From 685b28714bc97dafc7df189b286bd95986ade0df Mon Sep 17 00:00:00 2001
From: spengreb <spengreb@gmail.com>
Date: Sun, 12 Jan 2020 18:59:46 +0100
Subject: [PATCH] Readd authorization

---
 config/routes.rb    |  12 ++--
 log/development.log | 172 ++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 176 insertions(+), 8 deletions(-)

diff --git a/config/routes.rb b/config/routes.rb
index 94888c6..cc605e2 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -16,12 +16,8 @@ Rails.application.routes.draw do
 
   resources :users
   
-  # ** TO DO ** #
-  # Pls activate again when you've made this more secure
-  # I dont think its a good idea to send passwords over plaintext
-  
-  # resources :user_profiles
-  # post 'login', to: 'authentication#authenticate'
-  # post 'register', to: 'users#create'
-  # ** TODO ** #
+  resources :user_profiles
+  post 'login', to: 'authentication#authenticate'
+  post 'register', to: 'users#create'
+
 end
diff --git a/log/development.log b/log/development.log
index 0e179e6..6226df9 100644
--- a/log/development.log
+++ b/log/development.log
@@ -2466,3 +2466,175 @@ Processing by VouchersController#index as */*
 Completed 200 OK in 122ms (Views: 0.2ms | ActiveRecord: 1.7ms | Allocations: 5452)
 
 
+  [1m[35m (0.4ms)[0m  [1m[35mSET  @@SESSION.sql_mode = CONCAT(CONCAT(@@sql_mode, ',STRICT_ALL_TABLES'), ',NO_AUTO_VALUE_ON_ZERO'),  @@SESSION.sql_auto_is_null = 0, @@SESSION.wait_timeout = 2147483[0m
+  [1m[35m (0.3ms)[0m  [1m[35mCREATE DATABASE `vereto-api-dev` DEFAULT CHARACTER SET `utf8mb4`[0m
+  [1m[35m (0.2ms)[0m  [1m[35mSET  @@SESSION.sql_mode = CONCAT(CONCAT(@@sql_mode, ',STRICT_ALL_TABLES'), ',NO_AUTO_VALUE_ON_ZERO'),  @@SESSION.sql_auto_is_null = 0, @@SESSION.wait_timeout = 2147483[0m
+  [1m[35m (0.4ms)[0m  [1m[35mCREATE DATABASE `vereto-api-test` DEFAULT CHARACTER SET `utf8mb4`[0m
+  [1m[35m (0.3ms)[0m  [1m[35mSET  @@SESSION.sql_mode = CONCAT(CONCAT(@@sql_mode, ',STRICT_ALL_TABLES'), ',NO_AUTO_VALUE_ON_ZERO'),  @@SESSION.sql_auto_is_null = 0, @@SESSION.wait_timeout = 2147483[0m
+  [1m[35m (11.1ms)[0m  [1m[35mCREATE TABLE `schema_migrations` (`version` varchar(255) NOT NULL PRIMARY KEY)[0m
+  [1m[35m (2.3ms)[0m  [1m[35mCREATE TABLE `ar_internal_metadata` (`key` varchar(255) NOT NULL PRIMARY KEY, `value` varchar(255), `created_at` datetime(6) NOT NULL, `updated_at` datetime(6) NOT NULL)[0m
+  [1m[35m (0.1ms)[0m  [1m[34mSELECT GET_LOCK('1433072424460498080', 0)[0m
+  [1m[35m (0.4ms)[0m  [1m[34mSELECT `schema_migrations`.`version` FROM `schema_migrations` ORDER BY `schema_migrations`.`version` ASC[0m
+Migrating to CreateUsers (20180216131546)
+  [1m[35m (11.5ms)[0m  [1m[35mCREATE TABLE `users` (`id` bigint NOT NULL AUTO_INCREMENT PRIMARY KEY, `name` varchar(255), `email` varchar(255), `password_digest` varchar(255), `created_at` datetime NOT NULL, `updated_at` datetime NOT NULL) ENGINE=InnoDB[0m
+  [1m[35m (0.2ms)[0m  [1m[35mBEGIN[0m
+  [1m[36mprimary::SchemaMigration Create (0.5ms)[0m  [1m[32mINSERT INTO `schema_migrations` (`version`) VALUES ('20180216131546')[0m
+  [1m[35m (1.0ms)[0m  [1m[35mCOMMIT[0m
+Migrating to CreateArticles (20180219100642)
+  [1m[35m (3.0ms)[0m  [1m[35mCREATE TABLE `articles` (`id` bigint NOT NULL AUTO_INCREMENT PRIMARY KEY, `title` varchar(255), `post` text, `user_id` bigint, `created_at` datetime NOT NULL, `updated_at` datetime NOT NULL,  INDEX `index_articles_on_user_id`  (`user_id`), CONSTRAINT `fk_rails_3d31dad1cc`
+FOREIGN KEY (`user_id`)
+  REFERENCES `users` (`id`)
+) ENGINE=InnoDB[0m
+  [1m[35m (0.3ms)[0m  [1m[35mBEGIN[0m
+  [1m[36mprimary::SchemaMigration Create (0.5ms)[0m  [1m[32mINSERT INTO `schema_migrations` (`version`) VALUES ('20180219100642')[0m
+  [1m[35m (0.3ms)[0m  [1m[35mCOMMIT[0m
+Migrating to CreateComments (20180222154430)
+  [1m[35m (6.4ms)[0m  [1m[35mCREATE TABLE `comments` (`id` bigint NOT NULL AUTO_INCREMENT PRIMARY KEY, `content` text, `article_id` bigint, `user_id` bigint, `created_at` datetime NOT NULL, `updated_at` datetime NOT NULL,  INDEX `index_comments_on_article_id`  (`article_id`),  INDEX `index_comments_on_user_id`  (`user_id`), CONSTRAINT `fk_rails_3bf61a60d3`
+FOREIGN KEY (`article_id`)
+  REFERENCES `articles` (`id`)
+, CONSTRAINT `fk_rails_03de2dc08c`
+FOREIGN KEY (`user_id`)
+  REFERENCES `users` (`id`)
+) ENGINE=InnoDB[0m
+  [1m[35m (0.2ms)[0m  [1m[35mBEGIN[0m
+  [1m[36mprimary::SchemaMigration Create (0.8ms)[0m  [1m[32mINSERT INTO `schema_migrations` (`version`) VALUES ('20180222154430')[0m
+  [1m[35m (1.4ms)[0m  [1m[35mCOMMIT[0m
+Migrating to CreateUserProfiles (20190214142704)
+  [1m[35m (4.1ms)[0m  [1m[35mCREATE TABLE `user_profiles` (`id` bigint NOT NULL AUTO_INCREMENT PRIMARY KEY, `avatar` varchar(255), `tagline` varchar(255), `dob` date, `role` varchar(255), `user_id` bigint, `created_at` datetime NOT NULL, `updated_at` datetime NOT NULL,  INDEX `index_user_profiles_on_user_id`  (`user_id`), CONSTRAINT `fk_rails_87a6352e58`
+FOREIGN KEY (`user_id`)
+  REFERENCES `users` (`id`)
+)[0m
+  [1m[35m (0.2ms)[0m  [1m[35mBEGIN[0m
+  [1m[36mprimary::SchemaMigration Create (0.6ms)[0m  [1m[32mINSERT INTO `schema_migrations` (`version`) VALUES ('20190214142704')[0m
+  [1m[35m (0.6ms)[0m  [1m[35mCOMMIT[0m
+Migrating to CreateVouchers (20190927154659)
+  [1m[35m (2.5ms)[0m  [1m[35mCREATE TABLE `vouchers` (`id` bigint NOT NULL AUTO_INCREMENT PRIMARY KEY, `voucher` varchar(255), `vouchee` varchar(255), `accepted` tinyint(1), `created_at` datetime(6) NOT NULL, `updated_at` datetime(6) NOT NULL)[0m
+  [1m[35m (0.2ms)[0m  [1m[35mBEGIN[0m
+  [1m[36mprimary::SchemaMigration Create (0.4ms)[0m  [1m[32mINSERT INTO `schema_migrations` (`version`) VALUES ('20190927154659')[0m
+  [1m[35m (1.1ms)[0m  [1m[35mCOMMIT[0m
+  [1m[36mActiveRecord::InternalMetadata Load (1.0ms)[0m  [1m[34mSELECT `ar_internal_metadata`.* FROM `ar_internal_metadata` WHERE `ar_internal_metadata`.`key` = 'environment' LIMIT 1[0m
+  [1m[35m (0.2ms)[0m  [1m[35mBEGIN[0m
+  [1m[36mActiveRecord::InternalMetadata Create (0.3ms)[0m  [1m[32mINSERT INTO `ar_internal_metadata` (`key`, `value`, `created_at`, `updated_at`) VALUES ('environment', 'development', '2020-01-12 17:43:50.689951', '2020-01-12 17:43:50.689951')[0m
+  [1m[35m (1.7ms)[0m  [1m[35mCOMMIT[0m
+  [1m[35m (1.2ms)[0m  [1m[34mSELECT RELEASE_LOCK('1433072424460498080')[0m
+  [1m[35m (0.3ms)[0m  [1m[35mSET  @@SESSION.sql_mode = CONCAT(CONCAT(@@sql_mode, ',STRICT_ALL_TABLES'), ',NO_AUTO_VALUE_ON_ZERO'),  @@SESSION.sql_auto_is_null = 0, @@SESSION.wait_timeout = 2147483[0m
+  [1m[35m (0.3ms)[0m  [1m[34mSELECT `schema_migrations`.`version` FROM `schema_migrations` ORDER BY `schema_migrations`.`version` ASC[0m
+Started POST "/login" for 127.0.0.1 at 2020-01-12 18:44:49 +0100
+  [1m[35m (0.5ms)[0m  [1m[35mSET  @@SESSION.sql_mode = CONCAT(CONCAT(@@sql_mode, ',STRICT_ALL_TABLES'), ',NO_AUTO_VALUE_ON_ZERO'),  @@SESSION.sql_auto_is_null = 0, @@SESSION.wait_timeout = 2147483[0m
+  [1m[35m (0.7ms)[0m  [1m[34mSELECT `schema_migrations`.`version` FROM `schema_migrations` ORDER BY `schema_migrations`.`version` ASC[0m
+Processing by AuthenticationController#authenticate as HTML
+  Parameters: {"email"=>"conor@manusit.com", "password"=>"[FILTERED]", "authentication"=>{"email"=>"conor@manusit.com", "password"=>"[FILTERED]"}}
+[31mUnpermitted parameter: :authentication[0m
+[31mUnpermitted parameter: :authentication[0m
+  [1m[36mUser Load (0.4ms)[0m  [1m[34mSELECT `users`.* FROM `users` WHERE `users`.`email` = 'conor@manusit.com' LIMIT 1[0m
+  ↳ app/auth/authenticate_user.rb:17:in `user'
+Completed 401 Unauthorized in 16ms (Views: 0.5ms | ActiveRecord: 1.0ms | Allocations: 5898)
+
+
+Started GET "/" for ::1 at 2020-01-12 18:50:57 +0100
+  [1m[35m (8.9ms)[0m  [1m[35mSET  @@SESSION.sql_mode = CONCAT(CONCAT(@@sql_mode, ',STRICT_ALL_TABLES'), ',NO_AUTO_VALUE_ON_ZERO'),  @@SESSION.sql_auto_is_null = 0, @@SESSION.wait_timeout = 2147483[0m
+Processing by Rails::WelcomeController#index as */*
+  Rendering /home/baron/.rbenv/versions/2.6.4/lib/ruby/gems/2.6.0/gems/railties-6.0.0/lib/rails/templates/rails/welcome/index.html.erb
+  Rendered /home/baron/.rbenv/versions/2.6.4/lib/ruby/gems/2.6.0/gems/railties-6.0.0/lib/rails/templates/rails/welcome/index.html.erb (Duration: 16.4ms | Allocations: 579)
+Completed 200 OK in 44ms (Views: 27.4ms | ActiveRecord: 0.0ms | Allocations: 3160)
+
+
+Started POST "/login" for 127.0.0.1 at 2020-01-12 18:52:42 +0100
+Processing by AuthenticationController#authenticate as HTML
+  Parameters: {"email"=>"conor@manusit.com", "password"=>"[FILTERED]", "authentication"=>{"email"=>"conor@manusit.com", "password"=>"[FILTERED]"}}
+[31mUnpermitted parameter: :authentication[0m
+[31mUnpermitted parameter: :authentication[0m
+  [1m[36mUser Load (14.2ms)[0m  [1m[34mSELECT `users`.* FROM `users` WHERE `users`.`email` = 'conor@manusit.com' LIMIT 1[0m
+  ↳ app/auth/authenticate_user.rb:17:in `user'
+Completed 401 Unauthorized in 22ms (Views: 0.3ms | ActiveRecord: 14.2ms | Allocations: 819)
+
+
+Started POST "/register?email=conor@manusit.com&name=conor&password=[FILTERED]&password_confirmation=[FILTERED]" for ::1 at 2020-01-12 18:54:54 +0100
+Processing by UsersController#create as */*
+  Parameters: {"email"=>"conor@manusit.com", "name"=>"conor", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]"}
+DEPRECATION WARNING: Uniqueness validator will no longer enforce case sensitive comparison in Rails 6.1. To continue case sensitive comparison on the :email attribute in User model, pass `case_sensitive: true` option explicitly to the uniqueness validator. (called from create at /home/baron/dev/gitlab.com/spengreb/vereto-api/app/controllers/users_controller.rb:8)
+  [1m[35m (1.5ms)[0m  [1m[35mBEGIN[0m
+  ↳ app/controllers/users_controller.rb:8:in `create'
+  [1m[36mUser Exists? (1.4ms)[0m  [1m[34mSELECT 1 AS one FROM `users` WHERE `users`.`email` = BINARY 'conor@manusit.com' LIMIT 1[0m
+  ↳ app/controllers/users_controller.rb:8:in `create'
+  [1m[36mUser Create (5.8ms)[0m  [1m[32mINSERT INTO `users` (`name`, `email`, `password_digest`, `created_at`, `updated_at`) VALUES ('conor', 'conor@manusit.com', '$2a$12$dMKD0xTOTw1Nrsey/bKjHehcRGntSFdQKGdGtSb4d4081nDXTvGge', '2020-01-12 17:54:54', '2020-01-12 17:54:54')[0m
+  ↳ app/controllers/users_controller.rb:8:in `create'
+  [1m[35m (14.2ms)[0m  [1m[35mCOMMIT[0m
+  ↳ app/controllers/users_controller.rb:8:in `create'
+  [1m[36mUser Load (1.2ms)[0m  [1m[34mSELECT `users`.* FROM `users` WHERE `users`.`email` = 'conor@manusit.com' LIMIT 1[0m
+  ↳ app/auth/authenticate_user.rb:17:in `user'
+  [1m[36mCACHE User Load (0.0ms)[0m  [1m[34mSELECT `users`.* FROM `users` WHERE `users`.`email` = 'conor@manusit.com' LIMIT 1[0m  [["email", "conor@manusit.com"], ["LIMIT", 1]]
+  ↳ app/auth/authenticate_user.rb:17:in `user'
+Completed 201 Created in 910ms (Views: 0.2ms | ActiveRecord: 32.6ms | Allocations: 9181)
+
+
+Started POST "/login" for 127.0.0.1 at 2020-01-12 18:55:03 +0100
+Processing by AuthenticationController#authenticate as HTML
+  Parameters: {"email"=>"conor@manusit.com", "password"=>"[FILTERED]", "authentication"=>{"email"=>"conor@manusit.com", "password"=>"[FILTERED]"}}
+[31mUnpermitted parameter: :authentication[0m
+[31mUnpermitted parameter: :authentication[0m
+  [1m[36mUser Load (7.4ms)[0m  [1m[34mSELECT `users`.* FROM `users` WHERE `users`.`email` = 'conor@manusit.com' LIMIT 1[0m
+  ↳ app/auth/authenticate_user.rb:17:in `user'
+  [1m[36mCACHE User Load (0.0ms)[0m  [1m[34mSELECT `users`.* FROM `users` WHERE `users`.`email` = 'conor@manusit.com' LIMIT 1[0m  [["email", "conor@manusit.com"], ["LIMIT", 1]]
+  ↳ app/auth/authenticate_user.rb:17:in `user'
+[31mUnpermitted parameter: :authentication[0m
+  [1m[36mCACHE User Load (0.0ms)[0m  [1m[34mSELECT `users`.* FROM `users` WHERE `users`.`email` = 'conor@manusit.com' LIMIT 1[0m  [["email", "conor@manusit.com"], ["LIMIT", 1]]
+  ↳ app/controllers/authentication_controller.rb:7:in `authenticate'
+Completed 200 OK in 573ms (Views: 0.5ms | ActiveRecord: 7.4ms | Allocations: 2073)
+
+
+Started POST "/login" for 127.0.0.1 at 2020-01-12 18:55:42 +0100
+Processing by AuthenticationController#authenticate as HTML
+  Parameters: {"email"=>"conor@manusit.com", "password"=>"[FILTERED]", "authentication"=>{"email"=>"conor@manusit.com", "password"=>"[FILTERED]"}}
+[31mUnpermitted parameter: :authentication[0m
+[31mUnpermitted parameter: :authentication[0m
+  [1m[36mUser Load (1.3ms)[0m  [1m[34mSELECT `users`.* FROM `users` WHERE `users`.`email` = 'conor@manusit.com' LIMIT 1[0m
+  ↳ app/auth/authenticate_user.rb:17:in `user'
+  [1m[36mCACHE User Load (0.0ms)[0m  [1m[34mSELECT `users`.* FROM `users` WHERE `users`.`email` = 'conor@manusit.com' LIMIT 1[0m  [["email", "conor@manusit.com"], ["LIMIT", 1]]
+  ↳ app/auth/authenticate_user.rb:17:in `user'
+[31mUnpermitted parameter: :authentication[0m
+  [1m[36mCACHE User Load (0.0ms)[0m  [1m[34mSELECT `users`.* FROM `users` WHERE `users`.`email` = 'conor@manusit.com' LIMIT 1[0m  [["email", "conor@manusit.com"], ["LIMIT", 1]]
+  ↳ app/controllers/authentication_controller.rb:7:in `authenticate'
+Completed 200 OK in 562ms (Views: 0.5ms | ActiveRecord: 1.3ms | Allocations: 2055)
+
+
+Started POST "/login" for 127.0.0.1 at 2020-01-12 18:58:32 +0100
+Processing by AuthenticationController#authenticate as HTML
+  Parameters: {"email"=>"sdf", "password"=>"[FILTERED]", "authentication"=>{"email"=>"sdf", "password"=>"[FILTERED]"}}
+[31mUnpermitted parameter: :authentication[0m
+[31mUnpermitted parameter: :authentication[0m
+  [1m[36mUser Load (23.8ms)[0m  [1m[34mSELECT `users`.* FROM `users` WHERE `users`.`email` = 'sdf' LIMIT 1[0m
+  ↳ app/auth/authenticate_user.rb:17:in `user'
+Completed 401 Unauthorized in 32ms (Views: 1.4ms | ActiveRecord: 23.8ms | Allocations: 804)
+
+
+Started POST "/login" for 127.0.0.1 at 2020-01-12 18:58:57 +0100
+Processing by AuthenticationController#authenticate as HTML
+  Parameters: {"email"=>"conor@manusit.com", "password"=>"[FILTERED]", "authentication"=>{"email"=>"conor@manusit.com", "password"=>"[FILTERED]"}}
+[31mUnpermitted parameter: :authentication[0m
+[31mUnpermitted parameter: :authentication[0m
+  [1m[36mUser Load (0.5ms)[0m  [1m[34mSELECT `users`.* FROM `users` WHERE `users`.`email` = 'conor@manusit.com' LIMIT 1[0m
+  ↳ app/auth/authenticate_user.rb:17:in `user'
+  [1m[36mCACHE User Load (0.0ms)[0m  [1m[34mSELECT `users`.* FROM `users` WHERE `users`.`email` = 'conor@manusit.com' LIMIT 1[0m  [["email", "conor@manusit.com"], ["LIMIT", 1]]
+  ↳ app/auth/authenticate_user.rb:17:in `user'
+[31mUnpermitted parameter: :authentication[0m
+  [1m[36mCACHE User Load (0.0ms)[0m  [1m[34mSELECT `users`.* FROM `users` WHERE `users`.`email` = 'conor@manusit.com' LIMIT 1[0m  [["email", "conor@manusit.com"], ["LIMIT", 1]]
+  ↳ app/controllers/authentication_controller.rb:7:in `authenticate'
+Completed 200 OK in 566ms (Views: 0.7ms | ActiveRecord: 0.5ms | Allocations: 2071)
+
+
+Started POST "/login" for 127.0.0.1 at 2020-01-12 18:59:08 +0100
+Processing by AuthenticationController#authenticate as HTML
+  Parameters: {"email"=>"conor@manusit.com", "password"=>"[FILTERED]", "authentication"=>{"email"=>"conor@manusit.com", "password"=>"[FILTERED]"}}
+[31mUnpermitted parameter: :authentication[0m
+[31mUnpermitted parameter: :authentication[0m
+  [1m[36mUser Load (1.3ms)[0m  [1m[34mSELECT `users`.* FROM `users` WHERE `users`.`email` = 'conor@manusit.com' LIMIT 1[0m
+  ↳ app/auth/authenticate_user.rb:17:in `user'
+  [1m[36mCACHE User Load (0.1ms)[0m  [1m[34mSELECT `users`.* FROM `users` WHERE `users`.`email` = 'conor@manusit.com' LIMIT 1[0m  [["email", "conor@manusit.com"], ["LIMIT", 1]]
+  ↳ app/auth/authenticate_user.rb:17:in `user'
+[31mUnpermitted parameter: :authentication[0m
+  [1m[36mCACHE User Load (0.0ms)[0m  [1m[34mSELECT `users`.* FROM `users` WHERE `users`.`email` = 'conor@manusit.com' LIMIT 1[0m  [["email", "conor@manusit.com"], ["LIMIT", 1]]
+  ↳ app/controllers/authentication_controller.rb:7:in `authenticate'
+Completed 200 OK in 582ms (Views: 0.4ms | ActiveRecord: 1.5ms | Allocations: 2056)
+
+