diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 60c348c..1933cf4 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -2,7 +2,24 @@ class ApplicationController < ActionController::Base
# Prevent CSRF attacks by raising an exception.
# For APIs, you may want to use :null_session instead.
protect_from_forgery with: :exception
+ before_action :configure_permitted_parameters, if: :devise_controller?
+
+ def after_sign_in_path_for(resource)
+ new_user_session_path
+ end
+
+ def after_sign_up_path_for(resource)
+ root_path
+ end
include OrdersHelper
include ApplicationHelper
+
+ protected
+
+ def configure_permitted_parameters
+ devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(
+ :email, :nickname, :name, :last_name, :password, :password_confirmation
+ ) }
+ end
end
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 8b43342..639080f 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -1,49 +1,10 @@
class UsersController < ApplicationController
- def new
- @user = User.new
- end
-
def show
@user = User.find(params[:id])
@orders = @user.orders.paginate(page: params[:page])
end
- def create
- @user = User.new(user_params)
- if @user.save
- redirect_to @user
- else
- render 'new'
- end
- end
-
- def edit
- @user = User.find(params[:id])
- end
-
- def update
- @user = User.find(params[:id])
- if @user.update_attributes(user_params)
- redirect_to @user
- else
- render 'edit'
- end
- end
-
def index
@users = User.all
end
-
-
- def destroy
- User.find(params[:id]).destroy
- redirect_to users_path
- end
-
- private
-
- def user_params
- params.require(:user).permit(:name, :last_name, :password,
- :password_confirmation, :nickname)
- end
end
diff --git a/app/models/user.rb b/app/models/user.rb
index 008a430..81aca66 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -2,17 +2,34 @@
#
# Table name: users
#
-# id :integer not null, primary key
-# name :string(255)
-# last_name :string(255)
-# balance :integer default(0)
-# nickname :string(255)
-# password_digest :string(255)
-# created_at :datetime
-# updated_at :datetime
+# id :integer not null, primary key
+# name :string(255)
+# last_name :string(255)
+# balance :integer default(0)
+# nickname :string(255)
+# created_at :datetime
+# updated_at :datetime
+# email :string(255) default(""), not null
+# encrypted_password :string(255) default(""), not null
+# reset_password_token :string(255)
+# reset_password_sent_at :datetime
+# remember_created_at :datetime
+# sign_in_count :integer default(0), not null
+# current_sign_in_at :datetime
+# last_sign_in_at :datetime
+# current_sign_in_ip :string(255)
+# last_sign_in_ip :string(255)
+# confirmation_token :string(255)
+# confirmed_at :datetime
+# confirmation_sent_at :datetime
+# unconfirmed_email :string(255)
#
class User < ActiveRecord::Base
+ devise :database_authenticatable, :registerable,
+ :recoverable, :rememberable, :trackable, :validatable,
+ :confirmable
+
has_many :orders, -> { includes :products }
validates :name, presence: true
@@ -26,6 +43,4 @@ class User < ActiveRecord::Base
def pay(amount)
self.increment!(:balance, - amount)
end
-
- has_secure_password
end
diff --git a/app/views/devise/confirmations/new.html.erb b/app/views/devise/confirmations/new.html.erb
new file mode 100644
index 0000000..4540811
--- /dev/null
+++ b/app/views/devise/confirmations/new.html.erb
@@ -0,0 +1,16 @@
+Resend confirmation instructions
+
+<%= form_for(resource, as: resource_name, url: confirmation_path(resource_name), html: { method: :post }) do |f| %>
+ <%= devise_error_messages! %>
+
+
+ <%= f.label :email %>
+ <%= f.email_field :email, autofocus: true %>
+
+
+
+ <%= f.submit "Resend confirmation instructions" %>
+
+<% end %>
+
+<%= render "devise/shared/links" %>
diff --git a/app/views/devise/mailer/confirmation_instructions.html.erb b/app/views/devise/mailer/confirmation_instructions.html.erb
new file mode 100644
index 0000000..dc55f64
--- /dev/null
+++ b/app/views/devise/mailer/confirmation_instructions.html.erb
@@ -0,0 +1,5 @@
+Welcome <%= @email %>!
+
+You can confirm your account email through the link below:
+
+<%= link_to 'Confirm my account', confirmation_url(@resource, confirmation_token: @token) %>
diff --git a/app/views/devise/mailer/reset_password_instructions.html.erb b/app/views/devise/mailer/reset_password_instructions.html.erb
new file mode 100644
index 0000000..f667dc1
--- /dev/null
+++ b/app/views/devise/mailer/reset_password_instructions.html.erb
@@ -0,0 +1,8 @@
+Hello <%= @resource.email %>!
+
+Someone has requested a link to change your password. You can do this through the link below.
+
+<%= link_to 'Change my password', edit_password_url(@resource, reset_password_token: @token) %>
+
+If you didn't request this, please ignore this email.
+Your password won't change until you access the link above and create a new one.
diff --git a/app/views/devise/mailer/unlock_instructions.html.erb b/app/views/devise/mailer/unlock_instructions.html.erb
new file mode 100644
index 0000000..41e148b
--- /dev/null
+++ b/app/views/devise/mailer/unlock_instructions.html.erb
@@ -0,0 +1,7 @@
+Hello <%= @resource.email %>!
+
+Your account has been locked due to an excessive number of unsuccessful sign in attempts.
+
+Click the link below to unlock your account:
+
+<%= link_to 'Unlock my account', unlock_url(@resource, unlock_token: @token) %>
diff --git a/app/views/devise/passwords/edit.html.erb b/app/views/devise/passwords/edit.html.erb
new file mode 100644
index 0000000..1b2ff26
--- /dev/null
+++ b/app/views/devise/passwords/edit.html.erb
@@ -0,0 +1,22 @@
+Change your password
+
+<%= form_for(resource, as: resource_name, url: password_path(resource_name), html: { method: :put }) do |f| %>
+ <%= devise_error_messages! %>
+ <%= f.hidden_field :reset_password_token %>
+
+
+ <%= f.label :password, "New password" %>
+ <%= f.password_field :password, autofocus: true, autocomplete: "off" %>
+
+
+
+ <%= f.label :password_confirmation, "Confirm new password" %>
+ <%= f.password_field :password_confirmation, autocomplete: "off" %>
+
+
+
+ <%= f.submit "Change my password" %>
+
+<% end %>
+
+<%= render "devise/shared/links" %>
diff --git a/app/views/devise/passwords/new.html.erb b/app/views/devise/passwords/new.html.erb
new file mode 100644
index 0000000..3d6d11a
--- /dev/null
+++ b/app/views/devise/passwords/new.html.erb
@@ -0,0 +1,16 @@
+Forgot your password?
+
+<%= form_for(resource, as: resource_name, url: password_path(resource_name), html: { method: :post }) do |f| %>
+ <%= devise_error_messages! %>
+
+
+ <%= f.label :email %>
+ <%= f.email_field :email, autofocus: true %>
+
+
+
+ <%= f.submit "Send me reset password instructions" %>
+
+<% end %>
+
+<%= render "devise/shared/links" %>
diff --git a/app/views/devise/registrations/edit.html.erb b/app/views/devise/registrations/edit.html.erb
new file mode 100644
index 0000000..3ea40f0
--- /dev/null
+++ b/app/views/devise/registrations/edit.html.erb
@@ -0,0 +1,39 @@
+Edit <%= resource_name.to_s.humanize %>
+
+<%= form_for(resource, as: resource_name, url: registration_path(resource_name), html: { method: :put }) do |f| %>
+ <%= devise_error_messages! %>
+
+
+ <%= f.label :email %>
+ <%= f.email_field :email, autofocus: true %>
+
+
+ <% if devise_mapping.confirmable? && resource.pending_reconfirmation? %>
+ Currently waiting confirmation for: <%= resource.unconfirmed_email %>
+ <% end %>
+
+
+ <%= f.label :password %> (leave blank if you don't want to change it)
+ <%= f.password_field :password, autocomplete: "off" %>
+
+
+
+ <%= f.label :password_confirmation %>
+ <%= f.password_field :password_confirmation, autocomplete: "off" %>
+
+
+
+ <%= f.label :current_password %> (we need your current password to confirm your changes)
+ <%= f.password_field :current_password, autocomplete: "off" %>
+
+
+
+ <%= f.submit "Update" %>
+
+<% end %>
+
+Cancel my account
+
+Unhappy? <%= button_to "Cancel my account", registration_path(resource_name), data: { confirm: "Are you sure?" }, method: :delete %>
+
+<%= link_to "Back", :back %>
diff --git a/app/views/devise/registrations/new.html.erb b/app/views/devise/registrations/new.html.erb
new file mode 100644
index 0000000..fe4bd48
--- /dev/null
+++ b/app/views/devise/registrations/new.html.erb
@@ -0,0 +1,19 @@
+Sign up
+
+<%= form_for(resource, as: resource_name, url: registration_path(resource_name)) do |f| %>
+ <%= devise_error_messages! %>
+
+ <%= form_email_field f, :email %>
+ <%= form_text_field f, :nickname %>
+ <%= form_text_field f, :name %>
+ <%= form_text_field f, :last_name %>
+
+ <%= form_password_field f, :password %>
+ <%= form_password_field f, :password_confirmation %>
+
+
+ <%= f.submit "Sign up" %>
+
+<% end %>
+
+<%= render "devise/shared/links" %>
diff --git a/app/views/devise/sessions/new.html.erb b/app/views/devise/sessions/new.html.erb
new file mode 100644
index 0000000..d7cc711
--- /dev/null
+++ b/app/views/devise/sessions/new.html.erb
@@ -0,0 +1,27 @@
+Log in
+<%= render partial: 'flash' %>
+
+<%= form_for(resource, as: resource_name, url: session_path(resource_name)) do |f| %>
+
+ <%= f.label :email %>
+ <%= f.email_field :email, autofocus: true %>
+
+
+
+ <%= f.label :password %>
+ <%= f.password_field :password, autocomplete: "off" %>
+
+
+ <% if devise_mapping.rememberable? -%>
+
+ <%= f.check_box :remember_me %>
+ <%= f.label :remember_me %>
+
+ <% end -%>
+
+
+ <%= f.submit "Log in" %>
+
+<% end %>
+
+<%= render "devise/shared/links" %>
diff --git a/app/views/devise/shared/_links.html.erb b/app/views/devise/shared/_links.html.erb
new file mode 100644
index 0000000..cd795ad
--- /dev/null
+++ b/app/views/devise/shared/_links.html.erb
@@ -0,0 +1,25 @@
+<%- if controller_name != 'sessions' %>
+ <%= link_to "Log in", new_session_path(resource_name) %>
+<% end -%>
+
+<%- if devise_mapping.registerable? && controller_name != 'registrations' %>
+ <%= link_to "Sign up", new_registration_path(resource_name) %>
+<% end -%>
+
+<%- if devise_mapping.recoverable? && controller_name != 'passwords' && controller_name != 'registrations' %>
+ <%= link_to "Forgot your password?", new_password_path(resource_name) %>
+<% end -%>
+
+<%- if devise_mapping.confirmable? && controller_name != 'confirmations' %>
+ <%= link_to "Didn't receive confirmation instructions?", new_confirmation_path(resource_name) %>
+<% end -%>
+
+<%- if devise_mapping.lockable? && resource_class.unlock_strategy_enabled?(:email) && controller_name != 'unlocks' %>
+ <%= link_to "Didn't receive unlock instructions?", new_unlock_path(resource_name) %>
+<% end -%>
+
+<%- if devise_mapping.omniauthable? %>
+ <%- resource_class.omniauth_providers.each do |provider| %>
+ <%= link_to "Sign in with #{provider.to_s.titleize}", omniauth_authorize_path(resource_name, provider) %>
+ <% end -%>
+<% end -%>
diff --git a/app/views/devise/unlocks/new.html.erb b/app/views/devise/unlocks/new.html.erb
new file mode 100644
index 0000000..16586bc
--- /dev/null
+++ b/app/views/devise/unlocks/new.html.erb
@@ -0,0 +1,16 @@
+Resend unlock instructions
+
+<%= form_for(resource, as: resource_name, url: unlock_path(resource_name), html: { method: :post }) do |f| %>
+ <%= devise_error_messages! %>
+
+
+ <%= f.label :email %>
+ <%= f.email_field :email, autofocus: true %>
+
+
+
+ <%= f.submit "Resend unlock instructions" %>
+
+<% end %>
+
+<%= render "devise/shared/links" %>
diff --git a/app/views/layouts/_header.html.erb b/app/views/layouts/_header.html.erb
index 322431c..805918d 100644
--- a/app/views/layouts/_header.html.erb
+++ b/app/views/layouts/_header.html.erb
@@ -13,7 +13,6 @@
- - <%= link_to "Overview" , overview_path %>
-
Products
diff --git a/app/views/users/_form.html.erb b/app/views/users/_form.html.erb
new file mode 100644
index 0000000..de5545a
--- /dev/null
+++ b/app/views/users/_form.html.erb
@@ -0,0 +1,25 @@
+
+
+ <%= form_for(@user) do |f| %>
+ <%= render partial: 'errors', locals: { model: @user } %>
+
+ <%= f.label :nickname %>
+ <%= f.text_field :nickname %>
+
+ <%= f.label :name %>
+ <%= f.text_field :name %>
+
+ <%= f.label :last_name %>
+ <%= f.text_field :last_name %>
+
+ <%= f.label :password %>
+ <%= f.password_field :password %>
+
+ <%= f.label :password_confirmation, "Confirmation" %>
+ <%= f.password_field :password_confirmation %>
+
+ <%= f.submit class: "btn btn-primary" %>
+ <% end %>
+
+
+
diff --git a/app/views/users/edit.html.erb b/app/views/users/edit.html.erb
index 6c95db1..0d778e5 100644
--- a/app/views/users/edit.html.erb
+++ b/app/views/users/edit.html.erb
@@ -1,27 +1,2 @@
Update user
-
-
-
- <%= form_for(@user) do |f| %>
- <%= render partial: 'errors', locals: { model: @user } %>
-
- <%= f.label :nickname %>
- <%= f.text_field :nickname %>
-
- <%= f.label :name %>
- <%= f.text_field :name %>
-
- <%= f.label :last_name %>
- <%= f.text_field :last_name %>
-
- <%= f.label :password %>
- <%= f.password_field :password %>
-
- <%= f.label :password_confirmation, "Confirmation" %>
- <%= f.password_field :password_confirmation %>
-
- <%= f.submit "Save changes", class: "btn btn-primary" %>
- <% end %>
-
-
-
+<%= render 'form' %>
diff --git a/app/views/users/new.html.erb b/app/views/users/new.html.erb
index dfe2528..a3f28e6 100644
--- a/app/views/users/new.html.erb
+++ b/app/views/users/new.html.erb
@@ -1,26 +1,2 @@
Sign up
-
-
-
- <%= form_for(@user) do |f| %>
- <%= render partial: 'errors', locals: { model: @user } %>
-
- <%= f.label :nickname %>
- <%= f.text_field :nickname %>
-
- <%= f.label :name %>
- <%= f.text_field :name %>
-
- <%= f.label :last_name %>
- <%= f.text_field :last_name %>
-
- <%= f.label :password %>
- <%= f.password_field :password %>
-
- <%= f.label :password_confirmation, "Confirmation" %>
- <%= f.password_field :password_confirmation %>
-
- <%= f.submit "Create my account", class: "btn btn-primary" %>
- <% end %>
-
-
+<%= render 'form' %>
diff --git a/app/views/users/show.html.erb b/app/views/users/show.html.erb
index cbd8745..e486ac3 100644
--- a/app/views/users/show.html.erb
+++ b/app/views/users/show.html.erb
@@ -7,7 +7,7 @@
Balance: <%= @user.balance %>
User id: <%= @user.id %>
- <%= link_to "edit" , edit_user_path %>
+ <%= link_to "edit" , edit_user_registration_path %>
diff --git a/config/routes.rb b/config/routes.rb
index 21aeb4e..af59042 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -2,14 +2,14 @@ Rails.application.routes.draw do
root "orders#overview"
- resources :users do
+ devise_for :users
+
+ resources :users, only: [:show, :index] do
resources :orders, only: [:new, :create, :index]
end
resources :products
- get 'overview' => 'orders#overview'
-
# The priority is based upon order of creation: first created -> highest priority.
# See how all your routes lay out with "rake routes".
diff --git a/db/migrate/20141209144240_add_devise_to_users.rb b/db/migrate/20141209144240_add_devise_to_users.rb
new file mode 100644
index 0000000..41a9a17
--- /dev/null
+++ b/db/migrate/20141209144240_add_devise_to_users.rb
@@ -0,0 +1,49 @@
+class AddDeviseToUsers < ActiveRecord::Migration
+ def self.up
+ change_table(:users) do |t|
+ ## Database authenticatable
+ t.string :email, null: false, default: ""
+ t.string :encrypted_password, null: false, default: ""
+
+ ## Recoverable
+ t.string :reset_password_token
+ t.datetime :reset_password_sent_at
+
+ ## Rememberable
+ t.datetime :remember_created_at
+
+ ## Trackable
+ t.integer :sign_in_count, default: 0, null: false
+ t.datetime :current_sign_in_at
+ t.datetime :last_sign_in_at
+ t.string :current_sign_in_ip
+ t.string :last_sign_in_ip
+
+ ## Confirmable
+ t.string :confirmation_token
+ t.datetime :confirmed_at
+ t.datetime :confirmation_sent_at
+ t.string :unconfirmed_email # Only if using reconfirmable
+
+ ## Lockable
+ # t.integer :failed_attempts, default: 0, null: false # Only if lock strategy is :failed_attempts
+ # t.string :unlock_token # Only if unlock strategy is :email or :both
+ # t.datetime :locked_at
+
+
+ # Uncomment below if timestamps were not included in your original model.
+ # t.timestamps
+ end
+
+ add_index :users, :email, unique: true
+ add_index :users, :reset_password_token, unique: true
+ add_index :users, :confirmation_token, unique: true
+ # add_index :users, :unlock_token, unique: true
+ end
+
+ def self.down
+ # By default, we don't want to make any assumption about how to roll back a migration when your
+ # model already existed. Please edit below which fields you would like to remove in this migration.
+ raise ActiveRecord::IrreversibleMigration
+ end
+end
diff --git a/db/migrate/20141209144521_drop_password_digest_users.rb b/db/migrate/20141209144521_drop_password_digest_users.rb
new file mode 100644
index 0000000..3e78680
--- /dev/null
+++ b/db/migrate/20141209144521_drop_password_digest_users.rb
@@ -0,0 +1,5 @@
+class DropPasswordDigestUsers < ActiveRecord::Migration
+ def change
+ remove_column :users, :password_digest, :string
+ end
+end
diff --git a/db/schema.rb b/db/schema.rb
index 5791654..933881e 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -11,7 +11,7 @@
#
# It's strongly recommended that you check this file into your version control system.
-ActiveRecord::Schema.define(version: 20141208160113) do
+ActiveRecord::Schema.define(version: 20141209144521) do
create_table "order_products", force: true do |t|
t.integer "order_id"
@@ -43,11 +43,28 @@ ActiveRecord::Schema.define(version: 20141208160113) do
create_table "users", force: true do |t|
t.string "name"
t.string "last_name"
- t.integer "balance", default: 0
+ t.integer "balance", default: 0
t.string "nickname"
- t.string "password_digest"
t.datetime "created_at"
t.datetime "updated_at"
+ t.string "email", default: "", null: false
+ t.string "encrypted_password", default: "", null: false
+ t.string "reset_password_token"
+ t.datetime "reset_password_sent_at"
+ t.datetime "remember_created_at"
+ t.integer "sign_in_count", default: 0, null: false
+ t.datetime "current_sign_in_at"
+ t.datetime "last_sign_in_at"
+ t.string "current_sign_in_ip"
+ t.string "last_sign_in_ip"
+ t.string "confirmation_token"
+ t.datetime "confirmed_at"
+ t.datetime "confirmation_sent_at"
+ t.string "unconfirmed_email"
end
+ add_index "users", ["confirmation_token"], name: "index_users_on_confirmation_token", unique: true
+ add_index "users", ["email"], name: "index_users_on_email", unique: true
+ add_index "users", ["reset_password_token"], name: "index_users_on_reset_password_token", unique: true
+
end
diff --git a/test/fixtures/users.yml b/test/fixtures/users.yml
index 9d9c22b..7935295 100644
--- a/test/fixtures/users.yml
+++ b/test/fixtures/users.yml
@@ -2,14 +2,27 @@
#
# Table name: users
#
-# id :integer not null, primary key
-# name :string(255)
-# last_name :string(255)
-# balance :integer default(0)
-# nickname :string(255)
-# password_digest :string(255)
-# created_at :datetime
-# updated_at :datetime
+# id :integer not null, primary key
+# name :string(255)
+# last_name :string(255)
+# balance :integer default(0)
+# nickname :string(255)
+# created_at :datetime
+# updated_at :datetime
+# email :string(255) default(""), not null
+# encrypted_password :string(255) default(""), not null
+# reset_password_token :string(255)
+# reset_password_sent_at :datetime
+# remember_created_at :datetime
+# sign_in_count :integer default(0), not null
+# current_sign_in_at :datetime
+# last_sign_in_at :datetime
+# current_sign_in_ip :string(255)
+# last_sign_in_ip :string(255)
+# confirmation_token :string(255)
+# confirmed_at :datetime
+# confirmation_sent_at :datetime
+# unconfirmed_email :string(255)
#
# Read about fixtures at http://api.rubyonrails.org/classes/ActiveRecord/FixtureSet.html
diff --git a/test/models/user_test.rb b/test/models/user_test.rb
index 9c11dac..d3ab980 100644
--- a/test/models/user_test.rb
+++ b/test/models/user_test.rb
@@ -2,14 +2,27 @@
#
# Table name: users
#
-# id :integer not null, primary key
-# name :string(255)
-# last_name :string(255)
-# balance :integer default(0)
-# nickname :string(255)
-# password_digest :string(255)
-# created_at :datetime
-# updated_at :datetime
+# id :integer not null, primary key
+# name :string(255)
+# last_name :string(255)
+# balance :integer default(0)
+# nickname :string(255)
+# created_at :datetime
+# updated_at :datetime
+# email :string(255) default(""), not null
+# encrypted_password :string(255) default(""), not null
+# reset_password_token :string(255)
+# reset_password_sent_at :datetime
+# remember_created_at :datetime
+# sign_in_count :integer default(0), not null
+# current_sign_in_at :datetime
+# last_sign_in_at :datetime
+# current_sign_in_ip :string(255)
+# last_sign_in_ip :string(255)
+# confirmation_token :string(255)
+# confirmed_at :datetime
+# confirmation_sent_at :datetime
+# unconfirmed_email :string(255)
#
require 'test_helper'