lesson 13 - authentication with devise

Gemfile

@@ -11,4 +11,5 @@ end
 gem 'paperclip'
 gem 'RedCloth'
 gem 'jquery-rails'
-gem 'menu_builder'
+gem 'menu_builder'
+gem 'devise'

Gemfile.lock

@@ -30,8 +30,14 @@ GEM
       i18n (~> 0.6)
       multi_json (~> 1.0)
     arel (3.0.2)
+    bcrypt-ruby (3.0.1)
     builder (3.0.0)
     cocaine (0.2.1)
+    devise (2.1.2)
+      bcrypt-ruby (~> 3.0)
+      orm_adapter (~> 0.1)
+      railties (~> 3.1)
+      warden (~> 1.2.1)
     erubis (2.7.0)
     execjs (1.4.0)
       multi_json (~> 1.0)
@@ -51,6 +57,7 @@ GEM
       activemodel (> 3.0)
     mime-types (1.19)
     multi_json (1.3.6)
+    orm_adapter (0.4.0)
     paperclip (3.1.4)
       activemodel (>= 3.0.0)
       activerecord (>= 3.0.0)
@@ -102,12 +109,15 @@ GEM
     uglifier (1.2.7)
       execjs (>= 0.3.0)
       multi_json (~> 1.3)
+    warden (1.2.1)
+      rack (>= 1.0)
 
 PLATFORMS
   ruby
 
 DEPENDENCIES
   RedCloth
+  devise
   jquery-rails
   menu_builder
   paperclip

app/controllers/admin/base_controller.rb

@@ -1,5 +1,6 @@
 class Admin::BaseController < ApplicationController
 
   layout 'admin'
+  before_filter :authenticate_user!
 
 end

app/controllers/admin/passwords_controller.rb

@@ -0,0 +1,3 @@
+class Admin::PasswordsController < Devise::PasswordsController
+  layout "admin"
+end

app/controllers/admin/sessions_controller.rb

@@ -0,0 +1,3 @@
+class Admin::SessionsController < Devise::SessionsController
+  layout 'admin'
+end

app/controllers/admin/users_controller.rb

@@ -0,0 +1,37 @@
+class Admin::UsersController < Admin::BaseController
+
+  menu_item :users
+
+  def index
+    @users = User.all
+    respond_with @users
+  end
+
+  def new
+    @user = User.new
+    respond_with @user
+  end
+
+  def edit
+    @user = User.find(params[:id])
+  end
+
+  def create
+    @user = User.new(params[:user])
+    flash[:notice] = 'User was successfully created.' if @user.save
+    respond_with @user, :location => [:admin, :users]
+  end
+
+  def update
+    @user = User.find(params[:id])
+    flash[:notice] = 'User was successfully updated.' if @user.update_attributes(params[:user])
+    respond_with @user, :location => [:admin, :users]
+  end
+
+  def destroy
+    @user = User.find(params[:id])
+    @user.destroy
+    respond_with @user, :location => [:admin, :users]
+  end
+
+end

app/controllers/posts_controller.rb

@@ -9,7 +9,9 @@ def index
 
     @posts = @posts.published
 
-    respond_with @posts
+    respond_with @posts do |format|
+      format.atom
+    end
   end
 
   def show

app/models/post.rb

@@ -13,6 +13,8 @@ class Post < ActiveRecord::Base
   belongs_to :author, class_name: "User", foreign_key: "author_id"
   has_and_belongs_to_many :categories
 
+  delegate :full_name, to: :author, prefix: true
+
   def self.published
     where("draft = ? AND published_at < ?", false, Time.current)
   end
@@ -24,7 +26,7 @@ def self.search(terms)
   def to_param
     "#{id}-#{slug}"
   end
-
+  
   protected
 
   def generate_slug

app/models/user.rb

@@ -1,11 +1,12 @@
 class User < ActiveRecord::Base
-  attr_accessible :email, :first_name, :last_name
+  devise :database_authenticatable, :recoverable,
+         :rememberable, :trackable, :validatable
 
-  has_many :posts, foreign_key: "author_id"
+  attr_accessible :email, :password, :password_confirmation, 
+    :remember_me, :first_name, :last_name
 
-  validates_presence_of :email, :first_name, :last_name
-  validates_uniqueness_of :email
-  validates_format_of :email, :with => /\A([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})\Z/i, :allow_blank => true
+  has_many :posts, foreign_key: "author_id"
+  validates_presence_of :first_name, :last_name
 
   def full_name
     "#{first_name} #{last_name}".titleize

app/views/admin/users/_form.html.erb

@@ -0,0 +1,17 @@
+<%= form_for [:admin, @user] do |f| %>
+
+  <%= error_messages_for @user %>
+
+  <p><%= f.text_field :full_name, :placeholder => "full name" %></p>
+  <p><%= f.text_field :email, :placeholder => "email" %></p>
+  <p><%= f.password_field :password, :placeholder => "password" %></p>
+  <p><%= f.password_field :password_confirmation, :placeholder => "password confirmation" %></p>
+
+  <hr class="thick" />
+
+  <p>
+    <%= f.submit :class => "button" %>
+    or <%= link_to "cancel", admin_users_path %>
+  </p>
+
+<% end %>

app/views/admin/users/edit.html.erb

@@ -0,0 +1,3 @@
+<h2>Edit user</h2>
+
+<%= render 'form' %>

app/views/admin/users/index.html.erb

@@ -0,0 +1,22 @@
+<h2>Users</h2>
+
+<ul class="list">
+  <% @users.each do |user| %>
+    <%= content_tag_for :li, user, :class => cycle(:odd, :even) do %>
+      <%= link_to "#{user.full_name} (#{user.email})", [:admin, user] %>
+
+      <div class="right">
+        <%= link_to_edit [:edit, :admin, user] %>
+        <%= link_to_destroy [:admin, user] unless current_user == user %>
+      </div>
+    <% end %>
+  <% end %>
+</ul>
+
+<hr class="thick" />
+
+<div class="bar">
+  <div class="right">
+    <%= link_to 'New user', new_admin_user_path, :class => "button" %>
+  </div>
+</div>

app/views/admin/users/new.html.erb

@@ -0,0 +1,3 @@
+<h2>New user</h2>
+
+<%= render 'form' %>

app/views/devise/passwords/edit.html.erb

@@ -0,0 +1,18 @@
+<h2>Change your password</h2>
+
+<%= form_for(resource, :as => resource_name, :url => password_path(resource_name), :html => { :method => :put }) do |f| %>
+  <%= devise_error_messages! %>
+
+  <%= f.hidden_field :reset_password_token %>
+
+  <p><%= f.password_field :password, :placeholder => "password"  %></p>
+  <p><%= f.password_field :password_confirmation, :placeholder => "password confirmation" %></p>
+
+  <hr class="thick" />
+
+  <p>
+    <%= f.submit "Change my password", :class => "button" %>
+    or <%= link_to "cancel", new_user_session_path %>
+  </p>
+
+<% end %>

app/views/devise/passwords/new.html.erb

@@ -0,0 +1,17 @@
+<h2>Forgot your password?</h2>
+
+<%= form_for(resource, :as => resource_name, :url => password_path(resource_name), :html => { :method => :post }) do |f| %>
+  <%= devise_error_messages! %>
+
+  <p>
+    <%= f.text_field :email, :placeholder => "email" %>
+  </p>
+
+  <hr class="thick" />
+
+  <p>
+    <%= f.submit "Send reset instructions", :class => "button" %>
+    or <%= link_to "cancel", new_user_session_path %>
+  </p>
+
+<% end %>

app/views/devise/sessions/new.html.erb

@@ -0,0 +1,19 @@
+<h2>Sign in</h2>
+
+<%= form_for(resource, :as => resource_name, :url => session_path(resource_name)) do |f| %>
+
+  <p><%= f.text_field :email, :placeholder => ta(User, :email) %></p>
+  <p><%= f.password_field :password, :placeholder => ta(User, :password) %></p>
+
+  <% if devise_mapping.rememberable? -%>
+    <p><%= f.check_box :remember_me %> <%= f.label :remember_me %></p>
+  <% end -%>
+
+  <hr class="thick" />
+
+  <p>
+    <%= f.submit "Sign in", :class => "button" %>
+    or <%= link_to "forgot your password?", new_password_path(resource_name) %>
+  </p>
+
+<% end %>

app/views/layouts/admin.html.erb

@@ -11,16 +11,21 @@
 
   <div id="wrapper">
     <div id="header">
-      <div id="main-nav">
-        <%= menu do |m| %>
-          <%= m.dashboard 'Dashboard', "#" %>
-          <%= m.posts 'Posts', admin_posts_path %>
-          <%= m.assets 'Assets', admin_assets_path %>
-          <%= m.changelog 'Changelog', "#" %>
-          <%= m.faqs 'FAQ', "#" %>
-          <%= m.inquiries 'Inquiries', "#" %>
-        <% end %>
-      </div>
+      <% if user_signed_in? %>
+        <div id="main-nav">
+          <%= menu do |m| %>
+            <%= m.dashboard 'Dashboard', "#" %>
+            <%= m.posts 'Posts', admin_posts_path %>
+            <%= m.assets 'Assets', admin_assets_path %>
+            <%= m.inquiries 'Inquiries', "#" %>
+            <%= m.users 'Users', admin_users_path %>
+          <% end %>
+        </div>
+
+        <div id="user-bar">
+          <%= link_to "Logout", destroy_user_session_path, :method => "delete" %>
+        </div>
+      <% end %>
     </div>
 
     <div id="content-wrapper">

app/views/posts/_sidebar.html.erb

@@ -20,8 +20,8 @@
   <h3>Keep in touch</h3>
 
   <ul class="squared">
-    <li>FOLLOW US ON <strong style="color:#d7412c">TWITTER</strong></li>
-    <li>SUBSCRIBE TO OUR <strong style="color:#d7412c">FEED</strong></li>
+    <li>FOLLOW US ON <strong><%= link_to "TWITTER", "http://twitter.com/egenial" %></strong></li>
+    <li>SUBSCRIBE TO OUR <strong><%= link_to "FEED", posts_path(:format => :atom) %></strong></li>
   </ul>
 
 </div>

app/views/posts/index.atom.builder

@@ -0,0 +1,18 @@
+atom_feed do |feed|
+  feed.title    "Rails feed"
+  feed.updated  @posts.last.try(:updated_at)
+
+  @posts.each do |post|
+    feed.entry post do |entry|
+
+      entry.title    post.title
+      entry.content  textilize(post.body), :type => 'html'
+      entry.updated  post.updated_at
+
+      entry.author do |author|
+        author.name post.author_full_name
+      end
+
+    end
+  end
+end

config/environments/development.rb

@@ -34,4 +34,6 @@
 
   # Expands the lines which load the assets
   config.assets.debug = true
+
+  config.action_mailer.default_url_options = { :host => 'localhost:3000' }
 end

config/environments/production.rb

@@ -64,4 +64,6 @@
   # Log the query plan for queries taking more than this (works
   # with SQLite, MySQL, and PostgreSQL)
   # config.active_record.auto_explain_threshold_in_seconds = 0.5
+
+  config.assets.initialize_on_precompile = false
 end