- Change `user.send(:activate)` to `user.activate` for clarity.
- Fix typo in email parameter from `emial` to `email` in password reset.
- Update render calls to include status codes for better error handling.
- Modify password reset email method to accept a user parameter.
- Update tests to reflect changes in password reset functionality.
These changes improve the clarity of the user activation process and
ensure that the password reset functionality works correctly with
proper error handling and user feedback.
- Implement AccountActivationsController for activation logic
- Create UserMailer for sending activation emails
- Update SessionsController to handle unactivated users
- Modify UsersController to restrict access to activated users
- Add activation fields to User model and database migration
- Create views for account activation emails
- Add tests for account activation functionality
- Implemented edit and update actions in UsersController
- Created edit user view and form partial
- Updated user model validation to allow nil password
- Modified header to link to user settings
- Added integration tests for successful and unsuccessful edits
This commit introduces the ability for users to edit their profile
information, including name and email. It also includes validation
updates to allow users to update their profiles without changing
their password. Integration tests ensure that both successful and
unsuccessful edit attempts are handled correctly.
- Implement remember me checkbox in login form
- Update sessions controller to handle remember me logic
- Enhance session management to prevent session hijacking
- Add tests for remember me functionality
This commit introduces a "Remember me" feature that allows users to
stay logged in across sessions. It includes updates to the login
form, session handling in the controller, and additional tests to
ensure the functionality works as expected. The changes also
improve security by validating session tokens to prevent session
hijacking.
- Update `destroy` action in `SessionsController` to log out
only if the user is currently logged in.
- Add a check in the `authenticated?` method of the `User`
model to return false if `remember_digest` is nil.
- Enhance integration tests to simulate logout in another
browser session and verify that the logout link is not
present after logging out.
These changes improve the robustness of the session management
by preventing unnecessary logout attempts and ensuring that
authentication checks are more reliable.
- Implement remember method in User model to generate and store a remember token
- Update SessionsController to call remember on successful login
- Enhance current_user method to retrieve user from cookies if session is not present
- Add forget method to clear remember token on logout
- Create migration to add remember_digest column to users table
- Update session creation to use safe navigation operator
- Implement log_out method in SessionsHelper
- Add session reset and login on user creation
- Improve user login tests for better coverage
These changes improve the user session management by ensuring
that the session is handled more safely and efficiently. The
addition of the log_out method centralizes session termination,
while the updated tests ensure that both login and logout
functionality are thoroughly validated.
- Add User model with validations for name and email
- Implement UsersController with new action for signup
- Create views for user signup and home page
- Update routes to include signup path
- Add bcrypt gem for password security
- Include tests for user model and controller actions
This commit establishes the foundation for user registration in the application, ensuring proper validation and security measures are in place. It also enhances the user experience by providing a dedicated signup page.
