From e1b327739d46ba1d3e82bd5b6692e9ed742a22d6 Mon Sep 17 00:00:00 2001 From: Rebecca Bergena Date: Mon, 16 Oct 2017 12:11:46 -0700 Subject: [PATCH 1/4] edit gitignore --- .gitignore | 3 +++ Gemfile | 4 ++++ Gemfile.lock | 30 +++++++++++++++++++++++++++++- 3 files changed, 36 insertions(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index 48fb168..35bd2ef 100644 --- a/.gitignore +++ b/.gitignore @@ -15,3 +15,6 @@ # Ignore Byebug command history file. .byebug_history + +# Don't publish .env +.env diff --git a/Gemfile b/Gemfile index 24756e7..5e973fe 100644 --- a/Gemfile +++ b/Gemfile @@ -39,6 +39,9 @@ gem 'jbuilder', '~> 2.5' # Use the Foundation CSS framework gem 'foundation-rails' +gem "omniauth" +gem "omniauth-github" + group :development, :test do # Call 'byebug' anywhere in the code to stop execution and get a debugger console gem 'byebug', platform: :mri @@ -64,6 +67,7 @@ group :development do # Spring speeds up development by keeping your application running in the background. Read more: https://github.com/rails/spring gem 'spring' gem 'spring-watcher-listen', '~> 2.0.0' + gem 'dotenv-rails' end # Windows does not include zoneinfo files, so bundle the tzinfo-data gem diff --git a/Gemfile.lock b/Gemfile.lock index 4d99ffe..abab408 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -60,8 +60,14 @@ GEM execjs coffee-script-source (1.12.2) concurrent-ruby (1.0.5) + dotenv (2.2.1) + dotenv-rails (2.2.1) + dotenv (= 2.2.1) + railties (>= 3.2, < 5.2) erubis (2.7.0) execjs (2.7.0) + faraday (0.12.2) + multipart-post (>= 1.2, < 3) ffi (1.9.18) foundation-rails (6.3.0.0) railties (>= 3.1.0) @@ -69,6 +75,7 @@ GEM sprockets-es6 (>= 0.9.0) globalid (0.3.7) activesupport (>= 4.1.0) + hashie (3.5.6) i18n (0.8.1) jbuilder (2.6.3) activesupport (>= 3.0.0, < 5.2) @@ -77,6 +84,7 @@ GEM rails-dom-testing (>= 1, < 3) railties (>= 4.2.0) thor (>= 0.14, < 2.0) + jwt (1.5.6) listen (3.0.8) rb-fsevent (~> 0.9, >= 0.9.4) rb-inotify (~> 0.9, >= 0.9.7) @@ -104,9 +112,26 @@ GEM minitest (~> 5.0) rails (>= 4.1) multi_json (1.12.1) + multi_xml (0.6.0) + multipart-post (2.0.0) nio4r (2.0.0) nokogiri (1.7.1) mini_portile2 (~> 2.1.0) + oauth2 (1.4.0) + faraday (>= 0.8, < 0.13) + jwt (~> 1.0) + multi_json (~> 1.3) + multi_xml (~> 0.5) + rack (>= 1.2, < 3) + omniauth (1.7.1) + hashie (>= 3.4.6, < 3.6.0) + rack (>= 1.6.2, < 3) + omniauth-github (1.3.0) + omniauth (~> 1.5) + omniauth-oauth2 (>= 1.4.0, < 2.0) + omniauth-oauth2 (1.4.0) + oauth2 (~> 1.0) + omniauth (~> 1.2) pg (0.20.0) pry (0.10.4) coderay (~> 1.1.0) @@ -196,6 +221,7 @@ DEPENDENCIES better_errors byebug coffee-rails (~> 4.2) + dotenv-rails foundation-rails jbuilder (~> 2.5) jquery-rails @@ -204,6 +230,8 @@ DEPENDENCIES minitest-reporters minitest-skip minitest-spec-rails + omniauth + omniauth-github pg (~> 0.18) pry-rails puma (~> 3.0) @@ -220,4 +248,4 @@ RUBY VERSION ruby 2.4.0p0 BUNDLED WITH - 1.14.4 + 1.15.4 From dad92d73ba1bcc059c7479b60ecb600e78334ac4 Mon Sep 17 00:00:00 2001 From: Rebecca Bergena Date: Mon, 16 Oct 2017 12:18:30 -0700 Subject: [PATCH 2/4] add omniauth.rb --- config/initializers/omniauth.rb | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 config/initializers/omniauth.rb diff --git a/config/initializers/omniauth.rb b/config/initializers/omniauth.rb new file mode 100644 index 0000000..fd44161 --- /dev/null +++ b/config/initializers/omniauth.rb @@ -0,0 +1,3 @@ +Rails.application.config.middleware.use OmniAuth::Builder do + provider :github, ENV["GITHUB_CLIENT_ID"], ENV["GITHUB_CLIENT_SECRET"], scope: "user:email" +end From c48ae3b22c57dfe5a125b42bccbbec9bf4ba3155 Mon Sep 17 00:00:00 2001 From: Rebecca Bergena Date: Mon, 16 Oct 2017 22:18:23 -0700 Subject: [PATCH 3/4] add ownership requirement for edit and delete --- Gemfile | 1 + Gemfile.lock | 4 ++ app/controllers/application_controller.rb | 27 ++++++++- app/controllers/sessions_controller.rb | 58 +++++++++---------- app/controllers/users_controller.rb | 28 +++++++++ app/controllers/works_controller.rb | 26 ++++++++- app/models/user.rb | 12 ++++ app/views/layouts/application.html.erb | 4 +- config/routes.rb | 11 +++- .../20171016203426_add_columns_to_user.rb | 8 +++ ...31727_add_reference_to_user_id_in_works.rb | 5 ++ db/schema.rb | 8 ++- 12 files changed, 155 insertions(+), 37 deletions(-) create mode 100644 db/migrate/20171016203426_add_columns_to_user.rb create mode 100644 db/migrate/20171016231727_add_reference_to_user_id_in_works.rb diff --git a/Gemfile b/Gemfile index 5e973fe..8e8db83 100644 --- a/Gemfile +++ b/Gemfile @@ -48,6 +48,7 @@ group :development, :test do # Improve the error message you get in the browser gem 'better_errors' + gem 'binding_of_caller' # Use pry for rails console gem 'pry-rails' diff --git a/Gemfile.lock b/Gemfile.lock index abab408..5869889 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -49,6 +49,8 @@ GEM erubis (>= 2.6.6) rack (>= 0.9.0) bindex (0.5.0) + binding_of_caller (0.7.2) + debug_inspector (>= 0.0.1) builder (3.2.3) byebug (9.0.6) coderay (1.1.1) @@ -60,6 +62,7 @@ GEM execjs coffee-script-source (1.12.2) concurrent-ruby (1.0.5) + debug_inspector (0.0.3) dotenv (2.2.1) dotenv-rails (2.2.1) dotenv (= 2.2.1) @@ -219,6 +222,7 @@ PLATFORMS DEPENDENCIES better_errors + binding_of_caller byebug coffee-rails (~> 4.2) dotenv-rails diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 087352a..c299522 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -1,13 +1,38 @@ class ApplicationController < ActionController::Base protect_from_forgery with: :exception - before_action :find_user + before_action :require_login, :find_user def render_404 # DPR: supposedly this will actually render a 404 page in production raise ActionController::RoutingError.new('Not Found') end +protected + +def save_and_flash(model) + result = model.save + + if result + flash[:status] = :success + flash[:result_text] = "Successfully saved #{model.class} #{model.id}" + else + flash.now[:status] = :failure + flash.now[:result_text] = "Failed to save #{model.class}" + flash.now[:details] = model.errors.messages + end + return result +end + +def require_login + @user = User.find_by(id: session[:user_id]) + unless @user + flash[:status] = :failure + flash[:result_text] = "You must be logged in to do that!" + redirect_to root_path + end +end + private def find_user if session[:user_id] diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index 5bce99e..71223ec 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -2,33 +2,33 @@ class SessionsController < ApplicationController def login_form end - def login - username = params[:username] - if username and user = User.find_by(username: username) - session[:user_id] = user.id - flash[:status] = :success - flash[:result_text] = "Successfully logged in as existing user #{user.username}" - else - user = User.new(username: username) - if user.save - session[:user_id] = user.id - flash[:status] = :success - flash[:result_text] = "Successfully created new user #{user.username} with ID #{user.id}" - else - flash.now[:status] = :failure - flash.now[:result_text] = "Could not log in" - flash.now[:messages] = user.errors.messages - render "login_form", status: :bad_request - return - end - end - redirect_to root_path - end - - def logout - session[:user_id] = nil - flash[:status] = :success - flash[:result_text] = "Successfully logged out" - redirect_to root_path - end + # def login + # username = params[:username] + # if username and user = User.find_by(username: username) + # session[:user_id] = user.id + # flash[:status] = :success + # flash[:result_text] = "Successfully logged in as existing user #{user.username}" + # else + # user = User.new(username: username) + # if user.save + # session[:user_id] = user.id + # flash[:status] = :success + # flash[:result_text] = "Successfully created new user #{user.username} with ID #{user.id}" + # else + # flash.now[:status] = :failure + # flash.now[:result_text] = "Could not log in" + # flash.now[:messages] = user.errors.messages + # render "login_form", status: :bad_request + # return + # end + # end + # redirect_to root_path + # end + # + # def logout + # session[:user_id] = nil + # flash[:status] = :success + # flash[:result_text] = "Successfully logged out" + # redirect_to root_path + # end end diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 73b4265..4d05c5a 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -1,4 +1,6 @@ class UsersController < ApplicationController + + skip_before_action :require_login, only: [:login, :logout] def index @users = User.all end @@ -7,4 +9,30 @@ def show @user = User.find_by(id: params[:id]) render_404 unless @user end + + def login + auth_hash = request.env['omniauth.auth'] + if auth_hash['uid'] + user = User.find_by(provider: params[:provider], uid: auth_hash['uid']) + if user.nil? + user = User.from_auth_hash(params[:provider], auth_hash) + save_and_flash(user) + else + flash[:status] = :success + flash[:result_text] = "Logged in successfully as returning user #{user.username}" + end + session[:user_id] = user.id + else + flash[:status] = :failure + flash[:result_text] = "Could not create user" + end + redirect_to root_path + end + + def logout + session[:user_id] = nil + flash[:status] = :success + flash[:result_text] = "You have been logged out" + redirect_to root_path + end end diff --git a/app/controllers/works_controller.rb b/app/controllers/works_controller.rb index 1293d1d..62bd4ea 100644 --- a/app/controllers/works_controller.rb +++ b/app/controllers/works_controller.rb @@ -1,7 +1,10 @@ class WorksController < ApplicationController # We should always be able to tell what category # of work we're dealing with + skip_before_action :require_login, only: [:root] before_action :category_from_work, except: [:root, :index, :new, :create] + before_action :creator, only: [:edit, :destroy, :update] + def root @albums = Work.best_albums @@ -16,10 +19,13 @@ def index def new @work = Work.new + @work[:user_id] = @login_user.id end def create @work = Work.new(media_params) + @work[:user_id] = @login_user.id + @media_category = @work.category if @work.save flash[:status] = :success @@ -42,6 +48,8 @@ def edit def update @work.update_attributes(media_params) + @work[:user_id] = @login_user.id + if @work.save flash[:status] = :success flash[:result_text] = "Successfully updated #{@media_category.singularize} #{@work.id}" @@ -52,6 +60,8 @@ def update flash.now[:messages] = @work.errors.messages render :edit, status: :not_found end + + end def destroy @@ -88,7 +98,19 @@ def upvote redirect_back fallback_location: work_path(@work), status: status end -private + protected + def creator + # binding.pry + @work = Work.find_by(id: params[:id]) + @work_user_id = @work.user_id + if @login_user.id != @work_user_id + flash[:status] = :failure + flash[:result_text] = "Only the creator can do that!" + redirect_back fallback_location: { action: "index"} + end + end + + private def media_params params.require(:work).permit(:title, :category, :creator, :description, :publication_year) end @@ -98,4 +120,6 @@ def category_from_work render_404 unless @work @media_category = @work.category.downcase.pluralize end + + end diff --git a/app/models/user.rb b/app/models/user.rb index 4cac8fe..23141b7 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -3,4 +3,16 @@ class User < ApplicationRecord has_many :ranked_works, through: :votes, source: :work validates :username, uniqueness: true, presence: true + + def self.from_auth_hash(provider, auth_hash) + user = new + user.provider = provider + user.uid = auth_hash['uid'] + user.name = auth_hash['info']['name'] + user.username = auth_hash['info']['nickname'] + user.email = auth_hash['info']['email'] + + # user.save + return user + end end diff --git a/app/views/layouts/application.html.erb b/app/views/layouts/application.html.erb index 0180f1b..bdc4e31 100644 --- a/app/views/layouts/application.html.erb +++ b/app/views/layouts/application.html.erb @@ -25,9 +25,9 @@
<% if @login_user %> <%= link_to "Logged in as #{@login_user.username}", user_path(@login_user), class: "button" %> - <%= link_to "Log Out", logout_path, method: :post, class: "button" %> + <%= link_to "Log Out", logout_path, class: "button" %> <% else %> - <%= link_to "Log In", login_path, class: "button float-right" %> + <%= link_to "Log In", '/auth/github', class: "button float-right" %> <% end %>
diff --git a/config/routes.rb b/config/routes.rb index a7e8af1..b8cc978 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -1,12 +1,17 @@ Rails.application.routes.draw do # For details on the DSL available within this file, see http://guides.rubyonrails.org/routing.html root 'works#root' - get '/login', to: 'sessions#login_form', as: 'login' - post '/login', to: 'sessions#login' - post '/logout', to: 'sessions#logout', as: 'logout' + # get '/login', to: 'sessions#login_form', as: 'login' + # post '/login', to: 'sessions#login' + # post '/logout', to: 'sessions#logout', as: 'logout' resources :works post '/works/:id/upvote', to: 'works#upvote', as: 'upvote' resources :users, only: [:index, :show] + + get "/auth/:provider/callback", to: "users#login" + get '/logout', to: 'users#logout', as: 'logout' + + end diff --git a/db/migrate/20171016203426_add_columns_to_user.rb b/db/migrate/20171016203426_add_columns_to_user.rb new file mode 100644 index 0000000..b30d08e --- /dev/null +++ b/db/migrate/20171016203426_add_columns_to_user.rb @@ -0,0 +1,8 @@ +class AddColumnsToUser < ActiveRecord::Migration[5.0] + def change + add_column :users, :name, :string + add_column :users, :email, :string + add_column :users, :uid, :string, null: false + add_column :users, :provider, :string, null: false + end +end diff --git a/db/migrate/20171016231727_add_reference_to_user_id_in_works.rb b/db/migrate/20171016231727_add_reference_to_user_id_in_works.rb new file mode 100644 index 0000000..3a7fdac --- /dev/null +++ b/db/migrate/20171016231727_add_reference_to_user_id_in_works.rb @@ -0,0 +1,5 @@ +class AddReferenceToUserIdInWorks < ActiveRecord::Migration[5.0] + def change + add_reference :works, :user, index: true + end +end diff --git a/db/schema.rb b/db/schema.rb index 6bc8ba5..d97e908 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -10,7 +10,7 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema.define(version: 20170407164321) do +ActiveRecord::Schema.define(version: 20171016231727) do # These are extensions that must be enabled in order to support this database enable_extension "plpgsql" @@ -19,6 +19,10 @@ t.string "username" t.datetime "created_at", null: false t.datetime "updated_at", null: false + t.string "name" + t.string "email" + t.string "uid", null: false + t.string "provider", null: false end create_table "votes", force: :cascade do |t| @@ -39,6 +43,8 @@ t.datetime "updated_at", null: false t.integer "vote_count", default: 0 t.integer "publication_year" + t.integer "user_id" + t.index ["user_id"], name: "index_works_on_user_id", using: :btree end add_foreign_key "votes", "users" From 580542243103cbc4910d46ecaad1bfa135e144bb Mon Sep 17 00:00:00 2001 From: Rebecca Bergena Date: Tue, 24 Oct 2017 23:06:44 -0700 Subject: [PATCH 4/4] change logout button --- app/controllers/works_controller.rb | 1 + app/views/layouts/application.html.erb | 2 +- config/routes.rb | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/app/controllers/works_controller.rb b/app/controllers/works_controller.rb index 62bd4ea..bfcc67e 100644 --- a/app/controllers/works_controller.rb +++ b/app/controllers/works_controller.rb @@ -99,6 +99,7 @@ def upvote end protected + # method to check that the logged in user is the same as the user id of the user who added the work def creator # binding.pry @work = Work.find_by(id: params[:id]) diff --git a/app/views/layouts/application.html.erb b/app/views/layouts/application.html.erb index bdc4e31..3da97ad 100644 --- a/app/views/layouts/application.html.erb +++ b/app/views/layouts/application.html.erb @@ -24,7 +24,7 @@ <%= link_to "View all users", users_path, class: "button" %>
<% if @login_user %> - <%= link_to "Logged in as #{@login_user.username}", user_path(@login_user), class: "button" %> + <%# link_to "Logged in as #{@login_user.username}", user_path(@login_user), class: "button" %> <%= link_to "Log Out", logout_path, class: "button" %> <% else %> <%= link_to "Log In", '/auth/github', class: "button float-right" %> diff --git a/config/routes.rb b/config/routes.rb index b8cc978..89640ab 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -10,7 +10,7 @@ resources :users, only: [:index, :show] - get "/auth/:provider/callback", to: "users#login" + get "/auth/:provider/callback", to: "users#login", as: "auth_callback" get '/logout', to: 'users#logout', as: 'logout'