Slack-Rana-media-ranker-OAuth

.gitignore

@@ -15,3 +15,4 @@
 
 # Ignore Byebug command history file.
 .byebug_history
+.env

Gemfile

@@ -1,5 +1,10 @@
 source 'https://rubygems.org'
 
+gem "awesome_print"
+gem "omniauth"
+gem "omniauth-github"
+gem "omniauth-google-oauth2"
+
 ruby '2.4.0'
 
 git_source(:github) do |repo_name|
@@ -45,6 +50,7 @@ group :development, :test do
 
   # Improve the error message you get in the browser
   gem 'better_errors'
+  gem "binding_of_caller"
 
   # Use pry for rails console
   gem 'pry-rails'
@@ -64,6 +70,7 @@ group :development do
   # Spring speeds up development by keeping your application running in the background. Read more: https://github.com/rails/spring
   gem 'spring'
   gem 'spring-watcher-listen', '~> 2.0.0'
+  gem 'dotenv-rails'
 end
 
 # Windows does not include zoneinfo files, so bundle the tzinfo-data gem

Gemfile.lock

@@ -40,6 +40,7 @@ GEM
       tzinfo (~> 1.1)
     ansi (1.5.0)
     arel (7.1.4)
+    awesome_print (1.7.0)
     babel-source (5.8.35)
     babel-transpiler (0.7.0)
       babel-source (>= 4.0, < 6)
@@ -49,6 +50,8 @@ GEM
       erubis (>= 2.6.6)
       rack (>= 0.9.0)
     bindex (0.5.0)
+    binding_of_caller (0.7.2)
+      debug_inspector (>= 0.0.1)
     builder (3.2.3)
     byebug (9.0.6)
     coderay (1.1.1)
@@ -60,15 +63,23 @@ GEM
       execjs
     coffee-script-source (1.12.2)
     concurrent-ruby (1.0.5)
+    debug_inspector (0.0.2)
+    dotenv (2.2.0)
+    dotenv-rails (2.2.0)
+      dotenv (= 2.2.0)
+      railties (>= 3.2, < 5.1)
     erubis (2.7.0)
     execjs (2.7.0)
+    faraday (0.11.0)
+      multipart-post (>= 1.2, < 3)
     ffi (1.9.18)
     foundation-rails (6.3.0.0)
       railties (>= 3.1.0)
       sass (>= 3.3.0, < 3.5)
       sprockets-es6 (>= 0.9.0)
     globalid (0.3.7)
       activesupport (>= 4.1.0)
+    hashie (3.5.5)
     i18n (0.8.1)
     jbuilder (2.6.3)
       activesupport (>= 3.0.0, < 5.2)
@@ -77,6 +88,7 @@ GEM
       rails-dom-testing (>= 1, < 3)
       railties (>= 4.2.0)
       thor (>= 0.14, < 2.0)
+    jwt (1.5.6)
     listen (3.0.8)
       rb-fsevent (~> 0.9, >= 0.9.4)
       rb-inotify (~> 0.9, >= 0.9.7)
@@ -104,9 +116,31 @@ GEM
       minitest (~> 5.0)
       rails (>= 4.1)
     multi_json (1.12.1)
+    multi_xml (0.6.0)
+    multipart-post (2.0.0)
     nio4r (2.0.0)
     nokogiri (1.7.1)
       mini_portile2 (~> 2.1.0)
+    oauth2 (1.3.1)
+      faraday (>= 0.8, < 0.12)
+      jwt (~> 1.0)
+      multi_json (~> 1.3)
+      multi_xml (~> 0.5)
+      rack (>= 1.2, < 3)
+    omniauth (1.6.1)
+      hashie (>= 3.4.6, < 3.6.0)
+      rack (>= 1.6.2, < 3)
+    omniauth-github (1.2.3)
+      omniauth (~> 1.5)
+      omniauth-oauth2 (>= 1.4.0, < 2.0)
+    omniauth-google-oauth2 (0.4.1)
+      jwt (~> 1.5.2)
+      multi_json (~> 1.3)
+      omniauth (>= 1.1.1)
+      omniauth-oauth2 (>= 1.3.1)
+    omniauth-oauth2 (1.4.0)
+      oauth2 (~> 1.0)
+      omniauth (~> 1.2)
     pg (0.20.0)
     pry (0.10.4)
       coderay (~> 1.1.0)
@@ -193,9 +227,12 @@ PLATFORMS
   ruby
 
 DEPENDENCIES
+  awesome_print
   better_errors
+  binding_of_caller
   byebug
   coffee-rails (~> 4.2)
+  dotenv-rails
   foundation-rails
   jbuilder (~> 2.5)
   jquery-rails
@@ -204,6 +241,9 @@ DEPENDENCIES
   minitest-reporters
   minitest-skip
   minitest-spec-rails
+  omniauth
+  omniauth-github
+  omniauth-google-oauth2
   pg (~> 0.18)
   pry-rails
   puma (~> 3.0)
@@ -220,4 +260,4 @@ RUBY VERSION
    ruby 2.4.0p0
 
 BUNDLED WITH
-   1.14.4
+   1.14.6

app/controllers/application_controller.rb

@@ -3,11 +3,32 @@ class ApplicationController < ActionController::Base
 
   before_action :find_user
 
+  before_action :require_login
+helper_method :current_user
+
+  def require_login
+    #See if we have a logged-in user (probably using session)
+    if !session[:user_id]
+      #if not logged-in
+      #Show message about not being logged-in and send to root route
+      flash[:status] = :failure
+      flash[:result_text] = "You must be logged in to view this page"
+      redirect_to root_path
+    end
+    #Let it be if there is  someone logged-in
+  end
+
   def render_404
     # DPR: supposedly this will actually render a 404 page in production
     raise ActionController::RoutingError.new('Not Found')
   end
 
+  def current_user
+    # MEMOIZE: storing something so yo don't have to retrieve it all the time
+    @logged_in_user ||= User.find(session[:user_id]) if session[:user_id]
+  end
+
+
 private
   def find_user
     if session[:user_id]

app/controllers/sessions_controller.rb

@@ -1,29 +1,51 @@
 class SessionsController < ApplicationController
-  def login_form
-  end
+  skip_before_action :require_login, only: [:create]
+
+  def create
+    auth_hash = request.env['omniauth.auth']
+    auth_hash["uid"] =  auth_hash["uid"].to_s
 
-  def login
-    username = params[:username]
-    if username and user = User.find_by(username: username)
+    if auth_hash["uid"]
+      user = User.find_by(uid: auth_hash["uid"], provider: auth_hash["provider"])
+
+      if user.nil?
+        user = User.create_from_omniauth(auth_hash)
+        if user.nil?
+          flash[:error] = "Unable to log you in."
+          redirect_to root_path
+        end
+      end
       session[:user_id] = user.id
-      flash[:status] = :success
-      flash[:result_text] = "Successfully logged in as existing user #{user.username}"
+      flash[:success] =  "Logged in successfully"
+      redirect_to root_path
     else
-      user = User.new(username: username)
-      if user.save
-        session[:user_id] = user.id
-        flash[:status] = :success
-        flash[:result_text] = "Successfully created new user #{user.username} with ID #{user.id}"
-      else
-        flash.now[:status] = :failure
-        flash.now[:result_text] = "Could not log in"
-        flash.now[:messages] = user.errors.messages
-        render "login_form", status: :bad_request
-        return
-      end
+      flash[:error] = "Could not log in"
+      redirect_to root_path
     end
-    redirect_to root_path
+
   end
+  # def login
+  #   username = params[:username]
+  #   if username and user = User.find_by(username: username)
+  #     session[:user_id] = user.id
+  #     flash[:status] = :success
+  #     flash[:result_text] = "Successfully logged in as existing user #{user.username}"
+  #   else
+  #     user = User.new(username: username)
+  #     if user.save
+  #       session[:user_id] = user.id
+  #       flash[:status] = :success
+  #       flash[:result_text] = "Successfully created new user #{user.username} with ID #{user.id}"
+  #     else
+  #       flash.now[:status] = :failure
+  #       flash.now[:result_text] = "Could not log in"
+  #       flash.now[:messages] = user.errors.messages
+  #       render "login_form", status: :bad_request
+  #       return
+  #     end
+  #   end
+  #   redirect_to root_path
+  # end
 
   def logout
     session[:user_id] = nil

app/controllers/works_controller.rb

@@ -1,8 +1,11 @@
 class WorksController < ApplicationController
   # We should always be able to tell what category
   # of work we're dealing with
+
   before_action :category_from_url, only: [:index, :new, :create]
   before_action :category_from_work, except: [:root, :index, :new, :create]
+  skip_before_action :require_login, only: [:root]
+
 
   def root
     @albums = Work.best_albums
@@ -17,7 +20,7 @@ def index
   end
 
   def new
-    @work = Work.new(category: @media_category)
+    @work = Work.new(user_id: session[:user_id], category: @media_category)
   end
 
   def create
@@ -39,6 +42,11 @@ def show
   end
 
   def edit
+    if session[:user_id] != @work.user_id
+      flash[:status] = :failure
+      flash[:result_text] = "This #{@media_category.singularize} can only be updated by its owner."
+      redirect_to works_path(@media_category)
+    end
   end
 
   def update
@@ -56,10 +64,16 @@ def update
   end
 
   def destroy
-    @work.destroy
-    flash[:status] = :success
-    flash[:result_text] = "Successfully destroyed #{@media_category.singularize} #{@work.id}"
-    redirect_to root_path
+    if session[:user_id] != @work.user_id
+      flash[:status] = :failure
+      flash[:result_text] = "This #{@media_category.singularize} can only be deleted by its owner."
+      redirect_to works_path(@media_category)
+    else
+      @work.destroy
+      flash[:status] = :success
+      flash[:result_text] = "Successfully destroyed #{@media_category.singularize} #{@work.id}"
+      redirect_to root_path
+    end
   end
 
   def upvote
@@ -91,7 +105,7 @@ def upvote
 
 private
   def media_params
-    params.require(:work).permit(:title, :category, :creator, :description, :publication_year)
+    params.require(:work).permit(:user_id, :title, :category, :creator, :description, :publication_year)
   end
 
   def category_from_url

app/models/user.rb

@@ -1,6 +1,28 @@
 class User < ApplicationRecord
   has_many :votes
+  has_many :works
   has_many :ranked_works, through: :votes, source: :work
 
-  validates :username, uniqueness: true, presence: true
+  validates :name, uniqueness: true, presence: true
+
+  def self.create_from_omniauth(auth_hash)
+
+    user = User.new
+    user.uid = auth_hash["uid"]
+    user.provider = auth_hash["provider"]
+
+    if auth_hash["info"]["nickname"]
+      user.name = auth_hash["info"]["nickname"]
+    else
+      user.name = auth_hash["info"]["name"]
+    end
+
+    user.email = auth_hash["info"]["email"]
+    #binding.pry
+    user.save
+    return user
+
+  end
+
+
 end

app/models/work.rb

@@ -1,4 +1,5 @@
 class Work < ApplicationRecord
+  belongs_to :user
   has_many :votes, dependent: :destroy
   has_many :ranking_users, through: :votes, source: :user
 

app/views/layouts/application.html.erb

@@ -19,11 +19,12 @@
     <!-- TODO DPR: this looks really silly when the screen size is small -->
     <div class="columns large-3 small-12">
       <% if @login_user %>
-        <p class="text-right">Logged in as <%= link_to @login_user.username, user_path(@login_user) %></p>
+        <p class="text-right">Logged in as <%= link_to @login_user.name, user_path(@login_user) %></p>
         <%= link_to "Log Out", logout_path, method: :post, class: "button float-right" %>
       <% else %>
         <p class="text-right">Not logged in</p>
-        <%= link_to "Log In", login_path, class: "button float-right" %>
+        <%= link_to "Log In using Github", '/auth/github', class: "button float-right" %>
+        <%= link_to "Log In using Google", '/auth/google_oauth2', class: "button float-right" %>
       <% end %>
     </div>
   </header>

app/views/sessions/login_form.html.erb

@@ -1,7 +1,7 @@
 <h2>Log In</h2>
 <%= form_tag do %>
-  <%= label_tag(:username, "Username") %>
-  <%= text_field_tag(:username) %>
+  <%= label_tag(:name, "name") %>
+  <%= text_field_tag(:name) %>
   <%= submit_tag("Log In", class: "button") %>
 <% end %>
 

app/views/users/index.html.erb

@@ -10,7 +10,7 @@
   <tbody>
     <% @users.each do |user| %>
       <tr>
-        <td><%= link_to user.username, user_path(user) %></td>
+        <td><%= link_to user.name, user_path(user) %></td>
         <td><%= user.votes.count %></td>
         <td><%= render_date user.created_at %></td>
       </tr>

app/views/works/_form.html.erb

@@ -1,5 +1,6 @@
 <section>
   <%= form_for @work do |f| %>
+    <%= f.hidden_field :user_id, value: @work.user_id %>
     <%= f.hidden_field :category, value: @work.category %>
 
     <%= f.label :title %>

app/views/works/show.html.erb

@@ -23,7 +23,7 @@
     <tbody>
     <% @votes.each do |vote| %>
       <tr>
-        <td><%= link_to vote.user.username, user_path(vote.user) %></td>
+        <td><%= link_to vote.user.name, user_path(vote.user) %></td>
         <td><%= render_date vote.created_at %></td>
       </li>
     <% end %>