Docker/Maybe
Docker/Maybe
1
0
Fork 0
mirror of https://github.com/maybe-finance/maybe.git synced 2025-07-24 07:39:39 +02:00
Code Issues Releases Activity Actions 1

Use DB for auth sessions (#1233)

Browse source 
* DB sessions

* Validations for profile image
This commit is contained in:
Zach Gollwitzer 2024-10-03 14:42:22 -04:00 committed by GitHub
parent 82c298307d
commit 1ffa13f3b3
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
27 changed files with 118 additions and 76 deletions
Download patch file Download diff file Expand all files Collapse all files

29
app/controllers/concerns/authentication.rb
View file

@ -2,6 +2,7 @@ module Authentication
extend ActiveSupport::Concern
included do
before_action :set_request_details
before_action :authenticate_user!
end
@ -12,10 +13,9 @@ module Authentication
end
private
def authenticate_user!
if user = User.find_by(id: session[:user_id])
Current.user = user
if session_record = Session.find_by_id(cookies.signed[:session_token])
Current.session = session_record
else
if self_hosted_first_login?
redirect_to new_registration_url
@ -25,23 +25,18 @@ module Authentication
end
end
def login(user)
Current.user = user
reset_session
session[:user_id] = user.id
set_last_login_at
end
def logout
Current.user = nil
reset_session
end
def set_last_login_at
Current.user.update(last_login_at: DateTime.now)
def create_session_for(user)
session = user.sessions.create!
cookies.signed.permanent[:session_token] = { value: session.id, httponly: true }
session
end
def self_hosted_first_login?
Rails.application.config.app_mode.self_hosted? && User.count.zero?
end
def set_request_details
Current.user_agent = request.user_agent
Current.ip_address = request.ip
end
end

2
app/controllers/registrations_controller.rb
View file

@ -17,7 +17,7 @@ class RegistrationsController < ApplicationController
if @user.save
Category.create_default_categories(@user.family)
login @user
@session = create_session_for(@user)
flash[:notice] = t(".success")
redirect_to root_path
else

10
app/controllers/sessions_controller.rb
View file

@ -1,4 +1,5 @@
class SessionsController < ApplicationController
before_action :set_session, only: :destroy
skip_authentication only: %i[new create]
layout "auth"
@ -8,7 +9,7 @@ class SessionsController < ApplicationController
def create
if user = User.authenticate_by(email: params[:email], password: params[:password])
login user
@session = create_session_for(user)
redirect_to root_path
else
flash.now[:alert] = t(".invalid_credentials")
@ -17,7 +18,12 @@ class SessionsController < ApplicationController
end
def destroy
logout
@session.destroy
redirect_to root_path, notice: t(".logout_successful")
end
private
def set_session
@session = Current.user.sessions.find(params[:id])
end
end

3
app/controllers/settings/profiles_controller.rb
View file

@ -23,7 +23,7 @@ class Settings::ProfilesController < SettingsController
def destroy
if Current.user.deactivate
logout
Current.session.destroy
redirect_to root_path, notice: t(".success")
else
redirect_to settings_profile_path, alert: Current.user.errors.full_messages.to_sentence
@ -31,7 +31,6 @@ class Settings::ProfilesController < SettingsController
end
private
def user_params
params.require(:user).permit(:first_name, :last_name, :profile_image,
family_attributes: [ :name, :id ])

6
app/helpers/auth_messages_helper.rb
View file

@ -1,6 +0,0 @@
module AuthMessagesHelper
def auth_messages(form = nil)
render "shared/auth_messages", flash: flash,
errors: form&.object&.errors&.full_messages || []
end
end

4
app/models/current.rb
View file

@ -1,5 +1,7 @@
class Current < ActiveSupport::CurrentAttributes
attribute :user
attribute :session
attribute :user_agent, :ip_address
delegate :user, to: :session, allow_nil: true
delegate :family, to: :user, allow_nil: true
end

8
app/models/session.rb Normal file
View file

@ -0,0 +1,8 @@
class Session < ApplicationRecord
belongs_to :user
before_create do
self.user_agent = Current.user_agent
self.ip_address = Current.ip_address
end
end

10
app/models/user.rb
View file

@ -2,9 +2,11 @@ class User < ApplicationRecord
has_secure_password
belongs_to :family
has_many :sessions, dependent: :destroy
accepts_nested_attributes_for :family
validates :email, presence: true, uniqueness: true
validate :ensure_valid_profile_image
normalizes :email, with: ->(email) { email.strip.downcase }
normalizes :first_name, :last_name, with: ->(value) { value.strip.presence }
@ -72,6 +74,14 @@ class User < ApplicationRecord
end
private
def ensure_valid_profile_image
return unless profile_image.attached?
unless profile_image.content_type.in?(%w[image/jpeg image/png])
errors.add(:profile_image, "must be a JPEG or PNG")
profile_image.purge
end
end
def last_user_in_family?
family.users.count == 1

2
app/views/layouts/_sidebar.html.erb
View file

@ -63,7 +63,7 @@
<% end %>
</div>
<div class="p-1">
<%= button_to session_path, method: :delete, class: "w-full text-red-400 flex gap-1 items-center hover:bg-gray-50 rounded-lg px-3 py-2" do %>
<%= button_to session_path(Current.session), method: :delete, class: "w-full text-red-400 flex gap-1 items-center hover:bg-gray-50 rounded-lg px-3 py-2" do %>
<%= lucide_icon("log-out", class: "w-5 h-5 shrink-0") %>
<span class="text-sm">Logout</span>
<% end %>

14
app/views/layouts/application.html.erb
View file

@ -25,14 +25,14 @@
</head>
<body class="h-full">
<div class="fixed z-50 space-y-1 top-6 right-10">
<div id="notification-tray">
<%= render_flash_notifications %>
<div class="fixed z-50 space-y-1 top-6 right-10">
<div id="notification-tray">
<%= render_flash_notifications %>
</div>
</div>
</div>
<%= family_notifications_stream %>
<%= family_stream %>
<%= family_notifications_stream %>
<%= family_stream %>
<%= content_for?(:content) ? yield(:content) : yield %>
@ -42,7 +42,7 @@
<%= render "shared/confirm_modal" %>
<% if self_hosted? %>
<%= render "shared/app_version" %>
<%= render "shared/app_version" %>
<% end %>
</body>
</html>

2
app/views/layouts/auth.html.erb
View file

@ -23,7 +23,7 @@
</div>
<div class="p-8 mt-2 text-center">
<p class="mt-6 text-sm text-black"><%= link_to t(".privacy_policy"), "/privacy", class: "font-medium text-gray-600 hover:text-gray-400 transition" %> &bull; <%= link_to t(".terms_of_service"), "/terms", class: "font-medium text-gray-600 hover:text-gray-400 transition" %></p>
<p class="mt-6 text-sm text-black"><%= link_to t(".privacy_policy"), "https://maybe.co/privacy", class: "font-medium text-gray-600 hover:text-gray-400 transition" %> &bull; <%= link_to t(".terms_of_service"), "https://maybe.co/tos", class: "font-medium text-gray-600 hover:text-gray-400 transition" %></p>
</div>
</div>
<% end %>

2
app/views/password_resets/edit.html.erb
View file

@ -3,8 +3,6 @@
%>
<%= styled_form_with model: @user, url: password_reset_path(token: params[:token]), method: :patch, class: "space-y-4" do |form| %>
<%= auth_messages form %>
<div class="relative border border-gray-100 bg-gray-25 rounded-xl focus-within:bg-white focus-within:shadow focus-within:opacity-100">
<%= form.label :password, class: "p-4 pb-0 block text-sm font-medium text-gray-700" %>
<%= form.password_field :password, required: "required", class: "p-4 pt-1 bg-transparent border-none opacity-50 focus:outline-none focus:ring-0 focus-within:opacity-100 w-full" %>

2
app/views/password_resets/new.html.erb
View file

@ -3,8 +3,6 @@
%>
<%= styled_form_with url: password_reset_path, class: "space-y-4" do |form| %>
<%= auth_messages form %>
<%= form.email_field :email, label: true, autofocus: false, autocomplete: "email", required: "required", placeholder: "you@example.com" %>
<%= form.submit t(".submit") %>

2
app/views/passwords/edit.html.erb
View file

@ -1,8 +1,6 @@
<h1><% t(".title") %></h1>
<%= styled_form_with model: Current.user, url: password_path, class: "space-y-4" do |form| %>
<%= auth_messages form %>
<div>
<%= form.label :password_challenge, t(".password_challenge") %>
<%= form.password_field :password_challenge %>

1
app/views/registrations/new.html.erb
View file

@ -10,7 +10,6 @@
<% end %>
<%= styled_form_with model: @user, url: registration_path, class: "space-y-4" do |form| %>
<%= auth_messages form %>
<%= form.email_field :email, autofocus: false, autocomplete: "email", required: "required", placeholder: "you@example.com", label: true %>
<%= form.password_field :password, autocomplete: "new-password", required: "required", label: true %>
<%= form.password_field :password_confirmation, autocomplete: "new-password", required: "required", label: true %>

4
app/views/sessions/new.html.erb
View file

@ -2,9 +2,7 @@
header_title t(".title")
%>
<%= styled_form_with url: session_path, class: "space-y-4" do |form| %>
<%= auth_messages form %>
<%= styled_form_with url: sessions_path, class: "space-y-4" do |form| %>
<%= form.email_field :email, label: t(".email"), autofocus: false, autocomplete: "email", required: "required", placeholder: t(".email_placeholder") %>
<%= form.password_field :password, label: t(".password"), required: "required" %>

2
app/views/settings/_nav.html.erb
View file

@ -68,7 +68,7 @@
</section>
<section>
<%= button_to session_path, method: :delete, class: "flex items-center gap-2 px-3 py-2 rounded-xl border text-sm font-medium w-full text-error hover:bg-gray-100 border-transparent" do %>
<%= button_to session_path(Current.session), method: :delete, class: "flex items-center gap-2 px-3 py-2 rounded-xl border text-sm font-medium w-full text-error hover:bg-gray-100 border-transparent" do %>
<%= lucide_icon("log-out", class: "w-5 h-5 shrink-0") %>
<span><%= t(".logout") %></span>
<% end %>

2
app/views/settings/profiles/show.html.erb
View file

@ -26,7 +26,7 @@
<div class="space-y-3">
<p><%= t(".profile_image_type") %></p>
<%= form.label :profile_image, t(".profile_image_choose"), class: "inline-block cursor-pointer px-3 py-2 bg-gray-50 text-gray-900 rounded-md text-sm font-medium" %>
<%= form.file_field :profile_image, accept: "image/png, image/jpeg, image/gif", class: "hidden px-3 py-2 bg-gray-50 text-gray-900 rounded-md text-sm font-medium", data: {profile_image_preview_target: "fileField", action: "change->profile-image-preview#preview"} %>
<%= form.file_field :profile_image, accept: "image/png, image/jpeg", class: "hidden px-3 py-2 bg-gray-50 text-gray-900 rounded-md text-sm font-medium", data: {profile_image_preview_target: "fileField", action: "change->profile-image-preview#preview"} %>
<%= form.hidden_field :delete_profile_image, value: false, data: {profile_image_preview_target: "deleteField"} %>
</div>
</div>