Merge branch 'master' of https://github.com/QutBioacousticsResearchGr…

…oup/bioacoustic-workbench

app/assets/javascripts/angular/controllers/accounts.js

@@ -0,0 +1,13 @@
+"use strict";
+/**
+ * The accounts controller. Sign in using external providers.
+ * @param $scope
+ * @param $resource
+ * @param $routeParams
+ * @constructor
+ */
+function AccountsCtrl($scope, $resource, $routeParams) {
+
+}
+
+AccountsCtrl.$inject = ['$scope', '$resource', '$routeParams'];

app/assets/javascripts/app.js

@@ -72,6 +72,9 @@ var bawApp = (function() {
                 whenDefaults("searches", "search", ":searchId", SearchesCtrl, SearchCtrl, true).
                 when('/search', {templateUrl: '/assets/search_details.html', controller: SearchCtrl}).
 
+                when('/accounts', {templateUrl: '/assets/accounts_sign_in.html', controller: AccountsCtrl}).
+                when('/accounts/:action', {templateUrl: '/assets/accounts_sign_in.html', controller: AccountsCtrl}).
+
                 //when('/phones/:phoneId', {templateUrl: 'partials/phone-detail.html', controller: PhoneDetailCtrl}).
                 when('/', {templateUrl: '/assets/home.html', controller: HomeCtrl}).
                 when('/404',{controller : ErrorCtrl}).
@@ -143,6 +146,11 @@ var bawApp = (function() {
 
             };
 
+            // see if authentication can work
+            $rootScope.testAuth = (function(){
+
+            })();
+
         }]);
 
     return exports;

app/assets/templates/accounts_sign_in.html

@@ -0,0 +1,41 @@
+<div id="content" data-ng-controller="AccountsCtrl">
+    <h1>Accounts Sign In</h1>
+    <button onclick="login()">login</button>
+    <button onclick="logout()">logout</button>
+
+    <script type="test/javascript">
+        function login() { navigator.id.request(); }
+        function logout() { navigator.id.request(); }
+
+        var currentUser = '[email protected]';
+
+        navigator.id.watch({
+            loggedInUser: currentUser,
+            onlogin: function(assertion) {
+                // A user has logged in! Here you need to:
+                // 1. Send the assertion to your backend for verification and to create a session.
+                // 2. Update your UI.
+                $.ajax({ /* <-- This example uses jQuery, but you can use whatever you'd like */
+                    type: 'POST',
+                    url: '/security/auth/browser_id/callback', // This is a URL on your website.
+                    data: {assertion: assertion},
+                    success: function(res, status, xhr) { window.location.reload(); },
+                    error: function(xhr, status, err) { alert("Login failure: " + err); }
+                });
+            },
+            onlogout: function() {
+                // A user has logged out! Here you need to:
+                // Tear down the user's session by redirecting the user or making a call to your backend.
+                // Also, make sure loggedInUser will get set to null on the next page load.
+                // (That's a literal JavaScript null. Not false, 0, or undefined. null.)
+                $.ajax({
+                    type: 'POST',
+                    url: '/security/auth/browser_id/callback', // This is a URL on your website.
+                    success: function(res, status, xhr) { window.location.reload(); },
+                    error: function(xhr, status, err) { alert("Logout failure: " + err); }
+                });
+            }
+        });
+    </script>
+</div>
+

app/assets/templates/home.html

@@ -22,5 +22,7 @@ <h3>Download annotations</h3>
         <a ng-href="{{downloadAnnotationLink}}" target="_blank" >csv</a> format.
     </p>
 
-
+    <p>
+        I am logged <span ng-show="testAuth">not</span> in.
+    </p>
 </div>

app/controllers/omniauth_callbacks_controller.rb → app/controllers/api/callbacks_controller.rb

@@ -1,4 +1,18 @@
-class OmniauthCallbacksController < Devise::OmniauthCallbacksController
+class Api::CallbacksController < Devise::OmniauthCallbacksController
+  # see https://gist.github.com/993566
+  respond_to :json
+
+
+  #def passthru
+  #  render :status => 404, :text => "Not found. Authentication passthru."
+  #end
+
+  #def browser_id
+  #  test = params
+  #  test
+  #end
+
+=begin
 
   require 'uuidtools'
 
@@ -97,5 +111,5 @@ def find_for_oauth_by_name(name, resource=nil)
     end
     return user
   end
-
+=end
 end

app/controllers/api/confirmations_controller.rb

@@ -0,0 +1,24 @@
+class Api::ConfirmationsController < Devise::ConfirmationsController
+  respond_to :json
+
+  # GET /resource/confirmation/new
+  def new
+    resource = build_resource(params[:user])
+    respond_with resource
+  end
+
+
+# POST /resource/confirmation
+  def create
+    attributes = params.include?(:user) ? params[:user] : {}
+
+    self.resource = resource_class.send_confirmation_instructions(attributes)
+
+    if successfully_sent?(resource)
+      respond_with({}, :location => after_resending_confirmation_instructions_path_for(resource_name))
+    else
+      respond_with(resource)
+    end
+  end
+
+end

app/controllers/registrations_controller.rb → app/controllers/api/registrations_controller.rb

@@ -1,21 +1,40 @@
-class RegistrationsController < Devise::RegistrationsController
-
-  def update
-    if params[resource_name][:password].blank?
-      params[resource_name].delete(:password)
-      params[resource_name].delete(:password_confirmation) if params[resource_name][:password_confirmation].blank?
-    end
-    # Override Devise to use update_attributes instead of update_with_password.
-    # This is the only change we make.
-    if resource.update_attributes(params[resource_name])
-      set_flash_message :notice, :updated
-      # Line below required if using Devise >= 1.2.0
-      sign_in resource_name, resource, :bypass => true
-      redirect_to after_update_path_for(resource)
-    else
-      clean_up_passwords(resource)
-      render_with_scope :edit
-    end
-  end
-
+class Api::RegistrationsController < Devise::RegistrationsController
+  respond_to :json
+  # see C:\Ruby\193\lib\ruby\gems\1.9.1\gems\devise-2.1.2\app\controllers\devise
+
+  # GET /resource/sign_up
+  def new
+    resource = build_resource(params[:user])
+    respond_with resource
+  end
+
+  # POST /resource
+  def create
+    user = User.new(params[:user])
+    if user.save
+      render :json=> user.as_json(:auth_token=>user.authentication_token, :email=>user.email), :status=>201
+    else
+      warden.custom_failure!
+      render :json=> user.errors, :status=>422
+    end
+  end
+=begin
+  def update
+    if params[resource_name][:password].blank?
+      params[resource_name].delete(:password)
+      params[resource_name].delete(:password_confirmation) if params[resource_name][:password_confirmation].blank?
+    end
+    # Override Devise to use update_attributes instead of update_with_password.
+    # This is the only change we make.
+    if resource.update_attributes(params[resource_name])
+      set_flash_message :notice, :updated
+      # Line below required if using Devise >= 1.2.0
+      sign_in resource_name, resource, :bypass => true
+      redirect_to after_update_path_for(resource)
+    else
+      clean_up_passwords(resource)
+      render_with_scope :edit
+    end
+  end
+=end
 end

app/controllers/api/sessions_controller.rb

@@ -0,0 +1,67 @@
+class Api::SessionsController < Devise::SessionsController
+
+  # GET /resource/sign_in
+  def new
+    resource = build_resource(nil, :unsafe => true)
+    clean_up_passwords(resource)
+    respond_with(resource, serialize_options(resource))
+  end
+
+  # POST /resource/sign_in
+  def create
+    resource = warden.authenticate!(auth_options)
+    set_flash_message(:notice, :signed_in) if is_navigational_format?
+    sign_in(resource_name, resource)
+
+    respond_to do |format|
+      format.html do
+        respond_with resource, :location => after_sign_in_path_for(resource)
+      end
+      format.json do
+        # http://stackoverflow.com/questions/9641079/token-authentication-with-rails-and-devise
+        # http://matteomelani.wordpress.com/2011/10/17/authentication-for-mobile-devices/
+        current_user.ensure_authentication_token!
+        render :json => { :response => 'ok', :auth_token => current_user.authentication_token }.to_json, :status => :ok
+      end
+    end
+
+  end
+
+=begin
+  before_filter :authenticate_user!, :except => [:create, :destroy]
+  before_filter :ensure_params_exist
+  respond_to :json
+  # see http://jessewolgamott.com/blog/2012/01/19/the-one-with-a-json-api-login-using-devise/
+
+  def create
+    resource = User.find_for_database_authentication(:email => params[:user_login][:email])
+    return invalid_login_attempt unless resource
+
+    if resource.valid_password?(params[:user_login][:password])
+      sign_in(:user, resource)
+      resource.ensure_authentication_token!
+      render :json=> {:success=>true, :auth_token=>resource.authentication_token, :email=>resource.email}
+      return
+    end
+    invalid_login_attempt
+  end
+
+  def destroy
+    resource = User.find_for_database_authentication(:email => params[:user_login][:email])
+    resource.authentication_token = nil
+    resource.save
+    render :json=> {:success=>true}
+  end
+
+  protected
+
+  def ensure_params_exist
+    return unless params[:user_login].blank?
+    render :json => { :success => false, :message => "Missing user_login parameter." }, :status => 422
+  end
+
+  def invalid_login_attempt
+    render :json => { :success => false, :message => "Login was not successful." }, :status => 401
+  end
+=end
+end

app/controllers/application_controller.rb

@@ -1,4 +1,5 @@
 class ApplicationController < ActionController::Base
+  before_filter :authenticate_user!
   protect_from_forgery
 
   # userstamp
@@ -24,7 +25,7 @@ def render_csv(filename = nil)
     render :layout => false
   end
 
-  private 
+  private
 
   # temporarily enabled again
   def set_stamper

app/controllers/home_controller.rb

@@ -1,4 +1,5 @@
 class HomeController < ApplicationController
+  skip_before_filter :authenticate_user!
   def index
     #the_search = Search.new( { :body_params => { :project_ids => [ 4 ],:site_ids => [ ],:audio_recording_ids => [  ] } } )
     #params[:test1] = the_search

app/controllers/projects_controller.rb

@@ -1,4 +1,5 @@
 class ProjectsController < ApplicationController
+
   # GET /projects
   # GET /projects.json
   def index

app/models/audio_event_tag.rb

@@ -4,7 +4,7 @@ class AudioEventTag < ActiveRecord::Base
   belongs_to :audio_event
   belongs_to :tag
 
-  accepts_nested_attributes_for :audio_event
+  #accepts_nested_attributes_for :audio_event
 
   # attr
   attr_accessible :audio_event, :tag,

app/models/user.rb

@@ -1,14 +1,14 @@
 class User < ActiveRecord::Base
-  # Include devise modules. Others available are:
-  # :database_authenticatable, :lockable, :recoverable, :rememberable
-  # :validatable, :timeoutable,
+  # Include devise modules.
   devise  :confirmable, :omniauthable, :registerable,
-           :token_authenticatable, :trackable
+          :recoverable, :rememberable, :token_authenticatable,
+          :trackable, :database_authenticatable, :lockable,
+          :validatable, :timeoutable
 
   # Setup accessible (or protected) attributes for your model
-  attr_accessible :display_name, :email
+  attr_accessible :display_name, :email, :password, :admin
   has_many :authorizations, :dependent => :destroy
-  
+
   # user stamp
   model_stamper
   stampable

app/views/layouts/application.html.erb

@@ -1,15 +1,15 @@
 <!DOCTYPE html>
-<html ng-app="baw">
+<html ng-app="baw"  ng-init="current_user = <%= current_user.to_json %>;">
 <head>
-  <title>Baw Site</title>
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <title><%= content_for?(:title) ? yield(:title) : "Baw Site" %></title>
+  <meta name="description" content="<%= content_for?(:description) ? yield(:description) : "Baw Site" %>">
 
   <%= stylesheet_link_tag    "application", :media => "all" %>
   <%= javascript_include_tag "application" %>
+  <script src="https://login.persona.org/include.js"></script>
   <%= csrf_meta_tags %>
-
-  <script type="text/javascript">
-  </script>
-
+  <%= yield(:head) %>
 </head>
 <body >