diff options
Diffstat (limited to 'app')
-rw-r--r-- | app/assets/javascripts/ajax.js | 15 | ||||
-rw-r--r-- | app/controllers/sessions_controller.rb | 9 | ||||
-rw-r--r-- | app/controllers/tournaments_controller.rb | 6 | ||||
-rw-r--r-- | app/controllers/users_controller.rb | 9 | ||||
-rw-r--r-- | app/helpers/sessions_helper.rb | 14 | ||||
-rw-r--r-- | app/helpers/users_helper.rb | 2 | ||||
-rw-r--r-- | app/models/user.rb | 80 | ||||
-rw-r--r-- | app/views/layouts/application.html.erb | 9 | ||||
-rw-r--r-- | app/views/sessions/new.html.erb | 18 | ||||
-rw-r--r-- | app/views/static/homepage.html.erb | 4 | ||||
-rw-r--r-- | app/views/tournaments/_selected.html.erb | 25 | ||||
-rw-r--r-- | app/views/tournaments/index.html.erb | 8 | ||||
-rw-r--r-- | app/views/tournaments/new.html.erb | 12 | ||||
-rw-r--r-- | app/views/users/_form.html.erb | 25 | ||||
-rw-r--r-- | app/views/users/edit.html.erb | 6 | ||||
-rw-r--r-- | app/views/users/index.html.erb | 29 | ||||
-rw-r--r-- | app/views/users/index.json.jbuilder | 4 | ||||
-rw-r--r-- | app/views/users/new.html.erb | 35 | ||||
-rw-r--r-- | app/views/users/show.html.erb | 3 | ||||
-rw-r--r-- | app/views/users/show.json.jbuilder | 1 |
20 files changed, 273 insertions, 41 deletions
diff --git a/app/assets/javascripts/ajax.js b/app/assets/javascripts/ajax.js new file mode 100644 index 0000000..31578dd --- /dev/null +++ b/app/assets/javascripts/ajax.js @@ -0,0 +1,15 @@ +function populate() { + //populate optionArray + //make a form element + var e = document.getElementById("tournament_id"); + var gameType = e.options[e.selectedIndex].text; + if (gameType != "Select a Game Type") { + alert(gameType + " was Selected!"); + //populate optionArray via AJAX + //select * from tournament_settings where gametype = GameType + for(var option in optionArray){ + //identify the number of + ; + } + }; +}
\ No newline at end of file diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index 8a9de56..68cb949 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -3,23 +3,20 @@ class SessionsController < ApplicationController def new end + # find the user and create a new session def create user = User.find_by(email: params[:session][:email].downcase) if user && user.authenticate(params[:session][:password]) sign_in user - #redirect goes here + redirect_to root_path else render 'new' end end def destroy - sign_out - - #I dont know where to redirect to so yeah - # redirect_to sign_in - + redirect_to root_path end end diff --git a/app/controllers/tournaments_controller.rb b/app/controllers/tournaments_controller.rb index 56233b6..27ba020 100644 --- a/app/controllers/tournaments_controller.rb +++ b/app/controllers/tournaments_controller.rb @@ -22,6 +22,12 @@ class TournamentsController < ApplicationController def edit end + def selected + render :update do |page| + page.replace_html 'ajax-form', :partial => 'selected' + end + end + # POST /tournaments # POST /tournaments.json def create diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 74ab72c..6436e4e 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -1,13 +1,14 @@ class UsersController < ApplicationController def new + @user = User.new end def create @user = User.new(user_params) if @user.save sign_in @user - #redirect_to @user + redirect_to root_path else render 'new' end @@ -16,4 +17,10 @@ class UsersController < ApplicationController def show @user = User.find(param[:id]) end + + private + + def user_params + params.require(:user).permit(:name, :email, :user_name, :password, :password_confirmation) + end end diff --git a/app/helpers/sessions_helper.rb b/app/helpers/sessions_helper.rb index 29a5c90..046ca6f 100644 --- a/app/helpers/sessions_helper.rb +++ b/app/helpers/sessions_helper.rb @@ -12,12 +12,20 @@ module SessionsHelper self.current_user = user end -#method creating for self.current_user +# The curret_user=(user) is the conversion of self.current_user = user def current_user=(user) - remember_token = User.hash(cookies[:remember_token]) - @current_user ||= User.find_by(remember_token: remember_token) + @current_user = user end +# sets the @current_user instance virable to the user corresponding +# to the remember token, but only if @current_user is undefined +# since the remember token is hashed, we need to hash the cookie +# to find match the remember token + def current_user + remember_token = User.hash(cookies[:remember_token]) + @current_user ||= User.find_by(remember_token: remember_token) + end + # checks if someone is currently signed in def signed_in? !current_user.nil? diff --git a/app/helpers/users_helper.rb b/app/helpers/users_helper.rb new file mode 100644 index 0000000..2310a24 --- /dev/null +++ b/app/helpers/users_helper.rb @@ -0,0 +1,2 @@ +module UsersHelper +end diff --git a/app/models/user.rb b/app/models/user.rb index 6765822..55a7da0 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -5,8 +5,12 @@ before_save { self.user_name = user_name.downcase } =begin -Rails looks for the create_remember_token -and runs it before anything else +Rails looks for the create_remember_token and runs the method +before anything else. + +This method cannot be called by a user since it is denoted +as private. + =end before_create :create_remember_token @@ -17,17 +21,17 @@ VAILD_EMAIL is the regex used to valid a user given email. A break down of the regex is listed below. -/ -----------> Start of the regex -\A ----------> match start of a string -[\w+\-.]+ ---> at least one owrd character, plus, hyphen, or - dot -@ -----------> literal ampersand -[a-z\d\-.]+ -> at least one letter, digit, hyphen, or dot -(?:\.[a-z]+) > ensures that the error of example@foo..com - does not occur -\z ----------> match end of a string -/ -----------> end of the regex -i -----------> case sensative +/ -------------> Start of the regex +\A ------------> match start of a string +[\w+\-.]+ -----> at least one owrd character, plus, hyphen, or + dot +@ -------------> literal ampersand +[a-z\d\-.]+ ---> at least one letter, digit, hyphen, or dot +(?:\.[a-z]+) --> ensures that the error of example@foo..com + does not occur +\z ------------> match end of a string +/ -------------> end of the regex +i -------------> case sensative =end @@ -72,7 +76,7 @@ attributes, requiring the presence of a password, requirin that pw and pw_com match, and add an authenticate method to compare an encrypted password to the password_digest to authenticate users, I can just add -has_secure_password which does all of this for me +has_secure_password which does all of this for me. =end @@ -80,12 +84,36 @@ has_secure_password which does all of this for me validates :password, length: { minimum: 6 } - # create a random remember token for the user +=begin + + Create a random remember token for the user. This will be + changed every time the user creates a new session. + + By changing the cookie every new session, any hijacked sessions + (where the attacker steals a cookie to sign in as a certain + user) will expire the next time the user signs back in. + + The random string is of length 16 composed of A-Z, a-z, 0-9 + This is the browser's cookie value. + +=end + def User.new_remember_token SecureRandom.urlsafe_base64 end - - # encrypt the remember token + +=begin + + Encrypt the remember token. + This is the encrypted version of the cookie stored on + the database. + + The reasoning for storing a hashed token is so that even if + the database is compromised, the atacker won't be able to use + the remember tokens to sign in. + +=end + def User.hash(token) Digest::SHA1.hexdigest(token.to_s) end @@ -103,23 +131,27 @@ https://en.wikipedia.org/wiki/SHA-1 =end - # everything under private is hidden so you cannot call - # create_remember_token in order to ensure security + # Everything under private is hidden so you cannot call. private - - #assign user a create remember token + +=begin + + Create_remember_token in order to ensure a user always has + a remember token. + +=end def create_remember_token self.remember_token = User.hash(User.new_remember_token) end =begin -in order to ensure that someone did not accidently submit +In order to ensure that someone did not accidently submit two accounts rapidly (which would throw off the validates -for user_name and email) I added an index to the Users +for user_name and email), I added an index to the Users email and user_name in the database to ensure uniqueness This also gives and index to the user_name and email -so finding a unique user SHOULD be easier +so finding a user SHOULD be easier for the database. =end diff --git a/app/views/layouts/application.html.erb b/app/views/layouts/application.html.erb index 8a81c0a..b36c0c5 100644 --- a/app/views/layouts/application.html.erb +++ b/app/views/layouts/application.html.erb @@ -5,6 +5,7 @@ <%= stylesheet_link_tag "application", media: "all", "data-turbolinks-track" => true %> <%= javascript_include_tag "application", "data-turbolinks-track" => true %> <%= csrf_meta_tags %> + <%= yield :head %> </head> <body> <div role="navigation" class="navbar navbar-inverse"> @@ -18,6 +19,14 @@ <%= submit_tag("Go", {:class => "btn btn-warning"}) %> <% end %> </div> + <% if signed_in? %> + <li> <%= current_user.user_name.upcase %> </li> + <% end %> + <li> + <%= if signed_in? do %> + <%= link_to "Sign out", signout_path, method: "delete" %> + <% end; end %> + </li> </header> </div> diff --git a/app/views/sessions/new.html.erb b/app/views/sessions/new.html.erb new file mode 100644 index 0000000..f942cf6 --- /dev/null +++ b/app/views/sessions/new.html.erb @@ -0,0 +1,18 @@ +<h1>Sign in</h1> + +<div class="row"> + <div class="span6 offset3"> + <%= form_for(:session, url: sessions_path) do |f| %> + + <%= f.label :email %> + <%= f.text_field :email %> + + <%= f.label :password %> + <%= f.password_field :password %> + + <%= f.submit "Sign in", class: "btn btn-large btn-primary" %> + <% end %> + + <p>New user? <%= link_to "Sign up now!", signup_path %></p> + </div> +</div> diff --git a/app/views/static/homepage.html.erb b/app/views/static/homepage.html.erb index 760e087..4d52e5b 100644 --- a/app/views/static/homepage.html.erb +++ b/app/views/static/homepage.html.erb @@ -4,7 +4,7 @@ <div class="jumbotron"> <h1>Welcome to Leaguer</h1> <p>This is a tournment management system designed to be used for any team sport. Our peer review system ensures that the best players move on to the next round! Try creating a new tournament and having people sign up for it. </p> - <p id="jumbo-buttons"><%= link_to 'Log In / Sign Up', "#", :class => "btn btn-warning btn-lg", :role => "button" %> <%= link_to 'See Ongoing Tournaments', tournaments_path, :class => "btn btn-warning btn-lg", :role => "button" %> </p> + <p id="jumbo-buttons"><%= link_to 'Log In / Sign Up', "signup", :class => "btn btn-warning btn-lg", :role => "button" %> <%= link_to 'See Ongoing Tournaments', tournaments_path, :class => "btn btn-warning btn-lg", :role => "button" %> </p> </div> - </div>
\ No newline at end of file + </div> diff --git a/app/views/tournaments/_selected.html.erb b/app/views/tournaments/_selected.html.erb new file mode 100644 index 0000000..302283d --- /dev/null +++ b/app/views/tournaments/_selected.html.erb @@ -0,0 +1,25 @@ +<form accept-charset="UTF-8" action="/users" method="post"><div style="margin:0;padding:0;display:inline"><input name="utf8" type="hidden" value="✓" /><input name="authenticity_token" type="hidden" value="6WQoPLFISlDYCsi4LhAgT0hgrht19yydD3w5TlKfb7I=" /></div> + <p> + <label for="GameType">Game</label><br> + <input id="GameType" name="League of Legends" type="text" /> + </p> + <p> + <label for="players_per_team">Number of Players</label><br> + <input id="players_per_team" name="5" type="text" /> + </p> + <p> + <label for="teams_per_match">Teams per Match</label><br> + <input id="teams_per_match" name="2" type="text" /> + </p> + <p> + <label for="set_rounds">Set Number of Rounds?</label><br> + <input id="set_rounds" name="1" type="text" /> + </p> + <p> + <label for="randomized_teams">Randomized Teams?</label><br> + <input id="randomized_teams" name="0" type="text" /> + </p> + <p> + <input name="create" type="submit" value="Create Tournament" /> + </p> +</form>
\ No newline at end of file diff --git a/app/views/tournaments/index.html.erb b/app/views/tournaments/index.html.erb index 8ab3c15..6006cad 100644 --- a/app/views/tournaments/index.html.erb +++ b/app/views/tournaments/index.html.erb @@ -1,9 +1,9 @@ <h1>Listing tournaments</h1> -<table class="table table-hover"> +<table> <thead> <tr> - <th>Game</th> + <th></th> <th></th> <th></th> <th></th> @@ -13,7 +13,7 @@ <tbody> <% @tournaments.each do |tournament| %> <tr> - <td><%= %></td> + <td><%= tournament.game %></td> <td><%= link_to 'Show', tournament %></td> <td><%= link_to 'Edit', edit_tournament_path(tournament) %></td> <td><%= link_to 'Destroy', tournament, method: :delete, data: { confirm: 'Are you sure?' } %></td> @@ -24,4 +24,4 @@ <br> -<%= link_to 'New Tournament', new_tournament_path, :class => "btn btn-warning" %> +<%= link_to 'New Tournament', new_tournament_path, :class => "btn btn-warning btn-lg" %> diff --git a/app/views/tournaments/new.html.erb b/app/views/tournaments/new.html.erb new file mode 100644 index 0000000..a47f643 --- /dev/null +++ b/app/views/tournaments/new.html.erb @@ -0,0 +1,12 @@ +<h1>New tournament</h1> + +<%= select_tag 'tournament_id', options_for_select(["Select a Game Type"] + Game.all.collect {|game| game.name}), :onchange => 'populate()' %> + +<br /> +<div id='ajax-form'> + <% render :partial => "selected" %> +</div> +<br /><br /> + + +<%= link_to 'Back', tournaments_path %> diff --git a/app/views/users/_form.html.erb b/app/views/users/_form.html.erb new file mode 100644 index 0000000..56d9f90 --- /dev/null +++ b/app/views/users/_form.html.erb @@ -0,0 +1,25 @@ +<%= form_for(@user) do |f| %> + <% if @user.errors.any? %> + <div id="error_explanation"> + <h2><%= pluralize(@user.errors.count, "error") %> prohibited this user from being saved:</h2> + + <ul> + <% @user.errors.full_messages.each do |msg| %> + <li><%= msg %></li> + <% end %> + </ul> + </div> + <% end %> + + <div class="field"> + <%= f.label :name %><br> + <%= f.text_area :name %> + </div> + <div class="field"> + <%= f.label :pw_hash %><br> + <%= f.text_area :pw_hash %> + </div> + <div class="actions"> + <%= f.submit %> + </div> +<% end %> diff --git a/app/views/users/edit.html.erb b/app/views/users/edit.html.erb new file mode 100644 index 0000000..99bd4cc --- /dev/null +++ b/app/views/users/edit.html.erb @@ -0,0 +1,6 @@ +<h1>Editing user</h1> + +<%= render 'form' %> + +<%= link_to 'Show', @user %> | +<%= link_to 'Back', users_path %> diff --git a/app/views/users/index.html.erb b/app/views/users/index.html.erb new file mode 100644 index 0000000..8b9056b --- /dev/null +++ b/app/views/users/index.html.erb @@ -0,0 +1,29 @@ +<h1>Listing users</h1> + +<table> + <thead> + <tr> + <th>Name</th> + <th>Pw hash</th> + <th></th> + <th></th> + <th></th> + </tr> + </thead> + + <tbody> + <% @users.each do |user| %> + <tr> + <td><%= user.name %></td> + <td><%= user.pw_hash %></td> + <td><%= link_to 'Show', user %></td> + <td><%= link_to 'Edit', edit_user_path(user) %></td> + <td><%= link_to 'Destroy', user, method: :delete, data: { confirm: 'Are you sure?' } %></td> + </tr> + <% end %> + </tbody> +</table> + +<br> + +<%= link_to 'New User', new_user_path %> diff --git a/app/views/users/index.json.jbuilder b/app/views/users/index.json.jbuilder new file mode 100644 index 0000000..182437e --- /dev/null +++ b/app/views/users/index.json.jbuilder @@ -0,0 +1,4 @@ +json.array!(@users) do |user| + json.extract! user, :id, :name, :pw_hash + json.url user_url(user, format: :json) +end diff --git a/app/views/users/new.html.erb b/app/views/users/new.html.erb index 418f2e2..2a745cc 100644 --- a/app/views/users/new.html.erb +++ b/app/views/users/new.html.erb @@ -1,5 +1,6 @@ <h1> Sign Up </h1> +<% if false %> <%= form_for :user do |f| %> <p> <%= f.label :name %><br> @@ -19,9 +20,41 @@ </p> <p> <%= f.label :password_confirm %><br> - <%= f.text_field :password_confirm %> + <%= f.text_field :password_confirmation %> </p> <p> <%= f.submit %> </p> <% end %> + + +<% end %> + +<form accept-charset="UTF-8" action="/users" method="post"><div style="margin:0;padding:0;display:inline"><input name="utf8" type="hidden" value="✓" /><input name="authenticity_token" type="hidden" value="6WQoPLFISlDYCsi4LhAgT0hgrht19yydD3w5TlKfb7I=" /></div> + <p> + <label for="user_name">Name</label><br> + <input id="user_name" name="user[name]" type="text" /> + </p> + <p> + <label for="user_email">Email</label><br> + <input id="user_email" name="user[email]" type="text" /> + </p> + <p> + <label for="user_user_name">User name</label><br> + <input id="user_user_name" name="user[user_name]" type="text" /> + </p> + <p> + <label for="user_password">Password</label><br> + <input id="user_password" name="user[password]" type="text" /> + </p> + <p> + <label for="user_password_confirm">Password confirm</label><br> + <input id="user_password_confirmation" name="user[password_confirmation]" type="text" /> + </p> + <p> + <input name="commit" type="submit" value="Save User" /> + </p> +</form> + +<%= link_to 'Already Have an Account? Log in', "signin", :class => "btn btn-warning btn-lg" %> + diff --git a/app/views/users/show.html.erb b/app/views/users/show.html.erb new file mode 100644 index 0000000..43c12fe --- /dev/null +++ b/app/views/users/show.html.erb @@ -0,0 +1,3 @@ +app/views/users/show.html.erb + +<%= @user.name %>, <%= @user.email %> diff --git a/app/views/users/show.json.jbuilder b/app/views/users/show.json.jbuilder new file mode 100644 index 0000000..1262e80 --- /dev/null +++ b/app/views/users/show.json.jbuilder @@ -0,0 +1 @@ +json.extract! @user, :id, :name, :pw_hash, :created_at, :updated_at |