github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-11-23 23:06:57 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Merge pull request #957 from chrishunt/chrishunt/lock-down-the-base

Browse Source 
Add 'login required' site setting
This commit is contained in:
Sam 2013-06-04 17:22:08 -07:00
commit 21b3359ea4
15 changed files with 117 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
app/assets/javascripts/discourse.js
View File

@ -166,6 +166,16 @@ Discourse = Ember.Application.createWithMixins({
return loginController.authenticationComplete(options);
},
loginRequired: function() {
return (
Discourse.SiteSettings.login_required && !Discourse.User.current()
);
}.property(),
redirectIfLoginRequired: function(route) {
if(this.get('loginRequired')) { route.transitionTo('login'); }
},
/**
Our own $.ajax method. Makes sure the .then method executes in an Ember runloop
for performance reasons. Also automatically adjusts the URL to support installs

2
app/assets/javascripts/discourse/controllers/static_controller.js
View File

@ -28,7 +28,7 @@ Discourse.StaticController = Discourse.Controller.extend({
});
Discourse.StaticController.reopenClass({
pages: ['faq', 'tos', 'privacy']
pages: ['faq', 'tos', 'privacy', 'login']
});

2
app/assets/javascripts/discourse/routes/filtered_list_route.js
View File

@ -8,6 +8,8 @@
**/
Discourse.FilteredListRoute = Discourse.Route.extend({
redirect: function() { Discourse.redirectIfLoginRequired(this); },
exit: function() {
this._super();

2
app/assets/javascripts/discourse/routes/list_categories_route.js
View File

@ -8,6 +8,8 @@
**/
Discourse.ListCategoriesRoute = Discourse.Route.extend({
redirect: function() { Discourse.redirectIfLoginRequired(this); },
events: {
createCategory: function() {

2
app/assets/javascripts/discourse/routes/topic_route.js
View File

@ -8,6 +8,8 @@
**/
Discourse.TopicRoute = Discourse.Route.extend({
redirect: function() { Discourse.redirectIfLoginRequired(this); },
events: {
// Modals that can pop up within a topic

28
app/assets/javascripts/discourse/templates/header.js.handlebars
View File

@ -29,10 +29,34 @@
{{/if}}
</li>
<li>
<a class='icon expand' href='#' data-dropdown="search-dropdown" title='{{i18n search.title}}'><i class='icon-search'></i></a>
{{#if Discourse.loginRequired}}
<a class='icon expand' href='#' {{action showLogin}}>
<i class='icon-search'></i>
</a>
{{else}}
<a class='icon expand'
href='#'
data-dropdown="search-dropdown"
title='{{i18n search.title}}'>
<i class='icon-search'></i>
</a>
{{/if}}
</li>
<li class='categories dropdown'>
<a class='icon' data-dropdown="site-map-dropdown" href="#" title='{{i18n site_map}}'><i class='icon-reorder'></i></a>
{{#if Discourse.loginRequired}}
<a class='icon'
href="#"
{{action showLogin}}>
<i class='icon-reorder'></i>
</a>
{{else}}
<a class='icon'
data-dropdown="site-map-dropdown"
href="#"
title='{{i18n site_map}}'>
<i class='icon-reorder'></i>
</a>
{{/if}}
{{#if currentUser.site_flagged_posts_count}}
<a href='/admin/flags/active' title='{{i18n notifications.total_flagged}}' class='badge-notification flagged-posts'>{{currentUser.site_flagged_posts_count}}</a>
{{/if}}

5
app/controllers/application_controller.rb
View File

@ -22,6 +22,7 @@ class ApplicationController < ActionController::Base
before_filter :preload_json
before_filter :check_xhr
before_filter :set_locale
before_filter :redirect_to_login_if_required
rescue_from Exception do |exception|
unless [ ActiveRecord::RecordNotFound, ActionController::RoutingError,
@ -280,6 +281,10 @@ class ApplicationController < ActionController::Base
raise Discourse::NotLoggedIn.new unless current_user.present?
end
def redirect_to_login_if_required
redirect_to :login if SiteSetting.login_required? && !current_user
end
def render_not_found_page(status=404)
f = Topic.where(deleted_at: nil, archetype: "regular")
@latest = f.order('views desc').take(10)

1
app/controllers/session_controller.rb
View File

@ -4,6 +4,7 @@ class SessionController < ApplicationController
# page is going to be empty, this means that server will see an invalid CSRF and blow the session
# once that happens you can't log in with social
skip_before_filter :verify_authenticity_token, only: [:create]
skip_before_filter :redirect_to_login_if_required
def create
requires_parameter(:login, :password)

13
app/controllers/static_controller.rb
View File

@ -1,6 +1,6 @@
class StaticController < ApplicationController
skip_before_filter :check_xhr
skip_before_filter :check_xhr, :redirect_to_login_if_required
def show
@ -30,8 +30,13 @@ class StaticController < ApplicationController
def enter
params.delete(:username)
params.delete(:password)
redirect_to(params[:redirect] || '/')
redirect_to(
if params[:redirect].blank? || params[:redirect].match(login_path)
root_path
else
params[:redirect]
end
)
end
end

2
app/models/site_setting.rb
View File

@ -134,6 +134,8 @@ class SiteSetting < ActiveRecord::Base
setting(:send_welcome_message, true)
client_setting(:login_required, false)
client_setting(:enable_local_logins, true)
client_setting(:enable_local_account_create, true)

13
app/views/static/login.en.html.erb Normal file
View File

@ -0,0 +1,13 @@
<ul class="nav-pills">
<li><a class='active' href="<%=login_path%>">Welcome</a></li>
<li><a href="<%=faq_path%>">FAQ</a></li>
<li><a href="<%=tos_path%>">Terms of Service</a></li>
<li><a href="<%=privacy_path%>">Privacy</a></li>
</ul>
<h2><a href="#welcome">Welcome to <%= SiteSetting.title %></a></h2>
<p>
We are excited to have you participate in <%= SiteSetting.title %>. Please
create an account or login to continue.
</p>

2
config/locales/server.en.yml
View File

@ -501,6 +501,8 @@ en:
# TODO: perhaps we need a way of protecting these settings for hosted solution, global settings ...
login_required: "Require authentication to read posts"
enable_local_logins: "Enable local authentication"
enable_local_account_create: "Enable local account creation"
enable_google_logins: "Enable Google authentication"

1
config/routes.rb
View File

@ -103,6 +103,7 @@ Discourse::Application.routes.draw do
resources :static
post 'login' => 'static#enter'
get 'login' => 'static#show', id: 'login'
get 'faq' => 'static#show', id: 'faq'
get 'tos' => 'static#show', id: 'tos'
get 'privacy' => 'static#show', id: 'privacy'

22
spec/controllers/static_controller_spec.rb
View File

@ -24,4 +24,26 @@ describe StaticController do
end
end
describe '#enter' do
context 'without a redirect path' do
it 'redirects to the root url' do
xhr :post, :enter
expect(response).to redirect_to root_path
end
end
context 'with a redirect path' do
it 'redirects to the redirect path' do
xhr :post, :enter, redirect: '/foo'
expect(response).to redirect_to '/foo'
end
end
context 'when the redirect path is the login page' do
it 'redirects to the root url' do
xhr :post, :enter, redirect: login_path
expect(response).to redirect_to root_path
end
end
end
end

19
spec/controllers/topics_controller_spec.rb
View File

@ -435,6 +435,25 @@ describe TopicsController do
end
context "when 'login required' site setting has been enabled" do
before { SiteSetting.stubs(:login_required?).returns(true) }
context 'and the user is logged in' do
before { log_in(:coding_horror) }
it 'shows the topic' do
get :show, topic_id: topic.id, slug: topic.slug
expect(response).to be_successful
end
end
context 'and the user is not logged in' do
it 'redirects to the login page' do
get :show, topic_id: topic.id, slug: topic.slug
expect(response).to redirect_to login_path
end
end
end
end
describe '#feed' do