From dcf1a7999fbfecf3cb1434b1052f81a8055f1f84 Mon Sep 17 00:00:00 2001 From: Dan Barber Date: Mon, 24 Mar 2014 17:06:09 +0000 Subject: [PATCH] OAuth via twitter working. --- .envrc.example | 4 +- Gemfile | 1 - Gemfile.lock | 11 - app/assets/javascripts/sessions.js.coffee | 3 + app/assets/stylesheets/sessions.css.scss | 3 + app/controllers/application_controller.rb | 7 + app/controllers/images_controller.rb | 5 +- app/controllers/sessions_controller.rb | 19 ++ app/helpers/sessions_helper.rb | 2 + app/models/user.rb | 16 +- app/views/devise/confirmations/new.html.erb | 16 -- .../mailer/confirmation_instructions.html.erb | 5 - .../reset_password_instructions.html.erb | 8 - .../mailer/unlock_instructions.html.erb | 7 - app/views/devise/passwords/edit.html.erb | 19 -- app/views/devise/passwords/new.html.erb | 15 - app/views/devise/registrations/edit.html.erb | 27 -- app/views/devise/registrations/new.html.erb | 17 -- app/views/devise/sessions/new.html.erb | 15 - app/views/devise/shared/_links.erb | 25 -- app/views/devise/unlocks/new.html.erb | 16 -- app/views/layouts/application.html.erb | 6 + app/views/sessions/new.html.erb | 1 + config/initializers/devise.rb | 257 ------------------ config/initializers/omniauth.rb | 3 + config/routes.rb | 4 +- .../20140323140656_devise_create_users.rb | 42 --- db/migrate/20140324161505_create_users.rb | 13 + db/schema.rb | 20 +- spec/controllers/sessions_controller_spec.rb | 5 + spec/helpers/sessions_helper_spec.rb | 15 + 31 files changed, 102 insertions(+), 505 deletions(-) create mode 100644 app/assets/javascripts/sessions.js.coffee create mode 100644 app/assets/stylesheets/sessions.css.scss create mode 100644 app/controllers/sessions_controller.rb create mode 100644 app/helpers/sessions_helper.rb delete mode 100644 app/views/devise/confirmations/new.html.erb delete mode 100644 app/views/devise/mailer/confirmation_instructions.html.erb delete mode 100644 app/views/devise/mailer/reset_password_instructions.html.erb delete mode 100644 app/views/devise/mailer/unlock_instructions.html.erb delete mode 100644 app/views/devise/passwords/edit.html.erb delete mode 100644 app/views/devise/passwords/new.html.erb delete mode 100644 app/views/devise/registrations/edit.html.erb delete mode 100644 app/views/devise/registrations/new.html.erb delete mode 100644 app/views/devise/sessions/new.html.erb delete mode 100644 app/views/devise/shared/_links.erb delete mode 100644 app/views/devise/unlocks/new.html.erb create mode 100644 app/views/sessions/new.html.erb delete mode 100644 config/initializers/devise.rb create mode 100644 config/initializers/omniauth.rb delete mode 100644 db/migrate/20140323140656_devise_create_users.rb create mode 100644 db/migrate/20140324161505_create_users.rb create mode 100644 spec/controllers/sessions_controller_spec.rb create mode 100644 spec/helpers/sessions_helper_spec.rb diff --git a/.envrc.example b/.envrc.example index 787bd11..62bd92c 100644 --- a/.envrc.example +++ b/.envrc.example @@ -1,2 +1,2 @@ -export TWITTER_CONSUMER_KEY=key -export TWITTER_CONSUMER_SECRET=secret +export TWITTER_KEY=key +export TWITTER_SECRET=secret diff --git a/Gemfile b/Gemfile index 0d3d3d4..b4d1b26 100644 --- a/Gemfile +++ b/Gemfile @@ -40,7 +40,6 @@ group :development, :test do end gem 'simple_form' -gem 'devise' gem 'omniauth-twitter' gem 'dragonfly' diff --git a/Gemfile.lock b/Gemfile.lock index 1c8dcff..25871f7 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -27,7 +27,6 @@ GEM tzinfo (~> 0.3.37) arel (4.0.2) atomic (1.1.16) - bcrypt (3.1.7) better_errors (1.1.0) coderay (>= 1.0.0) erubis (>= 2.6.6) @@ -43,12 +42,6 @@ GEM execjs coffee-script-source (1.7.0) debug_inspector (0.0.2) - devise (3.2.4) - bcrypt (~> 3.0) - orm_adapter (~> 0.1) - railties (>= 3.2.6, < 5) - thread_safe (~> 0.1) - warden (~> 1.2.3) diff-lcs (1.2.5) dragonfly (1.0.3) multi_json (~> 1.0) @@ -82,7 +75,6 @@ GEM omniauth-twitter (1.0.1) multi_json (~> 1.3) omniauth-oauth (~> 1.0) - orm_adapter (0.5.0) polyglot (0.3.4) pry (0.9.12.6) coderay (~> 1.0) @@ -157,8 +149,6 @@ GEM uglifier (2.5.0) execjs (>= 0.3.0) json (>= 1.8.0) - warden (1.2.3) - rack (>= 1.0) PLATFORMS ruby @@ -167,7 +157,6 @@ DEPENDENCIES better_errors binding_of_caller coffee-rails (~> 4.0.0) - devise dragonfly jbuilder (~> 1.2) jquery-rails diff --git a/app/assets/javascripts/sessions.js.coffee b/app/assets/javascripts/sessions.js.coffee new file mode 100644 index 0000000..24f83d1 --- /dev/null +++ b/app/assets/javascripts/sessions.js.coffee @@ -0,0 +1,3 @@ +# Place all the behaviors and hooks related to the matching controller here. +# All this logic will automatically be available in application.js. +# You can use CoffeeScript in this file: http://coffeescript.org/ diff --git a/app/assets/stylesheets/sessions.css.scss b/app/assets/stylesheets/sessions.css.scss new file mode 100644 index 0000000..7bef9cf --- /dev/null +++ b/app/assets/stylesheets/sessions.css.scss @@ -0,0 +1,3 @@ +// Place all the styles related to the sessions controller here. +// They will automatically be included in application.css. +// You can use Sass (SCSS) here: http://sass-lang.com/ diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index d83690e..8f6d887 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -2,4 +2,11 @@ class ApplicationController < ActionController::Base # Prevent CSRF attacks by raising an exception. # For APIs, you may want to use :null_session instead. protect_from_forgery with: :exception + + private + + def authenticate_user! + redirect_to new_session_path unless session[:current_user_id].present? + @current_user ||= User.find_by(id: session[:current_user_id]) + end end diff --git a/app/controllers/images_controller.rb b/app/controllers/images_controller.rb index 1822596..a6804ff 100644 --- a/app/controllers/images_controller.rb +++ b/app/controllers/images_controller.rb @@ -1,3 +1,6 @@ class ImagesController < ApplicationController - before_filter :authenticate_user! + before_action :authenticate_user! + + def index + end end diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb new file mode 100644 index 0000000..b175b1a --- /dev/null +++ b/app/controllers/sessions_controller.rb @@ -0,0 +1,19 @@ +class SessionsController < ApplicationController + def create + user = User.find_or_create_from_auth(auth) + session[:current_user_id] = user.id + redirect_to root_path + end + + def destroy + session[:current_user_id] = nil + @current_user = nil + redirect_to root_path + end + + private + + def auth + request.env['omniauth.auth'] + end +end diff --git a/app/helpers/sessions_helper.rb b/app/helpers/sessions_helper.rb new file mode 100644 index 0000000..309f8b2 --- /dev/null +++ b/app/helpers/sessions_helper.rb @@ -0,0 +1,2 @@ +module SessionsHelper +end diff --git a/app/models/user.rb b/app/models/user.rb index d25a270..6f0e939 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -1,8 +1,12 @@ class User < ActiveRecord::Base - # Include default devise modules. Others available are: - # :confirmable, :lockable, :timeoutable and :omniauthable - devise :database_authenticatable, :registerable, - :recoverable, :rememberable, :trackable, :validatable - - devise :omniauthable, :omniauth_providers => [:twitter] + def self.find_or_create_from_auth(auth) + user = User.find_by(provider: auth.provider, uid: auth.uid) + if user.blank? + User.create(provider: auth.provider, + uid: auth.uid, + username: auth.info.nickname, + name: auth.info.name) + end + user + end end diff --git a/app/views/devise/confirmations/new.html.erb b/app/views/devise/confirmations/new.html.erb deleted file mode 100644 index 949b172..0000000 --- a/app/views/devise/confirmations/new.html.erb +++ /dev/null @@ -1,16 +0,0 @@ -

Resend confirmation instructions

- -<%= simple_form_for(resource, as: resource_name, url: confirmation_path(resource_name), html: { method: :post }) do |f| %> - <%= f.error_notification %> - <%= f.full_error :confirmation_token %> - -
- <%= f.input :email, required: true, autofocus: true %> -
- -
- <%= f.button :submit, "Resend confirmation instructions" %> -
-<% end %> - -<%= render "devise/shared/links" %> diff --git a/app/views/devise/mailer/confirmation_instructions.html.erb b/app/views/devise/mailer/confirmation_instructions.html.erb deleted file mode 100644 index dc55f64..0000000 --- a/app/views/devise/mailer/confirmation_instructions.html.erb +++ /dev/null @@ -1,5 +0,0 @@ -

Welcome <%= @email %>!

- -

You can confirm your account email through the link below:

- -

<%= link_to 'Confirm my account', confirmation_url(@resource, confirmation_token: @token) %>

diff --git a/app/views/devise/mailer/reset_password_instructions.html.erb b/app/views/devise/mailer/reset_password_instructions.html.erb deleted file mode 100644 index f667dc1..0000000 --- a/app/views/devise/mailer/reset_password_instructions.html.erb +++ /dev/null @@ -1,8 +0,0 @@ -

Hello <%= @resource.email %>!

- -

Someone has requested a link to change your password. You can do this through the link below.

- -

<%= link_to 'Change my password', edit_password_url(@resource, reset_password_token: @token) %>

- -

If you didn't request this, please ignore this email.

-

Your password won't change until you access the link above and create a new one.

diff --git a/app/views/devise/mailer/unlock_instructions.html.erb b/app/views/devise/mailer/unlock_instructions.html.erb deleted file mode 100644 index 41e148b..0000000 --- a/app/views/devise/mailer/unlock_instructions.html.erb +++ /dev/null @@ -1,7 +0,0 @@ -

Hello <%= @resource.email %>!

- -

Your account has been locked due to an excessive number of unsuccessful sign in attempts.

- -

Click the link below to unlock your account:

- -

<%= link_to 'Unlock my account', unlock_url(@resource, unlock_token: @token) %>

diff --git a/app/views/devise/passwords/edit.html.erb b/app/views/devise/passwords/edit.html.erb deleted file mode 100644 index 8f995ed..0000000 --- a/app/views/devise/passwords/edit.html.erb +++ /dev/null @@ -1,19 +0,0 @@ -

Change your password

- -<%= simple_form_for(resource, as: resource_name, url: password_path(resource_name), html: { method: :put }) do |f| %> - <%= f.error_notification %> - - <%= f.input :reset_password_token, as: :hidden %> - <%= f.full_error :reset_password_token %> - -
- <%= f.input :password, label: "New password", required: true, autofocus: true %> - <%= f.input :password_confirmation, label: "Confirm your new password", required: true %> -
- -
- <%= f.button :submit, "Change my password" %> -
-<% end %> - -<%= render "devise/shared/links" %> diff --git a/app/views/devise/passwords/new.html.erb b/app/views/devise/passwords/new.html.erb deleted file mode 100644 index d1503e7..0000000 --- a/app/views/devise/passwords/new.html.erb +++ /dev/null @@ -1,15 +0,0 @@ -

Forgot your password?

- -<%= simple_form_for(resource, as: resource_name, url: password_path(resource_name), html: { method: :post }) do |f| %> - <%= f.error_notification %> - -
- <%= f.input :email, required: true, autofocus: true %> -
- -
- <%= f.button :submit, "Send me reset password instructions" %> -
-<% end %> - -<%= render "devise/shared/links" %> diff --git a/app/views/devise/registrations/edit.html.erb b/app/views/devise/registrations/edit.html.erb deleted file mode 100644 index 5db350b..0000000 --- a/app/views/devise/registrations/edit.html.erb +++ /dev/null @@ -1,27 +0,0 @@ -

Edit <%= resource_name.to_s.humanize %>

- -<%= simple_form_for(resource, as: resource_name, url: registration_path(resource_name), html: { method: :put }) do |f| %> - <%= f.error_notification %> - -
- <%= f.input :email, required: true, autofocus: true %> - - <% if devise_mapping.confirmable? && resource.pending_reconfirmation? %> -

Currently waiting confirmation for: <%= resource.unconfirmed_email %>

- <% end %> - - <%= f.input :password, autocomplete: "off", hint: "leave it blank if you don't want to change it", required: false %> - <%= f.input :password_confirmation, required: false %> - <%= f.input :current_password, hint: "we need your current password to confirm your changes", required: true %> -
- -
- <%= f.button :submit, "Update" %> -
-<% end %> - -

Cancel my account

- -

Unhappy? <%= link_to "Cancel my account", registration_path(resource_name), data: { confirm: "Are you sure?" }, method: :delete %>

- -<%= link_to "Back", :back %> diff --git a/app/views/devise/registrations/new.html.erb b/app/views/devise/registrations/new.html.erb deleted file mode 100644 index 090fb29..0000000 --- a/app/views/devise/registrations/new.html.erb +++ /dev/null @@ -1,17 +0,0 @@ -

Sign up

- -<%= simple_form_for(resource, as: resource_name, url: registration_path(resource_name)) do |f| %> - <%= f.error_notification %> - -
- <%= f.input :email, required: true, autofocus: true %> - <%= f.input :password, required: true %> - <%= f.input :password_confirmation, required: true %> -
- -
- <%= f.button :submit, "Sign up" %> -
-<% end %> - -<%= render "devise/shared/links" %> diff --git a/app/views/devise/sessions/new.html.erb b/app/views/devise/sessions/new.html.erb deleted file mode 100644 index c790b49..0000000 --- a/app/views/devise/sessions/new.html.erb +++ /dev/null @@ -1,15 +0,0 @@ -

Sign in

- -<%= simple_form_for(resource, as: resource_name, url: session_path(resource_name)) do |f| %> -
- <%= f.input :email, required: false, autofocus: true %> - <%= f.input :password, required: false %> - <%= f.input :remember_me, as: :boolean if devise_mapping.rememberable? %> -
- -
- <%= f.button :submit, "Sign in" %> -
-<% end %> - -<%= render "devise/shared/links" %> diff --git a/app/views/devise/shared/_links.erb b/app/views/devise/shared/_links.erb deleted file mode 100644 index d84bdde..0000000 --- a/app/views/devise/shared/_links.erb +++ /dev/null @@ -1,25 +0,0 @@ -<%- if controller_name != 'sessions' %> - <%= link_to "Sign in", new_session_path(resource_name) %>
-<% end -%> - -<%- if devise_mapping.registerable? && controller_name != 'registrations' %> - <%= link_to "Sign up", new_registration_path(resource_name) %>
-<% end -%> - -<%- if devise_mapping.recoverable? && controller_name != 'passwords' && controller_name != 'registrations' %> - <%= link_to "Forgot your password?", new_password_path(resource_name) %>
-<% end -%> - -<%- if devise_mapping.confirmable? && controller_name != 'confirmations' %> - <%= link_to "Didn't receive confirmation instructions?", new_confirmation_path(resource_name) %>
-<% end -%> - -<%- if devise_mapping.lockable? && resource_class.unlock_strategy_enabled?(:email) && controller_name != 'unlocks' %> - <%= link_to "Didn't receive unlock instructions?", new_unlock_path(resource_name) %>
-<% end -%> - -<%- if devise_mapping.omniauthable? %> - <%- resource_class.omniauth_providers.each do |provider| %> - <%= link_to "Sign in with #{provider.to_s.titleize}", omniauth_authorize_path(resource_name, provider) %>
- <% end -%> -<% end -%> diff --git a/app/views/devise/unlocks/new.html.erb b/app/views/devise/unlocks/new.html.erb deleted file mode 100644 index 788f62e..0000000 --- a/app/views/devise/unlocks/new.html.erb +++ /dev/null @@ -1,16 +0,0 @@ -

Resend unlock instructions

- -<%= simple_form_for(resource, as: resource_name, url: unlock_path(resource_name), html: { method: :post }) do |f| %> - <%= f.error_notification %> - <%= f.full_error :unlock_token %> - -
- <%= f.input :email, required: true, autofocus: true %> -
- -
- <%= f.button :submit, "Resend unlock instructions" %> -
-<% end %> - -<%= render "devise/shared/links" %> diff --git a/app/views/layouts/application.html.erb b/app/views/layouts/application.html.erb index 0d65c9f..b77195c 100644 --- a/app/views/layouts/application.html.erb +++ b/app/views/layouts/application.html.erb @@ -8,6 +8,12 @@ +
+ <% if @current_user %> + Signed in as: <%= @current_user.name %> | <%= link_to 'Sign out', session_path, method: :delete %> + <% end %> +
+ <%= yield %> diff --git a/app/views/sessions/new.html.erb b/app/views/sessions/new.html.erb new file mode 100644 index 0000000..bdec0de --- /dev/null +++ b/app/views/sessions/new.html.erb @@ -0,0 +1 @@ +<%= link_to 'Sign in with Twitter', '/auth/twitter' %> diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb deleted file mode 100644 index ba418df..0000000 --- a/config/initializers/devise.rb +++ /dev/null @@ -1,257 +0,0 @@ -# Use this hook to configure devise mailer, warden hooks and so forth. -# Many of these configuration options can be set straight in your model. -Devise.setup do |config| - # The secret key used by Devise. Devise uses this key to generate - # random tokens. Changing this key will render invalid all existing - # confirmation, reset password and unlock tokens in the database. - # config.secret_key = '9eafa5328c87bd50b92070c85e4d1cff5d8345c6dda796d9c18e808b5456c3d8844b788d4b066d4270b18ec982fabbf4d0e7c835e23247f7f89ff4f91edc4c4d' - - # ==> Mailer Configuration - # Configure the e-mail address which will be shown in Devise::Mailer, - # note that it will be overwritten if you use your own mailer class - # with default "from" parameter. - config.mailer_sender = 'please-change-me-at-config-initializers-devise@example.com' - - # Configure the class responsible to send e-mails. - # config.mailer = 'Devise::Mailer' - - # ==> ORM configuration - # Load and configure the ORM. Supports :active_record (default) and - # :mongoid (bson_ext recommended) by default. Other ORMs may be - # available as additional gems. - require 'devise/orm/active_record' - - # ==> Configuration for any authentication mechanism - # Configure which keys are used when authenticating a user. The default is - # just :email. You can configure it to use [:username, :subdomain], so for - # authenticating a user, both parameters are required. Remember that those - # parameters are used only when authenticating and not when retrieving from - # session. If you need permissions, you should implement that in a before filter. - # You can also supply a hash where the value is a boolean determining whether - # or not authentication should be aborted when the value is not present. - # config.authentication_keys = [ :email ] - - # Configure parameters from the request object used for authentication. Each entry - # given should be a request method and it will automatically be passed to the - # find_for_authentication method and considered in your model lookup. For instance, - # if you set :request_keys to [:subdomain], :subdomain will be used on authentication. - # The same considerations mentioned for authentication_keys also apply to request_keys. - # config.request_keys = [] - - # Configure which authentication keys should be case-insensitive. - # These keys will be downcased upon creating or modifying a user and when used - # to authenticate or find a user. Default is :email. - config.case_insensitive_keys = [ :email ] - - # Configure which authentication keys should have whitespace stripped. - # These keys will have whitespace before and after removed upon creating or - # modifying a user and when used to authenticate or find a user. Default is :email. - config.strip_whitespace_keys = [ :email ] - - # Tell if authentication through request.params is enabled. True by default. - # It can be set to an array that will enable params authentication only for the - # given strategies, for example, `config.params_authenticatable = [:database]` will - # enable it only for database (email + password) authentication. - # config.params_authenticatable = true - - # Tell if authentication through HTTP Auth is enabled. False by default. - # It can be set to an array that will enable http authentication only for the - # given strategies, for example, `config.http_authenticatable = [:database]` will - # enable it only for database authentication. The supported strategies are: - # :database = Support basic authentication with authentication key + password - # config.http_authenticatable = false - - # If http headers should be returned for AJAX requests. True by default. - # config.http_authenticatable_on_xhr = true - - # The realm used in Http Basic Authentication. 'Application' by default. - # config.http_authentication_realm = 'Application' - - # It will change confirmation, password recovery and other workflows - # to behave the same regardless if the e-mail provided was right or wrong. - # Does not affect registerable. - # config.paranoid = true - - # By default Devise will store the user in session. You can skip storage for - # particular strategies by setting this option. - # Notice that if you are skipping storage for all authentication paths, you - # may want to disable generating routes to Devise's sessions controller by - # passing skip: :sessions to `devise_for` in your config/routes.rb - config.skip_session_storage = [:http_auth] - - # By default, Devise cleans up the CSRF token on authentication to - # avoid CSRF token fixation attacks. This means that, when using AJAX - # requests for sign in and sign up, you need to get a new CSRF token - # from the server. You can disable this option at your own risk. - # config.clean_up_csrf_token_on_authentication = true - - # ==> Configuration for :database_authenticatable - # For bcrypt, this is the cost for hashing the password and defaults to 10. If - # using other encryptors, it sets how many times you want the password re-encrypted. - # - # Limiting the stretches to just one in testing will increase the performance of - # your test suite dramatically. However, it is STRONGLY RECOMMENDED to not use - # a value less than 10 in other environments. Note that, for bcrypt (the default - # encryptor), the cost increases exponentially with the number of stretches (e.g. - # a value of 20 is already extremely slow: approx. 60 seconds for 1 calculation). - config.stretches = Rails.env.test? ? 1 : 10 - - # Setup a pepper to generate the encrypted password. - # config.pepper = '46c5434d00479f20025a60f5ae404ee5e43701708f4cd7dfc8d69014d193051576b3bc67ffe8e89f6c7f10e71036c1ff98c673420b750c1e9f54e58a2e7acb85' - - # ==> Configuration for :confirmable - # A period that the user is allowed to access the website even without - # confirming their account. For instance, if set to 2.days, the user will be - # able to access the website for two days without confirming their account, - # access will be blocked just in the third day. Default is 0.days, meaning - # the user cannot access the website without confirming their account. - # config.allow_unconfirmed_access_for = 2.days - - # A period that the user is allowed to confirm their account before their - # token becomes invalid. For example, if set to 3.days, the user can confirm - # their account within 3 days after the mail was sent, but on the fourth day - # their account can't be confirmed with the token any more. - # Default is nil, meaning there is no restriction on how long a user can take - # before confirming their account. - # config.confirm_within = 3.days - - # If true, requires any email changes to be confirmed (exactly the same way as - # initial account confirmation) to be applied. Requires additional unconfirmed_email - # db field (see migrations). Until confirmed, new email is stored in - # unconfirmed_email column, and copied to email column on successful confirmation. - config.reconfirmable = true - - # Defines which key will be used when confirming an account - # config.confirmation_keys = [ :email ] - - # ==> Configuration for :rememberable - # The time the user will be remembered without asking for credentials again. - # config.remember_for = 2.weeks - - # If true, extends the user's remember period when remembered via cookie. - # config.extend_remember_period = false - - # Options to be passed to the created cookie. For instance, you can set - # secure: true in order to force SSL only cookies. - # config.rememberable_options = {} - - # ==> Configuration for :validatable - # Range for password length. - config.password_length = 8..128 - - # Email regex used to validate email formats. It simply asserts that - # one (and only one) @ exists in the given string. This is mainly - # to give user feedback and not to assert the e-mail validity. - # config.email_regexp = /\A[^@]+@[^@]+\z/ - - # ==> Configuration for :timeoutable - # The time you want to timeout the user session without activity. After this - # time the user will be asked for credentials again. Default is 30 minutes. - # config.timeout_in = 30.minutes - - # If true, expires auth token on session timeout. - # config.expire_auth_token_on_timeout = false - - # ==> Configuration for :lockable - # Defines which strategy will be used to lock an account. - # :failed_attempts = Locks an account after a number of failed attempts to sign in. - # :none = No lock strategy. You should handle locking by yourself. - # config.lock_strategy = :failed_attempts - - # Defines which key will be used when locking and unlocking an account - # config.unlock_keys = [ :email ] - - # Defines which strategy will be used to unlock an account. - # :email = Sends an unlock link to the user email - # :time = Re-enables login after a certain amount of time (see :unlock_in below) - # :both = Enables both strategies - # :none = No unlock strategy. You should handle unlocking by yourself. - # config.unlock_strategy = :both - - # Number of authentication tries before locking an account if lock_strategy - # is failed attempts. - # config.maximum_attempts = 20 - - # Time interval to unlock the account if :time is enabled as unlock_strategy. - # config.unlock_in = 1.hour - - # Warn on the last attempt before the account is locked. - # config.last_attempt_warning = false - - # ==> Configuration for :recoverable - # - # Defines which key will be used when recovering the password for an account - # config.reset_password_keys = [ :email ] - - # Time interval you can reset your password with a reset password key. - # Don't put a too small interval or your users won't have the time to - # change their passwords. - config.reset_password_within = 6.hours - - # ==> Configuration for :encryptable - # Allow you to use another encryption algorithm besides bcrypt (default). You can use - # :sha1, :sha512 or encryptors from others authentication tools as :clearance_sha1, - # :authlogic_sha512 (then you should set stretches above to 20 for default behavior) - # and :restful_authentication_sha1 (then you should set stretches to 10, and copy - # REST_AUTH_SITE_KEY to pepper). - # - # Require the `devise-encryptable` gem when using anything other than bcrypt - # config.encryptor = :sha512 - - # ==> Scopes configuration - # Turn scoped views on. Before rendering "sessions/new", it will first check for - # "users/sessions/new". It's turned off by default because it's slower if you - # are using only default views. - # config.scoped_views = false - - # Configure the default scope given to Warden. By default it's the first - # devise role declared in your routes (usually :user). - # config.default_scope = :user - - # Set this configuration to false if you want /users/sign_out to sign out - # only the current scope. By default, Devise signs out all scopes. - # config.sign_out_all_scopes = true - - # ==> Navigation configuration - # Lists the formats that should be treated as navigational. Formats like - # :html, should redirect to the sign in page when the user does not have - # access, but formats like :xml or :json, should return 401. - # - # If you have any extra navigational formats, like :iphone or :mobile, you - # should add them to the navigational formats lists. - # - # The "*/*" below is required to match Internet Explorer requests. - # config.navigational_formats = ['*/*', :html] - - # The default HTTP method used to sign out a resource. Default is :delete. - config.sign_out_via = :delete - - # ==> OmniAuth - # Add a new OmniAuth provider. Check the wiki for more information on setting - # up on your models and hooks. - # config.omniauth :github, 'APP_ID', 'APP_SECRET', scope: 'user,public_repo' - config.omniauth :twitter, ENV['TWITTER_CONSUMER_KEY'], ENV['TWITTER_CONSUMER_SECRET'] - - # ==> Warden configuration - # If you want to use other strategies, that are not supported by Devise, or - # change the failure app, you can configure them inside the config.warden block. - # - # config.warden do |manager| - # manager.intercept_401 = false - # manager.default_strategies(scope: :user).unshift :some_external_strategy - # end - - # ==> Mountable engine configurations - # When using Devise inside an engine, let's call it `MyEngine`, and this engine - # is mountable, there are some extra configurations to be taken into account. - # The following options are available, assuming the engine is mounted as: - # - # mount MyEngine, at: '/my_engine' - # - # The router that invoked `devise_for`, in the example above, would be: - # config.router_name = :my_engine - # - # When using omniauth, Devise cannot automatically set Omniauth path, - # so you need to do it manually. For the users scope, it would be: - # config.omniauth_path_prefix = '/my_engine/users/auth' -end diff --git a/config/initializers/omniauth.rb b/config/initializers/omniauth.rb new file mode 100644 index 0000000..05d79ed --- /dev/null +++ b/config/initializers/omniauth.rb @@ -0,0 +1,3 @@ +Rails.application.config.middleware.use OmniAuth::Builder do + provider :twitter, ENV['TWITTER_KEY'], ENV['TWITTER_SECRET'] +end diff --git a/config/routes.rb b/config/routes.rb index 25d9728..fa812c1 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -1,10 +1,12 @@ MyImages::Application.routes.draw do - devise_for :users # The priority is based upon order of creation: first created -> highest priority. # See how all your routes lay out with "rake routes". root 'images#index' + resource :session, only: [:new, :destroy] + get '/auth/:provider/callback', to: 'sessions#create', as: :create_session + # Example of regular route: # get 'products/:id' => 'catalog#view' diff --git a/db/migrate/20140323140656_devise_create_users.rb b/db/migrate/20140323140656_devise_create_users.rb deleted file mode 100644 index cf497c2..0000000 --- a/db/migrate/20140323140656_devise_create_users.rb +++ /dev/null @@ -1,42 +0,0 @@ -class DeviseCreateUsers < ActiveRecord::Migration - def change - create_table(:users) do |t| - ## Database authenticatable - t.string :email, null: false, default: "" - t.string :encrypted_password, null: false, default: "" - - ## Recoverable - t.string :reset_password_token - t.datetime :reset_password_sent_at - - ## Rememberable - t.datetime :remember_created_at - - ## Trackable - t.integer :sign_in_count, default: 0, null: false - t.datetime :current_sign_in_at - t.datetime :last_sign_in_at - t.string :current_sign_in_ip - t.string :last_sign_in_ip - - ## Confirmable - # t.string :confirmation_token - # t.datetime :confirmed_at - # t.datetime :confirmation_sent_at - # t.string :unconfirmed_email # Only if using reconfirmable - - ## Lockable - # t.integer :failed_attempts, default: 0, null: false # Only if lock strategy is :failed_attempts - # t.string :unlock_token # Only if unlock strategy is :email or :both - # t.datetime :locked_at - - - t.timestamps - end - - add_index :users, :email, unique: true - add_index :users, :reset_password_token, unique: true - # add_index :users, :confirmation_token, unique: true - # add_index :users, :unlock_token, unique: true - end -end diff --git a/db/migrate/20140324161505_create_users.rb b/db/migrate/20140324161505_create_users.rb new file mode 100644 index 0000000..51668c8 --- /dev/null +++ b/db/migrate/20140324161505_create_users.rb @@ -0,0 +1,13 @@ +class CreateUsers < ActiveRecord::Migration + def change + create_table :users do |t| + t.string :email + t.string :username + t.string :name + t.string :provider + t.string :uid + + t.timestamps + end + end +end diff --git a/db/schema.rb b/db/schema.rb index 50e57b9..16ee2f1 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -11,7 +11,7 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema.define(version: 20140323140656) do +ActiveRecord::Schema.define(version: 20140324161505) do create_table "images", force: true do |t| t.integer "user_id" @@ -22,21 +22,13 @@ ActiveRecord::Schema.define(version: 20140323140656) do end create_table "users", force: true do |t| - t.string "email", default: "", null: false - t.string "encrypted_password", default: "", null: false - t.string "reset_password_token" - t.datetime "reset_password_sent_at" - t.datetime "remember_created_at" - t.integer "sign_in_count", default: 0, null: false - t.datetime "current_sign_in_at" - t.datetime "last_sign_in_at" - t.string "current_sign_in_ip" - t.string "last_sign_in_ip" + t.string "email" + t.string "username" + t.string "name" + t.string "provider" + t.string "uid" t.datetime "created_at" t.datetime "updated_at" end - add_index "users", ["email"], name: "index_users_on_email", unique: true - add_index "users", ["reset_password_token"], name: "index_users_on_reset_password_token", unique: true - end diff --git a/spec/controllers/sessions_controller_spec.rb b/spec/controllers/sessions_controller_spec.rb new file mode 100644 index 0000000..702c559 --- /dev/null +++ b/spec/controllers/sessions_controller_spec.rb @@ -0,0 +1,5 @@ +require 'spec_helper' + +describe SessionsController do + +end diff --git a/spec/helpers/sessions_helper_spec.rb b/spec/helpers/sessions_helper_spec.rb new file mode 100644 index 0000000..cc4c89d --- /dev/null +++ b/spec/helpers/sessions_helper_spec.rb @@ -0,0 +1,15 @@ +require 'spec_helper' + +# Specs in this file have access to a helper object that includes +# the SessionsHelper. For example: +# +# describe SessionsHelper do +# describe "string concat" do +# it "concats two strings with spaces" do +# expect(helper.concat_strings("this","that")).to eq("this that") +# end +# end +# end +describe SessionsHelper do + pending "add some examples to (or delete) #{__FILE__}" +end