From 2005734a8ea64cd29d681db81c2bec45c64023b6 Mon Sep 17 00:00:00 2001 From: DavisLWebb Date: Sun, 2 Mar 2014 17:53:03 -0500 Subject: Added Session controller and helper. Also update user to have a remember_token --- app/controllers/application_controller.rb | 2 +- app/controllers/users_controller.rb | 11 +++++++++ app/models/user.rb | 40 +++++++++++++++++++++++++++++++ 3 files changed, 52 insertions(+), 1 deletion(-) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 03ef797..01058e3 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -4,6 +4,6 @@ class ApplicationController < ActionController::Base protect_from_forgery with: :exception #include sessionhelper for the session controller and view - include SessionHelper + include SessionsHelper end diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index f4e1499..24d319a 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -3,6 +3,17 @@ class UsersController < ApplicationController def new end + def create + @user = User.new(user_params) + if @user.save + sign_in @user + flash[:success] = "Welcome to the Sample App!" + redirect_to @user + else + render 'new' + end + end + def show @user = User.find(param[:id]) end diff --git a/app/models/user.rb b/app/models/user.rb index 17795cc..6765822 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -5,6 +5,14 @@ before_save { self.user_name = user_name.downcase } =begin +Rails looks for the create_remember_token +and runs it before anything else +=end + +before_create :create_remember_token + +=begin + VAILD_EMAIL is the regex used to valid a user given email. A break down of the regex is listed below. @@ -72,6 +80,38 @@ has_secure_password which does all of this for me validates :password, length: { minimum: 6 } + # create a random remember token for the user + def User.new_remember_token + SecureRandom.urlsafe_base64 + end + + # encrypt the remember token + def User.hash(token) + Digest::SHA1.hexdigest(token.to_s) + end + +=begin + +SHA-1 (Secure Hash Algorithm) is a US engineered hash +function that produces a 20 byte hash value which typically +forms a hexadecimal number 40 digits long. +The reason I am not using the Bcrypt algorithm is because +SHA-1 is much faster and I will be calling this on +every page a user accesses. + +https://en.wikipedia.org/wiki/SHA-1 + +=end + + # everything under private is hidden so you cannot call + # create_remember_token in order to ensure security + private + + #assign user a create remember token + def create_remember_token + self.remember_token = User.hash(User.new_remember_token) + end + =begin in order to ensure that someone did not accidently submit -- cgit v1.2.3-2-g168b From 2426a2b1e5b6811f47f0a05dd66a001fdd117450 Mon Sep 17 00:00:00 2001 From: DavisLWebb Date: Sun, 2 Mar 2014 18:04:36 -0500 Subject: fixed an issue in user controller --- app/controllers/users_controller.rb | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 24d319a..74ab72c 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -7,8 +7,7 @@ class UsersController < ApplicationController @user = User.new(user_params) if @user.save sign_in @user - flash[:success] = "Welcome to the Sample App!" - redirect_to @user + #redirect_to @user else render 'new' end -- cgit v1.2.3-2-g168b