Baby steps in removing authentication from refinery. (woohoo!)

manuka · Jul 18, 2015 · eb2a0ef · eb2a0ef
1 parent aa35b11
commit eb2a0ef
Show file tree

Hide file tree

Showing 19 changed files with 92 additions and 101 deletions.
diff --git a/core/app/helpers/refinery/authentication_helper.rb b/core/app/helpers/refinery/authentication_helper.rb
@@ -0,0 +1,9 @@
+module Refinery
+  module AuthenticationHelper
+
+    def refinery_user?
+      true
+    end
+
+  end
+end
diff --git a/core/app/views/refinery/_site_bar.html.erb b/core/app/views/refinery/_site_bar.html.erb
@@ -21,7 +21,7 @@
         </span>
 
         <%= link_to t('.log_out', site_bar_translate_locale_args),
-                    refinery.logout_path, :id => 'logout' %>
+                    refinery_logout_path, :id => 'logout' %>
       </div>
     </div>
   </div>

diff --git a/.../refinery/engine/templates/spec/features/refinery/namespace/admin/plural_name_spec.rb.erb b/.../refinery/engine/templates/spec/features/refinery/namespace/admin/plural_name_spec.rb.erb
@@ -5,9 +5,7 @@ describe Refinery do
   describe "<%= namespacing %>" do
     describe "Admin" do
       describe "<%= plural_name %>", type: :feature do
-
-        refinery_login_with :refinery_user
-
+        refinery_login
 <% if (title = attributes.detect { |a| a.type.to_s == "string" }).present? %>
         describe "<%= plural_name %> list" do
           before do

diff --git a/core/lib/generators/refinery/form/templates/app/models/refinery/namespace/setting.rb.erb b/core/lib/generators/refinery/form/templates/app/models/refinery/namespace/setting.rb.erb
@@ -20,7 +20,7 @@ module Refinery
 
         def notification_recipients
           Refinery::Setting.find_or_set(:<%= singular_name %>_notification_recipients,
-                                        (Role[:refinery].users.first.try(:email) if defined?(Role)).to_s)
+                                        (Zilch::UsersManager.instance.primary_user.try(:email)).to_s)
         end
 
         def notification_subject

diff --git a/core/lib/refinery/admin/base_controller.rb b/core/lib/refinery/admin/base_controller.rb
@@ -7,9 +7,10 @@ module BaseController
       def self.included(base)
         base.layout :layout?
 
-        base.before_action :require_refinery_users!, :force_ssl!,
-                           :authenticate_refinery_user!, :restrict_plugins,
+        base.before_action :force_ssl!,
+                           :authenticate_refinery_user!,
                            :restrict_controller
+
         base.after_action :store_location?, :only => [:index] # for redirect_back_or_default
 
         base.helper_method :searching?, :group_by_date, :refinery_admin_root_path
@@ -36,6 +37,10 @@ def force_ssl!
         redirect_to :protocol => 'https' if Refinery::Core.force_ssl && !request.ssl?
       end
 
+      def authenticate_refinery_user!
+        ::Zilch::AuthorisationManager.instance.authenticate!
+      end
+
       def group_by_date(records)
         new_records = []
 
@@ -48,53 +53,60 @@ def group_by_date(records)
         new_records
       end
 
-      def require_refinery_users!
-        redirect_to refinery.new_signup_path if just_installed? && controller_name != 'users'
-      end
-
-      def restrict_plugins
-        current_length = (plugins = current_refinery_user.authorized_plugins).length
-
-        # Superusers get granted access if they don't already have access.
-        if current_refinery_user.has_role?(:superuser)
-          if (plugins = plugins | ::Refinery::Plugins.registered.names).length > current_length
-            current_refinery_user.plugins = plugins
-          end
-        end
-
-        ::Refinery::Plugins.set_active(plugins)
-      end
-
       def restrict_controller
         unless allow_controller? params[:controller].gsub 'admin/', ''
-          logger.warn "'#{current_refinery_user.username}' tried to access '#{params[:controller]}' but was rejected."
+          logger.warn "'#{current_refinery_user}' tried to access '#{params[:controller]}' but was rejected."
           error_404
         end
       end
 
       private
 
       def allow_controller?(controller_path)
-        ::Refinery::Plugins.active.any? do |plugin|
-          Regexp.new(plugin.menu_match) === controller_path
-        end
+        ::Zilch::AuthorisationManager.instance.allow_access_to_controller?(controller_path)
       end
 
       def layout?
         "refinery/admin#{'_dialog' if from_dialog?}"
       end
 
+      # TODO: all store_location stuff should be in its own object..
       # Check whether it makes sense to return the user to the last page they
       # were at instead of the default e.g. refinery_admin_pages_path
       # right now we just want to snap back to index actions and definitely not to dialogues.
       def store_location?
         store_location unless request.xhr? || from_dialog?
       end
 
-      # Override authorized? so that only users with the Refinery role can admin the website.
-      def authorized?
-        refinery_user?
+      # Store the URI of the current request in the session.
+      #
+      # We can return to this location by calling #redirect_back_or_default.
+      def store_location
+        session[:return_to] = request.fullpath
+      end
+
+      # Clear and return the stored location
+      def pop_stored_location
+        session.delete(:return_to)
+      end
+
+      # Redirect to the URI stored by the most recent store_location call or
+      # to the passed default.
+      def redirect_back_or_default(default)
+        redirect_to(pop_stored_location || default)
       end
+
+
+      # Override authorized? so that only users with the Refinery role can admin the website.
+      # def authorized?
+      #   refinery_user?
+      # end
+
+
+      # def refinery_user?
+      #   auth_manager = Refinery::AuthenticationManager.instance
+      #   auth_manager.authenticated? && auth_manager.
+      #     Zilch::AuthorisationManager.instance.current_user.has_role?(:refinery)
     end
   end
 end
diff --git a/core/lib/refinery/application_controller.rb b/core/lib/refinery/application_controller.rb
@@ -2,55 +2,59 @@ module Refinery
   module ApplicationController
 
     def self.included(base) # Extend controller
-      base.helper_method :home_page?, :local_request?, :just_installed?,
-                         :from_dialog?, :admin?, :login?
+      base.helper_method :home_page?,
+                         :local_request?,
+                         :from_dialog?,
+                         :admin?,
+                         :refinery_logout_path,
+                         :current_refinery_user
 
       base.protect_from_forgery # See ActionController::RequestForgeryProtection
 
       base.send :include, Refinery::Crud # basic create, read, update and delete methods
 
       if Refinery::Core.rescue_not_found
-        base.rescue_from ActiveRecord::RecordNotFound,
+        base.rescue_from ::ActiveRecord::RecordNotFound,
                          ::AbstractController::ActionNotFound,
-                         ActionView::MissingTemplate,
+                         ::ActionView::MissingTemplate,
                          :with => :error_404
       end
     end
 
     def admin?
-      %r{^admin/} === controller_name
+      %r{\Aadmin/} === controller_name
     end
 
     def error_404(exception = nil)
       # fallback to the default 404.html page.
       file = Rails.root.join 'public', '404.html'
       file = Refinery.roots('refinery/core').join('public', '404.html') unless file.exist?
       render :file => file.cleanpath.to_s.gsub(%r{#{file.extname}$}, ''),
-             :layout => false, :status => 404, :formats => [:html]
+             :layout  => false, :status => 404, :formats => [:html]
       return false
     end
 
     def from_dialog?
-      params[:dialog] == 'true' or params[:modal] == 'true'
+      params[:dialog] == 'true' || params[:modal] == 'true'
     end
 
     def home_page?
       %r{^#{Regexp.escape(request.path)}} === refinery.root_path
     end
 
-    def just_installed?
-      Refinery::Role[:refinery].users.empty?
-    end
-
     def local_request?
       Rails.env.development? || /(::1)|(127.0.0.1)|((192.168).*)/ === request.remote_ip
     end
 
-    def login?
-      (/^(user|session)(|s)/ === controller_name && !admin?) || just_installed?
+    def refinery_logout_path
+      nil
+    end
+
+    def current_refinery_user
+      Zilch::AuthorisationManager.instance.current_user
     end
 
-  protected
+    protected
 
     # use a different model for the meta information.
     def present(model)

diff --git a/core/spec/controllers/refinery/admin/refinery_core_controller_spec.rb b/core/spec/controllers/refinery/admin/refinery_core_controller_spec.rb
@@ -3,7 +3,7 @@
 module Refinery
   module Admin
     describe CoreController, :type => :controller do
-      refinery_login_with_factory :refinery_user
+      refinery_login
 
       it "updates the plugin positions" do
         plugins = logged_in_user.plugins.reverse.map &:name

diff --git a/core/spec/features/refinery/admin/custom_assets_spec.rb b/core/spec/features/refinery/admin/custom_assets_spec.rb
@@ -2,7 +2,7 @@
 
 module Refinery
   describe "custom", :type => :feature do
-    refinery_login_with :refinery_user
+    refinery_login
     after do
       Refinery::Core.javascripts.reject! { |j| %w[custom_js].include?(j) }
       Refinery::Core.stylesheets.reject! { |s| %w[custom_css].include?(s.path) }

diff --git a/core/spec/features/refinery/admin/dialogs_spec.rb b/core/spec/features/refinery/admin/dialogs_spec.rb
@@ -2,7 +2,7 @@
 
 module Refinery
   describe "dialog", :type => :feature do
-    refinery_login_with :refinery_user
+    refinery_login
 
     context "links" do
       it "have iframe src" do

diff --git a/core/spec/features/refinery/application_layout_spec.rb b/core/spec/features/refinery/application_layout_spec.rb
@@ -2,7 +2,7 @@
 
 module Refinery
   describe 'layout', :type => :feature do
-    refinery_login_with :refinery_user
+    refinery_login
 
     let(:home_page) do
       FactoryGirl.create :page, :title => 'Home', :link_url => '/'

diff --git a/core/spec/features/refinery/site_bar_spec.rb b/core/spec/features/refinery/site_bar_spec.rb
@@ -2,7 +2,7 @@
 
 module Refinery
   describe "site bar", :type => :feature do
-    refinery_login_with :refinery_user
+    refinery_login
 
     it "has a logout link" do
       visit Refinery::Core.backend_path

diff --git a/core/spec/support/refinery.rb b/core/spec/support/refinery.rb
@@ -4,15 +4,10 @@
   config.extend Refinery::Testing::ControllerMacros::Authentication, :type => :controller
   config.include Refinery::Testing::ControllerMacros::Routes, :type => :controller
   config.extend Refinery::Testing::FeatureMacros::Authentication, :type => :feature
-  config.include Warden::Test::Helpers
 
   # set some config values so that image and resource factories don't fail to create
   config.before do
     Refinery::Images.max_image_size = 5_242_880 if defined?(Refinery::Images)
     Refinery::Resources.max_file_size = 52_428_800 if defined?(Refinery::Resources)
   end
-
-  config.after do
-    Warden.test_reset!
-  end
 end
diff --git a/images/spec/features/refinery/admin/images_spec.rb b/images/spec/features/refinery/admin/images_spec.rb
@@ -1,15 +1,14 @@
 require "spec_helper"
 
 module Refinery
-
-  describe "the Admin Images Tab" do
-    refinery_login_with :refinery_user
+  describe "the Admin Images Tab", type: :feature do
+    refinery_login
     include_context 'admin images tab'
 
     context 'When there are no images' do
       include_context 'no existing images'
 
-      it 'says there are no images'do
+      it 'says there are no images' do
         visit refinery.admin_images_path
         expect(page).to have_content(::I18n.t('no_images_yet', scope: 'refinery.admin.images.records'))
       end
@@ -72,4 +71,3 @@ module Refinery
 
   end
 end
-
diff --git a/lib/refinery/all.rb b/lib/refinery/all.rb
@@ -1,3 +1,3 @@
-%w(core authentication images resources pages).each do |extension|
+%w(core images resources pages).each do |extension|
   require "refinerycms-#{extension}"
 end
diff --git a/pages/spec/features/refinery/admin/pages_spec.rb b/pages/spec/features/refinery/admin/pages_spec.rb
@@ -16,7 +16,7 @@ def expect_window_without_content(content, window: windows.last)
 module Refinery
   module Admin
     describe "Pages", :type => :feature do
-      refinery_login_with :refinery_user
+      refinery_login
 
       context "when no pages" do
         it "invites to create one" do

diff --git a/refinerycms.gemspec b/refinerycms.gemspec
@@ -20,7 +20,6 @@ Gem::Specification.new do |s|
 
   s.files             = `git ls-files -- lib/* templates/*`.split("\n")
 
-  s.add_dependency    'refinerycms-authentication', version
   s.add_dependency    'refinerycms-core',           version
   s.add_dependency    'refinerycms-images',         version
   s.add_dependency    'refinerycms-pages',          version

diff --git a/resources/spec/features/refinery/admin/resources_spec.rb b/resources/spec/features/refinery/admin/resources_spec.rb
@@ -4,7 +4,7 @@
 module Refinery
   module Admin
     describe "Resources", :type => :feature do
-      refinery_login_with :refinery_user
+      refinery_login
 
       context "when no files" do
         it "invites to upload file" do

diff --git a/testing/lib/refinery/testing/controller_macros/authentication.rb b/testing/lib/refinery/testing/controller_macros/authentication.rb
@@ -2,45 +2,19 @@ module Refinery
   module Testing
     module ControllerMacros
       module Authentication
-        def self.extended(base)
-          base.send :include, Devise::TestHelpers
-        end
 
         def refinery_login_with(*roles)
-          roles = handle_deprecated_roles!(roles).flatten
-          let(:logged_in_user) do
-            user = FactoryGirl.create :user
-            roles.each do |role|
-              user.add_role(role)
-            end
-            user
-          end
-          before do
-            @request.env["devise.mapping"] = Devise.mappings[:admin]
-            sign_in logged_in_user
-          end
+          Refinery.deprecate('refinery_login_with', when: '3.1', replacement: 'refinery_login')
+          refinery_login
         end
 
         def refinery_login_with_factory(factory)
-          factory_user factory
-        end
-
-        def factory_user(factory)
-          let(:logged_in_user) { FactoryGirl.create factory }
-          before do
-            @request.env["devise.mapping"] = Devise.mappings[:admin]
-            sign_in logged_in_user
-          end
+          Refinery.deprecate('refinery_login_with_factory', when: '3.1', replacement: 'refinery_login')
+          refinery_login
         end
 
-        private
-        def handle_deprecated_roles!(*roles)
-          mappings = {
-            :user => [],
-            :refinery_user => [:refinery],
-            :refinery_superuser => [:refinery, :superuser]
-          }
-          mappings[roles.first] || roles
+        def refinery_login
+          # NO-OP for now.
         end
       end
     end
-Original file line number
+Diff line change
@@ Expand Up / @@ -21,7 +21,7 @@ @@
             </span>
             <%= link_to t('.log_out', site_bar_translate_locale_args),
-                        refinery.logout_path, :id => 'logout' %>
+                        refinery_logout_path, :id => 'logout' %>
           </div>
         </div>
       </div>
@@ Expand Down @@