Andreas/tracks
1
0
Fork 0
mirror of https://github.com/TracksApp/tracks.git synced 2026-01-31 05:05:18 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Moved the loginhash/salt from the user.preferences to a constant set in config/environment.rb. This keeps it out of the database which is probably a little more secure, and allows upgrading users to set the loginhash to the value that they used before.

Browse source 
Updated README_FOR_APP to let people know that they should edit this value before they start using Tracks.

Fixes #204.



git-svn-id: http://www.rousette.org.uk/svn/tracks-repos/trunk@187 a4c988fc-2ded-0310-b66e-134b36920a42
This commit is contained in:
bsag 2006-02-18 17:52:43 +00:00
parent 4800172bb4
commit 2535ad29c7
9 changed files with 22 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

2
tracks/app/controllers/login_controller.rb
View file

@ -55,7 +55,7 @@ class LoginController < ApplicationController
if user.save
@session['user'] = User.authenticate(user.login, @params['user']['password'])
@user = @session['user']
@user.preferences = { "date_format" => "%d/%m/%Y", "week_starts" => "1", "no_completed" => "5", "staleness_starts" => "7", "due_style" => "1", "admin_email" => "butshesagirl@rousette.org.uk", "loginhash" => "change-me"}
@user.preferences = { "date_format" => "%d/%m/%Y", "week_starts" => "1", "no_completed" => "5", "staleness_starts" => "7", "due_style" => "1", "admin_email" => "butshesagirl@rousette.org.uk"}
@user.save
flash['notice'] = "Signup successful"
redirect_back_or_default :controller => "todo", :action => "list"

3
tracks/app/controllers/user_controller.rb
View file

@ -27,8 +27,7 @@ class UserController < ApplicationController
"no_completed" => "#{@params['prefs']['no_completed']}",
"staleness_starts" => "#{@params['prefs']['staleness_starts']}",
"due_style" => "#{@params['prefs']['due_style']}",
"admin_email" => "#{@params['prefs']['admin_email']}",
"loginhash" => "#{@params['prefs']['loginhash']}"
"admin_email" => "#{@params['prefs']['admin_email']}"
}
if @user.save
redirect_to :action => 'preferences'

6
tracks/app/models/user.rb
View file

@ -22,10 +22,8 @@ class User < ActiveRecord::Base
protected
def self.sha1(pass)
# TODO find somewhere else to set the loginhash salt
# This is hard-coded for now, but the user needs to be
# able to set their own somewhere
Digest::SHA1.hexdigest("change-me--#{pass}--")
# SALT is set in RAILS_ROOT/config/environment.rb
Digest::SHA1.hexdigest("#{SALT}--#{pass}--")
end
before_create :crypt_password

1
tracks/app/views/user/preference_edit_form.rhtml
View file

@ -3,7 +3,6 @@
<p>The preference settings should mostly be self-explanatory, but some hints are included below: </p>
<ul>
<li><strong>staleness_starts:</strong> the number of days before items with no due date get marked as stale (with a yellow highlight)</li>
<li><strong>loginhash:</strong> text included in your encrypted password to make it more secure.</li>
<li><strong>date_format:</strong> the format in which you'd like dates to be shown. For example, for the date 31st January 2006, %d/%m/%Y will show 31/01/2006, %b-%e-%y will show Jan-31-06. See the <a href="http://uk2.php.net/strftime" title="PHP strftime manual">strftime manual</a> for more formatting options for the date.</li>
<li><strong>no_completed:</strong> number of completed actions to show on the home page</li>
<li><strong>admin_email:</strong> email address for the admin user of Tracks (displayed on the signup page for users to contact to obtain an account)</li>

1
tracks/app/views/user/preferences.rhtml
View file

@ -9,7 +9,6 @@
<li>Staleness starts after <span class="highlight"><%= @prefs["staleness_starts"] %></span> days</li>
<li>Due style: <span class="highlight"><%= @prefs["due_style"] %></span></li>
<li>Admin email: <span class="highlight"><%= @prefs["admin_email"] %></span></li>
<li>Loginhash: <span class="highlight"><%= @prefs["loginhash"] %></span></li>
</ul>
<%= link_to "Edit preferences", :controller => 'user', :action => 'edit_preferences' %>
</div>

5
tracks/config/environment.rb
View file

@ -48,4 +48,7 @@ end
# inflect.uncountable %w( fish sheep )
# end
# Include your application configuration below
# Include your application configuration below
# This is the 'salt' to add to the password before it is encrypted
# You need to change this to something unique for yourself
SALT = "change-me"

3
tracks/config/environments/development.rb
View file

@ -17,5 +17,4 @@ config.action_controller.perform_caching = false
config.action_mailer.raise_delivery_errors = false
# Unique cookies
ActionController::CgiRequest::DEFAULT_SESSION_OPTIONS[:session_key] = "TrackDev"
# ActionController::CgiRequest::DEFAULT_SESSION_OPTIONS[:tmpdir] = "#{RAILS_ROOT}/tmp"
ActionController::CgiRequest::DEFAULT_SESSION_OPTIONS[:session_key] = "TrackDev"

2
tracks/db/migrate/006_add_preferences_to_user_table.rb
View file

@ -3,7 +3,7 @@ class AddPreferencesToUserTable < ActiveRecord::Migration
add_column "users", "preferences", :text
@users = User.find(:all)
@users.each do |u|
u.preferences = { "date_format" => "%d/%m/%Y", "week_starts" => "1", "no_completed" => "5", "staleness_starts" => "7", "due_style" => "1", "admin_email" => "butshesagirl@rousette.org.uk", "loginhash" => "change-me"}
u.preferences = { "date_format" => "%d/%m/%Y", "week_starts" => "1", "no_completed" => "5", "staleness_starts" => "7", "due_style" => "1", "admin_email" => "butshesagirl@rousette.org.uk"}
u.save
end
end

12
tracks/doc/README_FOR_APP
View file

@ -40,7 +40,11 @@ In the following, I'm assuming that you're using MySQL and the built-in WEBrick
<tt>cd /PATHTO/TRACKS</tt>
<tt>rake setup_tracks</tt>
* Open the file <tt>config/environment.rb</tt> and look at the last line which should read:
<tt>SALT = "change-me"</tt>
Change the word change-me to something else of your choosing. This string will be used as a 'salt' to encrypt your password and make it a bit more secure.
* Run 'rake migrate', which will create the necessary tables in your database, including some required contents:
<tt>cd /PATHTO/TRACKS</tt>
@ -77,7 +81,11 @@ Then cd into the db directory and run rake migrate. This should create the datab
<tt>cd /PATHTO/TRACKS</tt>
<tt>rake setup_tracks</tt>
* Open the file <tt>config/environment.rb</tt> and look at the last line which should read:
<tt>SALT = "change-me"</tt>
Change the word change-me to something else of your choosing. This string will be used as a 'salt' to encrypt your password and make it a bit more secure.
* If you are using MySQL or Postgresql, you can use the rake migrate task to update your tables. At your command line:
<tt>cd /PATHTO/TRACKS</tt>
@ -98,7 +106,11 @@ Then cd into the db directory and run rake migrate. This should create the datab
<tt>cd /PATHTO/TRACKS</tt>
<tt>rake setup_tracks</tt>
* Open the file <tt>config/environment.rb</tt> and look at the last line which should read:
<tt>SALT = "change-me"</tt>
Change the word change-me to something else of your choosing. This string will be used as a 'salt' to encrypt your password and make it a bit more secure.
* The rake task <tt>upgrade_sqlite_db.rake</tt> (in <tt>tracks/lib/tasks</tt>) will help you to upgrade your database before running 'rake migrate' to make the appropriate changes to the tables. In lines 4-6 of that file, you'll find some variables (old_db, new_db and cmd) that you'll need to change appropriately for your setup. old_db is the filename of your old version 1.03 database, new_db is the filename you'd like to give to the new database, and cmd is sqlite or sqlite3 depending on which verison you're using.
* Save the file after making the changes, then - in the root of your tracks directory - issue the command <tt>rake upgrade_sqlite_db</tt>. You should get a message that your new db has been created, and some temporary files created.
You need to check the new database to make sure that it has sensible contents. In particular, check that the 'user_id' field in the todos, contexts and projects tables have the value of '1' (i.e. they are owned by your admin user, who should have an id of 1).