Permalink
Browse files

added user authentication and sessions

  • Loading branch information...
1 parent 514c9a1 commit d6f8c6a3691232a4c3a85690f47e49a46deb9a3b @verdi327 verdi327 committed Apr 5, 2012
View
2 .gitignore
@@ -8,7 +8,7 @@
/.bundle
# Ignore the default SQLite database.
-#/db/*.sqlite3
+/db/*.sqlite3
# Ignore all logfiles and tempfiles.
/log/*.log
View
1 Gemfile
@@ -27,4 +27,5 @@ group :development, :test do
gem 'guard-rspec'
gem 'simplecov'
gem 'growl'
+ gem 'bcrypt-ruby'
end
View
2 Gemfile.lock
@@ -30,6 +30,7 @@ GEM
multi_json (~> 1.0)
addressable (2.2.7)
arel (3.0.2)
+ bcrypt-ruby (3.0.1)
builder (3.0.0)
capybara (1.1.2)
mime-types (>= 1.16)
@@ -164,6 +165,7 @@ PLATFORMS
ruby
DEPENDENCIES
+ bcrypt-ruby
capybara
coffee-rails (~> 3.2.1)
fabrication
View
3 app/assets/javascripts/sessions.js.coffee
@@ -0,0 +1,3 @@
+# Place all the behaviors and hooks related to the matching controller here.
+# All this logic will automatically be available in application.js.
+# You can use CoffeeScript in this file: http://jashkenas.github.com/coffee-script/
View
3 app/assets/stylesheets/sessions.css.scss
@@ -0,0 +1,3 @@
+// Place all the styles related to the sessions controller here.
+// They will automatically be included in application.css.
+// You can use Sass (SCSS) here: http://sass-lang.com/
View
20 app/controllers/sessions_controller.rb
@@ -0,0 +1,20 @@
+class SessionsController < ApplicationController
+ def new
+ end
+
+ def create
+ user = User.find_by_email_address(params[:email])
+ if user && user.authenticate(params[:password])
+ session[:user_id] = user.id
+ redirect_to root_url, :notice => "Welcome, #{user.full_name}"
+ else
+ render :new, :notice => 'Try again'
@KeeperPat
KeeperPat Apr 19, 2012

I see that you're setting a notice, but I don't see any feedback on a failed login: http://screencast.com/t/hOSHL7H5l

@athal7
athal7 Apr 19, 2012

good catch, thanks for pointing it out and sending

+ end
+ end
+
+ def destroy
+ session[:user_id] = nil
+ redirect_to root_url, :notice => 'Thanks for Visting'
+ end
+
+end
View
7 app/controllers/users_controller.rb
@@ -1,5 +1,12 @@
class UsersController < ApplicationController
before_filter :lookup_user, :only => [:show, :edit, :destroy, :update]
+ before_filter :require_user
+
+ def require_user
+ if session[:user_id] == nil
+ redirect_to root_url, :notice => "No way! You Need Admin Access"
+ end
+ end
def index
@users = User.all
View
2 app/helpers/sessions_helper.rb
@@ -0,0 +1,2 @@
+module SessionsHelper
+end
View
11 app/helpers/users_helper.rb
@@ -1,2 +1,13 @@
module UsersHelper
+
+ def logged_in?
+ session[:user_id]
+ end
+
+ def current_user
+ if session[:user_id]
+ return User.find(session[:user_id])
+ end
+ end
+
end
View
3 app/models/user.rb
@@ -1,5 +1,6 @@
class User < ActiveRecord::Base
- attr_accessible :email_address, :full_name, :display_name
+ attr_accessible :email_address, :full_name, :display_name, :password, :password_confirmation
+ has_secure_password
validates_presence_of :full_name, :email_address
validates_format_of :email_address, :with => /\A([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})\Z/
View
12 app/views/layouts/application.html.erb
@@ -36,7 +36,14 @@
</li>
<li><%= link_to "Price List" %></li>
<li><%= link_to "Contact Us" %></li>
- <li><%= link_to "Cart" %></li>
+ <% if logged_in? %>
+ <li><%= link_to "Cart", user_url(current_user) %></li>
+ <li><%= link_to "My Account", user_url(current_user) %></li>
+ <li><%= link_to "Logout", logout_path, :method => :delete %>
+ <% else %>
+ <li><%= link_to "Sign-In", login_page_path %></li>
+ <li><%= link_to "Sign-Up", new_user_path %></li>
+ <% end %>
</ul>
</div>
</div>
@@ -47,6 +54,9 @@
<div class="row">
<div class="span9"><%= yield %></div>
<div class="span3">
+ <div class="row">
+ <div class="span4"><%= notice %></div>
+ </div>
<h2>About Us</h2>
Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.
</div>
View
2 app/views/sessions/create.html.erb
@@ -0,0 +1,2 @@
+<h1>Sessions#create</h1>
+<p>Find me in app/views/sessions/create.html.erb</p>
View
2 app/views/sessions/destroy.html.erb
@@ -0,0 +1,2 @@
+<h1>Sessions#destroy</h1>
+<p>Find me in app/views/sessions/destroy.html.erb</p>
View
13 app/views/sessions/new.html.erb
@@ -0,0 +1,13 @@
+<h1>Please Sign In Below</h1>
+
+<%= form_tag sessions_create_url do %>
+<%=label_tag :email %>
+<br />
+<%= text_field_tag :email %>
+<br />
+<%=label_tag :password %>
+<br />
+<%= password_field_tag :password %>
+<br />
+<%= submit_tag 'Sign-In' %>
+<% end %>
View
8 app/views/users/_form.html.erb
@@ -11,5 +11,13 @@
<br />
<%= f.text_field :display_name %>
<br />
+ <%= f.label :password %>
+ <br />
+ <%= f.password_field :password %>
+ <br />
+ <%= f.label :password_confirmation %>
+ <br />
+ <%= f.password_field :password_confirmation %>
+ <br />
<%= f.submit %>
<% end %>
View
7 app/views/users/show.html.erb
@@ -1,10 +1,13 @@
-<h1><%= @user.display_name %></h1>
+<h1>Welcome Back, <%= @user.display_name %></h1>
<p>
<%= @user.full_name %>
- <br /> <%= @user.email_address %>
+ <br />
+ <%= @user.email_address %>
</p>
+<h2>Billing Information</h2>
+
<%= link_to "Edit", edit_user_path %>
<%= link_to "Destroy", user_path(@user), :method => :delete, confirm: "Delete \"#{@user.display_name}\"?" %>
<%= link_to "Back to All Users", users_path %>
View
60 config/routes.rb
@@ -1,63 +1,13 @@
StoreEngine::Application.routes.draw do
+
+ get 'sessions/new', :as => 'login_page'
+ post 'sessions/create', :as => 'login'
+ delete 'sessions/destroy', :as => 'logout'
+
resources :users
resources :products
resources :categories
resources :orders
root to: "products#index"
- # The priority is based upon order of creation:
- # first created -> highest priority.
-
- # Sample of regular route:
- # match 'products/:id' => 'catalog#view'
- # Keep in mind you can assign values other than :controller and :action
-
- # Sample of named route:
- # match 'products/:id/purchase' => 'catalog#purchase', :as => :purchase
- # This route can be invoked with purchase_url(:id => product.id)
-
- # Sample resource route (maps HTTP verbs to controller actions automatically):
- # resources :products
-
- # Sample resource route with options:
- # resources :products do
- # member do
- # get 'short'
- # post 'toggle'
- # end
- #
- # collection do
- # get 'sold'
- # end
- # end
-
- # Sample resource route with sub-resources:
- # resources :products do
- # resources :comments, :sales
- # resource :seller
- # end
-
- # Sample resource route with more complex sub-resources
- # resources :products do
- # resources :comments
- # resources :sales do
- # get 'recent', :on => :collection
- # end
- # end
-
- # Sample resource route within a namespace:
- # namespace :admin do
- # # Directs /admin/products/* to Admin::ProductsController
- # # (app/controllers/admin/products_controller.rb)
- # resources :products
- # end
-
- # You can have the root of your site routed with "root"
- # just remember to delete public/index.html.
- # root :to => 'welcome#index'
-
- # See how all your routes lay out with "rake routes"
- # This is a legacy wild controller route that's not recommended for RESTful applications.
- # Note: This route will make all actions in every controller accessible via GET requests.
- # match ':controller(/:action(/:id))(.:format)'
end
View
BIN db/development.sqlite3
Binary file not shown.
View
5 db/migrate/20120404211452_add_password_digest_to_user.rb
@@ -0,0 +1,5 @@
+class AddPasswordDigestToUser < ActiveRecord::Migration
+ def change
+ add_column :users, :password_digest, :string
+ end
+end
View
7 db/schema.rb
@@ -11,7 +11,7 @@
#
# It's strongly recommended to check this file into your version control system.
-ActiveRecord::Schema.define(:version => 20120404194450) do
+ActiveRecord::Schema.define(:version => 20120404211452) do
create_table "categories", :force => true do |t|
t.string "name"
@@ -56,8 +56,9 @@
t.string "email_address"
t.string "full_name"
t.string "display_name"
- t.datetime "created_at", :null => false
- t.datetime "updated_at", :null => false
+ t.datetime "created_at", :null => false
+ t.datetime "updated_at", :null => false
+ t.string "password_digest"
end
end
View
26 spec/controllers/sessions_controller_spec.rb
@@ -0,0 +1,26 @@
+require 'spec_helper'
+
+describe SessionsController do
+
+ describe "GET 'new'" do
+ it "returns http success" do
+ get 'new'
+ response.should be_success
+ end
+ end
+
+ describe "GET 'create'" do
+ it "returns http success" do
+ get 'create'
+ response.should be_success
+ end
+ end
+
+ describe "GET 'destroy'" do
+ it "returns http success" do
+ get 'destroy'
+ response.should be_success
+ end
+ end
+
+end
View
15 spec/helpers/sessions_helper_spec.rb
@@ -0,0 +1,15 @@
+require 'spec_helper'
+
+# Specs in this file have access to a helper object that includes
+# the SessionsHelper. For example:
+#
+# describe SessionsHelper do
+# describe "string concat" do
+# it "concats two strings with spaces" do
+# helper.concat_strings("this","that").should == "this that"
+# end
+# end
+# end
+describe SessionsHelper do
+ pending "add some examples to (or delete) #{__FILE__}"
+end
View
5 spec/views/sessions/create.html.erb_spec.rb
@@ -0,0 +1,5 @@
+require 'spec_helper'
+
+describe "sessions/create.html.erb" do
+ pending "add some examples to (or delete) #{__FILE__}"
+end
View
5 spec/views/sessions/destroy.html.erb_spec.rb
@@ -0,0 +1,5 @@
+require 'spec_helper'
+
+describe "sessions/destroy.html.erb" do
+ pending "add some examples to (or delete) #{__FILE__}"
+end
View
5 spec/views/sessions/new.html.erb_spec.rb
@@ -0,0 +1,5 @@
+require 'spec_helper'
+
+describe "sessions/new.html.erb" do
+ pending "add some examples to (or delete) #{__FILE__}"
+end

0 comments on commit d6f8c6a

Please sign in to comment.