Skip to content
This repository has been archived by the owner on Feb 16, 2023. It is now read-only.

Commit

Permalink
Browse files Browse the repository at this point in the history
Switched to using has_secure_password for authenticating.
Also added a page to change passwords. Fixes #33
  • Loading branch information
mjm committed Jan 27, 2012
1 parent 64ebd1e commit 930ced4
Show file tree
Hide file tree
Showing 9 changed files with 95 additions and 46 deletions.
1 change: 1 addition & 0 deletions Gemfile
Expand Up @@ -14,6 +14,7 @@ gem 'jquery-rails'
gem 'rdiscount'

gem 'thin'
gem 'bcrypt-ruby'

# Use unicorn as the web server
# gem 'unicorn'
Expand Down
6 changes: 4 additions & 2 deletions Gemfile.lock
Expand Up @@ -30,6 +30,7 @@ GEM
multi_json (~> 1.0)
ansi (1.4.1)
arel (3.0.0)
bcrypt-ruby (3.0.1)
builder (3.0.0)
coffee-script (2.2.0)
coffee-script-source
Expand All @@ -44,7 +45,7 @@ GEM
i18n (0.6.0)
journey (1.0.0)
jquery-rails (2.0.0)
railties (>= 3.2.0.beta, < 5.0)
railties (< 5.0, >= 3.2.0.beta)
thor (~> 0.14)
json (1.6.5)
mail (2.4.1)
Expand Down Expand Up @@ -85,7 +86,7 @@ GEM
sprockets (2.1.2)
hike (~> 1.2)
rack (~> 1.0)
tilt (~> 1.1, != 1.3.0)
tilt (!= 1.3.0, ~> 1.1)
sqlite3 (1.3.5)
thin (1.3.1)
daemons (>= 1.0.9)
Expand All @@ -107,6 +108,7 @@ PLATFORMS
ruby

DEPENDENCIES
bcrypt-ruby
coffee-script
jquery-rails
pg
Expand Down
17 changes: 16 additions & 1 deletion app/controllers/people_controller.rb
@@ -1,5 +1,6 @@
class PeopleController < ApplicationController
respond_to :html
before_filter :login_required, only: [:edit, :update]

def new
@person = Person.new
Expand All @@ -22,9 +23,23 @@ def create
end
end

def edit
end

def update
raise "Cannot update another user's profile" if params[:id].to_i != @current_user.id

@current_user.attributes = params[:person]
if @current_user.save
respond_with(@current_user, :location => places_url)
else
render :edit
end
end

def login
if request.post?
@current_user = Person.authenticate(params[:name], params[:password])
@current_user = Person.find_by_name(params[:name]).try(:authenticate, params[:password])
if @current_user
session[:user_id] = @current_user.id
@current_user.login_ip = request.remote_ip
Expand Down
20 changes: 3 additions & 17 deletions app/models/person.rb
@@ -1,6 +1,9 @@
require 'digest'

class Person < ActiveRecord::Base
has_secure_password
validates :password, presence: { on: :create }

has_one :vote, dependent: :destroy
has_one :place, through: :vote
has_one :car
Expand All @@ -10,23 +13,6 @@ class Person < ActiveRecord::Base
has_many :places

validates :name, presence: true, uniqueness: true
validates :password, confirmation: true

before_validation { write_attribute :name, name.strip }
before_create :hash_password

def self.hash_password(pass)
Digest::SHA2.hexdigest("--max-poops-2342arstarts-#{pass}--")
end

def self.authenticate(name, password)
find_by_name_and_password(name, hash_password(password))
end

private
def hash_password
write_attribute 'password', self.class.hash_password(self.password)
@password_confirmation = nil
end

end
23 changes: 23 additions & 0 deletions app/views/people/edit.html.erb
@@ -0,0 +1,23 @@
<div class="person-form">

<h1><%=t '.heading' %></h1>

<%= form_for @current_user do |f| -%>
<% unless @current_user.errors.empty? %>
<ul>
<% @current_user.errors.full_messages.each do |m| -%>
<li><%= m %></li>
<% end %>
</ul>
<% end %>
<%= f.label :name %>
<%= f.text_field :name, :autofocus => true %>
<%= f.label :password %>
<%= f.password_field :password %>
<%= f.label :password_confirmation %>
<%= f.password_field :password_confirmation %>
<%= f.submit %>
<% end %>

</div>
3 changes: 3 additions & 0 deletions config/locales/en.yml
Expand Up @@ -10,6 +10,8 @@ en:
failed: Your username or password was incorrect. Please try again.
new:
heading: Sign up to vote
edit:
heading: Edit profile
cars:
save:
success: Your car settings have been saved.
Expand Down Expand Up @@ -78,6 +80,7 @@ en:
submit:
person:
create: "Sign Up"
update: Save Changes
car:
create: Save Car
update: Save Car
Expand Down
1 change: 1 addition & 0 deletions config/routes.rb
Expand Up @@ -10,6 +10,7 @@

match 'login' => 'people#login', :as => :login
match 'logout' => 'people#logout', :as => :logout
match 'profile' => 'people#edit', :as => :profile

# The priority is based upon order of creation:
# first created -> highest priority.
Expand Down
17 changes: 17 additions & 0 deletions db/migrate/20120127200902_has_secure_password.rb
@@ -0,0 +1,17 @@
class HasSecurePassword < ActiveRecord::Migration
def up
remove_column :people, :password
add_column :people, :password_digest, :string

Person.all.each do |u|
u.password = "password"
u.password_confirmation = "password"
u.save
end
end

def down
remove_column :people, :password_digest
add_column :people, :password, :string
end
end
53 changes: 27 additions & 26 deletions db/schema.rb
@@ -1,3 +1,4 @@
# encoding: UTF-8
# This file is auto-generated from the current state of the database. Instead
# of editing this file, please use the migrations feature of Active Record to
# incrementally modify your database, and then regenerate this schema definition.
Expand All @@ -10,55 +11,55 @@
#
# It's strongly recommended to check this file into your version control system.

ActiveRecord::Schema.define(:version => 20110721002357) do
ActiveRecord::Schema.define(:version => 20120127200902) do

create_table "cars", :force => true do |t|
t.integer "person_id"
t.integer "seats"
t.datetime "created_at"
t.datetime "updated_at"
t.integer "person_id"
t.integer "seats"
t.timestamp "created_at"
t.timestamp "updated_at"
end

create_table "groups", :force => true do |t|
t.string "name"
t.integer "created_by_id"
t.datetime "created_at"
t.datetime "updated_at"
t.string "name"
t.integer "created_by_id"
t.timestamp "created_at"
t.timestamp "updated_at"
end

create_table "memberships", :force => true do |t|
t.integer "person_id"
t.integer "group_id"
t.datetime "created_at"
t.datetime "updated_at"
t.integer "person_id"
t.integer "group_id"
t.timestamp "created_at"
t.timestamp "updated_at"
end

create_table "people", :force => true do |t|
t.string "name"
t.string "password"
t.datetime "created_at"
t.datetime "updated_at"
t.boolean "has_car"
t.string "signup_ip"
t.string "login_ip"
t.string "password_digest"
end

create_table "places", :force => true do |t|
t.string "name"
t.boolean "walkable"
t.datetime "created_at"
t.datetime "updated_at"
t.integer "person_id"
t.time "leaving_at"
t.string "notes"
t.string "name"
t.boolean "walkable"
t.timestamp "created_at"
t.timestamp "updated_at"
t.integer "person_id"
t.time "leaving_at"
t.string "notes"
end

create_table "votes", :force => true do |t|
t.integer "place_id"
t.integer "person_id"
t.datetime "created_at"
t.datetime "updated_at"
t.integer "car_id"
t.integer "place_id"
t.integer "person_id"
t.timestamp "created_at"
t.timestamp "updated_at"
t.integer "car_id"
end

end

0 comments on commit 930ced4

Please sign in to comment.