From 918de4c188e3b40324f37e914f05684355ff09b3 Mon Sep 17 00:00:00 2001 From: Haby Randall Date: Mon, 1 May 2017 06:09:50 -0700 Subject: [PATCH 01/10] Adding create to sessions controller --- .gitignore | 1 + Gemfile | 4 ++++ Gemfile.lock | 30 +++++++++++++++++++++++++++++- config/initializers/omniauth.rb | 1 + config/routes.rb | 5 +++-- 5 files changed, 38 insertions(+), 3 deletions(-) create mode 100644 config/initializers/omniauth.rb diff --git a/.gitignore b/.gitignore index 48fb168..05702bc 100644 --- a/.gitignore +++ b/.gitignore @@ -15,3 +15,4 @@ # Ignore Byebug command history file. .byebug_history +.env diff --git a/Gemfile b/Gemfile index 24756e7..da45544 100644 --- a/Gemfile +++ b/Gemfile @@ -38,6 +38,9 @@ gem 'jbuilder', '~> 2.5' # Use the Foundation CSS framework gem 'foundation-rails' +#Oauth +gem 'omniauth' +gem 'omniauth-github' group :development, :test do # Call 'byebug' anywhere in the code to stop execution and get a debugger console @@ -64,6 +67,7 @@ group :development do # Spring speeds up development by keeping your application running in the background. Read more: https://github.com/rails/spring gem 'spring' gem 'spring-watcher-listen', '~> 2.0.0' + gem 'dotenv-rails' end # Windows does not include zoneinfo files, so bundle the tzinfo-data gem diff --git a/Gemfile.lock b/Gemfile.lock index 4d99ffe..c5d34ba 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -60,8 +60,14 @@ GEM execjs coffee-script-source (1.12.2) concurrent-ruby (1.0.5) + dotenv (2.2.0) + dotenv-rails (2.2.0) + dotenv (= 2.2.0) + railties (>= 3.2, < 5.1) erubis (2.7.0) execjs (2.7.0) + faraday (0.11.0) + multipart-post (>= 1.2, < 3) ffi (1.9.18) foundation-rails (6.3.0.0) railties (>= 3.1.0) @@ -69,6 +75,7 @@ GEM sprockets-es6 (>= 0.9.0) globalid (0.3.7) activesupport (>= 4.1.0) + hashie (3.5.5) i18n (0.8.1) jbuilder (2.6.3) activesupport (>= 3.0.0, < 5.2) @@ -77,6 +84,7 @@ GEM rails-dom-testing (>= 1, < 3) railties (>= 4.2.0) thor (>= 0.14, < 2.0) + jwt (1.5.6) listen (3.0.8) rb-fsevent (~> 0.9, >= 0.9.4) rb-inotify (~> 0.9, >= 0.9.7) @@ -104,9 +112,26 @@ GEM minitest (~> 5.0) rails (>= 4.1) multi_json (1.12.1) + multi_xml (0.6.0) + multipart-post (2.0.0) nio4r (2.0.0) nokogiri (1.7.1) mini_portile2 (~> 2.1.0) + oauth2 (1.3.1) + faraday (>= 0.8, < 0.12) + jwt (~> 1.0) + multi_json (~> 1.3) + multi_xml (~> 0.5) + rack (>= 1.2, < 3) + omniauth (1.6.1) + hashie (>= 3.4.6, < 3.6.0) + rack (>= 1.6.2, < 3) + omniauth-github (1.2.3) + omniauth (~> 1.5) + omniauth-oauth2 (>= 1.4.0, < 2.0) + omniauth-oauth2 (1.4.0) + oauth2 (~> 1.0) + omniauth (~> 1.2) pg (0.20.0) pry (0.10.4) coderay (~> 1.1.0) @@ -196,6 +221,7 @@ DEPENDENCIES better_errors byebug coffee-rails (~> 4.2) + dotenv-rails foundation-rails jbuilder (~> 2.5) jquery-rails @@ -204,6 +230,8 @@ DEPENDENCIES minitest-reporters minitest-skip minitest-spec-rails + omniauth + omniauth-github pg (~> 0.18) pry-rails puma (~> 3.0) @@ -220,4 +248,4 @@ RUBY VERSION ruby 2.4.0p0 BUNDLED WITH - 1.14.4 + 1.14.6 diff --git a/config/initializers/omniauth.rb b/config/initializers/omniauth.rb new file mode 100644 index 0000000..3490cd4 --- /dev/null +++ b/config/initializers/omniauth.rb @@ -0,0 +1 @@ +Rails.application.config.middleware.use OmniAuth::Builder do provider :github, ENV["GITHUB_CLIENT_ID"], ENV["GITHUB_CLIENT_SECRET"], scope: "user:email" end diff --git a/config/routes.rb b/config/routes.rb index 4352c93..9e6bc27 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -1,8 +1,9 @@ Rails.application.routes.draw do # For details on the DSL available within this file, see http://guides.rubyonrails.org/routing.html root 'works#root' - get '/login', to: 'sessions#login_form', as: 'login' - post '/login', to: 'sessions#login' + get "/auth/:provider/callback", to: "sessions#create" + # get '/login', to: 'sessions#login_form', as: 'login' + # post '/login', to: 'sessions#login' post '/logout', to: 'sessions#logout', as: 'logout' # Build the category routes for albums, books and movies From e2532abca7655e136908fad922acfdf66cb55a7e Mon Sep 17 00:00:00 2001 From: Haby Randall Date: Mon, 1 May 2017 06:23:37 -0700 Subject: [PATCH 02/10] Create method in sessions controller --- app/controllers/sessions_controller.rb | 64 ++++++++++++++++++-------- 1 file changed, 44 insertions(+), 20 deletions(-) diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index 5bce99e..a34dc42 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -1,29 +1,53 @@ class SessionsController < ApplicationController - def login_form - end - def login - username = params[:username] - if username and user = User.find_by(username: username) - session[:user_id] = user.id - flash[:status] = :success - flash[:result_text] = "Successfully logged in as existing user #{user.username}" + + def create + auth_hash = request.env['omniauth.auth'] + user = User.find_by(uid: auth_hash["uid"], provider: auth_hash["provider"]) + + # if its not there (in the DB) then make/save it + if user.nil? + user = User.create_from_github(auth_hash) + end + + if user.nil? + flash[:error] = "Could not log in." + redirect_to root_path else - user = User.new(username: username) - if user.save - session[:user_id] = user.id - flash[:status] = :success - flash[:result_text] = "Successfully created new user #{user.username} with ID #{user.id}" - else - flash.now[:status] = :failure - flash.now[:result_text] = "Could not log in" - flash.now[:messages] = user.errors.messages - render "login_form", status: :bad_request - return - end + session[:user_id] = user.id + flash[:success] = "Created new account" + redirect_to root_path end + else + session[:user_id] = user.id + flash[:success] = "Logged in successfully!" redirect_to root_path end + # def login_form + # end + # + # def login + # username = params[:username] + # if username and user = User.find_by(username: username) + # session[:user_id] = user.id + # flash[:status] = :success + # flash[:result_text] = "Successfully logged in as existing user #{user.username}" + # else + # user = User.new(username: username) + # if user.save + # session[:user_id] = user.id + # flash[:status] = :success + # flash[:result_text] = "Successfully created new user #{user.username} with ID #{user.id}" + # else + # flash.now[:status] = :failure + # flash.now[:result_text] = "Could not log in" + # flash.now[:messages] = user.errors.messages + # render "login_form", status: :bad_request + # return + # end + # end + # redirect_to root_path + # end def logout session[:user_id] = nil From 0a4a8ea485e100fc62fc2795fe835f6d0528d074 Mon Sep 17 00:00:00 2001 From: Haby Randall Date: Mon, 1 May 2017 06:46:07 -0700 Subject: [PATCH 03/10] Added migration to user model for uid and provider columns --- app/views/layouts/application.html.erb | 20 +++++++++++++------ config/routes.rb | 4 ++-- .../20170501133750_add_columns_to_user.rb | 6 ++++++ db/schema.rb | 4 +++- 4 files changed, 25 insertions(+), 9 deletions(-) create mode 100644 db/migrate/20170501133750_add_columns_to_user.rb diff --git a/app/views/layouts/application.html.erb b/app/views/layouts/application.html.erb index 9231526..28c6872 100644 --- a/app/views/layouts/application.html.erb +++ b/app/views/layouts/application.html.erb @@ -18,15 +18,23 @@
- <% if @login_user %> -

Logged in as <%= link_to @login_user.username, user_path(@login_user) %>

- <%= link_to "Log Out", logout_path, method: :post, class: "button float-right" %> + <% unless + session[:user_id] %> +

<%= link_to "Sign in", "/auth/github" %> <% else %> + <%= link_to "Sign out", logout_path, method: :delete %> + <% end %>

+ + + <% if flash[:result_text] or flash[:messages] %>
diff --git a/config/routes.rb b/config/routes.rb index 9e6bc27..f9b6a89 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -1,10 +1,10 @@ Rails.application.routes.draw do # For details on the DSL available within this file, see http://guides.rubyonrails.org/routing.html root 'works#root' - get "/auth/:provider/callback", to: "sessions#create" + get "/auth/github/callback", to: "sessions#create" # get '/login', to: 'sessions#login_form', as: 'login' # post '/login', to: 'sessions#login' - post '/logout', to: 'sessions#logout', as: 'logout' + delete '/logout', to: 'sessions#logout', as: 'logout' # Build the category routes for albums, books and movies category_constraints = { category: /(albums)|(books)|(movies)/} diff --git a/db/migrate/20170501133750_add_columns_to_user.rb b/db/migrate/20170501133750_add_columns_to_user.rb new file mode 100644 index 0000000..cab6914 --- /dev/null +++ b/db/migrate/20170501133750_add_columns_to_user.rb @@ -0,0 +1,6 @@ +class AddColumnsToUser < ActiveRecord::Migration[5.0] + def change + add_column :users, :uid, :integer, null: false + add_column :users, :provider, :string, null: false + end +end diff --git a/db/schema.rb b/db/schema.rb index 6bc8ba5..43009a1 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -10,7 +10,7 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema.define(version: 20170407164321) do +ActiveRecord::Schema.define(version: 20170501133750) do # These are extensions that must be enabled in order to support this database enable_extension "plpgsql" @@ -19,6 +19,8 @@ t.string "username" t.datetime "created_at", null: false t.datetime "updated_at", null: false + t.integer "uid", null: false + t.string "provider", null: false end create_table "votes", force: :cascade do |t| From ff78283a4d76a75bf17e3281e476b71c9a80c11f Mon Sep 17 00:00:00 2001 From: Haby Randall Date: Mon, 1 May 2017 07:02:20 -0700 Subject: [PATCH 04/10] Adding require login methods to application controller --- app/controllers/application_controller.rb | 13 +++++++++++++ app/controllers/sessions_controller.rb | 4 ++-- app/models/user.rb | 16 ++++++++++++++++ 3 files changed, 31 insertions(+), 2 deletions(-) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 087352a..327c29d 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -2,6 +2,19 @@ class ApplicationController < ActionController::Base protect_from_forgery with: :exception before_action :find_user + before_action :require_login, only: [:current_user] + helper_method :current_user + + def require_login + if !session[:user_id] + flash[:warning] = "You must be logged in as a user to view this page" + redirect_to root_path + end + end + + def current_user + @logged_in_user ||= User.find(session[:user_id]) if session[:user_id] + end def render_404 # DPR: supposedly this will actually render a 404 page in production diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index a34dc42..0b8d897 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -12,7 +12,7 @@ def create if user.nil? flash[:error] = "Could not log in." - redirect_to root_path + # redirect_to :back else session[:user_id] = user.id flash[:success] = "Created new account" @@ -21,7 +21,7 @@ def create else session[:user_id] = user.id flash[:success] = "Logged in successfully!" - redirect_to root_path + # redirect_to root_path end # def login_form # end diff --git a/app/models/user.rb b/app/models/user.rb index 4cac8fe..369b01c 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -3,4 +3,20 @@ class User < ApplicationRecord has_many :ranked_works, through: :votes, source: :work validates :username, uniqueness: true, presence: true + + + def self.create_from_github(auth_hash) + user = User.new + + if auth_hash["uid"] == nil || auth_hash["provider"] == nil || auth_hash["info"] == nil + return nil + end + + user.uid = auth_hash["uid"] + user.provider = auth_hash["provider"] + user.username = auth_hash["info"]["name"] + + + user.save ? user : nil + end end From 96e67e0d1b4f068b76045901859d613a9fc2009a Mon Sep 17 00:00:00 2001 From: Haby Randall Date: Mon, 1 May 2017 07:11:51 -0700 Subject: [PATCH 05/10] Guest users can only see index when not signed in --- app/controllers/application_controller.rb | 2 +- app/controllers/sessions_controller.rb | 2 +- app/controllers/users_controller.rb | 1 + app/controllers/works_controller.rb | 1 + 4 files changed, 4 insertions(+), 2 deletions(-) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 327c29d..ca14cc7 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -7,7 +7,7 @@ class ApplicationController < ActionController::Base def require_login if !session[:user_id] - flash[:warning] = "You must be logged in as a user to view this page" + flash[:error] = "You must be logged in as a user to view this page" redirect_to root_path end end diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index 0b8d897..5fec5d4 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -1,5 +1,5 @@ class SessionsController < ApplicationController - +before_action :require_login, only: [:logout], raise: false def create auth_hash = request.env['omniauth.auth'] diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 73b4265..538520c 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -1,4 +1,5 @@ class UsersController < ApplicationController + before_action :require_login, except: [:index] def index @users = User.all end diff --git a/app/controllers/works_controller.rb b/app/controllers/works_controller.rb index 8ac0bcc..2b7bd2b 100644 --- a/app/controllers/works_controller.rb +++ b/app/controllers/works_controller.rb @@ -3,6 +3,7 @@ class WorksController < ApplicationController # of work we're dealing with before_action :category_from_url, only: [:index, :new, :create] before_action :category_from_work, except: [:root, :index, :new, :create] + before_action :require_login, except: [:root] def root @albums = Work.best_albums From 8daac43ae2bd8e78738c7f6661d9a45ca1b21d72 Mon Sep 17 00:00:00 2001 From: Haby Randall Date: Mon, 1 May 2017 07:24:12 -0700 Subject: [PATCH 06/10] Added require ownership method to works controller --- app/controllers/users_controller.rb | 2 +- app/controllers/works_controller.rb | 11 ++++++++++- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 538520c..dead0ab 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -1,5 +1,5 @@ class UsersController < ApplicationController - before_action :require_login, except: [:index] + before_action :require_login def index @users = User.all end diff --git a/app/controllers/works_controller.rb b/app/controllers/works_controller.rb index 2b7bd2b..b2af8a3 100644 --- a/app/controllers/works_controller.rb +++ b/app/controllers/works_controller.rb @@ -90,7 +90,7 @@ def upvote redirect_back fallback_location: works_path(@media_category), status: status end -private + private def media_params params.require(:work).permit(:title, :category, :creator, :description, :publication_year) end @@ -104,4 +104,13 @@ def category_from_work render_404 unless @work @media_category = @work.category.downcase.pluralize end + + def require_ownership + require_login + @work = Work.find_by(id: params[:id]) + if @work.user_id != @logged_in_user.id + flash[:error] = "You must be the owner of this work to make this change" + redirect_to :back + end + end end From 000f32c02c29349ea006d9c281fe43dcc5795f71 Mon Sep 17 00:00:00 2001 From: Haby Randall Date: Mon, 1 May 2017 07:39:52 -0700 Subject: [PATCH 07/10] Added create user id session to works controller --- app/controllers/application_controller.rb | 4 ++-- app/controllers/works_controller.rb | 2 ++ 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index ca14cc7..0c64bcc 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -23,8 +23,8 @@ def render_404 private def find_user - if session[:user_id] - @login_user = User.find_by(id: session[:user_id]) + unless session[:user_id].nil? + @logged_in_user = User.find_by(id: session[:user_id]) end end end diff --git a/app/controllers/works_controller.rb b/app/controllers/works_controller.rb index b2af8a3..17c2f31 100644 --- a/app/controllers/works_controller.rb +++ b/app/controllers/works_controller.rb @@ -3,6 +3,7 @@ class WorksController < ApplicationController # of work we're dealing with before_action :category_from_url, only: [:index, :new, :create] before_action :category_from_work, except: [:root, :index, :new, :create] + before_action :require_ownership, only: [:edit, :update, :destroy] before_action :require_login, except: [:root] def root @@ -23,6 +24,7 @@ def new def create @work = Work.new(media_params) + @work.user_id = session[:user_id] if @work.save flash[:status] = :success flash[:result_text] = "Successfully created #{@media_category.singularize} #{@work.id}" From 443c46d899105b7a6cc8294e81580d5095d2801c Mon Sep 17 00:00:00 2001 From: Haby Randall Date: Mon, 1 May 2017 07:47:44 -0700 Subject: [PATCH 08/10] Added user id column to works --- db/migrate/20170501144635_add_user_id_column_to_works.rb | 5 +++++ db/schema.rb | 4 +++- 2 files changed, 8 insertions(+), 1 deletion(-) create mode 100644 db/migrate/20170501144635_add_user_id_column_to_works.rb diff --git a/db/migrate/20170501144635_add_user_id_column_to_works.rb b/db/migrate/20170501144635_add_user_id_column_to_works.rb new file mode 100644 index 0000000..2944d1b --- /dev/null +++ b/db/migrate/20170501144635_add_user_id_column_to_works.rb @@ -0,0 +1,5 @@ +class AddUserIdColumnToWorks < ActiveRecord::Migration[5.0] + def change + add_reference :works, :user + end +end diff --git a/db/schema.rb b/db/schema.rb index 43009a1..cc74e69 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -10,7 +10,7 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema.define(version: 20170501133750) do +ActiveRecord::Schema.define(version: 20170501144635) do # These are extensions that must be enabled in order to support this database enable_extension "plpgsql" @@ -41,6 +41,8 @@ t.datetime "updated_at", null: false t.integer "vote_count", default: 0 t.integer "publication_year" + t.integer "user_id" + t.index ["user_id"], name: "index_works_on_user_id", using: :btree end add_foreign_key "votes", "users" From f16de3279ff06f574b75e1ed11a31a45d86a2e99 Mon Sep 17 00:00:00 2001 From: Haby Randall Date: Mon, 1 May 2017 08:55:08 -0700 Subject: [PATCH 09/10] Edited flash notices to existing notices on application --- app/controllers/application_controller.rb | 4 +++- app/controllers/sessions_controller.rb | 11 +++++++---- app/controllers/works_controller.rb | 3 ++- app/models/work.rb | 1 + 4 files changed, 13 insertions(+), 6 deletions(-) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 0c64bcc..7f7bc82 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -7,7 +7,9 @@ class ApplicationController < ActionController::Base def require_login if !session[:user_id] - flash[:error] = "You must be logged in as a user to view this page" + flash[:status] = :failure + flash[:result_text] = + "You must be logged in as a user to view this page" redirect_to root_path end end diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index 5fec5d4..2a521c3 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -11,17 +11,20 @@ def create end if user.nil? - flash[:error] = "Could not log in." + flash[:status] = :failure + flash[:result_text] = "Could not log in." # redirect_to :back else session[:user_id] = user.id - flash[:success] = "Created new account" + flash[:status] = :success + flash[:result_text] = "Created new account" redirect_to root_path end else session[:user_id] = user.id - flash[:success] = "Logged in successfully!" - # redirect_to root_path + flash[:status] = :success + flash[:result_text] = "Logged in successfully!" + # redirect_to root_path end # def login_form # end diff --git a/app/controllers/works_controller.rb b/app/controllers/works_controller.rb index 17c2f31..207a68c 100644 --- a/app/controllers/works_controller.rb +++ b/app/controllers/works_controller.rb @@ -111,7 +111,8 @@ def require_ownership require_login @work = Work.find_by(id: params[:id]) if @work.user_id != @logged_in_user.id - flash[:error] = "You must be the owner of this work to make this change" + flash[:status] = :failure + flash[:result_text] = "You must be the owner of this work to make this change" redirect_to :back end end diff --git a/app/models/work.rb b/app/models/work.rb index 7b27fd3..6c16c7e 100644 --- a/app/models/work.rb +++ b/app/models/work.rb @@ -1,6 +1,7 @@ class Work < ApplicationRecord has_many :votes, dependent: :destroy has_many :ranking_users, through: :votes, source: :user + belongs_to :user validates :category, presence: true, inclusion: { in: %w(album book movie) } From 0d85404d574e00c4f255de26eaf61d13094ac1e6 Mon Sep 17 00:00:00 2001 From: Haby Randall Date: Mon, 1 May 2017 09:00:10 -0700 Subject: [PATCH 10/10] Fixed find user method in application controller --- app/controllers/works_controller.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/app/controllers/works_controller.rb b/app/controllers/works_controller.rb index 207a68c..60dd7cc 100644 --- a/app/controllers/works_controller.rb +++ b/app/controllers/works_controller.rb @@ -71,8 +71,8 @@ def upvote # For status codes, see # http://stackoverflow.com/questions/3825990/http-response-code-for-post-when-resource-already-exists flash[:status] = :failure - if @login_user - vote = Vote.new(user: @login_user, work: @work) + if @logged_in_user + vote = Vote.new(user: @logged_in_user, work: @work) if vote.save flash[:status] = :success flash[:result_text] = "Successfully upvoted!"