Isaac Del Rosario --Carets

.gitignore

@@ -15,3 +15,4 @@
 
 # Ignore Byebug command history file.
 .byebug_history
+.env

Gemfile

@@ -1,12 +1,19 @@
 source 'https://rubygems.org'
 
-ruby '2.4.0'
+ruby '2.4.1'
 
 git_source(:github) do |repo_name|
   repo_name = "#{repo_name}/#{repo_name}" unless repo_name.include?("/")
   "https://github.com/#{repo_name}.git"
 end
 
+# Using OmniAutho
+gem "omniauth"
+gem "omniauth-github"
+
+# Awesome Print
+gem "awesome_print", require:"ap"
+
 # Bundle edge Rails instead: gem 'rails', github: 'rails/rails'
 gem 'rails', '~> 5.0.2'
 # Use postgresql as the database for Active Record
@@ -64,6 +71,8 @@ group :development do
   # Spring speeds up development by keeping your application running in the background. Read more: https://github.com/rails/spring
   gem 'spring'
   gem 'spring-watcher-listen', '~> 2.0.0'
+  # use env
+  gem 'dotenv-rails'
 end
 
 # Windows does not include zoneinfo files, so bundle the tzinfo-data gem

Gemfile.lock

@@ -40,6 +40,7 @@ GEM
       tzinfo (~> 1.1)
     ansi (1.5.0)
     arel (7.1.4)
+    awesome_print (1.8.0)
     babel-source (5.8.35)
     babel-transpiler (0.7.0)
       babel-source (>= 4.0, < 6)
@@ -60,15 +61,22 @@ GEM
       execjs
     coffee-script-source (1.12.2)
     concurrent-ruby (1.0.5)
+    dotenv (2.2.1)
+    dotenv-rails (2.2.1)
+      dotenv (= 2.2.1)
+      railties (>= 3.2, < 5.2)
     erubis (2.7.0)
     execjs (2.7.0)
+    faraday (0.12.2)
+      multipart-post (>= 1.2, < 3)
     ffi (1.9.18)
     foundation-rails (6.3.0.0)
       railties (>= 3.1.0)
       sass (>= 3.3.0, < 3.5)
       sprockets-es6 (>= 0.9.0)
     globalid (0.3.7)
       activesupport (>= 4.1.0)
+    hashie (3.5.6)
     i18n (0.8.1)
     jbuilder (2.6.3)
       activesupport (>= 3.0.0, < 5.2)
@@ -77,6 +85,7 @@ GEM
       rails-dom-testing (>= 1, < 3)
       railties (>= 4.2.0)
       thor (>= 0.14, < 2.0)
+    jwt (1.5.6)
     listen (3.0.8)
       rb-fsevent (~> 0.9, >= 0.9.4)
       rb-inotify (~> 0.9, >= 0.9.7)
@@ -104,9 +113,26 @@ GEM
       minitest (~> 5.0)
       rails (>= 4.1)
     multi_json (1.12.1)
+    multi_xml (0.6.0)
+    multipart-post (2.0.0)
     nio4r (2.0.0)
     nokogiri (1.7.1)
       mini_portile2 (~> 2.1.0)
+    oauth2 (1.4.0)
+      faraday (>= 0.8, < 0.13)
+      jwt (~> 1.0)
+      multi_json (~> 1.3)
+      multi_xml (~> 0.5)
+      rack (>= 1.2, < 3)
+    omniauth (1.7.1)
+      hashie (>= 3.4.6, < 3.6.0)
+      rack (>= 1.6.2, < 3)
+    omniauth-github (1.3.0)
+      omniauth (~> 1.5)
+      omniauth-oauth2 (>= 1.4.0, < 2.0)
+    omniauth-oauth2 (1.4.0)
+      oauth2 (~> 1.0)
+      omniauth (~> 1.2)
     pg (0.20.0)
     pry (0.10.4)
       coderay (~> 1.1.0)
@@ -193,9 +219,11 @@ PLATFORMS
   ruby
 
 DEPENDENCIES
+  awesome_print
   better_errors
   byebug
   coffee-rails (~> 4.2)
+  dotenv-rails
   foundation-rails
   jbuilder (~> 2.5)
   jquery-rails
@@ -204,6 +232,8 @@ DEPENDENCIES
   minitest-reporters
   minitest-skip
   minitest-spec-rails
+  omniauth
+  omniauth-github
   pg (~> 0.18)
   pry-rails
   puma (~> 3.0)
@@ -217,7 +247,7 @@ DEPENDENCIES
   web-console (>= 3.3.0)
 
 RUBY VERSION
-   ruby 2.4.0p0
+   ruby 2.4.1p111
 
 BUNDLED WITH
-   1.14.4
+   1.16.0.pre.3

app/controllers/sessions_controller.rb

@@ -1,34 +1,63 @@
 class SessionsController < ApplicationController
   def login_form
+    redirect_to "/auth/github"
   end
 
-  def login
-    username = params[:username]
-    if username and user = User.find_by(username: username)
-      session[:user_id] = user.id
-      flash[:status] = :success
-      flash[:result_text] = "Successfully logged in as existing user #{user.username}"
-    else
-      user = User.new(username: username)
-      if user.save
-        session[:user_id] = user.id
-        flash[:status] = :success
-        flash[:result_text] = "Successfully created new user #{user.username} with ID #{user.id}"
-      else
-        flash.now[:status] = :failure
-        flash.now[:result_text] = "Could not log in"
-        flash.now[:messages] = user.errors.messages
-        render "login_form", status: :bad_request
-        return
-      end
-    end
-    redirect_to root_path
-  end
+  # def login
+  #   username = params[:username]
+  #   if username and user = User.find_by(username: username)
+  #     session[:user_id] = user.id
+  #     flash[:status] = :success
+  #     flash[:result_text] = "Successfully logged in as existing user #{user.username}"
+  #   else
+  #     user = User.new(username: username)
+  #     if user.save
+  #       session[:user_id] = user.id
+  #       flash[:status] = :success
+  #       flash[:result_text] = "Successfully created new user #{user.username} with ID #{user.id}"
+  #     else
+  #       flash.now[:status] = :failure
+  #       flash.now[:result_text] = "Could not log in"
+  #       flash.now[:messages] = user.errors.messages
+  #       render "login_form", status: :bad_request
+  #       return
+  #     end
+  #   end
+  #   redirect_to root_path
+  # end
 
   def logout
     session[:user_id] = nil
     flash[:status] = :success
     flash[:result_text] = "Successfully logged out"
     redirect_to root_path
   end
+
+  def create
+    auth_hash = request.env['omniauth.auth']
+
+    if auth_hash['uid']
+      user = User.find_by(uid: auth_hash[:uid], provider: 'github')
+      if user.nil?
+        # User doesn't match anything in the DB
+        # Attempt to create a new user
+        # user = User.build_from_github(auth_hash)
+        user = User.new
+        user.username = auth_hash['info']['nickname']
+        user.email = auth_hash['info']['email']
+        user.uid = auth_hash['uid']
+        user.provider = auth_hash['provider']
+        user.save
+      else
+        flash[:success] = "Logged in successfully"
+        redirect_to root_path
+      end
+
+      # If we get here, we have the user instance
+      session[:user_id] = user.id
+    else
+      flash[:failure] = "Could not log in"
+      redirect_to root_path
+    end
+  end
 end

app/controllers/users_controller.rb

@@ -1,10 +1,20 @@
 class UsersController < ApplicationController
   def index
-    @users = User.all
+    if session[:user_id] != nil
+      @users = User.all
+    else
+      flash[:result_text] = "You must be logged in to see the list of users."
+      redirect_to root_path
+    end
   end
 
   def show
-    @user = User.find_by(id: params[:id])
-    render_404 unless @user
+    if session[:user_id] != nil
+      @user = User.find_by(id: params[:id])
+      render_404 unless @user
+    else
+      flash[:result_text] = "You must be logged in to see a user's profile."
+      redirect_to root_path
+    end
   end
 end

app/controllers/works_controller.rb

@@ -11,15 +11,26 @@ def root
   end
 
   def index
-    @works_by_category = Work.to_category_hash
+    if session[:user_id] != nil
+      @works_by_category = Work.to_category_hash
+    else
+      flash[:result_text] = "You must be logged in to see the complete list of media."
+      redirect_to root_path
+    end
   end
 
   def new
-    @work = Work.new
+    if session[:user_id] != nil
+      @work = Work.new
+    else
+      flash[:result_text] = "You must be logged in to create new work."
+      redirect_to root_path
+    end
   end
 
   def create
     @work = Work.new(media_params)
+    @work.user_id = session[:user_id]
     @media_category = @work.category
     if @work.save
       flash[:status] = :success
@@ -34,10 +45,26 @@ def create
   end
 
   def show
-    @votes = @work.votes.order(created_at: :desc)
+    if session[:user_id] != nil
+      @votes = @work.votes.order(created_at: :desc)
+    else
+      flash[:result_text] = "You must be logged in to see a work's detail page."
+      redirect_to root_path
+    end
   end
 
   def edit
+    work = Work.find_by(id: params[:id])
+    if work == nil
+      flash[:result_text] = "This work does not exist."
+      redirect_to root_path
+    elsif session[:user_id] == nil
+      flash[:result_text] = "You must be logged in to edit a work."
+      redirect_to root_path
+    elsif work.user == nil || work.user.id != session[:user_id]
+      flash[:result_text] = "You must be the creator of a work to edit it."
+      redirect_to root_path
+    end
   end
 
   def update
@@ -55,10 +82,21 @@ def update
   end
 
   def destroy
-    @work.destroy
-    flash[:status] = :success
-    flash[:result_text] = "Successfully destroyed #{@media_category.singularize} #{@work.id}"
-    redirect_to root_path
+    if !@work
+      flash[:result_text] = "This work does not exist."
+      redirect_to root_path
+    elsif session[:user_id] == nil
+      flash[:result_text] = "You must be logged in to delete a work."
+      redirect_to root_path
+    elsif @work.user == nil || @work.user.id != session[:user_id]
+      flash[:result_text] = "You must be the creator of a work to delete it."
+      redirect_to root_path
+    else
+      @work.destroy
+      flash[:status] = :success
+      flash[:result_text] = "Successfully destroyed #{@media_category.singularize} #{@work.id}"
+      redirect_to root_path
+    end
   end
 
   def upvote
@@ -90,7 +128,7 @@ def upvote
 
 private
   def media_params
-    params.require(:work).permit(:title, :category, :creator, :description, :publication_year)
+    params.require(:work).permit(:user_id, :title, :category, :creator, :description, :publication_year)
   end
 
   def category_from_work

app/models/user.rb

@@ -1,6 +1,9 @@
 class User < ApplicationRecord
   has_many :votes
   has_many :ranked_works, through: :votes, source: :work
+  # Wave 3
+  has_many :works
+  # End Wave 3
 
   validates :username, uniqueness: true, presence: true
 end

app/models/work.rb

@@ -2,6 +2,9 @@ class Work < ApplicationRecord
   CATEGORIES = %w(album book movie)
   has_many :votes, dependent: :destroy
   has_many :ranking_users, through: :votes, source: :user
+  # Wave 3
+  belongs_to :user
+  # End Wave 3
 
   validates :category,  presence: true,
                         inclusion: { in: CATEGORIES }

app/views/sessions/create.html.erb

@@ -0,0 +1,21 @@
+<h2>Log In</h2>
+<%= form_tag do %>
+  <%= label_tag(:username, "Username") %>
+  <%= text_field_tag(:username) %>
+  <%= submit_tag("Log In", class: "button") %>
+<% end %>
+
+<article>
+  <h4>A note about logging in</h4>
+  <p>
+    There is no password field. In fact, there is no indication whatsoever
+    that you are who you say you are. There's nothing special about users -
+    username is just another piece of data that the user entered and we have to keep
+    track of.
+  </p>
+
+  <p>
+    We'll learn more about security and authentication in the next couple weeks.
+    For now, don't worry about it beyond what you can see here.
+  </p>
+</article>

config/initializers/omniauth.rb

@@ -0,0 +1,3 @@
+Rails.application.config.middleware.use OmniAuth::Builder do
+  provider :github, ENV["GITHUB_CLIENT_ID"], ENV["GITHUB_CLIENT_SECRET"], scope: "user:email"
+end

config/routes.rb

@@ -2,9 +2,10 @@
   # For details on the DSL available within this file, see http://guides.rubyonrails.org/routing.html
   root 'works#root'
   get '/login', to: 'sessions#login_form', as: 'login'
-  post '/login', to: 'sessions#login'
+  get "/auth/:provider/callback", to: "sessions#create"
   post '/logout', to: 'sessions#logout', as: 'logout'
 
+
   resources :works
   post '/works/:id/upvote', to: 'works#upvote', as: 'upvote'
 

db/migrate/20171016204913_add_email_uid_and_provider_column_to_user.rb

@@ -0,0 +1,7 @@
+class AddEmailUidAndProviderColumnToUser < ActiveRecord::Migration[5.0]
+  def change
+    add_column( :users, :email, :string )
+    add_column( :users, :uid, :integer, null: false ) # this is the identifier provided by GitHub
+    add_column( :users, :provider, :string, null: false ) # this tells us who provided the identifier
+  end
+end