Skip to content

T
ThaiMinhPhuc_training
Commit bf54660e by phuctmZigexn
Options

Implement advanced login

parent 78e39a12
Showing with 128 additions and 3 deletions
app/assets/stylesheets/custom.scss
......@@ -170,3 +170,18 @@ input {
color: $state-danger-text;
}
}
.checkbox {
margin-top: -10px;
margin-bottom: 10px;
span {
margin-left: 20px;
font-weight: normal;
}
}
#session_remember_me {
width: auto;
margin-left: 0;
}
\ No newline at end of file
app/controllers/sessions_controller.rb
......@@ -6,6 +6,7 @@ class SessionsController < ApplicationController
user = User.find_by(email: params[:session][:email].downcase)
if user && user.authenticate(params[:session][:password])
log_in user
params[:session][:remember_me] == '1' ? remember(user) : forget(user)
redirect_to user
else
flash.now[:danger] = "Invalid email/password combination"
......@@ -14,7 +15,7 @@ class SessionsController < ApplicationController
end
def destroy
log_out
log_out if logged_in?
redirect_to root_url
end
end
app/helpers/sessions_helper.rb
......@@ -3,15 +3,39 @@ module SessionsHelper
session[:user_id] = user.id
end
# remember a user in a persistent session
def remember(user)
user.remember
cookies.permanent.signed[:user_id] = user.id
cookies.permanent[:remember_token] = user.remember_token
end
# return the user corresponding to the remember token cookie
def current_user
@current_user ||= User.find_by(id: session[:user_id])
if user_id = session[:user_id]
@current_user ||= User.find_by(id: user_id)
elsif user_id = cookies.signed[:user_id]
user = User.find_by(id: user_id)
if user && user.authenticated?(cookies[:remember_token])
log_in user
@current_user = user
end
end
end
def logged_in?
!current_user.nil?
end
#forgets a persistent session
def forget(user)
user.forget
cookies.delete(:user_id)
cookies.delete(:remember_token)
end
def log_out
forget(current_user)
session.delete(:user_id)
@current_user = nil
end
......
app/models/user.rb
class User < ApplicationRecord
attr_accessor :remember_token
before_save { email.downcase! }
validates :name, presence: true, length: { maximum: 50 }
VALID_EMAIL_REGEX = /\A[\w+\-.]+@[a-z\d\-.]+\.[a-z]+\z/i
......@@ -14,4 +17,23 @@ class User < ApplicationRecord
BCrypt::Engine.cost
BCrypt::Password.create(string, cost: cost)
end
# return a random token
def User.new_token
SecureRandom.urlsafe_base64
end
def remember
self.remember_token = User.new_token
update_attribute :remember_digest, User.digest(remember_token)
end
def authenticated?(remember_token)
return false if remember_digest.nil?
BCrypt::Password.new(remember_digest).is_password?(remember_token)
end
def forget
update_attribute(:remember_digest, nil)
end
end
app/views/sessions/new.html.erb
......@@ -10,6 +10,11 @@
<%= f.label :password %>
<%= f.password_field :password, class: 'form-control' %>
<%= f.label :remember_me, class: "checkbox inline" do %>
<%= f.check_box :remember_me %>
<span>Remember me on this computer</span>
<% end %>
<%= f.submit 'Log in', class: "btn btn-primary" %>
<% end %>
......
db/migrate/20180806093756_add_remember_digest_to_users.rb 0 → 100644
class AddRememberDigestToUsers < ActiveRecord::Migration[5.2]
def change
add_column :users, :remember_digest, :string
end
end
db/schema.rb
......@@ -10,7 +10,7 @@
#
# It's strongly recommended that you check this file into your version control system.
ActiveRecord::Schema.define(version: 2018_08_02_015202) do
ActiveRecord::Schema.define(version: 2018_08_06_093756) do
create_table "users", force: :cascade do |t|
t.string "name"
......@@ -18,6 +18,7 @@ ActiveRecord::Schema.define(version: 2018_08_02_015202) do
t.datetime "created_at", null: false
t.datetime "updated_at", null: false
t.string "password_digest"
t.string "remember_digest"
t.index ["email"], name: "index_users_on_email", unique: true
end
......
test/helpers/sessions_helper_test.rb 0 → 100644
require "test_helper"
class SessionsHelperTest < ActionView::TestCase
def setup
@user = users(:michael)
remember @user
end
test "current_user returns right user when session is nil" do
assert_equal @user, current_user
assert is_logged_in?
end
test "current_user returns nil when remember digest is wrong" do
@user.update_attribute :remember_digest, User.digest(User.new_token)
assert_nil current_user
end
end
\ No newline at end of file
test/integration/users_login_test.rb
......@@ -29,9 +29,24 @@ class UsersLoginTest < ActionDispatch::IntegrationTest
delete logout_path
assert_not is_logged_in?
assert_redirected_to root_url
# simulate a user clicking logout in a second window
delete logout_path
follow_redirect!
assert_select "a[href=?]", login_path
assert_select "a[href=?]", logout_path, count: 0
assert_select "a[href=?]", user_path(@user), count: 0
end
test "login with remembering" do
log_in_as @user, remember_me: '1'
assert_not_empty cookies['remember_token']
end
test 'login without remembering' do
# log in to set the cookie
log_in_as @user, remember_me: '1'
# log in again and verify that the cookie is deleted.
log_in_as @user, remember_me: '0'
assert_empty cookies['remember_token']
end
end
test/models/user_test.rb
......@@ -71,4 +71,8 @@ class UserTest < ActiveSupport::TestCase
@user.password = @user.password_confirmation = "a" * 5
assert_not @user.valid?
end
test "authenticated? should return false for a user with nil digest" do
assert_not @user.authenticated?('')
end
end
test/test_helper.rb
......@@ -11,4 +11,17 @@ class ActiveSupport::TestCase
def is_logged_in?
!session[:user_id].nil?
end
#log in as a particular user
def log_in_as(user)
session[:user_id] = user.id
end
end
class ActionDispatch::IntegrationTest
#log in as a particular user
def log_in_as(user, password: 'password', remember_me: '1')
post login_path, params: { session: { email: user.email, password: password,
remember_me: remember_me } }
end
end
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment