Merge branch 'user_login' into 'master'

User login

See merge request !8

Gemfile

@@ -15,7 +15,8 @@ gem 'sass-rails', '~> 5.0'
 gem 'uglifier', '>= 1.3.0'
 # See https://github.com/rails/execjs#readme for more supported runtimes
 # gem 'mini_racer', platforms: :ruby
-
+gem 'bcrypt-ruby', '3.1.2'
+gem 'carrierwave', '2.1.0'
 # Use CoffeeScript for .coffee assets and views
 gem 'coffee-rails', '~> 4.2'
 gem 'mechanize', '~> 2.7.6'

Gemfile.lock

@@ -48,6 +48,7 @@ GEM
       io-like (~> 0.3.0)
     arel (9.0.0)
     ast (2.4.1)
+    bcrypt-ruby (3.1.2)
     bindex (0.8.1)
     bootsnap (1.4.6)
       msgpack (~> 1.0)
@@ -61,6 +62,13 @@ GEM
       rack-test (>= 0.6.3)
       regexp_parser (~> 1.5)
       xpath (~> 3.2)
+    carrierwave (2.1.0)
+      activemodel (>= 5.0.0)
+      activesupport (>= 5.0.0)
+      addressable (~> 2.6)
+      image_processing (~> 1.1)
+      mimemagic (>= 0.3.0)
+      mini_mime (>= 0.1.3)
     childprocess (3.0.0)
     chromedriver-helper (2.1.1)
       archive-zip (~> 0.10)
@@ -88,6 +96,9 @@ GEM
       domain_name (~> 0.5)
     i18n (1.8.3)
       concurrent-ruby (~> 1.0)
+    image_processing (1.11.0)
+      mini_magick (>= 4.9.5, < 5)
+      ruby-vips (>= 2.0.17, < 3)
     io-like (0.3.1)
     jbuilder (2.10.0)
       activesupport (>= 5.0.0)
@@ -128,6 +139,7 @@ GEM
       mime-types-data (~> 3.2015)
     mime-types-data (3.2020.0512)
     mimemagic (0.3.5)
+    mini_magick (4.10.1)
     mini_mime (1.0.2)
     mini_portile2 (2.4.0)
     minitest (5.14.1)
@@ -194,6 +206,8 @@ GEM
     rubocop-ast (0.2.0)
       parser (>= 2.7.0.1)
     ruby-progressbar (1.10.1)
+    ruby-vips (2.0.17)
+      ffi (~> 1.9)
     ruby_dep (1.5.0)
     rubyzip (2.3.0)
     sass (3.7.4)
@@ -253,9 +267,11 @@ PLATFORMS
   ruby
 
 DEPENDENCIES
+  bcrypt-ruby (= 3.1.2)
   bootsnap (>= 1.1.0)
   byebug
   capybara (>= 2.15)
+  carrierwave (= 2.1.0)
   chromedriver-helper
   coffee-rails (~> 4.2)
   jbuilder (~> 2.5)

app/assets/stylesheets/form_login.scss

+// Place all the styles related to the Jobs controller here.
+// They will automatically be included in application.css.
+// You can use Sass (SCSS) here: http://sass-lang.com/
+
+.email-field, .password-field, .name-field, .forgot-pass-field, .cv-field, .new-password-field, .old-password-field {
+  margin: 20px;
+  padding: 10px;
+}
+.input-email, .input-name, .input-cv, .input-new-password, .input-password {
+  width: 300px;
+}
+.login-btn, .regis-btn, .update-btn, .my-jobs-btn {
+  margin: 20px;
+  padding: 10px;
+}
+.login-label, .my-page-label {
+  margin: 30px;
+  padding: 20px;
+}
+#error_explanation ul li{
+  color: red;
+}
+.cv-none {
+  font-style: italic;
+  font-size: 16px;
+}
+

app/controllers/application_controller.rb

 class ApplicationController < ActionController::Base
+  include SessionsHelper
 end

app/controllers/sessions_controller.rb

+class SessionsController < ApplicationController
+
+  def new
+    redirect_to my_page_path if signed_in?
+  end
+
+  def create
+    user = User.find_by(email: params[:session][:email].downcase)
+    if user && user.authenticate(params[:session][:password])
+      sign_in user
+      redirect_to my_page_path
+    else
+      flash.now[:danger] = 'Invalid email or password'
+      render 'new'
+    end
+  end
+
+  def destroy
+    sign_out
+    redirect_to root_path
+  end
+end

app/controllers/users_controller.rb

 class UsersController < ApplicationController
-  before_action :signed_in_user, only: [:update, :my_page, :my_info]
+  before_action :sign_in_validation, only: [:update, :my_page, :my_info]
   def my_page
-    @user = current_user
   end
 
   def my_info
-    @user = current_user
   end
 
   def update
-    @user = current_user
-    if BCrypt::Password.new(@user.password_digest) != change_password[:oldpassword]
-      flash.now[:danger] = 'Old Password is mismatch'
-    else
-      if @user.update_attributes(user_params)
+    if current_user.authenticate(params[:user][:password])
+      return respond_to { |format| format.js } unless current_user.update_attributes(user_params)
+
       flash[:success] = 'Updated Successfully'
       redirect_to my_page_path
     else
-        respond_to do |format|
-          format.js
-        end
-      end
+      flash.now[:danger] = 'Password is mismatch'
     end
   end
 
   private
 
-  def signed_in_user
-    unless signed_in?
+  def sign_in_validation
+    return if signed_in?
     flash[:warning] = "Please Sign In..."
     redirect_to login_path
   end
-  end
 
   def user_params
+    params[:user][:password] = change_pass_param[:new_password] if change_pass_param[:new_password].present?
     params.require(:user).permit(:name, :email, :cv_user, :password)
   end
 
-  def change_password
-    params.require(:user).permit(:oldpassword)
+  def change_pass_param
+    params.require(:user).permit(:new_password)
   end
 end

app/models/user.rb

 class User < ApplicationRecord
+  before_save { self.email = email.downcase }
+  before_create :create_remember_token
+  mount_uploader :cv_user, UserCvUploader
+
   has_many :favorite_jobs
   has_many :jobs, through: :favorite_jobs
   has_many :job_applieds
   has_many :jobs, through: :job_applieds
   has_many :histories
   has_many :jobs, through: :histories
+
+  has_secure_password
+
+  validates :name,  presence: true, length: { maximum: 50 }
+  VALID_EMAIL_REGEX = /\A[\w+\-.]+@[a-z\d\-]+(?:\.[a-z\d\-]+)*\.[a-z]+\z/i
+  validates :email, presence: true, format: { with: VALID_EMAIL_REGEX },
+    uniqueness: { case_sensitive: false }
+
+  PASSWORD_FORMAT = /\A(?=.{6,})(?=.*\d)(?=.*[a-z])(?=.*[A-Z])/x
+  validates :password, format: { with: PASSWORD_FORMAT, message: "is too short or not strength" }
+
+  def self.new_remember_token
+    SecureRandom.urlsafe_base64
+  end
+
+  def self.digest(token)
+    Digest::SHA1.hexdigest(token.to_s)
+  end
+
+  private
+
+  def create_remember_token
+    self.remember_token = User.digest(User.new_remember_token)
+  end
 end

app/uploaders/user_cv_uploader.rb

+class UserCvUploader < CarrierWave::Uploader::Base
+  # Include RMagick or MiniMagick support:
+  # include CarrierWave::RMagick
+  # include CarrierWave::MiniMagick
+
+  # Choose what kind of storage to use for this uploader:
+  storage :file
+  # storage :fog
+
+  # Override the directory where uploaded files will be stored.
+  # This is a sensible default for uploaders that are meant to be mounted:
+  def store_dir
+    "uploads/#{model.class.to_s.underscore}/#{mounted_as}/#{model.id}"
+  end
+
+  def size_range
+    0..5.megabytes
+  end
+  # Provide a default URL as a default if there hasn't been a file uploaded:
+  # def default_url(*args)
+  #   # For Rails 3.1+ asset pipeline compatibility:
+  #   # ActionController::Base.helpers.asset_path("fallback/" + [version_name, "default.png"].compact.join('_'))
+  #
+  #   "/images/fallback/" + [version_name, "default.png"].compact.join('_')
+  # end
+
+  # Process files as they are uploaded:
+  # process scale: [200, 300]
+  #
+  # def scale(width, height)
+  #   # do something
+  # end
+
+  # Create different versions of your uploaded files:
+  # version :thumb do
+  #   process resize_to_fit: [50, 50]
+  # end
+
+  # Add a white list of extensions which are allowed to be uploaded.
+  # For images you might use something like this:
+  # def extension_whitelist
+  #   %w(jpg jpeg gif png)
+  # end
+
+  # Override the filename of the uploaded files:
+  # Avoid using model.id or version_name here, see uploader/store.rb for details.
+  # def filename
+  #   "something.jpg" if original_filename
+  # end
+end

app/views/layouts/_flash.html.erb

+<div class="flash rounded">
+  <% flash.each do |key, value| %>
+    <div class="alert alert-<%= key %>"><%= value %></div>
+  <% end %>
+</div>

app/views/layouts/_header.html.erb

@@ -4,8 +4,13 @@
       <%= link_to image_tag("logo_venjob.png", alt: "Logo", id: "logo_venjob", width: 120), root_path %>
       <nav>
         <ul class="navbar-nav mr-auto">
-          <li><%= link_to "Login",    '#' , class: "nav-item nav-link" %></li>
+          <% if signed_in? %>
+            <li><%= link_to "My Page", my_page_path , class: "nav-item nav-link" %></li>
+            <li><%= link_to "Log Out", logout_path , class: "nav-item nav-link", method: "delete" %></li>
+          <% else %>
+            <li><%= link_to "Log In", login_path , class: "nav-item nav-link" %></li>
             <li><%= link_to "Register",    '#', class: "nav-item nav-link" %></li>
+          <% end %>
           <li><%= link_to "Favorite",    '#', class: "nav-item nav-link" %></li>
           <li><%= link_to "History", '#', class: "nav-item nav-link" %></li>
         </ul>

app/views/sessions/new.html.erb

+<% provide(:title, "Sign In") %>
+<div class="container">
+  <%= render 'layouts/flash' %>
+  <h1 class="text-center login-label">Login</h1>
+  <div class="form-login">
+    <div class="row form d-flex justify-content-center">
+      <%= form_for(:session, url: sessions_path) do |f|  %>
+        <div class="email-field">
+          <div class="col-4-sm">
+            <%= f.label :email %>
+          </div>
+          <div class="col-8-sm">
+            <%= f.text_field :email %>
+          </div>
+        </div>
+        <div class="password-field">
+          <div class="col-4-sm">
+            <%= f.label :password %>
+          </div>
+          <div class="col-8-sm">
+            <%= f.password_field :password %>
+          </div>
+        </div>
+        <div class="col-6-sm forgot-pass-field">
+          <%= link_to 'Forgot password?', '#' %>
+        </div>
+
+        <%= f.submit 'Login', class: 'btn btn-outline-primary btn-lg login-btn' %>
+        <%= link_to 'Register', '#', class: 'btn btn-outline-info btn-lg regis-btn' %>
+      <% end %>
+    </div>
+  </div>
+</div>

app/views/shared/_error_messages.html.erb

+<% if @user.errors.any? %>
+  <div id="error_explanation">
+    <div class="alert alert-danger">
+      The form contains <%= pluralize(@user.errors.count, "error") %>.
+    </div>
+    <ul>
+      <% @user.errors.full_messages.each do |value| %>
+          <li><%= value %></li>
+      <% end %>
+    </ul>
+  </div>
+<% end %>

app/views/shared/_update_error_messages.html.erb

+<%= render 'layouts/flash' %>
+<% if current_user.errors.any? %>
+  <div id="error_explanation">
+    <div class="alert alert-danger">
+      The form contains <%= pluralize(current_user.errors.count, "error") %>.
+    </div>
+    <ul>
+      <% current_user.errors.full_messages.each do |value| %>
+          <li><%= value %></li>
+      <% end %>
+    </ul>
+  </div>
+<% end %>

app/views/users/my_info.html.erb

+<div class="container">
+  <h1 class="text-center my-page-label">My Page</h1>
+  <div class="form-login">
+    <div class="row form d-flex justify-content-center">
+
+      <%= form_for(current_user, remote: true) do |f|  %>
+
+        <div class="validation"></div>
+        <div class="email-field">
+          <div class="col-4-sm">
+            <%= f.label :email %>
+          </div>
+          <div class="col-8-sm">
+            <%= f.text_field :email, class: 'input-email' %>
+          </div>
+        </div>
+        <div class="name-field">
+          <div class="col-4-sm">
+            <%= f.label :name, 'Full Name' %>
+          </div>
+          <div class="col-8-sm">
+            <%= f.text_field :name, class: 'input-name' %>
+          </div>
+        </div>
+        <div class="cv-field">
+          <div class="col-4-sm">
+            <%= f.label :cv_user, 'My CV' %>
+          </div>
+          <div class="col-8-sm">
+            <%= f.file_field :cv_user, accept: '.doc, .pdf, .xls, .xlsx, .zip',class: 'input-cv' %>
+          </div>
+        </div>
+        <div class="new-password-field">
+          <div class="col-4-sm">
+            <%= f.label :new_password, 'New Password' %>
+          </div>
+          <div class="col-8-sm">
+            <%= f.password_field :new_password, class: 'input-new-password' %>
+          </div>
+        </div>
+        <div class="password-field">
+          <div class="col-4-sm">
+            <%= f.label :password, 'Password' %>
+          </div>
+          <div class="col-8-sm">
+            <%= f.password_field :password, class: 'input-password' %>
+          </div>
+        </div>
+
+        <%= f.submit 'Update', class: 'btn btn-outline-primary btn-lg update-btn' %>
+      <% end %>
+    </div>
+  </div>
+</div>
+

app/views/users/my_page.html.erb

+<div class="container">
+  <%= render 'layouts/flash' %>
+  <h1 class="text-center my-page-label">My Page</h1>
+  <div class="form-login">
+    <div class="row form d-flex justify-content-center">
+      <%= form_for(current_user) do |f|  %>
+        <div class="email-field">
+          <div class="col-4-sm">
+            <%= f.label :email %>
+          </div>
+          <div class="col-8-sm">
+            <%= f.text_field :email, class: 'input-email' %>
+          </div>
+        </div>
+        <div class="name-field">
+          <div class="col-4-sm">
+            <%= f.label :name, 'Full Name' %>
+          </div>
+          <div class="col-8-sm">
+            <%= f.text_field :name, class: 'input-name' %>
+          </div>
+        </div>
+        <div class="cv-field">
+          <div class="col-4-sm">
+            <%= f.label :cv_user, 'My CV' %>
+          </div>
+          <div class="col-8-sm">
+            <% if current_user.cv_user.present? %>
+              <%= link_to current_user.cv_user.identifier, current_user.cv_user.url, download: current_user.cv_user.identifier %>
+            <% else %>
+              <div class="cv-none">
+                CV hasn't found in your Profile. Upload now!
+              </div>
+            <% end %>
+          </div>
+        </div>
+
+        <%= link_to 'Update', my_page_info_path, class: 'btn btn-outline-primary btn-lg update-btn' %>
+        <%= link_to 'My Jobs', '#', class: 'btn btn-outline-info btn-lg my-jobs-btn' %>
+      <% end %>
+    </div>
+  </div>
+</div>
+

app/views/users/update.js.erb

+$(".validation").html("<%=escape_javascript render(:partial => 'shared/update_error_messages') %>");

config/application.rb

@@ -10,7 +10,7 @@ module Venjob
   class Application < Rails::Application
     # Initialize configuration defaults for originally generated Rails version.
     config.load_defaults 5.2
-
+    # config.filter_parameter_logging << :oldpassword, :password
     # Settings in config/environments/* take precedence over those specified here.
     # Application configuration can go into files in config/initializers
     # -- all .rb files in that directory are automatically loaded after loading

config/initializers/filter_parameter_logging.rb

 # Be sure to restart your server when you modify this file.
 
 # Configure sensitive parameters which will be filtered from the log file.
-Rails.application.config.filter_parameters += [:password]
+Rails.application.config.filter_parameters += [:password, :oldpassword]
+

config/routes.rb

 Rails.application.routes.draw do
   # For details on the DSL available within this file, see http://guides.rubyonrails.org/routing.html
+
+  resources :users
+  resources :sessions, only: [:new, :create, :destroy]
+  get '/my', to: 'users#my_page', as: :my_page
+  get '/my/info', to: 'users#my_info', as: :my_page_info
+  get '/login', to: 'sessions#new', as: :login
+  match '/logout', to: 'sessions#destroy', via: 'delete', as: :logout
+
   resources :jobs
   get 'detail/:id', action: :show, controller: 'jobs' , as: :job_detail