Refactor all the things!

Gemfile

@@ -12,6 +12,8 @@ group :assets do
   gem 'sass-rails', "  ~> 4.0.0"
   gem 'coffee-rails', "~> 4.0.0"
   gem 'uglifier'
+
+  gem 'bourbon'
 end
 
 gem 'jquery-rails'
@@ -67,7 +69,7 @@ gem "newrelic_rpm"
 gem "exception_notification", :git => "git://github.com/rails/exception_notification", :require => 'exception_notifier'
 gem 'pg'
 gem 'devise'
-gem 'formtastic'
+gem 'simple_form'
 gem 'squeel'
 #gem 'mini_exiftool'
 gem 'will_paginate'

Gemfile.lock

@@ -56,6 +56,9 @@ GEM
       erubis (>= 2.6.6)
     binding_of_caller (0.7.2)
       debug_inspector (>= 0.0.1)
+    bourbon (3.1.8)
+      sass (>= 3.2.0)
+      thor
     builder (3.1.4)
     capybara (2.2.1)
       mime-types (>= 1.16)
@@ -97,8 +100,6 @@ GEM
       factory_girl (~> 4.4.0)
       railties (>= 3.0.0)
     fivemat (1.2.1)
-    formtastic (2.2.1)
-      actionpack (>= 3.0)
     haml (4.0.5)
       tilt
     hike (1.2.3)
@@ -179,6 +180,9 @@ GEM
     sexp_processor (4.4.1)
     shoulda-matchers (2.5.0)
       activesupport (>= 3.0.0)
+    simple_form (3.0.1)
+      actionpack (>= 4.0.0, < 4.1)
+      activemodel (>= 4.0.0, < 4.1)
     slop (3.4.7)
     slugtastic (1.2.1)
     sprockets (2.11.0)
@@ -226,13 +230,13 @@ DEPENDENCIES
   aws-sdk
   better_errors
   binding_of_caller
+  bourbon
   capybara-screenshot
   coffee-rails (~> 4.0.0)
   devise
   exception_notification!
   factory_girl_rails
   fivemat
-  formtastic
   haml
   hpricot
   jquery-rails
@@ -249,6 +253,7 @@ DEPENDENCIES
   ruby_parser
   sass-rails (~> 4.0.0)
   shoulda-matchers
+  simple_form
   slugtastic
   sqlite3
   squeel

README.md

@@ -2,3 +2,7 @@ DanBarberPhoto
 ==============
 
 This is the source code for DanBarberPhoto.com.
+
+The session cookie has been set to `secure: true` so the admin login will only
+work over an HTTPS connection. Nginx can be used as a local proxy for
+development purposes.

app/assets/javascripts/admin/flash.js.coffee

@@ -1,4 +1,4 @@
 $ ->
   $(".flash a.close").click ->
     $(this).parent().fadeOut(200)
-    false
+    false

app/assets/stylesheets/admin.css

@@ -1,9 +0,0 @@
-/*
- * This is a manifest file that'll automatically include all the stylesheets available in this directory
- * and any sub-directories. You're free to add application-wide styles to this file and they'll appear at
- * the top of the compiled file, but it's generally better to create a new file per style scope.
- *= require_self
- *= require formtastic
- *= require fancybox
- *= require_directory ./admin
- */

app/assets/stylesheets/admin.css.sass

@@ -0,0 +1,10 @@
+@import 'bourbon'
+
+@import 'fancybox'
+@import 'admin/admin'
+@import 'admin/dashboard'
+@import 'admin/flash'
+@import 'admin/menu'
+@import 'admin/photos'
+@import 'admin/simple_form'
+@import 'admin/unlocks'

app/assets/stylesheets/admin/admin.css.sass

@@ -83,11 +83,6 @@ div
 #notice
   color: green
 
-.field_with_errors
-  padding: 0.3em
-  background-color: red
-  display: table
-
 table
   border: 1px solid #bbb
   border-spacing: 0

app/assets/stylesheets/admin/simple_form.css.sass

@@ -4,7 +4,7 @@
 @import "../includes/box_shadow"
 @import "../includes/button"
 
-form.formtastic
+form.simple_form
   background: white
   border: 1px solid #ccc
   margin: 0 0 1em
@@ -17,21 +17,25 @@ form.formtastic
     label
       font-weight: bold
   @include round-corners(5px)
-  ol, ul
-    margin-bottom: 0.5em
   .input
     margin-bottom: 0em
     margin-top: 0em
     overflow: hidden
     padding: 0.5em 0
-    .label
+    label
+      display: block
+      float: left
+      line-height: 1.8
       width: 13em
+  input
+    @include placeholder
+      color: rgba(0, 0, 0, 0.4)
   textarea
     height: 10em
   input, textarea
     font-family: "Helvetica Neue", "Arial", sans-serif
     font-size: 1em
-    margin-right: 5px
+    margin: 0 5px 0 0
     border-width: 1px
     border-style: solid
     border-color: #999 #DDD #DDD #999
@@ -41,7 +45,7 @@ form.formtastic
     &:focus
       border-color: #67A #9AF #9AF #67A
       @include box-shadow("0 0 4px rgba(0, 128, 255, 0.5), inset 1px 1px 4px rgba(0, 0, 0, 0.1)")
-    &[type=text], &[type=email]
+    &[type=text], &[type=email], &[type=url]
       width: 15em
     &[type=number]
       width: 3.5em
@@ -68,12 +72,16 @@ form.formtastic
       &:hover, &:focus
         background-color: #8B6
 
-  .boolean
+  .input.boolean
+    padding-left: 14em
     label
-      padding-left: 14em
       text-align: left
+    input
+      float: left
+      margin-top: 0.4em
+      margin-right: 0.6em
 
-  .error input
+  .field_with_errors input
     border-width: 1px
     border-style: solid
     border-color: #933 #FBB #FBB #933
@@ -81,17 +89,21 @@ form.formtastic
     padding: 0.3em
     box-shadow: inset 1px 1px 4px rgba(0, 0, 0, 0.1)
 
-  .inline-errors
+  span.error
     display: inline
     margin-left: 1em
     color: #933
 
+  fieldset
+    border: 0
+    margin-bottom: 0.5em
+
   fieldset.inputs
     padding: 1em 0
     border-bottom: 1px solid #ccc
   fieldset.actions
     padding: 1.5em 0 1em
-  .stringish, .text
+  .string, .email, .password, .text
     input, textarea
       width: 40%
 

app/controllers/admin/categories_controller.rb

@@ -15,7 +15,7 @@ class Admin::CategoriesController < Admin::AdminController
   def update
     @category = Category.find(params[:id])
 
-    if @category.update_attributes(params[:category])
+    if @category.update_attributes(permitted_params)
       redirect_to admin_categories_path, notice: 'Category was successfully updated.'
     else
       render :edit
@@ -23,7 +23,7 @@ class Admin::CategoriesController < Admin::AdminController
   end
 
   def create
-    @category = Category.new(params[:category])
+    @category = Category.new(permitted_params)
 
       if @category.save
         redirect_to admin_categories_path, notice: 'Category was successfully added.'
@@ -39,4 +39,10 @@ class Admin::CategoriesController < Admin::AdminController
     redirect_to admin_categories_path, notice: 'Category was deleted.'
   end
 
+  private
+
+  def permitted_params
+    params.require(:category).permit(:name, :slug, :description, :base_colour, :sort)
+  end
+
 end

app/controllers/admin/pages_controller.rb

@@ -15,7 +15,7 @@ class Admin::PagesController < Admin::AdminController
   def update
     @page = Page.find(params[:id])
 
-    if @page.update_attributes(params[:page])
+    if @page.update_attributes(permitted_params)
       redirect_to admin_pages_path, notice: 'Page was successfully updated.'
     else
       render :edit
@@ -23,7 +23,7 @@ class Admin::PagesController < Admin::AdminController
   end
 
   def create
-    @page = Page.new(params[:page])
+    @page = Page.new(permitted_params)
 
     if @page.save
       redirect_to admin_pages_path, notice: 'Page was successfully added.'
@@ -39,4 +39,10 @@ class Admin::PagesController < Admin::AdminController
     redirect_to admin_pages_path, notice: 'Page was deleted.'
   end
 
+  private
+
+  def permitted_params
+    params.require(:page).permit(:name, :title, :content)
+  end
+
 end

app/controllers/admin/photos_controller.rb

@@ -16,7 +16,7 @@ class Admin::PhotosController < Admin::AdminController
   def update
     @photo = Photo.find(params[:id])
 
-    if @photo.update_attributes(params[:photo])
+    if @photo.update_attributes(permitted_params)
       redirect_to admin_photos_path, notice: 'Photo was successfully updated.'
     else
       render :edit
@@ -24,7 +24,7 @@ class Admin::PhotosController < Admin::AdminController
   end
 
   def create
-    @photo = Photo.new(params[:photo])
+    @photo = Photo.new(permitted_params)
 
       if @photo.save
         redirect_to admin_photos_path, notice: 'Photo was successfully added.'
@@ -46,4 +46,8 @@ class Admin::PhotosController < Admin::AdminController
     @categories = Category.all
   end
 
+  def permitted_params
+    params.require(:photo).permit(:image, :title, :description, :flickr_url, :featured, :enabled, :taken_at)
+  end
+
 end

app/helpers/admin/admin_helper.rb

@@ -1,2 +1,9 @@
 module Admin::AdminHelper
+  def inputs_field_set &block
+    field_set_tag nil, class: :inputs, &block
+  end
+
+  def actions_field_set &block
+    field_set_tag nil, class: :actions, &block
+  end
 end

app/models/photo.rb

@@ -19,7 +19,7 @@ class Photo < ActiveRecord::Base
                             s3_credentials: "#{Rails.root}/config/s3.yml",
                             s3_protocol: 'https',
                             path: ':attachment/:id/:style.:extension',
-                            bucket: 'danbarberphoto',
+                            bucket: ENV['AWS_BUCKET_NAME'],
                             url: ':s3_domain_url'
 
   @@per_page = 11

app/views/admin/admin_users/_form.html.haml

@@ -1,3 +1,5 @@
-= semantic_form_for [:admin, admin_user] do |f|
-  = f.inputs :email
-  = f.actions
+= simple_form_for [:admin, admin_user] do |f|
+  = inputs_field_set do
+    = f.input :email, required: true
+  = actions_field_set do
+    = f.submit

app/views/admin/admin_users/edit_password.html.haml

@@ -1,11 +1,11 @@
 %h3 Change your password
 
-= semantic_form_for(@admin_user, :url => update_password_admin_admin_user_path, :html => { :method => :put }) do |f|
-  = f.inputs do
+= simple_form_for(@admin_user, :url => update_password_admin_admin_user_path, :html => { :method => :put }) do |f|
+  = inputs_field_set do
     = f.input :current_password
-  = f.inputs do
+  = inputs_field_set do
     = f.input :password, :label => "New Password"
     = f.input :password_confirmation, :label => "Confirm Password"
 
-  = f.buttons do
+  = actions_field_set do
     = f.submit "Change my password"

app/views/admin/categories/_form.html.haml

@@ -1,3 +1,9 @@
-= semantic_form_for [:admin, category] do |f|
-  = f.inputs :name, :slug, :description, :base_colour, :sort
-  = f.actions
+= simple_form_for [:admin, category] do |f|
+  = inputs_field_set do
+    = f.input :name
+    = f.input :slug, placeholder: 'derived from name if blank'
+    = f.input :description
+    = f.input :base_colour
+    = f.input :sort
+  = actions_field_set do
+    = f.submit

app/views/admin/categories/index.html.haml

@@ -8,7 +8,7 @@
       %th Base Colour
       %th
   %tbody
-    = render :partial => "category", :collection => @categories
+    = render @categories
   %tfoot
     %tr
       %td{:colspan => 5}

app/views/admin/confirmations/new.html.haml

@@ -1,11 +1,11 @@
 %h3 Resend confirmation instructions
 
-= semantic_form_for(resource, :as => resource_name, :url => confirmation_path(resource_name), :html => { :method => :post }) do |f|
+= simple_form_for(resource, as: resource_name, url: confirmation_path(resource_name), html: { method: :post }) do |f|
 
-  = f.inputs do
+  = inputs_field_set do
     = f.input :email
-  
-  = f.actions do
+
+  = actions_field_set do
     = f.submit "Resend confirmation instructions"
 
-= render :partial => "devise/shared/links"
+= render partial: "devise/shared/links"

app/views/admin/confirmations/show.html.haml

@@ -1,12 +1,12 @@
 %h3= "Account Activation for #{resource.email}"
 
-= semantic_form_for resource, :as => resource_name, :url => update_user_confirmation_path, :html => {:method => 'put'}, :id => 'activation-form' do |f|
+= simple_form_for resource, as: resource_name, url: update_user_confirmation_path, html: {method: 'put'}, id: 'activation-form' do |f|
   = devise_error_messages!
-  = field_set_tag "", :class => "inputs" do
+  = inputs_field_set do
     %ol
       - if @requires_password
-        = f.input :password, :label => 'Choose a Password'
-        = f.input :password_confirmation, :label => 'Confirm Password'
-      = hidden_field_tag :confirmation_token,@confirmation_token
+        = f.input :password, :label 'Choose a Password'
+        = f.input :password_confirmation, :label 'Confirm Password'
+      = hidden_field_tag :confirmation_token, @confirmation_token
   = f.actions do
     = f.submit "Activate"

app/views/admin/layouts/admin.html.haml

@@ -5,10 +5,10 @@
     = stylesheet_link_tag    "admin"
     = javascript_include_tag "admin"
     = csrf_meta_tag
-  
+
   %body
     #page
       %header{ :role => "banner" }= render :partial => "admin/shared/header"
       = render :partial => "shared/flash_messages"
       = yield
-      %footer{ :role => "footer" }= render :partial => "admin/shared/footer"
+      %footer{ :role => "footer" }= render :partial => "admin/shared/footer"

app/views/admin/layouts/login.html.haml

@@ -5,9 +5,9 @@
     = stylesheet_link_tag    "admin"
     = javascript_include_tag "admin"
     = csrf_meta_tag
-  
+
   %body
     #login
       %header{ :role => "banner" }= render :partial => "admin/shared/login_header"
       = render :partial => "shared/flash_messages"
-      = yield
+      = yield

app/views/admin/pages/_form.html.haml

@@ -1,3 +1,7 @@
-= semantic_form_for [:admin, page] do |f|
-  = f.inputs :name, :title, :content
-  = f.actions
+= simple_form_for [:admin, page] do |f|
+  = inputs_field_set do
+    = f.input :name
+    = f.input :title
+    = f.input :content
+  = actions_field_set do
+    = f.submit

app/views/admin/passwords/edit.html.haml

@@ -1,14 +1,14 @@
 %h3 Change your password
 
-= semantic_form_for(resource, :as => resource_name, :url => password_path(resource_name), :html => { :method => :put }) do |f|
+= simple_form_for(resource, as: resource_name, url: password_path(resource_name), html: { method: :put }) do |f|
   = devise_error_messages!
   = f.hidden_field :reset_password_token
 
-  = f.inputs do
-    = f.input :password, :label => "New Password"
-    = f.input :password_confirmation, :label => "Confirm Password"
+  = inputs_field_set do
+    = f.input :password, label: "New Password", required: true
+    = f.input :password_confirmation, label: "Confirm Password", required: true
 
-  = f.actions do
+  = actions_field_set do
     = f.submit "Change my password"
 
-= render :partial => "devise/shared/links"
+= render partial: "devise/shared/links"

app/views/admin/passwords/new.html.haml

@@ -1,11 +1,11 @@
 %h3 Forgot your password?
 
-= semantic_form_for(resource, :as => resource_name, :url => password_path(resource_name), :html => { :method => :post }) do |f|
+= simple_form_for(resource, as: resource_name, url: password_path(resource_name), html: { method: :post }) do |f|
 
-  = f.inputs do
-    = f.input :email
+  = inputs_field_set do
+    = f.input :email, required: true
 
-  = f.buttons do
+  = actions_field_set do
     = f.submit "Reset Password"
 
-= render :partial => "devise/shared/links"
+= render partial: "devise/shared/links"

app/views/admin/photos/_form.html.haml

@@ -1,8 +1,17 @@
-= semantic_form_for [:admin, photo] do |f|
+= simple_form_for [:admin, photo] do |f|
   %ul.categories
     - @categories.each do |photo_category|
       %li
         = check_box_tag "photo[category_ids][]", photo_category.id, @photo.categories.include?(photo_category), :id => "photo_category_ids_#{photo_category.id}"
         = label_tag "photo_category_ids_#{photo_category.id}", photo_category.name
-  = f.inputs :photo, :title, :description, :flickr_url, :featured, :enabled, :taken_at
-  = f.actions
+
+  = inputs_field_set do
+    = f.input :photo
+    = f.input :title
+    = f.input :description
+    = f.input :flickr_url
+    = f.input :featured
+    = f.input :enabled
+    = f.input :taken_at
+  = actions_field_set do
+    = f.submit

app/views/admin/sessions/new.html.haml

@@ -1,14 +1,14 @@
 %h3 Sign in
 
-= semantic_form_for(resource, :as => resource_name, :url => session_path(resource_name)) do |f|
-  = f.inputs do
-    = f.input :email
-    = f.input :password
+= simple_form_for(resource, as: resource_name, url: session_path(resource_name)) do |f|
+  = inputs_field_set do
+    = f.input :email, required: true
+    = f.input :password, required: true
 
     - if devise_mapping.rememberable?
-      = f.input :remember_me, :as => :boolean
-  
-  = f.actions do
+      = f.input :remember_me, as: :boolean
+
+  = actions_field_set do
     = f.submit "Sign In"
 
-= render :partial => "devise/shared/links"
+= render partial: "devise/shared/links"

app/views/admin/unlocks/new.html.haml

@@ -1,11 +1,11 @@
 %h3 Resend unlock instructions
 
-= semantic_form_for(resource, :as => resource_name, :url => unlock_path(resource_name), :html => { :method => :post }) do |f|
+= simple_form_for(resource, as: resource_name, url: unlock_path(resource_name), html: { method: :post }) do |f|
 
-  = f.inputs do
+  = inputs_field_set do
     = f.input :email
 
-  = f.actions do
+  = actions_field_set do
     = f.submit "Resend unlock instructions"
-    
-= render :partial => "devise/shared/links"
+
+= render partial: "devise/shared/links"

config/initializers/devise.rb

@@ -1,18 +1,19 @@
-# Use this hook to configure devise mailer, warden hooks and so forth. The first
-# four configuration values can also be set straight in your models.
+# Use this hook to configure devise mailer, warden hooks and so forth.
+# Many of these configuration options can be set straight in your model.
 Devise.setup do |config|
   # The secret key used by Devise. Devise uses this key to generate
   # random tokens. Changing this key will render invalid all existing
-  # confirmation, reset password and unlock tokens in the database.#
+  # confirmation, reset password and unlock tokens in the database.
   config.secret_key = '61c6eff811df1ecd36c7fc2365c73f535546bf47ef542cce436cbb43cb6e7fbcd9d89f07d01cd65413b3ba16b850934c8f7e56d85f8aece02444b2487389efb8'
 
   # ==> Mailer Configuration
   # Configure the e-mail address which will be shown in Devise::Mailer,
-  # note that it will be overwritten if you use your own mailer class with default "from" parameter.
-  config.mailer_sender = "please-change-me-at-config-initializers-devise@example.com"
+  # note that it will be overwritten if you use your own mailer class
+  # with default "from" parameter.
+  config.mailer_sender = 'site@danbarberphoto.com'
 
   # Configure the class responsible to send e-mails.
-  # config.mailer = "Devise::Mailer"
+  # config.mailer = 'Devise::Mailer'
 
   # ==> ORM configuration
   # Load and configure the ORM. Supports :active_record (default) and
@@ -48,22 +49,42 @@ Devise.setup do |config|
   config.strip_whitespace_keys = [ :email ]
 
   # Tell if authentication through request.params is enabled. True by default.
+  # It can be set to an array that will enable params authentication only for the
+  # given strategies, for example, `config.params_authenticatable = [:database]` will
+  # enable it only for database (email + password) authentication.
   # config.params_authenticatable = true
 
-  # Tell if authentication through HTTP Basic Auth is enabled. False by default.
+  # Tell if authentication through HTTP Auth is enabled. False by default.
+  # It can be set to an array that will enable http authentication only for the
+  # given strategies, for example, `config.http_authenticatable = [:database]` will
+  # enable it only for database authentication. The supported strategies are:
+  # :database      = Support basic authentication with authentication key + password
   # config.http_authenticatable = false
 
   # If http headers should be returned for AJAX requests. True by default.
   # config.http_authenticatable_on_xhr = true
 
-  # The realm used in Http Basic Authentication. "Application" by default.
-  # config.http_authentication_realm = "Application"
+  # The realm used in Http Basic Authentication. 'Application' by default.
+  # config.http_authentication_realm = 'Application'
 
   # It will change confirmation, password recovery and other workflows
   # to behave the same regardless if the e-mail provided was right or wrong.
   # Does not affect registerable.
   # config.paranoid = true
 
+  # By default Devise will store the user in session. You can skip storage for
+  # particular strategies by setting this option.
+  # Notice that if you are skipping storage for all authentication paths, you
+  # may want to disable generating routes to Devise's sessions controller by
+  # passing :skip => :sessions to `devise_for` in your config/routes.rb
+  config.skip_session_storage = [:http_auth]
+
+  # By default, Devise cleans up the CSRF token on authentication to
+  # avoid CSRF token fixation attacks. This means that, when using AJAX
+  # requests for sign in and sign up, you need to get a new CSRF token
+  # from the server. You can disable this option at your own risk.
+  # config.clean_up_csrf_token_on_authentication = true
+
   # ==> Configuration for :database_authenticatable
   # For bcrypt, this is the cost for hashing the password and defaults to 10. If
   # using other encryptors, it sets how many times you want the password re-encrypted.
@@ -74,7 +95,7 @@ Devise.setup do |config|
   config.stretches = Rails.env.test? ? 1 : 10
 
   # Setup a pepper to generate the encrypted password.
-  # config.pepper = "09f42a4393b21d179831660ef0102527e36691cfe7d0d72f2b23c0b712275223dbca9eced7e781dcb6cbb14f129aed2086c91ab8bb38c519321a61fb1a93c170"
+  # config.pepper = 'ba9cae796e2b75bc34af798332ac62a9dd8887c51367cb6cbe8415bec851543e981167db889d2672c1bbcb9b58101b2ac258f9c8d310f5697078089a8b8e47b9'
 
   # ==> Configuration for :confirmable
   # A period that the user is allowed to access the website even without
@@ -82,7 +103,21 @@ Devise.setup do |config|
   # able to access the website for two days without confirming his account,
   # access will be blocked just in the third day. Default is 0.days, meaning
   # the user cannot access the website without confirming his account.
-  # config.confirm_within = 2.days
+  # config.allow_unconfirmed_access_for = 2.days
+
+  # A period that the user is allowed to confirm their account before their
+  # token becomes invalid. For example, if set to 3.days, the user can confirm
+  # their account within 3 days after the mail was sent, but on the fourth day
+  # their account can't be confirmed with the token any more.
+  # Default is nil, meaning there is no restriction on how long a user can take
+  # before confirming their account.
+  # config.confirm_within = 3.days
+
+  # If true, requires any email changes to be confirmed (exactly the same way as
+  # initial account confirmation) to be applied. Requires additional unconfirmed_email
+  # db field (see migrations). Until confirmed new email is stored in
+  # unconfirmed email column, and copied to email column on successful confirmation.
+  config.reconfirmable = false
 
   # Defines which key will be used when confirming an account
   # config.confirmation_keys = [ :email ]
@@ -91,22 +126,19 @@ Devise.setup do |config|
   # The time the user will be remembered without asking for credentials again.
   # config.remember_for = 2.weeks
 
-  # If true, a valid remember token can be re-used between multiple browsers.
-  # config.remember_across_browsers = true
-
   # If true, extends the user's remember period when remembered via cookie.
   # config.extend_remember_period = false
 
   # Options to be passed to the created cookie. For instance, you can set
   # :secure => true in order to force SSL only cookies.
-  # config.cookie_options = {}
+  # config.rememberable_options = {}
 
   # ==> Configuration for :validatable
-  # Range for password length. Default is 6..128.
-  # config.password_length = 6..128
+  # Range for password length. Default is 8..128.
+  config.password_length = 8..128
 
   # Email regex used to validate email formats. It simply asserts that
-  # an one (and only one) @ exists in the given string. This is mainly
+  # one (and only one) @ exists in the given string. This is mainly
   # to give user feedback and not to assert the e-mail validity.
   # config.email_regexp = /\A[^@]+@[^@]+\z/
 
@@ -115,11 +147,14 @@ Devise.setup do |config|
   # time the user will be asked for credentials again. Default is 30 minutes.
   # config.timeout_in = 30.minutes
 
+  # If true, expires auth token on session timeout.
+  # config.expire_auth_token_on_timeout = false
+
   # ==> Configuration for :lockable
   # Defines which strategy will be used to lock an account.
   # :failed_attempts = Locks an account after a number of failed attempts to sign in.
   # :none            = No lock strategy. You should handle locking by yourself.
-  config.lock_strategy = :failed_attempts
+  # config.lock_strategy = :failed_attempts
 
   # Defines which key will be used when locking and unlocking an account
   # config.unlock_keys = [ :email ]
@@ -133,11 +168,14 @@ Devise.setup do |config|
 
   # Number of authentication tries before locking an account if lock_strategy
   # is failed attempts.
-  config.maximum_attempts = 5
+  # config.maximum_attempts = 20
 
   # Time interval to unlock the account if :time is enabled as unlock_strategy.
   # config.unlock_in = 1.hour
 
+  # Warn on the last attempt before the account is locked.
+  # config.last_attempt_warning = false
+
   # ==> Configuration for :recoverable
   #
   # Defines which key will be used when recovering the password for an account
@@ -146,24 +184,18 @@ Devise.setup do |config|
   # Time interval you can reset your password with a reset password key.
   # Don't put a too small interval or your users won't have the time to
   # change their passwords.
-  config.reset_password_within = 2.hours
+  config.reset_password_within = 6.hours
 
   # ==> Configuration for :encryptable
   # Allow you to use another encryption algorithm besides bcrypt (default). You can use
   # :sha1, :sha512 or encryptors from others authentication tools as :clearance_sha1,
   # :authlogic_sha512 (then you should set stretches above to 20 for default behavior)
   # and :restful_authentication_sha1 (then you should set stretches to 10, and copy
-  # REST_AUTH_SITE_KEY to pepper)
+  # REST_AUTH_SITE_KEY to pepper).
+  #
+  # Require the `devise-encryptable` gem when using anything other than bcrypt
   # config.encryptor = :sha512
 
-  # ==> Configuration for :token_authenticatable
-  # Defines name of the authentication token params key
-  # config.token_authentication_key = :auth_token
-
-  # If true, authentication through token does not store user in session and needs
-  # to be supplied on each request. Useful if you are using the token as API token.
-  # config.stateless_token = false
-
   # ==> Scopes configuration
   # Turn scoped views on. Before rendering "sessions/new", it will first check for
   # "users/sessions/new". It's turned off by default because it's slower if you
@@ -174,9 +206,8 @@ Devise.setup do |config|
   # devise role declared in your routes (usually :user).
   # config.default_scope = :user
 
-  # Configure sign_out behavior.
-  # Sign_out action can be scoped (i.e. /users/sign_out affects only :user scope).
-  # The default is true, which means any logout action will sign out all active scopes.
+  # Set this configuration to false if you want /users/sign_out to sign out
+  # only the current scope. By default, Devise signs out all scopes.
   # config.sign_out_all_scopes = true
 
   # ==> Navigation configuration
@@ -187,9 +218,8 @@ Devise.setup do |config|
   # If you have any extra navigational formats, like :iphone or :mobile, you
   # should add them to the navigational formats lists.
   #
-  # The :"*/*" and "*/*" formats below is required to match Internet
-  # Explorer requests.
-  # config.navigational_formats = [:"*/*", "*/*", :html]
+  # The "*/*" below is required to match Internet Explorer requests.
+  # config.navigational_formats = ['*/*', :html]
 
   # The default HTTP method used to sign out a resource. Default is :delete.
   config.sign_out_via = :delete
@@ -204,8 +234,21 @@ Devise.setup do |config|
   # change the failure app, you can configure them inside the config.warden block.
   #
   # config.warden do |manager|
-  #   manager.failure_app   = AnotherApp
   #   manager.intercept_401 = false
   #   manager.default_strategies(:scope => :user).unshift :some_external_strategy
   # end
+
+  # ==> Mountable engine configurations
+  # When using Devise inside an engine, let's call it `MyEngine`, and this engine
+  # is mountable, there are some extra configurations to be taken into account.
+  # The following options are available, assuming the engine is mounted as:
+  #
+  #     mount MyEngine, at: '/my_engine'
+  #
+  # The router that invoked `devise_for`, in the example above, would be:
+  # config.router_name = :my_engine
+  #
+  # When using omniauth, Devise cannot automatically set Omniauth path,
+  # so you need to do it manually. For the users scope, it would be:
+  # config.omniauth_path_prefix = '/my_engine/users/auth'
 end

config/initializers/simple_form.rb

@@ -0,0 +1,145 @@
+# Use this setup block to configure all options available in SimpleForm.
+SimpleForm.setup do |config|
+  # Wrappers are used by the form builder to generate a
+  # complete input. You can remove any component from the
+  # wrapper, change the order or even add your own to the
+  # stack. The options given below are used to wrap the
+  # whole input.
+  config.wrappers :default, class: :input,
+    hint_class: :field_with_hint, error_class: :field_with_errors do |b|
+    ## Extensions enabled by default
+    # Any of these extensions can be disabled for a
+    # given input by passing: `f.input EXTENSION_NAME => false`.
+    # You can make any of these extensions optional by
+    # renaming `b.use` to `b.optional`.
+
+    # Determines whether to use HTML5 (:email, :url, ...)
+    # and required attributes
+    b.use :html5
+
+    # Calculates placeholders automatically from I18n
+    # You can also pass a string as f.input placeholder: "Placeholder"
+    b.use :placeholder
+
+    ## Optional extensions
+    # They are disabled unless you pass `f.input EXTENSION_NAME => :lookup`
+    # to the input. If so, they will retrieve the values from the model
+    # if any exists. If you want to enable the lookup for any of those
+    # extensions by default, you can change `b.optional` to `b.use`.
+
+    # Calculates maxlength from length validations for string inputs
+    b.optional :maxlength
+
+    # Calculates pattern from format validations for string inputs
+    b.optional :pattern
+
+    # Calculates min and max from length validations for numeric inputs
+    b.optional :min_max
+
+    # Calculates readonly automatically from readonly attributes
+    b.optional :readonly
+
+    ## Inputs
+    b.use :label_input
+    b.use :hint,  wrap_with: { tag: :span, class: :hint }
+    b.use :error, wrap_with: { tag: :span, class: :error }
+  end
+
+  # The default wrapper to be used by the FormBuilder.
+  config.default_wrapper = :default
+
+  # Define the way to render check boxes / radio buttons with labels.
+  # Defaults to :nested for bootstrap config.
+  #   inline: input + label
+  #   nested: label > input
+  config.boolean_style = :nested
+
+  # Default class for buttons
+  config.button_class = 'btn'
+
+  # Method used to tidy up errors. Specify any Rails Array method.
+  # :first lists the first message for each field.
+  # Use :to_sentence to list all errors for each field.
+  # config.error_method = :first
+
+  # Default tag used for error notification helper.
+  config.error_notification_tag = :div
+
+  # CSS class to add for error notification helper.
+  config.error_notification_class = 'alert alert-error'
+
+  # ID to add for error notification helper.
+  # config.error_notification_id = nil
+
+  # Series of attempts to detect a default label method for collection.
+  # config.collection_label_methods = [ :to_label, :name, :title, :to_s ]
+
+  # Series of attempts to detect a default value method for collection.
+  # config.collection_value_methods = [ :id, :to_s ]
+
+  # You can wrap a collection of radio/check boxes in a pre-defined tag, defaulting to none.
+  # config.collection_wrapper_tag = nil
+
+  # You can define the class to use on all collection wrappers. Defaulting to none.
+  # config.collection_wrapper_class = nil
+
+  # You can wrap each item in a collection of radio/check boxes with a tag,
+  # defaulting to :span. Please note that when using :boolean_style = :nested,
+  # SimpleForm will force this option to be a label.
+  # config.item_wrapper_tag = :span
+
+  # You can define a class to use in all item wrappers. Defaulting to none.
+  # config.item_wrapper_class = nil
+
+  # How the label text should be generated altogether with the required text.
+  # config.label_text = lambda { |label, required| "#{required} #{label}" }
+
+  # You can define the class to use on all labels. Default is nil.
+  config.label_class = 'control-label'
+
+  # You can define the class to use on all forms. Default is simple_form.
+  # config.form_class = :simple_form
+
+  # You can define which elements should obtain additional classes
+  # config.generate_additional_classes_for = [:wrapper, :label, :input]
+
+  # Whether attributes are required by default (or not). Default is true.
+  # config.required_by_default = true
+
+  # Tell browsers whether to use the native HTML5 validations (novalidate form option).
+  # These validations are enabled in SimpleForm's internal config but disabled by default
+  # in this configuration, which is recommended due to some quirks from different browsers.
+  # To stop SimpleForm from generating the novalidate option, enabling the HTML5 validations,
+  # change this configuration to true.
+  config.browser_validations = false
+
+  # Collection of methods to detect if a file type was given.
+  # config.file_methods = [ :mounted_as, :file?, :public_filename ]
+
+  # Custom mappings for input types. This should be a hash containing a regexp
+  # to match as key, and the input type that will be used when the field name
+  # matches the regexp as value.
+  # config.input_mappings = { /count/ => :integer }
+
+  # Custom wrappers for input types. This should be a hash containing an input
+  # type as key and the wrapper that will be used for all inputs with specified type.
+  # config.wrapper_mappings = { string: :prepend }
+
+  # Default priority for time_zone inputs.
+  # config.time_zone_priority = nil
+
+  # Default priority for country inputs.
+  # config.country_priority = nil
+
+  # When false, do not use translations for labels.
+  # config.translate_labels = true
+
+  # Automatically discover new inputs in Rails' autoload path.
+  # config.inputs_discovery = true
+
+  # Cache SimpleForm inputs discovery
+  # config.cache_discovery = !Rails.env.development?
+
+  # Default class for inputs
+  # config.input_class = nil
+end

config/locales/simple_form.en.yml

@@ -0,0 +1,26 @@
+en:
+  simple_form:
+    "yes": 'Yes'
+    "no": 'No'
+    required:
+      text: 'required'
+      mark: '*'
+      # You can uncomment the line below if you need to overwrite the whole required html.
+      # When using html, text and mark won't be used.
+      # html: '<abbr title="required">*</abbr>'
+    error_notification:
+      default_message: "Please review the problems below:"
+    # Labels and hints examples
+    # labels:
+    #   defaults:
+    #     password: 'Password'
+    #   user:
+    #     new:
+    #       email: 'E-mail to sign in.'
+    #     edit:
+    #       email: 'E-mail.'
+    # hints:
+    #   defaults:
+    #     username: 'User name to sign in.'
+    #     password: 'No special characters, please.'
+

db/schema.rb

@@ -9,17 +9,20 @@
 # from scratch. The latter is a flawed and unsustainable approach (the more migrations
 # you'll amass, the slower it'll run and the greater likelihood for issues).
 #
-# It's strongly recommended to check this file into your version control system.
+# It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(:version => 20130522071132) do
+ActiveRecord::Schema.define(version: 20130522071132) do
 
-  create_table "admin_users", :force => true do |t|
-    t.string   "email",                                 :default => "", :null => false
-    t.string   "encrypted_password",     :limit => 128, :default => "", :null => false
+  # These are extensions that must be enabled in order to support this database
+  enable_extension "plpgsql"
+
+  create_table "admin_users", force: true do |t|
+    t.string   "email",                              default: "", null: false
+    t.string   "encrypted_password",     limit: 128, default: "", null: false
     t.string   "reset_password_token"
     t.datetime "reset_password_sent_at"
     t.datetime "remember_created_at"
-    t.integer  "sign_in_count",                         :default => 0
+    t.integer  "sign_in_count",                      default: 0
     t.datetime "current_sign_in_at"
     t.datetime "last_sign_in_at"
     t.string   "current_sign_in_ip"
@@ -27,19 +30,19 @@ ActiveRecord::Schema.define(:version => 20130522071132) do
     t.string   "confirmation_token"
     t.datetime "confirmed_at"
     t.datetime "confirmation_sent_at"
-    t.integer  "failed_attempts",                       :default => 0
+    t.integer  "failed_attempts",                    default: 0
     t.string   "unlock_token"
     t.datetime "locked_at"
     t.datetime "created_at"
     t.datetime "updated_at"
   end
 
-  add_index "admin_users", ["confirmation_token"], :name => "index_admin_users_on_confirmation_token", :unique => true
-  add_index "admin_users", ["email"], :name => "index_admin_users_on_email", :unique => true
-  add_index "admin_users", ["reset_password_token"], :name => "index_admin_users_on_reset_password_token", :unique => true
-  add_index "admin_users", ["unlock_token"], :name => "index_admin_users_on_unlock_token", :unique => true
+  add_index "admin_users", ["confirmation_token"], name: "index_admin_users_on_confirmation_token", unique: true, using: :btree
+  add_index "admin_users", ["email"], name: "index_admin_users_on_email", unique: true, using: :btree
+  add_index "admin_users", ["reset_password_token"], name: "index_admin_users_on_reset_password_token", unique: true, using: :btree
+  add_index "admin_users", ["unlock_token"], name: "index_admin_users_on_unlock_token", unique: true, using: :btree
 
-  create_table "categories", :force => true do |t|
+  create_table "categories", force: true do |t|
     t.string   "name"
     t.text     "description"
     t.datetime "created_at"
@@ -50,12 +53,12 @@ ActiveRecord::Schema.define(:version => 20130522071132) do
     t.string   "slug"
   end
 
-  create_table "categories_photos", :id => false, :force => true do |t|
+  create_table "categories_photos", id: false, force: true do |t|
     t.integer "category_id"
     t.integer "photo_id"
   end
 
-  create_table "pages", :force => true do |t|
+  create_table "pages", force: true do |t|
     t.string   "name"
     t.string   "title"
     t.text     "content"
@@ -63,7 +66,7 @@ ActiveRecord::Schema.define(:version => 20130522071132) do
     t.datetime "updated_at"
   end
 
-  create_table "photos", :force => true do |t|
+  create_table "photos", force: true do |t|
     t.string   "flickr_url"
     t.string   "photo_file_name"
     t.string   "photo_content_type"
@@ -74,20 +77,20 @@ ActiveRecord::Schema.define(:version => 20130522071132) do
     t.string   "title"
     t.text     "description"
     t.integer  "sort"
-    t.boolean  "featured",           :default => false
-    t.boolean  "enabled",            :default => true
+    t.boolean  "featured",           default: false
+    t.boolean  "enabled",            default: true
     t.datetime "taken_at"
-    t.integer  "views",              :default => 0
+    t.integer  "views",              default: 0
   end
 
-  create_table "sessions", :force => true do |t|
-    t.string   "session_id", :null => false
+  create_table "sessions", force: true do |t|
+    t.string   "session_id", null: false
     t.text     "data"
     t.datetime "created_at"
     t.datetime "updated_at"
   end
 
-  add_index "sessions", ["session_id"], :name => "index_sessions_on_session_id"
-  add_index "sessions", ["updated_at"], :name => "index_sessions_on_updated_at"
+  add_index "sessions", ["session_id"], name: "index_sessions_on_session_id", using: :btree
+  add_index "sessions", ["updated_at"], name: "index_sessions_on_updated_at", using: :btree
 
 end

lib/templates/erb/scaffold/_form.html.erb

@@ -0,0 +1,13 @@
+<%%= simple_form_for(@<%= singular_table_name %>) do |f| %>
+  <%%= f.error_notification %>
+
+  <div class="form-inputs">
+  <%- attributes.each do |attribute| -%>
+    <%%= f.<%= attribute.reference? ? :association : :input %> :<%= attribute.name %> %>
+  <%- end -%>
+  </div>
+
+  <div class="form-actions">
+    <%%= f.button :submit %>
+  </div>
+<%% end %>