devise for user authentication and paperclip for avatar

Gemfile

@@ -2,11 +2,13 @@ ruby("2.2.2")
 source("https://rubygems.org")
 
 gem("aasm")
+gem("devise")
 gem("haml")
 gem("haml-rails")
 gem("jbuilder", "~> 2.0")
 gem("jquery-rails")
 gem("jquery-ui-rails")
+gem("paperclip")
 gem("pg")
 gem("rack-cors")
 gem("rails", "4.2.1")

Gemfile.lock

@@ -42,6 +42,7 @@ GEM
     ast (2.1.0)
     astrolabe (1.3.1)
       parser (~> 2.2)
+    bcrypt (3.1.10)
     binding_of_caller (0.7.2)
       debug_inspector (>= 0.0.1)
     builder (3.2.2)
@@ -58,7 +59,11 @@ GEM
       xpath (~> 2.0)
     childprocess (0.5.6)
       ffi (~> 1.0, >= 1.0.11)
+    climate_control (0.0.3)
+      activesupport (>= 3.0)
     cliver (0.3.2)
+    cocaine (0.5.7)
+      climate_control (>= 0.0.3, < 1.0)
     coderay (1.1.0)
     coffee-rails (4.1.0)
       coffee-script (>= 2.2.0)
@@ -82,6 +87,13 @@ GEM
       rails (>= 3, < 5)
     database_cleaner (1.4.1)
     debug_inspector (0.0.2)
+    devise (3.5.2)
+      bcrypt (~> 3.0)
+      orm_adapter (~> 0.1)
+      railties (>= 3.2.6, < 5)
+      responders
+      thread_safe (~> 0.1)
+      warden (~> 1.2.3)
     diff-lcs (1.2.5)
     dotenv (2.0.2)
     easy_translate (0.5.0)
@@ -162,6 +174,7 @@ GEM
       mime-types (>= 1.16, < 3)
     method_source (0.8.2)
     mime-types (2.6.1)
+    mimemagic (0.3.0)
     mini_portile (0.6.2)
     minitest (5.8.0)
     multi_json (1.11.2)
@@ -172,6 +185,13 @@ GEM
     notiffany (0.0.7)
       nenv (~> 0.1)
       shellany (~> 0.0)
+    orm_adapter (0.5.0)
+    paperclip (4.3.1)
+      activemodel (>= 3.2.0)
+      activesupport (>= 3.2.0)
+      cocaine (~> 0.5.5)
+      mime-types
+      mimemagic (= 0.3.0)
     parser (2.2.2.6)
       ast (>= 1.1, < 3.0)
     pg (0.18.2)
@@ -220,6 +240,8 @@ GEM
     rb-inotify (0.9.5)
       ffi (>= 0.5.0)
     rdoc (4.2.0)
+    responders (2.1.0)
+      railties (>= 4.2.0, < 5)
     rspec (3.3.0)
       rspec-core (~> 3.3.0)
       rspec-expectations (~> 3.3.0)
@@ -283,6 +305,8 @@ GEM
       coffee-rails
     tzinfo (1.2.2)
       thread_safe (~> 0.1)
+    warden (1.2.3)
+      rack (>= 1.0)
     web-console (2.2.1)
       activemodel (>= 4.0)
       binding_of_caller (>= 0.7.2)
@@ -304,6 +328,7 @@ DEPENDENCIES
   byebug
   cucumber-rails
   database_cleaner
+  devise
   dotenv
   faker
   foreman
@@ -317,6 +342,7 @@ DEPENDENCIES
   jquery-rails
   jquery-ui-rails
   launchy
+  paperclip
   pg
   poltergeist
   puma

app/assets/stylesheets/forms.css

@@ -7,7 +7,7 @@ input {
   font-family: 'Open Sans Condensed', sans-serif;
 }
 
-.fill-me-in {
+.fill-me-in, .upload-me {
   background-color: rgba(255, 255, 255, 0.03);
   padding: 0.2em 1em;
   margin-bottom: 0.6em;
@@ -20,7 +20,7 @@ input {
   width: 30%;
 }
 
-.fill-me-in input[type=text],input[type=number] {
+.fill-me-in input[type=text],input[type=number],input[type=email],input[type=password] {
   width: 60%;
   position: absolute;
   padding: 0.5em 5%;
@@ -33,6 +33,35 @@ input {
   color: rgba(255, 255, 255, 0.6);
 }
 
+.upload-me label {
+    margin-right: 1em;
+    display: inline-block;
+    width: 30%;
+}
+
+.upload-me input[type=file]::-webkit-file-upload-button {
+    visibility: hidden;
+}
+.upload-me input[type=file]{
+  width: 60%;
+  position: absolute;
+  padding: 0.5em 5%;
+  font-size: 1em;
+  top: -0.2em;
+  bottom: -0.2em;
+  right: -0.2em;
+  text-decoration: none;
+  color: rgba(255, 255, 255, 0.8);
+  border: 1px dashed rgba(255, 255, 255, 0.2);
+  background-color: rgba(114, 166, 73, 0.60);
+  transition: 0.4s;
+  display: inline-block;
+  background-image:
+  linear-gradient(60deg, rgba(0,0,0,.1) 25%, transparent 25%, transparent 75%, rgba(0,0,0,.1) 75%, rgba(0,0,0,.1)),
+  linear-gradient(120deg, rgba(0,0,0,.1) 25%, transparent 25%, transparent 75%, rgba(0,0,0,.1) 75%, rgba(0,0,0,.1));
+  background-size: 70px 120px;
+}
+
 .fill-me-in input:valid {
   color: rgba(255, 255, 255, 1);
   background-color: rgba(255, 255, 255, 0.1);

app/controllers/application_controller.rb

@@ -2,4 +2,11 @@ class ApplicationController < ActionController::Base
   # Prevent CSRF attacks by raising an exception.
   # For APIs, you may want to use :null_session instead.
   protect_from_forgery({ with: :exception })
+
+  before_action :configure_permitted_parameters, if: :devise_controller?
+
+  def configure_permitted_parameters
+    devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:avatar, :email, :name, :password, :password_confirmation, :remember_me) }
+    devise_parameter_sanitizer.for(:account_update) { |u| u.permit(:avatar, :email, :name, :password, :password_confirmation, :current_password) }
+  end
 end

app/models/user.rb

@@ -0,0 +1,11 @@
+class User < ActiveRecord::Base
+  # Include default devise modules. Others available are:
+  # :confirmable, :lockable, :timeoutable and :omniauthable
+  devise :database_authenticatable, :registerable,
+         :recoverable, :rememberable, :trackable, :validatable
+
+  validates :name, presence: true
+
+  has_attached_file :avatar, styles: { medium: "300x300>", thumb: "100x100>" }, default_url: "/images/:style/missing.png"
+  validates_attachment :avatar, content_type: { content_type: ["image/jpeg", "image/gif", "image/png"] }
+end

app/views/devise/confirmations/new.html.erb

@@ -0,0 +1,16 @@
+<h2>Resend confirmation instructions</h2>
+
+<%= form_for(resource, as: resource_name, url: confirmation_path(resource_name), html: { method: :post }) do |f| %>
+  <%= devise_error_messages! %>
+
+  <div class="fill-me-in">
+    <%= f.label :email %><br />
+    <%= f.email_field :email, autofocus: true, value: (resource.pending_reconfirmation? ? resource.unconfirmed_email : resource.email) %> 
+  </div>
+
+  <div class="actions">
+    <%= f.submit "Resend confirmation instructions" %>
+  </div>
+<% end %>
+
+<%= render "devise/shared/links" %>

app/views/devise/mailer/confirmation_instructions.html.erb

@@ -0,0 +1,5 @@
+<p>Welcome <%= @email %>!</p>
+
+<p>You can confirm your account email through the link below:</p>
+
+<p><%= link_to 'Confirm my account', confirmation_url(@resource, confirmation_token: @token) %></p>

app/views/devise/mailer/reset_password_instructions.html.erb

@@ -0,0 +1,8 @@
+<p>Hello <%= @resource.email %>!</p>
+
+<p>Someone has requested a link to change your password. You can do this through the link below.</p>
+
+<p><%= link_to 'Change my password', edit_password_url(@resource, reset_password_token: @token) %></p>
+
+<p>If you didn't request this, please ignore this email.</p>
+<p>Your password won't change until you access the link above and create a new one.</p>

app/views/devise/mailer/unlock_instructions.html.erb

@@ -0,0 +1,7 @@
+<p>Hello <%= @resource.email %>!</p>
+
+<p>Your account has been locked due to an excessive number of unsuccessful sign in attempts.</p>
+
+<p>Click the link below to unlock your account:</p>
+
+<p><%= link_to 'Unlock my account', unlock_url(@resource, unlock_token: @token) %></p>

app/views/devise/passwords/edit.html.erb

@@ -0,0 +1,25 @@
+<h2>Change your password</h2>
+
+<%= form_for(resource, as: resource_name, url: password_path(resource_name), html: { method: :put }) do |f| %>
+  <%= devise_error_messages! %>
+  <%= f.hidden_field :reset_password_token %>
+
+  <div class="fill-me-in">
+    <%= f.label :password, "New password" %><br />
+    <% if @minimum_password_length %>
+      <em>(<%= @minimum_password_length %> characters minimum)</em><br />
+    <% end %>
+    <%= f.password_field :password, autofocus: true, autocomplete: "off" %>
+  </div>
+
+  <div class="fill-me-in">
+    <%= f.label :password_confirmation, "Confirm new password" %><br />
+    <%= f.password_field :password_confirmation, autocomplete: "off" %>
+  </div>
+
+  <div class="actions">
+    <%= f.submit "Change my password" %>
+  </div>
+<% end %>
+
+<%= render "devise/shared/links" %>

app/views/devise/passwords/new.html.erb

@@ -0,0 +1,16 @@
+<h2>Forgot your password?</h2>
+
+<%= form_for(resource, as: resource_name, url: password_path(resource_name), html: { method: :post }) do |f| %>
+  <%= devise_error_messages! %>
+
+  <div class="fill-me-in">
+    <%= f.label :email %><br />
+    <%= f.email_field :email, autofocus: true %>
+  </div>
+
+  <div class="actions">
+    <%= f.submit "Send me reset password instructions" %>
+  </div>
+<% end %>
+
+<%= render "devise/shared/links" %>

app/views/devise/registrations/edit.html.haml

@@ -0,0 +1,23 @@
+= form_for(resource, :as => resource_name, :url => registration_path(resource_name), :html => { :method => :put }) do |f|
+  = devise_error_messages!
+  .fill-me-in
+    = f.label t("devise.name")
+    = f.text_field :name
+  .fill-me-in
+    = f.label t("devise.email")
+    %br/
+    = f.email_field :email
+  .fill-me-in
+    = f.label t("devise.edit.password")
+    = f.password_field :password
+  .fill-me-in
+    = f.label t("devise.password_confirmation")
+    = f.password_field :password_confirmation
+  .fill-me-in
+    = f.label t("devise.edit.current_password")
+    = f.password_field :current_password
+  .upload-me
+    = f.label t("devise.image")
+    = f.file_field :avatar
+  .actions
+    = f.submit t("devise.update")

app/views/devise/registrations/new.html.haml

@@ -0,0 +1,22 @@
+%h2
+  = t("devise.signup")
+= form_for(resource, as: resource_name, url: registration_path(resource_name)) do |f|
+  = devise_error_messages!
+  .fill-me-in
+    = f.label t("devise.name")
+    = f.text_field :name, autofocus: true
+  .fill-me-in
+    = f.label t("devise.email")
+    = f.email_field :email, autofocus: "off"
+  .fill-me-in
+    = f.label t("devise.password")
+    = f.password_field :password, autocomplete: "off"
+  .fill-me-in
+    = f.label t("devise.password_confirmation")
+    = f.password_field :password_confirmation, autocomplete: "off"
+  .upload-me
+    = f.label t("devise.image")
+    = f.file_field :avatar
+  .actions
+    = f.submit t("devise.signup")
+= render "devise/shared/links"

app/views/devise/sessions/new.html.haml

@@ -0,0 +1,13 @@
+%h2
+  = t("devise.signin")
+= form_for(resource, as: resource_name, url: session_path(resource_name)) do |f|
+  = devise_error_messages!
+  .fill-me-in
+    = f.label t("devise.email")
+    = f.email_field :email, autofocus: true
+  .fill-me-in
+    = f.label t("devise.password")
+    = f.password_field :password, autocomplete: "off"
+  .actions
+    = f.submit t("devise.signin")
+    = render "devise/shared/links"

app/views/devise/shared/_links.html.haml

@@ -0,0 +1,15 @@
+- if devise_mapping.registerable? && controller_name != 'registrations'
+  = link_to t("devise.signup"), new_registration_path(resource_name)
+%br/
+- if devise_mapping.recoverable? && controller_name != 'passwords' && controller_name != 'registrations'
+  = link_to t("devise.forgot_your_password"), new_password_path(resource_name)
+%br/
+- if devise_mapping.confirmable? && controller_name != 'confirmations'
+  = link_to "Didn't receive confirmation instructions?", new_confirmation_path(resource_name)
+%br/
+- if devise_mapping.lockable? && resource_class.unlock_strategy_enabled?(:email) && controller_name != 'unlocks'
+  = link_to "Didn't receive unlock instructions?", new_unlock_path(resource_name)
+%br/
+- if devise_mapping.omniauthable?
+  - resource_class.omniauth_providers.each do |provider|
+    = link_to "Sign in with #{provider.to_s.titleize}", omniauth_authorize_path(resource_name, provider)

app/views/devise/unlocks/new.html.erb

@@ -0,0 +1,16 @@
+<h2>Resend unlock instructions</h2>
+
+<%= form_for(resource, as: resource_name, url: unlock_path(resource_name), html: { method: :post }) do |f| %>
+  <%= devise_error_messages! %>
+
+  <div class="fill-me-in">
+    <%= f.label :email %><br />
+    <%= f.email_field :email, autofocus: true %>
+  </div>
+
+  <div class="actions">
+    <%= f.submit "Resend unlock instructions" %>
+  </div>
+<% end %>
+
+<%= render "devise/shared/links" %>

app/views/home/index.html.haml

@@ -1,9 +1,13 @@
 %section#welcome-treatment
-  %h1.logo
-    %span.keep KEEP
-    %br
-    %span.delivering DELIVERING
-
+  - if user_signed_in?
+    = image_tag current_user.avatar.url(:medium)
+    %h2
+      = t("home.welcome" , {name: current_user.name})
+  - else
+    %h1.logo
+      %span.keep KEEP
+      %br
+      %span.delivering DELIVERING
   %p
     - mission_link = link_to(t("home.index.description.mission_link"), glossary_path({ anchor: :mission }))
     - deliverable_link = link_to(t("home.index.description.deliverable_link"), glossary_path({ anchor: :deliverable }))

app/views/layouts/application.html.haml

@@ -30,6 +30,11 @@
         %ul
           %li= link_to(t("nav.browse"), missions_path)
           %li= link_to(t("nav.glossary"), glossary_path)
+          - if user_signed_in?
+            %li= link_to(t("nav.edit_profile"), edit_user_registration_path )
+            %li= link_to(t("nav.sign_out"), destroy_user_session_path, :method => :delete)
+          - else
+            %li= link_to(t("nav.sign_in"), new_user_session_path)
 
       %section#content{ tabindex: -1 }
         = yield
@@ -42,4 +47,4 @@
 
         %p
           - copyright1984_link = link_to("copyright1984", "http://copyright1984.com")
-          = t("footer.copyright_html", { year: Time.now.year, copyright1984_link: copyright1984_link })
+          = t("footer.copyright_html", { year: Time.now.year, copyright1984_link: copyright1984_link })