added user authentication

Author: joesantosgarcia

app/Controllers/Http/AuthController.js

@@ -0,0 +1,115 @@
+'use strict';
+const { validate } = use('Validator');
+const Hash = use('Hash');
+const User = use('App/Models/User');
+const Database = use('Database');
+const sanitize = use('sqlstring');
+
+class AuthController {
+	async register({ response, request, view }) {
+		return view.render('account/register');
+	}
+	async storeUser({ response, request, view, session }) {
+		// validation of input fields
+		const validation = await validate(request.all(), {
+			email: 'required|email|unique:users,email',
+			password: 'required|min:6|max:40',
+			confirm_password: 'required'
+		});
+		// check if passwords are the same
+		if (request.input('password') == request.input('confirm_password')) {
+			// check if validation of others fail if not save user
+			if (validation.fails()) {
+				session
+					.withErrors(validation.messages())
+					.flashExcept(['password', 'confirm_password']);
+
+				return response.redirect('back');
+			} else {
+				// try to save user to database
+				try {
+					let newUser = await User.create({
+						email: request.input('email'),
+						password: request.input('password')
+					});
+				} catch (error) {
+					return error;
+				}
+				session.flash({ success: 'Welcome to Fresh Gear' });
+				return response.redirect('/');
+			}
+		} else {
+			session
+				.withErrors([
+					{
+						field: 'password',
+						message: 'need to confirm password'
+					},
+					{
+						field: 'confirm_password',
+						message: 'need to confirm password'
+					}
+				])
+				.flashExcept(['password', 'confirm_password']);
+
+			return response.redirect('back');
+		}
+	}
+	async login({ response, request, view }) {
+		return view.render('account/login');
+	}
+	async handleLogin({ response, request, view, auth, session }) {
+		// capture the data from form
+		const postData = request.post();
+		let user = await Database.raw(`
+      SELECT * FROM freshgear.users WHERE users.email = ${sanitize.escape(
+				postData.email
+			)} LIMIT 1;
+    `);
+		user = user[0][0];
+
+		if (user) {
+			//verify the password
+			const passwordVerified = await Hash.verify(
+				postData.password,
+				user.password
+			);
+
+			if (passwordVerified) {
+				//login the user
+
+				await auth.loginViaId(user.id);
+				session.flash({ success: 'You are logged in' });
+				return response.redirect('/');
+			} else {
+				session
+					.withErrors([{ field: 'password', message: 'Incorrect password' }])
+					.flashExcept(['password']);
+				return response.redirect('back');
+			}
+		} else {
+			session
+				.withErrors([
+					{ field: 'email', message: `Can't find user with that email` }
+				])
+				.flashExcept(['password']);
+			return response.redirect('back');
+		}
+		console.log(user);
+		return user;
+		// return postData;
+	}
+	async logout({ response, request, view, auth, session }) {
+		try {
+			await auth.logout();
+			session.flash({ success: 'You are logged out' });
+			return response.redirect('/');
+		} catch (error) {
+			console.log(error);
+			session.flash({ error: 'Problems logging you out' });
+			return response.redirect('/');
+		}
+	}
+}
+
+module.exports = AuthController;

app/Controllers/Http/PageController.js

@@ -1,7 +1,7 @@
 'use strict';
 
 class PageController {
-	home({ view }) {
+	home({ view, auth }) {
 		return view.render('pages/home');
 	}
 	about({ view }) {

app/Controllers/Http/UserController.js

@@ -1,12 +1,6 @@
 'use strict';
 
 class UserController {
-	register({ view }) {
-		return view.render('account/register');
-	}
-	login({ view }) {
-		return view.render('account/login');
-	}
 	index({ view }) {
 		return view.render('account/index');
 	}

database/migrations/1503248427885_user.js

@@ -8,11 +8,11 @@ class UserSchema extends Schema {
 		this.raw(
 			`CREATE TABLE users(
         id INT UNSIGNED AUTO_INCREMENT PRIMARY KEY,
-        username VARCHAR(80) NOT NULL UNIQUE,
+        username VARCHAR(80)  UNIQUE,
         email VARCHAR(254) NOT NULL UNIQUE,
         password VARCHAR(60) NOT NULL,
-        f_name VARCHAR(60) NOT NULL,
-        l_name VARCHAR(60) NOT NULL,
+        f_name VARCHAR(60) ,
+        l_name VARCHAR(60) ,
         created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
         updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP
       )

package.json

@@ -31,11 +31,13 @@
     "@adonisjs/lucid": "^6.1.3",
     "@adonisjs/session": "^1.0.27",
     "@adonisjs/shield": "^1.0.8",
+    "@adonisjs/validator": "^5.0.6",
     "@babel/plugin-proposal-decorators": "^7.1.6",
     "@babel/plugin-syntax-dynamic-import": "^7.0.0",
     "@babel/plugin-transform-async-to-generator": "^7.1.0",
     "mysql": "^2.16.0",
     "redux": "^4.0.1",
+    "sqlstring": "^2.3.1",
     "uglify-es": "^3.3.9",
     "uglifyjs-webpack-plugin": "^1.3.0",
     "webpack-dev-server": "^3.1.14"

public/css/styles.css

@@ -222,6 +222,14 @@ header{
   padding: 80px 20px;
 }
 form{
+  .error-message{
+    position: relative;
+    top: -9px;
+    color: red;
+  }
+  input.error{
+    border: 1px solid red !important;
+  }
   input[type="password"], input[type="email"], input[type="text"]{
         width: 100%;
         margin: 0 0 1rem;
@@ -239,3 +247,34 @@ form{
         cursor: pointer;
       }
 }
+
+#alert-box{
+  display: none;
+  position: fixed;
+  top: 0;
+  left: 0;
+  z-index: 20;
+  padding: 20px;
+  width: 100%;
+  cursor: pointer;
+  &.active{
+    display: block;
+  }
+  .title{
+    font-weight: 700;
+    font-size: 1.5rem;
+    margin-bottom: 2rem;
+  }
+  &.notification{
+    background: yellow;
+    color: black;
+  }
+  &.success{
+    background: green;
+    color: white;
+  }
+  &.error{
+    background: red;
+    color: white;
+  }
+}

resources/assets/scss/styles.scss

@@ -10,9 +10,24 @@ Freshgear | Login
     <div class="box-container">
       <h2>Log In</h2>
       <div class="login-grid login">
-        <form action="" method="POST">
-          <input type="email" name="email" placeholder="Email"/>
-          <input type="password" name="password" placeholder="Password"/>
+        <form action="/login" method="POST">
+          {{ csrfField() }}
+          <input type="email" name="email" placeholder="Email" value="{{old('email', '')}}" class="
+          @if(hasErrorFor('email'))
+            error
+          @endif
+          "/>
+          @if(hasErrorFor('email'))
+            <div class="error-message">{{ getErrorFor('email')}}</div>
+          @endif
+          <input type="password" name="password" placeholder="Password" value="{{old('password', '')}}" class="
+          @if(hasErrorFor('password'))
+            error
+          @endif
+          "/>
+          @if(hasErrorFor('password'))
+            <div class="error-message">{{ getErrorFor('password')}}</div>
+          @endif
           <a href="/account/forgot-password">Forgot Password</a>
 
           <button type="submit">Log In</button>

resources/views/account/login.edge

@@ -10,9 +10,32 @@ Freshgear | Login
     <div class="box-container">
       <h2>Register</h2>
       <div class="login-grid register">
-        <form action="" method="POST">
-          <input type="email" name="email" placeholder="Email"/>
-          <input type="password" name="password" placeholder="Password"/>
+        <form action="/register" method="POST">
+          {{ csrfField() }}
+          <input type="email" name="email" placeholder="Email" value="{{old('email', '')}}" class="
+          @if(hasErrorFor('email'))
+            error
+          @endif
+          " />
+          @if(hasErrorFor('email'))
+            <div class="error-message">{{ getErrorFor('email')}}</div>
+          @endif
+          <input type="password" name="password" placeholder="Password" value="{{old('password', '')}}" class="
+          @if(hasErrorFor('password'))
+            error
+          @endif
+          "/>
+          @if(hasErrorFor('password'))
+            <div class="error-message">{{ getErrorFor('password')}}</div>
+          @endif
+          <input type="password" name="confirm_password" placeholder="Confirm Password" value="{{old('confirm_password', '')}}" class="
+          @if(hasErrorFor('confirm_password'))
+            error
+          @endif
+          "/>
+          @if(hasErrorFor('confirm_password'))
+            <div class="error-message">{{ getErrorFor('confirm_password')}}</div>
+          @endif
 
 
           <button type="submit">Register</button>

resources/views/account/register.edge

@@ -9,6 +9,7 @@
   <link rel="stylesheet" href="/css/styles.css">
 </head>
 <body>
+  @include('partials/alert-box')
   <header>
     <div class="logo">
       <a href="/">freshgear</a>
@@ -33,5 +34,11 @@
   @!section('javascript')
 
   <script src="/js/dist/CartComponents.js"></script>
+  <script> 
+      var alertBox = document.getElementById("alert-box")
+      alertBox.addEventListener("click", () => {
+        document.getElementById("alert-box").classList.remove("active")
+      });
+  </script>
 </body>
 </html>

resources/views/layouts/main.edge

@@ -0,0 +1,34 @@
+<div id="alert-box" class=" 
+    @if(flashMessage('notification'))
+      active notification
+    @endif
+    @if(flashMessage('error'))
+      active error
+    @endif
+    @if(flashMessage('success'))
+      active success
+    @endif
+  ">
+    <div class="title">
+      @if(flashMessage('notification'))
+      Notification
+      @endif
+      @if(flashMessage('error'))
+        Error
+      @endif
+      @if(flashMessage('success'))
+        Success
+      @endif
+    </div>
+    <p>
+      @if(flashMessage('notification'))
+        {{flashMessage('notification')}}
+      @endif
+      @if(flashMessage('error'))
+        {{flashMessage('error')}}
+      @endif
+      @if(flashMessage('success'))
+        {{flashMessage('success')}}
+      @endif
+    </p>
+  </div>

resources/views/partials/alert-box.edge

@@ -1,4 +1,4 @@
-'use strict'
+'use strict';
 
 /*
 |--------------------------------------------------------------------------
@@ -11,15 +11,16 @@
 |
 */
 const providers = [
-  '@adonisjs/framework/providers/AppProvider',
-  '@adonisjs/framework/providers/ViewProvider',
-  '@adonisjs/lucid/providers/LucidProvider',
-  '@adonisjs/bodyparser/providers/BodyParserProvider',
-  '@adonisjs/cors/providers/CorsProvider',
-  '@adonisjs/shield/providers/ShieldProvider',
-  '@adonisjs/session/providers/SessionProvider',
-  '@adonisjs/auth/providers/AuthProvider'
-]
+	'@adonisjs/framework/providers/AppProvider',
+	'@adonisjs/framework/providers/ViewProvider',
+	'@adonisjs/lucid/providers/LucidProvider',
+	'@adonisjs/bodyparser/providers/BodyParserProvider',
+	'@adonisjs/cors/providers/CorsProvider',
+	'@adonisjs/shield/providers/ShieldProvider',
+	'@adonisjs/session/providers/SessionProvider',
+	'@adonisjs/auth/providers/AuthProvider',
+	'@adonisjs/validator/providers/ValidatorProvider'
+];
 
 /*
 |--------------------------------------------------------------------------
@@ -30,9 +31,7 @@ const providers = [
 | Providers for migrations, tests etc.
 |
 */
-const aceProviders = [
-  '@adonisjs/lucid/providers/MigrationsProvider'
-]
+const aceProviders = ['@adonisjs/lucid/providers/MigrationsProvider'];
 
 /*
 |--------------------------------------------------------------------------
@@ -46,7 +45,7 @@ const aceProviders = [
 |   { Route: 'Adonis/Src/Route' }
 |
 */
-const aliases = {}
+const aliases = {};
 
 /*
 |--------------------------------------------------------------------------
@@ -56,6 +55,6 @@ const aliases = {}
 | Here you store ace commands for your package
 |
 */
-const commands = []
+const commands = [];
 
-module.exports = { providers, aceProviders, aliases, commands }
+module.exports = { providers, aceProviders, aliases, commands };