From 8fe132f2d1ab67c39f9abf95a1ad6ead5b608545 Mon Sep 17 00:00:00 2001
From: Trevor Vallender <trevor@tsvallender.co.uk>
Date: Sun, 21 Apr 2024 15:01:10 +0100
Subject: [PATCH] Sessions!

---
 .../account_verifications_controller.rb       |  4 ++-
 app/controllers/application_controller.rb     | 13 +++++++++
 app/controllers/sessions_controller.rb        | 28 +++++++++++++++++++
 app/controllers/todos_controller.rb           |  4 +++
 app/controllers/users_controller.rb           |  4 ++-
 app/helpers/sessions_helper.rb                |  5 ++++
 app/models/current.rb                         |  3 ++
 app/views/layouts/application.html.erb        |  9 ++++++
 app/views/sessions/new.html.erb               | 16 +++++++++++
 app/views/todos/index.html.erb                |  1 +
 app/views/users/new.html.erb                  |  4 +--
 config/locales/en.yml                         | 13 +++++++++
 config/routes.rb                              |  8 +++++-
 .../account_verifications_controller_test.rb  |  2 +-
 test/controllers/users_controller_test.rb     |  2 +-
 test/system/sessions_test.rb                  | 15 ++++++++++
 test/system/sign_ups_test.rb                  |  2 +-
 17 files changed, 125 insertions(+), 8 deletions(-)
 create mode 100644 app/controllers/sessions_controller.rb
 create mode 100644 app/controllers/todos_controller.rb
 create mode 100644 app/helpers/sessions_helper.rb
 create mode 100644 app/models/current.rb
 create mode 100644 app/views/sessions/new.html.erb
 create mode 100644 app/views/todos/index.html.erb
 create mode 100644 test/system/sessions_test.rb

diff --git a/app/controllers/account_verifications_controller.rb b/app/controllers/account_verifications_controller.rb
index 17c4fb0..31f4dc3 100644
--- a/app/controllers/account_verifications_controller.rb
+++ b/app/controllers/account_verifications_controller.rb
@@ -1,4 +1,6 @@
 class AccountVerificationsController < ApplicationController
+  skip_before_action :authenticate, only: [ :show ]
+
   def show
     user = User.find_by_token_for(:email_verification, params[:id])
     unless user
@@ -8,6 +10,6 @@ class AccountVerificationsController < ApplicationController
     user.update(verified: true)
     UserMailer.with(user: user).email_verified.deliver_later
     flash[:notice] = t(".success")
-    redirect_to :root # TODO: New session path
+    redirect_to login_path
   end
 end
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 09705d1..faa1473 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -1,2 +1,15 @@
 class ApplicationController < ActionController::Base
+  before_action :authenticate
+
+  private
+
+    def authenticate
+      Rails.logger.error "Session: #{session.inspect}"
+      if authenticated_user = User.find_by(id: session[:user_id])
+        Current.user = authenticated_user
+      else
+        flash[:alert] = t("not_authenticated")
+        redirect_to login_path
+      end
+    end
 end
diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
new file mode 100644
index 0000000..a4f7b05
--- /dev/null
+++ b/app/controllers/sessions_controller.rb
@@ -0,0 +1,28 @@
+class SessionsController < ApplicationController
+  skip_before_action :authenticate, only: [ :new, :create ]
+
+  def new
+  end
+
+  def create
+    Current.user = User.authenticate_by(
+      username: params[:username],
+      password: params[:password],
+    )
+    if Current.user
+      session[:user_id] = Current.user.id
+      flash[:notice] = t(".success", name: Current.user.first_name)
+      redirect_to :root
+    else
+      flash[:alert] = t(".error")
+      render :new, status: :unprocessable_entity
+    end
+  end
+
+  def destroy
+    reset_session
+    Current.user = nil
+    flash[:notice] = t(".success")
+    redirect_to login_path
+  end
+end
diff --git a/app/controllers/todos_controller.rb b/app/controllers/todos_controller.rb
new file mode 100644
index 0000000..c0d227b
--- /dev/null
+++ b/app/controllers/todos_controller.rb
@@ -0,0 +1,4 @@
+class TodosController < ApplicationController
+  def index
+  end
+end
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index d8f90c3..901280d 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -1,4 +1,6 @@
 class UsersController < ApplicationController
+  skip_before_action :authenticate, only: [ :new, :create ]
+
   def new
     @user = User.new
   end
@@ -9,7 +11,7 @@ class UsersController < ApplicationController
       token = @user.generate_token_for(:email_verification)
       UserMailer.with(user: @user, token: token).email_verification.deliver_later
       flash[:notice] = t(".success", name: @user.first_name)
-      redirect_to :root
+      redirect_to login_path
     else
       flash[:alert] = t(".error", error: @user.errors.full_messages.to_sentence)
       render :new, status: :unprocessable_entity
diff --git a/app/helpers/sessions_helper.rb b/app/helpers/sessions_helper.rb
new file mode 100644
index 0000000..49ee652
--- /dev/null
+++ b/app/helpers/sessions_helper.rb
@@ -0,0 +1,5 @@
+module SessionsHelper
+  def logged_in?
+    session[:user_id].present?
+  end
+end
diff --git a/app/models/current.rb b/app/models/current.rb
new file mode 100644
index 0000000..73a9744
--- /dev/null
+++ b/app/models/current.rb
@@ -0,0 +1,3 @@
+class Current < ActiveSupport::CurrentAttributes
+  attribute :user
+end
diff --git a/app/views/layouts/application.html.erb b/app/views/layouts/application.html.erb
index 11af577..a9767cd 100644
--- a/app/views/layouts/application.html.erb
+++ b/app/views/layouts/application.html.erb
@@ -16,6 +16,15 @@
     <header>
       <h1><%= link_to t("forg"), root_path %></h1>
     </header>
+    <nav>
+      <ul>
+        <li><%= link_to t("forg"), root_path %></li>
+        <% if logged_in? %>
+          <li><%= link_to t("log_out"), logout_path, data: {turbo_method: :delete} %></li>
+        <% else %>
+          <li><%= link_to t("log_in"), login_path %></li>
+          <li><%= link_to t("sign_up"), new_user_path %></li>
+        <% end %>
     <%= render partial: "shared/flash_messages" %>
     <main>
       <%= yield %>
diff --git a/app/views/sessions/new.html.erb b/app/views/sessions/new.html.erb
new file mode 100644
index 0000000..48372cd
--- /dev/null
+++ b/app/views/sessions/new.html.erb
@@ -0,0 +1,16 @@
+<% content_for :title, t(".log_in") %>
+
+<h1><%= t(".log_in") %></h1>
+
+<section class="inset">
+  <%= form_with url: sessions_path do |f| %>
+    <%= f.label :username %>
+    <%= f.text_field :username %>
+
+    <%= f.label :password %>
+    <%= f.password_field :password %>
+
+    <%= f.submit t(".log_in") %>
+  <% end %>
+</section>
+
diff --git a/app/views/todos/index.html.erb b/app/views/todos/index.html.erb
new file mode 100644
index 0000000..d87d760
--- /dev/null
+++ b/app/views/todos/index.html.erb
@@ -0,0 +1 @@
+<p>Hello</p>
diff --git a/app/views/users/new.html.erb b/app/views/users/new.html.erb
index 44b5f39..ca3855b 100644
--- a/app/views/users/new.html.erb
+++ b/app/views/users/new.html.erb
@@ -1,6 +1,6 @@
-<% content_for :title, "Sign up" %>
+<% content_for :title, t(".sign_up") %>
 
-<h2><%= t(".sign_up") %></h2>
+<h1><%= t(".sign_up") %></h1>
 
 <%= render partial: "users/form",
            locals: { user: @user, button_text: t(".sign_up") } %>
diff --git a/config/locales/en.yml b/config/locales/en.yml
index 338e709..041c3b2 100644
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -1,5 +1,9 @@
 en:
   forg: Forg
+  log_in: Log in
+  log_out: Log out
+  sign_up: Sign up
+  not_authenticated: You need to log in to access this page.
   layouts:
     mailer:
       greeting: "Hello, %{name}"
@@ -11,6 +15,15 @@ en:
     show:
       success: "Thanks for verifying your email address! You can now log in."
       error: "Invalid token, could not verify your account."
+  sessions:
+    create:
+      success: "Hello, %{name}!"
+      error: "Could not sign in. Please check your email and password."
+    new:
+      log_in: Log in
+    destroy:
+      log_out: Log out
+      success: "You have signed out."
   users:
     validations:
       email_format: "must be a valid email address"
diff --git a/config/routes.rb b/config/routes.rb
index d8047d3..97ec1cc 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -1,9 +1,15 @@
 Rails.application.routes.draw do
+  get 'todos/index'
   default_url_options host: "forg-app.com"
 
-  root "users#new"
+  root "todos#index"
+
+  get "login" => "sessions#new", as: :login
+  delete "logout" => "sessions#destroy", as: :logout
+
   resources :users, only: %i[new create]
   resources :account_verifications, only: %i[show]
+  resources :sessions, only: %i[new create destroy]
 
   get "up" => "rails/health#show", as: :rails_health_check
 end
diff --git a/test/controllers/account_verifications_controller_test.rb b/test/controllers/account_verifications_controller_test.rb
index 5f56120..8176194 100644
--- a/test/controllers/account_verifications_controller_test.rb
+++ b/test/controllers/account_verifications_controller_test.rb
@@ -9,6 +9,6 @@ class AccountVerificationsControllerTest < ActionDispatch::IntegrationTest
     end
     user.reload
     assert user.verified
-    assert_redirected_to root_url
+    assert_redirected_to login_path
   end
 end
diff --git a/test/controllers/users_controller_test.rb b/test/controllers/users_controller_test.rb
index db18f2e..7486ae8 100644
--- a/test/controllers/users_controller_test.rb
+++ b/test/controllers/users_controller_test.rb
@@ -10,7 +10,7 @@ class UsersControllerTest < ActionDispatch::IntegrationTest
     assert_changes("User.count", +1) do
       post(users_url, params: { user: user_params })
     end
-    assert_redirected_to :root
+    assert_redirected_to login_path
   end
 
   test "should email user for confirmation" do
diff --git a/test/system/sessions_test.rb b/test/system/sessions_test.rb
new file mode 100644
index 0000000..75bf285
--- /dev/null
+++ b/test/system/sessions_test.rb
@@ -0,0 +1,15 @@
+require "application_system_test_case"
+
+class SignUpsTest < ApplicationSystemTestCase
+  test "can log in, then out" do
+    visit new_session_url
+    fill_in attr_name(User, :username), with: users(:trevor).username
+    fill_in attr_name(User, :password), with: "password"
+    click_button I18n.t("sessions.new.log_in")
+
+    assert_text I18n.t("sessions.create.success", name: users(:trevor).first_name)
+
+    click_on I18n.t("sessions.destroy.log_out")
+    assert_text I18n.t("sessions.destroy.success")
+  end
+end
diff --git a/test/system/sign_ups_test.rb b/test/system/sign_ups_test.rb
index ab06856..25f4317 100644
--- a/test/system/sign_ups_test.rb
+++ b/test/system/sign_ups_test.rb
@@ -9,7 +9,7 @@ class SignUpsTest < ApplicationSystemTestCase
     fill_in attr_name(User, :email), with: "awesome_user@example.com"
     fill_in attr_name(User, :password), with: "password"
     fill_in attr_name(User, :password_confirmation), with: "password"
-    click_on I18n.t("users.new.sign_up")
+    click_button I18n.t("users.new.sign_up")
 
     assert_text I18n.t("users.create.success", name: "Awesome")
   end