Merge pull request #149 from joyofrails/feat/auth

Add user authentication from scratch

Author: rossta

app/controllers/concerns/authentication.rb

@@ -4,25 +4,54 @@ module Authentication
 
   included do
     before_action :current_admin_user
+    before_action :current_user
+
     helper_method :current_admin_user
+    helper_method :current_user
+    helper_method :user_signed_in?
     helper_method :admin_user_signed_in?
   end
 
   def warden
     request.env["warden"]
   end
 
+  def authenticate_user!
+    store_location
+    redirect_to new_users_session_path, alert: "You need to sign in to access that page" unless user_signed_in?
+  end
+
   def redirect_admin_if_authenticated
     redirect_to admin_root_path, alert: "You are already logged in." if admin_user_signed_in?
   end
 
+  def redirect_if_authenticated
+    redirect_back fallback_location: login_success_path, alert: "You are already logged in." if user_signed_in?
+  end
+
   protected
 
+  def login_success_path
+    session.delete(:user_return_to) || users_dashboard_path
+  end
+
+  def current_user
+    Current.user ||= warden.user(scope: :user)
+  end
+
   def current_admin_user
     Current.admin_user ||= warden.user(scope: :admin_user)
   end
 
+  def user_signed_in?
+    current_user.present?
+  end
+
   def admin_user_signed_in?
-    Current.admin_user.present?
+    current_admin_user.present?
+  end
+
+  def store_location
+    session[:user_return_to] = request.original_url if request.get? && request.local?
   end
 end

app/controllers/site_controller.rb

@@ -29,8 +29,12 @@ def process_rendition(rendition)
   # @param rendition [Sitepress::Rendition] Rendered representatio of current_resource
   #
   def post_render(rendition)
-    if stale?(rendition.source, last_modified: current_resource.asset.updated_at.utc, public: true)
+    if current_path?(root_path) || stale?(rendition.source, last_modified: current_resource.asset.updated_at.utc, public: true)
       render body: rendition.output, content_type: rendition.mime_type
     end
   end
+
+  def current_path?(path)
+    request.path == path
+  end
 end

app/controllers/users/confirmations_controller.rb

@@ -0,0 +1,66 @@
+# frozen_string_literal: true
+
+class Users::ConfirmationsController < ApplicationController
+  before_action :feature_enabled!
+  before_action :redirect_if_authenticated, only: [:create, :new]
+
+  def new
+    @user = User.new
+    render Users::Confirmations::NewView.new(user: @user)
+  end
+
+  def create
+    @user = User.find_by(email: params.require(:user).permit(:email).dig(:email).to_s.downcase)
+
+    if @user.blank?
+      return redirect_to new_users_confirmation_path, alert: "We are unable to confirm that email address"
+    end
+
+    if !@user.needs_confirmation?
+      return redirect_to root_path, notice: "Your account has already been confirmed"
+    end
+
+    EmailConfirmationNotifier.deliver_to(@user)
+
+    redirect_to root_path, notice: "Check your email for confirmation instructions"
+  end
+
+  def edit
+    @user = User.find_by_token_for(:confirmation, params[:confirmation_token])
+
+    if @user.blank?
+      return redirect_to new_users_confirmation_path, alert: "This link is invalid or expired"
+    end
+
+    if !@user.needs_confirmation?
+      return redirect_to root_path, notice: "Your account has already been confirmed"
+    end
+
+    render Users::Confirmations::EditView.new(user: @user, confirmation_token: params[:confirmation_token])
+  end
+
+  def update
+    @user = User.find_by_token_for(:confirmation, params[:confirmation_token])
+
+    if @user.blank?
+      return redirect_to new_users_confirmation_path, alert: "That link is invalid or expired"
+    end
+    if !@user.needs_confirmation?
+      return redirect_to root_path, notice: "Your account has already been confirmed"
+    end
+
+    if @user.confirm!
+      warden.set_user(@user, scope: :user)
+
+      redirect_to users_dashboard_path, notice: "Thank you for confirming your email address"
+    else
+      redirect_to new_users_confirmation_path, alert: "Something went wrong"
+    end
+  end
+
+  private
+
+  def feature_enabled!
+    redirect_to root_path, notice: "Coming soon!" unless Flipper.enabled?(:user_registration)
+  end
+end

app/controllers/users/dashboard_controller.rb

@@ -0,0 +1,7 @@
+class Users::DashboardController < ApplicationController
+  before_action :authenticate_user!
+
+  def index
+    render Users::Dashboard::IndexView.new
+  end
+end

app/controllers/users/passwords_controller.rb

@@ -0,0 +1,70 @@
+# frozen_string_literal: true
+
+class Users::PasswordsController < ApplicationController
+  before_action :feature_enabled!
+  before_action :redirect_if_authenticated
+
+  def new
+    render Users::Passwords::NewView.new(user: User.new)
+  end
+
+  def create
+    @user = User.find_by(email: params.require(:user).permit(:email).dig(:email).to_s.downcase)
+
+    if @user.blank?
+      return redirect_to new_users_session_path, notice: "If that user exists we’ve sent instructions to their email"
+    end
+
+    if @user.unconfirmed?
+      return redirect_to new_users_confirmation_path, alert: "Please confirm your email address first"
+    end
+
+    PasswordResetNotifier.deliver_to(@user)
+
+    redirect_to new_users_session_path, notice: "If that user exists we’ve sent instructions to their email"
+  end
+
+  def edit
+    @user = User.find_by_token_for(:password_reset, params[:password_reset_token])
+
+    if @user.blank?
+      return redirect_to new_users_password_path, alert: "That link is invalid or expired"
+    end
+
+    if @user.unconfirmed?
+      return redirect_to new_users_confirmation_path, alert: "You must confirm your email before you can sign in"
+    end
+
+    render Users::Passwords::EditView.new(user: @user, password_reset_token: params[:password_reset_token])
+  end
+
+  def update
+    @user = User.find_by_token_for(:password_reset, params[:password_reset_token])
+
+    if @user.blank?
+      flash.now[:alert] = "That link is invalid or expired"
+      return render Users::Passwords::NewView.new(user: User.new), status: :unprocessable_entity
+    end
+
+    if @user.unconfirmed?
+      return redirect_to new_users_confirmation_path, alert: "Please confirm your email before you can sign in"
+    end
+
+    if @user.update(password_params)
+      redirect_to new_users_session_path, notice: "Password updated! Please sign in"
+    else
+      flash.now[:alert] = @user.errors.full_messages.to_sentence
+      render Users::Passwords::EditView.new(user: @user, password_reset_token: params[:password_reset_token]), status: :unprocessable_entity
+    end
+  end
+
+  private
+
+  def password_params
+    params.require(:user).permit(:password, :password_confirmation)
+  end
+
+  def feature_enabled!
+    redirect_to root_path, notice: "Coming soon!" unless Flipper.enabled?(:user_registration)
+  end
+end

app/controllers/users/registrations_controller.rb

@@ -0,0 +1,64 @@
+# frozen_string_literal: true
+
+class Users::RegistrationsController < ApplicationController
+  before_action :feature_enabled!
+  before_action :redirect_if_authenticated, only: [:create, :new]
+  before_action :authenticate_user!, only: [:edit, :update, :destroy]
+
+  def new
+    @user = User.new
+    render Users::Registrations::NewView.new(user: @user)
+  end
+
+  def create
+    create_user_params = params.require(:user).permit(:email, :password, :password_confirmation)
+    @user = User.new(create_user_params)
+    if @user.save
+      EmailConfirmationNotifier.deliver_to(@user)
+      redirect_to root_path, notice: "Welcome to Joy of Rails! Please check your email for confirmation instructions"
+    else
+      render Users::Registrations::NewView.new(user: @user), status: :unprocessable_entity
+    end
+  end
+
+  def edit
+    @user = current_user
+    @user.email_exchanges.build
+
+    render Users::Registrations::EditView.new(user: @user)
+  end
+
+  def update
+    update_user_params = params.require(:user).permit(:password_challenge, :password, :password_confirmation, email_exchanges_attributes: [:email])
+
+    @user = current_user
+
+    if !@user.authenticate(params[:user][:password_challenge])
+      flash.now[:error] = "Incorrect password"
+      return render Users::Registrations::EditView.new(user: @user), status: :unprocessable_entity
+    end
+
+    if !@user.update(update_user_params)
+      return render Users::Registrations::EditView.new(user: @user), status: :unprocessable_entity
+    end
+
+    if update_user_params[:email_exchanges_attributes].present?
+      EmailConfirmationNotifier.deliver_to(@user)
+      redirect_to users_dashboard_path, notice: "Check your email for confirmation instructions"
+    else
+      redirect_to users_dashboard_path, notice: "Account updated"
+    end
+  end
+
+  def destroy
+    current_user.destroy
+    reset_session
+    redirect_to root_path, notice: "Your account has been deleted"
+  end
+
+  private
+
+  def feature_enabled!
+    redirect_to root_path, notice: "Coming soon!" unless Flipper.enabled?(:user_registration)
+  end
+end

app/controllers/users/sessions_controller.rb

@@ -0,0 +1,50 @@
+# frozen_string_literal: true
+
+class Users::SessionsController < ApplicationController
+  before_action :feature_enabled!
+  before_action :redirect_if_authenticated, only: [:create, :new]
+  before_action :authenticate_user!, only: [:destroy]
+
+  def new
+    render Users::Sessions::NewView.new
+  end
+
+  def create
+    @user = warden.authenticate!(:password, scope: :user)
+
+    redirect_to login_success_path, notice: "Signed in successfully"
+  end
+
+  def destroy
+    warden.logout(:user)
+    warden.clear_strategies_cache!(scope: :user)
+
+    redirect_to root_path, notice: "Signed out successfully"
+  end
+
+  # This method is called when Warden authentication fails
+  def fail
+    warden_options = request.env["warden.options"] || {}
+    warden_message = warden_options[:message]
+
+    message = case warden_message
+    when :invalid
+      "Incorrect email or password"
+    when :unconfirmed
+      "Please confirm your email address first"
+    end
+
+    flash.now[:alert] = message
+
+    email = params.require(:user).permit(:email)[:email].to_s.downcase
+    user = User.new(email: email)
+
+    render Users::Sessions::NewView.new(user: user), status: :unprocessable_entity
+  end
+
+  private
+
+  def feature_enabled!
+    redirect_to root_path, notice: "Coming soon!" unless Flipper[:user_registration].enabled?
+  end
+end

app/jobs/notifications/event_job.rb

@@ -0,0 +1,10 @@
+class Notifications::EventJob < ApplicationJob
+  queue_as :default
+
+  def perform(event)
+    # Enqueue individual deliveries
+    event.notifications.each do |notification|
+      event.deliver_notification(notification)
+    end
+  end
+end

app/lib/routes/users_access_constraint.rb

@@ -0,0 +1,7 @@
+module Routes
+  class UsersAccessConstraint
+    def matches?(request)
+      request.env["warden"].authenticate?(scope: :user)
+    end
+  end
+end

app/lib/warden_extensions/password_strategy.rb

@@ -5,8 +5,12 @@ def valid?
     end
 
     def authenticate!
-      user = scope_class.authenticate(email: scoped_params["email"], password: scoped_params["password"])
-      user ? success!(user) : fail!(:invalid)
+      user = scope_class.authenticate_by(email: scoped_params["email"].to_s.downcase, password: scoped_params["password"])
+
+      return fail!(:invalid) if !user
+      return fail!(:unconfirmed) if user.needs_confirmation?
+
+      success!(user)
     end
 
     def scoped_params