Pipes - Kee - MediaRanker oAuth

.gitignore

@@ -15,3 +15,5 @@
 
 # Ignore Byebug command history file.
 .byebug_history
+
+.env

Gemfile

@@ -39,6 +39,10 @@ gem 'jbuilder', '~> 2.5'
 # Use the Foundation CSS framework
 gem 'foundation-rails'
 
+gem "omniauth"
+gem "omniauth-github"
+gem "binding_of_caller"
+
 group :development, :test do
   # Call 'byebug' anywhere in the code to stop execution and get a debugger console
   gem 'byebug', platform: :mri
@@ -64,6 +68,8 @@ group :development do
   # Spring speeds up development by keeping your application running in the background. Read more: https://github.com/rails/spring
   gem 'spring'
   gem 'spring-watcher-listen', '~> 2.0.0'
+
+  gem 'dotenv-rails'
 end
 
 # Windows does not include zoneinfo files, so bundle the tzinfo-data gem

Gemfile.lock

@@ -49,6 +49,8 @@ GEM
       erubis (>= 2.6.6)
       rack (>= 0.9.0)
     bindex (0.5.0)
+    binding_of_caller (0.7.3)
+      debug_inspector (>= 0.0.1)
     builder (3.2.3)
     byebug (9.0.6)
     coderay (1.1.1)
@@ -60,15 +62,23 @@ GEM
       execjs
     coffee-script-source (1.12.2)
     concurrent-ruby (1.0.5)
+    debug_inspector (0.0.3)
+    dotenv (2.2.1)
+    dotenv-rails (2.2.1)
+      dotenv (= 2.2.1)
+      railties (>= 3.2, < 5.2)
     erubis (2.7.0)
     execjs (2.7.0)
+    faraday (0.12.2)
+      multipart-post (>= 1.2, < 3)
     ffi (1.9.18)
     foundation-rails (6.3.0.0)
       railties (>= 3.1.0)
       sass (>= 3.3.0, < 3.5)
       sprockets-es6 (>= 0.9.0)
     globalid (0.3.7)
       activesupport (>= 4.1.0)
+    hashie (3.5.6)
     i18n (0.8.1)
     jbuilder (2.6.3)
       activesupport (>= 3.0.0, < 5.2)
@@ -77,6 +87,7 @@ GEM
       rails-dom-testing (>= 1, < 3)
       railties (>= 4.2.0)
       thor (>= 0.14, < 2.0)
+    jwt (1.5.6)
     listen (3.0.8)
       rb-fsevent (~> 0.9, >= 0.9.4)
       rb-inotify (~> 0.9, >= 0.9.7)
@@ -104,9 +115,26 @@ GEM
       minitest (~> 5.0)
       rails (>= 4.1)
     multi_json (1.12.1)
+    multi_xml (0.6.0)
+    multipart-post (2.0.0)
     nio4r (2.0.0)
     nokogiri (1.7.1)
       mini_portile2 (~> 2.1.0)
+    oauth2 (1.4.0)
+      faraday (>= 0.8, < 0.13)
+      jwt (~> 1.0)
+      multi_json (~> 1.3)
+      multi_xml (~> 0.5)
+      rack (>= 1.2, < 3)
+    omniauth (1.7.1)
+      hashie (>= 3.4.6, < 3.6.0)
+      rack (>= 1.6.2, < 3)
+    omniauth-github (1.3.0)
+      omniauth (~> 1.5)
+      omniauth-oauth2 (>= 1.4.0, < 2.0)
+    omniauth-oauth2 (1.4.0)
+      oauth2 (~> 1.0)
+      omniauth (~> 1.2)
     pg (0.20.0)
     pry (0.10.4)
       coderay (~> 1.1.0)
@@ -194,8 +222,10 @@ PLATFORMS
 
 DEPENDENCIES
   better_errors
+  binding_of_caller
   byebug
   coffee-rails (~> 4.2)
+  dotenv-rails
   foundation-rails
   jbuilder (~> 2.5)
   jquery-rails
@@ -204,6 +234,8 @@ DEPENDENCIES
   minitest-reporters
   minitest-skip
   minitest-spec-rails
+  omniauth
+  omniauth-github
   pg (~> 0.18)
   pry-rails
   puma (~> 3.0)
@@ -220,4 +252,4 @@ RUBY VERSION
    ruby 2.4.0p0
 
 BUNDLED WITH
-   1.14.4
+   1.16.0.pre.3

app/controllers/application_controller.rb

@@ -2,10 +2,36 @@ class ApplicationController < ActionController::Base
   protect_from_forgery with: :exception
 
   before_action :find_user
+  before_action :require_login
 
   def render_404
     # DPR: supposedly this will actually render a 404 page in production
-    raise ActionController::RoutingError.new('Not Found')
+    # raise ActionController::RoutingError.new('Not Found')
+  end
+
+protected
+  def require_login
+    @user = User.find_by(id: session[:user_id])
+    unless @user
+      flash[:status] = :failure
+      flash[:message] = "You must be logged in to do that!"
+      redirect_to root_path
+    end
+  end
+
+  def save_and_flash(model)
+    result = model.save
+
+    if result
+      flash[:status] = :success
+      flash[:message] = "Successfully saved #{model.class} #{model.id}"
+    else
+      flash.now[:status] = :failure
+      flash.now[:message] = "Failed to save #{model.class}"
+      flash.now[:details] = model.errors.messages
+    end
+
+    return result
   end
 
 private

app/controllers/sessions_controller.rb

@@ -1,34 +1,46 @@
 class SessionsController < ApplicationController
-  def login_form
-  end
+  skip_before_action :require_login, only: [:login]
+  # def login_form
+  # end
 
   def login
-    username = params[:username]
-    if username and user = User.find_by(username: username)
-      session[:user_id] = user.id
-      flash[:status] = :success
-      flash[:result_text] = "Successfully logged in as existing user #{user.username}"
-    else
-      user = User.new(username: username)
-      if user.save
+    auth_hash = request.env['omniauth.auth']
+    if auth_hash['uid']
+      #if there is a user id check if the user is new or already exists
+      user = User.find_by(provider: params[:provider], uid: auth_hash['uid'])
+      if user.nil?
+        #user is new
+        user = User.from_auth_hash(params[:provider], auth_hash)
+        if user.save
+          #new user saves fine
+          session[:user_id] = user.id
+          flash[:status] = :success
+          flash[:result_text] = "Successfully logged in as new user #{user.name}"
+        else
+          #new user cannot be saved, ex. the auth_hash has no provider
+          flash[:status] = :failure
+          flash[:result_text] = "Could not log on as new user #{auth_hash['name']}"
+        end
+
+      else
+        #user has logged in before
         session[:user_id] = user.id
         flash[:status] = :success
-        flash[:result_text] = "Successfully created new user #{user.username} with ID #{user.id}"
-      else
-        flash.now[:status] = :failure
-        flash.now[:result_text] = "Could not log in"
-        flash.now[:messages] = user.errors.messages
-        render "login_form", status: :bad_request
-        return
+        flash[:result_text] = "Successfully logged in as new user #{user.name}"
       end
+
+    else
+      #auth hash has no user id
+      flash[:status] = :failure
+      flash[:result_text] = "Authentication with github failed"
     end
     redirect_to root_path
   end
 
   def logout
     session[:user_id] = nil
     flash[:status] = :success
-    flash[:result_text] = "Successfully logged out"
+    flash[:result_text] = "You have been logged out"
     redirect_to root_path
   end
 end

app/controllers/users_controller.rb

@@ -1,4 +1,6 @@
 class UsersController < ApplicationController
+  skip_before_action :require_login, only: [:login]
+
   def index
     @users = User.all
   end
@@ -7,4 +9,38 @@ def show
     @user = User.find_by(id: params[:id])
     render_404 unless @user
   end
+
+  def login
+    auth_hash = request.env['omniauth.auth']
+
+    if auth_hash['uid']
+      user = User.find_by(provider: params[:provider], uid: auth_hash['uid'])
+      if user.nil?
+        user = User.from_auth_hash(params[:provider], auth_hash)
+        save_and_flash(user)
+
+      else
+        flash[:status] = :success
+        flash[:message] = "Successfully logged in as returning user #{user.name}"
+
+      end
+
+      # Log the user in
+      session[:user_id] = user.id
+
+    else
+      flash[:status] = :failure
+      flash[:message] = "Failed to create new user from data"
+    end
+
+    redirect_to root_path
+  end
+
+
+  # def logout
+  #   session[:user_id] = nil
+  #   flash[:status] = :success
+  #   flash[:message] = "Successfully logged out!"
+  #   redirect_to root_path
+  # end
 end

app/controllers/works_controller.rb

@@ -2,6 +2,7 @@ class WorksController < ApplicationController
   # We should always be able to tell what category
   # of work we're dealing with
   before_action :category_from_work, except: [:root, :index, :new, :create]
+  skip_before_action :require_login, only: [:root]
 
   def root
     @albums = Work.best_albums
@@ -38,6 +39,9 @@ def show
   end
 
   def edit
+    unless check_user
+      redirect_to works_path
+    end
   end
 
   def update
@@ -55,10 +59,14 @@ def update
   end
 
   def destroy
-    @work.destroy
-    flash[:status] = :success
-    flash[:result_text] = "Successfully destroyed #{@media_category.singularize} #{@work.id}"
-    redirect_to root_path
+    if check_user
+      @work.destroy
+      flash[:status] = :success
+      flash[:result_text] = "Successfully destroyed #{@media_category.singularize} #{@work.id}"
+      redirect_to root_path
+    else
+      redirect_to works_path
+    end
   end
 
   def upvote
@@ -90,12 +98,23 @@ def upvote
 
 private
   def media_params
-    params.require(:work).permit(:title, :category, :creator, :description, :publication_year)
+    params.require(:work).permit(:title, :category, :creator, :description, :publication_year, :writer)
   end
 
   def category_from_work
     @work = Work.find_by(id: params[:id])
     render_404 unless @work
     @media_category = @work.category.downcase.pluralize
   end
+
+  def check_user
+    @work = Work.find_by(id: params[:id])
+
+    if session[:user_id] != @work.writer
+      flash[:status] = :failure
+      flash[:result_text] = "You did not create this item"
+      return false
+    end
+    return true
+  end
 end

app/models/user.rb

@@ -1,6 +1,17 @@
 class User < ApplicationRecord
+  has_many :works
   has_many :votes
   has_many :ranked_works, through: :votes, source: :work
 
   validates :username, uniqueness: true, presence: true
+
+  def self.from_auth_hash(provider, auth_hash)
+    user = new
+    user.provider = provider
+    user.uid = auth_hash['uid']
+    user.name = auth_hash['info']['name']
+    user.email = auth_hash['info']['email']
+    user.username = auth_hash['info']['nickname']
+    return user
+  end
 end

app/models/work.rb

@@ -2,12 +2,13 @@ class Work < ApplicationRecord
   CATEGORIES = %w(album book movie)
   has_many :votes, dependent: :destroy
   has_many :ranking_users, through: :votes, source: :user
+  has_one :users
 
   validates :category,  presence: true,
-                        inclusion: { in: CATEGORIES }
+  inclusion: { in: CATEGORIES }
 
   validates :title, presence: true,
-                    uniqueness: { scope: :category }
+  uniqueness: { scope: :category }
 
   # This is called a model filter, and is very similar to a controller filter.
   # We want to fixup the category *before* we validate, because
@@ -43,7 +44,7 @@ def self.top_ten(category)
     where(category: category).order(vote_count: :desc).limit(10)
   end
 
-private
+  private
   def fix_category
     if self.category
       self.category = self.category.downcase.singularize

app/views/layouts/application.html.erb

@@ -27,7 +27,7 @@
           <%= link_to "Logged in as #{@login_user.username}", user_path(@login_user), class: "button" %>
           <%= link_to "Log Out", logout_path, method: :post, class: "button" %>
         <% else %>
-          <%= link_to "Log In", login_path, class: "button float-right" %>
+          <%= link_to "Log In", '/auth/github', class: "button float-right" %>
         <% end %>
       </div>
     </nav>

app/views/works/_form.html.erb

@@ -1,5 +1,7 @@
 <section>
   <%= form_for @work do |f| %>
+    <% f.hidden_field :user_creator, value: session[:user_id] %>
+
     <%= f.label :category %>
     <%= f.select :category, Work::CATEGORIES %>
 

config/initializers/omniauth.rb

@@ -0,0 +1,3 @@
+Rails.application.config.middleware.use OmniAuth::Builder do
+  provider :github, ENV["GITHUB_CLIENT_ID"], ENV["GITHUB_CLIENT_SECRET"], scope: "user:email"
+end