From d6aef44e05895607bc8e15a34fb15c75b2f20fb8 Mon Sep 17 00:00:00 2001
From: "Matthew F. Short" <short.matthew.f@gmail.com>
Date: Mon, 2 Nov 2015 12:03:04 -0500
Subject: [PATCH] tokens work

---
 app/controllers/application_controller.rb              |  8 ++++++--
 app/controllers/session_controller.rb                  | 10 ++++++++--
 .../20151102165102_add_session_token_to_users.rb       |  5 +++++
 db/schema.rb                                           |  5 +++--
 4 files changed, 22 insertions(+), 6 deletions(-)
 create mode 100644 db/migrate/20151102165102_add_session_token_to_users.rb

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 0174f6a..8397cd7 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -12,13 +12,17 @@ class ApplicationController < ActionController::Base
   private
 
   def current_user
-    if session[:current_user_id]
-      @current_user ||= User.find(session[:current_user_id])
+    if session[:session_token]
+      @current_user ||= User.find_by(session_token: session[:session_token])
     else
       @current_user = nil
     end
   end
 
+  def log_out!
+    session[:session_token] = nil
+  end
+
   def logged_in?
     !!current_user
   end
diff --git a/app/controllers/session_controller.rb b/app/controllers/session_controller.rb
index effe77a..1699048 100644
--- a/app/controllers/session_controller.rb
+++ b/app/controllers/session_controller.rb
@@ -5,7 +5,13 @@ class SessionController < ApplicationController
     user = User.find_by(email: user_params[:email])
 
     if user && user.authenticate(user_params[:password])
-      session[:current_user_id] = user.id
+      # session[:current_user_id] = user.id
+
+      token = SecureRandom.urlsafe_base64
+
+      session[:session_token] = token
+      user.update(session_token: token)
+
       flash[:message] = "Thanks for logging in, sinner."
     else
       flash[:message] = "Email / Password combo does not exist!"
@@ -15,7 +21,7 @@ class SessionController < ApplicationController
   end
 
   def destroy
-    session[:current_user_id] = nil
+    log_out!
 
     redirect_to root_path
   end
diff --git a/db/migrate/20151102165102_add_session_token_to_users.rb b/db/migrate/20151102165102_add_session_token_to_users.rb
new file mode 100644
index 0000000..94565c9
--- /dev/null
+++ b/db/migrate/20151102165102_add_session_token_to_users.rb
@@ -0,0 +1,5 @@
+class AddSessionTokenToUsers < ActiveRecord::Migration
+  def change
+    add_column :users, :session_token, :string
+  end
+end
diff --git a/db/schema.rb b/db/schema.rb
index ac2c50d..9d82f6c 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -11,14 +11,14 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 20151030132812) do
+ActiveRecord::Schema.define(version: 20151102165102) do
 
   # These are extensions that must be enabled in order to support this database
   enable_extension "plpgsql"
 
   create_table "confessions", force: :cascade do |t|
     t.integer  "transgression_id"
-    t.datetime "occurred_at",      default: '2015-11-02 14:55:24', null: false
+    t.datetime "occurred_at",      default: '2015-10-30 13:30:09', null: false
     t.string   "description",                                      null: false
     t.datetime "created_at",                                       null: false
     t.datetime "updated_at",                                       null: false
@@ -42,6 +42,7 @@ ActiveRecord::Schema.define(version: 20151030132812) do
     t.string   "password_digest", null: false
     t.datetime "created_at",      null: false
     t.datetime "updated_at",      null: false
+    t.string   "session_token"
   end
 
   add_index "users", ["email"], name: "index_users_on_email", using: :btree