Chapter 9

Gemfile

@@ -26,8 +26,10 @@ gem 'sdoc', '~> 0.4.0',          group: :doc
 # Spring speeds up development by keeping your application running in the background. Read more: https://github.com/rails/spring
 gem 'spring',        group: :development
 
+gem 'bootstrap-sass', '~> 3.1.0'
+
 # Use ActiveModel has_secure_password
-# gem 'bcrypt', '~> 3.1.7'
+gem 'bcrypt', '~> 3.1.7'
 
 # Use unicorn as the app server
 # gem 'unicorn'

Gemfile.lock

@@ -28,6 +28,9 @@ GEM
       thread_safe (~> 0.1)
       tzinfo (~> 1.1)
     arel (5.0.1.20140414130214)
+    bcrypt (3.1.9)
+    bootstrap-sass (3.1.1.1)
+      sass (~> 3.2)
     builder (3.2.2)
     coffee-rails (4.0.1)
       coffee-script (>= 2.2.0)
@@ -108,6 +111,8 @@ PLATFORMS
   ruby
 
 DEPENDENCIES
+  bcrypt (~> 3.1.7)
+  bootstrap-sass (~> 3.1.0)
   coffee-rails (~> 4.0.0)
   jbuilder (~> 2.0)
   jquery-rails

app/assets/javascripts/application.js

@@ -14,3 +14,4 @@
 //= require jquery_ujs
 //= require turbolinks
 //= require_tree .
+//= require bootstrap

app/assets/javascripts/sessions.js.coffee

@@ -0,0 +1,3 @@
+# Place all the behaviors and hooks related to the matching controller here.
+# All this logic will automatically be available in application.js.
+# You can use CoffeeScript in this file: http://coffeescript.org/

app/assets/stylesheets/application.css

@@ -11,5 +11,6 @@
  * file per style scope.
  *
  *= require_tree .
+ *= require bootstrap
  *= require_self
  */

app/assets/stylesheets/sessions.css.scss

@@ -0,0 +1,3 @@
+// Place all the styles related to the Sessions controller here.
+// They will automatically be included in application.css.
+// You can use Sass (SCSS) here: http://sass-lang.com/

app/controllers/application_controller.rb

@@ -2,4 +2,17 @@ class ApplicationController < ActionController::Base
   # Prevent CSRF attacks by raising an exception.
   # For APIs, you may want to use :null_session instead.
   protect_from_forgery with: :exception
+
+  private
+
+  def current_user
+    if session[:user_id]
+      @current_user ||= User.find(session[:user_id])
+    end
+  end
+  helper_method :current_user
+
+  def authenticate_user!
+    redirect_to login_path unless current_user
+  end
 end

app/controllers/posts_controller.rb

@@ -1,2 +1,13 @@
 class PostsController < ApplicationController
+  before_action :authenticate_user!
+
+  def index
+   user_ids = current_user.timeline_user_ids
+   @posts = Post.where(user_id: user_ids)
+              .order("created_at DESC")
+  end
+
+  def show
+    @post = Post.find(params[:id])
+  end
 end

app/controllers/sessions_controller.rb

@@ -0,0 +1,21 @@
+class SessionsController < ApplicationController
+  def new
+  end
+
+  def create
+    user = User.find_by(email: params[:email])
+
+    if user && user.authenticate(params[:password])
+      session[:user_id] = user.id
+      redirect_to root_url, notice: "Log in successful!"
+    else
+      flash.now.alert = "Invalid email or password"
+      render "new"
+    end
+  end
+
+  def destroy
+    session[:user_id] = nil
+    redirect_to root_url, notice: "Log out successful!"
+  end
+end

app/controllers/users_controller.rb

@@ -1,2 +1,22 @@
 class UsersController < ApplicationController
+  def new
+    @user = User.new
+  end
+
+  def create
+    @user = User.new(user_params)
+    if @user.save
+      redirect_to root_url,
+        notice: "Welcome to the site!"
+    else
+      render "new"
+    end
+  end
+
+  private
+
+  def user_params
+    params.require(:user).permit(:name, :email, :password,
+                                 :password_confirmation)
+  end
 end

app/helpers/sessions_helper.rb

@@ -0,0 +1,2 @@
+module SessionsHelper
+end

app/models/user.rb

@@ -14,6 +14,10 @@ class User < ActiveRecord::Base
 
   has_many :comments
 
+  has_secure_password
+
+  validates :email, presence: true, uniqueness: true
+
   def following?(leader)
     leaders.include? leader
   end
@@ -23,4 +27,8 @@ def follow!(leader)
       leaders << leader
     end
   end
+
+  def timeline_user_ids
+    leader_ids + [id]
+  end
 end

app/views/image_posts/_image_post.html.erb

@@ -0,0 +1,15 @@
+<div class="panel panel-default">
+  <div class="panel-heading">
+    <h3 class="panel-title">
+      <%= image_post.title %>
+    </h3>
+  </div>
+
+  <div class="panel-body">
+    <p><em>By <%= image_post.user.name %></em></p>
+
+    <%= image_tag image_post.url, class: "img-responsive" %>
+
+    <%= image_post.body %>
+ </div>
+</div>

app/views/layouts/application.html.erb

@@ -7,8 +7,24 @@
   <%= csrf_meta_tags %>
 </head>
 <body>
+  <div class="container">
+    <% if notice %>
+      <div class="alert alert-success"><%= notice %></div>
+    <% end %>
+    <% if alert %>
+      <div class="alert alert-danger"><%= alert %></div>
+    <% end %>
 
-<%= yield %>
+    <div class="pull-right">
+      <% if current_user %>
+        <%= link_to 'Log Out', logout_path %>
+      <% else %>
+        <%= link_to 'Log In', login_path %> or
+        <%= link_to 'Sign Up', signup_path %>
+      <% end %>
+    </div>
 
+    <%= yield %>
+  </div>
 </body>
 </html>

app/views/posts/index.html.erb

@@ -0,0 +1,5 @@
+<div class="page-header">
+  <h1>Home</h1>
+</div>
+
+<%= render @posts %>

app/views/posts/show.html.erb

@@ -0,0 +1,8 @@
+<div class="page-header">
+  <h1>Post</h1>
+</div>
+
+<%= render @post %>
+
+<%= link_to "Home", posts_path,
+      class: "btn btn-default" %>

app/views/sessions/new.html.erb

@@ -0,0 +1,19 @@
+<div class="page-header">
+  <h1>Log In</h1>
+</div>
+
+<%= form_tag sessions_path do %>
+  <div class="form-group">
+    <%= label_tag :email %>
+    <%= email_field_tag :email, params[:email],
+          class: "form-control" %>
+  </div>
+
+  <div class="form-group">
+    <%= label_tag :password %>
+    <%= password_field_tag :password, nil,
+          class: "form-control" %>
+  </div>
+
+  <%= submit_tag "Log In", class: "btn btn-primary" %>
+<% end %>

app/views/text_posts/_text_post.html.erb

@@ -0,0 +1,13 @@
+<div class="panel panel-default">
+  <div class="panel-heading">
+    <h3 class="panel-title">
+      <%= text_post.title %>
+    </h3>
+  </div>
+
+  <div class="panel-body">
+    <p><em>By <%= text_post.user.name %></em></p>
+
+    <%= text_post.body %>
+  </div>
+</div>

app/views/users/new.html.erb

@@ -0,0 +1,37 @@
+<div class="page-header">
+  <h1>Sign Up</h1>
+</div>
+
+<%= form_for(@user) do |f| %>
+  <% if @user.errors.any? %>
+    <div class="alert alert-danger">
+      <strong>
+        <%= pluralize(@user.errors.count, "error") %>
+        prevented you from signing up:
+      </strong>
+      <ul>
+        <% @user.errors.full_messages.each do |msg| %>
+          <li><%= msg %></li>
+        <% end %>
+      </ul>
+    </div>
+  <% end %>
+
+  <div class="form-group">
+    <%= f.label :email %>
+    <%= f.email_field :email, class: "form-control" %>
+  </div>
+
+  <div class="form-group">
+    <%= f.label :password %>
+    <%= f.password_field :password, class: "form-control" %>
+  </div>
+
+  <div class="form-group">
+    <%= f.label :password_confirmation %>
+    <%= f.password_field :password_confirmation,
+          class: "form-control" %>
+  </div>
+
+  <%= f.submit class: "btn btn-primary" %>
+<% end %>

config/routes.rb

@@ -1,66 +1,14 @@
 Rails.application.routes.draw do
   resources :comments
-
   resources :image_posts
-
   resources :text_posts
-
   resources :posts
-
   resources :users
+  resources :sessions
 
-  # The priority is based upon order of creation: first created -> highest priority.
-  # See how all your routes lay out with "rake routes".
-
-  # You can have the root of your site routed with "root"
-  # root 'welcome#index'
-
-  # Example of regular route:
-  #   get 'products/:id' => 'catalog#view'
-
-  # Example of named route that can be invoked with purchase_url(id: product.id)
-  #   get 'products/:id/purchase' => 'catalog#purchase', as: :purchase
-
-  # Example resource route (maps HTTP verbs to controller actions automatically):
-  #   resources :products
-
-  # Example resource route with options:
-  #   resources :products do
-  #     member do
-  #       get 'short'
-  #       post 'toggle'
-  #     end
-  #
-  #     collection do
-  #       get 'sold'
-  #     end
-  #   end
-
-  # Example resource route with sub-resources:
-  #   resources :products do
-  #     resources :comments, :sales
-  #     resource :seller
-  #   end
-
-  # Example resource route with more complex sub-resources:
-  #   resources :products do
-  #     resources :comments
-  #     resources :sales do
-  #       get 'recent', on: :collection
-  #     end
-  #   end
-
-  # Example resource route with concerns:
-  #   concern :toggleable do
-  #     post 'toggle'
-  #   end
-  #   resources :posts, concerns: :toggleable
-  #   resources :photos, concerns: :toggleable
+  get 'signup', to: 'users#new', as: 'signup'
+  get 'login', to: 'sessions#new', as: 'login'
+  get 'logout', to: 'sessions#destroy', as: 'logout'
 
-  # Example resource route within a namespace:
-  #   namespace :admin do
-  #     # Directs /admin/products/* to Admin::ProductsController
-  #     # (app/controllers/admin/products_controller.rb)
-  #     resources :products
-  #   end
+  root 'posts#index'
 end

db/migrate/20141123234747_add_password_digist_to_users.rb

@@ -0,0 +1,5 @@
+class AddPasswordDigistToUsers < ActiveRecord::Migration
+  def change
+    add_column :users, :password_digest, :string
+  end
+end

db/schema.rb

@@ -11,7 +11,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 20141112024623) do
+ActiveRecord::Schema.define(version: 20141123234747) do
 
   create_table "comments", force: true do |t|
     t.text     "body"
@@ -51,6 +51,7 @@
     t.string   "email"
     t.datetime "created_at"
     t.datetime "updated_at"
+    t.string   "password_digest"
   end
 
 end

test/controllers/sessions_controller_test.rb

@@ -0,0 +1,7 @@
+require 'test_helper'
+
+class SessionsControllerTest < ActionController::TestCase
+  # test "the truth" do
+  #   assert true
+  # end
+end

test/helpers/sessions_helper_test.rb

@@ -0,0 +1,4 @@
+require 'test_helper'
+
+class SessionsHelperTest < ActionView::TestCase
+end