Add account activation

96d08f17 · Thai Phuc · f98aa10a · 96d08f17 · 96d08f17 · 96d08f17
Commit 96d08f17 authored Aug 13, 2018 by Thai Phuc
26 changed files
--- a/app/assets/javascripts/account_activations.coffee
+++ b/app/assets/javascripts/account_activations.coffee
+# Place all the behaviors and hooks related to the matching controller here.
+# All this logic will automatically be available in application.js.
+# You can use CoffeeScript in this file: http://coffeescript.org/
--- a/app/assets/stylesheets/account_activations.scss
+++ b/app/assets/stylesheets/account_activations.scss
+// Place all the styles related to the account_activations controller here.
+// They will automatically be included in application.css.
+// You can use Sass (SCSS) here: http://sass-lang.com/
--- a/app/controllers/account_activations_controller.rb
+++ b/app/controllers/account_activations_controller.rb
+class AccountActivationsController < ApplicationController
+  def edit
+    user = User.find_by(email: params[:email])
+    if user && !user.activated? && user.authenticated?(:activation, params[:id])
+      user.activate
+      log_in user
+      flash[:success] = "Account activated!"
+      redirect_to user
+    else
+      flash[:danger] = "Invalid activation link"
+      redirect_to root_url
+    end
+  end
+end
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -5,10 +5,16 @@ class SessionsController < ApplicationController
  def create
    user = User.find_by(email: params[:session][:email].downcase)
    if user && user.authenticate(params[:session][:password])
+      if user.activated?
        log_in user
        params[:session][:remember_me] == '1' ? remember(user) : forget(user)
        redirect_back_or user
      else
+        message = "Account not activated. Check your email for the activation link."
+        flash[:message] = message
+        redirect_to root_url
+      end
+    else
      flash.now[:danger] = "Invalid email/password combination"
      render 'new'
    end

--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -18,9 +18,9 @@ class UsersController < ApplicationController
  def create
    @user = User.new(user_params)
    if @user.save
-      log_in @user
-      flash[:success] = "Welcome to the Sample App!"
-      redirect_to @user
+      @user.send_activation_email
+      flash[:info] = "Please check your email to activate your account."
+      redirect_to root_url
    else
      render 'new'
    end

--- a/app/helpers/account_activations_helper.rb
+++ b/app/helpers/account_activations_helper.rb
+module AccountActivationsHelper
+end
--- a/app/helpers/sessions_helper.rb
+++ b/app/helpers/sessions_helper.rb
@@ -21,7 +21,7 @@ module SessionsHelper
      @current_user = User.find_by(id: user_id)
    elsif user_id = cookies.signed[:user_id]
      user = User.find_by(id: user_id)
-      if user && user.authenticated?(cookies[:remember_token])
+      if user && user.authenticated?(:remember, cookies[:remember_token])
        log_in user
        @current_user = user
      end

--- a/app/mailers/application_mailer.rb
+++ b/app/mailers/application_mailer.rb
 class ApplicationMailer < ActionMailer::Base
-  default from: 'from@example.com'
+  default from: 'noreply@example.com'
  layout 'mailer'
 end
--- a/app/mailers/user_mailer.rb
+++ b/app/mailers/user_mailer.rb
+class UserMailer < ApplicationMailer
+  def account_activation(user)
+    @user = user
+    mail to: user.email, subject: "Account activation"
+  end
+
+  def password_reset
+    @greeting = "Hi"
+
+    mail to: "to@example.org"
+  end
+end
--- a/app/models/user.rb
+++ b/app/models/user.rb
 class User < ApplicationRecord
-  attr_accessor :remember_token
+  attr_accessor :remember_token, :activation_token

-  before_save { email.downcase! }
+  before_save :downcase_email
+  before_create :create_activation_digest
  
  validates :name, presence: true, length: { maximum: 50 }

@@ -28,12 +29,33 @@ class User < ApplicationRecord
    update_attribute :remember_digest, User.digest(remember_token)
  end

-  def authenticated?(remember_token)
-    return false if remember_digest.nil?
-    BCrypt::Password.new(remember_digest).is_password?(remember_token)
+  def authenticated?(attribute, token)
+    digest = self.send("#{attribute}_digest")
+    return false if digest.nil?
+    BCrypt::Password.new(digest).is_password?(token)
  end

  def forget
    update_attribute(:remember_digest, nil)
  end
+
+  # activates an account
+  def activate
+    update_columns(activated: true, activated_at: Time.zone.now)
+  end
+
+  #send activation email
+  def send_activation_email
+    UserMailer.account_activation(self).deliver_now
+  end
+
+  private
+  def downcase_email
+    self.email = email.downcase
+  end
+
+  def create_activation_digest
+    self.activation_token = User.new_token
+    self.activation_digest = User.digest(activation_token)
+  end
 end
--- a/app/views/user_mailer/account_activation.html.erb
+++ b/app/views/user_mailer/account_activation.html.erb
+<h1>Sample App</h1>
+
+<p>Hi <%= @user.name %>,</p>
+
+<p>Welcome to the Sample App! Click on the link below to activate your account:</p>
+
+<%= link_to "Activate", 
+            edit_account_activation_url(@user.activation_token, email: @user.email) %>
\ No newline at end of file
--- a/app/views/user_mailer/account_activation.text.erb
+++ b/app/views/user_mailer/account_activation.text.erb
+Hi <%= @user.name %>,
+Welcome to the Sample App! Click on the link below to activate your account:
+<%= edit_account_activation_url(@user.activation_token, email: @user.email) %>
\ No newline at end of file
--- a/app/views/user_mailer/password_reset.html.erb
+++ b/app/views/user_mailer/password_reset.html.erb
+<h1>User#password_reset</h1>
+
+<p>
+  <%= @greeting %>, find me in app/views/user_mailer/password_reset.html.erb
+</p>
--- a/app/views/user_mailer/password_reset.text.erb
+++ b/app/views/user_mailer/password_reset.text.erb
+User#password_reset
+
+<%= @greeting %>, find me in app/views/user_mailer/password_reset.text.erb
--- a/config/environments/development.rb
+++ b/config/environments/development.rb
@@ -31,7 +31,9 @@ Rails.application.configure do
  config.active_storage.service = :local

  # Don't care if the mailer can't send.
-  config.action_mailer.raise_delivery_errors = false
+  config.action_mailer.raise_delivery_errors = true
+  config.action_mailer.delivery_method = :test
+  config.action_mailer.default_url_options = { host: 'localhost:3000', protocol: 'http' }

  config.action_mailer.perform_caching = false


--- a/config/environments/test.rb
+++ b/config/environments/test.rb
@@ -37,7 +37,7 @@ Rails.application.configure do
  # The :test delivery method accumulates sent emails in the
  # ActionMailer::Base.deliveries array.
  config.action_mailer.delivery_method = :test
-
+  config.action_mailer.default_url_options = { host: 'example.com' }
  # Print deprecation notices to the stderr.
  config.active_support.deprecation = :stderr


--- a/config/routes.rb
+++ b/config/routes.rb
@@ -12,6 +12,7 @@ Rails.application.routes.draw do
  delete '/logout',  to: 'sessions#destroy'

  resources :users
+  resources :account_activations, only: [:edit]
 end


--- a/db/migrate/20180812093253_add_activation_to_users.rb
+++ b/db/migrate/20180812093253_add_activation_to_users.rb
+class AddActivationToUsers < ActiveRecord::Migration[5.2]
+  def change
+    add_column :users, :activation_digest, :string
+    add_column :users, :activated, :boolean, default: false
+    add_column :users, :activated_at, :datetime
+  end
+end
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.

-ActiveRecord::Schema.define(version: 2018_08_09_071603) do
+ActiveRecord::Schema.define(version: 2018_08_12_093253) do

  create_table "users", force: :cascade do |t|
    t.string "name"
@@ -20,6 +20,9 @@ ActiveRecord::Schema.define(version: 2018_08_09_071603) do
    t.string "password_digest"
    t.string "remember_digest"
    t.boolean "admin", default: false
+    t.string "activation_digest"
+    t.boolean "activated", default: false
+    t.datetime "activated_at"
    t.index ["email"], name: "index_users_on_email", unique: true
  end


--- a/db/seeds.rb
+++ b/db/seeds.rb
-User.create! name: "Example User", email: "example@railstutorial.org",
-              password: "foobar", password_confirmation: "foobar", admin: true
+User.create!  name: "Example User",
+              email: "example@railstutorial.org",
+              password: "foobar", 
+              password_confirmation: "foobar", 
+              admin: true,
+              activated: true,
+              activated_at: Time.zone.now

 99.times do |n|
  name = Faker::Name.name
  email = "example-#{n+1}@railstutorial.org"
  password = 'password'
-  User.create! name: name, email: email, 
-                password: password, password_confirmation: password
+  User.create!  name: name, 
+                email: email, 
+                password: password, 
+                password_confirmation: password,
+                activated: true,
+                activated_at: Time.zone.now
 end
\ No newline at end of file
--- a/test/controllers/account_activations_controller_test.rb
+++ b/test/controllers/account_activations_controller_test.rb
+require 'test_helper'
+
+class AccountActivationsControllerTest < ActionDispatch::IntegrationTest
+  # test "the truth" do
+  #   assert true
+  # end
+end
--- a/test/fixtures/users.yml
+++ b/test/fixtures/users.yml
@@ -3,26 +3,35 @@ michael:
  email: michael@example.com
  password_digest: <%= User.digest('password') %>
  admin: true
-
+  activated: true,
+  activated_at: <%= Time.zone.now %>

 archer:
  name: Sterling Archer
  email: duchess@example.gov
  password_digest: <%= User.digest('password') %>
+  activated: true,
+  activated_at: <%= Time.zone.now %>

 lana:
  name: Lana Kane
  email: hands@example.gov
  password_digest: <%= User.digest('password') %>
+  activated: true,
+  activated_at: <%= Time.zone.now %>

 malory:
  name: Malory Archer
  email: boss@example.gov
  password_digest: <%= User.digest('password') %>
+  activated: true,
+  activated_at: <%= Time.zone.now %>

 <% 30.times do |n| %>
 user_<%= n %>:
  name: <%= "User #{n}" %>
  email: <%= "user-#{n}@example.com" %>
  password_digest: <%= User.digest('password') %>
+  activated: true,
+  activated_at: <%= Time.zone.now %>
 <% end %>
\ No newline at end of file
--- a/test/integration/users_signup_test.rb
+++ b/test/integration/users_signup_test.rb
 require 'test_helper'

 class UsersSignupTest < ActionDispatch::IntegrationTest
+  def setup
+    ActionMailer::Base::deliveries.clear
+  end
+
  test "invalid signup information" do
    get signup_path
    assert_no_difference 'User.count' do
@@ -14,7 +18,7 @@ class UsersSignupTest < ActionDispatch::IntegrationTest
    assert_select 'div.field_with_errors'
  end

-  test "valid signup information" do
+  test "valid signup information with account activation" do
    get signup_path
    assert_difference 'User.count', 1 do
      post users_path, params: { user: { name: "Example User",
@@ -22,6 +26,21 @@ class UsersSignupTest < ActionDispatch::IntegrationTest
                                        password: "password",
                                        password_confirmation: "password" } }
    end
+    assert_equal 1, ActionMailer::Base.deliveries.size
+    user = assigns(:user)
+    assert_not user.activated?
+    # try to log in before activation
+    log_in_as(user)
+    assert_not is_logged_in?
+    # Invalid activation token
+    get edit_account_activation_path("invalid token", email: user.email)
+    assert_not is_logged_in?
+    # Valid token, wrong email
+    get edit_account_activation_path(user.activation_token, email: 'wrong')
+    assert_not is_logged_in?
+    # Valid activation token
+    get edit_account_activation_path(user.activation_token, email: user.email)
+    assert user.reload.activated?
    follow_redirect!
    assert_template 'users/show'
    assert is_logged_in?

--- a/test/mailers/previews/user_mailer_preview.rb
+++ b/test/mailers/previews/user_mailer_preview.rb
+# Preview all emails at http://localhost:3000/rails/mailers/user_mailer
+class UserMailerPreview < ActionMailer::Preview
+
+  # Preview this email at http://localhost:3000/rails/mailers/user_mailer/account_activation
+  def account_activation
+    user = User.first
+    user.activation_token = User.new_token
+    UserMailer.account_activation user
+  end
+
+  # Preview this email at http://localhost:3000/rails/mailers/user_mailer/password_reset
+  def password_reset
+    UserMailer.password_reset
+  end
+
+end
--- a/test/mailers/user_mailer_test.rb
+++ b/test/mailers/user_mailer_test.rb
+require 'test_helper'
+
+class UserMailerTest < ActionMailer::TestCase
+  test "account_activation" do
+    user = users(:michael)
+    user.activation_token = User.new_token
+    mail = UserMailer.account_activation(user)
+    assert_equal "Account activation", mail.subject
+    assert_equal [user.email], mail.to
+    assert_equal ["noreply@example.com"], mail.from
+    assert_match user.name,               mail.body.encoded
+    assert_match user.activation_token,   mail.body.encoded
+    assert_match CGI.escape(user.email),  mail.body.encoded
+  end
+end
--- a/test/models/user_test.rb
+++ b/test/models/user_test.rb
@@ -73,6 +73,6 @@ class UserTest < ActiveSupport::TestCase
  end

  test "authenticated? should return false for a user with nil digest" do
-    assert_not @user.authenticated?('')
+    assert_not @user.authenticated?(:remember, '')
  end
 end