sample_rails_tailwind/app/models/user.rb

class User < ApplicationRecord
  attr_accessor :remember_token
  # before_save { self.email = email.downcase }
  before_save { email.downcase! }
  validates :name, presence: true, length: { maximum: 50 }
  VALID_EMAIL_REGEX = /\A[\w+\-.]+@[a-z\d\-]+(\.[a-z\d\-]+)*\.[a-z]+\z/i
  validates :email, presence: true, length: { maximum: 255 },
            format: { with: VALID_EMAIL_REGEX },
            uniqueness:  true
  has_secure_password
  validates :password, presence: true, length: { minimum: 6 }, allow_nil: true

  def User.digest(string)
    cost = ActiveModel::SecurePassword.min_cost ? BCrypt::Engine::MIN_COST :
             BCrypt::Engine.cost
    BCrypt::Password.create(string, cost: cost)
  end

  def User.new_token
    SecureRandom.urlsafe_base64
  end

  def remember
    self.remember_token = User.new_token
    update_attribute(:remember_digest, User.digest(remember_token))
    remember_digest
  end

  # 返回一个会话令牌,防止会话劫持
  # 简单起见,直接使用记忆令牌
  def session_token
    remember_digest || remember
  end

  class << self
    def digest(string)
      cost  = ActiveModel::SecurePassword.min_cost ? BCrypt::Engine::MIN_COST :
                                                      BCrypt::Engine.cost
      BCrypt::Password.create(string, cost: cost)
    end

    def new_token
      SecureRandom.urlsafe_base64
    end
  end

  def authenticated?(remember_token)
    return false if remember_digest.nil?
    BCrypt::Password.new(remember_digest).is_password?(remember_token)
  end

  def forget
    update_attribute(:remember_digest, nil)
  end
end
feat: add user registration functionality - Add User model with validations for name and email - Implement UsersController with new action for signup - Create views for user signup and home page - Update routes to include signup path - Add bcrypt gem for password security - Include tests for user model and controller actions This commit establishes the foundation for user registration in the application, ensuring proper validation and security measures are in place. It also enhances the user experience by providing a dedicated signup page. 2024-12-31 14:20:22 +08:00			`class User < ApplicationRecord`
feat: add remember me functionality for user sessions - Implement remember method in User model to generate and store a remember token - Update SessionsController to call remember on successful login - Enhance current_user method to retrieve user from cookies if session is not present - Add forget method to clear remember token on logout - Create migration to add remember_digest column to users table 2025-01-02 16:47:26 +08:00			`attr_accessor :remember_token`
feat: add user registration functionality - Add User model with validations for name and email - Implement UsersController with new action for signup - Create views for user signup and home page - Update routes to include signup path - Add bcrypt gem for password security - Include tests for user model and controller actions This commit establishes the foundation for user registration in the application, ensuring proper validation and security measures are in place. It also enhances the user experience by providing a dedicated signup page. 2024-12-31 14:20:22 +08:00			`# before_save { self.email = email.downcase }`
			`before_save { email.downcase! }`
			`validates :name, presence: true, length: { maximum: 50 }`
			`VALID_EMAIL_REGEX = /\A[\w+\-.]+@[a-z\d\-]+(\.[a-z\d\-]+)*\.[a-z]+\z/i`
			`validates :email, presence: true, length: { maximum: 255 },`
			`format: { with: VALID_EMAIL_REGEX },`
			`uniqueness: true`
			`has_secure_password`
feat: add user profile editing functionality - Implemented edit and update actions in UsersController - Created edit user view and form partial - Updated user model validation to allow nil password - Modified header to link to user settings - Added integration tests for successful and unsuccessful edits This commit introduces the ability for users to edit their profile information, including name and email. It also includes validation updates to allow users to update their profiles without changing their password. Integration tests ensure that both successful and unsuccessful edit attempts are handled correctly. 2025-01-03 10:55:42 +08:00			`validates :password, presence: true, length: { minimum: 6 }, allow_nil: true`
feat: enhance user session management - Update session creation to use safe navigation operator - Implement log_out method in SessionsHelper - Add session reset and login on user creation - Improve user login tests for better coverage These changes improve the user session management by ensuring that the session is handled more safely and efficiently. The addition of the log_out method centralizes session termination, while the updated tests ensure that both login and logout functionality are thoroughly validated. 2025-01-02 11:59:27 +08:00
			`def User.digest(string)`
			`cost = ActiveModel::SecurePassword.min_cost ? BCrypt::Engine::MIN_COST :`
			`BCrypt::Engine.cost`
			`BCrypt::Password.create(string, cost: cost)`
			`end`
feat: add remember me functionality for user sessions - Implement remember method in User model to generate and store a remember token - Update SessionsController to call remember on successful login - Enhance current_user method to retrieve user from cookies if session is not present - Add forget method to clear remember token on logout - Create migration to add remember_digest column to users table 2025-01-02 16:47:26 +08:00
			`def User.new_token`
			`SecureRandom.urlsafe_base64`
			`end`

			`def remember`
			`self.remember_token = User.new_token`
			`update_attribute(:remember_digest, User.digest(remember_token))`
feat: add remember me functionality to login - Implement remember me checkbox in login form - Update sessions controller to handle remember me logic - Enhance session management to prevent session hijacking - Add tests for remember me functionality This commit introduces a "Remember me" feature that allows users to stay logged in across sessions. It includes updates to the login form, session handling in the controller, and additional tests to ensure the functionality works as expected. The changes also improve security by validating session tokens to prevent session hijacking. 2025-01-02 17:49:06 +08:00			`remember_digest`
			`end`

			`# 返回一个会话令牌,防止会话劫持`
			`# 简单起见,直接使用记忆令牌`
			`def session_token`
			`remember_digest \|\| remember`
feat: add remember me functionality for user sessions - Implement remember method in User model to generate and store a remember token - Update SessionsController to call remember on successful login - Enhance current_user method to retrieve user from cookies if session is not present - Add forget method to clear remember token on logout - Create migration to add remember_digest column to users table 2025-01-02 16:47:26 +08:00			`end`

			`class << self`
			`def digest(string)`
			`cost = ActiveModel::SecurePassword.min_cost ? BCrypt::Engine::MIN_COST :`
			`BCrypt::Engine.cost`
			`BCrypt::Password.create(string, cost: cost)`
			`end`

			`def new_token`
			`SecureRandom.urlsafe_base64`
			`end`
			`end`

			`def authenticated?(remember_token)`
fix: ensure user logout only if logged in - Update `destroy` action in `SessionsController` to log out only if the user is currently logged in. - Add a check in the `authenticated?` method of the `User` model to return false if `remember_digest` is nil. - Enhance integration tests to simulate logout in another browser session and verify that the logout link is not present after logging out. These changes improve the robustness of the session management by preventing unnecessary logout attempts and ensuring that authentication checks are more reliable. 2025-01-02 17:17:09 +08:00			`return false if remember_digest.nil?`
feat: add remember me functionality for user sessions - Implement remember method in User model to generate and store a remember token - Update SessionsController to call remember on successful login - Enhance current_user method to retrieve user from cookies if session is not present - Add forget method to clear remember token on logout - Create migration to add remember_digest column to users table 2025-01-02 16:47:26 +08:00			`BCrypt::Password.new(remember_digest).is_password?(remember_token)`
			`end`

			`def forget`
			`update_attribute(:remember_digest, nil)`
			`end`
feat: add user registration functionality - Add User model with validations for name and email - Implement UsersController with new action for signup - Create views for user signup and home page - Update routes to include signup path - Add bcrypt gem for password security - Include tests for user model and controller actions This commit establishes the foundation for user registration in the application, ensuring proper validation and security measures are in place. It also enhances the user experience by providing a dedicated signup page. 2024-12-31 14:20:22 +08:00			`end`