disable username & password except for dev, require auth everywhere

fastly · May 22, 2021 · 7b50308 · 7b50308
1 parent 58921b8
commit 7b50308
Show file tree

Hide file tree

Showing 10 changed files with 40 additions and 28 deletions.
diff --git a/app/controllers/comments_controller.rb b/app/controllers/comments_controller.rb
@@ -1,4 +1,6 @@
 class CommentsController < ApplicationController
+  before_action :require_user
+
   def create
     @proposal = Proposal.find(comment_params[:proposal_id])
 

diff --git a/app/controllers/events_controller.rb b/app/controllers/events_controller.rb
@@ -1,4 +1,5 @@
 class EventsController < ApplicationController
+  before_action :require_user
   skip_before_action :current_event, only: [:index]
   before_action :require_event, only: [:show]
 

diff --git a/app/controllers/home_controller.rb b/app/controllers/home_controller.rb
@@ -1,4 +1,5 @@
 class HomeController < ApplicationController
+  before_action :require_user
 
   # Go to:
   # - the currently live event guidelines page, or

diff --git a/app/controllers/invitations_controller.rb b/app/controllers/invitations_controller.rb
@@ -1,4 +1,5 @@
 class InvitationsController < ApplicationController
+  before_action :require_user
   before_action :require_proposal, only: [:create, :destroy, :resend]
   before_action :require_speaker, only: [:create, :destroy, :resend]
   before_action :require_pending_invitation, only: [:show, :accept, :decline, :destroy, :resend]

diff --git a/app/controllers/pages_controller.rb b/app/controllers/pages_controller.rb
@@ -1,4 +1,5 @@
 class PagesController < ApplicationController
+  before_action :require_user
 
   def current_styleguide
   end

diff --git a/app/controllers/teammates_controller.rb b/app/controllers/teammates_controller.rb
@@ -1,4 +1,5 @@
 class TeammatesController < ApplicationController
+  before_action :require_user
   before_action :require_pending_invitation, only: [:accept, :decline]
   before_action :set_session_invite, only: [:accept]
   before_action :require_user_for_accept, only: [:accept]

diff --git a/app/controllers/users/omniauth_callbacks_controller.rb b/app/controllers/users/omniauth_callbacks_controller.rb
@@ -1,5 +1,5 @@
 class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
-  before_action :check_current_user, only: [:twitter, :github]
+  before_action :check_current_user, only: [:twitter, :github, :google_oauth2]
 
   def twitter
     authenticate_with_hash

diff --git a/app/views/devise/registrations/new.html.haml b/app/views/devise/registrations/new.html.haml
@@ -10,12 +10,13 @@
         .well.clearfix
           = f.error_notification
 
-          = f.input :email, required: true, autofocus: true, wrapper_html: {class: "col-sm-12"}
-          = f.input :password, required: true, wrapper_html: {class: "col-sm-12"}, hint: ("#{@minimum_password_length} characters minimum" if @minimum_password_length)
-          = f.input :password_confirmation, required: true, wrapper_html: {class: "col-sm-12"}
-          = f.hidden_field :pending_invite_email, value: session[:pending_invite_email]
+          - if Rails.env.development?
+            = f.input :email, required: true, autofocus: true, wrapper_html: {class: "col-sm-12"}
+            = f.input :password, required: true, wrapper_html: {class: "col-sm-12"}, hint: ("#{@minimum_password_length} characters minimum" if @minimum_password_length)
+            = f.input :password_confirmation, required: true, wrapper_html: {class: "col-sm-12"}
+            = f.hidden_field :pending_invite_email, value: session[:pending_invite_email]
 
-          .form-group.col-sm-12
-            = f.button :submit, "Sign up", class: "btn btn-success"
+            .form-group.col-sm-12
+              = f.button :submit, "Sign up", class: "btn btn-success"
 
           .form-group= render "devise/shared/links"
diff --git a/app/views/devise/sessions/new.html.haml b/app/views/devise/sessions/new.html.haml
@@ -9,11 +9,13 @@
       .col-sm-5.col-centered
         .well.clearfix
           = f.error_notification
-          = f.input :email, required: false, autofocus: true, wrapper_html: {class: "col-sm-12"}
-          = f.input :password, required: false, wrapper_html: {class: "col-sm-12"}
-          = f.input :remember_me, as: :boolean, wrapper: :inline_checkbox if devise_mapping.rememberable?
 
-          .form-group.col-sm-12
-            = f.button :submit, "Log in", class: "btn btn-primary"
+          - if Rails.env.development?
+            = f.input :email, required: false, autofocus: true, wrapper_html: {class: "col-sm-12"}
+            = f.input :password, required: false, wrapper_html: {class: "col-sm-12"}
+            = f.input :remember_me, as: :boolean, wrapper: :inline_checkbox if devise_mapping.rememberable?
+
+            .form-group.col-sm-12
+              = f.button :submit, "Log in", class: "btn btn-primary"
 
           .form-group= render "devise/shared/links"
diff --git a/app/views/devise/shared/_links.html.erb b/app/views/devise/shared/_links.html.erb
@@ -1,25 +1,27 @@
 <div class="col-sm-12">
-  <%- if controller_name != 'sessions' %>
-    <%= link_to "Log in", new_user_session_path %><br />
-  <% end -%>
+  <%- if Rails.env.development? %>
+    <%- if controller_name != 'sessions' %>
+      <%= link_to "Log in", new_user_session_path %><br />
+    <% end -%>
 
-  <%- if devise_mapping.registerable? && controller_name != 'registrations' %>
-    <%= link_to "Sign up", new_registration_path(resource_name) %><br />
-  <% end -%>
+    <%- if devise_mapping.registerable? && controller_name != 'registrations' %>
+      <%= link_to "Sign up", new_registration_path(resource_name) %><br />
+    <% end -%>
 
-  <%- if devise_mapping.recoverable? && controller_name != 'passwords' && controller_name != 'registrations' %>
-    <%= link_to "Forgot your password?", new_password_path(resource_name) %><br />
-  <% end -%>
+    <%- if devise_mapping.recoverable? && controller_name != 'passwords' && controller_name != 'registrations' %>
+      <%= link_to "Forgot your password?", new_password_path(resource_name) %><br />
+    <% end -%>
 
-  <%- if devise_mapping.confirmable? && controller_name != 'confirmations' %>
-    <%= link_to "Didn't receive confirmation instructions?", new_confirmation_path(resource_name) %><br />
-  <% end -%>
+    <%- if devise_mapping.confirmable? && controller_name != 'confirmations' %>
+      <%= link_to "Didn't receive confirmation instructions?", new_confirmation_path(resource_name) %><br />
+    <% end -%>
 
-  <%- if devise_mapping.lockable? && resource_class.unlock_strategy_enabled?(:email) && controller_name != 'unlocks' %>
-    <%= link_to "Didn't receive unlock instructions?", new_unlock_path(resource_name) %><br />
-  <% end -%>
+    <%- if devise_mapping.lockable? && resource_class.unlock_strategy_enabled?(:email) && controller_name != 'unlocks' %>
+      <%= link_to "Didn't receive unlock instructions?", new_unlock_path(resource_name) %><br />
+    <% end -%>
 
-  <hr />
+    <hr />
+  <% end -%>
 
   <%- if devise_mapping.omniauthable? %>