diff --git a/.gitignore b/.gitignore index 35dee02b..48cd1291 100644 --- a/.gitignore +++ b/.gitignore @@ -2,8 +2,8 @@ .dotest /.emacs-project config/database.yml +config/site.yml config/deploy.rb -config/environment.rb db/*.sqlite3 db/data.yml db/schema.rb diff --git a/app/controllers/application.rb b/app/controllers/application.rb index 8a329f56..4c63b89f 100644 --- a/app/controllers/application.rb +++ b/app/controllers/application.rb @@ -20,7 +20,7 @@ class CannotAccessContext < RuntimeError; end class ApplicationController < ActionController::Base - protect_from_forgery :secret => SALT + protect_from_forgery :secret => SITE_CONFIG['salt'] helper :application include LoginSystem diff --git a/app/controllers/contexts_controller.rb b/app/controllers/contexts_controller.rb index 2412ba95..98ddc344 100644 --- a/app/controllers/contexts_controller.rb +++ b/app/controllers/contexts_controller.rb @@ -138,7 +138,7 @@ class ContextsController < ApplicationController @active_contexts = @contexts.active @hidden_contexts = @contexts.hidden @down_count = @active_contexts.size + @hidden_contexts.size - cookies[:mobile_url]= {:value => request.request_uri, :secure => TRACKS_COOKIES_SECURE} + cookies[:mobile_url]= {:value => request.request_uri, :secure => SITE_CONFIG['secure_cookies']} render :action => 'index_mobile' end end @@ -148,7 +148,7 @@ class ContextsController < ApplicationController @page_title = "TRACKS::List actions in "+@context.name @not_done = @not_done_todos.select {|t| t.context_id == @context.id } @down_count = @not_done.size - cookies[:mobile_url]= {:value => request.request_uri, :secure => TRACKS_COOKIES_SECURE} + cookies[:mobile_url]= {:value => request.request_uri, :secure => SITE_CONFIG['secure_cookies']} @mobile_from_context = @context.id render :action => 'mobile_show_context' end diff --git a/app/controllers/login_controller.rb b/app/controllers/login_controller.rb index 91cfc261..360a8455 100644 --- a/app/controllers/login_controller.rb +++ b/app/controllers/login_controller.rb @@ -21,10 +21,10 @@ class LoginController < ApplicationController session['noexpiry'] = params['user_noexpiry'] msg = (should_expire_sessions?) ? "will expire after 1 hour of inactivity." : "will not expire." notify :notice, "Login successful: session #{msg}" - cookies[:tracks_login] = { :value => @user.login, :expires => Time.now + 1.year, :secure => TRACKS_COOKIES_SECURE } + cookies[:tracks_login] = { :value => @user.login, :expires => Time.now + 1.year, :secure => SITE_CONFIG['secure_cookies'] } unless should_expire_sessions? @user.remember_me - cookies[:auth_token] = { :value => @user.remember_token , :expires => @user.remember_token_expires_at, :secure => TRACKS_COOKIES_SECURE } + cookies[:auth_token] = { :value => @user.remember_token , :expires => @user.remember_token_expires_at, :secure => SITE_CONFIG['secure_cookies'] } end redirect_back_or_home return @@ -100,10 +100,10 @@ class LoginController < ApplicationController session['user_id'] = @user.id msg = (should_expire_sessions?) ? "will expire after 1 hour of inactivity." : "will not expire." notify :notice, "Login successful: session #{msg}" - cookies[:tracks_login] = { :value => @user.login, :expires => Time.now + 1.year, :secure => TRACKS_COOKIES_SECURE } + cookies[:tracks_login] = { :value => @user.login, :expires => Time.now + 1.year, :secure => SITE_CONFIG['secure_cookies'] } unless should_expire_sessions? @user.remember_me - cookies[:auth_token] = { :value => @user.remember_token , :expires => @user.remember_token_expires_at, :secure => TRACKS_COOKIES_SECURE } + cookies[:auth_token] = { :value => @user.remember_token , :expires => @user.remember_token_expires_at, :secure => SITE_CONFIG['secure_cookies'] } end redirect_back_or_home else diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb index e701f4f4..4e739fe9 100644 --- a/app/controllers/projects_controller.rb +++ b/app/controllers/projects_controller.rb @@ -218,7 +218,7 @@ class ProjectsController < ApplicationController @hidden_projects = @projects.hidden @completed_projects = @projects.completed @down_count = @active_projects.size + @hidden_projects.size + @completed_projects.size - cookies[:mobile_url]= {:value => request.request_uri, :secure => TRACKS_COOKIES_SECURE} + cookies[:mobile_url]= {:value => request.request_uri, :secure => SITE_CONFIG['secure_cookies']} render :action => 'index_mobile' end end @@ -231,7 +231,7 @@ class ProjectsController < ApplicationController @project_default_context = "The default context for this project is "+ @project.default_context.name end - cookies[:mobile_url]= {:value => request.request_uri, :secure => TRACKS_COOKIES_SECURE} + cookies[:mobile_url]= {:value => request.request_uri, :secure => SITE_CONFIG['secure_cookies']} @mobile_from_project = @project.id render :action => 'project_mobile' end diff --git a/app/controllers/todos_controller.rb b/app/controllers/todos_controller.rb index 3cb30d20..57befc38 100644 --- a/app/controllers/todos_controller.rb +++ b/app/controllers/todos_controller.rb @@ -269,7 +269,7 @@ class TodosController < ApplicationController format.m do if @saved if cookies[:mobile_url] - cookies[:mobile_url] = {:value => nil, :secure => TRACKS_COOKIES_SECURE} + cookies[:mobile_url] = {:value => nil, :secure => SITE_CONFIG['secure_cookies']} redirect_to cookies[:mobile_url] else redirect_to formatted_todos_path(:m) @@ -422,7 +422,7 @@ class TodosController < ApplicationController @default_project_context_name_map = build_default_project_context_name_map(@projects).to_json } format.m { - cookies[:mobile_url]= {:value => request.request_uri, :secure => TRACKS_COOKIES_SECURE} + cookies[:mobile_url]= {:value => request.request_uri, :secure => SITE_CONFIG['secure_cookies']} render :action => "mobile_tag" } end @@ -720,7 +720,7 @@ class TodosController < ApplicationController lambda do @page_title = "All actions" @home = true - cookies[:mobile_url]= { :value => request.request_uri, :secure => TRACKS_COOKIES_SECURE} + cookies[:mobile_url]= { :value => request.request_uri, :secure => SITE_CONFIG['secure_cookies']} determine_down_count render :action => 'index' diff --git a/config/environment.rb.tmpl b/config/environment.rb similarity index 65% rename from config/environment.rb.tmpl rename to config/environment.rb index 5b98cccc..7b564821 100644 --- a/config/environment.rb.tmpl +++ b/config/environment.rb @@ -7,18 +7,13 @@ # Bootstrap the Rails environment, frameworks, and default configuration require File.join(File.dirname(__FILE__), 'boot') -# This is the 'salt' to add to the password before it is encrypted -# You need to change this to something unique for yourself -SALT = "change-me" +require 'yaml' +SITE_CONFIG = YAML.load_file(File.join(File.dirname(__FILE__), 'site.yml')) class Rails::Configuration attr_accessor :action_web_service end -# Leave this alone or set it to one or more of ['database', 'ldap', 'open_id']. -# If you choose ldap, see the additional configuration options further down. -AUTHENTICATION_SCHEMES = ['database'] - Rails::Initializer.run do |config| # Skip frameworks you're not going to use # config.frameworks -= [ :action_web_service, :action_mailer ] @@ -29,23 +24,18 @@ Rails::Initializer.run do |config| config.gem "highline" config.action_controller.use_accept_header = true - - # Add additional load paths for your own custom dirs - # config.load_paths += %W( #{RAILS_ROOT}/app/services ) - - # Force all environments to use the same logger level - # (by default production uses :info, the others :debug) - # config.log_level = :debug # Use the database for sessions instead of the file system # (create the session table with 'rake create_sessions_table') config.action_controller.session_store = :active_record_store - + config.action_controller.session = { :session_key => '_tracks_session_id', - :secret => SALT * (30.0 / SALT.length).ceil #must be at least 30 characters + :secret => SITE_CONFIG['salt'] * (30.0 / SITE_CONFIG['salt'].length).ceil #must be at least 30 characters } - + + config.action_controller.relative_url_root = SITE_CONFIG['subdir'] if SITE_CONFIG['subdir'] + # Enable page/fragment caching by setting a file-based store # (remember to create the caching directory and make it readable to the application) # config.action_controller.fragment_cache_store = :file_store, "#{RAILS_ROOT}/cache" @@ -55,11 +45,11 @@ Rails::Initializer.run do |config| # Make Active Record use UTC-base instead of local time config.active_record.default_timezone = :utc - + # You''ll probably want to change this to the time zone of the computer where Tracks is running # run rake time:zones:local have Rails suggest time zone names on your system - config.time_zone = 'UTC' - + config.time_zone = SITE_CONFIG['time_zone'] + # Use Active Record's schema dumper instead of SQL when creating the test database # (enables use of different database adapters for development and test environments) config.active_record.schema_format = :ruby @@ -67,7 +57,7 @@ Rails::Initializer.run do |config| # See Rails::Configuration for more options end -# Add new inflection rules using the following format +# Add new inflection rules using the following format # (all these examples are active by default): # Inflector.inflections do |inflect| # inflect.plural /^(ox)$/i, '\1en' @@ -86,26 +76,17 @@ require 'tagging_extensions' # Needed for tagging-specific extensions require 'digest/sha1' #Needed to support 'rake db:fixtures:load' on some ruby installs: http://dev.rousette.org.uk/ticket/557 require 'prototype_helper_extensions' -if (AUTHENTICATION_SCHEMES.include? 'ldap') +if ( SITE_CONFIG['authentication_schemes'].include? 'ldap') require 'net/ldap' #requires ruby-net-ldap gem be installed require 'simple_ldap_authenticator' - SimpleLdapAuthenticator.ldap_library = 'net/ldap' - SimpleLdapAuthenticator.servers = %w'localhost' - SimpleLdapAuthenticator.use_ssl = false - SimpleLdapAuthenticator.login_format = 'cn=%s,dc=example,dc=com' + ldap = SITE_CONFIG['ldap'] + SimpleLdapAuthenticator.ldap_library = ldap['library'] + SimpleLdapAuthenticator.servers = ldap['servers'] + SimpleLdapAuthenticator.use_ssl = ldap['ssl'] + SimpleLdapAuthenticator.login_format = ldap['login_format'] end -if (AUTHENTICATION_SCHEMES.include? 'open_id') +if ( SITE_CONFIG['authentication_schemes'].include? 'open_id') #requires ruby-openid gem to be installed end -# setting this to true will make the cookies only available over HTTPS -TRACKS_COOKIES_SECURE = false - -tracks_version='1.7' - -# comment out next two lines if you do not want (or can not) the date of the -# last git commit in the footer -# info=`git log --pretty=format:"%ai" -1` -# tracks_version=tracks_version + ' ('+info+')' - -TRACKS_VERSION=tracks_version \ No newline at end of file +TRACKS_VERSION='1.7' \ No newline at end of file diff --git a/config/environments/test.rb b/config/environments/test.rb index 221eb3da..83500f38 100644 --- a/config/environments/test.rb +++ b/config/environments/test.rb @@ -38,7 +38,7 @@ end # config.transactional_fixtures = true # config.instantiated_fixtures = false # config.pre_loaded_fixtures = false -SALT = "change-me" unless defined?( SALT ).nil? +SITE_CONFIG['salt'] ||= 'change-me' config.time_zone = 'UTC' diff --git a/config/site.yml.tmpl b/config/site.yml.tmpl new file mode 100644 index 00000000..b39ab11c --- /dev/null +++ b/config/site.yml.tmpl @@ -0,0 +1,35 @@ +# This is the 'salt' to add to the password before it is encrypted +# You need to change this to something unique for yourself +salt: "change-me" + + +# Uncomment ldap or open_id if you want to use those authentication schemes. +# If you choose ldap, see the additional configuration options further down. +authentication_schemes: + - "database" + # - "ldap" + # - "open_id" + + +# You''ll probably want to change this to the time zone of the computer where Tracks is running +# run rake time:zones:local have Rails suggest time zone names on your system +time_zone: "UTC" + + +# setting this to true will make the cookies only available over HTTPS +secure_cookies: false + + +# Set this to the subdirectory you're hosting tracks in and uncomment if applicable +# NOTE: you will also need to set up your web server to deal with the relative +# URL. Mongrel, for example, has a --prefix option. +# subdir: "/tracks" + + +# Only needed if ldap is included in authentication_schemes +# ldap: +# library: 'net/ldap' +# servers: +# - 'localhost' +# use_ssl: false +# login_format: 'cn=%s,dc=example,dc=com' diff --git a/lib/login_system.rb b/lib/login_system.rb index 92128422..4ad9312c 100644 --- a/lib/login_system.rb +++ b/lib/login_system.rb @@ -48,7 +48,7 @@ module LoginSystem session['user_id'] = user.id set_current_user(user) current_user.remember_me - cookies[:auth_token] = { :value => current_user.remember_token , :expires => current_user.remember_token_expires_at, :secure => TRACKS_COOKIES_SECURE } + cookies[:auth_token] = { :value => current_user.remember_token , :expires => current_user.remember_token_expires_at, :secure => SITE_CONFIG['secure_cookies'] } flash[:notice] = "Logged in successfully. Welcome back!" end end diff --git a/lib/tracks/config.rb b/lib/tracks/config.rb index 93416ced..fcca8157 100644 --- a/lib/tracks/config.rb +++ b/lib/tracks/config.rb @@ -1,20 +1,15 @@ module Tracks - class Config - def self.salt - SALT + SITE_CONFIG['salt'] end def self.auth_schemes - AUTHENTICATION_SCHEMES + SITE_CONFIG['authentication_schemes'] || [] end def self.openid_enabled? auth_schemes.include?('open_id') end - - end - end \ No newline at end of file