tokens work

10 years ago · d6aef44e05
parent 3c1e821fab
commit d6aef44e05
4 changed files with 22 additions and 6 deletions
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@ -12,13 +12,17 @@ class ApplicationController < ActionController::Base
  private
  def current_user
-    if session[:current_user_id]
+    if session[:session_token]
-      @current_user ||= User.find(session[:current_user_id])
+      @current_user ||= User.find_by(session_token: session[:session_token])
    else
      @current_user = nil
    end
  end
  def log_out!
    session[:session_token] = nil
  end
  def logged_in?
    !!current_user
  end
--- a/app/controllers/session_controller.rb
+++ b/app/controllers/session_controller.rb
@ -5,7 +5,13 @@ class SessionController < ApplicationController
    user = User.find_by(email: user_params[:email])
    if user && user.authenticate(user_params[:password])
-      session[:current_user_id] = user.id
+      # session[:current_user_id] = user.id
      token = SecureRandom.urlsafe_base64
      session[:session_token] = token
      user.update(session_token: token)
      flash[:message] = "Thanks for logging in, sinner."
    else
      flash[:message] = "Email / Password combo does not exist!"
@ -15,7 +21,7 @@ class SessionController < ApplicationController
  end
  def destroy
-    session[:current_user_id] = nil
+    log_out!
    redirect_to root_path
  end
--- a/db/migrate/20151102165102_add_session_token_to_users.rb
+++ b/db/migrate/20151102165102_add_session_token_to_users.rb
@ -0,0 +1,5 @@
 class AddSessionTokenToUsers < ActiveRecord::Migration
  def change
    add_column :users, :session_token, :string
  end
 end
--- a/db/schema.rb
+++ b/db/schema.rb
@ -11,14 +11,14 @@
 #
 # It's strongly recommended that you check this file into your version control system.
-ActiveRecord::Schema.define(version: 20151030132812) do
+ActiveRecord::Schema.define(version: 20151102165102) do
  # These are extensions that must be enabled in order to support this database
  enable_extension "plpgsql"
  create_table "confessions", force: :cascade do |t|
    t.integer  "transgression_id"
-    t.datetime "occurred_at",      default: '2015-11-02 14:55:24', null: false
+    t.datetime "occurred_at",      default: '2015-10-30 13:30:09', null: false
    t.string   "description",                                      null: false
    t.datetime "created_at",                                       null: false
    t.datetime "updated_at",                                       null: false
@ -42,6 +42,7 @@ ActiveRecord::Schema.define(version: 20151030132812) do
    t.string   "password_digest", null: false
    t.datetime "created_at",      null: false
    t.datetime "updated_at",      null: false
    t.string   "session_token"
  end
  add_index "users", ["email"], name: "index_users_on_email", using: :btree