Implement advanced login

Meph1k · Oct 23, 2016 · 8d41684 · 8d41684
1 parent 113c702
commit 8d41684
Show file tree

Hide file tree

Showing 8 changed files with 146 additions and 111 deletions.
diff --git a/.idea/workspace.xml b/.idea/workspace.xml
diff --git a/app/assets/stylesheets/custom.scss b/app/assets/stylesheets/custom.scss
@@ -175,3 +175,16 @@ input {
     color: $state-danger-text;
   }
 }
+.checkbox {
+  margin-top: -10px;
+  margin-bottom: 10px;
+  span {
+    margin-left: 20px;
+    font-weight: normal;
+  }
+}
+
+#session_remember_me {
+  width: auto;
+  margin-left: 0;
+}
diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
@@ -7,6 +7,7 @@ def create
     user = User.find_by(email: params[:session][:email].downcase)
     if user && user.authenticate(params[:session][:password])
       log_in user
+      params[:session][:remember_me] == '1' ? remember(user) : forget(user)
       redirect_to user
     else
       flash.now[:danger] = 'Invalid email/password combination'
@@ -15,7 +16,7 @@ def create
   end
 
   def destroy
-    log_out
+    log_out if logged_in?
     redirect_to root_url
   end
 end
diff --git a/app/helpers/sessions_helper.rb b/app/helpers/sessions_helper.rb
@@ -5,17 +5,40 @@ def log_in(user)
     session[:user_id] = user.id
   end
 
-  # Returns the current logged-in user (if any).
+  # Remembers a user in a persistent session.
+  def remember(user)
+    user.remember
+    cookies.permanent.signed[:user_id] = user.id
+    cookies.permanent[:remember_token] = user.remember_token
+  end
+
+  # Returns the user corresponding to the remember token cookie.
   def current_user
-    @current_user ||= User.find_by(id: session[:user_id])
+    if (user_id = session[:user_id])
+      @current_user ||= User.find_by(id: user_id)
+    elsif (user_id = cookies.signed[:user_id])
+      user = User.find_by(id: user_id)
+      if user && user.authenticated?(cookies[:remember_token])
+        log_in user
+        @current_user = user
+      end
+    end
   end
 
   # Returns true if the user is logged in, false otherwise.
   def logged_in?
     !current_user.nil?
   end
 
+  def forget(user)
+    user.forget
+    cookies.delete(:user_id)
+    cookies.delete(:remember_token)
+  end
+
+  # Logs out the current user.
   def log_out
+    forget(current_user)
     session.delete(:user_id)
     @current_user = nil
   end

diff --git a/app/models/user.rb b/app/models/user.rb
@@ -1,4 +1,5 @@
 class User < ApplicationRecord
+  attr_accessor :remember_token
   before_save { self.email = email.downcase }
   validates :name,  presence: true, length: { maximum: 50 }
   VALID_EMAIL_REGEX = /\A[\w+\-.]+@[a-z\d\-.]+\.[a-z]+\z/i
@@ -14,4 +15,26 @@ def User.digest(string)
         BCrypt::Engine.cost
     BCrypt::Password.create(string, cost: cost)
   end
+
+  # Returns a random token.
+  def User.new_token
+    SecureRandom.urlsafe_base64
+  end
+
+  # Remembers a user in the database for use in persistent sessions.
+  def remember
+    self.remember_token = User.new_token
+    update_attribute(:remember_digest, User.digest(remember_token))
+  end
+
+  # Returns true if the given token matches the digest.
+  def authenticated?(remember_token)
+    return false if remember_digest.nil?
+    BCrypt::Password.new(remember_digest).is_password?(remember_token)
+  end
+
+  # Forgets a user.
+  def forget
+    update_attribute(:remember_digest, nil)
+  end
 end
diff --git a/app/views/sessions/new.html.erb b/app/views/sessions/new.html.erb
@@ -11,9 +11,14 @@
         <%= f.label :password %>
         <%= f.password_field :password, class: 'form-control' %>
 
+        <%= f.label :remember_me, class: "checkbox inline" do %>
+            <%= f.check_box :remember_me %>
+            <span>Remember me on this computer</span>
+        <% end %>
+
         <%= f.submit "Log in", class: "btn btn-primary" %>
     <% end %>
 
     <p>New user? <%= link_to "Sign up now!", signup_path %></p>
   </div>
-</div>
+</div>
diff --git a/db/migrate/20161023205010_add_remember_digest_to_users.rb b/db/migrate/20161023205010_add_remember_digest_to_users.rb
@@ -0,0 +1,5 @@
+class AddRememberDigestToUsers < ActiveRecord::Migration[5.0]
+  def change
+    add_column :users, :remember_digest, :string
+  end
+end
diff --git a/db/schema.rb b/db/schema.rb
@@ -10,14 +10,15 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 20161022112747) do
+ActiveRecord::Schema.define(version: 20161023205010) do
 
   create_table "users", force: :cascade do |t|
     t.string   "name"
     t.string   "email"
     t.datetime "created_at",      null: false
     t.datetime "updated_at",      null: false
     t.string   "password_digest"
+    t.string   "remember_digest"
     t.index ["email"], name: "index_users_on_email", unique: true
   end