Implement email confirmations

nygrenh · nygrenh · commit f9191e5c053a · 2018-03-22T16:23:46.000+02:00
diff --git a/Gemfile b/Gemfile
@@ -70,6 +70,10 @@ group :development, :test do
   gem 'simplecov'
 end
 
+group :development do
+  gem 'letter_opener', '~> 1.6'
+end
+
 group :test do
   gem 'json-schema', '~> 2.7.0'
 end
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -139,6 +139,8 @@ GEM
     jwt (2.1.0)
     launchy (2.4.3)
       addressable (~> 2.3)
+    letter_opener (1.6.0)
+      launchy (~> 2.2)
     little-plugger (1.1.4)
     logging (2.2.2)
       little-plugger (~> 1.1)
@@ -376,6 +378,7 @@ DEPENDENCIES
   jquery-rails (~> 3.1.2)
   json-schema (~> 2.7.0)
   launchy
+  letter_opener (~> 1.6)
   logstasher (~> 0.9.0)
   mimemagic (~> 0.3.0)
   mimic (~> 0.4.3)
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
@@ -30,6 +30,7 @@ def create
     set_user_fields
 
     if @user.errors.empty? && @user.save
+      UserMailer.email_confirmation(@user).deliver_now
       if @bare_layout
         render text: '<div class="success" style="font-size: 14pt; margin: 10pt;">User account created.</div>', layout: true
       else
@@ -77,6 +78,20 @@ def update
     end
   end
 
+  def confirm_email
+    token = VerificationToken.email.find_by!(user_id: params[:user_id], token: params[:id])
+    User.find(params[:user_id]).update!(email_verified: true)
+    redirect_to root_url, notice: 'Your email address has been verified!'
+  end
+
+  def send_verification_email
+    user = User.find(params[:user_id])
+    raise 'Access denied' if user != current_user && !current_user.admin?
+    raise 'Already verified' if user.email_verified?
+    UserMailer.email_confirmation(user).deliver_now
+    redirect_to root_path, notice: "Verification email sent to #{user.email}."
+  end
+
   private
 
   def set_email
diff --git a/app/mailers/user_mailer.rb b/app/mailers/user_mailer.rb
@@ -0,0 +1,18 @@
+class UserMailer < ActionMailer::Base
+  def email_confirmation(user)
+    @user = user
+    token = user.verification_tokens.email.create!
+    @url = base_url + confirm_email_path(@user.id, token.token)
+    mail(from: SiteSetting.value('emails')['from'], to: user.email, subject: "Confirm your TestMyCode Account email address")
+  end
+
+
+  private
+
+  def base_url
+    @base_url ||= begin
+      settings = SiteSetting.value('emails')
+      settings['baseurl'].sub(/\/+$/, '')
+    end
+  end
+end
diff --git a/app/models/user.rb b/app/models/user.rb
@@ -26,6 +26,7 @@ class User < ActiveRecord::Base
   has_many :organizations, through: :teacherships
   has_many :assistantships, dependent: :destroy
   has_many :assisted_courses, through: :assistantships, source: :course
+  has_many :verification_tokens
 
   validates :login, presence: true,
                     uniqueness: { case_sensitive: false },
diff --git a/app/models/verification_token.rb b/app/models/verification_token.rb
@@ -0,0 +1,21 @@
+class VerificationToken < ActiveRecord::Base
+  # This class does not use single table inheritance
+  self.inheritance_column = :_type_disabled
+
+  belongs_to :user
+
+  enum type: [:email]
+
+  validates :type, presence: true
+  validates :user, presence: true
+
+  default_scope { where(created_at: ((Time.current - 1.week)..Time.current)) }
+
+  before_create :generate_token
+
+  private
+
+  def generate_token
+    self.token = SecureRandom.urlsafe_base64.to_s
+  end
+end
diff --git a/app/views/layouts/landing.html.erb b/app/views/layouts/landing.html.erb
@@ -28,6 +28,10 @@
     </div>
     <div id="everything">
       <div class="container container-fluid well-large" id="content-area">
+        <% unless flash.empty? %>
+          <br>
+          <%= bootstrap_flash %>
+        <% end %>
         <%= yield %>
         <br>
         <br>
diff --git a/app/views/participants/show.html.erb b/app/views/participants/show.html.erb
@@ -18,6 +18,12 @@
   </section>
 </div>
 
+<% unless @user.email_verified? %>
+  <div class="alert alert-warning" role="alert">
+    Your email address is not verified yet. <%= link_to 'Resend verification email', send_verification_email_path(@user), method: :post %>.
+  </div>
+<% end %>
+
 <section>
   <br>
   <h2>Points</h2>
diff --git a/app/views/user_mailer/email_confirmation.html.erb b/app/views/user_mailer/email_confirmation.html.erb
@@ -0,0 +1,15 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+</head>
+<body>
+  <p>Hey there!</p>
+
+  <p>Please click the following link to confirm that <b><%= @user.email %></b> is your email address for the TestMyCode account "<%= @user.login %>".</p>
+
+  <a href="<%= @url %>"><%= @url %></a>
+
+  <p>If this email doesn't make any sense, just ignore this message.</p>
+</body>
+</html>
diff --git a/app/views/user_mailer/email_confirmation.text.erb b/app/views/user_mailer/email_confirmation.text.erb
@@ -0,0 +1,7 @@
+Hey there!
+
+Please click the following link to confirm that <%= @user.email %> is your email address for the TestMyCode account "<%= @user.login %>"
+
+ <%= @url %>
+
+If this email doesn't make any sense, just ignore this message
diff --git a/config/environments/development.rb b/config/environments/development.rb
@@ -15,8 +15,9 @@
   config.consider_all_requests_local       = true
   config.action_controller.perform_caching = false
 
-  # Don't care if the mailer can't send.
-  config.action_mailer.raise_delivery_errors = false
+  # Preview emails in browser
+  config.action_mailer.delivery_method = :letter_opener
+  config.action_mailer.perform_deliveries = true
 
   # Print deprecation notices to the Rails logger.
   config.active_support.deprecation = :log
diff --git a/config/routes.rb b/config/routes.rb
@@ -226,6 +226,10 @@
     end
   end
 
+
+  get '/users/:user_id/verify/:id', to: 'users#confirm_email', as: 'confirm_email'
+  post '/users/:user_id/send_verification_email', to: 'users#send_verification_email', as: 'send_verification_email'
+
   resources :certificates, only: [:show, :create]
 
   resources :emails, only: [:index]
diff --git a/db/migrate/20180322124329_add_email_verified_to_user.rb b/db/migrate/20180322124329_add_email_verified_to_user.rb
@@ -0,0 +1,5 @@
+class AddEmailVerifiedToUser < ActiveRecord::Migration
+  def change
+    add_column :users, :email_verified, :boolean, default: false, null: false
+  end
+end
diff --git a/db/migrate/20180322124723_create_verification_tokens.rb b/db/migrate/20180322124723_create_verification_tokens.rb
@@ -0,0 +1,11 @@
+class CreateVerificationTokens < ActiveRecord::Migration
+  def change
+    create_table :verification_tokens do |t|
+      t.string :token, null: false
+      t.integer :type, null: false
+      t.references :user
+
+      t.timestamps
+    end
+  end
+end
diff --git a/db/schema.rb b/db/schema.rb
@@ -11,7 +11,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 20170809122816) do
+ActiveRecord::Schema.define(version: 20180322124723) do
 
   # These are extensions that must be enabled in order to support this database
   enable_extension "plpgsql"
@@ -396,10 +396,19 @@
     t.boolean  "administrator",      default: false, null: false
     t.text     "email",              default: "",    null: false
     t.boolean  "legitimate_student", default: true,  null: false
+    t.boolean  "email_verified",     default: false, null: false
   end
 
   add_index "users", ["login"], name: "index_users_on_login", unique: true, using: :btree
 
+  create_table "verification_tokens", force: :cascade do |t|
+    t.string   "token",      null: false
+    t.integer  "type",       null: false
+    t.integer  "user_id"
+    t.datetime "created_at"
+    t.datetime "updated_at"
+  end
+
   add_foreign_key "action_tokens", "users", on_delete: :cascade
   add_foreign_key "available_points", "exercises", on_delete: :cascade
   add_foreign_key "awarded_points", "courses", on_delete: :cascade
