New user? <%= link_to "Sign up now!", signup_path %>
+
+
--
cgit v1.1-4-g5e80
From 931c352e516adfac175eec5eafee9ea8e3311556 Mon Sep 17 00:00:00 2001
From: AndrewMurrell
Date: Sun, 2 Mar 2014 18:38:11 -0500
Subject: Made the button on the homepage redirect to the signup page.
---
app/views/static/homepage.html.erb | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/app/views/static/homepage.html.erb b/app/views/static/homepage.html.erb
index 760e087..4d52e5b 100644
--- a/app/views/static/homepage.html.erb
+++ b/app/views/static/homepage.html.erb
@@ -4,7 +4,7 @@
Welcome to Leaguer
This is a tournment management system designed to be used for any team sport. Our peer review system ensures that the best players move on to the next round! Try creating a new tournament and having people sign up for it.
-<%= link_to 'Create Tournament', create, :class => btn btn-warning btn-lg, :role => submit %>
+<%= link_to 'Create Tournament', "create", :class => "btn btn-warning btn-lg", :role => "submit" %>
<%= link_to 'Back', tournaments_path %>
--
cgit v1.1-4-g5e80
From def21c442c6e4b52b50f852cedd3e8bcaf436f9d Mon Sep 17 00:00:00 2001
From: AndrewMurrell
Date: Mon, 3 Mar 2014 13:17:02 -0500
Subject: Changed the views for tournament a little more.
---
app/assets/javascripts/ajax.js | 5 +++--
app/views/tournaments/index.html.erb | 2 +-
app/views/tournaments/new.html.erb | 2 +-
3 files changed, 5 insertions(+), 4 deletions(-)
diff --git a/app/assets/javascripts/ajax.js b/app/assets/javascripts/ajax.js
index 2b2bb3e..475dddc 100644
--- a/app/assets/javascripts/ajax.js
+++ b/app/assets/javascripts/ajax.js
@@ -3,9 +3,10 @@ function populate() {
//make a form element
var e = document.getElementById("tournament_id");
var gameType = e.options[e.selectedIndex].text;
- if (gameType != "") {
+ if (gameType != "Select a Game Type") {
+ alert(gameType + " was Selected!");
//populate optionArray
-
+ //select * from tournament_settings where gametype = GameType
for(var option in optionArray){
//identify the number of
;
diff --git a/app/views/tournaments/index.html.erb b/app/views/tournaments/index.html.erb
index 73b064e..6006cad 100644
--- a/app/views/tournaments/index.html.erb
+++ b/app/views/tournaments/index.html.erb
@@ -24,4 +24,4 @@
-<%= link_to 'New Tournament', new_tournament_path %>
+<%= link_to 'New Tournament', new_tournament_path, :class => "btn btn-warning btn-lg" %>
diff --git a/app/views/tournaments/new.html.erb b/app/views/tournaments/new.html.erb
index de80fb7..dee18fb 100644
--- a/app/views/tournaments/new.html.erb
+++ b/app/views/tournaments/new.html.erb
@@ -7,6 +7,6 @@
-<%= link_to 'Create Tournament', "create", :class => "btn btn-warning btn-lg", :role => "submit" %>
+<%= link_to 'Create Tournament', "#", :class => "btn btn-warning btn-lg" %>
<%= link_to 'Back', tournaments_path %>
--
cgit v1.1-4-g5e80
From 3425bfd0f56495b7d8d9f86ac740fcf90f0fbfdb Mon Sep 17 00:00:00 2001
From: DavisLWebb
Date: Mon, 3 Mar 2014 13:52:38 -0500
Subject: I added a lot of documentation to user.rb
---
app/helpers/sessions_helper.rb | 6 +++++-
app/models/user.rb | 30 +++++++++++++++++++++++++++---
app/views/layouts/application.html.erb | 7 +++----
3 files changed, 35 insertions(+), 8 deletions(-)
diff --git a/app/helpers/sessions_helper.rb b/app/helpers/sessions_helper.rb
index 20010c8..046ca6f 100644
--- a/app/helpers/sessions_helper.rb
+++ b/app/helpers/sessions_helper.rb
@@ -12,11 +12,15 @@ module SessionsHelper
self.current_user = user
end
-#method creating for self.current_user
+# The curret_user=(user) is the conversion of self.current_user = user
def current_user=(user)
@current_user = user
end
+# sets the @current_user instance virable to the user corresponding
+# to the remember token, but only if @current_user is undefined
+# since the remember token is hashed, we need to hash the cookie
+# to find match the remember token
def current_user
remember_token = User.hash(cookies[:remember_token])
@current_user ||= User.find_by(remember_token: remember_token)
diff --git a/app/models/user.rb b/app/models/user.rb
index f302baf..53ccdaf 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -81,12 +81,36 @@ has_secure_password which does all of this for me
validates :password, length: { minimum: 6 }
- # create a random remember token for the user
+=begin
+
+ Create a random remember token for the user. This will be
+ changed every time the user creates a new session.
+
+ By changing the cookie every new session, any hijacked sessions
+ (where the attacker steals a cookie to sign in as a certain
+ user) will expire the next time the user signs back in.
+
+ The random string is of length 16 composed of A-Z, a-z, 0-9
+ This is the browser's cookie value.
+
+=end
+
def User.new_remember_token
SecureRandom.urlsafe_base64
end
-
- # encrypt the remember token
+
+=begin
+
+ Encrypt the remember token.
+ This is the encrypted version of the cookie stored on
+ the database.
+
+ The reasoning for storing a hashed token is so that even if
+ the database is compromised, the atacker won't be able to use
+ the remember tokens to sign in.
+
+=end
+
def User.hash(token)
Digest::SHA1.hexdigest(token.to_s)
end
diff --git a/app/views/layouts/application.html.erb b/app/views/layouts/application.html.erb
index 92fce3d..67848f6 100644
--- a/app/views/layouts/application.html.erb
+++ b/app/views/layouts/application.html.erb
@@ -19,16 +19,15 @@
<%= submit_tag("Go", {:class => "btn btn-warning"}) %>
<% end %>
+ <% if signed_in? %>
+
--
cgit v1.1-4-g5e80
From 8c0cd2f7c5d3152c1674cd730d649a787a8eb67c Mon Sep 17 00:00:00 2001
From: AndrewMurrell
Date: Mon, 3 Mar 2014 13:53:21 -0500
Subject: Made it so 'log out' only appears if you're logged in.
---
app/views/layouts/application.html.erb | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/app/views/layouts/application.html.erb b/app/views/layouts/application.html.erb
index 92fce3d..071c86b 100644
--- a/app/views/layouts/application.html.erb
+++ b/app/views/layouts/application.html.erb
@@ -20,7 +20,9 @@
<% end %>
- <%= link_to "Sign out", signout_path, method: "delete" %>
+ <%= if signed_in? do %>
+ <%= link_to "Sign out", signout_path, method: "delete" %>
+ <% end; end %>
--
cgit v1.1-4-g5e80
From c6560f77a771f38b1425250c14d35c9af9291255 Mon Sep 17 00:00:00 2001
From: DavisLWebb
Date: Mon, 3 Mar 2014 13:55:47 -0500
Subject: DOCUMENTATION FOR USER.RB
---
app/models/user.rb | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/app/models/user.rb b/app/models/user.rb
index 53ccdaf..04cb87d 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -128,11 +128,13 @@ https://en.wikipedia.org/wiki/SHA-1
=end
- # everything under private is hidden so you cannot call
- # create_remember_token in order to ensure security
+ # Everything under private is hidden so you cannot call
private
- #assign user a create remember token
+ # Create_remember_token in order to ensure a user always has
+ # a remember token.
+
+ # Assign user a create remember token
def create_remember_token
self.remember_token = User.hash(User.new_remember_token)
end
--
cgit v1.1-4-g5e80
From 39e0c9ca280d16817eb8d7683d80788f2544ae5f Mon Sep 17 00:00:00 2001
From: DavisLWebb
Date: Mon, 3 Mar 2014 14:01:55 -0500
Subject: More documentation changes
---
app/controllers/sessions_controller.rb | 1 +
app/models/user.rb | 49 +++++++++++++++++++---------------
2 files changed, 28 insertions(+), 22 deletions(-)
diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
index 722b8c2..68cb949 100644
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -3,6 +3,7 @@ class SessionsController < ApplicationController
def new
end
+ # find the user and create a new session
def create
user = User.find_by(email: params[:session][:email].downcase)
if user && user.authenticate(params[:session][:password])
diff --git a/app/models/user.rb b/app/models/user.rb
index 04cb87d..55a7da0 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -5,8 +5,11 @@ before_save { self.user_name = user_name.downcase }
=begin
-Rails looks for the create_remember_token
-and runs it before anything else
+Rails looks for the create_remember_token and runs the method
+before anything else.
+
+This method cannot be called by a user since it is denoted
+as private.
=end
@@ -18,17 +21,17 @@ VAILD_EMAIL is the regex used to valid a user given email.
A break down of the regex is listed below.
-/ -----------> Start of the regex
-\A ----------> match start of a string
-[\w+\-.]+ ---> at least one owrd character, plus, hyphen, or
- dot
-@ -----------> literal ampersand
-[a-z\d\-.]+ -> at least one letter, digit, hyphen, or dot
-(?:\.[a-z]+) > ensures that the error of example@foo..com
- does not occur
-\z ----------> match end of a string
-/ -----------> end of the regex
-i -----------> case sensative
+/ -------------> Start of the regex
+\A ------------> match start of a string
+[\w+\-.]+ -----> at least one owrd character, plus, hyphen, or
+ dot
+@ -------------> literal ampersand
+[a-z\d\-.]+ ---> at least one letter, digit, hyphen, or dot
+(?:\.[a-z]+) --> ensures that the error of example@foo..com
+ does not occur
+\z ------------> match end of a string
+/ -------------> end of the regex
+i -------------> case sensative
=end
@@ -73,7 +76,7 @@ attributes, requiring the presence of a password,
requirin that pw and pw_com match, and add an authenticate
method to compare an encrypted password to the
password_digest to authenticate users, I can just add
-has_secure_password which does all of this for me
+has_secure_password which does all of this for me.
=end
@@ -128,25 +131,27 @@ https://en.wikipedia.org/wiki/SHA-1
=end
- # Everything under private is hidden so you cannot call
+ # Everything under private is hidden so you cannot call.
private
-
- # Create_remember_token in order to ensure a user always has
- # a remember token.
- # Assign user a create remember token
+=begin
+
+ Create_remember_token in order to ensure a user always has
+ a remember token.
+
+=end
def create_remember_token
self.remember_token = User.hash(User.new_remember_token)
end
=begin
-in order to ensure that someone did not accidently submit
+In order to ensure that someone did not accidently submit
two accounts rapidly (which would throw off the validates
-for user_name and email) I added an index to the Users
+for user_name and email), I added an index to the Users
email and user_name in the database to ensure uniqueness
This also gives and index to the user_name and email
-so finding a unique user SHOULD be easier
+so finding a user SHOULD be easier for the database.
=end
--
cgit v1.1-4-g5e80
From 455fa5b30e224407e4fdca46d087ba300a050567 Mon Sep 17 00:00:00 2001
From: AndrewMurrell
Date: Mon, 3 Mar 2014 14:09:32 -0500
Subject: Made it possible to log in from the sign up page. As in I put a link
under the mess I made.
---
app/views/users/new.html.erb | 5 ++++-
generate.sh | 2 +-
2 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/app/views/users/new.html.erb b/app/views/users/new.html.erb
index 715d40e..2a745cc 100644
--- a/app/views/users/new.html.erb
+++ b/app/views/users/new.html.erb
@@ -54,4 +54,7 @@