implement user management

lalithr95 · lalithr95 · commit c388cc3e8d03 · 2016-10-11T03:17:17.000-04:00
diff --git a/.gitignore b/.gitignore
@@ -15,3 +15,4 @@
 /log/*
 !/log/.keep
 /tmp
+.byebug_history
diff --git a/Gemfile b/Gemfile
@@ -35,8 +35,9 @@ gem 'puma'
 gem 'pg'
 gem 'redis'
 gem 'sinatra', :require => false
-
+gem 'devise'
 gem 'rollbar'
+gem 'devise-bootstrap-views'
 
 # Use ActiveModel has_secure_password
 # gem 'bcrypt', '~> 3.1.7'
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -50,6 +50,7 @@ GEM
     arel (6.0.3)
     autoprefixer-rails (6.4.1)
       execjs
+    bcrypt (3.1.11)
     binding_of_caller (0.7.2)
       debug_inspector (>= 0.0.1)
     bootstrap (4.0.0.alpha3.1)
@@ -67,6 +68,13 @@ GEM
     concurrent-ruby (1.0.2)
     connection_pool (2.2.0)
     debug_inspector (0.0.2)
+    devise (4.2.0)
+      bcrypt (~> 3.0)
+      orm_adapter (~> 0.1)
+      railties (>= 4.1.0, < 5.1)
+      responders
+      warden (~> 1.2.3)
+    devise-bootstrap-views (0.0.9)
     domain_name (0.5.20160826)
       unf (>= 0.0.5, < 1.0.0)
     erubis (2.7.0)
@@ -106,6 +114,7 @@ GEM
     newrelic_rpm (3.15.2.317)
     nokogiri (1.6.8.1)
       mini_portile2 (~> 2.1.0)
+    orm_adapter (0.5.0)
     pg (0.18.4)
     puma (3.4.0)
     rack (1.6.4)
@@ -142,6 +151,8 @@ GEM
     rdoc (4.2.2)
       json (~> 1.4)
     redis (3.3.1)
+    responders (2.3.0)
+      railties (>= 4.2.0, < 5.1)
     rollbar (2.8.3)
       multi_json
     sass (3.4.22)
@@ -185,6 +196,8 @@ GEM
     unf (0.1.4)
       unf_ext
     unf_ext (0.0.7.2)
+    warden (1.2.6)
+      rack (>= 1.0)
     web-console (2.3.0)
       activemodel (>= 4.0)
       binding_of_caller (>= 0.7.2)
@@ -199,6 +212,8 @@ DEPENDENCIES
   bootstrap (~> 4.0.0.alpha3.1)
   byebug
   coffee-rails (~> 4.1.0)
+  devise
+  devise-bootstrap-views
   highcharts-rails
   jbuilder (~> 2.0)
   jquery-rails
diff --git a/app/assets/javascripts/scans.js b/app/assets/javascripts/scans.js
@@ -3,6 +3,10 @@ $(function () {
 
   function fetch_analytics() {
     var sid = $('#vulnerability-container').data('scan')
+    if (sid == undefined) {
+      return;
+    }
+
     $.ajax({
       url: '/scan/' + sid + '/vulnerabilities/chart',
       method: 'GET',
diff --git a/app/assets/stylesheets/application.scss b/app/assets/stylesheets/application.scss
@@ -10,8 +10,9 @@
  * defined in the other CSS/SCSS files in this directory. It is generally better to create a new
  * file per style scope.
  *
+ *= require devise_bootstrap_views
  *= require_tree .
  *= require_self
  */
 
-@import "bootstrap";
+@import "bootstrap";
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
@@ -2,4 +2,5 @@ class ApplicationController < ActionController::Base
   # Prevent CSRF attacks by raising an exception.
   # For APIs, you may want to use :null_session instead.
   protect_from_forgery with: :exception
+  before_action :authenticate_user!
 end
diff --git a/app/controllers/scans_controller.rb b/app/controllers/scans_controller.rb
@@ -3,6 +3,7 @@ class ScansController < ApplicationController
   before_action :load_scan, only: [:show, :vulnerability_chart]
 
   def index
+    @scans = current_user.scans
   end
 
   def show
@@ -24,7 +25,7 @@ def create
       cookies: headers, # rename column to headers
       json: json
     }
-    @scan = Scan.create!(options)
+    @scan = current_user.scans.create!(options)
 
     headers, cookies = headers_parser(headers)
     job_options = {
diff --git a/app/models/scan.rb b/app/models/scan.rb
@@ -1,3 +1,4 @@
 class Scan < ActiveRecord::Base
   has_many :vulnerabilities
+  belongs_to :user
 end
diff --git a/app/models/user.rb b/app/models/user.rb
@@ -0,0 +1,8 @@
+class User < ActiveRecord::Base
+  # Include default devise modules. Others available are:
+  # :confirmable, :lockable, :timeoutable and :omniauthable
+  devise :database_authenticatable, :registerable,
+         :recoverable, :rememberable, :trackable, :validatable
+
+  has_many :scans
+end
diff --git a/app/views/devise/confirmations/new.html.erb b/app/views/devise/confirmations/new.html.erb
@@ -0,0 +1,18 @@
+<%= bootstrap_devise_error_messages! %>
+<div class="panel panel-default devise-bs">
+  <div class="panel-heading">
+    <h4><%= t('.resend_confirmation_instructions', :default => 'Resend confirmation instructions') %></h4>
+  </div>
+  <div class="panel-body">
+    <%= form_for(resource, :as => resource_name, :url => confirmation_path(resource_name), :html => { :method => :post, role: "form" }) do |f| %>
+      <div class="form-group">
+        <%= f.label :email %>
+        <%= f.email_field :email, autofocus: true, class: "form-control"  %>
+      </div>
+
+      <%= f.submit t('.resend_confirmation_instructions', :default => 'Resend confirmation instructions'), class: "btn btn-primary" %>
+    <% end %>
+  </div>
+</div>
+
+<%= render "devise/shared/links" %>
diff --git a/app/views/devise/mailer/confirmation_instructions.html.erb b/app/views/devise/mailer/confirmation_instructions.html.erb
@@ -0,0 +1,6 @@
+<p><%= t('.greeting', :recipient => @resource.email, :default => "Welcome #{@resource.email}!") %></p>
+
+<p><%= t('.instruction', :default => "You can confirm your account email through the link below:") %></p>
+
+<p><%= link_to t('.action', :default => "Confirm my account"),
+         confirmation_url(@resource, :confirmation_token => @token, locale: I18n.locale) %></p>
diff --git a/app/views/devise/mailer/password_change.html.erb b/app/views/devise/mailer/password_change.html.erb
@@ -0,0 +1,3 @@
+<p>Hello <%= @resource.email %>!</p>
+
+<p>We're contacting you to notify you that your password has been changed.</p>
diff --git a/app/views/devise/mailer/reset_password_instructions.html.erb b/app/views/devise/mailer/reset_password_instructions.html.erb
@@ -0,0 +1,8 @@
+<p><%= t('.greeting', :recipient => @resource.email, :default => "Hello #{@resource.email}!") %></p>
+
+<p><%= t('.instruction', :default => "Someone has requested a link to change your password, and you can do this through the link below.") %></p>
+
+<p><%= link_to t('.action', :default => "Change my password"), edit_password_url(@resource, :reset_password_token => @token, locale: I18n.locale) %></p>
+
+<p><%= t('.instruction_2', :default => "If you didn't request this, please ignore this email.") %></p>
+<p><%= t('.instruction_3', :default => "Your password won't change until you access the link above and create a new one.") %></p>
diff --git a/app/views/devise/mailer/unlock_instructions.html.erb b/app/views/devise/mailer/unlock_instructions.html.erb
@@ -0,0 +1,7 @@
+<p><%= t('.greeting', :recipient => @resource.email, :default => "Hello #{@resource.email}!") %></p>
+
+<p><%= t('.message', :default => "Your account has been locked due to an excessive amount of unsuccessful sign in attempts.") %></p>
+
+<p><%= t('.instruction', :default => "Click the link below to unlock your account:") %></p>
+
+<p><%= link_to t('.action', :default => "Unlock my account"), unlock_url(@resource, :unlock_token => @resource.unlock_token, locale: I18n.locale) %></p>
diff --git a/app/views/devise/passwords/edit.html.erb b/app/views/devise/passwords/edit.html.erb
@@ -0,0 +1,24 @@
+<%= bootstrap_devise_error_messages! %>
+<div class="panel panel-default devise-bs">
+  <div class="panel-heading">
+    <h4><%= t('.change_your_password', :default => 'Change your password') %></h4>
+  </div>
+  <div class="panel-body">
+    <%= form_for(resource, :as => resource_name, :url => password_path(resource_name), :html => { :method => :put, role: "form" }) do |f| %>
+      <%= f.hidden_field :reset_password_token %>
+
+      <div class="form-group">
+        <%= f.label :password, t('.new_password', :default => 'New password') %>
+        <%= f.password_field :password, autofocus: true, class: "form-control"  %>
+      </div>
+
+      <div class="form-group">
+        <%= f.label :password_confirmation, t('.confirm_new_password', :default => 'Confirm new password') %>
+        <%= f.password_field :password_confirmation, class: "form-control"  %>
+      </div>
+
+      <%= f.submit t('.change_my_password', :default => 'Change my password'), class: "btn btn-primary" %>
+    <% end %>
+  </div>
+</div>
+<%= render "devise/shared/links" %>
diff --git a/app/views/devise/passwords/new.html.erb b/app/views/devise/passwords/new.html.erb
@@ -0,0 +1,17 @@
+<%= bootstrap_devise_error_messages! %>
+<div class="panel panel-default devise-bs">
+  <div class="panel-heading">
+    <h4><%= t('.forgot_your_password', :default => 'Forgot your password?') %></h4>
+  </div>
+  <div class="panel-body">
+    <%= form_for(resource, :as => resource_name, :url => password_path(resource_name), :html => { :method => :post, role: "form" }) do |f| %>
+      <div class="form-group">
+        <%= f.label :email %>
+        <%= f.email_field :email, autofocus: true, class: "form-control" %>
+      </div>
+
+      <%= f.submit t('.send_me_reset_password_instructions', :default => "Send me reset password instructions"), class: "btn btn-primary" %>
+    <% end %>
+  </div>
+</div>
+<%= render "devise/shared/links" %>
diff --git a/app/views/devise/registrations/edit.html.erb b/app/views/devise/registrations/edit.html.erb
@@ -0,0 +1,31 @@
+<%= bootstrap_devise_error_messages! %>
+<div class="panel panel-default devise-bs">
+  <div class="panel-heading">
+    <h4><%= t('.title', :resource => resource_class.model_name.human , :default => "Edit #{resource_name.to_s.humanize}") %></h4>
+  </div>
+  <div class="panel-body">
+    <%= form_for(resource, :as => resource_name, :url => registration_path(resource_name), :html => { :method => :put }) do |f| %>
+      <div class="form-group">
+        <%= f.label :email %>
+        <%= f.email_field :email, autofocus: true, class: "form-control" %>
+      </div>
+      <div class="form-group">
+        <%= f.label :password %> <i>(<%= t('.leave_blank_if_you_don_t_want_to_change_it', :default => "leave blank if you don't want to change it") %>)</i>
+        <%= f.password_field :password, :autocomplete => "off", class: "form-control" %>
+      </div>
+      <div class="form-group">
+        <%= f.label :password_confirmation %>
+        <%= f.password_field :password_confirmation, class: "form-control"  %>
+      </div>
+      <div class="form-group">
+        <%= f.label :current_password %> <i>(<%= t('.we_need_your_current_password_to_confirm_your_changes', :default => 'we need your current password to confirm your changes') %>)</i>
+        <%= f.password_field :current_password, class: "form-control" %>
+      </div>
+      <%= f.submit t('.update', :default => "Update"), class: "btn btn-primary" %>
+    <% end %>
+  </div>
+</div>
+
+<p><%= t('.unhappy', :default => 'Unhappy') %>? <%= link_to t('.cancel_my_account', :default => "Cancel my account"), registration_path(resource_name), :data => { :confirm => t('.are_you_sure', :default => "Are you sure?") }, :method => :delete %>.</p>
+
+<%= link_to t('.back', :default => 'Back'), :back %>
diff --git a/app/views/devise/registrations/new.html.erb b/app/views/devise/registrations/new.html.erb
@@ -0,0 +1,24 @@
+<%= bootstrap_devise_error_messages! %>
+<div class="panel panel-default devise-bs">
+  <div class="panel-heading">
+    <h4><%= t('.sign_up', :default => "Sign up") %></h4>
+  </div>
+  <div class="panel-body">
+    <%= form_for(resource, :as => resource_name, :url => registration_path(resource_name), html: { role: "form" }) do |f| %>
+      <div class="form-group">
+        <%= f.label :email %>
+        <%= f.email_field :email, autofocus: true, class: "form-control" %>
+      </div>
+      <div class="form-group">
+        <%= f.label :password %>
+        <%= f.password_field :password, class: "form-control" %>
+      </div>
+      <div class="form-group">
+        <%= f.label :password_confirmation %>
+        <%= f.password_field :password_confirmation, class: "form-control" %>
+      </div>
+      <%= f.submit t('.sign_up', :default => "Sign up"), class: "btn btn-primary" %>
+    <% end %>
+  </div>
+</div>
+<%= render "devise/shared/links" %>
diff --git a/app/views/devise/sessions/new.html.erb b/app/views/devise/sessions/new.html.erb
@@ -0,0 +1,26 @@
+<div class="panel panel-default devise-bs">
+  <div class="panel-heading">
+    <h4><%= t('.sign_in', :default => "Sign in") %></h4>
+  </div>
+  <div class="panel-body">
+    <%= form_for(resource, as: resource_name, url: session_path(resource_name), html: { role: "form" }) do |f| %>
+      <div class="form-group">
+        <%= f.label :email %>
+        <%= f.email_field :email, autofocus: true, class: "form-control" %>
+      </div>
+      <div class="form-group">
+        <%= f.label :password %>
+        <%= f.password_field :password, autocomplete: "off", class: "form-control" %>
+      </div>
+      <% if devise_mapping.rememberable? %>
+        <div class="checkbox">
+          <%= f.label :remember_me do %>
+            <%= f.check_box :remember_me %> <%= t('.remember_me', :default => "Remember me") %>
+          <% end %>
+        </div>
+      <% end %>
+      <%= f.submit  t('.sign_in', :default => "Sign in"), class: "btn btn-primary" %>
+    <% end %>
+  </div>
+</div>
+<%= render "devise/shared/links" %>
diff --git a/app/views/devise/shared/_links.html.erb b/app/views/devise/shared/_links.html.erb
@@ -0,0 +1,25 @@
+<% if controller_name != 'sessions' %>
+  <%= link_to t(".sign_in", :default => "Sign in"), new_session_path(resource_name) %><br />
+<% end %>
+
+<% if devise_mapping.registerable? && controller_name != 'registrations' %>
+  <%= link_to t(".sign_up", :default => "Sign up"), new_registration_path(resource_name) %><br />
+<% end %>
+
+<% if devise_mapping.recoverable? && controller_name != 'passwords' %>
+  <%= link_to t(".forgot_your_password", :default => "Forgot your password?"), new_password_path(resource_name) %><br />
+<% end %>
+
+<% if devise_mapping.confirmable? && controller_name != 'confirmations' %>
+  <%= link_to t('.didn_t_receive_confirmation_instructions', :default => "Didn't receive confirmation instructions?"), new_confirmation_path(resource_name) %><br />
+<% end %>
+
+<% if devise_mapping.lockable? && resource_class.unlock_strategy_enabled?(:email) && controller_name != 'unlocks' %>
+  <%= link_to t('.didn_t_receive_unlock_instructions', :default => "Didn't receive unlock instructions?"), new_unlock_path(resource_name) %><br />
+<% end %>
+
+<% if devise_mapping.omniauthable? %>
+  <% resource_class.omniauth_providers.each do |provider| %>
+  <%= link_to t('.sign_in_with_provider', :provider => provider.to_s.titleize, :default => "Sign in with #{provider.to_s.titleize}"), omniauth_authorize_path(resource_name, provider) %><br />
+  <% end %>
+<% end %>
diff --git a/app/views/devise/unlocks/new.html.erb b/app/views/devise/unlocks/new.html.erb
@@ -0,0 +1,16 @@
+<%= bootstrap_devise_error_messages! %>
+<div class="panel panel-default devise-bs">
+  <div class="panel-heading">
+    <h4><%= t('.resend_unlock_instructions', :default => "Resend unlock instructions") %></h4>
+  </div>
+  <div class="panel-body">
+    <%= form_for(resource, :as => resource_name, :url => unlock_path(resource_name), :html => { :method => :post, html: { role: "form" } }) do |f| %>
+      <div class="form-group">
+        <%= f.label :email %>
+        <%= f.email_field :email, autofocus: true, class: "form-control" %>
+      </div>
+      <%= f.submit t('.resend_unlock_instructions', :default => "Resend unlock instructions"), class: "btn btn-primary"%>
+    <% end %>
+  </div>
+</div>
+<%= render "devise/shared/links" %>
diff --git a/app/views/layouts/application.html.erb b/app/views/layouts/application.html.erb
@@ -9,7 +9,7 @@
 <body>
 
 <nav class="navbar navbar-light bg-faded">
-  <a class="navbar-brand" href="#">API Fuzzer</a>
+  <a class="navbar-brand" href="/">API Fuzzer</a>
   <ul class="nav navbar-nav">
     <li class="nav-item active">
       <a class="nav-link" href="#">Home <span class="sr-only">(current)</span></a>
@@ -21,6 +21,18 @@
   </form>
 </nav>
 
+<% if notice %>
+  <div class="alert alert-info" role="alert">
+    <%= notice %>
+  </div>
+<% end %>
+
+<% if alert %>
+  <div class="alert alert-danger" role="alert">
+    <%= alert %>
+  </div>
+<% end %>
+
 <%= yield %>
 
 </body>
diff --git a/app/views/scans/index.html.erb b/app/views/scans/index.html.erb
@@ -0,0 +1,18 @@
+<div class="col-md-12">
+  <table class="table table-striped">
+    <thead>
+      <tr>
+        <th>#</th>
+        <th>URL</th>
+        <th>Vulnerability count</th>
+      </tr>
+    </thead>
+    <tbody>
+    <% @scans.each do |scan| %>
+      <td><%= scan.id %></td>
+      <td><%= link_to scan.url, scan.url %></td>
+      <td><%= scan.vulnerabilities.count %></td>
+    <% end %>
+    </tbody>
+  </table>
+</div>
diff --git a/config/environments/development.rb b/config/environments/development.rb
diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb
diff --git a/config/locales/devise.en.yml b/config/locales/devise.en.yml
diff --git a/config/routes.rb b/config/routes.rb
diff --git a/db/migrate/20161011062631_devise_create_users.rb b/db/migrate/20161011062631_devise_create_users.rb
diff --git a/db/migrate/20161011064845_add_user_id_column_to_scans.rb b/db/migrate/20161011064845_add_user_id_column_to_scans.rb
diff --git a/db/schema.rb b/db/schema.rb
diff --git a/test/fixtures/users.yml b/test/fixtures/users.yml
diff --git a/test/models/user_test.rb b/test/models/user_test.rb
