2024-11-29 19:44:50 +00:00
20 changed files with 255 additions and 5 deletions
--- a/2
+++ b/2
@ -39,3 +39,5 @@ end
 gem 'chroma'
 gem 'solid_queue', '~> 1.0'
 gem "bcrypt", "~> 3.1"
--- a/Gemfile.lock
+++ b/Gemfile.lock
@ -81,6 +81,7 @@ GEM
      babel-source (>= 4.0, < 6)
      execjs (~> 2.0)
    base64 (0.2.0)
    bcrypt (3.1.20)
    benchmark (0.4.0)
    bigdecimal (3.1.8)
    bindex (0.8.1)
@ -363,6 +364,7 @@ PLATFORMS
 DEPENDENCIES
  annotaterb
  bcrypt (~> 3.1)
  bootsnap
  chroma
  csv
--- a/app/channels/application_cable/connection.rb
+++ b/app/channels/application_cable/connection.rb
@ -1,6 +1,16 @@
 # Copyright (C) 2024 Manuel Bustillo
 module ApplicationCable
  class Connection < ActionCable::Connection::Base
    identified_by :current_user
    def connect
      set_current_user || reject_unauthorized_connection
    end
    private
      def set_current_user
        if session = Session.find_by(id: cookies.signed[:session_id])
          self.current_user = session.user
        end
      end
  end
 end
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@ -1,6 +1,7 @@
 # Copyright (C) 2024 Manuel Bustillo
 class ApplicationController < ActionController::Base
  include Authentication
  after_action :set_csrf_cookie
  skip_before_action :verify_authenticity_token, if: :development_swagger?
--- a/app/controllers/concerns/authentication.rb
+++ b/app/controllers/concerns/authentication.rb
@ -0,0 +1,55 @@
 module Authentication
  extend ActiveSupport::Concern
  included do
    before_action :require_authentication
    helper_method :authenticated?
  end
  class_methods do
    def allow_unauthenticated_access(**options)
      skip_before_action :require_authentication, **options
    end
  end
  private
    def authenticated?
      resume_session
    end
    def require_authentication
      resume_session || request_authentication
    end
    def resume_session
      Current.session ||= find_session_by_cookie
    end
    def find_session_by_cookie
      Session.find_by(id: cookies.signed[:session_id])
    end
    def request_authentication
      session[:return_to_after_authenticating] = request.url
      redirect_to new_session_path
    end
    def after_authentication_url
      session.delete(:return_to_after_authenticating) || root_url
    end
    def start_new_session_for(user)
      user.sessions.create!(user_agent: request.user_agent, ip_address: request.remote_ip).tap do |session|
        Current.session = session
        cookies.signed.permanent[:session_id] = { value: session.id, httponly: true, same_site: :lax }
      end
    end
    def terminate_session
      Current.session.destroy
      cookies.delete(:session_id)
    end
 end
--- a/app/controllers/passwords_controller.rb
+++ b/app/controllers/passwords_controller.rb
@ -0,0 +1,33 @@
 class PasswordsController < ApplicationController
  allow_unauthenticated_access
  before_action :set_user_by_token, only: %i[ edit update ]
  def new
  end
  def create
    if user = User.find_by(email_address: params[:email_address])
      PasswordsMailer.reset(user).deliver_later
    end
    redirect_to new_session_path, notice: "Password reset instructions sent (if user with that email address exists)."
  end
  def edit
  end
  def update
    if @user.update(params.permit(:password, :password_confirmation))
      redirect_to new_session_path, notice: "Password has been reset."
    else
      redirect_to edit_password_path(params[:token]), alert: "Passwords did not match."
    end
  end
  private
    def set_user_by_token
      @user = User.find_by_password_reset_token!(params[:token])
    rescue ActiveSupport::MessageVerifier::InvalidSignature
      redirect_to new_password_path, alert: "Password reset link is invalid or has expired."
    end
 end
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@ -0,0 +1,21 @@
 class SessionsController < ApplicationController
  allow_unauthenticated_access only: %i[ new create ]
  rate_limit to: 10, within: 3.minutes, only: :create, with: -> { redirect_to new_session_url, alert: "Try again later." }
  def new
  end
  def create
    if user = User.authenticate_by(params.permit(:email_address, :password))
      start_new_session_for user
      redirect_to after_authentication_url
    else
      redirect_to new_session_path, alert: "Try another email address or password."
    end
  end
  def destroy
    terminate_session
    redirect_to new_session_path
  end
 end
--- a/app/mailers/passwords_mailer.rb
+++ b/app/mailers/passwords_mailer.rb
@ -0,0 +1,6 @@
 class PasswordsMailer < ApplicationMailer
  def reset(user)
    @user = user
    mail subject: "Reset your password", to: user.email_address
  end
 end
--- a/app/models/current.rb
+++ b/app/models/current.rb
@ -0,0 +1,4 @@
 class Current < ActiveSupport::CurrentAttributes
  attribute :session
  delegate :user, to: :session, allow_nil: true
 end
--- a/app/models/session.rb
+++ b/app/models/session.rb
@ -0,0 +1,22 @@
 # == Schema Information
 #
 # Table name: sessions
 #
 #  id         :bigint           not null, primary key
 #  ip_address :string
 #  user_agent :string
 #  created_at :datetime         not null
 #  updated_at :datetime         not null
 #  user_id    :bigint           not null
 #
 # Indexes
 #
 #  index_sessions_on_user_id  (user_id)
 #
 # Foreign Keys
 #
 #  fk_rails_...  (user_id => users.id)
 #
 class Session < ApplicationRecord
  belongs_to :user
 end
--- a/app/models/user.rb
+++ b/app/models/user.rb
@ -0,0 +1,20 @@
 # == Schema Information
 #
 # Table name: users
 #
 #  id              :bigint           not null, primary key
 #  email_address   :string           not null
 #  password_digest :string           not null
 #  created_at      :datetime         not null
 #  updated_at      :datetime         not null
 #
 # Indexes
 #
 #  index_users_on_email_address  (email_address) UNIQUE
 #
 class User < ApplicationRecord
  has_secure_password
  has_many :sessions, dependent: :destroy
  normalizes :email_address, with: ->(e) { e.strip.downcase }
 end
--- a/app/views/passwords/edit.html.erb
+++ b/app/views/passwords/edit.html.erb
@ -0,0 +1,9 @@
 <h1>Update your password</h1>
 <%= tag.div(flash[:alert], style: "color:red") if flash[:alert] %>
 <%= form_with url: password_path(params[:token]), method: :put do |form| %>
  <%= form.password_field :password, required: true, autocomplete: "new-password", placeholder: "Enter new password", maxlength: 72 %><br>
  <%= form.password_field :password_confirmation, required: true, autocomplete: "new-password", placeholder: "Repeat new password", maxlength: 72 %><br>
  <%= form.submit "Save" %>
 <% end %>
--- a/app/views/passwords/new.html.erb
+++ b/app/views/passwords/new.html.erb
@ -0,0 +1,8 @@
 <h1>Forgot your password?</h1>
 <%= tag.div(flash[:alert], style: "color:red") if flash[:alert] %>
 <%= form_with url: passwords_path do |form| %>
  <%= form.email_field :email_address, required: true, autofocus: true, autocomplete: "username", placeholder: "Enter your email address", value: params[:email_address] %><br>
  <%= form.submit "Email reset instructions" %>
 <% end %>
--- a/app/views/passwords_mailer/reset.html.erb
+++ b/app/views/passwords_mailer/reset.html.erb
@ -0,0 +1,4 @@
 <p>
  You can reset your password within the next 15 minutes on
  <%= link_to "this password reset page", edit_password_url(@user.password_reset_token) %>.
 </p>
--- a/app/views/passwords_mailer/reset.text.erb
+++ b/app/views/passwords_mailer/reset.text.erb
@ -0,0 +1,2 @@
 You can reset your password within the next 15 minutes on this password reset page:
 <%= edit_password_url(@user.password_reset_token) %>
--- a/app/views/sessions/new.html.erb
+++ b/app/views/sessions/new.html.erb
@ -0,0 +1,11 @@
 <%= tag.div(flash[:alert], style: "color:red") if flash[:alert] %>
 <%= tag.div(flash[:notice], style: "color:green") if flash[:notice] %>
 <%= form_with url: session_path do |form| %>
  <%= form.email_field :email_address, required: true, autofocus: true, autocomplete: "username", placeholder: "Enter your email address", value: params[:email_address] %><br>
  <%= form.password_field :password, required: true, autocomplete: "current-password", placeholder: "Enter your password", maxlength: 72 %><br>
  <%= form.submit "Sign in" %>
 <% end %>
 <br>
 <%= link_to "Forgot password?", new_password_path %>
--- a/config/routes.rb
+++ b/config/routes.rb
@ -1,6 +1,8 @@
 # Copyright (C) 2024 Manuel Bustillo
 Rails.application.routes.draw do
  resource :session
  resources :passwords, param: :token
  mount Rswag::Ui::Engine => '/api-docs'
  mount Rswag::Api::Engine => '/api-docs'
  resources :groups, only: :index
--- a/db/migrate/20241118232609_create_users.rb
+++ b/db/migrate/20241118232609_create_users.rb
@ -0,0 +1,11 @@
 class CreateUsers < ActiveRecord::Migration[8.0]
  def change
    create_table :users do |t|
      t.string :email_address, null: false
      t.string :password_digest, null: false
      t.timestamps
    end
    add_index :users, :email_address, unique: true
  end
 end
--- a/db/migrate/20241118232618_create_sessions.rb
+++ b/db/migrate/20241118232618_create_sessions.rb
@ -0,0 +1,11 @@
 class CreateSessions < ActiveRecord::Migration[8.0]
  def change
    create_table :sessions do |t|
      t.references :user, null: false, foreign_key: true
      t.string :ip_address
      t.string :user_agent
      t.timestamps
    end
  end
 end
--- a/db/schema.rb
+++ b/db/schema.rb
@ -1,5 +1,3 @@
 # Copyright (C) 2024 Manuel Bustillo
 # This file is auto-generated from the current state of the database. Instead
 # of editing this file, please use the migrations feature of Active Record to
 # incrementally modify your database, and then regenerate this schema definition.
@ -12,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
-ActiveRecord::Schema[8.0].define(version: 2024_11_11_063741) do
+ActiveRecord::Schema[8.0].define(version: 2024_11_18_232618) do
  # These are extensions that must be enabled in order to support this database
  enable_extension "pg_catalog.plpgsql"
@ -60,6 +58,15 @@ ActiveRecord::Schema[8.0].define(version: 2024_11_11_063741) do
    t.index ["tables_arrangement_id"], name: "index_seats_on_tables_arrangement_id"
  end
  create_table "sessions", force: :cascade do |t|
    t.bigint "user_id", null: false
    t.string "ip_address"
    t.string "user_agent"
    t.datetime "created_at", null: false
    t.datetime "updated_at", null: false
    t.index ["user_id"], name: "index_sessions_on_user_id"
  end
  create_table "solid_queue_blocked_executions", force: :cascade do |t|
    t.bigint "job_id", null: false
    t.string "queue_name", null: false
@ -188,10 +195,19 @@ ActiveRecord::Schema[8.0].define(version: 2024_11_11_063741) do
    t.string "name", null: false
  end
  create_table "users", force: :cascade do |t|
    t.string "email_address", null: false
    t.string "password_digest", null: false
    t.datetime "created_at", null: false
    t.datetime "updated_at", null: false
    t.index ["email_address"], name: "index_users_on_email_address", unique: true
  end
  add_foreign_key "groups", "groups", column: "parent_id"
  add_foreign_key "guests", "groups"
  add_foreign_key "seats", "guests"
  add_foreign_key "seats", "tables_arrangements", on_delete: :cascade
  add_foreign_key "sessions", "users"
  add_foreign_key "solid_queue_blocked_executions", "solid_queue_jobs", column: "job_id", on_delete: :cascade
  add_foreign_key "solid_queue_claimed_executions", "solid_queue_jobs", column: "job_id", on_delete: :cascade
  add_foreign_key "solid_queue_failed_executions", "solid_queue_jobs", column: "job_id", on_delete: :cascade
		`@ -0,0 +1,2 @@`
							`You can reset your password within the next 15 minutes on this password reset page:`
							`<%= edit_password_url(@user.password_reset_token) %>`