diff --git a/.gitignore b/.gitignore index 81452db..1fa2a6d 100644 --- a/.gitignore +++ b/.gitignore @@ -29,3 +29,8 @@ # Ignore master key for decrypting credentials and more. /config/master.key + +# Ignore vendor +/vendor +/vender + diff --git a/.node-version b/.node-version new file mode 100644 index 0000000..fc2cbe5 --- /dev/null +++ b/.node-version @@ -0,0 +1 @@ +15.14.0 diff --git a/.rubocop.yml b/.rubocop.yml index 51b6561..31b59a4 100644 --- a/.rubocop.yml +++ b/.rubocop.yml @@ -1,4 +1,7 @@ # This file overrides https://github.com/bbatsov/rubocop/blob/master/config/default.yml + +require: + - rubocop-rails AllCops: NewCops: enable diff --git a/Gemfile b/Gemfile index 69a1e99..0ce805b 100644 --- a/Gemfile +++ b/Gemfile @@ -18,8 +18,6 @@ gem 'uglifier', '>= 1.3.0' # Use CoffeeScript for .coffee assets and views gem 'coffee-rails', '~> 4.2' -# Turbolinks makes navigating your web application faster. Read more: https://github.com/turbolinks/turbolinks -gem 'turbolinks', '~> 5' # Build JSON APIs with ease. Read more: https://github.com/rails/jbuilder # gem 'jbuilder', '~> 2.5' # Use Redis adapter to run Action Cable in production @@ -38,6 +36,7 @@ gem 'bootsnap', '>= 1.1.0', require: false gem 'bootstrap', '~> 4.5.0' gem 'font-awesome-sass', '~> 5.11.2' +gem 'sassc', '2.1.0' gem 'jquery-rails' gem 'sorcery', '0.15.0' diff --git a/Gemfile.lock b/Gemfile.lock index 4d91a41..09818e2 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -66,7 +66,7 @@ GEM rack-test (>= 0.6.3) regexp_parser (>= 1.5, < 3.0) xpath (~> 3.2) - childprocess (3.0.0) + childprocess (4.1.0) coderay (1.1.3) coffee-rails (4.2.2) coffee-script (>= 2.2.0) @@ -96,7 +96,7 @@ GEM faraday-excon (1.1.0) faraday-net_http (1.0.1) faraday-net_http_persistent (1.1.0) - ffi (1.15.0) + ffi (1.15.5) font-awesome-sass (5.11.2) sassc (>= 1.11) globalid (0.4.2) @@ -120,15 +120,15 @@ GEM marcel (1.0.1) method_source (1.0.0) mini_mime (1.1.0) - mini_portile2 (2.5.0) + mini_portile2 (2.8.4) minitest (5.14.4) msgpack (1.4.2) multi_json (1.15.0) multi_xml (0.6.0) multipart-post (2.1.1) nio4r (2.5.7) - nokogiri (1.11.3) - mini_portile2 (~> 2.5.0) + nokogiri (1.13.10) + mini_portile2 (~> 2.8.0) racc (~> 1.4) oauth (0.5.6) oauth2 (1.4.7) @@ -154,7 +154,7 @@ GEM pry (>= 0.10.4) public_suffix (4.0.6) puma (3.12.6) - racc (1.5.2) + racc (1.7.1) rack (2.2.3) rack-test (1.1.0) rack (>= 1.0, < 3) @@ -228,7 +228,7 @@ GEM ruby-progressbar (1.11.0) ruby2_keywords (0.0.4) ruby_dep (1.5.0) - rubyzip (2.3.0) + rubyzip (2.3.2) sass (3.7.4) sass-listen (~> 4.0.0) sass-listen (4.0.0) @@ -240,7 +240,7 @@ GEM sprockets (>= 2.8, < 4.0) sprockets-rails (>= 2.0, < 4.0) tilt (>= 1.1, < 3) - sassc (2.4.0) + sassc (2.1.0) ffi (~> 1.9) sassc-rails (2.1.2) railties (>= 4.0.0) @@ -248,8 +248,9 @@ GEM sprockets (> 3.0) sprockets-rails tilt - selenium-webdriver (3.142.7) - childprocess (>= 0.5, < 4.0) + selenium-webdriver (4.1.0) + childprocess (>= 0.5, < 5.0) + rexml (~> 3.2, >= 3.2.5) rubyzip (>= 1.2.2) sorcery (0.15.0) bcrypt (~> 3.1) @@ -270,9 +271,6 @@ GEM thor (1.1.0) thread_safe (0.3.6) tilt (2.0.10) - turbolinks (5.2.1) - turbolinks-source (~> 5.2) - turbolinks-source (5.2.0) tzinfo (1.2.9) thread_safe (~> 0.1) uglifier (4.2.0) @@ -283,10 +281,10 @@ GEM activemodel (>= 5.0) bindex (>= 0.4.0) railties (>= 5.0) - webdrivers (4.6.0) + webdrivers (5.3.1) nokogiri (~> 1.6) rubyzip (>= 1.3.0) - selenium-webdriver (>= 3.0, < 4.0) + selenium-webdriver (~> 4.0, < 4.11) websocket-driver (0.7.3) websocket-extensions (>= 0.1.0) websocket-extensions (0.1.5) @@ -320,11 +318,11 @@ DEPENDENCIES rubocop-checkstyle_formatter rubocop-rails sass-rails (~> 5.0) + sassc (= 2.1.0) sorcery (= 0.15.0) spring spring-watcher-listen (~> 2.0.0) sqlite3 - turbolinks (~> 5) tzinfo-data uglifier (>= 1.3.0) web-console (>= 3.3.0) @@ -334,4 +332,4 @@ RUBY VERSION ruby 2.6.6p146 BUNDLED WITH - 2.1.4 + 2.4.10 diff --git a/README.md b/README.md index 0f10412..b2fb251 100644 --- a/README.md +++ b/README.md @@ -6,4 +6,7 @@ - Ruby 2.6.6 を設定 - プロジェクトで利用するgemをインストール + - `bundle config --local path 'vendor/bundle'` + - `bundle config --local build.sassc -- --disable-march-tune-native` + - `bundle install` - データベース、テーブルを作成 diff --git a/app/assets/javascripts/application.js b/app/assets/javascripts/application.js index bfbf451..3ebdd26 100644 --- a/app/assets/javascripts/application.js +++ b/app/assets/javascripts/application.js @@ -15,5 +15,4 @@ //= require bootstrap-sprockets //= require rails-ujs //= require activestorage -//= require turbolinks //= require_tree . diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 09705d1..da73d30 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -1,2 +1,10 @@ class ApplicationController < ActionController::Base + add_flash_types :success, :info, :warning, :danger + before_action :require_login + + private + + def not_authenticated + redirect_to login_path, warning: 'Please login first.' + end end diff --git a/app/controllers/posts_controller.rb b/app/controllers/posts_controller.rb index 832f9fd..7c98c67 100644 --- a/app/controllers/posts_controller.rb +++ b/app/controllers/posts_controller.rb @@ -19,10 +19,10 @@ def edit; end # POST /posts def create - @post = Post.new(post_params) + @post = current_user.posts.build(post_params) if @post.save - redirect_to @post, notice: 'Post was successfully created.' + redirect_to @post, success: 'Post was successfully created.' else render :new end @@ -31,7 +31,7 @@ def create # PATCH/PUT /posts/1 def update if @post.update(post_params) - redirect_to @post, notice: 'Post was successfully updated.' + redirect_to @post, success: 'Post was successfully updated.' else render :edit end @@ -40,7 +40,7 @@ def update # DELETE /posts/1 def destroy @post.destroy - redirect_to posts_url, notice: 'Post was successfully destroyed.' + redirect_to posts_url, success: 'Post was successfully destroyed.' end private diff --git a/app/controllers/user_sessions_controller.rb b/app/controllers/user_sessions_controller.rb new file mode 100644 index 0000000..025ae44 --- /dev/null +++ b/app/controllers/user_sessions_controller.rb @@ -0,0 +1,20 @@ +class UserSessionsController < ApplicationController + skip_before_action :require_login, only: %i[new create] + + def new; end + + def create + @user = login(params[:email], params[:password]) + if @user + redirect_back_or_to posts_path, success: 'Login successful.' + else + flash.now[:danger] = 'Login failed.' + render :new + end + end + + def destroy + logout + redirect_to login_path, success: 'Logout successful.' + end +end diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb new file mode 100644 index 0000000..c8b9781 --- /dev/null +++ b/app/controllers/users_controller.rb @@ -0,0 +1,23 @@ +class UsersController < ApplicationController + skip_before_action :require_login, only: %i[new create] + + def new + @user = User.new + end + + def create + @user = User.new(user_params) + if @user.save + redirect_to login_path, success: 'User was successfully created.' + else + flash.now[:danger] = 'User creation failed.' + render :new + end + end + + private + + def user_params + params.require(:user).permit(:email, :password, :password_confirmation, :last_name, :first_name) + end +end diff --git a/app/models/post.rb b/app/models/post.rb index b2a8b46..b910192 100644 --- a/app/models/post.rb +++ b/app/models/post.rb @@ -1,2 +1,6 @@ class Post < ApplicationRecord + belongs_to :user + + validates :title, presence: true, length: { maximum: 255 } + validates :content, presence: true, length: { maximum: 65_535 } end diff --git a/app/models/user.rb b/app/models/user.rb new file mode 100644 index 0000000..79e4605 --- /dev/null +++ b/app/models/user.rb @@ -0,0 +1,20 @@ +class User < ApplicationRecord + authenticates_with_sorcery! + + has_many :posts, dependent: :destroy + + validates :password, length: { minimum: 3 }, if: -> { new_record? || changes[:crypted_password] } + validates :password, confirmation: true, if: -> { new_record? || changes[:crypted_password] } + validates :password_confirmation, presence: true, if: -> { new_record? || changes[:crypted_password] } + + validates :email, uniqueness: true + validates :email, presence: true + validates :first_name, presence: true, length: { maximum: 255 } + validates :last_name, presence: true, length: { maximum: 255 } + + def mine?(object) + # 呼び出し元のオブジェクトのIDを示す self.id を省略した記法。 + # @user.mine?(object)のように利用すると、object.user_id と @user.id を比較する。 + object.user_id == id + end +end diff --git a/app/views/layouts/application.html.erb b/app/views/layouts/application.html.erb index e47832c..d928a97 100644 --- a/app/views/layouts/application.html.erb +++ b/app/views/layouts/application.html.erb @@ -5,13 +5,16 @@ <%= csrf_meta_tags %> <%= csp_meta_tag %> - <%= stylesheet_link_tag 'application', media: 'all', 'data-turbolinks-track': 'reload' %> - <%= javascript_include_tag 'application', 'data-turbolinks-track': 'reload' %> + <%= stylesheet_link_tag 'application', media: 'all' %> + <%= javascript_include_tag 'application' %> - <%= render 'shared/header' %> - <%# render 'shared/before_login_header' %> + <% if logged_in? %> + <%= render 'shared/header' %> + <% else %> + <%= render 'shared/before_login_header' %> + <% end %> <%= render 'shared/flash_message' %> <%= yield %> <%= render 'shared/footer' %> diff --git a/app/views/posts/index.html.erb b/app/views/posts/index.html.erb index 48ec869..8949e8d 100644 --- a/app/views/posts/index.html.erb +++ b/app/views/posts/index.html.erb @@ -15,8 +15,10 @@ <%= post.title %> <%= post.content %> <%= link_to 'Show', post %> - <%= link_to 'Edit', edit_post_path(post) %> - <%= link_to 'Destroy', post, method: :delete, data: { confirm: 'Are you sure?' } %> + <% if current_user.mine?(post) %> + <%= link_to 'Edit', edit_post_path(post) %> + <%= link_to 'Destroy', post, method: :delete, data: { confirm: 'Are you sure?' } %> + <% end %> <% end %> diff --git a/app/views/posts/show.html.erb b/app/views/posts/show.html.erb index ec7bc32..f43fdab 100644 --- a/app/views/posts/show.html.erb +++ b/app/views/posts/show.html.erb @@ -7,6 +7,7 @@ Content: <%= @post.content %>

- -<%= link_to 'Edit', edit_post_path(@post) %> | +<% if current_user.mine?(@post) %> + <%= link_to 'Edit', edit_post_path(@post) %> | +<% end %> <%= link_to 'Back', posts_path %> diff --git a/app/views/shared/_before_login_header.html.erb b/app/views/shared/_before_login_header.html.erb index 25ccc8f..175de25 100644 --- a/app/views/shared/_before_login_header.html.erb +++ b/app/views/shared/_before_login_header.html.erb @@ -8,7 +8,7 @@ diff --git a/app/views/shared/_header.html.erb b/app/views/shared/_header.html.erb index c9857c4..dd52900 100644 --- a/app/views/shared/_header.html.erb +++ b/app/views/shared/_header.html.erb @@ -13,13 +13,13 @@ diff --git a/app/views/user_sessions/new.html.erb b/app/views/user_sessions/new.html.erb new file mode 100644 index 0000000..d67c335 --- /dev/null +++ b/app/views/user_sessions/new.html.erb @@ -0,0 +1,25 @@ +
+
+
+

Login

+ <%= form_with url: login_path, local: true do |f| %> +
+ <%= f.label :email %> + <%= f.email_field :email, class: 'form-control' %> +
+
+ <%= f.label :password %> + <%= f.password_field :password, class: 'form-control' %> +
+
+ <%= f.submit 'Login', class: 'btn btn-primary' %> +
+ <% end %> +
+ <%= link_to 'Signup', new_user_path %> + Forget Password? +
+
+
+
+ diff --git a/app/views/users/new.html.erb b/app/views/users/new.html.erb new file mode 100644 index 0000000..4c21447 --- /dev/null +++ b/app/views/users/new.html.erb @@ -0,0 +1,34 @@ +
+
+
+

New User

+ <%= form_with model: @user, local: true do |f| %> +
+ <%= f.label :last_name %> + <%= f.text_field :last_name, class: 'form-control' %> +
+
+ <%= f.label :first_name %> + <%= f.text_field :first_name, class: 'form-control' %> +
+
+ <%= f.label :email %> + <%= f.email_field :email, class: 'form-control' %> +
+
+ <%= f.label :password %> + <%= f.password_field :password, class: 'form-control' %> +
+
+ <%= f.label :password_confirmation %> + <%= f.password_field :password_confirmation, class: 'form-control' %> +
+ <%= f.submit class: 'btn btn-primary' %> + <% end %> +
+ <%= link_to 'Login', login_path %> +
+
+
+
+ diff --git a/config/initializers/sorcery.rb b/config/initializers/sorcery.rb new file mode 100644 index 0000000..30ba8da --- /dev/null +++ b/config/initializers/sorcery.rb @@ -0,0 +1,545 @@ +# The first thing you need to configure is which modules you need in your app. +# The default is nothing which will include only core features (password encryption, login/logout). +# +# Available submodules are: :user_activation, :http_basic_auth, :remember_me, +# :reset_password, :session_timeout, :brute_force_protection, :activity_logging, +# :magic_login, :external +Rails.application.config.sorcery.submodules = [] + +# Here you can configure each submodule's features. +Rails.application.config.sorcery.configure do |config| + # -- core -- + # What controller action to call for non-authenticated users. You can also + # override the 'not_authenticated' method of course. + # Default: `:not_authenticated` + # + # config.not_authenticated_action = + + # When a non logged-in user tries to enter a page that requires login, save + # the URL he wants to reach, and send him there after login, using 'redirect_back_or_to'. + # Default: `true` + # + # config.save_return_to_url = + + # Set domain option for cookies; Useful for remember_me submodule. + # Default: `nil` + # + # config.cookie_domain = + + # Allow the remember_me cookie to be set through AJAX + # Default: `true` + # + # config.remember_me_httponly = + + # Set token randomness. (e.g. user activation tokens) + # The length of the result string is about 4/3 of `token_randomness`. + # Default: `15` + # + # config.token_randomness = + + # -- session timeout -- + # How long in seconds to keep the session alive. + # Default: `3600` + # + # config.session_timeout = + + # Use the last action as the beginning of session timeout. + # Default: `false` + # + # config.session_timeout_from_last_action = + + # Invalidate active sessions. Requires an `invalidate_sessions_before` timestamp column + # Default: `false` + # + # config.session_timeout_invalidate_active_sessions_enabled = + + # -- http_basic_auth -- + # What realm to display for which controller name. For example {"My App" => "Application"} + # Default: `{"application" => "Application"}` + # + # config.controller_to_realm_map = + + # -- activity logging -- + # Will register the time of last user login, every login. + # Default: `true` + # + # config.register_login_time = + + # Will register the time of last user logout, every logout. + # Default: `true` + # + # config.register_logout_time = + + # Will register the time of last user action, every action. + # Default: `true` + # + # config.register_last_activity_time = + + # -- external -- + # What providers are supported by this app + # i.e. [:twitter, :facebook, :github, :linkedin, :xing, :google, :liveid, :salesforce, :slack, :line]. + # Default: `[]` + # + # config.external_providers = + + # You can change it by your local ca_file. i.e. '/etc/pki/tls/certs/ca-bundle.crt' + # Path to ca_file. By default use a internal ca-bundle.crt. + # Default: `'path/to/ca_file'` + # + # config.ca_file = + + # Linkedin requires r_emailaddress scope to fetch user's email address. + # You can skip including the email field if you use an intermediary signup form. (using build_from method). + # The r_emailaddress scope is only necessary if you are using the create_from method directly. + # + # config.linkedin.key = "" + # config.linkedin.secret = "" + # config.linkedin.callback_url = "http://0.0.0.0:3000/oauth/callback?provider=linkedin" + # config.linkedin.user_info_mapping = { + # first_name: 'localizedFirstName', + # last_name: 'localizedLastName', + # email: 'emailAddress' + # } + # config.linkedin.scope = "r_liteprofile r_emailaddress" + # + # + # For information about XING API: + # - user info fields go to https://dev.xing.com/docs/get/users/me + # + # config.xing.key = "" + # config.xing.secret = "" + # config.xing.callback_url = "http://0.0.0.0:3000/oauth/callback?provider=xing" + # config.xing.user_info_mapping = {first_name: "first_name", last_name: "last_name"} + # + # + # Twitter will not accept any requests nor redirect uri containing localhost, + # Make sure you use 0.0.0.0:3000 to access your app in development + # + # config.twitter.key = "" + # config.twitter.secret = "" + # config.twitter.callback_url = "http://0.0.0.0:3000/oauth/callback?provider=twitter" + # config.twitter.user_info_mapping = {:email => "screen_name"} + # + # config.facebook.key = "" + # config.facebook.secret = "" + # config.facebook.callback_url = "http://0.0.0.0:3000/oauth/callback?provider=facebook" + # config.facebook.user_info_path = "me?fields=email" + # config.facebook.user_info_mapping = {:email => "email"} + # config.facebook.access_permissions = ["email"] + # config.facebook.display = "page" + # config.facebook.api_version = "v2.3" + # config.facebook.parse = :json + # + # config.instagram.key = "" + # config.instagram.secret = "" + # config.instagram.callback_url = "http://0.0.0.0:3000/oauth/callback?provider=instagram" + # config.instagram.user_info_mapping = {:email => "username"} + # config.instagram.access_permissions = ["basic", "public_content", "follower_list", "comments", "relationships", "likes"] + # + # config.github.key = "" + # config.github.secret = "" + # config.github.callback_url = "http://0.0.0.0:3000/oauth/callback?provider=github" + # config.github.user_info_mapping = {:email => "name"} + # config.github.scope = "" + # + # config.paypal.key = "" + # config.paypal.secret = "" + # config.paypal.callback_url = "http://0.0.0.0:3000/oauth/callback?provider=paypal" + # config.paypal.user_info_mapping = {:email => "email"} + # + # config.wechat.key = "" + # config.wechat.secret = "" + # config.wechat.callback_url = "http://0.0.0.0:3000/oauth/callback?provider=wechat" + # + # For Auth0, site is required and should match the domain provided by Auth0. + # + # config.auth0.key = "" + # config.auth0.secret = "" + # config.auth0.callback_url = "https://0.0.0.0:3000/oauth/callback?provider=auth0" + # config.auth0.site = "https://example.auth0.com" + # + # config.google.key = "" + # config.google.secret = "" + # config.google.callback_url = "http://0.0.0.0:3000/oauth/callback?provider=google" + # config.google.user_info_mapping = {:email => "email", :username => "name"} + # config.google.scope = "https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile" + # + # For Microsoft Graph, the key will be your App ID, and the secret will be your app password/public key. + # The callback URL "can't contain a query string or invalid special characters" + # See: https://docs.microsoft.com/en-us/azure/active-directory/active-directory-v2-limitations#restrictions-on-redirect-uris + # More information at https://graph.microsoft.io/en-us/docs + # + # config.microsoft.key = "" + # config.microsoft.secret = "" + # config.microsoft.callback_url = "http://0.0.0.0:3000/oauth/callback/microsoft" + # config.microsoft.user_info_mapping = {:email => "userPrincipalName", :username => "displayName"} + # config.microsoft.scope = "openid email https://graph.microsoft.com/User.Read" + # + # config.vk.key = "" + # config.vk.secret = "" + # config.vk.callback_url = "http://0.0.0.0:3000/oauth/callback?provider=vk" + # config.vk.user_info_mapping = {:login => "domain", :name => "full_name"} + # config.vk.api_version = "5.71" + # + # config.slack.callback_url = "http://0.0.0.0:3000/oauth/callback?provider=slack" + # config.slack.key = '' + # config.slack.secret = '' + # config.slack.user_info_mapping = {email: 'email'} + # + # To use liveid in development mode you have to replace mydomain.com with + # a valid domain even in development. To use a valid domain in development + # simply add your domain in your /etc/hosts file in front of 127.0.0.1 + # + # config.liveid.key = "" + # config.liveid.secret = "" + # config.liveid.callback_url = "http://mydomain.com:3000/oauth/callback?provider=liveid" + # config.liveid.user_info_mapping = {:username => "name"} + + # For information about JIRA API: + # https://developer.atlassian.com/display/JIRADEV/JIRA+REST+API+Example+-+OAuth+authentication + # To obtain the consumer key and the public key you can use the jira-ruby gem https://github.com/sumoheavy/jira-ruby + # or run openssl req -x509 -nodes -newkey rsa:1024 -sha1 -keyout rsakey.pem -out rsacert.pem to obtain the public key + # Make sure you have configured the application link properly + + # config.jira.key = "1234567" + # config.jira.secret = "jiraTest" + # config.jira.site = "http://localhost:2990/jira/plugins/servlet/oauth" + # config.jira.signature_method = "RSA-SHA1" + # config.jira.private_key_file = "rsakey.pem" + + # For information about Salesforce API: + # https://developer.salesforce.com/signup & + # https://www.salesforce.com/us/developer/docs/api_rest/ + # Salesforce callback_url must be https. You can run the following to generate self-signed ssl cert: + # openssl req -new -newkey rsa:2048 -sha1 -days 365 -nodes -x509 -keyout server.key -out server.crt + # Make sure you have configured the application link properly + # config.salesforce.key = '123123' + # config.salesforce.secret = 'acb123' + # config.salesforce.callback_url = "https://127.0.0.1:9292/oauth/callback?provider=salesforce" + # config.salesforce.scope = "full" + # config.salesforce.user_info_mapping = {:email => "email"} + + # config.line.key = "" + # config.line.secret = "" + # config.line.callback_url = "http://mydomain.com:3000/oauth/callback?provider=line" + + # For infromation about Discord API + # https://discordapp.com/developers/docs/topics/oauth2 + # config.discord.key = "xxxxxx" + # config.discord.secret = "xxxxxx" + # config.discord.callback_url = "http://localhost:3000/oauth/callback?provider=discord" + # config.discord.scope = "email guilds" + # --- user config --- + config.user_config do |user| + # -- core -- + # Specify username attributes, for example: [:username, :email]. + # Default: `[:email]` + # + # user.username_attribute_names = + + # Change *virtual* password attribute, the one which is used until an encrypted one is generated. + # Default: `:password` + # + # user.password_attribute_name = + + # Downcase the username before trying to authenticate, default is false + # Default: `false` + # + # user.downcase_username_before_authenticating = + + # Change default email attribute. + # Default: `:email` + # + # user.email_attribute_name = + + # Change default crypted_password attribute. + # Default: `:crypted_password` + # + # user.crypted_password_attribute_name = + + # What pattern to use to join the password with the salt + # Default: `""` + # + # user.salt_join_token = + + # Change default salt attribute. + # Default: `:salt` + # + # user.salt_attribute_name = + + # How many times to apply encryption to the password. + # Default: 1 in test env, `nil` otherwise + # + user.stretches = 1 if Rails.env.test? + + # Encryption key used to encrypt reversible encryptions such as AES256. + # WARNING: If used for users' passwords, changing this key will leave passwords undecryptable! + # Default: `nil` + # + # user.encryption_key = + + # Use an external encryption class. + # Default: `nil` + # + # user.custom_encryption_provider = + + # Encryption algorithm name. See 'encryption_algorithm=' for available options. + # Default: `:bcrypt` + # + # user.encryption_algorithm = + + # Make this configuration inheritable for subclasses. Useful for ActiveRecord's STI. + # Default: `false` + # + # user.subclasses_inherit_config = + + # -- remember_me -- + # How long in seconds the session length will be + # Default: `60 * 60 * 24 * 7` + # + # user.remember_me_for = + + # When true, sorcery will persist a single remember me token for all + # logins/logouts (to support remembering on multiple browsers simultaneously). + # Default: false + # + # user.remember_me_token_persist_globally = + + # -- user_activation -- + # The attribute name to hold activation state (active/pending). + # Default: `:activation_state` + # + # user.activation_state_attribute_name = + + # The attribute name to hold activation code (sent by email). + # Default: `:activation_token` + # + # user.activation_token_attribute_name = + + # The attribute name to hold activation code expiration date. + # Default: `:activation_token_expires_at` + # + # user.activation_token_expires_at_attribute_name = + + # How many seconds before the activation code expires. nil for never expires. + # Default: `nil` + # + # user.activation_token_expiration_period = + + # REQUIRED: + # User activation mailer class. + # Default: `nil` + # + # user.user_activation_mailer = + + # When true, sorcery will not automatically + # send the activation details email, and allow you to + # manually handle how and when the email is sent. + # Default: `false` + # + # user.activation_mailer_disabled = + + # Method to send email related + # options: `:deliver_later`, `:deliver_now`, `:deliver` + # Default: :deliver (Rails version < 4.2) or :deliver_now (Rails version 4.2+) + # + # user.email_delivery_method = + + # Activation needed email method on your mailer class. + # Default: `:activation_needed_email` + # + # user.activation_needed_email_method_name = + + # Activation success email method on your mailer class. + # Default: `:activation_success_email` + # + # user.activation_success_email_method_name = + + # Do you want to prevent users who did not activate by email from logging in? + # Default: `true` + # + # user.prevent_non_active_users_to_login = + + # -- reset_password -- + # Password reset token attribute name. + # Default: `:reset_password_token` + # + # user.reset_password_token_attribute_name = + + # Password token expiry attribute name. + # Default: `:reset_password_token_expires_at` + # + # user.reset_password_token_expires_at_attribute_name = + + # When was password reset email sent. Used for hammering protection. + # Default: `:reset_password_email_sent_at` + # + # user.reset_password_email_sent_at_attribute_name = + + # REQUIRED: + # Password reset mailer class. + # Default: `nil` + # + # user.reset_password_mailer = + + # Reset password email method on your mailer class. + # Default: `:reset_password_email` + # + # user.reset_password_email_method_name = + + # When true, sorcery will not automatically + # send the password reset details email, and allow you to + # manually handle how and when the email is sent + # Default: `false` + # + # user.reset_password_mailer_disabled = + + # How many seconds before the reset request expires. nil for never expires. + # Default: `nil` + # + # user.reset_password_expiration_period = + + # Hammering protection: how long in seconds to wait before allowing another email to be sent. + # Default: `5 * 60` + # + # user.reset_password_time_between_emails = + + # Access counter to a reset password page attribute name + # Default: `:access_count_to_reset_password_page` + # + # user.reset_password_page_access_count_attribute_name = + + # -- magic_login -- + # Magic login code attribute name. + # Default: `:magic_login_token` + # + # user.magic_login_token_attribute_name = + + # Magic login expiry attribute name. + # Default: `:magic_login_token_expires_at` + # + # user.magic_login_token_expires_at_attribute_name = + + # When was magic login email sent — used for hammering protection. + # Default: `:magic_login_email_sent_at` + # + # user.magic_login_email_sent_at_attribute_name = + + # REQUIRED: + # Magic login mailer class. + # Default: `nil` + # + # user.magic_login_mailer_class = + + # Magic login email method on your mailer class. + # Default: `:magic_login_email` + # + # user.magic_login_email_method_name = + + # When true, sorcery will not automatically + # send magic login details email, and allow you to + # manually handle how and when the email is sent + # Default: `true` + # + # user.magic_login_mailer_disabled = + + # How many seconds before the request expires. nil for never expires. + # Default: `nil` + # + # user.magic_login_expiration_period = + + # Hammering protection: how long in seconds to wait before allowing another email to be sent. + # Default: `5 * 60` + # + # user.magic_login_time_between_emails = + + # -- brute_force_protection -- + # Failed logins attribute name. + # Default: `:failed_logins_count` + # + # user.failed_logins_count_attribute_name = + + # This field indicates whether user is banned and when it will be active again. + # Default: `:lock_expires_at` + # + # user.lock_expires_at_attribute_name = + + # How many failed logins are allowed. + # Default: `50` + # + # user.consecutive_login_retries_amount_limit = + + # How long the user should be banned, in seconds. 0 for permanent. + # Default: `60 * 60` + # + # user.login_lock_time_period = + + # Unlock token attribute name + # Default: `:unlock_token` + # + # user.unlock_token_attribute_name = + + # Unlock token mailer method + # Default: `:send_unlock_token_email` + # + # user.unlock_token_email_method_name = + + # When true, sorcery will not automatically + # send email with the unlock token + # Default: `false` + # + # user.unlock_token_mailer_disabled = true + + # REQUIRED: + # Unlock token mailer class. + # Default: `nil` + # + # user.unlock_token_mailer = + + # -- activity logging -- + # Last login attribute name. + # Default: `:last_login_at` + # + # user.last_login_at_attribute_name = + + # Last logout attribute name. + # Default: `:last_logout_at` + # + # user.last_logout_at_attribute_name = + + # Last activity attribute name. + # Default: `:last_activity_at` + # + # user.last_activity_at_attribute_name = + + # How long since user's last activity will they be considered logged out? + # Default: `10 * 60` + # + # user.activity_timeout = + + # -- external -- + # Class which holds the various external provider data for this user. + # Default: `nil` + # + # user.authentications_class = + + # User's identifier in the `authentications` class. + # Default: `:user_id` + # + # user.authentications_user_id_attribute_name = + + # Provider's identifier in the `authentications` class. + # Default: `:provider` + # + # user.provider_attribute_name = + + # User's external unique identifier in the `authentications` class. + # Default: `:uid` + # + # user.provider_uid_attribute_name = + end + + # This line must come after the 'user config' block. + # Define which model authenticates with sorcery. + config.user_class = "User" +end diff --git a/config/routes.rb b/config/routes.rb index abba78d..c45ee81 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -1,4 +1,7 @@ Rails.application.routes.draw do + get 'login', to: 'user_sessions#new' + post 'login', to: 'user_sessions#create' + delete 'logout', to: 'user_sessions#destroy' resources :posts - # For details on the DSL available within this file, see http://guides.rubyonrails.org/routing.html + resources :users, only: %i[new create] end diff --git a/db/migrate/20210417000922_sorcery_core.rb b/db/migrate/20210417000922_sorcery_core.rb new file mode 100644 index 0000000..a73966f --- /dev/null +++ b/db/migrate/20210417000922_sorcery_core.rb @@ -0,0 +1,15 @@ +class SorceryCore < ActiveRecord::Migration[5.2] + def change + create_table :users do |t| + t.string :email, null: false + t.string :crypted_password + t.string :salt + t.string :first_name, null: false + t.string :last_name, null: false + + t.timestamps null: false + end + + add_index :users, :email, unique: true + end +end diff --git a/db/migrate/20210417042717_add_user_id_to_posts.rb b/db/migrate/20210417042717_add_user_id_to_posts.rb new file mode 100644 index 0000000..fdb5564 --- /dev/null +++ b/db/migrate/20210417042717_add_user_id_to_posts.rb @@ -0,0 +1,5 @@ +class AddUserIdToPosts < ActiveRecord::Migration[5.2] + def change + add_reference :posts, :user, foreign_key: true, null: false + end +end diff --git a/db/schema.rb b/db/schema.rb index 533bc0b..8f95ac4 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -10,13 +10,26 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema.define(version: 2021_04_16_062704) do +ActiveRecord::Schema.define(version: 2021_04_17_042717) do create_table "posts", force: :cascade do |t| t.string "title" t.text "content" t.datetime "created_at", null: false t.datetime "updated_at", null: false + t.integer "user_id", null: false + t.index ["user_id"], name: "index_posts_on_user_id" + end + + create_table "users", force: :cascade do |t| + t.string "email", null: false + t.string "crypted_password" + t.string "salt" + t.string "first_name", null: false + t.string "last_name", null: false + t.datetime "created_at", null: false + t.datetime "updated_at", null: false + t.index ["email"], name: "index_users_on_email", unique: true end end diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb new file mode 100644 index 0000000..ab0da92 --- /dev/null +++ b/spec/models/user_spec.rb @@ -0,0 +1,4 @@ +require 'rails_helper' + +RSpec.describe User, type: :model do +end diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index d10f957..86edd1b 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -13,6 +13,7 @@ # it. # # See http://rubydoc.info/gems/rspec-core/RSpec/Core/Configuration +require 'capybara/rspec' RSpec.configure do |config| # rspec-expectations config goes here. You can use an alternate # assertion/expectation library such as wrong or the stdlib/minitest diff --git a/spec/system/posts_spec.rb b/spec/system/posts_spec.rb index 818971c..91ca0a9 100644 --- a/spec/system/posts_spec.rb +++ b/spec/system/posts_spec.rb @@ -18,12 +18,12 @@ expect(page).to have_css("label[for='password']"), 'Password というラベルをクリックすると対応するフィールドにフォーカスすることを確認してください' # ログイン用ボタンの存在確認 - expect(page).to have_button('ログイン'), 'ログイン用のボタンが表示されていることを確認してください' + expect(page).to have_button('Login'), 'ログイン用のボタンが表示されていることを確認してください' # ユーザーログイン処理 fill_in 'Email', with: user.email fill_in 'Password', with: 'password' - click_button 'ログイン' + click_button 'Login' end it '4-1:自分の投稿を編集することができる' do diff --git a/spec/system/user_sessions_spec.rb b/spec/system/user_sessions_spec.rb index 584c043..107f3b2 100644 --- a/spec/system/user_sessions_spec.rb +++ b/spec/system/user_sessions_spec.rb @@ -19,12 +19,12 @@ expect(page).to have_css("label[for='password']"), 'Password というラベルをクリックすると対応するフィールドにフォーカスすることを確認してください' # ログイン用ボタンの存在確認 - expect(page).to have_button('ログイン'), 'ログイン用のボタンが表示されていることを確認してください' + expect(page).to have_button('Login'), 'ログイン用のボタンが表示されていることを確認してください' # ユーザーログイン処理 fill_in 'Email', with: user.email fill_in 'Password', with: 'password' - click_button 'ログイン' + click_button 'Login' # 処理結果の確認 expect(current_path).not_to eq('/login'), 'ログイン処理が正しく行えるかを確認してください' @@ -47,12 +47,12 @@ expect(page).to have_css("label[for='password']"), 'Password というラベルをクリックすると対応するフィールドにフォーカスすることを確認してください' # ログイン用ボタンの存在確認 - expect(page).to have_button('ログイン'), 'ログイン用のボタンが表示されていることを確認してください' + expect(page).to have_button('Login'), 'ログイン用のボタンが表示されていることを確認してください' # ユーザーログイン処理 fill_in 'Email', with: nil fill_in 'Password', with: nil - click_button 'ログイン' + click_button 'Login' # 処理結果の確認 expect(current_path).not_to eq('/posts'), '入力項目が不足している場合にログインできていないかを確認してください' @@ -75,12 +75,12 @@ expect(page).to have_css("label[for='password']"), 'Password というラベルをクリックすると対応するフィールドにフォーカスすることを確認してください' # ログイン用ボタンの存在確認 - expect(page).to have_button('ログイン'), 'ログイン用のボタンが表示されていることを確認してください' + expect(page).to have_button('Login'), 'ログイン用のボタンが表示されていることを確認してください' # ユーザーログイン処理 fill_in 'Email', with: 'another_user@example.com' fill_in 'Password', with: 'password' - click_button 'ログイン' + click_button 'Login' # 処理結果の確認 expect(current_path).not_to eq('/posts'), '存在しないユーザーでログインできていないかを確認してください' @@ -103,12 +103,12 @@ expect(page).to have_css("label[for='password']"), 'Password というラベルをクリックすると対応するフィールドにフォーカスすることを確認してください' # ログイン用ボタンの存在確認 - expect(page).to have_button('ログイン'), 'ログイン用のボタンが表示されていることを確認してください' + expect(page).to have_button('Login'), 'ログイン用のボタンが表示されていることを確認してください' # ユーザーログイン処理 fill_in 'Email', with: user.email fill_in 'Password', with: 'wrong_password' - click_button 'ログイン' + click_button 'Login' # 処理結果の確認 expect(current_path).not_to eq('/posts'), 'パスワードが間違っている場合にログインできていないかを確認してください' @@ -133,12 +133,12 @@ expect(page).to have_css("label[for='password']"), 'Password というラベルをクリックすると対応するフィールドにフォーカスすることを確認してください' # ログイン用ボタンの存在確認 - expect(page).to have_button('ログイン'), 'ログイン用のボタンが表示されていることを確認してください' + expect(page).to have_button('Login'), 'ログイン用のボタンが表示されていることを確認してください' # ユーザーログイン処理 fill_in 'Email', with: second_user.email fill_in 'Password', with: 'password' - click_button 'ログイン' + click_button 'Login' # 処理結果の確認 expect(current_path).not_to eq('/login'), 'ログイン処理が正しく行えるかを確認してください' @@ -167,23 +167,23 @@ expect(page).to have_css("label[for='password']"), 'Password というラベルをクリックすると対応するフィールドにフォーカスすることを確認してください' # ログイン用ボタンの存在確認 - expect(page).to have_button('ログイン'), 'ログイン用のボタンが表示されていることを確認してください' + expect(page).to have_button('Login'), 'ログイン用のボタンが表示されていることを確認してください' # ユーザーログイン処理 fill_in 'Email', with: user.email fill_in 'Password', with: 'password' - click_button 'ログイン' + click_button 'Login' # ユーザーログアウト処理 find('#header-profile').click # ログアウト用ボタンの存在確認 - expect(page).to have_link('ログアウト'), 'ログアウトのボタンが表示されていることを確認してください' + expect(page).to have_link('Logout'), 'ログアウトのボタンが表示されていることを確認してください' - click_on 'ログアウト' + click_on 'Logout' # 処理結果の確認 - expect(page).to have_button('ログイン'), 'ログアウトができているかを確認してください' + expect(page).to have_button('Login'), 'ログアウトができているかを確認してください' end it '3-2:ログインしていない場合、ユーザーのログアウトリンクが表示されない' do @@ -191,7 +191,7 @@ visit '/login' # 処理結果の確認 - expect(page).not_to have_link('ログアウト'), 'ログインしていない場合でも、ログアウトリンクが表示されています' + expect(page).not_to have_link('Logout'), 'ログインしていない場合でも、ログアウトリンクが表示されています' end end end diff --git a/spec/system/users_spec.rb b/spec/system/users_spec.rb index 0b6e979..01eb89b 100644 --- a/spec/system/users_spec.rb +++ b/spec/system/users_spec.rb @@ -4,8 +4,8 @@ RSpec.describe "Users", type: :system do let(:user) { create(:user) } - describe '確認観点1:ユーザー新規登録' do - it '1-1:ユーザーの新規登録ができる' do + describe '確認観点1:ユーザー新規作成' do + it '1-1:ユーザーの新規作成ができる' do # 確認対象の画面に移動 visit 'users/new' @@ -23,22 +23,22 @@ expect(page).to have_css("label[for='user_password']"), 'Password というラベルをクリックすると対応するフィールドにフォーカスすることを確認してください' expect(page).to have_css("label[for='user_password_confirmation']"), 'Password confirmation というラベルをクリックすると対応するフィールドにフォーカスすることを確認してください' - # 登録ボタンの存在確認 - expect(page).to have_button('登録'), '登録ボタンが表示されていることを確認してください' + # ユーザー作成用ボタンの存在確認 + expect(page).to have_button('Create User'), 'ユーザー作成用のボタンが表示されていることを確認してください' - # ユーザー新規登録処理 + # ユーザー新規作成用の処理 expect { fill_in 'Last name', with: 'test01' fill_in 'First name', with: 'test01' fill_in 'Email', with: 'test01@example.com' fill_in 'Password', with: 'password' fill_in 'Password confirmation', with: 'password' - click_on '登録' + click_on 'Create User' }.to change { User.count }.by(1) # 処理結果の確認 expect(current_path).to eq('/login'), 'ユーザー作成後にログイン画面に遷移できていません' end - it '1-2:同じメールアドレスのユーザーは新規登録できない' do + it '1-2:同じメールアドレスのユーザーは新規作成できない' do # テストデータの用意 user = create(:user) # describe使わないので、let!を使わずに記載 @@ -59,21 +59,21 @@ expect(page).to have_css("label[for='user_password']"), 'Password というラベルをクリックすると対応するフィールドにフォーカスすることを確認してください' expect(page).to have_css("label[for='user_password_confirmation']"), 'Password confirmation というラベルをクリックすると対応するフィールドにフォーカスすることを確認してください' - # 登録ボタンの存在確認 - expect(page).to have_button('登録'), '登録ボタンが表示されていることを確認してください' + # ユーザー作成用ボタンの存在確認 + expect(page).to have_button('Create User'), 'ユーザー作成用のボタンが表示されていることを確認してください' - # ユーザー新規登録処理 + # ユーザー新規作成用の処理 expect { fill_in 'Last name', with: 'test01' fill_in 'First name', with: 'test01' fill_in 'Email', with: user.email fill_in 'Password', with: 'password' fill_in 'Password confirmation', with: 'password' - click_on '登録' + click_on 'Create User' }.to change { User.count }.by(0) # 処理結果の確認 end - it '1-3:入力項目が不足している場合に新規登録ができない' do + it '1-3:入力項目が不足している場合に新規作成ができない' do # 確認対象の画面に移動 visit 'users/new' @@ -91,17 +91,17 @@ expect(page).to have_css("label[for='user_password']"), 'Password というラベルをクリックすると対応するフィールドにフォーカスすることを確認してください' expect(page).to have_css("label[for='user_password_confirmation']"), 'Password confirmation というラベルをクリックすると対応するフィールドにフォーカスすることを確認してください' - # 登録ボタンの存在確認 - expect(page).to have_button('登録'), '登録ボタンが表示されていることを確認してください' + # ユーザー作成用ボタンの存在確認 + expect(page).to have_button('Create User'), 'ユーザー作成用のボタンが表示されていることを確認してください' - # ユーザー新規登録処理 + # ユーザー新規作成用の処理 expect { fill_in 'Last name', with: nil fill_in 'First name', with: nil fill_in 'Email', with: nil fill_in 'Password', with: nil fill_in 'Password confirmation', with: nil - click_on '登録' + click_on 'Create User' }.to change { User.count }.by(0) # 処理結果の確認 end end