Add account activation

khin-alu · khin-alu · commit f05156112555 · 2025-09-22T14:43:51.000+07:00
diff --git a/app/controllers/account_activations_controller.rb b/app/controllers/account_activations_controller.rb
@@ -0,0 +1,14 @@
+class AccountActivationsController < ApplicationController
+  def edit
+    user = User.find_by(email: params[:email])
+    if user && !user.activated? && user.authenticated?(:activation, params[:id])
+      user.activate
+      log_in user
+      flash[:success] = "Account activated!"
+      redirect_to user
+    else
+      flash[:danger] = "Invalid activation link"
+      redirect_to root_url
+    end
+  end
+end
diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
@@ -5,11 +5,18 @@ def new
   def create
     user = User.find_by(email: params[:session][:email].downcase)
     if user && user.authenticate(params[:session][:password])
-      forwarding_url = session[:forwarding_url]
-      reset_session
-      params[:session][:remember_me] == "1" ? remember(user) : forget(user)
-      log_in user
-      redirect_to forwarding_url || user
+      if user.activated?
+        forwarding_url = session[:forwarding_url]
+        reset_session
+        params[:session][:remember_me] == "1" ? remember(user) : forget(user)
+        log_in user
+        redirect_to forwarding_url || user
+      else
+        message = "Account not activated. "
+        message += "Check your email for the activation link."
+        flash[:warning] = message
+        redirect_to root_url
+      end
     else
       flash.now[:danger] = "Invalid email/password combination"
       render "new", status: :unprocessable_entity
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
@@ -14,10 +14,9 @@ def new
   def create
     @user = User.new(user_params)
     if @user.save
-      reset_session
-      log_in @user
-      flash[:success] = "Welcome to the Sample App!"
-      redirect_to @user
+      @user.send_activation_email
+      flash[:info] = "Please check your email to activate your account."
+      redirect_to root_url
     else
       render "new", status: :unprocessable_entity
     end
diff --git a/app/helpers/account_activations_helper.rb b/app/helpers/account_activations_helper.rb
@@ -0,0 +1,2 @@
+module AccountActivationsHelper
+end
diff --git a/app/helpers/sessions_helper.rb b/app/helpers/sessions_helper.rb
@@ -15,16 +15,14 @@ def remember(user)
     cookies.permanent[:remember_token] = user.remember_token
   end
 
-  # Returns the user corresponding to the remember token cookie.
+  # Returns the current logged-in user (if any).
   def current_user
     if (user_id = session[:user_id])
       user = User.find_by(id: user_id)
-      if user && session[:session_token] == user.session_token
-        @current_user = user
-      end
+      @current_user ||= user if session[:session_token] == user.session_token
     elsif (user_id = cookies.encrypted[:user_id])
       user = User.find_by(id: user_id)
-      if user && user.authenticated?(cookies[:remember_token])
+      if user && user.authenticated?(:remember, cookies[:remember_token])
         log_in user
         @current_user = user
       end
diff --git a/app/mailers/application_mailer.rb b/app/mailers/application_mailer.rb
@@ -1,4 +1,4 @@
 class ApplicationMailer < ActionMailer::Base
-  default from: "from@example.com"
+  default from: "user@realdomain.com"
   layout "mailer"
 end
diff --git a/app/mailers/user_mailer.rb b/app/mailers/user_mailer.rb
@@ -0,0 +1,16 @@
+class UserMailer < ApplicationMailer
+  # Subject can be set in your I18n file at config/locales/en.yml
+  # with the following lookup:
+  #
+  #   en.user_mailer.account_activation.subject
+  #
+  def account_activation(user)
+    @user = user
+    mail to: user.email, subject: "Account activation"
+  end
+
+  def password_reset
+    @greeting = "Hi"
+    mail to: "to@example.org"
+  end
+end
diff --git a/app/models/user.rb b/app/models/user.rb
@@ -1,6 +1,7 @@
 class User < ApplicationRecord
-  attr_accessor :remember_token
-  before_save { self.email = email.downcase }
+  attr_accessor :remember_token, :activation_token
+  before_save :downcase_email
+  before_create :create_activation_digest
   validates :name, presence: true, length: { maximum: 50 }
   VALID_EMAIL_REGEX = /\A[\w+\-.]+@[a-z\d\-.]+\.[a-z]+\z/i
   validates :email, presence: true, length: { maximum: 255 },
@@ -32,13 +33,39 @@ def session_token
   end
 
   # Returns true if the given token matches the digest.
-  def authenticated?(remember_token)
-    return false if remember_digest.nil?
-    BCrypt::Password.new(remember_digest).is_password?(remember_token)
+  def authenticated?(attribute, token)
+    digest = send("#{attribute}_digest")
+    return false if digest.nil?
+    BCrypt::Password.new(digest).is_password?(token)
   end
 
   # Forgets a user.
   def forget
     update_attribute(:remember_digest, nil)
   end
+
+  # Activates an account.
+  def activate
+    update_attribute(:activated,
+                     true)
+    update_attribute(:activated_at, Time.zone.now)
+  end
+
+  # Sends activation email.
+  def send_activation_email
+    UserMailer.account_activation(self).deliver_now
+  end
+
+  private
+
+  # Converts email to all lowercase.
+  def downcase_email
+    self.email = email.downcase
+  end
+
+  # Creates and assigns the activation token and digest.
+  def create_activation_digest
+    self.activation_token = User.new_token
+    self.activation_digest = User.digest(activation_token)
+  end
 end
diff --git a/app/views/user_mailer/account_activation.html.erb b/app/views/user_mailer/account_activation.html.erb
@@ -0,0 +1,6 @@
+<h1>Sample App</h1>
+<p>Hi <%= @user.name %>,</p>
+<p>
+    Welcome to the Sample App! Click on the link below to activate your account:
+</p>
+<%= link_to "Activate", edit_account_activation_url(@user.activation_token, email: @user.email) %>
diff --git a/app/views/user_mailer/account_activation.text.erb b/app/views/user_mailer/account_activation.text.erb
@@ -0,0 +1,3 @@
+Hi <%= @user.name %>,
+Welcome to the Sample App! Click on the link below to activate your account:
+<%= edit_account_activation_url(@user.activation_token, email: @user.email) %>
diff --git a/app/views/user_mailer/password_reset.html.erb b/app/views/user_mailer/password_reset.html.erb
@@ -0,0 +1,5 @@
+<h1>User#password_reset</h1>
+
+<p>
+  <%= @greeting %>, find me in app/views/user_mailer/password_reset.html.erb
+</p>
diff --git a/app/views/user_mailer/password_reset.text.erb b/app/views/user_mailer/password_reset.text.erb
@@ -0,0 +1,3 @@
+User#password_reset
+
+<%= @greeting %>, find me in app/views/user_mailer/password_reset.text.erb
diff --git a/config/environments/development.rb b/config/environments/development.rb
@@ -39,7 +39,8 @@
   config.action_mailer.perform_caching = false
 
   # Set localhost to be used by links generated in mailer templates.
-  config.action_mailer.default_url_options = { host: "localhost", port: 3000 }
+  host = "127.0.0.1:3000"
+  config.action_mailer.default_url_options = { host: host, port: 3000, protocol: "http" }
 
   # Print deprecation notices to the Rails logger.
   config.active_support.deprecation = :log
diff --git a/config/routes.rb b/config/routes.rb
@@ -19,4 +19,5 @@
   # Defines the root path route ("/")
   # root "posts#index"
   resources :users
+  resources :account_activations, only: [:edit]
 end
diff --git a/db/migrate/20250922062013_add_activation_to_users.rb b/db/migrate/20250922062013_add_activation_to_users.rb
@@ -0,0 +1,7 @@
+class AddActivationToUsers < ActiveRecord::Migration[8.0]
+  def change
+    add_column :users, :activation_digest, :string
+    add_column :users, :activated, :boolean, default: false
+    add_column :users, :activated_at, :datetime
+  end
+end
diff --git a/db/schema.rb b/db/schema.rb
diff --git a/db/seeds.rb b/db/seeds.rb
@@ -3,7 +3,9 @@
              email: "example@railstutorial.org",
              password: "foobar",
              password_confirmation: "foobar",
-             admin: true)
+             admin: true,
+             activated: true,
+             activated_at: Time.zone.now)
 # Generate a bunch of additional users.
 99.times do |n|
   name = Faker::Name.name
@@ -12,5 +14,7 @@
   User.create!(name: name,
                email: email,
                password: password,
-               password_confirmation: password)
+               password_confirmation: password,
+               activated: true,
+               activated_at: Time.zone.now)
 end
diff --git a/test/controllers/account_activations_controller_test.rb b/test/controllers/account_activations_controller_test.rb
@@ -0,0 +1,7 @@
+require "test_helper"
+
+class AccountActivationsControllerTest < ActionDispatch::IntegrationTest
+  # test "the truth" do
+  #   assert true
+  # end
+end
diff --git a/test/fixtures/users.yml b/test/fixtures/users.yml
@@ -5,25 +5,35 @@ michael:
   email: michael@example.com
   password_digest: <%= User.digest('password') %>
   admin: true
+  activated: true
+  activated_at: <%= Time.zone.now %>
 
 archer:
   name: Sterling Archer
   email: duchess@example.gov
   password_digest: <%= User.digest('password') %>
-
+  activated: true
+  activated_at: <%= Time.zone.now %>
+  
 lana:
   name: Lana Kane
   email: hands@example.gov
   password_digest: <%= User.digest('password') %>
+  activated: true
+  activated_at: <%= Time.zone.now %>
 
 malory:
   name: Malory Archer
   email: boss@example.gov
   password_digest: <%= User.digest('password') %>
+  activated: true
+  activated_at: <%= Time.zone.now %>
 
 <% 30.times do |n| %>
 user_<%= n %>:
   name: <%= "User #{n}" %>
   email: <%= "user-#{n}@example.com" %>
   password_digest: <%= User.digest('password') %>
+  activated: true
+  activated_at: <%= Time.zone.now %>
 <% end %>
diff --git a/test/integration/users_login_test.rb b/test/integration/users_login_test.rb
@@ -1,19 +1,18 @@
 require "test_helper"
 
-class UsersLoginTest < ActionDispatch::IntegrationTest
+class UsersLogin < ActionDispatch::IntegrationTest
   def setup
     @user = users(:michael)
   end
 end
 
-class InvalidPasswordTest < UsersLoginTest
+class InvalidPasswordTest < UsersLogin
   test "login path" do
     get login_path
     assert_template "sessions/new"
   end
   test "login with valid email/invalid password" do
-    post login_path, params: { session: { email: @user.email,
-                                         password: "invalid" } }
+    post login_path, params: { session: { email: @user.email, password: "invalid" } }
     assert_not is_logged_in?
     assert_template "sessions/new"
     assert_not flash.empty?
@@ -22,11 +21,10 @@ class InvalidPasswordTest < UsersLoginTest
   end
 end
 
-class ValidLogin < UsersLoginTest
+class ValidLogin < UsersLogin
   def setup
     super
-    post login_path, params: { session: { email: @user.email,
-                                         password: "password" } }
+    post login_path, params: { session: { email: @user.email, password: "password" } }
   end
 end
 
@@ -35,6 +33,7 @@ class ValidLoginTest < ValidLogin
     assert is_logged_in?
     assert_redirected_to @user
   end
+
   test "redirect after login" do
     follow_redirect!
     assert_template "users/show"
@@ -64,36 +63,13 @@ class LogoutTest < Logout
                   count: 0
     assert_select "a[href=?]", user_path(@user), count: 0
   end
-
-  test "login with valid information followed by logout" do
-    post login_path, params: { session: { email: @user.email,
-                                         password: "password" } }
-    assert is_logged_in?
-    assert_redirected_to @user
-    follow_redirect!
-    assert_template "users/show"
-    assert_select "a[href=?]", login_path, count: 0
-    assert_select "a[href=?]", logout_path
-    assert_select "a[href=?]", user_path(@user)
-    delete logout_path
-    assert_response :see_other
-    assert_not is_logged_in?
-    assert_redirected_to root_url
-    # Simulate a user clicking logout in a second window.
-    delete logout_path
-    follow_redirect!
-    assert_select "a[href=?]", login_path
-    assert_select "a[href=?]", logout_path,
-                  count: 0
-    assert_select "a[href=?]", user_path(@user), count: 0
-  end
   test "should still work after logout in second window" do
     delete logout_path
     assert_redirected_to root_url
   end
 end
 
-class RememberingTest < UsersLoginTest
+class RememberingTest < UsersLogin
   test "login with remembering" do
     log_in_as(@user, remember_me: "1")
     assert_not cookies[:remember_token].blank?
diff --git a/test/integration/users_signup_test.rb b/test/integration/users_signup_test.rb
diff --git a/test/mailers/previews/user_mailer_preview.rb b/test/mailers/previews/user_mailer_preview.rb
diff --git a/test/mailers/user_mailer_test.rb b/test/mailers/user_mailer_test.rb
diff --git a/test/models/user_test.rb b/test/models/user_test.rb

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+module AccountActivationsHelper`
	`2`	`+end`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+Hi <%= @user.name %>,`
	`2`	`+Welcome to the Sample App! Click on the link below to activate your account:`
	`3`	`+<%= edit_account_activation_url(@user.activation_token, email: @user.email) %>`