simon/youyesyet
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

More work on UI, but this commit has a regression

Browse source 
The user is no longer correctly stored in the session, and I'm not sure why not.
This commit is contained in:
Simon Brooke 2018-07-02 10:51:42 +01:00
parent e6d6109575
commit f5afa67eed
46 changed files with 3054 additions and 2821 deletions
Download patch file Download diff file Expand all files Collapse all files

3
src/clj/youyesyet/db/core.clj
View file

@ -1,5 +1,4 @@
(ns ^{:doc "Database access functions."
:author "Simon Brooke"}
(ns ^{:doc "Database access functions, mostly from Luminus template."}
youyesyet.db.core
(:require
[cheshire.core :refer [generate-string parse-string]]

35
src/clj/youyesyet/layout.clj
View file

@ -50,7 +50,10 @@
user
(do
(log/debug (str "seeking roles for user " user))
(set (map #(lower-case (:name %)) (db/list-roles-by-canvasser db/*db* user))))))
(let [roles
(set (map #(lower-case (:name %)) (db/list-roles-by-canvasser db/*db* user)))]
(log/debug (str "found roles " roles " for user " user))
roles))))
;; role assignments change only rarely.
@ -58,22 +61,26 @@
(defn render
"renders the HTML template located relative to resources/templates"
"renders the HTML `template` located relative to resources/templates in
the context of this session and with these parameters."
[template session & [params]]
(let [user (:user session)]
(content-type
(ok
(log/debug (str "layout/render: template: '" template "'; user: '" user "'."))
(assoc
(content-type
(ok
(parser/render-file
template
(assoc params
:page template
:csrf-token *anti-forgery-token*
:user user
:user-roles (get-user-roles user)
:site-title (:site-title env)
:site-logo (:site-logo env)
:version (System/getProperty "youyesyet.version"))))
"text/html; charset=utf-8")))
template
(assoc params
:page template
:csrf-token *anti-forgery-token*
:version (System/getProperty "youyesyet.version"))))
"text/html; charset=utf-8")
:user user
:user-roles (get-user-roles user)
:site-title (:site-title env)
:site-logo (:site-logo env)
:session session)))
(defn error-page

17
src/clj/youyesyet/middleware.clj
View file

@ -1,16 +1,17 @@
(ns ^{:doc "Plumbing, mainly boilerplate from Luminus."}
youyesyet.middleware
(:require [youyesyet.env :refer [defaults]]
[clojure.tools.logging :as log]
[youyesyet.layout :refer [*app-context* error-page]]
(:require [clojure.tools.logging :as log]
[ring.middleware.anti-forgery :refer [wrap-anti-forgery]]
[ring.middleware.webjars :refer [wrap-webjars]]
[ring.middleware.defaults :refer [site-defaults wrap-defaults]]
[ring.middleware.format :refer [wrap-restful-format]]
[youyesyet.config :refer [env]]
[ring.middleware.webjars :refer [wrap-webjars]]
[ring-ttl-session.core :refer [ttl-memory-store]]
[ring.middleware.defaults :refer [site-defaults wrap-defaults]])
[youyesyet.env :refer [defaults]]
[youyesyet.config :refer [env]]
[youyesyet.layout :refer [*app-context* error-page]])
(:import [javax.servlet ServletContext]))
(defn wrap-context [handler]
(fn [request]
(binding [*app-context*
@ -26,6 +27,7 @@
(:app-context env))]
(handler request))))
(defn wrap-internal-error [handler]
(fn [req]
(try
@ -36,6 +38,7 @@
:title "Something very bad has happened!"
:message "We've dispatched a team of highly trained gnomes to take care of the problem."})))))
(defn wrap-csrf [handler]
(wrap-anti-forgery
handler
@ -44,6 +47,7 @@
{:status 403
:title "Invalid anti-forgery token"})}))
(defn wrap-formats [handler]
(let [wrapped (wrap-restful-format
handler
@ -53,6 +57,7 @@
;; since they're not compatible with this middleware
((if (:websocket? request) handler wrapped) request))))
(defn wrap-base [handler]
(-> ((:middleware defaults) handler)
wrap-webjars

1088
src/clj/youyesyet/routes/auto.clj
View file

File diff suppressed because it is too large Load diff

1407
src/clj/youyesyet/routes/auto_json.clj
View file

File diff suppressed because it is too large Load diff

84
src/clj/youyesyet/routes/home.clj
View file

@ -1,17 +1,16 @@
(ns ^{:doc "Routes/pages available to unauthenticated users."
:author "Simon Brooke"} youyesyet.routes.home
(:require [clojure.java.io :as io]
[clojure.string :as s]
[clojure.tools.logging :as log]
[clojure.walk :refer [keywordize-keys]]
[noir.response :as nresponse]
[noir.util.route :as route]
[ring.util.http-response :refer [content-type ok]]
[ring.util.http-response :as response]
[youyesyet.config :refer [env]]
[youyesyet.db.core :as db-core]
[youyesyet.layout :as layout]
[youyesyet.oauth :as oauth]
[compojure.core :refer [defroutes GET POST]]
[ring.util.http-response :as response]
))
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@ -63,13 +62,13 @@
user (:user session)
roles (if user (db-core/list-roles-by-canvasser db-core/*db* {:id (:id user)}))]
(cond
roles (layout/render "roles.html"
(:session request)
{:title (str "Welcome " (:fullname user) ", what do you want to do?")
:user user
:roles roles})
(empty? roles)(response/found "/app")
true (assoc (response/found "/login") :session (dissoc session :user)))))
roles (layout/render "roles.html"
(:session request)
{:title (str "Welcome " (:fullname user) ", what do you want to do?")
:user user
:roles roles})
(empty? roles)(response/found "/app")
true (assoc (response/found "/login") :session (dissoc session :user)))))
(defn home-page []
@ -86,42 +85,47 @@
password (:password params)
redirect-to (or (:redirect-to params) "roles")]
(cond
(:authority params)
(let [auth (oauth/authority! (:authority params))]
(if auth
(do
(log/info "Attempting to authorise with authority " (:authority params))
(oauth/fetch-request-token
(assoc request :session (assoc session :authority auth))
auth))
(throw (Exception. (str "No such authority: " (:authority params))))))
;; this is obviously, ABSURDLY, insecure. I don't want to put just-about-good-enough,
;; it-will-do-for-now security in place; instead, I want this to be test code only
;; until we have o-auth properly working.
(and user (= username password))
(assoc
(response/found redirect-to)
:session (assoc session :user user :roles (layout/get-user-roles user)))
username
(:authority params)
(let [auth (oauth/authority! (:authority params))]
(if auth
(do
(log/info "Attempting to authorise with authority " (:authority params))
(oauth/fetch-request-token
(assoc request :session (assoc session :authority auth))
auth))
(throw (Exception. (str "No such authority: " (:authority params))))))
;; this is obviously, ABSURDLY, insecure. I don't want to put just-about-good-enough,
;; it-will-do-for-now security in place; instead, I want this to be test code only
;; until we have o-auth properly working.
(and user (= username password))
(let
[roles (layout/get-user-roles user)]
(log/info (str "Logged in user '" username "' with roles " roles))
(assoc
(response/found redirect-to)
:session
(assoc session :user user :roles roles)))
;; if we've got a username but either no user object or else
;; the password doesn't match
username
(layout/render
"login.html"
session
{:title (str "User " username " is unknown") :redirect-to redirect-to})
true
"login.html"
session
{:title (str "User " username " is unknown")
:redirect-to redirect-to
:warnings ["Your user name was not recognised or your password did not match"]})
;; if we've no username, just invite the user to log in
true
(layout/render
"login.html"
session
{:title "Please log in"
:redirect-to redirect-to
:authorities (db-core/list-authorities db-core/*db*)}))))
"login.html"
session
{:title "Please log in"
:redirect-to redirect-to
:authorities (db-core/list-authorities db-core/*db*)}))))
(defroutes home-routes
(GET "/" [] (home-page))
;; (GET "/js/:file" [file]
;; (-> (io/input-stream (str "resources/public/js/" file))
;; ok
;; (content-type "text/javascript;charset=UTF-8")))
(GET "/home" [] (home-page))
(GET "/about" [] (about-page))
(GET "/roles" request (route/restricted (roles-page request)))