Queues - Ting Wong - Media Ranker oAuth

.gitignore

@@ -15,3 +15,6 @@
 
 # Ignore Byebug command history file.
 .byebug_history
+
+# Hide .env files
+.env

Gemfile

@@ -36,6 +36,10 @@ gem 'jbuilder', '~> 2.5'
 # Use Capistrano for deployment
 # gem 'capistrano-rails', group: :development
 
+gem "omniauth"
+gem "omniauth-github"
+gem "omniauth-google-oauth2", "~> 0.2.1"
+
 # Use the Foundation CSS framework
 gem 'foundation-rails'
 
@@ -48,6 +52,7 @@ group :development, :test do
 
   # Use pry for rails console
   gem 'pry-rails'
+  gem 'binding_of_caller'
 end
 
 group :test do
@@ -64,6 +69,7 @@ group :development do
   # Spring speeds up development by keeping your application running in the background. Read more: https://github.com/rails/spring
   gem 'spring'
   gem 'spring-watcher-listen', '~> 2.0.0'
+  gem 'dotenv-rails'
 end
 
 # Windows does not include zoneinfo files, so bundle the tzinfo-data gem

Gemfile.lock

@@ -38,6 +38,8 @@ GEM
       i18n (~> 0.7)
       minitest (~> 5.1)
       tzinfo (~> 1.1)
+    addressable (2.5.1)
+      public_suffix (~> 2.0, >= 2.0.2)
     ansi (1.5.0)
     arel (7.1.4)
     babel-source (5.8.35)
@@ -49,6 +51,8 @@ GEM
       erubis (>= 2.6.6)
       rack (>= 0.9.0)
     bindex (0.5.0)
+    binding_of_caller (0.7.2)
+      debug_inspector (>= 0.0.1)
     builder (3.2.3)
     byebug (9.0.6)
     coderay (1.1.1)
@@ -60,15 +64,23 @@ GEM
       execjs
     coffee-script-source (1.12.2)
     concurrent-ruby (1.0.5)
+    debug_inspector (0.0.2)
+    dotenv (2.2.0)
+    dotenv-rails (2.2.0)
+      dotenv (= 2.2.0)
+      railties (>= 3.2, < 5.1)
     erubis (2.7.0)
     execjs (2.7.0)
+    faraday (0.11.0)
+      multipart-post (>= 1.2, < 3)
     ffi (1.9.18)
     foundation-rails (6.3.0.0)
       railties (>= 3.1.0)
       sass (>= 3.3.0, < 3.5)
       sprockets-es6 (>= 0.9.0)
     globalid (0.3.7)
       activesupport (>= 4.1.0)
+    hashie (3.5.5)
     i18n (0.8.1)
     jbuilder (2.6.3)
       activesupport (>= 3.0.0, < 5.2)
@@ -77,6 +89,7 @@ GEM
       rails-dom-testing (>= 1, < 3)
       railties (>= 4.2.0)
       thor (>= 0.14, < 2.0)
+    jwt (1.5.6)
     listen (3.0.8)
       rb-fsevent (~> 0.9, >= 0.9.4)
       rb-inotify (~> 0.9, >= 0.9.7)
@@ -104,16 +117,40 @@ GEM
       minitest (~> 5.0)
       rails (>= 4.1)
     multi_json (1.12.1)
+    multi_xml (0.6.0)
+    multipart-post (2.0.0)
     nio4r (2.0.0)
     nokogiri (1.7.1)
       mini_portile2 (~> 2.1.0)
+    oauth2 (1.3.1)
+      faraday (>= 0.8, < 0.12)
+      jwt (~> 1.0)
+      multi_json (~> 1.3)
+      multi_xml (~> 0.5)
+      rack (>= 1.2, < 3)
+    omniauth (1.6.1)
+      hashie (>= 3.4.6, < 3.6.0)
+      rack (>= 1.6.2, < 3)
+    omniauth-github (1.2.3)
+      omniauth (~> 1.5)
+      omniauth-oauth2 (>= 1.4.0, < 2.0)
+    omniauth-google-oauth2 (0.2.8)
+      addressable (~> 2.3)
+      jwt (~> 1.0)
+      multi_json (~> 1.3)
+      omniauth (>= 1.1.1)
+      omniauth-oauth2 (>= 1.1.1)
+    omniauth-oauth2 (1.4.0)
+      oauth2 (~> 1.0)
+      omniauth (~> 1.2)
     pg (0.20.0)
     pry (0.10.4)
       coderay (~> 1.1.0)
       method_source (~> 0.8.1)
       slop (~> 3.4)
     pry-rails (0.3.4)
       pry (>= 0.9.10)
+    public_suffix (2.0.5)
     puma (3.8.2)
     rack (2.0.1)
     rack-test (0.6.3)
@@ -194,8 +231,10 @@ PLATFORMS
 
 DEPENDENCIES
   better_errors
+  binding_of_caller
   byebug
   coffee-rails (~> 4.2)
+  dotenv-rails
   foundation-rails
   jbuilder (~> 2.5)
   jquery-rails
@@ -204,6 +243,9 @@ DEPENDENCIES
   minitest-reporters
   minitest-skip
   minitest-spec-rails
+  omniauth
+  omniauth-github
+  omniauth-google-oauth2 (~> 0.2.1)
   pg (~> 0.18)
   pry-rails
   puma (~> 3.0)
@@ -220,4 +262,4 @@ RUBY VERSION
    ruby 2.4.0p0
 
 BUNDLED WITH
-   1.14.4
+   1.14.6

app/assets/stylesheets/application.scss

@@ -19,6 +19,11 @@
    color: slategrey;
  }
 
+ .flash {
+   color: red;
+   font-size: 3rem;
+ }
+
  .page-header {
    max-width: 100%;
    background: image-url('owl.jpg');

app/controllers/application_controller.rb

@@ -1,17 +1,26 @@
 class ApplicationController < ActionController::Base
   protect_from_forgery with: :exception
 
-  before_action :find_user
+  before_action :lookup_user
+
 
   def render_404
     # DPR: supposedly this will actually render a 404 page in production
     raise ActionController::RoutingError.new('Not Found')
   end
 
-private
-  def find_user
-    if session[:user_id]
-      @login_user = User.find_by(id: session[:user_id])
+  private
+  def lookup_user
+    unless session[:user_id].nil?
+      @current_user = User.find_by(id: session[:user_id])
+    end
+  end
+
+  def require_login
+    lookup_user
+    if @current_user.nil?
+      flash[:result_text] = "You need to be logged to see that page"
+      redirect_to root_path
     end
   end
 end

app/controllers/sessions_controller.rb

@@ -2,25 +2,52 @@ class SessionsController < ApplicationController
   def login_form
   end
 
+  # def login
+  #   username = params[:username]
+  #   if username and user = User.find_by(username: username)
+  #     session[:user_id] = user.id
+  #     flash[:status] = :success
+  #     flash[:result_text] = "Successfully logged in as existing user #{user.username}"
+  #   else
+  #     user = User.new(username: username)
+  #     if user.save
+  #       session[:user_id] = user.id
+  #       flash[:status] = :success
+  #       flash[:result_text] = "Successfully created new user #{user.username} with ID #{user.id}"
+  #     else
+  #       flash.now[:status] = :failure
+  #       flash.now[:result_text] = "Could not log in"
+  #       flash.now[:messages] = user.errors.messages
+  #       render "login_form", status: :bad_request
+  #       return
+  #     end
+  #   end
+  #   redirect_to root_path
+  # end
+  #
+
   def login
-    username = params[:username]
-    if username and user = User.find_by(username: username)
-      session[:user_id] = user.id
-      flash[:status] = :success
-      flash[:result_text] = "Successfully logged in as existing user #{user.username}"
-    else
-      user = User.new(username: username)
+    auth_hash = request.env['omniauth.auth']
+    user = User.from_github(auth_hash)
+
+    #attempt to find these credentials in our DB
+    user = User.find_by(oauth_provider: params[:provider], oauth_uid: auth_hash["uid"])
+    if user.nil?
+    # Don't know this user, build a new user
+      user = User.from_github(auth_hash)
       if user.save
         session[:user_id] = user.id
-        flash[:status] = :success
-        flash[:result_text] = "Successfully created new user #{user.username} with ID #{user.id}"
+        flash[:result_text] = "Successfully logged in as new user: #{user.username}"
       else
-        flash.now[:status] = :failure
-        flash.now[:result_text] = "Could not log in"
-        flash.now[:messages] = user.errors.messages
-        render "login_form", status: :bad_request
-        return
+        flash[:result_text] = "Login unsuccessful"
+        user.errors.messages.each do |field, problem|
+          flash[:field] = problem.join(', ')
+        end
       end
+    else
+      #Welcome back!
+      session[:user_id] = user.id
+      flash[:result_text] = "Welcome back, #{user.username}"
     end
     redirect_to root_path
   end

app/controllers/works_controller.rb

@@ -3,6 +3,8 @@ class WorksController < ApplicationController
   # of work we're dealing with
   before_action :category_from_url, only: [:index, :new, :create]
   before_action :category_from_work, except: [:root, :index, :new, :create]
+  before_action :require_login, except: [:root]
+  before_action :auth_user, only:[:edit, :destroy, :update]
 
   def root
     @albums = Work.best_albums
@@ -21,7 +23,16 @@ def new
   end
 
   def create
-    @work = Work.new(media_params)
+    work_info = {
+      title: media_params[:title],
+      creator: media_params[:creator],
+      description: media_params[:description],
+      category: @media_category,
+      publication_year: media_params[:publication_year],
+      user_id: @current_user.id
+    }
+
+    @work = Work.new(work_info)
     if @work.save
       flash[:status] = :success
       flash[:result_text] = "Successfully created #{@media_category.singularize} #{@work.id}"
@@ -35,7 +46,8 @@ def create
   end
 
   def show
-    @votes = @work.votes.order(created_at: :desc)
+      @votes = @work.votes.order(created_at: :desc)
+      flash[:message] = "You need to login to see this"
   end
 
   def edit
@@ -89,7 +101,7 @@ def upvote
     redirect_back fallback_location: works_path(@media_category), status: status
   end
 
-private
+  private
   def media_params
     params.require(:work).permit(:title, :category, :creator, :description, :publication_year)
   end
@@ -103,4 +115,13 @@ def category_from_work
     render_404 unless @work
     @media_category = @work.category.downcase.pluralize
   end
+
+  def auth_user
+    lookup_user
+    unless @current_user.id == Work.find_by(id: params[:id]).user_id
+      flash[:result_text] = "You are not authorized for this action!"
+      status = :unauthorized
+      redirect_to root_path
+    end
+  end
 end

app/models/user.rb

@@ -1,6 +1,16 @@
 class User < ApplicationRecord
   has_many :votes
+  has_many :works
   has_many :ranked_works, through: :votes, source: :work
 
   validates :username, uniqueness: true, presence: true
+
+  def self.from_github(auth_hash)
+    user = User.new
+    user.username = auth_hash["info"]["nickname"]
+    user.email = auth_hash["info"]["email"]
+    user.oauth_uid = auth_hash["uid"]
+    user.oauth_provider = "github"
+    return user
+  end
 end

app/models/work.rb

@@ -1,5 +1,6 @@
 class Work < ApplicationRecord
   has_many :votes, dependent: :destroy
+  belongs_to :user
   has_many :ranking_users, through: :votes, source: :user
 
   validates :category,  presence: true,

app/views/layouts/application.html.erb

@@ -18,16 +18,20 @@
 
     <!-- TODO DPR: this looks really silly when the screen size is small -->
     <div class="columns large-3 small-12">
-      <% if @login_user %>
-        <p class="text-right">Logged in as <%= link_to @login_user.username, user_path(@login_user) %></p>
-        <%= link_to "Log Out", logout_path, method: :post, class: "button float-right" %>
-      <% else %>
-        <p class="text-right">Not logged in</p>
-        <%= link_to "Log In", login_path, class: "button float-right" %>
-      <% end %>
-    </div>
+      <section class="user-info">
+          <% if @current_user %>
+            <p class="text-right">Logged in as <%= link_to @current_user.username, user_path(@current_user) %></p>
+            <%= link_to "Log Out", logout_path, method: :post, class: "button float-right" %>
+          <% else %>
+            <p class="text-right">Not logged in</p>
+            <%= link_to "Log In", "/auth/github", class: "button float-right" %>
+          <% end %>
+        </section>
+      </div>
   </header>
 
+
+
   <% if flash[:result_text] or flash[:messages] %>
     <section class="row status <%= flash[:status] %>">
       <h3><%= flash[:status] == :failure ? "A problem occurred: " : "" %><%= flash[:result_text] %></h3>

app/views/works/show.html.erb

@@ -1,3 +1,4 @@
+
 <article class="media-details columns large-6 small-12">
   <h3><%= @work.title %></h3>
   <p>Created by: <%= @work.creator %></p>

config/initializers/omniauth.rb

@@ -0,0 +1,9 @@
+Rails.application.config.middleware.use OmniAuth::Builder do
+  provider :github, ENV["GITHUB_CLIENT_ID"], ENV["GITHUB_CLIENT_SECRET"], scope: "user:email"
+end
+
+OmniAuth.config.logger = Rails.logger
+
+Rails.application.config.middleware.use OmniAuth::Builder do
+  provider :google_oauth2, 'my Google client id', 'my Google client secret', {client_options: {ssl: {ca_file: Rails.root.join("cacert.pem").to_s}}}
+end