Sockets - Shubha

.gitignore

@@ -4,6 +4,9 @@
 # or operating system, you probably want to add a global ignore instead:
 #   git config --global core.excludesfile '~/.gitignore_global'
 
+# Ignore environment variables
+/.env
+
 # Ignore bundler config.
 /.bundle
 

Gemfile

@@ -46,6 +46,8 @@ group :development, :test do
 
   # Use pry for rails console
   gem 'pry-rails'
+
+  gem 'dotenv-rails'
 end
 
 group :test do
@@ -66,3 +68,6 @@ end
 
 # Windows does not include zoneinfo files, so bundle the tzinfo-data gem
 gem 'tzinfo-data', platforms: [:mingw, :mswin, :x64_mingw, :jruby]
+
+gem "omniauth"
+gem "omniauth-github"

Gemfile.lock

@@ -70,11 +70,18 @@ GEM
     concurrent-ruby (1.0.5)
     crass (1.0.4)
     debug_inspector (0.0.3)
+    dotenv (2.7.2)
+    dotenv-rails (2.7.2)
+      dotenv (= 2.7.2)
+      railties (>= 3.2, < 6.1)
     erubi (1.7.1)
     execjs (2.7.0)
+    faraday (0.15.4)
+      multipart-post (>= 1.2, < 3)
     ffi (1.9.25)
     globalid (0.4.1)
       activesupport (>= 4.2.0)
+    hashie (3.6.0)
     i18n (1.1.0)
       concurrent-ruby (~> 1.0)
     jbuilder (2.7.0)
@@ -84,6 +91,7 @@ GEM
       rails-dom-testing (>= 1, < 3)
       railties (>= 4.2.0)
       thor (>= 0.14, < 2.0)
+    jwt (2.1.0)
     listen (3.0.8)
       rb-fsevent (~> 0.9, >= 0.9.4)
       rb-inotify (~> 0.9, >= 0.9.7)
@@ -113,9 +121,26 @@ GEM
       minitest (~> 5.0)
       rails (>= 4.1)
     multi_json (1.13.1)
+    multi_xml (0.6.0)
+    multipart-post (2.0.0)
     nio4r (2.3.1)
     nokogiri (1.8.4)
       mini_portile2 (~> 2.3.0)
+    oauth2 (1.4.1)
+      faraday (>= 0.8, < 0.16.0)
+      jwt (>= 1.0, < 3.0)
+      multi_json (~> 1.3)
+      multi_xml (~> 0.5)
+      rack (>= 1.2, < 3)
+    omniauth (1.9.0)
+      hashie (>= 3.4.6, < 3.7.0)
+      rack (>= 1.6.2, < 3)
+    omniauth-github (1.3.0)
+      omniauth (~> 1.5)
+      omniauth-oauth2 (>= 1.4.0, < 2.0)
+    omniauth-oauth2 (1.6.0)
+      oauth2 (~> 1.1)
+      omniauth (~> 1.9)
     pg (0.21.0)
     popper_js (1.14.3)
     pry (0.11.3)
@@ -207,13 +232,16 @@ DEPENDENCIES
   bootstrap (~> 4.1.3)
   byebug
   coffee-rails (~> 4.2)
+  dotenv-rails
   jbuilder (~> 2.5)
   jquery-rails
   listen (~> 3.0.5)
   minitest-rails
   minitest-reporters
   minitest-skip
   minitest-spec-rails
+  omniauth
+  omniauth-github
   pg (~> 0.18)
   pry-rails
   puma (~> 3.0)
@@ -227,4 +255,4 @@ DEPENDENCIES
   web-console (>= 3.3.0)
 
 BUNDLED WITH
-   1.16.5
+   1.17.3

app/controllers/users_controller.rb

@@ -8,36 +8,30 @@ def show
     render_404 unless @user
   end
 
-  def login_form
-  end
+  def create
+    auth_hash = request.env["omniauth.auth"]
+    user = User.find_by(uid: auth_hash[:uid], provider: "github")
 
-  def login
-    username = params[:username]
-    if username and user = User.find_by(username: username)
-      session[:user_id] = user.id
-      flash[:status] = :success
-      flash[:result_text] = "Successfully logged in as existing user #{user.username}"
+    if user
+      flash[:success] = "Logged in as returning user #{user.name}"
     else
-      user = User.new(username: username)
+      user = User.build_from_github(auth_hash)
       if user.save
-        session[:user_id] = user.id
-        flash[:status] = :success
-        flash[:result_text] = "Successfully created new user #{user.username} with ID #{user.id}"
+        flash[:success] = "Logged in as new user #{user.name}"
       else
-        flash.now[:status] = :failure
-        flash.now[:result_text] = "Could not log in"
-        flash.now[:messages] = user.errors.messages
-        render "login_form", status: :bad_request
-        return
+        flash[:error] = "Could not create new user account: #{user.errors.messages}"
+        return redirect_to root_path
       end
     end
-    redirect_to root_path
+
+    session[:user_id] = user.id
+    return redirect_to root_path
   end
 
-  def logout
+  def destroy
     session[:user_id] = nil
-    flash[:status] = :success
-    flash[:result_text] = "Successfully logged out"
+    flash[:success] = "Successfully logged out!"
+
     redirect_to root_path
   end
 end

app/controllers/works_controller.rb

@@ -2,6 +2,9 @@ class WorksController < ApplicationController
   # We should always be able to tell what category
   # of work we're dealing with
   before_action :category_from_work, except: [:root, :index, :new, :create]
+  before_action :authenticate, except: [:root, :upvote]
+
+  before_action :authorize, only: [:edit, :update, :destroy]
 
   def root
     @albums = Work.best_albums
@@ -92,4 +95,20 @@ def category_from_work
     render_404 unless @work
     @media_category = @work.category.downcase.pluralize
   end
+
+  def authenticate
+    unless @login_user
+      flash[:status] = :failure
+      flash[:result_text] = "You must be logged in to see this page"
+      redirect_to root_path
+    end
+  end
+
+  def authorize
+    unless @login_user == @work.user
+      flash[:status] = :failure
+      flash[:result_text] = "You are not authorized to perform this action"
+      redirect_to root_path
+    end
+  end
 end

app/models/user.rb

@@ -2,5 +2,17 @@ class User < ApplicationRecord
   has_many :votes
   has_many :ranked_works, through: :votes, source: :work
 
+  has_many :works
+
   validates :username, uniqueness: true, presence: true
+
+  def self.build_from_github(auth_hash)
+    user = User.new
+    user.uid = auth_hash[:uid]
+    user.provider = "github"
+    user.username = auth_hash["info"]["nickname"]
+    user.email = auth_hash["info"]["email"]
+
+    return user
+  end
 end

app/models/work.rb

@@ -2,12 +2,13 @@ class Work < ApplicationRecord
   CATEGORIES = %w(album book movie)
   has_many :votes, dependent: :destroy
   has_many :ranking_users, through: :votes, source: :user
+  belongs_to :user
 
   validates :category, presence: true,
-                       inclusion: {in: CATEGORIES}
+                       inclusion: { in: CATEGORIES }
 
   validates :title, presence: true,
-                    uniqueness: {scope: :category}
+                    uniqueness: { scope: :category }
 
   # This is called a model filter, and is very similar to a controller filter.
   # We want to fixup the category *before* we validate, because

app/views/layouts/application.html.erb

@@ -39,13 +39,13 @@
           <%= link_to "Logged in as #{@login_user.username}", user_path(@login_user), class: "btn btn-primary" %>
         </li>
         <li class="nav-item app-header__nav_item">
-          <%= link_to "Log Out", logout_path, method: :post, class: "btn btn-primary" %>
+          <%= link_to "Log out", logout_path, method: "delete" %>
         </li>
-
+        
         <% else %>
 
         <li class="nav-item app-header__nav_item">
-          <%= link_to "Log In", login_path, class: "btn btn-primary" %>
+          <%= link_to("Login with GitHub", github_login_path) %>
         </li>
         <% end %>
 

config/initializers/omniauth.rb

@@ -0,0 +1,4 @@
+# config/initializers/omniauth.rb
+Rails.application.config.middleware.use OmniAuth::Builder do
+  provider :github, ENV["GITHUB_CLIENT_ID"], ENV["GITHUB_CLIENT_SECRET"], scope: "user:email"
+end

config/routes.rb

@@ -1,9 +1,9 @@
 Rails.application.routes.draw do
   # For details on the DSL available within this file, see http://guides.rubyonrails.org/routing.html
   root "works#root"
-  get "/login", to: "users#login_form", as: "login"
-  post "/login", to: "users#login"
-  post "/logout", to: "users#logout", as: "logout"
+  get "/auth/github", as: "github_login"
+  get "/auth/:provider/callback", to: "users#create", as: "auth_callback"
+  delete "/logout", to: "users#destroy", as: "logout"
 
   resources :works
   post "/works/:id/upvote", to: "works#upvote", as: "upvote"

db/migrate/20190512005626_add_uid_provider_and_email_to_users.rb

@@ -0,0 +1,7 @@
+class AddUidProviderAndEmailToUsers < ActiveRecord::Migration[5.2]
+  def change
+    add_column :users, :uid, :integer
+    add_column :users, :provider, :string
+    add_column :users, :email, :string
+  end
+end

db/migrate/20190514055805_add_user_id_to_works.rb

@@ -0,0 +1,5 @@
+class AddUserIdToWorks < ActiveRecord::Migration[5.2]
+  def change
+    add_reference :works, :user, foreign_key: true
+  end
+end

db/schema.rb

@@ -10,27 +10,31 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 20170407164321) do
+ActiveRecord::Schema.define(version: 2019_05_14_055805) do
 
   # These are extensions that must be enabled in order to support this database
   enable_extension "plpgsql"
 
-  create_table "users", force: :cascade do |t|
+  create_table "users", id: :serial, force: :cascade do |t|
     t.string "username"
     t.datetime "created_at", null: false
     t.datetime "updated_at", null: false
+    t.string "name"
+    t.integer "uid"
+    t.string "provider"
+    t.string "email"
   end
 
-  create_table "votes", force: :cascade do |t|
+  create_table "votes", id: :serial, force: :cascade do |t|
     t.integer "user_id"
     t.integer "work_id"
     t.datetime "created_at", null: false
     t.datetime "updated_at", null: false
-    t.index ["user_id"], name: "index_votes_on_user_id", using: :btree
-    t.index ["work_id"], name: "index_votes_on_work_id", using: :btree
+    t.index ["user_id"], name: "index_votes_on_user_id"
+    t.index ["work_id"], name: "index_votes_on_work_id"
   end
 
-  create_table "works", force: :cascade do |t|
+  create_table "works", id: :serial, force: :cascade do |t|
     t.string "title"
     t.string "creator"
     t.string "description"
@@ -39,8 +43,11 @@
     t.datetime "updated_at", null: false
     t.integer "vote_count", default: 0
     t.integer "publication_year"
+    t.bigint "user_id"
+    t.index ["user_id"], name: "index_works_on_user_id"
   end
 
   add_foreign_key "votes", "users"
   add_foreign_key "votes", "works"
+  add_foreign_key "works", "users"
 end

test/controllers/users_controller_test.rb

@@ -1,4 +1,58 @@
 require "test_helper"
 
 describe UsersController do
+  describe "auth_callback" do
+    it "logs in an existing user and redirects to the root route" do
+      start_count = User.count
+
+      user = users(:dan)
+
+      perform_login(user)
+
+      get auth_callback_path(:github)
+
+      must_redirect_to root_path
+
+      session[:user_id].must_equal user.id
+
+      User.count.must_equal start_count
+    end
+
+    it "creates an account for a new user and redirects to the root route" do
+      start_count = User.count
+      user = User.new(provider: "github", uid: 99999, username: "test_user", email: "[email protected]")
+
+      perform_login(user)
+
+      must_redirect_to root_path
+
+      User.count.must_equal start_count + 1
+
+      session[:user_id].must_equal User.last.id
+    end
+
+    it "redirects to the root path if given invalid user data" do
+      start_count = User.count
+      user = User.new(provider: "github", uid: nil, username: nil, email: nil)
+
+      perform_login(user)
+
+      must_redirect_to root_path
+
+      User.count.must_equal start_count
+
+      session[:user_id].must_be_nil
+    end
+
+    it "logs out a logged in user" do
+      user = users(:dan)
+      perform_login(user)
+
+      expect(session[:user_id]).must_equal user.id
+
+      delete logout_path
+
+      expect(session[:user_id]).must_be_nil
+    end
+  end
 end