- Change default from email to use ENV variable
- Fetch SMTP username from Rails credentials
This change improves the security of the application by avoiding
hardcoded email addresses and allows for easier configuration
across different environments.
- Change default URL options to use environment variable
- Update SMTP settings to fetch credentials from environment variables
- Comment out hardcoded email sender in tests
These changes improve the flexibility of the mailer configuration by
allowing it to adapt to different environments through environment
variables. This reduces the risk of exposing sensitive information
in the codebase and makes it easier to configure for different
production setups.
- Implement password reset request and form
- Add user validation and expiration checks
- Create integration tests for password reset process
This commit introduces a complete password reset feature, allowing
users to reset their passwords securely. It includes necessary
validations to ensure the user is valid and the reset token has
not expired. Additionally, integration tests have been added to
verify the functionality and edge cases, enhancing overall
application security and user experience.
- Change `user.send(:activate)` to `user.activate` for clarity.
- Fix typo in email parameter from `emial` to `email` in password reset.
- Update render calls to include status codes for better error handling.
- Modify password reset email method to accept a user parameter.
- Update tests to reflect changes in password reset functionality.
These changes improve the clarity of the user activation process and
ensure that the password reset functionality works correctly with
proper error handling and user feedback.
- Implement PasswordResetsController with new and create actions
- Add views for new and edit password reset forms
- Update routes to include password reset paths
- Create migration to add reset_digest and reset_send_at to users
This commit introduces a complete password reset feature, allowing
users to request a password reset via email. It includes the
necessary controller actions, views, and database schema updates.
The user experience is enhanced with a link to the password reset
form on the login page.
- Include the pg gem in the production group of the Gemfile
- Update Gemfile.lock to reflect the addition of pg version 1.5.9
This change adds support for PostgreSQL in the production environment, which is necessary for deploying the application with a PostgreSQL database. The addition of the pg gem ensures that the application can connect to and interact with the database as intended.
- Install NVM for managing Node.js versions
- Set environment variables for NVM and Node.js
- Install Yarn globally using npm
This commit enhances the Dockerfile by adding support for
Node.js version management through NVM and includes Yarn
as a package manager. This setup allows for easier
upgrades and management of Node.js dependencies in the
container environment.
- Upgrade thruster gem to version 0.1.10
- Set SMTP user credentials for sending emails
- Adjust test to verify only activated users are displayed
These updates improve email handling and ensure that the application
uses the latest version of the thruster gem, while also refining
the user index test to accurately reflect the activated state.
- Changed single quotes to double quotes in assertions for consistency.
- Updated routes file for spacing consistency in resource declaration.
These changes improve code readability and maintain consistency in the
codebase, making it easier for developers to follow the style guide.
- Implement AccountActivationsController for activation logic
- Create UserMailer for sending activation emails
- Update SessionsController to handle unactivated users
- Modify UsersController to restrict access to activated users
- Add activation fields to User model and database migration
- Create views for account activation emails
- Add tests for account activation functionality
- Change the render method to include a status of
:unprocessable_entity when the email/password combination
is invalid.
- This change improves the API response for invalid login
attempts, allowing clients to better handle errors.
- Implement user destroy action in UsersController
- Add admin check for user deletion
- Update user view to include delete link for admins
- Add migration to add admin attribute to users
- Update tests to cover new admin functionality
This commit introduces the ability for admin users to delete
other users from the system. It includes necessary checks to
ensure that only admins can perform this action, along with
updates to the user interface and tests to validate the
new behavior.
- Integrate Kaminari for pagination of users
- Update users_controller to paginate users
- Add pagination views for first, last, next, and previous pages
- Seed database with example users for testing
This commit introduces pagination to the user index view, allowing
for better navigation through large sets of users. The Kaminari gem
is utilized to handle pagination, improving the user experience by
reducing load times and enhancing usability. Additionally, the
seeding script has been updated to create multiple users for
better testing of the pagination feature.
- Implement users index action in UsersController
- Create view for displaying all users with gravatar
- Update header to link to users index
- Add styles for user list display
This commit introduces a new feature that allows logged-in users to
view a list of all registered users. It includes necessary
controller actions, view templates, and styling to improve the
user interface.
- Remove unnecessary turbo frame tag from the signup form
- Directly render the form within the column div
This change simplifies the user signup view by removing the
unneeded turbo frame, which was not contributing to the
functionality. The form is now rendered directly, making the
code cleaner and easier to understand.
- Rename test for friendly forwarding to be more concise
- Add a separate test for successful user edit
These changes enhance the clarity of the test suite by
providing a more descriptive name for the friendly forwarding
test and separating the successful edit functionality into
its own test case, improving maintainability and readability.
- Updated single quotes to double quotes for consistency
- Adjusted spacing in array definitions for better readability
- Ensured consistent use of quotes in flash messages and method parameters
These changes enhance the overall code style without altering any functionality.
- Update store_location method to handle HEAD requests
- Ensure session forwarding URL is set for both GET and HEAD requests
This change enhances the session management by allowing the
application to store the original URL for HEAD requests,
which is useful for certain types of HTTP interactions.
- Upgrade ffi from 1.17.0 to 1.17.1 for improved compatibility
- Update guard from 2.19.0 to 2.19.1 to address potential issues
These updates ensure that the project uses the latest versions of
these gems, which may include bug fixes and performance improvements.
No breaking changes are expected from these updates.
- Upgrade brakeman from version 6.2.2 to 7.0.0
- Ensure compatibility with the latest security checks
This update includes improvements and new features in the
brakeman gem, enhancing the security analysis of the codebase.
It is important to test the application after this upgrade to
confirm that no new issues have been introduced.
- Deleted .idea/misc.xml, .idea/modules.xml, and .idea/sample_rails_app.iml files
- Added .idea to .gitignore to prevent future IDE files from being tracked
This commit cleans up the repository by removing IDE-specific configuration files that are not needed for the project. It also ensures that any future IDE files will be ignored, keeping the repository clean and focused on the actual project code.
- Add .gitignore to exclude IDE-specific files
- Create misc.xml, modules.xml, and vcs.xml for project settings
- Add sample_rails_app.iml for Ruby on Rails module configuration
- Remove unused gems from Gemfile.lock to streamline dependencies
These changes set up the project environment for Ruby on Rails development and improve dependency management by removing unnecessary gems.
- Implement friendly forwarding for user login
- Add correct_user method to ensure users can only edit their own profiles
- Update sessions_controller to handle forwarding URL
- Enhance user controller tests to verify redirection for unauthorized access
These changes improve user experience by allowing users to be redirected
back to their intended page after logging in. Additionally, the new
correct_user method enhances security by preventing users from editing
other users' profiles, ensuring proper authorization checks are in place.
- Implement before_action to ensure users are logged in
- Add logged_in_user method to handle redirection
- Update user fixture to include new user
- Enhance integration tests to check for login requirement
This commit introduces user authentication checks for the edit and
update actions in the UsersController. It ensures that only logged-in
users can access these actions, improving the security of the
application. Additionally, integration tests have been updated to
verify that users are redirected to the login page if they attempt
to edit or update their information without being logged in.
- Implemented edit and update actions in UsersController
- Created edit user view and form partial
- Updated user model validation to allow nil password
- Modified header to link to user settings
- Added integration tests for successful and unsuccessful edits
This commit introduces the ability for users to edit their profile
information, including name and email. It also includes validation
updates to allow users to update their profiles without changing
their password. Integration tests ensure that both successful and
unsuccessful edit attempts are handled correctly.
- Implement remember me checkbox in login form
- Update sessions controller to handle remember me logic
- Enhance session management to prevent session hijacking
- Add tests for remember me functionality
This commit introduces a "Remember me" feature that allows users to
stay logged in across sessions. It includes updates to the login
form, session handling in the controller, and additional tests to
ensure the functionality works as expected. The changes also
improve security by validating session tokens to prevent session
hijacking.
- Update `destroy` action in `SessionsController` to log out
only if the user is currently logged in.
- Add a check in the `authenticated?` method of the `User`
model to return false if `remember_digest` is nil.
- Enhance integration tests to simulate logout in another
browser session and verify that the logout link is not
present after logging out.
These changes improve the robustness of the session management
by preventing unnecessary logout attempts and ensuring that
authentication checks are more reliable.
- Implement remember method in User model to generate and store a remember token
- Update SessionsController to call remember on successful login
- Enhance current_user method to retrieve user from cookies if session is not present
- Add forget method to clear remember token on logout
- Create migration to add remember_digest column to users table
- Change "Log out" link to use `data: { turbo_method: :delete }`
- Update "Login in" to "Log in" for consistency
- Fix typo in sign-up prompt from "SIgn up now!" to "Sign up now!"
- Ensure proper indentation in error messages partial
- Add turbo frame to user signup form for better performance
- Adjust routes for consistency by adding leading slashes
These changes enhance the user interface by correcting typographical errors and improving the logout functionality. The use of turbo frames in the signup form aims to optimize the user experience during account creation.
- Add cssbundling-rails and jsbundling-rails gems for improved
asset management.
- Create a Procfile for development with separate processes for
CSS and JS.
- Remove unused jQuery and Bootstrap assets from the
application.
- Update .gitignore to exclude build artifacts and node_modules.
These changes streamline the asset pipeline, allowing for
better organization and performance in handling CSS and JS
files. The removal of unused assets reduces clutter and
potential conflicts in the asset management process.
- Update session creation to use safe navigation operator
- Implement log_out method in SessionsHelper
- Add session reset and login on user creation
- Improve user login tests for better coverage
These changes improve the user session management by ensuring
that the session is handled more safely and efficiently. The
addition of the log_out method centralizes session termination,
while the updated tests ensure that both login and logout
functionality are thoroughly validated.
- Add a toggle button for collapsing the navbar
- Change the structure of the navbar to ensure it is responsive
This enhancement allows the navigation bar to be more user-friendly
on mobile devices, enabling easy access to navigation links while
saving screen space. The toggle button helps in collapsing or
expanding the menu as needed.
- Implement user creation in UsersController
- Add user registration form in new.html.erb
- Create error messages partial for form validation
- Add gravatar helper for user profile
- Update routes to include resources for users
- Introduce integration tests for signup validation
This commit establishes the foundation for user registration, allowing users to sign up with their details and providing feedback on form errors. It enhances the user experience by integrating visual elements like gravatars and error messages.
- Add User model with validations for name and email
- Implement UsersController with new action for signup
- Create views for user signup and home page
- Update routes to include signup path
- Add bcrypt gem for password security
- Include tests for user model and controller actions
This commit establishes the foundation for user registration in the application, ensuring proper validation and security measures are in place. It also enhances the user experience by providing a dedicated signup page.
- Moved universal styles, typography, header, and footer styles
from application.scss to custom.scss for better organization.
- Introduced SCSS variables for colors to enhance maintainability.
- Updated the hover state for the logo and footer links to use
the new color variable.
This change improves the structure of the stylesheets, making it
more manageable and easier to maintain in the future.
- Implement header and footer partials for better layout
- Create a full_title helper method for dynamic page titles
- Update application layout to use new header and footer
- Add typography styles for improved text presentation
These changes enhance the overall structure of the application by
introducing reusable header and footer components, which improves
maintainability. The full_title helper method allows for dynamic
titles across different pages, providing a consistent user
experience. Additionally, typography styles have been added to
improve readability and aesthetics.
