NSCCS-6 User sessions

Gemfile

@@ -21,7 +21,7 @@ gem 'jbuilder', '~> 2.7'
 # Use Redis adapter to run Action Cable in production
 # gem 'redis', '~> 4.0'
 # Use Active Model has_secure_password
-# gem 'bcrypt', '~> 3.1.7'
+ gem 'bcrypt', '~> 3.1.7'
 
 # Use Active Storage variant
 # gem 'image_processing', '~> 1.2'

Gemfile.lock

@@ -62,6 +62,7 @@ GEM
       zeitwerk (~> 2.3)
     addressable (2.7.0)
       public_suffix (>= 2.0.2, < 5.0)
+    bcrypt (3.1.16)
     bindex (0.8.1)
     bootsnap (1.7.3)
       msgpack (~> 1.0)
@@ -205,6 +206,7 @@ PLATFORMS
   x86_64-darwin-20
 
 DEPENDENCIES
+  bcrypt (~> 3.1.7)
   bootsnap (>= 1.4.4)
   byebug
   capybara (>= 3.26)

app/controllers/application_controller.rb

@@ -1,2 +1,18 @@
 class ApplicationController < ActionController::Base
+  before_action :authorized
+  helper_method :current_user
+  helper_method :logged_in?
+
+  def current_user
+    User.find_by(id: session[:user_id])
+  end
+
+  def logged_in?
+    !current_user.nil?
+  end
+
+  def authorized
+   redirect_to '/welcome' unless logged_in?
+  end
+
 end

app/controllers/sessions_controller.rb

@@ -0,0 +1,37 @@
+class SessionsController < ApplicationController
+  skip_before_action :authorized, only: [:new, :create, :welcome]
+
+  def new
+  end
+
+  def create
+    @user = User.find_by(username: params[:username])
+    if @user && @user.authenticate(params[:password])
+      session[:user_id] = @user.id
+      redirect_to welcome_path
+    else
+      flash[:warning] = "The username or password is incorrect:/"
+      redirect_to login_path
+    end
+  end
+
+  def login
+  end
+
+  def welcome
+  end
+
+  def page_requires_login
+
+  end
+
+  def destroy
+    #clear the sessions[:user_id]
+    puts session[:user_id]
+    session.delete(:user_id)
+    #params[:id] = nil
+    #redirect the user back to the welcome page
+
+    redirect_to '/welcome'
+  end
+end

app/controllers/users_controller.rb

@@ -0,0 +1,28 @@
+class UsersController < ApplicationController
+  skip_before_action :authorized, only: [:new, :create, :show]
+
+  def new
+    @user = User.new
+  end
+
+  def show
+
+  end
+
+  def create
+   @user = User.new(user_params)
+   if @user.save
+     session[:user_id] = @user.id
+     redirect_to welcome_path
+   else
+     flash[:warning] = "Please try again"
+     redirect_to new_user_path
+   end
+  end
+
+  private
+
+  def user_params
+    params.require(:user).permit(:unique_id, :username, :password)
+  end
+end

app/controllers/welcome_controller.rb

@@ -1,4 +1,6 @@
 class WelcomeController < ApplicationController
+  skip_before_action :authorized, only: [:index]
+
   def index
   end
 end

app/models/user.rb

@@ -0,0 +1,6 @@
+class User < ApplicationRecord
+     has_secure_password
+
+     validates :username, presence: true, uniqueness: true
+     validates :password, presence: true
+end

app/views/layouts/application.html.erb

@@ -11,8 +11,18 @@
   </head>
 
   <body>
-    <h1>This is the application.html.erb file</h1>
-    <p>all code below this is written in app/views/welcome/index.html.erb</p>
+    <div>
+      <h2>Oh, hai!</h2>
+      <% if logged_in? %>
+          <h3>You are logged in, <%= current_user.username %>, and it's great you stopped by to say hello. Logout IF YOU MUST</h3>
+          <%= button_to "Logout", '/logout', method: :post%>
+      <% else %>
+        <h3>It's nice to see you: login or sign up.</h3>
+        <%= button_to "Login", login_path, method: :get%>
+        <%= button_to "Sign Up", new_user_path, method: :get%>
+      <% end %>
+      <br/>
+    </div>
     <%= yield %>
   </body>
 </html>

app/views/sessions/new.html.erb

@@ -0,0 +1,12 @@
+<% if flash[:warning] %>
+    <div class="notice"><%= flash[:warning] %></div>
+<% end %>
+
+<h1>Login</h1>
+   <%= form_tag '/login' do %>
+   <%= label_tag :username%>
+   <%= text_field_tag :username %>
+   <%= label_tag :password%>
+   <%= password_field_tag :password%>
+   <%= submit_tag "Login"%>
+<% end %>

app/views/users/new.html.erb

@@ -0,0 +1,12 @@
+<% if flash[:warning] %>
+    <div class="notice"><%= flash[:warning] %></div>
+<% end %>
+
+<h1>Sign Up</h1>
+<%= form_for @user do |f|%>
+  <%= f.label :username%><br>
+  <%= f.text_field :username%><br>
+  <%= f.label :password%><br>
+  <%= f.password_field :password%><br>
+  <%= f.submit %>
+<%end%>

app/views/users/show.html.erb

@@ -0,0 +1 @@
+<h1>nothing yet</h1>

app/views/welcome/index.html.erb

@@ -6,6 +6,8 @@
     <div id="mainTitle">Lorem ipsum</div>
   </div>
 
+
+
   <div id="secondHeader"> <div class="showOffText">News slide thing?!</div> </div>
 
   <div id="mainContent">

config/routes.rb

@@ -4,4 +4,12 @@
 
   get "/welcome", to: "welcome#index"
   get "/demopage", to: "demopage#index"
+
+  resources :users, only: [:new, :create, :show]
+
+  get 'login', to: 'sessions#new'
+  post 'login', to: 'sessions#create'
+  post 'logout', to: 'sessions#destroy'
+  get 'welcome', to: 'sessions#welcome'
+  get 'authorized', to: 'sessions#page_requires_login'
 end

db/migrate/20210607024751_create_users.rb

@@ -0,0 +1,10 @@
+class CreateUsers < ActiveRecord::Migration[6.1]
+  def change
+    create_table :users do |t|
+      t.string :username
+      t.string :password
+
+      t.timestamps
+    end
+  end
+end

db/migrate/20210607030403_rename_password_to_password_digest.rb

@@ -0,0 +1,7 @@
+class RenamePasswordToPasswordDigest < ActiveRecord::Migration[6.1]
+  def change
+    change_table :users do |t|
+      t.rename :password, :password_digest
+    end
+  end
+end