Merge branch '28-devise-integration' into 'init19'

Resolve "devise integration" Closes #28 See merge request !19

Merge branch '28-devise-integration' into 'init19'
Resolve "devise integration" Closes #28 See merge request !19
8b95925b · pei-chi.huang · e09b9ba2 · c6f0bef8 · 8b95925b · 8b95925b
Commit 8b95925b authored Mar 06, 2020 by pei-chi.huang
--- a/Gemfile
+++ b/Gemfile
@@ -6,6 +6,8 @@ gem 'rails', '~> 5.0.0'

 gem 'bcrypt','~>3.1.11'

+gem 'devise'
+
 gem 'will_paginate',   '~> 3.1.0'
 gem 'bootstrap-will_paginate', '~> 0.0.10'
 gem 'font-awesome-rails'

--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -92,6 +92,12 @@ GEM
    delayed_job_active_record (4.1.4)
      activerecord (>= 3.0, < 6.1)
      delayed_job (>= 3.0, < 5)
+    devise (4.7.1)
+      bcrypt (~> 3.0)
+      orm_adapter (~> 0.1)
+      railties (>= 4.1.0)
+      responders
+      warden (~> 1.2.3)
    dotenv (2.7.5)
    dotenv-rails (2.7.5)
      dotenv (= 2.7.5)
@@ -136,6 +142,7 @@ GEM
    nio4r (2.5.2)
    nokogiri (1.10.5)
      mini_portile2 (~> 2.4.0)
+    orm_adapter (0.5.0)
    pdf-core (0.7.0)
    pg (1.1.4)
    prawn (2.2.2)
@@ -174,6 +181,9 @@ GEM
    rb-fsevent (0.10.3)
    rb-inotify (0.10.0)
      ffi (~> 1.0)
+    responders (2.4.1)
+      actionpack (>= 4.2.0, < 6.0)
+      railties (>= 4.2.0, < 6.0)
    rubyzip (2.0.0)
    sablon (0.3.2)
      nokogiri (>= 1.8.5)
@@ -217,6 +227,8 @@ GEM
    unicorn (5.5.1)
      kgio (~> 2.6)
      raindrops (~> 0.7)
+    warden (1.2.7)
+      rack (>= 1.0)
    web-console (3.7.0)
      actionview (>= 5.0)
      activemodel (>= 5.0)
@@ -245,6 +257,7 @@ DEPENDENCIES
  coffee-rails (~> 4.2)
  daemons
  delayed_job_active_record
+  devise
  dotenv-rails
  font-awesome-rails
  jbuilder (~> 2.5)

--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
 class ApplicationController < ActionController::Base
-  protect_from_forgery with: :exception
+  before_action :authenticate_user!
  include SessionsHelper
-end
+  before_action :configure_permitted_parameters, if: :devise_controller?
+

-def logged_in_user
-  unless logged_in?
-    store_location
-    flash[:danger] = "Please log in."
-    redirect_to login_url
+
+  def configure_permitted_parameters
+    devise_parameter_sanitizer.permit(:sign_up, keys: [:name])
  end
+
 end
--- a/app/controllers/microposts_controller.rb
+++ b/app/controllers/microposts_controller.rb
 class MicropostsController < ApplicationController
-   before_action :logged_in_user, only: [:create, :destroy]
+   before_action :authenticate_user!
   before_action :correct_user,   only: :destroy

-
   def create
    @micropost = current_user.microposts.build(micropost_params)
    if @micropost.save

--- a/app/controllers/results_controller.rb
+++ b/app/controllers/results_controller.rb
 class ResultsController < ApplicationController
+  before_action :authenticate_user!
  before_action :set_result, only: [:show, :edit, :update, :destroy]

  def new

--- a/app/controllers/samples_controller.rb
+++ b/app/controllers/samples_controller.rb
 class SamplesController < ApplicationController
-   before_action :logged_in_user, only: [:create, :destroy]
+   before_action :authenticate_user!
   before_action :correct_user,   only: :destroy
   before_action :set_sample, only: [:show, :edit, :update, :destroy,:update_status]
   respond_to? :html, :js

--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
-class SessionsController < ApplicationController
+class SessionsController < Devise::SessionsController
+  before_action :authenticate_user!

-  def new
-  end
-
-  def create
-    user = User.find_by(email: params[:session][:email].downcase)
-    if user && user.authenticate(params[:session][:password])
-      log_in user
-      params[:session][:remember_me] == '1' ? remember(user) : forget(user)
-      redirect_to root_url
-    else
-      flash.now[:danger] = 'Invalid email/password combination'
-      render 'new'
-    end
-  end
-
-  def destroy
-   log_out if logged_in?
-   redirect_to root_url
-  end
 end
--- a/app/controllers/static_pages_controller.rb
+++ b/app/controllers/static_pages_controller.rb
 class StaticPagesController < ApplicationController
-
+  before_action :authenticate_user!
  def home
-    if (logged_in?)
-    @sample = if params[:display_sample].present?
-               Sample.find(params[:display_sample].to_i)
-              else
-               current_user.samples.build
-              end
+    if user_signed_in?
+      @sample = if params[:display_sample].present?
+                  Sample.find(params[:display_sample].to_i)
+                else
+                  current_user.samples.build
+                end
    end
-    if (logged_in? && !operator? )
+
+    if !operator?
      @samples = current_user.samples[0..-1]
      @feed_items = current_user.feed.paginate(page: params[:page],per_page: 2 )
-    elsif (logged_in? && operator?)
+    else
      @samples = Sample.where('status <> ? OR user_id = ?','in preparation',current_user.id)
    end
    @microposts = Micropost.paginate(:page => params[:page], :per_page => 6 )

--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
 class UsersController < ApplicationController
-  before_action :logged_in_user, only: [:index, :edit, :update, :destroy]
+  before_action :authenticate_user!
  before_action :correct_user,   only: [:index, :show, :edit, :update]
  before_action :set_type
  before_action :admin_user,     only: [:destroy]
@@ -21,29 +21,13 @@ class UsersController < ApplicationController
               current_user.samples.build
              end
    @user = User.find(params[:id])
-     if operator?
+    if operator?
      @samples = @user.samples.where('status <> ? OR user_id = ?','in preparation',current_user.id).paginate(page: params[:page])
     else
      @samples = @user.samples.paginate(page: params[:page])
    end
  end

-
-  def new
-    @user = type_class.new
-  end
-
-  def create
-    @user = type_class.new(user_params)
-    if @user.save
-      log_in @user
-      flash[:success] = "Welcome to ela!"
-      redirect_to @user
-    else
-      render 'new'
-    end
-  end
-
  def edit
    @user = User.find(params[:id])
  end
@@ -87,13 +71,6 @@ class UsersController < ApplicationController
    redirect_to(root_url) unless operator? || @user == current_user
  end

-  def logged_in_user
-    unless logged_in?
-      store_location
-      flash[:danger] = "Please log in."
-      redirect_to login_url
-    end
-  end
    #vendosja e type-it
  def set_type
    @type = type

--- a/app/helpers/sessions_helper.rb
+++ b/app/helpers/sessions_helper.rb
 module SessionsHelper
-
-  # Logs in the given user.
-  def log_in(user)
-    session[:user_id] = user.id
-  end
-  # Remembers a user in a persistent session.
- def remember(user)
-   user.remember
-   cookies.permanent.signed[:user_id] = user.id
-   cookies.permanent[:remember_token] = user.remember_token
- end
- # Forgets a persistent session.
-
-  # Returns the user corresponding to the remember token cookie.
-  def current_user
-    if (user_id = session[:user_id])
-      @current_user ||= User.find_by(id: user_id)
-    elsif (user_id = cookies.signed[:user_id])
-      user = User.find_by(id: user_id)
-      if user && user.authenticated?(cookies[:remember_token])
-        log_in user
-        @current_user = user
-      end
-    end
+  def operator?
+    current_user && current_user.type == "Operator"
  end
-
-  # Returns true if the given user is the current user.
  def current_user?(user)
    user == current_user
  end

-  # Returns the current logged-in user (if any).
-  #def current_user
-  #  @current_user ||= User.find_by(id: session[:user_id])
-  #end
-  # Returns true if the user is logged in, false otherwise.
-  def logged_in?
-    !current_user.nil?
-  end
-
-  def operator?
-    current_user.type == "Operator"
-  end
-
-  def forget(user)
-    user.forget
-    cookies.delete(:user_id)
-    cookies.delete(:remember_token)
-  end
-  # Logs out the current user.
-  def log_out
-    forget(current_user)
-    session.delete(:user_id)
-    @current_user = nil
-  end
-
-end
+end
\ No newline at end of file
--- a/app/models/user.rb
+++ b/app/models/user.rb
 class User < ApplicationRecord
+  devise :database_authenticatable, :registerable, :rememberable, :recoverable,
+  :trackable, :validatable
+
  has_many :samples, dependent: :destroy
  has_many :microposts, dependent: :destroy
  #has_many :results, dependent: :destroy
  self.inheritance_column = :type

-  attr_accessor :remember_token, :activation_token, :reset_token
+
  default_scope { order(updated_at: :desc) }
  before_save { self.email = email.downcase }
-  before_create :create_activation_digest
  validates :name,  presence: true, length: { maximum: 50 }
  #VALID_EMAIL_REGEX = /\A[\w+\-.]+@[a-z\d\-.]+\.[a-z]+\z/i
  validates :email, presence: true, length: { maximum: 255 },
@@ -15,17 +17,13 @@ class User < ApplicationRecord
                    format: { with: /\b[A-Z0-9._%a-z\-+@]kit\.edu\z/,
                    message: "must be a 'kit.edu' account" },
                    uniqueness: { case_sensitive: false }
-  has_secure_password
+#  has_secure_password
  validates :password, presence: true, length: { minimum: 6 }, allow_nil: true
  #validates :type, presence: true

    scope :operators, -> { where(type: 'Operator')}
    scope :chemists, -> {where(type: 'Chemist')}

-    def password_reset_expired?
-     reset_sent_at < 2.hours.ago
-    end
-
    def self.types
     %w(Operator Chemist)
   end
@@ -33,48 +31,6 @@ class User < ApplicationRecord
   def feed
    Sample.where("user_id = ?", id)
   end
-
-  # Returns the hash digest of the given string.
-   def self.digest(string)
-    cost = ActiveModel::SecurePassword.min_cost ? BCrypt::Engine::MIN_COST :
-                                                  BCrypt::Engine.cost
-    BCrypt::Password.create(string, cost: cost)
-  end
-   # Sets the password reset attributes.
-  def create_reset_digest
-    self.reset_token = User.new_token
-    update_attribute(:reset_digest,  User.digest(reset_token))
-    update_attribute(:reset_sent_at, Time.zone.now)
-  end
-  # Sends password reset email.
-  def send_password_reset_email
-    UserMailer.password_reset(self).deliver_now
-  end
-  # Returns a random token.
-  def self.new_token
-    SecureRandom.urlsafe_base64
-  end
-
-  # Remembers a user in the database for use in persistent sessions.
-  def remember
-    self.remember_token = User.new_token
-    update_attribute(:remember_token, User.digest(remember_token))
-  end
-
-  def create_activation_digest
-    self.activation_token  = User.new_token
-    self.activation_digest = User.digest(activation_token)
-  end
-
-  def authenticated?(attribute, token)
-    digest = send("#{attribute}_digest")
-    return false if digest.nil?
-    BCrypt::Password.new(digest).is_password?(token)
-  end
-   # Forgets a user.
-     def forget
-       update_attribute(:remember_token, nil)
-     end
  end
 class Operator < User; end
 class Chemist < User; end
--- a/app/views/devise/confirmations/new.html.erb
+++ b/app/views/devise/confirmations/new.html.erb
+<h2>Resend confirmation instructions</h2>
+
+<%= form_for(resource, as: resource_name, url: confirmation_path(resource_name), html: { method: :post }) do |f| %>
+  <%= render "devise/shared/error_messages", resource: resource %>
+
+  <div class="field">
+    <%= f.label :email %><br />
+    <%= f.email_field :email, autofocus: true, autocomplete: "email", value: (resource.pending_reconfirmation? ? resource.unconfirmed_email : resource.email) %>
+  </div>
+
+  <div class="actions">
+    <%= f.submit "Resend confirmation instructions" %>
+  </div>
+<% end %>
+
+<%= render "devise/shared/links" %>
--- a/app/views/devise/mailer/confirmation_instructions.html.erb
+++ b/app/views/devise/mailer/confirmation_instructions.html.erb
+<p>Welcome <%= @email %>!</p>
+
+<p>You can confirm your account email through the link below:</p>
+
+<p><%= link_to 'Confirm my account', confirmation_url(@resource, confirmation_token: @token) %></p>
--- a/app/views/devise/mailer/email_changed.html.erb
+++ b/app/views/devise/mailer/email_changed.html.erb
+<p>Hello <%= @email %>!</p>
+
+<% if @resource.try(:unconfirmed_email?) %>
+  <p>We're contacting you to notify you that your email is being changed to <%= @resource.unconfirmed_email %>.</p>
+<% else %>
+  <p>We're contacting you to notify you that your email has been changed to <%= @resource.email %>.</p>
+<% end %>
--- a/app/views/devise/mailer/password_change.html.erb
+++ b/app/views/devise/mailer/password_change.html.erb
+<p>Hello <%= @resource.email %>!</p>
+
+<p>We're contacting you to notify you that your password has been changed.</p>
--- a/app/views/devise/mailer/reset_password_instructions.html.erb
+++ b/app/views/devise/mailer/reset_password_instructions.html.erb
+<p>Hello <%= @resource.email %>!</p>
+
+<p>Someone has requested a link to change your password. You can do this through the link below.</p>
+
+<p><%= link_to 'Change my password', edit_password_url(@resource, reset_password_token: @token) %></p>
+
+<p>If you didn't request this, please ignore this email.</p>
+<p>Your password won't change until you access the link above and create a new one.</p>
--- a/app/views/devise/mailer/unlock_instructions.html.erb
+++ b/app/views/devise/mailer/unlock_instructions.html.erb
+<p>Hello <%= @resource.email %>!</p>
+
+<p>Your account has been locked due to an excessive number of unsuccessful sign in attempts.</p>
+
+<p>Click the link below to unlock your account:</p>
+
+<p><%= link_to 'Unlock my account', unlock_url(@resource, unlock_token: @token) %></p>
--- a/app/views/devise/passwords/edit.html.erb
+++ b/app/views/devise/passwords/edit.html.erb
+<h2>Change your password</h2>
+
+<div class="row">
+  <div class="col-md-6 col-md-offset-3">
+    <%= form_for(resource, as: resource_name, url: password_path(resource_name), html: { method: :put }) do |f| %>
+      <%= render "devise/shared/error_messages", resource: resource %>
+      <%= f.hidden_field :reset_password_token %>
+
+      <div class="field">
+        <%= f.label :password, "New password" %><br />
+        <% if @minimum_password_length %>
+          <em>(<%= @minimum_password_length %> characters minimum)</em><br />
+        <% end %>
+        <%= f.password_field :password, autofocus: true, autocomplete: "new-password" %>
+      </div>
+
+      <div class="field">
+        <%= f.label :password_confirmation, "Confirm new password" %><br />
+        <%= f.password_field :password_confirmation, autocomplete: "new-password" %>
+      </div>
+
+      <div class="actions">
+        <%= f.submit "Change my password" %>
+      </div>
+    <% end %>
+
+    <%= render "devise/shared/links" %>
+  </div>
+</div>
\ No newline at end of file
--- a/app/views/devise/passwords/new.html.erb
+++ b/app/views/devise/passwords/new.html.erb
+<h2>Forgot your password?</h2>
+
+<div class="row">
+  <div class="col-md-6 col-md-offset-3">
+    <%= form_for(resource, as: resource_name, url: password_path(resource_name), html: { method: :post }) do |f| %>
+      <%= render "devise/shared/error_messages", resource: resource %>
+
+      <div class="field">
+        <%= f.label :email %><br />
+        <%= f.email_field :email, autofocus: true, autocomplete: "email" %>
+      </div>
+
+      <div class="actions">
+        <%= f.submit "Send me reset password instructions", class: "btn btn-success" %>
+      </div>
+    <% end %>
+    <%= render "devise/shared/links" %>
+  </div>
+</div>
+
--- a/app/views/devise/registrations/edit.html.erb
+++ b/app/views/devise/registrations/edit.html.erb
+<h2>Edit <%= resource_name.to_s.humanize %></h2>
+
+<div class="row">
+  <div class="col-md-6 col-md-offset-3">
+    <%= form_for(resource, as: resource_name, url: registration_path(resource_name), html: { method: :put }) do |f| %>
+      <%= render "devise/shared/error_messages", resource: resource %>
+
+      <div class="field">
+        <%= f.label :email %><br />
+        <%= f.email_field :email, autofocus: true, autocomplete: "email" %>
+      </div>
+
+      <% if devise_mapping.confirmable? && resource.pending_reconfirmation? %>
+        <div>Currently waiting confirmation for: <%= resource.unconfirmed_email %></div>
+      <% end %>
+
+      <div class="field">
+        <%= f.label :name %><br />
+        <%= f.text_field :name, autofocus: true, autocomplete: "name" %>
+      </div>
+
+      <div class="field">
+        <%= f.label :password %> <i>(leave blank if you don't want to change it)</i><br />
+        <%= f.password_field :password, autocomplete: "new-password" %>
+        <% if @minimum_password_length %>
+          <br />
+          <em><%= @minimum_password_length %> characters minimum</em>
+        <% end %>
+      </div>
+
+      <div class="field">
+        <%= f.label :password_confirmation %><br />
+        <%= f.password_field :password_confirmation, autocomplete: "new-password" %>
+      </div>
+
+      <div class="field">
+        <%= f.label :current_password %> <i>(we need your current password to confirm your changes)</i><br />
+        <%= f.password_field :current_password, autocomplete: "current-password" %>
+      </div>
+
+      <div class="actions">
+        <%= f.submit "Update", class: "btn btn-success" %>
+      </div>
+    <% end %>
+
+    <h3>Cancel my account</h3>
+
+    <p>Unhappy? <%= button_to "Cancel my account", registration_path(resource_name), data: { confirm: "Are you sure?" }, method: :delete %></p>
+
+    <%= link_to "Back", :back %>
+  </div>
+</div>
\ No newline at end of file