Implement advanced login

7844c61c · Quang Vinh Nguyen · e789eda4 · 7844c61c · 7844c61c · 7844c61c
Commit 7844c61c authored May 31, 2018 by Quang Vinh Nguyen
12 changed files
--- a/app/assets/stylesheets/custom.scss
+++ b/app/assets/stylesheets/custom.scss
@@ -190,3 +190,17 @@ input {
    color: $state-danger-text;
  }
 }
+.checkbox {
+  margin-top: -10px;
+  margin-bottom: 10px;
+  span {
+    margin-left: 20px;
+    font-weight: normal;
+  }
+}
+#session_remember_me {
+  width: auto;
+  margin-left: 0;
+}
\ No newline at end of file
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -2,12 +2,29 @@ class SessionsController < ApplicationController
  def new
  end
+  # def create
+  #   user = User.find_by(email: params[:session][:email].downcase)
+  #   if user && user.authenticate(params[:session][:password])
+  #     # Log the user in and redirect to the user's show page.
+  #     log_in user
+  #     # remember user # update: remember_digest attribute
+  #     params[:session][:remember_me] == '1' ? remember(user) : forget(user)
+  #     redirect_to user
+  #   else
+  #     # Create an error message.
+  #     flash.now[:danger] = 'Invalid email/password combination'
+  #     render 'new'
+  #   end
+  # end
  def create
-    user = User.find_by(email: params[:session][:email].downcase)
+    @user = User.find_by(email: params[:session][:email].downcase)
-    if user && user.authenticate(params[:session][:password])
+    if @user && @user.authenticate(params[:session][:password])
      # Log the user in and redirect to the user's show page.
-      log_in user
+      log_in @user
-      redirect_to user
+      # remember user # update: remember_digest attribute
+      params[:session][:remember_me] == '1' ? remember(@user) : forget(@user)
+      redirect_to @user
    else
      # Create an error message.
      flash.now[:danger] = 'Invalid email/password combination'
@@ -15,14 +32,8 @@ class SessionsController < ApplicationController
    end
  end
-  # Logs out the current user.
-  def log_out
-    session.delete(:user_id)
-    @current_user = nil
-  end
  def destroy
-    log_out
+    log_out if logged_in?
    redirect_to root_url
  end
 end
--- a/app/helpers/sessions_helper.rb
+++ b/app/helpers/sessions_helper.rb
-# The
+# comment
 module SessionsHelper
  # Logs in the given user.
  def log_in(user)
    session[:user_id] = user.id
  end
+  # remembers a user in a persistent session. 
+  def remember(user)
+    user.remember
+    cookies.permanent.signed[:user_id] = user.id
+    cookies.permanent[:remember_token] = user.remember_token
+  end
  # Return the current logged-in user (if any).
  def current_user
-    @current_user ||= User.find_by(id: session[:user_id])
+    # @current_user ||= User.find_by(id: session[:user_id])
+    if (user_id = session[:user_id])
+      @current_user ||= User.find_by(id: user_id)
+    elsif (user_id = cookies.signed[:user_id])
+      user = User.find_by(id: user_id)
+      if user && user.authenticated?(cookies[:remember_token])
+        log_in user
+        @current_user = user
+      end
+    end
  end
  # Returns true if the user is logged in, false otherwise. 
  def logged_in?
    !current_user.nil?
  end
+  # Forgets a persistent session.
+  def forget(user)
+    user.forget
+    cookies.delete(:user_id)
+    cookies.delete(:remember_token)
+  end
+  # Logs out the current user.
+  def log_out
+    forget(current_user)
+    session.delete(:user_id)
+    @current_user = nil
+  end
 end
--- a/app/models/user.rb
+++ b/app/models/user.rb
-# This
+# comment
 class User < ApplicationRecord
+  attr_accessor :remember_token # we don't wan't to save this attribute to database
  before_save { self.email.downcase! }
  validates :name, presence: true, length: { maximum: 50 }
  VALID_EMAIL_REGEX = /\A[\w+\-.]+@[a-z\d\-]+(\.[a-z\d\-]+)*\.[a-z]+\z/i
  validates :email, presence: true, length: { maximum: 255 },
                    format: { with: VALID_EMAIL_REGEX },
                    uniqueness: { case_sensitive: false }
-  validates :password, presence: true, length: {minimum: 6}
+  validates :password, presence: true, length: { minimum: 6 }
  has_secure_password
  # Returns the hash digest of the given string.
-  def User.digest(string)
+  def self.digest(string)
    cost = ActiveModel::SecurePassword.min_cost ? BCrypt::Engine::MIN_COST :
                                                  BCrypt::Engine.cost
    BCrypt::Password.create(string, cost: cost)
  end
+  # Returns a random token.
+  # def User.new_token
+  def self.new_token
+    SecureRandom.urlsafe_base64
+  end
+  # Remembers a user in the database for use in persistent session.
+  def remember
+    self.remember_token = User.new_token
+    update_attribute(:remember_digest, User.digest(remember_token))
+  end
+  # Returns true if the given token matches the digest.
+  def authenticated?(remember_token)
+    return false if remember_digest.nil?
+    BCrypt::Password.new(remember_digest).is_password?(remember_token)
+  end
+  # Forgets a user.
+  def forget
+    update_attribute(:remember_digest, nil)
+  end
 end
--- a/app/views/sessions/new.html.erb
+++ b/app/views/sessions/new.html.erb
@@ -10,6 +10,11 @@
      <%= f.label :password %>
      <%= f.password_field :password, class: 'form-control' %>
+      <%= f.label :remember_me, class: 'checkbox inline' do %>
+        <%= f.check_box :remember_me %>
+        <span>Remember me on this computer</span>
+      <% end %>
      <%= f.submit "Log in", class: "btn btn-primary" %>
    <% end %>

--- a/db/migrate/20180531022956_add_remember_digest_to_users.rb
+++ b/db/migrate/20180531022956_add_remember_digest_to_users.rb
+class AddRememberDigestToUsers < ActiveRecord::Migration[5.1]
+  def change
+    add_column :users, :remember_digest, :string
+  end
+end
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
-ActiveRecord::Schema.define(version: 20180529074848) do
+ActiveRecord::Schema.define(version: 20180531022956) do
  create_table "users", force: :cascade do |t|
    t.string "name"
@@ -18,6 +18,7 @@ ActiveRecord::Schema.define(version: 20180529074848) do
    t.datetime "created_at", null: false
    t.datetime "updated_at", null: false
    t.string "password_digest"
+    t.string "remember_digest"
    t.index ["email"], name: "index_users_on_email", unique: true
  end

--- a/test/fixtures/users.yml
+++ b/test/fixtures/users.yml
@@ -3,3 +3,7 @@ foo:
  name: foo
  email: foo@bar.com  
  password_digest: <%= User.digest('password') %>
+michael:
+  name: Michael Example
+  email: michael@example.com
+  password_digest: <%= User.digest('password') %>
--- a/test/helpers/sessions_helper_test.rb
+++ b/test/helpers/sessions_helper_test.rb
+require 'test_helper'
+class SessionsHelperTest < ActionView::TestCase
+  def setup
+    @user = users(:foo)
+    remember(@user)
+  end
+  test 'current_user returns right user when session is nil' do
+    assert_equal @user, current_user
+    assert is_logged_in?
+  end
+  test 'current_user returns nil when remember digest is wrong' do
+    @user.update_attribute(:remember_digest, User.digest(User.new_token))
+    assert_nil current_user
+  end
+end
\ No newline at end of file
--- a/test/integration/users_login_test.rb
+++ b/test/integration/users_login_test.rb
@@ -3,7 +3,7 @@ require 'test_helper'
 class UsersLoginTest < ActionDispatch::IntegrationTest
  # comment
  def setup
-    @user = users(:foo)
+    @user = users(:michael)
  end
  # comment
@@ -32,9 +32,29 @@ class UsersLoginTest < ActionDispatch::IntegrationTest
    delete logout_path
    assert_not is_logged_in?
    assert_redirected_to root_url
+    # Simulate a user clicking logout in a second window.
+    delete logout_path
    follow_redirect!
    assert_select 'a[href=?]', login_path
    assert_select 'a[href=?]', logout_path,      count: 0
    assert_select 'a[href=?]', user_path(@user), count: 0
  end
+  # test 'login with remembering' do
+  #   log_in_as(@user, remember_me: '1')
+  #   assert_not_empty cookies['remember_token']
+  # end
+  test 'login with remembering' do
+    log_in_as(@user, remember_me: '1')
+    # assert_not_empty cookies['remember_token']
+    assert_equal cookies['remember_token'], assigns(:user).remember_token
+  end
+  test 'login without remembering' do
+    # Log in to set the cookie.
+    log_in_as(@user, remember_me: '1')
+    # Log in again and verify that the cookie is deleted.
+    log_in_as(@user, remember_me: '0')
+    assert_empty cookies['remember_token']
+  end
 end
--- a/test/models/user_test.rb
+++ b/test/models/user_test.rb
@@ -62,4 +62,8 @@ class UserTest < ActiveSupport::TestCase
    @user.password = @user.password_confirmation = 'a' * 5
    assert_not @user.valid?
  end
+  test 'authenticated? should return false for a user with nil digest' do
+    assert_not @user.authenticated?('')
+  end
 end
--- a/test/test_helper.rb
+++ b/test/test_helper.rb
@@ -18,4 +18,18 @@ class ActiveSupport::TestCase
  def is_logged_in?
    !session[:user_id].nil?
  end
+  # Log in as a particular user.
+  def log_in_as(user)
+    session[:user_id] = user.id
+  end
+end
+class ActionDispatch::IntegrationTest
+  # Log in as a particular user.
+  def log_in_as(user,password: 'password', remember_me: '1')
+    post login_path, params: { session: { email:  user.email,
+                                                  password: password,
+                                                  remember_me: remember_me } }
+  end
 end
\ No newline at end of file