Fixes #335. A user's token (or "word") that is used for feed and some API access will now not change unless explicity requested by the user.

git-svn-id: http://www.rousette.org.uk/svn/tracks-repos/trunk@310 a4c988fc-2ded-0310-b66e-134b36920a42
2026-01-10 03:08:50 +01:00 · 2006-08-13 04:43:52 +00:00 · 2006-08-13 04:43:52 +00:00 · a1c199131b
commit a1c199131b
parent 31214f1812
4 changed files with 77 additions and 47 deletions
--- a/tracks/app/controllers/user_controller.rb
+++ b/tracks/app/controllers/user_controller.rb
@ -50,6 +50,12 @@ class UserController < ApplicationController
    end
  end
  
+  def refresh_token
+    @user.crypt_word
+    @user.save
+    redirect_to :controller => 'user', :action => 'preferences'
+  end
+  
  protected
  
  def do_change_password_for(user)
--- a/tracks/app/models/user.rb
+++ b/tracks/app/models/user.rb
@ -24,6 +24,10 @@ class User < ActiveRecord::Base
    self.password_confirmation = pass_confirm
  end

+  def crypt_word
+    write_attribute("word", self.class.sha1(login + Time.now.to_i.to_s + rand.to_s))
+  end
+
 protected

  def self.sha1(pass)
@ -31,14 +35,13 @@ protected
    Digest::SHA1.hexdigest("#{SALT}--#{pass}--")
  end

-  before_create :crypt_password_and_word
-  before_update :crypt_password_and_word
+  before_create :crypt_password, :crypt_word
+  before_update :crypt_password
  
-  def crypt_password_and_word
+  def crypt_password
    write_attribute("password", self.class.sha1(password)) if password == @password_confirmation
-    write_attribute("word", self.class.sha1(login + Time.now.to_i.to_s + rand.to_s))
  end
-  
+    
  validates_presence_of :password, :login
  validates_length_of :password, :within => 5..40
  validates_confirmation_of :password  
--- a/tracks/app/views/user/preferences.rhtml
+++ b/tracks/app/views/user/preferences.rhtml
@ -1,48 +1,58 @@
 <div id="single_box" class="container context">

-<h2>Your preferences</h2>
+  <h2>Your preferences</h2>

-<% for name in ["notice", "warning", "message"] %>
-  <% if flash[name] %>
-    <%= "<div id=\"#{name}\">#{flash[name]}</div>" %>
+  <% for name in ["notice", "warning", "message"] %>
+    <% if flash[name] %>
+      <%= "<div id=\"#{name}\">#{flash[name]}</div>" %>
+    <% end %>
  <% end %>
-<% end %>
 
-<ul id="prefs">
-  <li>Date format: <span class="highlight"><%= @prefs["date_format"] %></span></li>
-  <li>Week starts on: <span class="highlight">
-	  <%  case @prefs["week_starts"]
-		when "0" 
-		%> Sunday <%
-		when "1" 
-		 %> Monday <%
-		when "2" 
-		 %> Tuesday <%
-		when "3" 
-		 %> Wednesday <%
-		when "4" 
-		 %> Thursday <%
-		when "5" 
-		 %> Friday <%
-		when "6" 
-		 %> Saturday <%
-	      end
-	 %>	
-	</span></li>
-  <li>Show the last <span class="highlight"><%= @prefs["no_completed"] %></span> completed items on the home page</li>
-  <li>Staleness starts after <span class="highlight"><%= @prefs["staleness_starts"] %></span> days</li>
-  <li>Due style: <span class="highlight">
-	<% if @prefs["due_style"] == "0" %>
-		Due in ___ days
-	<% else %>
-		Due on ________
-	<% end %>
-		 </span></li>
-  <% if @user.is_admin? %>
-    <li>Admin email: <span class="highlight"><%= @prefs["admin_email"] %></span></li>
-  <% end %>
-  <li>Refresh interval (in minutes): <span class="highlight"><%= @prefs["refresh"] %></span></li>
-</ul>
-<%= link_to "Edit preferences", :controller => 'user', :action => 'edit_preferences' %> | 
-<%= link_to 'Change password', :controller => 'user', :action => 'change_password' %>
+  <ul id="prefs">
+    <li>Date format: <span class="highlight"><%= @prefs["date_format"] %></span></li>
+    <li>Week starts on: <span class="highlight">
+  	  <%  case @prefs["week_starts"]
+  		when "0" 
+  		%> Sunday <%
+  		when "1" 
+  		 %> Monday <%
+  		when "2" 
+  		 %> Tuesday <%
+  		when "3" 
+  		 %> Wednesday <%
+  		when "4" 
+  		 %> Thursday <%
+  		when "5" 
+  		 %> Friday <%
+  		when "6" 
+  		 %> Saturday <%
+  	      end
+  	 %>	
+  	</span></li>
+    <li>Show the last <span class="highlight"><%= @prefs["no_completed"] %></span> completed items on the home page</li>
+    <li>Staleness starts after <span class="highlight"><%= @prefs["staleness_starts"] %></span> days</li>
+    <li>Due style: <span class="highlight">
+  	<% if @prefs["due_style"] == "0" %>
+  		Due in ___ days
+  	<% else %>
+  		Due on ________
+  	<% end %>
+  		 </span></li>
+    <% if @user.is_admin? %>
+      <li>Admin email: <span class="highlight"><%= @prefs["admin_email"] %></span></li>
+    <% end %>
+    <li>Refresh interval (in minutes): <span class="highlight"><%= @prefs["refresh"] %></span></li>
+  </ul>
+  <%= link_to "Edit preferences", :controller => 'user', :action => 'edit_preferences' %> | 
+  <%= link_to 'Change password', :controller => 'user', :action => 'change_password' %>
+  <div id="token_area">
+      <div class="description">Token (for feeds and API use):</div>
+        <div id="token><span class="highlight"><%= @user.word %></span></div>
+        <div class="token_regenerate">
+            <%= button_to "Generate a new token", { :controller => 'user', :action => 'refresh_token'},
+                :confirm => "Are you sure? Generating a new token will replace the existing one and break any external usages of this token." %>
+        </div>
+        </li>
+      </div>
+  </div>
 </div>
--- a/tracks/public/stylesheets/standard.css
+++ b/tracks/public/stylesheets/standard.css
@ -637,6 +637,17 @@ div.message {
 }

 ul#prefs {list-style-type: disc; margin-left: 5px;}
+#token_area {
+  text-align:center;
+  margin-top:20px;
+}
+#token_area .description{ 
+  font-weight:bold;
+}
+#token_area form {
+  width:100%;
+  text-align:center;
+}

 #feedlegend {
  padding: 2px;