Compare commits

..

6 Commits

13 changed files with 218 additions and 53 deletions

View File

@ -29,17 +29,39 @@ defmodule Frenzy.User do
|> validate_length(:password, min: 8) |> validate_length(:password, min: 8)
|> validate_length(:fever_password, min: 8) |> validate_length(:fever_password, min: 8)
|> put_password_hash() |> put_password_hash()
|> put_fever_token()
end
def change_password_changeset(user, attrs) do
user
|> cast(attrs, [:password])
|> validate_length(:password, min: 8)
|> put_password_hash()
end
def change_fever_password_changeset(user, attrs) do
user
|> cast(attrs, [:username, :fever_password])
|> validate_length(:fever_password, min: 8)
|> put_fever_token()
end end
defp put_password_hash( defp put_password_hash(
%Ecto.Changeset{valid?: true, changes: %{password: password}} = changeset
) do
change(changeset, Bcrypt.add_hash(password))
end
defp put_fever_token(
%Ecto.Changeset{ %Ecto.Changeset{
valid?: true, valid?: true,
changes: %{username: username, password: password, fever_password: fever_password} changes: %{fever_password: fever_password}
} = changeset } = changeset
) do ) do
changeset username = Map.get(changeset.changes, "username") || changeset.data.username
|> change(Bcrypt.add_hash(password)) IO.inspect(username)
|> change(%{
change(changeset, %{
fever_auth_token: fever_auth_token:
:crypto.hash(:md5, "#{username}:#{fever_password}") |> Base.encode16(case: :lower) :crypto.hash(:md5, "#{username}:#{fever_password}") |> Base.encode16(case: :lower)
}) })

View File

@ -0,0 +1,105 @@
defmodule FrenzyWeb.AccountController do
use FrenzyWeb, :controller
alias Frenzy.{Repo, User, FervorClient}
alias FrenzyWeb.Router.Helpers, as: Routes
alias FrenzyWeb.Endpoint
def show(conn, _params) do
user = conn.assigns[:user] |> Repo.preload(:approved_clients)
clients =
user.approved_clients
|> Enum.map(fn approved_client ->
fervor_client = Repo.get_by(FervorClient, client_id: approved_client.client_id)
{approved_client, fervor_client}
end)
render(conn, "show.html", %{
user: user,
clients: clients
})
end
def change_password(conn, _params) do
render(conn, "change_password.html")
end
def do_change_password(conn, %{
"old_password" => old,
"new_password" => new,
"confirm_new_password" => confirm
}) do
user = conn.assigns[:user] |> Repo.preload([:approved_clients, :groups])
case Bcrypt.check_pass(user, old) do
{:ok, user} ->
case new do
^old ->
conn
|> put_flash(:error, "New password cannot be the same as old password.")
|> redirect(to: Routes.account_path(Endpoint, :change_password))
^confirm ->
changeset = User.change_password_changeset(user, %{password: new})
{:ok, user} = Repo.update(changeset)
conn
|> put_flash(:info, "Password changed.")
|> redirect(to: Routes.account_path(Endpoint, :show))
_ ->
conn
|> put_flash(:error, "New password and confirmation did not match.")
|> redirect(to: Routes.account_path(Endpoint, :change_password))
end
{:error, _reason} ->
conn
|> put_flash(:error, "Invalid old password.")
|> redirect(to: Routes.account_path(Endpoint, :change_password))
end
end
def do_change_password(conn, _params) do
redirect(conn, to: Routes.account_path(Endpoint, :change_password))
end
def change_fever_password(conn, _params) do
render(conn, "change_fever_password.html")
end
def do_change_fever_password(conn, %{
"new_password" => new
}) do
user = conn.assigns[:user] |> Repo.preload([:approved_clients, :groups])
changeset =
User.change_fever_password_changeset(user, %{
username: user.username,
fever_password: new
})
{:ok, user} = Repo.update(changeset)
conn
|> put_flash(:info, "Fever password changed.")
|> redirect(to: Routes.account_path(Endpoint, :show))
end
def do_change_fever_password(conn, _params) do
redirect(conn, to: Routes.account_path(Endpoint, :change_fever_password))
end
def remove_client(conn, %{"client_id" => client_id}) do
user = conn.assigns[:user] |> Repo.preload(:approved_clients)
approved_client = Enum.find(user.approved_clients, fn c -> c.client_id == client_id end)
unless is_nil(approved_client) do
{:ok, _} = Repo.delete(approved_client)
end
redirect(conn, to: Routes.account_path(Endpoint, :show))
end
end

View File

@ -26,7 +26,7 @@ defmodule FrenzyWeb.FeedController do
defp user_owns_feed(conn, _opts), do: conn defp user_owns_feed(conn, _opts), do: conn
def show(conn, %{"id" => id}) do def show(conn, %{"id" => id}) do
feed = conn.assigns[:feed] feed = conn.assigns[:feed] |> Repo.preload(:filter)
items = Repo.all(from Item, where: [feed_id: ^id, tombstone: false], order_by: [desc: :date]) items = Repo.all(from Item, where: [feed_id: ^id, tombstone: false], order_by: [desc: :date])
render(conn, "show.html", %{ render(conn, "show.html", %{

View File

@ -11,8 +11,6 @@ defmodule FrenzyWeb.LoginController do
}) })
end end
@error_message "Invalid username or password"
def login_post(conn, %{"username" => username, "password" => password} = params) do def login_post(conn, %{"username" => username, "password" => password} = params) do
user = Repo.get_by(User, username: username) user = Repo.get_by(User, username: username)
@ -26,8 +24,15 @@ defmodule FrenzyWeb.LoginController do
{:error, _reason} -> {:error, _reason} ->
conn conn
|> put_flash(:error, @error_message) |> put_flash(:error, "Invalid username or password.")
|> redirect(to: Routes.login_path(Endpoint, :login)) |> redirect(to: Routes.login_path(Endpoint, :login))
end end
end end
def logout(conn, params) do
conn
|> put_flash(:info, "Logged out.")
|> clear_session()
|> redirect(to: "/")
end
end end

View File

@ -1,7 +0,0 @@
defmodule FrenzyWeb.PageController do
use FrenzyWeb, :controller
def index(conn, _params) do
render(conn, "index.html")
end
end

View File

@ -27,6 +27,8 @@ defmodule FrenzyWeb.Router do
get "/login", LoginController, :login get "/login", LoginController, :login
post "/login", LoginController, :login_post post "/login", LoginController, :login_post
get "/logout", LoginController, :logout
get "/oauth/authorize", Fervor.OauthController, :authorize_get get "/oauth/authorize", Fervor.OauthController, :authorize_get
post "/oauth/authorize", Fervor.OauthController, :authorize_post post "/oauth/authorize", Fervor.OauthController, :authorize_post
end end
@ -35,6 +37,13 @@ defmodule FrenzyWeb.Router do
pipe_through :browser pipe_through :browser
pipe_through :browser_authenticate pipe_through :browser_authenticate
get "/account", AccountController, :show
get "/account/change_password", AccountController, :change_password
post "/account/change_password", AccountController, :do_change_password
get "/account/change_fever_password", AccountController, :change_fever_password
post "/account/change_fever_password", AccountController, :do_change_fever_password
post "/account/remove_client", AccountController, :remove_client
get "/", GroupController, :index get "/", GroupController, :index
resources "/groups", GroupController, except: [:edit, :update] resources "/groups", GroupController, except: [:edit, :update]

View File

@ -0,0 +1,11 @@
<h2>Change Fever Password</h2>
<%= form_tag Routes.account_path(@conn, :do_change_fever_password), method: :post do %>
<div class="form-group">
<label for="new_password">New Fever Password</label>
<input type="password" name="new_password" id="new_password" minlength="8">
</div>
<div class="form-group">
<%= submit "Change Fever Password" %>
</div>
<% end %>

View File

@ -0,0 +1,19 @@
<h2>Change Password</h2>
<%= form_tag Routes.account_path(@conn, :do_change_password), method: :post do %>
<div class="form-group">
<label for="old_password">Old Password</label>
<input type="password" name="old_password" id="old_password" minlength="8">
</div>
<div class="form-group">
<label for="new_password">New Password</label>
<input type="password" name="new_password" id="new_password" minlength="8">
</div>
<div class="form-group">
<label for="confirm_new_password">Confirm New Password</label>
<input type="password" name="confirm_new_password" id="confirm_new_password" minlength="8">
</div>
<div class="form-group">
<%= submit "Change Password" %>
</div>
<% end %>

View File

@ -0,0 +1,32 @@
<h1>User Settings</h1>
<h2><%= @user.username %></h2>
<a href="<%= Routes.account_path(@conn, :change_password) %>" class="button">Change Password</a>
<a href="<%= Routes.account_path(@conn, :change_fever_password) %>" class="button">Change Fever Password</a>
<h2>Approved Clients</h2>
<table>
<tr>
<th>Client</th>
<th>Revoke Access</th>
</tr>
<%= for {approved, fervor} <- @clients do %>
<tr>
<td>
<%= if fervor.website do %>
<a href="<%= fervor.website %>"><%= fervor.client_name %></a>
<% else %>
<%= fervor.client_name %>
<% end %>
</td>
<td>
<%= form_tag Routes.account_path(@conn, :remove_client), method: :post do %>
<input type="hidden" name="client_id" value="<%= approved.client_id %>">
<%= submit "Revoke" %>
<% end %>
</td>
</tr>
<% end %>
</table>

View File

@ -13,6 +13,10 @@
<nav role="navigation"> <nav role="navigation">
<ul> <ul>
<li><a href="/">Frenzy</a></li> <li><a href="/">Frenzy</a></li>
<%= unless is_nil(@conn.assigns[:user]) do %>
<li><a href="<%= Routes.account_path(@conn, :show) %>">Account</a></li>
<li><a href="<%= Routes.login_path(@conn, :logout) %>">Log Out</a></li>
<% end %>
</ul> </ul>
</nav> </nav>
</section> </section>

View File

@ -1,35 +0,0 @@
<section class="phx-hero">
<h1><%= gettext "Welcome to %{name}!", name: "Phoenix" %></h1>
<p>A productive web framework that<br/>does not compromise speed and maintainability.</p>
</section>
<section class="row">
<article class="column">
<h2>Resources</h2>
<ul>
<li>
<a href="https://hexdocs.pm/phoenix/overview.html">Guides &amp; Docs</a>
</li>
<li>
<a href="https://github.com/phoenixframework/phoenix">Source</a>
</li>
<li>
<a href="https://github.com/phoenixframework/phoenix/blob/v1.4/CHANGELOG.md">v1.4 Changelog</a>
</li>
</ul>
</article>
<article class="column">
<h2>Help</h2>
<ul>
<li>
<a href="https://elixirforum.com/c/phoenix-forum">Forum</a>
</li>
<li>
<a href="https://webchat.freenode.net/?channels=elixir-lang">#elixir-lang on Freenode IRC</a>
</li>
<li>
<a href="https://twitter.com/elixirphoenix">Twitter @elixirphoenix</a>
</li>
</ul>
</article>
</section>

View File

@ -0,0 +1,3 @@
defmodule FrenzyWeb.AccountView do
use FrenzyWeb, :view
end

View File

@ -1,3 +0,0 @@
defmodule FrenzyWeb.PageView do
use FrenzyWeb, :view
end