authentification forum améliorée

app/controllers/application_controller.rb

@@ -25,11 +25,15 @@ class ApplicationController < ActionController::Base
   private
 
     def current_fuser
-      if session[:forum_user_id] and ForumUser.exists?(session[:forum_user_id])
+      
-        @current_fuser = ForumUser.find(session[:forum_user_id])
+      @current_fuser ||= ForumUser.find_by_auth_token!(cookies[:forum_auth_token]) if cookies[:forum_auth_token]
-      else
+      
-        nil
+      
-      end
+      #if session[:forum_user_id] and ForumUser.exists?(session[:forum_user_id])
+      #  @current_fuser = ForumUser.find(session[:forum_user_id])
+      #else
+      #  nil
+      #end
      
     end
     

app/controllers/forum/auths_controller.rb

@@ -10,8 +10,20 @@ class Forum::AuthsController < ApplicationController
     @forum = true
     user = ForumUser.find_by_email(params[:email])
     if user && user.authenticate(params[:password])
-      session[:forum_user_id] = user.id
+      #session[:forum_user_id] = user.id
+      
+      
+      if params[:remember_me]
+        cookies.permanent[:forum_auth_token] = user.auth_token
+      else
+        cookies[:forum_auth_token] = user.auth_token
+      end
+      
       redirect_to forum_forum_topics_path, notice: "Connecté !"
+      
+      
+      
+      
     else
       flash.now.alert = "Email ou mot de passe incorect"
       render "new"
@@ -19,7 +31,7 @@ class Forum::AuthsController < ApplicationController
   end
 
   def destroy
-    session[:forum_user_id] = nil
+    cookies.delete(:forum_auth_token)
     redirect_to forum_forum_users_path, notice: "Déconnecté."
   end
 end

app/controllers/forum/password_resets_controller.rb

@@ -0,0 +1,52 @@
+# -*- encoding : utf-8 -*-
+class Forum::PasswordResetsController < ApplicationController
+  layout "connexion"
+  
+  def new
+    @forum = true
+  end
+
+  def create
+    @forum = true
+    forum_user = ForumUser.find_by_email(params[:email])
+    if forum_user
+      forum_user.reset_password_token = SecureRandom.urlsafe_base64(nil, false)
+      forum_user.reset_password_sent_at  = Time.now
+      forum_user.save
+      ForumMails.reset_password(forum_user).deliver
+      redirect_to forum_forum_topics_path, notice: "Un message vient de vous être envoyé avec un lien pour réinitialiser votre mot de passe."
+    else
+      flash.now.alert = "Email incorect"
+      render "new"
+    end
+  end
+
+  def edit
+    @forum = true
+    
+    @forum_user = ForumUser.find_by_reset_password_token(params[:id])
+    
+    if @forum_user and @forum_user.reset_password_sent_at > Time.now - 1.day
+      
+    else
+      
+    end
+  end
+  
+  def update
+    @forum = true
+    
+    @forum_user = ForumUser.find_by_reset_password_token(params[:id])
+    
+    if @forum_user.update_attributes(params.require(:forum_user).permit(:password, :password_confirmation))
+      redirect_to forum_forum_topics_path, :notice => "Votre mot de passe a bien été changé, vous pouvez vous connecter dès maintenant."
+        
+  	else
+  		render :action => "edit" 
+  	end
+    
+    
+    
+  end
+  
+end

app/mailers/forum_mails.rb

@@ -0,0 +1,16 @@
+class ForumMails < ActionMailer::Base
+  layout 'mail'
+  
+  default from: "Le Pic Vert <contact@lepicvert.asso.fr>"
+
+  def reset_password(forum_user, options = {})
+    @forum_user = forum_user
+    @options = options
+    mail(:to => forum_user.email, :from => @from, :subject => "Réinitialisation de votre mot de passe.")
+  end
+
+
+  
+  
+  
+end

app/models/forum_user.rb

@@ -14,7 +14,18 @@ class ForumUser < ActiveRecord::Base
   
   has_many :images, :class_name => "ForumUserImage", :order => "created_at DESC"
   belongs_to :sheet
+  
+  before_create { generate_token(:auth_token) }
+  attr_accessor :skip_sheet_validation
+
+  def generate_token(column)
+    begin
+      self[column] = SecureRandom.urlsafe_base64
+    end while ForumUser.exists?(column => self[column])
+  end
+  
   before_validation do
+    if !skip_sheet_validation
       if sheet_number?
         @sheet = Sheet.where(:sheet_number => sheet_number).first
         if !@sheet
@@ -38,3 +49,4 @@ class ForumUser < ActiveRecord::Base
       end
     end
   end
+end

app/views/forum/auths/new.haml

@@ -9,10 +9,15 @@
   %p
     = label_tag :password, "Mot de passe :"
     = password_field_tag :password 
+  %p
+    =check_box_tag :remember_me, 1,params[:remember_me]
+    = label_tag :password, "Rester connecter ?"
  
   %p= submit_tag "Se connecter", :class => "btn btn-primary" 
   
   %p
     Pas encore inscrit ?
     =link_to "M'inscrire.", new_forum_forum_user_path
+    ="-"
+    =link_to "Mot de passe perdu ?", new_forum_password_reset_path
   

app/views/forum/password_resets/edit.haml

@@ -0,0 +1,13 @@
+=image_tag("logo.png", :style => "width:200px;display:block;margin:auto;margin-bottom:2em;")
+
+%h1 Mot de passe perdu
+%p Vous pouvez définir votre nouveau mot de passe ci-dessous :
+= semantic_form_for @forum_user, :url => forum_password_reset_path(params[:id]) do |f| 
+  =f.inputs do 
+
+    = f.input :password, :label => "Mot de passe"
+    = f.input :password_confirmation, :label => "Confirmation"
+    
+  %br
+  =f.submit "Sauvegarder", :class => "btn btn-primary"
+      

app/views/forum/password_resets/new.haml

@@ -0,0 +1,17 @@
+=image_tag("logo.png", :style => "width:200px;display:block;margin:auto;margin-bottom:2em;")
+
+%h1 Mot de passe perdu
+
+= form_tag forum_password_resets_path do
+  %p
+    = label_tag :email, "email :"
+    = text_field_tag :email, params[:email]
+ 
+  %p= submit_tag "Se connecter", :class => "btn btn-primary" 
+  
+  %p
+    
+    =link_to "Pas encore inscrit ?", new_forum_forum_user_path
+    ="-"
+    =link_to "Connexion", new_forum_auth_path
+  

app/views/forum_mails/reset_password.html.haml

@@ -0,0 +1,11 @@
+%p
+  Bonjour,
+%p
+  Vous avez fait une demande sur le forum de l'association "Le Pic Vert" pour réinitialiser votre mot de passe.
+%p
+  Vous pouvez suivre ce lien pour définir votre nouveau mot de passe :
+%p{:style => "text-align:center;"}
+  -url = edit_forum_password_reset_url(:id => @forum_user.reset_password_token)
+  =link_to url, url
+%p A bientôt !
+%p L'équipe du forum.

config/routes.rb

@@ -71,6 +71,7 @@ Survey::Application.routes.draw do
     resources :forums
     resources :forum_categories
     resources :forum_users
+    resources :password_resets
     resources :forum_user_images do
       member do
         get :rotate

db/migrate/20140619095558_add_auth_token_to_forum_users.rb

@@ -0,0 +1,13 @@
+class AddAuthTokenToForumUsers < ActiveRecord::Migration
+  def change
+    add_column :forum_users, :auth_token, :string
+    
+    ForumUser.all.each do |fu|
+      fu.generate_token(:auth_token)
+      
+      fu.skip_sheet_validation = true
+      fu.save
+      
+    end
+  end
+end

db/schema.rb

@@ -11,7 +11,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 20140413122412) do
+ActiveRecord::Schema.define(version: 20140619095558) do
 
   create_table "admins", force: true do |t|
     t.string   "email",                  default: "", null: false
@@ -131,6 +131,7 @@ ActiveRecord::Schema.define(version: 20140413122412) do
     t.datetime "last_new_message_notification"
     t.boolean  "new_message_on_my_topics_notification"
     t.datetime "last_new_message_on_my_topics_notification"
+    t.string   "auth_token"
   end
 
   create_table "forums", force: true do |t|