Merge pull request #36 from khungking909/devise_lockable

devise_lockable
awesome-academy · Apr 8, 2024 · 6e77ca4 · 6e77ca4
2 parents c424782 + cb1604d
commit 6e77ca4
Show file tree

Hide file tree

Showing 33 changed files with 612 additions and 346 deletions.
diff --git a/Gemfile b/Gemfile
@@ -8,6 +8,7 @@ ruby "3.2.0"
 gem "bootstrap-sass", "3.4.1"
 gem "byebug"
 gem "connection_pool"
+gem "devise", "~> 4.1"
 gem "image_processing", ">= 1.2"
 gem "jquery-rails"
 gem "owlcarousel-rails"

diff --git a/Gemfile.lock b/Gemfile.lock
@@ -111,6 +111,12 @@ GEM
       irb (~> 1.10)
       reline (>= 0.3.8)
     deep_merge (1.2.2)
+    devise (4.9.3)
+      bcrypt (~> 3.0)
+      orm_adapter (~> 0.1)
+      railties (>= 4.1.0)
+      responders
+      warden (~> 1.2.3)
     diff-lcs (1.5.1)
     docile (1.4.0)
     dotenv (3.1.0)
@@ -178,6 +184,7 @@ GEM
     nio4r (2.7.1)
     nokogiri (1.16.3-x86_64-linux)
       racc (~> 1.4)
+    orm_adapter (0.5.0)
     owlcarousel-rails (2.2.3.5)
     pagy (7.0.11)
     psych (5.1.2)
@@ -236,6 +243,9 @@ GEM
     regexp_parser (2.9.0)
     reline (0.4.3)
       io-console (~> 0.5)
+    responders (3.1.1)
+      actionpack (>= 5.2)
+      railties (>= 5.2)
     rexml (3.2.6)
     rspec-core (3.13.0)
       rspec-support (~> 3.13.0)
@@ -297,6 +307,8 @@ GEM
       railties (>= 6.0.0)
     tzinfo (2.0.6)
       concurrent-ruby (~> 1.0)
+    warden (1.2.9)
+      rack (>= 2.0.9)
     web-console (4.2.1)
       actionview (>= 6.0.0)
       activemodel (>= 6.0.0)
@@ -324,6 +336,7 @@ DEPENDENCIES
   connection_pool
   cssbundling-rails (~> 1.4)
   debug
+  devise (~> 4.1)
   dotenv
   dotenv-rails
   factory_bot_rails

diff --git a/app/controllers/accounts_controller.rb b/app/controllers/accounts_controller.rb
@@ -1,23 +1,11 @@
 # frozen_string_literal: true
 
-class AccountsController < ApplicationController
-  def new
-    @account = Account.new
-  end
-
-  def create
-    @account = Account.new(account_params)
-    if @account.save
-      flash[:success] = t("accounts.register_success")
-      redirect_to(root_path)
-    else
-      render(:new, status: :unprocessable_entity)
-    end
-  end
+class AccountsController < Devise::RegistrationsController
+  before_action :configure_permitted_parameters, if: :devise_controller?
 
-  private
+  protected
 
-  def account_params
-    params.require(:account).permit(:name, :email, :address, :phone_number, :password, :password_confirmation)
+  def configure_permitted_parameters
+    devise_parameter_sanitizer.permit(:sign_up) { |u| u.permit(:email, :password, :password_confirmation, :name, :address, :phone_number) }
   end
 end
diff --git a/app/controllers/admin/admin_controller.rb b/app/controllers/admin/admin_controller.rb
@@ -8,7 +8,6 @@ class Admin::AdminController < ApplicationController
   def author_admin
     return if current_account.admin?
 
-    flash[:danger] = t("http_error.forbidden")
-    redirect_to(login_path)
+    redirect_to("/403.html")
   end
 end
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
@@ -2,7 +2,7 @@
 
 class ApplicationController < ActionController::Base
   include Pagy::Backend
-  include SessionsHelper
+  include Devise::Controllers::Helpers
 
   before_action :set_locale
 
@@ -17,9 +17,9 @@ def default_url_options
   private
 
   def logged_in_user
-    return if logged_in?
+    return if account_signed_in?
 
     flash[:danger] = t("sessions.mess_pls_login")
-    redirect_to(login_path)
+    redirect_to(new_account_session_path)
   end
 end
diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
@@ -1,38 +1,4 @@
 # frozen_string_literal: true
 
-class SessionsController < ApplicationController
-  before_action :load_account, :authen_account, only: :create
-
-  def new
-    @account = Account.new
-  end
-
-  def create
-    log_in(@account)
-    remember(@account)
-    flash[:success] = t("sessions.login_success")
-    redirect_to(root_path)
-  end
-
-  def destroy
-    log_out
-    redirect_to(root_url)
-  end
-
-  private
-
-  def load_account
-    @account = Account.find_by(email: params.dig(:session, :email)&.downcase)
-    return if @account
-
-    flash.now[:error] = t("sessions.login_email_err")
-    render(:new, status: :unprocessable_entity)
-  end
-
-  def authen_account
-    return if @account.authenticate(params.dig(:session, :password))
-
-    flash.now[:error] = t("sessions.login_password_err")
-    render(:new, status: :unprocessable_entity)
-  end
+class SessionsController < Devise::SessionsController
 end
diff --git a/app/helpers/sessions_helper.rb b/app/helpers/sessions_helper.rb
@@ -1,49 +1,7 @@
 # frozen_string_literal: true
 
-# rubocop:disable Rails/HelperInstanceVariable
-
 module SessionsHelper
-  def log_in(account)
-    session[:account_id] = account.id
-  end
-
-  def current_account
-    if (account_id = session[:account_id])
-      @current_account ||= Account.find_by(id: account_id)
-    elsif (account_id = cookies.signed[:account_id])
-      account = Account.find_by(id: account_id)
-      if account&.authenticated?(:remember, cookies[:remember_token])
-        log_in(account)
-        @current_account = account
-      end
-    end
-  end
-
-  def remember(account)
-    account.remember
-    cookies.permanent.signed[:account_id] = account.id
-    cookies.permanent[:remember_token] = account.remember_token
-  end
-
-  def forget(account)
-    account.forget
-    cookies.delete(:account_id)
-    cookies.delete(:remember_token)
-  end
-
-  def log_out
-    forget(current_account)
-    reset_session
-    @current_account = nil
-  end
-
-  def logged_in?
-    current_account.present?
-  end
-
   def check_admin
     current_account.admin?
   end
 end
-
-# rubocop:enable Rails/HelperInstanceVariable
diff --git a/app/models/account.rb b/app/models/account.rb
@@ -1,60 +1,16 @@
 # frozen_string_literal: true
 
 class Account < ApplicationRecord
-  VALID_EMAIL_REGEX = /\A[\w+\-.]+@[a-z\d\-.]+\.[a-z]+\z/i.freeze
-  private_constant :VALID_EMAIL_REGEX
-
-  attr_accessor :remember_token
-
-  before_save :downcase
+  # Include default devise modules. Others available are:
+  # :confirmable, :lockable, :timeoutable, :trackable and :omniauthable
+  devise :database_authenticatable, :registerable,
+         :recoverable, :rememberable, :validatable, :lockable
 
   enum role: { admin: 1, user: 0 }, _default: :user
 
   has_many :orders, dependent: :destroy
   has_many :comments, dependent: :destroy
   has_many :products, through: :comments
 
-  has_secure_password
-
   validates :name, presence: true, length: { maximum: Settings.DIGIT_50 }
-  validates :email, presence: true, length: { maximum: Settings.DIGIT_255 },
-                    format: { with: VALID_EMAIL_REGEX }, uniqueness: true
-  validates :password, presence: true, allow_nil: true
-
-  def self.digest(string)
-    cost = if ActiveModel::SecurePassword.min_cost
-             BCrypt::Engine::MIN_COST
-           else
-             BCrypt::Engine.cost
-           end
-    BCrypt::Password.create(string, cost: cost)
-  end
-
-  class << self
-    def new_token
-      SecureRandom.urlsafe_base64
-    end
-  end
-
-  def remember
-    self.remember_token = Account.new_token
-    update_column(:remember_digest, Account.digest(remember_token))
-  end
-
-  def authenticated?(attribute, token)
-    digest = send("#{attribute}_digest")
-    return false unless digest
-
-    BCrypt::Password.new(digest).is_password?(token)
-  end
-
-  def forget
-    update_column(:remember_digest, nil)
-  end
-
-  private
-
-  def downcase
-    email.downcase!
-  end
 end
diff --git a/app/views/accounts/_form.html.erb b/app/views/accounts/_form.html.erb
@@ -1,13 +1,13 @@
 <%= render "shared/error_messages", object: f.object %>
 <%= f.label t "accounts.personal_information" %>
-<%= f.text_field :name, placeholder: t("place_holder.name"), class: "glyphicon"  %>
-<%= f.text_field :address, placeholder: t("place_holder.address"), class: "glyphicon"  %>
-<%= f.text_field :phone_number, placeholder: t("place_holder.phone_number"), class: "glyphicon"  %>
+<%= f.text_field :name, placeholder: t("place_holder.name"), class: "w-100"  %>
+<%= f.text_field :address, placeholder: t("place_holder.address"), class: "w-100"  %>
+<%= f.text_field :phone_number, placeholder: t("place_holder.phone_number"), class: "w-100"  %>
 
 <%= f.label t("accounts.sign_in_information")%>
-<%= f.email_field :email, placeholder: t("place_holder.email"), class: "glyphicon" %>
-<%= f.password_field :password, placeholder: t("place_holder.password"), class: "glyphicon" %>
-<%= f.password_field :password_confirmation, placeholder: t("place_holder.password_confirmation"), class: "glyphicon" %>
+<%= f.email_field :email, placeholder: t("place_holder.email"), class: "w-100" %>
+<%= f.password_field :password, placeholder: t("place_holder.password"), class: "w-100" %>
+<%= f.password_field :password_confirmation, placeholder: t("place_holder.password_confirmation"), class: "w-100" %>
 <div class = "col-md-12" >
   <%= f.button uppercase(t("back")), class:"form-btn-back", onclick: "window.history.back();"  %>
   <%= f.submit uppercase(t("accounts.create")), class:"form-btn-submit" %>

diff --git a/app/views/accounts/new.html.erb b/app/views/accounts/new.html.erb
@@ -1,9 +1,9 @@
 <% provide :title, t("accounts.sign_up") %>
 
 <div class="row">
-  <div class="col-md-6 col-md-offset-3">
+  <div class="col-md-6 offset-md-3">
     <h1 class = "sign-up-title"><%= uppercase t("accounts.sign_up") %></h1>
-    <%= form_for @account do |f| %>
+    <%= form_for resource, as: resource_name, url: registration_path(resource_name) do |f| %>
       <%= render "form", f: f %>
     <% end %>
   </div>

diff --git a/app/views/layouts/_flash.html.erb b/app/views/layouts/_flash.html.erb
@@ -5,14 +5,18 @@
         <div class="alert alert-danger">
           <%= flash[:danger] %>
         </div>
-      <% when flash[:success] %>
-        <div class="alert alert-success">
-          <%= flash[:success] %>
+        <% when flash[:alert] %>
+        <div class="alert alert-danger">
+          <%= flash[:alert] %>
         </div>
       <% when flash[:error] %>
         <div class="alert alert-warning">
           <%= flash[:error] %>
         </div>
+      <% when flash[:notice] %>
+        <div class="alert alert-success">
+          <%= flash[:notice] %>
+        </div>
       <% when flash[:info] %>
         <div class="alert alert-dark">
           <%= flash[:info] %>

diff --git a/app/views/sessions/new.html.erb b/app/views/sessions/new.html.erb
@@ -1,9 +1,9 @@
-<%= render "layouts/flash" %>
 <div class="row">
   <div class="col-md-4 offset-md-1">
     <h2 class = "sign-up-title"><%= uppercase t("accounts.login_customer") %></h2>
     <h5><%= t("accounts.login_customer_message") %></h5>
-    <%= form_for :session, class: "new_account", url: login_path do |f| %>
+    <%= form_for resource, as: resource_name, url: session_path(resource_name), class: "new_account" do |f| %>
+      <%= render "layouts/flash" %>
       <%= f.email_field :email, placeholder: t("place_holder.email"), class: "glyphicon" %>
       <%= f.password_field :password, placeholder: t("place_holder.password"), class: "glyphicon" %>
       <div>
@@ -15,7 +15,7 @@
   <div class="col-md-4 offset-md-2">
     <h1 class = "sign-up-title"><%= uppercase t("accounts.rediect_login") %></h1>
     <h5 style = "margin-bottom: 40px"><%= t("accounts.register_customer_message") %></h5>
-    <%= link_to new_account_path,  class: "btn-redirect"  do %>
+    <%= link_to new_account_registration_path,  class: "btn-redirect"  do %>
       <%= uppercase t "accounts.create"%>
     <% end %>
 

diff --git a/app/views/shared/_header.html.erb b/app/views/shared/_header.html.erb
@@ -6,7 +6,7 @@
     </button>
     <div class="collapse navbar-collapse" id="navbarNav">
       <ul class="navbar-nav ms-auto">
-        <% if logged_in? %>
+        <% if account_signed_in? %>
           <li class="nav-item">
             <%= link_to t("header.home"), root_path, class: "nav-link" %>
           </li>
@@ -21,18 +21,18 @@
                 <%= link_to t("header.admin"), admin_products_path, class: "dropdown-item" %>
               <% end %>
               <%= link_to t("header.order"), orders_path, class: "dropdown-item" %>
-              <%= link_to t("header.log_out"), logout_path, class: "dropdown-item" %>
+              <%= link_to t("header.log_out"), destroy_account_session_path, class: "dropdown-item" %>
             </div>
           </li>
         <% else %>
           <li class="nav-item"></li>
             <%= link_to t("header.home"), root_url, class: "nav-link" %>
           </li>
           <li class="nav-item">
-            <%= link_to t("header.cart"), cart_path, class: "nav-link" %>
+            <%= link_to t("header.cart"), new_account_session_path, class: "nav-link" %>
           </li>
           <li class="nav-item">
-            <%= link_to t("header.login"), login_path, class: "nav-link" %>
+            <%= link_to t("header.login"), new_account_session_path, class: "nav-link" %>
           </li>
         <% end %>
       </ul>

diff --git a/config/application.rb b/config/application.rb
@@ -12,7 +12,7 @@ module DnMinaitei2Ecommerce
   class Application < Rails::Application
     # Initialize configuration defaults for originally generated Rails version.
     config.load_defaults(7.1)
-
+    config.time_zone = "Asia/Ho_Chi_Minh"
     # Please, add to the `ignore` list any other `lib` subdirectories that do
     # not contain `.rb` files, or that should not be reloaded or eager loaded.
     # Common ones are `templates`, `generators`, or `middleware`, for example.