sample_rails_tailwind/app/models/user.rb

class User < ApplicationRecord
  attr_accessor :remember_token, :activation_token, :reset_token
  # before_save { self.email = email.downcase }
  # before_save { email.downcase! }
  before_save   :downcase_email
  before_create :create_activation_digest
  validates :name, presence: true, length: { maximum: 50 }
  VALID_EMAIL_REGEX = /\A[\w+\-.]+@[a-z\d\-]+(\.[a-z\d\-]+)*\.[a-z]+\z/i
  validates :email, presence: true, length: { maximum: 255 },
            format: { with: VALID_EMAIL_REGEX },
            uniqueness:  true
  has_secure_password
  validates :password, presence: true, length: { minimum: 6 }, allow_nil: true

  def User.digest(string)
    cost = ActiveModel::SecurePassword.min_cost ? BCrypt::Engine::MIN_COST :
             BCrypt::Engine.cost
    BCrypt::Password.create(string, cost: cost)
  end

  def User.new_token
    SecureRandom.urlsafe_base64
  end

  def remember
    self.remember_token = User.new_token
    update_attribute(:remember_digest, User.digest(remember_token))
    remember_digest
  end

  # 返回一个会话令牌,防止会话劫持
  # 简单起见,直接使用记忆令牌
  def session_token
    remember_digest || remember
  end

  class << self
    def digest(string)
      cost  = ActiveModel::SecurePassword.min_cost ? BCrypt::Engine::MIN_COST :
                                                      BCrypt::Engine.cost
      BCrypt::Password.create(string, cost: cost)
    end

    def new_token
      SecureRandom.urlsafe_base64
    end
  end

  # powered by metaprogramming
  def authenticated?(attribute, token)
    digest = send("#{attribute}_digest")
    return false if digest.nil?
    BCrypt::Password.new(digest).is_password?(token)
  end

  def forget
    update_attribute(:remember_digest, nil)
  end

  def activate
    # update_attribute(:activated, true)
    # update_attribute(:activated_at, Time.zone.now)
    update_columns(activated: true, activated_at: Time.zone.now)
  end

  def send_activation_email
    UserMailer.account_activation(self).deliver_now
  end

  def create_reset_digest
    self.reset_token = User.new_token
    update_columns(reset_digest: User.digest(reset_token),
                   reset_send_at: Time.zone.now)
  end

  def send_password_reset_email
    UserMailer.password_reset(self).deliver_now
  end

  def password_reset_expired?
    reset_send_at < 2.hours.ago
  end

  private

  def downcase_email
    # self.email = email.downcase
    email.downcase!
  end

  def create_activation_digest
    self.activation_token = User.new_token
    self.activation_digest = User.digest(activation_token)
  end
end
feat: add user registration functionality - Add User model with validations for name and email - Implement UsersController with new action for signup - Create views for user signup and home page - Update routes to include signup path - Add bcrypt gem for password security - Include tests for user model and controller actions This commit establishes the foundation for user registration in the application, ensuring proper validation and security measures are in place. It also enhances the user experience by providing a dedicated signup page. 2024-12-31 14:20:22 +08:00			`class User < ApplicationRecord`
fix: correct user activation and password reset logic - Change `user.send(:activate)` to `user.activate` for clarity. - Fix typo in email parameter from `emial` to `email` in password reset. - Update render calls to include status codes for better error handling. - Modify password reset email method to accept a user parameter. - Update tests to reflect changes in password reset functionality. These changes improve the clarity of the user activation process and ensure that the password reset functionality works correctly with proper error handling and user feedback. 2025-01-08 10:14:36 +08:00			`attr_accessor :remember_token, :activation_token, :reset_token`
feat: add user registration functionality - Add User model with validations for name and email - Implement UsersController with new action for signup - Create views for user signup and home page - Update routes to include signup path - Add bcrypt gem for password security - Include tests for user model and controller actions This commit establishes the foundation for user registration in the application, ensuring proper validation and security measures are in place. It also enhances the user experience by providing a dedicated signup page. 2024-12-31 14:20:22 +08:00			`# before_save { self.email = email.downcase }`
feat: add account activation feature - Implement AccountActivationsController for activation logic - Create UserMailer for sending activation emails - Update SessionsController to handle unactivated users - Modify UsersController to restrict access to activated users - Add activation fields to User model and database migration - Create views for account activation emails - Add tests for account activation functionality 2025-01-06 18:38:39 +08:00			`# before_save { email.downcase! }`
			`before_save :downcase_email`
			`before_create :create_activation_digest`
feat: add user registration functionality - Add User model with validations for name and email - Implement UsersController with new action for signup - Create views for user signup and home page - Update routes to include signup path - Add bcrypt gem for password security - Include tests for user model and controller actions This commit establishes the foundation for user registration in the application, ensuring proper validation and security measures are in place. It also enhances the user experience by providing a dedicated signup page. 2024-12-31 14:20:22 +08:00			`validates :name, presence: true, length: { maximum: 50 }`
			`VALID_EMAIL_REGEX = /\A[\w+\-.]+@[a-z\d\-]+(\.[a-z\d\-]+)*\.[a-z]+\z/i`
			`validates :email, presence: true, length: { maximum: 255 },`
			`format: { with: VALID_EMAIL_REGEX },`
			`uniqueness: true`
			`has_secure_password`
feat: add user profile editing functionality - Implemented edit and update actions in UsersController - Created edit user view and form partial - Updated user model validation to allow nil password - Modified header to link to user settings - Added integration tests for successful and unsuccessful edits This commit introduces the ability for users to edit their profile information, including name and email. It also includes validation updates to allow users to update their profiles without changing their password. Integration tests ensure that both successful and unsuccessful edit attempts are handled correctly. 2025-01-03 10:55:42 +08:00			`validates :password, presence: true, length: { minimum: 6 }, allow_nil: true`
feat: enhance user session management - Update session creation to use safe navigation operator - Implement log_out method in SessionsHelper - Add session reset and login on user creation - Improve user login tests for better coverage These changes improve the user session management by ensuring that the session is handled more safely and efficiently. The addition of the log_out method centralizes session termination, while the updated tests ensure that both login and logout functionality are thoroughly validated. 2025-01-02 11:59:27 +08:00
			`def User.digest(string)`
			`cost = ActiveModel::SecurePassword.min_cost ? BCrypt::Engine::MIN_COST :`
			`BCrypt::Engine.cost`
			`BCrypt::Password.create(string, cost: cost)`
			`end`
feat: add remember me functionality for user sessions - Implement remember method in User model to generate and store a remember token - Update SessionsController to call remember on successful login - Enhance current_user method to retrieve user from cookies if session is not present - Add forget method to clear remember token on logout - Create migration to add remember_digest column to users table 2025-01-02 16:47:26 +08:00
			`def User.new_token`
			`SecureRandom.urlsafe_base64`
			`end`

			`def remember`
			`self.remember_token = User.new_token`
			`update_attribute(:remember_digest, User.digest(remember_token))`
feat: add remember me functionality to login - Implement remember me checkbox in login form - Update sessions controller to handle remember me logic - Enhance session management to prevent session hijacking - Add tests for remember me functionality This commit introduces a "Remember me" feature that allows users to stay logged in across sessions. It includes updates to the login form, session handling in the controller, and additional tests to ensure the functionality works as expected. The changes also improve security by validating session tokens to prevent session hijacking. 2025-01-02 17:49:06 +08:00			`remember_digest`
			`end`

			`# 返回一个会话令牌,防止会话劫持`
			`# 简单起见,直接使用记忆令牌`
			`def session_token`
			`remember_digest \|\| remember`
feat: add remember me functionality for user sessions - Implement remember method in User model to generate and store a remember token - Update SessionsController to call remember on successful login - Enhance current_user method to retrieve user from cookies if session is not present - Add forget method to clear remember token on logout - Create migration to add remember_digest column to users table 2025-01-02 16:47:26 +08:00			`end`

			`class << self`
			`def digest(string)`
			`cost = ActiveModel::SecurePassword.min_cost ? BCrypt::Engine::MIN_COST :`
			`BCrypt::Engine.cost`
			`BCrypt::Password.create(string, cost: cost)`
			`end`

			`def new_token`
			`SecureRandom.urlsafe_base64`
			`end`
			`end`

feat: add account activation feature - Implement AccountActivationsController for activation logic - Create UserMailer for sending activation emails - Update SessionsController to handle unactivated users - Modify UsersController to restrict access to activated users - Add activation fields to User model and database migration - Create views for account activation emails - Add tests for account activation functionality 2025-01-06 18:38:39 +08:00			`# powered by metaprogramming`
			`def authenticated?(attribute, token)`
			`digest = send("#{attribute}_digest")`
			`return false if digest.nil?`
			`BCrypt::Password.new(digest).is_password?(token)`
feat: add remember me functionality for user sessions - Implement remember method in User model to generate and store a remember token - Update SessionsController to call remember on successful login - Enhance current_user method to retrieve user from cookies if session is not present - Add forget method to clear remember token on logout - Create migration to add remember_digest column to users table 2025-01-02 16:47:26 +08:00			`end`

			`def forget`
			`update_attribute(:remember_digest, nil)`
			`end`
feat: add account activation feature - Implement AccountActivationsController for activation logic - Create UserMailer for sending activation emails - Update SessionsController to handle unactivated users - Modify UsersController to restrict access to activated users - Add activation fields to User model and database migration - Create views for account activation emails - Add tests for account activation functionality 2025-01-06 18:38:39 +08:00
fix: correct user activation and password reset logic - Change `user.send(:activate)` to `user.activate` for clarity. - Fix typo in email parameter from `emial` to `email` in password reset. - Update render calls to include status codes for better error handling. - Modify password reset email method to accept a user parameter. - Update tests to reflect changes in password reset functionality. These changes improve the clarity of the user activation process and ensure that the password reset functionality works correctly with proper error handling and user feedback. 2025-01-08 10:14:36 +08:00			`def activate`
			`# update_attribute(:activated, true)`
			`# update_attribute(:activated_at, Time.zone.now)`
			`update_columns(activated: true, activated_at: Time.zone.now)`
			`end`

			`def send_activation_email`
			`UserMailer.account_activation(self).deliver_now`
			`end`

			`def create_reset_digest`
			`self.reset_token = User.new_token`
feat: add password reset functionality - Implement password reset request and form - Add user validation and expiration checks - Create integration tests for password reset process This commit introduces a complete password reset feature, allowing users to reset their passwords securely. It includes necessary validations to ensure the user is valid and the reset token has not expired. Additionally, integration tests have been added to verify the functionality and edge cases, enhancing overall application security and user experience. 2025-01-08 11:44:42 +08:00			`update_columns(reset_digest: User.digest(reset_token),`
			`reset_send_at: Time.zone.now)`
fix: correct user activation and password reset logic - Change `user.send(:activate)` to `user.activate` for clarity. - Fix typo in email parameter from `emial` to `email` in password reset. - Update render calls to include status codes for better error handling. - Modify password reset email method to accept a user parameter. - Update tests to reflect changes in password reset functionality. These changes improve the clarity of the user activation process and ensure that the password reset functionality works correctly with proper error handling and user feedback. 2025-01-08 10:14:36 +08:00			`end`

			`def send_password_reset_email`
			`UserMailer.password_reset(self).deliver_now`
			`end`

feat: add password reset functionality - Implement password reset request and form - Add user validation and expiration checks - Create integration tests for password reset process This commit introduces a complete password reset feature, allowing users to reset their passwords securely. It includes necessary validations to ensure the user is valid and the reset token has not expired. Additionally, integration tests have been added to verify the functionality and edge cases, enhancing overall application security and user experience. 2025-01-08 11:44:42 +08:00			`def password_reset_expired?`
			`reset_send_at < 2.hours.ago`
			`end`

feat: add account activation feature - Implement AccountActivationsController for activation logic - Create UserMailer for sending activation emails - Update SessionsController to handle unactivated users - Modify UsersController to restrict access to activated users - Add activation fields to User model and database migration - Create views for account activation emails - Add tests for account activation functionality 2025-01-06 18:38:39 +08:00			`private`

			`def downcase_email`
			`# self.email = email.downcase`
			`email.downcase!`
			`end`

			`def create_activation_digest`
			`self.activation_token = User.new_token`
			`self.activation_digest = User.digest(activation_token)`
			`end`
feat: add user registration functionality - Add User model with validations for name and email - Implement UsersController with new action for signup - Create views for user signup and home page - Update routes to include signup path - Add bcrypt gem for password security - Include tests for user model and controller actions This commit establishes the foundation for user registration in the application, ensuring proper validation and security measures are in place. It also enhances the user experience by providing a dedicated signup page. 2024-12-31 14:20:22 +08:00			`end`