Readd authorization

config/routes.rb

@@ -16,12 +16,8 @@ Rails.application.routes.draw do
 
   resources :users
   
-  # ** TO DO ** #
-  # Pls activate again when you've made this more secure
-  # I dont think its a good idea to send passwords over plaintext
+  resources :user_profiles
+  post 'login', to: 'authentication#authenticate'
+  post 'register', to: 'users#create'
 
-  # resources :user_profiles
-  # post 'login', to: 'authentication#authenticate'
-  # post 'register', to: 'users#create'
-  # ** TODO ** #
 end

log/development.log

@@ -2466,3 +2466,175 @@ Processing by VouchersController#index as */*
 Completed 200 OK in 122ms (Views: 0.2ms | ActiveRecord: 1.7ms | Allocations: 5452)
 
 
+   (0.4ms)  SET  @@SESSION.sql_mode = CONCAT(CONCAT(@@sql_mode, ',STRICT_ALL_TABLES'), ',NO_AUTO_VALUE_ON_ZERO'),  @@SESSION.sql_auto_is_null = 0, @@SESSION.wait_timeout = 2147483
+   (0.3ms)  CREATE DATABASE `vereto-api-dev` DEFAULT CHARACTER SET `utf8mb4`
+   (0.2ms)  SET  @@SESSION.sql_mode = CONCAT(CONCAT(@@sql_mode, ',STRICT_ALL_TABLES'), ',NO_AUTO_VALUE_ON_ZERO'),  @@SESSION.sql_auto_is_null = 0, @@SESSION.wait_timeout = 2147483
+   (0.4ms)  CREATE DATABASE `vereto-api-test` DEFAULT CHARACTER SET `utf8mb4`
+   (0.3ms)  SET  @@SESSION.sql_mode = CONCAT(CONCAT(@@sql_mode, ',STRICT_ALL_TABLES'), ',NO_AUTO_VALUE_ON_ZERO'),  @@SESSION.sql_auto_is_null = 0, @@SESSION.wait_timeout = 2147483
+   (11.1ms)  CREATE TABLE `schema_migrations` (`version` varchar(255) NOT NULL PRIMARY KEY)
+   (2.3ms)  CREATE TABLE `ar_internal_metadata` (`key` varchar(255) NOT NULL PRIMARY KEY, `value` varchar(255), `created_at` datetime(6) NOT NULL, `updated_at` datetime(6) NOT NULL)
+   (0.1ms)  SELECT GET_LOCK('1433072424460498080', 0)
+   (0.4ms)  SELECT `schema_migrations`.`version` FROM `schema_migrations` ORDER BY `schema_migrations`.`version` ASC
+Migrating to CreateUsers (20180216131546)
+   (11.5ms)  CREATE TABLE `users` (`id` bigint NOT NULL AUTO_INCREMENT PRIMARY KEY, `name` varchar(255), `email` varchar(255), `password_digest` varchar(255), `created_at` datetime NOT NULL, `updated_at` datetime NOT NULL) ENGINE=InnoDB
+   (0.2ms)  BEGIN
+  primary::SchemaMigration Create (0.5ms)  INSERT INTO `schema_migrations` (`version`) VALUES ('20180216131546')
+   (1.0ms)  COMMIT
+Migrating to CreateArticles (20180219100642)
+   (3.0ms)  CREATE TABLE `articles` (`id` bigint NOT NULL AUTO_INCREMENT PRIMARY KEY, `title` varchar(255), `post` text, `user_id` bigint, `created_at` datetime NOT NULL, `updated_at` datetime NOT NULL,  INDEX `index_articles_on_user_id`  (`user_id`), CONSTRAINT `fk_rails_3d31dad1cc`
+FOREIGN KEY (`user_id`)
+  REFERENCES `users` (`id`)
+) ENGINE=InnoDB
+   (0.3ms)  BEGIN
+  primary::SchemaMigration Create (0.5ms)  INSERT INTO `schema_migrations` (`version`) VALUES ('20180219100642')
+   (0.3ms)  COMMIT
+Migrating to CreateComments (20180222154430)
+   (6.4ms)  CREATE TABLE `comments` (`id` bigint NOT NULL AUTO_INCREMENT PRIMARY KEY, `content` text, `article_id` bigint, `user_id` bigint, `created_at` datetime NOT NULL, `updated_at` datetime NOT NULL,  INDEX `index_comments_on_article_id`  (`article_id`),  INDEX `index_comments_on_user_id`  (`user_id`), CONSTRAINT `fk_rails_3bf61a60d3`
+FOREIGN KEY (`article_id`)
+  REFERENCES `articles` (`id`)
+, CONSTRAINT `fk_rails_03de2dc08c`
+FOREIGN KEY (`user_id`)
+  REFERENCES `users` (`id`)
+) ENGINE=InnoDB
+   (0.2ms)  BEGIN
+  primary::SchemaMigration Create (0.8ms)  INSERT INTO `schema_migrations` (`version`) VALUES ('20180222154430')
+   (1.4ms)  COMMIT
+Migrating to CreateUserProfiles (20190214142704)
+   (4.1ms)  CREATE TABLE `user_profiles` (`id` bigint NOT NULL AUTO_INCREMENT PRIMARY KEY, `avatar` varchar(255), `tagline` varchar(255), `dob` date, `role` varchar(255), `user_id` bigint, `created_at` datetime NOT NULL, `updated_at` datetime NOT NULL,  INDEX `index_user_profiles_on_user_id`  (`user_id`), CONSTRAINT `fk_rails_87a6352e58`
+FOREIGN KEY (`user_id`)
+  REFERENCES `users` (`id`)
+)
+   (0.2ms)  BEGIN
+  primary::SchemaMigration Create (0.6ms)  INSERT INTO `schema_migrations` (`version`) VALUES ('20190214142704')
+   (0.6ms)  COMMIT
+Migrating to CreateVouchers (20190927154659)
+   (2.5ms)  CREATE TABLE `vouchers` (`id` bigint NOT NULL AUTO_INCREMENT PRIMARY KEY, `voucher` varchar(255), `vouchee` varchar(255), `accepted` tinyint(1), `created_at` datetime(6) NOT NULL, `updated_at` datetime(6) NOT NULL)
+   (0.2ms)  BEGIN
+  primary::SchemaMigration Create (0.4ms)  INSERT INTO `schema_migrations` (`version`) VALUES ('20190927154659')
+   (1.1ms)  COMMIT
+  ActiveRecord::InternalMetadata Load (1.0ms)  SELECT `ar_internal_metadata`.* FROM `ar_internal_metadata` WHERE `ar_internal_metadata`.`key` = 'environment' LIMIT 1
+   (0.2ms)  BEGIN
+  ActiveRecord::InternalMetadata Create (0.3ms)  INSERT INTO `ar_internal_metadata` (`key`, `value`, `created_at`, `updated_at`) VALUES ('environment', 'development', '2020-01-12 17:43:50.689951', '2020-01-12 17:43:50.689951')
+   (1.7ms)  COMMIT
+   (1.2ms)  SELECT RELEASE_LOCK('1433072424460498080')
+   (0.3ms)  SET  @@SESSION.sql_mode = CONCAT(CONCAT(@@sql_mode, ',STRICT_ALL_TABLES'), ',NO_AUTO_VALUE_ON_ZERO'),  @@SESSION.sql_auto_is_null = 0, @@SESSION.wait_timeout = 2147483
+   (0.3ms)  SELECT `schema_migrations`.`version` FROM `schema_migrations` ORDER BY `schema_migrations`.`version` ASC
+Started POST "/login" for 127.0.0.1 at 2020-01-12 18:44:49 +0100
+   (0.5ms)  SET  @@SESSION.sql_mode = CONCAT(CONCAT(@@sql_mode, ',STRICT_ALL_TABLES'), ',NO_AUTO_VALUE_ON_ZERO'),  @@SESSION.sql_auto_is_null = 0, @@SESSION.wait_timeout = 2147483
+   (0.7ms)  SELECT `schema_migrations`.`version` FROM `schema_migrations` ORDER BY `schema_migrations`.`version` ASC
+Processing by AuthenticationController#authenticate as HTML
+  Parameters: {"email"=>"conor@manusit.com", "password"=>"[FILTERED]", "authentication"=>{"email"=>"conor@manusit.com", "password"=>"[FILTERED]"}}
+Unpermitted parameter: :authentication
+Unpermitted parameter: :authentication
+  User Load (0.4ms)  SELECT `users`.* FROM `users` WHERE `users`.`email` = 'conor@manusit.com' LIMIT 1
+  ↳ app/auth/authenticate_user.rb:17:in `user'
+Completed 401 Unauthorized in 16ms (Views: 0.5ms | ActiveRecord: 1.0ms | Allocations: 5898)
+
+
+Started GET "/" for ::1 at 2020-01-12 18:50:57 +0100
+   (8.9ms)  SET  @@SESSION.sql_mode = CONCAT(CONCAT(@@sql_mode, ',STRICT_ALL_TABLES'), ',NO_AUTO_VALUE_ON_ZERO'),  @@SESSION.sql_auto_is_null = 0, @@SESSION.wait_timeout = 2147483
+Processing by Rails::WelcomeController#index as */*
+  Rendering /home/baron/.rbenv/versions/2.6.4/lib/ruby/gems/2.6.0/gems/railties-6.0.0/lib/rails/templates/rails/welcome/index.html.erb
+  Rendered /home/baron/.rbenv/versions/2.6.4/lib/ruby/gems/2.6.0/gems/railties-6.0.0/lib/rails/templates/rails/welcome/index.html.erb (Duration: 16.4ms | Allocations: 579)
+Completed 200 OK in 44ms (Views: 27.4ms | ActiveRecord: 0.0ms | Allocations: 3160)
+
+
+Started POST "/login" for 127.0.0.1 at 2020-01-12 18:52:42 +0100
+Processing by AuthenticationController#authenticate as HTML
+  Parameters: {"email"=>"conor@manusit.com", "password"=>"[FILTERED]", "authentication"=>{"email"=>"conor@manusit.com", "password"=>"[FILTERED]"}}
+Unpermitted parameter: :authentication
+Unpermitted parameter: :authentication
+  User Load (14.2ms)  SELECT `users`.* FROM `users` WHERE `users`.`email` = 'conor@manusit.com' LIMIT 1
+  ↳ app/auth/authenticate_user.rb:17:in `user'
+Completed 401 Unauthorized in 22ms (Views: 0.3ms | ActiveRecord: 14.2ms | Allocations: 819)
+
+
+Started POST "/register?email=conor@manusit.com&name=conor&password=[FILTERED]&password_confirmation=[FILTERED]" for ::1 at 2020-01-12 18:54:54 +0100
+Processing by UsersController#create as */*
+  Parameters: {"email"=>"conor@manusit.com", "name"=>"conor", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]"}
+DEPRECATION WARNING: Uniqueness validator will no longer enforce case sensitive comparison in Rails 6.1. To continue case sensitive comparison on the :email attribute in User model, pass `case_sensitive: true` option explicitly to the uniqueness validator. (called from create at /home/baron/dev/gitlab.com/spengreb/vereto-api/app/controllers/users_controller.rb:8)
+   (1.5ms)  BEGIN
+  ↳ app/controllers/users_controller.rb:8:in `create'
+  User Exists? (1.4ms)  SELECT 1 AS one FROM `users` WHERE `users`.`email` = BINARY 'conor@manusit.com' LIMIT 1
+  ↳ app/controllers/users_controller.rb:8:in `create'
+  User Create (5.8ms)  INSERT INTO `users` (`name`, `email`, `password_digest`, `created_at`, `updated_at`) VALUES ('conor', 'conor@manusit.com', '$2a$12$dMKD0xTOTw1Nrsey/bKjHehcRGntSFdQKGdGtSb4d4081nDXTvGge', '2020-01-12 17:54:54', '2020-01-12 17:54:54')
+  ↳ app/controllers/users_controller.rb:8:in `create'
+   (14.2ms)  COMMIT
+  ↳ app/controllers/users_controller.rb:8:in `create'
+  User Load (1.2ms)  SELECT `users`.* FROM `users` WHERE `users`.`email` = 'conor@manusit.com' LIMIT 1
+  ↳ app/auth/authenticate_user.rb:17:in `user'
+  CACHE User Load (0.0ms)  SELECT `users`.* FROM `users` WHERE `users`.`email` = 'conor@manusit.com' LIMIT 1  [["email", "conor@manusit.com"], ["LIMIT", 1]]
+  ↳ app/auth/authenticate_user.rb:17:in `user'
+Completed 201 Created in 910ms (Views: 0.2ms | ActiveRecord: 32.6ms | Allocations: 9181)
+
+
+Started POST "/login" for 127.0.0.1 at 2020-01-12 18:55:03 +0100
+Processing by AuthenticationController#authenticate as HTML
+  Parameters: {"email"=>"conor@manusit.com", "password"=>"[FILTERED]", "authentication"=>{"email"=>"conor@manusit.com", "password"=>"[FILTERED]"}}
+Unpermitted parameter: :authentication
+Unpermitted parameter: :authentication
+  User Load (7.4ms)  SELECT `users`.* FROM `users` WHERE `users`.`email` = 'conor@manusit.com' LIMIT 1
+  ↳ app/auth/authenticate_user.rb:17:in `user'
+  CACHE User Load (0.0ms)  SELECT `users`.* FROM `users` WHERE `users`.`email` = 'conor@manusit.com' LIMIT 1  [["email", "conor@manusit.com"], ["LIMIT", 1]]
+  ↳ app/auth/authenticate_user.rb:17:in `user'
+Unpermitted parameter: :authentication
+  CACHE User Load (0.0ms)  SELECT `users`.* FROM `users` WHERE `users`.`email` = 'conor@manusit.com' LIMIT 1  [["email", "conor@manusit.com"], ["LIMIT", 1]]
+  ↳ app/controllers/authentication_controller.rb:7:in `authenticate'
+Completed 200 OK in 573ms (Views: 0.5ms | ActiveRecord: 7.4ms | Allocations: 2073)
+
+
+Started POST "/login" for 127.0.0.1 at 2020-01-12 18:55:42 +0100
+Processing by AuthenticationController#authenticate as HTML
+  Parameters: {"email"=>"conor@manusit.com", "password"=>"[FILTERED]", "authentication"=>{"email"=>"conor@manusit.com", "password"=>"[FILTERED]"}}
+Unpermitted parameter: :authentication
+Unpermitted parameter: :authentication
+  User Load (1.3ms)  SELECT `users`.* FROM `users` WHERE `users`.`email` = 'conor@manusit.com' LIMIT 1
+  ↳ app/auth/authenticate_user.rb:17:in `user'
+  CACHE User Load (0.0ms)  SELECT `users`.* FROM `users` WHERE `users`.`email` = 'conor@manusit.com' LIMIT 1  [["email", "conor@manusit.com"], ["LIMIT", 1]]
+  ↳ app/auth/authenticate_user.rb:17:in `user'
+Unpermitted parameter: :authentication
+  CACHE User Load (0.0ms)  SELECT `users`.* FROM `users` WHERE `users`.`email` = 'conor@manusit.com' LIMIT 1  [["email", "conor@manusit.com"], ["LIMIT", 1]]
+  ↳ app/controllers/authentication_controller.rb:7:in `authenticate'
+Completed 200 OK in 562ms (Views: 0.5ms | ActiveRecord: 1.3ms | Allocations: 2055)
+
+
+Started POST "/login" for 127.0.0.1 at 2020-01-12 18:58:32 +0100
+Processing by AuthenticationController#authenticate as HTML
+  Parameters: {"email"=>"sdf", "password"=>"[FILTERED]", "authentication"=>{"email"=>"sdf", "password"=>"[FILTERED]"}}
+Unpermitted parameter: :authentication
+Unpermitted parameter: :authentication
+  User Load (23.8ms)  SELECT `users`.* FROM `users` WHERE `users`.`email` = 'sdf' LIMIT 1
+  ↳ app/auth/authenticate_user.rb:17:in `user'
+Completed 401 Unauthorized in 32ms (Views: 1.4ms | ActiveRecord: 23.8ms | Allocations: 804)
+
+
+Started POST "/login" for 127.0.0.1 at 2020-01-12 18:58:57 +0100
+Processing by AuthenticationController#authenticate as HTML
+  Parameters: {"email"=>"conor@manusit.com", "password"=>"[FILTERED]", "authentication"=>{"email"=>"conor@manusit.com", "password"=>"[FILTERED]"}}
+Unpermitted parameter: :authentication
+Unpermitted parameter: :authentication
+  User Load (0.5ms)  SELECT `users`.* FROM `users` WHERE `users`.`email` = 'conor@manusit.com' LIMIT 1
+  ↳ app/auth/authenticate_user.rb:17:in `user'
+  CACHE User Load (0.0ms)  SELECT `users`.* FROM `users` WHERE `users`.`email` = 'conor@manusit.com' LIMIT 1  [["email", "conor@manusit.com"], ["LIMIT", 1]]
+  ↳ app/auth/authenticate_user.rb:17:in `user'
+Unpermitted parameter: :authentication
+  CACHE User Load (0.0ms)  SELECT `users`.* FROM `users` WHERE `users`.`email` = 'conor@manusit.com' LIMIT 1  [["email", "conor@manusit.com"], ["LIMIT", 1]]
+  ↳ app/controllers/authentication_controller.rb:7:in `authenticate'
+Completed 200 OK in 566ms (Views: 0.7ms | ActiveRecord: 0.5ms | Allocations: 2071)
+
+
+Started POST "/login" for 127.0.0.1 at 2020-01-12 18:59:08 +0100
+Processing by AuthenticationController#authenticate as HTML
+  Parameters: {"email"=>"conor@manusit.com", "password"=>"[FILTERED]", "authentication"=>{"email"=>"conor@manusit.com", "password"=>"[FILTERED]"}}
+Unpermitted parameter: :authentication
+Unpermitted parameter: :authentication
+  User Load (1.3ms)  SELECT `users`.* FROM `users` WHERE `users`.`email` = 'conor@manusit.com' LIMIT 1
+  ↳ app/auth/authenticate_user.rb:17:in `user'
+  CACHE User Load (0.1ms)  SELECT `users`.* FROM `users` WHERE `users`.`email` = 'conor@manusit.com' LIMIT 1  [["email", "conor@manusit.com"], ["LIMIT", 1]]
+  ↳ app/auth/authenticate_user.rb:17:in `user'
+Unpermitted parameter: :authentication
+  CACHE User Load (0.0ms)  SELECT `users`.* FROM `users` WHERE `users`.`email` = 'conor@manusit.com' LIMIT 1  [["email", "conor@manusit.com"], ["LIMIT", 1]]
+  ↳ app/controllers/authentication_controller.rb:7:in `authenticate'
+Completed 200 OK in 582ms (Views: 0.4ms | ActiveRecord: 1.5ms | Allocations: 2056)
+
+