSRF token on authentication to + # avoid CSRF token fixation attacks. This means that, when using AJAX + # requests for sign in and sign up, you need to get a new CSRF token + # from the server. You can disable this option at your own risk. + # config.clean_up_csrf_token_on_authentication = true + + # When false, Devise will not attempt to reload routes on eager load. + # This can reduce the time taken to boot the app but if your application + # requires the Devise mappings to be loaded during boot time the application + # won't boot properly. + # config.reload_routes = true + + # ==> Configuration for :database_authenticatable + # For bcrypt, this is the cost for hashing the password and defaults to 11. If + # using other algorithms, it sets how many times you want the password to be hashed. + # + # Limiting the stretches to just one in testing will increase the performance of + # your test suite dramatically. However, it is STRONGLY RECOMMENDED to not use + # a value less than 10 in other environments. Note that, for bcrypt (the default + # algorithm), the cost increases exponentially with the number of stretches (e.g. + # a value of 20 is already extremely slow: approx. 60 seconds for 1 calculation). + config.stretches = Rails.env.test? ? 1 : 11 + + # Set up a pepper to generate the hashed password. + # config.pepper = 'b916c16973a45d824cf0f9d2e2020377193d88e11cf47b419fa1a4d47e4ea0c7d088809b06362357dc2aa1ce3d47c3331c6fecdd42eab158ac917a766f328a37' + + # Send a notification to the original email when the user's email is changed. + # config.send_email_changed_notification = false + + # Send a notification email when the user's password is changed. + # config.send_password_change_notification = false + + # ==> Configuration for :confirmable + # A period that the user is allowed to access the website even without + # confirming their account. For instance, if set to 2.days, the user will be + # able to access the website for two days without confirming their account, + # access will be blocked just in the third day. Default is 0.days, meaning + # the user cannot access the website without confirming their account. + # config.allow_unconfirmed_access_for = 2.days + + # A period that the user is allowed to confirm their account before their + # token becomes invalid. For example, if set to 3.days, the user can confirm + # their account within 3 days after the mail was sent, but on the fourth day + # their account can't be confirmed with the token any more. + # Default is nil, meaning there is no restriction on how long a user can take + # before confirming their account. + # config.confirm_within = 3.days + + # If true, requires any email changes to be confirmed (exactly the same way as + # initial account confirmation) to be applied. Requires additional unconfirmed_email + # db field (see migrations). Until confirmed, new email is stored in + # unconfirmed_email column, and copied to email column on successful confirmation. + config.reconfirmable = true + + # Defines which key will be used when confirming an account + # config.confirmation_keys = [:email] + + # ==> Configuration for :rememberable + # The time the user will be remembered without asking for credentials again. + # config.remember_for = 2.weeks + + # Invalidates all the remember me tokens when the user signs out. + config.expire_all_remember_me_on_sign_out = true + + # If true, extends the user's remember period when remembered via cookie. + # config.extend_remember_period = false + + # Options to be passed to the created cookie. For instance, you can set + # secure: true in order to force SSL only cookies. + # config.rememberable_options = {} + + # ==> Configuration for :validatable + # Range for password length. + config.password_length = 6..128 + + # Email regex used to validate email formats. It simply asserts that + # one (and only one) @ exists in the given string. This is mainly + # to give user feedback and not to assert the e-mail validity. + config.email_regexp = /\A[^@\s]+@[^@\s]+\z/ + + # ==> Configuration for :timeoutable + # The time you want to timeout the user session without activity. After this + # time the user will be asked for credentials again. Default is 30 minutes. + # config.timeout_in = 30.minutes + + # ==> Configuration for :lockable + # Defines which strategy will be used to lock an account. + # :failed_attempts = Locks an account after a number of failed attempts to sign in. + # :none = No lock strategy. You should handle locking by yourself. + # config.lock_strategy = :failed_attempts + + # Defines which key will be used when locking and unlocking an account + # config.unlock_keys = [:email] + + # Defines which strategy will be used to unlock an account. + # :email = Sends an unlock link to the user email + # :time = Re-enables login after a certain amount of time (see :unlock_in below) + # :both = Enables both strategies + # :none = No unlock strategy. You should handle unlocking by yourself. + # config.unlock_strategy = :both + + # Number of authentication tries before locking an account if lock_strategy + # is failed attempts. + # config.maximum_attempts = 20 + + # Time interval to unlock the account if :time is enabled as unlock_strategy. + # config.unlock_in = 1.hour + + # Warn on the last attempt before the account is locked. + # config.last_attempt_warning = true + + # ==> Configuration for :recoverable + # + # Defines which key will be used when recovering the password for an account + # config.reset_password_keys = [:email] + + # Time interval you can reset your password with a reset password key. + # Don't put a too small interval or your users won't have the time to + # change their passwords. + config.reset_password_within = 6.hours + + # When set to false, does not sign a user in automatically after their password is + # reset. Defaults to true, so a user is signed in automatically after a reset. + # config.sign_in_after_reset_password = true + + # ==> Configuration for :encryptable + # Allow you to use another hashing or encryption algorithm besides bcrypt (default). + # You can use :sha1, :sha512 or algorithms from others authentication tools as + # :clearance_sha1, :authlogic_sha512 (then you should set stretches above to 20 + # for default behavior) and :restful_authentication_sha1 (then you should set + # stretches to 10, and copy REST_AUTH_SITE_KEY to pepper). + # + # Require the `devise-encryptable` gem when using anything other than bcrypt + # config.encryptor = :sha512 + + # ==> Scopes configuration + # Turn scoped views on. Before rendering "sessions/new", it will first check for + # "users/sessions/new". It's turned off by default because it's slower if you + # are using only default views. + # config.scoped_views = false + + # Configure the default scope given to Warden. By default it's the first + # devise role declared in your routes (usually :user). + # config.default_scope = :user + + # Set this configuration to false if you want /users/sign_out to sign out + # only the current scope. By default, Devise signs out all scopes. + # config.sign_out_all_scopes = true + + # ==> Navigation configuration + # Lists the formats that should be treated as navigational. Formats like + # :html, should redirect to the sign in page when the user does not have + # access, but formats like :xml or :json, should return 401. + # + # If you have any extra navigational formats, like :iphone or :mobile, you + # should add them to the navigational formats lists. + # + # The "*/*" below is required to match Internet Explorer requests. + # config.navigational_formats = ['*/*', :html] + + # The default HTTP method used to sign out a resource. Default is :delete. + config.sign_out_via = :delete + + # ==> OmniAuth + # Add a new OmniAuth provider. Check the wiki for more information on setting + # up on your models and hooks. + # config.omniauth :github, 'APP_ID', 'APP_SECRET', scope: 'user,public_repo' + + # ==> Warden configuration + # If you want to use other strategies, that are not supported by Devise, or + # change the failure app, you can configure them inside the config.warden block. + # + # config.warden do |manager| + # manager.intercept_401 = false + # manager.default_strategies(scope: :user).unshift :some_external_strategy + # end + + # ==> Mountable engine configurations + # When using Devise inside an engine, let's call it `MyEngine`, and this engine + # is mountable, there are some extra configurations to be taken into account. + # The following options are available, assuming the engine is mounted as: + # + # mount MyEngine, at: '/my_engine' + # + # The router that invoked `devise_for`, in the example above, would be: + # config.router_name = :my_engine + # + # When using OmniAuth, Devise cannot automatically set OmniAuth path, + # so you need to do it manually. For the users scope, it would be: + # config.omniauth_path_prefix = '/my_engine/users/auth' +end diff --git a/config/initializers/filter_parameter_logging.rb b/config/initializers/filter_parameter_logging.rb index 4a994e1..edc6623 100644 --- a/config/initializers/filter_parameter_logging.rb +++ b/config/initializers/filter_parameter_logging.rb @@ -1,4 +1,4 @@ # Be sure to restart your server when you modify this file. # Configure sensitive parameters which will be filtered from the log file. -Rails.application.config.filter_parameters += [:password] +Rails.application.config.filter_parameters += [:password, :otp_attempt] diff --git a/config/initializers/omniauth.rb b/config/initializers/omniauth.rb index a82ff6e..1ce0c04 100644 --- a/config/initializers/omniauth.rb +++ b/config/initializers/omniauth.rb @@ -5,6 +5,9 @@ Rails.application.config.middleware.use OmniAuth::Builder do provider :google_oauth2, Rails.configuration.topsekrit_google_oauth_client_id, - Rails.configuration.topsekrit_google_oauth_client_secret + Rails.configuration.topsekrit_google_oauth_client_secret, + { + redirect_uri: URI::join(Rails.configuration.topsekrit_base_url, + Rails.configuration.topsekrit_google_oauth_callback_path).to_s + } end - diff --git a/config/initializers/stripe.rb b/config/initializers/stripe.rb new file mode 100644 index 0000000..54bae66 --- /dev/null +++ b/config/initializers/stripe.rb @@ -0,0 +1,5 @@ +require "stripe" + +Rails.application.config.after_initialize do + Stripe.api_key = Rails.configuration.topsekrit_stripe_secret_key +end diff --git a/config/initializers/topsekrit.rb b/config/initializers/topsekrit.rb index 0ea6990..397d64e 100644 --- a/config/initializers/topsekrit.rb +++ b/config/initializers/topsekrit.rb @@ -33,4 +33,13 @@ # Base URL for the running site. For the production site at https://SecretLink.org/ the # Base URL would be: https://SecretLink.org/, for development this might be http://lvh.me:3000/ Rails.configuration.topsekrit_base_url = ENV['BASE_URL'] + + # 2FA Encryption key used by devise-two-factor gem + # https://github.com/tinfoil/devise-two-factor + Rails.configuration.topsekrit_2fa_key = ENV['2FA_KEY'] + + # Stripe keys + Rails.configuration.topsekrit_stripe_publishable_key = ENV['STRIPE_PUBLISHABLE_KEY'] + Rails.configuration.topsekrit_stripe_secret_key = ENV['STRIPE_SECRET_KEY'] + Rails.configuration.topsekrit_stripe_subscription_plan_id = ENV['STRIPE_SUBSCRIPTION_PLAN_ID'] end diff --git a/config/locales/devise.en.yml b/config/locales/devise.en.yml new file mode 100644 index 0000000..917156e --- /dev/null +++ b/config/locales/devise.en.yml @@ -0,0 +1,65 @@ +# Additional translations at https://github.com/plataformatec/devise/wiki/I18n + +en: + devise: + confirmations: + confirmed: "Your email address has been successfully confirmed." + send_instructions: "You will receive an email with instructions for how to confirm your email address in a few minutes." + send_paranoid_instructions: "If your email address exists in our database, you will receive an email with instructions for how to confirm your email address in a few minutes." + failure: + already_authenticated: "You are already signed in." + inactive: "Your account is not activated yet." + invalid: "Invalid %{authentication_keys} or password." + locked: "Your account is locked." + last_attempt: "You have one more attempt before your account is locked." + not_found_in_database: "Invalid %{authentication_keys} or password." + timeout: "Your session expired. Please sign in again to continue." + unauthenticated: "You need to sign in or sign up before continuing." + unconfirmed: "You have to confirm your email address before continuing." + mailer: + confirmation_instructions: + subject: "Confirmation instructions" + reset_password_instructions: + subject: "Reset password instructions" + unlock_instructions: + subject: "Unlock instructions" + email_changed: + subject: "Email Changed" + password_change: + subject: "Password Changed" + omniauth_callbacks: + failure: "Could not authenticate you from %{kind} because \"%{reason}\"." + success: "Successfully authenticated from %{kind} account." + passwords: + no_token: "You can't access this page without coming from a password reset email. If you do come from a password reset email, please make sure you used the full URL provided." + send_instructions: "You will receive an email with instructions on how to reset your password in a few minutes." + send_paranoid_instructions: "If your email address exists in our database, you will receive a password recovery link at your email address in a few minutes." + updated: "Your password has been changed successfully. You are now signed in." + updated_not_active: "Your password has been changed successfully." + registrations: + destroyed: "Bye! Your account has been successfully cancelled. We hope to see you again soon." + signed_up: "Welcome! You have signed up successfully." + signed_up_but_inactive: "You have signed up successfully. However, we could not sign you in because your account is not yet activated." + signed_up_but_locked: "You have signed up successfully. However, we could not sign you in because your account is locked." + signed_up_but_unconfirmed: "A message with a confirmation link has been sent to your email address. Please follow the link to activate your account." + signed_up_confirmed_without_password: "You appear to have registered with us but failed to set your password. We will email you a password reset link shortly." + update_needs_confirmation: "You updated your account successfully, but we need to verify your new email address. Please check your email and follow the confirm link to confirm your new email address." + updated: "Your account has been updated successfully." + sessions: + signed_in: "Signed in successfully." + signed_out: "Signed out successfully." + already_signed_out: "Signed out successfully." + unlocks: + send_instructions: "You will receive an email with instructions for how to unlock your account in a few minutes." + send_paranoid_instructions: "If your account exists, you will receive an email with instructions for how to unlock it in a few minutes." + unlocked: "Your account has been unlocked successfully. Please sign in to continue." + errors: + messages: + already_confirmed: "was already confirmed, please try signing in" + confirmation_period_expired: "needs to be confirmed within %{period}, please request a new one" + expired: "has expired, please request a new one" + not_found: "not found" + not_locked: "was not locked" + not_saved: + one: "1 error prohibited this %{resource} from being saved:" + other: "%{count} errors prohibited this %{resource} from being saved:" diff --git a/config/locales/en.yml b/config/locales/en.yml index 0653957..cee175c 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -20,4 +20,29 @@ # available at http://guides.rubyonrails.org/i18n.html. en: - hello: "Hello world" + welcome: "Welcome! Start sending your first secret." + oauth: + already_registered: 'You are already registered with this account. Please login instead.' + failed: 'Authentication failed' + field_errors: + unauthorised: 'is unauthorised' + two_factor: + update_success: 'Two-factor authentication %{verb}.' + update_failed: 'Failed to update two-factor authentication. Please see errors below.' + secrets: + create: + success: + with_email: 'The secret has been encrypted and an email sent to the recipient, feel free to send another secret!' + without_email: 'The secret has been encrypted. Send the link below safely.' + extended_expiry: 'Extended %{title} expiry for 1 week' + expired_error: 'Sorry, this secret has expired, please contact %{from_email} to extend it for you.' + email_template: + update: + success: 'Successfully updated email template.' + buttons: + update: 'Update' + date: + formats: + dashboard_time: "%m/%d/%y, %l.%M%P" + buttons: + purchase: 'Purchase' diff --git a/config/routes.rb b/config/routes.rb index 1bbef90..f3da755 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -1,7 +1,25 @@ Rails.application.routes.draw do - resources :auth_tokens, only: [:show, :new, :create] - resources :secrets, only: [:show, :new, :create, :edit, :update] + devise_for :users, controllers: { + registrations: 'users/registrations', + confirmations: 'users/confirmations', + passwords: 'users/passwords' + } + + get '/', to: 'dashboard#index', as: 'admin_root', constraints: lambda { |request| + request.env['warden'].user.present? + } + + get '/', to: 'pages#home', as: 'root' + + resource :two_factor_auth, only: [:edit, :update], controller: 'two_factor_auth' + resource :email_template, only: [:edit, :update], controller: 'email_template' + resource :user_setup, only: [:edit, :update] + resources :secrets, only: [:show, :new, :create, :edit, :update] do + collection { get :copy } + end resources :decrypted_secrets, only: :create + resources :extended_secrets, only: :update + resources :subscriptions, only: [:new, :create] post '/decrypt_secret', to: 'decrypted_secrets#create' @@ -9,10 +27,10 @@ get '/auth/failure', to: 'oauth_callbacks#auth_failure' - get '/auth/new', to: 'auth_tokens#new' - root 'auth_tokens#new' - + get '/home', to: 'pages#home' get '/copyright', to: 'pages#copyright' get '/privacy_policy', to: 'pages#privacy_policy' get '/terms_and_conditions', to: 'pages#terms_and_conditions' + + get 'dashboard' , to: 'dashboard#index' end diff --git a/db/data/subscription_plans.yml b/db/data/subscription_plans.yml new file mode 100644 index 0000000..c502cc5 --- /dev/null +++ b/db/data/subscription_plans.yml @@ -0,0 +1,7 @@ +--- + default_monthly: + code: 'default_monthly' + name: 'Monthly' + price: 195 + description: '' + stripe_id: 'plan_FRFnBoiKEQVXpE' diff --git a/db/migrate/20190611063450_devise_create_users.rb b/db/migrate/20190611063450_devise_create_users.rb new file mode 100644 index 0000000..2f735e1 --- /dev/null +++ b/db/migrate/20190611063450_devise_create_users.rb @@ -0,0 +1,44 @@ +# frozen_string_literal: true + +class DeviseCreateUsers < ActiveRecord::Migration + def change + create_table :users do |t| + ## Database authenticatable + t.string :email, null: false, default: "" + t.string :encrypted_password, null: false, default: "" + + ## Recoverable + t.string :reset_password_token + t.datetime :reset_password_sent_at + + ## Rememberable + t.datetime :remember_created_at + + ## Trackable + t.integer :sign_in_count, default: 0, null: false + t.datetime :current_sign_in_at + t.datetime :last_sign_in_at + t.inet :current_sign_in_ip + t.inet :last_sign_in_ip + + ## Confirmable + t.string :confirmation_token + t.datetime :confirmed_at + t.datetime :confirmation_sent_at + t.string :unconfirmed_email # Only if using reconfirmable + + ## Lockable + # t.integer :failed_attempts, default: 0, null: false # Only if lock strategy is :failed_attempts + # t.string :unlock_token # Only if unlock strategy is :email or :both + # t.datetime :locked_at + + + t.timestamps null: false + end + + add_index :users, :email, unique: true + add_index :users, :reset_password_token, unique: true + add_index :users, :confirmation_token, unique: true + # add_index :users, :unlock_token, unique: true + end +end diff --git a/db/migrate/20190701235914_add_extended_at_to_secret.rb b/db/migrate/20190701235914_add_extended_at_to_secret.rb new file mode 100644 index 0000000..9c73592 --- /dev/null +++ b/db/migrate/20190701235914_add_extended_at_to_secret.rb @@ -0,0 +1,5 @@ +class AddExtendedAtToSecret < ActiveRecord::Migration + def change + add_column :secrets, :extended_at, :datetime + end +end diff --git a/db/migrate/20190702044234_add_devise_two_factor_to_users.rb b/db/migrate/20190702044234_add_devise_two_factor_to_users.rb new file mode 100644 index 0000000..61fe494 --- /dev/null +++ b/db/migrate/20190702044234_add_devise_two_factor_to_users.rb @@ -0,0 +1,9 @@ +class AddDeviseTwoFactorToUsers < ActiveRecord::Migration + def change + add_column :users, :encrypted_otp_secret, :string + add_column :users, :encrypted_otp_secret_iv, :string + add_column :users, :encrypted_otp_secret_salt, :string + add_column :users, :consumed_timestep, :integer + add_column :users, :otp_required_for_login, :boolean + end +end diff --git a/db/migrate/20190709014931_add_no_email_to_secrets.rb b/db/migrate/20190709014931_add_no_email_to_secrets.rb new file mode 100644 index 0000000..7405698 --- /dev/null +++ b/db/migrate/20190709014931_add_no_email_to_secrets.rb @@ -0,0 +1,5 @@ +class AddNoEmailToSecrets < ActiveRecord::Migration + def change + add_column :secrets, :no_email, :boolean + end +end diff --git a/db/migrate/20190710042019_create_user_settings.rb b/db/migrate/20190710042019_create_user_settings.rb new file mode 100644 index 0000000..bcf390b --- /dev/null +++ b/db/migrate/20190710042019_create_user_settings.rb @@ -0,0 +1,8 @@ +class CreateUserSettings < ActiveRecord::Migration + def change + create_table :user_settings do |t| + t.text :send_secret_email_template + t.belongs_to :user, index: true, foreign_key: true + end + end +end diff --git a/db/migrate/20190725064036_create_subscriptions.rb b/db/migrate/20190725064036_create_subscriptions.rb new file mode 100644 index 0000000..d100212 --- /dev/null +++ b/db/migrate/20190725064036_create_subscriptions.rb @@ -0,0 +1,12 @@ +class CreateSubscriptions < ActiveRecord::Migration + def change + create_table :subscriptions do |t| + t.string :code + t.integer :status + t.json :cached_metadata + t.json :cached_transaction_details + + t.timestamps null: false + end + end +end diff --git a/db/schema.rb b/db/schema.rb index 4fafe2a..9202cf0 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -11,11 +11,27 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema.define(version: 20170408130142) do +ActiveRecord::Schema.define(version: 20190725064036) do # These are extensions that must be enabled in order to support this database enable_extension "plpgsql" + create_table "activity_logs", force: :cascade do |t| + t.string "key" + t.integer "owner_id" + t.string "owner_type" + t.integer "trackable_id" + t.string "trackable_type" + t.integer "recipient_id" + t.string "recipient_type" + t.datetime "created_at", null: false + t.datetime "updated_at", null: false + end + + add_index "activity_logs", ["owner_type", "owner_id"], name: "index_activity_logs_on_owner_type_and_owner_id", using: :btree + add_index "activity_logs", ["recipient_type", "recipient_id"], name: "index_activity_logs_on_recipient_type_and_recipient_id", using: :btree + add_index "activity_logs", ["trackable_type", "trackable_id"], name: "index_activity_logs_on_trackable_type_and_trackable_id", using: :btree + create_table "auth_tokens", force: :cascade do |t| t.string "email" t.string "hashed_token" @@ -39,6 +55,53 @@ t.datetime "created_at", null: false t.datetime "updated_at", null: false t.string "access_key" + t.datetime "extended_at" + t.boolean "no_email" end + create_table "subscriptions", force: :cascade do |t| + t.string "code" + t.integer "status" + t.json "cached_metadata" + t.json "cached_transaction_details" + t.datetime "created_at", null: false + t.datetime "updated_at", null: false + end + + create_table "user_settings", force: :cascade do |t| + t.text "send_secret_email_template" + t.integer "user_id" + end + + add_index "user_settings", ["user_id"], name: "index_user_settings_on_user_id", using: :btree + + create_table "users", force: :cascade do |t| + t.string "email", default: "", null: false + t.string "encrypted_password", default: "", null: false + t.string "reset_password_token" + t.datetime "reset_password_sent_at" + t.datetime "remember_created_at" + t.integer "sign_in_count", default: 0, null: false + t.datetime "current_sign_in_at" + t.datetime "last_sign_in_at" + t.inet "current_sign_in_ip" + t.inet "last_sign_in_ip" + t.string "confirmation_token" + t.datetime "confirmed_at" + t.datetime "confirmation_sent_at" + t.string "unconfirmed_email" + t.datetime "created_at", null: false + t.datetime "updated_at", null: false + t.string "encrypted_otp_secret" + t.string "encrypted_otp_secret_iv" + t.string "encrypted_otp_secret_salt" + t.integer "consumed_timestep" + t.boolean "otp_required_for_login" + end + + add_index "users", ["confirmation_token"], name: "index_users_on_confirmation_token", unique: true, using: :btree + add_index "users", ["email"], name: "index_users_on_email", unique: true, using: :btree + add_index "users", ["reset_password_token"], name: "index_users_on_reset_password_token", unique: true, using: :btree + + add_foreign_key "user_settings", "users" end diff --git a/db/seeds.rb b/db/seeds.rb index 4edb1e8..9e6eac5 100644 --- a/db/seeds.rb +++ b/db/seeds.rb @@ -5,3 +5,75 @@ # # cities = City.create([{ name: 'Chicago' }, { name: 'Copenhagen' }]) # Mayor.create(name: 'Emanuel', city: cities.first) + +if Rails.env.development? + puts "Seeding user with secrets" + user = User.find_or_initialize_by(email: 'user@secretlink.org').tap do |u| + u.password = 'password' + u.password_confirmation = 'password' + u.confirmed_at = Time.current + u.save + end + + secret_key = '3d000ea44a98b640028d6e446ad6e98b' + secrets = [ + { + title: 'Sample Secret', + uuid: '123', + secret_key: secret_key, + from_email: user.email, + to_email: 'recipient@secretlink.org', + secret: 'abc', + comments:'This is a sample secret', + expire_at: Time.current + 10.days + }, + { + title: 'Consumed Secret', + uuid: '456', + secret_key: secret_key, + from_email: user.email, + to_email: 'recipient@secretlink.org', + secret: 'abc', + comments:'This is a consumed secret', + expire_at: Time.current + 10.days, + consumed_at: Time.current + }, + { + title: 'Expired Secret', + uuid: '789', + secret_key: secret_key, + from_email: user.email, + to_email: 'recipient@secretlink.org', + secret: 'abc', + comments:'This is an expired secret', + expire_at: Time.current - 10.days + }, + { + title: 'Expired and Extended Secret', + uuid: '101112', + secret_key: secret_key, + from_email: user.email, + to_email: 'recipient@secretlink.org', + secret: 'abc', + comments:'This is an expired secret', + expire_at: Time.current - 10.days, + extended_at: Time.current - 10.days + } + ] + + secrets.each do |secret| + Secret.find_or_initialize_by(uuid: secret[:uuid]) do |s| + s.title = secret[:title] + s.uuid = secret[:uuid] + s.secret_key = secret[:secret_key] + s.from_email = secret[:from_email] + s.to_email = secret[:to_email] + s.secret = secret[:secret] + s.comments = secret[:comments] + s.expire_at = secret[:expire_at] + s.consumed_at = secret[:consumed_at] + s.extended_at = secret[:extended_at] + s.save! + end + end +end diff --git a/lib/html_to_text_parser.rb b/lib/html_to_text_parser.rb new file mode 100644 index 0000000..a0fc038 --- /dev/null +++ b/lib/html_to_text_parser.rb @@ -0,0 +1,22 @@ +class HTMLToTextParser + attr_accessor :doc + + def initialize(html) + @doc = Nokogiri::HTML(html) + end + + def run + handle_br + convert_to_text + end + + def handle_br + doc.css('br').each do |node| + node.replace(Nokogiri::XML::Text.new("\n #{node.text}", doc)) + end + end + + def convert_to_text + @doc.text + end +end diff --git a/lib/view_builder.rb b/lib/view_builder.rb new file mode 100644 index 0000000..92908dd --- /dev/null +++ b/lib/view_builder.rb @@ -0,0 +1,25 @@ +class ViewBuilder + DEFAULT_DIR = 'app/views' + + attr_accessor :view_path, :view_binding + + def initialize(view_path, view_binding) + @view_path = view_path + @view_binding = view_binding + end + + def run + parse_template(load_template) + end + + private + + def parse_template(template) + ERB.new(template).result(view_binding) + end + + def load_template + path = Rails.root.join(DEFAULT_DIR, view_path) + File.read(path) + end +end diff --git a/spec/factories/secret.rb b/spec/factories/secret.rb new file mode 100644 index 0000000..4794107 --- /dev/null +++ b/spec/factories/secret.rb @@ -0,0 +1,24 @@ +FactoryBot.define do + factory :secret do + uuid { SecureRandom.uuid } + secret_key { SecureRandom.hex(16) } + title { 'Sample Secret' } + from_email { 'someone@secretlink.org' } + to_email { 'user@random.com' } + secret { 'abc' } + comments { 'This is a sample secret' } + expire_at { Time.current + 10.days } + + trait :consumed do + consumed_at { Time.current } + end + + trait :expired do + expire_at { Time.current - 10.days } + end + + trait :extended do + extended_at { Time.current } + end + end +end diff --git a/spec/factories/users.rb b/spec/factories/users.rb new file mode 100644 index 0000000..b2d7b04 --- /dev/null +++ b/spec/factories/users.rb @@ -0,0 +1,39 @@ +FactoryBot.define do + factory :user do + email { 'user@secretlink.org' } + password { 'password' } + password_confirmation { 'password' } + confirmed_at { Time.current } + otp_required_for_login { false } + + trait :unconfirmed do + password { nil } + password_confirmation { nil } + confirmation_token { 'token' } + confirmed_at { nil } + otp_required_for_login { false } + end + + trait :confirmed_without_password do + password { nil } + password_confirmation { nil } + confirmation_token { 'token' } + confirmed_at { nil } + + after :create do |user| + user.update(confirmed_at: Time.current) + end + end + + trait :with_secret do + after :create do |user| + create_list(:secret, 1, user: user) + end + end + + trait :otp_enabled do + otp_required_for_login { true } + otp_secret { User.generate_otp_secret } + end + end +end diff --git a/spec/features/auth_token_spec.rb b/spec/features/auth_token_spec.rb deleted file mode 100644 index 1919a9f..0000000 --- a/spec/features/auth_token_spec.rb +++ /dev/null @@ -1,75 +0,0 @@ -require "rails_helper" - -describe AuthToken do - - let(:from_email) { "from@example.com" } - - it "allows sending a token without javascript support" do - visit root_path - expect(page).to have_content("Share a secret now...") - fill_in "auth_token[email]", with: from_email - expect { - click_button "Send SecretLink.org Token" - }.to change(AuthToken, :count).by(1) - end - - it "generates an auth token", js: true do - visit root_path - expect(page).to have_content("Share a secret now...") - fill_in "auth_token[email]", with: from_email - page.driver.scroll_to(0, 500) - expect { - click_button "Send SecretLink.org Token" - }.to change(AuthToken, :count).by(1) - end - - it "provides a message if a token is invalid" do - visit "/auth_tokens/ijustmadethisup" - expect(page).to have_content("Sorry, we don't know who you are, try sending a new token!") - end - - describe "with an existing auth token saved to the database" do - - let!(:auth_token) { - AuthToken.create( - email: from_email - ) - } - - it "finds the token and deletes it" do - expect { - visit auth_token_path(auth_token.hashed_token) - }.to change(AuthToken.where(hashed_token: auth_token.hashed_token), :count).by(-1) - end - - it "redirects to the new secret page with the sender's address filled in" do - visit auth_token_path(auth_token.hashed_token) - expect(current_path).to eq(new_secret_path) - expect(find("#secret_from_email").value).to eq(from_email) - end - - end - - describe "trying to create an auth token from a non approved domain" do - - let!(:auth_token) { - AuthToken.create( - email: from_email - ) - } - - it "finds the token and deletes it" do - expect { - visit auth_token_path(auth_token.hashed_token) - }.to change(AuthToken.where(hashed_token: auth_token.hashed_token), :count).by(-1) - end - - it "redirects to the new secret page with the sender's address filled in" do - visit auth_token_path(auth_token.hashed_token) - expect(current_path).to eq(new_secret_path) - expect(find("#secret_from_email").value).to eq(from_email) - end - - end - -end diff --git a/spec/features/closed_system_spec.rb b/spec/features/closed_system_spec.rb index 7521e5d..8fa5986 100644 --- a/spec/features/closed_system_spec.rb +++ b/spec/features/closed_system_spec.rb @@ -2,7 +2,7 @@ describe "Generating auth tokens on a closed system" do - let(:from_email) { "from@example.com" } + let(:user) { create :user, email: "user@example.com" } let(:authorised_domain) { "example.com" } before(:each) do @@ -11,8 +11,8 @@ allow(Rails.configuration).to \ receive(:topsekrit_authorised_domain).and_return(authorised_domain) - auth_token = AuthToken.create!(email: from_email) - visit auth_token_path(auth_token.hashed_token) + login_as(user) + visit new_secret_path fill_in "Title", with: "Super Secret" fill_in "Recipient", with: to_email @@ -46,4 +46,4 @@ end -end \ No newline at end of file +end diff --git a/spec/features/extending_secret_spec.rb b/spec/features/extending_secret_spec.rb new file mode 100644 index 0000000..cb9e714 --- /dev/null +++ b/spec/features/extending_secret_spec.rb @@ -0,0 +1,73 @@ +require 'rails_helper' + +describe 'Extending secret' do + let!(:user) { create :user } + let!(:secret) { create :secret, title: 'Valid Secret', user: user } + let!(:extended_secret) { create :secret, :extended, title: 'Extended Secret', user: user } + let!(:consumed_secret) { create :secret, :consumed, title: 'Consumed Secret', user: user } + let!(:expired_secret) { create :secret, :expired, title: 'Expired Secret', user: user } + let!(:expired_and_extended) { create :secret, :expired, :extended, title: 'Expired and Extended', user: user } + + before do + login_as(user) + visit dashboard_path + end + + it 'shows the correct label for secrets' do + within(:css, "##{secret.id}.secret-item") do + expect(page).to have_content(secret.title) + expect(page).to_not have_content('Extended') + expect(page).to_not have_content('Viewed and Deleted') + expect(page).to_not have_css('.extend-btn') + end + end + + it 'shows the correct label for consumed secrets' do + within(:css, "##{consumed_secret.id}.secret-item") do + expect(page).to have_content(consumed_secret.title) + expect(page).to have_content('Viewed and Deleted') + expect(page).to_not have_content('Extended') + expect(page).to_not have_css('.extend-btn') + end + end + + it 'shows the extend button for expired secrets' do + within(:css, "##{expired_secret.id}.secret-item") do + expect(page).to have_content(expired_secret.title) + expect(page).to have_css('.extend-btn') + expect(page).to_not have_content('Viewed and Deleted') + expect(page).to_not have_content('Extended') + end + end + + it 'shows the correct label for expired and extended secrets' do + within(:css, "##{expired_and_extended.id}.secret-item") do + expect(page).to have_content(expired_and_extended.title) + expect(page).to have_content('Extended') + expect(page).to_not have_content('Viewed and Deleted') + expect(page).to_not have_css('.extend-btn') + end + end + + describe 'successful' do + before do + Timecop.freeze + + within(:css, "##{expired_secret.id}.secret-item") do + expect(page).to have_content('Expired Secret') + click_on 'Extend' + end + end + + after { Timecop.return } + + it 'allows to extend expiry of unconsumed and expired secret' do + expect(page).to have_content(I18n.t('secrets.extended_expiry', title: expired_secret.title)) + expect(expired_secret.reload.expire_at).to eq Time.current + 1.week + end + + it 'sets the extended_at column' do + expect(expired_secret.reload.extended_at).to eq Time.current + end + end +end diff --git a/spec/features/limited_system_spec.rb b/spec/features/limited_system_spec.rb deleted file mode 100644 index ec4ba4e..0000000 --- a/spec/features/limited_system_spec.rb +++ /dev/null @@ -1,67 +0,0 @@ -require "rails_helper" - -describe "Generating auth tokens on a limited system" do - - let(:from_email) { "from@example.com" } - let(:disapproved_email) { "from@example.org" } - let(:authorised_domain) { "example.com" } - - before(:each) do - allow(Rails.configuration).to \ - receive(:topsekrit_authorisation_setting).and_return(:limited) - - allow(Rails.configuration).to \ - receive(:topsekrit_authorised_domain).and_return(authorised_domain) - - allow_any_instance_of(AuthToken).to receive(:notify).and_return(true) - - visit new_auth_token_path - end - - context "using an approved email domain" do - - it "generates an auth token without javascript" do - visit root_path - expect(page).to have_content("Share a secret now...") - fill_in "auth_token[email]", with: from_email - expect { - click_button "Send SecretLink.org Token" - }.to change(AuthToken, :count).by(1) - end - - it "generates an auth token with javascript", js: true do - visit root_path - expect(page).to have_content("Share a secret now...") - fill_in "auth_token[email]", with: from_email - page.driver.scroll_to(0, 500) - expect { - click_button "Send SecretLink.org Token" - }.to change(AuthToken, :count).by(1) - end - end - - context "trying to use a disapproved email domain" do - - it "returns an error without javascript" do - visit root_path - expect(page).to have_content("Share a secret now...") - fill_in "auth_token[email]", with: disapproved_email - expect { - click_button "Send SecretLink.org Token" - }.to_not change(AuthToken, :count) - expect(page).to have_content("Only email addresses from #{authorised_domain} are authorised to create secrets") - end - - it "returns an error with javascript", js: true do - visit root_path - expect(page).to have_content("Share a secret now...") - fill_in "auth_token[email]", with: disapproved_email - page.driver.scroll_to(0, 500) - expect { - click_button "Send SecretLink.org Token" - }.to_not change(AuthToken, :count) - expect(page).to have_content("Only email addresses from #{authorised_domain} are authorised to create secrets") - end - end - -end diff --git a/spec/features/oauth_feature_spec.rb b/spec/features/oauth_feature_spec.rb index 0d2bd6b..4c48ee8 100644 --- a/spec/features/oauth_feature_spec.rb +++ b/spec/features/oauth_feature_spec.rb @@ -2,49 +2,128 @@ describe 'oauth via google' do - before do - OmniAuth.config.test_mode = true - end + before { OmniAuth.config.test_mode = true } + after { OmniAuth.config.mock_auth[:google_oauth2] = nil } - after do - OmniAuth.config.mock_auth[:google_oauth2] = nil - end + let!(:info) { { first_name: 'John', last_name: 'Smith', email: 'a@google.com' } } describe 'successful auth' do + before do + OmniAuth.config.add_mock(:google_oauth2, info: info) + + visit root_path + find('a#oauth-google').click + end + + it 'creates a confirmed user without password' do + user = User.find_by(email: info[:email]) + + expect(user).to_not be_nil + expect(user.encrypted_password).to be_blank + expect(user.confirmed_at).to_not be_nil + end + + it 'redirects to password update page' do + expect(page).to have_content I18n.t('devise.confirmations.confirmed') + expect(page).to have_content 'Setup login credentials' + end + end + + describe 'user is already in the system but unconfirmed' do + let!(:user) { create :user, :unconfirmed, email: info[:email] } before do - OmniAuth.config.add_mock(:google_oauth2, - info: { first_name: 'John', last_name: 'Smith', email: 'a@google.com' } - ) + OmniAuth.config.add_mock(:google_oauth2, info: info) + visit root_path + find('a#oauth-google').click end - it 'signs me in' do - visit new_auth_token_path + it 'confirms the user' do + expect(user.reload.confirmed_at).to_not be_nil + end + + it 'redirects user to enter password' do + expect(page).to have_content('Setup login credentials') + + fill_in 'user[password]', with: 'password' + fill_in 'user[password_confirmation]', with: 'password' + click_on 'Save' + + expect(page).to have_content I18n.t('welcome') + expect(page).to have_content 'Create a new secret to send' + expect(user.reload.encrypted_password).to_not be_blank + end + end + + describe 'user is already in the system but failed to set password' do + let!(:user) { create :user, :confirmed_without_password, email: info[:email] } + + before do + OmniAuth.config.add_mock(:google_oauth2, info: info) + visit root_path find('a#oauth-google').click - expect(page).to have_content('Authenticated as "a@google.com" via google') end + it 'redirects user to enter password' do + expect(page).to have_content('Setup login credentials') + + fill_in 'user[password]', with: 'password' + fill_in 'user[password_confirmation]', with: 'password' + click_on 'Save' + + expect(page).to have_content I18n.t('welcome') + expect(page).to have_content 'Create a new secret to send' + expect(user.reload.encrypted_password).to_not be_blank + end end describe 'unsuccessful auth' do - let!(:previous_logger) { OmniAuth.config.logger } - before do - OmniAuth.config.mock_auth[:google_oauth2] = :invalid_credentials - OmniAuth.config.logger = Logger.new("/dev/null") + context 'user is already registered' do + let!(:existing_user) { create :user, email: info[:email] } + before { OmniAuth.config.add_mock(:google_oauth2, info: info) } + + it 'redirects to login page' do + visit root_path + find('a#oauth-google').click + + expect(page).to have_content I18n.t('oauth.already_registered') + expect(page).to have_current_path(user_session_path) + end end - it 'does not sign me in' do - visit new_auth_token_path - find('a#oauth-google').click - expect(page).to have_content('Authentication failed') + context 'google failed to authenticate' do + before do + OmniAuth.config.mock_auth[:google_oauth2] = :invalid_credentials + OmniAuth.config.logger = Logger.new("/dev/null") + end + + it 'does not register the user' do + visit root_path + find('a#oauth-google').click + + expect(User.count).to eq 0 + expect(page).to have_content I18n.t('oauth.failed') + end + + after { OmniAuth.config.logger = previous_logger } end - after do - OmniAuth.config.logger = previous_logger + context 'system is closed and user is not authorised' do + before do + configure_authorisation(:closed, 'strict.com') + OmniAuth.config.add_mock(:google_oauth2, info: info) + end + + it 'does not register the user' do + visit root_path + find('a#oauth-google').click + + expect(User.count).to eq 0 + expect(page).to have_content I18n.t('field_errors.unauthorised') + end end end - -end \ No newline at end of file +end diff --git a/spec/features/sending_another_secret_spec.rb b/spec/features/sending_another_secret_spec.rb new file mode 100644 index 0000000..602c65a --- /dev/null +++ b/spec/features/sending_another_secret_spec.rb @@ -0,0 +1,23 @@ +require 'rails_helper' + +describe 'Sending another secret' do + let!(:user) { create :user } + let!(:secret) { create :secret, user: user } + + before do + login_as(user) + visit dashboard_path + click_on 'Send Another' + end + + it 'navigates to new secret page' do + expect(page).to have_current_path(new_secret_path(base_id: secret.uuid)) + end + + it 'copies details of old secrets' do + expect(page).to have_selector("input[value='#{secret.title}']") + expect(page).to have_selector("input[value='#{secret.from_email}']") + expect(page).to have_selector("input[value='#{secret.to_email}']") + expect(page).to have_content(secret.comments) + end +end diff --git a/spec/features/sending_secret_spec.rb b/spec/features/sending_secret_spec.rb index aa29d75..f083821 100644 --- a/spec/features/sending_secret_spec.rb +++ b/spec/features/sending_secret_spec.rb @@ -2,36 +2,27 @@ describe "Sending a secret" do + let(:user) { create :user } let(:to_email) { "to@example.com" } - let(:from_email) { "from@example.com" } - - before(:each) do - allow_any_instance_of(AuthToken).to receive(:notify).and_return(true) - end describe "creating a secret" do - - let(:auth_token_params) { { email: from_email } } - let!(:auth_token) { - AuthTokenService.generate(auth_token_params) - AuthToken.where(email: from_email).first - } let(:secret) { Secret.last } before do - visit auth_token_path(auth_token.hashed_token) + login_as(user) + visit new_secret_path fill_in "Title", with: "Super Secret" fill_in "Recipient", with: to_email fill_in "Secret", with: "AbC123" fill_in "Comments", with: "Some super secret info" fill_in "Expire at", with: (Time.current + 1.day).strftime("%d %B, %Y") click_button "Send your Secret" - expect(current_path).to eql(new_secret_path) + expect(current_path).to eql(dashboard_path) end it "allows a secret to be created" do expect(secret.title).to eq("Super Secret") - expect(secret.from_email).to eq(from_email) + expect(secret.from_email).to eq(user.email) expect(secret.to_email).to eq(to_email) expect(secret.comments).to eq("Some super secret info") expect(secret.expire_at).to eq((Date.current + 1).strftime("%Y-%m-%d")) @@ -41,7 +32,7 @@ it "sends an email to the recipient" do email = ActionMailer::Base.deliveries.last expect(email.to).to eq([to_email]) - expect(email.reply_to).to eq([from_email]) + expect(email.reply_to).to eq([user.email]) expect(email.subject).to eq("SecretLink.org: A secret has been shared with you - Reference #{Secret.last.uuid}") expect(email.from).to eq(["info@SecretLink.org"]) expect(email.to_s).to match("This link will show you the secret:") @@ -63,7 +54,7 @@ describe "accessing a secret" do let!(:secret) { - SecretService.encrypt_new_secret({from_email: from_email, + SecretService.encrypt_new_secret({from_email: user.email, to_email: to_email, secret: "Super Secret Message", expire_at: Time.current + 7.days}) @@ -88,6 +79,13 @@ expect(Secret.find(secret.id).encrypted_secret).to_not be_nil end + it "shows the user a link to registration" do + expect(page).to have_content("Start sending your secret. Register Here") + + click_on "Register Here" + expect(page).to have_current_path(new_user_registration_path) + end + it "retrieves and decrypts the secret" do click_button "Click here to show the secret" expect(page).to have_content("Super Secret Message") @@ -109,11 +107,11 @@ click_button "Click here to show the secret" expect(page).to have_content("Super Secret Message") email = ActionMailer::Base.deliveries.last - expect(email.to).to eq([from_email]) + expect(email.to).to eq([user.email]) expect(email.reply_to).to eq([to_email]) expect(email.subject).to eq("Your secret was consumed on SecretLink.org - Reference #{Secret.last.uuid}") expect(email.from).to eq(["info@SecretLink.org"]) - expect(email.text_part.to_s).to match("from@example.com") + expect(email.text_part.to_s).to match(user.email) expect(email.text_part.to_s).to match("The encrypted information has now been deleted from the database") end @@ -122,19 +120,46 @@ describe "trying to access an expired secret" do let!(:secret) { - SecretService.encrypt_new_secret({from_email: from_email, + SecretService.encrypt_new_secret({from_email: user.email, to_email: to_email, secret: "Super Secret Message", - expire_at: Time.now - 1}) + expire_at: Time.current - 1}) } let!(:link_to_secret) { ActionMailer::Base.deliveries.last.text_part.to_s.match(/http[\S]+/)} # Even if the expired secret worker isn't working the secret shouldn't be accessible it "informs the secret is expired and ensures the encrypted secret is removed" do visit link_to_secret - expect(page).to have_content("Sorry, that secret has expired, please ask the person who sent it to you to send it again.") + expect(page).to have_content I18n.t('secrets.expired_error', from_email: secret.from_email) expect(page).to_not have_content("Super Secret Message") end end + + describe 'creating secret without sending an email', js: true do + let(:secret) { Secret.last } + + before do + login_as(user) + visit new_secret_path + fill_in "Title", with: "Super Secret" + check("Copy the link (don't send email)") + fill_in "Secret", with: "AbC123" + fill_in "Comments", with: "Some super secret info" + end + + it 'redirects to copy page' do + click_button "Send your Secret" + + expect(page).to have_current_path(copy_secrets_path) + expect(page).to have_content I18n.t('secrets.create.success.without_email') + expect(page).to have_content('Copy Link') + expect(page).to have_content(/\/secrets\/#{secret.uuid}\?key=\w+/) + end + + it 'does not send an email' do + expect { click_button "Send your Secret" } + .to_not change { ActionMailer::Base.deliveries.count } + end + end end diff --git a/spec/features/two_factor_auth_setup_spec.rb b/spec/features/two_factor_auth_setup_spec.rb new file mode 100644 index 0000000..57e85ec --- /dev/null +++ b/spec/features/two_factor_auth_setup_spec.rb @@ -0,0 +1,79 @@ +require 'rails_helper' + +describe 'Two Factor Auth Setup', js: true do + describe 'enable' do + let!(:user) { create :user, :with_secret } + + before do + login_as(user) + visit edit_two_factor_auth_path + end + + context 'successful' do + it 'enable users two factor authentication' do + expect(page).to_not have_content('Install a two-factor') + + check('Enable two factor authentication') + expect(page).to have_content('Install a two-factor') + fill_in 'user[otp_attempt]', with: user.current_otp + fill_in 'user[current_password]', with: 'password' + click_on 'Save Settings' + + expect(page).to have_content I18n.t('two_factor.update_success', verb: 'enabled') + expect(user.reload.otp_required_for_login).to be true + end + end + + context 'failed' do + it 'does not enable two factor authentication' do + expect(page).to_not have_content('Install a two-factor') + + check('Enable two factor authentication') + expect(page).to have_content('Install a two-factor') + fill_in 'user[otp_attempt]', with: user.current_otp + fill_in 'user[current_password]', with: 'wrong password' + click_on 'Save Settings' + + expect(page).to have_content I18n.t('two_factor.update_failed') + expect(user.reload.otp_required_for_login).to be false + end + end + end + + describe 'disable' do + let!(:user) { create :user, :otp_enabled, :with_secret } + + before do + login_as(user) + visit edit_two_factor_auth_path + end + + context 'successful' do + it 'disables users two factor authentication' do + expect(page).to have_content('Use the form below to connect a new device') + + uncheck('Enable two factor authentication') + expect(page).to_not have_content('Use the form below to connect a new device') + fill_in 'user[current_password]', with: 'password' + click_on 'Save Settings' + + expect(page).to have_content I18n.t('two_factor.update_success', verb: 'disabled') + expect(user.reload.otp_required_for_login).to be false + end + end + + context 'failed' do + it 'does not enable users two factor authentication' do + expect(page).to have_content('Use the form below to connect a new device') + + uncheck('Enable two factor authentication') + expect(page).to_not have_content('Use the form below to connect a new device') + fill_in 'user[current_password]', with: 'wrong password' + click_on 'Save Settings' + + expect(page).to have_content I18n.t('two_factor.update_failed') + expect(user.reload.otp_required_for_login).to be true + end + end + end +end diff --git a/spec/features/updating_email_template_spec.rb b/spec/features/updating_email_template_spec.rb new file mode 100644 index 0000000..03ba9bc --- /dev/null +++ b/spec/features/updating_email_template_spec.rb @@ -0,0 +1,49 @@ +require 'rails_helper' + +describe 'Updating email template', js: true do + let!(:user) { create :user } + + before do + login_as(user) + visit edit_email_template_path + end + + describe 'successfully' do + it 'updates the default email template' do + expect(page).to have_content('Email Template') + + editor = find('trix-editor') + editor.assert_text("#{user.email} has shared a secret with you via SecretLink.org") + + editor.click.set('Edited email template') + click_on I18n.t('buttons.update') + + expect(page).to have_content I18n.t('email_template.update.success') + expect(user.settings.reload.send_secret_email_template).to match /Edited email template./ + end + end + + describe 'Sending with updated email template' do + let(:user) { create :user } + let(:to_email) { "to@example.com" } + + before do + user.settings.update!(send_secret_email_template: 'Updated email template.') + + login_as(user) + visit new_secret_path + fill_in "Title", with: "Super Secret" + fill_in "Recipient", with: to_email + fill_in "Secret", with: "AbC123" + fill_in "Comments", with: "Some super secret info" + fill_in "Expire at", with: (Time.current + 1.day).strftime("%d %B, %Y") + click_button "Send your Secret" + end + + it 'is sent with the secret message' do + mail = ActionMailer::Base.deliveries.last + expect(mail.html_part.body.to_s).to match(/Updated email template./) + expect(mail.text_part.body.to_s).to match(/Updated email template./) + end + end +end diff --git a/spec/features/user_confirmation_spec.rb b/spec/features/user_confirmation_spec.rb new file mode 100644 index 0000000..192a94a --- /dev/null +++ b/spec/features/user_confirmation_spec.rb @@ -0,0 +1,103 @@ +require 'rails_helper' + +describe 'User confirmation', js: true do + let!(:user) { create :user, :unconfirmed } + let!(:otp_secret) { "jk5ap26gyp255cmseomnttmm" } + + before do + user.otp_secret = otp_secret + allow(User).to receive(:generate_otp_secret).and_return(otp_secret) + + visit user_confirmation_path(confirmation_token: user.confirmation_token) + end + + describe 'successful' do + it 'confirms the user' do + expect(page).to have_content I18n.t('devise.confirmations.confirmed') + expect(user.reload.confirmed_at).to_not be_nil + end + + it 'asks the user to set the password' do + expect(page).to have_content('Setup login credentials') + expect(user.encrypted_password).to be_blank + + fill_in 'user[password]', with: 'password' + fill_in 'user[password_confirmation]', with: 'password' + click_on 'Save' + + expect(page).to have_content I18n.t('welcome') + expect(page).to have_content 'Create a new secret to send' + + expect(user.reload.encrypted_password).to_not be_blank + end + + it 'allows the user to enable 2FA' do + expect(page).to have_content('Setup login credentials') + expect(user.encrypted_password).to be_blank + expect(user.otp_required_for_login).to be false + + fill_in 'user[password]', with: 'password' + fill_in 'user[password_confirmation]', with: 'password' + + check('Enable two factor authentication') + expect(page).to have_content('Install a two-factor') + fill_in 'user[otp_attempt]', with: user.current_otp + + click_on 'Save' + + expect(page).to have_content I18n.t('welcome') + expect(page).to have_content 'Create a new secret to send' + user.reload + + expect(user.encrypted_password).to_not be_blank + expect(user.otp_required_for_login).to be true + end + end + + describe 'token is nonexistent' do + it 'shows error' do + visit user_confirmation_path(confirmation_token: 'nonexistent') + expect(page).to have_content 'Confirmation token is invalid' + end + end + + describe 'password does not match' do + it 'it fails to update and shows errors' do + expect(page).to have_content('Setup login credentials') + expect(user.encrypted_password).to be_blank + expect(user.otp_required_for_login).to be false + + fill_in 'user[password]', with: 'password' + fill_in 'user[password_confirmation]', with: 'wrong password' + + check('Enable two factor authentication') + expect(page).to have_content('Install a two-factor') + fill_in 'user[otp_attempt]', with: user.current_otp + click_on 'Save' + + expect(page).to have_content "password doesn't match" + expect(user.reload.encrypted_password).to be_blank + expect(user.reload.otp_required_for_login).to be false + end + end + + describe 'otp is wrong' do + it 'it fails to update and shows errors' do + expect(page).to have_content('Setup login credentials') + expect(user.encrypted_password).to be_blank + expect(user.otp_required_for_login).to be false + + fill_in 'user[password]', with: 'password' + fill_in 'user[password_confirmation]', with: 'password' + + check('Enable two factor authentication') + expect(page).to have_content('Install a two-factor') + fill_in 'user[otp_attempt]', with: 'wrong otp' + click_on 'Save' + + expect(page).to have_content "is invalid" + expect(user.reload.encrypted_password).to be_blank + expect(user.reload.otp_required_for_login).to be false + end + end +end diff --git a/spec/features/user_registration_spec.rb b/spec/features/user_registration_spec.rb new file mode 100644 index 0000000..c77a019 --- /dev/null +++ b/spec/features/user_registration_spec.rb @@ -0,0 +1,110 @@ +require 'rails_helper' + +describe 'User registration with email' do + before { configure_authorisation(:open) } + + describe 'successful' do + let(:email) { "user@secretlink.org" } + + before do + visit root_path + fill_in "user[email]", with: email + end + + it 'creates an unconfirmed user' do + expect { click_on "Register" }.to change { User.count }.by(1) + + user = User.last + expect(user.email).to eq email + expect(user.confirmation_token).to_not be_nil + expect(user.confirmed_at).to be_nil + end + + it 'shows a confirmation message' do + click_on "Register" + expect(page).to have_content I18n.t('devise.registrations.signed_up_but_unconfirmed') + end + + it 'sends a confirmation email' do + click_on "Register" + + mail = ActionMailer::Base.deliveries.last + expect(mail.to).to match_array([email]) + expect(mail.subject).to eq "Confirmation instructions" + end + end + + describe 'user is already in the system but unconfirmed' do + let!(:email) { 'user@secretlink.org' } + let!(:user) { create :user, :unconfirmed, email: email } + + before do + visit root_path + fill_in 'user[email]', with: email + end + + it 'resends a confirmation email' do + expect { click_on 'Register' }.to_not change { User.count } + expect(page).to have_content I18n.t('devise.registrations.signed_up_but_unconfirmed') + + mail = ActionMailer::Base.deliveries.last + expect(mail.to).to match_array([email]) + expect(mail.subject).to eq 'Confirmation instructions' + end + end + + describe 'user is already in the system but failed to set password' do + let!(:email) { 'user@secretlink.org' } + let!(:user) { create :user, :confirmed_without_password, email: email } + + before do + visit root_path + fill_in 'user[email]', with: email + end + + it 'resends a password reset email' do + expect { click_on 'Register' }.to_not change { User.count } + expect(page).to have_content I18n.t('devise.registrations.signed_up_confirmed_without_password') + + mail = ActionMailer::Base.deliveries.last + expect(mail.to).to match_array([email]) + expect(mail.subject).to eq 'Reset password instructions' + end + end + + describe 'unsuccessful' do + let (:invalid_email) { "invalidemail" } + + it 'does not create a user' do + visit root_path + + expect(page).to have_content("Register") + fill_in "user[email]", with: invalid_email + + expect { click_on "Register" }.to_not change { User.count } + end + end + + context 'system is limited/closed' do + let!(:authorised_email) { 'authorised@secretlink.org' } + let!(:unauthorised_email) { 'unauthorised@domain.com' } + let!(:domain) { "secretlink.org" } + + before do + configure_authorisation(:closed, domain) + visit root_path + end + + it 'allows emails with authorised domain' do + fill_in "user[email]", with: authorised_email + expect { click_on "Register" }.to change { User.count }.by(1) + end + + it 'does not allow emails with unauthorised domains' do + fill_in "user[email]", with: unauthorised_email + expect { click_on "Register" }.to_not change { User.count } + expect(page).to have_content I18n.t('field_errors.unauthorised') + end + end + +end diff --git a/spec/features/user_session_spec.rb b/spec/features/user_session_spec.rb new file mode 100644 index 0000000..41fd5fb --- /dev/null +++ b/spec/features/user_session_spec.rb @@ -0,0 +1,64 @@ +require 'rails_helper' +describe 'User session' do + describe 'without otp' do + let(:user) { create :user, :with_secret } + + before do + visit new_user_session_path + end + + context 'successful' do + it 'signs in the user' do + fill_in "Email", with: user.email + fill_in "Password", with: user.password + click_on "Log in" + + expect(page).to have_content(I18n.t('devise.sessions.signed_in')) + expect(page).to have_current_path(root_path) + end + end + + context 'failed' do + it 'does not sign in the user' do + fill_in "Email", with: user.email + fill_in "Password", with: "wrong password" + click_on "Log in" + + expect(page).to have_content(I18n.t('devise.failure.invalid', authentication_keys: 'Email')) + expect(page).to have_current_path(new_user_session_path) + end + end + end + + describe 'with otp' do + let(:user) { create :user, :otp_enabled, :with_secret } + + before do + visit new_user_session_path + end + + context 'successful' do + it 'signs in the user' do + fill_in "Email", with: user.email + fill_in "Password", with: user.password + fill_in "user[otp_attempt]", with: user.current_otp + click_on "Log in" + + expect(page).to have_content(I18n.t('devise.sessions.signed_in')) + expect(page).to have_current_path(root_path) + end + end + + context 'failed' do + it 'does not sign in the user' do + fill_in "Email", with: user.email + fill_in "Password", with: user.password + fill_in "user[otp_attempt]", with: 'wrong otp' + click_on "Log in" + + expect(page).to have_content(I18n.t('devise.failure.invalid', authentication_keys: 'Email')) + expect(page).to have_current_path(new_user_session_path) + end + end + end +end diff --git a/spec/features/viewing_dashboard_spec.rb b/spec/features/viewing_dashboard_spec.rb new file mode 100644 index 0000000..cb70380 --- /dev/null +++ b/spec/features/viewing_dashboard_spec.rb @@ -0,0 +1,70 @@ +require 'rails_helper' + +describe 'Viewing Dashboard' do + let!(:user) { create :user } + let!(:dashboard_time_format) { I18n.t('date.formats.dashboard_time') } + + before do + login_as(user) + Timecop.freeze + end + + after { Timecop.return } + + context 'user has not sent a secret yet' do + it 'redirects to secrets_new_path' do + visit dashboard_path + expect(page).to have_current_path(new_secret_path) + expect(page).to have_content('Create a new secret') + expect(page).to have_content(I18n.t('welcome')) + end + end + + context 'user has already sent his first secret' do + let!(:secret) { create :secret, user: user } + let!(:consumed_secret) { + create :secret, :consumed, + to_email: 'activeuser@random.com', + title: 'Consumed Secret', + comments: 'This is a consumed secret', + user: user + } + + before do + visit dashboard_path + end + + it 'displays the unconsumed secret' do + within(:css, "##{secret.id}.secret-item") do + expect(page).to have_content('Sample Secret') + expect(page).to have_content(user.email) + expect(page).to have_content('user@random.com') + expect(page).to have_content("Sent: #{secret.created_at.strftime(dashboard_time_format)}") + expect(page).to have_content('not viewed') + expect(page).to have_content("expiry: #{secret.expire_at.strftime(dashboard_time_format)}") + + find('.notes-trigger').click + expect(page).to have_content('This is a sample secret') + end + end + + it 'displays the consumed secret' do + within(:css, "##{consumed_secret.id}.secret-item") do + expect(page).to have_content('Consumed Secret') + expect(page).to have_content(user.email) + expect(page).to have_content('activeuser@random.com') + expect(page).to have_content("Sent: #{consumed_secret.created_at.strftime(dashboard_time_format)}") + expect(page).to have_content("Viewed: #{consumed_secret.consumed_at.strftime(dashboard_time_format)}") + + find('.notes-trigger').click + expect(page).to have_content('This is a consumed secret') + end + end + + it 'has a link to create new secret' do + click_on 'Create New' + expect(page).to have_current_path(new_secret_path) + expect(page).to have_content('Create a new secret') + end + end +end diff --git a/spec/features/viewing_settings_spec.rb b/spec/features/viewing_settings_spec.rb new file mode 100644 index 0000000..b617aea --- /dev/null +++ b/spec/features/viewing_settings_spec.rb @@ -0,0 +1,18 @@ +require 'rails_helper' + +describe 'Viewing settings spec', js: true do + let!(:user) { create :user } + + before do + login_as(user) + visit dashboard_path + end + + it 'shows the account settings page' do + click_on 'Account' + click_on 'Settings' + + expect(page).to have_content('Account Settings') + expect(page).to have_link(nil, href: edit_two_factor_auth_path) + end +end diff --git a/spec/lib/html_to_text_parser_spec.rb b/spec/lib/html_to_text_parser_spec.rb new file mode 100644 index 0000000..71b0792 --- /dev/null +++ b/spec/lib/html_to_text_parser_spec.rb @@ -0,0 +1,10 @@ +require "rails_helper" + +describe HTMLToTextParser do + let!(:html) { "
    First line.
    Second line.
    " } + let!(:parser) { HTMLToTextParser.new html } + + it "converts html to text" do + expect(parser.run).to eq "First line.\n Second line." + end +end diff --git a/spec/lib/view_builder_spec.rb b/spec/lib/view_builder_spec.rb new file mode 100644 index 0000000..dbc2545 --- /dev/null +++ b/spec/lib/view_builder_spec.rb @@ -0,0 +1,22 @@ +require "rails_helper" + +class SampleContext + attr_accessor :user + def initialize + @user = User.new(email: 'user@test.com' ) + end +end + +describe ViewBuilder do + let!(:template) { 'sample_template.html.erb' } + let!(:context) { SampleContext.new } + + before { ViewBuilder::DEFAULT_DIR = 'spec/support' } + after { ViewBuilder::DEFAULT_DIR = 'app/views' } + + it "loads the template and converts to string" do + view = ViewBuilder.new(template, context.__binding__).run + expect(view).to match(/This is a sample template/) + expect(view).to match(/This depends on a user user@test.com/) + end +end diff --git a/spec/models/auth_token_spec.rb b/spec/models/auth_token_spec.rb index ff054ff..f050bb1 100644 --- a/spec/models/auth_token_spec.rb +++ b/spec/models/auth_token_spec.rb @@ -24,22 +24,6 @@ end - describe '#notify' do - - let!(:auth_token) { AuthToken.create!(email: from_email) } - - before do - auth_token.notify - end - - let(:email) { ActionMailer::Base.deliveries.last } - - it 'sends an email to the recipient with a link auth link' do - expect(email.to).to eq([from_email]) - expect(email.to_s).to match(/http:\/\/localhost:3000\/auth_tokens\/\S+/) - end - end - describe '#email_domain_authorised' do let(:auth_token) { AuthToken.new(email: from_email) } diff --git a/spec/models/secret_spec.rb b/spec/models/secret_spec.rb index c3f18af..48c92cb 100644 --- a/spec/models/secret_spec.rb +++ b/spec/models/secret_spec.rb @@ -5,7 +5,7 @@ describe "#expired?" do let!(:secret) { SecretService.encrypt_new_secret({from_email: 'a@a.com', to_email: 'b@b.com', - secret: 'cdefg', expire_at: Time.now - 7.days}) + secret: 'cdefg', expire_at: Time.current - 7.days}) } it 'is true if the expiry date is in the past' do @@ -13,7 +13,7 @@ end it 'is false if the expiry is in the future' do - secret.update_attributes(expire_at: Time.now + 2.days) + secret.update_attributes(expire_at: Time.current + 2.days) expect(secret.expired?).to be(false) end @@ -27,7 +27,7 @@ describe '#expire_at_within_limit' do let(:secret) { SecretService.encrypt_new_secret({from_email: 'a@a.com', to_email: 'b@b.com', - secret: 'cdefg', expire_at: Time.now + 7.days}) + secret: 'cdefg', expire_at: Time.current + 7.days}) } before do @@ -38,7 +38,7 @@ it 'does not allow secrets with a longer expiry than specified in the config' do expect(secret).to_not be_valid expect(secret.errors[:expire_at]).to eq([ - "Maximum expiry allowed is #{(Time.now + 6.days).strftime('%d %B %Y')}" + "Maximum expiry allowed is #{(Time.current + 6.days).strftime('%d %B %Y')}" ]) end @@ -51,7 +51,7 @@ secret.expire_at = nil expect(secret).to_not be_valid expect(secret.errors[:expire_at]).to eq([ - "Maximum expiry allowed is #{(Time.now + 6.days).strftime('%d %B %Y')}" + "Maximum expiry allowed is #{(Time.current + 6.days).strftime('%d %B %Y')}" ]) end @@ -60,7 +60,7 @@ describe 'email_domain_authorised' do let(:secret) { SecretService.encrypt_new_secret({from_email: 'a@a.com', to_email: 'b@b.com', - secret: 'cdefg', expire_at: Time.now + 7.days}) + secret: 'cdefg', expire_at: Time.current + 7.days}) } before do @@ -97,4 +97,26 @@ end end + + describe '#extend_expiry!' do + let!(:secret) { + SecretService.encrypt_new_secret({from_email: 'a@a.com', to_email: 'b@b.com', + secret: 'cdefg', expire_at: Time.current - 7.days}) + } + + before do + Timecop.freeze + secret.extend_expiry! + end + + after { Timecop.return } + + it 'extends the expire_at for 1 week' do + expect(secret.reload.expire_at).to eq Time.current + 1.week + end + + it 'sets the extended_at to today' do + expect(secret.reload.extended_at).to eq Time.current + end + end end diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb new file mode 100644 index 0000000..6bdb641 --- /dev/null +++ b/spec/models/user_spec.rb @@ -0,0 +1,54 @@ +require 'rails_helper' + +describe User do + describe 'hooks' do + it 'creates user settings after creation' do + user = User.create(email: 'user@test.com') + expect(user.settings).to_not be nil + end + end + + describe 'validations' do + let!(:domain) { 'reinteractive.net' } + let!(:authorised_user) { build :user, email: 'authorised@reinteractive.net' } + let!(:unauthorised_user) { build :user, email: 'unauthorised@example.com' } + + context 'system is closed' do + before { configure_authorisation(:closed, domain) } + + it 'validates if email is allowed for the system' do + expect(authorised_user).to be_valid + expect(unauthorised_user).to_not be_valid + expect(unauthorised_user.errors.messages[:email]).to include I18n.t('field_errors.unauthorised') + end + end + + context 'system is limited' do + before { configure_authorisation(:limited, domain) } + + it 'validates if email is allowed for the system' do + expect(authorised_user).to be_valid + expect(unauthorised_user).to_not be_valid + expect(unauthorised_user.errors.messages[:email]).to include I18n.t('field_errors.unauthorised') + end + end + + context 'system is open' do + before { configure_authorisation(:open, domain) } + + it 'does not validate if email is allowed for the system' do + expect(authorised_user).to be_valid + expect(unauthorised_user).to be_valid + end + end + end + + describe '#set_reset_password_token' do + it 'returns the plaintext token' do + potential_token = subject.send(:set_reset_password_token) + potential_token_digest = Devise.token_generator.digest(subject, :reset_password_token, potential_token) + actual_token_digest = subject.reset_password_token + expect(potential_token_digest).to eql(actual_token_digest) + end + end +end diff --git a/spec/rails_helper.rb b/spec/rails_helper.rb index 6101940..48b62fa 100644 --- a/spec/rails_helper.rb +++ b/spec/rails_helper.rb @@ -52,6 +52,5 @@ # Add commands to the rspec DSL for manipulating cookies config.include ShowMeTheCookies, :type => :feature - + config.include AuthorisationHelpers end - diff --git a/spec/services/auth_token_service_spec.rb b/spec/services/auth_token_service_spec.rb deleted file mode 100644 index 2fc97f2..0000000 --- a/spec/services/auth_token_service_spec.rb +++ /dev/null @@ -1,38 +0,0 @@ -require "rails_helper" - -describe AuthTokenService do - let(:sender) { "sender@email.com" } - let(:hash) { { email: sender }} - let!(:auth_token) { AuthToken.new(hash) } - - describe "#generate" do - let(:params) { { email: "superman@gmail.com" } } - let(:request_host) { "http://localhost:3000" } - - it "creates a token" do - expect { - AuthTokenService.generate(params) - }.to change(AuthToken, :count).by(1) - end - - context "valid auth_token" do - - it "tells the auth_token to notify if persisted" do - expect_any_instance_of(AuthToken).to receive(:notify).once - AuthTokenService.generate(params) - end - - end - - context "invalid auth_token" do - - it "does not tell the auth_token to notify" do - expect_any_instance_of(AuthToken).to_not receive(:notify) - AuthTokenService.generate(params.merge!(email: '')) - end - - end - - end - -end diff --git a/spec/services/authorised_email_service_spec.rb b/spec/services/authorised_email_service_spec.rb new file mode 100644 index 0000000..f63e3f6 --- /dev/null +++ b/spec/services/authorised_email_service_spec.rb @@ -0,0 +1,141 @@ +require 'rails_helper' + +describe AuthorisedEmailService do + describe '.closed_system?' do + it 'returns true when system is closed' do + configure_authorisation(:closed) + expect(AuthorisedEmailService.closed_system?).to eq(true) + end + + it 'returns false when system is open/limited' do + configure_authorisation(:open) + expect(AuthorisedEmailService.closed_system?).to eq(false) + + configure_authorisation(:limited) + expect(AuthorisedEmailService.closed_system?).to eq(false) + end + end + + describe '.limited_system?' do + it 'returns true when system is limited' do + configure_authorisation(:limited) + expect(AuthorisedEmailService.limited_system?).to eq(true) + end + + it 'returns false when system is open/closed' do + configure_authorisation(:open) + expect(AuthorisedEmailService.limited_system?).to eq(false) + + configure_authorisation(:closed) + expect(AuthorisedEmailService.limited_system?).to eq(false) + end + end + + describe '.open_system?' do + it 'returns true when system is open' do + configure_authorisation(:open) + expect(AuthorisedEmailService.open_system?).to eq(true) + end + + it 'returns false when system is limited/closed' do + configure_authorisation(:limited) + expect(AuthorisedEmailService.open_system?).to eq(false) + + configure_authorisation(:closed) + expect(AuthorisedEmailService.open_system?).to eq(false) + end + end + + describe '.closed_or_limited_system?' do + it 'returns true when system is closed/limited' do + configure_authorisation(:limited) + expect(AuthorisedEmailService.closed_or_limited_system?).to eq(true) + + configure_authorisation(:closed) + expect(AuthorisedEmailService.closed_or_limited_system?).to eq(true) + end + + it 'returns false when system is open' do + configure_authorisation(:open) + expect(AuthorisedEmailService.closed_or_limited_system?).to eq(false) + end + end + + describe '.authorised_to_register?' do + let!(:domain) { 'example.com' } + let!(:authorised_email) { 'authorised@example.com' } + let!(:unauthorised_email) { 'unauthorised@domain.com' } + + context 'system is closed' do + before { configure_authorisation(:closed, domain) } + + it 'returns true if email belongs to authorised domain' do + expect(AuthorisedEmailService.authorised_to_register?(authorised_email)).to eq(true) + end + + it 'returns false if email does not belong to authorised domain' do + expect(AuthorisedEmailService.authorised_to_register?(unauthorised_email)).to eq(false) + end + end + + context 'system is limited' do + before { configure_authorisation(:limited, domain) } + + it 'returns true if email belongs to authorised domain' do + expect(AuthorisedEmailService.authorised_to_register?(authorised_email)).to eq(true) + end + + it 'returns false if email does not belong to authorised domain' do + expect(AuthorisedEmailService.authorised_to_register?(unauthorised_email)).to eq(false) + end + end + + context 'system is open' do + before { configure_authorisation(:open, domain) } + + it 'returns true if email belongs to authorised domain' do + expect(AuthorisedEmailService.authorised_to_register?(authorised_email)).to eq(true) + end + + it 'returns true if email does not belong to authorised domain' do + expect(AuthorisedEmailService.authorised_to_register?(unauthorised_email)).to eq(true) + end + end + end + + describe '.email_domain_matches?' do + let!(:domain) { 'example.com' } + let!(:authorised_email) { 'authorised@example.com' } + let!(:unauthorised_email) { 'unauthorised@domain.com' } + + before { configure_authorisation(:open, domain) } + + it 'returns matched emails for authorised domain' do + matches = AuthorisedEmailService.email_domain_matches?(authorised_email) + expect(matches).to be_truthy + end + + it 'does not return matched emails for authorised domain' do + matches = AuthorisedEmailService.email_domain_matches?(unauthorised_email) + expect(matches).to be_falsey + end + end + + describe '.email_domain_does_not_match?' do + let!(:domain) { 'example.com' } + let!(:authorised_email) { 'authorised@example.com' } + let!(:unauthorised_email) { 'unauthorised@domain.com' } + + before { configure_authorisation(:open, domain) } + + it 'returns true if email does not belong to authorised domain' do + matches = AuthorisedEmailService.email_domain_does_not_match?(unauthorised_email) + expect(matches).to be true + end + + it 'returns false if email belongs to authorised domain' do + matches = AuthorisedEmailService.email_domain_does_not_match?(authorised_email) + expect(matches).to be false + end + end +end diff --git a/spec/services/copy_secret_service_spec.rb b/spec/services/copy_secret_service_spec.rb new file mode 100644 index 0000000..0132bb3 --- /dev/null +++ b/spec/services/copy_secret_service_spec.rb @@ -0,0 +1,51 @@ +require 'rails_helper' + +describe CopySecretService do + let!(:secret) { create :secret } + let!(:session) { Hash.new } + let!(:service) { CopySecretService.new(session) } + + describe '#prepare!' do + it 'sets the sessions key and uuid' do + service.prepare!(secret) + + expect(session[:copy_secret_key]).to eq secret.secret_key + expect(session[:copy_secret_uuid]).to eq secret.uuid + end + end + + describe '#perform!' do + context 'key and uuid are set' do + before do + session[:copy_secret_key] = 'secret_key' + session[:copy_secret_uuid] = 'secret_uuid' + end + + it 'returns key and uuid data' do + data = service.perform! + + expect(data[:key]).to eq 'secret_key' + expect(data[:uuid]).to eq 'secret_uuid' + end + + it 'deletes key and uuid from session' do + service.perform! + + expect(session[:copy_secret_key]).to be nil + expect(session[:copy_secret_uuid]).to be nil + end + end + + context 'key and uuid are not set' do + before do + session[:copy_secret_key] = nil + session[:copy_secret_uuid] = nil + end + + it 'returns false' do + result = service.perform! + expect(result).to be false + end + end + end +end diff --git a/spec/services/secret_service_spec.rb b/spec/services/secret_service_spec.rb index 7fd4f3c..484665d 100644 --- a/spec/services/secret_service_spec.rb +++ b/spec/services/secret_service_spec.rb @@ -38,7 +38,7 @@ SecretService.encrypt_new_secret( { secret: secret_info, to_email: to_email, from_email: from_email, - expire_at: Time.now + 7.days}) + expire_at: Time.current + 7.days}) } let!(:retrieved_secret) { Secret.find(secret.id) } let(:secret_key) { ActionMailer::Base.deliveries.last.to_s.match(/\?key=(\w+)/)[1] } diff --git a/spec/services/two_factor_service_spec.rb b/spec/services/two_factor_service_spec.rb new file mode 100644 index 0000000..ac9ef03 --- /dev/null +++ b/spec/services/two_factor_service_spec.rb @@ -0,0 +1,134 @@ +require 'rails_helper' + +describe TwoFactorService do + let(:user) { create :user } + let(:tfa) { TwoFactorService.new(user) } + + describe '#issue_otp_secret' do + it 'sets the users otp_secret' do + expect(tfa.user.otp_secret).to be_nil + + tfa.issue_otp_secret + expect(tfa.user.otp_secret).to_not be_nil + end + end + + describe '#generate_otp_provisioning_uri' do + it 'returns a qrcode source' do + source = 'otpauth://totp/Secret%20Link:user@secretlink.org?issuer=Secret+Link' + expect(tfa.generate_otp_provisioning_uri).to eq source + end + end + + describe '#enable_otp' do + let!(:otp_secret) { tfa.issue_otp_secret } + + context 'successful' do + it 'returns true' do + result = tfa.enable_otp(otp_secret, tfa.user.current_otp, 'password') + expect(result).to be true + end + + it 'sets otp_secret and otp_required_for_login' do + tfa.enable_otp(otp_secret, tfa.user.current_otp, 'password') + + user.reload + expect(user.otp_secret).to eq otp_secret + expect(user.otp_required_for_login).to be true + expect(user.changed?).to be false + end + end + + context 'wrong password' do + let!(:result) { tfa.enable_otp(otp_secret, tfa.user.current_otp, 'wrong password') } + + it 'returns false' do + expect(result).to be false + end + + it 'adds current password error' do + expect(tfa.user.errors.added?(:current_password, :invalid)).to be true + end + + it 'does not update the user' do + user.reload + expect(user.otp_secret).to be nil + expect(user.otp_required_for_login).to be false + expect(tfa.user.changed?).to be true + end + end + + context 'wrong otp secret' do + let!(:result) { tfa.enable_otp(otp_secret, 'wrong otp_secret', 'password') } + + it 'returns false' do + expect(result).to be false + end + + it 'adds otp_attempt error' do + expect(tfa.user.errors.added?(:otp_attempt, :invalid)).to be true + end + + it 'does not update the user' do + user.reload + expect(user.otp_secret).to be nil + expect(user.otp_required_for_login).to be false + expect(tfa.user.changed?).to be true + end + end + end + + describe '#enable_otp_without_password' do + let!(:otp_secret) { tfa.issue_otp_secret } + + context 'successful' do + it 'returns true' do + result = tfa.enable_otp_without_password(otp_secret, tfa.user.current_otp) + expect(result).to be true + end + + it 'sets otp_secret and otp_required_for_login' do + tfa.enable_otp_without_password(otp_secret, tfa.user.current_otp) + + user.reload + expect(user.otp_secret).to eq otp_secret + expect(user.otp_required_for_login).to be true + expect(user.changed?).to be false + end + end + end + + describe '#disable_otp' do + let!(:otp_secret) { tfa.issue_otp_secret } + + context 'successful' do + before do + tfa.enable_otp(otp_secret, tfa.user.current_otp, 'password') + end + + it 'returns true' do + expect(tfa.disable_otp("password")).to eq true + end + + it 'sets otp_required_for_login to false' do + tfa.disable_otp("password") + expect(user.reload.otp_required_for_login).to eq false + end + end + + context 'failed' do + before do + tfa.enable_otp(otp_secret, tfa.user.current_otp, 'password') + end + + it 'returns false' do + expect(tfa.disable_otp("wrong password")).to eq false + end + + it 'it does not set otp_required_for_login' do + tfa.disable_otp("wrong password") + expect(user.reload.otp_required_for_login).to eq true + end + end + end +end diff --git a/spec/services/user_setup_service_spec.rb b/spec/services/user_setup_service_spec.rb new file mode 100644 index 0000000..4b82731 --- /dev/null +++ b/spec/services/user_setup_service_spec.rb @@ -0,0 +1,111 @@ +require 'rails_helper' + +describe UserSetupService do + let!(:user) { create :user, :unconfirmed } + let!(:token) { issue_reset_password_token!(user) } + + before do + user.reload + end + + describe '#initialize' do + let!(:setup_service) { UserSetupService.new(token, TwoFactorService) } + + it 'sets the user' do + expect(setup_service.user).to eq user + end + + it 'initializes a TwoFactorService' do + expect(setup_service.tfa_service).to be_a TwoFactorService + end + end + + describe '#run' do + let!(:tfa_service) { TwoFactorService.new(user) } + let!(:secret) { tfa_service.issue_otp_secret } + let!(:otp_user) { tfa_service.user } + let!(:setup_service) { UserSetupService.new(token, TwoFactorService) } + + context 'successful without otp' do + let!(:password_params) { {password: 'password', password_confirmation: 'password', reset_password_token: token} } + let!(:tfa_params) { {otp_required_for_login: '0'} } + + it 'returns true' do + result = setup_service.run(password_params, tfa_params) + expect(result).to be true + end + + it 'updates the users password' do + expect(user.encrypted_password).to be_blank + + setup_service.run(password_params, tfa_params) + expect(user.reload.encrypted_password).to_not be_blank + end + end + + context 'successful with otp' do + let!(:password_params) { {password: 'password', password_confirmation: 'password', reset_password_token: token} } + let!(:tfa_params) { {otp_required_for_login: '1', otp_secret: secret, otp_attempt: otp_user.current_otp} } + + it 'returns true' do + result = setup_service.run(password_params, tfa_params) + expect(result).to be true + end + + it 'sets the users password' do + expect(user.encrypted_password).to be_blank + + setup_service.run(password_params, tfa_params) + expect(user.reload.encrypted_password).to_not be_blank + end + + it 'enables the users otp' do + expect(user.otp_required_for_login).to be false + + setup_service.run(password_params, tfa_params) + user.reload + + expect(user.otp_required_for_login).to be true + expect(user.otp_secret).to eq secret + end + end + + context 'token is invalid' do + let!(:setup_service) { UserSetupService.new('abc', TwoFactorService) } + + it 'returns false' do + result = setup_service.run({}, {}) + expect(result).to eq false + end + end + + context 'password has errors' do + let!(:password_params) { {password: '', password_confirmation: '', reset_password_token: token} } + let!(:tfa_params) { {otp_required_for_login: '1', otp_secret: secret, otp_attempt: otp_user.current_otp} } + + it 'returns false' do + result = setup_service.run(password_params, tfa_params) + expect(result).to eq false + end + + it 'will not update the users password' do + expect(user.encrypted_password).to be_blank + + result = setup_service.run(password_params, tfa_params) + expect(result).to eq false + + expect(user.reload.encrypted_password).to be_blank + end + + it 'doesn not enable the users otp' do + expect(user.otp_required_for_login).to be false + + setup_service.run(password_params, tfa_params) + user.reload + + expect(user.otp_required_for_login).to be false + expect(user.otp_secret).to be nil + end + end + end +end diff --git a/spec/support/authorisation_helpers.rb b/spec/support/authorisation_helpers.rb new file mode 100644 index 0000000..0d1f787 --- /dev/null +++ b/spec/support/authorisation_helpers.rb @@ -0,0 +1,12 @@ +module AuthorisationHelpers + def configure_authorisation(system_type, domain = "") + allow(Rails.configuration).to receive(:topsekrit_authorisation_setting).and_return(system_type) + allow(Rails.configuration).to receive(:topsekrit_authorised_domain).and_return(domain) + end + + def issue_reset_password_token!(user) + raw, enc = Devise.token_generator.generate(User, :reset_password_token) + user.update_attributes(reset_password_token: enc, reset_password_sent_at: Time.current.utc) + raw + end +end diff --git a/spec/support/capybara.rb b/spec/support/capybara.rb index fb506ab..a92c826 100644 --- a/spec/support/capybara.rb +++ b/spec/support/capybara.rb @@ -3,6 +3,7 @@ require 'capybara/poltergeist' Capybara.default_max_wait_time = 15 +Capybara.ignore_hidden_elements = true Capybara.register_driver :poltergeist do |app| Capybara::Poltergeist::Driver.new(app, debug: false) diff --git a/spec/support/devise.rb b/spec/support/devise.rb new file mode 100644 index 0000000..2abb184 --- /dev/null +++ b/spec/support/devise.rb @@ -0,0 +1,7 @@ +RSpec.configure do |config| + config.include Warden::Test::Helpers + + config.after :each do + Warden.test_reset! + end +end diff --git a/spec/support/factory_bot.rb b/spec/support/factory_bot.rb new file mode 100644 index 0000000..c7890e4 --- /dev/null +++ b/spec/support/factory_bot.rb @@ -0,0 +1,3 @@ +RSpec.configure do |config| + config.include FactoryBot::Syntax::Methods +end diff --git a/spec/support/sample_template.html.erb b/spec/support/sample_template.html.erb new file mode 100644 index 0000000..13fdffd --- /dev/null +++ b/spec/support/sample_template.html.erb @@ -0,0 +1,4 @@ +
    +

    This is a sample template

    +

    This depends on a user <%= @user.email %>

    +
    diff --git a/spec/support/share_db_connection.rb b/spec/support/share_db_connection.rb new file mode 100644 index 0000000..e2bac1d --- /dev/null +++ b/spec/support/share_db_connection.rb @@ -0,0 +1,17 @@ +# We're adding this because using login_as with Poltergeist(js enabled) doesn't work +# please see: +# https://github.com/plataformatec/devise/wiki/How-To:-Test-with-Capybara +# https://github.com/railscasts/391-testing-javascript-with-phantomjs/blob/master/checkout-after/spec/support/share_db_connection.rb +# Thanks Ryan Bates! +class ActiveRecord::Base + mattr_accessor :shared_connection + @@shared_connection = nil + + def self.connection + @@shared_connection || retrieve_connection + end +end + +# Forces all threads to share the same connection. This works on +# Capybara because it starts the web server in a thread. +ActiveRecord::Base.shared_connection = ActiveRecord::Base.connection diff --git a/vendor/cache/actionmailer-4.2.8.gem b/vendor/cache/actionmailer-4.2.8.gem new file mode 100644 index 0000000..a25b5a3 Binary files /dev/null and b/vendor/cache/actionmailer-4.2.8.gem differ diff --git a/vendor/cache/actionpack-4.2.8.gem b/vendor/cache/actionpack-4.2.8.gem new file mode 100644 index 0000000..1b99d2e Binary files /dev/null and b/vendor/cache/actionpack-4.2.8.gem differ diff --git a/vendor/cache/actionview-4.2.8.gem b/vendor/cache/actionview-4.2.8.gem new file mode 100644 index 0000000..c6e4eaf Binary files /dev/null and b/vendor/cache/actionview-4.2.8.gem differ diff --git a/vendor/cache/activejob-4.2.8.gem b/vendor/cache/activejob-4.2.8.gem new file mode 100644 index 0000000..04c0b32 Binary files /dev/null and b/vendor/cache/activejob-4.2.8.gem differ diff --git a/vendor/cache/activemodel-4.2.8.gem b/vendor/cache/activemodel-4.2.8.gem new file mode 100644 index 0000000..c9b07e2 Binary files /dev/null and b/vendor/cache/activemodel-4.2.8.gem differ diff --git a/vendor/cache/activerecord-4.2.8.gem b/vendor/cache/activerecord-4.2.8.gem new file mode 100644 index 0000000..439b60f Binary files /dev/null and b/vendor/cache/activerecord-4.2.8.gem differ diff --git a/vendor/cache/activesupport-4.2.8.gem b/vendor/cache/activesupport-4.2.8.gem new file mode 100644 index 0000000..14ce44c Binary files /dev/null and b/vendor/cache/activesupport-4.2.8.gem differ diff --git a/vendor/cache/addressable-2.5.1.gem b/vendor/cache/addressable-2.5.1.gem new file mode 100644 index 0000000..7fa3a07 Binary files /dev/null and b/vendor/cache/addressable-2.5.1.gem differ diff --git a/vendor/cache/arel-6.0.4.gem b/vendor/cache/arel-6.0.4.gem new file mode 100644 index 0000000..69b9d24 Binary files /dev/null and b/vendor/cache/arel-6.0.4.gem differ diff --git a/vendor/cache/ast-2.3.0.gem b/vendor/cache/ast-2.3.0.gem new file mode 100644 index 0000000..668d7a8 Binary files /dev/null and b/vendor/cache/ast-2.3.0.gem differ diff --git a/vendor/cache/attr_encrypted-3.0.3.gem b/vendor/cache/attr_encrypted-3.0.3.gem new file mode 100644 index 0000000..7f37bff Binary files /dev/null and b/vendor/cache/attr_encrypted-3.0.3.gem differ diff --git a/vendor/cache/autoprefixer-rails-6.7.7.1.gem b/vendor/cache/autoprefixer-rails-6.7.7.1.gem new file mode 100644 index 0000000..dcf2e39 Binary files /dev/null and b/vendor/cache/autoprefixer-rails-6.7.7.1.gem differ diff --git a/vendor/cache/bcrypt-3.1.11.gem b/vendor/cache/bcrypt-3.1.11.gem new file mode 100644 index 0000000..53fa448 Binary files /dev/null and b/vendor/cache/bcrypt-3.1.11.gem differ diff --git a/vendor/cache/better_errors-2.1.1.gem b/vendor/cache/better_errors-2.1.1.gem new file mode 100644 index 0000000..0590d96 Binary files /dev/null and b/vendor/cache/better_errors-2.1.1.gem differ diff --git a/vendor/cache/binding_of_caller-0.7.2.gem b/vendor/cache/binding_of_caller-0.7.2.gem new file mode 100644 index 0000000..a8332f1 Binary files /dev/null and b/vendor/cache/binding_of_caller-0.7.2.gem differ diff --git a/vendor/cache/bootstrap-sass-3.3.7.gem b/vendor/cache/bootstrap-sass-3.3.7.gem new file mode 100644 index 0000000..d17a313 Binary files /dev/null and b/vendor/cache/bootstrap-sass-3.3.7.gem differ diff --git a/vendor/cache/bugsnag-5.3.0.gem b/vendor/cache/bugsnag-5.3.0.gem new file mode 100644 index 0000000..dcbf369 Binary files /dev/null and b/vendor/cache/bugsnag-5.3.0.gem differ diff --git a/vendor/cache/builder-3.2.3.gem b/vendor/cache/builder-3.2.3.gem new file mode 100644 index 0000000..3500c80 Binary files /dev/null and b/vendor/cache/builder-3.2.3.gem differ diff --git a/vendor/cache/byebug-9.0.6.gem b/vendor/cache/byebug-9.0.6.gem new file mode 100644 index 0000000..d97290e Binary files /dev/null and b/vendor/cache/byebug-9.0.6.gem differ diff --git a/vendor/cache/capybara-2.13.0.gem b/vendor/cache/capybara-2.13.0.gem new file mode 100644 index 0000000..a58f88d Binary files /dev/null and b/vendor/cache/capybara-2.13.0.gem differ diff --git a/vendor/cache/carrierwave-1.0.0.gem b/vendor/cache/carrierwave-1.0.0.gem new file mode 100644 index 0000000..da2a1aa Binary files /dev/null and b/vendor/cache/carrierwave-1.0.0.gem differ diff --git a/vendor/cache/chunky_png-1.3.11.gem b/vendor/cache/chunky_png-1.3.11.gem new file mode 100644 index 0000000..cd1c46c Binary files /dev/null and b/vendor/cache/chunky_png-1.3.11.gem differ diff --git a/vendor/cache/cliver-0.3.2.gem b/vendor/cache/cliver-0.3.2.gem new file mode 100644 index 0000000..3635c7e Binary files /dev/null and b/vendor/cache/cliver-0.3.2.gem differ diff --git a/vendor/cache/coderay-1.1.1.gem b/vendor/cache/coderay-1.1.1.gem new file mode 100644 index 0000000..269f549 Binary files /dev/null and b/vendor/cache/coderay-1.1.1.gem differ diff --git a/vendor/cache/concurrent-ruby-1.0.5.gem b/vendor/cache/concurrent-ruby-1.0.5.gem new file mode 100644 index 0000000..4119d3a Binary files /dev/null and b/vendor/cache/concurrent-ruby-1.0.5.gem differ diff --git a/vendor/cache/connection_pool-2.2.2.gem b/vendor/cache/connection_pool-2.2.2.gem new file mode 100644 index 0000000..00928ca Binary files /dev/null and b/vendor/cache/connection_pool-2.2.2.gem differ diff --git a/vendor/cache/database_cleaner-1.5.3.gem b/vendor/cache/database_cleaner-1.5.3.gem new file mode 100644 index 0000000..8bc7a32 Binary files /dev/null and b/vendor/cache/database_cleaner-1.5.3.gem differ diff --git a/vendor/cache/debug_inspector-0.0.2.gem b/vendor/cache/debug_inspector-0.0.2.gem new file mode 100644 index 0000000..e1fcdeb Binary files /dev/null and b/vendor/cache/debug_inspector-0.0.2.gem differ diff --git a/vendor/cache/devise-4.4.0.gem b/vendor/cache/devise-4.4.0.gem new file mode 100644 index 0000000..389bab7 Binary files /dev/null and b/vendor/cache/devise-4.4.0.gem differ diff --git a/vendor/cache/devise-two-factor-3.0.3.gem b/vendor/cache/devise-two-factor-3.0.3.gem new file mode 100644 index 0000000..0bb89b2 Binary files /dev/null and b/vendor/cache/devise-two-factor-3.0.3.gem differ diff --git a/vendor/cache/diff-lcs-1.3.gem b/vendor/cache/diff-lcs-1.3.gem new file mode 100644 index 0000000..ae5a5f9 Binary files /dev/null and b/vendor/cache/diff-lcs-1.3.gem differ diff --git a/vendor/cache/dotenv-2.2.0.gem b/vendor/cache/dotenv-2.2.0.gem new file mode 100644 index 0000000..609631c Binary files /dev/null and b/vendor/cache/dotenv-2.2.0.gem differ diff --git a/vendor/cache/dotenv-rails-2.2.0.gem b/vendor/cache/dotenv-rails-2.2.0.gem new file mode 100644 index 0000000..585f210 Binary files /dev/null and b/vendor/cache/dotenv-rails-2.2.0.gem differ diff --git a/vendor/cache/email_validator-1.6.0.gem b/vendor/cache/email_validator-1.6.0.gem new file mode 100644 index 0000000..3c13702 Binary files /dev/null and b/vendor/cache/email_validator-1.6.0.gem differ diff --git a/vendor/cache/encryptor-3.0.0.gem b/vendor/cache/encryptor-3.0.0.gem new file mode 100644 index 0000000..e026ddf Binary files /dev/null and b/vendor/cache/encryptor-3.0.0.gem differ diff --git a/vendor/cache/erubis-2.7.0.gem b/vendor/cache/erubis-2.7.0.gem new file mode 100644 index 0000000..4acd2e7 Binary files /dev/null and b/vendor/cache/erubis-2.7.0.gem differ diff --git a/vendor/cache/execjs-2.7.0.gem b/vendor/cache/execjs-2.7.0.gem new file mode 100644 index 0000000..1247cce Binary files /dev/null and b/vendor/cache/execjs-2.7.0.gem differ diff --git a/vendor/cache/factory_bot-5.0.2.gem b/vendor/cache/factory_bot-5.0.2.gem new file mode 100644 index 0000000..f5155de Binary files /dev/null and b/vendor/cache/factory_bot-5.0.2.gem differ diff --git a/vendor/cache/factory_bot_rails-5.0.2.gem b/vendor/cache/factory_bot_rails-5.0.2.gem new file mode 100644 index 0000000..12fa460 Binary files /dev/null and b/vendor/cache/factory_bot_rails-5.0.2.gem differ diff --git a/vendor/cache/faker-1.7.3.gem b/vendor/cache/faker-1.7.3.gem new file mode 100644 index 0000000..6b55e1a Binary files /dev/null and b/vendor/cache/faker-1.7.3.gem differ diff --git a/vendor/cache/faraday-0.15.4.gem b/vendor/cache/faraday-0.15.4.gem new file mode 100644 index 0000000..6d0e210 Binary files /dev/null and b/vendor/cache/faraday-0.15.4.gem differ diff --git a/vendor/cache/globalid-0.3.7.gem b/vendor/cache/globalid-0.3.7.gem new file mode 100644 index 0000000..d07f478 Binary files /dev/null and b/vendor/cache/globalid-0.3.7.gem differ diff --git a/vendor/cache/hashie-3.5.5.gem b/vendor/cache/hashie-3.5.5.gem new file mode 100644 index 0000000..0acf9b7 Binary files /dev/null and b/vendor/cache/hashie-3.5.5.gem differ diff --git a/vendor/cache/i18n-0.8.1.gem b/vendor/cache/i18n-0.8.1.gem new file mode 100644 index 0000000..2c832de Binary files /dev/null and b/vendor/cache/i18n-0.8.1.gem differ diff --git a/vendor/cache/jbuilder-2.6.3.gem b/vendor/cache/jbuilder-2.6.3.gem new file mode 100644 index 0000000..0b29444 Binary files /dev/null and b/vendor/cache/jbuilder-2.6.3.gem differ diff --git a/vendor/cache/jquery-rails-4.3.1.gem b/vendor/cache/jquery-rails-4.3.1.gem new file mode 100644 index 0000000..9ebca8a Binary files /dev/null and b/vendor/cache/jquery-rails-4.3.1.gem differ diff --git a/vendor/cache/json-1.8.6.gem b/vendor/cache/json-1.8.6.gem new file mode 100644 index 0000000..2a7d664 Binary files /dev/null and b/vendor/cache/json-1.8.6.gem differ diff --git a/vendor/cache/jwt-1.5.6.gem b/vendor/cache/jwt-1.5.6.gem new file mode 100644 index 0000000..70970d7 Binary files /dev/null and b/vendor/cache/jwt-1.5.6.gem differ diff --git a/vendor/cache/kgio-2.11.0.gem b/vendor/cache/kgio-2.11.0.gem new file mode 100644 index 0000000..c5c7c99 Binary files /dev/null and b/vendor/cache/kgio-2.11.0.gem differ diff --git a/vendor/cache/launchy-2.4.3.gem b/vendor/cache/launchy-2.4.3.gem new file mode 100644 index 0000000..e7b99df Binary files /dev/null and b/vendor/cache/launchy-2.4.3.gem differ diff --git a/vendor/cache/local_time-2.1.0.gem b/vendor/cache/local_time-2.1.0.gem new file mode 100644 index 0000000..9dd2c47 Binary files /dev/null and b/vendor/cache/local_time-2.1.0.gem differ diff --git a/vendor/cache/logstash-event-1.2.02.gem b/vendor/cache/logstash-event-1.2.02.gem new file mode 100644 index 0000000..0eaea6c Binary files /dev/null and b/vendor/cache/logstash-event-1.2.02.gem differ diff --git a/vendor/cache/logstasher-0.6.5.gem b/vendor/cache/logstasher-0.6.5.gem new file mode 100644 index 0000000..d467768 Binary files /dev/null and b/vendor/cache/logstasher-0.6.5.gem differ diff --git a/vendor/cache/loofah-2.0.3.gem b/vendor/cache/loofah-2.0.3.gem new file mode 100644 index 0000000..1aa5e84 Binary files /dev/null and b/vendor/cache/loofah-2.0.3.gem differ diff --git a/vendor/cache/mail-2.6.4.gem b/vendor/cache/mail-2.6.4.gem new file mode 100644 index 0000000..4fa553a Binary files /dev/null and b/vendor/cache/mail-2.6.4.gem differ diff --git a/vendor/cache/method_source-0.9.2.gem b/vendor/cache/method_source-0.9.2.gem new file mode 100644 index 0000000..c12e342 Binary files /dev/null and b/vendor/cache/method_source-0.9.2.gem differ diff --git a/vendor/cache/mime-types-3.1.gem b/vendor/cache/mime-types-3.1.gem new file mode 100644 index 0000000..142b7d6 Binary files /dev/null and b/vendor/cache/mime-types-3.1.gem differ diff --git a/vendor/cache/mime-types-data-3.2016.0521.gem b/vendor/cache/mime-types-data-3.2016.0521.gem new file mode 100644 index 0000000..7b90077 Binary files /dev/null and b/vendor/cache/mime-types-data-3.2016.0521.gem differ diff --git a/vendor/cache/mini_magick-4.9.3.gem b/vendor/cache/mini_magick-4.9.3.gem new file mode 100644 index 0000000..375f697 Binary files /dev/null and b/vendor/cache/mini_magick-4.9.3.gem differ diff --git a/vendor/cache/mini_portile2-2.1.0.gem b/vendor/cache/mini_portile2-2.1.0.gem new file mode 100644 index 0000000..bb3fbc7 Binary files /dev/null and b/vendor/cache/mini_portile2-2.1.0.gem differ diff --git a/vendor/cache/minitest-5.10.1.gem b/vendor/cache/minitest-5.10.1.gem new file mode 100644 index 0000000..2cb0773 Binary files /dev/null and b/vendor/cache/minitest-5.10.1.gem differ diff --git a/vendor/cache/multi_json-1.13.1.gem b/vendor/cache/multi_json-1.13.1.gem new file mode 100644 index 0000000..82e9f91 Binary files /dev/null and b/vendor/cache/multi_json-1.13.1.gem differ diff --git a/vendor/cache/multi_xml-0.6.0.gem b/vendor/cache/multi_xml-0.6.0.gem new file mode 100644 index 0000000..77c5d00 Binary files /dev/null and b/vendor/cache/multi_xml-0.6.0.gem differ diff --git a/vendor/cache/multipart-post-2.1.1.gem b/vendor/cache/multipart-post-2.1.1.gem new file mode 100644 index 0000000..027956d Binary files /dev/null and b/vendor/cache/multipart-post-2.1.1.gem differ diff --git a/vendor/cache/net-http-persistent-3.0.1.gem b/vendor/cache/net-http-persistent-3.0.1.gem new file mode 100644 index 0000000..8eddcad Binary files /dev/null and b/vendor/cache/net-http-persistent-3.0.1.gem differ diff --git a/vendor/cache/nokogiri-1.7.1.gem b/vendor/cache/nokogiri-1.7.1.gem new file mode 100644 index 0000000..b54ed58 Binary files /dev/null and b/vendor/cache/nokogiri-1.7.1.gem differ diff --git a/vendor/cache/oauth2-1.4.1.gem b/vendor/cache/oauth2-1.4.1.gem new file mode 100644 index 0000000..f670dec Binary files /dev/null and b/vendor/cache/oauth2-1.4.1.gem differ diff --git a/vendor/cache/okcomputer-1.14.2.gem b/vendor/cache/okcomputer-1.14.2.gem new file mode 100644 index 0000000..74cdfda Binary files /dev/null and b/vendor/cache/okcomputer-1.14.2.gem differ diff --git a/vendor/cache/omniauth-1.6.1.gem b/vendor/cache/omniauth-1.6.1.gem new file mode 100644 index 0000000..9dcf675 Binary files /dev/null and b/vendor/cache/omniauth-1.6.1.gem differ diff --git a/vendor/cache/omniauth-google-oauth2-0.4.1.gem b/vendor/cache/omniauth-google-oauth2-0.4.1.gem new file mode 100644 index 0000000..681fd16 Binary files /dev/null and b/vendor/cache/omniauth-google-oauth2-0.4.1.gem differ diff --git a/vendor/cache/omniauth-oauth2-1.4.0.gem b/vendor/cache/omniauth-oauth2-1.4.0.gem new file mode 100644 index 0000000..1fc2048 Binary files /dev/null and b/vendor/cache/omniauth-oauth2-1.4.0.gem differ diff --git a/vendor/cache/orm_adapter-0.5.0.gem b/vendor/cache/orm_adapter-0.5.0.gem new file mode 100644 index 0000000..fbc5b17 Binary files /dev/null and b/vendor/cache/orm_adapter-0.5.0.gem differ diff --git a/vendor/cache/parser-2.4.0.0.gem b/vendor/cache/parser-2.4.0.0.gem new file mode 100644 index 0000000..12f42c9 Binary files /dev/null and b/vendor/cache/parser-2.4.0.0.gem differ diff --git a/vendor/cache/pg-0.20.0.gem b/vendor/cache/pg-0.20.0.gem new file mode 100644 index 0000000..ce96510 Binary files /dev/null and b/vendor/cache/pg-0.20.0.gem differ diff --git a/vendor/cache/pickadate-rails-3.5.6.0.gem b/vendor/cache/pickadate-rails-3.5.6.0.gem new file mode 100644 index 0000000..07a22e8 Binary files /dev/null and b/vendor/cache/pickadate-rails-3.5.6.0.gem differ diff --git a/vendor/cache/poltergeist-1.14.0.gem b/vendor/cache/poltergeist-1.14.0.gem new file mode 100644 index 0000000..bb03306 Binary files /dev/null and b/vendor/cache/poltergeist-1.14.0.gem differ diff --git a/vendor/cache/powerpack-0.1.1.gem b/vendor/cache/powerpack-0.1.1.gem new file mode 100644 index 0000000..f7561fc Binary files /dev/null and b/vendor/cache/powerpack-0.1.1.gem differ diff --git a/vendor/cache/pry-0.12.2.gem b/vendor/cache/pry-0.12.2.gem new file mode 100644 index 0000000..e7c4ee1 Binary files /dev/null and b/vendor/cache/pry-0.12.2.gem differ diff --git a/vendor/cache/public_suffix-2.0.5.gem b/vendor/cache/public_suffix-2.0.5.gem new file mode 100644 index 0000000..7511d95 Binary files /dev/null and b/vendor/cache/public_suffix-2.0.5.gem differ diff --git a/vendor/cache/quiet_assets-1.1.0.gem b/vendor/cache/quiet_assets-1.1.0.gem new file mode 100644 index 0000000..e0ae38f Binary files /dev/null and b/vendor/cache/quiet_assets-1.1.0.gem differ diff --git a/vendor/cache/rack-1.6.11.gem b/vendor/cache/rack-1.6.11.gem new file mode 100644 index 0000000..a4c810e Binary files /dev/null and b/vendor/cache/rack-1.6.11.gem differ diff --git a/vendor/cache/rack-test-0.6.3.gem b/vendor/cache/rack-test-0.6.3.gem new file mode 100644 index 0000000..914afe9 Binary files /dev/null and b/vendor/cache/rack-test-0.6.3.gem differ diff --git a/vendor/cache/rails-4.2.8.gem b/vendor/cache/rails-4.2.8.gem new file mode 100644 index 0000000..7375122 Binary files /dev/null and b/vendor/cache/rails-4.2.8.gem differ diff --git a/vendor/cache/rails-deprecated_sanitizer-1.0.3.gem b/vendor/cache/rails-deprecated_sanitizer-1.0.3.gem new file mode 100644 index 0000000..56bbe9e Binary files /dev/null and b/vendor/cache/rails-deprecated_sanitizer-1.0.3.gem differ diff --git a/vendor/cache/rails-dom-testing-1.0.8.gem b/vendor/cache/rails-dom-testing-1.0.8.gem new file mode 100644 index 0000000..324b388 Binary files /dev/null and b/vendor/cache/rails-dom-testing-1.0.8.gem differ diff --git a/vendor/cache/rails-html-sanitizer-1.0.3.gem b/vendor/cache/rails-html-sanitizer-1.0.3.gem new file mode 100644 index 0000000..a419361 Binary files /dev/null and b/vendor/cache/rails-html-sanitizer-1.0.3.gem differ diff --git a/vendor/cache/rails_12factor-0.0.3.gem b/vendor/cache/rails_12factor-0.0.3.gem new file mode 100644 index 0000000..26b17bf Binary files /dev/null and b/vendor/cache/rails_12factor-0.0.3.gem differ diff --git a/vendor/cache/rails_serve_static_assets-0.0.5.gem b/vendor/cache/rails_serve_static_assets-0.0.5.gem new file mode 100644 index 0000000..dfe349c Binary files /dev/null and b/vendor/cache/rails_serve_static_assets-0.0.5.gem differ diff --git a/vendor/cache/rails_stdout_logging-0.0.5.gem b/vendor/cache/rails_stdout_logging-0.0.5.gem new file mode 100644 index 0000000..f09bc21 Binary files /dev/null and b/vendor/cache/rails_stdout_logging-0.0.5.gem differ diff --git a/vendor/cache/railties-4.2.8.gem b/vendor/cache/railties-4.2.8.gem new file mode 100644 index 0000000..78d3bd1 Binary files /dev/null and b/vendor/cache/railties-4.2.8.gem differ diff --git a/vendor/cache/rainbow-2.2.1.gem b/vendor/cache/rainbow-2.2.1.gem new file mode 100644 index 0000000..9520ffb Binary files /dev/null and b/vendor/cache/rainbow-2.2.1.gem differ diff --git a/vendor/cache/raindrops-0.18.0.gem b/vendor/cache/raindrops-0.18.0.gem new file mode 100644 index 0000000..6e6fa04 Binary files /dev/null and b/vendor/cache/raindrops-0.18.0.gem differ diff --git a/vendor/cache/rake-12.0.0.gem b/vendor/cache/rake-12.0.0.gem new file mode 100644 index 0000000..b8dd163 Binary files /dev/null and b/vendor/cache/rake-12.0.0.gem differ diff --git a/vendor/cache/rdoc-4.3.0.gem b/vendor/cache/rdoc-4.3.0.gem new file mode 100644 index 0000000..0c1239f Binary files /dev/null and b/vendor/cache/rdoc-4.3.0.gem differ diff --git a/vendor/cache/recaptcha-4.10.0.gem b/vendor/cache/recaptcha-4.10.0.gem new file mode 100644 index 0000000..37559d5 Binary files /dev/null and b/vendor/cache/recaptcha-4.10.0.gem differ diff --git a/vendor/cache/request_store-1.3.2.gem b/vendor/cache/request_store-1.3.2.gem new file mode 100644 index 0000000..67a96d2 Binary files /dev/null and b/vendor/cache/request_store-1.3.2.gem differ diff --git a/vendor/cache/responders-2.4.0.gem b/vendor/cache/responders-2.4.0.gem new file mode 100644 index 0000000..715a95d Binary files /dev/null and b/vendor/cache/responders-2.4.0.gem differ diff --git a/vendor/cache/rotp-2.1.2.gem b/vendor/cache/rotp-2.1.2.gem new file mode 100644 index 0000000..71c1a2a Binary files /dev/null and b/vendor/cache/rotp-2.1.2.gem differ diff --git a/vendor/cache/rqrcode-0.10.1.gem b/vendor/cache/rqrcode-0.10.1.gem new file mode 100644 index 0000000..f63bf36 Binary files /dev/null and b/vendor/cache/rqrcode-0.10.1.gem differ diff --git a/vendor/cache/rqrcode-rails3-0.1.7.gem b/vendor/cache/rqrcode-rails3-0.1.7.gem new file mode 100644 index 0000000..884495e Binary files /dev/null and b/vendor/cache/rqrcode-rails3-0.1.7.gem differ diff --git a/vendor/cache/rspec-core-3.5.4.gem b/vendor/cache/rspec-core-3.5.4.gem new file mode 100644 index 0000000..8350edc Binary files /dev/null and b/vendor/cache/rspec-core-3.5.4.gem differ diff --git a/vendor/cache/rspec-expectations-3.5.0.gem b/vendor/cache/rspec-expectations-3.5.0.gem new file mode 100644 index 0000000..03eadfb Binary files /dev/null and b/vendor/cache/rspec-expectations-3.5.0.gem differ diff --git a/vendor/cache/rspec-mocks-3.5.0.gem b/vendor/cache/rspec-mocks-3.5.0.gem new file mode 100644 index 0000000..17d4817 Binary files /dev/null and b/vendor/cache/rspec-mocks-3.5.0.gem differ diff --git a/vendor/cache/rspec-rails-3.5.2.gem b/vendor/cache/rspec-rails-3.5.2.gem new file mode 100644 index 0000000..bff0082 Binary files /dev/null and b/vendor/cache/rspec-rails-3.5.2.gem differ diff --git a/vendor/cache/rspec-support-3.5.0.gem b/vendor/cache/rspec-support-3.5.0.gem new file mode 100644 index 0000000..feba67f Binary files /dev/null and b/vendor/cache/rspec-support-3.5.0.gem differ diff --git a/vendor/cache/rubocop-0.48.1.gem b/vendor/cache/rubocop-0.48.1.gem new file mode 100644 index 0000000..4c65eeb Binary files /dev/null and b/vendor/cache/rubocop-0.48.1.gem differ diff --git a/vendor/cache/ruby-progressbar-1.8.1.gem b/vendor/cache/ruby-progressbar-1.8.1.gem new file mode 100644 index 0000000..6f8065a Binary files /dev/null and b/vendor/cache/ruby-progressbar-1.8.1.gem differ diff --git a/vendor/cache/sass-3.4.23.gem b/vendor/cache/sass-3.4.23.gem new file mode 100644 index 0000000..051ddfe Binary files /dev/null and b/vendor/cache/sass-3.4.23.gem differ diff --git a/vendor/cache/sass-rails-5.0.6.gem b/vendor/cache/sass-rails-5.0.6.gem new file mode 100644 index 0000000..7968639 Binary files /dev/null and b/vendor/cache/sass-rails-5.0.6.gem differ diff --git a/vendor/cache/sdoc-0.4.2.gem b/vendor/cache/sdoc-0.4.2.gem new file mode 100644 index 0000000..9454925 Binary files /dev/null and b/vendor/cache/sdoc-0.4.2.gem differ diff --git a/vendor/cache/show_me_the_cookies-3.1.0.gem b/vendor/cache/show_me_the_cookies-3.1.0.gem new file mode 100644 index 0000000..cb4729b Binary files /dev/null and b/vendor/cache/show_me_the_cookies-3.1.0.gem differ diff --git a/vendor/cache/simple_form-3.4.0.gem b/vendor/cache/simple_form-3.4.0.gem new file mode 100644 index 0000000..8904b4a Binary files /dev/null and b/vendor/cache/simple_form-3.4.0.gem differ diff --git a/vendor/cache/skylight-1.1.0.gem b/vendor/cache/skylight-1.1.0.gem new file mode 100644 index 0000000..b9eb59b Binary files /dev/null and b/vendor/cache/skylight-1.1.0.gem differ diff --git a/vendor/cache/sprockets-3.7.1.gem b/vendor/cache/sprockets-3.7.1.gem new file mode 100644 index 0000000..8dcd850 Binary files /dev/null and b/vendor/cache/sprockets-3.7.1.gem differ diff --git a/vendor/cache/sprockets-rails-3.2.0.gem b/vendor/cache/sprockets-rails-3.2.0.gem new file mode 100644 index 0000000..8957cde Binary files /dev/null and b/vendor/cache/sprockets-rails-3.2.0.gem differ diff --git a/vendor/cache/stripe-4.21.2.gem b/vendor/cache/stripe-4.21.2.gem new file mode 100644 index 0000000..b879c95 Binary files /dev/null and b/vendor/cache/stripe-4.21.2.gem differ diff --git a/vendor/cache/thor-0.19.4.gem b/vendor/cache/thor-0.19.4.gem new file mode 100644 index 0000000..6f42cc2 Binary files /dev/null and b/vendor/cache/thor-0.19.4.gem differ diff --git a/vendor/cache/thread_safe-0.3.6.gem b/vendor/cache/thread_safe-0.3.6.gem new file mode 100644 index 0000000..7ee950f Binary files /dev/null and b/vendor/cache/thread_safe-0.3.6.gem differ diff --git a/vendor/cache/tilt-2.0.7.gem b/vendor/cache/tilt-2.0.7.gem new file mode 100644 index 0000000..11d57a7 Binary files /dev/null and b/vendor/cache/tilt-2.0.7.gem differ diff --git a/vendor/cache/timecop-0.9.1.gem b/vendor/cache/timecop-0.9.1.gem new file mode 100644 index 0000000..7c3eb5e Binary files /dev/null and b/vendor/cache/timecop-0.9.1.gem differ diff --git a/vendor/cache/trix-0.11.1.gem b/vendor/cache/trix-0.11.1.gem new file mode 100644 index 0000000..f83d0e7 Binary files /dev/null and b/vendor/cache/trix-0.11.1.gem differ diff --git a/vendor/cache/tzinfo-1.2.3.gem b/vendor/cache/tzinfo-1.2.3.gem new file mode 100644 index 0000000..8992649 Binary files /dev/null and b/vendor/cache/tzinfo-1.2.3.gem differ diff --git a/vendor/cache/uglifier-3.2.0.gem b/vendor/cache/uglifier-3.2.0.gem new file mode 100644 index 0000000..42f463a Binary files /dev/null and b/vendor/cache/uglifier-3.2.0.gem differ diff --git a/vendor/cache/unicode-display_width-1.2.0.gem b/vendor/cache/unicode-display_width-1.2.0.gem new file mode 100644 index 0000000..b840c9d Binary files /dev/null and b/vendor/cache/unicode-display_width-1.2.0.gem differ diff --git a/vendor/cache/unicorn-5.3.0.gem b/vendor/cache/unicorn-5.3.0.gem new file mode 100644 index 0000000..e65c3b2 Binary files /dev/null and b/vendor/cache/unicorn-5.3.0.gem differ diff --git a/vendor/cache/unicorn-rails-2.2.1.gem b/vendor/cache/unicorn-rails-2.2.1.gem new file mode 100644 index 0000000..6caaaeb Binary files /dev/null and b/vendor/cache/unicorn-rails-2.2.1.gem differ diff --git a/vendor/cache/warden-1.2.7.gem b/vendor/cache/warden-1.2.7.gem new file mode 100644 index 0000000..49fb808 Binary files /dev/null and b/vendor/cache/warden-1.2.7.gem differ diff --git a/vendor/cache/web-console-2.3.0.gem b/vendor/cache/web-console-2.3.0.gem new file mode 100644 index 0000000..d0d61cc Binary files /dev/null and b/vendor/cache/web-console-2.3.0.gem differ diff --git a/vendor/cache/websocket-driver-0.6.5.gem b/vendor/cache/websocket-driver-0.6.5.gem new file mode 100644 index 0000000..e3a0776 Binary files /dev/null and b/vendor/cache/websocket-driver-0.6.5.gem differ diff --git a/vendor/cache/websocket-extensions-0.1.2.gem b/vendor/cache/websocket-extensions-0.1.2.gem new file mode 100644 index 0000000..59ad4be Binary files /dev/null and b/vendor/cache/websocket-extensions-0.1.2.gem differ diff --git a/vendor/cache/xpath-2.0.0.gem b/vendor/cache/xpath-2.0.0.gem new file mode 100644 index 0000000..fedf0e2 Binary files /dev/null and b/vendor/cache/xpath-2.0.0.gem differ