├── .editorconfig ├── .gitignore ├── Dockerfile ├── Gemfile ├── Gemfile.lock ├── README.md ├── Rakefile ├── app ├── assets │ ├── javascripts │ │ └── application.js │ └── stylesheets │ │ └── application.css ├── controllers │ ├── application_controller.rb │ ├── oauths_controller.rb │ ├── password_resets_controller.rb │ ├── user_sessions_controller.rb │ └── users_controller.rb ├── mailers │ └── user_mailer.rb ├── models │ ├── admin.rb │ ├── user.rb │ └── user_provider.rb └── views │ ├── layouts │ └── application.html.erb │ ├── password_resets │ ├── _form.html.erb │ └── edit.html.erb │ ├── user_mailer │ ├── activation_needed_email.html.erb │ ├── activation_needed_email.text.erb │ ├── activation_success_email.html.erb │ ├── activation_success_email.text.erb │ ├── reset_password_email.html.erb │ └── reset_password_email.text.erb │ ├── user_sessions │ ├── _forgot_password_form.html.erb │ ├── _form.html.erb │ ├── edit.html.erb │ └── new.html.erb │ └── users │ ├── _form.html.erb │ ├── edit.html.erb │ ├── index.html.erb │ ├── new.html.erb │ └── show.html.erb ├── bin ├── bundle ├── rails ├── rake ├── setup └── spring ├── config.ru ├── config ├── application.rb ├── boot.rb ├── database.yml ├── environment.rb ├── environments │ ├── development.rb │ ├── production.rb │ └── test.rb ├── initializers │ ├── assets.rb │ ├── backtrace_silencers.rb │ ├── cookies_serializer.rb │ ├── filter_parameter_logging.rb │ ├── inflections.rb │ ├── mime_types.rb │ ├── session_store.rb │ ├── sorcery.rb │ └── wrap_parameters.rb ├── locales │ └── en.yml ├── routes.rb └── secrets.yml ├── db ├── migrate │ ├── 20101210151424_create_users.rb │ ├── 20101224223622_add_activation_to_users.rb │ ├── 20101224223623_add_remember_me_token_to_users.rb │ ├── 20101224223624_add_reset_password_to_users.rb │ ├── 20101224223625_add_activity_logging_to_users.rb │ ├── 20101224223626_add_brute_force_protection_to_users.rb │ ├── 20110225214205_create_user_providers.rb │ ├── 20110421202911_add_admin_user.rb │ └── 20161213041715_add_last_login_from_ip_address_to_users.rb ├── schema.rb └── seeds.rb ├── docker-compose.yml ├── lib └── tasks │ └── .gitkeep ├── public ├── 404.html ├── 422.html ├── 500.html ├── apple-touch-icon-precomposed.png ├── apple-touch-icon.png ├── favicon.ico ├── images │ └── rails.png └── robots.txt └── test ├── fixtures └── users.yml ├── functional ├── user_sessions_controller_test.rb └── users_controller_test.rb ├── test_helper.rb └── unit ├── helpers ├── user_sessions_helper_test.rb └── users_helper_test.rb └── user_test.rb /.editorconfig: -------------------------------------------------------------------------------- 1 | root = true 2 | 3 | [*] 4 | indent_style = space 5 | indent_size = 2 6 | end_of_line = lf 7 | charset = utf-8 8 | insert_final_newline = true 9 | trim_trailing_whitespace = true 10 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .bundle 2 | db/*.sqlite3 3 | log/*.log 4 | tmp/**/* 5 | .rvmrc 6 | rvm* 7 | vendor 8 | .idea 9 | 10 | # macOS 11 | .DS_Store 12 | 13 | # rbenv 14 | .ruby-version 15 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ruby:2.5.1 2 | 3 | RUN apt-get update -y && apt-get install -y build-essential sqlite3 apt-utils libpq-dev imagemagick curl socat 4 | RUN curl --silent --location https://deb.nodesource.com/setup_10.x | bash - 5 | RUN apt-get install nodejs -y 6 | 7 | ENV RAILS_ROOT /rails 8 | 9 | RUN mkdir -p $RAILS_ROOT 10 | WORKDIR $RAILS_ROOT 11 | ADD . $RAILS_ROOT 12 | 13 | RUN bundle install --jobs 20 --retry 5 14 | 15 | EXPOSE 3000 16 | -------------------------------------------------------------------------------- /Gemfile: -------------------------------------------------------------------------------- 1 | source 'https://rubygems.org' 2 | git_source(:github) { |repo| "https://github.com/#{repo}.git" } 3 | 4 | ruby '2.5.1' 5 | 6 | # Bundle edge Rails instead: gem 'rails', github: 'rails/rails' 7 | gem 'rails', '~> 5.2.2' 8 | # Use sqlite3 as the database for Active Record 9 | gem 'sqlite3' 10 | # Use Puma as the app server 11 | gem 'puma', '~> 3.12' 12 | # Use SCSS for stylesheets 13 | gem 'sass-rails', '~> 5.0' 14 | # Use Uglifier as compressor for JavaScript assets 15 | gem 'uglifier', '>= 1.3.0' 16 | # See https://github.com/rails/execjs#readme for more supported runtimes 17 | # gem 'mini_racer', platforms: :ruby 18 | 19 | # Use CoffeeScript for .coffee assets and views 20 | gem 'coffee-rails', '~> 4.2' 21 | # Turbolinks makes navigating your web application faster. Read more: https://github.com/turbolinks/turbolinks 22 | gem 'turbolinks', '~> 5' 23 | # Build JSON APIs with ease. Read more: https://github.com/rails/jbuilder 24 | gem 'jbuilder', '~> 2.5' 25 | # Use Redis adapter to run Action Cable in production 26 | # gem 'redis', '~> 4.0' 27 | # Use ActiveModel has_secure_password 28 | # gem 'bcrypt', '~> 3.1.7' 29 | 30 | # Use ActiveStorage variant 31 | # gem 'mini_magick', '~> 4.8' 32 | 33 | # Use Capistrano for deployment 34 | # gem 'capistrano-rails', group: :development 35 | 36 | # Reduces boot times through caching; required in config/boot.rb 37 | gem 'bootsnap', '>= 1.1.0', require: false 38 | 39 | gem 'sorcery' 40 | 41 | group :development, :test do 42 | # Call 'byebug' anywhere in the code to stop execution and get a debugger console 43 | gem 'byebug', platforms: [:mri, :mingw, :x64_mingw] 44 | end 45 | 46 | group :development do 47 | # Access an interactive console on exception pages or by calling 'console' anywhere in the code. 48 | gem 'web-console', '>= 3.3.0' 49 | gem 'listen', '>= 3.0.5', '< 3.2' 50 | # Spring speeds up development by keeping your application running in the background. Read more: https://github.com/rails/spring 51 | gem 'spring' 52 | gem 'spring-watcher-listen', '~> 2.0.0' 53 | end 54 | 55 | group :test do 56 | # Adds support for Capybara system testing and selenium driver 57 | gem 'capybara', '>= 2.15' 58 | gem 'selenium-webdriver' 59 | # Easy installation and use of chromedriver to run system tests with Chrome 60 | gem 'chromedriver-helper' 61 | end 62 | 63 | # Windows does not include zoneinfo files, so bundle the tzinfo-data gem 64 | gem 'tzinfo-data', platforms: [:mingw, :mswin, :x64_mingw, :jruby] 65 | -------------------------------------------------------------------------------- /Gemfile.lock: -------------------------------------------------------------------------------- 1 | GEM 2 | remote: https://rubygems.org/ 3 | specs: 4 | actioncable (5.2.2) 5 | actionpack (= 5.2.2) 6 | nio4r (~> 2.0) 7 | websocket-driver (>= 0.6.1) 8 | actionmailer (5.2.2) 9 | actionpack (= 5.2.2) 10 | actionview (= 5.2.2) 11 | activejob (= 5.2.2) 12 | mail (~> 2.5, >= 2.5.4) 13 | rails-dom-testing (~> 2.0) 14 | actionpack (5.2.2) 15 | actionview (= 5.2.2) 16 | activesupport (= 5.2.2) 17 | rack (~> 2.0) 18 | rack-test (>= 0.6.3) 19 | rails-dom-testing (~> 2.0) 20 | rails-html-sanitizer (~> 1.0, >= 1.0.2) 21 | actionview (5.2.2) 22 | activesupport (= 5.2.2) 23 | builder (~> 3.1) 24 | erubi (~> 1.4) 25 | rails-dom-testing (~> 2.0) 26 | rails-html-sanitizer (~> 1.0, >= 1.0.3) 27 | activejob (5.2.2) 28 | activesupport (= 5.2.2) 29 | globalid (>= 0.3.6) 30 | activemodel (5.2.2) 31 | activesupport (= 5.2.2) 32 | activerecord (5.2.2) 33 | activemodel (= 5.2.2) 34 | activesupport (= 5.2.2) 35 | arel (>= 9.0) 36 | activestorage (5.2.2) 37 | actionpack (= 5.2.2) 38 | activerecord (= 5.2.2) 39 | marcel (~> 0.3.1) 40 | activesupport (5.2.2) 41 | concurrent-ruby (~> 1.0, >= 1.0.2) 42 | i18n (>= 0.7, < 2) 43 | minitest (~> 5.1) 44 | tzinfo (~> 1.1) 45 | addressable (2.6.0) 46 | public_suffix (>= 2.0.2, < 4.0) 47 | archive-zip (0.11.0) 48 | io-like (~> 0.3.0) 49 | arel (9.0.0) 50 | bcrypt (3.1.12) 51 | bindex (0.5.0) 52 | bootsnap (1.3.2) 53 | msgpack (~> 1.0) 54 | builder (3.2.3) 55 | byebug (10.0.2) 56 | capybara (3.12.0) 57 | addressable 58 | mini_mime (>= 0.1.3) 59 | nokogiri (~> 1.8) 60 | rack (>= 1.6.0) 61 | rack-test (>= 0.6.3) 62 | regexp_parser (~> 1.2) 63 | xpath (~> 3.2) 64 | childprocess (0.9.0) 65 | ffi (~> 1.0, >= 1.0.11) 66 | chromedriver-helper (2.1.0) 67 | archive-zip (~> 0.10) 68 | nokogiri (~> 1.8) 69 | coffee-rails (4.2.2) 70 | coffee-script (>= 2.2.0) 71 | railties (>= 4.0.0) 72 | coffee-script (2.4.1) 73 | coffee-script-source 74 | execjs 75 | coffee-script-source (1.12.2) 76 | concurrent-ruby (1.1.4) 77 | crass (1.0.5) 78 | erubi (1.8.0) 79 | execjs (2.7.0) 80 | faraday (0.15.4) 81 | multipart-post (>= 1.2, < 3) 82 | ffi (1.10.0) 83 | globalid (0.4.2) 84 | activesupport (>= 4.2.0) 85 | i18n (1.5.3) 86 | concurrent-ruby (~> 1.0) 87 | io-like (0.3.0) 88 | jbuilder (2.8.0) 89 | activesupport (>= 4.2.0) 90 | multi_json (>= 1.2) 91 | jwt (2.1.0) 92 | listen (3.1.5) 93 | rb-fsevent (~> 0.9, >= 0.9.4) 94 | rb-inotify (~> 0.9, >= 0.9.7) 95 | ruby_dep (~> 1.2) 96 | loofah (2.3.1) 97 | crass (~> 1.0.2) 98 | nokogiri (>= 1.5.9) 99 | mail (2.7.1) 100 | mini_mime (>= 0.1.1) 101 | marcel (0.3.3) 102 | mimemagic (~> 0.3.2) 103 | method_source (0.9.2) 104 | mimemagic (0.3.3) 105 | mini_mime (1.0.1) 106 | mini_portile2 (2.4.0) 107 | minitest (5.11.3) 108 | msgpack (1.2.6) 109 | multi_json (1.13.1) 110 | multi_xml (0.6.0) 111 | multipart-post (2.0.0) 112 | nio4r (2.3.1) 113 | nokogiri (1.10.8) 114 | mini_portile2 (~> 2.4.0) 115 | oauth (0.5.4) 116 | oauth2 (1.4.1) 117 | faraday (>= 0.8, < 0.16.0) 118 | jwt (>= 1.0, < 3.0) 119 | multi_json (~> 1.3) 120 | multi_xml (~> 0.5) 121 | rack (>= 1.2, < 3) 122 | public_suffix (3.0.3) 123 | puma (3.12.4) 124 | rack (2.0.8) 125 | rack-test (1.1.0) 126 | rack (>= 1.0, < 3) 127 | rails (5.2.2) 128 | actioncable (= 5.2.2) 129 | actionmailer (= 5.2.2) 130 | actionpack (= 5.2.2) 131 | actionview (= 5.2.2) 132 | activejob (= 5.2.2) 133 | activemodel (= 5.2.2) 134 | activerecord (= 5.2.2) 135 | activestorage (= 5.2.2) 136 | activesupport (= 5.2.2) 137 | bundler (>= 1.3.0) 138 | railties (= 5.2.2) 139 | sprockets-rails (>= 2.0.0) 140 | rails-dom-testing (2.0.3) 141 | activesupport (>= 4.2.0) 142 | nokogiri (>= 1.6) 143 | rails-html-sanitizer (1.0.4) 144 | loofah (~> 2.2, >= 2.2.2) 145 | railties (5.2.2) 146 | actionpack (= 5.2.2) 147 | activesupport (= 5.2.2) 148 | method_source 149 | rake (>= 0.8.7) 150 | thor (>= 0.19.0, < 2.0) 151 | rake (13.0.1) 152 | rb-fsevent (0.10.3) 153 | rb-inotify (0.10.0) 154 | ffi (~> 1.0) 155 | regexp_parser (1.3.0) 156 | ruby_dep (1.5.0) 157 | rubyzip (1.3.0) 158 | sass (3.7.3) 159 | sass-listen (~> 4.0.0) 160 | sass-listen (4.0.0) 161 | rb-fsevent (~> 0.9, >= 0.9.4) 162 | rb-inotify (~> 0.9, >= 0.9.7) 163 | sass-rails (5.0.7) 164 | railties (>= 4.0.0, < 6) 165 | sass (~> 3.1) 166 | sprockets (>= 2.8, < 4.0) 167 | sprockets-rails (>= 2.0, < 4.0) 168 | tilt (>= 1.1, < 3) 169 | selenium-webdriver (3.141.0) 170 | childprocess (~> 0.5) 171 | rubyzip (~> 1.2, >= 1.2.2) 172 | sorcery (0.13.0) 173 | bcrypt (~> 3.1) 174 | oauth (~> 0.4, >= 0.4.4) 175 | oauth2 (~> 1.0, >= 0.8.0) 176 | spring (2.0.2) 177 | activesupport (>= 4.2) 178 | spring-watcher-listen (2.0.1) 179 | listen (>= 2.7, < 4.0) 180 | spring (>= 1.2, < 3.0) 181 | sprockets (3.7.2) 182 | concurrent-ruby (~> 1.0) 183 | rack (> 1, < 3) 184 | sprockets-rails (3.2.1) 185 | actionpack (>= 4.0) 186 | activesupport (>= 4.0) 187 | sprockets (>= 3.0.0) 188 | sqlite3 (1.3.13) 189 | thor (0.20.3) 190 | thread_safe (0.3.6) 191 | tilt (2.0.9) 192 | turbolinks (5.2.0) 193 | turbolinks-source (~> 5.2) 194 | turbolinks-source (5.2.0) 195 | tzinfo (1.2.5) 196 | thread_safe (~> 0.1) 197 | uglifier (4.1.20) 198 | execjs (>= 0.3.0, < 3) 199 | web-console (3.7.0) 200 | actionview (>= 5.0) 201 | activemodel (>= 5.0) 202 | bindex (>= 0.4.0) 203 | railties (>= 5.0) 204 | websocket-driver (0.7.0) 205 | websocket-extensions (>= 0.1.0) 206 | websocket-extensions (0.1.3) 207 | xpath (3.2.0) 208 | nokogiri (~> 1.8) 209 | 210 | PLATFORMS 211 | ruby 212 | 213 | DEPENDENCIES 214 | bootsnap (>= 1.1.0) 215 | byebug 216 | capybara (>= 2.15) 217 | chromedriver-helper 218 | coffee-rails (~> 4.2) 219 | jbuilder (~> 2.5) 220 | listen (>= 3.0.5, < 3.2) 221 | puma (~> 3.12) 222 | rails (~> 5.2.2) 223 | sass-rails (~> 5.0) 224 | selenium-webdriver 225 | sorcery 226 | spring 227 | spring-watcher-listen (~> 2.0.0) 228 | sqlite3 229 | turbolinks (~> 5) 230 | tzinfo-data 231 | uglifier (>= 1.3.0) 232 | web-console (>= 3.3.0) 233 | 234 | RUBY VERSION 235 | ruby 2.5.1p57 236 | 237 | BUNDLED WITH 238 | 1.16.6 239 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | An example app displaying the usage of [Sorcery](https://github.com/Sorcery/sorcery). 2 | 3 | Files of interest: 4 | 5 | - `app/controllers/*` 6 | - `app/mailers/user_mailer.rb` 7 | - `app/models/user.rb` 8 | - `app/views/*` 9 | - `config/initializers/sorcery.rb` 10 | - `db/migrate/*` 11 | 12 | ## Development Environment – Docker 13 | 14 | Run `docker-compose up` to start the container. 15 | 16 | Use `docker exec sorcery_example ` to run a shell command. 17 | For example: 18 | `docker exec sorcery_example rake db:migrate` 19 | `docker exec sorcery_example bundle install` 20 | -------------------------------------------------------------------------------- /Rakefile: -------------------------------------------------------------------------------- 1 | # Add your own tasks in files placed in lib/tasks ending in .rake, 2 | # for example lib/tasks/capistrano.rake, and they will automatically be available to Rake. 3 | 4 | require File.expand_path('../config/application', __FILE__) 5 | 6 | Rails.application.load_tasks 7 | -------------------------------------------------------------------------------- /app/assets/javascripts/application.js: -------------------------------------------------------------------------------- 1 | // This is a manifest file that'll be compiled into application.js, which will include all the files 2 | // listed below. 3 | // 4 | // Any JavaScript/Coffee file within this directory, lib/assets/javascripts, vendor/assets/javascripts, 5 | // or any plugin's vendor/assets/javascripts directory can be referenced here using a relative path. 6 | // 7 | // It's not advisable to add code directly here, but if you do, it'll appear at the bottom of the 8 | // compiled file. JavaScript code in this file should be added after the last require_* statement. 9 | // 10 | // Read Sprockets README (https://github.com/rails/sprockets#sprockets-directives) for details 11 | // about supported directives. 12 | // 13 | //= require rails-ujs 14 | //= require turbolinks 15 | //= require_tree . 16 | -------------------------------------------------------------------------------- /app/assets/stylesheets/application.css: -------------------------------------------------------------------------------- 1 | /* 2 | * This is a manifest file that'll be compiled into application.css, which will include all the files 3 | * listed below. 4 | * 5 | * Any CSS and SCSS file within this directory, lib/assets/stylesheets, vendor/assets/stylesheets, 6 | * or any plugin's vendor/assets/stylesheets directory can be referenced here using a relative path. 7 | * 8 | * You're free to add application-wide styles to this file and they'll appear at the bottom of the 9 | * compiled file so the styles you add here take precedence over styles defined in any other CSS/SCSS 10 | * files in this directory. Styles in this file should be added after the last require_* statement. 11 | * It is generally better to create a new file per style scope. 12 | * 13 | *= require_tree . 14 | *= require_self 15 | */ 16 | -------------------------------------------------------------------------------- /app/controllers/application_controller.rb: -------------------------------------------------------------------------------- 1 | class ApplicationController < ActionController::Base 2 | protect_from_forgery 3 | 4 | before_action :require_login, except: [:not_authenticated] 5 | 6 | protected 7 | 8 | def not_authenticated 9 | redirect_to root_path, alert: 'Please login first.' 10 | end 11 | end 12 | -------------------------------------------------------------------------------- /app/controllers/oauths_controller.rb: -------------------------------------------------------------------------------- 1 | class OauthsController < ApplicationController 2 | skip_before_action :require_login 3 | 4 | # Sends the user on a trip to the provider, 5 | # and after authorizing there back to the callback url. 6 | def oauth 7 | login_at(params[:provider]) 8 | end 9 | 10 | def callback 11 | provider = params[:provider] 12 | 13 | begin 14 | if @user = login_from(provider) 15 | redirect_to root_path, notice: "Logged in from #{provider.titleize}!" 16 | else 17 | begin 18 | @user = create_from(provider) 19 | @user.activate! 20 | reset_session # protect from session fixation attack 21 | auto_login(@user) 22 | redirect_to root_path, notice: "Logged in from #{provider.titleize}!" 23 | rescue 24 | redirect_to root_path, alert: "Failed to login from #{provider.titleize}!" 25 | end 26 | end 27 | rescue ::OAuth2::Error => e 28 | Rails.logger.error e 29 | Rails.logger.error e.code 30 | Rails.logger.error e.description 31 | Rails.logger.error e.message 32 | Rails.logger.error e.backtrace 33 | end 34 | end 35 | end 36 | -------------------------------------------------------------------------------- /app/controllers/password_resets_controller.rb: -------------------------------------------------------------------------------- 1 | class PasswordResetsController < ApplicationController 2 | skip_before_action :require_login 3 | 4 | # request password reset. 5 | # you get here when the user entered his email in the reset password form and submitted it. 6 | def create 7 | @user = User.find_by_email(params[:email]) 8 | 9 | # This line sends an email to the user with instructions on how to reset their password (a url with a random token) 10 | @user.deliver_reset_password_instructions! if @user 11 | 12 | # Tell the user instructions have been sent whether or not email was found. 13 | # This is to not leak information to attackers about which emails exist in the system. 14 | redirect_to(root_path, notice: 'Instructions have been sent to your email.') 15 | end 16 | 17 | # This is the reset password form. 18 | def edit 19 | @user = User.load_from_reset_password_token(params[:id]) 20 | @token = params[:id] 21 | not_authenticated unless @user 22 | end 23 | 24 | # This action fires when the user has sent the reset password form. 25 | def update 26 | @token = params[:user][:token] # needed to render the form again in case of error 27 | @user = User.load_from_reset_password_token(@token) 28 | 29 | if @user.blank? 30 | not_authenticated 31 | return 32 | end 33 | # the next line makes the password confirmation validation work 34 | @user.password_confirmation = params[:user][:password_confirmation] 35 | # the next line clears the temporary token and updates the password 36 | if @user.change_password!(params[:user][:password]) 37 | redirect_to(root_path, notice: 'Password was successfully updated.') 38 | else 39 | render action: 'edit' 40 | end 41 | end 42 | end 43 | -------------------------------------------------------------------------------- /app/controllers/user_sessions_controller.rb: -------------------------------------------------------------------------------- 1 | class UserSessionsController < ApplicationController 2 | skip_before_action :require_login, only: [:new, :create] 3 | 4 | def new 5 | @user = User.new 6 | end 7 | 8 | def create 9 | respond_to do |format| 10 | if @user = login(params[:email], params[:password], params[:remember]) 11 | format.html { redirect_back_or_to(:users, notice: 'Login successfull.') } 12 | format.xml { render xml: @user, status: :created, location: @user } 13 | else 14 | format.html { flash.now[:alert] = 'Login failed.'; render action: 'new' } 15 | format.xml { render xml: @user.errors, status: :unprocessable_entity } 16 | end 17 | end 18 | end 19 | 20 | def destroy 21 | logout 22 | redirect_to(:users, notice: 'Logged out!') 23 | end 24 | end 25 | -------------------------------------------------------------------------------- /app/controllers/users_controller.rb: -------------------------------------------------------------------------------- 1 | class UsersController < ApplicationController 2 | before_action :require_login_from_http_basic, only: [:login_from_http_basic] 3 | skip_before_action :require_login, only: [:index, :new, :create, :activate, :login_from_http_basic] 4 | 5 | # GET /users 6 | # GET /users.xml 7 | def index 8 | @users = User.all 9 | 10 | respond_to do |format| 11 | format.html # index.html.erb 12 | format.xml { render xml: @users } 13 | end 14 | end 15 | 16 | # GET /users/1 17 | # GET /users/1.xml 18 | def show 19 | @user = User.find(params[:id]) 20 | 21 | respond_to do |format| 22 | format.html # show.html.erb 23 | format.xml { render xml: @user } 24 | end 25 | end 26 | 27 | # GET /users/new 28 | # GET /users/new.xml 29 | def new 30 | @user = User.new 31 | 32 | respond_to do |format| 33 | format.html # new.html.erb 34 | format.xml { render xml: @user } 35 | end 36 | end 37 | 38 | # GET /users/1/edit 39 | def edit 40 | @user = User.find(params[:id]) 41 | end 42 | 43 | # POST /users 44 | # POST /users.xml 45 | def create 46 | @user = User.new(user_params) 47 | 48 | respond_to do |format| 49 | if @user.save 50 | format.html { redirect_to(:users, notice: 'Registration successfull. Check your email for activation instructions.') } 51 | format.xml { render xml: @user, status: :created, location: @user } 52 | else 53 | format.html { render action: 'new' } 54 | format.xml { render xml: @user.errors, status: :unprocessable_entity } 55 | end 56 | end 57 | end 58 | 59 | # PUT /users/1 60 | # PUT /users/1.xml 61 | def update 62 | @user = User.find(params[:id]) 63 | 64 | respond_to do |format| 65 | if @user.update(user_params) 66 | format.html { redirect_to(@user, notice: 'User was successfully updated.') } 67 | format.xml { head :ok } 68 | else 69 | format.html { render action: 'edit' } 70 | format.xml { render xml: @user.errors, status: :unprocessable_entity } 71 | end 72 | end 73 | end 74 | 75 | # DELETE /users/1 76 | # DELETE /users/1.xml 77 | def destroy 78 | @user = User.find(params[:id]) 79 | @user.destroy 80 | 81 | respond_to do |format| 82 | format.html { redirect_to(users_url) } 83 | format.xml { head :ok } 84 | end 85 | end 86 | 87 | def activate 88 | if @user = User.load_from_activation_token(params[:id]) 89 | @user.activate! 90 | redirect_to(login_path, notice: 'User was successfully activated.') 91 | else 92 | not_authenticated 93 | end 94 | end 95 | 96 | # The before action requires authentication using HTTP Basic, 97 | # And this action redirects and sets a success notice. 98 | def login_from_http_basic 99 | redirect_to users_path, notice: 'Login from basic auth successful' 100 | end 101 | 102 | private 103 | 104 | def user_params 105 | params.require(:user).permit(:email, :password, :password_confirmation) 106 | end 107 | end 108 | -------------------------------------------------------------------------------- /app/mailers/user_mailer.rb: -------------------------------------------------------------------------------- 1 | class UserMailer < ActionMailer::Base 2 | default from: 'notifications@example.com' 3 | 4 | def activation_needed_email(user) 5 | @user = user 6 | @url = "http://0.0.0.0:3000/users/#{user.activation_code}/activate" 7 | mail(to: user.email, 8 | subject: 'Welcome to My Awesome Site') 9 | end 10 | 11 | def activation_success_email(user) 12 | @user = user 13 | @url = 'http://0.0.0.0:3000/login' 14 | mail(to: user.email, 15 | subject: 'Your account is now activated') 16 | end 17 | 18 | def reset_password_email(user) 19 | @user = user 20 | @url = "http://0.0.0.0:3000/password_resets/#{user.reset_password_token}/edit" 21 | mail(to: user.email, 22 | subject: 'Your password reset request') 23 | end 24 | end 25 | -------------------------------------------------------------------------------- /app/models/admin.rb: -------------------------------------------------------------------------------- 1 | class Admin < User 2 | end 3 | -------------------------------------------------------------------------------- /app/models/user.rb: -------------------------------------------------------------------------------- 1 | class User < ActiveRecord::Base 2 | has_many :providers, class_name: 'UserProvider', dependent: :destroy 3 | accepts_nested_attributes_for :providers 4 | 5 | authenticates_with_sorcery! 6 | 7 | validates_length_of :password, minimum: 3, message: 'password must be at least 3 characters long', if: :password 8 | validates_confirmation_of :password, message: 'should match confirmation', if: :password 9 | end 10 | -------------------------------------------------------------------------------- /app/models/user_provider.rb: -------------------------------------------------------------------------------- 1 | class UserProvider < ActiveRecord::Base 2 | belongs_to :user 3 | end 4 | -------------------------------------------------------------------------------- /app/views/layouts/application.html.erb: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | Sorcery Example App 5 | <%= csrf_meta_tags %> 6 | 7 | <%= stylesheet_link_tag 'application', media: 'all', 'data-turbolinks-track': 'reload' %> 8 | <%= javascript_include_tag 'application', 'data-turbolinks-track': 'reload' %> 9 | 10 | 11 |
12 | <% if current_user %> 13 | <%= link_to 'Edit Profile', edit_user_path(current_user.id) %> 14 | <%= link_to 'Log out', logout_path, method: :delete %> 15 | <% else %> 16 | <%= link_to 'Register', new_user_path %> | 17 | <%= link_to 'Login', :login %> | 18 | <%= link_to 'Login from HTTP', login_from_http_basic_users_path %> | 19 | <%= link_to 'Login with Twitter', auth_at_provider_path(:provider => :twitter) %> | 20 | <%= link_to 'Login with Facebook', auth_at_provider_path(:provider => :facebook) %> 21 | <% end %> 22 |
23 | 24 | <%= yield %> 25 | 26 | 27 | -------------------------------------------------------------------------------- /app/views/password_resets/_form.html.erb: -------------------------------------------------------------------------------- 1 | <%= form_with model: @user, url: password_reset_path(@token), method: :put, local: true do |f| %> 2 | <% if @user.errors.any? %> 3 |
4 |

<%= pluralize(@user.errors.count, "error") %> prohibited this user from being saved:

5 | 6 | 11 |
12 | <% end %> 13 | 14 |
15 | <%= f.label :email %>
16 | <%= @user.email %> 17 |
18 |
19 | <%= f.label :password %>
20 | <%= f.password_field :password %> 21 |
22 |
23 | <%= f.label :password_confirmation %>
24 | <%= f.password_field :password_confirmation %> 25 | <%= f.hidden_field :token, value: @token %> 26 |
27 |
28 | <%= f.submit %> 29 |
30 | <% end %> 31 | -------------------------------------------------------------------------------- /app/views/password_resets/edit.html.erb: -------------------------------------------------------------------------------- 1 |

Reset Password

2 | 3 | <%= render 'form' %> 4 | 5 | <%= link_to 'Back', users_path %> 6 | -------------------------------------------------------------------------------- /app/views/user_mailer/activation_needed_email.html.erb: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 |

Welcome to example.com, <%= @user.email %>

8 |

9 | You have successfully signed up to example.com, 10 | your username is: <%= @user.email %>.
11 |

12 |

13 | To login to the site, just follow this link: <%= @url %>. 14 |

15 |

Thanks for joining and have a great day!

16 | 17 | -------------------------------------------------------------------------------- /app/views/user_mailer/activation_needed_email.text.erb: -------------------------------------------------------------------------------- 1 | Welcome to example.com, <%= @user.email %> 2 | =============================================== 3 | 4 | You have successfully signed up to example.com, 5 | your username is: <%= @user.email %>. 6 | 7 | To login to the site, just follow this link: <%= @url %>. 8 | 9 | Thanks for joining and have a great day! -------------------------------------------------------------------------------- /app/views/user_mailer/activation_success_email.html.erb: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 |

Congratz, <%= @user.email %>

8 |

9 | You have successfully activated your example.com account, 10 | your username is: <%= @user.email %>.
11 |

12 |

13 | To login to the site, just follow this link: <%= @url %>. 14 |

15 |

Thanks for joining and have a great day!

16 | 17 | -------------------------------------------------------------------------------- /app/views/user_mailer/activation_success_email.text.erb: -------------------------------------------------------------------------------- 1 | Congratz, <%= @user.email %> 2 | =============================================== 3 | 4 | You have successfully activated your example.com account, 5 | your username is: <%= @user.email %>. 6 | 7 | To login to the site, just follow this link: <%= @url %>. 8 | 9 | Thanks for joining and have a great day! -------------------------------------------------------------------------------- /app/views/user_mailer/reset_password_email.html.erb: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 |

Hello, <%= @user.email %>

8 |

9 | You have requested to reset your password. 10 |

11 |

12 | To choose a new password, just follow this link: <%= @url %>. 13 |

14 |

Have a great day!

15 | 16 | -------------------------------------------------------------------------------- /app/views/user_mailer/reset_password_email.text.erb: -------------------------------------------------------------------------------- 1 | Hello, <%= @user.email %> 2 | =============================================== 3 | 4 | You have requested to reset your password. 5 | 6 | To choose a new password, just follow this link: <%= @url %>. 7 | 8 | Have a great day! -------------------------------------------------------------------------------- /app/views/user_sessions/_forgot_password_form.html.erb: -------------------------------------------------------------------------------- 1 | <%= form_with url: password_resets_path, method: :post, local: true do |f| %> 2 |
3 | <%= f.label :email %>
4 | <%= f.text_field :email %> 5 | <%= f.submit "Reset my password!" %> 6 |
7 | <% end %> 8 | -------------------------------------------------------------------------------- /app/views/user_sessions/_form.html.erb: -------------------------------------------------------------------------------- 1 | <%= form_with url: user_sessions_path, method: :post, local: true do |f| %> 2 |
3 | <%= f.label :email %>
4 | <%= f.text_field :email %> 5 |
6 |
7 | <%= f.label :password %>
8 | <%= f.password_field :password %> 9 |
10 |
11 | <%= f.submit "Login" %> 12 |
13 |
14 | <%= f.label "keep me logged in" %>
15 | <%= f.check_box :remember %> 16 |
17 | <% end %> 18 | -------------------------------------------------------------------------------- /app/views/user_sessions/edit.html.erb: -------------------------------------------------------------------------------- 1 |

Editing user_session

2 | 3 | <%= render 'form' %> 4 | 5 | <%= link_to 'Show', @user_session %> | 6 | <%= link_to 'Back', user_sessions_path %> 7 | -------------------------------------------------------------------------------- /app/views/user_sessions/new.html.erb: -------------------------------------------------------------------------------- 1 |

Login

2 |

<%= notice %>

3 |

<%= alert %>

4 | <%= render 'form' %> 5 | 6 |

Forgot Password?

7 | <%= render 'forgot_password_form' %> 8 | 9 | <%= link_to 'Back', user_sessions_path %> 10 | -------------------------------------------------------------------------------- /app/views/users/_form.html.erb: -------------------------------------------------------------------------------- 1 | <%= form_with model: @user, local: true do |f| %> 2 | <% if @user.errors.any? %> 3 |
4 |

<%= pluralize(@user.errors.count, "error") %> prohibited this user from being saved:

5 | 6 | 11 |
12 | <% end %> 13 | 14 |
15 | <%= f.label :email %>
16 | <%= f.text_field :email %> 17 |
18 |
19 | <%= f.label :password %>
20 | <%= f.password_field :password %> 21 |
22 |
23 | <%= f.label :password_confirmation %>
24 | <%= f.password_field :password_confirmation %> 25 |
26 |
27 | <%= f.submit %> 28 |
29 | <% end %> 30 | -------------------------------------------------------------------------------- /app/views/users/edit.html.erb: -------------------------------------------------------------------------------- 1 |

Editing user

2 | 3 | <%= render 'form' %> 4 | 5 | <%= link_to 'Show', @user %> | 6 | <%= link_to 'Back', users_path %> 7 | -------------------------------------------------------------------------------- /app/views/users/index.html.erb: -------------------------------------------------------------------------------- 1 |

Listing users

2 |

<%= notice %>

3 |

<%= alert %>

4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | <% @users.each do |user| %> 13 | 14 | 15 | 16 | 17 | 18 | 19 | <% end %> 20 |
User
<%= user.email %><%= link_to 'Show', user %><%= link_to 'Edit', edit_user_path(user) %><%= link_to 'Destroy', user, :confirm => 'Are you sure?', :method => :delete %>
21 | 22 |
23 | 24 | <%= link_to 'New User', new_user_path %> 25 | -------------------------------------------------------------------------------- /app/views/users/new.html.erb: -------------------------------------------------------------------------------- 1 |

New user

2 | 3 | <%= render 'form' %> 4 | 5 | <%= link_to 'Back', users_path %> 6 | -------------------------------------------------------------------------------- /app/views/users/show.html.erb: -------------------------------------------------------------------------------- 1 |

<%= notice %>

2 | 3 |

4 | User: 5 | <%= @user.email %> 6 |

7 | 8 | <%= link_to 'Edit', edit_user_path(@user) %> | 9 | <%= link_to 'Back', users_path %> 10 | -------------------------------------------------------------------------------- /bin/bundle: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../Gemfile', __FILE__) 3 | load Gem.bin_path('bundler', 'bundle') 4 | -------------------------------------------------------------------------------- /bin/rails: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | APP_PATH = File.expand_path('../../config/application', __FILE__) 3 | require_relative '../config/boot' 4 | require 'rails/commands' 5 | -------------------------------------------------------------------------------- /bin/rake: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | require_relative '../config/boot' 3 | require 'rake' 4 | Rake.application.run 5 | -------------------------------------------------------------------------------- /bin/setup: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | require 'pathname' 3 | 4 | # path to your application root. 5 | APP_ROOT = Pathname.new File.expand_path('../../', __FILE__) 6 | 7 | Dir.chdir APP_ROOT do 8 | # This script is a starting point to setup your application. 9 | # Add necessary setup steps to this file: 10 | 11 | puts "== Installing dependencies ==" 12 | system "gem install bundler --conservative" 13 | system "bundle check || bundle install" 14 | 15 | # puts "\n== Copying sample files ==" 16 | # unless File.exist?("config/database.yml") 17 | # system "cp config/database.yml.sample config/database.yml" 18 | # end 19 | 20 | puts "\n== Preparing database ==" 21 | system "bin/rake db:setup" 22 | 23 | puts "\n== Removing old logs and tempfiles ==" 24 | system "rm -f log/*" 25 | system "rm -rf tmp/cache" 26 | 27 | puts "\n== Restarting application server ==" 28 | system "touch tmp/restart.txt" 29 | end 30 | -------------------------------------------------------------------------------- /bin/spring: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | 3 | # This file loads spring without using Bundler, in order to be fast. 4 | # It gets overwritten when you run the `spring binstub` command. 5 | 6 | unless defined?(Spring) 7 | require 'rubygems' 8 | require 'bundler' 9 | 10 | lockfile = Bundler::LockfileParser.new(Bundler.default_lockfile.read) 11 | spring = lockfile.specs.detect { |spec| spec.name == "spring" } 12 | if spring 13 | Gem.use_paths Gem.dir, Bundler.bundle_path.to_s, *Gem.path 14 | gem 'spring', spring.version 15 | require 'spring/binstub' 16 | end 17 | end 18 | -------------------------------------------------------------------------------- /config.ru: -------------------------------------------------------------------------------- 1 | # This file is used by Rack-based servers to start the application. 2 | 3 | require ::File.expand_path('../config/environment', __FILE__) 4 | run Rails.application 5 | -------------------------------------------------------------------------------- /config/application.rb: -------------------------------------------------------------------------------- 1 | require_relative 'boot' 2 | 3 | require 'rails/all' 4 | 5 | # Require the gems listed in Gemfile, including any gems 6 | # you've limited to :test, :development, or :production. 7 | Bundler.require(*Rails.groups) 8 | 9 | module SorceryExampleApp 10 | class Application < Rails::Application 11 | # Initialize configuration defaults for originally generated Rails version. 12 | config.load_defaults 5.2 13 | 14 | # Settings in config/environments/* take precedence over those specified here. 15 | # Application configuration can go into files in config/initializers 16 | # -- all .rb files in that directory are automatically loaded after loading 17 | # the framework and any gems in your application. 18 | end 19 | end 20 | -------------------------------------------------------------------------------- /config/boot.rb: -------------------------------------------------------------------------------- 1 | ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../Gemfile', __FILE__) 2 | 3 | require 'bundler/setup' # Set up gems listed in the Gemfile. 4 | -------------------------------------------------------------------------------- /config/database.yml: -------------------------------------------------------------------------------- 1 | # SQLite version 3.x 2 | # gem install sqlite3 3 | # 4 | # Ensure the SQLite 3 gem is defined in your Gemfile 5 | # gem 'sqlite3' 6 | # 7 | default: &default 8 | adapter: sqlite3 9 | pool: 5 10 | timeout: 5000 11 | 12 | development: 13 | <<: *default 14 | database: db/development.sqlite3 15 | 16 | # Warning: The database defined as "test" will be erased and 17 | # re-generated from your development database when you run "rake". 18 | # Do not set this db to the same as development or production. 19 | test: 20 | <<: *default 21 | database: db/test.sqlite3 22 | 23 | production: 24 | <<: *default 25 | database: db/production.sqlite3 26 | -------------------------------------------------------------------------------- /config/environment.rb: -------------------------------------------------------------------------------- 1 | # Load the Rails application. 2 | require File.expand_path('../application', __FILE__) 3 | 4 | # Initialize the Rails application. 5 | Rails.application.initialize! 6 | -------------------------------------------------------------------------------- /config/environments/development.rb: -------------------------------------------------------------------------------- 1 | Rails.application.configure do 2 | # Settings specified here will take precedence over those in config/application.rb. 3 | 4 | # In the development environment your application's code is reloaded on 5 | # every request. This slows down response time but is perfect for development 6 | # since you don't have to restart the web server when you make code changes. 7 | config.cache_classes = false 8 | 9 | # Do not eager load code on boot. 10 | config.eager_load = false 11 | 12 | # Show full error reports and disable caching. 13 | config.consider_all_requests_local = true 14 | config.action_controller.perform_caching = false 15 | 16 | # Don't care if the mailer can't send. 17 | config.action_mailer.raise_delivery_errors = false 18 | 19 | # Print deprecation notices to the Rails logger. 20 | config.active_support.deprecation = :log 21 | 22 | # Raise an error on page load if there are pending migrations. 23 | config.active_record.migration_error = :page_load 24 | 25 | # Debug mode disables concatenation and preprocessing of assets. 26 | # This option may cause significant delays in view rendering with a large 27 | # number of complex assets. 28 | config.assets.debug = true 29 | 30 | # Asset digests allow you to set far-future HTTP expiration dates on all assets, 31 | # yet still be able to expire them through the digest params. 32 | config.assets.digest = true 33 | 34 | # Adds additional error checking when serving assets at runtime. 35 | # Checks for improperly declared sprockets dependencies. 36 | # Raises helpful error messages. 37 | config.assets.raise_runtime_errors = true 38 | 39 | # Raises error for missing translations 40 | # config.action_view.raise_on_missing_translations = true 41 | end 42 | -------------------------------------------------------------------------------- /config/environments/production.rb: -------------------------------------------------------------------------------- 1 | Rails.application.configure do 2 | # Settings specified here will take precedence over those in config/application.rb. 3 | 4 | # Code is not reloaded between requests. 5 | config.cache_classes = true 6 | 7 | # Eager load code on boot. This eager loads most of Rails and 8 | # your application in memory, allowing both threaded web servers 9 | # and those relying on copy on write to perform better. 10 | # Rake tasks automatically ignore this option for performance. 11 | config.eager_load = true 12 | 13 | # Full error reports are disabled and caching is turned on. 14 | config.consider_all_requests_local = false 15 | config.action_controller.perform_caching = true 16 | 17 | # Enable Rack::Cache to put a simple HTTP cache in front of your application 18 | # Add `rack-cache` to your Gemfile before enabling this. 19 | # For large-scale production use, consider using a caching reverse proxy like 20 | # NGINX, varnish or squid. 21 | # config.action_dispatch.rack_cache = true 22 | 23 | # Disable serving static files from the `/public` folder by default since 24 | # Apache or NGINX already handles this. 25 | config.serve_static_files = ENV['RAILS_SERVE_STATIC_FILES'].present? 26 | 27 | # Compress JavaScripts and CSS. 28 | config.assets.js_compressor = :uglifier 29 | # config.assets.css_compressor = :sass 30 | 31 | # Do not fallback to assets pipeline if a precompiled asset is missed. 32 | config.assets.compile = false 33 | 34 | # Asset digests allow you to set far-future HTTP expiration dates on all assets, 35 | # yet still be able to expire them through the digest params. 36 | config.assets.digest = true 37 | 38 | # `config.assets.precompile` and `config.assets.version` have moved to config/initializers/assets.rb 39 | 40 | # Specifies the header that your server uses for sending files. 41 | # config.action_dispatch.x_sendfile_header = 'X-Sendfile' # for Apache 42 | # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for NGINX 43 | 44 | # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies. 45 | # config.force_ssl = true 46 | 47 | # Use the lowest log level to ensure availability of diagnostic information 48 | # when problems arise. 49 | config.log_level = :debug 50 | 51 | # Prepend all log lines with the following tags. 52 | # config.log_tags = [ :subdomain, :uuid ] 53 | 54 | # Use a different logger for distributed setups. 55 | # config.logger = ActiveSupport::TaggedLogging.new(SyslogLogger.new) 56 | 57 | # Use a different cache store in production. 58 | # config.cache_store = :mem_cache_store 59 | 60 | # Enable serving of images, stylesheets, and JavaScripts from an asset server. 61 | # config.action_controller.asset_host = 'http://assets.example.com' 62 | 63 | # Ignore bad email addresses and do not raise email delivery errors. 64 | # Set this to true and configure the email server for immediate delivery to raise delivery errors. 65 | # config.action_mailer.raise_delivery_errors = false 66 | 67 | # Enable locale fallbacks for I18n (makes lookups for any locale fall back to 68 | # the I18n.default_locale when a translation cannot be found). 69 | config.i18n.fallbacks = true 70 | 71 | # Send deprecation notices to registered listeners. 72 | config.active_support.deprecation = :notify 73 | 74 | # Use default logging formatter so that PID and timestamp are not suppressed. 75 | config.log_formatter = ::Logger::Formatter.new 76 | 77 | # Do not dump schema after migrations. 78 | config.active_record.dump_schema_after_migration = false 79 | end 80 | -------------------------------------------------------------------------------- /config/environments/test.rb: -------------------------------------------------------------------------------- 1 | Rails.application.configure do 2 | # Settings specified here will take precedence over those in config/application.rb. 3 | 4 | # The test environment is used exclusively to run your application's 5 | # test suite. You never need to work with it otherwise. Remember that 6 | # your test database is "scratch space" for the test suite and is wiped 7 | # and recreated between test runs. Don't rely on the data there! 8 | config.cache_classes = true 9 | 10 | # Do not eager load code on boot. This avoids loading your whole application 11 | # just for the purpose of running a single test. If you are using a tool that 12 | # preloads Rails for running tests, you may have to set it to true. 13 | config.eager_load = false 14 | 15 | # Configure static file server for tests with Cache-Control for performance. 16 | config.serve_static_files = true 17 | config.static_cache_control = 'public, max-age=3600' 18 | 19 | # Show full error reports and disable caching. 20 | config.consider_all_requests_local = true 21 | config.action_controller.perform_caching = false 22 | 23 | # Raise exceptions instead of rendering exception templates. 24 | config.action_dispatch.show_exceptions = false 25 | 26 | # Disable request forgery protection in test environment. 27 | config.action_controller.allow_forgery_protection = false 28 | 29 | # Tell Action Mailer not to deliver emails to the real world. 30 | # The :test delivery method accumulates sent emails in the 31 | # ActionMailer::Base.deliveries array. 32 | config.action_mailer.delivery_method = :test 33 | 34 | # Randomize the order test cases are executed. 35 | config.active_support.test_order = :random 36 | 37 | # Print deprecation notices to the stderr. 38 | config.active_support.deprecation = :stderr 39 | 40 | # Raises error for missing translations 41 | # config.action_view.raise_on_missing_translations = true 42 | end 43 | -------------------------------------------------------------------------------- /config/initializers/assets.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # Version of your assets, change this if you want to expire all your assets. 4 | Rails.application.config.assets.version = '1.0' 5 | 6 | # Add additional assets to the asset load path 7 | # Rails.application.config.assets.paths << Emoji.images_path 8 | 9 | # Precompile additional assets. 10 | # application.js, application.css, and all non-JS/CSS in app/assets folder are already added. 11 | # Rails.application.config.assets.precompile += %w( search.js ) 12 | -------------------------------------------------------------------------------- /config/initializers/backtrace_silencers.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # You can add backtrace silencers for libraries that you're using but don't wish to see in your backtraces. 4 | # Rails.backtrace_cleaner.add_silencer { |line| line =~ /my_noisy_library/ } 5 | 6 | # You can also remove all the silencers if you're trying to debug a problem that might stem from framework code. 7 | # Rails.backtrace_cleaner.remove_silencers! 8 | -------------------------------------------------------------------------------- /config/initializers/cookies_serializer.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | Rails.application.config.action_dispatch.cookies_serializer = :marshal 4 | -------------------------------------------------------------------------------- /config/initializers/filter_parameter_logging.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # Configure sensitive parameters which will be filtered from the log file. 4 | Rails.application.config.filter_parameters += [:password] 5 | -------------------------------------------------------------------------------- /config/initializers/inflections.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # Add new inflection rules using the following format. Inflections 4 | # are locale specific, and you may define rules for as many different 5 | # locales as you wish. All of these examples are active by default: 6 | # ActiveSupport::Inflector.inflections(:en) do |inflect| 7 | # inflect.plural /^(ox)$/i, '\1en' 8 | # inflect.singular /^(ox)en/i, '\1' 9 | # inflect.irregular 'person', 'people' 10 | # inflect.uncountable %w( fish sheep ) 11 | # end 12 | 13 | # These inflection rules are supported but not enabled by default: 14 | # ActiveSupport::Inflector.inflections(:en) do |inflect| 15 | # inflect.acronym 'RESTful' 16 | # end 17 | -------------------------------------------------------------------------------- /config/initializers/mime_types.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # Add new mime types for use in respond_to blocks: 4 | # Mime::Type.register "text/richtext", :rtf 5 | -------------------------------------------------------------------------------- /config/initializers/session_store.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | Rails.application.config.session_store :cookie_store, key: '_sorcery_example_app_session' 4 | -------------------------------------------------------------------------------- /config/initializers/sorcery.rb: -------------------------------------------------------------------------------- 1 | Rails.application.config.sorcery.submodules = [:user_activation, :http_basic_auth, :remember_me, :reset_password, :session_timeout, :brute_force_protection, :activity_logging, :external] 2 | 3 | Rails.application.config.sorcery.configure do |config| 4 | config.session_timeout = 10.minutes 5 | config.session_timeout_from_last_action = false 6 | 7 | config.controller_to_realm_map = { 'application' => 'Application', 'users' => 'Users' } 8 | 9 | config.external_providers = [:twitter, :facebook] 10 | 11 | config.twitter.key = 'eYVNBjBDi33aa9GkA3w' 12 | config.twitter.secret = 'XpbeSdCoaKSmQGSeokz5qcUATClRW5u08QWNfv71N8' 13 | config.twitter.callback_url = 'http://0.0.0.0:3000/oauth/callback?provider=twitter' 14 | config.twitter.user_info_mapping = { email: 'screen_name' } 15 | 16 | config.facebook.key = '34cebc81c08a521bc66e212f947d73ec' 17 | config.facebook.secret = '5b458d179f61d4f036ee66a497ffbcd0' 18 | config.facebook.callback_url = 'http://0.0.0.0:3000/oauth/callback?provider=facebook' 19 | config.facebook.user_info_mapping = { email: 'name' } 20 | 21 | config.user_config do |user| 22 | user.username_attribute_names = [:email] 23 | user.subclasses_inherit_config = true 24 | 25 | user.user_activation_mailer = UserMailer 26 | user.activation_token_attribute_name = :activation_code 27 | user.activation_token_expires_at_attribute_name = :activation_code_expires_at 28 | 29 | user.reset_password_mailer = UserMailer 30 | user.reset_password_expiration_period = 10.minutes 31 | user.reset_password_time_between_emails = nil 32 | 33 | user.activity_timeout = 1.minutes 34 | 35 | user.consecutive_login_retries_amount_limit = 10 36 | user.login_lock_time_period = 2.minutes 37 | 38 | user.authentications_class = UserProvider 39 | end 40 | 41 | config.user_class = User 42 | end 43 | -------------------------------------------------------------------------------- /config/initializers/wrap_parameters.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # This file contains settings for ActionController::ParamsWrapper which 4 | # is enabled by default. 5 | 6 | # Enable parameter wrapping for JSON. You can disable this by setting :format to an empty array. 7 | ActiveSupport.on_load(:action_controller) do 8 | wrap_parameters format: [:json] if respond_to?(:wrap_parameters) 9 | end 10 | 11 | # To enable root element in JSON for ActiveRecord objects. 12 | # ActiveSupport.on_load(:active_record) do 13 | # self.include_root_in_json = true 14 | # end 15 | -------------------------------------------------------------------------------- /config/locales/en.yml: -------------------------------------------------------------------------------- 1 | # Files in the config/locales directory are used for internationalization 2 | # and are automatically loaded by Rails. If you want to use locales other 3 | # than English, add the necessary files in this directory. 4 | # 5 | # To use the locales, use `I18n.t`: 6 | # 7 | # I18n.t 'hello' 8 | # 9 | # In views, this is aliased to just `t`: 10 | # 11 | # <%= t('hello') %> 12 | # 13 | # To use a different locale, set it with `I18n.locale`: 14 | # 15 | # I18n.locale = :es 16 | # 17 | # This would use the information in config/locales/es.yml. 18 | # 19 | # To learn more, please read the Rails Internationalization guide 20 | # available at http://guides.rubyonrails.org/i18n.html. 21 | 22 | en: 23 | hello: "Hello world" 24 | -------------------------------------------------------------------------------- /config/routes.rb: -------------------------------------------------------------------------------- 1 | Rails.application.routes.draw do 2 | root to: 'users#index' 3 | 4 | resources :users, :admins do 5 | get :login_from_http_basic, on: :collection 6 | get :activate, on: :member 7 | end 8 | 9 | resources :user_sessions, only: [:new, :create, :destroy] 10 | resources :password_resets, only: [:create, :edit, :update] 11 | 12 | get 'login' => 'user_sessions#new', as: :login 13 | delete 'logout' => 'user_sessions#destroy', as: :logout 14 | 15 | resource :oauth do 16 | get :callback, on: :collection 17 | end 18 | 19 | get 'oauth/:provider' => 'oauths#oauth', as: :auth_at_provider 20 | end 21 | -------------------------------------------------------------------------------- /config/secrets.yml: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # Your secret key is used for verifying the integrity of signed cookies. 4 | # If you change this key, all old signed cookies will become invalid! 5 | 6 | # Make sure the secret is at least 30 characters and all random, 7 | # no regular words or you'll be exposed to dictionary attacks. 8 | # You can use `rake secret` to generate a secure secret key. 9 | 10 | # Make sure the secrets in this file are kept private 11 | # if you're sharing your code publicly. 12 | 13 | development: 14 | secret_key_base: bbe271c68aa6fc46be7e3e865ae74cb4b8ed6b51463835eb7d95748fb6a7864dd684ce4b59e471aabf1b95e75be6af5c8e407235d0f17a5ada694cb3a85a45a0 15 | 16 | test: 17 | secret_key_base: 61dc5cb4c1834caec89a844d69e63546e0d16e20d24710551f0ad201ee03b11399fec33a0fc1f79ea53c5c29de51c48f7b651aff185c75122a9dc3f182cd27c1 18 | 19 | # Do not keep production secrets in the repository, 20 | # instead read values from the environment. 21 | production: 22 | secret_key_base: <%= ENV["SECRET_KEY_BASE"] %> 23 | -------------------------------------------------------------------------------- /db/migrate/20101210151424_create_users.rb: -------------------------------------------------------------------------------- 1 | class CreateUsers < ActiveRecord::Migration[5.2] 2 | def self.up 3 | create_table :users do |t| 4 | t.string :email, null: false 5 | t.string :crypted_password 6 | t.string :salt 7 | 8 | t.timestamps 9 | end 10 | 11 | add_index :users, :email 12 | end 13 | 14 | def self.down 15 | drop_table :users 16 | end 17 | end 18 | -------------------------------------------------------------------------------- /db/migrate/20101224223622_add_activation_to_users.rb: -------------------------------------------------------------------------------- 1 | class AddActivationToUsers < ActiveRecord::Migration[5.2] 2 | def self.up 3 | add_column :users, :activation_state, :string, default: nil 4 | add_column :users, :activation_code, :string, default: nil 5 | add_column :users, :activation_code_expires_at, :datetime, default: nil 6 | 7 | add_index :users, :activation_code 8 | end 9 | 10 | def self.down 11 | remove_index :users, :activation_code 12 | 13 | remove_column :users, :activation_code_expires_at 14 | remove_column :users, :activation_code 15 | remove_column :users, :activation_state 16 | end 17 | end 18 | -------------------------------------------------------------------------------- /db/migrate/20101224223623_add_remember_me_token_to_users.rb: -------------------------------------------------------------------------------- 1 | class AddRememberMeTokenToUsers < ActiveRecord::Migration[5.2] 2 | def self.up 3 | add_column :users, :remember_me_token, :string, default: nil 4 | add_column :users, :remember_me_token_expires_at, :datetime, default: nil 5 | 6 | add_index :users, :remember_me_token 7 | end 8 | 9 | def self.down 10 | remove_index :users, :remember_me_token 11 | 12 | remove_column :users, :remember_me_token_expires_at 13 | remove_column :users, :remember_me_token 14 | end 15 | end 16 | -------------------------------------------------------------------------------- /db/migrate/20101224223624_add_reset_password_to_users.rb: -------------------------------------------------------------------------------- 1 | class AddResetPasswordToUsers < ActiveRecord::Migration[5.2] 2 | def self.up 3 | add_column :users, :reset_password_token, :string, default: nil 4 | add_column :users, :reset_password_token_expires_at, :datetime, default: nil 5 | add_column :users, :reset_password_email_sent_at, :datetime, default: nil 6 | end 7 | 8 | def self.down 9 | remove_column :users, :reset_password_email_sent_at 10 | remove_column :users, :reset_password_token_expires_at 11 | remove_column :users, :reset_password_token 12 | end 13 | end 14 | -------------------------------------------------------------------------------- /db/migrate/20101224223625_add_activity_logging_to_users.rb: -------------------------------------------------------------------------------- 1 | class AddActivityLoggingToUsers < ActiveRecord::Migration[5.2] 2 | def self.up 3 | add_column :users, :last_login_at, :datetime, default: nil 4 | add_column :users, :last_logout_at, :datetime, default: nil 5 | add_column :users, :last_activity_at, :datetime, default: nil 6 | 7 | add_index :users, [:last_logout_at, :last_activity_at] 8 | end 9 | 10 | def self.down 11 | remove_index :users, [:last_logout_at, :last_activity_at] 12 | 13 | remove_column :users, :last_activity_at 14 | remove_column :users, :last_logout_at 15 | remove_column :users, :last_login_at 16 | end 17 | end 18 | -------------------------------------------------------------------------------- /db/migrate/20101224223626_add_brute_force_protection_to_users.rb: -------------------------------------------------------------------------------- 1 | class AddBruteForceProtectionToUsers < ActiveRecord::Migration[5.2] 2 | def self.up 3 | add_column :users, :failed_logins_count, :integer, default: 0 4 | add_column :users, :lock_expires_at, :datetime, default: nil 5 | end 6 | 7 | def self.down 8 | remove_column :users, :lock_expires_at 9 | remove_column :users, :failed_logins_count 10 | end 11 | end 12 | -------------------------------------------------------------------------------- /db/migrate/20110225214205_create_user_providers.rb: -------------------------------------------------------------------------------- 1 | class CreateUserProviders < ActiveRecord::Migration[5.2] 2 | def self.up 3 | create_table :user_providers do |t| 4 | t.integer :user_id, null: false 5 | t.string :provider, :uid, null: false 6 | 7 | t.timestamps 8 | end 9 | end 10 | 11 | def self.down 12 | drop_table :user_providers 13 | end 14 | end 15 | -------------------------------------------------------------------------------- /db/migrate/20110421202911_add_admin_user.rb: -------------------------------------------------------------------------------- 1 | class AddAdminUser < ActiveRecord::Migration[5.2] 2 | def self.up 3 | add_column :users, :type, :string 4 | end 5 | 6 | def self.down 7 | remove_column :users, :type 8 | end 9 | end 10 | -------------------------------------------------------------------------------- /db/migrate/20161213041715_add_last_login_from_ip_address_to_users.rb: -------------------------------------------------------------------------------- 1 | class AddLastLoginFromIpAddressToUsers < ActiveRecord::Migration[5.2] 2 | def change 3 | add_column :users, :last_login_from_ip_address, :string, default: nil 4 | end 5 | end 6 | -------------------------------------------------------------------------------- /db/schema.rb: -------------------------------------------------------------------------------- 1 | # encoding: UTF-8 2 | # This file is auto-generated from the current state of the database. Instead 3 | # of editing this file, please use the migrations feature of Active Record to 4 | # incrementally modify your database, and then regenerate this schema definition. 5 | # 6 | # Note that this schema.rb definition is the authoritative source for your 7 | # database schema. If you need to create the application database on another 8 | # system, you should be using db:schema:load, not running all the migrations 9 | # from scratch. The latter is a flawed and unsustainable approach (the more migrations 10 | # you'll amass, the slower it'll run and the greater likelihood for issues). 11 | # 12 | # It's strongly recommended that you check this file into your version control system. 13 | 14 | ActiveRecord::Schema.define(version: 20161213041715) do 15 | 16 | create_table "user_providers", force: :cascade do |t| 17 | t.integer "user_id", null: false 18 | t.string "provider", null: false 19 | t.string "uid", null: false 20 | t.datetime "created_at" 21 | t.datetime "updated_at" 22 | end 23 | 24 | create_table "users", force: :cascade do |t| 25 | t.string "email", null: false 26 | t.string "crypted_password" 27 | t.string "salt" 28 | t.datetime "created_at" 29 | t.datetime "updated_at" 30 | t.string "activation_state" 31 | t.string "activation_code" 32 | t.datetime "activation_code_expires_at" 33 | t.string "remember_me_token" 34 | t.datetime "remember_me_token_expires_at" 35 | t.string "reset_password_token" 36 | t.datetime "reset_password_token_expires_at" 37 | t.datetime "reset_password_email_sent_at" 38 | t.datetime "last_login_at" 39 | t.datetime "last_logout_at" 40 | t.datetime "last_activity_at" 41 | t.integer "failed_logins_count", default: 0 42 | t.datetime "lock_expires_at" 43 | t.string "type" 44 | t.string "last_login_from_ip_address" 45 | end 46 | 47 | add_index "users", ["activation_code"], name: "index_users_on_activation_code" 48 | add_index "users", ["email"], name: "index_users_on_email" 49 | add_index "users", ["last_logout_at", "last_activity_at"], name: "index_users_on_last_logout_at_and_last_activity_at" 50 | add_index "users", ["remember_me_token"], name: "index_users_on_remember_me_token" 51 | 52 | end 53 | -------------------------------------------------------------------------------- /db/seeds.rb: -------------------------------------------------------------------------------- 1 | # This file should contain all the record creation needed to seed the database with its default values. 2 | # The data can then be loaded with the rake db:seed (or created alongside the db with db:setup). 3 | # 4 | # Examples: 5 | # 6 | # cities = City.create([{ :name => 'Chicago' }, { :name => 'Copenhagen' }]) 7 | # Mayor.create(:name => 'Daley', :city => cities.first) 8 | -------------------------------------------------------------------------------- /docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: '3.3' 2 | 3 | services: 4 | rails: 5 | image: rails 6 | container_name: sorcery_example 7 | build: . 8 | environment: 9 | RAILS_ROOT: /rails 10 | volumes: 11 | - .:/rails 12 | command: rails s -b 0.0.0.0 13 | tty: true 14 | ports: 15 | - "3000:3000" 16 | -------------------------------------------------------------------------------- /lib/tasks/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Sorcery/sorcery-example-app/454f8150357b749ba91c65be3b1e43038fce9e4c/lib/tasks/.gitkeep -------------------------------------------------------------------------------- /public/404.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | The page you were looking for doesn't exist (404) 5 | 6 | 55 | 56 | 57 | 58 | 59 |
60 |
61 |

The page you were looking for doesn't exist.

62 |

You may have mistyped the address or the page may have moved.

63 |
64 |

If you are the application owner check the logs for more information.

65 |
66 | 67 | 68 | -------------------------------------------------------------------------------- /public/422.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | The change you wanted was rejected (422) 5 | 6 | 55 | 56 | 57 | 58 | 59 |
60 |
61 |

The change you wanted was rejected.

62 |

Maybe you tried to change something you didn't have access to.

63 |
64 |

If you are the application owner check the logs for more information.

65 |
66 | 67 | 68 | -------------------------------------------------------------------------------- /public/500.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | We're sorry, but something went wrong (500) 5 | 6 | 55 | 56 | 57 | 58 | 59 |
60 |
61 |

We're sorry, but something went wrong.

62 |
63 |

If you are the application owner check the logs for more information.

64 |
65 | 66 | 67 | -------------------------------------------------------------------------------- /public/apple-touch-icon-precomposed.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Sorcery/sorcery-example-app/454f8150357b749ba91c65be3b1e43038fce9e4c/public/apple-touch-icon-precomposed.png -------------------------------------------------------------------------------- /public/apple-touch-icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Sorcery/sorcery-example-app/454f8150357b749ba91c65be3b1e43038fce9e4c/public/apple-touch-icon.png -------------------------------------------------------------------------------- /public/favicon.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Sorcery/sorcery-example-app/454f8150357b749ba91c65be3b1e43038fce9e4c/public/favicon.ico -------------------------------------------------------------------------------- /public/images/rails.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Sorcery/sorcery-example-app/454f8150357b749ba91c65be3b1e43038fce9e4c/public/images/rails.png -------------------------------------------------------------------------------- /public/robots.txt: -------------------------------------------------------------------------------- 1 | # See http://www.robotstxt.org/robotstxt.html for documentation on how to use the robots.txt file 2 | # 3 | # To ban all spiders from the entire site uncomment the next two lines: 4 | # User-agent: * 5 | # Disallow: / 6 | -------------------------------------------------------------------------------- /test/fixtures/users.yml: -------------------------------------------------------------------------------- 1 | # Read about fixtures at http://ar.rubyonrails.org/classes/Fixtures.html 2 | 3 | noam: 4 | email: whatever@whatever.com 5 | salt: <%= salt = "asdasdastr4325234324sdfds" %> 6 | crypted_password: <%= Sorcery::CryptoProviders::BCrypt.encrypt("secret", salt) %> 7 | activation_state: active 8 | type: User 9 | -------------------------------------------------------------------------------- /test/functional/user_sessions_controller_test.rb: -------------------------------------------------------------------------------- 1 | require 'test_helper' 2 | 3 | class UserSessionsControllerTest < ActionController::TestCase 4 | setup do 5 | @user = users(:noam) 6 | end 7 | 8 | test 'should get new' do 9 | get :new 10 | assert_response :success 11 | end 12 | 13 | test 'should get create' do 14 | get :create 15 | assert_response :success 16 | end 17 | 18 | test 'should get destroy' do 19 | login_user 20 | get :destroy 21 | assert_redirected_to :users 22 | assert_equal('Logged out!', flash[:notice]) 23 | end 24 | 25 | test 'when logged out should not get destroy' do 26 | logout_user 27 | get :destroy 28 | assert_redirected_to root_url 29 | end 30 | end 31 | -------------------------------------------------------------------------------- /test/functional/users_controller_test.rb: -------------------------------------------------------------------------------- 1 | require 'test_helper' 2 | 3 | class UsersControllerTest < ActionController::TestCase 4 | setup do 5 | @user = users(:noam) 6 | end 7 | 8 | test 'should get index' do 9 | get :index 10 | assert_response :success 11 | assert_not_nil assigns(:users) 12 | end 13 | 14 | test 'should get new' do 15 | get :new 16 | assert_response :success 17 | end 18 | 19 | test 'should create user' do 20 | assert_difference('User.count') do 21 | post :create, user: { email: 'bla@pitput.com', password: 'gluplup', password_confirmation: 'gluplup' } 22 | end 23 | 24 | assert_redirected_to users_path 25 | end 26 | 27 | test 'should show user' do 28 | login_user 29 | get :show, id: @user.to_param 30 | assert_response :success 31 | end 32 | 33 | test 'should get edit' do 34 | login_user 35 | get :edit, id: @user.to_param 36 | assert_response :success 37 | end 38 | 39 | test 'should update user' do 40 | login_user 41 | put :update, id: @user.to_param, user: @user.attributes 42 | assert_redirected_to user_path(assigns(:user)) 43 | end 44 | 45 | test 'should destroy user' do 46 | login_user 47 | assert_difference('User.count', -1) do 48 | delete :destroy, id: @user.to_param 49 | end 50 | 51 | assert_redirected_to users_path 52 | end 53 | end 54 | -------------------------------------------------------------------------------- /test/test_helper.rb: -------------------------------------------------------------------------------- 1 | ENV['RAILS_ENV'] ||= 'test' 2 | require File.expand_path('../../config/environment', __FILE__) 3 | require 'rails/test_help' 4 | 5 | class ActiveSupport::TestCase 6 | # Setup all fixtures in test/fixtures/*.yml for all tests in alphabetical order. 7 | fixtures :all 8 | 9 | # Add more helper methods to be used by all tests here... 10 | include Sorcery::TestHelpers::Rails 11 | end 12 | 13 | class ActionController::TestCase 14 | include Sorcery::TestHelpers::Rails::Controller 15 | end 16 | -------------------------------------------------------------------------------- /test/unit/helpers/user_sessions_helper_test.rb: -------------------------------------------------------------------------------- 1 | require 'test_helper' 2 | 3 | class UserSessionsHelperTest < ActionView::TestCase 4 | end 5 | -------------------------------------------------------------------------------- /test/unit/helpers/users_helper_test.rb: -------------------------------------------------------------------------------- 1 | require 'test_helper' 2 | 3 | class UsersHelperTest < ActionView::TestCase 4 | end 5 | -------------------------------------------------------------------------------- /test/unit/user_test.rb: -------------------------------------------------------------------------------- 1 | require 'test_helper' 2 | 3 | class UserTest < ActiveSupport::TestCase 4 | # Replace this with your real tests. 5 | test 'the truth' do 6 | assert true 7 | end 8 | end 9 | --------------------------------------------------------------------------------