Milestone 9: add devise

Gemfile

@@ -80,3 +80,5 @@ group :test do
   gem 'capybara'
   gem 'selenium-webdriver'
 end
+
+gem 'devise', '~> 4.9'

Gemfile.lock

@@ -79,6 +79,7 @@ GEM
       public_suffix (>= 2.0.2, < 6.0)
     ast (2.4.2)
     base64 (0.1.1)
+    bcrypt (3.1.20)
     bigdecimal (3.1.4)
     bindex (0.8.1)
     bootsnap (1.17.0)
@@ -100,6 +101,12 @@ GEM
     debug (1.8.0)
       irb (>= 1.5.0)
       reline (>= 0.3.1)
+    devise (4.9.3)
+      bcrypt (~> 3.0)
+      orm_adapter (~> 0.1)
+      railties (>= 4.1.0)
+      responders
+      warden (~> 1.2.3)
     diff-lcs (1.5.0)
     drb (2.2.0)
       ruby2_keywords
@@ -155,6 +162,7 @@ GEM
     nio4r (2.7.0)
     nokogiri (1.15.5-x86_64-linux)
       racc (~> 1.4)
+    orm_adapter (0.5.0)
     parallel (1.23.0)
     parser (3.2.2.4)
       ast (~> 2.4.1)
@@ -214,6 +222,9 @@ GEM
     regexp_parser (2.8.3)
     reline (0.4.1)
       io-console (~> 0.5)
+    responders (3.1.1)
+      actionpack (>= 5.2)
+      railties (>= 5.2)
     rexml (3.2.6)
     rspec-core (3.12.2)
       rspec-support (~> 3.12.0)
@@ -274,6 +285,8 @@ GEM
     tzinfo (2.0.6)
       concurrent-ruby (~> 1.0)
     unicode-display_width (2.5.0)
+    warden (1.2.9)
+      rack (>= 2.0.9)
     web-console (4.2.1)
       actionview (>= 6.0.0)
       activemodel (>= 6.0.0)
@@ -295,6 +308,7 @@ DEPENDENCIES
   bootsnap
   capybara
   debug
+  devise (~> 4.9)
   error_highlight (>= 0.4.0)
   factory_bot_rails
   faker

README.md

@@ -246,7 +246,7 @@ To execute the tests, run the following command inside the project folder (root)
 - [x] Views.
 - [x] Forms.
 - [x] Integration specs for Views and fixing n+1 problems.
-- [ ] Add Devise.
+- [x] Add Devise.
 - [ ] Add authorization rules.
 - [ ] Add API endpoints.
 - [ ] API documentation.

app/controllers/application_controller.rb

@@ -1,7 +1,22 @@
 class ApplicationController < ActionController::Base
-  def current_user
-    # @current_user ||= User.find_by(id: session[:user_id])
-    # ! fetch first user for testing purposes. Remove this line when login system in place.
-    @current_user = User.first
+  before_action :authenticate_user!
+
+  protect_from_forgery with: :exception
+  before_action :configure_permitted_parameters, if: :devise_controller?
+  before_action :update_allowed_parameters, if: :devise_controller?
+
+  protected
+
+  def update_allowed_parameters
+    devise_parameter_sanitizer.permit(:sign_up) { |u| u.permit(:name, :bio, :email, :password) }
+    devise_parameter_sanitizer.permit(:account_update) do |u|
+      u.permit(:name, :email, :bio, :password, :current_password)
+    end
+  end
+
+  def configure_permitted_parameters
+    devise_parameter_sanitizer.permit(:sign_in) do |user_params|
+      user_params.permit(:username, :email)
+    end
   end
 end

app/models/user.rb

@@ -1,4 +1,11 @@
 class User < ApplicationRecord
+  # Include default devise modules. Others available are:
+  # :lockable, :timeoutable, :trackable and :omniauthable
+  devise :database_authenticatable, :registerable,
+         :recoverable, :rememberable, :validatable, :confirmable
+
+  before_create :set_default_photo
+
   has_many :posts, class_name: 'Post', foreign_key: :author_id
   has_many :comments, class_name: 'Comment', foreign_key: :user_id
   has_many :likes, class_name: 'Like', foreign_key: :user_id
@@ -9,4 +16,13 @@ class User < ApplicationRecord
   def most_recent_posts(n_limit = 3)
     posts.includes(:likes, :comments).order(created_at: :desc).limit(n_limit)
   end
+
+  private
+
+  def set_default_photo
+    photo_number = rand(1..5) # ? the below url can only handle 5 different photos.
+    photo_url = "https://robohash.org/accusantiumeaquea.png?size=200x200&set=set#{photo_number}"
+
+    self.photo ||= photo_url
+  end
 end

app/views/devise/confirmations/new.html.erb

@@ -0,0 +1,26 @@
+<main class="container mt-4" style="max-width: 900px; height: 80vh;">
+  <h2 class="text-muted text-center mb-4">Resend confirmation instructions &#128220;</h2>
+  <div style="max-width: 400px; margin: 0 auto;" class="mb-3">
+    <%= form_for(resource, as: resource_name, url: confirmation_path(resource_name),
+                           html: { method: :post },
+                           class: "form-control h-auto") do |f| %>
+
+      <%= render "devise/shared/error_messages", resource: resource %>
+
+      <div class="field">
+        <%= f.email_field :email, autofocus: true, autocomplete: "email",
+                                  placeholder: "Email",
+                                  class: "form-control mb-2",
+                                  value: (resource.pending_reconfirmation? ? resource.unconfirmed_email : resource.email) %>
+      </div>
+
+      <div class="actions">
+        <%= f.submit "Resend confirmation instructions",
+                     class: "btn btn-info px-2 py-1 w-100" %>
+      </div>
+    <% end %>
+
+  <%= render "devise/shared/links" %>
+  </div>
+</main>
+

app/views/devise/mailer/confirmation_instructions.html.erb

@@ -0,0 +1,5 @@
+<p>Welcome <%= @email %>!</p>
+
+<p>You can confirm your account email through the link below:</p>
+
+<p><%= link_to 'Confirm my account', confirmation_url(@resource, confirmation_token: @token) %></p>

app/views/devise/mailer/email_changed.html.erb

@@ -0,0 +1,7 @@
+<p>Hello <%= @email %>!</p>
+
+<% if @resource.try(:unconfirmed_email?) %>
+  <p>We're contacting you to notify you that your email is being changed to <%= @resource.unconfirmed_email %>.</p>
+<% else %>
+  <p>We're contacting you to notify you that your email has been changed to <%= @resource.email %>.</p>
+<% end %>

app/views/devise/mailer/password_change.html.erb

@@ -0,0 +1,3 @@
+<p>Hello <%= @resource.email %>!</p>
+
+<p>We're contacting you to notify you that your password has been changed.</p>

app/views/devise/mailer/reset_password_instructions.html.erb

@@ -0,0 +1,8 @@
+<p>Hello <%= @resource.email %>!</p>
+
+<p>Someone has requested a link to change your password. You can do this through the link below.</p>
+
+<p><%= link_to 'Change my password', edit_password_url(@resource, reset_password_token: @token) %></p>
+
+<p>If you didn't request this, please ignore this email.</p>
+<p>Your password won't change until you access the link above and create a new one.</p>

app/views/devise/mailer/unlock_instructions.html.erb

@@ -0,0 +1,7 @@
+<p>Hello <%= @resource.email %>!</p>
+
+<p>Your account has been locked due to an excessive number of unsuccessful sign in attempts.</p>
+
+<p>Click the link below to unlock your account:</p>
+
+<p><%= link_to 'Unlock my account', unlock_url(@resource, unlock_token: @token) %></p>

app/views/devise/passwords/edit.html.erb

@@ -0,0 +1,25 @@
+<h2>Change your password</h2>
+
+<%= form_for(resource, as: resource_name, url: password_path(resource_name), html: { method: :put }) do |f| %>
+  <%= render "devise/shared/error_messages", resource: resource %>
+  <%= f.hidden_field :reset_password_token %>
+
+  <div class="field">
+    <%= f.label :password, "New password" %><br />
+    <% if @minimum_password_length %>
+      <em>(<%= @minimum_password_length %> characters minimum)</em><br />
+    <% end %>
+    <%= f.password_field :password, autofocus: true, autocomplete: "new-password" %>
+  </div>
+
+  <div class="field">
+    <%= f.label :password_confirmation, "Confirm new password" %><br />
+    <%= f.password_field :password_confirmation, autocomplete: "new-password" %>
+  </div>
+
+  <div class="actions">
+    <%= f.submit "Change my password" %>
+  </div>
+<% end %>
+
+<%= render "devise/shared/links" %>

app/views/devise/passwords/new.html.erb

@@ -0,0 +1,25 @@
+<main class="container mt-4" style="max-width: 900px; height: 80vh;">
+  <h2 class="text-muted text-center mb-4">Forgot your password?</h2>
+  <div style="max-width: 400px; margin: 0 auto;" class="mb-3">
+    <%= form_for(resource, as: resource_name, url: password_path(resource_name),
+                           html: { method: :post },
+                           class: "form-control h-auto") do |f| %>
+
+      <%= render "devise/shared/error_messages", resource: resource %>
+
+      <div class="field">
+        <%= f.email_field :email, autofocus: true,
+                                  autocomplete: "email",
+                                  placeholder: "Email",
+                                  class: "form-control mb-2" %>
+      </div>
+
+      <div class="actions">
+        <%= f.submit "Send me reset password instructions",
+                     class: "btn btn-info px-2 py-1 w-100" %>
+      </div>
+    <% end %>
+
+    <%= render "devise/shared/links" %>
+  </div>
+</main>

app/views/devise/registrations/edit.html.erb

@@ -0,0 +1,43 @@
+<h2>Edit <%= resource_name.to_s.humanize %></h2>
+
+<%= form_for(resource, as: resource_name, url: registration_path(resource_name), html: { method: :put }) do |f| %>
+  <%= render "devise/shared/error_messages", resource: resource %>
+
+  <div class="field">
+    <%= f.label :email %><br />
+    <%= f.email_field :email, autofocus: true, autocomplete: "email" %>
+  </div>
+
+  <% if devise_mapping.confirmable? && resource.pending_reconfirmation? %>
+    <div>Currently waiting confirmation for: <%= resource.unconfirmed_email %></div>
+  <% end %>
+
+  <div class="field">
+    <%= f.label :password %> <i>(leave blank if you don't want to change it)</i><br />
+    <%= f.password_field :password, autocomplete: "new-password" %>
+    <% if @minimum_password_length %>
+      <br />
+      <em><%= @minimum_password_length %> characters minimum</em>
+    <% end %>
+  </div>
+
+  <div class="field">
+    <%= f.label :password_confirmation %><br />
+    <%= f.password_field :password_confirmation, autocomplete: "new-password" %>
+  </div>
+
+  <div class="field">
+    <%= f.label :current_password %> <i>(we need your current password to confirm your changes)</i><br />
+    <%= f.password_field :current_password, autocomplete: "current-password" %>
+  </div>
+
+  <div class="actions">
+    <%= f.submit "Update" %>
+  </div>
+<% end %>
+
+<h3>Cancel my account</h3>
+
+<div>Unhappy? <%= button_to "Cancel my account", registration_path(resource_name), data: { confirm: "Are you sure?", turbo_confirm: "Are you sure?" }, method: :delete %></div>
+
+<%= link_to "Back", :back %>

app/views/devise/registrations/new.html.erb

@@ -0,0 +1,43 @@
+<main class="container mt-4" style="max-width: 900px; height: 80vh;">
+  <h2 class="text-muted text-center mb-4">Sign up! &#128513;</h2>
+  <div style="max-width: 400px; margin: 0 auto;" class="mb-3">
+    <%= form_for(resource, as: resource_name, url: registration_path(resource_name), class: "form-control h-auto") do |f| %>
+
+      <%= render "devise/shared/error_messages", resource: resource %>
+
+      <div class="field">
+        <%= f.text_field :name, autofocus: true,
+                                autocomplete: "name",
+                                placeholder: "Name",
+                                class: "form-control mb-2" %>
+      </div>
+
+      <div class="field">
+        <%= f.email_field :email, autofocus: true,
+                                  autocomplete: "email",
+                                  placeholder: "Email",
+                                  class: "form-control mb-2" %>
+      </div>
+
+      <div class="field">
+        <%= f.password_field :password,
+                             autocomplete: "new-password",
+                             placeholder: "Password #{@minimum_password_length} characters minimum",
+                             class: "form-control mb-2" %>
+      </div>
+
+      <div class="field">
+        <%= f.password_field :password_confirmation,
+                             autocomplete: "new-password",
+                             placeholder: "Confirm password",
+                             class: "form-control mb-2" %>
+      </div>
+
+      <div class="actions">
+        <%= f.submit "Sign up", class: "btn btn-warning w-100" %>
+      </div>
+    <% end %>
+
+    <%= render "devise/shared/links" %>
+  </div>
+</main>

app/views/devise/sessions/new.html.erb

@@ -0,0 +1,36 @@
+<main class="container mt-4" style="max-width: 900px; height: 80vh;">
+  <h2 class="text-muted text-center mb-4">Log in</h2>
+  <div style="max-width: 400px; margin: 0 auto;" class="mb-3">
+    <%= form_for(resource, as: resource_name, url: session_path(resource_name),
+                           class: "form-control h-auto") do |f| %>
+
+      <div class="field">
+        <%= f.email_field :email, autofocus: true,
+                                  autocomplete: "email",
+                                  placeholder: "Email",
+                                  class: "form-control mb-2" %>
+      </div>
+
+      <div class="field">
+        <%= f.password_field :password,
+                             autocomplete: "current-password",
+                             placeholder: "Password",
+                             class: "form-control mb-2" %>
+      </div>
+
+      <% if devise_mapping.rememberable? %>
+        <div class="field">
+          <%= f.check_box :remember_me %>
+          <%= f.label :remember_me %>
+        </div>
+      <% end %>
+
+      <div class="actions">
+        <%= f.submit "Log in", class: "btn btn-success w-100" %>
+      </div>
+    <% end %>
+
+    <%= render "devise/shared/links", button_type: "btn-outline-warning" %>
+  </div>
+</main>
+

app/views/devise/shared/_error_messages.html.erb

@@ -0,0 +1,15 @@
+<% if resource.errors.any? %>
+  <div id="error_explanation" data-turbo-cache="false">
+    <h2>
+      <%= I18n.t("errors.messages.not_saved",
+                 count: resource.errors.count,
+                 resource: resource.class.model_name.human.downcase)
+       %>
+    </h2>
+    <ul>
+      <% resource.errors.full_messages.each do |message| %>
+        <li><%= message %></li>
+      <% end %>
+    </ul>
+  </div>
+<% end %>