From ca981708b0f813bf7340bab9df626b6f56a88acf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alan=20Hern=C3=A1ndez?= Date: Thu, 14 Mar 2024 22:16:48 -0600 Subject: [PATCH 1/3] Added email confirmation & fixed error, the current user cannot see posts from other users #25 --- Gemfile | 2 ++ Gemfile.lock | 10 ++++++- app/controllers/application_controller.rb | 7 +++++ app/controllers/posts_controller.rb | 29 +++++++++++++++---- app/mailers/application_mailer.rb | 4 +-- app/models/post.rb | 1 - app/models/user.rb | 3 +- app/views/devise/registrations/new.html.erb | 15 ++++++++++ app/views/posts/_cards.html.erb | 6 ++-- app/views/posts/show.html.erb | 2 +- config/environment.rb | 12 +++++++- config/environments/development.rb | 1 + config/initializers/devise.rb | 2 +- ...mable_to_users_from_add_devise_to_users.rb | 11 +++++++ db/schema.rb | 6 +++- .../previews/user_notifier_mailer_preview.rb | 4 +++ test/mailers/user_notifier_mailer_test.rb | 7 +++++ 17 files changed, 105 insertions(+), 17 deletions(-) create mode 100644 db/migrate/20240314180719_add_confirmable_to_users_from_add_devise_to_users.rb create mode 100644 test/mailers/previews/user_notifier_mailer_preview.rb create mode 100644 test/mailers/user_notifier_mailer_test.rb diff --git a/Gemfile b/Gemfile index df74404..3462a64 100644 --- a/Gemfile +++ b/Gemfile @@ -80,6 +80,8 @@ gem 'image_processing', '>= 1.2' gem 'dotenv', groups: %i[development test] +gem 'jquery-rails' +gem 'jquery-ui-rails' gem 'omniauth' gem 'omniauth-google-oauth2' gem 'omniauth-rails_csrf_protection', '~> 1.0' diff --git a/Gemfile.lock b/Gemfile.lock index ee7f9e2..e5f8707 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -135,6 +135,12 @@ GEM jbuilder (2.11.5) actionview (>= 5.0.0) activesupport (>= 5.0.0) + jquery-rails (4.6.0) + rails-dom-testing (>= 1, < 3) + railties (>= 4.2.0) + thor (>= 0.14, < 2.0) + jquery-ui-rails (6.0.1) + railties (>= 3.2.16) json (2.7.1) jwt (2.8.1) base64 @@ -355,6 +361,8 @@ DEPENDENCIES image_processing (>= 1.2) importmap-rails jbuilder + jquery-rails + jquery-ui-rails omniauth omniauth-google-oauth2 omniauth-rails_csrf_protection (~> 1.0) @@ -371,7 +379,7 @@ DEPENDENCIES web-console RUBY VERSION - ruby 3.1.2p20 + ruby 3.1.3p185 BUNDLED WITH 2.5.5 diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 09705d1..91de328 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -1,2 +1,9 @@ class ApplicationController < ActionController::Base + before_action :configure_permitted_parameters, if: :devise_controller? + + private + + def configure_permitted_parameters + devise_parameter_sanitizer.permit(:sign_up, keys: %i[name lastName image_profile]) + end end diff --git a/app/controllers/posts_controller.rb b/app/controllers/posts_controller.rb index fd6a41a..63ec238 100644 --- a/app/controllers/posts_controller.rb +++ b/app/controllers/posts_controller.rb @@ -1,6 +1,7 @@ class PostsController < ApplicationController - before_action :authenticate_user! before_action :set_post, only: %i[show destroy edit update] + before_action :authenticate_user!, except: %i[show index] + def new @post = Post.new end @@ -20,12 +21,25 @@ def create end def index - @posts = Post.user_post(current_user) + @posts = Post.all end - def edit; end + def edit + unless current_user == @post.user + redirect_to root_path, alert: 'You are not authorized to edit this post.' + end + end + + def show + @post = Post.find(params[:id]) + end def update + unless current_user == @post.user + redirect_to root_path, alert: 'You are not authorized to update this post.' + return + end + respond_to do |format| if @post.update(post_params) update_status(format) @@ -37,10 +51,15 @@ def update end def destroy + unless current_user == @post.user + redirect_to root_path, alert: 'You are not authorized to delete this post.' + return + end + @post.destroy respond_to do |format| - format.html { redirect_to root_path, notice: 'Post was succesfully deleted.' } + format.html { redirect_to root_path, notice: 'Post was successfully deleted.' } format.json { head :no_content } end end @@ -49,7 +68,7 @@ def destroy # Use callbacks to share common setup or constraints between actions. def set_post - @post = Post.user_post(current_user).find(params[:id]) + @post = Post.find(params[:id]) end # Only allow a list of trusted parameters through. diff --git a/app/mailers/application_mailer.rb b/app/mailers/application_mailer.rb index 3c34c81..c1501ec 100644 --- a/app/mailers/application_mailer.rb +++ b/app/mailers/application_mailer.rb @@ -1,4 +1,4 @@ class ApplicationMailer < ActionMailer::Base - default from: "from@example.com" - layout "mailer" + default from: 'megatorterra@hotmail.com' + layout 'mailer' end diff --git a/app/models/post.rb b/app/models/post.rb index d01fc55..ab21965 100644 --- a/app/models/post.rb +++ b/app/models/post.rb @@ -6,7 +6,6 @@ class Post < ApplicationRecord has_many_attached :images validates :body, presence: true - validate :validate_at_least_one_image_attached validate :validate_image_content_type attr_accessor :images_to_remove diff --git a/app/models/user.rb b/app/models/user.rb index 68167cd..2f48b9d 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -6,7 +6,8 @@ class User < ApplicationRecord has_many :posts devise :database_authenticatable, :registerable, - :recoverable, :rememberable, :validatable, :omniauthable, omniauth_providers: %i[google_oauth2] + :recoverable, :rememberable, :validatable, + :confirmable, :omniauthable, omniauth_providers: %i[google_oauth2] def self.from_omniauth(access_token) data = access_token.info diff --git a/app/views/devise/registrations/new.html.erb b/app/views/devise/registrations/new.html.erb index d9a3f2d..40ecc2c 100644 --- a/app/views/devise/registrations/new.html.erb +++ b/app/views/devise/registrations/new.html.erb @@ -3,6 +3,21 @@ <%= form_for(resource, as: resource_name, url: registration_path(resource_name)) do |f| %> <%= render "devise/shared/error_messages", resource: resource %> +
+ <%= f.label :name %> + <%= f.text_field :name, autofocus: true %> +
+ +
+ <%= f.label :lastName %> + <%= f.text_field :lastName, autofocus: true %> +
+ +
+ <%= f.label :image_profile, "Upload a new image", style: "display: block" %> + <%= f.file_field :image_profile %> +
+
<%= f.label :email %> <%= f.email_field :email, autofocus: true, autocomplete: "email" %> diff --git a/app/views/posts/_cards.html.erb b/app/views/posts/_cards.html.erb index 94c391d..8802e64 100644 --- a/app/views/posts/_cards.html.erb +++ b/app/views/posts/_cards.html.erb @@ -1,4 +1,4 @@ -<%= link_to "Sign Out", destroy_user_session_path %> +<%= button_to "Sign Out", destroy_user_session_path, method: :delete %>
<% @posts.each do |post| %> @@ -8,8 +8,8 @@
<%= image_tag('default-light.png') %>
-

John Doe

-

1 hour ago

+

<%=post.user.name%> <%=post.user.lastName%>

+

<%= post.created_at.strftime("%d-%m-%Y a las %H:%M") %>

diff --git a/app/views/posts/show.html.erb b/app/views/posts/show.html.erb index f4f2884..b47572a 100644 --- a/app/views/posts/show.html.erb +++ b/app/views/posts/show.html.erb @@ -1,4 +1,4 @@ -

PublicaciĆ³n de <%= current_user.email %>

+

PublicaciĆ³n de <%= @post.user.name %>

<%=@post.body%>

<% if @post.images.attached? %> diff --git a/config/environment.rb b/config/environment.rb index cac5315..c3214f5 100644 --- a/config/environment.rb +++ b/config/environment.rb @@ -1,5 +1,15 @@ # Load the Rails application. -require_relative "application" +require_relative 'application' # Initialize the Rails application. Rails.application.initialize! + +ActionMailer::Base.smtp_settings = { + user_name: 'apikey', # This is the string literal 'apikey', NOT the ID of your API key + password: ENV['SENDGRID_API_KEY'], # This is the secret sendgrid API key which was issued during API key creation + domain: 'hotmail.com', + address: 'smtp.sendgrid.net', + port: 587, + authentication: :plain, + enable_starttls_auto: true +} diff --git a/config/environments/development.rb b/config/environments/development.rb index 691627e..e33bd3c 100644 --- a/config/environments/development.rb +++ b/config/environments/development.rb @@ -2,6 +2,7 @@ Rails.application.configure do # Settings specified here will take precedence over those in config/application.rb. + config.action_mailer.default_url_options = { host: 'localhost', port: 3000 } # In the development environment your application's code is reloaded any time # it changes. This slows down response time but is perfect for development diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb index d6dc33a..8ed6476 100644 --- a/config/initializers/devise.rb +++ b/config/initializers/devise.rb @@ -24,7 +24,7 @@ # Configure the e-mail address which will be shown in Devise::Mailer, # note that it will be overwritten if you use your own mailer class # with default "from" parameter. - config.mailer_sender = 'please-change-me-at-config-initializers-devise@example.com' + config.mailer_sender = 'megatorterra@hotmail.com' config.omniauth :google_oauth2, Rails.application.credentials.GOOGLE_OAUTH_CLIENT_ID, Rails.application.credentials.GOOGLE_OAUTH_CLIENT_SERVER diff --git a/db/migrate/20240314180719_add_confirmable_to_users_from_add_devise_to_users.rb b/db/migrate/20240314180719_add_confirmable_to_users_from_add_devise_to_users.rb new file mode 100644 index 0000000..4ac9ff0 --- /dev/null +++ b/db/migrate/20240314180719_add_confirmable_to_users_from_add_devise_to_users.rb @@ -0,0 +1,11 @@ +class AddConfirmableToUsersFromAddDeviseToUsers < ActiveRecord::Migration[7.1] + def change + change_table :users do |t| + ## Confirmable + t.string :confirmation_token + t.datetime :confirmed_at + t.datetime :confirmation_sent_at + t.string :unconfirmed_email # Only if using reconfirmable + end + end +end diff --git a/db/schema.rb b/db/schema.rb index 1937947..db24123 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -10,7 +10,7 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema[7.1].define(version: 2024_03_12_235147) do +ActiveRecord::Schema[7.1].define(version: 2024_03_14_180719) do # These are extensions that must be enabled in order to support this database enable_extension "plpgsql" @@ -125,6 +125,10 @@ t.string "uid" t.string "avatar_url" t.string "provider" + t.string "confirmation_token" + t.datetime "confirmed_at" + t.datetime "confirmation_sent_at" + t.string "unconfirmed_email" t.index ["email"], name: "index_users_on_email", unique: true t.index ["reset_password_token"], name: "index_users_on_reset_password_token", unique: true end diff --git a/test/mailers/previews/user_notifier_mailer_preview.rb b/test/mailers/previews/user_notifier_mailer_preview.rb new file mode 100644 index 0000000..0ba6841 --- /dev/null +++ b/test/mailers/previews/user_notifier_mailer_preview.rb @@ -0,0 +1,4 @@ +# Preview all emails at http://localhost:3000/rails/mailers/user_notifier_mailer +class UserNotifierMailerPreview < ActionMailer::Preview + +end diff --git a/test/mailers/user_notifier_mailer_test.rb b/test/mailers/user_notifier_mailer_test.rb new file mode 100644 index 0000000..1691ba9 --- /dev/null +++ b/test/mailers/user_notifier_mailer_test.rb @@ -0,0 +1,7 @@ +require "test_helper" + +class UserNotifierMailerTest < ActionMailer::TestCase + # test "the truth" do + # assert true + # end +end From e0d7e54378e1355f942f2be32c7088237cf1c58a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alan=20Hern=C3=A1ndez?= Date: Thu, 14 Mar 2024 22:21:20 -0600 Subject: [PATCH 2/3] Change index function #25 --- app/controllers/posts_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/controllers/posts_controller.rb b/app/controllers/posts_controller.rb index 63ec238..3bfe038 100644 --- a/app/controllers/posts_controller.rb +++ b/app/controllers/posts_controller.rb @@ -21,7 +21,7 @@ def create end def index - @posts = Post.all + @posts = Post.user_post(current_user) end def edit From c794779e5106be819cd2c549c52bd0f070409da5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alan=20Hern=C3=A1ndez?= <73453092+BlazeDex@users.noreply.github.com> Date: Thu, 14 Mar 2024 23:53:43 -0600 Subject: [PATCH 3/3] Delete JQuery gems from the Gemfile --- Gemfile | 2 -- 1 file changed, 2 deletions(-) diff --git a/Gemfile b/Gemfile index 3462a64..df74404 100644 --- a/Gemfile +++ b/Gemfile @@ -80,8 +80,6 @@ gem 'image_processing', '>= 1.2' gem 'dotenv', groups: %i[development test] -gem 'jquery-rails' -gem 'jquery-ui-rails' gem 'omniauth' gem 'omniauth-google-oauth2' gem 'omniauth-rails_csrf_protection', '~> 1.0'