Fixes & improvements to user authentication

TelosLabs · Jul 11, 2024 · 461df42 · 461df42
1 parent 074b214
commit 461df42
Show file tree

Hide file tree

Showing 10 changed files with 44 additions and 43 deletions.
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
@@ -1,5 +1,3 @@
 class ApplicationController < ActionController::Base
   include Authentication
-
-  before_action :authenticate_user!
 end
diff --git a/app/controllers/concerns/authentication.rb b/app/controllers/concerns/authentication.rb
@@ -4,31 +4,35 @@ module Authentication
   included do
     helper_method :current_user, :user_signed_in?
 
-    def authenticate_user!
-      redirect_to root_path, alert: t("controllers.concerns.authentication.unauthorized") unless user_signed_in?
-    end
-
-    def current_user
-      Current.user ||= authenticate_user_from_session
-    end
-
-    def authenticate_user_from_session
-      User.find_by(id: session[:user_id])
-    end
-
-    def user_signed_in?
-      current_user.present?
-    end
-
-    def login(user)
-      Current.user = user
-      reset_session
-      session[:user_id] = user.id
-    end
-
-    def logout
-      Current.user = nil
-      reset_session
-    end
+    before_action :authenticate_user!
+  end
+
+  def authenticate_user!
+    return current_user if user_signed_in?
+
+    redirect_to root_path, alert: t("controllers.concerns.authentication.unauthorized")
+  end
+
+  def current_user
+    Current.user ||= authenticate_user_from_session
+  end
+
+  def authenticate_user_from_session
+    User.find_by(id: session[:user_id])
+  end
+
+  def user_signed_in?
+    current_user.present?
+  end
+
+  def login(user)
+    Current.user = user
+    reset_session
+    session[:user_id] = user.id
+  end
+
+  def logout
+    Current.user = nil
+    reset_session
   end
 end
diff --git a/app/controllers/password_resets_controller.rb b/app/controllers/password_resets_controller.rb
@@ -1,5 +1,6 @@
 class PasswordResetsController < ApplicationController
   skip_before_action :authenticate_user!, only: [:new, :create]
+
   before_action :set_user_by_token, only: [:edit, :update]
 
   def new
@@ -15,7 +16,7 @@ def create
       PasswordMailer.with(
         user: @user,
         token: @user.generate_token_for(:password_reset)
-      ).password_reset.deliver_now
+      ).password_reset.deliver_later
     end
 
     redirect_to root_path, notice: t("controllers.password_resets.create.notice")
@@ -33,8 +34,9 @@ def update
 
   def set_user_by_token
     @user = User.find_by_token_for(:password_reset, params[:token])
+    return if @user.present?
 
-    redirect_to new_password_reset_path alert: t("controllers.password_resets.errors.invalid_token") if @user.blank?
+    redirect_to new_password_reset_path alert: t("controllers.password_resets.errors.invalid_token")
   end
 
   def password_params

diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
@@ -2,6 +2,7 @@ class SessionsController < ApplicationController
   skip_before_action :authenticate_user!
 
   def new
+    @user = User.new
   end
 
   def create

diff --git a/app/models/user.rb b/app/models/user.rb
@@ -6,6 +6,7 @@
 #  email                        :string           not null
 #  in_app_notifications_enabled :boolean          default(TRUE), not null
 #  mail_notifications_enabled   :boolean          default(TRUE), not null
+#  password_digest              :string           not null
 #  role                         :string
 #  created_at                   :datetime         not null
 #  updated_at                   :datetime         not null
@@ -15,21 +16,19 @@
 #  index_users_on_email  (email) UNIQUE
 #
 class User < ApplicationRecord
-  PASSWORD_RESET_EXPIRATION = 15.minutes
+  PASSWORD_RESET_EXPIRATION = 60.minutes
 
   normalizes :email, with: ->(email) { email.strip.downcase }
 
+  has_secure_password
+
   has_one :profile, as: :profileable, dependent: :destroy
 
   has_and_belongs_to_many :events
 
   validates :email, presence: true, uniqueness: true
   validates :password_digest, presence: true
 
-  normalizes :email, with: ->(email) { email.strip.downcase }
-
-  has_secure_password
-
   generates_token_for :password_reset, expires_in: PASSWORD_RESET_EXPIRATION do
     password_salt&.last(10)
   end

diff --git a/db/migrate/20240703041238_add_index_to_user_email.rb b/db/migrate/20240703041238_add_index_to_user_email.rb
diff --git a/db/schema.rb b/db/schema.rb
diff --git a/db/seeds.rb b/db/seeds.rb
@@ -1,7 +1,7 @@
-conference = Conference.create!(name: "RailsWorld 2024")
+conference = Conference.find_or_create_by!(name: "RailsWorld 2024")
 
 # Users
-user = User.create!(email: "dev@example.com")
+user = User.create!(email: "dev@example.com", password: "foobar", password_confirmation: "foobar")
 
 # Tags
 Tag.create!(name: "Hotwire")

diff --git a/spec/factories/users.rb b/spec/factories/users.rb
@@ -6,6 +6,7 @@
 #  email                        :string           not null
 #  in_app_notifications_enabled :boolean          default(TRUE), not null
 #  mail_notifications_enabled   :boolean          default(TRUE), not null
+#  password_digest              :string           not null
 #  role                         :string
 #  created_at                   :datetime         not null
 #  updated_at                   :datetime         not null

diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb
@@ -6,6 +6,7 @@
 #  email                        :string           not null
 #  in_app_notifications_enabled :boolean          default(TRUE), not null
 #  mail_notifications_enabled   :boolean          default(TRUE), not null
+#  password_digest              :string           not null
 #  role                         :string
 #  created_at                   :datetime         not null
 #  updated_at                   :datetime         not null