iheanyi · July 31, 2015 19:09
diff --git a/sessions_controller.rb b/sessions_controller.rb
 class Api::V1::Users::SessionsController < Devise::SessionsController
  skip_before_filter :verify_authenticity_token, :only => [:create, :destroy]
  skip_before_filter :verify_signed_out_user, only: :destroy

  def check_current_user
    if @user.signed_in?
      render json: current_user, status: :ok
    else
      render json: {user: nil}, status: :ok
    end
  end


  def create
    @user = User.find_by(:email => user_params[:email])

    if @user && @user.valid_password?(user_params[:password])
      puts "Signing in!"
      sign_in @user
      puts @user.to_json
      @user.reload
      puts @user.to_json
      current_user.reload
      json = ::UserSerializer.new(current_user).as_json
      current_user.reload
      puts current_user
      json[:user].merge!(token: current_user.authentication_token)
      json[:user].merge(email: current_user.email)
      puts json
      render json: json, status: :created
    elsif !@user
      render json: {error: "User not found."}, status: :not_found
    else
      render json: {error: "Invalid username or password!"}, status: :unauthorized
    end
  end

  def destroy
    @user = current_user
    sign_out current_user
    @user.update_column(:authentication_token, nil)
    render json: {}, status: :ok
  end

  # GET /resource/sign_in
  # def new
  #   super
  # end

  # POST /resource/sign_in
  # def create
  #   super
  # end

  # DELETE /resource/sign_out
  # def destroy
  #   super
  # end

  # protected

  # You can put the params you want to permit in the empty array.
  # def configure_sign_in_params
  #   devise_parameter_sanitizer.for(:sign_in) << :attribute
  # end

  private
    def user_params
      params.require(:user).permit(:username, :email, :password, :login)
    end
 end
diff --git a/sessions_controller_spec.rb b/sessions_controller_spec.rb
 require 'rails_helper'

 RSpec.describe Api::V1::Users::SessionsController, :type => :controller do
  before do
    @request.env["devise.mapping"] = Devise.mappings[:user]
  end

  describe "POST users#sign_in" do
    before do
      @user = User.create(email: "[email protected]", password: "foofoobar", username: "foobar")
    end

    context "valid login credentials" do
      before do
        post :create, user: {email: @user.email, password: @user.password, username: @user.username}
      end

      it "logs in the user" do
        expect(subject.current_user).to eq @user
        expect(@user.authentication_token.nil?).to eq false
      end
    end

    context "invalid login credentials" do
      context "wrong user information" do
        before do
          post :create, user: {email: @user.email, password: "godzilla", username: @user.username}
        end

        it "is unauthorized" do
          expect(response.unauthorized?).to eq true
        end
      end

      context "user does not exist" do
        before do
          post :create, user: {email: "[email protected]", password: "foobar", username: "random"}
        end

        it "is not found" do
          expect(response.not_found?).to eq true
        end
      end
    end

  end

  describe "DELETE users#sign_out" do
    before do
      @user = User.create(email: "[email protected]", password: "foofoobar", username: "foobar")

      sign_in @user
      delete :destroy
      @user.reload
    end

    it "signs out the user and deletes the authentication token" do
      expect(@user.authentication_token.nil?).to eq true
      expect(subject.current_user).to eq nil
    end
  end



 end
diff --git a/user.rb b/user.rb
 # == Schema Information
 #
 # Table name: users
 #
 #  id                     :integer          not null, primary key
 #  email                  :string           default(""), not null
 #  username               :string           default(""), not null
 #  encrypted_password     :string           default(""), not null
 #  reset_password_token   :string
 #  reset_password_sent_at :datetime
 #  remember_created_at    :datetime
 #  remember_token         :string
 #  sign_in_count          :integer          default("0"), not null
 #  current_sign_in_at     :datetime
 #  last_sign_in_at        :datetime
 #  current_sign_in_ip     :inet
 #  last_sign_in_ip        :inet
 #  password_salt          :string
 #  created_at             :datetime
 #  updated_at             :datetime
 #  authentication_token   :string
 #

 class User < ActiveRecord::Base
  # Include default devise modules. Others available are:
  # :confirmable, :lockable, :timeoutable and :omniauthable
  devise :database_authenticatable, :registerable, :confirmable,
         :recoverable, :rememberable, :trackable, :validatable

  validates :username, :presence => true, :uniqueness => {
      :case_sensitive => false
    }

  #validates_confirmation_of :password

  has_many :reviews

  attr_accessor :login
  before_save :ensure_authentication_token
  has_many :barbershops

  def ensure_authentication_token
    puts "Ensuring an Authentication token."
    if self.authentication_token.blank? || self.authentication_token.nil?
      puts "Generating a new authentication token."
      self.authentication_token = generate_authentication_token
    end
  end



  def login=(login)
    @login = login
  end

  def login
    @login || self.username || self.email
  end

  protected
    def confirmation_required?
      false
    end

  private
    def generate_authentication_token
      loop do
        token = Devise.friendly_token
        break token unless User.where(authentication_token: token).first
      end
    end

  #include Clearance::User
 end
	class Api::V1::Users::SessionsController < Devise::SessionsController
	skip_before_filter :verify_authenticity_token, :only => [:create, :destroy]
	skip_before_filter :verify_signed_out_user, only: :destroy

	def check_current_user
	if @user.signed_in?
	render json: current_user, status: :ok
	else
	render json: {user: nil}, status: :ok
	end
	end


	def create
	@user = User.find_by(:email => user_params[:email])

	if @user && @user.valid_password?(user_params[:password])
	puts "Signing in!"
	sign_in @user
	puts @user.to_json
	@user.reload
	puts @user.to_json
	current_user.reload
	json = ::UserSerializer.new(current_user).as_json
	current_user.reload
	puts current_user
	json[:user].merge!(token: current_user.authentication_token)
	json[:user].merge(email: current_user.email)
	puts json
	render json: json, status: :created
	elsif !@user
	render json: {error: "User not found."}, status: :not_found
	else
	render json: {error: "Invalid username or password!"}, status: :unauthorized
	end
	end

	def destroy
	@user = current_user
	sign_out current_user
	@user.update_column(:authentication_token, nil)
	render json: {}, status: :ok
	end

	# GET /resource/sign_in
	# def new
	# super
	# end

	# POST /resource/sign_in
	# def create
	# super
	# end

	# DELETE /resource/sign_out
	# def destroy
	# super
	# end

	# protected

	# You can put the params you want to permit in the empty array.
	# def configure_sign_in_params
	# devise_parameter_sanitizer.for(:sign_in) << :attribute
	# end

	private
	def user_params
	params.require(:user).permit(:username, :email, :password, :login)
	end
	end
	require 'rails_helper'

	RSpec.describe Api::V1::Users::SessionsController, :type => :controller do
	before do
	@request.env["devise.mapping"] = Devise.mappings[:user]
	end

	describe "POST users#sign_in" do
	before do
	@user = User.create(email: "[email protected]", password: "foofoobar", username: "foobar")
	end

	context "valid login credentials" do
	before do
	post :create, user: {email: @user.email, password: @user.password, username: @user.username}
	end

	it "logs in the user" do
	expect(subject.current_user).to eq @user
	expect(@user.authentication_token.nil?).to eq false
	end
	end

	context "invalid login credentials" do
	context "wrong user information" do
	before do
	post :create, user: {email: @user.email, password: "godzilla", username: @user.username}
	end

	it "is unauthorized" do
	expect(response.unauthorized?).to eq true
	end
	end

	context "user does not exist" do
	before do
	post :create, user: {email: "[email protected]", password: "foobar", username: "random"}
	end

	it "is not found" do
	expect(response.not_found?).to eq true
	end
	end
	end

	end

	describe "DELETE users#sign_out" do
	before do
	@user = User.create(email: "[email protected]", password: "foofoobar", username: "foobar")

	sign_in @user
	delete :destroy
	@user.reload
	end

	it "signs out the user and deletes the authentication token" do
	expect(@user.authentication_token.nil?).to eq true
	expect(subject.current_user).to eq nil
	end
	end



	end
	# == Schema Information
	#
	# Table name: users
	#
	# id :integer not null, primary key
	# email :string default(""), not null
	# username :string default(""), not null
	# encrypted_password :string default(""), not null
	# reset_password_token :string
	# reset_password_sent_at :datetime
	# remember_created_at :datetime
	# remember_token :string
	# sign_in_count :integer default("0"), not null
	# current_sign_in_at :datetime
	# last_sign_in_at :datetime
	# current_sign_in_ip :inet
	# last_sign_in_ip :inet
	# password_salt :string
	# created_at :datetime
	# updated_at :datetime
	# authentication_token :string
	#

	class User < ActiveRecord::Base
	# Include default devise modules. Others available are:
	# :confirmable, :lockable, :timeoutable and :omniauthable
	devise :database_authenticatable, :registerable, :confirmable,
	:recoverable, :rememberable, :trackable, :validatable

	validates :username, :presence => true, :uniqueness => {
	:case_sensitive => false
	}

	#validates_confirmation_of :password

	has_many :reviews

	attr_accessor :login
	before_save :ensure_authentication_token
	has_many :barbershops

	def ensure_authentication_token
	puts "Ensuring an Authentication token."
	if self.authentication_token.blank? \|\| self.authentication_token.nil?
	puts "Generating a new authentication token."
	self.authentication_token = generate_authentication_token
	end
	end



	def login=(login)
	@login = login
	end

	def login
	@login \|\| self.username \|\| self.email
	end

	protected
	def confirmation_required?
	false
	end

	private
	def generate_authentication_token
	loop do
	token = Devise.friendly_token
	break token unless User.where(authentication_token: token).first
	end
	end

	#include Clearance::User
	end