Initial user model and account management flow

.env.test

@@ -0,0 +1,2 @@
+EMAIL_FROM=fake@example.com
+EMAIL_URL_HOST=localhost:3000

.gitignore

@@ -28,3 +28,5 @@
 /config/master.key
 
 /coverage
+.env
+.env.development

Gemfile

@@ -4,6 +4,7 @@ git_source(:github) { |repo| "https://github.com/#{repo}.git" }
 ruby '2.5.1'
 
 gem 'bootsnap', require: false
+gem 'devise'
 gem 'jbuilder'
 gem 'lograge'
 gem 'puma'
@@ -17,10 +18,12 @@ end
 
 group :development, :test do
   gem 'byebug', platforms: %i[mri mingw x64_mingw]
+  gem 'dotenv-rails'
   gem 'sqlite3'
 end
 
 group :development do
+  gem 'annotate'
   gem 'listen', '>= 3.0.5', '< 3.2'
   gem 'rubocop'
   gem 'web-console', '>= 3.3.0'

Gemfile.lock

@@ -44,10 +44,14 @@ GEM
       tzinfo (~> 1.1)
     addressable (2.5.2)
       public_suffix (>= 2.0.2, < 4.0)
+    annotate (2.7.4)
+      activerecord (>= 3.2, < 6.0)
+      rake (>= 10.4, < 13.0)
     archive-zip (0.11.0)
       io-like (~> 0.3.0)
     arel (9.0.0)
     ast (2.4.0)
+    bcrypt (3.1.12)
     bindex (0.5.0)
     bootsnap (1.3.2)
       msgpack (~> 1.0)
@@ -73,9 +77,19 @@ GEM
       term-ansicolor
       thor
     crass (1.0.4)
+    devise (4.5.0)
+      bcrypt (~> 3.0)
+      orm_adapter (~> 0.1)
+      railties (>= 4.1.0, < 6.0)
+      responders
+      warden (~> 1.2.3)
     docile (1.3.1)
     domain_name (0.5.20180417)
       unf (>= 0.0.5, < 1.0.0)
+    dotenv (2.5.0)
+    dotenv-rails (2.5.0)
+      dotenv (= 2.5.0)
+      railties (>= 3.2, < 6.0)
     erubi (1.7.1)
     execjs (2.7.0)
     ffi (1.9.25)
@@ -121,6 +135,7 @@ GEM
     nio4r (2.3.1)
     nokogiri (1.8.5)
       mini_portile2 (~> 2.3.0)
+    orm_adapter (0.5.0)
     parallel (1.12.1)
     parser (2.5.1.2)
       ast (~> 2.4.0)
@@ -162,6 +177,9 @@ GEM
       ffi (>= 0.5.0, < 2)
     request_store (1.4.1)
       rack (>= 1.4)
+    responders (2.4.0)
+      actionpack (>= 4.2.0, < 5.3)
+      railties (>= 4.2.0, < 5.3)
     rest-client (2.0.2)
       http-cookie (>= 1.0.2, < 2.0)
       mime-types (>= 1.16, < 4.0)
@@ -218,6 +236,8 @@ GEM
       unf_ext
     unf_ext (0.0.7.5)
     unicode-display_width (1.4.0)
+    warden (1.2.7)
+      rack (>= 1.0)
     web-console (3.7.0)
       actionview (>= 5.0)
       activemodel (>= 5.0)
@@ -233,11 +253,14 @@ PLATFORMS
   ruby
 
 DEPENDENCIES
+  annotate
   bootsnap
   byebug
   capybara (>= 2.15)
   chromedriver-helper
   coveralls
+  devise
+  dotenv-rails
   jbuilder
   listen (>= 3.0.5, < 3.2)
   lograge

README.md

@@ -1,6 +1,4 @@
-# TIMDEX is Messy Data Easily Xchanged
-
-(or something like that)
+# TIMDEX Is Making Discovery EXcellent @ MIT
 
 This application interfaces with an ElasticSearch backend and exposes a set of
 API Endpoints to allow registered users to query our data.
@@ -14,3 +12,25 @@ This repository contains Architecture Decision Records in the
 
 [adr-tools](https://github.com/npryce/adr-tools) should allow easy creation of
 additional records with a standardized template.
+
+# Developing this application
+
+- please `bundle exec annotate` when making changes to models to update the
+  internal documentation
+- don't commit your .env or .env.development, but do commit .env.test after
+  confirming your test values are not actual secrets that need protecting
+
+# Required Environment Variables (all ENVs)
+
+- `EMAIL_FROM`:  email address to send message from, including the registration
+  and forgot password messages.
+- `EMAIL_URL_HOST` - base url to use when sending emails that link back to the
+  application. In development, often `localhost:3000`. On heroku, often
+  `yourapp.herokuapp.com`. However, if you use a custom domain in production,
+  that should be the value you use in production.
+
+# Production required Environment Variables
+- `SMTP_ADDRESS`
+- `SMTP_PASSWORD`
+- `SMTP_PORT`
+- `SMTP_USER`

app.json

@@ -2,6 +2,12 @@
   "name": "timdex",
   "scripts": {},
   "env": {
+    "EMAIL_FROM": {
+      "required": true
+    },
+    "EMAIL_URL_HOST": {
+      "required": true
+    },
     "LANG": {
       "required": true
     },
@@ -19,6 +25,18 @@
     },
     "SECRET_KEY_BASE": {
       "required": true
+    },
+      "SMTP_ADDRESS": {
+      "required": true
+    },
+    "SMTP_PASSWORD": {
+      "required": true
+    },
+    "SMTP_PORT": {
+      "required": true
+    },
+    "SMTP_USER": {
+      "required": true
     }
   },
   "formation": {

app/models/user.rb

@@ -0,0 +1,26 @@
+# == Schema Information
+#
+# Table name: users
+#
+#  id                     :integer          not null, primary key
+#  email                  :string           default(""), not null
+#  encrypted_password     :string           default(""), not null
+#  reset_password_token   :string
+#  reset_password_sent_at :datetime
+#  remember_created_at    :datetime
+#  confirmation_token     :string
+#  confirmed_at           :datetime
+#  confirmation_sent_at   :datetime
+#  unconfirmed_email      :string
+#  failed_attempts        :integer          default(0), not null
+#  unlock_token           :string
+#  locked_at              :datetime
+#  created_at             :datetime         not null
+#  updated_at             :datetime         not null
+#
+
+class User < ApplicationRecord
+  devise :database_authenticatable, :registerable,
+         :recoverable, :rememberable, :validatable,
+         :confirmable, :lockable
+end

app/views/layouts/application.html.erb

@@ -10,6 +10,15 @@
   </head>
 
   <body>
+    <% if user_signed_in? %>
+      <%= link_to("Sign out", destroy_user_session_path, method: :delete, id: "sign_in", class: 'action-auth')  %>
+    <% else %>
+      <%= link_to("Sign in", new_user_session_path, id: "sign_in", class: 'action-auth') %>
+    <% end %>
+
+    <p class="notice"><%= notice %></p>
+    <p class="alert"><%= alert %></p>
+
     <%= yield %>
   </body>
 </html>

config/environments/development.rb

@@ -27,6 +27,8 @@
     config.cache_store = :null_store
   end
 
+  config.action_mailer.default_url_options = { host: ENV['EMAIL_URL_HOST'] }
+
   # Don't care if the mailer can't send.
   config.action_mailer.raise_delivery_errors = false
 

config/environments/production.rb

@@ -44,7 +44,7 @@
   # config.action_cable.allowed_request_origins = [ 'http://example.com', /http:\/\/example.*/ ]
 
   # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
-  # config.force_ssl = true
+  config.force_ssl = true
 
   # Use the lowest log level to ensure availability of diagnostic information
   # when problems arise.
@@ -66,6 +66,18 @@
   # Set this to true and configure the email server for immediate delivery to raise delivery errors.
   # config.action_mailer.raise_delivery_errors = false
 
+  config.action_mailer.default_url_options = { host: ENV['EMAIL_URL_HOST'] }
+
+  config.action_mailer.delivery_method = :smtp
+  config.action_mailer.smtp_settings = {
+    user_name: ENV['SMTP_USER'],
+    password: ENV['SMTP_PASSWORD'],
+    address: ENV['SMTP_ADDRESS'],
+    port: ENV['SMTP_PORT'],
+    authentication: 'login',
+    enable_starttls_auto: true
+  }
+
   # Enable locale fallbacks for I18n (makes lookups for any locale fall back to
   # the I18n.default_locale when a translation cannot be found).
   config.i18n.fallbacks = true

config/environments/test.rb

@@ -30,6 +30,8 @@
 
   config.action_mailer.perform_caching = false
 
+  config.action_mailer.default_url_options = { host: ENV['EMAIL_URL_HOST'] }
+
   # Tell Action Mailer not to deliver emails to the real world.
   # The :test delivery method accumulates sent emails in the
   # ActionMailer::Base.deliveries array.