finish log in/log out

app/assets/stylesheets/custom.css.scss

@@ -180,3 +180,17 @@ input {
     color: $state-danger-text;
   }
 }
+
+.checkbox {
+  margin-top: -10px;
+  margin-bottom: 10px;
+  span {
+    margin-left: 20px;
+    font-weight: normal;
+  }
+}
+
+#session_remember_me {
+  width: auto;
+  margin-left: 0;
+}

app/controllers/sessions_controller.rb

@@ -7,6 +7,7 @@ class SessionsController < ApplicationController
 		if user && user.authenticate(params[:session][:password])
 			# Log the user in and redirect to the user's show page.
 			log_in user
+			params[:session][:remember_me] == '1' ? remember(user) : forget(user)
 			redirect_to user
 		else
 			flash.now[:danger] = "Invalid email/password combination"
@@ -15,5 +16,7 @@ class SessionsController < ApplicationController
 	end
 
 	def destroy
+		log_out if logged_in?
+		redirect_to root_url
 	end
 end

app/controllers/users_controller.rb

@@ -16,12 +16,7 @@ class UsersController < ApplicationController
     end
   end
 
-  def destroy
-    log_out
-    redirect_to root_url
-  end
-  private
-  def user_params
+	def user_params
     params.require(:user).permit(:name, :email, :password, :password_confirmation)
   end
 end

app/helpers/sessions_helper.rb

@@ -4,15 +4,37 @@ module SessionsHelper
 	end
 
 	def current_user
-		@current_user ||= User.find_by(id: session[:user_id])
+		if (user_id = session[:user_id])
+      		@current_user ||= User.find_by(id: user_id)
+    	elsif (user_id = cookies.signed[:user_id])    		
+      		user = User.find_by(id: user_id)
+      		if user && user.authenticated?(cookies[:remember_token])
+        		log_in user
+        		@current_user = user
+      		end
+    	end
 	end
 
 	def logged_in?
 		!current_user.nil?
 	end
 
-	def log_out
-    session.delete(:user_id)
-    @current_user = nil
-  end
+	def log_out	    
+	    forget(current_user)
+		session.delete(:user_id)
+		@current_user = nil
+  	end
+
+  	def remember(user)
+	    user.remember
+	    cookies.permanent.signed[:user_id] = user.id
+	    cookies.permanent[:remember_token] = user.remember_token
+  	end
+
+  	# Forgets a persistent session.
+	def forget(user)
+		user.forget
+		cookies.delete(:user_id)
+		cookies.delete(:remember_token)
+	end
 end

app/models/user.rb

 class User < ActiveRecord::Base
+	attr_accessor :remember_token
 	before_save {self.email = email.downcase}
 	validates :name, presence: true, length: {maximum: 50}
 
@@ -11,8 +12,26 @@ class User < ActiveRecord::Base
 	has_secure_password
 
 	def User.digest(string)
-    cost = ActiveModel::SecurePassword.min_cost ? BCrypt::Engine::MIN_COST :
-                                                  BCrypt::Engine.cost
-    BCrypt::Password.create(string, cost: cost)
-  end
+	    cost = ActiveModel::SecurePassword.min_cost ? BCrypt::Engine::MIN_COST :
+	                                                  BCrypt::Engine.cost
+	    BCrypt::Password.create(string, cost: cost)
+  	end
+
+  	def User.new_token
+    	SecureRandom.urlsafe_base64
+  	end
+
+  	def remember
+	    self.remember_token = User.new_token
+	    update_attribute(:remember_digest, User.digest(remember_token))
+  	end
+
+  	def authenticated?(remember_token)
+  		return false if remember_digest.nil?
+    	BCrypt::Password.new(remember_digest).is_password?(remember_token)
+  	end
+
+  	def forget
+    	update_attribute(:remember_digest, nil)
+  	end
 end

app/views/sessions/new.html.erb

@@ -8,6 +8,10 @@
 			<%= f.text_field :email, class: 'form-control' %>
 			<%= f.label :password %>
 			<%= f.password_field :password, class: 'form-control' %>
+			<%= f.label :remember_me, class: "checkbox inline" do %>
+		        <%= f.check_box :remember_me %>
+		        <span>Remember me on this computer</span>
+	      	<% end %>
 			<%= f.submit "Log in", class: "btn btn-primary" %>
 		<% end %>
 		<p>New user? <%= link_to "Sign up now!", signup_path %></p>

db/migrate/20141106014947_add_remember_digest_to_users.rb

+class AddRememberDigestToUsers < ActiveRecord::Migration
+  def change
+    add_column :users, :remember_digest, :string
+  end
+end

db/schema.rb

@@ -11,7 +11,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 20141104095950) do
+ActiveRecord::Schema.define(version: 20141106014947) do
 
   create_table "users", force: true do |t|
     t.string   "name"
@@ -19,6 +19,7 @@ ActiveRecord::Schema.define(version: 20141104095950) do
     t.datetime "created_at",      null: false
     t.datetime "updated_at",      null: false
     t.string   "password_digest"
+    t.string   "remember_digest"
   end
 
   add_index "users", ["email"], name: "index_users_on_email", unique: true

test/helpers/sessions_helper_test.rb

+require 'test_helper'
+
+class SessionsHelperTest < ActionView::TestCase
+
+  def setup
+    @user = users(:michael)
+    remember(@user)
+  end
+
+  test "current_user returns right user when session is nil" do
+    assert_equal @user, current_user
+    assert is_logged_in?
+  end
+
+  test "current_user returns nil when remember digest is wrong" do
+    @user.update_attribute(:remember_digest, User.digest(User.new_token))
+    assert_nil current_user
+  end
+end
\ No newline at end of file

test/integration/users_login_test.rb

@@ -39,9 +39,20 @@ class UsersLoginTest < ActionDispatch::IntegrationTest
     delete logout_path
     assert_not is_logged_in?
     assert_redirected_to root_url
+    delete logout_path
     follow_redirect!
     assert_select "a[href=?]", login_path
     assert_select "a[href=?]", logout_path,      count: 0
     assert_select "a[href=?]", user_path(@user), count: 0
   end
+
+  test "login with remembering" do
+    log_in_as(@user, remember_me: '1')
+    assert_not_nil cookies['remember_token']
+  end
+
+  test "login without remembering" do
+    log_in_as(@user, remember_me: '0')
+    assert_nil cookies['remember_token']
+  end
 end

test/models/user_test.rb

@@ -49,4 +49,8 @@ class UserTest < ActiveSupport::TestCase
    	@user.password = @user.password_confirmation = "a" * 5
    	assert_not @user.valid?
    end
+
+   test "authenticated? should return false for a user with nil digest" do
+   	assert_not @user.authenticated?('')
+   end
 end

test/test_helper.rb

@@ -11,4 +11,23 @@ class ActiveSupport::TestCase
   def is_logged_in?
     !session[:user_id].nil?
   end
+
+  def log_in_as(user, options = {})
+    password    = options[:password]    || 'password'
+    remember_me = options[:remember_me] || '1'
+    if integration_test?
+      post login_path, session: { email:       user.email,
+                                  password:    password,
+                                  remember_me: remember_me }
+    else
+      session[:user_id] = user.id
+    end
+  end
+
+  private
+
+	# Returns true inside an integration test.
+	def integration_test?
+	  defined?(post_via_redirect)
+	end
 end