songtianlun
f110f26c0b
- Update `destroy` action in `SessionsController` to log out only if the user is currently logged in. - Add a check in the `authenticated?` method of the `User` model to return false if `remember_digest` is nil. - Enhance integration tests to simulate logout in another browser session and verify that the logout link is not present after logging out. These changes improve the robustness of the session management by preventing unnecessary logout attempts and ensuring that authentication checks are more reliable.
49 lines
1.4 KiB
Ruby
49 lines
1.4 KiB
Ruby
class User < ApplicationRecord
|
|
attr_accessor :remember_token
|
|
# before_save { self.email = email.downcase }
|
|
before_save { email.downcase! }
|
|
validates :name, presence: true, length: { maximum: 50 }
|
|
VALID_EMAIL_REGEX = /\A[\w+\-.]+@[a-z\d\-]+(\.[a-z\d\-]+)*\.[a-z]+\z/i
|
|
validates :email, presence: true, length: { maximum: 255 },
|
|
format: { with: VALID_EMAIL_REGEX },
|
|
uniqueness: true
|
|
has_secure_password
|
|
validates :password, presence: true, length: { minimum: 6 }
|
|
|
|
def User.digest(string)
|
|
cost = ActiveModel::SecurePassword.min_cost ? BCrypt::Engine::MIN_COST :
|
|
BCrypt::Engine.cost
|
|
BCrypt::Password.create(string, cost: cost)
|
|
end
|
|
|
|
def User.new_token
|
|
SecureRandom.urlsafe_base64
|
|
end
|
|
|
|
def remember
|
|
self.remember_token = User.new_token
|
|
update_attribute(:remember_digest, User.digest(remember_token))
|
|
end
|
|
|
|
class << self
|
|
def digest(string)
|
|
cost = ActiveModel::SecurePassword.min_cost ? BCrypt::Engine::MIN_COST :
|
|
BCrypt::Engine.cost
|
|
BCrypt::Password.create(string, cost: cost)
|
|
end
|
|
|
|
def new_token
|
|
SecureRandom.urlsafe_base64
|
|
end
|
|
end
|
|
|
|
def authenticated?(remember_token)
|
|
return false if remember_digest.nil?
|
|
BCrypt::Password.new(remember_digest).is_password?(remember_token)
|
|
end
|
|
|
|
def forget
|
|
update_attribute(:remember_digest, nil)
|
|
end
|
|
end
|