Commit 7704a9a0 authored by o@immerda.ch's avatar o@immerda.ch
Browse files

towards a signup page

parent cc93f775
......@@ -37,5 +37,6 @@ function loadPwstrength() {
document.getElementById('new').addEventListener("change",confirmcheck)
document.getElementById('confirm').addEventListener("keyup", confirmcheck)
document.getElementById('confirm').addEventListener("change", confirmcheck)
pwstrength();
}
window.addEventListener("load", loadPwstrength)
# Place all the behaviors and hooks related to the matching controller here.
# All this logic will automatically be available in application.js.
# You can use CoffeeScript in this file: http://coffeescript.org/
//= require zxcvbn
//= require pwstrength
// Place all the styles related to the signup controller here.
// They will automatically be included in application.css.
// You can use Sass (SCSS) here: http://sass-lang.com/
......@@ -2,7 +2,8 @@ class AdminController < ApplicationController
def authorize
if !admin?
redirect_to '/login'
else
super
end
super
end
end
require 'zxcvbn'
class ApplicationController < ActionController::Base
protect_from_forgery with: :exception
......@@ -44,6 +46,18 @@ class ApplicationController < ActionController::Base
expire_time - Time.now.to_i <= 0
end
def password_policy?(pw)
if pw.length < 10
flash[:notice] = :password_too_short
return false
end
if Zxcvbn.test(pw).score < 3
flash[:notice] = :password_policy_fail
return false
end
true
end
def update_session_expiry
session[:expires_at] = 15.minutes.from_now.to_i
end
......
require 'zxcvbn'
class PasswordController < ApplicationController
def update
if params['new'] != params['confirm']
flash[:notice] = :password_change_mismatch
if !password_policy?(params[:new])
redirect_to '/password'
return
end
if params['new'].length < 10
flash[:notice] = :password_too_short
redirect_to '/password'
return
end
if Zxcvbn.test(params['new']).score < 3
flash[:notice] = :password_policy_fail
if params['new'] != params['confirm']
flash[:notice] = :password_change_mismatch
redirect_to '/password'
return
end
......
class SignupController < ApplicationController
def authorize
@email = "test@example.com"
@new_pw = params[:new]
@enable_trees = params[:enable_trees] || false
if request.post?
if !password_policy?(params[:new])
return
end
if params['new'] != params['confirm']
flash[:notice] = :password_change_mismatch
return
end
flash[:notice] = :success
redirect_to '/login'
return
end
end
end
module SignupHelper
end
<% if @passwords && !@passwords.empty? %>
<h3><%= t :app_passwords %></h3>
<% if @app_pw %>
<b> <%= t(:your_app_pw_is) %> </b>
<p><%= @app_pw %></p>
<% end %>
<% if @passwords && !@passwords.empty? %>
<h3><%= t :app_passwords %></h3>
<ul>
<% @passwords.each do |pw| %>
<li>
......@@ -18,9 +17,10 @@
</li>
<% end %>
</ul>
<% end %>
<hr/ >
<h3><%= t :new_app_passwords %></h3>
<%= form_tag("/app_passwords", method: "post") do %>
<table>
......@@ -29,7 +29,7 @@
</td><td>
<%= text_field_tag(:app_name, '', value: t(:app_name), autocomplete: 'off') %>
</td></tr><tr><td>
<%= label_tag(:password, (t :confirm_pw)) %>
<%= label_tag(:password, (t :your_pw)) %>
</td><td>
<%= password_field_tag(:password) %>
</td></tr>
......
<ul class="menu">
<li><%= link_to (t :change_password), password_path %></li>
<li><%= link_to (t :trees_settings) , trees_path %> (beta)</li>
<li><%= link_to (t :change_password), password_path %>
<br /><%= t(:change_password_short_help) %>
</li>
<% if trees_enabled? %>
<li><%= link_to (t :app_passwords) , app_passwords_path %></li>
<li><%= link_to (t :app_passwords) , app_passwords_path %>
<br /><%= t(:app_passwords_short_help) %>
</li>
<li><%= link_to (t :recovery_token) , trees_path %>
<br /><%= t(:trees_token_short_help) %>
</li>
<% else %>
<li><%= link_to (t :trees_settings) , trees_path %> (beta)
<br /><%= t(:enable_trees_short_help) %>
</li>
<% end %>
<% if admin? %>
<li><%= link_to (t :admin_page) , admin_path %></li>
......
<h3><%= t :new_account %></h3>
<%= form_tag("/signup", method: "post") do %>
<table>
<tr><td>
<%= label_tag(:email, (t :email)) %>
</td><td>
<%= text_field_tag(:email, '', value: @email, disabled: true) %>
</td><td>
</td><td>
</td></tr>
<tr><td>
<%= label_tag(:new, (t :new_pw)) %>
</td><td>
<%= password_field_tag(:new, "", value: @new_pw) %>
</td><td>
<div id="new_ok">&nbsp;</div>
</td><td>
<div id="pwscore" style="text-align:center;width:30px;margin:0 10px 10px;padding:1px;">&nbsp;</div>
</td></tr>
<tr><td>
<%= label_tag(:confirm, (t :confirm_pw)) %>
</td><td>
<%= password_field_tag(:confirm) %>
</td><td>
<div id='confirm_ok'>
</td><td>
</td></tr>
</table>
<p>
<input type="checkbox" id="enable_trees" name="enable_trees" value="true"
<%= if @enable_trees then 'checked="checked"' else '' end %>/>
<b><%= t :encrypt_mailbox %></b>
<br/>
<%= t :encrypt_mailbox_help %>
</p>
<p>
<%= submit_tag(t :create) %>
</p>
<% end %>
<h3><%= t :encrypt_mailbox %></h3>
<p>
<%= t :encrypt_mailbox_help %>
<%= t :encrypt_mailbox_help_existing %>
</p>
<%= form_tag("/trees/enable", method: "post") do %>
<%= label_tag(:pass, (t :password)) %>
<%= label_tag(:pass, (t :password_for_enable)) %>
<%= password_field_tag(:pass) %>
<%= submit_tag(t :activate) %>
<%= link_to "Cancel", :back %>
......
......@@ -4,7 +4,7 @@
</p>
<%= form_tag("/trees_token/request", method: "post") do %>
<%= label_tag(:pass, (t :password)) %>
<%= label_tag(:pass, (t :password_for_reveal)) %>
<%= password_field_tag(:pass) %>
<br />
<%= submit_tag(t :recovery_token_show) %>
......
......@@ -12,7 +12,7 @@
<%= t :clear_recovery_token_help %>
</p>
<%= form_tag("/trees_token", method: "post") do %>
<%= label_tag(:pass, (t :password)) %>
<%= label_tag(:pass, (t :password_for_clear)) %>
<%= password_field_tag(:pass) %>
<%= submit_tag(t :clear_token) %>
<% end %>
......
......@@ -11,4 +11,4 @@ Rails.application.config.assets.paths << Rails.root.join('node_modules')
# Precompile additional assets.
# application.js, application.css, and all non-JS/CSS in the app/assets
# folder are already added.
Rails.application.config.assets.precompile += %w( sessions.js password.js )
Rails.application.config.assets.precompile += %w( sessions.js password.js signup.js )
......@@ -12,7 +12,8 @@ de:
submit: "Abschicken"
activate: "Aktivieren"
encrypt_mailbox: "Mailbox Verschlüsseln"
encrypt_mailbox_help: "ACHTUNG: Diese Funktion ist erst im Testbetrieb. Es könnten Mails verloren gehen. Aktiviere diese Funktion, damit alle Emails verschlüsselt in deiner Mailbox abgelegt werden (gilt zZ. nur für neue Mails). Für dich sind damit keine Änderungen verbunden, die Verschlüsselung ist transparent."
encrypt_mailbox_help: "ACHTUNG: Diese Funktion ist erst im Testbetrieb. Es könnten Mails verloren gehen. Aktiviere diese Funktion, damit alle Emails verschlüsselt in deiner Mailbox abgelegt werden."
encrypt_mailbox_help_existing: "(Das gilt zZ. nur für neue Mails)"
recovery_token: "Sicherheits Token"
recovery_token_help: "Bewahre diesen Token sicher auf. Diesen kannst du uns schicken, wenn du dein Passwort vergessen hast, um ein neues zu setzen."
clear_recovery_token: "Token bestätigen und Kopie löschen"
......@@ -36,5 +37,16 @@ de:
unlock: "entsperren"
update: "aktualisieren"
delete: "löschen"
app_name: "Programmname"
app_name: "Verwendungszweck"
your_app_pw_is: "Dein neues App Passwort lautet: "
create: "erstellen"
app_passwords: "App Passwörter"
app_passwords_short_help: "Um via Mail Programm einzuloggen, musst du ein App Passwort erstellen."
change_password_short_help: "Das Hauptpasswort ändern"
trees_token_short_help: "Wenn du dein Passwort vergisst können deine Mails nur mit diesem Token wiederhergestellt werden"
enable_trees_short_help: "Verschlüsselt Mails in deiner Mailbox mit deinem Passwort"
your_pw: "Dein Passwort"
new_app_passwords: "Neues App Passwort anfordern"
password_for_reveal: "Passwort eingeben um Token anzuzeigen"
password_for_clear: "Passwort eingeben um unsere Kopie zu löschen"
password_for_enable: "Passwort eingeben um Verschlüsselung zu aktivieren"
......@@ -12,9 +12,10 @@ en:
submit: "submit"
activate: "activate"
encrypt_mailbox: "Encrypt Mailbox"
encrypt_mailbox_help: "WARNING: This feature is not stable yet and it might happen that mails become unreadable. Activate this option to encrypt all new incomming mails in your mailbox. The encryption is transparent, you should not notice any changes."
encrypt_mailbox_help: "WARNING: This feature is not stable yet and it might happen that mails become unreadable. Activate this option to encrypt all new incomming mails in your mailbox."
encrypt_mailbox_help_existing: "(Currently only applies to new incoming mails)"
clear_recovery_token: "Confirm Token and Delete Copy"
:clear_recovery_token_help: "Once you have securely stored your token, you can confirm it here. We will erase our own copy of it. We hightly recommend to take this step! WARNING: If you forget your password and loose your token, all mails in your inbox will be lost."
clear_recovery_token_help: "Once you have securely stored your token, you can confirm it here. We will erase our own copy of it. We hightly recommend to take this step! WARNING: If you forget your password and loose your token, all mails in your inbox will be lost."
trees_enabled: "Encryption activated"
token_cleared: "Token copy erased"
clear_token: "erase token copy"
......@@ -35,3 +36,14 @@ en:
update: "update"
delete: "delete"
your_app_pw_is: "Your new app password is: "
create: "create"
app_passwords: "App Passwords"
app_passwords_short_help: "To log in by external mail applications you need an app password"
change_password_short_help: "Change your main password"
trees_token_short_help: "If you forget your password only the recovery token will allow you to recover your mails"
enable_trees_short_help: "Encrypt your mailbox with your password"
your_pw: "Your password"
new_app_passwords: "Request new app password"
password_for_reveal: "Enter password to show token"
password_for_clear: "Enter password to clear our copy"
password_for_enable: "Enter password to enable encryption"
......@@ -17,6 +17,9 @@ Rails.application.routes.draw do
post '/login', to: 'sessions#create'
get '/logout', to: 'sessions#destroy'
get 'signup', to: 'signup#new'
post 'signup', to: 'signup#new'
root to: 'index#show'
get '/index', to: 'index#show'
......
require 'test_helper'
class SignupControllerTest < ActionDispatch::IntegrationTest
# test "the truth" do
# assert true
# end
end
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment