From 0504b377deda6410838d37427a7990f86db678bf Mon Sep 17 00:00:00 2001 From: CarolineOlivier Date: Wed, 11 Dec 2024 15:46:34 +0100 Subject: [PATCH 1/2] Add lockable and confirmable functionality --- app/models/user.rb | 10 +++++++--- config/initializers/devise.rb | 19 ++++++++++--------- .../20241211112558_add_lockable_to_users.rb | 7 +++++++ ...20241211135607_add_confirmable_to_users.rb | 9 +++++++++ db/schema.rb | 6 ++++-- 5 files changed, 37 insertions(+), 14 deletions(-) create mode 100644 db/migrate/20241211112558_add_lockable_to_users.rb create mode 100644 db/migrate/20241211135607_add_confirmable_to_users.rb diff --git a/app/models/user.rb b/app/models/user.rb index ec61233..ed7a444 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -1,7 +1,11 @@ class User < ApplicationRecord - devise :database_authenticatable, :registerable, - :recoverable, :rememberable, :validatable - before_create :generate_random_username + devise :database_authenticatable, :registerable, + :recoverable, :rememberable, :validatable, + :lockable, :confirmable + + before_create :generate_random_username + end + has_many :posts, dependent: :destroy has_many :votes, dependent: :destroy diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb index 9d57959..7440a1d 100644 --- a/config/initializers/devise.rb +++ b/config/initializers/devise.rb @@ -129,10 +129,10 @@ # config.pepper = 'd8309c756fed20b8d01e2099ab4b6e21249fea910862fc90bc158edf96843190b1a468bdeb305bdb7150f8d83725984f373f66fd1b6bbca20950e654e681cf8d' # Send a notification to the original email when the user's email is changed. - # config.send_email_changed_notification = false + config.send_email_changed_notification = true # Send a notification email when the user's password is changed. - # config.send_password_change_notification = false + config.send_password_change_notification = true # ==> Configuration for :confirmable # A period that the user is allowed to access the website even without @@ -194,10 +194,10 @@ # Defines which strategy will be used to lock an account. # :failed_attempts = Locks an account after a number of failed attempts to sign in. # :none = No lock strategy. You should handle locking by yourself. - # config.lock_strategy = :failed_attempts + config.lock_strategy = :failed_attempts # Defines which key will be used when locking and unlocking an account - # config.unlock_keys = [:email] + config.unlock_keys = [:email] # Defines which strategy will be used to unlock an account. # :email = Sends an unlock link to the user email @@ -205,30 +205,31 @@ # :both = Enables both strategies # :none = No unlock strategy. You should handle unlocking by yourself. # config.unlock_strategy = :both + config.unlock_strategy = :email # Number of authentication tries before locking an account if lock_strategy # is failed attempts. - # config.maximum_attempts = 20 + config.maximum_attempts = 5 # Time interval to unlock the account if :time is enabled as unlock_strategy. # config.unlock_in = 1.hour # Warn on the last attempt before the account is locked. - # config.last_attempt_warning = true + config.last_attempt_warning = true # ==> Configuration for :recoverable # # Defines which key will be used when recovering the password for an account - # config.reset_password_keys = [:email] + config.reset_password_keys = [:email] # Time interval you can reset your password with a reset password key. # Don't put a too small interval or your users won't have the time to # change their passwords. - config.reset_password_within = 6.hours + config.reset_password_within = 30.minutes # When set to false, does not sign a user in automatically after their password is # reset. Defaults to true, so a user is signed in automatically after a reset. - # config.sign_in_after_reset_password = true + config.sign_in_after_reset_password = false # ==> Configuration for :encryptable # Allow you to use another hashing or encryption algorithm besides bcrypt (default). diff --git a/db/migrate/20241211112558_add_lockable_to_users.rb b/db/migrate/20241211112558_add_lockable_to_users.rb new file mode 100644 index 0000000..9f3ce95 --- /dev/null +++ b/db/migrate/20241211112558_add_lockable_to_users.rb @@ -0,0 +1,7 @@ +class AddLockableToUsers < ActiveRecord::Migration[6.1] + def change + add_column :users, :failed_attempts, :integer, default: 0, null: false + add_column :users, :unlock_token, :string + add_column :users, :locked_at, :datetime + end +end diff --git a/db/migrate/20241211135607_add_confirmable_to_users.rb b/db/migrate/20241211135607_add_confirmable_to_users.rb new file mode 100644 index 0000000..97620c8 --- /dev/null +++ b/db/migrate/20241211135607_add_confirmable_to_users.rb @@ -0,0 +1,9 @@ +class AddConfirmableToUsers < ActiveRecord::Migration[6.1] + def change + add_column :users, :confirmation_token, :string + add_column :users, :confirmed_at, :datetime + add_column :users, :confirmation_sent_at, :datetime + add_column :users, :unconfirmed_email, :string # Optional if using reconfirmable + add_index :users, :confirmation_token, unique: true + end +end diff --git a/db/schema.rb b/db/schema.rb index cfbb4b6..e950ff2 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -10,7 +10,7 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema[8.0].define(version: 2024_12_10_154205) do +ActiveRecord::Schema[8.0].define(version: 2024_12_11_112558) do # These are extensions that must be enabled in order to support this database enable_extension "pg_catalog.plpgsql" @@ -100,7 +100,9 @@ t.boolean "accepted_cgu", default: false, null: false t.boolean "accepted_privacy_policy", default: false, null: false t.datetime "accepted_at" - t.string "ethereum_address" + t.integer "failed_attempts", default: 0, null: false + t.string "unlock_token" + t.datetime "locked_at", precision: nil t.index ["email"], name: "index_users_on_email", unique: true t.index ["reset_password_token"], name: "index_users_on_reset_password_token", unique: true end From ca0c517d929dde32cedbb2c14e498421425fb06b Mon Sep 17 00:00:00 2001 From: CarolineOlivier Date: Wed, 11 Dec 2024 22:16:48 +0100 Subject: [PATCH 2/2] Save changes to user.rb before switching branch --- app/models/user.rb | 23 +++++++++-------------- 1 file changed, 9 insertions(+), 14 deletions(-) diff --git a/app/models/user.rb b/app/models/user.rb index ed7a444..07b6b7c 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -1,12 +1,8 @@ class User < ApplicationRecord - devise :database_authenticatable, :registerable, - :recoverable, :rememberable, :validatable, - :lockable, :confirmable + devise :database_authenticatable, :registerable, + :recoverable, :rememberable, :validatable, + :lockable, :confirmable - before_create :generate_random_username - end - - has_many :posts, dependent: :destroy has_many :votes, dependent: :destroy has_many :cryptos, through: :votes @@ -16,21 +12,16 @@ class User < ApplicationRecord has_many :favorites, dependent: :destroy has_many :favorite_cryptos, through: :favorites, source: :crypto # this relationship represents the cryptos that the user has marked as favorites + before_create :generate_random_username + before_create :set_accepted_at after_create :welcome_send after_destroy :send_account_deleted_email - def welcome_send - UserMailer.welcome_email(self).deliver_now - end - validates :accepted_cgu, inclusion: { in: [true], message: "Please accept the Terms of Service to continue." }, on: :create validates :accepted_privacy_policy, inclusion: { in: [true], message: "Please accept the Privacy Policy to continue." }, on: :create validates :email, presence: true, uniqueness: true validates :password, presence: true, length: { minimum: 6 }, if: :password_required? - - before_create :set_accepted_at - private def set_accepted_at @@ -48,6 +39,10 @@ def password_required? new_record? || password.present? end + def welcome_send + UserMailer.welcome_email(self).deliver_now + end + def send_account_deleted_email UserMailer.account_deleted_email(self).deliver_now end