-
-
Save jaimysimon/c0cf64cd0c6e5ab8adb470acf90db38e to your computer and use it in GitHub Desktop.
Overview of files generated by the Rails Authentication Generator
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# app/controllers/concerns/authentication.rb | |
module Authentication | |
extend ActiveSupport::Concern | |
included do | |
before_action :require_authentication | |
helper_method :authenticated? | |
end | |
class_methods do | |
def allow_unauthenticated_access(**options) | |
skip_before_action :require_authentication, **options | |
end | |
end | |
private | |
def authenticated? | |
Current.session.present? | |
end | |
def require_authentication | |
resume_session || request_authentication | |
end | |
def resume_session | |
if session = find_session_by_cookie | |
set_current_session session | |
end | |
end | |
def find_session_by_cookie | |
if token = cookies.signed[:session_token] | |
Session.find_by(token: token) | |
end | |
end | |
def request_authentication | |
session[:return_to_after_authenticating] = request.url | |
redirect_to new_session_url | |
end | |
def after_authentication_url | |
session.delete(:return_to_after_authenticating) || root_url | |
end | |
def start_new_session_for(user) | |
user.sessions.create!(user_agent: request.user_agent, ip_address: request.remote_ip).tap do |session| | |
set_current_session session | |
end | |
end | |
def set_current_session(session) | |
Current.session = session | |
cookies.signed.permanent[:session_token] = { value: session.token, httponly: true, same_site: :lax } | |
end | |
def terminate_session | |
Current.session.destroy | |
cookies.delete(:session_token) | |
end | |
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# app/models/current.rb | |
class Current < ActiveSupport::CurrentAttributes | |
attribute :session | |
delegate :user, to: :session, allow_nil: true | |
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# app/views/passwords/edit.html.erb | |
<h1>Update your password</h2> | |
<%= tag.div(flash[:alert], style: "color:red") if flash[:alert] %> | |
<%= form_with url: password_path(params[:token]), method: :put do |form| %> | |
<%= form.password_field :password, required: true, autocomplete: "new-password", placeholder: "Enter new password", maxlength: 72 %><br> | |
<%= form.password_field :password_confirmation, required: true, autocomplete: "new-password", placeholder: "Repeat new password", maxlength: 72 %><br> | |
<%= form.submit "Save" %> | |
<% end %> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# app/controllers/passwords_controller.rb | |
class PasswordsController < ApplicationController | |
allow_unauthenticated_access | |
before_action :set_user_by_token, only: %i[ edit update ] | |
def new | |
end | |
def create | |
if user = User.find_by(email_address: params[:email_address]) | |
PasswordsMailer.reset(user).deliver_later | |
end | |
redirect_to new_session_url, notice: "Password reset instructions sent (if user with that email address exists)." | |
end | |
def edit | |
end | |
def update | |
if @user.update(params.permit(:password, :password_confirmation)) | |
redirect_to new_session_url, notice: "Password has been reset." | |
else | |
redirect_to edit_password_url(params[:token]), alert: "Passwords did not match." | |
end | |
end | |
private | |
def set_user_by_token | |
@user = User.find_by_password_reset_token!(params[:token]) | |
rescue ActiveSupport::MessageVerifier::InvalidSignature | |
redirect_to new_password_url, alert: "Password reset link is invalid or has expired." | |
end | |
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# app/mailers/passwords_mailer.rb | |
class PasswordsMailer < ApplicationMailer | |
def reset(user) | |
@user = user | |
mail subject: "Reset your password", to: user.email_address | |
end | |
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# test/mailers/previews/passwords_mailer_preview.rb | |
# Preview all emails at http://localhost:3000/rails/mailers/passwords_mailer | |
class PasswordsMailerPreview < ActionMailer::Preview | |
# Preview this email at http://localhost:3000/rails/mailers/passwords_mailer/reset | |
def reset | |
PasswordsMailer.reset(User.take) | |
end | |
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# app/views/passwords/new.html.erb | |
<h1>Forgot your password?</h1> | |
<%= tag.div(flash[:alert], style: "color:red") if flash[:alert] %> | |
<%= form_with url: passwords_path do |form| %> | |
<%= form.email_field :email_address, required: true, autofocus: true, autocomplete: "username", placeholder: "Enter your email address", value: params[:email_address] %><br> | |
<%= form.submit "Email reset instructions" %> | |
<% end %> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# app/views/passwords_mailer/reset.html.erb | |
<p> | |
You can reset your password within the next 15 minutes on | |
<%= link_to "this password reset page", edit_password_url(@user.password_reset_token) %>. | |
</p> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# app/views/passwords_mailer/reset.text.erb | |
You can reset your password within the next 15 minutes on this password reset page: | |
<%= edit_password_url(@user.password_reset_token) %> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# app/models/session.rb | |
class Session < ApplicationRecord | |
has_secure_token | |
belongs_to :user | |
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# app/controllers/sessions_controller.rb | |
class SessionsController < ApplicationController | |
allow_unauthenticated_access only: %i[ new create ] | |
rate_limit to: 10, within: 3.minutes, only: :create, with: -> { redirect_to new_session_url, alert: "Try again later." } | |
def new | |
end | |
def create | |
if user = User.authenticate_by(params.permit(:email_address, :password)) | |
start_new_session_for user | |
redirect_to after_authentication_url | |
else | |
redirect_to new_session_url, alert: "Try another email address or password." | |
end | |
end | |
def destroy | |
terminate_session | |
redirect_to new_session_url | |
end | |
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# app/views/sessions/new.html.erb | |
<%= tag.div(flash[:alert], style: "color:red") if flash[:alert] %> | |
<%= tag.div(flash[:notice], style: "color:green") if flash[:notice] %> | |
<%= form_with url: session_path do |form| %> | |
<%= form.email_field :email_address, required: true, autofocus: true, autocomplete: "username", placeholder: "Enter your email address", value: params[:email_address] %><br> | |
<%= form.password_field :password, required: true, autocomplete: "current-password", placeholder: "Enter your password", maxlength: 72 %><br> | |
<%= form.submit "Sign in" %> | |
<% end %> | |
<br> | |
<%= link_to "Forgot password?", new_password_path %> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# app/models/user.rb | |
class User < ApplicationRecord | |
has_secure_password | |
has_many :sessions, dependent: :destroy | |
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# db/migrate/xxxxxxx_create_sessions.rb | |
class CreateSessions < ActiveRecord::Migration[8.0] | |
def change | |
create_table :sessions do |t| | |
t.references :user, null: false, foreign_key: true | |
t.string :token, null: false | |
t.string :ip_address | |
t.string :user_agent | |
t.timestamps | |
end | |
add_index :sessions, :token, unique: true | |
end | |
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# db/migrate/xxxxxxx_create_users.rb | |
class CreateUsers < ActiveRecord::Migration[8.0] | |
def change | |
create_table :users do |t| | |
t.string :email_address, null: false | |
t.string :password_digest, null: false | |
t.timestamps | |
end | |
add_index :users, :email_address, unique: true | |
end | |
end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment